Page MenuHomePhabricator
Create Task
Maniphest T211419

Test maps stack with new nodejs security update
Closed, ResolvedPublic
Actions

Description

Hi,
there was a nodejs security release and I've backported the security fixes to our internal nodejs package. Could you please test the maps stack with the new packages before we upgrade the production cluster?

The new package available on apt.wikimedia.org and the maps instances in labs/WMCS should usually auto-upgrade, but you can check with

dpkg -l nodejs

that it has 6.11.0~dfsg-1+wmf5+jessie (jessie) or 6.11.0~dfsg-1+wmf5 (stretch) installed.

  • Confirm right nodejs version is being tested
  • test deployment-maps04 (stretch)
  • test deployment-maps03 (jessie)

Event Timeline

MoritzMuehlenhoff created this task.Dec 7 2018, 12:46 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 7 2018, 12:46 PM
MoritzMuehlenhoff added a subscriber: MSantos.Dec 7 2018, 12:46 PM
Mholloway added a project: Product-Infrastructure-Team-Backlog-Deprecated (Kanban).Dec 7 2018, 2:40 PM
Mholloway triaged this task as Medium priority.Dec 11 2018, 4:04 PM
MSantos claimed this task.Dec 12 2018, 7:14 PM
MSantos moved this task from To Do to Doing on the Product-Infrastructure-Team-Backlog-Deprecated (Kanban) board.Dec 13 2018, 10:25 PM
MSantos updated the task description. (Show Details)Dec 13 2018, 10:29 PM
MSantos added a comment.Dec 13 2018, 10:32 PM

Not sure if something happened. I checked the version two days ago and it was 6.11.0~dfsg-1+wmf5* for both wmflabs instances. Now I get the following outputs.

mbsantos@deployment-maps04:~$ dpkg -l nodejs                                                                                 
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend                                               
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                      Version           Architecture      Description                                                
+++-=========================-=================-=================-========================================================   
ii  nodejs                    6.11.0~dfsg-1+wmf amd64             evented I/O for V8 javascript
mbsantos@deployment-maps03:~$ dpkg -l nodejs
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend                                               
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                      Version           Architecture      Description                                                
+++-=========================-=================-=================-========================================================   
ii  nodejs                    6.11.0~dfsg-1+wmf amd64             evented I/O for V8 javascript

It seems like debian is requiring reinstallation of the package.

MSantos updated the task description. (Show Details)Dec 14 2018, 2:53 PM
MSantos updated the task description. (Show Details)Dec 14 2018, 3:16 PM
MSantos updated the task description. (Show Details)
MSantos added a comment.EditedDec 14 2018, 4:29 PM

Both machines still show the header:

$ dpkg -l nodejs
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend                                                        
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)

But deployments-maps04 seems fine. Tested and everything works fine. Although, deployments-maps03 (jessie) doesn't show 6.11.0~dfsg-1+wmf5+jessie, instead we have:

mbsantos@deployment-maps03:~$ dpkg -l nodejs
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend                                                        
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                        Version            Architecture       Description                                                     
+++-===========================-==================-==================-============================================================    
ii  nodejs                      6.11.0~dfsg-1+wmf5 amd64              evented I/O for V8 javascript

@MoritzMuehlenhoff could that be a problem? Everything works fine on that machine though. Just want make sure that I tested the right version.

MSantos updated the task description. (Show Details)Dec 14 2018, 4:29 PM
Mholloway added a comment.Dec 14 2018, 4:36 PM

For the record, deployment-maps03 will be decom'd as soon as we complete the prod maps cluster migration to Stretch.

MoritzMuehlenhoff added a comment.Dec 17 2018, 4:24 PM
In T211419#4824048, @MSantos wrote:

But deployments-maps04 seems fine. Tested and everything works fine. Although, deployments-maps03 (jessie) doesn't show 6.11.0~dfsg-1+wmf5+jessie, instead we have:

mbsantos@deployment-maps03:~$ dpkg -l nodejs
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend                                                        
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                        Version            Architecture       Description                                                     
+++-===========================-==================-==================-============================================================    
ii  nodejs                      6.11.0~dfsg-1+wmf5 amd64              evented I/O for V8 javascript

@MoritzMuehlenhoff could that be a problem? Everything works fine on that machine though. Just want make sure that I tested the right version.

deployment-maps03 shows the correct version for me:

jmm@deployment-maps03:~$ dpkg --list | grep node
ii  nodejs                               6.11.0~dfsg-1+wmf5+jessie                amd64        evented I/O for V8 javascript
ii  nodejs-legacy                        6.11.0~dfsg-1+wmf5+jessie                all          evented I/O for V8 javascript (legacy symlink)

This might have been truncated by the size of your terminal window. If you instead run e.g. "COLUMNS=200 dpkg -l nodejs" it should display the whole width. But if your tests on deployment-maps03 were fine, we should be good to go.

MSantos moved this task from Doing to To Deploy on the Product-Infrastructure-Team-Backlog-Deprecated (Kanban) board.Dec 17 2018, 4:51 PM
In T211419#4828174, @MoritzMuehlenhoff wrote:

This might have been truncated by the size of your terminal window. If you instead run e.g. "COLUMNS=200 dpkg -l nodejs" it should display the whole width. But if your tests on deployment-maps03 were fine, we should be good to go.

You are right, just checked and we are good to go. Thanks, @MoritzMuehlenhoff.

MSantos updated the task description. (Show Details)Dec 17 2018, 4:51 PM
Stashbot subscribed.Dec 20 2018, 2:53 PM

Mentioned in SAL (#wikimedia-operations) [2018-12-20T14:53:12Z] <moritzm> installing nodejs security updates on maps* (was tested via T211419)

Jdforrester-WMF moved this task from To Deploy to Sign off on the Product-Infrastructure-Team-Backlog-Deprecated (Kanban) board.Jan 1 2019, 5:12 PM
MSantos closed this task as Resolved.Feb 7 2019, 6:13 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL