SlideShare a Scribd company logo

Functional Operations (Functional Programming at Comcast Labs Connect)

Susan Potter, profile picture
Susan Potter

The document discusses functional operations and the use of Nix, a purely functional package manager, to address core infrastructure engineering problems such as non-repeatable environments and unpredictable machine rollbacks. It highlights Nix's properties, including lazily evaluated package management and immutability, and illustrates system configurations using NixOS for different services. Additionally, it emphasizes the benefits of reliable software and the importance of properties and laws in programming.

Software
1 of 40
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
Functional Operations Functional Programming @ Comcast Labs Connect Susan Potter (@SusanPotter) 2018-03-09 Fri
Functional Operations (Functional Programming at Comcast Labs Connect)
Un-Fun Ops 0
Core InfraEng Problems 1
Core InfraEng Problems • non-repeatable environments • unpredictable machine rollback • out-of-band updating of CI dependencies • lack of muti-node integration testing 1
Causes 2
Causes • no single source of truth • partial definitions yield inconsistencies (over time) • shared mutable state (file manipulation most Linux/UNIX distros) 2
Nix: Reliable Packaging
Nix: What is it? 3
Nix: What is it? • "The Purely Functional Package Manager" (https://nixos.org/nix) 3
Nix: What is it? • "The Purely Functional Package Manager" (https://nixos.org/nix) • (And lazily evaluated expression language) 3
Nix: Source Example This Nix lambda denotes the hello package # Named keyword arguments: all non -optional { stdenv , fetchurl , perl }: let version = "2.10"; in stdenv.mkDerivation { inherit perl; name = "hello -${version}"; builder = ./builder.sh; src = fetchurl { url = "mirror://gnu/hello/${name}.tar.gz"; sha256 = "0ssi1wpaf7plaswqqjw...l7c9lng89ndq1i"; }; } 4
Nix: Derivation drvPath Inspecting hello package drvPath $ nix -repl ’<nixpkgs >’ nix -repl > hello.drvPath "/nix/store /3mdx...-hello -2.10. drv" nix -repl > hello.outPath "/nix/store/kmwd ...-hello -2.10" nix -repl > :q $ stat -t /nix/store /3mdx...-hello -2.10. drv /nix/store /3mdx...-hello -2.10. drv 1219 8 8124 0 0 fe00 13940452 ... 5
Nix: Package outPath Lazy evaluation means we only build the packages we need $ stat -t /nix/store/kmwd ...-hello -2.10 stat: cannot stat ’/nix/store/kmwd ...-hello -2.10 ’: No such file or ... To evaluate or realize the package we nix build $ nix build nixpkgs.hello [1 copied (0.2 MiB), 0.0 MiB DL] Now we can see the hello package outPath in the Nix store $ stat -t /nix/store/kmwd ...-hello -2.10 /nix/store/kmwd ...-hello -2.10 4096 8 416d 0 0 fe00 14115111 4 0 0 ... 6
Nix: Package outPath The high-level layout of the hello.outPath $ tree --du -hugFDL 2 /nix/store/kmwd ...-hello -2.10 /nix/store/ kmwd1hq55akdb9sc7l3finr175dajlby -hello -2.10 |-- [root root 33K Dec 31 1969] bin/ | |-- [root root 29K Dec 31 1969] hello* |-- [root root 16K Dec 31 1969] share/ |-- [root root 4.0K Dec 31 1969] info/ |-- [root root 4.0K Dec 31 1969] locale/ |-- [root root 4.0K Dec 31 1969] man/ 53K used in 5 directories , 1 file 7
Nix: Package in user profile Since it is built, surely we can run the binary? (No, not yet) $ hello The program ’hello ’ is currently not installed. It is provided by ... To link into the user profile we install ("Look Ma, no hands/sudo") $ nix -env -iA nixos.hello installing ’hello -2.10 ’ building ’/nix/store /6 s28kd3hdnv5cpd ...1yi5 -user -environment.drv ’... created 6852 symlinks in user environment $ hello -v hello (GNU Hello) 2.10 8
Nix: Properties 9
Nix: Properties • Lazily evaluated • Nix store is immutable! • nixpkgs is an expression: snapshot of community pkgs plus overlayed packages 9
Nix: Properties • Lazily evaluated • Nix store is immutable! • nixpkgs is an expression: snapshot of community pkgs plus overlayed packages • When packages sandboxed: • chroot -ed • private /proc • disabled network/IPC/etc • no env var inheritance 9
Nix: Properties • Lazily evaluated • Nix store is immutable! • nixpkgs is an expression: snapshot of community pkgs plus overlayed packages • When packages sandboxed: • chroot -ed • private /proc • disabled network/IPC/etc • no env var inheritance • Same inputs and src and definition yields same result (outPath and content) • Different inputs or src or definition yields different result (outPath and/or content) • Equational reasoning allows binary substitution 9
Nix Shell: Consistent Envs
nix-shell: Getting started • CI scripts can use nix-shell as shebang #!/usr/bin/env nix -shell #!nix -shell -p python27Full python27Packages .boto3 #!nix -shell -I /path/to/pinned/nixpkgs #!nix -shell -i python import boto3 ec2 = boto3.client(’ec2’) response = ec2. describe_instances () print(response) Note: Approach requires Nix/NixOS installed on builders 10
nix-shell: Running (first time) $ chmod u+x boto.py $ ./ boto.py these paths will be fetched (7.70 MiB download , 45.59 MiB unpacked ): /nix/store/mj8vmgxff9m ...-python -2.7.14 /nix/store/q6js3yms8xd ...-tix -8.4.3 /nix/store/yqgj43ancc0 ...- python2 .7-boto3 -1.4.8 copying path ’/nix/store/yqg...- python2 .7-boto3 -1.4.8 ’ from ’https :// cache.n copying path ’/nix/store/q6j...-tix -8.4.3 ’ from ’https :// cache.nixos.org ’... copying path ’/nix/store/mj8...-python -2.7.14 ’ from ’https :// cache.nixos.org OUTPUT HERE 11
nix-shell: Running (subsequent times) $ ./ boto.py OUTPUT HERE 12
Nix Shell: Recap • Claim: we can get consistent environment, assuming: • our core Nix expression pins version of nixpkgs • devs reload shell at the git revisions to pick up dependency changes • CI server runs tests using shell.nix referenced by nix-shell at that revision • infrastructure for all environments is built using pinned Nix expression • devenv, CI, production-like system builds share the same core expression 13
NixOS
What is NixOS? • "The Purely Functional Linux Distribution" (https://nixos.org/) • Provides congruent system-level configuration • System-level rollbacks 14
NixOS: Example (nginx) # ./machines/nginx.nix { pkgs , ... }: { boot.kernelPackages = pkgs.linuxPackages_4_15; time.timeZone = "UTC"; services.nginx = { enable = true; virtualHosts."my.domain.tld" = { forceSSL = true; enableACME = true; locations."/assets".root = "/var/www/assets"; locations."/".proxyPass = "http://backend -lb:3000"; }; }; } 15
NixOS: Example (Scala microservice) # ./machines/scala -services.nix { pkgs , ... }: let inherit (builtins) listToAttrs map; inherit (pkgs.myorg) scalaServices mulib; in { # Interal custom myorg module; overlayed into pkgs myorg.defaults.enable = true; users.extraUsers = map mulib.mkSystemUser scalaServices; systemd.services = map mulib.mkServiceUnit scalaServices; } 16
NixOS: Example (memcached) # ./machines/memcached.nix { config , pkgs , ... }: { services.memcached.enable = true; services.memcached.maxConnections = 2048; services.memcached.maxMemory = 256; services.memcached.listen = config.networking.eth1.ipAddress; } 17
NixOS: Containers (composition) { config , pkgs , ... }: { containers.cache.config = import ./memcached.nix; containers.proxy.config = import ./nginx.nix; containers.services = { config = import ./scala -services.nix; bindMounts."/webapp" = { hostPath = pkgs.myorg.scalaServices.webapp.outPath; isReadOnly = true; }; }; } 18
NixOS: Multi-node testing (node setup) import ./make -test.nix ({ pkgs , lib , ... }: let kafkaPackage = pkgs.apacheKafka_1_0; in { name = "kafka -1.0"; nodes = { zookeeper = import ./machines/zookeeper.nix; kafka = import ./machines/kafka.nix; }; testScript = import ./tests/kafka.nix { package = kafkaPackage; util = pkgs.myorg.testing.util; }; }) 19
NixOS: Multi-node testing (test script) { pkg , kPort ? 9092 , zkPort ? 2181 , topic ? "test" , util }: let inherit (util) createTopicCmd producerPipe consumerPipe; in ’’ startAll; $zookeeper ->waitForUnit("zookeeper"); $zookeeper ->waitForOpenPort(${zkPort}); $kafka ->waitForUnit("apache -kafka"); $kafka ->waitForOpenPort(${kPort}); $kafka ->waitUntilSucceeds("${createTopicCmd}"); $kafka ->mustSucceed("echo ’test 1’ | ${producerPipe}"); $kafka ->mustSucceed("${consumerPipe} | grep ’test 1 ’"); ’’ 20
NixOS & nixpkgs: Properties • modular (See nixpkgs overlays) • extensible (see nixos modules) • everything (almost) is a package in the Nix store • system rollbacks (with system profile snapshots saved as generations) • builds on purity of Nix packaging • NO FHS mutation-in-place (links into FHS to immutable Nix store) 21
Reliability
Reliable Software "Those who want really reliable software will discover that they must find means of avoiding the majority of bugs to start with, and as a result the programming process will become cheaper." – EWD 22
Why do properties/laws matter? 23
Why do properties/laws matter? • Because it allows us humble programmers to: 23
Why do properties/laws matter? • Because it allows us humble programmers to: • compose our reasoning • know what we cannot reason about • break down big problems into smaller parts • accomplish the same result with less effort 23
Questions? @SusanPotter (heckle me, ask me questions) 24

More Related Content

PDF
From Zero to Application Delivery with NixOS
Susan Potter
 
PDF
Dynamo: Not Just For Datastores
Susan Potter
 
PDF
Ricon/West 2013: Adventures with Riak Pipe
Susan Potter
 
PDF
From Zero To Production (NixOS, Erlang) @ Erlang Factory SF 2016
Susan Potter
 
PDF
Hopping in clouds: a tale of migration from one cloud provider to another
Michele Orselli
 
PDF
Using ngx_lua in UPYUN
Cong Zhang
 
PDF
Lua tech talk
Locaweb
 
PDF
Nginx-lua
Дэв Тим Афс
 
From Zero to Application Delivery with NixOS
Susan Potter
 
Dynamo: Not Just For Datastores
Susan Potter
 
Ricon/West 2013: Adventures with Riak Pipe
Susan Potter
 
From Zero To Production (NixOS, Erlang) @ Erlang Factory SF 2016
Susan Potter
 
Hopping in clouds: a tale of migration from one cloud provider to another
Michele Orselli
 
Using ngx_lua in UPYUN
Cong Zhang
 
Lua tech talk
Locaweb
 
Nginx-lua
Дэв Тим Афс
 

What's hot (20)

PDF
BDD - Buzzword Driven Development - Build the next cool app for fun and for.....
Alessandro Cinelli (cirpo)
 
PDF
Testing your infrastructure with litmus
Bram Vogelaar
 
PDF
Roll Your Own API Management Platform with nginx and Lua
Jon Moore
 
PDF
RestMQ - HTTP/Redis based Message Queue
Gleicon Moraes
 
PPTX
The Art of Exploiting Unconventional Use-after-free Bugs in Android Kernel by...
CODE BLUE
 
PPTX
Discovering OpenBSD on AWS
Laurent Bernaille
 
PDF
Securing Prometheus exporters using HashiCorp Vault
Bram Vogelaar
 
PDF
Web scale infrastructures with kubernetes and flannel
purpleocean
 
PDF
Building Distributed System with Celery on Docker Swarm - PyCon JP 2016
Wei Lin
 
PDF
Ansible not only for Dummies
Łukasz Proszek
 
PDF
Redis as a message queue
Brandon Lamb
 
PDF
Coroutines for Kotlin Multiplatform in Practise
Christian Melchior
 
PPTX
[오픈소스컨설팅] Linux Network Troubleshooting
Open Source Consulting
 
PPTX
Behind modern concurrency primitives
Bartosz Sypytkowski
 
PPTX
All you need to know about the JavaScript event loop
Saša Tatar
 
PDF
Devinsampa nginx-scripting
Tony Fabeen
 
KEY
Ubic
Vyacheslav Matyukhin
 
PDF
Puppet and the HashiStack
Bram Vogelaar
 
PDF
Event loop
codepitbull
 
PDF
Bootstrapping multidc observability stack
Bram Vogelaar
 
BDD - Buzzword Driven Development - Build the next cool app for fun and for.....
Alessandro Cinelli (cirpo)
 
