Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Solid Python Application Deployments For Everyb...
Search
Hynek Schlawack
June 28, 2013
Technology
9
1.8k
Solid Python Application Deployments For Everybody EP Edition
An expanded version of my PyCon US 2013 talk held at EuroPython 2013 in Florence.
Hynek Schlawack
June 28, 2013
Tweet
Share
More Decks by Hynek Schlawack
See All by Hynek Schlawack
Subclassing, Composition, Python, and You
hynek
3
270
Classy Abstractions @ Python Web Conf
hynek
0
180
On the Meaning of Version Numbers
hynek
0
300
Maintaining a Python Project When It’s Not Your Job
hynek
1
2.4k
How to Write Deployment-friendly Applications
hynek
0
2.5k
Solid Snakes or: How to Take 5 Weeks of Vacation
hynek
2
5.8k
Get Instrumented: How Prometheus Can Unify Your Metrics
hynek
4
11k
Beyond grep – PyCon JP
hynek
1
3.4k
Beyond grep – EuroPython Edition
hynek
1
10k
Other Decks in Technology
See All in Technology
エンジニアリング価値を黒字化する バリューベース戦略を用いた 技術戦略策定の道のり
kzkmaeda
6
2.8k
大規模アジャイルフレームワークから学ぶエンジニアマネジメントの本質
staka121
PRO
3
1.2k
NFV基盤のOpenStack更新 ~9世代バージョンアップへの挑戦~
vtj
0
360
開発組織を進化させる!AWSで実践するチームトポロジー
iwamot
2
390
【詳説】コンテンツ配信 システムの複数機能 基盤への拡張
hatena
0
260
脳波を用いた嗜好マッチングシステム
hokkey621
0
290
30→150人のエンジニア組織拡大に伴うアジャイル文化を醸成する役割と取り組みの変化
nagata03
0
180
Perlの生きのこり - エンジニアがこの先生きのこるためのカンファレンス2025
kfly8
2
270
【Findy】「正しく」失敗できる チームの作り方 〜リアルな事例から紐解く失敗を恐れない組織とは〜 / A team that can fail correctly by findy
i35_267
5
900
生成AI×財務経理:PoCで挑むSlack AI Bot開発と現場巻き込みのリアル
pohdccoe
1
730
分解して理解する Aspire
nenonaninu
2
1.1k
What's new in Go 1.24?
ciarana
1
110
Featured
See All Featured
How to Ace a Technical Interview
jacobian
276
23k
Why Our Code Smells
bkeepers
PRO
336
57k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
4
380
How to train your dragon (web standard)
notwaldorf
91
5.9k
Gamification - CAS2011
davidbonilla
80
5.2k
Build The Right Thing And Hit Your Dates
maggiecrowley
34
2.5k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
175
52k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
114
50k
Thoughts on Productivity
jonyablonski
69
4.5k
Side Projects
sachag
452
42k
Being A Developer After 40
akosma
89
590k
Building Adaptive Systems
keathley
40
2.4k
Transcript
River Bar, 2013 Solid Python Application Deployments For Everybody Hynek
Schlawack
None
@hynek http://hynek.me http://github.com/hynek http://www.variomedia.de H!
?
AHEAD
http://ox.cx/d Te Oe & Ol Ln
OPINIONS AHEAD
PaaS Schema Migrations
None
Ky Cnet
easy ≠ simple
None
“Simplicity is prerequisite for reliability.” — Edsger W. Dijkstra
“It is important to find simple solutions instead of stopping
as soon as a first solution is found.” — Donald Knuth
Put effort into making your deployments simple.
None
Dvlpet
Dvlpet
None
No!
None
“Python 2.4 is not supported. It came out 8 years
ago. That's older than Youtube. Upgrade.” — Kenneth Reitz
Sal Pafr Key Infrastructure!
Sal Pafr Application is tied to server OS version. Upgrading
servers == updating your app. Some servers upgraded?
Bt Hynek… My boss won’t let me!
tests! Dvlpet
None
אל
spotty outdated loss of control Sse Pcae
spotty outdated loss of control Sse Pcae
spotty outdated loss of control Sse Pcae
None
Ue vruln $ virtualenv venv; . venv/bin/activate $ pip install
pyramid requests pytest $ py.test … $ pip freeze >requirements.txt … $ pip install -r requirements.txt
Pn Dp Hr “Django == 1.4.3” Don’t rely on SemVer!
update w/ pip-tools
SECURITY! Bt Hynek…
Scrt!? It’s your Job.
Si I
+ git
+ git Ne!
Fabric
build tools repetitive downloads Wa’s Wog!?
None
.rpm .deb .pkg.tgz
introspection CM integration versatile Ntv Pcae !?
1. check out from VCS 2. create virtualenv 3. install
dependencies 4. do whatever you want 5. package result 6. push to your repo
1. check out from VCS 2. create virtualenv 3. install
dependencies 4. do whatever you want 5. package result 6. push to your repo
Abuse the Pipeline run tests LESS/SASS/CoffeeScript compression cache busting
Packaging is hard! Bt Hynek…
fpm Np.
fpm \ -s dir \ -t deb \ <appdir>
repo server Bt Hynek…
Rp Sre dpkg -i tar.bz2
Atmt! e
app_name: whois project: DOM build_deps: - libpq-dev run_deps: - libpq5
- authbind
Tee’s mr ta oe wy t d i…
None
!ل
Cn grto Mngmn declarative describe the goal CM choses the
path
Sltos prise-oriented features to to compare the two pet Open
ource Puppet Enterprise ✔ ✔ ✔
prise-oriented features to to compare the two pet Open ource
Puppet Enterprise ✔ ✔ ✔ Not easy at all. Sltos
Wy aya? safety/security reproducible “later”
safety/security reproducible “later” Wy aya?
safety/security reproducible “later” Wy aya?
Ts I i Saig
r t
r t Nein!
Js dn’t.
Piiee Pr drop privileges authbind
Need dat POWER! Bt Hynek…
Snl Proe Wres celery rq zerorpc perspective broker/AMP
B Prni /bin/false iptables file sockets REVOKE ALL SSL fail2ban
/bin/false iptables file sockets REVOKE ALL SSL fail2ban B Prni
/bin/false iptables file sockets REVOKE ALL SSL fail2ban B Prni
/bin/false iptables file sockets REVOKE ALL SSL fail2ban B Prni
/bin/false iptables file sockets REVOKE ALL SSL fail2ban B Prni
/bin/false iptables file sockets REVOKE ALL SSL fail2ban B Prni
$ ./manage.py runserver ▌ [0] 0:bash*
None
$ ./manage.py runserver ▌ [0] 0:bash* ᔒ༗!
I’s Es! upstart systemd supervisord circus …
I’s Es! upstart systemd supervisord circus …
Eape: usat $ cat /etc/init/yourapp.conf start on static-network-up stop on
deconfiguring-networking respawn chdir /path/to/yourapp setuid yourapp exec /path/to/gunicorn_django settings.py $ start yourapp
Lg log to stderr redirect stderr syslog use OS tools
Lg … [uwsgi] log-syslog = your-app … twistd --syslog --prefix
your-app …
Lg if $programname == 'you-app' \ then /var/log/your-app.log & ~
+ mod_wsgi
+ mod_wsgi Нет!
Dslie Using Apache is perfectly fine.
Iff you decide consciously for it. Dslie
mod_wsgi
mod_wsgi ? ?
+ g or
+ g or Better separation of concerns.
Es t St U: gncr $ gunicorn_django settings.py $ gunicorn_paster
settings.ini
$ cat settings.py … INSTALLED_APPS = ( … "gunicorn", )
… $ manage.py run_gunicorn Es t St U: gncr
location / { proxy_pass unix:///tmp/app.sock; } location /static/ { root
/your/app/public/; } Es t St U: nix
Fo Es t AEOE
Text
Sil Es: usi uwsgi --emperor production.ini … [uwsgi] paste =
config:%p uwsgi-socket = /tmp/app.sock processes = 2 …
location / { include uwsgi_params; uwsgi_param UWSGI_SCHEME $scheme; uwsgi_pass unix:///tmp/app.sock;
} Sil Es To: nix
Dpo!
Rlbc!
Mntr
Mntr
None
None
Mntr
Maue statsd graphite yunomi
None
None
Maue statsd graphite yunomi
gt 1
http://ox.cx/d @hynek http://hynek.me http://vrmd.de