diff --git a/2025-04-03-stack/assets/deuxfleurs-nomad-20241022.png b/2025-04-03-stack/assets/deuxfleurs-nomad-20241022.png new file mode 100644 index 0000000..dbcf9a3 Binary files /dev/null and b/2025-04-03-stack/assets/deuxfleurs-nomad-20241022.png differ diff --git a/2025-04-03-stack/talk.tex b/2025-04-03-stack/talk.tex index 2ba218a..d471a8e 100644 --- a/2025-04-03-stack/talk.tex +++ b/2025-04-03-stack/talk.tex @@ -148,101 +148,90 @@ Approche greenfield : on choisit et conçoit les services que l'on fournit \end{frame} +\begin{frame} +\frametitle{Infrastructure et logiciels actuels} + +{\Large Choix radicaux $\Longrightarrow$ infrastructure spécifique} + +\vfill + +{\large Qu'est-ce qui fonctionne actuellement ?} + +\end{frame} + +\begin{frame} +\frametitle{Infrastructure et logiciels actuels} +\begin{itemize} +\item Des machines en nombre limité et peu puissantes +\item Plusieurs zones géographiques +\item Un orchestrateur distribué ``off the shelf'' (Nomad + Consul) +\item Un logiciel de stockage objet distribué ``maison'' (Garage) +\item Des boucles de rétroaction +\item Des services majoritairement distribués +\end{itemize} +\end{frame} + +\begin{frame}[plain] +\begin{center} +\includegraphics[height=\textheight]{assets/deuxfleurs-nomad-20241022.png} +\end{center} +\end{frame} + +\begin{frame} +\frametitle{Nomad} +\begin{itemize} +\item Orchestrateur développé par Hashicorp / IBM +\item Définition déclarative des ``jobs'' avec contraintes +\item Fonctions : ordonnancement et maintien en condition +\item Control plane hautement disponible (clustering Raft) +\end{itemize} +\end{frame} + +\begin{frame}[fragile] +\frametitle{Exemple de job Nomad (simplifié)} +\begin{footnotesize} +\begin{verbatim} +job "jitsi" { + datacenters = ["neptune", "scorpio", "corrin"] + type = "service" + task "front" { + driver = "docker" + config { image = "superboum/amd64_jitsi_meet:v7" + volumes = ["secrets/certs/jitsi.key:/etc/nginx/jitsi.key"] } + template { data = "{{ key \"secrets/jitsi/jitsi.key\" }}" + destination = "secrets/certs/jitsi.key" } + resources { cpu = 300, memory = 200 } + service { + port = "https_port" + name = "https-jitsi" + check { type = "tcp" + port = "https_port" + interval = "60s" + timeout = "5s" } + } + } +} +\end{verbatim} +\end{footnotesize} +\end{frame} + +\begin{frame} +\frametitle{Consul} +\begin{itemize} +\item \textbf{Outil de coordination distribuée} développé par Hashicorp +\item Base de données clé-valeur distribuée (similaire à etcd) +\item Stocke la configuration utile à Nomad + contenu arbitraire +\item Service discovery (via intégration Nomad + API dédiée + DNS) +\item Hautement disponible (clustering Raft) +\end{itemize} +\end{frame} + \begin{frame}[plain] \begin{center} \includegraphics[height=\textheight]{infra_services_control_loop.png} \end{center} \end{frame} - -\begin{frame} - \frametitle{Who I am} - \begin{columns}[t] - \begin{column}{.2\textwidth} - \centering - \adjincludegraphics[width=.4\linewidth, valign=t]{assets/alex.jpg} - \end{column} - \begin{column}{.6\textwidth} - \textbf{Alex Auvolat}\\ - PhD; co-founder of Deuxfleurs - \end{column} - \begin{column}{.2\textwidth} - ~ - \end{column} - \end{columns} - \vspace{2em} - - \begin{columns}[t] - \begin{column}{.2\textwidth} - \centering - \adjincludegraphics[width=.5\linewidth, valign=t]{assets/logos/deuxfleurs.pdf} - \end{column} - \begin{column}{.6\textwidth} - \textbf{Deuxfleurs}\\ - A non-profit self-hosting collective,\\ - member of the CHATONS network - \end{column} - \begin{column}{.2\textwidth} - \centering - \adjincludegraphics[width=.7\linewidth, valign=t]{assets/logos/logo_chatons.png} - \end{column} - \end{columns} - -\end{frame} - -\begin{frame} - \frametitle{Our objective at Deuxfleurs} - - \begin{center} - \textbf{Promote self-hosting and small-scale hosting\\ - as an alternative to large cloud providers} - \end{center} - \vspace{2em} - \visible<2->{ - Why is it hard? - } - \visible<3->{ - \vspace{2em} - \begin{center} - \textbf{\underline{Resilience}}\\ - {\footnotesize we want good uptime/availability with low supervision} - \end{center} - } -\end{frame} - -\begin{frame} - \frametitle{Building a resilient system with cheap stuff} - - \only<1,4-7>{ - \begin{itemize} - \item \textcolor<5->{gray}{Commodity hardware (e.g. old desktop PCs)\\ - \vspace{.5em} - \visible<4->{{\footnotesize (can die at any time)}}} - \vspace{1.5em} - \item<5-> \textcolor<7->{gray}{Regular Internet (e.g. FTTB, FTTH) and power grid connections\\ - \vspace{.5em} - \visible<6->{{\footnotesize (can be unavailable randomly)}}} - \vspace{1.5em} - \item<7-> \textbf{Geographical redundancy} (multi-site replication) - \end{itemize} - } - \only<2>{ - \begin{center} - \includegraphics[width=.8\linewidth]{assets/neptune.jpg} - \end{center} - } - \only<3>{ - \begin{center} - \includegraphics[width=.8\linewidth]{assets/atuin.jpg} - \end{center} - } - \only<8>{ - \begin{center} - \includegraphics[width=.8\linewidth]{assets/inframap_jdll2023.pdf} - \end{center} - } -\end{frame} - \begin{frame} \frametitle{Object storage: a crucial component} \begin{center}