1632863 – [3.10] upgrade failed at TASK [openshift_node : Approve node certificates when bootstrapping]

Bug 1632863 - [3.10] upgrade failed at TASK [openshift_node : Approve node certificates when bootstrapping]

Summary: [3.10] upgrade failed at TASK [openshift_node : Approve node certificates whe...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Cluster Version Operator
Sub Component:
Version:	3.10.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	3.10.z
Assignee:	Scott Dodson
QA Contact:	liujia
Docs Contact:
URL:
Whiteboard:
Depends On:	1629700
Blocks:
TreeView+	depends on / blocked

Reported:	2018-09-25 17:42 UTC by Brenton Leanhardt
Modified:	2018-11-11 16:40 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	In certain situations the upgrade process introduced a dns outage which prevented the upgrade from completing as expected. Now dnsmasq is restarted while the node is drained in order to prevent the issue.
Clone Of:	1629700
Environment:
Last Closed:	2018-11-11 16:39:26 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2018:2709	0	None	None	None	2018-11-11 16:40:16 UTC

Comment 1 Brenton Leanhardt 2018-09-25 17:45:22 UTC

https://github.com/openshift/openshift-ansible/pull/10116

Comment 3 liujia 2018-10-15 07:19:30 UTC

Version:
openshift-ansible-3.10.53-1.git.0.ba2c2ec.el7.noarch

Checked pr#10116 merged.

Steps:
1. Install ocp v3.10.45(latest release version) on rhel hosts with openshift ansible v3.10.47(latest release version)
[root@ip-172-18-0-246 ~]# oc version
oc v3.10.45
kubernetes v1.10.0+b81c8f8
features: Basic-Auth GSSAPI Kerberos SPNEGO

Server https://ip-172-18-0-246.ec2.internal:8443
openshift v3.10.45
kubernetes v1.10.0+b81c8f8

2.Enable pre-release version(v3.10.51) repo on all hosts(latest v3.10.53 image was not available), and run upgrade against above cluster to latest v3.10.z with latest pre-release openshift-ansible(v3.10.53). 

3. Upgrade succeed.
[root@ip-172-18-0-246 ~]# oc version
oc v3.10.51
kubernetes v1.10.0+b81c8f8
features: Basic-Auth GSSAPI Kerberos SPNEGO

Server https://ip-172-18-0-246.ec2.internal:8443
openshift v3.10.51
kubernetes v1.10.0+b81c8f8

[root@ip-172-18-0-246 ~]# oc get csr
NAME                                                   AGE       REQUESTOR                                                 CONDITION
csr-2nvp7                                              29m       system:node:ip-172-18-0-246.ec2.internal                  Approved,Issued
csr-5wfpq                                              10m       system:node:ip-172-18-15-123.ec2.internal                 Approved,Issued
csr-kcbmr                                              12m       system:node:ip-172-18-15-214.ec2.internal                 Approved,Issued
node-csr-7N51_MNOZ5eqcKMW1u33OFENk4pN6lrMl1ugA2586-0   12m       system:serviceaccount:openshift-infra:node-bootstrapper   Approved,Issued
node-csr-LZ98zvBFCS_eJ3rRqRErxDccgWOGiCjpVazCt4vgyPs   29m       system:admin                                              Approved,Issued
node-csr-WEYra_nGctW4vCFu6PQMaf7Du0jNFltCxCtqrCM6MF0   10m       system:serviceaccount:openshift-infra:node-bootstrapper   Approved,Issued

Comment 5 errata-xmlrpc 2018-11-11 16:39:26 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:2709

Note You need to log in before you can comment on or make changes to this bug.