Directing a cloud database service in the container
This article mainly around we use Docker container technology and database UDB product process, combined with the application of sharing UCloud how to use the Docker container technology to quickly build a high availability, high scalability mongo database services, to provide cloud database service, we are in the process of the practice and experience and lessons learned.
As an important part of cloud computing services, cloud database provides flexibility of structured, semi-structured, and unstructured data storage service.The user can according to their own business conditions, on-demand purchase, a key deployment, on-demand extension.In other words, the user can directly save the middle a series of resource allocation, configuration optimization of tedious work, such hosted operational mode, brought a great experience for the user.
However, cloud database service have high request for availability and performance, this is what the user is most concerned about the topic.UCloud cloud Database service provided by the UDB (UCloud Database), fully compatible with MySQL and mongo agreement, including in the construction of a high availability, high scalability mongo cloud Database service process, adopted the Docker container technique.This article introduces Docker container technology application in directing a cloud database service practice.
Mongo database of cloud services
Mongo is no very good document-oriented non-relational database, applicable scenario is very wide, can be a business class, logging, monitoring, metadata, file storage, such as the scene, the characteristics of the common data growth is fast, Schema and varied.When a single table of data of TB level, relational database management system (RDBMS) may puff.In addition, the single point pressure and single point of failure is common problem, and the cost control and management operations.
In the face of these problems, directing a cloud database service provides a good solution.Mongo can not only by the level of subdivision (sharding) to solve the problem of single point load limit, you can copy set up (set) solve the separation problem such as high availability and literacy.In addition, combining with the cloud platform advantages, make full use of physical resources, reduce the cost of cluster deployment, also with the aid of a cloud platform, to achieve the purpose of easy to deploy, easy to management.Has high availability and high scalability of directing a typical distributed architecture of cloud database includes the following three components:
Each shard is a set of copy, cluster can have up to 1 a shard shardsvr, provide data storage services, a part of the whole cluster data storage.Replica set according to the character, can be divided into primary, secondary, arbiter, master node, and arbitration from node respectively.The master node devices, from the node is read-only, the arbitration nodes to participate in the auto - failover election ballot.Usually a set of copy is a main structure from an arbitration, from node can also be more, suggestion is to maintain a copy of the total number of nodes is odd.Master node once appear inaccessible, new master node, the remaining nodes automatically election to realize auto - failover.Can scale to the current new shard cluster number, each shard equilibrium data automatically, realize scale.
Cluster can have 1 or 3 configsvr configuration server, mainly provide cluster metadata storage service, record the cluster data distribution.
Mongos is the entrance of the cluster, and provide the query routing distribution and aggregation services as a result, the cluster can have one or more routing mongos server.
Graph: the UDB platform mongo cluster architecture diagram
Why use Docker
From our perspective, cloud database service need to overcome the problem of many sided, because cloud means with multi-tenant environment, should be set for the coordination of physical resources, resources quotas;Will tell from the cost control, we want to be able to make full use of physical resources, reach the purpose of cost reduction;Since each behavior is unpredictable, the DB instance multi-tenant isolation environment must be strictly controls the resources, avoid competition for resources, which requires higher multi-tenant environment control and security;Transparent cloud database service, any possible physical fault may occur at any time, it's extremely important to operations and portable.
In the face of the above problems, a virtual machine VM may be an option, but for cloud database application, there is a big limitation.So, container technology would be a better choice, such as Docker.
1. Compared with the virtual machine, Docker is a lightweight virtualization technology, lightweight means less resource-intensive, low loss, start quickly, the runtime environment is very beneficial to build fast delivery.
2. Represented by Docker container technology, makes the architecture to the design of the micro service mode, the basic idea is to service unitized and standardization, attention to service the most basic functions of each atom.
Directing a cluster is a typical distributed system, can use container packaging clean runtime environment, the container to encapsulate service units, namely the DB instance of each type of container, maintain communication between restructuring into a complete cluster, provide complete data services.So, combined the technology of container build directing a cluster is a kind of very good method to practice.
From multiple perspective, the Docker for directing a cloud services are complementary, are feature enhancements in many ways.
Deployment and operational
In UDB console to create a mongo instance, choose the DB, choose physical memory and disk configuration, passed by the console API calls backend API - gateway, after registration, orders, resources allocation (including IP, memory, and disk), instantiation process, such as start a load in the resource pool DB instance of the container.Trying to expose the DB instance IP and port to provide access to, and this is the only way to access the DB.
Graph: the distribution of cluster instance rendering
Create, through the most simple combination of two step, a complete cluster is presented.Backend press availability to avoid copy sets of nodes deployed in the same host machine, each Docker Engine can run on multiple containers (up).
Graph: the cluster deployment diagram
We in large-scale deployment Docker in the process of the production environment, and summarizes some experience and share the following:
(1) production base image, the requirement is clean, safe, it is recommended to use website base image;
(2) use Dockerfile or other tools, pay attention to install the necessary tool chain;
(3) the proposal is reasonable for the Image version iteration, gradually improve tool chain, to the problem of operations can bring great convenience.
2. The operating system
(1) pay attention to the kernel version and Docker version adaptation;
(2) pay attention to use the Cgroup default mount;
(3) improve the maximum number of files to limit, in order to avoid the DB limited number of connections.
3. The data persistence
(1) data volume mount;
(2) set reasonable read/write permissions for the data volume.
4. The network Settings
(1) the custom bridge, limiting docker0;
(2) Intranet Suggestions according to multi-tenant isolation;
(3) do not make the DB port mapping;
(4) according to the need to configure DNS.
5. Security enhancement
(1) to start the SELinux/GRSEC security mechanism;
(2) the ability to enable mechanism, control some super authority.
6. Docker Daemon protection
(1) prohibit hosting the root directory of the map;
(2) prohibit abuse of root permissions.
Among them, network Settings, security to strengthen and Docker Daemon at 3 o 'clock is primarily for security, security is very notable.Container in the virtual network level has a multi-tenant network isolation, across user is inaccessible.In addition, do not provide a way to access the container, users can only access the DB.Because the DB instance is strictly limited in container, and the data finally landing in external devices, you can think such containers it is light, with IP + memory cache, it is easy to realize for the DB instance online expansion, shrinkage, or in the case of certain physical fault early warning, early online migration.
In addition, in terms of guaranteed service reliability, it is quite necessary for the various monitoring, alarm, Suggestions from the host machine alive, network connectivity, Docker Daemon, survival and DB instance container survive, network connectivity four levels.Once appear problem, can use the diagnosis to the log analysis, such as host machine (/ var/log/messages), Docker (/ var/log/Docker), business logic and DB system log log.