Prerequisites

A functional Docker on EC2 install

If you don't have one, Docker Basics is a great resource to get one set up quickly.

The AWS command line interface (CLI)

You'll need access to the AWS command-line interface.

Install the tbnctl command line interface (CLI)

tbnctl is a CLI for interacting with the Turbine Labs public API, and is used throughout this guide to set up tbnproxy. Install tbnctl with these commands (Requires installation of Go, and that $GOPATH/bin is in your $PATH):

$ go get -u github.com/turbinelabs/tbnctl
$ go install github.com/turbinelabs/tbnctl
$ tbnctl login

Use your Houston username and password to login.

Username [somebody@example.com]:
Password:

See the tbnctl Guide for more information.

Get an API Access Token

Create an API Access Token using tbnctl:

$ tbnctl access-tokens add "demo key"
{
  "access_token_key": "<redacted>",
  "description": "demo key",
  "signed_token": "<redacted>",
  "user_key": "<redacted>",
  "created_at": "2017-08-25T22:11:30.907200482Z",
  "checksum": "d60ed8a6-1a40-49a5-5bb1-5bad322d9723"
}

You'll need the value of signed_token later on, so keep it somewhere secure.

Create a Zone

The highest-level unit of organization in the Turbine Labs API is a zone. We'll use the zone "testbed" in this guide, but you can substitute your own if you've already created one. To create the testbed zone, run

$ tbnctl init-zone testbed

You should now be able to see your zone by running

$ tbnctl list zone

Installing on EC2

You will need:

  • One EC2 micro instance running Docker on the Linux of your choice.
  • A security group assigned to the instance, with the following inbound ports open:
    • HTTP/80 from the local VPC network (probably 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16)
    • SSH/22 from the Internet (or from your bastion if you have one)
  • The ID of the instance
  • The ID of the VPC in which the instance is running

Setting up service discovery

SSH into your EC2 instance, and run tbncollect, with your environment variables defined inside of the docker command, including the signed_token you obtained with tbnctl as the API key:

$ docker run -d \
  -e "TBNCOLLECT_API_KEY=<your signed_token>"
  -e "TBNCOLLECT_API_ZONE_NAME=<your zone name>" \
  -e "TBNCOLLECT_AWS_AWS_ACCESS_KEY_ID=<your aws access key>" \
  -e "TBNCOLLECT_AWS_AWS_REGION=<your aws region>" \
  -e "TBNCOLLECT_AWS_AWS_SECRET_ACCESS_KEY=<your secret access key>" \
  -e "TBNCOLLECT_AWS_VPC_ID=<your vpc id>" \
  -e "TBNCOLLECT_CMD=aws" \
  turbinelabs/tbncollect:0.14.2

The all-in-one demo

Now you will install the all-in-one client and server on different ports of the same instance; the tags are used to let the collector know which app is running on which port, and with what metadata.

Running the all-in-one-client

First, run the all-in-one-client on port 8080, in the SSH session to the EC2 instance:

$ docker run -p 8080:8080 -d turbinelabs/all-in-one-client:0.14.2

Once all-in-one-client is running, add the cluster tag using the aws command- line tool or the ECS Console, taking care to replace <your instance id> with the ID of your EC2 instance:

$ aws ec2 create-tags \
  --resources <your instance id> \
  --tags Key=tbn:cluster:all-in-one-client:8080,Value=

Running the all-in-one-server

Now run the all-in-one-server on port 8081, in the SSH session to the EC2 instance:

$ docker run -d \
  -p 8081:8080 \
  -e "TBN_COLOR=1B9AE4" \
  -e "TBN_NAME=blue" \
  turbinelabs/all-in-one-server:0.14.2

Once the all-in-one-server is running, add the version tag using the aws command-line tool or the ECS Console, taking care to replace <your instance id> with the ID of your EC2 instance (Note that since the version tag includes the cluster name and port, you do not need to declare it with a separate tag):

$ aws ec2 create-tags \
  --resources <your instance id> \
  --tags \
    Key=tbn:cluster:all-in-one-server:8081:version,Value=blue \
    Key=tbn:cluster:all-in-one-server:8081:stage,Value=prod

Adding a domain and proxy

Tbnproxy is the container that handles request routing. It serves traffic for a set of domains, which in turn contain release groups and routes. We'll create the domain first.

Go to https://app.turbinelabs.io, and login with your email address and password.

Click "Settings" in the top right portion of the screen, then "Edit Routes".

The screen should indicate that you have no domains. Click "Add One".

type "testbed-domain" in the Name field, then Click "Add Domain"

The screen should now indicate that you have no proxies. Click "Add One".

type "testbed-proxy" in the Name field, and then check the box next to testbed-domain:80. This indicates that the proxy you're adding will serve traffic for testbed-domain. Click "Add Proxy"

Deploying tbnproxy

Now we're ready to deploy tbnproxy on the same instance as the collector with ports forwarded appropriate to your service or site. In the SSH session to the EC2 instance, type:

$ docker run -d \
  -p 80:80 \
  -e "TBNPROXY_API_KEY=<your signed_token" \
  -e "TBNPROXY_API_ZONE_NAME=<your zone name>" \
  -e "TBNPROXY_PROXY_NAME=<your proxy name>" \
  turbinelabs/tbnproxy:0.14.2

Mapping an ELB to expose tbnproxy

With your instance running both tbncollect and tbnproxy, create an Elastic Load Balancer through the AWS management console to send traffic through to your tbncollect and tbnproxy node on the appropriate ports—in this example, TCP port 80. Next, apply the security group: ELBGroup.

Configure routes

Now we have a proxy running and exposed to the Internet, along with clusters and instances configured in the Turbine Labs service. Next we map requests to clusters. Log in to https://app.turbinelabs.io with your email address and API key.

First we'll create a route to send traffic to the all-in-one client.

  1. Make sure you have the 'testbed' zone selected in the top left portion of the screen.
  2. Click the "Settings" menu in the top right portion of the screen, and then select "Edit Routes".
  3. Click the "More" menu, then select "Add Route".
  4. Select your domain in the domain drop down
  5. Enter "/" in the path field
  6. Click the release group dropdown and select "Create New Release Group..."
  7. Select "all-in-one-client" from the service drop down
  8. Enter "client" in the release group name field
  9. Click the "Create Route + Release Group" button

Now we'll repeat these steps to create a route to send anything going to /api to the all-in-one server

  1. Click the "Settings" menu in the top right portion of the screen, and then select "Edit Routes".
  2. Click the "More" menu, then select "Add Route".
  3. Select your domain in the domain drop down
  4. Enter "/api" in the path field
  5. Click the release group dropdown and select "Create New Release Group..."
  6. Select "all-in-one-server" from the service drop down
  7. Enter "server" in the release group name field
  8. Click the "Create Route + Release Group" button

Verifying your deploy

With your ELB running, locate its external IP, and visit it in your browser. You should be able to see blue boxes in a grid, blinking in and out, as they represent responses from the blue version of the all-in-one-server we launched previously.

Demo exercises

Now that you're up and running with Houston on EC2, let's walk through some product use cases.

What's going on here?

The all-in-one client/server provide a UI and a set of services that help visualize changes in the mapping of user requests to backend services. This lets you visualize the impact of Houston on a real deployment without having to involve real customer traffic or load generators.

The application is composed of three sets of blocks, each simulating a user making a request. These are simple users, and they all repeat the same request forever. The services they call return a color. When a user receives a response it paints the box that color, then waits a random amount of time to make another request. While it’s waiting the colors in the box fade. Users are organized into rows based on URL.

You should see pulsating blue boxes for each service, to indicate the initial state of your production services.

Deployed state

Let’s dig deeper into how tbnproxy routes traffic. Traffic is received by a proxy that handles traffic for a given domain. The proxy maps requests to service instances via routes and rules. Routes let you split your domain into manageable segments, for example /bar and /baz. Rules let you map requests to a constrained set of service instances in clusters, for example “by default send traffic to servers labeled stage=prod. Clusters contain sets of service instances, each of which can be labeled with key/value pairs to provide more information to the routing engine.

Your environment should look like the following:

There is a single domain, local.domain that contains two routes. /api handles requests to our demo service instances, and / handles requests for everything else (in this case the demo app). There are two clusters:

  • The all-in-one-server cluster has one instance, labeled as stage=prod,version=blue. The all-in-one-client cluster has a single instance labeled stage=prod.

  • The all-in-one-server cluster has a single instance labeled stage=prod.

Set up an initial route

The rules currently map api traffic to all instances in the cluster. To enable the release workflow we need to constrain routing to a single version at a single stage, so let's configure Houston to route traffic to the blue version.

  1. Make sure you have the 'testbed' zone selected in the top left portion of the screen.
  2. Click the "Settings" menu in the top right portion of the screen, and then select "Edit Routes".
  3. Click the "Select View" menu in the top left portion of the screen, and select the api route.
  4. Change 1 to 'all-in-one-server' to 1 to 'all-in-one-server' stage = prod & version = blue
  5. Click "Save Release Group"

If you look at the all-in-one client you should still see all blue blocks, because we've constrained the routing to only go to servers in the cluster labeled with version=blue.

Deploying a new version

Now we'll deploy a new version of the server that returns green as the color to paint blocks. SSH into the instance that is running your current all-in-one- client, then run a new Docker container with this command, in the SSH session to the EC2 instance:

$ docker run -d \
  -p 8082:8080 \
  -e "TBN_COLOR=83D061" \
  -e "TBN_NAME=green" \
  turbinelabs/all-in-one-server:0.14.2

Once the instance is running, add the version tag using the aws command-line tool or the ECS Console, taking care to replace <your instance id> with the ID of your EC2 instance:

$ aws ec2 create-tags \
  --resources <your instance id> \
  --tags \
    Key=tbn:cluster:all-in-one-server:8082:version,Value=green \
    Key=tbn:cluster:all-in-one-server:8082:stage,Value=prod

Note that your EC2 instance is now running multiple versions of the same service, on separate ports.

Your environment now looks like the following:

The new instance has been added to the all-in-one-server cluster, but no traffic is routed to it. When returning to your client app, you should still see only blue blocks, because we set our routing constraints in the previous step.

Testing before release

Let’s test our green version before we release it to customers. tbnproxy allows you to route to service instances based on headers set in the request. Navigate to app.turbinelabs.io, log in and select the zone you’re working with (testbed by default). Click "Settings" -> "Edit Routes", and select testbed-domain:80/api from the top left dropdown. You should see the following screen

Click “Add Rule” from the top right, and enter the following values.

This tells the proxy to look for a header called X-Tbn-Version. If the proxy finds that header, it uses the value to find servers in the all-in-one-client cluster that have a matching version label. For example, setting X-Tbn-Version: blue on a request would match blue servers, and X-Tbn-Version: green would match green servers.

The demo app converts a X-Tbn-Version query parameter into a header in calls to the backend; if you navigate to http://<your external IP>?X-Tbn-Version=green you should see all green boxes. Meanwhile going to http://<your-client> without that parameter still shows blue.

This technique is extremely powerful. New software was previewed in production without customers being affected. You were able to test the new software on the live site before releasing to customers. In a real world scenario your testers can perform validation, you can load test, and you can demo to stakeholders without running through a complicated multi-environment scenario, even during another release.

Incremental release

Now we're ready to do an incremental release from blue to green. Right now the default rules for /api send all traffic to blue. Let’s introduce a small percentage of green traffic to customers.

Navigate to app.turbinelabs.io, then click "Release Groups" below the top-line charts. The row "server" should be marked "RELEASE READY". Click anywhere in the row to expand it, then click "Start Release".

Let's send 25% of traffic to our new green version by moving the slider and clicking "Start Release". The release group should now be marked "RELEASING".

The all in one client should now show a mix of blue and green. You can increment the green percentage as you like. When you get to 100%, the release is complete.

Congratulations! You've safely and incrementally released a new version of your production software. Both blue and green versions are still running; if a problem were found with green, a rollback to blue would be just as easy.

Testing latency and error rates

In order to demo what errors and latency issues may look like in a production environment, we implemented a few parameters that can be set to illustrate these scenarios. By default, each of the demo servers returns a successful (status code 200) response with its color (as a hex string) as the response body.

URL parameters passed to the client web page at can be used to control the mean latency and error rate of each of the different server colors.

An example

The following URL will show an error rate and delayed response for green and blue servers.

http://<your external IP>/?x-blue-delay=25&x-blue-error=.001&x-green-delay=10&x-green-error=.25

This will simulate a bad green release, and a need to rollback to a known good blue release.

Parameter effect

These parameters can be modified in the above example as follows:

  • x-color-delay: sets the mean delay in milliseconds.
  • x-color-error: sets the error rate, describe as a fraction of 1 (e.g., 0.5 causes an error 50% of the time).

The latency and error rates are passed to the demo servers as HTTP headers with the same name and value as the URL parameters described. You can use these parameters to help you visualize the effects of a bad release, or an issue with the code in a new version of your application, which would be cause to step-down the release and return traffic to a known-good version.

Driving synthetic traffic

If you'd like to drive steady traffic to your all-in-one server without keeping a browser window open, you can run the all-in-one-driver image on the same instance as the collector and proxy. If you are running tbnproxy on a port other than 80, you'll need to specify it using the ALL_IN_ONE_DRIVER_HOST environment variable. You can also add error rates and latencies for various using environment variables:

$ docker run -d \
  -e "ALL_IN_ONE_DRIVER_LATENCIES=blue:50ms,green:20ms" \
  -e "ALL_IN_ONE_DRIVER_ERROR_RATES=blue:0.01,green:0.005" \
  turbinelabs/all-in-one-driver:0.10.1

Wrapping-up

Now that you've seen what Houston can do with our all-in-one examples and EC2 , you can try it out with your own services. If you have questions or run into any trouble, please drop us a line, we're here to help.