ignite-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Boudnik <...@apache.org>
Subject Re: automatically deploying user libraries
Date Tue, 28 Jul 2015 20:06:44 GMT
On Tue, Jul 28, 2015 at 12:36PM, Dmitriy Setrakyan wrote:
> > Cos, we are not talking about checking binaries. We are planning to
> support
> 
> > >  GIT/SVN/etc repositories with a POM file. This way we simply build it
> > > using maven ourselves and deploy it.
> >
> > Well, even worst IMO. Why would you want to run an external build
> > process as a part of the nodes deployment? This will pose a security risk
> > in the production deployment and you will have to find a way to disable this
> > in some case and allow it in the others, no?
> >
> 
> Our Docker container right now does exactly that. The workflow is as
> following:

I am an old dog and I don't think it is a real good idea to use Docker in any
sensible production. So, I don't buy that argument ;)

> 
>    1. user changes code in a GIT repo
>    2. the GIT repo is provided as a parameter at docker container startup
>    3. docker builds the code and deploys it into Ignite
>    4. docker starts an Ignite server
> 
> This is very convenient for a user, especially during development. What I
> wanted to do with "deploy(...)" method, is add the same level of
> convenience directly from client code.
> 
> Why do you think it will be a security risk?

Yes, I think so. I won't allow something like that to be happening in the
production data center: there are too many ways where it can backfire.

Cos

Mime
View raw message