blockade 0.2.0

Blockade: network fault testing with Docker

Blockade is a utility for testing network failures and partitions in distributed applications. Blockade uses Docker containers to run application processes and manages the network from the host system to create various failure scenarios.

A common use is to run a distributed application such as a database or cluster and create network partitions, then observe the behavior of the nodes. For example in a leader election system, you could partition the leader away from the other nodes and ensure that the leader steps down and that another node emerges as leader.

Check out the full documentation for details.

Blockade features:

• A flexible YAML format to describe the containers in your application

• Support for dependencies between containers, using named links

• A CLI tool for managing and querying the status of your blockade

• Creation of arbitrary partitions between containers

• Giving a container a flaky network connection to others (drop packets)

• Giving a container a slow network connection to others (latency)

• While under partition or network failure control, containers can freely communicate with the host system – so you can still grab logs and monitor the application.

Blockade is written and maintained by the Dell Cloud Manager (formerly Enstratius) team and is used internally to test the behaviors of our software. We also release a number of other internal components as open source, most notably Dasein Cloud.

Inspired by the excellent Jepsen series.

Requirements

• docker (>= 1.4.0 due to docker-py)

• iproute2 tools (ip and tc specifically)

Configuration

Blockade expects a blockade.yaml file in the current directory which describes the containers to launch, how they are linked, and various parameters for the blockade modes. Example:

containers:
  c1:
    image: my_docker_image
    command: /bin/myapp
    volumes:
      "/opt/myapp": "/opt/myapp_host"
    expose: [80]
    environment:
      "IS_MASTER": 1
    ports:
      81: 80

  c2:
    image: my_docker_image
    command: /bin/myapp
    volumes: ["/data"]
    expose: [80]
    links:
      c1: master

  c3:
    image: my_docker_image
    command: /bin/myapp
    expose: [80]
    links:
      c1: master

network:
  flaky: 30%
  slow: 75ms 100ms distribution normal

Blockade stores transient information in a local .blockade/ directory. This directory will be cleaned up automatically when you run the blockade destroy command.

Usage

Blockade may be used from the command line manually. The commands are also intended to be easy to wrap and automate within tests, etc.

Blockade must be run as root (or with sudo).

Commands

blockade up

Start the containers and link them together, if necessary.

blockade destroy

Destroys all containers and restore networks.

blockade status

Print the status of the containers and blockade.

blockade flaky n1

blockade flaky n1 n2

Make network flaky to one or more containers.

blockade slow n1

Make network slow to one or more containers.

blockade duplicate n1

Toggle sporadic duplicate packets in the network of one or more containers.

blockade fast n1

Restore network speed and reliability to one or more containers.

blockade partition n1,n2

blockade partition n1,n2 n3,n4

Create one or more network partitions. Each partition is specified as a comma-separated list. Containers may not exist in more than one partition. Containers not specified are grouped into an implicit partition. Each partition command replaces any previous partition or block rules.

blockade join

Remove all partitions between containers.

blockade random-partition

Introduce one or many random partitions among the configured nodes.

License

Blockade is offered under the Apache License 2.0.

Development

Install test dependencies with pip install blockade[test].

You can run integration tests in a Vagrant VM using the included Vagrantfile. Run vagrant up and Docker will be installed in your VM and tests run. You can rerun them with vagrant provision, or SSH into the VM and run them yourself, from /vagrant.

Blockade documentation is built with Sphinx and is found under docs/. To build:

$ pip install -r requirements_docs.txt
$ cd docs/
$ make html

HTML output will be under docs/_build/html/.

The documentation is also hosted online.

Changelog

0.2.0 (2015-12-23)

• #14: Support for docker >1.6, with the native driver. Eliminates the need to use the deprecated LXC driver. Contributed by Gregor Uhlenheuer.

• #12: Fix port publishing. Breaking change: the order of port publishing was swapped to be {external: internal}, to be consistent with the docker command line. Contributed by aidanhs.

• Introduces new duplicate command, which causes some packets to a container to be duplicated. Contributed by Gregor Uhlenheuer.

• Introduces new start, stop, and restart commands, which manage specified containers via Docker. Contributed By Gregor Uhlenheuer.

• Introduces new random partition behavior: blockade partition --random will create zero or more random partitions. Contributed By Gregor Uhlenheuer.

• Reworked the blockade ID generation to be more like docker-compose, instead of using randomly-generated IDs. If --name is specified on the command line, this is used as the blockade ID and is prefixed to container names. Otherwise the blockade name is taken from the basename of the current working directory.

• Numerous other small fixes and features, many contributed by Gregor Uhlenheuer. Thanks Gregor!

0.1.2 (2015-1-28)

• #6: Change ports config keyword to match docker usage. It now publishes a container port to the host. The expose config keyword now offers the previous behavior of ports: it makes a port available from the container, for linking to other containers. Thanks to Simon Bahuchet for the contribution.

• #9: Fix logs command for Python 3.

• Updated dependencies.

0.1.1 (2014-02-12)

• Support for Python 2.6 and Python 3.x

0.1.0 (2014-02-11)

• Initial release of Blockade!