Berlin 2013 - Session - Reza Spagnolo

Adap%ve Applica%on
Architecture
Reza Spagnolo
@rmspagnolo

View Slide

Hey there !
Who am I ?
•  A student
•  An engineer, for 9 years now
•  Interested in building systems
•  Dev & Ops since the beginning

View Slide

#monitoringsocks
but never sucked for real

View Slide

Monitoring is an architecture
component

View Slide

Infrastructure is code

View Slide

Monitoring is code
•  Development process
•  Tes%ng
•  Deployment

View Slide

Monitoring is service
•  Metrics
•  Alerts

View Slide

Namespaces
There are only two hard things in Computer
Science: cache invalida-‐-‐ Phil Karlton

View Slide

#soLwaresucks
without namespaces

View Slide

Metrics namespaces
•  Helps your mental model
•  Helps iden%fying things
•  Dimensions: loca%on, versions, etc

View Slide

Monitoring based promo%on
Acceptance
Development Produc%on
•  Produc%on conﬁgura%on
•  Comparison
•  Log analysis

View Slide

Monitoring deployment
•  Push changes
•  Keep correspondence
•  Automate
•  Namespaces

View Slide

Synthe%c traﬃc

View Slide

Canaries

View Slide

Miner’s canary
•  If a customer lets you know about a problem
then you have already failed at least twice
•  The right quan%ty
•  Filtering – see the right picture
•  Document changes to your baselines

View Slide

Other types of birds

View Slide

The preXy ones we just saw

View Slide

The Angry ones

View Slide

And monkeys !

View Slide

Audi%ng
Events %meline
•  Changes
•  Deployments
•  Rollbacks
•  Alarms

View Slide

Architecture
•  Single responsibility principle
•  Orchestra%on or Choreography
•  Dynamic conﬁgura%on
•  Failover and feedback cycles
•  Rate limi%ng
•  Integra%on paXerns

View Slide

Single responsibility principle
•  (Micro-‐)Services
•  Components
•  Small number of dependencies
•  Predictable failure modes
•  Easier adapta%on
•  Expecta%on on metrics

View Slide

Orchestra%on or Choreography
•  Orchestra%on
– May be simpler to reason about
– Coupling with the director
•  Choreography
– Possibly more ﬂexible
– Beware of corrup%on of state

View Slide

Dynamic configura%on
•  Reconfigurable at run%me
•  Fast reac%on
•  Beware of snowflakes

View Slide

Failover and feedback cycles
•  Automated failover
•  Failover stress
•  Beware of amplifying eﬀects
•  Break cycles

View Slide

Rate limi%ng
•  Degraded is beXer than nothing
•  Not only at the top level
•  Component rate limi%ng
•  Rate limi%ng should be dynamic
•  Rate limi%ng can be par%%oned
•  Clients should be part of the contract
•  Rate limi%ng is aLer all handshaking
•  Handshaking: within the protocol or out of band

View Slide

Integra%on and component PaXerns
•  Timeouts
•  Circuit breakers
•  Resource pools
•  Fail fast
•  Queue and retry
•  Applica%on pings and sanity checks

View Slide

View Slide

Addi%onal prac%ces
•  Quaran%ne
•  Regenera%ve infrastructure
•  Rollback and monitoring
•  Automa%on of SOP – Runbook

View Slide

Automated runbooks and checklists
•  Automate your SOP
•  Respond to failure with a
checklist
•  Automate checklists too
•  Helps to avoid the
cogni%ve bias and other
nasty stuﬀ your brain
does

View Slide

Discipline !

View Slide

Sources
•  Recovery Oriented Compu%ng Papers
•  James Hamilton LISA paper
•  Release It !
•  Scalable Internet Architectures
•  A ton of other great books and papers

View Slide

The value
Among the kinds of overhead:
•  The opera%onal one
•  The customers one
No maXer how sophis%cated is our monitoring infrastructure issues
no%ﬁed by customers are at the end the most important ones as they
impact their experience directly and are oLen discovering unknown
bugs.

Freeing up the team as much as possible from the overhead of the
ﬁrst type gives more %me to focus on the issues of the product itself.

View Slide

Thank you !

View Slide

Berlin 2013 - Session - Reza Spagnolo

Berlin 2013 - Session - Reza Spagnolo

Monitorama

More Decks by Monitorama

Featured

Transcript