Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Who Needs Clouds?: HA in Your Datacenter

Paul Hinze
September 28, 2012
Technology
1
480

Who Needs Clouds?: HA in Your Datacenter

Tony Pitluga and Paul Hinze at Surge Conference 2012

Building highly available services can be a challenge. At Braintree, we value simplicity, open source and cheap commodity hardware. While many companies attempt to achieve high-availability through expensive, proprietary components like SANs and hardware load balancers, these sorts of devices are fraught with their own peril. We'll describe how we built a robust infrastructure using off-the-shelf hardware, Linux-based tools, and a few custom applications to tie everything together. By open-sourcing our work and telling our story, we'll hope to share with the community what we believe is a clean, elegant strategy for structuring highly available services of all shapes and sizes.

Paul Hinze

September 28, 2012
Tweet

More Decks by Paul Hinze

See All by Paul Hinze
Getting Good at System Failure Analysis
phinze
0
420
Applying Graph Theory to Infrastructure As Code
phinze
6
1.9k
Infrastructure as Code with Terraform and Friends
phinze
2
270
SWIM: Scalable Weakly Consistent Infection Style Process Group Membership Protocol
phinze
2
280
Smoke & Mirrors: The Primitives of High Availability
phinze
1
400
Git: Everybody's Favorite MMO
phinze
0
99
Shut Up and Pipe! Unix-style Object Collaboration in Rack and Vagrant
phinze
0
110
Freighthop: Vagrant on Rails
phinze
0
240
Puppet Modules Are Our Friends
phinze
0
64

Other Decks in Technology

See All in Technology
HEXA OSINT CTF V3 作戦会議
meow_noisy
0
110
社内勉強会運営のコツ
senoo
6
1.1k
"好き"との生活/Regularly update profile with GitHub Actions
judeeeee
0
150
Terraformあれやこれ/terraform-this-and-that
emiki
3
240
SPI原点回帰論:事業課題とFour Keysの結節点を見出す実践的ソフトウェアプロセス改善 / DevOpsDays Tokyo 2024
visional_engineering_and_design
4
1.5k
Next'24 事例セッションの紹介とクラウド資格を活用したキャリア形成について語りMuscle
yasumuusan
0
300
入社後初めてのタスクでk8sアップグレードした話.pdf
kkato1
0
380
NgRx Signal Store
rainerhahnekamp
0
110
「手動オペレーションに定評がある」と言われた私が心がけていること / phpcon_odawara2024
blue_goheimochi
1
320
疲弊しない!AWSセキュリティ統制の考え方 #devio_osakaday1
masahirokawahara
6
5.8k
株式会社EventHub・エンジニア採用資料
eventhub
0
1.9k
Tableau事例紹介 / Tableau Case Study of Eureka
kazuya_araki_tokyo
1
170

Featured

See All Featured
The Brand Is Dead. Long Live the Brand.
mthomps
48
28k
5 minutes of I Can Smell Your CMS
philhawksworth
199
19k
Build your cross-platform service in a week with App Engine
jlugia
224
17k
Rails Girls Zürich Keynote
gr2m
91
13k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
34
8.8k
How STYLIGHT went responsive
nonsquared
92
4.8k
Robots, Beer and Maslow
schacon
PRO
154
7.9k
Making the Leap to Tech Lead
cromwellryan
123
8.5k
What's new in Ruby 2.0
geeforr
336
31k
A Tale of Four Properties
chriscoyier
150
22k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
355
22k
The MySQL Ecosystem @ GitHub 2015
samlambert
242
12k

Transcript

  1. None

  2. Tony Pitluga Paul Hinze @pitluga @phinze

  3. None

  4. Our world

  5. Lots of people trust us

  6. > 1 million API calls per day

  7. > 1 million API calls per day $ $ $

    $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $$ $ $ $ $ $ important

  8. Downtime really sucks $ $ $ $ $ $ $

    $ $ $

  9. we have interesting jobs in other words

  10. What we value

  11. simple easy Open closed logic not not not magic

  12. What we choose

  13. not not not linux-ha

  14. Today

  15. our beloved Load balancers

  16. scalability availability +

  17. linux-ha

  18. Thou Shalt Do One Thing Well

  19. Don’t Panic!

  20. lots of simple pieces

  21. Whole > Sum ( parts )

  22. 204.109.13.100 app01 204.109.13.7 load01 10.0.0.1 100 10.0.0.2 100 ... 10.0.0.{N}

    {W} POST /transactions 10.0.0.1 201 Created app02 app{N} balancing act 1 2 3 4

  23. 204.109.13.100 app01 204.109.13.7 load01 10.0.0.1 100 10.0.0.2 100 ... 10.0.0.{N}

    {W} POST /transactions 10.0.0.1 201 Created app02 app{N} (1) ip virtual server

  24. 204.109.13.100 app01 204.109.13.7 load01 10.0.0.1 100 10.0.0.2 100 ... 10.0.0.{N}

    {W} POST /transactions 10.0.0.1 201 Created app02 app{N} (2) litmus_paper litmus_paper 100

  25. 204.109.13.100 app01 204.109.13.7 load01 10.0.0.1 100 10.0.0.2 100 ... 10.0.0.{N}

    {W} POST /transactions 10.0.0.1 201 Created app02 app{N} (3) big_brother litmus_paper 201 Created big_brother 100

  26. 204.109.13.100 app01 204.109.13.7 load01 POST /transactions 10.0.0.1 201 Created app02

    app{N} (4) pacemaker litmus_paper 100 load02 load03

  27. here goes!

  28. load01 10.0.0.1 100 10.0.0.2 100 ... 10.0.0.{N} {W} IP Virtual

    server (ipvs)

  29. on your mark iptables --table mangle \ --append PREROUTING \

    --destination 205.109.13.7/32 \ --interface eth70 \ --protocol tcp \ --match tcp --dport 443 \ --jump MARK --set-mark 0x07

  30. iptables --table mangle \ --append PREROUTING \ --destination 205.109.13.7/32 \

    --interface eth70 \ --protocol tcp \ --match tcp --dport 443 \ --jump MARK --set-mark 0x07 on your mark

  31. get set ipvsadm --add-service --fwmark-service 7 --scheduler wlc

  32. get set ipvsadm --add-service --fwmark-service 7 --scheduler wlc

  33. and they’re off! ipvsadm --add-server --fwmark-service 7 --real-server 10.0.0.1 --ipip

    --weight 100

  34. and they’re off! ipvsadm --add-server --fwmark-service 7 --real-server 10.0.0.1 --ipip

    --weight 100

  35. and they’re off! ipvsadm --add-server --fwmark-service 7 --real-server 10.0.0.2 --ipip

    --weight 100

  36. 204.109.13.100 app01 204.109.13.7 load01 10.0.0.1 100 10.0.0.2 100 ... 10.0.0.{N}

    {W} POST /transactions 10.0.0.1 201 Created app02 app{N} now you’re balancing with FOSS!

  37. ok, so what?

  38. weight weight don’t tell me ipvsadm --add-server --fwmark-service 7 --real-server

    10.0.0.1 --ipip --weight 100

  39. weight weight don’t tell me ipvsadm --add-service --fwmark-service 7 --scheduler

    wlc

  40. The Power is yours!

  41. weight == “Health” of node

  42. how do we get health?

  43. litmus_paper braintree/litmus_paper

  44. app01 Determines health of single node litmus_paper

  45. health == Dependencies + Metrics

  46. a litmus_paper check service "webapp" do |s| s.depends Dependency::HTTP, "http://localhost:3000/heartbeat"

    s.measure_health Metric::CPULoad, :weight => 50 s.measure_health Metric::AvailableMemory, :weight => 50 end

  47. a litmus_paper check service "webapp" do |s| s.depends Dependency::HTTP, "http://localhost:3000/heartbeat"

    s.measure_health Metric::CPULoad, :weight => 50 s.measure_health Metric::AvailableMemory, :weight => 50 end services i *require* to be useful

  48. a litmus_paper check service "webapp" do |s| s.depends Dependency::HTTP, "http://localhost:3000/heartbeat"

    s.measure_health Metric::CPULoad, :weight => 50 s.measure_health Metric::AvailableMemory, :weight => 50 end how healthy am i generally?

  49. easy to extend require 'postfix_litmus' service "mailman" do |s| s.depends

    PostfixLitmus::Dependency, "localhost:543" s.measure_health PostfixLitmus::MailQSize, :max_size => 1000, :weight => 100 end

  50. easy httpeasy $ curl localhost Litmus Paper 0.6.0 Services monitored:

    * webapp (87.5)

  51. easy httpeasy $ curl localhost/webapp/status Health: 87.5 Dependency::HTTP(http://localhost:3000/heartbeat): OK Metric::CPULoad(50):

    49.5 Metric::AvailableMemory(50): 38

  52. Maintenance w/ litmusctl $ litmusctl force down webapp Reason? apt

    upgrades $ curl localhost/webapp/status Health: 0 apt upgrades

  53. 204.109.13.100 app01 204.109.13.7 load01 10.0.0.1 100 10.0.0.2 100 ... 10.0.0.{N}

    {W} POST /transactions 10.0.0.1 201 Created app02 app{N} litmus keeping tabs litmus_paper litmus_paper litmus_paper 100 92 55

  54. litmus will answer but who will ask?

  55. big_brother braintree/big_brother

  56. load01 10.0.0.1 100 10.0.0.2 100 ... 10.0.0.{N} {W} monitors litmus

    updates ipvs big_brother

  57. it’s simple, really while true health = `curl node/app/status \

    | grep Health \ | awk ‘{print $2}’` `ipvsadm --edit-server --weight #{health}` sleep 2 end

  58. config, brother webapp: checkInterval: 2000 scheduler: wlc fwmark: 7 nodes:

    - address: 10.0.0.1 port: 80 path: /webapp/status - address: 10.0.0.2 port: 80 path: /webapp/status

  59. 204.109.13.100 app01 204.109.13.7 load01 10.0.0.1 100 10.0.0.2 100 ... 10.0.0.{N}

    {W} POST /transactions 10.0.0.1 201 Created app02 app{N} big_brother is watching litmus_paper litmus_paper litmus_paper 100 92 55 big_brother 92

  60. big_brother what can Do FOR YOU?

  61. Yale Collection of Western Americana, Beinecke Rare Book and Manuscript

    Library

  62. 15 load01 balancing by health app01 app02 10 app03 25

    30% 20% 50%

  63. 15 load01 new kid on the block app01 app02 10

    app03 25 30% 20% 50% app04 100 yeah!

  64. 15 load01 accosted like a boy band app01 app02 10

    app03 25 10% 6% 16% app04 100 66%

  65. load01 accosted like a boy band app04 66% 5 ouch!

    15 app01 app02 10 app03 25 10% 6% 16%

  66. config, brother webapp: checkInterval: 2000 scheduler: wlc fwmark: 7 ramp_up_time:

    120 nodes: - address: 10.0.0.1 port: 80 path: /webapp/status - address: 10.0.0.2 port: 80 path: /webapp/status try this

  67. 15 load01 Humble kid on the block app01 app02 10

    app03 25 30% 20% 50% app04 5 easy now

  68. 15 load01 ease off the pressure 10 25 27% 18%

    45% app04 5 9% app01 app02 app03

  69. 15 load01 ease off the pressure 10 25 25% 16%

    41% app04 5 16% app01 app02 app03

  70. 15 load01 even out 10 25 app04 5 app01 app02

    app03 23% 24% 27% 26%

  71. 78 load01 we all get healthy together 82 95 app04

    93 app01 app02 app03 23% 24% 27% 26%

  72. 204.109.13.100 app01 204.109.13.7 load01 10.0.0.1 100 10.0.0.2 100 ... 10.0.0.{N}

    {W} POST /transactions 10.0.0.1 201 Created app02 app{N} big_brother is watching litmus_paper litmus_paper litmus_paper 100 92 55 big_brother 92 201 Created

  73. who load balances the load balancers ?

  74. None
  75. None
  76. None

  77. load01 load02 load03 manages resources across a cluster

  78. resource == open cluster framework (ocf)

  79. ocf scripts /usr/lib/ocf/resource.d/braintree/ocf_big_brother <monitor|start|stop>

  80. ocf monitor /usr/lib/ocf/resource.d/braintree/ocf_big_brother <monitor|start|stop> $ curl localhost:9292/cluster/app Running: true

  81. ocf monitor /usr/lib/ocf/resource.d/braintree/ocf_big_brother <monitor|start|stop> $ curl -XPUT localhost:9292/cluster/app OK

  82. ocf monitor /usr/lib/ocf/resource.d/braintree/ocf_big_brother <monitor|start|stop> $ curl -XDELETE localhost:9292/cluster/app OK

  83. resource == virtual IP(s) + IPVS cluster

  84. IPaddr2

  85. XmHELL <group description="Braintree Webapp" id="webapp_group"> <primitive class="ocf" id="ipvs_webapp" provider="braintree" type="ocf_big_brother">

    <instance_attributes id="ipvs_webapp_ia"> <nvpair id="ipvs_monitor_webapp_cluster" name="cluster" value="webapp"/> </instance_attributes> <operations> <op id="ipvs_webapp_op_start" interval="0" name="start" timeout="20s"/> <op id="ipvs_webapp_op_stop" interval="0" name="stop" timeout="40s"/> <op id="ipvs_webapp_op_monitor" interval="61s" name="monitor" timeout="30s"/> </operations> </primitive> <primitive class="ocf" id="ip_204.109.13.7" provider="heartbeat" type="IPaddr2"> <instance_attributes id="ip_204.109.13.7_ia"> <nvpair id="ip_204.109.13.7_ip" name="ip" value="204.109.13.7"/> <nvpair id="ip_204.109.13.7_nm" name="cidr_netmask" value="32"/> <nvpair id="ip_204.109.13.7_nic" name="nic" value="eth70"/> </instance_attributes> <operations> <op id="ip_204.109.13.7_op_start" interval="0" name="start" timeout="30s"/> <op id="ip_204.109.13.7_op_stop" interval="0" name="stop" timeout="90s"/> <op id="ip_204.109.13.7_op_monitor" interval="61s" name="monitor" timeout="30s"/> </operations> </primitive> </group>

  86. groups flock together <group description="Braintree Webapp" id="webapp_group"> <primitive class="ocf" id="ipvs_webapp"

    provider="braintree" type="ocf_big_brother"> <instance_attributes id="ipvs_webapp_ia"> <nvpair id="ipvs_monitor_webapp_cluster" name="cluster" value="webapp"/> </instance_attributes> <operations> <op id="ipvs_webapp_op_start" interval="0" name="start" timeout="20s"/> <op id="ipvs_webapp_op_stop" interval="0" name="stop" timeout="40s"/> <op id="ipvs_webapp_op_monitor" interval="61s" name="monitor" timeout="30s"/> </operations> </primitive> <primitive class="ocf" id="ip_204.109.13.7" provider="heartbeat" type="IPaddr2"> <instance_attributes id="ip_204.109.13.7_ia"> <nvpair id="ip_204.109.13.7_ip" name="ip" value="204.109.13.7"/> <nvpair id="ip_204.109.13.7_nm" name="cidr_netmask" value="32"/> <nvpair id="ip_204.109.13.7_nic" name="nic" value="eth70"/> </instance_attributes> <operations> <op id="ip_204.109.13.7_op_start" interval="0" name="start" timeout="30s"/> <op id="ip_204.109.13.7_op_stop" interval="0" name="stop" timeout="90s"/> <op id="ip_204.109.13.7_op_monitor" interval="61s" name="monitor" timeout="30s"/> </operations> </primitive> </group>

  87. the ipvs resource <group description="Braintree Webapp" id="webapp_group"> <primitive class="ocf" id="ipvs_webapp"

    provider="braintree" type="ocf_big_brother"> <instance_attributes id="ipvs_webapp_ia"> <nvpair id="ipvs_monitor_webapp_cluster" name="cluster" value="webapp"/> </instance_attributes> <operations> <op id="ipvs_webapp_op_start" interval="0" name="start" timeout="20s"/> <op id="ipvs_webapp_op_stop" interval="0" name="stop" timeout="40s"/> <op id="ipvs_webapp_op_monitor" interval="61s" name="monitor" timeout="30s"/> </operations> </primitive> <primitive class="ocf" id="ip_204.109.13.7" provider="heartbeat" type="IPaddr2"> <instance_attributes id="ip_204.109.13.7_ia"> <nvpair id="ip_204.109.13.7_ip" name="ip" value="204.109.13.7"/> <nvpair id="ip_204.109.13.7_nm" name="cidr_netmask" value="32"/> <nvpair id="ip_204.109.13.7_nic" name="nic" value="eth70"/> </instance_attributes> <operations> <op id="ip_204.109.13.7_op_start" interval="0" name="start" timeout="30s"/> <op id="ip_204.109.13.7_op_stop" interval="0" name="stop" timeout="90s"/> <op id="ip_204.109.13.7_op_monitor" interval="61s" name="monitor" timeout="30s"/> </operations> </primitive> </group>

  88. the ipvs important bits <group description="Braintree Webapp" id="webapp_group"> <primitive class="ocf"

    id="ipvs_webapp" provider="braintree" type="ocf_big_brother"> <instance_attributes id="ipvs_webapp_ia"> <nvpair id="ipvs_monitor_webapp_cluster" name="cluster" value="webapp"/> </instance_attributes> <operations> <op id="ipvs_webapp_op_start" interval="0" name="start" timeout="20s"/> <op id="ipvs_webapp_op_stop" interval="0" name="stop" timeout="40s"/> <op id="ipvs_webapp_op_monitor" interval="61s" name="monitor" timeout="30s"/> </operations> </primitive> <primitive class="ocf" id="ip_204.109.13.7" provider="heartbeat" type="IPaddr2"> <instance_attributes id="ip_204.109.13.7_ia"> <nvpair id="ip_204.109.13.7_ip" name="ip" value="204.109.13.7"/> <nvpair id="ip_204.109.13.7_nm" name="cidr_netmask" value="32"/> <nvpair id="ip_204.109.13.7_nic" name="nic" value="eth70"/> </instance_attributes> <operations> <op id="ip_204.109.13.7_op_start" interval="0" name="start" timeout="30s"/> <op id="ip_204.109.13.7_op_stop" interval="0" name="stop" timeout="90s"/> <op id="ip_204.109.13.7_op_monitor" interval="61s" name="monitor" timeout="30s"/> </operations> </primitive> </group>

  89. the ipaddr resource <group description="Braintree Webapp" id="webapp_group"> <primitive class="ocf" id="ipvs_webapp"

    provider="braintree" type="ocf_big_brother"> <instance_attributes id="ipvs_webapp_ia"> <nvpair id="ipvs_monitor_webapp_cluster" name="cluster" value="webapp"/> </instance_attributes> <operations> <op id="ipvs_webapp_op_start" interval="0" name="start" timeout="20s"/> <op id="ipvs_webapp_op_stop" interval="0" name="stop" timeout="40s"/> <op id="ipvs_webapp_op_monitor" interval="61s" name="monitor" timeout="30s"/> </operations> </primitive> <primitive class="ocf" id="ip_204.109.13.7" provider="heartbeat" type="IPaddr2"> <instance_attributes id="ip_204.109.13.7_ia"> <nvpair id="ip_204.109.13.7_ip" name="ip" value="204.109.13.7"/> <nvpair id="ip_204.109.13.7_nm" name="cidr_netmask" value="32"/> <nvpair id="ip_204.109.13.7_nic" name="nic" value="eth70"/> </instance_attributes> <operations> <op id="ip_204.109.13.7_op_start" interval="0" name="start" timeout="30s"/> <op id="ip_204.109.13.7_op_stop" interval="0" name="stop" timeout="90s"/> <op id="ip_204.109.13.7_op_monitor" interval="61s" name="monitor" timeout="30s"/> </operations> </primitive> </group>

  90. the ipaddr important bits <group description="Braintree Webapp" id="webapp_group"> <primitive class="ocf"

    id="ipvs_webapp" provider="braintree" type="ocf_big_brother"> <instance_attributes id="ipvs_webapp_ia"> <nvpair id="ipvs_monitor_webapp_cluster" name="cluster" value="webapp"/> </instance_attributes> <operations> <op id="ipvs_webapp_op_start" interval="0" name="start" timeout="20s"/> <op id="ipvs_webapp_op_stop" interval="0" name="stop" timeout="40s"/> <op id="ipvs_webapp_op_monitor" interval="61s" name="monitor" timeout="30s"/> </operations> </primitive> <primitive class="ocf" id="ip_204.109.13.7" provider="heartbeat" type="IPaddr2"> <instance_attributes id="ip_204.109.13.7_ia"> <nvpair id="ip_204.109.13.7_ip" name="ip" value="204.109.13.7"/> <nvpair id="ip_204.109.13.7_nm" name="cidr_netmask" value="32"/> <nvpair id="ip_204.109.13.7_nic" name="nic" value="eth70"/> </instance_attributes> <operations> <op id="ip_204.109.13.7_op_start" interval="0" name="start" timeout="30s"/> <op id="ip_204.109.13.7_op_stop" interval="0" name="stop" timeout="90s"/> <op id="ip_204.109.13.7_op_monitor" interval="61s" name="monitor" timeout="30s"/> </operations> </primitive> </group>

  91. XmHELL <group description="Braintree Webapp" id="webapp_group"> <primitive class="ocf" id="ipvs_webapp" provider="braintree" type="ocf_big_brother">

    <instance_attributes id="ipvs_webapp_ia"> <nvpair id="ipvs_monitor_webapp_cluster" name="cluster" value="webapp"/> </instance_attributes> <operations> <op id="ipvs_webapp_op_start" interval="0" name="start" timeout="20s"/> <op id="ipvs_webapp_op_stop" interval="0" name="stop" timeout="40s"/> <op id="ipvs_webapp_op_monitor" interval="61s" name="monitor" timeout="30s"/> </operations> </primitive> <primitive class="ocf" id="ip_204.109.13.7" provider="heartbeat" type="IPaddr2"> <instance_attributes id="ip_204.109.13.7_ia"> <nvpair id="ip_204.109.13.7_ip" name="ip" value="204.109.13.7"/> <nvpair id="ip_204.109.13.7_nm" name="cidr_netmask" value="32"/> <nvpair id="ip_204.109.13.7_nic" name="nic" value="eth70"/> </instance_attributes> <operations> <op id="ip_204.109.13.7_op_start" interval="0" name="start" timeout="30s"/> <op id="ip_204.109.13.7_op_stop" interval="0" name="stop" timeout="90s"/> <op id="ip_204.109.13.7_op_monitor" interval="61s" name="monitor" timeout="30s"/> </operations> </primitive> </group>

  92. puppetize! node "load1" { pacemaker::ipvs_resource { "webapp": description => "Braintree

    Webapp", supervisor_id => "webapp", ip_resources => [ { 'address' => '204.109.13.7', 'nic' => 'eth10' } ] } }

  93. 201 Created 204.109.13.7 load02 10.0.0.1 100 10.0.0.2 100 ... 10.0.0.{N}

    {W} POST /transactions 201 Created big_brother 92 load01 load03 204.109.13.100 app01 10.0.0.1 app02 app{N} litmus_paper 100 litmus_paper litmus_paper 92 55

  94. 204.109.13.100 app01 204.109.13.7 load02 10.0.0.1 100 10.0.0.2 100 ... 10.0.0.{N}

    {W} POST /transactions 10.0.0.1 201 Created app02 app{N} litmus_paper litmus_paper litmus_paper 100 92 55 big_brother 92 load01 load03 201 Created

  95. lots of simple pieces

  96. today what we value what we choose what we build

  97. we have interesting jobs ™

  98. None