Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Aptible Update Webinar Series - October 2016

7ee78ba49eaf26113318ac3597887cc5?s=47 Aptible
October 26, 2016

Aptible Update Webinar Series - October 2016

View the recording at: https://youtu.be/SIV0uPnz7i4

The Aptible Update Webinar Series is a quarterly presentation that covers recent features and changes to the Enclave deployment platform and Gridiron security management products.

The Aptible Update Webinar Series is a quarterly presentation that covers recent features and changes to the Enclave deployment platform and Gridiron security management products. These webinars feature technical sessions led by Aptible engineers, live demonstrations, customer examples, and Q&A with the Aptible team.

This Aptible Update Webinar is Enclave-focused and covers:

- Deploying from private Docker registries
- On-demand database backups
- Two-factor authentication
- Container metrics
- `aptible logs`
- HTTP health checks
- ALB endpoints
- Advanced memory management

7ee78ba49eaf26113318ac3597887cc5?s=128

Aptible

October 26, 2016
Tweet

Transcript

  1. Ap#ble'Update'Webinar October(2016 Please&wait&for&the&webinar&to&begin...

  2. Ap#ble'Update'Webinar October(2016

  3. Agenda CTO$intro Enclave(engineers(present(features General'Q&A

  4. "Introducing",Enclave

  5. Topics Private(Docker(Repositories Pla$orm(Upgrades New$Security$Features

  6. We#want#to#hear#from#you! Some%of%the%changes%we'll%review%here%are%just%now%being%released,% but%others%have%been%out%for%a%few%months%already. If#you're#already#familiar#with#a#given#feature,#this#webinar#is#a# good#8me#to#ask#any#ques8ons#you#might#have!

  7. Deployments: Private(Repositories You$can$now$deploy$Ap/ble$apps$from$private$images$hosted$on$ Docker$Hub,$Quay.io,$and$other$private$registries! This%feature%is%supported%for%all%v2%stacks.

  8. Private(Repositories $ mkdir example-docker-app $ cd example-docker-app && git init

    . $ aptible apps:create example-docker-app --environment my-env > App example-docker-app created! > Git remote: git@beta.aptible.com:my-env/example-docker-app.git $ aptible config:set APTIBLE_PRIVATE_REGISTRY_HOST=[registry host] \ APTIBLE_DOCKER_IMAGE=[image name] \ APTIBLE_PRIVATE_REGISTRY_USERNAME=[username] \ APTIBLE_PRIVATE_REGISTRY_PASSWORD=[password] $ echo "web: bundle exec rails s" > Procfile $ git add Procfile && commit -m "test docker pull" $ git remote add aptible git@beta.aptible.com:my-env/example-docker-app.git $ git push aptible master
  9. Private(Repositories:(Q&A

  10. Pla$orm(Upgrades Reliability Introspec*on Control

  11. >"Reliability"< Introspec*on Control

  12. Reliability: Memory'Management

  13. What%is%memory%management? Currently,*Ap-ble*does*not*enforce*memory*limits*on*containers. This%means%one$misbehaved$app$can$starve$other$apps$for$ resources. Memory'management'solves'this'problem!by!restar)ng!containers! that!exceed!their!memory!alloca)on,!automa4cally'and'gracefully.

  14. Why$should$you$care? You$win$on$two$fronts Misbehaved*apps*are*automa&cally*restarted,*so*they*can*limp*along. Well$behaved*apps*are*no*longer'starved'for'resources. Bo#om%line:%it's%no%longer%the%end%of%the%world%if%one%of%your%apps% poorly%manages%memory!!

  15. How$it$works Restarts'happen'in,place Memory'management'restarts&containers&in+place:&it&does&not&run&aptible restart'on'your'app.' Specifically,'it'sends'a'SIGTERM'to'all'processes'in'your'container'(and'a'SIGKILL'if'they'don't'exit). Log$Drains$are$no,fied$when$a$container$is$restarted: 2016-10-24T10:33:18.381Z [hog-hog 3b8186a7d05b]: hog:

    hog up to 2147483648 bytes over 300 second(s) with 6 checkpoint(s) 2016-10-24T10:33:18.381Z [hog-hog 3b8186a7d05b]: hog: start 2016-10-24T10:33:18.832Z [hog-hog 3b8186a7d05b - aptible]: container has started 2016-10-24T10:33:18.381Z [hog-hog 3b8186a7d05b]: hog: checkpoint 0: 0 bytes 2016-10-24T10:34:05.396Z [hog-hog 3b8186a7d05b]: hog: checkpoint 1: 335544320 bytes 2016-10-24T10:34:52.416Z [hog-hog 3b8186a7d05b]: hog: checkpoint 2: 671088640 bytes 2016-10-24T10:35:39.456Z [hog-hog 3b8186a7d05b]: hog: checkpoint 3: 1006632960 bytes 2016-10-24T10:35:48.875Z [hog-hog 3b8186a7d05b]: hog: exit: SIGTERM 2016-10-24T10:35:48.873Z [hog-hog 3b8186a7d05b - aptible]: container exceeded its memory allocation 2016-10-24T10:35:48.874Z [hog-hog 3b8186a7d05b - aptible]: container is restarting: 2016-10-24T10:35:48.875Z [hog-hog 3b8186a7d05b - aptible]: PID PPID VSZ RSS STAT COMMAND 2016-10-24T10:35:48.875Z [hog-hog 3b8186a7d05b - aptible]: 1180 1164 736 4 S /sbin/tini -- hog 2016-10-24T10:35:48.875Z [hog-hog 3b8186a7d05b - aptible]: 1213 1180 1049220 1048732 D hog 2016-10-24T10:35:48.994Z [hog-hog 3b8186a7d05b - aptible]: container has exited 2016-10-24T10:35:49.997Z [hog-hog 3b8186a7d05b - aptible]: container has started 2016-10-24T10:35:49.565Z [hog-hog 3b8186a7d05b]: hog: hog up to 2147483648 bytes over 300 second(s) with 32 checkpoint(s) 2016-10-24T10:35:49.565Z [hog-hog 3b8186a7d05b]: hog: start
  16. Test%your%app%for%compa/bility You$can$use$the$CLI$to$simulate$a$restart$to$test$that$your$app$ reacts$properly$with$aptible restart --simulate-oom. Review&the&compa.bility&checklist:&goo.gl/7mKwE8

  17. Memory'Management:'Next'steps • Already)enabled)on)shared)stacks • Currently)opt$in'on'produc,on'stacks)(will)be)mandatory) Contact'support'to'opt,in

  18. Memory'Management:'Q&A

  19. Reliability: ALB$Endpoints

  20. What%are%ALB%Endpoints? Ap#ble'currently'uses'ELBs'for'Endpoints. Inherent'to'how'ELBs'and'Ap2ble'work,'we#occasionally#see#a#few# seconds#of#app#down/me#when#upda/ng#an#ELB. This%problem%used%to%prac2cally%never%happen,%but%has$become$ more$prevalent$over$the$past$few$months. ALB$Endpoints$use$AWS'$next3genera7on$load$balancers,$ALBs,$and$ don't&have&this&problem&at&all.

  21. ALBs%vs%ELBs:%Key%differences Connec&on'draining. No#HTTPS#customiza0on!(except!FORCE_SSL): • Passes&SSL&Labs'&test&with&A+,&PFS&on&all&modern&browsers... • ...&but&does&not&support&Windows&XP. DNS$level(failover(to(serve%your%maintenance%page%even%if%all%app% instances%are%down((no(more("connec4on(closed"(errors).

  22. ALBs%vs%ELBs:%Future%plans S"cky&sessions!are!on!the!roadmap!for!ALB&Endpoints. No#further#development#an1cipated#on#ELB#Endpoints,"except"to" support"TCP"Endpoints.

  23. ALBs:&Next&steps • ALBs&will&soon&become&the&default&for&new$Endpoints. • Upgrading&an&exis-ng$Endpoint&to&an&ALB&is&a&zero1down-me& opera;on. All#users#are#encouraged#to#upgrade#as#soon#as#possible. Contact'support'to'schedule'your'upgrade.

  24. ALB$Endpoints$Q&A

  25. Reliability: HTTP$Health$Checks

  26. What%are%HTTP%Health%Checks? Ap#ble'used'to'perform'TCP'Health'Checks'for'Endpoints. If#an#instance(hos+ng(your(app(died,#TCP#Health#Checks#would# route#traffic#away#from#it. But,%if#an#app#container#died,%TCP%Health%Checks%would%not%detect% it. HTTP$Health$Checks$ensure$we$route$traffic$away$from$dead$ apps,$regardless$of$the$cause.

  27. No#ac&on#needed HTTP$Health$Checks$are$automa&cally*enabled$when$you$release$ your$app$(deploy,$restart,$scale). They're'already'ac,ve'if'you'released'a3er'October(14th. No#app&level#changes#are#needed!on!your!end!(but!we're!sorry!if! this!generated!unexpected!logs!for!you!).

  28. HTTP$Health$Checks:$Future$plans Currently,*we*don't*care*at*all*about*how*your*app*responds*to* health*checks. In#the#future,#we'd#like#to#let#you#opt$in#to#having#Ap8ble#require#a# successful#response.

  29. Reminder: If#your#app#is#scaled#to#one#container,#HTTP# Health#Checks#can't#help#you!

  30. HTTP$Health$Checks$Q&A

  31. Reliability >"Introspec,on"< Control

  32. Introspec*on: Ap#ble'Logs'v2 Ap#ble'logs'was'historically'deprecated'when'we'migrated'to' Ap#ble'v2,'but'it's%back%now! Behind'the'scenes,'aptible logs'provisions'a'managed'Log' Drain'that'buffers'and'streams'your'logs. Use$it$for$debugging$or$live$troubleshoo2ng.$Don't$use$it$for$long6 term$reten2on.

  33. Introspec*on: Pla$orm(Events We've%started%relaying%pla1orm%events%to%your%Log%Drains. Currently,*only*memory&management&emits&lifecycle&events: • Container*started • Container*exceeded*its*memory*alloca2on*/*is*restarted • Container*exited

  34. Introspec*on: Container)Metrics

  35. What%are%container%metrics? Metrics(are(available(in#your#Dashboard(for(Apps(and(Databases. You$can$look$back$one$hour$and$one$day,$and$iden%fy(poten%al( performance(bo2lenecks. They're'also'useful'for'Ap0ble'opera0ons'to'quickly'iden0fy'issues' with'your'apps.

  36. Memory

  37. Load%Average

  38. Disk%I/O%(databases)

  39. Disk%Usage%(databases)

  40. Container)Metrics)Q&A

  41. Reliability Introspec*on >"Control"<

  42. Control: On#Demand)Database)Backup)and) Restore

  43. Backup'a'database'via'the'CLI You$can$use$the$CLI$to$create&a&new&database&backup$at$any$0me: $ aptible db:backup "$DATABASE_HANDLE" Be#careful:#running#mul$ple'backups'at'the'same'$me'can'hurt' performance.

  44. Restore'via'the'CLI You$can$also$restore&a&backup$to$a&new&database$via$the$CLI: $ aptible backup:restore "$BACKUP_ID" You$can$get$the$Backup$ID$via$the$CLI,$or$via$the$Dashboard.$It$ doesn't$ma=er$whether$the$backup$was$automated$or$manual.

  45. Database'Backup'and'Restore'Q&A

  46. Security)Roundup 2"Factor)Authen/ca/on Managed'HTTPS

  47. Security: 2"Factor)Authen/ca/on 2FA$is$now$available$on$Ap0ble. When%enabling%2FA,%make%sure%to%safely%store%your%recovery% codes,%these%will%help%you%regain%access%to%your%account%if%you%lose% your%2FA%device.

  48. Security: Managed'HTTPS Managed'HTTPS'is'a'feature'built'on'Let's'Encrypt'that'lets'you' automa=cally'provision'and'renew'cer=ficates'for'your'Endpoints. It's%SSL%without%the%headaches.%Over%10%%of%Endpoints%on%Ap3ble% are%already%using%Managed%HTTPS!

  49. Security:*Q&A

  50. Follow%the%Ap+ble% Blog! www.ap%ble.com/blog