Objective

This document forseens to provide guidelines to implement a high availability TopBDII service.

TopBDII service requirements

Hardware

• dual core CPU
• 10GB of hard disk space
• 2-3 GB RAM. If you decide to set BDII_RAM_DISK=yes in your YAIM configuration, it's advisable to have 4GB of RAM.

Co-hosting

• Due to the critical nature of the information system with respect to the operation of the grid, the TopBDII should be installed as a stand-alone service to ensure that problems with other services do not affect the BDII. In no circumstances should the BDII be co-hosted with a service which has the potential to generate a high load.

Physical vs Virtual Machines

• There is no clear vision on this topic. Some managers complain that there are performance issues related to deploying a TopBDII service under a virtual machine. Others argue that such performance issues are related to the configuration of the service itself. The only agreed feature is that the management and disaster recovery of any service deployed under a virtual machine is more flexible and easier. This could be an important point to take into account considering the critical importance of the TopBDII service.

Best practices from a client perspective

• In gLite 3.2 you can set up redundancy of TopBDIIs for the clients (glite-WNs and gLite-UIs) setting up a list of TopBDII instances to support the automatic failover in the GFAL clients. If the first Top level BDII fails to be contacted, the second will be used in its place, and so on.

• This mechanism is implemented defining the BDII_LIST YAIM variable according to the following sintax:

BDII_LIST=my-bdii1.$MY_DOMAIN:2170[,my-bdii22.$MY_DOMAIN:2170[...]]. 

• After running YAIM, the client enviroment should contain the

LCG_GFAL_INFOSYS=my-bdii1.$MY_DOMAIN:port1,my-bdii22.$MY_DOMAIN:2170 

• The data management tools (lcg_utils) contact the information system for every operation (lcg-cr, lcg-cp, ...). So, if you have your client properly configured with redundancy for the information system, the lcg_utils tools will use that mechanism in a transparent way. Be aware that lcg-infosites doesn't work with multiple BDIIs. Only gfal, lcg_utils, lcg-info and glite-sd-query.

• Site admins should use a list of top-bdii to configure their services (the first of the list should be the default top-bdii provided by their NGI).

A TopBDII High Availability Proposal

• The best practice proposal to provide a high availability TopBDII service is based on two mechanisms working as main building blocks:

1. DNS round robin load balacing
2. Fault tolerance DNS Updater

We will provide a short introduction to some of these DNS mechanisms but for further information on specific implementations, please contact your DNS administrator.

DNS round robin load balacing

• Load balancing is a technique to distribute workload evenly across two or more resources. A load balancing method, which does not necessarily require a dedicated software or hardware node, is called round robin DNS.

• We can assume that all transactions (queries to top-bdii) generate the same resource load. For an effective load balancing, all top-bdii instances should have the same hardware configurations. In other case, a load balancing arbiter is needed.

• Simple round robin DNS load balancing is easy to deploy. Assuming that there is a primary DNs server (dns.top.domain) where the DNS load balancing will be implemented, one simply has to add multiple A records mapping the same hostname to multiple IP addresses under the core.top.domain DNS zone

# In dns.top.domain: Add multiple A records mapping the same hostname to multiple IP addresses
Zone core.top.domain
topbdii.core.top.domain IN A x.x.x.x
topbdii.core.top.domain IN A y.y.y.y
topbdii.core.top.domain IN A z.z.z.z

• The 3 records are always served as answer but the order of the records will rotate in each DNS query

• This does NOT provide fault tolerance against problems in the TopBDIIs themselves

1. if one TopBDII fails its DNS “A” record will still be served
2. one in each three DNS queries will provide the failed TopBDII first answer

Fault tolerance DNS Updater

• The DNS Updater is a mechanism (to be implemented by you) which tests the different TopBDIIs and decides to remove or add DNS entries through DNS dynamic updates. The fault tolerance is implemented by dynamically removing the DNS “A” records of unavailable TopBDII(s). nsupdate introduced in bind V8 offers the possibility of changing DNS records dynamically:

1. The nsupdate tool connects to a bind server on port 53 (TCP or UDP) and can update zone records
2. Updates are authorized based on keys
3. Updates can only be performed on the DNS primary server
4. In the DNS bind implementation, the entire zone is rewritten by the DNS server upon “stop” to reflect the changes. Thefore, the zone should not be managed manually; and the changes are kept in a zone journal file until a “stop” happens

Implementation

• There are several alternatives to implement the DNS Updater:

1. NAGIOS based tests
2. a demonized service
3. scripts running as crons

What to test: BDII metrics

• Status information about the BDII is available by querying the o=infosys root for the UpdateStats object. This entry contains a number of metrics relating to the latest update such as the time to update the database and the total number of entries. And example of such entry is shown below.

dn: Hostname=lxbra2510.cern.ch,o=infosys
objectClass: UpdateStats
Hostname: lxbra2510.cern.ch
FailedDeletes: 0
ModifiedEntries: 4950
DeletedEntries: 1318
UpdateTime: 150
FailedAdds: 603
FailedModifies: 0
TotalEntries: 52702
QueryTime: 8
NewEntries: 603
DBUpdateTime: 11
ReadTime: 0
PluginsTime: 4
ProvidersTime: 113

• The following table shows the meaning of these metrics:

• Previous BDII metrics can be checked to take a decision regarding the reliability and availability of a TopBDII instance.

• More information is available in gLite-BDII_top Monitoring.

Notes on DNS caching

• DNS records obtained in queries are cached by the DNS servers (usually during 24 hours). Therefore to propagate DNS changes fast enough it is important to have very short TTL lifetimes.
• DNS has not been built to have very short TTL values and these may increase highly the number of queries and as result increase the load of the DNS server
• The TTL lifetime to be used will have to be tested.
• If the top BDII are only used by sites in the region and if queries are only from the DNS servers of these few sites then the number of queries may be low enough to allow for a very small TTL
• This value should not be lower than 30s - 60s

Example 1: The DNS Updater IGI Nagios based mechanism

When Nagios needs to check the status of a service it will execute a plugin and pass it information about what needs to be checked. • The plugin will then check the operational state of the service and report the results back to the Nagios daemon. • Nagios will process the results of the service check and take appropriate action as necessary (e.g. send notifications, run event handlers, etc). Active check are executed: • At regular intervals, as defined by the check_interval and retry_interval options in the service definitions • On-demand as needed

ach instance is checked every 5 minutes (5 minutes seems to be adequate); • If a failure occurs, nagios try to restart the BDII service AND remove the instance from the DNS round robin set using dnsupdate – an email is sent as notification; – If the instances failed are 4 (on 5), an SMS messages is sent as notification; • If a failed instance appears to be restored, nagios re-add it to the DNS set

Example 2: The DNS Updater IBERGRID scripting based mechanism