Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-38009

Infra nodes install with invalid security group filter for 4.14/4.15 managed clusters

XMLWordPrintable

    • None
    • False
    • Hide

      None

      Show
      None
    • N/A
    • Release Note Not Required
    • Done

      Description of problem:

      The Infra nodes are not created in new installations at all for 4.14/4.15 clusters so far. We haven't come across this issue for 4.16 yet.

       

      The respective machineset for the infra nodes on the cluster do not have the required "-*worker-sg" filter for 4.14/4.15 versions. The machinepool status reports the following: 

          machineSets:
  - errorMessage: 'error getting security groups IDs: no security group found'
    errorReason: InvalidConfiguration
    maxReplicas: 1
    minReplicas: 1
    name: bprosa-usw2-p-fnqp5-infra-us-west-2a
    replicas: 1
  - errorMessage: 'error getting security groups IDs: no security group found'
    errorReason: InvalidConfiguration
    maxReplicas: 1
    minReplicas: 1
    name: bprosa-usw2-p-fnqp5-infra-us-west-2b
    replicas: 1
  - errorMessage: 'error getting security groups IDs: no security group found'
    errorReason: InvalidConfiguration
    maxReplicas: 1
    minReplicas: 1
    name: bprosa-usw2-p-fnqp5-infra-us-west-2c
    replicas: 1

      Version-Release number of selected component (if applicable):

      4.14.z / 4.15.z

      How reproducible:

      Always reproducible

      Steps to Reproduce:

          1.Install new OSD/ROSA classic cluster with version 4.14, 4.15
    2.Installation will pass but the infra nodes do not get created

      Actual results:

      For problematic clusters the machineset for infra nodes only have following two filters:

                securityGroups:
          - filters:
            - name: tag:Name
              values:
              - gtldevops-rrf4j-node
          - filters:
            - name: tag:Name
              values:
              - gtldevops-rrf4j-lb    

       

      Expected results:

      For 4.16 clusters or other working clusters there are three filters (*-worker-sg filter missing):

                securityGroups:
          - filters:
            - name: tag:Name
              values:
              - pt-cluster-fjvxt-worker-sg
          - filters:
            - name: tag:Name
              values:
              - pt-cluster-fjvxt-node
          - filters:
            - name: tag:Name
              values:
              - pt-cluster-fjvxt-lb    

      Additional info:

      • When machineset is manually updated on the cluster for the infra nodes to include the "*-worker-sg" filter then the infra nodes come up fine. This is the workaround solution which is applied for now on the affected clusters.

              asegurap1@redhat.com Antoni Segura Puimedon
              travi.openshift Ravi Trivedi
              Jianping Shu Jianping Shu
              Votes:
              0 Vote for this issue
              Watchers:
              17 Start watching this issue

                Created:
                Updated:
                Resolved: