librelist archives

Re: [mongrel2] chroot and library content

From:

Timothy Fitz

Date:

2010-08-30 @ 03:24

On Sun, Aug 29, 2010 at 5:08 PM, Zed A. Shaw <zedshaw@zedshaw.com> wrote:

> On Sun, Aug 29, 2010 at 02:39:35PM -0700, Timothy Fitz wrote:
> > I want my mongrel2 instance to serve static content from Django's admin
> > media directory, which is installed in an OS-wide library path (/Library
> on
> > OS X for example). Mongrel2 complains that absolute paths will "will fail
> > when not in chroot" (the opposite is true here, but whatever, it's the
> other
> > side of the problem).
>
> If you got a config I can grab I can try it out and come up with how
> you'd do it, but I suspect you're trying to access /Library but have a
> chroot in a different directory.  Just not possible without a hardlink,
> since the chroot prevents access to the rest of the filesystem.


If you have a Dir with an absolute path,

handler_admin_media = Dir(
    base='/Users/timothyfitz/Projects/django_mongrel2_chat/m2/admin_media/',
# Doesn't need to be absolute, just an example!
    index_file='index.html',
    default_ctype='text/plain'
)

It'll fail with this:

ERROR (src/dir.c:182: errno: No such file or directory) Don't start the base
with / in /Users/timothyfitz/Projects/django_mongrel2_chat/m2/admin_media/,
that will fail when not in chroot.

Both with and without -sudo, being launched from
/Users/timothyfitz/Projects/django_mongrel2_chat/m2

I agree, being able to do this without the chroot jail should solve the
problem.

Timothy

On Sun, Aug 29, 2010 at 08:24:33PM -0700, Timothy Fitz wrote:
> On Sun, Aug 29, 2010 at 5:08 PM, Zed A. Shaw <zedshaw@zedshaw.com> wrote:
> > If you got a config I can grab I can try it out and come up with how
> > you'd do it, but I suspect you're trying to access /Library but have a
> > chroot in a different directory.  Just not possible without a hardlink,
> > since the chroot prevents access to the rest of the filesystem.

Ah, one more pointer:  Use virtual env and create a virtualenv in your
chroot so that all your stuff, your django, apps, anything you put is
all right there.

Trust me on this, it will save you a *world* of headaches later on OSX
if your specific versions of things are in your own virtualenv rather
than use the system stuff.

Then you're deployment is even more automated.

-- 
Zed A. Shaw
http://zedshaw.com/

On Sun, Aug 29, 2010 at 8:58 PM, Zed A. Shaw <zedshaw@zedshaw.com> wrote:

> On Sun, Aug 29, 2010 at 08:24:33PM -0700, Timothy Fitz wrote:
> > On Sun, Aug 29, 2010 at 5:08 PM, Zed A. Shaw <zedshaw@zedshaw.com>
> wrote:
> > > If you got a config I can grab I can try it out and come up with how
> > > you'd do it, but I suspect you're trying to access /Library but have a
> > > chroot in a different directory.  Just not possible without a hardlink,
> > > since the chroot prevents access to the rest of the filesystem.
>
> Ah, one more pointer:  Use virtual env and create a virtualenv in your
> chroot so that all your stuff, your django, apps, anything you put is
> all right there.
>
> Trust me on this, it will save you a *world* of headaches later on OSX
> if your specific versions of things are in your own virtualenv rather
> than use the system stuff.
>
> Then you're deployment is even more automated.


A virtualenv install of django puts the directory in question (admin static
content) inside the chroot jail. It's a copy but you're right, this makes
deploy an rsync which is what I wanted anyway.

Timothy

On Sun, Aug 29, 2010 at 09:34:20PM -0700, Timothy Fitz wrote:
> A virtualenv install of django puts the directory in question (admin static
> content) inside the chroot jail. It's a copy but you're right, this makes
> deploy an rsync which is what I wanted anyway.

Bingo, and for most cases you can even check that into a git or hg repo
and it'll work.  The only times it won't is if you have compiled things
like..ehem..zeromq.  But there's apparently some tricks to manage that,
or you do a different env for each platform.

One thing you should know, sort of a "Truth in advertising" is you're
out there on the bleeding edge on this.  I actualy haven't ran a django
app as a Mongrel2 handler yet, so if it has bugs or do weird stuff
switch to a Proxy for the django app, then use a small handler for just
the async chat stuff.

Right after 1.0 I'm totally going to hammer the apps side of the
equation, making it tight to deploy all the different platforms.

-- 
Zed A. Shaw
http://zedshaw.com/

> Z said:
> Right after 1.0 I'm totally going to hammer the apps side of the
> equation, making it tight to deploy all the different platforms.

Excellent! Can't wait.



Chris Mahan
(818) 671-1709
http://christophermahan.com/
chris.mahan@gmail.com
http://twitter.com/chris_mahan





On Mon, Aug 30, 2010 at 12:13 AM, Zed A. Shaw <zedshaw@zedshaw.com> wrote:
> On Sun, Aug 29, 2010 at 09:34:20PM -0700, Timothy Fitz wrote:
>> A virtualenv install of django puts the directory in question (admin static
>> content) inside the chroot jail. It's a copy but you're right, this makes
>> deploy an rsync which is what I wanted anyway.
>
> Bingo, and for most cases you can even check that into a git or hg repo
> and it'll work.  The only times it won't is if you have compiled things
> like..ehem..zeromq.  But there's apparently some tricks to manage that,
> or you do a different env for each platform.
>
> One thing you should know, sort of a "Truth in advertising" is you're
> out there on the bleeding edge on this.  I actualy haven't ran a django
> app as a Mongrel2 handler yet, so if it has bugs or do weird stuff
> switch to a Proxy for the django app, then use a small handler for just
> the async chat stuff.
>
> Right after 1.0 I'm totally going to hammer the apps side of the
> equation, making it tight to deploy all the different platforms.
>
> --
> Zed A. Shaw
> http://zedshaw.com/
>

On Sun, Aug 29, 2010 at 08:24:33PM -0700, Timothy Fitz wrote:
> On Sun, Aug 29, 2010 at 5:08 PM, Zed A. Shaw <zedshaw@zedshaw.com> wrote:
> If you have a Dir with an absolute path,

Ah, yeah that's sort of backwards.  What I've done with this setup is
the deployment stops assuming that things are spread around all over the
machine, and instead they're in one spot.  This fits with deployment
automation that will use say git or hg to store the entire application,
and then push it to a spot.  Doing this simplifies your configuration
because there's a chroot, and then everything is in there.  No need to
worry about crazy paths, or where stuff lives, and most apps just run
the same no matter where they're deployed.

Let me show you what I do.  Here try this for your dev:

1. Server(chroot="./", name="dev")
2. Dir(base="m2/admin_media/", index_file="index.html",
default_ctype="text/plain");
3. And then route for the Dir should be like /admin_media/ or something.
4. cd /Users/timothyfitz/Projects/django_mongrel2_chat/
5. m2sh start -db config.sqlite -name dev

That's how I run it when I'm working on an app, just right in the app's
directory and it hangs out in a window scrolling away so I can see
what's going on.

Then to do your final deployment, you just have a Server() with a
chroot= for your production area, and setup the exact same directory
structure.  Simplifies deployment a ton because rather than everything
spread out all over random spots and never know where anything is, it's
all in one spot, and you can look in the DB to find it.

So let's say you want to setup a deployment in /var/www/django_mongrel2_chat:

1. Server(chroot="/var/www/django_mongrel2_chat", name="prod")
2. rsync -av /Users/timothyfitz/Projects/django_mongrel2_chat /var/www/
3. m2sh start -db /var/www/django_mongrel2_chat/config.sqlite -name production

It'll automatically jump to /var/www/django_mongrel2_chat, start
everything and you're set.  You then just need to kick up the actual
backend, but you can use daemontools or runit or procer for that.  You
can also do say git instead of rsync or any other deployment tool to
that directory.

Now if at that point you want to have content from different areas then
I suggest copy them over and keep them there or use the hardlink.

Let me know if that makes sense.  I abbreviated some of the configs so
hopefully that's not confusing.

-- 
Zed A. Shaw
http://zedshaw.com/