Software Engineering in the Cloud Diomidis Spinellis Department of Management Science and Technology Athens University of Economics and Business www.spinellis.gr dds@aueb.gr @CoolSWEng

A 1972 Problem

Solving the problem in 1990

perl –lane 'for(@F){push@E,"@F";push@F,shift@F}END{print for sort@E}'

Solving the problem in 2015

• The data set IS huge

• Users can be billions

• Hardware advances have not exactly kept pace with data increases

Cloud computing levels the playing field

Overview

• Requirements (AWS) • Design • Software construction (Puppet) • Software testing (Nagios) • Software maintenance • Software configuration management • Software engineering management • Software engineering process (Rundeck) • Software engineering methods • Software quality • Software economics

Requirements

• Requirements are system requirements

• Emergent properties are properties

• Requirements allocation typically includes cloud components

Design Strategies

• Existing – Structured (functional) design

– OO design

– Data structure oriented design

– Component based design

• Cloud based design; decide on: – Build / use

– Choose abstraction levels (IaaS, PaaS, SaaS)

– Components

– Requirements to components map

Design Issues • Concurrency must be designed from the beginning

– sharding – replication – …

• Event handling can be outsourced • Data persistence will be on the cloud • Distribution on a planet scale • Fault tolerance, availability zones • Confidentiality and integrity

– trust models, key people – identities and roles (across the stack) – 2FA – risks

• Cloud design patterns

Software Construction: System Configuration Management

• System as software

• Anticipating change (including vendor)

• Reuse

• Management (planning, measurement)

• Quality

• Integration

• Performance analysis

• Tool support

Don’t configure systems by hand

• Modern cloud-based systems are complex

– Many hosts

– Many services

– Many components

• This requires automated configuration

Automate configuration of

• Hosts • Available users and roles • Installed software • Running services • Configuration files • Scheduled tasks • Networking • Storage • Monitoring • Security

Benefits

• Deploy a new host

• Move to a different environment

• Put configuration under revision control

• Track issues

• Repair misconfigured systems

• Executable documentation

Notable tools

• Puppet

• Ansible

• Chef

• Salt

• CFEngine

Rules

• Covering – Infrastructure

• Networking

• Storage

– Applications

– Services

– Scheduled tasks

• Each rule has – Preconditions

– Postconditions

Package example

package { ‘posfix':

ensure => present

}

The Puppet Trifecta

• Package

• File

• Service

File example

file {'/etc/postfix/main.cf ':

owner => 'root',

group => 'root',

require => Package["postfix"],

source => 'puppet:///modules/postfix/main.cf'

}

Service example

service { 'postfix':

require => [

Package['postfix'],

File['/etc/postfix/main.c

f'],

],

enable => 'true',

ensure => 'running',

}

Building up

• Modules

• Nodes

• Inheritance

• Client-server configuration

• Puppet Forge

– 3,658 modules

Example modules

• vcsrepo • firewall (iptables) • apache • mysql, postgresql, sqlserver • ntp • java • Tomcat • registry • aws

Example module use

apache::vhost { 'wsgi.example.com':

port => '80',

docroot => '/var/www/pythonapp',

wsgi_application_group => '%{GLOBAL}',

wsgi_daemon_process => 'wsgi',

wsgi_daemon_process_options => {

processes => '2',

threads => '15',

display-name => '%{GROUP}',

},

wsgi_import_script => '/var/www/demo.wsgi',

wsgi_import_script_options =>

{ process-group => 'wsgi', application-group => '%{GLOBAL}'

},

wsgi_process_group => 'wsgi',

wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' },

}

Test Techniques

• Existing – Based on software engineer’s experience – Input domain – Code-based – Fault-based – Model-based

• Cloud System – Continuous monitoring – Arm’s length relationship with vendor – At multiple levels

• Infrastructure • Middleware, • Software

Nagios specifications

• Objects – services

– commands • notifications (email, issue, SMS)

• host check

• service check

– contacts

– hostgroups

– templates

• Servers

Server specification

define host {

use linux-server

host_name ldap

alias LDAP

address ldap.example.com

contact_groups admins

icon_image ldap.png

statusmap_image ldap.gd2

}

Service specification define service {

hostgroup_name basic

host_name github

service_description ssh

check_command check_ssh

use flappy-service

}

define service {

hostgroup_name basic

service_description AMI updates

check_command check_nrpe!check_ami

use generic-service

}

define service {

hostgroup_name basic

service_description EC2 DNS server

check_command check_nrpe!check_dns_server

use generic-service

}

Command specification define command{

command_name check_local_disk

command_line $USER1$/check_disk -w $ARG1$ -c $ARG2$ -p

$ARG3$

}

define command{

command_name check_local_load

command_line $USER1$/check_load -w $ARG1$ -c $ARG2$

}

define command{

command_name check_http

command_line $USER1$/check_http -I $HOSTADDRESS$

$ARG1$

}

NRPE script #!/bin/bash

#

# Check if there are AWS Linux updates

#

if grep 'security update' /etc/motd >/dev/null

then

echo "AMI CRITICAL: `grep 'security update' /etc/motd`"

exit 2

fi

if grep 'update' /etc/motd >/dev/null

then

echo "AMI WARNING: `grep 'update' /etc/motd`"

exit 1

fi

echo "AMI OK: Last update: `stat --printf=%z

/var/cache/yum/x86_64/latest/amzn-main/packages/`"

exit 0

Nagios Plugins

• Anti-Virus • Backup and Recovery • Business Management and Logic • Cloud • Clustering and High-Availability • CMS and Blog Software • Databases • E-Commerce, Billing and Financial • Email and Groupware • Games • Grid Computing • Hardware • Helpdesk and Ticketing • Instant Messaging • Internet Domains and WHOIS • Inventory Management • Java Applications and Servers • License Management

• Log Files • Network and Systems Management • Network Connections, Stats and Bandwidth • Network Protocols • Notifications • Operating Systems • Others • Printing • Remote Access • Reporting • Security • Software • System Metrics • Telephony • Uncategorized • Videoconferencing • Web 2.0 Services • Web Servers • Websites, Forms and Transactions

Maintenance Techniques

• Comprehension and reverse engineering

– Cloud vendor configuration

• Reengineering and migration

– Cloud vendor tie-in

“Don't let yourself get attached to anything you are not willing to walk out on in 30 seconds flat if you feel the heat around the corner. ”

Configuration Management

• Control the system, not the software

• Determine the scope, what will be controlled

• Working on branches

• Dealing with legacy / own packages

Software Engineering Management

• Deliverables

• Risk management (including Cloud vendor)

– Hidden collocation risks

• Quality management

• Contract management of SaaS, IaaS

– Dealing with Cloud boilerplate

Software Engineering Process

• Handling of Cloud resources

• Involvement of operations personnel

• Automate operation processes

• Manage through workflow automation

Rundeck

• Workflow automation tool

• Operations management

• Operations procedures become self-service jobs

• Control

• Visibility

Basics

• Projects

• Jobs

– Groups

• Nodes

• Commands

• Activity

Software Engineering Methods

• Dynamic real-time preconditions, postconditions, invariants

• Information, behavioral, structure modeling at Cloud scale

• Analysis

– Completeness, consistency, correctness touch

– Dependencies (tractable)

• Formal methods at infancy

Software Quality

• High cost high value

• Can’t ignore safety

Software Engineering Economics

• Cloud costing options

– On demand, long-term, spot

• Depreciation, cash-flow, TVM

• Addressing uncertainty through elasticity

• Portfolio and scale effects

Cloud Software Engineering

• Requirements • Design • Construction • Testing • Maintenance • Configuration management • Software engineering management • Software engineering process • Software engineering methods • Software quality • Software economics

Examined Tools

• AWS for cloud components

• Puppet for system configuration management

• Nagios for system monitoring

• Rundeck for operations workflow automation

Thank you!

dds@aueb.gr

www.spinellis.gr

@CoolSWEng

Image Credits

• Wgsimon (Moore’s Law)

• Guiding light (Node length)

• Rajiv.Pant derivative work: Wylve (DevOps)

• PiccoloNamek (Cirrus clouds)

• Visitor7 (Data center)

• Diglinks (Nagios)