TODO NOW:
-- Implement "group" filtering using blanche for limited rollouts.
-
-- Remove "already migrated" cruft that will accumulate if we do small
- --limit and then increase.
-- Allow to migrate just one user (user filtering of installs, also
- has userland capabilities, although it means we need some way of
- selectively publishing the versions directory--likely a suid
- executable that reads it would be the best way here)
-
-- Make parallel-find.pl use `sudo -u username git describe --tags`
- to determine version. Make parallel-find.pl have this have greater
- precedence. This also means, however, that we get
- full mediawiki-1.2.3-2-abcdef names (Have patch, pending testing and commit)
-- Make deployed installer use 'wizard install' /or/ do a migration
- after doing a normal install (the latter makes it easier
- for mass-rollbacks).
-
-- Better error message if daemon/scripts-security-upd
- is not on scripts-security-upd list
-
-- Custom merge algo: absolute php.ini symlinks to relative symlinks
-- Custom merge algo: re-constitute AdminSettings.php if missing. It looks
- like this is the case for most 1.5.8 installs (check what the merges
- do in both directions). All 1.11.0 installs except four have
- the other (check diff -u with all in /root)
+- Make wizard install accept appname-head (so that you can do a test with
+ head, and do things without tags). Also make it accept commit hashes.
+ In fact, let it accept any committish. Figure out what to do if we
+ do a test script with x.y.z when we REALLY mean x.y.z-scripts. XXX!!!
+- Do early validation of inputs for configuration
+- Let 'wizard configure' be interactive
+- Parse output HTML for class="error" and give those errors back to the user,
+ then boot them back into configure
+
+- Replace gaierror with a more descriptive name (this is a DNS error)
+
+- Pre-emptively check if daemon/scripts-security-upd
+ is not on scripts-security-upd list (/mit/moira/bin/blanche)
- Redo Wordpress conversion, with an eye for automating everything
possible (such as downloading the tarball and unpacking)
-- Genericize callAsUser and drop_priviledges in shell
-- Summary script should be more machine friendly, and should not
- output summary charts when I increase specificity
-
-Some other stuff to do in your copious free time:
-- Summary script should do something intelligent when distinguishing
- between old-style and new-style installs
-- Check how many autoinstalls are missing w bits for
- daemon.scripts (this would need pyafs)
-- Make scripts AFS patch advertise its existence so we can check for it.
- (This might be otherwise possible using `fs sysname`)
-- Make 'wizard summary' generate nice pretty graphs of installs by date
- (more histograms, will need to check actual .scripts-version files.)
-- It should be able to handle installs like Django where there's a component
- that gets installed in web_scripts and another directory that gets installed
- in Scripts.
+- Web application for installing autoinstalls has a hard problem
+ with credentials (as well as installations that are not conducted
+ on an Athena machine.) Possible solutions include asking the user
+ to SSH into an athena machine and run a bunch of commands, or writing
+ a Java applet (possibly in Clojure or Scala) which gets filesystem
+ permissions and then performs the operations.
+
+- Pay back code debt
+ - Genericize callAsUser and drop_priviledges in shell
+ - Summary script should be more machine friendly, and should not
+ output summary charts when I increase specificity
+ - Summary script should do something intelligent when distinguishing
+ between old-style and new-style installs
+ - Report code in wizard/command/__init__.py is ugly as sin. Also,
+ the Report object should operate at a higher level of abstraction
+ so we don't have to manually increment fails. (in fact, that should
+ probably be called something different). The by-percent errors should
+ also be automated.
+ - Move resolutions in mediawiki.py to a text file? (the parsing overhead
+ may not be worth it)
+ - If a process is C-ced, it can result in a upgrade that has
+ an updated filesystem but not updated database. Make this more
+ resilient
+ - PHP end of file allows omitted semicolon, can result in parse error
+ if merge resolutions aren't careful. `php -l` can be a quick stopgap
+
+- Other stuff
+ - Make single user mass-migrate work when not logged in as root
+ - Don't use the scripts heuristics unless we're on scripts with the
+ AFS patch. Check with `fs sysname`
+ - Make 'wizard summary' generate nice pretty graphs of installs by date
+ (more histograms, will need to check actual .scripts-version files.)
+ - It should be able to handle installs like Django where there's a component
+ that gets installed in web_scripts and another directory that gets installed
+ in Scripts.
+ - ACLs is a starting point for sending mail to users, but it has
+ several failure modes:
+ - Old maintainers who don't care who are still on the ACL
+ - Private AFS groups that aren't mailing lists and that we
+ can't get to
+ A question is whether or not sending mail actually helps us:
+ many users will probably have to come back to us for help; many
+ other users won't care.
PULLING OUT CONFIGURATION FILES IN AN AUTOMATED MANNER
turbogears: NFC
wordpress: Multistage install process
-PHILOSOPHY ABOUT LOGGING
-
-Logging is most useful when performing a mass run. This
-includes things such as mass-migration as well as when running
-summary reports. An interesting property about mass-migration
-or mass-upgrade, however, is that if they fail, they are
-idempotent, so an individual case can be debugged simply running
-the single-install equivalent with --debug on. (This, indeed,
-may be easier to do than sifting through a logfile).
-
-It is a different story when you are running a summary report:
-you are primarily bound by your AFS cache and how quickly you can
-iterate through all of the autoinstalls. Checking if a file
-exists on a cold AFS cache may
-take several minutes to perform; on a hot cache the same report
-may take a mere 3 seconds. When you get to more computationally
-expensive calculations, however, even having a hot AFS cache
-is not enough to cut down your runtime.
-
-There are certain calculations that someone may want to be
-able to perform on manipulated data. As such, this data should
-be cached on disk, if the process for extracting this data takes
-a long time. Also, for usability sake, Wizard should generate
-the common case reports.
-
-Ensuring that machine parseable reports are made, and then making
-the machinery to reframe this data, increases complexity. Therefore,
-the recommendation is to assume that if you need to run iteratively,
-you'll have a hot AFS cache at your fingerprints, and if that's not
-fast enough, then cache the data.
-
COMMIT MESSAGE FIELDS:
Installed-by: username@hostname
NOTES:
-- It is not expected or required for update scripts to exist for all
+- It is not required nor expected for update scripts to exist for all
intervening versions that were present pre-migration; only for it
to work on the most recent migration.
also means that /mit/scripts/wizard/srv MUST NOT lose revs after
deployment.
-- Full fledged logging options. Namely:
- x all loggers (delay implementing this until we actually have debug stmts)
- - default is WARNING
- - debug => loglevel = DEBUG
- x stdout logger
- - default is WARNING (see below for exception)
- - verbose => loglevel = INFO
- x file logger (creates a dir and lots of little logfiles)
- - default is OFF
- - log-file => loglevel = INFO
-
OVERALL PLAN:
* Some parts of the infrastructure will not be touched, although I plan
1. Have the Git repository and working copy for the project on hand.
-/- wizard prepare-pristine --
-
-A 2. Checkout the pristine branch
-
-A 3. Remove all files from the working copy. Use `wipe-working-dir`
-
-A 4. Download the new tarball
-
-A 5. Extract the tarball over the working copy (`cp -R a/. b` works well,
- remember that the working copy is empty; this needs some intelligent
- input)
-
-A 6. Check for empty directories and add stub files as necessary.
- Use `preserve-empty-dir`
+ 2. Checkout the pristine branch
-\---
+ 3. Run wizard `prepare-pristine APP-VERSION`
- 7. Git add it all, and then commit as a new pristine version (v1.2.3)
+ X. Commit, with name "Appname x.y.z"
- 8. Checkout the master branch
+ 4. Checkout the master branch
- 9. [FOR EXISTING REPOSITORIES]
- Merge the pristine branch in. Resolve any conflicts that our
+ 5. Merge the pristine branch in. Resolve any conflicts that our
patches have with new changes. Do NOT let Git auto-commit it
with --no-commit (otherwise, you want to git commit --amend
to keep our history clean
- [FOR NEW REPOSITORIES]
- Check if any patches are needed to make the application work
- on Scripts (ideally, it shouldn't.
