Navigation Menu

Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bridge: Migrate /var/lib/cockpit/machines.json to /etc #5963

Closed
wants to merge 3 commits into from
Closed

bridge: Migrate /var/lib/cockpit/machines.json to /etc #5963

wants to merge 3 commits into from

Conversation

martinpitt
Copy link
Member

On startup, migrate the old machines.json file in /var to the new canonical location /etc/cockpit/machines.d/99-webui.json, so that the entire configuration is in the one documented place. Much of the code tries to handle the (rather unlikely) case that both the old /var/lib/cockpit/machines.json and the new /etc/cockpit/machines.d/99-webui.json already exist; this could happen when upgrading to the new version, the initial migration fails due to some weird permissions error (directory not writable by root), and then the user adds some new hosts. This can never be made fully robust by nature, but the code tries to cope as well as possible. Maybe this is also overengineered and we should simply not support that case, not sure.

We still need to keep reading the file in /var for some time as there is no guarantee that the migration actually works.

The second commit documents the file format. You can see what the generated result looks like at http://piware.de/tmp/feature-machines.html, except that there is a light blue box missing around the example (I didn't want to spend too much time figuring out which CSS to put where).

@stefwalter
Copy link
Contributor

What is the goal of migrating? If the goal is documentation and discoverability, would just trying to create a symlink to /etc/cockpit/machines/95-migrated.json -> /var/lib/cockpit/machines.json accomplish the same purpose? Such a link could even be installed by newer bridge packages.

@stefwalter stefwalter added the question Further information is requested label Feb 27, 2017
@martinpitt
Copy link
Member Author

The goal is to have all the actual config files in the documented place, /etc/cockpit/machines.d/. We currently don't have a second GFileMonitor to watch for changes in /var (we could add that if necessary, though), but more importantly, an admin who backs up /etc/cockpit/ will miss half of their configuration. I was hoping that in a few releases we could actually drop the reading of the old file in /var/ (but that's of course a bit handwavy).

@martinpitt
Copy link
Member Author

I think we can combine the ideas to simplify this:

  • If we can move /var/lib/cockpit/machines.json to /etc/cockpit/machines.d/99-webui.json (i. e. the latter doesn't exist yet and the dir is writable), we continue to do so. This is the 99% case, and it will result in a "nice" and legacy free file layout. This also avoids having a file in /var which will never change again, and an ever-growing delta against that in 99-webui.json.

  • If moving the file fails because 99-webui.json already exists, just create a 95-migrated.json -> /var/lib/cockpit/machines.json symlink. This is already a small corner case, and as nothing writes the file in /var any more we can still get away without GFileMonitor'ing it. The code for this would be a lot simpler than the merging fallback here.

  • If both of the above fail because we can't create/write into /etc/cockpit/machines.d/, we have some options:

  1. Just print a g_warning() and give up -- we just don't support a non-writable /etc/cockpit/, we also need it for ws-certs.d/ and possibly other things. The user would lose the machines defined in /var.

  2. Similar to 1., but keep the additional reading of /var/lib/cockpit/machines.json for a few months (or e. g. until after RHEL 7.4 got released), until the migration should have run pretty much everywhere.

  3. Keep the additional reading of /var/lib/cockpit/machines.json for all eternity.

My gut feeling is that 2. is the right approach, this is what I was heading towards in this PR.

@stefwalter , opinions?

@martinpitt
Copy link
Member Author

If moving the file fails because 99-webui.json already exists, just create a 95-migrated.json -> /var/lib/cockpit/machines.json symlink.

Actually, I think it's better to move the file rather than symlinking:

  • it will then be more regular and backup systems will actually contain the file contents rather than just the link
  • we can then remove the file in /var, so that we don't read it twice (first directly from the backwards compat code path, and then again as part of machines.d/)
  • we can cleanly finish the transition by removing the file in /var, or roll back by not changing anything at all.

@martinpitt
Copy link
Member Author

Reworked like discussed above; this is simpler and more robust.

@martinpitt
Copy link
Member Author

I added another commit on top to fix the unit tests when /var/lib/cockpit/machines.json exists (what @stefwalter pointed out yesterday).

