Bug 1311207 - [supportability] protect package versions upon upgrade
[supportability] protect package versions upon upgrade
Status: CLOSED ERRATA
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer (Show other bugs)
3.1.0
Unspecified Unspecified
medium Severity high
: ---
: ---
Assigned To: Scott Dodson
liujia
:
Depends On:
Blocks: 1267746 1436343 1436348 1436350
  Show dependency treegraph
 
Reported: 2016-02-23 10:06 EST by Evgheni Dereveanchin
Modified: 2017-07-24 10 EDT (History)
11 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1436343 1436348 1436350 (view as bug list)
Environment:
Last Closed: 2017-04-12 14:47:20 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Evgheni Dereveanchin 2016-02-23 10:06:45 EST
Description of problem:
Currently updates between minor releases require a special sequence of updates:
https://access.redhat.com/documentation/en/openshift-enterprise/3.1/installation-and-configuration/chapter-3-upgrading-openshift#upgrading-to-openshift-enterprise-3-1-asynchronous-releases

This is quite fragile as a random "yum update" (for example to install a security errata) may lead to an unstable and unsupported environment.

Version-Release number of selected component (if applicable):
atomic-openshift-utils-3.0.35-1.git.0.6a386dd.el7aos.noarch

How reproducible:
always

Steps to Reproduce:
1. install OpenShift 3.1.0
2. run yum update

Actual results:
all openshift-related packages are updated, including ones that should be processed and post-configured by the installer

Expected results:
only atomic-openshift-utils gets updated, all other openshift packages are held at their current version.
running the installer installs the newest packages and configures them

Additional info:
RHEV uses yum-plugin-versionlock to lock versions and avoid breakage by accidental "yum install" runs.
Comment 1 Josep 'Pep' Turro Mauri 2016-06-16 09:32:31 EDT
Based on the recent challenges associated with docker 1.9 and 1.10 I believe it's worth reviewing this request and consider if version locking of key dependencies like docker should also be managed with help from the install/upgrade and associated tools.
Comment 2 Josep 'Pep' Turro Mauri 2016-06-22 08:34:13 EDT
Moving to the RFE component
Comment 5 Scott Dodson 2017-01-11 12:54:49 EST
Currently, atomic-openshift-excluder and atomic-openshift-docker-excluder packages have shipped for 3.3, 3.2, and 3.1. Those packages will also ship with 3.4 when it is released.

When installed, those packages will exclude atomic-openshift-* and docker-* from yum operations respectively.

However, it should be noted that currently the installer does not disable this functionality when performing an upgrade. So if an admin were to choose to install them subsequent upgrade playbooks would not upgrade the product without the admin manually disabling them.

We'll soon update the installer to disable the excluder when appropriate.
Comment 6 Scott Dodson 2017-02-15 12:23:36 EST
Excluders exist for 3.2 and newer. The 3.5 installer will disable them when performing an install or upgrade and then re-enable them after the fact. This will be backported to 3.2 through 3.4 in the future.
Comment 9 liujia 2017-02-22 02:46:11 EST
Upgrade will fail, blocked verify by 1425688
Comment 10 liujia 2017-02-28 01:10:59 EST
Add excluders to prevent related packages from upgrading by "yum update".

Version:
atomic-openshift-utils-3.5.15-1.git.0.561702e.el7.noarch

Steps:
1, install ocp v3.5.0.30 on rhel.
2, install atomic-openshift-excluder and atomic-openshift-docker-excluder on the host.
3, prepare new version repo and yum update

result:
Only atomic-openshift-utils and related ansible packages gets updated, all other openshift packages are held at their current version. 


Disable and reset excluders in upgrade playbook.

Version:
atomic-openshift-utils-3.5.15-1.git.0.561702e.el7.noarch

Steps:
1, install ocp v3.5.0.30 on rhel.
2, install atomic-openshift-excluder and atomic-openshift-docker-excluder on the host.
3, update atomic-openshift-utils
4, run upgrade playbook to upgrade OCP to latest3.5

Result:
Upgrade successfully.
Comment 12 errata-xmlrpc 2017-04-12 14:47:20 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:0903

Note You need to log in before you can comment on or make changes to this bug.