锁定整个舰队:大规模静态加密与磁盘隔离

At Uber, we use the Stateful Platform Odin to run databases. Teams of engineers are responsible for database technologies such as MySQL®, Redis®, Apache Cassandra®, Schemaless, and others for the 5,000 software engineers at Uber. Odin provides 3.45 Exabytes of disk space across 100,000 hosts. This blog post describes how we achieve fleet-level encryption at rest while providing transparency for stakeholders.

在 Uber,我们使用有状态平台 Odin 来运行数据库。工程师团队负责为 Uber 的 5,000 名软件工程师提供 MySQL®、Redis®、Apache Cassandra®、Schemaless 等数据库技术。Odin 在 100,000 台主机上提供了 3.45 EB 的磁盘空间。这篇博文介绍了我们如何在实现集群级静态加密的同时,为利益相关者提供透明性。

Historically, Uber relied on local disks for data storage on the Stateful Platform (Odin). Then these local disks were merged into a single RAID0 device with a single file system shared between multiple workloads. 

历史上,Uber 在 Stateful Platform(Odin)上使用本地磁盘进行数据存储。随后,这些本地磁盘被合并为单个 RAID0 设备,并由多个工作负载共享同一文件系统。

This is shown in Figure 1.

如图 1 所示。

Image

Figure 1: Shared file system layout.

图 1:共享文件系统布局。

As servers got larger, we colocated more workloads on each host to ensure high resource utilization and capacity efficiency. In some cases, we have more than 100 workloads running on a single host!

随着服务器规模扩大,我们在每台主机上共置更多工作负载,以确保高资源利用率和容量效率。在某些情况下,单台主机上运行着超过 100 个工作负载!

Moving from a shared file system to one-volume-per-workload had a large impact. On the negative side, we lost the ability to share disk space between workloads as an elastic resource, and needed more complex logic to manage the creation, maintenance, and cleanup of volumes.

从共享文件系统迁移到每个工作负载独占一个卷带来了巨大影响。负面影响方面,我们失去了将磁盘空间作为弹性资源在工作负载之间共享的能力,并且需要更复杂的逻辑来管理卷的创建、维护和清理。

However, the benefits vastly outweighed the negatives. With dynamic volume management, we got the ability to tune workloads FS and performance configuration such as inode ratios and read-ahead values.

然而,收益远远大于负面影响。借助动态卷管理,我们获得了调整工作负载文件系统和性能配置(如 inode 比例和预读值)的能力。

We also moved the volume configuration higher up the stack, such that the Odin teams can change volume layouts independently of other teams. This reduces the lead ...

开通本站会员,查看完整译文。

首页 - Wiki
Copyright © 2011-2025 iteam. Current version is 2.145.0. UTC+08:00, 2025-08-18 06:45
浙ICP备14020137号-1 $访客地图$