fail better
play

Fail Better! Radical ideas from The Practice of Cloud System - PowerPoint PPT Presentation

Mar 31, 2023 •338 likes •1.11k views

Fail Better! Radical ideas from The Practice of Cloud System Administration Tom Limoncelli, SRE StackExchange.com the-cloud-book.com @YesThatTom www.informit.com/TPOSA Discount code TPOSA35 Who is Tom Limoncelli? Sysadmin since 1988

  1. Fail Better! Radical ideas from The Practice of Cloud System Administration Tom Limoncelli, SRE StackExchange.com the-cloud-book.com @YesThatTom www.informit.com/TPOSA Discount code TPOSA35

  2. Who is Tom Limoncelli? Sysadmin since 1988 Worked at Google, AT&T/Bell Labs and many more. SRE at Stack Exchange, Inc http://careers.stackoverflow.com Blog: EverythingSysadmin.com Twitter: @YesThatTom

  5. The Cloud

  6. The Cloud

  7. The Cloooooouud

  8. The Cloud!!!!!!

  9. The Cloud!!1!

  10. We <heart> The Cloud

  11. The cloud solves all problems.

  12. C cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud cloud.

  13. Distributed Computing

  18. Distributed Computing • Divide work among many machines • Coordinated central or decentralized • Examples: • Genomics: 100s machines working on a dataset • Web Service: 10 machines each taking 1/10th of the web traffic for StackExchange.com • Storage: xx,000 machines holding all of Gmail’s messages

  19. Distributed computing can do more “work” than the largest single computer. More storage. More computing power. More memory. More throughput.

  20. Mo’ computers, Mo’ problems Thousands of Users In response: Radical ideas on • Bigger risks • Reducing risk / Improve safety • Failures more visible • Reliability becomes a competitive differentiator • Automation mandatory • New automation paradigms • Cost containment • Cost and economics becomes critical

  21. Make peace with failure Parts are imperfect Networks are imperfect Systems are imperfect Code is imperfect People are imperfect

  22. Learn how to FAIL 
 BETTER

  23. 3 ways to fail better 1. Use cheaper, less reliable, hardware. 2. If a process/procedure is risky, do it a lot. 3. Don’t punish people for outages.

  24. Fail Better Part 1 of 3: Use cheaper, less reliable, hardware.

  25. • Loss-damage waiver $$ • Liability • Personal accident insurance • Personal effects coverage $$ $$

  26. High-End Server RAID Dual PS UPS Gold Maintenance

  27. Load Balancer High-End Server High-End Server High-End Server High-End Server High-End Server RAID RAID RAID RAID RAID Dual PS Dual PS Dual PS Dual PS Dual PS UPS UPS UPS UPS UPS Gold Maintenance Gold Maintenance Gold Maintenance Gold Maintenance Gold Maintenance Code Changes to Coordinate and Distribute Work

  28. $$ Load Balancer Load Balancer $$ High-End Server High-End Server High-End Server High-End Server High-End Server RAID RAID RAID RAID RAID Dual PS Dual PS Dual PS Dual PS Dual PS $$ UPS UPS UPS UPS UPS Gold Maintenance Gold Maintenance Gold Maintenance Gold Maintenance Gold Maintenance Code Changes to Coordinate and Distribute Work

  29. Reliability through software is better. • Resiliency through software: • Costs to develop. Free to deploy. • Resiliency through hardware: • Costs every time you buy a new machine.

  30. $$ Best hardware. $$ Write code so that the system is distributed. $$$$ Double-spending

  31. Load Balancer Load Balancer Efficient Server Efficient Server Efficient Server Efficient Server Efficient Server

  32. These techniques work for large grids of machines… Load Balancer Load Balancer …and every-day systems too. Efficient Efficient Efficient Efficient Efficient

  33. Big resiliency is cheaper Load Balancer Load Balancer 90% 90% 90% 90% 90% 50% 50% 90% 90% 90% 90% 90% 50% 10% overhead overhead

  34. The right amount of resiliency is good. Too much is a waste. Aim for an SLA target so you know when to stop.

  35. Load balancing & redundancy is just one way to achieve resiliency.

  36. The cheapest way to buy terabytes of RAM.

  37. Fail Better Part 1 of 3: Use cheaper, less reliable, hardware.

  38. Fail Better Part 2 of 3: If a process/procedure is risky, do it a lot.

  39. Risky behavior vs. Risky procedures

  40. Risky Behaviors are inherently risky Smoking Shooting yourself in the foot Blindfolded chainsaw juggling

  41. Risky behavior is risky.

  42. Risky Processes can be improved through practice • Software Upgrades • Database Failovers • Network Trunk Failovers • Hardware Hot Swaps

  43. StackExchange.com Failover from NY or Oregon • StackExchange.com has a “DR” site in Oregon. • StackExchange.com runs on SQL Server with “AlwaysOn” Availability Groups plus… Redis, HAproxy, ISC BIND, CloudFlare, IIS, and many home- grown applications

  44. Process was risky • Took 10+ hours • Required “hands on” by 3 teams. • Found 30+ “improvements needed” • Certain people were S.P.O.F.

  45. Drill Results Bugs Filed 30 20 Hours 12 10 5 5 2 1

  46. Why? • Each drill “surfaces” areas of improvement. • Each member of the team gains experience and builds confidence. • “Smaller Batches” are better

  47. Software Upgrades • Traditional • Distributed Computing • Months of planning • High frequency (many times a day or week) • Incompatibility issues • Fully automated • Very expensive • Easy to fix failures • Very visible mistakes • Cheap… encourages • By the time we’re done, experiments time to start over again.

  48. “Big Bang” releases are inherently risky.

  49. Small batches are better Fewer changes each batch: • If there are bugs, easier to identify source Reduced lead time: • It is easier to debug code written recently. Environment has changed less: • Fewer “external changes” to break on Happier, more motivated, employees: • Instant gratification for all involved

  50. Risk is inversely proportional to how recently a process has been used most least risky risky less more recent recent Backups Software LB web Continuous that have Upgrades servers Software never every 3 that fail all Deployment been years the time restored

  51. Netflix “Chaos Monkey” • Randomly reboots machines. • Keeps Netflix “on its toes”. • Part of the Simian Army: • Chaos Monkey (hosts) • Chaos Kong (data centers) • Latency Monkey (adds random performance delays)

  52. Fail Better Part 2 of 3: If a process/procedure is risky, do it a lot.

  53. Fail Better Part 3 of 3: Don’t punish people for outages.

  54. There will always be outages.

  55. Getting angry about outages is equivalent to expecting them to never happen… which is irrational.

  56. Out-dated attitudes about outages • Expect perfection: 100% uptime • Punish exceptions: • fire someone to “prove we’re serious” • Results: • People hide problems • People stop communicating • Discourages transparency • Small problems get ignored, turn into big problems

  57. New thinking on outages • Set uptime goals: 99.9% +/- 0.05 • Anticipate outages: • Strategic resiliency techniques, oncall system • Drills to keep in practice, improve process • Results: • Encourages transparency, communication • Small problems addressed, fewer big problems • Over-all uptime improved

  58. There are only Contributing Factors John Allspaw http://www.kitchensoap.com/2012/02/10/each-necessary-but-only-jointly-sufficient/

  59. After the outage, publish a postmortem document • People involved write a “blameless postmortem” • Identifies what happened, how, what can be done to prevent similar problems in the future. • Published widely internally and externally. • Instead of blame , people take responsibility : • Responsibility for implementing long-term fixes. • Responsibility for educating other teams how to learn from this.

  63. I dunno about anybody else, but I really like getting these post-mortem reports. Not only is it nice to know what happened , but it’s also great to see how you guys handled it in the moment and how you plan to prevent these events going forward. Really neato. Thanks for the great work :) —-Anna

  64. Fail Better Part 3 of 3: Don’t punish people for outages.

  65. Take-homes • “cloud computing” = “distributed computing” 1. Use cheaper, less reliable, hardware • Create reliability through software (when possible) • Pay only for the reliability you need 2. If a process/procedure is risky, do it a lot • Practice makes perfect • “Small Batches” improves quality and morale 3. Don’t punish people for outages • Focus on accountability and take responsibility

  66. ?

  69. Home Life

  74. Fail Better! Very Reasonable Radical ideas from The Practice of Cloud System Administration Tom Limoncelli, SRE StackExchange.com the-cloud-book.com @YesThatTom www.informit.com/TPOSA Discount code TPOSA35

  75. Q&A

Recommend

Just for fun: too smart to fail Just for fun: too smart to fail Francesco P. Lovergine

Just for fun: too smart to fail Just for fun: too smart to fail Francesco P. Lovergine

Just for fun: too smart to fail Just for fun: too smart to fail Francesco P. Lovergine &lt;frankie@fsfe.org&gt; Free Software Foundation Europe Fellowship Group Bari http://creativecommons.org/licenses/by-nc-nd/3.0/legalcode 2 7 O t t o

355 views • 17 slides
Too big to fail or Too non-traditional to fail? The determinants of banks systemic

Too big to fail or Too non-traditional to fail? The determinants of banks systemic

Too big to fail or Too non-traditional to fail? The determinants of banks systemic importance Kyle Moore 1 Chen Zhou 2 , 1 1 Erasmus University Rotterdam 2 De Nederlandsche Bank Aug 9, 2013 Moore and Zhou TBTF or TNTTF? Why we

196 views • 17 slides
FOR AS/A2 Fail to prepare Prepare to fail We can learn anything! Walt Disney was afraid of

FOR AS/A2 Fail to prepare Prepare to fail We can learn anything! Walt Disney was afraid of

PREPARING FOR AS/A2 Fail to prepare Prepare to fail We can learn anything! Walt Disney was afraid of mice Turtles breathe through their bottoms Venus is the only planet that rotates clockwise You burn more calories sleeping

724 views • 26 slides
Calls-to-Action that Fail: The most common causes for why CTAs fail (and how you can achieve

Calls-to-Action that Fail: The most common causes for why CTAs fail (and how you can achieve

Calls-to-Action that Fail: The most common causes for why CTAs fail (and how you can achieve quick wins with small changes) Experiment: Background Experiment ID : TP1785 Record Location : MECLABS Research Library Research Partner : [Protected]

1.19k views • 99 slides
mndag 13 maj 13 OVERVIEW Fail-recovery Precedence (1,N) Logged register Byzantine (1,N)

mndag 13 maj 13 OVERVIEW Fail-recovery Precedence (1,N) Logged register Byzantine (1,N)

FAIL-RECOVERY &amp; BYZANTINE REGISTERS mndag 13 maj 13 OVERVIEW Fail-recovery Precedence (1,N) Logged register Byzantine (1,N) Safe (1,N) Regular x2 (1,N) Atomic mndag 13 maj 13 FAIL-RECOVERY Process can fail before completion. o

554 views • 23 slides
Why bids fail? Why bids fail? Research by McIlhiney &amp; Goldring 2010 For Pathways 21 [ UK]

Why bids fail? Why bids fail? Research by McIlhiney &amp; Goldring 2010 For Pathways 21 [ UK]

Why bids fail? Why bids fail? Research by McIlhiney &amp; Goldring 2010 For Pathways 21 [ UK] Ltd How has the current economic climate affected your funding levels? y g Has that affected your preference for smaller or larger contracts?

456 views • 23 slides
Non-Instagrammable Urbanism Tactical Urbanism Wins + Fails place creative. FAIL 1 FAIL 2

Non-Instagrammable Urbanism Tactical Urbanism Wins + Fails place creative. FAIL 1 FAIL 2

Non-Instagrammable Urbanism Tactical Urbanism Wins + Fails place creative. FAIL 1 FAIL 2 SUCCESS 1 SUCCESS 2 Process Over People Ponsonby Park Auckland Council. - Waitemat Local Board - 254 Ponsonby Road Volunteer CLD Group Dr. Amanda

620 views • 21 slides
Cut Not and Fail Cut, Not, and Fail York University CSE 3401 Vida Movahedi 1 York University

Cut Not and Fail Cut, Not, and Fail York University CSE 3401 Vida Movahedi 1 York University

Cut Not and Fail Cut, Not, and Fail York University CSE 3401 Vida Movahedi 1 York University CSE 3401 V. Movahedi 07_CutNotFail Overview Overview Multiple solutions p Cut Examples p 3 reasons to use Not Fail

601 views • 27 slides
WHY MOST ONLINE COMMUNITIES FAIL ...and how you can help them succeed Most online communities

WHY MOST ONLINE COMMUNITIES FAIL ...and how you can help them succeed Most online communities

WHY MOST ONLINE COMMUNITIES FAIL ...and how you can help them succeed Most online communities fail GENERATION BENZ MetroTwin British Airways Virgin Media Pioneers Walmart Sainsburys What do these examples tell us? What do these

514 views • 24 slides
Fail to Plan, Plan to Fail: Zoning and Land Use Case Review Koontz v. St. Johns River Water Mgmt.

Fail to Plan, Plan to Fail: Zoning and Land Use Case Review Koontz v. St. Johns River Water Mgmt.

12/7/2015 SC Municipal Attorneys Association Annual Meeting and Continuing Legal Education Seminar Fail to Plan, Plan to Fail: Zoning and Land Use Case Review Koontz v. St. Johns River Water Mgmt. Dist . (2013) 5-4 Decision In Favor of

167 views • 4 slides
Nearness Gone Wrong: When Leaders Fail Steve Midgley When leaders fail... An imaginary

Nearness Gone Wrong: When Leaders Fail Steve Midgley When leaders fail... An imaginary

Nearness Gone Wrong: When Leaders Fail Steve Midgley When leaders fail... An imaginary example? The past three years... A pastor and his affairs Discipleship and pastoral beatings Discipleship and bullying Pastoral

318 views • 31 slides
Registers Shared Memory Fail-crash, fail-silent BJRN A. JOHNSSON Introduction Analogy

Registers Shared Memory Fail-crash, fail-silent BJRN A. JOHNSSON Introduction Analogy

Registers Shared Memory Fail-crash, fail-silent BJRN A. JOHNSSON Introduction Analogy from multi-CPU computers. Over network: emulation of shared-memory . Benefit: use shared-memory where there really is none. Considered

626 views • 35 slides
BUDGETING &amp; SAVING Schell Stubbs, MBA, LLM 21 th March, 2019 Budgeting If you fail

BUDGETING &amp; SAVING Schell Stubbs, MBA, LLM 21 th March, 2019 Budgeting If you fail

FINANCIAL SERVICES LITERACY PROGRAM BUDGETING &amp; SAVING Schell Stubbs, MBA, LLM 21 th March, 2019 Budgeting If you fail to plan, you are planning to fail. Benjamin Franklin www.cfasociety.org/bahamas Why is Budgeting

339 views • 17 slides
TOO BIG TO FAIL BANKS: CAN THEY BE RESOLVED? Prepared for the Brookings Conference on dealing

TOO BIG TO FAIL BANKS: CAN THEY BE RESOLVED? Prepared for the Brookings Conference on dealing

TOO BIG TO FAIL BANKS: CAN THEY BE RESOLVED? Prepared for the Brookings Conference on dealing with too important to fail banks June 14, 2013 Martin Neil Baily(mbaily@brookings.edu) The Brookings Institution 1 Resolving Large Institutions and

126 views • 11 slides
#failability How to not Fail on Launch http://adammalone.net Adam Malone @adammalone

#failability How to not Fail on Launch http://adammalone.net Adam Malone @adammalone

#failability How to not Fail on Launch http://adammalone.net Adam Malone @adammalone drupal.org/user/1295980 aka typhonius Adam Malone | How to not Fail on Launch about:me Client Advisory - Acquia APJ Created my first HTML site: 2009

574 views • 24 slides
Data backup Way to many copies is just about right I have never had a drive fail Said

Data backup Way to many copies is just about right I have never had a drive fail Said

Data backup Way to many copies is just about right I have never had a drive fail Said photographer with no backups All drives fail It is not a matter if, it is a matter of when Multiple copies is your best protection Drives

499 views • 17 slides
Solid Type System vs Runtime Checks and Unit Tests Vladimir Pavkin Plan Fail Fast concept

Solid Type System vs Runtime Checks and Unit Tests Vladimir Pavkin Plan Fail Fast concept

Solid Type System vs Runtime Checks and Unit Tests Vladimir Pavkin Plan Fail Fast concept Type Safe Patterns Fail Fast Immediate and visible failure Where can it fail? Handled runtime exceptions &amp; assertions Unhandled runtime failure

1.2k views • 62 slides
How to Fail: a Subjective Disaster Gerhard Weikum http://www.mpi-inf.mpg.de/~weikum/ How to

How to Fail: a Subjective Disaster Gerhard Weikum http://www.mpi-inf.mpg.de/~weikum/ How to

How to Fail: a Subjective Disaster Gerhard Weikum http://www.mpi-inf.mpg.de/~weikum/ How to Fail: 5 Golden Rules Not So Rule 1: Start with list of 10 topics and hire 10+ students Rule 2: If you dont make progress hire more students

311 views • 12 slides
ENDING TOO BIG TO FAIL: REASONS FOR OPTIMISM MAY 16, 2016 John F. Bovenzi Introduction:

ENDING TOO BIG TO FAIL: REASONS FOR OPTIMISM MAY 16, 2016 John F. Bovenzi Introduction:

ENDING TOO BIG TO FAIL: REASONS FOR OPTIMISM MAY 16, 2016 John F. Bovenzi Introduction: Too-Big-to-Fail (TBTF) How far have we come? What remains to be done? Can we get there? Significant progress, but most important work remains

131 views • 10 slides
CPD Why gutters fail and the options to repair, replace and refurbish: A specifiers guide

CPD Why gutters fail and the options to repair, replace and refurbish: A specifiers guide

CPD Why gutters fail and the options to repair, replace and refurbish: A specifiers guide Josh Hamer Technical Services Manager Agenda Introduction Why gutters fail Decision to repair, replace or refurbish System comparisons

813 views • 58 slides
Fail-Safe/Local IP Address and Local Link Fail-Safe/Local IP address - the IP address

Fail-Safe/Local IP Address and Local Link Fail-Safe/Local IP address - the IP address

Fail-Safe/Local IP Address and Local Link Fail-Safe/Local IP address - the IP address designed to be always reachable by the administrator with a direct Local Link connections Local Link Local Link 1 Mesh Manager Direct Wireless

109 views • 9 slides
Heb. 11:32, And what more shall I say? For the time would fail me to tell of Gideon and Barak

Heb. 11:32, And what more shall I say? For the time would fail me to tell of Gideon and Barak

Heb. 11:32, And what more shall I say? For the time would fail me to tell of Gideon and Barak and Samson and Jephthah, also of David and Samuel and the prophets: Heb. 11:33, who through faith subdued kingdoms, worked righteousness,

119 views • 11 slides
Four Projects Simplifying Comparing Locating Input Coverage Causes 3 weeks 3 weeks 4 weeks

Four Projects Simplifying Comparing Locating Input Coverage Causes 3 weeks 3 weeks 4 weeks

About the Course Andreas Zeller 1 Course Topics Tracking and Reproducing Problems The Scientific Method Making Programs Fail Isolating Failure Causes (automatically) Locating and Fixing Defects Why does my Program Fail?

66 views • 5 slides
Dream Job? The Culture you Want Helen Walton and Pete Burden Be Present Reasons Projects Fail

Dream Job? The Culture you Want Helen Walton and Pete Burden Be Present Reasons Projects Fail

Dream Job? The Culture you Want Helen Walton and Pete Burden Be Present Reasons Projects Fail Don't know Lack of management support Inability to change Communication problem External pressure Lack of experience Culture fail 0 2 4 6

841 views • 38 slides

More recommend