Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Minor
Fix Version/s: None
Affects Version/s: 4.15.z, 4.17.0, 4.16.z
Component/s: RHCOS
Labels:
- osintegration

Severity:
Low
Regression:
No
Blocked:
False
Blocked Reason:

Hide

None

Show
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Description of problem:

FIPS enabled 4.17.0-0.nightly-2024-07-04-083810 x86_64 BareMetal cluster, "fips-mode-setup --is-enabled" returns empty result, also found the same issue on 4.15/4.16 with other IAAS

$ oc debug node/openshift-qe-013.arm.eng.rdu2.redhat.com
sh-5.1# chroot /host
sh-5.1# fips-mode-setup 
Check, enable, or disable the system FIPS mode.
usage: /usr/bin/fips-mode-setup --enable|--disable [--no-bootcfg]
usage: /usr/bin/fips-mode-setup --check
usage: /usr/bin/fips-mode-setup --is-enabled
sh-5.1# fips-mode-setup --check
FIPS mode is enabled.
sh-5.1# fips-mode-setup --is-enabled
no result

sh-5.1# cat /proc/sys/crypto/fips_enabled
1
sh-5.1# sysctl crypto.fips_enabled
crypto.fips_enabled = 1
sh-5.1#  update-crypto-policies --show
FIPS

other information

$ oc get node -o wide
NAME                                       STATUS   ROLES                  AGE     VERSION           INTERNAL-IP   EXTERNAL-IP   OS-IMAGE                                                KERNEL-VERSION                 CONTAINER-RUNTIME
openshift-qe-013.arm.eng.rdu2.redhat.com   Ready    control-plane,master   6h8m    v1.30.2+421e90e   10.1.235.25   <none>        Red Hat Enterprise Linux CoreOS 417.94.202407031602-0   5.14.0-427.24.1.el9_4.x86_64   cri-o://1.30.3-2.rhaos4.17.git8750e76.el9
openshift-qe-014.arm.eng.rdu2.redhat.com   Ready    control-plane,master   6h8m    v1.30.2+421e90e   10.1.235.26   <none>        Red Hat Enterprise Linux CoreOS 417.94.202407031602-0   5.14.0-427.24.1.el9_4.x86_64   cri-o://1.30.3-2.rhaos4.17.git8750e76.el9
openshift-qe-015.arm.eng.rdu2.redhat.com   Ready    control-plane,master   6h6m    v1.30.2+421e90e   10.1.235.27   <none>        Red Hat Enterprise Linux CoreOS 417.94.202407031602-0   5.14.0-427.24.1.el9_4.x86_64   cri-o://1.30.3-2.rhaos4.17.git8750e76.el9
openshift-qe-016.arm.eng.rdu2.redhat.com   Ready    worker                 5h19m   v1.30.2+421e90e   10.1.235.28   <none>        Red Hat Enterprise Linux CoreOS 417.94.202407031602-0   5.14.0-427.24.1.el9_4.x86_64   cri-o://1.30.3-2.rhaos4.17.git8750e76.el9
openshift-qe-023.arm.eng.rdu2.redhat.com   Ready    worker                 5h20m   v1.30.2+421e90e   10.1.235.29   <none>        Red Hat Enterprise Linux CoreOS 417.94.202407031602-0   5.14.0-427.24.1.el9_4.x86_64   cri-o://1.30.3-2.rhaos4.17.git8750e76.el9

$ oc get clusterversion
NAME      VERSION                              AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.17.0-0.nightly-2024-07-04-083810   True        False         168m    Cluster version is 4.17.0-0.nightly-2024-07-04-083810

$ oc get infrastructure/cluster -o jsonpath={.spec.platformSpec.type}
BareMetal

Version-Release number of selected component (if applicable):

4.17.0-0.nightly-2024-07-04-083810

How reproducible:

always

Steps to Reproduce:

1. check "fips-mode-setup --is-enabled" on FIPS enabled cluster

Actual results:

"fips-mode-setup --is-enabled" returns empty result

Expected results:

1 or enabled

Assignee:: Unassigned

Reporter:: Junqi Zhao

QA Contact:: Michael Nguyen

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2024/07/05 1:46 AM

Updated:: 2024/07/08 2:59 PM

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates