Page MenuHomeSoftware Heritage
Differential D6830

Pin python3.7 version so venv still works after bullseye migration
AbandonedPublic
Actions

Authored by ardumont on Dec 14 2021, 10:17 AM.

Details

Reviewers
None
Group Reviewers
System administrators
Maniphest Tasks
T3802: Migrate bojimans (netbox) to bullseye
Summary

Without the pinning, after the bullseye upgrade, python3 is upgraded to python3.9. Which
breaks the venv, thus failing the netbox service.

The smallest effort is to actually pin the python3 version.

Related to T3802

Test Plan

octo-diff:

$ $SWH_PUPPET_ENVIRONMENT_HOME/bin/octocatalog-diff --octocatalog-diff-args --no-truncate-details --to staging bojimans
...
diff origin/production/bojimans.internal.softwareheritage.org current/bojimans.internal.softwareheritage.org
*******************************************
+ Apt::Pin[python3] =>
   parameters =>
      "codename": ""
      "component": ""
      "ensure": "present"
      "explanation": "Pin python3.7 version so venv still works after bullseye upgrade"
      "label": ""
      "notify": "Package[python3-venv]"
      "order": 50
      "origin": ""
      "originator": ""
      "packages": ["python3"]
      "priority": 1001
      "release": ""
      "release_version": ""
      "version": "3.7.3-1"
*******************************************
+ Apt::Setting[pref-python3] =>
   parameters =>
      "ensure": "present"
      "notify_update": false
      "priority": 50
      "content": >>>
# This file is managed by Puppet. DO NOT EDIT.
Explanation: Pin python3.7 version so venv still works after bullseye upgrade
Package: python3
Pin: version 3.7.3-1
Pin-Priority: 1001
<<<
*******************************************
+ File[/etc/apt/preferences.d/python3.pref] =>
   parameters =>
      "ensure": "present"
      "group": "root"
      "mode": "0644"
      "owner": "root"
      "content": >>>
# This file is managed by Puppet. DO NOT EDIT.
Explanation: Pin python3.7 version so venv still works after bullseye upgrade
Package: python3
Pin: version 3.7.3-1
Pin-Priority: 1001
<<<
*******************************************
*** End octocatalog-diff on bojimans.internal.softwareheritage.org

vagrant up bojimans in the intent to run the bullseye upgrade:

root@bojimans:/root# puppet agent --test
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Loading facts
Info: Caching catalog for bojimans.internal.softwareheritage.org
Info: Applying configuration version '1639473399'
Notice: /Stage[main]/Profile::Static_hostnames/Host[somerset.internal.softwareheritage.org]/ensure: created
Info: Computing checksum on file /etc/hosts
Notice: /Stage[main]/Profile::Static_hostnames/Host[ns0.euwest.azure.internal.softwareheritage.org]/ensure: created
Notice: /Stage[main]/Profile::Netbox/Apt::Pin[python3]/Apt::Setting[pref-python3]/File[/etc/apt/preferences.d/python3.pref]/content:
--- /etc/apt/preferences.d/python3.pref 2021-12-14 09:00:14.173692182 +0000
+++ /tmp/puppet-file20211214-10027-z1lwxw       2021-12-14 09:16:45.309028031 +0000
@@ -1,5 +1,5 @@
 # This file is managed by Puppet. DO NOT EDIT.
-Explanation: Pin python3.7 version so old venv still works after bullseye upgrade
+Explanation: Pin python3.7 version so venv still works after bullseye upgrade
 Package: python3
 Pin: version 3.7.3-1
 Pin-Priority: 1001

Info: Computing checksum on file /etc/apt/preferences.d/python3.pref
Info: /Stage[main]/Profile::Netbox/Apt::Pin[python3]/Apt::Setting[pref-python3]/File[/etc/apt/preferences.d/python3.pref]: Filebucketed /etc/apt/preferences.d/python3.pref to puppet with sum 2a904a5bf26a71652466591111670fc8
Notice: /Stage[main]/Profile::Netbox/Apt::Pin[python3]/Apt::Setting[pref-python3]/File[/etc/apt/preferences.d/python3.pref]/content: content changed '{md5}2a904a5bf26a71652466591111670fc8' to '{md5}9f2eb64399150dd2ad135e687c64c4d2'
Info: Apt::Pin[python3]: Scheduling refresh of Package[python3-venv]
Notice: /Stage[main]/Ntp::Service/Service[ntp]/ensure: ensure changed 'stopped' to 'running'
Info: /Stage[main]/Ntp::Service/Service[ntp]: Unscheduling refresh on Service[ntp]
Notice: /Stage[main]/Profile::Systemd_journal::Journalbeat/Service[journalbeat]/ensure: ensure changed 'stopped' to 'running'
Info: /Stage[main]/Profile::Systemd_journal::Journalbeat/Service[journalbeat]: Unscheduling refresh on Service[journalbeat]
Notice: /Stage[main]/Profile::Netbox/Package[python3-venv]: Triggered 'refresh' from 1 event
Notice: Applied catalog in 3.57 seconds

Following the dist-upgrade to bullseye, the following is seen:

root@bojimans: /root # $CMD upgrade
...
The following packages have been kept back:
  facter gir1.2-glib-2.0 guile-2.2-libs libgirepository-1.0-1 libglib2.0-0 libpython2-stdlib libpython2.7
  libpython2.7-minimal libpython2.7-stdlib libpython3-stdlib mailutils mailutils-common ntp python2 python2-minimal
  python2.7 python2.7-minimal python3-minimal python3-pykwalify python3-ruamel.yaml python3-six ruby ruby-augeas
  ruby-filesystem ruby-json ruby-selinux ruby-shadow rubygems-integration unattended-upgrades
root@bojimans:/root # dpkg -l python3-minimal
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name            Version      Architecture Description
+++-===============-============-============-===============================================================
ii  python3-minimal 3.7.3-1      amd64        minimal subset of the Python language (default python3 version)

root@bojimans: /root# $CMD dist-upgrade
...
The following packages have been kept back:
  libpython3-stdlib ntp python3-minimal python3-pykwalify python3-ruamel.yaml

# after the dist-upgrade \m/
root@bojimans:/etc# python3 --version
Python 3.7.3
root@bojimans:/etc# systemctl restart netbox
root@bojimans:/etc# systemctl status netbox
● netbox.service - NetBox WSGI Service
     Loaded: loaded (/etc/systemd/system/netbox.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2021-12-14 09:31:25 UTC; 2s ago
       Docs: https://netbox.readthedocs.io/en/stable/
   Main PID: 21516 (gunicorn)
      Tasks: 6 (limit: 1146)
     Memory: 389.5M
     CGroup: /system.slice/netbox.service
             ├─21516 /opt/netbox-3.0.2/venv/bin/python3 /opt/netbox-3.0.2/venv/bin/gunicorn --pid /var/tmp/netbox.pid >
             ├─21520 /opt/netbox-3.0.2/venv/bin/python3 /opt/netbox-3.0.2/venv/bin/gunicorn --pid /var/tmp/netbox.pid >
             ├─21521 /opt/netbox-3.0.2/venv/bin/python3 /opt/netbox-3.0.2/venv/bin/gunicorn --pid /var/tmp/netbox.pid >
             ├─21522 /opt/netbox-3.0.2/venv/bin/python3 /opt/netbox-3.0.2/venv/bin/gunicorn --pid /var/tmp/netbox.pid >
             ├─21523 /opt/netbox-3.0.2/venv/bin/python3 /opt/netbox-3.0.2/venv/bin/gunicorn --pid /var/tmp/netbox.pid >
             └─21524 /opt/netbox-3.0.2/venv/bin/python3 /opt/netbox-3.0.2/venv/bin/gunicorn --pid /var/tmp/netbox.pid >

Dec 14 09:31:25 bojimans systemd[1]: Started NetBox WSGI Service.
Dec 14 09:31:26 bojimans gunicorn[21516]: [2021-12-14 09:31:26 +0000] [21516] [INFO] Starting gunicorn 20.1.0
Dec 14 09:31:26 bojimans gunicorn[21516]: [2021-12-14 09:31:26 +0000] [21516] [INFO] Listening at: http://127.0.0.1:80>
Dec 14 09:31:26 bojimans gunicorn[21516]: [2021-12-14 09:31:26 +0000] [21516] [INFO] Using worker: gthread
Dec 14 09:31:26 bojimans gunicorn[21520]: [2021-12-14 09:31:26 +0000] [21520] [INFO] Booting worker with pid: 21520
Dec 14 09:31:26 bojimans gunicorn[21521]: [2021-12-14 09:31:26 +0000] [21521] [INFO] Booting worker with pid: 21521
Dec 14 09:31:26 bojimans gunicorn[21522]: [2021-12-14 09:31:26 +0000] [21522] [INFO] Booting worker with pid: 21522
Dec 14 09:31:26 bojimans gunicorn[21523]: [2021-12-14 09:31:26 +0000] [21523] [INFO] Booting worker with pid: 21523
Dec 14 09:31:26 bojimans gunicorn[21524]: [2021-12-14 09:31:26 +0000] [21524] [INFO] Booting worker with pid: 21524

So, the pinning works as expected, it allows the venv to still run ok after the upgrade.

Diff Detail

Repository
rSPSITE puppet-swh-site
Branch
staging
Lint
No Linters Available
Unit
No Unit Test Coverage
Build Status
Buildable 25612
Build 40050: arc lint + arc unit

Event Timeline

ardumont created this revision.Dec 14 2021, 10:17 AM
Herald added a reviewer: System administrators. · View Herald TranscriptDec 14 2021, 10:17 AM
ardumont requested review of this revision.Dec 14 2021, 10:17 AM
Harbormaster completed remote builds in B25611: Diff 24758.Dec 14 2021, 10:18 AM
ardumont updated this revision to Diff 24759.Dec 14 2021, 10:18 AM

Sync diff description and commit message

Harbormaster completed remote builds in B25612: Diff 24759.Dec 14 2021, 10:18 AM
ardumont edited the test plan for this revision. (Show Details)Dec 14 2021, 10:21 AM
ardumont edited the test plan for this revision. (Show Details)Dec 14 2021, 10:28 AM
ardumont edited the test plan for this revision. (Show Details)Dec 14 2021, 10:30 AM
ardumont edited the test plan for this revision. (Show Details)
ardumont edited the summary of this revision. (Show Details)Dec 14 2021, 10:33 AM
ardumont edited the summary of this revision. (Show Details)Dec 14 2021, 10:35 AM
vsellier added a subscriber: vsellier.Dec 14 2021, 10:42 AM
vsellier added inline comments.
site-modules/profile/manifests/netbox.pp
37

maybe the ensure_package should be replaced by package and a dependency apt::pin -> package added to avoid some flip-flop

The package should probably also notify the netbox service

ardumont added a comment.Dec 14 2021, 10:54 AM

It turns out that this is too much a pinning.
That will actually prevent python3.9 from being installed as well. [1]

Another path would be to:

  • keep python3.7 around during the upgrade.
  • then recreate the venv once the migration is done.
  • then clean up that old version

[1]

10:46 <+olasd> I didn't say "force python3.9 to not be installed", I said "keep python3.7 around"
10:47 <+olasd> it's just a matter of marking python3.7 as manually installed before running the upgrade
10:48 <+olasd> and it's only for the 10 minutes between upgrading and recreating the virtualenv with python3.9
10:49 <+ardumont> mmm, ok, i did not realize that would prevent the 3.9 from popping up
10:49 <+ardumont> how do you mark python3.7 as manually installed?
10:49 <+olasd> "apt install python3.7"
10:50 <+ardumont> ahhhh ok, it's only installed as a deps in the current state
ardumont abandoned this revision.Dec 14 2021, 10:54 AM

Revision Contents
Changeset List

PathSize
site-modules/
profile/
manifests/
8 lines

Diff 24759

View Options

site-modules/profile/manifests/netbox.pp

Loading...
About · Developer information · Legal