0

Previously, I used package managers (i.e. YUM) to install and configure PHP. However, I would like to upgrade to PHP 7 and the package manager(s) available do not yet have PHP 7 available natively.

The plan is to use Chef to compile PHP on the server (during Setup) from original source. With that said, this process can take ~15 minutes on our server and will severely impact boot time.

  1. Are there any techniques for increasing the speed at which the PHP is compiled?
  2. Can I create a tarball of final binaries and simply download these to my servers?
  3. There are some online resources that suggest adding the "webtatic" repo to YUM to access PHP 7. Is this safe/secure + reliable?

I am looking for freedom to upgrade my PHP version independent of when the package manager supports the version I am interested in

sudoyum
  • 156
  • 14
  • 1
    That being said, you should add server infos to the question. – Charlotte Dunois Apr 06 '16 at 16:25
  • You never want to build software for a production system on the production system itself! – arkascha Apr 06 '16 at 16:27
  • Are you seriously compiling PHP evert time you reboot the server??? – RiggsFolly Apr 06 '16 at 16:27
  • @RiggsFolly No one suggested to do that with every reboot (which would be every few month). – arkascha Apr 06 '16 at 16:28
  • @arkascha _With that said, this process can take ~15 minutes on our server and will severely impact boot time_ What does this mean then? – RiggsFolly Apr 06 '16 at 16:29
  • @RiggsFolly Ah, sorry, I indeed missed that! OK, then again chef typically is used for orchestration of virtual servers which indeed get all software "installed" with every boot. They are usually considered contaminated (so marked as to be destroyed) anyway the moment something has to be modified in any way... So yes, with every boot, which would be once per server :-) – arkascha Apr 06 '16 at 16:31
  • ___Silly comment___: Windows has had a working PHP7 since about 2 days after its release. Maybe you should consider switching servers?!??!! – RiggsFolly Apr 06 '16 at 16:33
  • @arkascha Do you have any suggestions for installing PHP 7 on our production system if it is currently unavailable via Package Manager? We use Chef so each reboot triggers the environment to be rebuilt (by design) – sudoyum Apr 06 '16 at 17:26
  • Well, why don't you build it on a "build system" and create a normal installation package from it? You can then setup a valid repository yourself and add that to your package management system on the servers. That way you can drop in every version you like, even multiple in parallel and pick by chef, which clearly makes sense for a production system farm (the typical one-some-many approach to rolling out new versions). – arkascha Apr 06 '16 at 17:28
  • @RiggsFolly I guess that "silly comment" really was meant as a joke? No sane service provider will operate on a MS-Windows platform these days... – arkascha Apr 06 '16 at 17:30
  • @arkascha Yup, well spotted, I was of course joking. Unless of course you are a .NET ASPX developer – RiggsFolly Apr 06 '16 at 17:33
  • @arkascha I don't have any experience with creating my own Package Manager repos but I will research this. Is using an open, 3rd party considered a risk for production, enterprise environments? – sudoyum Apr 06 '16 at 17:36
  • Sorry, your last question is unclear: using a 3rd party _what_? – arkascha Apr 06 '16 at 17:43
  • @arkascha something like https://webtatic.com/packages/php70/ - adding this repo to get PHP 7 via YUM – sudoyum Apr 06 '16 at 17:48
  • 1
    Ah, you are talking about 3rd party repositories... Well, I certainly would hesitate, I consider that a _huge_ security issue: you have no idea what it is you install in the end. The package maintainer or whoever has control over the files in the repository can pack any code they want into such a repository. Sniff all passwords sent to the server? Sure, just code a fork into the php source code, built it, offer it in a repository and wait who is silly enough to install it. Then wait for the passwords to be delivered to the inbox of Mr Bad Guy. – arkascha Apr 06 '16 at 17:51

1 Answers1

0

We ended up waiting for Ubuntu 16.04 which brings in PHP 7 via apt-get. Compiling PHP from scratch didn't turn out to be an efficient nor maintainable process

sudoyum
  • 156
  • 14