Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Normal
Fix Version/s: 4.20.0
Affects Version/s: 4.18.0, 4.19
Component/s: Installer / Agent based installation
Labels:
- triaged

Activity Type:
Quality / Stability / Reliability
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
None
Severity:
Moderate
Regression:
None

Target Backport Versions:

4.18.z, 4.19.z
Target Version:

4.20.0
Release Blocker:
None
Sprint:
Agent Sprint 271, Agent Sprint 272
sprint_count:
2

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Impact Score:

Release Note Status:
Done
Release Note Type:
Bug Fix
Release Note Text:

Hide
* Before this update, when you use the Agent-based Installer, setting the `additionalTrustBundlePolicy` field would have no effect. As a consequence, other overrides such the `fips` parameter were ignored. With this update, the `additionalTrustBundlePolicy` parameter is correctly imported and other overrides are not ignored. (link:https://issues.redhat.com/browse/OCPBUGS-56596[OCPBUGS-56596])

Show
* Before this update, when you use the Agent-based Installer, setting the `additionalTrustBundlePolicy` field would have no effect. As a consequence, other overrides such the `fips` parameter were ignored. With this update, the `additionalTrustBundlePolicy` parameter is correctly imported and other overrides are not ignored. (link: https://issues.redhat.com/browse/OCPBUGS-56596 [ OCPBUGS-56596 ])

Escape Reason:
None
Escape Impact:
None
Corrective Measures:
None
SDLC stage when should've been found:
None

When using the agent-based installer, setting the additionalTrustBundlePolicy field is not taking effect. The reason for this is that assisted-service does not import the InstallConfig struct from the installer, but instead has its own independent copy in which this field is missing. Therefore the install-config-overrides cannot be applied.

This should be validated at the time the install-config-overrides are applied (and the code appears to do so), but for unknown reasons the overrides are being silently ignored.

A side-effect of this is that any other install-config-overrides are also silently ignored when the additionalTrustBundlePolicy is set to a non-default value. This can be observed e.g. by setting fips: true at the same time - the resulting cluster will not have FIPS enabled.

We need to both fix the validation (since users could manually edit the install-config-overrides annotation to add invalid fields) and populate additionalTrustBundlePolicy in assisted-service's copy of the InstallConfig type.

blocks

OCPBUGS-57208 AdditionalTrustBundlePolicy still cannot be set in ABI

Closed

is caused by

OCPBUGS-42670 AdditionalTrustBundlePolicy in install-config.yaml should be used

Closed

is cloned by

OCPBUGS-57208 AdditionalTrustBundlePolicy still cannot be set in ABI

Closed

split to

OCPBUGS-56913 ABI failures after cluster is registered are ignored

ASSIGNED

links to

openshift/assisted-service#7703: OCPBUGS-56596: Include AdditionalTrustBundlePolicy in installConfig

mentioned on

Merge request - Updated US source to: 52692a1 OCPBUGS-56596: Include AdditionalTrustBundlePolicy in installConfig (#7703)

(1 mentioned on)

Assignee:: Robert Fournier

Reporter:: Zane Bitter

Need Info From:: None

Contributors:: None

QA Contact:: zhenying niu

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Created:: 2025/05/21 11:09 PM

Updated:: 2025/10/17 12:51 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates