English is not my first language, so the whole story may have some mistakes… corrections and fixes will be greatly appreciated.
Welcome to the first episode of a serie of tutorials about how we built the new version of YouCode. Each member of the team will present his work, his tech choices, to give you an inside look of how a bunch of students step into the developer world ;) First article will be about the infrastructure, and why we decided to go full containers.
Containers are really hype. Everyone talks about containers, how it's great, and how it'll able developers to scale their apps. Don't get me wrong, containers are really cool, but not magical. many people see containers like lightweight Virtual Machines. it's far more powerful than that! Best way to see a container is to see them as Unix processes.
What you really need is:
- application + dependencies
- Runtime environment
The first one represent the image of the container, and the second one things like cgroups, namespaces, env vars,etc... Do you really need sudo, ls, cd and everything packaged for an OS inside containers? The answer is no. It's in fact counterproductive!
For example: golang official image for running golang app in Docker is pretty heavy: around 700Mb
Why? Here's the answer: because it's based on a full OS! A bit to much to deploy a single 10Mb binary app, especially when you want to deploy ten or more microservices. Furthermore, many official docker images are actually vulnerable to CVE like heartbleed, Ghost, and so on(More info about containers security here). When you begin to ship such small containers, you begin to see Docker not as a lightweight VirtualBox, but as a Operating System builder. For those who speaks french, here's a grat talk about Use Docker as the Operation System Builder by Quentin Adam.
With that vision, we can now see Docker as a way to build and ship tiny apps, that we could call microservices to be even more hype. Microservices are a way to architecture your app. The same way you decompose your app into functions and classes, you'll create tiny apps that do one thing, and do it well (Hello UNIX philosophy!). They'll usually communicate with REST or RPC features. For more information about microservices, here's a good introduction, and another one.
Let's talk about operating systems. We need a operating sytem that:
- Is up-to-date
- Designed to run Docker
- nothing more
Meet CoreOS!
CoreOS is designed to give you compute capacity that is dynamically scaled and managed, similar to how infrastructure might be managed at large web companies like Google.
CoreOs comes with 2 awesomes features:
- Fleet
- etcd
Fleet is like systemd but in a distributed way. You can write services which will start containers on your cluster with some rules like "do not run on this machine because there's service X". Go there to have a glimpse of the power of fleet.
Etcd is like Zookeeper, Consul, or other highly-available key value store. It'll be used to declare services endpoints to avoid writing IP in config files.
A great overview of CoreOS is available over here.
We will now deploy 3 instances of our cluster on OVH. Deployment is quite easy, you just need to follow this steps:
- Gain access to Horizon interface by following this tutorial. Horizon is the official interface for OpenStack.
- Download CoreOS image here, upload it on section Images (container-format is bare and disk-format is isqcow2).
- During upload, add your SSH key in Security, and change default security to authorize port communication for port 2379, 2380 and 4001.
- Go into Instances, clic on "Launch instance" and in Post-creation, add this cloud-config file (don't forget to change etcd discovery token).
A few minutes later, you'll have your instances running. To check, you can try to see your whole cluster with fleet client. You can install it with something like yaourt or brew. Add FLEETCTL_TUNNEL=one.of.the.ip in your .zshrc/.bashrc and run:
$ fleetctl list-machines
MACHINE IP METADATA
157920f7... 149.202.171.189 -
c749f643... 149.202.171.19 -
d8a5ff7f... 149.202.171.190 -
If you see all your machines, congrats! You just deployed your first cluster ;-)
So now we have our cluster, let's deploy some apps. CoreOS doesn't provide software like apt, pacman or brew, only Docker! So let's deploy our first container: traefik.
Træfɪk is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease. It supports several backends (Docker, Mesos/Marathon, Consul, Etcd, Zookeeper, BoltDB, Rest API, file…) to manage its configuration automatically and dynamically.
This awesome reverse-proxy will automaticly generate the configuration file from source like etcd and Docker. Perfect for us, because we need to automatize everything! Did I mention that there's a Tiny docker image included?
Let's start writing our first service for fleet! // Todo
This is what we are going to deploy:
+------------+--------------+
|
v
+-----+-------+
| |
| Node 1 |
|Loadbalancer |
| |
| |
+------+------+
|
+-------+-------------v-------------+------+
| |
+--------v----------+ +-----------v-------+
| | | |
| Node 2 with | | Node 3 with |
| an instance of | | an instance of |
| our website | | our website |
| | | |
| | | |
| | | |
+-------------------+ +-------------------+
// Todo
Now, we have our proper infrastructure, fully automized, ready to receive our microservices! Stay tuned for another blog post!
Pierre Zemb is a developer studying in a french engineer school called ISEN Brest. He's also working at OVH as a part-time internship/alternance this year. He has strong interests in golang, infrastructure, APIs, microservices, containers, and other backend stuffs... You can find him on his website or Twitter.