This document summarizes a presentation about managing CPAN dependencies for web development projects. It describes a case study where a developer installed many CPAN modules for a new web app, but ran into problems with dependency and versioning issues during deployment to production servers. The presenter then introduced their solution called Carton, a tool for creating isolated, local Perl environments for apps and locking dependency versions to allow reproducible, stable deployments across different machines. Key features discussed included dependency declaration, isolated environments, version control, analysis and more. The document concludes with a call for questions and thanks.

1. Carton
Tatsuhiko Miyagawa
YAPC::Asia 2011 Tokyo
Friday, October 14, 2011

2. Managing CPAN
Dependencies
Friday, October 14, 2011

3. Case Study:
(Poor) Web Development
Friday, October 14, 2011

4. You’re writing a new web app.
You don’t wanna reinvent wheels.
Want to use as many CPAN deps.
Friday, October 14, 2011

5. Fine.
Get them from CPAN,
install on your machine.
Friday, October 14, 2011

6. >
cpanm
Web::Framework
installed
LWP-­‐5.912
installed
Plack-­‐0.9980
installed
Web-­‐Framework-­‐1.20
>
cpanm
JSON::Fast
installed
JSON-­‐Fast-­‐1.91
>
cpanm
MIME::Parser::XS
installed
MIME-­‐Parser-­‐XS-­‐0.20
Friday, October 14, 2011

7. Test it...
Friday, October 14, 2011

8. Works? Ship it!
Friday, October 14, 2011

9. Deployment
Set up new production servers.
Install CPAN modules
(until the errors are gone)
Friday, October 14, 2011

10. Few weeks later...
Friday, October 14, 2011

11. Your website is popular!
Need more web servers!
Friday, October 14, 2011

12. Re-Deployment
Set up new production servers.
Install CPAN modules
(until the errors are gone)
Friday, October 14, 2011

13. “Crap, Web::Framework has been
updated to 1.4 and many APIs
have been changed or deprecated!”
Friday, October 14, 2011

14. Rollback
Log in to the old web server.
Check Perl module versions.
Install them on the new server.
Friday, October 14, 2011

15. “Crap, this author deleted
the version 1.20 we want.
Let’s go to BackPAN...”
Friday, October 14, 2011

16. “Crap, version 1.20 doesn’t actually work
with the newer LWP 6 that we just
installed! Have to downgrade this too...”
Friday, October 14, 2011

17. and so on.
Friday, October 14, 2011

18. What was wrong?
Friday, October 14, 2011

19. • Dependency declaration
• Isolated Perl environments
• Version controls/history
• Dependency analysis
• Repeatable deployments
• etc.
Friday, October 14, 2011

20. Many existing solutions
MyCPAN, DPAN, CPAN::Mini::Inject,
OrePAN, Shipwright
Friday, October 14, 2011

21. None of those
didn’t quite work for me.
(Or I haven’t even tried)
Friday, October 14, 2011

22. So I wrote a new one.
Friday, October 14, 2011

23. Carton
https://github.com/miyagawa/carton
Friday, October 14, 2011

24. Inspired by...
Friday, October 14, 2011

25. Friday, October 14, 2011

26. • App-specific local environment
• Fast and safe install
• Dep-tree analysis, including versions
• Locking module versions
• Easy Redeployment
• Single-file,VCS friendly
• Safe and easy rollback
Friday, October 14, 2011

27. Local perl environment
Using local::lib and cpanm -L
Each app has an isolated local library path
Friday, October 14, 2011

28. Fast and safe install
cpanm 1.5
Saves MYMETA.json and install meta info
Friday, October 14, 2011

29. Dep tree analysis
Rebuild the dependency tree from meta info
Checks if anything is missing/superflous
Friday, October 14, 2011

30. Locking versions
Versions are saved in carton.lock
including dependencies
Friday, October 14, 2011

31. Easy Redeployment
Reinstall exactly the same set of modules
on another prod/development machines.
Friday, October 14, 2011

32. Single-file,VCS friendly
You can add carton.lock to git
update whenever you update modules
Friday, October 14, 2011

33. Safe and easy rollback
revert the lock file and redeploy
Friday, October 14, 2011

34. DEMO
Friday, October 14, 2011

35. >
cpanm
Carton
Friday, October 14, 2011

36. WARNING
It is beta software, some features are
missing or not working correctly (yet).
Friday, October 14, 2011

37. github.com/miyagawa/carton
irc.perl.org #carton
Friday, October 14, 2011

38. Questions?
Friday, October 14, 2011

39. Thanks!
twitter.com/miyagawa
Friday, October 14, 2011