I think ... - open-source

HA(High-Availability) Setup for InfluxDB

2018-01-18T00:00:00+06:00

NOTE Since I have written this article, all the components used in this below architecture have gone through many updates and releases. While the general premise involving influxdb-relay and the multiplexing might still hold, please sync up with the latest release docs before jumping into some serious system design.

Currently, from version 0.9, you cannot create an InfluxDB cluster from the open-sourced free edition. Only commercially available InfluxDB Enterprise can do that for now. That stirred up the early-adopter enthusiast users, especially for their usage in professional setups. They complained that InfluxData, the company behind InfluxDB, is trying to milk the OSS solution for profit.

I can’t blame the InfluxData guys much, as they got to pay their bills too. So far, we — the users of open-source systems — couldn’t show much promise about the financial realities of the projects. Continuing development of OSS products, by only depending on donations, patrons, or enterprise sponsorship, is far too rare and unpredictable, even for the projects that many successful organizations heavily rely on.

Anyways, InfluxDB then promised and later introduced Influx Relay as a complimentary consolation for missing HA parts of InfluxDB. You can get the details here and here about that.

Premise¶

For my needs, I have to try to create a reliable HA(High-Availability) setup from available free options, hence InfluxDB and the relay. It’s quite a bit far from an InfluxDB-cluster in terms of robustness or ease of setup, but it’s got the job done, at least for me.

I needed a setup to receive system-stats from at least 500+ instances and to store them for a while, but without breaking the bank in bills from AWS. Meaning, I could ask for and could use only couple of instances for my solution.

Here were my trade-offs.

Not too many instances for this purpose. Neither, any of the heavyweight lifters e.g. AWS’ m3-xlarge etc. To use only what’s necessary.
To satisfy the budget, hence avoiding pay-per-use solutions as far as it is possible.
Solutions must not be crazy complex, so that handover to the DevOps team be smooth.
Reading the data would be too rarely w.r.t. writing. The related Grafana dashboards will be only used to investigate issues by a handful of people.

Overall Design¶

Write¶

From a birds’ eye view, I decided to use two server instances to run parallelly, hosting InfluxDB on them independently and then sending the same data over to them for storing. This scheme mostly looks like RAID-1 systems.

That brings up a couple of challenges.

None of the agents I used on the sender side could multiplex output. That means, they were able to send data to a single destination, not multiple. On the Windows front, I’ve used Telegraf which is able randomly to switch between pre-listed destinations, but NOT multiple at-once.
In the case of Linux hosts, I used Netdata which is excellent in its own right, but unable to send stats to multiple destinations.
Here comes Influx-relay. It can receive time-series data-stream from hosts on a TCP or UDP port, buffer for a while, and then re-send those received and buffered data to multiple receive ends which can either be an InfluxDB instance or another listening Influx-relay instances.
This chaining can broaden the relaying scheme even further. However, for my purpose, this relay-chaining was not necessary. Rather, from the relay, I am sending data to the separate InfluxDB instances, running on two separate instances.
Now that I partially multiplexed the output, my hosts (senders) still are able to send to one destination. So, I need a proxy as well as a load-balancer. For a while, I was torn between NGINX and HAProxy. Both were new to me.

However, for a couple of reasons, I went for HAProxy. Firstly, I don’t need HTTP session management. Secondly, as I wanted to keep my UDP for later, HAProxy was perfectly capable of that.
NGINX has the support recently, but the maturity was a concern. Also, configuring NGINX seems a little intimidating (which I know might not be so true). Last but not least, and for what it’s worth, out-of-the-box, HAProxy’s stat page carries much more in-depth information than that of free-version of NGINX.
Upon receiving the stats stream, HAProxy was supposed to send that to different Influx-relays in a load-balanced fashion.

So, here’s my rough plan.

collector-agent → HAProxy → (50/50 load-balanced) → Influx-relay → (multiplexed) → 2 InfluxDB instances

Now, each one of the received data is to go to both of the InfluxDB instances, or at least to one in case of failure (or, overload per se) of any the relays or Influx instances. Also, I have chosen to keep Influx-relays deployed as Dockerized and kept HAProxy and InfluxDB instances running as native services. Of course, you can Dockerize HAProxy and InfluxDB, too.

Read¶

As I’ve already noted in the section that reading the data, meaning to fetch data to visualize on Grafana end, will happen rarely and sporadically; only to investigate alarms or any other client-side performance issues.

So, the read requests, reaching the HAProxy end, needed not much routing, other than directly to InfluxDB itself. Still, to better distribute the load I decided to load-balance it 50/50 basis.

Ports¶

As all the READ requests are routed through HAProxy running on each of the instances, to the external world only HAProxy’s port should be opened for this purpose.
On the other hand, for WRITE requests, InfluxDBs are receiving data from relays, one of its own instance and another one on other instance, so InfluxDB should listen on its own port for WRITE requests only. But, this must be accessible only from own VPS zone, but not open to the outside world.
In case of HAProxy as well as InfluxDB, you can use the default ports, obviously, which is 8086 & 8088 respectively. Or, you can choose to go for other ports (security through obfuscation). Your call. In this writing, I’ll go with the defaults.

Authentication, SSL¶

You can configure SSL with your own server certificates through the HAProxy configs. You can even go for SSL from the relays to InfluxDB writes. If your sender hosts are connecting to your HAProxy through public internet, you should at least go for password-based authentication, better to utilize SSL. However, for brevity’s sake, I’ll skip them in this post.

**Note: * Please bear in mind, this is an “in-progress” post; prematurely published to force me to work on it. I have the plan to add all the necessary configurations & commands, that I used, here.

Open Source as-if You Gonna Die Tonight

2015-12-22T00:00:00+06:00

[ To keep the spirit of this post honest, I am going to publish this blog, immidiately. No draft-ing. This post will be, I hope, under continuous improvement.
This post is available for edit on GitHub, currently in its version 0.0.6 ]

Yes, I mean it. Literally.

I see too many post/comments/blogs, in different meeting-places for techies e.g. hackernews, reddit, etc., which say the same thing:

“I am working on something which I will open-source/publish someday after taking it somewhere.”

See the ambiguous sense in the words?

Unless the code/script/blog you are working on is something sensitive which will make a mess published a “draft” form, you should not wait for “someday”. Or if you have thousands of subscribers to your blog ;)

Or if you decided that you will never publish it in public - that’s an entirely different story.

If it is something of your company’s code-base, commit it in your remote branch, so that your last 19 days of work isn’t just gone just because you are “gone”.

As human, we are far more fragile than we think.

I am not talking about publishing a physical book using a printing press. In that scenario, writers were supposed to write the perfect words, then type it using type-writer to avoid any handwriting-related gotchas. Then it went to the reviewer, then proofreader, then the typesetter makes a block character-by-character. Then comes printing on the paper. The writer had to be sure what he is writing about, ABSOLUTELY. Else, each of the 2000 copies of the first-edition would have the same mistakes.

I am also not talking about pushing the critical code in the production server. That stuff should go through rigorous coding practices, code-reviews, testing etc.

Aside from those cases, this is 2015 - How much does each git push origin gh-pages cost? How much each WordPress post update cost? Or, a single GitHub gist?

Publishing your stuff is free, no matter how many times you update it.

So, why do we think about the paradigm of the printing press when we think of “publishing”?

Frequently shared confusions (FSQ)¶

What if this, my thing, is just plain crap ?
A. Are you sure? You never know for sure. Throw it in the wild. If it is really crap, nobody will remember or hold you responsible for it. How many crappy DaVinci paintings you know? I guess, none. But the Mona Lisa didn’t just appear from thin air. Did it?
This is my toy(or pet) project.
A. Don’t be that selfish kid from the school who don’t let others touch it just because. If you are having fun building something why not let others join in the fun?
This is a one-off script on this ancient COBOL platform, no one is going to need it. Ever.
A. You never know. You are a human. You can’t imagine what people gonna need. Throw it in a gist, just include a suitable title. Add in some comments if you please. May be couple of years later, your script will save someone’s job, and he can still put food on the table. You never know.
If I publish this now some genius with free time will steal my idea and make it something grand without me.
A. Unless you are a big hot-shot with a ground-breaking idea, no one will even notice it. Most genius’ mind is already filled with their own to-do list. Even if they take your idea, let them. Move on. Don’t be a muddy pond, rather be like a river. Rivers don’t dry off due to peasants “stealing” some water.
I haven’t collected my thoughts enough to make this post a grand one yet.
A. Don’t think too high yourself. Let others do that for you.
No project is born grand, and no great man born great. Your contributions is what goes ahead. You the person? Not so much. Time passed along “Romeo & Juliet”, but Shakespeare is dead and gone.
I am special. My words/code should be special, perfect, coherent like a pearl-necklace. (yes, we all feel like that, we just don’t acknowledge it publicly.)
A. No, you are not. You are not a special unique snowflake. See the previous answer.
Who the ***k are you to tell me what to do?
A. It’s not about me, I am nobody. Just a open-source enthusiast who wants to see more and more open-source projects, scripts, blog-posts which haven’t gone to grave with their mortal creators. I’m just sharing my own thoughts about it. It is your code on your own personal-pc, after all.

Why should I open my source(post/thoughts/etc) tonight?¶

You can literally die tonight. Then all of your pet-projects are just gone. ‘Cause probably none in your family is in coding business or they aren’t sure about your intention.
Tomorrow morning, your mind will just drift-away.
What is a vivid idea tonight that could impact thousands of people’s lives, tomorrow morning will become a faded, will-do-it-someday idea. One month after tonight, you probably will probably be oblivious about your own idea, draft, script, code.
It’s a mind-trick to force ourselves to work on something to avoid public shame. We feel obliged to correct errata that is in public, but something hidden away in a private, hidden, local folder we don’t have to feel bad about.

To avoid embarrassment¶

Make sure your audience (or colleagues for that matter) know the content’s status. Put a “prelude” section mentioning the half-done condition. Better yet, use some version number.
Make your genereal idea clear. For code, point out what it is and what it is supposed to do. For a blog, present the basic idea at least, even if it is not with perfect grammer.

How infrastructure can improve¶

Open-source mainstream hosting platforms e.g. Github, Bitbucket, GitLab etc. could have a “Open the source” trigger-switch for individual projects where a software developer can enable the trigger with some condition like:

“Open the source” if I don’t login GitHub for 1 year (which means I am dead or I’ve gone crazy trying to remember GitHub)
“Open the source” on a pre-set date e.g. 2020-02-20

[dear reader, thanks a lot for reading up to here. I am sure there are many points missing on this post. Also, as English is not my first language, hence there must some misused words or phrase. But you get the idea. Please comment/criticise/point out the missing stuff. I will try to discuss, update, correct that.]

Contributors¶


Khaled Monsoor	initial author, maintainer
Wayne Werner	editor (v.0.0.3 → v.0.0.4)