Bug 2047670 - Installer should pre-check that the hosted zone is not associated with the VPC and throw the error message.
Summary: Installer should pre-check that the hosted zone is not associated with the VP...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 4.10
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.11.0
Assignee: John Hixson
QA Contact: Manoj Hans
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-01-28 09:29 UTC by Manoj Hans
Modified: 2022-08-10 10:44 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: regression Consequence: openshift-install would crash when using internal publishing strategy Fix: when using internal publishing strategy, check if hosted zone is also empty Result: openshift-install no longer crashes
Clone Of:
Environment:
Last Closed: 2022-08-10 10:44:20 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift installer pull 5695 0 None open bug 2047670: aws: remove validation check for internal publish strategy 2022-03-09 20:10:20 UTC
Red Hat Product Errata RHSA-2022:5069 0 None None None 2022-08-10 10:44:38 UTC

Description Manoj Hans 2022-01-28 09:29:43 UTC 
Installer is not throwing the expected error message when the hosted zone is not associated with the VPC.

Version-Release number of selected component (if applicable):
4.10.0-0.nightly-2022-01-25-023600

How reproducible:
Always

Platform:IPI on AWS

Steps to Reproduce:
1.Create two VPCs and get their subnets
VPC-1
vpc-id: vpc-0fc3d5b9eeb68528e
subnets: subnet-0b8a9733d8a92a198, subnet-03dc4fabb83e4f088

VPC-2
vpc-id: vpc-07454423e5735eb7c
subnets: subnet-08f097aad35dcd0b2 subnet-03d08aa1bf1670874

2. Create a private route53 hosted zone and associate with the VPC-1, and get its hosted zone id

aws route53 create-hosted-zone \
--name mhans-41244.qe.devcluster.openshift.com \
--caller-reference 25-Jan-2022-05:24:09.648777 \
--hosted-zone-config Comment='private hosted zone test',PrivateZone=true \
--vpc VPCRegion=us-east-2,VPCId=vpc-0fc3d5b9eeb68528e

hosted zone id: Z07351531BTHGVY665N9S

3. Create install config and update the below values:
 a) hostedZone uses the hosted zone which was associated with VPC-1
 b) subnets use the subnets in VPC-2

baseDomain: mhans-41244.qe.devcluster.openshift.com
platform:
  aws:
	hostedZone: Z07351531BTHGVY665N9S
	subnets:
	- subnet-08f097aad35dcd0b2
	- subnet-03d08aa1bf1670874
publish: Internal


