Bug 2027498

Summary:	[IBMCloud] SG Name character length limitation
Product:	OpenShift Container Platform	Reporter:	Christopher J Schaefer <cschaefe>
Component:	Installer	Assignee:	aos-install
Installer sub component:	openshift-installer	QA Contact:	Pedro Amoedo <pamoedom>
Status:	CLOSED ERRATA	Docs Contact:
Severity:	medium
Priority:	unspecified	CC:	cholman, mstaeble
Version:	4.10
Target Milestone:	---
Target Release:	4.10.0
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2022-03-10 16:30:41 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Christopher J Schaefer 2021-11-29 19:57:00 UTC

Version:
4.10


Platform:
IBM Cloud


Please specify:
IPI

What happened?
When attempting to create a new cluster using IPI on IBM Cloud, the Terraform fails to create a security group due to the character limitations for an IBM Cloud Security Group.

```
time="2021-11-29T18:05:43Z" level=debug msg="Initializing modules..."
time="2021-11-29T18:05:43Z" level=debug msg="- cis in ../../../../../tmp/openshift-install-network-644289584/cis"
time="2021-11-29T18:05:43Z" level=debug msg="- image in ../../../../../tmp/openshift-install-network-644289584/image"
time="2021-11-29T18:05:43Z" level=debug msg="- vpc in ../../../../../tmp/openshift-install-network-644289584/vpc"
time="2021-11-29T18:05:43Z" level=debug
time="2021-11-29T18:05:43Z" level=debug msg="Initializing the backend..."
time="2021-11-29T18:05:43Z" level=debug
time="2021-11-29T18:05:43Z" level=debug msg="Initializing provider plugins..."
time="2021-11-29T18:05:45Z" level=debug
time="2021-11-29T18:05:45Z" level=debug msg="Terraform has been successfully initialized!"
time="2021-11-29T18:05:45Z" level=debug
time="2021-11-29T18:05:45Z" level=debug msg="You may now begin working with Terraform. Try running \"terraform plan\" to see"
time="2021-11-29T18:05:45Z" level=debug msg="any changes that are required for your infrastructure. All Terraform commands"
time="2021-11-29T18:05:45Z" level=debug msg="should now work."
time="2021-11-29T18:05:45Z" level=debug
time="2021-11-29T18:05:45Z" level=debug msg="If you ever set or change modules or backend configuration for Terraform,"
time="2021-11-29T18:05:45Z" level=debug msg="rerun this command to reinitialize your working directory. If you forget, other"
time="2021-11-29T18:05:45Z" level=debug msg="commands will detect it and remind you to do so if necessary."
time="2021-11-29T18:05:51Z" level=debug msg="module.cis.data.ibm_cis_domain.base_domain: Refreshing state..."
time="2021-11-29T18:06:08Z" level=debug
time="2021-11-29T18:06:08Z" level=debug msg="Warning: Interpolation-only expressions are deprecated"
time="2021-11-29T18:06:08Z" level=debug
time="2021-11-29T18:06:08Z" level=debug msg="  on ../../../../../tmp/openshift-install-network-644289584/image/main.tf line 24, in resource \"ibm_iam_authorization_policy\" \"policy\":"
time="2021-11-29T18:06:08Z" level=debug msg="  24:   target_resource_instance_id = \"${element(split(\":\", var.cos_resource_instance_crn), 7)}\""
time="2021-11-29T18:06:08Z" level=debug
time="2021-11-29T18:06:08Z" level=debug msg="Terraform 0.11 and earlier required all non-constant expressions to be"
time="2021-11-29T18:06:08Z" level=debug msg="provided via interpolation syntax, but this pattern is now deprecated. To"
time="2021-11-29T18:06:08Z" level=debug msg="silence this warning, remove the \"${ sequence from the start and the }\""
time="2021-11-29T18:06:08Z" level=debug msg="sequence from the end of this expression, leaving just the inner expression."
time="2021-11-29T18:06:08Z" level=debug
time="2021-11-29T18:06:08Z" level=debug msg="Template interpolation syntax is still used to construct strings from"
time="2021-11-29T18:06:08Z" level=debug msg="expressions when the template includes multiple interpolation sequences or a"
time="2021-11-29T18:06:08Z" level=debug msg="mixture of literal strings and interpolations. This deprecation applies only"
time="2021-11-29T18:06:08Z" level=debug msg="to templates that consist entirely of a single interpolation sequence."
time="2021-11-29T18:06:08Z" level=debug
time="2021-11-29T18:06:08Z" level=error
time="2021-11-29T18:06:08Z" level=error msg="Error: \"name\" (\"ocp-dev-conformance-7-ljq57-security-group-control-plane-internal\") must contain from 1 to 63 characters "
time="2021-11-29T18:06:08Z" level=error
time="2021-11-29T18:06:08Z" level=error msg="  on ../../../../../tmp/openshift-install-network-644289584/vpc/security-groups.tf line 212, in resource \"ibm_is_security_group\" \"control_plane_internal\":"
time="2021-11-29T18:06:08Z" level=error msg=" 212: resource \"ibm_is_security_group\" \"control_plane_internal\" {"
time="2021-11-29T18:06:08Z" level=error
time="2021-11-29T18:06:08Z" level=error
time="2021-11-29T18:06:08Z" level=error msg="Failed to read tfstate: open /tmp/openshift-install-network-644289584/terraform.network.tfstate: no such file or directory"
time="2021-11-29T18:06:08Z" level=fatal msg="failed to fetch Cluster: failed to generate asset \"Cluster\": failed to create cluster: failed to apply Terraform: failed to complete the change"
```


What did you expect to happen?
Successful cluster creation


How to reproduce it (as minimally and precisely as possible)?
Using IPI on IBM Cloud, create a new  cluster with a name length of 20+ characters


Anything else we need to know?
IBM Cloud will attempt to investigate and provided a fix, when possible

Comment 2 Christopher J Schaefer 2021-12-09 15:55:53 UTC

Related PR that trimmed the SG character length, to address this issue
https://github.com/openshift/installer/pull/5455

Comment 3 Pedro Amoedo 2021-12-09 16:01:35 UTC

Thanks Christopher, linking the PR with the BZ and moving forward to VERIFIED.

Comment 4 Pedro Amoedo 2021-12-13 09:16:18 UTC

Linking also secondary PR[1] with references cleanup that were initially missed, thanks Christopher.

[1] - https://github.com/openshift/installer/pull/5472

Comment 7 errata-xmlrpc 2022-03-10 16:30:41 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0056