1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
|
Heya,
I couldn’t help myself thinking about plugin stuff and ended up
whipping up a proof of concept.
Here’s a <1 minute demo video:
https://dl.dropboxusercontent.com/u/82149/couchdb-plugins-demo.mov
Alternative encoding:
https://dl.dropboxusercontent.com/u/82149/couchdb-plugins-demo.m4v)
In my head the whole plugin idea is a very wide area, but I was so
intrigued by the idea of getting something running with a click on a
button in Futon. So I looked for a minimally viable plugin system.
## Design principles
It took me a day to put this all together and this was only possible
because I took a lot of shortcuts. I believe they are all viable for a
first iteration of a plugins system:
1. Install with one click on a button in Futon (or HTTP call)
2. Only pure Erlang plugins are allowed.
3. The plugin author must provide a binary package for each Erlang (and,
later, each CouchDB version).
4. Complete trust-based system. You trust me to not do any nasty things
when you click on the install button. No crypto, no nothing. Only
people who can commit to Futon can release new versions of plugins.
5. Minimal user-friendlyness: won’t install plugins that don’t match
the current Erlang version, gives semi-sensible error messages
(wrapped in a HTTP 500 response :)
6. Require a pretty strict format for binary releases.
## Roadmap
Here’s a list of things this first iterations does and doesn’t do:
- Pure Erlang plugins only. No C-dependencies, no JavaScript, no nothing.
- No C-dependencies.
- Install a plugin via Futon (or HTTP call). Admin only.
- A hardcoded list of plugins in Futon.
- Loads a pre-packaged, pre-compiled .tar.gz file from a URL.
- Only installs if Erlang version matches.
- No security checking of binaries.
- No identity checking of binaries.
- Register installed plugins in the config system.
- Make sure plugins start with the next restart of CouchDB.
- Uninstall a plugin via Futon (or HTTP call). Admin only.
- Show when a particular plugin is installed.
- Only installs if CouchDB version matches.
- Serve static web assets (for Futon/Fauxton) from `/_plugins/<name>/`.
I hope you agree we can ship this with a few warnings so people can get a
hang of it.
A roadmap, progress and issues can be found here:
https://issues.apache.org/jira/issues/?jql=component+%3D+Plugins+AND+project+%3D+COUCHDB+AND+resolution+%3D+Unresolved+ORDER+BY+priority+DESC
## How it works
This plugin system lives in `src/couch_plugins` and is a tiny CouchDB
module.
It exposes one new API endpoint `/_plugins` that an admin user can
POST to.
The additional Futon page lives at `/_utils/plugins.html` it is
hardcoded.
Futon (or you) post an object to `/_plugins` with four properties:
{
"name": "geocouch", // name of the plugin, must be unique
"url": "http://people.apache.org/~jan", // “base URL” for plugin releases (see below)
"version": "couchdb1.2.x_v0.3.0-11-g4ea0bea", // whatever version internal to the plugin
"checksums": {
"R15B03": "ZetgdHj2bY2w37buulWVf3USOZs=" // base64’d sha hash over the binary
}
}
`couch_plugins` then attempts to download a .tar.gz from this
location:
http://people.apache.org/~jan/geocouch-couchdb1.2.x_v0.3.0-12-g4ea0bea-R15B03.tar.gz
It should be obvious how the URL is constructed from the POST data.
(This url is live, feel free to play around with this tarball).
Next it calculates the sha hash for the downloaded .tar.gz file and
matches it against the correct version in the `checksums` parameter.
If that succeeds, we unpack the .tar.gz file (currently in `/tmp`,
need to find a better place for this) and adds the extracted directory
to the Erlang code path
(`code:add_path("/tmp/couchdb_plugins/geocouch-couchdb1.2.x_v0.3.0-12-g4ea0bea-R15B03/ebin")`)
and loads the included application (`application:load(geocouch)`).
Then it looks into the `./priv/default.d` directory that lives next to
`ebin/` in the plugin directory for configuration `.ini` files and loads them.
On next startup these configuration files are loaded after global defaults,
and before any local configuration.
If that all goes to plan, we report success back to the HTTP caller.
That’s it! :)
It’s deceptively simple, probably does a few things very wrong and
leaves a few things open (see above).
One open question I’d like an answer for is finding a good location to
unpack & install the plugin files that isn’t `tmp`. If the answer is
different for a pre-BigCouch/rcouch-merge and post-BigCouch/rcouch-
merge world, I’d love to know :)
## Code
The main branch for this is 1867-feature-plugins:
ASF: https://git-wip-us.apache.org/repos/asf?p=couchdb.git;a=log;h=refs/heads/1867-feature-plugins
GitHub: https://github.com/janl/couchdb/compare/apache:master...1867-feature-plugins
I created a branch on GeoCouch that adds a few lines to its `Makefile`
that shows how a binary package is built:
https://github.com/janl/geocouch/compare/couchbase:couchdb1.3.x...couchdb1.3.x-plugins
## Build
Build CouchDB as usual:
./bootstrap
./configure
make
make dev
./utils/run
* * *
I hope you like this :) Please comment and improve heavily!
Let me know if you have any questions :)
If you have any criticism, please phrase it in a way that we can use
to improve this, thanks!
Best,
Jan
--
|
