Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-4403

CLO must-gather doesn't work on FIPS enabled cluster

XMLWordPrintable

    • False
    • None
    • False
    • NEW
    • NEW
    • Prior to this update, the logging must-gather can not gather any logs on the FIPS enabled cluster. A new oc client is now available in cluster-logging-rhel9-operator and must-gather works as expected on FIPS clusters
    • Bug Fix
    • Proposed
    • Log Collection - Sprint 242, Log Collection - Sprint 244, Log Collection - Sprint 245, Log Collection - Sprint 246, Log Collection - Sprint 247, Log Collection - Sprint 248, Log Collection - Sprint 249
    • Important

      Description of problem:

       

      CLO must-gather can not gather any data. Debug logs as below
cat must-gather.local.4013599789171133369/registry-redhat-io-openshift-logging-cluster-logging-rhel9-operator-sha256-9395cd98d934be428132fb3da33f61f5c2e746027152b8cf34dc7c552345c5e4/gather-debug.log 
2023-08-02 02:19:55 BEGIN inspecting CRs...
2023-08-02 02:19:55 BEGIN inspecting CR ns/openshift-operator-lifecycle-manager ...
FIPS mode is enabled, but the required OpenSSL library is not available
2023-08-02 02:19:55 END inspecting CR ns/openshift-operator-lifecycle-manager ...
2023-08-02 02:19:55 BEGIN inspecting CR ns/openshift-logging ...
FIPS mode is enabled, but the required OpenSSL library is not available
2023-08-02 02:19:55 END inspecting CR ns/openshift-logging ...
2023-08-02 02:19:55 BEGIN inspecting CR ns/openshift-operators-redhat ...
FIPS mode is enabled, but the required OpenSSL library is not available
2023-08-02 02:19:55 END inspecting CR ns/openshift-operators-redhat ...
2023-08-02 02:19:55 BEGIN inspecting CR nodes ...
FIPS mode is enabled, but the required OpenSSL library is not available
2023-08-02 02:19:55 END inspecting CR nodes ...
2023-08-02 02:19:55 BEGIN inspecting CR clusterroles ...
FIPS mode is enabled, but the required OpenSSL library is not available
2023-08-02 02:19:55 END inspecting CR clusterroles ...
2023-08-02 02:19:55 BEGIN inspecting CR clusterrolebindings ...
FIPS mode is enabled, but the required OpenSSL library is not available
2023-08-02 02:19:55 END inspecting CR clusterrolebindings ...
2023-08-02 02:19:55 BEGIN inspecting CR persistentvolumes ...
FIPS mode is enabled, but the required OpenSSL library is not available
2023-08-02 02:19:55 END inspecting CR persistentvolumes ...
2023-08-02 02:19:55 END inspecting CRs...
2023-08-02 02:19:55 BEGIN inspecting namespaces ...
2023-08-02 02:19:55 BEGIN inspecting namespace openshift-logging/pods ...
FIPS mode is enabled, but the required OpenSSL library is not available
2023-08-02 02:19:55 END inspecting namespace openshift-logging/pods ...
2023-08-02 02:19:55 BEGIN inspecting namespace openshift-logging/roles ...
FIPS mode is enabled, but the required OpenSSL library is not available
2023-08-02 02:19:55 END inspecting namespace openshift-logging/roles ...
2023-08-02 02:19:55 BEGIN inspecting namespace openshift-logging/rolebindings ...
FIPS mode is enabled, but the required OpenSSL library is not available
2023-08-02 02:19:55 END inspecting namespace openshift-logging/rolebindings ...
2023-08-02 02:19:55 BEGIN inspecting namespace openshift-logging/configmaps ...
FIPS mode is enabled, but the required OpenSSL library is not available
2023-08-02 02:19:55 END inspecting namespace openshift-logging/configmaps ...
2023-08-02 02:19:55 BEGIN inspecting namespace openshift-logging/serviceaccounts ...
FIPS mode is enabled, but the required OpenSSL library is not available
2023-08-02 02:19:55 END inspecting namespace openshift-logging/serviceaccounts ...
2023-08-02 02:19:55 BEGIN inspecting namespace openshift-logging/events ...
FIPS mode is enabled, but the required OpenSSL library is not available
2023-08-02 02:19:55 END inspecting namespace openshift-logging/events ...
2023-08-02 02:19:55 BEGIN inspecting namespace openshift-operator-lifecycle-manager/pods ...
FIPS mode is enabled, but the required OpenSSL library is not available
2023-08-02 02:19:55 END inspecting namespace openshift-operator-lifecycle-manager/pods ...
2023-08-02 02:19:55 BEGIN inspecting namespace openshift-operator-lifecycle-manager/roles ...
FIPS mode is enabled, but the required OpenSSL library is not available
2023-08-02 02:19:55 END inspecting namespace openshift-operator-lifecycle-manager/roles ...
2023-08-02 02:19:55 BEGIN inspecting namespace openshift-operator-lifecycle-manager/rolebindings ...
FIPS mode is enabled, but the required OpenSSL library is not available
2023-08-02 02:19:55 END inspecting namespace openshift-operator-lifecycle-manager/rolebindings ...
2023-08-02 02:19:55 BEGIN inspecting namespace openshift-operator-lifecycle-manager/configmaps ...
FIPS mode is enabled, but the required OpenSSL library is not available
2023-08-02 02:19:55 END inspecting namespace openshift-operator-lifecycle-manager/configmaps ...
2023-08-02 02:19:55 BEGIN inspecting namespace openshift-operator-lifecycle-manager/serviceaccounts ...
FIPS mode is enabled, but the required OpenSSL library is not available
2023-08-02 02:19:55 END inspecting namespace openshift-operator-lifecycle-manager/serviceaccounts ...
2023-08-02 02:19:55 BEGIN inspecting namespace openshift-operator-lifecycle-manager/events ...
FIPS mode is enabled, but the required OpenSSL library is not available
2023-08-02 02:19:55 END inspecting namespace openshift-operator-lifecycle-manager/events ...
2023-08-02 02:19:55 BEGIN inspecting namespace openshift-operators-redhat/pods ...
FIPS mode is enabled, but the required OpenSSL library is not available
2023-08-02 02:19:55 END inspecting namespace openshift-operators-redhat/pods ...
2023-08-02 02:19:55 BEGIN inspecting namespace openshift-operators-redhat/roles ...
FIPS mode is enabled, but the required OpenSSL library is not available
2023-08-02 02:19:55 END inspecting namespace openshift-operators-redhat/roles ...
2023-08-02 02:19:55 BEGIN inspecting namespace openshift-operators-redhat/rolebindings ...
FIPS mode is enabled, but the required OpenSSL library is not available
2023-08-02 02:19:55 END inspecting namespace openshift-operators-redhat/rolebindings ...
2023-08-02 02:19:55 BEGIN inspecting namespace openshift-operators-redhat/configmaps ...
FIPS mode is enabled, but the required OpenSSL library is not available
2023-08-02 02:19:55 END inspecting namespace openshift-operators-redhat/configmaps ...
2023-08-02 02:19:55 BEGIN inspecting namespace openshift-operators-redhat/serviceaccounts ...
FIPS mode is enabled, but the required OpenSSL library is not available
2023-08-02 02:19:55 END inspecting namespace openshift-operators-redhat/serviceaccounts ...
2023-08-02 02:19:55 BEGIN inspecting namespace openshift-operators-redhat/events ...
FIPS mode is enabled, but the required OpenSSL library is not available
2023-08-02 02:19:55 END inspecting namespace openshift-operators-redhat/events ...
2023-08-02 02:19:55 END inspecting namespaces ...
2023-08-02 02:19:55 BEGIN inspecting install resources ...
2023-08-02 02:19:55 Skipping install inspection.  No CLO or EO deployment found
2023-08-02 02:19:55 END inspecting install resources ...
2023-08-02 02:19:55 Skipping collection inspection.  No CLO found
2023-08-02 02:19:55 Skipping logstorage inspection.  No Elasticsearch deployment found

       

      Version-Release number of selected component (if applicable):

      cluster-logging-rhel9-operator/images/v5.8.0-101

      How reproducible:

      Always

      Steps to Reproduce:

      1. Deploy Logging 5.8 and clusterlogging/instance
      2. oc adm must-gather --image=$(oc -n openshift-logging get deployment.apps/cluster-logging-operator -o jsonpath='{.spec.template.spec.containers[?(@.name == "cluster-logging-operator")].image}')

              cahartma@redhat.com Casey Hartman
              rhn-support-anli Anping Li
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: