-
Bug
-
Resolution: Duplicate
-
Major
-
None
-
4.17
-
None
-
Critical
-
Yes
-
Proposed
-
False
-
Description of problem:
On FIPS cluster, cluster operator olm is not available, pod helm-provisioner and core are CrashLoopBackOff, error message is "FIPS mode is enabled, but the required OpenSSL backend is unavailable"
Version-Release number of selected component (if applicable):
4.17.0-0.nightly-2024-07-15-034821
How reproducible:
always
Steps to Reproduce:
1. setup FIPs cluster
2. check co olm status
zhaoxia@xzha-mac OCP-74923 % oc get co olm
NAME VERSION AVAILABLE PROGRESSING DEGRADED SINCE MESSAGE
olm 4.17.0-0.nightly-2024-07-15-034821 False True False 55m RukpakDeploymentCoreAvailable: Waiting for Deployment...
zhaoxia@xzha-mac OCP-74923 % oc get pod
NAME READY STATUS RESTARTS AGE
core-75c647476f-b65mr 1/2 CrashLoopBackOff 14 (112s ago) 49m
helm-provisioner-cd7b7d485-pff4k 1/2 CrashLoopBackOff 13 (2m56s ago) 46m
rukpak-webhooks-769c7c6cbf-fr8kk 1/1 Running 0 49m
zhaoxia@xzha-mac OCP-74923 % oc get pod helm-provisioner-cd7b7d485-pff4k -o yaml
apiVersion: v1
kind: Pod
metadata:
...
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2024-07-16T02:41:35Z"
status: "True"
type: PodReadyToStartContainers
- lastProbeTime: null
lastTransitionTime: "2024-07-16T02:41:32Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2024-07-16T02:41:32Z"
message: 'containers with unready status: [kube-rbac-proxy]'
reason: ContainersNotReady
status: "False"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2024-07-16T02:41:32Z"
message: 'containers with unready status: [kube-rbac-proxy]'
reason: ContainersNotReady
status: "False"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2024-07-16T02:41:32Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: cri-o://91ab20bc3676623a3bb69dc5823d22e8c151f5ca64750da9864ddbf1b0b725b8
image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:cc2e02535158da03168faa2808c5a12c0cd1593533382d1b29f4c5d6fcfc3602
imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:cc2e02535158da03168faa2808c5a12c0cd1593533382d1b29f4c5d6fcfc3602
lastState:
terminated:
containerID: cri-o://91ab20bc3676623a3bb69dc5823d22e8c151f5ca64750da9864ddbf1b0b725b8
exitCode: 1
finishedAt: "2024-07-16T03:22:55Z"
message: |
FIPS mode is enabled, but the required OpenSSL backend is unavailable
reason: Error
startedAt: "2024-07-16T03:22:55Z"
name: kube-rbac-proxy
ready: false
restartCount: 13
started: false
state:
waiting:
message: back-off 5m0s restarting failed container=kube-rbac-proxy pod=helm-provisioner-cd7b7d485-pff4k_openshift-rukpak(8562d54c-399e-4346-a70e-0aaa4e9c189c)
reason: CrashLoopBackOff
- containerID: cri-o://495820794a4762528e66161766ad03b73b62a55ea8919137c96fc4710c3c19cc
image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b9659fbcfe4bc4a61fa62f74fae3e56ddb4faabac6785b2a0bf23203352045e8
imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b9659fbcfe4bc4a61fa62f74fae3e56ddb4faabac6785b2a0bf23203352045e8
lastState: {}
name: manager
ready: true
restartCount: 0
started: true
zhaoxia@xzha-mac OCP-74923 % oc get pod core-75c647476f-b65mr -o yaml
apiVersion: v1
kind: Pod
metadata:
...
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2024-07-16T02:36:56Z"
status: "True"
type: PodReadyToStartContainers
- lastProbeTime: null
lastTransitionTime: "2024-07-16T02:36:15Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2024-07-16T02:36:15Z"
message: 'containers with unready status: [kube-rbac-proxy]'
reason: ContainersNotReady
status: "False"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2024-07-16T02:36:15Z"
message: 'containers with unready status: [kube-rbac-proxy]'
reason: ContainersNotReady
status: "False"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2024-07-16T02:36:14Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: cri-o://25dead058b74dc1914c59be083479344a8d2cb95f92f195a28fea9f4016097bf
image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:cc2e02535158da03168faa2808c5a12c0cd1593533382d1b29f4c5d6fcfc3602
imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:cc2e02535158da03168faa2808c5a12c0cd1593533382d1b29f4c5d6fcfc3602
lastState:
terminated:
containerID: cri-o://25dead058b74dc1914c59be083479344a8d2cb95f92f195a28fea9f4016097bf
exitCode: 1
finishedAt: "2024-07-16T03:23:59Z"
message: |
FIPS mode is enabled, but the required OpenSSL backend is unavailable
reason: Error
startedAt: "2024-07-16T03:23:59Z"
name: kube-rbac-proxy
ready: false
restartCount: 14
started: false
state:
waiting:
message: back-off 5m0s restarting failed container=kube-rbac-proxy pod=core-75c647476f-b65mr_openshift-rukpak(21facddb-5167-4c0e-8a6e-1caa9b74c6ba)
reason: CrashLoopBackOff
- containerID: cri-o://360207abeb47b40cb2d7ae0c4730d1c104f82d15e1e2f5bd72568daaa273ee5d
image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b9659fbcfe4bc4a61fa62f74fae3e56ddb4faabac6785b2a0bf23203352045e8
imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b9659fbcfe4bc4a61fa62f74fae3e56ddb4faabac6785b2a0bf23203352045e8
lastState: {}
name: manager
ready: true
restartCount: 0
started: true
state:
running:
startedAt: "2024-07-16T02:36:56Z"
Actual results:
olm is not available
Expected results:
olm is available
Additional info:
- is duplicated by
-
-
- Closed
-
