Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Containerless Django

A464f1f39d9d840f9ca156e9abcfd4a9?s=47 Peter Baumgartner
October 16, 2018
Programming
5
1.2k

Containerless Django

Deploying Django without Docker

A464f1f39d9d840f9ca156e9abcfd4a9?s=128

Peter Baumgartner

October 16, 2018
Tweet

More Decks by Peter Baumgartner

See All by Peter Baumgartner
Prepping Your Project for Production
A464f1f39d9d840f9ca156e9abcfd4a9?s=48 ipmb
2
610
Django Deployments Done Right
A464f1f39d9d840f9ca156e9abcfd4a9?s=48 ipmb
6
1.3k
High Performance Django: From runserver to Reddit hugs
A464f1f39d9d840f9ca156e9abcfd4a9?s=48 ipmb
1
1.2k
Getting Started with Salt (PyCon 2014)
A464f1f39d9d840f9ca156e9abcfd4a9?s=48 ipmb
6
1k
Monitoring Infrastructure with SaltStack
A464f1f39d9d840f9ca156e9abcfd4a9?s=48 ipmb
16
9.7k
Getting Started with Salt
A464f1f39d9d840f9ca156e9abcfd4a9?s=48 ipmb
11
1.6k

Other Decks in Programming

See All in Programming
フロントエンドエンジニアが変える現場のモデリング意識/modeling-awareness-changed-by-front-end-engineers
F122773bb8d506a4f38a94bfeff45945?s=48 uggds
32
13k
「混ぜるな危険」を推進する設計
8ec2b967e38f000eb63ae345cd7c58e6?s=48 minodriven
8
2.5k
「困りごと」から始める個人開発
4a0e3afe85259f2973dbc9386b6a4bb3?s=48 ikumatadokoro
4
240
パスワードに関する最近の動向
8fd1ae6548d5ab14139c8d8032b76ee1?s=48 kenchan0130
1
320
プロダクトの成長とSREと
5a9fb3b80c517e51e4e95a27b63c6a67?s=48 takuyatezuka
0
120
プロダクトのタイプ別 GraphQL クライアントの選び方
C8b80b3b6b5b26df6122c8113ca441ea?s=48 shozawa
0
8.1k
設計の考え方とやり方
8f84b7d8869ef6005d89b378e8661f7c?s=48 masuda220
PRO
46
26k
Isar勉強会
693ed679c8dde3eccbc682ff44f357e1?s=48 hoddy3190
0
320
Licences open source : entre guerre de clochers et radicalité
323bb1cb39e6478e559b6e13d2fdf518?s=48 pylapp
2
550
Rust、何もわからない...#3
5d9c07f0c2044b1407a84d88362bc84d?s=48 estie
0
140
Register-based calling convention for Go functions
86d54dc23ace2b5920f7d5777949ed8f?s=48 cjamhe01385
0
390
JetpackCompose 導入半年で感じた 改善点
2f2c6995048700e9175943d868df4974?s=48 spbaya0141
0
140

Featured

See All Featured
Ruby is Unlike a Banana
6804f1775cb4babfcc3851298566fbce?s=48 tanoku
91
9.3k
A Modern Web Designer's Workflow
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
689
180k
Designing the Hi-DPI Web
C157b16234f1e75e8eac3698c1d4414a?s=48 ddemaree
272
32k
A Philosophy of Restraint
C9b18d9dff88a9dd2393364c2b3b21bd?s=48 colly
192
15k
Distributed Sagas: A Protocol for Coordinating Microservices
9128d500301ae51524e887bb680f471d?s=48 caitiem20
316
19k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
498
130k
The Language of Interfaces
Fde6c3a50ca518a909ef35c22c0ee0e4?s=48 destraynor
148
21k
Web Components: a chance to create the future
E190023b66e2b8aa73a842b106920c93?s=48 zenorocha
303
40k
The Brand Is Dead. Long Live the Brand.
A415db3ac9e9668acbc1fb36eead84ac?s=48 mthomps
46
2.7k
A designer walks into a library…
15f2b8221f247985a27a627d2ece72f0?s=48 pauljervisheath
196
16k
KATA
E9221b172e78e888355fa2fe4541b595?s=48 mclloyd
7
8.8k
The Power of CSS Pseudo Elements
5b6a2bd86ef643786a381a212e0ef2f1?s=48 geoffreycrofte
47
4k

