StackStorm v3.3.0 Pre-release Testing

[nmaludy]

We're ready to prepare the StackStorm v3.3 release and starting pre-release testing..

Release Process Preparation

Per Release Management Schedule @nmaludy is the Release Manager and @blag Assisting for v3.3. They will freeze the master for the major repositories in StackStorm org, follow the StackStorm Release Process which is now available to public, accompanied by the Useful Info for Release managers. Communication is happening in #releasemgmt and #development Slack channels.
The first step is pre-release manual user-acceptance testing for v3.3dev.

Why Manual testing?

StackStorm is very serious about testing and has a lot of it: Unit tests, Integration, Deployment/Integrity checks, Smoke tests and eventually end-2-end tests when automation spins up new AWS instance for each OS/flavor we support, installs real st2 like user would and runs set of st2tests (for each st2 PR, nightly, periodically, during release).

See st2ci and st2cd for more examples and workflows about how StackStorm automation is used to test StackStorm (dogfooding).

That's a perfect way to verify what we already know and codify expectations about how StackStorm should function.

However it's not enough.
There are always new unknowns to discover, edge cases to experience and tests to add. Hence, manual Exploratory Testing is an exercise where entire team gathers together and starts trying (or breaking) new features before the new release. Because we're all different, perceive software differently and try different things we might find new bugs, improper design, oversights, edge cases and more.

This is how StackStorm previously managed to land less major/critical bugs into production.

TL;DR

Install StackStorm v3.3dev unstable packages, try random things in random environments (different OS) and report any regressions found comparing to v3.2:

curl -sSL https://stackstorm.com/packages/install.sh | bash -s -- --user=st2admin --password=Ch@ngeMe --unstable

Extra points for PR hotfixes and adding new or missing test cases.

Major changes

• Mistral removal
  • Ensure Mistral and Postgres are no longer installed (st2mistral, mistral, postgres, etc)
• Removal of EL6 support
• Deprecation of Python 2
  • Ensure proper warnings are shown
• MongoDB 4.0
  • Ensure MongoDB 4.0 is installed with latest version
  • Ensure no issues or performance regressions are observed
• Remove authentication headers St2-Api-Key, X-Auth-Token and Cookie from webhook payloads to prevent them from being stored in the database. (security bug fix) #4983
  • Write a webhook rule and send it these headers to the webhook, ensure that the trigger doesn't contain these header values
• Removal of HipChat support in st2chatops
• st2web dependencies have been upgraded for security reasons, need to do a thorough walk-through to ensure nothing is broken
• Depreacation of chef-stackstorm
• st2-docker revamp based on st2-dockerfiles

Full Changelog

Changes which are recommended to ack, explore, check and try in a random way.

st2

Added

• Add make command to autogen JSON schema from the models of action, rule, etc. Add check
  to ensure update to the models require schema to be regenerated. (new feature)

• Improved st2sensor service logging message when a sensor will not be loaded when assigned to a
  different partition (@punkrokk) #4991

• Add support for a configurable connect timeout for SSH connections as requested in #4715
  by adding the new configuration parameter ssh_connect_timeout to the ssh_runner
  group in st2.conf. (new feature) #4914

  This option was requested by Harry Lee (@tclh123) and contributed by Marcel Weinberg (@winem).

• Added a FAQ for the default user/pass for the tools/launch_dev.sh script and print out the
  default pass to screen when the script completes. (improvement) #5013

  Contributed by @punkrokk

• Added deprecation warning if attempt to install or download a pack that only supports
  Python 2. (new feature) #5037

  Contributed by @amanda11

• Added deprecation warning to each StackStorm service log, if service is running with
  Python 2. (new feature) #5043

  Contributed by @amanda11

• Added deprecation warning to st2ctl, if st2 python version is Python 2. (new feature) #5044

  Contributed by @amanda11

Changed

• Switch to MongoDB 4.0 as the default version starting with all supported OS's in st2
  v3.3.0 (improvement) #4972

  Contributed by @punkrokk

• Added an enhancement where ST2api.log no longer reports the entire traceback when trying to get a datastore value
  that does not exist. It now reports a simplified log for cleaner reading. Addresses and Fixes #4979. (improvement) #4981

  Contributed by Justin Sostre (@saucetray)

• The built-in st2.action.file_writen trigger has been renamed to st2.action.file_written
  to fix the typo (bug fix) #4992

• Renamed reference to the RBAC backend/plugin from enterprise to default. Updated st2api
  validation to use the new value when checking RBAC configuration. Removed other references to
  enterprise for RBAC related contents. (improvement)

• Remove authentication headers St2-Api-Key, X-Auth-Token and Cookie from webhook payloads to
  prevent them from being stored in the database. (security bug fix) #4983

  Contributed by @potato and @knagy

Fixed

• Fixed a bug where type attribute was missing for netstat action in linux pack. Fixes #4946

  Reported by @scguoi and contributed by Sheshagiri (@Sheshagiri)

• Fixed a bug where persisting Orquesta to the MongoDB database returned an error
  message: key 'myvar.with.period' must not contain '.'. This happened anytime an
  input, output, publish or context var contained a key with a . within
  the name (such as with hostnames and IP addresses). This was a regression introduced by
  trying to improve performance. Fixing this bug means we are sacrificing performance of
  serialization/deserialization in favor of correctness for persisting workflows and
  their state to the MongoDB database. (bug fix) #4932

  Contributed by Nick Maludy (@nmaludy Encore Technologies)

• Fix a bug where passing an empty list to a with items task in a subworkflow causes
  the parent workflow to be stuck in running status. (bug fix) #4954

• Fixed a bug in the example nginx HA template declared headers twice (bug fix) #4966
  Contributed by @punkrokk

• Fixed a bug in the paramiko_ssh runner where SSH sockets were not getting cleaned
  up correctly, specifically when specifying a bastion host / jump box. (bug fix) #4973

  Contributed by Nick Maludy (@nmaludy Encore Technologies)

• Fixed a bytes/string encoding bug in the linux.dig action so it should work on Python 3
  (bug fix) #4993

• Fixed a bug where a python3 sensor using ssl needs to be monkey patched earlier. See also #4832, #4975 and SSLContext infinite recursion in Python 3.6 gevent/gevent#1016 (bug fix) #4976

  Contributed by @punkrokk

• Fixed bug where action information in RuleDB object was not being parsed properly
  because mongoengine EmbeddedDocument objects were added to JSON_UNFRIENDLY_TYPES and skipped.
  Removed this and added if to use to_json method so that mongoengine EmbeddedDocument
  are parsed properly.

  Contributed by Bradley Bishop (@bishopbm1 Encore Technologies)

• Fix a regression when updated dnspython pip dependency resulted in
  st2 services unable to connect to mongodb remote host (bug fix) #4997

• Fixed a regression in the linux.dig action on Python 3. (bug fix) #4993

  Contributed by @blag

• Fixed a bug in pack installation logging code where unicode strings were not being
  interpolated properly. (bug fix)

  Contributed by @misterpah

• Fixed a compatibility issue with the latest version of the logging library API
  where the find_caller() function introduced some new variables. (bug fix) #4923

  Contributed by @Dahfizz9897

Removed

• Removed Mistral workflow engine (deprecation) #5011

  Contributed by Amanda McGuinness (@amanda11 Ammeon Solutions)

• Removed CentOS 6/RHEL 6 support #4984

  Contributed by Amanda McGuinness (@amanda11 Ammeon Solutions)

• Removed our fork of codecov-python for CI and have switched back to the upstream version (improvement) #5002

orquesta

Fixed

• Warn users when there is a loop and no start task identified. (bug fix)
• Lock global variables during initialization to make them thread safe. (bug fix)
• Workflow stuck in running if one or more items failed in a with items task. (bug fix)

st2chatops

• StackStorm/st2chatops#144 - add set -euo pipefail to docker-entrypoint.sh files
• StackStorm/st2chatops#156 - Bump version in npm-shrinkwrap.json
• StackStorm/st2chatops#154 - Remove HipChat adapter
• StackStorm/st2chatops#153 - Remove EL6 from st2chatops

st2web

• StackStorm/st2web#805 - Update dependency css-extract to v1.3.1
• StackStorm/st2web#794 - Security Updates
• StackStorm/st2web#756 - Remove gulp util
• StackStorm/st2web#793 - fix some imports
• StackStorm/st2web#791 - Updated lodash 4.17.12 to 4.17.19
• StackStorm/st2web#757 - Dependency clean up
• StackStorm/st2web#751 - updated deprecated cryptiles
• StackStorm/st2web#768 - Remove EL6 support
• StackStorm/st2web#753 - Do not lookup release from package cloud if fork in circle config.yml

Conclusion

Please report findings here and bugs/regressions in respective repositories.
Depending on severity and importance bugs might be fixed before the release or postponed to the next release if they're very minor and not a release blocker.

Issues Found During Release

• -v doesn't allow you to set version st2-packages#665 (not a regression, existed in 3.2)
• Document note for MongoDB upgrade path from 3.4 -> 3.6 -> 4.0  st2docs#1026 (document upgrade procedure)
• v3.3 version specific migration scripts: uninstall Mistral and PostgreSQL st2docs#1027 (document upgrade procedure)
• Default inquiry respond doesn't populate response payload st2web#809 (not a regression, existed in 3.2)
• ST2 logs writing "(unknown file)" in log prefix, instead of module name st2#5057 (logging problems in python 3, fixed by Fixed python 3 incompatibility in logging API implemenation of findCaller st2#5058, Fixed python 3 incompatibility in logging API implemenation of findCaller (v3.3 cherry pick) st2#5059)

PRs Merged for Release

• Revert commit 618b4bd695d1c094a427c0adf2e72260ee052c91 st2-packages#666 (rollback 3.3 staging SNAFU)
• Enhanced error message when st2_prep_release is run twice st2cd#442 (helpful error message for release managers)
• Added upgrade specific instructions for 3.3 st2docs#1028 (document upgrade procedure)
• Feature/upgrade notes 33 (cherry pick for v3.3) st2docs#1031 (document upgrade procedure - cherry pick v3.3)
• Updated roadmap based on changes accomplished in v3.3.0 st2docs#1030 (roadmap update for 3.3)
• Updated roadmap based on changes accomplished in v3.3.0 (cherry pick for v3.3) st2docs#1032 (roadmap update for 3.3 - cherry pick for v3.3)
• Added plan to upgrade MongoDB puppet-st2#319 (mongodb upgrade procedure)
• Update version to 1.2.0 orquesta#215 (orquesta 1.2.0 release)
• Update orquesta verison to v1.2.0 st2#5055 (pull in orquesta 1.2.0)
• Update orquesta verison to v1.2.0 (st2 v3.3) st2#5056 (pull in orquesta 1.2.0 - cherry pick v3.3)
• Fixed python 3 incompatibility in logging API implemenation of findCaller st2#5058 (fix for logging problems in python 3, fixes ST2 logs writing "(unknown file)" in log prefix, instead of module name st2#5057)
• Fixed python 3 incompatibility in logging API implemenation of findCaller (v3.3 cherry pick) st2#5059 (fix for logging problems in python 3, fixes ST2 logs writing "(unknown file)" in log prefix, instead of module name st2#5057 - cherry pick v3.3)
• Added -y to repoquery command so el8 imports GPG keys st2ci#191 (importing GPG keys for EL8 upgrade test)

TODOs

• Blog post for orquestaconvert
• Blog post for release
• Blog post for exchange/community update

[amanda11]

Raised StackStorm/st2-packages#665 for failing to install previous stable version with one-line installer and -v (--version works fine though). I don't think it's a blocker though, but fix in PR.

[nmaludy]

missing changelog in st2chatops: StackStorm/st2chatops#158
also st2web's changelog appears to be totally unused

[amanda11]

@nmaludy Some of those st2 web PRs aren't PRs merging into master,but merging into a feature branch. e.g. StackStorm/st2web#807 - they are the merges into the workflow composer feature branch.
Not all of them but quite a few...

[amanda11]

StackStorm/st2-packages#666 raised for fact stable tries to intsall 3.2 with 3.3 scripts..

[nmaludy]

Need to ensure that people migrating form MongoDB 3.4 (previously supported version) follow the upgrade path:

3.4 -> 3.6 -> 4.0

https://docs.mongodb.com/manual/release-notes/3.6-upgrade-standalone/
https://docs.mongodb.com/manual/release-notes/4.0-upgrade-standalone/

submitted issue: StackStorm/st2docs#1026

[amanda11]

Testing so far on CentOS8 after a bash single line install good. No problems found with UI.
Planning to do an upgrade from CentOS 7 3.2.0 bash single line install -> 3.3dev

[nmaludy]

I did a testing of CentOS 7 from 3.2.0 -> 3.3.0 and no issues there (puppet-st2 managed).

[amanda11]

CentOS 8 ansible install all good.

[amanda11]

CentOS 7 ansible looking good too.

[amanda11]

Ubuntu 16.04 ansible install looked good. I found a problem on the web-ui with responding to inquiries and not selecting a field. But have also verified that it is a legacy problem and exists on my 3.2.0 install (StackStorm/st2web#809)

[amanda11]

Also verified the dig fix on CentOS 8. Reproduced failure on 3.2.0, and passed on 3.3.0dev (after installing bind-utils which wasn't installed as a dependency...). Not sure if we want to install that by default, but had to install manually.

[nmaludy]

Vagrant commands to test various installs (used on my RHEL box so ignore --provider=libvirt if you want to use VirtualBox):

BOX=centos/7 RELEASE=unstable VERSION=3.3dev vagrant up --provider=libvirt
BOX=centos/8 RELEASE=unstable VERSION=3.3dev vagrant up --provider=libvirt
BOX=generic/ubuntu1604 RELEASE=unstable VERSION=3.3dev vagrant up --provider=libvirt
BOX=generic/ubuntu1804 RELEASE=unstable VERSION=3.3dev vagrant up --provider=libvirt

Testing the boxes after they're up:

$ vagrant ssh
[vagrant@st2vagrant ~]$ sudo su -
[root@st2vagrant ~]# sudo ST2_AUTH_TOKEN=$(st2 auth st2admin -p 'Ch@ngeMe' -t) /opt/stackstorm/st2/bin/st2-self-check

[amanda11]

@nmaludy Did you test on ubuntu 20.04?
I thought we had problems with it's newer python 3? (supported ubuntus should be 1604 and 1804 I believe for 3.3).

[nmaludy]

@amanda11 no i haven't yet, sorry copy/paste fail, i'll change that to 1604

[nmaludy]

Self-check passed on all the various boxes!

SELF CHECK SUCCEEDED!
st2-self-check succeeded.

#############################################################
###################################################   #######
###############################################   /~\   #####
############################################   _- `~~~', ####
##########################################  _-~       )  ####
#######################################  _-~          |  ####
####################################  _-~            ;  #####
##########################  __---___-~              |   #####
#######################   _~   ,,                  ;  `,,  ##
#####################  _-~    ;'                  |  ,'  ; ##
###################  _~      '                    `~'   ; ###
############   __---;                                 ,' ####
########   __~~  ___                                ,' ######
#####  _-~~   -~~ _                               ,' ########
##### `-_         _                              ; ##########
#######  ~~----~~~   ;                          ; ###########
#########  /          ;                        ; ############
#######  /             ;                      ; #############
#####  /                `                    ; ##############
###  /                                      ; ###############
#                                            ################

[amanda11]

Ansible install on Ubuntu 18.04 successful, and quick run-through on UI good.

[amanda11]

Also did a quick chatops test with slack yesterday on one of the platforms (now forgot which O/S!)

[arm4b]

Did a few manual tests and picked up a couple platforms to try. Here is the report:

• Verified: EL6 should not install
• Verified: Mistral & PostgreSQL should not install
• EL7 install and script flow check
• U18 install and script flow check
• MongoDB 4.0 as the default new DB version
• Web UI - click-click-click check if nothing broken
• Python 2 Deprecation Warning (comparing EL7 vs U18) - the message is very visible and helpful 👍
• EL7 upgrade 3.2dev -> 3.3dev. While the upgrade went well, we'll still need to provide the st2docs migration scripts to remove both mistral and postgresql: https://docs.stackstorm.com/install/upgrades.html#version-specific-migration-scripts (see v3.3 version specific migration scripts: uninstall Mistral and PostgreSQL st2docs#1027) as it'll be a question in community anyway after releasing v3.3.

[nmaludy]

@armab st2docs PR for the comments above is started here: StackStorm/st2docs#1028

[arms11]

Just deployed using st2-docker and able to verify few of the items already like no St2-Api-Key in the header getting logged! Will definitely consider socializing this to other developers as their templated dev environment before the custom pack is released for the K8s Deployment in the prod. Am planning to get the latest images for stand alone K8s envt to see how this goes. Production cluster has been running on 3.3dev for at least 2 months now and so far so good! Appreciate all the efforts!

[nmaludy]

@punkrokk found the issue StackStorm/st2#5057 and i have implemented PRs to fix this:

StackStorm/st2#5058 (into master)
StackStorm/st2#5059 (cherry pick for v3.3)

[m4dcoder]

I tested CentOS8. Looks good.

[nmaludy]

Found a bug in st2ci when trying to run the e2e upgrade test for el8. We need to pass -y in order to import the GPG key for the StackStorm/staging-stable repo. PR is here: StackStorm/st2ci#191

[nmaludy]

Found an issue in st2-self-check where it was invoking actions and reporting back "OK" status, but in fact the action failed:

Specifically the action that failed was Attempting Test tests.test_timer_rule...OK! (44s)

The action failed because on the vagrant box for libvirt: generic/ubuntu1604 and generic/1804 the timezone is not set on the box causing the st2timersengine service to not start. Easy fix, simply set the timezone on the vagrant box and restart st2timersengine (this is not a problem on the virtualbox Ubuntu image).

However, the st2-self-check reported success (as seen above), when you check the WebUI the action in fact failed.

TODO: write up an issue for this, investigate and fix