TODO NOW:
-- Something needs to be done if disk quota is exceeded:
- - Catch the OSError and throw a domain-specific error
- so massmigrate can deal gracefully
- - Perform an added memory calculation, check this against
- remaining quotai, and bail out if it's within some
- percentage of their remaining quota
- - Checks should also be performed against the partition
- X with the new --shared flag this may not be necessary
- as repos weighs less than 200K
-- Should write to a "processed" file to make resuming with
- unexpected failure faster (possibly should be database if
- parallelized).
-- Figure out how to make su'ing work in Python. Probably os.setuid
- and some forks. IPC is a bitch.
-- Make version directory also work with a location (with no
- colon) format; this will make making fake "testbed" directories
- easier to do. Also let it accept a file, instead of a directory.
+- We have safe, non-braindead
+ version detection with `git describe --tags`. Switch
+ everything to use it. (I think the only thing left is
+ parallel-find.pl)
+- wizard.util is pretty braindead at this point. Fix up
+ the wildly varying conventions in it.
+- Move migration code into Wizard, since we already deal
+ with installation there anyway.
+
+- Better error message if daemon/scripts-security-upd
+ is not on scripts-security-upd list
+
+- Fix retarded logging mechanism
+
+- The great initial deploy:
+ - Turn on mediawiki new autoinstaller
+ - Migrate all mediawiki installs
+
+Doing Wordpress:
+- Build automation for generating config files; this automation
+ will be shared with the migrate script and the installer script
+ (migrate script needs to be able to pull out values from config
+ file, so will we; installer script needs to be able to run
+ the installer to generate config files, so will this)
+- This should all be automated:
+ - Wordpress needs to have .scripts dir in all -scripts versions
+ (also make .scripts/.htaccess)
+ - Wordpress needs to have a .scripts/update script written for
+ its latest version (do this after its migration)
+ - Wordpress needs to check for php.ini files (which it almost
+ certianly has) and commit messages
+ - Wordpress needs user config and php.ini links made
+
+- Summary script should be more machine friendly, and should not
+ output summary charts when I increase specificity
+- Summary script needs to be updated for new format
+
+Some other stuff to do in your copious free time:
- Check how many autoinstalls are missing w bits for
- daemon.scripts
-- Run parallel-find.pl
-- Migrate all mediawikis
-- Wordpress needs to have a .scripts/update script written for
- its latest version
+ daemon.scripts (this would need pyafs)
+- Make scripts AFS patch advertise its existence so we can check for it.
+ (This might be otherwise possible using `fs sysname`
+- Implement proper deploy log parsing; this basically means we
+ need to be able to introspect Git Log. Consider using git-python
+ for this.
+- Make 'wizard summary' generate nice pretty graphs of installs by date
+ (more histograms, will need to check actual .scripts-version files.)
-NOTES:
+PULLING OUT CONFIGURATION FILES IN AN AUTOMATED MANNER
+
+advancedpoll: Template file to fill out
+django: Noodles of template files
+gallery2: Multistage install process
+joomla: Template file
+mediawiki: One-step install process
+phpbb: Multistage install process
+phpical: Template file
+trac: NFC
+turbogears: NFC
+wordpress: Multistage install process
+
+PHILOSOPHY ABOUT LOGGING
+
+Logging is most useful when performing a mass run. This
+includes things such as mass-migration as well as when running
+summary reports. An interesting property about mass-migration
+or mass-upgrade, however, is that if they fail, they are
+idempotent, so an individual case can be debugged simply running
+the single-install equivalent with --debug on. (This, indeed,
+may be easier to do than sifting through a logfile).
+
+It is a different story when you are running a summary report:
+you are primarily bound by your AFS cache and how quickly you can
+iterate through all of the autoinstalls. Checking if a file
+exists on a cold AFS cache may
+take several minutes to perform; on a hot cache the same report
+may take a mere 3 seconds. When you get to more computationally
+expensive calculations, however, even having a hot AFS cache
+is not enough to cut down your runtime.
+
+There are certain calculations that someone may want to be
+able to perform on manipulated data. As such, this data should
+be cached on disk, if the process for extracting this data takes
+a long time. Also, for usability sake, Wizard should generate
+the common case reports.
+
+Ensuring that machine parseable reports are made, and then making
+the machinery to reframe this data, increases complexity. Therefore,
+the recommendation is to assume that if you need to run iteratively,
+you'll have a hot AFS cache at your fingerprints, and if that's not
+fast enough, then cache the data.
+
+COMMIT MESSAGE FIELDS:
+
+Installed-by: username@hostname
+Pre-commit-by: Real Name <username@mit.edu>
+Upgraded-by: Real Name <username@mit.edu>
+Migrated-by: Real Name <username@mit.edu>
+Wizard-revision: abcdef1234567890
+Wizard-args: /wizard/bin/wizard foo bar baz
+
+GIT COMMIT FIELDS:
+
+Committer: Real Name <username@mit.edu>
+Author: lockername locker <lockername@scripts.mit.edu>
-- A perfectly formed autoinstall with upgrade paths for all of
- the intervening versions is not really feasible to implement.
- As such, we want to migrate everything to -scripts, and then
- generate a -scripts2 with the correct .scripts directory.
- We will then nop update some installs, but this will prevent
- us from having to migrate and update concurrently. Treat
- a scripts2 upgrade from migration the same way you would treat
- a botched scripts upgrade.
+NOTES:
-- summary and info are still not using loggers. Maybe they should,
- maybe they shouldn't. Using loggers means we lose interactivity
- with the Git output
+- It is not expected or required for update scripts to exist for all
+ intervening versions that were present pre-migration; only for it
+ to work on the most recent migration.
- Currently all repositories are initialized with --shared, which
means they have basically ~no space footprint. However, it
also means that /mit/scripts/wizard/srv MUST NOT lose revs.
+- Full fledged logging options. Namely:
+ x all loggers (delay implementing this until we actually have debug stmts)
+ - default is WARNING
+ - debug => loglevel = DEBUG
+ x stdout logger
+ - default is WARNING (see below for exception)
+ - verbose => loglevel = INFO
+ x file logger (only allowed for serial processing)
+ - default is OFF
+ - log-file => loglevel = INFO
+ x database logger (necessary for parallel processing, not implemented)
+ - default is OFF
+ - log-db => loglevel = INFO
+
+- More on the database logger: it will be very simple with one
+ table named `logs` in SQLite, with columns: `job`, `level`,
+ `message`. Job identifies the subprocess/thread that emitted
+ the log, so things can be correlated together. We will then
+ have `wizard dump` which takes a database like this and dumps
+ it into a file logger type file. The database may also store
+ a queue like structure which can be used to coordinate jobs.
+
OVERALL PLAN:
* Some parts of the infrastructure will not be touched, although I plan
on documenting them. Specifically, we will be keeping:
- parallel-find.pl, and the resulting
- /mit/scripts/sec-tools/store/scriptslist
- This script might need to be adapted if we decide to nuke
- .scripts-version files.
-
- - The current install scripts will be kept in place, sans changes
- necessary to make them use Git install of copying the script over.
- Porting these scripts to Python and making them modular would be
- nice, but is priority. For the long term, seeing this scripts
- be packaged with rest of our code would be optimal.
+ /mit/scripts/.htaccess/scripts/sec-tools/store/scriptslist
* The new procedure for generating an update is as follows:
(check out the mass-migration instructions for something in this spirit,
- although uglier in some ways)
+ although uglier in some ways; A indicates the step /should/ be automated.)
0. ssh into not-backward, temporarily give the daemon.scripts-security-upd
bits by blanching it on system:scripts-security-upd, and run parallel-find.pl
- 1. Have the Git repository and working copy for the project on hand.
+A 1. Have the Git repository and working copy for the project on hand.
- 2. Checkout the pristine branch
+A 2. Checkout the pristine branch
- 3. Remove all files from the working copy. Use `wipe-working-dir`
+A 3. Remove all files from the working copy. Use `wipe-working-dir`
- 4. Download the new tarball
+A 4. Download the new tarball
- 5. Extract the tarball over the working copy (`cp -R a/. b` works well,
- remember that the working copy is empty)
+A 5. Extract the tarball over the working copy (`cp -R a/. b` works well,
+ remember that the working copy is empty; this needs some intelligent
+ input)
- 6. Check for empty directories and add stub files as necessary.
+A 6. Check for empty directories and add stub files as necessary.
Use `preserve-empty-dir`
- 7. Git add it all, and then commit as a new pristine version (v1.2.3)
+A 7. Git add it all, and then commit as a new pristine version (v1.2.3)
- 8. Checkout the master branch
+A 8. Checkout the master branch
9. [FOR EXISTING REPOSITORIES]
Merge the pristine branch in. Resolve any conflicts that our
scripts.
[FOR NEW REPOSITORIES]
- mkdir .scripts
- echo "Deny from all" > .scripts/.htaccess
+A mkdir .scripts
+A echo "Deny from all" > .scripts/.htaccess
touch .scripts/update
chmod a+x .scripts/update
11. Commit your changes, and tag as v1.2.3-scripts (or scripts2, if
you are amending an install without an upstream changes)
+ NOTE: These steps should be run on a scripts server
+
12. Test the new update procedure using
`wizard upgrade --with=/path/to/repo /your/autoinstall` (this will
read out master as your "latest" version).
13. You can also do a "mass" version of this using:
`wizard -d testbed.txt massupgrade --with=/path/to/repo app`
- You'll need perms for any testbed stuff you want.
+ You'll need perms for any testbed stuff you want. (not implemented)
GET APPROVAL BEFORE PROCEEDING ANY FURTHER
which uses Git commands to check how many
working copies apply the change cleanly, and writes out a logfile
with the working copies that don't apply cleanly. It also tells
- us about "corrupt" working copies.
+ us about "corrupt" working copies, i.e. working copies that
+ have over a certain threshold of changes.
15. Run `wizard massupgrade appname`, which applies the update to all working
copies possible, and sends mail to users to whom the working copy
- did not apply cleanly. It also frobs .scripts-version for successful
- upgrades (maybe not, depending on our plans).
+ did not apply cleanly.
16. Run parallel-find.pl to update our inventory
git commit -as -m "App 1.2.3-scripts"
git tag v1.2.3-scripts
-
* The repository for a given application will contain the following files:
- The actual application's files, as from the official tarball
* .scripts/update shell script (with the +x bit set appropriately),
which performs the commands necessary to update a script. This can
- be in any language.
+ be in any language. (XXX: This is going to get removed soon)
* .scripts/.htaccess to prevent this directory from being accessed
from the web.
- * .scripts/database (generated) contains the database the
- user installed the script to, so scripts-remove can clean it
-
- XXX: Could cause problems if a user copies the autoinstall,
- fiddles with the DB credentials, and then scripts-remove's
- the autoinstall. Possible fix is to add the original
- directory as a sanity check. Additionally, we could have
- the application read out of this file.
+ * .scripts/old-version (optional) the old value of .scripts-version,
+ basically used for reverting an install to pre-migrated state.
- * .scripts/version (generated) which contains the version
- last autoinstalled (as distinct from the actual version
- the script is) (This is the same as .scripts-version right
- now; probably want to keep that for now)
+ * .scripts/lock (generated) which locks the autoinstall during an upgrade
- XXX: It's unclear if we want to move to this wholesale, or
- delay this indefinitely. quentin thinks that the Git
- repository itself is a sufficient record.
-* The migration process has been implemented, see 'wizard migrate'.
-
- XXX: We have not decided what migration should do to .scripts-version;
- if it does move it to .scripts, repositories should have a .gitignore
- in those directories
-
-* The autoupgrade shall be the process of:
-
- # Make the directory not accessible by the outside world (htaccess, but be careful!)
- git add -u .
- git commit -m 'automatically generated backup'
- git pull origin master
- if [ $? ne 0 ]; then git reset --hard; echo 'conflicts during upgrade'; fi
- ./.scripts/update
- # Make it accessible
-
- (with some more robust error checking, a proper dry run mechanism to, and
- lots of su'ing)
-
-* All code that operates on an untrusted Git repository, or runs
- executable code, should be done on NOT-BACKWARD.mit.edu. Pending
- accounts confirmation, it will also get a principal
- daemon.scripts-security-upd, which is what we'll actually put
- in the scripts-security-upd group. parallel-find.pl should also
- be run on not-backward, by virtue of its fat pipe to the AFS servers.
-
-* Make 'wizard summary' generate nice pretty graphs of installs by date
- (more histograms, will need to check actual .scripts-version files.)