Page MenuHomePhabricator

jquery included in openstack-mitaka-jessie component, leads to downgrades on stretch hosts
Closed, ResolvedPublic

Description

When rolling out the jquery security update for Stretch I noticed that jquery is present in the openstack-mitaka-jessie component which gets applied to jessie and stretch. As stretch has a higher version than openstack-mitaka-jessie this would lead to a package downgrade which would deinstall other packages along.

We should omit the pin on stretch. Or alternatively we can simply remove the libjs-jquery package (the only binary package built from the jquery source package) from the component; we're not going to install new hosts on jessie and all the existing jessie hosts already have the package installed locally.

Event Timeline

Change 509812 had a related patch set uploaded (by Arturo Borrero Gonzalez; owner: Arturo Borrero Gonzalez):
[operations/puppet@production] openstack: in stretch don't use libjs-jquery from openstack-mitaka-jessie

https://gerrit.wikimedia.org/r/509812

Change 509812 merged by Arturo Borrero Gonzalez:
[operations/puppet@production] openstack: in stretch don't use libjs-jquery from openstack-mitaka-jessie

https://gerrit.wikimedia.org/r/509812

Mentioned in SAL (#wikimedia-operations) [2019-05-13T13:02:59Z] <arturo> enable puppet in cloudvirt1024 to refresh some apt config T222862

Mentioned in SAL (#wikimedia-operations) [2019-05-13T13:04:18Z] <arturo> install libjs-jquery from stretch in cloudnet servers T222862

After the operations we have:

aborrero@cumin1001:~ 6s $ sudo cumin A:cloud-eqiad1 "apt-cache policy libjs-jquery"
39 hosts will be targeted:
cloudcontrol[1003-1004].wikimedia.org,cloudnet[1003-1004].eqiad.wmnet,cloudservices[1003-1004].wikimedia.org,cloudvirt[1001-1009,1012-1030].eqiad.wmnet,cloudvirtan[1001-1005].eqiad.wmnet
Confirm to continue [y/n]? y
===== NODE GROUP =====                                                                                                                                                                                                                                                                    
(15) cloudcontrol[1003-1004].wikimedia.org,cloudservices[1003-1004].wikimedia.org,cloudvirt[1014,1016-1017,1021-1023].eqiad.wmnet,cloudvirtan[1001-1005].eqiad.wmnet                                                                                                                      
----- OUTPUT of 'apt-cache policy libjs-jquery' -----                                                                                                                                                                                                                                     
libjs-jquery:                                                                                                                                                                                                                                                                             
  Installed: 1.11.3+dfsg-4~bpo8+1                                                                                                                                                                                                                                                         
  Candidate: 1.11.3+dfsg-4~bpo8+1
  Version table:
 *** 1.11.3+dfsg-4~bpo8+1 0
       1001 http://apt.wikimedia.org/wikimedia/ jessie-wikimedia/openstack-mitaka-jessie amd64 Packages
        100 /var/lib/dpkg/status
     1.7.2+dfsg-3.2+deb8u6 0
        500 http://security.debian.org/ jessie/updates/main amd64 Packages
     1.7.2+dfsg-3.2 0
        500 http://mirrors.wikimedia.org/debian/ jessie/main amd64 Packages
===== NODE GROUP =====                                                                                                                                                                                                                                                                    
(24) cloudnet[1003-1004].eqiad.wmnet,cloudvirt[1001-1009,1012-1013,1015,1018-1020,1024-1030].eqiad.wmnet                                                                                                                                                                                  
----- OUTPUT of 'apt-cache policy libjs-jquery' -----                                                                                                                                                                                                                                     
libjs-jquery:                                                                                                                                                                                                                                                                             
  Installed: 3.1.1-2+deb9u1                                                                                                                                                                                                                                                               
  Candidate: 3.1.1-2+deb9u1
  Version table:
 *** 3.1.1-2+deb9u1 500
        500 http://mirrors.wikimedia.org/debian stretch/main amd64 Packages
        100 /var/lib/dpkg/status
     1.11.3+dfsg-4~bpo8+1 -1
       1001 http://apt.wikimedia.org/wikimedia jessie-wikimedia/openstack-mitaka-jessie amd64 Packages
================

which I think is OK.