Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Zero-downtime Postgres upgrades (PGDay UK edition)

Chris Sinjakli
July 04, 2017
Programming
0
130

Zero-downtime Postgres upgrades (PGDay UK edition)

At GoCardless, we use Postgres as the primary store for data that matters - records of merchants, customers and payments.

As a payments API, it's important to our users that we maintain a high level of uptime. At the same time, we believe that performing upgrades is an important reality of running software in production - databases included. Even the most stable software has critical bugs from time to time, and you have to deploy patches.

When it came to Postgres, we found ourselves caught between our desire to minimise downtime and our need to keep our software stack up-to-date. Postgres doesn't ship with all the machinery you need to do zero-downtime upgrades, so we knew we had work to do.

In the talk, we'll look at the problems faced when trying to upgrade Postgres without downtime, and explore our approach to building automation to upgrade Postgres without the apps noticing.

Chris Sinjakli

July 04, 2017
Tweet

More Decks by Chris Sinjakli

See All by Chris Sinjakli
Deconstructing an Abstraction to Reconstruct an Outage
sinjo
0
80
Making the Impossible Impossible: Improving Reliability by Preventing Classes of Problems
sinjo
0
64
Rewriting binary logs because your database broke
sinjo
0
58
The ups and downs of building a payments API
sinjo
1
98
Doing things the hard way
sinjo
1
130
Hiring SREs may be literally impossible
sinjo
1
88
Lessons Learned the Hard Way: Postgres in Production at GoCardless (PGConf US Edition)
sinjo
2
260
A million containers isn't cool
sinjo
0
74
Zero-downtime Postgres upgrades (DoxLon Edition)
sinjo
1
180

Other Decks in Programming

See All in Programming
Jetpack Compose の Side-effect を使いこなす / DroidKaigi 2023
star_zero
2
820
第1回 AWSとGitHub勉強会 - キックオフ -
ogiwarat
0
170
Ebitengine, community, and my dream
eihigh
0
140
Monorepo for Cloudflare Workers
peaceiris
0
100
RDRA, ICONIX, DDDの実践から得た学び
hsawaji
5
810
Unit of Workパターンで永続化とトランザクションを制御する
shimabox
7
1.6k
実践!Swift API Design Guidelinesに基づいた簡潔明瞭なAPIの作り方
jrsaruo
1
250
Migrating From Spring Boot 2 To Spring Boot 3 - What's Jakarta EE Got To Do with It?
ivargrimstad
0
650
Google Apps Scriptを使いこなさない方法
efbmzwyk999
0
130
ZennにみるCloudRunとBigQueryによるアプリケーション構築 / zenn-cloudrun-bigquery-serverless
wadayusuke
13
3.8k
Construindo APIs resilientes: práticas de versionamento e documentação
monicaribeiro
0
130
はじめてのPHPコマンドラインオプション〜PHP開発を今よりちょっと楽しくする〜
kotomin_m
2
110

Featured

See All Featured
Building Applications with DynamoDB
mza
87
5.2k
Building Effective Engineering Teams - LeadDev
addyosmani
21
960
We Have a Design System, Now What?
morganepeng
40
6.3k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
12
5.7k
Automating Front-end Workflow
addyosmani
1354
200k
Building a Scalable Design System with Sketch
lauravandoore
453
31k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
239
1.2M
Six Lessons from altMBA
skipperchong
17
2.6k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
33
8.6k
The Brand Is Dead. Long Live the Brand.
mthomps
48
5.1k
Building Flexible Design Systems
yeseniaperezcruz
317
36k
RailsConf 2023
tenderlove
0
240

Transcript

  1. Zero-downtime Postgres upgrades
    Restarting databases without the apps noticing
    @ChrisSinjo

    View Slide

  2. GOCARDLESS

    View Slide

  3. POST /cash/monies HTTP/1.1
    { amount: 100 }

    View Slide

  4. High per-request

    View Slide

  5. Uptime is

    View Slide

  6. View Slide

  7. Good durability guarantees

    View Slide

  8. Good durability guarantees
    Feature-cautious

    View Slide

  9. Good durability guarantees
    Feature-cautious
    Transactions are cool

    View Slide

  10. –Postgres
    “Speak to this one node.”

    View Slide

  11. Client
    Postgres

    View Slide

  12. Client
    Postgres
    Postgres
    Replication

    View Slide

  13. Client
    Postgres
    Postgres
    Replication

    View Slide

  14. Wake a human up

    View Slide

  15. Client
    Postgres
    Postgres
    Replication

    View Slide

  16. Client
    Postgres
    Postgres

    View Slide

  17. Client
    Postgres
    Postgres

    View Slide

  18. Client
    Postgres
    Postgres
    Replication

    View Slide

  19. Awful time-to-recovery
    Error-prone

    View Slide

  20. You gotta perform:
    - Many steps
    - In the right order
    - Perfectly

    View Slide

  21. Don’t make a
    tired
    SRE think

    View Slide

  22. Add automation

    View Slide

  23. Pacemaker
    A clustering tool

    View Slide

  24. Client
    Postgres
    Postgres
    Replication

    View Slide

  25. How do we know a
    node has failed?

    View Slide

  26. B
    A

    View Slide

  27. B
    A

    View Slide

  28. B
    A
    ? ?

    View Slide

  29. B
    A

    View Slide

  30. B
    A

    View Slide

  31. B
    A

    View Slide

  32. The system cannot
    progress safely

    View Slide

  33. Quorum

    View Slide

  34. A majority of nodes
    must be available

    View Slide

  35. n+1
    2
    ( )
    round
    up

    View Slide

  36. n+1
    2
    ⌈ ⌉

    View Slide

  37. Some numbers

    View Slide

  38. Nodes Quorum
    2 2

    View Slide

  39. Nodes Quorum
    2
    3
    2
    2

    View Slide

  40. Nodes Quorum
    2
    3
    4
    2
    2
    3

    View Slide

  41. Nodes Quorum
    2
    3
    4
    5
    2
    2
    3
    3

    View Slide

  42. B
    A

    View Slide

  43. B
    A
    C

    View Slide

  44. B
    A
    C

    View Slide

  45. B
    A
    C

    View Slide

  46. But…

    View Slide

  47. B
    A
    C

    View Slide

  48. B
    A
    C

    View Slide

  49. It gets
    complicated

    View Slide

  50. Jepsen
    https://aphyr.com/tags/jepsen

    View Slide

  51. https://aphyr.com/posts/317-jepsen-elasticsearch

    View Slide

  52. Client
    Postgres
    Postgres
    Replication

    View Slide

  53. Client
    Postgres
    Postgres
    Postgres
    Repl Repl

    View Slide

  54. Client
    Postgres
    Postgres
    Postgres Repl Repl
    Pacemaker Pacemaker Pacemaker

    View Slide

  55. Client
    Postgres
    Postgres
    Postgres Repl Repl
    Pacemaker Pacemaker Pacemaker
    VIP

    View Slide

  56. Client
    Postgres
    Postgres
    Postgres Repl Repl
    Pacemaker Pacemaker Pacemaker
    VIP

    View Slide

  57. Client
    Postgres
    Postgres
    Postgres
    Pacemaker Pacemaker Pacemaker
    VIP

    View Slide

  58. Postgres
    Postgres
    Postgres
    Repl
    Pacemaker Pacemaker Pacemaker
    Client
    VIP

    View Slide

  59. Postgres
    Postgres
    Postgres
    Repl
    Pacemaker Pacemaker Pacemaker
    Client
    VIP

    View Slide

  60. Postgres
    Postgres
    Postgres
    Repl
    Pacemaker Pacemaker Pacemaker
    Client
    VIP

    View Slide

  61. Client
    Postgres
    Postgres
    Postgres Repl
    Repl
    VIP
    Pacemaker Pacemaker Pacemaker

    View Slide

  62. $

    View Slide

  63. Seems hard,
    right?

    View Slide

  64. It kinda is

    View Slide

  65. You gotta know:
    - Postgres
    - Distributed systems
    - Pacemaker

    View Slide

  66. Get someone else
    to run it for you

    View Slide

  67. Client
    Postgres
    Postgres
    Postgres Repl Repl
    Pacemaker Pacemaker Pacemaker
    VIP

    View Slide

  68. Client
    Postgres
    Postgres
    Postgres
    Pacemaker Pacemaker Pacemaker
    VIP

    View Slide

  69. Client
    Postgres
    Postgres
    Postgres
    Pacemaker Pacemaker Pacemaker
    VIP

    View Slide

  70. Client
    Postgres
    Postgres
    Postgres
    Pacemaker Pacemaker Pacemaker
    VIP

    View Slide

  71. Every move means
    a connection reset

    View Slide

  72. Every move means
    dropped requests

    View Slide

  73. POST /cash/monies HTTP/1.1
    { amount: 100 }

    View Slide

  74. POST /cash/monies HTTP/1.1
    { amount: 100 }
    500 Internal Server Error

    View Slide

  75. What does this
    mean for upgrades?

    View Slide

  76. Client
    Postgres
    Postgres
    Postgres
    Pacemaker Pacemaker Pacemaker
    VIP

    View Slide

  77. Client
    Postgres
    Postgres
    Postgres
    Pacemaker Pacemaker Pacemaker
    9.4.9 9.4.9 9.4.9
    VIP

    View Slide

  78. Client
    Postgres
    Postgres
    Postgres
    Pacemaker Pacemaker Pacemaker
    9.4.9 9.4.9 9.4.9
    Repl Repl
    VIP

    View Slide

  79. Client
    Postgres
    Postgres
    Postgres
    Pacemaker Pacemaker Pacemaker
    9.4.10 9.4.9 9.4.10
    Repl Repl
    VIP

    View Slide

  80. Client
    Postgres
    Postgres
    Postgres Repl
    Repl
    VIP
    Pacemaker Pacemaker Pacemaker
    9.4.10 9.4.9 9.4.10

    View Slide

  81. Every upgrade means
    a connection reset

    View Slide

  82. Every upgrade means
    dropped requests

    View Slide

  83. POST /cash/monies HTTP/1.1
    { amount: 100 }
    500 Internal Server Error

    View Slide

  84. Solution:
    never upgrade

    View Slide

  85. View Slide

  86. Not upgrading is
    never
    an option

    View Slide

  87. Solution:
    never upgrade

    View Slide

  88. Solution:
    never upgrade

    View Slide

  89. Solution:
    ???

    View Slide

  90. 1thing
    missing

    View Slide

  91. Client
    Postgres
    Postgres
    Postgres
    Pacemaker Pacemaker Pacemaker
    VIP

    View Slide

  92. Client
    Postgres
    Postgres
    Postgres
    Pacemaker Pacemaker Pacemaker
    PgBouncer
    PgBouncer PgBouncer
    VIP

    View Slide

  93. Client
    Postgres
    Postgres
    Postgres
    Pacemaker Pacemaker Pacemaker
    PgBouncer
    PgBouncer PgBouncer
    VIP

    View Slide

  94. Client
    Postgres
    Postgres
    Postgres
    Pacemaker Pacemaker Pacemaker
    PgBouncer
    PgBouncer PgBouncer
    VIP
    VIP

    View Slide

  95. PgBouncer has
    This One Weird Trick™

    View Slide

  96. PAUSE;

    View Slide

  97. Client
    Postgres
    Postgres
    Postgres
    Pacemaker Pacemaker Pacemaker
    PgBouncer
    PgBouncer PgBouncer
    VIP
    VIP

    View Slide

  98. Client
    Postgres
    Postgres
    Postgres
    Pacemaker Pacemaker Pacemaker
    PgBouncer
    PgBouncer PgBouncer
    VIP
    VIP
    PAUSE;

    View Slide

  99. Client
    Postgres
    Postgres
    Postgres
    Pacemaker Pacemaker Pacemaker
    PgBouncer
    PgBouncer PgBouncer
    VIP
    PAUSE;
    VIP

    View Slide

  100. Client
    Postgres
    Postgres
    Postgres
    Pacemaker Pacemaker Pacemaker
    PgBouncer
    PgBouncer PgBouncer
    VIP
    PAUSE;
    VIP

    View Slide

  101. So what does this
    mean for upgrades?

    View Slide

  102. Client
    Postgres
    Postgres
    Postgres
    Pacemaker Pacemaker Pacemaker
    PgBouncer
    PgBouncer PgBouncer
    VIP
    VIP

    View Slide

  103. Client
    Postgres
    Postgres
    Postgres
    PgBouncer
    PgBouncer PgBouncer
    VIP
    VIP

    View Slide

  104. Client
    Postgres
    Postgres
    Postgres
    PgBouncer
    PgBouncer PgBouncer
    VIP
    VIP
    9.4.10 9.4.9 9.4.10

    View Slide

  105. Client
    Postgres
    Postgres
    Postgres
    PgBouncer
    PgBouncer PgBouncer
    VIP
    VIP
    9.4.10 9.4.9 9.4.10
    PAUSE;

    View Slide

  106. Client
    Postgres
    Postgres
    Postgres
    PgBouncer
    PgBouncer PgBouncer
    VIP
    9.4.10 9.4.9 9.4.10
    VIP
    PAUSE;

    View Slide

  107. Client
    Postgres
    Postgres
    Postgres
    PgBouncer
    PgBouncer PgBouncer
    VIP
    9.4.10 9.4.9 9.4.10
    VIP
    RESUME;

    View Slide

  108. Client
    Postgres
    Postgres
    Postgres
    PgBouncer
    PgBouncer PgBouncer
    VIP
    9.4.10 9.4.10 9.4.10
    VIP
    RESUME;

    View Slide

  109. $

    View Slide

  110. Caveats

    View Slide

  111. Minor versions

    View Slide

  112. 9.4.9 → 9.4.10

    View Slide

  113. pglogical

    View Slide

  114. Minor versions
    Long-running transactions

    View Slide

  115. while(running_queries):
    if(now > timeout):
    abandon_migration
    else:
    sleep(0.1)
    promote_new_primary

    View Slide

  116. Minor versions
    Long-running transactions
    Pause length

    View Slide

  117. 7-10s total

    View Slide

  118. $

    View Slide

  119. One more thing…
    (#sorrynotsorry)

    View Slide

  120. github.com/gocardless/our-postgresql-setup

    View Slide

  121. We’re hiring
    '❤
    @ChrisSinjo
    @GoCardlessEng

    View Slide

  122. Thank you
    '❤
    @ChrisSinjo
    @GoCardlessEng

    View Slide

  123. Questions?
    '❤
    @ChrisSinjo
    @GoCardlessEng

    View Slide