Skip to content

fix: when in fips mode and in a disconnected environment, remove the non fips openshift-install #196

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: when in fips mode and in a disconnected environment, remove the non fips openshift-install #196

wants to merge 1 commit into from

Conversation

@prb112
Copy link
Contributor

@prb112 prb112 commented Sep 17, 2025

fix: when in fips mode and in a disconnected environment, remove the non fips openshift-install

@ppc64le-cloud-bot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: prb112
Once this PR has been reviewed and has the lgtm label, please assign cs-zhang for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ppc64le-cloud-bot
Copy link
Contributor

ppc64le-cloud-bot commented Sep 17, 2025
edited
Loading

@prb112: PR is not mergeable.

The PR state is: blocked

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@ppc64le-cloud-bot ppc64le-cloud-bot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Sep 17, 2025
@prb112 prb112 changed the title fix: when in fips mode and in a disconnected environment, remove the non fips openshift-install WIP: fix: when in fips mode and in a disconnected environment, remove the non fips openshift-install Sep 17, 2025
@ppc64le-cloud-bot ppc64le-cloud-bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Sep 17, 2025
@prb112 prb112 force-pushed the fix-fips-disconnected branch from e345712 to 398867b Compare September 17, 2025 08:46
yussufsh
yussufsh reviewed Sep 17, 2025
View reviewed changes
Copy link
Contributor

@yussufsh yussufsh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I understand this is WIP but here are some comments from my side to improve the code.

@prb112 prb112 force-pushed the fix-fips-disconnected branch from 398867b to fab0c61 Compare September 17, 2025 09:30
@prb112 prb112 changed the title WIP: fix: when in fips mode and in a disconnected environment, remove the non fips openshift-install fix: when in fips mode and in a disconnected environment, remove the non fips openshift-install Sep 17, 2025
@ppc64le-cloud-bot ppc64le-cloud-bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Sep 17, 2025
@prb112 prb112 force-pushed the fix-fips-disconnected branch from fab0c61 to 93960fb Compare September 17, 2025 11:33
@ppc64le-cloud-bot ppc64le-cloud-bot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Sep 17, 2025
@prb112
Copy link
Contributor Author

prb112 commented Sep 19, 2025

Hey @yussufsh would you mind re-reviewing? Many thanks, Paul

@prb112
fix: when in fips mode and in a disconnected environment, remove the …
f049fd0 
…non fips openshift-install

Signed-off-by: Paul Bastide <pbastide@us.ibm.com>
@prb112 prb112 force-pushed the fix-fips-disconnected branch from 93960fb to f049fd0 Compare September 19, 2025 15:18
yussufsh
yussufsh reviewed Oct 7, 2025
View reviewed changes
playbooks/roles/ocp-config/tasks/extract.yaml
Comment on lines +34 to +40
- name: Extract OCP4 tools from release image ( local-registry )
when: enable_local_registry
shell: |
oc adm release extract --tools {{ release_image_override }} --registry-config='{{ ansible_env.HOME }}/.openshift/pull-secret-updated'
args:
chdir: "{{ tools_dir }}"

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see the same task just above this one. Any difference you see?

playbooks/roles/ocp-config/tasks/extract.yaml
Comment on lines +80 to +87
- name: Link openshift-install-fips to openshift-install
file:
src: "/usr/local/bin/openshift-install-fips"
dest: "/usr/local/bin/openshift-install"
state: link
when:
- fips_compliant # FIPS is enabled
- binary_check.stat.exists
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see the same task done at helpernode at https://github.com/redhat-cop/ocp4-helpernode/blob/main/tasks/main.yml#L565-L570
Don't you think this is redundant or am I missing something?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yussufsh yussufsh yussufsh left review comments

@aishwaryabk aishwaryabk Awaiting requested review from aishwaryabk

@Prajyot-Parab Prajyot-Parab Awaiting requested review from Prajyot-Parab

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

do-not-merge/non-mergeable size/S Denotes a PR that changes 10-29 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@prb112 @ppc64le-cloud-bot @yussufsh