Bug 1509192

Summary: `oc debug` pod does not work and shows "cannot set blockOwnerDeletion if an ownerReference ..."
Product: OpenShift Container Platform Reporter: Xingxing Xia <xxia>
Component: ocAssignee: Juan Vallejo <jvallejo>
Status: CLOSED ERRATA QA Contact: Xingxing Xia <xxia>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.7.0CC: aos-bugs, jforrest, jokerman, jvallejo, mmccomas
Target Milestone: ---Keywords: Regression
Target Release: 3.7.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-11-28 22:21:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Xingxing Xia 2017-11-03 10:18:51 UTC 
Description of problem:
`oc debug` pod does not work and shows "cannot set blockOwnerDeletion if an ownerReference ..."

Version-Release number of selected component (if applicable):
  First found in free-stg v3.7.0-0.178.2 (online version 3.6.0.35)
  Double reproduced in OCP v3.7.0-0.190.0

How reproducible:
Always

Steps to Reproduce:
1. Create any pod, e.g. create app via template "MySQL (Persistent)"
2. oc get pod
NAME             READY     STATUS    RESTARTS   AGE
dctest-1-4v89g   2/2       Running   0          11m
mysql-1-85ldc    1/1       Running   0          9m

3. $ oc debug mysql-1-85ldc # pod dctest-1-4v89g is same
Debugging with pod/mysql-1-85ldc-debug, original command: container-entrypoint run-mysqld
Error from server (Forbidden): pods "mysql-1-85ldc-debug" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: User "xingxingxia" cannot update replicationcontrollers/finalizers in project "xxia-proj", <nil>

4. oc debug dc/mysql
Debugging with pod/mysql-debug, original command: container-entrypoint run-mysqld
Waiting for pod to start ...

Actual results:
3. `oc debug` pod cannot work, but `oc debug` dc can

Expected results:
3. oc debug pod should work

Additional info:
Comment 1 Juan Vallejo 2017-11-03 19:11:37 UTC 
Origin PR: https://github.com/openshift/origin/pull/17178
Comment 3 Xingxing Xia 2017-11-07 09:35:42 UTC 
Verified in oc/OCP v3.7.0-0.196.0, thx
Like for DC, `oc debug` pod works now:
$ oc debug mysql-2-7vtp5
Debugging with pod/mysql-2-7vtp5-debug ...
...
sh-4.2$
Comment 6 errata-xmlrpc 2017-11-28 22:21:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:3188