software deployment with nix - github pages · tool support i deployment was (is) often done in an...
TRANSCRIPT
Software deployment with NixNLUUG meeting, 31/03/2006
Eelco [email protected]
Universiteit Utrecht, Faculty of Science,Department of Information and Computing Sciences
March 31, 2006
Overview
Nix
I Motivation: Existing package managers (like RPM, apt, ...)have lots of problems
I We set out to improve this
I Result: Nix — basically a package manager (but more!)
Deployment Problems
I Software deployment: the art of transferring software(packages) from one machine to another (and managing it).
I The hard part: packages should work the same on the targetmachine.
I “DLL hell”I “Dependency hell”
So why is this hard?
I Difficult to have multiple versions; but we want this toI Test upgradesI Deal with conflicting dependenciesI Support different user / service requirements
gtk+
wxGTK zapping
wxPython
BitTorrent
So why is this hard?
I Difficult to have multiple versions; but we want this toI Test upgradesI Deal with conflicting dependenciesI Support different user / service requirements
gtk+
wxGTK zapping
wxPython
BitTorrent
Requires gtk+-2.4
So why is this hard?
I Difficult to have multiple versions; but we want this toI Test upgradesI Deal with conflicting dependenciesI Support different user / service requirements
gtk+
wxGTK zapping
wxPython
BitTorrent
Fails with gtk+-2.4 Requires gtk+-2.4
So why is this hard?
I Unreliable dependency informationI What components are needed?I What versions?
gtk+
wxGTK
wxPython
BitTorrent
python
So why is this hard?
I Unreliable dependency informationI What components are needed?I What versions?
gtk+
wxGTK
wxPython
BitTorrent
python
Missing!
So why is this hard?
python-2.3.4
bittorrent-3.4.2
wxPython-2.4.2.4
zapping-0.7
coreutils-5.2.1
perl-5.8.5
glibc-2.3.3
gcc-3.4.2 zlib-1.2.1
wxGTK-2.4.2
libjpeg-6b
libpng-1.2.7 atk-1.2.4
gtk+-2.2.4
glib-2.2.3
libtiff-3.6.1 pango-1.2.5
libX11-6.2.1
libXft-2.1.6
fontconfig-2.2.3libXrender-0.8.4
expat-1.95.8freetype-2.1.5
libXext-6.4.3
libXau-0.1.1
libXt-0.1.4-cvs
libICE-6.3.3
libSM-6.0.3
libgnomecanvas-2.4.0
glib-2.4.7
libgnomeui-2.4.0.1
popt-1.7
libbonoboui-2.4.1
libXv-2.2.2
libxml2-2.6.13gtk+-2.4.13
libart_lgpl-2.3.16
ORBit2-2.8.3
libbonobo-2.4.2
gnome-vfs-2.4.2
esound-0.2.32
libgnome-2.0.6
GConf-2.4.0.1
pango-1.4.1
zvbi-0.2.8
rte-0.5.2
atk-1.6.1
libglade-2.0.1
libIDL-0.8.2audiofile-0.2.3
xlib-1.0
libXtrans-0.1 xproto-6.6.1xextensions-1.0.1
renderext-0.8
Zapping
BitTorrent
Tool Support
I Deployment was (is) often done in an ad hoc, undisciplinedfashion.
I Files installed in global locations (/usr/bin,C:/Windows/System32).
I “DLL Hell” — overwriting of shared components witholder/newer versions.
I “Dependency Hell” — components may have gazillions ofdependencies.
I Each application has its own (un)installer (so no unified viewon the system).
I Interactive installers ⇒ considered harmful (hard to automate).I Packaging = lots of work.
I Package managers manage software installations in a unifiedway: RPM, FreeBSD Ports/Packages, Depot, Debianapt-get/dpkg, ..., Nix.
Requirements on a Deployment System
I Support multiple versions, variants.
I Handle dependencies.
I Ensure safe upgrades / uninstalls.
I Atomic upgrades/downgrades (e.g., important in serverenvironments).
I Allow different “views” for multiple users.I Configuration management aspects:
I IdentificationI Reproducibility
The Nix Deployment System
I Central idea: store all components in isolation.
I Unique paths:
/nix/store/jjp9pirx8b3nqs9k...-firefox
which is an 160-bit cryptographic hash of all inputs used tobuild the component:
I SourcesI LibrariesI CompilersI Build scriptsI Build parametersI System typeI . . .
I Prevent undeclared build time dependencies.
I Scan for runtime dependencies.
I Deploy only closures under the depends-on relation.
Nix store
/nix/store
bd6593219f8dcb63...-gtk+-2.2.4
lib
libgtk-x11-2.0.so.0
ce2d7d2a41456bab...-wxGTK-2.4.2
libwx_gtk2-2.4.so
e889db0595672287...-wxPython-2.4.2.4
lib
9ed8c4231bfde4af...-bittorrent-3.4.2
btdownloadgui.py
bin
(lots of Python bindings)
300ccc1a41af3abc...-gtk+-2.4.13
lib
libgtk-x11-2.0.so.0
f51ec7d5663c735e-zapping-0.7.3
zapping
bin
Nix store
/nix/store
bd6593219f8dcb63...-gtk+-2.2.4
lib
libgtk-x11-2.0.so.0
ce2d7d2a41456bab...-wxGTK-2.4.2
libwx_gtk2-2.4.so
e889db0595672287...-wxPython-2.4.2.4
lib
9ed8c4231bfde4af...-bittorrent-3.4.2
btdownloadgui.py
bin
(lots of Python bindings)
300ccc1a41af3abc...-gtk+-2.4.13
lib
libgtk-x11-2.0.so.0
f51ec7d5663c735e-zapping-0.7.3
zapping
bin
Unique paths fordifferent versions
Nix expressions
hello/default.nix
Packages are built using Nix expressions:
{stdenv, fetchurl, perl}:
stdenv.mkDerivation {name = "hello-2.1.1";builder = ./builder.sh;src = fetchurl {url =ftp://ftp.gnu.org/pub/gnu/hello/hello-2.1.1.tar.gz;
md5 = "70c9ccf9fac07f762c24f2df2290784d";};inherit perl;
}
Nix expressions
hello/default.nix
Packages are built using Nix expressions:
{stdenv, fetchurl, perl}:
stdenv.mkDerivation {name = "hello-2.1.1";builder = ./builder.sh;src = fetchurl {url =ftp://ftp.gnu.org/pub/gnu/hello/hello-2.1.1.tar.gz;
md5 = "70c9ccf9fac07f762c24f2df2290784d";};inherit perl;
}
Function arguments
Nix expressions
hello/default.nix
Packages are built using Nix expressions:
{stdenv, fetchurl, perl}:
stdenv.mkDerivation {name = "hello-2.1.1";builder = ./builder.sh;src = fetchurl {url =ftp://ftp.gnu.org/pub/gnu/hello/hello-2.1.1.tar.gz;
md5 = "70c9ccf9fac07f762c24f2df2290784d";};inherit perl;
}
Build attributes
Function arguments
Nix expressions
hello/builder.sh
source $stdenv/setup
PATH=$perl/bin:$PATH
tar xvfz $srccd hello-*./configure --prefix=$outmakemake install
Nix expressions
hello/builder.sh
source $stdenv/setup
PATH=$perl/bin:$PATH
tar xvfz $srccd hello-*./configure --prefix=$outmakemake install
Environment initially empty; pre-vents undeclared dependencies
Nix expressions
system/all-packages.nix
hello = (import ../applications/misc/hello/ex-1) {inherit fetchurl stdenv perl;
};
perl = (import ../development/interpreters/perl) {inherit fetchurl stdenv;
};
fetchurl = (import ../build-support/fetchurl) {inherit stdenv; ...
};
stdenv = ...;
Nix expressions
system/all-packages.nix
hello = (import ../applications/misc/hello/ex-1) {inherit fetchurl stdenv perl;
};
perl = (import ../development/interpreters/perl) {inherit fetchurl stdenv;
};
fetchurl = (import ../build-support/fetchurl) {inherit stdenv; ...
};
stdenv = ...;
Variability
bittorrent = (import ../tools/networking/bittorrent) {inherit fetchurl stdenv wxGTK;
};
wxGTK = (import ../development/libraries/wxGTK) {inherit fetchurl stdenv pkgconfig;gtk = gtkLibs22.gtk;
};
firefox = (import ../applications/browsers/firefox) {inherit fetchurl stdenv pkgconfig perl zip libIDL libXi;gtk = gtkLibs24.gtk;
};
Finding runtime dependencies
/nix/store
bd6593219f8dcb63...-gtk+-2.2.4
lib
libgtk-x11-2.0.so.0
ce2d7d2a41456bab...-wxGTK-2.4.2
libwx_gtk2-2.4.so
e889db0595672287...-wxPython-2.4.2.4
lib
9ed8c4231bfde4af...-bittorrent-3.4.2
btdownloadgui.py
bin
(lots of Python bindings)
300ccc1a41af3abc...-gtk+-2.4.13
lib
libgtk-x11-2.0.so.0
f51ec7d5663c735e-zapping-0.7.3
zapping
bin
Finding runtime dependencies
/nix/store
bd6593219f8dcb63...-gtk+-2.2.4
lib
libgtk-x11-2.0.so.0
ce2d7d2a41456bab...-wxGTK-2.4.2
libwx_gtk2-2.4.so
e889db0595672287...-wxPython-2.4.2.4
lib
9ed8c4231bfde4af...-bittorrent-3.4.2
btdownloadgui.py
bin
(lots of Python bindings)
300ccc1a41af3abc...-gtk+-2.4.13
lib
libgtk-x11-2.0.so.0
f51ec7d5663c735e-zapping-0.7.3
zapping
bin
Contents of libwx gtk2-2.4.so
...
2e 36 00 6c 69 62 73 74 64 63 2b 2b 2e 73 6f 2e |.6.libstdc++.so.|
36 00 6c 69 62 67 63 63 5f 73 2e 73 6f 2e 31 00 |6.libgcc_s.so.1.|
6c 69 62 70 74 68 72 65 61 64 2e 73 6f 2e 30 00 |libpthread.so.0.|
6c 69 62 63 2e 73 6f 2e 36 00 5f 5f 63 78 61 5f |libc.so.6.__cxa_|
61 74 65 78 69 74 00 5f 65 64 61 74 61 00 5f 5f |atexit._edata.__|
62 73 73 5f 73 74 61 72 74 00 2f 6e 69 78 2f 73 |bss_start./nix/s|
74 6f 72 65 2f 62 64 36 35 39 33 32 31 39 66 38 |tore/bd6593219f8|
64 63 62 36 33 30 61 34 35 35 62 31 61 35 37 66 |dcb630a455b1a57f|
36 34 36 33 33 2d 67 74 6b 2b 2d 32 2e 32 2e 34 |64633-gtk+-2.2.4|
2f 6c 69 62 3a 2f 6e 69 78 2f 73 74 6f 72 65 2f |/lib:/nix/store/|
62 37 65 62 34 37 36 64 36 32 62 61 65 38 62 63 |b7eb476d62bae8bc|
...
Finding runtime dependencies
/nix/store
bd6593219f8dcb63...-gtk+-2.2.4
lib
libgtk-x11-2.0.so.0
ce2d7d2a41456bab...-wxGTK-2.4.2
libwx_gtk2-2.4.so
e889db0595672287...-wxPython-2.4.2.4
lib
9ed8c4231bfde4af...-bittorrent-3.4.2
btdownloadgui.py
bin
(lots of Python bindings)
300ccc1a41af3abc...-gtk+-2.4.13
lib
libgtk-x11-2.0.so.0
f51ec7d5663c735e-zapping-0.7.3
zapping
bin
Contents of libwx gtk2-2.4.so
...
2e 36 00 6c 69 62 73 74 64 63 2b 2b 2e 73 6f 2e |.6.libstdc++.so.|
36 00 6c 69 62 67 63 63 5f 73 2e 73 6f 2e 31 00 |6.libgcc_s.so.1.|
6c 69 62 70 74 68 72 65 61 64 2e 73 6f 2e 30 00 |libpthread.so.0.|
6c 69 62 63 2e 73 6f 2e 36 00 5f 5f 63 78 61 5f |libc.so.6.__cxa_|
61 74 65 78 69 74 00 5f 65 64 61 74 61 00 5f 5f |atexit._edata.__|
62 73 73 5f 73 74 61 72 74 00 2f 6e 69 78 2f 73 |bss_start./nix/s|
74 6f 72 65 2f 62 64 36 35 39 33 32 31 39 66 38 |tore/bd6593219f8|
64 63 62 36 33 30 61 34 35 35 62 31 61 35 37 66 |dcb630a455b1a57f|
36 34 36 33 33 2d 67 74 6b 2b 2d 32 2e 32 2e 34 |64633-gtk+-2.2.4|
2f 6c 69 62 3a 2f 6e 69 78 2f 73 74 6f 72 65 2f |/lib:/nix/store/|
62 37 65 62 34 37 36 64 36 32 62 61 65 38 62 63 |b7eb476d62bae8bc|
...
Finding runtime dependencies
/nix/store
bd6593219f8dcb63...-gtk+-2.2.4
lib
libgtk-x11-2.0.so.0
ce2d7d2a41456bab...-wxGTK-2.4.2
libwx_gtk2-2.4.so
e889db0595672287...-wxPython-2.4.2.4
lib
9ed8c4231bfde4af...-bittorrent-3.4.2
btdownloadgui.py
bin
(lots of Python bindings)
300ccc1a41af3abc...-gtk+-2.4.13
lib
libgtk-x11-2.0.so.0
f51ec7d5663c735e-zapping-0.7.3
zapping
bin
Contents of libwx gtk2-2.4.so
...
2e 36 00 6c 69 62 73 74 64 63 2b 2b 2e 73 6f 2e |.6.libstdc++.so.|
36 00 6c 69 62 67 63 63 5f 73 2e 73 6f 2e 31 00 |6.libgcc_s.so.1.|
6c 69 62 70 74 68 72 65 61 64 2e 73 6f 2e 30 00 |libpthread.so.0.|
6c 69 62 63 2e 73 6f 2e 36 00 5f 5f 63 78 61 5f |libc.so.6.__cxa_|
61 74 65 78 69 74 00 5f 65 64 61 74 61 00 5f 5f |atexit._edata.__|
62 73 73 5f 73 74 61 72 74 00 2f 6e 69 78 2f 73 |bss_start./nix/s|
74 6f 72 65 2f 62 64 36 35 39 33 32 31 39 66 38 |tore/bd6593219f8|
64 63 62 36 33 30 61 34 35 35 62 31 61 35 37 66 |dcb630a455b1a57f|
36 34 36 33 33 2d 67 74 6b 2b 2d 32 2e 32 2e 34 |64633-gtk+-2.2.4|
2f 6c 69 62 3a 2f 6e 69 78 2f 73 74 6f 72 65 2f |/lib:/nix/store/|
62 37 65 62 34 37 36 64 36 32 62 61 65 38 62 63 |b7eb476d62bae8bc|
...
Finding runtime dependencies
/nix/store
bd6593219f8dcb63...-gtk+-2.2.4
lib
libgtk-x11-2.0.so.0
ce2d7d2a41456bab...-wxGTK-2.4.2
libwx_gtk2-2.4.so
e889db0595672287...-wxPython-2.4.2.4
lib
9ed8c4231bfde4af...-bittorrent-3.4.2
btdownloadgui.py
bin
(lots of Python bindings)
300ccc1a41af3abc...-gtk+-2.4.13
lib
libgtk-x11-2.0.so.0
f51ec7d5663c735e-zapping-0.7.3
zapping
bin
Finding runtime dependencies
/nix/store
bd6593219f8dcb63...-gtk+-2.2.4
lib
libgtk-x11-2.0.so.0
ce2d7d2a41456bab...-wxGTK-2.4.2
libwx_gtk2-2.4.so
e889db0595672287...-wxPython-2.4.2.4
lib
9ed8c4231bfde4af...-bittorrent-3.4.2
btdownloadgui.py
bin
(lots of Python bindings)
300ccc1a41af3abc...-gtk+-2.4.13
lib
libgtk-x11-2.0.so.0
f51ec7d5663c735e-zapping-0.7.3
zapping
bin
Finding runtime dependencies
/nix/store
bd6593219f8dcb63...-gtk+-2.2.4
lib
libgtk-x11-2.0.so.0
ce2d7d2a41456bab...-wxGTK-2.4.2
libwx_gtk2-2.4.so
e889db0595672287...-wxPython-2.4.2.4
lib
9ed8c4231bfde4af...-bittorrent-3.4.2
btdownloadgui.py
bin
(lots of Python bindings)
300ccc1a41af3abc...-gtk+-2.4.13
lib
libgtk-x11-2.0.so.0
f51ec7d5663c735e-zapping-0.7.3
zapping
bin
User operations
I To build and install Hello:
$ nix-env -if .../all-packages.nix hello
I When a new version comes along:
$ nix-env -uf .../all-packages.nix hello
I If it doesn’t work:
$ nix-env --rollback
I Delete unused components:
$ nix-collect-garbage
User operations
I To build and install Hello:
$ nix-env -if .../all-packages.nix hello
I When a new version comes along:
$ nix-env -uf .../all-packages.nix hello
I If it doesn’t work:
$ nix-env --rollback
I Delete unused components:
$ nix-collect-garbage
User operations
I To build and install Hello:
$ nix-env -if .../all-packages.nix hello
I When a new version comes along:
$ nix-env -uf .../all-packages.nix hello
I If it doesn’t work:
$ nix-env --rollback
I Delete unused components:
$ nix-collect-garbage
User operations
I To build and install Hello:
$ nix-env -if .../all-packages.nix hello
I When a new version comes along:
$ nix-env -uf .../all-packages.nix hello
I If it doesn’t work:
$ nix-env --rollback
I Delete unused components:
$ nix-collect-garbage
User environments
I Users can havedifferent sets ofinstalled applications.
I nix-env operationscreate new userenvironments in thestore.
I We can atomicallyswitch between them.
I These are roots of thegarbage collector.
PATH
/nix/links
current
42
/nix/store
eb3266df5c1a...-user-envbin
firefoxhello
90d0d25ee157...-hello-2.1.1bin
helloe7cb4be9e7c4...-firefox-1.0
binfirefox
User environments
I Users can havedifferent sets ofinstalled applications.
I nix-env operationscreate new userenvironments in thestore.
I We can atomicallyswitch between them.
I These are roots of thegarbage collector.
PATH
/nix/links
current
42
/nix/store
eb3266df5c1a...-user-envbin
firefoxhello
90d0d25ee157...-hello-2.1.1bin
helloe7cb4be9e7c4...-firefox-1.0
binfirefox
d0b3495e5c73...-hello-2.1.2bin
hello
(nix-env -u hello)
User environments
I Users can havedifferent sets ofinstalled applications.
I nix-env operationscreate new userenvironments in thestore.
I We can atomicallyswitch between them.
I These are roots of thegarbage collector.
PATH
/nix/links
current
42
/nix/store
eb3266df5c1a...-user-envbin
firefoxhello
90d0d25ee157...-hello-2.1.1bin
helloe7cb4be9e7c4...-firefox-1.0
binfirefox
d0b3495e5c73...-hello-2.1.2bin
hello83ca061e32cd...-user-env
binhellofirefox
(nix-env -u hello)
User environments
I Users can havedifferent sets ofinstalled applications.
I nix-env operationscreate new userenvironments in thestore.
I We can atomicallyswitch between them.
I These are roots of thegarbage collector.
PATH
/nix/links
current
42
43
/nix/store
eb3266df5c1a...-user-envbin
firefoxhello
90d0d25ee157...-hello-2.1.1bin
helloe7cb4be9e7c4...-firefox-1.0
binfirefox
d0b3495e5c73...-hello-2.1.2bin
hello83ca061e32cd...-user-env
binhellofirefox
(nix-env -u hello)
User environments
I Users can havedifferent sets ofinstalled applications.
I nix-env operationscreate new userenvironments in thestore.
I We can atomicallyswitch between them.
I These are roots of thegarbage collector.
PATH
/nix/links
current
42
43
/nix/store
eb3266df5c1a...-user-envbin
firefoxhello
90d0d25ee157...-hello-2.1.1bin
helloe7cb4be9e7c4...-firefox-1.0
binfirefox
d0b3495e5c73...-hello-2.1.2bin
hello83ca061e32cd...-user-env
binhellofirefox
(nix-env -u hello)
User environments
I Users can havedifferent sets ofinstalled applications.
I nix-env operationscreate new userenvironments in thestore.
I We can atomicallyswitch between them.
I These are roots of thegarbage collector.
PATH
/nix/links
current
43
/nix/store
eb3266df5c1a...-user-envbin
firefoxhello
90d0d25ee157...-hello-2.1.1bin
helloe7cb4be9e7c4...-firefox-1.0
binfirefox
d0b3495e5c73...-hello-2.1.2bin
hello83ca061e32cd...-user-env
binhellofirefox
(nix-env –remove-generations old)
User environments
I Users can havedifferent sets ofinstalled applications.
I nix-env operationscreate new userenvironments in thestore.
I We can atomicallyswitch between them.
I These are roots of thegarbage collector.
PATH
/nix/links
current
43
/nix/store
e7cb4be9e7c4...-firefox-1.0bin
firefoxd0b3495e5c73...-hello-2.1.2
binhello
83ca061e32cd...-user-envbin
hellofirefox
(nix-collect-garbage)
Deployment using Nix
I This is conceptually a source deployment model.
I We get binary deployment by sharing pre-built components.
I On the producer side:
$ nix-push $(nix-instantiate .../all-packages.nix) \http://server/cache
I On the client side:
$ nix-pull http://server/cache$ nix-env -if .../all-packages.nix hello
I Installation will now reuse pre-built components, iff they areexactly the same.
Deployment using Nix
I This is conceptually a source deployment model.
I We get binary deployment by sharing pre-built components.
I On the producer side:
$ nix-push $(nix-instantiate .../all-packages.nix) \http://server/cache
I On the client side:
$ nix-pull http://server/cache$ nix-env -if .../all-packages.nix hello
I Installation will now reuse pre-built components, iff they areexactly the same.
Deployment using Nix
I This is conceptually a source deployment model.
I We get binary deployment by sharing pre-built components.
I On the producer side:
$ nix-push $(nix-instantiate .../all-packages.nix) \http://server/cache
I On the client side:
$ nix-pull http://server/cache$ nix-env -if .../all-packages.nix hello
I Installation will now reuse pre-built components, iff they areexactly the same.
An example deployment policy: channels
I Channels allow Nix expressions to be updated automatically.
I Subscribe to a channel:
$ nix-channel --add http://.../channels/nixpkgs-stable
I Fetch latest channel instance:
$ nix-channel --update
I Update all installed packages:
$ nix-env -u ’*’
An example deployment policy: channels
I Channels allow Nix expressions to be updated automatically.
I Subscribe to a channel:
$ nix-channel --add http://.../channels/nixpkgs-stable
I Fetch latest channel instance:
$ nix-channel --update
I Update all installed packages:
$ nix-env -u ’*’
An example deployment policy: channels
I Channels allow Nix expressions to be updated automatically.
I Subscribe to a channel:
$ nix-channel --add http://.../channels/nixpkgs-stable
I Fetch latest channel instance:
$ nix-channel --update
I Update all installed packages:
$ nix-env -u ’*’
Nix Packages collection
Nixpkgs
I Contains Nix expressions for 716 existing Unix packages.I Development tools: GCC, Perl, Mono, ...I Libraries: Glibc, GTK, Qt, X11, ...I Applications: Firefox, Xine, Quake 3, ...I Servers: httpd, PostgreSQL, ...
I On Linux/x86, fully bootstrapped (no external dependencies).
Service deployment
Services: sets of running programs that provide some usefulfacility on a system or network.
Example: Subversion service
Example: Issue tracking service
Service deployment is hard
Service deployment involves a number of steps:
I Deploy software components (e.g., Apache, PostgreSQL,Subversion)
I Edit configuration files (e.g., httpd.conf, viewcvs.conf)
I Initialise state (e.g., logging directories, database tables)
I Start/stop processes
I ... and all of this possibly on multiple machines / platforms
Problems
I Poor reproducibility (bad CM)
I Hard to support parallel configurations
I Cross-cutting configuration choices
Problem 1: Poor reproducibility
I Goal: it should be possible to realise a service by running asingle command.
I E.g., to move it to another machineI So no manual installing of missing software components,
tweaking of configuration files, creating missing directories, etc.
I Why is reproducibility hard?I Admins often manually edit configuration files and initialise
stateI Service configuration doesn’t express software component
dependencies
Example
software
dataconfiguration
subversion
openssl db4
perl
expat
apache
perlBerkeleyDB
viewcvs
/data/subversion/
httpd.conf
control
Gap between package management and serviceconfiguration
I Software components are typically deployed through packagemanagers such as RPM
I Service configuration is typically kept under versionmanagement
I However, there is no good way to express the dependencies ofthe service on the software components
Problem 2: Parallel configurations
I It should be easy to create different instances of a serviceI Test vs. production servers (running on different ports, using
different databases, etc.)I Instantiations for different usersI Evolution through time (rollbacks)
I This is hard to support because there are typically lots ofconfiguration files and control scripts that refer to lots ofpaths for components, state, static data files, etc.
I /etc/apache/httpd.conf,/etc/init.d/apache,/etc/apache/viewcvs.conf, ...
Example
/etc/apache/httpd.conf for Subversion service (fragment)
ServerRoot "/var/httpd"ServerName svn.cs.uu.nl:8080LoadModule dav_svn_module /usr/lib/modules/mod_dav_svn.so<Location /repos>
AuthType BasicAuthDBMUserFile /data/subversion/db/svn-users...SVNParentPath /data/subversion/repos
</Location>ScriptAlias /viewcvs /usr/viewcvs/www/cgi/viewcvs.cgi
Example
/etc/init.d/httpd for Subversion service (fragment)
/usr/sbin/apachectl -k start -f /etc/apache/httpd.conf
Use cases
I Try out with a different set of repositories.
I Try out a different Apache.
I Try out a different Subversion module.
Problem 3: Cross-cutting configuration choices
I Many configuration choices are cross-cutting, i.e., impactmany different (parts of) configuration files, scripts, etc.
I Examples:I Port numbersI Host namesI Paths (major source of problems!)
