Bug 2065507

Summary: `oc adm upgrade` should return ReleaseAccepted condition to show upgrade status.
Product: OpenShift Container Platform Reporter: liujia <jiajliu>
Component: ocAssignee: David Hurta <dhurta>
oc sub component: oc QA Contact: liujia <jiajliu>
Status: CLOSED ERRATA Docs Contact:
Severity: medium    
Priority: medium CC: aos-bugs, mfojtik, mifiedle, wking
Version: 4.11   
Target Milestone: ---   
Target Release: 4.11.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-08-10 10:54:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2087248    

Description liujia 2022-03-18 02:06:32 UTC 
Description of problem:
Due to the prs landed for https://bugzilla.redhat.com/show_bug.cgi?id=1822752, the blocked update(payload is not signed or available) status through `PROGRESSING` condition is not valid now. And in this situation, only new condition `ReleaseAccepted` indicated the failure to trigger upgrade. But we can not check this condition from `oc adm upgrade` command, which is recommended for users to check the update status.

More details in https://issues.redhat.com/browse/OTA-589.

Version-Release number of the following components:
4.11.0-0.nightly-2022-02-24-054925
refer to step 2 in https://bugzilla.redhat.com/show_bug.cgi?id=1822752#c39 

How reproducible:
always

Steps to Reproduce:
1. refer to steps in https://bugzilla.redhat.com/show_bug.cgi?id=1822752#c39 
2.
3.

Actual results:
Users can not check the upgrade status through `oc adm upgrade` while condition ReleaseAccepted check fail.

Expected results:
`oc adm upgrade` should also return this new condition to properly show upgrade status.

Additional info:
Please attach logs from ansible-playbook with the -vvv flag
Comment 1 Jack Ottofaro 2022-04-26 18:26:05 UTC 
*** Bug 2061444 has been marked as a duplicate of this bug. ***
Comment 3 liujia 2022-05-17 06:27:35 UTC 
# ./oc version
Client Version: 4.11.0-0.nightly-2022-05-14-193620
Kustomize Version: v4.5.4

When payload is not signed or available happen, the upgrade will not be triggered while `oc adm upgrade` will return ReleaseAccepted status.
1. Trying to upgrade a cluster to an unsigned payload.
# ./oc adm upgrade
Cluster version is 4.10.11

ReleaseAccepted=False

  Reason: RetrievePayload
  Message: Retrieving payload failed version="" image="registry.ci.openshift.org/ocp/release@sha256:60a93f1ca1a0e3db1916b201ee2c846f70ba6991cdcdac96b12e740574c9daa1" failure=The update cannot be verified: unable to locate a valid signature for one or more sources

# ./oc get clusterversion -ojson|jq -r '.items[].status.conditions[]|select(.type=="ReleaseAccepted")'
{
  "lastTransitionTime": "2022-05-17T10:04:28Z",
  "message": "Retrieving payload failed version=\"\" image=\"registry.ci.openshift.org/ocp/release@sha256:60a93f1ca1a0e3db1916b201ee2c846f70ba6991cdcdac96b12e740574c9daa1\" failure=The update cannot be verified: unable to locate a valid signature for one or more sources",
  "reason": "RetrievePayload",
  "status": "False",
  "type": "ReleaseAccepted"
}

2. Trying to upgrade a cluster to an unavailable payload.
# ./oc adm upgrade
Cluster version is 4.10.14

ReleaseAccepted=False

  Reason: RetrievePayload
  Message: Retrieving payload failed version="" image="quay.io/openshift-release-dev-test/ocp-release@sha256:39efe13ef67cb4449f5e6cdd8a26c83c07c6a2ce5d235dfbc3ba58c64418fcf3" failure=Unable to download and prepare the update: deadline exceeded, reason: "DeadlineExceeded", message: "Job was active longer than specified deadline"

# ./oc get clusterversion -ojson|jq -r '.items[].status.conditions[]|select(.type=="ReleaseAccepted")'
{
  "lastTransitionTime": "2022-05-17T05:03:23Z",
  "message": "Retrieving payload failed version=\"\" image=\"quay.io/openshift-release-dev-test/ocp-release@sha256:39efe13ef67cb4449f5e6cdd8a26c83c07c6a2ce5d235dfbc3ba58c64418fcf3\" failure=Unable to download and prepare the update: deadline exceeded, reason: \"DeadlineExceeded\", message: \"Job was active longer than specified deadline\"",
  "reason": "RetrievePayload",
  "status": "False",
  "type": "ReleaseAccepted"
}

Do more regression test on other precondition checks, which will also return ReleaseAccepted.
1. Precondition check for etcd backup
# ./oc adm upgrade
Cluster version is 4.10.11

ReleaseAccepted=False

  Reason: PreconditionChecks
  Message: Preconditions failed for payload loaded version="4.11.0-0.nightly-2022-05-11-054135" image="registry.ci.openshift.org/ocp/release@sha256:5967359c2bfee0512030418af0f69faa3fa74a81a89ad64a734420e020e7f107": Precondition "EtcdRecentBackup" failed because of "ControllerStarted": 

# ./oc get clusterversion -ojson|jq -r '.items[].status.conditions[]|select(.type=="ReleaseAccepted")'
{
  "lastTransitionTime": "2022-05-17T10:09:41Z",
  "message": "Preconditions failed for payload loaded version=\"4.11.0-0.nightly-2022-05-11-054135\" image=\"registry.ci.openshift.org/ocp/release@sha256:5967359c2bfee0512030418af0f69faa3fa74a81a89ad64a734420e020e7f107\": Precondition \"EtcdRecentBackup\" failed because of \"ControllerStarted\": ",
  "reason": "PreconditionChecks",
  "status": "False",
  "type": "ReleaseAccepted"
}

2. Precondition check for upgradeable=false
# ./oc adm upgrade
Cluster version is 4.10.14

Upgradeable=False

  Reason: ClusterVersionOverridesSet
  Message: Disabling ownership via cluster version overrides prevents upgrades. Please remove overrides before continuing.

ReleaseAccepted=False

  Reason: PreconditionChecks
  Message: Preconditions failed for payload loaded version="4.10.15" image="quay.io/openshift-release-dev/ocp-release@sha256:ddcb70ce04a01ce487c0f4ad769e9e36a10c8c832a34307c1b1eb8e03a5b7ddb": Precondition "ClusterVersionUpgradeable" failed because of "ClusterVersionOverridesSet": Disabling ownership via cluster version overrides prevents upgrades. Please remove overrides before continuing.

# ./oc get clusterversion -ojson|jq -r '.items[].status.conditions[]|select(.type=="ReleaseAccepted")'
{
  "lastTransitionTime": "2022-05-17T06:23:11Z",
  "message": "Preconditions failed for payload loaded version=\"4.10.15\" image=\"quay.io/openshift-release-dev/ocp-release@sha256:ddcb70ce04a01ce487c0f4ad769e9e36a10c8c832a34307c1b1eb8e03a5b7ddb\": Precondition \"ClusterVersionUpgradeable\" failed because of \"ClusterVersionOverridesSet\": Disabling ownership via cluster version overrides prevents upgrades. Please remove overrides before continuing.",
  "reason": "PreconditionChecks",
  "status": "False",
  "type": "ReleaseAccepted"
}

Verified the bug.
Comment 5 errata-xmlrpc 2022-08-10 10:54:38 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:5069