Upload
vannguyet
View
221
Download
1
Embed Size (px)
Citation preview
Running Java and Grails applications on Amazon EC2applications on Amazon EC2
Chris RichardsonAuthor of POJOs in Action
Founder of Cloud Tools and Cloud FoundryyChris Richardson Consulting, Inc
www.chrisrichardson.netwww.chrisrichardson.net
Overall presentation goalp g
Show how to useAmazon Elastic Compute CloudAmazon Elastic Compute Cloud
for developing and deploying Java applications
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 2
About ChrisAbout Chris• Grew up in England and live in Oakland, CA• Over 20+ years of software development
experience including 12 years of Javaexperience including 12 years of Java• Author of POJOs in Action• Speaker at JavaOne, SpringOne, NFJS,
JavaPolis, Spring Experience, etc.• Chair of the eBIG Java SIG in Oakland • Chair of the eBIG Java SIG in Oakland
(www.ebig.org)• Run the Groovy/Grails meetup
(http://java.meetup.com/161)• Run a consulting and training company that u a co su t g a d t a g co pa y t at
helps organizations reduce development costs and increase effectiveness
• Founder of Cloud Tools, an open-source project for deploying Java applications on Amazon EC2: http://code google com/p/cloudtoolshttp://code.google.com/p/cloudtools
• Founder of a startup that provides outsourced, automated, and Java-centric datacenter management on the cloud: www.cloudfoundry.comy
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 3
About You
BackgroundBackgroundPrior experienceExpectations
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 4
Agendag
Amazon-style cloud computingAWS deep-diveUsing Amazon EC2gOverview of Cloud ToolsDeveloping on Amazon EC2Developing on Amazon EC2Deploying on Amazon EC2Programming with AWSProgramming with AWS
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 5
Computing has come a long wayp g g y
Past PresentPresent
www.computermuseum.org.uk
www.dell.com
Yet we rarely have enough hardware
de co
y g
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 6
Typical web applicationyp pp
Can we afford the production hardware? Do we know how much to buy?How long does it take to buy and install?Who is going to set it up?
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 7
Who is going to set it up?Can we afford a test lab?
Cloud computingp g
A pool of highly scalable, abstracted A pool of highly scalable, abstracted infrastructure that hosts your application, and is billed by
consumptionpBy James Staten of Forrester Research
AND is managed via a web services API
me
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 8
Amazon-Style Cloud Computingy p g
Si l Q S i Si l DBSimple Queue Service (SQS)
Simple DB(name/attribute pairs)
Pay per Elastic Compute Cloud
(EC2)use
services d
( )
Simple Storage Service(S3) Elastic Block Store managed
by Amazon
(S3)
CloudFront
Elastic Block Store(EBS - SAN)
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 10
Amazon(content delivery)
What is Amazon EC2?
Virtualized computing environmentServer instances managed through a web service APIRuns Linux Windows and SolarisRuns Linux, Windows and Solaris
https://ec2.amazonaws.com/?Action=RunInstances&ImageId=ami-398438493
<RunInstancesResponse>…
&MaxCount=3&MinCount=3
k
</RunInstancesResponse>
cer@arrakis ~$ ssh … [email protected] login: Sun Dec 30 18:54:43 2007 from 71.131.29.181[root@domU-12-31-36-00-38-23:~]
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 11
EC2 Pricingg
Pay by the hourLinux: $0.10-0.80/hourWindows: $0.125-$3.20/hour
External bandwidth:$0.10-0.18/Gbyte
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 12
Elastic Block Storageg
Mountable storage volumes"O d d SAN""On-demand SAN"Size: 1 GB to 1 TBMount on a single instanceMount on a single instance
Create snapshotsStored in S3Stored in S3Create new volumes from the snapshot
Cost:Cost:$0.10/GByte/month$0.10 per 1 million I/O requests$ p q
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 13
What is the Amazon Simple Storage Service (S3)?g ( )
Flat storage model consisting of buckets and objectsj
Bucket – has a name and contains objectsObjects – has a key, stores 1 byte - 5GObject key can look like a path ☺
Cost:$0.15/GB-Month$0.10-0.18/GB of data transferred$ $ / b ll$0.00001-$0.000001/Web Service callData transfers between EC2 and S3 are free of bandwidth charges
Accessed via RESTful APIAccessed via RESTful APIPUT – create bucket or objectGET – retrieve objectDELETE – delete an objectDELETE delete an object
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 14
Web application on Amazon EC2pp
W b B
HTTP(S)
Tomcat Server(instance 2)
MySQLDB (Slave)(instance 5)
Web Browser Apache Server(instance 1)
MySQLDB (Master)(instance 4)
Tomcat Server(instance 3)
MySQLDB (Slave)(instance 6)
EBS Volume
6 instances = $0.60/hour = $432/month
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 15
S3
6 instances $0.60/hour $432/month3 instances = $0.30/hour = $216/month( + storage and bandwidth costs)
Using AWS in your applicationg y pp
S3 - Store media etc in S3SQS - messaging between loosely coupled componentsSimpleDB – alternative to RDBMSCloudFront – to distribute contentUsing these APIs
Couples your application to AWSCouples your application to AWSBut using them is optional
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 16
So what does this mean?
For developersI di Immediate access to many serversSimplified setupGreat for testingGreat for testing
For deploymentFaster time to marketFaster time to marketEliminates capital expensesNo long-term commitmentsgReduces risk of success catastropheSomeone else takes care of the muck
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 17
Example – moretasteleague.com p g
Grails applicationGrails applicationShort-term marketing marketing campaign siteFluctuating loadFluctuating load
Sat/Sun 4 serversMon-Fri 1 serverMon Fri 1 server
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 18
Agendag
Amazon-style cloud computingAWS deep-diveUsing Amazon EC2gOverview of Cloud ToolsDeveloping on Amazon EC2Developing on Amazon EC2Deploying on Amazon EC2Programming with AWSProgramming with AWS
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 19
These are web service
Choices:SOAPREST or REST-like API (a.k.a. Query API)
Th t t d d d tThese are not your standard data-provider Web Services They allow software to manage They allow software to manage hardware resources
ServersServersStorage…
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 20
Example: Launching instances using AWSg
<RunInstancesResponse><reservationId>r-60907709</reservationId><ownerId>556666664445</ownerId><ownerId>556666664445</ownerId>…<instancesSet>
<item><instanceId>i-4ef21327</instanceId><imageId>ami-3795705e</imageId><instanceState>
<code>0</code><name>pending</name>
</instanceState>
https://ec2.amazonaws.com?Action=RunInstances&ImageId=ami-3795705e </instanceState>
<placement><availabilityZone>us-east-1b</availabilityZone>
</placement><dnsName/>
/
&MaxCount=1&MinCount=1…
<reason/><keyName>gsg-keypair</keyName><amiLaunchIndex>0</amiLaunchIndex>
</item></instancesSet>
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 21
/</RunInstancesResponse>
Using the Query APIg Q yhttps://ec2.amazonaws.com/?queryparametershttps://<region> ec2 amazonaws com/?queryphttps://<region>.ec2.amazonaws.com/?queryparameters...Mandatory parameters:
Action what to doAction – what to doAWSAccessKeyId – your access idVersion – API versionTimestamp when request was madeTimestamp – when request was madeExpires – when it expiresSignature – digest of parameters and secret key Si t V i t t 1 (d t d) 2SignatureVersion – set to 1 (deprecated) or 2
Other parameters depend on ActionReturns an XML document
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 22
Agendag
Amazon-style cloud computingAWS d diAWS deep-dive
Using EC2Using S3Using S3Using CloudFront
Using Amazon EC2gOverview of Cloud ToolsDeveloping on Amazon EC2Deploying on Amazon EC2Programming with AWS
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 24
Instance typesyp
Virtual Compute 32/ Memory Storage $/hrCores
pUnits /core*
/64Bit
y g $/
Small 1 1 32 bit 1.7G 160G 0.10
High-CPUMedium
2 2.5 32 bit 1.7G 350G 0.20
Large 2 2 64 bit 7.5G 850G 0.40
Extra Large
4 2 64 bit 15G 1690G 0.80Large
High-CPU XL
8 2.5 64 bit 7G 1690G 0.80
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 25
* EC2 Compute Unit = 1.0-1.2 GHz 2007 Opteron or 2007 Xeon processor
Operating systemsp g y
Use Amazon provided Machine Image (AMI)32/64-bit Fedora Core 4/6/832/64 bit Fedora Core 4/6/8Windows Server 2003 ($0.125-$2/hour)Optional SQL Server Standard ($1.10-3.20/hour)3.20/hour)
Many 3rd parties have public AMIsVarious Linux distributionsE g Redhat RightScaleE.g. Redhat, RightScale
Sun provides OpenSolarisBuild your own AMI:
Install applications starting with existing AMI and save new AMICreate an AMI from scratch
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 26
Example EC2 API operationsp p
Operation Parameters XML documentp
RunInstances AMI, #instances instanceIds
DescribeInstances InstanceId.n(optional)
statednsNames
GetConsoleOutput instanceId Console output
RebootInstances InstanceId.n
TerminateInstances InstanceId.n
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 27
RunInstances
ParametersI Id id f th AMI t l hImageId – id of the AMI to launchMinCount – mininum number of instancesMaxCount – maxium number of instancesMaxCount maxium number of instancesInstanceType – small, large, xlarge…KeyName – keypair nameUserData – unstructured data…
Response:Response:InstanceIds…
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 28
About Key PairsyKey pair is a named private key/public key pair associated with your accountyNot to be confused with the private key/certificate used to authenticationLaunching an instance: specify the keyPair nameg p y yUsing ssh: specify "-i privatekeyfile"Management API:
CreateKeyPair(name) -> PrivateKeya y a ( a ) a yDescribeKeyPairsDeleteKeyPair
Don'tLose the private key fileForget to specify key name when launching
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 29
DescribeInstances
DescribeInstances parameters:InstanceId n – id of instanceInstanceId.n id of instance
Response:imageIdinstanceIdinstanceIdinstanceState:
pendingrunningrunningshutting-downterminated
When instanceState == running:When instanceState == running:dnsNameprivateDnsName
…
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 30
Instance IP AddressesPublic IP address
Implemented using NATUse when outside of EC2You can use internally but you pay!
