Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Major
Fix Version/s: 4.16.0
Affects Version/s: 4.15.0
Component/s: oc
Labels:
None

Test Coverage:

+
Test Link:
https://polarion.engineering.redhat.com/polarion/#/project/OSE/workitem?id=OCP-76116
Regression:
No
Release Blocker:
Rejected
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Text:

Hide
--- update ---
Added by PR #77748

If the oc compiled in RHEL8 is used in a FIPS enabled RHEL9 cluster, oc fails. Now, to mitigate the problem, we also generates RHEL9 compatible oc binary in addition to the default one that customer can use if they get an error.

Show
--- update --- Added by PR #77748 If the oc compiled in RHEL8 is used in a FIPS enabled RHEL9 cluster, oc fails. Now, to mitigate the problem, we also generates RHEL9 compatible oc binary in addition to the default one that customer can use if they get an error.
Release Note Type:
Bug Fix
Release Note Status:
Done
RH Private Keywords:
Target Version:

4.16.0

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Impact Score:
PX Priority Data:

Description of problem:

Unable to run oc commands in FIPS enable OCP cluster on PowerVS

Version-Release number of selected component (if applicable):

4.15.0-ec2

How reproducible:

Deploy OCP cluster with FIPS enabled

Steps to Reproduce:

1. Enable the var in var.tfvars - fips_compliant      = true
2. Deploy the cluster
3. run oc commands

Actual results:

[root@rdr-swap-fips-syd05-bastion-0 ~]# oc version
FIPS mode is enabled, but the required OpenSSL library is not available

[root@rdr-swap-fips-syd05-bastion-0 ~]# oc debug node/syd05-master-0.rdr-swap-fips.ibm.com
FIPS mode is enabled, but the required OpenSSL library is not available

[root@rdr-swap-fips-syd05-bastion-0 ~]# fips-mode-setup --check
FIPS mode is enabled.

Expected results:

# oc debug node/syd05-master-0.rdr-swap-fips1.ibm.com
Temporary namespace openshift-debug-dns7d is created for debugging node...
Starting pod/syd05-master-0rdr-swap-fips1ibmcom-debug-hs4dr ...
To use host binaries, run `chroot /host`
Pod IP: 193.168.200.9

Additional info:

Not able to collect must gather logs due to the issue

links - https://access.redhat.com/solutions/7034387

blocks

OCPBUGS-28204 Implement multi-rhel artifact extraction

Verified

is cloned by

OCPBUGS-23552 Unable to use openshift-install on RHEL9 Host with FIPS enabled OCP cluster on PowerVS (IBMCloud)

Closed

OCPBUGS-23549 Unable to run ccoctl commands on RHEL9 Host with FIPS enabled OCP cluster

Closed

OCPBUGS-23551 Unable to use opm on RHEL9 Host with FIPS enabled OCP cluster

Closed

is related to

OCPBUGS-25461 Implement multi-rhel artifact extraction

Closed

links to

openshift-eng/ocp-build-data#4046: OCPBUGS-23386: add rhel-9-golang in cli artifacts stream

openshift/oc#1632: OCPBUGS-23386: Generate FIPS compatible RHEL9 oc binary

openshift/oc#1691: OCPBUGS-23386: Extract oc also for linux/ppc64le

RHEA-2024:0041 OpenShift Container Platform 4.16.z bug fix update

(4 links to)

Assignee:: Arda Guclu

Reporter:: Swapnil Bobade

QA Contact:: Julie Mathew

Votes:: 5 Vote for this issue

Watchers:: 32 Start watching this issue

Created:: 2023/11/17 7:27 AM

Updated:: 2024/09/13 10:30 AM

Resolved:: 2024/06/27 11:37 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates