Tips for monitoring Rancher Server

Josh Reichardt Leave a comment

Last week I encountered an interesting bug in Rancher that managed to cause some major problems across my Rancher infrastructure.  Basically, the bug was causing of the Rancher agent clients to continuously bounce between disconnected/reconnected/finished and reconnecting states, which only manifested itself either after a 12 hour period or by deactivating/activating agents (for example adding a new host to an environment).  The only way to temporarily fix the issue was to restart the rancher-server container.

With some help, we were eventually able to resolve the issue.  I picked up a few nice lessons along the way and also became intimately acquainted with some of the inner workings of Rancher.  Through this experience I learned some tips on how to effectively monitor the Rancher server environment that I would otherwise not have been exposed to, which I would like to share with others today.

All said and done, I view this experience as a positive one.  Hitting the bug has not only helped mitigate this specific issue for other users in the future but also taught me a lot about the inner workings of Rancher.  If you’re interested in the full story you can read about all of the details about the incident, including steps to reliably reproduce and how the issue was ultimately resolved here.  It was a bug specific to Rancher v1.5.1-3, so upgrading to 1.5.4 should fix this issue if you come across it.

Before diving into the specifics for this post, I just want to give a shout out to the Rancher community, including @cjellik, @ibuildthecloud, @ecliptok and @shakefu.  The Rancher developers, team and community members were extremely friendly and helpful in addressing and fixing the issue.  Between all the late night messages in the Rancher slack, many many logs, countless hours debugging and troubleshooting I just wanted to say thank you to everyone for the help.  The small things go a long way, and it just shows how great the growing Rancher community is.

Effective monitoring

I use Sysdig as the main source of container and infrastructure monitoring.  To accomplish the metric collection, I run the Sysdig agent as a systemd service when a server starts up so when a server dies and goes away or a new one is added, Sysdig is automatically started up and begins dumping that metric data into the Sysdig Cloud for consumption through the web interface.

I have used this data to create custom dashboards which gives me a good overview about what is happening in the Rancher server environment (and others) at any given time.

sysdig dashboard

The other important thing I discovered through this process, was the role that the Rancher database plays.  For the Rancher HA setup, I am using an externally hosted RDS instance for the Rancher database and was able to fine found some interesting correlations as part of troubleshooting thanks to the metrics in Sysdig.  For example, if the database gets stressed it can cause other unintended side effects, so I set up some additional monitors and alerts for the database.

Luckily Sysdig makes the collection of these additional AWS metrics seamless.  Basically, Sysdig offers an AWS integration which pull in CloudWatch metrics and allows you to add them to dashboards and alert on them from Sysdig, which has been very nice so far.

Below are some useful metrics in helping diagnose and troubleshoot various Rancher server issues.

  • Memory usage % (server)
  • CPU % (server)
  • Heap used over time (server)
  • Number of network connections (server)
  • Network bytes by application (server)
  • Freeable memory over time (RDS)
  • Network traffic over time (RDS)

As you can see, there are quite a few things you can measure with metrics alone.  Often though, this isn’t enough to get the entire picture of what is happening in an environment.

Logs

It is also important to have access to (useful) logs in the infrastructure in order to gain insight into WHY metrics are showing up the way they do and also to help correlate log messages and errors to what exactly is going on in an environment when problems occur.  Docker has had the ability for a while now to use log drivers to customize logging, which has been helpful to us.  In the beginning, I would just SSH into the server and tail the logs with the “docker logs” command but we quickly found that to be cumbersome to do manually.

One alternative to tailing the logs manually is to configure the Docker daemon to automatically send logs to a centralized log collection system.  I use Logstash in my infrastructure with the “gelf” log driver as part of the bootstrap command that runs to start the Rancher server container, but there are other logging systems if Logstash isn’t the right fit.  Here is what the relevant configuration looks like.

...
--log-driver=gelf \
--log-opt gelf-address=udp://<logstash-server>:12201 \
--log-opt tag=rancher-server \
...

Just specify the public address of the Logstash log collector and optionally add tags.  The extra tags make filtering the logs much easier, so I definitely recommend adding at least one.

Here are a few of the Logstash filters for parsing the Rancher logs.  Be aware though, it is currently not possible to log full Java stack traces in Logstash using the gelf input.

if [tag] == "rancher-server" {
    mutate { remove_field => "command" }
    grok {
      match => [ "host", "ip-(?<ipaddr>\d{1,3}-\d{1,3}-\d{1,3}-\d{1,3})" ]
    }

    # Various filters for Rancher server log messages
    grok {
     match => [ "message", "time=\"%{TIMESTAMP_ISO8601}\" level=%{LOGLEVEL:debug_level} msg=\"%{GREEDYDATA:message_body}\"" ]
     match => [ "message", "%{TIMESTAMP_ISO8601} %{WORD:debug_level} (?<context>\[.*\]) %{GREEDYDATA:message_body}" ]
     match => [ "message", "%{DATESTAMP} http: %{WORD:http_type} %{WORD:debug_level}: %{GREEDYDATA:message_body}" ]
   }
 }

There are some issues open for addressing this, but it doesn’t seem like there is much movement on the topic, so if you see a lot of individual messages from stack traces that is the reason.

One option to mitigate the problem of stack traces would be to run a local log collection agent (in a container of course) on the rancher server host, like Filebeat or Fluentd that has the ability to clean up the logs before sending it to something like Logstash, ElasticSearch or some other centralized logging.  This approach has the added benefit of adding encryption to the logs, which GELF does not have (currently).

If you don’t have a centralized logging solution or just don’t care about rancher-server logs shipping to it – the easiest option is to tail the logs locally as I mentioned previously, using the json-file log format.  The only additional configuration I would recommend to the json-file format is to turn on log rotation which can be accomplished with the following configuration.

...
 --log-driver=json-file \
 --log-opt max-size=100mb \
 --log-opt max-file=2 \
...

Adding these logging options will ensure that the container logs for rancher-server will never full up the disk on the server.

Bonus: Debug logs

Additional debug logs can be found inside of each rancher-server container.  Since these debug logs are typically not needed in day to day operations, they are sort of an easter egg, tucked away.  To access these debug logs, they are located in /var/lib/cattle/logs/ inside of the rancher-server container.  The easiest way to analyze the logs is to get them off the server and onto a local machine.

Below is a sample of how to do this.

docker exec -it <rancher-server> bash
cd /var/lib/cattle/logs
cp cattle-debug.log /tmp

Then from the host that the container is sitting on you can docker cp the logs out of the container and onto the working directory of the host.

docker cp <rancher-server>:/tmp/cattle-debug.log .

From here you can either analyze the logs in a text editor available on the server, or you can copy the logs over to a local machine.  In the example below, the server uses ssh keys for authentication and I chose to copy the logs from the server into my local /tmp directory.

 scp -i ~/.ssh/<rancher-server-pem> user@rancher-server:/tmp/cattle-debug.log /tmp/cattle-debug.log

With a local copy of the logs you can either examine the logs using your favorite text editor or you can upload them elsewhere for examination.

Conclusion

With all of our Rancher server metrics dumping into Sysdig Cloud along with our logs dumping into Logstash it has made it easier for multiple people to quickly view and analyze what was going on with the Rancher servers.  In HA Rancher environments with more than one rancher-server running, it also makes filtering logs based on the server or IP much easier.  Since we use 2 hosts in our HA setup we can now easily filter the logs for only the server that is acting as the master.

As these container based grow up, they also become much more complicated to troubleshoot.  With better logging and monitoring systems in place it is much easier to tell what is going on at a glance and with the addition of the monitoring solution we can be much more proactive about finding issues earlier and mitigating potential problems much faster.

Read More

Maximize Your Winning Potential at Mystake Casino: Login and Explore Exclusive Bonuses

Jake Alheid

Bienvenue dans le monde fascinant des jeux en ligne avec Mystake Casino, où l’excitation rencontre d’incroyables opportunités de gains. Que vous soyez nouveau dans l’univers des jeux de hasard ou un joueur expérimenté cherchant une meilleure expérience, Mystake offre une plateforme enrichissante pour maximiser votre plaisir et vos gains.

Mystake Casino Image

Bienvenue à Mystake Casino

Le casino en ligne Mystake est connu pour sa diversité impressionnante de jeux, allant des machines à sous passionnantes aux jeux de table classiques. Avec une interface utilisateur intuitive, le processus de mystake login est simple et sécuritaire, vous permettant d’accéder facilement à votre monde de jeu préféré.

Des Jeux Pour Tous Les Goûts

Chez Mystake, les options sont nombreuses et adaptables à tous les goûts. L’établissement propose une vaste gamme de jeux, notamment :

  • Machines à sous : Plongez dans une mer de thèmes uniques et de fonctionnalités captivantes.
  • Jeux de table : Testez vos compétences à la roulette, au blackjack, et au poker.
  • Jeux en direct : Expérimentez l’excitation des jeux de casino en direct depuis votre domicile.

Profitez des Offres de Bonus

Pour rendre votre expérience encore plus captivante, Mystake offre une gamme étendue de bonus mystake. Les nouveaux joueurs sont accueillis avec des bonus de bienvenue généreux, tandis que les joueurs réguliers peuvent bénéficier de promotions régulières et de programmes de fidélité.

L’un des points forts de Mystake est son souci de fournir un excellent service client et des opérations équitables. Pour plus de détails sur les offres actuelles, consultez le Bonus mystake.

Connexion et Accès Faciles

Le processus mystake login est conçu pour être rapide et facile, vous permettant de sauter directement dans le jeu sans tracas. Le support client est disponible pour vous guider à travers toute question ou difficulté que vous pourriez rencontrer lors de votre inscription ou connexion.

La Sécurité et la Fiabilité en Première Ligne

Mystake Casino s’engage à offrir une expérience de jeu sûre et fiable en utilisant des technologies de pointe pour garantir la sécurité de vos données personnelles et de vos transactions financières. Leur licence officielle est une garantie que vous jouez sur une plateforme honnête et sécurisée.

Dans une industrie aussi compétitive, Mystake continue de se démarquer grâce à son engagement envers l’innovation et un service exceptionnel. Ready to experience the height of online gaming excitement? Dive into Mystake Casino today!

Avec toutes ces fonctionnalités, Mystake Casino s’assure que chaque joueur trouve son bonheur en lui offrant une expérience enrichissante et sécurisée. Que vous soyez à la recherche de gains massifs ou simplement désireux de vivre des émotions fortes, Mystake est votre choix idéal pour le casino en ligne mystake.

Read More

Docker for Mac file system performance summary

Josh Reichardt Leave a comment

One of the more controversial topics right now in the Docker community is the issue surrounding file system performance in the Docker for Mac application.

For a very long time users have been forced to use workarounds to speed up performance when dealing with slow read and write times.  For example, this thread has been open on the Docker forums for over a year now, describing the problem and various workarounds users have found during that time.  There have been blog posts describing various optimizations, as well as scripts and tools to alleviate some of the frustration around slow file system performance on Docker for Mac.

There is a great explanation from the Docker team that lays out the details of the file system performance issues and what the crux of the problem is right now.

At the highest level, there are two dimensions to file system performance: throughput (read/write IO) and latency (roundtrip time). In a traditional file system on a modern SSD, applications can generally expect throughput of a few GB/s. With large sequential IO operations, osxfs can achieve throughput of around 250 MB/s which, while not native speed, will not be the bottleneck for most applications which perform acceptably on HDDs.

The article later goes on to highlight the plan to improve performance along with a number of specific items for accomplishing this.

Under development, we have:

  1. A Linux kernel patch to reduce data path latency by 2/7 copies and 2/5 context switches
  2. Increased OS X integration to reduce the latency between the hypervisor and the file system server
  3. A server-side directory read cache to speed up traversal of large directories
  4. User-facing file system tracing capabilities so that you can send us recordings of slow workloads for analysis
  5. A growing performance test suite of real world use cases (more on this below in What you can do)
  6. Experimental support for using Linux’s inode, writeback, and page caches
  7. End-user controls to configure the coherence of subsets of cross-OS bind mounts without exposing all of the underlying complexity

Additionally, with the latest release of the Docker for Mac 17.04-ce-mac7 (April 6 2017) client, a new :cached flag has been introduced for volume mounts to help with read times for lots of files.  There is also work going on to introduce another :delegated flag to help speed up write times.

Initial user testing of the :cached flag has been good, and shown up to a 4x improvement in some cases.  You can follow this issue on Github to get the most up to date information.  There is some really good detail and discussion going on over there (towards the bottom of the issue is where the new flags are discussed).

Overall I think Docker has done a great job of keeping users informed and updated on the various aspects of the problem and has been steadily making progress in addressing the situation.  The container ecosystem is still very young so there will be growing pains along the way and I think the way that Docker has been handling things has been more than reasonable as they have consistently been making progress on addressing the issue and have been transparent in recent months about what’s going on and how they’re working on the problem.

Read More

Entdecken Sie die spannende Welt von Nine Casino auf Nine Casino ch und NineCasino

Jake Alheid

Willkommen bei Nine Casino! Wenn Sie nach einem aufregenden Online-Casino Erlebnis suchen, dann sind Sie bei Nine Casino ch genau richtig. In diesem Artikel erfahren Sie alles, was Sie über NineCasino wissen müssen, und warum es eine der besten Optionen für Casino-Enthusiasten in der Schweiz ist.

Spieleangebot bei Nine Casino

Das Spieleangebot bei Nine Casino ist beeindruckend. Mit Hunderten von Spielen, darunter Slots, Tischspiele und Live-Casino-Optionen, gibt es für jeden etwas zu entdecken. Die Partnerschaft mit führenden Softwareanbietern garantiert, dass die Spiele von höchster Qualität sind.

