Bug 2303619 - Azure KMS configuration broken: dial tcp: address ....vault.azure.net/: missing port in address
Summary: Azure KMS configuration broken: dial tcp: address ....vault.azure.net/: missi...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenShift Data Foundation
Classification: Red Hat Storage
Component: ocs-operator
Version: 4.17
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: ODF 4.17.0
Assignee: Santosh Pillai
QA Contact: Daniel Horák
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-08-08 05:18 UTC by Daniel Horák
Modified: 2024-10-30 14:30 UTC (History)
5 users (show)

Fixed In Version: 4.17.0-84
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2024-10-30 14:30:20 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github red-hat-storage ocs-operator pull 2754 0 None open kms: skip checking azure kms endpoint reachability 2024-08-21 05:40:17 UTC
Github red-hat-storage ocs-operator pull 2759 0 None open Bug 2303619:[release-4.17] kms: skip checking azure kms endpoint reachability 2024-08-21 11:14:49 UTC
Red Hat Issue Tracker OCSBZM-8794 0 None None None 2024-08-21 05:41:58 UTC
Red Hat Product Errata RHSA-2024:8676 0 None None None 2024-10-30 14:30:23 UTC

Description Daniel Horák 2024-08-08 05:18:33 UTC 
Description of problem (please be detailed as possible and provide log
snippests):

  With latest odf 4.17.0-65 build, the Azure KMS flow is broken:
      Kms Server Connection Error:  dial tcp: address ...vault.azure.net/: missing port in address

  This scenario was working correctly in previous builds 4.17.0-57 and 4.17.0-62.


Version of all relevant components (if applicable):
  OCP Version:
    Client Version: 4.17.0-0.nightly-2024-08-06-235322
    Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
    Server Version: 4.17.0-0.nightly-2024-08-06-235322
    Kubernetes Version: v1.30.3

  ODF Version: quay.io/rhceph-dev/ocs-registry:4.17.0-65


Does this issue impact your ability to continue to work with the product
(please explain in detail what is the user impact)?
  Yes, we are not able to deploy the Azure cluster with encryption.


Is there any workaround available to the best of your knowledge?
  Not sure, but maybe yes - changing configuration in the csi-kms-connection-details configmap.

Rate from 1 - 5 the complexity of the scenario you performed that caused this
bug (1 - very simple, 5 - very complex)?
  2


Can this issue reproducible?
  Yes, 100%


Can this issue reproduce from the UI?
  N/A


If this is a regression, please provide more details to justify this:
  Yes, this scenario was working in previous versions.


Steps to Reproduce:
1. Install Azure with enable encryption
  (AZURE IPI ENCRYPTION KEY VAULT 1AZ RHCOS 3M 3W)
2. Check status of StorageCluster


Actual results:
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  $ oc describe StorageCluster -n openshift-storage 
  Name:         ocs-storagecluster
  Namespace:    openshift-storage
  ...
  Status:
    ...
    Kms Server Connection:
      Kms Server Address:           https://ocsqe-azure-kv.vault.azure.net/
      Kms Server Connection Error:  dial tcp: address ocsqe-azure-kv.vault.azure.net/: missing port in address
  ...
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Expected results:
  The cluster deployment will pass correctly.


Additional info:
Comment 10 Sunil Kumar Acharya 2024-08-26 11:12:44 UTC 
Please update the RDT flag/text appropriately.
Comment 15 Daniel Horák 2024-08-28 04:48:35 UTC 
Tested and verified on:
OCP version: 4.17.0-0.nightly-2024-08-19-165854
    built from commit 7060033fd49291914e6e52c9f1d64baf8115a854
    release image registry.ci.openshift.org/ocp/release@sha256:b8105494ce61dc1f5ba68f173c78adfb834ff70c66e7399b9ae401021517f27f
    release architecture amd64

ODF Version: 4.17.0-84

The deployment and acceptance test suite passed.

>>> VERIFIED
Comment 17 errata-xmlrpc 2024-10-30 14:30:20 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Red Hat OpenShift Data Foundation 4.17.0 Security, Enhancement, & Bug Fix Update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2024:8676
Note You need to log in before you can comment on or make changes to this bug.