Opened on 09/08/2015 at 01:41:30 PM
Closed on 02/22/2016 at 02:46:26 PM
#3016 closed defect (fixed)
Change Nginx Apt::Source in Puppet
Reported by: | matze | Assignee: | matze |
---|---|---|---|
Priority: | P3 | Milestone: | |
Module: | Infrastructure | Keywords: | |
Cc: | fhd, fred | Blocked By: | #3019, #3053, #3062, #3083 |
Blocking: | #3011 | Platform: | Unknown / Cross platform |
Ready: | yes | Confidential: | no |
Tester: | Unknown | Verified working: | no |
Review URL(s): |
https://codereview.adblockplus.org/29326134 |
Description
Because we try to always use an up-to-date Nginx version whilst still running Ubuntu Precise, we have setup a custom Apt::Source['nginx'] which is linked to http://nginx.org/packages/ubuntu.
Unfortunately, that uplink does not provide a setup built --with-geoip_module. The same vendor (the Nginx team), however, operates a package archive (PPA) at Launchpad, which does not only include recent builds with the aforementioned flag, but is also comparable to the current one regarding reliability.
One should also note that the current uplink is tracking the most recent version only. Thus we've had half a dozen issues in the past where our Provisioning was broken due to a version update at provider side. When switching to the PPA, versions remain avaialble. Which means we can then finally decide when to migrate. And do so without bypassing the obligatorily tests due to release pressure.
Attachments (0)
Change History (12)
comment:1 Changed on 09/08/2015 at 02:52:18 PM by matze
- Review URL(s) modified (diff)
- Status changed from new to reviewing
comment:2 Changed on 09/08/2015 at 02:57:17 PM by matze
- Blocked By 3019 added
comment:3 Changed on 09/09/2015 at 02:27:45 PM by matze
comment:4 Changed on 09/10/2015 at 01:11:22 AM by matze
- Review URL(s) modified (diff)
The new patch-set (on top of the one reviewed and pushed already) is the only one I could come up with that seems to always work, without additional, manual intervention. While it's surely not beautiful, it is also not meant to last forever.
The following boxes have been provisioned with manual intervention:
- https://testpages.adblockplus.org/
- https://youtube.adblockplus.me/
- https://facebook.adblockplus.me/
The following provisioned in regular fashion with the patch-set developed in that process:
The remaining web::server boxes are to be provisioned tomorrow. The more complex setups, however, won't become updated until the review has finished and the patch-set has proven to work on the more trivial ones.
Note, however, that the aforementioned new patch-set is currently applied on the Puppet master.
comment:5 Changed on 09/10/2015 at 08:44:22 AM by matze
After pushing the new patch-set and cleaning up on the Puppet master, the following web::server boxes have been provisioned without any further issues:
Thus #3011 is not currently blocked by this ticket any more, and the patch-sets there can become included already.
comment:6 Changed on 09/10/2015 at 11:05:30 AM by matze
More boxes have been provisioned in this context:
There've been a few network issues during the roll-out, but those have proven to be unrelated.
comment:7 Changed on 09/10/2015 at 11:39:23 AM by matze
- Blocked By 3053 added
comment:8 Changed on 09/12/2015 at 12:53:13 AM by matze
- Blocked By 3062 added
comment:9 Changed on 09/16/2015 at 11:50:24 AM by matze
- Blocked By 3083 added
comment:10 Changed on 09/18/2015 at 08:42:59 AM by matze
- Review URL(s) modified (diff)
comment:11 Changed on 10/19/2015 at 03:10:34 PM by matze
By now almost all boxes have been migrated. The remaining ones will follow this week.
comment:12 Changed on 02/22/2016 at 02:46:26 PM by matze
- Resolution set to fixed
- Status changed from reviewing to closed
After pushing the change-set for issues 3016 and 3019, I just tried to migrate https://testpages.adblockplus.org/ (which does not include any of the new requirements but should remain as-is regarding behavior).
Despite yesterday's excessive testing efforts, the migration did not work in fully automated fashion via Puppet. It seems like there are some more resource dependencies not configured properly and thus fail under virtually random conditions.
Debugging that one is a bit tricky, yet I do not consider it a show stopper. One can easily perform the failing steps by hand upfront or, when they fail, purge Nginx and install the proper version manually before running another provision to fix possible inconsistencies - as I did with the testpages just now.
Thus I will continue to update the web::server nodes (which are trivial enough to ensure that this will not break anything else), in the hope that while doing so I get enough insight to fix this issue permanently in the context of this very ticket here.