Testing your infrastructure with litmus
Bram Vogelaar
 
Roll Your Own API Management Platform with nginx and Lua
Jon Moore
 
RestMQ - HTTP/Redis based Message Queue
Gleicon Moraes
 
The Art of Exploiting Unconventional Use-after-free Bugs in Android Kernel by...
CODE BLUE
 
Discovering OpenBSD on AWS
Laurent Bernaille
 
Securing Prometheus exporters using HashiCorp Vault
Bram Vogelaar
 
Web scale infrastructures with kubernetes and flannel
purpleocean
 
Building Distributed System with Celery on Docker Swarm - PyCon JP 2016
Wei Lin
 
Ansible not only for Dummies
Łukasz Proszek
 
Redis as a message queue
Brandon Lamb
 
Coroutines for Kotlin Multiplatform in Practise
Christian Melchior
 
[오픈소스컨설팅] Linux Network Troubleshooting
Open Source Consulting
 
Behind modern concurrency primitives
Bartosz Sypytkowski
 
All you need to know about the JavaScript event loop
Saša Tatar
 
Devinsampa nginx-scripting
Tony Fabeen
 
Ubic
Vyacheslav Matyukhin
 
Puppet and the HashiStack
Bram Vogelaar
 
Event loop
codepitbull
 
Bootstrapping multidc observability stack
Bram Vogelaar
 
Ad

Similar to Functional Operations (Functional Programming at Comcast Labs Connect) (20)

PDF
Mininet Basics
Eueung Mulyana
 
PDF
Dependencies Managers in C/C++. Using stdcpp 2014
biicode
 
PDF
Nix for Python developers
Asko Soukka
 
PDF
Puppet at Opera Sofware - PuppetCamp Oslo 2013
Cosimo Streppone
 
PDF
Binary Packaging for HPC with Spack
inside-BigData.com
 
PDF
Package Management via Spack on SJTU π Supercomputer
Jianwen Wei
 
PDF
9 steps to install and configure postgre sql from source on linux
chinkshady
 
PPTX
2012 coscup - Build your PHP application on Heroku
ronnywang_tw
 
PDF
containerit at useR!2017 conference, Brussels
Daniel Nüst
 
PDF
[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview
Leo Lorieri
 
PDF
DPDK in Containers Hands-on Lab
Michelle Holley
 
PDF
Automating complex infrastructures with Puppet
Kris Buytaert
 
PDF
Nix: What even is it though?
Burke Libbey
 
PDF
Sandboxing WebKitGTK (GUADEC 2019)
Igalia
 
ZIP
Embedded Linux Odp
ghessler
 
PPTX
Why favour Icinga over Nagios - Rootconf 2015
Icinga
 
PDF
Inside Docker for Fedora20/RHEL7
Etsuji Nakai
 
PDF
Automating Mendix application deployments with Nix
Sander van der Burg
 
PDF
Docker containers : introduction
rinnocente
 
ODP
LSA2 - 02 Namespaces
Marian Marinov
 
Mininet Basics
Eueung Mulyana
 
Dependencies Managers in C/C++. Using stdcpp 2014
biicode
 
Nix for Python developers
Asko Soukka
 
Puppet at Opera Sofware - PuppetCamp Oslo 2013
Cosimo Streppone
 
Binary Packaging for HPC with Spack
inside-BigData.com
 
Package Management via Spack on SJTU π Supercomputer
Jianwen Wei
 
9 steps to install and configure postgre sql from source on linux
chinkshady
 
2012 coscup - Build your PHP application on Heroku
ronnywang_tw
 
containerit at useR!2017 conference, Brussels
Daniel Nüst
 
[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview
Leo Lorieri
 
DPDK in Containers Hands-on Lab
Michelle Holley
 
Automating complex infrastructures with Puppet
Kris Buytaert
 
Nix: What even is it though?
Burke Libbey
 
Sandboxing WebKitGTK (GUADEC 2019)
Igalia
 
Embedded Linux Odp
ghessler
 
Why favour Icinga over Nagios - Rootconf 2015
Icinga
 
Inside Docker for Fedora20/RHEL7
Etsuji Nakai
 
Automating Mendix application deployments with Nix
Sander van der Burg
 
Docker containers : introduction
rinnocente
 
LSA2 - 02 Namespaces
Marian Marinov
 
Ad

More from Susan Potter (13)

