Solid Python Deployments for Everybody by Hynek Schlawack

Transcript

1. PyCon US, 2013 Solid Python Application Deployments For Everybody Hynek

   Schlawack
2. None

3. @hynek http://hynek.me http://github.com/hynek http://www.variomedia.de Hi!

4. ?

5. AHEAD

6. http://ox.cx/d The One & Only Link

7. OPINIONS AHEAD

8. PaaS Schema Migrations

9. None

10. Key Concept

11. easy ≠ simple

12. None

13. “Simplicity is prerequisite for reliability.” — Edsger W. Dijkstra

14. “…and security.” — Every Credible Security Expert Ever

15. Put effort into making your deployments simple.

16. None

17. Development

18. Development

19. None

20. No!

21. None

22. “Python 2.4 is not supported. It came out 8 years

    ago. That's older than Youtube. Upgrade.” — Kenneth Reitz

23. Stable Platform Key Infrastructure?

24. But Hyyyn ek… My boss won’t let me!

25. Development tests!

26. None

27. אל

28. spotty outdated loss of control System Package

29. spotty outdated loss of control System Package

30. spotty outdated loss of control System Package

31. None

32. Use virtualen $ virtualenv venv; . venv/bin/activate $ pip install

    pyramid requests $ py.test … $ pip freeze >requirements.txt … $ pip install -r requirements.txt

33. Pin Dep Hard “Django == 1.4.3” Don’t rely on SemVer!

    update w/ pip-tools

34. But Hyyyn ek… SECURITY!

35. Security‽ It’s your Job.

36. Package It

37. + git

38. + git Ne!

39. Fabric

40. build tools repetitive downloads What’ Wrong‽

41. None

42. .rpm .deb .pkg.tgz

43. introspection CM integration versatile Native Package ‽

44. 1. check out from VCS 2. create virtualenv 3. install

    dependencies 4. do whatever you want 5. package result 6. push to your repo

45. Abuse the Pipeline run tests LESS/SASS/CoffeeScript compression cache busting

46. Packaging is hard! But Hyyyn ek…

47. fpm Nope.

48. But Hyyyn ek… repo server

49. Rep Serve dpkg -i tar.bz2

50. Automate!

51. from … import Deployment def deb(branch=None): deploy = Deployment( 'whois',

    build_deps=['libpq-dev',], run_deps=['libpq5',]) deploy.prepare_app( branch=branch) deploy.build_deb()

52. Lazy?

53. There’ more than one way t d it…

54. None

55. !ل

56. Configuration Management declarative describe the goal CM choses the path

57. Solution prise-oriented features to to compare the two pet Open

    ource Puppet Enterprise ✔ ✔ ✔

58. prise-oriented features to to compare the two pet Open ource

    Puppet Enterprise ✔ ✔ ✔ Not easy at all. Solution

59. Why anyway? safety/security reproducible “later”

60. safety/security reproducible “later” Why anyway?

61. safety/security reproducible “later” Why anyway?

62. Kate Heddleston This Room: 2:35 p.m.–3:05 p.m. Chef: Automating web

    application infrastructure

63. Test It in Staging

64. r t

65. r t Nein!

66. Just don’t.

67. Privileged Port drop privileges authbind

68. But Hyyyn ek… Need dat POWER!

69. Single Purpose Worke celery rq zerorpc pb/AMP

70. Be Paranoid /bin/false iptables file sockets REVOKE ALL SSL fail2ban

71. /bin/false iptables file sockets REVOKE ALL SSL fail2ban Be Paranoid

72. /bin/false iptables file sockets REVOKE ALL SSL fail2ban Be Paranoid

73. /bin/false iptables file sockets REVOKE ALL SSL fail2ban Be Paranoid

74. /bin/false iptables file sockets REVOKE ALL SSL fail2ban Be Paranoid

75. /bin/false iptables file sockets REVOKE ALL SSL fail2ban Be Paranoid

76. $ ./manage.py runserver ▌ [0] 0:bash*

77. None

78. $ ./manage.py runserver ▌ [0] 0:bash* ᔒ༗!

79. It’ Easy! upstart systemd supervisord circus …

80. It’ Easy! upstart systemd supervisord circus …

81. Example: upstart $ cat /etc/init/yourapp.conf start on static-network-up stop on

    deconfiguring-networking respawn chdir /path/to/yourapp setuid yourapp exec /path/to/gunicorn_django settings.py $ start yourapp

82. + mod_wsgi

83. + mod_wsgi Нет!

84. Disclaime Using Apache is perfectly fine.

85. Iff you decide consciously for it. Disclaime

86. mod_wsgi

87. mod_wsgi ? ?

88. + g or

89. + g or Better separation of Concerns.

90. Easy t Set U : gunicorn $ gunicorn_django settings.py $

    gunicorn_paster settings.ini

91. $ cat settings.py … INSTALLED_APPS = ( … "gunicorn", )

    … $ manage.py run_gunicorn Easy t Set U : gunicorn

92. Easy t Set U : nginx location / { proxy_pass

    http://127.0.0.1:5000; } location /static/ { root /your/app/public/; }

93. Graham Dumpleton This Room: 3:15 p.m.–3:45 p.m. Making Apache suck

    less for hosting Python web applications.

94. Deploy!

95. Ro back!

96. Monito

97. Monito

98. Measure

99. Measure statsd graphite scales

100. got 1

101. FIN http://ox.cx/d @hynek http://hynek.me http://vrmd.de