Bug 1797624

Service catalog is remained in OCP 4.4 , when service catalog is enabled , it is ok to upgrade Cluster from 4.3 to 4.4 and also worked from 4.4-x to 4.4-x. 
The function can't be tested during the OCP 4.4 , should be checked during the OCP 4.5 and be checked upgrade from OCP 4.4 to OCP 4.5.

We still want this softening, independent of the service catalog issue (if this had just been a service-catalog issue, a generic CVO fix would have been a pretty big hack ;).

Hmm, I think this is still linked from the errata (at least, the Errata is still formally linked from the bug), so moving straight back into ON_QA.  Test should be "if any operator sets Upgradeable=False (not sure what an easy trigger for that would be), you can still get upgrades between 4.4 releases without having to force anything".  And, under the same conditions, updating to a 4.5 release should block on the Upgradeable=False.

Moving to ASSIGNED so this doesn't get swept back in by the Errata sweeper or anything, until we get a signed 4.5 release.

Actually, wait, there are signed 4.5 nightlies already.  For example [1]:

  $ curl -s https://mirror.openshift.com/pub/openshift-v4/signatures/openshift/release/sha256=b7178a13e23d56e27647b3f2896a141af8b61ed83d8eca258ec95bc9bbeb92cc/signature-1 | gpg --decrypt
  {"critical": {"image": {"docker-manifest-digest": "sha256:b7178a13e23d56e27647b3f2896a141af8b61ed83d8eca258ec95bc9bbeb92cc"}, "type": "atomic container signature", "identity": {"docker-reference": "quay.io/openshift-release-dev/ocp-release-nightly:4.5.0-0.nightly-2020-04-05-042758-x86_64"}}}gpg: Signature made Sat 04 Apr 2020 11:48:34 PM PDT using RSA key ID F21541EB
  gpg: Good signature from "Red Hat, Inc. (beta key 2) <security>"
  gpg:                 aka "Mark Cox Internal RSA 4096 test key <mjc>"
  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:          There is no indication that the signature belongs to the owner.
  Primary key fingerprint: B08B 659E E86A F623 BC90  E8DB 938A 80CA F215 41EB

You should be able to select that target with:

  $ oc adm --allow-explicit-upgrade --to-image quay.io/openshift-release-dev/ocp-release-nightly@sha256:b7178a13e23d56e27647b3f2896a141af8b61ed83d8eca258ec95bc9bbeb92cc

without using --force.

[1]: https://mirror.openshift.com/pub/openshift-v4/clients/ocp-dev-preview/4.5.0-0.nightly-2020-04-05-042758/

(In reply to W. Trevor King from comment #10)
> 
> You should be able to select that target with:
> 
>   $ oc adm --allow-explicit-upgrade --to-image
> quay.io/openshift-release-dev/ocp-release-nightly@sha256:
> b7178a13e23d56e27647b3f2896a141af8b61ed83d8eca258ec95bc9bbeb92cc
> 
> without using --force.
> 
> [1]:
> https://mirror.openshift.com/pub/openshift-v4/clients/ocp-dev-preview/4.5.0-
> 0.nightly-2020-04-05-042758/

Ok, thank you , I will try.

test result:
upgrade from 4.4.0-0.nightly-2020-04-04-025830 to 4.5.0-0.nightly-2020-04-05-042758
1.enable service-catalog
2.upgrade the cluster with command:
oc adm upgrade --allow-explicit-upgrade --to-image quay.io/openshift-release-dev/ocp-release-nightly@sha256:b7178a13e23d56e27647b3f2896a141af8b61ed83d8eca258ec95bc9bbeb92cc
3. the status of clusterversion, the upgrade is blocked
$ oc get clusterversion 
NAME      VERSION                             AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.4.0-0.nightly-2020-04-04-025830   True        True          23m     Unable to apply registry.svc.ci.openshift.org/ocp/release@sha256:b7178a13e23d56e27647b3f2896a141af8b61ed83d8eca258ec95bc9bbeb92cc: it may not be safe to apply this update

