Prerequisites

A functional DC/OS install

If you don't have one, Install DC/OS is a great resource to get one set up quickly.

You'll also need to install the dcos command-line tool.

Install the tbnctl command line interface (CLI)

tbnctl is a CLI for interacting with the Turbine Labs public API, and is used throughout this guide to set up tbnproxy. Install tbnctl with these commands (Requires installation of Go, and that $GOPATH/bin is in your $PATH):

$ go get -u github.com/turbinelabs/tbnctl
$ go install github.com/turbinelabs/tbnctl
$ tbnctl login

Use your Houston username and password to login.

Username [somebody@example.com]:
Password:

See the tbnctl Guide for more information.

Get an API Access Token

Create an API Access Token using tbnctl:

$ tbnctl access-tokens add "demo key"
{
  "access_token_key": "<redacted>",
  "description": "demo key",
  "signed_token": "<redacted>",
  "user_key": "<redacted>",
  "created_at": "2017-08-25T22:11:30.907200482Z",
  "checksum": "d60ed8a6-1a40-49a5-5bb1-5bad322d9723"
}

You'll need the value of signed_token later on, so keep it somewhere secure.

Create a Zone

The highest-level unit of organization in the Turbine Labs API is a zone. We'll use the zone "testbed" in this guide, but you can substitute your own if you've already created one. To create the testbed zone, run

$ tbnctl init-zone testbed

You should now be able to see your zone by running

$ tbnctl list zone

Setting up service discovery

The tbncollect binary scans your DC/OS cluster for pods and groups them into clusters in the Turbine Labs API.

Getting your DC/OS Access Token and URL

Before deploying tbncollect to your DC/OS cluster, you'll need an access token to allow it to talk to the DC/OS API. The easiest way to do this is with the dcos command. First make sure you're authenticated:

$ dcos auth login

Follow the instructions to authenticate with your DC/OS cluster, then obtain the access token by typing:

$ dcos config show core.dcos_acs_token

This token will be good for 5 days; way more than enough time to work through this guide. If you need a longer-lived token, you can follow these instructions. If you're using enterprise DC/OS, you should be able to create a long-lived token using the private key from a service account. If you have any trouble with this, please let us know, we can work with you to improve our support for enterprise DC/OS authentication.

You'll also need your DC/OS cluster URL, which can be obtained with:

$ dcos config show core.dcos_url

Deploying tbncollect

To deploy tbncollect to your DC/OS cluster, create a file called tbncollect.json, using the template below, filling in the signed_token obtained with tbnctl, Zone name, and DC/OS access token and URL:

{
  "id": "/tbn/tbncollect",
  "cpus": 1,
  "mem": 128,
  "container": {
    "type": "DOCKER",
    "docker": {
      "image": "turbinelabs/tbncollect:0.14.2",
      "forcePullImage": true
    }
  },
  "env": {
    "TBNCOLLECT_API_KEY": "<your signed_token>",
    "TBNCOLLECT_API_ZONE_NAME": "<your TBN zone name>",
    "TBNCOLLECT_CMD": "marathon",
    "TBNCOLLECT_MARATHON_DCOS_ACS_TOKEN": "<your dc/os access token>",
    "TBNCOLLECT_MARATHON_DCOS_URL": "<your dc/os admin URL>",
    "TBNCOLLECT_MARATHON_DCOS_INSECURE": "<true if admin URL is not HTTPS>"
  },
  "healthChecks": []
}

Then create an app using dcos:

$ dcos marathon app add tbncollect.json

You can watch launch progress from the DC/OS UI, or with the dcos command. When it is launched, you should see this output:

$ dcos marathon app list
ID                        MEM  CPUS  TASKS  HEALTH  DEPLOYMENT  WAITING  CONTAINER  CMD
/tbn/tbncollect           128   1     1/1    ---       ---      False      DOCKER   None

The all-in-one demo

We'll use the same client application described in our quickstart for these examples. To deploy the all-in-one client, run

$ dcos marathon app add https://docs.turbinelabs.io/guides/examples/dcos/all-in-one-client.json

Next, deploy the all-in-one server by running

$ dcos marathon app add https://docs.turbinelabs.io/guides/examples/dcos/all-in-one-server-blue.json

Ensure that these apps have started correctly by running:

$ dcos marathon app list
ID                            MEM  CPUS  TASKS  HEALTH  DEPLOYMENT  WAITING  CONTAINER  CMD
/tbn/all-in-one/client         64  0.1    1/1    ---       ---      False      DOCKER   None
/tbn/all-in-one/server/green   64  0.1    1/1    ---       ---      False      DOCKER   None
/tbn/tbncollect               128   1     1/1    ---       ---      False      DOCKER   None

Now verify that tbncollect has discovered your new pods and added them to the appropriate clusters by running:

$ tbnctl list --format=summary cluster

You should see a name: all-in-one-client cluster with a single instance and a name: all-in-one-server cluster with one instance and a name: all-in-one-client. It may take up to 30 seconds for the new clusters to appear.

Adding a domain and proxy

Tbnproxy is the container that handles request routing. It serves traffic for a set of domains, which in turn contain release groups and routes. We'll create the domain first.

Go to https://app.turbinelabs.io, and login with your email address and password.

Click "Settings" in the top right portion of the screen, then "Edit Routes".

The screen should indicate that you have no domains. Click "Add One".

type "testbed-domain" in the Name field, then Click "Add Domain"

The screen should now indicate that you have no proxies. Click "Add One".

type "testbed-proxy" in the Name field, and then check the box next to testbed-domain:80. This indicates that the proxy you're adding will serve traffic for testbed-domain. Click "Add Proxy"

Deploying tbnproxy

Now we're ready to deploy tbnproxy to DC/OS. To deploy tbncollect to your DC/OS cluster, create a file called tbncollect.json, using the template below, filling in the signed_token obtained with tbnctl, Zone name, and Proxy name:

{
  "id": "/tbn/tbnproxy",
  "cpus": 0.1,
  "mem": 128,
  "instances": 1,
  "container": {
    "type": "DOCKER",
    "docker": {
      "image": "turbinelabs/tbnproxy:0.14.2",
      "forcePullImage": true,
      "network": "HOST"
    }
  },
  "env": {
    "TBNPROXY_API_KEY": "<your signed_token>",
    "TBNPROXY_API_ZONE_NAME": "<your TBN zone name>",
    "TBNPROXY_PROXY_NAME": "<your proxy name>"
  },
  "healthChecks": [
    {
      "portIndex": 0,
      "protocol": "MESOS_HTTP",
      "path": "/"
    }
  ],
  "acceptedResourceRoles": [
    "slave_public"
  ],
  "portDefinitions": [
    {
      "port": 80,
      "protocol": "tcp",
      "name": "http"
    }
  ]
}

Note that we're using HOST networking on port 80, and fixing the app to a public slave node. If port 80 is already taken, feel free to use a different port.

Now create an app using dcos:

$ dcos marathon app add tbnproxy.json

You can watch launch progress from the DC/OS UI, or with the dcos command. When it is launched, you should see this output:

$ dcos marathon app list
ID                            MEM  CPUS  TASKS  HEALTH  DEPLOYMENT  WAITING  CONTAINER  CMD
/tbn/all-in-one/client         64  0.1    1/1    ---       ---      False      DOCKER   None
/tbn/all-in-one/server/blue    64  0.1    1/1    ---       ---      False      DOCKER   None
/tbn/tbncollect               128   1     1/1    ---       ---      False      DOCKER   None
/tbn/tbnproxy                 128  0.1    1/1    0/1      scale     False      DOCKER   None

Configure routes

Now we have a proxy running and exposed to the Internet, along with clusters and instances configured in the Turbine Labs service. Next we map requests to clusters. Log in to https://app.turbinelabs.io with your email address and API key.

First we'll create a route to send traffic to the all-in-one client.

  1. Make sure you have the 'testbed' zone selected in the top left portion of the screen.
  2. Click the "Settings" menu in the top right portion of the screen, and then select "Edit Routes".
  3. Click the "More" menu, then select "Add Route".
  4. Select your domain in the domain drop down
  5. Enter "/" in the path field
  6. Click the release group dropdown and select "Create New Release Group..."
  7. Select "all-in-one-client" from the service drop down
  8. Enter "client" in the release group name field
  9. Click the "Create Route + Release Group" button

Now we'll repeat these steps to create a route to send anything going to /api to the all-in-one server

  1. Click the "Settings" menu in the top right portion of the screen, and then select "Edit Routes".
  2. Click the "More" menu, then select "Add Route".
  3. Select your domain in the domain drop down
  4. Enter "/api" in the path field
  5. Click the release group dropdown and select "Create New Release Group..."
  6. Select "all-in-one-server" from the service drop down
  7. Enter "server" in the release group name field
  8. Click the "Create Route + Release Group" button

Verifying your deploy

You should now be able to see the all-in-one client by visiting the DC/OS cluster's public IP on port 80 (or whatever port you chose).

Demo exercises

Now that you're up and running with Houston on DC/OS, let's walk through some product use cases.

What's going on here?

The all-in-one client/server provide a UI and a set of services that help visualize changes in the mapping of user requests to backend services. This lets you visualize the impact of Houston on a real deployment without having to involve real customer traffic or load generators.

The application is composed of three sets of blocks, each simulating a user making a request. These are simple users, and they all repeat the same request forever. The services they call return a color. When a user receives a response it paints the box that color, then waits a random amount of time to make another request. While it’s waiting the colors in the box fade. Users are organized into rows based on URL.

You should see pulsating blue boxes for each service, to indicate the initial state of your production services.

Deployed state

Let’s dig deeper into how tbnproxy routes traffic. Traffic is received by a proxy that handles traffic for a given domain. The proxy maps requests to service instances via routes and rules. Routes let you split your domain into manageable segments, for example /bar and /baz. Rules let you map requests to a constrained set of service instances in clusters, for example “by default send traffic to servers labeled stage=prod. Clusters contain sets of service instances, each of which can be labeled with key/value pairs to provide more information to the routing engine.

Your environment should look like the following:

There is a single domain, local.domain that contains two routes. /api handles requests to our demo service instances, and / handles requests for everything else (in this case the demo app). There are two clusters:

  • The all-in-one-server cluster has one instance, labeled as stage=prod,version=blue. The all-in-one-client cluster has a single instance labeled stage=prod.

  • The all-in-one-server cluster has a single instance labeled stage=prod.

Set up an initial route

The rules currently map api traffic to all instances in the cluster. To enable the release workflow we need to constrain routing to a single version at a single stage, so let's configure Houston to route traffic to the blue version.

  1. Make sure you have the 'testbed' zone selected in the top left portion of the screen.
  2. Click the "Settings" menu in the top right portion of the screen, and then select "Edit Routes".
  3. Click the "Select View" menu in the top left portion of the screen, and select the api route.
  4. Change 1 to 'all-in-one-server' to 1 to 'all-in-one-server' stage = prod & version = blue
  5. Click "Save Release Group"

If you look at the all-in-one client you should still see all blue blocks, because we've constrained the routing to only go to servers in the cluster labeled with version=blue.

Deploying a new version

Now we'll deploy a new version of the server that returns green as the color to paint blocks.

$ dcos marathon app add https://docs.turbinelabs.io/guides/examples/dcos/all-in-one-server-green.json

You can watch launch progress from the DC/OS UI, or with the dcos command. When it is launched, you should see this output:

$ dcos marathon app list
ID                            MEM  CPUS  TASKS  HEALTH  DEPLOYMENT  WAITING  CONTAINER  CMD
/tbn/all-in-one/client         64  0.1    1/1    ---       ---      False      DOCKER   None
/tbn/all-in-one/server/blue    64  0.1    1/1    ---       ---      False      DOCKER   None
/tbn/all-in-one/server/green   64  0.1    1/1    ---       ---      False      DOCKER   None
/tbn/tbncollect               128   1     1/1    ---       ---      False      DOCKER   None
/tbn/tbnproxy                 128  0.1    1/1    0/1      scale     False      DOCKER   None

Your environment now looks like the following:

The new instance has been added to the all-in-one-server cluster, but no traffic is routed to it. When returning to your client app, you should still see only blue blocks, because we set our routing constraints in the previous step.

Testing before release

Let’s test our green version before we release it to customers. tbnproxy allows you to route to service instances based on headers set in the request. Navigate to app.turbinelabs.io, log in and select the zone you’re working with (testbed by default). Click "Settings" -> "Edit Routes", and select testbed-domain:80/api from the top left dropdown. You should see the following screen

Click “Add Rule” from the top right, and enter the following values.

This tells the proxy to look for a header called X-Tbn-Version. If the proxy finds that header, it uses the value to find servers in the all-in-one-client cluster that have a matching version label. For example, setting X-Tbn-Version: blue on a request would match blue servers, and X-Tbn-Version: green would match green servers.

The demo app converts a X-Tbn-Version query parameter into a header in calls to the backend; if you navigate to http://<your external IP>?X-Tbn-Version=green you should see all green boxes. Meanwhile going to http://<your-client> without that parameter still shows blue.

This technique is extremely powerful. New software was previewed in production without customers being affected. You were able to test the new software on the live site before releasing to customers. In a real world scenario your testers can perform validation, you can load test, and you can demo to stakeholders without running through a complicated multi-environment scenario, even during another release.

Incremental release

Now we're ready to do an incremental release from blue to green. Right now the default rules for /api send all traffic to blue. Let’s introduce a small percentage of green traffic to customers.

Navigate to app.turbinelabs.io, then click "Release Groups" below the top-line charts. The row "server" should be marked "RELEASE READY". Click anywhere in the row to expand it, then click "Start Release".

Let's send 25% of traffic to our new green version by moving the slider and clicking "Start Release". The release group should now be marked "RELEASING".

The all in one client should now show a mix of blue and green. You can increment the green percentage as you like. When you get to 100%, the release is complete.

Congratulations! You've safely and incrementally released a new version of your production software. Both blue and green versions are still running; if a problem were found with green, a rollback to blue would be just as easy.

Testing latency and error rates

In order to demo what errors and latency issues may look like in a production environment, we implemented a few parameters that can be set to illustrate these scenarios. By default, each of the demo servers returns a successful (status code 200) response with its color (as a hex string) as the response body.

URL parameters passed to the client web page at can be used to control the mean latency and error rate of each of the different server colors.

An example

The following URL will show an error rate and delayed response for green and blue servers.

http://<your external IP>/?x-blue-delay=25&x-blue-error=.001&x-green-delay=10&x-green-error=.25

This will simulate a bad green release, and a need to rollback to a known good blue release.

Parameter effect

These parameters can be modified in the above example as follows:

  • x-color-delay: sets the mean delay in milliseconds.
  • x-color-error: sets the error rate, describe as a fraction of 1 (e.g., 0.5 causes an error 50% of the time).

The latency and error rates are passed to the demo servers as HTTP headers with the same name and value as the URL parameters described. You can use these parameters to help you visualize the effects of a bad release, or an issue with the code in a new version of your application, which would be cause to step-down the release and return traffic to a known-good version.

Driving synthetic traffic

If you'd like to drive steady traffic to your all-in-one server without keeping a browser window open, you can run the all-in-one-driver image in your DC/OS environment. You can use the template below, filling in the value for ALL_IN_ONE_DRIVER_HOST with the DC/OS cluster's public IP. You can also add error rates and latencies for various using environment variables.

{
  "id": "/tbn/all-in-one-driver",
  "cpus": 1,
  "mem": 128,
  "container": {
    "type": "DOCKER",
    "docker": {
      "image": "turbinelabs/all-in-one-driver:0.10.1",
      "forcePullImage": true
    }
  },
  "env": {
    "ALL_IN_ONE_DRIVER_HOST": "<YOUR PUBLIC IP OR HOSTNAME>:80",
    "ALL_IN_ONE_DRIVER_LATENCIES": "blue:50ms,green:20ms",
    "ALL_IN_ONE_DRIVER_ERROR_RATES": "blue:0.01,green:0.005"
  },
  "healthChecks": []
}

Now start your traffic driver with:

$ dcos marathon app add all-in-one-driver.json

Wrapping-up

Now that you've seen what Houston can do with our all-in-one examples and Kubernetes , you can try it out with your own services. If you have questions or run into any trouble, please drop us a line, we're here to help.