OpenStack packaging activity: September 2014

I decided I’d post this monthly. It may be a bit boring, sorry, but I think it’s a nice thing to have this public. The log starts on the 6th, because on the 4th I was back from Debconf (after a day in San Francisco, plus 20 hours of traveling and 15 hours of time gap). It is to be noted that every time something is uploaded in Debian for Icehouse (in Sid), or for Juno (in Experimental), there’s also a corresponding backport produced for Wheezy.

 

Saturday 6th & Sunday 7th:
– packaged libjs-twitter-bootstrap-wizard (in new queue)
– Uploaded python-pint after reviewing the debian/copyright
– Worked on updating python-eventlet in Experimental, and adding Python3 support. It seems Python3 support isn’t ready yet, so I will probably remove that feature from the package update.
– Tried to apply the Django 1.7 patches for python-django-bootstrap-form. They didn’t work, but Raphael came back on Monday morning with new versions
of the patches, which should be good this time.
– Helped the DSA (Debian System Administrators) with the Debian OpenStack cloud. It’s looking good and working now (note: I helped them during Debconf 14).
– Started a page about adding more tasksel tasks: https://wiki.debian.org/tasksel/MoreTasks. It’s looking like Joey Hess is adding new tasks by default in Tasksel, with “OpenStack compute node” and “OpenStack proxy node”. It will be nice to have them in the default Debian installer! :)
– Packaged and uploaded python-dib-utils, now in NEW queue.

Monday 8th:
– Uploaded fixed python-django-bootstrap-form with patch for Django 1.7.
– Packaged and uploaded python-pysaml2.
– Finilized and uploaded python-jingo which is needed for python-django-compressor unit tests
– Finalized and uploaded python-coffin which is needed for python-django-compressor unit tests
– Worked on running the unit tests for python-django-compressor, as I needed to know if it could work with Django 1.7. It was hard to find the correct way to run the unit tests, but finally, they all passed. I will add the unit tests once coffin and jingo will be accepted in Sid.
– Applied patches in the Debian BTS for python-django-openstack-auth and Django 1.7. Uploaded the fixed package.
– Fixed python-django-pyscss compat with Django 1.7, uploaded the result.
– Updated keystone to Juno b3.
– Built Wheezy backports of some JS libs needed for Horizon in Juno, which I already uploaded to Sid last summer:
o libjs-twitter-bootstrap-datepicker
o libjs-jquery.quicksearch
o libjs-spin.js
– Upstreamed the Django 1.7 patch for python-django-openstack-auth:
https://review.openstack.org/119972

Tuesday 9:
– Updated and uploaded Swift 2.1.0. Added swift-object-expirer package to it, together with init script.

Wednesday 10:
Basically, cleaned the Debian BTS of almost all issues today… :P
– Added it.po update to nova (Closes: #758305).
– Backported libvirt 1.2.7 to Wheezy, to be able to close this bug: https://bugs.debian.org/757548 (eg: changed dependency from libvirt-bin to libvirt-daemon-system)
– Uploaded the fixed nova package using libvirt-daemon-system
– Upgraded python-trollius to 1.0.1
– Fixed tuskar-ui to work with Django 1.7. Disabled pep8 tests during build. Added build-conflicts: python-unittest2.
– Fixed python-django-compressor for Django 1.7, and now running unit tests with it, after python-coffin and python-jingo got approved in Sid by FTP masters.
– Fixed python-xstatic wrong upstream URLs.
– Added it.po debconf translation to Designate.
– Added de.po debconf translation to Tuskar.
– Fixed copyright holders in python-xstatic-rickshaw
– Added python-passlib as dependency for python-cinder.

Remaining 3 issues in the BTS: ceilometer FTBFS, Horizon unit test with Django 1.7, Designate fail to install. All of the 3 are harder to fix, and I may try to do so later this week.

Thursday 11:
– Fixed python-xstatic-angular and python-xstatic-angular-mock to deal with the new libjs-angularjs version (closes 2 Debian RC bugs: uninstallable).
– Fixed ceilometer FTBFS (Closes rc bug)

Friday 12:
– Fixed wrong copyright file for libjs-twitter-bootstrap-wizard after the FTP masters told me, and reuploaded to Sid.
– Reuploaded wrong upload of ceilometer (wrong hash for orig.tar.xz)
– Packaged and uploaded python-xstatic-bootstrap-scss
– Packaged and uploaded python-xstatic-font-awesome
– Packaged and uploaded ntpstat

Monday 15:
– packaged and uploaded python-xstatic-jquery.bootstrap.wizard
– Fixed python-xstatic-angular-cookies to use new libjs-angularjs version (fixed version dependencies)
– Fixed Ceilometer FTBFS (Closes: #759967)
– Backported all python-xtatic packages to Wheezy, including all dependencies. This includes backporting of a bunch of packages from nodejs which were needed as build-dependencies (around 70 packages…). Filed about 5 or 6 release critical bugs as some nodejs packages were not buildable as-is.
– Fixed some too restrictive python-xstatic-angular* dependencies on the libjs-angularjs (the libjs-angularjs increased version).

Tuesday 16:
– Uploaded updates to Experimental:
o python-eventlet 0.15.2 (this one took a long time as it needed maintenance)
o oslo-config
o python-oslo.i18n
– Uploaded to Sid:
o python-diskimage-builder 0.1.30-1
o python-django-pyscss 1.0.2-1
– Fixed horizon libapache-mode-wsgi to be a dependency of openstack-dashboard-apache and not just openstack-dashboard (in both Icehouse & Juno).
– Removed the last failing Django 1.7 unit test from Horizon. It doesn’t seem relevant anyway.
– Backported python-netaddr 0.7.12 to Wheezy (needed by oslo-config).
– Started working on oslo.rootwrap, though it failed to build in Wheezy with a unit test failure.

Wednesday 17:
– To experimental:
o Uploaded oslo.rootwrap 1.3.0.0~a1. It needed a build-depends on iproute2 because of a new test.
o Uploaded python-oslo.utils 0.3.0
o Uploaded python-oslo.vmware 0.6.0, fixed sphinx-build conf.py and filed a bug about it: https://bugs.launchpad.net/oslo.vmware/+bug/1370370 plus emailed the commiter of the issue (which appeared 2 weeks ago).
o Uploaded python-pycadf 0.6.0
o Uploaded python-pyghmi 0.6.17
o Uploaded python-oslotest 1.1.0.0~a2, including patch for Wheezy, which I also submited upstream: https://review.openstack.org/122171/
o Uploaded glanceclient 0.14.0, added a patch to not use the embedded version of urllib3 in requests: https://review.openstack.org/122184
– To Sid:
o Uploaded python-zake_0.1.6-1

Thesday 18:
– Backported zeromq3-4.0.4+dfs, pyzmq-14.3.1, pyasn1-0.1.7, python-pyasn1-modules-0.0.5
– Uploaded keystoneclient 0.10.1, fixed the saml2 unit tests which were broken using testtools >= 0.9.39. Filed bug, and warned code author: https://bugs.launchpad.net/python-keystoneclient/+bug/1371085
– Uploade swiftclient 2.3.0 to experimental.
– Uploaded ironicclient 0.2.1 to experimental.
– Uploaded saharaclient, filed bug with saharaclient expecting an up and running keystone server: https://bugs.launchpad.net/python-saharaclient/+bug/1371177

Friday 19:
– Uploaded keystone Juno b3, filed but about unit tests downloading with git, while no network access should be performed during package build (forbidden by
Debian policy)
– Uploaded python-oslo.db 1.0.0 which I forgot in the dependency list, and which was needed for Neutron.
– Uploaded nova 2014.2~b3-1 (added a new nova-serialproxy service daemon to the nova-consoleproxy)

Saturday 20:
– Uploaded Neutron Juno b3.
– Uploaded python-retrying 1.2.3 (was missing from depends upload)
– Uploaded Glance Juno b3.
– Uploaded Cinder Juno b3.
– Fixed python-xstatic-angular-mock which had a .pth packaged, as well as the data folder (uploaded debian release -3).
– Fixed missing depends and build-conflicts in python-xstatic-jquery.

Sunday 21:
– Dropped python-pil & python-django-discover-runner from runtime Depends: of python-django-pyscss, as it’s only needed for tests. It also created a conflicts, because python-django-discover-runner depends on python-unittest2 and horizon build-conflicts with it.
– Forward-ported the Django 1.7 patches for Horizon. Opened new patch: https://review.openstack.org/122992 (since the old fix has gone away after a refactor of the unit test).
– Uploaded Horizon Juno b3.
– Applied https://review.openstack.org/#/c/122768/ to the keystone package, so that it doesn’t do “git clone” of the keystoneclient during build.
– Uploaded oslo.messaging 1.4.0.0 (which really is 1.4.0) to experimental
– Uploaded oslo.messaging 1.4.0.0+really+1.3.1-1 to fix the issue in Sid/Jessie after the wrong upload (due to Zul wrong tagging of Keystone in the 2014.1.2 point release).

Monday 22:
– Uploaded ironic 2014.2~b3-1 to experimental
– Uploaded heat 2014.2~b3-1 (with some fixes for sphinx doc build)
– Uploaded ceilometer 2014.2~b3-1 to experimental
– Uploaded openstack-doc-tools 0.19-1 to experimental
– Uploaded openstack-trove 2014.2~b3-1 to experimental

Tuesday 23:
– Uploaded python-neutronclient with fixed version number for cliff and six. This missing requirement for cliff version produced an error in Trove, which I don’t want to happen again.
– Added fix for unit tests in Trove: https://review.openstack.org/#/c/123450/1,publish
– Uploaded oslo.messaging 1.4.1 in Experimental, fixing the version conflicts with the one in Sid/Jessie. Thanks to Doug Hellman for doing the tagging. I will need to upload new versions of the following packages with the >= 1.4.1 depends:
> – ceilometer
> – ironic
> – keystone
> – neutron
> – nova
> – oslo-config
> – oslo.rootwrap
> – oslo.i18n
> – python-pycadf
See http://lists.openstack.org/pipermail/openstack-dev/2014-September/046795.html for more explanation about the mess I’m repairing…
– Uploaded designate Juno b3.

Wednesday 24:
– Uploaded oslosphinx 2.2.0.0
– Uploaded update to django-openstack-auth (new last minute requirement for Horizon).
– Uploaded final oslo-config package version 1.4.0.0 (really is 1.4.0)
– Packaged and uploaded Sahara. This needs some tests by someone else as I don’t even know how it works.

Thuesday 25:
– Uploaded python-keystonemiddleware 1.0.0-3, fixing CVE-2014-7144] TLS cert verification option not honoured in paste configs. https://bugs.debian.org/762748
– Packaged and uploaded python-yaql, sent pull request for fixing print statements into Python3 compatible print function calls: https://github.com/ativelkov/yaql/pull/15
– Packaged and uploaded python-muranoclient.
– Started the packaging of Murano (not finished yet).
– Uploaded python-keystoneclient 0.10.1-2 with the CVE-2014-7144 fix to Sid, with urgency=high. Uploaded 0.11.1-1 to Experimental.
– Uploaded python-keystonemiddleware fix for CVE-2014-7144.
– Uploaded openstack-trove 2014.2~b3-3 with last unit test fix from https://review.openstack.org/#/c/123450/

Friday 26:
– Uploaded a fix for murano-agent, which makes it run as root.
– Finished the packaging of Murano
– Started packaging murano-dashboard, sent this patch to fix the wrong usage of the /usr/bin/coverage command: https://review.openstack.org/124444
– Fixed wrong BASE_DIR in python-xstatic-angular and python-xstatic-angular-mock

Saturday 27:
– uploaded python-xstatic-boostrap-scss which I forgot to upload… :(
– uploaded python-pyscss 1.2.1

Sunday 28:
– After a long investigation, I found out that the issue when installing the openstack-dasboard package was due to a wrong patch I did for Python 3.2 in Wheezy in python-pyscss. Corrected the patch from version 1.2.1-1, and uploaded version 1.2.1-2, the dashboard now installs correctly. \o/
– Did a new version of an Horizon patch at https://review.openstack.org/122992/ to address Django 1.7 compat.

