Bug 2016267 - [IPI][OSP] densed master-only installation with 0 workers fails due to missing worker security group on masters
Summary: [IPI][OSP] densed master-only installation with 0 workers fails due to missin...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 4.7
Hardware: All
OS: All
low
low
Target Milestone: ---
: 4.9.z
Assignee: Martin André
QA Contact: Itay Matza
Olivia Payne
URL:
Whiteboard:
Depends On: 1955544
Blocks: 2023363
TreeView+ depends on / blocked
 
Reported: 2021-10-21 07:04 UTC by OpenShift BugZilla Robot
Modified: 2021-11-15 14:25 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Previously, OpenShift Container Platform deployments on OpenStack failed for compact clusters with undedicated workers due to control plane nodes missing Ingress security group rules. With this update, an Ingress security group was added to OpenStack when control planes are schedulable.
Clone Of:
: 2023363 (view as bug list)
Environment:
Last Closed: 2021-11-10 21:02:40 UTC
Target Upstream Version:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift installer pull 5320 0 None open [release-4.9] Bug 2016267: Add ingress rules to master SG for compact clusters 2021-10-21 07:04:55 UTC
Red Hat Product Errata RHBA-2021:4119 0 None None None 2021-11-10 21:02:54 UTC

Comment 4 Itay Matza 2021-11-03 17:36:59 UTC 
Verified in OCP 4.9.0-0.nightly-2021-11-03-043308 with Kury on top of RHOS-16.1-RHEL-8-20211007.n.1.


Verification steps:

1) Installation of OCP with 3 masters and with 0 workers finished successfully:
>$ openshift-install create cluster --dir ostest/
>time="2021-11-03T11:40:58-04:00" level=debug msg="Cluster is initialized"
>time="2021-11-03T11:40:58-04:00" level=info msg="Waiting up to 10m0s for the openshift-console route to be created..."
>time="2021-11-03T11:40:58-04:00" level=debug msg="Route found in openshift-console namespace: console"
>time="2021-11-03T11:40:58-04:00" level=debug msg="OpenShift console route is admitted"
>time="2021-11-03T11:40:58-04:00" level=info msg="Install complete!"
>time="2021-11-03T11:40:58-04:00" level=info msg="To access the cluster as the system:admin user when using 'oc', run 'export KUBECONFIG=/home/stack/ostest/auth/kubeconfig'"
>time="2021-11-03T11:40:58-04:00" level=info msg="Access the OpenShift web-console here: https://console-openshift-console.apps.ostest.shiftstack.com"
>time="2021-11-03T11:40:58-04:00" level=info msg="Login to the console with user: \"kubeadmin\", and password: \"bghQm-3s5N5-qzkao-p5UMV\""
>time="2021-11-03T11:40:58-04:00" level=debug msg="Time elapsed per stage:"
>time="2021-11-03T11:40:58-04:00" level=debug msg="                  : 2m3s"
>time="2021-11-03T11:40:58-04:00" level=debug msg="Bootstrap Complete: 14m56s"
>time="2021-11-03T11:40:58-04:00" level=debug msg="               API: 3m5s"
>time="2021-11-03T11:40:58-04:00" level=debug msg=" Bootstrap Destroy: 36s"
>time="2021-11-03T11:40:58-04:00" level=debug msg=" Cluster Operators: 10m37s"
>time="2021-11-03T11:40:58-04:00" level=info msg="Time elapsed: 29m50s"

2) Make sure the OCP cluster is operational:
>$ oc get machineset -A                                                                                                                                                          
>NAMESPACE               NAME                    DESIRED   CURRENT   READY   AVAILABLE   AGE
>openshift-machine-api   ostest-g9jwx-worker-0   0         0                             60m
>$ oc get machines -A                                                                                                                                                            
>NAMESPACE               NAME                    PHASE     TYPE        REGION      ZONE   AGE
>openshift-machine-api   ostest-g9jwx-master-0   Running   m4.xlarge   regionOne   nova   60m
>openshift-machine-api   ostest-g9jwx-master-1   Running   m4.xlarge   regionOne   nova   60m
>openshift-machine-api   ostest-g9jwx-master-2   Running   m4.xlarge   regionOne   nova   60m
>$ oc get nodes
>NAME                    STATUS   ROLES           AGE   VERSION
>ostest-g9jwx-master-0   Ready    master,worker   58m   v1.22.1+d8c4430
>ostest-g9jwx-master-1   Ready    master,worker   59m   v1.22.1+d8c4430
>ostest-g9jwx-master-2   Ready    master,worker   59m   v1.22.1+d8c4430
>$ openstack server list
>+--------------------------------------+-----------------------+--------+-------------------------------------+--------------------+--------+
>| ID                                   | Name                  | Status | Networks                            | Image              | Flavor |
>+--------------------------------------+-----------------------+--------+-------------------------------------+--------------------+--------+
>| 11716a3a-c598-479d-a603-903a724b0b6f | ostest-g9jwx-master-2 | ACTIVE | ostest-g9jwx-openshift=10.196.0.125 | ostest-g9jwx-rhcos |        |
>| d451d0cc-ba1c-43c4-82e6-9d8f24998d7f | ostest-g9jwx-master-1 | ACTIVE | ostest-g9jwx-openshift=10.196.3.178 | ostest-g9jwx-rhcos |        |
>| bc1caf81-3d60-415b-bd88-fa4d90647dd0 | ostest-g9jwx-master-0 | ACTIVE | ostest-g9jwx-openshift=10.196.2.237 | ostest-g9jwx-rhcos |        |
>+--------------------------------------+-----------------------+--------+-------------------------------------+--------------------+--------+
>$ oc get clusteroperators
>NAME                                       VERSION                             AVAILABLE   PROGRESSING   DEGRADED   SINCE   MESSAGE
>authentication                             4.9.0-0.nightly-2021-11-03-043308   True        False         False      42m     
>baremetal                                  4.9.0-0.nightly-2021-11-03-043308   True        False         False      55m     
>cloud-controller-manager                   4.9.0-0.nightly-2021-11-03-043308   True        False         False      61m     
>cloud-credential                           4.9.0-0.nightly-2021-11-03-043308   True        False         False      62m     
>cluster-autoscaler                         4.9.0-0.nightly-2021-11-03-043308   True        False         False      57m     
>config-operator                            4.9.0-0.nightly-2021-11-03-043308   True        False         False      59m     
>console                                    4.9.0-0.nightly-2021-11-03-043308   True        False         False      44m     
>csi-snapshot-controller                    4.9.0-0.nightly-2021-11-03-043308   True        False         False      58m     
>dns                                        4.9.0-0.nightly-2021-11-03-043308   True        False         False      57m     
>etcd                                       4.9.0-0.nightly-2021-11-03-043308   True        False         False      55m     
>image-registry                             4.9.0-0.nightly-2021-11-03-043308   True        False         False      48m     
>ingress                                    4.9.0-0.nightly-2021-11-03-043308   True        False         False      48m     
>insights                                   4.9.0-0.nightly-2021-11-03-043308   True        False         False      52m     
>kube-apiserver                             4.9.0-0.nightly-2021-11-03-043308   True        False         False      44m     
>kube-controller-manager                    4.9.0-0.nightly-2021-11-03-043308   True        False         False      56m     
>kube-scheduler                             4.9.0-0.nightly-2021-11-03-043308   True        False         False      56m     
>kube-storage-version-migrator              4.9.0-0.nightly-2021-11-03-043308   True        False         False      58m     
>machine-api                                4.9.0-0.nightly-2021-11-03-043308   True        False         False      53m     
>machine-approver                           4.9.0-0.nightly-2021-11-03-043308   True        False         False      57m     
>machine-config                             4.9.0-0.nightly-2021-11-03-043308   True        False         False      57m     
>marketplace                                4.9.0-0.nightly-2021-11-03-043308   True        False         False      57m     
>monitoring                                 4.9.0-0.nightly-2021-11-03-043308   True        False         False      47m     
>network                                    4.9.0-0.nightly-2021-11-03-043308   True        False         False      59m     
>node-tuning                                4.9.0-0.nightly-2021-11-03-043308   True        False         False      57m     
>openshift-apiserver                        4.9.0-0.nightly-2021-11-03-043308   True        False         False      44m     
>openshift-controller-manager               4.9.0-0.nightly-2021-11-03-043308   True        False         False      54m     
>openshift-samples                          4.9.0-0.nightly-2021-11-03-043308   True        False         False      50m     
>operator-lifecycle-manager                 4.9.0-0.nightly-2021-11-03-043308   True        False         False      57m     
>operator-lifecycle-manager-catalog         4.9.0-0.nightly-2021-11-03-043308   True        False         False      58m     
>operator-lifecycle-manager-packageserver   4.9.0-0.nightly-2021-11-03-043308   True        False         False      48m     
>service-ca                                 4.9.0-0.nightly-2021-11-03-043308   True        False         False      58m     
>storage                                    4.9.0-0.nightly-2021-11-03-043308   True        False         False      58m     

3) Create a new project with three pods.
The pods are running on the master nodes:
>$ oc get pods -n demo -o wide                                                                                                       
>NAME                    READY   STATUS    RESTARTS   AGE   IP               NODE                    NOMINATED NODE   READINESS GATES
>demo-7897db69cc-cchnd   1/1     Running   0          34m   10.128.131.178   ostest-g9jwx-master-0   <none>           <none>
>demo-7897db69cc-jwwq2   1/1     Running   0          34m   10.128.131.235   ostest-g9jwx-master-2   <none>           <none>
>demo-7897db69cc-k4gk6   1/1     Running   0          34m   10.128.131.132   ostest-g9jwx-master-1   <none>           <none>

4) Creating two workers.
Changed the replica value from 0 to 2. The two instances and the clusteroperators are up and running.
Comment 6 errata-xmlrpc 2021-11-10 21:02:40 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.9.6 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:4119
Note You need to log in before you can comment on or make changes to this bug.