Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1484563 - You should not be able to modify metadata.generation in a DC
You should not be able to modify metadata.generation in a DC
Status: CLOSED ERRATA
Product: OpenShift Container Platform
Classification: Red Hat
Component: Master (Show other bugs)
3.3.1
Unspecified Unspecified
medium Severity medium
: ---
: 3.3.1
Assigned To: Tomáš Nožička
zhou ying
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-08-23 17:00 EDT by Eric Jones
Modified: 2017-11-28 17:07 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: User can modify metadata.generation which he shouldn't be able to modify. Consequence: It can break controllers. Fix: Forbid changing metadata.generation. Result: Any changes to metadata.generation are ignored.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-11-28 17:07:41 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:3188 normal SHIPPED_LIVE Moderate: Red Hat OpenShift Container Platform 3.7 security, bug, and enhancement update 2017-11-28 21:34:54 EST

  None (edit)
Description Eric Jones 2017-08-23 17:00:35 EDT 
Description of problem:
If the metadata.generation value is lower than the status.observedGeneration the DC is no longer modifiable. The master (or master-controllers) service will log an error that the DC cannot be updated because the "status.observedGeneration cannot be decremented". 

Version-Release number of selected component (if applicable):
OCP 3.3.1

How reproducible:
100%

Steps to Reproduce:
1. oc edit dc <test_app>
2. change the metadata.generation to a lower value (for example: 5->3) and save
3. oc scale dc <test_app> --replicas=<Different_number>

Actual results:
Pod scales up/down to match the specified replicas
BUT an error message about updating the DC will appear in the master (or master-controllers) service logs and if you check `oc get dc <test_app>` it will reference the old replica number

Expected results:
metadata.generation is not changed therefore the scale and everything adjusts properly.

Additional info:
OpenShift is unable to make additional modifications to an application's DC (including scaling) if the DC's .spec.observedGeneration is greater than the .metadata.generation value. Neither of these fields are things that the user should have any reason to modify but the .metadata.generation can be modified.
Comment 2 Solly Ross 2017-08-23 17:09:04 EDT 
It seems like in general, if we never expect observedGeneration to go down, ValidateObjectMetaUpdate in Kubernetes should probably prevent `Generation` from going down as well.

I believe the error is specifically in regards to status updates -- spec-only updates seem to go through.  However, incorrect status causes issues with things which depend on status for information, such as the HPA, which consumes `status.replicas` via the scale subresource.
Comment 8 zhou ying 2017-08-31 05:32:08 EDT 
Not merged with latest OCP v3.3.1.46.16
Comment 10 zhou ying 2017-11-09 20:59:56 EST 
Confirmed with OCP v3.3.1.46.31, now can't update the generation.
openshift v3.3.1.46.31
kubernetes v1.3.0+52492b4
etcd 2.3.0+git
Comment 13 errata-xmlrpc 2017-11-28 17:07:41 EST 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:3188
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.