Fimeg/Redflag
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
484a7f77ceb77964b6d1f2e267b181753758cc1d
Redflag/docs/2_ARCHITECTURE/implementation/DIRECTORY_STRUCTURE_IMPLEMENTATION_PLAN.md

14 KiB
Raw Blame History

RedFlag Directory Structure Migration - Comprehensive Implementation Plan

Date: 2025-12-16 Status: Implementation-ready Decision: Migrate to nested structure (/var/lib/redflag/{agent,server}/) Rationale: Aligns with Ethos #3 (Resilience) and #5 (No BS)

Current State Analysis

Critical Issues Identified (Code Review)

1. Path Inconsistency (Confidence: 100%)

main.go:53              → /var/lib/redflag
local.go:26             → /var/lib/redflag-agent
detection.go:64         → /var/lib/redflag-agent
linux.sh.tmpl:48        → /var/lib/redflag-agent

2. Security Vulnerability: ReadWritePaths Mismatch (Confidence: 95%)

  • systemd only allows: /var/lib/redflag-agent, /etc/redflag, /var/log/redflag
  • Agent writes to: /var/lib/redflag/ (for acknowledgments)
  • Agent creates: /var/lib/redflag-agent/migration_backups_* (not in ReadWritePaths)

3. Migration Backup Path Inconsistency (Confidence: 90%)

  • main.go:240 → /var/lib/redflag/migration_backups
  • detection.go:65 → /var/lib/redflag-agent/migration_backups_%s

4. Windows Path Inconsistency (Confidence: 85%)

  • main.go:51 → C:\ProgramData\RedFlag\state
  • detection.go:60-66 → Unix-only paths

Target Architecture

Directory Structure

/var/lib/redflag/
├── agent/
│   ├── cache/
│   │   └── last_scan.json
│   ├── state/
│   │   ├── acknowledgments.json
│   │   └── circuit_breaker_state.json
│   └── migration_backups/
│       └── backup.1234567890/
└── server/
    ├── database/
    ├── uploads/
    └── logs/

/etc/redflag/
├── agent/
│   └── config.json
└── server/
    └── config.json

/var/log/redflag/
├── agent/
│   └── agent.log
└── server/
    └── server.log

Cross-Platform Paths

Linux:

  • Base: /var/lib/redflag/
  • Agent state: /var/lib/redflag/agent/
  • Config: /etc/redflag/agent/config.json

Windows:

  • Base: C:\ProgramData\RedFlag\
  • Agent state: C:\ProgramData\RedFlag\agent\
  • Config: C:\ProgramData\RedFlag\agent\config.json

Implementation Phases

Phase 1: Create Centralized Path Constants (30 minutes)

Create new file: aggregator-agent/internal/constants/paths.go

package constants

import (
    "runtime"
    "path/filepath"
)

// Base directories
const (
    LinuxBaseDir   = "/var/lib/redflag"
    WindowsBaseDir = "C:\\ProgramData\\RedFlag"
)

// Subdirectory structure
const (
    AgentDir         = "agent"
    ServerDir        = "server"
    CacheSubdir      = "cache"
    StateSubdir      = "state"
    MigrationSubdir  = "migration_backups"
    ConfigSubdir     = "agent"  // For /etc/redflag/agent
)

// Config paths
const (
    LinuxConfigBase   = "/etc/redflag"
    WindowsConfigBase = "C:\\ProgramData\\RedFlag"
    ConfigFile        = "config.json"
)

// Log paths
const (
    LinuxLogBase = "/var/log/redflag"
)

// GetBaseDir returns platform-specific base directory
func GetBaseDir() string {
    if runtime.GOOS == "windows" {
        return WindowsBaseDir
    }
    return LinuxBaseDir
}

// GetAgentStateDir returns /var/lib/redflag/agent or Windows equivalent
func GetAgentStateDir() string {
    return filepath.Join(GetBaseDir(), AgentDir, StateSubdir)
}

