Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-19884

[4.14] Install does not begin if secure boot was enabled for the first time

XMLWordPrintable

    • Important
    • None
    • 1
    • Metal Platform 243, Metal Platform 247
    • 2
    • Rejected
    • Unspecified
    • Hide
      Installation fails when installing {product-title} with the `bootMode` set to `UEFISecureBoot` on a node where Secure Boot is disabled. Subsequent attempts to install {product-title} with Secure Boot enabled will proceed normally. (link:https://issues.redhat.com/browse/OCPBUGS-19884)[*OCPBUGS-19884*])
      Show
      Installation fails when installing {product-title} with the `bootMode` set to `UEFISecureBoot` on a node where Secure Boot is disabled. Subsequent attempts to install {product-title} with Secure Boot enabled will proceed normally. (link: https://issues.redhat.com/browse/OCPBUGS-19884) [* OCPBUGS-19884 *])
    • Release Note
    • Done
    • 12/5: tbd for 4.14.z - updated fix is up for 4.15 OCPBUGS-9303

      Description of problem:
      If secure boot is currently disabled, and user attempts to enable it via ZTP, install will not begin the first time ZTP was triggered.

      When secure boot is enabled viz ZTP, then boot options will be configured before virtual CD was attached, thus first boot will be booting into existing HD with secure boot on. Install will then get stuck because boot from CD was never triggered.

      Version-Release number of selected component (if applicable):
      4.10

      How reproducible:
      Always

      Steps to Reproduce:
      1. Secure boot is currently disabled in bios
      2. Attempt to deploy a cluster with secure boot enabled via ZTP
      3.

      Actual results:

      • spoke cluster got booted with secure boot option toggled, into existing HD
      • spoke cluster did not boot into virtual CD, thus install never started.
      • agentclusterinstall gets stuck here:
        State: insufficient
        State Info: Cluster is not ready for install

      Expected results:

      • installation started and completed successfully

      Additional info:

      Secure boot config used in ZTP siteconfig:
      http://registry.kni-qe-0.lab.eng.rdu2.redhat.com:3000/kni-qe/ztp-site-configs/src/ff814164cdcd355ed980f1edf269dbc2afbe09aa/siteconfig/master-2.yaml#L40

              rhn-engineering-dtantsur Dmitry Tantsur
              rhn-support-yliu1 Yang Liu
              Periyamaruthu Mohanraj Periyamaruthu Mohanraj
              Red Hat Employee
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: