Я расскажу, как построить гибкую, надежную, высокодоступную и масштабируемую «платформу как сервис» с нуля. Вы узнаете, насколько легко это сделать, и как продукты HashiCorp могут помочь вашим проектам.
2. 2
Your task is to build a system that have:
- A stateless model, any machine only keeps state (data on) transactions that are ‘in fly,’
but after a transaction is completed, any machines that die or degrade have no effect on
the state or memory of historic transactions
- Ordered, first-in first-out lists (implemented as an HA service) increase availability and performance by
distributing a transaction to the first-available member for processing in a distributed environment.
- It is critical to have high availability at the network layer. This allows a “rolling upgrade” of the network
layer to fix bugs or security issues, without affecting uptime of the
applications supported by the infrastructure.
- As database failure causes complete application failure in most cases, a redundant database
implementation provides increased performance as well as risk mitigation in an enterprise application
deployment. In cases where performance is heavily reliant on a database, a hybrid solution of
dedicated database servers combined with cloud application and web servers provides maximum
performance with data redundancy.
- The system has to be ready dynamically expand its infrastructure to handle
an expected or unexpected increase in traffic due to a change in market conditions.
- In the event that server or resource is compromised, a new instance of the application can be
deployed in minutes in the cloud, rather than manually deploying the new resource. Of course, the new
deployment must be installed on top of systems with pre-mitigated security vulnerabilities.
- Data replication and resource availability is present in the secondary location and the just-in-time
deployment of entire application infrastructures is measured in minutes, not hours or longer
16. 16
Infrastructure as Code (Almost any
infrastructure noun can be represented as a
resource)
One safe workflow across providers
Reproducible infrastructure
IaaS (e.g. AWS, GCP, Microsoft Azure,
OpenStack)
PaaS (e.g. Heroku)
SaaS services (e.g. UltraDNS,
DNSimple, CloudFlare)
20. 20
- Strict control over who can access what secrets
- Operators can easily trace the lifetime and origin of any secret
- Authentication, token creation, secret access and revocation
21. 21
Service discovery and configuration.
Distributed, highly-available, and multi-
Datacenter aware.
22. 22
Service Discovery and
Service Health-checking
Distributed clients
Multi-Datacenter
Large Scale
Raft Consensus
Production Hardened
Key/Value Storage
Single DNS for everything
34. 34
Knight Capital Group story
“During the deployment of the new code, however, one of Knight’s technicians
did not copy the new code to one of the eight SMARS computer servers.
Knight did not have a second technician review this deployment and no one
at Knight realized that the Power Peg code had not been removed from the eighth server,
nor the new RLP code added.
Knight had no written procedures that required such a review.
SEC Filing | Release No. 70694 | October 16, 2013
How DevOps practices could help here?
A couple of the principles for Continuous Delivery
apply here:
- Releasing software should be a repeatable,
reliable process.
- Automate as much as is reasonable.