Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-10903

[IBMCloud] fail to ssh to master/bootstrap/worker nodes from the bastion inside a customer vpc.

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • None
    • 4.13, 4.12
    • Installer / IBM Cloud
    • No
    • Rejected
    • False
    • Hide

      None

      Show
      None
    • N/A
    • Bug Fix
    • Done

      This is a clone of issue OCPBUGS-8035. The following is the description of the original issue:

      Description of problem:

      install discnnect private cluster, ssh to master/bootstrap nodes from the bastion on the vpc failed.

      Version-Release number of selected component (if applicable):

      Pre-merge build https://github.com/openshift/installer/pull/6836
      registry.build05.ci.openshift.org/ci-ln-5g4sj02/release:latest
      Tag: 4.13.0-0.ci.test-2023-02-27-033047-ci-ln-5g4sj02-latest

      How reproducible:

      always

      Steps to Reproduce:

      1.Create bastion instance maxu-ibmj-p1-int-svc 
      2.Create vpc on the bastion host 
      3.Install private disconnect cluster on the bastion host with mirror registry 
      4.ssh to the bastion  
      5.ssh to the master/bootstrap nodes from the bastion 

      Actual results:

      [core@maxu-ibmj-p1-int-svc ~]$ ssh -i ~/openshift-qe.pem core@10.241.0.5 -v
      OpenSSH_8.8p1, OpenSSL 3.0.5 5 Jul 2022
      debug1: Reading configuration data /etc/ssh/ssh_config
      debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
      debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
      debug1: configuration requests final Match pass
      debug1: re-parsing configuration
      debug1: Reading configuration data /etc/ssh/ssh_config
      debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
      debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
      debug1: Connecting to 10.241.0.5 [10.241.0.5] port 22.
      debug1: connect to address 10.241.0.5 port 22: Connection timed out
      ssh: connect to host 10.241.0.5 port 22: Connection timed out

      Expected results:

      ssh succeed.

      Additional info:

      $ibmcloud is sg-rules r014-5a6c16f4-8a4c-4c02-ab2d-626c14f72a77 --vpc maxu-ibmj-p1-vpc
      Listing rules of security group r014-5a6c16f4-8a4c-4c02-ab2d-626c14f72a77 under account OpenShift-QE as user ServiceId-dff277a9-b608-410a-ad24-c544e59e3778...
      ID                                          Direction   IP version   Protocol                      Remote   
      r014-6739d68f-6827-41f4-b51a-5da742c353b2   outbound    ipv4         all                           0.0.0.0/0   
      r014-06d44c15-d3fd-4a14-96c4-13e96aa6769c   inbound     ipv4         all                           shakiness-perfectly-rundown-take   r014-25b86956-5370-4925-adaf-89dfca9fb44b   inbound     ipv4         tcp Ports:Min=22,Max=22       0.0.0.0/0   
      r014-e18f0f5e-c4e5-44a5-b180-7a84aa59fa97   inbound     ipv4         tcp Ports:Min=3128,Max=3129   0.0.0.0/0   
      r014-7e79c4b7-d0bb-4fab-9f5d-d03f6b427d89   inbound     ipv4         icmp Type=8,Code=0            0.0.0.0/0   
      r014-03f23b04-c67a-463d-9754-895b8e474e75   inbound     ipv4         tcp Ports:Min=5000,Max=5000   0.0.0.0/0   
      r014-8febe8c8-c937-42b6-b352-8ae471749321   inbound     ipv4         tcp Ports:Min=6001,Max=6002   0.0.0.0/0   

              jeffbnowicki Jeff Nowicki
              openshift-crt-jira-prow OpenShift Prow Bot
              May Xu May Xu
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: