Bug 1774318 - example in prompted message for command "oc new-project X" needs to be updated
Summary: example in prompted message for command "oc new-project X" needs to be updated
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Templates
Version: 4.3.0
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: ---
: 4.4.0
Assignee: Gabe Montero
QA Contact: XiuJuan Wang
URL:
Whiteboard:
: 1780438 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-11-20 02:23 UTC by xiyuan
Modified: 2020-05-13 21:53 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: one of the new-app/new-build examples of project creation was not FIPS compliant Consequence: the user would get an error using the example in a FIPS environment Fix: list only FIPS compliant new-app/new-build examples on new project creation Result: the will have success with any of the new-app/new-build examples noted on project creation in a FIPS environment
Clone Of:
Environment:
Last Closed: 2020-05-13 21:53:02 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift oc pull 170 0 'None' closed Bug 1774318: use a fips compliant oc new-app example with the new-project message 2020-09-07 07:08:10 UTC
Red Hat Product Errata RHBA-2020:0581 0 None None None 2020-05-13 21:53:04 UTC

Description xiyuan 2019-11-20 02:23:55 UTC
Description of problem:
"oc new-app django-psql-example" command will fail due to Bug 1771915. However, the template django-psql-example was displayed as an example in the prompted message whenever a new project is created. So template needs to be updated.

Version:
4.3.0-0.nightly-2019-11-18-175710

How producible:
Always

Step to reproduce:
1. execute "oc new-project test1"

Actual result:
Now using project "test1" on server ...
You can add applications to this project with the 'new-app' command. For example, try:

    oc new-app django-psql-example

to build a new example application in Python. Or use kubectl to deploy a simple Kubernetes application:

    kubectl create deployment hello-node --image=gcr.io/hello-minikube-zero-install/hello-nod


expected result:
Now using project "test1" on server ...

You can add applications to this project with the 'new-app' command. For example, try:

    oc new-app ruby~https://github.com/sclorg/ruby-ex.git  or oc new-app cakephp-mysql-example or oc new-app  cakephp-mysql-persistent or oc new-app dancer-mysql-example or oc  new-app dancer-mysql-persistent  (I list several options that could  pass in FIPS enable environment) 

to build a new example application in Python. Or use kubectl to deploy a simple Kubernetes application:

    kubectl create deployment hello-node --image=gcr.io/hello-minikube-zero-install/hello-nod

Comment 1 Adam Kaplan 2019-11-20 16:37:54 UTC
Marking low priority - this is only an issue for FIPS environments and does not impact specific functionality.

Comment 2 Gabe Montero 2019-11-20 18:50:51 UTC
xiyuan@redhat.com - do you know already, or could quickly see, if the rails-postgresql-example template is OK in a FIPS env ?

Comment 4 XiuJuan Wang 2019-11-27 03:23:37 UTC
Extract latest oc from 4.3.0-0.nightly-2019-11-27-011055,
It's built in 201910250623
./oc version 
Client Version: openshift-clients-4.3.0-201910250623-68-g9d412f42
Server Version: 4.3.0-0.nightly-2019-11-26-171052
Kubernetes Versio
n: v1.16.2

And oc client install from rpm openshift-clients.x86_64.0.4.3.0-201911261917.git.1.133e54c.el7
It's built in "2019-11-25T21:16:09Z"

I1127 11:18:04.656634   25254 request.go:968] Response Body: {
  "major": "1",
  "minor": "16+",
  "gitVersion": "v1.16.2",
  "gitCommit": "dad97c3",
  "gitTreeState": "clean",
  "buildDate": "2019-11-25T21:16:09Z",
  "goVersion": "go1.12.12",
  "compiler": "gc",
  "platform": "linux/amd64"
}

Both client don't update the example in the fips enabled cluster(Server Version: 4.3.0-0.nightly-2019-11-26-171052).

$oc new-project test1
Now using project "test1" on server "https://api.xiuwang-fips27.qe.azure.devcluster.openshift.com:6443".

You can add applications to this project with the 'new-app' command. For example, try:

    oc new-app django-psql-example

to build a new example application in Python. Or use kubectl to deploy a simple Kubernetes application:

    kubectl create deployment hello-node --image=gcr.io/hello-minikube-zero-install/hello-node

Comment 5 Gabe Montero 2019-12-01 21:11:18 UTC
An OC built on 201910250623 is not recent enough ... that is Oct 25

I just looked at https://openshift-release.svc.ci.openshift.org/releasestream/4.3.0-0.nightly/release/4.3.0-0.nightly-2019-11-29-051144

and openshift-client-linux-4.3.0-0.nightly-2019-11-29-051144.tar.gz 

has an `oc` whose `oc version` reports:

gmontero ~/QE_bzs/oc-new-app-msg $ ./oc version
Client Version: 4.3.0-0.nightly-2019-11-29-051144
Kubernetes Version: v1.11.0+d4cacc0


Please try that level or later @XiuJuan

Comment 6 XiuJuan Wang 2019-12-02 02:20:25 UTC
So weird, I download same version package, but the oc version is different. I will keep an eye untill a new oc version built out
[wxj@console 4.3]$ ll
total 215932
-rwxr-xr-x. 2 wxj docker 83381912 Nov 27 08:45 kubectl
-rwxr-xr-x. 2 wxj docker 83381912 Nov 27 08:45 oc
-rw-r--r--. 1 wxj docker 27171236 Nov 27 08:45 openshift-client-linux-4.3.0-0.nightly-2019-11-29-051144.tar.gz
-rw-r--r--. 1 wxj docker 27171236 Nov 27 08:45 openshift-client-linux-4.3.0-0.nightly-2019-11-29-130430.tar.gz

[wxj@console 4.3]$ ./oc version 
Client Version: openshift-clients-4.3.0-201910250623-70-g0ed83003
Server Version: 4.3.0-0.nightly-2019-11-29-013902
Kubernetes Version: v1.16.

Comment 7 XiuJuan Wang 2019-12-05 05:35:22 UTC
Latest 4.3.0-0.nightly-2019-12-04-214544 didn't included the fix yet.
$oc version 
Client Version: openshift-clients-4.3.0-201910250623-77-gdf8483a7
Server Version: 4.3.0-0.nightly-2019-12-04-214544
Kubernetes Version: v1.16.2

$oc version --loglevel=8 | grep buildDate
  "buildDate": "2019-12-03T23:50:46Z",

$oc new-project  xiuwang
Now using project "xiuwang" on server "https://api.reliab431205eua.qe.azure.devcluster.openshift.com:6443".

You can add applications to this project with the 'new-app' command. For example, try:

    oc new-app django-psql-example

to build a new example application in Python. Or use kubectl to deploy a simple Kubernetes application:

    kubectl create deployment hello-node --image=gcr.io/hello-minikube-zero-install/hello-node


This cluster have enabled fips.

$oc debug node/reliab431205eua-6hcxr-worker-eastus1-9md99
sh-4.4# chroot /host
# cat /proc/sys/crypto/fips_enabled 
1

Do I need wait a newer oc binary built out?

Comment 8 Gabe Montero 2019-12-05 16:01:20 UTC
I figured it out ... the PR https://github.com/openshift/oc/pull/170 did not merge until after the 4.3 / 4.4 split

So we have to use a 4.4 nightly.

Given the priority of this, I am not initiating the backport to 4.3 ... and am retargeting this to 4.4

Sorry for the confusion, try a 4.4 nightly @XiuJuan

Comment 9 XiuJuan Wang 2019-12-06 06:12:03 UTC
 $./oc new-project test
Now using project "test" on server "https://api.qe-xiuwang-44.qe.devcluster.openshift.com:6443".

You can add applications to this project with the 'new-app' command. For example, try:

    oc new-app ruby~https://github.com/sclorg/ruby-ex.git

to build a new example application in Python. Or use kubectl to deploy a simple Kubernetes application:

    kubectl create deployment hello-node --image=gcr.io/hello-minikube-zero-install/hello-node

$ ./oc version 
Client Version: openshift-clients-4.3.0-201910250623-91-gc994341a
Server Version: 4.4.0-0.nightly-2019-12-05-203858
Kubernetes Version: v1.16.2

Verified with 4.4.0-0.nightly-2019-12-05-203858 payload.

Comment 10 xiyuan 2019-12-06 06:27:18 UTC
will you commit it to 4.3? I think it is mandatory for 4.3. Thanks.

Comment 11 Adam Kaplan 2019-12-06 15:46:45 UTC
On principle we don't backport low severity bugs.
This bug does not impact the ability of a customer to deploy OpenShift in FIPS mode, or even deploy an application on a FIPS-compliant cluster.

This bug may impact the onboarding experience of users who are completely new to OpenShift and are using the new-app examples to test or demonstrate capabilities.
If this impact warrants a higher severity rating, then we can reconsider.

CC-ing Neelesh (FIPS initiative owner).

Comment 12 Maciej Szulik 2019-12-11 13:03:31 UTC
*** Bug 1780438 has been marked as a duplicate of this bug. ***

Comment 15 errata-xmlrpc 2020-05-13 21:53:02 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0581


Note You need to log in before you can comment on or make changes to this bug.