Sander van der Burg, profile picture
Uploaded bySander van der Burg
PDF, PPTX2,657 views

Automating Mendix application deployments with Nix

The document discusses automating Mendix application deployments using the Nix package manager and NixOS, emphasizing the benefits of a purely functional deployment model. It explains how to create and manage Mendix deployment archives (MDAs), configure system services, and leverage Nix's declarative approach for reproducibility and ease of deployment. Additionally, it outlines future work possibilities including multi-app deployment and integration testing with NixOS.

Embed presentation

Download as PDF, PPTX
Automating Mendix application deployments with Nix Sander van der Burg Software Engineer
Modeling applications bring value to a broader audience than just developers
Deployment is an important activity in an application’s development process Without deployment, an application can not be used by end users
Deployment looks quite convenient for Mendix cloud portal users
Actually managing app deployments is not
Fortunately, there are automated deployment solutions
No deployment solution is perfect So we must keep an open mind when integrating solutions
The Nix project • Family of declarative deployment tools: • Nix. A purely functional package manager • NixOS. Nix-based GNU/Linux distribution • Hydra. Nix-based continuous integration service • NixOps. NixOS-based multi-cloud deployment tool • Disnix. Nix-based distributed service deployment tool
The Nix package manager • The basis of all tools in the Nix project • Nix is a package manager borrowing concepts from purely functional programming languages • 𝑥 = 𝑦 → 𝑓 𝑥 = 𝑓(𝑦) • Reliably deploying a package = Invoking a pure function • Nix provides its own purely functional DSL
Example Nix expression • A package is a function definition • Function parameters correspond to build dependencies • The mkDerivation {} function invocation composes a “pure” build environment • In a build environment, we can invoke almost any build/test tool we want { stdenv, fetchurl, acl }: stdenv.mkDerivation { name = "gnutar-1.30"; src = fetchurl { url = http://ftp.gnu.org/tar/tar-1.30.tar.xz; sha256 = "1lyjyk8z8hdddsxw0ikchrsfg3i0…"; }; buildCommand = '' tar xfv $src cd tar-1.30 ./configure --prefix=$out --with-acl=${acl} make make install ''; }
Composing packages • We must compose packages by providing the desired versions of the dependencies as function parameters • Dependencies are composed in a similar way • Top level expression is an attribute set of function invocations rec { stdenv = import ... fetchurl = import ... acl = import ../pkgs/os-specific/linux/acl { inherit stdenv fetchurl …; }; gnutar = import ../pkgs/tools/archivers/gnutar { inherit stdenv fetchurl acl; }; ... }
Enforcing purity • Nix imposes restrictions on builds: • Every package is stored in an isolated directory, not in global directories, such as /lib, /bin or C:WindowsSystem32 • Files are made read-only after build completion • Timestamps are reset to 1 second after the epoch • Search environment variables are cleared and configured explicitly, e.g. PATH • Private temp folders and designated output directories • Network access is restricted (except when an output hash is given) • Running builds as unprivileged users • Chroot environments, namespaces, bind-mounting dependency packages
The Nix store • Every package is stored in isolation in the Nix store • Every package is prefixed by a 160-bit cryptographic hash of all inputs, such as: • Sources • Libraries • Compilers • Build scripts
Invoke nix-build to build a package rec { stdenv = import ... fetchurl = import ... acl = import ../pkgs/os-specific/linux/acl { inherit stdenv fetchurl; }; gnutar = import ../pkgs/tools/archivers/gnutar { inherit stdenv fetchurl acl; }; ... }
Some benefits of the purely functional model • Strong dependency completeness guarantees • Strong reproducibility guarantees • Build only the packages and dependencies that you need • Packages that don’t depend on each other can be built in parallel • Because of purity, we can also download a substitute from a remote machine (e.g. build server) if the hash prefix is identical • Because of purity, we can delegate a build to a remote machine
Nix user environments • Users have convenient access to packages through a symlink tree (and generation symlinks)
Packaging the Mendix runtime and mxbuild • Simply extract tarball and move content into the Nix store • I created a wrapper script that launches the runtime for convenience • I used a similar approach for mxbuild {stdenv, fetchurl, jre}: stdenv.mkDerivation { name = "mendix-7.13.1"; src = fetchurl { url = https://download.mendix.com/runtimes/mendix-7.13.1.tar.gz; sha256 = "1v620zmxm1s50p5jhpl74xvr0jv4j334cg1yfvy0mvgz4x0jrr7y"; }; installPhase = '' cd .. mkdir -p $out/libexec/mendix mv 7.13.1 $out/libexec/mendix mkdir -p $out/bin # Create wrapper script for the runtime launcher cat > $out/bin/runtimelauncher <<EOF #! ${stdenv.shell} -e export MX_INSTALL_PATH=$out/libexec/mendix/7.13.1 ${jre}/bin/java –jar $out/libexec/mendix/7.13.1/runtime/launcher/runtimelauncher.jar "$@" EOF chmod +x $out/bin/runtimelauncher ''; }
Creating a function abstraction for building MDAs • We can create a Nix function abstraction that builds MDA (Mendix Deployment Archive) bundles from Mendix projects {stdenv, mxbuild, jdk, nodejs}: {name, mendixVersion, looseVersionCheck ? false, ...}@args: let mxbuildPkg = mxbuild."${mendixVersion}"; in stdenv.mkDerivation ({ buildInputs = [ mxbuildPkg nodejs ]; installPhase = '' mkdir -p $out mxbuild --target=package --output=$out/${name}.mda --java-home ${jdk} --java-exe-path ${jdk}/bin/java ${stdenv.lib.optionalString looseVersionCheck "--loose- version-check"} "$(echo *.mpr)" ''; } // args)
Building an MDA from a Mendix project with Nix • We can invoke our function abstraction to build MDAs for any Mendix project we want. {packageMendixApp}: packageMendixApp { name = "conferenceschedule"; src = /home/sbu/ConferenceSchedule-main; mendixVersion = "7.13.1"; }
Declarative deployment • Nix package deployment can be considered declarative deployment • You specify how packages are built from source and what their dependencies are • You don’t specify the deployment activities or the order in which builds need to be carried out • Being declarative means expressing what you want, not how to do something • Declarativity is a spectrum – hard to draw a line between what and how • Producing an MDA is not entirely what we want – we want a running system
NixOS: deploying a Linux distribution declaratively {pkgs, ...}: { boot.loader.grub.device = "/dev/sda"; fileSystems."/".device = "/dev/sda1"; services = { openssh.enable = true; xserver = { enable = true; displayManager.sddm.enable = true; desktopManager.plasma5.enable = true; }; }; environment.systemPackages = [ pkgs.firefox ]; }
NixOS: deploying a Linux distribution declaratively • Nix deploys all packages, configuration files and other static system parts in the Nix store. Generates a Nix user environment that contains all static parts of a system. • A bundled activation script takes care of setting up the dynamic parts of a system, e.g. starting systemd jobs, setting up /var etc. • Changing configuration.nix and running nixos-rebuild again -> upgrade
NixOS: bootloader
Running an MDA • Unzip MDA file to a directory • Add writable state sub directories, e.g. data/files, data/tmp • Configure admin interface settings • Start runtime with the unpacked directory as parameter (Mendix 7.x) export M2EE_ADMIN_PORT=9000 export M2EE_ADMIN_PASS=secret java -jar $out/libexec/mendix/7.13.1/runtime/launcher/runtimelauncher.jar ConferenceSchedule
Running an MDA • Instruct the app container to configure database, initialize database tables and start the app by communicating over the admin interface curlCmd="curl -X POST http://localhost:$M2EE_ADMIN_PORT -H 'Content-Type: application/json' -H 'X-M2EE-Authentication: $(echo -n "$M2EE_ADMIN_PASS" | base64)' -H 'Connection: close'" $curlCmd -d '{ "action": "update_appcontainer_configuration", "params": { "runtime_port": 8080 } }' $curlCmd -d '{ "action": "update_configuration", "params": { "DatabaseType": "HSQLDB", "DatabaseName": "myappdb", "DTAPMode": "D" } }' $curlCmd -d '{ "action": "execute_ddl_commands" }' $curlCmd -d '{ "action": "start" }'
Composing a Mendix app container systemd job for NixOS • We can define a systemd job calling scripts that initialize state, configure the app container and launch the runtime. {pkgs, ...}: { systemd.services.mendixappcontainer = let mendixPkgs = import ../nixpkgs-mendix/top-level/all-packages.nix { inherit pkgs; }; appContainerConfigJSON = pkgs.writeTextFile { ... }; configJSON = pkgs.writeTextFile { name = "config.json"; text = builtins.toJSON { DatabaseType = "HSQLDB"; DatabaseName = "myappdb"; DTAPMode = "D"; }; }; runScripts = mendixPkgs.runMendixApp { app = import ../conferenceschedule.nix { inherit (mendixPkgs) packageMendixApp; }; }; in { enable = true; description = "My Mendix App"; wantedBy = [ "multi-user.target" ]; environment = { M2EE_ADMIN_PASS = "secret"; M2EE_ADMIN_PORT = "9000"; MENDIX_STATE_DIR = "/home/mendix"; }; serviceConfig = { ExecStartPre = "${runScripts}/bin/undeploy-app"; ExecStart = "${runScripts}/bin/start-appcontainer"; ExecStartPost = "${runScripts}/bin/configure-appcontainer ${appContainerConfigJSON} ${configJSON}"; }; }; }
Composing a NixOS module • We can create a module abstraction over the properties that we need to configure to run a Mendix app container { config, lib, pkgs, ... }: let cfg = config.services.mendixAppContainer; in { options = { services.mendixAppContainer = { enable = mkOption { type = types.bool; default = false; description = "Whether to enable the Mendix app container."; }; adminPort = mkOption { type = types.int; default = 9000; description = "TCP port where the admin interface listens to."; }; runtimePort = mkOption { type = types.int; default = 8080; description = "TCP port where the embedded Jetty HTTP server listens to."; }; databaseType = mkOption { type = types.string; default = "HSQLDB"; description = "Type of database to use for storage. Possible options are 'HSQLDB' (the default) or 'PostgreSQL’”; }; app = mkOption { type = types.package; description = "Mendix MDA to deploy"; }; ... }; }; config = mkIf cfg.enable { systemd.services.mendixappcontainer = { ... }; }; }
A simple configuration running a Mendix app • With our custom NixOS module, we can concisely express our desired app container properties {pkgs, ...}: { require = [ ../nixpkgs-mendix/nixos/modules/mendixappcontainer.nix ]; services = { openssh.enable = true; mendixAppContainer = { enable = true; adminPassword = "secret"; databaseType = "HSQLDB"; databaseName = "myappdb"; DTAPMode = "D"; app = import ../../conferenceschedule.nix { inherit pkgs; inherit (pkgs.stdenv) system; }; }; }; networking.firewall.allowedTCPPorts = [ 8080 ]; }
A more complete deployment scenario • We can add a PostgreSQL database and nginx reverse proxy to our NixOS configuration. • We can use the NixOS module system to integrate our Mendix app. {pkgs, config, ...}: { services = { postgresql = { enable = true; enableTCPIP = true; package = pkgs.postgresql94; }; nginx = { enable = true; config = '' http { upstream mendixappcontainer { server 127.0.0.1:${toString config.services.mendixAppContainer.runtimePort}; } server { listen 0.0.0.0:80; server_name localhost; root ${config.services.mendixAppContainer.stateDir}/web location @runtime { proxy_pass http://mendixappcontainer; } location / { try_files $uri $uri/ @runtime; proxy_pass http://mendixappcontainer; } } } ''; }; mendixAppContainer = { databaseType = "PostgreSQL"; ... }; }; networking.firewall.allowedTCPPorts = [ 80 ]; }
Conclusion • I gave an introduction to Nix and NixOS • I have implemented the following features: • A Nix function that builds an MDA file from a project directory • A set of scripts launching and configuring the runtime for a Mendix app • A NixOS module that automatically spawns an app container instance
Conclusion • You can declaratively deploy a system with a Mendix app container by running a single command-line instruction {pkgs, ...}: { require = [ ../nixpkgs-mendix/nixos/modules/mendixappcontainer.nix ]; services = { openssh.enable = true; mendixAppContainer = { enable = true; adminPassword = "secret"; databaseType = "HSQLDB"; databaseName = "myappdb"; DTAPMode = "D"; app = import ../../conferenceschedule.nix { inherit pkgs; inherit (pkgs.stdenv) system; }; }; }; networking.firewall.allowedTCPPorts = [ 8080 ]; }
Future work • Try Disnix. Deploy multiple apps to multiple machines. Manage databases and connections between apps and database. Optionally: manage state/snapshots • Try NixOS test driver. Instantly spawn NixOS virtual machines to run integration tests
References • The NixOS project web site (http://nixos.org) • Nix package manager (http://nixos.org/nix) • The package manager can also be used on conventional Linux distributions and other Unix-like systems, such as macOS and Cygwin • nixpkgs-mendix (http://github.com/mendix/nixpkgs-mendix)

More Related Content

PDF
nix-processmgmt: An experimental Nix-based process manager-agnostic framework
bySander van der Burg
 
PDF
當專案漸趕,當遷移也不再那麼難 (Ship Your Projects with Docker EcoSystem)
byRuoshi Ling
 
PDF
[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview
byLeo Lorieri
 
PDF
Using Nix and Docker as automated deployment solutions
bySander van der Burg
 
PDF
Docker command
byEric Ahn
 
DOCX
NAS Botnet Revealed - Mining Bitcoin
byDavide Cioccia
 
PDF
Docker remote-api
byEric Ahn
 
PDF
CoreOS + Kubernetes @ All Things Open 2015
byBrandon Philips
 
nix-processmgmt: An experimental Nix-based process manager-agnostic framework
bySander van der Burg
 
當專案漸趕,當遷移也不再那麼難 (Ship Your Projects with Docker EcoSystem)
byRuoshi Ling
 
[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview
byLeo Lorieri
 
Using Nix and Docker as automated deployment solutions
bySander van der Burg
 
Docker command
byEric Ahn
 
NAS Botnet Revealed - Mining Bitcoin
byDavide Cioccia
 
Docker remote-api
byEric Ahn
 
CoreOS + Kubernetes @ All Things Open 2015
byBrandon Philips
 

What's hot

PDF
How to create your own hack environment
bySumedt Jitpukdebodin
 
PPTX
Running Docker in Development & Production (#ndcoslo 2015)
byBen Hall
 
PDF
Docker composeで開発環境をメンバに配布せよ
byYusuke Kon
 
PDF
Ansible not only for Dummies
byŁukasz Proszek
 
ODP
Testing Wi-Fi with OSS Tools
byAll Things Open
 
PDF
Small, Simple, and Secure: Alpine Linux under the Microscope
byDocker, Inc.
 
PDF
Dockerを利用したローカル環境から本番環境までの構築設計
byKoichi Nagaoka
 
PDF
Docker up and running
byVictor S. Recio
 
PDF
2017-03-11 02 Денис Нелюбин. Docker & Ansible - лучшие друзья DevOps
byОмские ИТ-субботники
 
PDF
Docker & FieldAware
byJakub Jarosz
 
PDF
Docker and friends at Linux Days 2014 in Prague
bytomasbart
 
PPTX
Lessons from running potentially malicious code inside containers
byBen Hall
 
PDF
Building Docker images with Puppet
byNick Jones
 
PDF
Enjoying k8s cluster with Minikube and Helm
byロフト くん
 
PDF
Docker 初探,實驗室中的運貨鯨
byRuoshi Ling
 
PPTX
Lessons from running potentially malicious code inside Docker containers
byBen Hall
 
PPTX
Building a Docker v1.12 Swarm cluster on ARM
byTeam Hypriot
 
PPTX
QNAP COSCUP Container Station
byWu Fan-Cheng
 
PDF
CoreOS: Control Your Fleet
byMatthew Jones
 
PPTX
CoreOS in a Nutshell
byCoreOS
 
How to create your own hack environment
bySumedt Jitpukdebodin
 
Running Docker in Development & Production (#ndcoslo 2015)
byBen Hall
 
Docker composeで開発環境をメンバに配布せよ
byYusuke Kon
 
Ansible not only for Dummies
byŁukasz Proszek
 
Testing Wi-Fi with OSS Tools
byAll Things Open
 
Small, Simple, and Secure: Alpine Linux under the Microscope
byDocker, Inc.
 
Dockerを利用したローカル環境から本番環境までの構築設計
byKoichi Nagaoka
 
Docker up and running
byVictor S. Recio
 
2017-03-11 02 Денис Нелюбин. Docker & Ansible - лучшие друзья DevOps
byОмские ИТ-субботники
 
Docker & FieldAware
byJakub Jarosz
 
Docker and friends at Linux Days 2014 in Prague
bytomasbart
 
Lessons from running potentially malicious code inside containers
byBen Hall
 
Building Docker images with Puppet
byNick Jones
 
Enjoying k8s cluster with Minikube and Helm
byロフト くん
 
Docker 初探,實驗室中的運貨鯨
byRuoshi Ling
 
Lessons from running potentially malicious code inside Docker containers
byBen Hall
 
Building a Docker v1.12 Swarm cluster on ARM
byTeam Hypriot
 
QNAP COSCUP Container Station
byWu Fan-Cheng
 
CoreOS: Control Your Fleet
byMatthew Jones
 
CoreOS in a Nutshell
byCoreOS
 

Similar to Automating Mendix application deployments with Nix

PDF
Deploying .NET applications with the Nix package manager
bySander van der Burg
 
PDF
The Nix project
bySander van der Burg
 
PDF
The NixOS project and deploying systems declaratively
bySander van der Burg
 
PDF
Deploying NPM packages with the Nix package manager
bySander van der Burg
 
PDF
Using NixOS for declarative deployment and testing
bySander van der Burg
 
PDF
Hydra: Continuous Integration and Testing for Demanding People: The Details
bySander van der Burg
 
PDF
Nix for Python developers
byAsko Soukka
 
PPTX
Oracle Solaris 11 - Best for Enterprise Applications
byglynnfoster
 
PDF
Linux Day Prato 2025: NixOS spiegato ammiocuggino - NixOS for Human Beings
byPeter Bittner
 
PDF
The Nix project
bySander van der Burg
 
PDF
A Reference Architecture for Distributed Software Deployment
bySander van der Burg
 
PDF
Functional Operations (Functional Programming at Comcast Labs Connect)
bySusan Potter
 
PDF
Model-driven Distributed Software Deployment
bySander van der Burg
 
PDF
Deploying software at Scale
byKris Buytaert
 
PDF
From Zero To Production (NixOS, Erlang) @ Erlang Factory SF 2016
bySusan Potter
 
PDF
NixCon Berlin 2015 - Nix at LogicBlox
byRob Vermaas
 
PDF
How devops exhausts itself, and what will happen next
byKirill Vechera
 
PDF
Nix same; same not different
byKeidrych ...
 
PDF
From Zero to Application Delivery with NixOS
bySusan Potter
 
PDF
Deploying Heterogeneous Artifacts to the Cloud with OSGi - Neil Bartlett
bymfrancis
 
Deploying .NET applications with the Nix package manager
bySander van der Burg
 
The Nix project
bySander van der Burg
 
The NixOS project and deploying systems declaratively
bySander van der Burg
 
Deploying NPM packages with the Nix package manager
bySander van der Burg
 
Using NixOS for declarative deployment and testing
bySander van der Burg
 
Hydra: Continuous Integration and Testing for Demanding People: The Details
bySander van der Burg
 
Nix for Python developers
byAsko Soukka
 
Oracle Solaris 11 - Best for Enterprise Applications
byglynnfoster
 
Linux Day Prato 2025: NixOS spiegato ammiocuggino - NixOS for Human Beings
byPeter Bittner
 
The Nix project
bySander van der Burg
 
A Reference Architecture for Distributed Software Deployment
bySander van der Burg
 
Functional Operations (Functional Programming at Comcast Labs Connect)
bySusan Potter
 
Model-driven Distributed Software Deployment
bySander van der Burg
 
Deploying software at Scale
byKris Buytaert
 
From Zero To Production (NixOS, Erlang) @ Erlang Factory SF 2016
bySusan Potter
 
NixCon Berlin 2015 - Nix at LogicBlox
byRob Vermaas
 
How devops exhausts itself, and what will happen next
byKirill Vechera
 
Nix same; same not different
byKeidrych ...
 
From Zero to Application Delivery with NixOS
bySusan Potter
 
Deploying Heterogeneous Artifacts to the Cloud with OSGi - Neil Bartlett
bymfrancis
 

More from Sander van der Burg

PDF
Dysnomia: complementing Nix deployments with state deployment
bySander van der Burg
 
PDF
Automated Deployment of Hetergeneous Service-Oriented System
bySander van der Burg
 
PDF
Model-driven Distributed Software Deployment
bySander van der Burg
 
PDF
The Monitoring Playground
bySander van der Burg
 
PDF
Hydra: Continuous Integration and Testing for Demanding People: The Basics
bySander van der Burg
 
PDF
Techniques and lessons for improvement of deployment processes
bySander van der Burg
 
PDF
Atomic Upgrading of Distributed Systems
bySander van der Burg
 
PDF
Deploying .NET services with Disnix
bySander van der Burg
 
PDF
Deploying (micro)services with Disnix
bySander van der Burg
 
PDF
A Generic Approach for Deploying and Upgrading Mutable Software Components
bySander van der Burg
 
PDF
Disnix: A toolset for distributed deployment
bySander van der Burg
 
PDF
A Self-Adaptive Deployment Framework for Service-Oriented Systems
bySander van der Burg
 
PDF
Software Deployment in a Dynamic Cloud
bySander van der Burg
 
PDF
Model-driven Distributed Software Deployment laymen's talk
bySander van der Burg
 
PDF
A Reference Architecture for Distributed Software Deployment
bySander van der Burg
 
PDF
Pull Deployment of Services
bySander van der Burg
 
PDF
Pull Deployment of Services: Introduction, Progress and Challenges
bySander van der Burg
 
Dysnomia: complementing Nix deployments with state deployment
bySander van der Burg
 
Automated Deployment of Hetergeneous Service-Oriented System
bySander van der Burg
 
Model-driven Distributed Software Deployment
bySander van der Burg
 
The Monitoring Playground
bySander van der Burg
 
Hydra: Continuous Integration and Testing for Demanding People: The Basics
bySander van der Burg
 
Techniques and lessons for improvement of deployment processes
bySander van der Burg
 
Atomic Upgrading of Distributed Systems
bySander van der Burg
 
Deploying .NET services with Disnix
bySander van der Burg
 
Deploying (micro)services with Disnix
bySander van der Burg
 
A Generic Approach for Deploying and Upgrading Mutable Software Components
bySander van der Burg
 
Disnix: A toolset for distributed deployment
bySander van der Burg
 
A Self-Adaptive Deployment Framework for Service-Oriented Systems
bySander van der Burg
 
Software Deployment in a Dynamic Cloud
bySander van der Burg
 
Model-driven Distributed Software Deployment laymen's talk
bySander van der Burg
 
A Reference Architecture for Distributed Software Deployment
bySander van der Burg
 
Pull Deployment of Services
bySander van der Burg
 
Pull Deployment of Services: Introduction, Progress and Challenges
bySander van der Burg
 

Recently uploaded

PPTX
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
PDF
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PPTX
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
PPTX
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
PDF
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
PDF
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
PPTX
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
PPTX
UiPath Autonomous Agents | Building and Orchestrating Agents End-to-End
byUiPathCommunity
 
PPTX
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
PDF
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
PDF
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
PPTX
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
DOCX
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
PDF
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
PPTX
Cybercrime in the Digital Age: Risks, Impact & Protection
byYasir Naveed Riaz
 
PPTX
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
PDF
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
UiPath Autonomous Agents | Building and Orchestrating Agents End-to-End
byUiPathCommunity
 
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
Cybercrime in the Digital Age: Risks, Impact & Protection
byYasir Naveed Riaz
 
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 

Automating Mendix application deployments with Nix

  • 1.
  • 2.
    Modeling applications bringvalue to a broader audience than just developers
  • 3.
    Deployment is animportant activity in an application’s development process Without deployment, an application can not be used by end users
  • 4.
    Deployment looks quiteconvenient for Mendix cloud portal users
  • 5.
    Actually managing appdeployments is not
  • 6.
    Fortunately, there areautomated deployment solutions
  • 7.
    No deployment solutionis perfect So we must keep an open mind when integrating solutions
  • 8.
    The Nix project •Family of declarative deployment tools: • Nix. A purely functional package manager • NixOS. Nix-based GNU/Linux distribution • Hydra. Nix-based continuous integration service • NixOps. NixOS-based multi-cloud deployment tool • Disnix. Nix-based distributed service deployment tool
  • 9.
    The Nix packagemanager • The basis of all tools in the Nix project • Nix is a package manager borrowing concepts from purely functional programming languages • 𝑥 = 𝑦 → 𝑓 𝑥 = 𝑓(𝑦) • Reliably deploying a package = Invoking a pure function • Nix provides its own purely functional DSL
  • 10.
    Example Nix expression •A package is a function definition • Function parameters correspond to build dependencies • The mkDerivation {} function invocation composes a “pure” build environment • In a build environment, we can invoke almost any build/test tool we want { stdenv, fetchurl, acl }: stdenv.mkDerivation { name = "gnutar-1.30"; src = fetchurl { url = http://ftp.gnu.org/tar/tar-1.30.tar.xz; sha256 = "1lyjyk8z8hdddsxw0ikchrsfg3i0…"; }; buildCommand = '' tar xfv $src cd tar-1.30 ./configure --prefix=$out --with-acl=${acl} make make install ''; }
  • 11.
    Composing packages • Wemust compose packages by providing the desired versions of the dependencies as function parameters • Dependencies are composed in a similar way • Top level expression is an attribute set of function invocations rec { stdenv = import ... fetchurl = import ... acl = import ../pkgs/os-specific/linux/acl { inherit stdenv fetchurl …; }; gnutar = import ../pkgs/tools/archivers/gnutar { inherit stdenv fetchurl acl; }; ... }
  • 12.
    Enforcing purity • Niximposes restrictions on builds: • Every package is stored in an isolated directory, not in global directories, such as /lib, /bin or C:WindowsSystem32 • Files are made read-only after build completion • Timestamps are reset to 1 second after the epoch • Search environment variables are cleared and configured explicitly, e.g. PATH • Private temp folders and designated output directories • Network access is restricted (except when an output hash is given) • Running builds as unprivileged users • Chroot environments, namespaces, bind-mounting dependency packages
  • 13.
    The Nix store •Every package is stored in isolation in the Nix store • Every package is prefixed by a 160-bit cryptographic hash of all inputs, such as: • Sources • Libraries • Compilers • Build scripts
  • 14.
    Invoke nix-build tobuild a package rec { stdenv = import ... fetchurl = import ... acl = import ../pkgs/os-specific/linux/acl { inherit stdenv fetchurl; }; gnutar = import ../pkgs/tools/archivers/gnutar { inherit stdenv fetchurl acl; }; ... }
  • 15.
    Some benefits ofthe purely functional model • Strong dependency completeness guarantees • Strong reproducibility guarantees • Build only the packages and dependencies that you need • Packages that don’t depend on each other can be built in parallel • Because of purity, we can also download a substitute from a remote machine (e.g. build server) if the hash prefix is identical • Because of purity, we can delegate a build to a remote machine
  • 16.
    Nix user environments •Users have convenient access to packages through a symlink tree (and generation symlinks)
  • 17.
    Packaging the Mendixruntime and mxbuild • Simply extract tarball and move content into the Nix store • I created a wrapper script that launches the runtime for convenience • I used a similar approach for mxbuild {stdenv, fetchurl, jre}: stdenv.mkDerivation { name = "mendix-7.13.1"; src = fetchurl { url = https://download.mendix.com/runtimes/mendix-7.13.1.tar.gz; sha256 = "1v620zmxm1s50p5jhpl74xvr0jv4j334cg1yfvy0mvgz4x0jrr7y"; }; installPhase = '' cd .. mkdir -p $out/libexec/mendix mv 7.13.1 $out/libexec/mendix mkdir -p $out/bin # Create wrapper script for the runtime launcher cat > $out/bin/runtimelauncher <<EOF #! ${stdenv.shell} -e export MX_INSTALL_PATH=$out/libexec/mendix/7.13.1 ${jre}/bin/java –jar $out/libexec/mendix/7.13.1/runtime/launcher/runtimelauncher.jar "$@" EOF chmod +x $out/bin/runtimelauncher ''; }
  • 18.
    Creating a functionabstraction for building MDAs • We can create a Nix function abstraction that builds MDA (Mendix Deployment Archive) bundles from Mendix projects {stdenv, mxbuild, jdk, nodejs}: {name, mendixVersion, looseVersionCheck ? false, ...}@args: let mxbuildPkg = mxbuild."${mendixVersion}"; in stdenv.mkDerivation ({ buildInputs = [ mxbuildPkg nodejs ]; installPhase = '' mkdir -p $out mxbuild --target=package --output=$out/${name}.mda --java-home ${jdk} --java-exe-path ${jdk}/bin/java ${stdenv.lib.optionalString looseVersionCheck "--loose- version-check"} "$(echo *.mpr)" ''; } // args)
  • 19.
    Building an MDAfrom a Mendix project with Nix • We can invoke our function abstraction to build MDAs for any Mendix project we want. {packageMendixApp}: packageMendixApp { name = "conferenceschedule"; src = /home/sbu/ConferenceSchedule-main; mendixVersion = "7.13.1"; }
  • 20.
    Declarative deployment • Nixpackage deployment can be considered declarative deployment • You specify how packages are built from source and what their dependencies are • You don’t specify the deployment activities or the order in which builds need to be carried out • Being declarative means expressing what you want, not how to do something • Declarativity is a spectrum – hard to draw a line between what and how • Producing an MDA is not entirely what we want – we want a running system
  • 21.
    NixOS: deploying aLinux distribution declaratively {pkgs, ...}: { boot.loader.grub.device = "/dev/sda"; fileSystems."/".device = "/dev/sda1"; services = { openssh.enable = true; xserver = { enable = true; displayManager.sddm.enable = true; desktopManager.plasma5.enable = true; }; }; environment.systemPackages = [ pkgs.firefox ]; }
  • 22.
    NixOS: deploying aLinux distribution declaratively • Nix deploys all packages, configuration files and other static system parts in the Nix store. Generates a Nix user environment that contains all static parts of a system. • A bundled activation script takes care of setting up the dynamic parts of a system, e.g. starting systemd jobs, setting up /var etc. • Changing configuration.nix and running nixos-rebuild again -> upgrade
  • 23.
  • 24.
    Running an MDA •Unzip MDA file to a directory • Add writable state sub directories, e.g. data/files, data/tmp • Configure admin interface settings • Start runtime with the unpacked directory as parameter (Mendix 7.x) export M2EE_ADMIN_PORT=9000 export M2EE_ADMIN_PASS=secret java -jar $out/libexec/mendix/7.13.1/runtime/launcher/runtimelauncher.jar ConferenceSchedule
  • 25.
    Running an MDA •Instruct the app container to configure database, initialize database tables and start the app by communicating over the admin interface curlCmd="curl -X POST http://localhost:$M2EE_ADMIN_PORT -H 'Content-Type: application/json' -H 'X-M2EE-Authentication: $(echo -n "$M2EE_ADMIN_PASS" | base64)' -H 'Connection: close'" $curlCmd -d '{ "action": "update_appcontainer_configuration", "params": { "runtime_port": 8080 } }' $curlCmd -d '{ "action": "update_configuration", "params": { "DatabaseType": "HSQLDB", "DatabaseName": "myappdb", "DTAPMode": "D" } }' $curlCmd -d '{ "action": "execute_ddl_commands" }' $curlCmd -d '{ "action": "start" }'
  • 26.
