CI AND CD AT SCALE

SCALING JENKINS WITH DOCKER

AND APACHE MESOS
Carlos Sanchez
csanchez.org / @csanchez
See online at http://carlossg.github.io/presentations
 ABOUT ME
Senior So ware Engineer @ CloudBees
Contributor to the Jenkins Mesos plugin and the Java
Marathon client
Author of Jenkins Kubernetes plugin
Long time OSS contributor at Apache, Eclipse, Puppet,…
OUR USE CASE

Scaling Jenkins
Your mileage may vary
SCALING JENKINS
Two options:
More build agents per master
More masters
 SCALING JENKINS: MORE BUILD
AGENTS
Pros
Multiple plugins to add more agents, even dynamically
Cons
The master is still a SPOF
Handling multiple configurations, plugin versions,...
There is a limit on how many build agents can be
attached
SCALING JENKINS: MORE MASTERS
Pros
Different sub-organizations can self service and operate
independently
Cons
Single Sign-On
Centralized configuration and operation
CLOUDBEES JENKINS ENTERPRISE EDITION
CloudBees Jenkins Operations Center
 CLOUDBEES JENKINS PLATFORM - PRIVATE
SAAS EDITION
The best of both worlds
CloudBees Jenkins Operations Center with multiple masters
Dynamic build agent creation in each master
ElasticSearch for Jenkins metrics and Logstash
BUT IT IS NOT TRIVIAL
ARCHITECTURE
Docker Docker Docker
 Isolated Jenkins masters
Isolated build agents and jobs
Memory and CPU limits
How would you design your infrastructure if
you couldn't login? Ever.

Kelsey Hightower
EMBRACE FAILURE!
CLUSTER SCHEDULING
Running in public cloud, private cloud, VMs or bare metal
Starting with AWS and OpenStack
HA and fault tolerant
With Docker support of course
MESOSPHERE MARATHON
TERRAFORM
 TERRAFORM
resource "aws_instance" "worker" {
count = 1
instance_type = "m3.large"
ami = "ami-xxxxxx"
key_name = "tiger-csanchez"
security_groups = ["sg-61bc8c18"]
subnet_id = "subnet-xxxxxx"
associate_public_ip_address = true
tags {
Name = "tiger-csanchez-worker-1"
"cloudbees:pse:cluster" = "tiger-csanchez"
"cloudbees:pse:type" = "worker"
}
root_block_device {
volume_size = 50
}
}
 TERRAFORM
State is managed
Runs are idempotent
terraform apply
Sometimes it is too automatic
Changing image id will restart all instances
Preinstall packages: Mesos, Marathon, Docker
Cached docker images
Other drivers: XFS, NFS,...
Enhanced networking driver (AWS)
 STORAGE
Handling distributed storage
Servers can start in any host of the cluster
And they can move when they are restarted
Jenkins masters need persistent storage, agents (typically)
don't
Supporting EBS (AWS) and external NFS
 SIDEKICK CONTAINER
A privileged container that manages mounting for other
containers
Can execute commands in the host and other containers
 SIDEKICK CONTAINER CASTLE
Running in Marathon in each host
"constraints": [
[
"hostname",
"UNIQUE"
]
]
A lot of magic happening with nsenter
both in host and other containers
Jenkins master container requests data on startup using
entrypoint
REST call to Castle
Castle checks authentication
Creates necessary storage in the backend
EBS volumes from snapshots
Directories in NFS backend
Mounts storage in requesting container
EBS is mounted to host, then bind mounted into
container
NFS is mounted directly in container
Listens to Docker event stream for killed containers
 CASTLE: BACKUPS AND CLEANUP
Periodically takes S3 snapshots from EBS volumes in AWS
Cleanups happening at different stages and periodically

EMBRACE FAILURE!
 PERMISSIONS
Containers should not run as root
Container user id != host user id
i.e. jenkinsuser in container is always 1000 but matches
ubuntuuser in host
 CAVEATS
Only a limited number of EBS volumes can be mounted
Docs say /dev/sd[f-p], but /dev/sd[q-z]seem to
work too
Sometimes the device gets corrupt and no more EBS
volumes can be mounted there
NFS users must be centralized and match in cluster and NFS
server
 MEMORY
Scheduler needs to account for container memory
requirements and host available memory
Prevent containers for using more memory than allowed
Memory constrains translate to Docker --memory
WHAT DO YOU THINK HAPPENS
WHEN?
Your container goes over memory quota?
WHAT ABOUT THE JVM?
WHAT ABOUT THE CHILD
PROCESSES?
 OTHER
CONSIDERATIONS
 ZOMBIE REAPING PROBLEM

Zombie processes are processes that have terminated but

have not (yet) been waited for by their parent processes.
The init process -- PID 1 -- task is to "adopt" orphaned child
processes
source
 THIS IS A PROBLEM IN DOCKER
Jenkins build agent run multiple processes
But Jenkins masters too, and they are long running
 TINI
Systemd or SysV init is too heavyweight for containers

All Tini does is spawn a single child (Tini is

meant to be run in a container), and wait
for it to exit all the while reaping zombies
and performing signal forwarding.

PROCESS REAPING
Docker 1.9 gave us trouble at scale, rolled back to 1.8
Lots of defunct processes
 NETWORKING
Jenkins masters open several ports
HTTP
JNLP Build agent
SSH server (Jenkins CLI type operations)
 NETWORKING: HTTP
We use a simple nginxreverse proxy for
Mesos
Marathon
ElasticSearch
CJOC
Jenkins masters
Gets destination host and port from Marathon
 NETWORKING: HTTP
Doing both
domain based routing master1.pse.example.com
path based routing pse.example.com/master1
because not everybody can touch the DNS or get a
wildcard SSL certificate
 NETWORKING: JNLP
Build agents started dynamically in Mesos cluster can
connect to masters internally
Build agents manually started outside cluster get host and
port destination from HTTP, then connect directly
 NETWORKING: SSH
SSH Gateway Service
Tunnel SSH requests to the correct host
Simple configuration needed in client
Host=*.ci.cloudbees.com
ProxyCommand=ssh -q -p 22 ssh.ci.cloudbees.com tunnel %h

allows to run
ssh master1.ci.cloudbees.com
 SCALING
New and interesting problems
Hitler uses Docker
A 300 JENKINS MASTERS CLUSTER
3 Mesos masters (m3.xlarge: 4 vCPU, 15GB, 2x40 SSD)
80 Mesos slaves (m3.xlarge)
7 Mesos slaves dedicated to ElasticSearch: (r3.2xlarge: 8
vCPU, 61GB, 1x160 SSD)
Total: 1.5TB 376 CPUs
Running 300 masters and ~3 concurrent jobs per master
Masters: 2GB 0.1 CPU / Build agents: 512MB 0.1 CPU
TERRAFORM AWS
Instances
Keypairs
Security Groups
S3 buckets
ELB
VPCs
 AWS
Resource limits: VPCs, S3 snapshots, some instance sizes
Rate limits: affect the whole account
Retrying is your friend, but with exponential backoff
 AWS
Running with a patched Terraform to overcome timeouts
and AWS eventual consistency
<?xml version="1.0" encoding="UTF-8"?>
<DescribeVpcsResponse xmlns="http://ec2.amazonaws.com/doc/2015-10-01/"
<requestId>8f855bob-3421-4cff-8c36-4b517eb0456c</requestld>
<vpcSet>
<item>
<vpcId>vpc-30136159</vpcId>
<state>available</state>
<cidrBlock>10.16.0.0/16</cidrBlock>
...
</DescribeVpcsResponse>
2016/05/18 12:55:57 [DEBUG] [aws-sdk-go] DEBUG: Response ec2/DescribeVpcAttri
--[ RESPONSE] ------------------------------------
HTTP/1.1 400 Bad Request
<Response><Errors><Error><Code>InvalidVpcID.NotFound</Code><Message>
The vpc ID 'vpc-30136159‘ does not
exist</Message></Error></Errors>
TERRAFORM OPENSTACK
Instances
Keypairs
Security Groups
Load Balancer
Networks
 OPENSTACK
Custom flavors
Custom images
Different CLI commands
There are not two OpenStack installations that are the same
 THE FUTURE
New framework using Netflix Fenzo
Runs under marathon, exposes REST API that masters call
Affinity
Reduce number of frameworks
Faster to spawn new build agents because framework is
not started
Pipeline durable builds, can survive a restart of the master
Dedicated workers for builds
THANKS
csanchez.org

csanchez

carlossg