@martinpitt martinpitt removed the question Further information is requested label Feb 28, 2017
@martinpitt
Copy link
Member Author

@larskarlitski found out in the meeting that current master's dashboard doesn't work with the latest released bridge (error message about missing machines.Update() D-Bus function). I bumped the dependency now. During that I noticed that tools/min-base-version was broken and returned 0, due to the renaming of manifest.json to manifest.json.in. Fixed in this PR as well; let me know if you want a separate PR for the two topmost commits.

@martinpitt martinpitt force-pushed the machines-migration branch 2 times, most recently from 992f53d to 305781f Compare February 28, 2017 16:38
@martinpitt martinpitt mentioned this pull request Mar 1, 2017
Closed
stefwalter
stefwalter suggested changes Mar 1, 2017
View reviewed changes
src/bridge/cockpitdbusmachines.c Outdated
}
else /* different g_file_move() error than EXISTS */
{
g_warning ("migration of %s to %s failed: %s", var_path, etc_path, error->message);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this fail to EPERM or EACCESS? If so then this is not a g_warning() ... in fact we should probably just ignore that failure quietly.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In particular, the caller only checks if we can access the destination, and no check whether we can remove stuff from the source.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

At this point we already asserted g_access (machines_json_dir (), W_OK) (from the call below), so this could happen if /var/lib/cockpit/ isn't writable. So this really is a Should Not Happen™ situation, and if someone gets here they wedged up their system. So IMHO g_warning() is not too strong at all.

tools/min-base-version Outdated
@@ -28,14 +28,14 @@ from glob import glob
proj_dir = os.path.dirname(os.path.dirname(os.path.realpath(sys.argv[0])))

max_version = '0'
for manifest in glob(os.path.join(proj_dir, 'pkg/*/manifest.json')):
for manifest in glob(os.path.join(proj_dir, 'pkg/*/manifest.json.in')):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is probably a follow up but we cannot conflate all the "requires" here. Certain distros don't ship all the packages at the same time. We need to start doing these individually or manually curating these. Such a change could be a follow up.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right, let's handle that in a separate PR. Right now the dependency calculation is completely broken, so one way or another we need to fix this for 133.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tought about this in issue #5997, and I think I have a reasonably good solution for this (at least much better than what we have now). So I think this particular hunk could stay, but I'm happy to revert the bumping of the dependency in pkg/dashboard/manifest.json.in (i. e. remove the topmost commit here) in this PR, as it will not actually influence the dependency of -dashboard (that doesn't use the manifest dependencies, it's just hardcoded at "same version as -ws") and unecessarily bump the dependency of all "plugin" packages.

This should alleviate the dependency concerns but still keep the unbreaking of min-base-version.

@martinpitt
Copy link
Member Author

Re-pushed with dropping the depenency bump and g_warning() → g_message()` and fixing the writability test.

@martinpitt
bridge: Don't read /var/lib/cockpit/machines.json during unit tests
ee0958d 
Otherwise an existing /var/lib/cockpit/machines.json would fail the
tests.
@martinpitt
doc: Document machine JSON format
bf86859 
We moved machines.json into /etc and a directory because we want it to
be a public API. Don't document the "avatar" property for now, as it
does not really work right now.
@martinpitt
Copy link
Member Author

Rebased to adjust to changes from #5990 (dropping inject_extras()).

@martinpitt martinpitt added the release-blocker Targetted for next release label Mar 1, 2017
@martinpitt
Copy link
Member Author

Priority, this should be included in 133, otherwise the migration will be more complicated/less clean.

@martinpitt
bridge: Migrate /var/lib/cockpit/machines.json to /etc
7f891d9 
On startup, migrate the old machines.json file in /var to the new
canonical location /etc/cockpit/machines.d/99-webui.json, so that the
entire configuration is in the one documented place. If that already
exists (unlikely, but maybe a previous migration attempt failed and then
the user manually added a new machine), move it to 98-migrated.json
instead.

We still keep reading the file in /var for some time, to ensure the
migration has run for everyone.

Closes cockpit-project#5963
@martinpitt
Copy link
Member Author

Adjusted once again, older glib versions (debian-8/centos-7) have a different error message, which caused a mismatch in the expected journal messages. I made this more general now.

@stefwalter stefwalter closed this in eae85c6 Mar 1, 2017
@martinpitt martinpitt deleted the machines-migration branch March 1, 2017 21:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stefwalter stefwalter stefwalter approved these changes

Assignees
No one assigned
Labels
release-blocker Targetted for next release
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@martinpitt @stefwalter