Debian repository supporting multiple package versions
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	fgiunchedi
	Oct 16 2015, 9:31 PM

Description

Problem Statement #1

Once a new Debian package has been built it needs testing, at the moment this can be done for example by manually copying the package to labs and/or to canary hosts in production. While this works it is suboptimal, especially when dependencies are involved as well. A better option would be to have a separate distribution where to upload packages, this distribution would be installed only on particular hosts (e.g. canaries) and can be upgraded without affecting production. Once testing is complete the package can be copied to "$distribution-wikimedia" (in other words, promoted) using https://wikitech.wikimedia.org/wiki/Reprepro#Copying_between_distributions
see also https://etherpad.wikimedia.org/p/debian-packaging-automation

Problem Statement #2

Some clustered services (Cassandra for example), require identical software versions on constituent nodes. Having a new node provisioned with a newer version of software, simply because the repository has since been updated, is a recipe for disaster; Package {up,down}grades should only occur on an explicit basis. It is also not practical to assume that all of the clusters are able to move in version lock-step with one another. Ideally, our repository would be able to host multiple software versions, and Puppet could be utilized to ensure that the nodes of a cluster remained pinned to the apropos version. The approach cited above could be used here as well, but it would require the creation of a distribution for each new version added. Another approach would be to generate a packages manifest from a pool containing multiple versions, (and in the absence of pinning, hosts would simply get the most recent).

Related Objects
Search...

		Status	Subtype	Assigned	Task
		Resolved		MoritzMuehlenhoff	T115758 Debian repository supporting multiple package versions
		Resolved		MoritzMuehlenhoff	T115348 Audit uses of package=>latest

Event Timeline

other examples include the nodejs upgrade in T107762: Switch RESTBase to use Node.js 4.2

fgiunchedi added a subtask: T115348: Audit uses of package=>latest.Oct 16 2015, 9:33 PM

revi subscribed.Oct 18 2015, 9:44 AM

Eevans renamed this task from consider debian "experimental" workflow for internal repository to Debian repository supporting multiple package versions.May 18 2016, 7:06 PM

Eevans updated the task description. (Show Details)

Even more examples in T95253: Finish conversion to multiple Cassandra instances per hardware node (starting here), and T126629: Cassandra 2.2.6 (starting here and here).

Eevans mentioned this in T95253: Finish conversion to multiple Cassandra instances per hardware node.May 18 2016, 7:27 PM

Previous related discussion:

An example of a repository manager with good support for multiple versions per package is aptly. I have used this in the past to host parsoid packages, and @yuvipanda is currently using it in labs.

Also https://wikitech.wikimedia.org/wiki/Aptly

elukey subscribed.May 19 2016, 11:38 AM

This also affects Parsoid .deb package distribution. When we uploaded version 0.5.0 of the parsoid deb today, I noticed that the 0.4.1 version was removed. For now, this is not a problem, but, going forward, this is not desirable when we make breaking changes to Parsoid since not all versions of Parsoid, VE, and M/W are going to be compatible with each other. Without having multiple versions of a package, existing installs of VE won't be able to upgrade to a later version that is compatible unless they upgrade everything to remain compatible.

Perhaps another alternative, would be to lightly automate the creation of trivial APT repos using dpkg-scanpackages, for the select cases where this makes sense.

So using Cassandra as an example: You could have a repository for the current 2.2 packages, and another for the 2.1 packages, and template apt sources with Puppet accordingly.

deb http://mirrors.wikimedia.org/debian/ jessie main non-free contrib
deb-src http://mirrors.wikimedia.org/debian/ jessie main non-free contrib

# Current Cassandra 2.2.x release
deb http://mirrors.wikimedia.org/wmf/cassandra 22x/

# Current Cassandra 2.1.x release
#deb http://mirrors.wikimedia.org/wmf/cassandra 21x/

This would be really simple to do (I'm sure we could even find something that already does this).

In T115758#2458271, @Eevans wrote:

[ ... ]
This would be really simple to do (I'm sure we could even find something that already does this).

And another option.

Eevans added a subscriber: faidon.Aug 18 2016, 4:41 PM

MoritzMuehlenhoff closed subtask T115348: Audit uses of package=>latest as Resolved.Jan 16 2017, 9:52 AM

Eevans mentioned this in T158583: Restructure our internal repositories further.Feb 21 2017, 9:56 PM

For both Nodepool and Zuul, I need packages versions that are not available in our apt.wikimedia.org. For Nodepool that blocks further upgrades and for Zuul I went with a hack to get the Debian packaging to craft a virtualenv that fetches dependencies from pypi.

I would love to pin something like http://apt.wikimedia.org/wikimedia/ jessie-wikimedia/zuul which would get the Zuul package itself and all its dependencies with the proper versions.

• Phabricator_maintenance removed a subscriber: yuvipanda.Jun 7 2017, 6:46 PM

• Phabricator_maintenance moved this task from Backlog to Acknowledged on the SRE board.Jan 26 2019, 8:22 PM

jbond added a project: Packaging.Nov 4 2022, 1:58 PM

Restricted Application added a project: Infrastructure-Foundations. · View Herald TranscriptNov 4 2022, 1:58 PM

hashar unsubscribed.Nov 4 2022, 4:07 PM

We have established that with the system of separate component we introduced a few years ago. Marking as resolved.

Debian repository supporting multiple package versionsClosed, ResolvedPublicActions