Bug 1959920
| Summary: | UEFISecureBoot set not on the right master node | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Lubov <lshilin> | ||||||||
| Component: | Installer | Assignee: | Iury Gregory Melo Ferreira <imelofer> | ||||||||
| Installer sub component: | openshift-installer | QA Contact: | Lubov <lshilin> | ||||||||
| Status: | CLOSED ERRATA | Docs Contact: | |||||||||
| Severity: | medium | ||||||||||
| Priority: | medium | CC: | imelofer, stbenjam | ||||||||
| Version: | 4.8 | Keywords: | Triaged | ||||||||
| Target Milestone: | --- | ||||||||||
| Target Release: | 4.8.0 | ||||||||||
| Hardware: | Unspecified | ||||||||||
| OS: | Unspecified | ||||||||||
| Whiteboard: | |||||||||||
| Fixed In Version: | Doc Type: | No Doc Update | |||||||||
| Doc Text: | Story Points: | --- | |||||||||
| Clone Of: | Environment: | ||||||||||
| Last Closed: | 2021-07-27 23:08:19 UTC | Type: | Bug | ||||||||
| Regression: | --- | Mount Type: | --- | ||||||||
| Documentation: | --- | CRM: | |||||||||
| Verified Versions: | Category: | --- | |||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||
| Embargoed: | |||||||||||
| Attachments: |
|
||||||||||
|
Description
Lubov
2021-05-12 15:57:15 UTC
Created attachment 1782459 [details]
install-config.yaml
The only thing I can think about that could lead to this situation is that the list with maps with the instance_info that is used doesn't keep the order Created attachment 1782768 [details]
manifests
In the manifests directory, the terraform.tfstate correctly shows openshift-master-0 is the only one with the secure boot settings. The first log in comment #0 is for master #0, and it shows it has the correct settings. The second log in comment #0 from conductor shows that master-2 doesn't have secureboot in the capabilities section: 'properties': {'capabilities': 'boot_mode:uefi,cpu_vt:true,cpu_aes:true,cpu_hugepages:true,cpu_hugepages_1g:true,cpu_txt:true', The only reference to secure boot in that second log is a separate `capabilities': {'secure_boot': 'true'}`. I am not sure where it's coming from but it isn't terraform AFAICT. Looking at terraform.tfstate I don't see the "instance_info" with "capabilities": "secure_boot:true" (Lines 299 325 351)
I would expect Line 299 (since is "index_key": 0 to have something like:
"instance_info": {
"image_checksum": "http://10.46.29.199:80/images/rhcos-48.84.202104271417-0-openstack.x86_64.qcow2/cached-rhcos-48.84.202104271417-0-openstack.x86_64.qcow2.md5sum",
"image_source": "http://10.46.29.199:80/images/rhcos-48.84.202104271417-0-openstack.x86_64.qcow2/cached-rhcos-48.84.202104271417-0-openstack.x86_64.qcow2",
"capabilities": "secure_boot:true"
},
terraform.baremetal.auto.tfvars.json seems to have things in the right order (master-0 would end up with secure_boot: true in instance_info/capabilities (but it didn't, only in properties the value is present) Please keep in mind these files have two different purposes. terraform.baremetal.auto.tfvars.json is what the installer sends as the values of variables to terraform. terraform.tfstate is the state of terraform after it's run. > terraform.baremetal.auto.tfvars.json seems to have things in the right order (master-0 would end up with secure_boot: true in instance_info/capabilities (but it didn't, only in properties the value is present) I don't see this. In tfvars capabitilies set in instance_infos[0] (i.e. master-0): "instance_infos": [ { "capabilities": "secure_boot:true", "image_checksum": "http://10.46.29.199:80/images/rhcos-48.84.202104271417-0-openstack.x86_64.qcow2/cached-rhcos-48.84.202104271417-0-openstack.x86_64.qcow2.md5sum", "image_source": "http://10.46.29.199:80/images/rhcos-48.84.202104271417-0-openstack.x86_64.qcow2/cached-rhcos-48.84.202104271417-0-openstack.x86_64.qcow2" }, Then in tfstate, I see properties has capabilities set: "properties": { "capabilities": "boot_mode:uefi,secure_boot:true,cpu_vt:true,cpu_aes:true,cpu_hugepages:true,cpu_hugepages_1g:true,cpu_txt:true"} Instance info is not present in tfstate as you remove it: https://github.com/openshift-metal3/terraform-provider-ironic/commit/edfa8be1c9ede51b205230123f15ef0afaff780f#diff-1eb399fd0f2c2f90b6c4d903f9ac21375437e09a73e010fb72341542e2384a1eR110 I don't know what Ironic is expecting, but everything on the installer/terraform side seems to be transforming and sending the data it was asked to. Ironic would expect that master-0 has the "properties" like you mentioned and the instance_info field with "capabilities"" {"secure_boot":"true"} (This information is missing, but it's present in the master-2 instance_info).
From the ironic-conductor in the boostrap:
master-0 receives an update with
'instance_info': {'image_checksum': 'http://10.46.29.199:80/images/rhcos-48.84.202104271417-0-openstack.x86_64.qcow2/cached-rhcos-48.84.202104271417-0-openstack.x86_64.qcow2.md5sum', 'image_source': 'http://10.46.29.199:80/images/rhcos-48.84.202104271417-0-openstack.x86_64.qcow2/cached-rhcos-48.84.202104271417-0-openstack.x86_64.qcow2'}
2021-05-13 12:45:01.851 1 DEBUG ironic_lib.json_rpc.server [req-ad771de0-1685-428e-93c2-751a742b9b65 bootstrap-user - - - -] RPC update_node with {'node_obj': {'ironic_object.name': 'Node', 'ironic_object.namespace': 'ironic', 'ironic_object.version': '1.35', 'ironic_object.data': {'id': 3, 'uuid': '8cded29d-2a34-460c-a61e-f733b9b06650', 'name': 'openshift-master-0', 'chassis_id': None, 'instance_uuid': '4cd20209-9a31-4068-84ff-9bd19f3dfa62', 'driver': 'redfish', 'driver_info': {'deploy_kernel': 'http://10.46.29.199:80/images/ironic-python-agent.kernel', 'deploy_ramdisk': 'http://10.46.29.199:80/images/ironic-python-agent.initramfs', 'redfish_address': 'https://10.46.61.16', 'redfish_password': '***', 'redfish_system_id': '/redfish/v1/Systems/1', 'redfish_username': 'admin', 'redfish_verify_ca': 'false'}, 'driver_internal_info': {'agent_secret_token': '***', 'agent_secret_token_pregenerated': '***', 'last_power_state_change': '2021-05-13T12:36:02.937411', 'agent_url': 'https://10.46.29.129:9999', 'agent_version': '7.0.1.dev5', 'agent_last_heartbeat': '2021-05-13T12:44:54.788726', 'agent_verify_ca': '/var/lib/ironic/certificates/8cded29d-2a34-460c-a61e-f733b9b06650.crt', 'clean_steps': None, 'agent_erase_devices_iterations': 1, 'agent_erase_devices_zeroize': True, 'agent_continue_if_secure_erase_failed': False, 'agent_continue_if_ata_erase_failed': False, 'agent_enable_nvme_secure_erase': True, 'agent_enable_ata_secure_erase': True, 'disk_erasure_concurrency': 1, 'agent_erase_skip_read_only': False, 'hardware_manager_version': {'IntelCnaHardwareManager': '1.0', 'generic_hardware_manager': '1.1'}, 'agent_cached_clean_steps_refreshed': '2021-05-13 12:44:32.962377'}, 'clean_step': {}, 'deploy_step': {}, 'raid_config': {}, 'target_raid_config': {}, 'instance_info': {'image_checksum': 'http://10.46.29.199:80/images/rhcos-48.84.202104271417-0-openstack.x86_64.qcow2/cached-rhcos-48.84.202104271417-0-openstack.x86_64.qcow2.md5sum', 'image_source': 'http://10.46.29.199:80/images/rhcos-48.84.202104271417-0-openstack.x86_64.qcow2/cached-rhcos-48.84.202104271417-0-openstack.x86_64.qcow2'}, 'properties': {'capabilities': 'boot_mode:uefi,secure_boot:true,cpu_vt:true,cpu_aes:true,cpu_hugepages:true,cpu_hugepages_1g:true,cpu_txt:true', 'cpu_arch': 'x86_64', 'local_gb': '893', 'root_device': {'name': 's== /dev/sda'}, 'vendor': 'HPE', 'cpus': '64', 'memory_mb': '262144'}, 'reservation': None, 'conductor_affinity': None, 'conductor_group': '', 'power_state': 'power on', 'target_power_state': None, 'provision_state': 'available', 'provision_updated_at': '2021-05-13T12:44:59Z', 'target_provision_state': None, 'maintenance': False, 'maintenance_reason': None, 'fault': None, 'console_enabled': False, 'last_error': None, 'resource_class': 'baremetal', 'inspection_finished_at': None, 'inspection_started_at': '2021-05-13T12:35:43Z', 'extra': {}, 'automated_clean': None, 'protected': False, 'protected_reason': None, 'allocation_id': 1, 'bios_interface': 'redfish', 'boot_interface': 'redfish-virtual-media', 'console_interface': 'no-console', 'deploy_interface': 'direct', 'inspect_interface': 'inspector', 'management_interface': 'redfish', 'network_interface': 'noop', 'power_interface': 'redfish', 'raid_interface': 'no-raid', 'rescue_interface': 'no-rescue', 'storage_interface': 'noop', 'vendor_interface': 'no-vendor', 'traits': {'ironic_object.name': 'TraitList', 'ironic_object.namespace': 'ironic', 'ironic_object.version': '1.0', 'ironic_object.data': {'objects': []}}, 'owner': None, 'lessee': None, 'description': None, 'retired': False, 'retired_reason': None, 'network_data': {}, 'created_at': '2021-05-13T12:35:38Z', 'updated_at': '2021-05-13T12:44:59Z'}, 'ironic_object.changes': ['instance_info']}, 'reset_interfaces': None, 'context': {'user': 'bootstrap-user', 'tenant': None, 'system_scope': None, 'project': None, 'domain': None, 'user_domain': None, 'project_domain': None, 'is_admin': False, 'read_only': False, 'show_deleted': False, 'auth_token': '***', 'request_id': 'req-ad771de0-1685-428e-93c2-751a742b9b65', 'global_request_id': None, 'resource_uuid': None, 'roles': [], 'user_identity': 'bootstrap-user - - - -', 'is_admin_project': True}} _handle_requests /usr/lib/python3.6/site-packages/ironic_lib/json_rpc/server.py:279
And conductor confirms the update
2021-05-13 12:45:01.909 1 DEBUG ironic_lib.json_rpc.server [req-ad771de0-1685-428e-93c2-751a742b9b65 bootstrap-user - - - -] RPC update_node returned {'ironic_object.name': 'Node', 'ironic_object.namespace': 'ironic', 'ironic_object.version': '1.35', 'ironic_object.data': {'id': 3, 'uuid': '8cded29d-2a34-460c-a61e-f733b9b06650', 'name': 'openshift-master-0', 'chassis_id': None, 'instance_uuid': '4cd20209-9a31-4068-84ff-9bd19f3dfa62', 'driver': 'redfish', 'driver_info': {'deploy_kernel': 'http://10.46.29.199:80/images/ironic-python-agent.kernel', 'deploy_ramdisk': 'http://10.46.29.199:80/images/ironic-python-agent.initramfs', 'redfish_address': 'https://10.46.61.16', 'redfish_password': '***', 'redfish_system_id': '/redfish/v1/Systems/1', 'redfish_username': 'admin', 'redfish_verify_ca': 'false'}, 'driver_internal_info': {'agent_secret_token': '***', 'agent_secret_token_pregenerated': '***', 'last_power_state_change': '2021-05-13T12:36:02.937411', 'agent_url': 'https://10.46.29.129:9999', 'agent_version': '7.0.1.dev5', 'agent_last_heartbeat': '2021-05-13T12:44:54.788726', 'agent_verify_ca': '/var/lib/ironic/certificates/8cded29d-2a34-460c-a61e-f733b9b06650.crt', 'clean_steps': None, 'agent_erase_devices_iterations': 1, 'agent_erase_devices_zeroize': True, 'agent_continue_if_secure_erase_failed': False, 'agent_continue_if_ata_erase_failed': False, 'agent_enable_nvme_secure_erase': True, 'agent_enable_ata_secure_erase': True, 'disk_erasure_concurrency': 1, 'agent_erase_skip_read_only': False, 'hardware_manager_version': {'IntelCnaHardwareManager': '1.0', 'generic_hardware_manager': '1.1'}, 'agent_cached_clean_steps_refreshed': '2021-05-13 12:44:32.962377'}, 'clean_step': {}, 'deploy_step': {}, 'raid_config': {}, 'target_raid_config': {}, 'instance_info': {'image_checksum': 'http://10.46.29.199:80/images/rhcos-48.84.202104271417-0-openstack.x86_64.qcow2/cached-rhcos-48.84.202104271417-0-openstack.x86_64.qcow2.md5sum', 'image_source': 'http://10.46.29.199:80/images/rhcos-48.84.202104271417-0-openstack.x86_64.qcow2/cached-rhcos-48.84.202104271417-0-openstack.x86_64.qcow2'}, 'properties': {'capabilities': 'boot_mode:uefi,secure_boot:true,cpu_vt:true,cpu_aes:true,cpu_hugepages:true,cpu_hugepages_1g:true,cpu_txt:true', 'cpu_arch': 'x86_64', 'local_gb': '893', 'root_device': {'name': 's== /dev/sda'}, 'vendor': 'HPE', 'cpus': '64', 'memory_mb': '262144'}, 'reservation': '10.46.29.179', 'conductor_affinity': None, 'conductor_group': '', 'power_state': 'power on', 'target_power_state': None, 'provision_state': 'available', 'provision_updated_at': '2021-05-13T12:44:59Z', 'target_provision_state': None, 'maintenance': False, 'maintenance_reason': None, 'fault': None, 'console_enabled': False, 'last_error': None, 'resource_class': 'baremetal', 'inspection_finished_at': None, 'inspection_started_at': '2021-05-13T12:35:43Z', 'extra': {}, 'automated_clean': None, 'protected': False, 'protected_reason': None, 'allocation_id': 1, 'bios_interface': 'redfish', 'boot_interface': 'redfish-virtual-media', 'console_interface': 'no-console', 'deploy_interface': 'direct', 'inspect_interface': 'inspector', 'management_interface': 'redfish', 'network_interface': 'noop', 'power_interface': 'redfish', 'raid_interface': 'no-raid', 'rescue_interface': 'no-rescue', 'storage_interface': 'noop', 'vendor_interface': 'no-vendor', 'traits': {'ironic_object.name': 'TraitList', 'ironic_object.namespace': 'ironic', 'ironic_object.version': '1.0', 'ironic_object.data': {'objects': []}}, 'owner': None, 'lessee': None, 'description': None, 'retired': False, 'retired_reason': None, 'network_data': {}, 'created_at': '2021-05-13T12:35:38Z', 'updated_at': '2021-05-13T12:45:01Z'}} _handle_requests /usr/lib/python3.6/site-packages/ironic_lib/json_rpc/server.py:294
master-2 receives the update with
'instance_info': {'image_checksum': 'http://10.46.29.199:80/images/rhcos-48.84.202104271417-0-openstack.x86_64.qcow2/cached-rhcos-48.84.202104271417-0-openstack.x86_64.qcow2.md5sum', 'image_source': 'http://10.46.29.199:80/images/rhcos-48.84.202104271417-0-openstack.x86_64.qcow2/cached-rhcos-48.84.202104271417-0-openstack.x86_64.qcow2', 'capabilities': {'secure_boot': 'true'}}
2021-05-13 12:45:01.949 1 DEBUG ironic_lib.json_rpc.server [req-ffe82a2f-a8e4-4559-945b-a8688e7a9963 bootstrap-user - - - -] RPC update_node with {'node_obj': {'ironic_object.name': 'Node', 'ironic_object.namespace': 'ironic', 'ironic_object.version': '1.35', 'ironic_object.data': {'id': 2, 'uuid': '56610aa1-a6e9-4b34-8964-4d6d3bad3438', 'name': 'openshift-master-2', 'chassis_id': None, 'instance_uuid': '7b4f32ae-0ad5-4e7f-b517-398c3241a922', 'driver': 'redfish', 'driver_info': {'deploy_kernel': 'http://10.46.29.199:80/images/ironic-python-agent.kernel', 'deploy_ramdisk': 'http://10.46.29.199:80/images/ironic-python-agent.initramfs', 'redfish_address': 'https://10.46.61.18', 'redfish_password': '***', 'redfish_system_id': '/redfish/v1/Systems/1', 'redfish_username': 'admin', 'redfish_verify_ca': 'false'}, 'driver_internal_info': {'agent_secret_token': '***', 'agent_secret_token_pregenerated': '***', 'last_power_state_change': '2021-05-13T12:36:00.919689', 'agent_url': 'https://10.46.29.131:9999', 'agent_version': '7.0.1.dev5', 'agent_last_heartbeat': '2021-05-13T12:44:57.467642', 'agent_verify_ca': '/var/lib/ironic/certificates/56610aa1-a6e9-4b34-8964-4d6d3bad3438.crt', 'clean_steps': None, 'agent_erase_devices_iterations': 1, 'agent_erase_devices_zeroize': True, 'agent_continue_if_secure_erase_failed': False, 'agent_continue_if_ata_erase_failed': False, 'agent_enable_nvme_secure_erase': True, 'agent_enable_ata_secure_erase': True, 'disk_erasure_concurrency': 1, 'agent_erase_skip_read_only': False, 'hardware_manager_version': {'IntelCnaHardwareManager': '1.0', 'generic_hardware_manager': '1.1'}, 'agent_cached_clean_steps_refreshed': '2021-05-13 12:43:33.879009'}, 'clean_step': {}, 'deploy_step': {}, 'raid_config': {}, 'target_raid_config': {}, 'instance_info': {'image_checksum': 'http://10.46.29.199:80/images/rhcos-48.84.202104271417-0-openstack.x86_64.qcow2/cached-rhcos-48.84.202104271417-0-openstack.x86_64.qcow2.md5sum', 'image_source': 'http://10.46.29.199:80/images/rhcos-48.84.202104271417-0-openstack.x86_64.qcow2/cached-rhcos-48.84.202104271417-0-openstack.x86_64.qcow2', 'capabilities': {'secure_boot': 'true'}}, 'properties': {'capabilities': 'boot_mode:uefi,cpu_vt:true,cpu_aes:true,cpu_hugepages:true,cpu_hugepages_1g:true,cpu_txt:true', 'cpu_arch': 'x86_64', 'local_gb': '893', 'root_device': {'name': 's== /dev/sda'}, 'vendor': 'HPE', 'cpus': '64', 'memory_mb': '262144'}, 'reservation': None, 'conductor_affinity': None, 'conductor_group': '', 'power_state': 'power on', 'target_power_state': None, 'provision_state': 'available', 'provision_updated_at': '2021-05-13T12:43:59Z', 'target_provision_state': None, 'maintenance': False, 'maintenance_reason': None, 'fault': None, 'console_enabled': False, 'last_error': None, 'resource_class': 'baremetal', 'inspection_finished_at': None, 'inspection_started_at': '2021-05-13T12:35:43Z', 'extra': {}, 'automated_clean': None, 'protected': False, 'protected_reason': None, 'allocation_id': 2, 'bios_interface': 'redfish', 'boot_interface': 'redfish-virtual-media', 'console_interface': 'no-console', 'deploy_interface': 'direct', 'inspect_interface': 'inspector', 'management_interface': 'redfish', 'network_interface': 'noop', 'power_interface': 'redfish', 'raid_interface': 'no-raid', 'rescue_interface': 'no-rescue', 'storage_interface': 'noop', 'vendor_interface': 'no-vendor', 'traits': {'ironic_object.name': 'TraitList', 'ironic_object.namespace': 'ironic', 'ironic_object.version': '1.0', 'ironic_object.data': {'objects': []}}, 'owner': None, 'lessee': None, 'description': None, 'retired': False, 'retired_reason': None, 'network_data': {}, 'created_at': '2021-05-13T12:35:38Z', 'updated_at': '2021-05-13T12:45:01Z'}, 'ironic_object.changes': ['instance_info']}, 'reset_interfaces': None, 'context': {'user': 'bootstrap-user', 'tenant': None, 'system_scope': None, 'project': None, 'domain': None, 'user_domain': None, 'project_domain': None, 'is_admin': False, 'read_only': False, 'show_deleted': False, 'auth_token': '***', 'request_id': 'req-ffe82a2f-a8e4-4559-945b-a8688e7a9963', 'global_request_id': None, 'resource_uuid': None, 'roles': [], 'user_identity': 'bootstrap-user - - - -', 'is_admin_project': True}} _handle_requests /usr/lib/python3.6/site-packages/ironic_lib/json_rpc/server.py:279
master-2 is updated with the wrong information.
2021-05-13 12:45:02.016 1 DEBUG ironic_lib.json_rpc.server [req-ffe82a2f-a8e4-4559-945b-a8688e7a9963 bootstrap-user - - - -] RPC update_node returned {'ironic_object.name': 'Node', 'ironic_object.namespace': 'ironic', 'ironic_object.version': '1.35', 'ironic_object.data': {'id': 2, 'uuid': '56610aa1-a6e9-4b34-8964-4d6d3bad3438', 'name': 'openshift-master-2', 'chassis_id': None, 'instance_uuid': '7b4f32ae-0ad5-4e7f-b517-398c3241a922', 'driver': 'redfish', 'driver_info': {'deploy_kernel': 'http://10.46.29.199:80/images/ironic-python-agent.kernel', 'deploy_ramdisk': 'http://10.46.29.199:80/images/ironic-python-agent.initramfs', 'redfish_address': 'https://10.46.61.18', 'redfish_password': '***', 'redfish_system_id': '/redfish/v1/Systems/1', 'redfish_username': 'admin', 'redfish_verify_ca': 'false'}, 'driver_internal_info': {'agent_secret_token': '***', 'agent_secret_token_pregenerated': '***', 'last_power_state_change': '2021-05-13T12:36:00.919689', 'agent_url': 'https://10.46.29.131:9999', 'agent_version': '7.0.1.dev5', 'agent_last_heartbeat': '2021-05-13T12:44:57.467642', 'agent_verify_ca': '/var/lib/ironic/certificates/56610aa1-a6e9-4b34-8964-4d6d3bad3438.crt', 'clean_steps': None, 'agent_erase_devices_iterations': 1, 'agent_erase_devices_zeroize': True, 'agent_continue_if_secure_erase_failed': False, 'agent_continue_if_ata_erase_failed': False, 'agent_enable_nvme_secure_erase': True, 'agent_enable_ata_secure_erase': True, 'disk_erasure_concurrency': 1, 'agent_erase_skip_read_only': False, 'hardware_manager_version': {'IntelCnaHardwareManager': '1.0', 'generic_hardware_manager': '1.1'}, 'agent_cached_clean_steps_refreshed': '2021-05-13 12:43:33.879009'}, 'clean_step': {}, 'deploy_step': {}, 'raid_config': {}, 'target_raid_config': {}, 'instance_info': {'image_checksum': 'http://10.46.29.199:80/images/rhcos-48.84.202104271417-0-openstack.x86_64.qcow2/cached-rhcos-48.84.202104271417-0-openstack.x86_64.qcow2.md5sum', 'image_source': 'http://10.46.29.199:80/images/rhcos-48.84.202104271417-0-openstack.x86_64.qcow2/cached-rhcos-48.84.202104271417-0-openstack.x86_64.qcow2', 'capabilities': {'secure_boot': 'true'}}, 'properties': {'capabilities': 'boot_mode:uefi,cpu_vt:true,cpu_aes:true,cpu_hugepages:true,cpu_hugepages_1g:true,cpu_txt:true', 