Bug 1299022 - net-snmp-libs multilib errors during compute node update
Summary: net-snmp-libs multilib errors during compute node update
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-tripleo-heat-templates
Version: 7.0 (Kilo)
Hardware: Unspecified
OS: Unspecified
urgent
unspecified
Target Milestone: y3
: 7.0 (Kilo)
Assignee: James Slagle
QA Contact: Alexander Chuzhoy
URL:
Whiteboard:
: 1295849 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-01-15 17:34 UTC by James Slagle
Modified: 2019-09-12 09:45 UTC (History)
6 users (show)

Fixed In Version: openstack-tripleo-heat-templates-0.8.6-99.el7ost
Doc Type: Bug Fix
Doc Text:
Non-Controller nodes reported package dependency issues due to delegating Puppet as the mechanism to update certain packages and excluding them from YUM updates. This fix sets all Non-Controller nodes to use Puppet as the update mechanism. Now packages on non-Controller nodes update without package dependency issues.
Clone Of:
Environment:
Last Closed: 2016-02-18 16:50:01 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Launchpad 1534785 0 None None None 2016-01-15 18:57:22 UTC
OpenStack gerrit 268257 0 None MERGED Upgrade all packages after puppet managed ones 2020-05-22 09:10:24 UTC
OpenStack gerrit 268291 0 None MERGED Let Puppet update all packages on non-controllers 2020-05-22 09:10:24 UTC
OpenStack gerrit 268388 0 None MERGED packages: secure upgrade workflow from dependency cycles 2020-05-22 09:10:24 UTC
Red Hat Product Errata RHBA-2016:0264 0 normal SHIPPED_LIVE Red Hat Enterprise Linux OSP 7 director Bug Fix Advisory 2016-02-18 21:41:29 UTC

Description James Slagle 2016-01-15 17:34:14 UTC 
Starting with 7.1, when osp compute nodes yum update, they pass a set of packages via --exclude parameters to yum. This is so that puppet managed packages are not updated by yum and services restarted out of order with unanticipated downtime.

One of the packages excluded is net-snmp. However, net-snmp-libs is still attempted to be updated, and they only way that can resolve deps is by installing net-snmp-libs of a different architecture (i686), causing this multilib error from yum:

Error:  Multilib version problems found. This often means that the root
       cause is something else and multilib version checking is just
       pointing out that there is a problem. Eg.:

         1. You have an upgrade for net-snmp-libs which is missing some
            dependency that another package requires. Yum is trying to
            solve this by installing an older version of net-snmp-libs of the
            different architecture. If you exclude the bad architecture
            yum will tell you what the root cause is (which package
            requires what). You can try redoing the upgrade with
            --exclude net-snmp-libs.otherarch ... this should give you an error
            message showing the root cause of the problem.

         2. You have multiple architectures of net-snmp-libs installed, but
            yum can only see an upgrade for one of those architectures.
            If you don't want/need both architectures anymore then you
            can remove the one with the missing update and everything
            will work.

         3. You have duplicate versions of net-snmp-libs installed already.
            You can use "yum check" to get yum show these errors.

       ...you can also use --setopt=protected_multilib=false to remove
       this checking, however this is almost never the correct thing to
       do as something else is very likely to go wrong (often causing
       much more problems).

       Protected multilib versions: 1:net-snmp-libs-5.7.2-20.el7_1.1.i686 != 1:net-snmp-libs-5.7.2-24.el7.x86_64
Error: Protected multilib versions: 1:net-snmp-agent-libs-5.7.2-20.el7_1.1.i686 != 1:net-snmp-agent-libs-5.7.2-24.el7.x86_64
Comment 2 James Slagle 2016-01-15 17:37:08 UTC 
one potential fix here is when we build the yum command line, we specify the --exclude parameters with a * on the end of the package name. This will mean that all subpackages will also be excluded. So instead of specifying:

--exclude=net-snmp

it would be:

--exclude=net-snmp*

In my testing, this makes the yum update succeed.

And we already have an addtional step after the puppet package update to run a plain old yum update again to ensure that all subpackages are updated as well.
Comment 3 James Slagle 2016-01-15 17:38:10 UTC 
another option would be to backport this patch to puppet-tripleo:

https://review.openstack.org/#/c/26104

In addition to that patch, we'd want to remove the initial yum update (with the excludes) on all the non-controller nodes, and the yum update at the end.

This would mean puppet was handling all the package updates, and is probably the better long term solution.
Comment 4 James Slagle 2016-01-15 17:42:50 UTC 
for manual testing, this is the command that can be run and will fail on compute nodes:

yum update --exclude=ceph --exclude=libvirt-daemon-config-nwfilter --exclude=libvirt-daemon-kvm --exclude=net-snmp --exclude=ntp --exclude=openstack-ceilometer-common --exclude=openstack-ceilometer-compute --exclude=openstack-neutron --exclude=openstack-neutron-ml2 --exclude=openstack-neutron-openvswitch --exclude=openstack-nova-common --exclude=openstack-nova-compute --exclude=openvswitch --exclude=pm-utils --exclude=python-greenlet --exclude=python-nova --skip-broken
Comment 5 James Slagle 2016-01-15 17:44:20 UTC 
(In reply to James Slagle from comment #3)
> another option would be to backport this patch to puppet-tripleo:
> 
> https://review.openstack.org/#/c/26104

this should be:
https://review.openstack.org/#/c/261041

> 
> In addition to that patch, we'd want to remove the initial yum update (with
> the excludes) on all the non-controller nodes, and the yum update at the end.
> 
> This would mean puppet was handling all the package updates, and is probably
> the better long term solution.
Comment 6 James Slagle 2016-01-15 18:00:11 UTC 
concensus is around backporting the puppet patch and no longer running the yum update script on non-controllers. i've proposed the backport to stable/liberty upstream, https://review.openstack.org/#/c/268257/
Comment 7 Emilien Macchi 2016-01-16 15:57:02 UTC 
We need to backport into OPM:
https://review.openstack.org/#/c/261041/

And then:
https://review.openstack.org/#/c/268388/
Comment 8 Emilien Macchi 2016-01-16 16:01:21 UTC 
See https://bugzilla.redhat.com/show_bug.cgi?id=1299144 for OPM build.
Comment 10 Alexander Chuzhoy 2016-01-22 14:52:37 UTC 
Verified:
openstack-tripleo-heat-templates-0.8.6-106.el7ost.noarch


The issue doesn't reproduce, no dependecy errors are shown.
Comment 11 Jeremy 2016-02-09 16:52:50 UTC 
*** Bug 1295849 has been marked as a duplicate of this bug. ***
Comment 13 errata-xmlrpc 2016-02-18 16:50:01 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0264.html
Note You need to log in before you can comment on or make changes to this bug.