Created attachment 1738220 [details] ironic-conductor.log from bootstrap Version: ./openshift-baremetal-install version ./openshift-baremetal-install 4.7.0-0.nightly-2020-12-09-112139 built from commit 35d7aa255a6a849aab00d60b8c406a06d25c495c release image registry.svc.ci.openshift.org/ocp/release@sha256:235c68dd2e120be1eb65ddeb747e0a2cd241de5405b55797576e0393e618e00e Platform: IPI Barmetal What happened? Deploy using redfish-virtualmedia with provisionNetwork disabled failed on virt emulation of IPI BM OCP On bootstrap in ironic-conductor log (attached) reported many errors like: ERROR ironic.drivers.modules.agent_client [-] Failed to connect to the agent running on node d7c322f0-0354-4008-92b4-f49fb2201001 for invoking command clean.get_clean_steps. Error: HTTPSConnectionPool(host='192.168.123.126', port=9999): Max retries exceeded with url: /v1/commands/?wait=true&agent_token=gU8ziSSacl_G14jmnW3zOxcRQ_gmt0M9Ue-3gWTiWfo (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),)): requests.exceptions.SSLError: HTTPSConnectionPool(host='192.168.123.126', port=9999): Max retries exceeded with url: /v1/commands/?wait=true&agent_token=gU8ziSSacl_G14jmnW3zOxcRQ_gmt0M9Ue-3gWTiWfo (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),)) What did you expect to happen? Deploy succeed How to reproduce it (as minimally and precisely as possible)? Run OCP deploy on disconnected env using redfish-virtualmedia and provisionNetwork disabled Anything else we need to know? #Enter text here.
Created attachment 1738222 [details] openshift_install.log
Created attachment 1738225 [details] ironic-api log
Created attachment 1738226 [details] ironic-inspector.log
You may have a clock synchronization issue. Your certificate has: Not Before: Dec 10 12:11:08 2020 GMT. The request according to the conductor logs happens at 2020-12-10 12:11:07.314. I wonder if we should allow some discrepancy until we get proper NTP support..
After NTP adjustment on both hypervisor provisionhost deploy on masters passed. Lowering the bz priority to allow Dmitry's fix to enter
Should be available in 4.7 already. Note that the implementation only allows a clock skew of 1 hour (I'm pretty sure you'll have other issues if you have a larger clock skew).
verified on 4.7.0-0.nightly-2021-02-04-054537
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:5633