Bug 1987848 - OpenStack IPI on provider network enforces unnecessary quotas
Summary: OpenStack IPI on provider network enforces unnecessary quotas
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 4.8
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.8.z
Assignee: Emilien Macchi
QA Contact: Itay Matza
URL:
Whiteboard:
: 1988464 1989279 (view as bug list)
Depends On: 1987845
Blocks: 1988464
TreeView+ depends on / blocked
 
Reported: 2021-07-29 16:31 UTC by Andrew Collins
Modified: 2021-09-07 04:14 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-09-07 04:14:05 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift installer pull 5122 0 None None None 2021-08-02 20:29:12 UTC
Red Hat Knowledge Base (Solution) 6275401 0 None None None 2021-08-23 12:02:18 UTC
Red Hat Product Errata RHBA-2021:3299 0 None Closed CVE-2020-16135, CVE-2021-3634 - Fix availability timeline 2022-05-11 05:24:02 UTC

Description Andrew Collins 2021-07-29 16:31:57 UTC
Thanks for opening a bug report!
Before hitting the button, please fill in as much of the template below as you can.
If you leave out information, it's harder to help you.
Be ready for follow-up questions, and please respond in a timely manner.
If we can't reproduce a bug we might close your issue.
If we're wrong, PLEASE feel free to reopen it and explain why.

Version:

$ openshift-install version
openshift-install 4.8.2
built from commit a5ddd2dd6c72d8a5ea0a5f17acd8b964b6a3d1be
release image quay.io/openshift-release-dev/ocp-release@sha256:0e82d17ababc79b10c10c5186920232810aeccbccf2a74c691487090a2c98ebc

Platform:

openstack with provider network

Please specify:
* IPI

What happened?

When I run openshift-install, quota validation fails when routers, networks, subnet quota of `1` is not met, even though these are not required when running with provider networks.

I tried to bypass the checks using the environment variable.
Installer recognizes the variable and prints the warning, but does not actually bypass the quota check.

```
[16:17:41 root@idev-rtp-05-controller ~ kubeconfig]# export OPENSHIFT_INSTALL_SKIP_PREFLIGHT_VALIDATIONS=1
[16:17:57 root@idev-rtp-05-controller ~ kubeconfig]#  openshift-install --dir ose4 create cluster
WARNING OVERRIDE: pre-flight validation disabled.    
INFO Credentials loaded from file "/root/clouds.yaml" 
INFO Consuming Install Config from target directory 
INFO Obtaining RHCOS image file from 'https://rhcos-redirector.apps.art.xq1c.p1.openshiftapps.com/art/storage/releases/rhcos-4.8/48.84.202106091622-0/x86_64/rhcos-48.84.202106091622-0-openstack.x86_64.qcow2.gz?sha256=2efc7539f200ffea150272523a9526ba393a9a0b8312b40031b13bfdeda36fde' 
INFO The file was found in cache: /root/.cache/openshift-installer/image_cache/rhcos-48.84.202106091622-0-openstack.x86_64.qcow2. Reusing... 
FATAL failed to fetch Cluster: failed to fetch dependency of "Cluster": failed to generate asset "Platform Quota Check": error(MissingQuota): Router is not available because the required number of resources (1) is more than the limit of 0, Subnet is not available because the required number of resources (1) is more than the limit of 0, Network is not available because the required number of resources (1) is more than the limit of 0 
```

What did you expect to happen?

I expect the installer to not require quota for resources that aren't used in the case of provider networks.
I expect the bypass flag to actually work and allow me to get around not having the quota required.

How to reproduce it (as minimally and precisely as possible)?

Have an openstack project with 0 quota allocated for Subnet, Router, and Network.
Run:
$ export OPENSHIFT_INSTALL_SKIP_PREFLIGHT_VALIDATIONS=1
$ openshift-install --dir ose4 create cluster

Comment 1 Martin André 2021-08-03 07:17:03 UTC
*** Bug 1989279 has been marked as a duplicate of this bug. ***

Comment 2 Martin André 2021-08-03 07:18:45 UTC
*** Bug 1988464 has been marked as a duplicate of this bug. ***

Comment 6 Itay Matza 2021-09-01 06:12:48 UTC
On openstack puddle version RHOS-16.1-RHEL-8-20210818.n.0.

Verified successfully on openshift-install version:
openshift-install 4.8.0-0.nightly-2021-08-29-075226
built from commit c06e9b1562ccb76ac23163fb8db35f231ead6e97
release image registry.ci.openshift.org/ocp/release@sha256:33babda563bfec62c30e731eb5f5c167123740206a8b9676578fe1bba6bc9038


Using provider network:
>$ openstack network list
>+--------------------------------------+-------------------+--------------------------------------+
>| ID                                   | Name              | Subnets                              |
>+--------------------------------------+-------------------+--------------------------------------+
>| 684d4e5e-f51a-451d-8750-684799f641a3 | provider-net-flat | da4829c7-a75c-43e9-a6f8-1a65c7b32658 |
>+--------------------------------------+-------------------+--------------------------------------+


Verified on Kuryer:
>$ grep type install-config.yaml
>type: "Kuryr"
>$ openstack quota set shiftstack --subnets 250 --networks 250 --routers 0
>$ openstack quota show shiftstack | grep "subnets\|routers\|networks"
>| networks              | 250 |
>| routers               | 0   |
>| subnets               | 250 |
>$ openshift-install create cluster --dir ostest/
>INFO Credentials loaded from file "/home/stack/clouds.yaml" 
>INFO Consuming Install Config from target directory 
>INFO Obtaining RHCOS image file from 'https://releases-art-rhcos.svc.ci.openshift.org/art/storage/releases/rhcos-4.8/48.84.202106301921-0/x86_64/rhcos-48.84.202106301921-0-openstack.x86_64.qcow2.gz?sha256=5a75df7b4d4dc1861093e520187a133eda3439019f280dc6e2f57edf70eb089d' 
>INFO The file was found in cache: /home/stack/.cache/openshift-installer/image_cache/rhcos-48.84.202106301921-0-openstack.x86_64.qcow2. Reusing... 
>WARNING Following quotas RAM, Router, Subnet, SecurityGroupRule, Port, Network, SecurityGroup are available but will be completely used pretty soon. 
>INFO Creating infrastructure resources...         


Verified on other types of networks:
>$ grep type install-config.yaml
>  type: "OpenShiftSDN"
>$ openstack quota set shiftstack --subnets 0 --networks 0 --routers 0
>$ openstack quota show shiftstack | grep "subnets\|routers\|networks"
>| networks              | 0  |
>| routers               | 0  |
>| subnets               | 0  |
>$ openshift-install create cluster --dir ostest/
>INFO Credentials loaded from file "/home/stack/clouds.yaml" 
>INFO Consuming Install Config from target directory 
>INFO Obtaining RHCOS image file from 'https://releases-art-rhcos.svc.ci.openshift.org/art/storage/releases/rhcos-4.8/48.84.202106301921-0/x86_64/rhcos-48.84.202106301921-0-openstack.x86_64.qcow2.gz?sha256=5a75df7b4d4dc1861093e520187a133eda3439019f280dc6e2f57edf70eb089d' 
>INFO The file was found in cache: /home/stack/.cache/openshift-installer/image_cache/rhcos-48.84.202106301921-0-openstack.x86_64.qcow2. Reusing... 
>WARNING Following quotas Router, RAM are available but will be completely used pretty soon. 
>INFO Creating infrastructure resources...         


Verified that OPENSHIFT_INSTALL_SKIP_PREFLIGHT_VALIDATIONS=1 skips quota checks (pre-flight validation disabled):
>$ grep type install-config.yaml
>  type: "Kuryr"
>$ openstack quota set shiftstack --subnets 200 --networks 200 --routers 0
>$ openstack quota show shiftstack | grep "subnets\|routers\|networks"
>| networks              | 200
>| routers               | 0
>| subnets               | 200

>$ openshift-install create cluster --dir ostest/
>INFO Credentials loaded from file "/home/stack/clouds.yaml"
>INFO Consuming Install Config from target directory
>INFO Obtaining RHCOS image file from 'https://releases-art-rhcos.svc.ci.openshift.org/art/storage/releases/rhcos-4.8/48.84.202106301921-0/x86_64/rhcos-48.84.202106301921-0-openstack.x86_64.qcow2.gz?sha256=5a75df
>7b4d4dc1861093e520187a133eda3439019f280dc6e2f57edf70eb089d'
>INFO The file was found in cache: /home/stack/.cache/openshift-installer/image_cache/rhcos-48.84.202106301921-0-openstack.x86_64.qcow2. Reusing...
>FATAL failed to fetch Cluster: failed to fetch dependency of "Cluster": failed to generate asset "Platform Quota Check": error(MissingQuota): Subnet is not available because the required number of resources (249) is more than the limit of 199, Network is not available because the required number of resources (249) is more than the limit of 199

>$ export OPENSHIFT_INSTALL_SKIP_PREFLIGHT_VALIDATIONS=1
>$ openshift-install create cluster --dir ostest/
>WARNING OVERRIDE: pre-flight validation disabled.
>INFO Credentials loaded from file "/home/stack/clouds.yaml"
>INFO Consuming Install Config from target directory
>INFO Obtaining RHCOS image file from 'https://releases-art-rhcos.svc.ci.openshift.org/art/storage/releases/rhcos-4.8/48.84.202106301921-0/x86_64/rhcos-48.84.202106301921-0-openstack.x86_64.qcow2.gz?sha256=5a75df
>7b4d4dc1861093e520187a133eda3439019f280dc6e2f57edf70eb089d'
>INFO The file was found in cache: /home/stack/.cache/openshift-installer/image_cache/rhcos-48.84.202106301921-0-openstack.x86_64.qcow2. Reusing...
>WARNING OVERRIDE: pre-flight validation disabled.
>INFO Creating infrastructure resources...

Comment 8 errata-xmlrpc 2021-09-07 04:14:05 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.8.10 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:3299


Note You need to log in before you can comment on or make changes to this bug.