seeking closure in an open world: a behavioral agent approach to configuration management
DESCRIPTION
Seeking Closure in an Open World: a Behavioral Agent Approach to Configuration Management. Alva Couch, John Hart, Elizabeth G. Idhaw, Dominic Kallas {couch,hart,greenlee,dkallas}@cs.tufts.edu. Goals. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Seeking Closure in an Open World: a Behavioral Agent Approach to Configuration Management](https://reader035.vdocuments.site/reader035/viewer/2022070416/56815161550346895dbf859a/html5/thumbnails/1.jpg)
Seeking Closure in an Open World: a Behavioral Agent Approach to Configuration
Management
Alva Couch, John Hart, Elizabeth G. Idhaw, Dominic Kallas
{couch,hart,greenlee,dkallas}@cs.tufts.edu
![Page 2: Seeking Closure in an Open World: a Behavioral Agent Approach to Configuration Management](https://reader035.vdocuments.site/reader035/viewer/2022070416/56815161550346895dbf859a/html5/thumbnails/2.jpg)
Goals
• Long range goal is portable validation: validate a configuration once, works the same everywhere(!).
• Short-range goals include developing: – an algebraic model of configuration
management– Relationships between that model and
established mathematical knowledge– examples of next-generation components and
interfaces
![Page 3: Seeking Closure in an Open World: a Behavioral Agent Approach to Configuration Management](https://reader035.vdocuments.site/reader035/viewer/2022070416/56815161550346895dbf859a/html5/thumbnails/3.jpg)
Pressures
• So many parameters
• So little time
• Unclear semantics
• Latent effects
• … a sea of minutiae
![Page 4: Seeking Closure in an Open World: a Behavioral Agent Approach to Configuration Management](https://reader035.vdocuments.site/reader035/viewer/2022070416/56815161550346895dbf859a/html5/thumbnails/4.jpg)
Closures and Conduits
• A closure is a “domain of semantic predictability” where parameter bindings make sense. “What you ask for is what you get.”
• A conduit is an approved mechanism for communication between closures
• Contract: if you use only the conduit, and all will work as documented
• Can close the box and stop remembering the minutiae that make the closure work
• Closest thing we have to a unit of modularity
![Page 5: Seeking Closure in an Open World: a Behavioral Agent Approach to Configuration Management](https://reader035.vdocuments.site/reader035/viewer/2022070416/56815161550346895dbf859a/html5/thumbnails/5.jpg)
Closure is not new
• Network appliances
• Highly reliable subsystems (e.g., DHCP and DNS)
• Switch and grid fabrics
• Anything that always does exactly what you say.
![Page 6: Seeking Closure in an Open World: a Behavioral Agent Approach to Configuration Management](https://reader035.vdocuments.site/reader035/viewer/2022070416/56815161550346895dbf859a/html5/thumbnails/6.jpg)
Creating aClosure
tests
statesconfigurations
Set values
Select subsets
policies
Measure effects
closureCoherence
behaviorCodify
parameters
processes
requirementsDesign
Implement
ExtractS
oftw
are
Eng
inee
ring
proc
ess C
losure Engineering process
![Page 7: Seeking Closure in an Open World: a Behavioral Agent Approach to Configuration Management](https://reader035.vdocuments.site/reader035/viewer/2022070416/56815161550346895dbf859a/html5/thumbnails/7.jpg)
Kinds of Configuration Parameters
• Behavioral (exterior): determine what user sees
• Incidental (interior): no effect on user perception– Dependent: determined by choices for
behavioral parameters– Environmental: determined by operating
environment – Arbitrary: value doesn’t affect behavior
![Page 8: Seeking Closure in an Open World: a Behavioral Agent Approach to Configuration Management](https://reader035.vdocuments.site/reader035/viewer/2022070416/56815161550346895dbf859a/html5/thumbnails/8.jpg)
Example: web server
• Exterior (behavioral) parameters– What content is served? – Response time/robustness/reliability– Bindings to other services (e.g., databases)
• Interior (incidental) parameters– Where to locate software (environmental) – Where content is stored (depends upon response
time, robustness, etc)– Protection model for files (depends on content)
• Apache httpd.conf: about 80% interior
![Page 9: Seeking Closure in an Open World: a Behavioral Agent Approach to Configuration Management](https://reader035.vdocuments.site/reader035/viewer/2022070416/56815161550346895dbf859a/html5/thumbnails/9.jpg)
SA and SQA
• System administration is the opposite of software quality assurance
• In SQA, we want to locate problems in software
• In system administration, we want to avoid problems
• Primary technique: limit achievable configuration states; validate all possible states
![Page 10: Seeking Closure in an Open World: a Behavioral Agent Approach to Configuration Management](https://reader035.vdocuments.site/reader035/viewer/2022070416/56815161550346895dbf859a/html5/thumbnails/10.jpg)
Minimizing Achievable State
• Always use unvarying order for configuration operations
• Generate whole configuration from same declaration every time
• Always copy a validated state• Always use same values for arbitrary
parameters• Enforce invariant structure for
configuration files
![Page 11: Seeking Closure in an Open World: a Behavioral Agent Approach to Configuration Management](https://reader035.vdocuments.site/reader035/viewer/2022070416/56815161550346895dbf859a/html5/thumbnails/11.jpg)
Constraints and Expense
• Interior (incidental) parameters are under-constrained → incidental heterogeneity → difficulty learning or troubleshooting→ maintenance expense!
