blocked-edges/4.2.23: Block all incoming edges on the service CA bug …

…1810036 The bugs were introduced by the [1] series, and fixed by the combination of [2,3]. This commit also tombstones affected releases to avoid further channel promotion. Quick overview: * 4.4: both rc.0 and rc.1 affected, so block updates into rc.0 and tombstone rc.1. Fixes have landed, so next 4.4 RC should be clean. * 4.3: 4.3.5 introduced the breakage, no fix yet. Block edges into 4.3.5 and tombstone 4.3.7. * 4.2: 4.2.22 introduced the breakage, no fix yet. Block edges into 4.2.22 and 4.2.23 and tombstone 4.2.24 * 4.1: not impacted yet. Bugzilla series that was backporting the breaking change is still ASSIGNED Reasoning behind the overview's claims in [4]. [1]: https://bugzilla.redhat.com/show_bug.cgi?id=1774121 [2]: https://bugzilla.redhat.com/show_bug.cgi?id=1810036 [3]: https://bugzilla.redhat.com/show_bug.cgi?id=1801573 [4]: https://bugzilla.redhat.com/show_bug.cgi?id=1810036#c11
openshift · openshift-merge-robot · Mar 19, 2020 · Mar 18, 2020 · Mar 18, 2020 · Mar 19, 2020
commit d544dde9537a968d23fa700a7d91b06db0930cb6
diff --git a/blocked-edges/4.2.22.yaml b/blocked-edges/4.2.22.yaml
@@ -3,6 +3,6 @@
 # condition reported in the linked bz, and only be recoverable by
 # manual service ca rotation.
 #
-# Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1810036
+# Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1810036 https://bugzilla.redhat.com/show_bug.cgi?id=1801573
 to: 4.2.22
 from: .*
diff --git a/blocked-edges/4.2.23.yaml b/blocked-edges/4.2.23.yaml
@@ -0,0 +1,8 @@
+# Upgrading any release to 4.2.23 will enable automated service ca
+# rotation without unique ca serial numbers. This will result in
+# condition reported in the linked bz, and only be recoverable by
+# manual service ca rotation.
+#
+# Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1810036 https://bugzilla.redhat.com/show_bug.cgi?id=1801573
+to: 4.2.23
+from: .*
diff --git a/blocked-edges/4.3.5.yaml b/blocked-edges/4.3.5.yaml
@@ -3,6 +3,8 @@
 # condition reported in the linked bz, and only be recoverable by
 # manual service ca rotation.
 #
-# Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1810036
+# Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1810036 https://bugzilla.redhat.com/show_bug.cgi?id=1801573
+#
+# Also includes broken OAuth service cert rotation: https://bugzilla.redhat.com/show_bug.cgi?id=1801573
 to: 4.3.5
 from: .*
diff --git a/blocked-edges/4.4.0-rc.0.yaml b/blocked-edges/4.4.0-rc.0.yaml
@@ -0,0 +1,8 @@
+# Upgrading any release to 4.4.0-rc.0 will enable automated service ca
+# rotation without unique ca serial numbers. This will result in
+# condition reported in the linked bz, and only be recoverable by
+# manual service ca rotation.
+#
+# Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1810036
+to: 4.4.0-rc.0
+from: .*
diff --git a/channels/candidate-4.2.yaml b/channels/candidate-4.2.yaml
@@ -52,3 +52,4 @@ versions:
 - 4.2.21
 - 4.2.22
 - 4.2.23
+# No 4.2.24 because of the service CA rotation issue: https://bugzilla.redhat.com/show_bug.cgi?id=1810036 https://bugzilla.redhat.com/show_bug.cgi?id=1801573
diff --git a/channels/candidate-4.3.yaml b/channels/candidate-4.3.yaml
@@ -10,6 +10,7 @@ versions:
 - 4.2.21+amd64
 - 4.2.22+amd64
 - 4.2.23+amd64
+# No 4.2.24 because of the service CA rotation issue: https://bugzilla.redhat.com/show_bug.cgi?id=1810036 https://bugzilla.redhat.com/show_bug.cgi?id=1801573
 - 4.3.0-rc.0
 # I'm not sure what happened to rc1 and rc2. rc2 was, I think, fine
 # but it never got upgrade tests https://github.com/openshift/cincinnati-graph-data/pull/26
@@ -21,3 +22,4 @@ versions:
 # No 4.3.4 because of https://bugzilla.redhat.com/show_bug.cgi?id=1805726
 - 4.3.5
 # No 4.3.6 because of https://bugzilla.redhat.com/show_bug.cgi?id=1811886
+# No 4.3.7 because of the service CA rotation issue: https://bugzilla.redhat.com/show_bug.cgi?id=1810036 https://bugzilla.redhat.com/show_bug.cgi?id=1801573
diff --git a/channels/candidate-4.4.yaml b/channels/candidate-4.4.yaml
@@ -1,4 +1,7 @@
 name: candidate-4.4
 versions:
 - 4.3.5
+# No 4.3.6 because of https://bugzilla.redhat.com/show_bug.cgi?id=1811886
+# No 4.3.7 because of the service CA rotation issue: https://bugzilla.redhat.com/show_bug.cgi?id=1810036 https://bugzilla.redhat.com/show_bug.cgi?id=1801573
 - 4.4.0-rc.0
+# No 4.4.0-rc.1 because of the service CA rotation issue: https://bugzilla.redhat.com/show_bug.cgi?id=1810036
diff --git a/channels/fast-4.2.yaml b/channels/fast-4.2.yaml
@@ -44,3 +44,5 @@ versions:
 - 4.2.20
 - 4.2.21
 - 4.2.22
+# No 4.2.23 because of the service CA rotation issue: https://bugzilla.redhat.com/show_bug.cgi?id=1810036 https://bugzilla.redhat.com/show_bug.cgi?id=1801573
+# No 4.2.24 because of the service CA rotation issue: https://bugzilla.redhat.com/show_bug.cgi?id=1810036 https://bugzilla.redhat.com/show_bug.cgi?id=1801573
diff --git a/channels/fast-4.3.yaml b/channels/fast-4.3.yaml
@@ -9,6 +9,8 @@ versions:
 - 4.2.20+amd64
 - 4.2.21+amd64
 - 4.2.22+amd64
+# No 4.2.23 because of the service CA rotation issue: https://bugzilla.redhat.com/show_bug.cgi?id=1810036 https://bugzilla.redhat.com/show_bug.cgi?id=1801573
+# No 4.2.24 because of the service CA rotation issue: https://bugzilla.redhat.com/show_bug.cgi?id=1810036 https://bugzilla.redhat.com/show_bug.cgi?id=1801573
 - 4.3.0
 - 4.3.1
 # Upgrade edges disabled for 4.3.2 and 4.3.3 because of bugs https://bugzilla.redhat.com/show_bug.cgi?id=1802248, https://bugzilla.redhat.com/show_bug.cgi?id=1805444, https://bugzilla.redhat.com/show_bug.cgi?id=1808429
@@ -17,3 +19,4 @@ versions:
 # No 4.3.4 because of https://bugzilla.redhat.com/show_bug.cgi?id=1805726
 - 4.3.5
 # No 4.3.6 because of https://bugzilla.redhat.com/show_bug.cgi?id=1811886
+# No 4.3.7 because of the service CA rotation issue: https://bugzilla.redhat.com/show_bug.cgi?id=1810036 https://bugzilla.redhat.com/show_bug.cgi?id=1801573
diff --git a/channels/stable-4.2.yaml b/channels/stable-4.2.yaml
@@ -41,3 +41,5 @@ versions:
 - 4.2.20
 - 4.2.21
 - 4.2.22
+# No 4.2.23 because of the service CA rotation issue: https://bugzilla.redhat.com/show_bug.cgi?id=1810036 https://bugzilla.redhat.com/show_bug.cgi?id=1801573
+# No 4.2.24 because of the service CA rotation issue: https://bugzilla.redhat.com/show_bug.cgi?id=1810036 https://bugzilla.redhat.com/show_bug.cgi?id=1801573
diff --git a/channels/stable-4.3.yaml b/channels/stable-4.3.yaml
@@ -7,6 +7,8 @@ versions:
 - 4.2.20+amd64
 - 4.2.21+amd64
 - 4.2.22+amd64
+# No 4.2.23 because of the service CA rotation issue: https://bugzilla.redhat.com/show_bug.cgi?id=1810036 https://bugzilla.redhat.com/show_bug.cgi?id=1801573
+# No 4.2.24 because of the service CA rotation issue: https://bugzilla.redhat.com/show_bug.cgi?id=1810036 https://bugzilla.redhat.com/show_bug.cgi?id=1801573
 # until s390 is released on 4.3 we may not want to include it in 4.3 channels
 # 4.2 -> 4.3 updates occasionally hit RequiredPoolsFailed, fixed in 4.2.18 and rc.0, but not in 4.2.16: https://bugzilla.redhat.com/show_bug.cgi?id=1782152 https://bugzilla.redhat.com/show_bug.cgi?id=1782149
 # not 4.2.17 because we had a long quiet time after 4.2.16 with no releases
@@ -17,5 +19,6 @@ versions:
 - 4.3.2
 - 4.3.3
 # No 4.3.4 because of https://bugzilla.redhat.com/show_bug.cgi?id=1805726
-# No 4.3.6 because of https://bugzilla.redhat.com/show_bug.cgi?id=1811886
 - 4.3.5
+# No 4.3.6 because of https://bugzilla.redhat.com/show_bug.cgi?id=1811886
+# No 4.3.7 because of the service CA rotation issue: https://bugzilla.redhat.com/show_bug.cgi?id=1810036 https://bugzilla.redhat.com/show_bug.cgi?id=1801573
-Original file line number
+Diff line change
@@ Expand Up / @@ -52,3 +52,4 @@ versions: @@
     - 4.2.21
     - 4.2.22
     - 4.2.23
+    # No 4.2.24 because of the service CA rotation issue: https://bugzilla.redhat.com/show_bug.cgi?id=1810036 https://bugzilla.redhat.com/show_bug.cgi?id=1801573