Project

General

Profile

Routing multi cluster requests » History » Revision 2

Revision 1 (Peter Amstutz, 06/21/2017 02:29 PM) → Revision 2/6 (Peter Amstutz, 06/21/2017 03:27 PM)

h1. Routing multi cluster requests Multi-cluster client access 

 h2. Concept 

 The goal of federation is to present an interface that fuses multiple clusters into a single view. 

 This requires a router or proxy which determines which cluster(s) a request should go.    This could exist in several places: entirely in the client, in a dedicated request router service, on the local cluster's API server. 

 For the purposes of this discussion, we'll consider how this works when implemented entirely on the client side.    A router service is likely to have similar request handling behavior but has the additional requirement to act as a transparent API server proxy. 

 h2. Examples 

 My "home cluster" is qr1hi.    I have a token qr1hi-secretsecretsecret. 

 h3. I want to read a collection on c97qk using the Python SDK. 

 <pre> 
 c = CollectionReader("c97qk-...") 
 </pre> 

 # The CollectionReader calls the request router class. 
 # The request router class examines the prefix c97qk and contacts c97qk.arvadosapi.com. 
 # The request router uses the "salted" token hmac(c97qk, qr1hi-secretsecretsecret) &rarr; qr1hi-secretsecretc97qk 
 # c97qk gets the token and notices the qr1hi prefix. 
 # c97qk contacts qr1hi to determine if the token is valid and what user is associated with the token. 
 # c97qk caches the token and sets current_user.    The request proceeds as normal. 
 # The request gets the response and returns it to CollectionReader. 
 #* manifest_text needs to be munged by either the c97qk or the request router to add the hint "+K@c97qk" so that blocks will be fetched from c97qk. 

 h3. I want to search for a collection across clusters 

 <pre> 
 c = router.collections().list(filters=[["name", "like", "sample-1234%"]]).execute() 
 </pre> 

 # The router has a "search list" of clusters (where does this come from??? maybe an attribute of the primary user account    on qr1hi?) 
 # The router sends the request to each cluster in parallel using federated identity / salted token described above. 
 # The router gathers the results. 
 # The router collates the results (will need to understand "order" option to do this properly) 
 # Collated results are returned 
 # Paging - ???    likely need to keep track of some state locally to be able to be able to issue correct follow-up requests to each cluster.    Can have consistent ordering within a page but not across pages unless all pages are fetched first. 

 h3. I want to create a collection on another cluster. 

 Provide "owner_uuid" of a project or group on a foreign cluster. 

 <pre> 
 router.collections().create(body={"owner_uuid": "c97qk-...."}).execute() 
 </pre> 

 # The request router class examines the prefix c97qk and contacts c97qk.arvadosapi.com using federated identity / salted token described above . 
 # The cluster determines if the user has write access to the group or project and validates the create request as normal. 
 # The newly created record is returned. 

 No "owner_uuid" means creating the object on the "home" cluster. 

 h3. I want to update an object on another cluster. 

 <pre> 
 router.collections().update(uuid="c97qk-....", body={....}).execute() 
 </pre> 

 # The request router class examines the prefix c97qk and contacts c97qk.arvadosapi.com using federated identity / salted token described above . 
 # The cluster determines if the user has write access to object and validates the update request as normal. 
 # The updated record is returned. 

 h3. I want to change the ownership of an object to a project on another cluster. 

 ???