Solid Python Application Deployments For Everybody EP Edition

Solid Python Application Deployments For Everybody EP Edition

An expanded version of my PyCon US 2013 talk held at EuroPython 2013 in Florence.

174e7b0ff60963f821d0b9a4f1a3ef52?s=128

Hynek Schlawack

June 28, 2013
Tweet

Transcript

  1. River Bar, 2013 Solid Python Application Deployments For Everybody Hynek

    Schlawack
  2. None
  3. @hynek http://hynek.me http://github.com/hynek http://www.variomedia.de H!

  4. ?

  5. AHEAD

  6. http://ox.cx/d Te Oe & Ol Ln

  7. OPINIONS AHEAD

  8. PaaS Schema Migrations

  9. None
  10. Ky Cnet

  11. easy ≠ simple

  12. None
  13. “Simplicity is prerequisite for reliability.” — Edsger W. Dijkstra

  14. “It is important to find simple solutions instead of stopping

    as soon as a first solution is found.” — Donald Knuth
  15. Put effort into making your deployments simple.

  16. None
  17. Dvlpet

  18. Dvlpet

  19. None
  20. No!

  21. None
  22. “Python 2.4 is not supported. It came out 8 years

    ago. That's older than Youtube. Upgrade.” — Kenneth Reitz
  23. Sal Pafr Key Infrastructure!

  24. Sal Pafr Application is tied to server OS version. Upgrading

    servers == updating your app. Some servers upgraded?
  25. Bt Hynek… My boss won’t let me!

  26. tests! Dvlpet

  27. None
  28. אל

  29. spotty outdated loss of control Sse Pcae

  30. spotty outdated loss of control Sse Pcae

  31. spotty outdated loss of control Sse Pcae

  32. None
  33. Ue vruln $ virtualenv venv; . venv/bin/activate $ pip install

    pyramid requests pytest $ py.test … $ pip freeze >requirements.txt … $ pip install -r requirements.txt
  34. Pn Dp Hr “Django == 1.4.3” Don’t rely on SemVer!

    update w/ pip-tools
  35. SECURITY! Bt Hynek…

  36. Scrt!? It’s your Job.

  37. Si I

  38. + git

  39. + git Ne!

  40. Fabric

  41. build tools repetitive downloads Wa’s Wog!?

  42. None
  43. .rpm .deb .pkg.tgz

  44. introspection CM integration versatile Ntv Pcae !?

  45. 1. check out from VCS 2. create virtualenv 3. install

    dependencies 4. do whatever you want 5. package result 6. push to your repo
  46. 1. check out from VCS 2. create virtualenv 3. install

    dependencies 4. do whatever you want 5. package result 6. push to your repo
  47. Abuse the Pipeline run tests LESS/SASS/CoffeeScript compression cache busting

  48. Packaging is hard! Bt Hynek…

  49. fpm Np.

  50. fpm \ -s dir \ -t deb \ <appdir>

  51. repo server Bt Hynek…

  52. Rp Sre dpkg -i tar.bz2

  53. Atmt! e

  54. app_name: whois project: DOM build_deps: - libpq-dev run_deps: - libpq5

    - authbind
  55. Tee’s mr ta oe wy t d i…

  56. None
  57. Cn grto Mngmn declarative describe the goal CM choses the

    path
  58. Sltos prise-oriented features to to compare the two pet Open

    ource Puppet Enterprise ✔ ✔ ✔
  59. prise-oriented features to to compare the two pet Open ource

    Puppet Enterprise ✔ ✔ ✔ Not easy at all. Sltos
  60. Wy aya? safety/security reproducible “later”

  61. safety/security reproducible “later” Wy aya?

  62. safety/security reproducible “later” Wy aya?

  63. Ts I i Saig

  64. r t

  65. r t Nein!

  66. Js dn’t.

  67. Piiee Pr drop privileges authbind

  68. Need dat POWER! Bt Hynek…

  69. Snl Proe Wres celery rq zerorpc perspective broker/AMP

  70. B Prni /bin/false iptables file sockets REVOKE ALL SSL fail2ban

  71. /bin/false iptables file sockets REVOKE ALL SSL fail2ban B Prni

  72. /bin/false iptables file sockets REVOKE ALL SSL fail2ban B Prni

  73. /bin/false iptables file sockets REVOKE ALL SSL fail2ban B Prni

  74. /bin/false iptables file sockets REVOKE ALL SSL fail2ban B Prni

  75. /bin/false iptables file sockets REVOKE ALL SSL fail2ban B Prni

  76. $ ./manage.py runserver ▌ [0] 0:bash*

  77. None
  78. $ ./manage.py runserver ▌ [0] 0:bash* ᔒ༗!

  79. I’s Es! upstart systemd supervisord circus …

  80. I’s Es! upstart systemd supervisord circus …

  81. Eape: usat $ cat /etc/init/yourapp.conf start on static-network-up stop on

    deconfiguring-networking respawn chdir /path/to/yourapp setuid yourapp exec /path/to/gunicorn_django settings.py $ start yourapp
  82. Lg log to stderr redirect stderr syslog use OS tools

  83. Lg … [uwsgi] log-syslog = your-app … twistd --syslog --prefix

    your-app …
  84. Lg if $programname == 'you-app' \ then /var/log/your-app.log & ~

  85. + mod_wsgi

  86. + mod_wsgi Нет!

  87. Dslie Using Apache is perfectly fine.

  88. Iff you decide consciously for it. Dslie

  89. mod_wsgi

  90. mod_wsgi ? ?

  91. + g or

  92. + g or Better separation of concerns.

  93. Es t St U: gncr $ gunicorn_django settings.py $ gunicorn_paster

    settings.ini
  94. $ cat settings.py … INSTALLED_APPS = ( … "gunicorn", )

    … $ manage.py run_gunicorn Es t St U: gncr
  95. location / { proxy_pass unix:///tmp/app.sock; } location /static/ { root

    /your/app/public/; } Es t St U: nix
  96. Fo Es t AEOE

  97. Text

  98. Sil Es: usi uwsgi --emperor production.ini … [uwsgi] paste =

    config:%p uwsgi-socket = /tmp/app.sock processes = 2 …
  99. location / { include uwsgi_params; uwsgi_param UWSGI_SCHEME $scheme; uwsgi_pass unix:///tmp/app.sock;

    } Sil Es To: nix
  100. Dpo!

  101. Rlbc!

  102. Mntr

  103. Mntr

  104. None
  105. None
  106. Mntr

  107. Maue statsd graphite yunomi

  108. None
  109. None
  110. Maue statsd graphite yunomi

  111. gt 1

  112. http://ox.cx/d @hynek http://hynek.me http://vrmd.de