My organization's website is a Django app running on front end web servers + a few background processing servers in AWS.
We're currently using Ansible for both :
- system configuration (from a bare OS image)
- frequent manually-triggered code deployments.
The same Ansible playbook is able to provide either a local Vagrant dev VM or a production EC2 instance from scratch.
We now want to implement autoscaling in EC2, and that requires some changes towards a "treat servers as cattle, not pets" philosophy.
The first prerequisite was to move from a statically managed Ansible inventory to a dynamic, EC2 API-based one, done.
The next big question is how to deploy in this new world where throwaway instances come up & down in the middle of the night. The options I can think of are :
- Bake a new fully-deployed AMI for each deploy, create a new AS Launch config and update the AS group with that. Sounds very, very cumbersome, but also very reliable because of the clean slate approach, and will ensure that any system changes the code requires will be here. Also, no additional steps needed on instance bootup, up & running more quickly.
- Use a base AMI that doesn't change very often, automatically get the latest app code from git upon bootup, start the web server. Once it up just does manual deploys as needed, like before. But what if the new code depends on a change in the system config (new package, permissions, etc)? Looks like you have to start taking care of dependencies between code versions and system/AMI versions, whereas the "just do a full ansible run" approach was more integrated and more reliable. Is it more than just a potential headache in practice?
- Use Docker? I have a strong hunch it can be useful, but I'm not sure yet how it would fit our picture. We're a relatively self-contained Django front-end app with just RabbitMQ + Memcache as services, which we're never going to run on the same host anyway. So what benefits are there in building a Docker image using Ansible that contains system packages + latest code, rather than having Ansible just do it directly on an EC2 instance?
How do you do it? Any insights / best practices?