Uploaded image for project: 'Data Foundation Bugs'
  1. Data Foundation Bugs
  2. DFBUGS-116

[2265465] 2 FIPS CLUSTERS - REGIONAL DR Granular PersistentVolume at-rest encryption Supportability

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Critical Critical
    • None
    • odf-4.14
    • Documentation
    • False
    • Hide

      None

      Show
      None
    • False
    • ?
    • ?
    • If docs needed, set a value
    • RamenDR sprint 2024 #5
    • None

      Description of problem (please be detailed as possible and provide log
      snippests):

      Hub and secondary cluster are both on ODF 4.14

      FIPS is enabled on both clusters

      Regional DR was implemented and is working, tested failback and failover are both working fine. https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html-single/configuring_openshift_data_foundation_disaster_recovery_for_openshift_workloads/index#regional-dr-deployment-workflow_rdr

      Storageclasses are encrypted using Granular PersistentVolume at-rest encryption without clusterwide encryption. https://red-hat-storage.github.io/ocs-training/training/ocs4/ocs4-encryption.html#_granular_persistentvolume_at_rest_encryption_without_cluster_wide_encryption_kubernetes_auth_method_serviceaccounts

      Could you please advise on the following scenario?

      FIPS is enabled on both clusters and there is a requirement for the encrypted PVs to be replicated without being decrypted. Could the ACM be configured to replicate without having to decrypt the PVs?
      Would OADP be better suited for this?

      Version of all relevant components (if applicable):

      2 Clusters ODF 4.14
      FIPS Enabled on both

      Does this issue impact your ability to continue to work with the product
      (please explain in detail what is the user impact)?
      This is currently a PoC and will be deployed for a customer this year.

      Is there any workaround available to the best of your knowledge?
      N/A

      Rate from 1 - 5 the complexity of the scenario you performed that caused this
      bug (1 - very simple, 5 - very complex)?N/A

      Can this issue reproducible? Yes Cu PoC

      Can this issue reproduce from the UI? N/A

      If this is a regression, please provide more details to justify this:

      Steps to Reproduce:
      1. Enable FIPS on both clusters
      2.https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html-single/configuring_openshift_data_foundation_disaster_recovery_for_openshift_workloads/index#regional-dr-deployment-workflow_rdr
      3.

      Actual results: PVs are mirrored but they are decrypted and re-encrypted again

      Expected results:

      Additional info:

              asriram@redhat.com Anjana Sriram
              rhn-support-allee Alexander Lee
              Neha Berry Neha Berry
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated: