Bug 2099581

Summary:	StorageClassClaim with encryption gets into Failed state
Product:	[Red Hat Storage] Red Hat OpenShift Data Foundation	Reporter:	Filip Balák <fbalak>
Component:	ocs-operator	Assignee:	Pranshu Srivastava <prasriva>
Status:	CLOSED ERRATA	QA Contact:	Filip Balák <fbalak>
Severity:	high	Docs Contact:
Priority:	unspecified
Version:	4.11	CC:	aeyal, ebenahar, jijoy, madam, mrajanna, muagarwa, nberry, ocs-bugs, odf-bz-bot, prasriva, sostapov
Target Milestone:	---	Keywords:	TestBlocker
Target Release:	ODF 4.11.0	Flags:	muagarwa: needinfo? (nberry)
Hardware:	Unspecified
OS:	Unspecified
URL:	https://github.com/red-hat-storage/ocs-operator/pull/1726
Whiteboard:
Fixed In Version:		Doc Type:	No Doc Update
Doc Text:		Story Points:	---
Clone Of:
Clones:	2099612 (view as bug list)		Environment:
Last Closed:	2022-08-24 13:54:40 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:
Bug Blocks:	2099612

Description Filip Balák 2022-06-21 09:40:50 UTC

Description of problem:
After AWS KMS is configured according to https://hackmd.io/66K6Opp8RKGUlRsM62A_rg, when user tries to create an encrypted storageclassclaim, it gets into Failed phase right after creation.

Version-Release number of selected component (if applicable):
odf-operator.v4.11.0

How reproducible:
1/1

Steps to Reproduce:
1. Follow https://hackmd.io/66K6Opp8RKGUlRsM62A_rg, "create storageclass" step can be skipped.
2. Create storageclass claim:
apiVersion: ocs.openshift.io/v1alpha1
kind: StorageClassClaim
metadata:
  name: encrypted-rbd-test
  namespace: <namespace used for testing>
spec:
  encryptionMethod: aws-sts-metadata-test
  type: blockpool

3. Check the created storageclass

Actual results:
StorageClassClaim is in phase Failed.

Expected results:
If the configuration is correct, the StorageClassClaim shouldn't return an error state.

Additional info:

Comment 5 Mudit Agarwal 2022-06-21 14:29:26 UTC

Thanks Pranshu.

Neha, please provide qa_ack

Comment 9 Mudit Agarwal 2022-06-22 15:02:33 UTC

*** Bug 2099612 has been marked as a duplicate of this bug. ***

Comment 14 Jilju Joy 2022-08-10 11:14:18 UTC

Verified in version:
ODF 4.11.0-13
OCP 4.10.25

$ oc get csv
NAME                                      DISPLAY                       VERSION           REPLACES                                  PHASE
mcg-operator.v4.11.0                      NooBaa Operator               4.11.0            mcg-operator.v4.10.5                      Succeeded
ocs-operator.v4.11.0                      OpenShift Container Storage   4.11.0            ocs-operator.v4.10.5                      Succeeded
ocs-osd-deployer.v2.0.4                   OCS OSD Deployer              2.0.4             ocs-osd-deployer.v2.0.3                   Succeeded
odf-csi-addons-operator.v4.11.0           CSI Addons                    4.11.0            odf-csi-addons-operator.v4.10.5           Succeeded
odf-operator.v4.11.0                      OpenShift Data Foundation     4.11.0            odf-operator.v4.10.4                      Succeeded
ose-prometheus-operator.4.10.0            Prometheus Operator           4.10.0            ose-prometheus-operator.4.8.0             Succeeded
route-monitor-operator.v0.1.422-151be96   Route Monitor Operator        0.1.422-151be96   route-monitor-operator.v0.1.420-b65f47e   Succeeded



$ oc -n test-project get storageclassclaim encrypted-rbd-test
NAME                 STORAGETYPE   PHASE
encrypted-rbd-test   blockpool     Ready


$ oc -n test-project get storageclassclaim encrypted-rbd-test -o yaml
apiVersion: ocs.openshift.io/v1alpha1
kind: StorageClassClaim
metadata:
  creationTimestamp: "2022-08-10T10:33:25Z"
  finalizers:
  - storageclassclaim.ocs.openshift.io
  generation: 1
  name: encrypted-rbd-test
  namespace: test-project
  resourceVersion: "591799"
  uid: 8028d829-3ada-4fe6-a425-45bcbcec6151
spec:
  encryptionMethod: aws-sts-metadata-test
  type: blockpool
status:
  phase: Ready


$ oc get sc encrypted-rbd-test -o yaml
allowVolumeExpansion: true
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  annotations:
    description: Provides RWO Filesystem volumes, and RWO and RWX Block volumes
    ocs.openshift.io.storagesclassclaim: test-project/encrypted-rbd-test
  creationTimestamp: "2022-08-10T10:33:35Z"
  name: encrypted-rbd-test
  resourceVersion: "591796"
  uid: aecde751-22d9-4a19-83b9-1bb5816e8fcd
parameters:
  clusterID: openshift-storage
  csi.storage.k8s.io/controller-expand-secret-name: rook-ceph-client-2985d1819a57d65bab110ecf65198a82
  csi.storage.k8s.io/controller-expand-secret-namespace: test-project
  csi.storage.k8s.io/fstype: ext4
  csi.storage.k8s.io/node-stage-secret-name: rook-ceph-client-f3a7d16e328a088f24c5040992ca8ab2
  csi.storage.k8s.io/node-stage-secret-namespace: test-project
  csi.storage.k8s.io/provisioner-secret-name: rook-ceph-client-2985d1819a57d65bab110ecf65198a82
  csi.storage.k8s.io/provisioner-secret-namespace: test-project
  encrypted: "true"
  encryptionKMSID: aws-sts-metadata-test
  imageFeatures: layering,deep-flatten,exclusive-lock,object-map,fast-diff
  imageFormat: "2"
  pool: cephblockpool-storageconsumer-5cf98470-0e89-4cd4-830d-40a244844720
provisioner: openshift-storage.rbd.csi.ceph.com
reclaimPolicy: Delete
volumeBindingMode: Immediate

Comment 16 errata-xmlrpc 2022-08-24 13:54:40 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, & bugfix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:6156