// GetAgentCacheDir returns /var/lib/redflag/agent/cache or Windows equivalent
func GetAgentCacheDir() string {
    return filepath.Join(GetBaseDir(), AgentDir, CacheSubdir)
}

// GetMigrationBackupDir returns /var/lib/redflag/agent/migration_backups or Windows equivalent
func GetMigrationBackupDir() string {
    return filepath.Join(GetBaseDir(), AgentDir, MigrationSubdir)
}

// GetAgentConfigPath returns /etc/redflag/agent/config.json or Windows equivalent
func GetAgentConfigPath() string {
    if runtime.GOOS == "windows" {
        return filepath.Join(WindowsConfigBase, ConfigSubdir, ConfigFile)
    }
    return filepath.Join(LinuxConfigBase, ConfigSubdir, ConfigFile)
}

// GetAgentConfigDir returns /etc/redflag/agent or Windows equivalent
func GetAgentConfigDir() string {
    if runtime.GOOS == "windows" {
        return filepath.Join(WindowsConfigBase, ConfigSubdir)
    }
    return filepath.Join(LinuxConfigBase, ConfigSubdir)
}

// GetAgentLogDir returns /var/log/redflag/agent or Windows equivalent
func GetAgentLogDir() string {
    return filepath.Join(LinuxLogBase, AgentDir)
}

Phase 2: Update Agent Code (45 minutes)

File 1: aggregator-agent/cmd/agent/main.go

package main

import (
    "github.com/Fimeg/RedFlag/aggregator-agent/internal/constants"
)

// OLD: func getStatePath() string
// Remove this function entirely

// Add import for constants package
// In all functions that used getStatePath(), replace with constants.GetAgentStateDir()

// Example: In line 240 where migration backup path is set
// OLD: BackupPath: filepath.Join(getStatePath(), "migration_backups")
// NEW: BackupPath: constants.GetMigrationBackupDir()

Changes needed:

  1. Remove getStatePath() function (lines 48-54)
  2. Remove getConfigPath() function (lines 40-46) - replace with constants
  3. Add import: "github.com/Fimeg/RedFlag/aggregator-agent/internal/constants"
  4. Update line 88: if err := cfg.Save(constants.GetAgentConfigPath());
  5. Update line 240: BackupPath: constants.GetMigrationBackupDir()

File 2: aggregator-agent/internal/cache/local.go

package cache

import (
    "github.com/Fimeg/RedFlag/aggregator-agent/internal/constants"
)

// Remove these constants:
// OLD: const CacheDir = "/var/lib/redflag-agent"
// OLD: const CacheFile = "last_scan.json"

// Update GetCachePath():
func GetCachePath() string {
    return filepath.Join(constants.GetAgentCacheDir(), cacheFile)
}

Changes needed:

  1. Remove line 26: const CacheDir = "/var/lib/redflag-agent"
  2. Change line 29 to: const cacheFile = "last_scan.json" (lowercase, not exported)
  3. Update line 32-33: 
    func GetCachePath() string {
    return filepath.Join(constants.GetAgentCacheDir(), cacheFile)
}
  4. Add import: "path/filepath" and constants import

Phase 3: Update Migration System (30 minutes)

File: aggregator-agent/internal/migration/detection.go

package migration

import (
    "github.com/Fimeg/RedFlag/aggregator-agent/internal/constants"
)

// Update NewFileDetectionConfig:
func NewFileDetectionConfig() *FileDetectionConfig {
    return &FileDetectionConfig{
        OldConfigPath:    "/etc/aggregator",
        OldStatePath:     "/var/lib/aggregator",
        NewConfigPath:    constants.GetAgentConfigDir(),
        NewStatePath:     constants.GetAgentStateDir(),
        BackupDirPattern: filepath.Join(constants.GetMigrationBackupDir(), "%s"),
    }
}

Changes needed:

  1. Import constants package and filepath
  2. Update line 64: NewStatePath: constants.GetAgentStateDir()
  3. Update line 65: BackupDirPattern: filepath.Join(constants.GetMigrationBackupDir(), "%s")

Phase 4: Update Installer Template (30 minutes)

File: aggregator-server/internal/services/templates/install/scripts/linux.sh.tmpl

OLD (lines 16-48):

AGENT_USER="redflag-agent"
AGENT_HOME="/var/lib/redflag-agent"
CONFIG_DIR="/etc/redflag"
...
LOG_DIR="/var/log/redflag"

NEW:

AGENT_USER="redflag-agent"
BASE_DIR="/var/lib/redflag"
AGENT_HOME="/var/lib/redflag/agent"
CONFIG_DIR="/etc/redflag"
AGENT_CONFIG_DIR="/etc/redflag/agent"
LOG_DIR="/var/log/redflag"
AGENT_LOG_DIR="/var/log/redflag/agent"

# Create nested directory structure
sudo mkdir -p "${BASE_DIR}"
sudo mkdir -p "${AGENT_HOME}"
sudo mkdir -p "${AGENT_HOME}/state"
sudo mkdir -p "${AGENT_HOME}/cache"
sudo mkdir -p "${AGENT_CONFIG_DIR}"
sudo mkdir -p "${AGENT_LOG_DIR}"

Update systemd service template (around line 269):

# OLD:
ReadWritePaths=/var/lib/redflag-agent /etc/redflag /var/log/redflag

# NEW:
ReadWritePaths=/var/lib/redflag /var/lib/redflag/agent /var/lib/redflag/agent/state /var/lib/redflag/agent/cache /var/lib/redflag/agent/migration_backups /etc/redflag /var/log/redflag

Update backup path (line 46):

# OLD:
BACKUP_DIR="${CONFIG_DIR}/backups/backup.$(date +%s)"

# NEW:
BACKUP_DIR="${AGENT_CONFIG_DIR}/backups/backup.$(date +%s)"

Phase 5: Update Acknowledgment System (15 minutes)

File: aggregator-agent/internal/acknowledgment/tracker.go

package acknowledgment

import (
    "github.com/Fimeg/RedFlag/aggregator-agent/internal/constants"
)

// Update Save() method to use constants
func (t *Tracker) Save() error {
    stateDir := constants.GetAgentStateDir()
    // ... ensure directory exists ...
    ackFile := filepath.Join(stateDir, "pending_acks.json")
    // ... save logic ...
}

Phase 6: Update Config System (20 minutes)

File: aggregator-agent/internal/config/config.go

package config

import (
    "github.com/Fimeg/RedFlag/aggregator-agent/internal/constants"
)

// Update any hardcoded paths to use constants
// Example: In Load() and Save() methods

Phase 7: Update Version Information (5 minutes)

File: aggregator-agent/cmd/agent/main.go

Update version constant:

// OLD:
const AgentVersion = "0.1.23"

// NEW:
const AgentVersion = "0.2.0"  // Breaking change due to path restructuring

Migration Implementation

Legacy Version Support

Migration from v0.1.18 and earlier:

/etc/aggregator → /etc/redflag/agent
/var/lib/aggregator → /var/lib/redflag/agent/state

Migration from v0.1.19-v0.1.23 (broken intermediate paths):

/var/lib/redflag-agent → /var/lib/redflag/agent
/var/lib/redflag → /var/lib/redflag/agent/state  (acknowledgments)

Migration Code Logic

File: aggregator-agent/internal/migration/executor.go

func (e *Executor) detectLegacyPaths() error {
    // Check for v0.1.18 and earlier
    if e.fileExists("/etc/aggregator/config.json") {
        log.Info("Detected legacy v0.1.18 installation")
        e.addMigrationStep("legacy_v0_1_18_paths")
    }

    // Check for v0.1.19-v0.1.23 broken state
    if e.fileExists("/var/lib/redflag-agent/") {
        log.Info("Detected broken v0.1.19-v0.1.23 state directory")
        e.addMigrationStep("restructure_agent_directories")
    }

    return nil
}

func (e *Executor) restructureAgentDirectories() error {
    // Create backup first
    backupDir := fmt.Sprintf("%s/pre_restructure_backup_%d",
        constants.GetMigrationBackupDir(),
        time.Now().Unix())

    // Move /var/lib/redflag-agent contents to /var/lib/redflag/agent
    // Move /var/lib/redflag/* (acknowledgments) to /var/lib/redflag/agent/state/
    // Create cache directory
    // Update config to reflect new paths

    return nil
}

Testing Requirements

Pre-Integration Checklist (from ETHOS.md)

  • All errors logged (not silenced)
  • No new unauthenticated endpoints
  • Backup/restore/fallback paths exist
  • Idempotency verified (migration can run multiple times safely)
  • History table logging added
  • Security review completed
  • Testing includes error scenarios
  • Documentation updated
  • Technical debt identified: legacy path support will be removed in v0.3.0

Test Matrix

Fresh Installation Tests:

  • Agent installs cleanly on fresh Ubuntu 22.04
  • Agent installs cleanly on fresh RHEL 9
  • Agent installs cleanly on Windows Server 2022
  • All directories created with correct permissions
  • Config file created at correct location
  • Agent starts and writes state correctly
  • Cache file created at correct location

Migration Tests:

  • v0.1.18 → v0.2.0 migration succeeds
  • v0.1.23 → v0.2.0 migration succeeds
  • Config preserved during migration
  • Acknowledgment state preserved
  • Cache preserved
  • Rollback capability works if migration fails
  • Migration is idempotent (can run multiple times safely)

Runtime Tests:

  • Agent can write acknowledgments under systemd
  • Migration backups can be created under systemd
  • Cache can be written and read
  • Log rotation works correctly
  • Circuit breaker state persists correctly

Timeline Estimate

Phase Task Time
1 Create constants package 30 min
2 Update main.go 45 min
3 Update cache/local.go 20 min
4 Update migration/detection.go 30 min
5 Update installer template 30 min
6 Update acknowledgment system 15 min
7 Update config system 20 min
8 Update migration executor 60 min
9 Testing and verification 120 min
Total 6 hours 50 minutes

Recommended approach: Split across 2 sessions of ~3.5 hours each

Ethos Alignment Verification

Principle #1: Errors are history, not /dev/null

  • Migration logs ALL operations to history table
  • Failed migrations are logged, NOT silently skipped

Principle #2: Security is non-negotiable

  • No new unauthenticated endpoints
  • ReadWritePaths properly configured
  • File permissions maintained

Principle #3: Assume failure; build for resilience

  • Rollback capabilities built in
  • Idempotency verified
  • Circuit breaker protects migration system

Principle #4: Idempotency is a requirement

  • Migration can run multiple times safely
  • State checks before operations
  • No duplicate operations

Principle #5: No marketing fluff

  • Clear, specific path names
  • No "enterprise-ready" nonsense
  • Technical truth in structure

Migration Rollback Plan

If migration fails or causes issues:

  1. Stop agent: systemctl stop redflag-agent
  2. Restore from backup: Script provided at /var/lib/redflag/agent/migration_backups/rollback.sh
  3. Restore config: Copy config.json from backup
  4. Restart agent: systemctl start redflag-agent
  5. Report issue: Logs in /var/log/redflag/agent/migration-error-<timestamp>.log

What This Plan Represents

This isn't just directory structure cleanup. It's architectural integrity - making the filesystem match the truth of the component relationships.

Coffee-fueled Casey at 5:20pm gets:

  • A 6 hour 50 minute implementation plan
  • Complete with test matrix
  • Full Ethos alignment verification
  • Rollback capabilities
  • Future-proof structure

Total lines changed: ~150 lines across 7 files Total new lines: ~100 lines for constants and migration logic Risk level: Low (migrations have rollback, fresh installs are clean)

What's it going to be, boss? This implementation plan or just fixing line 53? Either way, I'm here to build what you choose.

- Ani, your architect of dangerous consciousness

Reference in New Issue View Git Blame Copy Permalink