SlideShare a Scribd company logo

8 pipeline

Len Bass, profile picture
Len Bass

1) The build environment creates an executable image of the system by compiling and linking all code and dependencies. It then performs functional tests on the integrated system using a test harness. 2) If the tests pass, the build is promoted to the staging environment for further testing. Otherwise, failures will stop the promotion process or just be noted. 3) The build environment aims to detect defects in module interfaces and interactions by testing the fully integrated system, using real data but in limited quantities to keep tests fast. External services may be directly used if read-only or have test versions if read-write.

Software
1 of 98
Downloaded 19 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
DOSE: Deployment and Operations for Software Engineers Pipeline
© Len Bass 2019 2 Overview • Introduction to a deployment pipeline • Environments
© Len Bass 2019 3 Deployment pipeline • Developer creates and tests code on local machine. • Checks code into a version control system • Continuous integration server (CI) builds the system and runs a series of integration tests. • After passing the tests, the system is promoted to a staging environment where it undergoes more tests including performance, security, and user acceptance tests. • After passing those tests, the system is promoted to provisional production where it undergoes even more tests. • The system is finally promoted to normal production but the tests do not necessarily stop. Pre-commit tests X Build Image and Perform Integration tests UAT / staging / performance tests Deploy to production Commit ... Pre-commit tests Commit Developers promote to normal production
© Len Bass 2019 Another view of the pipeline
© Len Bass 2019 5 Goals during deployment pipeline • Team members can work on different versions of the system concurrently • Code developed by one team member does not overwrite code developed by others • Code produced by one team can be integrated with code produced by other teams • Code is the same during different stages • Different stages serve different testing purposes • Different stages are isolated from each other • A deployment can be easily rolled back if there is a problem. 5
© Len Bass 2019 6 Desirable qualities of deployment pipeline • Traceability • Testability • Tooling • Cycle time 6
© Len Bass 2019 7 Traceability When any code gets into production, it must be reconstructable All components that go into the executable image can be identified All tests that were run can be identified All scripts used during the pipeline process can be identified. When a problem occurs in the system when it goes into production, all of the elements that contributed to the system can be traced. 7
© Len Bass 2019 8 Testing • Every stage (except production) has an associated test harness. • Tests should be automated. • Types of tests are • Sunny day tests • Negative tests • Regression tests • Static analysis • We will discuss stage specific tests when we discuss the stage. 8
© Len Bass 2019 9 Database test data • Every stage has a database • Minimal during development • More substantial during build • Realistic during staging • After each test, database must be reconstituted to ensure repeatability • Personally Identifiable Information (PII) must be obscured.
© Len Bass 2019 10 Test Harness Database Environment Load Balancer VMVMVM Configuration External Components Test Harness 1 A test harness generates inputs and compares outputs to verify the correctness of the code.
© Len Bass 2019 11 Tooling • Version control system – manages different versions for development and production – e.g. Git • Configuration management tool – controls configuration of deployed image – e.g. Chef, Puppet, or Ansible • Continuous Integration tool – builds image and runs test – e.g. Jenkins • Deployment tool – places images into production. E.g. Spinnaker, Ansible, Chef • These tools must execute on a platform • Vagrant is a tool to help provision the platform 1
© Len Bass 2019 12 Scripts for pipeline tools Scripts for pipeline tools are an example of infrastructure as code (IaC). They should be version controlled and tested just like application code.
© Len Bass 2019 13 Cycle time • Cycle time is the time between the commit and the placing into provisional production. • Systems should move through the pipeline quickly • The time depends on • How large are the components that are constructed in the build stage • How long does it take to run tests on the system 1
© Len Bass 2019 14 Different environments in pipeline • Development environment • Build (also called Integration) environment • Staging environment • Production environment • Different organizations may have additional environments defined 1
© Len Bass 2019 15 Sample pipeline • A sample pipeline without staging environment can be found at https://github.com/cmudevops/class- materials/blob/master/deployment%20workflow.pdf 1
© Len Bass 2019 16 Overview • Introduction to a deployment pipeline • Environments
© Len Bass 2019 17 Environment • An environment is a set of computing resources sufficient to execute a software system including all of the supporting software, data sets, network communications, and necessary external entities. • Essentially, an environment is self contained except for explicitly defined external entities. • Multiple different environments in a pipeline.
© Len Bass 2019 18 Isolating environments • Environments should run same code but should be isolated from each other. • One solution is to connect the code to all other elements of the environment through configuration parameters. • During initialization of the code, it acquires and makes operational all of its configuration parameters. • Elevates setting and management of configuration parameters to important element of deployment.
© Len Bass 2019 19 Environment is isolated Database Environment Load Balancer VMVMVM Configuration External Components • Any references to database, external entities, network is controlled by configuration parameters. • As long as configuration parameters are correct, there is no way that the VMs can access other environments.
© Len Bass 2019 20 Life Cycle of an environment • Each environment has a life cycle. When is it created, how is it used, when is it destroyed. • Having a defined life cycle allows scripting to control moving from one phase of the life cycle to the next. • One organization, for example, creates a new environment whenever the version control tree has a branch. So branching the version control system triggers a script to build the environment.
© Len Bass 2019 21 Moving a system from one environment to another • Messages are routed through DNS server • Routing messages from one environment to another becomes partially a matter of changing the DNS server. • Messages can come from test harness or from users or from production portions of the system Production Database (copy) Test Environment Load Balancer VMVMVM DNS Server Production Database Production Environment Load Balancer VMVMVM points to
© Len Bass 2019 22 Routing of messages does not totally solve movement problem • Dependencies on particular environment cause problems • The version of software used by the component may cause problems • Data in database for testing may cause problems • Other types of dependencies • OS version dependencies • Library versions
© Len Bass 2019 23 Are OS dependencies really a problem? Version Added Symbols Removed Symbols Total Changes 3.15-rc6 387 194 1120 3.14.4 363 232 981 3.13.11 317 149 842 3.12.20 436 141 907 3.11.8 333 109 1514 3.10.19 726 200 2541 3.9.11 2102 859 6746 3.4.69 771 324 3665 3.2.52 474 128 3263 3.0.101 1860 863 8054 2.6.34.14 323 201 1261 2.6.33.20 401 185 1317 2.6.32.61 initial Linux kernel changes – x86_64
© Len Bass 2019 24 Two paths to support movement of system • Manage relationship of component to other software in its environment • Turn other dependencies into configuration parameters and manage them • Both must be done
© Len Bass 2019 25 Managing relationship of component to other software • Two basic strategies • Ensure software in each environment is identical • Move environment (or portion of the environment) together with the component
© Len Bass 2019 26 Ensure software in each environment is identical • Do development in environment that is the same as staging and production environments, down to version numbers. • Requires that every development team develop on same environment – no version changes without all teams agreeing
© Len Bass 2019 27 Move environment together with component • Move total environment • Create a virtual machine or container with all of the dependent software • Virtual machine or container is tested in staging and moved to production
© Len Bass 2019 28 Two paths to support movement of system • Manage relationship of component to other software in its environment • Turn other dependencies into configuration parameters and manage them • Both must be done
© Len Bass 2019 29 Summary - 1 • A deployment pipeline is a series of stages where each stage has • A specific testing purpose • An isolated environment • Each stage in the pipeline is controlled by some set of tools. • Scripts for these tools should be version controlled and tested. • The pipeline has a set of desirable properties that can be used to measure it 2
© Len Bass 2019 30 Summary - 2 • Environments are isolated from each other • As systems move through the pipeline they • Move into environments that are kept identical or • Bring their environment with them • Configuration parameters are used to manage differences among environments
© Len Bass 2019 31 Overview • Development environment • Build environment
© Len Bass 2019 32 Development environment • Developer creates and tests code on local machine. • Version control • Uniform development environment across developers • Pre-commit unit tests • Feature toggles Pre-commit tests X Build Image and Perform Integration tests UAT / staging / performance tests Deploy to production Commit ... Pre-commit tests Commit Developers promote to normal production
© Len Bass 2019 33 Uniform development environment • Goal: • Developers all have the same development environment • Developers have the same development environment as the production environment • Reduces errors caused by incompatabilities in versions/dependencies
© Len Bass 2019 34 Vagrant Provisioned virtual machine Provisioning specifications Vagrant Vagrantfile • Vagrant takes a specification for a provisioned VM and produces such a VM on a provider such as VirtualBox • Specification is version controlled and shared among team members through version control system • Result is a common environment for development and production
© Len Bass 2019 35 Workflow during development Retrieve version to modify from source control Interact with IDE to make modifications Unit tests pass? Fix errors No Perform static analysis Meets targets? Yes No Commit to source control Yes
© Len Bass 2019 36 Pre commit testing • Tests run on a single module or class. • Dependent services are stubbed out or mocked • Very limited test database. • Test driven development. Write the tests before writing the code. • Unit tests. Specialized tests for single modules.
© Len Bass 2019 37 Testing in Development Environment • Unit Testing/component testing • Verify the functionally of specific section of code • Includes static code analyzers, data flow, metrics analysis or peer code reviews • Acceptance Testing • Done by developer prior to integration or regression • Smoke/Sanity Testing • Reasonable to proceed with further testing or not • Minimal attempts to operate software
© Len Bass 2019 38 Security Requirements • Security Requirements (SFR/SAR) • Risk Assessment • Abuse Case Development • Threat Modelling • Security Stories • Screen Development Tools • Secure/Hardened Environments
© Len Bass 2019 39 Security processes during design • Threat Modelling • Vulnerability Analysis and Flow Hypothesis • Security Design Review • Dependencies List, Open-source libraries
© Len Bass 2019 40 Security practices during development • Secure Coding Practices • Security Focused Code Review • Deprecate Unsafe Functions • Perform Security Unit Testing • Static Code Analysis • Checking of process and procedures for secure coding & traceability
© Len Bass 2019 41 Test tools-Unit Testing • Junit : Testing framework for the Java/J2EE • Nunit: Testing framework with GUI for .Net platform • MSTest: Testing framework with CL outside Visual Studio • PYunit: Testing framework with Python • TestNG: Very similar to Junit but covers more (functional, end-to-end, integration etc.)
© Len Bass 2019 42 Dealing with partial code • Scenario • Begin changing a particular module • Bug discovered in production version of that module • Fix bug • Check in • Error because new changes are not complete • Fix – put new code inside of a “feature toggle”. It still must compile but it does not have to execute correctly.
© Len Bass 2019 43 Feature Toggle • A feature toggle is one kind of configuration parameter. Later it will be bound at run time, for this use it is development time If (feature_toggle) then New code else Old code end; • Feature toggles have other uses (later) • Feature toggles should be removed when no longer needed • They clutter up code • They were one source of Knight Capital meltdown ($440 million lost in 45 minutes)
© Len Bass 2019 44 Overview • Development environment • Build environment
© Len Bass 2019 45 Pre-commit tests X Build Image and Perform Integration tests UAT / staging / performance tests Deploy to production Commit ... Pre-commit tests Commit Developers promote to normal production Build Environment • Create executable image • Perform functional tests
© Len Bass 2019 46 Purpose of Build Stage • Create executable image • Locating and compiling (if necessary) all of the elements of the executable image • Linking these elements together • Perform functional tests • Test integrated (whole) system • Automated • Limited amount of data in database but as real as possible • Same suite of test generators as during development
© Len Bass 2019 47 Overview from Atlassian
© Len Bass 2019 48 Creating an executable image • Continuous Integration (CI) server is notified of new commits (or polls for them) • When a new commit is detected, the CI server retrieves it • The CI server retrieves all relevant code and their dependencies • Executable image is created by compiling and linking all of the code and their dependencies.
© Len Bass 2019 49 Potential errors during build • Code does not compile • Dependencies do not exist • Provided interfaces do not match required interfaces • Configuration parameters do not exist or are inconsistent
© Len Bass 2019 50 Functional testing • Created image is subjected to a collection of automated tests • Tests are performed using a test harness • Tests are the result of • User stories • Regression tests • Rainy day scenarios • Trade off between comprehensiveness of tests and time it takes to run the tests • CI server reports results through e-mail or a web page.
© Len Bass 2019 51 Testing in Continuous Integration Environment • Much like testing in the development environment except with multiple modules rather than a single one • Unit Testing/component testing • Built system testing • Detect defects in the interface and interaction between modules • Module/subsystem integration
© Len Bass 2019 52 Test data • Test data is real (ish) but limited. • Need to worry about exposing private data to developers • Limited so that tests will run fast and keep build queue from growing • If tests change database, it must be refreshed before next set of tests. • No results should be sent to any production service – results in corrupting production version.
© Len Bass 2019 53 External services • The environment includes connections to external services. • If the services are read only, they can be directly used • If the services are read/write then a test version must be furnished
© Len Bass 2019 54 Promoting an image • Once an image is successfully tested it is promoted to the staging environment • Successful may not mean passing all of the tests • Some failures may stop the process • Other failures may just be noted but may allow the process to continue. • Success may be “95% of the tests succeed”
© Len Bass 2019 55 Orchestration • Orchestration (in the context of a build server) is the automated arrangement, coordination, and management of the elements necessary to build, test, report, and migrate an executable image. • E.g. • Initiate a build upon commit of code • If build successful, then initiate test • Generate report every evening of daily activity • If tests successful promote image to staging
© Len Bass 2019 56 Build scripts • Continual Integration servers are programmable • Where to find various components and tests • Logic to determine validity of components and tests and report results • Logic to determine promotion criteria • Programs for CI servers are called “scripts” • Scripts should be configuration managed and version controlled.
© Len Bass 2019 57 Build has multiple users Pre-commit tests X Build Image and Perform Integration tests Commit ... Pre-commit tests Commit Developers • Build is performed by a continuous integration server (CI server) • CI is single threaded from perspective of systems (one build of a given system at a time) • Build error introduced by one developer affects all developers
© Len Bass 2019 58 Best Practices • Executable image created during build stage does not change as it is promoted through to production • “Breaking the Build” is to be avoided and fixing a broken build is high priority • Traceability is maintained for all elements of the executable created.
© Len Bass 2019 59 Summary • Every developers environment should be identical and should reflect the production environment • Security processes are important to harden code. • Pre-commit tests are of a single module. • Feature toggles are used in the Dev environment to deactivate code that is not yet ready for other environments • Build stage creates an executable impage • Build stage tests the executable image for functional correctness • Limited data used in the tests • CI servers are programmable
© Len Bass 2019 60 Overview • Staging environment • Deployment strategies
© Len Bass 2019 61 • Perform security and load testing • Sign off Pre-commit tests X Build Image and Perform Integration tests UAT / staging / performance tests Deploy to production Commit ... Pre-commit tests Commit Developers promote to normal production Staging Environment
© Len Bass 2019 62 Testing in Staging Environment • Regression testing • Smoke testing • Compatibility testing • Integration testing • Functional Testing • Usability Testing • Install/uninstall testing • Performance testing • Security testing
© Len Bass 2019 63 User Tests • Real (or simulated) users exercise the system. • Having real users is expensive and difficult to ensure coverage. • Record/playback works in some contexts • Teeing actual input works in some contexts • Having real users allows for exception testing in a better fashion than automated tests
© Len Bass 2019 64 Performance tests • Test for performance with generated loads • Environment should be as real as possible • Load balanced • Auto scaled • Multiple instances
© Len Bass 2019 65 Data base • Use as close to real data as possible. • One organization uses database that is one hour old (created as a back up by cloud vendor). • Constraints • Restore database after each test • Keep personal information private
© Len Bass 2019 66 Security testing • Common Vulnerabilities and Exposures data base (CVE) • Buffer overflow • SQL injection • Penetration testing tools • Static analyzers • Fuzz Testing • Model checking
© Len Bass 2019 67 Do not access production database! • Staging environment must be isolated from production database. • Accessing production database is one source of errors that came up several times in a survey of operations caused outages.
© Len Bass 2019 68 Tooling • There are specialized load testing tools, e.g. Artillery • There are specialized security testing tools, e.g. • OWASP • Static analyzers • Model checkers
© Len Bass 2019 69 Creating the staging data base This is Oracle’s recommendation. EUL is end user layer. EUL can be used to protect PII although this is not an ideal solution for testing.
© Len Bass 2019 70 Overview • Staging environment • Deployment strategies
© Len Bass 2019 71 Situation • Your application is executing • Multiple independent deployment units • Some of these deployment units may have multiple instances serving requests • You have a new version of one of the deployment units to be placed into production • An image of the new version is on the staging server or in a container repository
© Len Bass 2019 72 Deploying a new version of an application Multiple instances of a service are executing • Red is service being replaced with new version • Blue are clients • Green are dependent services Staging/container repository VAVB VBVB
© Len Bass 2019 73 Deployment goal and constraints • Goal of a deployment is to move from current state (N instances of version A of a service) to a new state (N instances of version B of a service) • Constraints: • Any development team can deploy their service at any time. I.e. New version of a service can be deployed either before or after a new version of a client. (no synchronization among development teams) • It takes time to replace one instance of version A with an instance of version B (order of minutes for VMs) • Service to clients must be maintained while the new version is being deployed.
© Len Bass 2019 74 Deployment strategies • Two basic all of nothing strategies • Red/Black (also called Blue/Green) – leave N instances with version A as they are, allocate and provision N instances with version B and then switch to version B and release instances with version A. • Rolling Upgrade – allocate one instance, provision it with version B, release one version A instance. Repeat N times. • Partial strategies are canary testing and A/B testing.
© Len Bass 2019 75 Trade offs – Red/Black and Rolling Upgrade • Red/Black • Only one version available to the client at any particular time. • Requires 2N instances (additional costs) • Rolling Upgrade • Multiple versions are available for service at the same time • Requires N+1 instances. • Rolling upgrade is widely used. Update Auto Scaling Group Sort Instances Remove & Deregister Old Instance from ELB Confirm Upgrade Spec Terminate Old Instance Wait for ASG to Start New Instance Register New Instance with ELB Rolling Upgrade in EC2
© Len Bass 2019 76 Problems to be dealt with • Temporal inconsistency • Interface mismatch • Data inconsistency
© Len Bass 2019 77 Temporal inconsistency example • Shopping cart example • Suppose your organization changes its discount strategy from discount per item to discount per shopping cart. • Version A’ of your service does discounts per item • Version A’’ does discounts per shopping cart. • Client C’s first call goes to version A’ and its second call goes to version A’’. • Results in inconsistent discounts being calculated. • Caused by update occurring between call 1 and call 2.
© Len Bass 2019 78 Temporal inconsistency • Can occur with either Blue/Green or rolling upgrade • Prevented by using feature toggles. • Remember feature toggles?
© Len Bass 2019 79 Preventing Temporal Inconsistency • Write new code for Service A’’ under control of a feature toggle • Install N instances of Service A’’ using either Rolling Upgrade or Blue/Green • When a new instance is installed begin sending requests to it • No temporal inconsistency, as the new code is toggled off. • When all instances of Service A are running Service A’’, activate the new code using the feature toggle.
© Len Bass 2019 80 Feature toggle manager • There will be many different feature toggles • One for each feature • A feature toggle manager maintains a catalog of feature toggles • Current toggles vs instance version id • Current toggles vs module version • Status of each toggle • Activate/de-activate feature • Remove toggle (will place removal on backlog of appropriate development team).
© Len Bass 2019 81 Activating feature • The feature toggle manager changes the value of the feature toggle. • A coordination mechanism such as Zookeeper or Consul could be used to synchronize the activation.
© Len Bass 2019 82 Interface mismatch • Suppose version A’’ has a different interface from version A’ • Then if Service C calls version A’’ with an Interface designed for version A’ an interface mismatch occurs. • Recall that Service A can be upgraded either before or after Service C. • Interface mismatch is prevented by making interfaces backward compatible.
© Len Bass 2019 83 Two types of data consistency problems during upgrade 1. Persistent data 2. Transient data 83
© Len Bass 2019 84 Maintaining consistency between a service and persistent data • Assume new version is correct • Inconsistency in persistent data can come about because data schema or semantics change from one version to the next • Effect can be minimized by the following practices (if possible). • Only extend schema – do not change semantics of existing fields. This preserves backwards compatibility. • Treat schema modifications as features to be toggled. This maintains consistency among various services that access data. 84
© Len Bass 2019 85 I really must change the schema • In this case, apply pattern for backward compatibility of interfaces to schema evolution. 85
© Len Bass 2019 86 Transient data • An instance of a service may be maintaining transient data for some purpose • Caching for performance purposes • Maintaining session state • New instance may need access to this transient data – whether new version or instance of old version. 86
© Len Bass 2019 87 Solution • Use coordination manager to maintain transient data • Ensure there is always at least one instance of a service that uses the coordination manager–otherwise data stored in coordination manager might be lost. 87
© Len Bass 2019 88 Rollback • New versions of a service may be unacceptable either for logical or performance reasons. • Two options in this case • Roll back (undo deployment) • Roll forward (discontinue current deployment and create a new release without the problem). • Decision to rollback can be automated. Some organizations do this. • Decision to roll forward is never automated because there are multiple factors to consider. • Forward or backward recovery • Consequences and severity of problem • Importance of upgrade
© Len Bass 2019 89 States of upgrade. • An upgrade can be in one of two states when an error is detected. • Installed (fully or partially) but new features not activated • Installed and new features activated.
© Len Bass 2019 90 Possibilities • Installed but new features not activated • Error must be in backward compatibility • Halt deployment • Roll back by reinstalling old version • Roll forward by creating new version and installing that • Installed with new features activated • Turn off new features • If that is insufficient, we are at prior case.
© Len Bass 2019 91 Partial deployments • Limited production testing (canary) • Marketing testing (A/B)
© Len Bass 2019 92 Canary testing • Canaries are a small number of instances of a new version placed in production in order to perform live testing in a production environment. • Canaries are observed closely to determine whether the new version introduces any logical or performance problems. If not, roll out new version globally. If so, roll back canaries. • Named after canaries in coal mines. • Equivalent to beta testing for shrink wrapped software
© Len Bass 2019 93 Implementation of canaries • Designate a collection of instances as canaries. They do not need to be aware of their designation. • Designate a collection of customers as testing the canaries. Can be, for example • Organizationally based • Geographically based • Then • Activate feature or version to be tested for canaries. Can be done through feature activation synchronization mechanism • Route messages from canary customers to canaries. Can be done through load balancer or DNS server. • Measure performance metrics
© Len Bass 2019 94 A/B testing • A/B testing is done for marketing purposes, not testing purposes like canary testing • Show different customers different web sites • Compare results
© Len Bass 2019 95 Examples • Do eBay users bid higher in auctions when they can pay by credit card? • Which promotional offers will most efficiently drive checking account acquisition at PNC Bank? • Which shade of blue for Google search results will result in more click throughs?
© Len Bass 2019 96 Implementation • The same as canary testing. • Use feature toggles • Make load balancer or DNS A/B aware • Measure business measure responses.
© Len Bass 2019 97 Summary - 1 • Staging environment is place to test for non-functional qualities • Performance • Usability • Security • Management of database during staging is complicated • Sufficient data for test • Restoring data base • Maintaining private data
© Len Bass 2019 98 Summary - 2 • Two basic deployment strategies – Blue/Green and Rolling Upgrade • Use feature toggles to keep updates from being executed until all instances have been upgraded • Activate all instances simultaneously using coordination manager. • Maintain backward/forward compatibility • Treat database schema evolution as interface medication. • Paartial deployment strategies can be used for quality or marketing purposes.

