How to setup Orchestrator to manage thousands of MySQL servers. Simon J Mudd 3 rd October 2017

Similar documents
Autopsy of an automation disaster. Simon J Mudd (Senior Database Engineer) Percona Live, 25 th April 2017

Aurora, RDS, or On-Prem, Which is right for you

Practical Orchestrator

MariaDB MaxScale 2.0, basis for a Two-speed IT architecture

MySQL High Availability

MySQL High Availability Solutions. Alex Poritskiy Percona

Reliable Crash Detection and Failover with Orchestrator

MySQL Replication. Rick Golba and Stephane Combaudon April 15, 2015

Document Sub Title. Yotpo. Technical Overview 07/18/ Yotpo

Which technology to choose in AWS?

Choosing a MySQL High Availability Solution. Marcos Albe, Percona Inc. Live Webinar June 2017

Enterprise Open Source Databases

Database Administration for Azure SQL DB

MySQL HA Solutions Selecting the best approach to protect access to your data

Designing Database Solutions for Microsoft SQL Server (465)

Choosing a MySQL HA Solution Today

DataSunrise Database Security Suite Release Notes

Introducing VMware Validated Designs for Software-Defined Data Center

Introducing VMware Validated Designs for Software-Defined Data Center

Veritas Cluster Server from Symantec

Binlog Servers at Booking.com. Jean-François Gagné jeanfrancois DOT gagne AT booking.com

ProxySQL - GTID Consistent Reads. Adaptive query routing based on GTID tracking

High Availability for Enterprise Clouds: Oracle Solaris Cluster and OpenStack

Microsoft Architecting Microsoft Azure Solutions.

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 8

Configuring the Oracle Network Environment. Copyright 2009, Oracle. All rights reserved.

Introducing VMware Validated Designs for Software-Defined Data Center

Choosing a MySQL HA Solution Today. Choosing the best solution among a myriad of options

@joerg_schad Nightmares of a Container Orchestration System

Manual Trigger Sql Server 2008 Insert Multiple Rows At Once

SHAREPOINT 2016 ADMINISTRATOR BOOTCAMP 5 DAYS

AWS_SOA-C00 Exam. Volume: 758 Questions

Amazon AWS-Solution-Architect-Associate Exam

Protecting MySQL network traffic. Daniël van Eeden 25 April 2017

PostgreSQL migration from AWS RDS to EC2

ShardProxy Replication-Manager. DataOps - Juin 2018 Kentoku SHIBA - Stephane VAROQUI

MySQL for Database Administrators Ed 3.1

HA solution with PXC-5.7 with ProxySQL. Ramesh Sivaraman Krunal Bauskar

Technology Overview ScaleArc. All Rights Reserved.

Amazon Web Services (AWS) Training Course Content

Oracle WebLogic Server 12c on AWS. December 2018

Percona Live Europe Amsterdam, Netherlands October 3 5, 2016

Percona XtraDB Cluster ProxySQL. For your high availability and clustering needs

MCSA SQL SERVER 2012

Administering WebLogic Server on Java Cloud Service I Ed 1 Coming Soon

BeBanjo Infrastructure and Security Overview

Developing Microsoft Azure Solutions (70-532) Syllabus

SearchWinIT.com SearchExchange.com SearchSQLServer.com

MySQL Cluster Ed 2. Duration: 4 Days

Oracle Autonomous Database

DESIGNING DATABASE SOLUTIONS FOR MICROSOFT SQL SERVER CERTIFICATION QUESTIONS AND STUDY GUIDE

Techno Expert Solutions

ITS. MySQL for Database Administrators (40 Hours) (Exam code 1z0-883) (OCP My SQL DBA)

CO MySQL for Database Administrators

Binlog Servers (and MySQL) at Booking.com. Jean-François Gagné jeanfrancois DOT gagne AT booking.com Presented at Percona Live Santa Clara 2015

Service Manager. Database Configuration Guide

High Availability and Automatic Failover in PostgreSQL using Open Source Solutions

ARCHITECTING WEB APPLICATIONS FOR THE CLOUD: DESIGN PRINCIPLES AND PRACTICAL GUIDANCE FOR AWS

Scaling DreamFactory

Amazon Web Services (AWS) Solutions Architect Intermediate Level Course Content

SnapCenter Software 4.0 Concepts Guide

Design Patterns for the Cloud. MCSN - N. Tonellotto - Distributed Enabling Platforms 68

Making Non-Distributed Databases, Distributed. Ioannis Papapanagiotou, PhD Shailesh Birari

Oracle WebLogic Server 12c: Administration I

Oracle Database 11g: Real Application Testing & Manageability Overview

Orchestrator High Availability tutorial

Amazon Web Services Training. Training Topics:

Azure SQL Database Training. Complete Practical & Real-time Trainings. A Unit of Sequel Gate Innovative Technologies Pvt. Ltd.

Principal Solutions Architect. Architecting in the Cloud

State of the Dolphin Developing new Apps in MySQL 8

ITBraindumps. Latest IT Braindumps study guide

MySQL X Protocol Talking to MySQL Directly over the Wire

Consistent Reads Using ProxySQL and GTID. Santa Clara, California April 23th 25th, 2018

Port Usage Information for the IM and Presence Service

Deployment. Chris Wilson, AfNOG / 26

Continuous MySQL Restores Divij Rajkumar

MySQL for Database Administrators Ed 4

Migrating and living on RDS/Aurora. life after Datacenters

vsphere Upgrade Update 1 Modified on 4 OCT 2017 VMware vsphere 6.5 VMware ESXi 6.5 vcenter Server 6.5

MySQL Multi-Site/Multi-Master Done Right

Course Outline. Lesson 2, Azure Portals, describes the two current portals that are available for managing Azure subscriptions and services.

Welcome to Virtual Developer Day MySQL!

InterCall Virtual Environments and Webcasting

Service Mesh and Microservices Networking

20532D: Developing Microsoft Azure Solutions

TECHNICAL DESCRIPTION

DHCP, DNS & IP Address Management. Bart Busschots

Lessons learned while automating MySQL in the AWS cloud. Stephane Combaudon DB Engineer - Slice

Oracle Database Server 12c Pros and Cons

Deep Dive on Amazon Relational Database Service

Logging in the age of

Citrix Exam 1Y0-A23 XenApp 5 for Windows Server 2003: Administration

Developing Microsoft Azure Solutions

Fully Optimize FULLY OPTIMIZE YOUR DBA RESOURCES

Cloud Computing /AWS Course Content

Using MySQL for Distributed Database Architectures

Simplifying HDS Thin Image (HTI) Operations

SM-B09: Confidently Virtualize Business Critical Applications On VMware, KVM, LPAR and LDOM with ApplicationHA 6.0

70-532: Developing Microsoft Azure Solutions

How Microsoft Built MySQL, PostgreSQL and MariaDB for the Cloud. Santa Clara, California April 23th 25th, 2018

Transcription:

How to setup Orchestrator to manage thousands of MySQL servers Simon J Mudd 3 rd October 2017

Session Summary What is orchestrator and why use it? What happens as you monitor more servers? Features added to make it scale and improve usability Using orchestrator at smaller scale Way forward 1

Booking.com One of the largest travel e-commerce sites in the world part of the Priceline Group (NASDAQ: PCLN) We offer accommodation in 228 countries Our website and customer service in 40 languages More than 15,000 employees in 204 offices in 70 countries We use thousands of MySQL servers: we use orchestrator to manage the topology and handle master and intermediate master failures 2

What is Orchestrator and why use it? 3

Orchestrator 4

Orchestrator Written by Shlomi Noach he started on this at outbrain and is now working at github.com He introduced booking.com to orchestrator about 3 years ago when we were looking for something to handle failovers automatically 5

Orchestrator Periodically monitors MySQL servers and checks their health Handles master failover, but also does much more GUI to manage and visualise topology very handy CLI to do the same tasks used for scripting API calls to run at a distance Needs a DB backend to store state. Normally MySQL but can be SQLite Written in go 6

Orchestrator What failures does it handle? Master failures Optional hooks to external systems which need to be aware of these failures Intermediate master failures Does not care about leaf slaves or applications Works with Oracle or MariaDB GTID Works without GTID: Can add Pseudo-GTID (events injected on the master are used to find a match) so no need to migrate Handles multi-level topologies 7

Orchestrator GUI 8

Orchestrator GUI 9

Orchestrator GUI 10

Orchestrator Topology Management Drag and drop using the GUI Move one slave about Move all slaves Scriptable relocation from the command line or using API calls 11

What happens as you monitor more servers? 12

What happens as you monitor more servers? Integration needed with internal infrastructure Deployment: tell orchestrator to discover and forget servers * Determine candidate masters Handle special cases: test MySQL versions, special setups (black- or white-list servers or clusters) Make orchestrator HA Monitor orchestrator behaviour and performance Provide wider access to different types of user * It can automatically detect new servers in an existing cluster but not new detect new clusters without help 13