Internal IP addressAllocated using DHCPAllocated using DHCPNon-routable, only within EC2
Public DNSOutside: resolves to public IP addresspInside: resolves to private IP address
Private DNSInside: resolves to private IP addressO t id d t lOutside: does not resolve
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 31
Usage modelg
RunInstancesPeriodically call DescribeInstancesWhen state ==runningg
DescribeInstances returns public/private dnsNames
…TerminateInstances
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 32
Elastic IP addresses
Instance IP addresses are dynamically allocated on start-upallocated on start up
Does not work well for publicly accessible services, e.g. a website
Elastic IP addresses:Elastic IP addresses:Statically allocated public IP addressesAssociated with your account (max. 5)Attached to an instance (e g public facing web Attached to an instance (e.g. public facing web server) = it's public IP addressYou configure DNS to resolve to the elastic IP address
Pricing:Non-attached Elastic IP address - $0.01/hour$0 10 per remap (if > 100 in a month)$0.10 per remap (if > 100 in a month)
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 33
Elastic IP address operationsp
Operation Parameters XML document
DescribeAddresses PublicIp.n (optional) List of IP addresses and associated instance idinstance id
AllocateAddress - Public IP address
Release Address Public Ip address -
AssociateAddress InstanceId Public IP AssociateAddress InstanceId, Public IP Address
-
DisasssociateAddress Public IP Address -DisasssociateAddress Public IP Address
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 34
Security Groupsy pNamed set of firewall rules associated with your accountAn instance
Belongs to one or more security groupsDefaults to “default” security groupg
Permits inbound trafficProtocol: tcp, udpRange of ports
?Action=RunInstances&SecurityGroup.1=g1&SecurityGroup.2=g2
From:Anywhere – specific port rangeAn IP address (range) – specific port rangeAnother group - all ports
Common usagePort 80 (http)/443 (https) – anywhere
When you first signup don’t forget to enable
ffPort 22 (ssh) – just from your location
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 35
SSH traffic
Security Group APIy p
Parameters XML document
CreateSecurityGroup GroupNameGroupDescription
DescribeSecurityGroups GroupName.n Lots of information
DeleteSecurityGroup GroupName
AuthorizeSecurityGroupI
GroupNamelIngress …rules…
RevokeSecurityGroupIngress
GroupNamerulesIngress …rules…
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 36
Regions and availability zonesg y
By default, your database By default, your database master and slave could run on the same physical host!Regions - geographically dispersed locations
us-east-1
eu-west-1p
Availability zone -engineered to be insulated from failure in other zonesSpecify availability zone
us-east-1a, eu-
west-1ap y ywhen launching instancesSLA with 99.95% availability with multiple availability zones
us-east-1b
west 1a
You pay for inter-zone network traffic us-east-
1c
eu-west-1b
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 37
Regions and Availability Zones APIg y
Operation Parameters XML document
DescribeRegions Region.n (optional) List of region names and urls
DescribeAvailabilityZones ZoneName n List of availability zones DescribeAvailabilityZones ZoneName.n List of availability zones and state
https://<region>.ec2.amazonaws.com?Action=RunInstances&Placement.AvailabilityZone=<availabilityZone>
https://ec2.amazonaws.com?Action=RunInstances&Placement AvailabilityZone <availabilityZone>
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 38
&Placement.AvailabilityZone=<availabilityZone>
Local instance storageg
/d / 1 ll 1 di 1 l 1 l l/dev/ m1.small c1.medium m1.large m1.xlarge c.xlarge
sda1 / / / / /
sda2 /mnt /mnt
sda3 swap swap swap swap swap
sdb /mnt /mnt /mnt
sdc avail avail avail
sdd avail avail
sde avail availsde avail avail
160G 350G 850G 1690G 1690GRoot partition = 10GFirst write to a location of drive initializes it ⇒ slower
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 39
First write to a location of drive initializes it ⇒ slower
But one minor thingg
Your local data is lost
If either, You terminate your instance y
or, the drive fails
Either very good or very bad
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 40
Elastic Block Storageg
Mountable storage volumes"O d d SAN""On-demand SAN"Size: 1 GB to 1 TBMount on a single instanceMount on a single instance
Create snapshotsStored in S3Stored in S3Create new volumes from the snapshot
Cost:Cost:$0.10/GByte/month$0.10 per 1 million I/O requests$ p q
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 41
Elastic block store operationspOperation Parameters XML document
CreateVolume Size, SnapshotId, volumeId, …, p ,Availability zone
,
DeleteVolume volumeId
DescribeVolumes VolumeId.n size, status, zone, DescribeVolumes VolumeId.n size, status, zone, attachment
AttachVolume VolumeId,InstanceId, Device
DetachVolume VolumeId,InstanceId, Device, Force
CreateSnapshot VolumeId snapshotId, status
DescribeSnapshots SnapshotId.n snapshotId, status, progress, ..
