Bug 1613438 - OpenShift on OpenStack Ansible Installer creates CNS security group when openshift_openstack_num_cns is set to zero
Summary: OpenShift on OpenStack Ansible Installer creates CNS security group when open...
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 3.10.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 3.11.z
Assignee: aos-install
QA Contact: Gaoyun Pei
Depends On:
TreeView+ depends on / blocked
Reported: 2018-08-07 14:28 UTC by rlopez
Modified: 2021-07-21 18:20 UTC (History)
8 users (show)

Fixed In Version: 3.11
Doc Type: Bug Fix
Doc Text:
Cause: The Openshift Ansible Installer did not check if any CNS are created before creating a security group. Consequence: It would create a security group for CNS even when there were none created. Fix: The Openshift Ansible Installer checks that openshift_openstack_num_cns is greater than zero before creating a security group for CNS. Result: CNS security groups are only created when there is at least one CNS created
Clone Of:
Last Closed: 2019-01-10 09:03:58 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2019:0024 0 None None None 2019-01-10 09:04:05 UTC

Description rlopez 2018-08-07 14:28:05 UTC
Description of problem:

During the provisioning process, the openshift ansible installer creates a security group labeled: "openshift-ansible-openshift.example.com-cns-secgrp" , even though no CNS is used during the deployment. 

Can we set a flag not to create the security group if the variable "openshift_openstack_num_cns" within all.yml is set to zero?

Comment 2 Vadim Rutkovsky 2018-10-12 11:03:18 UTC
3.11 cherrypick - https://github.com/openshift/openshift-ansible/pull/10391

Comment 3 Vadim Rutkovsky 2018-10-15 09:10:17 UTC
Fix is available in openshift-ansible-3.11.23-1

Comment 5 egarcia 2018-10-29 13:52:14 UTC
A patch has been merged.

Comment 7 Wei Sun 2018-11-06 05:50:37 UTC
Please help check if this bug could be verified,thanks!

Comment 10 errata-xmlrpc 2019-01-10 09:03:58 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.