Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Aptible Update Webinar Series - October 2016

Aptible
October 26, 2016
Technology
0
140

Aptible Update Webinar Series - October 2016

View the recording at: https://youtu.be/SIV0uPnz7i4

The Aptible Update Webinar Series is a quarterly presentation that covers recent features and changes to the Enclave deployment platform and Gridiron security management products.

The Aptible Update Webinar Series is a quarterly presentation that covers recent features and changes to the Enclave deployment platform and Gridiron security management products. These webinars feature technical sessions led by Aptible engineers, live demonstrations, customer examples, and Q&A with the Aptible team.

This Aptible Update Webinar is Enclave-focused and covers:

- Deploying from private Docker registries
- On-demand database backups
- Two-factor authentication
- Container metrics
- `aptible logs`
- HTTP health checks
- ALB endpoints
- Advanced memory management

Aptible

October 26, 2016
Tweet

More Decks by Aptible

See All by Aptible
GDPR: Practical Advice for SaaS Companies
aptible
0
110
Aptible Update Webinar - January 2018
aptible
0
140
Mitigation: Layers of Isolation
aptible
0
2.5k
Remediation: Timeline
aptible
0
2.5k
Aptible Update Webinar - October 2017
aptible
0
52
Aptible Update Webinar - July 2017
aptible
0
67
Aptible Update Webinar Series - April 2017
aptible
0
100
Aptible Update Webinar Series - January 2017
aptible
0
130
Getting Started with ResearchKit
aptible
1
340

Other Decks in Technology

See All in Technology
KubeConにproposalを送りたい人へのアドバイス
sat
PRO
2
200
JAWS-UG Bedrock Claude Night
yamahiro
3
520
web-application-security
matsuihidetoshi
0
120
レガシーをぶっ壊せ。AEONで始めるDevRelの話 / Qiita Night 2024-2-22
aeonpeople
3
1.2k
Meta Quest 3 で動く桜マシマシ WebXR アプリを IBM Cloud Code Engine と Babylon.js で作った話
1ftseabass
PRO
0
120
オーナーシップを持つ領域を明確にする
konifar
13
3.1k
Vertex AI を中心に 生成AIのアップデートを共有します
kaz1437
0
280
Cracking the KubeCon CfP
inductor
2
210
Hands-on Gemini, the Google DeepMind LLM
meteatamel
1
110
コンテナセキュリティの基本と脅威への対策
kyohmizu
3
750
DevOpsDays History and my DevOps story
kawaguti
PRO
9
2.4k
ワールドカフェI /チューターを改良する / World Café I and Improving the Tutors
ks91
PRO
0
110

Featured

See All Featured
Scaling GitHub
holman
457
140k
Writing Fast Ruby
sferik
620
60k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
16
1.4k
Designing on Purpose - Digital PM Summit 2013
jponch
110
6.5k
Building Flexible Design Systems
yeseniaperezcruz
318
37k
What's in a price? How to price your products and services
michaelherold
237
11k
Creatively Recalculating Your Daily Design Routine
revolveconf
209
11k
Reflections from 52 weeks, 52 projects
jeffersonlam
344
19k
Git: the NoSQL Database
bkeepers
PRO
422
63k
Adopting Sorbet at Scale
ufuk
67
8.6k
Raft: Consensus for Rubyists
vanstee
132
6.3k
Build your cross-platform service in a week with App Engine
jlugia
225
17k

Transcript

  1. Ap#ble'Update'Webinar October(2016 Please&wait&for&the&webinar&to&begin...

  2. Ap#ble'Update'Webinar October(2016

  3. Agenda CTO$intro Enclave(engineers(present(features General'Q&A

  4. "Introducing",Enclave

  5. Topics Private(Docker(Repositories Pla$orm(Upgrades New$Security$Features

  6. We#want#to#hear#from#you! Some%of%the%changes%we'll%review%here%are%just%now%being%released,% but%others%have%been%out%for%a%few%months%already. If#you're#already#familiar#with#a#given#feature,#this#webinar#is#a# good#8me#to#ask#any#ques8ons#you#might#have!

  7. Deployments: Private(Repositories You$can$now$deploy$Ap/ble$apps$from$private$images$hosted$on$ Docker$Hub,$Quay.io,$and$other$private$registries! This%feature%is%supported%for%all%v2%stacks.

  8. Private(Repositories $ mkdir example-docker-app $ cd example-docker-app && git init

    . $ aptible apps:create example-docker-app --environment my-env > App example-docker-app created! > Git remote: [email protected]:my-env/example-docker-app.git $ aptible config:set APTIBLE_PRIVATE_REGISTRY_HOST=[registry host] \ APTIBLE_DOCKER_IMAGE=[image name] \ APTIBLE_PRIVATE_REGISTRY_USERNAME=[username] \ APTIBLE_PRIVATE_REGISTRY_PASSWORD=[password] $ echo "web: bundle exec rails s" > Procfile $ git add Procfile && commit -m "test docker pull" $ git remote add aptible [email protected]:my-env/example-docker-app.git $ git push aptible master

  9. Private(Repositories:(Q&A

  10. Pla$orm(Upgrades Reliability Introspec*on Control

  11. >"Reliability"< Introspec*on Control

  12. Reliability: Memory'Management

  13. What%is%memory%management? Currently,*Ap-ble*does*not*enforce*memory*limits*on*containers. This%means%one$misbehaved$app$can$starve$other$apps$for$ resources. Memory'management'solves'this'problem!by!restar)ng!containers! that!exceed!their!memory!alloca)on,!automa4cally'and'gracefully.

  14. Why$should$you$care? You$win$on$two$fronts Misbehaved*apps*are*automa&cally*restarted,*so*they*can*limp*along. Well$behaved*apps*are*no*longer'starved'for'resources. Bo#om%line:%it's%no%longer%the%end%of%the%world%if%one%of%your%apps% poorly%manages%memory!!

  15. How$it$works Restarts'happen'in,place Memory'management'restarts&containers&in+place:&it&does&not&run&aptible restart'on'your'app.' Specifically,'it'sends'a'SIGTERM'to'all'processes'in'your'container'(and'a'SIGKILL'if'they'don't'exit). Log$Drains$are$no,fied$when$a$container$is$restarted: 2016-10-24T10:33:18.381Z [hog-hog 3b8186a7d05b]: hog:

    hog up to 2147483648 bytes over 300 second(s) with 6 checkpoint(s) 2016-10-24T10:33:18.381Z [hog-hog 3b8186a7d05b]: hog: start 2016-10-24T10:33:18.832Z [hog-hog 3b8186a7d05b - aptible]: container has started 2016-10-24T10:33:18.381Z [hog-hog 3b8186a7d05b]: hog: checkpoint 0: 0 bytes 2016-10-24T10:34:05.396Z [hog-hog 3b8186a7d05b]: hog: checkpoint 1: 335544320 bytes 2016-10-24T10:34:52.416Z [hog-hog 3b8186a7d05b]: hog: checkpoint 2: 671088640 bytes 2016-10-24T10:35:39.456Z [hog-hog 3b8186a7d05b]: hog: checkpoint 3: 1006632960 bytes 2016-10-24T10:35:48.875Z [hog-hog 3b8186a7d05b]: hog: exit: SIGTERM 2016-10-24T10:35:48.873Z [hog-hog 3b8186a7d05b - aptible]: container exceeded its memory allocation 2016-10-24T10:35:48.874Z [hog-hog 3b8186a7d05b - aptible]: container is restarting: 2016-10-24T10:35:48.875Z [hog-hog 3b8186a7d05b - aptible]: PID PPID VSZ RSS STAT COMMAND 2016-10-24T10:35:48.875Z [hog-hog 3b8186a7d05b - aptible]: 1180 1164 736 4 S /sbin/tini -- hog 2016-10-24T10:35:48.875Z [hog-hog 3b8186a7d05b - aptible]: 1213 1180 1049220 1048732 D hog 2016-10-24T10:35:48.994Z [hog-hog 3b8186a7d05b - aptible]: container has exited 2016-10-24T10:35:49.997Z [hog-hog 3b8186a7d05b - aptible]: container has started 2016-10-24T10:35:49.565Z [hog-hog 3b8186a7d05b]: hog: hog up to 2147483648 bytes over 300 second(s) with 32 checkpoint(s) 2016-10-24T10:35:49.565Z [hog-hog 3b8186a7d05b]: hog: start

  16. Test%your%app%for%compa/bility You$can$use$the$CLI$to$simulate$a$restart$to$test$that$your$app$ reacts$properly$with$aptible restart --simulate-oom. Review&the&compa.bility&checklist:&goo.gl/7mKwE8

  17. Memory'Management:'Next'steps • Already)enabled)on)shared)stacks • Currently)opt$in'on'produc,on'stacks)(will)be)mandatory) Contact'support'to'opt,in

  18. Memory'Management:'Q&A

  19. Reliability: ALB$Endpoints

  20. What%are%ALB%Endpoints? Ap#ble'currently'uses'ELBs'for'Endpoints. Inherent'to'how'ELBs'and'Ap2ble'work,'we#occasionally#see#a#few# seconds#of#app#down/me#when#upda/ng#an#ELB. This%problem%used%to%prac2cally%never%happen,%but%has$become$ more$prevalent$over$the$past$few$months. ALB$Endpoints$use$AWS'$next3genera7on$load$balancers,$ALBs,$and$ don't&have&this&problem&at&all.

  21. ALBs%vs%ELBs:%Key%differences Connec&on'draining. No#HTTPS#customiza0on!(except!FORCE_SSL): • Passes&SSL&Labs'&test&with&A+,&PFS&on&all&modern&browsers... • ...&but&does&not&support&Windows&XP. DNS$level(failover(to(serve%your%maintenance%page%even%if%all%app% instances%are%down((no(more("connec4on(closed"(errors).

  22. ALBs%vs%ELBs:%Future%plans S"cky&sessions!are!on!the!roadmap!for!ALB&Endpoints. No#further#development#an1cipated#on#ELB#Endpoints,"except"to" support"TCP"Endpoints.

  23. ALBs:&Next&steps • ALBs&will&soon&become&the&default&for&new$Endpoints. • Upgrading&an&exis-ng$Endpoint&to&an&ALB&is&a&zero1down-me& opera;on. All#users#are#encouraged#to#upgrade#as#soon#as#possible. Contact'support'to'schedule'your'upgrade.

  24. ALB$Endpoints$Q&A

  25. Reliability: HTTP$Health$Checks

  26. What%are%HTTP%Health%Checks? Ap#ble'used'to'perform'TCP'Health'Checks'for'Endpoints. If#an#instance(hos+ng(your(app(died,#TCP#Health#Checks#would# route#traffic#away#from#it. But,%if#an#app#container#died,%TCP%Health%Checks%would%not%detect% it. HTTP$Health$Checks$ensure$we$route$traffic$away$from$dead$ apps,$regardless$of$the$cause.

  27. No#ac&on#needed HTTP$Health$Checks$are$automa&cally*enabled$when$you$release$ your$app$(deploy,$restart,$scale). They're'already'ac,ve'if'you'released'a3er'October(14th. No#app&level#changes#are#needed!on!your!end!(but!we're!sorry!if! this!generated!unexpected!logs!for!you!).

  28. HTTP$Health$Checks:$Future$plans Currently,*we*don't*care*at*all*about*how*your*app*responds*to* health*checks. In#the#future,#we'd#like#to#let#you#opt$in#to#having#Ap8ble#require#a# successful#response.

  29. Reminder: If#your#app#is#scaled#to#one#container,#HTTP# Health#Checks#can't#help#you!

  30. HTTP$Health$Checks$Q&A

  31. Reliability >"Introspec,on"< Control

  32. Introspec*on: Ap#ble'Logs'v2 Ap#ble'logs'was'historically'deprecated'when'we'migrated'to' Ap#ble'v2,'but'it's%back%now! Behind'the'scenes,'aptible logs'provisions'a'managed'Log' Drain'that'buffers'and'streams'your'logs. Use$it$for$debugging$or$live$troubleshoo2ng.$Don't$use$it$for$long6 term$reten2on.

  33. Introspec*on: Pla$orm(Events We've%started%relaying%pla1orm%events%to%your%Log%Drains. Currently,*only*memory&management&emits&lifecycle&events: • Container*started • Container*exceeded*its*memory*alloca2on*/*is*restarted • Container*exited

  34. Introspec*on: Container)Metrics

  35. What%are%container%metrics? Metrics(are(available(in#your#Dashboard(for(Apps(and(Databases. You$can$look$back$one$hour$and$one$day,$and$iden%fy(poten%al( performance(bo2lenecks. They're'also'useful'for'Ap0ble'opera0ons'to'quickly'iden0fy'issues' with'your'apps.

  36. Memory

  37. Load%Average

  38. Disk%I/O%(databases)

  39. Disk%Usage%(databases)

  40. Container)Metrics)Q&A

  41. Reliability Introspec*on >"Control"<

  42. Control: On#Demand)Database)Backup)and) Restore

  43. Backup'a'database'via'the'CLI You$can$use$the$CLI$to$create&a&new&database&backup$at$any$0me: $ aptible db:backup "$DATABASE_HANDLE" Be#careful:#running#mul$ple'backups'at'the'same'$me'can'hurt' performance.

  44. Restore'via'the'CLI You$can$also$restore&a&backup$to$a&new&database$via$the$CLI: $ aptible backup:restore "$BACKUP_ID" You$can$get$the$Backup$ID$via$the$CLI,$or$via$the$Dashboard.$It$ doesn't$ma=er$whether$the$backup$was$automated$or$manual.

  45. Database'Backup'and'Restore'Q&A

  46. Security)Roundup 2"Factor)Authen/ca/on Managed'HTTPS

  47. Security: 2"Factor)Authen/ca/on 2FA$is$now$available$on$Ap0ble. When%enabling%2FA,%make%sure%to%safely%store%your%recovery% codes,%these%will%help%you%regain%access%to%your%account%if%you%lose% your%2FA%device.

  48. Security: Managed'HTTPS Managed'HTTPS'is'a'feature'built'on'Let's'Encrypt'that'lets'you' automa=cally'provision'and'renew'cer=ficates'for'your'Endpoints. It's%SSL%without%the%headaches.%Over%10%%of%Endpoints%on%Ap3ble% are%already%using%Managed%HTTPS!

  49. Security:*Q&A

  50. Follow%the%Ap+ble% Blog! www.ap%ble.com/blog