Details
-
Bug
-
Resolution: Unresolved
-
Major
-
4.15.0
-
None
-
No
-
Rejected
-
False
-
-
If the oc compiled in RHEL8 is used in a FIPS enabled RHEL9 cluster, oc fails. Now, to mitigate the problem, we also generates RHEL9 compatible oc binary in addition to the default one that customer can use if they get an error.
-
Bug Fix
Description
Description of problem:
Unable to run oc commands in FIPS enable OCP cluster on PowerVS
Version-Release number of selected component (if applicable):
4.15.0-ec2
How reproducible:
Deploy OCP cluster with FIPS enabled
Steps to Reproduce:
1. Enable the var in var.tfvars - fips_compliant = true 2. Deploy the cluster 3. run oc commands
Actual results:
[root@rdr-swap-fips-syd05-bastion-0 ~]# oc version FIPS mode is enabled, but the required OpenSSL library is not available [root@rdr-swap-fips-syd05-bastion-0 ~]# oc debug node/syd05-master-0.rdr-swap-fips.ibm.com FIPS mode is enabled, but the required OpenSSL library is not available [root@rdr-swap-fips-syd05-bastion-0 ~]# fips-mode-setup --check FIPS mode is enabled.
Expected results:
# oc debug node/syd05-master-0.rdr-swap-fips1.ibm.com Temporary namespace openshift-debug-dns7d is created for debugging node... Starting pod/syd05-master-0rdr-swap-fips1ibmcom-debug-hs4dr ... To use host binaries, run `chroot /host` Pod IP: 193.168.200.9
Additional info:
Not able to collect must gather logs due to the issue links - https://access.redhat.com/solutions/7034387
Attachments
Issue Links
- causes
-
RHOAIENG-4350 In workbench the oc CLI tool cannot be used on FIPS enabled cluster
- New
- is cloned by
-
OCPBUGS-23549 Unable to run ccoctl commands on RHEL9 Host with FIPS enabled OCP cluster
- New
-
OCPBUGS-23552 Unable to use openshift-install on RHEL9 Host with FIPS enabled OCP cluster on PowerVS (IBMCloud)
- Closed
-
OCPBUGS-23551 Unable to use opm on RHEL9 Host with FIPS enabled OCP cluster
- Closed
- is related to
-
OCPBUGS-25461 Implement multi-rhel artifact extraction
- Verified
- links to
-
RHEA-2024:0041 OpenShift Container Platform 4.16.z bug fix update