I So a change to the configuration choices must be realised inmany different places
I Lots of work
I Danger of inconsistency
Example: port number
In /etc/init.d/httpd.conf
ServerName www.example.org:12443Listen 12443<VirtualHost _default_:12443>
In repoman.pl
my $url = "https://www.example.org:12443/"print "... <a href=’$url/repos/$repoName’> ...";
Solution
Treat all the static parts of configurations as Nix components:
I Software
I Configuration files
I Control scripts
I Static data files (e.g., static web pages)
But not mutable state, e.g. databases
Advantages
I Support multiple configurations side-by-side
I Nix’s functional language: can easily support multipleconfigurations
I Atomic upgrades / rollbacksI SCM support:
I Full knowledge of dependenciesI Reproducibility (easy to move to another machine)
Example
Nix expression for svn.cs.uu.nl
{productionServer ? true}:let {webServer = import ../../apache-httpd {hostName = "svn.cs.uu.nl";httpPort = if productionServer then 80 else 12080;httpsPort = if productionServer then 443 else 12443;adminAddr = "[email protected]";subServices = [ subversionService ];...
};
subversionService = import ../../subversion {reposDir = rootDir + "/repos"; ...
}
Use
Building the test instance
$ upgrade-server.sh svn ./default.nix test
I Produces (say) /nix/store/98wl...-apache-httpd-service.
I Generated configuration files (e.g.,/nix/store/98wl...-apache-httpd-service/conf/httpd.conftell server to run on port 12080/12443.
I Old test server is stopped, new server is started.
Building the production instance
$ upgrade-server.sh svn ./default.nix production
I Produces (say) /nix/store/6sc6...-apache-httpd-service.
I Generated configuration files (e.g.,/nix/store/6sc6...-apache-httpd-service/conf/httpd.conftell server to run on port 80/443.
I Old production server is stopped, new server is started.
Use
Building the test instance
$ upgrade-server.sh svn ./default.nix test
I Produces (say) /nix/store/98wl...-apache-httpd-service.
I Generated configuration files (e.g.,/nix/store/98wl...-apache-httpd-service/conf/httpd.conftell server to run on port 12080/12443.
I Old test server is stopped, new server is started.
Building the production instance
$ upgrade-server.sh svn ./default.nix production
I Produces (say) /nix/store/6sc6...-apache-httpd-service.
I Generated configuration files (e.g.,/nix/store/6sc6...-apache-httpd-service/conf/httpd.conftell server to run on port 80/443.
I Old production server is stopped, new server is started.
NixOS
I Nix usually used on existing Unix systems (e.g., SuSE Linux,Fedora Core, Mac OS X, FreeBSD)
I Taking it all the way: NixOS (Armijn Hemel)
I All packages installed through NixI Also hope to improve system configuration
I Stuff in /etc become Nix service components, so we getrollbacks etc.
Conclusions
I Contributions:I Safe, automatic coexistance of versions/variants.I Reliable dependencies.I Multiple concurrent configurations.I Atomic upgrades/rollbacks.I Safe garbage collection.I Binary deployment is automatic.I Can accomodate many deployment policies.I Useful for service deployment.I Integrated continuous integration / release management.
I Available at http://www.cs.uu.nl/groups/ST/Trace/Nix.
Further reading
ICSE’04 E. Dolstra, E. Visser, and M. de Jonge, Imposing aMemory Management Discipline on SoftwareDeployment
LISA’04 E. Dolstra, M. de Jonge, and E. Visser, Nix: A Safeand Policy-Free System for Software Deployment
CBSE’05 E. Dolstra, Efficient Upgrading in a Purely FunctionalComponent Deployment Model
ASE’05 E. Dolstra, Secure Sharing Between Untrusted Usersin a Transparent Source/Binary Deployment Model
PhD thesis E. Dolstra, The Purely Functional SoftwareDeployment Model