Hadoop operations-2015-hadoop-summit-san-jose-v5

Hadoop Operations –Best Practices from the Field

June 11, 2015

Chris Naurothemail: [email protected]: @cnauroth

Suresh Srinivasemail: [email protected]: @suresh_m_s

© Hortonworks Inc. 2011

About Me

Chris Nauroth• Member of Technical Staff, Hortonworks

– Apache Hadoop committer, PMC member, and Apache Software Foundation member– Major contributor to HDFS ACLs, Windows compatibility, and operability improvements

• Hadoop user since 2010– Prior employment experience deploying, maintaining and using Hadoop clusters

Architecting the Future of Big Data


Agenda

• Analysis of Hadoop Support Cases– Support case trends– Configuration– Software Improvements

• Key Learnings and Best Practices– HDFS ACLs– HDFS Snapshots– Reporting DataNode Volume Failures



Support Case Trends – Proportional Cases per Month


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 430

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

HDFS

Map Reduce

YARN

Other (37 components)


Support Case Trends – Root Cause


Custo

mer

Env

ironm

ent (

Non H

DP)

Docum

enta

tion

Defec

t

Docum

enta

tion

Gap

Docum

enta

tion

Not U

tilize

d

Educa

tion

- Con

figur

ation

Needs

Tra

ining

Produ

ct D

efec

t0

200

400

600

800

1000

1200

YARN

Map Reduce

HDFS


Support Case Trends

• Core Hadoop components (HDFS, YARN and MapReduce) are used across all deployments, and therefore receive proportionally more support cases than other ecosystem components.

• Misconfiguration is the dominant root cause.• Documentation is a close second.• We are constantly improving the code to eliminate operational issues, help with diagnosis and

provide increased visibility.• Best practices get incorporated into Apache Ambari for improved defaults, simplified

configuration and deeper monitoring.


Configuration


Configuration - Hardware and Cluster Sizing

• Considerations

–Larger clusters heal faster on nodes or disk failure–Machines with huge storage take longer to recover–More racks give more failure domains

• Recommendations– Get good-quality commodity hardware– Buy the sweet-spot in pricing: 3TB disk, 96GB, 8-12 cores

– More memory is better – real time is memory hungry!

– Before considering fatter machines (1U 6 disks vs. 2U 12 disks)– Get to 30-40 machines or 3-4 racks

–Use pilot cluster to learn about load patterns– Balanced hardware for I/O, compute or memory bound

– More details - http://tinyurl.com/hwx-hadoop-hw


Configuration – JVM Tuning

• Avoid JVM issues– Use 64 bit JVM for all daemons

– Compressed OOPS enabled by default (6 u23 and later)

– Java heap size– Set same max and starting heapsize, Xmx == Xms

– Avoid java defaults – configure NewSize and MaxNewSize

– Use 1/8 to 1/6 of max size for JVMs larger than 4G– Configure –XX:PermSize=128 MB, -XX:MaxPermSize=256 MB

– Use low-latency GC collector– -XX:+UseConcMarkSweepGC, -XX:ParallelGCThreads=<N>

– High <N> on Namenode and JobTracker or ResourceManager

– Important JVM configs to help debugging– -verbose:gc -Xloggc:<file> -XX:+PrintGCDetails

– -XX:ErrorFile=<file>

– -XX:+HeapDumpOnOutOfMemoryError


Configuration

• Deploy with QuorumJournalManager for high availability• Configure open fd ulimit

– Default 1024 is too low– 16K for datanodes, 64K for Master nodes

• Use version control for configuration!


Configuration

• Use disk fail in place for datanodes: dfs.datanode.failed.volumes.tolerated– Disk failure is no longer datanode failure– Especially important for large density nodes

• Set dfs.namenode.name.dir.restore to true– Restores NN storage directory during checkpointing

• Take periodic backups of namenode metadata– Make copies of the entire storage directory

• Set aside a lot of disk space for NN logs– It is verbose – set aside multiple GBs– Many installs configure this too small

– NN logs roll with in minutes – hard to debug issues


Configuration – Monitoring Usage• Cluster storage, nodes, files, blocks grows

– Update NN heap, handler count, number of DN xceivers– Tweak other related config periodically

• Monitor the hardware usage for your work load– Disk I/O, network I/O, CPU and memory usage– Use this information when expanding cluster capacity

• Monitor the usage with HADOOP metrics– JVM metrics – GC times, Memory used, Thread Status– RPC metrics – especially latency to track slowdowns– HDFS metrics

– Used storage, # of files and blocks, total load on the cluster

– File System operations

– MapReduce Metrics– Slot utilization and Job status

• Tweak configurations during upgrades/maintenance on an ongoing basis

HORTONWORKS CONFIDENTIAL & PROPRIETARY INFORMATION

Install & Configure: Ambari Guided Configuration

Guide configuration and provide recommendations for the most common settings.

(HBase Example Shown here)

Software ImprovementsReal Incidents and Software Improvements to Address Them


Don’t edit the metadata files!

• Editing can corrupt the cluster state– Might result in loss of data

• Real incident– NN misconfigured to point to another NN’s metadata– DNs can’t register due to namespace ID mismatch

– System detected the problem correctly

– Safety net ignored by the admin!

– Admin edits the namenode VERSION file to match ids

Mass deletion of unknown blocks that do not exist in that namespace


Improvement

• Pause deletion of blocks when the namenode starts up– https://issues.apache.org/jira/browse/HDFS-6186– Supports configurable delay of block deletions after NameNode startup– Gives an admin extra time to diagnose before deletions begin

• Show when block deletion will start after NameNode startup in WebUI– https://issues.apache.org/jira/browse/HDFS-6385– The web UI already displayed the number of pending block deletions– This enhanced the display to indicate when actual deletion will begin



Block Deletion Start Time


New


Guard Against Accidental Deletion• rm –r deletes the data at the speed of Hadoop!

– ctrl-c of the command does not stop deletion!– Undeleting files on datanodes is hard & time consuming

– Immediately shutdown NN, unmount disks on datanodes

– Recover deleted files

– Start namenode without the delete operation in edits

• Enable Trash• Real Incident

– Customer is running a distro of Hadoop with trash not enabled– Deletes a large dir (100 TB) and shuts down NN immediately– Support person asks NN to be restarted to see if trash is enabled!

Blocks start deleting


Improvement

• HDFS Snapshots– https://issues.apache.org/jira/browse/HDFS-2802– A snapshot is a read-only point-in-time image of part of the file system– A snapshot created before a deletion can be used to restore deleted data– More coverage of snapshots later in the presentation

• HDFS ACLs– https://issues.apache.org/jira/browse/HDFS-4685– Finer-grained control of file permissions can help prevent an accidental deletion– More coverage of ACLs later in the presentation



Unexpected error during HA HDFS upgrade

• Background: HDFS HA Architecture– http://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/HDFSHighAvailabilityWithQJM.html

• Real Incident– During upgrade, NameNode calls every JournalNode to request backup of metadata directory, which renames

“current” directory to “previous.tmp”.– Permissions incorrect on metadata directory for 1 out of 3 JournalNodes.– The hdfs user is not authorized to rename. Backup fails for that JournalNode, so upgrade process aborts with

error.

Root cause not easily identifiable, long time to recover



Improvement

• Improve diagnostics on storage directory rename operations by using native code.– https://issues.apache.org/jira/browse/HDFS-7118– Logs additional root cause information for rename failure. For example, EACCES

• Split error checks in into separate conditions to improve diagnostics.– https://issues.apache.org/jira/browse/HDFS-7119– Splits a log message about failure to delete or rename into separate log messages to clarify which specific action

failed

• When aborting NameNode or JournalNode, write the contents of the metadata directories and permissions to logs.– https://issues.apache.org/jira/browse/HDFS-7120– Usually the first information asked of the user, so we can automate this

• For JournalNode operations that must succeed on all nodes, execute a pre-check to verify that the operation can succeed.– https://issues.apache.org/jira/browse/HDFS-7121– Prevents need for manual cleanup on 2 out of 3 JournalNodes where backup succeeded


Key Learnings and Best PracticesFeatures that Help Improve Production Operations


HDFS ACLs

• Existing HDFS POSIX permissions good, but not flexible enough– Permission requirements may differ from the natural organizational hierarchy of users and groups.

• HDFS ACLs augment the existing HDFS POSIX permissions model by implementing the POSIX ACL model.– An ACL (Access Control List) provides a way to set different permissions for specific named users or named

groups, not only the file’s owner and file’s group.



HDFS File Permissions Example

• Authorization requirements:– In a sales department, they would like a single user Maya (Department Manager) to

control all modifications to sales data–Other members of sales department need to view the data, but can’t modify it.–Everyone else in the company must not be allowed to view the data.

• Can be implemented via the following:

Read/Write perm for user maya

User

GroupRead perm for group sales

File with sales data


HDFS ACLs

• Problem–No longer feasible for Maya to control all modifications to the file

– New Requirement: Maya, Diane and Clark are allowed to make modifications

– New Requirement: New group called executives should be able to read the sales data

–Current permissions model only allows permissions at 1 group and 1 user

• Solution: HDFS ACLs–Now assign different permissions to different users and groups

Owner

Group

Others

HDFS Directory

… rwx

… rwx

… rwx

Group D … rwx

Group F … rwx

User Y … rwx


HDFS ACLs

New Tools for ACL Management (setfacl, getfacl)

– hdfs dfs -setfacl -m group:execs:r-- /sales-data– hdfs dfs -getfacl /sales-data# file: /sales-data# owner: maya# group: salesuser::rw-group::r--group:execs:r--mask::r--other::--

– How do you know if a directory has ACLs set?– hdfs dfs -ls /sales-dataFound 1 items-rw-r-----+ 3 maya sales 0 2014-03-04 16:31 /sales-data


HDFS ACLs Best Practices

• Start with traditional HDFS permissions to implement most permission requirements.

• Define a smaller number of ACLs to handle exceptional cases.

• A file with an ACL incurs an additional cost in memory in the NameNode compared to a file that has only traditional permissions.



HDFS Snapshots

• HDFS Snapshots– A snapshot is a read-only point-in-time image of part of the file system– Performance: snapshot creation is instantaneous, regardless of data size or subtree depth– Reliability: snapshot creation is atomic– Scalability: snapshots do not create extra copies of data blocks– Useful for protecting against accidental deletion of data

• Example: Daily Feedshdfs dfs -ls /daily-feedsFound 5 itemsdrwxr-xr-x - chris supergroup 0 2014-10-13 14:36 /daily-feeds/2014-10-13drwxr-xr-x - chris supergroup 0 2014-10-13 14:36 /daily-feeds/2014-10-14drwxr-xr-x - chris supergroup 0 2014-10-13 14:37 /daily-feeds/2014-10-15drwxr-xr-x - chris supergroup 0 2014-10-13 14:37 /daily-feeds/2014-10-16drwxr-xr-x - chris supergroup 0 2014-10-13 14:37 /daily-feeds/2014-10-17



HDFS Snapshots

• Create a snapshot after each daily loadhdfs dfsadmin -allowSnapshot /daily-feedsAllowing snaphot on /daily-feeds succeeded

hdfs dfs -createSnapshot /daily-feeds snapshot-to-2014-10-17Created snapshot /daily-feeds/.snapshot/snapshot-to-2014-10-17

• User accidentally deletes data for 2014-10-16hdfs dfs -ls /daily-feedsFound 4 itemsdrwxr-xr-x - chris supergroup 0 2014-10-13 14:36 /daily-feeds/2014-10-13drwxr-xr-x - chris supergroup 0 2014-10-13 14:36 /daily-feeds/2014-10-14drwxr-xr-x - chris supergroup 0 2014-10-13 14:37 /daily-feeds/2014-10-15drwxr-xr-x - chris supergroup 0 2014-10-13 14:37 /daily-feeds/2014-10-17



HDFS Snapshots

• Snapshots to the rescue: the data is still in the snapshothdfs dfs -ls /daily-feeds/.snapshot/snapshot-to-2014-10-17Found 5 itemsdrwxr-xr-x - chris supergroup 0 2014-10-13 14:36 /daily-feeds/.snapshot/snapshot-to-2014-10-17/2014-10-13drwxr-xr-x - chris supergroup 0 2014-10-13 14:36 /daily-feeds/.snapshot/snapshot-to-2014-10-17/2014-10-14drwxr-xr-x - chris supergroup 0 2014-10-13 14:37 /daily-feeds/.snapshot/snapshot-to-2014-10-17/2014-10-15drwxr-xr-x - chris supergroup 0 2014-10-13 14:37 /daily-feeds/.snapshot/snapshot-to-2014-10-17/2014-10-16drwxr-xr-x - chris supergroup 0 2014-10-13 14:37 /daily-feeds/.snapshot/snapshot-to-2014-10-17/2014-10-17

• Restore data from 2014-10-16hdfs dfs -cp /daily-feeds/.snapshot/snapshot-to-2014-10-17/2014-10-16 /daily-feeds



Reporting DataNode Volume Failures

• Configuring dfs.datanode.failed.volumes.tolerated > 0 enables a DataNode to keep running after volume failures

• DataNode is still running, but capacity is degraded• HDFS already provided a count of failed volumes for each DataNode, but no further details• Apache Hadoop 2.7.0 provides more information: failed path, estimated lost capacity and failure

date/time• An administrator can use this information to prioritize cluster maintenance work





New



• Everything in the web UI is sourced from standardized Hadoop metrics– Each DataNode publishes its own metrics– NameNode publishes aggregate information from every DataNode

• Metrics accessible through JMX or the HTTP /jmx URI• Integrated in Ambari• Can be integrated into your preferred management tools and ops dashboards


New System to Manage the Health of Hadoop Clusters• Ambari Alerts are installed and configured by default

• Health Alerts and Metrics managed via Ambari Web


Summary

• Configuration– Prevent garbage collection issues– Configure for redundancy– Retune configuration in response to metrics

• HDFS ACLs– Implement fine-grained authorization rules on files– Can protect against accidental file manipulations

• HDFS Snapshots– Point-in-time image of part of the filesystem– Useful for restoring to a prior state after accidental file manipulation

• Reporting DataNode Volume Failures– Metrics and web UI exposing information about volume failures on DataNodes– Useful for planning cluster maintenance work

• Use Ambari– Helps install, configure, monitor and manage Hadoop clusters– Incorporates the latest best practices



Thank you, Q&A

Resource Location

Hardware Recommendations for Apache Hadoop

http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.1.2/bk_cluster-planning-guide/content/ch_hardware-recommendations.html

HDFS operational and debuggability improvements

https://issues.apache.org/jira/browse/HDFS-6185

HDFS ACLs Blog Post http://hortonworks.com/blog/hdfs-acls-fine-grained-permissions-hdfs-files-hadoop/

HDFS Snapshots Blog Post http://hortonworks.com/blog/protecting-your-enterprise-data-with-hdfs-snapshots/

Learn more

Contact me with your operations questions and suggestionsChris Nauroth – [email protected]

Hadoop operations-2015-hadoop-summit-san-jose-v5

Software

Transcript of Hadoop operations-2015-hadoop-summit-san-jose-v5