Why RVM System Wide?

Question

I have set up a rails production environment with:
* The rails apps under a user called deploy.
* The deploy user is just a regular user NOT having sudo permissions.
* The deploy user uses its own sand boxed rvm (no system-wide), so anything ruby is only under the deploy user.
* The user that runs apache does not have access to the ruby environment and it dosen't need to have access as apache dosen't need ruby.
* The deploy user runs a unicorn cluster.

This rvm non-system-wide configuration works great for me. The advantages i see are:
* I don't need to use sudo everytime i install a gem.
* Ruby is sand boxed and only available to the deploy user, thus improving the security of the system by minimalization. Apache dosen't care about ruby, so it dosen't get access it!

The only downside i see is that we cannot use passenger-apache-module or passenger-nginx-modules, but then passenger standalone comes to the rescue!

My Question: Why is everyone on the internet inclined towards using RVM system-wide installation? I could not find a single post about RVM being used in non-sudo mode in production. Am i missing the most critical piece here? I want to know what is not so good about non-sudo rvm installation in production.

Thanks!

Answer 1

I always do a kind of hybrid for deployments:

• I install RVM system wide (but its avaiable only for users in rvm group)
• I create a dedicated user which is part of various groups: rvm, db (mysql, postgres, or whatever you use), nginx, etc...

this way you can:

• do all the web-related administration tasks without using sudo or root
• use capistrano without worries about privileges or ruby commands to run
• keep control on privileges and use ruby from whatever place
• use bundler flawlessly

if you install RVM under a specific user, then you can't use ruby outside that user.

Answer 2

I use rvm as a local user, too, but I was able to integrate passenger (version 2.x). Does this page help? https://rvm.beginrescueend.com/integration/passenger/

I can dig into my config files (over the weekend) and help you out if you get stuck. Let me know.

response to comment

I did non-system-wide-rvm-install because:

1. It matched my development environment.
2. I prefer the "easy build from source without affecting system-wide install" way of doing things, in general.
3. It was easy to switch from distribution provided Ruby to local RVM provided Ruby in production and be able to switch back if it didn't work.

I have not seen any problems with it, but I imagine system-wide-RVM and non-system-wide-RVM can work problem-free in production.

I am using Apache, not Nginx. Also, I do not use Unicorn. Both of these differences could present a problem for you that might not affect me.

Answer 3

Don't forget RVM is not just about rails or some rack based applications which for deployment are mostly transparent, thanks to different tools (web servers etc....) but for a ruby environment.

Figure out, for example a threaded server written in ruby watching the serial port, which must run as daemon, if you want to start it with an init script from init.d or just from boot.local, believe me it's a headache to play with su - rvm_user -c"whatever and usually impossible. In these moments you reconsider RVM install, at least for production environment.