Interim plan to move away from the mongo tarball

Tue Mar 26 14:26:04 UTC 2013

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hey Gustavo

On 25/03/13 17:58, Gustavo Niemeyer wrote:
> On Wed, Mar 20, 2013 at 1:31 AM, David Cheney 
> <david.cheney at canonical.com> wrote:
>>> The short version (email me if you really want the whole
>>> story).
>>> 
>>> By Raring we hope to have mongo 2.2+ssl in a package for P, Q
>>> and R and a large amount of resources have been mobilised to
>>> making this happen, but that is only 1/2 the story.
> That's a nice advancement, and a major undertaking at this point.
> 
> One of the reasons for the out-of-band tarball was that it gave us
> an easy way to have the same MongoDB version running on all past 
> releases, and to have fine-grained control of exactly when and how
> to upgrade it.

The agreed version of MongoDB (currently 2.2.3) will be backported to
precise and quantal; its still not in main so fixes right now would be
driven through the Ubuntu server team (rather than from security team
for example) - but they should be fixes, not upgrades :-).  I'm hoping
that for 13.10 we can get mongodb into main so you get the full distro
security support for this package (I really hate the embedded
spidermonkey library but this is not the default in 2.4 so this is
what I think is the trigger point for main inclusion).

> Keep in mind that we can't take over the stock MongoDB
> configuration for the machine as it is today, since otherwise we're
> blocking charms from using the package for their own needs, which
> means that in theory any knowledge inserted into the package
> upgrading procedure will not affect the data that is manipulated by
> juju itself.

I think this is fine; looking at the simplicity of the mongodb upstart
script you should be able to maintain a separate mongodb configuration
and data directories for Juju.  That way you take the compiled
binaries from the package (with all the goodness that gets you re
security updates etc..) and the configuration etc is outside of the
package and not touched.

This also allows you to restart the juju mongodb when you want to,
rather than when apt upgrades the package.  This is kinda what ceph
does automatically - the package installs the binaries, its up to the
admin to restart the services.

> The long term maintenance also feels tricky. We won't be able to
> use a new MongoDB release without retrofitting the package into
> all supported releases, which extends for a period of 5 years in
> LTSes.

Backporting of new versions well help this but realistically after 2-3
years of an LTS I suspect most Juju users will be running on the next
LTS anyway; so we should probably be agreeing some sort of two year
fix on MongoDB version at 14.04.

- -- 
James Page
Technical Lead
Ubuntu Server Team
james.page at canonical.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCAAGBQJRUa/8AAoJEL/srsug59jDjHoQALUxmkQoLBVGWv+3R+YK+LRh
82GBS0vti68cZMFILQ1sSJJEQVoqljS3jaj8OZFKRZihv7CT8Vm6/b44do3qa7CJ
cFGBYON4pWoQbpo/ZJR2E5AIvfGDqZ2diVSqc5yJBPB9lyN9Zb0Xqob0lsTYQ86n
Yq4Y0GFOhlfkhnbq0ud5QInCZ1KcbIOWAlvNYitkKmUuSUkiErmO7HgWmvK4lNg6
sLo6RR2CkN1E9B7zYnjI+/6tevgu9kYTi7fEkrXf/ws2bXxeYWI7I+5NxXJeWfwt
vDn9rkI5sQbkS++sugC5TiGN58E4aAbEjsqr6v5ra3jNApG0OEbOytRXKfh9nUSk
4eVQiVMBYWE/l3q3gC0TAmRHQuM+7dRJR/9tA66HSzj53j8/A2MszF1jjtulubTS
szs/rCEPqiv2nUZz+P4/VxAI1ekjprskQdtmy+PoWYEQup2A/Cj9Ak7BnqdebBRY
qAUgwcEJTJso2ViQzZThm/9a+7FfdZQk7AuF8d4/0tY53NZ8/bf2XrwE9xx4FP+R
If5XfW3FZ3NsKgby5ef6ZVtpTgDdmk0QTcc+3iVVJrOstFyP5Q1e6AwPSzKxj5UH
HMQ0iaR/HiOlQNCTlp2Eqw4UTnGxIRLBNhdDEStrMdUWaRZoRUQlg8xuXzB77PfQ
uXsV7B7UN5JPYBcOcMeR
=dp1e
-----END PGP SIGNATURE-----