Bug 1889620
Summary: | [Azure] - Machineset not scaling when publicIP:true in disconnected Azure enviroment | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Milind Yadav <miyadav> |
Component: | Cloud Compute | Assignee: | Danil Grigorev <dgrigore> |
Cloud Compute sub component: | Other Providers | QA Contact: | Milind Yadav <miyadav> |
Status: | CLOSED ERRATA | Docs Contact: | |
Severity: | low | ||
Priority: | low | CC: | dgrigore, jspeed, zhsun |
Version: | 4.6 | Flags: | jspeed:
needinfo-
|
Target Milestone: | --- | ||
Target Release: | 4.7.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
Cause: Disconnected installs are not compatible with the publicIP option
Consequence: When publicIP was set, machines failed to boot
Fix: Prevent users from creating machinesets in disconnected environments that also set publicIP true
Result: Users will no longer be able to create MachineSets with this invalid configuration
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-02-24 15:26:50 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1933676 |
Description
Milind Yadav
2020-10-20 08:44:52 UTC
This seems like a reasonable case to add a validation in the webhooks that prevents users from committing this configuration. I don't think I've ever set up a disconnected Azure install, not sure if we have the ability to do that, perhaps @miyadav might be able to suggest how we can do that? Do we have anything in the cluster that tells us that the cluster is using a disconnected install that we could check to understand and inform the user of this misconfiguration? Hey @miyadav. I can see the template, but the job was destroyed. Could you describe, what are the main configuration differences between standard and disconnected IPI install on Azure? Can't find documented path to install such cluster. Does the disconnected installation set anything specific on the Infrastructure resource? Otherwise it would probably not be simple to identify this kind of setup. Is it enough to set `publish: Internal` on the Install Config to get such cluster? Or it is only disabling provision for public IPs for Routes? Looking on the flexy template, on the disconnected install there is always a proxy setting. Could you please provide and example Proxy, Infrastructure and Network resources from the disconnected cluster, if they look any different from the default configuration? Looking into the cluster resources, there is one which differentiates disconnected install from a basic cluster. ``` apiVersion: config.openshift.io/v1 kind: DNS metadata: name: cluster spec: baseDomain: ci-ln-phy0rrb-002ac.ci.azure.devcluster.openshift.com privateZone: id: /subscriptions/d38f1e38-4bed-438e-b227-833f997adf6a/resourceGroups/ci-ln-phy0rrb-002ac-68m5d-rg/providers/Microsoft.Network/privateDnsZones/ci-ln-phy0rrb-002ac.ci.azure.devcluster.openshift.com publicZone: <- this field is absent in disconnected install id: /subscriptions/d38f1e38-4bed-438e-b227-833f997adf6a/resourceGroups/os4-common/providers/Microsoft.Network/dnszones/ci.azure.devcluster.openshift.com status: {} ``` Fix for this BZ is currently blocked on implementation for checking resources in webhooks - https://github.com/openshift/machine-api-operator/pull/673 @jspeed We need to merge it first Validated at : 4.7.0-0.nightly-2020-11-18-203317 Steps : Create a machineset with publicIp: true Result : Error from server (providerSpec.publicIP: Forbidden: publicIP is not allowed in Azure disconnected installation): error when creating "STDIN": admission webhook "validation.machineset.machine.openshift.io" denied the request: providerSpec.publicIP: Forbidden: publicIP is not allowed in Azure disconnected installation Additional Info: https://mastern-jenkins-csb-openshift-qe.cloud.paas.psi.redhat.com/job/Runner-v3/209885/console Moving to VERIFIED Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:5633 |