Assimilation Project Distributed Computing Overview

D
i
s
t
C
o
m
p
.
2
0
1
4
Distributed Computing
in
The Assimilation Project
#AssimProj @OSSAlanR
http://assimproj.org/
Alan Robertson
Assimilation Systems Limited
http://assimilationsystems.com
© 2014 Assimilation Systems Limited

View Slide

Distributed
Computing
Meetup
09 December 2014
2/43
D
i
s
t
C
o
m
p
.
2
0
1
4
Biography
●
35+ years in IT/development – 10 years in
system management (SysAdmin)
●
Founded Linux-HA project - led 1998-2007
– aka “Heartbeat” - now called Pacemaker
●
Founded Assimilation Project in 2010
●
Founded Assimilation Systems Limited in
2013
●
Alumnus of Bell Labs(21), SuSE(1), IBM(13)

View Slide

Distributed
Computing
Meetup
09 December 2014
3/43
D
i
s
t
C
o
m
p
.
2
0
1
4
Highly Scalable Discovery-
Driven Automation
Continuous Discovery integrated with
extreme-scale Monitoring
●
Continuous extensible discovery
– systems, switches, services, dependencies –
zero network footprint discovery process
●
Extensible exception monitoring
– more than 100K systems
●
All data goes into central graph CMDB

View Slide

Distributed
Computing
Meetup
09 December 2014
4/43
D
i
s
t
C
o
m
p
.
2
0
1
4
Assimilation Project History
●
Inspired by 2 million core computer (cyclops64)
●
Concerns for extreme scale
●
Topology aware monitoring
●
Topology discovery w/out security issues
=►Discovery of everything!
Basically a C2I system:
Command, Communication and Intelligence

View Slide

Distributed
Computing
Meetup
09 December 2014
5/43
D
i
s
t
C
o
m
p
.
2
0
1
4
A seven-dimensional overview
●
Problems Addressed
●
Unique Capabilities
●
Distribution of Work
●
Architectural Components
●
Communications Protocol
●
Current Status
●
Project Needs

View Slide

Distributed
Computing
Meetup
09 December 2014
6/43
D
i
s
t
C
o
m
p
.
2
0
1
4
First Dimension:
Problems Addressed
1. Risk Management at extreme scale
2. Maintaining detailed discovery database
3. Discovering systems you've forgotten
4. Discovering vulnerable and licensed
software you're running – and where
5. Monitoring services, systems & switches
6. Finding services you aren't monitoring

View Slide

Distributed
Computing
Meetup
09 December 2014
7/43
D
i
s
t
C
o
m
p
.
2
0
1
4
Second Dimension:
Unique Powerful Features
1. Continuous Discovery
2. Discovery: Zero network footprint
3. Centralized graph database
4. We know everything that changes
5. Discover and update dependency
information
6. Discovery and monitoring tightly
integrated – discovery drives automation

View Slide

Distributed
Computing
Meetup
09 December 2014
8/43
D
i
s
t
C
o
m
p
.
2
0
1
4
(even more) Features...
7. Discovery and monitoring easily
extensible
8. Naturally scalable to > 100K systems
9. Minimal network load
10.Server failures distinguishable
from switch failures
11.Best practice and vulnerability alerts
12.Multi-tenant support

View Slide

Distributed
Computing
Meetup
09 December 2014
9/43
D
i
s
t
C
o
m
p
.
2
0
1
4
This all sounds unreasonable...
●
Huge scalability without complexity?
●
Discovery without pings or port scans?
Really?

View Slide

Distributed
Computing
Meetup
09 December 2014
10/43
D
i
s
t
C
o
m
p
.
2
0
1
4
Typical Monitoring Algorithm
●
A system sends out pings to see if systems are alive
●
Probe each service over the network
– sometimes aggregated by endpoint agents
●
Load on system rises rapidly
●
Load on network rises rapidly with a hot spot around
monitoring system
●
Growth accomplished by more systems, proxies,
and other forms of complexity

View Slide

Distributed
Computing
Meetup
09 December 2014
11/43
D
i
s
t
C
o
m
p
.
2
0
1
4
More about Cyclops64
●
Specialized monitoring hardware
●
Cube communication topology
● 24●24●24●160 [2,216,204] cores (!)
●
Round trip costs up to 132 forwards
●
Traditional monitoring protocol:
– really, really bad idea

View Slide

Distributed
Computing
Meetup
09 December 2014
12/43
D
i
s
t
C
o
m
p
.
2
0
1
4
Typical Discovery Algorithms
●
Turn off intrusion detection system
– Ping every address
– Port scans every address
– SNMP and other probes done against
open ports
– Walk network to find switch connections
●
Turn intrusion detection back on
●
Repeat annually, quarterly, monthly or weekly

View Slide

Distributed
Computing
Meetup
09 December 2014
13/43
D
i
s
t
C
o
m
p
.
2
0
1
4
Third Dimension:
Fully distributed work
Two philosophical underpinnings
1. Monitoring and Discovery are fully distributed
2. Reliable “no news is good news”
Only responses to changes are centralized

View Slide

Distributed
Computing
Meetup
09 December 2014
14/43
D
i
s
t
C
o
m
p
.
2
0
1
4
Simple Scalability
I can explain how we scale so your
grandmother would understand...

View Slide

Distributed
Computing
Meetup
09 December 2014
15/43
D
i
s
t
C
o
m
p
.
2
0
1
4
Simple Scalability
I can explain how we scale so your
grandmother would understand...
istockphoto
©bowdenimages

View Slide

Distributed
Computing
Meetup
09 December 2014
16/43
D
i
s
t
C
o
m
p
.
2
0
1
4
Massive Scalability – or
“I see dead servers in O(1) time”
●
Adding systems does not increase the monitoring work on any
system
●
Each server monitors 2 (or 4) neighbors
●
Each server monitors and discovers its own services
●
Ring repair and alerting is O(n) – but a very small amount of work
Current Implementation

View Slide

Distributed
Computing
Meetup
09 December 2014
17/43
D
i
s
t
C
o
m
p
.
2
0
1
4
Minimizing Network Footprint
(planned)
●
Support diagnosing switch issues
●
Minimize network traffic
●
Ideal for multi-site arrangements

View Slide

Distributed
Computing
Meetup
09 December 2014
18/43
D
i
s
t
C
o
m
p
.
2
0
1
4
Fourth Dimension:
Architectural Components
Three Architectural Components
1. Collective Management Authority
●
One CMA per installation
2. Nanoprobes (agents)
●
One per system
3. Data Storage
●
Central Neo4j graph database (CMDB)

View Slide

Distributed
Computing
Meetup
09 December 2014
19/43
D
i
s
t
C
o
m
p
.
2
0
1
4
Basic CMA Functions (python)
Nanoprobe management
●
Configure & direct
●
Hear alerts & discovery
●
Update rings: join/leave
Update database
Issue alerts
-- provide event notification

View Slide

Distributed
Computing
Meetup
09 December 2014
20/43
D
i
s
t
C
o
m
p
.
2
0
1
4
Nanoprobe Functions ('C')
Announce self to CMA
●
Default: use reserved multicast address
Do what CMA says
●
receive configuration information
– CMA addresses, ports, defaults
●
send/expect heartbeats
●
perform discovery actions
●
perform monitoring actions
No persistent state across reboots

View Slide

Distributed
Computing
Meetup
09 December 2014
21/43
D
i
s
t
C
o
m
p
.
2
0
1
4
Service Monitoring based on
HA Technologies
●
Well-proven architecture:
– “no news is good news” AKA
management by exception
●
Implements Open Cluster Framework
standard (LSB and others)
●
Each system monitors own services
●
Can also start, stop, migrate services

View Slide

Distributed
Computing
Meetup
09 December 2014
22/43
D
i
s
t
C
o
m
p
.
2
0
1
4
Monitoring Pros and Cons
Pros
Simple & Scalable
Uniform work distribution
No single point of failure
Distinguishes switch vs
host failure
Easy on LAN, WAN
Multi-tenant approach
Cons
Active agents
Potential slowness
at power-on

View Slide

Distributed
Computing
Meetup
09 December 2014
23/43
D
i
s
t
C
o
m
p
.
2
0
1
4
Why a graph database? (Neo4j)
●
Humans describe systems as graphs
●
Dependency & Discovery information: graph
●
Speed of graph traversals depends on size of
subgraph, not total graph size
●
Root cause queries  graph traversals –
notoriously slow in relational databases
●
Visualization is Natural
●
Schema-less design: good for constantly changing
heterogeneous environment
●
Graph Model === Object Model

View Slide

Distributed
Computing
Meetup
09 December 2014
24/43
D
i
s
t
C
o
m
p
.
2
0
1
4
A multi-dimensional demo
●
Demonstrate basic capabilities
– Discovery
– Discovery-driven monitoring configuration
– Discovery-driven 'tripwire-like' checksums
– Monitoring – failures / successes
– Host down notification
●
No configuration was supplied
– everything comes from discovery
http://assimilationsystems.com/90_second_demo/

View Slide

Distributed
Computing
Meetup
09 December 2014
25/43
D
i
s
t
C
o
m
p
.
2
0
1
4
Communications Attributes
●
Non-heartbeat communication is rare
– could be months or years between packets
●
Some data sent to CMA is sensitive
●
Command sent to nanoprobes are
potentially dangerous
●
CMA connects to up to 106 clients
●
No news is good news: cannot lose
information

View Slide

Distributed
Computing
Meetup
09 December 2014
26/43
D
i
s
t
C
o
m
p
.
2
0
1
4
Fifth Dimension
Communications Protocol
●
UDP with reliable transmission protocol
– packets ACKed when acted on
●
Includes signatures, encryption,
compression
●
Communication resets happen on next
communication – not immediately
●
Encryption is almost done (this week!)
– using libsodium – curve25519 encryption

View Slide

Distributed
Computing
Meetup
09 December 2014
27/43
D
i
s
t
C
o
m
p
.
2
0
1
4
Key Management Scenarios
●
Nanoprobe one-time initialization
●
CMA one-time initialization
●
Nanoprobe startup
●
Command flow

View Slide

Distributed
Computing
Meetup
09 December 2014
28/43
D
i
s
t
C
o
m
p
.
2
0
1
4
Nanoprobe one-time
initialization

View Slide

Distributed
Computing
Meetup
09 December 2014
29/43
D
i
s
t
C
o
m
p
.
2
0
1
4
CMA one-time initialization

View Slide

Distributed
Computing
Meetup
09 December 2014
30/43
D
i
s
t
C
o
m
p
.
2
0
1
4
Nanoprobe Startup

View Slide

Distributed
Computing
Meetup
09 December 2014
31/43
D
i
s
t
C
o
m
p
.
2
0
1
4
Command Processing

View Slide

Distributed
Computing
Meetup
09 December 2014
32/43
D
i
s
t
C
o
m
p
.
2
0
1
4
Sixth Dimension:
Current Status
●
Fourth release out 20 October 2014
– next release (December?) will have encrypted comm
●
Great unit tests
●
Several discovery methods written
●
Extensible Automated Discovery Triggers
●
Discovery => Automatic Monitoring (WOOT!)
●
Discovery => Network-Facing Checksums
●
Command Line Queries
●
Licenses: Commercial or GPLv3

View Slide

Distributed
Computing
Meetup
09 December 2014
33/43
D
i
s
t
C
o
m
p
.
2
0
1
4
Seventh Dimension:
Get Involved!
We need you!
●
Early adopters
●
Testers, Continuous Integration
●
Best practice experts
●
Designers
●
Developers (C,Python, Shell, PowerShell, JavaScript)
●
Porters (esp Windows)
●
Promoters, Publicists, Packagers, etc.

View Slide

Distributed
Computing
Meetup
09 December 2014
34/43
D
i
s
t
C
o
m
p
.
2
0
1
4
Resistance Is Futile!
These slides: bit.ly/AssimDCM14
Mailing List bit.ly/AssimML
#AssimProj @OSSAlanR
#assimilation on freenode IRC
Project Web Site
assimproj.org
Company Web Site
assimilationsystems.com

View Slide

Distributed
Computing
Meetup
09 December 2014
35/43
D
i
s
t
C
o
m
p
.
2
0
1
4
Fifth Dimension:
Discovery API
Scripts perform discovery
– output JSON
Three Sample Discovery Snippets
●
OS information
●
Service discovery
●
Client discovery

View Slide

Distributed
Computing
Meetup
09 December 2014
36/43
D
i
s
t
C
o
m
p
.
2
0
1
4
How does discovery work?
Nanoprobe scripts perform discovery
●
Each discovers one kind of information
●
Can take arguments from environment
●
Output JSON
CMA stores Discovery Information
●
JSON stored in Neo4j database
●
CMA discovery plugins => graph nodes
and relationships

View Slide

Distributed
Computing
Meetup
09 December 2014
37/43
D
i
s
t
C
o
m
p
.
2
0
1
4
A Few Canned Queries
allipports get all port/ip/service/hosts
allswitchports get switch connections
crashed get crashed servers
shutdown get gracefully shutdown servers
downservices get nonworking services
findip get system owning IP
findmac get system owning MAC
unknownips get unknown IP addresses
unmonitored get unmonitored services

View Slide

Distributed
Computing
Meetup
09 December 2014
38/43
D
i
s
t
C
o
m
p
.
2
0
1
4
OS discovery JSON Snippet
{ "nodename": "alanr-1225B",
"operating-system": "GNU/Linux",
"machine": "x86_64",
"processor": "x86_64",
"hardware-platform": "x86_64",
"kernel-name": "Linux",
"kernel-release": "3.8.0-31-generic",
"kernel-version": "#46-Ubuntu SMP ...",
"Distributor ID": "Ubuntu",
"Description": "Ubuntu 13.04",
"Release": "13.04",
"Codename": "raring" }

View Slide

Distributed
Computing
Meetup
09 December 2014
39/43
D
i
s
t
C
o
m
p
.
2
0
1
4
"sshd": {
"exe": "/usr/sbin/sshd",
"cmdline": [ "/usr/sbin/sshd", "-D" ],
"uid": "root",
"gid": "root",
"cwd": "/",
"listenaddrs": {
"0.0.0.0:22": {
"proto": "tcp",
"addr": "0.0.0.0",
"port": 22 },
sshd Service JSON Snippet
(from netstat and /proc)

View Slide

Distributed
Computing
Meetup
09 December 2014
40/43
D
i
s
t
C
o
m
p
.
2
0
1
4
"ssh": {
"exe": "/usr/sbin/ssh",
"cmdline": [ "ssh", "servidor" ],
"uid": "alanr",
"gid": "alanr",
"cwd": "/home/alanr/monitor/src",
"clientaddrs": {
"10.10.10.5:22": {
"proto": "tcp",
"addr": "10.10.10.5",
"port": 22 },
ssh Client JSON Snippet
(from netstat and /proc)

View Slide

Distributed
Computing
Meetup
09 December 2014
41/43
D
i
s
t
C
o
m
p
.
2
0
1
4
Two Schema subgraphs
●
Client / server
dependency
●
Switch interconnect

View Slide

Distributed
Computing
Meetup
09 December 2014
42/43
D
i
s
t
C
o
m
p
.
2
0
1
4
ssh -> sshd dependency graph

View Slide

Distributed
Computing
Meetup
09 December 2014
43/43
D
i
s
t
C
o
m
p
.
2
0
1
4
Switch Discovery Data
from LLDP (or CDP)

View Slide

Assimilation Project Distributed Computing Overview

Assimilation Project Distributed Computing Overview

Alan Robertson

More Decks by Alan Robertson

Other Decks in Programming

Featured

Transcript