Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-39468

[OCP 4.16] Need HTTPS support for TransferProtocolTypes in Redfish APIs

XMLWordPrintable

    • Important
    • No
    • 1
    • Metal Platform 259
    • 1
    • Rejected
    • False
    • Hide

      None

      Show
      None
    • Hide
      The user can now enable TLS for communication between ironic and the BMC in the bootstrap phase of the install process, by adding 'disableVirtualMediaTLS: false' to the Provisioning CR file created on disk by the installer. This file is created as a result of the 'openshift-install ... create manifests' command.
      This is useful in case of Redfish-compliant hardware that does not support HTTP, and requires HTTPS.
      Show
      The user can now enable TLS for communication between ironic and the BMC in the bootstrap phase of the install process, by adding 'disableVirtualMediaTLS: false' to the Provisioning CR file created on disk by the installer. This file is created as a result of the 'openshift-install ... create manifests' command. This is useful in case of Redfish-compliant hardware that does not support HTTP, and requires HTTPS.
    • Enhancement
    • In Progress

      This is a clone of issue OCPBUGS-39467. The following is the description of the original issue:

      Description of problem:

      Hi team,
      
      The customer is performing RHOCP IPI testing for H/W certification and is referencing this document: https://docs.openshift.com/container-platform/4.15/installing/installing_bare_metal_ipi/ipi-install-installation-workflow.html#bmc-addressing_ipi-install-installation-workflow
      
      The issue occurred during the IPI installation. The redfish ISO mount point shows it only supports HTTP, as per the error message below. However, the official document mentioned that both HTTP and HTTPS are supported parameter types for TransferProtocolTypes. 
      
      
      ~~~
      VirtualMedia.InsertMedia BEF (/redfish/v1/Managers/Self/VirtualMedia/CD1/Actions/VirtualMedia.InsertMedia)
      ===============================================
      {"error":"@Message.ExtendedInfo": 
      "@odata.type":"#Message.v1_0_8.Message", "Message":"The value 'HTTP' for the property TransferProtocolType is not in the list of acceptable values.", "MessageArgs": ["HTTP", "TransferProtocolType"], "MessageId":"Base.1.12.PropertyValueNotInList", "RelatedProperties":["/TransferProtocolType"], "Resolution": "Choose a value from the enumeration list that the implementation can support and resubmit the request if the operation failed.", "Severity": "Warning"},"code":"Base.1.12.PropertyValueNotInList", "message":"The value 'HTTP' for the property TransferProtocolType is not in the list of acceptable values."}
      ~~~
      
      
      Could you please confirm if we currently support HTTPS?
      
      
      ***Business impact:
      
      We have business visibility on current telco project, the customer needs passed the IPI testing for H/W certification.
      
      The problem is the customer's BMC currently only supports HTTPS mounting per the AMI code-base requirement.
      
      ACM/ZTP based installation on the fleet of 1000s of these servers. Support for https will be great. 
      
      
      
      Please help to check HTTPS support plan. Any recommendation would be appreciated! 

      Version-Release number of selected component (if applicable):

          

      How reproducible:

      Follow the document steps.  https://docs.openshift.com/container-platform/4.15/installing/installing_bare_metal_ipi/ipi-install-overview.html    

      Steps to Reproduce:

      The installation steps we follow are baed on Overview - Deploying installer-provisioned clusters on bare metal | Installing | OpenShift Container Platform 4.14
      
      
      The DNS and DHCP are setup for provisioning but not disconnected registry.  We failed at the following command:./openshift-baremetal-install --dir ~/clusterconfigs --log-level debug create cluster
      
      
      The console log :
      ~~~
      ERROR Error: could not inspect: inspect failed , last error was 'Failed to inspect hardware. Reason: unable to start inspection: ('All virtual media mount attempts failed. Most recent error: ', ('Inserting virtual media into %(boot_device)s failed for node %(node)s, moving to next virtual media device, if available', {'node': '861f2cf6-3638-43c3-aa51-f1a2dee43c93', 'boot_device': <VirtualMediaType.CD: 'CD'>}))'
      ERROR
      ERROR   with ironic_node_v1.openshift-master-host[0],
      ERROR   on main.tf line 13, in resource "ironic_node_v1" "openshift-master-host":
      ERROR   13: resource "ironic_node_v1" "openshift-master-host" {
      ERROR
      ERROR failed to fetch Cluster: failed to generate asset "Cluster": failure applying terraform for "masters" stage: failed to create cluster: failed to apply Terraform: exit status 1
      ~~~
      
