Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Speaker Deck
PRO
Sign in
Sign up for free
Solid Python Application Deployments For Everybody EP Edition
Hynek Schlawack
June 28, 2013
Technology
9
1.6k
Solid Python Application Deployments For Everybody EP Edition
An expanded version of my PyCon US 2013 talk held at EuroPython 2013 in Florence.
Hynek Schlawack
June 28, 2013
Tweet
Share
More Decks by Hynek Schlawack
See All by Hynek Schlawack
Classy Abstractions @ Python Web Conf
hynek
0
100
On the Meaning of Version Numbers
hynek
0
210
Maintaining a Python Project When It’s Not Your Job
hynek
1
2.1k
How to Write Deployment-friendly Applications
hynek
0
2.5k
Solid Snakes or: How to Take 5 Weeks of Vacation
hynek
2
5.5k
Get Instrumented: How Prometheus Can Unify Your Metrics
hynek
4
10k
Beyond grep – PyCon JP
hynek
1
2.6k
Beyond grep – EuroPython Edition
hynek
1
10k
Beyond grep: Practical Logging and Metrics
hynek
3
1.2k
Other Decks in Technology
See All in Technology
ML PM, DS PMってどんな仕事をしているの?
line_developers
PRO
1
160
聴覚障害のある大学生チームによる臆さない発言環境の形成
hayato_ukuk
0
1.7k
Virtual Thread - 導入の背景と、効果的な使い方 -
skrb
3
230
2023年は何する宣言
shigeruoda
0
230
Airdrop for Open Source Projects
epicsdao
0
200
OCI DevOps 概要 / OCI DevOps overview
oracle4engineer
PRO
0
470
1つのアプリを開発する複数の職能横断チームの運用と今後 ~ タクシーアプリ「GO」の現状と未来 ~
takahia1988
1
3.3k
SPA・SSGでSSRのようなOGP対応!
simo123
2
130
ERC3525 Semi-Fungible token
sbtechnight
0
320
re:Invent re:Cap / AWS Lambda Updates
bulbulpaul
1
140
Lyssa Adkins : Agilists Superpower and Challenge
kawaguti
PRO
1
150
Exploring MapStore Release 2022.02: improved 3DTiles support and more
simboss
PRO
0
150
Featured
See All Featured
Stop Working from a Prison Cell
hatefulcrawdad
263
18k
Bash Introduction
62gerente
601
210k
The Language of Interfaces
destraynor
149
21k
Fantastic passwords and where to find them - at NoRuKo
philnash
31
1.8k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
351
21k
Building Adaptive Systems
keathley
27
1.3k
Principles of Awesome APIs and How to Build Them.
keavy
117
15k
Fireside Chat
paigeccino
16
1.8k
GraphQLとの向き合い方2022年版
quramy
20
9.8k
No one is an island. Learnings from fostering a developers community.
thoeni
12
1.5k
The Cult of Friendly URLs
andyhume
68
5.1k
Why Our Code Smells
bkeepers
PRO
326
55k
Transcript
River Bar, 2013 Solid Python Application Deployments For Everybody Hynek
Schlawack
None
@hynek http://hynek.me http://github.com/hynek http://www.variomedia.de H!
?
AHEAD
http://ox.cx/d Te Oe & Ol Ln
OPINIONS AHEAD
PaaS Schema Migrations
None
Ky Cnet
easy ≠ simple
None
“Simplicity is prerequisite for reliability.” — Edsger W. Dijkstra
“It is important to find simple solutions instead of stopping
as soon as a first solution is found.” — Donald Knuth
Put effort into making your deployments simple.
None
Dvlpet
Dvlpet
None
No!
None
“Python 2.4 is not supported. It came out 8 years
ago. That's older than Youtube. Upgrade.” — Kenneth Reitz
Sal Pafr Key Infrastructure!
Sal Pafr Application is tied to server OS version. Upgrading
servers == updating your app. Some servers upgraded?
Bt Hynek… My boss won’t let me!
tests! Dvlpet
None
אל
spotty outdated loss of control Sse Pcae
spotty outdated loss of control Sse Pcae
spotty outdated loss of control Sse Pcae
None
Ue vruln $ virtualenv venv; . venv/bin/activate $ pip install
pyramid requests pytest $ py.test … $ pip freeze >requirements.txt … $ pip install -r requirements.txt
Pn Dp Hr “Django == 1.4.3” Don’t rely on SemVer!
update w/ pip-tools
SECURITY! Bt Hynek…
Scrt!? It’s your Job.
Si I
+ git
+ git Ne!
Fabric
build tools repetitive downloads Wa’s Wog!?
None
.rpm .deb .pkg.tgz
introspection CM integration versatile Ntv Pcae !?
1. check out from VCS 2. create virtualenv 3. install
dependencies 4. do whatever you want 5. package result 6. push to your repo
1. check out from VCS 2. create virtualenv 3. install
dependencies 4. do whatever you want 5. package result 6. push to your repo
Abuse the Pipeline run tests LESS/SASS/CoffeeScript compression cache busting
Packaging is hard! Bt Hynek…
fpm Np.
fpm \ -s dir \ -t deb \ <appdir>
repo server Bt Hynek…
Rp Sre dpkg -i tar.bz2
Atmt! e
app_name: whois project: DOM build_deps: - libpq-dev run_deps: - libpq5
- authbind
Tee’s mr ta oe wy t d i…
None
!ل
Cn grto Mngmn declarative describe the goal CM choses the
path
Sltos prise-oriented features to to compare the two pet Open
ource Puppet Enterprise ✔ ✔ ✔
prise-oriented features to to compare the two pet Open ource
Puppet Enterprise ✔ ✔ ✔ Not easy at all. Sltos
Wy aya? safety/security reproducible “later”
safety/security reproducible “later” Wy aya?
safety/security reproducible “later” Wy aya?
Ts I i Saig
r t
r t Nein!
Js dn’t.
Piiee Pr drop privileges authbind
Need dat POWER! Bt Hynek…
Snl Proe Wres celery rq zerorpc perspective broker/AMP
B Prni /bin/false iptables file sockets REVOKE ALL SSL fail2ban
/bin/false iptables file sockets REVOKE ALL SSL fail2ban B Prni
/bin/false iptables file sockets REVOKE ALL SSL fail2ban B Prni
/bin/false iptables file sockets REVOKE ALL SSL fail2ban B Prni
/bin/false iptables file sockets REVOKE ALL SSL fail2ban B Prni
/bin/false iptables file sockets REVOKE ALL SSL fail2ban B Prni
$ ./manage.py runserver ▌ [0] 0:bash*
None
$ ./manage.py runserver ▌ [0] 0:bash* ᔒ༗!
I’s Es! upstart systemd supervisord circus …
I’s Es! upstart systemd supervisord circus …
Eape: usat $ cat /etc/init/yourapp.conf start on static-network-up stop on
deconfiguring-networking respawn chdir /path/to/yourapp setuid yourapp exec /path/to/gunicorn_django settings.py $ start yourapp
Lg log to stderr redirect stderr syslog use OS tools
Lg … [uwsgi] log-syslog = your-app … twistd --syslog --prefix
your-app …
Lg if $programname == 'you-app' \ then /var/log/your-app.log & ~
+ mod_wsgi
+ mod_wsgi Нет!
Dslie Using Apache is perfectly fine.
Iff you decide consciously for it. Dslie
mod_wsgi
mod_wsgi ? ?
+ g or
+ g or Better separation of concerns.
Es t St U: gncr $ gunicorn_django settings.py $ gunicorn_paster
settings.ini
$ cat settings.py … INSTALLED_APPS = ( … "gunicorn", )
… $ manage.py run_gunicorn Es t St U: gncr
location / { proxy_pass unix:///tmp/app.sock; } location /static/ { root
/your/app/public/; } Es t St U: nix
Fo Es t AEOE
Text
Sil Es: usi uwsgi --emperor production.ini … [uwsgi] paste =
config:%p uwsgi-socket = /tmp/app.sock processes = 2 …
location / { include uwsgi_params; uwsgi_param UWSGI_SCHEME $scheme; uwsgi_pass unix:///tmp/app.sock;
} Sil Es To: nix
Dpo!
Rlbc!
Mntr
Mntr
None
None
Mntr
Maue statsd graphite yunomi
None
None
Maue statsd graphite yunomi
gt 1
http://ox.cx/d @hynek http://hynek.me http://vrmd.de