Check RPM upgrades are working

[LindsayHill]

Had customer report that with RHEL 7.x, when using yum to upgrade from 2.2.1 -> 2.3.2, this package was upgraded, but it didn't upgrade the python module here:

rpm -qa|grep -e bwc -e st2:

st2-2.3.2-2.x86_64
bwc-enterprise-2.3.2-2.x86_64
bwc-ui-2.3.2-1.x86_64
st2-auth-ldap-2.3.2-1.x86_64
st2chatops-2.3.2-1.x86_64
st2flow-2.3.2-1.x86_64
st2mistral-2.3.2-2.x86_64

ls -l /opt/stackstorm/share/wheels/

total 740
-rw-r--r-- 1 root root 260374 Jul 25 09:41 python_ldap-2.4.41-cp27-none-linux_x86_64.whl
-rw-r--r-- 1 root root 477339 Jul 25 09:41 setuptools-36.2.2-py2.py3-none-any.whl
-rw-r--r-- 1 root root 15076 Jul 25 09:41 st2_enterprise_auth_backend_ldap-2.3.2-py2-none-any.whl

/opt/stackstorm/st2/bin/pip freeze|grep ldap

python-ldap==2.4.32
st2-enterprise-auth-backend-ldap==2.2.1

[LindsayHill]

Verified on 2.3.2 RHEL 7 system upgraded to 2.4dev.

Post-upgrade, yum reports 2.4 versions of packages installed:

[root@ip-10-0-4-168 ~]# yum list st2\*
Loaded plugins: amazon-id, rhui-lb, search-disabled-repos
Installed Packages
st2.x86_64                                                2.4dev-107                                       @StackStorm_staging-unstable
st2-auth-ldap.x86_64                                      2.4.dev0-2                                       @StackStorm_staging-enterprise-unstable
st2chatops.x86_64                                         2.4dev-5                                         @StackStorm_staging-unstable
st2flow.x86_64                                            2.4dev-2                                         @StackStorm_staging-enterprise-unstable
st2mistral.x86_64                                         2.4dev-44                                        @StackStorm_staging-unstable
Available Packages
st2enterprise.x86_64                                      1.7dev-5                                         StackStorm_staging-enterprise-unstable
st2web.x86_64                                             2.4dev-20                                        StackStorm_staging-unstable
[root@ip-10-0-4-168 ~]#

But pip freeze shows that st2-enterprise-auth-backend-ldap has not been upgraded:

[root@ip-10-0-4-168 ~]# /opt/stackstorm/st2/bin/pip freeze|grep ldap
python-ldap==2.4.41
st2-enterprise-auth-backend-ldap==2.3.2
[root@ip-10-0-4-168 ~]#

[LindsayHill]

I think the problematic line is here: https://github.com/StackStorm/st2-enterprise-auth-backend-ldap/blob/master/rpm/st2-auth-ldap.spec#L42

  %{pip} install --find-links %{st2wheels} --no-index --quiet st2-enterprise-auth-backend-ldap

Should probably have -U in there?

[LindsayHill]

I also assume this is a problem for Ubuntu systems

[LindsayHill]

We added a fix for this here: https://github.com/StackStorm/st2-enterprise-auth-backend-ldap/pull/36

Doesn't seem to be working properly on RHEL7 though. Post-upgrade, I see this:

[root@ip-10-0-4-168 ~]# /opt/stackstorm/st2/bin/pip freeze|grep ldap
python-ldap==2.4.41
st2-enterprise-auth-backend-ldap==2.3.2
[root@ip-10-0-4-168 ~]#

But the packaging says that it includes the --upgrade line in the %post script. Not sure why it doesn't seem to have been run:

[root@ip-10-0-4-168 ~]# yum list st2-auth-ldap
Loaded plugins: amazon-id, rhui-lb, search-disabled-repos
Installed Packages
st2-auth-ldap.x86_64                                        2.4.dev0-3                                         @StackStorm_staging-enterprise-unstable
[root@ip-10-0-4-168 ~]# rpm -q --scripts st2-auth-ldap
postinstall scriptlet (using /bin/sh):
  /opt/stackstorm/st2/bin/pip install --find-links /opt/stackstorm/share/wheels --no-index --quiet --upgrade st2-enterprise-auth-backend-ldap
postuninstall scriptlet (using /bin/sh):
  if [ $1 -eq 0 ]; then
    echo y | /opt/stackstorm/st2/bin/pip uninstall st2-enterprise-auth-backend-ldap 1>/dev/null || :
  fi
[root@ip-10-0-4-168 ~]#

If I manually run the post install scriplet, it upgrades the module as expected:

[root@ip-10-0-4-168 ~]# /opt/stackstorm/st2/bin/pip install --find-links /opt/stackstorm/share/wheels --no-index --quiet --upgrade st2-enterprise-auth-backend-ldap
[root@ip-10-0-4-168 ~]# /opt/stackstorm/st2/bin/pip freeze|grep ldap
python-ldap==2.4.41
st2-enterprise-auth-backend-ldap==2.4.dev0
[root@ip-10-0-4-168 ~]#

@armab, any thoughts on why this didn't get run automatically?

[arm4b]

No ideas, except of time consuming like trying different scenarios (install old package/upgrade/install new package) with yum verbosity enabled too see what happens and if post scriptlet is actually executed or not first. If executed, might be a good idea to add pip verbosity as well.

[LindsayHill]

Just tested this with upgrading from 2.4.1 -> 2.5.0 on CentOS 6. That seems to be working as expected:

[vagrant@centos6 ~]$ /opt/stackstorm/st2/bin/pip freeze|grep ldap
python-ldap==2.4.44
st2-enterprise-auth-backend-ldap==2.4.1
[vagrant@centos6 ~]$ sudo yum -y update > /dev/null
[vagrant@centos6 ~]$ /opt/stackstorm/st2/bin/pip freeze|grep ldap
python-ldap==2.4.45
st2-enterprise-auth-backend-ldap==2.5.0
[vagrant@centos6 ~]$

Also looks good with CentOS 7:

[vagrant@centos7 ~]$ /opt/stackstorm/st2/bin/pip freeze|grep ldap
python-ldap==2.4.44
st2-enterprise-auth-backend-ldap==2.4.1
[vagrant@centos7 ~]$ st2 --version
st2 2.4.1
[vagrant@centos7 ~]$ sudo yum -y update > /dev/null
[vagrant@centos7 ~]$ st2 --version
st2 2.5.0
[vagrant@centos7 ~]$ /opt/stackstorm/st2/bin/pip freeze|grep ldap
python-ldap==2.4.45
st2-enterprise-auth-backend-ldap==2.5.0
[vagrant@centos7 ~]$

So it looks like we're all fixed now.