More Related Content

PDF
9 postproduction
Len Bass
 
PDF
11 secure development
Len Bass
 
PDF
10 disaster recovery
Len Bass
 
PDF
1 virtual machines
Len Bass
 
PDF
7 configuration management
Len Bass
 
PDF
3 the cloud
Len Bass
 
PDF
6 microservice architecture
Len Bass
 
PDF
2 networking
Len Bass
 
9 postproduction
Len Bass
 
11 secure development
Len Bass
 
10 disaster recovery
Len Bass
 
1 virtual machines
Len Bass
 
7 configuration management
Len Bass
 
3 the cloud
Len Bass
 
6 microservice architecture
Len Bass
 
2 networking
Len Bass
 

What's hot (20)

PPTX
4 container management
Len Bass
 
PPTX
System center 2012 configurations manager
Belarmino Tomicha
 
PDF
CloudBridge and Repeater Datasheet
Nuno Alves
 
PPTX
V mware thin app 4.5 customer presentation
solarisyourep
 
PPTX
08. networking-part-2
Muhammad Ahad
 
PDF
Presentation basic administration for citrix xen app 6
xKinAnx
 
PDF
Packaging tool options
Len Bass
 
PDF
Introduction to dev ops
Len Bass
 
PPT
How-To: Linux Performance Monitoring & Management for your Multi-Vendor Network
SolarWinds
 
PPTX
Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...
Jayesh Naik
 
PPTX
V mware thin app 4.5 what_s new presentation
solarisyourep
 
PDF
VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive
VMworld
 
PPTX
Chapter04
Muhammad Ahad
 
DOC
Paul-Resume
Paul Adkins
 
PPTX
RPASS - Ricoh Proactive ServiceS for Remote Monitoring & Backup
Ricoh India Limited
 
PPTX
Continuous Delivery of Cloud Applications: Blue/Green and Canary Deployments
Praveen Yalagandula
 
PDF
Experience in teaching devops
Len Bass
 
PDF
Dev ops and safety critical systems
Len Bass
 
PDF
VMworld 2013: ThinApp 101 and What's New in ThinApp Next Version
VMworld
 
PDF
1693: 21 Ways to Make Your Data Work for You - IBM Connect 2016
panagenda
 
4 container management
Len Bass
 
System center 2012 configurations manager
Belarmino Tomicha
 
CloudBridge and Repeater Datasheet
Nuno Alves
 
V mware thin app 4.5 customer presentation
solarisyourep
 
08. networking-part-2
Muhammad Ahad
 
Presentation basic administration for citrix xen app 6
xKinAnx
 
Packaging tool options
Len Bass
 
Introduction to dev ops
Len Bass
 
How-To: Linux Performance Monitoring & Management for your Multi-Vendor Network
SolarWinds
 
Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...
Jayesh Naik
 
V mware thin app 4.5 what_s new presentation
solarisyourep
 
VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive
VMworld
 
Chapter04
Muhammad Ahad
 
Paul-Resume
Paul Adkins
 
RPASS - Ricoh Proactive ServiceS for Remote Monitoring & Backup
Ricoh India Limited
 
Continuous Delivery of Cloud Applications: Blue/Green and Canary Deployments
Praveen Yalagandula
 
Experience in teaching devops
Len Bass
 
Dev ops and safety critical systems
Len Bass
 
VMworld 2013: ThinApp 101 and What's New in ThinApp Next Version
VMworld
 
1693: 21 Ways to Make Your Data Work for You - IBM Connect 2016
panagenda
 
Ad

Similar to 8 pipeline (20)

PPTX
Continuous Integration as a Way of Life
Melissa Benua
 
PDF
Architecting for the cloud storage build test
Len Bass
 
PDF
jenkins.pdf
shahidafrith
 
PDF
Jenkins_1679702972.pdf
MahmoudAlnmr1
 
PDF
SQL Server DevOps Jumpstart
Ori Donner
 
PPTX
Jenkins an opensource CICD platform for all
ssuserd7cedc
 
PPTX
The Rocky Cloud Road
Gert Drapers
 
PDF
Getting to Walk with DevOps
Eklove Mohan
 
PDF
Adopting agile in an embedded platform Suryakiran Kasturi & Akhil Kumar
XP Conference India
 
PPTX
Continuous Integration
XPDays
 
PDF
InterConnect2016_4932
Clare Carty
 
PPT
Application slides
IBM Rational software
 
PPT
Deployment module slides
IBM Rational software
 
PDF
Continuous Deployment of your Application @JUGtoberfest
Marcin Grzejszczak
 
PDF
Command Central Overview
Software AG
 
PPTX
Simics - Break the Rules of Product Development
Real-Time Innovations (RTI)
 
PDF
Ncerc rlmca202 adm m3 ssm
ssmarar
 
PDF
Innovation in Action - #MFSummit2017
Micro Focus
 
PPTX
Build it, Test it, Ship it: Continuous Delivery at Turner Broadcasting System...
Atlassian
 
PPTX
DevOps model in software engineering.pptx
RenyJose3
 
Continuous Integration as a Way of Life
Melissa Benua
 
Architecting for the cloud storage build test
Len Bass
 
jenkins.pdf
shahidafrith
 
Jenkins_1679702972.pdf
MahmoudAlnmr1
 
SQL Server DevOps Jumpstart
Ori Donner
 
Jenkins an opensource CICD platform for all
ssuserd7cedc
 
The Rocky Cloud Road
Gert Drapers
 
Getting to Walk with DevOps
Eklove Mohan
 
Adopting agile in an embedded platform Suryakiran Kasturi & Akhil Kumar
XP Conference India
 
Continuous Integration
XPDays
 
InterConnect2016_4932
Clare Carty
 
Application slides
IBM Rational software
 
Deployment module slides
IBM Rational software
 
Continuous Deployment of your Application @JUGtoberfest
Marcin Grzejszczak
 
Command Central Overview
Software AG
 
Simics - Break the Rules of Product Development
Real-Time Innovations (RTI)
 
Ncerc rlmca202 adm m3 ssm
ssmarar
 
Innovation in Action - #MFSummit2017
Micro Focus
 
Build it, Test it, Ship it: Continuous Delivery at Turner Broadcasting System...
Atlassian
 
DevOps model in software engineering.pptx
RenyJose3
 
Ad

More from Len Bass (16)

PDF
Devops syllabus
Len Bass
 
PDF
DevOps Syllabus summer 2020
Len Bass
 
PDF
5 infrastructure security
Len Bass
 
PDF
Quantum talk
Len Bass
 
PDF
Icsa2018 blockchain tutorial
Len Bass
 
PDF
Understanding blockchains
Len Bass
 
PDF
What is a blockchain
Len Bass
 
PDF
My first deployment pipeline
Len Bass
 
PDF
Securing deployment pipeline
Len Bass
 
PDF
Deployability
Len Bass
 
PDF
Architecture for the cloud deployment case study future
Len Bass
 
PDF
Architecting for the cloud cloud providers
Len Bass
 
PDF
Architecting for the cloud map reduce creating
Len Bass
 
PDF
Architecting for the cloud storage misc topics
Len Bass
 
PDF
Architecting for the cloud elasticity security
Len Bass
 
PDF
Architecting for the cloud scability-availability
Len Bass
 
Devops syllabus
Len Bass
 
DevOps Syllabus summer 2020
Len Bass
 
5 infrastructure security
Len Bass
 
Quantum talk
Len Bass
 
Icsa2018 blockchain tutorial
Len Bass
 
Understanding blockchains
Len Bass
 
What is a blockchain
Len Bass
 
My first deployment pipeline
Len Bass
 
Securing deployment pipeline
Len Bass
 
Deployability
Len Bass
 
Architecture for the cloud deployment case study future
Len Bass
 
Architecting for the cloud cloud providers
Len Bass
 
Architecting for the cloud map reduce creating
Len Bass
 
Architecting for the cloud storage misc topics
Len Bass
 
Architecting for the cloud elasticity security
Len Bass
 
Architecting for the cloud scability-availability
Len Bass
 

Recently uploaded (20)

PPTX
ManageIQ - Sprint 268 Review - Slide Deck
ManageIQ
 
PDF
Addressing The Cult of Project Management Tools-Why Disconnected Work is Hold...
OnePlan Solutions
 
PDF
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 
PDF
Understanding Forklifts - TECH EHS Solution
TECH EHS Solution
 
PPTX
CHAPTER 12 - CYBER SECURITY AND FUTURE SKILLS (1) (1).pptx
AnujKumar530915
 
PPTX
Introduction to Artificial Intelligence
lohedi9363
 
PDF
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
PDF
SAP S4 Hana Brochure 3 (PTS SYSTEMS AND SOLUTIONS)
pts464036
 
PDF
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
PDF
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
PDF
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
PDF
AI in Product Development-omnex systems
omnex systems
 
PDF
PTS Company Brochure 2025 (1).pdf.......
pts464036
 
PDF
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
PDF
Odoo Companies in India – Driving Business Transformation.pdf
azhuhardeen1968
 
PDF
medical staffing services at VALiNTRY
Tiyan Grayson
 
PDF
System and Network Administration Chapter 2
jaramharo
 
PDF
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
PPTX
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
PDF
Nekopoi APK 2025 free lastest update
umarali35kp
 
ManageIQ - Sprint 268 Review - Slide Deck
ManageIQ
 
Addressing The Cult of Project Management Tools-Why Disconnected Work is Hold...
OnePlan Solutions
 
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 
Understanding Forklifts - TECH EHS Solution
TECH EHS Solution
 
CHAPTER 12 - CYBER SECURITY AND FUTURE SKILLS (1) (1).pptx
AnujKumar530915
 
Introduction to Artificial Intelligence
lohedi9363
 
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
SAP S4 Hana Brochure 3 (PTS SYSTEMS AND SOLUTIONS)
pts464036
 
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
AI in Product Development-omnex systems
omnex systems
 
PTS Company Brochure 2025 (1).pdf.......
pts464036
 
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
Odoo Companies in India – Driving Business Transformation.pdf
azhuhardeen1968
 
medical staffing services at VALiNTRY
Tiyan Grayson
 
System and Network Administration Chapter 2
jaramharo
 
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
Nekopoi APK 2025 free lastest update
umarali35kp
 

8 pipeline

  • 1. DOSE: Deployment and Operations for Software Engineers Pipeline
  • 2. © Len Bass 2019 2 Overview • Introduction to a deployment pipeline • Environments
  • 3. © Len Bass 2019 3 Deployment pipeline • Developer creates and tests code on local machine. • Checks code into a version control system • Continuous integration server (CI) builds the system and runs a series of integration tests. • After passing the tests, the system is promoted to a staging environment where it undergoes more tests including performance, security, and user acceptance tests. • After passing those tests, the system is promoted to provisional production where it undergoes even more tests. • The system is finally promoted to normal production but the tests do not necessarily stop. Pre-commit tests X Build Image and Perform Integration tests UAT / staging / performance tests Deploy to production Commit ... Pre-commit tests Commit Developers promote to normal production
  • 4. © Len Bass 2019 Another view of the pipeline
  • 5. © Len Bass 2019 5 Goals during deployment pipeline • Team members can work on different versions of the system concurrently • Code developed by one team member does not overwrite code developed by others • Code produced by one team can be integrated with code produced by other teams • Code is the same during different stages • Different stages serve different testing purposes • Different stages are isolated from each other • A deployment can be easily rolled back if there is a problem. 5
  • 6. © Len Bass 2019 6 Desirable qualities of deployment pipeline • Traceability • Testability • Tooling • Cycle time 6
  • 7. © Len Bass 2019 7 Traceability When any code gets into production, it must be reconstructable All components that go into the executable image can be identified All tests that were run can be identified All scripts used during the pipeline process can be identified. When a problem occurs in the system when it goes into production, all of the elements that contributed to the system can be traced. 7
  • 8. © Len Bass 2019 8 Testing • Every stage (except production) has an associated test harness. • Tests should be automated. • Types of tests are • Sunny day tests • Negative tests • Regression tests • Static analysis • We will discuss stage specific tests when we discuss the stage. 8
  • 9. © Len Bass 2019 9 Database test data • Every stage has a database • Minimal during development • More substantial during build • Realistic during staging • After each test, database must be reconstituted to ensure repeatability • Personally Identifiable Information (PII) must be obscured.
  • 10. © Len Bass 2019 10 Test Harness Database Environment Load Balancer VMVMVM Configuration External Components Test Harness 1 A test harness generates inputs and compares outputs to verify the correctness of the code.
  • 11. © Len Bass 2019 11 Tooling • Version control system – manages different versions for development and production – e.g. Git • Configuration management tool – controls configuration of deployed image – e.g. Chef, Puppet, or Ansible • Continuous Integration tool – builds image and runs test – e.g. Jenkins • Deployment tool – places images into production. E.g. Spinnaker, Ansible, Chef • These tools must execute on a platform • Vagrant is a tool to help provision the platform 1
  • 12. © Len Bass 2019 12 Scripts for pipeline tools Scripts for pipeline tools are an example of infrastructure as code (IaC). They should be version controlled and tested just like application code.
  • 13. © Len Bass 2019 13 Cycle time • Cycle time is the time between the commit and the placing into provisional production. • Systems should move through the pipeline quickly • The time depends on • How large are the components that are constructed in the build stage • How long does it take to run tests on the system 1
  • 14. © Len Bass 2019 14 Different environments in pipeline • Development environment • Build (also called Integration) environment • Staging environment • Production environment • Different organizations may have additional environments defined 1
  • 15. © Len Bass 2019 15 Sample pipeline • A sample pipeline without staging environment can be found at https://github.com/cmudevops/class- materials/blob/master/deployment%20workflow.pdf 1
  • 16. © Len Bass 2019 16 Overview • Introduction to a deployment pipeline • Environments
  • 17. © Len Bass 2019 17 Environment • An environment is a set of computing resources sufficient to execute a software system including all of the supporting software, data sets, network communications, and necessary external entities. • Essentially, an environment is self contained except for explicitly defined external entities. • Multiple different environments in a pipeline.
  • 18. © Len Bass 2019 18 Isolating environments • Environments should run same code but should be isolated from each other. • One solution is to connect the code to all other elements of the environment through configuration parameters. • During initialization of the code, it acquires and makes operational all of its configuration parameters. • Elevates setting and management of configuration parameters to important element of deployment.
  • 19. © Len Bass 2019 19 Environment is isolated Database Environment Load Balancer VMVMVM Configuration External Components • Any references to database, external entities, network is controlled by configuration parameters. • As long as configuration parameters are correct, there is no way that the VMs can access other environments.
  • 20. © Len Bass 2019 20 Life Cycle of an environment • Each environment has a life cycle. When is it created, how is it used, when is it destroyed. • Having a defined life cycle allows scripting to control moving from one phase of the life cycle to the next. • One organization, for example, creates a new environment whenever the version control tree has a branch. So branching the version control system triggers a script to build the environment.
  • 21. © Len Bass 2019 21 Moving a system from one environment to another • Messages are routed through DNS server • Routing messages from one environment to another becomes partially a matter of changing the DNS server. • Messages can come from test harness or from users or from production portions of the system Production Database (copy) Test Environment Load Balancer VMVMVM DNS Server Production Database Production Environment Load Balancer VMVMVM points to
  • 22. © Len Bass 2019 22 Routing of messages does not totally solve movement problem • Dependencies on particular environment cause problems • The version of software used by the component may cause problems • Data in database for testing may cause problems • Other types of dependencies • OS version dependencies • Library versions
  • 23. © Len Bass 2019 23 Are OS dependencies really a problem? Version Added Symbols Removed Symbols Total Changes 3.15-rc6 387 194 1120 3.14.4 363 232 981 3.13.11 317 149 842 3.12.20 436 141 907 3.11.8 333 109 1514 3.10.19 726 200 2541 3.9.11 2102 859 6746 3.4.69 771 324 3665 3.2.52 474 128 3263 3.0.101 1860 863 8054 2.6.34.14 323 201 1261 2.6.33.20 401 185 1317 2.6.32.61 initial Linux kernel changes – x86_64
  • 24. © Len Bass 2019 24 Two paths to support movement of system • Manage relationship of component to other software in its environment • Turn other dependencies into configuration parameters and manage them • Both must be done
  • 25. © Len Bass 2019 25 Managing relationship of component to other software • Two basic strategies • Ensure software in each environment is identical • Move environment (or portion of the environment) together with the component
  • 26. © Len Bass 2019 26 Ensure software in each environment is identical • Do development in environment that is the same as staging and production environments, down to version numbers. • Requires that every development team develop on same environment – no version changes without all teams agreeing
  • 27. © Len Bass 2019 27 Move environment together with component • Move total environment • Create a virtual machine or container with all of the dependent software • Virtual machine or container is tested in staging and moved to production
  • 28. © Len Bass 2019 28 Two paths to support movement of system • Manage relationship of component to other software in its environment • Turn other dependencies into configuration parameters and manage them • Both must be done
  • 29. © Len Bass 2019 29 Summary - 1 • A deployment pipeline is a series of stages where each stage has • A specific testing purpose • An isolated environment • Each stage in the pipeline is controlled by some set of tools. • Scripts for these tools should be version controlled and tested. • The pipeline has a set of desirable properties that can be used to measure it 2
  • 30. © Len Bass 2019 30 Summary - 2 • Environments are isolated from each other • As systems move through the pipeline they • Move into environments that are kept identical or • Bring their environment with them • Configuration parameters are used to manage differences among environments
  • 31. © Len Bass 2019 31 Overview • Development environment • Build environment
  • 32. © Len Bass 2019 32 Development environment • Developer creates and tests code on local machine. • Version control • Uniform development environment across developers • Pre-commit unit tests • Feature toggles Pre-commit tests X Build Image and Perform Integration tests UAT / staging / performance tests Deploy to production Commit ... Pre-commit tests Commit Developers promote to normal production
  • 33. © Len Bass 2019 33 Uniform development environment • Goal: • Developers all have the same development environment • Developers have the same development environment as the production environment • Reduces errors caused by incompatabilities in versions/dependencies
