© 2016 Mesosphere, Inc. All Rights Reserved. CONTAINER OPERATIONS
 FROM PETS TO CATTLE
 WITH DC/OS ON AZURE 1 Michael Hausenblas | 2016-05-18 | Docker Belgium & AZUG Belgium

© 2016 Mesosphere, Inc. All Rights Reserved. sys admin devops developer architect QA/Tester data scientist/engineer

© 2016 Mesosphere, Inc. All Rights Reserved. CONTAINERS 3

© 2016 Mesosphere, Inc. All Rights Reserved. CONTAINER ARTIFACTS LAYER DIAGRAM 4

© 2016 Mesosphere, Inc. All Rights Reserved. LINUX
 CONTAINERS 5 • Containers are not VMs • app-level dependency management • lightweight (startup time, footprint, average runtime) • isolation & security (kinda, getting better)

© 2016 Mesosphere, Inc. All Rights Reserved. LINUX
 CONTAINERS 6 • namespaces • Isolate PIDs between processes • Isolate process to network resources • Isolate the hostname to fake it out (UTS) • Isolate the filesystem mount points (chroot) • Isolate inter process communication (IPC) • Isolate specific users to specific processes • cgroups
 https://sysadmincasts.com/episodes/14-introduction-to-linux-control-groups-cgroups

© 2016 Mesosphere, Inc. All Rights Reserved. TIME FOR A NEW KIND OF OPERATING SYSTEM 7

© 2016 Mesosphere, Inc. All Rights Reserved. SINGLE MACHINE APPLICATION 8 hardware OS app

© 2016 Mesosphere, Inc. All Rights Reserved. DISTRIBUTED APPLICATION 9 hardware OS app hardware OS hardware OS hardware OS hardware OS hardware OS hardware OS

© 2016 Mesosphere, Inc. All Rights Reserved. DISTRIBUTED OS + DISTRIBUTED APP 10 hardware OS app hardware OS hardware OS hardware OS hardware OS hardware OS hardware OS distributed OS

© 2016 Mesosphere, Inc. All Rights Reserved. LOCAL OS
 VS.
 DISTRIBUTED OS 11

© 2016 Mesosphere, Inc. All Rights Reserved. MEET THE DATACENTER OPERATING SYSTEM 12

© 2016 Mesosphere, Inc. All Rights Reserved. DC/OS ARCHITECTURE 13

© 2016 Mesosphere, Inc. 14 https://dcos.io

© 2016 Mesosphere, Inc. 15 https://dcos.io

© 2016 Mesosphere, Inc. All Rights Reserved. DC/OS BENEFITS 16 • One cluster for • stateless services such as Web servers & app servers (via Marathon) • stateful services like PostgreSQL, MemSQL, Kafka, Cassandra, etc. • elastic data processing via Spark, Akka, etc. • CI/CD, for example Jenkins+Marathon • Dynamic partitioning of your cluster, depending on your needs • Increased utilization (10% → 80%+)

© 2016 Mesosphere, Inc. All Rights Reserved. 17

© 2016 Mesosphere, Inc. All Rights Reserved. 18

© 2016 Mesosphere, Inc. All Rights Reserved. QUICK INTERLUDE: APACHE MESOS & MARATHON 19

© 2016 Mesosphere, Inc. All Rights Reserved. APACHE MESOS 20 • A top-level ASF project • A cluster resource negotiator • Scalable to 10,000s of nodes but also useful for a handful of nodes • Fault-tolerant, battle-tested • An SDK for distributed apps • Native Docker support mesos.apache.org

© 2016 Mesosphere, Inc. All Rights Reserved. MESOS
 ARCHITECTURE 21 http://mesos.berkeley.edu/mesos_tech_report.pdf Marathon
 scheduler Spark
 scheduler Spark
 executor Marathon
 executor Spark
 executor Marathon
 executor Mesos Agent Mesos Agent Mesos Agent Mesos
 Master Standby
 Master Standby
 Master Framework

© 2016 Mesosphere, Inc. All Rights Reserved. RESOURCES 22 • resource: anything a task consumes to do its work • standard resources: cpu
 mem
 disk
 ports • Dominant Resource Fairness (DRF) algorithm guarantees fair allocation across resource types

© 2016 Mesosphere, Inc. All Rights Reserved. MARATHON 23 The DC/OS 'init system' • starts instances of a long-running services • restarts the instances if they crash • provides composition primitives • supports health checks • supports rolling upgrades

© 2016 Mesosphere, Inc. All Rights Reserved. MARATHON
 GROUPS 24 • Groups can contain one or more apps/groups • Dependency management • Scaling https://mesosphere.com/blog/2015/06/21/web-application-analytics-using-docker-and-marathon/

© 2016 Mesosphere, Inc. All Rights Reserved. MARATHON
 APP SPEC 25 { "id": "/webserver", "instances": 5, "cpus": 0.1, "mem": 128, "container": { "type": "DOCKER", "docker": { "image": "nginx:1.9.14", "network": "BRIDGE", "portMappings": [ { "containerPort": 80, "hostPort": 0 } ] } }, "upgradeStrategy": { "minimumHealthCapacity": 0.9 }, "acceptedResourceRoles": [ "slave_public" ] }

© 2016 Mesosphere, Inc. All Rights Reserved. MARATHON UI/UX 26

© 2015 Mesosphere, Inc. All Rights Reserved. CONTAINER OPERATIONS CI/CD PIPELINES, LOAD BALANCING & DEPLOYMENT STRATEGIES 27

© 2016 Mesosphere, Inc. All Rights Reserved. APPOPS
 LIFE CYCLE 28

© 2016 Mesosphere, Inc. All Rights Reserved. CI/CD PIPELINES 29

© 2016 Mesosphere, Inc. All Rights Reserved. CI/CD PIPELINES 30 https://github.com/mesosphere/training/tree/master/dcos-bootcamp-04-2016/ci-cd

© 2016 Mesosphere, Inc. All Rights Reserved. DC/OS SERVICE DISCOVERY 31 DNS-based easy to integrate SRV records no health checks TTL Proxy-based no port conflicts fast failover no UDP management of VIPs (Minuteman) or service ports (Marathon-lb) Application-aware developer fully in control and full-feature implementation effort requires distributed state management (ZK, etcd or Consul) examples:
 Mesos-DNS,Consul examples:
 Minuteman, Marathon-lb examples:
 Roll-your-own, Finagle

© 2016 Mesosphere, Inc. All Rights Reserved. LOAD BALANCING TERMINOLOGY 32 rolling deployment bring up N instances of new app & terminate N instances of old app until all old instances are gone goal: minimize capacity requirements blue-green deployment launch a new stack and switch traffic from old to new when the new instances are healthy goal: minimize impact of regressions, friction, delays, and allow easy rollbacks canary deployment bring up a new stack, start by routing a small portion of traffic to the new app, and slowly increase goal: test production traffic slowly & safely

© 2016 Mesosphere, Inc. All Rights Reserved. DC/OS LOAD BALANCING 33 • Cluster-internal: Minuteman, a L4 distributed LB, usage via VIP in Marathon • Internal or edge: Marathon-lb, dynamically updates HAProxy, usage via package+service ports in Marathon • External, for example Azure's offerings

© 2016 Mesosphere, Inc. All Rights Reserved. DEPLOYMENT STRATEGIES 34 • Based on health checks • Policy via • minimumHealthCapacity float value between 0—1, specifies % of app instances to maintain healthy while performing deployment • maximumOverCapacity float value between 0 — 1, specifies the maximum % of instances that can be over capacity during deployment

© 2015 Mesosphere, Inc. All Rights Reserved. HOW ABOUT SOME LOAD TESTING? 35

© 2015 Mesosphere, Inc. Hands-on … 36

© 2015 Mesosphere, Inc. All Rights Reserved. LEARNING RESOURCES 37

© 2016 Mesosphere, Inc. All Rights Reserved. 38 WHERE CAN
 I LEARN MORE? http://shop.oreilly.com/product/9781939902184.do 38 http://shop.oreilly.com/product/0636920035671.do

© 2016 Mesosphere, Inc. All Rights Reserved. 39 WHERE CAN
 I LEARN MORE? 39 https://www.nginx.com/resources/library/docker-networking/

© 2016 Mesosphere, Inc. All Rights Reserved. 40 WHERE CAN
 I LEARN MORE? http://shop.oreilly.com/product/0636920039952.do https://manning.com/books/mesos-in-action 40

© 2016 Mesosphere, Inc. All Rights Reserved. Q & A 41 • @mhausenblas • mhausenblas.info • [email protected] https://dcos.io