Bug 2184000

Summary: secrets "noobaa-root-master-key" not found on ODF 4.13 cluster
Product: [Red Hat Storage] Red Hat OpenShift Data Foundation Reporter: avdhoot <asagare>
Component: documentationAssignee: Disha Walvekar <dwalveka>
Status: CLOSED CURRENTRELEASE QA Contact: Neha Berry <nberry>
Severity: high Docs Contact:
Priority: unspecified    
Version: 4.13CC: aindenba, asriram, bkunal, dwalveka, dzaken, ebenahar, hnallurv, kjosy, nbecker, ocs-bugs, odf-bz-bot, tdesala
Target Milestone: ---Keywords: Reopened
Target Release: ODF 4.13.1Flags: asagare: needinfo+
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: 4.13.1-9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-08-03 07:01:20 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description avdhoot 2023-04-03 11:45:21 UTC 
Description of problem (please be detailed as possible and provide log
snippests):

secrets "noobaa-root-master-key" not found on ODF 4.13 cluster.
The cluster has FIPS, vault-v1 and In transit encryption true on it.

The testcase - tests/e2e/kcs/test_noobaa_rebuild.py faied with below error.

"""
ocs_ci.ocs.exceptions.CommandFailed: Error during execution of command: oc -n openshift-storage delete secrets noobaa-admin noobaa-endpoints noobaa-operator noobaa-server noobaa-root-master-key.
Error is Error from server (NotFound): secrets "noobaa-root-master-key" not found
"""

Version of all relevant components (if applicable):

OCP-4.13
ODF-4.13

Does this issue impact your ability to continue to work with the product
(please explain in detail what is the user impact)?


Is there any workaround available to the best of your knowledge?
No

Rate from 1 - 5 the complexity of the scenario you performed that caused this
bug (1 - very simple, 5 - very complex)?


Can this issue reproducible?
Yes

Can this issue reproduce from the UI?


If this is a regression, please provide more details to justify this:


Steps to Reproduce:
1.Deploy OCP 4.13 + ODF 4.13 with below configuration-
  a. FIPS
  b. vault-v1
  c. Enable in transit encryption true
2. Run testcase - tests/e2e/kcs/test_noobaa_rebuild.py faied with below error.
3.


Actual results:

noobaa-root-master-key is not found in secrets

Expected results:
noobaa-root-master-key should present 

Additional info:
ODF must gather- http://magna002.ceph.redhat.com/ocsci-jenkins/openshift-clusters/asagare-sysnomul-413/asagare-sysnomul-413_20230330T102643/logs/deployment_1680175763/ocs_must_gather/quay-io-rhceph-dev-ocs-must-gather-sha256-91a4a9948e82f69856ea12ec7ea2c54d25a22a538d08d73732cffb707bba3be5/namespaces/openshift-storage/core/secrets.yaml
Comment 7 avdhoot 2023-04-18 06:23:27 UTC 
@Alexander

I have followed below steps mentioned in kcs- https://access.redhat.com/solutions/5948631


Delete the noobaa secrets.
Raw
$ oc delete secrets noobaa-admin noobaa-endpoints noobaa-operator noobaa-server noobaa-root-master-key


so can I remove noobaa-root-master-key from above command from kcs in case of external KMS is defined?

Delete the noobaa secrets.
Raw
$ oc delete secrets noobaa-admin noobaa-endpoints noobaa-operator noobaa-server
Comment 8 Alexander Indenbaum 2023-04-19 10:09:51 UTC 
Hello @avdhoot 🖖,

I confirm that you can skip the removal of the "noobaa-root-master-key" secret for the steps mentioned in kcs- https://access.redhat.com/solutions/5948631 if an external KMS is defined. This is because the master root key will be stored in the specified backend instead. If you have any further questions or need further assistance, please let me know.

Best regards
Comment 10 Danny 2023-04-20 09:34:30 UTC 
Hi @asagare can we close this BZ?
Comment 11 avdhoot 2023-04-20 10:50:50 UTC 
yeah we can close but waiting for bipin's reply. To update KCS article should we need to raise new doc bug?
Comment 26 Bipin Kunal 2023-08-01 09:53:30 UTC 
Thanks, Karun.