-
Bug
-
Resolution: Done
-
Normal
-
4.12.0
-
None
-
Important
-
None
-
Approved
-
False
-
-
-
Bug Fix
-
Done
For the disconnected installation , we should not be able to provision machines successfully with publicIP:true , this has been the behavior earlier till -
4.11 and around 17th Aug nightly released 4.12 , but it has started allowing creation of machines with publicIP:true set in machineset
Issue reproduced on - Cluster version - 4.12.0-0.nightly-2022-08-23-223922
It is always reproducible .
Steps :
Create machineset using yaml with
{"spec":{"providerSpec":{"value":{"publicIP": true}}}}
Machineset created successfully and machine provisioned successfully .
This seems to be regression bug refer - https://bugzilla.redhat.com/show_bug.cgi?id=1889620
Here is the must gather log - https://drive.google.com/file/d/1UXjiqAx7obISTxkmBsSBuo44ciz9HD1F/view?usp=sharing
Here is the test successfully ran for 4.11 , for exactly same profile and machine creation failed with InvalidConfiguration Error- https://mastern-jenkins-csb-openshift-qe.apps.ocp-c1.prod.psi.redhat.com/job/ocp-common/job/Runner/575822/console
We can confirm disconnected cluster using below there would be lot of mirrors used in those -
oc get ImageContentSourcePolicy image-policy-aosqe -o yaml apiVersion: operator.openshift.io/v1alpha1 kind: ImageContentSourcePolicy metadata: creationTimestamp: "2022-08-24T09:08:47Z" generation: 1 name: image-policy-aosqe resourceVersion: "34648" uid: 20e45d6d-e081-435d-b6bb-16c4ca21c9d6 spec: repositoryDigestMirrors: - mirrors: - miyadav-2408a.mirror-registry.qe.azure.devcluster.openshift.com:6001/olmqe source: quay.io/olmqe - mirrors: - miyadav-2408a.mirror-registry.qe.azure.devcluster.openshift.com:6001/openshifttest source: quay.io/openshifttest - mirrors: - miyadav-2408a.mirror-registry.qe.azure.devcluster.openshift.com:6001/openshift-qe-optional-operators source: quay.io/openshift-qe-optional-operators - mirrors: - miyadav-2408a.mirror-registry.qe.azure.devcluster.openshift.com:6002 source: registry.redhat.io - mirrors: - miyadav-2408a.mirror-registry.qe.azure.devcluster.openshift.com:6002 source: registry.stage.redhat.io - mirrors: - miyadav-2408a.mirror-registry.qe.azure.devcluster.openshift.com:6002 source: brew.registry.redhat.io
- is cloned by
-
-
- Closed
-
- links to
[OCPBUGS-519] publicIP is allowed in Azure disconnected installation for machines
fedosin , I discussed with installer team , and they suggested that disconnected can have both strategies , do you think anywhere we mention that in the docs I mean , we have this feature specifically for disconnected and private strategy ?
I mean the message we could modify to
Forbidden: publicIP is not allowed in Azure disconnected installation with publish strategy as internal
Milind Yadav
added a comment - - edited fedosin , I discussed with installer team , and they suggested that disconnected can have both strategies , do you think anywhere we mention that in the docs I mean , we have this feature specifically for disconnected and private strategy ?
I mean the message we could modify to
Forbidden: publicIP is not allowed in Azure disconnected installation with publish strategy as internal
Milind Yadav
added a comment - Thanks fedosin , will check with installer team how it got changed. Hey folks! I noticed that you didn't set `publish` strategy in the install-config, which automatically sets it to `External`.
After that installer enables PublicZone in the DNS config.
This is what I found in the provided muster-gather file for the DNS resource:
spec: baseDomain: miyadav-2408a.qe.azure.devcluster.openshift.com privateZone: id: /subscriptions/53b8f551-f0fc-4bea-8cba-6d1fefd54c8a/resourceGroups/miyadav-2408a-rlrc5-rg/providers/Microsoft.Network/privateDnsZones/miyadav-2408a.qe.azure.devcluster.openshift.com publicZone: id: /subscriptions/53b8f551-f0fc-4bea-8cba-6d1fefd54c8a/resourceGroups/os4-common/providers/Microsoft.Network/dnszones/qe.azure.devcluster.openshift.com
Machine API Operator has a check whether cluster is disconnected or not: dnsDisconnected: dns.Spec.PublicZone == nil. Since PublicZone has a value, dnsDisconnected is false in your case.
Finally, this validation passes successfully.
So, I think you need to update your install-config and add `publish: Internal`there.
Milind Yadav
added a comment - More info - In 4.11 we were testing using the default machineset , which doesn't populates managedDisks section and resourceID node also seems bit different from machineset that are used by installation. If we populate them as well , it gets provisioned on 4.11 as well.
Milind Yadav
added a comment - More info - In 4.11 we were testing using the default machineset , which doesn't populates managedDisks section and resourceID node also seems bit different from machineset that are used by installation. If we populate them as well , it gets provisioned on 4.11 as well. 
Since the problem described in this issue should be resolved in a recent advisory, it has been closed.
For information on the advisory, and where to find the updated files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHSA-2022:7399