Steve Loughran, profile picture
Uploaded bySteve Loughran
1,962 views

HA Hadoop -ApacheCon talk

Hadoop provides high availability through replication of data across multiple nodes. Replication handles data integrity through checksums and automatic re-replication of corrupt blocks. Rack failures are reduced by dual networking and more replication bandwidth. NameNode failures are rare but cause downtime, so Hadoop 1 adds cold failover of Namenodes using VMware HA or RedHat HA. Hadoop 2 introduces live failover of Namenodes using a quorum journal manager to eliminate single points of failure. Full stack high availability adds monitoring and restart of all services.

Embed presentation

High Availability Hadoop Steve Loughran @steveloughran Sanjay Radia @srr © Hortonworks Inc. 2012
Questions Hadoop users ask • Can Hadoop keep my data safe? • Can Hadoop keep my data available? • What happens when things go wrong? • What about applications that use Hadoop? • What's next? Page 2 © Hortonworks Inc. 2012
Hadoop HDFS: replication is the key Switch ToR Switch ToR Switch ToR Switch file block1 Name block2 DataNode DataNode Node block3 … DataNode DataNode 2ary Name DataNode DataNode Node (Job Tracker) DataNode DataNode Page 3 © Hortonworks Inc. 2012
Replication handles data integrity • CRC32 checksum per 512 bytes • Verified across datanodes on write • Verified on all reads • Background verification of all blocks (~weekly) • Corrupt blocks re-replicated • All replicas corrupt  operations team intervention 2009: Yahoo! lost 19 out of 329M blocks on 20K servers –bugs now fixed Page 4 © Hortonworks Inc. 2012
Rack/Switch failure Switch ToR Switch ToR Switch ToR Switch file block1 Name block2 DataNode DataNode Node block3 … DataNode DataNode 2ary Name DataNode DataNode Node (Job Tracker) DataNode DataNode Page 5 © Hortonworks Inc. 2012
Reducing the impact of a Rack Failure • Is this a real threat? –Google: failures are rack-correlated –Microsoft: ToR switches fail the most –Facebook: router mis-configuration  cascade failure • Reduce the impact –Dual bonded Ethernet with 2x Top of Rack Switch –10 GbE for more replication bandwidth –Bigger clusters –Facebook: sub-cluster block placement Page 6 © Hortonworks Inc. 2012
NameNode failure rare but visible ToR Switch 1. Try to reboot/restart NN IP 2. Bring up new Shared storage for NameNode server Name filesystem image and NN IP Node -with same IP journal ("edit log") -or restart DataNodes 2ary Name (Secondary NN receives Node streamed journal and checkpoints filesystem image) Yahoo!: 22 NameNode failures on 25 clusters in 18 months = .99999 availability Page 7 © Hortonworks Inc. 2012
NameNode failure costs • Manual intervention • Time to bring up service by hand • Remote applications receive errors and can fail. • MapReduce layer can fail. • Cost of spare server • Cost of 7x24 ops team Page 8 © Hortonworks Inc. 2012
What to improve • Address costs of NameNode failure in Hadoop 1 • Add Live NN failover (HDFS 2.0) • Eliminate shared storage (HDFS 2.x) • Add resilience to the entire stack Page 9 © Hortonworks Inc. 2012
Full Stack HA add resilience to planned/unplanned outages of layers underneath 10 © Hortonworks Inc. 2012
Hadoop Full Stack HA Architecture Worker Nodes of Hadoop Cluster task task task task … Node w/ Node w/ Node w/ Node w/ DN & TT DN & TT DN & TT DN & TT Apps Job Running Submitting Outside Clients Failover JT into Safemode NN JT NN Server Server Server HA Cluster for Master Daemons 11 © Hortonworks Inc. 2012
HA in Hadoop 1 (HDP1) Use existing HA clustering technologies to add cold failover of key manager services: VMWare vSphere HA RedHat HA Linux 12 © Hortonworks Inc. 2012
vSphere : VMs are managed Page 13 © Hortonworks Inc. 2012
“Canary” monitoring • IN-VM Monitor daemon for each service –NameNode: process, ports, http, DFS operations –JobTracker: process, ports, http, JT status + special handling of HDFS state on startup. • Probe failures reported to vSphere • Triggers VM kill and restart • Differentiating hung service from GC pause hard Page 14 © Hortonworks Inc. 2012
Defining liveness • kill -0 `cat <path to .pid file>` • Port open <hostname, port> • HTTP GET <URL, response code range> • DFS list <filesystem, path> • DFS out of safe mode (filesystem) • JT cluster status <hostname, port> • JT out of safe mode <hostname, port> Page 15 © Hortonworks Inc. 2012
RedHat HA Linux ToR Switch NN IP Name DataNode DataNode Node IP1 NN IP Name DataNode DataNode Node IP2 2NN IP 2ary Name DataNode DataNode IP3 Node JT IP (Job Tracker) DataNode DataNode IP4 HA Linux: heartbeats & failover Page 16 © Hortonworks Inc. 2012
Linux HA Implementation • Replace init.d script with “Resource Agent” script • Hook up status probes as for vSphere • Detection & handling of hung process hard • Test in virtual + physical environments • Testing with physical clusters • ARP trouble on cross-switch failover -don't Page 17 © Hortonworks Inc. 2012
Yes, but does it work? public void testHungNN() { assertRestartsHDFS { nnServer.kill(19, "/var/run/hadoop/hadoop-namenode.pid") } } Groovy JUnit tests + “chaos” library Need a home for this -Bigtop? Page 18 © Hortonworks Inc. 2012
And how long does it take? 60 Nodes, 60K files, 6 million blocks, 300 TB raw storage – 1-3 minutes – Failure detection and Failover – 0.5 to 2 minutes – Namenode Startup (exit safemode) – 30 sec 180 Nodes, 200K files, 18 million blocks, 900TB raw storage – 2-4 minutes – Failure detection and Failover – 0.5 to 2 minutes – Namenode Startup (exit safemode) – 110 sec vSphere: add 60s for OS bootup. Cold Failover is good enough for small/medium clusters 19 © Hortonworks Inc. 2012
IPC client resilience Configurable retry & time to block ipc.client.connect.max.retries dfs.client.retry.policy.enabled 1. Set in core-site.xml for automatic pickup. 2. Failure-aware applications can tune/disable Blocking works for most clients Page 20 © Hortonworks Inc. 2012
Job Tracker Resilience • “Safe Mode” –rejects new submissions –does not fail ongoing Jobs, blacklist Task Trackers • FS monitoring and automatic safe mode entry: mapreduce.jt.hdfs.monitor.enable • Queue rebuild on restart mapreduce.jt.hdfs.monitor.enable • Job Submission Client to retry: mapreduce.jobclient.retry.policy.enabled Page 21 © Hortonworks Inc. 2012
Testing full stack functionality 1. Run existing test suites against a cluster being killed repeatedly: MapReduce, HBase, Pig 2. Specific test jobs performing DFS operations from inside MapReduce jobs to stress MR layer Results: NN outages did not cause failures two unrelated bugs in HDFS were found; Page 22 © Hortonworks Inc. 2012
Putting it all together: Demo Page 23 © Hortonworks Inc. 2012
HA in Hadoop HDFS 2 Page 24 © Hortonworks Inc. 2012
Hadoop 2.0 HA Zoo- Keeper Standby Active IP1 Active Failure- DataNode Controller NN Zoo- Keeper Active Standby Standby Active Failure- DataNode Controller NN IP2 Zoo- Keeper Block reports to both NNs; Failure Controllers & Zookeeper co-ordinate Page 25 © Hortonworks Inc. 2012
Page 26 © Hortonworks Inc. 2012
Hadoop 2.1 HA Zoo- Keeper Active IP1 Active Failure- DataNode Controller NN Journal Node Zoo- Journal Keeper Node Journal Node Standby Standby Failure- DataNode Controller NN IP2 Zoo- Keeper Quorum Journal Manager replaces shared storage BookKeeper Journal Manager uses Apache BookKeeper Page 27 © Hortonworks Inc. 2012
When will HDFS 2 be ready? CDH : shipping Apache: beta-phase Page 28 © Hortonworks Inc. 2012
Moving forward • Retry policies for all remote client protocols/libraries in the stack. • Monitor/restart for all services • Zookeeper service lookup everywhere • YARN needs HA of Resource Manager Page 29 © Hortonworks Inc. 2012
Single Points of Failure There's always a SPOF Q. How do you find it? A. It finds you Page 30 © Hortonworks Inc. 2012
Questions? CFP for H Summit EU open! Page 31 © Hortonworks Inc. 2012
Monitoring Lifecycle block for upstream services dependencies e.g. JT on HDFS all dependencies live halt wait for probes live; booting fail fast on live  fail halt all probes live boot timeout failure of live probe live check all probes until halted or probe failure halt probe failure probe timeout failed 60s after heartbeats stop, halted vSphere restarts VM unhook from vSphere immediate process exit Page 32 © Hortonworks Inc. 2012
vSphere versus RedHat HA vSphere ideal for small clusters –one VM/service –less physical hosts than service VMs –Obvious choice for sites with vSphere HA RedHat HA great for large clusters –turns a series of master nodes into a pool of servers with floating services & IP Addresses –downgrades “outages” to “transient events” Page 33 © Hortonworks Inc. 2012

More Related Content

PPTX
Availability and Integrity in hadoop (Strata EU Edition)
bySteve Loughran
 
PDF
Webinar: General Technical Overview of MongoDB
byMongoDB
 
ODP
Review of the firebird development in 2011 2012
byMind The Firebird
 
PPTX
Apache con 2012 taking the guesswork out of your hadoop infrastructure
bySteve Watt
 
PDF
Linked In Lessons Learned And Growth And Scalability
byConSanFrancisco123
 
PDF
The djatoka Image Server
byHerbert Van de Sompel
 
PDF
the UPS protoproto project
byHerbert Van de Sompel
 
PDF
The Native NDB Engine for Memcached
byJohn David Duncan
 
Availability and Integrity in hadoop (Strata EU Edition)
bySteve Loughran
 
Webinar: General Technical Overview of MongoDB
byMongoDB
 
Review of the firebird development in 2011 2012
byMind The Firebird
 
Apache con 2012 taking the guesswork out of your hadoop infrastructure
bySteve Watt
 
Linked In Lessons Learned And Growth And Scalability
byConSanFrancisco123
 
The djatoka Image Server
byHerbert Van de Sompel
 
the UPS protoproto project
byHerbert Van de Sompel
 
The Native NDB Engine for Memcached
byJohn David Duncan
 

What's hot

PDF
MapReduce Using Perl and Gearman
byJamie Pitts
 
PDF
Tungsten University: Setup and Operate Tungsten Replicators
byContinuent
 
PDF
Federated HDFS
byhuguk
 
PDF
Nov 2011 HUG: HParser
byYahoo Developer Network
 
PDF
Integration of Cloud and Grid Middleware at DGRZR
byStefan Freitag
 
PDF
NoSQL Matters 2012 - Real Time Big Data in practice with Cassandra
byMichaël Figuière
 
PDF
ApacheCon Europe 2012 - Real Time Big Data in practice with Cassandra
byMichaël Figuière
 
KEY
Consolidated shared indexes in real time
byJeff Mace
 
PDF
MySQL Cluster NoSQL Memcached API
byMat Keep
 
PDF
How to make DSL
byYukio Goto
 
PDF
call for papers, research paper publishing, where to publish research paper, ...
byInternational Journal of Engineering Inventions www.ijeijournal.com
 
PPTX
OrientDB the graph database
byArtem Orobets
 
PDF
Replication and Replica Sets
byMongoDB
 
PPT
Benchmark Analysis of Multi-core Processor Memory Contention April 2009
byJames McGalliard
 
PPT
Session 46 - Principles of workflow management and execution
byISSGC Summer School
 
PDF
Cassandra presentation at NoSQL
byEvan Weaver
 
PDF
Dash7 Technology 2009 2011 Seoul Briefing
byHaystack Technologies
 
PDF
Ads int faq
byRajeev Verma
 
PPTX
Sector CloudSlam 09
byRobert Grossman
 
PDF
Replication and Replica Sets
byMongoDB
 
MapReduce Using Perl and Gearman
byJamie Pitts
 
Tungsten University: Setup and Operate Tungsten Replicators
byContinuent
 
Federated HDFS
byhuguk
 
Nov 2011 HUG: HParser
byYahoo Developer Network
 
Integration of Cloud and Grid Middleware at DGRZR
byStefan Freitag
 
NoSQL Matters 2012 - Real Time Big Data in practice with Cassandra
byMichaël Figuière
 
ApacheCon Europe 2012 - Real Time Big Data in practice with Cassandra
byMichaël Figuière
 
Consolidated shared indexes in real time
byJeff Mace
 
MySQL Cluster NoSQL Memcached API
byMat Keep
 
How to make DSL
byYukio Goto
 
call for papers, research paper publishing, where to publish research paper, ...
byInternational Journal of Engineering Inventions www.ijeijournal.com
 
OrientDB the graph database
byArtem Orobets
 
Replication and Replica Sets
byMongoDB
 
Benchmark Analysis of Multi-core Processor Memory Contention April 2009
byJames McGalliard
 
Session 46 - Principles of workflow management and execution
byISSGC Summer School
 
