Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-11093

[azure] Install fails when setting diskEncryptionSet under defaultMachinePlatform/controlPlane/compute without subscriptionId

XMLWordPrintable

    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • Moderate
    • No
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      This is a clone of issue OCPBUGS-8449. The following is the description of the original issue:

      Description of problem:

      Configure diskEncryptionSet as below in install-config.yaml, and not set subscriptionID as it is optional parameter.

install-config.yaml
--------------------------------
compute:
- architecture: amd64
  hyperthreading: Enabled
  name: worker
  platform:
    azure:
      encryptionAtHost: true
      osDisk:
        diskEncryptionSet:
          resourceGroup: jima07a-rg
          name: jima07a-des
  replicas: 3
controlPlane:
  architecture: amd64
  hyperthreading: Enabled
  name: master
  platform:
    azure:
      encryptionAtHost: true
      osDisk:
        diskEncryptionSet:
          resourceGroup: jima07a-rg
          name: jima07a-des
  replicas: 3
platform:
  azure:
    baseDomainResourceGroupName: os4-common
    cloudName: AzurePublicCloud
    outboundType: Loadbalancer
    region: centralus
    defaultMachinePlatform:
      osDisk:
        diskEncryptionSet:
          resourceGroup: jima07a-rg
          name: jima07a-des

Then create manifests file and create cluster, installer failed with error:
$ ./openshift-install create cluster --dir ipi --log-level debug
...
INFO Credentials loaded from file "/home/fedora/.azure/osServicePrincipal.json" 
FATAL failed to fetch Terraform Variables: failed to fetch dependency of "Terraform Variables": failed to generate asset "Platform Provisioning Check": platform.azure.defaultMachinePlatform.osDisk.diskEncryptionSet: Invalid value: azure.DiskEncryptionSet{SubscriptionID:"", ResourceGroup:"jima07a-rg", Name:"jima07a-des"}: failed to get disk encryption set: compute.DiskEncryptionSetsClient#Get: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="InvalidSubscriptionId" Message="The provided subscription identifier 'resourceGroups' is malformed or invalid." 

Checked manifest file cluster-config.yaml, and found that subscriptionId is not filled out automatically under defaultMachinePlatform
$ cat cluster-config.yaml
apiVersion: v1
data:
  install-config: |
    additionalTrustBundlePolicy: Proxyonly
    apiVersion: v1
    baseDomain: qe.azure.devcluster.openshift.com
    compute:
    - architecture: amd64
      hyperthreading: Enabled
      name: worker
      platform:
        azure:
          encryptionAtHost: true
          osDisk:
            diskEncryptionSet:
              name: jima07a-des
              resourceGroup: jima07a-rg
              subscriptionId: 53b8f551-f0fc-4bea-8cba-6d1fefd54c8a
            diskSizeGB: 0
            diskType: ""
          osImage:
            offer: ""
            publisher: ""
            sku: ""
            version: ""
          type: ""
      replicas: 3
    controlPlane:
      architecture: amd64
      hyperthreading: Enabled
      name: master
      platform:
        azure:
          encryptionAtHost: true
          osDisk:
            diskEncryptionSet:
              name: jima07a-des
              resourceGroup: jima07a-rg
              subscriptionId: 53b8f551-f0fc-4bea-8cba-6d1fefd54c8a
            diskSizeGB: 0
            diskType: ""
          osImage:
            offer: ""
            publisher: ""
            sku: ""
            version: ""
          type: ""
      replicas: 3
    metadata:
      creationTimestamp: null
      name: jimadesa
    networking:
      clusterNetwork:
      - cidr: 10.128.0.0/14
        hostPrefix: 23
      machineNetwork:
      - cidr: 10.0.0.0/16
      networkType: OVNKubernetes
      serviceNetwork:
      - 172.30.0.0/16
    platform:
      azure:
        baseDomainResourceGroupName: os4-common
        cloudName: AzurePublicCloud
        defaultMachinePlatform:
          osDisk:
            diskEncryptionSet:
              name: jima07a-des
              resourceGroup: jima07a-rg
            diskSizeGB: 0
            diskType: ""
          osImage:
            offer: ""
            publisher: ""
            sku: ""
            version: ""
          type: ""
        outboundType: Loadbalancer
        region: centralus
    publish: External

It works well when setting disk encryption set without subscriptionId under defalutMachinePlatform or controlPlane/compute.   

      Version-Release number of selected component (if applicable):

      4.13.0-0.nightly-2023-03-05-104719

      How reproducible:

      Always on 4.11, 4.12, 4.13

      Steps to Reproduce:

      1. Prepare install-config, configure diskEncrpytionSet under defaultMchinePlatform, controlPlane and compute without subscriptionId
2. Install cluster 
3.

      Actual results:

      Cluster is installed successfully

      Expected results:

      installer failed

      Additional info:

       

       

       

       

              jhixson_redhat John Hixson
              openshift-crt-jira-prow OpenShift Prow Bot
              None
              None
              Jinyun Ma Jinyun Ma
              None
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: