Bug 2104578 - Installer creates unnecessary master_ingress_cluster_policy_controller security group rule
Summary: Installer creates unnecessary master_ingress_cluster_policy_controller securi...
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 4.11
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.12.0
Assignee: Martin André
QA Contact: rlobillo
Depends On:
Blocks: 2104825
TreeView+ depends on / blocked
Reported: 2022-07-06 16:10 UTC by Martin André
Modified: 2023-01-17 19:52 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Last Closed: 2023-01-17 19:51:47 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github openshift installer pull 6086 0 None open Bug 2104578: Remove unnecessary SG rule 2022-07-06 16:17:10 UTC
Red Hat Product Errata RHSA-2022:7399 0 None None None 2023-01-17 19:52:07 UTC

Description Martin André 2022-07-06 16:10:43 UTC
The installer on openstack platform creates a security group rule that it does not need.

The master_ingress_cluster_policy_controller security group rule was initially introduced with 2636aef [1] but later reverted with a7040d4 [2]. It was then re-introduced by mistake with 40febcf [3].

We should remove the unneeded rule.

[1] https://github.com/openshift/installer/commit/2636aef6cdf0f897f98446e29c969d61b6b009a7
[2] https://github.com/openshift/installer/commit/a7040d40041941cd4a649e7c5caf98c26cfbbb90
[3] https://github.com/openshift/installer/commit/40febcfdace6795ab661a17d59fe5882d1a12890

Comment 3 rlobillo 2022-07-29 14:00:44 UTC
Verified on ocp4.12.0-0.nightly-2022-07-27-133042 on top of RHOS-16.2-RHEL-8-20220610.n.1

(shiftstack) [stack@undercloud-0 ~]$ oc get clusterversion
NAME      VERSION                              AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.12.0-0.nightly-2022-07-27-133042   True        False         43s     Cluster version is 4.12.0-0.nightly-2022-07-27-133042
(shiftstack) [stack@undercloud-0 ~]$ openstack security group show ostest-5w6hf-master -c rules -f json | jq '.rules[] | select(.port_range_min==10357)'
(shiftstack) [stack@undercloud-0 ~]$

Comment 6 errata-xmlrpc 2023-01-17 19:51:47 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.12.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.