Description of problem: - While upgrading the cluster from 3.7.23 to 3.7.47, the playbook upgrade.yml or upgrade_control_plane.yml fails at the task "Upgrade all storage" -The playbook runs command # oc adm --config=/etc/origin/master/admin.kubeconfig migrate storage --include=* --confirm Version-Release number of the following components: rpm -q openshift-ansible: openshift-ansible-3.7.46-1.git.0.37f607e.el7.noarch openshift-ansible-docs-3.7.46-1.git.0.37f607e.el7.noarch openshift-ansible-roles-3.7.46-1.git.0.37f607e.el7.noarch openshift-ansible-callback-plugins-3.7.46-1.git.0.37f607e.el7.noarch openshift-ansible-filter-plugins-3.7.46-1.git.0.37f607e.el7.noarch openshift-ansible-playbooks-3.7.46-1.git.0.37f607e.el7.noarch openshift-ansible-lookup-plugins-3.7.46-1.git.0.37f607e.el7.noarch rpm -q ansible: ansible-2.4.2.0-2.el7.noarch Additional info: During the openshift upgrade from 3.7.23 to 3.7.46 the error is seen as below: [ 0 ] Hosts: master Play: Pre master upgrade - Upgrade all storage Task: Upgrade all storage Message: non-zero return code -- fatal: [master]: FAILED! => {"changed": true, "cmd": ["oc", "adm", "--config=/etc/origin/master/admin.kubeconfig", "migrate", "storage", "--include=*", "--confirm"], "delta": "0:01:04.817403", "end": "2018-05-29 17:14:39.665351", "failed_when_result": true, "msg": "non-zero return code", "rc": 1, "start": "2018-05-29 17:13:34.847948", "stderr": "", "stderr_lines": [], "stdout": "E0529 17:13:47.600822 error: images/sha256:0xxxxxxxxxxxxxxxx70a14: Image \"sha256:xxxxxxxxxxxxxxxxx70a14\" is invalid: signatures[0].metadata.annotations: Forbidden: signature annotations cannot be set\nE0529 17:13:47.620084 error:
I'm relatively certain this is an issue that's already been fixed and this bug can be closed as a dupe.
yeah, dupe of https://bugzilla.redhat.com/show_bug.cgi?id=1557607 *** This bug has been marked as a duplicate of bug 1557607 ***
> Also, asked him to provide "yum repolist" due to another problem in the installer. +1 There's also a related knowledge base article that somebody found helpful: https://access.redhat.com/solutions/3350731 The docker excluder doesn't seem to exclude itself, so the misconfigured/outdated repositories are our best bet.
Customer has excluded some packages and ran the playbook which failed again: exclude= tuned-profiles-atomic-openshift-node atomic-openshift-tests atomic-openshift-sdn-ovs atomic-openshift-recycle atomic-openshift-pod atomic-openshift-node atomic-openshift-master atomic-openshift-dockerregistry atomic-openshift-clients-redistributable atomic-openshift-clients atomic-openshift docker*1.20* docker*1.19* docker*1.18* docker*1.17* docker*1.16* docker*1.15* docker*1.14* docker*1.13* openvswitch-2.9.0-1* Not sure what he wanted to get with this... but surely not update OCP. Anyway, Scott, I don't want to disable only rhel-7-fast-datapath-rpms but also rhel-7-server-ose-3.7-rpms, so I can update the system without interfere in OCP. Then proceed with OCP update.