Bug 2055247

Summary: [Azure] Fail to create master nodes with dcasv5 /dcadsv5 -series Confidential Virtual Machine
Product: OpenShift Container Platform Reporter: MayXu <maxu>
Component: InstallerAssignee: John Hixson <jhixson>
Installer sub component: openshift-installer QA Contact: MayXu <maxu>
Status: CLOSED ERRATA Docs Contact: Mike Pytlak <mpytlak>
Severity: low    
Priority: low CC: mpytlak, padillon
Version: 4.10Flags: maxu: needinfo-
maxu: needinfo-
maxu: needinfo-
Target Milestone: ---   
Target Release: 4.12.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
* Previously, installing a cluster on Microsoft Azure failed when the Azure DCasv5-series or DCadsv5-series of confidential VMs were specified as control plane nodes. With this update, the installation program now stops the installation with an error, which states that confidential VMs are not yet supported. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2055247[*BZ#2055247*])
 Story Points: ---
Clone Of: Environment:
Last Closed: 2023-01-17 19:47:08 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description MayXu 2022-02-16 14:03:51 UTC 
Version:
4.10

$ openshift-install version
4.10.0-rc.2-x86_64

Platform:
Azure

Please specify:
* IPI 
* UPI 

What happened?
Fail to create master nodes with dcasv5 /dcadsv5 -series Confidential Virtual Machine

How reproducible:
Always

Steps to Reproduce:
Test on westus region, specify the master machine type with Standard_DC8ads_v5 or Standard_DC8as_v5

IPI install get the error: 
compute.VirtualMachinesClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="BadRequest" Message="The VM size 'Standard_DC8ads_v5' is not supported for creation of VMs and Virtual Machine Scale Set with '<NULL>' security type.

UPI install get the error:
[{"code":"BadRequest","message":"{\r\n  \"error\": {\r\n    \"code\": \"BadRequest\",\r\n    \"message\": \"The VM size 'Standard_DC8as_v5' is not supported for creation of VMs and Virtual Machine Scale Set with '<NULL>' security type.\"\r\n  }\r\n}"},{"code":"BadRequest","message":"{\r\n  \"error\": {\r\n    \"code\": \"BadRequest\",\r\n    \"message\": \"The VM size 'Standard_DC8as_v5' is not supported for creation of VMs and Virtual Machine Scale Set with '<NULL>' security type.\"\r\n  }\r\n}"},{"code":"BadRequest","message":"{\r\n  \"error\": {\r\n    \"code\": \"BadRequest\",\r\n    \"message\": \"The VM size 'Standard_DC8as_v5' is not supported for creation of VMs and Virtual Machine Scale Set with '<NULL>' security type.\"\r\n  }\r\n}"}]

Expected results:
Install successfully or prompt the invalid vm type early.

Ref : https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview#os-support
Confidential VMs support the following VM sizes:
DCasv5-series
DCadsv5-series
ECasv5-series
ECadsv5-series
OS support
Confidential VMs support the following OS options:
Ubuntu 20.04 LTS
Windows Server 2019
Windows Server 2022
Comment 1 Patrick Dillon 2022-03-01 18:28:46 UTC 
We could potentially validate this class of confidential machines.
Comment 2 MayXu 2022-05-17 10:29:18 UTC 
test with registry.ci.openshift.org/ocp/release:4.11.0-0.nightly-2022-05-11-054135

creating Linux Virtual Machine: (Name "maxu-5-ql4gb-bootstrap" / Resource Group "maxu-5-ql4gb-rg"): compute.VirtualMachinesClient#CreateOrUpdate: Failure sending 
request: StatusCode=400 -- Original Error: Code="BadRequest" Message="The VM size 'Standard_DC8as_v5' is not supported for creation of VMs and Virtual Machine Scale Set with '<NULL>' security type."
Comment 3 John Hixson 2022-08-04 23:48:11 UTC 
I've submitted a pull request to error when this class of machines is specified: https://github.com/openshift/installer/pull/6203

This requires feature work. I have created a card to track that here: https://issues.redhat.com/browse/CORS-2231

If you have any additional input, please let me know!
Comment 6 MayXu 2022-09-26 04:09:47 UTC 
verified on registry.ci.openshift.org/ocp/release:4.12.0-0.nightly-2022-09-25-071630
vm_type_masters: 'Standard_DC8ads_v5'

vm_type_masters: 'Standard_DC8ads_v5'
vm_type_workers: 'Standard_DC4as_v5'
level=error msg=failed to fetch Master Machines: failed to load asset "Install Config": failed to create install config: [controlPlane.platform.azure.type: Invalid value: "Standard_DC8ads_v5": standardDCADSv5Family is not currently supported but will be in a future release, compute[0].platform.azure.type: Invalid value: "Standard_DC4as_v5": standardDCASv5Family is not currently supported but will be in a future release]


vm_type_masters: 'Standard_DC8as_v5'
vm_type_workers: 'Standard_DC4ads_v5'
level=error msg=failed to fetch Master Machines: failed to load asset "Install Config": failed to create install config: [controlPlane.platform.azure.type: Invalid value: "Standard_DC8as_v5": standardDCASv5Family is not currently supported but will be in a future release, compute[0].platform.azure.type: Invalid value: "Standard_DC4ads_v5": standardDCADSv5Family is not currently supported but will be in a future release]
Comment 11 errata-xmlrpc 2023-01-17 19:47:08 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.12.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:7399