Created attachment 1539418 [details]
Description of problem:
When set the vxlanPort to another port,eg 4889 in NetworkConfig yaml file, and then setup the cluster. it cannot be installed successfully and the apiserver pod cannot be running due to the Security Group in AWS did not open this port.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Create the install config
./openshift-install create install-config
2.Create the manifests
./openshift-install create manifests
3. Add the following file in /manifest/cluster-network-03-config.yml
- cidr: 10.128.0.0/14
4. setup the cluster
./openshift-install create cluster --log-level=debug
5. Check the apiserver cannot be running stable
the cluster cannot be setup successfully.
The cluster can be setup successfully when set the vxlanPort to another port
the reason is the 4789 had been hard code in openshift-install. when I updated the port to 4889 in Security Group during the installation. the cluster can be setup successfully.
sorry, I forgot update the vxlanPort in /manifest/cluster-network-03-config.yml. the correct one:
- cidr: 10.128.0.0/14
sorry, should be vxlanPort: 4889(In reply to zhaozhanqi from comment #1)
> sorry, I forgot update the vxlanPort in
> /manifest/cluster-network-03-config.yml. the correct one:
> apiVersion: networkoperator.openshift.io/v1
> kind: NetworkConfig
> name: cluster
> - cidr: 10.128.0.0/14
> hostPrefix: 23
> mode: Multitenant
> vxlanPort: 4789
> type: OpenshiftSDN
> - 172.30.0.0/16
sorry, should be vxlanPort: 4889
Ah, of course. This makes sense, because we set up a security group that blocks most ports between nodes in the installer.
And we block *all* other UDP connections. So... you won't actually be able to test this without hacking the security group rules.
Filed PR https://github.com/openshift/installer/pull/1334 to allow UDP ports as well. Then this will be testable.
Assigning this to 4.1 - we don't need it for AWS.
I made a small change to the installer - you can now try ports 9000-9999 for vxlan.
verified this bug on 4.0.0-0.nightly-2019-03-13-233958
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.