Beliebte Spielautomaten

Die Auswahl an Spielautomaten bei NineCasino ist riesig. Sie bietet sowohl klassische Slots als auch die neuesten Video-Slots. Beliebte Titel wie “Book of Ra”, “Mega Moolah” und “Starburst” sind nur einige der Optionen, die auf der Plattform verfügbar sind.

Tischspiele und Live-Casino

Nicht nur Slotliebhaber kommen auf ihre Kosten, auch Fans von Tischspielen finden bei Nine Casino eine Vielzahl spannender Optionen. Von klassischem Blackjack über Roulette bis hin zu Baccarat bietet das Casino eine Vielzahl von Spielen. Das Live-Casino bringt das Spielvergnügen auf ein neues Level, indem es Ihnen erlaubt, gegen echte Dealer zu spielen.

Sicherheit und Fairness bei NineCasino

Nine Casino legt großen Wert auf Sicherheit und Fairness. Die Plattform verwendet modernste Verschlüsselungstechnologie, um sicherzustellen, dass Ihre persönlichen Daten und finanziellen Transaktionen stets sicher sind. Zudem wird jedes Spiel von unabhängigen Dritten auf Fairness geprüft, um sicherzustellen, dass jeder Spieler eine faire Chance auf einen Gewinn hat.

Attraktive Boni und Promotionen

Neue Spieler werden mit großzügigen Willkommensboni belohnt, die den Einstieg bei NineCasino besonders lohnenswert machen. Darüber hinaus gibt es regelmäßige Promotionen und Treueprogramme für bestehende Spieler, die zusätzliche Anreize bieten, immer wieder zurückzukehren und zu spielen.

Kundenservice bei Nine Casino

Der Kundenservice bei Nine Casino ist rund um die Uhr erreichbar, um Ihnen bei Fragen oder Problemen zur Seite zu stehen. Egal, ob Sie Fragen zu Spielen, Einzahlungen oder Kontoeinstellungen haben, das kompetente Team hilft Ihnen gerne weiter.

Fazit: NineCasino auf Nine Casino ch bietet ein unvergleichliches Spielerlebnis und ist für jeden Casino-Fan in der Schweiz eine Top-Adresse. Tauchen Sie ein in die spannende Welt von Nine Casino und entdecken Sie selbst die Vielfalt und Qualität, die diese Plattform zu bieten hat.

Read More

Entdecken Sie Verde Casino: Bonusangebote und Login-Informationen bei Verdecasino

Jake Alheid

Willkommen bei Verde Casino, einer der aufregendsten Online-Spielplattformen für Spieler weltweit. Mit einer Vielzahl an Spielen und attraktiven Bonusangeboten hat sich Verde Casino einen Namen gemacht. In diesem Artikel erfahren Sie alles über den Verde Casino Bonus und wie Sie den Verde Casino Login nutzen können, um das Beste aus Ihrem Spielerlebnis herauszuholen.

Attraktive Bonusangebote bei Verde Casino

Ein wesentlicher Aspekt, der Spieler zu Verdecasino zieht, sind die großzügigen Bonusangebote. Neukunden können sich auf einen lukrativen Willkommensbonus freuen, der sowohl Einzahlungsboni als auch Freispiele umfasst. Um diese Vorteile zu nutzen, ist es wichtig, sich auf der offiziellen Website anzumelden und die Details der Promotionen zu prüfen.

Einfache Anmeldung und Login-Prozess

Der Anmelde- und Login-Prozess bei Verde Casino ist benutzerfreundlich gestaltet, um den Spielern einen schnellen und reibungslosen Zugang zu ermöglichen. Nachdem Sie sich registriert haben, können Sie bequem mit Ihrem Benutzernamen und Passwort auf Ihr Konto zugreifen. Der Verde Casino Login bietet direkten Zugang zu einer riesigen Auswahl an Spielen, die Sie nach Herzenslust erkunden können.

Warum Verde Casino wählen?

  • Vielfältige Spielauswahl
  • Attraktive Bonusangebote für neue und bestehende Spieler
  • Sichere und vertrauenswürdige Plattform
  • Einfache Navigation und benutzerfreundliches Design

Ein modernes Casino-Erlebnis wäre nicht komplett ohne visuelle und interaktive Medien. Werfen Sie einen Blick auf das folgende Bild, das die Vielfalt von Verde Casino darstellt:

Verde Casino Image

Des Weiteren bietet das folgende Video einen dynamischen Einblick in das Spielerlebnis:

Entdecken Sie die spannende Welt von Verde Casino und profitieren Sie von einmaligen Bonusaktionen und einem erstklassigen Spielerlebnis.

Read More