Pro Yearly is on sale from $80 to $50! »

Containerless Django

Containerless Django

Deploying Django without Docker

A464f1f39d9d840f9ca156e9abcfd4a9?s=128

Peter Baumgartner

October 16, 2018
Tweet

Transcript

  1. DjangoCon US—San Diego Oct 2018 Deploying without Docker Containerless Django

    Peter Baumgartner
  2. Founder at Lincoln Loop—lincolnloop.com Former SysAdmin, DevOps for 8 years

    Author of High Performance Django About Me
  3. Docker is cool!

  4. @ipmb | #djangocon Docker is cool! The “pipeline” Security Isolation

    Dev/prod parity
  5. Just bundle the entire OS

  6. Some philosophy

  7. “ —Mike Perham
 https://www.mikeperham.com/2016/02/09/kill-your-dependencies/ No code runs faster than no

    code.
 No code has fewer bugs than no code.
 No code uses less memory than no code.
 No code is easier to understand than no code. “
  8. None
  9. @ipmb | #djangocon Docker Drawbacks Slow Extra abstractions More software,

    more problems
  10. None
  11. How did we get here?

  12. @ipmb | #djangocon Deployments sucked Dependencies would shift underneath you

    Build tools and dev packages needed to be installed Multiple languages, multiple builds (Python & Node)
  13. @ipmb | #djangocon The ideal deployment Download a binary Create

    a configuration file Run it
  14. @ipmb | #djangocon The ideal deployment /usr/local/bin/traefik \
 --configFile=/etc/traefik/traefik.toml /usr/local/bin/telegraf

    \
 --config=/etc/telegraf/telegraf.conf /usr/sbin/nginx -c /etc/nginx/nginx.conf
  15. @ipmb | #djangocon Python isn’t C or Go Requires a

    VM Dynamic linking Packaging isn’t straightforward
  16. None
  17. Can we do better?

  18. @ipmb | #djangocon We already are! Lock files via pipenv

    or poetry Pre-compiled wheels (Pillow, psycopg2-binary, etc.) Still lots of holes - Assembling virtualenvs - Static files - Production webserver
  19. @ipmb | #djangocon Prior art Private PyPI virtualenv-clone Platter dh-virtualenv

    Pex
  20. @ipmb | #djangocon ZIP applications? Part of Python since 2.6

    PEP-441 improves support in 3.5 Create a ZIP archive of your project. Run it with Python. …but no mechanism for handling dependencies
  21. None
  22. @ipmb | #djangocon Enter shiv! A project from LinkedIn Zipapps

    with dependencies A single artifact you can build → test → deploy ./myproject.pyz runserver
  23. Django as a zipapp

  24. Package your project with setup.py

  25. @ipmb | #djangocon Include templates & static files Create a

    MANIFEST.in
 
 graft your_project/collected_static
 graft your_project/templates
  26. @ipmb | #djangocon Production webserver gunicorn + whitenoise ⭐ https://pypi.org/project/django-pyuwsgi/

  27. @ipmb | #djangocon Build your zipapp

  28. @ipmb | #djangocon Run your zipapp ./yourproject.pyz pyuwsgi --http=:8000

  29. @ipmb | #djangocon Configuration Same zipapp, but different settings per

    environment Options: - Multiple settings files and DJANGO_SETTINGS_MODULE - Environment variables - ⭐ https://pypi.org/project/goodconf/
  30. @ipmb | #djangocon The zipapp pipeline Use CI (Travis, CircleCI,

    Bitbucket, etc.) to: - Build - Test - Push Deploy = Download and run
  31. None
  32. What about security?

  33. Systemd's got your back

  34. @ipmb | #djangocon Systemd is awesome ProtectSystem=strict
 ProtectHome=true DynamicUser=true CapabilityBoundingSet=~CAP_SYS_ADMIN

    AppArmorProfile=srv.yourproject.pyz ProtectKernelTunables=true
 ProtectControlGroups=true
 ProtectKernelModules=true
 PrivateDevices=true
 PrivateTmp=true
 SystemCallArchitectures=native
  35. What about isolation?

  36. @ipmb | #djangocon Isolation You still need Python installed globally

    Easy to install multiple Pythons on one server Docker has better isolation, but do you need it?
  37. @ipmb | #djangocon What about parity? Zipapp is the same

    from CI to all deployed environments Use Docker to mimic deployment envionrment locally (or don't)
  38. @ipmb | #djangocon Pros Simpler. No Docker on the server.

    No registry.
 ~1M fewer lines of code to depend on. Smaller artifacts Faster deployments It's just Python
  39. @ipmb | #djangocon Cons Not as isolated as true containers

    Requires Python runtime on the server Python-specific Not cross-platform compatible (if you have packages with C extensions)
  40. @ipmb | #djangocon Sweet spot for zipapps You are deploying

    primarily Python services You have outgrown PaaS (Heroku, PythonAnywhere, Divio, etc.) You have fewer than 50 services to maintain
  41. None
  42. None
  43. Thanks! Peter Baumgartner pete@lincolnloop.com @ipmb