Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Using Nix and Docker as automated deployment solutions

651 views

Published on

Explains how Docker and Nix work as deployment solutions, in what ways they are similar and different, and how they can be combined to achieve interesting results.

Published in: Software
  • Be the first to comment

  • Be the first to like this

Using Nix and Docker as automated deployment solutions

  1. 1. • • • • •
  2. 2. • • • • • • •
  3. 3. • • • • • • • • •
  4. 4. • • • • • •
  5. 5. $ docker pull debian:buster buster: Pulling from library/debian 57df1a1f1ad8: Pull complete Digest: sha256:f744ed553780b84bf376fbfe7879de9a3aece6e611af110f95ca26188cf85cb6 Status: Downloaded newer image for debian:buster $ docker run -it debian:buster /bin/bash $ apt-get update $ apt-get install -y mono-runtime $ mono --version Mono JIT compiler version 5.18.0.240 (Debian 5.18.0.240+dfsg-3 Wed Apr 17 16:37:36 UTC 2019) Copyright (C) 2002-2014 Novell, Inc, Xamarin Inc and Contributors. www.mono-project.com $ which mono /usr/bin/mono
  6. 6. • • FROM debian:buster RUN apt-get update RUN apt-get install -y mono-runtime
  7. 7. $ docker build . -t mymono:latest $ docker run -it mymono:latest /bin/bash $ mono --version Mono JIT compiler version 5.18.0.240 (Debian 5.18.0.240+dfsg-3 Wed Apr 17 16:37:36 UTC 2019) Copyright (C) 2002-2014 Novell, Inc, Xamarin Inc and Contributors. www.mono- project.com
  8. 8. FROM debian:buster RUN apt-get update RUN apt-get install -y nginx ADD nginx.conf /etc ADD index.html /var/www CMD ["nginx", "-g", "daemon off;", "-c", "/etc/nginx.conf"] EXPOSE 80/tcp $ docker build . -t mynginx:latest $ docker run -it -p 8080:80 mynginx:latest
  9. 9. $ docker history mynginx:latest IMAGE CREATED CREATED BY SIZE COMMENT 029491c6130e 13 minutes ago /bin/sh -c #(nop) EXPOSE 80/tcp 0B ec94316b9ca2 13 minutes ago /bin/sh -c #(nop) CMD ["nginx" "-g" "daemon… 0B 0bb364d192db 13 minutes ago /bin/sh -c #(nop) ADD file:18aed37573327bee1… 129B 968ebde5fb5d 13 minutes ago /bin/sh -c #(nop) ADD file:f18afd18cfe2728b3… 189B 2c29120ff52b 13 minutes ago /bin/sh -c apt-get install -y nginx 64.2MB c4974fb27d9a 28 minutes ago /bin/sh -c apt-get update 17.5MB f6dcff9b59af 4 days ago /bin/sh -c #(nop) CMD ["bash"] 0B <missing> 4 days ago /bin/sh -c #(nop) ADD file:07a6578d6f507bd9c… 114MB
  10. 10. • FROM debian:buster RUN apt-get update RUN apt-get install -y apache2 ADD index.html /var/www/html CMD ["apachectl", "-D", "FOREGROUND"] EXPOSE 80/tcp
  11. 11. $ docker history mynginx:latest IMAGE CREATED CREATED BY SIZE COMMENT 029491c6130e 13 minutes ago /bin/sh -c #(nop) EXPOSE 80/tcp 0B ec94316b9ca2 13 minutes ago /bin/sh -c #(nop) CMD ["nginx" "- g" "daemon… 0B 0bb364d192db 13 minutes ago /bin/sh -c #(nop) ADD file:18aed37573327bee1… 129B 968ebde5fb5d 13 minutes ago /bin/sh -c #(nop) ADD file:f18afd18cfe2728b3… 189B 2c29120ff52b 13 minutes ago /bin/sh -c apt-get install -y nginx 64.2MB c4974fb27d9a 28 minutes ago /bin/sh -c apt-get update 17.5MB f6dcff9b59af 4 days ago /bin/sh -c #(nop) CMD ["bash"] 0B <missing> 4 days ago /bin/sh -c #(nop) ADD file:07a6578d6f507bd9c… 114MB $ docker history myapache:latest IMAGE CREATED CREATED BY SIZE COMMENT fc06c36e1d8b 7 minutes ago /bin/sh -c #(nop) EXPOSE 80/tcp 0B d456baddadf5 7 minutes ago /bin/sh -c #(nop) CMD ["apachectl" "-D" "FO… 0B f4bbb25d31af 7 minutes ago /bin/sh -c #(nop) ADD file:18aed37573327bee1… 129B f7afa94e16b4 7 minutes ago /bin/sh -c apt-get install -y apache2 112MB c4974fb27d9a 39 minutes ago /bin/sh -c apt-get update 17.5MB f6dcff9b59af 4 days ago /bin/sh -c #(nop) CMD ["bash"] 0B <missing> 4 days ago /bin/sh -c #(nop) ADD file:07a6578d6f507bd9c… 114MB
  12. 12. • •
  13. 13. • • • •
  14. 14. #!/bin/bash -e export MONO_VERSION=5.20.1.27 wget https://download.mono-project.com/sources/mono/mono-$MONO_VERSION.tar.bz2 tar xfv mono-$MONO_VERSION.tar.bz2 cd mono-* ./autogen.sh --prefix=/app/mono --enable-minimal=aot,profiler,debug,logging --disable-libraries --disable-boehm --with-mcs-docs=no --with-profile2=no make make install tar cfvz /out/mono-binary-tarball-$MONO_VERSION.tar.bz2 /app/mono
  15. 15. • • FROM debian:jessie RUN apt-get update RUN apt-get -y install wget gcc g++ bzip2 make autoconf automake libtool cmake python pkg-config libglib2.0-dev libcairo2-dev libpng-dev libjpeg-dev libgif-dev ADD ./build / CMD /build
  16. 16. $ docker build -t monobuildimage . $ docker run -v $(pwd)/out:/out --rm -t monobuildimage $ ls -lh out total 77M -rw-r--r-- 1 root root 77M sep 14 23:15 mono-binary-tarball-5.20.1.27.tar.bz2
  17. 17. • •
  18. 18. • • •
  19. 19. • • • • •
  20. 20. {stdenv, fetchurl, libgdiplus, pkgconfig, gettext, perl, xlibs, zlib}: stdenv.mkDerivation rec { name = "mono-${version}"; version = "3.10.0"; src = fetchurl { url = "http://download.mono-project.com/sources/mono/${name}.tar.bz2"; sha256 = "1d5hib0qsmh3673k3rdd199633lmczdgpbxl6d3rnb8dh6kd2x7x"; }; buildInputs = [ pkgconfig gettext perl libgdiplus xlibs.libX11 zlib ]; NIX_LDFLAGS = "-lgcc_s" ; dontDisableStatic = true; # To overcome the bug https://bugzilla.novell.com/show_bug.cgi?id=644723 dontStrip = true; # Fix: file /nix/store/xxx-mono-2.4.2.1/lib/mscorlib.dll is an invalid CIL image # Fix mono DLLMap so it can find libX11 and gdiplus to run winforms apps postBuild = '' find . -name 'config' -type f | while read i; do sed -i "s@libX11.so.6@${xlibs.libX11}/lib/libX11.so.6@g" $i sed -i '2 i<dllmap dll="gdiplus.dll" target="${libgdiplus}/lib/libgdiplus.so" os="!windows"/>' $i done ''; }
  21. 21. rec { stdenv = ... fetchurl = ... xlibs = ... gettext = ... perl = ... pkgconfig = import ./pkgconfig { ... }; libgdiplus = import ./libgdiplus { ... }; zlib = import ./zlib { inherit stdenv fetchurl; } mono = import ./mono { inherit stdenv fetchurl libgdiplus pkgconfig gettext perl xlibs zlib; }; ... }
  22. 22. $ nix-build pkgs.nix -A mono /nix/store/0fkqp394m1pfzvjcrn4jisi0sm5c0q8n-mono-3.10.0 $ ls -l result lrwxrwxrwx 1 sbu sbu 55 sep 16 12:07 result -> /nix/store/0fkqp394m1pfzvjcrn4jisi0sm5c0q8n-mono-3.10.0 $ ./result/bin/mono --version Mono JIT compiler version 3.10.0 (tarball Tue Sep 15 08:29:10 UTC 2020) Copyright (C) 2002-2014 Novell, Inc, Xamarin Inc and Contributors. www.mono- project.com
  23. 23. • • • • • • /nix/store/0fkqp394m1pfzvjcrn4jisi0sm5c0q8n-mono-3.10.0
  24. 24. • • /nix/store/0fkqp394m1pfzvjcrn4jisi0sm5c0q8n-mono-3.10.0 /nix/store/0fkqp394m1pfzvjcrn4jisi0sm5c0q8n-mono-3.10.0
  25. 25. • • • • • •
  26. 26. • • • •
  27. 27. $ nix-store --query --graph $(nix-instantiate pkgs.nix -A mono) > out.dot $ dot -Tsvg out.dot > out.svg
  28. 28. • • $ nix-store -qR result /nix/store/x76l1l04vnhw82hv6iwcvcchp3f51304-linux-headers-3.7.1 /nix/store/ikc9iziqc2rldacnbb2cdh7bdc1b2c3n-glibc-2.19 /nix/store/iyxa3l0knar229j4mbhn6a7mspp9nymd-zlib-1.2.8 ... /nix/store/whmb7k2f5xiykd3i0g26jzm16cia4s86-giflib-5.0.5 /nix/store/673zzsana5dlry0l22gwdjvyf1k30hw3-libgdiplus-2.10.9 /nix/store/0fkqp394m1pfzvjcrn4jisi0sm5c0q8n-mono-3.10.0
  29. 29. $ readelf -d ./result/bin/mono Dynamic section at offset 0x3784b0 contains 32 entries: Tag Type Name/Value 0x0000000000000001 (NEEDED) Shared library: [libstdc++.so.6] 0x0000000000000001 (NEEDED) Shared library: [libm.so.6] 0x0000000000000001 (NEEDED) Shared library: [librt.so.1] 0x0000000000000001 (NEEDED) Shared library: [libdl.so.2] 0x0000000000000001 (NEEDED) Shared library: [libpthread.so.0] 0x0000000000000001 (NEEDED) Shared library: [libgcc_s.so.1] 0x0000000000000001 (NEEDED) Shared library: [libc.so.6] 0x000000000000000f (RPATH) Library rpath: [/nix/store/ygqw3h96jg0h77r2kb6ac98caw1mchh4-gcc-4.8.3/lib/../lib64:/nix/store/ikc9iziqc2rldacnbb2cdh7bdc1b2c3n-glibc- 2.19/lib] 0x000000000000001d (RUNPATH) Library runpath: [/nix/store/ygqw3h96jg0h77r2kb6ac98caw1mchh4-gcc-4.8.3/lib/../lib64:/nix/store/ikc9iziqc2rldacnbb2cdh7bdc1b2c3n-glibc- 2.19/lib] ...
  30. 30. $ python --version Python 2.7.17 $ which python /usr/bin/python $ nix-shell -p python3 $ python --version Python 3.8.3 $ which python /nix/store/f87w21b91cws0wbsvyfn5vnlyv491czi-python3-3.8.3/bin/python
  31. 31. • • • •
  32. 32. • • • FROM nixos/nix RUN nix-channel --add https://nixos.org/channels/nixpkgs- unstable nixpkgs RUN nix-channel --update RUN nix-env -f '<nixpkgs>' -iA nginx RUN mkdir -p /var/log/nginx /var/cache/nginx /var/www ADD nginx.conf /etc ADD index.html /var/www CMD ["nginx", "-g", "daemon off;", "-c", "/etc/nginx.conf"] EXPOSE 80/tcp
  33. 33. • • •
  34. 34. with import <nixpkgs> {}; dockerTools.buildImage { name = "nginxexp"; tag = "test"; contents = nginx; runAsRoot = '' ${dockerTools.shadowSetup} groupadd -r nogroup useradd -r nobody -g nogroup -d /dev/null mkdir -p /var/log/nginx /var/cache/nginx /var/www cp ${./index.html} /var/www/index.html ''; config = { Cmd = [ "${nginx}/bin/nginx" "-g" "daemon off;" "-c" ./nginx.conf ]; Expose = { "80/tcp" = {}; }; }; }
  35. 35. • • • $ nix-build /nix/store/qx9cpvdxj78d98rwfk6a5z2qsmqvgzvk-docker-image-nginxexp.tar.gz $ docker load -i result d8847b6d0466: Loading layer [==================================================>] 62.19MB/62.19MB Loaded image: nginxexp:test $ docker run -it -p 8080:80 nginxexp:test
  36. 36. $ docker images REPOSITORY TAG IMAGE ID CREATED SIZE mynginx latest 029491c6130e 14 hours ago 196MB nginxexp test cde8298f025f 50 years ago 61MB
  37. 37. • • • • •
  38. 38. with import <nixpkgs> {}; dockerTools.buildLayeredImage { name = "nginxexp"; tag = "test"; contents = nginx; maxLayers = 100; extraCommands = '' mkdir -p var/log/nginx var/cache/nginx var/www cp ${./index.html} var/www/index.html ‘’; config = { Cmd = [ "${nginx}/bin/nginx" "-g" "daemon off;" "-c" ./nginx-root.conf ]; Expose = { "80/tcp" = {}; }; }; }
  39. 39. $ docker history nginxexp:test IMAGE CREATED CREATED BY SIZE COMMENT b91799a04b99 50 years ago 1.47kB store paths: ['/nix/store/snxpdsksd4wxcn3niiyck0fry3wzri96-nginxexp-customisation-layer'] <missing> 50 years ago 200B store paths: ['/nix/store/6npz42nl2hhsrs98bq45aqkqsndpwvp1-nginx-root.conf'] <missing> 50 years ago 1.79MB store paths: ['/nix/store/qsq6ni4lxd8i4g9g4dvh3y7v1f43fqsp-nginx-1.18.0'] <missing> 50 years ago 492kB store paths: ['/nix/store/kdrdxhswaqm4dgdqs1vs2l4b4md7djma-pcre-8.44'] <missing> 50 years ago 4.17MB store paths: ['/nix/store/6glpgx3pypxzb09wxdqyagv33rrj03qp-openssl-1.1.1g'] ... <missing> 50 years ago 123kB store paths: ['/nix/store/5x6l9xm5dp6v113dpfv673qvhwjyb7p5-zlib-1.2.11'] <missing> 50 years ago 30.9MB store paths: ['/nix/store/bqbg6hb2jsl3kvf6jgmgfdqy06fpjrrn-glibc-2.30'] <missing> 50 years ago 209kB store paths: ['/nix/store/fhg84pzckx2igmcsvg92x1wpvl1dmybf-libidn2-2.3.0'] <missing> 50 years ago 1.63MB store paths: ['/nix/store/y8n2b9nwjrgfx3kvi3vywvfib2cw5xa6-libunistring-0.9.10']
  40. 40. • • • • •
  41. 41. • • • • •
  42. 42. • • • •
  43. 43. • • • • •

×