      
      Part of the ironic.service log in bootstrap node:
      
      Jun 28 03:33:44 localhost.localdomain ironic[7091]: 2024-06-28 03:33:44.019 1 DEBUG sushy.exceptions [None req-922eeb65-bb47-44e5-9aed-0a86779b77b6 - - - - - -] HTTP response for POST https://10.102.13.230:443/redfish/v1/Managers/Self/VirtualMedia/CD1/Actions/VirtualMedia.InsertMedia: status code: 400, error: Base.1.5.PropertyValueNotInList: The value HTTP for the property TransferProtocolType is not in the list of acceptable values., extended: [{'@odata.type': '#Message.v1_0_8.Message', 'Message': 'The value HTTP for the property TransferProtocolType is not in the list of acceptable values.', 'MessageArgs': ['HTTP', 'TransferProtocolType'], 'MessageId': 'Base.1.5.PropertyValueNotInList', 'RelatedProperties': ['#/TransferProtocolType'], 'Resolution': 'Choose a value from the enumeration list that the implementation can support and resubmit the request if the operation failed.', 'Severity': 'Warning'}] __init__ /usr/lib/python3.9/site-packages/sushy/exceptions.py:122
      Jun 28 03:33:44 localhost.localdomain ironic[7091]: 2024-06-28 03:33:44.020 1 WARNING ironic.drivers.modules.redfish.boot [None req-922eeb65-bb47-44e5-9aed-0a86779b77b6 - - - - - -] ('Inserting virtual media into %(boot_device)s failed for node %(node)s, moving to next virtual media device, if available', {'node': '861f2cf6-3638-43c3-aa51-f1a2dee43c93', 'boot_device': <VirtualMediaType.CD: 'CD'>}): sushy.exceptions.BadRequestError: HTTP POST https://10.102.13.230:443/redfish/v1/Managers/Self/VirtualMedia/CD1/Actions/VirtualMedia.InsertMedia returned code 400. Base.1.5.PropertyValueNotInList: The value HTTP for the property TransferProtocolType is not in the list of acceptable values. Extended information: [{'@odata.type': '#Message.v1_0_8.Message', 'Message': 'The value HTTP for the property TransferProtocolType is not in the list of acceptable values.', 'MessageArgs': ['HTTP', 'TransferProtocolType'], 'MessageId': 'Base.1.5.PropertyValueNotInList', 'RelatedProperties': ['#/TransferProtocolType'], 'Resolution': 'Choose a value from the enumeration list that the implementation can support and resubmit the request if the operation failed.', 'Severity': 'Warning'}]
      Jun 28 03:33:44 localhost.localdomain ironic[7091]: 2024-06-28 03:33:44.024 1 ERROR ironic.drivers.modules.inspector.interface [None req-922eeb65-bb47-44e5-9aed-0a86779b77b6 - - - - - -] Unable to start managed inspection for node 861f2cf6-3638-43c3-aa51-f1a2dee43c93: ('All virtual media mount attempts failed. Most recent error: ', ('Inserting virtual media into %(boot_device)s failed for node %(node)s, moving to next virtual media device, if available', {'node': '861f2cf6-3638-43c3-aa51-f1a2dee43c93', 'boot_device': <VirtualMediaType.CD: 'CD'>})): ironic.common.exception.InvalidParameterValue: ('All virtual media mount attempts failed. Most recent error: ', ('Inserting virtual media into %(boot_device)s failed for node %(node)s, moving to next virtual media device, if available', {'node': '861f2cf6-3638-43c3-aa51-f1a2dee43c93', 'boot_device': <VirtualMediaType.CD: 'CD'>}))

      Actual results:

      HTTPS is not supported.
      

      Expected results:

      Per the doc mentioned, HTTPS should be supported.

      Additional info:

      Also raised the bug ticket for document check: https://issues.redhat.com/browse/OCPBUGS-36280

            rh-ee-masghar Mahnoor Asghar
            openshift-crt-jira-prow OpenShift Prow Bot
            Jad Haj Yahya Jad Haj Yahya
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: