Bug 2099581

Summary: StorageClassClaim with encryption gets into Failed state
Product: [Red Hat Storage] Red Hat OpenShift Data Foundation Reporter: Filip Balák <fbalak>
Component: ocs-operatorAssignee: Pranshu Srivastava <prasriva>
Status: CLOSED ERRATA QA Contact: Filip Balák <fbalak>
Severity: high Docs Contact:
Priority: unspecified    
Version: 4.11CC: aeyal, ebenahar, jijoy, madam, mrajanna, muagarwa, nberry, ocs-bugs, odf-bz-bot, prasriva, sostapov
Target Milestone: ---Keywords: TestBlocker
Target Release: ODF 4.11.0   
Hardware: Unspecified   
OS: Unspecified   
URL: https://github.com/red-hat-storage/ocs-operator/pull/1726
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of:
: 2099612 (view as bug list) Environment:
Last Closed: 2022-08-24 13:54:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2099612    

Description Filip Balák 2022-06-21 09:40:50 UTC 
Description of problem:
After AWS KMS is configured according to https://hackmd.io/66K6Opp8RKGUlRsM62A_rg, when user tries to create an encrypted storageclassclaim, it gets into Failed phase right after creation.

Version-Release number of selected component (if applicable):
odf-operator.v4.11.0

How reproducible:
1/1

Steps to Reproduce:
1. Follow https://hackmd.io/66K6Opp8RKGUlRsM62A_rg, "create storageclass" step can be skipped.
2. Create storageclass claim:
apiVersion: ocs.openshift.io/v1alpha1
kind: StorageClassClaim
metadata:
  name: encrypted-rbd-test
  namespace: <namespace used for testing>
spec:
  encryptionMethod: aws-sts-metadata-test
  type: blockpool

3. Check the created storageclass

Actual results:
StorageClassClaim is in phase Failed.

Expected results:
If the configuration is correct, the StorageClassClaim shouldn't return an error state.

Additional info:
Comment 5 Mudit Agarwal 2022-06-21 14:29:26 UTC 
Thanks Pranshu.

Neha, please provide qa_ack
Comment 9 Mudit Agarwal 2022-06-22 15:02:33 UTC 
*** Bug 2099612 has been marked as a duplicate of this bug. ***
Comment 14 Jilju Joy 2022-08-10 11:14:18 UTC 
Verified in version:
ODF 4.11.0-13
OCP 4.10.25

$ oc get csv
NAME                                      DISPLAY                       VERSION           REPLACES                                  PHASE
mcg-operator.v4.11.0                      NooBaa Operator               4.11.0            mcg-operator.v4.10.5                      Succeeded
ocs-operator.v4.11.0                      OpenShift Container Storage   4.11.0            ocs-operator.v4.10.5                      Succeeded
ocs-osd-deployer.v2.0.4                   OCS OSD Deployer              2.0.4             ocs-osd-deployer.v2.0.3                   Succeeded
odf-csi-addons-operator.v4.11.0           CSI Addons                    4.11.0            odf-csi-addons-operator.v4.10.5           Succeeded
odf-operator.v4.11.0                      OpenShift Data Foundation     4.11.0            odf-operator.v4.10.4                      Succeeded
ose-prometheus-operator.4.10.0            Prometheus Operator           4.10.0            ose-prometheus-operator.4.8.0             Succeeded
route-monitor-operator.v0.1.422-151be96   Route Monitor Operator        0.1.422-151be96   route-monitor-operator.v0.1.420-b65f47e   Succeeded



$ oc -n test-project get storageclassclaim encrypted-rbd-test
NAME                 STORAGETYPE   PHASE
encrypted-rbd-test   blockpool     Ready


$ oc -n test-project get storageclassclaim encrypted-rbd-test -o yaml
apiVersion: ocs.openshift.io/v1alpha1
kind: StorageClassClaim
metadata:
  creationTimestamp: "2022-08-10T10:33:25Z"
  finalizers:
  - storageclassclaim.ocs.openshift.io
  generation: 1
  name: encrypted-rbd-test
  namespace: test-project
  resourceVersion: "591799"
  uid: 8028d829-3ada-4fe6-a425-45bcbcec6151
spec:
  encryptionMethod: aws-sts-metadata-test
  type: blockpool
status:
  phase: Ready


$ oc get sc encrypted-rbd-test -o yaml
allowVolumeExpansion: true
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  annotations:
    description: Provides RWO Filesystem volumes, and RWO and RWX Block volumes
    ocs.openshift.io.storagesclassclaim: test-project/encrypted-rbd-test
  creationTimestamp: "2022-08-10T10:33:35Z"
  name: encrypted-rbd-test
  resourceVersion: "591796"
  uid: aecde751-22d9-4a19-83b9-1bb5816e8fcd
parameters:
  clusterID: openshift-storage
  csi.storage.k8s.io/controller-expand-secret-name: rook-ceph-client-2985d1819a57d65bab110ecf65198a82
  csi.storage.k8s.io/controller-expand-secret-namespace: test-project
  csi.storage.k8s.io/fstype: ext4
  csi.storage.k8s.io/node-stage-secret-name: rook-ceph-client-f3a7d16e328a088f24c5040992ca8ab2
  csi.storage.k8s.io/node-stage-secret-namespace: test-project
  csi.storage.k8s.io/provisioner-secret-name: rook-ceph-client-2985d1819a57d65bab110ecf65198a82
  csi.storage.k8s.io/provisioner-secret-namespace: test-project
  encrypted: "true"
  encryptionKMSID: aws-sts-metadata-test
  imageFeatures: layering,deep-flatten,exclusive-lock,object-map,fast-diff
  imageFormat: "2"
  pool: cephblockpool-storageconsumer-5cf98470-0e89-4cd4-830d-40a244844720
provisioner: openshift-storage.rbd.csi.ceph.com
reclaimPolicy: Delete
volumeBindingMode: Immediate
Comment 16 errata-xmlrpc 2022-08-24 13:54:40 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, & bugfix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:6156
Comment 17 Red Hat Bugzilla 2023-12-08 04:29:15 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days