PyCon US, 2013Solid PythonApplicationDeployments ForEverybodyHynek Schlawack
View Slide
@hynekhttp://hynek.mehttp://github.com/hynekhttp://www.variomedia.deHi!
?
AHEAD
http://ox.cx/dThe One & Only Link
OPINIONSAHEAD
PaaSSchema Migrations
KeyConcept
easy≠simple
“Simplicity isprerequisitefor reliability.”— Edsger W. Dijkstra
“…and security.”— Every Credible Security Expert Ever
Put effort intomaking yourdeploymentssimple.
Development
No!
“Python 2.4 is notsupported. It came out8 years ago. That's olderthan Youtube. Upgrade.”— Kenneth Reitz
Stable PlatformKey Infrastructure?
But Hyyyn ek…My boss won’tlet me!
Developmenttests!
אל
spottyoutdatedloss of controlSystem Package
Use virtualen$ virtualenv venv; . venv/bin/activate$ pip install pyramid requests$ py.test…$ pip freeze >requirements.txt…$ pip install -r requirements.txt
Pin Dep Hard“Django == 1.4.3”Don’t rely on SemVer!update w/ pip-tools
But Hyyyn ek…SECURITY!
Security‽It’s your Job.
Package It
+ git
+ gitNe!
Fabric
build toolsrepetitivedownloadsWhat’ Wrong‽
.rpm.deb.pkg.tgz
introspectionCM integrationversatileNative Package ‽
1. check out from VCS2. create virtualenv3. install dependencies4. do whatever you want5. package result6. push to your repo
Abuse the Pipelinerun testsLESS/SASS/CoffeeScriptcompressioncache busting
Packaging is hard!But Hyyyn ek…
fpmNope.
But Hyyyn ek…repo server
Rep Servedpkg -itar.bz2
Automate!
from … import Deploymentdef deb(branch=None):deploy = Deployment('whois',build_deps=['libpq-dev',],run_deps=['libpq5',])deploy.prepare_app(branch=branch)deploy.build_deb()
Lazy?
There’ more thanone way t d it…
!ل
ConfigurationManagementdeclarativedescribe the goalCM choses the path
Solutionprise-oriented features toto compare the twopet OpenourcePuppetEnterprise✔✔ ✔
prise-oriented features toto compare the twopet OpenourcePuppetEnterprise✔✔ ✔Not easy at all.Solution
Why anyway?safety/securityreproducible“later”
safety/securityreproducible“later”Why anyway?
Kate HeddlestonThis Room:2:35 p.m.–3:05 p.m.Chef: Automatingweb applicationinfrastructure
Test It in Staging
r t
r tNein!
Just don’t.
Privileged Portdrop privilegesauthbind
But Hyyyn ek…Need dat POWER!
Single PurposeWorkeceleryrqzerorpcpb/AMP
Be Paranoid/bin/falseiptablesfilesocketsREVOKEALLSSLfail2ban
/bin/falseiptablesfilesocketsREVOKEALLSSLfail2banBe Paranoid
$ ./manage.py runserver ▌[0] 0:bash*
$ ./manage.py runserver ▌[0] 0:bash*ᔒ༗!
It’ Easy!upstartsystemdsupervisordcircus…
Example: upstart$ cat /etc/init/yourapp.confstart on static-network-upstop on deconfiguring-networkingrespawnchdir /path/to/yourappsetuid yourappexec /path/to/gunicorn_django settings.py$ start yourapp
+ mod_wsgi
+ mod_wsgiНет!
DisclaimeUsing Apache isperfectly fine.
Iff you decideconsciouslyfor it.Disclaime
mod_wsgi
mod_wsgi ??
+gor
+gorBetter separationof Concerns.
Easy t Set U : gunicorn$ gunicorn_django settings.py$ gunicorn_paster settings.ini
$ cat settings.py…INSTALLED_APPS = (…"gunicorn",)…$ manage.py run_gunicornEasy t Set U : gunicorn
Easy t Set U : nginxlocation / {proxy_pass http://127.0.0.1:5000;}location /static/ {root /your/app/public/;}
Graham DumpletonThis Room:3:15 p.m.–3:45 p.m.Making Apache suck less forhosting Python webapplications.
Deploy!
Ro back!
Monito
Measure
Measurestatsdgraphitescales
got 1
FINhttp://ox.cx/d@hynek http://hynek.mehttp://vrmd.de
pyconslides
ammeep
jennybc
keathley
carmenintech
moore
iamctodd
lara
phodgson
robhawkes
mthomps
sachag
samlambert