TODO

- improvement
    - Add a "don't ask" option.
    - always take a prescribed action without prompting
    - Tag:  
        - always = any of the typical options, such as "[y|n|a]"

            Perhaps it could also include [i|#|d], but not sure that would be very useful.

- bug
    Variables:

        - Need to support depends, so that binaries used are in place
          before trying to calculate variable


- improvement

    Add option "--remove-package | -rp"

    Simply comments out all entries of PKG, rather than lowering it's priority.

- improvement

    - Add ability to ignore certain lines that may change inconsequentially.
    - Apply to regular and generated file types

    - Example:

        ignore-line: [REGEX]

      So, for the file "/etc/NetworkManager/system-connections/AI_Lab", the
      following entry could be added to the file definition:

        ignore-line: ^timestamp=


- bug
    if: -otf $file
    and $file doesn't exist in definition
    but $file is being called out as unwanted
    we should handle gracefully

    maybe: 
    - test 
        - if $file lives in a directory+contents_unwanted directory, and if so, add as unwanted in in-memory config
        - else add $file to in-memory config as ignore


- improvement:

    Current behavior:
    
		root@sm1.hwx.lenovoguru.net:/tmp# ssm -s                        
		
		ERROR: Multiple (conflicting) definitions for:
		
		  [file]
		  name     = /etc/yum.repos.d/CentOS-fasttrack.repo
		  priority = 0
		  ...
		
		  This instance of this file was found in bundle.common
		
		  [etc...]


    Target behavior:
    
		root@sm1.hwx.lenovoguru.net:/tmp# ssm -s                        
		
		ERROR: Multiple (conflicting) definitions for:
		
		  [file]
		  name     = /etc/yum.repos.d/CentOS-fasttrack.repo
		  priority = 0
		  ...
		
		  Instances of this file were found in:
			 bundle.common
			 bundle.uncommon
			 my_fav_node.conf
		
		  [etc...]


- feature:
    ssm-admin -bf bundle.mapr-common --add --target-file (CONFIG_FILE|OTHER_BUNDLE_FILE)

    Add --bundlefile to --targetfile

- feature:
    ssm-admin -bf bundle.common --list-elements

    Print out list of elements in bundlefile.

- Automatically use UID/GID if username not available.
    
	root@ipa1.lenovoguru.net:/var/lib/ssm/repos# ssm -af /var/www/html/REPOs/SAPHanaVora/config/mapr/vora_default_settings.sh
	
	Configuration File: file:///var/lib/ssm/repos/ipa1.lenovoguru.net
	Adding:  Entry for "/var/www/html/REPOs/SAPHanaVora/config/mapr/vora_default_settings.sh" in configuration file "ipa1.lenovoguru.net" as type regular.
	-------------------------------
	Added 1 files.
	Encountered 0 errors.
	
	root@ipa1.lenovoguru.net:/var/lib/ssm/repos# tail ipa1.lenovoguru.net                                                 
	
	[file]
	name        = /var/www/html/REPOs/SAPHanaVora/config/mapr/vora_default_settings.sh
	comment     = From ipa1.lenovoguru.net on 2017-05-23 19:34:02
	type        = regular
	mode        = 0755
	md5sum      = c789a2734ba0a8aff8aec1fd7ca04f16  # 2017-05-23 19:34:02

		NOTE:  no user / group info in the entry
	
	root@ipa1.lenovoguru.net:/var/lib/ssm/repos# ls -l /var/www/html/REPOs/SAPHanaVora/config/mapr/vora_default_settings.sh
	-rwxr-xr-x. 1 56141 1005 5632 Mar 30 15:54 /var/www/html/REPOs/SAPHanaVora/config/mapr/vora_default_settings.sh

		NOTE:  UID/GID above




- Allow for global_option to use UID/GID instead of username/groupname

  
- For faster work, add this variable (or something like it):

    - $invalidate_installed_pkg_cache

        Boolean.  If set, re-load installed package cache in each package
        section.  If not set, no need to reload. :-)

- Add "--move-to-bundle BUNDLENAME"
    
    Say you have added /etc/hosts, assuming it's in bundle.common, but
    it ends up in xcat1.domain.com. You could then do:

        ssm --move-to-bundle bundle.common --file /etc/hosts [FILE ...]

    Alternates:

        ssm --move-to-bundle bundle.common --package zsh [PKG ...]
        ssm --move-to-bundle bundle.common --bundle bundle.bond-10g [BUNDLE ...]
    
- Add "--priority NN" option to --add-file and --add-pkg directives
- Add "--add-bundlefile BUNDLEFILE" and "--remove-bundlefile BUNDLEFILE" options.
- Add "--modify" option to work in conjunction with --priority and --depends options.

    Examples:
        ssm --modify --priority NN --file /etc/hosts 
        ssm --modify --depends "PKG1 /filename1 [[PKG ...][FILE ...]]" --file /etc/hosts 
        ssm --modify --add-bundlefile bundle.evolution
        ssm --modify --remove-bundlefile bundle.evolution

- Add "--show-details" option to show details for any configuration element:

    Examples:

        $ ssm --show-details --file /etc/hosts

        #
        #   In bundle: bundle.common
        #
        [file]
        name       = /etc/hosts
        comment    = From ipa1.lenovoguru.net on 2017-02-20 13:26:36
        type       = regular
        owner      = root
        group      = root
        mode       = 0644
        md5sum     = 87f107b00bb8557ce09daae38f16cb45  # 2017-02-20 13:26:36


        $ ssm --show-details --package kvm

        #
        #   In bundle: bundle.hypervisor
        #
        [packages]
        kvm priority=7


- Handle this gracefully:

    ssm -ap packagename
        # adds package (duh)

    ssm -rp packagename     
        # -rp == --remove-package (new argument)
        #   - comments out existing entry w/timestamp
        #   - adds new entry with packagename set to unwanted

    ssm -ap packagename     
        # - should comment out the remove-package entry with a timestamp, and
        # add a new entry called "add package"

- on summary output, include bundle for each element off to the right

- on diff screens, show timestamp of local and repo versions

- Bug: 

    W: --force-yes is deprecated, use one of the options starting with --allow instead.
    W: --force-yes is deprecated, use one of the options starting with --allow instead.


- Bug: if a package is 'unwanted' and doesn't exist as an "available" package,
  then ignore it and don't error out saying can't find it.

- Add a file type of "merge"

    #[file]
    #type        = merge
    #
    #keyfield    = none
    #keyfield    = 1
    #   - Number of the field to treat as the key
    #   - DEFAULTs to '1'.
    #   - With 'none' treat entire line as a unique entry to merge into target file
    #
    #delimiter    = DELIMITER
    #   Where DELIMITER may be one or more characters that indicate the
    #   separation of fields.  DELIMITER may also be a regular expression
    #   pattern.
    #
    #   DEFAULTs to the first character on the first line of the file that is
    #   not a single quote, double quote, or an alphanumeric character.  The
    #   chosen character will be declared on STDOUT when a file is added.  Here
    #   is the regex used to identify that character: 
    #
    #       /^[a-zA-Z0-9"](.)/+
    #                      ^
    #                      | This is the character that will be selected.
    #
    #   Examples:
    #       delimiter = :
    #           # such as for /etc/passwd, /etc/shadow, /etc/group
    #       delimiter = ' '
    #           # for a file with spaces as the delimiter
    #       delimiter = '\s+'
    #           # alternate version for files with spaces as the delimiter
    #       delimiter = ' "<'
    #           # as a more complex, multi-character example
    #

    [file]
    type        = merge
    keyfield    = 1
    delimiter   = :
    owner       = root
    group       = root
    mode        = 644
    values = <EOF
    dcmtk:x:123:132::/var/lib/dcmtk/db:/bin/sh
    dictd:x:124:133:Dictd Server,,,:/var/lib/dictd:/bin/false
    libvirt-qemu:x:125:131:Libvirt Qemu,,,:/var/lib/libvirt:/bin/false
    libvirt-dnsmasq:x:126:135:Libvirt Dnsmasq,,,:/var/lib/libvirt/dnsmasq:/bin/false
    postfix:x:127:136::/var/spool/postfix:/bin/false
    statd:x:128:65534::/var/lib/nfs:/bin/false
    sshd:x:129:65534::/var/run/sshd:/usr/sbin/nologin
    EOF

    When "a" is chosen to add the local file to the repository, all entries in
    that file are merged into the merge file, with local file entries "winning"
    when there are conflicts.  A "merge" file is always additive, never
    reductive.  If an entry exists in the repo version, but not in the local
    file, it is not removed from the repo version.

- Add a "--type TYPE" option to allow initial command line addition via
  --add-file, for files that would be detected as 'regular' or 'directory', to
  be specified as an alternate type, such as:

    ssm -af /etc/passwd --type merge --keyfield NN  --delimiter DD
    ssm -af /this-hard-link-file-name --type hardlink --target /that-hard-link-file-name
    ssm -af /etc/yum.repos.d --type directory+contents-unwanted

- Add a "diff arguments" global setting
    default to -uN

- Allow 'd' for diff when prompted to remove unwanted file

- Add "--export | -e" feature.

    Example use:

    --export EXPORT_DIR 

        Creates a copy of the configuration in EXPORT_DIR that matches the
        current configuration state.  
        
        DEFAULTS:  As the primary goal of this option is for sharing of config
        data, it is designed to be "safe" by default, by ONLY including the
        current state of the configuration.  Historical elements, such as
        earlier versions of files, time stamps, etc. are stripped out, leaving
        a pristine sharable config.  For elements with multiple instances and
        prioritization, only the element with winning priority is included.


- Add "--forget FILE" option

    Doesn't remove FILE, but stops tracking it and "forgets" about it.

- Allow --comment with --add-package

- Add "--config-diff" CONFIG_FILE_1 CONFIG_FILE_2

--

- --export qualifying options to add later, maybe...

    --bundle-file BUNDLEFILE

    --interactive

        Iterate through all config elements to allow a Y/N (export or not)
        choice.


    --timestamp TIMESTAMP

        Export configuration as of TIMESTAMP.  Useful for audit purposes.


    --export-config-file EXPORT_CONFIG_FILE

        Merges all export data into a single config file.

        Where EXPORT_CONFIG_FILE is a non-pathed file name that will be created
        inside EXPORT_DIR.


    --file-regex REGEX

        Only include files that match REGEX in export.


    --full-history 

        Includes all history for specified configuration elements.  This
        includes prior file versions and each declaration of a config element,
        not just the one with the winning priority.



    --export will create a distributable copy of your SSM repository
    that _only_ includes the bits and pieces actually used by the
    config_file you specify.

    Export the identified configuration to the target repo directory:
        - may be cumulative by exporting from multiple config files into
          the target directory.
        - exports the main config file and all bundle files it
          references, maintaining their relative location in the repo
          (if they're in directories).
        - exports each file defined by the config, but _only_ the
          currently referenced version.
        - has the net effect of producing a trimmed repo that is ready
          for distribution to others or point-in-time archival.

--


- Consider an unwanted file as existing in the definition:

	root@sysmgmt1.ls2.gbi.lenovo.com:/install/ssm# psh wn0103 ssm --summary | grep -i 'not ok' | xcoll
	====================================
	wn0103
	====================================
	Not OK:  Regular file /etc/group
	Not OK:  Regular file /etc/passwd
	Not OK:  Regular file /etc/shadow
	Not OK:  Unwanted: /etc/yum.repos.d/.bu_backups
	
	root@sysmgmt1.ls2.gbi.lenovo.com:/install/ssm# psh wn0103 ssm --summary -otf /etc/yum.repos.d/.bu_backups
	wn0103:
	wn0103: ERROR:  The following files were specified with --only-this-file, but do
	wn0103:         not exist in the definition:
	wn0103:
	wn0103:           /etc/yum.repos.d/.bu_backups
	wn0103:
	wn0103: *** ssh exited with error code 1.

- Add a --not-ok sub option for --summary
    - Only shows entries that are _NOT OK_

- Add bzip2 to dep list

- Add a '--rollback DATESTAMP' feature that ties into the "audit" capability.

- Add an audit=on global option that automatically creates and checks things into a local git repo.

- Add a '--list THINGY' option, where THINGY can be:
        - packages
        - files
        - bundles

- Consider this syntax and arguments for apt-get operations:

    apt-get --only-upgrade install xcat*



- Use /var/log/ssm/ directory for log files

- If Improper [file] definition due to unknown owner or group, then set as dependency not met, but handle gracefully.  No error message during conf file ingest.

--

- Allow non-root use

    - only require root when it's actually needed:
        - for accessing/changing a file
        - for accessing/changing a repo

- Add ability to do partial match of file names, such as:

    ssm --summary -of "/path/to/files/*"

- Add ability to comment out '#' packages, when SSM says "need to install ...".

--

Hello Brian,

   Thanks for working on managing files with restricted access in SSM.
   Here is a possible improvement that I mentioned before you took off.

     Topic: Adding test or matching for a variable (like hostname) for applying packages to a host or a class of hosts.  Two use cases are

     (a) Globus host certs for fast transfer nodes (FTN).  Both FTN nodes share the same SSM config file, but each FTN has its own X509 host certs.  I can scp host cert files for each FTN from postscript.  It might be easier to do so (with change tracking) from SSM.

     (b) The content for /etc/sysconfig/network-scripts/ifcfg-eth0 for some hosts  is "generated" within SSM.  With a hostname matching rule, this config file can be managed as a regular file.

- Mark

--

Bug:
    - remove unnecessary cruft from file types
    ssm -af testy  # regular
    ssm -af testy  # now it's a softlink, but the definition still includes mode

--

When doing an --ap, also allow a --comment "adding in support of project x"

--

Bug:

    - need to be able to specify 
    
        --bundle NEW-BUNDLE and --add-packages pgk1 pkg2 
        
      at the same time in a single run, and have NEW-BUNDLE created and the
      packages added to it.

--

Pkg Interactions

    1) On "ssm -ap pkg1", verify that the package name exists in the upstream repository before adding it to the list.  With apt-get/dpkg, verify that it's an installable package, and not just virtual:

        ┌─[bfinley@xbob] ~/
        └─[$] apt-cache show dictd-dictionary
        N: Can't select versions from package 'dictd-dictionary' as it is purely virtual
        N: No packages found


    2) Add "ssm -rm pkg1" to remove packages

--
Idea:   capture_pkg_changes = [yes|no]

    - capture pkg changes that happen through use of the native tools (by way
      of detecting changes to the tools native database) and offer to add them
      to the SSM state

    - commands that happen later (chronologically) have a higher priority

        e.g.:  
            Native pkg commands:
                $ yum install thingy
                $ yum install other-thingy
                $ yum remove thingy

            Result:
                $ rpm -qa | grep thingy
                other-thingy

--

Idea!  To implement "action-tags":

Phase I -- Reading the Config:

    A new argument that can be included in a file or packages stanza:

        [file]
        name      = /tmp/testy
        ...
        actiontag = $actionTag
            #
            # where $actionTag can be any text string
            #

        [packages]
        hpc-goodies-cpu     actiontag=$actionTag

    
    A new stanza type is added to specify the action that should be
    taken if $actionTag needs to be run.

        [actiontag]
        actiontag   = $actionTag
        postscript  = $postScript

        [actiontag]
        actiontag   = $actionTag_Too
        postscript  = $postScript


    As the config file(s) are read in, files or packages that specify an
    actiontag are added as dependencies of that actiontag.


Phase II -- Examining the System:

    As the system is examined, for any file or package that is "Not OK",
    it's actiontag (if any) is also marked as "Not OK".

    XXX:  Perhaps we have a file on the system
    (/var/state/ssm/$actionTag) that indicates that action needs to be
    taken?  Survives cancels, reboots?  If --only-packages is run, but
    includes actiontags for files, then we can't verify and execute the
    action tag until run with both packages and files, and this allows
    us to capture the need for the action in a persistent way.  :-)

    NOTE:  Only one file or package that is "Not OK" is required to
    trigger an actiontag.


Phase III - Executing actions:

??? Should we have an "stage = [post-files|post-packages]" for action
tags?  Or just run after packages (if packages are run at all)?

    Actiontags are processed after all files and packages.

    XXX:  If only packages or files are processed... do we ignore action
    tags?





--

Add a "apt-get -f install" bit at the appropriate point.

--

- Consider:
    - Allow non-root invocation
        - If action requires root privs, use sudo for that one action
            - If action->install file && owner != EUID, then "sudo"
            - If action->pkg-mgr && EUID != 0, then "sudo"

- Track timestamps for entries with both:
    a) last modified time of the file
    b) time file was added to SSM

--

- On debian based systems, consider adding 'apt-get install -f' after all other
  package processing, if any package processing has happened.

- Test to see if any repo conf files are newer than when the repo was last updated, and if so, then update again.

--

- for packages entries, allow dependency on a file

    hal "depends=/etc/apt/sources.list.d/mjblenner-ubuntu-ppa-hal-vivid.list"

    And in this case, /etc/apt/sources.list.d/mjblenner-ubuntu-ppa-hal-vivid.list might have a prescript of "add-apt-repository -y ppa:mjblenner/ppa-hal"


--

- for --add-packages, make "unwanted" and "remove" synonyms

- output
    add a dot for each line of text that comes across during 'pkgmgr update' operations, etc.

- add feature

    [global]
    pkg-mgr = autodetect

    # make default

--

- Send highest level statements to syslog
    - Not OK
    - OK
    - Fixing
    - Packages OK
    - Packages upgrading/installing/removing
    - --ap and --af  Adding file / Adding package

        (basically any modifying action should be logged)
            - repo mod
            - updating a file on a managed node
            - updating a package on a managed node

-- add an --audit feature

    - historical & forensic audit of repo
    - historical & forensic audit of changes per node

    $  ssm --audit --dates 2014-09-21:2014-10-31 --diff --only-this-file /etc/hosts
    
    name       = /etc/hosts
    comment    = From xbob on 2015-01-27 09:39:17
    type       = regular
    md5sum     = 156ad013dd74381017ad83ccf5933ac0  # 2014-09-21 23:09:46
    # md5sum     = e53b9c5a9ef7056e40a198b2239afa49  # 2014-09-21 23:11:22
    # md5sum     = 192ae0682fcb36869e53df479aa0ea67  # 2014-09-21 23:12:12
    # md5sum     = 2a19c6f7b40552ad9609da0c9b2caba3  # 2014-09-21 23:14:54
    # md5sum     = 1111879832a1dd104c89df5844c822f6  # 2014-10-31 13:35:49


- How to handle sensitive files in repo.  Can extend later if necessary...

