Re: [Nix-dev] Why nginx config isn't placed into /etc/nginx/nginx.conf?
Am 12.08.2016 um 10:09 schrieb Roger Qiu: > Fascinating. Have you heard of CFEngine's "Convergent Fixedpoint" idea? > https://en.wikipedia.org/wiki/CFEngine#Convergence Sure. Many mainstream system management tools like Cfengine, Puppet, Ansible, ... are built around this concept of convergence. This is exactly what I mean with "convergent" in my blog post. BR Christian -- Dipl-Inf. Christian Kauhaus <>< · k...@flyingcircus.io · +49 345 219401-0 Flying Circus Internet Operations GmbH · http://flyingcircus.io Forsterstraße 29 · 06112 Halle (Saale) · Deutschland HR Stendal 21169 · Geschäftsführer: Christian Theune, Christian Zagrodnick signature.asc Description: OpenPGP digital signature ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Why nginx config isn't placed into /etc/nginx/nginx.conf?
Fascinating. Have you heard of CFEngine's "Convergent Fixedpoint" idea? https://en.wikipedia.org/wiki/CFEngine#Convergence On 11/08/2016 7:21 PM, Christian Kauhaus wrote: Am 10.08.2016 um 00:29 schrieb Arnold Krille: On Tue, 9 Aug 2016 19:54:10 +0100 Luca Bruno wrote: Except that the existing world and software is not reproducible and revertable. [...] Thanks to Nixos I can set my server back to the system configuration from four months back. Apart from the user data of course. Systems management always decomposes into congruent, convergent and divergent realms. The aim of Nix (as I understand it) is to grow the congruent realm. Of course, the other realms won't go away. For those interested, I've written a blog post some months ago which explains these realms and how they relate to NixOS: https://blog.flyingcircus.io/2016/05/06/thoughts-on-systems-management-methods/ HTH Christian ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev -- Founder of Matrix AI https://matrix.ai/ +61420925975 ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Why nginx config isn't placed into /etc/nginx/nginx.conf?
Am 10.08.2016 um 00:29 schrieb Arnold Krille: > On Tue, 9 Aug 2016 19:54:10 +0100 Luca Bruno > wrote: >> Except that the existing world and software is not reproducible and >> revertable. > [...] > Thanks to Nixos I can set my server back to the system configuration > from four months back. Apart from the user data of course. Systems management always decomposes into congruent, convergent and divergent realms. The aim of Nix (as I understand it) is to grow the congruent realm. Of course, the other realms won't go away. For those interested, I've written a blog post some months ago which explains these realms and how they relate to NixOS: https://blog.flyingcircus.io/2016/05/06/thoughts-on-systems-management-methods/ HTH Christian -- Dipl-Inf. Christian Kauhaus <>< · k...@flyingcircus.io · +49 345 219401-0 Flying Circus Internet Operations GmbH · http://flyingcircus.io Forsterstraße 29 · 06112 Halle (Saale) · Deutschland HR Stendal 21169 · Geschäftsführer: Christian Theune, Christian Zagrodnick signature.asc Description: OpenPGP digital signature ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Why nginx config isn't placed into /etc/nginx/nginx.conf?
Just put haproxy in front and then.. oh wait, what if the haproxy configuration changes? :p Since systemd already does socket activation it would be nice if it could also start a new process before sending the SIGTERM to the old one. The old process would the stop accepting new connection but have a delay to handle the existing clients connection. On Tue, 9 Aug 2016, 23:19 Layus, wrote: > Would you mind expanding on these two reasons ? > > If I understand you well, the first is about using reload instead of > restart. > I guess it is useful for shorter downtimes, or even to avoid breaking > existing connections, right ? > This seems like a valid point to me. We could try to improve this. > > But I do not understand your second concern. > > Regards, > -- Layus. > > > On 09/08/16 19:06, Luca Bruno wrote: > > So, there are few drawbacks with the read-only nginx config as it is. Of > course, you can at any time run the nginx with an /etc/nginx config that > you write imperatively, by creating a brand new systemd service and > disregarding the existing one. After all nginx is quite a simple service to > run. > > Problems with the current approach: > 1. Doesn't allow for nginx reload, because the file path changes hence > nginx needs to be restarted. > 2. If you are auto-updating the nginx config and reloading it > automatically after e.g. Consul health checking you are in trouble. > > With /etc/nginx you give up nix rollbacks, but you can do it manually with > git which is faster than a nixos-rebuild. > > So if you are going to run production stuff and maximize availability, I'd > suggest to go for imperative /etc/nginx. > > That applies to most of fully declarative services in nixos. > > An alternative would be to still be kind of declarative by creating a > static /etc/nginx path which symlinks to the read-only config. It all > depends if nginx follows symlinks or not. > If it works, it's worth changing the nixos systemd definition of nginx for > all with this approach. > Still you will have troubles with 3rd orchestration software auto-updating > the nginx config file. > > > > ___ > nix-dev mailing > listnix-...@lists.science.uu.nlhttp://lists.science.uu.nl/mailman/listinfo/nix-dev > > > ___ > nix-dev mailing list > nix-dev@lists.science.uu.nl > http://lists.science.uu.nl/mailman/listinfo/nix-dev > ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Why nginx config isn't placed into /etc/nginx/nginx.conf?
On Tue, 9 Aug 2016 19:54:10 +0100 Luca Bruno wrote: > When using Nixos to define my system, I want to use Nixos to define my > > system. No other 'orchestration' software or (god forbid) any > > user/admin should change that the imperative way. Only then can I > > use nix the way its intended to have fully reproducible and > > revertable states. > > > > Except that the existing world and software is not reproducible and > revertable. But it is, isn't it? Thanks to Nixos I can set my server back to the system configuration from four months back. Apart from the user data of course. Thanks to the fact that my system declaration is in git I can even throw away all generations apart from the last few and still rebuild my server as it was four months ago. (Try that with other linux distributions and any orchestration or configuration management.) And I am not talking about some imaginary server, but the real existing hardware under my desk;-) Thats the beauty of Nixos, it makes the existing software-world reproducible and revertable. > > > > For me the question is not why the nginx.conf is not in /etc/nginx > > but "why whould I want the nginx.conf in /etc/nginx at all when > > using Nixos"? > > > > For the reasons explained above, philosophy apart. - Arnold PS: no need to CC me, I am subscribed. signature.asc Description: PGP signature ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Why nginx config isn't placed into /etc/nginx/nginx.conf?
Would you mind expanding on these two reasons ? If I understand you well, the first is about using reload instead of restart. I guess it is useful for shorter downtimes, or even to avoid breaking existing connections, right ? This seems like a valid point to me. We could try to improve this. But I do not understand your second concern. Regards, -- Layus. On 09/08/16 19:06, Luca Bruno wrote: So, there are few drawbacks with the read-only nginx config as it is. Of course, you can at any time run the nginx with an /etc/nginx config that you write imperatively, by creating a brand new systemd service and disregarding the existing one. After all nginx is quite a simple service to run. Problems with the current approach: 1. Doesn't allow for nginx reload, because the file path changes hence nginx needs to be restarted. 2. If you are auto-updating the nginx config and reloading it automatically after e.g. Consul health checking you are in trouble. With /etc/nginx you give up nix rollbacks, but you can do it manually with git which is faster than a nixos-rebuild. So if you are going to run production stuff and maximize availability, I'd suggest to go for imperative /etc/nginx. That applies to most of fully declarative services in nixos. An alternative would be to still be kind of declarative by creating a static /etc/nginx path which symlinks to the read-only config. It all depends if nginx follows symlinks or not. If it works, it's worth changing the nixos systemd definition of nginx for all with this approach. Still you will have troubles with 3rd orchestration software auto-updating the nginx config file. ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Why nginx config isn't placed into /etc/nginx/nginx.conf?
When using Nixos to define my system, I want to use Nixos to define my > system. No other 'orchestration' software or (god forbid) any > user/admin should change that the imperative way. Only then can I use > nix the way its intended to have fully reproducible and revertable > states. > Except that the existing world and software is not reproducible and revertable. > > For me the question is not why the nginx.conf is not in /etc/nginx but > "why whould I want the nginx.conf in /etc/nginx at all when using > Nixos"? > For the reasons explained above, philosophy apart. ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Why nginx config isn't placed into /etc/nginx/nginx.conf?
On Tue, 9 Aug 2016 18:06:50 +0100 Luca Bruno wrote: > So, there are few drawbacks with the read-only nginx config as it is. > Of course, you can at any time run the nginx with an /etc/nginx > config that you write imperatively, by creating a brand new systemd > service and disregarding the existing one. After all nginx is quite a > simple service to run. > > Problems with the current approach: > 1. Doesn't allow for nginx reload, because the file path changes hence > nginx needs to be restarted. > 2. If you are auto-updating the nginx config and reloading it > automatically after e.g. Consul health checking you are in trouble. > > With /etc/nginx you give up nix rollbacks, but you can do it manually > with git which is faster than a nixos-rebuild. > > So if you are going to run production stuff and maximize > availability, I'd suggest to go for imperative /etc/nginx. > > That applies to most of fully declarative services in nixos. > > An alternative would be to still be kind of declarative by creating a > static /etc/nginx path which symlinks to the read-only config. It all > depends if nginx follows symlinks or not. > If it works, it's worth changing the nixos systemd definition of > nginx for all with this approach. > Still you will have troubles with 3rd orchestration software > auto-updating the nginx config file. When using Nixos to define my system, I want to use Nixos to define my system. No other 'orchestration' software or (god forbid) any user/admin should change that the imperative way. Only then can I use nix the way its intended to have fully reproducible and revertable states. For me the question is not why the nginx.conf is not in /etc/nginx but "why whould I want the nginx.conf in /etc/nginx at all when using Nixos"? - Arnold signature.asc Description: PGP signature ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Why nginx config isn't placed into /etc/nginx/nginx.conf?
So, there are few drawbacks with the read-only nginx config as it is. Of course, you can at any time run the nginx with an /etc/nginx config that you write imperatively, by creating a brand new systemd service and disregarding the existing one. After all nginx is quite a simple service to run. Problems with the current approach: 1. Doesn't allow for nginx reload, because the file path changes hence nginx needs to be restarted. 2. If you are auto-updating the nginx config and reloading it automatically after e.g. Consul health checking you are in trouble. With /etc/nginx you give up nix rollbacks, but you can do it manually with git which is faster than a nixos-rebuild. So if you are going to run production stuff and maximize availability, I'd suggest to go for imperative /etc/nginx. That applies to most of fully declarative services in nixos. An alternative would be to still be kind of declarative by creating a static /etc/nginx path which symlinks to the read-only config. It all depends if nginx follows symlinks or not. If it works, it's worth changing the nixos systemd definition of nginx for all with this approach. Still you will have troubles with 3rd orchestration software auto-updating the nginx config file. ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Why nginx config isn't placed into /etc/nginx/nginx.conf?
And one extra reason is that this way we can keep previous versions (generations) of the config file, allowing quick rollbacks. On Tue, Aug 9, 2016 at 2:34 PM Robin Gloster wrote: > Hi, > > Adding to Eelco's explanation, this would also theoretically allow you to > start e.g. > different nginx servers on different versions with different > configurations. For > the most or probably all services more changes would be needed to support > this > realistically. > > Robin > > > -Original message- > > From:Eelco Dolstra > > Sent: Tuesday 9th August 2016 11:38 > > To: nix-dev@lists.science.uu.nl > > Subject: Re: [Nix-dev] Why nginx config isn't placed into > /etc/nginx/nginx.conf? > > > > Hi, > > > > On 08/09/2016 01:29 PM, Daniel Hlynskyi wrote: > > > > > Is this intentional? I'm writing a service and want to know whether to > do like > > > nginx or use /etc for configs. > > > > Generally, files should not be placed in /etc unless they are global > > configuration, like /etc/resolv.conf. This way, implicit dependencies are > > avoided. Service-specific configuration files like nginx.conf don't need > to be > > in /etc because they usually can be passed to the service via a command > line > > switch from the generated systemd unit. > > > > -- > > Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ > > ___ > > nix-dev mailing list > > nix-dev@lists.science.uu.nl > > http://lists.science.uu.nl/mailman/listinfo/nix-dev > > > ___ > nix-dev mailing list > nix-dev@lists.science.uu.nl > http://lists.science.uu.nl/mailman/listinfo/nix-dev > ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Why nginx config isn't placed into /etc/nginx/nginx.conf?
Hi, Adding to Eelco's explanation, this would also theoretically allow you to start e.g. different nginx servers on different versions with different configurations. For the most or probably all services more changes would be needed to support this realistically. Robin -Original message- > From:Eelco Dolstra > Sent: Tuesday 9th August 2016 11:38 > To: nix-dev@lists.science.uu.nl > Subject: Re: [Nix-dev] Why nginx config isn't placed into > /etc/nginx/nginx.conf? > > Hi, > > On 08/09/2016 01:29 PM, Daniel Hlynskyi wrote: > > > Is this intentional? I'm writing a service and want to know whether to do > > like > > nginx or use /etc for configs. > > Generally, files should not be placed in /etc unless they are global > configuration, like /etc/resolv.conf. This way, implicit dependencies are > avoided. Service-specific configuration files like nginx.conf don't need to be > in /etc because they usually can be passed to the service via a command line > switch from the generated systemd unit. > > -- > Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ > ___ > nix-dev mailing list > nix-dev@lists.science.uu.nl > http://lists.science.uu.nl/mailman/listinfo/nix-dev > ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Why nginx config isn't placed into /etc/nginx/nginx.conf?
Hi, On 08/09/2016 01:29 PM, Daniel Hlynskyi wrote: > Is this intentional? I'm writing a service and want to know whether to do like > nginx or use /etc for configs. Generally, files should not be placed in /etc unless they are global configuration, like /etc/resolv.conf. This way, implicit dependencies are avoided. Service-specific configuration files like nginx.conf don't need to be in /etc because they usually can be passed to the service via a command line switch from the generated systemd unit. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
[Nix-dev] Why nginx config isn't placed into /etc/nginx/nginx.conf?
Is this intentional? I'm writing a service and want to know whether to do like nginx or use /etc for configs. ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
