Page MenuHomePhabricator
Create Task
Maniphest T275784

orchestrator: Upgrade to v3.2.6
Closed, ResolvedPublic
Actions

Description

v3.2.6 has been released.

It doesn't contain the TLS cipher fix we require (https://github.com/openark/orchestrator/pull/1295), so we'll need to build a patched version of it.

Event Timeline

Kormat created this task.Feb 25 2021, 3:59 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 25 2021, 3:59 PM
LSobanski added a subscriber: LSobanski.Feb 25 2021, 4:20 PM
Marostegui triaged this task as Medium priority.Feb 26 2021, 5:53 AM
Marostegui moved this task from Triage to Ready on the DBA board.
Marostegui added a subscriber: Marostegui.Jun 4 2021, 10:52 AM

https://github.com/openark/orchestrator/releases/tag/v3.2.5

This version does include our patch.
I think we've never upgraded orchestrator since it was installed, it would be a good practice to upgrade and document the upgrade process.

Marostegui added a comment.Jun 4 2021, 10:52 AM

For the record:

Changes since https://github.com/openark/orchestrator/releases/tag/v3.2.4: v3.2.4...v3.2.5

Notable:

Introducing RecoverNonWriteableMaster flag #1332
Drop fixed list of cipher suites. #1295, thanks @kormat
If access to ORCHESTRATOR_API fails do not expose the password(s) #1319, thanks @sjmudd
Expose Binlog Coordinates at time of promotion as Environment Variable #1323, thanks @gsraman
Fix filter match logic, be strict about IP addresses #1318
ConsulTxnStore: batch KV updates by key-prefix to avoid ops limit #1311, thanks @timvaillancourt
Use RaftHttpTransport for reverse-proxy #1344, thanks @akatashev
Remove resetting Auth credentials in reverse-proxy #1349, thanks @akatashev
Bump Bootstrap version, per CVE-2018-14040 #1336
docs/spelling, thanks @wreiske, michaelcoburn
LSobanski added a comment.Jun 7 2021, 9:49 AM
In T275784#7133984, @Marostegui wrote:

https://github.com/openark/orchestrator/releases/tag/v3.2.5

This version does include our patch.
I think we've never upgraded orchestrator since it was installed, it would be a good practice to upgrade and document the upgrade process.

And maybe agree on the expectations going forward (do we upgrade immediately after release, wait a set amount of time, etc.).

Kormat renamed this task from orchestrator: Upgrade to v3.2.4 (ish) to orchestrator: Upgrade to v3.2.5.Jun 25 2021, 9:44 AM
Kormat updated the task description. (Show Details)
Kormat renamed this task from orchestrator: Upgrade to v3.2.5 to orchestrator: Upgrade to v3.2.6.Oct 13 2021, 8:48 AM
Kormat updated the task description. (Show Details)
Stashbot added a comment.Oct 14 2021, 1:14 PM

Mentioned in SAL (#wikimedia-operations) [2021-10-14T13:14:30Z] <kormat> uploaded orchestrator 3.2.6-1 packages to apt.wm.o (buster) T275784

Stashbot added a comment.Oct 14 2021, 2:53 PM

Mentioned in SAL (#wikimedia-operations) [2021-10-14T14:53:52Z] <kormat> upgrading orchestrator.wm.o to 3.2.6-1 T275784

Kormat closed this task as Resolved.Oct 14 2021, 3:22 PM

This is now done and the process is documented: https://wikitech.wikimedia.org/wiki/Orchestrator

In T275784#7137926, @LSobanski wrote:

And maybe agree on the expectations going forward (do we upgrade immediately after release, wait a set amount of time, etc.).

I'd suggest that unless the new release has a feature/fix we need ASAP, that we wait for, say, a couple of weeks before upgrading.

Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL