The document discusses using NixOS, a Linux distribution that uses the Nix package manager, for declarative deployment and testing. It describes how NixOS allows systems to be configured and deployed declaratively via Nix expressions. This includes features for deploying single machines, distributed environments, and virtual machine networks in an efficient and reliable manner. It also outlines how NixOS enables integrated testing of distributed systems through the use of virtual machine instances.
What do you do when your python project has dependencies beyond Python? Nix is a "purely functional" package manager, which can also be used like "virtualenv", but for everything. I would cover single user installation of Nix package manager on Linux or Mac, defining Nix based development environments, generating Nix expressions for large Python projects using buildout, and finally, building minimal Docker images from scratch by using those generated expressions.
Explains how Docker and Nix work as deployment solutions, in what ways they are similar and different, and how they can be combined to achieve interesting results.
What do you do when your python project has dependencies beyond Python? Nix is a "purely functional" package manager, which can also be used like "virtualenv", but for everything. I would cover single user installation of Nix package manager on Linux or Mac, defining Nix based development environments, generating Nix expressions for large Python projects using buildout, and finally, building minimal Docker images from scratch by using those generated expressions.
Explains how Docker and Nix work as deployment solutions, in what ways they are similar and different, and how they can be combined to achieve interesting results.
nix-processmgmt: An experimental Nix-based process manager-agnostic frameworkSander van der Burg
NixCon 2020 talk about an experimental framework that integrates the Nix package manager with all kinds of process managers, such as : sysvinit, systemd, launchd, and even Docker
Docker Security: Are Your Containers Tightly Secured to the Ship?Michael Boelen
Docker is hot, Docker security is not? In this talk the risks, benefits and defenses of Docker are discussed. They are followed up by some best practices, which can you use in your daily activities. What is clear is that there is still a lot to do to get your containers secured.
Event: Docker Amsterdam Meetup - January 2015
This presentation was given by Michael Boelen, January 23rd at Schuberg Philis. The event was organized by Mark Robert Coleman with help of Harm Boertien. With a full house of people, Docker security was discussed.
About the author:
Michael Boelen is founder of CISOfy and researches Linux security to build tools and documentation, to simplify it for others. Examples are tools like Rootkit Hunter and Lynis, blog posts and presentations.
Ryan Koop's Docker Chicago Meetup Demo March 12 2014Cohesive Networks
CohesiveFT's Director of Products & Marketing, Ryan Koop, presented on how CohesiveFT is incorporating Docker containers in our latest version of the virtual networking appliance, VNS3.
Docker Meetup #2 was held on March 12, 2014 at Mediafly
Using Kubernetes and TensorFlow to build the Fog Computing Platform that can dynamically deploy the deep learning applications on to the IoT devices (Raspberry PI).
Introduction to Docker and all things containers, Docker Meetup at RelateIQdotCloud
Docker is an open-source project to easily create lightweight, portable, self-sufficient containers from any application. The same container that a developer builds and tests on a laptop can run at scale, in production, on VMs, bare metal, OpenStack clusters, public clouds and more.
PaaSTA, Yelp's platform as a service (PaaS) built on top of open source tools, provides tooling for developers to quickly turn their microservice into a monitored, highly available application spanning multiple data centers and cloud regions. Nathan Handler outlines the technologies that power PaaSTA and discusses how Yelp uses PaaSTA to empower developers and solve key problems.
Video: https://youtu.be/vISUXKeoqXM
[KubeCon NA 2020] containerd: Rootless Containers 2020Akihiro Suda
Rootless Containers means running the container runtimes (e.g. runc, containerd, and kubelet) as well as the containers without the host root privileges. The most significant advantage of Rootless Containers is that it can mitigate potential container-breakout vulnerability of the runtimes, but it is also useful for isolating multi-user environments on HPC hosts. This talk will contain the introduction to rootless containers and deep-dive topics about the recent updates such as Seccomp User Notification. The main focus will be on containerd (CNCF Graduated Project) and its consumer projects including Kubernetes and Docker/Moby, but topics about other runtimes will be discussed as well.
https://sched.co/fGWc
Race to find the hacker! Take everything you’ve learned today and put it to work. We’ll construct a scenario and you will try to solve the problem with sysdig and build a falco rule to detect the issue in the future. Gear up, folks, there is a drone on the line as a prize for the winner!
