Professional Documents
Culture Documents
Profile
API Service
Web UI
GATEWAY REST
Service
API
REST REST
API API
Comment Photo
Service Service
REST
API
Vote
Service
Schema Considerations
Normalization
Relationships
Cardinality
Containment
Aggregation
Photo Schema
casts
users votes
creates 0..*
posts
0..*
0..*
has_votes
photos
has_comments
0..*
0..*
comments
Photo Schema - Service Overlay
has_comments
1 /ipc/getLast10
1.1 /ipc/usernames
{ list usernames }
{ list comments & who }
2 /ipc/getCount
{ total comments }
3 /ipc/usernames
{ list of posters }
4 /ipc/count
{ number of votes }
5 /ipc/voted
Aggregation
Each Service publishes events
Aggregation Service ingests those events
Service
computes required metrics
publishes metrics
Where to call?
From each Service?
From a coordination point (e.g. API Gateway)?
API
Web Vote Aggr
Gateway
Client Service Service
1 /vote
2.1 /vote
2.2 /vote
Data Integrity - Service boundaries
Relationships
Referential integrity
Re-parenting (foreign key updates)
De-normalization
Aggregates
Copies of data on other tables
Use Case: Photo & Comments
1 /ipc/getLast10
1.1 /ipc/usernames
{ comments }
Referential Integrity
COMMIT;
Transactions
Use Case - Delete Photo plus Comments & Votes
START TRANSACTION; Transaction span Domain
boundaries
delete from photos p
where p.id = ?
COMMIT;
Transactions - Approaches
Denormalize
Create a compound object (e.g. JSON) within a single service of denormalized data
AWESOME! When do we go
live?
Profile
API Service
Web UI
GATEWAY REST
Service
API
REST REST
API API
Comment Photo
Service Service
REST
API
Vote
Service
Database Instance Considerations
How many
Schema / Databases
Instances
Clusters?
High Availability
Disaster Recovery
Pros Pros
Single infrastructure to manage Each Service has independant DB Cluster
Single upgrade, backup etc. across the HA, DR etc. on a service-by-service basis
landscape Isolation Between Services
Maintenance on a service-by-service
basis
Cons
Failure modes potentially catastrophic to
all services Cons
QOS between Services (e.g. noisy Duplicated processes across the
neighbour) landscape
Maintenance can affect all services Orders of magnitude more infrastructure
to manage (and to go wrong)
Databases: Recommendations
Automatic Failover
On node failure, loss of connectivity etc
MaxScale + MariaDB
Cluster
Use Case
MariaDB Cluster
Multi-master
Max Synchronous Write
Scale Consensus elections
MaxScale
Read/Write distribution
Automatic switch over on Master
failure
Client
Connection to MaxScale, not to entire
cluster
Service Discovery - How to mesh nodes?
DNS RESOLUTION
Docker assigns VIP to Service, each Task has
own IP
nslookup, dig, getent etc.
3rd PARTY
consul, etcd, zookeeper etc.
DOCKER EVENTS
https://docs.docker.com/engine/
reference/api/docker_remote_api/
Interlock -
https://github.com/ehazlett/interlock
Swarm Event Endpoint PR #26331
Cluster Formation - DNS Example
$ docker exec fb1076a6d716 dig tasks.mariadb_cluster
...
;; ANSWER SECTION:
tasks.mariadb_cluster. 600 IN A 10.0.0.11
tasks.mariadb_cluster. 600 IN A 10.0.0.10
tasks.mariadb_cluster. 600 IN A 10.0.0.5
$ cat docker-entrypoint.sh
...
if [ -n $CLUSTER_NAME ]; then
service_nodes=`dig tasks.$CLUSTER_NAME | \
awk "/tasks.$CLUSTER_NAME./ {print \\$5}" | \
awk 'NF'|tr '\n' ','|tr -d ' '|sed 's/,$//'`
IFS=',' read -r -a cluster_nodes <<< $service_nodes
if [ ${#cluster_nodes[@]} -gt 0 ]; then
mode="node"
master_node=${cluster_nodes[0]}
fi
fi
Act 3
Its all about the
Orchestration
Meanwhile...
Deployed Databases that
meet the corporate standard
for HA & DR
HAProxy
app Virtual
IP
app1
Virtual
IP
MaxScale 1
1
Development Production
Scale the Application Tier
HAProxy
app Virtual
IP
Virtual
IP
MaxScale 1 MaxScale 2
1 2 3
Development Production
Docker Networking
Docker Host (swarm-0) Docker Host (swarm-1)
HAProxy App
Container Container
Endpoint Endpoint Endpoint
front Network
MaxScale MariaDB
Container Container
Endpoint Endpoint
$ cat docker-compose.stack.yml
...
networks:
front:
back:
external:
name: myapp_back
haproxy & web services
services: web:
haproxy: image: alvinr/demo-webapp-vote:mariadb
image: dockercloud/haproxy environment:
networks: SERVICE_PORTS: "5000"
- front VIRTUAL_HOST: "prod.myapp.com"
- back APP_MARIADB_HOST: "maxscale"
volumes: APP_USER: "app"
- /var/run/docker.sock:/var/run/docker.sock APP_PASSWORD_FILE: "/run/secrets/app_password"
ports: APP_DATABASE: "test"
- 80:80 networks:
deploy: - back
placement: deploy:
constraints: [node.role == manager] placement:
constraints: [node.role != manger]
secrets:
- app_password
OMG! The developer hardcoded passwords!
services:
web:
build: .
ports:
- "5000:5000"
links:
- mariadb
hostname: dev.myapp.com
environment:
APP_MARIADB_HOST: dev_mariadb_1
APP_PASSWORD: foo
mariadb:
image: mariadb:10.1
environment:
MYSQL_ROOT_PASSWORD: foo
Docker secrets
$ cat ./app_password.txt $ cat app.py
appfoo
secrets_fn=
$ cat docker-compose.stack.yml
... os.environ.get("APP_PASSWORD_FILE", "")
secrets:
app_password: if os.path.isfile(secrets_fn):
file: ./app_password.txt with open(secrets_fn, 'r') as myfile:
... passwd=myfile.read().replace('\n', '')
web:
image: alvinr/demo-webapp-vote:mariadb
environment: db = mariadb.connect(
APP_PASSWORD_FILE: host=app_host,
"/run/secrets/app_password" user=app_user,
passwd=passwd,
db=app_db)
Demo
Deploying & Scaling
Database Tier
Container Placement
Docker Host (swarm-0) Docker Host (swarm-1)
HAProxy App
Container Container
Endpoint Endpoint Endpoint
front Network
HAProxy App
Container Container
Endpoint Endpoint Endpoint
front Network
maxscale:
image: alvinr/maxscale-swarm
...
labels:
com.mariadb.cluster: "myapp-maxscale"
networks:
- back
deploy:
replicas: 1
restart_policy:
condition: on-failure
delay: 10s
placement:
constraints: [engine.labels.com.mariadb.cluster != myapp-maxscale]
secrets:
- app_password
Encore
Considerations
& Conclusions
Storage: Inside or Outside the Container?
Host
Container Container
Local Disk e.g.
/dev/xvdb
SSD / NVMe
Networked
/mnt/xx:/var/lib/mysql e.g. EBS
Volume
Inside Outside
Encapsulation Separation of Concerns
of Concerns Storage features (e.g. Snapshots)
3rd Party options
NetApp, Google Compute Engine, Rancher Convoy
Flocker, PorkWorx, Nutanix
Storage: Data Container?
Host Host
Container Container
--volumes-from
{container name}
Inside
Managed like
other containers
Special rule for
Destruction
TBD: Performance
And...
Official images
Image verification (trusted Images)
Swarm locking
AppArmor / Seccomp profiles
Monitoring
Heathchecks
Rolling Upgrades
Summary
Schema
Foreign Keys, Joins, Aggregation and Denormalization - they will kill you
Service boundaries may impact your Availability, make deployment compex
Infrastructure
Plan for the worst case
Scale for the best case
Orchestration
Dev approved images to build upon
Ops inject policy
Thanks and Q&A
Code
https://github.com/alvinr/docker-demo/tree/master/mariadb/vote
Docker Images
https://hub.docker.com/_/mariadb/
Contact me!
alvin@mariadb.com
@jonnyeight