Bug 2016267

Summary: [IPI][OSP] densed master-only installation with 0 workers fails due to missing worker security group on masters
Product: OpenShift Container Platform Reporter: OpenShift BugZilla Robot <openshift-bugzilla-robot>
Component: InstallerAssignee: Martin André <m.andre>
Installer sub component: OpenShift on OpenStack QA Contact: Itay Matza <imatza>
Status: CLOSED ERRATA Docs Contact: Olivia Payne <opayne>
Severity: low    
Priority: low CC: aos-bugs, egarcia, imatza, lmadsen, m.andre, mrunge, opayne, pprinett, swilber
Version: 4.7Keywords: Triaged
Target Milestone: ---   
Target Release: 4.9.z   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Previously, OpenShift Container Platform deployments on OpenStack failed for compact clusters with undedicated workers due to control plane nodes missing Ingress security group rules. With this update, an Ingress security group was added to OpenStack when control planes are schedulable.
 Story Points: ---
Clone Of:
: 2023363 (view as bug list) Environment:
Last Closed: 2021-11-10 21:02:40 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1955544    
Bug Blocks: 2023363    

Comment 4 Itay Matza 2021-11-03 17:36:59 UTC 
Verified in OCP 4.9.0-0.nightly-2021-11-03-043308 with Kury on top of RHOS-16.1-RHEL-8-20211007.n.1.


Verification steps:

1) Installation of OCP with 3 masters and with 0 workers finished successfully:
>$ openshift-install create cluster --dir ostest/
>time="2021-11-03T11:40:58-04:00" level=debug msg="Cluster is initialized"
>time="2021-11-03T11:40:58-04:00" level=info msg="Waiting up to 10m0s for the openshift-console route to be created..."
>time="2021-11-03T11:40:58-04:00" level=debug msg="Route found in openshift-console namespace: console"
>time="2021-11-03T11:40:58-04:00" level=debug msg="OpenShift console route is admitted"
>time="2021-11-03T11:40:58-04:00" level=info msg="Install complete!"
>time="2021-11-03T11:40:58-04:00" level=info msg="To access the cluster as the system:admin user when using 'oc', run 'export KUBECONFIG=/home/stack/ostest/auth/kubeconfig'"
>time="2021-11-03T11:40:58-04:00" level=info msg="Access the OpenShift web-console here: https://console-openshift-console.apps.ostest.shiftstack.com"
>time="2021-11-03T11:40:58-04:00" level=info msg="Login to the console with user: \"kubeadmin\", and password: \"bghQm-3s5N5-qzkao-p5UMV\""
>time="2021-11-03T11:40:58-04:00" level=debug msg="Time elapsed per stage:"
>time="2021-11-03T11:40:58-04:00" level=debug msg="                  : 2m3s"
>time="2021-11-03T11:40:58-04:00" level=debug msg="Bootstrap Complete: 14m56s"
>time="2021-11-03T11:40:58-04:00" level=debug msg="               API: 3m5s"
>time="2021-11-03T11:40:58-04:00" level=debug msg=" Bootstrap Destroy: 36s"
>time="2021-11-03T11:40:58-04:00" level=debug msg=" Cluster Operators: 10m37s"
>time="2021-11-03T11:40:58-04:00" level=info msg="Time elapsed: 29m50s"

