Skip to content

Instantly share code, notes, and snippets.

@gannebamm

gannebamm/proposal.md

Last active March 25, 2019 09:35
Show Gist options
  • Save gannebamm/4361fc2258caed9b1a641980afdde807 to your computer and use it in GitHub Desktop.
Save gannebamm/4361fc2258caed9b1a641980afdde807 to your computer and use it in GitHub Desktop.
Download ZIP
updated [GNIP] Support production-grade deployement using Docker
Raw
proposal.md

Overview

The basic proposal is already mentioned in #3707. This is an updated aproach to the same idea: officially support a production-grade deployment method using Docker. By production-grade, it is meant a deployment solution that satisfies basic needs in terms of performance and security.

Rationale

  1. There's currently no clear deployment method supported for production (there's an entry about that in the doc, but it's incomplete and very hard to follow) which results on a lot of very poorly secured installations
  2. Docker works on all major platforms (Windows, Linux, Mac OS X)
  3. It's very easy to use (basically, start the whole stack in 1 command line, almost identical on any system)
  4. It's very easy to make new releases (basically one git tag)
  5. Similar setup for dev and production
  6. It's possible to include features that are not strictly part of Geonode, but still essential for a production ready deployment (https encryption, backups...)

Points 1. and 6. are a major problem for smaller institutions that don't have advanced sysadmins / security experts, which represents a lot of Geonode user.

Implementation

This needs to be discussed

  • Including customized Dockerfile (such as Nginx, Geoserver, etc.) in the same repo rather than in external repositories, so that releasing new versions can be done all in one place and that it's easier to know what's actually being installed.

  • Including automatic ssl encryption and easy to configure backups using popular cloud provider.

    • Additionally document how to use corporate certificates and a non cloud provider based backup solution.

  • Optionally maintain a Rancher catalog entry (which is almost 0 work).

I suggest mentioning that deployment method on the home page, making it clear that the apt-get method isn't production-ready out of the box.

Repository

The docker setup should reside in the main repository as the current geonode/geonode composition does. But other than currently the docker customized Dockerfiles are stored like:

geonode/scripts/docker/images/ImageName

like

geonode/scripts/docker/images/nginx/Dockerfile

as already done in SPC:

scripts/spcgeonode/nginx

featured mentioned by @olivierdalang:

  • Officially supported / documented / maintained
  • docker:latest build is automated by push to geonode/geonode master
  • Easy to use (as few steps as possible to get it running)
  • Working on Windows, Mac & Linux
  • A Geonode-project (so that it's easy to customise)
  • Including customised Dockerfiles for related services in the same git repo
  • As lightweight as possible (alpine rather than debian)
  • Secure out of the box (besides basic configuration, no further step is required to have a secure install) - if possible pen-tested
  • 100% working out of the box (incl. auth for OGC services, celery tasks, etc.)
  • Automatic SSL encryption
  • Easy to configure backups using popular cloud provider
  • Travis continuous testing (or equivalent) of the installation procedure
  • Including a Rancher catalog entry
  • Updatable via git pull
  • Ready for long term maintenance (e.g. including a version flag in the geoserver data directory so that we can have migration scripts)
  • Including horizontal scaling capabilities only if it doesn't make usage more complex
  • Stable (not pulling any unstable branches/builds)
  • Installable offline (probably requires a preconfgured computer acting as a docker registry)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment