Hi, current situation: EPEL6 - MongoDB 2.4.x EPEL7 - MongoDB 2.6.x
Upstream supports only upgrade to next major version. So from 2.4 it is supported only to 2.6. Therefore I kept MongoDB 2.6 in EPEL7 (even two next major versions are released).
But MongoDB 2.6 is going to EOL (probably this week), so MongoDB in EPEL7 will be unsupported.
How to solve this - what EPEL/Fedora guidelines says about upgrades? Upgrade EPEL6 to EPEL7? Or keep unsupported version in EPEL7?
Thanks, Marek
On 10/31/2016 09:25 AM, Marek Skalický wrote:
Hi, current situation: EPEL6 - MongoDB 2.4.x EPEL7 - MongoDB 2.6.x
Upstream supports only upgrade to next major version. So from 2.4 it is supported only to 2.6. Therefore I kept MongoDB 2.6 in EPEL7 (even two next major versions are released).
But MongoDB 2.6 is going to EOL (probably this week), so MongoDB in EPEL7 will be unsupported.
How to solve this - what EPEL/Fedora guidelines says about upgrades? Upgrade EPEL6 to EPEL7? Or keep unsupported version in EPEL7?
Thanks, Marek
Probably better to discuss this on epel-devel@lists.fp.o, but in the past it's not been uncommon to announce an impending upgrade on the lists with some lead time, put the new version in updates-testing with karma disabled and try to get some reasonable testing.
Is MongoDB backwards-compatible between minor releases? If so, this should be straightforward. If not, it gets muddier, but ultimately we are all volunteers, so if supporting the EOL version is untenable, then upgrading is the only sane thing to do.
Hi, thanks for answers and suggestion that epel-devel@lists.fp.o would be better - so I've posted it there https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject...
Marek
2016-10-31 14:25 GMT+01:00 Marek Skalický mskalick@redhat.com:
Hi, current situation: EPEL6 - MongoDB 2.4.x EPEL7 - MongoDB 2.6.x
Upstream supports only upgrade to next major version. So from 2.4 it is supported only to 2.6. Therefore I kept MongoDB 2.6 in EPEL7 (even two next major versions are released).
But MongoDB 2.6 is going to EOL (probably this week), so MongoDB in EPEL7 will be unsupported.
How to solve this - what EPEL/Fedora guidelines says about upgrades? Upgrade EPEL6 to EPEL7? Or keep unsupported version in EPEL7?
If it's unsupported upstream, you need to send a heads-up on EPEL m-l, and wait for comments. Then, just push the update.
I'm working on upgrading MongoDB to 3.2 in the CentOS SIGs space, it will require a //-installable boost package (I have a working boost159 package) but I'd be glad to share the work.
Regards, H.
Thanks, Marek _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-leave@lists.fedoraproject.org
On Mon, Oct 31, 2016 at 1:25 PM, Marek Skalický mskalick@redhat.com wrote:
Hi, current situation: EPEL6 - MongoDB 2.4.x EPEL7 - MongoDB 2.6.x
Upstream supports only upgrade to next major version. So from 2.4 it is supported only to 2.6. Therefore I kept MongoDB 2.6 in EPEL7 (even two next major versions are released).
I'm not sure the logic of keeping el7 at 2.6 because el6 is at 2.4. The only real upgrade path is within the major el release, anything outside of that is likely something the user has to deal with (pull archived intermediate releases or similar).
But MongoDB 2.6 is going to EOL (probably this week), so MongoDB in EPEL7 will be unsupported.
How to solve this - what EPEL/Fedora guidelines says about upgrades? Upgrade EPEL6 to EPEL7? Or keep unsupported version in EPEL7?
I would only look at upgrade paths within the major EL release so move el7 to 2.8.x for an upgrade and then maybe in a month or two a bump to 3.0 (or what ever the path is) with decent notices etc.
There is no version 2.8 of Mongo, they renamed that to 3.0 before release of 3.0.
Just to provide a sense of the thought process other EPEL7 users might be going through here:
I started researching this when I became aware that 2.6 was nearing upstream end-of-life (that is now happening today).
I was aware of the recent major version upgrade of nodejs in EPEL7, so I assumed something like that was imminent. However, when I looked here:
http://koji.fedoraproject.org/koji/buildinfo?buildID=802214
I saw that there have been several patches to EPEL6 MongoDB 2.4 since it reached its upstream end-of-life in March.
So based on that evidence of prior commitment to maintaining MongoDB past end-of-life, I assumed that the intention was to keep on backporting patches to both 2.4 and 2.6. And I cancelled my red alert and stopped worrying about transitioning to the official MongoDB repositories.
However it sounds like Marek, as the maintainer, is saying he doesn't have time to maintain 2.4 or 2.6.
That's fair of course. Free is a very good price, and all that. (:
For EPEL7, the upgrade seems fairly straightforward. 3.0 was really a marketing switch in the name of 2.8. I have experienced few problems moving projects between 3.0 and 2.6. Swapping the binaries and restarting is officially supported according to the documentation. The compatibility break pages are pretty short and there isn't much that would be in typical queries.
For EPEL6, the upgrade is harder because you must first bump them to 2.6 and then to 3.0, there is no support for moving directly from 2.4 to 3.0. We could push out 2.6, wait a few weeks, and push out 3.0, but this would have a very unsatisfactory result for people who just don't happen to upgrade during those few weeks. They would get moved directly from 2.4 to 3.0 and the process would not work.
There are also more bc breaks moving from 2.4, 2.6 and above are "pickier," notably a $set with no properties in the object will fail. https://docs.mongodb.com/v2.6/release-notes/2.6-compatibility/#driver-compat...
In both cases, a proper announcement is necessary.
A fair question is whether we should move to 3.0 or 3.2. The folks maintaining nodejs for EPEL chose to move from 0.10 to 6.x, skipping 4.x, because one bc break is better than two.
So what I would suggest is this:
FOR EPEL 6
* Announce our intentions. * IN THE MEANTIME: If any really major security fails occur between now and when we get this done, we grit our teeth and patch 2.4. * Publish a 3.0 package that refuses to install with an appropriate error message if it sees 2.4 (but is fine with seeing 2.6). * Simultaneously publish 2.6-for-upgrading package; the instructions for those with 2.4 point you to that package, and to this URL:
https://docs.mongodb.com/v3.2/release-notes/2.6-upgrade/
* Users must manually install the 2.6-for-upgrading package, since the possible complexities of a 2.4 to 2.6 upgrade are beyond an automated post-install script IMHO. Notably:
https://docs.mongodb.com/v3.2/release-notes/2.6-upgrade/#upgrade-auth-prereq
* Once a user succeeds in that process, they can "yum update" painlessly to 3.0 like the EPEL7 people (see below).
FOR EPEL 7
* Announce our intentions. I don't know how much notice is thought appropriate. The nodejs maintainers gave a lot of warning, but they also knew what was up way before end of life (: * Prepare a package for 3.0. It's a forced upgrade from 2.6. * Release it. If possible, print this URL after install: https://docs.mongodb.com/v3.2/release-notes/3.0-compatibility/ * Done (:
Just my suggestion — I realize I just blew into town.
Hope we can figure this out before the next CVE!
Oops, I've copied my reply to the EPEL list as requested.
On Mon, Oct 31, 2016 at 1:17 PM, Tom Boutell tom@punkave.com wrote:
There is no version 2.8 of Mongo, they renamed that to 3.0 before release of 3.0.
Just to provide a sense of the thought process other EPEL7 users might be going through here:
I started researching this when I became aware that 2.6 was nearing upstream end-of-life (that is now happening today).
I was aware of the recent major version upgrade of nodejs in EPEL7, so I assumed something like that was imminent. However, when I looked here:
http://koji.fedoraproject.org/koji/buildinfo?buildID=802214
I saw that there have been several patches to EPEL6 MongoDB 2.4 since it reached its upstream end-of-life in March.
So based on that evidence of prior commitment to maintaining MongoDB past end-of-life, I assumed that the intention was to keep on backporting patches to both 2.4 and 2.6. And I cancelled my red alert and stopped worrying about transitioning to the official MongoDB repositories.
However it sounds like Marek, as the maintainer, is saying he doesn't have time to maintain 2.4 or 2.6.
That's fair of course. Free is a very good price, and all that. (:
For EPEL7, the upgrade seems fairly straightforward. 3.0 was really a marketing switch in the name of 2.8. I have experienced few problems moving projects between 3.0 and 2.6. Swapping the binaries and restarting is officially supported according to the documentation. The compatibility break pages are pretty short and there isn't much that would be in typical queries.
For EPEL6, the upgrade is harder because you must first bump them to 2.6 and then to 3.0, there is no support for moving directly from 2.4 to 3.0. We could push out 2.6, wait a few weeks, and push out 3.0, but this would have a very unsatisfactory result for people who just don't happen to upgrade during those few weeks. They would get moved directly from 2.4 to 3.0 and the process would not work.
There are also more bc breaks moving from 2.4, 2.6 and above are "pickier," notably a $set with no properties in the object will fail. https://docs.mongodb.com/v2.6/release-notes/2.6-compatibility/#driver-compat...
In both cases, a proper announcement is necessary.
A fair question is whether we should move to 3.0 or 3.2. The folks maintaining nodejs for EPEL chose to move from 0.10 to 6.x, skipping 4.x, because one bc break is better than two.
So what I would suggest is this:
FOR EPEL 6
- Announce our intentions.
- IN THE MEANTIME: If any really major security fails occur between now and when we get this done, we grit our teeth and patch 2.4.
- Publish a 3.0 package that refuses to install with an appropriate error message if it sees 2.4 (but is fine with seeing 2.6).
- Simultaneously publish 2.6-for-upgrading package; the instructions for those with 2.4 point you to that package, and to this URL:
https://docs.mongodb.com/v3.2/release-notes/2.6-upgrade/
- Users must manually install the 2.6-for-upgrading package, since the possible complexities of a 2.4 to 2.6 upgrade are beyond an automated post-install script IMHO. Notably:
https://docs.mongodb.com/v3.2/release-notes/2.6-upgrade/#upgrade-auth-prereq
- Once a user succeeds in that process, they can "yum update" painlessly to 3.0 like the EPEL7 people (see below).
FOR EPEL 7
- Announce our intentions. I don't know how much notice is thought appropriate. The nodejs maintainers gave a lot of warning, but they also knew what was up way before end of life (:
- Prepare a package for 3.0. It's a forced upgrade from 2.6.
- Release it. If possible, print this URL after install:
https://docs.mongodb.com/v3.2/release-notes/3.0-compatibility/
- Done (:
Just my suggestion — I realize I just blew into town.
Hope we can figure this out before the next CVE! _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-leave@lists.fedoraproject.org
-
Haïkel -
Marek Skalický -
Peter Robinson -
Stephen Gallagher -
Tom Boutell