-
Bug
-
Resolution: Duplicate
-
Critical
-
None
-
None
-
3
-
False
-
None
-
False
-
-
Steps:
- Create a rosa cluster with fips enabled
time="2024-04-29T10:03:06Z" level=info msg="Credentials loaded from the AWS config using \"ProcessProvider\" provider" time="2024-04-29T10:03:07Z" level=warning msg="imageContentSources is deprecated, please use ImageDigestSource" time="2024-04-29T10:03:07Z" level=error msg="failed to fetch Master Machines: failed to load asset \"Install Config\": failed to create install config: invalid \"install-config.yaml\" file: fips: Forbidden: target cluster is in FIPS mode, use the FIPS-capable installer binary for RHEL 8 on a host with FIPS enabled.\nTo obtain a suitable binary, download the openshift-install-rhel8 archive from the client mirror, or extract the openshift-install-fips command from the release payload." time="2024-04-29T10:03:08Z" level=error msg="error after waiting for command completion" error="exit status 3" installID=l5qh9nw5 time="2024-04-29T10:03:08Z" level=error msg="error generating installer assets" error="exit status 3" installID=l5qh9nw5 time="2024-04-29T10:03:08Z" level=info msg="reading installer log" installID=l5qh9nw5 time="2024-04-29T10:03:08Z" level=info msg="saving installer output" installID=l5qh9nw5 time="2024-04-29T10:03:08Z" level=debug msg="installer console log: level=info msg=Credentials loaded from the AWS config using \"ProcessProvider\" provider\nlevel=warning msg=imageContentSources is deprecated, please use ImageDigestSource\nlevel=error msg=failed to fetch Master Machines: failed to load asset \"Install Config\": failed to create install config: invalid \"install-config.yaml\" file: fips: Forbidden: target cluster is in FIPS mode, use the FIPS-capable installer binary for RHEL 8 on a host with FIPS enabled.\nlevel=error msg=To obtain a suitable binary, download the openshift-install-rhel8 archive from the client mirror, or extract the openshift-install-fips command from the release payload.\n" installID=l5qh9nw5 time="2024-04-29T10:03:08Z" level=info msg="updating clusterprovision" installID=l5qh9nw5 time="2024-04-29T10:03:08Z" level=debug msg="no additional log fields found" installID=l5qh9nw5 time="2024-04-29T10:03:08Z" level=fatal msg="runtime error" error="exit status 3"
Actual result:
Cluster gets error with above error log
Here is cluster configuration
lixue@Xue-Lis-MacBook-Pro rosa % rosa describe cluster -c sdq-ci-longname-qjrgwacrwdumjqxvijbstkqxdxiqqgbwfjpucr Name: sdq-ci-longname-qjrgwacrwdumjqxvijbstkqxdxiqqgbwfjpucr Domain Prefix: w1m2w5w3e2s9b2x Display Name: sdq-ci-longname-qjrgwacrwdumjqxvijbstkqxdxiqqgbwfjpucr ID: 2aui1uu9mpnm7duof8k5lv1f93ilfrge External ID: Control Plane: Customer Hosted OpenShift Version: Channel Group: nightly DNS: w1m2w5w3e2s9b2x.u81s.s1.devshift.org AWS Account: 301721915996 API URL: Console URL: Region: us-east-1 Multi-AZ: true Nodes: - Control plane: 3 - Infra: 3 - Compute (Autoscaled): 3-6 - Additional Security Group IDs: - Control Plane: sg-0de5e514782ae9112, sg-0e40e9d2d70263047 - Infra: sg-0de5e514782ae9112, sg-0e40e9d2d70263047 Network: - Type: OVNKubernetes - Service CIDR: 172.30.0.0/16 - Machine CIDR: 10.0.0.0/16 - Pod CIDR: 10.128.0.0/14 - Host Prefix: /23 - Subnets: subnet-0a5681e65e4014f81, subnet-0d90ed6c492e50962, subnet-0bef8154b0121086f, subnet-01e90dd4e43f76300, subnet-03e5736fd6c58d36f, subnet-0be14206b9980a681 EC2 Metadata Http Tokens: required Role (STS) ARN: arn:aws:iam::301721915996:role/xdxiqqgbwfjpucr-Installer-Role Support Role ARN: arn:aws:iam::301721915996:role/xdxiqqgbwfjpucr-Support-Role Instance IAM Roles: - Control plane: arn:aws:iam::301721915996:role/xdxiqqgbwfjpucr-ControlPlane-Role - Worker: arn:aws:iam::301721915996:role/xdxiqqgbwfjpucr-Worker-Role Operator IAM Roles: - arn:aws:iam::301721915996:role/xdxiqqgbwfjpucr-oper-openshift-image-registry-installer-cloud-cr - arn:aws:iam::301721915996:role/xdxiqqgbwfjpucr-oper-openshift-ingress-operator-cloud-credential - arn:aws:iam::301721915996:role/xdxiqqgbwfjpucr-oper-openshift-cluster-csi-drivers-ebs-cloud-cre - arn:aws:iam::301721915996:role/xdxiqqgbwfjpucr-oper-openshift-cloud-network-config-controller-c - arn:aws:iam::301721915996:role/xdxiqqgbwfjpucr-oper-openshift-machine-api-aws-cloud-credentials - arn:aws:iam::301721915996:role/xdxiqqgbwfjpucr-oper-openshift-cloud-credential-operator-cloud-c Managed Policies: No State: error (FallbackInvalidInstallConfig) Private: No Delete Protection: Disabled Created: Apr 29 2024 09:57:18 UTC User Workload Monitoring: Disabled FIPS mode: Enabled Details Page: https://qaprodauth.console.redhat.com/openshift/details/s/2flnfnCOX1o6nqoe2jC2RkB7NRk OIDC Endpoint URL: https://oidc-i7m2.s3.us-east-1.amazonaws.com (Unmanaged) Provisioning Error Code: Provisioning Error Message: Failed Inflight Checks: ID: 72bcde44-7cee-4214-b149-50a2cf0a2bd3 Last run: Apr 29 2024 09:59:46 UTC Please run `rosa verify network -c 2aui1uu9mpnm7duof8k5lv1f93ilfrge` after adjusting the cluster's network configuration to remove the warning
And version
lixue@Xue-Lis-MacBook-Pro rosa % ocm get cluster 2aui1uu9mpnm7duof8k5lv1f93ilfrge|jq -r .version.raw_id 4.16.0-0.nightly-2024-04-26-145258
Expect result:
Cluster should get ready