Skip to content

Commit

Permalink
docs: document the rhel fips known issue (#3043)
Browse files Browse the repository at this point in the history 
* docs: document the rhel fips known issue

* remove accidental commit

* restore release notes

* docs: remove accidental change

* docs: add windows key combination

* Update docs/docs-content/troubleshooting/edge.md

* docs: add entry to global known issues

* docs: fix crosslink

---------

Co-authored-by: Lenny Chen <[email protected]>
  • Loading branch information
@lennessyy
lennessyy and lennessyy authored Jun 11, 2024
1 parent d8b4b73 commit aea858e
Show file tree
Hide file tree
Showing 4 changed files with 39 additions and 1 deletion.
10 changes: 10 additions & 0 deletions docs/docs-content/clusters/edge/edgeforge-workflow/palette-canvos/fips.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,16 @@ image with.

<TabItem label="Red Hat Enterprise Linux" value="rhel">

:::warning

When you create a cluster with an Edge host that operates the FIPS-compliant RHEL Operating System (OS), you may
encounter an error where the `systemd-resolved.service` service enters the **failed** state. This prevents the
nameserver from being configured, which will result in cluster deployment failure. Refer to
[TroubleShooting](../../../../troubleshooting/edge.md#scenario---systemd-resolvedservice-enters-failed-state) for a
workaround.

:::

5. Change into the **rhel-fips** directory.

6. In the file **Dockerfile**, provide your RHEL subscription username and password.
Expand Down
1 change: 1 addition & 0 deletions docs/docs-content/release-notes/known-issues.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ The following table lists all known issues that are currently active and affecti
| Description | Workaround | Publish Date | Product Component |
| ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------- | ----------------- |
| The VerteX enterprise cluster is unable to complete backup operations. | No workaround is available. | June 15, 2024 | VerteX |
| Edge hosts with FIPS-compliant RHEL Operating System (OS) distribution may encounter the error where the `systemd-resolved.service` service enters the **failed** state. This prevents the nameserver from being configured, which will result in cluster deployment failure. | Refer to [TroubleShooting](../troubleshooting/edge.md#scenario---systemd-resolvedservice-enters-failed-state) for a workaround. | June 15, 2024 | Edge |
| The GKE cluster's Kubernetes pods are failing to start because the Kubernetes patch version is unavailable. This is encountered during pod restarts or node scaling operations. | Deploy a new cluster and use a GKE cluster profile that does not contain a Kubernetes pack layer with a patch version. Migrate the workloads from the existing cluster to the new cluster. This is a breaking change introduced in Palette 4.4.0 | June 15, 2024 | Packs, Clusters |
| An issue prevents RKE2 and Palette eXtended Kubernetes (PXK) on version 1.29.4 from operating correctly with Canonical MAAS. | A temporary workaround is using a version lower than 1.29.4 when using MAAS. | June 15, 2024 | Packs, Clusters |
| [MicroK8s](../integrations/microk8s.md) does not support multi-node control plane clusters. The upgrade strategy, `InPlaceUpgrade`, is the only option available for use. | No workaround is available. | June 15, 2024 | Packs |
Expand Down
5 changes: 5 additions & 0 deletions docs/docs-content/release-notes/release-notes.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,11 @@ features and improvements.
successful. For more information about key enrollment, refer to
[Enroll Trusted Boot Keys in Edge Host](../clusters/edge/trusted-boot/deployment-day2/install.md#enroll-secure-boot-keys-into-edge-device).

- Edge hosts with FIPS-compliant RHEL Operating System (OS) distribution may encounter the error where the
`systemd-resolved.service` service enters the **failed** state. This prevents the nameserver from being configured,
which will result in cluster deployment failure. Refer to
[TroubleShooting](../troubleshooting/edge.md#scenario---systemd-resolvedservice-enters-failed-state) for a workaround.

### Edge

#### Features
Expand Down
24 changes: 23 additions & 1 deletion docs/docs-content/troubleshooting/edge.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ The following are common scenarios that you may encounter when using Edge.

If you need to override or reconfigure the read-only file system, you can do so using the following steps.

## Debug Steps
### Debug Steps

1. Power on the Edge host.

Expand Down Expand Up @@ -136,3 +136,25 @@ issues or not being available. Use the following steps to troubleshoot and resol

7. If you continue to encounter issues, contact our support team by emailing
[[email protected]](mailto:[email protected]) so that we can provide you with further guidance.

## Scenario - systemd-resolved.service Enters Failed State

When you create a cluster with an Edge host that operates the FIPS-compliant RHEL Operating System (OS), you may
encounter an error where the `systemd-resolved.service` process enters the **failed** state. This prevents the
nameserver from being configured, which will result in cluster deployment failure.

### Debug Steps

1. Establish an SSH connection to the Edge host.

Alternatively, press the keys **Fn + Ctrl +Cmd + F1** on a keyboard that is connected to the Edge host to log in to
the terminal. If you are on Windows, press **Fn + Ctrl + Alt + F1**.

2. Issue the following command.

```shell
chmod a+rwxt /var/tmp
systemctl enable --now systemd-resolved.service
```

This will start the `systemd-resolved.service` process and move the cluster creation process forward.

0 comments on commit aea858e

Please sign in to comment.