23
What Building Multiple Scalable DC/OS Deployments Taught Me about Running Stateful Services on DC/OS Nathan Shimek - VP of Client Solutions at New Context Dinesh Israin – Senior Software Engineer at Portworx

MesosCon Stateful Services

  • Upload
    others

  • View
    4

  • Download
    0

Embed Size (px)

Citation preview

Page 1: MesosCon Stateful Services

What Building Multiple Scalable DC/OS Deployments Taught Me about Running Stateful Services on DC/OSNathan Shimek - VP of Client Solutions at New ContextDinesh Israin – Senior Software Engineer at Portworx

Page 2: MesosCon Stateful Services

Challenge Domains

Page 3: MesosCon Stateful Services

Challenge Domains

• Platform Availability– Build in Resiliency– Monitoring and Metrics– Testing– Limit the Blast Radius

• Within the Cluster– Platform Security– Isolation– Maintenance

Page 4: MesosCon Stateful Services

Challenge Domains

• Outside the Cluster– Routing– Load Balancing– Service Discovery

• Organizational– Adoption and User Experience– Rules and Controls– Training– Fostering the Right Skillsets

Page 5: MesosCon Stateful Services

Platform Availability

Page 6: MesosCon Stateful Services

Platform Availability, or Lack Thereof• There are lots of ways to negatively impact availability

(this isn’t comprehensive by any means)– Host failure – Zone outage– Loss of subnet connectivity / Network segmentation– Failed volume– Loss of storage connectivity– Storage driver failure– Runaway application– Unresponsive tasks– Orphaned tasks– Runaway job/app launching– Unresponsive app/job scheduler– Escaped bugs

Page 7: MesosCon Stateful Services

Addressing Platform Availability

• Build in Resiliency – Go for HA right off the bat

• Multi-Master, Multi-Zone, separate subnets– Scalable architecture informs other automation

and tool choices• Platform is more resilient and availability leads to

adoption and happy users– Automated cluster build / re-build

Page 8: MesosCon Stateful Services

Addressing Platform Availability

• Resiliency continued– Ability to add and remove masters and

workers independently and easily• Operators should be safe in terminating at least one

node at a time– Execute a single command to recreate any

missing nodes• Newly created workers and masters should initialize

and join the cluster with no additional human intervention

Page 9: MesosCon Stateful Services

Addressing Platform Availability

• Test fault recovery features– Cause real world outages – In a production like environment

• Monitor for failure scenarios– Aligned with failure scenarios

• Infrastructure is multi-disciplinary, DC/OS is no exception

Page 10: MesosCon Stateful Services

Addressing Platform Availability

• Limit the blast radius– Isolation

• User applications from each other• Platform services from users• Platform services from each other

– Effective controls to enforce isolation• Be especially careful with inter-service

dependencies

Page 11: MesosCon Stateful Services

Within the Cluster

Page 12: MesosCon Stateful Services

Within the Cluster

• Platform Security– All of this is new so attacks are evolving rapidly– Engage the security team– Areas to Review:

• Marathon app and metronome job config• Privilege escalations• Sandbox escapes• Docker file

Page 13: MesosCon Stateful Services

Within the Cluster

• Isolation– Limit damage users can cause to each other– Also limit damage users can cause to platform

services– Isolate platform services from each other to

avoid cascading failures

Page 14: MesosCon Stateful Services

Within the Cluster

• Maintenance– Remember how you started with an HA

deployment? If you didn’t, now is the time to frown.

– Metrics and monitoring should detect these situations

– Alerts and pre-built workplans are necessary– Automated clean up jobs are ideal

Page 15: MesosCon Stateful Services

Outside the Cluster

Page 16: MesosCon Stateful Services

Outside the Cluster

• Routing– Cross-app reverse proxies

• Public agents pre-populated with shared proxies • Public agents auto-scaled to maintain space for

spikes• Some high-traffic apps may still need their own

– External Port Management• In addition to IPAM, some means of managing ports

on external load balancers may be necessary

Page 17: MesosCon Stateful Services

Outside the Cluster

• Service Discovery and Load Balancing– Synchronization with app events– Tune DNS cache times / service discovering

polling interval• Several common tools available for this

including:– mesosphere/marathon-lb– containous/traefik– gliderlabs/registrator– AVI Vantage

Page 18: MesosCon Stateful Services

Organizational

Page 19: MesosCon Stateful Services

Organizational

• Adoption and User Experience– Treat dev like prod– Devs are first users– Integrations make or break the experience

Page 20: MesosCon Stateful Services

Organizational

• Training– Formal training– Find experienced advocates– Developer training is a must

Page 21: MesosCon Stateful Services

Organizational

• Fostering the Right Skillsets– Pairing with experienced engineers– Operations playground– Fail fast and fail often– Hack days

Page 22: MesosCon Stateful Services

Organizational

• Rules and Controls– Fundamentally a shared resource– Beta user program– Organizational controls and ground rules

Page 23: MesosCon Stateful Services

Devoxx London 2017 - Rethinking Services With Stateful Streams

Devoxx London 2017 - Rethinking Services With Stateful Streams

Technology
Slingshot: Deploying Stateful Services in Wireless Hotspots Ya-Yunn Su Jason Flinn University of Michigan

Slingshot: Deploying Stateful Services in Wireless Hotspots Ya-Yunn Su Jason Flinn University of Michigan

Documents
Cisco Adaptive Security Appliances Security Target · For firewall services, the ASA 5500 Series provides application-aware stateful packet filtering firewalls. A stateful packet

Cisco Adaptive Security Appliances Security Target · For firewall services, the ASA 5500 Series provides application-aware stateful packet filtering firewalls. A stateful packet

Documents
Stateful Functions @ BOSS

Stateful Functions @ BOSS

Documents
EMC World 2016 - code.16 Running Stateful Services on Cloud Native Platforms with Mesos

EMC World 2016 - code.16 Running Stateful Services on Cloud Native Platforms with Mesos

Technology
mesoscon uber

mesoscon uber

Documents
Event Driven Services Part 3: Putting the Micro into Microservices with Stateful Stream Processing

Event Driven Services Part 3: Putting the Micro into Microservices with Stateful Stream Processing

Technology
Running stateful services in containers - ContainerDays Boston 2016

Running stateful services in containers - ContainerDays Boston 2016

Technology
SNAP: Stateful Network-Wide Abstractions for Packet Processingarashloo/SNAP-SIGCOMM16.pdf · SNAP: Stateful Network-Wide Abstractions for Packet Processing ... stateful operations

SNAP: Stateful Network-Wide Abstractions for Packet Processingarashloo/SNAP-SIGCOMM16.pdf · SNAP: Stateful Network-Wide Abstractions for Packet Processing ... stateful operations

Documents
Stateful(beans( - UniTrento

Stateful(beans( - UniTrento

Documents
Apache Flink and More @ MesosCon Asia 2017

Apache Flink and More @ MesosCon Asia 2017

Technology
Building Event Driven Services with Stateful Streams

Building Event Driven Services with Stateful Streams

Technology
Cisco ASA with FirePOWER Services Data Sheet · class stateful firewall. Cisco ASA with FirePOWER Services features these comprehensive capabilities:

Cisco ASA with FirePOWER Services Data Sheet · class stateful firewall. Cisco ASA with FirePOWER Services features these comprehensive capabilities:

Documents
Stateful Data Delivery

Stateful Data Delivery

Documents
D2W Stateful Controllers

D2W Stateful Controllers

Technology
JEE on DC/OS - MesosCon Europe

JEE on DC/OS - MesosCon Europe

Data & Analytics
MesosCon 2016: Frameworks in Harmony

MesosCon 2016: Frameworks in Harmony

Software
Microsoft brand templateazurebootcampdk.com/presentations/Bootcamp Cloud Patterns.pdf · Presentation services Stateful services Stateless services with related databases Model/Database

Microsoft brand templateazurebootcampdk.com/presentations/Bootcamp Cloud Patterns.pdf · Presentation services Stateful services Stateless services with related databases Model/Database

Documents
2015 FOSDEM - OVS Stateful Services

2015 FOSDEM - OVS Stateful Services

Technology
Stateful Breakpoints - Bodden

Stateful Breakpoints - Bodden

Documents
Slingshot: Deploying Stateful Services in Wireless Hotspots

Slingshot: Deploying Stateful Services in Wireless Hotspots

Documents
#MesosCon 2014: Spark on Mesos

#MesosCon 2014: Spark on Mesos

Technology
DockerCon EU 2015: Persistent, stateful services with docker cluster, namespaces and docker volume magic

DockerCon EU 2015: Persistent, stateful services with docker cluster, namespaces and docker volume magic

Technology
Stateful Workflow Paper

Stateful Workflow Paper

Documents
MesosCon Asia Keynote: Replacing a Jet Engine Mid-flight

MesosCon Asia Keynote: Replacing a Jet Engine Mid-flight

Software
DC/OS Stateful Services on - Percona · 2018-04-27 · Why Stateful Services on DC/OS? Introduction to the DC/OS SDK Demo Deploying a Data Service on DC/OS Wrap-Up and Summary. 4

DC/OS Stateful Services on - Percona · 2018-04-27 · Why Stateful Services on DC/OS? Introduction to the DC/OS SDK Demo Deploying a Data Service on DC/OS Wrap-Up and Summary. 4

Documents
Modeling Stateful Resources with Web ServicesModeling Stateful Resources with Web Services 3 Resource approach to declaring and implementing the association between a Web service and

Modeling Stateful Resources with Web ServicesModeling Stateful Resources with Web Services 3 Resource approach to declaring and implementing the association between a Web service and

Documents
Windows Server & System Center Futures—Bring Azure to your ...marketing.netrixllc.com/acton/attachment/29364/f... · presentation services stateless services. ... Stateful Services

Windows Server & System Center Futures—Bring Azure to your ...marketing.netrixllc.com/acton/attachment/29364/f... · presentation services stateless services. ... Stateful Services

Documents
Actor-Oriented Database Systems...Stateful Object-Oriented Applications Interactive services are built as a stateful, object-oriented middle tier Multi-player games, IoT, social networking,

Actor-Oriented Database Systems...Stateful Object-Oriented Applications Interactive services are built as a stateful, object-oriented middle tier Multi-player games, IoT, social networking,

Documents
Setting up pfSense as a Stateful Bridging Firewall. Contentsusers.ox.ac.uk/~clas0415/...pfSense-as-a-Stateful-Bridging-Firewall... · Setting up pfSense as a Stateful Bridging Firewall

Setting up pfSense as a Stateful Bridging Firewall. Contentsusers.ox.ac.uk/~clas0415/...pfSense-as-a-Stateful-Bridging-Firewall... · Setting up pfSense as a Stateful Bridging Firewall

Documents