2055280 – overcloud nodes kernel panic on introspection with FIPS enabled

Bug 2055280 - overcloud nodes kernel panic on introspection with FIPS enabled

Summary: overcloud nodes kernel panic on introspection with FIPS enabled

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-ironic-python-agent-builder
Sub Component:
Version:	17.0 (Wallaby)
Hardware:	Unspecified
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	beta
Target Release:	17.0
Assignee:	OSP Team
QA Contact:	nlevinki
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-02-16 15:05 UTC by Jeremy Agee
Modified:	2022-09-21 12:19 UTC (History)
CC List:	2 users (show)
Fixed In Version:	openstack-ironic-python-agent-builder-2.7.1-0.20220224043445.e0b51e0.el8ost
Doc Type:	No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed:	2022-09-21 12:18:59 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
console logs from ironic boots of one node (373.21 KB, application/octet-stream) 2022-02-16 15:05 UTC, Jeremy Agee	no flags	Details
View All

Links
System	ID	Priority	Status	Summary	Last Updated
OpenStack gerrit	829391	None	MERGED	Create random character devices so systemd does not crash	2022-03-14 18:35:52 UTC
Red Hat Issue Tracker	OSP-12723	None	None	None	2022-02-16 15:10:23 UTC
Red Hat Product Errata	RHEA-2022:6543	None	None	None	2022-09-21 12:19:19 UTC

Description Jeremy Agee 2022-02-16 15:05:37 UTC

Created attachment 1861498 [details]
console logs from ironic boots of one node

Description of problem:
during the overcloud introspect phase each system will boot in ironic and kernel panic causing introspect to fail.  The agent.{kernel,ramdisk} are provided from rhosp-director-images-ipa-fips-x86_64.

Version-Release number of selected component (if applicable):
Red Hat OpenStack Platform release 17.0.0 Beta (Ussuri)
RHOS-17.0-RHEL-8-20220125.n.1

Red Hat Enterprise Linux release 8.4 (Ootpa)         
4.18.0-305.34.2.el8_4.x86_64

rhosp-director-images-uefi-fips-x86_64-17.0-20220124.1.el8ost.noarch
rhosp-director-images-ipa-fips-x86_64-17.0-20220124.1.el8ost.noarch

root@undercloud-0 httpboot]# ls -la /var/lib/ironic/httpboot/
total 858068
drwxr-sr-x.  3 42422 42422       138 Feb 15 13:06 .
drwxr-sr-x.  6 42422 42422        66 Feb 10 14:08 ..
-rwxr-xr-x.  1 root  42422  10034496 Feb 10 14:13 agent.kernel
-rw-r--r--.  1 root  42422 434291396 Feb 15 13:06 agent.ramdisk
-rw-r--r--.  1 root  42422 434321120 Feb 15 12:48 agent.ramdisk.backup
-rw-r--r--.  1 42422 42422       758 Feb 10 14:08 boot.ipxe
drwxr-sr-x. 18 root  42422       254 Feb 15 12:09 exploded_ramdisk
-rw-r--r--.  1 42422 42422       510 Feb 15 12:41 inspector.ipxe

How reproducible:
every time

Steps to Reproduce:
1.deploy the undercloud using fips images for the overcloud
2. run introspect

Actual results:
nodes kernel panic

Expected results:
overcloud nodes boot and are able to be inspected.

Additional info:
This looks to be caused by the urandom device being missing in the boot process.

Comment 3 Julia Kreger 2022-03-14 18:38:02 UTC

Fix is in the downstream RPM build for ironic-python-agent-builder, Moving to modified state for QA.

Comment 10 errata-xmlrpc 2022-09-21 12:18:59 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Release of components for Red Hat OpenStack Platform 17.0 (Wallaby)), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2022:6543

Note You need to log in before you can comment on or make changes to this bug.