Blueprint changed by Ben Howard: Whiteboard changed: --- User Stories --- Frank wants to deploy nginx instead of apache to support a specific requirement he has which cannot but fulfilled bu apache; he's able to use a fully supported solution when using Ubuntu. Toby is a nodejs developer; Ubuntu has the latest and greatest packaged and easily installable. Ante has been deploying varnish for some time; Ubuntu now fully supports varnish so he can stop cutting his own security updates. --- Risks --- Upstream appetite Volatility/release frequency of upstream projects (nodejs specifically). --- Test Plans --- TBC --- Release Note --- [NGINX|nodejs|MongoDB|Varnish] is now in Ubuntu main and will recieved Security Updates from the Ubuntu Security Team. --- Blog Post --- Maybe --- UDS R+1303 Discussion --- 1303 Pad: http://pad.ubuntu.com/uds-1303-webscale-packaging-review Etherpad from UDS session (which one? R): Webscale Packaging Improvements and main promotions * Nginx - Has become de-facto scalable web server, and grown up as an OSS project now - - Bug tracker? Now addressed - - Supporting tooling might need some work to get feature parity with Apache: - - nginxensite/nginxenmod etc.... - - http://nginx.org/en/security_advisories.html - - Better backend support sounds compelling + - Bug tracker? Now addressed + - Supporting tooling might need some work to get feature parity with Apache: + - nginxensite/nginxenmod etc.... + - http://nginx.org/en/security_advisories.html + - Better backend support sounds compelling * Node.js - Gaining popularity fast, and *SHOULD* be a build-dep of OpenStack Horizon - - Also a direct dependency of the new Juju GUI - - Azure tooling - - Openstack Horizon Build Dependency - - RBD's should drive seeding... (What's an RBD?) good question - -Package moves too fast to maintain or upload an appropriate version in Ubuntu Main/Supported archive. - -probably better to have node.js in a PPA - -https://launchpad.net/~chris-lea/+archive/node.js - -Other deps are gotten from npm - -reliance on specific node.js versions sounds like the messy world of java dependencies - -A version of nodejs in backports would be better I think than PPA, or supply different versions for the user to decide. - -If the PPA was "official" this may have some of the same effect as backports - -ARM support would be a plus, and have that incluced in the PPA. - + - Also a direct dependency of the new Juju GUI + - Azure tooling + - Openstack Horizon Build Dependency + - RBD's should drive seeding... (What's an RBD?) good question + -Package moves too fast to maintain or upload an appropriate version in Ubuntu Main/Supported archive. + -probably better to have node.js in a PPA + -https://launchpad.net/~chris-lea/+archive/node.js + -Other deps are gotten from npm + -reliance on specific node.js versions sounds like the messy world of java dependencies + -A version of nodejs in backports would be better I think than PPA, or supply different versions for the user to decide. + -If the PPA was "official" this may have some of the same effect as backports + -ARM support would be a plus, and have that incluced in the PPA. + * MongoDB (also headed for main as part of juju) - - Dependency for Go Juju - - Required support for TLS - needs looking at.... - - The license of OpenSSL apparently prevents arbitrary shipping - - There's _apparently_ an exception that allows Ubuntu to ship it - - If that's the case, we should really ship that support. It's a good service we'd be doing to people. - - http://people.gnome.org/~markmc/openssl-and-the-gpl.html - - ceilometer support required this - - Cons: large codebase - - Pros: good upstream development process. - - James Page poked mongodb enough last night to get 2.2.3 into raring, sans SSL support - - 2.4 is headed for inclusion - JamesPage requested a OpenSSL license exception from upstream to resolve this cleanly + - Dependency for Go Juju + - Required support for TLS - needs looking at.... + - The license of OpenSSL apparently prevents arbitrary shipping + - There's _apparently_ an exception that allows Ubuntu to ship it + - If that's the case, we should really ship that support. It's a good service we'd be doing to people. + - http://people.gnome.org/~markmc/openssl-and-the-gpl.html + - ceilometer support required this + - Cons: large codebase + - Pros: good upstream development process. + - James Page poked mongodb enough last night to get 2.2.3 into raring, sans SSL support + - 2.4 is headed for inclusion + JamesPage requested a OpenSSL license exception from upstream to resolve this cleanly *Nginx - -Ben notes some improvments in reverse proxy over squid - -Ben to volunteer to package Nginx - -code: svn://svn.nginx.org/nginx - + -Ben notes some improvments in reverse proxy over squid + -Ben to volunteer to package Nginx + -code: svn://svn.nginx.org/nginx + -After talking to security, Nginx can't make mainline at this time. + * Varnish (if time) - - Popular heavily used caching. - - More configurable--language based. - -in universe - -Upstream position on Ubuntu packages: https://www.varnish-cache.org/installation/ubuntu - -Does this infer that upstream only supports the latest, and if so how often does that change. - -How does upstream handle their packaging version/updates, bug fixes, how often does it change, and what is supported - http://packages.debian.org/squeeze/varnish - -Consensus was to communicate with upstream on the Ubuntu MIR needs. + - Popular heavily used caching. + - More configurable--language based. + -in universe + -Upstream position on Ubuntu packages: https://www.varnish-cache.org/installation/ubuntu + -Does this infer that upstream only supports the latest, and if so how often does that change. + -How does upstream handle their packaging version/updates, bug fixes, how often does it change, and what is supported + http://packages.debian.org/squeeze/varnish + -Consensus was to communicate with upstream on the Ubuntu MIR needs. *Jboss - -Not trivial to support (for initial packaging, regular maintenance and security) - -Needs some further investigation around a MIR reqest - - only a reduced subset of JBoss is currently in Debian/Ubuntu - - http://wiki.debian.org/JBossPackaging - - receives regular security updates (from RedHat, who surrently supports it. Ie, it has a significant security history) - -This is a large set of work, may need to discuss as its own BP given demand, but open for any volunteers to tackle it :-) - - Note that beyond packaging it, an alternative way to help devs is to provide good install support via juju charms + -Not trivial to support (for initial packaging, regular maintenance and security) + -Needs some further investigation around a MIR reqest + - only a reduced subset of JBoss is currently in Debian/Ubuntu + - http://wiki.debian.org/JBossPackaging + - receives regular security updates (from RedHat, who surrently supports it. Ie, it has a significant security history) + -This is a large set of work, may need to discuss as its own BP given demand, but open for any volunteers to tackle it :-) + - Note that beyond packaging it, an alternative way to help devs is to provide good install support via juju charms Investigate Backports, and Micro Release Exceptions for some of these fast moving web packages especially when talking about inclusion in the LTS. -- Others? - - seed prunin. Anything that can be dropped? + - seed prunin. Anything that can be dropped?
-- WebScale Packaging and Main Promotions https://blueprints.launchpad.net/ubuntu/+spec/servercloud-r-webscale -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
