Succesfully updated PHP on development, but can't push update to staging/production

trellis
1

I’m having some trouble updating an outdated PHP version on one of our sites. The site still runs PHP 7.1, so I decided to update it to 7.4. Since we have a bedrock/trellis setup, I figured the best mode of action was to update trellis. I did so on my local site, and PHP is updated! However, I can’t seem to push it to staging (and probably production as well).

When deploying, I get the following error:

TASK [deploy : Reload php-fpm] ******************************************************************************************************************
System info:
  Ansible 2.9.0; Linux
  Trellis version (per changelog): "Fix #1277 - Disable PHP CLI memory limit"
---------------------------------------------------
non-zero return code
Sorry, user web is not allowed to execute '/usr/sbin/service php7.4-fpm
reload' as root on XXXXXX.localdomain.
fatal: [107.170.41.149]: FAILED! => {"changed": true, "cmd": "sudo service php7.4-fpm reload", "delta": "0:00:00.009555", "end": "2021-08-10 18:43:09.898829", "rc": 1, "start": "2021-08-10 18:43:09.889274", "stderr_lines": ["Sorry, user web is not allowed to execute '/usr/sbin/service php7.4-fpm reload' as root on XXXXXX.localdomain."], "stdout": "", "stdout_lines": []}

Here’s the error from provisioning the staging server:

TASK [common : Checking essentials] *************************************************************************************************************
ok: [107.170.41.149] => (item=build-essential)
ok: [107.170.41.149] => (item=python-software-properties)
---------------------------------------------------
'/usr/bin/apt-get -y -o "Dpkg::Options::=--force-confdef" -o "Dpkg::Options
::=--force-confold"      install 'unzip'' failed: E: Unmet dependencies. Try
'apt-get -f install' with no packages (or specify a solution).

E: Unmet dependencies. Try 'apt-get -f install' with no packages (or specify
a solution).

failed: [107.170.41.149] (item=unzip) => {"ansible_loop_var": "item", "cache_update_time": 1628623139, "cache_updated": false, "changed": false, "item": {"key": "unzip", "value": "present"}, "rc": 100, "stderr_lines": ["E: Unmet dependencies. Try 'apt-get -f install' with no packages (or specify a solution)."], "stdout": "Reading package lists...\nBuilding dependency tree...\nReading state information...\nYou might want to run 'apt-get -f install' to correct these:\nThe following packages have unmet dependencies:\n linux-headers-4.4.0-209-generic : Depends: linux-headers-4.4.0-209 but it is not going to be installed\n", "stdout_lines": ["Reading package lists...", "Building dependency tree...", "Reading state information...", "You might want to run 'apt-get -f install' to correct these:", "The following packages have unmet dependencies:", " linux-headers-4.4.0-209-generic : Depends: linux-headers-4.4.0-209 but it is not going to be installed"]}
---------------------------------------------------
'/usr/bin/apt-get -y -o "Dpkg::Options::=--force-confdef" -o "Dpkg::Options
::=--force-confold"      install 'imagemagick'' failed: E: Unmet
dependencies. Try 'apt-get -f install' with no packages (or specify a
solution).

E: Unmet dependencies. Try 'apt-get -f install' with no packages (or specify
a solution).

failed: [107.170.41.149] (item=imagemagick) => {"ansible_loop_var": "item", "cache_update_time": 1628623139, "cache_updated": false, "changed": false, "item": {"key": "imagemagick", "value": "present"}, "rc": 100, "stderr_lines": ["E: Unmet dependencies. Try 'apt-get -f install' with no packages (or specify a solution)."], "stdout": "Reading package lists...\nBuilding dependency tree...\nReading state information...\nYou might want to run 'apt-get -f install' to correct these:\nThe following packages have unmet dependencies:\n imagemagick : Depends: imagemagick-6.q16 (= 8:6.8.9.9-7ubuntu5.16) but it is not going to be installed\n linux-headers-4.4.0-209-generic : Depends: linux-headers-4.4.0-209 but it is not going to be installed\n", "stdout_lines": ["Reading package lists...", "Building dependency tree...", "Reading state information...", "You might want to run 'apt-get -f install' to correct these:", "The following packages have unmet dependencies:", " imagemagick : Depends: imagemagick-6.q16 (= 8:6.8.9.9-7ubuntu5.16) but it is not going to be installed", " linux-headers-4.4.0-209-generic : Depends: linux-headers-4.4.0-209 but it is not going to be installed"]}
---------------------------------------------------
ok: [107.170.41.149] => (item=libnss-myhostname)
---------------------------------------------------
ok: [107.170.41.149] => (item=git)
---------------------------------------------------
ok: [107.170.41.149] => (item=curl)
---------------------------------------------------
'/usr/bin/apt-get -y -o "Dpkg::Options::=--force-confdef" -o "Dpkg::Options
::=--force-confold"      install 'ghostscript'' failed: E: Unmet
dependencies. Try 'apt-get -f install' with no packages (or specify a
solution).

E: Unmet dependencies. Try 'apt-get -f install' with no packages (or specify
a solution).

failed: [107.170.41.149] (item=ghostscript) => {"ansible_loop_var": "item", "cache_update_time": 1628623139, "cache_updated": false, "changed": false, "item": {"key": "ghostscript", "value": "present"}, "rc": 100, "stderr_lines": ["E: Unmet dependencies. Try 'apt-get -f install' with no packages (or specify a solution)."], "stdout": "Reading package lists...\nBuilding dependency tree...\nReading state information...\nYou might want to run 'apt-get -f install' to correct these:\nThe following packages have unmet dependencies:\n ghostscript : Depends: libgs9 (= 9.26~dfsg+0-0ubuntu0.16.04.14) but it is not going to be installed\n               Depends: gsfonts (>= 6.0-1) but it is not going to be installed\n linux-headers-4.4.0-209-generic : Depends: linux-headers-4.4.0-209 but it is not going to be installed\n", "stdout_lines": ["Reading package lists...", "Building dependency tree...", "Reading state information...", "You might want to run 'apt-get -f install' to correct these:", "The following packages have unmet dependencies:", " ghostscript : Depends: libgs9 (= 9.26~dfsg+0-0ubuntu0.16.04.14) but it is not going to be installed", "               Depends: gsfonts (>= 6.0-1) but it is not going to be installed", " linux-headers-4.4.0-209-generic : Depends: linux-headers-4.4.0-209 but it is not going to be installed"]}
---------------------------------------------------
ok: [107.170.41.149] => (item=python-mysqldb)
---------------------------------------------------
ok: [107.170.41.149] => (item=dbus)
---------------------------------------------------
'/usr/bin/apt-get -y -o "Dpkg::Options::=--force-confdef" -o "Dpkg::Options
::=--force-confold"      install 'libgs-dev'' failed: E: Unmet dependencies.
Try 'apt-get -f install' with no packages (or specify a solution).

E: Unmet dependencies. Try 'apt-get -f install' with no packages (or specify
a solution).

failed: [107.170.41.149] (item=libgs-dev) => {"ansible_loop_var": "item", "cache_update_time": 1628623139, "cache_updated": false, "changed": false, "item": {"key": "libgs-dev", "value": "present"}, "rc": 100, "stderr_lines": ["E: Unmet dependencies. Try 'apt-get -f install' with no packages (or specify a solution)."], "stdout": "Reading package lists...\nBuilding dependency tree...\nReading state information...\nYou might want to run 'apt-get -f install' to correct these:\nThe following packages have unmet dependencies:\n libgs-dev : Depends: libgs9 (= 9.26~dfsg+0-0ubuntu0.16.04.14) but it is not going to be installed\n             Depends: libcups2-dev but it is not going to be installed\n             Depends: libcupsimage2-dev but it is not going to be installed\n             Depends: libfontconfig1-dev but it is not going to be installed\n             Depends: libidn11-dev but it is not going to be installed\n             Depends: libijs-dev but it is not going to be installed\n             Depends: libjbig2dec0-dev but it is not going to be installed\n             Depends: libjpeg-dev\n             Depends: libpaper-dev but it is not going to be installed\n             Depends: libpng12-0-dev\n             Depends: libtiff5-dev but it is not going to be installed\n linux-headers-4.4.0-209-generic : Depends: linux-headers-4.4.0-209 but it is not going to be installed\n", "stdout_lines": ["Reading package lists...", "Building dependency tree...", "Reading state information...", "You might want to run 'apt-get -f install' to correct these:", "The following packages have unmet dependencies:", " libgs-dev : Depends: libgs9 (= 9.26~dfsg+0-0ubuntu0.16.04.14) but it is not going to be installed", "             Depends: libcups2-dev but it is not going to be installed", "             Depends: libcupsimage2-dev but it is not going to be installed", "             Depends: libfontconfig1-dev but it is not going to be installed", "             Depends: libidn11-dev but it is not going to be installed", "             Depends: libijs-dev but it is not going to be installed", "             Depends: libjbig2dec0-dev but it is not going to be installed", "             Depends: libjpeg-dev", "             Depends: libpaper-dev but it is not going to be installed", "             Depends: libpng12-0-dev", "             Depends: libtiff5-dev but it is not going to be installed", " linux-headers-4.4.0-209-generic : Depends: linux-headers-4.4.0-209 but it is not going to be installed"]}

My instinct is to go onto the staging server and update PHP myself, but I’m not sure if that will break future deployments/provisions…

2

You could log into that system and invoke the apt-get -f install (no packages) command manually.
Does it fix it? Does it show what packages are missing and preventing the further installation of packages?

3

Hey @strarsis, thanks again for your help.

I ran apt-get -f install on the staging server, and this was the output

Reading package lists... Done
Building dependency tree       
Reading state information... Done
Correcting dependencies... Done
The following packages were automatically installed and are no longer required:
  linux-headers-4.4.0-209 linux-headers-4.4.0-209-generic
Use 'apt autoremove' to remove them.
The following additional packages will be installed:
  linux-headers-4.4.0-209 linux-headers-4.4.0-209-generic
The following NEW packages will be installed:
  linux-headers-4.4.0-209
The following packages will be upgraded:
  linux-headers-4.4.0-209-generic
1 upgraded, 1 newly installed, 0 to remove and 161 not upgraded.
1 not fully installed or removed.
Need to get 10.8 MB of archives.
After this operation, 79.1 MB of additional disk space will be used.
Do you want to continue? [Y/n] 
Get:1 http://mirrors.digitalocean.com/ubuntu xenial-updates/main amd64 linux-headers-4.4.0-209 all 4.4.0-209.241 [10.0 MB]
Get:2 http://mirrors.digitalocean.com/ubuntu xenial-updates/main amd64 linux-headers-4.4.0-209-generic amd64 4.4.0-209.241 [793 kB]
Fetched 10.8 MB in 0s (15.9 MB/s)                    
Selecting previously unselected package linux-headers-4.4.0-209.
(Reading database ... 66386 files and directories currently installed.)
Preparing to unpack .../linux-headers-4.4.0-209_4.4.0-209.241_all.deb ...
Unpacking linux-headers-4.4.0-209 (4.4.0-209.241) ...
Preparing to unpack .../linux-headers-4.4.0-209-generic_4.4.0-209.241_amd64.deb ...
Unpacking linux-headers-4.4.0-209-generic (4.4.0-209.241) over (4.4.0-209.241) ...
Setting up linux-headers-4.4.0-209 (4.4.0-209.241) ...
Setting up linux-headers-4.4.0-209-generic (4.4.0-209.241) ...

That did something! I receive the same error as above when deploying, but the error for provisioning is different:

‘/usr/bin/apt-get -y -o “Dpkg::Options::=–force-confdef” -o “Dpkg::Options
::=–force-confold” install ‘libgs-dev’’ failed: E: Unable to correct
problems, you have held broken packages.

E: Unable to correct problems, you have held broken packages.

failed: [107.170.41.149] (item=libgs-dev) => {“ansible_loop_var”: “item”, “cache_update_time”: 1628626060, “cache_updated”: false, “changed”: false, “item”: {“key”: “libgs-dev”, “value”: “present”}, “rc”: 100, “stderr_lines”: [“E: Unable to correct problems, you have held broken packages.”], “stdout”: “Reading package lists…\nBuilding dependency tree…\nReading state information…\nSome packages could not be installed. This may mean that you have\nrequested an impossible situation or if you are using the unstable\ndistribution that some required packages have not yet been created\nor been moved out of Incoming.\nThe following information may help to resolve the situation:\n\nThe following packages have unmet dependencies:\n libgs-dev : Depends: libcupsimage2-dev but it is not going to be installed\n Depends: libtiff5-dev but it is not going to be installed\n”, “stdout_lines”: [“Reading package lists…”, “Building dependency tree…”, “Reading state information…”, “Some packages could not be installed. This may mean that you have”, “requested an impossible situation or if you are using the unstable”, “distribution that some required packages have not yet been created”, “or been moved out of Incoming.”, “The following information may help to resolve the situation:”, “”, “The following packages have unmet dependencies:”, " libgs-dev : Depends: libcupsimage2-dev but it is not going to be installed", " Depends: libtiff5-dev but it is not going to be installed"]}`

4

List the PHP packages installed on that system:

apt list --installed | grep php

Are all those packages installed from the sury repository or from the upstream Ubuntu one?

I had a similar issue on a staging server where the distribution was too high, hence no PHP packages from that specific repository that are expected by Trellis and the depending packages to be installed:

Maybe this also applies to your system?

5

Here’s the list, it looks like everything is installed from sury:

dh-php/now 0.27+deb.sury.org~xenial+1 all [installed,local]
php-common/now 1:52+deb.sury.org~xenial+1 all [installed,local]
php-igbinary/now 2.0.1-1+deb.sury.org~xenial+1 amd64 [installed,local]
php-memcached/now 3.0.3+2.2.0-1+deb.sury.org~xenial+1 amd64 [installed,local]
php-msgpack/now 2.0.2+0.5.7-1+deb.sury.org~xenial+2 amd64 [installed,local]
php-pear/now 1:1.10.1+submodules+notgz-8+donate.sury.org~xenial+2 all [installed,local]
php7.1-cli/now 7.1.4-1+deb.sury.org~xenial+1 amd64 [installed,local]
php7.1-common/now 7.1.4-1+deb.sury.org~xenial+1 amd64 [installed,local]
php7.1-curl/now 7.1.4-1+deb.sury.org~xenial+1 amd64 [installed,local]
php7.1-dev/now 7.1.4-1+deb.sury.org~xenial+1 amd64 [installed,local]
php7.1-fpm/now 7.1.4-1+deb.sury.org~xenial+1 amd64 [installed,local]
php7.1-gd/now 7.1.4-1+deb.sury.org~xenial+1 amd64 [installed,local]
php7.1-json/now 7.1.4-1+deb.sury.org~xenial+1 amd64 [installed,local]
php7.1-mbstring/now 7.1.4-1+deb.sury.org~xenial+1 amd64 [installed,local]
php7.1-mcrypt/now 7.1.4-1+deb.sury.org~xenial+1 amd64 [installed,local]
php7.1-mysql/now 7.1.4-1+deb.sury.org~xenial+1 amd64 [installed,local]
php7.1-opcache/now 7.1.4-1+deb.sury.org~xenial+1 amd64 [installed,local]
php7.1-readline/now 7.1.4-1+deb.sury.org~xenial+1 amd64 [installed,local]
php7.1-xml/now 7.1.4-1+deb.sury.org~xenial+1 amd64 [installed,local]
php7.1-xmlrpc/now 7.1.4-1+deb.sury.org~xenial+1 amd64 [installed,local]
php7.1-zip/now 7.1.4-1+deb.sury.org~xenial+1 amd64 [installed,local]
php7.2-cli/now 7.2.3-1+ubuntu16.04.1+deb.sury.org+1 amd64 [installed,local]
php7.2-common/now 7.2.3-1+ubuntu16.04.1+deb.sury.org+1 amd64 [installed,local]
php7.2-curl/now 7.2.3-1+ubuntu16.04.1+deb.sury.org+1 amd64 [installed,local]
php7.2-dev/now 7.2.3-1+ubuntu16.04.1+deb.sury.org+1 amd64 [installed,local]
php7.2-fpm/now 7.2.3-1+ubuntu16.04.1+deb.sury.org+1 amd64 [installed,local]
php7.2-gd/now 7.2.3-1+ubuntu16.04.1+deb.sury.org+1 amd64 [installed,local]
php7.2-json/now 7.2.3-1+ubuntu16.04.1+deb.sury.org+1 amd64 [installed,local]
php7.2-mbstring/now 7.2.3-1+ubuntu16.04.1+deb.sury.org+1 amd64 [installed,local]
php7.2-mysql/now 7.2.3-1+ubuntu16.04.1+deb.sury.org+1 amd64 [installed,local]
php7.2-opcache/now 7.2.3-1+ubuntu16.04.1+deb.sury.org+1 amd64 [installed,local]
php7.2-readline/now 7.2.3-1+ubuntu16.04.1+deb.sury.org+1 amd64 [installed,local]
php7.2-xml/now 7.2.3-1+ubuntu16.04.1+deb.sury.org+1 amd64 [installed,local]
php7.2-xmlrpc/now 7.2.3-1+ubuntu16.04.1+deb.sury.org+1 amd64 [installed,local]
php7.2-zip/now 7.2.3-1+ubuntu16.04.1+deb.sury.org+1 amd64 [installed,local]
pkg-php-tools/now 1.33+deb.sury.org~xenial+1 all [installed,local]
6

Maybe this also applies to your system?

Maybe! I’m still trying to understand exactly what’s going on. Was there ever a solution?

7

You could try to just install that libgs-dev package manually so you can see what actually happens (and fails):

apt install libgs-dev

Also check what apt repositories are currently used: Only from upstream (official Ubuntu) and the one from Trellis (ondrej/sury)? Are there more, other repositories from which packages could have been installed?

8

I ran 'apt install libgs-dev. It seems to have installed, but I’m seeing these warning:

Reading package lists... Done
Building dependency tree       
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 libgs-dev : Depends: libcupsimage2-dev but it is not going to be installed
             Depends: libtiff5-dev but it is not going to be installed
E: Unable to correct problems, you have held broken packages.

The last line “E: Unable to correct problems, you have held broken packages.” seems to be a recurring error.

Still not sure what the issue is or how to correct it, but I’m getting closer. Thank you @strarsis

9

These kinds of warnings (and errors sometimes) are often caused when a newer version of a package is installed than usually required by the other packages, which would result in a downgrade of packages, which apt normally doesn’t allow.

Have you already ran apt update and apt upgrade? Would apt dist-upgrade want to install further packages? And lastly, does apt autoremove want to clean up unused packages?

The aptitude tool (fancier apt) can show more helpful messages sometimes:
aptitude install libgs-dev
You may have to install aptitude first, though.

10

I think you’re telling me this issue must be fixed directly on the server. I’m a little hesitant to do that, since there haven’t been any edits to the server outside of deployments and provisions, and I do like to take error messages with a grain of salt.

That said, it does seem that no one else in this community is struggling with this issue, which means that either there’s something going on with my server in particular, or no one else is as reluctant to do the dirty work manually.

Thanks for the advice and all the help. I will definitely try aptitude, and see what happens…

11

I can’t speak to the package management stuff, but I feel like I recall running into problems like this updating PHP back in the day. Essentially, when you upgrade PHP it has trouble knowing to spin down the existing PHP process and spin up the new one, and for me the solution was to ssh into the server, manually sudo systemctl php7.1 stop and sudo systemctl php7.4 start or whatever the appropriate commands are in your env.

12

I don’t think PHP 7.4 is even on the server at all - but I’m sure at some point this advice will come in handy (hopefully I’ll get to that point)…

Do you remember the process of updating PHP? Did you do it manually?

13

This was in an older version of Trellis. I think I just changed the PHP version in server.yml or something, but I don’t think it works like that any more. I haven’t actually used trellis to provision in a really long time–the last agency I worked for just used it to deploy.

14

This topic was automatically closed after 42 days. New replies are no longer allowed.