#26: Deploying Python Web Applications (Updated) Transcript
00:00 So you've built this amazing Python web app, and now what?
00:03 You want to put it online, of course, but that's a whole different skill set.
00:06 Well, today you're in luck because Matthew McKay is here to tell us all about deploying Python web applications on episode number 26, recorded Monday, August 17, 2015.
00:17 I'm a developer in many senses of the word because I make these applications, but I also use these verbs to make this music.
00:28 I construct it line by line, just like when I'm coding another software design.
00:33 In both cases, it's about design patterns.
00:36 Anyone can get the job done.
00:38 It's the execution that matters.
00:39 I have many interests.
00:41 Sometimes it can flake.
00:42 Welcome to Talk Python to Me, a weekly podcast on Python, the language, the libraries, the ecosystem, and the personalities.
00:49 This is your host, Michael Kennedy.
00:51 Follow me on Twitter where I'm @mkennedy.
00:53 Keep up with the show and listen to past episodes at talkpython.fm, and follow the show on Twitter via at Talk Python.
00:59 This episode is brought to you by Hired and OptBeat.
01:03 Thank them for supporting the show on Twitter via at Hired underscore HQ and at OptBeat.
01:08 That's right, OptBeat has joined the show as a periodic sponsor, and they have a huge announcement for you later in the episode.
01:14 I have a little news for you this week.
01:17 First, Import Python, the newsletter, guys, have created a free job board.
01:22 So whether you're hiring or looking for work in Python, check out importpython.com slash job board.
01:29 The past two episodes have been with book authors, as is this one as well.
01:32 And for each episode, I've given away a book to one lucky listener who's already signed up as a friend of the show.
01:39 I want to say congratulations to Kristen Wedmark from Sweden, who won Fluent Python,
01:44 and Keith Ord from Georgia, who picked up Effective Python.
01:47 Do you want to win a book just like Kristen and Keith?
01:51 Well, be sure to sign up at talkpython.fm as a friend of the show, and you'll be in the running.
01:55 Now let me introduce Matthew.
01:58 Matthew McKay is a Twilio developer evangelist based in San Francisco, California,
02:02 where he builds open source applications in Python and Swift.
02:05 Matt spoke at EuroPython on FullStackPython and PyCon about virtual ENTs and web app deployments.
02:12 He created the Underwear Library hosted on PyPI and writes FullStackPython to help fellow developers learn how to build
02:19 and deploy their WSGI-powered web applications.
02:21 Matt, welcome to the show.
02:24 Thanks for having me, Michael.
02:25 Yeah, I'm really glad you're here.
02:27 We're going to talk about some awesome deployment stuff based on your new book that you wrote.
02:31 So before we get into deployments and that sort of thing, let's start from the beginning.
02:37 What's your story?
02:38 How do you get into programming in Python?
02:39 Yeah, sure.
02:41 So I've actually been programming for a long time.
02:43 I took four years of computer science in high school.
02:45 I was very fortunate to have extensive computer science classes in high school.
02:50 And I'm a strong believer that that needs to be expanded throughout the United States.
02:55 And then through that, I got into computer science in college at James Madison University.
03:01 And then I did my master's in computer science at Virginia Tech.
03:05 So I've studied computer science for a long time, got a great foundation, and then became a professional programmer as soon as I graduated from college.
03:14 So that pretty much led me into the Java world, which was a bit away from where I am now with the Python scene.
03:22 Was your education in Java?
03:24 Is that how you ended up down that path in the beginning?
03:27 Yeah.
03:28 Well, it was a combination of C, C++, and Java.
03:32 I think most people go into C++ and they learn a lot about the underlying data structures and pointers and all that stuff.
03:40 And I just found at the time when I discovered Java that it was great to not have to think about a lot of the lower level details.
03:50 And so for me, I just kind of naturally gravitated towards Java also because that's where all the jobs were going.
03:56 And so I sort of grabbed onto that and had enough experience in the different languages that I could kind of switch back and forth when necessary.
04:04 Yeah, very cool.
04:05 Okay, so you got a job in Java and somehow you made your way over to Python.
04:09 Yeah, so the gist is I was doing Java development on actually a military project for the Department of Defense.
04:20 And I just realized that we had so many Java developers on our team.
04:24 And I would go home at night and I was like, I was still trying to learn more and more about programming.
04:30 And when I came across Python and I started teaching myself Python, I realized in a couple hours of working on side projects, I felt more productive than an entire day at the office.
04:42 And I just thought, wow, this is something that I think is really powerful as a language, as an ecosystem.
04:49 And I wanted to hang my hat on that.
04:51 So I started getting on projects that were more based in Python, or I would, for example, write scripts that were in Python for a Java project.
05:00 And that was kind of my introduction to that world.
05:02 Yeah, that's really cool.
05:04 That's both exciting and somewhat regretful.
05:07 Like, why didn't you do it earlier is one of the feelings I personally had coming from C++, which I spent a lot of time working on and perfecting to just leave in the dust.
05:18 Yeah, but it makes you appreciate it, right?
05:21 I mean, every time you don't have to handle pointers or you have a built-in data structure, a dictionary, or a list, you really appreciate that you don't have to resize that array.
05:31 You can use the built-in data structure, and it's so much more productive.
05:34 Yeah, absolutely.
05:35 All that stuff is way more appreciated, at least from my perspective.
05:38 Yeah.
05:38 Awesome.
05:40 So why don't you tell me a little bit about Fullstack Python?
05:42 Sure.
05:43 So a few years ago, 2012, I was working on a bunch of different Python projects, consulting projects, and I was working with many junior developers, and they kept asking me questions.
05:55 They would send me an email, and I would write these long, detailed emails about how a WSGI server operates or what the difference between Django and Flask was.
06:05 And one of my colleagues said, you really should actually publish this.
06:10 It's like, you should put it out there, at least just on a website where other people can read it.
06:15 And that was pretty much the start of Fullstack Python.
06:17 I took a Christmas break where I had a week off, and I just started writing.
06:22 And I pretty much pulled in a lot of what I had from emails to just create this original site that I just kind of added to day by day, and it just kept growing.
06:34 So that was the very origin of the site was, hey, people might be interested in this information.
06:39 And lo and behold, I started getting readers.
06:43 So that was the very beginning of it.
06:44 So how many articles or topics did you have out of your email before you had to start writing for Fullstack Python?
06:53 Yeah, so a lot of it was just around web frameworks, and especially around deployments, because I would deploy a lot of applications to just a basic server, because many of the consulting engagements I was on, they didn't have existing Python projects.
07:10 So they needed someone who was a quote unquote, full stack developer.
07:14 I know that's like a much maligned term.
07:16 A lot of developers don't like the term full stack.
07:18 But I felt like it actually really did apply.
07:20 And I'm kind of stuck with the name now.
07:22 And I don't know, I kind of like it.
07:24 So yeah, so I basically that was the original quote unquote, full stack was the web frameworks and the deployments and the servers and that sort of thing itself.
07:33 Yeah, that's really awesome.
07:34 Your book that you wrote, what's the title?
07:38 So it's the full stack Python guide to deployments.
07:41 Right.
07:42 So this is basically taking all of your guidance and stuff around the Python web frameworks and just focusing on the deployment side of the story.
07:49 So it kind of assumes that you're a competent developer, you've written this web app.
07:53 And now what, right?
07:54 Yeah.
07:55 So I really recommend this to people.
07:58 The way that this came about was I kept getting emails from people who were reading full stack Python.
08:04 And they're like, hey, this is really great.
08:06 Love full stack Python.
08:07 But it's super high level.
08:08 And you link to all these tutorials.
08:10 But they're all sort of just they're different tutorials.
08:14 They're mixed and match.
08:15 And it was really hard for someone to just without any knowledge of deployment, just get started and figure out without reading 50 different articles, like how to actually do a deployment from start to finish.
08:27 And some of these things are super well, I wouldn't say they're super basic.
08:31 Like if you don't know how to do them, I wouldn't feel bad about it.
08:33 But it's just something like walking through provisioning a virtual private server that can be super confusing the first time you do it.
08:40 So in the book, I actually walk through like, here's how you provision a server on Linode and actually start it up.
08:47 Yeah, that makes total sense.
08:49 It's, you know, I do professional training for developers for part of my job.
08:55 And I get questions like, how can I even host my pyramid web app or, you know, whatever type of web app you've created.
09:03 Like some people who live and breathe the web world, it's like, well, obviously you create this kind of server or that kind of server.
09:10 But if you're maybe like a data scientist or you're transitioning or you've been in Q&A and you're starting to become a developer, like those are hard choices.
09:18 And I think part of the guidance of just, hey, look, choose this type of hosting over that type of hosting alone is actually really valuable.
09:27 Yeah.
09:28 And I think you completely touched on it.
09:30 If you're a data scientist or you're a coding bootcamp graduate or you're just out of undergrad or maybe an intern, you've never been exposed to these concepts before because they're not things.
09:40 That are typically taught in computer science program.
09:42 And often deployments are not touched on in a coding bootcamp.
09:45 And so just the fundamentals, just the foundational level of how do you get a server?
09:50 How do you create public private keys?
09:52 That's completely unknown.
09:54 And that's pretty much how I wrote the book was I don't assume that you know any of this stuff.
10:00 And we're going to walk through it step by step.
10:01 Yeah, that's really cool.
10:02 I think that's a good place to start.
10:05 You have this picture on deploypython.com.
10:09 I read at the bottom of the homepage.
10:11 And it's kind of like a visual architectural based version of a table of contents.
10:17 Yeah.
10:18 It's really awesome.
10:19 I really love that picture.
10:20 I saw it.
10:21 So it's got like a server and a virtual machine and all the various moving parts sort of sketched out in architecture, but also showing the chapters.
10:31 And you kind of make your way through this architectural diagram, right?
10:33 Yeah, exactly.
10:35 So I start each chapter with the same diagram.
10:38 And I highlight there's a specific color for each chapter.
10:42 So like, for example, I think it's chapter three with the operating systems is like a shade of yellow.
10:48 And so I highlight here's what we're working on in this chapter.
10:50 And the idea is you start out with this like kind of high level conceptual idea of roughly what we're working on.
10:57 And maybe that's on your own server or that's a hosted service like GitHub or something like that.
11:03 But you at least have an image in your mind of what we're going to be working on.
11:07 And I think for people that are just starting in this space, it actually can be super confusing.
11:12 Like, well, okay, I have a Git repository.
11:14 But is that like local on my computer?
11:17 Or is that on GitHub?
11:18 And how do they relate?
11:20 And where does the virtual private server sit?
11:23 So that's what I tried to clarify a bit with the picture that's on deploypython.com.
11:28 It's just here's all the things we're going to walk through.
11:30 And here's how they look.
11:31 Yeah, I think it's great to have a visual way to see what you're going to learn like that architecturally.
11:37 Yeah, I mean, actually, that came from a lot of this came from a talk I gave at Europython in Berlin in 2014 called Full Stack Python, where I pretty much had a picture like this.
11:47 And I walked through conceptually what the full stack of a Python deployment is.
11:53 And the feedback from people was like, that talk would have been really hard to follow if not for the visuals.
11:59 So I thought, okay, obviously, these visuals are powerful.
12:02 And I should continue on with that.
12:04 And I've been trying to add even more to them to fullstackpython.com as I go along.
12:08 Yeah, that's excellent.
12:09 And I'm sure that talk is actually on YouTube somewhere, right?
12:12 Yeah, yeah, it totally is.
12:13 If you do Europython, Full Stack Python, my talk comes up.
12:17 Actually, if you do Google for Full Stack Python, Kate Hedleston gave a really great talk as well at PyCon.
12:24 And I believe it was 2014 that kind of walks through some of the same concepts.
12:30 Yeah, excellent.
12:30 I'll put that in the show notes.
12:32 Yeah, so let's talk about servers first.
12:34 You're using Linode for your hosts here, yeah?
12:38 Yeah, absolutely.
12:40 And it's kind of, I think maybe it's a little bit confusing in the book because I say, well, we're going to deploy this application.
12:46 And actually, before we kind of dive into the servers, I actually have an appendix where we create an application.
12:53 I say, like, if you've already got an application, great.
12:56 Like, let's figure out how to deploy it.
12:58 You can pretty much follow the steps in each chapter and you start out with the server.
13:03 And if you don't have an application, like, here is a full tutorial.
13:07 It's the appendix C in the book where I walk through an entire open source application, Flask application, that has all of the pieces that we need.
13:16 Like, it has a task queue.
13:17 It has all these application dependencies and whatnot.
13:21 It's a Flask app.
13:23 And so the idea is, like, if you, before we even get started with the server, if you've got an application, great.
13:28 If you don't, hey, you might want to go and read appendix C if you want to know about this application before we deploy it.
13:34 Yeah, very cool.
13:35 At minimum, get cloned so you have something to go deploy, right?
13:38 Yeah, yeah, totally.
13:39 And, I mean, the great part is, like, I actually wrote that content on the Twilio blog, which Twilio is my current employer.
13:47 And so that appendix has been, you know, a lot of people have followed along with that and given me feedback on it.
13:53 So it's a pretty good tutorial just to include as an appendix if you are trying to build a Flask application.
13:59 Yeah, excellent.
14:00 Yeah, let's come back to talking about what you do at Twilio because that sounds interesting.
14:03 But Linode.
14:05 Yeah, absolutely.
14:06 So the idea behind really how we get started in this is, like, okay, we need to deploy our application somewhere.
14:14 That can't just be living on your laptop.
14:16 Like, people on the internet need to access that.
14:18 And so we get a $10 a month server on Linode.
14:22 And I walk through the steps of, like, how to actually provision that.
14:26 And then once we provision it, we boot it up and we create a public-private key and we lock down the server against unauthorized attempts to log in.
14:37 So we disallow the root user from being a login account.
14:40 We create a separate login account.
14:42 We disable password authentication.
14:45 We only have public-key infrastructure authentication.
14:49 And then we set up firewalls and automatic upgrades.
14:51 And these things will not completely secure a server, but they're the good first steps that I would always recommend people do to every single server that they're starting up.
15:02 You know, one thing that my current experience absolutely backs this up, but just sort of the way the cloud and sort of this type of hosting has been going, you know, I was a little surprised you weren't using, like, Ubuntu machines on EC2.
15:18 Yeah, sure.
15:19 So I think, you know, I really like Amazon Web Services, but I also feel like it's almost overused for a lot of deployments.
15:29 Like, you can actually take a virtual private server and scale that up to hacker news traffic if you configure it properly.
15:37 And I think that's one of those things where, like, you can rack up a huge bill deploying to Amazon Web Services if you're not careful.
15:44 Whereas, like, the idea behind this was, like, let's learn all the pieces that you need in order to actually deploy a Python application.
15:51 And we're going to do that within the confines of a single virtual private server.
15:56 It's a much more controlled environment for the audience of the book, which is really people who are unfamiliar with deployments.
16:02 But I totally think you're right, and there could be an entire separate book that's like, okay, cool, you've learned the gist of deploying web applications.
16:09 Now let's actually go and deploy this on a cloud-based infrastructure.
16:14 Or I guess you'd call it, like, an infrastructure-as-a-service provider like Rackspace or Amazon or Azure.
16:21 Right.
16:22 Yeah, for sure.
16:23 So I think probably the majority of people out there would be better served by using something like Linode or DigitalOcean.
16:30 The pricing is so straightforward, and the setup is so easy and so quick.
16:35 And EC2 is more, you know, it's something that works for places like Netflix, which are doing amazing things, but it's, like, so large-scale.
16:44 And when you're getting started, you know, it seems like it used to be the place to start, but maybe it's not the good starting point.
16:51 Maybe it's a place to grow into.
16:52 Yeah, I think it might be something to grow into.
16:55 I just really wanted to try to cut down the complexity so that everyone felt like they could follow along in the book.
17:00 And I think that if you understand the concepts in this book, you can probably also move on and pick up the Amazon Web Services side to it.
17:10 But you're totally right in that it's confusing on some of the pricing.
17:14 And I also have heard a lot of horror stories from new developers that said, like, oh, I accidentally spun up, like, 20 servers, and I got a bill for $1,000 this month.
17:22 And I'm like, oh, no.
17:23 Like, I really, really don't want that to happen to people and have them be afraid of doing deployments.
17:27 It's like, if you get a bill for $10 a month, that should be the maximum amount that you get out of this.
17:33 Right.
17:33 It's much more predictable over in those places.
17:35 Very cool.
17:35 Exactly.
17:35 So when you're talking about locking down the servers, one thing that I thought was pretty cool that you recommend is using something called fail-to-ban.
17:43 Yeah, sure.
17:45 Yeah, so fail-to-ban is essentially just a package on Ubuntu.
17:50 I believe it's on many of the other distributions as well, which essentially sets certain parameters like time-based failed logins.
17:59 So if from a certain IP address there are failed login attempts, it will prevent any logins from that IP address for, for example, like the next 30 minutes.
18:11 So the idea would be it provides just enough, like just enough of a prevention that someone who is trying to log into that server.
18:19 Now, granted, they can't do a password-based login anyway after it's secured down, but it's just one other step of basically just locking down the server that will prevent some of those unauthorized attempts.
18:32 Right.
18:33 And while you're going through this process, you know, your machine, if it is on the internet, it is basically under attack.
18:39 Right.
18:40 And so having it sort of password login safe for a while is still something you want to consider.
18:46 Yeah.
18:47 And, you know, I think part of it, too, is just exposing readers to some of these tools and concepts that they have at their disposals.
18:55 I think that you could write, and I'm sure there are entire books written about fail-to-ban or about UFW, which is the firewall tool that we use.
19:04 But just knowing that they're there and that you've set the basic parameters up, I think is enough to get people started, but not dwell on those subjects so they can continue on and actually get the deployment done.
19:14 Right.
19:15 Yeah.
19:15 The other thing that I made a note of in this chapter when I was reading your book is UFW or uncomplicated firewall.
19:22 That thing is so easy to set up, and it's great.
19:25 Oh, I mean, I was...
19:28 I actually wrote a whole section on, like, setting up IP tables.
19:32 And then when I started doing some research, I realized in Ubuntu there is this uncomplicated firewall, and I was like, oh, wow, this does everything that I was trying to show off in IP tables.
19:43 It's so much easier.
19:44 I think it'll just simplify the deployment process.
19:47 So that's pretty much what I went with.
19:48 Yeah, absolutely.
19:49 I would say it's even uncomplicated.
19:51 It's great.
19:51 Yeah.
19:53 So then basically for the rest of the book, you said, look, you could sit down and manually type these out at the command line, but that doesn't make a lot of sense.
20:02 Like, let's make this reproducible.
20:03 And so the next thing you bring up is actually Ansible and playbooks, right?
20:07 Yeah.
20:08 So, well, there's Fabric and there's Ansible.
20:12 And so the idea is I think that going through and manually doing deployment and reading through what steps you're taking is really important for the learning process.
20:23 But obviously you're not going to do this every time you have a deployment.
20:27 So you're going to want to automate the entire process so that you can deploy as many web applications in the future as you want.
20:34 And you can modify the deployment scripts so that they're custom built for your applications.
20:39 And so every single chapter in the book, so starting with chapter two, which is the service chapter, we do the manual steps and I explain manual, like what you're doing in those manual steps.
20:49 And then I go into a sort of second section of the chapter, which is here's how we automate the manual steps that we just did with either Fabric or Ansible.
21:02 And so starting in chapter three, we have Ansible playbooks that automate everything that we're building on top of.
21:08 And actually those, all of those, that, that playbook, that Ansible playbook is actually all open source on GitHub under one of the GitHub repos that I have.
21:17 Okay. Yeah. Excellent.
21:19 We'll put that out there on the show notes as well.
21:21 Yeah. Great.
21:22 Yeah. I think you're right.
21:24 You know, it's, this is one of the things where if you've got time and you haven't deployed your, you haven't made your, your site live or whatever, it's fine to just sit there and fiddle with a server until you get it working.
21:37 But if something goes wrong, especially, you know, you'd need to rebuild the machine or move it or, or scale it out or something.
21:45 And you have got to do that under some high stress situation.
21:48 Like the website is down and there's lots of traffic doing that by hand, you know, it's just extremely stressful.
21:55 And if it's automated, you push a button a few minutes later, the life, you know, life is good again.
22:00 It's definitely recommended.
22:01 This episode is brought to you by Hired.
22:14 Hired is a two-sided curated marketplace that connects the world's knowledge workers to the best opportunities.
22:21 Each offer you receive has salary and equity presented right up front, and you can view the offers to accept or reject them before you even talk to the company.
22:30 Typically, candidates receive five or more offers in just the first week, and there are no obligations ever.
22:36 Sounds pretty awesome, doesn't it?
22:38 Well, did I mention there's a signing bonus?
22:40 Everyone who accepts a job from Hired gets a $2,000 signing bonus.
22:44 And as Talk Python listeners, it gets way sweeter.
22:49 Use the link Hired.com slash Talk Python to me, and Hired will double the signing bonus to $4,000.
22:56 Opportunity's knocking.
22:58 Visit Hired.com slash Talk Python to me and answer the call.
23:01 Yeah, absolutely.
23:13 I mean, no large scale, or even I would say for the most part, small scale website or web application really is going to do a manual deployment.
23:23 It's just so time consuming.
23:24 And the last thing you want is to make all these code changes and then all of a sudden be like, oh, it's going to take me 20 minutes to deploy all this stuff.
23:31 Man, I'll just do it tomorrow because I don't feel like doing it right now.
23:34 Right.
23:34 You get what you can get with some of those large enterprises where it's like they deploy every six months and they're down for the weekend.
23:41 Right.
23:42 Exactly.
23:43 Something insane like that, right?
23:44 Yeah.
23:45 No, you should be able to just deploy immediately as soon as you make changes.
23:48 And so that's part of what the automating each step is.
23:52 And almost, I don't really call it out like this, but it's almost like if you're playing a video game and you hit a checkpoint.
23:58 And if you mess up or die or whatever, you go back to that checkpoint.
24:03 And that's kind of how I see the automated steps at each chapter.
24:06 When you're finished with automating that chapter, you know you can always fall back to that checkpoint if you mess something up in the next chapter.
24:14 Yeah.
24:15 I think of it the same way.
24:16 So now we're getting in your sort of steps along the way.
24:20 We've got the server.
24:21 Well, the server is really set up by Linode.
24:24 But we've got the VM running in their machine.
24:26 We've got the Ansible Playbook.
24:28 Now it's time to start serving some stuff, right?
24:31 So you start with Nginx.
24:33 Yeah.
24:34 So one of the key ideas I try to drive home in the book is like if you look at the picture on deploypython.com, it's all concepts.
24:46 So a web server is just a conceptual idea of serving, of receiving and responding to HTTP requests.
24:55 But the actual implementation of these things is something that is different.
25:01 Like Nginx or the Apache web server or Microsoft has IIS.
25:06 Like these are implementations of a conceptual idea called the web server.
25:10 So each chapter actually has two pictures.
25:12 It has the conceptual idea that we are implementing and then the actual implementation of that, which is in starting in chapter four, Nginx.
25:23 So yeah, so we set up and install Nginx.
25:26 There's actually a way to do it.
25:29 I walked through.
25:29 This was one thing I went back and forth on was do I do HTTPS only, which I kind of favored.
25:34 I wrote an initial draft with just HTTPS.
25:37 We set up an SSL cert.
25:39 And the feedback from one of my reviewers was like, you know, I think that's awesome, but I really just want to get this started.
25:45 Like I just want to make sure this thing works and is serving up HTTP requests.
25:48 And so I actually have a bit of a fork in the road, which is you can do this either with just HTTP or with HTTPS.
25:56 And I do caveat that like if you're doing a web application, you really should do it over HTTPS.
26:00 Yeah, it is a little more work, but it's definitely recommended.
26:04 I was reading somewhere that Google is going to start downgrading the rank of sites that are not SSL.
26:10 So there's one more reason to run it over SSL, right?
26:14 Yeah, and I mean, in today's world, SSL connections, they used to be way slower than non-encrypted connections, but they're just a little bit slower now.
26:23 So I think that's what Google is trying to do.
26:25 It's basically saying, hey, we know your site's a little bit slower, but we're going to give you the benefit of the doubt because it is encrypted that will improve your page rank score, something like that.
26:35 That's my guess about what Google is doing there.
26:37 Yeah, I agree.
26:38 So I think Nginx is a pretty safe bet.
26:42 It seems like it's kind of been taking at least the Python world by storm the last few years.
26:46 Yeah, I mean, I've used Apache so many times in the past.
26:51 Certainly, if you're comfortable with Apache, there's no reason why you couldn't use it in this case.
26:56 It's a very solid, stable, mature platform or implementation.
27:01 I just, you know, Nginx seems to be what the Python community has.
27:05 I would say a good percentage of the Python community has said, yeah, this is something that works really well.
27:11 And we're setting it up in two different ways.
27:13 One is it's actually serving up the static content.
27:16 So things like the JavaScript files, the images, the CSS, but it's also serving as a reverse proxy to the WSGI server, the web server gateway interface, which is the Python web server that's serving up your application.
27:29 And so we actually have two configurations within our larger configuration, one to handle the regular web server requests, the static files, if you will, and then the other part, which is serving as a reverse proxy.
27:42 And I just felt like Nginx configuration for that was pretty simple and straightforward.
27:47 And I thought maybe a little bit easier than the, what can be fairly lengthy, large configuration files that come with Apache.
27:54 Yeah.
27:55 And like you said, it's, it's pretty mainstream in the Python world these days.
27:59 Very cool.
28:00 So then the next thing you, you talk about, I've got this server.
28:03 It has a web server.
28:05 It can serve things.
28:06 Let's get some things on there, right?
28:09 Yeah, absolutely.
28:09 So that, that kind of goes into the, the source code.
28:12 So we create a deploy key.
28:15 So the idea behind a deploy key is it's like a, a read only key so that you can pull down your changes to your production server, but you can't make changes in production and push them back.
28:28 It's good from a bit from a security standpoint, but that's really not the main thing.
28:33 The main thing is the, the good practice of not making changes in production that are sort of different from your development environment.
28:41 So it's a one way, pull down the source code, pull down your static files, and then you start serving that with the web server.
28:48 Right.
28:48 So production is something that you push to, not you frantically log in over SSH, nano some files and save them back and then try to get that balanced across your, your cluster or something.
29:00 Right.
29:00 Yeah.
29:01 Cause otherwise your development environment is not going to match your production environment.
29:04 And, and it's just, that's, that's, that's more headaches than most people want to deal with.
29:09 It's better just to get, pull down your changes to the production server and not go the other way.
29:14 Right.
29:15 And so you had to pick up concrete source control system.
29:18 So you used what visual source safe?
29:20 I used, oh, I see.
29:22 Oh, wow.
29:24 I was like, you must have glazed over that chapter.
29:27 Maybe, maybe Git is too common now.
29:29 I don't know.
29:30 No, I mean, Git is just totally taken over.
29:32 Right.
29:32 And you used GitHub.
29:33 It is totally taken over.
29:33 GitHub in your example, right?
29:35 Yeah.
29:35 So I used GitHub, obviously, you know, they have the free accounts.
29:38 certainly could have used Bitbucket there.
29:40 but I've used GitHub, for a long time now.
29:43 and you know, I've used many different version control systems.
29:47 I unfortunately, I, unfortunately, at one point used IBM's clear case, in my very first job, which was exceedingly painful, then went a little bit better with SVN and then came upon Git, a while back.
30:01 And I've just never, never looked back to, those other systems.
30:05 So, so that's what we use in this book.
30:07 I, I think that, Git can be conceptually a bit confusing for people that are, are new to software development, which once you kind of get the hang of it.
30:15 and also there's a ton of great resources that are out there for, for new people.
30:19 I think that's just the way to go right now.
30:21 Yeah.
30:21 I love Git too.
30:22 And I have not looked back, but it is slightly more complicated than some of the other systems to get started, I think.
30:29 But you know, it's, it's so pervasive.
30:31 Like it would make, it's definitely the right choice.
30:34 So then you wanted to set up some of the different tiers for your system, right?
30:39 So you actually set up Redis and Postgre, right?
30:41 How's that fit into the story here?
30:43 Yeah, sure.
30:45 So, the idea is, well, most web applications, including the example one I have in the appendix is, backed by a relational database.
30:54 It's just stable, you know, stable, mature technology, that kind of houses the majority of your data, or at least your transactional data.
31:02 but also, you know, I, I hesitate a little bit to call Redis like a no SQL data store.
31:09 I guess it kind of fits.
31:11 It's a key value pair store, and it's all in memory.
31:14 but I use that for some of the, like in the example application, like counting votes.
31:21 So really fast data that's coming in.
31:23 I temporarily store in memory just because you could have hundreds of thousands of votes coming in, at the same time.
31:31 So, we go ahead and set up both of those things in the sixth chapter.
31:35 And the idea is like most web applications now are using some sort of relational backend.
31:40 you know, whether that's, my SQL or Postgres or whatever, whatever have you.
31:45 those are probably the two main ones I've used both of them.
31:48 I've used Oracle.
31:49 I tend to go with Postgres now.
31:51 and then there's some sort of no SQL data store, maybe an in-memory data store like Redis.
31:56 I just find that like Redis, I set it up with every single project because it just comes in handy for session data or for just counting things.
32:05 Or if I have a query that is just really hammering the database, I'll just cache that in Redis and it just comes in handy.
32:12 As long as you remember that, like, if you reboot the server, that everything is going to get cleared out of Redis, then it's pretty safe bet that it'll come in handy on almost every project.
32:22 Yeah, I agree.
32:23 At least in that use case, I'd kind of hesitate to throw Redis into the NoSQL bucket because if you're not really saving, it's more like a cache server, distributed cache server.
32:33 But yeah, super good use, super easy to use from Python, right?
32:37 Yeah, I think conceptually the idea I was trying to get across was like, these are, this is not an either or proposition.
32:43 Like the idea that like, if you use MongoDB, you're not going to be using any other type of data store.
32:48 Like that doesn't really make sense.
32:50 Like you use the best tools that are available and sometimes you need multiple tools in order to accomplish that.
32:55 And I wanted something that was, more than just a standard relational database, to make this chapter a little bit beefier to show that like, there's, there's multiple ways that you can sort data on this, in this application.
33:06 Yeah.
33:07 Excellent.
33:07 And your example, you just set this up all on the same server, but in practice it would be other, other machines most likely.
33:13 Yeah.
33:14 And so that actually kind of brings up like a larger point, which is, I, I do make updates to the book.
33:19 I've already put out my first update based on reader feedback.
33:21 just cleaning up some typos, cleaning up some confusing sentences, those sorts of things.
33:26 But if people are like, Hey, I've done the whole deployment and I really want to separate this out into two separate virtual private servers.
33:33 that, that is a very good first step if you're trying to sort of scale up your application.
33:38 and so I may actually create a separate chapter just that walks through the process of like, okay, you have your deployment on a single server.
33:46 How would you separate out, you know, your relational database, and whatever else have you, and then connect those in a secure way to your, web server.
33:54 I think, that might make a lot of sense.
33:56 That would make a lot of sense.
33:58 I mean, putting them on separate servers and having them talk to each other, super easy.
34:02 The words in a secure way that that's where the deployment story starts.
34:07 You got to have a little more experience with the infrastructure you're working with.
34:10 Right.
34:10 Yeah.
34:11 And in an early version of the book, like I had actually two separate servers.
34:15 And what I realized was I spent so much time explaining why in this, in this chapter deploying, these databases that like, okay, well, we need to make sure that, that these connections, the connection is encrypted.
34:28 And we need to make sure that the database server can only talk to, you know, your web server.
34:34 And, you know, here's how, like, I just, I just felt like there was a bit more complexity there that I didn't want to glaze over.
34:42 Cause I didn't want to leave people thinking like, okay, I've set my server up, like my two servers up and they're, you know, they're, they're all safe and secure when in reality they weren't.
34:50 So I really felt like that was going to have to be a separate chapter in order for people to learn the, I'd say like kind of the right way to, to handle that when you're separating out to two separate servers.
35:00 This episode is brought to you by OpBeat.
35:15 OpBeat is application monitoring for developers.
35:18 It's performance monitoring, error logging, release tracking, and workflow in one simple product.
35:23 OpBeat is integrated with your code base and makes monitoring and debugging of your applications much faster and your code better.
35:29 OpBeat is free for an unlimited number of users.
35:33 And until now has only been available for Django developers, but I can announce that they are launching Flask support today to all you Talk Python listeners.
35:43 Visit OpBeat.com slash Flask to be among the first to join the Flask private beta.
35:48 Yeah.
35:57 I mean, there's been headline, various database servers that have been, you know, just left wide open.
36:04 People open the ports and had no authentication.
36:07 And guess what?
36:08 There's 600,000 instances of this particular database out there that people could just read because people made a mistake.
36:14 Oh, oops.
36:15 Did you forget to lock this down?
36:17 Exactly.
36:18 And that kind of goes to, you know, back to our point about Amazon Web Services is that, you know, a lot of people think that those, those, the ports on Amazon Web Services are secure.
36:29 And they're really not like, unless you manually secure different EC2 instances, you're actually going to open up a lot of security vulnerabilities.
36:38 Right.
36:39 Maybe you, you've got to go to your security group and set up some sort of, virtual, right.
36:45 Only these machines in the security group can talk to these others in this other security group.
36:49 But when you're new and you're just trying to get a website up, like that's not something you even know exists, but let alone, you know, let alone that you could change it and configure it.
36:57 Right.
36:57 Yeah, exactly.
36:58 I mean, there's a fine line between, I wanted to teach as many concepts as possible, but I also didn't want people to leave thinking, leave the book thinking, yeah, I know what I need to know about all these topics, but have some gaping hole in their knowledge that is actually going to come back to bite them later.
37:12 And I felt like just deploying on a single server that if you really need to scale it, you can actually, you can actually take the server and get a $20 server instead of a $10 server.
37:21 And that will perform better, just by a vertical scaling.
37:24 And that I think is probably going to be better for a lot of the readers, than, than adding additional complexity, that they don't know about.
37:31 Yeah, absolutely.
37:31 I think, you know, for the folks who this book is aimed for vertical scaling versus horizontal scaling is probably the right way to go in the beginning.
37:40 Right.
37:41 Yeah, exactly.
37:42 And the idea is like, hopefully, I, as I do in, as I try to do in my, in my job, like I inspire and equip developers to want to learn more about these subjects.
37:52 Like they feel like they have a grasp on the basics and they can take that and, and learn more themselves based on all of the resources that are out there, either in other books or on the web, whatever have you.
38:03 And they'll, but they won't get bitten in the meantime by some, you know, gaping hole in their knowledge that really kind of screws them on their initial deployment.
38:13 Okay.
38:13 So I think it's, you know, following your architectural path here, I think it's time to actually get some Python stuff running, right?
38:20 Yeah.
38:21 Yeah, finally.
38:22 And that I have to say, if I have like one major, major criticism of the book is like kind of how long it takes to get this WSGI server, up and running.
38:30 but you know, this is just kind of how these things work.
38:33 And, and, again, it's about, you know, learning as much as possible throughout the process.
38:37 So, yeah, so, you know, after we set up the databases, we, set up our dependencies in a, in a virtual end.
38:45 we install the dependencies from, PyPI and we actually get our WSGI server up and running.
38:52 Now we run the WSGI server through supervisor so that we can, you know, start and stop it and make sure that it starts up in case we move the server and that sort of thing.
39:00 But, yeah, and then we, I talked a bit about the interaction between, you know, virtual end and, supervisor and the WSGI server and the WSGI server we set up in this case is, is green unicorn.
39:11 so those, those different pieces to it, basically establish the Python component, the major Python component of the application.
39:18 Yeah.
39:20 And I think, you know, the fact that you're using virtual environments here is kind of helping people down the right path, right?
39:26 So you probably have one server and one website and you don't necessarily need a virtual environment yet, but as things grow, you maybe want to adopt it.
39:36 Right.
39:36 So just starting from the beginning, it's pretty easy to set up a virtual environment, especially with the Ansible script and so on.
39:42 Yeah, exactly.
39:43 You might as well bring it into the conversation.
39:45 And, and I didn't want to have, I mean, if you've done the other things, right, it's probably not as big of an issue, but I didn't want to have,
39:52 or have to have, Python running as a route so that you can install the dependencies into the base installation of the operating systems, Python interpreter.
40:01 So that was really what I was trying to avoid there was saying like, Hey, this is running, as a process under your deployer user or your supervisor user, whatever have you.
40:10 Right.
40:11 And in this particular setup, the, the users created the server there.
40:16 Technically they can run stuff as a route and they can do sudo and they'll be fine, but I've certainly worked with people in environments where some of the developers don't get route access to the deployment machines and the production machines.
40:29 And they'd still like to be able to, you know, configure their app or something.
40:33 And this, you know, like you said, gets around the security limitations.
40:36 So it's, it's nice in that regard.
40:38 Yeah.
40:38 I mean, it certainly gets around some of them.
40:40 I mean, if you don't have any type of route access, then you can't run a web server on port 80.
40:45 so that'd be like one thing where, it should be that the, well, my guess is, and there's obviously many different ways you could set this up, but my guess is the system admins just locked down the route, but maybe gave sudo privileges to some sort of, sub account or something.
41:00 Right.
41:01 I think that, you know, the situation I'm thinking of, it was mostly, they didn't want people modifying the machine wide Python configuration more than anything.
41:09 Right.
41:10 Yeah.
41:10 Yeah, exactly.
41:11 And you get around with that, with this, in this case.
41:13 Yeah, absolutely.
41:14 So green unicorn, why'd you pick that?
41:18 I, you know, I honestly, I've been using it for, for several years.
41:23 I think it's a fairly stable, default choice.
41:27 but I think there's a ton of other great whiskey servers out there.
41:30 and certainly if you're going the Apache route, mod, mod whiskey is, is a good route to go.
41:35 but it just, in this case, I thought the, the combination of green unicorn.
41:39 And, and, and engine X just seemed to be the one that I was most comfortable with and the most comfortable teaching other people about.
41:47 Right.
41:48 Sure.
41:48 That makes a lot of sense.
41:49 The one that I've been using is micro whiskey.
41:52 So that's, that's also been pretty good.
41:55 Yeah, absolutely.
41:56 And I've, I've read some, I've seen some of the, you know, you have to be careful about the benchmarks and stuff, but I've read some benchmarks that have said that that actually might be a faster whiskey server.
42:04 in, in many cases.
42:06 Right.
42:07 So, you know, going with the theme that not everybody is a web developer necessarily knows, maybe you want to just talk really quickly about what whiskey, the concept of whiskey itself.
42:17 Yeah, sure.
42:18 So, so that's web server gateway interface, WSGI.
42:21 And the idea is like in the late nineties, there was a something.
42:27 So Apache was the dominant web server back in the day.
42:30 And someone wrote a, module for Apache called mod Python.
42:35 And I use mod Python for a while.
42:37 It was pretty much just a execute arbitrary Python code.
42:41 And, that worked really well for a while.
42:43 There were some security vulnerabilities, discovered in it and development on a kind of languished.
42:49 So the Python community came together and created, a Python enhancement proposal of pep, PEP three, three, three, three, which created the whiskey standard.
42:58 And, then there was a superseding one, which is PEP three, three, three, three.
43:05 That's four threes.
43:06 And that one just really was a simple update to say, like, we're, we're expanding this to include Python three.
43:13 But the idea behind it is, and, and, and I have a kind of have a, some more background knowledge on this with the application dependencies page on, on full stack Python.
43:25 But, the idea was like, there needs to be a standard, super simple way for a web, web application server, like, you know, cherry pie or mod whiskey or, green unicorn to execute, a web application.
43:42 and so if you're using Django flask or bottle, one of these frameworks, they implement the application side of the whiskey standard, whereas your whiskey server implements the server side.
43:53 And so there's a simple hook between, the server and the application in order to get that, up and running, so that you can deploy this in a standard way and you can mix and match different frameworks and servers that provides the interoperability, between, the whiskey servers and the whiskey applications.
44:09 Yeah.
44:10 That's, that's awesome.
44:11 I mean, it basically means that we could switch between micro whiskey and green unicorn and it wouldn't be that big of a deal, right?
44:18 Yeah, exactly.
44:20 So if you're more comfortable with a different whiskey server, you know, by all means, you could use the exact same setup, but switch out the whiskey server and, and use the one you're most comfortable with.
44:29 So we've got our app running.
44:31 We've got our reverse proxy from Nginx over to green unicorn.
44:36 Everything seems to be good, but now you want to start pushing changes to your production servers and you want to make sure that stuff is not broken before you do that.
44:46 So that brings us to continuous integration.
44:48 Yeah, sure.
44:49 and the, the only other quick thing I wanted to add was we do add a task queue as well in there.
44:54 task queues are for asynchronous data processing outside the HTTP request response cycle.
44:59 So the idea here is like, that's such a common thing that people want to deploy.
45:03 I just added celery as a part of our application deployment.
45:07 just so that people would be comfortable with adding that.
45:09 I feel like that's something that is often left out of deployment tutorials that I thought really needs to be included in the book.
45:15 Yeah, I think that's a good point.
45:17 And, you know, some, some variation of an asynchronous queue can add so much scalability to your app in a really easy way, right?
45:24 Yeah, exactly.
45:26 It's like, oh, this, this, you know, this database query is taking too long, when someone hits the server.
45:32 Well, just put it in an async task task queue and process it, you know, every 15 minutes or something like that.
45:37 If the data doesn't change that often.
45:39 and that way you're getting, pretty much scalability by the design of your application and the deployment rather than, you know, having to get a bigger beefier server in order to somehow process that up, that database query even faster.
45:52 Yeah, yeah, definitely.
45:54 Okay.
45:54 Continuous integration.
45:56 Yeah.
45:56 So the idea here is, again, many of the tutorials that I saw, like continuous integration was like this completely separate setup from doing a deployment.
46:04 And so I thought, well, you know, this is really core to how applications are deployed.
46:08 so we take the Ansible configurations, I'm sorry, the Ansible playbooks that we've created throughout the book.
46:14 And we set up Jenkins as the implementation of a continuous integration server.
46:19 We do it on a separate virtual private server.
46:21 So technically, if you do the whole setup, it's $20 a month because you have two separate servers.
46:27 but then we set up the whole configuration where when you push changes from your local development environment to GitHub, it has a service hook, or what's really, standardly called.
46:38 most commonly called a web hook, web hook notifies Jenkins that, Hey, there's been some changes.
46:45 So Jenkins pulls down the code, make sure that everything is working.
46:50 And this is the part where you could put in your hook for like unit tests and integration tests, and fail the build if those don't work.
46:56 and then if everything is good, we deploy the code to the, the, the actual server, the production server.
47:03 And, then you get a handy little text message that says your application deployment is complete.
47:09 So oftentimes we have these really long running deployments.
47:12 Maybe they take 10 or 15 minutes to pull all the code and do the whole deployment and everything.
47:16 so maybe you want to step away from your, from your, server, I'm sorry, your, your computer go, you know, go, go grab a coffee or a beer or something like that.
47:26 But then when it's all done, then you get a text message to your phone and it says, Hey, this is, this is all complete.
47:32 Very cool.
47:33 And of course, Twilio is the backend for the text message, right?
47:36 Yeah.
47:37 So, I mean, I, I really love, using Ansible.
47:39 And, so I just, just kind of playing around with, some of the modules and stuff like that.
47:44 So, so the Twilio modules like in, it's, it's a part of the standard, Ansible, if you do like a pip install Ansible, so you can just do, use the, use Twilio service with your credentials to send a text message.
47:57 so I actually wrote that, like a year, year and a half ago.
48:01 Yeah.
48:01 That's really cool.
48:02 Yeah.
48:03 It's kind of under the notifications package.
48:05 you could also do like, for example, I don't do this in the book, but you could do like an email or something like that, when the deployment's done.
48:12 So there's all different types of notifications.
48:14 you can do a notification to Slack, super easy to add that in instead of the Twilio notification.
48:19 But, I'm kind of partial to getting a text message because I like to walk away from my computer and the deployment is working for me.
48:25 Yeah.
48:25 Yeah.
48:25 No kidding.
48:26 Let something else stick around and be tied to the desk.
48:30 So one thing I did want to do is I want to give a shout out to one of my sponsors, CodeChip, because, you know, Jenkins is, is a cool Java app install and you sort of configure yourself and CodeChip is kind of, you know, CI as a service.
48:42 So check them out if, if you're not wanting to set up something.
48:45 Yeah, no doubt.
48:46 I've had some bunch of friends who've had good, good experiences with CodeChip.
48:50 So, yeah, awesome.
48:51 So that, that was kind of the end of the book in its current form and you had some, Hey, you might want to consider these other things sort of right at the end there.
49:02 And so you had one section on deployment enhancements, which we've talked about a few, we've sort of touched on them and others on performance.
49:10 So one of the first one you said was sort of having a QA environment.
49:14 Yeah.
49:15 That might be a good idea.
49:16 So, yeah.
49:18 So, you know, I, I glaze over this maybe a little bit, and, and maybe it deserves, you know, a lot more, a lot more thought and maybe a future version.
49:27 But the idea here is like in, in the majority of companies, you have a test environment where, someone can go in and make sure that the latest, features that you've, that you, the developers have built, are working or that it just, runs, for example, like Selenium tests or something like that.
49:45 Now you could do that on the continuous integration server, but the idea here is like, instead of deploying to your production environment, which if it's not, you know, you don't have a good code coverage or, wide enough code coverage could actually break the deployment.
49:57 You deploy to a server where you take a look at everything and you say, okay, this is good.
50:02 Let's go ahead, push the button and hit this, put this into production.
50:05 yeah.
50:07 So that's, you know, a possibility.
50:08 certainly that's a very standard, setup for, you know, having test servers.
50:13 Yeah, definitely.
50:14 Definitely a good idea.
50:15 If it's a big problem when you push out a bad build related to that is, having the ability to roll back a deployment.
50:24 Yeah.
50:24 I mean, so most deployments now, a mature deployment is going to have some way where if it's, if it turns out, cause a lot of times you have production data that is different from your test data, especially if that's, you know, personally identifiable information.
50:36 So that was many times as I did some government consulting, or maybe you have HIPAA compliance in the healthcare industry, something like that.
50:43 I certainly don't, I certainly recommend that if you, you don't just read this book and do your HIPAA compliant deployment or something like that.
50:50 I think this is really a learning book.
50:52 but the idea here, behind, behind code rollbacks would be, the deployment doesn't, goes wrong, goes bad.
51:00 it's going 502 HTTP errors, maybe the whiskey servers having some issues.
51:05 and so the idea is like, you just roll back to the previous version without having, to manually log into the application and all that stuff.
51:14 What, what are the moving parts you had in mind for that?
51:17 so, so part of it is just going, you could go back to a different, get tag.
51:23 So what often happens every time you do a build on Jenkins, you, you actually tag the code.
51:28 so you could, you could do that, in that case.
51:32 And then you would go back to a previous tag, which points to a previous commit.
51:36 the, the complication there really comes in with the database, schema.
51:41 So if you've migrated the database schema, you also need to add in a hook where you can, roll back the migration.
51:48 So there's a bunch of different steps that are involved in there.
51:51 and this kind of brings up the larger point, which is like, I added this chapter because I wanted to know from readers, what would they find most useful?
51:59 Like, what are the problems that they're encountering?
52:00 Because I think these are all very valid things, but, maybe some of them are more important to readers than others.
52:06 Yeah, definitely.
52:07 One other one in that area that I thought was interesting was deploying through a system package instead of version control.
52:14 Yeah.
52:15 So in this case, you could install, you could install your application by, bundling it in like a, you know, Debian package or some, some people use a red hat.
52:27 and so red hat has RPMs.
52:29 the idea here is like, you're not using source control in order to do your deployment.
52:34 And there are many advantages to doing that, but that's, I would, I would argue that's a little bit more of an advanced deployment topic.
52:41 And something that, has more complexity than I wanted to introduce the reader to at this point, in the book.
52:50 I was really trying to make sure that this was a learning process that didn't lose people along the way.
52:55 Right.
52:55 Absolutely.
52:56 It is a cool idea.
52:57 You know, in show 23 with, Eli Ribble and Authentize, those guys were using pip for all their deployments, which along with get tags was really an interesting way of doing it.
53:10 Basically they'd pip install their app and it would suck down all of their internal libraries to a private PI PI server.
53:16 Yeah, that's totally, totally a legitimate way to do it.
53:19 And in many environments, like the security folks are going to say, Hey, you actually cannot install from, from public PI PI or something like that.
53:26 Cause they're worried about, breaches that could, could occur through those things.
53:29 I think the main thing is just that every company has to decide what's going to work for them so they can get stuff done and reevaluate that on an ongoing basis.
53:38 Because what I often see with deployments as I go, as I used to go into consulting clients was they decided 10 years ago how they were going to deploy their applications and never reevaluated that.
53:48 And that's where you really encounter some, some pains, because they're not up to date with the latest practices and whatnot.
53:55 Yeah.
53:56 There's some pretty egregious stuff out there that people just stick with because, well, that's how we've been doing it.
54:01 Right.
54:01 Exactly.
54:02 That's kind of what your book is meant to be solving, isn't it?
54:05 To some degree.
54:06 Yeah.
54:07 I, I mean, I think that this is all going to continue to evolve.
54:11 I wouldn't say that, you know, this is, you know, the definitive way that everyone should do their deployments.
54:15 But I really do think that if you've never touched a deployment before, like this is, I, I, I feel pretty good that this is going to be a great resource for, for people that are in that situation.
54:26 I'll learn a ton from it.
54:27 Yeah, absolutely.
54:28 So one thing that I suspect you thought of, but it's not necessarily in the book, and this is not a criticism, I agree with it, is containers or are containers.
54:37 And Docker.
54:38 Yeah, totally.
54:39 Well, my hope is, is that I can actually get, one of my, one of my good friends, Andrew Baker, who was one of the reviewers of the book to write a chapter on Docker.
54:48 He, he actually did the O'Reilly video for Docker, sort of introduction to Docker and knows a ton in that area.
54:55 So I am not as familiar with containers as, so far has not been something that, I've spent a lot of time with.
55:01 so I didn't want to leave the reader in the wrong direction, but I certainly think that that is, a possibility for, for doing deployments and may simplify the process a lot.
55:10 Yeah, I think it would.
55:11 I mean, it doesn't negate all the knowledge in your book.
55:15 You still need to know how to set up green unicorn.
55:17 You still need to know how to set up NGINX.
55:19 It just happens to be, you might do that in a container, right?
55:22 Sure.
55:22 But still the knowledge is, is it's totally builds on what you did.
55:26 So that makes a lot of sense.
55:27 And the last thing that you talked about were sort of performance improvements, right?
55:31 So you talked about putting this all on one machine, no load balancing, like at a $10 server.
55:38 And then, you know, that's good for like six months until the traffic spikes.
55:41 And then, then what?
55:42 Right.
55:43 Yeah.
55:44 I mean, it totally depends on your application.
55:45 I mean, if you, you know, if you're doing everything with Redis on the backend, then you could actually scale this to like a very large number of requests per second.
55:55 but there are, very clear ways in which you can offload processing, and for example, serving statics assets from a content delivery network.
56:07 That is a super easy win.
56:09 If you have a bunch of images in your application and instead of serving it from your Nginx server, you're going to be serving them up from Akamai or, you know, Amazon CloudFront, something like that.
56:20 you can also have multiple web servers that are connected to a single database backend and have load balancers, between them.
56:27 that again, all of these things add some complexity, some more than others to the deployment process and are totally valid ways to improve performance.
56:37 but it's going to depend on your application.
56:39 And I think that's where more of the nuance, like going from after reading this book, you're kind of a beginner deploy, beginner knowledge level and deployment.
56:47 to go to the intermediate level, you really have to look at your specific application and say, okay, where are the bottlenecks?
56:54 And that's where you change your deployment process to match.
56:56 Right.
56:57 It doesn't make sense to just go, I'm going to scale the heck out of this thing.
56:59 And you're adding complexity that you might not need to be adding.
57:03 Right.
57:03 Yeah, exactly.
57:04 Yeah.
57:05 The other, thing we could swap in here instead of improving performance is maybe improving durability because a lot of the horizontal scale will also get you that right.
57:16 If a machine fails, you could take it out of the load balancer or you've got to reboot one, something like that.
57:20 Right.
57:21 Yeah.
57:22 I mean, that's, yeah, you could absolutely have like a database replication server where, that's a read only server.
57:28 So maybe you read from the read only server and you have a write only database server.
57:32 there's all sorts of ways you can improve the durability here.
57:35 you know, if you, if that's top of mind for your application.
57:39 So you want to talk a little bit about what you got going on at, Twilio before we wrap things up?
57:45 Yeah, absolutely.
57:47 So, first, what, what is Twilio?
57:50 Sure.
57:50 So, so Twilio, Twilio is a, it's a cloud communications platform, which might sound a little bit buzzwordy if you're a developer.
57:58 but really the idea is we provide a web API, that I like to think of as an abstraction layer upon the telecommunications industry.
58:06 but more broadly than that, as we expand out.
58:10 So we started out with voice calling.
58:13 we later added a few years later, SMS, we've added a multimedia message.
58:19 So it's like text messaging, but also, you know, sound clips, movie, clips, pictures via text message, through a standard MMS, protocol.
58:31 over domestic carriers in the United States and Canada.
58:35 and then now we've expanded it.
58:38 We have a beta product for video, which is just pretty much the coolest thing that I have ever played with.
58:43 building a video application, over, it's, it's abstracted over, WebRTC, but we expose all the, all the underlying things, but you can build a video application in like five minutes.
58:54 And it's like my favorite thing to play with lately.
58:56 but we also do, we also have a beta product for IP messaging.
59:00 we've introduced a lot of these things lately.
59:03 And the idea is if you're, you are a developer and you are adding some type of communications to your, to your application, whether that's a mobile or web application, then, you should think about using.
59:13 And, and take a look at Twilio.
59:14 and that kind of gets into what I do for Twilio, which is, my title is developer evangelist.
59:21 some companies call that like a developer advocate or developer relations.
59:25 the idea is like all of my work for the most part is open source.
59:30 So I'm helping the community be able to implement, not, not only implement Twilio, in their applications, but also just, being active and involved in.
59:43 The communities that I, I, most enjoy being a part of.
59:48 And obviously first and foremost, that's the Python community.
59:50 It's been my community for, for years now.
59:53 I have so many great friends in the Python community.
59:55 I'm really, really proud of just the direction that the community is going in.
01:00:00 I think we've got some incredible leaders, putting us in the right direction for things like PyCon and, just the general community.
01:00:07 Yeah.
01:00:07 And I think that growth and positive energy is accelerating if anything.
01:00:11 So very, it's a very, it's very great time to be part of it.
01:00:15 Yeah.
01:00:15 So, you know, that's kind of my primary community.
01:00:17 I've also been doing a bunch of Swift development.
01:00:19 I like iOS.
01:00:21 I just bought the Apple watch, which is pretty cool.
01:00:23 So I'm starting to dabble in that area.
01:00:25 but really like those are my, my core communities.
01:00:29 And, so like I got last night, I was at a Swift meetup tonight.
01:00:32 I'll be at San Francisco Python.
01:00:33 but the idea is like as a developer vandalism out in the community, and I'm really just helping my fellow developers.
01:00:39 Like I would be doing that anyway.
01:00:40 the great part is if they are building an application and they want to know how to send a text message or they want to add two-factor authentication, or they want to add voice calling or video in the future.
01:00:50 Like I can help them do that and I can help them really quickly.
01:00:53 And hopefully, they've already met me or they've met one of my colleagues.
01:00:57 And therefore, it's super easy to shoot me an email or call me up on the phone and I can help them out and they can start, using Twilio.
01:01:03 Yeah, that's awesome.
01:01:05 It's great to have you as a resource for that.
01:01:07 So obviously Twilio is all about having Python developers, you know, pip install your guys' APIs and work with them.
01:01:16 Are you using it internally or using Python internally?
01:01:19 Yeah, absolutely.
01:01:21 So, there's a project called Flask RESTful, which is pretty common for creating, RESTful APIs with Flask.
01:01:28 so that actually is what runs our, web API itself, like the endpoints themselves.
01:01:34 We actually open source that project.
01:01:36 it's now in its own separate, organization on GitHub.
01:01:39 but that was created by some folks at, at Twilio.
01:01:42 And so we, we open source that for the community.
01:01:44 so we do use quite a bit of Python internally.
01:01:47 we also use, JVM languages like Scala and Java.
01:01:52 we still some, have some PHP on the backend, which, some people are a little bit, you know, skittish to admit, but, PHP is still a totally valid language.
01:02:00 and then, you know, we have some iOS and Android developers who work on, on some of our mobile stuff.
01:02:05 So we've got, we have a, a, a lot of languages in the mix at Twilio.
01:02:09 What does the deployment look like for your API finance relative to your book?
01:02:16 Sure.
01:02:17 Yeah.
01:02:18 So, really the big difference and kind of goes back to what we were talking about earlier is we actually are completely deployed on Amazon web services.
01:02:25 And so we have, for the most part, an immutable architecture, which means that once you spin up a server on Amazon web services, you don't modify that server in flight.
01:02:35 We spin up new servers with new configurations and backfill and spin down the servers that are old.
01:02:41 so we don't have people going in and modifying, servers that are already operational.
01:02:47 that helps with complexity.
01:02:49 it also helps that, you know, when you have thousands or however many servers we have out there on Amazon web services now, you cannot go and manually configure those services.
01:03:00 So, certainly many of the, principles that are taught on this book, like, especially around web server configuration are completely valid, for how we run our operations.
01:03:10 but they're at a very, very large scale, considering the number of, of API calls that we, we have, in every single hour of every single day.
01:03:21 Yeah.
01:03:22 That's really awesome.
01:03:22 I think, you know, that's the right use case for EC2, right?
01:03:25 When you get to that scale and you need that much fine grain programmability to the API to actually create and provision machines and all that kind of stuff.
01:03:33 Right.
01:03:34 Yeah, exactly.
01:03:35 But it means that also that like the knowledge you learn from doing deployments here is completely valid for doing deployments in a much larger environment.
01:03:44 It's just that, those tend to be, those deployments that we do at Twilio are, you know, they've been honed and enhanced and, and in some ways, you know, increased in complexity over the past seven years, the, the life cycle of the company.
01:03:58 So, you know, there's, these things don't suddenly get created overnight.
01:04:02 you grow into those sorts of things.
01:04:04 Absolutely.
01:04:04 Absolutely.
01:04:05 Yeah.
01:04:05 I don't know if you listened to the Netflix episode, but they talked about what they're doing in EC2 there and they have so many different configurations and so on that they've actually set up scikit learn and machine learning to understand if there's a deployment problem.
01:04:21 That, I mean, it's amazing.
01:04:22 I have a really great friend at Netflix, and he, actually spoke at, Twilio signal conference, this past year.
01:04:30 And, he, he talked a lot about all the tools at their disposal.
01:04:33 I think what they do where they open source, a lot of their tools is absolutely incredible.
01:04:37 and, they use a, just a huge number of, AMIs, which are like the Amazon machine images, in order to pretty much a snapshot, what they want to deploy.
01:04:50 so they're like sort of, they were one of, I think probably one of the first to really take advantage of the free AMI snapshots.
01:04:57 And now they're, you know, using that at scale and obviously using machine learning and, they're on the forefront of all this stuff.
01:05:03 It's, it's amazing what they're, what they're working on.
01:05:05 Yeah.
01:05:06 If, if your book introduces people to the beginning steps, that's the opposite end of the spectrum, isn't it?
01:05:12 Yeah, sure.
01:05:13 And I mean, I think my hope is, is that, if you read this book and you're really excited about this deployment, these deployment concepts, because deployments used to be like a system administrator going in and punching a bunch of keys and, you know, manually installing things.
01:05:28 Like, yes, you should understand some of that stuff.
01:05:31 So you can get like a foundational layer for doing deployments and, and setting up servers.
01:05:34 But really, deploying at scale is programming.
01:05:38 Like when you are automating a deployment, you are programming in the same way as building an application.
01:05:43 And so, what Netflix and, and what we're doing at Twilio, a huge part of the deployment process is just programming the deployment process and automating everything that's out there.
01:05:54 Very interesting.
01:05:56 Thanks for sharing that look inside Twilio.
01:05:57 That's cool.
01:05:58 Two questions before I let you out of here.
01:06:01 Sure.
01:06:03 what's your favorite editor?
01:06:04 If you're going to write some Python code, what do you open up?
01:06:06 I use Vim for pretty much everything.
01:06:09 I use Xcode for writing Swift, just because that's like the default, that you go to, but I've been using them for a long time.
01:06:16 And, that is my, my go-to my, Vim as you probably can tell, but if you ever go to the Vim page on full stack Python, it's a, a lot more, meaningful information than the Emacs page, which was a community contributed.
01:06:29 Cause I, I don't know if I've ever actually opened up Emacs before.
01:06:33 Nothing, nothing against it.
01:06:35 I just, I stuck with Vim for a long time.
01:06:37 Yeah.
01:06:37 That's funny.
01:06:37 And I can imagine you wouldn't want to do storyboards in iOS.
01:06:41 No, I don't, I don't want to figure out how to, how to write, you know, iOS applications.
01:06:47 I don't know.
01:06:48 Yeah.
01:06:48 That definitely requires an ID.
01:06:49 All right.
01:06:50 Other one is your favorite PI PI package that maybe people don't know about it.
01:06:54 You want to raise the awareness of.
01:06:55 Okay.
01:06:56 So I'll, I'll go with two of them.
01:06:57 one is like a little bit more self-promoting.
01:07:00 My favorite one that I wrote is called underwear.
01:07:02 And the idea behind underwear was I wrote this project over like five or six weeks.
01:07:07 And it's like, I thought, why don't we have, when you're working in Django, like a Python
01:07:12 managed out by deploy, like, and that just deploys your entire application to a, like a
01:07:18 virtual private server.
01:07:19 And what it does is it uses Ansible programmatically under the covers, to handle the entire
01:07:24 deployment for you.
01:07:25 so if you use like pip install underwear and you add it to your installed packages, you
01:07:31 suddenly get new managed out by commands.
01:07:34 and one of them is deploy and you just pointed at a server and boom, your application
01:07:38 is like up and running.
01:07:38 I haven't worked on it all that much lately.
01:07:40 but it's kind of magical when you get the configuration, right?
01:07:43 And you're just like, wow, I just deployed through the Python managed out by, commands.
01:07:49 So underwear is that one that's all open source under MIT license.
01:07:53 That's really cool.
01:07:54 And the fact that you've got that name for it is, is awesome.
01:07:57 yeah.
01:07:58 Well, I mean, the meaning behind the name was basically like, this is how you could start
01:08:02 doing your deployments.
01:08:03 if you want to, and then you can change your deployment process later.
01:08:07 and no one will know it's like changing their underwear and like no one sees your underwear.
01:08:12 So like, they don't really care how that goes.
01:08:13 So I don't know.
01:08:14 That was the gist behind it.
01:08:15 That's funny.
01:08:16 I thought, and it was, and it was actually, it's really funny when people are like, Oh,
01:08:20 like I, I was at Django con one time and someone was like, Oh, you're the underwear
01:08:24 guy.
01:08:24 And my colleague was like, I'm sorry.
01:08:26 Like what, what did that person just say?
01:08:29 And I was like, Oh, I wrote the underwear package.
01:08:31 Like that's what they mean.
01:08:33 I'm not an underwear model or something like that.
01:08:36 so that, but other than that, I mean, you know, it's, I actually really like
01:08:42 the, especially when I was doing consulting, I mean, saving time through, like the,
01:08:49 Excel, the Excel, like read and write packages.
01:08:53 and so it's been a little while since I've used them in the past, but like, if you need
01:08:58 to read from or write to Excel spreadsheets, which, is shockingly the system of choice
01:09:05 for the vast majority of corporate America.
01:09:07 like if you were trying to create a web application that automates what is happening
01:09:11 in Excel spreadsheet, like these packages, so it's like Excel, RD, and Excel.
01:09:19 W I believe something like that.
01:09:20 these packages on PyPI are like so much time savers.
01:09:25 Like I just, I don't know.
01:09:27 Every time I've used them, I've been like, thank goodness.
01:09:29 Like if I had to create this all from scratch myself, I never would have gotten this project
01:09:33 done.
01:09:34 I think you're right about how much of corporate America enterprise space runs on, on Excel.
01:09:41 It's crazy.
01:09:42 Yeah.
01:09:44 I mean, companies have entire names for like one company I work for called them,
01:09:48 EUCs.
01:09:49 And they kept throwing around the EUCs acronym.
01:09:52 And I'm like, finally, I'm like, what is an EUC?
01:09:53 And they're like end user computing basically means the end user created the computing system
01:09:59 on which they are doing all their processing on, which is, Excel.
01:10:04 Yeah.
01:10:05 That's pretty much what it means.
01:10:06 Those are, those are some good ones to know about.
01:10:09 Thanks.
01:10:09 Matt, this has been super interesting.
01:10:12 And I think for those listeners out there who are not day to day doing deployments, this is a really
01:10:19 helpful book.
01:10:20 Do you want to just tell people how they can get your book and things like that?
01:10:24 Yeah, sure.
01:10:24 so one way would be to just go to deploy python.com.
01:10:28 and then that has a link to buy the book on gumroad.
01:10:32 if you want to go to gumroad directly, it's a gumroad.com forward slash L forward slash Python dash
01:10:39 deployments.
01:10:39 And I actually created a promo code for anyone who is listening.
01:10:42 It's, talk Python to me, with all dashes.
01:10:47 We'll make sure that's included as part of the, the references.
01:10:49 but anyone can use that for 15% off the book.
01:10:52 and, and also I'm, you know, I'm happy to answer questions about it.
01:10:57 And, you know, if people pick it up and they realize like, this isn't the book for them,
01:11:01 I try to be as clear as possible on the audience, but if you pick up the book and it's not great
01:11:04 for you, happy to give you a refund on it.
01:11:06 But, I just really enjoyed creating the book and hearing from readers and continuing
01:11:10 to approve it along the way.
01:11:12 Yeah, that's awesome.
01:11:13 Thanks for writing it.
01:11:15 It's a really good book.
01:11:16 I, I recommend readers go to deploy python.com, go to the bottom of the page, look at that architecture
01:11:21 picture.
01:11:22 And if, you know, knowing how all those pieces get created, wired together and set up in a
01:11:27 repeatable way is helpful, you know, check out the book.
01:11:29 It's all about that.
01:11:31 Cool.
01:11:31 Thank you very much, Michael.
01:11:32 This has been great.
01:11:33 Yeah.
01:11:34 Thanks for being on the show, Matt.
01:11:35 Talk to you later.
01:11:35 This has been another episode of talk Python to me.
01:11:40 Today's guest was Matthew McKay.
01:11:42 And this episode has been sponsored by hired and opt beat.
01:11:45 Thank you both for supporting the show.
01:11:47 Hired wants to help you find your next big thing.
01:11:50 Visit hire.com slash talk Python to me to get five or more offers with salary and equity presented
01:11:55 right up front and a special listener signing bonus of $4,000.
01:11:59 Opt beat is the mission control center for your Python web application.
01:12:03 Keep an eye on errors, performance, profiling, and more in your Django.
01:12:07 And now starting today, Flask web applications.
01:12:11 You can find the links from today's show at talkpython.fm/episodes slash show slash 26.
01:12:17 Be sure to subscribe to the show.
01:12:20 Open your favorite podcatcher and search for Python.
01:12:22 We should be right at the top.
01:12:24 You can also find the iTunes and direct RSS feeds in the footer of the website.
01:12:27 Our theme music is developers, developers, developers by Corey Smith, who goes by Smix.
01:12:33 You can hear the entire song at talkpython.fm.
01:12:37 This is your host, Michael Kennedy.
01:12:38 Thanks for listening.
01:12:39 Smix, take us out of here.
01:12:41 Smix, take us out of here.
01:12:41 Smix, take us out of here.