Bug 2055247 - [Azure] Fail to create master nodes with dcasv5 /dcadsv5 -series Confidential Virtual Machine
Summary: [Azure] Fail to create master nodes with dcasv5 /dcadsv5 -series Confidential...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 4.10
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: ---
: 4.12.0
Assignee: John Hixson
QA Contact: MayXu
Mike Pytlak
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-02-16 14:03 UTC by MayXu
Modified: 2023-01-17 19:47 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
* Previously, installing a cluster on Microsoft Azure failed when the Azure DCasv5-series or DCadsv5-series of confidential VMs were specified as control plane nodes. With this update, the installation program now stops the installation with an error, which states that confidential VMs are not yet supported. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2055247[*BZ#2055247*])
Clone Of:
Environment:
Last Closed: 2023-01-17 19:47:08 UTC
Target Upstream Version:
Embargoed:
maxu: needinfo-
maxu: needinfo-
maxu: needinfo-


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift installer pull 6203 0 None open bug 2055247: pkg/asset/installconfig/azure: standardDDv5Family is not currently supported 2022-08-04 23:52:11 UTC
Red Hat Product Errata RHSA-2022:7399 0 None None None 2023-01-17 19:47:32 UTC

Description MayXu 2022-02-16 14:03:51 UTC
Version:
4.10

$ openshift-install version
4.10.0-rc.2-x86_64

Platform:
Azure

Please specify:
* IPI 
* UPI 

What happened?
Fail to create master nodes with dcasv5 /dcadsv5 -series Confidential Virtual Machine

How reproducible:
Always

Steps to Reproduce:
Test on westus region, specify the master machine type with Standard_DC8ads_v5 or Standard_DC8as_v5

IPI install get the error: 
compute.VirtualMachinesClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="BadRequest" Message="The VM size 'Standard_DC8ads_v5' is not supported for creation of VMs and Virtual Machine Scale Set with '<NULL>' security type.

UPI install get the error:
[{"code":"BadRequest","message":"{\r\n  \"error\": {\r\n    \"code\": \"BadRequest\",\r\n    \"message\": \"The VM size 'Standard_DC8as_v5' is not supported for creation of VMs and Virtual Machine Scale Set with '<NULL>' security type.\"\r\n  }\r\n}"},{"code":"BadRequest","message":"{\r\n  \"error\": {\r\n    \"code\": \"BadRequest\",\r\n    \"message\": \"The VM size 'Standard_DC8as_v5' is not supported for creation of VMs and Virtual Machine Scale Set with '<NULL>' security type.\"\r\n  }\r\n}"},{"code":"BadRequest","message":"{\r\n  \"error\": {\r\n    \"code\": \"BadRequest\",\r\n    \"message\": \"The VM size 'Standard_DC8as_v5' is not supported for creation of VMs and Virtual Machine Scale Set with '<NULL>' security type.\"\r\n  }\r\n}"}]

Expected results:
Install successfully or prompt the invalid vm type early.

Ref : https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview#os-support
Confidential VMs support the following VM sizes:
DCasv5-series
DCadsv5-series
ECasv5-series
ECadsv5-series
OS support
Confidential VMs support the following OS options:
Ubuntu 20.04 LTS
Windows Server 2019
Windows Server 2022

Comment 1 Patrick Dillon 2022-03-01 18:28:46 UTC
We could potentially validate this class of confidential machines.

Comment 2 MayXu 2022-05-17 10:29:18 UTC
test with registry.ci.openshift.org/ocp/release:4.11.0-0.nightly-2022-05-11-054135

creating Linux Virtual Machine: (Name "maxu-5-ql4gb-bootstrap" / Resource Group "maxu-5-ql4gb-rg"): compute.VirtualMachinesClient#CreateOrUpdate: Failure sending 
request: StatusCode=400 -- Original Error: Code="BadRequest" Message="The VM size 'Standard_DC8as_v5' is not supported for creation of VMs and Virtual Machine Scale Set with '<NULL>' security type."

Comment 3 John Hixson 2022-08-04 23:48:11 UTC
I've submitted a pull request to error when this class of machines is specified: https://github.com/openshift/installer/pull/6203

This requires feature work. I have created a card to track that here: https://issues.redhat.com/browse/CORS-2231

If you have any additional input, please let me know!

Comment 6 MayXu 2022-09-26 04:09:47 UTC
verified on registry.ci.openshift.org/ocp/release:4.12.0-0.nightly-2022-09-25-071630
vm_type_masters: 'Standard_DC8ads_v5'

vm_type_masters: 'Standard_DC8ads_v5'
vm_type_workers: 'Standard_DC4as_v5'
level=error msg=failed to fetch Master Machines: failed to load asset "Install Config": failed to create install config: [controlPlane.platform.azure.type: Invalid value: "Standard_DC8ads_v5": standardDCADSv5Family is not currently supported but will be in a future release, compute[0].platform.azure.type: Invalid value: "Standard_DC4as_v5": standardDCASv5Family is not currently supported but will be in a future release]


vm_type_masters: 'Standard_DC8as_v5'
vm_type_workers: 'Standard_DC4ads_v5'
level=error msg=failed to fetch Master Machines: failed to load asset "Install Config": failed to create install config: [controlPlane.platform.azure.type: Invalid value: "Standard_DC8as_v5": standardDCASv5Family is not currently supported but will be in a future release, compute[0].platform.azure.type: Invalid value: "Standard_DC4ads_v5": standardDCADSv5Family is not currently supported but will be in a future release]

Comment 11 errata-xmlrpc 2023-01-17 19:47:08 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.12.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:7399


Note You need to log in before you can comment on or make changes to this bug.