Millions of Apps - What we've learned

Slide 1

Slide 1 text

Millions of apps What we’ve learned

Slide 2

Slide 2 text

No content

Slide 3

Slide 3 text

• Can apply to any language • Speeds up deployment and scaling • Keeps apps clean • Developed through exposure 12 factor

Slide 4

Slide 4 text

12 factor • Codebase  One codebase tracked in revision control, many deploys • Dependencies  Explicitly declare and isolate dependencies • Conﬁg  Store conﬁg in the environment • Backing Services  Treat backing services as attached resources

Slide 5

Slide 5 text

12 factor • Build, Release, Run  Strictly separate build and run stages • Process  Execute the app as one or more stateless processes • Port Binding  Export services via port binding • Concurrency  Scale out via the process model

Slide 6

Slide 6 text

12 factor • Disposability  Maximise robustness with fast startup and shutdown • Parity  Keep environments as similar as possible • Logs  Treat logs as event streams • Admin Processes  Run admin/management tasks as one-oﬀ processes

Slide 7

Slide 7 text

No content

Slide 8

Slide 8 text

Frameworks

Slide 9

Slide 9 text

Rails gets a lot right

Slide 10

Slide 10 text

Security

Slide 11

Slide 11 text

Cross Site Request Forgery

Slide 12

Slide 12 text

config.security_token

Slide 13

Slide 13 text

No content

Slide 14

Slide 14 text

No content

Slide 15

Slide 15 text

No content

Slide 16

Slide 16 text

No content

Slide 17

Slide 17 text

Protect your code

Slide 18

Slide 18 text

$ git commit -m “the secretz”

Slide 19

Slide 19 text

Secure keys in source control aren’t secure

Slide 20

Slide 20 text

Environment variables

Slide 21

Slide 21 text

$ rake db:migrate RAILS_ENV=test

Slide 22

Slide 22 text

No content

Slide 23

Slide 23 text

Deterministic builds

Slide 24

Slide 24 text

.env

Slide 25

Slide 25 text

$ cat .env SECRET_TOKEN=d2398jdd2

Slide 26

Slide 26 text

https://github.com/bkeepers/dotenv dotenv

Slide 27

Slide 27 text

$ irb > Dotenv.load > puts ENV[‘SECRET_TOKEN’] > “d2398jdd2”

Slide 28

Slide 28 text

https://github.com/ddollar/foreman Foreman

Slide 29

Slide 29 text

$ foreman run irb > puts ENV[‘SECRET_TOKEN’] > “d2398jdd2”

Slide 30

Slide 30 text

In Production

Slide 31

Slide 31 text

• Use Foreman / dotenv • Add to .bashrc • Add values directly to the command

Slide 32

Slide 32 text

$ heroku config:set SECRET_TOKEN=“d2398jdd2”

Slide 33

Slide 33 text

Tokens are just one example of conﬁg

Slide 34

Slide 34 text

• Resource strings (databases) • Credentials (S3, Twitter, Facebook) • Canonical values • Tokens

Slide 35

Slide 35 text

A quick test

Slide 36

Slide 36 text

No content

Slide 37

Slide 37 text

Q. Are your apps   open-sourceable right now?

Slide 38

Slide 38 text

Do you NEED to deploy your application to change an S3 bucket name?

Slide 39

Slide 39 text

Conﬁg is the interface between your platform and your code. ! Conﬁg is not code.

Slide 40

Slide 40 text

Keep conﬁg separate from code.

Slide 41

Slide 41 text

Release management

Slide 42

Slide 42 text

$ heroku releases === my_app releases v102 Add SECRET_TOKEN config v101 Deploy 0e66245

Slide 43

Slide 43 text

Attachable Resources

Slide 44

Slide 44 text

config.action_controller.asset_host . = ENV[“CDN_URL”]

Slide 45

Slide 45 text

No content

Slide 46

Slide 46 text

Replace at will

Slide 47

Slide 47 text

Modular upgrades

Slide 48

Slide 48 text

Environments

Slide 49

Slide 49 text

Q. How many people develop on MongoDB, and deploy to PostgreSQL?

Slide 50

Slide 50 text

Q. How many people develop on SQLite3, and deploy to PostgreSQL?

Slide 51

Slide 51 text

Environmental Parity

Slide 52

Slide 52 text

• As close to each other as possible • Same data-store (PostgreSQL 2.7, Memcached 1.4.15) • Same language versions (Python 3.0) • Real/consistent data

Slide 53

Slide 53 text

Fork

Slide 54

Slide 54 text

README

Slide 55

Slide 55 text

• Living document • Standardised Dev environment • Instructions for external dependencies • Instructions for starting processes  • Had a problem?   Put the ﬁx in the README 

Slide 56

Slide 56 text

Scripting dev machines

Slide 57

Slide 57 text

Admining * * may or may not be a word

Slide 58

Slide 58 text

$ bin/python manage.py syncdb $ bundle exec rake db:migrate

Slide 59

Slide 59 text

• Admin tasks should run in an identical environment to the code • Admin tasks should be equally isolated • Admin tasks should be source controlled and repeatable.

Slide 60

Slide 60 text

$ bundle exec ./scripts/ . fix_bad_records.rb

Slide 61

Slide 61 text

Q. Do you have performance problems?

Slide 62

Slide 62 text

“There are no performance problems, only visibility problems”    - Ryan.Smith

Slide 63

Slide 63 text

Application visibility

Slide 64

Slide 64 text

What do we need?

Slide 65

Slide 65 text

Distributed

Slide 66

Slide 66 text

Fault tolerant

Slide 67

Slide 67 text

Streams of data

Slide 68

Slide 68 text

No content

Slide 69

Slide 69 text

Streams of data Streams of data

Slide 70

Slide 70 text

Measure metrics

Slide 71

Slide 71 text

No content

Slide 72

Slide 72 text

No content

Slide 73

Slide 73 text

LogEntries

Slide 74

Slide 74 text

No content

Slide 75

Slide 75 text

Track Errors

Slide 76

Slide 76 text

• Honeybadger • Airbrake • New Relic

Slide 77

Slide 77 text

12 Factors

Slide 78

Slide 78 text

ﬁn.

Slide 79

Slide 79 text

No content

Slide 80

Slide 80 text

Questions? @neilmiddleton https://github.com/bkeepers/dotenv dotenv https://github.com/ddollar/foreman foreman http://12factor.net 12 factor http://heroku.com Heroku