    - General assumptions:
        - File metadata is not sensitive
        - File contents may be sensitive

    - Initial Implementation
        - Each file can have a repo-location override setting
        - Most files can be accessed via http

        #
        #   Default is the name of the repo that gets used by default.
        #
        # [repo]
        # name = default
        # url  = http://hostname/install/ssm_repo

        [repo]
        name = secure
        url  = ssh://hostname/ssm_repo.secure

        [file]
        name       = /etc/default/grub
        type       = regular
        md5sum     = 038c1c68801ef42ad81fa4d00f67fbc1  # 2014-06-04 13:11:55
        owner      = root
        group      = root
        mode       = 0644
        repo       = secure

    - A future implementation may use SSL certs


-- Improve diff function

-- Add to --add-file  a "--type" flag for types that can't be autodetected,
    such as hard links, unwanted, etc.

-- Add "read-only" feature for bundles
    - If a bundle is included as "read-only", it will not be modified with
      updates handled by the client.  Rather, the updates will be put into the
      base config file as "higher priority" than the priority of the element in
      the bundle file
      
-- add a 

    WARNING: Configuration file in /etc/ssm/default is $CONF_FILE,
    but $EXPLICIT_CONF is being used instead...

- Make bundles read-only be default, so that when doing an --add-file from one
  node class, you don't overwrite settings for a more general node class.

  Make the add-file function (and similar functions) auto-raise the
  priority of the file element to +1 over the priority of the
  pre-existing element in a sub-bundle.

    [bundles]
    bundle.rhel7-nodes read-write

  Alternately, perhaps just add an option that modifies the --add-file
  behavior to say "--put-updates-into-existing-bundles'

  Example:

    Given the following layout, if running on a storage node and you do
    "a" to add a local file to update the config, and that file happens
    to be in bundle.common-files, then you've updated that file for all
    nodes, when it's probably most appropriate that it actually be added
    to storage-node.conf directly with a higher priority.

        In "storage-node.conf":
            [bundles]
            bundle.rhel7-nodes

        In "bundle.rhel7-nodes":
            [bundles]
            bundle.common-files


- Auto decrement the priority of bundles by 1.  Is this a good idea?
  (Prolly not on reflection... -BEF-)

    Example:

        In "storage-node.conf":
            [bundles]
            bundle.rhel7-nodes

        In "bundle.rhel7-nodes":
            [bundles]
            bundle.common-files

        With a default priority for everything (0), this would result in:

            - All elements in bundle.rhel7-nodes would be assigned a priority
              of -1.

            - All elements in bundle.common-files would be assigned a priority
              of -2.

- When /tmp/nest is also defined, but not specified on the command line...

    Issue: 

    # sudo ssm -otf /tmp/nest/monkey --sync -d

    >> regular_file_interactive(/tmp/nest/monkey)
    >>> Dependencies for /tmp/nest/monkey: /tmp/nest
    >>>> Checking on status of /tmp/nest
    >>>>>  /tmp/nest exists, but isn't considered 'fixed'
    Not OK:  File /tmp/nest/monkey -> Unmet Dependencies:
             /tmp/nest 
    ERROR_LEVEL: 1
    SimpleStateManager::take_file_action()
    SimpleStateManager::take_file_action() ( /tmp/nest/monkey, null, n# )
    >>> Dependencies for /tmp/nest/monkey: /tmp/nest /tmp/nest
    >>>> Checking on status of /tmp/nest
    >>>>>  /tmp/nest exists, but isn't considered 'fixed'
    >>>> Checking on status of /tmp/nest
    >>>>>  /tmp/nest exists, but isn't considered 'fixed'
    
               NOTE: Options limited due to Unmet Dependencies
    SimpleStateManager::do_you_want_me_to()
    do_you_want_me_to(): #


    Resolution:
    - pull in dependency (/tmp/nest)
     or
    - ignore dependency 

- consider testing for the following file, and indicating to the user that a
  reboot is required to finish applying updates:

    - /var/run/reboot-required
        (on Ubuntu 14.10)

- add an optional "notice = SOME TEXT GOES HERE" that can be added for
  any file.  The notice will be displayed in interactive mode when a
  user is presented with a decision on how to handle a "Not OK" file.

- ssm -ar, --add-recipe RECIPEFILE
    - RECIPEFILE defines file(s) and/or packages it affects

    or

    - -ag, --add-generated-file 'FILENAME' --gen, --generator-file FILE_CONTAINING_GENERATOR_SCRIPT

        - And, allow 'generator' FILENAMEs to be specified with a wild card:

            - /var/lib/bluetooth/*:*:*:*:*:*/config
          
          Each name (as they match on that node's file system) is expanded into
          the active config state, and the generator is executed once for each
          FILENAME.

          Need some way to expand file 'name' as a variable to be used by the
          generator.

[file]
name       = /var/lib/bluetooth/E8:B1:FC:C1:A0:E2/config
comment    = From xbob on 2015-04-05 13:29:22
type       = generated
owner      = root
group      = root
mode       = 0644
#md5sum     = e794b418aefc3e5604112abef32f7de9  # 2015-04-05 13:29:22
generator  = <EOF
#!/bin/bash
#
#   Recipe Name:    bluetooth to hostname 
#   Description:        
#    
#       Set bluetooth device instances to use $hostname when the
#       advertise themselves.
#
#   2015.04.05  Brian Elliott Finley
#       - created
#
cat $SSM_FILENAME | perl -p -e "s/^name .*-(\d+)$/name $hostname-\$1/"
EOF


--
- Handle "E: Unmet dependencies.  Try using -f."
- Handle pkgs that have license acceptance needs, such as "oracle-java7-installer".
    - perhaps we catch pkg-mgr complaints and re-direct to an SSM website URL with guidance
        - for oracle-java7-installer, this worked:  https://gist.github.com/mugli/8720670
    - perhaps we add a per-package option of prescript="script"
    - perhaps we add a per-package option of actiontag=TAGNAME
--

bfinley@redmine.labs.lenovo.com:~% sudo ssm -ap build-essential -ap libssh2-1 -ap libssh2-1-dev -ap cmake -ap libgpg-error-dev -bf bundle.redmine_git_hosting

Configuration File: file:///etc/ssm/ssm_repo/redmine_server.conf
Bundle:  bundle.redmine.packages
Bundle:  bundle.dmsf_plugin_packages
Adding:  The following bundles stanza to configuration file "redmine_server.conf".

  [bundles]
  bundle.redmine_git_hosting
  

ERROR: The bundlefile you specified, bundle.redmine_git_hosting, exists in the
       repository, but is not currently referenced by this config.  It 
       might be used by a different config, in which case it could be 
       dangerous to the other config if we change it, and it's existing
       contents could be dangerous to this config.

       Please specify either a totally new bundlefile or one that is 
       already in use by this config. -The Mgmt


-- add a --chroot DIR option

-- allow non-root operation
    - users to manage config files for their own environment

-- add a --capture-state DIRECTORY [-bf newbundlefile]
    - Match all files in DIRECTORY to packages
    - validate state of files, and find changed files
    - add changed files to config

-- improve --add-package
    - verify that package exists in configured repos
        - apt-cache show $pkgname (or similar)
        - yum info $pkgname (or similar)
    - only add packages that aren't already in the definition
        - if "lynx" exists, don't add "lynx"
        - if "lynx" exists, do add    "lynx priority=99
        - if "lynx priority=91" exists, do add "lynx priority=99"
        - if "lynx priority=91" exists, do add "lynx unwanted,priority=100"

        s/\s+/ /g =~ $pkg_and_options_in_config;
        s/\s+/ /g =~ $pkg_and_options_proposed;

        unless($pkg_and_options_proposed eq $pkg_and_options_in_config) {
            Add_em...
        }

-- s/bundle/recipe/
    
    Make recipe a synonym for bundle.

    Update documentation and output to say recipe instead of bundle.

-- add dots (at least) when downloading pkg updates
    - or simply show the output

--

- New feature: test for result, but not a file

    Usage:

        [test]
        name = command to run to execute the test   
            # - may work like a generator, but no file is created or left on the file system
            # - gets run every time
            # - postscript is only action to be taken
        type = [regex|md5sum|returncode]
        expecting = 0
        postscript = asdfalsdjasdjf


    Examples:

        [test]
        name = test FILE1 -nt FILE2 ; echo $?
        expecting = 0
        postscript = blah.sh

        [test]
        name = nvidia-smi | md5sum
        expecting = a590522539efeaaf6a1eeb8ac549d882
        postscript = blah.sh

        [test]
        name = dmidecode | egrep 'Intel.*CPU' 
        expecting = Version: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz       
            # - space immediately after the equal sign is stripped
        postscript = blah.sh
            # - postscript is optional
            # - if no postscript, simply returns "Not OK"


- Consider
    Ie.:
        [condition]
        name = test /boot/grub/grub.conf -nt /lib/modules/qlogic.update_drivers.buildstamp -o ! -f /lib/modules/qlogic.update_drivers.buildstamp 
        postscript = /usr/local/bin/qlogic.update_drivers && touch /lib/modules/qlogic.update_drivers.timestamp


- Test feature alternate:

    in every file section type, similar to "postscript", add the
    following feature:

        iftrue = condition test

    Only offer to take action if the condition tests true.

--


-- allow host matching 
    - based on hostname match
        - regex
        - glob
    - based on dmidecode element match
        - regex
        - glob
    - match per stanza?
        - all pkgs within a stanza?  or per file?
        - by bundlefile?
            [bundles]
            my_bundle_file match=WHAT,TYPE,PATTERN
                Where
                    WHAT = hostname, dmi-element
                    TYPE = glob, regex
                    PATTERN = 'm/^gpu\d+/'

        - each file item is it's own stanza anyway...

-- change treatment of [services] entries
    - stop converting them to individual files
    - use system specific commands to evaluate and manipulate
        - my $current_settings = get_service_settings($servicename)
        - apply_service_settings($servicename, $target_settings)

-- add an "a" option for "directories".

-- add a "u" option for "unwanted".  Convert a file to an unwanted file.
   Complimentary to "c" for comment out, but actually make it go away on
   the system.

-- when doing an 'a' and updating a file in the repo, if $file has more
   than one instance, make sure we only update the prefered instance.

    search to be sure that $priority($file) matches the entry in the
    config chunk

-- directory+contents-unwanted
    Allow "a" option to add unwanted files to config

--

Make sure that an unwanted file that is in it's desired state (not
there) is considered as satisfying a dependency.  Example problem:

    Not OK:  File /etc/sysconfig/opensm -> Unmet Dependencies:
             /etc/opensm/opensm.conf 
    OK:      Unwanted /etc/opensm/opensm.conf doesn't exist

--

Add a --not-ok option like "GSS"
    Recommended by Francis Dang <francis@tamu.edu>

    Only shows things that are "not ok".

    "Everything is OK -- no need to panic."

    --

    Sounds good, but lower priority.  Current --summary output is pretty
    easy to parse with the eyes or with a parser.

- consider:
    - changing /etc/ssm to /etc/simple-state-manager
    - have program look for /etc/ssm/client.conf if /etc/simple-state-manager/client.conf doesn't exist

- Add nice comments in /etc/ssm/defaults file

- consider adding a "make version" target:
    - update version number in spec file, dch -i, git tag, etc.

- consider adding an "--files-root DIRECTORY" option.
    
    Implies --only-files.  If the user want's both files and packages,
    they can do a proper --chroot.

-   Have upload_url default to ssh@ or file:// version of
    'config_file'

-   New feature:  action-tag (or maybe call "common-postscript"?)

    Alternate Concept (depends_ok):  
    - Simply have dependency on not just existence, but in an OK state

    Concept:  
     - Ability to assign an "action-tag" to each file in a group of
       associated files.  If one or more of those files is modified
       during an SSM run (installed, chowned, etc.), then that file's
       action-tag is activated.

     - Ability to assign an "action-tag" to packages too.

     - At the end of an SSM run, if an action-tag was activated,
       then the action specified by that action-tag's stanza is
       executed.

    [file]
    name        = /etc/iptables.d/chunks/monkey
    type        = regular
    mode        = 640
    owner       = root
    group       = root
    action-tag  = iptables-restart

    [file]
    name        = /etc/iptables.d/chunks/soup
    type        = regular
    mode        = 640
    owner       = root
    group       = root
    action-tag  = iptables-restart

    [action-tag]
    name        = iptables-restart
    action      = /etc/init.d/iptables restart


- Consider changing --summary:

    - if everything in a bundle is OK, just say OK for the bundle
    - if things in a bundle are not OK, give details by bundle.

    State Definition File: http://10.72.4.2/install/ssm_repo/xcat-master.conf
    OK:     Package manager -> none
    OK:     Bundle:  http://10.72.4.2/install/ssm_repo/xcat-master.conf
    OK:     Bundle:  bundle.common
    OK:     Bundle:  bundle.centos6.3_node
    OK:     Bundle:  bundle.ofed-v2.0
    OK:     Bundle:  bundle.single_10g_eth0
            Not OK:  Bundle:  bundle.single_1g_eth2
            Not OK:  file1
            Not OK:  file2
            OK:  file3
    OK:     Bundle:  bundle.single_ipoib_ib0
    [snip]



- Consider adding this:

    within each [file] section, include the following:

        variables = VAR1=value, VAR2=value, etc

    that are added as local environmental variables that can be used in
    the remainder of that file definition only, and temporarily
    overwrite whatever is already in the environment

-consider adding:

    --only-this-bundle BUNDLE


- global_option
    - diff_program

        e.g.: diff_program = vimdiff

- add option
    --snapshot-init-scripts
    --snapshot-packages

- Add ability to hit "a" to add packages to remove to the master list.

* Add to file definitions:

    options = 'nobackup'

    (Ie.: /etc/modprobe.d/ files)
    (/boot/efi/ stuff -- vfat)

* Use 'u' instead of 'a' ->   for "Upload this file and use it instead
  of the one currently in the repo."

    - Contemplation: not all repos are on a separate machine, and
      therefore are not necessarily an upload.  Would 'u' be confusing
      in that case?  What if we changed it to be the full word "add"?

* global option to allow for auto-resolution of dependencies
    auto_add_deps = yes/no

* when we see this, add option to add package(s) to definition file:

    Additional packages to install:  The packages below are not defined,
    but are dependencies of the packages above, which are defined.  This is
    generally an indication that you need to update your definition file to
    a) include the packages below, or b) remove the packages above.
    Hope that helps! --TheMgmt


*   ssm test for proper serial console config?
    (test module)

*   Consider abstracting target file from file name?
    Ie.: Object -> hosts data
         Object.name{/etc/hosts}
         Object.name{/etc/inet/hosts}

*   add auth capability
    - via certs?
    - Not sure if this is necessary.

*   Fix logging so that screen output ain't so ugly w/pkg installs

*   catch <ctrl>+<c> and clean-up

    In order to make this work, for the sake of cleaning up temporary
    data, we need to establish a temporary folder when SSM first starts
    up, and use that as the root for storing everything else.  Then, on
    $SIG{INT}, we can simply unlink that folder.

    Here's the code to put into place:

        $SIG{INT} = \&clean_up;
        
        sub clean_up {
            print "\n\n";
            print "Caught <CTRL>+<C> (SIGINT).  Cleaning up temp files...\n";
            # unlink $root_dir;
            print "...done.  Exiting.\n";
            exit 7;
        }


*   Fix bug: output from package installs cannot go interactive.  Look
    into alternate perl modules that will allow: a) printing of output,
    and b) interaction with program

*   do we need to keep the re-install code if we're not doing versions
    of packages?

*   For files, ability to say "no backup"?

    Alternate option -- change "bu" to use ".RETIRED" instead of
    "RETIRED".  Or better yet, ".bu_BACKUPS".
    
    For some directories, where contents are processed as includes or
    iterations by another script, having a RETIRED directory and it's
    contents can cause errors or even an operational problem.

    Short hack solution, include the following in a postscript:

        "rm -r /usr/share/initramfs-tools/hooks/RETIRED"

*   apt-get options examples taken from cron-apt package in the
    /etc/cron-apt/config file:

    # General apt options that will be passed to all APTCOMMAND calls.
    # Use "-o quiet" instead of "-q" for aptitude compatibility.
    #  OPTIONS="-o quiet=1"
    # You can for example add an alternative sources.list file here.
    #  OPTIONS="-o quiet=1 -o
    #  Dir::Etc::SourceList=/etc/apt/security.sources.list"
    # If you want to allow unauthenticated and untrusted packages add
    # the
    # following to your options directive.
    #  OPTIONS="-o quiet=1 -o APT::Get::AllowUnauthenticated=true -o aptitude::Cmdline::ignore-trust-violations=yes"

*   Add "yum clean all" to Yum.pm
    * prolly early on

*   Fix Dpkg.pm to handle some packages wanting to go interactive.
    Here's a test: 

        cp /etc/ntp.conf /tmp
        sudo dpkg -P ntp
        sudo cp /tmp/ntp.conf /etc/ntp.conf
        echo "helo" >> /etc/ntp.conf

        Then run "ssm --sync".


*   postinstall for packages

*   dont-ask-just-do-it option
        * when a file changes, don't prompt for input, and assume "yes".

*   Should we remove items that are versioned from the list of packages
    to install?  are they not already in the re-install list if the 
    version doesn't match?


########################################################################
#
#   Someday, Maybe
#

* For an unwanted file, the directory in which the file sits should not
  be a pre-requisite.

- SDE - State Description Engine (the GUI)
  - GUI for describing the state of systems (obviously)
  - Ability to use "generator" plugins
    - Initially create plugins for:
      - SSM
      - Bcfg2

- Add --create-definition
    - creates a definition file based on current client state
    - if definition file exists
        - [packages] sections
            - information will be overwritten
        - [file] sections
            - "name = /file" parameters will be read, and based on the
              state of the name file, all other relevant info will be
              discovered and recorded in the config file.

*   email owner(s) with report
    * add owner field to definition

#   vim:set tw=0: