Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-57306

AdditionalTrustBundlePolicy still cannot be set in ABI

XMLWordPrintable

    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • Moderate
    • None
    • None
    • Agent Sprint 272
    • 1
    • Done
    • Bug Fix
    • Hide
      * Previously, the agent-based installer ignored the custom `additionalTrustBundlePolicy` parameter because of a missing field in the `install-config.yaml` file. Consequently, cluster installations sometimes did not comply with specified settings due to ignored overrides. With this release, the `additionalTrustBundlePolicy` config overrides are now properly applied in the `install-config.yaml` file for the assisted-service. As a result, you can correctly set the `additionalTrustBundlePolicy` parameter, and other installation configuration overrides are correctly applied. (link:https://issues.redhat.com/browse/OCPBUGS-57306[OCPBUGS-57306])
      Show
      * Previously, the agent-based installer ignored the custom `additionalTrustBundlePolicy` parameter because of a missing field in the `install-config.yaml` file. Consequently, cluster installations sometimes did not comply with specified settings due to ignored overrides. With this release, the `additionalTrustBundlePolicy` config overrides are now properly applied in the `install-config.yaml` file for the assisted-service. As a result, you can correctly set the `additionalTrustBundlePolicy` parameter, and other installation configuration overrides are correctly applied. (link: https://issues.redhat.com/browse/OCPBUGS-57306 [ OCPBUGS-57306 ])
    • None
    • None
    • None
    • None

      This is a clone of issue OCPBUGS-57208. The following is the description of the original issue:

      This is a clone of issue OCPBUGS-56596. The following is the description of the original issue:

      When using the agent-based installer, setting the additionalTrustBundlePolicy field is not taking effect. The reason for this is that assisted-service does not import the InstallConfig struct from the installer, but instead has its own independent copy in which this field is missing. Therefore the install-config-overrides cannot be applied.

      This should be validated at the time the install-config-overrides are applied (and the code appears to do so), but for unknown reasons the overrides are being silently ignored.

      A side-effect of this is that any other install-config-overrides are also silently ignored when the additionalTrustBundlePolicy is set to a non-default value. This can be observed e.g. by setting fips: true at the same time - the resulting cluster will not have FIPS enabled.

      We need to both fix the validation (since users could manually edit the install-config-overrides annotation to add invalid fields) and populate additionalTrustBundlePolicy in assisted-service's copy of the InstallConfig type.

              bfournie@redhat.com Robert Fournier
              openshift-crt-jira-prow OpenShift Prow Bot
              None
              None
              zhenying niu zhenying niu
              None
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: