Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-3220

[gcp][CORS-1774] DNS zone validation should be able to detect the privateDNSZone doesn't bind to the shared VPC

    XMLWordPrintable

Details

    • Rejected
    • False
    • Hide

      None

      Show
      None

    Description

      Description of problem:

      It's sort of negative testing, i.e. the specified DNS private zone doesn't bind to the shared VPC. The current behavior is, the installer doesn't check or detect it until waiting for bootstrap-complete failed. 

      Version-Release number of selected component (if applicable):

      $ openshift-install version
openshift-install 4.12.0-0.nightly-2022-10-25-210451
built from commit 14d496fdaec571fa97604a487f5df6a0433c0c68
release image registry.ci.openshift.org/ocp/release@sha256:d6cc07402fee12197ca1a8592b5b781f9f9a84b55883f126d60a3896a36a9b74
release architecture amd64

      How reproducible:

      Always

      Steps to Reproduce:

      1. try IPI XPN installation, but specify a gcp.platform.privateDNSZone which doesn't bind to the shared VPC

      Actual results:

      DNS zone validation isn't able to detect that the privateDNSZone doesn't bind to the shared VPC.

      Expected results:

      DNS zone validation should cover this, and show a clear error and then abort the installation.

      Additional info:

      $ openshift-install version
openshift-install 4.12.0-0.nightly-2022-10-25-210451
built from commit 14d496fdaec571fa97604a487f5df6a0433c0c68
release image registry.ci.openshift.org/ocp/release@sha256:d6cc07402fee12197ca1a8592b5b781f9f9a84b55883f126d60a3896a36a9b74
release architecture amd64
$ gcloud --project openshift-qe-shared-vpc dns managed-zones list --filter='name=qe-shared-vpc'
NAME           DNS_NAME                                        DESCRIPTION  VISIBILITY
qe-shared-vpc  qe-shared-vpc.qe.gcp.devcluster.openshift.com.               public
$ gcloud dns managed-zones describe jiwei-test2
cloudLoggingConfig:
  kind: dns#managedZoneCloudLoggingConfig
creationTime: '2022-11-04T06:04:26.494Z'
description: jiwei test zone
dnsName: jiwei-test2.qe-shared-vpc.qe.gcp.devcluster.openshift.com.
id: '7980570275365905986'
kind: dns#managedZone
name: jiwei-test2
nameServers:
- ns-gcp-private.googledomains.com.
privateVisibilityConfig:
  kind: dns#managedZonePrivateVisibilityConfig
  networks:
  - kind: dns#managedZonePrivateVisibilityConfigNetwork
    networkUrl: https://www.googleapis.com/compute/v1/projects/openshift-qe-shared-vpc/global/networks/aos-qe-network
visibility: private
$ 
$ yq-3.3.0 r test3/install-config.yaml baseDomain
qe-shared-vpc.qe.gcp.devcluster.openshift.com
$ yq-3.3.0 r test3/install-config.yaml metadata
creationTimestamp: null
name: jiwei-test2
$ yq-3.3.0 r test3/install-config.yaml platform
gcp:
  projectID: openshift-qe
  region: us-central1
  computeSubnet: installer-shared-vpc-subnet-2
  controlPlaneSubnet: installer-shared-vpc-subnet-1
  createFirewallRules: Disabled
  publicDNSZone:
    id: qe-shared-vpc
    project: openshift-qe-shared-vpc
  privateDNSZone:
    id: jiwei-test2
  network: installer-shared-vpc
  networkProjectID: openshift-qe-shared-vpc
$ 
$ openshift-install create cluster --dir test3
INFO Credentials loaded from file "/home/fedora/.gcp/osServiceAccount.json"
INFO Consuming Install Config from target directory
WARNING FeatureSet "TechPreviewNoUpgrade" is enabled. This FeatureSet does not allow upgrades and may affect the supportability of the cluster.
INFO Creating infrastructure resources...
INFO Waiting up to 20m0s (until 6:31AM) for the Kubernetes API at https://api.jiwei-test2.qe-shared-vpc.qe.gcp.devcluster.openshift.com:6443...
INFO API v1.25.2+4bd0702 up
INFO Waiting up to 30m0s (until 6:45AM) for bootstrapping to complete...
INFO Pulling VM console logs                      
INFO Pulling debug logs from the bootstrap machine 
ERROR Bootstrap failed to complete: timed out waiting for the condition 
ERROR Failed to wait for bootstrapping to complete. This error usually happens when there is a problem with control plane hosts that prevents the control plane operators from creating the control plane. 
WARNING The bootstrap machine is unable to resolve API and/or API-Int Server URLs 
INFO Checking validity of api-int.jiwei-test2.qe-shared-vpc.qe.gcp.devcluster.openshift.com of type API_INT_URL 
INFO Starting stage check-api-int-url             
INFO Unable to resolve API_INT_URL api-int.jiwei-test2.qe-shared-vpc.qe.gcp.devcluster.openshift.com 
INFO Bootstrap gather logs captured here "/home/fedora/test3/log-bundle-20221104064501.tar.gz" 
$ 

       

       

      Attachments

        Issue Links

          is related to

          Sub-task - The sub-task of the issue CORS-2030 QE Tracker

          • Undefined - Priority not specified.
          • Closed

          Activity

            People

              Unassigned Unassigned
              rhn-support-jiwei Jianli Wei
              Jianli Wei Jianli Wei
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: