Description of problem: After AWS KMS is configured according to https://hackmd.io/66K6Opp8RKGUlRsM62A_rg, when user tries to create an encrypted storageclassclaim, it gets into Failed phase right after creation. Version-Release number of selected component (if applicable): odf-operator.v4.11.0 How reproducible: 1/1 Steps to Reproduce: 1. Follow https://hackmd.io/66K6Opp8RKGUlRsM62A_rg, "create storageclass" step can be skipped. 2. Create storageclass claim: apiVersion: ocs.openshift.io/v1alpha1 kind: StorageClassClaim metadata: name: encrypted-rbd-test namespace: <namespace used for testing> spec: encryptionMethod: aws-sts-metadata-test type: blockpool 3. Check the created storageclass Actual results: StorageClassClaim is in phase Failed. Expected results: If the configuration is correct, the StorageClassClaim shouldn't return an error state. Additional info:
Thanks Pranshu. Neha, please provide qa_ack
*** Bug 2099612 has been marked as a duplicate of this bug. ***
Verified in version: ODF 4.11.0-13 OCP 4.10.25 $ oc get csv NAME DISPLAY VERSION REPLACES PHASE mcg-operator.v4.11.0 NooBaa Operator 4.11.0 mcg-operator.v4.10.5 Succeeded ocs-operator.v4.11.0 OpenShift Container Storage 4.11.0 ocs-operator.v4.10.5 Succeeded ocs-osd-deployer.v2.0.4 OCS OSD Deployer 2.0.4 ocs-osd-deployer.v2.0.3 Succeeded odf-csi-addons-operator.v4.11.0 CSI Addons 4.11.0 odf-csi-addons-operator.v4.10.5 Succeeded odf-operator.v4.11.0 OpenShift Data Foundation 4.11.0 odf-operator.v4.10.4 Succeeded ose-prometheus-operator.4.10.0 Prometheus Operator 4.10.0 ose-prometheus-operator.4.8.0 Succeeded route-monitor-operator.v0.1.422-151be96 Route Monitor Operator 0.1.422-151be96 route-monitor-operator.v0.1.420-b65f47e Succeeded $ oc -n test-project get storageclassclaim encrypted-rbd-test NAME STORAGETYPE PHASE encrypted-rbd-test blockpool Ready $ oc -n test-project get storageclassclaim encrypted-rbd-test -o yaml apiVersion: ocs.openshift.io/v1alpha1 kind: StorageClassClaim metadata: creationTimestamp: "2022-08-10T10:33:25Z" finalizers: - storageclassclaim.ocs.openshift.io generation: 1 name: encrypted-rbd-test namespace: test-project resourceVersion: "591799" uid: 8028d829-3ada-4fe6-a425-45bcbcec6151 spec: encryptionMethod: aws-sts-metadata-test type: blockpool status: phase: Ready $ oc get sc encrypted-rbd-test -o yaml allowVolumeExpansion: true apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: annotations: description: Provides RWO Filesystem volumes, and RWO and RWX Block volumes ocs.openshift.io.storagesclassclaim: test-project/encrypted-rbd-test creationTimestamp: "2022-08-10T10:33:35Z" name: encrypted-rbd-test resourceVersion: "591796" uid: aecde751-22d9-4a19-83b9-1bb5816e8fcd parameters: clusterID: openshift-storage csi.storage.k8s.io/controller-expand-secret-name: rook-ceph-client-2985d1819a57d65bab110ecf65198a82 csi.storage.k8s.io/controller-expand-secret-namespace: test-project csi.storage.k8s.io/fstype: ext4 csi.storage.k8s.io/node-stage-secret-name: rook-ceph-client-f3a7d16e328a088f24c5040992ca8ab2 csi.storage.k8s.io/node-stage-secret-namespace: test-project csi.storage.k8s.io/provisioner-secret-name: rook-ceph-client-2985d1819a57d65bab110ecf65198a82 csi.storage.k8s.io/provisioner-secret-namespace: test-project encrypted: "true" encryptionKMSID: aws-sts-metadata-test imageFeatures: layering,deep-flatten,exclusive-lock,object-map,fast-diff imageFormat: "2" pool: cephblockpool-storageconsumer-5cf98470-0e89-4cd4-830d-40a244844720 provisioner: openshift-storage.rbd.csi.ceph.com reclaimPolicy: Delete volumeBindingMode: Immediate
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, & bugfix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:6156
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days