Plone cartridge for deployment on OpenShift

I was poking around OpenShift on last weekend to see what it offers, and also to see whether I can deploy Plone on it.

TLDR; Plone deploys well on my OpenShift VM. I created a cartridge for it here: . I can now easily add new Plone deployments for my development server with less work.

About OpenShift

OpenShift is a Platform as a Service (PaaS) software from Red Hat. It can be summarized as a FOSS Heroku-like platform for deploying web applications easily.

Support for applications comes in 'cartridges', which basically a set of files and scripts to prepare a self-contained environment for your application deployment. OpenShift includes several official cartridges to deploy popular applications and frameworks such as Drupal, RoR, Django, WSGI, etc. There is also a cartridge called 'DIY' which allows you to import any http daemon and serve it through OpenShift - thus providing a basic way in integrating non-officially supported frameworks.

Plone on OpenShift

Due to Plone is rather huge and also the uncertainty on what the kind of problems I might face trying to deploy Plone in, I created my own private OpenShift server following this guide At least this way, I have easy access to the server to inspect codes and error logs when things does not work.

Afterwards I went digging and experimenting on existing cartridges to understand how things work (Official doc: and derived the first plone cartridge using bits from python-2.6 and diy-0.1 cartridges.

After hours of experimenting and hacking around, the plone cartridge is fully functional to deploy basic Plone site. With the cartridge installed, I can now easily add new single instance Plone sites with just this command:

rhc app create -t plone-4.2 -a myplonesite 

The cartridge

I have uploaded the Plone cartridge code here: . Follow the readme on how to build the RPM and install it into your OpenShift server. There is one annoyance though; the cartridge list is apparently hardcoded into a ruby file, making it somewhat annoying to automate the final step of the installation (would be nice if theres a config file for this, and ruby is like perl to me - difficult to read when the dev uses the language fully). So remember to follow the guide on adding your cartridge into the code and reload the cache.

Do check it out ^-^

The good and the not-so-nice
  • The cartridge works pretty well in deploying new basic plone site
  • Building new cartridge is easy and straightforward
  • Many Plone deployment in one server and they are not fighting for port/address - WIN!
  • The automatic DNS configuration is very neat - especially the 'add-alias' command. 
  • The Plone cartridge have been configured to share download-cache, but I'm not sure on the security implication.
  • Looking at how things are deployed, it made me wonder on security of a multi-user, non-private openshift server. How does one know that an app won't mess with the filesystem. Or is this using SELinux?, If yes, what are the stuff allowed,and what are not?.
  • Due to some security concern and possible umask/permission problem, I did not configure eggs-directory to be shared. This affects the speed of deployment, and you lose your eggs directory when you destroy an app. New apps will have to rebuild its eggs cache.
  • There is a 'snapshot' command which allows you to download your data, however I'm not sure how reliable it is for large data.
  • Instance is stopped and buildout is re-run for every git push and also when doing snapshot. This can cause downtime for sites. For snapshots, it would be nice if theres a way to rsync without stopping the instance.
  • The 'tail' command (tails the log) is cool. 
  • The 'tidy' command and hook looks useful, perhaps to do zeopack and log shortening. The cartridge yet to have any feature related to this. 
  • '/health'  URL is reserved by OpenShift to check whether the site is up, no idea whether this can be changed to something thats harder to clash (eg: openshift-health or something)
  • I'm not sure whether it is possible, or allowed to run buildout using the DIY cartridge on If it can be done, then this cartridge can be simplified to hooks for the DIY cartridge.
  • Perhaps I should create a Plone+ZEO cluster cartridges later, so that this become more scalable.
  • It would also be super cool if this cartridge could become part of the standard offering in In the meantime, I shall use it in Inigo's internal test server (or perhaps offer this as proper host later once it easily installable through EPEL or something)

UPDATE: You can now deploy Plone on OpenShift using the DIY cartridge. Check out this post:


liam said…
Security is a combination of selinux and lxc, so everything should be quite isolated. Also, because of lxc you should have access to the error logs thus you needn't havw deployed your own (just an fyi).
For specifics regarding security restrictions checkout the knowledgebase on the community site. There should be a link on the main openshift page.

Popular posts from this blog

Announcing PlatoCDP, a Plone distribution for enterprises.

Adding simple popup to Plone frontpage

Consolidated community site infrastructure on Plone