Transcript

  1. DjangoCon US—San Diego Oct 2018 Deploying without Docker Containerless Django

    Peter Baumgartner

  2. Founder at Lincoln Loop—lincolnloop.com Former SysAdmin, DevOps for 8 years

    Author of High Performance Django About Me

  3. Docker is cool!

  4. @ipmb | #djangocon Docker is cool! The “pipeline” Security Isolation

    Dev/prod parity

  5. Just bundle the entire OS

  6. Some philosophy

  7. “ —Mike Perham
 https://www.mikeperham.com/2016/02/09/kill-your-dependencies/ No code runs faster than no

    code.
 No code has fewer bugs than no code.
 No code uses less memory than no code.
 No code is easier to understand than no code. “
  8. None

  9. @ipmb | #djangocon Docker Drawbacks Slow Extra abstractions More software,

    more problems
  10. None

  11. How did we get here?

  12. @ipmb | #djangocon Deployments sucked Dependencies would shift underneath you

    Build tools and dev packages needed to be installed Multiple languages, multiple builds (Python & Node)

  13. @ipmb | #djangocon The ideal deployment Download a binary Create

    a configuration file Run it

  14. @ipmb | #djangocon The ideal deployment /usr/local/bin/traefik \
 --configFile=/etc/traefik/traefik.toml /usr/local/bin/telegraf

    \
 --config=/etc/telegraf/telegraf.conf /usr/sbin/nginx -c /etc/nginx/nginx.conf

  15. @ipmb | #djangocon Python isn’t C or Go Requires a

    VM Dynamic linking Packaging isn’t straightforward
  16. None

  17. Can we do better?

  18. @ipmb | #djangocon We already are! Lock files via pipenv

    or poetry Pre-compiled wheels (Pillow, psycopg2-binary, etc.) Still lots of holes - Assembling virtualenvs - Static files - Production webserver

  19. @ipmb | #djangocon Prior art Private PyPI virtualenv-clone Platter dh-virtualenv

    Pex

  20. @ipmb | #djangocon ZIP applications? Part of Python since 2.6

    PEP-441 improves support in 3.5 Create a ZIP archive of your project. Run it with Python. …but no mechanism for handling dependencies
  21. None

  22. @ipmb | #djangocon Enter shiv! A project from LinkedIn Zipapps

    with dependencies A single artifact you can build → test → deploy ./myproject.pyz runserver

  23. Django as a zipapp

  24. Package your project with setup.py

  25. @ipmb | #djangocon Include templates & static files Create a

    MANIFEST.in
 
 graft your_project/collected_static
 graft your_project/templates

  26. @ipmb | #djangocon Production webserver gunicorn + whitenoise ⭐ https://pypi.org/project/django-pyuwsgi/

  27. @ipmb | #djangocon Build your zipapp

  28. @ipmb | #djangocon Run your zipapp ./yourproject.pyz pyuwsgi --http=:8000

  29. @ipmb | #djangocon Configuration Same zipapp, but different settings per

    environment Options: - Multiple settings files and DJANGO_SETTINGS_MODULE - Environment variables - ⭐ https://pypi.org/project/goodconf/

  30. @ipmb | #djangocon The zipapp pipeline Use CI (Travis, CircleCI,

    Bitbucket, etc.) to: - Build - Test - Push Deploy = Download and run
  31. None

  32. What about security?

  33. Systemd's got your back

  34. @ipmb | #djangocon Systemd is awesome ProtectSystem=strict
 ProtectHome=true DynamicUser=true CapabilityBoundingSet=~CAP_SYS_ADMIN

    AppArmorProfile=srv.yourproject.pyz ProtectKernelTunables=true
 ProtectControlGroups=true
 ProtectKernelModules=true
 PrivateDevices=true
 PrivateTmp=true
 SystemCallArchitectures=native

  35. What about isolation?

  36. @ipmb | #djangocon Isolation You still need Python installed globally

    Easy to install multiple Pythons on one server Docker has better isolation, but do you need it?

  37. @ipmb | #djangocon What about parity? Zipapp is the same

    from CI to all deployed environments Use Docker to mimic deployment envionrment locally (or don't)

  38. @ipmb | #djangocon Pros Simpler. No Docker on the server.

    No registry.
 ~1M fewer lines of code to depend on. Smaller artifacts Faster deployments It's just Python

  39. @ipmb | #djangocon Cons Not as isolated as true containers

    Requires Python runtime on the server Python-specific Not cross-platform compatible (if you have packages with C extensions)

  40. @ipmb | #djangocon Sweet spot for zipapps You are deploying

    primarily Python services You have outgrown PaaS (Heroku, PythonAnywhere, Divio, etc.) You have fewer than 50 services to maintain
  41. None
  42. None

  43. Thanks! Peter Baumgartner pete@lincolnloop.com @ipmb