Monday 29:
– Uploaded new version of python-pyscss fixing the last issue with Python 3 (there was a release critical bug on it).
– Uploaded fixup for python-django-openstack-auth fail to build in the Sid version, which was broken since the last upload of keystoneclient (which makes some of its API now as private).
– Uploaded python-glance-store 0.1.8, including Ubuntu patch to fix unit tests.
– Reviewed the packaging of python-strict-rfc3339 (see https://bugs.debian.org761152).
– Uploaded Sheepdog with fix in the init script to start after corosync (Closes: #759216).
– Uploaded pt_BR.po Brazilian Portuguese debconf templates translation for nova Icehouse in Sid (only commited it in Git for Juno).
– Same for Glance.

Tuesday 30:
– Added Python3 support in python-django-appconf, uploaded to Sid
– Upgraded to python-django-pyscss 1.0.3, and fixed broken unit tests with this new release under Django 1.7. Created pull request: https://github.com/fusionbox/django-pyscss/pull/22
– Fixed designate requirements.txt in Sid (Icehouse) to allow SQLA 0.9.x. Uploaded resulting package to Sid.
– Uploaded new Debian fix for python-tooz: kills memcached only if the package scripts started it (plus cleans .testrepository on clean).
– Uploaded initial release of murano
– Uploaded python-retrying with patch from Ubuntu to remove embedded copy of six.py code.
– Uploaded python-oslo.i18n 1.0.0 to experimental (same as before, just bump of version #)
– Uploaded python-oslo.utils 1.0.0 to experimental (same as before, just bump of version #)
– Uploaded Keystone Juno RC1
– Uploaded Glance Juno RC1

Backporting libjs-angularjs and libjs-d3 to Wheezy

If you didn’t notice, Javascript isn’t as simple as it used to be… Want to backport the 2 simple javascript libs? No problem. You then “just” need to backport a bunch of other packages which are build-dependencies… (and file #761670, #761672, and #761674 on the way when rebuilding…). Here’s the short list:

gyp
node-abbrev
node-ansi
node-ansi-color-table
node-archy
node-async
node-block-stream
node-combined-stream
node-contextify
node-cookie-jar
node-cssom
node-delayed-stream
node-diff
node-eyes
node-forever-agent
node-form-data
node-fstream
node-fstream-ignore
node-github-url-from-git
node-glob
node-graceful-fs
node-gyp
node-htmlparser
node-inherits
node-ini
node-jake
node-jsdom
node-json-stringify-safe
node-lockfile
node-lru-cache
node-marked
node-mime
node-minimatch
node-mkdirp
node-mute-stream
node-node-uuid
node-nopt
node-normalize-package-data
node-npmlog
node-once
node-optimist
node-osenv
node-qs
node-queue-async
node-read
node-read-package-json
node-request
node-retry
node-rimraf
node-semver
node-sha
node-sigmund
node-slide
node-smash
node-tar
node-tunnel-agent
node-uglify
node-underscore
node-utilities
node-vows
node-whic
node-which
node-wordwrap
nodejs
npm
ruby-ronn

Yes, that’s 66 packages above… And of course, backporting some ruby stuff makes sense… :)

Debconf 14 activity

Before I start a short listing of (some of) the stuff I did during Debconf 14, I’d like to say how much I enjoyed everyone there. You guys (all of you, really!) are just awesome, and it’s always a real pleasure to see you all, each time.

Anyway, here’s a bits of the stuff I did.

1/ packaging of Google Cloud Engine client tools.

