1 |
On Monday 04 August 2003 6:11 pm, Max Kalika wrote: |
2 |
> Good morning! |
3 |
|
4 |
Evening, Max. |
5 |
|
6 |
> See, I don't think that running two (or more) copies of an application is |
7 |
> supporting virtual hosts. Upgrading all the files is a pain. Why not have |
8 |
> one installation of the core files and multiple installations of the config |
9 |
> files? This is, of course, very application specific -- most of them will |
10 |
> still need database upgrades, but that has to be done by the sysadmin. |
11 |
|
12 |
Because that won't quite work, unless the app is aware of virtual hosting - |
13 |
and many (if not most) aren't. Think about it. |
14 |
|
15 |
Here's an example. Imagine hosting (oh, I don't know) www.iammax.com and |
16 |
www.maxisgreat.com on the same physical box. Document roots for each are |
17 |
/var/www/<host>/public_html/ for arguments sake. |
18 |
|
19 |
Now imagine running phpBB on both domains, to provide separate forums. As far |
20 |
as phpBB is concerned, when it accesses, say, login.php on www.iammax.com, |
21 |
the URL is http://www.iammax.com/phpbb/login.php, which translates through as |
22 |
/var/www/www.iammax.com/public_html/phpbb/login.php. Similarly, login.php on |
23 |
www.maxisgreat.com translates through as |
24 |
/var/www/www.maxisgreat.com/public_html/phpbb/login.php |
25 |
|
26 |
Given this scenario, how do you make these two sites share the same phpBB code |
27 |
files? Here's a few possible ways, and the problems that they cause. Chip |
28 |
in with others - because this is the core problem. |
29 |
|
30 |
a) A bit of mod_alias magic, and you make the /phpbb/ directories aliases for |
31 |
/usr/share/webapps/phpBB-<version>/files/. If you do this, though, how do |
32 |
you get each copy of phpBB to use a separate set of configuration files? |
33 |
What happens when the app needs write-access to the directories? The |
34 |
directories are on /usr, and we're all agreed that /usr should be mountable |
35 |
read-only. And does every webserver have something like mod_alias in the |
36 |
first place? |
37 |
|
38 |
If I've understood your eclass correctly, this is what it tries to do, yes? |
39 |
|
40 |
b) A bit of .htaccess magic, and you have the directory structure of the |
41 |
webapp on /var, but directives telling PHP where to find the .php files by |
42 |
setting the include_path. The config file problem is solved, because you can |
43 |
drop in local config files, and there are real directories that can be made |
44 |
writable. Only problem with this approach is that not every type of web |
45 |
server has the equivalent of .htaccess files - and the PHP SAPI for each type |
46 |
of web server doesn't necessarily support configuration directives in config |
47 |
files either. And that's before we think about Perl, Python and other ways |
48 |
that webapps can be implemented. |
49 |
|
50 |
I believe that this is Robin's basic idea, if I've understood correctly. It's |
51 |
a neat solution, but perhaps not a universal one. |
52 |
|
53 |
c) A bit of find and cp -l, and you've got the directory structure of the |
54 |
webapp on /var, plus links back to the original on /usr. Again, the config |
55 |
file problem is solved, because local copies can be parachuted in, and again |
56 |
there are real directories that can be made writable. No webserver-specific |
57 |
tricks are required - as far as the web server is concerned, each domain has |
58 |
its own installation of phpBB. |
59 |
|
60 |
d) ?? There must be other solutions to the problem that haven't been discussed |
61 |
in this thread. Please - contribute! |
62 |
|
63 |
> How do they handle db updates? How do they handle config file updates? |
64 |
|
65 |
I've never asked, and I don't want to know ;-) Maybe Debian just doesn't |
66 |
change that much from year to year <grin>. |
67 |
|
68 |
> > 1) Your eclass doesn't correctly (as I understand correct usage to be!) |
69 |
> > support the apache2 USE flag. Easy enough to do - see my webapp-apache |
70 |
> > eclass for an example. |
71 |
> |
72 |
> Why base it on the flag? If the webserver is installed and is supported, |
73 |
> configure for it. |
74 |
|
75 |
Because that's what USE flags are there for. If the user puts '-apache2' in |
76 |
their USE flags, it's the job of the ebuild to respect that. Otherwise, the |
77 |
ebuild is broken - and probably in breach of policy too. |
78 |
|
79 |
> > 2) Your eclass doesn't specify the permissions that the source files |
80 |
> > should be installed under. Again, easy enough to fix. |
81 |
> |
82 |
> This is very straightforward to add. |
83 |
|
84 |
Agreed. |
85 |
|
86 |
> > 3) Your eclass doesn't provide support for running multiple copies of the |
87 |
> > same app on the same machine. This is a showstopper. |
88 |
> |
89 |
> This whole thing needs a separate discussion. There's no portage support |
90 |
> for dealing with more than one installation of the same version of the same |
91 |
> package. |
92 |
|
93 |
Why a separate discussion? If this GLEP isn't here to address this |
94 |
fundamental issue, then I'd say that the GLEP has the wrong scope. |
95 |
|
96 |
You're right - Portage currently can't do all of this on its own. Perhaps it |
97 |
never will be able to. As I understand it, that's why Robin's volunteered to |
98 |
write and maintain additional tools to bridge the gap. |
99 |
|
100 |
> > 4) Your eclass requires the admin to stop and start Apache as part of the |
101 |
> > install. This is a showstopper. Not every site will want to stop and |
102 |
> > start their web server just because they've installed a new app. |
103 |
> > Imagine a site hosting hundreds of domains, and having to take them |
104 |
> > *all* offline at the same time just because phpBB's been upgraded (for |
105 |
> > example!). Robin's idea of creating .htaccess files under the document |
106 |
> > root deals with this much more managably - although I think we're gonna |
107 |
> > end up using symlinks, as that'll make it easy to support multiple web |
108 |
> > servers. |
109 |
> |
110 |
> ..htaccess files only work in already web-accessable directories (in your |
111 |
> case, DocumentRoot). If we're putting applications in /usr/share/webapps, |
112 |
> the webserver has no idea to look there. Which is what the Alias directive |
113 |
> does in all the .conf files that are generated. However, Alias is not |
114 |
> allowed in .htaccess AFAIK. |
115 |
|
116 |
See about for why I think .htaccess isn't the way to go anyway ;-) |
117 |
|
118 |
> http://httpd.apache.org/docs-2.0/mod/mod_alias.html#alias |
119 |
> |
120 |
> Besides that, the server doesn't have to be restarted -- just HUPed. |
121 |
|
122 |
Fair enough ;-) |
123 |
|
124 |
> > 6) I *like* the idea that check_php() is in this |
125 |
> > eclass, because that check is specific to mod_php under Apache. I'm |
126 |
> > gonna steal that and add it to my webapp-apache eclass ;-) |
127 |
> |
128 |
> Steal away! |
129 |
|
130 |
Done ;-) |
131 |
|
132 |
> Keep in mind it is not completely accurate if the per-package |
133 |
> USE flags goes into portage (http://bugs.gentoo.org/show_bug.cgi?id=13616). |
134 |
> Things in PUSE will also have to be taken into account. But this is a |
135 |
> completely different matter and will be easy to integrate. |
136 |
|
137 |
It's a nice start though. Ideally, we need a programatic interface to |
138 |
portage, an API we can use to handle these types of queries. karltk is |
139 |
working on one ;-) |
140 |
|
141 |
> > 7) Your variable names are not generic enough for my liking ;-) |
142 |
> > AWEB_CFG, for example, might be better off being WEBAPP_CFG. |
143 |
> |
144 |
> Hey! I originally had them as WEBAPP_* but was told to change the eclass |
145 |
> to apache-webapp to distinguish from other servers so I wanted the |
146 |
> variables to reflect the name of the eclass. I'm as flexible on this as |
147 |
> playdoh. :-) |
148 |
|
149 |
/me bites back his comment about the person who told you to do that ;-) |
150 |
|
151 |
> > 8) Instead of trying to supply an all-encompasing |
152 |
> > apache-webapp_src_install(), relying as it does on defining global |
153 |
> > variables, I'd have supplied a number of individual functions to do each |
154 |
> > bit. Say, a webapp-install-appconfig, webapp-install-serverconfig each |
155 |
> > taking parameters (this is off the top of my head here ;-) This is a |
156 |
> > personal preference thing. |
157 |
> |
158 |
> Thats just more to call from the ebuild. My goal was to have very small |
159 |
> ebuilds -- just declare a few variables and inherit the eclass. |
160 |
|
161 |
Hmm ... there's a tradeoff here. Smaller ebuilds and less flexible (and |
162 |
re-usable) eclasses. Or larger ebuilds, but more re-usable eclasses. I |
163 |
guess I prefer the latter. |
164 |
|
165 |
> > 9) If I'm not mistaken, your eclass does nothing to ensure that the |
166 |
> > webapp can find the configuration files you've moved into |
167 |
> > /etc/webapps/$PN/. Personally, I'm coming to the conclusion that |
168 |
> > /etc/webapps/$PN/ isn't a good idea, because again it doesn't support |
169 |
> > the idea of running multiple copies of the same app on the same machine. |
170 |
> |
171 |
> I'd say we should be shooting for an easy upgrade path first. |
172 |
|
173 |
Good point ;-) But what's the point of installing and upgrading configuration |
174 |
files that the application is never going to look at? ;-) (Sorry, it's 22:30, |
175 |
and still ridiculously hot here) |
176 |
|
177 |
> If config |
178 |
> files aren't stored in /etc/webapps/${PN}, then we need to have a way of |
179 |
> generating an env.d/${PN} which contains a CONFIG_PROTECT line, otherwise |
180 |
> we're forcing sysadins to reconfigure the application at every upgrade. |
181 |
|
182 |
Yeah, but if each instance of the installed app has its own config files, then |
183 |
what's the relevance of /etc/webapps at all? |
184 |
|
185 |
> And as I mentioned before, there's no way for portage to handle |
186 |
> multiple-copy installs, so I'm not sure the best way to go about achieving |
187 |
> this goal. |
188 |
|
189 |
This is the problem that I think we should be solving - how to support the |
190 |
installation, configuration, and upgrading of multiple-copy installs. |
191 |
|
192 |
> > 10) I'm coming to the conclusion that 'emerge -u <webapp>' shouldn't |
193 |
> > overwrite the older version, but should always install alongside, in a |
194 |
> > different slot, so that sites can easily run different versions of apps |
195 |
> > as required. Perhaps this should be configurable somehow? Your eclass |
196 |
> > doesn't make this possible. |
197 |
> |
198 |
> Why should this be handled any different then the rest of apps handled by |
199 |
> portage? |
200 |
|
201 |
Because most of the rest of the apps handled by portage don't run in a virtual |
202 |
domain environment. Webapps really are a different beast. |
203 |
|
204 |
> If a sysadmin doesn't want older versions removed, just add |
205 |
> AUTOCLEAN=no to make.conf. Granted, the current eclass doesn't use the |
206 |
> full ${PF} in the target directory, but that is easily changed. |
207 |
|
208 |
Here's an example. Imagine you're running your own hosting firm, and you have |
209 |
a non-trivial number of customers using the same webapp (say, phpBB for |
210 |
arguments sake). A new version of phpBB comes out. Some customers will ask |
211 |
for the upgrade, and some explicitly will ask you not to upgrade. So, in |
212 |
this situation, you need to have two copies of phpBB installed on the same |
213 |
box at the same time. |
214 |
|
215 |
Now let's look at what happens when you run 'emerge -u phpBB', with the |
216 |
appropriate ACCEPT_KEYWORDS of course. Portage goes and installs the new |
217 |
version of phpBB over the top of the old phpBB files. The old version of |
218 |
phpBB gets overwritten, yes? I don't see how AUTOCLEAN will prevent that |
219 |
from happening. |
220 |
|
221 |
The whole point of SLOTing apps (as I understand it) is to allow you to have |
222 |
multiple versions installed alongside each other. This is the mechanism that |
223 |
Portage offers us. |
224 |
|
225 |
> Ok. Hopefully we can get this thing hashed out and out the door so things |
226 |
> can start getting into shape soon. |
227 |
|
228 |
Hell yes. |
229 |
|
230 |
> > 1) Apache1/Apache2 conundrum |
231 |
> > |
232 |
> > My eclass uses the detection technique adopted for mod_php, and no-one |
233 |
> > has complained about that. If this eclass is invalid, then so's the |
234 |
> > ebuild for mod_php. And I don't think it is. |
235 |
> |
236 |
> Ok, this one is a keeper. |
237 |
|
238 |
Kudos to Robin - it's his algorithm. |
239 |
|
240 |
> > 2) Support for multiple DocumentRoot configurations, and also |
241 |
> > 3) Binary packages installing on machines with different DocumentRoot |
242 |
> > values |
243 |
> > |
244 |
> > Until the GLEP is firmed up and approved, we don't have an agreed |
245 |
> > solution to implement. |
246 |
> |
247 |
> Ah! Ok, so before we have this issues ironed out, the current status-quo |
248 |
> will just be maintained. Fair enough. |
249 |
|
250 |
Agreed. |
251 |
|
252 |
> > Please excuse me, but I don't want to put support for existing ebuilds on |
253 |
> > hold while we debate the GLEP. I believe that we *have* to continue |
254 |
> > support until we're ready and able to switch. Stopping maintenance |
255 |
> > activities is *not* an option. |
256 |
> |
257 |
> Since I'm the laziest person I know, I didn't want to do the work twice. |
258 |
> I'll just hold off on introducing more ebuilds which will have to be |
259 |
> converted later. :-) |
260 |
|
261 |
That's up to you. If you're maintaining webapp ebuilds currently in portage, |
262 |
though, I'd urge you not to stop maintaining them just because you're waiting |
263 |
for a design solution via this GLEP. |
264 |
|
265 |
> > 4) Which user/group to use |
266 |
> > |
267 |
> > My class uses Robin's suggestion, and assumes that Apache is running with |
268 |
> > the default settings of apache.apache. |
269 |
> |
270 |
> Right, but as we already agreed, not all apps need to have their files |
271 |
> owned by apache:apache. This should be configurable in the eclass. |
272 |
> Correct? |
273 |
|
274 |
Do we need a new user/group to own most of the files? And then we just make |
275 |
the files that need write-access owned by the webserver? |
276 |
|
277 |
> > 5) DocumentRoot pointing to a read-only mount |
278 |
> > |
279 |
> > As far as I'm concerned, that's like trying to do 'make bzlilo' with |
280 |
> > /boot not mounted, or run an 'emerge' with /usr mounted read-only. It's |
281 |
> > the sysadmin's job to make sure that any necessary filesystems are |
282 |
> > mounted read/write before an installation is attempted. This is not a |
283 |
> > problem unique to web applications. |
284 |
> |
285 |
> The issue is not whether DocumentRoot is a read-only mount during the |
286 |
> install, but during the day-to-day operations. Running 'emerge' with /usr |
287 |
> mounted read-only is not the same as having apache running a webapp that |
288 |
> needs to write to /usr -- one is done seldomly, the other is all the time. |
289 |
|
290 |
In his email in that thread you pointed me at, Robin was explicitly talking |
291 |
about /var being a read-only NFS mount at install time. |
292 |
|
293 |
> > 6) "it's weak" |
294 |
> > |
295 |
> > That's not an argument, it's an opinion ;-) Anyway, I've taken 5-10 |
296 |
> > lines of broken and incorrectly duplicated code from a number of |
297 |
> > ebuilds, and moved them all into one place where they can be re-used and |
298 |
> > maintained for now. Reduced defects is a strong argument, not a weak |
299 |
> > one. |
300 |
> |
301 |
> I never made the "weak" argument |
302 |
|
303 |
Again, this is in response to the comments in the archived thread - not this |
304 |
one ;-) You didn't make the comment - someone else did. |
305 |
|
306 |
> -- I don't believe in it myself. Things |
307 |
> need to be justified a bit better than that, so I'm completely with you on |
308 |
> this one. |
309 |
|
310 |
:) |
311 |
|
312 |
> Ok, agreed. Troy, is there any chance for another draft with some of these |
313 |
> things incorporated? (Thanks a bezillion, btw, for putting up with me) :-) |
314 |
|
315 |
Who's "putting up" with you? I don't feel like I am! I'm just grateful that |
316 |
we're both interested in finding a solution to this problem. Now, if just a |
317 |
few more people would chip in and help these discussions ... ;-) |
318 |
|
319 |
> And a successful one at that from what I saw in my emerge --sync this |
320 |
> morning. :-) Thanks! |
321 |
|
322 |
By the time I got Saturday evening, it was all but over. Didn't see a single |
323 |
person in #gentoo-bugs who I could help :( |
324 |
|
325 |
> If you say it is very easy to do, I'm on board. |
326 |
|
327 |
If it's not easy to do, then we'll scrap it and come up with something better. |
328 |
|
329 |
> I can't personally speak |
330 |
> for other webservers, so I'll leave the decision of whether/how to support |
331 |
> others to those with the experience. |
332 |
|
333 |
Fair enough. |
334 |
|
335 |
> So in any case, we have to pull the |
336 |
> apache-specific things out into a separate framework. Therefore things |
337 |
> like DocumentRoot can't even be considered. So a central location for |
338 |
> webapps must be once again taken into account. |
339 |
|
340 |
Yep. How does this sound as the design of the central layout? Let's agree a |
341 |
design, so that it can be added to the GLEP. |
342 |
|
343 |
* /usr/webapps/<app-name> as the main directory. |
344 |
* /usr/webapps/<app-name>/public_html/ for files served by the web server |
345 |
* /usr/webapps/<app-name>/cgi-bin/ for CGI-BIN files |
346 |
* /etc/webapps/<app-name>/ to hold the box-default config files |
347 |
* <app-name> is ${PN} for non-slotted packages |
348 |
* <app-name> is ${P} for slotted packages |
349 |
|
350 |
> ok, I didn't realize that it wasn't a permanent solution. All is ok. |
351 |
|
352 |
Neat. |
353 |
|
354 |
> >> How is mod_php related to the way applications are installed? |
355 |
> > |
356 |
> > Erm, how about the whole 'do I use Apache 1 or Apache 2' conumdrum? See |
357 |
> > the mod_php ebuild for details. |
358 |
> |
359 |
> Whichever is installed gets configured. Either or both get touched, |
360 |
> depending on what is detected. It is up to the sysadmin to start one or |
361 |
> the either automatically with rc-update. I don't see a problem if both are |
362 |
> configured (if detected), but only one is running. |
363 |
|
364 |
Yeah, but as discussed earlier: |
365 |
|
366 |
a) you need a standard way of detecting which one is installed, and |
367 |
b) you need to honour the 'apache2' USE flag |
368 |
|
369 |
Take care, |
370 |
Stu |
371 |
-- |
372 |
Stuart Herbert stuart@g.o |
373 |
Gentoo Developer http://www.gentoo.org/ |
374 |
Beta packages for download http://dev.gentoo.org/~stuart/packages/ |
375 |
|
376 |
GnuGP key id# F9AFC57C available from http://pgp.mit.edu |
377 |
Key fingerprint = 31FB 50D4 1F88 E227 F319 C549 0C2F 80BA F9AF C57C |
378 |
-- |