Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1613438

Summary: OpenShift on OpenStack Ansible Installer creates CNS security group when openshift_openstack_num_cns is set to zero
Product: OpenShift Container Platform Reporter: rlopez
Component: InstallerAssignee: aos-install
Installer sub component: openshift-installer QA Contact: Gaoyun Pei <gpei>
Status: CLOSED ERRATA Docs Contact:
Severity: medium    
Priority: medium CC: aos-bugs, gcheresh, jokerman, mmccomas, rlopez, tzumainn, vrutkovs, wsun
Version: 3.10.0   
Target Milestone: ---   
Target Release: 3.11.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 3.11 Doc Type: Bug Fix
Doc Text:
Cause: The Openshift Ansible Installer did not check if any CNS are created before creating a security group. Consequence: It would create a security group for CNS even when there were none created. Fix: The Openshift Ansible Installer checks that openshift_openstack_num_cns is greater than zero before creating a security group for CNS. Result: CNS security groups are only created when there is at least one CNS created
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-01-10 09:03:58 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description rlopez 2018-08-07 14:28:05 UTC 
Description of problem:

During the provisioning process, the openshift ansible installer creates a security group labeled: "openshift-ansible-openshift.example.com-cns-secgrp" , even though no CNS is used during the deployment. 

Can we set a flag not to create the security group if the variable "openshift_openstack_num_cns" within all.yml is set to zero?
Comment 1 Tzu-Mainn Chen 2018-09-14 15:27:18 UTC 
https://github.com/openshift/openshift-ansible/pull/10081
Comment 2 Vadim Rutkovsky 2018-10-12 11:03:18 UTC 
3.11 cherrypick - https://github.com/openshift/openshift-ansible/pull/10391
Comment 3 Vadim Rutkovsky 2018-10-15 09:10:17 UTC 
Fix is available in openshift-ansible-3.11.23-1
Comment 4 egarcia 2018-10-22 12:40:17 UTC 
https://github.com/openshift/openshift-ansible/pull/10081
Comment 5 egarcia 2018-10-29 13:52:14 UTC 
A patch has been merged.
Comment 7 Wei Sun 2018-11-06 05:50:37 UTC 
Please help check if this bug could be verified,thanks!
Comment 10 errata-xmlrpc 2019-01-10 09:03:58 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0024