Presented at MariaDB Roadshow Dallas, November 2017.

1. MariaDB + Docker
From Development
to Production
Gerardo “Gerry” Narvaja
gerry@mariadb.com

2. Why Use Containers
Containers + Databases = Happy Developers
Ephemeral Containers + Databases = DevOps headaches
4 Things you must use to evaluate
• Data Redundancy
• Dynamic Self Discovery & Cluster formation
• Self Healing (as containers enter and leave)
• Application Tier discovery of Database Cluster

3. Part One
“Here’s another nice mess
you have got me into”
– Laurel & Hardy circa 1929

4. Existing Deployment Models Are Broken
Version
control
1. Development 2. Test 3. Stage / Production
Developer QA / QE Sysadmin

5. Architectures Are Complex & Static
Challenges
• Orchestration
• Complity
• Maintainability
• Durability
• Consistency
• Scalability
• Cost ($)
• (Hybrid) CloudEnterprise Environment
Legacy Mainframe
Operational Database
Caching Layer
Pricing /
Inventory /
Billing
Real-time
Decisioning
Real-time
Consumer
facing
Streaming
Data
Data Warehouse
Data Lake
RDBMS Transactional
Systems

6. Part Two
Containers

7. What do Containers give me?
Encapsulation of Dependencies
• O/S packages & Patches
• Execution environment (e.g. Python 2.7)
• Application Code & Dependencies
Process Isolation
• Isolate the process from anything else running
Faster, Lightweight virtualization

8. Virtual Machines vs. Containers
App 1 App 2 App 3
Bins/Libs Bins/Libs Bins/Libs
Guest OS Guest OS Guest OS
Hypervisor
Host Operating System
Infrastructure
Docker Engine
Operating System
Infrastructure
App 1 App 2 App 3
Bins/Libs Bins/Libs Bins/Libs

9. Deployment Simplicity
Build Ship Run
Open Standards
Plumbing
Platform
Clustering Distribution
Image
spec
Container
run-time spec
Runtime Trust

10. Dockerfile - Example
FROM python:2.7
ADD . /code
WORKDIR /code
RUN apt-get update && apt-get -y install python-dev libssl-dev
RUN pip install --no-cache-dir -r requirements.txt
EXPOSE 5000
CMD python app.py

11. Open Container Initiative (OCI) – Polyglot Vendors
Coalition of industry leaders join
forces to eliminate fragmentation
• Form a vendor-neutral, open source governance model under the Linux Foundation
• Establish common standards for container format and runtime
• Docker donated its container format, runtime and associated specifications
• Appoint maintainers for the libcontainer project

12. Docker Toolchain in pictures
Machine provisions
Docker Engines
Swarm clusters
Docker Engines
Compose orchestrates
Container deployment
Containers are run
by Docker Engine
Docker Machine Docker Compose
Docker Swarm
Docker Engine
Container
Containers encapsulates
your code, dependencies…

13. But… Docker 1.13 / 17.3 GA features
Docker Engine in “Swarm” mode
• Engine based clustering versus Container based clustering
• Master based, RAFT for consensus
Docker Stacks
• Bundles of Services
• “Sort of” compatible with docker-compose
Docker Services
• Image + Configuration
• Replicable across the cluster
• Scale Up & Down

14. Part Three
Databases & Docker

15. Requirements
Data Redundancy
• Containers are Ephemeral – Need more than one copy of the data
Dynamic Self Discovery & Cluster formation
• Need to start and stop Containers when needed
• Clusters needs to grow and shrink dynamically
Self Healing
• Loss of nodes must not be fatal to the cluster integrity
• Addition of nodes must scale capacity
Application Tier discovery of Database Cluster
• Automatic discovery of nodes
• Automatic routing of requests to the correct nodes

16. Part Four
MariaDB

17. MARIADB SERVER
Enterprise-grade secure,
highly available and
scalable relational database
with a modern, extensible
architecture
MARIADB MAXSCALE MARIADB CLUSTER
Next-generation database
proxy that manages security,
scalability and high availability
in scale-out deployments
Multi-Master, synchronous
replication - improves
availability and scales
reads and writes
MariaDB Portfolio

18. MariaDB MaxScaleMariaDB Multi-Master Cluster
OPERATING SYSTEM / FILE SYSTEM / SAN / CLOUD
MariaDB Architecture
Replicas
Supporting
Asynchronous,
Semi-Sync &
Synchronous
Replication
Application
Connectors
MariaDB Server
SQL NoSQL CRUD API
Original Core MariaDB
MariaDB Engineering
Community Contribution
MariaDB
STORAGE LAYER EXTENSIBILITY
In-MemoryTransactional
NoSQL /
Interoperability ScalabilityGraph & Search Analytics
InnoDB
XtraDB
MyISAM
Memory
Aria
CONNECT
Cassandra
ColumnStore
Spider
MariaRocks
OQGraph
Sphinx
Mroonga
KERNEL EXTENSIBILITY
Replication Kernel Production Plugins
SQL Parser
Cache/Buffer
Optimizer
Temporal
PL/SQL
Audit
AWS KMS
Authentication
Handler Socket, Etc.
40+ Plugins
C JDBC ODBC
GTIDBinlog API
Parallel Slave Multi-Source
Connection
Pool

19. MariaDB MaxScale
High Availability
Ensure uptime
with no single
point of failure
and minimize
downtime
during upgrade
Data Streaming
Stream transactional
data to data lake for
real-time analytics
Scalability
Manage your
scaled-out
infrastructure
without changing
application code
Security
Secure database
firewall to prevent
cyber attacks like SQL
injection and DDoS
MariaDB MaxScale is a next-generation database proxy that manages security,
scalability and high availability in a scale out deployment.

20. MariaDB Cluster
Multi-Master
• Synchronous replication
Faster Failover
• All nodes synchronized,
therefore equal
Scale reads and writes
MariaDB
MariaDB
MariaDB
Load Balancing
and Failover
Application /
App Server

21. MaxScale + Galera
Use Case
Each application server
uses only 1 connection
MaxScale selects one node
as “master” and the other
nodes as “slaves”
If the “master” node fails,
a new one can be elected
immediately
Galera Cluster + R/W split routing
Max
Scale

22. Part Five
How To

23. Demo: Development Through Production
Development
• Build & Run an App in Development
– Python + MariaDB
Production
• Deploy to a Swarm cluster in Production
• Scale Web nodes
– Add more Web containers behind HAProxy
• Database High Availability
– Deploy 3 nodes Galera cluster
– Deploy 2 node MaxScale

24. Python / Flask
Let’s Build An App!
Development
app

25. Production
Virtual
IP
Virtual
IP
MaxScale 1 MaxScale 2
HAProxy
1 2 3
Then Scale in Production...
Development
app
app1 app2 app3 app4 appN

26. HowTo Part 1
Build an Application

27. Dockerfile
FROM python:2.7
RUN apt-get update && apt-get -y install python-dev libssl-dev
WORKDIR /app
RUN pip install Flask MySQL-python
ADD . /app
EXPOSE 5000
CMD ["python", "app.py"]

28. docker-compose.yml
services:
web:
build: .
ports:
- "5000:5000"
links:
- mariadb
hostname: dev.myapp.com
environment:
APP_MARIADB_HOST: dev_mariadb_1
APP_PASSWORD: foo
mariadb:
image: mariadb:10.1
environment:
MYSQL_ROOT_PASSWORD: foo

29. Roll The Application Behind Haproxy
Development
app
Production
Virtual
IP
Virtual
IP
MaxScale 1 MaxScale 2
HAProxy
1 2 3
app1

30. Scale the Application Tier
Development
app
Production
Virtual
IP
Virtual
IP
MaxScale 1 MaxScale 2
HAProxy
1 2 3
app1 app2 app3 app4 appN

31. Docker Networking
Docker Host (swarm-2)
MaxScale
Container
Endpoint
Docker Host (swarm-3)
MariaDB
Container
Endpoint
“Bridge” Network
“Prod” Overlay Network
Docker Host (swarm-1)
App
Container
Endpoint
Docker Host (swarm-0)
HAProxy
Container
Endpoint Endpoint

32. Docker Networking
$ docker network create -d overlay --attachable myapp_back
$ cat docker-compose.stack.yml
...
networks:
front:
back:
external:
name: myapp_back

33. Secrets… Opppsss
services:
web:
build: .
ports:
- "5000:5000"
links:
- mariadb
hostname: dev.myapp.com
environment:
APP_MARIADB_HOST: dev_mariadb_1
APP_PASSWORD: foo
mariadb:
image: mariadb:10.1
environment:
MYSQL_ROOT_PASSWORD: foo

34. Docker secrets
$ cat docker-compose.stack.yml
...
secrets:
app_password:
file: ./app_password.txt
mariadb_root_password:
file: ./mariadb_password.txt
xtrabackup_password:
file: ./xtrabackup_password.txt
$ more ./app_password.txt
appfoo

35. HowTo Part 2
Scale Web Tier

36. haproxy & web services
services:
haproxy:
image: dockercloud/haproxy
networks:
- front
- back
volumes:
- /var/run/docker.sock:/var/run/docker.sock
ports:
- 80:80
deploy:
placement:
constraints: [node.role == manager]
web:
image: alvinr/demo-webapp-vote:mariadb
environment:
SERVICE_PORTS: "5000"
VIRTUAL_HOST: "prod.myapp.com"
APP_MARIADB_HOST: "maxscale"
APP_USER: "app"
APP_PASSWORD_FILE: "/run/secrets/app_password"
APP_DATABASE: "test"
networks:
- back
deploy:
placement:
constraints: [node.role != manager]
secrets:
- app_password

37. HowTo Part 3
Hardened
Database Tier

38. MariaDB Galera Cluster
mariadb_cluster:
image: alvinr/mariadb-galera-swarm
environment:
...
NODE_ADDRESS: "eth0"
MYSQL_USER: "app"
MYSQL_DATABASE: "test"
MYSQL_PASSWORD_FILE:
"/run/secrets/app_password"
MAXSCALE_PRIVS: "true"
labels:
com.mariadb.cluster: "myapp-prod-cluster"
networks:
- back
command: seed
deploy:
replicas: 1
placement:
constraints:
[engine.labels.com.mariadb.cluster !=
myapp-prod-cluster]
secrets:
- mariadb_root_password
- xtrabackup_password
- app_password

39. MaxScale
maxscale:
image: alvinr/maxscale-swarm
...
labels:
com.mariadb.cluster: "myapp-maxscale"
networks:
- back
deploy:
replicas: 1
restart_policy:
condition: on-failure
delay: 5s
placement:
constraints: [engine.labels.com.mariadb.cluster != myapp-maxscale]
secrets:
- app_password

40. Part Six
Considerations
& Conclusions

41. DNS RESOLUTION
• Docker assigns VIP to Service, each Task has
own IP
• nslookup, dig, getent etc.
3rd PARTY
• consul, etcd, zookeeper etc.
DOCKER EVENTS
• https://docs.docker.com/engine/
reference/api/docker_remote_api/
• Interlock -
https://github.com/ehazlett/interlock
Service Discovery - How to mesh nodes?

42. Storage: Inside or Outside the Container?
Inside
• Encapsulation
of Concerns
Outside
• Separation of Concerns
• Storage features (e.g. Snapshots)
• 3rd Party options
– NetApp, Google Compute Engine, Rancher Convoy
– Flocker
Host
Docker Daemon
Container
Docker Daemon
Container
/dev/xvdb
/mnt/xx:/var/lib/mysql
Networked
e.g. EBS
Volume
Local Disk e.g.
SSD / NVMe

43. Storage: Data Container?
Inside
• Managed like
other containers
• Special rule for
Destruction
• TBD: Performance
Host
Docker Daemon
Container
Docker Daemon
Container
--volumes-from
{container name}
Host

44. And...
• Swarm locking
• Image verification (trusted Images)
• AppArmor / Seccomp profiles
• Monitoring
• Healthchecks
• Rolling Upgrades

45. Summary
One Solution Development -> Production
• Define Images & Orchestration once
• Reuse when needed, inject required behaviours
MariaDB in Production with Docker
• Ops define the whitelisted images, security policies
• Dev approve images to build upon
• Eliminate complexity (and cost) of Deployment
• Scale easily, maintain SLA requirements of component

46. Thanks and Q&A
Code
• https://github.com/alvinr/docker-demo/tree/master/mariadb/vote
Docker Images
• https://hub.docker.com/_/mariadb/
MariaDB & Docker deployment guide
• https://mariadb.com/kb/en/mariadb/installing-and-using-mariadb-via-docker/

47. Thank you