Category Archives: devops

Openstack Summit Fall 2011 – Wrap-up and overview

2 Replies

I’m back from the OpenStack design summit and conference, just held in Boston, MA. It was a fantastic week, with the first three days dedicated to the design summit – getting down and dirty with the details, and the last two dedicated to the conference portion – talks and panels about folks actively using OpenStack, and a little wrap-up and overview from the project technical leads of the next 6 month roadmap for the core and incubation projects in OpenStack.

One thing that was intended as new, and I think worked well, was the splitting of the conference and design summit. It really made it a lot easier to be involved in the technical details and not have to choose between that and listening to folks talk to what they’re Openstack experiences have been, governance models and choices, and so forth. As an active contributor to (and general jack-of-all-trades with) a number of the OpenStack projects, it’s hard enough to balance my focus between the technical sessions.

There was also a ton of news related to OpenStack that is just fantastic for the community. Rackspace is starting to form out a foundation to run OpenStack long term, and the governance round-table at the conference made it clear that pretty much everyone agreed to a thoughtful, careful process to set it up to really make a long term run with OpenStack. There was notable consensus on ideas and vision of how to set up governance, including taking some long and deep looks at how other successful open source foundations have been set up, and looking to those foundations to learn what’s been successful, and what they might have done differently.

There was also the entrance of Hewlett Packard very publicly actively into the OpenStack world. Back in September, they said they’d be there, and with the conference they have committed hardware and time to continuous integration efforts. They were notably involved in the design summit as well, hosting a couple of sessions and getting actively involved in others. And I think most pleasing to me, they are actively submitting code contributions to the OpenStack core projects. I think it’s a little odd that they’re all coming in as “HP Nova Contributors“, but I’m glad to see it.

With HP running their cloud offering on OpenStack, they’re getting deeper in the details of the code. Dell’s been focusing their efforts on the amazing OpenStack deployment tool: Crowbar, and it seems clear to me that HP is taking their interest quite a bit deeper into the core projects.

I won’t even do justice the the individual project roadmaps from the summit – I think that the most of the project technical leads are likely recovering this weekend from an intensely focused week. In the next couple of weeks, we’ll see them hit the mailing list – and from what I saw from the sessions in the conference, there’s going to be some hard choices coming up on where to expend resources. Every one of the projects has more that they want to do than they will be able to smoothly accomplish in the next 6 months. We’ll see the details hitting the blueprints in the very near future I’m sure. Suffice to say that if you’ve been thinking about getting involved in OpenStack, now is very definitely the time to jump in – there’s a ton to do, and a lot of really interesting problems to solve in getting it done.

Benchmarking Celery

1 Reply

Before you even go there, I’ll preface this with YMMV.

This little post is to document a benchmark that I did for an internal use case, in the hopes that it’ll be helpful for others. As a benchmark, I wasn’t attempting to fully characterize the performance of a specific system – I just wanted a pole against which to measure changes in the environment or underlying infrastructure. I was curious what the performance was of Celery, using RabbitMQ. The tests I ran were pretty much straight sample code of the project (a simple “add” task) and a client making multiple requests and combining the results with the veritable python “timeit“.

The code

All the code for this test (and more, I got excited…) is stashed up on Github: https://github.com/heckj/openstack-benchmarks/tree/CeleryBenchmark. Really, the parts you’re likely to be interested in is the worker class: tasks.py, the configuration: celeryconfig.py, and the actual benchmarking code: celery-benchmark.py.

And before you ask, no – the OpenStack project doesn’t currently use Celery – in fact they use Carrot right now. I’m just intending to add on more benchmarks and profile tools into this codebase around the OpenStack project in the future.

The config

The configuration was held constant – a stock Ubuntu 10.10 server with all the various dependencies installed. Since I’m sure someone will want to know about the versions:

  • rabbitmq-server 1.8.0-1ubuntu2
  • python2.6 2.6.6-5ubuntu1
  • python-amqplib 0.6.1-1
  • celery 2.2.7
  • kombu 1.1.6
  • anyjson 0.3.1

The host was a Shuttle PC, 8GB ram, Core 2 Duo processors. The host was never heavily burdened by the processing that took place (load < 1.0, no significant swaping). The benchmarking was done on the same host as RabbitMQ to remove any network latency effects.

The results

.

I was totally abusing MS Excel’s “stock graph” to show variability in the results (of which there wasn’t a hell of a lot). In the graph, the thin line represents the range (min to max) and the thicker box in the middle is standard deviation +/- the average result. The gist – the round trip time was pretty much straight up at 160ms per requests, and that sampled over 1,000,000 requests. The image above shows a portion of the sequence. The relevant code:

from benchmark.celerybench.tasks import add

result = add.apply_async(args=[4, 4]_
result.get()

(As I mentioned earlier, you can see the whole code on github).

I did more tests, but I need to keep some of those to myself, as they’re testing variations of configurations for my job.

Random side notes

I hadn’t done anything in depth with Celery before. I’d heard about it from friends, and in the community in general. The author pinged me a couple of times with help as well. Overall, I found the Celery setup to be incredibly easy to use and a very straightforward API (always nice). There were lots of options available, but everything was set with very usable defaults from the start. I’m totally looking forward to using Celery in some projects, as well as taking advantage of Kombu – a drop-in/compatibility layer for Carrot.

Update:

Ask mentioned some suggestions for optimizing in twitter – seemed a good place to put them. Try:

  • CELERYD_PREFETCH_MULTIPLIER=0
  • CELERY_DISABLE_RATE_LIMITS=True
  • and BROKER_TRANSPORT=”librabbitmq” to use the pylibrabbitmq C library

Eyes – a new monitoring system

2 Replies

It was over a year ago that I started getting really annoyed at the state of monitoring systems. They all do what you sort of expect a monitoring system to do – watch (poll) systems and alert you when something’s gone off. Pretty much anyone who’s done much system administration work knows the obvious critters: Nagios, Munin, Cacti, Zenoss. Zenoss is the start into the pay realm too – GroundWorks, BMC Patrol, HP’s SiteScope, etc.

So here’s my annoyance – all of these systems, even the open source ones, are really set up to be managed by people, not other systems. They’re not built with API’s to be able to create, update, check on, and delete monitors. Some of them come darned close – Zenoss, SiteScope, etc. Others have this sort of worked around from the back side – i.e. Puppet or Chef recipes that generate Nagios configuration files.

So a year ago I decided that I could probably put something together that does the same basics, but has API’s built in from scratch. I did a lot of noodling on the idea, scratching ideas in notebooks and such, before I really kicked things off. Then I decided to see what I could do to wrap up a new system. I built it around Nagios plugins – mostly because there’s a lot of them and they do some pretty good stuff right off the bat. And that’s all open source as well. And I wrapped that around with a web application based on Django, because – well – I know Django reasonably well. The result is a basic system that I’m calling “Eyes”.

The whole source, from the very beginning, is on Bitbucket at http://bitbucket.org/heckj/eyes. And after poking at it on and off for nearly 12 months, I decided to wrap this up a bit and get it out there – so as of today I have my first release on PyPi, with documentation. And I created a mailing list – eyes-monitoring – on Google Groups to have some place to talk around it.

I very intentionally included documentation for the project from the very beginning, embedded with the project. I also very intentionally wrapped a large number of tests around the project, and have been checking and watching test coverage as the project grows and changes. The state today? Basically functional, but you have to know the innards to do much more with it.

Today it doesn’t have anything related to alerting or escalation within it. It doesn’t have much of anything around a user interface, and the data is stored all in RRD files. It’s at the point now where the basic framework is in place – and there’s a lot more to go: design of the user interface, blocking in alternate mechanisms to do monitoring, and fleshing out higher level features like notifications and alerts – both via email and alternative mechanisms (like web-hooks, or XMPP event streams).

What it is ready for is outside eyes. If you’re interested in contributing, or even sharing some ideas about what to do with Eyes, I’d love to hear from you. Fork the code and try it out, or join the mailing list (http://groups.google.com/group/eyes-monitoring) and share some of your ideas or thoughts.

Hacking on OpenStack’s Nova

4 Replies

Like quite a number of other folks, I’ve been lurking on the OpenStack mailing lists since I saw the announcements. Friday, Eric Day put out a call to help with the “get this code into shape” against PEP8 and pylint.

“Ahh!”, I thought – an easy intro to getting into the project and it’ll give me an excuse to really read the code. So this weekend I started taking a stab at doing a little light buff and puff on the code to get the PEP8 and pylint code scores up a bit.

What I found is that it took some work to get everything from the codebase ready to really do some work on it. And the notes aren’t all in the same places on how to do that – what notes are there are all written mostly for Ubuntu. I was pretty sure most of this could be done on a Mac too – at least based on the dependency documentation, so I cobbled up some notes on getting rolling with Launchpad, this code base, and being able to run the tests to verify that my cleaning didn’t really break anything.

I put the resulting notes on the OpenStack wiki page http://wiki.openstack.org/HackingNovaMacOSX.

The big thing that I’m not sure about is the testing. Just a stock install is failing on one unit test, and it’s in an area I’m not very familiar with (auth & creating certificates). If any the OpenStack folk are reading this, here’s the error I’m seeing:

[ERROR]: nova.tests.auth_unittest.AuthTestCase.test_209_can_generate_x509

Traceback (most recent call last):
  File "/Users/heckj/Documents/code/nova/nova/test.py", line 222, in run
    d = self._maybeInlineCallbacks(testMethod)
  File "/Users/heckj/Documents/code/nova/nova/test.py", line 182, in _maybeInlineCallbacks
    g = f()
  File "/Users/heckj/Documents/code/nova/nova/tests/auth_unittest.py", line 162, in test_209_can_generate_x509
    signed_cert = X509.load_cert_string(cert_str)
  File "/Users/heckj/Documents/code/nova/.nova-venv/lib/python2.6/site-packages/M2Crypto/X509.py", line 655, in load_cert_string
    return load_cert_bio(bio, format)
  File "/Users/heckj/Documents/code/nova/.nova-venv/lib/python2.6/site-packages/M2Crypto/X509.py", line 639, in load_cert_bio
    raise X509Error(Err.get_error())
M2Crypto.X509.X509Error: 140735090166816:error:0906D06C:PEM routines:PEM_read_bio:no start line:/SourceCache/OpenSSL098/OpenSSL098-32/src/crypto/pem/pem_lib.c:650:Expecting: CERTIFICATE

update: Turns out the error was directly related to the version of OpenSSL installed on my laptop. I had version 1.0.0a from MacPorts installed and in my default path, which caused the error. Version 0.9.8l (base install in MacOS X) works fine.

sudo port deactivate openssl

did the trick and the tests are all running now. I updated the bug against Nova with those details, leaving it open – it ought to at least fail reasonably.

breaking the private network oasis addiction with OAuth

Leave a reply

Most reasonably (and larger) sized operations organizations have a pretty standard networking setup – or at least some close variation on the theme. ARIN wants public IP addresses behind load balancers, so most orgnizations front up their services through software or hardware load balancers. From there, it goes back to a highly response “web tier” – the spewing of content and the CDN source systems. Those back in to application tiers, and behind those are data persistence tiers (typically, your classic RDBMS). The only thing on the internet is often those load balancers. The networks are often segmented between app and data as well, often with firewalls, to “reduce potential intrusion”. It’s a good plan and pattern – it generally works. And while you own it all, you own your own network oasis of happiness.

Economic pressures being what they are, it is getting more effective to own what you absolutely need of infrastructure, and rent the rest. Shoot – if you’re small enough, owning anything at all for infrastructure may not make sense.

The problem comes when you want to start moving between those network oasis’ of happiness. Like, oh say, to a cloud provider. The end result is our services have all become addicted to this concept of secure, high-bandwidth, reliable access between tiers – that happy oasis. And that addiction is one that isn’t healthy – at least not in a world of elastic scaling architectures. We’re getting used to breaking that addiction when we integrate with external services – facebook, twitter, etc. The mashups are breaking the mold of how this has been done in the past. And we need to break our addiction!

Why am I asserting this? As I look at a large number of applications, they don’t fit a “cloud provider” very well – at least not when you start to get into the realm of dynamic or elastic scaling. Most providers have something akin to an “internal network” which we can leverage as consumers. As we get to the logical conclusion we will find ourselves wanting to shift work between one “oasis of network happiness” to another. The solution today? Expand to fill all available resources and then buy some more at the same place.

That ain’t gunna to cut it.

For us as consumers of infrastructure of a service, we want one provider to be as good and flexibly as another. That means commoditization of the infrastructure (which I believe we’re starting to see now, although the infrastructure providers will fight it tooth and nail). That means we need to be able to shift from one to the other at a moments notice.

Here’s an example:

You have enough resources for 100 units at provider A, and you are running up to a high level usage that looks like it’ll exceed that. You call up Mr Infrastructure A, who reluctantly informs you “Sorry, all sold out – it’ll take 6 weeks to add capacity”. You also happen to have a not-quite-as-good deal with provider B that costs a little more. All sounds good so far – your uber-cool software provisioning system smacks down a couple of VM images and spins them up…. except it’s a got a problem: connecting the stuff running at provider A to the new stuff you’ve just spun up.

And that’s assuming that you’ve solved all sorts of somewhat evil configuration problems knowing to indicate to a component what it is and who it should be talking to to get its work done. That’s a topic for a different post though.

I don’t have THE answer, but I do have AN answer. Follow the mashup leaders: take the OAuth & REST pattern back into your office, workspace, colleagues, whatever. That’s what we’re doing after all – mashing up some services. It’s just that we normally think mashup means “with someone else’s stuff”.

OAuth and REST work together beautifully and with some coordination can be the answer to providing the answer to the security question “Should I allow this external request to access these resources?” The OAuth 2.0 spec has a segment in it – section 1.4.4 (version 10) – that walks through the flow for this to happen. Routing over SSL does a pretty reasonable job of getting the data encrypted as well. The cost: running an Authorization server.

(You can pull off this same trick with OAuth 1.0: the not-quite-standard-but-defacto “2 legged OAuth” routing. The problem: not everyone and all the libraries agree on how to make that work seamlessly.)

In order to allow our ourselves to start treating everything – infrastructure as well – as software with it’s speed of change we need to be able to dynamically allocate resources. Once we have services that are all chatting across OAuth authorized links (encrypted or not), we’ve removed a huge impediment to being able to elastically scale our services.

Yeah, configuration. Kind of bitch, ain’t it. Another post, eh?

the CMDB is dead, long live the CMDB

8 Replies

I work in an environment that has an existing CMDB. Over the past year, I’ve spent a fair number of man hours from my team and an equal number of hours of my own thinking about what it is, what we want from it, and how so much of what’s available today just doesn’t cut it.

The thing that we’ll label as a “CMDB”, to me, isn’t. It isn’t a configuration management database. For us, it’s an inventory of assets – digital and physical. It’s a metadata store that allows us to assign ownership, and an ancillary data set that makes categorizing incidents, requests, and changes in the classic service management sense a bit easier across a very wide organization. If any small company came to me and said “yeah, gotta have a CMDB!” I’d be looking very closely at how potentially insane they were. Most small orgs and companies just don’t need it. It’s honestly only useful when you breach some amount of scale.

The worst part is the ITIL definition of what should be in a CMDB has been effectively unachievable because of the costs associated with it. The classic ITIL world of CMDB has this data repository being updated with process (typically manual) as changes are approved – it’s meant to represent the “desired state” of an operational world. Only it doesn’t. Really, it never has. And even with the highest priced tools on the market today never will. At best it’s an audit-against tool that you can see “yeah, it matched or didn’t match when we ran that scan a few days ago”.

It doesn’t have to be this way though. What most of us want from a CMDB is what we get implicitly, to some degree, from many of our monitoring solutions – a digital map of our environment. The monitoring pieces created their own version – typically configured by hand, or sometimes configured automatically with a hand to help guide (Zenoss and Hyperic both do a pretty good job at this). The monitoring systems then use that data model to know who to alert when something goes wrong, or if they’re really good – to share some set of analysis around “service X is down because the component A that it relies on is down”.

Virtualization is pushing this all right over a critical tipping point. The “old” CMDB is dead, lets jump to the new. We need a model of our environment that maps our physical and digital assets. We need it to show us dependencies in an ever increasing world, and we need it to help inform us – especially in a larger organization, who to contact if there’s an issue with a service. If we have to fill out all this data and information by hand, we’re lost. The rate of change is increasing, and we *want it* to increase. Look to the model of continuous deployment, the natural successor to the software development process that is continuous integration. Now in classic #devops style, let’s apply that right on through and into operations and running our services.

What doesn’t exist today, in our collective musings about a DevOps toolchain, are (currently) the tools to integrate the knowledge that the deployment tools have into updating a digital asset model . Even these tools don’t know the dependencies (i.e. what database is this rails app using, which memcache server/port combo is being used, etc) – but it’s there, just slightly under the covers.

The other place where we want/need this knowledge stashed? Our monitoring systems. The continuos tests against our live services to assert they’re OK. Many open source systems include some level of a model just implicitly in their configurations. Nagios, Munin, Zenoss, Hyperic, etc. I am still struggling to find monitoring systems that have the concept of dynamic configuration through an API access built in to the base of them. Still – much of their configuration is something that we might naturally want to store in a map of our services.

The way to get this data? Drive it from the tools that are implementing the changes. Have it as a service that can be updated and modified through simple API’s that Buildout, Func, Capistrano, Fabric, ControlTier, or whatever can access and inform. Use the manifests and details that the system configuration tiers (BCFG, cfengine, Chef, Puppet, SmartFrog) have been built with to populate this map as they deploy and invoke their services.

This is all a step to moving all of our infrastructure, historically so very physical, into the digital world. There are tremendous efficiencies to be gained – both financially (using our physical assets more effectively, or just using what you need from an existing infrastructure provider) and from a service perspective (being able to reconfigure and deploy your services to match the market needs).

Much of devops is focused on deployment, because that’s where we spend most of our time today. That’s good – but we can not forget that it is just one small part of the overall process for these services from inception to retirement.

And before any of the classic CMDB folks find me and start shooting, yes – I’m very aware of the work that is going on at CMDBf around federating CMDBs. The idea there is good – they’re heading in the right direction. At a 10,000 foot view they’re going the right direction with their standard. The foundation that it is built on is – in my opinion – now outdated and needs to be revisited. The implementation needs to be simplified. I would recommend you look at the labels of the members that are coming together around the federated CMDB concept. Do you see anything in there that shouts of “open, adaptable, flexible”? I don’t. I see the same kind of collaboration that led to J2EE standards and the W* standards around “web services”. What is needed is something simpler, more open, and with publicly available implementations. I would never expect BMC, CA, HP, IBM, or Microsoft to help provide that – it’s just not in their best interests when they have revenue tied to the services and software they provide in this space today.

Using fabric to deploy a Pinax project

2 Replies

I spent the better part of this morning screwing around with Fabric to get even a basic deployment working correctly with Pinax. I may be doing this horrifically backwards… Since I finally nailed something that worked for me and I couldn’t find much out there on the web, I wanted to post up a result so that other folks could use/riff etc.

http://gist.github.com/284927

Please feel free to replicate/clone/use/etc whatever to your heart’s content. It’s built around deploying a Pinax 0.71 project clone that also uses South for schema migrations, and the project is housed in BitBucket.

The other fabric file I found that’s referenced frequently was a part of the inspiration here: http://gist.github.com/212366. It’s a fabfile that’s intended to provide some simple rollback and expects to be used from GitHub – and has some really nice documentation associated with it. Maybe I’ll work on mine to add some of that doc… but mostly I’m just making it available as is.

Building the high spires – enabling elastic cloud computing

3 Replies

3184396852_c8f995482a.jpg
Somewhat related to my previous post – I’ve been thinking a lot about packaging lately. At work, I’ve jumped into a team that’s responsible for a whole bunch of infrastructure – envisioning it, building it, and running it.

Two months ago I thought I’d jump in and start building some really awesome spires. Spires in a metaphorical sense anyway – I guess if I was really sticking to an architectural theme, it should be something else – something more broadly useful but still fantastically impressive. I found myself focusing on the infrastructure instead. The infrastructure wouldn’t support what I wanted to build. It’s missing pieces – pieces at the very base of the whole setup. So I’m mucking around in the foundations, shoring up some systems, adding others – getting the basics nailed down with my team to build some of these cool spires. And thinking. A lot of thinking – thinking about what’s most critical, what provides the most value, and what needs to be done in what order to make this team really successful.

One of these foundational pieces is packaging – application packaging, to be specific. The more I think about it, the more I think I need to do something about it – but outside of the walls of my job. The reason for going outside my job for this? I honestly think the world needs another application packaging standard.

I could build a company standard for application packaging. I’m pretty convinced of it anyway… but I don’t think it would be successful in a long term (i.e. more than 1-2 years). For an application packaging standard to be really effective, it has to have a broad support base, will require a lot of effort, and for an effective standard I philosophically believe it must be an open standard.

The use case that’s driving this thinking is being able to programmatically deploy new servers, drop down applications, and configure them in a very fast time frame (in a manner of minutes). The use case is one of the classic jet-pack and flying cars dreams of elastic/cloud computing.

There are some enterprise tool chains that do this today. Sort of. If you squint real hard. Most of these tools are born from the world of policy based computing, IT control and compliance, and configuration management. They don’t match up with the use cases real well, and the enterprise software solutions in this space and horrifically and tragically expensive. I can’t even blame them – clearly that’s where the money’s been for these tools.

The marketplace is pushing – there’s a need, there’s a HUGE opportunity here. It’s where applications become components that can be, and are, programmatically deployed and controlled. It’s the next step up in the abstraction layer for the systems we use every day.

There is some work towards solutions to this problem today. It’s not like I’m the only guy seeing this problem (if I was, I’d likely be delusional).

  • RightScale has a great product that layers on top of Amazon’s EC2. It’s damned impressive.
  • 3Tera has a tool chain that starts to deal treat virtual machines as packages to be deployed, connected, and replicated at need.
  • Parallels has created AppStandard.org, which is really the closest anyone’s come to what I’m aiming at – but even it’s not quite there – not to mention copyrighted and proprietary.
  • VMware is making some aggressive moves into the tools space as well, propagating the OVF standard (with the DMTF) and the concepts that we’ll be deploying VMs, not applications, in the very near future. I’m not sure they’re wrong – but I think they’re missing half the picture.
  • The DMTF has standards that are skipping around the ideas, but not quite nailing them on the head.
  • In the open source world Puppet and CfEngine are the kingpins – programmatically defining infrastructure. They fail to take the next obvious step into application deployment – but I think only because they lack the infrastructure components needed to do it in an effective way.

I think the solution to this problem is an application packaging standard that includes configuration and parameters into its metadata.

Like other packaging standards, the packaging needs to:

  • allow the code to be dropped into place
  • define dependencies that the application requires
  • have a common and open format that can be stored and shared in open repositories

What it needs in addition is:

  • the package should contain parameters (configuration elements) that can be programmatically determined
  • once determined, the application should be able to be deployed with parameterized configuration – details updated at deploy time
  • ideally this will enable the capability to update that same configuration programmatically, idempotently and remotely

What I think it needs to be successful:

  • An open format with at least one, preferably multiple, implementations enabling that standard.
  • A base set of common applications packaged in this format, available for immediate use
  • a tool to create the packages and verify they’re ‘good’
  • a tool to deploy the packages overlaying configurations – at least on a local basis
  • a public repository of common packages to build a dependency library upon
  • a way to copy/mirror that repository cheaply and easily in any organization to reduce cost of uptake
  • a damned impressive example solution that takes advantage of the kit

In short, a crap-ton of work. For a company to want to go do these things, they’ve have to be pretty damn visionary. And I’d expect that they’d want to keep this kind of IP to themselves. I need this kind of solution, the economic times are rough to chase visionary dreams outside of the core competencies of the job, and I think a successful solution would benefit everybody. To me – this whole setup screams “open source project” to make it work.

So now I’ve defined it – put it out there.

Are you interested in making something like this? Contributing to a open solution? Willing to put some sweat equity behind a project that could revolutionize things, but is essentially building bricks for a foundation?

I have some projects on my plate right now that I can’t just drop – so it’ll be a month or two before I start pursuing this one. Let me know if you’re interested… haven’t even decided on the structure it’ll need around it to work, but I’m heading in that direction.

(image used with permission: http://www.flickr.com/photos/kamoda/3184396852/)

Infrastructure (python)

1 Reply

I’m taking some time today to read up on the events and talks at PyCon 2009 happening this past week in Chicago. I’ve been watching a few folks on twitter who are there (John DeRosa and Ted Leung). It’s been interesting to see what’s happening through their comments and links. There’s the inevitable talks that I wished I’d attended, hopefully slide decks will appear for a good number of those and I can catch up even after the conference content. PyCon is one of the best there – they go out of their way to make the talk content available as quickly as possible with the right set of controls for content (the speaker’s are the ones responsible for uploading their content).

Anyway, all this led me around to the conversations that have been happening around packaging with python. It was a topic of some conversation (and has been needed for a while now, in my opinion) at the Python Language summit (notes from Ted about it). Tarek Ziade did a survey recently of what folks were using, and posted his results, which were interesting. zc.buildout and virtualenv got some attention from multiple folks. I think the most crucial was the summit talks themselves, which Tarek summarized on the mailing list. The gist – there is a high-level plan at improving the packaging world around Python:

  • standardize more metadata, especially including dependencies, and APIs for accessing the metadata and dependencies.
  • there should be an API to get metadata for a package without actually executing any of the package’s installation script.
  • this will go into the stdlib for Python 2.7 and 3.1
  • it will be provided as separately downloadable backports for prior versions (maybe using a bootstrap not unlike ez_install)
  • keep distutils, but start deprecating certain higher-level functionality in it (e.g. bdist_rpm)
  • don’t try to provide higher-level functionality in the stdlib, but instead let third party tools built on top of these core APIs compete

When I was working more extensively with Django, that was the biggest headache – getting a packaged, ready to roll quickly environment. I’ve trailed off in the past while with the Django project (not actively using it at the moment, although I think that’ll likely switch around again) – but the lessons about packaging have remained with me.