Second quarterly report (Q4-2012) of Aegir funding work

There has been little feedback to the community of the Aegir work funded jointly by Omega8cc and Koumbit.org since the first report. While we have previously agreed to issue such a report every two months, we have been lagging behind in development during the summer so there was little to report. Work has picked up however, and we should be reporting regularly, so here we go!

1. Executive summary

Koumbit has spent 62 hours of raw work (excluding breaks and overhead) until november, roughly 5.5 hours a week, which is a little less than the previous period, but still a respectable number, considering the holidays.

Indeed, development was seriously hindered by that nasty thing called "vacations" here, which made the core Aegir developer (anarcat, me!) unavailable for more than 4 weeks this summer. We have decided to include the work ergonlogic has performed on the sites directory in this report and funded that work accordingly.

2. Notable accomplishments

I personnally performed about 30 commits and participated in over 100 issues on Drupal.org in the last 3-4 months.

All the gory details are on my tracker here:

Here's an outline of significant contributions.

2.1. Issue tracking and queue support

I have kept on performing review duties in the queue during that time, although at a reduced pace. I also need to catchup for the weeks I have been on vacation this summer, so to all the people who submitted patches and feedback, do not panic, you are not lost and will be responded to!

2.2. SSL and IP allocation work

Issue #1126640 and related

This work, mentionned in the last report, concerns rewiring the SSL code to move policy back in the frontend where it belongs, and fix a bunch of bugs and the weird ways the SSL functionality works.

I have done a significant dent in this problem since the last report. I have started an actual implementation of IP allocation in the frontend. The code still need to be tested, but I think it's is a step in the right direction. I started priorising this work because of the problems found in the SSL support of the pack module. This is my main priority right now.

The approach I have taken is to remove the IP allocation from the backend completely, rendering it dumb like it is done elsewhere in Aegir. One big question that remains is whether sites should have an IP associated to them, or only an SSL certificate and then SSL certificates have (or not, in case of SNI) IPs associated to them. I tend towards the latter (SSL-site mapping only), but I am really not certain and would welcome feedback in the issue.

2.3. Optimisation: moving files out of the sites directory

Issue #1205458 and related

Christopher has done significant work in adding this feature which promises to improve migrate performance significantly while at the same time making it easier to host those files on a SAN or external storage layers. Christopher has taken an innovative approach based on tokens to let the administrator choose the policy of where the files should be stored. The code is sound and the approach is really interesting, but this code needs testing before we factor it into 2.x. This API-breaking change will not be part of 1.x unfortunately, but we aim to release 2.x shortly anyways, so that shouldn't be a problem. ;)

2.4. Client importation failures

Issue #1146014

Some issues were discovered in the 2.x code thanks to the Barracuda team about how we handle clones and old site imports, which could leave a site without an owner and vulnerable to all users on the Aegir site. The patch is still pending review, but should be factored into 2.x shortly.

2.5. Nginx support in the Debian package

Issue #1348560

I finally bit the bullet and made the Debian package support Nginx out of the box. The code was pushed directly to the 2.x branch after some basic tests. No extra configuration screen is necessary, the idea is that the package does an educated guess based on what packages are already installed so to install Aegir with Nginx should be as simple as:

apt-get install nginx aegir

Apache still remains the default webserver for now however.

2.6. Hurricane Sandy

Main article

The Aegir team struggled quite a bit with Hurricane Sandy, which knocked down our Debian archive and Jenkins server. Thanks to the invaluable work of Omega8cc people (hosting) in coordination with Koumbit (DNS), the services were brought back online fairly quickly after jumping between the available datacenters.

3. Upcoming work

On top of the aforementionned issues and the upcoming work mentionned in the previous report, which are still relevant, we have the following updates to add to this report.

3.1. 2.x release schedule update

Original discussion

The 2.x release schedule was seriously compromised because of the holidays, so the previous release plan has obviously been scrapped now. The objective remain, however, and we could say we are almost halfway through our primary objectives. It is my hope that I am able to finish the SSL and nginx cleanup before christmas vacations, which would mean alpha/beta releases in january. I expect the 2.x beta/RC release cycle to be fairly short as it is already used in production in some places so we are likely to make a full release of Aegir 2.0 in early 2013.