Bug 1915998

Summary: Installer bootstrap node setting of additional subnets inconsistent with additional security groups
Product: OpenShift Container Platform Reporter: egarcia
Component: InstallerAssignee: egarcia
Installer sub component: OpenShift on OpenStack QA Contact: weiwei jiang <wjiang>
Status: CLOSED ERRATA Docs Contact:
Severity: medium    
Priority: medium CC: pprinett
Version: 4.7Keywords: UpcomingSprint
Target Milestone: ---   
Target Release: 4.7.0   
Hardware: All   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-02-24 15:53:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1917928    

Description egarcia 2021-01-13 22:16:06 UTC
The installer attaches the Control Plane's additional subnets to the bootstrap node, but not the Control Plane's additional security groups. We should set both on the bootstrap node, and update the documentation to match.

Comment 2 weiwei jiang 2021-01-21 06:58:47 UTC
Checked with 4.7.0-0.nightly-2021-01-19-095812 and it works well now.

/openshift-install 4.7.0-0.nightly-2021-01-19-095812
built from commit 0c58270fadf5683ac6e0198b1cced305badd9e6b
release image registry.ci.openshift.org/ocp/release@sha256:ac57098ad18ed07977b54b90be79dc44f34eb03e42e0be2a95963a316bcde315

$ cat install-config.yaml
---
apiVersion: v1
controlPlane:
  architecture: amd64
  hyperthreading: Enabled
  name: master
  platform:
    openstack:
      additionalNetworkIDs: &1
      - 27671b90-c2bc-483f-b783-cc856f20ee5d
      additionalSecurityGroupIDs: &2
      - 8794f45c-4f54-40a4-aadb-38d6c32e286e
  replicas: 5
compute:
- architecture: amd64
  hyperthreading: Enabled
  name: worker
  platform:
    openstack:
      additionalNetworkIDs: *1
      additionalSecurityGroupIDs: *2
      type: m1.large
  replicas: 0
...

# openstack server show wj47ios121aw-5xmlb-bootstrap
+-----------------------------+-----------------------------------------------------------------------------------+
| Field                       | Value                                                                             |
+-----------------------------+-----------------------------------------------------------------------------------+
| OS-DCF:diskConfig           | MANUAL                                                                            |
| OS-EXT-AZ:availability_zone | nova                                                                              |
| OS-EXT-STS:power_state      | Running                                                                           |
| OS-EXT-STS:task_state       | None                                                                              |
| OS-EXT-STS:vm_state         | active                                                                            |
| OS-SRV-USG:launched_at      | 2021-01-21T06:46:24.000000                                                        |
| OS-SRV-USG:terminated_at    | None                                                                              |
| accessIPv4                  |                                                                                   |
| accessIPv6                  |                                                                                   |
| addresses                   | wj47ios121aw-5xmlb-openshift=192.168.0.206, 10.0.101.173; manila_net=172.16.34.43 |
| config_drive                |                                                                                   |
| created                     | 2021-01-21T06:45:22Z                                                              |
| flavor                      | m1.xlarge (3f183920-6cba-4bfb-ab3a-599559cf0f97)                                  |
| hostId                      | eeebcc8e4019c86580556502986c0ad73c08cc9821a0a6dccd355af1                          |
| id                          | 201335fd-b3e3-482e-af69-76c32899d15b                                              |
| image                       | rhcos-47.83.202101161239-0 (a19c279f-c48a-4805-8912-1b076d13ca9d)                 |
| key_name                    | None                                                                              |
| name                        | wj47ios121aw-5xmlb-bootstrap                                                      |
| progress                    | 0                                                                                 |
| project_id                  | 542c6ebd48bf40fa857fc245c7572e30                                                  |
| properties                  | Name='wj47ios121aw-5xmlb-bootstrap', openshiftClusterID='wj47ios121aw-5xmlb'      |
| security_groups             | name='wj47ios121aw-5xmlb-master'                                                  |
|                             | name='default'                                                                    |
| status                      | ACTIVE                                                                            |
| updated                     | 2021-01-21T06:46:25Z                                                              |
| user_id                     | b414646065ab99780ef1bbcba52c07d2033a6f99fd0b10a3b1b12fcb5e5275e1                  |
| volumes_attached            |                                                                                   |
+-----------------------------+-----------------------------------------------------------------------------------+

Comment 5 errata-xmlrpc 2021-02-24 15:53:14 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633