Openstack Provider password with hashtag not parsed properly

[brudnyhenry]

RKE version:
0.1.1
Docker version: (docker version,docker info preferred)
17.0.3
Operating system and kernel: (cat /etc/os-release, uname -r preferred)
Ubuntu 16.0.4
Type/provider of hosts: (VirtualBox/Bare-metal/AWS/GCE/DO)
Openstack
cluster.yml file:
ssh_key_path: "/deploy/conf/kubernetes-kp.pem"

cloud_provider:
    name: openstack
    openstackCloudProvider:
      global:
        username: "user"
        password: "hsz#gl7@ApP5"
......

After rke up command, generated /etc/kubernetes/cloud-config includes extra ` signs

 cat /etc/kubernetes/cloud-config 
[Global]
username  = user
password  = `hsz#gl7@ApP5`
.....

Those additional ` chars are breaking the deployment - Kubernetes fails to authenticate in Openstack.

failed to run Kubelet: could not init cloud provider \\\"openstack\\\": Authentication failed\""],

When there are no hashtags in password then everything deploys fine.

Steps to Reproduce:

Try to provision Kubernetes cluster while adding openstack provider credentials containing # in password

Results:

rke up fails with error ailed to run Kubelet: could not init cloud provider \\\"openstack\\\": Authentication failed\""

[leafty]

We just had this yesterday.

The proper set of quote to use is " (maybe ' works too but haven't tried that). Manually editing the cloud-config file allows kubelet to start.

[deniseschannon]

@brudnyhenry @leafty per the docs, we aren't expecting quotes or ```.

https://rancher.com/docs/rke/latest/en/config-options/cloud-providers/openstack/

if that doesn't work, please open a new issue.

[vincent99]

It's a YAML file that goes through a regular YAML parser, password: foo and password: "foo" are going to be equivalent

[brudnyhenry]

Hi,
The point is that if password contains # then rke up will wrap it with single quotation mark which are not allowed in cloud-config, thus it produces error
failed to run Kubelet: could not init cloud provider \\\"openstack\\\": Authentication failed\""],

[brudnyhenry]

Hi,
I tracked down that this is behavior of github.com/go-ini/ini

package main

import (
	"bytes"
	"fmt"
	"log"

	"github.com/go-ini/ini"
)

type Password struct {
	Pass string `ini:"password,omitempty" norman:"type=password"`
}

func main() {
	a := &Password{"hsz#gl7@ApP5"}
	cfg := ini.Empty()
	_ = ini.ReflectFrom(cfg, a)
	buf := new(bytes.Buffer)
	if _, err := cfg.WriteTo(buf); err != nil {
		log.Println(err)
	}
	fmt.Println(buf.String())
}

Will produce below output:

password = `hsz#gl7@ApP5`

And without hashtag:

package main

import (
	"bytes"
	"fmt"
	"log"

	"github.com/go-ini/ini"
)

type Password struct {
	Pass string `ini:"password,omitempty" norman:"type=password"`
}

func main() {
	a := &Password{"hszgl7@ApP5"}
	cfg := ini.Empty()
	_ = ini.ReflectFrom(cfg, a)
	buf := new(bytes.Buffer)
	if _, err := cfg.WriteTo(buf); err != nil {
		log.Println(err)
	}
	fmt.Println(buf.String())
}

Output is correct:

password = hszgl7@ApP5

[deniseschannon]

Available with RKE v0.2.7. It was missed moving to test in previous releases.

[deniseschannon]

We should test with RKE v0.2.7 and v0.3.0-rc6.

[bmdepesa]

Tested with rke 0.2.7 and rke 0.3.0-rc6

cluster.yml includes:

cloud_provider:
    name: openstack
    openstackCloudProvider:
      global:
        username: "user"
        password: "hsz#gl7@ApP5"

rke 0.2.7

0.2.7 does not have the quotes removed from the cloud config password

> sudo cat /etc/kubernetes/cloud-config
[Global]
username = user
password = `hsz#gl7@ApP5`

rke 0.3.0-rc6

0.3.0-rc6 does have the quotes removed from the cloud config password

> sudo cat /etc/kubernetes/cloud-config
[Global]
username = user
password = hsz#gl7@ApP5