Cassandra presentation at NoSQL
byEvan Weaver
 
Dash7 Technology 2009 2011 Seoul Briefing
byHaystack Technologies
 
Ads int faq
byRajeev Verma
 
Sector CloudSlam 09
byRobert Grossman
 
Replication and Replica Sets
byMongoDB
 

Viewers also liked

PPT
Deploying On EC2
bySteve Loughran
 
PDF
Hadoop & Hep
bySteve Loughran
 
PPT
Beyond Unit Testing
bySteve Loughran
 
PPT
When Web Services Go Bad
bySteve Loughran
 
PPTX
Help! My Hadoop doesn't work!
bySteve Loughran
 
PDF
Benchmarking
bySteve Loughran
 
PPT
Testing
bySteve Loughran
 
PPT
The Wondrous Curse of Interoperability
bySteve Loughran
 
PPTX
Hadoop: today and tomorrow
bySteve Loughran
 
PPT
My other computer is a datacentre - 2012 edition
bySteve Loughran
 
PDF
Hadoop Futures
bySteve Loughran
 
PPTX
New Roles In The Cloud
bySteve Loughran
 
PPTX
Hadoop and Kerberos: the Madness Beyond the Gate: January 2016 edition
bySteve Loughran
 
ODP
Farming hadoop in_the_cloud
bySteve Loughran
 
PPTX
Apache Spark and Object Stores
bySteve Loughran
 
PPT
Application Architecture For The Cloud
bySteve Loughran
 
PPTX
Spark Summit East 2017: Apache spark and object stores
bySteve Loughran
 
PPTX
Household INFOSEC in a Post-Sony Era
bySteve Loughran
 
PPTX
Hadoop gets Groovy
bySteve Loughran
 
Deploying On EC2
bySteve Loughran
 
Hadoop & Hep
bySteve Loughran
 
Beyond Unit Testing
bySteve Loughran
 
When Web Services Go Bad
bySteve Loughran
 
Help! My Hadoop doesn't work!
bySteve Loughran
 
Benchmarking
bySteve Loughran
 
Testing
bySteve Loughran
 
The Wondrous Curse of Interoperability
bySteve Loughran
 
Hadoop: today and tomorrow
bySteve Loughran
 
My other computer is a datacentre - 2012 edition
bySteve Loughran
 
Hadoop Futures
bySteve Loughran
 
New Roles In The Cloud
bySteve Loughran
 
Hadoop and Kerberos: the Madness Beyond the Gate: January 2016 edition
bySteve Loughran
 
Farming hadoop in_the_cloud
bySteve Loughran
 
Apache Spark and Object Stores
bySteve Loughran
 
Application Architecture For The Cloud
bySteve Loughran
 
Spark Summit East 2017: Apache spark and object stores
bySteve Loughran
 
Household INFOSEC in a Post-Sony Era
bySteve Loughran
 
Hadoop gets Groovy
bySteve Loughran
 

Similar to HA Hadoop -ApacheCon talk

PDF
HDFS NameNode High Availability
byDataWorks Summit
 
PPTX
Hadoop Summit 2012 | HDFS High Availability
byCloudera, Inc.
 
PDF
Building Scale Free Applications with Hadoop and Cascading
bycwensel
 
PDF
Hadoop Inside
byEun-Jo Lee
 
PDF
SAM SIG: Hadoop architecture, MapReduce patterns, and best practices with Cas...
bycwensel
 
PDF
Hdfs Dhruba
byJeff Hammerbacher
 
PDF
HDFS Architecture
byJeff Hammerbacher
 
PPTX
HDFS - What's New and Future
byDataWorks Summit
 
PPTX
Understanding Hadoop Clusters and the Network
bybradhedlund
 
PPTX
Hadoop HDFS Detailed Introduction
byHanborq Inc.
 
PPTX
Understanding hdfs
byThirunavukkarasu Ps
 
PPTX
Hadoop architecture meetup
byvmoorthy
 
PPTX
Introduction to hadoop and hdfs
byshrey mehrotra
 
PPTX
Hadoop Distributed File System(HDFS) : Behind the scenes
byNitin Khattar
 
PPT
haoop_architecture.pptHadoop Architecture is a framework designed for storing...
byRohiniRajaramPandian
 
PPTX
Nn ha hadoop world.final
byHortonworks
 
PPTX
Hadoop HDFS Architeture and Design
bysudhakara st
 
PPTX
Apache Hadoop
byAjit Koti
 
PPTX
HDFS Namenode High Availability
byHortonworks
 
ODP
Hadoop admin
byBalaji Rajan
 
HDFS NameNode High Availability
byDataWorks Summit
 
Hadoop Summit 2012 | HDFS High Availability
byCloudera, Inc.
 
Building Scale Free Applications with Hadoop and Cascading
bycwensel
 
Hadoop Inside
byEun-Jo Lee
 
SAM SIG: Hadoop architecture, MapReduce patterns, and best practices with Cas...
bycwensel
 
Hdfs Dhruba
byJeff Hammerbacher
 
HDFS Architecture
byJeff Hammerbacher
 
HDFS - What's New and Future
byDataWorks Summit
 
Understanding Hadoop Clusters and the Network
bybradhedlund
 
Hadoop HDFS Detailed Introduction
byHanborq Inc.
 
Understanding hdfs
byThirunavukkarasu Ps
 
Hadoop architecture meetup
byvmoorthy
 
Introduction to hadoop and hdfs
byshrey mehrotra
 
Hadoop Distributed File System(HDFS) : Behind the scenes
byNitin Khattar
 
haoop_architecture.pptHadoop Architecture is a framework designed for storing...
byRohiniRajaramPandian
 
Nn ha hadoop world.final
byHortonworks
 
Hadoop HDFS Architeture and Design
bysudhakara st
 
Apache Hadoop
byAjit Koti
 
HDFS Namenode High Availability
byHortonworks
 
Hadoop admin
byBalaji Rajan
 

More from Steve Loughran

PPTX
Hadoop Vectored IO
bySteve Loughran
 
PPTX
The age of rename() is over
bySteve Loughran
 
PPTX
What does Rename Do: (detailed version)
bySteve Loughran
 
PPTX
Put is the new rename: San Jose Summit Edition
bySteve Loughran
 
PPTX
@Dissidentbot: dissent will be automated!
bySteve Loughran
 
PPTX
PUT is the new rename()
bySteve Loughran
 
PPT
Extreme Programming Deployed
bySteve Loughran
 
PPT
Testing
bySteve Loughran
 
PPTX
I hate mocking
bySteve Loughran
 
PPTX
What does rename() do?
bySteve Loughran
 
PPTX
Dancing Elephants: Working with Object Storage in Apache Spark and Hive
bySteve Loughran
 
PPTX
Apache Spark and Object Stores —for London Spark User Group
bySteve Loughran
 
PPTX
Hadoop, Hive, Spark and Object Stores
bySteve Loughran
 
PPTX
Hadoop and Kerberos: the Madness Beyond the Gate
bySteve Loughran
 
PPTX
Slider: Applications on YARN
bySteve Loughran
 
PPTX
YARN Services
bySteve Loughran
 
PPTX
Datacentre stack
bySteve Loughran
 
PPTX
Overview of slider project
bySteve Loughran
 
ODP
2014 01-02-patching-workflow
bySteve Loughran
 
PPTX
2013 11-19-hoya-status
bySteve Loughran
 
Hadoop Vectored IO
bySteve Loughran
 
The age of rename() is over
bySteve Loughran
 
What does Rename Do: (detailed version)
bySteve Loughran
 
Put is the new rename: San Jose Summit Edition
bySteve Loughran
 
@Dissidentbot: dissent will be automated!
bySteve Loughran
 
PUT is the new rename()
bySteve Loughran
 
Extreme Programming Deployed
bySteve Loughran
 
Testing
bySteve Loughran
 
I hate mocking
bySteve Loughran
 
What does rename() do?
bySteve Loughran
 
Dancing Elephants: Working with Object Storage in Apache Spark and Hive
bySteve Loughran
 
Apache Spark and Object Stores —for London Spark User Group
bySteve Loughran
 
Hadoop, Hive, Spark and Object Stores
bySteve Loughran
 
Hadoop and Kerberos: the Madness Beyond the Gate
bySteve Loughran
 
Slider: Applications on YARN
bySteve Loughran
 
YARN Services
bySteve Loughran
 
Datacentre stack
bySteve Loughran
 
Overview of slider project
bySteve Loughran
 
2014 01-02-patching-workflow
bySteve Loughran
 
2013 11-19-hoya-status
bySteve Loughran
 

Recently uploaded

PPTX
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
PDF
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
PDF
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
PDF
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
PDF
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
PDF
eResource Scheduler Enterprise Resource Management and Scheduling Software.pdf
byeResource Scheduler
 
PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
PDF
Guided Substation Engineering with CoMPAS: Simplifying IEC 61850
byDanBrown980551
 
PDF
8 LLM Surveys https://tinyurl.com/bdz8e6fp
byBob Marcus
 
PDF
Greetings All Students Update 3 by Mia Corp
by©LDMMIA, ©Reiki Yoga
 
PPTX
Basics of Identity Access Management In mordern Infrastructure
byPrinceXavier18
 
PDF
API206-S: Transforming Supply Chains with Amazon Bedrock AgentCore - AWS re:I...
byChris Bingham
 
PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PDF
Security Technologys: Access Control, Firewall, VPN
byShielaLasala
 
PDF
Agentic Automation for Testers – A Hands-On Deep Dive
byUiPathCommunity
 
PDF
Innovative AI Solutions for Business Growth.pdf
byVox Works
 
PDF
Incident Response Planning with a Foundation Model
byKim Hammar
 
PPTX
RISE with SAP for Automotive - S4 HANA Value.pptx
byAmira Jemi
 
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
eResource Scheduler Enterprise Resource Management and Scheduling Software.pdf
byeResource Scheduler
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
Guided Substation Engineering with CoMPAS: Simplifying IEC 61850
byDanBrown980551
 
8 LLM Surveys https://tinyurl.com/bdz8e6fp
byBob Marcus
 
Greetings All Students Update 3 by Mia Corp
by©LDMMIA, ©Reiki Yoga
 
Basics of Identity Access Management In mordern Infrastructure
byPrinceXavier18
 
API206-S: Transforming Supply Chains with Amazon Bedrock AgentCore - AWS re:I...
byChris Bingham
 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
Security Technologys: Access Control, Firewall, VPN
byShielaLasala
 
Agentic Automation for Testers – A Hands-On Deep Dive
byUiPathCommunity
 
Innovative AI Solutions for Business Growth.pdf
byVox Works
 
Incident Response Planning with a Foundation Model
byKim Hammar
 
RISE with SAP for Automotive - S4 HANA Value.pptx
byAmira Jemi
 

HA Hadoop -ApacheCon talk

  • 1.
    High Availability Hadoop SteveLoughran @steveloughran Sanjay Radia @srr © Hortonworks Inc. 2012
  • 2.
    Questions Hadoop usersask • Can Hadoop keep my data safe? • Can Hadoop keep my data available? • What happens when things go wrong? • What about applications that use Hadoop? • What's next? Page 2 © Hortonworks Inc. 2012
  • 3.
    Hadoop HDFS: replicationis the key Switch ToR Switch ToR Switch ToR Switch file block1 Name block2 DataNode DataNode Node block3 … DataNode DataNode 2ary Name DataNode DataNode Node (Job Tracker) DataNode DataNode Page 3 © Hortonworks Inc. 2012
  • 4.
    Replication handles dataintegrity • CRC32 checksum per 512 bytes • Verified across datanodes on write • Verified on all reads • Background verification of all blocks (~weekly) • Corrupt blocks re-replicated • All replicas corrupt  operations team intervention 2009: Yahoo! lost 19 out of 329M blocks on 20K servers –bugs now fixed Page 4 © Hortonworks Inc. 2012
  • 5.
    Rack/Switch failure Switch ToR Switch ToR Switch ToR Switch file block1 Name block2 DataNode DataNode Node block3 … DataNode DataNode 2ary Name DataNode DataNode Node (Job Tracker) DataNode DataNode Page 5 © Hortonworks Inc. 2012
  • 6.
    Reducing the impactof a Rack Failure • Is this a real threat? –Google: failures are rack-correlated –Microsoft: ToR switches fail the most –Facebook: router mis-configuration  cascade failure • Reduce the impact –Dual bonded Ethernet with 2x Top of Rack Switch –10 GbE for more replication bandwidth –Bigger clusters –Facebook: sub-cluster block placement Page 6 © Hortonworks Inc. 2012
  • 7.
    NameNode failure rarebut visible ToR Switch 1. Try to reboot/restart NN IP 2. Bring up new Shared storage for NameNode server Name filesystem image and NN IP Node -with same IP journal ("edit log") -or restart DataNodes 2ary Name (Secondary NN receives Node streamed journal and checkpoints filesystem image) Yahoo!: 22 NameNode failures on 25 clusters in 18 months = .99999 availability Page 7 © Hortonworks Inc. 2012
  • 8.
    NameNode failure costs •Manual intervention • Time to bring up service by hand • Remote applications receive errors and can fail. • MapReduce layer can fail. • Cost of spare server • Cost of 7x24 ops team Page 8 © Hortonworks Inc. 2012
  • 9.
    What to improve •Address costs of NameNode failure in Hadoop 1 • Add Live NN failover (HDFS 2.0) • Eliminate shared storage (HDFS 2.x) • Add resilience to the entire stack Page 9 © Hortonworks Inc. 2012
  • 10.
    Full Stack HA addresilience to planned/unplanned outages of layers underneath 10 © Hortonworks Inc. 2012
  • 11.
    Hadoop Full StackHA Architecture Worker Nodes of Hadoop Cluster task task task task … Node w/ Node w/ Node w/ Node w/ DN & TT DN & TT DN & TT DN & TT Apps Job Running Submitting Outside Clients Failover JT into Safemode NN JT NN Server Server Server HA Cluster for Master Daemons 11 © Hortonworks Inc. 2012
  • 12.
    HA in Hadoop1 (HDP1) Use existing HA clustering technologies to add cold failover of key manager services: VMWare vSphere HA RedHat HA Linux 12 © Hortonworks Inc. 2012
  • 13.
    vSphere : VMsare managed Page 13 © Hortonworks Inc. 2012
  • 14.
    “Canary” monitoring • IN-VMMonitor daemon for each service –NameNode: process, ports, http, DFS operations –JobTracker: process, ports, http, JT status + special handling of HDFS state on startup. • Probe failures reported to vSphere • Triggers VM kill and restart • Differentiating hung service from GC pause hard Page 14 © Hortonworks Inc. 2012
  • 15.
    Defining liveness • kill-0 `cat <path to .pid file>` • Port open <hostname, port> • HTTP GET <URL, response code range> • DFS list <filesystem, path> • DFS out of safe mode (filesystem) • JT cluster status <hostname, port> • JT out of safe mode <hostname, port> Page 15 © Hortonworks Inc. 2012
  • 16.
    RedHat HA Linux ToR Switch NN IP Name DataNode DataNode Node IP1 NN IP Name DataNode DataNode Node IP2 2NN IP 2ary Name DataNode DataNode IP3 Node JT IP (Job Tracker) DataNode DataNode IP4 HA Linux: heartbeats & failover Page 16 © Hortonworks Inc. 2012
  • 17.
    Linux HA Implementation •Replace init.d script with “Resource Agent” script • Hook up status probes as for vSphere • Detection & handling of hung process hard • Test in virtual + physical environments • Testing with physical clusters • ARP trouble on cross-switch failover -don't Page 17 © Hortonworks Inc. 2012
  • 18.
    Yes, but doesit work? public void testHungNN() { assertRestartsHDFS { nnServer.kill(19, "/var/run/hadoop/hadoop-namenode.pid") } } Groovy JUnit tests + “chaos” library Need a home for this -Bigtop? Page 18 © Hortonworks Inc. 2012
  • 19.
    And how longdoes it take? 60 Nodes, 60K files, 6 million blocks, 300 TB raw storage – 1-3 minutes – Failure detection and Failover – 0.5 to 2 minutes – Namenode Startup (exit safemode) – 30 sec 180 Nodes, 200K files, 18 million blocks, 900TB raw storage – 2-4 minutes – Failure detection and Failover – 0.5 to 2 minutes – Namenode Startup (exit safemode) – 110 sec vSphere: add 60s for OS bootup. Cold Failover is good enough for small/medium clusters 19 © Hortonworks Inc. 2012
  • 20.
    IPC client resilience Configurableretry & time to block ipc.client.connect.max.retries dfs.client.retry.policy.enabled 1. Set in core-site.xml for automatic pickup. 2. Failure-aware applications can tune/disable Blocking works for most clients Page 20 © Hortonworks Inc. 2012
  • 21.
    Job Tracker Resilience •“Safe Mode” –rejects new submissions –does not fail ongoing Jobs, blacklist Task Trackers • FS monitoring and automatic safe mode entry: mapreduce.jt.hdfs.monitor.enable • Queue rebuild on restart mapreduce.jt.hdfs.monitor.enable • Job Submission Client to retry: mapreduce.jobclient.retry.policy.enabled Page 21 © Hortonworks Inc. 2012
  • 22.
    Testing full stackfunctionality 1. Run existing test suites against a cluster being killed repeatedly: MapReduce, HBase, Pig 2. Specific test jobs performing DFS operations from inside MapReduce jobs to stress MR layer Results: NN outages did not cause failures two unrelated bugs in HDFS were found; Page 22 © Hortonworks Inc. 2012
  • 23.
    Putting it alltogether: Demo Page 23 © Hortonworks Inc. 2012
  • 24.
    HA in HadoopHDFS 2 Page 24 © Hortonworks Inc. 2012
  • 25.
    Hadoop 2.0 HA Zoo- Keeper Standby Active IP1 Active Failure- DataNode Controller NN Zoo- Keeper Active Standby Standby Active Failure- DataNode Controller NN IP2 Zoo- Keeper Block reports to both NNs; Failure Controllers & Zookeeper co-ordinate Page 25 © Hortonworks Inc. 2012
  • 26.
  • 27.
    Hadoop 2.1 HA Zoo- Keeper Active IP1 Active Failure- DataNode Controller NN Journal Node Zoo- Journal Keeper Node Journal Node Standby Standby Failure- DataNode Controller NN IP2 Zoo- Keeper Quorum Journal Manager replaces shared storage BookKeeper Journal Manager uses Apache BookKeeper Page 27 © Hortonworks Inc. 2012
  • 28.
    When will HDFS2 be ready? CDH : shipping Apache: beta-phase Page 28 © Hortonworks Inc. 2012
  • 29.
    Moving forward • Retrypolicies for all remote client protocols/libraries in the stack. • Monitor/restart for all services • Zookeeper service lookup everywhere • YARN needs HA of Resource Manager Page 29 © Hortonworks Inc. 2012
  • 30.
    Single Points ofFailure There's always a SPOF Q. How do you find it? A. It finds you Page 30 © Hortonworks Inc. 2012
  • 31.
    Questions? CFP for HSummit EU open! Page 31 © Hortonworks Inc. 2012
  • 32.
    Monitoring Lifecycle block for upstream services dependencies e.g. JT on HDFS all dependencies live halt wait for probes live; booting fail fast on live  fail halt all probes live boot timeout failure of live probe live check all probes until halted or probe failure halt probe failure probe timeout failed 60s after heartbeats stop, halted vSphere restarts VM unhook from vSphere immediate process exit Page 32 © Hortonworks Inc. 2012
  • 33.
    vSphere versus RedHatHA vSphere ideal for small clusters –one VM/service –less physical hosts than service VMs –Obvious choice for sites with vSphere HA RedHat HA great for large clusters –turns a series of master nodes into a pool of servers with floating services & IP Addresses –downgrades “outages” to “transient events” Page 33 © Hortonworks Inc. 2012

Editor's Notes

  • #3 Once you adopt Hadoop, it can rapidly become the biggest central storage point of data in an organisation. At which point you start caring about how well it looks after your data. this talk aims to answer these questions
  • #4 HDFS is built on the concept that in a large cluster, disk failure is inevitable. The system is designed to change the impact of this from the beeping of pagers to a background hum.Akey part of the HDFS design: copying the blocks across machines means that the loss of a disk, server or even entire rack keeps the data available.
  • #5 There&apos;s lots of checksumming going on of the data to pick up corruption -CRCs created at write time (and even verified end-to-end in a cross-machine write), scanned on read time.
  • #6 Rack failures can generate a lot of replication traffic, as every block that was stored in the rack needs to be replicated at least once. The replication still has to follow the constraints of no more than one block copy per server. Much of this traffic is intra-rack, but every block which already has 2x replicas on a single rack will be replicated to another rack if possible.This is what scares ops team. Important: there is no specific notion of &quot;mass failure&quot; or &quot;network partition&quot;. Here HDFS only sees that four machines have gone down.
  • #8 When the NameNode fails, the cluster is offline.client applications -including the MapReduce layer and HBase see this, and fail.
  • #9 When the NN fails, it&apos;s obvious to remote applications, which fail, and to the ops team, which have to fix it. It also adds cost to the system. Does it happen often? No, almost never, but having the ops team and hardware ready for it is the cost
  • #15 VMWare monitioring is &quot;canary based&quot; -when the bird stops singing, the service is in trouble.To implement this we have a new service running in the VM that monitors service health, and stops singing when it decides the service is down.If the service, the OS or the monitor fails, VSphere reacts by restarting the VM. If the host server fails, all VMs on it get restarted elsewhereOne troublespot: hung processes. Socket blocks. Something needs to detect that and make a decision as to when this is a service hang vs a long GC. There is no way pre-Java7 to know this, so it&apos;s just down to timeouts.
  • #20 One question is &quot;how long does this take&quot;For clusters of under a few hundred machines, with not that much of an edit log to replay, failure detection dominates the time. vSphere is the slowest there as it has to notice that the monitor has stopped sending heartbeats (~60s), then boot the OS (~60s) before bringing up the NN. This is why it&apos;s better for smaller clusters.LinuxHA fails over faster; if set to poll every 10-15 s then failover begins within 20s of the outage.
  • #29 The risk here isn&apos;t just the failover, it&apos;s all the other changes that went into HDFS 2; the bug reporting numbers for HDFS 2 are way down on the previous releases, which means that it was either much better, or hasn&apos;t been tested enough.the big issue here is that the data in your HDFS cluster may be one of the most valuable assets of an organization, you can&apos;t afford to lose it. It&apos;s why it&apos;s good to be cautious with any filesystem, be it linux or a layer above.
  • #33 This is the state machine used to monitor a service. All the time the state machine is not terminated heartbeats are being sent to vSphere every 10s.Underneath that we have a model of a service blocking for (remote) services before even starting, booting -which waits for all probes to go live in a bounded time, and fails fast if any live probe revertslive - everything must respond, timeouts of a probe are picked up too.halted -a graceful unhook from vSphere, so that heartbeat stopping isn&apos;t picked up