Bug 1956068 - IPI idrac-virtualmedia does not reboot into IPA on secure boot enabled nodes
Summary: IPI idrac-virtualmedia does not reboot into IPA on secure boot enabled nodes
Keywords:
Status: CLOSED WORKSFORME
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Bare Metal Hardware Provisioning
Version: 4.7
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.9.0
Assignee: Beth White
QA Contact: Amit Ugol
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-05-02 13:06 UTC by Yuval Kashtan
Modified: 2021-09-09 12:30 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-09-09 12:30:18 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
conductor logs (1.04 MB, application/gzip)
2021-05-02 13:06 UTC, Yuval Kashtan 		no flags Details
View All

Description Yuval Kashtan 2021-05-02 13:06:50 UTC 
Created attachment 1778563 [details]
conductor logs

Version: 4.7.7

$ openshift-install version
# openshift-baremetal-install version
openshift-baremetal-install 4.7.7
built from commit fae650e24e7036b333b2b2d9dfb5a08a29cd07b1
release image registry.ci.openshift.org/ocp/release@sha256:aee8055875707962203197c4306e69b024bea1a44fa09ea2c2c621e8c5000794


Platform: baremetal IPI, Dell R640 iDRAC 4.40.0.0
node is secure boot enabled

What happened?

when provisioning the worker,
it seems that ironic is able to attach the vmedia, but node is not booting from it.
manually selecting it from the boot menu, works.

What did you expect to happen?

that node will be automatically provisioned without manual intervention needed


How to reproduce it (as minimally and precisely as possible)?

1. deploy a ocp 4.7.7 cluster, where nodes are secure boot enabled (using idrac-virtualmedia and provisioning network disabled)


attached conductor logs, note that they contain the manual intervention too
Comment 1 Dmitry Tantsur 2021-05-04 15:59:46 UTC 
Note for triaging: I wonder if it's a firmware problem. I tested secure boot on a different Dell machine, and it worked.
Comment 2 Bob Fournier 2021-05-04 16:21:05 UTC 
Looks like the most recent version for the R640 [1] is 4.40.10.00 from 13 April, 2021

[1] https://www.dell.com/support/home/en-us/product-support/product/poweredge-r640/drivers
Comment 3 Derek Higgins 2021-05-04 16:24:46 UTC 
Can you see if their are any firmware upgrades available and if so see if they resolve the problem,
if that doesn't help would it be possible to access the environment so we can debug further
Comment 4 Yuval Kashtan 2021-05-04 18:20:12 UTC 
so this node is with 4.40.0.0 is see there is 4.40.10 I'll try to test with that too
@derek what fw did you test with? I can try and get similar node too ..
Comment 5 Derek Higgins 2021-05-05 08:06:44 UTC 
(In reply to Yuval Kashtan from comment #4)
> so this node is with 4.40.0.0 is see there is 4.40.10 I'll try to test with
> that too
> @derek what fw did you test with? I can try and get similar node too ..

dmitry would have the answer to that
Comment 6 Dmitry Tantsur 2021-05-05 09:32:33 UTC 
I think it was iDRAC 8, so 2.*.*.*. Won't help you, but I agree with trying the latest firmware version.
Comment 7 Yuval Kashtan 2021-05-05 09:36:21 UTC 
I'm on it as we speak, results should be in later today
sorry about using the wrong 'D' there ;-)
Comment 10 Yuval Kashtan 2021-09-02 07:37:07 UTC 
Retried that, and deployment went smoothly,
with latest nightly 4.9 and the newer iDRAC 5.00.00
Comment 11 Dmitry Tantsur 2021-09-09 12:30:18 UTC 
Thanks for the update! Feel free to reopen if you hit this issue again.
Note You need to log in before you can comment on or make changes to this bug.