I’ve been working on preparing a production-ready cluster setup for our company
for the last couple of weeks.
Things are looking great, and I feel like we are getting close to launching our
“production” cluster with the current setup.
Our current setup is to use the cloud-config file to prepare each CoreOS machine
in the cluster (running on OpenStack), doing things like preparing ephemeral
storage, users, ssh keys, flannel networking and launching a couple of Systemd
service files used to prepare the machine.
After that, I have setup a very basic Ansible configuration to synchronise all
the systemd unit files across the hosts and add/remove ssh keys when people
join/leave.
For cluster management, we use Fleet of course.
Now, the thing I worry about most are distributing changes to the cloud-config
file, and to unit files.
I see three possible solutions to this:
1) swap every machine in the cluster whenever a minor change is made to the
cloud-config file.
This seems highly unpractical and makes migrations slower and slower for every
new machine we add to the cluster. Of course, the plus side is that you
always know your machines are in pristine condition and no anomalies exist
in your cluster.
2) use Ansible to re-run changed cloud-config files
This means I have to run coreos-cloudinit
whenever a change was made.
However, this will only support forward changes. F.e. removing an ssh key
does not remove it from the machine, unless we remove all keys before
rerunning the cloud-config file.
This also brings me back to the Chef/Puppet dark days where there is the
constant possibility/fear of out-of-sync machines (different configs, ssh
keys, whatever) without you noticing it.
3) keep cloud-config as simple as possible (already trying hard to do this) and
accumulate changes until you are ready to do another “full sweep” of swapping
all cluster machines (as mentioned in 1.)
This feels like the most natural fit. But I also feel like the first months
will still see a high churn rate on the cloud-config file.
Now, changes to unit files is another concept I haven’t quite gasped yet. If
we find a bug in one of our unit files, or we need to add a new environment
variable to one of our Docker containers, we need to update the unit files on
all machines, destroy them, re-add, restart the affected units and possibly do asystemctl daemon-reload
. This again feels like mental burden which I want to
minimize as much as possible, and make as easy as possible to manage.
Do any of you have any tips or thoughts on these processes? Thanks.
3) keep cloud-config as simple as possible (already trying hard to do this) andaccumulate changes until you are ready to do another “full sweep” of swapping
all cluster machines (as mentioned in 1.)This feels like the most natural fit. But I also feel like the first months
will still see a high churn rate on the cloud-config file.
Now, changes to unit files is another concept I haven’t quite gasped yet. If
we find a bug in one of our unit files, or we need to add a new environment
variable to one of our Docker containers, we need to update the unit files on
all machines, destroy them, re-add, restart the affected units and possibly do asystemctl daemon-reload
. This again feels like mental burden which I want to
minimize as much as possible, and make as easy as possible to manage.Do any of you have any tips or thoughts on these processes? Thanks.
This is the best way to go. Ideally your cloud-config is as simple as it can be. Just the pieces to get the machine booted, on the network and join the cluster.3) keep cloud-config as simple as possible (already trying hard to do this) andaccumulate changes until you are ready to do another “full sweep” of swapping
all cluster machines (as mentioned in 1.)This feels like the most natural fit. But I also feel like the first months
will still see a high churn rate on the cloud-config file.One thing worth mentioning is that a central etcd cluster should make it less painful to swap machines in and out. You’d identified reasons why this is kind of a pain, but it’s better than having to down the entire cluster.
If you’re running on bare metal (vs a cloud) swapping your user-data file on disk and re-running cloudinit is pretty easy. The issue with doing this on a cloud provider is that you’ve now reconfigured the machine for that boot, but the metadata service isn’t going to provide the same user-data on the next boot. This behavior is different between providers: AWS only allows you to modify user-data when a machine is stopped. DO doesn’t let you modify it at all. GCE does allow you to change it at any time, I believe, but it takes affect on the next boot.
Your units should be pointing to a specific tag of a docker container, so updating a unit file should be the same process as deploying a new version of your app. If you have a CI system that orchestrates the fleet API, this should be pretty painless.Now, changes to unit files is another concept I haven’t quite gasped yet. If
we find a bug in one of our unit files, or we need to add a new environment
variable to one of our Docker containers, we need to update the unit files on
all machines, destroy them, re-add, restart the affected units and possibly do asystemctl daemon-reload
. This again feels like mental burden which I want to
minimize as much as possible, and make as easy as possible to manage.Do any of you have any tips or thoughts on these processes? Thanks.
If you’re running this process manually, it might be worth writing a quick script to save you from all the typing.- Rob
Could you elaborate on *how* the etcd cluster makes this less painful? Just to clarify our setup:I believe I am already using etcd for cluster management (that is, I use etcd discovery already). Also, part of the initial cloud-config setup is to bootstrap a working Consul cluster. I use the Consul API to get a list of active machines and dynamically generate the Ansible inventory this way, so there is no hardcoded list of running machines, it should all be fluid.
Could you elaborate on *how* the etcd cluster makes this less painful? Just to clarify our setup:I believe I am already using etcd for cluster management (that is, I use etcd discovery already). Also, part of the initial cloud-config setup is to bootstrap a working Consul cluster. I use the Consul API to get a list of active machines and dynamically generate the Ansible inventory this way, so there is no hardcoded list of running machines, it should all be fluid.I’m making an assumption that your central etcd machines are dedicated to etcd and maybe a few other cluster coordination tasks. My other assumption is that this means you’re mostly modifying/tweaking/testing cloud-config changes on your worker machines only.
Since you don’t have to worry about maintaining etcd’s quorum, bootstrapping, new discovery token, etc on the worker machines (since they just point at existing the etcd cluster), it’s easy to recreate or reboot those machines as you make changes.
On Apr 24, 2015, at 1:16 PM, Mertz, Jean <je...@mertz.fm> wrote:The concept of "worker machines" and "cluster management" machines is not something I had considered before. Conceptually, I guess this would entail having Fleet metadata to tag "worker" machines and "management" machines and have all unit files define that they only want to live on worker machines.
--
You received this message because you are subscribed to a topic in the Google Groups "CoreOS User" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/coreos-user/iE_qRnQETTc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to coreos-user...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
* The document doesn't mention Etcd's proxy capabilities, is this simply because it wasn't available at the time of writing? It seems like this would be the way to go, so workers can still query the local Etcd instance, and simply be proxied to one of the Etcd servers.
* How does the discovery mechanism fit into this picture? In the document, the Etcd servers are still using the remote discovery.etcd.io endpoint for initial discovery but they also use static IPs, so I am unsure if there is still a need for this? However, I guess since discovery only happens on the Etcd cluster side of things (instead of all the workers), the problems one would face if that endpoint becomes unresponsive is relatively small, since workers can still be added to the cluster, correct?