224 research outputs found
Detecting Missing Dependencies and Notifiers in Puppet Programs
Puppet is a popular computer system configuration management tool. It
provides abstractions that enable administrators to setup their computer
systems declaratively. Its use suffers from two potential pitfalls. First, if
ordering constraints are not specified whenever an abstraction depends on
another, the non-deterministic application of abstractions can lead to race
conditions. Second, if a service is not tied to its resources through
notification constructs, the system may operate in a stale state whenever a
resource gets modified. Such faults can degrade a computing infrastructure's
availability and functionality.
We have developed an approach that identifies these issues through the
analysis of a Puppet program and its system call trace. Specifically, we
present a formal model for traces, which allows us to capture the interactions
of Puppet abstractions with the file system. By analyzing these interactions we
identify (1) abstractions that are related to each other (e.g., operate on the
same file), and (2) abstractions that should act as notifiers so that changes
are correctly propagated. We then check the relationships from the trace's
analysis against the program's dependency graph: a representation containing
all the ordering constraints and notifications declared in the program. If a
mismatch is detected, our system reports a potential fault.
We have evaluated our method on a large set of Puppet modules, and discovered
57 previously unknown issues in 30 of them. Benchmarking further shows that our
approach can analyze in minutes real-world configurations with a magnitude
measured in thousands of lines and millions of system calls
Cloud WorkBench - Infrastructure-as-Code Based Cloud Benchmarking
To optimally deploy their applications, users of Infrastructure-as-a-Service
clouds are required to evaluate the costs and performance of different
combinations of cloud configurations to find out which combination provides the
best service level for their specific application. Unfortunately, benchmarking
cloud services is cumbersome and error-prone. In this paper, we propose an
architecture and concrete implementation of a cloud benchmarking Web service,
which fosters the definition of reusable and representative benchmarks. In
distinction to existing work, our system is based on the notion of
Infrastructure-as-Code, which is a state of the art concept to define IT
infrastructure in a reproducible, well-defined, and testable way. We
demonstrate our system based on an illustrative case study, in which we measure
and compare the disk IO speeds of different instance and storage types in
Amazon EC2
Rehearsal: A Configuration Verification Tool for Puppet
Large-scale data centers and cloud computing have turned system configuration
into a challenging problem. Several widely-publicized outages have been blamed
not on software bugs, but on configuration bugs. To cope, thousands of
organizations use system configuration languages to manage their computing
infrastructure. Of these, Puppet is the most widely used with thousands of
paying customers and many more open-source users. The heart of Puppet is a
domain-specific language that describes the state of a system. Puppet already
performs some basic static checks, but they only prevent a narrow range of
errors. Furthermore, testing is ineffective because many errors are only
triggered under specific machine states that are difficult to predict and
reproduce. With several examples, we show that a key problem with Puppet is
that configurations can be non-deterministic.
This paper presents Rehearsal, a verification tool for Puppet configurations.
Rehearsal implements a sound, complete, and scalable determinacy analysis for
Puppet. To develop it, we (1) present a formal semantics for Puppet, (2) use
several analyses to shrink our models to a tractable size, and (3) frame
determinism-checking as decidable formulas for an SMT solver. Rehearsal then
leverages the determinacy analysis to check other important properties, such as
idempotency. Finally, we apply Rehearsal to several real-world Puppet
configurations.Comment: In proceedings of ACM SIGPLAN Conference on Programming Language
Design and Implementation (PLDI) 201
Recommended from our members
Debugging Woven Code
The ability to debug woven programs is critical to the adoption of Aspect Oriented Programming (AOP). Nevertheless, many AOP systems lack adequate support for debugging, making it difficult to diagnose faults and understand the program's structure and control flow. We discuss why debugging aspect behavior is hard and how harvesting results from related research on debugging optimized code can make the problem more tractable. We also specify general debugging criteria that we feel all AOP systems should support. We present a novel solution to the problem of debugging aspect-enabled programs. Our Wicca system is the first dynamic AOP system to support full source-level debugging of woven code. It introduces a new weaving strategy that combines source weaving with online byte-code patching. Changes to the aspect rules, or base or aspect source code are rewoven and recompiled on-the-fly. We present the results of an experiment that show how these features provide the programmer with a powerful interactive debugging experience with relatively little overhead
Tortoise: Interactive System Configuration Repair
System configuration languages provide powerful abstractions that simplify
managing large-scale, networked systems. Thousands of organizations now use
configuration languages, such as Puppet. However, specifications written in
configuration languages can have bugs and the shell remains the simplest way to
debug a misconfigured system. Unfortunately, it is unsafe to use the shell to
fix problems when a system configuration language is in use: a fix applied from
the shell may cause the system to drift from the state specified by the
configuration language. Thus, despite their advantages, configuration languages
force system administrators to give up the simplicity and familiarity of the
shell.
This paper presents a synthesis-based technique that allows administrators to
use configuration languages and the shell in harmony. Administrators can fix
errors using the shell and the technique automatically repairs the higher-level
specification written in the configuration language. The approach (1) produces
repairs that are consistent with the fix made using the shell; (2) produces
repairs that are maintainable by minimizing edits made to the original
specification; (3) ranks and presents multiple repairs when relevant; and (4)
supports all shells the administrator may wish to use. We implement our
technique for Puppet, a widely used system configuration language, and evaluate
it on a suite of benchmarks under 42 repair scenarios. The top-ranked repair is
selected by humans 76% of the time and the human-equivalent repair is ranked
1.31 on average.Comment: Published version in proceedings of IEEE/ACM International Conference
on Automated Software Engineering (ASE) 201
Software Project Services using Infrastructure-as-Code
Infrastructure-as-code is a modern practice for IT automation as well as managing complex and large-scale infrastructure. It allows describing infrastructure and configuration in a code-like syntax easily understandable for any software developer. Unlike manual infrastructure configurations the infrastructure code can be versioned, tested, reviewed, and even compiled resulting in the actual desired systems infrastructure and configuration.
The objective of this thesis is to create a new software project establishment process for a medium sized software company. The aim is to automate and streamline a beginning phase of new projects by creating and documenting a process of establishing basic software project services by using infrastructure-as-code. A desired feature of the new process is to partly delegate the work of IT department to project teams who are most aware of the tools and services required for each project.
The thesis is divided into two parts. The first part presents relevant infrastructure-as-code and DevOps software development methodology related theory in a form of a literature review and the second part describes planning and implementing required infrastructure-as-code automations and the actual service establishment process for the case company.
The outcome of the study was a new automated project establishment process, in a form of two artifacts: process documentation and required infrastructure-as-code scripts. The study also produced a recommended way for handling the scripts and configuration files during the process, along with multiple other recommendations for similar implementations and for usage of infrastructure-as-code in general. Furthermore, results also included some recommendations for software manufacturers and a brief overview of infrastructure-as-code related risks.
Infrastructure-as-code was found to be a powerful enabler of automation and suitable also for workflow automation. However, creating infrastructure-as-code scripts and building a suitable development environment were found to be difficult. Also, several target system related challenges were identified during the implementation. The conclusion considering the service establishment process was that it is feasible to delegate only configuring the infrastructure-as-code implementation to the end users.Infrastruktuuri koodina on moderni IT automaation sekä monimutkaisten ja suurten infrastruktuurien hallinnan käytäntö. Se mahdollistaa infrastruktuurin ja konfiguraation määrittelyn käyttäen ohjelmakoodia muistuttavaa syntaksia, joka on kenen tahansa ohjelmistokehittäjän ymmärrettävissä. Toisin kuin manuaaliset konfiguraatiot, infrastruktuurikoodi voidaan versioida, testata, katselmoida ja jopa kääntää, jolloin lopputuloksena saadaan luotua ja konfiguroitua määrityksen mukainen järjestelmäinfrastruktuuri.
Tämän opinnäytetyön tavoitteena on luoda uusi ohjelmistoprojektien tarvitsemien palveluiden perustamisprosessi toimeksiantajayritykselle. Tavoitteena on automatisoida ja virtaviivaistaa uusien projektien aloittamista luomalla ja dokumentoimalla uusi tavanomaisten ohjelmistoprojektipalveluiden perustamisprosessi, joka hyödyntää infrastruktuuri koodina -lähestymistapaa. Yksi uuden prosessin toivotuista ominaisuuksista on siirtää tietohallinnon työkuormaa osittain projektitiimeille, joilla on paras käsitys kunkin projektin vaatimista työkaluista ja palveluista.
Opinnäytetyö jakautuu kahteen osaan, joista ensimmäinen esittelee infrastruktuuri koodina
lähestymistapaan ja DevOps-ohjelmistokehitysmetodologiaan liittyvää teoriaa kirjallisuuskatsauksen muodossa. Toinen osa kuvaa uuden prosessin sekä siihen kuuluvien infrastruktuurikoodien suunnittelua ja toteutusta kohdeyrityksen toimeksiannosta.
Tutkimuksen lopputuloksena luotiin uusi automatisoitu projektipalveluiden perustamisprosessi, joka muodostui kahdesta artefaktista: prosessidokumentaatiosta ja vaadittavista infrastruktuuri koodina -skripteistä. Tutkimus tuotti myös suositeltavan tavan skriptien ja konfiguraatiotiedostojen hallintaan prosessin aikana sekä useita suosituksia vastaavanlaisten implementaatioiden luomiseen tulevaisuudessa ja infrastruktuuri koodina -työkalujen käyttöön yleisesti. Tulokset sisälsivät myös suosituksia ohjelmistovalmistajille sekä lyhyen katsauksen infrastruktuuri koodina -lähestymistapaan liittyvistä riskeistä.
Infrastruktuuri koodina todettiin tehokkaaksi automaation mahdollistajaksi ja sopivaksi myös työnkulkujen automatisoimiseen. Toisaalta skriptien kirjoittaminen ja tarvittavan kehitysympäristön rakentaminen havaittiin haasteellisiksi tehtäviksi. Tutkimuksen edetessä havaittiin myös useita kohdejärjestelmiin liittyviä haasteita. Johtopäätös palveluiden perustamisprosessin kannalta oli, että loppukäyttäjille on järkevää ja mahdollista delegoida ainoastaan skriptien tarvitseman konfiguraation tuottaminen
Function Computation in Networks
Ruutimine, mis kasutab ainuüht parimat teekonda sõnumite edastamiseks, on praegusel hetkel peamine meetod informatsiooni edastamiseks võrgus. Väljapakutud alternatiiviks on võrgukodeerimine, mis lubab kogu võrgul osaleda informatsiooni edastamises, saates kodeeritud infot läbi mitme teekonna ja taastades algse sõnumi vastuvõtjas. Mõningate rakenduste korral on algsete sõnumite taastamise asemel vaja funktsiooni üle nende sõnumite. Nimetame seda funktsiooni arvutuseks võrgus. Selline lähenemine lubab arvutusi teha teekonna jooksul, mil sõnum liigub allikatest saajateni. See töötab hästi näiteks võrkudes, kus ühendatud on palju piiratud arvutusvõimsusega väikseid seadmeid. Situatsioon, mis IoT esiletõusuga ilmneb aina tihedamini. Kuna funktsiooni arvutus võrkudes on suhteliselt uus mõiste, ei ole veel täiesti suudetud mõista võrgu funktsionaalarvutuse rakendatavust ja teoreetilise jõudlikkuse piire.Käesolev töö keskendub kindlale sihtfunktsioonide perekonnale ja tuvastab võrgu omadusi, et funktsionaalarvutus oleks edukas. See töö esitab kodeerimislahendusi, mis lubavad edukalt võrgus funktsionaalarvutusi läbi viia, kus sõnumiteks on üksikud sümbolid. Tulemused on seejärel laiendatud suvalise sümbolite arvuga sõnumitele, kasutades sarnast kodeerimislahendust.Routing, that uses a single best path in the network, is currently the primary method for information transfer in networks. A proposed alternative to routing is called network coding that allows for the whole network to participate in the transmission of information by sending the coded data using multiple paths and then reconstructing the original message at the receiver. In some applications instead of reconstructing the original messages a function of those messages needs to be obtained. The corresponding problem is called a problem of function computation in the network. This approach allows for efficient en-route computing that works especially well with many small connected devices with limited computational capacities, a situation that appears often with the rise of the IoT. Since network function computation is a relatively new concept, the applicability and theoretical performance limits of this approach are not yet fully understood. The current work focuses on a certain family of target functions and identifies properties a network must have for function computation to be feasible. We propose encoding solutions that allow for successful network function computation. The results are then extended to packets with arbitrary number of symbols using a similar encoding scheme
- …