Closed Bug 1008879 Opened 11 years ago Closed 9 years ago

Create module for PuppetAgain to install Flash

Categories

(Infrastructure & Operations :: RelOps: Puppet, task)

Product:
Infrastructure & Operations
Component:
RelOps: Puppet
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: whimboo, Assigned: whimboo)

References

(
URL
)

Details

(Whiteboard: [kanban:engops:https://mozilla.kanbanize.com/ctrl_board/6/1075] )

Attachments

(3 files, 5 obsolete files)

flashplayer.conf v2
542 bytes, text/plain
dustin
: review+
Details
flashplayer.sh v2
332 bytes, application/x-shellscript
Details
flash manifest v2
4.13 KB, patch
dustin
: review+
Details | Diff | Splinter Review
On all of our Mozmill CI nodes we need Flash to be installed. We need the necessary modules for PuppetAgain to run a necessary installation during startup. Necessary instructions can be found at: https://mana.mozilla.org/wiki/display/websites/QA+Automation+ESX+Service In the past we have seen that it might be helpful to offer both the release and debug version for installation. We might want to consider this when writing the flash module.
Dustin, the flash-installer package is usually available in the default repositories on Ubuntu. Where do we have to add this to the packages we sync on or data server?
Assignee: nobody → relops
Component: Infrastructure → RelOps: Puppet
Product: Mozilla QA → Infrastructure & Operations
QA Contact: dustin
Version: unspecified → other
Since this will need to be updated frequently -- much more frequently than we want to be pulling updates from trusty-updates -- let's put it in a distinct repository, say /data/repos/apt/flashplugin. I suspect you'll need to build that repository yourself, since it's not a PPA. https://wiki.mozilla.org/ReleaseEngineering/PuppetAgain/Packages#Ubuntu:_Updated_Versions_of_Upstream_Packages has some info on doing so, but it's not a process we've perfected just yet. Suggestions for improvement welcome! The advantage to making this and Java separate repos is that you can update them whenever you'd like, with absolutely no risk to releng production. Unfortunately, we've found that "common" repositories cause tree-closures even with the most benign change. For example, I added updated openssl packages to the CentOS 6 updates repository a week or so ago, and every linux build started bombing out from some inscrutible dependency error. Trust me, you don't want to be the guy who caused that!
I have used the documentation and got on my local master the versions for ubuntu from: http://archive.ubuntu.com/ubuntu/pool/multiverse/f/flashplugin-nonfree/ For OSX and Windows I'll make a script to download the archives from http://download.macromedia.com/pub/flashplayer/installers/archive/fp_14.0.0.125_archive.zip and pass in the version as argument. Working on the module for installing it next.
Blocks: 1002624
Attached patch patch v1 (obsolete) — Splinter Review
I though I added the patch here already, guess I missed to submit, not sure what happened. This is for Ubuntu, using the patch from bug 1008880. On OSX I'm still working, I believe we'll need to change the format, add another case or smth in pkgdmg.pp because in the archives for flash, the dmg is like this: flashplayer14_0r0_125_mac.dmg
Assignee: relops → andreea.matei
Status: NEW → ASSIGNED
Attachment #8450026 - Flags: review?(hskupin)
Comment on attachment 8450026 [details] [diff] [review] patch v1 Review of attachment 8450026 [details] [diff] [review]: ----------------------------------------------------------------- ::: modules/packages/manifests/flash.pp @@ +9,5 @@ > + } > + Ubuntu: { > + package { > + "flashplugin-installer": > + ensure => present; I think that this will be similar to Java. It's just the installer, and it downloads the package from some other server. Keep in mind that this won't work. All installers have to be mirrored to http://puppet/repos. So please check from where the real package is downloaded from.
Attachment #8450026 - Flags: review?(hskupin) → review-
(In reply to Andreea Matei [:AndreeaMatei] from comment #5) > On OSX I'm still working, I believe we'll need to change the format, add > another case or smth in pkgdmg.pp because in the archives for flash, the dmg > is like this: > flashplayer14_0r0_125_mac.dmg You want to rename it like flashplayer-14.0.0.125.dmg. For the debug version we could use flashplayer-debug-14.0.0.125.dmg.
For my local testing, I did that mirroring as mentioned in comment 4. Took the info from here: https://launchpad.net/ubuntu/+source/flashplugin-nonfree I'll check renaming then, sounds good.
Please also include the source of the DMG in a comment in the manifests.
Given that this bug hasn't been finished yet, I will take over the remaining work here.
Assignee: andreea.matei → hskupin
Probably better to build a local 'flash' repository and just pull in the required packages. Multiverse is, I'm sure, gargantuan.
I'm not sure how to mirror the real flashplayer package as found at: http://archive.canonical.com/pool/partner/a/adobe-flashplugin/ Looks like archive.canonical.com doesn't support rsync://. Dustin, which other method could be used to mirror the flash packages?
Either wget/curl to get just the package you need (preferred), or wget --recursive to get the whole pool directory.
Attached file adobe-flash.conf (obsolete) —
Ok, I think that I got the mirroring working with debpartial-mirror. The tool is mirroring the necessary flash packages from the above referenced official repositories, and creates a new custom repo with all the packages combined. The package list only contains the entries for Flash. All the others are getting stripped. The necessary config file I attach here. Dustin, given that I really would like to see this landed somewhere, which location should we use? Would it make sense to put the config under /etc/debpartial-mirror on puppetmaster? With another wrapper script we can then move the wanted repo to /repos.
Hm, now I see that we had issues with debpartial-mirror as given on bug 999661. Dustin, which way would you propose to have a streamlined process in mirroring repos?
The issues were around signed repos. Kickstart requires repos signed by the Ubuntu key, which precludes changing any of the indexes. In this case, that shouldn't matter (signed repos would be nice, and maybe someday we can self-sign them) but not required. You could start by checking this config into the setup/ directory, and referencing it from https://wiki.mozilla.org/ReleaseEngineering/PuppetAgain/Packages but if you'd like to take a step further, it should probably be installed on the pkgbuild systems. As I think you've seen, debpartial-mirror is only available for Ubuntu, so it can't be installed on the puppetmasters (I'd love to be wrong about that, though!)
Blocks: 1038121
I just filed bug 1038121, which I wanna use to disable the automatic update checks for Flash on OS X. So this bug is about the installation only. (In reply to Dustin J. Mitchell [:dustin] from comment #17) > You could start by checking this config into the setup/ directory, and > referencing it from > https://wiki.mozilla.org/ReleaseEngineering/PuppetAgain/Packages Hm, it looks like the config file is not enough, and I still have to run some other commands to build the index. Something which exists on /data/repos/apt for the releaseengineering repos. I have to test this. > but if you'd like to take a step further, it should probably be installed on > the pkgbuild systems. As I think you've seen, debpartial-mirror is only > available for Ubuntu, so it can't be installed on the puppetmasters (I'd > love to be wrong about that, though!) departial-mirror also has sources, which can be found here: http://ftp.uni-frankfurt.de/ubuntu/ubuntu/pool/universe/d/debpartial-mirror/ Those are plain Python scripts, which we could easily install on the puppetmaster. What do you think of that?
(In reply to Henrik Skupin (:whimboo) [away 07/19 - 08/01] from comment #18) > departial-mirror also has sources, which can be found here: > http://ftp.uni-frankfurt.de/ubuntu/ubuntu/pool/universe/d/debpartial-mirror/ > > Those are plain Python scripts, which we could easily install on the > puppetmaster. What do you think of that? This will not work given the dependencies. Still looks like Debian specific packages are necessary. It might be hard to pull all together if possible at all. So can you give me some more info about the pkgbuilder machines?
:rail set up the debpartial-mirror stuff in /data/repos/apt, so +cc for him. I wonder if Docker could help? It'd be nice to be able to do this stuff on the puppetmasters directly.. The pkgbuilder machines are built with toplevel::server::pkgbuilder, and set up pbuilder for Ubuntu and mock for CentOS. Releng uses AWS instances that are stopped most of the time, and just started when required.
I tried to use debpartial-mirror before, but didn't like how it resolves package dependencies. I had issues pulling packages depending on other packages with a strict version and ended up pulling the dependencies manually and using apt-ftparcihve to generate indexes. :( Since flash plugin is just a single binary under ~/.mozilla/plugins (IIRC), why not manage it by puppet? That would require hosting the files in a private repo due to the distribution restrictions.
That would be best done by building a custom package containing only that file (rather than installing the file with puppet). But that's pretty easy, and a good idea!
(In reply to Rail Aliiev [:rail] from comment #21) > Since flash plugin is just a single binary under ~/.mozilla/plugins (IIRC), > why not manage it by puppet? That would require hosting the files in a > private repo due to the distribution restrictions. With the installer the plugin is getting installed at `/usr/lib/flashplugin-installer/`. If we would do that manually, we could use a different folder like `/usr/lib/flashplugin` and run the following command afterward? update-alternatives --quiet --install "/usr/lib/mozilla/plugins/flashplugin-alternative.so" "mozilla-flashplugin" /usr/lib/flashplugin-installer/libflashplayer.so 50 $ ll /usr/lib/mozilla/plugins/flashplugin-alternative.so lrwxrwxrwx 1 root root 37 Jul 10 08:34 /usr/lib/mozilla/plugins/flashplugin-alternative.so -> /etc/alternatives/mozilla-flashplugin $ ll /etc/alternatives/mozilla-flashplugin lrwxrwxrwx 1 root root 48 Jul 10 08:34 /etc/alternatives/mozilla-flashplugin -> /usr/lib/flashplugin-installer/libflashplayer.so Otherwise if the usage of update-alternatives is not wanted we could directly store the file in /usr/lib/mozilla/plugins. Dustin, what do you think? I think the latter should be the easiest.
(In reply to Dustin J. Mitchell [:dustin] from comment #22) > That would be best done by building a custom package containing only that > file (rather than installing the file with puppet). But that's pretty easy, > and a good idea! So a deb would have to be build for that? I never did this before. So do you have some instructions for? On the other side it would still take a bit of time for me and I only have 3 days left before I head out for 2 weeks. The solution I have here so far is nearly ready. So I wonder if the approach from Rail we could do as a follow-up?
Attached file flashplayer.conf (obsolete) —
This debpartial-mirror config file assembles the necessary packages for flash, and offers it as flashplayer package through the flashplayer repo. The script to fix up the directory structure, will be uploded in a bit.
Attachment #8450026 - Attachment is obsolete: true
Attachment #8454435 - Attachment is obsolete: true
Attachment #8456826 - Flags: review?(dustin)
Attached file flashplayer.sh (obsolete) —
Script to fix up the directory structure. It ensures that we can install flash for precise and trusty.
Attachment #8456829 - Flags: review?(dustin)
Both files are present on our QA puppetmaster at /data/repos/apt/. Also the created flashplayer repo has been uploaded. If you agree with the proposal, it would need to be synced.
Um, the flashplugin-installer is not necessary at all! I just have seen this while testing it. Looks like it is totally enough to grab the adobe-flashplugin package. I will update the files in a bit.
Attached file flashplayer.conf v2
Updated config file for debpartial-mirror without the inclusion of the unnecessary flash installer package. Also please keep in mind that we need two backends, one for precise and one for trusty. We cannot pull all via one, because then the packages for precise under pool/ will not be downloaded but trusty twice. This might be a bug in debpartial-mirror.
Attachment #8456826 - Attachment is obsolete: true
Attachment #8456826 - Flags: review?(dustin)
Attachment #8456870 - Flags: review?(dustin)
Attachment #8456829 - Attachment mime type: application/x-shellscript → text/plain
Attached patch flash manifest v1 (obsolete) — Splinter Review
This is the actual manifest file for Puppet to install Flash on OS X and Linux.
Attachment #8456872 - Flags: review?(dustin)
Comment on attachment 8456872 [details] [diff] [review] flash manifest v1 Review of attachment 8456872 [details] [diff] [review]: ----------------------------------------------------------------- r+ with the below changes. I'm also worried about redistributing the "partner" repo -- are there licensing restrictions we need to be aware of? ::: modules/packages/manifests/flashplayer.pp @@ +24,5 @@ > + } > + Ubuntu: { > + package { > + "adobe-flashplugin": > + ensure => latest; Don't you want a specific version here? ::: modules/packages/manifests/setup.pp @@ +144,5 @@ > components => ["dependencies", "main"]; > + "flashplayer": > + url_path => "repos/apt/flashplayer", > + distribution => "${lsbdistcodename}", > + components => ["partner"]; This should probably be a virtual repository, similar to xorg-edgers, so that it's not installed on every system but only those where packages::flashplayer is included. Add realize(Packages::Aptrepo['flashplayer']) to the packages::flashplayer class to make sure the repo is present on such hosts.
Attachment #8456872 - Flags: review?(dustin) → review+
Comment on attachment 8456829 [details] flashplayer.sh It took me a bit to figure out what the for loop a the bottom does. How about: # debpartial-mirror puts each dist in its own repo, but we want to merge the two
Attachment #8456829 - Flags: review?(dustin) → review+
Comment on attachment 8456870 [details] flashplayer.conf v2 (In fact, I *think* debpartial-mirror can do such merging, but your way is simpler)
Attachment #8456870 - Flags: review?(dustin) → review+
(In reply to Dustin J. Mitchell [:dustin] from comment #32) > It took me a bit to figure out what the for loop a the bottom does. How > about: > > # debpartial-mirror puts each dist in its own repo, but we want to merge the > two Sure. Will do that change.
Attached file flashplayer.sh v2
Updated to include the helpful comment.
Attachment #8456829 - Attachment is obsolete: true
(In reply to Dustin J. Mitchell [:dustin] from comment #33) > (In fact, I *think* debpartial-mirror can do such merging, but your way is > simpler) The problem is not the merge, but that debpartial-mirror misses to download file for precise. It only fetches the flashplayer for trusty. We might want to investigate that later as an option. For now I would leave it as is.
(In reply to Dustin J. Mitchell [:dustin] from comment #31) > I'm also worried about redistributing the "partner" repo -- are there > licensing restrictions we need to be aware of? Do we redistribute it? We simply have a local mirror. Would that also affect that? > ::: modules/packages/manifests/flashplayer.pp > @@ +24,5 @@ > > + } > > + Ubuntu: { > > + package { > > + "adobe-flashplugin": > > + ensure => latest; > > Don't you want a specific version here? Not yet. Latest is fine. If there is a need for a specific version we might have to tweak the package manifest to allow multiple versions. So if you don't mind I would leave it. I assume it will install the new version when one gets released and mirrored to the flashplayer repo? > ::: modules/packages/manifests/setup.pp > @@ +144,5 @@ > > components => ["dependencies", "main"]; > > + "flashplayer": > > + url_path => "repos/apt/flashplayer", > > + distribution => "${lsbdistcodename}", > > + components => ["partner"]; > > This should probably be a virtual repository, similar to xorg-edgers, so > that it's not installed on every system but only those where > packages::flashplayer is included. Add > realize(Packages::Aptrepo['flashplayer']) to the packages::flashplayer class > to make sure the repo is present on such hosts. Aaaaaah! That's the reason why it was not put into sources.list.d. Thanks for the hint! I will do the change.
Updated patch. Please check just for sanity, and regarding the remaining questions.
Attachment #8456872 - Attachment is obsolete: true
Attachment #8458237 - Flags: review?(dustin)
Comment on attachment 8458237 [details] [diff] [review] flash manifest v2 require/realize looks good, but you've still got ensure => latest in there. Is that really what you want? Wouldn't you want the same version on Darwin and Ubuntu?
For Linux Adobe doesn't release newer Flash player versions anymore. There are only security updates. So it stays at 11.2.x.x. It will never get 12, 13, 14... So what we want is usually always the latest version available via the partner repo from adobe.
Comment on attachment 8458237 [details] [diff] [review] flash manifest v2 Oh, silly me. Still, specifying a version means that you won't get updates just from changing or syncing repositories. Anyway, r+ whether or not you make the change.
Attachment #8458237 - Flags: review?(dustin) → review+
Whiteboard: [kanban:engops:https://kanbanize.com/ctrl_board/6/384]
Whiteboard: [kanban:engops:https://kanbanize.com/ctrl_board/6/384] → [kanban:engops:https://mozilla.kanbanize.com/ctrl_board/6/1066] [kanban:engops:https://kanbanize.com/ctrl_board/6/384]
Whiteboard: [kanban:engops:https://mozilla.kanbanize.com/ctrl_board/6/1066] [kanban:engops:https://kanbanize.com/ctrl_board/6/384] → [kanban:engops:https://mozilla.kanbanize.com/ctrl_board/6/1074] [kanban:engops:https://kanbanize.com/ctrl_board/6/384]
Whiteboard: [kanban:engops:https://mozilla.kanbanize.com/ctrl_board/6/1074] [kanban:engops:https://kanbanize.com/ctrl_board/6/384] → [kanban:engops:https://mozilla.kanbanize.com/ctrl_board/6/1075] [kanban:engops:https://kanbanize.com/ctrl_board/6/384]
Whiteboard: [kanban:engops:https://mozilla.kanbanize.com/ctrl_board/6/1075] [kanban:engops:https://kanbanize.com/ctrl_board/6/384] → [kanban:engops:https://mozilla.kanbanize.com/ctrl_board/6/1075]
We are no longer requiring Flash for our Firefox UI tests and are going to remove it. Dustin, I assume we should remove any remaining traces on the file system of the puppetmaster? The patch as attached did never land.
Flags: needinfo?(dustin)
If there are files which are no longer needed, yes, we might as well remove them. :markco may be able to help with that (I've since switched teams).
Flags: needinfo?(dustin)
Oh, I see. Sorry! So I had another check before pinging other people, and was actually able to figure out the connection details. I removed the files under /data/repos/apt/flashplayer* from our puppetmaster1.qa.scl3.mozilla.com. So it should be synced soon. There are also no other traces of Flash in the build/puppet repository. That means nothing more to do here.
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: