Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-4403

CLO must-gather doesn't work on FIPS enabled cluster

    XMLWordPrintable

Details

    • False
    • None
    • False
    • NEW
    • NEW
    • Prior to this update, the logging must-gather can not gather any logs on the FIPS enabled cluster. A new oc client is now available in cluster-logging-rhel9-operator and must-gather works as expected on FIPS clusters
    • Bug Fix
    • Proposed
    • Log Collection - Sprint 242, Log Collection - Sprint 244, Log Collection - Sprint 245, Log Collection - Sprint 246, Log Collection - Sprint 247, Log Collection - Sprint 248, Log Collection - Sprint 249

    Description

      Description of problem:

       

      CLO must-gather can not gather any data. Debug logs as below
      cat must-gather.local.4013599789171133369/registry-redhat-io-openshift-logging-cluster-logging-rhel9-operator-sha256-9395cd98d934be428132fb3da33f61f5c2e746027152b8cf34dc7c552345c5e4/gather-debug.log 
      2023-08-02 02:19:55 BEGIN inspecting CRs...
      2023-08-02 02:19:55 BEGIN inspecting CR ns/openshift-operator-lifecycle-manager ...
      FIPS mode is enabled, but the required OpenSSL library is not available
      2023-08-02 02:19:55 END inspecting CR ns/openshift-operator-lifecycle-manager ...
      2023-08-02 02:19:55 BEGIN inspecting CR ns/openshift-logging ...
      FIPS mode is enabled, but the required OpenSSL library is not available
      2023-08-02 02:19:55 END inspecting CR ns/openshift-logging ...
      2023-08-02 02:19:55 BEGIN inspecting CR ns/openshift-operators-redhat ...
      FIPS mode is enabled, but the required OpenSSL library is not available
      2023-08-02 02:19:55 END inspecting CR ns/openshift-operators-redhat ...
      2023-08-02 02:19:55 BEGIN inspecting CR nodes ...
      FIPS mode is enabled, but the required OpenSSL library is not available
      2023-08-02 02:19:55 END inspecting CR nodes ...
      2023-08-02 02:19:55 BEGIN inspecting CR clusterroles ...
      FIPS mode is enabled, but the required OpenSSL library is not available
      2023-08-02 02:19:55 END inspecting CR clusterroles ...
      2023-08-02 02:19:55 BEGIN inspecting CR clusterrolebindings ...
      FIPS mode is enabled, but the required OpenSSL library is not available
      2023-08-02 02:19:55 END inspecting CR clusterrolebindings ...
      2023-08-02 02:19:55 BEGIN inspecting CR persistentvolumes ...
      FIPS mode is enabled, but the required OpenSSL library is not available
      2023-08-02 02:19:55 END inspecting CR persistentvolumes ...
      2023-08-02 02:19:55 END inspecting CRs...
      2023-08-02 02:19:55 BEGIN inspecting namespaces ...
      2023-08-02 02:19:55 BEGIN inspecting namespace openshift-logging/pods ...
      FIPS mode is enabled, but the required OpenSSL library is not available
      2023-08-02 02:19:55 END inspecting namespace openshift-logging/pods ...
      2023-08-02 02:19:55 BEGIN inspecting namespace openshift-logging/roles ...
      FIPS mode is enabled, but the required OpenSSL library is not available
      2023-08-02 02:19:55 END inspecting namespace openshift-logging/roles ...
      2023-08-02 02:19:55 BEGIN inspecting namespace openshift-logging/rolebindings ...
      FIPS mode is enabled, but the required OpenSSL library is not available
      2023-08-02 02:19:55 END inspecting namespace openshift-logging/rolebindings ...
      2023-08-02 02:19:55 BEGIN inspecting namespace openshift-logging/configmaps ...
      FIPS mode is enabled, but the required OpenSSL library is not available
      2023-08-02 02:19:55 END inspecting namespace openshift-logging/configmaps ...
      2023-08-02 02:19:55 BEGIN inspecting namespace openshift-logging/serviceaccounts ...
      FIPS mode is enabled, but the required OpenSSL library is not available
      2023-08-02 02:19:55 END inspecting namespace openshift-logging/serviceaccounts ...
      2023-08-02 02:19:55 BEGIN inspecting namespace openshift-logging/events ...
      FIPS mode is enabled, but the required OpenSSL library is not available
      2023-08-02 02:19:55 END inspecting namespace openshift-logging/events ...
      2023-08-02 02:19:55 BEGIN inspecting namespace openshift-operator-lifecycle-manager/pods ...
      FIPS mode is enabled, but the required OpenSSL library is not available
      2023-08-02 02:19:55 END inspecting namespace openshift-operator-lifecycle-manager/pods ...
      2023-08-02 02:19:55 BEGIN inspecting namespace openshift-operator-lifecycle-manager/roles ...
      FIPS mode is enabled, but the required OpenSSL library is not available
      2023-08-02 02:19:55 END inspecting namespace openshift-operator-lifecycle-manager/roles ...
      2023-08-02 02:19:55 BEGIN inspecting namespace openshift-operator-lifecycle-manager/rolebindings ...
      FIPS mode is enabled, but the required OpenSSL library is not available
      2023-08-02 02:19:55 END inspecting namespace openshift-operator-lifecycle-manager/rolebindings ...
      2023-08-02 02:19:55 BEGIN inspecting namespace openshift-operator-lifecycle-manager/configmaps ...
      FIPS mode is enabled, but the required OpenSSL library is not available
      2023-08-02 02:19:55 END inspecting namespace openshift-operator-lifecycle-manager/configmaps ...
      2023-08-02 02:19:55 BEGIN inspecting namespace openshift-operator-lifecycle-manager/serviceaccounts ...
      FIPS mode is enabled, but the required OpenSSL library is not available
      2023-08-02 02:19:55 END inspecting namespace openshift-operator-lifecycle-manager/serviceaccounts ...
      2023-08-02 02:19:55 BEGIN inspecting namespace openshift-operator-lifecycle-manager/events ...
      FIPS mode is enabled, but the required OpenSSL library is not available
      2023-08-02 02:19:55 END inspecting namespace openshift-operator-lifecycle-manager/events ...
      2023-08-02 02:19:55 BEGIN inspecting namespace openshift-operators-redhat/pods ...
      FIPS mode is enabled, but the required OpenSSL library is not available
      2023-08-02 02:19:55 END inspecting namespace openshift-operators-redhat/pods ...
      2023-08-02 02:19:55 BEGIN inspecting namespace openshift-operators-redhat/roles ...
      FIPS mode is enabled, but the required OpenSSL library is not available
      2023-08-02 02:19:55 END inspecting namespace openshift-operators-redhat/roles ...
      2023-08-02 02:19:55 BEGIN inspecting namespace openshift-operators-redhat/rolebindings ...
      FIPS mode is enabled, but the required OpenSSL library is not available
      2023-08-02 02:19:55 END inspecting namespace openshift-operators-redhat/rolebindings ...
      2023-08-02 02:19:55 BEGIN inspecting namespace openshift-operators-redhat/configmaps ...
      FIPS mode is enabled, but the required OpenSSL library is not available
      2023-08-02 02:19:55 END inspecting namespace openshift-operators-redhat/configmaps ...
      2023-08-02 02:19:55 BEGIN inspecting namespace openshift-operators-redhat/serviceaccounts ...
      FIPS mode is enabled, but the required OpenSSL library is not available
      2023-08-02 02:19:55 END inspecting namespace openshift-operators-redhat/serviceaccounts ...
      2023-08-02 02:19:55 BEGIN inspecting namespace openshift-operators-redhat/events ...
      FIPS mode is enabled, but the required OpenSSL library is not available
      2023-08-02 02:19:55 END inspecting namespace openshift-operators-redhat/events ...
      2023-08-02 02:19:55 END inspecting namespaces ...
      2023-08-02 02:19:55 BEGIN inspecting install resources ...
      2023-08-02 02:19:55 Skipping install inspection.  No CLO or EO deployment found
      2023-08-02 02:19:55 END inspecting install resources ...
      2023-08-02 02:19:55 Skipping collection inspection.  No CLO found
      2023-08-02 02:19:55 Skipping logstorage inspection.  No Elasticsearch deployment found
      

       

      Version-Release number of selected component (if applicable):

      cluster-logging-rhel9-operator/images/v5.8.0-101

      How reproducible:

      Always

      Steps to Reproduce:

      1. Deploy Logging 5.8 and clusterlogging/instance
      2. oc adm must-gather --image=$(oc -n openshift-logging get deployment.apps/cluster-logging-operator -o jsonpath='{.spec.template.spec.containers[?(@.name == "cluster-logging-operator")].image}')

      Attachments

        Activity

          People

            cahartma@redhat.com Casey Hartman
            anli@redhat.com Anping Li
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: