Page MenuHomePhabricator

Updates various services to nodejs 4.4.6
Closed, ResolvedPublic

Description

nodejs 4.4.6 has been uploaded to carbon. This doesn't fix all the security issues originally announced (that's why this is not 4.5.0 yet), but still CVE-2016-1669. I have built fixed packages and uploaded them to carbon. The following services using nodejs4/jessie need to be migrated:

  • aqs
  • restbase
  • etherpad
  • ruthenium (testreduce/parsoid)
  • maps (tilerator/kartoterian)
  • scb
    • mobileapps TESTED, OK
    • graphoid TESTED, OK
    • mathoid TESTED, OK
    • cxserver TESTED, OK
    • citoid TESTED, OK
    • changeprop TESTED, OK

Event Timeline

scb in codfw and the restbase test systems have been upgraded without apparent problems so far.

MoritzMuehlenhoff triaged this task as Medium priority.

I have a no-op html dump running in staging to test RESTBase. It's been running for half a day without problems. I think we can move ahead with RESTBase and consequently AQS (ping @JAllemandou @elukey).

For SCB, we first need to test all of the services there and then switch all of them at the same time. Let's set a deadline for the switch. I'm proposing next Wednesday, 2016-07-13.

@bearND @Mholloway @Yurik @KartikMistry @akosiaris could you please make sure your services work on Node 4.4.6 ?

Change 297419 had a related patch set uploaded (by Mholloway):
Update node version to 4.4.6

https://gerrit.wikimedia.org/r/297419

As it happens, I've been running 4.4.6 on my dev machine for a while now and so far as I've seen everything works fine.

@mobrovac: Wednesday 2016-07-13 works for me as a deadline, but I'll be off the next two days (just saying, in case we have issues).

@mobrovac, I will not be around that week, but all in all I doubt I will be needed. I don't maintain any services directly anyway and other opsen should be able to help with anything needed

As it happens, I've been running 4.4.6 on my dev machine for a while now and so far as I've seen everything works fine.

Nice, thnx!

@mobrovac: Wednesday 2016-07-13 works for me as a deadline, but I'll be off the next two days (just saying, in case we have issues).

I've been testing RESTBase with 4.4.6 and haven't encountered any issues thus far, so I don't expect AQS to have issues either. Still, it would be nice if you could test it with the new version.

@mobrovac, I will not be around that week, but all in all I doubt I will be needed. I don't maintain any services directly anyway and other opsen should be able to help with anything needed

I pinged you primarily because of etherpad, but it can be switched independently, so that can be done this week too.

To anyone maintaining a service running on the scb* clusters; the scb servers in codfw have already been upgraded to nodejs 4.4.6, so you can use these for tests.

Any plan to upgrade beta cluster along with this upgrade?

RESTBase in production is running on 4.4.6 as of earlier today.

Any plan to upgrade beta cluster along with this upgrade?

You can update your BC hosts by simply doing sudo apt-get install nodejs and restarting the service

Change 297615 had a related patch set uploaded (by Mobrovac):
Upgrade to nodejs v4.4.6

https://gerrit.wikimedia.org/r/297615

Change 297616 had a related patch set uploaded (by Mobrovac):
Upgrade to node v4.4.6

https://gerrit.wikimedia.org/r/297616

@mobrovac deployment-sca02.eqiad.wmflabs and deployment-sca01.eqiad.wmflabs should be fine to upgrade using simple apt-get?

Upgraded aqs100[456], we are going to test and upgrade 100[123] soon (@mobrovac I am ok for the deadline)

@mobrovac deployment-sca02.eqiad.wmflabs and deployment-sca01.eqiad.wmflabs should be fine to upgrade using simple apt-get?

Done, the services there are now running on node 4.4.6

Upgraded aqs100[456], we are going to test and upgrade 100[123] soon (@mobrovac I am ok for the deadline)

Awesome, thnx @elukey !

@mobrovac, I will not be around that week, but all in all I doubt I will be needed. I don't maintain any services directly anyway and other opsen should be able to help with anything needed

I pinged you primarily because of etherpad, but it can be switched independently, so that can be done this week too.

I had forgotten that one. So, upgrade tested in labs for some time yesterday, everything seemed fine, our etherpad instance was upgraded today.

@mobrovac deployment-sca02.eqiad.wmflabs and deployment-sca01.eqiad.wmflabs should be fine to upgrade using simple apt-get?

Done, the services there are now running on node 4.4.6

Thanks! cxserver is OK then. Tested locally, labs and Beta.

So, cxserver is OK with nodejs 4.4.6.

Since all of the SCB services have been tested with the new version of node, @MoritzMuehlenhoff and I decided to switch SCB to Node 4.4.6 on Monday, 2016-07-11.

I will proceed with creating/merging the needed source repo patches and updating the respective deploy repos. Please do not deploy your service if it's on SCB until we do the switch and confirm everything is working as expected.

Change 298001 had a related patch set uploaded (by Mobrovac):
Update to node 4.4.6

https://gerrit.wikimedia.org/r/298001

Change 297615 merged by Mobrovac:
Upgrade to nodejs v4.4.6

https://gerrit.wikimedia.org/r/297615

Change 297616 merged by Mobrovac:
Upgrade to node v4.4.6

https://gerrit.wikimedia.org/r/297616

Change 298002 had a related patch set uploaded (by Mobrovac):
Update citoid to 8d31664

https://gerrit.wikimedia.org/r/298002

Change 298001 merged by Mobrovac:
Update to node 4.4.6

https://gerrit.wikimedia.org/r/298001

Change 298004 had a related patch set uploaded (by Mobrovac):
Update cxserver to 687a2d1

https://gerrit.wikimedia.org/r/298004

Change 298005 had a related patch set uploaded (by Mobrovac):
Update mathoid to 9922544

https://gerrit.wikimedia.org/r/298005

Change 298006 had a related patch set uploaded (by Mobrovac):
Update to nodejs 4.4.6

https://gerrit.wikimedia.org/r/298006

Change 297419 merged by Mobrovac:
Update node version to 4.4.6

https://gerrit.wikimedia.org/r/297419

Change 298006 merged by Mobrovac:
Update to nodejs 4.4.6

https://gerrit.wikimedia.org/r/298006

Change 298012 had a related patch set uploaded (by Mobrovac):
Update change-propagation to 8d8875d

https://gerrit.wikimedia.org/r/298012

Change 298018 had a related patch set uploaded (by Mobrovac):
Update graphoid to c3a6b11

https://gerrit.wikimedia.org/r/298018

Change 298019 had a related patch set uploaded (by Mobrovac):
Update mobileapps to 6d55828

https://gerrit.wikimedia.org/r/298019

Change 298004 merged by Mobrovac:
Update cxserver to 687a2d1

https://gerrit.wikimedia.org/r/298004

Change 298012 merged by Mobrovac:
Update change-propagation to 8d8875d

https://gerrit.wikimedia.org/r/298012

Change 298019 merged by Mobrovac:
Update mobileapps to 6d55828

https://gerrit.wikimedia.org/r/298019

Maps servers tested and updated to nodejs 4.4.6. @Yurik, @MaxSem let me know if you see anything unusual.

Maps servers tested and updated to nodejs 4.4.6. @Yurik, @MaxSem let me know if you see anything unusual.

Note that beside actually installing 4.4.6 on the nodes, the deploy repos have to updated to be built against 4.4.6

@ssastry OK to proceed with the upgrade of ruthenium to node 4.4.6? There shouldn't be any impact as it's a security update, and node 4.4.6 is the new stable version used in our infra.

@ssastry OK to proceed with the upgrade of ruthenium to node 4.4.6? There shouldn't be any impact as it's a security update, and node 4.4.6 is the new stable version used in our infra.

@MoritzMuehlenhoff asked me about it y'day and I said yes already. He might done it by now even.

Ah, so we can actually close the bug...