full-stack plone deployment with ansible

Full-Stack Plone Deployment with Ansible

Fulvio Casali & Steve McMahon

Plone Conference 2015

Budapest, Romania

Internet

Web Server

Load Balancer

ZEO Cluster

Proxy Cache

Firewall

What do we mean by full stack?

Internet

Web Server

Load Balancer

ZEO Cluster

Proxy Cache

Firewall

MonitoringLogging

MailTransferAgent

PlatformUpdate

Approaches to full-stack deployment

Containers

Approaches to full-stack deployment

Approaches to full-stack deployment

Orchestration

State Specification

Cloud Server

Orchestration Engine

Approaches to full-stack deployment

Orchestration

State Specification

Cloud Server

Orchestration Engine

Approaches to full-stack deployment

Orchestration

State Specification

Cloud Server

Orchestration Engine

Is your unit of automation a component of the stack, or a full server?

Container or Orchestration?

Server Orchestration Tools

Server Orchestration Tools

Server Orchestration Tools

Client-Server (Mostly)AgentlessA bit simpler

Your mileage may vary…

Simplicity Wins!For our purposes

A Quick Introductionto Ansible

Ansible

✤ Plays — a state specification

✤ Ideally idempotent

✤ Playbooks — Lists of plays

✤ Roles — Reusable lists of plays

YAML:Python’s JSON- List Item One- List Item Two- Key One: Value One Key Two: Value Two- List Item Four

Playbook Sample

- name: Update host apt: upgrade=dist update_cache=yes

- name: Ensure optional packages apt: pkg={{ item }} state=present with_items: additional_packages

Templates & Variable Interpolation

eggs = Plone Pillow{% if plone_additional_eggs %}{% for egg in plone_additional_eggs %} {{ egg }}{% endfor %}{% endif %}

Roles: playbooks for use inside playbooks.Write them yourself;or check them out via Ansible Galaxy

Using roles

roles:... - role: plone.plone_server tags: plone

- role: haproxy when: install_loadbalancer tags: haproxy

- role: varnish when: install_proxycache tags: varnish...

Plone’s Ansible ToolkitTwo parts: the Plone Server Role and the Plone Playbook

PloneServer Role

✤ Only the Zope/Plone Server

✤ In a ZEO configuration

✤ Includes process management via Supervisor

✤ And backup, packing cron jobs

✤ Available on Ansible Galaxy

The Plone Playbook

✤ Incorporates Plone Server Role

✤ Adds:

✤ Load balancer

✤ Proxy cache

✤ Web server / rewrite engine

✤ MTA & Admin

✤ Available via github.com/plone

Choosing your entry point

✤ Choose the Plone Server Role if you wish to pick and choose your stack components. Incorporate it in your own Playbook.

✤ Choose the Plone Playbook if you want the full stack chosen by the Installer Team.

Plone Server Role:Major Options

✤ Canned or custom buildout

✤ With canned buildout:

✤ ZEO client count

✤ Memory profile

✤ Additional eggs

Internet

Nginx

haproxy

ZEO Cluster

Varnish

iptables

MuninLogwatchfail2ban

Postfix

Package Auto

Update

Plone Ansible PlaybookFull stack components

Integration Payoff:Client Restart

✤ Playbook knows its component part and can do things like install a client restart script that:

✤ Restarts all ZEO clients

✤ Removes client from haproxy backend before restart

✤ Fetches homepage of each virtualhost after restart to load Zope object cache

✤ Adds client back to cluster after page fetch

✤ Flushes varnish cache

Playbook: Major OptionsAll Plone Server Role options, plus…

Playbook Options

✤ Skip installs of haproxy, varnish, Nginx, Munin …

✤ Set up virtual hosts / SSL

✤ Tune cache

✤ Server packages, MOTD

✤ Postfix relay

But how to customize those variables in a maintainable way?

Customization StrategiesAll options are configured via variables

Local Customization File

✤ Create a local-configure.yml file with variable settings

✤ Override any setting

✤ Samples provided for several typical configurations

✤ Just copy the sample to local-configure.yml and edit

✤ Pulls will never overwrite local-configure.yml

sample-medium.yml

admin_email:plone_initial_password:timezone: "UTC\n"

muninnode_query_ips: - ip.of.munin.monitor

plone_client_count: 2

plone_zodb_cache_size: 15000

plone_client_max_memory: 750MB

Use this strategy if you don’t like some of the major stack component choices

Alternative Strategy: Fork ItYou fork it, you own it…

TestingReady to test locally via Vagrant.vagrant up does a complete provisioning of a virtualbox using Vagrant’s Ansible provisioner.

State of the Ansible Kit

Every customization variable documented

Solid Documentationdocs.plone.org

Server Platforms SupportedCurrently Ubuntu/Debian and CentOS

Server Platforms … FutureBut we’d like to do more — with your help.

✤ Drinking young chimpanzee, CC BY Tambako The Jaguar Follow, https://www.flickr.com/photos/tambako✤ Chimpanzee with a snack, CC BY NC SA, Dan, https://www.flickr.com/photos/dgermony/✤ Baboons in a row, CC BY Tambako The Jaguar Follow, https://www.flickr.com/photos/tambako✤ Portrait of a surprised baboon, CC BY Tambako The Jaguar Follow, https://www.flickr.com/photos/tambako✤ Chacma Baboon - Papio ursinus, CC BY NC SA, Arno Meintjes, https://www.flickr.com/photos/arnolouise/✤ Orangutan with baby, CC BY ND, Nathan Rupert, https://www.flickr.com/photos/nathaninsandiego/✤ Baby orangutan, CC BY, Daniel Kleeman, https://www.flickr.com/photos/75821270@N00/✤ Bornean Orangutan, CC NY ND, Josh More, https://www.flickr.com/photos/guppiecat/✤ Mother and baby gibbons eating, CC BY Tambako The Jaguar Follow, https://www.flickr.com/photos/tambako✤ Portrait of a gibbon, , CC BY Tambako The Jaguar Follow, https://www.flickr.com/photos/tambako✤ Black and white gibbon, , CC BY Tambako The Jaguar Follow, https://www.flickr.com/photos/tambako✤ Cute squirrel monkey, CC BY Tambako The Jaguar Follow, https://www.flickr.com/photos/tambako✤ squirrel-monkeys-at-drusillas-park-zoo-018, CC BY NC ND, Dean Thorpe, https://www.flickr.com/photos/

aspexdesign/✤ Squirrel monkeys in the grass, CC BY Tambako The Jaguar Follow, https://www.flickr.com/photos/tambako✤ IMG_4986 (do not feed), CC BY NC, Roland Harvey, https://www.flickr.com/photos/rolymo/✤ Cornered, CC BY NC, Esther Simpson, https://www.flickr.com/photos/estherase/✤ Howler Monkey WLD_4487, CC BY NC ND, https://www.flickr.com/photos/guppiecat/✤ Ooooooo, CC BY NC SA, Len Radin, https://www.flickr.com/photos/drurydrama/✤ Say aaahhhh!, CC BY NC ND, Abid Karamali, https://www.flickr.com/photos/abidk/✤ Capuchin Monkeys, Manuel Antonio, Costa Rica, CC BY NC SA, Stephen Johnson, https://www.flickr.com/photos/

stephenjjohnson/✤ Capuchin (tongue), CC BY NC SA, Jim Webber, https://www.flickr.com/photos/wwwebber/

Talk licensed CC BY 2.0

Primate photo licenses and attributions: