Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Solid Python Deployments for Everybody by Hynek...
Search
PyCon 2013
March 16, 2013
14
1.1k
Solid Python Deployments for Everybody by Hynek Schlawack
PyCon 2013
March 16, 2013
Tweet
Share
More Decks by PyCon 2013
See All by PyCon 2013
Bayesian statistics made simple by Allen Downey
pyconslides
32
6.2k
Python for Humans
pyconslides
40
6.6k
Contribute with me! Getting started with the tools of free software development by Jessica McKellar
pyconslides
11
2k
ApplePy: An Apple ][ emulator in Python by James Tauber
pyconslides
3
1.5k
Use curses, don't swear by Sean Zicari
pyconslides
2
1.4k
Namespaces in Python by Eric Snow
pyconslides
9
1.8k
Internationalization and Localization Done Right by Ruchi Varshney
pyconslides
9
1.1k
"Good Enough" is good enough! by Alex Martelli
pyconslides
13
2.5k
Plover: Thought to Text at 240 WPM by Mirabai Knight
pyconslides
1
1.2k
Featured
See All Featured
Writing Fast Ruby
sferik
627
61k
Become a Pro
speakerdeck
PRO
25
5k
Statistics for Hackers
jakevdp
796
220k
Code Review Best Practice
trishagee
64
17k
How GitHub (no longer) Works
holman
310
140k
Building Your Own Lightsaber
phodgson
103
6.1k
Unsuck your backbone
ammeep
668
57k
Imperfection Machines: The Place of Print at Facebook
scottboms
265
13k
A designer walks into a library…
pauljervisheath
204
24k
Building a Scalable Design System with Sketch
lauravandoore
459
33k
What's new in Ruby 2.0
geeforr
343
31k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
250
21k
Transcript
PyCon US, 2013 Solid Python Application Deployments For Everybody Hynek
Schlawack
None
@hynek http://hynek.me http://github.com/hynek http://www.variomedia.de Hi!
?
AHEAD
http://ox.cx/d The One & Only Link
OPINIONS AHEAD
PaaS Schema Migrations
None
Key Concept
easy ≠ simple
None
“Simplicity is prerequisite for reliability.” — Edsger W. Dijkstra
“…and security.” — Every Credible Security Expert Ever
Put effort into making your deployments simple.
None
Development
Development
None
No!
None
“Python 2.4 is not supported. It came out 8 years
ago. That's older than Youtube. Upgrade.” — Kenneth Reitz
Stable Platform Key Infrastructure?
But Hyyyn ek… My boss won’t let me!
Development tests!
None
אל
spotty outdated loss of control System Package
spotty outdated loss of control System Package
spotty outdated loss of control System Package
None
Use virtualen $ virtualenv venv; . venv/bin/activate $ pip install
pyramid requests $ py.test … $ pip freeze >requirements.txt … $ pip install -r requirements.txt
Pin Dep Hard “Django == 1.4.3” Don’t rely on SemVer!
update w/ pip-tools
But Hyyyn ek… SECURITY!
Security‽ It’s your Job.
Package It
+ git
+ git Ne!
Fabric
build tools repetitive downloads What’ Wrong‽
None
.rpm .deb .pkg.tgz
introspection CM integration versatile Native Package ‽
1. check out from VCS 2. create virtualenv 3. install
dependencies 4. do whatever you want 5. package result 6. push to your repo
Abuse the Pipeline run tests LESS/SASS/CoffeeScript compression cache busting
Packaging is hard! But Hyyyn ek…
fpm Nope.
But Hyyyn ek… repo server
Rep Serve dpkg -i tar.bz2
Automate!
from … import Deployment def deb(branch=None): deploy = Deployment( 'whois',
build_deps=['libpq-dev',], run_deps=['libpq5',]) deploy.prepare_app( branch=branch) deploy.build_deb()
Lazy?
There’ more than one way t d it…
None
!ل
Configuration Management declarative describe the goal CM choses the path
Solution prise-oriented features to to compare the two pet Open
ource Puppet Enterprise ✔ ✔ ✔
prise-oriented features to to compare the two pet Open ource
Puppet Enterprise ✔ ✔ ✔ Not easy at all. Solution
Why anyway? safety/security reproducible “later”
safety/security reproducible “later” Why anyway?
safety/security reproducible “later” Why anyway?
Kate Heddleston This Room: 2:35 p.m.–3:05 p.m. Chef: Automating web
application infrastructure
Test It in Staging
r t
r t Nein!
Just don’t.
Privileged Port drop privileges authbind
But Hyyyn ek… Need dat POWER!
Single Purpose Worke celery rq zerorpc pb/AMP
Be Paranoid /bin/false iptables file sockets REVOKE ALL SSL fail2ban
/bin/false iptables file sockets REVOKE ALL SSL fail2ban Be Paranoid
/bin/false iptables file sockets REVOKE ALL SSL fail2ban Be Paranoid
/bin/false iptables file sockets REVOKE ALL SSL fail2ban Be Paranoid
/bin/false iptables file sockets REVOKE ALL SSL fail2ban Be Paranoid
/bin/false iptables file sockets REVOKE ALL SSL fail2ban Be Paranoid
$ ./manage.py runserver ▌ [0] 0:bash*
None
$ ./manage.py runserver ▌ [0] 0:bash* ᔒ༗!
It’ Easy! upstart systemd supervisord circus …
It’ Easy! upstart systemd supervisord circus …
Example: upstart $ cat /etc/init/yourapp.conf start on static-network-up stop on
deconfiguring-networking respawn chdir /path/to/yourapp setuid yourapp exec /path/to/gunicorn_django settings.py $ start yourapp
+ mod_wsgi
+ mod_wsgi Нет!
Disclaime Using Apache is perfectly fine.
Iff you decide consciously for it. Disclaime
mod_wsgi
mod_wsgi ? ?
+ g or
+ g or Better separation of Concerns.
Easy t Set U : gunicorn $ gunicorn_django settings.py $
gunicorn_paster settings.ini
$ cat settings.py … INSTALLED_APPS = ( … "gunicorn", )
… $ manage.py run_gunicorn Easy t Set U : gunicorn
Easy t Set U : nginx location / { proxy_pass
http://127.0.0.1:5000; } location /static/ { root /your/app/public/; }
Graham Dumpleton This Room: 3:15 p.m.–3:45 p.m. Making Apache suck
less for hosting Python web applications.
Deploy!
Ro back!
Monito
Monito
Measure
Measure statsd graphite scales
got 1
FIN http://ox.cx/d @hynek http://hynek.me http://vrmd.de