Description of problem: Run pre-upgrade before upgrade v3.6 to v3.7, check finished but TASK [Confirm OpenShift authorization objects are in sync] was skipped. Version-Release number of the following components: atomic-openshift-utils-3.7.0-0.188.0.git.0.aebb674.el7.noarch How reproducible: always Steps to Reproduce: 1. Install v3.5 2. Run pre_upgrade check # ansible-playbook -i hosts /usr/share/ansible/openshift-ansible/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade.yml --tags pre_upgrade 3. Actual results: OpenShift authorization objects check is skipped. Expected results: Prior to upgrading from 3.6 to 3.7 oadm migrate authorization is needed. Additional info: Please attach logs from ansible-playbook with the -vvv flag
Moved this to 3.8.0 since we're not suggesting use of tags at this point.
PR Created: https://github.com/openshift/openshift-ansible/pull/6024
@Michael Gugino The issue has been fixed on openshift-ansible-3.7.0-0.197.0.git.0.f40c09c.el7.noarch. But a new issue involved when do 3.7.0-x to 3.7.0-y upgrade. fatal: [x.x.x.x]: FAILED! => {"attempts": 4, "changed": false, "cmd": ["/usr/local/bin/oc", "adm", "migrate", "authorization"], "delta": "0:00:00.243177", "end": "2017-11-07 21:14:43.585811", "failed": true, "msg": "non-zero return code", "rc": 1, "start": "2017-11-07 21:14:43.342634", "stderr": "Command \"authorization\" is deprecated, will not work against 3.7 servers\nerror: the server does not support legacy policy resources", "stderr_lines": ["Command \"authorization\" is deprecated, will not work against 3.7 servers", "error: the server does not support legacy policy resources"], "stdout": "", "stdout_lines": []} to retry, use: --limit @/usr/share/ansible/openshift-ansible/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade.retry It seems a not good idea to use openshift_upgrade_target only because installer will support minor version upgrade too. And OpenShift authorization objects should be checked on v3.6 but not v3.7. For the same issue, I will assign back instead of file a new bug.
PR Created: https://github.com/openshift/openshift-ansible/pull/6063
Please start to test on 3.7.4-1 build or newer.
Verified on openshift-ansible-3.7.4-1.git.0.254e849.el7.noarch. OpenShift authorization objects was checked on v3.6 during v3.6-v3.7 upgrade but not v3.7 during v3.7-v3.7 upgrade.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2017:3188