introduction

In recent years , The booming development of open source software , To the software industry 、 Software technology 、 The development of software ecology has brought great opportunities . At the same time, in the process of using open source software, we must also face many risks and problems caused by inherent technical limitations . In storage , With Ceph For example , As an important part of open source technology of cloud technology stack , It also faces the inherent technical limitations of open source projects . Through self-study to make up for the disadvantages of open source architecture , It also unveils the veil that domestic manufacturers adhere to self-development .

Analysis of the development of open source software

The development of open source software benefits from the development of Internet technology , With cloud computing 、 The development of mobile Internet ,OpenStack、k8s、Ceph And so on . These open source projects gave birth to ASF、OIF、CNCF And other foundations , Committed to the incubation and operation of open source projects . With the popularity of open source software hosting platforms , The communication cost of open source global collaboration and co creation has fallen sharply , The number of open source projects continues to increase , According to the measured ,2026 The number of global open source projects will exceed 3 Billion .


In recent years , The explosive growth of open source projects in China . According to the 《 Open source ecological white paper (2021)》, China's largest open source platform in the world GitHub The number of contributors has reached the second in the world .2020 year ,GitHub The number of Chinese contributors on the platform has increased 37%.Gitee2020 According to the annual report data , In our country Gitee The growth rate of open source projects on the platform reached 192%, Reached 1500 ten thousand , yes 2013 - 2018 year Gitee The total number of open source projects on the platform .


Open source technology is essentially , Can accelerate the birth of storage startups , At the same time, it also accelerates the development of open source ecosystem related to storage . Data is the most important asset of an enterprise , Users' requirements for storage reliability often exceed the calculation , There can be no mistakes , And because of that , Innovative brands are not easy to be accepted by the user market . Such as ceph Open source projects of this kind , Through organization 、 Operation of the company or foundation , It realizes the rapid commercial packaging and market promotion of commodities , But it lowers the entry threshold of distributed storage .

Risks faced by open source software

With the vigorous development of the domestic Internet industry and software industry , It has played a positive role in promoting the prosperity and development of economy and society , But in terms of basic software, they are often used to relying on open source , It is generally true of Linux、OpenStack、Ceph And other open source software . Over reliance on open source software will not only lead to the homogenization of software products , It will also increase intellectual property risks and security risks , Attention must be paid .

2021 end of the year , Wangxiaodong, Public Technology Service Department of the state information center, was in 《 Research on the outstanding risks and Countermeasures Faced by China's open source software industry 》 It is pointed out that , China's open source software industry suffers from supply failure 、 code safety 、 intellectual property right 、 Independent innovation and other risks .

The risk of open source security vulnerabilities is significant . According to Xinsi Technology 《2021 Open source security and risk analysis report 》 Show ,84% Your code base contains at least one vulnerability , The proportion of vulnerabilities has increased year by year in the past three years ,60% Our audited code base contains high-risk vulnerabilities . According to open source network security Source Check Scan results of popular open source projects by the tool ,53.8% The project has excessive risk .


Open source needs to pay special attention to data security . Open source software involves source code sharing , Many configuration information will involve sensitive information such as account and password , If you don't audit the code , It may cause a large number of sensitive information and data to be disclosed with the sharing of code . At the same time, open source software is open source , If you include access code to the enterprise database , It may cause the whole database to face the risk of data disclosure , At the same time, it may also lead to the disclosure of internal documents and user information .

Open source may face the risk of conflict between commercial product component agreements . Open source software involves layers of dependencies , Commercial products continue to add new open source components in the process of using open source , May lead to conflicts between different agreements . Therefore, using open source software requires attention to other open source software that open source software depends on / Components . Take the operating system as an example , It relies on tens of thousands of software packages , Involving source code 、 Binary packages and other forms , Problems in any link , May affect the use of the final product .

The operation and maintenance cost is high 、 The difficulty of overall management and the threat of security vulnerabilities have become three major challenges that Chinese user enterprises pay attention to . According to the survey data of China Academy of communications ,2020 In, Chinese enterprise users thought that the technology update iteration was fast 、 The high cost of operation and maintenance accounts for the highest proportion of open source use risks , about 60.8%, Than 2019 Annual data increase 8%; The number of open source software is huge 、 The proportion of overall management difficulties and risks ranks second , achieve 56.7%, And 2019 Lower than annual data 6.7%; Security vulnerabilities pose a serious threat, ranking third in the proportion of risks , achieve 43.7%, And 2019 It's lower than that of last year 6.5%.

The inherent technical limitations of open source storage

The challenge of open source storage software to commercialize , It can't be solved overnight . Storage manufacturers that adhere to the self-development route in China, such as Huawei 、 Zhongke Shuguang and others have experienced years of training , Only with the accumulation of self-developed technology in storage software today . Therefore, we have to think of , Open source storage is so fragrant , Why do we have to do so much self-study ？ It's worth thinking about .

The design process of storage products based on the open source model is more transparent , Because more people contribute code , Product function iteration is faster . Because of its complexity , It's hard for a vendor to test all the code , in application , There are great potential safety hazards .

Among many open source storage software ,Ceph As the leader of open source software definition storage project , The popularity and exposure in the market are very high ,ceph As an extremely complex unified distributed storage system , The technical threshold for production deployment and operation and maintenance is relatively high , For small-scale ceph Cluster deployment can be handled manually . But for a certain scale ceph The manual method of cluster deployment is often somewhat difficult . First of all, the time cost of manual deployment is very high ; Secondly, some uncontrollable misoperations will inevitably occur during manual deployment .

Ceph Problems in the actual production process

Ceph The problems encountered in operation and maintenance are real , Even in the actual operation and maintenance process, there have been other more complex problems , Inventory enterprises in Ceph Five problems encountered in operation and maintenance ：

Expansion is complex

Ceph The data in this paper is represented by PG Organize for units , Therefore, when a new storage unit exits the data pool （OSD） when , Through adjustment OSDMAP It will bring data rebalancing . As mentioned , If it affects multiple OSD The expansion may lead to availability PG in OSD Less than min_size, To produce PG Unavailable 、IO Blocking conditions . In order to try to avoid this situation , We can only reduce the expansion granularity , For example, only one at a time OSD Or a machine 、 A cabinet （ It mainly depends on the storage isolation strategy ）, However, this is bound to bring great operation and maintenance workload , Even the expansion speed may not catch up with the data growth speed .

Complex operation and maintenance

Ceph It's a very complex system in itself , To achieve stable operation and maintenance , It depends on whether the team is familiar with open source software , Are you experienced . meanwhile , It also depends on the quality of open source community documents . The manufacturer has strong technical strength , Naturally, the service quality for users is high , The technical strength of the manufacturer is weaker , The service quality brought to users exists “ discount ”. so , Every time open source storage software is delivered , All are technical tests for open source storage vendors . For the user's own operation and maintenance team , You need to accumulate your own operation and maintenance documents . This is the technology accumulation management of users 、 Technical document management 、 Core brain drain management , Have created some challenges .

Low cluster utilization

The storage cost mainly depends on the availability of the cluster . namely Ceph When the cluster scale increases , Pseudo random algorithm leads to uneven distribution of storage resources , Disk utilization variance is too large .

Ceph The cluster has reached 80% after , Often the disk becomes full , Need administrator intervention , Lower the high disk reweight. And before the disk usage drops , More disks are full , The administrator will intervene again , adjustment reweight,Ceph So far, it has never entered a stable state , The administrator must also keep an eye on the cluster . After the cluster grows , How to clean up garbage data 、 How to archive cold data , It's also a big challenge .

In the process of data migration IO contention

In the process of frequent data migration IO Contention issues . When the cluster scale becomes larger , The hard disk is damaged 、PG Quantity reduction may become normalized .

Temporary machine failures such as crash require manual intervention

In case of machine crash and other faults , In order to avoid a lot of recalculation pg And data migration , It is often necessary to manually disable data recovery and rebalancing , Wait until the machine recovers from failure , To reduce the impact on the business . If it is not prohibited manually , Instead, set a long disk failure 、 Data recovery after node failure , Then the data that may be written during the failure will not be recovered for a long time . It relies heavily on operation and maintenance personnel .

osd Shock

When the cluster pressure is high or the cluster network fails , It can lead to osd The worker thread timed out or osd Heartbeat detection timeout , Some of the cluster osd The status will be up I'll do it later down, At this time, the client writes data stuck or the writing process is dead .

Why do we insist on self-study

Standing performance 、 reliability 、 stability 、 From the perspective of safety , When users are faced with the scheme selection of core business application scenarios , We have always been cautious about open source storage . In particular, the user's own operation and maintenance team is relatively weak , In the case of insufficient experience , Have to face the follow-up software maintenance 、 A series of technical challenges such as update iteration . So users are in the core business 、 Production system and large-scale deployment , The first choice is still the self-developed storage system .

For users , Whether the storage is open source or self-developed , We need to consider our comprehensive cost , Including data security requirements and operation and maintenance costs , Store the service quality and response time of solving problems in the actual application process . Of course , Data security 、 Operation and maintenance cost and service quality , For any open source storage vendor , It is also three major issues worthy of attention .

Combined with the above , The motivation of independent research and development of storage software is probably the following ：

1. Policy orientation . The state should advocate the independent control of key technologies . The trade war between China and the United States has been tit for tat in the past two years , We're not just on chips 5G And other key directions are struggling desperately , In fact, storage 、 Database and other fields are not ？ Now many data products are localized （ It is bound to be self researched ） In the process, we even need to use the domestic self-developed encryption algorithm , To respond to the needs of national data security .
2. Market demand orientation . Solve the problems and pain points of open source storage in enterprise applications , Like stability 、 performance 、 Operation and maintenance 、 Security 、 Multi tenant, etc . Really master the core technology , Develop competitive 、 It's discernible 、 Products that meet customers' needs are still the key to winning the market .
3. Technical support and guarantee . Open source things generally only solve some public basic needs . In addition, enterprises facing multiple demands , Open source can't meet the personalized on-demand customization of enterprises .
4. Security capability . That is to ensure that the system is not interfered by external attacks , And ensure that users' data is not stolen 、 Business will not be interrupted .

Conclusion

Finally, I want to say that although open source is very popular , The platform is also enjoying the dividends of open source , But there must be trade-offs in the development direction of open source itself , The priority setting of new functions may not be able to meet the current customer needs , At this time, self-study shows that it is very fragrant , More and more customers are also enjoying the dividends of self research , Self research is faster than open source in adapting to customer needs and actually landing .