posts /

Deployment rant

Posted Sun Mar 3 14:11:40 2024 Florian Lohoff

For a very long time i have been running a tasking manager 2 instance for me and the regional community to fix and revalidate stuff around here. TM2 had a very short and reliable documentation and you could set it up in 5 Minutes without ANY deeper knowledge of python, node or postgres.

I had been staying at TM2 as all newer versions failed for me to build or deploy easily.

Today - another try - current git TM.

And it fails again.

It does not build on Debian/Bookworm as it is not compatibly with python 3.11 which is the obvious default version on Debian/Bookworm.

So fixing that in pyproject.toml and setting the

requires-python = ">=3.11,<3.12"

And then running

pdm lock --update-reuse

The documentation even misses the point in better creating a venv which i obviously did beforehand. Then i have the backend installed and when you get the idea that your postgres database needs the postgis extension enabled and also change your TM_LOG_DIR= to something writeable (I dont have a /home/appuser) you can populate your database with flask db upgrade.

Then going back to trying to build your frontend you need to make sure to install yarnpkg on your system. Debian has a yarn binary from cmdtools which is confusing at first. Then replace all yarn executions by yarnpkg.

Then you get to the point where the frontend starts to build and then horribly fails because of npm requirements beeing outdated and failing to build with newer openssl having fixed issues:

Error: error:0308010C:digital envelope routines::unsupported

When you try to look for it people suggest to downgrade nodejs which is:

"We have fixed a security issue and your project does not build? Downgrade to a version pre-security-fix"

WTF? This hipster tool bubble is so doomed.

As i am a sysadmin, C, C++ and perl programmer and not into JS, npm, yarn, nodejs, react and whatever "modern tools" are beeing used, i stopped here once again.

And NO - docker is not the solution when the requirement is to downgrade to less secure versions of the dependencies and just hide it away. How are you going to fix these issues in your production environment other than ignoring it?