-
Bug
-
Resolution: Done-Errata
-
Critical
-
4.14
-
+
-
Important
-
Yes
-
ShiftStack Sprint 243, ShiftStack Sprint 244
-
2
-
Rejected
-
False
-
-
-
Bug Fix
-
Proposed
Description of problem:
while creating a service with type:LoadBalancer and the workers include provider network secondary interfaces, CCM is complaining:
2023-10-21T04:16:47.399130931Z E1021 04:16:47.398913 1 controller.go:291] error processing service lb-tcp-verification-ns/lb-tcp-verification-svc (will retry): failed to ensure load balancer: failed when reconciling security groups for LB service lb-tcp-verification-ns/lb-tcp-verification-svc: failed to update security group for port 6d2389f1-5f47-4130-bb00-2dc61a6af1e4: Bad request with: [PUT https://overcloud.redhat.local:13696/v2.0/ports/6d2389f1-5f47-4130-bb00-2dc61a6af1e4], error message: {"NeutronError": {"type": "PortSecurityAndIPRequiredForSecurityGroups", "message": "Port security must be enabled and port must have an IP address in order to use security groups.", "detail": ""}} 2023-10-21T04:16:47.399130931Z I1021 04:16:47.399031 1 event.go:307] "Event occurred" object="lb-tcp-verification-ns/lb-tcp-verification-svc" fieldPath="" kind="Service" apiVersion="v1" type="Warning" reason="SyncLoadBalancerFailed" message="Error syncing load balancer: failed to ensure load balancer: failed when reconciling security groups for LB service lb-tcp-verification-ns/lb-tcp-verification-svc: failed to update security group for port 6d2389f1-5f47-4130-bb00-2dc61a6af1e4: Bad request with: [PUT https://overcloud.redhat.local:13696/v2.0/ports/6d2389f1-5f47-4130-bb00-2dc61a6af1e4], error message: {\"NeutronError\": {\"type\": \"PortSecurityAndIPRequiredForSecurityGroups\", \"message\": \"Port security must be enabled and port must have an IP address in order to use security groups.\", \"detail\": \"\"}}
Version-Release number of selected component (if applicable): 4.14 with OVN-K and OpenShiftSDN NetworkType. Issue is observed in 17.1 and 16.2 latest delivered puddles. This issue is a regression: it is not observed in <=4.13.
How reproducible: Always
Steps to Reproduce: Deploy cluster with provider network secondary interfaces and create a service with type:LoadBalancer.
Actual results: The service never become ready.
Expected results: The service is working as expected.
Additional info: Must-gather provided on private comment.
- is cloned by
-
OCPBUGS-22974 failure creating openstack LoadBalancer when workers include a provider Network secondary interface
- Closed
- is depended on by
-
OCPBUGS-22974 failure creating openstack LoadBalancer when workers include a provider Network secondary interface
- Closed
- links to
-
RHEA-2023:7198 rpm