Bug 1904584
Summary: | Operator upgrades can delete existing CSV before completion | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | OpenShift BugZilla Robot <openshift-bugzilla-robot> |
Component: | OLM | Assignee: | Vu Dinh <vdinh> |
OLM sub component: | OLM | QA Contact: | Salvatore Colangelo <scolange> |
Status: | CLOSED ERRATA | Docs Contact: | |
Severity: | urgent | ||
Priority: | urgent | CC: | alkazako, assingh, bandrade, dageoffr, ecordell, htariq, kaczynsk, krizza, nhale |
Version: | 4.4 | Keywords: | Triaged |
Target Milestone: | --- | ||
Target Release: | 4.5.z | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-03-03 04:40:30 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1904583 | ||
Bug Blocks: | 1904585 |
Comment 3
Kevin Rizza
2021-02-08 19:47:03 UTC
[scolange@scolange ~]$ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.5.33 True False 4h35m Cluster version is 4.5.33 [scolange@scolange ~]$ oc -n openshift-operator-lifecycle-manager exec catalog-operator-cf7576f5b-7zbfg -- olm --version OLM version: 0.15.1 git commit: 83b6bbad794dec0fc1b923f1dab7aa08d1874cd2 1, Consume this special CatalogSource image. [scolange@scolange ~]$ cat cs-etcd.yaml apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: name: etcd-test namespace: openshift-marketplace spec: displayName: Salvo Test publisher: Salvo sourceType: grpc image: quay.io/olmqe/etcd-index:0.9.4-sa updateStrategy: registryPoll: interval: 10m [scolange@scolange ~]$ oc create -f cs-etcd.yaml catalogsource.operators.coreos.com/etcd-test created [scolange@scolange ~]$ oc get catalogsource -n openshift-marketplace NAME DISPLAY TYPE PUBLISHER AGE ... etcd-test Salvo Test grpc Salvo 60s 2, subscribe to the etcd operator with manual approval. [scolange@scolange ~]$ cat og.yaml apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: test-og namespace: default spec: targetNamespaces: - default [scolange@scolange ~]$oc create -f og.yaml operatorgroup.operators.coreos.com/test-og created [scolange@scolange ~]$ cat sub-0.9.2.yaml apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: etcd-sub namespace: default spec: installPlanApproval: Manual channel: alpha name: etcd source: etcd-test sourceNamespace: openshift-marketplace startingCSV: etcdoperator.v0.9.2 [scolange@scolange ~]$ oc create -f sub-0.9.2.yaml subscription.operators.coreos.com/etcd-sub created [scolange@scolange ~]$ oc get sub -n default NAME PACKAGE SOURCE CHANNEL etcd-sub etcd etcd-test alpha [scolange@scolange ~]$ oc get ip -n default NAME CSV APPROVAL APPROVED install-672hf etcdoperator.v0.9.2 Manual false [scolange@scolange ~]$ oc get csv -n default No resources found in default namespace. 3, Approve etcdoperator.v0.9.2 [scolange@scolange ~]$ oc get csv NAME DISPLAY VERSION REPLACES PHASE etcdoperator.v0.9.2 etcd 0.9.2 Succeeded [scolange@scolange ~]$ oc get ip NAME CSV APPROVAL APPROVED install-672hf etcdoperator.v0.9.2 Manual true install-mj5k3 etcdoperator.v0.9.4 Manual false 4, Approve etcdoperator.v0.9.4 [scolange@scolange ~]$ oc get ip NAME CSV APPROVAL APPROVED install-672hf etcdoperator.v0.9.2 Manual true install-mj5k3 etcdoperator.v0.9.4 Manual true [scolange@scolange ~]$ oc get csv NAME DISPLAY VERSION REPLACES PHASE etcdoperator.v0.9.2 etcd 0.9.2 Replacing etcdoperator.v0.9.4 etcd 0.9.4 etcdoperator.v0.9.2 Pending [scolange@scolange ~]$ oc get sa NAME SECRETS AGE builder 2 71m default 2 41m deployer 2 71m etcd-operator 2 2m11s , The sa still exist and the owner is v0.9.2 csv. [scolange@scolange ~]$ oc get sa etcd-operator -o yaml apiVersion: v1 imagePullSecrets: name: etcd-operator namespace: default ownerReferences: - apiVersion: operators.coreos.com/v1alpha1 blockOwnerDeletion: false controller: false kind: ClusterServiceVersion name: etcdoperator.v0.9.2 uid: c99f5618-0f1c-449b-9066-ba79ca48d31b resourceVersion: "32632" The error info is "Service account is not owned by this ClusterServiceVersion", LGTM. Verify it. [scolange@scolange ~]$ oc get sa etcd-operator -o yaml apiVersion: v1 imagePullSecrets: - name: etcd-operator-dockercfg-8f8fk kind: ServiceAccount ... - group: "" kind: ServiceAccount message: Service account is not owned by this ClusterServiceVersion name: etcd-operator status: PresentNotSatisfied version: v1 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: OpenShift Container Platform 4.5.33 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:0428 |