• By contrast, exterior parameters are strongly constrained→ enforced homogeneity→ shorter learning curve → cheaper process maturity!
![Page 12: Seeking Closure in an Open World: a Behavioral Agent Approach to Configuration Management](https://reader035.vdocuments.site/reader035/viewer/2022070416/56815161550346895dbf859a/html5/thumbnails/12.jpg)
(Intelligent?) Agents
• Our approach: interpose an agent between system administrator and system
• Input to agent: exterior parameters
• Output from agent: settings for all parameters, including incidental ones
• Minimal intelligence: maps from desired exterior behavior to incidental configuration
![Page 13: Seeking Closure in an Open World: a Behavioral Agent Approach to Configuration Management](https://reader035.vdocuments.site/reader035/viewer/2022070416/56815161550346895dbf859a/html5/thumbnails/13.jpg)
Cost and Value
• Value of agents: site consistency and homogeneity improve portability of validation
• Cost of agents: must represent enough exterior data to completely determine incidental data – Must define service constraints– Must supply all content through the agent
• Result: agent-controlled web servers require content staging!
![Page 14: Seeking Closure in an Open World: a Behavioral Agent Approach to Configuration Management](https://reader035.vdocuments.site/reader035/viewer/2022070416/56815161550346895dbf859a/html5/thumbnails/14.jpg)
Theory and Practice
• Theory: how do closures combine?– Formal definitions– Preliminary results
• Practice: what building blocks does one need to create a closure?– Incremental changes to configuration files– Service provision architecture
![Page 15: Seeking Closure in an Open World: a Behavioral Agent Approach to Configuration Management](https://reader035.vdocuments.site/reader035/viewer/2022070416/56815161550346895dbf859a/html5/thumbnails/15.jpg)
Theory: Preliminary Results
• Can easily construct compositions of closures that are not closures.
• Key component in maintaining closure during composition is awareness of parameter overlap between closures
![Page 16: Seeking Closure in an Open World: a Behavioral Agent Approach to Configuration Management](https://reader035.vdocuments.site/reader035/viewer/2022070416/56815161550346895dbf859a/html5/thumbnails/16.jpg)
Theory: Some Subtleties
• Closure A dominates closure B if for every reasonable configuration of A there is a matching and consistent configuration of B.
• Dominance isn’t transitive: If A dominates B and B dominates C, then A need not dominate C
• Even if dominance is transitive in a set of closures, this does not assure global consistency
• Problem: lack of parameter knowledge
![Page 17: Seeking Closure in an Open World: a Behavioral Agent Approach to Configuration Management](https://reader035.vdocuments.site/reader035/viewer/2022070416/56815161550346895dbf859a/html5/thumbnails/17.jpg)
Foolproof CompositionDominancehierarchy
Parameterhierarchy
A
B C
D E
A
B
C
D E
A → B means “A controls B”
Containment represents parameter structure”
![Page 18: Seeking Closure in an Open World: a Behavioral Agent Approach to Configuration Management](https://reader035.vdocuments.site/reader035/viewer/2022070416/56815161550346895dbf859a/html5/thumbnails/18.jpg)
Practice: Preliminary Prototypes
• Build closures based upon transactional file control, not stream editing
• Build coherent service architecture by interacting with file closures
![Page 19: Seeking Closure in an Open World: a Behavioral Agent Approach to Configuration Management](https://reader035.vdocuments.site/reader035/viewer/2022070416/56815161550346895dbf859a/html5/thumbnails/19.jpg)
Incremental File Editing
/etc/services
services.xml
XML structural declaration
New services.xml
New /etc/services
XSLT format
parse
change
render
Editing commands
![Page 20: Seeking Closure in an Open World: a Behavioral Agent Approach to Configuration Management](https://reader035.vdocuments.site/reader035/viewer/2022070416/56815161550346895dbf859a/html5/thumbnails/20.jpg)
Declaring File Structure (once)<xmft:file path="/etc/services"> <xmft:repeat sorted-by="port" keys="service:port+prot" name="lines">
<xmft:line> <xmft:var type="string" desc="service name" name="service“/> <xmft:whitespace/> <xmft:var type="integer" desc="ip port number" name="port“/> <xmft:text>/</xmft:text> <xmft:choice type="protocol name" name="prot"> <xmft:option><xmft:text>tcp</xmft:text></xmft:option> <xmft:option><xmft:text>udp</xmft:text></xmft:option> </xmft:choice> <xmft:repeat> <xmft:whitespace/> <xmft:var type="string" desc="protocol alias" name="alias"> </xmft:var> </xmft:repeat> </xmft:line> </xmft:repeat> </xmft:file>
![Page 21: Seeking Closure in an Open World: a Behavioral Agent Approach to Configuration Management](https://reader035.vdocuments.site/reader035/viewer/2022070416/56815161550346895dbf859a/html5/thumbnails/21.jpg)
Preliminary Editing Operations
• insert what (service='tftp', port='6900', proto='udp')
• delete where (service='tftp' and proto='udp')
• update where (service='tftp’) what (port='8800')
![Page 22: Seeking Closure in an Open World: a Behavioral Agent Approach to Configuration Management](https://reader035.vdocuments.site/reader035/viewer/2022070416/56815161550346895dbf859a/html5/thumbnails/22.jpg)
20-20 Hindsight: Ideal Editing
assert service=tftp port=6900 proto=udp
retract service=tftp
![Page 23: Seeking Closure in an Open World: a Behavioral Agent Approach to Configuration Management](https://reader035.vdocuments.site/reader035/viewer/2022070416/56815161550346895dbf859a/html5/thumbnails/23.jpg)
Service Synthesis: FTP
configuration
service
file package process
/etc/services
services
inetd
/etc/inetd.conf
ftp inetd
![Page 24: Seeking Closure in an Open World: a Behavioral Agent Approach to Configuration Management](https://reader035.vdocuments.site/reader035/viewer/2022070416/56815161550346895dbf859a/html5/thumbnails/24.jpg)
Conclusions
• Our lives as system administrators are full of interdependent minutiae
• Behavioral thinking can determine which are important and induce a modularity of effect
• Agents can manage modules and shield us from dealing with non-behavioral parameters
• Result is increased consistency, lower bug exposure, and lower administrative cost.
![Page 25: Seeking Closure in an Open World: a Behavioral Agent Approach to Configuration Management](https://reader035.vdocuments.site/reader035/viewer/2022070416/56815161550346895dbf859a/html5/thumbnails/25.jpg)
Lessons Learned
• We seek the rosetta stone that will link system administration to the rest of computer science and engineering, as well as mathematical knowledge
• Subtleties of our goals and practices cause surprising and subtle results
• Cannot simply apply known theorems; must repeat their proofs and see if they still work!
![Page 26: Seeking Closure in an Open World: a Behavioral Agent Approach to Configuration Management](https://reader035.vdocuments.site/reader035/viewer/2022070416/56815161550346895dbf859a/html5/thumbnails/26.jpg)
Current Status
• Software still prototype
• New theory: – Can split validation into two phases:
1. Avoid effects of latent variables
2. Validate outcome
– Avoidance of latent problems is statically verifiable in configuration scripts
![Page 27: Seeking Closure in an Open World: a Behavioral Agent Approach to Configuration Management](https://reader035.vdocuments.site/reader035/viewer/2022070416/56815161550346895dbf859a/html5/thumbnails/27.jpg)
Acknowledgements
• Lssconf working group• Configuration Management and Infrastructure
workshops and BOFs• CFengine (happy 10th birthday!) • Network Appliance Corp
![Page 28: Seeking Closure in an Open World: a Behavioral Agent Approach to Configuration Management](https://reader035.vdocuments.site/reader035/viewer/2022070416/56815161550346895dbf859a/html5/thumbnails/28.jpg)
Contact
• Email: [email protected]
• Speaker table: moved to 5:30 pm session (due to unavoidable conflicts)