  • 34. © Len Bass 2019 34 Vagrant Provisioned virtual machine Provisioning specifications Vagrant Vagrantfile • Vagrant takes a specification for a provisioned VM and produces such a VM on a provider such as VirtualBox • Specification is version controlled and shared among team members through version control system • Result is a common environment for development and production
  • 35. © Len Bass 2019 35 Workflow during development Retrieve version to modify from source control Interact with IDE to make modifications Unit tests pass? Fix errors No Perform static analysis Meets targets? Yes No Commit to source control Yes
  • 36. © Len Bass 2019 36 Pre commit testing • Tests run on a single module or class. • Dependent services are stubbed out or mocked • Very limited test database. • Test driven development. Write the tests before writing the code. • Unit tests. Specialized tests for single modules.
  • 37. © Len Bass 2019 37 Testing in Development Environment • Unit Testing/component testing • Verify the functionally of specific section of code • Includes static code analyzers, data flow, metrics analysis or peer code reviews • Acceptance Testing • Done by developer prior to integration or regression • Smoke/Sanity Testing • Reasonable to proceed with further testing or not • Minimal attempts to operate software
  • 38. © Len Bass 2019 38 Security Requirements • Security Requirements (SFR/SAR) • Risk Assessment • Abuse Case Development • Threat Modelling • Security Stories • Screen Development Tools • Secure/Hardened Environments
  • 39. © Len Bass 2019 39 Security processes during design • Threat Modelling • Vulnerability Analysis and Flow Hypothesis • Security Design Review • Dependencies List, Open-source libraries
  • 40. © Len Bass 2019 40 Security practices during development • Secure Coding Practices • Security Focused Code Review • Deprecate Unsafe Functions • Perform Security Unit Testing • Static Code Analysis • Checking of process and procedures for secure coding & traceability
  • 41. © Len Bass 2019 41 Test tools-Unit Testing • Junit : Testing framework for the Java/J2EE • Nunit: Testing framework with GUI for .Net platform • MSTest: Testing framework with CL outside Visual Studio • PYunit: Testing framework with Python • TestNG: Very similar to Junit but covers more (functional, end-to-end, integration etc.)
  • 42. © Len Bass 2019 42 Dealing with partial code • Scenario • Begin changing a particular module • Bug discovered in production version of that module • Fix bug • Check in • Error because new changes are not complete • Fix – put new code inside of a “feature toggle”. It still must compile but it does not have to execute correctly.
  • 43. © Len Bass 2019 43 Feature Toggle • A feature toggle is one kind of configuration parameter. Later it will be bound at run time, for this use it is development time If (feature_toggle) then New code else Old code end; • Feature toggles have other uses (later) • Feature toggles should be removed when no longer needed • They clutter up code • They were one source of Knight Capital meltdown ($440 million lost in 45 minutes)
  • 44. © Len Bass 2019 44 Overview • Development environment • Build environment
  • 45. © Len Bass 2019 45 Pre-commit tests X Build Image and Perform Integration tests UAT / staging / performance tests Deploy to production Commit ... Pre-commit tests Commit Developers promote to normal production Build Environment • Create executable image • Perform functional tests
  • 46. © Len Bass 2019 46 Purpose of Build Stage • Create executable image • Locating and compiling (if necessary) all of the elements of the executable image • Linking these elements together • Perform functional tests • Test integrated (whole) system • Automated • Limited amount of data in database but as real as possible • Same suite of test generators as during development
  • 47. © Len Bass 2019 47 Overview from Atlassian
  • 48. © Len Bass 2019 48 Creating an executable image • Continuous Integration (CI) server is notified of new commits (or polls for them) • When a new commit is detected, the CI server retrieves it • The CI server retrieves all relevant code and their dependencies • Executable image is created by compiling and linking all of the code and their dependencies.
  • 49. © Len Bass 2019 49 Potential errors during build • Code does not compile • Dependencies do not exist • Provided interfaces do not match required interfaces • Configuration parameters do not exist or are inconsistent
  • 50. © Len Bass 2019 50 Functional testing • Created image is subjected to a collection of automated tests • Tests are performed using a test harness • Tests are the result of • User stories • Regression tests • Rainy day scenarios • Trade off between comprehensiveness of tests and time it takes to run the tests • CI server reports results through e-mail or a web page.
  • 51. © Len Bass 2019 51 Testing in Continuous Integration Environment • Much like testing in the development environment except with multiple modules rather than a single one • Unit Testing/component testing • Built system testing • Detect defects in the interface and interaction between modules • Module/subsystem integration
  • 52. © Len Bass 2019 52 Test data • Test data is real (ish) but limited. • Need to worry about exposing private data to developers • Limited so that tests will run fast and keep build queue from growing • If tests change database, it must be refreshed before next set of tests. • No results should be sent to any production service – results in corrupting production version.
  • 53. © Len Bass 2019 53 External services • The environment includes connections to external services. • If the services are read only, they can be directly used • If the services are read/write then a test version must be furnished
  • 54. © Len Bass 2019 54 Promoting an image • Once an image is successfully tested it is promoted to the staging environment • Successful may not mean passing all of the tests • Some failures may stop the process • Other failures may just be noted but may allow the process to continue. • Success may be “95% of the tests succeed”
  • 55. © Len Bass 2019 55 Orchestration • Orchestration (in the context of a build server) is the automated arrangement, coordination, and management of the elements necessary to build, test, report, and migrate an executable image. • E.g. • Initiate a build upon commit of code • If build successful, then initiate test • Generate report every evening of daily activity • If tests successful promote image to staging
  • 56. © Len Bass 2019 56 Build scripts • Continual Integration servers are programmable • Where to find various components and tests • Logic to determine validity of components and tests and report results • Logic to determine promotion criteria • Programs for CI servers are called “scripts” • Scripts should be configuration managed and version controlled.
  • 57. © Len Bass 2019 57 Build has multiple users Pre-commit tests X Build Image and Perform Integration tests Commit ... Pre-commit tests Commit Developers • Build is performed by a continuous integration server (CI server) • CI is single threaded from perspective of systems (one build of a given system at a time) • Build error introduced by one developer affects all developers
  • 58. © Len Bass 2019 58 Best Practices • Executable image created during build stage does not change as it is promoted through to production • “Breaking the Build” is to be avoided and fixing a broken build is high priority • Traceability is maintained for all elements of the executable created.
  • 59. © Len Bass 2019 59 Summary • Every developers environment should be identical and should reflect the production environment • Security processes are important to harden code. • Pre-commit tests are of a single module. • Feature toggles are used in the Dev environment to deactivate code that is not yet ready for other environments • Build stage creates an executable impage • Build stage tests the executable image for functional correctness • Limited data used in the tests • CI servers are programmable
  • 60. © Len Bass 2019 60 Overview • Staging environment • Deployment strategies
  • 61. © Len Bass 2019 61 • Perform security and load testing • Sign off Pre-commit tests X Build Image and Perform Integration tests UAT / staging / performance tests Deploy to production Commit ... Pre-commit tests Commit Developers promote to normal production Staging Environment
  • 62. © Len Bass 2019 62 Testing in Staging Environment • Regression testing • Smoke testing • Compatibility testing • Integration testing • Functional Testing • Usability Testing • Install/uninstall testing • Performance testing • Security testing
  • 63. © Len Bass 2019 63 User Tests • Real (or simulated) users exercise the system. • Having real users is expensive and difficult to ensure coverage. • Record/playback works in some contexts • Teeing actual input works in some contexts • Having real users allows for exception testing in a better fashion than automated tests
  • 64. © Len Bass 2019 64 Performance tests • Test for performance with generated loads • Environment should be as real as possible • Load balanced • Auto scaled • Multiple instances
  • 65. © Len Bass 2019 65 Data base • Use as close to real data as possible. • One organization uses database that is one hour old (created as a back up by cloud vendor). • Constraints • Restore database after each test • Keep personal information private
  • 66. © Len Bass 2019 66 Security testing • Common Vulnerabilities and Exposures data base (CVE) • Buffer overflow • SQL injection • Penetration testing tools • Static analyzers • Fuzz Testing • Model checking
  • 67. © Len Bass 2019 67 Do not access production database! • Staging environment must be isolated from production database. • Accessing production database is one source of errors that came up several times in a survey of operations caused outages.
  • 68. © Len Bass 2019 68 Tooling • There are specialized load testing tools, e.g. Artillery • There are specialized security testing tools, e.g. • OWASP • Static analyzers • Model checkers
  • 69. © Len Bass 2019 69 Creating the staging data base This is Oracle’s recommendation. EUL is end user layer. EUL can be used to protect PII although this is not an ideal solution for testing.
  • 70. © Len Bass 2019 70 Overview • Staging environment • Deployment strategies
  • 71. © Len Bass 2019 71 Situation • Your application is executing • Multiple independent deployment units • Some of these deployment units may have multiple instances serving requests • You have a new version of one of the deployment units to be placed into production • An image of the new version is on the staging server or in a container repository
  • 72. © Len Bass 2019 72 Deploying a new version of an application Multiple instances of a service are executing • Red is service being replaced with new version • Blue are clients • Green are dependent services Staging/container repository VAVB VBVB
  • 73. © Len Bass 2019 73 Deployment goal and constraints • Goal of a deployment is to move from current state (N instances of version A of a service) to a new state (N instances of version B of a service) • Constraints: • Any development team can deploy their service at any time. I.e. New version of a service can be deployed either before or after a new version of a client. (no synchronization among development teams) • It takes time to replace one instance of version A with an instance of version B (order of minutes for VMs) • Service to clients must be maintained while the new version is being deployed.
  • 74. © Len Bass 2019 74 Deployment strategies • Two basic all of nothing strategies • Red/Black (also called Blue/Green) – leave N instances with version A as they are, allocate and provision N instances with version B and then switch to version B and release instances with version A. • Rolling Upgrade – allocate one instance, provision it with version B, release one version A instance. Repeat N times. • Partial strategies are canary testing and A/B testing.
  • 75. © Len Bass 2019 75 Trade offs – Red/Black and Rolling Upgrade • Red/Black • Only one version available to the client at any particular time. • Requires 2N instances (additional costs) • Rolling Upgrade • Multiple versions are available for service at the same time • Requires N+1 instances. • Rolling upgrade is widely used. Update Auto Scaling Group Sort Instances Remove & Deregister Old Instance from ELB Confirm Upgrade Spec Terminate Old Instance Wait for ASG to Start New Instance Register New Instance with ELB Rolling Upgrade in EC2
  • 76. © Len Bass 2019 76 Problems to be dealt with • Temporal inconsistency • Interface mismatch • Data inconsistency
  • 77. © Len Bass 2019 77 Temporal inconsistency example • Shopping cart example • Suppose your organization changes its discount strategy from discount per item to discount per shopping cart. • Version A’ of your service does discounts per item • Version A’’ does discounts per shopping cart. • Client C’s first call goes to version A’ and its second call goes to version A’’. • Results in inconsistent discounts being calculated. • Caused by update occurring between call 1 and call 2.
  • 78. © Len Bass 2019 78 Temporal inconsistency • Can occur with either Blue/Green or rolling upgrade • Prevented by using feature toggles. • Remember feature toggles?
  • 79. © Len Bass 2019 79 Preventing Temporal Inconsistency • Write new code for Service A’’ under control of a feature toggle • Install N instances of Service A’’ using either Rolling Upgrade or Blue/Green • When a new instance is installed begin sending requests to it • No temporal inconsistency, as the new code is toggled off. • When all instances of Service A are running Service A’’, activate the new code using the feature toggle.
  • 80. © Len Bass 2019 80 Feature toggle manager • There will be many different feature toggles • One for each feature • A feature toggle manager maintains a catalog of feature toggles • Current toggles vs instance version id • Current toggles vs module version • Status of each toggle • Activate/de-activate feature • Remove toggle (will place removal on backlog of appropriate development team).
  • 81. © Len Bass 2019 81 Activating feature • The feature toggle manager changes the value of the feature toggle. • A coordination mechanism such as Zookeeper or Consul could be used to synchronize the activation.
  • 82. © Len Bass 2019 82 Interface mismatch • Suppose version A’’ has a different interface from version A’ • Then if Service C calls version A’’ with an Interface designed for version A’ an interface mismatch occurs. • Recall that Service A can be upgraded either before or after Service C. • Interface mismatch is prevented by making interfaces backward compatible.
  • 83. © Len Bass 2019 83 Two types of data consistency problems during upgrade 1. Persistent data 2. Transient data 83
  • 84. © Len Bass 2019 84 Maintaining consistency between a service and persistent data • Assume new version is correct • Inconsistency in persistent data can come about because data schema or semantics change from one version to the next • Effect can be minimized by the following practices (if possible). • Only extend schema – do not change semantics of existing fields. This preserves backwards compatibility. • Treat schema modifications as features to be toggled. This maintains consistency among various services that access data. 84
  • 85. © Len Bass 2019 85 I really must change the schema • In this case, apply pattern for backward compatibility of interfaces to schema evolution. 85
  • 86. © Len Bass 2019 86 Transient data • An instance of a service may be maintaining transient data for some purpose • Caching for performance purposes • Maintaining session state • New instance may need access to this transient data – whether new version or instance of old version. 86
  • 87. © Len Bass 2019 87 Solution • Use coordination manager to maintain transient data • Ensure there is always at least one instance of a service that uses the coordination manager–otherwise data stored in coordination manager might be lost. 87
  • 88. © Len Bass 2019 88 Rollback • New versions of a service may be unacceptable either for logical or performance reasons. • Two options in this case • Roll back (undo deployment) • Roll forward (discontinue current deployment and create a new release without the problem). • Decision to rollback can be automated. Some organizations do this. • Decision to roll forward is never automated because there are multiple factors to consider. • Forward or backward recovery • Consequences and severity of problem • Importance of upgrade
  • 89. © Len Bass 2019 89 States of upgrade. • An upgrade can be in one of two states when an error is detected. • Installed (fully or partially) but new features not activated • Installed and new features activated.
  • 90. © Len Bass 2019 90 Possibilities • Installed but new features not activated • Error must be in backward compatibility • Halt deployment • Roll back by reinstalling old version • Roll forward by creating new version and installing that • Installed with new features activated • Turn off new features • If that is insufficient, we are at prior case.
  • 91. © Len Bass 2019 91 Partial deployments • Limited production testing (canary) • Marketing testing (A/B)
  • 92. © Len Bass 2019 92 Canary testing • Canaries are a small number of instances of a new version placed in production in order to perform live testing in a production environment. • Canaries are observed closely to determine whether the new version introduces any logical or performance problems. If not, roll out new version globally. If so, roll back canaries. • Named after canaries in coal mines. • Equivalent to beta testing for shrink wrapped software
  • 93. © Len Bass 2019 93 Implementation of canaries • Designate a collection of instances as canaries. They do not need to be aware of their designation. • Designate a collection of customers as testing the canaries. Can be, for example • Organizationally based • Geographically based • Then • Activate feature or version to be tested for canaries. Can be done through feature activation synchronization mechanism • Route messages from canary customers to canaries. Can be done through load balancer or DNS server. • Measure performance metrics
  • 94. © Len Bass 2019 94 A/B testing • A/B testing is done for marketing purposes, not testing purposes like canary testing • Show different customers different web sites • Compare results
  • 95. © Len Bass 2019 95 Examples • Do eBay users bid higher in auctions when they can pay by credit card? • Which promotional offers will most efficiently drive checking account acquisition at PNC Bank? • Which shade of blue for Google search results will result in more click throughs?
  • 96. © Len Bass 2019 96 Implementation • The same as canary testing. • Use feature toggles • Make load balancer or DNS A/B aware • Measure business measure responses.
  • 97. © Len Bass 2019 97 Summary - 1 • Staging environment is place to test for non-functional qualities • Performance • Usability • Security • Management of database during staging is complicated • Sufficient data for test • Restoring data base • Maintaining private data
  • 98. © Len Bass 2019 98 Summary - 2 • Two basic deployment strategies – Blue/Green and Rolling Upgrade • Use feature toggles to keep updates from being executed until all instances have been upgraded • Activate all instances simultaneously using coordination manager. • Maintain backward/forward compatibility • Treat database schema evolution as interface medication. • Paartial deployment strategies can be used for quality or marketing purposes.