full-stack plone deployment with ansible
TRANSCRIPT
Full-Stack Plone Deployment with Ansible
Fulvio Casali & Steve McMahon
Plone Conference 2015
Budapest, Romania
Internet
Web Server
Load Balancer
ZEO Cluster
Proxy Cache
Firewall
What do we mean by full stack?
Internet
Web Server
Load Balancer
ZEO Cluster
Proxy Cache
Firewall
MonitoringLogging
MailTransferAgent
PlatformUpdate
Approaches to full-stack deployment
Containers
Approaches to full-stack deployment
Approaches to full-stack deployment
Orchestration
State Specification
Cloud Server
Orchestration Engine
Approaches to full-stack deployment
Orchestration
State Specification
Cloud Server
Orchestration Engine
Approaches to full-stack deployment
Orchestration
State Specification
Cloud Server
Orchestration Engine
Is your unit of automation a component of the stack, or a full server?
Container or Orchestration?
Server Orchestration Tools
Server Orchestration Tools
Server Orchestration Tools
Client-Server (Mostly)AgentlessA bit simpler
Your mileage may vary…
Simplicity Wins!For our purposes
A Quick Introductionto Ansible
Ansible
✤ Plays — a state specification
✤ Ideally idempotent
✤ Playbooks — Lists of plays
✤ Roles — Reusable lists of plays
YAML:Python’s JSON- List Item One- List Item Two- Key One: Value One Key Two: Value Two- List Item Four
Playbook Sample
- name: Update host apt: upgrade=dist update_cache=yes
- name: Ensure optional packages apt: pkg={{ item }} state=present with_items: additional_packages
Templates & Variable Interpolation
eggs = Plone Pillow{% if plone_additional_eggs %}{% for egg in plone_additional_eggs %} {{ egg }}{% endfor %}{% endif %}
Roles: playbooks for use inside playbooks.Write them yourself;or check them out via Ansible Galaxy
Using roles
roles:... - role: plone.plone_server tags: plone
- role: haproxy when: install_loadbalancer tags: haproxy
- role: varnish when: install_proxycache tags: varnish...
Plone’s Ansible ToolkitTwo parts: the Plone Server Role and the Plone Playbook
PloneServer Role
✤ Only the Zope/Plone Server
✤ In a ZEO configuration
✤ Includes process management via Supervisor
✤ And backup, packing cron jobs
✤ Available on Ansible Galaxy
The Plone Playbook
✤ Incorporates Plone Server Role
✤ Adds:
✤ Load balancer
✤ Proxy cache
✤ Web server / rewrite engine
✤ MTA & Admin
✤ Available via github.com/plone
Choosing your entry point
✤ Choose the Plone Server Role if you wish to pick and choose your stack components. Incorporate it in your own Playbook.
✤ Choose the Plone Playbook if you want the full stack chosen by the Installer Team.
Plone Server Role:Major Options
✤ Canned or custom buildout
✤ With canned buildout:
✤ ZEO client count
✤ Memory profile
✤ Additional eggs
Internet
Nginx
haproxy
ZEO Cluster
Varnish
iptables
MuninLogwatchfail2ban
Postfix
Package Auto
Update
Plone Ansible PlaybookFull stack components
Integration Payoff:Client Restart
✤ Playbook knows its component part and can do things like install a client restart script that:
✤ Restarts all ZEO clients
✤ Removes client from haproxy backend before restart
✤ Fetches homepage of each virtualhost after restart to load Zope object cache
✤ Adds client back to cluster after page fetch
✤ Flushes varnish cache
Playbook: Major OptionsAll Plone Server Role options, plus…
Playbook Options
✤ Skip installs of haproxy, varnish, Nginx, Munin …
✤ Set up virtual hosts / SSL
✤ Tune cache
✤ Server packages, MOTD
✤ Postfix relay
But how to customize those variables in a maintainable way?
Customization StrategiesAll options are configured via variables
Local Customization File
✤ Create a local-configure.yml file with variable settings
✤ Override any setting
✤ Samples provided for several typical configurations
✤ Just copy the sample to local-configure.yml and edit
✤ Pulls will never overwrite local-configure.yml
sample-medium.yml
admin_email:plone_initial_password:timezone: "UTC\n"
muninnode_query_ips: - ip.of.munin.monitor
plone_client_count: 2
plone_zodb_cache_size: 15000
plone_client_max_memory: 750MB
Use this strategy if you don’t like some of the major stack component choices
Alternative Strategy: Fork ItYou fork it, you own it…
TestingReady to test locally via Vagrant.vagrant up does a complete provisioning of a virtualbox using Vagrant’s Ansible provisioner.
State of the Ansible Kit
Every customization variable documented
Solid Documentationdocs.plone.org
Server Platforms SupportedCurrently Ubuntu/Debian and CentOS
Server Platforms … FutureBut we’d like to do more — with your help.
✤ Drinking young chimpanzee, CC BY Tambako The Jaguar Follow, https://www.flickr.com/photos/tambako✤ Chimpanzee with a snack, CC BY NC SA, Dan, https://www.flickr.com/photos/dgermony/✤ Baboons in a row, CC BY Tambako The Jaguar Follow, https://www.flickr.com/photos/tambako✤ Portrait of a surprised baboon, CC BY Tambako The Jaguar Follow, https://www.flickr.com/photos/tambako✤ Chacma Baboon - Papio ursinus, CC BY NC SA, Arno Meintjes, https://www.flickr.com/photos/arnolouise/✤ Orangutan with baby, CC BY ND, Nathan Rupert, https://www.flickr.com/photos/nathaninsandiego/✤ Baby orangutan, CC BY, Daniel Kleeman, https://www.flickr.com/photos/75821270@N00/✤ Bornean Orangutan, CC NY ND, Josh More, https://www.flickr.com/photos/guppiecat/✤ Mother and baby gibbons eating, CC BY Tambako The Jaguar Follow, https://www.flickr.com/photos/tambako✤ Portrait of a gibbon, , CC BY Tambako The Jaguar Follow, https://www.flickr.com/photos/tambako✤ Black and white gibbon, , CC BY Tambako The Jaguar Follow, https://www.flickr.com/photos/tambako✤ Cute squirrel monkey, CC BY Tambako The Jaguar Follow, https://www.flickr.com/photos/tambako✤ squirrel-monkeys-at-drusillas-park-zoo-018, CC BY NC ND, Dean Thorpe, https://www.flickr.com/photos/
aspexdesign/✤ Squirrel monkeys in the grass, CC BY Tambako The Jaguar Follow, https://www.flickr.com/photos/tambako✤ IMG_4986 (do not feed), CC BY NC, Roland Harvey, https://www.flickr.com/photos/rolymo/✤ Cornered, CC BY NC, Esther Simpson, https://www.flickr.com/photos/estherase/✤ Howler Monkey WLD_4487, CC BY NC ND, https://www.flickr.com/photos/guppiecat/✤ Ooooooo, CC BY NC SA, Len Radin, https://www.flickr.com/photos/drurydrama/✤ Say aaahhhh!, CC BY NC ND, Abid Karamali, https://www.flickr.com/photos/abidk/✤ Capuchin Monkeys, Manuel Antonio, Costa Rica, CC BY NC SA, Stephen Johnson, https://www.flickr.com/photos/
stephenjjohnson/✤ Capuchin (tongue), CC BY NC SA, Jim Webber, https://www.flickr.com/photos/wwwebber/
Talk licensed CC BY 2.0
Primate photo licenses and attributions: