Bug 1797624: loosen upgradeable condition to allow z-level upgrades #291
Conversation
openshift-ci-robot
added
the
size/M
| @@ -31,7 +31,7 @@ func (e *Error) Cause() error { | |||
| // Precondition defines the precondition check for a payload. | |||
| type Precondition interface { | |||
| // Run executes the precondition checks ands returns an error when the precondition fails. | |||
| Run(context.Context) error | |||
| Run(ctx context.Context, desiredVersion string) error | |||
There was a problem hiding this comment.
Probably better to pass a concrete struct here like ReleaseContext struct { DesiredVersion types.Version }
| } | ||
|
|
||
| // if we are upgradeable==true we can always upgrade | ||
| up := resourcemerge.FindOperatorStatusCondition(cv.Status.Conditions, configv1.OperatorUpgradeable) |
There was a problem hiding this comment.
Update the test cases
There was a problem hiding this comment.
Cute. this was merged without tests initially :)
|
This might be slightly off-topic for this PR, but are there alerts that are fired for this condition and do we need to change the text for those alerts? |
deads2k
force-pushed
the
upgradeable-y
branch
from
119fcd5
to
c69dcbc
Compare
openshift-ci-robot
added
size/L
|
updated for comments, tests added. |
|
terraform /retest |
|
One issue with this is that currently we block things like 4.2.13 -> 4.2.14 when the registry is set Unmanaged: {
"conditions": [
{
"type": "Available",
"status": "True",
"lastTransitionTime": "2020-01-07T08:19:28Z",
"reason": "Unmanaged",
"message": "The registry configuration is set to unmanaged mode"
},
{
"type": "Progressing",
"status": "False",
"lastTransitionTime": "2020-01-07T08:19:28Z",
"reason": "Unmanaged",
"message": "The registry configuration is set to unmanaged mode"
},
{
"type": "Degraded",
"status": "False",
"lastTransitionTime": "2019-08-13T08:54:27Z",
"reason": "Unmanaged",
"message": "The registry configuration is set to unmanaged mode"
}
],
"versions": [
{
"name": "operator",
"version": "4.2.13"
}
],
...
}Setting |
Having an unmanaged component that blocks upgrades of any kind would really surprise me since it seems like they would always want to encourage updates that would allow the component to go back managed. z-level upgrades should basically always work or you will be blocking CVE updates. |
Not yet, but we have an internal ticket to add some. |
Sounds like rhbz#1791934 will be resolved by having the operator bump its |
|
terraform again /retest |
|
/approve |
| return nil | ||
| } | ||
|
|
||
| currentMinor := getEffectiveMinor(cv.Status.History[0].Version) |
There was a problem hiding this comment.
Instead of pulling this out of the cluster's ClusterVersion history, I'd rather pull it from the local state. But then you'd have to pipe it through to this precondition code. Including it in ReleaseContext would be fine, although we'd want to rename to something more generic. Maybe just Context (so precondition.Context in external packages)? To get from the Operator into the SyncWorker... I dunno, seems like we could feed the context into NewSyncWorkerWithPreconditions here? If that sounds plausible, I can work up a fixup commit that you could squash in here.
There was a problem hiding this comment.
It's not the way I would do it since we're already getting the information here (pre-existing gets) and you're already getting cached data, so it seems unnecessary and odd. Could you do it as a follow-up instead if you really want it after?
|
|
||
| // if there is no difference in the minor version (4.y.z where 4.y is the same for current and desired), then we can still upgrade | ||
| if currentMinor == desiredMinor { | ||
| return nil |
There was a problem hiding this comment.
We may want to build the *precondition.Error above and log the fact that we're ignoring it due to the minor update here. Or maybe push out an Event, since once we actually start updating, we're going to replace the CVO Pod and lose the old CVO's logs? Leaving some breadcrumbs around this to make it less surprising would be nice, but is not something we need to block merging if it would be too difficult to implement.
There was a problem hiding this comment.
that seems a little weird to do, since people are unlikely to wonder why their desired update was allowed and succeeded.
There was a problem hiding this comment.
that seems a little weird to do, since people are unlikely to wonder why their desired update was allowed and succeeded.
I can see component authors wondering why an update was initiated despite them having set Upgradeable=False. But whatever, obviously not critical.
There was a problem hiding this comment.
Was discussing bug https://bugzilla.redhat.com/show_bug.cgi?id=1822513 with @wking and he suggested I update here as a follow-up to this thread.
The bug's underlying cause is that currentMinor is always being pulled from cv.Status.History[0].Version (
There was a problem hiding this comment.
@deads2k thoughts on the above?
If current and desired have the same 4.y, then the upgrade is allowed even if upgradeable==false. If the 4.y is different, then upgrades are not allowed. This permits CVE updates and fixes the current service-catalog upgrade problem.
deads2k
force-pushed
the
upgradeable-y
branch
from
c69dcbc
to
bcd58d8
Compare
|
/retest |
1 similar comment
|
/retest |
deads2k
changed the title
|
@deads2k: This pull request references Bugzilla bug 1797624, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift-ci-robot
added
the
bugzilla/invalid-bug
|
/cherrypick release-4.3 |
|
@deads2k: once the present PR merges, I will cherry-pick it on top of release-4.3 in a new PR and assign it to you. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift-ci-robot
removed
the
bugzilla/invalid-bug
|
@deads2k: This pull request references Bugzilla bug 1797624, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
wking
changed the title
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: deads2k, sdodson, wking The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
|
/retest Please review the full test history for this PR and help us cut down flakes. |
9 similar comments
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
@deads2k: All pull requests linked via external trackers have merged. Bugzilla bug 1797624 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@deads2k: new pull request created: #315 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Catching the message strings up with the softening from bcd58d8 (loosen upgradeable condition to allow z-level upgrades, 2020-01-02, openshift#291), addressing [1]. [1]: https://bugzilla.redhat.com/show_bug.cgi?id=1823306
Catching the message strings up with the softening from bcd58d8 (loosen upgradeable condition to allow z-level upgrades, 2020-01-02, openshift#291), addressing [1]. [1]: https://bugzilla.redhat.com/show_bug.cgi?id=1823306
Catching the message strings up with the softening from bcd58d8 (loosen upgradeable condition to allow z-level upgrades, 2020-01-02, openshift#291), addressing [1]. [1]: https://bugzilla.redhat.com/show_bug.cgi?id=1823306
…gradeable_test To match our preferred spelling. The test file has had the outgoing spelling since it landed in bcd58d8 (loosen upgradeable condition to allow z-level upgrades, 2020-01-02, openshift#291).
If current and desired have the same 4.y, then the upgrade is allowed even
if upgradeable==false. If the 4.y is different, then upgrades are not allowed.
This permits CVE updates and fixes the current service-catalog upgrade problem.
Alternative to #285