Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HIVE-2559: FIPS backports for MCE-2.5 4.16 installation #2344

Open
wants to merge 3 commits into
base: mce-2.5
Choose a base branch
from

Conversation

celebdor
Copy link
Contributor

@celebdor celebdor commented Jul 5, 2024

In order for MCE-2.5 to be able to deploy FIPS enabled spoke clusters from a FIPS enabled hub cluster, we need to backport the logic to choose the right userspace to run hiveutil/installer from

@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Jul 5, 2024
@openshift-ci-robot
Copy link

openshift-ci-robot commented Jul 5, 2024

@celebdor: This pull request references HIVE-2559 which is a valid jira issue.

In response to this:

In order for MCE-2.5 to be able to deploy FIPS enabled spoke clusters from a FIPS enabled hub cluster, we need to backport the logic to choose the right userspace to run hiveutil/installer from

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@celebdor celebdor changed the title HIVE-2559: Fips backports for MCE-2.5 4.16 installation HIVE-2559: FIPS backports for MCE-2.5 4.16 installation Jul 5, 2024
@openshift-ci openshift-ci bot requested review from dlom and lleshchi July 5, 2024 15:23
Copy link
Contributor

openshift-ci bot commented Jul 5, 2024

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: celebdor
Once this PR has been reviewed and has the lgtm label, please assign lleshchi for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Copy link

codecov bot commented Jul 5, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 57.93%. Comparing base (7bc174f) to head (3ea4f19).
Report is 15 commits behind head on mce-2.5.

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff            @@
##           mce-2.5    #2344   +/-   ##
========================================
  Coverage    57.92%   57.93%           
========================================
  Files          186      186           
  Lines        26075    26074    -1     
========================================
+ Hits         15105    15106    +1     
+ Misses        9707     9705    -2     
  Partials      1263     1263           
Files with missing lines Coverage Δ
contrib/pkg/utils/generic.go 9.91% <ø> (+0.31%) ⬆️
pkg/imageset/updateinstaller.go 45.06% <100.00%> (-0.67%) ⬇️
pkg/install/generate.go 43.15% <100.00%> (+0.49%) ⬆️

... and 1 file with indirect coverage changes

lleshchi and others added 3 commits August 2, 2024 18:45
As a result of the openshift installer transitioning from rhel8 to rhel9
(openshift/installer#8196), running
openshift-install in the rhel8 backed hive container in order to install
a cluster in fips mode results in a fips incompatibility.

Create a seperate installmanager binary that runs the install-manager
command previously invoked by hiveutil. Build a rhel8 and rhel9 version
of hive, and copy both versions of installmanager to the installer
container. The directory struture of the provisioning pod is also
adjusted to support this change. Lastly, the installmanager binary
corresponding to the rhel version of the installer container.

Signed-off-by: Leah Leshchinsky <[email protected]>
Signed-off-by: Leah Leshchinsky <[email protected]>
New builder images do not alias python to python3

Signed-off-by: Antoni Segura Puimedon <[email protected]>
Copy link
Contributor

openshift-ci bot commented Aug 2, 2024

@celebdor: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/security 3ea4f19 link true /test security
ci/prow/e2e 3ea4f19 link true /test e2e
ci/prow/e2e-pool 3ea4f19 link true /test e2e-pool

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@openshift-bot
Copy link

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

@openshift-ci openshift-ci bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Nov 1, 2024
@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Nov 1, 2024
@openshift-merge-robot
Copy link
Contributor

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants