Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade from 0.25.0 failed due to special characters in PGPASSWORD #1166

Closed
3 tasks done
kurokobo opened this issue Dec 22, 2022 · 0 comments · Fixed by #1167
Closed
3 tasks done

Upgrade from 0.25.0 failed due to special characters in PGPASSWORD #1166

kurokobo opened this issue Dec 22, 2022 · 0 comments · Fixed by #1167
Labels
community needs_triage

Comments

@kurokobo
Copy link
Contributor

Please confirm the following

  • I agree to follow this project's code of conduct.
  • I have checked the current issues for duplicates.
  • I understand that the AWX Operator is open source software provided for free and that I might not receive a timely response.

Bug Summary

Upgrade AWX Operator from 0.25.0 to later version failed due to special characters in the password for PostgreSQL.

In the current implementation, PGPASSWORD has been passed without quotes during upgrading PostgreSQL 12 to 13.

- name: Stream backup from pg_dump to the new postgresql container
  k8s_exec:
    namespace: "{{ ansible_operator_meta.namespace }}"
    pod: "{{ postgres_pod_name }}"
    command: |
      bash -c """
      set -e -o pipefail
      PGPASSWORD={{ awx_postgres_pass }} {{ pgdump }} | PGPASSWORD={{ awx_postgres_pass }} {{ pg_restore }}    👈👈👈
      echo 'Successful'
      """

If awx_postgres_pass contains any special characters such as $, #, etc. that has special meaning for shell, the command will be broken.

AWX Operator version

1.1.3

AWX version

21.10.2

Kubernetes platform

kubernetes

Kubernetes/Platform version

k3s version v1.25.4+k3s1

Modifications

no

Steps to reproduce

  1. Deploy old AWX

    # Deploy Operator 0.25.0
$ git clone https://github.com/ansible/awx-operator.git -b 0.25.0
$ cd awx-operator
$ NAMESPACE=awx make deploy

# Create manifest file includes secret with special characters and AWX
$ cat awx.yml
---
apiVersion: v1
kind: Secret
metadata:
  name: awx-postgres-configuration
  namespace: awx
stringData:
  host: awx-postgres
  port: "5432"
  database: awx
  username: awx
  password: pa$$word
  type: managed
type: Opaque
---
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
  name: awx
  namespace: awx
spec:
  ingress_type: ingress
  hostname: awx.example.com
  postgres_configuration_secret: awx-postgres-configuration
  no_log: "false"

# Create secret and AWX
$ kubectl apply -f awx.yml 
secret/awx-postgres-configuration created
awx.awx.ansible.com/awx created

# Ensure deployment has been completed
$ kubectl -n awx logs deployments/awx-operator-controller-manager -c awx-manager --tail=10
...
PLAY RECAP *********************************************************************
localhost                  : ok=66   changed=0    unreachable=0    failed=0    skipped=45   rescued=0    ignored=0   

# Ensure AWX is working
$ curl -s http://awx.example.com/api/v2/ping/ | jq '.version'
"21.3.0"

# Ensure password has been configured as expected
$ kubectl -n awx exec -it deployment/awx -c awx-web -- cat /etc/tower/conf.d/credentials.py | grep PASSWORD
        'PASSWORD': "pa$$word",
$ kubectl -n awx exec -it statefulset/awx-postgres -c postgres -- env | grep PASSWORD
POSTGRES_PASSWORD=pa$$word
POSTGRESQL_PASSWORD=pa$$word

  2. Upgrade AWX

    # Deploy Operator 1.1.3
$ git clone https://github.com/ansible/awx-operator.git -b 1.1.3
$ cd awx-operator
$ NAMESPACE=awx make deploy

# Patch AWX (Change string to bool for spec.no_log)
$ kubectl -n awx patch awx awx --type merge -p '{"spec":{"no_log":false}}'
awx.awx.ansible.com/awx patched

# Follow logs
$ kubectl -n awx logs -f deployments/awx-operator-controller-manager

Expected results

New AWX Operator upgrades AWX with success.

Actual results

Got password authentication failed and upgrade never be completed.

TASK [Stream backup from pg_dump to the new postgresql container] ******************************** 
fatal: [localhost]: FAILED! => {"changed": true, "failed_when_result": true, "rc": 1, "return_code": 1, "stderr": "pg_dump: error: connection to database \"awx\" failed: connection to server at \"awx-postgres.awx.svc\" (10.42.0.23), port 5432 failed: FATAL:  password authentication failed for user \"awx\"\npg_restore: error: input file is too short (read 0, expected 5)\n", "stderr_lines": ["pg_dump: error: connection to database \"awx\" failed: connection to server at \"awx-postgres.awx.svc\" (10.42.0.23), port 5432 failed: FATAL:  password authentication failed for user \"awx\"", "pg_restore: error: input file is too short (read 0, expected 5)"], "stdout": "", "stdout_lines": []}

Additional information

No response

Operator Logs

No response
kurokobo added a commit to kurokobo/awx-operator that referenced this issue Dec 22, 2022
@kurokobo
fix: add quotes for PGPASSWORD in upgrade_postgres.yml (fixes ansible…
5f78be4 
…#1166)
@kurokobo kurokobo mentioned this issue Dec 22, 2022
Merged
@rooftopcellist rooftopcellist mentioned this issue Jan 11, 2023
Merged
kurokobo added a commit to kurokobo/awx-operator that referenced this issue Jan 12, 2023
@kurokobo
fix: add quotes for PGPASSWORD in upgrade_postgres.yml (fixes ansible…
5e6613b 
…#1166)
rooftopcellist pushed a commit that referenced this issue Jan 18, 2023
@kurokobo
fix: add quotes for PGPASSWORD in upgrade_postgres.yml (fixes #1166) (#…
b1a547d 
…1167)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
community needs_triage
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: add quotes for PGPASSWORD in upgrade_postgres.yml (fixes #1166) kurokobo/awx-operator
1 participant
@kurokobo