The installer attaches the Control Plane's additional subnets to the bootstrap node, but not the Control Plane's additional security groups. We should set both on the bootstrap node, and update the documentation to match.
Checked with 4.7.0-0.nightly-2021-01-19-095812 and it works well now. /openshift-install 4.7.0-0.nightly-2021-01-19-095812 built from commit 0c58270fadf5683ac6e0198b1cced305badd9e6b release image registry.ci.openshift.org/ocp/release@sha256:ac57098ad18ed07977b54b90be79dc44f34eb03e42e0be2a95963a316bcde315 $ cat install-config.yaml --- apiVersion: v1 controlPlane: architecture: amd64 hyperthreading: Enabled name: master platform: openstack: additionalNetworkIDs: &1 - 27671b90-c2bc-483f-b783-cc856f20ee5d additionalSecurityGroupIDs: &2 - 8794f45c-4f54-40a4-aadb-38d6c32e286e replicas: 5 compute: - architecture: amd64 hyperthreading: Enabled name: worker platform: openstack: additionalNetworkIDs: *1 additionalSecurityGroupIDs: *2 type: m1.large replicas: 0 ... # openstack server show wj47ios121aw-5xmlb-bootstrap +-----------------------------+-----------------------------------------------------------------------------------+ | Field | Value | +-----------------------------+-----------------------------------------------------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | nova | | OS-EXT-STS:power_state | Running | | OS-EXT-STS:task_state | None | | OS-EXT-STS:vm_state | active | | OS-SRV-USG:launched_at | 2021-01-21T06:46:24.000000 | | OS-SRV-USG:terminated_at | None | | accessIPv4 | | | accessIPv6 | | | addresses | wj47ios121aw-5xmlb-openshift=192.168.0.206, 10.0.101.173; manila_net=172.16.34.43 | | config_drive | | | created | 2021-01-21T06:45:22Z | | flavor | m1.xlarge (3f183920-6cba-4bfb-ab3a-599559cf0f97) | | hostId | eeebcc8e4019c86580556502986c0ad73c08cc9821a0a6dccd355af1 | | id | 201335fd-b3e3-482e-af69-76c32899d15b | | image | rhcos-47.83.202101161239-0 (a19c279f-c48a-4805-8912-1b076d13ca9d) | | key_name | None | | name | wj47ios121aw-5xmlb-bootstrap | | progress | 0 | | project_id | 542c6ebd48bf40fa857fc245c7572e30 | | properties | Name='wj47ios121aw-5xmlb-bootstrap', openshiftClusterID='wj47ios121aw-5xmlb' | | security_groups | name='wj47ios121aw-5xmlb-master' | | | name='default' | | status | ACTIVE | | updated | 2021-01-21T06:46:25Z | | user_id | b414646065ab99780ef1bbcba52c07d2033a6f99fd0b10a3b1b12fcb5e5275e1 | | volumes_attached | | +-----------------------------+-----------------------------------------------------------------------------------+
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:5633