Monitoring ECS and Dynamic Infrastructure

Transcript

1. © 2016, Amazon Web Services, Inc. or its Affiliates. All

   rights reserved. Ilan Rabinovitch Monitoring in Motion Monitoring Containers and ECS

2. $ finger ilan@datadog [datadoghq.com] Name: Ilan Rabinovitch Role: Director, Technical

   Community 
 Interests: * Open Source * Large scale web operations * Monitoring and Metrics * Planning FL/OSS and DevOps Events (SCALE, TXLF, DevOpsDays, and more…)

3. • SaaS based infrastructure monitoring • Focus on modern infrastructure

   • Cloud, Containers, Micro Services • Processing nearly a trillion data points per day • Intelligent Alerting Datadog Overview

4. Operating Systems, Cloud Providers (AWS), Containers, Web Servers, Datastores, Caches,

   Queues and more... Monitor Everything
5. None

6. $ cat ~/.plan 1. Introduction: Why Containerize? 2. How: Collecting

   Docker and ECS Metrics 3. Finding the Signal: How do we know what to monitor? 4. Practice: Fitting it all together on ECS

7. Why Containerization?

8. More info at: www.datadoghq.com/docker-adoption/

9. Why Containers? • Avoid Dependency Hell

10. Why Containers? • Avoid Dependency Hell • Single Artifact Deployments

11. None

12. Source: http://bit.ly/1SvvbuP Why Containers?

13. Source: http://bit.ly/1RQRsXW

14. Source: http://bit.ly/1qFylWK • Avoid Dependency Hell • Single Artifact Deployments

    • Quick, Low Cost Provisioning Why Containers?

15. Source: Datadog

16. ECS - Elastic Container Services • Automatically manages and schedules

    your containers as ‘tasks’
 • Ensures tasks are always running based on your parameters • Integration with load balancing and routing via ELB.

17. Monitoring in Motion How do you define and monitor for

    normal when everything is changing around you? Between ECS and Containers you now have: • Containers moving between hosts. • Changing ports • and other changes underneath your feet.

18. Adding up the numbers… Docker Status API: 220+ Metrics per

    container

19. Adding up the numbers… Docker Status API: 223+ Metrics per

    container ECS CloudWatch Metrics: 4 per cluster + 2 per service

20. Adding up the numbers… Docker Status API: 223+ Metrics per

    container ECS CloudWatch Metrics: 4 per cluster + 2 per service OS Metrics: 100~ per instance

21. Docker Status API: 223+ Metrics per container ECS CloudWatch Metrics:

    4 per cluster + 2 per service OS Metrics: 100~ per instance App Metrics: 50~ Adding up the numbers…
22. None

23. Adding up the numbers… OS Metrics: 100~ per instance Docker

    Status API: 223+ Metrics per container ECS CloudWatch Metrics: 4 per cluster + 2 per service App Metrics: 50~ Metrics Overload!
24. None

25. Host Centric

26. Service Centric

27. Avoiding Gaps

28. None

29. Tags All the Way Down

30. Moving from statements to tag based queries “Monitor all containers

    running image web in region us-west-2 across all availability zones that use more than 1.5x the average memory on c3.xlarge”

31. Monitoring 101

32. None
33. None

34. Collecting data is cheap;
 not having it when you need

    it can be expensive

35. Instrument all the things!

36. None

37. Monitoring 101: tl;dr Edition More Details at: http://www.datadoghq.com/blog/monitoring-101-alerting/

38. tl;dr - Data Types

39. Examples: NGINX - Metrics Work Metrics:
 Requests Per Second •

    Dropped Connections • Request Time • Error Rates Resource Metrics: • Disk I/O • Memory • CPU • Queue Length

40. Examples: NGINX - Events • Configuration Change • Code Deployment

    • Service Started / Stopped • etc

41. When to let a sleeping engineer lie?

42. When to alert?

43. Recurse until you find root cause

44. Getting at the Metrics • ECS vs Docker • Work

    Metrics vs Resource Metrics

45. Resource Metrics Utilization: • CPU (user + system) • memory

    • i/o • network traffic Saturation • throttling • swap Error • Network Errors 
 (receive vs transmit)

46. Docker and ECS Events • Starting / Stopping Containers •

    Auto-scaled Underlying Instances
47. None

48. CloudWatch and ECS Resources CPUReservation MemoryReservation CPUUtilization MemoryUtilization

49. How do we get at the upper layers?

50. Getting at the Metrics CPU METRICS MEMORY METRICS I/O METRICS

    NETWORK METRICS pseudo-files Yes Yes Some Yes, in 1.6.1+ stats command Basic Basic No Basic API Yes Yes Some Yes

51. Pseudo-files • Provide visibility into container metrics via the file

    system. • Generally under: 
 /cgroup/<resource>/docker/$CONTAINER_ID/ 
 or
 /sys/fs/cgroup/<resource>/docker/$CONTAINER_ID/


52. Pseudo-files: CPU Metrics $ cat /sys/fs/cgroup/cpuacct/docker/$CONTAINER_ID/cpuacct.stat > user 2451 #

    time spent running processes since boot > system 966 # time spent executing system calls since boot $ cat /sys/fs/cgroup/cpu/docker/$CONTAINER_ID/cpu.stat > nr_periods 565 # Number of enforcement intervals that have elapsed > nr_throttled 559 # Number of times the group has been throttled > throttled_time 12119585961 # Total time that members of the group were throttled (12.12 seconds) Pseudo-files: CPU Throttling

53. Docker API • Detailed streaming metrics as JSON HTTP socket


    $ curl -v --unix-socket /var/run/docker.sock http://localhost/containers/ 28d7a95f468e/stats


54. STATS Command # Usage: docker stats CONTAINER [CONTAINER...] $ docker

    stats $CONTAINER_ID CONTAINER CPU % MEM USAGE/LIMIT MEM % NET I/O BLOCK I/O ecb37227ac84 0.12% 71.53 MiB/490 MiB 14.60% 900.2 MB/275.5 MB 266.8 MB/872.7 MB

55. Side Car Containers

56. Agents and Daemons • Ideally we’d want to schedule an

    agent or daemon on each node via ECS Tasks.
 • Current Work Arounds: 1. Bake it into your image. 2. Install on each host at provision time. 3. Automate with User Scripts and Launch Configs

57. Grant Privileges via IAM $ aws iam create-role \
 --role-name

    ecs-monitoring \
 --assume-role-policy-document file://trust.policy $ aws iam put-role-policy --role-name ecs-monitoring
 --policy-name ecs-monitoring-policy
 --policy-document file://ecs.policy $ aws iam create-instance-profile 
 --instance-profile-name ECSNode $ aws iam add-role-to-instance-profile \ --instance-profile-name ECSNode \
 --role-name ecs-monitoring

58. Create A User Script

59. Auto-Scale! $ aws autoscaling create-launch-configuration 
 --launch-configuration MyECSCluster --key-name my-key

    
 --image-id AMI_ID --instance-type INSTANCE_TYPE 
 --user-data file://launch-script.txt --iam-instance-profile IAM_ROLE

60. Aren’t we still missing a layer?

61. Open Questions • Where is my container running? • What

    is the capacity of my cluster? • What port is my app running on? • What’s the total throughput of my app? • What’s its response time per tag? (app, version, region) • What’s the distribution of 5xx error per container?

62. Service Discovery Docker API ECS & CloudWatch Monitoring Agent Container

    A O A O Containers List & Metadata Additional Metadata (Tags, etc) Config Backend Integration Configurations Host Level Metrics

63. Custom Metrics • Instrument custom applications
 • You know your

    key transactions best.
 • Use async protocols like Etys’ STATSD

64. Source: http://bit.ly/1NoW6aj

65. Thank You