Bug 1870193

Summary: Upgrade from 4.4.0-0.nightly-2020-07-30-212136 to 4.4.16
Product: OpenShift Container Platform Reporter: Andreas Karis <akaris>
Component: Cluster Version OperatorAssignee: Over the Air Updates <aos-team-ota>
Status: CLOSED NOTABUG QA Contact: Johnny Liu <jialiu>
Severity: medium Docs Contact:
Priority: high    
Version: 4.4CC: aos-bugs, assingh, bniver, chaoyang, dmoessne, ebenahar, ekuric, emahoney, eparis, gmeno, hchiramm, jhou, jokerman, jsafrane, jupierce, kramdoss, madam, mrajanna, muagarwa, ocs-bugs, ratamir, rperiyas, scuppett, sostapov, sponnaga, vlaad, wking, ykaul
Target Milestone: ---Keywords: Reopened, Tracking, Upgrades
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1836198 Environment:
Last Closed: 2020-08-25 17:30:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1836198, 1839933, 1854311, 1854312    
Bug Blocks:    

Comment 3 W. Trevor King 2020-08-19 17:00:08 UTC 
Blindly updating with --force is rarely a good idea, because --force overrides a series of cluster-side guards, and you usually want those guards protecting you [1].  If you want to initiate an update to a release that is not one of your ClusterVersion status.availableUpdates, it is better to use [2]:

  $ oc adm upgrade --allow-explicit-upgrade --to-image $BY_DIGEST_PULLSPEC

If the cluster then complains about a failed in-cluster update guard, you may consider using --force to waive that failed guard, but it will also waive any subsequent guard failures on that update.  So --force is definitely not something you want to use without very carefully reviewing the update in question and taking responsibility for the guards you are waiving.

[1]: https://github.com/openshift/oc/pull/387
[2]: https://docs.openshift.com/container-platform/4.5/updating/updating-restricted-network-cluster.html#update-restricted_updating-restricted-network-cluster
Comment 9 Scott Dodson 2020-08-24 14:00:37 UTC 
You can only use versions (aka: --to 4.4.17) when you're somewhere on the graph and 4.4.17 is a valid upgrade path. Since they're running a nightly that's not on the upgrade graph they'll need to specify --allow-explicit-upgrade and --to-image options along with the image pullspec with digest. The following is correct command to run in order to upgrade to 4.4.17.

# oc adm upgrade --allow-explicit-upgrade --to-image quay.io/openshift-release-dev/ocp-release@sha256:624e84b5d22cb865ee1be32aa6e3feea99917c6081f7a9c5b1185fc9934d23f3
Comment 10 Andreas Karis 2020-08-24 14:19:45 UTC 
Thanks!
Comment 11 W. Trevor King 2020-08-25 17:13:21 UTC 
Not entirely clear what's left to do here, but the team email is not an assigned dev, so moving this back to NEW.
Comment 12 Scott Dodson 2020-08-25 17:30:30 UTC 
There's no defect described here, just uncertainty regarding a one-off out of process customer engagement. Closing this bug.