Solid Python Application Deployments For Everybody EP Edition

Transcript

1. River Bar, 2013 Solid Python Application Deployments For Everybody Hynek

   Schlawack
2. None

3. @hynek http://hynek.me http://github.com/hynek http://www.variomedia.de H!

4. ?

5. AHEAD

6. http://ox.cx/d Te Oe & Ol Ln

7. OPINIONS AHEAD

8. PaaS Schema Migrations

9. None

10. Ky Cnet

11. easy ≠ simple

12. None

13. “Simplicity is prerequisite for reliability.” — Edsger W. Dijkstra

14. “It is important to find simple solutions instead of stopping

    as soon as a first solution is found.” — Donald Knuth

15. Put effort into making your deployments simple.

16. None

17. Dvlpet

18. Dvlpet

19. None

20. No!

21. None

22. “Python 2.4 is not supported. It came out 8 years

    ago. That's older than Youtube. Upgrade.” — Kenneth Reitz

23. Sal Pafr Key Infrastructure!

24. Sal Pafr Application is tied to server OS version. Upgrading

    servers == updating your app. Some servers upgraded?

25. Bt Hynek… My boss won’t let me!

26. tests! Dvlpet

27. None

28. אל

29. spotty outdated loss of control Sse Pcae

30. spotty outdated loss of control Sse Pcae

31. spotty outdated loss of control Sse Pcae

32. None

33. Ue vruln $ virtualenv venv; . venv/bin/activate $ pip install

    pyramid requests pytest $ py.test … $ pip freeze >requirements.txt … $ pip install -r requirements.txt

34. Pn Dp Hr “Django == 1.4.3” Don’t rely on SemVer!

    update w/ pip-tools

35. SECURITY! Bt Hynek…

36. Scrt!? It’s your Job.

37. Si I

38. + git

39. + git Ne!

40. Fabric

41. build tools repetitive downloads Wa’s Wog!?

42. None

43. .rpm .deb .pkg.tgz

44. introspection CM integration versatile Ntv Pcae !?

45. 1. check out from VCS 2. create virtualenv 3. install

    dependencies 4. do whatever you want 5. package result 6. push to your repo

46. 1. check out from VCS 2. create virtualenv 3. install

    dependencies 4. do whatever you want 5. package result 6. push to your repo

47. Abuse the Pipeline run tests LESS/SASS/CoffeeScript compression cache busting

48. Packaging is hard! Bt Hynek…

49. fpm Np.

50. fpm \ -s dir \ -t deb \ <appdir>

51. repo server Bt Hynek…

52. Rp Sre dpkg -i tar.bz2

53. Atmt! e

54. app_name: whois project: DOM build_deps: - libpq-dev run_deps: - libpq5

    - authbind

55. Tee’s mr ta oe wy t d i…

56. None

57. !ل

58. Cn grto Mngmn declarative describe the goal CM choses the

    path

59. Sltos prise-oriented features to to compare the two pet Open

    ource Puppet Enterprise ✔ ✔ ✔

60. prise-oriented features to to compare the two pet Open ource

    Puppet Enterprise ✔ ✔ ✔ Not easy at all. Sltos

61. Wy aya? safety/security reproducible “later”

62. safety/security reproducible “later” Wy aya?

63. safety/security reproducible “later” Wy aya?

64. Ts I i Saig

65. r t

66. r t Nein!

67. Js dn’t.

68. Piiee Pr drop privileges authbind

69. Need dat POWER! Bt Hynek…

70. Snl Proe Wres celery rq zerorpc perspective broker/AMP

71. B Prni /bin/false iptables file sockets REVOKE ALL SSL fail2ban

72. /bin/false iptables file sockets REVOKE ALL SSL fail2ban B Prni

73. /bin/false iptables file sockets REVOKE ALL SSL fail2ban B Prni

74. /bin/false iptables file sockets REVOKE ALL SSL fail2ban B Prni

75. /bin/false iptables file sockets REVOKE ALL SSL fail2ban B Prni

76. /bin/false iptables file sockets REVOKE ALL SSL fail2ban B Prni

77. $ ./manage.py runserver ▌ [0] 0:bash*

78. None

79. $ ./manage.py runserver ▌ [0] 0:bash* ᔒ༗!

80. I’s Es! upstart systemd supervisord circus …

81. I’s Es! upstart systemd supervisord circus …

82. Eape: usat $ cat /etc/init/yourapp.conf start on static-network-up stop on

    deconfiguring-networking respawn chdir /path/to/yourapp setuid yourapp exec /path/to/gunicorn_django settings.py $ start yourapp

83. Lg log to stderr redirect stderr syslog use OS tools

84. Lg … [uwsgi] log-syslog = your-app … twistd --syslog --prefix

    your-app …

85. Lg if $programname == 'you-app' \ then /var/log/your-app.log & ~

86. + mod_wsgi

87. + mod_wsgi Нет!

88. Dslie Using Apache is perfectly fine.

89. Iff you decide consciously for it. Dslie

90. mod_wsgi

91. mod_wsgi ? ?

92. + g or

93. + g or Better separation of concerns.

94. Es t St U: gncr $ gunicorn_django settings.py $ gunicorn_paster

    settings.ini

95. $ cat settings.py … INSTALLED_APPS = ( … "gunicorn", )

    … $ manage.py run_gunicorn Es t St U: gncr

96. location / { proxy_pass unix:///tmp/app.sock; } location /static/ { root

    /your/app/public/; } Es t St U: nix

97. Fo Es t AEOE

98. Text

99. Sil Es: usi uwsgi --emperor production.ini … [uwsgi] paste =

    config:%p uwsgi-socket = /tmp/app.sock processes = 2 …

100. location / { include uwsgi_params; uwsgi_param UWSGI_SCHEME $scheme; uwsgi_pass unix:///tmp/app.sock;

     } Sil Es To: nix

101. Dpo!

102. Rlbc!

103. Mntr

104. Mntr

105. None
106. None

107. Mntr

108. Maue statsd graphite yunomi

109. None
110. None

111. Maue statsd graphite yunomi

112. gt 1

113. http://ox.cx/d @hynek http://hynek.me http://vrmd.de