New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't use special characters in ansible passwords #18092

Merged
merged 1 commit into from Oct 12, 2018

Conversation

Projects
None yet
4 participants
@carbonin
Member

carbonin commented Oct 12, 2018

The rabbitmq password has always needed to be URL-safe, but recently
the tower team added a preflight-check in their setup playbook which
just bans all special characters.

This was causing setup failures even though our passwords were URL
safe.

Now, we just generate hex passwords.

https://bugzilla.redhat.com/show_bug.cgi?id=1638009

Also of note, this change will cause upgrades to fail so this will also either require a data migration, or we can check and change the password in the code here if we are being strict about no more migrations in the hammer branch. @Fryguy @bdunne thoughts here?

Don't use special characters in ansible passwords
The rabbitmq password has always needed to be URL-safe, but recently
the tower team added a preflight-check in their setup playbook which
just bans all special characters.

This was causing setup failures even though our passwords were URL
safe.

Now, we just generate hex passwords.

https://bugzilla.redhat.com/show_bug.cgi?id=1638009
@bdunne

This comment has been minimized.

Member

bdunne commented Oct 12, 2018

if we are being strict about no more migrations in the hammer branch

I thought we were, but then a schema change was backported, so I guess we can backport whatever is needed ¯\_(ツ)_/¯

Is a data migration good enough, or do we need to tell more things that the rabbit password has changed?

@bdunne

bdunne approved these changes Oct 12, 2018

@carbonin

This comment has been minimized.

Member

carbonin commented Oct 12, 2018

Is a data migration good enough, or do we need to tell more things that the rabbit password has changed?

I think the data migration should do the job. When we upgrade the tower version we re-run the setup playbook. The ansible engineers said that running the playbook with the new password should reset it for everyone that needs it.

@bdunne bdunne merged commit 0a6e60e into ManageIQ:master Oct 12, 2018

2 checks passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
coverage/coveralls Coverage decreased (-4.7%) to 68.263%
Details

@bdunne bdunne assigned bdunne and unassigned gtanzillo Oct 12, 2018

@bdunne bdunne added this to the Sprint 97 Ending Oct 22, 2018 milestone Oct 12, 2018

simaishi added a commit that referenced this pull request Oct 12, 2018

Merge pull request #18092 from carbonin/hex_ansible_passwords
Don't use special characters in ansible passwords

(cherry picked from commit 0a6e60e)

https://bugzilla.redhat.com/show_bug.cgi?id=1638009
@simaishi

This comment has been minimized.

Contributor

simaishi commented Oct 12, 2018

Hammer backport details:

$ git log -1
commit a00ae17af2cd95f7f833763affcbff7880283fd8
Author: Brandon Dunne <brandondunne@hotmail.com>
Date:   Fri Oct 12 11:12:12 2018 -0400

    Merge pull request #18092 from carbonin/hex_ansible_passwords
    
    Don't use special characters in ansible passwords
    
    (cherry picked from commit 0a6e60e8f8c45a5718563ddb9d9e42a284c5d22c)
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1638009

carbonin added a commit to carbonin/manageiq-schema that referenced this pull request Oct 12, 2018

Generate a new ansible rabbitmq password
If the current rabbitmq password contains special characters it
will fail a new preflight check in the setup playbook.

This is fixed for new installations by
ManageIQ/manageiq#18092 but because we
re-run the setup playbook when we upgrade the tower version, we
also need to correct existing ones.

https://bugzilla.redhat.com/show_bug.cgi?id=1638009

carbonin added a commit to carbonin/manageiq-schema that referenced this pull request Oct 12, 2018

Generate a new ansible rabbitmq password
If the current rabbitmq password contains special characters it
will fail a new preflight check in the setup playbook.

This is fixed for new installations by
ManageIQ/manageiq#18092 but because we
re-run the setup playbook when we upgrade the tower version, we
also need to correct existing ones.

https://bugzilla.redhat.com/show_bug.cgi?id=1638009

carbonin added a commit to carbonin/manageiq-schema that referenced this pull request Oct 12, 2018

Generate a new ansible rabbitmq password
If the current rabbitmq password contains special characters it
will fail a new preflight check in the setup playbook.

This is fixed for new installations by
ManageIQ/manageiq#18092 but because we
re-run the setup playbook when we upgrade the tower version, we
also need to correct existing ones.

https://bugzilla.redhat.com/show_bug.cgi?id=1638009

carbonin added a commit to carbonin/manageiq-schema that referenced this pull request Oct 12, 2018

Generate a new ansible rabbitmq password
If the current rabbitmq password contains special characters it
will fail a new preflight check in the setup playbook.

This is fixed for new installations by
ManageIQ/manageiq#18092 but because we
re-run the setup playbook when we upgrade the tower version, we
also need to correct existing ones.

https://bugzilla.redhat.com/show_bug.cgi?id=1638009

@carbonin carbonin deleted the carbonin:hex_ansible_passwords branch Oct 12, 2018

carbonin added a commit to carbonin/manageiq-schema that referenced this pull request Oct 12, 2018

Generate a new ansible rabbitmq password
If the current rabbitmq password contains special characters it
will fail a new preflight check in the setup playbook.

This is fixed for new installations by
ManageIQ/manageiq#18092 but because we
re-run the setup playbook when we upgrade the tower version, we
also need to correct existing ones.

https://bugzilla.redhat.com/show_bug.cgi?id=1638009

carbonin added a commit to carbonin/manageiq-schema that referenced this pull request Oct 12, 2018

Generate a new ansible rabbitmq password
If the current rabbitmq password contains special characters it
will fail a new preflight check in the setup playbook.

This is fixed for new installations by
ManageIQ/manageiq#18092 but because we
re-run the setup playbook when we upgrade the tower version, we
also need to correct existing ones.

https://bugzilla.redhat.com/show_bug.cgi?id=1638009

djberg96 added a commit to djberg96/manageiq-schema that referenced this pull request Oct 25, 2018

Generate a new ansible rabbitmq password
If the current rabbitmq password contains special characters it
will fail a new preflight check in the setup playbook.

This is fixed for new installations by
ManageIQ/manageiq#18092 but because we
re-run the setup playbook when we upgrade the tower version, we
also need to correct existing ones.

https://bugzilla.redhat.com/show_bug.cgi?id=1638009
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment