Description of problem: Run "oc adm upgrade --force" to upgrade the cluster while there is an ongoing upgrade. This new upgrade should not start and need throw a prompt for required variable --allow-upgrade-with-warnings. But it did not. "If the desired upgrade from --to-image is not in the list of available versions, you must pass --allow-explicit-upgrade to allow upgrade to proceed. If the cluster is already being upgraded, or if the cluster is reporting a failure or other error, you must pass --allow-upgrade-with-warnings to proceed (see note below on the implications)." As the help info of "oc adm upgrade --help", "--allow-upgrade-with-warnings" is a must variable when cluster is reporting a failure or other error. # ./oc adm upgrade --to-image registry.svc.ci.openshift.org/ocp/release:4.3.0-0.nightly-2019-10-24-030859 --allow-explicit-upgrade --force Updating to release image registry.svc.ci.openshift.org/ocp/release:4.3.0-0.nightly-2019-10-24-030859 # ./oc adm upgrade info: An upgrade is in progress. Working towards 4.3.0-0.nightly-2019-10-24-030859: 81% complete warning: Cannot display available updates: Reason: RemoteFailed Message: Unable to retrieve available updates: currently installed version 4.3.0-0.nightly-2019-10-24-030859 not found in the "stable-4.3" channel # ./oc adm upgrade --to-image registry.svc.ci.openshift.org/ocp/release:4.3.0-0.nightly-2019-10-24-040910 --allow-explicit-upgrade --force Updating to release image registry.svc.ci.openshift.org/ocp/release:4.3.0-0.nightly-2019-10-24-040910 # ./oc adm upgrade info: An upgrade is in progress. Working towards registry.svc.ci.openshift.org/ocp/release:4.3.0-0.nightly-2019-10-24-040910: downloading update warning: Cannot display available updates: Reason: RemoteFailed Message: Unable to retrieve available updates: currently installed version 4.3.0-0.nightly-2019-10-24-030859 not found in the "stable-4.3" channel Version-Release number of selected component (if applicable): # ./oc version Client Version: openshift-clients-4.3.0-201910181317 Server Version: 4.3.0-0.nightly-2019-10-23-150053 Kubernetes Version: v1.16.0-beta.2+cff902e How reproducible: always Steps to Reproduce: 1. 2. 3. Actual results: "--allow-upgrade-with-warnings" check will skip when "--force" Expected results: "--allow-upgrade-with-warnings" should prompt when do upgrade while there is an ongoing upgrade. Additional info: https://github.com/openshift/oc/pull/109 --allow-explicit-upgrade check works well when "--force"
Using --force is like hammer, it bypasses these checks, so this is not a bug.
1. "./oc adm upgrade --help" is not correct. # ./oc adm upgrade --help ... If the desired upgrade from --to-image is not in the list of available versions, you must pass --allow-explicit-upgrade to allow upgrade to proceed. If the cluster is already being upgraded, or if the cluster is reporting a failure or other error, you must pass --allow-upgrade-with-warnings to proceed (see note below on the implications). If the cluster reports that the upgrade should not be performed due to a content verification error or an operator blocking upgrades, please verify those errors. Do not upgrade to images that are not appropriately signed without understanding the risks of upgrading your cluster to untrusted code. If you must override this protection use the --force flag. ... According to above info, both "--allow-explicit-upgrade" and "--allow-upgrade-with-warnings" are a must variable to allow upgrade to proceed. As for "--force", it's only for content verification or operator error to force to proceed. 2. --allow-explicit-upgrade and --allow-upgrade-with-warnings should be removed from --force check. According to https://github.com/openshift/oc/pull/109, i thought it's targeted to remove these two checks from "--force". So i think "--force" should not skip --allow-upgrade-with-warnings check. Instead, both --allow-explicit-upgrade and --allow-upgrade-with-warnings should have a higher priority than --force. ... introduce two new flags --allow-explicit-upgrade (for upgrading to something not in availableVersions) and --allow-upgrade-with-warnings (for upgrading when another upgrade is in progress or the cluster is reporting an error) and remove those checks from --force. ... 3. It's not consistent between "--allow-explicit-upgrade" and "--allow-upgrade-with-warnings" when use "--force" "--force" does not force a upgrade when not specify "--allow-explicit-upgrade"(expected), so "Using --force is like hammer, it bypasses these checks" is not correct. # ./oc adm upgrade --to-image registry.svc.ci.openshift.org/ocp/release@sha256:9b8708b67dd9b7720cb7ab3ed6d12c394f689cc8927df0e727c76809ab383f44 error: The requested upgrade image is not one of the available updates, you must pass --allow-explicit-upgrade to continue # ./oc adm upgrade --to-image registry.svc.ci.openshift.org/ocp/release@sha256:9b8708b67dd9b7720cb7ab3ed6d12c394f689cc8927df0e727c76809ab383f44 --force error: The requested upgrade image is not one of the available updates, you must pass --allow-explicit-upgrade to continue
This bug hasn't had any activity in the last 30 days. Maybe the problem got resolved, was a duplicate of something else, or became less pressing for some reason - or maybe it's still relevant but just hasn't been looked at yet. As such, we're marking this bug as "LifecycleStale". If you have further information on the current state of the bug, please update it, otherwise this bug will be automatically closed in 7 days. The information can be, for example, that the problem still occurs, that you still want the feature, that more information is needed, or that the bug is (for whatever reason) no longer relevant.
Version: # ./oc version Client Version: 4.5.0-0.nightly-2020-05-12-224129 1. Trigger an upgrade # ./oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.4.3 True True 7m9s Working towards 4.5.0-0.nightly-2020-05-12-224129: 26% complete 2. During above upgrade is ongoing, trigger another upgrade, the upgrade will not start and prompt correct error msg(expected) # ./oc adm upgrade --to-image quay.io/openshift-release-dev/ocp-release@sha256:0b6b560af04a00d53003a21b5d95e67e675876c58e567ced38cced0c29a457b0 --allow-explicit-upgrade error: already upgrading. Reason: Message: Working towards 4.5.0-0.nightly-2020-05-12-224129: 26% complete If you want to upgrade anyway, use --allow-upgrade-with-warnings. 3. Redo above step with --force, the upgrade did not start and prompt correct error msg(expected) # ./oc adm upgrade --to-image quay.io/openshift-release-dev/ocp-release@sha256:0b6b560af04a00d53003a21b5d95e67e675876c58e567ced38cced0c29a457b0 --allow-explicit-upgrade --force warning: --force overrides cluster verification of your supplied release image and waives any update precondition failures. error: already upgrading. Reason: Message: Working towards 4.5.0-0.nightly-2020-05-12-224129: 26% complete If you want to upgrade anyway, use --allow-upgrade-with-warnings. Now even upgrade with --force will not skip the --allow-upgrade-with-warnings check. So the bug has been fixed in v4.5.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:2409
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days