Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-22335

Tang encryption note within 4.13 is no longer accurate

XMLWordPrintable

    • Informational
    • No
    • OSDOCS Sprint 244
    • 1
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      The following note is present in 4.13 "Customizing Nodes" section (https://docs.openshift.com/container-platform/4.13/installing/install_config/installing-customizing.html#installation-special-config-storage-procedure_installing-customizing):

~~~
RHEL 8 provides Clevis version 15, which uses the SHA-1 hash algorithm to generate thumbprints. Some other distributions provide Clevis version 17 or later, which use the SHA-256 hash algorithm for thumbprints. You must use a Clevis version that uses SHA-1 to create the thumbprint, to prevent Clevis binding issues when you install Red Hat Enterprise Linux CoreOS (RHCOS) on your OpenShift Container Platform cluster nodes.
~~~

However, since OCP 4.13, we are using RHCOS-413.92 based on RHEL9 that contains clevis package "clevis-18-110.el9.x86_64", therefore, I think this note should be reworded or even removed for 4.13+

NOTE: Using RHEL8 with older clevis 15 is still compatible with OCP 4.13+

      Version-Release number of selected component (if applicable):

      4.13+

      How reproducible:

      N/A

      Steps to Reproduce:

      N/A

      Actual results:

      N/A

      Expected results:

      N/A

      Additional info:

       

            rhn-support-jdohmann Jesse Dohmann
            rhn-support-pamoedom Pedro Jose Amoedo Martinez
            Michael Nguyen Michael Nguyen
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: