-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
4.13.0, 4.12.z
-
None
-
False
-
Description of problem:
OCP upgrade failes when FIPS is enabled, because VM's using multus are not evicting and blocking the upgrade. After the VM's cleaned up - the upgrade is successful.
Version-Release number of selected component (if applicable):
OCP version : 4.12.61 -> 4.13.46
CNV version: v4.12.13-12
How reproducible:
Always.
Steps to Reproduce:
1. Deploy 4.12 cluster with FIPS enabled.
2. Create VM's using multus.
3. Try to perform OCP upgrade to 4.13
4. Verify upgrade fails because VM's are not evicting.
Actual results:
OCP upgrade fails.
Expected results:
VM's evicting the OCP upgrade is successful.
Additional info:
The reason might be the CNI binary installed on th node do not correlate rhel8 vs rhel9.
Normal Scheduled 11m default-scheduler Successfully assigned test-upgrade-namespace/virt-launcher-manual-run-strategy-vm-1721761045-766074-mtzpg to cnv-qe-infra-33.cnvqe2.lab.eng.rdu2.redhat.com Normal SuccessfulAttachVolume 11m attachdetach-controller AttachVolume.Attach succeeded for volume "pvc-40e6777e-c4e1-4093-97fa-b4f099b5f737" Normal SuccessfulMountVolume 11m kubelet MapVolume.MapPodDevice succeeded for volume "pvc-40e6777e-c4e1-4093-97fa-b4f099b5f737" globalMapPath "/var/lib/kubelet/plugins/kubernetes.io/csi/volumeDevices/pvc-40e6777e-c4e1-4093-97fa-b4f099b5f737/dev" Normal SuccessfulMountVolume 11m kubelet MapVolume.MapPodDevice succeeded for volume "pvc-40e6777e-c4e1-4093-97fa-b4f099b5f737" volumeMapPath "/var/lib/kubelet/pods/c30bb668-80c4-44ab-ae3f-a011b5514fe2/volumeDevices/kubernetes.io~csi" Normal AddedInterface 11m multus Add eth0 [10.131.0.90/23] from ovn-kubernetes Warning FailedCreatePodSandBox 11m kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = failed to create pod network sandbox k8s_virt-launcher-manual-run-strategy-vm-1721761045-766074-mtzpg_test-upgrade-namespace_c30bb668-80c4-44ab-ae3f-a011b5514fe2_0(feac46480b5954a12c8ddcc016cd2d9f1a502e6a804aa0b3dd20dfbf2b73d65c): error adding pod test-upgrade-namespace_virt-launcher-manual-run-strategy-vm-1721761045-766074-mtzpg to CNI network "multus-cni-network": plugin type="multus" name="multus-cni-network" failed (add): [test-upgrade-namespace/virt-launcher-manual-run-strategy-vm-1721761045-766074-mtzpg/c30bb668-80c4-44ab-ae3f-a011b5514fe2:br1upgrade]: error adding container to network "br1upgrade": netplugin failed: "FIPS mode is enabled, but the required OpenSSL backend is unavailable\n" Normal AddedInterface 11m multus Add eth0 [10.131.0.90/23] from ovn-kubernetes Warning FailedCreatePodSandBox 11m kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = failed to create pod network sandbox k8s_virt-launcher-manual-run-strategy-vm-1721761045-766074-mtzpg_test-upgrade-namespace_c30bb668-80c4-44ab-ae3f-a011b5514fe2_0(138ae480fc8803acd02123b645f0abf6c897f08944237f0cdc67f5c94218ee01): error adding pod test-upgrade-namespace_virt-launcher-manual-run-strategy-vm-1721761045-766074-mtzpg to CNI network "multus-cni-network": plugin type="multus" name="multus-cni-network" failed (add): [test-upgrade-namespace/virt-launcher-manual-run-strategy-vm-1721761045-766074-mtzpg/c30bb668-80c4-44ab-ae3f-a011b5514fe2:br1upgrade]: error adding container to network "br1upgrade": netplugin failed: "FIPS mode is enabled, but the required OpenSSL backend is unavailable\n"
- links to
- mentioned on
