This document discusses deploying full-stack Plone sites using Ansible for automation and orchestration. It describes what a full-stack deployment entails, such as load balancers, caching, firewalls, monitoring, etc. It then covers approaches to full-stack deployment including containers and orchestration tools. The remainder focuses on using Ansible, covering plays, playbooks, roles, templates and variables. It introduces the Plone Ansible toolkit including the Plone server role and playbook for deploying the full Plone stack. Options for both are described as well as strategies for customizing deployments.

1. Full-Stack Plone Deployment with Ansible
Fulvio Casali & Steve McMahon
Plone Conference 2015
Budapest, Romania

2. Internet
Web
Server
Load
Balancer
ZEO
Cluster
Proxy
Cache
Firewall
What do we
mean by full
stack?

3. Internet
Web
Server
Load
Balancer
ZEO
Cluster
Proxy
Cache
Firewall
Monitoring
Logging
Mail
Transfer
Agent
Platform
Update

4. Approaches to full-stack
deployment
Containers

5. Approaches to full-stack
deployment

6. Approaches to full-stack
deployment
Orchestration
State
Specification
Cloud
Server
Orchestration
Engine

7. Approaches to full-stack
deployment
Orchestration
State
Specification
Cloud
Server
Orchestration
Engine

8. Approaches to full-stack
deployment
Orchestration
State
Specification
Cloud
Server
Orchestration
Engine

9. Is your unit of automation a component of the stack, or a full server?
Container or Orchestration?

10. Server OrchestrationTools

11. Server OrchestrationTools

12. Server OrchestrationTools
Client-Server (Mostly)Agentless
A bit simpler

13. Your mileage may vary…
SimplicityWins!
For our purposes

14. A Quick Introduction
to Ansible

15. Ansible
✤ Plays — a state specification
✤ Ideally idempotent
✤ Playbooks — Lists of plays
✤ Roles — Reusable lists of plays

16. YAML:
Python’s JSON
- List Item One
- List Item Two
- Key One: Value One
Key Two: Value Two
- List Item Four

17. Playbook Sample
- name: Update host
apt: upgrade=dist update_cache=yes
- name: Ensure optional packages
apt: pkg={{ item }} state=present
with_items: additional_packages

18. Templates &Variable Interpolation
eggs =
Plone
Pillow
{% if plone_additional_eggs %}
{% for egg in plone_additional_eggs %}
{{ egg }}
{% endfor %}
{% endif %}

19. Roles:
playbooks for use
inside playbooks.
Write them yourself;
or check them out via
Ansible Galaxy

20. Using roles
roles:
...
- role: plone.plone_server
tags: plone
- role: haproxy
when: install_loadbalancer
tags: haproxy
- role: varnish
when: install_proxycache
tags: varnish
...

21. Plone’s AnsibleToolkit
Two parts: the Plone Server Role and the Plone Playbook

22. Plone
Server Role
✤ Only the Zope/Plone Server
✤ In a ZEO configuration
✤ Includes process management
via Supervisor
✤ And backup, packing cron jobs
✤ Available on Ansible Galaxy

23. The Plone
Playbook
✤ Incorporates Plone Server Role
✤ Adds:
✤ Load balancer
✤ Proxy cache
✤ Web server / rewrite engine
✤ MTA & Admin
✤ Available via github.com/plone

24. Choosing your entry point
✤ Choose the Plone Server Role if you wish to pick and
choose your stack components. Incorporate it in your
own Playbook.
✤ Choose the Plone Playbook if you want the full stack
chosen by the Installer Team.

25. Plone Server Role:
Major Options
✤ Canned or custom buildout
✤ With canned buildout:
✤ ZEO client count
✤ Memory profile
✤ Additional eggs

26. Internet
Nginx
haproxy
ZEO
Cluster
Varnish
iptables
Munin
Logwatch
fail2ban
Postfix
Package
Auto
Update
Plone Ansible
Playbook
Full stack components

27. Integration Payoff:
Client Restart
✤ Playbook knows its component part and
can do things like install a client restart
script that:
✤ Restarts all ZEO clients
✤ Removes client from haproxy
backend before restart
✤ Fetches homepage of each virtualhost
after restart to load Zope object cache
✤ Adds client back to cluster after page
fetch
✤ Flushes varnish cache

