Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Containerless Django

Containerless Django

Deploying Django without Docker

Peter Baumgartner

October 16, 2018
Tweet

More Decks by Peter Baumgartner

Other Decks in Programming

Transcript

  1. “ —Mike Perham
 https://www.mikeperham.com/2016/02/09/kill-your-dependencies/ No code runs faster than no

    code.
 No code has fewer bugs than no code.
 No code uses less memory than no code.
 No code is easier to understand than no code. “
  2. @ipmb | #djangocon Deployments sucked Dependencies would shift underneath you

    Build tools and dev packages needed to be installed Multiple languages, multiple builds (Python & Node)
  3. @ipmb | #djangocon Python isn’t C or Go Requires a

    VM Dynamic linking Packaging isn’t straightforward
  4. @ipmb | #djangocon We already are! Lock files via pipenv

    or poetry Pre-compiled wheels (Pillow, psycopg2-binary, etc.) Still lots of holes - Assembling virtualenvs - Static files - Production webserver
  5. @ipmb | #djangocon ZIP applications? Part of Python since 2.6

    PEP-441 improves support in 3.5 Create a ZIP archive of your project. Run it with Python. …but no mechanism for handling dependencies
  6. @ipmb | #djangocon Enter shiv! A project from LinkedIn Zipapps

    with dependencies A single artifact you can build → test → deploy ./myproject.pyz runserver
  7. @ipmb | #djangocon Include templates & static files Create a

    MANIFEST.in
 
 graft your_project/collected_static
 graft your_project/templates
  8. @ipmb | #djangocon Configuration Same zipapp, but different settings per

    environment Options: - Multiple settings files and DJANGO_SETTINGS_MODULE - Environment variables - ⭐ https://pypi.org/project/goodconf/
  9. @ipmb | #djangocon The zipapp pipeline Use CI (Travis, CircleCI,

    Bitbucket, etc.) to: - Build - Test - Push Deploy = Download and run
  10. @ipmb | #djangocon Systemd is awesome ProtectSystem=strict
 ProtectHome=true DynamicUser=true CapabilityBoundingSet=~CAP_SYS_ADMIN

    AppArmorProfile=srv.yourproject.pyz ProtectKernelTunables=true
 ProtectControlGroups=true
 ProtectKernelModules=true
 PrivateDevices=true
 PrivateTmp=true
 SystemCallArchitectures=native
  11. @ipmb | #djangocon Isolation You still need Python installed globally

    Easy to install multiple Pythons on one server Docker has better isolation, but do you need it?
  12. @ipmb | #djangocon What about parity? Zipapp is the same

    from CI to all deployed environments Use Docker to mimic deployment envionrment locally (or don't)
  13. @ipmb | #djangocon Pros Simpler. No Docker on the server.

    No registry.
 ~1M fewer lines of code to depend on. Smaller artifacts Faster deployments It's just Python
  14. @ipmb | #djangocon Cons Not as isolated as true containers

    Requires Python runtime on the server Python-specific Not cross-platform compatible (if you have packages with C extensions)
  15. @ipmb | #djangocon Sweet spot for zipapps You are deploying

    primarily Python services You have outgrown PaaS (Heroku, PythonAnywhere, Divio, etc.) You have fewer than 50 services to maintain