Bug 1918469

Summary: OpenShift IPI VMware installer doesn't validate VIP's IP's against the machine CIDR provided.
Product: OpenShift Container Platform Reporter: Asish CM <achakrat>
Component: InstallerAssignee: Aditya Narayanaswamy <anarayan>
Installer sub component: openshift-installer QA Contact: jima
Status: CLOSED WONTFIX Docs Contact:
Severity: low    
Priority: low CC: anarayan, bleanhar, fmarting, gpei, jima, mstaeble, osousa
Version: 4.6   
Target Milestone: ---   
Target Release: 4.8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-04-07 22:19:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Asish CM 2021-01-20 19:57:47 UTC 
Version: 4.6

Platform: Vmware
IPI 


OpenShift IPI VMware installer doesn't validate the provided VIP's (API VIP and Ingress VIP) IP whether belongs to the machine CIDR provided on install-config.yaml or not.


When VIP's outside machine CIDR is used installation fails with error "ERROR:
~~~ 
"time="2020-12-11T18:28:30Z" level=info msg="Checking whether address x.x.x.x/25 ens192 contains VIP y.y.y.y"
time="2020-12-11T18:28:30Z" level=error msg="Failed to find a suitable node IP"""
~~~



What did you expect to happen?

Openshift installer should validate the VIP's against the machine CIDR and should abort the installation with a clear error message.

How to reproduce it 

- Perform VMware IPI installation with apiVIP and ingressVIP IP's outside machine CIDR.
Comment 9 Matthew Staebler 2021-04-07 22:19:47 UTC 
The `machineNetwork` field does not appear to be set universally for vSphere installations. There does not appear to be anything in the installation or the running cluster that cares what the machine CIDR is. The installer survey does not ask the user for the machine CIDR. Consequently, the installer cannot rely on the `machineNetwork` field being set. The installer cannot validate the VIPs against the machine CIDR, if the installer cannot rely on the machine CIDR being valid.