28. Playbook: Major Options
All Plone Server Role options, plus…

29. Playbook
Options
✤ Skip installs of haproxy,
varnish, Nginx, Munin …
✤ Set up virtual hosts / SSL
✤ Tune cache
✤ Server packages, MOTD
✤ Postfix relay

30. But how to customize those variables in a maintainable way?
Customization Strategies
All options are configured via variables

31. Local Customization File
✤ Create a local-configure.yml file with variable settings
✤ Override any setting
✤ Samples provided for several typical configurations
✤ Just copy the sample to local-configure.yml and edit
✤ Pulls will never overwrite local-configure.yml

32. sample-medium.yml
admin_email:
plone_initial_password:
timezone: "UTCn"
muninnode_query_ips:
- ip.of.munin.monitor
plone_client_count: 2
plone_zodb_cache_size: 15000
plone_client_max_memory: 750MB

33. Use this strategy if you don’t like some of the major stack component choices
Alternative Strategy: Fork It
You fork it, you own it…

34. Testing
Ready to test locally via Vagrant.
vagrant up does a complete
provisioning of a virtualbox using
Vagrant’s Ansible provisioner.

35. State of the Ansible Kit

36. Every customization variable documented
Solid Documentation
docs.plone.org

37. Server Platforms Supported
Currently Ubuntu/Debian and CentOS

38. Server Platforms … Future
But we’d like to do more — with your help.

39. ✤ Drinking young chimpanzee, CC BY Tambako The Jaguar Follow, https://www.flickr.com/photos/tambako
✤ Chimpanzee with a snack, CC BY NC SA, Dan, https://www.flickr.com/photos/dgermony/
✤ Baboons in a row, CC BY Tambako The Jaguar Follow, https://www.flickr.com/photos/tambako
✤ Portrait of a surprised baboon, CC BY Tambako The Jaguar Follow, https://www.flickr.com/photos/tambako
✤ Chacma Baboon - Papio ursinus, CC BY NC SA, Arno Meintjes, https://www.flickr.com/photos/arnolouise/
✤ Orangutan with baby, CC BY ND, Nathan Rupert, https://www.flickr.com/photos/nathaninsandiego/
✤ Baby orangutan, CC BY, Daniel Kleeman, https://www.flickr.com/photos/75821270@N00/
✤ Bornean Orangutan, CC NY ND, Josh More, https://www.flickr.com/photos/guppiecat/
✤ Mother and baby gibbons eating, CC BY Tambako The Jaguar Follow, https://www.flickr.com/photos/tambako
✤ Portrait of a gibbon, , CC BY Tambako The Jaguar Follow, https://www.flickr.com/photos/tambako
✤ Black and white gibbon, , CC BY Tambako The Jaguar Follow, https://www.flickr.com/photos/tambako
✤ Cute squirrel monkey, CC BY Tambako The Jaguar Follow, https://www.flickr.com/photos/tambako
✤ squirrel-monkeys-at-drusillas-park-zoo-018, CC BY NC ND, Dean Thorpe, https://www.flickr.com/photos/
aspexdesign/
✤ Squirrel monkeys in the grass, CC BY Tambako The Jaguar Follow, https://www.flickr.com/photos/tambako
✤ IMG_4986 (do not feed), CC BY NC, Roland Harvey, https://www.flickr.com/photos/rolymo/
✤ Cornered, CC BY NC, Esther Simpson, https://www.flickr.com/photos/estherase/
✤ Howler Monkey WLD_4487, CC BY NC ND, https://www.flickr.com/photos/guppiecat/
✤ Ooooooo, CC BY NC SA, Len Radin, https://www.flickr.com/photos/drurydrama/
✤ Say aaahhhh!, CC BY NC ND, Abid Karamali, https://www.flickr.com/photos/abidk/
✤ Capuchin Monkeys, Manuel Antonio, Costa Rica, CC BY NC SA, Stephen Johnson, https://www.flickr.com/photos/
stephenjjohnson/
✤ Capuchin (tongue), CC BY NC SA, Jim Webber, https://www.flickr.com/photos/wwwebber/
Talk licensed CC BY 2.0
Primate photo licenses and attributions: