1457914 – [3.4] upgrade get applied to all nodes if openshift_upgrade_nodes_label fits no label

Bug 1457914 - [3.4] upgrade get applied to all nodes if openshift_upgrade_nodes_label fits no label

Summary: [3.4] upgrade get applied to all nodes if openshift_upgrade_nodes_label fits ...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Cluster Version Operator
Sub Component:
Version:	3.4.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	high
Target Milestone:	---
Target Release:	3.4.z
Assignee:	Russell Teague
QA Contact:	Anping Li
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-06-01 14:07 UTC by Carsten Lichy-Bittendorf
Modified:	2021-12-10 15:04 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Verifies the provided label matches a set of hosts prior to upgrading. If the label didn't match hosts, the upgrade would silently proceed with upgrading all nodes given the logic for creating the oo_nodes_to_upgrade group.
Clone Of:
Clones:	1462992 1462995 (view as bug list)
Environment:
Last Closed:	2017-06-29 13:33:14 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2017:1666	0	normal	SHIPPED_LIVE	OpenShift Container Platform atomic-openshift-utils bug fix and enhancement	2017-06-29 17:32:39 UTC

Description Carsten Lichy-Bittendorf 2017-06-01 14:07:35 UTC

Description of problem:
running the upgrade playbook with option 'openshift_upgrade_nodes_label' all nodes get migrated if no label matches. This is very risky as due to a typo suddenly all nodes could get migrated at once.

Version-Release number of selected component (if applicable):
ocp 3.4.1.24

How reproducible:


Steps to Reproduce:
1. Setup OCP 3.3 cluster
2. try to upgrade a single node by running: 
ansible-playbook /usr/share/ansible/openshift-ansible/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_nodes.yml \
    -e openshift_upgrade_nodes_serial='100%' \
    -e openshift_upgrade_nodes_label='kubernetes.io/hostname=some.hostneme.which.doesn't.fit'

Actual results:
all nodes get migrated

Expected results:
no node should get migrated, if no label matches

Additional info:

Comment 6 Russell Teague 2017-06-19 19:35:33 UTC

Proposed for 3.6: https://github.com/openshift/openshift-ansible/pull/4498

Comment 7 Russell Teague 2017-06-19 19:58:15 UTC

Proposed for 3.4: https://github.com/openshift/openshift-ansible/pull/4500

Comment 8 Russell Teague 2017-06-21 15:52:00 UTC

Merged: https://github.com/openshift/openshift-ansible/pull/4500

Comment 10 Anping Li 2017-06-27 04:24:15 UTC

The expected message is reported. so move to verified.

TASK [Fail if no nodes match openshift_upgrade_nodes_label] ********************
fatal: [openshift-225.lab.eng.nay.redhat.com]: FAILED! => {
    "changed": false, 
    "failed": true
}

MSG:

openshift_upgrade_nodes_label was specified but no nodes matched
	to retry, use: --limit @/usr/share/ansible/openshift-ansible/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_nodes.retry

Comment 12 errata-xmlrpc 2017-06-29 13:33:14 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:1666

Note You need to log in before you can comment on or make changes to this bug.