Bug 1915998 - Installer bootstrap node setting of additional subnets inconsistent with additional security groups
Summary: Installer bootstrap node setting of additional subnets inconsistent with addi...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 4.7
Hardware: All
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.7.0
Assignee: egarcia
QA Contact: weiwei jiang
URL:
Whiteboard:
Depends On:
Blocks: 1917928
TreeView+ depends on / blocked
 
Reported: 2021-01-13 22:16 UTC by egarcia
Modified: 2021-02-24 15:53 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-02-24 15:53:14 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift installer pull 4551 0 None closed Bug 1915998: Set Additional Control Plane Security Groups on Bootstrap Node 2021-02-17 12:17:16 UTC
Red Hat Product Errata RHSA-2020:5633 0 None None None 2021-02-24 15:53:39 UTC

Description egarcia 2021-01-13 22:16:06 UTC
The installer attaches the Control Plane's additional subnets to the bootstrap node, but not the Control Plane's additional security groups. We should set both on the bootstrap node, and update the documentation to match.

Comment 2 weiwei jiang 2021-01-21 06:58:47 UTC
Checked with 4.7.0-0.nightly-2021-01-19-095812 and it works well now.

/openshift-install 4.7.0-0.nightly-2021-01-19-095812
built from commit 0c58270fadf5683ac6e0198b1cced305badd9e6b
release image registry.ci.openshift.org/ocp/release@sha256:ac57098ad18ed07977b54b90be79dc44f34eb03e42e0be2a95963a316bcde315

$ cat install-config.yaml
---
apiVersion: v1
controlPlane:
  architecture: amd64
  hyperthreading: Enabled
  name: master
  platform:
    openstack:
      additionalNetworkIDs: &1
      - 27671b90-c2bc-483f-b783-cc856f20ee5d
      additionalSecurityGroupIDs: &2
      - 8794f45c-4f54-40a4-aadb-38d6c32e286e
  replicas: 5
compute:
- architecture: amd64
  hyperthreading: Enabled
  name: worker
  platform:
    openstack:
      additionalNetworkIDs: *1
      additionalSecurityGroupIDs: *2
      type: m1.large
  replicas: 0
...

# openstack server show wj47ios121aw-5xmlb-bootstrap
+-----------------------------+-----------------------------------------------------------------------------------+
| Field                       | Value                                                                             |
+-----------------------------+-----------------------------------------------------------------------------------+
| OS-DCF:diskConfig           | MANUAL                                                                            |
| OS-EXT-AZ:availability_zone | nova                                                                              |
| OS-EXT-STS:power_state      | Running                                                                           |
| OS-EXT-STS:task_state       | None                                                                              |
| OS-EXT-STS:vm_state         | active                                                                            |
| OS-SRV-USG:launched_at      | 2021-01-21T06:46:24.000000                                                        |
| OS-SRV-USG:terminated_at    | None                                                                              |
| accessIPv4                  |                                                                                   |
| accessIPv6                  |                                                                                   |
| addresses                   | wj47ios121aw-5xmlb-openshift=192.168.0.206, 10.0.101.173; manila_net=172.16.34.43 |
| config_drive                |                                                                                   |
| created                     | 2021-01-21T06:45:22Z                                                              |
| flavor                      | m1.xlarge (3f183920-6cba-4bfb-ab3a-599559cf0f97)                                  |
| hostId                      | eeebcc8e4019c86580556502986c0ad73c08cc9821a0a6dccd355af1                          |
| id                          | 201335fd-b3e3-482e-af69-76c32899d15b                                              |
| image                       | rhcos-47.83.202101161239-0 (a19c279f-c48a-4805-8912-1b076d13ca9d)                 |
| key_name                    | None                                                                              |
| name                        | wj47ios121aw-5xmlb-bootstrap                                                      |
| progress                    | 0                                                                                 |
| project_id                  | 542c6ebd48bf40fa857fc245c7572e30                                                  |
| properties                  | Name='wj47ios121aw-5xmlb-bootstrap', openshiftClusterID='wj47ios121aw-5xmlb'      |
| security_groups             | name='wj47ios121aw-5xmlb-master'                                                  |
|                             | name='default'                                                                    |
| status                      | ACTIVE                                                                            |
| updated                     | 2021-01-21T06:46:25Z                                                              |
| user_id                     | b414646065ab99780ef1bbcba52c07d2033a6f99fd0b10a3b1b12fcb5e5275e1                  |
| volumes_attached            |                                                                                   |
+-----------------------------+-----------------------------------------------------------------------------------+

Comment 5 errata-xmlrpc 2021-02-24 15:53:14 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633


Note You need to log in before you can comment on or make changes to this bug.