Thanks to the presence of Eric and Jimmy, I was able to finish the work I started at Debconf 13 last year. All python modules are packaged and uploaded. Only the final client (the “gcloud” command line utility) isn’t uploaded, even though it’s already packaged. The reason is that this client downloads “stuff” from internet, so I need to get the full, bundled, version of it, to avoid this. Eric gave me the link, I just didn’t have time to finish it yet. Though the (unfinished) package is already in the Git in Alioth.

2/ Tasksel talks

We discussed improvements in Tasksel both during the conference, and later (in front of beers…). I was able to add a custom task on a modified version of the Tasksel package for my own use. I volunteered myself for adding a “more task” option in Tasksel for Jessie+1 because I really would like to see this feature, and nobody raised hand, but honestly, I have no idea how to do it, and therefore, I’m not sure I’ll be able to do so. We’ll see… Anyway, before this happen, we must make sure that we know what kind of tasks we want in this “more tasks” screen, otherwise it’d be useless work for nothing. Therefore, I have setup a wiki page. Please edit the page and drop your ideas there. I’ve already added entries for desktops and Debian blends, but I’m sure there’s more that we could add.

3/ Custom Debian CD

I started experimentation on building my own Debian Wheezy CD image (well, DVD, since the resulting image is nearly 2GB). This was fun, but I am still having the issue that the installer fails to install Dash, so the CD is still unusable. I’ll try to debug it. Oh…  I nearly forgot… “of course”, the ISO image aims at including all OpenStack Icehouce packages backported to Wheezy, and the goal was to include the above custom Tasksel task, with an “OpenStack proxy node” task, and a “OpenStack compute” task. Let’s hope I can figure out what the issue is, and finally release it.

4/ OpenStack talk

Nothing special to say, just watch the video. I hope my talk was interesting enough. Of course, after watching myself, I hate everything I see, and would like to correct so many mistakes, but that’s the usual, I guess.

5/ Some RC fixing

Thanks to the nice work of our DPL rebuilding all the archive, I had to fix a couple of FTBFS issues on my own packages. 3 of them have been easy to fix (2 missing build-dependencies which I missed because my automated build environment has them by default, and a unit test failure), I still don’t understand what’s going on with Ceilometer. I also NMU-ed transmission (switching from 2.82 to 2.84, as upstream had the bugfix, and current maintainer was not responsive) which was the last blocker for the miniupnpc transition to Jessie. After the 5 days delay of the upload, it went in Sid, then migrated to Jessie, together with the miniupnpc library. I also fixed a trivial RC bug with python3-webob.

6/ Python team meeting

It was nice to see everyone, and hopefully, we’ll soon implement what we discussed. I hope to start migrating some of my OpenStack dependencies to the team once we move to Git (though please don’t expect this to happen before the Juno release, which keeps me very busy these days).

There’s probably more stuff which I did during Debconf 14 (hacking or otherwise), but either it’s not worth sharing, or I can’t remember… :)

sysvinit not sending output to all consoles

I spent many, many hours trying to understand why I couldn’t have both “nova console-log” showing me the output of the log, AND have the OpenStack dashboard (eg: horizon) console to work at the same time. Normally, this is done very easily, by passing multiple times the console= parameter to the Linux kernel as follow:

console=tty0 console=ttyS0,115200

But it never worked. Always, it’s the last console= thing that was taken into account by sysvinit (or, shall I say, bootlogd). Spending hours trying to figure out what would be the correct kernel command to pass didn’t help. Then this week-end, by the magic pure chance of being subscribed to the sysvinit bug reports, I have finally found out. We’ve had this bug in Debian for more than 10 years:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=181756

And it has the patch! It just feels so lame that the issue has been pending since 2003, and with a patch since 2006, and nobody even tried to have it enter Debian. I tried the Wheezy patch in the above bug report, and then tadaaaaaa! I finally had both the “nova console-log” (eg: ttyS0) console output, and the interactive tty0 to work on my Debian cloud image. I have produced a fixed version of the sysvinit package for Wheezy, if anyone wants to try it:

http://archive.gplhost.com/debian/pool/juno-backports/main/s/sysvinit/

This doesn’t only affect only the cloud images use case. Let’s say you have a server. If it’s a modern server, probably you have IPMI 2.0 on it. While having access through the integrated KVM over IP may be nice, seeing the boot process through the serial console redirection is often a lot more snappy than the (often VNC based) video output, plus it wouldn’t require Java. Too often, Java a requirement for these nasty IPMI web interface (that’s the case for at least: Dell DRAC, Supermicro IMPI, and HP iLO). Well, it should now be possible to just use ipmitools to debug the server boot process or to go fix stuff in the single user interactive shell, AND keep the “normal” video output! :)

But keeping this fix private doesn’t help much. I would really love to get this fixed within Debian. So I have sent the patch (which needed a very small rebase) in the Git repository of sysvinit (see http://deb.li/3YxUD). I of course tested it in Sid too. Though I tested only under a Xen virtual machine, I see no reason why it would work there and not elsewhere. That being said, I would welcome more testing, given the high profile of sysvinit (everyone uses/needs it, and I wouldn’t like to carry alone the unhappiness of having no boot log). Please do test it from the sysvinit git, before it’s even uploaded to Sid. Also, these days, sysvinit gets often uploaded to Experimental first. It will probably also be the case for version 2.88dsf-56.

If it works well and nobody complains about the patch, maybe it’d be worth adding it to Wheezy as well (though that decision is of course left to the release team once the fix reaches Jessie).

How can Lintian stop being annoying

As I care to have all the Lintian output and warnings, I have this in my ~/.lintianrc:

info=yes
display-info=yes
display-experimental=yes
pedantic=yes
show-overrides=yes
color=auto

So, by default, my Lintian setup displays all pedantic warnings. However, it’s been annoying me with the debian-watch-may-check-gpg-signature, which I don’t really care about since 1/ there’s never such a PGP stuff upstream, and 2/ I mostly use Git tags from upstream, in which I do check signatures whenever possible (and mostly, if I have upstream’s key in my keyring after a key signing party, which happened a few times). The solution? Well, very easy:

sudo sed -i 's/Disable-Tags:/Disable-Tags: debian-watch-may-check-gpg-signature,/' /usr/share/lintian/profiles/debian/main.profile

There’s nothing more to it! Of course, you can also create your own profile, with the added benefit that your changes wont be overwritten on next upgrade. But that’s overkill if you’re alone in the system, and anyway it’s damned easy to do the changes again, plus I often reinstall this computer from scratch. With the above, you can of course disable the display of any tag you wish.

OpenStack Icehouse bugs all cleaned-up

I’ve done some clean-up in the Debian BTS. The result can be seen in the QA graphs:

The last remaining 6 bugs are only affecting OpenStack Essex (which is what Wheezy ships, and which unfortunately I have not enough time to support properly), and the last one is waiting for FTP masters approval after I added Python 3 support to oslo-config (OpenStack is slowly moving to Python3, and I’ve tried to add support to Python3 in the packages as well each time it was possible). Also, the Icehouse packages have passed the tempest tests (a set of functional tests) which we run in our continuous integration system.

As I was doing some triaging, it is possible that some bugs have been closed a bit quickly (like for example the Ceilometer FTBFS which I couldn’t reproduce, even with sbuild and cowbuilder), so it is well possible that some more QA work will be needed later on. I’m also expecting a new set of patches for supporting Ceph in Nova. I’m sure there’s issues which we will discover later on, however, it is nice to have this result right after the first Icehouse release of OpenStack.

Next up: testing new components that I uploaded for this release: Trove (DB as a Service), Designate (DNS as a Service), Ironic (Metal as a Service, or cloud computing on bare-metal), and TripleO (OpenStack on OpenStack). I unfortunately know already that TripleO and Tuskar wont really work yet, and that it needs some patches to be sent upstream for it to support Debian correctly (let’s work it out for Juno!). So please consider it as a technology preview only. Though Trove, Designate and Ironic are supposed to be in good enough shape, I didn’t have the chance to test them more than just installing the packages and checking daemons are running and connected to the various components of OpenStack (eg: database, keystone and RabbitMQ). Please do test them and report bugs in the BTS.

I’d like to thanks Gustavo Panizzo & Thomas Bechtold who contributed to this release, and also the folks at eNovance (Emilien, Cyril, Seb…) who provided precious help with the CI and package quality. See you in the Juno Atlanta design summit next week (as hopefully, my plane ticket issue will be soon solved).

OpenStack 2014.1, aka Icehouse, is out

The new version of OpenStack is out, and I have just finished uploading it all into Debian Sid. With a total of 38 packages that I uploaded yesterday (which was exhausting!), most, if not all, were only moving from Experimental to Sid with only tiny updates, and this represents the achievement of 6 months of packaging work. The new feature list is impressive, and I would like to highlight some part of it:

  • New Ironic bare metal service.
  • New Designate DNS as a Service project.
  • Trove (DB as a Service) graduated from incubation and should work well now.
  • TripleO (OpenStack On OpenStack) is now fully in Debian, together with Tuskar and Tuskar-UI.
  • OpenStack now has VXLAN support through the new version of OVS and kernel >= 3.13. This solves the scalability issues with GRE tunnels.

For the moment, I haven’t packaged Sahara (eg: Hadoop as a service), but it might come later as a customer of us might require it.

There’s a lot less unit tests issues in the packages I uploaded to Sid: all SQLAlchemy issues have been dealt with. I wasn’t confident with the Havana release that Sid / Testing would be a good environment for OpenStack, but this time with Icehouse, I think it should be much better. Please test this brand new release and report issues on the BTS. As always, the packages are available also as Wheezy backports through the usual channels (see the official install guide).

Automatic backport script

Since I have to do a lot of backports for the OpenStack packages in Debian Wheezy, I got tired of doing them by hand. Therefore, I have created a script to automate the task. I’m not particularly proud (or ashamed) of that script, but I just want to share it. Probably some fellow readers will happily provide me with enhancements and ideas.

Note that the use of mk-build-deps implies that the “equivs” package has to be installed. What I do is run this “build-backport” script within a cowbuilder, to make sure I always have a clean backport environment.

#!/bin/sh

set -e
set -x

PKG_NAME=${1}
BPO_DISTRO=wheezy-backports
BPO_POSTFIX=bpo70+1
REPO_ROOT=/home/ftp
REPO_DEST=icehouse-backports

if [ `whoami` = "jenkins" ] ; then
        BUILD_ROOT=/var/lib/jenkins/jobs/openstack-pkg-tools/builds/${BUILD_NUMBER}
else
        BUILD_ROOT=~/sources
fi

# Get info from packages.debian.org
PKG_INFO_FILE=`mktemp -t pkg_info_file.XXXXXX`
wget --no-check-certificate -O ${PKG_INFO_FILE} http://packages.debian.org/sid/${PKG_NAME}
DEB_VERSION=`rmadison ${PKG_NAME} | grep sid | awk '{print $3}'`
UPSTREAM_VERSION=`echo ${DEB_VERSION} | cut -d'-' -f1  | cut -d":" -f2`
DSC_URL=`cat ${PKG_INFO_FILE} | grep dsc | cut -d'"' -f2`
rm ${PKG_INFO_FILE}

# Prepare build folder and go in it
MY_CWD=`pwd`
rm -rf ${BUILD_ROOT}/$PKG_NAME
mkdir -p ${BUILD_ROOT}/$PKG_NAME
cd ${BUILD_ROOT}/$PKG_NAME

# Download the .dsc and extract it
dget -d -u ${DSC_URL}
PKG_SRC_NAME=`ls *.dsc | cut -d_ -f1`
PKG_NAME_FIRST_CHAR=`echo ${PKG_SRC_NAME} | awk '{print substr($0,1,1)}'`
dpkg-source -x *.dsc

echo "Now running mk-build-deps -i ${PKG_SRC_NAME}-${UPSTREAM_VERSION}/debian/control"
mk-build-deps -i ${PKG_SRC_NAME}-${UPSTREAM_VERSION}/debian/control

# Build the package as backport using cowbuilder
cd ${PKG_SRC_NAME}-${UPSTREAM_VERSION}
dch --bpo -m "Backported for ${BPO_DISTRO}."
dpkg-buildpackage
cd ..  
PKG_FINAL_DEST=${REPO_ROOT}/debian/pool/${REPO_DEST}/main/${PKG_NAME_FIRST_CHAR}/${PKG_SRC_NAME}
ssh archive.gplhost.com "mkdir -p ${PKG_FINAL_DEST}"
scp *.orig.tar.* *${DEB_VERSION}~${BPO_POSTFIX}* archive.gplhost.com:${PKG_FINAL_DEST}

WordPress auto-updates stupidity

Out of laziness, like many, I use WordPress for this blog. I did try others, but was disappointed (after my blog got hacked a few times), so I just use that.

WordPress has a long history of security issues. So upstream decided to preform automatic updates. This would have been a good thing if … automatic update didn’t completely mess my blog each and every single time.

On my hosting system, PHP scripts have to be chmod +x to be executed. Otherwise, there’s a error, and Apache wont execute the PHP script. The same way, an error will happen if a directory is world writable (eg: chmod 777). This is in order to prevent some of the most common hacks: a hacker finds a way to upload a PHP script (often via a “feature” of the hosted software), and then uses the uploaded script to do nasty things (like installing phishing sites, send spam, you name it…). Checking on these basic unix rights prevents uploaded scripts to be executed, and it’s normally a way harder for hackers to find a way to chmod the PHP scripts than it is to just upload it.

Unfortunately, WordPress, on each upgrade, is resetting these unix rights. Someone got to explain to me the reason why it absolutely needs to chmod 777 the hosted folders, and why it wouldn’t keep the chmod +x on the php scripts. Direct result? My blog often gets completely broken by these automated updates. And I didn’t find a way to disable them (if someone knows, please send me a quick email).

I have reported the bug upstream: https://core.trac.wordpress.org/ticket/27568

OpenStack 2013.2.2 uploaded

This is the 2nd point release of OpenStack Havana (this is the name of the current stable release of OpenStack). It was out on Thursday (US time), and I uploaded it on Friday (Chinese time). Unfortunately, I realized that the latest python-keystoneclient didn’t support the –token and –endpoint command line options, effectively breaking Keystone itself, and all automated endpoint registration in all core packages. So after fixing Keystone and openstack-pkg-tools, I had to re-upload a 2nd Debian release.

However, after this glitch, the packages passed successfully our CI testing suite: my friends at eNovance and I run the tempest functional test suite each time there’s this kind of major update, so that we can validate the packages are working as expected. And all went well after the new keystone command line options were fixed in the postinst scripts.

As a side note, I fail to see consistency on deprecating these interfaces. While we still have the old “glance index” thing in the Glance client (this is really old), keystoneclient just broke backward compatibility, when keystone is quite recent. So, it looks to me that it wasn’t a great idea to just remove –token and –endpoint this way (though I can understand the need of consistency). Hopefully, this will all be fixed anyway, when we move to the unified python-openstackclient command lines instead of per-project clients.

I realized today that the pkg-openstack team now maintains more than 100 packages. This of course includes general purpose Python modules, which probably will move to the Python module team if it one day supports Git (life is too short: I do not wish to learn such a deprecated technology as SVN). Though this is still a lot of packages, and some more are coming: as per the OpenStack TODO list wiki page, Ironic (a replacement for nova-baremetal), TripleO (OpenStack on OpenStack), Tuskar (contols where things are deployed with TripleO) and Designate (DNS as a Service) are already packaged, and I am waiting for the Icehouse (this is the name of the next stable release) beta3 to be out to upload them to Experimental. This is scheduled for the 6th of March. I believe I am currently nearly up-to-date with the current global-requirements.txt (eg: python dependencies of OpenStack), pending a few Python module upgrades, so hopefully, packaging OpenStack Icehouse beta3 will smooth.