Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Solid Python Application Deployments For Everyb...
Search
Hynek Schlawack
June 28, 2013
Technology
9
1.8k
Solid Python Application Deployments For Everybody EP Edition
An expanded version of my PyCon US 2013 talk held at EuroPython 2013 in Florence.
Hynek Schlawack
June 28, 2013
Tweet
Share
More Decks by Hynek Schlawack
See All by Hynek Schlawack
Design Pressure
hynek
0
1.7k
Subclassing, Composition, Python, and You
hynek
3
390
Classy Abstractions @ Python Web Conf
hynek
0
200
On the Meaning of Version Numbers
hynek
0
350
Maintaining a Python Project When It’s Not Your Job
hynek
1
2.4k
How to Write Deployment-friendly Applications
hynek
0
2.6k
Solid Snakes or: How to Take 5 Weeks of Vacation
hynek
2
5.8k
Get Instrumented: How Prometheus Can Unify Your Metrics
hynek
4
11k
Beyond grep – PyCon JP
hynek
1
3.5k
Other Decks in Technology
See All in Technology
「魔法少女まどか☆マギカ Magia Exedra」での負荷試験の実践と学び
gree_tech
PRO
0
570
DuckDB-Wasmを使って ブラウザ上でRDBMSを動かす
hacusk
1
140
クラウドセキュリティを支える技術と運用の最前線 / Cutting-edge Technologies and Operations Supporting Cloud Security
yuj1osm
2
270
Snowflakeの生成AI機能を活用したデータ分析アプリの作成 〜Cortex AnalystとCortex Searchの活用とStreamlitアプリでの利用〜
nayuts
0
280
開発者を支える Internal Developer Portal のイマとコレカラ / To-day and To-morrow of Internal Developer Portals: Supporting Developers
aoto
PRO
1
300
ガチな登山用デバイスからこんにちは
halka
1
210
ヘブンバーンズレッドのレンダリングパイプライン刷新
gree_tech
PRO
0
550
AI時代にPdMとPMMはどう連携すべきか / PdM–PMM-collaboration-in-AI-era
rakus_dev
0
280
AIのグローバルトレンド2025 #scrummikawa / global ai trend
kyonmm
PRO
1
230
ヘブンバーンズレッドにおける、世界観を活かしたミニゲーム企画の作り方
gree_tech
PRO
0
540
Skrub: machine-learning with dataframes
gaelvaroquaux
0
120
La gouvernance territoriale des données grâce à la plateforme Terreze
bluehats
0
110
Featured
See All Featured
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
26
3k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
18
1.1k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
139
34k
Thoughts on Productivity
jonyablonski
70
4.8k
Raft: Consensus for Rubyists
vanstee
140
7.1k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
34
6k
Code Review Best Practice
trishagee
70
19k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
33
2.4k
StorybookのUI Testing Handbookを読んだ
zakiyama
31
6.1k
It's Worth the Effort
3n
187
28k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
229
22k
Fantastic passwords and where to find them - at NoRuKo
philnash
52
3.4k
Transcript
River Bar, 2013 Solid Python Application Deployments For Everybody Hynek
Schlawack
None
@hynek http://hynek.me http://github.com/hynek http://www.variomedia.de H!
?
AHEAD
http://ox.cx/d Te Oe & Ol Ln
OPINIONS AHEAD
PaaS Schema Migrations
None
Ky Cnet
easy ≠ simple
None
“Simplicity is prerequisite for reliability.” — Edsger W. Dijkstra
“It is important to find simple solutions instead of stopping
as soon as a first solution is found.” — Donald Knuth
Put effort into making your deployments simple.
None
Dvlpet
Dvlpet
None
No!
None
“Python 2.4 is not supported. It came out 8 years
ago. That's older than Youtube. Upgrade.” — Kenneth Reitz
Sal Pafr Key Infrastructure!
Sal Pafr Application is tied to server OS version. Upgrading
servers == updating your app. Some servers upgraded?
Bt Hynek… My boss won’t let me!
tests! Dvlpet
None
אל
spotty outdated loss of control Sse Pcae
spotty outdated loss of control Sse Pcae
spotty outdated loss of control Sse Pcae
None
Ue vruln $ virtualenv venv; . venv/bin/activate $ pip install
pyramid requests pytest $ py.test … $ pip freeze >requirements.txt … $ pip install -r requirements.txt
Pn Dp Hr “Django == 1.4.3” Don’t rely on SemVer!
update w/ pip-tools
SECURITY! Bt Hynek…
Scrt!? It’s your Job.
Si I
+ git
+ git Ne!
Fabric
build tools repetitive downloads Wa’s Wog!?
None
.rpm .deb .pkg.tgz
introspection CM integration versatile Ntv Pcae !?
1. check out from VCS 2. create virtualenv 3. install
dependencies 4. do whatever you want 5. package result 6. push to your repo
1. check out from VCS 2. create virtualenv 3. install
dependencies 4. do whatever you want 5. package result 6. push to your repo
Abuse the Pipeline run tests LESS/SASS/CoffeeScript compression cache busting
Packaging is hard! Bt Hynek…
fpm Np.
fpm \ -s dir \ -t deb \ <appdir>
repo server Bt Hynek…
Rp Sre dpkg -i tar.bz2
Atmt! e
app_name: whois project: DOM build_deps: - libpq-dev run_deps: - libpq5
- authbind
Tee’s mr ta oe wy t d i…
None
!ل
Cn grto Mngmn declarative describe the goal CM choses the
path
Sltos prise-oriented features to to compare the two pet Open
ource Puppet Enterprise ✔ ✔ ✔
prise-oriented features to to compare the two pet Open ource
Puppet Enterprise ✔ ✔ ✔ Not easy at all. Sltos
Wy aya? safety/security reproducible “later”
safety/security reproducible “later” Wy aya?
safety/security reproducible “later” Wy aya?
Ts I i Saig
r t
r t Nein!
Js dn’t.
Piiee Pr drop privileges authbind
Need dat POWER! Bt Hynek…
Snl Proe Wres celery rq zerorpc perspective broker/AMP
B Prni /bin/false iptables file sockets REVOKE ALL SSL fail2ban
/bin/false iptables file sockets REVOKE ALL SSL fail2ban B Prni
/bin/false iptables file sockets REVOKE ALL SSL fail2ban B Prni
/bin/false iptables file sockets REVOKE ALL SSL fail2ban B Prni
/bin/false iptables file sockets REVOKE ALL SSL fail2ban B Prni
/bin/false iptables file sockets REVOKE ALL SSL fail2ban B Prni
$ ./manage.py runserver ▌ [0] 0:bash*
None
$ ./manage.py runserver ▌ [0] 0:bash* ᔒ༗!
I’s Es! upstart systemd supervisord circus …
I’s Es! upstart systemd supervisord circus …
Eape: usat $ cat /etc/init/yourapp.conf start on static-network-up stop on
deconfiguring-networking respawn chdir /path/to/yourapp setuid yourapp exec /path/to/gunicorn_django settings.py $ start yourapp
Lg log to stderr redirect stderr syslog use OS tools
Lg … [uwsgi] log-syslog = your-app … twistd --syslog --prefix
your-app …
Lg if $programname == 'you-app' \ then /var/log/your-app.log & ~
+ mod_wsgi
+ mod_wsgi Нет!
Dslie Using Apache is perfectly fine.
Iff you decide consciously for it. Dslie
mod_wsgi
mod_wsgi ? ?
+ g or
+ g or Better separation of concerns.
Es t St U: gncr $ gunicorn_django settings.py $ gunicorn_paster
settings.ini
$ cat settings.py … INSTALLED_APPS = ( … "gunicorn", )
… $ manage.py run_gunicorn Es t St U: gncr
location / { proxy_pass unix:///tmp/app.sock; } location /static/ { root
/your/app/public/; } Es t St U: nix
Fo Es t AEOE
Text
Sil Es: usi uwsgi --emperor production.ini … [uwsgi] paste =
config:%p uwsgi-socket = /tmp/app.sock processes = 2 …
location / { include uwsgi_params; uwsgi_param UWSGI_SCHEME $scheme; uwsgi_pass unix:///tmp/app.sock;
} Sil Es To: nix
Dpo!
Rlbc!
Mntr
Mntr
None
None
Mntr
Maue statsd graphite yunomi
None
None
Maue statsd graphite yunomi
gt 1
http://ox.cx/d @hynek http://hynek.me http://vrmd.de