[FFe] Bump mongodb to 3.6.X

Bug #1761807 reported by Nicholas Skaggs
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mongo-tools (Ubuntu)
Fix Released
Undecided
Unassigned
mongodb (Ubuntu)
Fix Released
High
Robie Basak

Bug Description

I am requesting we bump mongodb to the latest 3.6 version.

Rationale:
The default version of openssl in bionic is 1.1. Mongo3.4 doesn't support this version, while mongo3.6 does.

Mongo upstream support generally averages 3 to 3.5 years, see https://www.mongodb.com/support-policy. At the moment, mongo hasn't decided on the support lifetime for mongo3.6. However, there's reason to believe it will be both supported for longer than mongo3.4, and perhaps longer than previous releases. This will allow more upstream overlap for the life of the LTS.

Finally, juju itself will benefit from the newer version of mongo3.6, and can take advantage of features exposed at a later date.

Logs:
<TBD>

Package:
The proposed package has already been built thanks to Robie Basak, and can be seen in his ppa: ppa:racb/experimental. Robie has also graciously volunteered to upload this package to fufill this FFe.

Testing:
The juju team has done initial validation to ensure this meets our needs. This included running our test suite utilizing the packaged mongodb from Robie's ppa.

CVE References

summary: - [FFe] Rev mongodb-server-core to 3.6.X
+ [FFe] Bump mongodb to 3.6.X
Revision history for this message
Steve Langasek (vorlon) wrote :

This gets us onto recent openssl and boost; mongodb has only two reverse-depends in the archive, one is python-loofah and the other is juju-related. The change has been in process for a while and just hasn't landed yet but should be uneventful when it does. +1 for this FFe.

Changed in mongodb (Ubuntu):
status: New → Triaged
tags: added: upgrade-software-version
David Britton (dpb)
Changed in mongodb (Ubuntu):
assignee: nobody → Robie Basak (racb)
importance: Undecided → High
Revision history for this message
Robie Basak (racb) wrote :

Steve, please could you also extend the FFe approval to cover mongo-tools? I think it makes sense to keep the version of mongo-tools in line with the mongodb package.

Revision history for this message
Steve Langasek (vorlon) wrote :

no other reverse-dependencies outside of mongodb-clients, should be kept in sync with mongodb; FFe approved for mongo-tools.

Changed in mongo-tools (Ubuntu):
status: New → Triaged
Revision history for this message
Nicholas Skaggs (nskaggs) wrote :

As an update to note, the juju team has done further manual testing on the build in ppa:racb/experimental to ensure it meets our needs. This included running real workloads and performing controller operations like migration and HA. We're happy with the package.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mongo-tools - 3.6.3-0ubuntu1

---------------
mongo-tools (3.6.3-0ubuntu1) bionic; urgency=medium

  * New upstream release (LP: #1761807).
  * d/copyright: update.

 -- Robie Basak <email address hidden> Tue, 10 Apr 2018 14:54:56 +0100

Changed in mongo-tools (Ubuntu):
status: Triaged → Fix Released
Changed in mongodb (Ubuntu):
status: Triaged → Fix Released
status: Fix Released → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mongodb - 1:3.6.3-0ubuntu1

---------------
mongodb (1:3.6.3-0ubuntu1) bionic; urgency=medium

  * New upstream release (LP: #1761807).
  * d/watch: update.
  * d/upstream/signing-key.asc: update.
  * Drop d/p/CVE-2016-6494.patch: no longer needed as fixed upstream by
    use of open(2) with S_IRUSR | S_IWUSR.
  * Drop d/p/asio-openssl-1.1-support.patch: this backport is no longer
    required as upstream successfully builds directly against OpenSSL
    1.1 now.
  * d/p/fix-ftbfs-with-gcc-7.patch: refresh to remove fuzz.
  * d/copyright: update.
  * d/control: build dependency changes:
    - Add new dependencies required for a successful build
      (libmongoc-dev, python-cheetah, python-pkg-resources,
      python-requests, python-typing).
    - Drop python (not required directly).
  * d/p/SERVER-34117-skip-dns-tests.patch: disable some tests that require
    network access.
  * d/p/strip-test-binaries.patch: strip test binaries to reduce build size to
    within Launchpad's limit.

 -- Robie Basak <email address hidden> Wed, 11 Apr 2018 13:45:22 +0100

Changed in mongodb (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.