'cpu_arch': 'x86_64', 'local_gb': '893', 'root_device': {'name': 's== /dev/sda'}, 'vendor': 'HPE', 'cpus': '64', 'memory_mb': '262144'}, 'reservation': '10.46.29.179', 'conductor_affinity': None, 'conductor_group': '', 'power_state': 'power on', 'target_power_state': None, 'provision_state': 'available', 'provision_updated_at': '2021-05-13T12:43:59Z', 'target_provision_state': None, 'maintenance': False, 'maintenance_reason': None, 'fault': None, 'console_enabled': False, 'last_error': None, 'resource_class': 'baremetal', 'inspection_finished_at': None, 'inspection_started_at': '2021-05-13T12:35:43Z', 'extra': {}, 'automated_clean': None, 'protected': False, 'protected_reason': None, 'allocation_id': 2, 'bios_interface': 'redfish', 'boot_interface': 'redfish-virtual-media', 'console_interface': 'no-console', 'deploy_interface': 'direct', 'inspect_interface': 'inspector', 'management_interface': 'redfish', 'network_interface': 'noop', 'power_interface': 'redfish', 'raid_interface': 'no-raid', 'rescue_interface': 'no-rescue', 'storage_interface': 'noop', 'vendor_interface': 'no-vendor', 'traits': {'ironic_object.name': 'TraitList', 'ironic_object.namespace': 'ironic', 'ironic_object.version': '1.0', 'ironic_object.data': {'objects': []}}, 'owner': None, 'lessee': None, 'description': None, 'retired': False, 'retired_reason': None, 'network_data': {}, 'created_at': '2021-05-13T12:35:38Z', 'updated_at': '2021-05-13T12:45:01Z'}} _handle_requests /usr/lib/python3.6/site-packages/ironic_lib/json_rpc/server.py:294
Both have the correct properties but not instance_info.
Ok, I have a guess about what's happening -- we use an Ironic allocation: https://github.com/openshift/installer/blob/master/data/data/baremetal/masters/main.tf#L35 My guess is Ironic is allocating openshift-master-2 for our first allocation, but the allocation and deployment object get called master-0 and get master-0's information. Can you find in the Ironic logs the allocation request and if the first one we get back is indeed master-2? We probably need to set candidate notes here: https://github.com/openshift/installer/blob/master/data/data/baremetal/masters/main.tf#L35 to something like "candidate_nodes = [ironic_node_v1.openshift-master-host[count].id]" instead, so the only candidate for master-2 is master-2. Oh! That would explain (I totally forgot to check allocation, will do that and update the bz) Setting blocker+, since this would affect customers trying to deploy in a scenario where we have only one node with secure boot and the information will be set in a different node. Moving to Post, since can be related to the allocation Changed the Component to Installer (since the fix is in the installer repo) Since this is a non-standard scenario (only 1 master with secure boot) and it's a new feature in 4.8) we decided to lower the priority and not consider this a blocker. Verified on 4.8.0-0.nightly-2021-05-21-233425 - run twice: for both attempts the right master was set to SecureBoot Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2438 |