full-stack plone deployment with ansible
TRANSCRIPT
![Page 1: Full-Stack Plone Deployment with Ansible](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f13dd01a28ab6f5d8b4603/html5/thumbnails/1.jpg)
Full-Stack Plone Deployment with Ansible
Fulvio Casali & Steve McMahon
Plone Conference 2015
Budapest, Romania
![Page 2: Full-Stack Plone Deployment with Ansible](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f13dd01a28ab6f5d8b4603/html5/thumbnails/2.jpg)
Internet
Web Server
Load Balancer
ZEO Cluster
Proxy Cache
Firewall
What do we mean by full stack?
![Page 3: Full-Stack Plone Deployment with Ansible](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f13dd01a28ab6f5d8b4603/html5/thumbnails/3.jpg)
Internet
Web Server
Load Balancer
ZEO Cluster
Proxy Cache
Firewall
MonitoringLogging
MailTransferAgent
PlatformUpdate
![Page 4: Full-Stack Plone Deployment with Ansible](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f13dd01a28ab6f5d8b4603/html5/thumbnails/4.jpg)
Approaches to full-stack deployment
Containers
![Page 5: Full-Stack Plone Deployment with Ansible](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f13dd01a28ab6f5d8b4603/html5/thumbnails/5.jpg)
Approaches to full-stack deployment
![Page 6: Full-Stack Plone Deployment with Ansible](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f13dd01a28ab6f5d8b4603/html5/thumbnails/6.jpg)
Approaches to full-stack deployment
Orchestration
State Specification
Cloud Server
Orchestration Engine
![Page 7: Full-Stack Plone Deployment with Ansible](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f13dd01a28ab6f5d8b4603/html5/thumbnails/7.jpg)
Approaches to full-stack deployment
Orchestration
State Specification
Cloud Server
Orchestration Engine
![Page 8: Full-Stack Plone Deployment with Ansible](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f13dd01a28ab6f5d8b4603/html5/thumbnails/8.jpg)
Approaches to full-stack deployment
Orchestration
State Specification
Cloud Server
Orchestration Engine
![Page 9: Full-Stack Plone Deployment with Ansible](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f13dd01a28ab6f5d8b4603/html5/thumbnails/9.jpg)
Is your unit of automation a component of the stack, or a full server?
Container or Orchestration?
![Page 10: Full-Stack Plone Deployment with Ansible](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f13dd01a28ab6f5d8b4603/html5/thumbnails/10.jpg)
Server Orchestration Tools
![Page 11: Full-Stack Plone Deployment with Ansible](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f13dd01a28ab6f5d8b4603/html5/thumbnails/11.jpg)
Server Orchestration Tools
![Page 12: Full-Stack Plone Deployment with Ansible](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f13dd01a28ab6f5d8b4603/html5/thumbnails/12.jpg)
Server Orchestration Tools
Client-Server (Mostly)AgentlessA bit simpler
![Page 13: Full-Stack Plone Deployment with Ansible](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f13dd01a28ab6f5d8b4603/html5/thumbnails/13.jpg)
Your mileage may vary…
Simplicity Wins!For our purposes
![Page 14: Full-Stack Plone Deployment with Ansible](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f13dd01a28ab6f5d8b4603/html5/thumbnails/14.jpg)
A Quick Introductionto Ansible
![Page 15: Full-Stack Plone Deployment with Ansible](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f13dd01a28ab6f5d8b4603/html5/thumbnails/15.jpg)
Ansible
✤ Plays — a state specification
✤ Ideally idempotent
✤ Playbooks — Lists of plays
✤ Roles — Reusable lists of plays
![Page 16: Full-Stack Plone Deployment with Ansible](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f13dd01a28ab6f5d8b4603/html5/thumbnails/16.jpg)
YAML:Python’s JSON- List Item One- List Item Two- Key One: Value One Key Two: Value Two- List Item Four
![Page 17: Full-Stack Plone Deployment with Ansible](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f13dd01a28ab6f5d8b4603/html5/thumbnails/17.jpg)
Playbook Sample
- name: Update host apt: upgrade=dist update_cache=yes
- name: Ensure optional packages apt: pkg={{ item }} state=present with_items: additional_packages
![Page 18: Full-Stack Plone Deployment with Ansible](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f13dd01a28ab6f5d8b4603/html5/thumbnails/18.jpg)
Templates & Variable Interpolation
eggs = Plone Pillow{% if plone_additional_eggs %}{% for egg in plone_additional_eggs %} {{ egg }}{% endfor %}{% endif %}
![Page 19: Full-Stack Plone Deployment with Ansible](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f13dd01a28ab6f5d8b4603/html5/thumbnails/19.jpg)
Roles: playbooks for use inside playbooks.Write them yourself;or check them out via Ansible Galaxy
![Page 20: Full-Stack Plone Deployment with Ansible](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f13dd01a28ab6f5d8b4603/html5/thumbnails/20.jpg)
Using roles
roles:... - role: plone.plone_server tags: plone
- role: haproxy when: install_loadbalancer tags: haproxy
- role: varnish when: install_proxycache tags: varnish...
![Page 21: Full-Stack Plone Deployment with Ansible](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f13dd01a28ab6f5d8b4603/html5/thumbnails/21.jpg)
Plone’s Ansible ToolkitTwo parts: the Plone Server Role and the Plone Playbook
![Page 22: Full-Stack Plone Deployment with Ansible](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f13dd01a28ab6f5d8b4603/html5/thumbnails/22.jpg)
PloneServer Role
✤ Only the Zope/Plone Server
✤ In a ZEO configuration
✤ Includes process management via Supervisor
✤ And backup, packing cron jobs
✤ Available on Ansible Galaxy
![Page 23: Full-Stack Plone Deployment with Ansible](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f13dd01a28ab6f5d8b4603/html5/thumbnails/23.jpg)
The Plone Playbook
✤ Incorporates Plone Server Role
✤ Adds:
✤ Load balancer
✤ Proxy cache
✤ Web server / rewrite engine
✤ MTA & Admin
✤ Available via github.com/plone
![Page 24: Full-Stack Plone Deployment with Ansible](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f13dd01a28ab6f5d8b4603/html5/thumbnails/24.jpg)
Choosing your entry point
✤ Choose the Plone Server Role if you wish to pick and choose your stack components. Incorporate it in your own Playbook.
✤ Choose the Plone Playbook if you want the full stack chosen by the Installer Team.
![Page 25: Full-Stack Plone Deployment with Ansible](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f13dd01a28ab6f5d8b4603/html5/thumbnails/25.jpg)
Plone Server Role:Major Options
✤ Canned or custom buildout
✤ With canned buildout:
✤ ZEO client count
✤ Memory profile
✤ Additional eggs
![Page 26: Full-Stack Plone Deployment with Ansible](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f13dd01a28ab6f5d8b4603/html5/thumbnails/26.jpg)
Internet
Nginx
haproxy
ZEO Cluster
Varnish
iptables
MuninLogwatchfail2ban
Postfix
Package Auto
Update
Plone Ansible PlaybookFull stack components
![Page 27: Full-Stack Plone Deployment with Ansible](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f13dd01a28ab6f5d8b4603/html5/thumbnails/27.jpg)
Integration Payoff:Client Restart
✤ Playbook knows its component part and can do things like install a client restart script that:
✤ Restarts all ZEO clients
✤ Removes client from haproxy backend before restart
✤ Fetches homepage of each virtualhost after restart to load Zope object cache
✤ Adds client back to cluster after page fetch
✤ Flushes varnish cache
![Page 28: Full-Stack Plone Deployment with Ansible](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f13dd01a28ab6f5d8b4603/html5/thumbnails/28.jpg)
Playbook: Major OptionsAll Plone Server Role options, plus…
![Page 29: Full-Stack Plone Deployment with Ansible](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f13dd01a28ab6f5d8b4603/html5/thumbnails/29.jpg)
Playbook Options
✤ Skip installs of haproxy, varnish, Nginx, Munin …
✤ Set up virtual hosts / SSL
✤ Tune cache
✤ Server packages, MOTD
✤ Postfix relay
![Page 30: Full-Stack Plone Deployment with Ansible](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f13dd01a28ab6f5d8b4603/html5/thumbnails/30.jpg)
But how to customize those variables in a maintainable way?
Customization StrategiesAll options are configured via variables
![Page 31: Full-Stack Plone Deployment with Ansible](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f13dd01a28ab6f5d8b4603/html5/thumbnails/31.jpg)
Local Customization File
✤ Create a local-configure.yml file with variable settings
✤ Override any setting
✤ Samples provided for several typical configurations
✤ Just copy the sample to local-configure.yml and edit
✤ Pulls will never overwrite local-configure.yml
![Page 32: Full-Stack Plone Deployment with Ansible](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f13dd01a28ab6f5d8b4603/html5/thumbnails/32.jpg)
sample-medium.yml
admin_email:plone_initial_password:timezone: "UTC\n"
muninnode_query_ips: - ip.of.munin.monitor
plone_client_count: 2
plone_zodb_cache_size: 15000
plone_client_max_memory: 750MB
![Page 33: Full-Stack Plone Deployment with Ansible](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f13dd01a28ab6f5d8b4603/html5/thumbnails/33.jpg)
Use this strategy if you don’t like some of the major stack component choices
Alternative Strategy: Fork ItYou fork it, you own it…
![Page 34: Full-Stack Plone Deployment with Ansible](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f13dd01a28ab6f5d8b4603/html5/thumbnails/34.jpg)
TestingReady to test locally via Vagrant.vagrant up does a complete provisioning of a virtualbox using Vagrant’s Ansible provisioner.
![Page 35: Full-Stack Plone Deployment with Ansible](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f13dd01a28ab6f5d8b4603/html5/thumbnails/35.jpg)
State of the Ansible Kit
![Page 36: Full-Stack Plone Deployment with Ansible](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f13dd01a28ab6f5d8b4603/html5/thumbnails/36.jpg)
Every customization variable documented
Solid Documentationdocs.plone.org
![Page 37: Full-Stack Plone Deployment with Ansible](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f13dd01a28ab6f5d8b4603/html5/thumbnails/37.jpg)
Server Platforms SupportedCurrently Ubuntu/Debian and CentOS
![Page 38: Full-Stack Plone Deployment with Ansible](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f13dd01a28ab6f5d8b4603/html5/thumbnails/38.jpg)
Server Platforms … FutureBut we’d like to do more — with your help.
![Page 39: Full-Stack Plone Deployment with Ansible](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f13dd01a28ab6f5d8b4603/html5/thumbnails/39.jpg)
✤ Drinking young chimpanzee, CC BY Tambako The Jaguar Follow, https://www.flickr.com/photos/tambako✤ Chimpanzee with a snack, CC BY NC SA, Dan, https://www.flickr.com/photos/dgermony/✤ Baboons in a row, CC BY Tambako The Jaguar Follow, https://www.flickr.com/photos/tambako✤ Portrait of a surprised baboon, CC BY Tambako The Jaguar Follow, https://www.flickr.com/photos/tambako✤ Chacma Baboon - Papio ursinus, CC BY NC SA, Arno Meintjes, https://www.flickr.com/photos/arnolouise/✤ Orangutan with baby, CC BY ND, Nathan Rupert, https://www.flickr.com/photos/nathaninsandiego/✤ Baby orangutan, CC BY, Daniel Kleeman, https://www.flickr.com/photos/75821270@N00/✤ Bornean Orangutan, CC NY ND, Josh More, https://www.flickr.com/photos/guppiecat/✤ Mother and baby gibbons eating, CC BY Tambako The Jaguar Follow, https://www.flickr.com/photos/tambako✤ Portrait of a gibbon, , CC BY Tambako The Jaguar Follow, https://www.flickr.com/photos/tambako✤ Black and white gibbon, , CC BY Tambako The Jaguar Follow, https://www.flickr.com/photos/tambako✤ Cute squirrel monkey, CC BY Tambako The Jaguar Follow, https://www.flickr.com/photos/tambako✤ squirrel-monkeys-at-drusillas-park-zoo-018, CC BY NC ND, Dean Thorpe, https://www.flickr.com/photos/
aspexdesign/✤ Squirrel monkeys in the grass, CC BY Tambako The Jaguar Follow, https://www.flickr.com/photos/tambako✤ IMG_4986 (do not feed), CC BY NC, Roland Harvey, https://www.flickr.com/photos/rolymo/✤ Cornered, CC BY NC, Esther Simpson, https://www.flickr.com/photos/estherase/✤ Howler Monkey WLD_4487, CC BY NC ND, https://www.flickr.com/photos/guppiecat/✤ Ooooooo, CC BY NC SA, Len Radin, https://www.flickr.com/photos/drurydrama/✤ Say aaahhhh!, CC BY NC ND, Abid Karamali, https://www.flickr.com/photos/abidk/✤ Capuchin Monkeys, Manuel Antonio, Costa Rica, CC BY NC SA, Stephen Johnson, https://www.flickr.com/photos/
stephenjjohnson/✤ Capuchin (tongue), CC BY NC SA, Jim Webber, https://www.flickr.com/photos/wwwebber/
Talk licensed CC BY 2.0
Primate photo licenses and attributions: