Details
-
Bug
-
Resolution: Not a Bug
-
Undefined
-
None
-
4.11
-
Important
-
False
-
Description
Description of problem:
Getting error message after running ETCD encryption in ppc64le
Version-Release number of selected component (if applicable):
OCP 4.11
How reproducible:
To encypt etcd data using documentationed mentioned below link: https://docs.openshift.com/container-platform/4.11/security/encrypting-etcd.html we are following above link to encrypt etcd data.
Steps to Reproduce:
1.Modify the APIServer object:
$ oc edit apiserver
2. Set the encryption field type to aescbc
spec:
encryption:
type: aescbc
3.Save the file to apply the changes.
once done we are getting appropriate result which are mentioned in the document.
Actual results:
EncryptionCompleted All resources encrypted: routes.route.openshift.io
Expected results:
we are getting expected result but when we try to check od describe etcd cluster command for TLS security profile task we are getting below error message:
is it expected?
Latest Available Revision Reason:
Node Statuses:
Current Revision: 18
Last Failed Count: 1
Last Failed Reason: InstallerFailed
Last Failed Revision: 7
Last Failed Revision Errors:
installer: 00079bc20 0xc00079b7c0 0xc00079b720 0xc00079b540 0xc00079b900 0xc00079ba40 0xc00079b860 0xc00079b400 0xc00079 b5e0 0xc00079a500 0xc00079a5a0 0xc00079a640 0xc00079b9a0 0xc00079a6e0 0xc00079a780] map[104:0xc0007a7e00 118:0xc00079a6e0] [] -1 0 0xc0008e59e0 true <nil> []}
I0901 12:59:27.404995 1 cmd.go:93] (*installerpod.InstallOptions)(0xc00073f040)({
KubeConfig: (string) "",
KubeClient: (kubernetes.Interface) <nil>,
Revision: (string) (len=1) "7",
NodeName: (string) "",
Namespace: (string) (len=14) "openshift-etcd",
PodConfigMapNamePrefix: (string) (len=8) "etcd-pod",
SecretNamePrefixes: ([]string) (len=1 cap=1) {
(string) (len=14) "etcd-all-certs"
},
OptionalSecretNamePrefixes: ([]string) <nil>,
ConfigMapNamePrefixes: ([]string) (len=6 cap=8) {
(string) (len=8) "etcd-pod",
(string) (len=15) "etcd-serving-ca",
(string) (len=19) "etcd-peer-client-ca",
(string) (len=29) "etcd-metrics-proxy-serving-ca",
(string) (len=28) "etcd-metrics-proxy-client-ca",
(string) (len=14) "etcd-endpoints"
},
OptionalConfigMapNamePrefixes: ([]string) <nil>,
CertSecretNames: ([]string) (len=1 cap=1) {
(string) (len=14) "etcd-all-certs"
},
OptionalCertSecretNamePrefixes: ([]string) <nil>,
CertConfigMapNamePrefixes: ([]string) (len=6 cap=8) {
(string) (len=16) "restore-etcd-pod",
(string) (len=12) "etcd-scripts",
(string) (len=15) "etcd-serving-ca",
(string) (len=19) "etcd-peer-client-ca",
(string) (len=29) "etcd-metrics-proxy-serving-ca",
(string) (len=28) "etcd-metrics-proxy-client-ca"
},
OptionalCertConfigMapNamePrefixes: ([]string) <nil>,
CertDir: (string) (len=47) "/etc/kubernetes/static-pod-resources/etcd-certs",
ResourceDir: (string) (len=36) "/etc/kubernetes/static-pod-resources",
PodManifestDir: (string) (len=25) "/etc/kubernetes/manifests",
Timeout: (time.Duration) 2m0s,
StaticPodManifestsLockFile: (string) "",
PodMutationFns: ([]installerpod.PodMutationFunc) <nil>,
KubeletVersion: (string) ""
})
F0901 13:00:28.516113 1 cmd.go:106] timed out waiting for the condition Last Failed Time: 2022-09-01T13:01:36Z
Node Name: master0.security-new.cp.fyre.ibm.com
Current Revision: 18
Node Name: master2.security-new.cp.fyre.ibm.com
Current Revision: 18
Node Name: master1.security-new.cp.fyre.ibm.com
Ready Replicas: 0
Events: <none>
Additional info:
