Bug 2055280

Summary: overcloud nodes kernel panic on introspection with FIPS enabled
Product: Red Hat OpenStack Reporter: Jeremy Agee <jagee>
Component: openstack-ironic-python-agent-builderAssignee: OSP Team <rhos-maint>
Status: CLOSED ERRATA QA Contact: nlevinki <nlevinki>
Severity: high Docs Contact:
Priority: high    
Version: 17.0 (Wallaby)CC: jkreger, sbaker
Target Milestone: betaKeywords: Triaged
Target Release: 17.0   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: openstack-ironic-python-agent-builder-2.7.1-0.20220224043445.e0b51e0.el8ost Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-09-21 12:18:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
console logs from ironic boots of one node none

Description Jeremy Agee 2022-02-16 15:05:37 UTC 
Created attachment 1861498 [details]
console logs from ironic boots of one node

Description of problem:
during the overcloud introspect phase each system will boot in ironic and kernel panic causing introspect to fail.  The agent.{kernel,ramdisk} are provided from rhosp-director-images-ipa-fips-x86_64.

Version-Release number of selected component (if applicable):
Red Hat OpenStack Platform release 17.0.0 Beta (Ussuri)
RHOS-17.0-RHEL-8-20220125.n.1

Red Hat Enterprise Linux release 8.4 (Ootpa)         
4.18.0-305.34.2.el8_4.x86_64

rhosp-director-images-uefi-fips-x86_64-17.0-20220124.1.el8ost.noarch
rhosp-director-images-ipa-fips-x86_64-17.0-20220124.1.el8ost.noarch

root@undercloud-0 httpboot]# ls -la /var/lib/ironic/httpboot/
total 858068
drwxr-sr-x.  3 42422 42422       138 Feb 15 13:06 .
drwxr-sr-x.  6 42422 42422        66 Feb 10 14:08 ..
-rwxr-xr-x.  1 root  42422  10034496 Feb 10 14:13 agent.kernel
-rw-r--r--.  1 root  42422 434291396 Feb 15 13:06 agent.ramdisk
-rw-r--r--.  1 root  42422 434321120 Feb 15 12:48 agent.ramdisk.backup
-rw-r--r--.  1 42422 42422       758 Feb 10 14:08 boot.ipxe
drwxr-sr-x. 18 root  42422       254 Feb 15 12:09 exploded_ramdisk
-rw-r--r--.  1 42422 42422       510 Feb 15 12:41 inspector.ipxe

How reproducible:
every time

Steps to Reproduce:
1.deploy the undercloud using fips images for the overcloud
2. run introspect

Actual results:
nodes kernel panic

Expected results:
overcloud nodes boot and are able to be inspected.

Additional info:
This looks to be caused by the urandom device being missing in the boot process.
Comment 3 Julia Kreger 2022-03-14 18:38:02 UTC 
Fix is in the downstream RPM build for ironic-python-agent-builder, Moving to modified state for QA.
Comment 10 errata-xmlrpc 2022-09-21 12:18:59 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Release of components for Red Hat OpenStack Platform 17.0 (Wallaby)), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2022:6543