Integration with Internal Infrastructure Populate the metadata db on the master to: Map host or instance names to more familiar cluster names How to determine replication delay Configuration of acceptable levels of replication delay Add and removal of servers/instances as they are deployed or removed from service Setup of Pseudo-GTID (if not using GTID) 14

Integration with Internal Infrastructure Add failover hooks for monitoring, notification and to take sitespecific actions (tell other systems about the new master) Selection of candidate masters Blacklisting servers which are not suitable: backup servers, test servers, servers in the wrong network areas 15

Better Visibility Improve orchestrator deployment visibility For each running app: show host, version, uptime Show the active node and how long it s been active Auditing of MySQL failures and recovery via the GUI is good and improving no need to search the logs 16

Better Visibility 17

Features added to scale and improve usability 18

Performance We found bottlenecks especially on startup Try to discover several thousand mysql servers at once and update the backend at the same time à max_connections exceeded Multiple go routines trying to poll the same stuck server Solution: FIFO Discovery queue which avoids duplicates and limits maximum discovery concurrency 19

Performance How to figure out what s going on? Understanding logging is hard at this scale too much noise No discovery metrics to see problems at server or aggregate level Solution: Collect discovery metrics and keep for N seconds Log discovery times in debug mode Provide interface to retrieve raw or aggregate values to use in monitoring systems 20

Performance Discovery (Poll) times 21

Performance Discovery (Poll) counters 22

Performance A client upgrade might upgrade the database which other older apps were still using Solution: Make auto-upgrade of the database optional so the DBA controls this 23

Performance Cross zone (dc) access changes performance profile significantly and caused problems orchestrator apps are supposed to be easy to replace and location should not matter latency can be a real enemy Solution: Batch updates of some data into smaller number of larger inserts Collect metrics on these timings Catch discoveries which take too long (internal code bottlenecks) Visibility of the metrics made it easier to locate causes 24

Performance Special connections settings "MySQLOrchestratorMaxPoolConnections": control go pool size "MySQLConnectTimeoutSeconds": 1 don t waste time waiting to connect to a dead server 25

Performance golang specific -isms Orchestrator by default uses database/sql and by default sends a query with parameters using MySQL s Prepare/Execute syntax This generates 2 rtt s and on slower connections can affect the elapsed time to complete a query Options to disable this by interpolating parameter values prior to sending SQL Go (orchestrator code) is quite happy to try to poll 10,000 servers at once Sometimes that is not sensible Throttling to avoid thundering herd is necessary 26

Orchestrator HA More then one orchestrator server per zone/dc Some upgrades really easy just restart with new binaries Common end point via load balancer Simpler for users works for api calls and may simplify firewall rules 27

Orchestrator HA Zone 1 Zone 2 L o a d B a l a n c e r nginx1 nginx2 nginx3 nginx4 app1 app2 app3 app4 backend 28

Orchestrator HA Might I have more than one orchestrator cluster? Yes for active development as a side-effect gives us extra redundancy Development load is too small to catch many issues Recoveries disabled globally on this cluster but monitoring works the same Compliance regulations may require segregation of different networks 29

Orchestrator HA Solution Move from using orchestrator binary to use cluster API interface Recently migrated to use new orchestrator-client command which solves the same problem and was needed for orchestrator/raft access Simplifies configuration Allows easy access to more then one orchestrator cluster Orchestrator upgrades with db backend changes are easier 30

Orchestrator API Enhancements to API calls Bulk retrieval of instance information and promotion rules Asynchronous discovery call (e.g. bootstrap new cluster) More monitoring information available Discovery timing metrics Discovery queue metrics Backend write metrics 31

Special Cases Testing MySQL 8.0 or MariaDB 10.3? Let s not promote to this box Same applies while testing new minor versions of course Some topologies have slaves with aggregate data Do not treat them as a normal box should not be candidate masters Orchestrator can not handle GR or multi-source replication yet Best to avoid these boxes (for automatic failover) until we have solutions Patches welcome to solve such missing functionality 32

Special Cases Handling TLS connections Orchestrator could handle using TLS or not using it but Some servers need to be accessed by TLS, others don t (ODBC access or more security sensitive systems) Orchestrator could not handle this Code added to recognise error and automatically switch to TLS: Error 3159: Connections using insecure transport are prohibited while -- require_secure_transport=on Global OFF button gives you peace of mind 33

Provide Wider User Access Orchestrator fan club Different groups of users like orchestrator DBAs, Developers, Sysadmins, Auditors, Managers Use nginx (or similar) Provides authentication Provides TLS The combination can be used with unix groups to allow user or admin access to orchestrator Combined with a load balancer provides easy access for users and also for applications (using api calls) 34

Monitoring Some things to monitor Orchestrator process (and nginx) Orchestrator cluster endpoint Successful or failed Discoveries per minute Discovery queue sizes Discovery timings aggregate data gives mean, median and percentiles Discoveries exceeding InstancePollSeconds When changing active orchestrator node these values may change 35

Booking.com contributions Commits to public orchestrator repo Simon: 170 Dmitry: 40 Mauro: 15 Daniël: 8 Shlomi: many (while working at booking) 36

Using orchestrator at smaller scale 37

Using orchestrator at smaller scale Not mentioned here but Consider use of Sqlite good starting point single binary Consider use of Sqlite/raft provides HA all nodes monitor all MySQL servers Only difference is the db backend Not sure where scaling limits 38

Configuration settings Settings to be considered, broken down by function 39

Configuration settings MySQL backend "MySQLOrchestratorCredentialsConfigFile": "/path/.my-orchestratordb.cnf" "MySQLOrchestratorDatabase": "orchestrator "MySQLOrchestratorHost": "orchestratordb.example.com" "MySQLOrchestratorPort": 3306 "MySQLOrchestratorMaxPoolConnections": 100 "MySQLConnectTimeoutSeconds": 1 Sqlite backend "BackendDB": "sqlite "SQLite3DataFile": "/var/lib/orchestrator/orchestrator.db" 40

Configuration settings Psuedo-GTID Settings (if using pseudo-gtid) PseudoGTIDPattern PseudoGTIDMonotonicHint DetectPseudoGTIDQuery 41

Configuration settings Cluster and host settings Query metadata db (populated externally) to detect clusters DetectClusterAliasQuery DetectClusterDomainQuery 42

Configuration settings Recovery settings Regexp filters very site dependent RecoverMasterClusterFilters white-list masters by cluster name RecoverIntermediateMasterClusterFilters PromotionIgnoreHostnameFilters ignore servers from being promoted * RecoveryIgnoreHostnameFilters ignore special servers from recovery * Does not scale well 43

Configuration settings Failover settings OnFailureDetectionProcesses what to do when a failure is detected PreFailoverProcesses what to do prior to starting recovery PostFailoverProcesses what to do after completing recovery PostUnsuccessfulFailoverProcesses what to do if recovery fails PostMasterFailoverProcesses what to do after IM recovery PostIntermediateMasterFailoverProcesses what to do after Master recovery 44

Configuration settings Authentication settings (e.g. if using nginx with LDAP) "AuthenticationMethod": "proxy", "HTTPAuthUser": user1", "HTTPAuthPassword": pass1", "AuthUserHeader": SomeHeader", PowerAuthUsers": [ "api-user1", "api-user2", realuser1" ] PowerAuthGroups": [ special_sysadmins, dbas ], * Does not scale well 45

Configuration settings Environment settings (e.g. shorten/simplify hostnames) DataCenterPattern PhysicalEnvironmentPattern : RemoveTextFromHostnameDisplay : :.example.com:3306 46

Way Forward 47

Way Forward Improvements needed to tackle problems at both ends of the scale Smaller installations for getting on board Larger installations to allow for further scaling 48

Way Forward Simplify configuration and entry to orchestrator Shlomi is doing a very good job with sqlite and raft setups Configuration could be simpler and more automatic for most people Need to standardise orchestrator setups more? Extend functionality to cover more of the MySQL eco-system AWS and other cloud systems Group Replication or Galera Multi-source 49

Way Forward Distribution of discoveries amongst all orchestrator nodes Orchestrator/raft: all nodes monitor all MySQL servers Raft usage recommends having several nodes Orchestrator/MySQL: one node monitors all MySQL servers Better: distribute monitoring amongst available nodes Avoids unnecessary load on monitored servers reduces work on busy orchestrator apps Useful for small and large installations efficient balancing is harder 50

Way Forward Reduce recovery time Speeding up detection to recovery time would be good as reduces downtime Should be possible to react to failure event (knowing state of other servers) immediately state currently stored in backend db analysis and detection phase happens independently of server polling With reduced default poll time of 5 seconds recovery is likely to be triggered within 10 seconds not critical for most people? 51

Way Forward Further work needed to scale more bottlenecks still exist Larger installations keep growing Improve monitoring External API calls Add internal metrics 52

Conclusion 53

Does it work? I checked for failures over a recent period 6 master failures About 40 intermediate master failures No-one called up No harm was done 54

Questions?

Thanks Simon J Mudd simon.mudd@booking.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback