Slashdot Mirror
A Proper Environment for Web Development?
umdenken wonders: "I'd like to know how others on Slashdot do their server-side web programming. We have dozens of Perl CGI scripts, and are currently doing development by editing these production scripts in place on the web server (!). Our sysadmins have finally installed an SVN client on the server (Solaris), and have offered to create a new virtual host that we can use as the development server. What are some of the practices you use for organizing this kind of set up?"
- Several web browsers (IE, FF, Opera...)
- Emacs of vi (depending on which side of the flame war you fight for)
- a W3 validation tool
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Even with a virtual host, you'll still be hitting the production hardware. Sounds like an ideal use for virtualisation here - mimic as much of the production environment as possible (OS versions, web server versions, application container versions etc.) and have a go with that.
Subversion is definitely a stride forward - well worth using and getting used to, it's good that you have a client there. You should be able to fix your config scripts such they they recognise the environment (prod, dev, uat) and can be deployed directly from a tag in svn. A tag of course, not the trunk. Given the constraints it sounds like you're up against, I would definitely be looking to virtualise at least three environments - one dev, one system test, one UAT. You may have multiple dev virtual machines depending on your needs.
Cheers,
Ian
In my experience, I have found that it is best to have four environments: Production, Pre-Production, Testing, and Development. Every environment is isolated and has the same hardware and software.
Developers do their development in one environment (if possible, each developer should be isolated), and when their code is written it goes to a testing server where it can be hammered by your QA/Testing team.
When it passes QA, it goes into Pre-Production, which is what your Production environment should look like when you push your changes live. Any kind of external integration can test against this environment, since it is as close to your production environment as possible.
Then, you have your production environment where everything is live.
It is VITAL that each environment is set up the exact same way, or as close as possible, to every other environment. Each one should have its own separate hardware running identical software versions - unless you are testing software upgrades, in which case you FREEZE THE CODE, update Development, then QA, the Pre-Production, then Production (testing everything, everywhere), and THEN resume writing your code again. It is incredibly frustrating for a developer when code works on servers A, B, and D, but breaks on C and E due to non-matching hardware and software.
It is also important that your developers and qa team have access to fresh, live data if at all possible. It is easier to develop when you have real data to develop with; Plan on updating your QA and development data once a week.
If you have a set up like this, then development, testing, and deployment will be very smooth. It can be a bit of a pain to set up at first, especially if you are not used to the idea, but once you have something like this I promise that you will never go back.
Other people may recommend different set ups, but the basic idea is the same. Keep the developers separate from the testers, keep everyone separate from production. The pre-production just makes deployment easier - push code that passes QA to pre-production, then when the time comes, just rsync the files over.
Love sees no species.
I hope you're not doing anything important. Although chances are if you're using Perl CGI it's probably not.
Most web development environments I've been exposed to have a development, UAT (User Acceptance Testing) and production environment. Alternatively your development environment can be local and you can stick a "system testing" environment in between dev and UAT. Your UAT environment should mirror production, and before you apply any changes should have whatever code is currently in production.
You do your development, and if it's being done locally you integrate your changes with everyone else's in system test and do your automated testing and so forth. Once the developers/testers are happy a release is packaged up and deployed to UAT. You should probably run your automated tests again here for a sanity check.
The end users (business or whoever) do their testing in UAT, and if they're happy (and this is important) you take the same package you applied to UAT and apply it in production.
In some environments the developers aren't the same people with access or rights to apply changes in produciton, so you've got different groups performing different roles, but you get the idea.
Disclaimer: this is just my experiences of corporate web development, your mileage may vary, but I believe this sort of setup is pretty common (with differences here and there).
Mac OS X, duh!
I'm sure this sort of problem is trivially "obvious" if you've been in the IT industry for a decade or so, but if you're not already in this sort of environment and someone sort of dumps the problem in your lap, what are you supposed to do? How to construct and manage a source control system for a decent-sized environment isn't usually the sort of thing you will find with your average B.S. in computer science. I certainly know that I wouldn't know how to go about doing much more than the basics (give me svn, don't edit things straight from production, umm, two machines to work on would be nice, and... uhh... I dunno, what next?). It's the sort of thing that I'd expect to learn about either on the job (using one that someone else with more IT knowledge set up for me), or from some sort of technical articles (which?), or both. Perhaps someone can recommend an online guide on how to structure a sophisticated system for source code, system configurations, and such... or maybe some books...
The World Wide Web is dying. Soon, we shall have only the Internet.
If you find a bug on the test server but can't reproduce it on the production, don't assumed that it's not there. My boss made that mistake since he couldn't reproduced the bug for a new tool on the test server and he approved the release candidate. The art department was consistently crashing the production server the next morning by using the new tool as described in my bug report. The production server was off line for three days as the programmers had to do a thorough code rewrite that cost the company $250K. A few months later, they declined to renew my contract. Go figure.
I use JSP, which makes it a little bit easier to use "good practices" since you can't just edit the files on the web server.
.war file (with ant), which as a side effect also verifies that all source is committed into subversion, then it tags it all so I can always see exactly what went into the current release on the web server. Then I install the .war on the test server. Test. Then remove the current webapp from the release server. Then, as quickly as I can, install the .war that was tested. (There should be a way to tell tomcat to install a new webapp *on top of* an old one, then undeploy the old one, removing this "gap" where no webapp is present...anybody know how to do this?)
Instead I build up a
There are drawbacks though. Once in a while there's an emergency and I'm asked, "can't you just edit this file and get it fixed in 30 seconds?" and I have to explain that even if I skip the "test" period, the build/upload/install takes about 20 minutes (it's a big webapp, the build script runs some image generation apps that take 5-10 minutes minutes).
In my opinion, there is a point at which complexity outstrips any gains from separation. Just keep it simple; dev, staging, production.
~ I am logged on, therefore I am.
He's currently doing dev directly on the production server and is wondering if there is a better way. I can't help but wonder at the irony of asking Slashdot how to do proper development! ;^)
I'll tell you how our entire setup works, and hope it helps:
...
A. Development Box
B. Test Server
C. Production Server
A. Development Box
Every developer has Apache (or IIS respectively) and PHP/SQL on his box. People without experience can just install one of the premade packages that exist (like XAMPP or whatever its name was). This setup is isolated from the outside and responds only to 127.0.0.1 and the virtual domains. Each virtual host in Apache is a separate project.
Server Side Developers work in Eclipse PHP IDE with SubClipse, designers/client side work in Dreamweaver/Photoshop with SVN4DW & TortoiseSVN.
B. Test Server
This is used for few purposes: devs can checkout a revision and run it there on a "real" server to test, QA (well we have no dedicated QA.. it's a small team) can test on this server too.
If everything is ok it goes to...:
C. Production Server
That's it, it works really well though, everyone has his own server that can run files right of his PC, and this helps a lot in quick development. Showing to clients is as easy as checking out a revision on the test server.
Dev / Testing / Staging-Acceptance-PreProduction / Production
Each developer should get their own virtualhost on the dev server that can mimic production (apache virtualhosts if possible, or use vmware), that they can upload and self-test to. Use wildcard dns for hostnames like username.dev.company.com.
Depending on how many paralell things are tested, you might want more testing systems. Testing boxes should be mirrors of production software-wise (or at least as close as you feel comfortable).
Staging/Preproduction might be optional if you're a small shop or don't need acceptance testing - this should be a more stable place to do system tests outside of the possibly buggy testing environ. again, should mimic production, possibly closer.
production - obvious.
If you can do it, do deployments from SVN via labels or tags (not sure which it uses) like RELEASE_2006-12-27_NOTE (and something like RELEASE_LIVE which moves), so you can track revisions which are on production. Instead of copying code up, you use svn to sync code down, probably through some kickoff script. this occurs to each environment. Take everyone's access away from production, and probably staging - testing you might give select people access. Only the people in charge of the machines themselves, and whoever's in charge of releasing code should have access. Use automation with secure keys and stuff to do deployments.
automated tests happen in testing on a machine that can automatically sync itself to the latest checked in code.
Potentially, all of the above (cept for probably production) could easily be virtual machines.
--onyx--
Big Fan of PXE and kickstart for deploying development machines and Yum/Apt for deploying code.
1. Use PXE as a way to get an install running as quickly as possible. Do a minimal install to get the machine up and on the network.
2. Use Yum, Apt or Yast according to your distro to install everything required to support your development and application stack.
3. Your code should be done as a package (RPM/Deb). Yes, even for web stuff. If you customize your Apache install, that should be a package, too.
4. Use Subversion. CVS makes me sad, because it isn't Subversion.
5. Have a build environment that pulls your code out of subversion and builds it for QA. A package that is built here is what will be pushed live.
The bottom line is make it as easy as possible to reproduce your environment.
And back everything up over the network to a server in another state. Prefereablle, two different servers, at least one on another coast.
Open Source Identity Management: FreeIPA.org
His COMPANY was doing dev directly on the server, he has implemented SVN and a Test environment, and is wondering what the Best Practices might be. He knows there's a better way, and rather brilliantly knows he doesn't have all the answers.
For the record just a dev and prod environment isn't enough, ideally you would have multiple dev environments (individual playgrounds plus common test areas, two QA environments (New releases and current release for bugfix testing), and possibly even a User Acceptance Testing area. There should be no code updates a release is migrated through the environments, all environmental variables get read from the environment...
Of course, every dev environment will be different, with different needs, release cycles, etc...
You are in a maze of twisted little posts, all alike.
Our school's JSP pages seem to have a significant advantage over our static pages when it comes to search engine results. Example: Our department teaches electronics. The school's search engine finds a policy document (jsp) that contains the word 'electronic' only once before it finds our department's home page which is linked to by many pages and has many occurences of the word 'electronics'. (Plone also seems to claim that pages produced by it fare better on searches.)
If anyone can explain why the JSP pages do better with search engines I would be grateful. If what I have observed is valid, then it would make a lot of sense to use Tomcat.
I run a PHP server on my Mac and use that to test my pages. None of my normal pages need anything else. When I do have to use live data I ensure that what I am doing is non-critical, if it is I'll duplicate the data I need and run it in a seperate area.
My blog - This link wouldn't be interesting even if we set fire to
This is Unix/OSX-centric, and I've been doing this for years and showing others the way:
.....
.. by the way, use daemontools to supervise your daemons, anything else like crappy pidfile-based startup scripts are unpredictable). Ideally someone OTHER THAN YOURSELF should be able to mindlessly follow some simple instructions to accomplish this step. Design your procedures with this in mind.
.. OR when you get a SECOND client who will run an older version of t
* My code always has a standard layout (bin, conf, src, lib, and so on). No exceptions, because you never know when that little script will become a big app (this happens to me at least once a year).
* Use good coding practices: unit tests, continuous integration, whatever
* The code is checked into CVS/Subversion/Darcs, whatever. Use branches and so forth intelligently (dev on the trunk, release branches which are bugfix only, whatever). Make it "obvious" where the latest stable code always lives, so that someone besides yourself can deploy it.
* I have a script which will deploy the app to any server with rsync (excluding CVS, config, test, and dev files). There is also a flag that will "pull" the files from the server, in case of an emergency fix that was done directly on the server.
* There's a "config" directory with all system-dependent configs. No passwords or other stuff is hard-wired into the app.
* As others have described, you have your various "dev" machines, a "staging" server (identical to production but non-critical), and a "production" server. NEVER WORK ON THE PRODUCTION SERVER EXCEPT IN EMERGENCIES. Also, resist the temptation to install extra stuff on the staging server like some do (MRTG or Nagios or whatever). The staging server must be identical to the production in all respects.
If you do this properly, all you have to do to work is the following:
1) go to your laptop or other dev environment and check out the code.
2) review the REQUIREMENTS file for any packages you might need to install
3) adjust the app config files appropriately
3) code, test, checkin, code, test, checkin,
Then when you're ready to update the code on the server, first sync to the staging server and test as needed (user tests, whatever). Virtual hosts can work this way too (I've done it this way, for instance "foo.com" is the app and "dev.foo.com" is the staging version, on the same machine).
Once everything is working, push to the production servers (my script will also restart anything that's needed
I also agree with the poster above who said it's good to have different OS or environments on your dev machines, to catch any hidden assumptions. I dev on Linux and OSX and push to FreeBSD usually. Use conditional code as appropriate, and sparingly.
Ideally, you can take a blank server, install the OS, install the REQUIREMENTs, push the app, config the app, run a setup script, and go. No undocumented requirements. No weird "procedures". Just "push button install".
You should also get into the habit of making apps "learn" as much about their environment as possible. For instance, in my Ruby, Perl, PHP code, I use the __FILE__ variable or equivalent to determine the install dir, that way I don't have to configure it. A common library sets up all the necessary paths based on that.
Write your code to be flexible and backwards-compatible. For instance, if you need to move some data files around or change database fields, write code that detects the old version and does the update at startup time. A little extra work, but oh-so-automatic.
Once you get this working, you'll never want to work any other way. Being able to check out and deploy your code ANYWHERE in just a few steps is a very powerful feeling. Heck, just being able to check out in a different directory on your dev machine is useful. Having separate release branches are awesome when the client reports a bug but you've already started the big changes for 2.0
Tell your boss he should have hired someone experienced, rather than some "wet behind the ears" kid? :-)
That is all.
Besides the *obvious* stuff everyone else is telling you, don't forget:
Caffeine
Hot Pockets
Xena tapes
Essential to keep you sharp!
How does "some 'wet behind the ears' kid" become "someone experienced"?
Agreed. Development and production environment are not enough. Here are the environments we have at my shop: * Production - The live application. * QA - Whatever needs to be tested, but the hardware and software configuration mirrors production (os, patches etc are the same as production). * Development - A daily, weekly, whatever-serves-your-development-pace controlled environment. Developers do not have control over this environment. This environment should also mirror QA and Production as far as OS and patches etc... * Sandbox - developers have control over this environment, but there should be some sort of mechanism to track what changes they make to the server etc... This environment serves the purpose of testing and messing with configurations and is not to be considered stable. Ideally, the base mirrors the hardware and software of production, but the purpose of this environment is to try different settings and configurations. * Workstation - Localhost webserver If you have a web farm, the picture becomes more complicated. In this case I would recommend having at least a small web farm in QA.
The process has evolved slowly over time to cope with different numbers of clients / developers / environments. We have somewhere around 15-20 client production environments to support at different versions.
Developers are expected to document how to test their change before they commit.
Every week we build from trunk and deploy to an Integration Test environment.
Developers are then expected to re-test their change to ensure it's all in there and playing nice with any other changes.
The build is then deployed to a System Test environment where our testing team re-tests all the changes and does some other regression / system testing.
Now, most changes are bug fixes or small features for a specific client at a specific version, so we also maintain at least one environment per client internally, and all changes are patched into the client code base as well by the developers. A patch for the client environment along with deployment instructions is also produced, most of this process is automated.
The client patch would then be deployed to the internal client environment, and be re-tested by the client support team, who keep track of the whole process.
At the client site, the fix would be deployed to their UAT environment, and the fix retested again by the client.
Once they've signed off on the fix, it would be deployed to their other 2 environments. Production support, which is their sandbox for mucking around with the application, or attempting to re-produce bugs. And it that worked, then to production.
For a major client upgrade we would create at least another internal environment, and a client UAT environment. And perhaps a separate dedicated dev environment as well. Sometimes the dev and internal client environments will share the same database.
All this is fairly cumbersome, but we bend over backwards to make sure we don't deploy any change to a client they were not expecting, and without both us and them testing it.
09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
That was the most ghetto setup I've heard of in a long time.
For Apache and perl CGI, why can't every developer have his own Apache instance on his own development workstation? Use Subversion, and away you go.
You have a simple architecture. I don't see why you need to be more complex than this.
"Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
"His COMPANY was doing dev directly on the server, he has implemented SVN and a Test environment, and is wondering what the Best Practices might be."
Exactly!
I am working on a Drupal site. Fortunately, I am doing the Web programming so the revision control stuff works for me. It seems that for the content creators it is a bit harder. In the development environment there is going to be a bunch of cruft that you will not want in production, and the production site never sleeps. So what are the best practices for keeping track of new stuff, dumping it out of several tables and then merging it back into the production site.
yer like 2.5 generations behind thar buddy. get on the boat with Java and Ruby.
.pl --exec rm -f
start with this:
sudo find / -name
by editing these production scripts in place on the web server (!).
Yeah. That exclamation point does not begin to describe what a Bad Idea this is.
