Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-2508

Worker creation fails within provider networks (as primary and secondary)

    XMLWordPrintable

Details

    • +
    • Important
    • ShiftStack Sprint 226
    • 1
    • Rejected
    • False
    • Hide

      None

      Show
      None
    • None, because this code is not executed in 4.12.

    Description

      Description of problem:

      Installer fails due to Neutron policy error when creating Openstack servers for OCP master nodes.

$ oc get machines -A
NAMESPACE               NAME                          PHASE          TYPE   REGION   ZONE   AGE
openshift-machine-api   ostest-kwtf8-master-0         Running                               23h
openshift-machine-api   ostest-kwtf8-master-1         Running                               23h
openshift-machine-api   ostest-kwtf8-master-2         Running                               23h
openshift-machine-api   ostest-kwtf8-worker-0-g7nrw   Provisioning                          23h
openshift-machine-api   ostest-kwtf8-worker-0-lrkvb   Provisioning                          23h
openshift-machine-api   ostest-kwtf8-worker-0-vwrsk   Provisioning                          23h

$ oc -n openshift-machine-api logs machine-api-controllers-7454f5d65b-8fqx2 -c machine-controller
[...]
E1018 10:51:49.355143       1 controller.go:317] controller/machine_controller "msg"="Reconciler error" "error"="error creating Openstack instance: Failed to create port err: Request forbidden: [POST https://overcloud.redhat.local:13696/v2.0/ports], error message: {\"NeutronError\": {\"type\": \"PolicyNotAuthorized\", \"message\": \"(rule:create_port and (rule:create_port:allowed_address_pairs and (rule:create_port:allowed_address_pairs:ip_address and rule:create_port:allowed_address_pairs:ip_address))) is disallowed by policy\", \"detail\": \"\"}}" "name"="ostest-kwtf8-worker-0-lrkvb" "namespace"="openshift-machine-api"

      Version-Release number of selected component (if applicable):

      4.10.0-0.nightly-2022-10-14-023020

      How reproducible:

      Always

      Steps to Reproduce:

      1. Install 4.10 within provider networks (in primary or secondary interface)

      Actual results:

      Installation failure:
4.10.0-0.nightly-2022-10-14-023020: some cluster operators have not yet rolled out

      Expected results:

      Successful installation

      Additional info:

      Please find must-gather for installation on primary interface link here and for installation on secondary interface link here.

       

      Attachments

        Issue Links

          blocks

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-2626 Worker creation fails within provider networks (as primary and secondary)

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed
          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-2626 Worker creation fails within provider networks (as primary and secondary)

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed
          links to

          GitHub openshift/cluster-api-provider-openstack#247: OCPBUGS-2508: Ensure network defs without subnet follow noAllowedAddressPairs

          Activity

            People

              maandre@redhat.com Martin André
              juriarte@redhat.com Jon Uriarte
              Jon Uriarte Jon Uriarte
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: