Bug 1867165

Summary: Cannot assign static address to baremetal install bootstrap vm
Product: OpenShift Container Platform Reporter: Lars Kellogg-Stedman <lars>
Component: InstallerAssignee: Stephen Benjamin <stbenjam>
Installer sub component: OpenShift on Bare Metal IPI QA Contact: Ori Michaeli <omichael>
Status: CLOSED ERRATA Docs Contact:
Severity: high    
Priority: high CC: beth.white, racedoro, rbartal, shardy, stbenjam
Version: 4.5Keywords: Triaged
Target Milestone: ---   
Target Release: 4.7.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
You can now specify the mac address used by the baremetal IPI bootstrap virtual machine, which allows creating static DHCP reservations for the bootstrap host.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-02-24 15:15:21 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Lars Kellogg-Stedman 2020-08-07 14:42:00 UTC 
Description of problem:

I am working with the Massachusetts Open Cloud project at Boston University to prototype an OpenShift baremetal + CNV cluster.

The openshift-baremetal-installer spawns a bootstrap vm on the provisioning host to manage the install process. The bootstrap vm has a randomly generated MAC address and there is no provision for passing in a static address configuration via the install configuration. This leads to the following problems:

- Our initial deployment was on a network with no dynamic address pool (all hosts must have static reservations). Since the bootstrap vm uses a generated MAC address, it's not possible to create a static reservation.

  We attempted to work around this issue by passing in a static address configuration using Ignition, but the design of the coreos image means that if it is unable to configure an address via DHCP it will fail to boot before it has a chance to apply the ignition profile.

  Our workaround was to create a small dynamic address pool explicitly for use by the bootstrap vm, but this may not be a viable solution in all environments.

- The environment requires specific firewall exceptions for access to the IPMI network. With a dynamic address pool on the baremetal network, we cannot create the necessary firewall exception because there's no way to predict the address that will be assigned to the bootstrap vm.

Ideally, there would be a way to provide a static address configuration for the bootstrap vm via install_config.yaml.

Version-Release number of selected component (if applicable):

OpenShift 4.4 and 4.5
Comment 6 Ori Michaeli 2020-11-22 20:35:19 UTC 
Verified with registry.svc.ci.openshift.org/ocp/release:4.7.0-0.nightly-2020-11-22-123106.
Comment 9 errata-xmlrpc 2021-02-24 15:15:21 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633