ignite-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexey Kuznetsov <akuznet...@gridgain.com>
Subject Re: Ignite Web Control Center Architecture
Date Tue, 14 Jul 2015 17:35:04 GMT
Ok. now I see your point.

We will implement 3rd approach than.

On Wed, Jul 15, 2015 at 12:12 AM, Dmitriy Setrakyan <dsetrakyan@apache.org>
wrote:

> Guys,
>
> Neither 1st or 2nd approaches are secure. Keep in mind that agent has a
> connection with the outside world, so it already will be considered a
> higher security risk. The safest way for it to connect to the cluster is
> via standard HTTP over port 80.
>
> Generally, any approach that requires anything other than HTTP (port 80)
> introduces higher security risk. On top of that, it requires punching holes
> in a firewall, extra approvals, etc.
>
> My strong preference is 3rd approach. Web agent is simply a proxy between
> the web-control-center and the grid. It should simply forward
> requests/responses and have almost no logic of its own.
>
> D.
>
> On Tue, Jul 14, 2015 at 9:57 AM, Alexey Kuznetsov <akuznetsov@gridgain.com
> >
> wrote:
>
> > We need web-agent for three use cases:
> > #1 Grid monitoring.
> > #2 SQL.
> > #3 Collect metadata from RDBMS.
> >
> > #1 and #2 will require interaction with grid.
> > #3 just connect to DB and grab metadata.
> >
> > So, in this thread three approaches to design web-agent were introduced.
> > Let's see their pro and cons.
> >
> > First approach: implement web-agent as Ignite plugin that will start
> > singleton service.
> >    Pro: Native to Ignite, automatic failover, easy to deploy (just put a
> > jar into classpath).
> >    Cons: How to implement use case #3? What about security? Production
> grid
> > usually deployed in closed network.
> >
> > Second approach: implement web-agent as separate application that will
> > start daemon node inside when needed. Actually this is how Visor works.
> >    Pro: Also native to Ignite (could reuse Visor tasks already). Easy to
> > deploy (as Visor) - just put some jars in bin/web-agent folder +
> > bin\web-agent.sh
> >           Secure. Web-agent could use binary rest protocol as Visor and
> > work even via ssh tunnel.
> >    Cons: No automatic failover.
> >
> > Third approach:  implement web-agent as lightweight proxy between
> > web-server and Ignite.
> >     Web-agent will retranslate http request to grid and retranslate
> results
> > from grid to web control center.
> >   Pro: It is lightweight and could be implemented  without dependencies
> > from Ignite.
> >   Cons: Not native to Ignite. We need to implement two protocols:
> > web-control-center <-> web agent and web agent <-> Ignite.
> >
> >
> > As for me I most like second approach because we have a lot of experience
> > with Visor and could reuse code.
> >
> >
> > Thought?
> >
> >
> > On Tue, Jul 14, 2015 at 11:38 PM, Nikita Ivanov <nivanov30@gmail.com>
> > wrote:
> >
> > > +1 on Dmitriy's approach.
> > >
> > > --
> > > Nikita Ivanov
> > >
> > >
> > > On Tue, Jul 14, 2015 at 9:30 AM, Dmitriy Setrakyan <
> > dsetrakyan@apache.org>
> > > wrote:
> > >
> > > > On Tue, Jul 14, 2015 at 8:30 AM, Yakov Zhdanov <yzhdanov@apache.org>
> > > > wrote:
> > > >
> > > > > Why? Do you understand how many problems you bring with this
> > approach?
> > > > >
> > > >
> > > > Yakov, unfortunately this is not about ease of implementation, but
> > about
> > > > security. We will not be allowed to connect to the grid cluster from
> > > where
> > > > the web agent is running.
> > > >
> > > > I also don't see how we are adding a lot of complexity either. The
> way
> > I
> > > > see it being implemented is by creating a set of tasks that will
> return
> > > > JSON objects for metrics, topology, etc. which will be processed on
> the
> > > > browser side. These tasks can be easily executed over HTTP REST
> > protocol.
> > > >
> > > >
> > > > >
> > > > > --Yakov
> > > > >
> > > > > 2015-07-14 18:00 GMT+03:00 Dmitriy Setrakyan <
> dsetrakyan@apache.org
> > >:
> > > > >
> > > > > > Yakov,
> > > > > >
> > > > > > We cannot start a client inside of an agent simply because agent
> > will
> > > > be
> > > > > > started outside of the cluster where grid is deployed. Agent
will
> > be
> > > > > > connecting to the grid using HTTP Rest requests.
> > > > > >
> > > > > > D.
> > > > > >
> > > > > > On Tue, Jul 14, 2015 at 6:16 AM, Yakov Zhdanov <
> > yzhdanov@apache.org>
> > > > > > wrote:
> > > > > >
> > > > > > > I like the design where agent is a plugin to Ignite.
> > > > > Agent-ControlCenter
> > > > > > > can be incorporated into the singleton cluster-wide service
> > > deployed
> > > > by
> > > > > > > plugin on start. This approach seems very good and clean
to me:
> > > > > > > 1. Easy to config - just drop JAR with plugin to classpath
> > > > > > > 2. It is native to the cluster - it operates inside.
> > > > > > > 3. Failover works out of the box.
> > > > > > >
> > > > > > > Thanks!
> > > > > > >
> > > > > > > --Yakov
> > > > > > >
> > > > > > > 2015-07-02 19:35 GMT+03:00 Dmitriy Setrakyan <
> > > dsetrakyan@apache.org
> > > > >:
> > > > > > >
> > > > > > > > On Thu, Jul 2, 2015 at 8:08 AM, Sergey Evdokimov <
> > > > > > > sevdokimov@gridgain.com>
> > > > > > > > wrote:
> > > > > > > >
> > > > > > > > > Yes, Web Agent can open connection to Control
Center at any
> > > time.
> > > > > Web
> > > > > > > > Agent
> > > > > > > > > is started up as much as started up cluster,
but user looks
> > to
> > > > > > Control
> > > > > > > > > Center infrequently. Web Agent have to keep connection
> always
> > > > > opened
> > > > > > or
> > > > > > > > we
> > > > > > > > > need a way to notify Web Agent about new web-session
on Web
> > > > Control
> > > > > > > > Center.
> > > > > > > > >
> > > > > > > >
> > > > > > > > Sergey, the agent should automatically reconnect whenever
a
> > > > > connection
> > > > > > is
> > > > > > > > lost. For example, it can send a keep-alive ping every
2
> > seconds
> > > > back
> > > > > > to
> > > > > > > > the web control center.
> > > > > > > >
> > > > > > > > If you having doubts in the approach, please ping
me on Skype
> > so
> > > we
> > > > > > could
> > > > > > > > flush out the details.
> > > > > > > >
> > > > > > > >
> > > > > > > > >
> > > > > > > > > On Thu, Jul 2, 2015 at 5:53 PM, Dmitriy Setrakyan
<
> > > > > > > dsetrakyan@apache.org
> > > > > > > > >
> > > > > > > > > wrote:
> > > > > > > > >
> > > > > > > > > > On Thu, Jul 2, 2015 at 7:29 AM, Sergey Evdokimov
<
> > > > > > > > > sevdokimov@gridgain.com>
> > > > > > > > > > wrote:
> > > > > > > > > >
> > > > > > > > > > > Web Agent can be shipped as Ignite
plugin and start
> > inside
> > > > the
> > > > > > > > cluster
> > > > > > > > > as
> > > > > > > > > > > service to avoid unnecessary configuration.
> > > > > > > > > > >
> > > > > > > > > > > How Web Agent will detect that Web
Control Center need
> a
> > > > data?
> > > > > > Web
> > > > > > > > > > Control
> > > > > > > > > > > Center cannot open connection to cluster,
because
> cluster
> > > may
> > > > > be
> > > > > > in
> > > > > > > > > local
> > > > > > > > > > > network without static IP. Do you mean
that Web Agent
> > will
> > > > keep
> > > > > > > > opened
> > > > > > > > > > > connection to Web Control Center always?
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > However, the Ignite web agent should be
able to open a
> > > > connection
> > > > > > to
> > > > > > > > the
> > > > > > > > > > web control center, no?
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > On Thu, Jul 2, 2015 at 5:12 PM, Alexey
Kuznetsov <
> > > > > > > > > > akuznetsov@gridgain.com>
> > > > > > > > > > > wrote:
> > > > > > > > > > >
> > > > > > > > > > > > Igniters,
> > > > > > > > > > > >
> > > > > > > > > > > > I'm working on Web Control Center
and first release
> is
> > > > near.
> > > > > > > > > > > > In first release we will provide
UI for cluster and
> > > caches
> > > > > > > > > > configuration.
> > > > > > > > > > > >
> > > > > > > > > > > > In next releases we will provide
Monitoring, SQL and
> > > Schema
> > > > > > > Import
> > > > > > > > > > > Utility.
> > > > > > > > > > > > But those advanced features require
access to Ignite
> > > > cluster
> > > > > > (for
> > > > > > > > > > > > Monitoring and SQL)
> > > > > > > > > > > >  and access to DB server for Schema
Import.
> > > > > > > > > > > >
> > > > > > > > > > > > After some thoughts we decided
to create a so-called
> > "web
> > > > > > agent"
> > > > > > > it
> > > > > > > > > > will
> > > > > > > > > > > be
> > > > > > > > > > > > started "near" cluster and DB
will connect to it and
> > send
> > > > all
> > > > > > > > needed
> > > > > > > > > > info
> > > > > > > > > > > > to Web Control Center.
> > > > > > > > > > > >
> > > > > > > > > > > > Any ideas, thoughts and suggestions
are very welcome.
> > > > > > > > > > > >
> > > > > > > > > > > > Thanks.
> > > > > > > > > > > >
> > > > > > > > > > > > --
> > > > > > > > > > > > Alexey Kuznetsov
> > > > > > > > > > > > GridGain Systems
> > > > > > > > > > > > www.gridgain.com
> > > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> >
> >
> > --
> > Alexey Kuznetsov
> > GridGain Systems
> > www.gridgain.com
> >
>



-- 
Alexey Kuznetsov
GridGain Systems
www.gridgain.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message