PDF
Thinking in Properties
Susan Potter
 
PDF
Champaign-Urbana Javascript Meetup Talk (Jan 2020)
Susan Potter
 
PDF
From Zero to Haskell: Lessons Learned
Susan Potter
 
PDF
Dynamically scaling a political news and activism hub (up to 5x the traffic i...
Susan Potter
 
PDF
Scalaz By Example (An IO Taster) -- PDXScala Meetup Jan 2014
Susan Potter
 
PDF
Functional Algebra: Monoids Applied
Susan Potter
 
PDF
Why Haskell
Susan Potter
 
PDF
Distributed Developer Workflows using Git
Susan Potter
 
PDF
Link Walking with Riak
Susan Potter
 
PDF
Writing Bullet-Proof Javascript: By Using CoffeeScript
Susan Potter
 
PDF
Twitter4R OAuth
Susan Potter
 
PDF
Deploying distributed software services to the cloud without breaking a sweat
Susan Potter
 
PDF
Designing for Concurrency
Susan Potter
 
Thinking in Properties
Susan Potter
 
Champaign-Urbana Javascript Meetup Talk (Jan 2020)
Susan Potter
 
From Zero to Haskell: Lessons Learned
Susan Potter
 
Dynamically scaling a political news and activism hub (up to 5x the traffic i...
Susan Potter
 
Scalaz By Example (An IO Taster) -- PDXScala Meetup Jan 2014
Susan Potter
 
Functional Algebra: Monoids Applied
Susan Potter
 
Why Haskell
Susan Potter
 
Distributed Developer Workflows using Git
Susan Potter
 
Link Walking with Riak
Susan Potter
 
Writing Bullet-Proof Javascript: By Using CoffeeScript
Susan Potter
 
Twitter4R OAuth
Susan Potter
 
Deploying distributed software services to the cloud without breaking a sweat
Susan Potter
 
Designing for Concurrency
Susan Potter
 

Recently uploaded (20)

PDF
2025 Textile ERP Trends: SAP, Odoo & Oracle
Aetos Technologies
 
PDF
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
PDF
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
PPTX
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
PPTX
ManageIQ - Sprint 268 Review - Slide Deck
ManageIQ
 
PDF
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
PPTX
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
PPTX
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
PDF
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
PDF
AI in Product Development-omnex systems
omnex systems
 
PDF
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
PDF
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
PPT
Introduction Database Management System for Course Database
ReinertYosua
 
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 41
ghrom2211g
 
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
PDF
Upgrade and Innovation Strategies for SAP ERP Customers
Virendra Rai, PMP
 
PDF
Addressing The Cult of Project Management Tools-Why Disconnected Work is Hold...
OnePlan Solutions
 
PDF
Raksha Bandhan Grocery Pricing Trends in India 2025.pdf
Actowiz Solustions
 
PDF
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
PDF
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
2025 Textile ERP Trends: SAP, Odoo & Oracle
Aetos Technologies
 
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
ManageIQ - Sprint 268 Review - Slide Deck
ManageIQ
 
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
AI in Product Development-omnex systems
omnex systems
 
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
Introduction Database Management System for Course Database
ReinertYosua
 
Internet Downloader Manager (IDM) Crack 6.42 Build 41
ghrom2211g
 
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
Upgrade and Innovation Strategies for SAP ERP Customers
Virendra Rai, PMP
 
Addressing The Cult of Project Management Tools-Why Disconnected Work is Hold...
OnePlan Solutions
 
Raksha Bandhan Grocery Pricing Trends in India 2025.pdf
Actowiz Solustions
 
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 

Functional Operations (Functional Programming at Comcast Labs Connect)

  • 1. Functional Operations Functional Programming @ Comcast Labs Connect Susan Potter (@SusanPotter) 2018-03-09 Fri
  • 5. Core InfraEng Problems • non-repeatable environments • unpredictable machine rollback • out-of-band updating of CI dependencies • lack of muti-node integration testing 1
  • 7. Causes • no single source of truth • partial definitions yield inconsistencies (over time) • shared mutable state (file manipulation most Linux/UNIX distros) 2
  • 9. Nix: What is it? 3
  • 10. Nix: What is it? • "The Purely Functional Package Manager" (https://nixos.org/nix) 3
  • 11. Nix: What is it? • "The Purely Functional Package Manager" (https://nixos.org/nix) • (And lazily evaluated expression language) 3
  • 12. Nix: Source Example This Nix lambda denotes the hello package # Named keyword arguments: all non -optional { stdenv , fetchurl , perl }: let version = "2.10"; in stdenv.mkDerivation { inherit perl; name = "hello -${version}"; builder = ./builder.sh; src = fetchurl { url = "mirror://gnu/hello/${name}.tar.gz"; sha256 = "0ssi1wpaf7plaswqqjw...l7c9lng89ndq1i"; }; } 4
  • 13. Nix: Derivation drvPath Inspecting hello package drvPath $ nix -repl ’<nixpkgs >’ nix -repl > hello.drvPath "/nix/store /3mdx...-hello -2.10. drv" nix -repl > hello.outPath "/nix/store/kmwd ...-hello -2.10" nix -repl > :q $ stat -t /nix/store /3mdx...-hello -2.10. drv /nix/store /3mdx...-hello -2.10. drv 1219 8 8124 0 0 fe00 13940452 ... 5
  • 14. Nix: Package outPath Lazy evaluation means we only build the packages we need $ stat -t /nix/store/kmwd ...-hello -2.10 stat: cannot stat ’/nix/store/kmwd ...-hello -2.10 ’: No such file or ... To evaluate or realize the package we nix build $ nix build nixpkgs.hello [1 copied (0.2 MiB), 0.0 MiB DL] Now we can see the hello package outPath in the Nix store $ stat -t /nix/store/kmwd ...-hello -2.10 /nix/store/kmwd ...-hello -2.10 4096 8 416d 0 0 fe00 14115111 4 0 0 ... 6
  • 15. Nix: Package outPath The high-level layout of the hello.outPath $ tree --du -hugFDL 2 /nix/store/kmwd ...-hello -2.10 /nix/store/ kmwd1hq55akdb9sc7l3finr175dajlby -hello -2.10 |-- [root root 33K Dec 31 1969] bin/ | |-- [root root 29K Dec 31 1969] hello* |-- [root root 16K Dec 31 1969] share/ |-- [root root 4.0K Dec 31 1969] info/ |-- [root root 4.0K Dec 31 1969] locale/ |-- [root root 4.0K Dec 31 1969] man/ 53K used in 5 directories , 1 file 7
  • 16. Nix: Package in user profile Since it is built, surely we can run the binary? (No, not yet) $ hello The program ’hello ’ is currently not installed. It is provided by ... To link into the user profile we install ("Look Ma, no hands/sudo") $ nix -env -iA nixos.hello installing ’hello -2.10 ’ building ’/nix/store /6 s28kd3hdnv5cpd ...1yi5 -user -environment.drv ’... created 6852 symlinks in user environment $ hello -v hello (GNU Hello) 2.10 8
  • 18. Nix: Properties • Lazily evaluated • Nix store is immutable! • nixpkgs is an expression: snapshot of community pkgs plus overlayed packages 9
  • 19. Nix: Properties • Lazily evaluated • Nix store is immutable! • nixpkgs is an expression: snapshot of community pkgs plus overlayed packages • When packages sandboxed: • chroot -ed • private /proc • disabled network/IPC/etc • no env var inheritance 9
  • 20. Nix: Properties • Lazily evaluated • Nix store is immutable! • nixpkgs is an expression: snapshot of community pkgs plus overlayed packages • When packages sandboxed: • chroot -ed • private /proc • disabled network/IPC/etc • no env var inheritance • Same inputs and src and definition yields same result (outPath and content) • Different inputs or src or definition yields different result (outPath and/or content) • Equational reasoning allows binary substitution 9
  • 22. nix-shell: Getting started • CI scripts can use nix-shell as shebang #!/usr/bin/env nix -shell #!nix -shell -p python27Full python27Packages .boto3 #!nix -shell -I /path/to/pinned/nixpkgs #!nix -shell -i python import boto3 ec2 = boto3.client(’ec2’) response = ec2. describe_instances () print(response) Note: Approach requires Nix/NixOS installed on builders 10
  • 23. nix-shell: Running (first time) $ chmod u+x boto.py $ ./ boto.py these paths will be fetched (7.70 MiB download , 45.59 MiB unpacked ): /nix/store/mj8vmgxff9m ...-python -2.7.14 /nix/store/q6js3yms8xd ...-tix -8.4.3 /nix/store/yqgj43ancc0 ...- python2 .7-boto3 -1.4.8 copying path ’/nix/store/yqg...- python2 .7-boto3 -1.4.8 ’ from ’https :// cache.n copying path ’/nix/store/q6j...-tix -8.4.3 ’ from ’https :// cache.nixos.org ’... copying path ’/nix/store/mj8...-python -2.7.14 ’ from ’https :// cache.nixos.org OUTPUT HERE 11
  • 24. nix-shell: Running (subsequent times) $ ./ boto.py OUTPUT HERE 12
  • 25. Nix Shell: Recap • Claim: we can get consistent environment, assuming: • our core Nix expression pins version of nixpkgs • devs reload shell at the git revisions to pick up dependency changes • CI server runs tests using shell.nix referenced by nix-shell at that revision • infrastructure for all environments is built using pinned Nix expression • devenv, CI, production-like system builds share the same core expression 13
  • 26. NixOS
  • 27. What is NixOS? • "The Purely Functional Linux Distribution" (https://nixos.org/) • Provides congruent system-level configuration • System-level rollbacks 14
  • 28. NixOS: Example (nginx) # ./machines/nginx.nix { pkgs , ... }: { boot.kernelPackages = pkgs.linuxPackages_4_15; time.timeZone = "UTC"; services.nginx = { enable = true; virtualHosts."my.domain.tld" = { forceSSL = true; enableACME = true; locations."/assets".root = "/var/www/assets"; locations."/".proxyPass = "http://backend -lb:3000"; }; }; } 15
  • 29. NixOS: Example (Scala microservice) # ./machines/scala -services.nix { pkgs , ... }: let inherit (builtins) listToAttrs map; inherit (pkgs.myorg) scalaServices mulib; in { # Interal custom myorg module; overlayed into pkgs myorg.defaults.enable = true; users.extraUsers = map mulib.mkSystemUser scalaServices; systemd.services = map mulib.mkServiceUnit scalaServices; } 16
  • 30. NixOS: Example (memcached) # ./machines/memcached.nix { config , pkgs , ... }: { services.memcached.enable = true; services.memcached.maxConnections = 2048; services.memcached.maxMemory = 256; services.memcached.listen = config.networking.eth1.ipAddress; } 17
  • 31. NixOS: Containers (composition) { config , pkgs , ... }: { containers.cache.config = import ./memcached.nix; containers.proxy.config = import ./nginx.nix; containers.services = { config = import ./scala -services.nix; bindMounts."/webapp" = { hostPath = pkgs.myorg.scalaServices.webapp.outPath; isReadOnly = true; }; }; } 18
  • 32. NixOS: Multi-node testing (node setup) import ./make -test.nix ({ pkgs , lib , ... }: let kafkaPackage = pkgs.apacheKafka_1_0; in { name = "kafka -1.0"; nodes = { zookeeper = import ./machines/zookeeper.nix; kafka = import ./machines/kafka.nix; }; testScript = import ./tests/kafka.nix { package = kafkaPackage; util = pkgs.myorg.testing.util; }; }) 19
  • 33. NixOS: Multi-node testing (test script) { pkg , kPort ? 9092 , zkPort ? 2181 , topic ? "test" , util }: let inherit (util) createTopicCmd producerPipe consumerPipe; in ’’ startAll; $zookeeper ->waitForUnit("zookeeper"); $zookeeper ->waitForOpenPort(${zkPort}); $kafka ->waitForUnit("apache -kafka"); $kafka ->waitForOpenPort(${kPort}); $kafka ->waitUntilSucceeds("${createTopicCmd}"); $kafka ->mustSucceed("echo ’test 1’ | ${producerPipe}"); $kafka ->mustSucceed("${consumerPipe} | grep ’test 1 ’"); ’’ 20
  • 34. NixOS & nixpkgs: Properties • modular (See nixpkgs overlays) • extensible (see nixos modules) • everything (almost) is a package in the Nix store • system rollbacks (with system profile snapshots saved as generations) • builds on purity of Nix packaging • NO FHS mutation-in-place (links into FHS to immutable Nix store) 21
  • 36. Reliable Software "Those who want really reliable software will discover that they must find means of avoiding the majority of bugs to start with, and as a result the programming process will become cheaper." – EWD 22
  • 38. Why do properties/laws matter? • Because it allows us humble programmers to: 23
  • 39. Why do properties/laws matter? • Because it allows us humble programmers to: • compose our reasoning • know what we cannot reason about • break down big problems into smaller parts • accomplish the same result with less effort 23
  • 40. Questions? @SusanPotter (heckle me, ask me questions) 24