Hi Jonathan,
On 22:27 Mon 14 Apr , Jonathan Matthews wrote:
> Hi all -
>
> I've been running 1.4 for a number of years, but am pondering moving
> some as-yet-unreleased apps to 1.5, for SSL and ACL-ish reasons.
>
> I'd like to ask how you, 1.5 sysadmins and devs, track the development
> version, and how you decide which version to run in production.
We switched from 1.4 to 1.5 last September, after running 1.4 for 2+
years. The switch was made primarily due to SSL and proper IPv6 support;
we had been using nginx for SSL termination previously, which ran fine,
but made our setup a bit more complex than we'd like. We've been very
satisfied with 1.5, both in terms of performance and features.
The features we've been looking at more recently are stick-tables and
counters, and we're planning to use them primarily for abuse detection
and throttling.
> Do you just run 1.5-dev${LATEST}? The latest snapshot? Do you follow
> the list here and cherry-pick important bug fixes?
>
> I don't feel I have a firm understanding of the status of the
> different, co-existing codebases that one could call "1.5" at any
> given time. And nor do I have the C-skills and time to review every
> commit.
>
> What do /you/ do, fellow sysadmins? How do you run, upgrade and
> maintain confidence in your chosen version of 1.5 in production?
We run a -dev version - not necessarily the latest one, just one that is
running stable and has no security issues. In general I follow the list
on a daily basis (not reading through every mail though) and I always
keep a clone of the git repository around and periodically check the
output of
git log --grep BUG/ v1.5-dev${my_release}..
for anything serious (especially BUG/MAJOR commits). If anything too
serious arises, we are willing to cherry-pick changes on top of our
production version (which is always deployed using debian packages). The
bugfix commits usually refer to either the commit, or the version that
introduced the bug, so it is easy to determine whether we are affected
by the bug or not.
We do upgrades in a three-step process, upgrading the backup node of our
active-backup setup, then failing over traffic to it while maintaining
the old active as a backup with the previous version. After everything
runs smoothly for a week or so, we upgrade the other node as well.
Personally I consider 1.5 pretty stable at this point and most bugs I've
seen (even the important ones) are either corner-cases or bugs in new
features that won't break existing configurations. The only exception
was -dev20, which introduced lots of changes and new functionality and
it was probably expected that there would be some breakage. Thus said, I
prefer to run "milestone" releases rather than daily snapshots or latest
git.
Regards,
Apollon
