-
Bug
-
Resolution: Done
-
Critical
-
4.10
-
+
-
Important
-
None
-
ShiftStack Sprint 226
-
1
-
Rejected
-
False
-
-
None, because this code is not executed in 4.12.
Description of problem:
Installer fails due to Neutron policy error when creating Openstack servers for OCP master nodes.
$ oc get machines -A
NAMESPACE NAME PHASE TYPE REGION ZONE AGE
openshift-machine-api ostest-kwtf8-master-0 Running 23h
openshift-machine-api ostest-kwtf8-master-1 Running 23h
openshift-machine-api ostest-kwtf8-master-2 Running 23h
openshift-machine-api ostest-kwtf8-worker-0-g7nrw Provisioning 23h
openshift-machine-api ostest-kwtf8-worker-0-lrkvb Provisioning 23h
openshift-machine-api ostest-kwtf8-worker-0-vwrsk Provisioning 23h
$ oc -n openshift-machine-api logs machine-api-controllers-7454f5d65b-8fqx2 -c machine-controller
[...]
E1018 10:51:49.355143 1 controller.go:317] controller/machine_controller "msg"="Reconciler error" "error"="error creating Openstack instance: Failed to create port err: Request forbidden: [POST https://overcloud.redhat.local:13696/v2.0/ports], error message: {\"NeutronError\": {\"type\": \"PolicyNotAuthorized\", \"message\": \"(rule:create_port and (rule:create_port:allowed_address_pairs and (rule:create_port:allowed_address_pairs:ip_address and rule:create_port:allowed_address_pairs:ip_address))) is disallowed by policy\", \"detail\": \"\"}}" "name"="ostest-kwtf8-worker-0-lrkvb" "namespace"="openshift-machine-api"
Version-Release number of selected component (if applicable):
4.10.0-0.nightly-2022-10-14-023020
How reproducible:
Always
Steps to Reproduce:
1. Install 4.10 within provider networks (in primary or secondary interface)
Actual results:
Installation failure: 4.10.0-0.nightly-2022-10-14-023020: some cluster operators have not yet rolled out
Expected results:
Successful installation
Additional info:
Please find must-gather for installation on primary interface link here and for installation on secondary interface link here.
- blocks
-
-
- Closed
-
- is cloned by
-
-
- Closed
-
- links to