Upgrading nginx package is not possible

[chr4]

I need to upgrade the currently used nginx packages to a more recent (mainline) version. Unfortunately, just incrementing the node['nginx']['version'] and changing the node['nginx']['upstream_repository'] won't work, as there's a not_if 'which nginx' clause in the nginx::package recipe, and no posibility to change the package action to upgrade.

I can of course pruge the package in my wrapper cookbook and then reinstall, but this is not very suitable for production, imho.

I'd vote for an attribute like node['nginx']['package']['action'] which defaults to install, but can be overriden, and I'm wondering why the not_if clause is needed?

I'd volunteer implementing this option after we found a nice way of doing it and file a pull request.

[chr4]

I just realized that node['nginx']['version'] is not used by the nginx::package recipe. It just installs node['nginx']['package_name']

[chr4]

It's possible to upgrade the package using system package managers (like apt-get upgrade nginx). It would be nice to make sure the version specified in the attributes is used by all servers though.

[tomcoonen]

I also encountered an issue here installing from source, besides the version I had to override the node['nginx']['source']['url']. Otherwise this would contain version 1.2.6, and the version set to 1.6.2. Please make sure the version is ['nginx']['version'] is used everywhere.

[gregkare]

I've fixed it in our wrapper cookbook like this:

package_version = '1.7.8-1~precise'

package node['nginx']['package_name'] do
  version package_version
  notifies :reload, 'ohai[reload_nginx]', :immediately
end

Would you be interested in a pull-request adding a ['nginx']['package_version'] attribute set to nil by default that would be used as the version if it's set? I'd also remove the guard clause on which nginx, it doesn't make sense.

[eheydrick]

This would be a nice thing to have. Sometimes you want to install a specific version.

[rmoriz]

IMHO version-pinning a package version should be done using the package manager, e.g. dpkg in case of Debian and derivates. The attribute name is missleading but changing it is likely out of scope for the 2.x release of this cookbook.

related: #351

[deepak-kosaraju]

@rmoriz This is still a concern, for example we cannot upgrade nginx (or) some case downgrade to specific version of nginx using this code because of not_if condition.

https://github.com/miketheman/nginx/blob/2.7.x/recipes/package.rb#L44

@gregkare Can you share how did u overcome the not_if condition in your wrapper cookbook using Chef Rewind?

I doing following but as per Chef docs not_if, notify, only_ifwill be appended instead of overwrite when using with rewind, so I tried unwind "package[nginx]" to define my own definition for it but surprisingly both package resource from nginx::package and my package resource in wrapper are executed at chef-client time.

• I tired following with unwind, but no luck..

require 'chef/rewind'
unwind "package[#{node['nginx']['package_name']}]"

package node['nginx']['package_name'] do
  version node['nginx']['version']
  #ignore_failure true
  not_if "rpm -qa | grep 'nginx-#{node['nginx']['version']}'"
end

At chef-client runtime its doing this,

Recipe: nginx::package
         * yum_package[nginx] action install
           - install version 1.10.1-1.el6.ngx of package nginx
Recipe: gapMetrics::fe-web
         * yum_package[nginx] action install

---

• I also tried with rewind, not no luck

require 'chef/rewind'
rewind 'package[nginx]' do
  package_name 'nginx-server'
  version node['nginx']['version']
  action :upgrade
  allow_downgrade true
  not_if "rpm -qa | grep 'nginx-#{node['nginx']['version']}'"
  cookbook_name 'nginx'
end

At chef-client runtime its doing this,

yum_package("nginx") do
             action [:upgrade]
             retries 0
             retry_delay 2
             default_guard_interpreter :default
             options "--disablerepo=* --enablerepo=nginx"
             package_name "nginx-server"
             version "1.10.0-1.el6.ngx"
             flush_cache {:before=>false, :after=>false}
             allow_downgrade true
             declared_type :package
             cookbook_name "nginx"
             recipe_name "package"
             not_if "which nginx"
             not_if "rpm -qa | grep 'nginx-1.10.0-1.el6.ngx'"
           end

---

[rmoriz]

@kkdk5535 the author/owner of this project decided to rewrite/abandon the nginx cookbook. Speaking of my company's setup (setup I also use personally): We've migrated all nginx to Docker (also because of the openssl requirement for http 2 which is not in stable distros yet) so we are not using chef there anymore (phasing out). So either you fork, fix and maintain the old version or… well, there are many ways to do it.

[deepak-kosaraju]

@rmoriz Thanks for sharing your inputs for my comment. Sorry it took time to catch up with my emails.

[iennae]

Hey folks,

This project is being actively maintained now by the Chef Community Engineering team. It would be helpful to know if there is still an active issue here that people are invested in. Thanks for your input!

[yogin]

I seem to be having this problem right now.

I just upgraded to chef cookbook 7.0.0 (from 2.7.6) and trying to upgrade nginx from 1.4.6 to 1.12.1 and unfortunately the newer version of nginx does not get installed.

1.12.1 is definitely available via the package manager (apt) now but was not installed. 1.4.6 is still there and running.

This is the relevant part of the chef client run:

Recipe: nginx::default
  * nginx_cleanup_runit[cleanup] action cleanup
    * file[remove symlinked runit init script] action delete (skipped due to only_if)
    * execute[kill old nginx process] action run (skipped due to not_if)
    * directory[/etc/sv/nginx] action delete (up to date)
     (up to date)
Recipe: nginx::ohai_plugin
  * ohai[reload_nginx] action nothing (skipped due to action :nothing)
  * ohai_plugin[nginx] action create
    * directory[/etc/chef/ohai/plugins] action create (skipped due to not_if)
    * template[/etc/chef/ohai/plugins/nginx.rb] action create (up to date)
    * ohai[nginx] action nothing (skipped due to action :nothing)
     (up to date)
Recipe: nginx::repo
  * apt_repository[nginx] action add
    * remote_file[/var/chef/cache/https___nginx_org_keys_nginx_signing_key] action create
      - create new file /var/chef/cache/https___nginx_org_keys_nginx_signing_key
      - update content in file /var/chef/cache/https___nginx_org_keys_nginx_signing_key from none to dd4da5
      --- /var/chef/cache/https___nginx_org_keys_nginx_signing_key  2017-11-14 06:42:57.348887310 +0000
      +++ /tmp/chef-rest20171114-30341-1rv7ivf  2017-11-14 06:42:57.348887310 +0000
      @@ -1 +1,29 @@
      +-----BEGIN PGP PUBLIC KEY BLOCK-----
      +Version: GnuPG v2.0.22 (GNU/Linux)
      +
      +mQENBE5OMmIBCAD+FPYKGriGGf7NqwKfWC83cBV01gabgVWQmZbMcFzeW+hMsgxH
      ...trimmed...
      +Va3l3WuB+rgKjsQ=
      +=EWWI
      +-----END PGP PUBLIC KEY BLOCK-----
      - change mode from '' to '0644'
    * execute[apt-key add /var/chef/cache/https___nginx_org_keys_nginx_signing_key] action run
      - execute apt-key add /var/chef/cache/https___nginx_org_keys_nginx_signing_key
    * execute[apt-cache gencaches] action run
      - execute apt-cache gencaches
    * execute[apt-cache gencaches] action nothing (skipped due to action :nothing)
    * apt_update[nginx] action nothing (skipped due to action :nothing)
    * file[/etc/apt/sources.list.d/nginx.list] action create
      - create new file /etc/apt/sources.list.d/nginx.list
      - update content in file /etc/apt/sources.list.d/nginx.list from none to 880604
      --- /etc/apt/sources.list.d/nginx.list    2017-11-14 06:43:00.560805953 +0000
      +++ /etc/apt/sources.list.d/.nginx.list20171114-30341-j7yrt6  2017-11-14 06:43:00.560805953 +0000
      @@ -1 +1,3 @@
      +deb      "https://nginx.org/packages/ubuntu" trusty nginx
      +deb-src  "https://nginx.org/packages/ubuntu" trusty nginx
      - change mode from '' to '0644'
      - change owner from '' to 'root'
      - change group from '' to 'root'
    * execute[apt-cache gencaches] action run
      - execute apt-cache gencaches
    * apt_update[nginx] action update
      - force update new lists of packages
      * directory[/var/lib/apt/periodic] action create (up to date)
      * directory[/etc/apt/apt.conf.d] action create (up to date)
      * file[/etc/apt/apt.conf.d/15update-stamp] action create_if_missing (up to date)
      * execute[apt-get -q update] action run
        - execute apt-get -q update

Recipe: nginx::package
  * apt_package[nginx] action install (up to date)
Recipe: nginx::commons_dir
  * directory[/etc/nginx] action create (up to date)
  * directory[/var/log/nginx] action create (up to date)
  * directory[pid file directory] action create (up to date)
  * directory[/etc/nginx/sites-available] action create (up to date)
  * directory[/etc/nginx/sites-enabled] action create (up to date)
  * directory[/etc/nginx/conf.d] action create (up to date)
Recipe: nginx::commons_script
  * template[/usr/sbin/nxensite] action create (up to date)
  * template[/usr/sbin/nxdissite] action create (up to date)
Recipe: nginx::commons_conf
  * template[nginx.conf] action create
    - update content in file /etc/nginx/nginx.conf from b3224f to 3327a1
    --- /etc/nginx/nginx.conf   2017-06-17 00:44:13.577057093 +0000
    +++ /etc/nginx/.nginx.conf20171114-30341-1mxcstp    2017-11-14 06:43:22.544249102 +0000
    @@ -24,6 +24,7 @@
                          '"$http_user_agent" "$http_x_forwarded_for"';

       access_log  /var/log/nginx/access.log main;
    +  server_tokens off;

       sendfile on;
       tcp_nopush on;
  * template[/etc/nginx/sites-available/default] action create (up to date)
  * nginx_site[default] action enable
    * execute[nxensite default] action run
      - execute /usr/sbin/nxensite default

Recipe: nginx::package
  * service[nginx] action start (up to date)
  * service[nginx] action enable (up to date)
Recipe: nginx::http_realip_module
  * template[/etc/nginx/conf.d/http_realip.conf] action create (up to date)

[yogin]

Also the attribute ['nginx']['version'] is ignored when installing as a package (on ubuntu at least). Haven't looked where it's being used. So it currently seems to install the latest version that is available in the package repository.

The cookbook needs to support version pinning imo

[damacus]

Closing due to inactivity.

If this is still an issue please reopen or open another issue. Alternatively drop by the #sous-chefs channel on the Chef Community Slack and we'll be happy to help!

Thanks, Sous-Chefs

[lock[bot]]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.