Bug #100658 for Net-FullAuto: documentation lies

I'm not using CPAN as source control. I'm not "spamming" either - in the sense of trying to "sell" this module in an unorthodox fashion. The multiple uploads are work on the installer. FullAuto has a LOT of dependency modules. Two years ago it took the better part of a full day to get FullAuto and all its dependencies installed. With that kind of effort required to get it running, no one was going to use it. So the last two years was basically spent in solving "that" problem. Now FullAuto can be installed with ALL it's dependencies in less than 15 minutes - often in as little as 8 minutes. I tried to use CPAN as documented for this task, but it proved woefully inadequate. BerkeleyDB is a case in point. The FullAuto install now installs this without intervention on all Linux/Unix and Windows with Cygwin. I've tried using local mirrors, and while that allowed some level of independence from CPAN, there were issues that only appeared when using CPAN itself, especially when installing on Amazon EC2 micro instances. I'm not "comfortable" that I'm clearly irritating you - and yes, I will concede that you are very likely the "voice" of others as well. The number of uploads has slowed down, and will continue to do so. My goal is to get to a release schedule that spans months - not days. 90% of the uploads are a direct consequence of CPAN issues, or issues with other author's modules and how they get installed, and my attempts to work it all out - I am not doing it as an alternative to svn or git. As for documentation, nobody is using this yet, for reasons you have outlined in addition to others. The software that is closest to what FullAuto does is Chef and Puppet. (And yes, I can hear your laughter from here). You won't be laughing for long. Everything you're complaining about is fixable, and it WILL get fixed. What FullAuto does, and how it does it will insure that will happen. Chef requires 10 GIG of hard disk space on every node. Chef requires TWO way communication between nodes and the Chef server. FullAuto requires ZERO disk space on ANY node, and requires only a one-way connection from the FullAuto installation to the node via PERSISTENT SSH. FullAuto runs commands from one script on one host and controls any number of other hosts simultaneously - again via persistent SSH. The FullAuto demo that is nearly complete, installs itself on an Amazon micro server, and then proceeds to use the Amazon API to launch other servers, download Liferay (LDAP is another demo. Hadoop is next), build it from source, install MySQL on yet another host, start it, download and import Liferay's schema, and exchange configuration information among the hosts so in the end a multi-host application infrastructure starts up and is production ready - without ANY manual intervention. FullAuto can stand up any number of servers, install Chef, configure it on every node, and start it - with NO manual intervention. Chef in turn, cannot do the same, because before it can do anything, it has to be installed EVERYWHERE. FullAuto has no such dependency. Even it's own installation is "FULL" - Auto. That is why it's Makefile.PL file is over 7000 lines of code. Many pundits have opined that automation utilities like Chef and Puppet are woefully under-utilized. I AGREE - and it's because both of them are difficult to setup and use. I am trying to remedy that. But the cost of that is insanely complex code. There is always a trade-off. FullAuto dynamically discovers the prompt on remote hosts, dynamically discovers the shell and the location of all key utilities. FullAuto returns stdout, stderr and return codes from each command it runs on the remote hosts. All FullAuto needs to fully control a remote host is a hostname or ip address, login id, and password or key file. Basically, anything anyone can do manually over a SSH/SFTP (telnet or ftp) connection, FullAuto can do programmatically, and with minimal code. FullAuto even cleans up and shuts down everything automatically - even after a CTRL-C interrupt. And all this power runs on a MICRO server. Please point me to anything else that does all this? Something this all-encompassing is going to be seriously complex, and for me personally, having everything in a few files is easier for me to cope with than everything broken out into a gazillion modules. Some of that will change soon, but probably not as much as you would probably advocate. Show quoted text
CPAN itself uses sudo and has it as one of it's setup options. There's not a "lot" of documentation on it's internal usage (short of studying the code itself), and I haven't noticed any "notice" about when and how it decides to use it once you elect it as an option. So why are you criticizing "me" for doing the same? You can't even use apt-get or yum without sudo. How in the world am I to automate ANYTHING without occasional judicial and carefully invoked super-user access, and if I'm asking the user for permission every time I do use sudo (which might be dozens and dozens of times during a multi-host standup), then we don't have a "FullAuto" process - do we? And by the way, Amazon doesn't use passwords (except for Windows), only key files. So by extension, FullAuto uses only key files when working against Amazon. I want people to seriously use this "someday" and of course they won't without adequate documentation - so that WILL be remedied, and soon. Again, I am not "trying" to irritate you or anyone else. When I have problems with CPAN and third party module installation that I cannot remedy or adequately debug and fix with a local mirror, what else would you have me do? Show quoted text

So I go back to taking an entire day for setup? Seriously? I'd happily let ExtUils::MakeMaker do everything - if it could. It's there - it's in the mix. Show quoted text
I'd be more than happy to explain everything, every line of code, if you were "actually" interested - which you're clearly not. You've already tried, deliberated and condemned. Am I wrong? Show quoted text

Hi Karen and Ed - thanks for your interest. I'd like to correct that statement. It's not that I'm having issues with "CPAN" per se, but rather with modules that I use as dependencies for Net::FullAuto. One of the biggest problems I've had making FullAuto "accessible" to anyone who wants to try or use it, was the lengthy, and very complicated installation and configuration. FullAuto uses a whopping 137 (not including FullAuto itself) dependency modules from CPAN. Most of those are of course dependencies of dependencies. Send::Email - a module included in FullAuto's dependency chain, has a huge number of dependencies all on it's own. So does Moose of course. As good as the cpan shell and installer are, I could never get it to correctly manage this massive dependency chain. Inevitably, the installation would fail because of a missing dependency in one of the long sub-chains of dependencies. Not necessarily the fault of CPAN itself either, because module authors themselves are of course responsible for making sure their stuff plays well with others. (And yes, I am not unaware of the obvious hypocrisy of that statement). One noted example is Module::Build "recommends" Pod::Readme - but Pod::Readme requires Module::Build to be installed! A classic circular dependency. Now of course, this is precisely why it's "recommended" and not "required" - but I still spent upwards of half a day some time back fighting with this because I try to supply recommended modules as much as possible. The answer was of course to install Pod::Readme AFTER a full install of Module::Build, but that became obvious only in hindsight. Today - I don't include Pod::Readme, because it turns out it has a dependency chain of it's own that I decided was too much baggage for a module that was only "recommended". There is clearly a trend and philosophy to break out more and more functionality into separate modules, and while there are clearly benefits to this trend, the cost is increased complexity in the dependency tree of modules like mine. With a dependency tree numbering 137 and growing, hardly a day goes by that someone isn't updating one of more of these modules. That alone has created massive problems for me that the generic cpan module is simply not robust enough to cope with. Inevitably some module in the dependency chain will require a newer version of a module than is available in the local Perl installation. On some occasions, the updated module will be installed into the SITE branch, but the older module is in the VENDOR branch - so now you have two conflicting modules on the system and because VENDOR is usually the parent in the @INC array, the installing module finds the older one and breaks. Even if I delete the offending older module, I have to re-run Makefile.PL from the top in order to pick up the new correct module - doing that with an exec. Then there's the problem of some module authors asking for user input. I'm trying to make FullAuto "consumer" available and not just to Perl programmers familiar with cpan and Perl idiosyncrasies. One of the JSON modules does this, and a "consumer" (again, someone not familiar with Perl and/or CPAN) is not going to know how to answer such a query. Not to mention, I want a seamless, non-interactive install for the entire dependency chain and this one module alone breaks that. So I needed a way to feed arguments to Makefile.PL that cpan simply doesn't provide a facility for (that I am aware of - I could be wrong of course). So, I had to build my own. BerekelyDB is another classic example of a module needing arguments fed to it via either arguments to Makefile.PL or via environment variables. Then there's Win32::API which still doesn't work without a patch on 64 bit Windows. The author has yet to fix this (no foul, everyone is volunteering, and no one is "obligated"), but I can't wait months of even years. So I need a way to dynamically patch such modules myself during installation. Again something the generic cpan does not have a facility for (again, that I am aware of). I know others have opened tickets on the issue with the author - which only fueled the need for a fix I could introduce myself. Again, I can't afford to wait. And finally, cpan ran out of memory on some Amazon EC2 micro machine instances when trying to install modules such as Email::Sender with large dependency trees. The only way I could work around this was to install all it's dependencies myself before I installed Email::Sender - and other modules. FullAuto works extremely well on Amazon micro instances, and since that is going to be one of its big advantages, (versus competitors like Chef and Puppet), having memory and installation issues on these hosts was of course "not acceptable". There are yet more reasons I had to deviate from protocol, but the point is there are "reasons" for every line of code in my Makefile.PL. I am chasing a 15 year goal - and that goal is now in reach. I had to make FullAuto ACCESSIBLE to users, because no one is going to spend a day or more on a complex installation with hundreds of opportunities for human error to complicate things even more. There was simply no other way for me to proceed. (Again, that I was or am aware of - I am open to any and all suggestions). But all that said, I would have LOVED and would LOVE to have access to a CPAN that can deliver a seamless installation of a complex architecture - and I will try and assist in any way I can to help make that happen. More than likely though, that will be accomplished by others someday - and perhaps with the help of paid FullAuto contributors even. I have done my best to turn off CPAN Testing - as it has come to my attention that the FullAuto installation was causing problems. For that I apologize, it is not my desire to cause issues for anyone, especially volunteers who are being extremely generous with their time. If there is something else I need to do, please let me know. Ed - I am not using CPAN for source control, though I acknowledge that it can appear that way to outsiders. I have my own local svn setup I use. I do plan to set up GIT on Sourceforge, but that task is on a LONG list of to-dos. The frequent uploads are about corrections made to the entire FullAuto installation chain of events that cpan is an integral part of. Most of this type of work is finished, and the frequency of uploads will decrease dramatically. I am including you on this email reply to Karen, because this reply contains details about why there has been so much activity. Again, thanks for your interest. Brian Kelly Show quoted text
independence from CPAN, there were issues that only appeared when using CPAN itself, especially when installing on Amazon EC2 micro instances. 90% of the uploads are a direct consequence of CPAN issues, or issues with Show quoted text
work Show quoted text
with Show quoted text
elaborate Show quoted text
trying Show quoted text
you Show quoted text

Thanks Frederick, This is GOOD advice - some of it I wasn't aware of. I actually can create a fully bundled distribution, but your advice would certainly have made things easier. I will study your advice and see what kind of both short and longer term changes I can/need to make bring this "monster" more in harmony with the CPAN ecosystem. Thanks for the response! Brian Kelly Show quoted text

Hi Tom, Thanks for the response. A ticket may not be the "best" place for discussion of general principles, but since we're exploring the best method of solving my multiple problems, it might be reasonable for me to share my perspective on what my "problems" are. I can certainly appreciate the concern my module arouses. It is admittedly an "arrogant" module. Arrogant in the sense that (especially in regards to it's installation) the implicit if not always obvious assumption is that FullAuto will essentially "own" the local Perl installation. For ANY module to have such an assumption is anathema for computing going backwards in time. I don't argue that at all. In fact, there IS a built in WARNING screen in the Makefile.PL that highly suggests the use of an entirely separate Perl installation, that indeed, FullAuto can "own". I'll have to review the code path to the WARNING and make sure it still appears for everyone. But what about going FORWARD??? An Amazon EC2 micro server, is about as disposable a commodity if there ever was one. Free Tier for a year, about $120 a year after that, and launch-able and destroy-able in a handful of minutes, is it really "unthinkable" for a powerful multi-host capable module to essentially "assume" it has a box/or Perl installation all to itself? (And that is an exaggeration too, because FullAuto can indeed live happily will all kinds of other modules and scripts - the real issue is the need for updated modules that might break older scripts and other modules. I understand that - Kent's advice is right on target with that need). And since you can now create and destroy whole servers in less time than it takes to use the toilet, is it unreasonable for guys like me to see a need for software installations that can leverage and "keep pace" with that reality, even it means getting a bit creative in the short term? What good is a server that can be launched in 2 minutes, if it then takes 2 days to set it up? And yes, there is YUM and APT and RPM - but what about Windows? FullAuto works fully with Cygwin. Plus with FullAuto, you have infinitely more potential configuration flexibility than you do with any repository based images - whether machine or software. I have just recently uploaded a video to YouTube demonstrating the full power and capability of this module. I invite all who are interested to view it: http://youtu.be/FfC_Ybdq07w I'd be VERY interesting in hearing some of your perspectives on this, as it is VERY germane to the direction the future of this module "should" go in. Do I continue to build it up - or break it down? Can I get the exact same results you will see in the video while following Tom's advice to the extent he advocates? Am I doing "too much"? And if so, why is that a "bad" thing going forward? Show quoted text
Please watch the video and then please tell me what other "established solutions" do the same thing? (The video is 50 minutes long, you skip around and in just a few minutes get the "gist" of what it does). Thanks, Brian Kelly On Mon Mar 02 10:41:33 2015, TLINDEN wrote: Show quoted text

Brian, so I watched your video, at least parts of it. The problem is this: you're talking about WHAT your software does and how unique it is and so forth. But that's not the point of the discussion here. We're talking about HOW you do things. I understand what you're trying to achieve, but you're not doing it the "perl way". Besides, you say you're not aware of any other technology for such things. Might be, but that doesn't mean that this assumtion is correct as Ed said as well. Especially in professional environments you're not working this way. Just to make it clear let me tell you how I'm doing this at work: I maintain multiple dmz's, each one with 50-100 servers, where each server is a HP blade. All of them run FreeBSD, and on top of it runs vast numbers of jails with services (~1000 services per dmz). Each jail comes with its mounts (via nfs), ip config, firewall, software, config, data, logging and whatnot. Jails can be moved from one server to another with one command and across dmz's. So, if there's a new blade, I just boot it up. I boots a freebsd installer via netboot, installs a preconfigured image, registers itself etc and reboots. At this point the new blade is visible in monitoring, capacity management etc. On our management system I enter "uhd-srv3455 add hjh-btomcat4" and a jail with a tomcat for the customer "hjh" will be moved to the new blade and started up. The whole process from installation to the first service running takes a couple of minutes. So, that's how we do it. Others do it differently, some with more manual work than others, some use commercial tools for this, some use inhouse solutions. There is a huge market for server deployment solutions and there are literally hundreds of systems available. I don't like bashing on your module all the time, but you need to tune your assumptions and preconceptions in order to make anything good of it. best, Tom

On Wed Mar 04 08:54:56 2015, REEDFISH wrote: Show quoted text
The video link has changed: http://youtu.be/gRwa1QoOS7M Thanks, Brian Kelly

PS: here's an example of how to do it right: https://www.rexify.org/.

On Tue Dec 02 05:11:20 2014, TLINDEN wrote: Show quoted text
I will address each item one at a time: Show quoted text
Most of this type of code has been moved out and put in different modules that are specifically written for setting up NEW servers launched by FullAuto via the AWS EC2 API. When setting up a new server with software, needing root level privileges is unavoidable. Users need to provide credentials that have Administrator privileges activated for any of this to work on AWS EC2. There is no way that any of this code can be successfully used without the full knowledge and buy-in of those using it. Show quoted text
and so forth That code is in a separate module called an "Instruction Set". It's name is Liferay_is.pm and it is a module that "instructs" FullAuto in launching 3 servers via the EC2 AWS API and then provisioning those servers in turn, and finally cross configuring them, and starting up the entire architecture. This is an automated standup of a complete environment - NOT FROM PRE-BUILT IMAGES, but from source code and repositories. That's what FullAuto does, and it does it via persistent SSH and SFTP connections to these servers. Right now there are 5 "demo" "instructions sets" bundled with the distribution. Later these will be separated from the core bundle, and released independently. There is also an instruction set that sets up a four node Hadoop cluster. There is one that sets up a full working Catalyst server that will soon serve as a platform for coupling a RESTful API to FullAuto. I fail to see how any of this can viewed as a "problem". FullAuto was built to automate workloads like Chef, Puppet, Salt, Ansible and others do, with a LOT less overhead and more flexibility and ease of use. Show quoted text
NO - it does not. The demo "instruction sets" do launch from generic images, bu t there is no image "maintenance". All image manipulation is done from code in the instruction set - NOT the core engine. Show quoted text
Again - this is code found in the "instruction sets". Manipulating files is a common workload automation task. Again, I fail to see how this can be an issue? Show quoted text
occurences in the code Again - this code is now mostly found in instruction sets. However, there is code in the core that does dynamic mirroring of directories using a combination of sftp and ssh. It does a diff via "ls" output and bundles just the files that have changed, and does use tar to move those in order speed up the transfer. This functionality is currently undocumented, but will be documented soon. Again I fail to see how this is a "problem". Show quoted text
Again, an undocumented and not completely implemented feature. Not likely to be elevated anytime soon. Show quoted text
What "standard" are you suggesting? That it can be completely digested in 10 minutes, 10 hours or 10 days? The code is ALL there. Nothing is hidden. There is a LOT of it, but most of the superfluous stuff has been removed. What remains actually works and is a core feature - or is close to being one. Show quoted text
Nonsense - of course I've heard of ssh keys, and the updated POD documentation strongly advises their use. Nevertheless, passwords are still prevalent, and if that is all that is available, then they can be used. And yes, the berkeley db treatment is hardly a "perfect" solution, but it beats storing passwords in cleartext. It's a compromise - and not even a very good one, but again, better than cleartext. I strongly urge the use of keys and identity files - and do frequently in the documentation. Using keys and identity files is supported and easy to use with FullAuto, and is documented, whereas the berkeley db stuff currently isn't. Show quoted text
Show quoted text
Show quoted text
Those are subs designed to work with Term::Menus and declaring a unique package within them prevents namespace collisions which was a big problem for me early on. These routines are subject to a form of code injection using Data::Dump::Streamer - which can see inside of closures. Nothing else at the time could that I was aware of. These subroutines need to be "persisted" in memory for dynamic menu creation. Show quoted text
I am guilty of some of this - and have been working to reduce a lot of this as time and opportunity permits. But it's not nearly as bad as you suggest. Show quoted text
Not "impossible" - that's absurd. Difficult? Yes - I admit that. And I can appreciate that you lack the incentive to do more than a cursory examination. However, I have NO doubt, that if I've built something compelling that someone, and perhaps many, WILL take the time to tear it down and learn what it does and how it does it. The proof as they say - is in the pudding. Show quoted text
state it can't be trusted. Nonsense. Could it benefit from "refactoring" - yes of course, and that is an ongoing activity. The thing works - it works well, it performs well, it reports errors extremely well. I would not call that something that needs to be "rewritten from scratch". And as far as it being "trustworthy" - that is a call everyone is entitled to make on their own. FullAuto is AMBITIOUS and highly unique software, and no amount of refactoring is going magically turn it into something an outsider can digest in 10 minutes. The whole "persistent connection" capability is something that I am unaware of anyone else successfully using. Chef, Puppet, Salt all use remote agents. Ansible "claims" to be "agent-less" but in fact has a dependency on Python being on remote nodes. And it also has a dependency on OpenSSH persistConnect feature being activated. FullAuto has NONE of these dependencies, but can perform every bit as powerfully and perform the same kind of workloads no matter the size or complexity - and can do it with micro images in any cloud environment, and NO dependency requirements for the remote nodes. If you know of another framework that can boast that same capability - I'm all ears! One final thing - this project has been ongoing since 2000. My Perl skills are a 1000 times greater than what they were when I started the project. Would I do things differently if I was starting over? Certainly. But I'm not starting over, and if a code construct works, works well, and solves a problem even if it's not a "best practice" way to do it, I'm going to stick with it for the "moment" and refactor it only when it becomes convenient to do so. I have a lot of other things to attend to that have higher priority - unfortunately.

Still. Nothing has changed. Still multiple "releases" each day. Still a mess. Still unsecure/dangerous. Still lots of hardcoded stuff. Still not a framework.Makefile.PL still not following guidelines. Still using sudo. Still without asking. Still doing chmods on users system files all over the disk. Please.