Loading...

XML

Word

Printable

Type: Bug
Resolution: Not a Bug
Priority: Critical
Fix Version/s: None
Affects Version/s: 4.16
Component/s: Installer / Agent based installation
Labels:
None

Severity:
Critical
Regression:
No
Release Blocker:
Rejected
Blocked:
False
Blocked Reason:

Hide

None

Show
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Description of problem:

    We were trying to use Agent Based Installer to provision an OCP cluster with 4.16.0-rc.0. And we notice that a new flag is introduced when generating the Agent ISO to skip the FIPS validation which is "OPENSHIFT_INSTALL_SKIP_HOSTCRYPT_VALIDATION". We tried this flag, but seems after successfully generating the Agent ISO and booted from the Agent ISO, the bootstrap process failued.

And this is the document we were trying to follow when using this flag:
- [OCPBUGS-15845] FIPS install should fail if installer is not FIPS capable - Red Hat Issue Tracker

Here is how we generated the Agent ISO
# export OPENSHIFT_INSTALL_SKIP_HOSTCRYPT_VALIDATION=true
# ./openshift-install-fips create cluster

Heer is the error we've noticed after booting from Agent ISO:
# openshift-install agent wait-for bootstrap-complete --dir manifest --log-level debug 

May 09 07:28:51 c3-esx02.rackd16.local service[6045]: time="2024-05-09T07:28:51Z" level=error msg="error 
running openshift-install create manifests, stdout: level=error msg=failed to fetch Master Machines: 
failed to load asset \"Install Config\": failed to create install config: invalid \"install-config.
yaml\" file: fips: Forbidden: target cluster is in FIPS mode, enable FIPS mode on the host\n" func="
github.com/openshift/assisted-service/internal/ignition.(*installerGenerator).runCreateCommand" file="
/src/internal/ignition/ignition.go:1697" cluster_id=24b30f76-1bf4-4e95-aba8-098501cd5f6d error="exit 
status 3" go-id=22542 request_id= 
May 09 07:28:51 c3-esx02.rackd16.local service[6045]: time="2024-05-09T07:28:51Z" level=error msg="
failed generating install config for cluster 24b30f76-1bf4-4e95-aba8-098501cd5f6d" func="github.com
/openshift/assisted-service/internal/bminventory.(*bareMetalInventory).generateClusterInstallConfig" 
file="/src/internal/bminventory/inventory.go:1758" cluster_id=24b30f76-1bf4-4e95-aba8-098501cd5f6d 
error="error running openshift-install manifests, level=error msg=failed to fetch Master Machines: 
failed to load asset \"Install Config\": failed to create install config: invalid \"install-config.
yaml\" file: fips: Forbidden: target cluster is in FIPS mode, enable FIPS mode on the host\n: exit 
status 3" go-id=22542 pkg=Inventory request_id=
May 09 07:28:51 c3-esx02.rackd16.local service[6045]: time="2024-05-09T07:28:51Z" level=warning msg="
Cluster installation initialization failed" func="github.com/openshift/assisted-service/internal
/bminventory.(*bareMetalInventory).InstallClusterInternal.func3.1" file="/src/internal/bminventory
/inventory.go:1377" cluster_id=24b30f76-1bf4-4e95-aba8-098501cd5f6d error="failed generating install 
config for cluster 24b30f76-1bf4-4e95-aba8-098501cd5f6d: error running openshift-install manifests, 
level=error msg=failed to fetch Master Machines: failed to load asset \"Install Config\": failed to 
create install config: invalid \"install-config.yaml\" file: fips: Forbidden: target cluster is in FIPS 
mode, enable FIPS mode on the host\n: exit status 3" go-id=21309 pkg=Inventory request_id=3bc56967-11b3-
44b6-9a4c-c2bb4894147c
May 09 07:28:51 c3-esx02.rackd16.local service[6045]: time="2024-05-09T07:28:51Z" level=warning msg="
Failed to prepare installation of cluster 24b30f76-1bf4-4e95-aba8-098501cd5f6d" func="github.com
/openshift/assisted-service/internal/cluster.(*Manager).HandlePreInstallError" file="/src/internal
/cluster/cluster.go:981" cluster_id=24b30f76-1bf4-4e95-aba8-098501cd5f6d error="failed generating 
install config for cluster 24b30f76-1bf4-4e95-aba8-098501cd5f6d: error running openshift-install 
manifests, level=error msg=failed to fetch Master Machines: failed to load asset \"Install Config\": 
failed to create install config: invalid \"install-config.yaml\" file: fips: Forbidden: target cluster 
is in FIPS mode, enable FIPS mode on the host\n: exit status 3" go-id=22542 pkg=cluster-state request_id=
May 09 07:28:51 c3-esx02.rackd16.local service[6045]: time="2024-05-09T07:28:51Z" level=info msg="
Successfully handled pre-installation error, cluster 24b30f76-1bf4-4e95-aba8-098501cd5f6d" func="github.
com/openshift/assisted-service/internal/cluster.(*Manager).HandlePreInstallError" file="/src/internal
/cluster/cluster.go:991" cluster_id=24b30f76-1bf4-4e95-aba8-098501cd5f6d go-id=22542 pkg=cluster-state 
request_id=
May 09 07:28:56 c3-esx02.rackd16.local start-cluster-installation.sh[7165]: Cluster status: preparingfor-installation

Version-Release number of selected component (if applicable):

How reproducible:

    Always

Steps to Reproduce:

    1. Generate Agent ISO with OPENSHIFT_INSTALL_SKIP_HOSTCRYPT_VALIDATION to be true     
    2. Boot the node from Agent ISO and then we'll notice this error

Actual results:

    Cluster Provisioning Failure

Expected results:

    Cluster Provisioning Successful

Additional info:

Assignee:: Zane Bitter

Reporter:: xueqiang zhou

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2024/05/17 2:08 AM

Updated:: 2024/05/22 4:00 AM

Resolved:: 2024/05/22 4:00 AM

Details

Description

Attachments

Activity

People

Dates