2) Make sure the OCP cluster is operational:
>$ oc get machineset -A                                                                                                                                                          
>NAMESPACE               NAME                    DESIRED   CURRENT   READY   AVAILABLE   AGE
>openshift-machine-api   ostest-g9jwx-worker-0   0         0                             60m
>$ oc get machines -A                                                                                                                                                            
>NAMESPACE               NAME                    PHASE     TYPE        REGION      ZONE   AGE
>openshift-machine-api   ostest-g9jwx-master-0   Running   m4.xlarge   regionOne   nova   60m
>openshift-machine-api   ostest-g9jwx-master-1   Running   m4.xlarge   regionOne   nova   60m
>openshift-machine-api   ostest-g9jwx-master-2   Running   m4.xlarge   regionOne   nova   60m
>$ oc get nodes
>NAME                    STATUS   ROLES           AGE   VERSION
>ostest-g9jwx-master-0   Ready    master,worker   58m   v1.22.1+d8c4430
>ostest-g9jwx-master-1   Ready    master,worker   59m   v1.22.1+d8c4430
>ostest-g9jwx-master-2   Ready    master,worker   59m   v1.22.1+d8c4430
>$ openstack server list
>+--------------------------------------+-----------------------+--------+-------------------------------------+--------------------+--------+
>| ID                                   | Name                  | Status | Networks                            | Image              | Flavor |
>+--------------------------------------+-----------------------+--------+-------------------------------------+--------------------+--------+
>| 11716a3a-c598-479d-a603-903a724b0b6f | ostest-g9jwx-master-2 | ACTIVE | ostest-g9jwx-openshift=10.196.0.125 | ostest-g9jwx-rhcos |        |
>| d451d0cc-ba1c-43c4-82e6-9d8f24998d7f | ostest-g9jwx-master-1 | ACTIVE | ostest-g9jwx-openshift=10.196.3.178 | ostest-g9jwx-rhcos |        |
>| bc1caf81-3d60-415b-bd88-fa4d90647dd0 | ostest-g9jwx-master-0 | ACTIVE | ostest-g9jwx-openshift=10.196.2.237 | ostest-g9jwx-rhcos |        |
>+--------------------------------------+-----------------------+--------+-------------------------------------+--------------------+--------+
>$ oc get clusteroperators
>NAME                                       VERSION                             AVAILABLE   PROGRESSING   DEGRADED   SINCE   MESSAGE
>authentication                             4.9.0-0.nightly-2021-11-03-043308   True        False         False      42m     
>baremetal                                  4.9.0-0.nightly-2021-11-03-043308   True        False         False      55m     
>cloud-controller-manager                   4.9.0-0.nightly-2021-11-03-043308   True        False         False      61m     
>cloud-credential                           4.9.0-0.nightly-2021-11-03-043308   True        False         False      62m     
>cluster-autoscaler                         4.9.0-0.nightly-2021-11-03-043308   True        False         False      57m     
>config-operator                            4.9.0-0.nightly-2021-11-03-043308   True        False         False      59m     
>console                                    4.9.0-0.nightly-2021-11-03-043308   True        False         False      44m     
>csi-snapshot-controller                    4.9.0-0.nightly-2021-11-03-043308   True        False         False      58m     
>dns                                        4.9.0-0.nightly-2021-11-03-043308   True        False         False      57m     
>etcd                                       4.9.0-0.nightly-2021-11-03-043308   True        False         False      55m     
>image-registry                             4.9.0-0.nightly-2021-11-03-043308   True        False         False      48m     
>ingress                                    4.9.0-0.nightly-2021-11-03-043308   True        False         False      48m     
>insights                                   4.9.0-0.nightly-2021-11-03-043308   True        False         False      52m     
>kube-apiserver                             4.9.0-0.nightly-2021-11-03-043308   True        False         False      44m     
>kube-controller-manager                    4.9.0-0.nightly-2021-11-03-043308   True        False         False      56m     
>kube-scheduler                             4.9.0-0.nightly-2021-11-03-043308   True        False         False      56m     
>kube-storage-version-migrator              4.9.0-0.nightly-2021-11-03-043308   True        False         False      58m     
>machine-api                                4.9.0-0.nightly-2021-11-03-043308   True        False         False      53m     
>machine-approver                           4.9.0-0.nightly-2021-11-03-043308   True        False         False      57m     
>machine-config                             4.9.0-0.nightly-2021-11-03-043308   True        False         False      57m     
>marketplace                                4.9.0-0.nightly-2021-11-03-043308   True        False         False      57m     
>monitoring                                 4.9.0-0.nightly-2021-11-03-043308   True        False         False      47m     
>network                                    4.9.0-0.nightly-2021-11-03-043308   True        False         False      59m     
>node-tuning                                4.9.0-0.nightly-2021-11-03-043308   True        False         False      57m     
>openshift-apiserver                        4.9.0-0.nightly-2021-11-03-043308   True        False         False      44m     
>openshift-controller-manager               4.9.0-0.nightly-2021-11-03-043308   True        False         False      54m     
>openshift-samples                          4.9.0-0.nightly-2021-11-03-043308   True        False         False      50m     
>operator-lifecycle-manager                 4.9.0-0.nightly-2021-11-03-043308   True        False         False      57m     
>operator-lifecycle-manager-catalog         4.9.0-0.nightly-2021-11-03-043308   True        False         False      58m     
>operator-lifecycle-manager-packageserver   4.9.0-0.nightly-2021-11-03-043308   True        False         False      48m     
>service-ca                                 4.9.0-0.nightly-2021-11-03-043308   True        False         False      58m     
>storage                                    4.9.0-0.nightly-2021-11-03-043308   True        False         False      58m     

3) Create a new project with three pods.
The pods are running on the master nodes:
>$ oc get pods -n demo -o wide                                                                                                       
>NAME                    READY   STATUS    RESTARTS   AGE   IP               NODE                    NOMINATED NODE   READINESS GATES
>demo-7897db69cc-cchnd   1/1     Running   0          34m   10.128.131.178   ostest-g9jwx-master-0   <none>           <none>
>demo-7897db69cc-jwwq2   1/1     Running   0          34m   10.128.131.235   ostest-g9jwx-master-2   <none>           <none>
>demo-7897db69cc-k4gk6   1/1     Running   0          34m   10.128.131.132   ostest-g9jwx-master-1   <none>           <none>

4) Creating two workers.
Changed the replica value from 0 to 2. The two instances and the clusteroperators are up and running.
Comment 6 errata-xmlrpc 2021-11-10 21:02:40 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.9.6 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:4119