Is your Elastic Cluster Stable and Production Ready?
3 likes1,012 views
The document outlines best practices for ensuring that an Elasticsearch cluster is production-ready, focusing on deployment, monitoring, backup strategies, and security measures. It covers essential components such as cluster topology, index management patterns, sharding optimization, and memory management to enhance performance. Additionally, it provides insights on ingestion architecture and security protocols to protect the cluster and data integrity.
Is your Elastic Cluster Stable and Production Ready?
- 1. Is your Elasticsearch Cluster Production Ready? Itamar Syn-Hershko http://code972.com | @synhershko http://BigDataBoutique.co.il
- 3. What does it take? β’ Cluster deployed using best practices β’ Thorough monitoring β’ Inspect. Fix. Repeat. β’ Good capacity planning β’ Memory management β’ Indexing and sharding strategy β’ Security
- 4. Cluster Topology Master-eligible nodes (3) Data nodes (sizing by data) Client nodes, aka coordinating nodes (scalable, sizing by traffic)
- 5. Deployments β’ Prefer immutable images & scripted deployments β’ For AWS see https://github.com/synhershko/elasticsearch- cloud-deploy/ β’ GCP coming soon
- 6. Backups β’ Very efficient β’ Very important β’ Several storages supported β’ To a shared file system β’ HDFS β’ Azure / GCP / AWS repositories via plugins
- 7. What to monitor (on the cluster, per host)? β’ CPU load β’ Memory utilization β’ Heap utilization β’ GC time β’ Disk utilization β’ Disk IOPs β’ Merges β’ Deleted docs β’ Requests per sec (indexing, search) β’ Load average < number of cores β’ Network in / out β’ Thread pool rejections β’ Number of nodes β’ Cache sizes β’ Cache evictions β’ Cluster state / health β’ Number of shards per type
- 8. X-Pack monitoring (aka Marvel)
- 9. Grafana dashboards β’ More fine-grained, cluster-wide view β’ Provided with metrics polling script (Python) https://github.com/synhershko/elasticsearch-grafana-monitoring
- 10. Monitoring Destination β’ To the same cluster β’ To a different cluster (Recommended) β’ External systems (e.g. graphite) β only if already in org β’ X-Pack subscribers can now send metrics to Elastic Cloud
- 11. Typical garbage collection sawtooth
- 12. CPU monitoring
- 13. Correlating metrics β’ Shards on the same node have issues? β’ During merges? β’ CPU and GC β’ HTTP traffic and indexing or search operations
- 15. Boosting slow operations β’ Search or Indexing heavy? β’ Measure operations also from applications side! β’ Slow searches β’ Queries need optimization β’ Scoring (not using filters) β’ Numeric ranges pre-5 β’ Scripts β’ Slow indexing β’ Sharding strategy β’ Use bulk indexing (optimize for 10-15MB of data, regardless of number of documents / operations) β’ Slow analyzers affects both! (e.g. n-grams)
- 16. Donβt use NGrams! β’ Being used for βcontainsβ search β’ You ainβt gonna need it, use WordDelimiter Token Filter instead β’ Useful for fuzzy search / auto-correction β’ Best used via Elasticsearchβs Suggesters β’ Useful for languages without spaces, or with compound words β’ min_gram , max_gram
- 17. Caches β’ Query cache β’ Request cache β’ Measure evictions rate & cache usage
- 18. Memory Allocation β’ ES_HEAP_SIZE β’ DocValues used? β’ Fielddata usage β’ Query cache (for queries in filter context) β’ Request cache (for aggregations and count queries) β’ Never over 32GB! β’ Default cache sizes not always fit usage β’ Set appropriate static configs in elasticsearch.yml β’ At least 50% of memory to file-system cache β’ Usually more
- 19. Server Sizing β’ Master nodes β’ 1-2 cores, 2-4 GB memory, 50% ES_HEAP_SIZE β’ Data nodes β’ > 4 cores, measure and preserve disk/mem ratio (can start with 1/24) β’ ES_HEAP_SIZE as per previous slide β’ Client nodes β’ CPU and network heavy, 4GB memory should be enough for most use cases
- 20. Index Management Patterns ⒠A Monolith Index ⒠Search façade on top of your data ⒠Record linkage ⒠Anomaly detection ⒠Rolling indexes (time based events) ⒠Centralized logging ⒠Auditing ⒠IoT logs-2016.11.20 logs-2016.11.21 logs-2016.11.22 logs-2016.11.23logs-2016.11.19
- 21. Optimal shard size β’ Few millions in document size, for search performance β’ A bit more if only doing aggregations β’ 5-8GB on disk max, for startup times and network reallocation β’ doc_values are enabled by default, turn off for non-aggs fields to save space
- 22. Sharding β’ Index Shards β’ Resharding / auto-sharding not supported β’ Index-level sharding β’ Avoid using types (deprecated > 6.x) β’ Multi-tenancy β’ Rollover API (> 5.x) β’ Cluster level β’ Cluster per project β’ Cross-cluster search capability
- 23. Multitenancy β’ Silos β Every tenant get their own index β’ Index sizes vary β’ Potentially wasting resources β’ Pool β All tenants are in one big index β’ Sharding isnβt dynamic β’ Effects on tf/idf, aggregations, throughput β’ Hybrid β Big tenants in their own index, pool(s) for small ones
- 24. Use Explicit Mapping (aka Avoid Schemaless) β’ In one of two ways: β’ Disable dynamic mapping in settings (index.mapper.dynamic: false). Will refuse indexing. β’ Create catch-all dynamic template with enabled:false mapping β’ Why? β’ Avoids hundreds of fields by mistake β’ Saves effort on indexing and disk space β’ Defaults are bad anyhow, donβt rely on them β’ Prefer using index templates (especially for rolling indices)
- 25. Re-balancing is your enemy β’ Lock down shard rebalancing β’ cluster.routing.rebalance.enable β’ none β’ cluster.routing.allocation.enable β’ primaries β’ new_primaries β’ none
- 26. More safe configs β’ action.disable_delete_all_indices: true β’ action.auto_create_index: false
- 27. Deep paging (donβt!) β’ Donβt from-size β’ search_after (> 5.x) β’ Scroll and sliced-scroll (> 5.x) β’ Not for normal operation
- 28. Deletions β’ Deletions have an overhead β’ Slow searches β’ Segmentation β’ More work on segment merging β’ Non-exact tf/idf β’ Every document update is a deletion β’ No need to avoid it completely, just design accordingly
- 29. Geographic Distribution β’ Never with the same cluster! β’ Cross-cluster search (formerly Tribe Node) β’ For geographic sharding β’ Different indexes in different regions β’ xDCR for HA / DR β’ Can be solved by infra β replicating queues (Kafka), DBs β’ Solution coming in X-Pack
- 30. Your ingestion architecture? β’ Favor external ingestion, relieve Elastic from that responsibility β’ Upgrade Logstash to 5.x β’ Consider using FileBeat instead of logstash for log-tailing β’ Prefer logstash machines over ingest nodes β’ Use queues (Kafka, Redis) to protect against surges
- 31. Security
- 32. Protecting your cluster β’ Donβt bind to a public IP β’ Use only private IP/DNSs, preferably in subnets (e.g. AWS VPC) β’ network.host in elasticsearch.yml β’ Proxy all client requests to ES β’ Disable HTTP where not needed β’ + Donβt use default ports β’ Secure publicly available client nodes β’ Access via VPN only β’ At the very least SSL + authentication if VPN not an option β’ Disable dynamic scripting (pre-5.x)
- 33. Securing Indexes and Documents β’ Heavy Kibana user? β’ Authentication and authorization β’ Index, Document and Field level security β’ Requires X-Pack Security β’ Application level authentication and authorization β’ Application filtering of content (fields, documents) β’ Index level (e.g. index per tenant) β’ Document level (using permissions) β’ Inter-node comms, encryption at rest (X-Pack only)
- 34. Upcoming in ES land β’ Elasticsearch 6 β’ Machine Learning β’ Anomaly detection on time series data β’ Enterprise Cloud β’ Elastic Cloud deployed on-premise β’ Any plugin authors in the crowd?
- 35. Elasticsearch Training Elasticsearch for Developers & Maintaining Elasticsearch in Production β’ September (10,11,17/9) β’ November (12,13,16/11) http://bdbq.co.il/courses Consultancy and Development services http://bdbq.co.il/services/elasticsearch
- 36. Questions? @synhershko on social (Twitter, github, β¦) Blog at http://code972.com Training and consultancy at http://BigDataBoutique.co.il