Asko Soukka: Deploying Plone and Volto, the Hard Way
Talk at Plone Conference 2020
Here are the slides.
How about building Plone without buildout? Running Plone on Python 3 without WSGI? Deploying Plone and Volto with containers without Docker? Building all this in re-usable and safe manner in sandbox with restricted network access with Nix? Welcome to hear about our hipster setup where we lock, build and configure Plone deployments with Nix, insist to keep ZServer running on Python 3 for the love's sake, build software deployments into standalone tarball archives, and run them with Nomad – the simple on-premises-friendly alternative for K8S.
- The easy, documented way: buildout, WSGI, Docker (if you need containers), Registry.
- Our way: pip, TxZServer, Nomad, Nix
When you use a container infrastructure, you have multiple containers for running a Plone site, for example zeo clients, zeo servers, load balancer. Nomad helps there, and is much simpler than Kubernetes. We have one job file to rule them all: task groups, instance count, update policy, server resources, volumen mounts, tasks, consul services, vault secrets, environment variables, exec artifacts.
Nomad has "isolated fork / exec driver". No docker image needed. We have a Nix-built artifact, a tarball that we extract in the root of the container.
With Nix, you get 100 percent reproducible artifacts. Production equals development. You have a full dependency graph. The result is a standalone tarball, perhaps 100 MB. Disadvantage is that there are no conventions, no metadata, no shared layers, no documentation. It needs learning and practice. Well, some documentation now: https://nixos.org and https://nix.dev, partially made by people that were using Plone previously.
Some ugly parts from Nix:
- Every language has their own Nix-conventions
- dependency generator ecosystem is comples
- cyclic dependencies are not supported
- no storage device is big enough for /nix/store
Our (legacy) approach for Plone 5.2.1 without Buildout and with pip:
- generated requirements.txt with buildout
- create Python env with pip and nix
- use pip-branch of z3c.autoinclude
- disabled <includeDependencies />
- generate instance skeleton with nix
- forked plone.recipe.zope2instance
Plone 6 without Buildout should be pip-installable out of the box, but that is hear-say.
We use TxZServer in production, so ZServer using Twisted.