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...Jérôme Petazzoni
Docker is two years old. While security has always been at the core of the questions revolving around Docker, the nature of those questions has changed. Last year, the main concern was "can I safely colocate containers on the same machine?" and it elicited various responses. Dan Walsh, SELinux expert, notoriously said: "containers do not contain!", and at last year's LinuxCon, Jérôme delivered a presentation detailing how to harden Docker and containers to isolate them better.
Today, people have new concerns. They include image transport, vulnerability mitigation, and more.
After a recap about the current state of container security, Jérôme will explain why those new questions showed up, and most importantly, how to address them and safely deploy containers in general, and Docker in particular.
A Gentle Introduction To Docker And All Things ContainersJérôme Petazzoni
Docker is a runtime for Linux Containers. It enables "separation of concern" between devs and ops, and solves the "matrix from hell" of software deployment. This presentation explains it all! It also explains the role of the storage backend and compares the various backends available. It gives multiple recipes to build Docker images, including integration with configuration management software like Chef, Puppet, Salt, Ansible. If you already watched other Docker presentations, this is an actualized version (as of mid-November 2013) of the thing!
As developers, we are blessed with a huge variety of tools to help us in our daily jobs. One of the most popular ones that has shown up over the last few years is Docker. How does one go about getting started with Docker? Why should you invest your time in this new technology? What can you do with Docker? Let's find out!
Docker Networking in OpenStack: What you need to know nowPLUMgrid
Learn how you bring secure, scalable, available and open software defined networking to Docker containers managed by OpenStack. This session will cover how Docker virtual networks function, how to plumb them into the virtual network fabric and reliably assign information such as IP addresses, virtual interfaces and more. In addition, this session will also cover how to securely wrap Docker containers using security policies and encryption.
nix-processmgmt: An experimental Nix-based process manager-agnostic frameworkSander van der Burg
NixCon 2020 talk about an experimental framework that integrates the Nix package manager with all kinds of process managers, such as : sysvinit, systemd, launchd, and even Docker
Docker Security: Are Your Containers Tightly Secured to the Ship?Michael Boelen
Docker is hot, Docker security is not? In this talk the risks, benefits and defenses of Docker are discussed. They are followed up by some best practices, which can you use in your daily activities. What is clear is that there is still a lot to do to get your containers secured.
Event: Docker Amsterdam Meetup - January 2015
This presentation was given by Michael Boelen, January 23rd at Schuberg Philis. The event was organized by Mark Robert Coleman with help of Harm Boertien. With a full house of people, Docker security was discussed.
About the author:
Michael Boelen is founder of CISOfy and researches Linux security to build tools and documentation, to simplify it for others. Examples are tools like Rootkit Hunter and Lynis, blog posts and presentations.
Ryan Koop's Docker Chicago Meetup Demo March 12 2014Cohesive Networks
CohesiveFT's Director of Products & Marketing, Ryan Koop, presented on how CohesiveFT is incorporating Docker containers in our latest version of the virtual networking appliance, VNS3.
Docker Meetup #2 was held on March 12, 2014 at Mediafly
Using Kubernetes and TensorFlow to build the Fog Computing Platform that can dynamically deploy the deep learning applications on to the IoT devices (Raspberry PI).
Introduction to Docker and all things containers, Docker Meetup at RelateIQdotCloud
Docker is an open-source project to easily create lightweight, portable, self-sufficient containers from any application. The same container that a developer builds and tests on a laptop can run at scale, in production, on VMs, bare metal, OpenStack clusters, public clouds and more.
PaaSTA, Yelp's platform as a service (PaaS) built on top of open source tools, provides tooling for developers to quickly turn their microservice into a monitored, highly available application spanning multiple data centers and cloud regions. Nathan Handler outlines the technologies that power PaaSTA and discusses how Yelp uses PaaSTA to empower developers and solve key problems.
Video: https://youtu.be/vISUXKeoqXM
[KubeCon NA 2020] containerd: Rootless Containers 2020Akihiro Suda
Rootless Containers means running the container runtimes (e.g. runc, containerd, and kubelet) as well as the containers without the host root privileges. The most significant advantage of Rootless Containers is that it can mitigate potential container-breakout vulnerability of the runtimes, but it is also useful for isolating multi-user environments on HPC hosts. This talk will contain the introduction to rootless containers and deep-dive topics about the recent updates such as Seccomp User Notification. The main focus will be on containerd (CNCF Graduated Project) and its consumer projects including Kubernetes and Docker/Moby, but topics about other runtimes will be discussed as well.
https://sched.co/fGWc
Race to find the hacker! Take everything you’ve learned today and put it to work. We’ll construct a scenario and you will try to solve the problem with sysdig and build a falco rule to detect the issue in the future. Gear up, folks, there is a drone on the line as a prize for the winner!
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...Jérôme Petazzoni
Docker is two years old. While security has always been at the core of the questions revolving around Docker, the nature of those questions has changed. Last year, the main concern was "can I safely colocate containers on the same machine?" and it elicited various responses. Dan Walsh, SELinux expert, notoriously said: "containers do not contain!", and at last year's LinuxCon, Jérôme delivered a presentation detailing how to harden Docker and containers to isolate them better.
Today, people have new concerns. They include image transport, vulnerability mitigation, and more.
After a recap about the current state of container security, Jérôme will explain why those new questions showed up, and most importantly, how to address them and safely deploy containers in general, and Docker in particular.
A Gentle Introduction To Docker And All Things ContainersJérôme Petazzoni
Docker is a runtime for Linux Containers. It enables "separation of concern" between devs and ops, and solves the "matrix from hell" of software deployment. This presentation explains it all! It also explains the role of the storage backend and compares the various backends available. It gives multiple recipes to build Docker images, including integration with configuration management software like Chef, Puppet, Salt, Ansible. If you already watched other Docker presentations, this is an actualized version (as of mid-November 2013) of the thing!
As developers, we are blessed with a huge variety of tools to help us in our daily jobs. One of the most popular ones that has shown up over the last few years is Docker. How does one go about getting started with Docker? Why should you invest your time in this new technology? What can you do with Docker? Let's find out!
Docker Networking in OpenStack: What you need to know nowPLUMgrid
Learn how you bring secure, scalable, available and open software defined networking to Docker containers managed by OpenStack. This session will cover how Docker virtual networks function, how to plumb them into the virtual network fabric and reliably assign information such as IP addresses, virtual interfaces and more. In addition, this session will also cover how to securely wrap Docker containers using security policies and encryption.
OpenNebulaConf 2016 - The Lightweight Approach to Build Cloud CyberSecurity E...OpenNebula Project
In the era of Cloud Service and Internet of Things, information security has already become a transnational issue. In recent years, the large scale cyber attack via the connection of BotNet has become a thorny issue of Global information security. Taiwan is always the main target of international hackers due to the high dense of information devices and computers in campuses are always the favorite of hackers. To help tackling such an issue, the Ezilla, which is considered as a private Cloud toolkit ( integrated with OpenNebula), has been implemented by the CyberSecurity research team in the National Center for High-performance Computing (NCHC), Taiwan. Through the Ezilla which leverages OpenNebula and CyberSecuirty techniques, Cloud users can easily customize and configure a specified Cloud security training environment. It is an extremely lightweight approach helping users to access virtual computing resources. The main feature of this project is simplifying the utilization of Clouds. Our goal is to make Cloud security scientists or users painlessly to run their own CyberSecurity jobs on Cloud platforms, including Cyber Defense Exercise, Malware Knowledge Base, etc.. Based on the proposed CyberSecurity Exercise Platform, we also develop new functions which are private Cloud information security training service, Captur the Flags (CTF) competition service, and virtual networking service for enterprise.
The Future of Security and Productivity in Our Newly Remote WorldDevOps.com
Andy has made mistakes. He's seen even more. And in this talk he details the best and the worst of the container and Kubernetes security problems he's experienced, exploited, and remediated.
This talk details low level exploitable issues with container and Kubernetes deployments. We focus on lessons learned, and show attendees how to ensure that they do not fall victim to avoidable attacks.
See how to bypass security controls and exploit insecure defaults in this technical appraisal of the container and cluster security landscape.
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...Codemotion
In less than two years Docker went from first line of code to major Open Source project with contributions from all the big names in IT. Everyone is excited, but what's in for me - as a Dev or Ops? In short, Docker makes creating Development, Test and even Production environments an order of magnitude simpler, faster and completely portable across both local and cloud infrastructure. We will start from Docker main concepts: how to create a Linux Container from base images, run your application in it, and version your runtimes as you would with source code, and finish with a concrete example.
DCSF 19 Building Your Development Pipeline Docker, Inc.
Oliver Pomeroy, Docker & Laura Tacho, Cloudbees
Enterprises often want to provide automation and standardisation on top of their container platform, using a pipeline to build and deploy their containerized applications. However this opens up new challenges; Do I have to build a new CI/CD Stack? Can I build my CI/CD pipeline with Kubernetes orchestration? What should my build agents look like? How do I integrate my pipeline into my enterprise container registry? In this session full of examples and how-to's, Olly and Laura will guide you through common situations and decisions related to your pipelines. We'll cover building minimal images, scanning and signing images, and give examples on how to enforce compliance standards and best practices across your teams.
Webinar: Development Swarm Cluster with Docker Compose V3Codefresh
Docker 1.13 introduced a new version of Compose that simplifies deployment. In our last webinar, Alexei Ledenev (Cheif Researcher at Codefresh) walked us through the new features in Compose V3 developers can use for deployment. In case you missed it, we recorded it for you to view on demand. During the session, you’ll learn how to quickly create a multi-node Swarm cluster on your laptop, (without needing to install and manage additional VMs).
Dysnomia: complementing Nix deployments with state deploymentSander van der Burg
This talk covers Dysnomia, a state deployment tool that complements various tools in the Nix project, such as NixOS and Disnix, with state management facilities.
Seminar of U.V. Spectroscopy by SAMIR PANDASAMIR PANDA
Spectroscopy is a branch of science dealing the study of interaction of electromagnetic radiation with matter.
Ultraviolet-visible spectroscopy refers to absorption spectroscopy or reflect spectroscopy in the UV-VIS spectral region.
Ultraviolet-visible spectroscopy is an analytical method that can measure the amount of light received by the analyte.
Richard's aventures in two entangled wonderlandsRichard Gill
Since the loophole-free Bell experiments of 2020 and the Nobel prizes in physics of 2022, critics of Bell's work have retreated to the fortress of super-determinism. Now, super-determinism is a derogatory word - it just means "determinism". Palmer, Hance and Hossenfelder argue that quantum mechanics and determinism are not incompatible, using a sophisticated mathematical construction based on a subtle thinning of allowed states and measurements in quantum mechanics, such that what is left appears to make Bell's argument fail, without altering the empirical predictions of quantum mechanics. I think however that it is a smoke screen, and the slogan "lost in math" comes to my mind. I will discuss some other recent disproofs of Bell's theorem using the language of causality based on causal graphs. Causal thinking is also central to law and justice. I will mention surprising connections to my work on serial killer nurse cases, in particular the Dutch case of Lucia de Berk and the current UK case of Lucy Letby.
Remote Sensing and Computational, Evolutionary, Supercomputing, and Intellige...University of Maribor
Slides from talk:
Aleš Zamuda: Remote Sensing and Computational, Evolutionary, Supercomputing, and Intelligent Systems.
11th International Conference on Electrical, Electronics and Computer Engineering (IcETRAN), Niš, 3-6 June 2024
Inter-Society Networking Panel GRSS/MTT-S/CIS Panel Session: Promoting Connection and Cooperation
https://www.etran.rs/2024/en/home-english/
What is greenhouse gasses and how many gasses are there to affect the Earth.moosaasad1975
What are greenhouse gasses how they affect the earth and its environment what is the future of the environment and earth how the weather and the climate effects.
Toxic effects of heavy metals : Lead and Arsenicsanjana502982
Heavy metals are naturally occuring metallic chemical elements that have relatively high density, and are toxic at even low concentrations. All toxic metals are termed as heavy metals irrespective of their atomic mass and density, eg. arsenic, lead, mercury, cadmium, thallium, chromium, etc.
The ability to recreate computational results with minimal effort and actionable metrics provides a solid foundation for scientific research and software development. When people can replicate an analysis at the touch of a button using open-source software, open data, and methods to assess and compare proposals, it significantly eases verification of results, engagement with a diverse range of contributors, and progress. However, we have yet to fully achieve this; there are still many sociotechnical frictions.
Inspired by David Donoho's vision, this talk aims to revisit the three crucial pillars of frictionless reproducibility (data sharing, code sharing, and competitive challenges) with the perspective of deep software variability.
Our observation is that multiple layers — hardware, operating systems, third-party libraries, software versions, input data, compile-time options, and parameters — are subject to variability that exacerbates frictions but is also essential for achieving robust, generalizable results and fostering innovation. I will first review the literature, providing evidence of how the complex variability interactions across these layers affect qualitative and quantitative software properties, thereby complicating the reproduction and replication of scientific studies in various fields.
I will then present some software engineering and AI techniques that can support the strategic exploration of variability spaces. These include the use of abstractions and models (e.g., feature models), sampling strategies (e.g., uniform, random), cost-effective measurements (e.g., incremental build of software configurations), and dimensionality reduction methods (e.g., transfer learning, feature selection, software debloating).
I will finally argue that deep variability is both the problem and solution of frictionless reproducibility, calling the software science community to develop new methods and tools to manage variability and foster reproducibility in software systems.
Exposé invité Journées Nationales du GDR GPL 2024
Deep Behavioral Phenotyping in Systems Neuroscience for Functional Atlasing a...Ana Luísa Pinho
Functional Magnetic Resonance Imaging (fMRI) provides means to characterize brain activations in response to behavior. However, cognitive neuroscience has been limited to group-level effects referring to the performance of specific tasks. To obtain the functional profile of elementary cognitive mechanisms, the combination of brain responses to many tasks is required. Yet, to date, both structural atlases and parcellation-based activations do not fully account for cognitive function and still present several limitations. Further, they do not adapt overall to individual characteristics. In this talk, I will give an account of deep-behavioral phenotyping strategies, namely data-driven methods in large task-fMRI datasets, to optimize functional brain-data collection and improve inference of effects-of-interest related to mental processes. Key to this approach is the employment of fast multi-functional paradigms rich on features that can be well parametrized and, consequently, facilitate the creation of psycho-physiological constructs to be modelled with imaging data. Particular emphasis will be given to music stimuli when studying high-order cognitive mechanisms, due to their ecological nature and quality to enable complex behavior compounded by discrete entities. I will also discuss how deep-behavioral phenotyping and individualized models applied to neuroimaging data can better account for the subject-specific organization of domain-general cognitive systems in the human brain. Finally, the accumulation of functional brain signatures brings the possibility to clarify relationships among tasks and create a univocal link between brain systems and mental functions through: (1) the development of ontologies proposing an organization of cognitive processes; and (2) brain-network taxonomies describing functional specialization. To this end, tools to improve commensurability in cognitive science are necessary, such as public repositories, ontology-based platforms and automated meta-analysis tools. I will thus discuss some brain-atlasing resources currently under development, and their applicability in cognitive as well as clinical neuroscience.
Comparing Evolved Extractive Text Summary Scores of Bidirectional Encoder Rep...University of Maribor
Slides from:
11th International Conference on Electrical, Electronics and Computer Engineering (IcETRAN), Niš, 3-6 June 2024
Track: Artificial Intelligence
https://www.etran.rs/2024/en/home-english/
Phenomics assisted breeding in crop improvementIshaGoswami9
As the population is increasing and will reach about 9 billion upto 2050. Also due to climate change, it is difficult to meet the food requirement of such a large population. Facing the challenges presented by resource shortages, climate
change, and increasing global population, crop yield and quality need to be improved in a sustainable way over the coming decades. Genetic improvement by breeding is the best way to increase crop productivity. With the rapid progression of functional
genomics, an increasing number of crop genomes have been sequenced and dozens of genes influencing key agronomic traits have been identified. However, current genome sequence information has not been adequately exploited for understanding
the complex characteristics of multiple gene, owing to a lack of crop phenotypic data. Efficient, automatic, and accurate technologies and platforms that can capture phenotypic data that can
be linked to genomics information for crop improvement at all growth stages have become as important as genotyping. Thus,
high-throughput phenotyping has become the major bottleneck restricting crop breeding. Plant phenomics has been defined as the high-throughput, accurate acquisition and analysis of multi-dimensional phenotypes
during crop growing stages at the organism level, including the cell, tissue, organ, individual plant, plot, and field levels. With the rapid development of novel sensors, imaging technology,
and analysis methods, numerous infrastructure platforms have been developed for phenotyping.
Using NixOS for declarative deployment and testing
1. Using NixOS for declarative deployment and
testing
Sander van der Burg Eelco Dolstra
Delft University of Technology, EEMCS,
Department of Software Technology
February 5, 2010
Sander van der Burg, Eelco Dolstra Using NixOS for declarative deployment and testing
2. Linux distributions
There are a wide range of Linux distributions available, each
having different properties and goals.
Sander van der Burg, Eelco Dolstra Using NixOS for declarative deployment and testing
3. Software deployment
Software deployment
All of the activities that make a software system available for use
Carzaninga et al.
Activities
Install a Linux distribution with some desired packages
Adapt/tweak configuration files
Install custom pieces of software
Upgrade a system
Sander van der Burg, Eelco Dolstra Using NixOS for declarative deployment and testing
7. Challenges
Deploying a single machine is hard
Takes some effort
Upgrading may break the system
Deploying a distributed environment is even harder
Machines may be dependent on each other, e.g. web
application using a database
While upgrading, downtimes may occur
Deploying (a network of) virtual machines is also hard
Takes quite some effort to perform system integration tests
Sander van der Burg, Eelco Dolstra Using NixOS for declarative deployment and testing
8. NixOS
A GNU/Linux distribution using the Nix package manager
Sander van der Burg, Eelco Dolstra Using NixOS for declarative deployment and testing
9. Nix store
Main idea: store all packages
in isolation from each other:
/nix/store/rpdqxnilb0cg...
-firefox-3.5.4
Paths contain a 160-bit
cryptographic hash of all
inputs used to build the
package:
Sources
Libraries
Compilers
Build scripts
. . .
/nix/store
l9w6773m1msy...-openssh-4.6p1
bin
ssh
sbin
sshd
smkabrbibqv7...-openssl-0.9.8e
lib
libssl.so.0.9.8
c6jbqm2mc0a7...-zlib-1.2.3
lib
libz.so.1.2.3
im276akmsrhv...-glibc-2.5
lib
libc.so.6
Sander van der Burg, Eelco Dolstra Using NixOS for declarative deployment and testing
10. Nix expressions
openssh.nix
{ stdenv, fetchurl, openssl, zlib }:
stdenv.mkDerivation {
name = "openssh-4.6p1";
src = fetchurl {
url = http://.../openssh-4.6p1.tar.gz;
sha256 = "0fpjlr3bfind0y94bk442x2p...";
};
buildCommand = ’’
tar xjf $src
./configure --prefix=$out --with-openssl=${openssl}
make; make install
’’;
}
Sander van der Burg, Eelco Dolstra Using NixOS for declarative deployment and testing
11. Nix expressions
all-packages.nix
openssh = import ../tools/networking/openssh {
inherit fetchurl stdenv openssl zlib;
};
openssl = import ../development/libraries/openssl {
inherit fetchurl stdenv perl;
};
stdenv = ...;
openssl = ...;
zlib = ...;
perl = ...;
nix-env -f all-packages.nix -iA openssh
Produces a /nix/store/l9w6773m1msy...-openssh-4.6p1
package in the Nix store.
Sander van der Burg, Eelco Dolstra Using NixOS for declarative deployment and testing
12. NixOS
In NixOS, all packages including the Linux kernel and
configuration files are managed by Nix.
NixOS does not have directories such as: /lib and /usr
NixOS has a minimal /bin and /etc
But NixOS is more then just a distribution managed by Nix
Sander van der Burg, Eelco Dolstra Using NixOS for declarative deployment and testing
14. NixOS configuration
nixos-rebuild switch
Nix package manager builds a complete system configuration
Includes all packages and generates all configuration files, e.g.
OpenSSH configuration
Upgrades are (almost) atomic
Components are stored safely next to each other, due to hashes
No files are automatically removed or overwritten
Users can switch to older generations of system configurations
not garbage collected yet
Sander van der Burg, Eelco Dolstra Using NixOS for declarative deployment and testing
16. Distributed deployment
NixOS has good properties for deployment of a single system
Can we extend these properties to distributed systems?
Sander van der Burg, Eelco Dolstra Using NixOS for declarative deployment and testing
18. Motivating example: Trac
Trac can be deployed in a distributed environment:
Subversion server
Database server
Web server
Sander van der Burg, Eelco Dolstra Using NixOS for declarative deployment and testing
20. Distributed deployment
nixos-deploy-network network.nix
Build system configurations by the Nix package manager
Transfer complete system and all dependencies to target
machines in the network
Efficient: only missing store paths must be transferred
Safe: Existing configuration is not affected, because no files
are overwritten or removed
Activate new system configuration
In case of a failure, roll back all configurations
Relatively cheap operation, because old configuration is stored
next to new configuration
Sander van der Burg, Eelco Dolstra Using NixOS for declarative deployment and testing
21. Virtualization
nixos-build-vms network.nix; ./result/bin/nixos-run-vms
Builds a network of QEMU-KVM virtual machines closely
resembling the network of NixOS configurations
We don’t create disk images
The VM mounts the Nix store of the host system using
SMB/CIFS
Sander van der Burg, Eelco Dolstra Using NixOS for declarative deployment and testing
22. Virtualization
nixos-build-vms network.nix; ./result/bin/nixos-run-vms
Possible because complete configuration is in the Nix store
This is efficient and safe due to the nature of the Nix store
Components with same hash codes are shared between VMs
The hash part of the name isolates components from each
other
Difficult to do for imperative Linux distributions, which have
/etc, /usr, /lib directories.
Sander van der Burg, Eelco Dolstra Using NixOS for declarative deployment and testing
24. Testing
trac.nix
testScript = ’’
$postgresql→waitForJob("postgresql");
$postgresql→mustSucceed("createdb trac");
$webserver→mustSucceed("mkdir -p /repos/trac");
$webserver→mustSucceed("svnadmin create /repos/trac");
$webserver→waitForFile("/var/trac");
$webserver→mustSucceed("mkdir -p /var/trac/projects/test");
$webserver→mustSucceed("trac-admin /var/trac/projects/test initenv ".
"Test postgres://root@postgresql/trac svn /repos/trac");
$client→waitForX;
$client→execute("konqueror http://webserver/projects/test &");
$client→waitForWindow(qr/Test.*Konqueror/);
$client→screenshot("screen");
’’;
Sander van der Burg, Eelco Dolstra Using NixOS for declarative deployment and testing
25. Testing
nix-build tests.nix -A trac
Sander van der Burg, Eelco Dolstra Using NixOS for declarative deployment and testing
26. Experience
Distributed deployment of a Hydra build environment
Continuous integration and testing of NixOS
NixOS installer
OpenSSH
Trac
NFS server
Continuous integration and testing of various GNU projects
Install NixOS system with bleeding edge glibc
Other free software projects
Sander van der Burg, Eelco Dolstra Using NixOS for declarative deployment and testing
28. Conclusion
NixOS. A GNU/Linux distribution used to reliably deploy a
complete system from a declarative specification
nixos-deploy-network. Efficiently/Reliably deploy a
network of NixOS machines
nixos-build-vms. Efficiently generate a network of cheap
NixOS virtual machines instances
NixOS test driver. Perform distributed test cases in a network
of NixOS virtual machines
Sander van der Burg, Eelco Dolstra Using NixOS for declarative deployment and testing
29. References
NixOS website: http://nixos.org
Nix. A purely functional package manager
Nixpkgs. Nix packages collection
NixOS. Nix based GNU/Linux distribution
Hydra. Nix based continuous build and integration server
Disnix. Nix based distributed service deployment
Software available under free and open-source licenses
(LGPL/X11)
Sander van der Burg, Eelco Dolstra Using NixOS for declarative deployment and testing
30. References
Nix package manager can be used on any Linux system,
FreeBSD, OpenSolaris, Darwin and Cygwin
Virtualization features can be used on any Linux system
running the Nix package manager and KVM.
Sander van der Burg, Eelco Dolstra Using NixOS for declarative deployment and testing