Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-28370

HCP deletion can get stuck if CPO is unable to delete the default worker security group

    XMLWordPrintable

Details

    • Moderate
    • No
    • Hypershift Sprint 249, Hypershift Sprint 250
    • 2
    • False
    • Hide

      None

      Show
      None

    Description

      Description of problem:

      If a ROSA HCP customer uses the default worker security group that the CPO creates for some other purpose (i.e. creates their own VPC Endpoint or EC2 instance using this security group) and then starts an uninstallation - the uninstallation will hang indefinitely because the CPO is unable to delete the security group.

https://github.com/openshift/hypershift/blob/9e6255e5e44c8464da0850f8c19dc085bdbaf8cb/control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller.go#L317-L331    

      Version-Release number of selected component (if applicable):

      4.14.8

      How reproducible:

      100%

      Steps to Reproduce:

          1. Create a ROSA HCP cluster
    2. Attach the default worker security group to some other object unrelated to the cluster, like an EC2 instance or VPC Endpoint
    3. Uninstall the ROSA HCP cluster

      Actual results:

      The uninstall hangs without much feedback to the customer

      Expected results:

      Either that the uninstall gives up and moves on eventually, or that clear feedback is provided to the customer, so that they know that the uninstall is held up because of an inability to delete a specific security group id. If this feedback mechanism is already in place, but not wired through to OCM, this may not be an OCPBUGS and could just be an OCM bug instead!

      Additional info:

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-30742 [4.15] HCP deletion can get stuck if CPO is unable to delete the default worker security group

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Closed
          is depended on by

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-30742 [4.15] HCP deletion can get stuck if CPO is unable to delete the default worker security group

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Closed
          links to

          GitHub openshift/hypershift#3622: OCPBUGS-28370: Skip SG deletion if it has dependancy violation

          GitHub openshift/hypershift#3661: OCPBUGS-28370: Use correct return error when destroying AWS SG

          Web Link RHEA-2024:0041 OpenShift Container Platform 4.16.z bug fix update

          Activity

            People

              pstefans@redhat.com Patryk Stefanski
              mshen.openshift Michael Shen
              He Liu He Liu
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated: