2023363 – [IPI][OSP] densed master-only installation with 0 workers fails due to missing worker security group on masters

Bug 2023363 - [IPI][OSP] densed master-only installation with 0 workers fails due to missing worker security group on masters

Summary: [IPI][OSP] densed master-only installation with 0 workers fails due to missin...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Installer
Sub Component:
Version:	4.7
Hardware:	All
OS:	All
Priority:	low
Severity:	low
Target Milestone:	---
Target Release:	4.8.z
Assignee:	Martin André
QA Contact:	Itay Matza
Docs Contact:
URL:
Whiteboard:
Depends On:	2016267
Blocks:
TreeView+	depends on / blocked

Reported:	2021-11-15 14:25 UTC by Martin André
Modified:	2021-11-30 10:26 UTC (History)
CC List:	10 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	2016267
Environment:
Last Closed:	2021-11-30 10:25:45 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	openshift installer pull 5386	0	None	open	[release-4.9] Bug 2023363: Add ingress rules to master SG for compact clusters	2021-11-15 14:36:14 UTC
Red Hat Product Errata	RHBA-2021:4830	0	None	None	None	2021-11-30 10:26:09 UTC

Comment 4 ShiftStack Bugwatcher 2021-11-25 16:12:53 UTC

Removing the Triaged keyword because:

* the QE automation assessment (flag qe_test_coverage) is missing

Comment 5 Itay Matza 2021-11-29 12:58:33 UTC

Verified in OCP 4.8.22 with Kury on top of RHOS-16.1-RHEL-8-20210506.n.1.

Verification steps:

1) Installation of OCP with 3 masters and with 0 workers finished successfully:
>$ openshift-install create cluster --dir ostest/
>time="2021-11-29T05:23:36-05:00" level=debug msg="Cluster is initialized"
>time="2021-11-29T05:23:36-05:00" level=info msg="Waiting up to 10m0s for the openshift-console route to be created..."
>time="2021-11-29T05:23:36-05:00" level=debug msg="Route found in openshift-console namespace: console"
>time="2021-11-29T05:23:36-05:00" level=debug msg="OpenShift console route is admitted"
>time="2021-11-29T05:23:36-05:00" level=info msg="Install complete!"
>time="2021-11-29T05:23:36-05:00" level=info msg="To access the cluster as the system:admin user when using 'oc', run 'export KUBECONFIG=/home/stack/ostest/auth/kubeconfig'"
>time="2021-11-29T05:23:36-05:00" level=info msg="Access the OpenShift web-console here: https://console-openshift-console.apps.ostest.shiftstack.com"
>time="2021-11-29T05:23:36-05:00" level=info msg="Login to the console with user: \"kubeadmin\", and password: \"3aR6L-3EIhR-G9tBY-J4xpq\""
>time="2021-11-29T05:23:36-05:00" level=debug msg="Time elapsed per stage:"
>time="2021-11-29T05:23:36-05:00" level=debug msg="    Infrastructure: 2m17s"
>time="2021-11-29T05:23:36-05:00" level=debug msg="Bootstrap Complete: 9m20s"
>time="2021-11-29T05:23:36-05:00" level=debug msg="               API: 1m7s"
>time="2021-11-29T05:23:36-05:00" level=debug msg=" Bootstrap Destroy: 36s"
>time="2021-11-29T05:23:36-05:00" level=debug msg=" Cluster Operators: 17m12s"
>time="2021-11-29T05:23:36-05:00" level=info msg="Time elapsed: 30m1s"

2) Make sure the OCP cluster is operational:
>$ oc get machineset -A
>NAMESPACE               NAME                    DESIRED   CURRENT   READY   AVAILABLE   AGE
>openshift-machine-api   ostest-xtg4x-worker-0   0         0                             29m
>$ oc get machines -A
>NAMESPACE               NAME                    PHASE     TYPE        REGION      ZONE   AGE
>openshift-machine-api   ostest-xtg4x-master-0   Running   m4.xlarge   regionOne   nova   29m
>openshift-machine-api   ostest-xtg4x-master-1   Running   m4.xlarge   regionOne   nova   29m
>openshift-machine-api   ostest-xtg4x-master-2   Running   m4.xlarge   regionOne   nova   29m
>]$ oc get nodes
>NAME                    STATUS   ROLES           AGE   VERSION
>ostest-xtg4x-master-0   Ready    master,worker   28m   v1.21.6+81bc627
>ostest-xtg4x-master-1   Ready    master,worker   29m   v1.21.6+81bc627
>ostest-xtg4x-master-2   Ready    master,worker   29m   v1.21.6+81bc627
>$ openstack server list
>+--------------------------------------+-----------------------+--------+-------------------------------------+--------------------+--------+
>| ID                                   | Name                  | Status | Networks                            | Image              | Flavor |
>+--------------------------------------+-----------------------+--------+-------------------------------------+--------------------+--------+
>| daebc2a5-68d8-4367-a44e-f3c06497f93a | ostest-xtg4x-master-2 | ACTIVE | ostest-xtg4x-openshift=10.196.1.204 | ostest-xtg4x-rhcos |        |
>| d5c94f0a-a8bc-402c-9450-06488d7d36fd | ostest-xtg4x-master-1 | ACTIVE | ostest-xtg4x-openshift=10.196.2.180 | ostest-xtg4x-rhcos |        |
>| 3feadf4b-a21c-466d-947a-13bb1741694b | ostest-xtg4x-master-0 | ACTIVE | ostest-xtg4x-openshift=10.196.3.192 | ostest-xtg4x-rhcos |        |
>+--------------------------------------+-----------------------+--------+-------------------------------------+--------------------+--------+
>$ oc get clusteroperators
>NAME                                       VERSION   AVAILABLE   PROGRESSING   DEGRADED   SINCE
>authentication                             4.8.22    True        False         False      7m33s
>baremetal                                  4.8.22    True        False         False      25m
>cloud-credential                           4.8.22    True        False         False      30m
>cluster-autoscaler                         4.8.22    True        False         False      26m
>config-operator                            4.8.22    True        False         False      27m
>console                                    4.8.22    True        False         False      16m
>csi-snapshot-controller                    4.8.22    True        False         False      27m
>dns                                        4.8.22    True        False         False      26m
>etcd                                       4.8.22    True        False         False      25m
>image-registry                             4.8.22    True        False         False      21m
>ingress                                    4.8.22    True        False         False      21m
>insights                                   4.8.22    True        False         False      21m
>kube-apiserver                             4.8.22    True        False         False      23m
>kube-controller-manager                    4.8.22    True        False         False      25m
>kube-scheduler                             4.8.22    True        False         False      25m
>kube-storage-version-migrator              4.8.22    True        False         False      27m
>machine-api                                4.8.22    True        False         False      21m
>machine-approver                           4.8.22    True        False         False      26m
>machine-config                             4.8.22    True        False         False      26m
>marketplace                                4.8.22    True        False         False      26m
>monitoring                                 4.8.22    True        False         False      21m
>network                                    4.8.22    True        False         False      28m
>node-tuning                                4.8.22    True        False         False      26m
>openshift-apiserver                        4.8.22    True        False         False      23m
>openshift-controller-manager               4.8.22    True        False         False      18m
>openshift-samples                          4.8.22    True        False         False      21m
>operator-lifecycle-manager                 4.8.22    True        False         False      26m
>operator-lifecycle-manager-catalog         4.8.22    True        False         False      26m
>operator-lifecycle-manager-packageserver   4.8.22    True        False         False      23m
>service-ca                                 4.8.22    True        False         False      28m
>storage                                    4.8.22    True        False         False      26m

3) Create a new project with three pods.
The pods are running on the master nodes:
>$ oc get pods -n demo -o wide                
>NAME                    READY   STATUS    RESTARTS   AGE     IP               NODE                    NOMINATED NODE   READINESS GATES
>demo-7897db69cc-2l5j6   1/1     Running   0          7m17s   10.128.124.164   ostest-xtg4x-master-2   <none>           <none>
>demo-7897db69cc-gvt8s   1/1     Running   0          7m17s   10.128.124.240   ostest-xtg4x-master-1   <none>           <none>
>demo-7897db69cc-rdrk7   1/1     Running   0          7m17s   10.128.124.86    ostest-xtg4x-master-0   <none>           <none>

4) Creating two workers.
Changed the replica value from 0 to 2. The two instances and the clusteroperators are up and running.

Comment 7 errata-xmlrpc 2021-11-30 10:25:45 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.8.22 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:4830

Note You need to log in before you can comment on or make changes to this bug.