----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: http://reviewboard-fedoraserver.rhcloud.com/r/219/ ----------------------------------------------------------- (Updated Sept. 19, 2015, 3:04 vorm.) Review request for RoleKit Mailing List, Miloslav Trmac, Nils Philippsen, Stephen Gallagher, and Thomas Woerner. Repository: rolekit Description ------- Use an internal implementation instead of calling sed to tweak configuration files. This has the neat side effect of overwriting the target file as the last step, side-stepping the need to copy over the backup file on errors. This change requires python3-slip >= 0.6.4 because in previous versions slip.util.files.overwrite_safely() doesn't preserve file ownership, and the postgresql configuration files need to be owned by the postgres user. https://github.com/libre-server/rolekit/issues/21 Diffs (updated) ----- config/roles/databaseserver/role.py 7443979ba7ff87ff6a018ac8a7a0a89e2b8ad6e7 rolekit.spec f3cf9f4b799909bc293f4e56eea78c71e7112e9c Diff: http://reviewboard-fedoraserver.rhcloud.com/r/219/diff/ Testing ------- Deployed `databaseserver` role, compared contents of `postgresql.conf`, `pg_hba.conf` with what the original sed commands produced. Thanks, Nils Philippsen

I don't like it very much myself ;), it's too unwieldy. It's basically a substitute for the functions of sed we used, you can match and `replace` or `append`, and optionally append at the end of the file if the regex never matched (for instance if future versions of the config file don't come with the matched directive so defaults get used). I thought about how to make this a bit more lean and easy to use so it's generally usable, but so far haven't come up with some concrete idea. The `global` option specifies that replacing/appending is done more than once, everytime the regex matches. Regex replacements are always done "globally" in a line. Yeah. I think this is a place where backslash continuation is acceptable, see: https://www.python.org/dev/peps/pep-0008/#maximum-line-length The `linkfile()` function is documented: slip.util.files.linkfile = linkfile(srcpath, dstpath) Hardlink srcpath to dstpath. Attempt to atomically replace dstpath if it exists. I think documentation about a function should be with the function, not where it's used. It's not a function to "scrub" a file containing secret data, if you mean that. It's just something to overwrite a file safely with new content: slip.util.files.overwrite_safely = overwrite_safely(path, content, preserve_mode=True, preserve_context=True, preserve_ownership=True) Safely overwrite a file by creating a temporary file in the same directory, writing it, moving it over the original file, eventually preserving file mode, SELinux context and ownership. - Nils ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: http://reviewboard-fedoraserver.rhcloud.com/r/219/#review535 ----------------------------------------------------------- On Sept. 19, 2015, 3:04 vorm., Nils Philippsen wrote:

I've renamed it to `_tweak_lines()` so nobody gets the wrong idea that they should use this elsewhere ;). - Nils ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: http://reviewboard-fedoraserver.rhcloud.com/r/219/#review535 ----------------------------------------------------------- On Sept. 23, 2015, 5:17 nachm., Nils Philippsen wrote:

----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: http://reviewboard-fedoraserver.rhcloud.com/r/219/#review540 ----------------------------------------------------------- config/roles/databaseserver/role.py (lines 385 - 389) <http://reviewboard-fedoraserver.rhcloud.com/r/219/#comment328> If the `__tweak_lines()` routine has failed here, should we also restore the earlier .rksave for postgresql.conf? The `decomission()` __should__ take care of it either way. It might be a separate bug, but if the first deployment fails partway through (such as with one file but not the other updated) and is not decommissioned before attempting to create another instance, it's possible that we could end up in a state where the deployment looks like it succeeded but the database won't be accessible because pg_hba.conf wasn't updated. I think we need to account for this possibility. (This was pretty much the original reasoning for bug #21) config/roles/databaseserver/role.py (line 386) <http://reviewboard-fedoraserver.rhcloud.com/r/219/#comment327> This comment is no longer valid. - Stephen Gallagher On Sept. 23, 2015, 3:17 p.m., Nils Philippsen wrote:

----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: http://reviewboard-fedoraserver.rhcloud.com/r/219/ ----------------------------------------------------------- (Updated Sept. 25, 2015, 12:32 nachm.) Review request for RoleKit Mailing List, Miloslav Trmac, Nils Philippsen, Stephen Gallagher, and Thomas Woerner. Repository: rolekit Description ------- Use an internal implementation instead of calling sed to tweak configuration files. This has the neat side effect of overwriting the target file as the last step, side-stepping the need to copy over the backup file on errors. This change requires python3-slip >= 0.6.4 because in previous versions slip.util.files.overwrite_safely() doesn't preserve file ownership, and the postgresql configuration files need to be owned by the postgres user. https://github.com/libre-server/rolekit/issues/21 Diffs (updated) ----- config/roles/databaseserver/role.py 7443979ba7ff87ff6a018ac8a7a0a89e2b8ad6e7 rolekit.spec f3cf9f4b799909bc293f4e56eea78c71e7112e9c Diff: http://reviewboard-fedoraserver.rhcloud.com/r/219/diff/ Testing ------- Deployed `databaseserver` role, compared contents of `postgresql.conf`, `pg_hba.conf` with what the original sed commands produced. Thanks, Nils Philippsen

----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: http://reviewboard-fedoraserver.rhcloud.com/r/219/ ----------------------------------------------------------- (Updated Sept. 25, 2015, 1:02 p.m.) Status ------ This change has been marked as submitted. Review request for RoleKit Mailing List, Miloslav Trmac, Nils Philippsen, Stephen Gallagher, and Thomas Woerner. Repository: rolekit Description ------- Use an internal implementation instead of calling sed to tweak configuration files. This has the neat side effect of overwriting the target file as the last step, side-stepping the need to copy over the backup file on errors. This change requires python3-slip >= 0.6.4 because in previous versions slip.util.files.overwrite_safely() doesn't preserve file ownership, and the postgresql configuration files need to be owned by the postgres user. https://github.com/libre-server/rolekit/issues/21 Diffs ----- config/roles/databaseserver/role.py 7443979ba7ff87ff6a018ac8a7a0a89e2b8ad6e7 rolekit.spec f3cf9f4b799909bc293f4e56eea78c71e7112e9c Diff: http://reviewboard-fedoraserver.rhcloud.com/r/219/diff/ Testing ------- Deployed `databaseserver` role, compared contents of `postgresql.conf`, `pg_hba.conf` with what the original sed commands produced. Thanks, Nils Philippsen