DeleteSnapshot SnapshotId
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 42
Using EBS Volumesg
kf f /d / dhmkfs.xfs /dev/sdhecho "/dev/sdh /vol xfs noatime 0 0" >> /etc/fstabmkdir /vol/mount /vol
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 43
Agendag
Amazon-style cloud computingAWS d diAWS deep-dive
Using EC2Using S3Using S3Using CloudFront
Using Amazon EC2gOverview of Cloud ToolsDeveloping on Amazon EC2Deploying on Amazon EC2Programming with AWS
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 44
What is the Amazon Simple Storage Service (S3)?g ( )
Flat storage model consisting of buckets and objectsand objectsBucket
has a name e g <AccessKey> <name>has a name, e.g. <AccessKey>.<name>contains objects
Objects jHas a key, e.g. mypicture.jpgStores 1 byte - 5G
Si l ti hi hi l fil tSimulating a hierarchical file-systemObject key can look like a path ☺presentations/february09/aws pptpresentations/february09/aws.ppt
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 45
Amazon S3 pricingp g
$0.18-0.12/GB-Month $0.10-0.17/GB of data transferred$0.00001-$0.000001/Web Service $ $ /callData transfers between EC2 and S3 are free of bandwidth charges
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 46
S3 REST API
PUT / HTTP/1.1Create a bucket
PUT /<ObjectName> HTTP/1 1
Host: <BucketName>.s3.amazonaws.com …
Create a bucket
PUT /<ObjectName> HTTP/1.1Host: <BucketName>.s3.amazonaws.com ……Bytes…
Create an item in a bucket
GET /<ObjectName> HTTP/1.1Host: <BucketName>.s3.amazonaws.com … Download an item
DELETE /<ObjectName> HTTP/1.1Host: <BucketName>.s3.amazonaws.com
Delete an item
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 47
… Delete an item
S3 REST API
PUT /<DestinationObjectName> HTTP/1.1Host: <DestinationBucket>.s3.amazonaws.comx-amz-copy-source: /<SourceBucket>/<SourceObject>
Copy an object
a opy sou / Sou u / Sou Obj…
Retrieve metadataHEAD /<ObjectName> HTTP/1.1Host: <BucketName>.s3.amazonaws.com …
GET ?params HTTP/1.1Host: <BucketName>.s3.amazonaws.com …
list contents of bucket
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 48
S3 Securityy
Authentication: access key id + digest with secret keyAuthentication: access key id + digest with secret keyBuckets and objects can be:
Public – accessible by anyonePrivate – accessible to owner, acl memberPrivate accessible to owner, acl member
ACL grants READ/WRITE/FULL_CONTROLManaging ACLs: GET/PUT to /bucket?acl or /bucket/object?acl
GET /<ObjectName> HTTP/1.1Host: <BucketName>.s3.amazonaws.com Authorization: AWS AWSAccessKeyId:Signature…
GET /<ObjectName>?AWSAccessKeyId=XX&Expires=XX&Signature=XX HTTP/1.1Host: <BucketName>.s3.amazonaws.com
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 49
…
Using EC2 and S3 togetherg g
AMIs are stored in S3EC2 instances use S3:
Use REST APIStore database snapshots in S3Use 3rd party Linux file system that stores data in S3EBS volume snapshots live in S3
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 50
Agendag
Amazon-style cloud computingAWS d diAWS deep-dive
Using EC2Using S3Using S3Using CloudFront
Using Amazon EC2gOverview of Cloud ToolsDeveloping on Amazon EC2Deploying on Amazon EC2Programming with AWS
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 51
Amazon CloudFront
Content delivery networkOriginal content stored in S3 bucketRegister publically accessible bucket
ith Cl dF t i d i with CloudFront ⇒ unique domain name (foo1234.cloudfront.net)Content accessed through that Content accessed through that domain name is delivered by geographically distributed edge geographically distributed edge servers
http:// foo1234.cloudfront.net/i/bar.jpg k / /b⇒ <BucketName>/i/bar.jpg
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 52
Cloud Front API
OperationsCreate DistributionList DistributionsGet Distribution InfoGet/Set Distribution ConfigurationDelete Distribution
Distributions can be enabled/disabled
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 53
Agendag
Amazon-style cloud computingAWS deep-diveUsing Amazon EC2gOverview of Cloud ToolsDeveloping on Amazon EC2Developing on Amazon EC2Deploying on Amazon EC2Programming with AWSProgramming with AWS
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 54
Signing up for Amazon Web Services
Login using your Login using your existing Amazon accountSelect the web services you want to services you want to useOnly takes a few minutesB t ti But can sometimes be confusing: various ids, keys, certificates etc
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 55
AWS Credentials etc
Account NumberAccess Key IdSecret Access KeyyX.509 Certificate:
Public key + Private KeyPublic key + Private Key
Authenticate using either:Access Key Id and Secret Access Key Access Key Id and Secret Access Key (REST/Query APIs)Certificate (SOAP APIs + AMI Creation)( )
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 56
EC2 API and ToolsSOAP and Query APIs
Launch and manage instances etcA id d CLI lAmazon provided CLI tools
CLI equivalents of APIsAMI creation tools
AWS CLI tools from Tim KayyCLI for S3 and EC2Alternatives to Amazon CLI tools
AWS ConsoleVery slickVery slick
ElasticFoxAwesome Firefox pluginLaunch and manage instances
S3 OrganizerS3 OrganizerFirefox pluginManipulate S3 buckets and objects
…
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 57
aws - simple access to EC2 and S3p
http://timkay com/aws/http://timkay.com/aws/Easy to use CLI for EC2 and S3Implemented in PerlpAuthenticates using access id and secret key stored in ~/.awssecret
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 58
ElasticFox– Firefox pluginp g
Supports multiple accounts which can be very useful
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 61
Creating your own imageg y g
Easier: Modify an existing AMIL h AMILaunch AMIConfigure: e.g. yum install …
Harder: Build one from scratchHarder: Build one from scratchLaunch AMICreate a file to contain OS installationCreate a file to contain OS installationMount as a loopback fileInstall OS: yum –-installrooty
Use AMI tools to bundle and upload to S3
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 63
Creating an AMIg
# locallyyscp pk-mine.pem root@myInstance:/mntscp cert-mine.pem root@myInstance:/mnt
# on instance# on instancecd /mntec2-bundle-vol -d /mnt -e /root/.ssh
-k pk-mine.pem -c cert-min.pem
Make sure you exclude directories
-u <myAccountId>
ec2-upload-bundle -m /mnt/image.manifest.xml-a <accessKeyId>
containing secrets
-a <accessKeyId>-s <secretKeyId>-b <bucketName>
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 64
# Use WS API: RegisterImage ⇒ AMI id
Agendag
Amazon-style cloud computingAWS deep diveUsing Amazon EC2gOverview of Cloud ToolsDeveloping on Amazon EC2Developing on Amazon EC2Deploying on Amazon EC2Programming with AWSProgramming with AWS
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 66
Deploying a web application on EC2p y g pp
HTTP(S)
Tomcat Server(instance 2)
MySQLDB (Slave)(instance 5)
Web Browser Apache Server(instance 1)
( )
MySQLDB (Master)(i t 4)
(instance 5)
Tomcat Server
(instance 4)
MySQLEBS Volume
Amazon EC2 is a great place to run Java applications You can deploy standard Java stacksN t k t i b t th t fi
(instance 3) DB (Slave)(instance 6)
EBS Volume
S3
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 67
Not rocket science but there are many servers to configure and files to upload
S3
What's Cloud Tools?
Open-source project32 and 64 bit AMIs32 and 64 bit AMIs
Cent OS 5.10Apache/Tomcat/MySQL/JMeter/JetS3t installedp y Q
EC2Deploy frameworkLaunches instancesConfigures Tomcat MySQL ApacheConfigures Tomcat, MySQL, ApacheDeploys web applicationsRuns Jmeter tests
•Quicker deployment
Written in Groovy
Maven and Grails pluginsQuick and easy deployment to EC2
•More accurate configuration
Quick and easy deployment to EC2
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 68
EC2Deploy frameworkp y
Provides a DSL for describing a cluster:N b f T t M SQL lNumber of Tomcats, MySQL slavesDatabase scriptsLocation of web applicationsLocation of web applications
Launches EC2 instancesConfigures MySQLg y QConfigures Tomcat and deploys web applicationsConfigures Apache to proxy the Tomcat serversRuns JMeter testsRuns JMeter tests
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 69
Extensible provisioning and management platformg p
Built using Domain Driven DesignMain extension points:
New IaaS clouds N i f t t t /New infrastructure components/servers
Implement interfaces or define subclassessubclasses
Define methods for deploy, start, stop, …Write the scripts Write the scripts
Recently added support for Spring dm server and eXo Portal Server
2/16/2009 Copyright (c) 2009. Chris Richardson Consulting Inc. Confidential 70
Example EC2Deploy Scriptp p y p
def ec2 = new EC2(…)
ClusterSpec clusterSpec = new ClusterSpec().tomcats(1).instanceType(EC2InstanceType.SMALL).slaves(1)
ebApp('/home/cer/ /ptrack' "ptrack").webApp('/home/cer/…/ptrack', "ptrack").catalinaOptsBuilder({optsBuilder, databaseHost, slaves ->
optsBuilder.arg("-Xmx500m")optsBuilder.prop("jdbc.db.server", databaseHost)})
.schema("ptrack", ["ptrack": "ptrack"], ["src/test/resources/testdml1.sql", [ s c/test/ esou ces/testd .sq ,"src/test/resources/testdml2.sql"])
SimpleCluster cluster = new SimpleCluster(ec2, clusterSpec)
cluster.start()
cluster.loadTest("/home/cer/…/jmeter/SimpleTest.jmx", [5, 10, 15])
cluster.stop()
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 71
Maven Pluging
<plugin><groupId>net chrisrichardson</groupId>
Goals:• deploy• redeploy
h<groupId>net.chrisrichardson</groupId><artifactId>cloudtools-maven-plugin</artifactId><configuration><schemaName>ptrack</schemaName><schemaUsers>
• createsnapshot• stop• dbsave• dbrestore• jmeter…<schemaUsers>
<param>ptrack:ptrack</param></schemaUsers><catalinaOptsBuilder>{builder, databasePrivateDnsName ->{ ,
builder.arg("-Xmx1000m")builder.prop("jdbc.db.server", databasePrivateDnsName)}
</catalinaOptsBuilder></configuration>
</plugin>
$ mvn cloudtools:deployCopyright (c) 2009 Chris Richardson. All rights reserved. Slide 72
$ mvn cloudtools:deploy
Grails Pluging
Packages E2Deploy as a Grails g p yframework pluginDeploys a Grails application to EC2Provides a large number of scripts
$ grails cloud-tools-deploy
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 73
Agendag
Amazon-style cloud computingAWS deep-diveUsing Amazon EC2gOverview of Cloud ToolsDeveloping on Amazon EC2Developing on Amazon EC2Deploying on Amazon EC2Programming with AWSProgramming with AWS
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 75
Collecting performance metricsg p
700070
4000
5000
6000
40
50
60
TPS
1000
2000
3000
10
20
30TPS
ART
R i 00
1 2 4 8 16 32 64Requires hardwareTime consuming
Measure transactions/second (TPS), average response time (ART), utilization, etc.
Multiple test runs with different loads, number of servers, etc.
Time consuming
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 76
Load testing with Cloud Toolsg
R JM t ith <performanceReport><cpus>1</cpus>
Runs JMeter with specified number of threads
p p<threads>10</threads><host><name>database</name><cpuUtil>3.2757014224403784</cpuUtil>
</host>threadsCollects machine utilization stats
<host><name>tomcat0</name><cpuUtil>94.32473318917411</cpuUtil>
</host><host><name>apache</name>
Generates reportsExecutes multiple t t
<name>apache</name><cpuUtil>0.12280614752518504</cpuUtil>
</host><host><name>jmeter</name><cpuUtil>7.033683910704496</cpuUtil>
test runs simultaneously
</host>…<duration>557.943</duration><tps>10.753786677133686</tps><art>916.6578333333</art>
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 77
</performanceReport>
mvn cloudtools:jmeter -Dcloudtools.thread.count=1,4,8
Other kinds of testingg
Testing failoverLaunch clusterTake down serversTest recovery scripts, e.g. MySQL slave->master
T ti d t b dTesting database upgradesLaunch clusterI ll h f d i dInstall snapshot of production dataApply database migration scriptV if th t it kVerify that it works
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 79
Functional testingg
Tests can be slow, e.g.Web testsDatabase intensive tests
Run tests in parallel on EC2Multiple test drivers, app servers, DBsRelatively cheap: >$75/hour developer vs. $0.10/hour machine
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 80
Building on a fresh machineg
Debug builds that fail because of a missing dependency
Maven dependencyManually installed 3rd party library
Build on a fresh EC2 instance Great for open-source projects
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 82
Agendag
Amazon-style cloud computingAWS deep-diveUsing Amazon EC2Overview of Cloud ToolsDeveloping on Amazon EC2Deploying on Amazon EC2
The basicsHandling securityHigh availability
Programming with AWSProgramming with AWSCopyright (c) 2009 Chris Richardson. All rights reserved. Slide 83
Deploying on Amazon EC2 –startups/small businessesp /
Some VCs require it Get up and running quicklyValidate your business idea without:y
Upfront costs Long-term financial commitmentg
Scale up/down with loadReduces the risk of a success Reduces the risk of a success catastrophe
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 84
Deploying on Amazon EC2 –enterprisesp
No need to wait for corporate ITIn some companies it can take 2 In some companies it can take 2 months to acquire hardwareRequires a long-term financial commitment upfront costscommitment, upfront costs
Use for short-term projects, e.g.Websites for marketing campaignsg p gNew York Times style projects
Use for applications that have fluctuating loads e g
Cloud Computing Survey: IT Leaders See Big Promise, Have Big Security Questions
fluctuating loads, e.g.heavily used once a week, once a month
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 85
www.cio.com/article/455832/Cloud_Computing_Survey_IT_Leaders_See_Big_Promise_Have_Big_Security_Questions
Issues with AWS
Security:Security:Lack of PCI complianceDiscomfort with sending customer data to a 3rd party
Technology:Not yet suitable for extremely large relational databasesLack of very large machines, Lack of very large machines, e.g. 64G memoryLack of multicast and multiple IP addresses
Financials:Financials:Cost of bandwidthSteady state costs > your own hardware
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 86
Lack of virtual IP addresses
One IP address for use in the cloud Using Elastic IP = $Handling active/standby failover is g / ydifficult:
E.g. Cannot migrate IP address of failed database to standby database
Have your own host namesUpdate /etc/hostsRun DNS server
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 87
No multicast for resource discoveryy
Prevents the use of standard clustered resource discovery
E.g. JGroups etc
Use a registry: DatabaseSimpleDBSecurity groups…
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 88
No hardware load balancingg
Coming in 2009Use software load balancer
ApacheHAProxy…
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 89
Cost issuesRunning larger servers 24 x 7 looks expensive (e.g. $560/month)( g $ / )
BUT when owning your own hardware
Lack of elasticityLong procurement timeMust buy for the estimated peak loadMust buy for the estimated peak loadMust buy redundant hardwareRisk of a success catastrophe
CostElectricity, cooling, spaceSystem administration costsManagement overhead
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 90
Starter website - $$
w w w .acm e.com
EC 2 Instance
E lastic IP A Low cost - $72/month
Elastic - load increases ⇒d i f i tApache
T om cat
expand in a few minutes
Available –instance crashes ⇒replace in a few minutes
M ySQ L
p
EB S V olum e
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 91
Higher capacity website - $$g p y $$
www acme com
Elastic IP
www.acme.com
Low cost - > ~$216/month (1 or more Tomcats, 0 or more Slaves)
Apache
Elastic - load changes ⇒ quickly expand/subtract Tomcats with no downtime
Tomcat Tomcat
Available –instance crashes ⇒replace in a few minutes
MySQL(Master)
EBS Volume
MySql (slave)
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 92
Highly available - $$$g y $$$
www.acme.com Higher cost - > ~$
Availability Zone A Availability Zone B
