Don't use special characters in ansible passwords #18092
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The rabbitmq password has always needed to be URL-safe, but recently the tower team added a preflight-check in their setup playbook which just bans all special characters. This was causing setup failures even though our passwords were URL safe. Now, we just generate hex passwords. https://bugzilla.redhat.com/show_bug.cgi?id=1638009
I thought we were, but then a schema change was backported, so I guess we can backport whatever is needed ¯\_(ツ)_/¯ Is a data migration good enough, or do we need to tell more things that the rabbit password has changed? |
bdunne
approved these changes
Oct 12, 2018
I think the data migration should do the job. When we upgrade the tower version we re-run the setup playbook. The ansible engineers said that running the playbook with the new password should reset it for everyone that needs it. |
simaishi
pushed a commit
that referenced
this pull request
Oct 12, 2018
Don't use special characters in ansible passwords (cherry picked from commit 0a6e60e) https://bugzilla.redhat.com/show_bug.cgi?id=1638009
|
Hammer backport details: |
carbonin
added a commit
to carbonin/manageiq-schema
that referenced
this pull request
Oct 12, 2018
If the current rabbitmq password contains special characters it will fail a new preflight check in the setup playbook. This is fixed for new installations by ManageIQ/manageiq#18092 but because we re-run the setup playbook when we upgrade the tower version, we also need to correct existing ones. https://bugzilla.redhat.com/show_bug.cgi?id=1638009
carbonin
added a commit
to carbonin/manageiq-schema
that referenced
this pull request
Oct 12, 2018
If the current rabbitmq password contains special characters it will fail a new preflight check in the setup playbook. This is fixed for new installations by ManageIQ/manageiq#18092 but because we re-run the setup playbook when we upgrade the tower version, we also need to correct existing ones. https://bugzilla.redhat.com/show_bug.cgi?id=1638009
carbonin
added a commit
to carbonin/manageiq-schema
that referenced
this pull request
Oct 12, 2018
If the current rabbitmq password contains special characters it will fail a new preflight check in the setup playbook. This is fixed for new installations by ManageIQ/manageiq#18092 but because we re-run the setup playbook when we upgrade the tower version, we also need to correct existing ones. https://bugzilla.redhat.com/show_bug.cgi?id=1638009
carbonin
added a commit
to carbonin/manageiq-schema
that referenced
this pull request
Oct 12, 2018
If the current rabbitmq password contains special characters it will fail a new preflight check in the setup playbook. This is fixed for new installations by ManageIQ/manageiq#18092 but because we re-run the setup playbook when we upgrade the tower version, we also need to correct existing ones. https://bugzilla.redhat.com/show_bug.cgi?id=1638009
carbonin
added a commit
to carbonin/manageiq-schema
that referenced
this pull request
Oct 12, 2018
If the current rabbitmq password contains special characters it will fail a new preflight check in the setup playbook. This is fixed for new installations by ManageIQ/manageiq#18092 but because we re-run the setup playbook when we upgrade the tower version, we also need to correct existing ones. https://bugzilla.redhat.com/show_bug.cgi?id=1638009
carbonin
added a commit
to carbonin/manageiq-schema
that referenced
this pull request
Oct 12, 2018
If the current rabbitmq password contains special characters it will fail a new preflight check in the setup playbook. This is fixed for new installations by ManageIQ/manageiq#18092 but because we re-run the setup playbook when we upgrade the tower version, we also need to correct existing ones. https://bugzilla.redhat.com/show_bug.cgi?id=1638009
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The rabbitmq password has always needed to be URL-safe, but recently
the tower team added a preflight-check in their setup playbook which
just bans all special characters.
This was causing setup failures even though our passwords were URL
safe.
Now, we just generate hex passwords.
https://bugzilla.redhat.com/show_bug.cgi?id=1638009
Also of note, this change will cause upgrades to fail so this will also either require a data migration, or we can check and change the password in the code here if we are being strict about no more migrations in the hammer branch. @Fryguy @bdunne thoughts here?