Millions of Apps Deployed

Transcript

1. 2013 Richard Schneeman @schneems Millions of Apps

2. Hello

3. @schneems

4. Schnauser

5. None

6. Ruby Me

7. Hans Peter Von Wolfe (the 5th)

8. Sextant Gem

9. Wicked ‘ ‘ Gem

10. Triage Code codetriage.com

11. None

12. Adjunct Professor

13. Good News Everyone! schneems.com/ut-rails

14. None

15. Ruby Task Force

16. Ruby Task Force Member

17. What did we learn?

18. Twelve Factor • Can apply to any language • Speeds

    up deployment, makes scaling easier & keeps apps clean • Developed over direct exposure to the deployment of hundreds of thousands of apps

19. 12factor.net • Codebase • One codebase tracked in revision control,

    many deploys • Dependencies • Explicitly declare and isolate dependencies • Config • Store config in the environment • Backing Services • Treat backing services as attached resources

20. 12factor.net • Build, Release, Run • Strictly separate build and

    run stages • Process • Execute the app as one or more stateless processes • Port Binding • Export services via port binding • Concurrency • Scale out via the process model

21. 12factor.net • Disposability • Maximize robustness with fast startup and

    graceful shutdown • Dev/Prod Parity • Keep development, staging, and production as similar as possible • Logs • Treat logs as event streams • Admin Process • Run admin/management tasks as one-off processes

22. Questions? @schneems

23. Rails Gets A lot right

24. Skip the numbers, focus on the takeaways

25. Close your Laptops

26. Unless you’re commenting on rails/rails issues

27. Security Security Security

28. CSRF

29. Cross Site Request Forgery

30. None

31. config.security_token

32. the key to your digital kingdom

33. Would you give your Car key copies to:

34. Interns? Your

35. Contractors? Your

36. Your Open Source Contributors?

37. If secrets are in your source, you’ve already given them

    your digital kingdom

38. Protect Your Code

39. Secure keys in source control aren’t secure

40. What’s an alternative?

41. Environment Variables

42. $ rake db:migrate RAILS_ENV=test

43. $ rake db:migrate RAILS_ENV=test

44. In Development

45. Use a .env file

46. $ cat .env SECRET_TOKEN=d59c2a439f

47. Use dotenv gem

48. $ irb > Dotenv.load > puts ENV[‘SECRET_TOKEN’] > “d59c2a439f”

49. Use foreman gem

50. $ foreman run irb > puts ENV[‘SECRET_TOKEN’] > “d59c2a439f”

51. In Production

52. $ heroku config:add SECRET_TOKEN=d59c2a439

53. VPS • Use Foreman/Dotenv • Add to bashrc • Add

    values directly to command $ SECRET_TOKEN=asd123 rails console ruby-1.9.3> puts ENV[‘SECRET_TOKEN’] ruby-1.9.3> “asd123”

54. What if...

55. Someone Can read my ENV Variables?

56. Then they can read your files too

57. Is your app secure?

58. Is your app open source- able?

59. SECRET_TOKEN is just one example of Config

60. Define: Config

61. Config • What varies between deploys • resource strings to

    databases • credentials to S3, twitter, facebook, etc. • canonical values, hostname • security tokens

62. Can you deploy your app to change your S3 Bucket?

63. Do you NEED to deploy your app to change your

    S3 bucket?

64. Don’t Do This

65. Environment Variables! Use

66. Config

67. The interface between your platform and your code

68. But I like storing my credentials in git!

69. What is Config? Just because it works...

70. Keep Config Seperate from Code

71. Gives us Release Managment

72. $ heroku releases === issuetriage Releases v102 Add SECRET_TOKEN config

    v101 Deploy 0e66245

73. $ heroku releases:rollback V101

74. Keep Config Seperate from Code

75. Gives us Add-ons

76. None

77. $ heroku addons:add cdn_sumo

78. config/production.rb config.action_controller.asset_host = ENV["CDN_SUMO_URL"]

79. None

80. We’re treating add-ons as attached resources

81. development vs. production

82. Using Postgres in Production?

83. You wouldn’t develop in mongo

84. Don’t develop on sqlite3 and deploy on Postgres

85. Dev/Prod Parity

86. Development • As close to production as possible • Same

    data-stores (postgres, memcache) • Same language versions (Ruby 1.9) • Real/consistent data

87. Development • Real/consistent data $ heroku pgbackups:capture

88. Dev/Dev Parity

89. README.md • Living document • Standardize dev environment • Instructions

    for external dependencies • Instructions for starting processes • Problem with dev environment? • Put the fix in the readme $ brew install memcache $ foreman start

90. Use a Readme to scale your Devs

91. This is my README There are many like it, but

    this one is MINE

92. You could use a script...

93. Do you have performance problems?

94. WRONG!

95. there are no performance problems, only visibility problems “ -

    Ryan.Smith

96. Application Visability

97. What we need:

98. Distributed

99. Fault Tolerant

100. Low Overhead

101. Streams of data

102. Solution:

103. None
104. None
105. None

106. ????????

107. ????????

108. Introducing

109. logs

110. As streams of data

111. Measure Metrics:

112. None

113. Track Errors:

114. $ heroku logs --tail

115. What about when i’m not looking?

116. Papertrail

117. None

118. Error Notification

119. Error Notification • Record Logs & Errors • New Relic

     (rpm) • Airbrake (hoptoad) • HoneyBadger

120. New Relic

121. Protip: Admin flavored error pages

122. Error Pages • Admins get error + Backtrace Couldn't find

     Course with ID=chunkybacon Details Params: {"action"=>"show", "controller"=>"courses", "id"=>"chunkybacon"} Backtrace: lib/active_record/relation/finder_methods.rb:304:in `find_one'

123. Admin Error Pages + Backtrace Couldn't find Course with ID=chunkybacon

     Details Params: {"action"=>"show", "controller"=>"courses", "id"=>"chunkybacon"} Backtrace: lib/active_record/relation/finder_methods.rb:304:in `find_one'

124. Questions? @schneems (for real this time)