Aiki Robust Update System

From Aikiframework wiki

(Redirected from Auto-Updating)

Jump to: navigation, search

This is an old proposal that got partial implementation. Actually, we now have a complete upgrader upgrad process now

Aiki will have auto-updating. This is documentation of how it should work.

Update Interface

The update interface should be added to the Aiki administrator interface. There should be options to:

check for update on-demand
revert back to the last/previous installation
automatically check for update after admin login

Logic/Decision Tree

Yes, check for available update
|\_Yes update exists and minimum requirements are satisfied
|  |\_Yes user wants update
|  |  |\_Yes download update
|  |  |  |\_Validate download
|  |  |  |   \_Yes download is valid
|  |  |  |     |\_Extract download
|  |  |  |     |   \_Apply backup/update scripts
|  |  |  |     |      \_Yes, backup succeeded
|  |  |  |     |        |\_Yes, able to preserve config
|  |  |  |     |        |  |\_Yes, update success
|  |  |  |     |        |  |  |\_Show update status
|  |  |  |     |        |  |  |   \_Refresh page
|  |  |  |     |        |  |  No, update failed
|  |  |  |     |        |  |   \_Revert to previous backup
|  |  |  |     |        |  |      \_Show update status
|  |  |  |     |        |  |         \_Refresh page
|  |  |  |     |        |  No, unable to preserve config
|  |  |  |     |        |   \_Prompt user to overwrite config
|  |  |  |     |        |     |\_Yes, overwrite config and return to apply update portion of scripts
|  |  |  |     |        |     No, show instructions for manually updating config
|  |  |  |     |        |      \_Prompt user to proceed with update
|  |  |  |     |        |        |\_Yes, return to apply backup/update scripts
|  |  |  |     |        |        No, skip update
|  |  |  |     |        |         \_Remove download and extracted files
|  |  |  |     |        |            \_Show update status
|  |  |  |     |        No, backup failed
|  |  |  |     |         \_Restore previous backup if exists
|  |  |  |     |            \_Prompt user to proceed with update
|  |  |  |     |              |\_Yes, return to apply update portion of scripts
|  |  |  |     |              No, Skip update
|  |  |  |     |               \_Remove download, extracted and failed backup files
|  |  |  |     |                  \_Show update status
|  |  |  |     No, download is not valid
|  |  |  |      \_Retry download
|  |  |  |        |\_Yes, return to download update
|  |  |  |        No, reached retry limit
|  |  |  |         \_Skip update
|  |  |  |            \_Remove download
|  |  |  |               \_Show update status
|  |  |  No, download failed
|  |  |   \_Retry download
|  |  |     |\_Yes, return to download update
|  |  |     No, reached retry limit
|  |  |      \_Skip update
|  |  |         \_Show update status 
|  |  No, user does not want to update
|  |   \_Skip update
|  |      \_Show update status
|  No update exists or failed to meet minimum requirements
|   \_Show update status
No, revert to previous backup
 \_Yes, revert successful
   |\_Show update status
   |   \_Refresh page
   No, revert failed
    \_Show update status

Checking for Update

Aiki should have a remote host with a simple text file that contains the latest stable release version and the minimum requirements. The URL may be http://aikiframework.org/files/update. This text file may contain contents such as:

aiki 0.8.22.855
php 5.1
mysql 4.0
apache 2.0

Update Configuration

Aiki should attempt to preserve site configuration. Try to preserve existing config.php and .htaccess files, if unable to update otherwise prompt the user.

There should be config items related to update:

String Update directory such as update - Directory that stores the backup/update scripts
String Update backup directory such as backup - Directory that stores the backup files used to revert
String Update URL such as http://aikiframework.org/files/update - URL with update information
String Update download path such as http://aikiframework.org/files/ - URL to the update package excluding file name
String Update download prefix such as aiki-src- - First part of the update package file name excluding version and extension
String Update download extension such as .zip - Last part of the update package file name indicating file format
Boolean Update check automatically - After admin login, check for update
Integer Update download retry - Retry to download or validate download this number of times if failed

There should be constants related to update:

Boolean Update overwrite config - Whether or not this update involves changes to the aiki_config table, config.php or .htaccess

Backup and Reverting

Aiki should have a directory to store files/tables that will be updated. Reverting should restore these files/tables to their original location. There should only be one level/depth of backup/reverting. Aiki should attempt to backup the entire existing installation every time before an update.

Minimum Requirements for Update

Aiki should define minimum requirements for an update such as:

PHP-5.2
MySQL-4.0
Apache-2.0
suPHP-0.6.3

Development Notes

Related Source Changes

renamed src/aiki.php to src/bootstrap.php and src/libs/core.php to src/libs/aiki.php
added Aiki database session save handler as opposed to the default PHP file handler
added Aiki sessions table to src/sql/CreateTables.sql
added Aiki Exception class
added log exception method to the log utility
added autoconf feature to --enable-update which is disabled by default
added autoconf variables for setting directories related to update
added optional update dialog to the admin interface
added basic ground-work and partial implementation of classes related to update system
added makefile for captcha

Parts of the Aiki update system implementation are mostly complete and working:

Admin Interface Update Dialog
Check for Update
Check Minimum Requirements are Met
Download Update Package
Validate Update Package
Decompress Update Package
Backup Existing Aiki Installed Files and Database

Here are the commands I use to install and test:

./autogen.sh \
  && cd build \
  && DB_SUPER_USER_PASS=password \
  DB_PASS=aiki \
  AIKI_LOG_LEVEL=debug \
  AIKI_SAVE_DIR=save \
  ../configure \
           --prefix=/usr \
       --sysconfdir=/etc \
    --localstatedir=/var \
    --enable-update \
  && make distall \
  && make install-mysql-user \
  && sudo cp -a aiki-[0-9].[0-9].[0-9][0-9] /var/www/html/aiki \
  && sudo chmod 0755 /var/www/html/aiki \
  && sudo mkdir -vp -m 0700 /var/log/aiki \
  && sudo chown steven /var/log/aiki \
  && firefox http://localhost/aiki/ &

The parts of the update system that are NOT working or partially implemented:

Backup->restore Methods for FileBackup and DatabaseBackup
Updater Classes
1. The Updater should use the Upgrade object
2. FileUpdater should contain the specifics of updating the Aiki files
3. DatabaseUpdater should contain the specifics of updating the Aiki database
Updates Class
1. This should contain ALL of the version specific methods for updater (example: public function _0_8_24_871($args))
Upgrade Classes
1. ConfigUpgrade should contain the specifics of a configuration upgrade (config.php aiki_config table)
2. SiteUpgrade should contain the specifics of a Aiki site/app upgrade (example: /assets or /admin)
3. CoreUpgrade should contain the specifics of a everything that is NOT a site or config upgrade, but Aiki core

Direction

The current direction the update system is taking to overcome the write privilege issue is depending on suPHP which is a Apache module PHP handler that enables the PHP script process to run as the owner of the script. It is my understanding that Wordpress uses a similar method (or Fast CGI) as well for their updater. This means that for the Aiki update system to work, suPHP must be installed and configured properly. Otherwise the updater will fail gracefully, letting the users know they do not meet the requirements. The Aiki update system supports the run-time type of installation package. The Aiki update system will not support the 'sudo make install' type installation as the owner of the files would be root.

suPHP Configuration

This is the working setup I'm testing with and other systems may vary. The version is suPHP-0.6.3.

Installing:

sudo yum -y install mod_suphp

The files installed:

/etc/httpd/conf.d/mod_suphp.conf
/etc/suphp.conf
/usr/lib/httpd/modules/mod_suphp.so
/usr/sbin/suphp

Apache Supplemental Configuration (should be in httpd.conf or related conf):

<Directory /var/www/html/aiki>
<IfModule mod_suphp.c>
    suPHP_AddHandler php5-script
    suPHP_Engine on
    # Directory php.ini is in
    suPHP_ConfigPath /etc
</IfModule>
</Directory>

The above directory element value should point to a valid Aiki root directory.

Apache Supplemental Configuration (/etc/httpd/conf.d/mod_suphp.conf):

# This is the Apache server configuration file providing suPHP support..
# It contains the configuration directives to instruct the server how to
# serve php pages while switching to the user context before rendering.

LoadModule suphp_module modules/mod_suphp.so

My suPHP Configuration file (/etc/suphp.conf):

[global]
;Path to logfile
logfile=/var/log/suphp.log

;Loglevel
loglevel=info

;User Apache is running as
webserver_user=apache

;Path all scripts have to be in
docroot=/

;Path to chroot() to before executing script
;chroot=/mychroot

; Security options
allow_file_group_writeable=false
allow_file_others_writeable=false
allow_directory_group_writeable=false
allow_directory_others_writeable=false

;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=false

;Send minor error messages to browser
errors_to_browser=true

;PATH environment variable
env_path=/bin:/usr/bin

;Umask to set, specify in octal notation
umask=0077

; Minimum UID
min_uid=500

; Minimum GID
min_gid=500

; Use correct permissions for mod_userdir sites
handle_userdir=true

[handlers]
;Handler for php-scripts
php5-script=php:/usr/bin/php-cgi

;Handler for CGI-scripts
x-suphp-cgi=execute:!self

See Related Pages