Uploaded image for project: 'OCMUI - OpenShift Cluster Manager UI'
  1. OCMUI - OpenShift Cluster Manager UI
  2. OCMUI-135

UI work for for enabling UEFISecureBoot for VMs (as required by ShieldVM policy) for OSD in GCP

XMLWordPrintable

    • UI work for for enabling UEFISecureBoot for VMs (as required by ShieldVM policy) for OSD in GCP
    • True
    • Hide

      API and Design

      Show
      API and Design
    • False
    • To Do
    • XCMSTRAT-115 - [OSD RFE] Enable UEFISecureBoot for VMs (as required by ShieldVM policy) for OSD in GCP
    • 0% To Do, 0% In Progress, 100% Done

      This is a placeholder ticket for providing admins the flexibility to provision the OSD clusters on GCP with and without UEFISecureBoot (i.e. with or without "constraints/compute.requireShieldedVm" policy), via the OCM UI. 

      For more details on the feature, refer XCMSTRAT-115.

       

      Update, July 17, 2023 (post discussion with SREPs)

      • Enabling Secure Boot by default can impact the ability to load GPU drivers if they are unsigned. Ref: https://cloud.google.com/compute/docs/gpus/install-drivers-gpu#secure-boot
      • Therefore, it was decided to have admin users explicitly opt in for "platform.gcp.defaultMachinePlatform.secureBoot" when provisioning the OSD cluster on GCP. This is assumed to be enabled/disabled by a new field in the OCM UI.
      • Based on whether "platform.gcp.defaultMachinePlatform.secureBoot" is enabled or disabled, the admin must ensure "constraints/compute.requireShieldedVm" policy is in or NOT in place in the GCP console. 
        Background: Before implementing this feature, the admin must ensure "constraints/compute.requireShieldedVm" policy is NOT place as listed in the OSD documentation.

          1.
          		 DOD: Training materials supplied to Support/SRE Sub-task To Do Undefined Unassigned
          2.
          		 DOD: Docs verified by QE Sub-task To Do Undefined Unassigned
          3.
          		 DOD: Docs completed and merged Sub-task To Do Undefined Unassigned
          4.
          		 DOD: All known issues captured and blockers resolved Sub-task To Do Undefined Unassigned
          5.
          		 DOD: All work items belonging to this Epic are complete Sub-task Closed Undefined Unassigned
          6.
          		 DOD: Code merged for regular build/release testing in the HAC Common CI/CD framework Sub-task To Do Undefined Unassigned
          7.
          		 DOD: CI runs successfully with test automation Sub-task To Do Undefined Unassigned
          8.
          		 DOD: Automated/Integrated tests complete Sub-task To Do Undefined Unassigned
          9.
          		 DOD: Architectural artifacts completed, reviewed and stored Sub-task To Do Undefined Unassigned
          10.
          		 DOD: Product Manager and UX signed off on solution Sub-task To Do Undefined Unassigned
          11.
          		 DOD: Acceptance criteria related to this Epic has been identified and met Sub-task To Do Undefined Unassigned

              rh-ee-dcooper Dylan Cooper
              rh-ee-smulkutk Shreyans Mulkutkar
              Vitor Graziano Vitor Graziano (Inactive)
              HAC
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: