Page MenuHomePhabricator

Create Updated NodeJS container for Tool Labs
Closed, ResolvedPublic

Description

Could we have an updated nodeJS container for tool labs to make putting node webservices up easier?

It would be good if we could install a newer version of node than the default that comes with trusty/jessie. Perhaps the latest long term support version: v6.9.4 'Boron'?

Event Timeline

Tarrow created this task.Jan 10 2017, 10:31 PM
Restricted Application added a project: Cloud-Services. · View Herald TranscriptJan 10 2017, 10:31 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
scfc closed this task as Invalid.Jan 11 2017, 12:16 AM
scfc added a subscriber: scfc.

Sorry; I'd obviously overlooked that there is currently a very old version of NodeJS available.

Would it be possible to have a newer version? The version available is 0.10.x but the current available LTS version is v6.9.x. It currently has almost none of the features of ECMAScript 2015 which lots of code in npm is increasingly dependent on.

Tarrow renamed this task from Create NodeJS container for Tool Labs to Create Updated NodeJS container for Tool Labs.Jan 11 2017, 7:28 PM
Tarrow reopened this task as Open.
Tarrow updated the task description. (Show Details)
tom29739 added a comment.EditedJan 12 2017, 12:00 AM

The current version that is on Tool Labs, v0.10.25, was made end of life over 3 months ago. This means that it's a security risk.

bd808 added a subscriber: bd808.Jan 12 2017, 12:27 AM

https://packages.debian.org/jessie/nodejs -- 0.10.29~dfsg-2. That would be the "latest" version for our Kubernetes containers.

According to https://github.com/nodejs/LTS 0.10.x and 0.12.x are now both EOL. The former at 2016-10-31 and the later at 2016-12-31.

It looks like we could also 4.2.4 via https://apt.wikimedia.org/wikimedia/pool/main/n/nodejs/ which I think is the version that is being used for some of the production services.

I'd be happy with this if it's preferable to using the ubuntu/debian binaries from nodesource (https://github.com/nodesource/distributions) which seems to be what upstream recommends (https://nodejs.org/en/download/package-manager/#debian-and-ubuntu-based-linux-distributions). I guess using what is already supported by production has a lot of advantages.

Obviously I'd prefer (and it would mean longer till the next update) using the latest LTS rather than an older one but either is cool. Thanks!

bd808 added a comment.Jan 12 2017, 1:17 AM

According to https://github.com/nodejs/LTS 0.10.x and 0.12.x are now both EOL. The former at 2016-10-31 and the later at 2016-12-31.

I would not worry about the upstream EOL date. Long term stable linux distributions (of which Debian Jessie is one) commit to backporting security fixes for known CVEs until the end of the LTS support period. We should probably get some documentation written on Wikitech that helps explain the software life cycle that the Foundation follows and how it is a bit different from the life cycles that are promoted by some of the particular vendor projects or a typical end-user.

According to https://github.com/nodejs/LTS 0.10.x and 0.12.x are now both EOL. The former at 2016-10-31 and the later at 2016-12-31.

I would not worry about the upstream EOL date. Long term stable linux distributions (of which Debian Jessie is one) commit to backporting security fixes for known CVEs until the end of the LTS support period. We should probably get some documentation written on Wikitech that helps explain the software life cycle that the Foundation follows and how it is a bit different from the life cycles that are promoted by some of the particular vendor projects or a typical end-user.

This is actually not the case with nodejs. It depends on libv8, which doesn't get security support, hence no security support for nodejs in Debian Jessie. I had asked Moritz this a while back and he said that no other Linux distros provided security support for nodejs either.

scfc triaged this task as Low priority.Feb 16 2017, 11:13 PM
scfc moved this task from Triage to Backlog on the Toolforge board.
bd808 closed this task as Resolved.Apr 18 2017, 3:32 AM
bd808 claimed this task.

The current nodejs version in the Kubernetes images is v6.9.1.

$ webservice --backend=kubernetes nodejs shell
If you don't see a command prompt, try pressing enter.
$ nodejs --version
v6.9.1

If you have a running webservice instance using an older Docker image you will need to webservice stop; webservice --backend=kubernetes nodejs start to restart your service with the newer image.

Restricted Application added a project: User-bd808. · View Herald TranscriptApr 18 2017, 3:32 AM