Bug 2303619
| Summary: | Azure KMS configuration broken: dial tcp: address ....vault.azure.net/: missing port in address | ||
|---|---|---|---|
| Product: | [Red Hat Storage] Red Hat OpenShift Data Foundation | Reporter: | Daniel Horák <dahorak> |
| Component: | ocs-operator | Assignee: | Santosh Pillai <sapillai> |
| Status: | CLOSED ERRATA | QA Contact: | Daniel Horák <dahorak> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 4.17 | CC: | amohan, muagarwa, nigoyal, odf-bz-bot, sapillai |
| Target Milestone: | --- | Keywords: | Regression |
| Target Release: | ODF 4.17.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | 4.17.0-84 | Doc Type: | No Doc Update |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2024-10-30 14:30:20 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Please update the RDT flag/text appropriately. Tested and verified on:
OCP version: 4.17.0-0.nightly-2024-08-19-165854
built from commit 7060033fd49291914e6e52c9f1d64baf8115a854
release image registry.ci.openshift.org/ocp/release@sha256:b8105494ce61dc1f5ba68f173c78adfb834ff70c66e7399b9ae401021517f27f
release architecture amd64
ODF Version: 4.17.0-84
The deployment and acceptance test suite passed.
>>> VERIFIED
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: Red Hat OpenShift Data Foundation 4.17.0 Security, Enhancement, & Bug Fix Update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2024:8676 |
Description of problem (please be detailed as possible and provide log snippests): With latest odf 4.17.0-65 build, the Azure KMS flow is broken: Kms Server Connection Error: dial tcp: address ...vault.azure.net/: missing port in address This scenario was working correctly in previous builds 4.17.0-57 and 4.17.0-62. Version of all relevant components (if applicable): OCP Version: Client Version: 4.17.0-0.nightly-2024-08-06-235322 Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3 Server Version: 4.17.0-0.nightly-2024-08-06-235322 Kubernetes Version: v1.30.3 ODF Version: quay.io/rhceph-dev/ocs-registry:4.17.0-65 Does this issue impact your ability to continue to work with the product (please explain in detail what is the user impact)? Yes, we are not able to deploy the Azure cluster with encryption. Is there any workaround available to the best of your knowledge? Not sure, but maybe yes - changing configuration in the csi-kms-connection-details configmap. Rate from 1 - 5 the complexity of the scenario you performed that caused this bug (1 - very simple, 5 - very complex)? 2 Can this issue reproducible? Yes, 100% Can this issue reproduce from the UI? N/A If this is a regression, please provide more details to justify this: Yes, this scenario was working in previous versions. Steps to Reproduce: 1. Install Azure with enable encryption (AZURE IPI ENCRYPTION KEY VAULT 1AZ RHCOS 3M 3W) 2. Check status of StorageCluster Actual results: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ $ oc describe StorageCluster -n openshift-storage Name: ocs-storagecluster Namespace: openshift-storage ... Status: ... Kms Server Connection: Kms Server Address: https://ocsqe-azure-kv.vault.azure.net/ Kms Server Connection Error: dial tcp: address ocsqe-azure-kv.vault.azure.net/: missing port in address ... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Expected results: The cluster deployment will pass correctly. Additional info: