Leveraging the power of SolrCloud and Spark with OpenShift

QAware GmbH
QAware GmbHQAware GmbH
FranzWimmer franz.wimmer@qaware.de @zalintyre Leveraging the power of SolrCloud and Spark with OpenShift 27.09.2018
1. Introduction 2. Basic Cloud Computing 3. Used Technologies 4. Implementation 5. Security 6. Live Demo 7. Lessions learned 8. Summary
Franz Wimmer Software Engineer since 2018 2017 / 2018 2016 - 2018 2011 - 2016 QAware GmbH: Software Engineer Master‘s thesis @ QAware GmbH M.Sc. Computer Science @ FH Rosenheim Dual B.Sc. Computer Science @ FH Rosenheim Contact E-Mail: franz.wimmer@qaware.de QAware 3
1. Introduction 2. Basic Cloud Computing 3. Used Technologies 4. Implementation 5. Security 6. Live Demo 7. Lessions learned 8. Summary
Definitions
Definition: BigData Franz Wimmer 6 „Big Data refers to the inability of traditional data architectures to efficiently handle the new datasets.” − National Institute of Standards and Technology, USA Four Characteristics of „BigData”: Volume Variety Velocity Variability Related Technologies [War13]: NoSQL MapReduce Machine Learning
Definition: Cloud Computing Franz Wimmer 7 Providing compute power / storage / applications over a network Characteristics [Mel11]: Automated management Network access Resource pools Monitoring of resource consumption
SaaS PaaS IaaS Software as a Service - Ready-to-use applications Platform as a Service - Development tools - Databases / APIs Infrastructure as a Service - Hardware - Network User Developer Operations Target audienceType Cloud Computing: Bereitstellungsmodelle Franz Wimmer 8
SaaS PaaS IaaS Software as a Service - Ready-to-use applications Platform as a Service - Development tools - Databases / APIs Infrastructure as a Service - Hardware - Network User Developer Operations Target audienceType Cloud Computing: Bereitstellungsmodelle Franz Wimmer 9
Motivation
Size of data keeps growing Compute power doesn‘t scale at the same amount Parallelization Scale out Diagram: [Kac] Size of data vs. compute power (global) Franz Wimmer 11
1. Introduction 2. Basic Cloud Computing 3. UsedTechnologies 4. Implementation 5. Security 6. Live Demo 7. Lessions learned 8. Summary
Cloud Technologies
Docker Franz Wimmer 14 Virtualization software Puts your applications into containers Virtualization with Linux resources Overhead: 0-4% (VM: 17-22%) Hardware Host-Betriebssystem Docker Bibliotheken Anwendung Bibliotheken Anwendung Hardware Hypervisor Bibliotheken Anwendung Gast-OS Bibliotheken Anwendung Gast-OS Container Virtuelle Maschine
FROM python:2.7-alpine COPY ./spark-ui-proxy.py / ENV SERVER_PORT=8080 ENV BIND_ADDR="0.0.0.0" EXPOSE 8080 ENTRYPOINT ["python", "/spark-ui-proxy.py"] Docker Franz Wimmer 15 Docker compiles applications into images Dockerfiles describe images Images can be started as a container as often as desired
Containers: not enough for a production system Franz Wimmer 16 Image: https://twitter.com/mfdii/status/697532387240996864
Kubernetes Franz Wimmer 17 Cluster-Orchestrator Container management Container can be grouped to pods Features: Scaling and load balancing Overlay network Service discovery Health checks Management of persistent storage Reactive Manifesto: Pods can be terminated any time Image: https://cloudplatform.googleblog.com/2015/01/what-makes-a-container-cluster.html
Kubernetes Franz Wimmer 18 Transfer rates taken with iPerf: Metric Transfer rate One pod, two containers 56,7 GBit/s One node, two pods 42,7 GBit/s Two nodes, one pod each 0,90 GBit/s
OpenShift Franz Wimmer 19 „Enterprise Kubernetes“ PaaS plattform Features: Templates Routes Editions: Online Container Platform Dedicated Origin (Open Source)
OpenShift Architecture Franz Wimmer 20 Grafik: https://docs.openshift.org/latest/architecture/index.html
BigData applications
Apache Spark Franz Wimmer 22 Framework for distributed computing For example: MapReduce Supports arbitrary backend storage services (SQL, HDFS, …) Master-Slave architecture Image: https://jaceklaskowski.gitbooks.io/mastering-apache-spark/spark-architecture.html
SolrCloud Franz Wimmer 23 NoSQL Database Based on Lucene Features: Full text search REST interface Scalable and fault tolerant with shards and replicas SolrCloud: Distributed on multiple nodes Manages itself via ZooKeeper
ZooKeeper Franz Wimmer 24 Distributed configuration management Ensures consistency in distributed services Images: https://zookeeper.apache.org/doc/current/zookeeperOver.html https://blog.kloia.com/distributed-computing-in-microservices-cap-theorem-253c16017a99
Other cloud technologies in this thesis… … an incomplete list Franz Wimmer 25 Hadoop File System Cloudera Hue (Web-UI für Hadoop) ZooNavigator (Web-UI für ZooKeeper) Zeppelin (Web-UI für Spark)
Goals
Image: QAware GmbH Target architecture Franz Wimmer 27
Goals of this thesis Franz Wimmer 28 Proving the technology stack Automated deployment of BigData applications Impediments and pitfalls should be documented
1. Introduction 2. Basic Cloud Computing 3. Used Technologies 4. Implementation 5. Security 6. Live Demo 7. Lessions learned 8. Summary
# OpenShift template for automated deployment of Solr apiVersion: v1 kind: Template metadata: name: spark-solr.template objects: - [...] - [...] OpenShift templates Franz Wimmer 30 Templates: Describe applications in the cluster Written in YAML Easy to read and write (depends ;) ) Can be parametrized Objects: z.B. Controllers like DeploymentConfigs or StatefulSets
[...] - apiVersion: v1 kind: DeploymentConfig spec: replicas: 1 template: spec: containers: - args: - sbin/start-master.sh env: - name: SPARK_MASTER_PORT value: '7077' image: spark:latest ports: - containerPort: 7077 name: spark-driver - containerPort: 8080 name: spark-mstr-http Stateless applications: DeploymentConfig Franz Wimmer 31
[...] - apiVersion: apps/v1beta1 kind: StatefulSet spec: replicas: 7 template: spec: containers: - command: - 'bin/solr -f -c -z zookeeper:2181 -s /solrdata' image: solr:latest volumeMounts: - name: solr-pvc mountPath: /solrdata volumeClaimTemplates: - spec: accessModes: [ "ReadWriteOnce" ] resources: requests: storage: "10Gi" Stateful applications: StatefulSets Franz Wimmer 32 YAML likeDeploymentConfig Additional guarantees: Stable hostnames Stable persistent volumes
Services Franz Wimmer 33 Pod 2 Label: app=zookeeper Port: 2181 Pod 3 Label: app=zookeeper Port: 2181 Client zookeeper:2181 Service Nam e: zookeeper Selector: app=zookeeper Port: 2181 Pod 1 Label: app=zookeeper Port: 2181
Routen Franz Wimmer 34 Service Nam e: spark Port: 8080 Pod Route To: spark Port: 8080 Client http:// spark.dom ain.tld:80 Pod OpenShift-Cluster
FROM solr:7.1-alpine USER root # Patch permissions to solr working dir RUN chgrp -R 0 /opt/solr && chmod -R 775 /opt/solr ADD entrypoint.sh /opt/solr/ RUN chmod 775 /opt/solr/entrypoint.sh USER $SOLR_USER ENTRYPOINT ["/opt/solr/entrypoint.sh"] Docker images Franz Wimmer 35 For applications in this thesis: Partially existing Docker images Partially self-built Docker images In any case: Customizing for OpenShift File permissions Custom actions on container start
Challenges Franz Wimmer 36 Not all applications are cloud native Assumptions that aren‘t true in the (OpenShift) cloud: Container runs with root privileges There is any username My own process id is > 1 Not all applications are well-documented Applications in a cluster are hard to debug
1. Introduction 2. Basic Cloud Computing 3. Used Technologies 4. Implementation 5. Security 6. Live Demo 7. Lessions learned 8. Summary
Security: Motivation Franz Wimmer 38 „Western Digital My Cloud drives have a built-in backdoor” – techspot, 05.01.2018 „Homeland Security Data Breach Affects 240,000 Federal Employees, Plus Witnesses and Interviewees” – gizmodo, 03.01.2018 „Dynamics 365: Microsoft verteilt privaten Schlüssel an alle Kunden“ – golem.de, 08.12.2017 „Mehr als 100 Gigabyte: Vertrauliche Daten der NSA ungeschützt in der Cloud“ – heise online, 29.11.2017 „Hackerangriff: Uber verschleierte Datenklau von 57 Millionen Nutzern“ – computerbase, 22.11.2017 „Russian Hackers Stole NSA Data on U.S. Cyber Defense” – The Wall Street Journal, 05.10.2017 „Passwords To Access Over A Half Million CarTracking Devices Just Leaked Online” – gizmodo Australia, 23.09.2017 „Daten von Millionen Verizon-Kunden waren ungeschützt“ – heise online, 13.07.2017 „GOP Data Firm Accidentally Leaks Personal Details Of Nearly 200 Million AmericanVoters” – gizmodo Australia, 20.06.2017 „Telekom-Cloud-Kunde konnte fremde Adressbücher einsehen“ – golem.de, 08.12.2016
Risks of operating a cloud infrastructure Franz Wimmer 39 Sensitive data can be stolen Solution: Secure access to persistent volumes with SELinux Free network access between nodes, pods and containers Solution: Restrict network traffic with network policies Security holes in applications / containers Solution: Update your Docker images regularly! „Malware“ containers inside the cluster Solution: Operate your own Docker registry Access without authentication and authorization Solution: Use OpenShift as Oauth provider
Live - Demo
1. Introduction 2. Basic Cloud Computing 3. Used Technologies 4. Implementation 5. Security 6. Live Demo 7. Lessons learned 8. Summary
Lessons learned Franz Wimmer 42 These lessons are from a real-world project: Do not operate a file system over a network! Unless it‘s a latency-free SAN. ZooKeeper cluster collapses => SolrCloud collapses Better: Local SSD storage Do not operate Solr inside OpenShift! Unless you got local SSD storage Solr relies on heavy read / write load Do not operate Solr inside containers! Solr uses memory mapped files for caching Memory mapped files are not managed by Docker / cgroups / namespaces This basically allows escaping from a container.
Evaluation & Summary Franz Wimmer 43 Technology stack is running on OpenShift … with some constraints OpenShift tools are suitable for that Docker images had to be customized Impediments and pitfalls are documented now … but there are many more. Not all applications are „cloud native“
Sources Franz Wimmer 44 Kapiteltrenner: pexels.com – CC0 License [Kac] Kachris, Christoforos & Tomkos, Ioannis. (2015). A Roadmap on Optical Interconnects in Data Centre Networks. . 10.1109/ICTON.2015.7193535. [Mel11] P. Mell, T. Grance et al. The NIST definition of cloud computing - Recommendations of the National Institute of Standards and Technology. NIST Special Publication 800-145, 2011. [War13] J. S. Ward und A. Barker. Undefined by data: a survey of big data definitions. arXiv preprint arXiv:1309.5821, 2013.
27.09.2018 QAware 45
FranzWimmer franz.wimmer@qaware.de @zalintyre xing.com/companies/qawaregmbh linkedin.com/company/qaware-gmbh slideshare.net/qaware twitter.com/qaware github.com/qaware youtube.com/qawaregmbh
1 of 46

Leveraging the power of SolrCloud and Spark with OpenShift

Download to read offline
Data & Analytics

Kubernetes/Cloud-Native-Meetup September 2018, Munich : Talk by Franz Wimmer (@zalintyre, Software Engineer at QAware) Abstract: One of the most commonly used big data processing frameworks is Apache Spark. Spark manages to process large datasets with parallelization. Solr is a search platform based on Lucene. Solr can be distributed across a cluster using ZooKeeper for configuration management. Both applications can be combined to create performant Big Data applications. But what if you want to scale up horizonally and add a node? In a manual setup, you'd have to install the new node manually. Cluster orchestrators like OpenShift claim to solve this problem. This talk shows how to put Spark, Solr and ZooKeeper into containers, which can then be scaled individually inside a cluster using OpenShift. We will cover OpenShift details like DeploymentConfigs, StatefulSets, Services, Routes and Persistent Volumes and install a complete, failsafe and horizontally scaleable SolrCloud / Spark / Zookeeper cluster in seconds. You will also learn about the drawbacks and pitfalls of running Big Data applications inside an OpenShift cluster.

QAware GmbH
QAware GmbHQAware GmbH

Recommended

IBM Enterprise 2014 - System z Technical University - Preliminary Agenda by
IBM Enterprise 2014 - System z Technical University - Preliminary Agenda IBM Enterprise 2014 - System z Technical University - Preliminary Agenda
IBM Enterprise 2014 - System z Technical University - Preliminary Agenda Casey Lucas
4.2K views20 slides
System z Market View and New Customers by
System z Market View and New CustomersSystem z Market View and New Customers
System z Market View and New Customersdkang
831 views29 slides
Pres Db2 native rest json and z/OS connect by
Pres Db2 native rest json and z/OS connect Pres Db2 native rest json and z/OS connect
Pres Db2 native rest json and z/OS connect Cécile Benhamou
1.2K views34 slides
The NRB Group mainframe day 2021 - IBM Z-Strategy & Roadmap - Adam John Sturg... by
The NRB Group mainframe day 2021 - IBM Z-Strategy & Roadmap - Adam John Sturg...The NRB Group mainframe day 2021 - IBM Z-Strategy & Roadmap - Adam John Sturg...
The NRB Group mainframe day 2021 - IBM Z-Strategy & Roadmap - Adam John Sturg...NRB
353 views51 slides
Assembler & z/OS Internals Syllabus by
Assembler & z/OS Internals SyllabusAssembler & z/OS Internals Syllabus
Assembler & z/OS Internals SyllabusDeru Sudibyo
1.3K views33 slides
IBM Insight 2013 - Aetna's production experience using IBM DB2 Analytics Acce... by
IBM Insight 2013 - Aetna's production experience using IBM DB2 Analytics Acce...IBM Insight 2013 - Aetna's production experience using IBM DB2 Analytics Acce...
IBM Insight 2013 - Aetna's production experience using IBM DB2 Analytics Acce...Daniel Martin
429 views33 slides

More Related Content

What's hot

IBM Z for the Digital Enterprise - IBM Z Software Keynote by
IBM Z for the Digital Enterprise - IBM Z Software KeynoteIBM Z for the Digital Enterprise - IBM Z Software Keynote
IBM Z for the Digital Enterprise - IBM Z Software KeynoteDevOps for Enterprise Systems
472 views38 slides
Gse 2009 Cmolaro Final02 1 by
Gse 2009 Cmolaro Final02 1Gse 2009 Cmolaro Final02 1
Gse 2009 Cmolaro Final02 1Cristian Molaro
624 views54 slides
02introduction by
02introduction02introduction
02introductionlakshmankumar60
299 views75 slides
Native Stored Procedures with data studio by
Native Stored Procedures with data studioNative Stored Procedures with data studio
Native Stored Procedures with data studioJørn Thyssen
203 views4 slides
Cloud Computing Overview by
Cloud Computing OverviewCloud Computing Overview
Cloud Computing OverviewMarcelo Sávio
961 views55 slides
IBM zEnterprise: Retail by
IBM zEnterprise: RetailIBM zEnterprise: Retail
IBM zEnterprise: RetailStrategy Advisory Group
824 views13 slides

What's hot(20)

IBM Z for the Digital Enterprise - IBM Z Software Keynote by DevOps for Enterprise Systems
IBM Z for the Digital Enterprise - IBM Z Software KeynoteIBM Z for the Digital Enterprise - IBM Z Software Keynote
IBM Z for the Digital Enterprise - IBM Z Software Keynote
DevOps for Enterprise Systems472 views
Gse 2009 Cmolaro Final02 1 by Cristian Molaro
Gse 2009 Cmolaro Final02 1Gse 2009 Cmolaro Final02 1
Gse 2009 Cmolaro Final02 1
Cristian Molaro624 views
02introduction by lakshmankumar60
02introduction02introduction
02introduction
lakshmankumar60299 views
Native Stored Procedures with data studio by Jørn Thyssen
Native Stored Procedures with data studioNative Stored Procedures with data studio
Native Stored Procedures with data studio
Jørn Thyssen203 views
Cloud Computing Overview by Marcelo Sávio
Cloud Computing OverviewCloud Computing Overview
Cloud Computing Overview
Marcelo Sávio961 views
IBM zEnterprise: Retail by Strategy Advisory Group
IBM zEnterprise: RetailIBM zEnterprise: Retail
IBM zEnterprise: Retail
Strategy Advisory Group824 views
Mainframe Optimization with Modern Systems by Modern Systems
Mainframe Optimization with Modern SystemsMainframe Optimization with Modern Systems
Mainframe Optimization with Modern Systems
Modern Systems554 views
Benchmarking Market Pricing by Information Services Group (ISG)
Benchmarking Market PricingBenchmarking Market Pricing
Benchmarking Market Pricing
Information Services Group (ISG)2.7K views
The Reality Facing The Mainframe World by Ian Baynes
The Reality Facing The Mainframe WorldThe Reality Facing The Mainframe World
The Reality Facing The Mainframe World
Ian Baynes994 views
The NRB Group mainframe day 2021 - Containerisation on Z - Paul Pilotto - Seb... by NRB
The NRB Group mainframe day 2021 - Containerisation on Z - Paul Pilotto - Seb...The NRB Group mainframe day 2021 - Containerisation on Z - Paul Pilotto - Seb...
The NRB Group mainframe day 2021 - Containerisation on Z - Paul Pilotto - Seb...
NRB208 views
AIA 4 Iowa Apps User Group by Jim Basler
AIA 4 Iowa Apps User GroupAIA 4 Iowa Apps User Group
AIA 4 Iowa Apps User Group
Jim Basler778 views
The NRB Group mainframe day 2021 - Security On Z - Guillaume Hoareau by NRB
The NRB Group mainframe day 2021 - Security On Z - Guillaume HoareauThe NRB Group mainframe day 2021 - Security On Z - Guillaume Hoareau
The NRB Group mainframe day 2021 - Security On Z - Guillaume Hoareau
NRB91 views
Analytics on z Systems Focus on Real Time - Hélène Lyon by NRB
Analytics on z Systems Focus on Real Time - Hélène LyonAnalytics on z Systems Focus on Real Time - Hélène Lyon
Analytics on z Systems Focus on Real Time - Hélène Lyon
NRB578 views
Maintec Corporate Overview by Maintec Technologies Inc.
Maintec Corporate OverviewMaintec Corporate Overview
Maintec Corporate Overview
Maintec Technologies Inc.1.3K views
Nrb Mainframe Day - Nrb Mainframe Strategy - Pascal Laffineur by NRB
Nrb Mainframe Day - Nrb Mainframe Strategy - Pascal LaffineurNrb Mainframe Day - Nrb Mainframe Strategy - Pascal Laffineur
Nrb Mainframe Day - Nrb Mainframe Strategy - Pascal Laffineur
NRB254 views
The NRB Group mainframe day 2021 - The NRB Group & The Mainframe - Pascal Laf... by NRB
The NRB Group mainframe day 2021 - The NRB Group & The Mainframe - Pascal Laf...The NRB Group mainframe day 2021 - The NRB Group & The Mainframe - Pascal Laf...
The NRB Group mainframe day 2021 - The NRB Group & The Mainframe - Pascal Laf...
NRB154 views
2014 01-23-eranea-apalia-private-cloud by Didier Durand
2014 01-23-eranea-apalia-private-cloud2014 01-23-eranea-apalia-private-cloud
2014 01-23-eranea-apalia-private-cloud
Didier Durand1.1K views
The NRB Group mainframe day 2021 - New Programming Languages on Z - Frank Van... by NRB
The NRB Group mainframe day 2021 - New Programming Languages on Z - Frank Van...The NRB Group mainframe day 2021 - New Programming Languages on Z - Frank Van...
The NRB Group mainframe day 2021 - New Programming Languages on Z - Frank Van...
NRB126 views
Nrb Mainframe Day - z Legacy Innovation - New Architecture And Api Services -... by NRB
Nrb Mainframe Day - z Legacy Innovation - New Architecture And Api Services -...Nrb Mainframe Day - z Legacy Innovation - New Architecture And Api Services -...
Nrb Mainframe Day - z Legacy Innovation - New Architecture And Api Services -...
NRB266 views
NRB Vmware vForum 2019 by NRB
NRB Vmware vForum 2019NRB Vmware vForum 2019
NRB Vmware vForum 2019
NRB173 views

Similar to Leveraging the power of SolrCloud and Spark with OpenShift

A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17 by
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17Mario-Leander Reimer
563 views52 slides
A hitchhiker‘s guide to the cloud native stack by
A hitchhiker‘s guide to the cloud native stackA hitchhiker‘s guide to the cloud native stack
A hitchhiker‘s guide to the cloud native stackQAware GmbH
946 views52 slides
Security in serverless world by
Security in serverless worldSecurity in serverless world
Security in serverless worldYan Cui
1.5K views172 slides
DevSecCon London 2018: Security in the serverless world by
DevSecCon London 2018: Security in the serverless worldDevSecCon London 2018: Security in the serverless world
DevSecCon London 2018: Security in the serverless worldDevSecCon
298 views172 slides
Modeling and Simulation of Parallel and Distributed Computing Systems with Si... by
Modeling and Simulation of Parallel and Distributed Computing Systems with Si...Modeling and Simulation of Parallel and Distributed Computing Systems with Si...
Modeling and Simulation of Parallel and Distributed Computing Systems with Si...Rafael Ferreira da Silva
297 views16 slides
E2E Services using Cloud Visitation Platforms by
E2E Services using Cloud Visitation PlatformsE2E Services using Cloud Visitation Platforms
E2E Services using Cloud Visitation PlatformsTokyo University of Science
543 views26 slides

Similar to Leveraging the power of SolrCloud and Spark with OpenShift(20)

A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17 by Mario-Leander Reimer
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
Mario-Leander Reimer563 views
A hitchhiker‘s guide to the cloud native stack by QAware GmbH
A hitchhiker‘s guide to the cloud native stackA hitchhiker‘s guide to the cloud native stack
A hitchhiker‘s guide to the cloud native stack
QAware GmbH946 views
Security in serverless world by Yan Cui
Security in serverless worldSecurity in serverless world
Security in serverless world
Yan Cui1.5K views
DevSecCon London 2018: Security in the serverless world by DevSecCon
DevSecCon London 2018: Security in the serverless worldDevSecCon London 2018: Security in the serverless world
DevSecCon London 2018: Security in the serverless world
DevSecCon298 views
Modeling and Simulation of Parallel and Distributed Computing Systems with Si... by Rafael Ferreira da Silva
Modeling and Simulation of Parallel and Distributed Computing Systems with Si...Modeling and Simulation of Parallel and Distributed Computing Systems with Si...
Modeling and Simulation of Parallel and Distributed Computing Systems with Si...
Rafael Ferreira da Silva297 views
E2E Services using Cloud Visitation Platforms by Tokyo University of Science
E2E Services using Cloud Visitation PlatformsE2E Services using Cloud Visitation Platforms
E2E Services using Cloud Visitation Platforms
Tokyo University of Science543 views
20200113 - IBM Cloud Côte d'Azur - DeepDive Kubernetes by IBM France Lab
20200113 - IBM Cloud Côte d'Azur - DeepDive Kubernetes20200113 - IBM Cloud Côte d'Azur - DeepDive Kubernetes
20200113 - IBM Cloud Côte d'Azur - DeepDive Kubernetes
IBM France Lab361 views
Continuous Security: From tins to containers - now what! by Michael Man
Continuous Security: From tins to containers - now what!Continuous Security: From tins to containers - now what!
Continuous Security: From tins to containers - now what!
Michael Man463 views
Eventsggx by Stéphane Maldini
EventsggxEventsggx
Eventsggx
Stéphane Maldini1.6K views
Security in Serverless world by Yan Cui
Security in Serverless worldSecurity in Serverless world
Security in Serverless world
Yan Cui784 views
Secure Application Development in the Age of Continuous Delivery by Tim Mackey
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
Tim Mackey484 views
Secure Application Development in the Age of Continuous Delivery by Black Duck by Synopsys
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
Black Duck by Synopsys816 views
Security in serverless world (get.net) by Yan Cui
Security in serverless world (get.net)Security in serverless world (get.net)
Security in serverless world (get.net)
Yan Cui1.7K views
Security in serverless world by Yan Cui
Security in serverless worldSecurity in serverless world
Security in serverless world
Yan Cui3.5K views
Web scale infrastructures with kubernetes and flannel by purpleocean
Web scale infrastructures with kubernetes and flannelWeb scale infrastructures with kubernetes and flannel
Web scale infrastructures with kubernetes and flannel
purpleocean948 views
Monitoring CloudStack and components by ShapeBlue
Monitoring CloudStack and componentsMonitoring CloudStack and components
Monitoring CloudStack and components
ShapeBlue1.6K views
Serverless Security: Defence Against the Dark Arts by Yan Cui
Serverless Security: Defence Against the Dark ArtsServerless Security: Defence Against the Dark Arts
Serverless Security: Defence Against the Dark Arts
Yan Cui291 views
4156 Twist and cloud-how ibm customers make cics dance by nick_garrod
4156 Twist and cloud-how ibm customers make cics dance4156 Twist and cloud-how ibm customers make cics dance
4156 Twist and cloud-how ibm customers make cics dance
nick_garrod753 views
Kubernetes Security Workshop by Mirantis
Kubernetes Security WorkshopKubernetes Security Workshop
Kubernetes Security Workshop
Mirantis223 views
Using hypervisor and container technology to increase datacenter security pos... by Black Duck by Synopsys
Using hypervisor and container technology to increase datacenter security pos...Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...
Black Duck by Synopsys344 views

More from QAware GmbH

Make Developers Fly: Principles for Platform Engineering by
Make Developers Fly: Principles for Platform EngineeringMake Developers Fly: Principles for Platform Engineering
Make Developers Fly: Principles for Platform EngineeringQAware GmbH
5 views44 slides
Der Tod der Testpyramide? – Frontend-Testing mit Playwright by
Der Tod der Testpyramide? – Frontend-Testing mit PlaywrightDer Tod der Testpyramide? – Frontend-Testing mit Playwright
Der Tod der Testpyramide? – Frontend-Testing mit PlaywrightQAware GmbH
7 views34 slides
Was kommt nach den SPAs by
Was kommt nach den SPAsWas kommt nach den SPAs
Was kommt nach den SPAsQAware GmbH
6 views47 slides
Cloud Migration mit KI: der Turbo by
Cloud Migration mit KI: der Turbo Cloud Migration mit KI: der Turbo
Cloud Migration mit KI: der Turbo QAware GmbH
18 views23 slides
Migration von stark regulierten Anwendungen in die Cloud: Dem Teufel die See... by
Migration von stark regulierten Anwendungen in die Cloud: Dem Teufel die See... Migration von stark regulierten Anwendungen in die Cloud: Dem Teufel die See...
Migration von stark regulierten Anwendungen in die Cloud: Dem Teufel die See...QAware GmbH
17 views13 slides
Aus blau wird grün! Ansätze und Technologien für nachhaltige Kubernetes-Cluster by
Aus blau wird grün! Ansätze und Technologien für nachhaltige Kubernetes-Cluster Aus blau wird grün! Ansätze und Technologien für nachhaltige Kubernetes-Cluster
Aus blau wird grün! Ansätze und Technologien für nachhaltige Kubernetes-Cluster QAware GmbH
16 views31 slides

More from QAware GmbH(20)

Make Developers Fly: Principles for Platform Engineering by QAware GmbH
Make Developers Fly: Principles for Platform EngineeringMake Developers Fly: Principles for Platform Engineering
Make Developers Fly: Principles for Platform Engineering
QAware GmbH5 views
Der Tod der Testpyramide? – Frontend-Testing mit Playwright by QAware GmbH
Der Tod der Testpyramide? – Frontend-Testing mit PlaywrightDer Tod der Testpyramide? – Frontend-Testing mit Playwright
Der Tod der Testpyramide? – Frontend-Testing mit Playwright
QAware GmbH7 views
Was kommt nach den SPAs by QAware GmbH
Was kommt nach den SPAsWas kommt nach den SPAs
Was kommt nach den SPAs
QAware GmbH6 views
Cloud Migration mit KI: der Turbo by QAware GmbH
Cloud Migration mit KI: der Turbo Cloud Migration mit KI: der Turbo
Cloud Migration mit KI: der Turbo
QAware GmbH18 views
Migration von stark regulierten Anwendungen in die Cloud: Dem Teufel die See... by QAware GmbH
Migration von stark regulierten Anwendungen in die Cloud: Dem Teufel die See... Migration von stark regulierten Anwendungen in die Cloud: Dem Teufel die See...
Migration von stark regulierten Anwendungen in die Cloud: Dem Teufel die See...
QAware GmbH17 views
Aus blau wird grün! Ansätze und Technologien für nachhaltige Kubernetes-Cluster by QAware GmbH
Aus blau wird grün! Ansätze und Technologien für nachhaltige Kubernetes-Cluster Aus blau wird grün! Ansätze und Technologien für nachhaltige Kubernetes-Cluster
Aus blau wird grün! Ansätze und Technologien für nachhaltige Kubernetes-Cluster
QAware GmbH16 views
Endlich gute API Tests. Boldly Testing APIs Where No One Has Tested Before. by QAware GmbH
Endlich gute API Tests. Boldly Testing APIs Where No One Has Tested Before.Endlich gute API Tests. Boldly Testing APIs Where No One Has Tested Before.
Endlich gute API Tests. Boldly Testing APIs Where No One Has Tested Before.
QAware GmbH20 views
Kubernetes with Cilium in AWS - Experience Report! by QAware GmbH
Kubernetes with Cilium in AWS - Experience Report!Kubernetes with Cilium in AWS - Experience Report!
Kubernetes with Cilium in AWS - Experience Report!
QAware GmbH45 views
Kontinuierliche Sicherheitstests für APIs mit Testkube und OWASP ZAP by QAware GmbH
Kontinuierliche Sicherheitstests für APIs mit Testkube und OWASP ZAPKontinuierliche Sicherheitstests für APIs mit Testkube und OWASP ZAP
Kontinuierliche Sicherheitstests für APIs mit Testkube und OWASP ZAP
QAware GmbH20 views
Blue turns green! Approaches and technologies for sustainable K8s clusters. by QAware GmbH
Blue turns green! Approaches and technologies for sustainable K8s clusters.Blue turns green! Approaches and technologies for sustainable K8s clusters.
Blue turns green! Approaches and technologies for sustainable K8s clusters.
QAware GmbH32 views
Per Anhalter zu Cloud Nativen API Gateways by QAware GmbH
Per Anhalter zu Cloud Nativen API GatewaysPer Anhalter zu Cloud Nativen API Gateways
Per Anhalter zu Cloud Nativen API Gateways
QAware GmbH30 views
Aus blau wird grün! Ansätze und Technologien für nachhaltige Kubernetes-Cluster by QAware GmbH
Aus blau wird grün! Ansätze und Technologien für nachhaltige Kubernetes-Cluster Aus blau wird grün! Ansätze und Technologien für nachhaltige Kubernetes-Cluster
Aus blau wird grün! Ansätze und Technologien für nachhaltige Kubernetes-Cluster
QAware GmbH22 views
How to speed up Spring Integration Tests by QAware GmbH
How to speed up Spring Integration TestsHow to speed up Spring Integration Tests
How to speed up Spring Integration Tests
QAware GmbH21 views
Aus blau wird grün! Ansätze und Technologien für nachhaltige Kubernetes-Cluster by QAware GmbH
Aus blau wird grün! Ansätze und Technologien für nachhaltige Kubernetes-ClusterAus blau wird grün! Ansätze und Technologien für nachhaltige Kubernetes-Cluster
Aus blau wird grün! Ansätze und Technologien für nachhaltige Kubernetes-Cluster
QAware GmbH42 views
Cloud Migration – Eine Strategie die funktioniert by QAware GmbH
Cloud Migration – Eine Strategie die funktioniertCloud Migration – Eine Strategie die funktioniert
Cloud Migration – Eine Strategie die funktioniert
QAware GmbH28 views
Policy Driven Microservices mit Open Policy Agent by QAware GmbH
Policy Driven Microservices mit Open Policy AgentPolicy Driven Microservices mit Open Policy Agent
Policy Driven Microservices mit Open Policy Agent
QAware GmbH15 views
Make Developers Fly: Principles for Platform Engineering by QAware GmbH
Make Developers Fly: Principles for Platform EngineeringMake Developers Fly: Principles for Platform Engineering
Make Developers Fly: Principles for Platform Engineering
QAware GmbH61 views
Security Lab: OIDC in der Praxis by QAware GmbH
Security Lab: OIDC in der PraxisSecurity Lab: OIDC in der Praxis
Security Lab: OIDC in der Praxis
QAware GmbH19 views
Die nächsten 100 Microservices by QAware GmbH
Die nächsten 100 MicroservicesDie nächsten 100 Microservices
Die nächsten 100 Microservices
QAware GmbH14 views
Enterprise-level Kubernetes Security mit Open Source Tools - geht das? by QAware GmbH
Enterprise-level Kubernetes Security mit Open Source Tools - geht das?Enterprise-level Kubernetes Security mit Open Source Tools - geht das?
Enterprise-level Kubernetes Security mit Open Source Tools - geht das?
QAware GmbH33 views

Recently uploaded

Construction Accidents & Injuries by
Construction Accidents & InjuriesConstruction Accidents & Injuries
Construction Accidents & InjuriesBisnar Chase Personal Injury Attorneys
6 views5 slides
Oral presentation (1).pdf by
Oral presentation (1).pdfOral presentation (1).pdf
Oral presentation (1).pdfreemalmazroui8
5 views10 slides
Product Research sample.pdf by
Product Research sample.pdfProduct Research sample.pdf
Product Research sample.pdfAllenSingson
33 views29 slides
[DSC Europe 23] Danijela Horak - The Innovator’s Dilemma: to Build or Not to ... by
[DSC Europe 23] Danijela Horak - The Innovator’s Dilemma: to Build or Not to ...[DSC Europe 23] Danijela Horak - The Innovator’s Dilemma: to Build or Not to ...
[DSC Europe 23] Danijela Horak - The Innovator’s Dilemma: to Build or Not to ...DataScienceConferenc1
5 views19 slides
[DSC Europe 23][AI:CSI] Dragan Pleskonjic - AI Impact on Cybersecurity and P... by
[DSC Europe 23][AI:CSI] Dragan Pleskonjic - AI Impact on Cybersecurity and P...[DSC Europe 23][AI:CSI] Dragan Pleskonjic - AI Impact on Cybersecurity and P...
[DSC Europe 23][AI:CSI] Dragan Pleskonjic - AI Impact on Cybersecurity and P...DataScienceConferenc1
8 views36 slides
4_4_WP_4_06_ND_Model.pptx by
4_4_WP_4_06_ND_Model.pptx4_4_WP_4_06_ND_Model.pptx
4_4_WP_4_06_ND_Model.pptxd6fmc6kwd4
7 views13 slides

Recently uploaded(20)

Construction Accidents & Injuries by Bisnar Chase Personal Injury Attorneys
Construction Accidents & InjuriesConstruction Accidents & Injuries
Construction Accidents & Injuries
Bisnar Chase Personal Injury Attorneys6 views
Oral presentation (1).pdf by reemalmazroui8
Oral presentation (1).pdfOral presentation (1).pdf
Oral presentation (1).pdf
reemalmazroui85 views
Product Research sample.pdf by AllenSingson
Product Research sample.pdfProduct Research sample.pdf
Product Research sample.pdf
AllenSingson33 views
[DSC Europe 23] Danijela Horak - The Innovator’s Dilemma: to Build or Not to ... by DataScienceConferenc1
[DSC Europe 23] Danijela Horak - The Innovator’s Dilemma: to Build or Not to ...[DSC Europe 23] Danijela Horak - The Innovator’s Dilemma: to Build or Not to ...
[DSC Europe 23] Danijela Horak - The Innovator’s Dilemma: to Build or Not to ...
DataScienceConferenc15 views
[DSC Europe 23][AI:CSI] Dragan Pleskonjic - AI Impact on Cybersecurity and P... by DataScienceConferenc1
[DSC Europe 23][AI:CSI] Dragan Pleskonjic - AI Impact on Cybersecurity and P...[DSC Europe 23][AI:CSI] Dragan Pleskonjic - AI Impact on Cybersecurity and P...
[DSC Europe 23][AI:CSI] Dragan Pleskonjic - AI Impact on Cybersecurity and P...
DataScienceConferenc18 views
4_4_WP_4_06_ND_Model.pptx by d6fmc6kwd4
4_4_WP_4_06_ND_Model.pptx4_4_WP_4_06_ND_Model.pptx
4_4_WP_4_06_ND_Model.pptx
d6fmc6kwd47 views
Listed Instruments Survey 2022.pptx by secretariat4
Listed Instruments Survey 2022.pptxListed Instruments Survey 2022.pptx
Listed Instruments Survey 2022.pptx
secretariat493 views
Inawisdom Quick Sight by PhilipBasford
Inawisdom Quick SightInawisdom Quick Sight
Inawisdom Quick Sight
PhilipBasford7 views
[DSC Europe 23] Stefan Mrsic_Goran Savic - Evolving Technology Excellence.pptx by DataScienceConferenc1
[DSC Europe 23] Stefan Mrsic_Goran Savic - Evolving Technology Excellence.pptx[DSC Europe 23] Stefan Mrsic_Goran Savic - Evolving Technology Excellence.pptx
[DSC Europe 23] Stefan Mrsic_Goran Savic - Evolving Technology Excellence.pptx
DataScienceConferenc111 views
Inawsidom - Data Journey by PhilipBasford
Inawsidom - Data JourneyInawsidom - Data Journey
Inawsidom - Data Journey
PhilipBasford8 views
[DSC Europe 23] Ivan Dundovic - How To Treat Your Data As A Product.pptx by DataScienceConferenc1
[DSC Europe 23] Ivan Dundovic - How To Treat Your Data As A Product.pptx[DSC Europe 23] Ivan Dundovic - How To Treat Your Data As A Product.pptx
[DSC Europe 23] Ivan Dundovic - How To Treat Your Data As A Product.pptx
DataScienceConferenc16 views
Shreyas hospital statistics.pdf by samithavinal
Shreyas hospital statistics.pdfShreyas hospital statistics.pdf
Shreyas hospital statistics.pdf
samithavinal5 views
SUPER STORE SQL PROJECT.pptx by khan888620
SUPER STORE SQL PROJECT.pptxSUPER STORE SQL PROJECT.pptx
SUPER STORE SQL PROJECT.pptx
khan88862013 views
[DSC Europe 23][Cryptica] Martin_Summer_Digital_central_bank_money_Ideas_init... by DataScienceConferenc1
[DSC Europe 23][Cryptica] Martin_Summer_Digital_central_bank_money_Ideas_init...[DSC Europe 23][Cryptica] Martin_Summer_Digital_central_bank_money_Ideas_init...
[DSC Europe 23][Cryptica] Martin_Summer_Digital_central_bank_money_Ideas_init...
DataScienceConferenc15 views
Ukraine Infographic_22NOV2023_v2.pdf by AnastosiyaGurin
Ukraine Infographic_22NOV2023_v2.pdfUkraine Infographic_22NOV2023_v2.pdf
Ukraine Infographic_22NOV2023_v2.pdf
AnastosiyaGurin1.4K views
6498-Butun_Beyinli_Cocuq-Daniel_J.Siegel-Tina_Payne_Bryson-2011-259s.pdf by 10urkyr34
6498-Butun_Beyinli_Cocuq-Daniel_J.Siegel-Tina_Payne_Bryson-2011-259s.pdf6498-Butun_Beyinli_Cocuq-Daniel_J.Siegel-Tina_Payne_Bryson-2011-259s.pdf
6498-Butun_Beyinli_Cocuq-Daniel_J.Siegel-Tina_Payne_Bryson-2011-259s.pdf
10urkyr347 views
LIVE OAK MEMORIAL PARK.pptx by ms2332always
LIVE OAK MEMORIAL PARK.pptxLIVE OAK MEMORIAL PARK.pptx
LIVE OAK MEMORIAL PARK.pptx
ms2332always7 views
AvizoImageSegmentation.pptx by nathanielbutterworth1
AvizoImageSegmentation.pptxAvizoImageSegmentation.pptx
AvizoImageSegmentation.pptx
nathanielbutterworth17 views
Data about the sector workshop by info828217
Data about the sector workshopData about the sector workshop
Data about the sector workshop
info82821729 views
[DSC Europe 23] Spela Poklukar & Tea Brasanac - Retrieval Augmented Generation by DataScienceConferenc1
[DSC Europe 23] Spela Poklukar & Tea Brasanac - Retrieval Augmented Generation[DSC Europe 23] Spela Poklukar & Tea Brasanac - Retrieval Augmented Generation
[DSC Europe 23] Spela Poklukar & Tea Brasanac - Retrieval Augmented Generation
DataScienceConferenc119 views

Leveraging the power of SolrCloud and Spark with OpenShift

  • 1. FranzWimmer franz.wimmer@qaware.de @zalintyre Leveraging the power of SolrCloud and Spark with OpenShift 27.09.2018
  • 2. 1. Introduction 2. Basic Cloud Computing 3. Used Technologies 4. Implementation 5. Security 6. Live Demo 7. Lessions learned 8. Summary
  • 3. Franz Wimmer Software Engineer since 2018 2017 / 2018 2016 - 2018 2011 - 2016 QAware GmbH: Software Engineer Master‘s thesis @ QAware GmbH M.Sc. Computer Science @ FH Rosenheim Dual B.Sc. Computer Science @ FH Rosenheim Contact E-Mail: franz.wimmer@qaware.de QAware 3
  • 4. 1. Introduction 2. Basic Cloud Computing 3. Used Technologies 4. Implementation 5. Security 6. Live Demo 7. Lessions learned 8. Summary
  • 6. Definition: BigData Franz Wimmer 6 „Big Data refers to the inability of traditional data architectures to efficiently handle the new datasets.” − National Institute of Standards and Technology, USA Four Characteristics of „BigData”: Volume Variety Velocity Variability Related Technologies [War13]: NoSQL MapReduce Machine Learning
  • 7. Definition: Cloud Computing Franz Wimmer 7 Providing compute power / storage / applications over a network Characteristics [Mel11]: Automated management Network access Resource pools Monitoring of resource consumption
  • 8. SaaS PaaS IaaS Software as a Service - Ready-to-use applications Platform as a Service - Development tools - Databases / APIs Infrastructure as a Service - Hardware - Network User Developer Operations Target audienceType Cloud Computing: Bereitstellungsmodelle Franz Wimmer 8
  • 9. SaaS PaaS IaaS Software as a Service - Ready-to-use applications Platform as a Service - Development tools - Databases / APIs Infrastructure as a Service - Hardware - Network User Developer Operations Target audienceType Cloud Computing: Bereitstellungsmodelle Franz Wimmer 9
  • 11. Size of data keeps growing Compute power doesn‘t scale at the same amount Parallelization Scale out Diagram: [Kac] Size of data vs. compute power (global) Franz Wimmer 11
  • 12. 1. Introduction 2. Basic Cloud Computing 3. UsedTechnologies 4. Implementation 5. Security 6. Live Demo 7. Lessions learned 8. Summary
  • 14. Docker Franz Wimmer 14 Virtualization software Puts your applications into containers Virtualization with Linux resources Overhead: 0-4% (VM: 17-22%) Hardware Host-Betriebssystem Docker Bibliotheken Anwendung Bibliotheken Anwendung Hardware Hypervisor Bibliotheken Anwendung Gast-OS Bibliotheken Anwendung Gast-OS Container Virtuelle Maschine
  • 15. FROM python:2.7-alpine COPY ./spark-ui-proxy.py / ENV SERVER_PORT=8080 ENV BIND_ADDR="0.0.0.0" EXPOSE 8080 ENTRYPOINT ["python", "/spark-ui-proxy.py"] Docker Franz Wimmer 15 Docker compiles applications into images Dockerfiles describe images Images can be started as a container as often as desired
  • 16. Containers: not enough for a production system Franz Wimmer 16 Image: https://twitter.com/mfdii/status/697532387240996864
  • 17. Kubernetes Franz Wimmer 17 Cluster-Orchestrator Container management Container can be grouped to pods Features: Scaling and load balancing Overlay network Service discovery Health checks Management of persistent storage Reactive Manifesto: Pods can be terminated any time Image: https://cloudplatform.googleblog.com/2015/01/what-makes-a-container-cluster.html
  • 18. Kubernetes Franz Wimmer 18 Transfer rates taken with iPerf: Metric Transfer rate One pod, two containers 56,7 GBit/s One node, two pods 42,7 GBit/s Two nodes, one pod each 0,90 GBit/s
  • 19. OpenShift Franz Wimmer 19 „Enterprise Kubernetes“ PaaS plattform Features: Templates Routes Editions: Online Container Platform Dedicated Origin (Open Source)
  • 20. OpenShift Architecture Franz Wimmer 20 Grafik: https://docs.openshift.org/latest/architecture/index.html
  • 22. Apache Spark Franz Wimmer 22 Framework for distributed computing For example: MapReduce Supports arbitrary backend storage services (SQL, HDFS, …) Master-Slave architecture Image: https://jaceklaskowski.gitbooks.io/mastering-apache-spark/spark-architecture.html
  • 23. SolrCloud Franz Wimmer 23 NoSQL Database Based on Lucene Features: Full text search REST interface Scalable and fault tolerant with shards and replicas SolrCloud: Distributed on multiple nodes Manages itself via ZooKeeper
  • 24. ZooKeeper Franz Wimmer 24 Distributed configuration management Ensures consistency in distributed services Images: https://zookeeper.apache.org/doc/current/zookeeperOver.html https://blog.kloia.com/distributed-computing-in-microservices-cap-theorem-253c16017a99
  • 25. Other cloud technologies in this thesis… … an incomplete list Franz Wimmer 25 Hadoop File System Cloudera Hue (Web-UI für Hadoop) ZooNavigator (Web-UI für ZooKeeper) Zeppelin (Web-UI für Spark)
  • 26. Goals
  • 27. Image: QAware GmbH Target architecture Franz Wimmer 27
  • 28. Goals of this thesis Franz Wimmer 28 Proving the technology stack Automated deployment of BigData applications Impediments and pitfalls should be documented
  • 29. 1. Introduction 2. Basic Cloud Computing 3. Used Technologies 4. Implementation 5. Security 6. Live Demo 7. Lessions learned 8. Summary
  • 30. # OpenShift template for automated deployment of Solr apiVersion: v1 kind: Template metadata: name: spark-solr.template objects: - [...] - [...] OpenShift templates Franz Wimmer 30 Templates: Describe applications in the cluster Written in YAML Easy to read and write (depends ;) ) Can be parametrized Objects: z.B. Controllers like DeploymentConfigs or StatefulSets
  • 31. [...] - apiVersion: v1 kind: DeploymentConfig spec: replicas: 1 template: spec: containers: - args: - sbin/start-master.sh env: - name: SPARK_MASTER_PORT value: '7077' image: spark:latest ports: - containerPort: 7077 name: spark-driver - containerPort: 8080 name: spark-mstr-http Stateless applications: DeploymentConfig Franz Wimmer 31
  • 32. [...] - apiVersion: apps/v1beta1 kind: StatefulSet spec: replicas: 7 template: spec: containers: - command: - 'bin/solr -f -c -z zookeeper:2181 -s /solrdata' image: solr:latest volumeMounts: - name: solr-pvc mountPath: /solrdata volumeClaimTemplates: - spec: accessModes: [ "ReadWriteOnce" ] resources: requests: storage: "10Gi" Stateful applications: StatefulSets Franz Wimmer 32 YAML likeDeploymentConfig Additional guarantees: Stable hostnames Stable persistent volumes
  • 33. Services Franz Wimmer 33 Pod 2 Label: app=zookeeper Port: 2181 Pod 3 Label: app=zookeeper Port: 2181 Client zookeeper:2181 Service Nam e: zookeeper Selector: app=zookeeper Port: 2181 Pod 1 Label: app=zookeeper Port: 2181
  • 34. Routen Franz Wimmer 34 Service Nam e: spark Port: 8080 Pod Route To: spark Port: 8080 Client http:// spark.dom ain.tld:80 Pod OpenShift-Cluster
  • 35. FROM solr:7.1-alpine USER root # Patch permissions to solr working dir RUN chgrp -R 0 /opt/solr && chmod -R 775 /opt/solr ADD entrypoint.sh /opt/solr/ RUN chmod 775 /opt/solr/entrypoint.sh USER $SOLR_USER ENTRYPOINT ["/opt/solr/entrypoint.sh"] Docker images Franz Wimmer 35 For applications in this thesis: Partially existing Docker images Partially self-built Docker images In any case: Customizing for OpenShift File permissions Custom actions on container start
  • 36. Challenges Franz Wimmer 36 Not all applications are cloud native Assumptions that aren‘t true in the (OpenShift) cloud: Container runs with root privileges There is any username My own process id is > 1 Not all applications are well-documented Applications in a cluster are hard to debug
  • 37. 1. Introduction 2. Basic Cloud Computing 3. Used Technologies 4. Implementation 5. Security 6. Live Demo 7. Lessions learned 8. Summary
  • 38. Security: Motivation Franz Wimmer 38 „Western Digital My Cloud drives have a built-in backdoor” – techspot, 05.01.2018 „Homeland Security Data Breach Affects 240,000 Federal Employees, Plus Witnesses and Interviewees” – gizmodo, 03.01.2018 „Dynamics 365: Microsoft verteilt privaten Schlüssel an alle Kunden“ – golem.de, 08.12.2017 „Mehr als 100 Gigabyte: Vertrauliche Daten der NSA ungeschützt in der Cloud“ – heise online, 29.11.2017 „Hackerangriff: Uber verschleierte Datenklau von 57 Millionen Nutzern“ – computerbase, 22.11.2017 „Russian Hackers Stole NSA Data on U.S. Cyber Defense” – The Wall Street Journal, 05.10.2017 „Passwords To Access Over A Half Million CarTracking Devices Just Leaked Online” – gizmodo Australia, 23.09.2017 „Daten von Millionen Verizon-Kunden waren ungeschützt“ – heise online, 13.07.2017 „GOP Data Firm Accidentally Leaks Personal Details Of Nearly 200 Million AmericanVoters” – gizmodo Australia, 20.06.2017 „Telekom-Cloud-Kunde konnte fremde Adressbücher einsehen“ – golem.de, 08.12.2016
  • 39. Risks of operating a cloud infrastructure Franz Wimmer 39 Sensitive data can be stolen Solution: Secure access to persistent volumes with SELinux Free network access between nodes, pods and containers Solution: Restrict network traffic with network policies Security holes in applications / containers Solution: Update your Docker images regularly! „Malware“ containers inside the cluster Solution: Operate your own Docker registry Access without authentication and authorization Solution: Use OpenShift as Oauth provider
  • 41. 1. Introduction 2. Basic Cloud Computing 3. Used Technologies 4. Implementation 5. Security 6. Live Demo 7. Lessons learned 8. Summary
  • 42. Lessons learned Franz Wimmer 42 These lessons are from a real-world project: Do not operate a file system over a network! Unless it‘s a latency-free SAN. ZooKeeper cluster collapses => SolrCloud collapses Better: Local SSD storage Do not operate Solr inside OpenShift! Unless you got local SSD storage Solr relies on heavy read / write load Do not operate Solr inside containers! Solr uses memory mapped files for caching Memory mapped files are not managed by Docker / cgroups / namespaces This basically allows escaping from a container.
  • 43. Evaluation & Summary Franz Wimmer 43 Technology stack is running on OpenShift … with some constraints OpenShift tools are suitable for that Docker images had to be customized Impediments and pitfalls are documented now … but there are many more. Not all applications are „cloud native“
  • 44. Sources Franz Wimmer 44 Kapiteltrenner: pexels.com – CC0 License [Kac] Kachris, Christoforos & Tomkos, Ioannis. (2015). A Roadmap on Optical Interconnects in Data Centre Networks. . 10.1109/ICTON.2015.7193535. [Mel11] P. Mell, T. Grance et al. The NIST definition of cloud computing - Recommendations of the National Institute of Standards and Technology. NIST Special Publication 800-145, 2011. [War13] J. S. Ward und A. Barker. Undefined by data: a survey of big data definitions. arXiv preprint arXiv:1309.5821, 2013.