[Mageia-webteam] Initial hosting requirements for maintainers db

Michael Scherer misc at zarb.org
Wed Jan 12 11:52:31 CET 2011 

Le mercredi 12 janvier 2011 à 11:22 +0100, Romain d'Alverny a écrit :
> On Wed, Jan 12, 2011 at 11:10, Kosmas Chatzimichalis <Kosmas at mach7x.com> wrote:
> > On 12 January 2011 09:36, Romain d'Alverny <rdalverny at gmail.com> wrote:
> >> On Wed, Jan 12, 2011 at 02:36, Michael Scherer <misc at zarb.org> wrote:
> >>> Le mardi 11 janvier 2011 à 23:07 +0000, Kosmas Chatzimichalis a écrit :
> >>>> The initial requirements for installing the maintainers db in the
> >>>> mageia server are: [...]
> >>>> 1. RVM (Ruby version manager)
> >>>
> >>> From what I know, that would likely mean compiling our own ruby version
> >>> on the server, using its own separate set of gems. [...]
> >>
> >> What's the possible alternative?
> >
> > By using RVM, we won't need a chroot environment for gem installation
> > as installation can be done in a user's account.
> > Consequent gem installations don't need sudo permission and are
> > installed on user's account.

You do install a self compiled separate ruby in a separate prefix, with
a separate set of gems in a different prefix. If the only difference
with a chroot is that you do not need to use "chroot", then there isn't
much difference to me, and then my point was not clear enough.

> Something tells me that misc won't find this a consolation. :-p
> 
> Misc, if in the end, hosting a rails stack does make things less
> consistent than with other stacks, we may as well set up a host on a
> Gandi server and dedicate it (package management and security
> mgmt-wise to the rails stack).

How would that making it more consistent ?
Moreover, dedicating a vm just mean one more server to handle, that's
hardly can be counted as "less work".


> I'm not saying this should be this way but that would be an option to consider.

I do think people do not really understand what I am saying, despite me
asking to 2 set people to read my mail twice.

Hosting this on alamut ( our shared application server ) or on a gandi
server is the same, we would a different set of non integrated packages.

Non integrated because that use a totally different system ( ie gem/rvm
vs rpm/urpmi ) with totally different versions ( ie, defined by coders
instead of the one agreed when we decided to use the distribution ),
totally different update mechanism, and with different requirements.

And those gems would need to be taken care like we do for package since
they are packages. Except we would be on out own. No people to make sure
they work together ( as upstream developers usually do not care at all,
ask shikamaru about the gitorious rpm in cooker and some rpm requiring
older version, and some not ), no people to make sure that security
update occurs with minimal change ( usually that "let's pack all changes
together", which result in more version update than required, with code
changes ).


Another option that I consider would be to use another stack. Nanar
already told me that he would be able to do it quite fast in catalyst,
and I consider myself being able to do it in django without much problem
if I dedicate enough time ( I am quite rusty but for a simple CRUD
application, it would be quite ok ).

> > Just as a note dreamhost updated all their servers to 3.0.3 and
> > RubyGems 1.3..6 in a matter of few weeks, and although I don't know if
> > they had problems, I'm sure that they are security conscious about
> > their servers as well.
> 
> There's no question about it. But Dreamhost is a business, moreover, a
> hosting business so they can dedicate way more people/servers about it
> than us, at this time.

And well, the equivalent with dreamhost would be you to ask them to keep
a custom or old version of rails just for you. I am not sure they would
say "yes".

-- 
Michael Scherer

More information about the Mageia-webteam mailing list