[OCPBUGS-39402] UPI playbooks when master schedulable fails

Type: Bug
Resolution: Done-Errata
Priority: Normal
Fix Version/s: None
Affects Version/s: 4.16, 4.17, 4.18
Component/s: Installer / OpenShift on OpenStack
Labels:
- QA-Triaged
- Triaged

Test Coverage:

+
Regression:
None
Sprint:
ShiftStack Sprint 259
sprint_count:
1
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Text:

Hide
* Previously, a coding issue caused the Ansible script on {op-system} user-provisioned installation infrastructure to fail. This occurred when IPv6 was enabled for a three-node cluster. With this release, support is provided for installing a three-node cluster with
IPv6 enabled on {op-system}. (link:https://issues.redhat.com/browse/OCPBUGS-39402 [*~~OCPBUGS-39402~~ *])

Show
* Previously, a coding issue caused the Ansible script on {op-system} user-provisioned installation infrastructure to fail. This occurred when IPv6 was enabled for a three-node cluster. With this release, support is provided for installing a three-node cluster with IPv6 enabled on {op-system}. (link: https://issues.redhat.com/browse/OCPBUGS-39402 [* OCPBUGS-39402 *])
Release Note Type:
Bug Fix
Release Note Status:
Proposed
Target Version:

4.18.0
Target Backport Versions:

4.17.0, 4.16.z

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

There is a typo here: https://github.com/openshift/installer/blob/release-4.18/upi/openstack/security-groups.yaml#L370

It should be os_subnet6_range.

That task is only run if os_master_schedulable is defined and greater to 0 in the inventory.yaml

blocks

OCPBUGS-39409 UPI playbooks when master schedulable fails

Closed

is cloned by

OCPBUGS-39409 UPI playbooks when master schedulable fails

Closed

OCPBUGS-41334 UPI playbooks when master schedulable fails

Closed

links to

openshift/installer#8942: OCPBUGS-39402: Fix IPv6 security group rule for schedulable master

RHEA-2024:6122 OpenShift Container Platform 4.18.z bug fix update

Errata Tool added a comment - 2025/02/25 4:45 AM

Since the problem described in this issue should be resolved in a recent advisory, it has been closed.

For information on the advisory (Important: OpenShift Container Platform 4.18.1 bug fix and security update), and where to find the updated files, follow the link below.

If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHSA-2024:6122

Errata Tool added a comment - 2025/02/25 4:45 AM Since the problem described in this issue should be resolved in a recent advisory, it has been closed. For information on the advisory (Important: OpenShift Container Platform 4.18.1 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2024:6122

Itshak Brown added a comment - 2024/09/16 12:08 PM

The fix is in place:
$ cat ostest/security-groups.yaml
[...]
    - name: 'Create master-sg rule "router"'
      openstack.cloud.security_group_rule:
        security_group: "{{ os_sg_master }}"
        ethertype: IPv6
        protocol: tcp
        remote_ip_prefix: "{{ os_subnet6_range }}"
        port_range_min: 1936
        port_range_max: 1936
      when: os_master_schedulable is defined and os_master_schedulable
[...]$ cat playbooks_logs/security-groups.log
[...]
TASK [Create master-sg rule "router"] ******************************************
changed: [localhost]
[...]And the IPv6 rule is added to the master security group:
$ openstack security group rule list ostest-nzkgq-master | grep 1936 | grep IPv6
| 333fc37e-e325-4f7f-9b56-c55d33d00747 | tcp         | IPv6      | fd2e:6f44:5dd8:c956::/64 | 1936:1936   | ingress   | None                  | None                 |

Verified with: 4.18.0-0.nightly-2024-09-13-024933

Itshak Brown added a comment - 2024/09/16 12:08 PM The fix is in place: $ cat ostest/security-groups.yaml [...] - name: 'Create master-sg rule "router" ' openstack.cloud.security_group_rule: security_group: "{{ os_sg_master }}" ethertype: IPv6 protocol: tcp remote_ip_prefix: "{{ os_subnet6_range }}" port_range_min: 1936 port_range_max: 1936 when: os_master_schedulable is defined and os_master_schedulable [...]$ cat playbooks_logs/security-groups.log [...] TASK [Create master-sg rule "router" ] ****************************************** changed: [localhost] [...]And the IPv6 rule is added to the master security group: $ openstack security group rule list ostest-nzkgq-master | grep 1936 | grep IPv6 | 333fc37e-e325-4f7f-9b56-c55d33d00747 | tcp | IPv6 | fd2e:6f44:5dd8:c956::/64 | 1936:1936 | ingress | None | None | Verified with: 4.18.0-0.nightly-2024-09-13-024933

OpenShift On OpenStack added a comment - 2024/09/04 7:01 AM

Removing the Triaged label because:

the Priority assessment is missing

OpenShift On OpenStack added a comment - 2024/09/04 7:01 AM Removing the Triaged label because: the Priority assessment is missing

Assignee:: Martin André

Reporter:: Ramón Lobillo

QA Contact:: Itshak Brown

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2024/09/03 12:54 PM

Updated:: 2025/02/25 4:45 AM

Resolved:: 2025/02/25 4:45 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

Collapse comment: Errata Tool added a comment - 2025/02/25 4:45 AM

Expand comment: Errata Tool added a comment - 2025/02/25 4:45 AM

Collapse comment: Itshak Brown added a comment - 2024/09/16 12:08 PM

Expand comment: Itshak Brown added a comment - 2024/09/16 12:08 PM

Collapse comment: OpenShift On OpenStack added a comment - 2024/09/04 7:01 AM

Expand comment: OpenShift On OpenStack added a comment - 2024/09/04 7:01 AM

People

Dates