Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Major
Fix Version/s: 4.14.z
Affects Version/s: 4.10
Component/s: Bare Metal Hardware Provisioning / ironic
Labels:

Severity:
Important
Story Points:
1
Sprint:
Metal Platform 243, Metal Platform 247
sprint_count:
2
Release Blocker:
Rejected
Architecture:

Unspecified
Release Note Text:

Hide
Installation fails when installing {product-title} with the `bootMode` set to `UEFISecureBoot` on a node where Secure Boot is disabled. Subsequent attempts to install {product-title} with Secure Boot enabled will proceed normally. (link:https://issues.redhat.com/browse/OCPBUGS-19884)[*~~OCPBUGS-19884~~*])

Show
Installation fails when installing {product-title} with the `bootMode` set to `UEFISecureBoot` on a node where Secure Boot is disabled. Subsequent attempts to install {product-title} with Secure Boot enabled will proceed normally. (link: https://issues.redhat.com/browse/OCPBUGS-19884) [* OCPBUGS-19884 *])
Release Note Type:
Release Note
Release Note Status:
Done
Internal Whiteboard:
Latest Status Summary:
12/5: tbd for 4.14.z - updated fix is up for 4.15 ~~OCPBUGS-9303~~
Target Version:

4.14.z

SFDC Cases Counter:
SFDC Cases Links:

Description of problem:
If secure boot is currently disabled, and user attempts to enable it via ZTP, install will not begin the first time ZTP was triggered.

When secure boot is enabled viz ZTP, then boot options will be configured before virtual CD was attached, thus first boot will be booting into existing HD with secure boot on. Install will then get stuck because boot from CD was never triggered.

Version-Release number of selected component (if applicable):
4.10

How reproducible:
Always

Steps to Reproduce:
1. Secure boot is currently disabled in bios
2. Attempt to deploy a cluster with secure boot enabled via ZTP
3.

Actual results:

spoke cluster got booted with secure boot option toggled, into existing HD
spoke cluster did not boot into virtual CD, thus install never started.
agentclusterinstall gets stuck here:
State: insufficient
State Info: Cluster is not ready for install

Expected results:

installation started and completed successfully

Additional info:

Secure boot config used in ZTP siteconfig:
http://registry.kni-qe-0.lab.eng.rdu2.redhat.com:3000/kni-qe/ztp-site-configs/src/ff814164cdcd355ed980f1edf269dbc2afbe09aa/siteconfig/master-2.yaml#L40

clones

OCPBUGS-9303 Install does not begin if secure boot was enabled for the first time

Closed

depends on

OCPBUGS-9303 Install does not begin if secure boot was enabled for the first time

Closed

links to

openshift/ironic-image#404: OCPBUGS-19884: update Ironic to include secure boot fixes

openshift/ironic-image#445: OCPBUGS-19884: update Ironic to include secure boot fixes

RHBA-2024:0050 OpenShift Container Platform 4.14.z bug fix update

RHSA-2023:5006 OpenShift Container Platform 4.14.z security update

(1 links to)

Assignee:: Dmitry Tantsur

Reporter:: Yang Liu

QA Contact:: Periyamaruthu Mohanraj

Contributing Groups:: Red Hat Employee

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Created:: 2023/09/28 10:04 AM

Updated:: 2024/01/09 4:55 PM

Resolved:: 2024/01/09 4:55 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates