Rehearsal: A Configuration Verification Tool for Puppet

Large-scale data centers and cloud computing have turned system configuration into a challenging problem. Several widely-publicized outages have been blamed not on software bugs, but on configuration bugs. To cope, thousands of organizations use system configuration languages to manage their computing infrastructure. Of these, Puppet is the most widely used with thousands of paying customers and many more open-source users. The heart of Puppet is a domain-specific language that describes the state of a system. Puppet already performs some basic static checks, but they only prevent a narrow range of errors. Furthermore, testing is ineffective because many errors are only triggered under specific machine states that are difficult to predict and reproduce. With several examples, we show that a key problem with Puppet is that configurations can be non-deterministic. This paper presents Rehearsal, a verification tool for Puppet configurations. Rehearsal implements a sound, complete, and scalable determinacy analysis for Puppet. To develop it, we (1) present a formal semantics for Puppet, (2) use several analyses to shrink our models to a tractable size, and (3) frame determinism-checking as decidable formulas for an SMT solver. Rehearsal then leverages the determinacy analysis to check other important properties, such as idempotency. Finally, we apply Rehearsal to several real-world Puppet configurations.Comment: In proceedings of ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI) 201

On the Effectiveness of Tools to Support Infrastructure as Code: Model-Driven Versus Code-Centric

[EN] Infrastructure as Code (IaC) is an approach for infrastructure automation that is based on software development practices. The IaC approach supports code-centric tools that use scripts to specify the creation, updating and execution of cloud infrastructure resources. Since each cloud provider offers a different type of infrastructure, the definition of an infrastructure resource (e.g., a virtual machine) implies writing several lines of code that greatly depend on the target cloud provider. Model-driven tools, meanwhile, abstract the complexity of using IaC scripts through the high-level modeling of the cloud infrastructure. In a previous work, we presented an infrastructure modeling approach and tool (Argon) for cloud provisioning that leverages model-driven engineering and supports the IaC approach. The objective of the present work is to compare a model-driven tool (Argon) with a well-known code-centric tool (Ansible) in order to provide empirical evidence of their effectiveness when defining the cloud infrastructure, and the participants & x2019; perceptions when using these tools. We, therefore, conducted a family of three experiments involving 67 Computer Science students in order to compare Argon with Ansible as regards their effectiveness, efficiency, perceived ease of use, perceived usefulness, and intention to use. We used the AB/BA crossover design to configure the individual experiments and the linear mixed model to statistically analyze the data collected and subsequently obtain empirical findings. The results of the individual experiments and meta-analysis indicate that Argon is more effective as regards supporting the IaC approach in terms of defining the cloud infrastructure. The participants also perceived that Argon is easier to use and more useful for specifying the infrastructure resources. Our findings suggest that Argon accelerates the provisioning process by modeling the cloud infrastructure and automating the generation of scripts for different DevOps tools when compared to Ansible, which is a code-centric tool that is greatly used in practice.This work was supported by the Ministry of Science, Innovation, and Universities (Adapt@Cloud project), Spain, under Grant TIN2017-84550-R. The work of Julio Sandobalin was supported by the Escuela Politecnica Nacional, Ecuador.Sandobalín, J.; Insfran, E.; Abrahao Gonzales, SM. (2020). On the Effectiveness of Tools to Support Infrastructure as Code: Model-Driven Versus Code-Centric. IEEE Access. 8:17734-17761. https://doi.org/10.1109/ACCESS.2020.2966597S1773417761

Automated Testing for Provisioning Systems of Complex Cloud Products

Context: The proliferation of cloud computing enabled companies to shift their approach regarding infrastructure provisioning. The uprising of cloud provisioning enabled by virtualisation technologies sprouted the rise of the Infrastructure as a Service (IaaS) model. OutSystems takes advantage of the IaaS model to spin-up infrastructure on-demand while abstracting the infrastructure management from the end-users. Problem: OutSystems’ orchestrator system handles the automated orchestration of the clients’ infrastructure, and it must be thoroughly tested. Problems arise because infrastructure provisioning takes considerable amounts of time, which dramatically increases the feedback loop for the developers. Currently, the duration of the orchestrator tests hinder the ability to develop and deliver new features at a desirable pace. Objectives: The goals of this work include designing an efficient testing strategy that considers a microservices architecture with infrastructure provisioning capabilities while integrating it in a Continuous Integration (CI)/Continuous Deployment (CD) pipeline. Methods: The solution applies multiple testing techniques that target different portions of the system and follow a pre-determined test distribution to guarantee a balanced test suite. The strategy was tested against a set of prototypes to evaluate its adequacy and efficiency. The strategy definition focuses on mapping the type of errors that each test level should tackle and is, therefore, independent of the employed technologies. Results: The devised strategy is integrated in a CI/CD pipeline and is capable of comprehensively test the created prototypes while maintaining a short feedback loop. It also provides support for testing against commonly found errors in distributed systems in a deterministic way. Conclusions: The work developed in this dissertation met the outlined objectives, as the developed strategy proved its adequacy against the developed prototypes. Moreover, this work provides a solid starting point for the migration of the orchestrator system to a microservices architecture

Challenges in adopting a Devops approach to software development and operations

The constantly changing business needs and the requirement for faster time to market with software of present day has created a paradigm shift towards a 3rd generation Software Development philosophy called Devops. The lack of collaboration between IT Operations and Software Development as well as mismatch in configuration between development, testing and production environment has made deploying software releases slow and painful for many organizations. Different incentives between teams makes it difficult to work towards a common goal of bringing added value to customers. A Devops approach to software development brings down the walls between the teams and align incentives through a collaborative culture, automation, lean principles, measurement practices and sharing. The benefits of Devops have been shown to be substantial with a significantly faster time to market and increased software stability. The organizational change is substantial which makes the challenges in adopting Devops an interesting topic to research. This thesis studies the challenges of Devops by interviewing nine experts who had been involved with Devops initiatives in their companies. The qualitative study was conducted by semi-structured theme interviews on nine industry professionals who had hands-on experience with Devops implementations. The findings were divided into four main challenge categories based on their topic. Due to the novelty of the approach, the concept of Devops for many is unknown or biased which hurts the overall implementation of practices. The lack of support in both management and organizational levels is a hindrance, since especially changing culture needs strong support and organizational buy- in in order to succeed. The toolset needed for Devops is particularly diverse and finding the fit, correct usage and attitudes towards that technology is challenging. Finally, when shifting to Devops that requires a certain level of lean principles and agility, aligning existing organizational processes such as the change management process to accommodate the new way of working was found challenging. The implications of study yield four action points to help overcome the challenges found. Clearing misconceptions and spreading the knowledge of Devops helps overcome the lack of awareness challenge. Additionally, building commitment and trust in both management and team-levels getting Devops through the door in an organization. Establishing common ways of working and leading by example helps to overcome the challenge of fragmented technologies and reluctant attitudes towards it. Finally, ensuring the flexibility of the organization is key in order to prevent bottlenecks from forming in the delivery process

Configuration Management of Distributed Systems over Unreliable and Hostile Networks

Economic incentives of large criminal profits and the threat of legal consequences have pushed criminals to continuously improve their malware, especially command and control channels. This thesis applied concepts from successful malware command and control to explore the survivability and resilience of benign configuration management systems. This work expands on existing stage models of malware life cycle to contribute a new model for identifying malware concepts applicable to benign configuration management. The Hidden Master architecture is a contribution to master-agent network communication. In the Hidden Master architecture, communication between master and agent is asynchronous and can operate trough intermediate nodes. This protects the master secret key, which gives full control of all computers participating in configuration management. Multiple improvements to idempotent configuration were proposed, including the definition of the minimal base resource dependency model, simplified resource revalidation and the use of imperative general purpose language for defining idempotent configuration. Following the constructive research approach, the improvements to configuration management were designed into two prototypes. This allowed validation in laboratory testing, in two case studies and in expert interviews. In laboratory testing, the Hidden Master prototype was more resilient than leading configuration management tools in high load and low memory conditions, and against packet loss and corruption. Only the research prototype was adaptable to a network without stable topology due to the asynchronous nature of the Hidden Master architecture. The main case study used the research prototype in a complex environment to deploy a multi-room, authenticated audiovisual system for a client of an organization deploying the configuration. The case studies indicated that imperative general purpose language can be used for idempotent configuration in real life, for defining new configurations in unexpected situations using the base resources, and abstracting those using standard language features; and that such a system seems easy to learn. Potential business benefits were identified and evaluated using individual semistructured expert interviews. Respondents agreed that the models and the Hidden Master architecture could reduce costs and risks, improve developer productivity and allow faster time-to-market. Protection of master secret keys and the reduced need for incident response were seen as key drivers for improved security. Low-cost geographic scaling and leveraging file serving capabilities of commodity servers were seen to improve scaling and resiliency. Respondents identified jurisdictional legal limitations to encryption and requirements for cloud operator auditing as factors potentially limiting the full use of some concepts

Supply Chain (micro)TMS development

Project Work presented as the partial requirement for obtaining a Master's degree in Information Management, specialization in Information Systems and Technologies ManagementThe rise of technology across many verticals has necessitated the company’s move to digitalization. Despite “XPTO” company a well know player on the retail and success on e‐commerce internal market, they aimed at the strategy of continuous innovation to drive business growth and strengthen their position as a premium brand. They decided to move forward into digitalism inside cloud based solutions to get all the advantages of microservices architecture: optimize logistics and supply chain management, speed up the workflow and maximize service efficiency. An agile organization is not achieved purely by shifting the focus from traditional functional/ technological oriented organizations. The new way to organize teams must reflect all the principles and right segregations of roles, which will be the most immediate and visible disruption and cutover from the traditional way of managing the IT. In this project we aim to use agile framework with development based in house cloud microservice solution for a (micro)TMS solution/system that address the immediate needs imposed by the market in order to use it has competitive advantage