Uploaded image for project: 'Machine Config Operator'
  1. Machine Config Operator
  2. MCO-540

Impact assessment needed for OCPBUGS-9969

XMLWordPrintable

    • Icon: Spike Spike
    • Resolution: Done
    • Icon: Critical Critical
    • None
    • None
    • False
    • None
    • False
    • MCO Sprint 233
    • 0
    • 0

      This Jira card is only created to evaluate the impact assessment of OCPBUGS-9969 . For more details please refer the bug.

      Which 4.y.z to 4.y'.z' updates increase vulnerability?

      This issue will occur when a cluster born on OCP 4.1 has been upgraded to OCP 4.12.0 and any further releases.

      Which types of clusters?

      This impacts all platforms that were supported during OCP 4.1 release.

      What is the impact? Is it serious enough to warrant removing update recommendations?

      OCP cluster that was originally created from OCP 4.1 and has now been upgraded to 4.12.0 or any further releases will see the issue. As a result of the issue, node scale-up will fail. This is because in 4.12, MCO [1] started using podman run -authfile option to perform in-place upgrade on nodes that are have OS content from OCP release < 4.12. This works well everywhere except on nodes that gets booted directly from 4.1 RHCOS bootimage. podman run gained -authfile option in 1.4.0 release [2] but 4.1 bootimage have 1.0.2-dev.

      [1] https://github.com/openshift/machine-config-operator/pull/3317/files#diff-349c0748c3f52201852d3027c29daf618b45300b949482728df6666a3f9ba245R1910

       [2] https://github.com/containers/podman/commit/baed81029b74c8d801ea9d5cf67a78005472e6ed

      How involved is remediation?

      To resolve the problem cluster bootimage needs to be updated to 4.2 or later releases.

      Is this a regression?

      Yes, it is a regression introduced with OCP 4.12.0 release.

              rhn-engineering-skumari Sinny Kumari
              pratikam Pratik Mahajan
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: