Details
-
Bug
-
Resolution: Not a Bug
-
Undefined
-
None
-
4.11
-
Important
-
False
-
Description
Description of problem:
Getting error message after running ETCD encryption in ppc64le
Version-Release number of selected component (if applicable):
OCP 4.11
How reproducible:
To encypt etcd data using documentationed mentioned below link: https://docs.openshift.com/container-platform/4.11/security/encrypting-etcd.html we are following above link to encrypt etcd data.
Steps to Reproduce:
1.Modify the APIServer object: $ oc edit apiserver 2. Set the encryption field type to aescbc spec: encryption: type: aescbc 3.Save the file to apply the changes. once done we are getting appropriate result which are mentioned in the document.
Actual results:
EncryptionCompleted All resources encrypted: routes.route.openshift.io
Expected results:
we are getting expected result but when we try to check od describe etcd cluster command for TLS security profile task we are getting below error message: is it expected? Latest Available Revision Reason: Node Statuses: Current Revision: 18 Last Failed Count: 1 Last Failed Reason: InstallerFailed Last Failed Revision: 7 Last Failed Revision Errors: installer: 00079bc20 0xc00079b7c0 0xc00079b720 0xc00079b540 0xc00079b900 0xc00079ba40 0xc00079b860 0xc00079b400 0xc00079 b5e0 0xc00079a500 0xc00079a5a0 0xc00079a640 0xc00079b9a0 0xc00079a6e0 0xc00079a780] map[104:0xc0007a7e00 118:0xc00079a6e0] [] -1 0 0xc0008e59e0 true <nil> []} I0901 12:59:27.404995 1 cmd.go:93] (*installerpod.InstallOptions)(0xc00073f040)({ KubeConfig: (string) "", KubeClient: (kubernetes.Interface) <nil>, Revision: (string) (len=1) "7", NodeName: (string) "", Namespace: (string) (len=14) "openshift-etcd", PodConfigMapNamePrefix: (string) (len=8) "etcd-pod", SecretNamePrefixes: ([]string) (len=1 cap=1) { (string) (len=14) "etcd-all-certs" }, OptionalSecretNamePrefixes: ([]string) <nil>, ConfigMapNamePrefixes: ([]string) (len=6 cap=8) { (string) (len=8) "etcd-pod", (string) (len=15) "etcd-serving-ca", (string) (len=19) "etcd-peer-client-ca", (string) (len=29) "etcd-metrics-proxy-serving-ca", (string) (len=28) "etcd-metrics-proxy-client-ca", (string) (len=14) "etcd-endpoints" }, OptionalConfigMapNamePrefixes: ([]string) <nil>, CertSecretNames: ([]string) (len=1 cap=1) { (string) (len=14) "etcd-all-certs" }, OptionalCertSecretNamePrefixes: ([]string) <nil>, CertConfigMapNamePrefixes: ([]string) (len=6 cap=8) { (string) (len=16) "restore-etcd-pod", (string) (len=12) "etcd-scripts", (string) (len=15) "etcd-serving-ca", (string) (len=19) "etcd-peer-client-ca", (string) (len=29) "etcd-metrics-proxy-serving-ca", (string) (len=28) "etcd-metrics-proxy-client-ca" }, OptionalCertConfigMapNamePrefixes: ([]string) <nil>, CertDir: (string) (len=47) "/etc/kubernetes/static-pod-resources/etcd-certs", ResourceDir: (string) (len=36) "/etc/kubernetes/static-pod-resources", PodManifestDir: (string) (len=25) "/etc/kubernetes/manifests", Timeout: (time.Duration) 2m0s, StaticPodManifestsLockFile: (string) "", PodMutationFns: ([]installerpod.PodMutationFunc) <nil>, KubeletVersion: (string) "" }) F0901 13:00:28.516113 1 cmd.go:106] timed out waiting for the condition Last Failed Time: 2022-09-01T13:01:36Z Node Name: master0.security-new.cp.fyre.ibm.com Current Revision: 18 Node Name: master2.security-new.cp.fyre.ibm.com Current Revision: 18 Node Name: master1.security-new.cp.fyre.ibm.com Ready Replicas: 0 Events: <none>
Additional info: