Trigger upgrade-series-prepare hook.

[ExternalReality]

Description of change

When a upgrade-series prepare is initiated hooks need to be run.

[ExternalReality]

Trigger prepare-upgrade-series hook on each unit and update doc status to prepared.

[ExternalReality]

There are apparently two initial events coming out of this puppy. Why?

[hmlanigan]

Did you find out why this is happening? I noticed the TestWatchActionNotificationsMoreResults() is testing that only 1 watch notification happens.

[ExternalReality]

Yes, that is what I mean above. No I don't know why, its innocuous (since the Uniter will just loop twice), but I don't know why its sending two initial events.

[howbazaar]

Histerical raisins.

[howbazaar]

All watchers send an initial event to trigger the checking of initial state. Many times this isn't useful, and you'll see comments like "consume initial event".

[ExternalReality]

OK, fixed now.

[hmlanigan]

I'm wondering if we can put these into an api shared between the uniter and the new upgrade series worker? Both need to WatchUpgradeSeriesNotifications(), UpgradeSeriesStatus() etc. Entities deal in tags, so we can get different data if necessary for machines and units.

[ExternalReality]

This code is being moved into a new API as per the above, therefor there is no reason to bump version here.

[howbazaar]

@ExternalReality I'm not sure what you are meaning "as per the above". If we are adding methods to the uniter API, then we need to bump the facade version, even if they are brought in through a common implementation.

[ExternalReality]

@howbazaar, the above comment by @hmlanigan. The code is being moved out of the UniterAPI entirely in the next PR.

[jameinel]

Generally we have a facade per-worker, and while they might both embed a common.Methods, they would be separate grouping of methods.

[hmlanigan]

can we move 2208-2215 into a helper method

[hmlanigan]

Suggest we rename to UpgradeSeriesPrepareStatus() and return the lock.PrepareStatus, and have a new Unit.UpgradeSeriesPrepareStatus() for the individual units?

[hmlanigan]

why pass back a string? the two status types are typed.

[hmlanigan]

SetUpgradeSeriesPrepareUnitStatus()?

[ExternalReality]

These constants may eventually get replaced with int iota for ordering. This would require a stringer a custom BSON marshaling. Of course, ordering can be done in other ways too.

[hmlanigan]

Perhaps use UnitCompleted instead, as UnitStarted is now the "default"

[hmlanigan]

LGTM, waiting for changes we discussed and review by @jameinel

[howbazaar]

We shouldn't return any params structs or types from the API package.

If they really need their own type, I'd be tempted to make a core package. Alternatively keep the type in the same api package as the method.

[howbazaar]

Agreed. Both the args and return values from API calls should not expose the params package.

[howbazaar]

Histerical raisins.

[howbazaar]

All watchers send an initial event to trigger the checking of initial state. Many times this isn't useful, and you'll see comments like "consume initial event".

[howbazaar]

Are we going to add validation that the series mentioned is one that juju knows about?

[howbazaar]

Perhaps these constants would be better suited in core/model package?

[howbazaar]

as mentioned above, core/model would be a good place. But I'm not sure we need a type. A string with validation functions at the entry points is almost certainly fine.

[howbazaar]

Generally you either log or return an error, not both.

[howbazaar]

This function should use UpgradeSeriesStatus above to short circuit the check.

unitStatus, err := m.UpgradeSeriesStatus(unitName)
if err != nil {
  return nil, errors.Trace(err)
}
if unitStatus == status {
return nil, jujutxn.ErrNoOperations
}
// pass in the current status to assert against, and the status to set it to.
return setUpgradeSeriesTxnOps(m.Id(), unitStatus, status), nil
}

[howbazaar]

It would probably be better to have the unit fields keyed off the unit tag rather than an offset. This would make it easier to make the sested set. Also you should assert that the field matches the expected value.

[jameinel]

definitely looks to be progressing well, I think the fix for 2 Next events is easily fixable.

[jameinel]

a bare channel operation is almost always dangerous, as it can block indefinitely (and then you only find out when the test suite is killed after 25min).

However, getting 2 events is even worse, as it throws off everyone's expectations.
I don't know exactly how your code is initialized, but I'll note that the NotifyWatcher's that I know of don't transmit an event over-the-wire for the first event. They intentionally swallow the first event on the server side, and trust that the client side knows its a NotifyWatcher and thus triggers the event on the client side.
I'm guessing you have the same "always trigger an event" on your client side, but don't have the "swallow the initial event" on the server side.

[jameinel]

other than the initial double event, this test looks good.

[jameinel]

Is it worth checking the pre-condition of s.apiUnit.UpgradeSeriesStatus() before we create the lock? So that we see the value changes to Started?

It seems odd that you have this test, which says the status is Started, even though there isn't a call to SetUpgradeSeriesStatus(UnitStarted).
Shouldn't the status of a unit start in something like Pending?

If we want to just have "started" as the initial state, then I'd say we don't need a test that you can set the state to Started (drop TestSetUpgradeSeriesStatus, or change it to set the status to Completed)
or clarify that we just treat setting the status to Started as a no-op?
Do we support going from Completed back to Started? Or should that be considered an error? (I'd tend toward the latter, though re-running a pre upgrade step is something we've discussed)

[ExternalReality]

TestUpgradeSeriesStatus tests that a call to the api gets the current remote state - regardless of what it is.

It just so happens that the remote state starts in the UnitStartedState. When you create a lock, an upgrade is considered started. The uniter see's that and syncs its local state accordingly, so the initial states are as follows:

Uniter: UnitNotStarted
Controller: UnitStarted (as soon as a lock is created)

[ExternalReality]

Yes, but correct, lets test our assumption! We will put in a check of the pre-condition. I only note it in a comment.

[jameinel]

I realize that this syntax is correct, as it is a locally defined function that knows about the various machines/units in play, and only creates a lock for s.wordpressMachine and takes additional unit names to include.
I will say that the signature of the method is confusing, as just reading through the code looks like you're taking an UpgradeSeriesLock for unit2, which isn't even a machine.
Maybe its ok, but it does mean I originally had a comment about correctness, and had to come back and reevaluate.
Maybe an issue is that we are using exactly the same function name, so I was expecting a similar signature? CreateTestUpgradeSeriesLock ?

[howbazaar]

Why does this invocation also pass in a unit name? It isn't clear to me.

[jameinel]

Its because the Suite function takes a list of "additional units to include in the preparation"

[ExternalReality]

It compares the passed in values with the known values, and thus if someone has added a machine then we can't start the update. The user must confirm again in light of the new information, that is, a newly created machine. Its just used for validation.

[jameinel]

doc string: WatchActionNotifications creates a NotifyWatcher

[ExternalReality]

Bah, the copy pasta monster - or creepy pasta - depending on which way you want to look at it.

[jameinel]

This list is getting long enough, I have to question if it is being useful vs having something you can run to find out the list...

[ExternalReality]

How about just a regex unit "mysql/0" contains neither hook nor action "invalid-hook", valid actions are .*. Unless we don't trust the list generation and want to test it here, I'd say we don't need the list at all.

[jameinel]

its more a signal that we're not giving a helpful message to the user if we're drowning them in a list that wraps multiple times.
Occasionally validating long lists is good, as it makes sure things are wired up/listed

[jameinel]

Why default to Started before the unit has noticed that it needs to run the hook? is it just simpler and more straightforward elsewhere?

[ExternalReality]

In my mind there are two definitions possible for "Upgrade Series Started". These are:
An upgrade starts when a user performs juju upgrade-series prepare
Alternatively
An upgrade starts when the pre-series-upgrade hook runs.

There former is by far the easiest to implement - I went occam's razor - hopefully I don't get cut.
So by definition the Lock is initialized with machine & units in the started state.

[jameinel]

would we want to take the unit id and assert that
prepareunits.%d.id
is what we expect?
making a change to the "nth" entry in an array always seems a bit concerning without it. I realize the array shouldn't be changing order, but certainly I would think we want to associate the status to the Id rather than the offset.

[jameinel]

is there any reason we can't just remove 'err error' and change it to 'error' ?

[ExternalReality]

Only a hesitance to dabble. Will change.

[jameinel]

This is the only place where I've seen UnitNotStarted, is this exposed somehow?

[ExternalReality]

Yes, the Uniter API starts in UnitNotStarted state. Yet, the act of creating a lock indicates that the user wants to start the process of upgrading the units. Therefore the controller's corresponding remote state is create in the core.UnitStarted state. This will cause the hook to fire once the user issues a juju upgrade-series prepare. In turn the Uniter's status will be synced.

[ExternalReality]

Excellent! Yes, the other watchers do consume an initial event on the server side - subsequently, on the client side, the additional event is not observed. Thank you @jameinel.

[hmlanigan]

LGTM if @jameinel or @howbazaar approve.

[howbazaar]

On the whole this is very good, but I have some conerns around the document structure stored in the db.

Generally we like separating words for bson with hyphens. It just makes the direct db json docs easier to read in the mongo shell.

[howbazaar]

The idea of the bulk calls isn't to apply a particular value to multiple targets, but instead to be able to process multiple actions in a single call. I think this is why the param struct this way feels weird. The bulk nature of the SetUpgradeSeriesStatus should be to take pairs of agents and status values.

[ExternalReality]

Will do

[howbazaar]

Just reading this test leaves me wondering what model.UnitStarted means. Do you think the constant would be more clear to say model.SeriesUpgradeStarted?
We know that it is for a unit, because we asked on a unit. It seems that a machine might also have an UpgradeSeriesStatus, in which case the constant shouldn't really refer to units.

[ExternalReality]

We have two sets of constants defined in the same package; one for the update status of the machine and the other for units. We can't have a name like "UpgradeSeriesStarted" for both because go would complain about redundant names. We can't use the same sets for both Units and Machines because they have different upgrade series states.

[jameinel]

Is there a reason to have different types for Machine vs Unit? It does make it simpler if it is unified, but if there is a good reason to leave them as separate types that can be ok.

[howbazaar]

Again with the unit mention. See above comment.

[howbazaar]

Is it really locked or just marked? Using the terminology of locked has me thinging that I need to use commands to lock and unlock the machine, whereas that isn't what we are doing. This is more just commentary rather than expecting change but it seems to just grate on me a bit.

[ExternalReality]

Ah, it does lock the machine in the sense that other "threads/users/whathaveyou" will be blocked from a defined set of operations while the machine and its subordinates are being upgraded.

[ExternalReality]

It is in fact a lock of a kind. In the future it will block actions

[howbazaar]

Why does this invocation also pass in a unit name? It isn't clear to me.

[howbazaar]

Id is a bit confusing when compared with the implicit _id mongo field. Perhaps "MachineID"?

[jameinel]

I think the issue is that the real Machine doc has this bug, but I think thats mostly historical-reasons and I agree its better to use Id => _id and something else for any other id.

[ExternalReality]

Will do.

[howbazaar]

I find this structure very confusing. Also I think that recording the time things happened would also be useful.

What do you think of something like this:

type upgradeStatus struct {
    Value   model.SeriesUpgradeStatus `bson:"value"`
    Timestamp  int64  `bson:"timestamp"`
}


type upgradeSeriesLockDoc struct {
  MachineID  string `bson:"machine-id"` // note the hyphens for readiblity
  ToSeries string  `bson:"to-series"`
  FromSeries string `bson:"from-series"`
  MachineStatus upgradeStatus `bson:"machine-status"`
  UnitStatus map[string]upgradeStatus  `bson:"unit-status"`
}

You could then have a simple function that creates an upgradeStatus sub-document from a status value, and have it automatically populate the timestamp with the state's clock.

Setting the status for a particular unit is a single set call.

Even if we don't immediately expose the timestamps, it would be very useful for debugging.

[jameinel]

I like the idea of timestamps, and its something we've done for other status fields.
I'm the one that asked for a slice instead of a map, but I can admit fault in that the complexity around dealing with a slice doesn't outweight the benefit of not putting arbitrary data as BSON attribute names.

[ExternalReality]

I can add a Trello Card for adding a time stamp. I certainly do agree. However the PR is getting quite long in the tooth and scope creep is starting to set in. This PR was initially meant to be really tiny - it was meant to detect a lock has been created and fire the hook. I feel that much of the small errors that we are seeing are due to the size of the PR coupled with the rapid pace of development.

[howbazaar]

No, I don't think the unit status needs to be set there, it should be caught further up.

Where do we set the error state for pre-series-upgrade?

[howbazaar]

Who is going to close this? And is it really an error? The other watchers don't follow this pattern.

[ExternalReality]

The loop where this code lives has 12 other watchers that follow this pattern. They all return a similar error. The loop function is a catacomb worker and the function's watchers are bound the life cycle of that catacomb using the catacomb's Add function.

[jameinel]

I think it is an appropriate safeguard that the event we got was an actual event rather than just a closed channel.
I agree with Eric that the other watchers are following a similar pattern. It might just be that the very previous watcher wasn't doing this that made it seem to be a different pattern.

[howbazaar]

Probably, just saw the one above. Happy to have consistency here.

[howbazaar]

We should assume that the api server will only ever give us valid status types. Otherwise we end up double guessing ourselves all over the place.

[jameinel]

better to generate an err than a panic(), right?

[howbazaar]

It is a string, it can't panic.

[howbazaar]

I don't see any reason not to land this now and deal with other issues in follow up branches.

I do however still feel strongly that the underlying doc in the database needs to be looked at again.

[ExternalReality]

!!build!!

[ExternalReality]

$$MERGE$$