The Plone installer team is maintaining an Ansible-based deployment kit. We'll discuss options and strategies for its use and gather feedback on how it should evolve.
16. Plone
Server Role
✤ Only the Zope/Plone Server
✤ In a ZEO configuration
✤ Includes process management
via Supervisor
✤ And backup, packing cron jobs
✤ Available on Ansible Galaxy
17. The Plone
Playbook
✤ Incorporates Plone Server Role
✤ Adds:
✤ Load balancer
✤ Proxy cache
✤ Web server / rewrite engine
✤ MTA & Admin
✤ Available via github.com/plone
18. Choosing your entry point
✤ Choose the Plone Server Role if you wish to pick and
choose your stack components. Incorporate it in your
own Playbook.
✤ Choose the Plone Playbook if you want the full stack
chosen by the Installer Team.
19. Plone Server Role:
Major Options
✤ Canned or custom buildout
✤ With canned buildout:
✤ ZEO client count
✤ Memory profile
✤ Additional eggs
21. Integration Payoff:
Client Restart
✤ Playbook knows its component part and
can do things like install a client restart
script that:
✤ Restarts all ZEO clients
✤ Removes client from haproxy backend
before restart
✤ Fetches homepage of each virtualhost
after restart to load Zope object cache
✤ Adds client back to cluster after page
fetch
✤ Flushes varnish cache
23. Playbook
Options
✤ Skip installs of haproxy, varnish,
Nginx, Munin …
✤ Set up virtual hosts / SSL
✤ Tune cache
✤ Server packages, MOTD
✤ Postfix relay
24. But how to customize those variables in a maintainable way?
Customization Strategies
All options are configured via variables
25. Local Customization File
✤ Create a local-configure.yml file with variable settings
✤ Override any setting
✤ Samples provided for several typical configurations
✤ Just copy the sample to local-configure.yml and edit
✤ Pulls will never overwrite local-configure.yml
33. ✤ Drinking young chimpanzee, CC BY Tambako The Jaguar Follow, https://www.flickr.com/photos/tambako
✤ Chimpanzee with a snack, CC BY NC SA, Dan, https://www.flickr.com/photos/dgermony/
✤ Baboons in a row, CC BY Tambako The Jaguar Follow, https://www.flickr.com/photos/tambako
✤ Portrait of a surprised baboon, CC BY Tambako The Jaguar Follow, https://www.flickr.com/photos/tambako
✤ Chacma Baboon - Papio ursinus, CC BY NC SA, Arno Meintjes, https://www.flickr.com/photos/arnolouise/
✤ Orangutan with baby, CC BY ND, Nathan Rupert, https://www.flickr.com/photos/nathaninsandiego/
✤ Baby orangutan, CC BY, Daniel Kleeman, https://www.flickr.com/photos/75821270@N00/
✤ Bornean Orangutan, CC NY ND, Josh More, https://www.flickr.com/photos/guppiecat/
✤ Mother and baby gibbons eating, CC BY Tambako The Jaguar Follow, https://www.flickr.com/photos/tambako
✤ Portrait of a gibbon, , CC BY Tambako The Jaguar Follow, https://www.flickr.com/photos/tambako
✤ Black and white gibbon, , CC BY Tambako The Jaguar Follow, https://www.flickr.com/photos/tambako
✤ Cute squirrel monkey, CC BY Tambako The Jaguar Follow, https://www.flickr.com/photos/tambako
✤ squirrel-monkeys-at-drusillas-park-zoo-018, CC BY NC ND, Dean Thorpe, https://www.flickr.com/photos/aspexdesign/
✤ Squirrel monkeys in the grass, CC BY Tambako The Jaguar Follow, https://www.flickr.com/photos/tambako
✤ IMG_4986 (do not feed), CC BY NC, Roland Harvey, https://www.flickr.com/photos/rolymo/
✤ Cornered, CC BY NC, Esther Simpson, https://www.flickr.com/photos/estherase/
✤ Howler Monkey WLD_4487, CC BY NC ND, https://www.flickr.com/photos/guppiecat/
✤ Ooooooo, CC BY NC SA, Len Radin, https://www.flickr.com/photos/drurydrama/
✤ Say aaahhhh!, CC BY NC ND, Abid Karamali, https://www.flickr.com/photos/abidk/
✤ Capuchin Monkeys, Manuel Antonio, Costa Rica, CC BY NC SA, Stephen Johnson,
https://www.flickr.com/photos/stephenjjohnson/
✤ Capuchin (tongue), CC BY NC SA, Jim Webber, https://www.flickr.com/photos/wwwebber/
Talk licensed CC BY 2.0
Primate photo licenses and attributions:
Notas del editor
A delivery stack for Plone adequate for production purposes,
plus supporting server requirements like monitoring, log analysis and mail-transfer agent
There are two major paradigms for automated deployment: containers and orchestration.
Containers, for example Docker and Juju.
In the container paradigm, the working units are the individual applications that make up the stack.
With the orchestration paradigm, the units are full servers.
A state specification is applied to a server by an orchestration engine. The same specification may build many servers.
Background note: I’m not really distinguishing between orchestration and automation.
The idea of disposable appliances makes full-server automation the right choice for me.
Your choices may differ.
The open-source server provisioning space is dominated by four tools.
Chef is built on Ruby and Erlang (no kidding) and uses Ruby for its configuration language. YUCK!
Puppet is built on Ruby and uses Ruby for its configuration language. YUCK!
SaltStack and Ansible are built in Python and use YAML for configuration. We choose Python.
The installer team chose Ansible — simply because it made more sense to the people who wanted to work on a Plone server provisioning kit.
This photo doesn’t have any connection with the subject. Nor do any of the others. They’re just to keep the audience awake :)
An Ansible, by the way, is a device for instantaneous communication at a distance. It was invented by the physicist Shevek in Ursula K. Le Guin’s marvelous science-fiction novel The Dispossessed.
Too bad Ansible Corporation used sports metaphors for the Ansible configuration units.
YAML: YAML Ain’t Markup Language
YAML is used for all Ansible’s configuration specifications.
YAML expresses python data structures in a text outline format
Basic units: strings, numbers, dictionaries and lists
This is a fragment of a playbook.
It is a list of two items. Each of the items is a dictionary.
Each item in this case uses Ubuntu’s “apt” package manager.
The second item executes an operation on a list of items specified in a variable.
Ansible playbooks may use Jinja2’s template language wherever they use strings.
Ansible can also copy whole template files to the server.
This is a fragment of the buildout.cfg template used in the Plone Ansible kit.
Galaxy is Ansible’s PyPI
The top-level playbook — the one you actually run — is mostly a list of roles to be played.
This is a fragment from Plone’s Ansible Playbook.
Since the components of the stack are known in the full playbook, we can use that knowledge for integration. The client restart script is a good example. It uses a lot of knowledge from the stack to manage a smooth client restart. Zero downtime to restart clients (when using more than one client).
The easiest strategy: use a configuration file.
Here’s an example local configuration — without the extensive commenting. This sample is aimed at a server with 2GB of RAM and a couple of cores.
Sample configs go down to “very small” — targeting a half-gigabyte server.
Alternatively, fork the toolkit and customize the role use.
Local testing is amazingly easy. A Vagrant config file is included. Just type “vagrant up” to create your target server in a virtualbox — complete with port mappings for all the major components.
Want to see the Plone Ansible Playbook on FreeBSD or other servers?
So do we. Join the team.
Targets should typically be the latest stable or LTS release of an OS or distribution.
Remember, cloud servers are disposable; there is no reason to target an old distribution.