3 ways of using the Escenic packages

Written by Torstein Krause Johansen updated: Wednesday November 29 2017 12:55

For quite some time now, we've provided DEB and RPM packages for our software. Using these packages, Escenic's software becomes an integrated part of the operating system and eases both installation and upgrade (and even downgrade!) of one or more components.

For RedHat based systems, there's one way of using these packages:

# rpm -Uvh https://rpm.escenic.com/path/to/escenic-content-engine-6.3.rpm

or

# rpm -Uvh /path/to/local/escenic-content-engine-6.3.rpm

Debian & Ubuntu based systems on the other hand have a few more options. I will go through some of these options below and explain how they fit various scenarios.

Before we start, a short note on deb, dpkg & APT

There's some confusion on the difference between deb, dpkg and APT, so we'll explain these concepts first.

deb

deb is the package file format.

dpkg

dpkg is the low level tool to install these (the equivalent of the rpm command). dpkg doesn't know how to resolve dependencies, doesn't have a concept of repositories and doesn't know anything about upgrading or downgrading. It will happily install version 2 of foo even though you have version 3 installed and if you install escenic-video which depends on escenic-content-engine, it will fail if escenic-content-engine isn't already installed.

APT

APT is the front end to dpkg. It provides dependency resolution, upgrade/downgrade-ability, GPG management and has a concept of code names with an optional suite concept being a symlink to a given code name.

By design, given a code name, APT can only deliver one version of any given package. E.g. there's only one version of apache2 in Debian jessie, another version in Debian stretch and so on. The same goes for apt.escenic.com. There can only be one version of escenic-content-engine-6.3 for a given code name.

Using APT, you can keep your Escenic software updated with the same commands as you'd use to update the rest of your system:

# apt-get update && apt-get upgrade

Option #1 Using apt.escenic.com directly

If you wish to install whatever is the latest, stable 6.3 release of Escenic Content Engine, you can add our signing key and our stable suite to your APT configuration, e.g.:

# apt-get update
# apt-get install curl apt-transport-https vim
# curl --silent https://apt.escenic.com/repo.key | apt-key add -
# echo "deb https://user:pass@apt.escenic.com stable main non-free" \
    >> /etc/apt/sources.list.d/escenic.list
# apt-get update

The user and pass can be obtained from Escenic support. You can now search for all Escenic and CUE software with:

$ apt-cache search escenic
$ apt-cache search cue

And install the latest stable 6.3 release with:

# apt-get install escenic-content-engine-6.3

The above will only update the binaries available on your system, you can also automatically apply these to your running ECE and publication webapps by using the escenic-content-engine-updater-6.3 package, see this article for more information on this.

Option #2 Using dpkg directly

All versions of all DEBs are available through HTTP(s). You just need to know the URL of one to get the others. You can browse all versions of all packages on here (you login using the same credentials you've gotten from Escenic support).

Let's install version 6.3.0-11 of Content Engine: The package name is escenic-content-engine-6.3 (we include <major>.<minor> version in the package name itself to make it possible to have multiple versions installed at the same time) and the version of that package is 6.3.0-11. The architecture is all (since it's Java it should run on all CPU architectures that you may have) so the URL becomes https://apt.escenic.com/pool/non-free/e/escenic-content-engine-6.3/escenic-content-engine-6.3_6.3.0-11_all.deb (you could also just copy the URL when browsing the repository). It can be installed with dpkg:

$ cd /tmp
$ wget \
  --http-user foo \
  --http-password \
  https://apt.escenic.com/pool/non-free/e/escenic-content-engine-6.3/escenic-content-engine-6.3_6.3.0-11_all.deb
$ su -
# dpkg -i escenic-content-engine-6.3_6.3.0-11_all.deb

The above is the Debian/Ubuntu equivalent of rpm -Uvh http://path/to/file.rpm on RedHat/CentOS/Fedora.

Option #3 Using apt.mycompany.com

If you want to follow your own QA process for a new version of ECE or another component, you have two choices: either use deb files directly as described below (option #2) or use your own APT repository with code names corresponding to your environments:

As you have QAed a given version of a given Escenic component, put that version in the more stable code name pool.

Setting up your own APT repo is much easier than it sounds. Here's an example using apache2 or nginx and the reprepro command to do the dirty work.

nginx (or any other web server)

# apt-get install nginx

nginx and apache2 both serve files from /var/www/html by default. You might want to add a DNS name for apt.mycompany.com, in which case a server is what you want:

# vi /etc/nginx/sites-available/apt.mycompany.com
server {
  server_name apt.mycompany.com;
  root /var/www/html/apt.mycompany.com;
  autoindex on;
}

Enable it with:

# mkdir -p /var/www/html/apt.mycompany.com
# cd /etc/nginx/sites-enabled
# ln -s /etc/nginx/sites-available/apt.mycompany.com
# systemctl restart nginx

If the systemctl fails with a message it cannot connect to D-Bus or if you're not using systemd, use /etc/init.d/nginx restart instead (or if nginx was already running, you could use reload instead of restart).

You should now get a reply from your new apt.mycompany.com web server definition:

$ curl -v -H "Host: apt.mycompany.com" http://localhost/
* Connected to localhost (127.0.0.1) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.38.0
> Accept: */*
> Host: apt.mycompany.com
>
< HTTP/1.1 200 OK
* Server nginx/1.6.2 is not blacklisted
< Server: nginx/1.6.2
< Date: Wed, 29 Nov 2017 15:01:17 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive

If that gets you a 200 OK from apt.mycompany.com you're home free. Add IP of the machine running the web server to you company DNS so that other machines can reach it under that name.

Lastly, if apt.mycompany.com is reachable from outside your company network, you should add HTTPS/TLS encryption and password protection (entries in /etc/apt/sources.list both accepts https://<user>:<pass>@ and ssh:// style URLs).

Define your APT code names

# mkdir -p /var/www/html/apt.mycompany.com/conf
# vi /var/www/html/apt.mycompany.com/conf/distributions

And one stanza per code name you want. The development and production code names also has an alias (a suite in Debian lingo), the others don't have one:

Origin: My Company
Label: My company APT repository
Suite: unstable
Codename: development
Architectures: i386 amd64 source
Components: main non-free

Origin: My Company
Label: My company APT repository
Codename: testing
Architectures: i386 amd64 source
Components: main non-free

Origin: My Company
Label: My company APT repository
Codename: staging
Architectures: i386 amd64 source
Components: main non-free

Origin: My Company
Label: My company APT repository
Suite: stable
Codename: production
Architectures: i386 amd64 source
Components: main non-free

Additionally, you can create your own signing key, which you sign the packages with and make your machines put in their APT key ring. See this article for instructions on how to do this.

Add your first package

An easy way to get a hold of all the DEB packages from Escenic, is to have one machine that pulls them down (but doesn't necessarily install them):

# apt-get install \
   --download-only \
   escenic-content-engine-6.3 escenic-sse-proxy-1.0

The files are then available in /var/cache/apt/archives. You can then populate the development code name pool of your own APT repository using reprepro:

# apt-get install reprepro
# reprepro \
    --keepunreferencedfiles \
    -Vb /var/www/html/apt.mycompany.com \
    --component non-free \
    includedeb \
    development \
    /var/cache/apt/archives/escenic-content-engine-6.3_6.3.0-11_all.deb

All your development environments can then add this line to their /etc/apt/sources.list.d/mycompany.list:

# echo deb http://apt.mycompany.com development main non-free \
  >> /etc/apt/sources.list.d/mycompany.list
# apt-get update

And install escenic-content-enginge-6.3 from there:

# apt-get install -t development escenic-content-engine-6.3

Promoting a package to a new environment

Once 6.3.0-11 has passed your internal QA and you want to roll it out in say staging, you'll add the deb file to this code name as well. You can now use the file already inside your APT pool directory:

# reprepro \
    --keepunreferencedfiles \
    -Vb /var/www/html/apt.mycompany.com \
    --component non-free \
    includedeb \
    staging \
    /var/www/html/apt.mycompany.com/pool/non-free/e/escenic-content-engine-6.3/escenic-content-engine-6.3_6.3.0-11_all.deb

Pinning

If you want to add an additional security measure as to which version of the ECE packages you have installed on a machine, you may add pinning to your APT setup. That way you will not get an accidental upgrade of a package that you absolutely want to keep at a certain version, add this to your /etc/apt/preferences.d/pinning:

Package: escenic-content-engine-6.3
Pin: version 6.3.0-11
Pin-Priority: 900

You can also have your package code names in all sources list and higher priority to the production than staging and so on. That way, machines must explicitly ask for pulling the version for another environment by passing -t <code name> to the apt-get install command.

See APT Preferences for more information.

Summary

Using packages over zip archives have many advantages including simplified installation and easier upgrade. RedHat, CentOS & Fedora users are catered for through the RPM packages available from yum.escenic.com whereas Debian and Ubuntu users have at least 3 different paths they can follow: using the apt.escenic.com directly, setting up their own APT repo or downloading the DEB files manually and installing them with dpkg.

Further reading