For the most part I think Ruby on Rails is pretty much the best thing since sliced bread. Of course, like everything else, there are some issues I’m uncomfortable with. Mostly, it has to do with deployment, and especially security during deployment.
- SwitchTower deploy.rb configuration file contains source repository password. This is a consequence of the fact that the application servers check out code from the repository.
- When using SwitchTower the source repository must be available from the application servers. Ideally, the source repository should be very deep behind corporate firewalls, whereas the application server is of course in the DMZ. Requiring a communication path between these is not a good thing.
- Rails production database password in database.yml in the source repository. This is a biggie. I don’t think developers in general should be trusted with the production server passwords. Is this a common theme with LAMP applications?
- Rails supports no obvious ways of using different databases for different production servers (e.g. rolling out applications to several customers). The production server in database.yml will be the same for all roll-outs. In particular, I would like to have the same application rolled out to two different directories on the same web server using different databases.
- There seems to be no way to run a Rails application in Apache both on Windows and Unix without modifying the shebang line in the dispatch.* scripts manually during the installation.
- Per default, Rails expects administrative privileges for Apache to turn on production mode. This is not practical for hosted solutions.
- No support for different developers of the same application having different development and test databases (unless these are local).
These are not issues that are perfectly solved by any competing architecture. Neither are they issues that can’t be solved with a little bit of hard work. However: Rails has the potensial of solving them better than most:
- Switchtower should pack and upload during deployment instead of checking out from the production server. That way, neither the communication path from app server to source repository or the source repository password would be an issue. It will also lessen the dependencies on installed software on the server
- Applications should be partitioned so the .htaccess and the database.yml configurations could remain on the server and differ between servers. database.yml should probably be fragmented so only test and development databases should be stored in the source repository. The goal is to separate the application code from the local configuration during deployment.
The second point may not be as straightforward to implement as the first, but there might be LAMP architecture patterns to solve this kind of problem. The solution is left as an exercise for you, gentle reader.
Copyright © 2005 Johannes Brodwall. All Rights Reserved.