Early Bird Registration for DrupalCon Portland 2024 is open! Register by 23:59 PST on 31 March 2024, to get $100 off your ticket.
1: create a git repository in /var/aegir/
2: verify a platform so it shows /var/aegir/ as your repo
3: delete the platform
Everything in /var/aegir/ gets removed.
Thankfully I had a backup, but this seems pretty dangerous.
I believe this module should:
* Not detect git repos above the platform or site root, ever.
* On verify, unset git info from site or platform if the associated .git folder is removed.
Attached are a platform delete log, and a screenshot of the platform showing the git repo aegir detected.
Comment | File | Size | Author |
---|---|---|---|
#23 | removing_a_site_or-2893588-23.patch | 772 bytes | helmo |
#2 | 2893588-provision-git-delete-platform-error.png | 37.46 KB | millenniumtree |
#2 | 2893588-provision-git-delete-platform-log.txt | 7.14 KB | millenniumtree |
Comments
Comment #2
millenniumtree(attaching files)
Comment #3
millenniumtreeComment #4
millenniumtreeFurther, removing the /var/aegir/.git directory and re-verifying the platforms (even the hostmaster) does NOT remove repo_url, repo_path, deploy_from_git, git_ref from the drushrc alias files.
Comment #5
millenniumtreeMoving bug report from Provision to Aegir Hosting Git
Comment #6
millenniumtreeComment #7
helmo CreditAttribution: helmo as a volunteer and at Initfour websolutions for Aegir Cooperative commentedI agree that this should not be possible.
Deleting probably happens in drush_provision_git_post_provision_delete()
Finding out the top level of the Git repo is done in provision_git_is_repo(). Since we have the repo_docroot property from #2838489: Support drupal being in a subdirectory of a git repo we might be able to make that code a bit smarter...
PS: I'm not sure if it's practical to keep the whole /var/aegir in Git ... I have /var/aegir/config in Git on some servers via etckeeper.
Comment #8
millenniumtreeI had hosting_git enabled simply because older versions of aegir (2.x) removed all the .git folders in my platforms unless hosting_git was enabled. That doesn't appear to happen now though, so it turns out I don't actually need hosting_git!
I had a git repo in /var/aegir, like you said, for storing configuration overrides I've made to ~/config/includes/nginx_vhost_common.conf, ~/config/includes/global.inc, and ~/config/server_master/nginx.conf, as well as some drush plugins in ~/.drush
First, I split the repo in two (/var/aegir/config and /var/aegir/.drush) and removed /var/aegir/.git.
Then I disabled hosting_git, and re-verified any platform or site that had received an incorrect git reference. Now I think I can delete old sites and platforms without wiping my entire /var/aegir.
8 servers. :\
We almost wouldn't even need the git repos if there were well-placed includes in nginx_vhost_common.conf, and nginx.conf.
Comment #10
helmo CreditAttribution: helmo as a volunteer and at Initfour websolutions for Aegir Cooperative commentedI created a quick test repo for this https://gitlab.com/aegir/test_drupal_docroot_in_subdir but trying to get that working as it should is already a challenge :(
In the mean time I've disabled the line that's doing the delete.
Comment #11
Jon PughHere's what happened:
In #2544906: Pickup git setting from disk a patch was committed that imported the repo_url and git_ref property by running git commands in the $repo_path directory.
The problem is, it did this, whether or not $repo_path was an actual git repo. So when you verified a site, it ran "git config --local --get remote.origin.url" in the sites/domain.com folder, and it got a good result from /var/aegir/.git or from a platform that was a git clone.
So I'm fixing that over in that issue.
For this problem, we just need to add some extra checks here, to be sure $repo_path is the right repo_path. We could also add a dead-man's switch to prevent us from attempting to delete /var/aegir in the case that repo_root got changed to that somehow.
So if you had /var/aegir/.git, and you've been using hosting_git since that patch has been committed, you should check your site and platform nodes and contexts for incorrect git repo information.
Comment #12
Jon PughComment #13
Jon PughComment #15
Jon PughI've committed this failsafe, and have addressed the other issue in #2544906: Pickup git setting from disk.
This check happens even if your repo path is already set to /var/aegir.
Helmo: Can you review and approve this, and then revert this commit: http://cgit.drupalcode.org/hosting_git/commit/?id=e8d4fbc
Comment #16
Jon PughHmm we should add a drush warning there, shouldn't we? This is bad data that we can't automatically fix.
Comment #18
Jon PughOops! turned out I already did. Needed improvement...
Comment #19
Jon PughHere's the final result:
I decided a hard error was needed here. If /var/aegir is set to repo root, there's a problem that needs to be fixed.
Comment #20
helmo CreditAttribution: helmo as a volunteer and at Initfour websolutions for Aegir Cooperative commentedLooks good.
Comment #22
Jon PughReopening.
provision-delete on a platform is still reporting:
However, the platform codebase is removed, but the drush alias file is not removed...
Comment #23
helmo CreditAttribution: helmo as a volunteer and at Initfour websolutions for Aegir Cooperative commentedLooking at your error message d()->repo_path was probably empty ... what about this extra test?
Comment #25
helmo CreditAttribution: helmo as a volunteer and at Initfour websolutions for Aegir Cooperative commentedcommitted.