This document discusses deploying Plone on Amazon Web Services (AWS) using automation tools like Ansible and Terraform. It describes setting up a basic Plone stack with nginx, ZEO clients and servers. Manual deployment is error-prone, so the document recommends using configuration management tools to deploy Plone servers repeatably. It demonstrates deploying a Plone server to AWS using Terraform to provision servers and Saltstack to configure the software.
2. ABOUT ME
➤ Working with Plone since 2003
➤ 350+ Plone sites at University of Wisconsin Oshkosh
➤ Developer → team lead → project manager
➤ Engineering team lead @ Six Feet Up
7. MANUAL DEPLOYMENT
➤ Provision a virtual machine (Digital Ocean, Linode, Amazon Lightsail)
➤ Set up firewall
➤ Download and run the Plone unified installer
➤ Set up nginx web server
➤ Set up automatic Plone start scripts
➤ Set up cron jobs (zeopack, backup)
➤ Remember to log in periodically to apply system updates
➤ Hope no one hacks into the system (no monitoring)
9. THE BETTER WAY
➤ Deploy repeatably, consistently
➤ Keep server configuration under version control
➤ Make all configuration changes in one place
➤ Use automation to deploy configuration changes
➤ Avoid logging into the servers
➤ NEVER MODIFY THE SERVERS DIRECTLY
10. WHY USE REPEATABLE DEPLOYMENTS
➤ There is never any question about what’s running on a given server
➤ Consistency of configuration → when you make a change in one Plone server, it is
made on all Plone servers
➤ With repeatable deployments you can easily create multiple environments for:
➤ testing
➤ Quality Assurance or staging
➤ production
➤ disaster recovery
14. PLONE ANSIBLE PLAYBOOK
➤ Use Ansible to provision a single full-stack Plone server github.com/plone/ansible-
playbook with
➤ a Plone ZEO cluster (1 ZEO server, 2 ZEO clients)
➤ supervisor for automatic start/stop of the Plone cluster
➤ HAProxy load balancing
➤ Varnish caching
➤ Nginx as a proxy and URL rewrite engine
➤ Postfix for outgoing mail
➤ munin-node, logwatch and fail2ban for monitoring and log analysis
➤ Vagrant and VirtualBox for testing the setup
17. ➤ For this demo, we will use Amazon AWS
➤ Biggest established cloud provider
➤ Continuing adoption growth
➤ Robust, well understood
➤ Many other services available (e.g. machine learning,
containers, databases)
➤ 66 availability zones in 21 geographic regions
DEPLOY TO THE CLOUD
18. DEMO: TERRAFORM
➤ Demo code: github.com/tkimnguyen/aws-auto-deploy-demo
➤ Terraform will provision servers using AWS:
➤ Create virtual private cloud (VPC)
➤ Define access control lists (ACLs)
➤ Create 2 Elastic Compute Cloud (EC2) instances
➤ A salt “master”
➤ A salt “minion” (the Plone server)
19. DEMO: SALT
➤ Then Terraform invokes Saltstack on the minion to set up our software
➤ Saltstack reads states stored on the master to:
➤ Install Plone
➤ Install and configure supervisor
20. AWS PREPARATION
➤ Create an AWS account at aws.amazon.com
➤ Create an AWS user at console.aws.amazon.com/iam
➤ Set up an access key pair called plone-conf-demo-sfup by importing your ssh public
key
➤ Add aws_access_key_id and aws_secret_access_key to your ~/.aws/
credentials file
21. LOCAL COMPUTER PREPARATION
➤ Install Terraform from www.terraform.io/downloads.html
git clone https://github.com/tkimnguyen/aws-auto-deploy-
demo.git
cd aws-auto-deploy-demo
cd terraform
terraform init
terraform plan
22. DEMO STEPS
➤ Apply the Terraform plan
terraform apply
➤ Obtain IP address of Plone server
terraform state pull aws_instance |egrep ‘"name"|public_ip"'
➤ ssh into Plone server
ssh -L8080:localhost:8080 ubuntu@18.209.237.90
➤ view salt progress log
tail -f /var/log/cloud-init-output.log
24. OTHER AWS GOODIES
➤ CloudFront (aws.amazon.com/cloudfront) for content delivery network (caching)
around the world
➤ Shield for DDoS mitigation, Web Application Firewall
➤ CloudWatch (aws.amazon.com/cloudwatch) for monitoring and autoscaling
➤ Elastic Load Balancing (aws.amazon.com/elasticloadbalancing) for load balancing of
HTTP and HTTPS traffic, integration with Auto Scaling, monitoring & auditing
➤ Relational Database Service (aws.amazon.com/rds) with PostgreSQL
→ use with Plone RelStorage
→ now you have replication and failover