-
Bug
-
Resolution: Not a Bug
-
Major
-
None
-
4.14.z
-
Important
-
No
-
False
-
Description of problem:
Version-Release number of selected component (if applicable):
Cluster upgrade from 4.14.18 to 4.15.5 is stuck due to image registry operator OPENSSL error. This is FIPS enabled cluster. ###Operator pod logs Duration: RequestError: send request failed 2024-04-09T23:09:20.919261912Z caused by: Head "https://s3-xxx.xxx.com:9021/xxxxximage-registry": 2024-04-09T23:09:20.919261912Z EVP_PKEY_decrypt/encrypt failed 2024-04-09T23:09:20.919261912Z openssl error(s): 2024-04-09T23:09:20.919261912Z file: providers/implementations/asymciphers/rsa_enc.c 2024-04-09T23:09:20.919261912Z line: 166 2024-04-09T23:09:20.919261912Z function: rsa_encrypt 2024-04-09T23:09:20.919261912Z flags: 0 2024-04-09T23:09:20.919261912Z error string: error:1C8000A5:Provider routines::illegal or unsupported padding mode The openssl version used by the image which the operator is using. $ rpm -qa openssl* openssl-libs-3.0.7-18.el9_2.x86_64 openssl-3.0.7-18.el9_2.x86_64
How reproducible:
Try to upgrade FIPS enabled cluster from 4.14.18 to 4.15.5.
Steps to Reproduce:
1. Upgrade the cluster from 4.14 to 4.15 with FIPS enabled
2. Check the version of Openssl - openssl-3.0.7-18.el9_2.x86_64
Actual results:
Cluster upgrade was blocked due to image-registry operator stuck in Progressing State
Expected results:
Cluster should be able to upgrade from 4.14 to 4.15
Additional info:
- is blocked by
-
IR-469 Impact Cluster upgrade is stuck due to image registry operator OPENSSL error
-
- Closed
-
