Home of the ColdFusion Community
|
Mailing Lists
|
Home /
Groups /
ColdFusion Talk (CF-Talk)
Development Environment Setup
Author: Tom Chiverton
Short Link: http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:47179#249610
> As you can guess, this isn't the best, and I personally would like to see
> us using a better source control system (Subversion?). I would also the
We've just moved to SVN from SourceSafe (mainly because the 3rd party Linux
VSS client sucked).
> like the source control and release process to be a lot more transparent in
> the overall process.
Transparent to who ?
SVN:Web maintains a nice web based view of the repository, complete with RSS
feed :-)
> I have seen mentions of people having devs running their own instances of
> CF/SQL, but how the hell do you keep these up to date without creating a
> logistical nightmare (i.e making sure every developer is in sync with both
> code and external requirements such as IIS setup?)
I would definetly say each developer should have their own CF instance, and
possibly DB in the early stages where DB changes are likely to break lots of
code.
Look at something called Scrum:- see the bottom of
http://www.controlchaos.com/old-site/rules.htm and also
http://www.controlchaos.com/about/
This stops people from drifting too far apart, amongest other benefits
We also have a convention that if you touch a shared component, you email the
rest of the dev. team and they can update from SVN when they are ready.
If you can get a continuous integration (automated nightly build and check)
system up and running, so much the better - you can quickly ID if anyones
checks have broken the build.
--
Tom Chiverton
****************************************************
This email is sent for and on behalf of Halliwells LLP.
Halliwells LLP is a limited liability partnership registered in England and Wales
under registered number OC307980 whose registered office address is at St James's
Court Brown Street Manchester M2 2JF. A list of members is available for
inspection at the registered office. Any reference to a partner in relation to
Halliwells LLP means a member of Halliwells LLP. Regulated by the Law Society.
CONFIDENTIALITY
This email is intended only for the use of the addressee named above and may be
confidential or legally privileged. If you are not the addressee you must not
read it and must not use any information contained in nor copy it nor inform any
person other than Halliwells LLP or the addressee of its existence or contents.
If you have received this email in error please delete it and notify Halliwells
LLP IT Department on 0870 365 8008.
For more information about Halliwells LLP visit www.halliwells.com.
Author: Everett, Al \(NIH/NIGMS\) [C]
Short Link: http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:47179#249462
> Then your security team is full of idiots.
No comment.
I wish to remain gainfully employed so I just deal with it. I have
pointed out several times that this prevents from using some of the
power of source versioning, like branching, and interferes with unit
testing, among other issues.
Author: Russ
Short Link: http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:47179#249430
SQL 2005 comes pretty secure out of the box (no external connections).
Apache/IIS can be configured to listen only on 127.0.0.1, and so can
ColdFusion (with a little xml editing).
Best not to use IIS, use apache, keep apache config in svn, so that changes
to the config can be sent over to other developers, and you should be fine.
If all the servers are listening only on 127.0.0.1, they're not really
security holes now, are they? Unless you have them running as a system, and
then some local Trojan exploits them, but that's pretty far fetched. In any
case, set up local accounts with limited priviliges and run the services as
such.
We used to run everything on a shared dev server, but it's a pain. Things
get edited, and don't get deployed, and pretty soon your dev environment is
radically different then production. With a local dev environment, you know
that you're the only one making changes, and you can revert everything back
to way it is on production, and you can also use branches.
Also use Eclipse with subclipse plugin. It makes working with subversion SO
MUCH easier then tortoise (especially the merging). You can run it on your
QA server and use it to merge branches into the trunk, and do testing on the
QA server first, and then commit the changes to the trunk.
Russ
----- Excess quoted text cut - see Original Post for more -----
Author: Robertson-Ravo, Neil (RX)
Short Link: http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:47179#249408
Probably not idiots, just not aware of what needs to be done or maybe a cost
issue.
"This e-mail is from Reed Exhibitions (Oriel House, 26 The Quadrant,
Richmond, Surrey, TW9 1DL, United Kingdom), a division of Reed Business,
Registered in England, Number 678540. It contains information which is
confidential and may also be privileged. It is for the exclusive use of the
intended recipient(s). If you are not the intended recipient(s) please note
that any form of distribution, copying or use of this communication or the
information in it is strictly prohibited and may be unlawful. If you have
received this communication in error please return it to the sender or call
our switchboard on +44 (0) 20 89107910. The opinions expressed within this
communication are not necessarily those expressed by Reed Exhibitions."
Visit our website at http://www.reedexpo.com
Then your security team is full of idiots. Not only can you set up a
firewall, you can configure apache/coldfusion to only listen on 127.0.0.1,
so that no other computers can access it.
