#+TITLE: Fearless deployments with Guix #+AUTHOR: Christopher Allan Webber #+EMAIL: cwebber@creativecommons.org #+DATE: 2016-03-04 Fri #+LANGUAGE: en #+OPTIONS: H:2 num:t toc:nil \n:nil @:t ::t |:t ^:nil -:nil f:t *:t <:t #+OPTIONS: TeX:t LaTeX:t skip:nil d:nil todo:t pri:nil tags:not-in-toc #+startup: beamer #+LaTeX_CLASS: beamer #+LaTeX_CLASS_OPTIONS: [presentation] #+BEAMER_THEME: Frankfurt #+BEAMER_COLOR_THEME: dolphin #+BEAMER_FRAME_LEVEL: 2 #+BEGIN_LATEX \newcommand{\wideimage}[1] { \begin{center} \includegraphics[width=\textwidth]{#1} \end{center} } #+END_LATEX #+BEGIN_LATEX \newcommand{\heightimage}[2] { \begin{center} \includegraphics[height=#2]{#1} \end{center} } #+END_LATEX * Setting the stage ** Who am I? \heightimage{../../network_freedom/static/libreplanet_toon_chris.png}{5cm} ** The web we want \wideimage{../static/gmg_campaign_healthy_internet.png} ** The sad reality (centralization) \wideimage{../static/gmg_campaign_fragile_internet.png} ** The sad reality (censorship) \wideimage{../../mediagoblin/static/censor_scan.png} ** The sad reality (surveillance) \wideimage{../static/gmg_campaign_infected_node.png} ** The sad reality (fragility) \wideimage{../static/gmg_campaign_fragile_internet.png} ** The sad reality (fragility) \wideimage{../static/gmg_campaign_fragile_internet_breaking.png} ** The sad reality (fragility) \wideimage{../static/gmg_campaign_fragile_internet_broken.png} ** The sad reality (fragility) \wideimage{../static/gmg_campaign_fragile_internet_gone.png} ** So I work on MediaGoblin... \heightimage{../../mediagoblin/static/mediagoblin_mascot.png}{7cm} ** Decentralized media publishing \wideimage{../static/caminandes-on-mediagoblin.png} ** Sounds great! But??? \wideimage{../../network_freedom/static/mediagoblin_revolution.png} ** Stuff is complex to run \wideimage{../static/upgrade_softwares.png} ** Dependent on phase of the moon \heightimage{../static/Le_Voyage_dans_la_lune.jpg}{7cm} ** One Language Package Manager Per Child \wideimage{../static/zfootage_snowflakes-cropped.jpg} # - Almost nothing is packaged for distros anymore # - Each language has its own package manager # - None of them work together # - If it breaks, I hope you're an expert! ** Have fun managing configuration \wideimage{../static/ray_bouknight-tar_pit_exhibit-scaled.jpg} ** So... docker??? (Or something like it?) : __ : __|II| ,. : __|II|II|__ ( \_,/\ : -.-'-.-'-.-'- __|II|II|II|II|___/ __/ -'-.-'-.-'- : ------------ | [Docker] / -------------- : ------------ : / --------------- : ------------- \____, o ,' ---------------- : -------------- '--,___________,' ----------------- : Easy for users! "I already built this for you, just pull it down and use it!" ** Maybe not :( \heightimage{../static/nzdefenceforce_containers.jpg}{7cm} ** Distro-sized static compiling considered hazardous - Extremely heavy: throws away dynamic linking - Hard to introspect, rebuild - Analysis of Docker Hub: over 70% have medium vulnerabilities, 30-40% high (shellshock, heartbleed) vulnerabilities [[http://www.banyanops.com/blog/analyzing-docker-hub/]] - Reproducible? Only kinda... Docker's DSL is not expressive, and.. - Still dependent on "phase of the moon" of distributions! ** And so here we are \heightimage{../static/nonfree/docker_failwhale-cropped.png}{7cm} * Enter Guix! ** Enter Guix! Enter GuixSD! \heightimage{../static/guixsd_logo.png}{6.75cm} ** Functional packaging (hold the monads!) \heightimage{../../guix/chicagolug_2015/static/function.png}{7cm} ** All the way down! \heightimage{../../guix/chicagolug_2015/static/graphs/coreutils-dag.png}{7cm} ** Like git, for your operating system! \heightimage{../static/profiles-and-stores.png}{6.8cm} ** Keep the history until you don't need it \heightimage{../static/generations-with-diff.png}{6.8cm} ** You are now a time wizard. : # Bad upgrade? No problem! : guix package --roll-back \heightimage{../static/nonfree/dr_sussman.png}{5cm} ** Your profile, my profile - User profiles don't conflict with system profiles - Local development environments with =guix environment= - Need a different glibc or gcc or whatever? No problem! - As many profiles as you want ** Wait, why not Nix? \heightimage{../static/nixos-hex.png}{2.5cm} Guix is based on Nix's ideas! And Nix is super cool! But it's hard to write tooling... ** Guix is just scheme, yo \heightimage{../static/guix-scheme.png}{6.8cm} ** Oh no parentheses!? \heightimage{../static/guix-wisp.png}{6.8cm} ** Parentheses: Not so foreign after all! \wideimage{../static/guix-wisp-scheme-comparison.png} ** Guix is a library, too All datastructures, functions, etc exposed. Hack away! With very little additional code, Guix(SD) has: - Declarative config management (like Puppet, Chef, Salt, Ansible) - Universal language packaging (apt, yum, pip/eggs, gems...) - Local dev environments (virtualenv, rvm, rbenv...) - Local VM tooling (Vagrant...) - Container support (Docker, Rocket...) Add your own tools here! ** This just in: grafts! \heightimage{../static/tree_graft-ria_baeck.jpg}{6.8cm} * Wrapping up ** State of Guix - "It's still beta!" - But probably more stable than most devops stuff - A delight to run (I use it!) - Easy to develop and get involved in ** What's next? - More packages! (~3350 at time of writing) - Deployment tools (GuixOps!) - Good UI tools needed! (Not just emacs and command line :)) - Some day soon we'll have to tackle the nightmare of npm - Sandboxed containers! ** A short story # Maybe this image instead? https://pixabay.com/en/container-cargo-freight-harbor-489933/ \heightimage{../static/warehouse-pixabay.jpg}{7cm} ** Credits (p.1) #+latex: \small{ - Moon image from /Le Voyage dans la lune/ (A Trip to the Moon), public domain. Retrieved from: https://en.wikipedia.org/wiki/A_Trip_to_the_Moon#/media/File:Le_Voyage_dans_la_lune.jpg - Tar pit image by Ray Bouknight, CC BY 2.0: https://www.flickr.com/photos/raybouk/8341369957 - Snowflake from zfootage, CC BY 4.0: https://www.youtube.com/watch?v=Arw269x4duQ https://i.ytimg.com/vi/Arw269x4duQ/maxresdefault.jpg - Rena runs aground (container fail image), CC BY 2.0 https://www.flickr.com/photos/nzdefenceforce/6386334175/ - Tree grafting image, CC BY-SA 2.0 https://www.flickr.com/photos/51691575@N00/2540483417 #+latex: } ** Credits (p.2) #+latex: \small{ - Caminandes video screenshot by Blender Institute, CC BY 4.0 http://www.caminandes.com/ - Chemical warehouse image from Pixabay, CC0 https://pixabay.com/en/warehouse-chemistry-industry-629641/ - GuixSD logos by Luis Felipe López Acevedo, CC BY-SA 4.0 http://www.gnu.org/software/guix/graphics/ - Docker + Twitter image by Karen Rustad - NixOS logo by NixOS team - Some parts borrowed from David Tompson's presentation - Slight snippet from Guix (grep package), GPLv3 or later - Everything else by me (I think???) #+latex: } ** Thanks! Questions? (Demonstrations?) # Shameless self-promotion? \heightimage{../static/mediagoblin_mesh.png}{4cm} © 2016 Christopher Allan Webber == This presentation is licensed under the [[https://creativecommons.org/licenses/by-sa/4.0/][Creative Commons Attribution Share-Alike 4.0 International]] license. More on Guix: https://gnu.org/software/guix More on MediaGoblin: http://mediagoblin.org/