Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Millions of Apps Deployed

Millions of Apps Deployed

Heroku has deployed over a million applications in most web languages and frameworks, see what we've learned in the process!

Richard Schneeman

November 12, 2012
Tweet

More Decks by Richard Schneeman

Other Decks in Programming

Transcript

  1. 2013
    Richard Schneeman
    @schneems
    Millions of
    Apps

    View Slide

  2. Hello

    View Slide

  3. @schneems

    View Slide

  4. Schnauser

    View Slide

  5. View Slide

  6. Ruby
    Me

    View Slide

  7. Hans
    Peter
    Von
    Wolfe (the 5th)

    View Slide

  8. Sextant
    Gem

    View Slide

  9. Wicked


    Gem

    View Slide

  10. Triage
    Code
    codetriage.com

    View Slide

  11. View Slide

  12. Adjunct
    Professor

    View Slide

  13. Good News
    Everyone!
    schneems.com/ut-rails

    View Slide

  14. View Slide

  15. Ruby
    Task
    Force

    View Slide

  16. Ruby
    Task
    Force
    Member

    View Slide

  17. What did
    we learn?

    View Slide

  18. Twelve Factor
    • Can apply to any language
    • Speeds up deployment, makes scaling
    easier & keeps apps clean
    • Developed over direct exposure to the
    deployment of hundreds of thousands of
    apps

    View Slide

  19. 12factor.net
    • Codebase
    • One codebase tracked in revision control, many deploys
    • Dependencies
    • Explicitly declare and isolate dependencies
    • Config
    • Store config in the environment
    • Backing Services
    • Treat backing services as attached resources

    View Slide

  20. 12factor.net
    • Build, Release, Run
    • Strictly separate build and run stages
    • Process
    • Execute the app as one or more stateless processes
    • Port Binding
    • Export services via port binding
    • Concurrency
    • Scale out via the process model

    View Slide

  21. 12factor.net
    • Disposability
    • Maximize robustness with fast startup and graceful shutdown
    • Dev/Prod Parity
    • Keep development, staging, and production as similar as possible
    • Logs
    • Treat logs as event streams
    • Admin Process
    • Run admin/management tasks as one-off processes

    View Slide

  22. Questions?
    @schneems

    View Slide

  23. Rails Gets
    A lot right

    View Slide

  24. Skip the
    numbers,
    focus on the
    takeaways

    View Slide

  25. Close your
    Laptops

    View Slide

  26. Unless you’re
    commenting
    on rails/rails
    issues

    View Slide

  27. Security
    Security
    Security

    View Slide

  28. CSRF

    View Slide

  29. Cross
    Site
    Request
    Forgery

    View Slide

  30. View Slide

  31. config.security_token

    View Slide

  32. the key to
    your digital
    kingdom

    View Slide

  33. Would you
    give your
    Car key
    copies to:

    View Slide

  34. Interns?
    Your

    View Slide

  35. Contractors?
    Your

    View Slide

  36. Your
    Open Source
    Contributors?

    View Slide

  37. If secrets are in
    your source,
    you’ve already
    given them your
    digital kingdom

    View Slide

  38. Protect
    Your
    Code

    View Slide

  39. Secure keys
    in source
    control
    aren’t secure

    View Slide

  40. What’s an
    alternative?

    View Slide

  41. Environment
    Variables

    View Slide

  42. $ rake db:migrate RAILS_ENV=test

    View Slide

  43. $ rake db:migrate RAILS_ENV=test

    View Slide

  44. In
    Development

    View Slide

  45. Use a
    .env file

    View Slide

  46. $ cat .env
    SECRET_TOKEN=d59c2a439f

    View Slide

  47. Use dotenv
    gem

    View Slide

  48. $ irb
    > Dotenv.load
    > puts ENV[‘SECRET_TOKEN’]
    > “d59c2a439f”

    View Slide

  49. Use foreman
    gem

    View Slide

  50. $ foreman run irb
    > puts ENV[‘SECRET_TOKEN’]
    > “d59c2a439f”

    View Slide

  51. In
    Production

    View Slide

  52. $ heroku config:add SECRET_TOKEN=d59c2a439

    View Slide

  53. VPS
    • Use Foreman/Dotenv
    • Add to bashrc
    • Add values directly to command
    $ SECRET_TOKEN=asd123 rails console
    ruby-1.9.3> puts ENV[‘SECRET_TOKEN’]
    ruby-1.9.3> “asd123”

    View Slide

  54. What if...

    View Slide

  55. Someone
    Can read my
    ENV
    Variables?

    View Slide

  56. Then they
    can read
    your files too

    View Slide

  57. Is your app
    secure?

    View Slide

  58. Is your app
    open
    source-
    able?

    View Slide

  59. SECRET_TOKEN
    is just one
    example of
    Config

    View Slide

  60. Define:
    Config

    View Slide

  61. Config
    • What varies between deploys
    • resource strings to databases
    • credentials to S3, twitter, facebook, etc.
    • canonical values, hostname
    • security tokens

    View Slide

  62. Can you deploy
    your app to change
    your S3 Bucket?

    View Slide

  63. Do you NEED to
    deploy your app to
    change your S3
    bucket?

    View Slide

  64. Don’t Do
    This

    View Slide

  65. Environment
    Variables!
    Use

    View Slide

  66. Config

    View Slide

  67. The interface
    between your
    platform and your
    code

    View Slide

  68. But I like
    storing my
    credentials
    in git!

    View Slide

  69. What is
    Config?
    Just because
    it works...

    View Slide

  70. Keep Config
    Seperate
    from Code

    View Slide

  71. Gives us
    Release
    Managment

    View Slide

  72. $ heroku releases
    === issuetriage Releases
    v102 Add SECRET_TOKEN config
    v101 Deploy 0e66245

    View Slide

  73. $ heroku releases:rollback V101

    View Slide

  74. Keep Config
    Seperate
    from Code

    View Slide

  75. Gives us
    Add-ons

    View Slide

  76. View Slide

  77. $ heroku addons:add cdn_sumo

    View Slide

  78. config/production.rb
    config.action_controller.asset_host =
    ENV["CDN_SUMO_URL"]

    View Slide

  79. View Slide

  80. We’re treating
    add-ons as
    attached
    resources

    View Slide

  81. development
    vs.
    production

    View Slide

  82. Using
    Postgres in
    Production?

    View Slide

  83. You
    wouldn’t
    develop in
    mongo

    View Slide

  84. Don’t develop
    on sqlite3 and
    deploy on
    Postgres

    View Slide

  85. Dev/Prod
    Parity

    View Slide

  86. Development
    • As close to production as possible
    • Same data-stores (postgres, memcache)
    • Same language versions (Ruby 1.9)
    • Real/consistent data

    View Slide

  87. Development
    • Real/consistent data
    $ heroku pgbackups:capture

    View Slide

  88. Dev/Dev
    Parity

    View Slide

  89. README.md
    • Living document
    • Standardize dev environment
    • Instructions for external dependencies
    • Instructions for starting processes
    • Problem with dev environment?
    • Put the fix in the readme
    $ brew install memcache
    $ foreman start

    View Slide

  90. Use a
    Readme to
    scale your
    Devs

    View Slide

  91. This is my README
    There are many
    like it,
    but this one is MINE

    View Slide

  92. You could
    use a
    script...

    View Slide

  93. Do you have
    performance
    problems?

    View Slide

  94. WRONG!

    View Slide

  95. there are no
    performance
    problems, only
    visibility
    problems

    - Ryan.Smith

    View Slide

  96. Application
    Visability

    View Slide

  97. What we
    need:

    View Slide

  98. Distributed

    View Slide

  99. Fault
    Tolerant

    View Slide

  100. Low
    Overhead

    View Slide

  101. Streams of
    data

    View Slide

  102. Solution:

    View Slide

  103. View Slide

  104. View Slide

  105. View Slide

  106. ????????

    View Slide

  107. ????????

    View Slide

  108. Introducing

    View Slide

  109. logs

    View Slide

  110. As streams
    of data

    View Slide

  111. Measure
    Metrics:

    View Slide

  112. View Slide

  113. Track
    Errors:

    View Slide

  114. $ heroku logs --tail

    View Slide

  115. What about
    when i’m
    not
    looking?

    View Slide

  116. Papertrail

    View Slide

  117. View Slide

  118. Error
    Notification

    View Slide

  119. Error Notification
    • Record Logs & Errors
    • New Relic (rpm)
    • Airbrake (hoptoad)
    • HoneyBadger

    View Slide

  120. New Relic

    View Slide

  121. Protip:
    Admin
    flavored
    error pages

    View Slide

  122. Error Pages
    • Admins get error
    + Backtrace
    Couldn't find Course with ID=chunkybacon
    Details
    Params: {"action"=>"show", "controller"=>"courses", "id"=>"chunkybacon"}
    Backtrace:
    lib/active_record/relation/finder_methods.rb:304:in `find_one'

    View Slide

  123. Admin Error Pages
    + Backtrace
    Couldn't find Course with ID=chunkybacon
    Details
    Params: {"action"=>"show", "controller"=>"courses", "id"=>"chunkybacon"}
    Backtrace:
    lib/active_record/relation/finder_methods.rb:304:in `find_one'

    View Slide

  124. Questions?
    @schneems
    (for real this time)

    View Slide