Elastic IP A Elastic IP B
Higher cost > $ 360/month (2 Apaches, 2 MySqls, 1 or more Tomcats, 0 or more Slaves)
El ti l d h
Apache Apache
Elastic - load changes ⇒quickly expand/subtract Tomcats with no downtime
Available – No SPOF, instance
TomcatTomcat Tomcat
Tomcat
,crashes ⇒ replace in a few minutes
MySQL(Master 1)
MySQL(Master 2)
EBS Volume EBS Volume
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 93
EBS Volume
Batch processing architecturep g
e g media transcodinge.g. media transcoding
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 94
Cloud burstingg
Host application on your own hardware Use AWS for short-term spikes
e.g. use EC2 instances with slave DBs to handle read-only requests
Periodic batch jobsE.g. content rendering/transformation
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 95
Easy upgradesy pg
Clone production environmentMake read-only or turn offSnapshot EBS volumes and create new
lvolumes
Apply upgrades to cloneTest cloneMove elastic IP addresses to cloneTerminate old instances once you are sure that everything works
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 96
Backing up your databaseg p y
mysqldump --add-drop-database --databases foo | gzip > backup.sql.gznow=`date +%d%m%y_%H%M`aws put $bucket/${object}_${now}.sql.gz backup.sql.gzaws copy $bucket/${object}_latest $bucket/${object}_${now}.sql.gz
FLUSH TABLES WITH READ LOCKSHOW MASTER STATUS
xfs_freeze -f /vol
# AWS WS: CreateSnapshot
xfs freeze -u /volxfs_freeze u /vol
UNLOCK TABLES
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 97
Agendag
Amazon-style cloud computingAWS deep-diveUsing Amazon EC2Overview of Cloud ToolsDeveloping on Amazon EC2Deploying on Amazon EC2
The basicsHandling securityHigh availability
Programming with AWSProgramming with AWSCopyright (c) 2009 Chris Richardson. All rights reserved. Slide 98
AWS Security Whitepapery p p
Good physical securityS3, SimpleDB and EBS is stored redundantlyA b d i i t i tl Access by sys. admins is strictly controlledNetwork security: DDoS prevention Network security: DDoS prevention etc.EC2:EC2:
Automatically wipes disksCannot sniff traffic for other instancesCannot sniff traffic for other instances
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 99
Security benefits of cloud computingp g
Leverages the world class security techniques as amazon.comUnlimited loggingAbility to test changes on a cloneClone servers and volumes for forensic analysis
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 100
Security concernsy
The standard concerns of any publically accessible serverDo you trust the vendor?What if someone subpoenas Amazon?Where is your data physically y p y ylocated?
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 101
The usual security best practicesy p
Turn off unused servicesFile ownership and permissionsDisabling password based ssh loging p gStandard Linux, Apache, Tomcat and MySQL best practicesy Q p
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 102
Network securityy
Use security groupsLimit SSH access to only your locationConsider encrypt network trafficypUse a software firewall (e.g. iptables) in addition to security groupsy g p
Security Group: Tomcat Servers are only accessible from Apache Serveriptables: Tomcat servers only allow port 22 and port 8009 (AJP)
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 103
Using security groupsg y g p
Grant permissions to either:IP address range and port rangeOther security group
Security group based permissions Benefit: add new servers without changing rulesDrawback: allows all ports
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 104
Storage securityg y
Amazon wipes disks so one customer cannot see another’s dataBut
You don’t know where it isAmazon could be subpoena’d
Consider encrypting dataEncrypted file systemsEncrypting sensitive data in DBEncrypting backups in S3
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 106
Agendag
Amazon-style cloud computingAWS deep-diveUsing Amazon EC2Overview of Cloud ToolsDeveloping on Amazon EC2Deploying on Amazon EC2
The basicsHandling securityHigh availability
Programming with AWSProgramming with AWSCopyright (c) 2009 Chris Richardson. All rights reserved. Slide 107
Deploying highly available applicationspp
AWS has had very well publicized outages
BUT…Is internal IT really any better?In reality: AWS is reliableyDon’t forget:
You are not responsible for the hardwareYou are not responsible for the hardwareInstance fails ⇒ Launch a new one in a few minutes
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 108
But once in a blue moonFrom: Amazon EC2 Notification [email protected]: Notice: Degraded Amazon EC2 InstanceTo: XXXXX@yahoo comTo: [email protected]: Friday, January 23, 2009, 5:54 AMHello,
We have noticed that one or more of your instances are running on a hostdegraded due to hardware failuredegraded due to hardware failure.
i-5e0b8b34
The risk of your instances failing is increased at this point. We cannotdetermine the health of any applications running on the instances. We recommendthat you launch replacement instances and start migrating to them.
Feel free to terminate the instances with the ec2-terminate-instance API whenyou are done with them.
Let us know if you have any questionsLet us know if you have any questions.
Sincerely,
The Amazon EC2 Team
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 109
Amazon EC2 SLA*
99.95% availability if you are using >1 availability zoneAvailability
Instances have external connectivityYou can launch new instances
Service credit for not meeting SLA
* Read the small print
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 110
Highly available - $$$g y $$$
www.acme.com
Availability Zone A Availability Zone B
Elastic IP A Elastic IP B
Apache Apache
TomcatTomcat Tomcat
Tomcat
MySQL(Master 1)
MySQL(Master 2)
EBS V l
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 111
EBS Volume EBS Volume
Agendag
Amazon-style cloud computingAWS deep-diveUsing Amazon EC2gOverview of Cloud ToolsDeveloping on Amazon EC2Developing on Amazon EC2Deploying on Amazon EC2Programming with AWSProgramming with AWS
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 112
Using AWS in your applicationg y ppAccess instance meta dataSimple Storage Service (S3)Simple Storage Service (S3)
Stores blobs of dataEg. Photo sharing websiteStore mediaHand out URLs to S3 objects
Simple Queue Service (SQS)Hosted queue-based messaging systemq g g yAlternative to JMSLoosely coupling between systems
SimpleDBSchema-less non-relational databaseStore data setsExecute queries
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 113
Eventual consistencyy
AWS is distributedData is replicated among many nodesData is replicated among many nodesReplication takes timeUpdates eventually appear
Why?CAP theorem by BrewerPick two: consistency, availability, Pick two: consistency, availability, partitioning
Example:S3 a GET might not see a PUTS3 – a GET might not see a PUTSQS – reading from a queue might not retrieve recently added messages…
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 114
Instance meta data
Instance can find out:f b lfInformation about itself
User data supplied by user at launch timeEnables a generic AMI to customize itself gdynamicallyAvailable data includes:
user-datauser datasecurity-groupspublic-hostnameplacement/availability-zoneplacement/availability zone…
curl http://169.254.169.254/2008-12-01/meta-data/<<data type>>
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 115
SimpleDB modelp
DomainHas a nameContains items
Item:Has a nameHas one or more attributes
Attribute:Has a nameHas one or more values
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 116
Simple DB modelpIt’s not a relational database
No joinsEventual consistency - updates eventually appearNo transactions – single item updateNo locking
LimitsLimits100 domains per account250,000,000 attribute name-value pairs per domain256 attribute name-value pairs per itemQueries return …
Pricing:Machine utilization: $0 14/hour after first 25 free Machine utilization: $0.14/hour after first 25 free hours/monthFees for data transfer in and out (Free for access from EC2)
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 117
SimpleDB Operationsp pSOAP and REST APIDomains: Create/List/DeleteDomains: Create/List/DeletePutAttributes
DomainNameAttributeNameAttributeNameAttribute.N.Name/Attribute.N.ValueAttribute.N.Replace – add or replace
DeleteAttributesDomainNameAttributeNameAttribute.N.Name/Attribute.N.Value
GetAttributesDomainNameAttributeName.n
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 118
SimpleDB Select queriesp q
“SQL-like” Select query languageVarious limitations
Sort by attribute must appear in where clause and select list…
select * Select operation
SelectExpression
select * from domainNamewhere SomeAttribute > 2order by SomeAttributelimit 10
NextTokenlimit 10
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 119
SimpleDB custom queriesp q
Query[‘SomeAttribute’ > 2]
DomainQueryExpresssion
[ SomeAttribute > 2] sort ‘SomeAttribute’
Pagination with: MaxNumberOfItems/NextTokenR t It NReturns ItemNames
QueryWithAttributesAdd A ib N ( i l)Adds AttributeName.n (optional)Returns values
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 120
Using SimpleDBg pReplace joins by denormalizing/duplicating data
E.g. Duplicate child data in parent in parent-child l i hirelationship
Parallelize SimpleDB requestsAn application should/could issue multiple requests in parallelp
Partition data across multiple domainsE.g. People1, People2Improves performanceS l hUse SimpleDB when:
You can tolerate inconsistenciesYou don’t need transactionsi e bad for banking but good for social network read i.e. bad for banking but good for social network, read intensive data
E.g. http://blog.adaptiveblue.com/?p=1145People-Interaction-Thing (1-N N-1)St I t ti i P l d i ThiStore Interaction in People and in Thing
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 121
Amazon SQSQQueues:
As many as you wantUnlimited sizeMessages deleted after 4 daysAWS might delete queues that are idle for > 30 daysMessage are to 8Kb (store binary and larger messages in Message are to 8Kb (store binary and larger messages in S3 or SimpleDB)
Semantics of distributed queuingOrder is not guaranteed
lAt-least onceReceiveMessage returns messages from a subset of servers, e.g. possibly no messages
Pricing:g$0.000001 per Request$0.100 per GB – all data transfer in$0.170-0.100 per GB – data transfer out
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 122
SQS API detailsQSOAP API onlyManaging queriesManaging queries
Create/List/Delete QueuesSending a Message
SendMessageSendMessageProcessing a message
ReceiveMessageDeleteMessagee ete essageVisibility timeout: a received message that is not deleted within the timeout will reappear
Queue attributesSetQueueAttributes/GetQueueAttributesApproximateNumberOfMessagesVisibilityTimeout
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 123
Java libraries for AWS
JetS3tJetS3tRich API for accessing S3jets3t.dev.java.net/j j
TypicaAPI for SQS, EC2, SimpleDBcode.google.com/p/typica
SimpleJPASubset of JPA on Subset of JPA on Simple DBcode.google.com/p/simplejpa
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 124
Summaryy
Amazon-style cloud computingI di t t l bl Immediate access to a scalable infrastructurePay as you go – no upfront investment/commitment requiredEasily scale up/downOptional proprietary servicesOptional proprietary services
Cloud ToolsEasy deployment and testing from Maven y p y gand GrailsConfigure multiple clustersRun JMeter tests in parallelRun JMeter tests in parallel
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 125
Final thoughtsg
• Download Cloud Tools today:• http://code.google.com/p/cloudtools
• Checkout Cloud Foundry:• http://www.cloudfoundry.com
B b k ☺• Buy my book ☺• Send email:
• Visit my website:• Visit my website:
• http://www.chrisrichardson.net
• Talk to me about consulting and trainingtraining
Phone: 510 904 9832
Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 126