+++ This bug was initially created as a clone of Bug #2104578 +++ The installer on openstack platform creates a security group rule that it does not need. The master_ingress_cluster_policy_controller security group rule was initially introduced with 2636aef [1] but later reverted with a7040d4 [2]. It was then re-introduced by mistake with 40febcf [3]. We should remove the unneeded rule. [1] https://github.com/openshift/installer/commit/2636aef6cdf0f897f98446e29c969d61b6b009a7 [2] https://github.com/openshift/installer/commit/a7040d40041941cd4a649e7c5caf98c26cfbbb90 [3] https://github.com/openshift/installer/commit/40febcfdace6795ab661a17d59fe5882d1a12890
Removing the Triaged keyword because: * the QE automation assessment (flag qe_test_coverage) is missing
Verified on 4.11.0-0.nightly-2022-09-10-020349 on top of RHOS-16.2-RHEL-8-20220804.n.1 (shiftstack) [stack@undercloud-0 ~]$ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.11.0-0.nightly-2022-09-10-020349 True False 43m Cluster version is 4.11.0-0.nightly-2022-09-10-020349 (shiftstack) [stack@undercloud-0 ~]$ openstack security group list +--------------------------------------+---------------------+--------------------------------+----------------------------------+-------------------------------------+ | ID | Name | Description | Project | Tags | +--------------------------------------+---------------------+--------------------------------+----------------------------------+-------------------------------------+ | cc6d1357-53d2-42bf-8012-3a347422988d | ostest-x7mj2-master | Created By OpenShift Installer | 40c2d3e4846c483896ac824f7d437e7d | ['openshiftClusterID=ostest-x7mj2'] | | ebc0ece1-4779-4a33-b315-601b7f37246c | default | Default security group | 40c2d3e4846c483896ac824f7d437e7d | [] | | fe2a3b75-ba7e-46c0-9039-ddded3fa9553 | ostest-x7mj2-worker | Created By OpenShift Installer | 40c2d3e4846c483896ac824f7d437e7d | ['openshiftClusterID=ostest-x7mj2'] | +--------------------------------------+---------------------+--------------------------------+----------------------------------+-------------------------------------+ The security group rule does not exist: (shiftstack) [stack@undercloud-0 ~]$ openstack security group show ostest-x7mj2-master -c rules -f json | jq '.rules[] | select(.port_range_min==10357)' (shiftstack) [stack@undercloud-0 ~]$
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.11.5 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:6536