2014-03-06 23:01 GMT+01:00 Stephen Gallagher <sgallagh(a)redhat.com>:
> So, I'm leaning towards a design where fedora-server-$role
> a package for a /specific version/ of a role, but for /all past
> versions/. Therefore:
> * The user can always (yum update) a role package,
> non-interactively, without actually deploying an updated version of
> a role.
I'm really not sure what the mechanics of this would look like. Could
you go into some more detail here?
fedora-server-role-postgresql.rpm contains all of:
/usr/share/fedora-roles/postgresql/__init__.py # common metadata
/usr/share/fedora-roles/postgresql/1/role.py # implementation, major
/usr/share/fedora-roles/postgresql/2/role.py # implementation, major
/usr/share/fedora-roles/postgresql/3/role.py # implementation, major
Adding a major version would add a subdirectory / subclass, not remove any
of the previous ones. (Well, we would probably feel the pressure to remove
the very old ones so that we don't have to keep porting them to new Python
versions and the like.)
* "Minor" updates (no functionality loss, no human
> could happen automatically from a %post or %posttrans script.
I, for one, have been working hard these last weeks on eliminating
scripts from packages wherever possible. %post scripts make life very
difficult for things like virt-sysprep and the proposed Fedora Atomic
So %post vs. non-%post and automated vs. maual is a completely separate
discussion. We seem to be in agreement about actually making minor updates
automatically, are we?
Nevertheless... I don't think "%post is bad" approach makes sense. We can
have stateless storage of software (as opposed to configuration or data),
but *the computer* is not stateless!
Moving the scripts to auto-started systemd units still means that there are
scripts affecting state, only they are now harder to find and harder to
Also, the restriction to stateless storage of software is limiting and
leads to optimizing things the wrong way: we save time and complexity
during software installation ("only place a file in this directory") and
pay for it on every application start ("read all the files, resole
conflicts, build an in-memory index for speed") or in maintenance overhead
("don't forget to run update-cache-file or your changes won't be
visible"). Having an API
"add-this-information-to-the-system-wide-database" invoked during
installation would allow more validation checking, and maintaining the
information in a file format optimized for run-time efficiency.
* (fedora-role-deploy --upgrade) or something similar could be used
> in an interactive context (CLI / Cockpit) to actually perform a
> major update, with the above-mentioned ability of a role to perform
> a feasibility check, to ask for more information, or to confirm
> that the administrator can accept a downtime needed for
> non-trivial migration (asking interactively or using an updated
> deployment configuration file provided as input).
This would be nice-to-have, but until I see some more concrete
information about how one might handle this at the filesystem and
service level, I remain skeptical.
I'm not sure what information you are looking for; below is what I was
thinking of in more detail, though perhaps this is all trivial.
From the POV of the shared infrastructure:
# role_name = "postgresql"
role = System.get_role(role_name)
installed_version = role.installed_major_version
latest_version = role.latest_major_version
while installed_version < latest_version:
next_version = installed_version + 1
role_major = role.major_version[next_version]
role_major.upgrade(role, deployment_descriptor) # checking and
possible interaction happens here
except (UpgradeAborted, UpgradeFailed):
role.installed_major_version = next_version
installed_version = next_version
(i.e. we only need to support upgrades "one step at a time")
From the POV of the role implementation, the "upgrade"
method would be
driving all of this (assuming postgresql-$old_version and
postgresql-$new_version can be installed in parallel):
- (Optionally) verify consistency of the current installation
- (Optionally) verify features are supported in the new version
- (Optionally) ask the user for confirmation if migration has not been
pre-approved in the deployment descriptor
- Ensure that postgresql-$the_next_version is installed
- Tell postgresql-$old_version to start refusing write requests, or just
stop the postgresql-$old_version service altogether
- Migrate data; whether this is in-place or to a copy is up to the role
- Stop and disable postgresql-$old_version, start and enable
* fedora-server-$role could not depend on versions of the
> underlying packages that it supports; it would need to install them
> from fedora-role-deploy in the worst case. (In the common case,
> the user would ask for a $role comps group, and get both
> fedora-server-$role and the appropriate versions of the underlying
Mandating that packages are installed from fedora-role-deploy would
have serious negative repercussions on trying to do things in anaconda
For the anaconda %post case, the user would be expected to list an
appropriate comps group in %packages.