Solid Python Deployments for Everybody

Solid Python Deployments for Everybody

Without orientation, deployments of Python applications can be tiresome and even painful. This talk attempts to replace anxiety and pain through informed annoyance.

There are extensive additional notes to this talk at http://hynek.me/talks/python-deployments/ .

174e7b0ff60963f821d0b9a4f1a3ef52?s=128

Hynek Schlawack

March 16, 2013
Tweet

Transcript

  1. PyCon US, 2013 Solid Python Application Deployments For Everybody Hynek

    Schlawack
  2. None
  3. @hynek http://hynek.me http://github.com/hynek http://www.variomedia.de Hi!

  4. ?

  5. AHEAD

  6. http://ox.cx/d The One & Only Link

  7. OPINIONS AHEAD

  8. PaaS Schema Migrations

  9. None
  10. Key Concept

  11. easy ≠ simple

  12. None
  13. “Simplicity is prerequisite for reliability.” — Edsger W. Dijkstra

  14. “…and security.” — Every Credible Security Expert Ever

  15. Put effort into making your deployments simple.

  16. None
  17. Development

  18. Development

  19. None
  20. No!

  21. None
  22. “Python 2.4 is not supported. It came out 8 years

    ago. That's older than Youtube. Upgrade.” — Kenneth Reitz
  23. Stable Platform Key Infrastructure?

  24. But Hyyyn ek… My boss won’t let me!

  25. Development tests!

  26. None
  27. אל

  28. spotty outdated loss of control System Package

  29. spotty outdated loss of control System Package

  30. spotty outdated loss of control System Package

  31. None
  32. Use virtualen $ virtualenv venv; . venv/bin/activate $ pip install

    pyramid requests $ py.test … $ pip freeze >requirements.txt … $ pip install -r requirements.txt
  33. Pin Dep Hard “Django == 1.4.3” Don’t rely on SemVer!

    update w/ pip-tools
  34. But Hyyyn ek… SECURITY!

  35. Security‽ It’s your Job.

  36. Package It

  37. + git

  38. + git Ne!

  39. Fabric

  40. build tools repetitive downloads What’ Wrong‽

  41. None
  42. .rpm .deb .pkg.tgz

  43. introspection CM integration versatile Native Package ‽

  44. 1. check out from VCS 2. create virtualenv 3. install

    dependencies 4. do whatever you want 5. package result 6. push to your repo
  45. Abuse the Pipeline run tests LESS/SASS/CoffeeScript compression cache busting

  46. Packaging is hard! But Hyyyn ek…

  47. fpm Nope.

  48. But Hyyyn ek… repo server

  49. Rep Serve dpkg -i tar.bz2

  50. Automate!

  51. from … import Deployment def deb(branch=None): deploy = Deployment( 'whois',

    build_deps=['libpq-dev',], run_deps=['libpq5',]) deploy.prepare_app( branch=branch) deploy.build_deb()
  52. Lazy?

  53. There’ more than one way t d it…

  54. None
  55. Configuration Management declarative describe the goal CM choses the path

  56. Solution prise-oriented features to to compare the two pet Open

    ource Puppet Enterprise ✔ ✔ ✔
  57. prise-oriented features to to compare the two pet Open ource

    Puppet Enterprise ✔ ✔ ✔ Not easy at all. Solution
  58. Why anyway? safety/security reproducible “later”

  59. safety/security reproducible “later” Why anyway?

  60. safety/security reproducible “later” Why anyway?

  61. Kate Heddleston This Room: 2:35 p.m.–3:05 p.m. Chef: Automating web

    application infrastructure
  62. Test It in Staging

  63. r t

  64. r t Nein!

  65. Just don’t.

  66. Privileged Port drop privileges authbind

  67. But Hyyyn ek… Need dat POWER!

  68. Single Purpose Worke celery rq zerorpc pb/AMP

  69. Be Paranoid /bin/false iptables file sockets REVOKE ALL SSL fail2ban

  70. /bin/false iptables file sockets REVOKE ALL SSL fail2ban Be Paranoid

  71. /bin/false iptables file sockets REVOKE ALL SSL fail2ban Be Paranoid

  72. /bin/false iptables file sockets REVOKE ALL SSL fail2ban Be Paranoid

  73. /bin/false iptables file sockets REVOKE ALL SSL fail2ban Be Paranoid

  74. /bin/false iptables file sockets REVOKE ALL SSL fail2ban Be Paranoid

  75. $ ./manage.py runserver ▌ [0] 0:bash*

  76. None
  77. $ ./manage.py runserver ▌ [0] 0:bash* ᔒ༗!

  78. It’ Easy! upstart systemd supervisord circus …

  79. It’ Easy! upstart systemd supervisord circus …

  80. Example: upstart $ cat /etc/init/yourapp.conf start on static-network-up stop on

    deconfiguring-networking respawn chdir /path/to/yourapp setuid yourapp exec /path/to/gunicorn_django settings.py $ start yourapp
  81. + mod_wsgi

  82. + mod_wsgi Нет!

  83. Disclaime Using Apache is perfectly fine.

  84. Iff you decide consciously for it. Disclaime

  85. mod_wsgi

  86. mod_wsgi ? ?

  87. + g or

  88. + g or Better separation of Concerns.

  89. Easy t Set U : gunicorn $ gunicorn_django settings.py $

    gunicorn_paster settings.ini
  90. $ cat settings.py … INSTALLED_APPS = ( … "gunicorn", )

    … $ manage.py run_gunicorn Easy t Set U : gunicorn
  91. Easy t Set U : nginx location / { proxy_pass

    http://127.0.0.1:5000; } location /static/ { root /your/app/public/; }
  92. Graham Dumpleton This Room: 3:15 p.m.–3:45 p.m. Making Apache suck

    less for hosting Python web applications.
  93. Deploy!

  94. Ro back!

  95. Monito

  96. Monito

  97. Measure

  98. Measure statsd graphite scales

  99. got 1

  100. FIN http://ox.cx/d @hynek http://hynek.me http://vrmd.de