Fuel for OpenStack

perform upgrade only on safe mirror list

Bug #1616553 reported by Ivan Berezovskiy
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fuel for OpenStack
Fix Released
Critical
Denis Egorenko
Fuel for OpenStack 10.0
Mitaka
Fix Released
Critical
Denis Egorenko
Fuel for OpenStack 9.1

Bug Description

Using apt-get dist-upgrade on all mirrors set for Fuel environment isn't safe way. We should run upgrade only on trusted mirrors aka mos* by default. Also it should be possible to override trusted mirror list.

So it should work similar to:

apt-get dist-upgrade -o Dir::Etc::sourcelist="sources.list.d/update.list" -o Dir::Etc::sourceparts="-" -o APT::Get::List-Cleanup="0"

Denis Egorenko (degorenko)
Changed in fuel:
status: New → Confirmed
Maksim Malchuk (mmalchuk)
tags: added: area-library area-puppet
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to fuel-web (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/360022

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to fuel-web (stable/mitaka)

Related fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/360515

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on fuel-web (master)

Change abandoned by Denis Egorenko (<email address hidden>) on branch: master
Review: https://review.openstack.org/360022

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on fuel-web (stable/mitaka)

Change abandoned by Denis Egorenko (<email address hidden>) on branch: stable/mitaka
Review: https://review.openstack.org/360515

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to fuel-library (master)

Fix proposed to branch: master
Review: https://review.openstack.org/362239

Changed in fuel:
assignee: MOS Puppet Team (mos-puppet) → Dmitry Burmistrov (dmburmistrov)
status: Confirmed → In Progress
Ivan Berezovskiy (iberezovskiy)
Changed in fuel:
assignee: Dmitry Burmistrov (dmburmistrov) → Denis Egorenko (degorenko)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to fuel-library (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/367850

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to fuel-library (master)

Reviewed: https://review.openstack.org/362239
Committed: https://git.openstack.org/cgit/openstack/fuel-library/commit/?id=52aa94c173c0c8497ef889ac1587bc66e6abdca4
Submitter: Jenkins
Branch: master

commit 52aa94c173c0c8497ef889ac1587bc66e6abdca4
Author: dmburmistrov <email address hidden>
Date: Mon Aug 29 18:59:11 2016 +0300

    Use "safe" mirror list on upgrade

    All "safe" repos for using in upgrade will be configured in UI and
    available in Hiera. Then this list will be used to link this mirrors
    to separate "sources.d" directory. This directory will be used to point
    APT another source location. That allows us to get list of packages, which
    will be upgraded with specified in "sources.d" mirrors. Then, available
    packages will be upgraded.

    To keep this process configurable we can specify hash of packages, which
    should be upgraded throw hiera.

    DocImpact

    Closes-bug: #1616553
    Closes-bug: #1621056

    Change-Id: Idf4ff71c04f8a75c572bb24e560b3827f3d55bac

Changed in fuel:
status: In Progress → Fix Committed
Maksim Malchuk (mmalchuk)
no longer affects: fuel/newton
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to fuel-library (stable/mitaka)

Reviewed: https://review.openstack.org/367850
Committed: https://git.openstack.org/cgit/openstack/fuel-library/commit/?id=c4ea02a3cd32a0dd8e1ba1db36b81ea89717d02a
Submitter: Jenkins
Branch: stable/mitaka

commit c4ea02a3cd32a0dd8e1ba1db36b81ea89717d02a
Author: dmburmistrov <email address hidden>
Date: Mon Aug 29 18:59:11 2016 +0300

    Use "safe" mirror list on upgrade

    All "safe" repos for using in upgrade will be configured in UI and
    available in Hiera. Then this list will be used to link this mirrors
    to separate "sources.d" directory. This directory will be used to point
    APT another source location. That allows us to get list of packages, which
    will be upgraded with specified in "sources.d" mirrors. Then, available
    packages will be upgraded.

    To keep this process configurable we can specify hash of packages, which
    should be upgraded throw hiera.

    DocImpact

    Closes-bug: #1616553
    Closes-bug: #1621056

    Change-Id: Idf4ff71c04f8a75c572bb24e560b3827f3d55bac

Timur Nurlygayanov (tnurlygayanov)
Changed in fuel:
status: Fix Committed → Fix Released
Revision history for this message
Nastya Urlapova (aurlapova) wrote :

@Timur, could you specify version what you used for verification?

Changed in fuel:
status: Fix Released → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to fuel-library (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/368861

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on fuel-library (stable/mitaka)

Change abandoned by Dmitry Ukov (<email address hidden>) on branch: stable/mitaka
Review: https://review.openstack.org/368861

Revision history for this message
Timur Nurlygayanov (tnurlygayanov) wrote :

@Nastya, yes, sure.

Verified on MOs 9.1 snapshot: http://mirror.seed-cz1.fuel-infra.org/mos-repos/ubuntu/snapshots/9.0-2016-09-09-040322

Changed in fuel:
status: Fix Committed → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to fuel-library (stable/mitaka)

Related fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/369905

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on fuel-library (stable/mitaka)

Change abandoned by Vladimir Maliaev (<email address hidden>) on branch: stable/mitaka
Review: https://review.openstack.org/369905

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to fuel-library (stable/mitaka)

Related fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/370097

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to fuel-library (stable/mitaka)

Reviewed: https://review.openstack.org/370097
Committed: https://git.openstack.org/cgit/openstack/fuel-library/commit/?id=cd186656d89c161e77b07c54dd47c88c9d10aacb
Submitter: Jenkins
Branch: stable/mitaka

commit cd186656d89c161e77b07c54dd47c88c9d10aacb
Author: Vladimir Maliaev <email address hidden>
Date: Wed Sep 7 13:55:31 2016 +0000

    Upgrade a single package or a bunch of packages

    It takes package names and versions from hiera hash to upgrade
    and override "ensure" parameter in package resource.
    If any package from the current puppet catalog is upgraded,
    all the services in the same catalog should be restarted.

    If there are no upgraded packages, then no services to be restarted.

    Change-Id: Ic3455c54aeea8890f8f3454c269d5f8a8ea0de4e
    Closes-Bug: #1623038
    Related-Bug: #1616553

tags: added: in-stable-mitaka
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to fuel-library (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/375643

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/fuel-library 10.0.0rc1

This issue was fixed in the openstack/fuel-library 10.0.0rc1 release candidate.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/fuel-library 10.0.0

This issue was fixed in the openstack/fuel-library 10.0.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to fuel-library (stable/newton)

Related fix proposed to branch: stable/newton
Review: https://review.openstack.org/421380

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on fuel-library (stable/newton)

Change abandoned by Dmitry Ilyin (<email address hidden>) on branch: stable/newton
Review: https://review.openstack.org/421380

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on fuel-library (master)

Change abandoned by Andreas Jaeger (<email address hidden>) on branch: master
Review: https://review.opendev.org/375643
Reason: This repo is retired now, no further work will get merged.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Change abandoned by Andreas Jaeger (<email address hidden>) on branch: master
Review: https://review.opendev.org/366772
Reason: This repo is retired now, no further work will get merged.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.