I get this error when trying an upgrade - we’re about a month behind on cent7 updates, but I’m not seeing anything newer than 3.13.1-229 in the live repos either. Is this cutting edge necessary or can I skip this? We only cut new repos for clusters 1 or 2 times a year, so this is a bit problematic.
@ddietz How is your site’s copy of CentOS 7 repos created, is it just a sync that you only run 1 or 2 times a year or are you using something that would allow you to cherry-pick in specific packages like Pulp?
The dependency on SELinux comes from upstream passenger RPM spec and is likely a result of RPMs being built using latest CentOS 7 release. If you’re unable to put newer selinux-policy in your copy of CentOS repos, maybe try a local install where you download selinux-policy RPM needed by ondemand-passenger and install the RPM with yum localinstall before upgrading OnDemand to 1.5.
Given we document turning off SELinux as part of OnDemand I am thinking we may need to modify the passenger RPM spec further to remove SELinux bits.
We clone a copy of the repos whenever a new cluster image is built so that package versions stay constant across the cluster. The images are usually only updated/clusters rebooted once or twice a year.
It sounds like we’ve got a few options - yes, I can cherry-pick in custom packages (though have to be careful about having the entire cluster grab it) - I had to do this for the SCL packages IIRC. Or it looks like I can rev a new repo copy and update the ondemand machine to it. I thought that was a cluster wide setting, but looks like I technically have that option. I’ll need to run this by the engineers to see what they think.
I’m thinking this might be easiest/lowest impact/lowest risk option. I do see the newest version of that package in another cluster’s repo copy, so I could easily grab that.
I was surprised to see that pop up on the dependencies since I remember reading to disable SElinux.
I am working on removing SELinux from the ondemand-passenger and ondemand-nginx RPMs. Hopefully sometime today I will have updated RPMs built and will test them on our end then make them available via OnDemand 1.5 repos.
We ended up doing a rev of the repo cache for the ondemand machine, and I could upgrade successfully. I do think removing the unnecessary dependencies will hep make the upgrade go smoother on other machines.