The Git Autoinstaller TODO NOW: - Update docs to note that .scripts-version is kept in its original place - Make sure we're not generating .scripts/version - Fix MediaWiki 1.11.0 Setup.php (we incorrectly applied the scripts patch when it was actually not in this version) --- we need to figure out the sequencer NOW. - Genericize callAsUser and drop_priviledges in shell - Remove "already migrated" cruft that will accumulate if we do small --limit and then increase. - .git to .git.bak semantics are not actually helpful (if we run with force a bunch of times, we won't notice that we nuked a .git directory) - Make sure to generate reports about what errored and what had warnings. Same goes for our output - Change from using hashes to using numbers corresponding to when we processed them (padded to 7 width) and make sure we sort listdir the versions directory. - Allow to migrate just one user - Make sure MediaWiki upgrade script gives correct exit code if it fails. - Custom merge algo: absolute php.ini symlinks to relative symlinks - Custom merge algo: re-constitute AdminSettings.php if missing. It looks like this is the case for most 1.5.8 installs (check what the merges do in both directions). All 1.11.0 installs except four have the other (check diff -u with all in /root) - Further reduce logging by making sh.call() debug? - Make git tell us about unversioned files in info (this will have a lot of noise) - Make parallel-find.pl use `sudo -u username git describe --tags` to determine version. Make parallel-find.pl have this have greater precedence. - Make the installer use 'wizard install' /or/ do a migration after doing a normal install (the latter makes it easier for mass-rollbacks). - Better error message if daemon/scripts-security-upd is not on scripts-security-upd list - The great initial deploy: - Turn on mediawiki new autoinstaller - Migrate all mediawiki installs - Build research scripts, determine if a re-migration is necessary - Make upgrade and install take version as a parameter - Redo Wordpress conversion, with an eye for automating everything possible (such as downloading the tarball and unpacking) - Summary script should be more machine friendly, and should not output summary charts when I increase specificity Some other stuff to do in your copious free time: - Summary script should do something intelligent when distinguishing between old-style and new-style installs - Check how many autoinstalls are missing w bits for daemon.scripts (this would need pyafs) - Make scripts AFS patch advertise its existence so we can check for it. (This might be otherwise possible using `fs sysname`) - Make 'wizard summary' generate nice pretty graphs of installs by date (more histograms, will need to check actual .scripts-version files.) - It should be able to handle installs like Django where there's a component that gets installed in web_scripts and another directory that gets installed in Scripts. PULLING OUT CONFIGURATION FILES IN AN AUTOMATED MANNER advancedpoll: Template file to fill out django: Noodles of template files gallery2: Multistage install process joomla: Template file mediawiki: One-step install process phpbb: Multistage install process phpical: Template file trac: NFC turbogears: NFC wordpress: Multistage install process PHILOSOPHY ABOUT LOGGING Logging is most useful when performing a mass run. This includes things such as mass-migration as well as when running summary reports. An interesting property about mass-migration or mass-upgrade, however, is that if they fail, they are idempotent, so an individual case can be debugged simply running the single-install equivalent with --debug on. (This, indeed, may be easier to do than sifting through a logfile). It is a different story when you are running a summary report: you are primarily bound by your AFS cache and how quickly you can iterate through all of the autoinstalls. Checking if a file exists on a cold AFS cache may take several minutes to perform; on a hot cache the same report may take a mere 3 seconds. When you get to more computationally expensive calculations, however, even having a hot AFS cache is not enough to cut down your runtime. There are certain calculations that someone may want to be able to perform on manipulated data. As such, this data should be cached on disk, if the process for extracting this data takes a long time. Also, for usability sake, Wizard should generate the common case reports. Ensuring that machine parseable reports are made, and then making the machinery to reframe this data, increases complexity. Therefore, the recommendation is to assume that if you need to run iteratively, you'll have a hot AFS cache at your fingerprints, and if that's not fast enough, then cache the data. COMMIT MESSAGE FIELDS: Installed-by: username@hostname Pre-commit-by: Real Name Upgraded-by: Real Name Migrated-by: Real Name Wizard-revision: abcdef1234567890 Wizard-args: /wizard/bin/wizard foo bar baz GIT COMMIT FIELDS: Committer: Real Name Author: lockername locker NOTES: - It is not expected or required for update scripts to exist for all intervening versions that were present pre-migration; only for it to work on the most recent migration. - Currently all repositories are initialized with --shared, which means they have basically ~no space footprint. However, it also means that /mit/scripts/wizard/srv MUST NOT lose revs after deployment. - Full fledged logging options. Namely: x all loggers (delay implementing this until we actually have debug stmts) - default is WARNING - debug => loglevel = DEBUG x stdout logger - default is WARNING (see below for exception) - verbose => loglevel = INFO x file logger (creates a dir and lots of little logfiles) - default is OFF - log-file => loglevel = INFO OVERALL PLAN: * Some parts of the infrastructure will not be touched, although I plan on documenting them. Specifically, we will be keeping: - parallel-find.pl, and the resulting /mit/scripts/.htaccess/scripts/sec-tools/store/scriptslist * The new procedure for generating an update is as follows: (check out the mass-migration instructions for something in this spirit, although uglier in some ways; A indicates the step /should/ be automated) 0. ssh into not-backward, temporarily give the daemon.scripts-security-upd bits by blanching it on system:scripts-security-upd, and run parallel-find.pl 1. Have the Git repository and working copy for the project on hand. /- wizard prepare-pristine -- A 2. Checkout the pristine branch A 3. Remove all files from the working copy. Use `wipe-working-dir` A 4. Download the new tarball A 5. Extract the tarball over the working copy (`cp -R a/. b` works well, remember that the working copy is empty; this needs some intelligent input) A 6. Check for empty directories and add stub files as necessary. Use `preserve-empty-dir` \--- 7. Git add it all, and then commit as a new pristine version (v1.2.3) 8. Checkout the master branch 9. [FOR EXISTING REPOSITORIES] Merge the pristine branch in. Resolve any conflicts that our patches have with new changes. Do NOT let Git auto-commit it with --no-commit (otherwise, you want to git commit --amend to keep our history clean [FOR NEW REPOSITORIES] Check if any patches are needed to make the application work on Scripts (ideally, it shouldn't. /- wizard prepare-new -- A mkdir .scripts A echo "Deny from all" > .scripts/.htaccess \--- 10. Check if there are any special update procedures, and update the wizard.app.APPNAME module accordingly (or create it, if need be). 11. Run 'wizard prepare-config' on a scripts server while in a checkout of this newest version. This will prepare a new version of the configuration file based on the application's latest installer. Manually merge back in any custom changes we may have made. Check if any of the regular expressions need tweaking by inspecting the configuration files for user-specific gunk, and modify wizard.app.APPNAME accordingly. 12. Commit your changes, and tag as v1.2.3-scripts (or scripts2, if you are amending an install without an upstream changes) NOTE: These steps should be run on a scripts server 13. Test the new update procedure using our test scripts. See integration tests for more information on how to do this. http://scripts.mit.edu/wizard/testing.html#acceptance-tests GET APPROVAL BEFORE PROCEEDING ANY FURTHER NOTE: The following commands are to be run on not-backward.mit.edu. You'll need to add daemon.scripts-security-upd to scripts-security-upd to get bits to do this. Make sure you remove these bits when you're done. A 14. Run `wizard research appname` which uses Git commands to check how many working copies apply the change cleanly, and writes out a logfile with the working copies that don't apply cleanly. It also tells us about "corrupt" working copies, i.e. working copies that have over a certain threshold of changes. A 15. Run `wizard mass-upgrade appname`, which applies the update to all working copies possible, and sends mail to users to whom the working copy did not apply cleanly. 16. Run parallel-find.pl to update our inventory * For mass importing into the repository, there are a few extra things: * Many applications had patches associated with them. Be sure to apply them, so later merges work better. # the following operation might require -p1 patch -p0 < ../app-1.2.3/app-1.2.3.patch # [FIDDLY BIT] * When running updates, if the patch has changed you will have to do a special procedure for your merge: git checkout pristine # NOTE: Now, the tricky part (this is different from a real update) git symbolic-ref HEAD refs/heads/master # NOTE: Now, we think we're on the master branch, but we have # pristine copy checked out # NOTE: -p0 might need to be twiddled patch -p0 < ../app-1.2.3/app-1.2.3.patch git add . # reconstitute .scripts directory git checkout v1.2.2-scripts -- .scripts git add .scripts # NOTE: Fake the merge git rev-parse pristine > .git/MERGE_HEAD You could also just try your luck with a manual merge using the patch as your guide. * The repository for a given application will contain the following files: - The actual application's files, as from the official tarball - A .scripts directory, which contains the following information: * .scripts/.htaccess to prevent this directory from being accessed from the web. * .scripts/old-version (optional) the old value of .scripts-version, basically used for reverting an install to pre-migrated state. * .scripts/lock (generated) which locks the autoinstall during an upgrade * .scripts/version (deprecated)