Cloud Computing for E-Commerce Lectures - COMP315 - May 2024 PDF
Document Details
Uploaded by SharpestDanburite2461
University of Liverpool
2024
Dom Richards
Tags
Summary
This document is a set of lecture notes for a course on cloud computing for e-commerce, taught at the University of Liverpool in May 2024. The lecture series covers topics such as data centers, servers, JavaScript, and Kubernetes.
Full Transcript
Cloud Computing for E-Commerce COMP315 Dom Richards University of Liverpool May 10, 2024 Dom Richards (University of...
Cloud Computing for E-Commerce COMP315 Dom Richards University of Liverpool May 10, 2024 Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 1 / 761 Table of Contents 1 Data Centres 9 Hosting 17 Kubernetes III 2 Servers 10 Storage 18 React II 3 JavaScript 11 TypeScript I 19 Kubernetes IV 4 HTML 12 TypeScript II 20 Next.js I 5 Containers 13 Kubernetes I 21 Kubernetes V 6 Security 14 Ansible II 22 Next.js II 7 Ansible I 15 Kubernetes II 23 Kubernetes VI 8 Networking 16 React I 24 Next.js III Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 2 / 761 Introduction Welcome to Cloud Computing for E-Commerce! Over the next 12 weeks, you’ll learn about one of the most fast moving and practically applicable areas in computer science. In cloud computing, data centres are used to run large, computationally demanding software applications. It’s particularly useful for e-commerce, for things like hosting websites, taking payments and dispatching orders. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 3 / 761 What is the Cloud? It’s basically a large collection of computers (“servers”) that can be accessed via the internet, together with the software that runs on those computers. These computers live in data centres, which are owned by cloud providers such as Amazon Web Services (AWS), Microsoft Azure and Google Cloud. Other companies can rent these resources from the cloud providers, and build their own applications on top of them. Companies also build their own private clouds. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 4 / 761 What is the Cloud Used For? E-Commerce: hosting online stores and managing transactions. Website Hosting Software-as-a-Service (SaaS): e.g. Google Documents, Microsoft Office Online, Spotify. Cloud Gaming: e.g. NVIDIA GeForce Now, Xbox Cloud Gaming. Artificial Intelligence: e.g. ChatGPT. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 5 / 761 What is E-Commerce? E-commerce refers to the buying and selling of goods and services over the internet. Goods include physical products such as electronics, clothing, and books. Services include things like online banking, digital streaming, and professional consultations. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 6 / 761 Course Requirements The course requires familiarity with an object oriented programming language such as Python. It’s most suitable for students who are confident programmers. We’ll move quickly through a lot of fairly advanced material... so, if you’re at a point in your programming journey where you’re easily phased by new code, you might find the course quite challenging. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 7 / 761 Module Take-Aways You’ll learn how to build a cloud-based e-commerce system from the ground up. This includes designing websites (so-called front end development skills), as well as building the cloud-based infrastructure that the website runs on (back end development skills). So, the course aims to get you started on your way to becoming a full stack developer. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 8 / 761 Technical Take-Aways The front end part of the course will be focused on web development in JavaScript and related technologies. The back end part of the course will focus on Kubernetes, which is a container orchestration system what can serve businesses of any scale from hobby projects up to the largest companies in the world. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 9 / 761 Labs, Tutorials and Assessment Josh will say more shortly... 6 labs and 6 tutorials, on alternating weeks Coursework and exam Multiple choice exam Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 10 / 761 Data Centres Data Centres 1 Data Centres A Data Centre Tour Data Centre Hardware Components Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 11 / 761 Data Centres A Data Centre Tour 1 Data Centres A Data Centre Tour Data Centre Hardware Components Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 12 / 761 Data Centres A Data Centre Tour AWS Data Centre External View Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 13 / 761 Data Centres A Data Centre Tour Google Data Centre Inside View Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 14 / 761 Data Centres A Data Centre Tour Server Rack Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 15 / 761 Data Centres A Data Centre Tour Server Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 16 / 761 Data Centres A Data Centre Tour Network Switch Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 17 / 761 Data Centres A Data Centre Tour Server Cooling Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 18 / 761 Data Centres A Data Centre Tour Rack Cooling Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 19 / 761 Data Centres A Data Centre Tour Other Approaches to Data Centre Cooling Data centres can be located in cool climates or even underwater: Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 20 / 761 Data Centres A Data Centre Tour Other Data Centre Tours If you’re interested to see more: Tour of Equinix IBX LD5 data centre in London Google data centre Der8auer tour of a State-of-the-art data centre Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 21 / 761 Data Centres Data Centre Hardware Components 1 Data Centres A Data Centre Tour Data Centre Hardware Components Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 22 / 761 Data Centres Data Centre Hardware Components Commodity Hardware Data centre servers are typically built from commodity hardware. Commodity hardware is relatively inexpensive, and is also called off-the-shelf hardware (because you can buy it off the shelf in hardware stores). It’s similar to the hardware that you find in desktop PCs, but a bit higher spec. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 23 / 761 Data Centres Data Centre Hardware Components Compute Resources As with a PC, servers have CPUs, RAM, hard disks, network cards etc, but they don’t have a monitor, keyboard or mouse. Servers are typically rack mounted, and connected to a network switch which is mounted at the top of the rack, and referred to as a top of rack switch. The top of rack switch is used to connect the server to other servers in the same rack. It also connects the server to the data centre’s network. Hard drives can be placed on the servers and/or accessible via the data centre’s network. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 24 / 761 Data Centres Data Centre Hardware Components Network Interface Cards Network Interface Cards (NICs) allow individual hardware components to connect to a network. Any component that connects to a network has a NIC - from data centre servers to laptops to smart fridges. Also called network interfaces, network adaptors or network cards. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 25 / 761 Data Centres Data Centre Hardware Components Network Switches and Routers Network switches connect the devices on a computer network. Routers join different networks together. They’re commonly used to connect local networks to the internet or other remote networks. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 26 / 761 Data Centres Data Centre Hardware Components Firewalls Firewalls are network security devices that sit on the boundary of a network and monitor and filter incoming and outgoing traffic. They work by examining each packet of data to determine whether it should be allowed through or not, based on a set of rules. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 27 / 761 Servers Servers 2 Servers Operating Systems Virtual Machines Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 28 / 761 Servers Introduction In this lecture we’ll look the software that runs on cloud-based servers. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 29 / 761 Servers Operating Systems 2 Servers Operating Systems Virtual Machines Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 30 / 761 Servers Operating Systems Operating Systems for Cloud Servers Operating systems manage a computer’s hardware and software resources, and provide these in an accessible way to other computer programs. For example they: Allocates resources like CPU, memory, and I/O devices. Control the creation, deletion, and access of files. Offers a user interface, either graphical (GUI) or command-line (CLI). You’re probably familiar with operating systems such as Windows, macOS and/or Android. Servers mostly use Linux. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 31 / 761 Servers Operating Systems What is Linux? Linux is a free and open-source family of operating systems that are built on top of a common kernel (which we’ll discuss shortly). It was created by Linus Torvalds in 1991 as a hobby project, and it has grown into the dominant operating system for cloud computing (so you’ll see plenty of it in this course). It’s available in numerous distributions, such as Red Hat Enterprise Linux (RHEL), Ubuntu, Fedora, Debian, and CentOS, each tailored to specific use cases and user preferences. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 32 / 761 Servers Operating Systems The Linux Kernel The Linux kernel is the heart of Linux operating systems It manages hardware resources and provides essential services to the software that runs on it. When a software application wants to access hardware, it makes a request to the kernel, which then handles the request. The kernel performs functions such as: Process management: Handles the creation and termination of processes. Memory management: Manages memory allocation and deallocation. Device drivers: Interacts with hardware through device drivers. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 33 / 761 Servers Operating Systems Kernel Space vs User Space User Space Applications Linux Kernel Device Modules CPU Filesystem Module Devices Memory Kernel Space Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 34 / 761 Servers Operating Systems Kernel Space vs User Space Kernel Space: This is where the kernel operates and has complete access to the hardware. It operates in a protected memory area, ensuring stability and security. User Space: This is where user applications run. User space processes have limited access to the hardware and must communicate with the kernel for resource access. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 35 / 761 Servers Operating Systems The Linux Root The root user is a special user account that has the highest privileges in the system (although as a user, it still operates within the rules and capabilities set by the Linux kernel). It can modify system settings, manage user accounts, etc. While powerful, using the root user account can be risky as it has the potential to cause significant system damage if used improperly. So, users will typically use the root user account only when necessary, and use a regular user account for day-to-day tasks. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 36 / 761 Servers Virtual Machines 2 Servers Operating Systems Virtual Machines Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 37 / 761 Servers Virtual Machines Virtualisation Virtualisation is the process of creating virtual versions of physical components such as servers, storage devices, networks, storage or NICs. We’ll see plenty of it throughout this course. Virtual Machines (VMs): Software emulations of an entire physical server. Hypervisor: A software layer runs on a physical server and enables the creation and management of a number of virtual machines. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 38 / 761 Servers Virtual Machines Type 1 vs Type 2 Hypervisors Type 1 Hypervisors Run directly on the host’s hardware Type 2 Hypervisors Also known as bare-metal Run on a host operating system hypervisors Also known as hosted hypervisors Very high performance and Easier to set up and use efficiency. (Not quite as good as Example: VMware Workstation, bare metal, but close.) Oracle VirtualBox Example: VMware ESXi, Microsoft Hyper-V Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 39 / 761 Servers Virtual Machines Tech Stack for Type 1 Hypervisors Application 1 Application 2 Application 3 VM 1 VM 2 VM 3 Hypervisor Hardware Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 40 / 761 Servers Virtual Machines Benefits of Virtualisation Efficiency: Maximises resource utilisation. Cost Savings: Reduces the need for physical hardware. Flexibility: Eases the deployment and management of IT environments. Isolation: Provides secure and isolated environments for different applications. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 41 / 761 Servers Virtual Machines Required Reading for Next Week Please make sure to read the following chapters before our next meeting: JavaScript Crash Course, Nick Morgan. Skim through “Part I: The Language”. JavaScript Crash Course is on the O’Reilly website, which you can use for free if you are logged in to it via the university library website. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 42 / 761 JavaScript JavaScript 3 JavaScript JavaScript Basics Compound Data Types Conditionals and Loops Functions Classes Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 43 / 761 JavaScript Required Reading The following chapters are required reading alongside the lecture slides: JavaScript Crash Course, Nick Morgan. “Part I: The Language”. You may also find chapter 7 useful. It gives an overview of HTML, the DOM, and CSS. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 44 / 761 JavaScript JavaScript, HTML and CSS JavaScript, HTML, and CSS form the cornerstone of front end web development (i.e. development of code that runs in the user’s web browser). JavaScript: Is an object oriented programming language. Runs in web browsers. Can be used to design / program how the web pages behave on the occurrence of an event. HTML (Hyper Text Markup Language) is the standard markup language for creating web pages. It describes the structure of a web page and it’s used along with CSS to design the layout of the web page. CSS (Cascading Style Sheets) is a style sheet language used for describing the look and formatting of a document written in HTML. It provides the visual aspects of the web page that HTML is not designed to do. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 45 / 761 JavaScript Browser Consoles Browsers come with a built-in JavaScript console that allows you to write and execute JavaScript code on the fly. You can run all of the code snippets in this lecture by pasting them into the browser console. (As long as your browser allows pasting into the console.) Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 46 / 761 JavaScript Using Node.js to Run JavaScript Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine. It allows you to run JavaScript on your server or your laptop. You’ll first have to install Node.js from https://nodejs.org/. To start the Node.js interactive shell, open your terminal and type ‘node‘, then press Enter. You can now enter JavaScript code, and it will be executed immediately. To exit, press Ctrl + C twice or type ‘.exit‘ and press Enter. $ node > console.log('Hello, World!'); Hello, World! undefined >.exit Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 47 / 761 JavaScript JavaScript Console Example > let x = 10; undefined > x 10 > x + 5 15 > let y = 'Hello, world!'; undefined > y 'Hello, world!' > y.toUpperCase() 'HELLO, WORLD!' Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 48 / 761 JavaScript JavaScript Basics 3 JavaScript JavaScript Basics Compound Data Types Conditionals and Loops Functions Classes Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 49 / 761 JavaScript JavaScript Basics JavaScript Primitive Types JavaScript has only seven primitive types, which are not objects and have no methods: Undefined: A variable that has not been assigned a value is of type undefined. Null: This type has one value, null, and is used to represent the intentional absence of any object value. Boolean: This type has two values, true and false, and is used to represent logical values. Number: This type is used to represent numeric values. It can be used to represent both integers and floating point numbers. String: This type is used to represent textual data. Symbol: (Introduced in ES6)This type is used to create unique identifiers for objects. BigInt: (Introduced in ES2020) This type is used to represent integers of arbitrary length. Everything else (e.g. functions) is an object. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 50 / 761 JavaScript JavaScript Basics Undefined Versus Null Undefined: A variable that has been declared but has not yet been assigned a value is undefined. It is also the value returned from a function that does not explicitly return anything. Example: let x; console.log(x); // Outputs: undefined Trying to access a non-existing object property also returns undefined. Null: Null represents the intentional absence of any object value. It is often used to represent a ’no-value’ or ’no-object’ state. Example: let y = null; console.log(y); // Outputs: null It needs to be assigned explicitly and means that the variable intentionally points to no object. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 51 / 761 JavaScript JavaScript Basics String, Number, and Boolean Types String: Represents textual data, e.g., 'hello'. Computations on Strings include length, substring, replace, toLowerCase, toUpperCase, etc. Number: Represents both integer and floating-point numbers, e.g., 10, 20.5. Computations on Numbers include addition, subtraction, equality, etc. Boolean: Represents logical entities, can be either true or false. Computations on Boolean arithmetic, if statements etc. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 52 / 761 JavaScript JavaScript Basics Expressions vs Statements Expressions: An expression is any valid unit of code that resolves to a value. Examples include 2 + 2, 'Hello' + 'World', and console.log('Hello World'). Expressions can be used wherever JavaScript expects a value. Statements: A statement performs an action. Examples include var x = 10;, if (x > 10) {...}, and for (var i = 0; i < 10; i++) {...}. Statements control the program flow and can contain expressions. While expressions always produce a value, statements may not. Statements often contain expressions, but the reverse is not true. Semicolons are used to separate statements. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 53 / 761 JavaScript JavaScript Basics Let, Const and Var Let: The let keyword is used to declare a variable. It has block scoping, meaning the variable exists only within the block where it’s declared. let variables can be updated but not re-declared. Compared to var (below), let is more modern and is generally the preferred choice for variable declaration due to its block scoping. Const: The const keyword is used to declare a variable that cannot be re-declared or updated. const is block-scoped, like let. const is used when the variable should not change after its initial assignment. Var: The var keyword is also used to declare variables. It’s an older alternative to let, and it has complicated behaviour that you should usually try to avoid. It is function-scoped, as opposed to the block-scoping of let and const. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 54 / 761 JavaScript JavaScript Basics Function Scope Variables declared with var inside a function are scoped to the function. function testFunctionScope() { var x = 1; if (true) { var x = 2; // same variable! console.log(x); // Outputs: 2 } console.log(x); // Outputs: 2 } Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 55 / 761 JavaScript JavaScript Basics Block Scope Variables declared with let or const are scoped to the block. function testBlockScope() { let y = 1; if (true) { let y = 2; // different variable console.log(y); // Outputs: 2 } console.log(y); // Outputs: 1 } Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 56 / 761 JavaScript JavaScript Basics Truthiness and Equality Truthiness: In JavaScript, a value is either "truthy" or "falsy", based on its inherent boolean representation (i.e. how it behaves in a boolean context such as an if statement). Truthy Values: Values that are considered true when encountered in a Boolean context. Most values are truthy unless they are defined as falsy. Examples: {}, [], 42, "false", new Date(), -42, 3.14, -3.14, Infinity, -Infinity Falsy Values: Values that are considered false when encountered in a Boolean context. Examples: false, 0, -0, 0n, "", null, undefined, NaN Double Equals (==): The double equals operator performs type coercion if the types of the two variables being compared are different. Example: 1 == "1" // Outputs: true Triple Equals (===): The triple equals operator, also known as the strict equality operator, does not perform type coercion. Example: 1 === "1" // Outputs: false Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 57 / 761 JavaScript JavaScript Basics Truthy and Falsy Gotchas Here are some common gotchas with truthiness: Empty arrays and objects are truthy: Even though they are "empty", they are still considered truthy because they are objects. The string "0" is truthy: Even though the number 0 is falsy, the string "0" is truthy. NaN is falsy: Even though it’s a numeric value, NaN (Not a Number) is considered falsy. null and undefined are different: Both are falsy, but they are used in different contexts. null is an assigned value that means "no value" or "no object". undefined means a variable has been declared, but no value has been assigned to it. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 58 / 761 JavaScript JavaScript Basics Template Literals Template literals are string literals allowing embedded expressions. They are enclosed by the backtick (‘ ‘) character instead of double or single quotes. Template literals can contain placeholders. These are indicated by the dollar sign and curly braces (‘$expression‘). let name = 'John'; let greeting = `Hello, ${name}!`; console.log(greeting); // Outputs: Hello, John! Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 59 / 761 JavaScript Compound Data Types 3 JavaScript JavaScript Basics Compound Data Types Conditionals and Loops Functions Classes Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 60 / 761 JavaScript Compound Data Types Arrays A JavaScript array represents a collection of elements. Elements in an array are ordered and accessed by their index number. Creation: let numbers = [1, 2, 3, 4, 5]; Indexing: let firstNumber = numbers; // firstNumber is now 1 Very similar to lists in Python, which are written as e.g. numbers = [1, 2, 3, 4, 5] Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 61 / 761 JavaScript Compound Data Types Array Methods push(): Adds new elements to the end of an array, and returns the new length. E.g. numbers.push(6); // numbers = [1,2,3,4,5,6] pop(): Removes the last element from an array, and returns it. E.g. numbers.pop(); // returns 6, numbers = [1,2,3,4,5] shift(): Removes the first element from an array, and returns that element. E.g. numbers.shift(); // returns 1, numbers = [2,3,4,5] unshift(): Adds new elements to the beginning of an array, and returns the new length. E.g. numbers.unshift(1); // numbers = [1,2,3,4,5] slice(): Returns a shallow copy of a portion of an array. E.g. let firstThree = numbers.slice(0, 3); // firstThree is [1,2,3] splice(): Changes the contents of an array by removing or replacing existing elements and/or adding new elements. E.g. numbers.splice(2, 1, 'three'); // numbers = [1, 2, 'three', 4, 5] concat(): Used to merge two or more arrays, and returns a new array. E.g. let moreNumbers = numbers.concat([6, 7, 8]); // moreNumbers = [1,2,'three',4,5,6,7,8] Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 62 / 761 JavaScript Compound Data Types Objects A JavaScript object is a collection of properties where each property is an association between a key and a value. Creation: let student = {name: "John", age: 20, grade: "A"}; Accessing Properties: let name = student.name; // name is now "John" Modifying Properties: student.age = 21; // student is now {name: "John", age: 21, grade: "A"} Adding Properties: student.major = "Computer Science"; // student is now {name: "John", age: 21, grade: "A", major: "Computer Science"} Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 63 / 761 JavaScript Compound Data Types The this Keyword In JavaScript, this is a special keyword that’s set when a function is called. What it’s set to depends on how the function was called. In a method, this refers to the owner object. Alone, this refers to the global object. In a function, this refers to the global object. In a function, in strict mode, this is undefined. const person = { firstName: "John", lastName: "Anderson", id: 5566, fullName: function() { return this.firstName + " " + this.lastName; } }; Here, this in the fullName method refers to the person object. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 64 / 761 JavaScript Compound Data Types Strict Mode in JavaScript Strict mode eliminates some silent errors by changing them to throw errors. To invoke strict mode for a script, put "use strict"; before any statements. You can also apply strict mode to individual functions. In strict mode, this is undefined in functions that are not methods or constructors. function testFunction() { "use strict"; if (this === undefined) { console.log("'this' is undefined"); } else { console.log("'this' is defined"); } } testFunction(); // Outputs: 'this' is undefined Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 65 / 761 JavaScript Compound Data Types Object Literals vs. Object Constructors An object literal is a list of zero or more pairs of property names and associated values of an object, enclosed in curly braces ({}). Example: let student = {name: "John", age: 20, grade: "A"}; The object constructor can also be used to create an object: Example: let student = new Object(); student.name = "John"; student.age = 20; student.grade = "A"; Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 66 / 761 JavaScript Compound Data Types Working with Objects Object.keys(): This method returns an array of a given object’s property names. Example: let keys = Object.keys(student); // keys is now ["name", "age", "grade"] Object.entries(): This method returns an array of a given object’s [key, value] pairs. Example: let entries = Object.entries(student); // entries is now [["name", "John"], ["age", 20], ["grade", "A"]] Object.assign(): This method is used to copy properties from one or more source objects to a target object. It will return the target object. Example: let studentCopy = Object.assign({}, student); // studentCopy is now {name: "John", age: 20, grade: "A"} Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 67 / 761 JavaScript Compound Data Types Functions Are Objects Too In JavaScript, functions are objects. This means that, for example, functions can have their own properties and methods. function myFunction() { // Function body here } console.log(myFunction instanceof Object); // true Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 68 / 761 JavaScript Compound Data Types Object Destructuring Object destructuring allows you to extract properties from an object into individual variables. const student = { name: "Alice", age: 20, major: "Computer Science" }; const { name, age, major } = student; Here, we create a student object, and then use destructuring to create the name, age, and major variables from the properties of the student object. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 69 / 761 JavaScript Compound Data Types Spread Operator The spread operator allows an iterable such as an array or string to be expanded in places where zero or more arguments or elements are expected. const arr1 = [1, 2, 3]; const arr2 = [...arr1, 4, 5]; // arr2 is now [1, 2, 3, 4, 5] function sum(a, b, c) { return a + b + c; } console.log(sum(...arr1)); // Outputs: 6 Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 70 / 761 JavaScript Compound Data Types Spread Operator for Objects The spread operator can also be used to create a new object by combining the properties of two existing objects. const obj1 = { a: 1, b: 2 }; const obj2 = { c: 3, d: 4 }; const newObj = {...obj1,...obj2 }; // newObj is now { a: 1, b Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 71 / 761 JavaScript Compound Data Types Prototype Chains Objects have a special hidden property [[Prototype]], which is either null or references another object. That object is called "a prototype": When we read a property from object, and it’s missing, JavaScript automatically takes it from the prototype. This process is called "prototype inheritance". The prototype of the final object in this chain is null. Accessing properties of null raises an exception, ending the chain. The methods of an object come from its prototype, properties are stored in the object itself. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 72 / 761 JavaScript Compound Data Types Prototype Chains let animal = { eats: true }; let rabbit = { jumps: true, __proto__: animal }; console.log(rabbit.eats); // true Here, rabbit inherits from animal, so when eats is accessed on rabbit, it’s taken from animal. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 73 / 761 JavaScript Compound Data Types Prototype Chains with Object.create The Object.create() method creates a new object, using an existing object as the prototype of the newly created object. let animal = { eats: true }; let rabbit = Object.create(animal); rabbit.jumps = true; console.log(rabbit.eats); // true Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 74 / 761 JavaScript Conditionals and Loops 3 JavaScript JavaScript Basics Compound Data Types Conditionals and Loops Functions Classes Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 75 / 761 JavaScript Conditionals and Loops If Statements Example with If Statements: let score = 100; if (score > 80) { console.log("Excellent"); } else if (score > 40) { console.log("Good"); } else { console.log("Try again"); } Example with Ternary Operator: let score = 100; let result = score > 80 ? "E" : score > 40 ? "G" : "T"; console.log(result); Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 76 / 761 JavaScript Conditionals and Loops The Switch Statement Example: let fruit = 'Banana'; switch(fruit) { case 'Apple': console.log("Apples are 0.65 a pound."); break; case 'Banana': console.log("Bananas are 0.35 a pound."); break; default: console.log("Sorry, we are out of " + fruit + "."); } Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 77 / 761 JavaScript Conditionals and Loops The For Loop Example: for (let i = 0; i < 5; i++) { console.log(i); } Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 78 / 761 JavaScript Conditionals and Loops The For...Of Loop The for...of loop was introduced in ES6. It’s used to loop over iterable objects such as arrays and strings. Example: let fruits = ['apple', 'banana', 'cherry']; for (let fruit of fruits) { console.log(fruit); } Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 79 / 761 JavaScript Conditionals and Loops The For...In Loop The for...in loop is used to loop over the properties of an object. Example: let student = {name: 'John', age: 20, major: 'CS'}; for (let prop in student) { console.log(prop + ': ' + student[prop]); } Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 80 / 761 JavaScript Conditionals and Loops The While and Do-While Loops Examples: let i = 0; while (i < 5) { console.log(i); i++; } let j = 10; do { console.log(j); j++; } while (j < 15); Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 81 / 761 JavaScript Functions 3 JavaScript JavaScript Basics Compound Data Types Conditionals and Loops Functions Classes Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 82 / 761 JavaScript Functions Function Expressions and Arrow Functions Functions are defined as follows: function greet1(name) { return "Hello, " + name; } They can also be defined using function expressions or arrow functions. const greet2 = function(name) { return "Hello, " + name; } const greet3 = (name) => { return "Hello, " + name; } Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 83 / 761 JavaScript Functions Rest Parameters The rest parameter syntax allows a function to accept any number of arguments as an array. function sum(...numbers) { let total = 0; for (let number of numbers) { total += number; } return total; } console.log(sum(1, 2, 3, 4)); // Outputs: 10 Here, the sum function uses the rest parameter syntax to accept any number of arguments, and then calculates their sum. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 84 / 761 JavaScript Classes 3 JavaScript JavaScript Basics Compound Data Types Conditionals and Loops Functions Classes Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 85 / 761 JavaScript Classes Classes Classes are a template for creating objects. They’re a relatively recent addition to JavaScript, and are syntactical sugar over JavaScript’s existing prototype-based inheritance (which we saw above). class Car { constructor(brand) { this.carname = brand; } present() { return 'I have a ' + this.carname; } } In this example, Car is a class with two methods: constructor and present. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 86 / 761 JavaScript Classes Creating an Object To create an object from a class, use the new keyword. let myCar = new Car("Ford"); console.log(myCar.present()); // Outputs: I have a Ford Here, we create a new Car object named myCar, and call the present method on it. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 87 / 761 JavaScript Classes Inheritance Classes can inherit features from other classes, a concept known as inheritance. class Model extends Car { constructor(brand, mod) { super(brand); this.model = mod; } show() { return this.present() + ', it is a ' + this.model; } } let myModel = new Model("Ford", "Mustang"); console.log(myModel.show()); // Outputs: I have a Ford, it is a Mustang Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 88 / 761 HTML HTML 4 HTML Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 89 / 761 HTML Introduction to HTML HTML stands for Hyper Text Markup Language. It combines: Hypertext: Text that links to other text or documents. Markup: A system for annotating text in documents. HTML annotations are realised through tags, which are names enclosed in angle brackets. For example: A document’s body is marked by: and. These tags define HTML elements, representing various aspects of a web page (headings, images, paragraphs, etc.). Elements can nest within each other, creating a structured document. The content within opening and closing tags is the element’s content, crucial for defining the web page’s visible structure and content. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 90 / 761 HTML Introduction to the DOM The Document Object Model (DOM) is a programming interface for web documents. It represents the structure of a document and allows programs to manipulate the document’s structure, style, and content. The DOM represents a document as a tree of objects. HTML tags become nodes in the tree, and these nodes can be manipulated using JavaScript. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 91 / 761 HTML HTML Web Page Source My Page Welcome This is a paragraph. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 92 / 761 HTML DOM Representation of the HTML Web Page document html head body title h1 p text: "My Page" text: "Welcome" text: "This is a paragraph." Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 93 / 761 HTML Web Page Example Opening the HTML code in a web browser will render the following web page: Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 94 / 761 HTML Introduction to CSS CSS stands for Cascading Style Sheets. It is used to style and layout web pages — for example, to alter the font, colour, size, and spacing of your content, split it into multiple columns, or add animations and other decorative features. Here’s an example of CSS: body { font-family: Arial, sans-serif; background-color: lightblue; } h1, p { color: darkred; } Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 95 / 761 HTML HTML Web Page Source We can add the CSS with the following code: My Page Welcome This is a paragraph. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 96 / 761 HTML DOM Representation with CSS Styles document html font-family: Arial, sans-serif; head body background-color: lightblue; title h1 p color: darkred; text: "My Page" text: "Welcome" text: "This is a paragraph." color: darkred; Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 97 / 761 HTML Web Page Example Opening the HTML code in a web browser will render the following web page: Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 98 / 761 HTML HTML Element Attributes HTML elements can have attributes that provide additional information about the element. Here are some common attributes: class: Specifies one or more class names for an element. The class attribute is mostly used to point to a class in a style sheet. However, it can also be used by JavaScript to access and manipulate elements with the specific class name. id: Specifies a unique id for an element. The id attribute is used to point to a style in a style sheet, and by JavaScript (via the HTML DOM) to manipulate the element with the specific id. style: Specifies inline CSS style for an element. Note: The ‘class‘ attribute is often used with CSS to style elements with common properties. The ‘id‘ attribute is used when you need to style or manipulate a single, unique element. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 99 / 761 HTML Tailwind CSS Tailwind CSS is a utility-first CSS framework for rapidly building custom user interfaces. It provides low-level utility classes that let you build completely custom designs without ever leaving your HTML. Here’s an example of using Tailwind CSS to style a button: Shop Online In this example, the ‘class‘ attribute is filled with Tailwind’s utility classes to style the button. The classes control the button’s background color, text color, font weight, padding, and border radius. We’ll see more Tailwind throughout the course. For more details on the individual classes, you can visit the Tailwind CSS webpage. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 100 / 761 HTML Tailwind Example Here’s an example of an online store web page using HTML and Tailwind CSS: My Online Store Welcome to my online store! My Online Store You'll find a wide range of products to meet all your needs. Shop Now About Us Contact Us Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 101 / 761 HTML Tailwind Example Opening the HTML code in a web browser will render the following web page: Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 102 / 761 HTML Explanation of Tailwind CSS Classes The previous slide used several Tailwind CSS classes for styling. Here’s what each class does: bg-blue-900: Sets the background color of the body to a specific shade of blue. text-center: Centres the text. text-white: Sets the text color to white. bg-blue-700: Sets the background color of the div to a different shade of blue. p-4: Adds padding to all sides of the div. The number ‘4‘ represents the size of the padding. my-4: Adds margin to the top and bottom of the second div (y-axis). The number ‘4‘ represents the size of the margin. text-3xl: Sets the text size of the h1 element. font-bold: Makes the font weight of the h1 element and the buttons bold. underline: Underlines the h1 text. mt-4: Adds margin to the top of the p element. The number ‘4‘ represents the size of the margin. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 103 / 761 HTML JavaScript Example The following JavaScript code can be added to the ‘‘ HTML section: window.onload = function() { document.querySelector('.shop-now').addEventListener('click', function() { alert('You clicked on Shop Now!'); }); document.querySelector('.about-us').addEventListener('click', function() { alert('You clicked on About Us!'); }); document.querySelector('.contact-us').addEventListener('click', function() { alert('You clicked on Contact Us!'); }); } The following modifications must be made in the HTML code: Shop Now About Us Contact Us These modifications add unique classes to each button, which are used to select the buttons in the JavaScript code. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 104 / 761 HTML JavaScript Example This code does the following: The ‘window.onload‘ event is used to run a block of code when the page has finished loading. The ‘document.querySelector()‘ method is used to select the first element with the specified class. The ‘addEventListener()‘ method is used to attach a click event to the selected elements. When a button is clicked, an alert dialog is displayed with a message indicating which button was clicked. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 105 / 761 HTML JavaScript Example Now, clicking on a button will bring up an alert: Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 106 / 761 HTML Required Reading for Next Week Please read the following before next week’s lecture: SELinux Bill McCarty, Chapter 1. Docker in Action, Second Edition Stephen Kuenzli, Jeffrey Nickoloff, Chapters 1 and 2. All reading material is available via the university library website. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 107 / 761 Containers Containers 5 Containers Docker Containers and the Linux Kernel Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 108 / 761 Containers Required Reading for This Lecture Docker in Action, Second Edition Stephen Kuenzli, Jeffrey Nickoloff, Chapters 1 and 2. All reading material is available on the O’Reilly website, which you can use for free if you’re logged in to it via the university library website. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 109 / 761 Containers Containers In week 1, we discussed virtualisation, and saw that it brings a lot of benefits to cloud computing: Server consolidation Isolation Resource management Security However, VMs do have some drawbacks: Virtualisation is highly resource-intensive Virtual machines are slow to start VMs are actually quite tricky to create and manage, requiring a level of expertise that’s more common in system administrators than in developers. Containers are a lightweight alternative to virtual machines, which start almost instantaneously, are much less resource-intensive, and are far easier to create and manage. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 110 / 761 Containers Containers and Encapsulation Containers are designed to encapsulate an application and its dependencies, and sit on top of the kernel of a host operating system. They feel like virtual machines from the perspective of the application, but they are much more lightweight - code running “inside” a container is really just running on the host OS, and is shielded from the rest of the OS with some smoke and mirrors. The lightweight nature of containers has been a game changer for cloud computing, and they’re central to modern cloud software stacks. Popular tools for containerisation include Docker, PodMan, Kubernetes, OpenShift. We’ll see all of these in detail through the course. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 111 / 761 Containers Tech Stack for Containers Applications Applications Applications 1 2 3 Container 1 Container 2 Container 3 Linux Kernel Hardware Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 112 / 761 Containers Containers + Virtualisation Applications Applications Applications 1 2 3 Container 1 Container 2 Container 3 VM 1 VM 2 Hypervisor Hardware Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 113 / 761 Containers Docker 5 Containers Docker Containers and the Linux Kernel Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 114 / 761 Containers Docker Docker Docker is the most well-known solution for containerisation. In docker, containers are created from images, which are specified with Dockerfiles as we’ll see. For example, once docker is installed on a machine, we can pull a standard Ubuntu image: docker pull ubuntu:latest This command downloads the latest Ubuntu image from the main Docker image repository, Docker Hub. Once we have downloaded this image, we can run a container: docker run -it ubuntu:latest /bin/bash This command runs a new container and starts a bash shell with an interactive terminal. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 115 / 761 Containers Docker Dockerfile Example Dockerfiles are used to create Docker images. Here’s an example: 1 # Start from an existing base image : 2 FROM ubuntu : latest 3 4 # Add some more functionality to the image. E.g. a new program : 5 RUN echo " echo Hello , World !" > / hello - world. sh 6 7 # Set the script to be executable with ' chmod +x ': 8 RUN chmod +x / hello - world. sh 9 10 # Define the command to run when the container starts 11 CMD [" / hello - world. sh " ] 12... simple as that! Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 116 / 761 Containers Docker Running Docker In the code from the previous slide is saved in a file called Dockerfile, then executing the following the following commands from the same directory will build and run the Docker container, displaying the ’Hello, World!’ message in the terminal: 1 # Build the Docker image 2 docker build -t hello - world. 3 4 # Run the Docker container 5 docker run hello - world docker build -t hello-world. is a command to build a Docker image. The -t option is used to specify a name and optionally a tag in the ’name:tag’ format for the image. In this case, the image is being tagged with the name "hello-world". The. at the end of the command tells Docker to use the current directory as the context of the build. Docker will look for the Dockerfile in this directory to define what goes into the image. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 117 / 761 Containers Docker Dockerfile Elements Key elements of a Dockerfile are: Base image: Specifies another image upon which the new image is being built. Instructions: Define the steps to build the image, such as installing dependencies, copying files, and configuring the environment. Commands: Execute commands within the image during the build process. Exposed ports: Specify which ports should be exposed when running a container from the image. Entrypoint: Define the command that should be executed when a container is started from the image. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 118 / 761 Containers Docker Docker Layers Docker images are made up of read-only layers, each of which represents a Dockerfile instruction. Each layer specifies a set of differences from the layer before it. The layers are stacked on top of each other to form a base for a container’s file system. In the "Hello World" Dockerfile: FROM ubuntu:latest - This is the base layer. It pulls the latest version of the Ubuntu Linux image. RUN echo "echo Hello, World!" > /hello-world.sh - This layer adds a new file (hello-world.sh) to the image. RUN chmod +x /hello-world.sh - This layer modifies the permissions of hello-world.sh to make it executable. CMD ["/hello-world.sh"] - This doesn’t create a layer. It specifies the command to run when a container is started from the image. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 119 / 761 Containers Docker Docker CLI Commands 1 # Pull an image from Docker Hub 2 docker pull ubuntu : latest 3 4 # Run a container in interactive mode 5 docker run -it ubuntu / bin / bash 6 7 # List all running containers 8 docker ps 9 10 # List all containers , including stopped ones 11 docker ps -a 12 13 # Stop a running container 14 docker stop [ CONTAINER ID ] 15 16 # Remove a stopped container 17 docker rm [ CONTAINER ID ] 18 19 # Remove an image 20 docker rmi ubuntu : latest 21 Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 120 / 761 Containers Containers and the Linux Kernel 5 Containers Docker Containers and the Linux Kernel Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 121 / 761 Containers Containers and the Linux Kernel Creating Containers Containers create the illusion of separate operating systems on top of a host OS, but that isn’t actually the case. A container is really just a collection of processes that are running on the host OS. They’re isolated from other processes on the host OS with a bit of help from the Linux kernel. As we’ll see, the kernel provides isolation, resource management, and file system abstraction. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 122 / 761 Containers Containers and the Linux Kernel Use of the Linux Kernel in Containerisation The Linux kernel plays a crucial role in enabling containerisation through: Namespaces: these isolate process groups, providing each container with its own view of the system resources, such as network, processes, and mount points. Control Groups (cgroups): these manage resource allocation and usage for containers, ensuring fair resource distribution (e.g. one container can’t hog all of the memory or CPU). Union File Systems: these allow containers to share a read-only base file system while maintaining separate writable layers. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 123 / 761 Containers Containers and the Linux Kernel Namespaces Linux namespaces are a feature of the Linux kernel that isolate system resources for a collection of processes. Namespaces ensure that each set of processes sees its own isolated instance of a global resource. Types of namespaces include: PID: Isolates the process ID number space. NET: Network namespaces virtualised the network stack. MNT: Manages mount points (file systems). UTS: (UNIX time sharing) Isolates host name and domain name. IPC: Isolates inter-process communication. USER: Provides both privilege isolation and user identification segregation. Each container runs in its own set of namespaces, providing an isolated environment. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 124 / 761 Containers Containers and the Linux Kernel Control Groups (cgroups) Cgroups manage resource allocation for containers. They limit and monitor the amount of resources (CPU, memory, disk I/O, etc.) that a container can use. This ensures that no single container can monopolise system resources and impact other containers. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 125 / 761 Containers Containers and the Linux Kernel Union File Systems Container Orchestration Union File Systems provide a layered file system. They allow containers to share a read-only base file system, while maintaining separate writable layers for each container. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 126 / 761 Security Security 6 Security Vulnerabilities and the Zero-Day Problem Host Defences SELinux Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 127 / 761 Security Required Reading This lecture closely follows: SELinux Bill McCarty, Chapter 1. All reading material is available on the O’Reilly website, which you can use for free if you’re logged in to it via the university library website. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 128 / 761 Security Vulnerabilities and the Zero-Day Problem 6 Security Vulnerabilities and the Zero-Day Problem Host Defences SELinux Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 129 / 761 Security Vulnerabilities and the Zero-Day Problem The Inherent Insecurity of Computers Absolute security in computing systems is unattainable. The complexity of modern computing systems inherently introduces vulnerabilities, including software and hardware flaws and human error. E.g. Meltdown, Spectre, WannaCry... The ever-present potential for new vulnerabilities and attack vectors means that complete security is likely unachievable. A full treatment of computer security is outside the scope of this course, but we will cover some of the most important concepts today, and further material as we go through the course. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 130 / 761 Security Vulnerabilities and the Zero-Day Problem The Patch Cycle and the Zero-Day Problem When software vulnerabilities are discovered, vendors release patches to fix them. The patch cycle involves discovering a vulnerability, preparing and publishing a patch, and users installing the patch. Security researchers often publish vulnerabilities to force vendors to fix their products, sometimes after privately notifying the vendor. Patching promptly is important, and helps to protect against known vulnerabilities. However, a fully patched computer still remains vulnerable to attacks which are known to hackers but have not yet been identified by software vendors and/or not patched. The interval between the publication of a vulnerability and the availability of a patch is a time of high vulnerability, with vendors racing to produce patches and attackers racing to produce exploits. Zero-day vulnerabilities, for which no patch is available, can be exploited in potent attacks, even against systems that are up-to-date with all vendor patches. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 131 / 761 Security Host Defences 6 Security Vulnerabilities and the Zero-Day Problem Host Defences SELinux Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 132 / 761 Security Host Defences Host Defences So, how can we defend computers against zero-day attacks? We often can’t prevent zero-day attacks, but we can limit the damage they can do. This can be done by using host defences, as we’ll see... Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 133 / 761 Security Host Defences The Principle of Least Privilege The Principle of Least Privilege (PoLP) is an important concept in computer security, and it’s very important for reducing the impact of zero-day attacks. It states that a user should be given the minimum levels of access necessary to complete his/her job functions. It can help to minimise the damage if an account is compromised, as the attacker would have limited access. It can be applied to different areas such as user rights, network connections, and data access. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 134 / 761 Security Host Defences Privilege Escalation Operating systems typically provide multiple levels of authorisation to restrict operations that programs or users can perform. Operating systems typically have two primary levels of authorisation: one for ordinary users and one for the system administrator. In Linux, we have root and none-root users. An attacker who compromises a program only gains the privileges of the compromised program, meaning that non-root users are less dangerous to the system. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 135 / 761 Security Host Defences Sandboxes Sandboxing involves running programs within contexts called sandboxes that limit their capabilities. It generally doesn’t prevent the exploitation of a zero-day vulnerability. However, an attacker who successfully exploits an zero-day vulnerability in a sandboxed program gains access to only the capabilities afforded by the sandbox. Sandboxes can be attacked by hackers, and can sometimes be escaped from. One very popular form of sandboxing in Linux is called SELinux (or Security-Enhanced Linux). It used a concept called Mandatory Access Control (MAC) to limit the capabilities of programs. We’ll look at SELinux in more detail later, but first we’ll look at the default form of access control in Linux, called Discretionary Access Control (DAC). Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 136 / 761 Security Host Defences Discretionary Access Control Linux employs discretionary access control (DAC), where a program runs with the permissions of the user executing it. For example, if a user executes a program, it can perform any operation that the user is permitted to perform. This can lead to security risks if a program is exploited to access or modify sensitive files. Under discretionary access control, a compromised program jeopardises every object to which the executing user has access. The risk is particularly great for programs that run as the root user, as they have unrestricted access to system files and objects. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 137 / 761 Security Host Defences Discretionary Access Control in Linux ’ls -l’: This command displays the permissions of files and directories. For example, ls -l myfile.txt will display the permissions for myfile.txt. chmod: This command changes the permissions of a file or directory. For example, chmod 755 myfile.txt will set the permissions of myfile.txt to read, write, and execute for the owner, and read and execute for the group and others (the 755 code is explained in the next slide). sudo: This command allows a user to execute a command as the superuser (a.k.a. root user) or another user. For example, sudo chmod 755 myfile.txt will change the permissions of myfile.txt as the superuser. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 138 / 761 Security Host Defences Linux Permissions In Linux systems, file permissions are represented as a three-digit number, such as 755 from the previous slide. Each digit represents the permissions for the owner, the owner’s group, and others, respectively. The number is calculated using a binary system: read (r) is 4, write (w) is 2, and execute (x) is 1. Therefore, 755 represents the permissions rwxr-xr-x: 7 (rwx): The owner has read, write, and execute permissions. 5 (r-x): The group has read and execute permissions, but not write permissions. 5 (r-x): Others have read and execute permissions, but not write permissions. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 139 / 761 Security Host Defences Mandatory Access Control (MAC) MAC is a type of access control in which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target. In MAC, users do not have much control over the access control of their files. Instead, only the administrator sets the policy of who can access which files. In Red Hat Enterprise Linux, MAC is achieved with a solution called SELinux. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 140 / 761 Security SELinux 6 Security Vulnerabilities and the Zero-Day Problem Host Defences SELinux Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 141 / 761 Security SELinux Introduction to SELinux SELinux (Security-Enhanced Linux) is a security framework implemented in the Linux kernel. Developed by the National Security Agency (NSA) and released as open-source. It provides mandatory access control. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 142 / 761 Security SELinux SELinux Modes SELinux can operate in three modes: enforcing, permissive, and disabled. In enforcing mode, SELinux policies are enforced and access violations are logged. In permissive mode, SELinux policies are not enforced, but access violations are logged. In disabled mode, SELinux is disabled and no access violations are logged. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 143 / 761 Security SELinux Labelling in SELinux SELinux is a labelling system. Every process has a label, and every file/directory object in the operating system has a label. Network ports, devices, and potentially host names also have labels assigned to them. Rules are written to control the access of a process label to an object label, known as policy. The kernel enforces these rules. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 144 / 761 Security SELinux SELinux Examples We’ll now see some examples of how SELinux works, from the SELinux Colouring Book. Written by Dan Walsh, with cartoons by Máirín Duffy. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 145 / 761 Security SELinux Type Enforcement and Process Types The primary model of enforcement in SELinux is known as type enforcement. This involves assigning a label to a process based on its type, and similarly, assigning a label to a file system object (for example) based on its type. Consider a system where types are defined on objects such as cats and dogs. In this scenario, a cat and a dog would be considered as process types. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 146 / 761 Security SELinux Enforcement Example: Various Foods We have a class of objects that the processes want to interact with, which we refer to as food. We want to add types to the food, specifically cat_chow and dog_chow. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 147 / 761 Security SELinux Enforcement Example: Policy An SELinux policy states that a dog has permission to eat dog_chow and a cat has permission to eat cat_chow. allow cat cat_chow : f ood eat; allow dog dog_chow : f ood eat; Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 148 / 761 Security SELinux Enforcement Example: Eating With these rules, the kernel would allow the cat process to eat food labelled cat_chow and the dog to eat food labelled dog_chow. Figure: Eat Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 149 / 761 Security SELinux Enforcement Example: Prevention I In an SELinux system, everything is denied by default. This means that if the dog process tried to eat the cat_chow, the kernel would prevent it. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 150 / 761 Security SELinux Enforcement Example: Prevention II Likewise, cats would not be allowed to touch dog food. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 151 / 761 Security SELinux Multi-Category Security ( MCS ) Enforcement Above, we mentioned the dog process and cat process, but what happens if you have multiple dog processes, like Fido and Spot? In this scenario, you want to prevent Fido from eating Spot’s dog_chow. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 152 / 761 Security SELinux Enforcement Example: New Labels One solution to prevent Fido from eating Spot’s food would be to create lots of new types, like Fido_dog and Fido_dog_chow. However, this approach can quickly become unruly as all dogs have similar permissions. Instead, Multi Category Security (MCS) is used. In MCS, we add another section to the label that can be applied to the dog process and dog_chow food. We label the dog process as dog:random1 (Fido) and dog:random2 (Spot). Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 153 / 761 Security SELinux Enforcement Example: Food Labels We label the dog chow as dog_chow:random1 (Fido) and dog_chow:random2 (Spot). Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 154 / 761 Security SELinux Enforcement Example: Type Enforcement MCS rules state that if the type enforcement rules are satisfied and the random MCS labels match exactly, then the access is allowed. Otherwise, it is denied. In this case, Fido (dog:random1) attempting to eat cat_chow:food is denied by type enforcement. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 155 / 761 Security SELinux Enforcement Example: Allowed Actions Fido (dog:random1) is allowed to eat dog_chow:random1. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 156 / 761 Security SELinux Enforcement Example: Denied Actions Fido (dog:random1) is denied to eat Spot’s food (dog_chow:random2). Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 157 / 761 Security SELinux Multi Level Security (MLS) Enforcement Multi Level Security (MLS) is another security measure provided by SELinux. The key concept is controlling processes based on the data level they will be using. For instance, a process with a ’secret’ clearance level cannot access ’top-secret’ data. Instead of distinguishing between different dogs, we now differentiate between breeds, such as a Greyhound and a Chihuahua. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 158 / 761 Security SELinux Labelling in Multi Level Security (MLS) In the context of MLS, we can label the Greyhound as dog:Greyhound and its food as dog_chow:Greyhound. Similarly, the Chihuahua can be labelled as dog:Chihuahua and its food as dog_chow:Chihuahua. This labelling helps in enforcing the security policies, ensuring that each dog can only access its own food. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 159 / 761 Security SELinux MLS Policy in Action Under the MLS policy, the dog:Greyhound label dominates the dog:Chihuahua label. This means a process with the dog:Greyhound label is allowed to access both dog_chow:Greyhound and dog_chow:Chihuahua. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 160 / 761 Security SELinux MLS Policy in Action However, under the MLS policy, a process with the dog:Chihuahua label is not allowed to access dog_chow:Greyhound. This is because the dog:Greyhound label dominates the dog:Chihuahua label, and not the other way around. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 161 / 761 Security SELinux MLS and Type Enforcement Despite the MLS policy, dog:Greyhound and dog:Chihuahua are still prevented from accessing cat_chow:Siamese due to type enforcement. This is true even if the MLS type Greyhound dominates Siamese. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 162 / 761 Security SELinux Required Reading for Next Week Please make sure to read the following before next week’s lab: Ansible: Up and Running, 3rd Edition Bas Meijer, Lorin Hochstein, René Moser, Chapters 1 and 3 Please also read this before next week’s lecture: Networking and Kubernetes James Strong, Vallery Lancey, Chapter 1 All reading material is available via the university library website. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 163 / 761 Ansible I Ansible I 7 Ansible I Inventory Playbooks YAML Playbook Structure Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 164 / 761 Ansible I Required Reading for This Lecture Ansible: Up and Running, 3rd Edition Bas Meijer, Lorin Hochstein, René Moser, Chapters 1 and 3. All reading material is available on the university library website. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 165 / 761 Ansible I Introduction In this lecture we’ll look at one way to make use of the enormous computational resources available on the cloud. We’ll see an approach called configuration as code, which allows you to configure large numbers of servers by writing code to specify their desired final state. As well as servers, it also works with other types of computing resources, such as storage and networking. We’ll use a very popular, cutting-edge tool called Ansible. In later lectures, we’ll use Ansible to deploy large-scale computing platforms, such as Kubernetes. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 166 / 761 Ansible I Playbooks and Idempotency In Ansible, we specify the desired state of a system in a playbook. Playbooks are written in a simple, human-readable format called YAML. One of the nice features of Ansible is that it’s idempotent, meaning that it will only make changes when necessary: If you run the same playbook multiple times, Ansible will ensure that the system remains in the desired state. If the system is already in the desired state, Ansible will not make any changes. This is a key feature of Ansible. It allows you to safely re-run your playbooks without worrying about unintended side effects. For example, if a playbook installs a package and you run the playbook again, Ansible will not attempt to install the package again. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 167 / 761 Ansible I Inventory 7 Ansible I Inventory Playbooks YAML Playbook Structure Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 168 / 761 Ansible I Inventory Inventory Files Before using Ansible, you need to define the hosts upon which it is expected to operate. This is done in an inventory file. Inventory files can be specified in YAML or INI format (as we’ll see) Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 169 / 761 Ansible I Inventory YAML Inventory File Example Here’s an example of an inventory file in YAML format (see section 3 for more on YAML): --- leafs: hosts: leaf01: ansible_host: 10.16.10.11 leaf02: ansible_host: 10.16.10.12 spines: hosts: spine01: ansible_host: 10.16.10.13 spine02: ansible_host: 10.16.10.14... Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 170 / 761 Ansible I Inventory YAML Inventory File Example From the YAML file on the previous slide: leafs and spines: These lines define two groups of hosts, ‘leafs‘ and ‘spines‘. Once you specify a group, you can refer to it in your playbooks. hosts: This line starts the list of hosts for each group. leaf01, leaf02, spine01, spine02: These lines define the hosts in each group. ansible_host: 10.16.10.11, etc.: These lines specify the IP addresses of the hosts. (See the networking lecture for more on IP addresses.) Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 171 / 761 Ansible I Inventory INI Inventory File Example Here’s an example of an inventory file in INI format, taken from lab 2: [local] localhost ansible_connection=local [local] defines a group named ‘local‘. localhost ansible_connection=local defines a host named ‘localhost‘ in the ‘local‘ group and sets the ‘ansible_connection‘ variable to ‘local‘ for this host, so that Ansible knows to find it on the local machine rather than looking on the network. The equivalent in YAML format is: --- local: hosts: localhost: ansible_connection: local... Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 172 / 761 Ansible I Inventory Ansible Command Line Tool Once you have an inventory file, you can use the ansible command line tool to run commands on the hosts in the inventory. From lab 2: ansible -i hosts.ini local -m ping This command pings the hosts in the ‘local‘ group in the inventory file, giving the result: localhost | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "ping": "pong" } The -m option specifies the Ansible module to use, in this case the ping module, which simply checks that the hosts are reachable. Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 173 / 761 Ansible I Playbooks 7 Ansible I Inventory Playbooks YAML Playbook Structure Dom Richards (University of Liverpool ) Cloud Computing for E-Commerce May 10, 2024 174 / 761 Ansible I Playbooks Playbooks Playbooks allow you to describe more complicated configurations than can be done with the ansible command line tool. They are text files written in YAML format. Here’s a playbook from lab 2, which is named ping-playbook.yml: --- - name: Ping all hosts hosts: all tasks: - name: Check connectivity ping: loop
