Mag rails 2011 web application deployment for small teams

Understanding and designing web application deployment for small

teams.

Lee [email protected]

github.com/leehambley

twitter.com/codebeaker

Sunday, October 16, 11

mailto:[email protected]

mailto:[email protected]

WHY DO WE DEPLOY?


WHY DO WE DEPLOY?• Fundamentally, because we’ve done

some work, and we want to share it




• firstly with stakeholders, second with users





• because we’ve fixed bugs and need to make the improved code available






• because the business interest needs new features







• because we need to test something privately in a production-like environment








• because we’re professionals









• because interpreters like to load files into memory for performance (& other good reasons)










• because we like to think about software in “versions”











• because we prefer to be available to our customers












• because we prefer to be accountable to the business people













• because we have things like migrations, seed tasks, background workers and all the rest














• because there’s usually more than one machine














• because there’s usually more than one machine

• because very often there’s more than one moving piece has changed. (code & database, code & configuration, etc)


WHAT SHOULD WE DEPLOY?

• How do we decide if a project really needs deployment?

• How do we decide what to deploy?

•Where does infrastructure end, and the application begin?

• How can the what change depending on the application?

•What don’t we deploy?

• Uploaded assets, the database, the system packages, the Ruby Gems, your own log files.


INFRASTRUCTURE VS. APPLICATION

rubygems.org

github.com

nginx virtual hosts configuration

scheduled jobs

log files

SSH keys

SSL Certificates

Infrastructure Application

operating system

application code

database configuration

cache configuration

logrotate configuration


BENCHMARKgadget-showdown.co.ukComparing the latest gadgets in ultimate-fighting style reviews, ending with a “Will it blend?” teardown. Request your own review of any two devices, and we’ll get right on it!

•User registration•User comments• Requests• RSS feed•Notifications•Daily posts•Non-technical writing team


BENCHMARKgadget-showdown.co.ukComparing the latest gadgets in ultimate-fighting style reviews, ending with a “Will it blend?” teardown. Request your own review of any two devices, and we’ll get right on it! PostgreSQL

Memcache




Memcache




Memcache

MRI v1.8.7




Memcache

MRI v1.8.7

Unicorn




Memcache

MRI v1.8.7

Unicorn



WHO?Our hypothetical, inexperienced team.

Unlike us, they are not misunderstood masters of the forbidden and subtle arts. They’re not Jedi top-gun warlocks, like we are either, they’re just regular job people, and they’re never going to win a Nobel prize for their deployment efforts, and further more, they probably don’t even care.







• Three person development team• No dedicated “ops”• No deployment experience• No Unix experience




• Three person development team• No dedicated “ops”• No deployment experience• No Unix experience

• They want fast, reliable deployments• They don’t want phone calls at 3am because the

servers are choking• They don’t want to have to learn about unix to do

their job• They want it to be impossible to break something

accidentally• They don’t want to have to deal with passwords• They expect things to “Just Work” because they’re

hipster macbook using nancy boys.


WHERE DO WE DEPLOY?

✝ That’s not a condonation, just an observation


WHERE DO WE DEPLOY?

• Almost certainly to VPS



WHERE DO WE DEPLOY?


• Almost certainly, not to EC2(that is, at least not in a way that makes the most of the elastic infrastructure)



WHERE DO WE DEPLOY?



• Almost certainly to Ubuntu ✝ (because it has a convenient package manager)



WHERE DO WE DEPLOY?




• Probably to a VPS provider in the USA



WHERE DO WE DEPLOY?





• Probably to a 32 bit operating system



WHERE DO WE DEPLOY?






• Probably to more than one machine



WHERE DO WE DEPLOY?







• Probably using something from AWS, because it’s hip



WHERE DO WE DEPLOY?







• Probably using something from AWS, because it’s hip

• Probably not using a CDN



A SHORTLIST OF REQUIREMENTS FOR A SANE DEPLOYMENT

SpeedySecureAccessibleTransactionalAccountableParallellHookable



SpeedySecureAccessibleTransactionalAccountableParallelHookable




•Fast starting•Fail fast•Using a fast protocol (SSH, with keys)•Not wasting bandwidth or capacity•Not relying on passwords




•Using a secure protocol•Using a secure, trustworthy source•Secure from workstation to server•Secure deployment result by design•No shared sign-ons

•Robust•Resilient

•No .rc~ files




•Any member of the dev’ team can deploy•They can do it without using root (or other) passwords•Secure from workstation to server•Secure deployment result by design




•When a deploy fails on one machine, we fail it across the board•We know when a deploy starts, is in progress, and ends•We can inform our customers that there’s a deploy in progress,

without falling back to a maintenance page.•We can recover from errors.




•We know who deployed what, and when•We know exactly what happened during the deployment•We know which version of the code is in production

•We know how many servers are online




•We need to operate on our machines in parallel•Except when we don’t•Sequential parallel deployment




•We need to know how it worked out•We often need to share that information•with business people•with automated systems (issue tracker, status board, monitoring)


THAT’S A LONG LIST


AND NOBODY DOES EVERYTHING


SO WHERE DO WE BEGIN?


$ CAP PRODUCTION DEPLOY


# > touch /tmp/some-file

$ > touch /tmp/some-file


$ > su someotheruser

$ > su - someotheruser


The Dreyfus Model


UNIX 101


USERS AND GROUPS


$ CAP PRODUCTION PERMISSIONS:FIX


$ CAP PRODUCTION PERMISSIONS:FIX

desc “fix permissions”task :fix, :roles => [:web, :app] do

run “chown nobody:apache /var/www/otb/“run “chmod -R 666 #{current_release}”run “chmod -R 777 #{current_release}/bin/”

end



$ whoami


$ whoami codebeaker


$ whoami codebeaker

$ groups


$ whoami codebeaker

$ groups codebeaker staff deploy sudo


$ whoami codebeaker


$ echo $PATH


$ whoami codebeaker


$ echo $PATH /usr/bin:/bin:/usr/sbin



$ id


$ iduid=501(codebeaker) gid=20(staff) groups=20(staff)12(everyone),33(_appstore),80(admin),204(_developer)



$ id


$ iduid=1000(codebeaker) gid=1000(codebeaker) groups=60(staff)90(deploy),50(sudo)



$ touch example



$ touch example

$ newgrp -l deploy


I/O


PROCESSES


PERMISSIONS


37SIGNALS


SHELLS, LOGIN AND NON-LOGIN


ENVIRONMENTAL VARIABLES


SSH


SOURCES OF TRUTH


DISTRIBUTION OF RESOURCES


HOW?There isn’t any software on the planet for doing this correctly.


HELP ME WRITE IT…


I’M @CODEBEAKERThanks for your time and attention, any questions?


Technology

Mag rails 2011 web application deployment for small teams