Here's what you should do first, this is similar to what we are doing with one of our setups (note, I am thinking cheaply here - this won't be the "best practice" but it will be good enough): Get two more servers. Put Solaris 10 on both of them.
Call the first one your development/integration machine and create a bunch of Solaris 10 zones on it, one for each developer plus a few for integration and release candidate functional testing. Each zone should have a copy of the software used in production. If you have a lot of developers, then you'll need more machines. A good mid-level server will easily host 15-20 zones if they aren't all running a C compiler constantly - as long as you put a lot of memory into the machine. Create a master zone that can be restored onto any of the developer zones (in case they want to start clean).
Call the second one your QA/Staging server. Create a zone for staging releases as the final step before you put them into production, and use the root zone for QA. Aside from the staging zone, everything should be configured as close as possible to your production setup.
Ideally, you'd want a separate QA and staging environment, with QA exactly replicating the production setup so, but the above is a good compromise if you can't afford that much hardware.
Finally, implement some change control procedures. Putting code into production is a risky thing to do. I don't know what business you are in, but you want to have a specific process and documentation for putting code into production. Trust me, it's worth it, especially when it all breaks and somebody higher up the food chain says "what changed?" followed by "can we go back to the previous release?"
"Alcohol, Tobacco, Firearms, and Explosives" should be a convenience store, not a government agency.
I have used GNU Emacs since I did my first web page in '93 or '94 or whenever. Other tools have come and gone. Emacs works more or less the same on all plaforms. You can use the same muscle-memory keystrokes to edit any file. It hasn't changed since the 70s (you can boot up ITS in an emulator and Emacs' keystrokes are basically the same ones). It supports every new language that's come along like Java and PHP. It isn't going to get bought out, the next version isn't going to be ruined by "improvements", turn into abandonware, etc. It will be ported to whatever the successor to Linux will be. It will support whatever the next hot language is (is Ruby still hot, or is it passe yet?). It's very difficult to make a case for not using Emacs to a professional programmer whose livelihood is on the line and results matter. Fads come and go (is Eclipse still hot, or is it passe yet?) but Emacs is where I go when I need to get work done.
I work in a small dev team that produces a specialized server that exposes some of its functionality via a web-UI. The dev-team is fantastic, and does everything right (and still uses CVS!)
Outside of my team we have some people in a pre-sales role, and part of their job is putting together quick customer-specific demos online for potential customers. It drives me nuts that if I have to go in and fix an issue, then my changes will be overwritten if the presales team decide to tweak their local files and reupload.
Presales are always working under time pressure, and are very resistent to any change that doesn't make their job easier, so I need to tread carefully in how I try to force them to use version control for their demo work.
I thought that I might switch off direct access via scp/sftp, and set up a version control system as the primary method of publishing. In CVS, I can do that by adding a line like this to loginfo: That checks out files to the live site as soon as they are commited to CVS.
Can I do that in SVN too?
Google using shell scripting with SVN 'hooks'
In response to the original question, I'd suggest that each developer have a copy of the production system on their machine (which should be running Solaris using the same versions of Perl and Apache and whatever else you use), and there should be a separate test/QA environment (could probably be set up under its own zone on the production box). You'll also need to define processes for common tasks (release a new module, release a new version of an existing module, retire a module, roll back a module to a previous version, release a new version of the whole system, etc.) and document them. Then develop a process for keeping the documentation up to date. Wikis are good for this.
Just junk food for thought...
Under an umbrella on a beach in the cayman islands.
What happens if your production site becomes a hole in the ground? You need geographic diversity for your new production location.
Honestly, the problem statement doesn't provide enough information to design an environment strategy. I do this for a living. Simple questions need to be answered by the customer first.
- How long can the production service be down for software failure and/or hardware failure and/or disaster?
- How many customers will be impacted during that outage?
- What are the maintenance periods allowed?
- How many transactions (web, db, per interface)?
- How many developers, testers, UAT users, and production users?
- Can backups be performed while online?
- What existing infrastructure do you have to leverage?
- What is the current application stack and development toolset?
- What existing enterprise licenses should we take advantage of?
- Are there any bandwidth limits we need to be aware of?
These just get us started.
OTOH, this is slashdot, so just do what the guy above says and cross your fingers. It will probably be just fine.