+ X. Commit, with name "Appname x.y.z-scripts". This is going to be
+ amended.
-/- wizard prepare-new --
-
- Currently not used for anything besides parallel-find.pl, but
- we reserve the right to place files in here in the future.
-
-A mkdir .scripts
-A echo "Deny from all" > .scripts/.htaccess
-
-\---
-
- 10. Check if there are any special update procedures, and update
- the wizard.app.APPNAME module accordingly (or create it, if
- need be).
-
- 11. Run 'wizard prepare-config' on a scripts server while in a checkout
+ 6. Run 'wizard prepare-config' on a scripts server while in a checkout
of this newest version. This will prepare a new version of the
configuration file based on the application's latest installer.
Manually merge back in any custom changes we may have made.
Check if any of the regular expressions need tweaking by inspecting
the configuration files for user-specific gunk, and modify
- wizard.app.APPNAME accordingly.
-
- 12. Commit your changes, and tag as v1.2.3-scripts (or scripts2, if
- you are amending an install without an upstream changes)
+ wizard.app.APPNAME accordingly. Commit with --amend, and
+ propagate back to your local copy (git reset --hard HEAD~; git pull afs).
- NOTE: These steps should be run on a scripts server
+ [ENTER HERE FROM CREATING A NEW REPO]
- 13. Test the new update procedure using our test scripts. See integration
- tests for more information on how to do this.
+ 7. Check if there are any special update procedures, and update
+ the wizard.app.APPNAME module accordingly. If this is the first
+ time you are performing an upgrade, implement upgrade() in your
+ Application class. (XXX: extended instructions here). Test
+ the new update procedure using our test scripts (preferably
+ on a scripts server). Check this page for more info on our
+ integration tests:
http://scripts.mit.edu/wizard/testing.html#acceptance-tests
- GET APPROVAL BEFORE PROCEEDING ANY FURTHER
+ 8. If you have any further changes, git commit --amend, and finally
+ tag as v1.2.3-scripts (or scripts2, if you are amending an install
+ without an upstream changes)
+
+ 9. Push all of your changes in a public place, and encourage others
+ to test, using --srv-path and a full path.
+
+ GET APPROVAL BEFORE PROCEEDING ANY FURTHER;
+ THIS IS PUSHING THE CHANGES TO THE PUBLIC
NOTE: The following commands are to be run on not-backward.mit.edu.
You'll need to add daemon.scripts-security-upd to
scripts-security-upd to get bits to do this. Make sure you remove
these bits when you're done.
-A 14. Run `wizard research appname`
+ 10. Run `wizard research appname`
which uses Git commands to check how many
working copies apply the change cleanly, and writes out a logfile
with the working copies that don't apply cleanly. It also tells
us about "corrupt" working copies, i.e. working copies that
have over a certain threshold of changes.
-A 15. Run `wizard mass-upgrade appname`, which applies the update to all working
- copies possible, and sends mail to users to whom the working copy
- did not apply cleanly.
+ 11. Run `wizard mass-upgrade appname`, which applies the update to all working
+ copies possible.
- 16. Run parallel-find.pl to update our inventory
+ 12. Run parallel-find.pl to update our inventory
* For mass importing into the repository, there are a few extra things:
- A .scripts directory, with the intent of holding Scripts specific files
if they become necessary.
- * .scripts/lock (generated) which locks an autoinstall during upgrade
+* Making the module files for a new application
+
+ 1. Create a wizard/app/APPNAME.py file. Create an object Application
+ inheriting from wizard.app.Application (check existing modules for
+ the boilerplate code).
+
+ 2. Implement download(). "wizard prepare-pristine" will use this in order
+ to download the next version of an application.
+
+ 3. Create a git repository with `git init`
+
+ 4. Use `wizard prepare-pristine APP-VERSION` to download the tarball and
+ extract it into the directory. If download() doesn't work and you don't
+ want to special case it (for example, you need a /really old version/
+ for record-keeping purposes), replace APP-VERSION with PATH, where PATH
+ is the tarball to extract.
+
+ 5. `git commit -asm "APP VERSION"`
+
+ 6. Check if any patches are needed to make the application work
+ on Scripts (ideally, it shouldn't.) Pre-existing patches
+ live in /mit/scripts/deploy/APP-VERSION/ directories.
+
+ 7. Run `wizard prepare-new` to setup common filesets for our repositories.
+
+ 8. If you are running a PHP script, there is usually a php.ini file
+ that we package. You can see previous instances of this patch
+ at /mit/scripts/deploy/php.ini/ as well as in the repositories
+ of any already migrated scripts. We hope to make these changes
+ unnecessary once PHP 5.3 arrives.
+
+ 9. Do an initial commit (we're gonna be amending the hell of this)
+ using `git commit -asm "APP VERSION-scripts"
+
+ 10. Implement install(). Test using `wizard install APP`; you won't
+ be able to do a version-specific install with `wizard install APP-VERSION`
+ until you generate a tag (which will become out of date once you
+ amend the commit.) Now might be a good time to create a
+ tests/test-install-APP.sh file (use the other tests as reference) so
+ you don't have to constantly enter the parameters when you're doing
+ an install.
+
+ 11. Push your changes to a directory accessible in the production environment.
+ In the case of scripts, this is equivalent to your AFS homedir, and
+ the production environment is a scripts.mit.edu. We're going to
+ perform a configuration in the production environment to extract
+ out the canonical configuration files.
+
+ 12. On the production server, call your wizard to perform an installation;
+ be sure to use the option --no-commit in order to make propagating changes
+ back easier. Inspect the generated configuration files (you can use `git
+ status` to find unversioned files that the installer created), and
+ implement:
+ - extractors
+ - substitutions
+ These are dictionaries of functions that perform extraction
+ and substitution of variables from config files. You don't
+ actually have to hand code them; you can app.make_extractors
+ and app.make_substitutions on a common dictionary. Check
+ out wizard/app/__init__.py for more information on this
+ format, as well as other files for samples.
+ (XXX: extended instructions here)
+ - parametrized_files
+ These are any files that contain WIZARD_* variables
+ - checkConfig()
+ This is a simple, fs based check on whether or not the application
+ was configured. Usually checking if some generated config file
+ is present is sufficient
+ - detectVersion()
+ You might be able to reuse machinery from extractors (namely, whatever
+ function you were using to generate regular expressions), or you might
+ need to code a custom regular expression to parse this out.
+ - deprecated_keys?
+ Usually you won't need this; use it if there's a configuration variable
+ that needs to get parametrized, but isn't actually necessary and
+ gets obsoleted in a later version. You probably won't know if that's
+ the case until later.
+
+ 13. With these implemented, `wizard prepare-config` should now work if you run
+ it on the installed copy. The configuration file should now contain only
+ generic WIZARD_* variables, and no user-specific config. If it is, your
+ script was buggy; try again.
+
+ 14. The current changes in the working copy should be merged in. Add any new
+ files, and then `git commit --amend`. `git push --force` to stick these
+ changes back in the "public" repository.
+
+ 15. In your local copy, you can pull the changes by doing `git reset --hard HEAD~`
+ and then a `git pull` from the relevant source. Otherwise, Git will complain
+ about a non-fast-forward.
+
+ 16. Congratulations! You've implemented the installation code for a new install.
+ Now goto "ENTER HERE FROM CREATING A NEW REPO" and finish the rest of the
+ instructions.
scripts.mit.edu / wizard.git / blobdiff