Description of problem: Currently updates between minor releases require a special sequence of updates: https://access.redhat.com/documentation/en/openshift-enterprise/3.1/installation-and-configuration/chapter-3-upgrading-openshift#upgrading-to-openshift-enterprise-3-1-asynchronous-releases This is quite fragile as a random "yum update" (for example to install a security errata) may lead to an unstable and unsupported environment. Version-Release number of selected component (if applicable): atomic-openshift-utils-3.0.35-1.git.0.6a386dd.el7aos.noarch How reproducible: always Steps to Reproduce: 1. install OpenShift 3.1.0 2. run yum update Actual results: all openshift-related packages are updated, including ones that should be processed and post-configured by the installer Expected results: only atomic-openshift-utils gets updated, all other openshift packages are held at their current version. running the installer installs the newest packages and configures them Additional info: RHEV uses yum-plugin-versionlock to lock versions and avoid breakage by accidental "yum install" runs.
Based on the recent challenges associated with docker 1.9 and 1.10 I believe it's worth reviewing this request and consider if version locking of key dependencies like docker should also be managed with help from the install/upgrade and associated tools.
Moving to the RFE component
Currently, atomic-openshift-excluder and atomic-openshift-docker-excluder packages have shipped for 3.3, 3.2, and 3.1. Those packages will also ship with 3.4 when it is released. When installed, those packages will exclude atomic-openshift-* and docker-* from yum operations respectively. However, it should be noted that currently the installer does not disable this functionality when performing an upgrade. So if an admin were to choose to install them subsequent upgrade playbooks would not upgrade the product without the admin manually disabling them. We'll soon update the installer to disable the excluder when appropriate.
Excluders exist for 3.2 and newer. The 3.5 installer will disable them when performing an install or upgrade and then re-enable them after the fact. This will be backported to 3.2 through 3.4 in the future.
Upgrade will fail, blocked verify by 1425688
Add excluders to prevent related packages from upgrading by "yum update". Version: atomic-openshift-utils-3.5.15-1.git.0.561702e.el7.noarch Steps: 1, install ocp v3.5.0.30 on rhel. 2, install atomic-openshift-excluder and atomic-openshift-docker-excluder on the host. 3, prepare new version repo and yum update result: Only atomic-openshift-utils and related ansible packages gets updated, all other openshift packages are held at their current version. Disable and reset excluders in upgrade playbook. Version: atomic-openshift-utils-3.5.15-1.git.0.561702e.el7.noarch Steps: 1, install ocp v3.5.0.30 on rhel. 2, install atomic-openshift-excluder and atomic-openshift-docker-excluder on the host. 3, update atomic-openshift-utils 4, run upgrade playbook to upgrade OCP to latest3.5 Result: Upgrade successfully.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:0903