Deployment and configuration of complex python application scheme

Question

Challenge

Our fresh application uses several services:

• custom build postgresql,
• redis,
• celery,
• rabbitmq,
• haproxy,
• nginx,
• uwsgi,
• about 4 our internal processes (mostly python),
• AngularJS webaplication,

I will ship it in SaS model, this mean that all of those services will be hosted in our cloud (for now in AWS, later openstack). Each customer will get own instance. Installations will depend on customer needs/scale - in some cases all services will run on single VM, in some there will be multiple VM per service. The services configuration depends on customer (like additional features). I wish there is a simple way to create "demo" instances - just to let a future customer play with our application.

Requirements

I look for a solution that will help me:

• setup one or a bunch of virtual machines (aws, openstack),
• configure them with common rules,
• build our software from git master branch (run grunt for webaplication, twitter.pants for python),
• deploy services on them,
• expand an installation (add more VM with selected services),
• after some time upgrade services to selected version,

Proposed solution

I have seen vargrant which looks nice but it's for development not for production. I have seen docker which is even nicer but I'm not sure if it will be enough elastic to support different configuration of containers per customer. Anyway I still would need a tool to create those containers...

I proposed to use ansible as a tool to create a VMs, configure common parts and then deploy services on hosts. I would keep separate inventories per customer/instance. Ansible inventory groups would allow to install all roles(services) on one VM or have it on separate VM. I believe it would also help us with upgrading services.

Questions

Some questions I have:

1. Any problems you see in my setup?
2. In what situation ansible could be not enough, so I wish to have something like docker?
3. How to keep track on separate instances? If I change a playbook in ansible, how to be sure it has been run on every host in each instance?
4. Is there a chance to automate of create firewall rules for each VM based on roles and ansible inventory?
5. Any other advice?

I really appreciate all the feedback in advance.

Answer 1

I'll take a stab at some of your questions however it's a lot more helpful if you can narrow down your questions.

Any problems you see in my setup?

No looks good, but it really depends on what you are application is doing and where the bottlenecks might potentially be.

In what situation Ansible could be not enough, so I wish to have something like docker?

Ansible should be fine to do all your automation even if you are using Docker. I haven't used Docker that much but Docker is essentially a wrapper around lxc and Ansible allows you to run commands on either a full linux machine or an lxc container.

How to keep track on separate instances? If I change a playbook in ansible, how to be sure it has been run on every host in each instance?

Everytime you change your Ansible playbooks you will essentially will have to update your Docker container if you are using Docker. Then from Docker you can use push your changes. If you are not using Docker you will have to re run your Ansible playbooks on all the affected servers every time you change them. You may want to consider staggering the running of your playbooks. You could either run these playbooks locally on each of the servers or remotely from a client workstation. Keep in mind that if you have a lot of nodes running from a single client workstation may not be feasible because of network and CPU constraints from your client.

Is there a chance to automate of create firewall rules for each VM based on roles and ansible inventory?

Yes. If you are using Ansible you can use templates to say configure iptables on each of the VMs.