import sys import distutils.version import os import shutil import logging.handlers import tempfile import itertools import time from wizard import app, command, deploy, scripts, shell, util kib_buffer = 1024 * 30 # 30 MiB we will always leave available errno_blacklisted = 64 def main(argv, baton): options, args = parse_args(argv, baton) if args: dir = args[0] else: dir = "." shell.drop_priviledges(dir, options.log_file) util.set_git_env() upgrade = Upgrade(options) upgrade.execute(dir) if not options.non_interactive: print "Upgrade complete" class Upgrade(object): """ Represents the algorithm for upgrading an application. This is in a class and not a function because it's a multi-step process that requires state betweens steps. Steps are represented as methods in this object. """ #: Version of application we are upgrading to, i.e. the latest version. version = None # XXX: This is a string... I'm not convinced it should be #: String commit ID of the user's latest wc; i.e. "ours" user_commit = None #: String commit ID of the latest, greatest scripts version; i.e. "theirs" next_commit = None #: The temporary directory that the system gave us; may stay as ``None`` #: if we don't ever make ourselves a temporary directory (e.g. ``--continue``). #: While we should clean this up if it is set to something, it may #: not correspond to anything useful. temp_dir = None #: The temporary directory containing our working copy for merging temp_wc_dir = None #: We place the temporary repositories inside a tmpfs while merging; #: this makes merges not disk-bound and affords a modest speed increase. #: If you are running ``--continue``, this is guaranteed to be ``False``. use_shm = None #: Upstream repository to use. This does not need to be saved. repo = None #: Instance of :class:`wizard.deploy.WorkingCopy` for this upgrade wc = None #: Instance of :class:`wizard.deploy.ProductionCopy` for this upgrade prod = None #: Options object that the installer was called with options = None def __init__(self, options): self.version = None self.user_commit = None self.next_commit = None self.temp_dir = None self.temp_wc_dir = None self.use_shm = False # False until proven otherwise. self.wc = None self.prod = None self.options = options def execute(self, dir): """ Executes an upgrade. This is the entry-point. """ with util.ChangeDirectory(dir): try: if self.options.continue_: logging.info("Continuing upgrade...") self.resume() else: logging.info("Upgrading %s" % os.getcwd()) self.preflight() self.merge() self.postflight() # Till now, all of our operations were in a tmp sandbox. if self.options.dry_run: logging.info("Dry run, bailing. See results at %s" % self.temp_wc_dir) return backup = self.backup() self.upgrade(backup) finally: if self.use_shm and self.temp_dir and os.path.exists(self.temp_dir): shutil.rmtree(self.temp_dir) def resume(self): """ In the event of a ``--continue`` flag, we have to restore state and perform some sanity checks. """ self.resumeState() self.resumeLogging() util.chdir(shell.eval("git", "config", "remote.origin.url")) self.resumeProd() def resumeState(self): self.temp_wc_dir = os.getcwd() self.wc = deploy.WorkingCopy(".") self.user_commit, self.next_commit = open(".git/WIZARD_PARENTS", "r").read().split() self.version = open(".git/WIZARD_UPGRADE_VERSION", "r").read() def resumeLogging(self): options = self.options if not options.log_file and os.path.exists(".git/WIZARD_LOG_FILE"): options.log_file = open(".git/WIZARD_LOG_FILE", "r").read() command.setup_file_logger(options.log_file, options.debug) def resumeProd(self): """Restore :attr:`prod` attribute, and check if the production copy has drifted.""" self.prod = deploy.ProductionCopy(".") try: shell.call("git", "status") raise LocalChangesError() except shell.CallError: pass def preflight(self): """ Make sure that a number of pre-upgrade invariants are met before attempting anything. """ options = self.options self.prod = deploy.ProductionCopy(".") self.repo = self.prod.application.repository(options.srv_path) # XXX: put this in Application self.version = shell.eval("git", "--git-dir="+self.repo, "describe", "--tags", "master") self.preflightBlacklist() self.prod.verify() self.prod.verifyTag(options.srv_path) self.prod.verifyGit(options.srv_path) self.prod.verifyConfigured() shell.call("git", "fetch", "--tags") # XXX: hack since some installs have stale tags self.prod.verifyVersion() self.prod.verifyWeb() self.preflightAlreadyUpgraded() self.preflightQuota() def preflightBlacklist(self): if os.path.exists(".scripts/blacklisted"): reason = open(".scripts/blacklisted").read() # ignore blank blacklisted files if reason: print reason raise BlacklistedError(reason) else: logging.warning("Application was blacklisted, but no reason was found"); def preflightAlreadyUpgraded(self): if self.version == self.prod.app_version.scripts_tag and not self.options.force: # don't log this error; we need to have the traceback line # so that the parsing code can catch it # XXX: maybe we should build this in as a flag to add # to exceptions w/ our exception handler sys.stderr.write("Traceback:\n (n/a)\nAlreadyUpgraded\n") sys.exit(1) def preflightQuota(self): kib_usage, kib_limit = scripts.get_quota_usage_and_limit() if kib_limit is not None and (kib_limit - kib_usage) < kib_buffer: raise QuotaTooLow def merge(self): if not self.options.dry_run: self.mergePreCommit() self.mergeClone() logging.debug("Temporary WC dir is %s", self.temp_wc_dir) with util.ChangeDirectory(self.temp_wc_dir): self.wc = deploy.WorkingCopy(".") shell.call("git", "remote", "add", "scripts", self.repo) shell.call("git", "fetch", "-q", "scripts") self.user_commit = shell.eval("git", "rev-parse", "HEAD") self.next_commit = shell.eval("git", "rev-parse", self.version) self.mergeSaveState() self.mergePerform() def mergePreCommit(self): message = "Pre-commit of %s locker before autoinstall upgrade.\n\n%s" % (util.get_dir_owner(), util.get_git_footer()) try: message += "\nPre-commit-by: " + util.get_operator_git() except util.NoOperatorInfo: pass try: shell.call("git", "commit", "-a", "-m", message) except shell.CallError: logging.info("No changes detected") def mergeClone(self): # If /dev/shm exists, it's a tmpfs and we can use it # to do a fast git merge. Don't forget to move it to # /tmp if it fails. if not self.options.dry_run and not self.options.debug: self.use_shm = os.path.exists("/dev/shm") if self.use_shm: dir = "/dev/shm/wizard" if not os.path.exists(dir): os.mkdir(dir) # XXX: race os.chmod(dir, 0o777) else: dir = None self.temp_dir = tempfile.mkdtemp(prefix="wizard", dir=dir) self.temp_wc_dir = os.path.join(self.temp_dir, "repo") logging.info("Using temporary directory: " + self.temp_wc_dir) shell.call("git", "clone", "-q", "--shared", ".", self.temp_wc_dir) def mergeSaveState(self): """Save variables so that ``--continue`` will work.""" # yeah yeah no trailing newline whatever open(".git/WIZARD_UPGRADE_VERSION", "w").write(self.version) open(".git/WIZARD_PARENTS", "w").write("%s\n%s" % (self.user_commit, self.next_commit)) open(".git/WIZARD_SIZE", "w").write(str(scripts.get_disk_usage())) if self.options.log_file: open(".git/WIZARD_LOG_FILE", "w").write(self.options.log_file) def mergePerform(self): def make_virtual_commit(rev, parents = []): """ Takes a revision and generates a "virtual" commit with user-specific variables instantiated for a smooth, easy merge. .. warning:: Changes the state of the working copy. """ shell.call("git", "checkout", "-q", rev, "--") self.wc.parametrize(self.prod) for file in self.wc.application.parametrized_files: try: shell.call("git", "add", "--", file) except shell.CallError: pass virtual_tree = shell.eval("git", "write-tree", log=True) parent_args = itertools.chain(*(["-p", p] for p in parents)) virtual_commit = shell.eval("git", "commit-tree", virtual_tree, *parent_args, input="", log=True) shell.call("git", "reset", "--hard") return virtual_commit user_tree = shell.eval("git", "rev-parse", "HEAD^{tree}") base_virtual_commit = make_virtual_commit(self.wc.app_version.scripts_tag) next_virtual_commit = make_virtual_commit(self.version, [base_virtual_commit]) user_virtual_commit = shell.eval("git", "commit-tree", user_tree, "-p", base_virtual_commit, input="", log=True) shell.call("git", "checkout", user_virtual_commit, "--") self.wc.prepareMerge() try: shell.call("git", "commit", "--amend", "-a", "-m", "amendment") except shell.CallError as e: pass shell.call("git", "config", "merge.conflictstyle", "diff3") try: shell.call("git", "merge", next_virtual_commit) except shell.CallError as e: logging.info("Merge failed with these messages:\n\n" + e.stderr) # Run the application's specific merge resolution algorithms # and see if we can salvage it if self.wc.resolveConflicts(): logging.info("Resolved conflicts with application specific knowledge") shell.call("git", "commit", "-a", "-m", "merge") return files = set() for line in shell.eval("git", "ls-files", "--unmerged").splitlines(): files.add(line.split(None, 3)[-1]) conflicts = len(files) # XXX: this is kind of fiddly; note that temp_dir still points at the OLD # location after this code. self.temp_wc_dir = mv_shm_to_tmp(os.getcwd(), self.use_shm) self.wc.location = self.temp_wc_dir os.chdir(self.temp_wc_dir) open(os.path.join(self.prod.location, ".scripts/pending"), "w").write(self.temp_wc_dir) if self.options.non_interactive: print "%d %s" % (conflicts, self.temp_wc_dir) raise MergeFailed else: user_shell = os.getenv("SHELL") if not user_shell: user_shell = "/bin/bash" # XXX: scripts specific hack, since mbash doesn't respect the current working directory # When the revolution comes (i.e. $ATHENA_HOMEDIR/Scripts is your Scripts home # directory) this isn't strictly necessary, but we'll probably need to support # web_scripts directories ad infinitum. if user_shell == "/usr/local/bin/mbash": user_shell = "/bin/bash" while 1: print print "ERROR: The merge failed with %d conflicts in these files:" % conflicts print for file in sorted(files): print " * %s" % file print print "Please resolve these conflicts (edit and then `git add`), and" print "then type 'exit'. You will now be dropped into a shell whose working" print "directory is %s" % self.temp_wc_dir shell.call(user_shell, "-i", interactive=True) if shell.eval("git", "ls-files", "--unmerged").strip(): print print "WARNING: There are still unmerged files." out = raw_input("Continue editing? [y/N]: ") if out == "y" or out == "Y": continue else: print "Aborting. The conflicted working copy can be found at:" print print " %s" % self.temp_wc_dir print print "and you can resume the upgrade process by running in that directory:" print print " wizard upgrade --continue" sys.exit(1) break def postflight(self): with util.ChangeDirectory(self.temp_wc_dir): try: shell.call("git", "status") except shell.CallError: pass else: shell.call("git", "commit", "--allow-empty", "-am", "throw-away commit") message = self.postflightCommitMessage() new_tree = shell.eval("git", "rev-parse", "HEAD^{tree}") final_commit = shell.eval("git", "commit-tree", new_tree, "-p", self.user_commit, "-p", self.next_commit, input=message, log=True) # a master branch may not necessarily exist if the user # was manually installed to an earlier version try: shell.call("git", "checkout", "-q", "-b", "master", "--") except shell.CallError: shell.call("git", "checkout", "-q", "master", "--") shell.call("git", "reset", "-q", "--hard", final_commit) # This is a quick sanity check to make sure we didn't completely # mess up the merge self.wc.invalidateCache() self.wc.verifyVersion() def postflightCommitMessage(self): message = "Upgraded autoinstall in %s to %s.\n\n%s" % (util.get_dir_owner(), self.version, util.get_git_footer()) try: message += "\nUpgraded-by: " + util.get_operator_git() except util.NoOperatorInfo: pass return message def backup(self): # Ok, now we have to do a crazy complicated dance to see if we're # going to have enough quota to finish what we need pre_size = int(open(os.path.join(self.temp_wc_dir, ".git/WIZARD_SIZE"), "r").read()) post_size = scripts.get_disk_usage(self.temp_wc_dir) backup = self.prod.backup(self.options) kib_usage, kib_limit = scripts.get_quota_usage_and_limit() if kib_limit is not None and (kib_limit - kib_usage) - (post_size - pre_size) / 1024 < kib_buffer: shutil.rmtree(os.path.join(".scripts/backups", shell.eval("wizard", "restore").splitlines()[0])) raise QuotaTooLow return backup def upgrade(self, backup): # XXX: frob .htaccess to make site inaccessible with util.IgnoreKeyboardInterrupts(): with util.LockDirectory(".scripts-upgrade-lock"): shell.call("git", "fetch", "--tags") # git merge (which performs a fast forward) shell.call("git", "pull", "-q", self.temp_wc_dir, "master") version_obj = distutils.version.LooseVersion(self.version.partition('-')[2]) try: # run update script self.prod.upgrade(version_obj, self.options) self.prod.verifyWeb() except app.UpgradeFailure: logging.warning("Upgrade failed: rolling back") self.upgradeRollback(backup) raise except deploy.WebVerificationError as e: logging.warning("Web verification failed: rolling back") self.upgradeRollback(backup) raise app.UpgradeVerificationFailure() # XXX: frob .htaccess to make site accessible # to do this, check if .htaccess changed, first. Upgrade # process might have frobbed it. Don't be # particularly worried if the segment disappeared def upgradeRollback(self, backup): # You don't want d.restore() because it doesn't perform # the file level backup shell.call("wizard", "restore", backup) try: self.prod.verifyWeb() except deploy.WebVerificationError: logging.critical("Web verification failed after rollback") # utility functions def mv_shm_to_tmp(curdir, use_shm): if not use_shm: return curdir # Keeping all of our autoinstalls in shared memory is # a recipe for disaster, so let's move them to slightly # less volatile storage (a temporary directory) os.chdir(tempfile.gettempdir()) newdir = tempfile.mkdtemp(prefix="wizard") # shutil, not os; at least on Ubuntu os.move fails # with "[Errno 18] Invalid cross-device link" shutil.move(curdir, newdir) shutil.rmtree(os.path.dirname(curdir)) curdir = os.path.join(newdir, "repo") return curdir def parse_args(argv, baton): usage = """usage: %prog upgrade [ARGS] [DIR] Upgrades an autoinstall to the latest version. This involves updating files and running .scripts/update. If the merge fails, this program will write the number of conflicts and the directory of the conflicted working tree to stdout, separated by a space.""" parser = command.WizardOptionParser(usage) parser.add_option("--dry-run", dest="dry_run", action="store_true", default=False, help="Prints would would be run without changing anything") # notice trailing underscore parser.add_option("--continue", dest="continue_", action="store_true", default=False, help="Continues an upgrade that has had its merge manually " "resolved using the current working directory as the resolved copy.") parser.add_option("--force", dest="force", action="store_true", default=False, help="Force running upgrade even if it's already at latest version.") parser.add_option("--non-interactive", dest="non_interactive", action="store_true", default=False, help="Don't drop to shell in event of conflict.") baton.push(parser, "srv_path") options, args = parser.parse_all(argv) if len(args) > 1: parser.error("too many arguments") return options, args class Error(command.Error): """Base exception for all exceptions raised by upgrade""" pass class QuotaTooLow(Error): def __str__(self): return """ ERROR: The locker quota was too low to complete the autoinstall upgrade. """ class AlreadyUpgraded(Error): quiet = True def __str__(self): return """ ERROR: This autoinstall is already at the latest version.""" class MergeFailed(Error): quiet = True def __str__(self): return """ ERROR: Merge failed. Above is the temporary directory that the conflicted merge is in: resolve the merge by cd'ing to the temporary directory, finding conflicted files with `git status`, resolving the files, adding them using `git add` and then running `wizard upgrade --continue`.""" class LocalChangesError(Error): def __str__(self): return """ ERROR: Local changes occurred in the install while the merge was being processed so that a pull would not result in a fast-forward. The best way to resolve this is probably to attempt an upgrade again, with git rerere to remember merge resolutions (XXX: not sure if this actually works).""" class BlacklistedError(Error): #: Reason why the autoinstall was blacklisted reason = None exitcode = errno_blacklisted def __init__(self, reason): self.reason = reason def __str__(self): return """ ERROR: This autoinstall was manually blacklisted against errors; if the user has not been notified of this, please send them mail. The reason was: %s""" % self.reason