Actual results:
time="2022-01-25T05:59:10-05:00" level=debug msg="Still waiting for the Kubernetes API: Get \"https://api.mhans-41244.mhans-41244.qe.devcluster.openshift.com:6443/version?timeout=32s\": dial tcp: lookup api.mhans-41244.mhans-41244.qe.devcluster.openshift.com on 10.11.5.19:53: no such host"
time="2022-01-25T05:59:57-05:00" level=error msg="Attempted to gather ClusterOperator status after installation failure: listing ClusterOperator objects: Get \"https://api.mhans-41244.mhans-41244.qe.devcluster.openshift.com:6443/apis/config.openshift.io/v1/clusteroperators\": dial tcp: lookup api.mhans-41244.mhans-41244.qe.devcluster.openshift.com on 10.11.5.19:53: no such host"
time="2022-01-25T05:59:57-05:00" level=debug msg="Fetching Bootstrap SSH Key Pair..."
time="2022-01-25T05:59:57-05:00" level=debug msg="Loading Bootstrap SSH Key Pair..."
time="2022-01-25T05:59:57-05:00" level=debug msg="Using Bootstrap SSH Key Pair loaded from state file"
time="2022-01-25T05:59:57-05:00" level=debug msg="Reusing previously-fetched Bootstrap SSH Key Pair"
time="2022-01-25T05:59:57-05:00" level=debug msg="Fetching Install Config..."
time="2022-01-25T05:59:57-05:00" level=debug msg="Loading Install Config..."
time="2022-01-25T05:59:57-05:00" level=debug msg="  Loading SSH Key..."
time="2022-01-25T05:59:57-05:00" level=debug msg="  Loading Base Domain..."
time="2022-01-25T05:59:57-05:00" level=debug msg="    Loading Platform..."
time="2022-01-25T05:59:57-05:00" level=debug msg="  Loading Cluster Name..."
time="2022-01-25T05:59:57-05:00" level=debug msg="    Loading Base Domain..."
time="2022-01-25T05:59:57-05:00" level=debug msg="    Loading Platform..."
time="2022-01-25T05:59:57-05:00" level=debug msg="  Loading Networking..."
time="2022-01-25T05:59:57-05:00" level=debug msg="    Loading Platform..."
time="2022-01-25T05:59:57-05:00" level=debug msg="  Loading Pull Secret..."
time="2022-01-25T05:59:57-05:00" level=debug msg="  Loading Platform..."
time="2022-01-25T05:59:57-05:00" level=debug msg="Using Install Config loaded from state file"
time="2022-01-25T05:59:57-05:00" level=debug msg="Reusing previously-fetched Install Config"
time="2022-01-25T05:59:57-05:00" level=info msg="Pulling debug logs from the bootstrap machine"
time="2022-01-25T05:59:57-05:00" level=debug msg="failed to parse SSH private key from \"/home/installer-auto/workspace/installer-auto-test/.ssh/id_rsa.pub\""
time="2022-01-25T05:59:57-05:00" level=debug msg="Added /tmp/bootstrap-ssh4204435571 to installer's internal agent"
time="2022-01-25T05:59:57-05:00" level=debug msg="Added /home/installer-auto/workspace/installer-auto-test/.ssh/id_rsa to installer's internal agent"
time="2022-01-25T05:59:57-05:00" level=debug msg="Added /home/installer-auto/workspace/installer-auto-test/.ssh/test.pem to installer's internal agent"
time="2022-01-25T06:02:05-05:00" level=error msg="Attempted to gather debug logs after installation failure: failed to create SSH client: dial tcp 10.0.52.78:22: connect: connection timed out"
time="2022-01-25T06:02:05-05:00" level=error msg="Bootstrap failed to complete: Get \"https://api.mhans-41244.mhans-41244.qe.devcluster.openshift.com:6443/version?timeout=32s\": dial tcp: lookup api.mhans-41244.mhans-41244.qe.devcluster.openshift.com on 10.11.5.19:53: no such host"
time="2022-01-25T06:02:05-05:00" level=error msg="Failed waiting for Kubernetes API. This error usually happens when there is a problem on the bootstrap host that prevents creating a temporary control plane."
time="2022-01-25T06:02:05-05:00" level=error msg="Attempted to analyze the debug logs after installation failure: could not open the gather bundle: open : no such file or directory"
time="2022-01-25T06:02:05-05:00" level=fatal msg="Bootstrap failed to complete"
 

Expected results:
Installer should throw this error message:
level=fatal msg="failed to fetch Cluster: failed to fetch dependency of \"Cluster\": failed to generate asset \"Platform Provisioning Check\": aws.hostedZone: Invalid value: \"Z07351531BTHGVY665N9S\": hosted zone is not associated with the VPC"
Comment 1 Matthew Staebler 2022-01-31 20:15:58 UTC 
This is a regression introduced in https://github.com/openshift/installer/pull/5189. There was a check added to ValidateForProvisioning to not run the validation when using the internal publishing strategy.

https://github.com/openshift/installer/blob/f6ea846f7a8a2357191dd2e2c4cec5b73023d0f0/pkg/asset/installconfig/aws/validation.go#L351-L353
Comment 2 John Hixson 2022-03-09 20:08:30 UTC 
PR: https://github.com/openshift/installer/pull/5695
Comment 3 Manoj Hans 2022-03-11 11:54:40 UTC 
I have validated the bug using the provided PR but the below case is failing.

Verify that the hosted zone id should be valid.

create a install config and update:
baseDomain: mhans-41244.qe.devcluster.openshift.com
platform:
  aws:
    hostedZone: INVALID
    subnets:
    - subnet-0b8a9733d8a92a198
    - subnet-03dc4fabb83e4f088
publish: Internal

Expected results:
Installer should throw this error message:
"failed to fetch Cluster: failed to fetch dependency of \"Cluster\": failed to generate asset \"Platform Provisioning Check\": aws.hostedZone: Invalid value: \"INVALID\": cannot find hosted zone"

Actual results: 

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0x3306a4f]

goroutine 1 [running]:
github.com/openshift/installer/pkg/asset/installconfig/aws.isHostedZoneAssociatedWithVPC(0xc0007c3dd0, {0xc00020d140, 0x15})
	/go/src/github.com/openshift/installer/pkg/asset/installconfig/aws/validation.go:491 +0x2f
github.com/openshift/installer/pkg/asset/installconfig/aws.validateHostedZone(0x4983f60, 0xc00048a208, {0xc0009c1530, 0x12}, 0x2388d95)
	/go/src/github.com/openshift/installer/pkg/asset/installconfig/aws/validation.go:440 +0x168
github.com/openshift/installer/pkg/asset/installconfig/aws.ValidateForProvisioning(0xc001152230, 0xc0003fb200, 0xc00019c010)
	/go/src/github.com/openshift/installer/pkg/asset/installconfig/aws/validation.go:372 +0x1e5
github.com/openshift/installer/pkg/asset/installconfig.(*PlatformProvisionCheck).Generate(0xc0001ae000, 0x5)
	/go/src/github.com/openshift/installer/pkg/asset/installconfig/platformprovisioncheck.go:56 +0xd9
github.com/openshift/installer/pkg/asset/store.(*storeImpl).fetch(0xc0009bc4b0, {0x17dd7db0, 0x1b1e0c30}, {0x5301d54, 0x2})
	/go/src/github.com/openshift/installer/pkg/asset/store/store.go:227 +0x604
github.com/openshift/installer/pkg/asset/store.(*storeImpl).fetch(0xc0009bc4b0, {0x17dd7b70, 0x1b190b50}, {0x0, 0x0})
	/go/src/github.com/openshift/installer/pkg/asset/store/store.go:221 +0x759
github.com/openshift/installer/pkg/asset/store.(*storeImpl).Fetch(0x17e3a9f8, {0x17dd7b70, 0x1b190b50}, {0x1b1728a0, 0x8, 0x8})
	/go/src/github.com/openshift/installer/pkg/asset/store/store.go:77 +0x48
main.runTargetCmd.func1({0x5301d3c, 0x1})
	/go/src/github.com/openshift/installer/cmd/openshift-install/create.go:241 +0x116
main.runTargetCmd.func2(0x1b1784a0, {0x1b1e0c30, 0x0, 0x0})
	/go/src/github.com/openshift/installer/cmd/openshift-install/create.go:268 +0xae
github.com/spf13/cobra.(*Command).execute(0x1b1784a0, {0x1b1e0c30, 0x0, 0x0})
	/go/src/github.com/openshift/installer/vendor/github.com/spf13/cobra/command.go:860 +0x5f8
github.com/spf13/cobra.(*Command).ExecuteC(0xc000889680)
	/go/src/github.com/openshift/installer/vendor/github.com/spf13/cobra/command.go:974 +0x3bc
github.com/spf13/cobra.(*Command).Execute(...)
	/go/src/github.com/openshift/installer/vendor/github.com/spf13/cobra/command.go:902
main.installerMain()
	/go/src/github.com/openshift/installer/cmd/openshift-install/main.go:60 +0x29e
main.main()
	/go/src/github.com/openshift/installer/cmd/openshift-install/main.go:38 +0xff
Comment 8 errata-xmlrpc 2022-08-10 10:44:20 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:5069
Note You need to log in before you can comment on or make changes to this bug.