Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-19884

[4.14] Install does not begin if secure boot was enabled for the first time

    XMLWordPrintable

Details

    • Important
    • 1
    • Metal Platform 243, Metal Platform 247
    • 2
    • Rejected
    • Unspecified
    • Hide
      Installation fails when installing {product-title} with the `bootMode` set to `UEFISecureBoot` on a node where Secure Boot is disabled. Subsequent attempts to install {product-title} with Secure Boot enabled will proceed normally. (link:https://issues.redhat.com/browse/OCPBUGS-19884)[*OCPBUGS-19884*])
      Show
      Installation fails when installing {product-title} with the `bootMode` set to `UEFISecureBoot` on a node where Secure Boot is disabled. Subsequent attempts to install {product-title} with Secure Boot enabled will proceed normally. (link: https://issues.redhat.com/browse/OCPBUGS-19884) [* OCPBUGS-19884 *])
    • Release Note
    • Done
    • 12/5: tbd for 4.14.z - updated fix is up for 4.15 OCPBUGS-9303

    Description

      Description of problem:
      If secure boot is currently disabled, and user attempts to enable it via ZTP, install will not begin the first time ZTP was triggered.

      When secure boot is enabled viz ZTP, then boot options will be configured before virtual CD was attached, thus first boot will be booting into existing HD with secure boot on. Install will then get stuck because boot from CD was never triggered.

      Version-Release number of selected component (if applicable):
      4.10

      How reproducible:
      Always

      Steps to Reproduce:
      1. Secure boot is currently disabled in bios
      2. Attempt to deploy a cluster with secure boot enabled via ZTP
      3.

      Actual results:

      • spoke cluster got booted with secure boot option toggled, into existing HD
      • spoke cluster did not boot into virtual CD, thus install never started.
      • agentclusterinstall gets stuck here:
        State: insufficient
        State Info: Cluster is not ready for install

      Expected results:

      • installation started and completed successfully

      Additional info:

      Secure boot config used in ZTP siteconfig:
      http://registry.kni-qe-0.lab.eng.rdu2.redhat.com:3000/kni-qe/ztp-site-configs/src/ff814164cdcd355ed980f1edf269dbc2afbe09aa/siteconfig/master-2.yaml#L40

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-9303 Install does not begin if secure boot was enabled for the first time

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          depends on

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-9303 Install does not begin if secure boot was enabled for the first time

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          links to

          GitHub openshift/ironic-image#404: OCPBUGS-19884: update Ironic to include secure boot fixes

          GitHub openshift/ironic-image#445: OCPBUGS-19884: update Ironic to include secure boot fixes

          Web Link RHBA-2024:0050 OpenShift Container Platform 4.14.z bug fix update

          Web Link RHSA-2023:5006 OpenShift Container Platform 4.14.z security update

          Activity

            People

              rhn-engineering-dtantsur Dmitry Tantsur
              rhn-support-yliu1 Yang Liu
              Periyamaruthu Mohanraj Periyamaruthu Mohanraj
              Red Hat Employee
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: