CUCC Expedition Handbook

Upgrading Django for Troggle

Django Versions and troggle

Troggle is built on top of the django framework. In 2019 we had let ourselves get rather behind in keeping up to date with the django version and this held us back from upgrading the operating system - which we needed to do. Troggle uses several community-contributed django plugins and each of these had their own version dependencies. We also got caught up with out of date and deprecated python language features.

A ridiculous amount of work was required to get to a situation where troggle was running on relatively recent and nearly security-in-date versions of python, django, plugins and linux by Summer 2020. We don't want that to happen again.

Why this is difficult

When django upgrades to a new version things break across the entire django package, including things which we don't conciously use but are internal dependencies within django. These were 'the way to do it' when troggle was first written for django 0.7 in 2006. So upgrading troggle to a new django version requires not just a broad beadth of knowledge across troggle, but also across the entire breadth of django itself. And the error messages are sometimes very unhelpful.

Major, minor and releases

Django release 1.11.29 is major-version 1, minor-version 11, and patch-release 29. 1.11 is the "feature release".

Things will break between django minor-versions (feature releases) which come out every 8 months.

Django versions and deprecation

• Django has a mature and reliable release programme: https://docs.djangoproject.com/en/3.0/releases/
• Django pre-announces which features will be deprecated: docs.djangoproject.com/en/internals/deprecation/
• Django release schedule: supported versions timetable

Django plugins

But the contributed plugins have no such management process and releases are rather random, e.g. for django-registration there are two sources of current information:
Docs: django-registration 3.1
PyPi: django-registration 3.1

but only one of these (PyPi) gives release history data - which is what you need if you get behind with the django upgrades.

Django plugin documentation cannot be relied upon to tell you which version of django they require. They will complain when you run them if your version of django is too old though. Some experimentation is required.

Every extra plugin increases the "vulnerability surface" of troggle with respect to django upgrade problems so only install a new plugin if it is really, really necessary. For example, when django-staticfiles broke during one upgrade we discovered that we could use flatfiles as a workaround, so we are not planning on reinstalling staticfiles ever again.

[ However django-extensions looks like it could be useful explicitly to help us through the upgrade process: pypi.org/project/django-extensions/ (only available for django 2.2 and later). ]

Why we still use django

Well we might not use django indefinitely, but unlike many frameworks the necessary functions are separately replaceable. So this gives us an evolution path.

The stack is: database, request/response (GET/POST http), URL mapping/dispatch (declarative and bidrectional), and templates (data to HTML). See the django design philosophy. Note that having a URL dispatcher that supports reverse resolution is important: it is a key reason why we need a framework and not just a mess of javascript. We have nearly 100 URL patterns.

Important Tricks

There are five critical tricks that make everything much, much easier:

1. Use pip venv to set up a virtual python environment within which you can easily and quickly change the specific releases of python, django, django's dependencies and django plugins.
2. Use the highest release number when upgrading between minor-versions of django.
   So we went from 1.8.19 to 1.9.13 to 1.10.8 to 1.11.29 . Next will be 2.0.13, then 2.1.15 and then 2.2.15 .
3. Use the django 'check' maintenance system at the most verbose setting at each release
   troggle$ python manage.py check -v 3 --deploy
   troggle$ python -Wall manage.py check
   
4. Use our test suite (and if you see errors, run it with -v 3)
   troggle$ python manage.py test [-v 3]
   
5. Read all the release notes for all the intermediate releases. So from 1.1.29 we will read 14 sets of notes: for 2.0, 2.0.1, 2.0.2... up to 2.0.13 .

The individual releases within a minor version don't break anything but do fix bugs. So if you are on 1.10.x there is no point in getting 1.11.1 to work and you should go straight to 1.11.29 (29 is the highest release number in minor version 1.11).

--deploy gives django warnings about security issues in your settings as well as django deprecation warnings.
-Wall is a standard python option and gives warnings of deprecated python features used by django and all the current plugins. So it tells us that django 1.11.29 is using a deprecated python language feature which will be removed from the language in python 3.9 (in fact 1.11.29 is incompatible with python 3.8 too but we didn't get a warning about that).

The upgrade process

1. ensure that you have the exact version of python installed on your machine as is live for troggle on the server, e.g. do $ sudo apt install python3.7.5.
2. create a venv using the version of python to be used.
3. do a clean install of django and troggle using pip.
4. check the versions of plugins using pip list -o
5. open two terminal windows:
   - one will be used for installations and tests.
   - the other one will be used for python manage.py runserver 0.0.0.0:8000 -v 3 (or whatever portnumber you like)
6. rename the most recent localsettingsXXX.py to fit your local system and make it symlink to localsettings.py
7. edit your localsettingsXXX.py to use sqlite with a file troggle.sqlite
8. edit your localsettingsXXX.py to set a password for user "expo" (or just use default "nnn:gggggg")
9. testing:
   • run troggle$ python manage.py test
   • run the full data import troggle$ python databaseReset reset R000. It should take about 80 seconds to import everything.
   • start the runserver in the other terminal window and open a web browser to http://localhost:8000 and check important pages which we don't have tests for (yet):
     - http://localhost:8000/pathsreport
     - http://localhost:8000/stats
     - http://localhost:8000/people
     - http://localhost:8000/expedition/2018
     - http://localhost:8000/expofiles/surveyscans/2019/walletindex.html
     - http://localhost:8000/survey_scans/
     - http://localhost:8000/survexfile/caves/
     - http://localhost:8000/tunneldata/
     - http://localhost:8000/expofiles/rigging_topos/264/entrance_topo_2016.pdf
     - http://localhost:8000/expofiles/rigging_topos/264/entrance_topo_2016.svg
     - http://localhost:8000/expofiles/rigging_topos/264/entrance_topo1_2016.jpeg
     - http://localhost:8000/expofiles/training-info/Idiots guide to accessing expo git.pptx
     - http://localhost:8000/1623/291/291.htm
     - http://localhost:8000/caves
     - ttp://localhost:8000/admin/doc/models/core.expedition/ (admin login required)
     - http://localhost:8000/survexfile/204
10. Use the error dump tracebacks to find and correct the python code. [Running the server in a debugger would help: please add those instructioons for that to this page.]
11. run the script ./pre-run.sh to clean up everything before the next round of tests.

You can upgrade the version of python installed within pip but not downgrade. So get that first venv installed right.

Here is example of installed (Version) and most-recent-available (Latest) verisons of pip installations.

$ pip list -o
Package             Version Latest Type
------------------- ------- ------ -----
Django              1.11.29 3.0.8  wheel
django-registration 2.5.2   3.1    wheel
Pillow              7.1.2   7.2.0  wheel
setuptools          45.2.0  49.2.0 wheel

This only gives any output for packages which are not the most recent. To see what is actually installed use

$ pip freeze
confusable-homoglyphs==3.2.0
Django==1.11.29
django-registration==2.5.2
docutils==0.16
Pillow==7.2.0
pytz==2020.1
Unidecode==1.1.1

To upgrade pip istelf, do $ pip install --upgrade pip

We will not need to update the django-registration until we move from django 2.2.15+ to 3.0.9+ which we may never do.

Current upgrade status is documented: here.