Description of problem (please be detailed as possible and provide log snippests): Client onboarding token generation from UI is not working for upgraded provider clusters when both private and public keys are available in the console. Version of all relevant components (if applicable): ODF version: 4.14.4-4.fusion-hci OCP version: 4.14.5 Does this issue impact your ability to continue to work with the product (please explain in detail what is the user impact)? no Is there any workaround available to the best of your knowledge? yes we can trigger the onboarding token from CLI Rate from 1 - 5 the complexity of the scenario you performed that caused this bug (1 - very simple, 5 - very complex)? 3 Can this issue reproducible? yes Can this issue reproduce from the UI? yes If this is a regression, please provide more details to justify this: NA Steps to Reproduce: 1. Create one provider-client hci cluster with odf version prior to 4.14.4-4 2. Create onboarding token for client outside odf using token generation script. 3. Storage-client successfully onboarded 4. Upgrade the provider-client cluster to odf 4.14.4-4 5. Apply below: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: oauth-proxy-role rules: - apiGroups: ["authentication.k8s.io"] resources: - tokenreviews verbs: ["create"] - apiGroups: ["authorization.k8s.io"] resources: - subjectaccessreviews verbs: ["create"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: oauth-proxy-role-binding subjects: - kind: ServiceAccount name: ux-backend-server namespace: openshift-storage roleRef: kind: ClusterRole name: oauth-proxy-role apiGroup: rbac.authorization.k8s.io --- apiVersion: v1 kind: ServiceAccount metadata: name: ux-backend-server namespace: openshift-storage --- 6. Check ux-backend-server pod is up and running 7. Check below secrets are available under secrets for 'openshift-storage' namespace onboarding-secret-generator-dockercfg onboarding-secret-generator-token and onboarding-ticket-key 8. Check onboarding-secret-generator job is not available. 9. Delete onboarding-ticket-key 10. Check onboarding-secret-generator job triggered and moved to 'Completed' status 11. Check below secrets are available under secrets for 'openshift-storage' namespace onboarding-private-key onboarding-secret-generator-dockercfg onboarding-secret-generator-token and onboarding-ticket-key 12. Select 'Generate client onboarding token' option from 'Storage --> Storage clients' page. After upgrade, - client onboarding tickets are not generating from UI, although private and public keys are available, its getting stuck at processing. Expected results: After upgrade,should be able to generate client onboarding tickets afrom UI when both private and public keys are available. Additional info:
This requires changes on the odf-operator.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: Red Hat OpenShift Data Foundation 4.15.0 security, enhancement, & bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2024:1383