Slide 1
Slide 1 text
2013
Richard Schneeman
@schneems
Millions of
Apps
Slide 2
Slide 2 text
Hello
Slide 3
Slide 3 text
@schneems
Slide 4
Slide 4 text
Schnauser
Slide 5
Slide 5 text
No content
Slide 6
Slide 6 text
Ruby
Me
Slide 7
Slide 7 text
Hans
Peter
Von
Wolfe (the 5th)
Slide 8
Slide 8 text
Sextant
Gem
Slide 9
Slide 9 text
Wicked
‘
‘
Gem
Slide 10
Slide 10 text
Triage
Code
codetriage.com
Slide 11
Slide 11 text
No content
Slide 12
Slide 12 text
Adjunct
Professor
Slide 13
Slide 13 text
Good News
Everyone!
schneems.com/ut-rails
Slide 14
Slide 14 text
No content
Slide 15
Slide 15 text
Ruby
Task
Force
Slide 16
Slide 16 text
Ruby
Task
Force
Member
Slide 17
Slide 17 text
What did
we learn?
Slide 18
Slide 18 text
Twelve Factor
• Can apply to any language
• Speeds up deployment, makes scaling
easier & keeps apps clean
• Developed over direct exposure to the
deployment of hundreds of thousands of
apps
Slide 19
Slide 19 text
12factor.net
• Codebase
• One codebase tracked in revision control, many deploys
• Dependencies
• Explicitly declare and isolate dependencies
• Config
• Store config in the environment
• Backing Services
• Treat backing services as attached resources
Slide 20
Slide 20 text
12factor.net
• Build, Release, Run
• Strictly separate build and run stages
• Process
• Execute the app as one or more stateless processes
• Port Binding
• Export services via port binding
• Concurrency
• Scale out via the process model
Slide 21
Slide 21 text
12factor.net
• Disposability
• Maximize robustness with fast startup and graceful shutdown
• Dev/Prod Parity
• Keep development, staging, and production as similar as possible
• Logs
• Treat logs as event streams
• Admin Process
• Run admin/management tasks as one-off processes
Slide 22
Slide 22 text
Questions?
@schneems
Slide 23
Slide 23 text
Rails Gets
A lot right
Slide 24
Slide 24 text
Skip the
numbers,
focus on the
takeaways
Slide 25
Slide 25 text
Close your
Laptops
Slide 26
Slide 26 text
Unless you’re
commenting
on rails/rails
issues
Slide 27
Slide 27 text
Security
Security
Security
Slide 28
Slide 28 text
CSRF
Slide 29
Slide 29 text
Cross
Site
Request
Forgery
Slide 30
Slide 30 text
No content
Slide 31
Slide 31 text
config.security_token
Slide 32
Slide 32 text
the key to
your digital
kingdom
Slide 33
Slide 33 text
Would you
give your
Car key
copies to:
Slide 34
Slide 34 text
Interns?
Your
Slide 35
Slide 35 text
Contractors?
Your
Slide 36
Slide 36 text
Your
Open Source
Contributors?
Slide 37
Slide 37 text
If secrets are in
your source,
you’ve already
given them your
digital kingdom
Slide 38
Slide 38 text
Protect
Your
Code
Slide 39
Slide 39 text
Secure keys
in source
control
aren’t secure
Slide 40
Slide 40 text
What’s an
alternative?
Slide 41
Slide 41 text
Environment
Variables
Slide 42
Slide 42 text
$ rake db:migrate RAILS_ENV=test
Slide 43
Slide 43 text
$ rake db:migrate RAILS_ENV=test
Slide 44
Slide 44 text
In
Development
Slide 45
Slide 45 text
Use a
.env file
Slide 46
Slide 46 text
$ cat .env
SECRET_TOKEN=d59c2a439f
Slide 47
Slide 47 text
Use dotenv
gem
Slide 48
Slide 48 text
$ irb
> Dotenv.load
> puts ENV[‘SECRET_TOKEN’]
> “d59c2a439f”
Slide 49
Slide 49 text
Use foreman
gem
Slide 50
Slide 50 text
$ foreman run irb
> puts ENV[‘SECRET_TOKEN’]
> “d59c2a439f”
Slide 51
Slide 51 text
In
Production
Slide 52
Slide 52 text
$ heroku config:add SECRET_TOKEN=d59c2a439
Slide 53
Slide 53 text
VPS
• Use Foreman/Dotenv
• Add to bashrc
• Add values directly to command
$ SECRET_TOKEN=asd123 rails console
ruby-1.9.3> puts ENV[‘SECRET_TOKEN’]
ruby-1.9.3> “asd123”
Slide 54
Slide 54 text
What if...
Slide 55
Slide 55 text
Someone
Can read my
ENV
Variables?
Slide 56
Slide 56 text
Then they
can read
your files too
Slide 57
Slide 57 text
Is your app
secure?
Slide 58
Slide 58 text
Is your app
open
source-
able?
Slide 59
Slide 59 text
SECRET_TOKEN
is just one
example of
Config
Slide 60
Slide 60 text
Define:
Config
Slide 61
Slide 61 text
Config
• What varies between deploys
• resource strings to databases
• credentials to S3, twitter, facebook, etc.
• canonical values, hostname
• security tokens
Slide 62
Slide 62 text
Can you deploy
your app to change
your S3 Bucket?
Slide 63
Slide 63 text
Do you NEED to
deploy your app to
change your S3
bucket?
Slide 64
Slide 64 text
Don’t Do
This
Slide 65
Slide 65 text
Environment
Variables!
Use
Slide 66
Slide 66 text
Config
Slide 67
Slide 67 text
The interface
between your
platform and your
code
Slide 68
Slide 68 text
But I like
storing my
credentials
in git!
Slide 69
Slide 69 text
What is
Config?
Just because
it works...
Slide 70
Slide 70 text
Keep Config
Seperate
from Code
Slide 71
Slide 71 text
Gives us
Release
Managment
Slide 72
Slide 72 text
$ heroku releases
=== issuetriage Releases
v102 Add SECRET_TOKEN config
v101 Deploy 0e66245
Slide 73
Slide 73 text
$ heroku releases:rollback V101
Slide 74
Slide 74 text
Keep Config
Seperate
from Code
Slide 75
Slide 75 text
Gives us
Add-ons
Slide 76
Slide 76 text
No content
Slide 77
Slide 77 text
$ heroku addons:add cdn_sumo
Slide 78
Slide 78 text
config/production.rb
config.action_controller.asset_host =
ENV["CDN_SUMO_URL"]
Slide 79
Slide 79 text
No content
Slide 80
Slide 80 text
We’re treating
add-ons as
attached
resources
Slide 81
Slide 81 text
development
vs.
production
Slide 82
Slide 82 text
Using
Postgres in
Production?
Slide 83
Slide 83 text
You
wouldn’t
develop in
mongo
Slide 84
Slide 84 text
Don’t develop
on sqlite3 and
deploy on
Postgres
Slide 85
Slide 85 text
Dev/Prod
Parity
Slide 86
Slide 86 text
Development
• As close to production as possible
• Same data-stores (postgres, memcache)
• Same language versions (Ruby 1.9)
• Real/consistent data
Slide 87
Slide 87 text
Development
• Real/consistent data
$ heroku pgbackups:capture
Slide 88
Slide 88 text
Dev/Dev
Parity
Slide 89
Slide 89 text
README.md
• Living document
• Standardize dev environment
• Instructions for external dependencies
• Instructions for starting processes
• Problem with dev environment?
• Put the fix in the readme
$ brew install memcache
$ foreman start
Slide 90
Slide 90 text
Use a
Readme to
scale your
Devs
Slide 91
Slide 91 text
This is my README
There are many
like it,
but this one is MINE
Slide 92
Slide 92 text
You could
use a
script...
Slide 93
Slide 93 text
Do you have
performance
problems?
Slide 94
Slide 94 text
WRONG!
Slide 95
Slide 95 text
there are no
performance
problems, only
visibility
problems
“
- Ryan.Smith
Slide 96
Slide 96 text
Application
Visability
Slide 97
Slide 97 text
What we
need:
Slide 98
Slide 98 text
Distributed
Slide 99
Slide 99 text
Fault
Tolerant
Slide 100
Slide 100 text
Low
Overhead
Slide 101
Slide 101 text
Streams of
data
Slide 102
Slide 102 text
Solution:
Slide 103
Slide 103 text
No content
Slide 104
Slide 104 text
No content
Slide 105
Slide 105 text
No content
Slide 106
Slide 106 text
????????
Slide 107
Slide 107 text
????????
Slide 108
Slide 108 text
Introducing
Slide 109
Slide 109 text
logs
Slide 110
Slide 110 text
As streams
of data
Slide 111
Slide 111 text
Measure
Metrics:
Slide 112
Slide 112 text
No content
Slide 113
Slide 113 text
Track
Errors:
Slide 114
Slide 114 text
$ heroku logs --tail
Slide 115
Slide 115 text
What about
when i’m
not
looking?
Slide 116
Slide 116 text
Papertrail
Slide 117
Slide 117 text
No content
Slide 118
Slide 118 text
Error
Notification
Slide 119
Slide 119 text
Error Notification
• Record Logs & Errors
• New Relic (rpm)
• Airbrake (hoptoad)
• HoneyBadger
Slide 120
Slide 120 text
New Relic
Slide 121
Slide 121 text
Protip:
Admin
flavored
error pages
Slide 122
Slide 122 text
Error Pages
• Admins get error
+ Backtrace
Couldn't find Course with ID=chunkybacon
Details
Params: {"action"=>"show", "controller"=>"courses", "id"=>"chunkybacon"}
Backtrace:
lib/active_record/relation/finder_methods.rb:304:in `find_one'
Slide 123
Slide 123 text
Admin Error Pages
+ Backtrace
Couldn't find Course with ID=chunkybacon
Details
Params: {"action"=>"show", "controller"=>"courses", "id"=>"chunkybacon"}
Backtrace:
lib/active_record/relation/finder_methods.rb:304:in `find_one'
Slide 124
Slide 124 text
Questions?
@schneems
(for real this time)