Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-46596

ec2:DescribeInstanceTypeOfferings should be required

XMLWordPrintable

    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • 2
    • Moderate
    • None
    • None
    • None
    • OpenShift SPLAT - Sprint 268
    • 1
    • Done
    • Bug Fix
    • Hide
      * Previously, if you attempted to install an {aws-first} cluster with minimum privileges and you did not specify an instance type in the `install-config.yaml` file, installation of the cluster failed. This issue happened because the installation program could not find supported instance types that the cluster uses in availability zones. For example, the `m6i.xlarge` default instance type was unavailable in `ap-southeast-4` and `eu-south-2` regions. With this release, the `openshift-install` program now requires the `ec2:DescribeInstanceTypeOfferings` {aws-short} permission so to prevent the installation of the cluster from failing in situations where `m6i.xlarge` or another support instance type is unavailable in a supported availability zone. (link:https://issues.redhat.com/browse/OCPBUGS-46596[OCPBUGS-46596])
      Show
      * Previously, if you attempted to install an {aws-first} cluster with minimum privileges and you did not specify an instance type in the `install-config.yaml` file, installation of the cluster failed. This issue happened because the installation program could not find supported instance types that the cluster uses in availability zones. For example, the `m6i.xlarge` default instance type was unavailable in `ap-southeast-4` and `eu-south-2` regions. With this release, the `openshift-install` program now requires the `ec2:DescribeInstanceTypeOfferings` {aws-short} permission so to prevent the installation of the cluster from failing in situations where `m6i.xlarge` or another support instance type is unavailable in a supported availability zone. (link: https://issues.redhat.com/browse/OCPBUGS-46596 [ OCPBUGS-46596 ])
    • None
    • None
    • None
    • None

      Description of problem:

         When instance types are not specified in the machine pool, the installer checks which instance types (from a list) are available in a given az. If the ec2:DescribeInstanceType permission is not present, the check will fail gracefully and default to using the m6i instance type. This instance type is not available in all regions (e.g. ap-southeast-4 and eu-south-2), so those installs will fail.

OCPBUGS-45218 describes a similar issue with edge nodes.

ec2:DescribeInstanceTypeOfferings is not a controversial permission and should be required by default for all installs to avoid this type of issue.

      Version-Release number of selected component (if applicable):

          Affects all versions, but we will just fix in main (4.19)

      How reproducible:

          Always

      Steps to Reproduce:

      See OCPBUGS-45218 for one example.

Another example (unverified)
    1. Use permissions without ec2:DescribeInstanceTypeOfferings
    2. Install config: set region to eu-south-2 or ap-southeast-4. Do not set instance types
    3. Installer should default to m6i instance type (can be confirmed from machine manifests).
    4.  Install will fail as m6i instances are not available in those regions: https://docs.aws.amazon.com/ec2/latest/instancetypes/ec2-instance-regions.html    

      Actual results:

          Install fails due to unavailable m6i instance

      Expected results:

          Installer should select different instance type, m5

      Additional info:

       

              rhn-support-mrbraga Marco Braga
              padillon Patrick Dillon
              None
              None
              Yunfei Jiang Yunfei Jiang
              None
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: