2027498 – [IBMCloud] SG Name character length limitation

Bug 2027498 - [IBMCloud] SG Name character length limitation

Summary: [IBMCloud] SG Name character length limitation

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Installer
Sub Component:
Version:	4.10
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Target Release:	4.10.0
Assignee:	aos-install
QA Contact:	Pedro Amoedo
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2021-11-29 19:57 UTC by Christopher J Schaefer
Modified:	2022-03-10 16:30 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2022-03-10 16:30:41 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	openshift installer pull 5455	None	Merged	Bug 2027498: Condense IBM Cloud SG names	2021-12-09 16:01:35 UTC
Github	openshift installer pull 5472	None	Merged	Cleanup machine references to ibmcloud SG	2021-12-13 09:16:17 UTC
Red Hat Product Errata	RHSA-2022:0056	None	None	None	2022-03-10 16:30:57 UTC

Description Christopher J Schaefer 2021-11-29 19:57:00 UTC

Version:
4.10


Platform:
IBM Cloud


Please specify:
IPI

What happened?
When attempting to create a new cluster using IPI on IBM Cloud, the Terraform fails to create a security group due to the character limitations for an IBM Cloud Security Group.

```
time="2021-11-29T18:05:43Z" level=debug msg="Initializing modules..."
time="2021-11-29T18:05:43Z" level=debug msg="- cis in ../../../../../tmp/openshift-install-network-644289584/cis"
time="2021-11-29T18:05:43Z" level=debug msg="- image in ../../../../../tmp/openshift-install-network-644289584/image"
time="2021-11-29T18:05:43Z" level=debug msg="- vpc in ../../../../../tmp/openshift-install-network-644289584/vpc"
time="2021-11-29T18:05:43Z" level=debug
time="2021-11-29T18:05:43Z" level=debug msg="Initializing the backend..."
time="2021-11-29T18:05:43Z" level=debug
time="2021-11-29T18:05:43Z" level=debug msg="Initializing provider plugins..."
time="2021-11-29T18:05:45Z" level=debug
time="2021-11-29T18:05:45Z" level=debug msg="Terraform has been successfully initialized!"
time="2021-11-29T18:05:45Z" level=debug
time="2021-11-29T18:05:45Z" level=debug msg="You may now begin working with Terraform. Try running \"terraform plan\" to see"
time="2021-11-29T18:05:45Z" level=debug msg="any changes that are required for your infrastructure. All Terraform commands"
time="2021-11-29T18:05:45Z" level=debug msg="should now work."
time="2021-11-29T18:05:45Z" level=debug
time="2021-11-29T18:05:45Z" level=debug msg="If you ever set or change modules or backend configuration for Terraform,"
time="2021-11-29T18:05:45Z" level=debug msg="rerun this command to reinitialize your working directory. If you forget, other"
time="2021-11-29T18:05:45Z" level=debug msg="commands will detect it and remind you to do so if necessary."
time="2021-11-29T18:05:51Z" level=debug msg="module.cis.data.ibm_cis_domain.base_domain: Refreshing state..."
time="2021-11-29T18:06:08Z" level=debug
time="2021-11-29T18:06:08Z" level=debug msg="Warning: Interpolation-only expressions are deprecated"
time="2021-11-29T18:06:08Z" level=debug
time="2021-11-29T18:06:08Z" level=debug msg="  on ../../../../../tmp/openshift-install-network-644289584/image/main.tf line 24, in resource \"ibm_iam_authorization_policy\" \"policy\":"
time="2021-11-29T18:06:08Z" level=debug msg="  24:   target_resource_instance_id = \"${element(split(\":\", var.cos_resource_instance_crn), 7)}\""
time="2021-11-29T18:06:08Z" level=debug
time="2021-11-29T18:06:08Z" level=debug msg="Terraform 0.11 and earlier required all non-constant expressions to be"
time="2021-11-29T18:06:08Z" level=debug msg="provided via interpolation syntax, but this pattern is now deprecated. To"
time="2021-11-29T18:06:08Z" level=debug msg="silence this warning, remove the \"${ sequence from the start and the }\""
time="2021-11-29T18:06:08Z" level=debug msg="sequence from the end of this expression, leaving just the inner expression."
time="2021-11-29T18:06:08Z" level=debug
time="2021-11-29T18:06:08Z" level=debug msg="Template interpolation syntax is still used to construct strings from"
time="2021-11-29T18:06:08Z" level=debug msg="expressions when the template includes multiple interpolation sequences or a"
time="2021-11-29T18:06:08Z" level=debug msg="mixture of literal strings and interpolations. This deprecation applies only"
time="2021-11-29T18:06:08Z" level=debug msg="to templates that consist entirely of a single interpolation sequence."
time="2021-11-29T18:06:08Z" level=debug
time="2021-11-29T18:06:08Z" level=error
time="2021-11-29T18:06:08Z" level=error msg="Error: \"name\" (\"ocp-dev-conformance-7-ljq57-security-group-control-plane-internal\") must contain from 1 to 63 characters "
time="2021-11-29T18:06:08Z" level=error
time="2021-11-29T18:06:08Z" level=error msg="  on ../../../../../tmp/openshift-install-network-644289584/vpc/security-groups.tf line 212, in resource \"ibm_is_security_group\" \"control_plane_internal\":"
time="2021-11-29T18:06:08Z" level=error msg=" 212: resource \"ibm_is_security_group\" \"control_plane_internal\" {"
time="2021-11-29T18:06:08Z" level=error
time="2021-11-29T18:06:08Z" level=error
time="2021-11-29T18:06:08Z" level=error msg="Failed to read tfstate: open /tmp/openshift-install-network-644289584/terraform.network.tfstate: no such file or directory"
time="2021-11-29T18:06:08Z" level=fatal msg="failed to fetch Cluster: failed to generate asset \"Cluster\": failed to create cluster: failed to apply Terraform: failed to complete the change"
```


What did you expect to happen?
Successful cluster creation


How to reproduce it (as minimally and precisely as possible)?
Using IPI on IBM Cloud, create a new  cluster with a name length of 20+ characters


Anything else we need to know?
IBM Cloud will attempt to investigate and provided a fix, when possible

Comment 2 Christopher J Schaefer 2021-12-09 15:55:53 UTC

Related PR that trimmed the SG character length, to address this issue
https://github.com/openshift/installer/pull/5455

Comment 3 Pedro Amoedo 2021-12-09 16:01:35 UTC

Thanks Christopher, linking the PR with the BZ and moving forward to VERIFIED.

Comment 4 Pedro Amoedo 2021-12-13 09:16:18 UTC

Linking also secondary PR[1] with references cleanup that were initially missed, thanks Christopher.

[1] - https://github.com/openshift/installer/pull/5472

Comment 7 errata-xmlrpc 2022-03-10 16:30:41 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0056

Note You need to log in before you can comment on or make changes to this bug.