    Composing a Mendixapp container systemd job for NixOS • We can define a systemd job calling scripts that initialize state, configure the app container and launch the runtime. {pkgs, ...}: { systemd.services.mendixappcontainer = let mendixPkgs = import ../nixpkgs-mendix/top-level/all-packages.nix { inherit pkgs; }; appContainerConfigJSON = pkgs.writeTextFile { ... }; configJSON = pkgs.writeTextFile { name = "config.json"; text = builtins.toJSON { DatabaseType = "HSQLDB"; DatabaseName = "myappdb"; DTAPMode = "D"; }; }; runScripts = mendixPkgs.runMendixApp { app = import ../conferenceschedule.nix { inherit (mendixPkgs) packageMendixApp; }; }; in { enable = true; description = "My Mendix App"; wantedBy = [ "multi-user.target" ]; environment = { M2EE_ADMIN_PASS = "secret"; M2EE_ADMIN_PORT = "9000"; MENDIX_STATE_DIR = "/home/mendix"; }; serviceConfig = { ExecStartPre = "${runScripts}/bin/undeploy-app"; ExecStart = "${runScripts}/bin/start-appcontainer"; ExecStartPost = "${runScripts}/bin/configure-appcontainer ${appContainerConfigJSON} ${configJSON}"; }; }; }
  • 27.
    Composing a NixOSmodule • We can create a module abstraction over the properties that we need to configure to run a Mendix app container { config, lib, pkgs, ... }: let cfg = config.services.mendixAppContainer; in { options = { services.mendixAppContainer = { enable = mkOption { type = types.bool; default = false; description = "Whether to enable the Mendix app container."; }; adminPort = mkOption { type = types.int; default = 9000; description = "TCP port where the admin interface listens to."; }; runtimePort = mkOption { type = types.int; default = 8080; description = "TCP port where the embedded Jetty HTTP server listens to."; }; databaseType = mkOption { type = types.string; default = "HSQLDB"; description = "Type of database to use for storage. Possible options are 'HSQLDB' (the default) or 'PostgreSQL’”; }; app = mkOption { type = types.package; description = "Mendix MDA to deploy"; }; ... }; }; config = mkIf cfg.enable { systemd.services.mendixappcontainer = { ... }; }; }
  • 28.
    A simple configurationrunning a Mendix app • With our custom NixOS module, we can concisely express our desired app container properties {pkgs, ...}: { require = [ ../nixpkgs-mendix/nixos/modules/mendixappcontainer.nix ]; services = { openssh.enable = true; mendixAppContainer = { enable = true; adminPassword = "secret"; databaseType = "HSQLDB"; databaseName = "myappdb"; DTAPMode = "D"; app = import ../../conferenceschedule.nix { inherit pkgs; inherit (pkgs.stdenv) system; }; }; }; networking.firewall.allowedTCPPorts = [ 8080 ]; }
  • 29.
    A more completedeployment scenario • We can add a PostgreSQL database and nginx reverse proxy to our NixOS configuration. • We can use the NixOS module system to integrate our Mendix app. {pkgs, config, ...}: { services = { postgresql = { enable = true; enableTCPIP = true; package = pkgs.postgresql94; }; nginx = { enable = true; config = '' http { upstream mendixappcontainer { server 127.0.0.1:${toString config.services.mendixAppContainer.runtimePort}; } server { listen 0.0.0.0:80; server_name localhost; root ${config.services.mendixAppContainer.stateDir}/web location @runtime { proxy_pass http://mendixappcontainer; } location / { try_files $uri $uri/ @runtime; proxy_pass http://mendixappcontainer; } } } ''; }; mendixAppContainer = { databaseType = "PostgreSQL"; ... }; }; networking.firewall.allowedTCPPorts = [ 80 ]; }
  • 30.
    Conclusion • I gavean introduction to Nix and NixOS • I have implemented the following features: • A Nix function that builds an MDA file from a project directory • A set of scripts launching and configuring the runtime for a Mendix app • A NixOS module that automatically spawns an app container instance
  • 31.
    Conclusion • You candeclaratively deploy a system with a Mendix app container by running a single command-line instruction {pkgs, ...}: { require = [ ../nixpkgs-mendix/nixos/modules/mendixappcontainer.nix ]; services = { openssh.enable = true; mendixAppContainer = { enable = true; adminPassword = "secret"; databaseType = "HSQLDB"; databaseName = "myappdb"; DTAPMode = "D"; app = import ../../conferenceschedule.nix { inherit pkgs; inherit (pkgs.stdenv) system; }; }; }; networking.firewall.allowedTCPPorts = [ 8080 ]; }
  • 32.
    Future work • TryDisnix. Deploy multiple apps to multiple machines. Manage databases and connections between apps and database. Optionally: manage state/snapshots • Try NixOS test driver. Instantly spawn NixOS virtual machines to run integration tests
  • 33.
    References • The NixOSproject web site (http://nixos.org) • Nix package manager (http://nixos.org/nix) • The package manager can also be used on conventional Linux distributions and other Unix-like systems, such as macOS and Cygwin • nixpkgs-mendix (http://github.com/mendix/nixpkgs-mendix)