-
Task
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
None
-
False
-
-
False
-
-
Currently, we can install a FIPS cluster only on OpenStack via a provision-ocp. (alternatively, we can use ARO fips, but there is no latest OCP version)
When the FIPS checkbox is checked and AWS or Azure as a cloud is selected in the provision-ocp job, the installer container in the provision pod in the hive namespace OCP contains the following error
time="2025-11-13T09:26:39Z" level=error msg="failed to fetch Master Machines: failed to load asset \"Install Config\": failed to create install config: invalid \"install-config.yaml\" file: fips: Forbidden: target cluster is in FIPS mode, enable FIPS mode on the host" time="2025-11-13T09:26:40Z" level=error msg="error after waiting for command completion" error="exit status 3" installID=hl4pj78q time="2025-11-13T09:26:40Z" level=error msg="error generating installer assets" error="exit status 3" installID=hl4pj78q time="2025-11-13T09:26:40Z" level=info msg="reading installer log" installID=hl4pj78q time="2025-11-13T09:26:40Z" level=info msg="saving installer output" installID=hl4pj78q time="2025-11-13T09:26:40Z" level=debug msg="installer console log: level=warning msg=Found override for release image (quay.io/openshift-release-dev/ocp-release:4.20.2-multi). Release Image Architecture is unknown\nlevel=error msg=failed to fetch Master Machines: failed to load asset \"Install Config\": failed to create install config: invalid \"install-config.yaml\" file: fips: Forbidden: target cluster is in FIPS mode, enable FIPS mode on the host\n" installID=hl4pj78q
(so the installation failed after 2h)
Investigate the possibility of installing a FIPS cluster via Hive (provision-ocp job) on AWS/Azure services. If possible, adapt jobs or env if needed
AC:
- provision-ocp job is able to install a FIPS cluster on AWS or Azure cloud