Bug 2184000 - secrets "noobaa-root-master-key" not found on ODF 4.13 cluster
Summary: secrets "noobaa-root-master-key" not found on ODF 4.13 cluster
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat OpenShift Data Foundation
Classification: Red Hat Storage
Component: documentation
Version: 4.13
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
: ODF 4.13.1
Assignee: Disha Walvekar
QA Contact: Neha Berry
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-04-03 11:45 UTC by avdhoot
Modified: 2023-08-09 16:43 UTC (History)
12 users (show)

Fixed In Version: 4.13.1-9
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-08-03 07:01:20 UTC
Embargoed:
asagare: needinfo+

Attachments (Terms of Use)

Description avdhoot 2023-04-03 11:45:21 UTC 
Description of problem (please be detailed as possible and provide log
snippests):

secrets "noobaa-root-master-key" not found on ODF 4.13 cluster.
The cluster has FIPS, vault-v1 and In transit encryption true on it.

The testcase - tests/e2e/kcs/test_noobaa_rebuild.py faied with below error.

"""
ocs_ci.ocs.exceptions.CommandFailed: Error during execution of command: oc -n openshift-storage delete secrets noobaa-admin noobaa-endpoints noobaa-operator noobaa-server noobaa-root-master-key.
Error is Error from server (NotFound): secrets "noobaa-root-master-key" not found
"""

Version of all relevant components (if applicable):

OCP-4.13
ODF-4.13

Does this issue impact your ability to continue to work with the product
(please explain in detail what is the user impact)?


Is there any workaround available to the best of your knowledge?
No

Rate from 1 - 5 the complexity of the scenario you performed that caused this
bug (1 - very simple, 5 - very complex)?


Can this issue reproducible?
Yes

Can this issue reproduce from the UI?


If this is a regression, please provide more details to justify this:


Steps to Reproduce:
1.Deploy OCP 4.13 + ODF 4.13 with below configuration-
  a. FIPS
  b. vault-v1
  c. Enable in transit encryption true
2. Run testcase - tests/e2e/kcs/test_noobaa_rebuild.py faied with below error.
3.


Actual results:

noobaa-root-master-key is not found in secrets

Expected results:
noobaa-root-master-key should present 

Additional info:
ODF must gather- http://magna002.ceph.redhat.com/ocsci-jenkins/openshift-clusters/asagare-sysnomul-413/asagare-sysnomul-413_20230330T102643/logs/deployment_1680175763/ocs_must_gather/quay-io-rhceph-dev-ocs-must-gather-sha256-91a4a9948e82f69856ea12ec7ea2c54d25a22a538d08d73732cffb707bba3be5/namespaces/openshift-storage/core/secrets.yaml
Comment 7 avdhoot 2023-04-18 06:23:27 UTC 
@Alexander

I have followed below steps mentioned in kcs- https://access.redhat.com/solutions/5948631


Delete the noobaa secrets.
Raw
$ oc delete secrets noobaa-admin noobaa-endpoints noobaa-operator noobaa-server noobaa-root-master-key


so can I remove noobaa-root-master-key from above command from kcs in case of external KMS is defined?

Delete the noobaa secrets.
Raw
$ oc delete secrets noobaa-admin noobaa-endpoints noobaa-operator noobaa-server
Comment 8 Alexander Indenbaum 2023-04-19 10:09:51 UTC 
Hello @avdhoot 🖖,

I confirm that you can skip the removal of the "noobaa-root-master-key" secret for the steps mentioned in kcs- https://access.redhat.com/solutions/5948631 if an external KMS is defined. This is because the master root key will be stored in the specified backend instead. If you have any further questions or need further assistance, please let me know.

Best regards
Comment 10 Danny 2023-04-20 09:34:30 UTC 
Hi @asagare can we close this BZ?
Comment 11 avdhoot 2023-04-20 10:50:50 UTC 
yeah we can close but waiting for bipin's reply. To update KCS article should we need to raise new doc bug?
Comment 26 Bipin Kunal 2023-08-01 09:53:30 UTC 
Thanks, Karun.
Note You need to log in before you can comment on or make changes to this bug.