Hide Forgot
The installer on openstack platform creates a security group rule that it does not need. The master_ingress_cluster_policy_controller security group rule was initially introduced with 2636aef [1] but later reverted with a7040d4 [2]. It was then re-introduced by mistake with 40febcf [3]. We should remove the unneeded rule. [1] https://github.com/openshift/installer/commit/2636aef6cdf0f897f98446e29c969d61b6b009a7 [2] https://github.com/openshift/installer/commit/a7040d40041941cd4a649e7c5caf98c26cfbbb90 [3] https://github.com/openshift/installer/commit/40febcfdace6795ab661a17d59fe5882d1a12890
Verified on ocp4.12.0-0.nightly-2022-07-27-133042 on top of RHOS-16.2-RHEL-8-20220610.n.1 (shiftstack) [stack@undercloud-0 ~]$ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.12.0-0.nightly-2022-07-27-133042 True False 43s Cluster version is 4.12.0-0.nightly-2022-07-27-133042 (shiftstack) [stack@undercloud-0 ~]$ openstack security group show ostest-5w6hf-master -c rules -f json | jq '.rules[] | select(.port_range_min==10357)' (shiftstack) [stack@undercloud-0 ~]$
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.12.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:7399