Link
Embed
Share
Beginning
This slide
Copy link URL
Copy link URL
Copy iframe embed code
Copy iframe embed code
Copy javascript embed code
Copy javascript embed code
Share
Tweet
Share
Tweet
Slide 1
Slide 1 text
PyCon US, 2013 Solid Python Application Deployments For Everybody Hynek Schlawack
Slide 2
Slide 2 text
No content
Slide 3
Slide 3 text
@hynek http://hynek.me http://github.com/hynek http://www.variomedia.de Hi!
Slide 4
Slide 4 text
?
Slide 5
Slide 5 text
AHEAD
Slide 6
Slide 6 text
http://ox.cx/d The One & Only Link
Slide 7
Slide 7 text
OPINIONS AHEAD
Slide 8
Slide 8 text
PaaS Schema Migrations
Slide 9
Slide 9 text
No content
Slide 10
Slide 10 text
Key Concept
Slide 11
Slide 11 text
easy ≠ simple
Slide 12
Slide 12 text
No content
Slide 13
Slide 13 text
“Simplicity is prerequisite for reliability.” — Edsger W. Dijkstra
Slide 14
Slide 14 text
“…and security.” — Every Credible Security Expert Ever
Slide 15
Slide 15 text
Put effort into making your deployments simple.
Slide 16
Slide 16 text
No content
Slide 17
Slide 17 text
Development
Slide 18
Slide 18 text
Development
Slide 19
Slide 19 text
No content
Slide 20
Slide 20 text
No!
Slide 21
Slide 21 text
No content
Slide 22
Slide 22 text
“Python 2.4 is not supported. It came out 8 years ago. That's older than Youtube. Upgrade.” — Kenneth Reitz
Slide 23
Slide 23 text
Stable Platform Key Infrastructure?
Slide 24
Slide 24 text
But Hyyyn ek… My boss won’t let me!
Slide 25
Slide 25 text
Development tests!
Slide 26
Slide 26 text
No content
Slide 27
Slide 27 text
אל
Slide 28
Slide 28 text
spotty outdated loss of control System Package
Slide 29
Slide 29 text
spotty outdated loss of control System Package
Slide 30
Slide 30 text
spotty outdated loss of control System Package
Slide 31
Slide 31 text
No content
Slide 32
Slide 32 text
Use virtualen $ virtualenv venv; . venv/bin/activate $ pip install pyramid requests $ py.test … $ pip freeze >requirements.txt … $ pip install -r requirements.txt
Slide 33
Slide 33 text
Pin Dep Hard “Django == 1.4.3” Don’t rely on SemVer! update w/ pip-tools
Slide 34
Slide 34 text
But Hyyyn ek… SECURITY!
Slide 35
Slide 35 text
Security‽ It’s your Job.
Slide 36
Slide 36 text
Package It
Slide 37
Slide 37 text
+ git
Slide 38
Slide 38 text
+ git Ne!
Slide 39
Slide 39 text
Fabric
Slide 40
Slide 40 text
build tools repetitive downloads What’ Wrong‽
Slide 41
Slide 41 text
No content
Slide 42
Slide 42 text
.rpm .deb .pkg.tgz
Slide 43
Slide 43 text
introspection CM integration versatile Native Package ‽
Slide 44
Slide 44 text
1. check out from VCS 2. create virtualenv 3. install dependencies 4. do whatever you want 5. package result 6. push to your repo
Slide 45
Slide 45 text
Abuse the Pipeline run tests LESS/SASS/CoffeeScript compression cache busting
Slide 46
Slide 46 text
Packaging is hard! But Hyyyn ek…
Slide 47
Slide 47 text
fpm Nope.
Slide 48
Slide 48 text
But Hyyyn ek… repo server
Slide 49
Slide 49 text
Rep Serve dpkg -i tar.bz2
Slide 50
Slide 50 text
Automate!
Slide 51
Slide 51 text
from … import Deployment def deb(branch=None): deploy = Deployment( 'whois', build_deps=['libpq-dev',], run_deps=['libpq5',]) deploy.prepare_app( branch=branch) deploy.build_deb()
Slide 52
Slide 52 text
Lazy?
Slide 53
Slide 53 text
There’ more than one way t d it…
Slide 54
Slide 54 text
No content
Slide 55
Slide 55 text
!ل
Slide 56
Slide 56 text
Configuration Management declarative describe the goal CM choses the path
Slide 57
Slide 57 text
Solution prise-oriented features to to compare the two pet Open ource Puppet Enterprise ✔ ✔ ✔
Slide 58
Slide 58 text
prise-oriented features to to compare the two pet Open ource Puppet Enterprise ✔ ✔ ✔ Not easy at all. Solution
Slide 59
Slide 59 text
Why anyway? safety/security reproducible “later”
Slide 60
Slide 60 text
safety/security reproducible “later” Why anyway?
Slide 61
Slide 61 text
safety/security reproducible “later” Why anyway?
Slide 62
Slide 62 text
Kate Heddleston This Room: 2:35 p.m.–3:05 p.m. Chef: Automating web application infrastructure
Slide 63
Slide 63 text
Test It in Staging
Slide 64
Slide 64 text
r t
Slide 65
Slide 65 text
r t Nein!
Slide 66
Slide 66 text
Just don’t.
Slide 67
Slide 67 text
Privileged Port drop privileges authbind
Slide 68
Slide 68 text
But Hyyyn ek… Need dat POWER!
Slide 69
Slide 69 text
Single Purpose Worke celery rq zerorpc pb/AMP
Slide 70
Slide 70 text
Be Paranoid /bin/false iptables file sockets REVOKE ALL SSL fail2ban
Slide 71
Slide 71 text
/bin/false iptables file sockets REVOKE ALL SSL fail2ban Be Paranoid
Slide 72
Slide 72 text
/bin/false iptables file sockets REVOKE ALL SSL fail2ban Be Paranoid
Slide 73
Slide 73 text
/bin/false iptables file sockets REVOKE ALL SSL fail2ban Be Paranoid
Slide 74
Slide 74 text
/bin/false iptables file sockets REVOKE ALL SSL fail2ban Be Paranoid
Slide 75
Slide 75 text
/bin/false iptables file sockets REVOKE ALL SSL fail2ban Be Paranoid
Slide 76
Slide 76 text
$ ./manage.py runserver ▌ [0] 0:bash*
Slide 77
Slide 77 text
No content
Slide 78
Slide 78 text
$ ./manage.py runserver ▌ [0] 0:bash* ᔒ༗!
Slide 79
Slide 79 text
It’ Easy! upstart systemd supervisord circus …
Slide 80
Slide 80 text
It’ Easy! upstart systemd supervisord circus …
Slide 81
Slide 81 text
Example: upstart $ cat /etc/init/yourapp.conf start on static-network-up stop on deconfiguring-networking respawn chdir /path/to/yourapp setuid yourapp exec /path/to/gunicorn_django settings.py $ start yourapp
Slide 82
Slide 82 text
+ mod_wsgi
Slide 83
Slide 83 text
+ mod_wsgi Нет!
Slide 84
Slide 84 text
Disclaime Using Apache is perfectly fine.
Slide 85
Slide 85 text
Iff you decide consciously for it. Disclaime
Slide 86
Slide 86 text
mod_wsgi
Slide 87
Slide 87 text
mod_wsgi ? ?
Slide 88
Slide 88 text
+ g or
Slide 89
Slide 89 text
+ g or Better separation of Concerns.
Slide 90
Slide 90 text
Easy t Set U : gunicorn $ gunicorn_django settings.py $ gunicorn_paster settings.ini
Slide 91
Slide 91 text
$ cat settings.py … INSTALLED_APPS = ( … "gunicorn", ) … $ manage.py run_gunicorn Easy t Set U : gunicorn
Slide 92
Slide 92 text
Easy t Set U : nginx location / { proxy_pass http://127.0.0.1:5000; } location /static/ { root /your/app/public/; }
Slide 93
Slide 93 text
Graham Dumpleton This Room: 3:15 p.m.–3:45 p.m. Making Apache suck less for hosting Python web applications.
Slide 94
Slide 94 text
Deploy!
Slide 95
Slide 95 text
Ro back!
Slide 96
Slide 96 text
Monito
Slide 97
Slide 97 text
Monito
Slide 98
Slide 98 text
Measure
Slide 99
Slide 99 text
Measure statsd graphite scales
Slide 100
Slide 100 text
got 1
Slide 101
Slide 101 text
FIN http://ox.cx/d @hynek http://hynek.me http://vrmd.de