$ oc get clusterversion  -o yaml
apiVersion: v1
items:
- apiVersion: config.openshift.io/v1
  kind: ClusterVersion
  metadata:
    creationTimestamp: "2020-04-08T03:25:52Z"
    generation: 4
    name: version
    resourceVersion: "38140"
    selfLink: /apis/config.openshift.io/v1/clusterversions/version
    uid: eed2368a-3794-435d-999e-8f7326b6b650
  spec:
    channel: stable-4.4
    clusterID: 8fbf5684-36f6-4418-a91a-c12d73fb8ee8
    desiredUpdate:
      force: false
      image: registry.svc.ci.openshift.org/ocp/release@sha256:b7178a13e23d56e27647b3f2896a141af8b61ed83d8eca258ec95bc9bbeb92cc
      version: ""
    upstream: https://api.openshift.com/api/upgrades_info/v1/graph
  status:
    availableUpdates: null
    conditions:
    - lastTransitionTime: "2020-04-08T03:45:25Z"
      message: Done applying 4.4.0-0.nightly-2020-04-04-025830
      status: "True"
      type: Available
    - lastTransitionTime: "2020-04-08T04:25:25Z"
      message: |-
        Precondition "ClusterVersionUpgradeable" failed because of "ClusterOperatorsNotUpgradeable": Multiple cluster operators cannot be upgradeable:
        * Cluster operator service-catalog-apiserver cannot be upgraded: _Managed: Upgradeable: the apiserver is in a managed state, upgrades are not possible.
        * Cluster operator service-catalog-controller-manager cannot be upgraded: _Managed: Upgradeable: the controller manager is in a managed state, upgrades are not possible.
      reason: UpgradePreconditionCheckFailed
      status: "True"
      type: Failing
    - lastTransitionTime: "2020-04-08T04:25:10Z"
      message: 'Unable to apply registry.svc.ci.openshift.org/ocp/release@sha256:b7178a13e23d56e27647b3f2896a141af8b61ed83d8eca258ec95bc9bbeb92cc:
        it may not be safe to apply this update'
      reason: UpgradePreconditionCheckFailed
      status: "True"
      type: Progressing
    - lastTransitionTime: "2020-04-08T03:25:56Z"
      message: 'Unable to retrieve available updates: currently installed version
        4.4.0-0.nightly-2020-04-04-025830 not found in the "stable-4.4" channel'
      reason: VersionNotFound
      status: "False"
      type: RetrievedUpdates
    - lastTransitionTime: "2020-04-08T03:50:51Z"
      message: |-
        Multiple cluster operators cannot be upgradeable:
        * Cluster operator service-catalog-apiserver cannot be upgraded: _Managed: Upgradeable: the apiserver is in a managed state, upgrades are not possible.
        * Cluster operator service-catalog-controller-manager cannot be upgraded: _Managed: Upgradeable: the controller manager is in a managed state, upgrades are not possible.
      reason: ClusterOperatorsNotUpgradeable
      status: "False"
      type: Upgradeable
    desired:
      force: false
      image: registry.svc.ci.openshift.org/ocp/release@sha256:b7178a13e23d56e27647b3f2896a141af8b61ed83d8eca258ec95bc9bbeb92cc
      version: ""
    history:
    - completionTime: null
      image: registry.svc.ci.openshift.org/ocp/release@sha256:b7178a13e23d56e27647b3f2896a141af8b61ed83d8eca258ec95bc9bbeb92cc
      startedTime: "2020-04-08T04:25:10Z"
      state: Partial
      verified: true
      version: ""
    - completionTime: "2020-04-08T04:17:10Z"
      image: registry.svc.ci.openshift.org/ocp/release@sha256:5e727bba8407a963fb2bdd95aaa2e2ba6aa63bc58da1f7e69ea28c3f43b90dea
      startedTime: "2020-04-08T04:16:55Z"
      state: Completed
      verified: false
      version: 4.4.0-0.nightly-2020-04-04-025830
    - completionTime: "2020-04-08T04:16:55Z"
      image: quay.io/openshift-release-dev/ocp-release-nightly@sha256:b7178a13e23d56e27647b3f2896a141af8b61ed83d8eca258ec95bc9bbeb92cc
      startedTime: "2020-04-08T04:08:40Z"
      state: Partial
      verified: true
      version: ""
    - completionTime: "2020-04-08T03:45:25Z"
      image: registry.svc.ci.openshift.org/ocp/release@sha256:5e727bba8407a963fb2bdd95aaa2e2ba6aa63bc58da1f7e69ea28c3f43b90dea
      startedTime: "2020-04-08T03:25:56Z"
      state: Completed
      verified: false
      version: 4.4.0-0.nightly-2020-04-04-025830
    observedGeneration: 4
    versionHash: ofdLDDmvxiQ=
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0581