5 - Migration script needs to delete .scripts-version/move
6 it somwhere else, since it's deprecated
7 - Migration script needs to make an empty commit with the
8 user's changes that says "Initial migration", and then
10 - We need to figure out how much info Wizard will barf into
11 the commit message. Candidates:
13 o Wizard command line args
14 o Person running the command; use env SSH_GSSAPI_NAME
15 - Check how many autoinstalls are missing w bits for
16 daemon.scripts (this would need pyafs)
17 - Add repository flag to migrate so that we can specify an
18 arbitrary repository to migrate to
19 - Run parallel-find.pl
20 - Migrate all mediawikis
21 - Wordpress needs to have a .scripts/update script written for
23 - Wordpress needs to have .scripts dir in all -scripts versions
26 - Need to upgrade the installer scripts to work out of the
28 - Need an upgrade script OR
31 COMMIT MESSAGE FIELDS:
33 Installed-by: username@hostname # person who ran autoinstaller
34 Updated-by: username@hostname # person who upgraded an autoinstall
35 Migrated-by: username@hostname # person who migrated an autoinstall
36 Wizard-revision: abcdef1234567890 # revision of wizard used
37 Wizard-args: wizard foo bar baz # arguments passed to Wizard
41 - A perfectly formed autoinstall with upgrade paths for all of
42 the intervening versions is not really feasible to implement.
43 As such, we want to migrate everything to -scripts, and then
44 generate a -scripts2 with the correct .scripts directory.
45 We will then nop update some installs, but this will prevent
46 us from having to migrate and update concurrently. Treat
47 a scripts2 upgrade from migration the same way you would treat
48 a botched scripts upgrade.
50 - summary and info are still not using loggers. Maybe they should,
51 maybe they shouldn't. Using loggers means we lose interactivity
54 - Currently all repositories are initialized with --shared, which
55 means they have basically ~no space footprint. However, it
56 also means that /mit/scripts/wizard/srv MUST NOT lose revs.
58 - Full fledged logging options. Namely:
59 x all loggers (delay implementing this until we actually have debug stmts)
61 - debug => loglevel = DEBUG
63 - default is WARNING (see below for exception)
64 - verbose => loglevel = INFO
65 x file logger (only allowed for serial processing)
67 - log-file => loglevel = INFO
68 x database logger (necessary for parallel processing, not implemented)
70 - log-db => loglevel = INFO
72 - More on the database logger: it will be very simple with one
73 table named `logs` in SQLite, with columns: `job`, `level`,
74 `message`. Job identifies the subprocess/thread that emitted
75 the log, so things can be correlated together. We will then
76 have `wizard dump` which takes a database like this and dumps
77 it into a file logger type file. The database may also store
78 a queue like structure which can be used to coordinate jobs.
82 * Some parts of the infrastructure will not be touched, although I plan
83 on documenting them. Specifically, we will be keeping:
85 - parallel-find.pl, and the resulting
86 /mit/scripts/sec-tools/store/scriptslist
87 This script might need to be adapted if we decide to nuke
88 .scripts-version files.
90 - The current install scripts will be kept in place, sans changes
91 necessary to make them use Git install of copying the script over.
92 Porting these scripts to Python and making them modular would be
93 nice, but is priority. For the long term, seeing this scripts
94 be packaged with rest of our code would be optimal.
96 * The new procedure for generating an update is as follows:
97 (check out the mass-migration instructions for something in this spirit,
98 although uglier in some ways)
100 0. ssh into not-backward, temporarily give the daemon.scripts-security-upd
101 bits by blanching it on system:scripts-security-upd, and run parallel-find.pl
103 1. Have the Git repository and working copy for the project on hand.
105 2. Checkout the pristine branch
107 3. Remove all files from the working copy. Use `wipe-working-dir`
109 4. Download the new tarball
111 5. Extract the tarball over the working copy (`cp -R a/. b` works well,
112 remember that the working copy is empty)
114 6. Check for empty directories and add stub files as necessary.
115 Use `preserve-empty-dir`
117 7. Git add it all, and then commit as a new pristine version (v1.2.3)
119 8. Checkout the master branch
121 9. [FOR EXISTING REPOSITORIES]
122 Merge the pristine branch in. Resolve any conflicts that our
123 patches have with new changes. Do NOT let Git auto-commit it
124 with --no-commit (otherwise, you want to git commit --amend
125 to keep our history clean
127 [FOR NEW REPOSITORIES]
128 See if any patches are needed to make this run smoothly on
131 [FOR NEW REPOSITORIES]
133 echo "Deny from all" > .scripts/.htaccess
134 touch .scripts/update
135 chmod a+x .scripts/update
137 10. Check if there are any special update procedures, and update/create the
138 .scripts/update shell script as necessary (this means that any
139 application specific update logic will be kept with the actual
140 source code. The language of this update script will vary
141 depending on context.)
143 11. Commit your changes, and tag as v1.2.3-scripts (or scripts2, if
144 you are amending an install without an upstream changes)
146 12. Test the new update procedure using
147 `wizard upgrade --with=/path/to/repo /your/autoinstall` (this will
148 read out master as your "latest" version).
149 Use git commit --amend to fix any bugs (alternatively, squash them
152 13. You can also do a "mass" version of this using:
153 `wizard -d testbed.txt massupgrade --with=/path/to/repo app`
154 You'll need perms for any testbed stuff you want.
156 GET APPROVAL BEFORE PROCEEDING ANY FURTHER
158 NOTE: The following commands are to be run on not-backward.mit.edu.
159 You'll need to add daemon.scripts-security-upd to
160 scripts-security-upd to get bits to do this. Make sure you remove
161 these bits when you're done.
163 14. Run `wizard research appname`
164 which uses Git commands to check how many
165 working copies apply the change cleanly, and writes out a logfile
166 with the working copies that don't apply cleanly. It also tells
167 us about "corrupt" working copies.
169 15. Run `wizard massupgrade appname`, which applies the update to all working
170 copies possible, and sends mail to users to whom the working copy
171 did not apply cleanly. It also frobs .scripts-version for successful
172 upgrades (maybe not, depending on our plans).
174 16. Run parallel-find.pl to update our inventory
176 * For mass importing into the repository, the steps are:
177 (this probably won't ever be automated, becuase there are fiddly bits)
180 # let app-1.2.3 be the scripts folder originally in deploydev
181 # let this folder be srv/
182 # you can also do a git clone
187 unfurl app-1.2.3 app # [FIDDLY BIT]
188 # NOTE: contents of application are now in app directory
191 git commit -s -m "App 1.2.3"
194 # NOTE: you're still on master branch
195 # WARNING: the following operation might require -p1
196 patch -p0 < ../app-1.2.3/app-1.2.3.patch # [FIDDLY BIT]
197 # NOTE: please sanity check the patch!
199 # NOTE: -a flag is to handle if the patch deleted something
200 git commit -as -m "App 1.2.3-scripts"
201 git tag v1.2.3-scripts
204 # let this folder be srv/app.git
205 git checkout pristine
206 # NOTE: this preserves your .git folder, but removes everything
209 unfurl app-1.2.3 app # [FIDDLY BIT]
211 # NOTE: please sanity check app directory
213 # NOTE: -a is to take care of deletions
214 git commit -as -m "App 1.2.3"
216 [FIDDLE AROUND. FIDDLE AROUND]
217 [IF THE PATCH HAS CHANGED]
218 # You are on the pristine branch
219 # NOTE: Now, the tricky part (this is different from a real update)
220 git symbolic-ref HEAD refs/heads/master
221 # NOTE: Now, we think we're on the master branch, but we have
222 # pristine copy checked out
223 # NOTE: -p0 might need to be twiddled
224 patch -p0 < ../app-1.2.3/app-1.2.3.patch
226 # COMMENT: used to git checkout .scripts here
227 # then check if the directory needs an updated update script
228 # NOTE: Fake the merge
229 git rev-parse pristine > .git/MERGE_HEAD
230 [IF THE PATCH HASN'T CHANGED]
232 git merge --no-commit pristine
233 git commit -as -m "App 1.2.3-scripts"
234 git tag v1.2.3-scripts
237 * The repository for a given application will contain the following files:
239 - The actual application's files, as from the official tarball
241 - A .scripts directory, which contains the following information:
243 * .scripts/update shell script (with the +x bit set appropriately),
244 which performs the commands necessary to update a script. This can
247 * .scripts/.htaccess to prevent this directory from being accessed
250 * .scripts/database (generated) contains the database the
251 user installed the script to, so scripts-remove can clean it
253 XXX: Could cause problems if a user copies the autoinstall,
254 fiddles with the DB credentials, and then scripts-remove's
255 the autoinstall. Possible fix is to add the original
256 directory as a sanity check. Additionally, we could have
257 the application read out of this file.
259 * .scripts/version (generated) which contains the version
260 last autoinstalled (as distinct from the actual version
261 the script is) (This is the same as .scripts-version right
262 now; probably want to keep that for now)
264 XXX: It's unclear if we want to move to this wholesale, or
265 delay this indefinitely. quentin thinks that the Git
266 repository itself is a sufficient record.
268 * The migration process has been implemented, see 'wizard migrate'.
270 XXX: We have not decided what migration should do to .scripts-version;
271 if it does move it to .scripts, repositories should have a .gitignore
274 * The autoupgrade shall be the process of:
276 # Make the directory not accessible by the outside world (htaccess, but be careful!)
278 git commit -m 'automatically generated backup'
279 git pull origin master
280 if [ $? ne 0 ]; then git reset --hard; echo 'conflicts during upgrade'; fi
284 (with some more robust error checking, a proper dry run mechanism to, and
287 * All code that operates on an untrusted Git repository, or runs
288 executable code, should be done on NOT-BACKWARD.mit.edu. Pending
289 accounts confirmation, it will also get a principal
290 daemon.scripts-security-upd, which is what we'll actually put
291 in the scripts-security-upd group. parallel-find.pl should also
292 be run on not-backward, by virtue of its fat pipe to the AFS servers.
294 * Make 'wizard summary' generate nice pretty graphs of installs by date
295 (more histograms, will need to check actual .scripts-version files.)
297 * Update AFS patch to advertise its existence, so we can check for it