Page MenuHomePhabricator
Create Task
Maniphest T304972

Upgrade Superset to 1.4.2
Closed, ResolvedPublic
Actions

Description

Superset 1.4.2 has been released: https://github.com/apache/superset/releases/tag/1.4.2

In particular this closed upstream bug was reproduced by @nshahquinn-wmf : https://github.com/apache/superset/pull/16945

Let's deploy this to the staging instance and test it out before rolling it out to production.

Details

SubjectRepoBranchLines +/-
Upgrade superset to 1.4.2analytics/superset/deploymaster+6 -1
Upgrade superset to 1.5.0analytics/superset/deploymaster+11 -1
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
 ResolvedBTullisT304972 Upgrade Superset to 1.4.2
 ResolvedBUG REPORTJArguello-WMFT308441 Error when updating dashboard

Event Timeline

razzi created this task.Mar 29 2022, 4:20 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 29 2022, 4:20 PM
BTullis subscribed.Mar 29 2022, 4:20 PM
razzi mentioned this in T275575: Add superset-next.wikimedia.org domain for superset staging.Mar 29 2022, 4:22 PM
gerritbot added a comment.Mar 29 2022, 4:34 PM

Change 774924 had a related patch set uploaded (by Razzi; author: Razzi):

[analytics/superset/deploy@master] Upgrade superset to 1.4.2

https://gerrit.wikimedia.org/r/774924

gerritbot added a project: Patch-For-Review.Mar 29 2022, 4:34 PM
razzi added a comment.EditedMar 29 2022, 6:09 PM

Superset 1.4.2 is running on superset-staging: an-tool1005. When making the change, I had to pin markupsafe to 2.0.1 since the default markupsafe it downloaded is not compatible with the version of flask that superset is using.

The upgrade itself was uneventful; migrations ran fine and a first glance at the UI looks good.

razzi moved this task from Next Up to In Code Review on the Data-Engineering-Kanban board.Mar 30 2022, 4:13 PM
razzi added a comment.Apr 5 2022, 10:06 PM

I thought I'd update the staging database to be the same as production before sharing superset staging widely, and I'm glad I did, because it looks like there's some sort of database issue with the update.

I dumped the superset production database and restored it to superset staging as per https://wikitech.wikimedia.org/wiki/Analytics/Systems/Superset#Administration, but when I ran superset init, I got this error:

$ superset init
...
2022-04-05 21:57:14,046:INFO:superset.security.manager:Creating missing datasource permissions.
Traceback (most recent call last):
  File "/srv/deployment/analytics/superset/venv/lib/python3.7/site-packages/sqlalchemy_utils/types/encrypted/encrypted_type.py", line 128, in decrypt
    decrypted = decrypted.decode('utf-8')
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xa6 in position 1: invalid start byte

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/srv/deployment/analytics/superset/venv/bin/superset", line 8, in <module>
    sys.exit(superset())
  File "/srv/deployment/analytics/superset/venv/lib/python3.7/site-packages/click/core.py", line 829, in __call__
    return self.main(*args, **kwargs)
  File "/srv/deployment/analytics/superset/venv/lib/python3.7/site-packages/flask/cli.py", line 586, in main
    return super(FlaskGroup, self).main(*args, **kwargs)
  File "/srv/deployment/analytics/superset/venv/lib/python3.7/site-packages/click/core.py", line 782, in main
    rv = self.invoke(ctx)
  File "/srv/deployment/analytics/superset/venv/lib/python3.7/site-packages/click/core.py", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/srv/deployment/analytics/superset/venv/lib/python3.7/site-packages/click/core.py", line 1066, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/srv/deployment/analytics/superset/venv/lib/python3.7/site-packages/click/core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "/srv/deployment/analytics/superset/venv/lib/python3.7/site-packages/click/decorators.py", line 21, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/srv/deployment/analytics/superset/venv/lib/python3.7/site-packages/flask/cli.py", line 426, in decorator
    return __ctx.invoke(f, *args, **kwargs)
  File "/srv/deployment/analytics/superset/venv/lib/python3.7/site-packages/click/core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "/srv/deployment/analytics/superset/venv/lib/python3.7/site-packages/click/decorators.py", line 21, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/srv/deployment/analytics/superset/venv/lib/python3.7/site-packages/flask/cli.py", line 426, in decorator
    return __ctx.invoke(f, *args, **kwargs)
  File "/srv/deployment/analytics/superset/venv/lib/python3.7/site-packages/click/core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "/srv/deployment/analytics/superset/venv/lib/python3.7/site-packages/superset/cli.py", line 95, in init
    security_manager.sync_role_definitions()
  File "/srv/deployment/analytics/superset/venv/lib/python3.7/site-packages/superset/security/manager.py", line 704, in sync_role_definitions
    self.create_missing_perms()
  File "/srv/deployment/analytics/superset/venv/lib/python3.7/site-packages/superset/security/manager.py", line 646, in create_missing_perms
    merge_pv("datasource_access", datasource.get_perm())
  File "/srv/deployment/analytics/superset/venv/lib/python3.7/site-packages/superset/connectors/sqla/models.py", line 619, in get_perm
    return f"[{self.database}].[{self.table_name}](id:{self.id})"
  File "/srv/deployment/analytics/superset/venv/lib/python3.7/site-packages/sqlalchemy/orm/attributes.py", line 294, in __get__
    return self.impl.get(instance_state(instance), dict_)
  File "/srv/deployment/analytics/superset/venv/lib/python3.7/site-packages/sqlalchemy/orm/attributes.py", line 730, in get
    value = self.callable_(state, passive)
  File "/srv/deployment/analytics/superset/venv/lib/python3.7/site-packages/sqlalchemy/orm/strategies.py", line 760, in _load_for_state
    session, state, primary_key_identity, passive
  File "<string>", line 1, in <lambda>
  File "/srv/deployment/analytics/superset/venv/lib/python3.7/site-packages/sqlalchemy/orm/strategies.py", line 850, in _emit_lazyload
    session.query(self.mapper), primary_key_identity
  File "/srv/deployment/analytics/superset/venv/lib/python3.7/site-packages/sqlalchemy/ext/baked.py", line 615, in _load_on_pk_identity
    result = list(bq.for_session(self.session).params(**params))
  File "/srv/deployment/analytics/superset/venv/lib/python3.7/site-packages/sqlalchemy/orm/loading.py", line 100, in instances
    cursor.close()
  File "/srv/deployment/analytics/superset/venv/lib/python3.7/site-packages/sqlalchemy/util/langhelpers.py", line 70, in __exit__
    with_traceback=exc_tb,
  File "/srv/deployment/analytics/superset/venv/lib/python3.7/site-packages/sqlalchemy/util/compat.py", line 182, in raise_
    raise exception
  File "/srv/deployment/analytics/superset/venv/lib/python3.7/site-packages/sqlalchemy/orm/loading.py", line 80, in instances
    rows = [proc(row) for row in fetch]
  File "/srv/deployment/analytics/superset/venv/lib/python3.7/site-packages/sqlalchemy/orm/loading.py", line 80, in <listcomp>
    rows = [proc(row) for row in fetch]
  File "/srv/deployment/analytics/superset/venv/lib/python3.7/site-packages/sqlalchemy/orm/loading.py", line 588, in _instance
    populators,
  File "/srv/deployment/analytics/superset/venv/lib/python3.7/site-packages/sqlalchemy/orm/loading.py", line 725, in _populate_full
    dict_[key] = getter(row)
  File "/srv/deployment/analytics/superset/venv/lib/python3.7/site-packages/sqlalchemy/sql/type_api.py", line 1278, in process
    return process_value(impl_processor(value), dialect)
  File "/srv/deployment/analytics/superset/venv/lib/python3.7/site-packages/sqlalchemy_utils/types/encrypted/encrypted_type.py", line 477, in process_result_value
    value = super().process_result_value(value=value, dialect=dialect)
  File "/srv/deployment/analytics/superset/venv/lib/python3.7/site-packages/sqlalchemy_utils/types/encrypted/encrypted_type.py", line 422, in process_result_value
    decrypted_value = self.engine.decrypt(value)
  File "/srv/deployment/analytics/superset/venv/lib/python3.7/site-packages/sqlalchemy_utils/types/encrypted/encrypted_type.py", line 130, in decrypt
    raise ValueError('Invalid decryption key')
ValueError: Invalid decryption key

It looks like other people have run into this in https://github.com/apache/superset/issues/8538. It looks like this will be resolvable by removing the database configuration secrets and recreating it. I'll try this on staging now.

razzi added a comment.Apr 5 2022, 10:20 PM

Ok, looks like the following will resolve it:

razzi@an-coord1001:~$ sudo mysql superset_staging
MariaDB [superset_staging]> update dbs set encrypted_extra = null;

Then go to production (superset.wikimedia.org), go to the database config, click "edit" on presto and copy the advanced > secure extra json value. For staging change an-tool1010 to an-tool1005 before saving.

Then superset init runs fine.

Here's the edited config for staging; no secrets in it so fine to post here.

{"connect_args":
  {"KerberosConfigPath":"/etc/krb5.conf",
   "KerberosKeytabPath":"/etc/security/keytabs/superset/superset.keytab",
   "KerberosPrincipal":"superset/an-tool1005.eqiad.wmnet@WIKIMEDIA",
   "KerberosRemoteServiceName":"presto",
   "requests_kwargs":
     {"verify":"/etc/ssl/certs/Puppet_Internal_CA.pem"}}}
razzi added a project: Product-Analytics.Apr 5 2022, 10:27 PM

Hi Product Analytics, superset 1.4.2 is ready to be tested on staging. Once we confirm there are no showstopping bugs we'll release it to production.

Access it using an ssh tunnel as follows:

ssh -NL 8080:an-tool1005.eqiad.wmnet:80 an-tool1005.eqiad.wmnet

then go to http://localhost:8080 and you'll be prompted for your wikitech username and password.

Comment here if you find any new issues, or create subtasks of this task.

Mayakp.wiki subscribed.Apr 12 2022, 5:28 PM
kzimmerman added subscribers: cchen, Iflorez, mpopov and 2 others.EditedApr 12 2022, 5:36 PM

A few of us (@mpopov, @MNeisler , @Iflorez , @cchen , @Mayakp.wiki, and I) will each test a chart or dashboard in staging this week and follow up if we encounter any issues.

mpopov added a comment.Apr 15 2022, 7:37 PM

We're currently blocked on this by not being able to SSH to an-tool1005 and are being asked for a password.

kzimmerman edited projects, added Product-Analytics (Kanban); removed Product-Analytics.Apr 19 2022, 5:19 PM

Per Mikhail's comment, we're blocked on testing pending the new task of T275575.

kzimmerman moved this task from Next 2 weeks to Blocked on the Product-Analytics (Kanban) board.Apr 19 2022, 5:19 PM
EChetty moved this task from Incoming (new tickets) to Event Platform Backlog on the Data-Engineering board.Apr 24 2022, 6:58 AM
gerritbot added a comment.May 5 2022, 8:10 PM

Change 789683 had a related patch set uploaded (by Razzi; author: Razzi):

[analytics/superset/deploy@master] Upgrade superset to 1.5.0

https://gerrit.wikimedia.org/r/789683

razzi added a comment.May 5 2022, 10:33 PM

I tried out Superset 1.5 briefly but found it requires python 3.8, and an-tool1005 is currently running python 3.7. The error:

ImportError: cannot import name 'TypedDict' from 'typing' (/usr/lib/python3.7/typing.py)

So we'll have to upgrade the host to a later Debian version or install a new Python before upgrading past 1.4.

gerritbot added a comment.May 5 2022, 10:38 PM

Change 789683 abandoned by Razzi:

[analytics/superset/deploy@master] Upgrade superset to 1.5.0

Reason:

This patch is fine, but we'd need to upgrade to python 3.8 first, so closing for now.

https://gerrit.wikimedia.org/r/789683

mpopov moved this task from Blocked to Doing on the Product-Analytics (Kanban) board.May 10 2022, 5:09 PM
razzi moved this task from In Code Review to Ready to Deploy on the Data-Engineering-Kanban board.May 11 2022, 4:05 PM
gerritbot added a comment.May 12 2022, 3:11 PM

Change 774924 merged by Razzi:

[analytics/superset/deploy@master] Upgrade superset to 1.4.2

https://gerrit.wikimedia.org/r/774924

razzi moved this task from Ready to Deploy to Done on the Data-Engineering-Kanban board.May 12 2022, 4:05 PM
mpopov edited projects, added Product-Analytics; removed Product-Analytics (Kanban).May 24 2022, 5:05 PM
mpopov moved this task from Triage to Tracking on the Product-Analytics board.
Aklapper removed razzi as the assignee of this task.May 30 2022, 8:10 AM

Resetting inactive task assignee

JArguello-WMF closed subtask T308441: Error when updating dashboard as Resolved.Jun 23 2022, 9:54 PM
BTullis closed this task as Resolved.Jun 28 2022, 4:14 PM
BTullis claimed this task.
Jgreen mentioned this in T311540: Upgrade Fundraising Superset to 1.5.3.Jun 28 2022, 5:37 PM
BTullis mentioned this in T323458: NEW FEATURE REQUEST: Upgrade superset to 1.5.3.Dec 13 2022, 11:24 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL