Bug 1299022 - net-snmp-libs multilib errors during compute node update
net-snmp-libs multilib errors during compute node update
Status: CLOSED ERRATA
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-tripleo-heat-templates (Show other bugs)
7.0 (Kilo)
Unspecified Unspecified
urgent Severity unspecified
: y3
: 7.0 (Kilo)
Assigned To: James Slagle
Alexander Chuzhoy
:
: 1295849 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-01-15 12:34 EST by James Slagle
Modified: 2018-02-08 06:10 EST (History)
6 users (show)

See Also:
Fixed In Version: openstack-tripleo-heat-templates-0.8.6-99.el7ost
Doc Type: Bug Fix
Doc Text:
Non-Controller nodes reported package dependency issues due to delegating Puppet as the mechanism to update certain packages and excluding them from YUM updates. This fix sets all Non-Controller nodes to use Puppet as the update mechanism. Now packages on non-Controller nodes update without package dependency issues.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-02-18 11:50:01 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Launchpad 1534785 None None None 2016-01-15 13:57 EST
OpenStack gerrit 268257 None None None 2016-01-15 12:59 EST
OpenStack gerrit 268291 None None None 2016-01-15 14:10 EST
OpenStack gerrit 268388 None None None 2016-01-16 16:32 EST

  None (edit)
Description James Slagle 2016-01-15 12:34:14 EST
Starting with 7.1, when osp compute nodes yum update, they pass a set of packages via --exclude parameters to yum. This is so that puppet managed packages are not updated by yum and services restarted out of order with unanticipated downtime.

One of the packages excluded is net-snmp. However, net-snmp-libs is still attempted to be updated, and they only way that can resolve deps is by installing net-snmp-libs of a different architecture (i686), causing this multilib error from yum:

Error:  Multilib version problems found. This often means that the root
       cause is something else and multilib version checking is just
       pointing out that there is a problem. Eg.:

         1. You have an upgrade for net-snmp-libs which is missing some
            dependency that another package requires. Yum is trying to
            solve this by installing an older version of net-snmp-libs of the
            different architecture. If you exclude the bad architecture
            yum will tell you what the root cause is (which package
            requires what). You can try redoing the upgrade with
            --exclude net-snmp-libs.otherarch ... this should give you an error
            message showing the root cause of the problem.

         2. You have multiple architectures of net-snmp-libs installed, but
            yum can only see an upgrade for one of those architectures.
            If you don't want/need both architectures anymore then you
            can remove the one with the missing update and everything
            will work.

         3. You have duplicate versions of net-snmp-libs installed already.
            You can use "yum check" to get yum show these errors.

       ...you can also use --setopt=protected_multilib=false to remove
       this checking, however this is almost never the correct thing to
       do as something else is very likely to go wrong (often causing
       much more problems).

       Protected multilib versions: 1:net-snmp-libs-5.7.2-20.el7_1.1.i686 != 1:net-snmp-libs-5.7.2-24.el7.x86_64
Error: Protected multilib versions: 1:net-snmp-agent-libs-5.7.2-20.el7_1.1.i686 != 1:net-snmp-agent-libs-5.7.2-24.el7.x86_64
Comment 2 James Slagle 2016-01-15 12:37:08 EST
one potential fix here is when we build the yum command line, we specify the --exclude parameters with a * on the end of the package name. This will mean that all subpackages will also be excluded. So instead of specifying:

--exclude=net-snmp

it would be:

--exclude=net-snmp*

In my testing, this makes the yum update succeed.

And we already have an addtional step after the puppet package update to run a plain old yum update again to ensure that all subpackages are updated as well.
Comment 3 James Slagle 2016-01-15 12:38:10 EST
another option would be to backport this patch to puppet-tripleo:

https://review.openstack.org/#/c/26104

In addition to that patch, we'd want to remove the initial yum update (with the excludes) on all the non-controller nodes, and the yum update at the end.

This would mean puppet was handling all the package updates, and is probably the better long term solution.
Comment 4 James Slagle 2016-01-15 12:42:50 EST
for manual testing, this is the command that can be run and will fail on compute nodes:

yum update --exclude=ceph --exclude=libvirt-daemon-config-nwfilter --exclude=libvirt-daemon-kvm --exclude=net-snmp --exclude=ntp --exclude=openstack-ceilometer-common --exclude=openstack-ceilometer-compute --exclude=openstack-neutron --exclude=openstack-neutron-ml2 --exclude=openstack-neutron-openvswitch --exclude=openstack-nova-common --exclude=openstack-nova-compute --exclude=openvswitch --exclude=pm-utils --exclude=python-greenlet --exclude=python-nova --skip-broken
Comment 5 James Slagle 2016-01-15 12:44:20 EST
(In reply to James Slagle from comment #3)
> another option would be to backport this patch to puppet-tripleo:
> 
> https://review.openstack.org/#/c/26104

this should be:
https://review.openstack.org/#/c/261041

> 
> In addition to that patch, we'd want to remove the initial yum update (with
> the excludes) on all the non-controller nodes, and the yum update at the end.
> 
> This would mean puppet was handling all the package updates, and is probably
> the better long term solution.
Comment 6 James Slagle 2016-01-15 13:00:11 EST
concensus is around backporting the puppet patch and no longer running the yum update script on non-controllers. i've proposed the backport to stable/liberty upstream, https://review.openstack.org/#/c/268257/
Comment 7 Emilien Macchi 2016-01-16 10:57:02 EST
We need to backport into OPM:
https://review.openstack.org/#/c/261041/

And then:
https://review.openstack.org/#/c/268388/
Comment 8 Emilien Macchi 2016-01-16 11:01:21 EST
See https://bugzilla.redhat.com/show_bug.cgi?id=1299144 for OPM build.
Comment 10 Alexander Chuzhoy 2016-01-22 09:52:37 EST
Verified:
openstack-tripleo-heat-templates-0.8.6-106.el7ost.noarch


The issue doesn't reproduce, no dependecy errors are shown.
Comment 11 Jeremy 2016-02-09 11:52:50 EST
*** Bug 1295849 has been marked as a duplicate of this bug. ***
Comment 13 errata-xmlrpc 2016-02-18 11:50:01 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0264.html

Note You need to log in before you can comment on or make changes to this bug.