How state machines can affect your Agility

On a Monday morning I went into work to find one of the systems down and it reminded me of one of the rules I had developed working out the 'Ops' side of DevSecOps.

A lot of people gain experience in Operations, managing applications, these tend to be fairly limited in their scope (e.g. UI -> Middleware -> Database). this kind of system is typically event triggered and so changing the system and making a few calls against the UI will quickly test the entire chain of components. This allows you to immediately confirm the change was successful. 

However as systems become more complex, a typical pattern I have seen in a few Open source and proprietary systems will create distributed state machines, typically there will be multiple services which require data to have certain fields with specific values. The service will then perform an action and once complete update the data object. Once you have a sequence of services operating in this manor you have a state machine.

This directly impacts your ability to confirm a change, as you need to confirm the the change has successfully completed from change point. This can typically take 6-96 hours.

If your team works a standard week (Mon-Friday 9-5), there is usually a rule preventing changes from being performed on a Friday. With an user created event driven service, one day is generally enough time to confirm the change was successful. There is always a risk if you deploy on Friday it fails and the person you need to fix it has finished or worse it fails on the weekend and you are brought in on call or have a very stressful Monday morning.

The problem with a state machine is a change can take much longer than 24 hours. If each service is triggered every 6 hours and you have 3 services, then 24 hours allows you to confirm the system is working as expected.

But what if you have a Apache Cassandra data centres and you want to change the tombstone rules? A 'data centre' is a cluster of Cassandra nodes, Cassandra will keep multiple copies of data. There is a process which compares changed data to confirm each copy is correct. To delete data Cassandra adds a 'tombstone' flag to the data, this results in a change to the data, the flag is replicated to all copies. Once all copies of the data have the flag it is purged from the data centre.

Cassandra runs this as a series of services, each of which has their own state machine. Each service runs at a set time and doesn't run over all the data. Depending on your cluster and data size, to go from a flagged data object to a purged object can take 6 -72 hours.

If the tombstone process takes 72 hours and you want to change that process, you need to plan your change so the whole process completes before Friday (giving you time to fix/roll back). This means the latest you can perform the change is Tuesday Morning.

Factoring this into your deployment process is very important. If changes are limited to Monday/Tuesday it will directly impact your ability to deliver and the your teams ability to react to issues.

Once you acknowledge the impact this places on your team, you can prioritise addressing that impact. Quite often when I have focussed on this kind of problem, I have been surprised about how a number of small changes can have a drastic effect on this long tail.

Comments

Post a Comment

Popular posts from this blog

Why you should always check your requirements

Image
Many years ago I worked on a refresh of a simulation test tool. The tool presented a map display and you could place events on the map (e.g. a boat appears at location 50.1,97.3 at time 13:00 and reached 58.3,96.45 at 15:00) to construct test scenarios. The idea is you would build a set of scenarios to confirm a system correctly responded to events (system test tool).  The point of the refresh was to take the 'engine' of the tool (written in C++) and replace the ancient UI with a internal pluggable platform that embedded a Map interface into Eclipse Rich Client Program (RCP). We ported the requirements from the original tool and one of those was: The tool can open Scenario XYZ We obtained a copy of the scenario and added it to our weekly test pack runs, but we quickly ran into problems. Getting Scenario XYZ To Run  Scenario XYZ had thousands of events and the first few times we tried to open it the entire UI would crash. Single Threaded Application Each service was designed ...
Read more

Continuous Integration is an organisation problem

Image
After 10 years in DevSecOps, there is an assumption that that every project is unique and needs to deploy their own Continuous Integration (CI) instance and write their own Continuous Integration / Continuous Deployment (CI/CD) pipelines   However within a CI Pipeline you should be producing a build artefact which is supplied into a CD pipeline. Many CD Pipelines can be triggered by various means. This allows you to manage CI and CD pipelines separately.  While the mechanism and configuration of a deployed product can vary greatly between software products the CI pipelines face the same constraints which mean each project implementation is highly limited in the process it must implement. This blog will outline the reasoning behind the last statement There are only so many build systems Modern software languages have build automation systems and Dependency Management Systems, these aim to automate the mundane tasks in building, testing and releasing a software project. The ...
Read more

How tools have their own workflow

Image
When we develop libraries & tools we define various means to interact with them. We do this by thinking about use cases and so we build in assumptions in how we expect our target users to typically interact with our work. In this sense everything built has an intended way of being used, a workflow.  When we want to achieve a goal, we should be asking ourselves how we want to solve the problem and looking for things which enable that approach. If we are constrained in the tools/libraries we can use, we should focus on how those tools are designed to solve the problem. The problem I've found is a lot of teams chase workflows which make no sense when combined with their tool choice. For me a great example of this was GitFlow branching strategy, because I have seen so many teams independently repeat exactly the same mistake. I'm going to take you through a bit of history to explain the issues. Trunk Based Development Before git existed, every source control management solution ...
Read more