A bit more context there since you might wonder why customers can cause Sev1’s.

Well, I work for a Database Technology company and we provide a managed service offering. This managed service offering has SLA’s that essentially enforce a 5 minute response time for any “urgent” issue.

Well, a common urgent issue is that the customer suddenly wants to load in a bunch of new data without informing us which causes the cluster to stop accepting write loads.

It’s to the point where most if not all urgent pages result in some form of scaling of the cluster.

Since this is a customer driven behavior, there is no real ability to plan for it - and since these particular customers have special requirements (and thus, less ability to automate scaling operations), I’m unsure if there is any recourse here.

It’s to the point that it doesn’t even feel like an SRE team anymore - we should just instead be called “On-demand scaling agents”. Since we’re constantly trying to scale ahead of our customers.

All in all, I’m starting to feel like this is a management/sales level issue that I cannot possibly address. If we’re selling this managed service offering as essentially “magic” that can be scaled whenever they need then it seems like we’re being setup for failure at the organizational level. Not to mention, not being smart about costs behind scaling and factoring that into these contracts.

So, fellow SRE’s have you had to have this conversation with a larger org? What works for something like this? What doesn’t? Should I just seek greener pastures at this point?

P.S. - Posted c/Programming due to lack of a c/SRE

  • deegeese@sopuli.xyz
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    Queues must stop accepting more work before they bring down the application.

    If the customer wants to write too much data, start rejecting jobs.

    • th3raid0r@tucson.socialOP
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Our database is actually pretty graceful. It just goes into stop writes status. You can still read any data and resolving the situation is as easy as scaling the cluster or removing old records. By no means is the database down or inoperable.

      Essentially our database is working as designed. If we rate limited it further then we have less of a product to sell. The main feature we sell of our database technology is its IOPS and resiliency.

      Further, this is just for a specific customer, it has no impact to any other customers or any sort of central orchestration. Generally speaking the stop writes status only ever impacts a single customer and their associated applications.

      Also, customers can be very stingy with the clusters they are willing to buy. We actually are on poor terms of the couple of our customers who just refuse to scale and just expect us to magic their cluster into accepting more data than its sized for.

      • deegeese@sopuli.xyz
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        There is a fundamental rate limit based on cluster performance.

        Your application is not aware of this limit, so it pretends to the client that there is no limit, then falls over.

        Since you can’t make that number be infinity for your stingy customers, you need to send a rate limit exceeded error, even if you won’t admit to having an actual IOPS limit.

        Surely there are cluster sizing guidelines you can point to once someone fills the queue?