Description of problem (please be detailed as possible and provide log snippets): When no backend path is specified while deploying an OCS cluster with cluster wide encryption enabled using KMS, the deployment does not succeed. The OSDs are stuck in Init:CrashLoopBackOff state. $ oc get pods |grep osd rook-ceph-osd-0-84865cdc86-ss2mr 0/2 Init:CrashLoopBackOff 11 35m rook-ceph-osd-1-6bbbd87cf6-l9ccl 0/2 Init:CrashLoopBackOff 11 35m rook-ceph-osd-2-6d68bcb9c8-rkzqr 0/2 Init:CrashLoopBackOff 11 35m $ oc logs rook-ceph-osd-1-6bbbd87cf6-l9ccl -c encryption-kms-get-kek Traceback (most recent call last): File "<string>", line 1, in <module> File "/usr/lib64/python3.6/json/__init__.py", line 299, in load parse_constant=parse_constant, object_pairs_hook=object_pairs_hook, **kw) File "/usr/lib64/python3.6/json/__init__.py", line 354, in loads return _default_decoder.decode(s) File "/usr/lib64/python3.6/json/decoder.py", line 339, in decode obj, end = self.raw_decode(s, idx=_w(s, 0).end()) File "/usr/lib64/python3.6/json/decoder.py", line 357, in raw_decode raise JSONDecodeError("Expecting value", s, err.value) from None json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0) On the vault server, the keys did get created in the secret/ path $ vault kv list secret Keys ---- rook-ceph-osd-encryption-key-ocs-deviceset-thin-0-data-0n95tz rook-ceph-osd-encryption-key-ocs-deviceset-thin-1-data-08xcsz rook-ceph-osd-encryption-key-ocs-deviceset-thin-2-data-0r6pxs Version of all relevant components (if applicable): OCP: 4.7.0-0.nightly-2021-03-22-025559 OCS: ocs-operator.v4.7.0-307.ci Does this issue impact your ability to continue to work with the product (please explain in detail what is the user impact)? Yes, the backend path is an optional parameter during the deployment, and the deployment should succeed if that is not specified. Is there any workaround available to the best of your knowledge? Not that I am aware of Rate from 1 - 5 the complexity of the scenario you performed that caused this bug (1 - very simple, 5 - very complex)? 2 Can this issue reproducible? Yes Can this issue reproduce from the UI? Yes If this is a regression, please provide more details to justify this: No Steps to Reproduce: 1. On the vault server, ensure that you have a path called secret/ 2. Deploy an OCS cluster with cluster wide encryption enabled using KMS, in the Advanced settings section, do not specify the backend path 3. Check the status of the storagecluster Actual results: The OSD pods are stuck in Init:CrashLoopBackOff Expected results: The deployment should be successful
Somehow the bot did not move it to MODIFIED.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: Red Hat OpenShift Container Storage 4.7.0 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2041