Bug 1434679 - [3.5] openshift-ansible should do nothing to existed excluders when set "enable_excluders=false"
Summary: [3.5] openshift-ansible should do nothing to existed excluders when set "enab...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Cluster Version Operator
Version: 3.5.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 3.5.z
Assignee: Scott Dodson
QA Contact: liujia
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-03-22 06:34 UTC by liujia
Modified: 2017-05-17 17:38 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Previously, if enable_excluders=false the playbooks would still install and upgrade the excluders during the config playbook even if the excluders were never previously installed. Now, if the excluders were not previously installed, the playbooks will avoid installing them.
Clone Of:
Environment:
Last Closed: 2017-05-17 17:38:50 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:1244 normal SHIPPED_LIVE Important: ansible and openshift-ansible security and bug fix update 2017-05-25 21:43:49 UTC

Description liujia 2017-03-22 06:34:09 UTC
Description of problem:
Upgrade ocp3.4 to ocp3.5 when set "enable_excluders=false" or "enable_openshift_excluder=false" in inventory file, openshift-ansible should do nothing to existed excluders and upgrade should stop/exit for openshift-excluder enabled, rather than disable it and continue upgrade. It will result that new version's openshift cluster work with unexpected version's excluders.  

[before install]:
atomic-openshift-docker-excluder-3.4.1.10-1.git.0.c96aed3.el7.noarch
atomic-openshift-excluder-3.4.1.10-1.git.0.c96aed3.el7.noarch

exclude= docker*1.20*  docker*1.19*  docker*1.18*  docker*1.17*  docker*1.16*  docker*1.15*  docker*1.14*  docker*1.13*  tuned-profiles-atomic-openshift-node  atomic-openshift-tests  atomic-openshift-sdn-ovs  atomic-openshift-recycle  atomic-openshift-pod  atomic-openshift-node  atomic-openshift-master  atomic-openshift-dockerregistry  atomic-openshift-clients-redistributable  atomic-openshift-clients  atomic-openshift 

[after install]:
atomic-openshift-docker-excluder-3.4.1.10-1.git.0.c96aed3.el7.noarch
atomic-openshift-excluder-3.4.1.10-1.git.0.c96aed3.el7.noarch

exclude= docker*1.20*  docker*1.19*  docker*1.18*  docker*1.17*  docker*1.16*  docker*1.15*  docker*1.14*  docker*1.13*


Version-Release number of selected component (if applicable):
atomic-openshift-utils-3.5.39-1.git.0.cb12cdb.el7.noarch

How reproducible:
always

Steps to Reproduce:
1. install ocp3.4
2. install docker-excluder and openshift-excluder on the hosts
3. preprae new repos and inventory file to add following variable
enable_excluders=false
4. run upgrade playbook

Actual results:
Upgrade finished with openshift-excluder diabled and docker-excluder enabled.

Expected results:
Upgrade will stop and exit for atomic-openshift-excluder was enabled.

Additional info:
It hit the same issue when set "enable_openshift_excluder=false".

Comment 4 Jan Chaloupka 2017-03-28 13:55:49 UTC
This PR [1] makes the OCP version detection independent of excluders so we don't have to disable atomic-openshift-excluder if it is installed (even if enable_openshift_excluder is set to false)

[1] https://github.com/openshift/openshift-ansible/pull/3781

Comment 10 liujia 2017-05-02 10:02:33 UTC
Version:
atomic-openshift-utils-3.5.60-1.git.0.b6f77a6.el7.noarch

Step:
1. install ocp3.4
2. install docker-excluder and openshift-excluder on the hosts
3. preprae new repos and inventory file to add following variable
enable_excluders=false
4. run upgrade playbook

Result:
For rpm env, upgrade will stop and exit and both excluders will keep original version.
For container env, upgrade succeed with no excluders updated.

Jan
I have been waiting it coming to ON_QA for verification since it has been verified based PR[1]. However, I just verified it on latest 3.5 build. Change the status to verify.

Comment 12 errata-xmlrpc 2017-05-17 17:38:50 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:1244


Note You need to log in before you can comment on or make changes to this bug.