OpenShift Container Storage or OpenShift Data Foundations installation in Azure will fail if using a security policy that does not allow TLS 1.0 or Secure Transport to be disabled
Environment
- OpenShift Container Storage
- 4.6
- 4.7
- OpenShift Data Foundations
- 4.8
Issue
- When installing OpenShift Container Storage or OpenShift Data Foundations on an OpenShift Container Platform cluster in Azure, the installation will fail if the user is running a security policy that does not allow TLS 1.0 or Secure Transport to be disabled
Resolution
-
Red Hat is aware of this issue and it is currently been worked on in BZ-1970123
-
As a workaround, the default StorageAccount can be deleted and a new StorageAccount created, allowing TLS 1.2
Root Cause
- A security policy preventing StorageAccount from having "TLS 1.0 or Secure Transport Disabled"
Diagnostic Steps
- Upon failure, check yaml output for status.conditions
Example:
message: >-
failed to start creating storage account: storage.AccountsClient#Create:
Failure sending request: StatusCode=403 -- Original Error:
Code="RequestDisallowedByPolicy" Message="Resource 'noobaaaccountgjuge'
was disallowed by policy.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments