shell-etc icon indicating copy to clipboard operation
shell-etc copied to clipboard
verified publisher icon hashbang

!DO NOT MERGE! Stripped branch

Open lrvick opened this issue 8 years ago • 10 comments

Goal here is to remove apt-made changes and apt-controlled files and only preserve files where we have deviated from package defalts. This is a pre-step towards phasing out use of etckeeper.

Top post hijacked by Ryan to clear up some information

Currently, #! uses a software called etckeeper to manage commits and other information. However, as of right now (2017-08-14) all files are managed, even the files we don't make changes to. Eventually, this commit needs to be moved into hashbang/shell-server and the following changes to that repo need to happen:

  • [ ] Automate the deployment of the config
    • In systems already managed in this style (or pristine systems)
    • In systems that need to be migrated from the current etckeeper-based system
  • [ ] Include this configuration in admin-tools Either as a directory, or as a submodule (as we do for roles)

This is achievable (for testing) by setting up a VM, pointing Ansible to the VM, and then making sure that the changes are deployed. Once that is done, a shell server must be duplicated and Ansible pointed to the shell server. If the configs have the same (with some mild adjustments) values, then it can be pointed to the live machines and run there.

Afterwards, a new PR needs to be created after deploying works to apply the following changes:

  • [ ] Data files (in this branch, under data/) need to be converted to YAML Ansible can read JSON files, but that's not consistent with what we do in admin-tools
  • [ ] Files should be converted to templates where any values (domain, external configuration, etc.) will be pulled in.

This branch was generated by a script

lrvick avatar Jun 15 '17 10:06 lrvick

virtualbox.profile is probably not ours.

You can git history on the files and see if there were any human changes...

On Thu, Jun 15, 2017 at 7:13 PM, Ryan [email protected] wrote:

@RyanSquared commented on this pull request.

In firejail/virtualbox.profile https://github.com/hashbang/shell-etc/pull/175#discussion_r122351688:

@@ -0,0 +1,22 @@ +# virtualbox profile

The files in firejail I believe are by our custom design. If not, I'll remove them myself; however, I do believe we did push changes to them.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/hashbang/shell-etc/pull/175#discussion_r122351688, or mute the thread https://github.com/notifications/unsubscribe-auth/AAEOUHOAyFo0wZ1CQBNMnvah-pt3jsznks5sEeTYgaJpZM4N7Cob .

-- Lance R. Vick

Cell - 650.686.8819 IRC - [email protected] Website - http://lrvick.net PGP Key - http://lrvick.net/0x36C8AAA9.asc

lrvick avatar Jun 16 '17 03:06 lrvick

virtualbox.profile is probably not ours.

Actually by the looks of it, we have some #! specific VirtualBox config (despite not having virtualbox installed by the looks of it).

RyanSquared avatar Jun 17 '17 02:06 RyanSquared

A way to detect what files have changed in firejail/ that were by us at least once:

find firejail -type f | sort | grep -vf \
  <(for line in $(cat log | grep -E '\-+ 'a/firejail/ | awk '{ print $2 }'); \
  do echo ${line#a/}; done | sort)

EDIT: Another note:

21:47 <~Ryan> mayli: after trying for pretty much forever to find changes in /etc/firejail that weren't just apt, I've come to the the conclusion that 1. I suck at command line string magic, and 2. pretty much every file has had a non-apt commit. 21:47 <~Ryan> which, at this point, I'm quite sure all files in firejail contain stuff that isn't Debian specific 21:48 <~Ryan> (most of it probably from upstream)

RyanSquared avatar Jun 17 '17 02:06 RyanSquared

Status update on this branch?

daurnimator avatar Sep 17 '17 05:09 daurnimator

Waiting on a review from @lrvick for whether the configuration looks decent, then a few steps need to happen for this branch:

  • [x] ~~Data files (in this branch, under data/) need to be converted to YAML~~ ~~Ansible can read JSON files, but that's not consistent with what we do in admin-tools~~ The templates belong in a separate PR
  • [ ] Automate the deployment of the config
    • In systems already managed in this style (or pristine systems)
    • In systems that need to be migrated from the current etckeeper-based system
  • [ ] Include this configuration in admin-tools Either as a directory, or as a submodule (as we do for roles)

RyanSquared avatar Sep 17 '17 14:09 RyanSquared

Removed @RyanSquared and my comments, clarified the current list of blockers.

KellerFuchs avatar Sep 19 '17 00:09 KellerFuchs

Data files (in this branch, under data/) need to be converted to YAML

That's a nice to have. No need for it to be a blocker. Though it shouldn't be hard... my system has a json2yaml command line tool installed that should do the conversion easily enough?

daurnimator avatar Sep 19 '17 01:09 daurnimator

@daurnimator Oh, I should have updated that after the discussion on IRC. I convinced @RyanSquared that the templating shouldn't be a blocker for now, and if I'm well enough I will update this PR (and the script that generates the “cleaned up” history) tomorrow.

KellerFuchs avatar Sep 19 '17 02:09 KellerFuchs

So.... what's current status?

daurnimator avatar Feb 15 '18 02:02 daurnimator

Right now, we have a branch for hashbang/shell-server here which we need to make work with templates. Unfortunately, the templates have gone missing - I have no clue where they are, and the branch they used to exist on (stripped-stow of shell-etc) seems to be deleted. They can just be copied over from shell-etc into a new repo and then added as a submodule to shell-server under the folder templates.

RyanSquared avatar Feb 15 '18 15:02 RyanSquared