Fred de Villamil, profile picture
Uploaded byFred de Villamil
PPTX, PDF10,913 views

Running & Scaling Large Elasticsearch Clusters

The document discusses running and scaling large Elasticsearch clusters, detailing infrastructure specifications and strategies for avoiding downtime and optimizing performance. Key topics include memory management, index design, monitoring best practices, and troubleshooting techniques. Recommendations include using proper node configurations, garbage collectors, and monitoring tools to ensure high availability and efficient data handling.

Embed presentation

Downloaded 131 times
RUNNING & SCALING LARGE ELASTICSEARCH CLUSTERS FRED DE VILLAMIL, DIRECTOR OF INFRASTRUCTURE @FDEVILLAMIL OCTOBER 2017
BACKGROUND • FRED DE VILLAMIL, 39 ANS, TEAM COFFEE @SYNTHESIO, • LINUX / (FREE)BSD USER SINCE 1996, • OPEN SOURCE CONTRIBUTOR SINCE 1998, • LOVES TENNIS, PHOTOGRAPHY, CUTE OTTERS, INAPPROPRIATE HUMOR AND ELASTICSEARCH CLUSTERS OF UNUSUAL SIZE. WRITES ABOUT ES AT HTTPS://THOUGHTS.T37.NET
ELASTICSEARCH @SYNTHESIO • 8 production clusters, 600 hosts, 1.7PB storage, 37.5TB RAM, average 15k writes / s, 800 search /s, some inputs > 200MB. • Data nodes: 6 core Xeon E5v3, 64GB RAM, 4*800GB SSD RAID0. Sometimes bi Xeon E5-2687Wv4 12 core (160 watts!!!). • We agregate data from various cold storage and make them searchable in a giffy.
AN ELASTICSEARCH CLUSTER OF UNUSUAL SIZE
ENSURING HIGH AVAILABILITY
NEVER GONNA GIVE YOU UP • NEVER GONNA LET YOU DOWN, • NEVER GONNA RUN AROUND AND DESERT YOU, • NEVER GONNA MAKE YOU CRY, • NEVER GONNA SAY GOODBYE, • NEVER GONNA TELL A LIE & HURT YOU.
AVOIDING DOWNTIME & SPLIT BRAINS • RUN AT LEAST 3 MASTER NODES INTO 3 DIFFERENT LOCATIONS. • NEVER RUN BULK QUERIES ON THE MASTER NODES. • ACTUALLY NEVER RUN ANYTHING BUT ADMINISTRATIVE TASKS ON THE MASTER NODES. • SPREAD YOUR DATA INTO 2 DIFFERENT LOCATION WITH AT LEAST A REPLICATION FACTOR OF 1 (1 PRIMARY, 1 REPLICA).
RACK AWARENESS ALLOCATE A RACK_ID TO THE DATA NODES FOR EVEN REPLICATION. RESTART A WHOLE DATA CENTER @ONCE WITHOUT DOWNTIME.
RACK AWARENESS + QUERY NODES == MAGIC ES PRIVILEGES THE DATA NODES WITH THE SAME RACK_ID AS THE QUERY. REDUCES LATENCY AND BALANCES THE LOAD.
RACK AWARENESS + QUERY NODES + ZONE == MAGIC + FUN ADD ZONES INTO THE SAME RACK FOR EVEN REPLICATION WITH HIGHER FACTOR.
USING ZONES FOR FUN & PROFIT ALLOWING EVEN REPLICATION WITH A HIGHER FACTOR WITHIN THE SAME RACK. ALLOWING MORE RESOURCES TO THE MOST FREQUENTLY ACCESSED INDEXES. …
AVOIDING MEMORY NIGHTMARE
HOW ELASTICSEARCH USES THE MEMORY • Starts with allocating memory for Java heap. • The Java heap contains all Elasticsearch buffers and caches + a few other things. • Each Java thread maps a system thread: +128kB off heap. • Elected master uses 250kB to store each shard information inside the cluster.
ALLOCATING MEMORY • Never allocate more than 31GB heap to avoid the compressed pointers issue. • Use 1/2 of your memory up to 31GB. • Feed your master and query nodes, the more the better (including CPU).
MEMORY LOCK • Use memory_lock: true at startup. • Requires ulimit -l unlimited. • Allocates the whole heap at once. • Uses contiguous memory regions. • Avoids swapping (you should disable swap anyway).
CHOSING THE RIGHT GARBAGE COLLECTOR • ES runs with CMS as a default garbage collector. • CMS was designed for heaps < 4GB. • Stop the world garbage collection last too long & blocks the cluster. • Solution: switching to G1GC (default in Java9, unsupported).
CMS VS G1GC • CMS: SHARED CPU TIME WITH THE APPLICATION. “STOPS THE WORLD” WHEN TOO MANY MEMORY TO CLEAN UNTIL IT SENDS AN OUTOFMEMORYERROR. • G1GC: SHORT, MORE FREQUENT, PAUSES. WON’T STOP A NODE UNTIL IT LEAVES THE CLUSTER. • ELASTIC SAYS: DON’T USE G1GC FOR REASONS, SO READ THE DOC.
G1GC OPTIONS +USEG1GC: ACTIVATES G1GC MAXGCPAUSEMILLIS: TARGET FOR MAX GC PAUSE TIME. GCPAUSEINTERVALMILLIS:TARGET FOR COLLECTION TIME SPACE INITIATINGHEAPOCCUPANCYPERCENT: WHEN TO START COLLECTING?
CHO0SING THE RIGHT STORAGE • MMAPFS : MAPS LUCENE FILES ON THE VIRTUAL MEMORY USING MMAP. NEEDS AS MUCH MEMORY AS THE FILE BEING MAPPED TO AVOID ISSUES. • NIOFS : APPLIES A SHARED LOCK ON LUCENE FILES AND RELIES ON VFS CACHE.
BUFFERS AND CACHES • ELASTICSEARCH HAS MULTIPLE CACHES & BUFFERS, WITH DEFAULT VALUES, KNOW THEM! • BUFFERS + CACHE MUST BE < TOTAL JAVA HEAP (OBVIOUS BUT…). • AUTOMATED EVICTION ON THE CACHE, BUT FORCING IT CAN SAVE YOUR LIFE WITH A SMALL OVERHEAD. • IF YOU HAVE OOM ISSUES, DISABLE THE CACHES! • FROM A USER POV, CIRCUIT BREAKERS ARE A NO GO!
MANAGING LARGE INDEXES
INDEX DESIGN • VERSION YOUR INDEX BY MAPPING: 1_*, 2_* ETC. • THE MORE SHARDS, THE BETTER ELASTICITY, BUT THE MORE CPU AND MEMORY USED ON THE MASTERS. • PROVISIONNING 10GB PER SHARDS ALLOWS A FASTER RECOVERY & REALLOCATION.
REPLICATION TRICKS • NUMBER OF REPLICAS MUST BE 0 OR ODD. CONSISTENCY QUORUM: INT( (PRIMARY + NUMBER_OF_REPLICAS) / 2 ) + 1. • RAISE THE REPLICATION FACTOR TO SCALE FOR READING UP TO 100% OF THE DATA / DATA NODE.
ALIASES • ACCESS MULTIPLE INDICES AT ONCE. • READ MULTIPLE, WRITE ONLY ONE. EXAMPLE ON TIMESTAMPED INDICES: "18_20171020": { "aliases": { "2017": {}, "201710": {}, "20171020": {} } } "18_20171021": { "aliases": { "2017": {}, "201710": {}, "20171021": {} } } Queries: /2017/_search /201710/_search AFTER A MAPPING CHANGE & REINDEX, CHANGE THE ALIAS:
ROLLOVER • CREATE A NEW INDEX WHEN TOO OLD OR TOO BIG. • SUPPORT DATE MATH: DAILY INDEX CREATION. • USE ALIASES TO QUERY ALL ROLLOVERED INDEXES. PUT "logs-000001" { "aliases": { "logs": {} } } POST /logs/_rollover { "conditions": { "max_docs": 10000000 } }
DAILY OPERATIONS
CONFIGURATION CHANGES • PREFER CONFIGURATION FILE UPDATES TO API CALL FOR PERMANENT CHANGES. • VERSION YOUR CONFIGURATION CHANGES SO YOU CAN ROLLBACK, ES REQUIRES LOTS OF FINE TUNING. • WHEN USING _SETTINGS API, PREFER TRANSIENT TO PERSISTENT, THEY’RE EASIER TO GET RID OF.
RECONFIGURING THE WHOLE CLUSTER LOCK SHARD REALLOCATION & RECOVERY: "cluster.routing.allocation.enable" : "none" OPTIMIZE FOR RECOVERY: "cluster.routing.allocation.node_initial_primaries_recoveries": 50 "indices.recovery.max_bytes_per_sec": "2048mb" RESTART A FULL RACK, WAIT FOR NODES TO COME
THE REINDEX API • IN CLUSTER AND CLUSTER TO CLUSTER REINDEX API. • ALLOWS CROSS VERSION INDEXING: 1.7 TO 5.1… • SLICED SCROLLS ONLY AVAILABLE STARTING 6.0. • ACCEPT ES QUERIES TO FILTER THE DATA TO REINDEX. • MERGE MULTIPLE INDEXES INTO 1.
BULK INDEXING TRICKS LIMIT REBALANCE: "cluster.routing.allocation.cluster_concurrent_rebalance": 1 "cluster.routing.allocation.balance.shard": "0.15f" "cluster.routing.allocation.balance.threshold": "10.0f" DISABLE REFRESH: "index.refresh_interval:" "0" NO REPLICA: "index.number_of_replicas:" "0" // having replica index n times in Lucene, adding one just "rsync" the data. ALLOCATE ON DEDICATED HARDWARE:
OPTIMIZING FOR SPACE & PERFORMANCES • LUCENE SEGMENTS ARE IMMUTABLE, THE MORE YOU WRITE, THE MORE SEGMENTS YOU GET. • DELETING DOCUMENTS DOES COPY ON WRITE SO NO REAL DELETE. index.merge.scheduler.max_thread_count: default CPU/2 with min 4 POST /_force_merge?only_expunge_deletes: faster, only merge segments with deleted POST /_force_merge?max_num_segments: don’t use on indexes you write on! WARNING: _FORCE_MERGE HAS A COST IN CPU AND I/OS.
MINOR VERSION UPGRADES • CHECK YOUR PLUGINS COMPATIBILITY, PLUGINS MUST BE COMPILED FOR YOUR MINOR VERSION. • START UPGRADING THE MASTER NODES. • UPGRADE THE DATA NODES ON A WHOLE RACK AT ONCE.
OS LEVEL UPGRADES • ENSURE THE WHOLE CLUSTER RUNS THE SAME JAVA VERSION. • WHEN UPGRADING JAVA, CHECK IF YOU DON’T HAVE TO UPGRADE THE KERNEL. • PER NODE JAVA / KERNEL VERSION AVAILABLE IN THE _STATS API.
MONITORING
CAPTAIN OBVIOUS, YOU’RE MY ONLY HOPE! • GOOD MONITORING IS BUSINESS ORIENTED MONITORING. • GOOD ALERTING IS ACTIONABLE ALERTING. • DON’T MONITORE THE CLUSTER ONLY, BUT THE WHOLE PROCESSING CHAIN. • USELESS METRICS ARE USELESS. • LOSING A DATACENTER: OK. LOSING DATA: NOT OK!
MONITORING TOOLING • ELASTICSEARCH X- PACK, • GRAFANA…
LIFE, DEATH & _CLUSTER/HEALTH • A RED CLUSTER MEANS AT LEAST 1 INDEX HAS MISSING DATA. DON’T PANIC! • USING LEVEL={INDEX,SHARD} AND AN INDEX ID PROVIDES SPECIFIC INFORMATION. • LOTS OF PENDING TASKS MEANS YOUR CLUSTER IS UNDER HEAVY LOAD AND SOME NODES CAN’T PROCESS THEM FAST ENOUGH. • LONG WAITING TASKS MEANS YOU HAVE A CAPACITY PLANNING PROBLEM.
USE THE _CAT API • PROVIDES GENERAL INFORMATION ABOUT YOUR NODES, SHARDS, INDICES AND THREAD POOLS. • HIT THE WHOLE CLUSTER, WHEN IT TIMEOUTS YOU’VE PROBABLY HAVING A NODE STUCK IN GARBAGE COLLECTION.
MONITORING AT THE CLUSTER LEVEL • USE THE _STATS API FOR PRECISE INFORMATION. • MONITORE THE SHARDS REALLOCATION, TOO MANY MEANS A DESIGN PROBLEM. • MONITORE THE WRITES AND CLUSTER WIDE, IF THEY FALL TO 0 AND IT’S UNUSUAL, A NODE IS STUCK IN GC.
MONITORING AT THE NODE LEVEL • USE THE _NODES/{NODE}, _NODES/{NODE}/STATS AND _CAT/THREAD_POOL API. • THE GARBAGE COLLECTION DURATION & FREQUENCY IS A GOOD METRIC OF YOUR NODE HEALTH. • CACHE AND BUFFERS ARE MONITORED ON A NODE LEVEL. • MONITORING I/OS, SPACE, OPEN FILES & CPU IS CRITICAL.
MONITORING AT THE INDEX LEVEL • USE THE {INDEX}/_STATS API. • MONITORE THE DOCUMENTS / SHARD RATIO. • MONITORE THE MERGES, QUERY TIME. • TOO MANY EVICTIONS MEANS YOU HAVE A CACHE CONFIGURATION LEVEL.
TROUBLESHOOTING
WHAT’S REALLY GOING ON IN YOUR CLUSTER? • THE _NODES/{NODE}/HOT_THREADS API TELLS WHAT HAPPENS ON THE HOST. • THE ELECTED MASTER NODES TELLS YOU MOST THING YOU NEED TO KNOW. • ENABLE THE SLOW LOGS TO UNDERSTAND YOUR BOTTLENECK & OPTIMIZE THE QUERIES. DISABLE THE SLOW LOGS WHEN YOU’RE DONE!!! • WHEN NOT ENOUGH, MEMORY PROFILING IS YOUR FRIEND.
MEMORY PROFILING • LIVE MEMORY OR HPROF FILE AFTER A CRASH. • ALLOWS YOU TO TO KNOW WHAT IS / WAS IN YOUR BUFFERS AND CACHES. • YOURKIT JAVA PROFILER AS A TOOL.
TRACING • KNOW WHAT’S REALLY HAPPENING IN YOUR JVM. • LINUX 4.X PROVIDES GREAT PERF TOOLS, LINUX 4.9 EVEN BETTER: • LINUX-PERF, • JAVA PERF MAP. • VECTOR BY NETFLIX (NOT VEKTOR THE TRASH METAL BAND).
QUESTIONS ? @FDEVILLAMI L @SYNTHESIO SLIDES: HTTP://BIT.DO/ELASTICSEARCH-SYSADMIN-201

More Related Content

PDF
Spark SQL
byJoud Khattab
 
PPTX
An Introduction to Elastic Search.
byJurriaan Persyn
 
PDF
Introducing DataFrames in Spark for Large Scale Data Science
byDatabricks
 
PDF
Elasticsearch Tutorial | Getting Started with Elasticsearch | ELK Stack Train...
byEdureka!
 
PPTX
Introduction to Elasticsearch
byIsmaeel Enjreny
 
PPTX
Introduction to ELK
byYuHsuan Chen
 
PDF
Apache Spark - Dataframes & Spark SQL - Part 1 | Big Data Hadoop Spark Tutori...
byCloudxLab
 
PPTX
Elasticsearch
byDivij Sehgal
 
Spark SQL
byJoud Khattab
 
An Introduction to Elastic Search.
byJurriaan Persyn
 
Introducing DataFrames in Spark for Large Scale Data Science
byDatabricks
 
Elasticsearch Tutorial | Getting Started with Elasticsearch | ELK Stack Train...
byEdureka!
 
Introduction to Elasticsearch
byIsmaeel Enjreny
 
Introduction to ELK
byYuHsuan Chen
 
Apache Spark - Dataframes & Spark SQL - Part 1 | Big Data Hadoop Spark Tutori...
byCloudxLab
 
Elasticsearch
byDivij Sehgal
 

What's hot

PDF
Introduction to Kibana
byVineet .
 
PPTX
Elastic - ELK, Logstash & Kibana
bySpringPeople
 
PDF
A Thorough Comparison of Delta Lake, Iceberg and Hudi
byDatabricks
 
PDF
Understanding MicroSERVICE Architecture with Java & Spring Boot
byKashif Ali Siddiqui
 
PDF
What is REST API? REST API Concepts and Examples | Edureka
byEdureka!
 
PPTX
ELK Stack
byPhuc Nguyen
 
PDF
Introduction to elasticsearch
bypmanvi
 
PPTX
Elastic search overview
byABC Talks
 
PPTX
AWS solution Architect Associate study material
byNagesh Ramamoorthy
 
PPTX
RESTful API - Best Practices
byTricode (part of Dept)
 
PDF
A Tale of Three Apache Spark APIs: RDDs, DataFrames, and Datasets with Jules ...
byDatabricks
 
PPTX
Introduction to Elasticsearch with basics of Lucene
byRahul Jain
 
PDF
Spark (Structured) Streaming vs. Kafka Streams
byGuido Schmutz
 
PDF
Introduction to elasticsearch
byhypto
 
ODP
Elasticsearch for beginners
byNeil Baker
 
PDF
Service discovery with Eureka and Spring Cloud
byMarcelo Serpa
 
PDF
KSQL-ops! Running ksqlDB in the Wild (Simon Aubury, ThoughtWorks) Kafka Summi...
byconfluent
 
PPTX
SQream-GPU가속 초거대 정형데이타 분석용 SQL DB-제품소개-박문기@메가존클라우드
by문기 박
 
PPTX
Elastic Stack Introduction
byVikram Shinde
 
PPTX
Introduction to azure cosmos db
byRatan Parai
 
Introduction to Kibana
byVineet .
 
Elastic - ELK, Logstash & Kibana
bySpringPeople
 
A Thorough Comparison of Delta Lake, Iceberg and Hudi
byDatabricks
 
Understanding MicroSERVICE Architecture with Java & Spring Boot
byKashif Ali Siddiqui
 
What is REST API? REST API Concepts and Examples | Edureka
byEdureka!
 
ELK Stack
byPhuc Nguyen
 
Introduction to elasticsearch
bypmanvi
 
Elastic search overview
byABC Talks
 
AWS solution Architect Associate study material
byNagesh Ramamoorthy
 
RESTful API - Best Practices
byTricode (part of Dept)
 
A Tale of Three Apache Spark APIs: RDDs, DataFrames, and Datasets with Jules ...
byDatabricks
 
Introduction to Elasticsearch with basics of Lucene
byRahul Jain
 
Spark (Structured) Streaming vs. Kafka Streams
byGuido Schmutz
 
Introduction to elasticsearch
byhypto
 
Elasticsearch for beginners
byNeil Baker
 
Service discovery with Eureka and Spring Cloud
byMarcelo Serpa
 
KSQL-ops! Running ksqlDB in the Wild (Simon Aubury, ThoughtWorks) Kafka Summi...
byconfluent
 
SQream-GPU가속 초거대 정형데이타 분석용 SQL DB-제품소개-박문기@메가존클라우드
by문기 박
 
Elastic Stack Introduction
byVikram Shinde
 
Introduction to azure cosmos db
byRatan Parai
 

Similar to Running & Scaling Large Elasticsearch Clusters

PDF
Scaling Elasticsearch at Synthesio
byFred de Villamil
 
PDF
Is your Elastic Cluster Stable and Production Ready?
byDoiT International
 
PDF
SUE 2018 - Migrating a 130TB Cluster from Elasticsearch 2 to 5 in 20 Hours Wi...
byFred de Villamil
 
PPTX
Managing Security At 1M Events a Second using Elasticsearch
byJoe Alex
 
PDF
Elasticsearch from the trenches
byJai Jones
 
PPTX
Elasticsearch - Scalability and Multitenancy
byBozhidar Bozhanov
 
PDF
Prácticas recomendadas en materia de arquitectura y errores que debes evitar
byElasticsearch
 
PDF
Elasticsearch for Logs & Metrics - a deep dive
bySematext Group, Inc.
 
PDF
An Introduction to Elasticsearch for Beginners
byAmir Sedighi
 
PPTX
Toronto High Scalability meetup - Scaling ELK
byAndrew Trossman
 
PPTX
Perl and Elasticsearch
byDean Hamstead
 
PPTX
Lessons Learned From Running 1800 Clusters (Brooke Jensen, Instaclustr) | Cas...
byDataStax
 
PDF
ログ収集プラットフォーム開発におけるElasticsearchの運用
byLINE Corporation
 
PDF
Elasticsearch speed is key
byEnterprise Search Warsaw Meetup
 
PDF
Running ElasticSearch on Google Compute Engine in Production
bySearce Inc
 
PDF
Optimizing elastic search on google compute engine
byBhuvaneshwaran R
 
PDF
Elasticsearch on Kubernetes
byJoerg Henning
 
PDF
Optimizing Elastic for Search at McQueen Solutions
byElasticsearch
 
PPTX
ElasticSearch 5.x - New Tricks - 2017-02-08 - Elasticsearch Meetup
byAlberto Paro
 
PDF
Black friday logs - Scaling Elasticsearch
bySylvain Wallez
 
Scaling Elasticsearch at Synthesio
byFred de Villamil
 
Is your Elastic Cluster Stable and Production Ready?
byDoiT International
 
SUE 2018 - Migrating a 130TB Cluster from Elasticsearch 2 to 5 in 20 Hours Wi...
byFred de Villamil
 
Managing Security At 1M Events a Second using Elasticsearch
byJoe Alex
 
Elasticsearch from the trenches
byJai Jones
 
Elasticsearch - Scalability and Multitenancy
byBozhidar Bozhanov
 
Prácticas recomendadas en materia de arquitectura y errores que debes evitar
byElasticsearch
 
Elasticsearch for Logs & Metrics - a deep dive
bySematext Group, Inc.
 
An Introduction to Elasticsearch for Beginners
byAmir Sedighi
 
Toronto High Scalability meetup - Scaling ELK
byAndrew Trossman
 
Perl and Elasticsearch
byDean Hamstead
 
Lessons Learned From Running 1800 Clusters (Brooke Jensen, Instaclustr) | Cas...
byDataStax
 
ログ収集プラットフォーム開発におけるElasticsearchの運用
byLINE Corporation
 
Elasticsearch speed is key
byEnterprise Search Warsaw Meetup
 
Running ElasticSearch on Google Compute Engine in Production
bySearce Inc
 
Optimizing elastic search on google compute engine
byBhuvaneshwaran R
 
Elasticsearch on Kubernetes
byJoerg Henning
 
Optimizing Elastic for Search at McQueen Solutions
byElasticsearch
 
ElasticSearch 5.x - New Tricks - 2017-02-08 - Elasticsearch Meetup
byAlberto Paro
 
Black friday logs - Scaling Elasticsearch
bySylvain Wallez
 

More from Fred de Villamil

PPTX
Scaling your Engineering Team
byFred de Villamil
 
PDF
Hiring and Managing Happy Engineers - CTO Pizza #3
byFred de Villamil
 
PDF
Migrating a 130TB Cluster from Elasticsearch 2 to 5 in 20 Hours Without Downtime
byFred de Villamil
 
PDF
Devops commando - Paris Devops 2016-04
byFred de Villamil
 
PDF
The Commando Devops
byFred de Villamil
 
PDF
How People Use Iphone
byFred de Villamil
 
PDF
Zendcon Performance Oci8
byFred de Villamil
 
PDF
Applications Web En Entreprise Avec Ruby On Rails Benefices Et Limitations Gu...
byFred de Villamil
 
PDF
Presentation Rails
byFred de Villamil
 
Scaling your Engineering Team
byFred de Villamil
 
Hiring and Managing Happy Engineers - CTO Pizza #3
byFred de Villamil
 
Migrating a 130TB Cluster from Elasticsearch 2 to 5 in 20 Hours Without Downtime
byFred de Villamil
 
Devops commando - Paris Devops 2016-04
byFred de Villamil
 
The Commando Devops
byFred de Villamil
 
How People Use Iphone
byFred de Villamil
 
Zendcon Performance Oci8
byFred de Villamil
 
Applications Web En Entreprise Avec Ruby On Rails Benefices Et Limitations Gu...
byFred de Villamil
 
Presentation Rails
byFred de Villamil
 

Recently uploaded

PDF
Basic Thumb rule For switchgear Selection
byVimal Kr
 
PDF
Computer Graphics Fundamentals (v0p1) - DannyJiang
byDanny Jiang
 
PDF
Fire fighting arrangement in public assembly buildings
byxaliaboyzz
 
PPTX
Community re-Invent re-Cap Slides 2025 Feb
byStefan Evans
 
PPTX
The #1 Reason Your MRO Budget Exploded — And How Predictive Maintenance Fixes It
byMaintWiz Technologies Private Limited
 
PDF
Shear Strength of Soil/Mohr Coulomb Failure Criteria-1.pdf
byMahmoodKhalid11
 
PPT
L9_Statistical Evaluation of Measurement Data.ppt
bykohila15
 
PDF
CME397 SURFACE ENGINEERING UNIT 2 FULL NOTES
bykarthi keyan
 
PPTX
UNIT 2 - Electronics Device - EC25C01 - PN Junction Diodes
byMathavan N
 
PPTX
Integrating Azure Event Services_ Event Grid, Event Hubs, and Service Bus.pptx
byADITYASHARMA423788
 
PDF
comprehensive analysis of cross-chain bridges in the DeFi - Garima Singh
byGarima Singh
 
PPTX
Basin Design Service, LLC Introduction Presentation
byHubie Fix
 
PDF
Chris Elwell Woburn - An Experienced IT Executive
byChris Elwell Woburn
 
PPTX
ISO 13485.2016 Awareness's Training material
byPrakashSivan
 
PDF
Code-Compliant As-Built BIM Deliverables for California Public and Government...
byTejjyInc2
 
PDF
Decision-Support-Systems-and-Decision-Making-Processes.pdf
byPatankarNikhil
 
PDF
0.39 Inch Micro-OLED Display 1024×768 XGA Panel Silicon OLED
bySyluxdisplay
 
PDF
BOQ LESSON 2-QUANTITY TAKE-OFF & RATE BUILD-UP.pdf
byGabrielTambwe1
 
PPTX
Optimized access control techniques in Cloud Computing with Security and Scal...
bymareswariesteru
 
PPTX
Basic Volume Mass Relationship and unit weight as function of volumetric wate...
byMahmoodKhalid11
 
Basic Thumb rule For switchgear Selection
byVimal Kr
 
Computer Graphics Fundamentals (v0p1) - DannyJiang
byDanny Jiang
 
Fire fighting arrangement in public assembly buildings
byxaliaboyzz
 
Community re-Invent re-Cap Slides 2025 Feb
byStefan Evans
 
The #1 Reason Your MRO Budget Exploded — And How Predictive Maintenance Fixes It
byMaintWiz Technologies Private Limited
 
Shear Strength of Soil/Mohr Coulomb Failure Criteria-1.pdf
byMahmoodKhalid11
 
L9_Statistical Evaluation of Measurement Data.ppt
bykohila15
 
CME397 SURFACE ENGINEERING UNIT 2 FULL NOTES
bykarthi keyan
 
UNIT 2 - Electronics Device - EC25C01 - PN Junction Diodes
byMathavan N
 
Integrating Azure Event Services_ Event Grid, Event Hubs, and Service Bus.pptx
byADITYASHARMA423788
 
comprehensive analysis of cross-chain bridges in the DeFi - Garima Singh
byGarima Singh
 
Basin Design Service, LLC Introduction Presentation
byHubie Fix
 
Chris Elwell Woburn - An Experienced IT Executive
byChris Elwell Woburn
 
ISO 13485.2016 Awareness's Training material
byPrakashSivan
 
Code-Compliant As-Built BIM Deliverables for California Public and Government...
byTejjyInc2
 
Decision-Support-Systems-and-Decision-Making-Processes.pdf
byPatankarNikhil
 
0.39 Inch Micro-OLED Display 1024×768 XGA Panel Silicon OLED
bySyluxdisplay
 
BOQ LESSON 2-QUANTITY TAKE-OFF & RATE BUILD-UP.pdf
byGabrielTambwe1
 
Optimized access control techniques in Cloud Computing with Security and Scal...
bymareswariesteru
 
Basic Volume Mass Relationship and unit weight as function of volumetric wate...
byMahmoodKhalid11
 

Running & Scaling Large Elasticsearch Clusters

  • 1.
    RUNNING & SCALING LARGEELASTICSEARCH CLUSTERS FRED DE VILLAMIL, DIRECTOR OF INFRASTRUCTURE @FDEVILLAMIL OCTOBER 2017
  • 2.
    BACKGROUND • FRED DEVILLAMIL, 39 ANS, TEAM COFFEE @SYNTHESIO, • LINUX / (FREE)BSD USER SINCE 1996, • OPEN SOURCE CONTRIBUTOR SINCE 1998, • LOVES TENNIS, PHOTOGRAPHY, CUTE OTTERS, INAPPROPRIATE HUMOR AND ELASTICSEARCH CLUSTERS OF UNUSUAL SIZE. WRITES ABOUT ES AT HTTPS://THOUGHTS.T37.NET
  • 3.
    ELASTICSEARCH @SYNTHESIO • 8production clusters, 600 hosts, 1.7PB storage, 37.5TB RAM, average 15k writes / s, 800 search /s, some inputs > 200MB. • Data nodes: 6 core Xeon E5v3, 64GB RAM, 4*800GB SSD RAID0. Sometimes bi Xeon E5-2687Wv4 12 core (160 watts!!!). • We agregate data from various cold storage and make them searchable in a giffy.
  • 4.
    AN ELASTICSEARCH CLUSTEROF UNUSUAL SIZE
  • 5.
  • 6.
    NEVER GONNA GIVEYOU UP • NEVER GONNA LET YOU DOWN, • NEVER GONNA RUN AROUND AND DESERT YOU, • NEVER GONNA MAKE YOU CRY, • NEVER GONNA SAY GOODBYE, • NEVER GONNA TELL A LIE & HURT YOU.
  • 7.
    AVOIDING DOWNTIME &SPLIT BRAINS • RUN AT LEAST 3 MASTER NODES INTO 3 DIFFERENT LOCATIONS. • NEVER RUN BULK QUERIES ON THE MASTER NODES. • ACTUALLY NEVER RUN ANYTHING BUT ADMINISTRATIVE TASKS ON THE MASTER NODES. • SPREAD YOUR DATA INTO 2 DIFFERENT LOCATION WITH AT LEAST A REPLICATION FACTOR OF 1 (1 PRIMARY, 1 REPLICA).
  • 8.
    RACK AWARENESS ALLOCATE A RACK_IDTO THE DATA NODES FOR EVEN REPLICATION. RESTART A WHOLE DATA CENTER @ONCE WITHOUT DOWNTIME.
  • 9.
    RACK AWARENESS +QUERY NODES == MAGIC ES PRIVILEGES THE DATA NODES WITH THE SAME RACK_ID AS THE QUERY. REDUCES LATENCY AND BALANCES THE LOAD.
  • 10.
    RACK AWARENESS +QUERY NODES + ZONE == MAGIC + FUN ADD ZONES INTO THE SAME RACK FOR EVEN REPLICATION WITH HIGHER FACTOR.
  • 11.
    USING ZONES FORFUN & PROFIT ALLOWING EVEN REPLICATION WITH A HIGHER FACTOR WITHIN THE SAME RACK. ALLOWING MORE RESOURCES TO THE MOST FREQUENTLY ACCESSED INDEXES. …
  • 12.
  • 13.
    HOW ELASTICSEARCH USESTHE MEMORY • Starts with allocating memory for Java heap. • The Java heap contains all Elasticsearch buffers and caches + a few other things. • Each Java thread maps a system thread: +128kB off heap. • Elected master uses 250kB to store each shard information inside the cluster.
  • 14.
    ALLOCATING MEMORY • Neverallocate more than 31GB heap to avoid the compressed pointers issue. • Use 1/2 of your memory up to 31GB. • Feed your master and query nodes, the more the better (including CPU).
  • 15.
    MEMORY LOCK • Usememory_lock: true at startup. • Requires ulimit -l unlimited. • Allocates the whole heap at once. • Uses contiguous memory regions. • Avoids swapping (you should disable swap anyway).
  • 16.
    CHOSING THE RIGHTGARBAGE COLLECTOR • ES runs with CMS as a default garbage collector. • CMS was designed for heaps < 4GB. • Stop the world garbage collection last too long & blocks the cluster. • Solution: switching to G1GC (default in Java9, unsupported).
  • 17.
    CMS VS G1GC •CMS: SHARED CPU TIME WITH THE APPLICATION. “STOPS THE WORLD” WHEN TOO MANY MEMORY TO CLEAN UNTIL IT SENDS AN OUTOFMEMORYERROR. • G1GC: SHORT, MORE FREQUENT, PAUSES. WON’T STOP A NODE UNTIL IT LEAVES THE CLUSTER. • ELASTIC SAYS: DON’T USE G1GC FOR REASONS, SO READ THE DOC.
  • 18.
    G1GC OPTIONS +USEG1GC: ACTIVATESG1GC MAXGCPAUSEMILLIS: TARGET FOR MAX GC PAUSE TIME. GCPAUSEINTERVALMILLIS:TARGET FOR COLLECTION TIME SPACE INITIATINGHEAPOCCUPANCYPERCENT: WHEN TO START COLLECTING?
  • 19.
    CHO0SING THE RIGHTSTORAGE • MMAPFS : MAPS LUCENE FILES ON THE VIRTUAL MEMORY USING MMAP. NEEDS AS MUCH MEMORY AS THE FILE BEING MAPPED TO AVOID ISSUES. • NIOFS : APPLIES A SHARED LOCK ON LUCENE FILES AND RELIES ON VFS CACHE.
  • 20.
    BUFFERS AND CACHES •ELASTICSEARCH HAS MULTIPLE CACHES & BUFFERS, WITH DEFAULT VALUES, KNOW THEM! • BUFFERS + CACHE MUST BE < TOTAL JAVA HEAP (OBVIOUS BUT…). • AUTOMATED EVICTION ON THE CACHE, BUT FORCING IT CAN SAVE YOUR LIFE WITH A SMALL OVERHEAD. • IF YOU HAVE OOM ISSUES, DISABLE THE CACHES! • FROM A USER POV, CIRCUIT BREAKERS ARE A NO GO!
  • 21.
  • 22.
    INDEX DESIGN • VERSIONYOUR INDEX BY MAPPING: 1_*, 2_* ETC. • THE MORE SHARDS, THE BETTER ELASTICITY, BUT THE MORE CPU AND MEMORY USED ON THE MASTERS. • PROVISIONNING 10GB PER SHARDS ALLOWS A FASTER RECOVERY & REALLOCATION.
  • 23.
    REPLICATION TRICKS • NUMBEROF REPLICAS MUST BE 0 OR ODD. CONSISTENCY QUORUM: INT( (PRIMARY + NUMBER_OF_REPLICAS) / 2 ) + 1. • RAISE THE REPLICATION FACTOR TO SCALE FOR READING UP TO 100% OF THE DATA / DATA NODE.
  • 24.
    ALIASES • ACCESS MULTIPLEINDICES AT ONCE. • READ MULTIPLE, WRITE ONLY ONE. EXAMPLE ON TIMESTAMPED INDICES: "18_20171020": { "aliases": { "2017": {}, "201710": {}, "20171020": {} } } "18_20171021": { "aliases": { "2017": {}, "201710": {}, "20171021": {} } } Queries: /2017/_search /201710/_search AFTER A MAPPING CHANGE & REINDEX, CHANGE THE ALIAS:
  • 25.
    ROLLOVER • CREATE ANEW INDEX WHEN TOO OLD OR TOO BIG. • SUPPORT DATE MATH: DAILY INDEX CREATION. • USE ALIASES TO QUERY ALL ROLLOVERED INDEXES. PUT "logs-000001" { "aliases": { "logs": {} } } POST /logs/_rollover { "conditions": { "max_docs": 10000000 } }
  • 26.
  • 27.
    CONFIGURATION CHANGES • PREFERCONFIGURATION FILE UPDATES TO API CALL FOR PERMANENT CHANGES. • VERSION YOUR CONFIGURATION CHANGES SO YOU CAN ROLLBACK, ES REQUIRES LOTS OF FINE TUNING. • WHEN USING _SETTINGS API, PREFER TRANSIENT TO PERSISTENT, THEY’RE EASIER TO GET RID OF.
  • 28.
    RECONFIGURING THE WHOLECLUSTER LOCK SHARD REALLOCATION & RECOVERY: "cluster.routing.allocation.enable" : "none" OPTIMIZE FOR RECOVERY: "cluster.routing.allocation.node_initial_primaries_recoveries": 50 "indices.recovery.max_bytes_per_sec": "2048mb" RESTART A FULL RACK, WAIT FOR NODES TO COME
  • 29.
    THE REINDEX API •IN CLUSTER AND CLUSTER TO CLUSTER REINDEX API. • ALLOWS CROSS VERSION INDEXING: 1.7 TO 5.1… • SLICED SCROLLS ONLY AVAILABLE STARTING 6.0. • ACCEPT ES QUERIES TO FILTER THE DATA TO REINDEX. • MERGE MULTIPLE INDEXES INTO 1.
  • 30.
    BULK INDEXING TRICKS LIMITREBALANCE: "cluster.routing.allocation.cluster_concurrent_rebalance": 1 "cluster.routing.allocation.balance.shard": "0.15f" "cluster.routing.allocation.balance.threshold": "10.0f" DISABLE REFRESH: "index.refresh_interval:" "0" NO REPLICA: "index.number_of_replicas:" "0" // having replica index n times in Lucene, adding one just "rsync" the data. ALLOCATE ON DEDICATED HARDWARE:
  • 31.
    OPTIMIZING FOR SPACE& PERFORMANCES • LUCENE SEGMENTS ARE IMMUTABLE, THE MORE YOU WRITE, THE MORE SEGMENTS YOU GET. • DELETING DOCUMENTS DOES COPY ON WRITE SO NO REAL DELETE. index.merge.scheduler.max_thread_count: default CPU/2 with min 4 POST /_force_merge?only_expunge_deletes: faster, only merge segments with deleted POST /_force_merge?max_num_segments: don’t use on indexes you write on! WARNING: _FORCE_MERGE HAS A COST IN CPU AND I/OS.
  • 32.
    MINOR VERSION UPGRADES •CHECK YOUR PLUGINS COMPATIBILITY, PLUGINS MUST BE COMPILED FOR YOUR MINOR VERSION. • START UPGRADING THE MASTER NODES. • UPGRADE THE DATA NODES ON A WHOLE RACK AT ONCE.
  • 33.
    OS LEVEL UPGRADES •ENSURE THE WHOLE CLUSTER RUNS THE SAME JAVA VERSION. • WHEN UPGRADING JAVA, CHECK IF YOU DON’T HAVE TO UPGRADE THE KERNEL. • PER NODE JAVA / KERNEL VERSION AVAILABLE IN THE _STATS API.
  • 34.
  • 35.
    CAPTAIN OBVIOUS, YOU’REMY ONLY HOPE! • GOOD MONITORING IS BUSINESS ORIENTED MONITORING. • GOOD ALERTING IS ACTIONABLE ALERTING. • DON’T MONITORE THE CLUSTER ONLY, BUT THE WHOLE PROCESSING CHAIN. • USELESS METRICS ARE USELESS. • LOSING A DATACENTER: OK. LOSING DATA: NOT OK!
  • 36.
    MONITORING TOOLING • ELASTICSEARCHX- PACK, • GRAFANA…
  • 37.
    LIFE, DEATH &_CLUSTER/HEALTH • A RED CLUSTER MEANS AT LEAST 1 INDEX HAS MISSING DATA. DON’T PANIC! • USING LEVEL={INDEX,SHARD} AND AN INDEX ID PROVIDES SPECIFIC INFORMATION. • LOTS OF PENDING TASKS MEANS YOUR CLUSTER IS UNDER HEAVY LOAD AND SOME NODES CAN’T PROCESS THEM FAST ENOUGH. • LONG WAITING TASKS MEANS YOU HAVE A CAPACITY PLANNING PROBLEM.
  • 38.
    USE THE _CATAPI • PROVIDES GENERAL INFORMATION ABOUT YOUR NODES, SHARDS, INDICES AND THREAD POOLS. • HIT THE WHOLE CLUSTER, WHEN IT TIMEOUTS YOU’VE PROBABLY HAVING A NODE STUCK IN GARBAGE COLLECTION.
  • 39.
    MONITORING AT THECLUSTER LEVEL • USE THE _STATS API FOR PRECISE INFORMATION. • MONITORE THE SHARDS REALLOCATION, TOO MANY MEANS A DESIGN PROBLEM. • MONITORE THE WRITES AND CLUSTER WIDE, IF THEY FALL TO 0 AND IT’S UNUSUAL, A NODE IS STUCK IN GC.
  • 40.
    MONITORING AT THENODE LEVEL • USE THE _NODES/{NODE}, _NODES/{NODE}/STATS AND _CAT/THREAD_POOL API. • THE GARBAGE COLLECTION DURATION & FREQUENCY IS A GOOD METRIC OF YOUR NODE HEALTH. • CACHE AND BUFFERS ARE MONITORED ON A NODE LEVEL. • MONITORING I/OS, SPACE, OPEN FILES & CPU IS CRITICAL.
  • 41.
    MONITORING AT THEINDEX LEVEL • USE THE {INDEX}/_STATS API. • MONITORE THE DOCUMENTS / SHARD RATIO. • MONITORE THE MERGES, QUERY TIME. • TOO MANY EVICTIONS MEANS YOU HAVE A CACHE CONFIGURATION LEVEL.
  • 42.
  • 43.
    WHAT’S REALLY GOINGON IN YOUR CLUSTER? • THE _NODES/{NODE}/HOT_THREADS API TELLS WHAT HAPPENS ON THE HOST. • THE ELECTED MASTER NODES TELLS YOU MOST THING YOU NEED TO KNOW. • ENABLE THE SLOW LOGS TO UNDERSTAND YOUR BOTTLENECK & OPTIMIZE THE QUERIES. DISABLE THE SLOW LOGS WHEN YOU’RE DONE!!! • WHEN NOT ENOUGH, MEMORY PROFILING IS YOUR FRIEND.
  • 44.
    MEMORY PROFILING • LIVEMEMORY OR HPROF FILE AFTER A CRASH. • ALLOWS YOU TO TO KNOW WHAT IS / WAS IN YOUR BUFFERS AND CACHES. • YOURKIT JAVA PROFILER AS A TOOL.
  • 45.
    TRACING • KNOW WHAT’SREALLY HAPPENING IN YOUR JVM. • LINUX 4.X PROVIDES GREAT PERF TOOLS, LINUX 4.9 EVEN BETTER: • LINUX-PERF, • JAVA PERF MAP. • VECTOR BY NETFLIX (NOT VEKTOR THE TRASH METAL BAND).
  • 46.