----- Excess quoted text cut - see Original Post for more -----
Author: Robertson-Ravo, Neil (RX)
Short Link: http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:47179#249405
In most large organisations worth their sale they will have a rock solid
security models and patch rollout / awarenes (multiple firewalls, bluecoat,
direct MSPSS acess etc). For teams who need admin access, they just hive off
from the main network and connect via another level of security - so no
direct access to "the rest".
"This e-mail is from Reed Exhibitions (Oriel House, 26 The Quadrant,
Richmond, Surrey, TW9 1DL, United Kingdom), a division of Reed Business,
Registered in England, Number 678540. It contains information which is
confidential and may also be privileged. It is for the exclusive use of the
intended recipient(s). If you are not the intended recipient(s) please note
that any form of distribution, copying or use of this communication or the
information in it is strictly prohibited and may be unlawful. If you have
received this communication in error please return it to the sender or call
our switchboard on +44 (0) 20 89107910. The opinions expressed within this
communication are not necessarily those expressed by Reed Exhibitions."
Visit our website at http://www.reedexpo.com
and who is to audit and ensure the developer is doing this? Further more
shouldn't this config be something the PC support folks should setup and
maintain? In a large organisation with 10000+ PCs these are big and costly
issues, eh? A security head might just make seemingly idiotic choices to
save their respective butts, eh? Remember NIMDA? At the time where I
worked there were no restrictions on IIS servers running on your desktop
PC. oops...this helped nimda spread faster than a california wild fire.
DK
----- Excess quoted text cut - see Original Post for more -----
Author: Jochem van Dieten
Short Link: http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:47179#249403
Neil Middleton wrote:
>
> I have seen mentions of people having devs running their own instances of
> CF/SQL, but how the hell do you keep these up to date without creating a
> logistical nightmare (i.e making sure every developer is in sync with both
> code and external requirements such as IIS setup?)
The first piece of code that goes into a project is the Application.cfc that uses
the Admin API to set up the relevant externals. For code synchronizing Eclipse
has a very nice Team Synchronize feature.
Jochem
Author: Jochem van Dieten
Short Link: http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:47179#249402
Douglas Knudsen wrote:
> and who is to audit and ensure the developer is doing this?
The security department. If they have such a large network to monitor I am sure
they run regular Nessus scans and automatically quarantaine problems anyway.
> Further more
> shouldn't this config be something the PC support folks should setup and
> maintain?
Not necessarily. For a local development setup you do not need Local
Administrator, Power User is more then enough. (But if the PC support folks want
to get involved you can do with User and a little bit of Security Templates
voodoo.)
> In a large organisation with 10000+ PCs these are big and costly
> issues, eh? A security head might just make seemingly idiotic choices to
> save their respective butts, eh? Remember NIMDA?
The good old days you mean. Yea, I remember that: patches came out only every now
and then, you had about three months to apply them before they were exploited.
It is just a matter of procedure. I put yesterdays Admin API patch from Adobe on
the build server yesterday morning and everybody who gets a new build today is
patched. Piece of cake.
Jochem
Author: Douglas Knudsen
Short Link: http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:47179#249401
and who is to audit and ensure the developer is doing this? Further more
shouldn't this config be something the PC support folks should setup and
maintain? In a large organisation with 10000+ PCs these are big and costly
issues, eh? A security head might just make seemingly idiotic choices to
save their respective butts, eh? Remember NIMDA? At the time where I
worked there were no restrictions on IIS servers running on your desktop
PC. oops...this helped nimda spread faster than a california wild fire.
DK
----- Excess quoted text cut - see Original Post for more -----
Author: Denny Valliant
Short Link: http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:47179#249397
----- Excess quoted text cut - see Original Post for more -----
Hey Lincoln, let us know how this goes for you.
I've always leaned toward each dev having a local setup, database y todo.
Mostly because of bad experiences "sharing" an instance. Partly because
it gives the developer a sense of freedom, knowing they can't possibly mess
up anyone else. Rouge query? No biggie, just copy the database again.
Wanna really dig into the code and tweak it around? Go for it!
I'm the only developer working on databases of a size that makes it a
little harder to "keep in sync". Honestly, for most stuff, it's enough to
just have some representative data. Hardly do we need the real "latest
and greatest", unless there's a problem that's hard to reproduce.
I'd really love to get into the whole "unit testing" whatnot, maybe keeping
bits of XML representing the DB around, tie it all in to ANT scripts or
whatnot, automating as much as possible...
One of the coolest things about SVN is the commit messages. You
can use them, and tags, to create "releases", with change logs even,
and if you've got a bug tracker, link bugs to code commits! Sorta killing
two birds with one stone. It does help to have a commit message
"template" that folks follow...
I am kind of thinking Virtual Machines are pretty cool, you can have
an image of the entire setup (Apache, CF, DB) and have a new
developer up and running in as long as it takes to copy 2 gigs.
Or, if you had a super beefy server, try some of those essentially
per user VM setups...
A lot probably depends on how reliable the local network is too...
I kinda miss the days of "well, the network is down, let's all go home"...
:D
Author: Neil Middleton
Short Link: http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:47179#249360
It would appear everyone has a different way of doing things, even though we
are all essentially trying to achieve the same thing.
I've blogged this topic to try and get some feedback on this from other
people and see if there's any general consensus. Feel free to mention it on
your own blogs etc. The more replies the more useful it is.
http://www.feed-squirrel.com/blog/index.cfm/2006/8/9/How-do-you-do-yours
Cheers
Neil
BTW, Firefox 2 spell check rocks.
----- Excess quoted text cut - see Original Post for more -----
Author: Lincoln Milner
Short Link: http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:47179#249357
We're currently switching our model.
Current old way of doing it is to develop locally with Apache and CF to a MySQL
or Oracle DB. Then push changes to QA for review. Developers use SVN to
maintain code repositories for version/history. Once QA is passed, changes FTPed
to production. No release schedule, it's a do it as you get approval.
Our new way eliminates the local development environment. We have one web server
for dev, and DW (our chosen IDE) is set up to maintain a local copy for editing
and to put files via SFTP. So you FTP changes when you're ready to look at them
in development, but can also check-in to SVN from your local copy. QA and
production are the same, but I'd love to implement releases (administrative
nightmare tracking what bits of code just got approved!).
Not ideal, and if DW could get SVN integration, so much the better, but it works
for us, and eliminates the overhead of maintaining several versions of CF on
developers' machines.
Cheers!
Lincoln
I'd love to do that, but we're not allowed to have "servers" installed on our
desktop machines for "security reasons".
Test Server <---> SVN <---> Production Server
|
|
Developers
Test Server: Testing current status of code and deciding production version of
code.
Production Server: Deploying tested code version from SVN reposity.
Developers: Every developer have their local CF installation and they
chekin/checkout code from main SVN reposities.
This is what we have here. :)
Author: Russ
Short Link: http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:47179#249355
Then your security team is full of idiots. Not only can you set up a
firewall, you can configure apache/coldfusion to only listen on 127.0.0.1,
so that no other computers can access it.
----- Excess quoted text cut - see Original Post for more -----
Author: Everett, Al \(NIH/NIGMS\) [C]
Short Link: http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:47179#249354
I'd love to do that, but we're not allowed to have "servers" installed on our
desktop machines for "security reasons".
Test Server <---> SVN <---> Production Server
|
|
Developers
Test Server: Testing current status of code and deciding production version of
code.
Production Server: Deploying tested code version from SVN reposity.
Developers: Every developer have their local CF installation and they
chekin/checkout code from main SVN reposities.
This is what we have here.
:)
Author: Russ
Short Link: http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:47179#249348
We do some thing similar, except we have developers developing in branches,
and then it's merged into the trunk working copy on QA server, and if it
passes testing, then it's committed to the trunk and deployed to production.
We don't have any notion of releases, instead we deploy different features
for different clients daily.
Russ
----- Excess quoted text cut - see Original Post for more -----
Author: Richard Kroll
Short Link: http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:47179#249343
I feel your pain and have recently worked through many of the problems
that you are currently struggling with. This is the solution that we
found works for us and is in no way "best practice" or the "right way",
but hey, it works for us with 20 developers all working on the same set
of code!
We decided to have each developer run a local copy of CF under apache as
well as installing TortoiseSVN to interact with SVN (Subversion). Our
IT guys helped me put together an installer package that had the apache
conf files as well as all the necessary installers. We wrote a few CF
files that used the admin API to create all the necessary datasources
etc. This enables us to bring a computer from start to configured in
about an hour.
We have two "environments", QA and production that we deploy to. When
we are ready to QA a release, we create a branch from the trunk and have
our QA server switch to that branch for testing. If there are any
problems, we update the trunk and merge those changes into the release
branch. Once this branch is ready for deployment onto our live servers
we simply have the live servers switch to the new release branch.
Currently we are not using many automated processes to accomplish this
(outside of SVN) but I'm looking into ANT and CruiseControl as I've
heard really great things about both for automated deployments.
In regards to your question about the logistical nightmare of keeping
all developers in sync...well SVN handles all of it from a code
perspective. When a developer attempts to commit changes to the
repository, they are notified that their local copy is out of date and
they must sync with the server prior to any commits. On the data side,
we have data environments (development, qa, live) and all developers
have their CF datasources pointed to our dev DB server.
HTH
Rich
You could create individual user shares on a development web server.
Each developer would check out code to his/her user share to code with.
___________________________________
David Konopka
Wharton Computing and Information Technology
Hi guys,
Question on how best to setup our development environment. I know it's
been asked before, I would like your ideas on our specific setup:
Currently we maintain several applications under many websites, on a
single development server (CFMX7 and SQL2000). Developers work direct
on the shared development server via VSS (do some work, save it, check
it in to see if it works...very time consuming). Releases are then done
by the tech support guys, who get sent a list of things to push to test
(which is currently a manual task). Developers have no access to SQL
Admin or CF Admin.
As you can guess, this isn't the best, and I personally would like to
see us using a better source control system (Subversion?). I would also
the like the source control and release process to be a lot more
transparent in the overall process.
I have seen mentions of people having devs running their own instances
of CF/SQL, but how the hell do you keep these up to date without
creating a logistical nightmare (i.e making sure every developer is in
sync with both code and external requirements such as IIS setup?)
Cheers in advance..
--
Neil Middleton
Visit feed-squirrel.com
Author: Oðuz_Demirkapý
Short Link: http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:47179#249340
Test Server <---> SVN <---> Production Server
|
|
Developers
Test Server: Testing current status of code and deciding production version
of code.
Production Server: Deploying tested code version from SVN reposity.
Developers: Every developer have their local CF installation and they
chekin/checkout code from main SVN reposities.
This is what we have here. :)
Oðuz Demirkapý
You could create individual user shares on a development web server.
Each developer would check out code to his/her user share to code with.
___________________________________
David Konopka
Wharton Computing and Information Technology
Hi guys,
Question on how best to setup our development environment. I know it's
been asked before, I would like your ideas on our specific setup:
Currently we maintain several applications under many websites, on a
single development server (CFMX7 and SQL2000). Developers work direct
on the shared development server via VSS (do some work, save it, check
it in to see if it works...very time consuming). Releases are then done
by the tech support guys, who get sent a list of things to push to test
(which is currently a manual task). Developers have no access to SQL
Admin or CF Admin.
As you can guess, this isn't the best, and I personally would like to
see us using a better source control system (Subversion?). I would also
the like the source control and release process to be a lot more
transparent in the overall process.
I have seen mentions of people having devs running their own instances
of CF/SQL, but how the hell do you keep these up to date without
creating a logistical nightmare (i.e making sure every developer is in
sync with both code and external requirements such as IIS setup?)
Cheers in advance..
--
Neil Middleton
Visit feed-squirrel.com
Author: Konopka, David
Short Link: http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:47179#249335
You could create individual user shares on a development web server.
Each developer would check out code to his/her user share to code with.
___________________________________
David Konopka
Wharton Computing and Information Technology
Hi guys,
Question on how best to setup our development environment. I know it's
been asked before, I would like your ideas on our specific setup:
Currently we maintain several applications under many websites, on a
single development server (CFMX7 and SQL2000). Developers work direct
on the shared development server via VSS (do some work, save it, check
it in to see if it works...very time consuming). Releases are then done
by the tech support guys, who get sent a list of things to push to test
(which is currently a manual task). Developers have no access to SQL
Admin or CF Admin.
As you can guess, this isn't the best, and I personally would like to
see us using a better source control system (Subversion?). I would also
the like the source control and release process to be a lot more
transparent in the overall process.
I have seen mentions of people having devs running their own instances
of CF/SQL, but how the hell do you keep these up to date without
creating a logistical nightmare (i.e making sure every developer is in
sync with both code and external requirements such as IIS setup?)
Cheers in advance..
--
Neil Middleton
Visit feed-squirrel.com
Author: Neil Middleton
Short Link: http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:47179#249295
Hi guys,
Question on how best to setup our development environment. I know it's been
asked before, I would like your ideas on our specific setup:
Currently we maintain several applications under many websites, on a single
development server (CFMX7 and SQL2000). Developers work direct on the
shared development server via VSS (do some work, save it, check it in to see
if it works...very time consuming). Releases are then done by the tech
support guys, who get sent a list of things to push to test (which is
currently a manual task). Developers have no access to SQL Admin or CF
Admin.
As you can guess, this isn't the best, and I personally would like to see us
using a better source control system (Subversion?). I would also the like
the source control and release process to be a lot more transparent in the
overall process.
I have seen mentions of people having devs running their own instances of
CF/SQL, but how the hell do you keep these up to date without creating a
logistical nightmare (i.e making sure every developer is in sync with both
code and external requirements such as IIS setup?)
Cheers in advance..
--
Neil Middleton
Visit feed-squirrel.com
|
May 24, 2012
|
Latest Fusion Authority Articles
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
