DevOps and Its Importance Study Notes

Preview (22 of 71 Pages)

100%

Purchase to unlock

Loading page image...

1□What is DevOps?oA cultural and professional movement that stresses communication, collaboration, andintegration between software developers and IT operations professionals whileautomating the process of software delivery and infrastructure changes. It aims atestablishing a culture and environment where building, testing, and releasing software,can happen rapidly, frequently, and more reliably.o"Imagine a world where product owners, Development, QA, IT Operations and Infosecwork together, not only to help each other, but also to ensure that the overallorganization succeeds. By working towards a common goal, they enable the fast flow ofplanned work into production, while achieving world-class stability, reliability, availabilityand security."UWhy is DevOps Important?oTo meet these changing conditions, culture, practices and automation must becomemore "continuous".UDevOps Performance:oHighly evolved organizations have consistently demonstrated higher performance acrossfour key software performance metrics.o"Organizations that are "good at DevOps" have strong identities, clear responsibilities,autonomy over their own function, and well-defined interaction paradigms andcommunication channels with other teams."LDevelopment frequency: Low: Monthly or less often. Mid: Between daily andweekly. High: On demand (whenever we want).□Lead time for changes: Low: Between a week and 6 months. Mid: Less than aweek. High: Less than an hour.□MTTR: Low: Less than a week. Mid: Less than a day. High: Less than an hour.LChange failure rate: Low: Less than 15%. Mid: Less than 15%. High: Less than15%.□DevOps Foundation:oWith DevOps, people across the IT organization, working together, enable fast flow,feedback, and continuous improvement of planned work into production, whileachieving quality, stability, reliability, availability, security, and team satisfaction.□Practices: Automation, Architecture, Continuous Integration, ContinuousDelivery/Deployment, Continuous Testing.□Culture: Safe, trusting, respectful, collaborative, data driven, continuousimprovement, shared accountabilities.oThe Three Ways: are DevOps patterns identified in both "The DevOps Handbook" as wellas "The Phoenix Project."□The first way: Systems thinking.□The second way: Amplify Feedback Loops.□The third way: Culture of Continual Experimentation and Learning.1.Continuous Flow

Loading page image...

22.Continuous Feedback3.Continuous Experiment and Learning□Frameworks: Agile and SAFe, Lean, ITSM, DevSecOps, SRE (Site Reliability Engineering), VSM(Value Stream Management).□Values: CALMS (see below)oCALMS Model:FConsidered the pillars or values of DevOps: Culture, Automation, Lean,Measurement, Sharing (as put forth by John Willis, Damon Edwards, and JezHumble).□Continuous Testing:oContinuous Testing is the process of executing automated tests as part of the pipeline toobtain immediate feedback on the business risks associated with a software releasecandidate. "Shifting left" is about building quality into the software developmentprocess. When you shift left, fewer things break in production, because any issues aredetected and resolved earlier.FlShift Left means:oAn approach that strives to build quality into the software development process byincorporating testing early and often. This notion extends to security architecture,hardening images, application security testing, and beyond.UContinuous Integration (CI)oA development practice that requires developers to merge their code into trunk ormaster ideally at least daily and perform tests (i.e. unit, integration, and acceptance) atevery code commit.oContinuous integration (CI) is a development practice that requires developers tocommit code into a shared repository (master/trunk) at least daily.oWhile mostly associated with agile software development, waterfall approaches can alsotake advantage of continuous integration and testing practices.oEach commit is:□Validated by an automated build, automated unit, integration and acceptancetests.FIs dependent on consistent coding standards.LRequires version control repositories and CI servers to collect, build and testcommitted code together.□Runs on production-like environments.□Enables early detection and quick remediation of errors from code changesbefore moving to production.UContinuous Delivery (CD)oA methodology that focuses on making sure software is always in a releasable statethroughout its lifecycle.

Loading page image...

3CContinuous Deployment:oA set of practices that enable every change that passes automated tests to beautomatically deployed to production.oContinuous delivery is a methodology that focuses on making sure software is always ina releasable state throughout its lifecycle.oTakes continuous integration to next level.oProvides fast, automated feedback on a system's production-readiness.oPrioritizes keeping software releasable/deployable over working on new features.oRelies on deployment pipeline that enables push-button deployments on demand.oReduces the cost, time, and risk of delivering incremental changes.□Continuous Delivery & Continuous Deployment:oContinuous delivery is a prerequisite for continuous deployment into production.□Continuous Delivery: Dev > Application test > Integration test > Automatictrigger < Acceptance test > Manual trigger < Production.□Continuous Deployment: Dev > Application test > Integration test > Automatictrigger < Acceptance test > Manual trigger < Production.□DevSecOps:oA mindset that "everyone is responsible for security" with the goal of safely distributingsecurity decisions at speed and scale to those who hold the highest level of contextwithout sacrificing the safety required.oGoal: Safely distributed security decisions at speed and scale.oDev: Software. Sec: Safer. Ops: Sooner. "Through Security as Code, we have and willlearn that there is simply a better way for security practitioners, like us, to operate andcontribute value with less friction. We know we must adapt our ways quickly and fosterinnovation to ensure data security and privacy issues are not left behind because wewere too slow to change."— 2019 MP Infotech Corp.o"I believe the DevOps movement is a new fertile soil from which the build-security-inconcept can be reborn, renamed, and remade." Larry Maccherone.oValues:□Build security in more than bolt it on.CRely on empowered development teams more than security specialists.FImplement features securely more than security features.□Use tools as feedback for learning more than end-of-phase stage gates.□Build on culture change more than policy enforcement.LIValue Stream Management:oValue Stream Management is a combination of people, processes, and technologies thatmaps, optimizes, visualizes, measures, and governs business value flow throughheterogeneous software delivery pipelines from idea through development and intoproduction.

Loading page image...

CSite Reliability Engineering (SRE)oThe goal is to create ultra-scalable and highly reliable distributed software systems.oSRE's spend 50% of their time doing "ops" related work such as issue resolution, on-call,and manual interventions.oSRE's spend 50% of their time on development tasks such as new features, scaling orautomation.oMonitoring, alerting and automation are a large part of SRE.□

Loading page image...

5Questions:Q) Which of these is a value of DevSecOps?A) Build Security In.Q) What does CALMS stand for?A) Culture, Automation, Lean, Measurement, SharingQ) Which of the following are attributes that describe DevOps?A) All of the above:Achieve world class stability, reliability, availability and security.Product owners, Development, QA, IT Operations and InfoSec work together.Working on a common goal to enable fast flow of planned work.Q) Which best describes The Second Way of DevOps?A) Create short feedback loops.What is the second way of DevOps?The Second Way: Feedback loops and the need for amplification. The Second Way places value onproviding and receiving quick feedback on a continual basis. The aim is to improve work quality whilealso preventing repeat problems. When feedback loops are amplified, mistakes can quickly be identifiedand fixed.Q) Which of these is NOT a primary practice of DevOps?A) Continuous Planning

Loading page image...

6Module 2□Software Source and Artifacts Control:oSoftware source code and artifacts control systems and practices ensure that codechanges, and executable binary artifacts that result from builds, are saved, managed andreproducible. This is the single source of truth for software. ALL assets should reside in amanaged repository and include all types of assets.CSoftware Source and Artifacts Control Importance to DevOps:oEnables collaboration between developers and other stakeholders in the DevOpsenvironment.oEnables orderly flow of software changes.oDevelopers can make changes in their code modules in parallel and integrate theirchanges together to make a version that includes all changes.oSource and image changes can be labelled for testing, tracing, auditing and debugging.oEnable restoring to a specific "known good" version in case of problems.oGovernance and security.CWhat is Software Source Control?oAlso known as source code version control or source version management (SVM)oStore, track and manage versions of software source codeoEnables branches and merges of source code versions□Software Source Control: Tool Features:oDatabase of source code filesoMeta data (labels) and tags identify versions and changes informationoMerge changesoMake branchesoView dependencies between modulesoPush, Pull, Copy changesoIntegration with other tools DevOps toolchainoAccess & permissions managementoNotifications and alertsoHigh availability, replication, restore□Example Tools:□Azure DevOps Server□AWS Code Commit□Git□GitHubUGitLab□Perforce (P4)□Subversion (SVN)□Software Source Control Practices:oDevelopers "commit" changes to trunk at least once per day.o"Pull-Request protocol" ensures all commits are checked by the SVM system prior tocompleting the merge to the continuous integration "mainline" or "trunk" branch.oEach commit checks include verifying the code meets standards for documentation andtesting (E.g., source code analysis, unit testing, compilation checks, functionalintegration tests.)

Loading page image...

7UWhat is Software Artifacts Control?oArtifacts Control is also known as image management or artifact repository.oStore, track and manage versions of binary executable software modules and containersthat result from "builds" of source code.oRepository for versions of images and containers that are used for deployments to testand production environments.□Software Artifacts Control Practices (cont)oThe result of every build and container are saved in the repository.oImages and containers are signed to ensure tracing and auditing.oAccess and files are secured with access lists and permissions.oBackups and restores are tested periodically.□Software Source and Artifacts Control Support High Availability:oIf a failure is detected anywhere across the pipeline, the SVM and Artifact repository canrestore a prior working version quickly.oReplication and backups prevent loss.□Software Source and Artifacts Control Support Application Security and Governance:oLabels ensure versions and changes are traceable and auditable.oAccess controls prevent unauthorized access and changes.□Source and Artifact Control Benefits:oSoftware and Artifacts controls are crucial to DevOps.oTools for version management of software source code and artifacts with executablebinary images enable orderly flow, collaboration, pipeline integration. Security,governance, compliance, high availability and recovery features.Artifact Repository: Store for binaries, reports, and metadata. Example tools include JFrog Artifactory,Sonatype Nexus.□Ci/CD Pipeline:oCI/CD Pipelines, also known as Continuous Delivery Pipelines constitute the core ofDevOps processes in software engineering, CI/CD is the combined practices ofcontinuous integration (CI) and either continuous delivery or continuous deployment(CD).LWhy are CI/CD Pipelines Important?oCI/CD pipelines bridge gaps between development and operation activities and teams byenforcing automation and monitoring builds, tests and deployment of applications.□CI/CD Pipeline Practices:oCI/CD pipelines are made of a series of tools called toolchains that connect through APIs.oDevelopers test their code changes in their private environment prior to committing thechanges for integration.oA developer's "commit" action automatically triggers a pull-request to the CI processwhich checks, merges source code with trunk and builds new candidate artifacts.oThe back-end CD process verifies the candidate artifacts, prepares for deployment andpost-deployment tests.oThe decisions and actions to effect deployment to production may be automated andmay require a manual approval.□CI/CD Pipeline BenefitsoProcessing work in small batches has many benefits:

Loading page image...

8LFault isolation is quicker.□Mean time to resolution (MTTR) is shorter.□Testability improves.□Time to detect and correct production escapes is shorter.□The backlog of non-critical defects is lower.□The product improves rapidly.FSmaller units of change are less disruptive.□Product feature velocity is high.□Seamless, deployments to production.□Release cycles are shorter.□End-user involvement and feedback leads to usability improvements.oCI/CD Tools and ToolchainsFEach stage in a Cl/CD toolchain have specialized tools that perform the tasksassigned to each stage.oCI/CD Pipeline Tools Example Selection Criterion□Example factors for selecting DevOps Tools:□Compatible with application tech stack.□Compatible with Clouds and OS versions.□Control and observe tool through an API.I ICan be deployed in the cloud.□Can be packaged in containers.□Scale as elastically as the infrastructure.□Fault-tolerant and persistent.□User licenses do not block auto-scaling.□Pre-tested and supported integrations.□Metrics track tool usage and errors.□Cost to purchase and maintain.CI/CD Pipelines, also known as Continuous Delivery Pipelines: A continuous delivery pipeline refers tothe series of processes that are performed on product changes in stages. A change is injected at thebeginning of the pipeline. A change may be new versions of code, data, or images for applications. Eachstage processes the artifacts resulting from the prior stage. The last stage results in deployment toproduction.oApplication Release Automation (ARA)□ARA tools orchestrate resources, automate pipeline stage checks, regulates flowof changes and provides visibility of the flow across the end-to-end CI/CDpipeline.oApplication Release Automation (ARA) Capabilities:LMany tool integrations are supported.□Virtual and cloud infrastructures are supported.□Pipelines are configured as code.□Test environments are referenced abstractly.□Templates and tools used to onboard new applications.CBlack-out periods are defined for maintenance windows.FPipelines are abstracted (decoupled) from the applications.□Manual tasks are integrated into pipeline steps.□Highly scalable, secure, and configurable configurations are supported.

Loading page image...

9LEnvironment modeling and workflow-management capabilities.oApplication Release Automation (ARA) Benefits□ARA make DevOps application activities more manageable and visible.□Releases and pipelines can be specified as code.□Importing data from other tools simplifies modeling of applications andmicroservices.HEasy for DevOps users to monitor and manage pipeline activities.□Self-service capabilities simplify onboarding users and applications.Application Release Automation (ARA) or Orchestration (ARO): Controlled continuous delivery pipelinecapabilities including automation (release upon code commit), environment modeling (end-to-endpipeline stages, and deploy application binaries, packages, or other artifacts to target environments), andrelease coordination (project, calendar, and scheduling management, integrate with change controland/or IT service support management).oValue Stream Management (VSM)CVSM tools provide orchestration and analysis capabilities over one or morecontinuous delivery pipelines.□Benefits:oManage services that consist of multiple application pipelines.oMonitor aggregate resource utilization.oOptimize resources across multiple pipelines.□Example VSM tools: Plutora, Tasktop, Service Now,DigitaLai, CloudBeesValue Stream Management : Value Stream Management is a combination of people, processes, andtechnology that maps, optimizes, visualizes, measures, and governs business value flow throughheterogeneous software delivery pipelines from idea through development and into production.Value Stream : All of the activities needed to go from a customer request to a delivered product orservice.Mean Time to Repair/Recover (MTTR): Average time required to repair/recover a failed component ordevice. MTTR does not include the time required to recover or restore service.

Loading page image...

10Questions:Q) Application Release Automation tools do what?A) Make CI/CD pipeline flow visible.Q) What does CI/CD stand for?A) Continuous integration and continuous delivery.Q) Which of these is NOT a benefit derived from CI/CD pipelines?A) Feature velocity is slower.Q) Why is Source and Artifacts Control important to DevOps?A) Enable restoring to a specific "known good" version in case of problems.Q) Which of these is a best practice for software artifacts control?A) Access and files are secured with access lists and permissions.

Loading page image...

11Applications Architectures & Continuous Integration:EOne of the most important and misunderstood subject of DevOps.What is Application Architecture?□Application architecture describes the patterns and techniques use to both design and build anapplication or solution.FlArchitecture aligns to strategic goals of an organization.□The architectural patterns and blueprints selected need to support organizational goals.□There are many types of architectures with some being much more prominent based onrelationship between components or services.Architectural Pattern:Service Relationship:MonolithicTightly coupledN- tier/Multi-tierTightly coupledEvent-drivenLoosely coupledMicroservicesDecoupled"If frequent release of new features is a strategic goal, event-driven or Microservices patterns may be agreat choice!"Application Design for Continuous DeliveryUMonolith and legacy products can benefit from DevOps and CI/CD, but modular, immutablearchitectures are most readily suited for continuous delivery.UBest DevOps performance is achieved for products that are designed in modular fashion usingservice-oriented architectures, microservices patterns, and 12-factor apps design practices andpackaged into small containers.Key Principles of Application ArchitecturesI IProcess Considerations:oBuild quality inoWork in small batchesoRecognize that automation can do repetitive tasks while only people can solve problemsoRelentlessly pursue continuous improvementsFlHow NOT to do Continuous Delivery:oMonolithic architectureoWater-scrum-falloNo deployment pipeline"...trying to deliver plans that were developed a year or 18 months in the future. And then when youintegrate your code it is still taking days, maybe weeks, maybe months or even quarters to release code."12-Factor App Design Practices1.Codebase: One codebase tracked in revision control, many deploys.2.Dependencies: Explicitly declare and isolate dependencies.

Loading page image...

123.Configuration: Store config in the environment.4.Backing Services: Treat backing services as attached resources.5.Build, Release, Run: Strictly separate build and ran stages.6.Processes: Execute the app as one or more stateless processes.7.Port binding: Export services via port binding.8.Concurrency: Scale out via the process model.9.Disposability: Maximize robustness with fast startup and graceful shutdown.10. Dev/prod Parity: Keep development, staging, and production as similar as possible.11. Logs: Treat logs as event streams.12. Admin Processes: Run admin/management tasks as one-off processes.12 Factor App Design Practices Benefits: benefits of 12-factor Apps Practices:□Declarative formats support automation which reduces setup time and cost.EClean contract with the underlying operating system offers portability between executionenvironments.□Deployment on modem cloud platforms, reduces administration costs.□Minimizes divergence between dev and production environments.EScale up without significant changes to tooling, architecture, or dev practices.Feature Toggles (Config Flags) Practices: Put every software feature behind feature toggles because:□Allows safe work in production.□Only deliver changes to the right people at the right time.□Same code can support feature variation for specific environments.USupport feature variations for specific users.□Integrates with A/B test framework.□Can be used for gradual, controlled rollout of new features.Design Patterns: Typical solutions to common problems that appear in software design; patterns are likeblueprints that you can tailor to your particular need.UConcept of design patterns came from building architecture from a book called "A PatternLanguage: Towns, Buildings, Construction" by Christopher Alexander.EThe idea was picked up by four authors in 1994 - Gamma, Vlissides, Johnson, & Helm - andapplied to software engineering.What's included in a design pattern?□Intent - brief description of the problem and the solution.□Motivation - further explains the problem and how the solution addresses the problem.EStructure - shows the organization of the code into classes or file and how they relate.ECode Example - shown in popular languages to make it easier to understand the pattern.oDesign Patterns can differ by language and there are multiple categoriesDesign Pattern Library Practice:Benefits of Design Patterns:

Loading page image...

13UOn-board team members quicklyCQuickly rough out designs□Avoids duplication of effort□Consistent style□Consistent behaviorArchitect For:□Test-ability□Automation-ability□Deploy-ability□Monitor-ability□Configure-abilityCEvolve-abilityMicroservices: Microservices is an architecture pattern for building loosely coupled distributedautonomous services that are:□Well-bounded / cohesive.□Consumed via API.UIndependently developed.□Independently deployable.Benefits:□ProductivityFlBetter resource utilizationUEasy to package / deploy□Easy to changeMicroservices Prerequisites : The complexity of working with a distributed system dictates that achievingthe benefits of microservices require mature continuous delivery pipelines for each microservice,including:LClear understanding of user requirements□Continuous Integration□Continuous Testing□Continuous Deployment□Continuous MonitoringIIElastic infrastructures□Each microservice has its own database and repositoryMicroservices Practices:□Each microservice has its own CI/CD pipeline.□Keep test environments as close to production as is practical.LOne service per host minimizes the impact of one service on others and the impact of a hostoutage.□Use VMs/containers to make deployment and management easier.

Loading page image...

14oContainers map very well to microservices.o"Immutable servers."Monolith to Microservices Design Strategy:□Do it incrementally, not as a big-bang rewrite.□This often results in hybrid approach with some microservices and some legacy.□Look for seams - areas of code that are independent, focused on a single business capability.□Domain-Driven Design and the notice of Domain Contexts is a useful tool.□Look for areas of code that change a lot (or need to change.)□Don't ignore organizational structure (Conway's Law).□Dependency analysis tools can help identify partitions but are no panacea.Microservice Data Considerations:□A leading practice called "Poly repos" has each micro-service with its own database to helpassure independence.□A Relational Database Management System (RDBMS) is typically a source of undesirabledependency coupling.LIUnderstand your schema:oForeign Key constraintsoShared mutable dataoTransactional boundaries□Avoid distributed transactionsFlSplit data before you split codeUConsider NoSQL instead of RDBMSMicroservices Cautions:□There are more moving parts to co-ordinate operationally.UChanging requirements may impact multiple services.□Rigorous failure handling and resiliency is critical.LReporting will need to change - you probably won't have all the data in a single place or even asingle technology.□Success depends upon network reliability.□Microservice catalogs can help tack services across clusters.Microservices Concerns:□Config Management□Service Discovery & LB□Resilience & Fault Tolerance□API Management□Service Security□Centralized Logging□Centralized Metrics□Distributed Tracing□Scheduling & Deployment

Loading page image...

15UAuto Scaling & Self HealingMicroservices and Containers:□Containers: An approach to software development that packages pieces of code so that they canquickly be plugged into and run on an Operating System (OS) such as Linux.LContainerization is a lightweight alternative to full machine virtualization.□It involves encapsulating an application in a container with its own operating environment.□This provides many of the benefits of loading an application onto a virtual machine as theapplication can be run on any suitable physical machine without worries about dependencies.Microservices and Containers 2Containerized microservices offer the following benefits:□Infrastructure agility□Reduced setup and execution time for build and test□Immutable server simply replaced as needed.□Easy replication□Applications run without worrying about the underlying stackUEasy to automate deploymentWhat is Continuous Integration (CI)?In software engineering, continuous integration (CI) is the practice of merging all developers' workingcopies to a shared mainline several times a day.Benefits of Continuous Integration:□Improved communication□Accelerates releasesLImproved mainline stability□Fast error detectionI IImproved qualityUImproved governance and complianceELower total cost of software□Improved job satisfactionCI System Components□CI works as an automated system, consisting of the following components:oSource Version Management (SVM)oCI orchestration engine (CI Server)oBuild and test infrastructure, tools and processesoArtifact RepositoryHow Does CI Work?□Commits:

Loading page image...

16oDevelopers "commit" changes at least once per day to the Software VersionManagement System.o"Pull-Request protocol" ensures all commits are checked by the SVM system prior tocompleting the merge to the continuous integration "mainline" or "trunk" branch.oA change that affects a dependent code module automatically triggers a new build forthe dependent module for testing.How Does CI Work?□Checks, Build and TestsoDeveloper submits Pull request.oThe CI server automates and orchestrates the CI processes.oStatic checks are performed on the code (E.g., code logic and exceptions).oBuilds produce executable code images.oDynamix tests including unit tests and functional "smoke" tests are performed on theimages.How Does CI Work?□Images, Merges, ReportsoImages that pass the tests are stored in an Artifact Repositoiy as potential releasecandidates.oThe verified code changes are merged into the mainline code in the SVM.oAll the steps are made visible in a Dashboard.oPull request is accepted.oAny exceptions or failures are reported in alert messages.CI Workflow1.Verify merge gate thresholds are satisfied.2.Merge changes with mainline repository.3.Run static scans on merged code.4.Orchestrate build resources.5.Create the build.6.Save build artifacts to artifact repository.7.Run unit tests.8.Save unit test results to artifact repository.9.Release the build resources back to the pool.10. Orchestrate functional test resources.11. Run functional tests.12. Perform analysis and assessments.13. Save test results to artifact repository.14. Remediate any problems discovered.15. Promoted the build to the delivery stage.16. Release test resources back to the pool.Branching and Merging PracticesOne mainline "trunk"

Loading page image...

17UCode is continuously integrated.CTests run on integrated codebase.□Developers see others changes immediately.□Avoids "merge hell" at the end.□Instant feedback about application status.oSource code, images and test versions in same branch structure ensures consistency."No Feature Branches" Best Practice□No separate feature branches.□Merge when code is pulled from mainline (trunk branch).□Branch in-code (within mainline) using feature toggles (i.e., config flags).FEliminates merging issues and keeps everyone accountable.FlSimple and easy to understand.Cl Inputs are GatedPractice - mainline merges are automatically gated by thresholds:□Code inspection results.FlUnit test results.CStatic analysis metrics.□Cyclomatic complexity metrics.□Pre-flight functional test results.□Code coverage results.□Reason for change documentation.High priority violations stop a merge. Warnings are issued for lower priority violations.Continuous Integration (CI) Summary:FCl is the heart of DevOps.□Automation of the commit, build, test, release image creating and reporting processes,combined with CI practices assure that mainline is stable and continuously available for newchanges.□CI provides many benefits and is a pre-requisite for faster time for new, high quality, secure,compliant code releases.Summary:Architecture : The fundamental underlying design of computer hardware, software, or both incombination.Container: Away of packaging software into lightweight, stand-alone, executable packages includingeverything needed to run it (code, runtime, system tools, system libraries, settings) for development,shipment, and deployment.Unit tests : The purpose of the test is to verify code logic.Microservices: A software architecture that is composed of smaller modules that interact through APIsand can be updated without affecting the entire system.

Loading page image...

18Q: Which of these is NOT a benefit derived from CI/CD pipelines?A: Feature velocity is slower.Q: An enterprise wants to implement CI for a large group of business applications. Where should thethey start?A: Model the Value Streams.Q: Which of these is a best practice for software artifacts control?A: Access and files are secured with access lists and permissions.Q: Which of the following is NOT an attribute of microservices?A: Other applications control and observe microservices using programs compiled with the microservicescode.Q: What does CI/CD stand for?A: Pipeline of Continuous Integration and Continuous Delivery processes.

Loading page image...

19Module 4: Continuous TestingWhat is Continuous Testing?□Continuous Testing is a quality assessment strategy in which most tests are automated andintegrated within a DevOps value stream.FlDevOps testing assessments are performed "continuously" on incremental product changesusing a production equivalent environment for each of the end-to-end DevOps pipeline stages.Continuous Testing Myth□Myth: Continuous testing is a phase between DevOps pipeline integration and delivery stages.FlTruth: Continuous testing is implemented as part of all DevOps pipeline stages, end-to-end, inaccordance with a "continuous" testing strategy.Holistic Testing□Planning starts at design.□DevOps practices like TDD, BDD, and CI.I IStatic code analysis is a form of testing!UFinding and remove redundant test cases.□Once you deploy, monitor and observe.□Test in production using feature toggles.□Learn from data about production usage and behavior.□Emergence of TestOps.Continuous Testing Tenets□Continuous testing, when engineered well, is implemented in accordance with five Tenets.oShift leftoFail oftenoRelevanceoTest fastoFail early□Continuous Testing Tenets - Shift LeftoWhat? Conduct each test as early in the pipeline as possible.oWhy? Defects are detected and corrected more efficiently compared to strategies inwhich many tests are concentrated nearer the end of the pipeline.oHow? Concentrate more complete testing as early as possible in the SDLC.□Continuous Testing Tenets - Fail EarlyoWhat? Test the most likely problem cases during the earliest possible stage.oWhy? Defects are corrected more efficiently compared to strategies in which many testsare concentrated nearer the end of the pipeline.oHow? Include system and regression tests during Pre-Flight testing using a productionequivalent environment.□Continuous Testing Tenets - Fail OftenoWhat? Run tests frequently and with many different conditions.

Loading page image...

20oWhy? Defects are detected and corrected more efficiently compared to strategies inwhich many test conditions are concentrated nearer the end of the pipeline.oHow? Run all tests, including those run during Pre-Flight, CI and CD phases, inproduction-equivalent environment conditions.□Continuous Testing Tenet - Test FastoWhat? Accelerate the time for test execution.oWhy? Problems are fixed quicker when they are found quicker.oHow? Schedule tests frequently, for each change or small number of changes rather thanwaiting for large batches of changes.□Continuous Testing Tenet - RelevanceoWhat? Focus on the most important tests and resultsoWhy? Tests and test results are continuously focused on the highest priorities most likelyto add value to the product and not waste time on lower value items.oHow? Select tests which best match the changes being processed and assess test resultsby focusing on the most relevant result data.Test Creation StrategiesFlContinuous Testing requires the creation and maintenance of automated tests. There are avariety of methods for creating automated tests including:□Scripting automated tests.□Keyword-driven tests.□Interactive capture/replay tests.□Test driven development (TDD).FModel-based tests.LBehavior-based tests.□Scripting Automated TestsoAutomated tests, when scripted correctly, save a lot of time. However, there are manypitfalls to avoid. The Key is knowing which tests are most important to automate.oGood candidates for automated testing include:□Repetitive tests that are used often.FTests that require multiple data sets.□Changes for code areas that are high risk.□Tests impossible to perform manually.□Tests that ran on multiple hardware or software platforms and configurations.□Tests that take a lot of effort and time when manual testing.□Keyword-Driven Tests (Table driven testing)oKeyword-Driven testing is also known as table-driven testing or action-word-basedtesting. This methodology uses keywords (or action words) to symbolize a functionalityto be tested. The test execution logic is hidden in the code that implements thekeyword.oAdvantages:LSuitable for both manual and automated testing.□Easy to understand test descriptions.□Tests are maintainable and tolerant to changes of the application.□Open and extensible frameworks unites tools, assets, and data.oDisadvantages:

Loading page image...

21LRequires keyword specific tools.□Keyword code logic must be maintained.□Interactive Capture-Replay TestingoUsing a capture and replay tool, a tester operates an EUT, records (captures) the inputsand outputs, replays the input actions and compares the responses to capturedresponse outputs.oAdvantages:LEasy to create an executable test and test data without coding.□Suitable for GUI, CUI, APU and protocol testing.oDisadvantages:□Requires manual editing of the script to make it reusable and maintainable withdifferent data sets.UTest-Driven Development (TDD)oWith Test-Driven Development (TDD) the tests are created in advance of the code that isto be tested. Tests DRIVE actions, dictate the code design and determine when the codeis complete.oBenefits:□Guarantees code changes have some test coverage.□Unambiguously defines the code requirements.LEncourages collaboration between QA and designers.oTest-Driven Development and design applies to unit tests, functional tests andacceptance tests but is most often applied to EUT code level testing duringdevelopment.□Test-Driven Development (TDD) PracticesoWrite tests that fail before new functional code. This is different than unit testing wherethe tests are written afterwards.oUse TDD when the design goals are understood. Otherwise use unit testing.oUse real objects if possible and a double (code substitute) if it's awkward to use the realthing.oUse code stubs and "Mock Objects" (Mocks) to substitute for external dependencies orto isolate internal dependencies.FStubs verify states of the EUT.□Mocks verify behavior of the EUT to ensure it made correct calls on the mockobject.oTreat aggregated objects as a single EUT - do not breakup encapsulated objects.oReuse Assertions code to validate states of an EUT.□Model-Based TestsoModel-Based testing is the automatic generation of tests, using models of systemrequirements and behavior. Models represent an abstraction of a system from aparticular perspective. Models support investigation, construction, and prediction of themodeled system.oAdvantage:□Tests are created automatically Better than TDD for addressing bigger issuessuch as the overall design, how people will use the system, and the UI design.oDisadvantages:

Loading page image...

22LRequires substantial up-front effort to build and maintain models. Test coveragedepends on the validity and completeness of the model. Complex systemsrequire complex models.□Behavior-Based TestsoNatural language descriptions expressing EUT behavior and expected outcomes areconverted into tests which execute in a tool.oAdvantages:LSpecification and test documentation are aligned.□Executable specifications encourage closer collaboration, helping teams keepthe business goal in mind at all times.CDevelopers, testers and business folks can explore the problem domain, andcollaborate to produce concrete examples that describe the behavior they want.FSupports a close relationship between acceptance criteria for a given functionand the tests used to validate that functionality.oDisadvantages:□Requires all team members to learn special methods and tools and write andmaintain complete behavior descriptions.□Test Acceleration StrategyoTesting needs to keep up with the ever-increasing demand for speed. What can be doneto accelerate continuous testing?□Organize the team for speed (reduce bottlenecks and handoffs).□Select powerful resources (Vertical scaling).□Run more tests in parallel (Horizontal scaling).□Choose test tools designed for fast execution.□Organize test schedules and test suites to fail early.CDesign test cases to fail early.□Arrange test results to minimize wait times.□Test Results Analysis StrategyoWhat can be done to ensure continuous test results analysis keeps pace with acceleratedcontinuous testing?FDetermine clear responsibilities and define time budgets and targets forresponding to problems found by testing.FDesign test scripts for efficient test results analysis.□Choose test tools that are designed for fast test results analysis.□Choose and configure test analysis tools to process results aa they are available.□Configure workflows flow for optimum test results analysis.CTest Results PracticesoTest results include verdicts (pass, fail, inconclusive).oA common framework is used for reporting test results.oDev, QA, and Ops stakeholders can access test results.oAutomated and manual test results, are accumulated and reported.oTest results are stored in a version management system.oTest trend analysis are produced for tests.oTest results report formats summarize information and allow telescoping to details.oTest results thresholds trigger actions when thresholds are exceeded.UTest ManagementoTests are as important as the code because the tests are the validation of the code.

Preview Mode

This document has 71 pages. Sign in to access the full document!

Report

Study Now!

Document Details

Related Documents

Veeam Certified Engineer VMCE-V12

Modules 1 - 3 Basic Network Connectivity and Commu

Notes CCNA

CCNA 200-301 Portable Command Guide 5th Edition 20

CCNA 200-301 Portable Command Guide 5th Edition 22

CCNA 200-301 Portable Command Guide 5th Edition 36

Foundations of Novell Networking Section 26

Modulo 7 DHCPv4

Build and troubleshooting Integration Challenge

Entregable 02 Red Hat Kevin Cortez

Company

Explore

Study Tools