Table of Contents |
---|
Top-Level Goal
The top-level goal is a single API for managing cluster configuration.
The beneficiaries of this work are those who want to change the configuration of the cluster (create/destroy regions, indices or gateway receivers/senders etc), and have these changes replicated on all the applicable servers and persisted in the cluster configuration service. In addition to developers building Geode-based applications, the target user group includes developers working on different parts of the Geode code such as Spring Data for Apache, queries for Lucene index, or storage for the JDBC connector.
Problem Statement
In the current implementation:
- Most cluster configuration tasks are possible, but only by coordinating XML file-based configuration files, properties files, and gfsh commands.
- Many of the desired outcomes are achievable through multiple paths.
- Establishing a consistent configuration and persisting it across the cluster is difficult, sometimes impossible.
Product Goals
The developer should be able to:
Create regions/indices on the fly.
Persist the configuration and apply it to the cluster (when a new node joins, it has the config; when the server restarts, it has the config)
Obtain a consistent view of the current configuration
Apply the same change to the cluster in the same way
Be able to change the configuration in one place
Obtain this configuration without being on the cluster
Proposed Solution
The proposed solution includes:
- Address the multiple path issue by presenting a single public API for configuring the cluster, including such tasks as creating a region destroying an index, or update an async event queue.
- Provide a means to persist the change in the cluster configuration.
- Save a configuration to the Cluster Management Service without having to restart the servers
- Obtain the cluster management service from a cache when calling from a client or a server
- Pass a config object to the cluster management service
- Use CRUD operations to manage config objects
This solution should meet the following requirements:
The user needs to be authenticated and authorized for each API call based on the resource he/she is trying to access.
- Enable Security Manager with Finer Grained Security
User can call the API from either the client side or the server side.
The outcome (behavior) is the same on both client and server:
affects cluster wide
idempotent
What We Have Now
Our admin rest API "sort of" already serves this purpose, but it has these shortcomings:
- It's not a public API
- The API is restricted to the operations implemented as gfsh commands, as the argument to the API is a gfsh command string.
- Each command does similar things, yet commands may not be consistent with each other.
Below is a diagram of the current state of things:
Gliffy Diagram | ||||
---|---|---|---|---|
|
From the current state of commands, It's not easy to extract a common interface for all the commands. And developers do not want to use gfsh command strings as a "makeshift" API to call into the command. We are in need of a unified interface and a unified workflow for all the commands.
Proposal
We propose a new Cluster Management Service (CMS) which has two responsibilities:
- Update runtime configuration of servers (if any running)
- Persist configuration (has to be enabled to use CMS)
Note that in order to use this API, Cluster Configuration needs to be enabled.
Gliffy Diagram | ||||||
---|---|---|---|---|---|---|
|
The CMS API is exposed as a new endpoint as part of "Admin REST APIs", accepting configuration objects (JSON) that need to be applied to the cluster. CMS adheres to the standard REST semantics, so users can use POST, PATCH, DELETE and GET to create, update, delete or read, respectively. The API returns a JSON body that contains a message describing the result along with standard HTTP status codes.
Management REST API
Create region End Point (implemented)
Endpoint:http://locator:8080/geode-management/v2/regions
Method: POST
Headers: Authorization
Permission Required: DATA:MANAGE
Body:
Code Block | ||||
---|---|---|---|---|
| ||||
{
"regionConfig": {
"name": "Foo",
"type": "REPLICATE",
"group": "optional-group-name"
}
} |
Types supported by this Rest API is defined in RegionType:
Code Block | ||||
---|---|---|---|---|
| ||||
public enum RegionType {
PARTITION,
PARTITION_REDUNDANT,
PARTITION_PERSISTENT,
PARTITION_REDUNDANT_PERSISTENT,
PARTITION_OVERFLOW,
PARTITION_REDUNDANT_OVERFLOW,
PARTITION_PERSISTENT_OVERFLOW,
PARTITION_REDUNDANT_PERSISTENT_OVERFLOW,
PARTITION_HEAP_LRU,
PARTITION_REDUNDANT_HEAP_LRU,
PARTITION_PROXY,
PARTITION_PROXY_REDUNDANT,
REPLICATE,
REPLICATE_PERSISTENT,
REPLICATE_OVERFLOW,
REPLICATE_PERSISTENT_OVERFLOW,
REPLICATE_HEAP_LRU,
REPLICATE_PROXY
} |
Code Block | ||||
---|---|---|---|---|
| ||||
{
"memberStatuses" : {
"server-1" : {
"success" : true,
"message" : "success"
}
},
"statusCode" : "OK",
"statusMessage" : "successfully persisted config for cluster",
"successful" : true
}
|
Code Block | ||||
---|---|---|---|---|
| ||||
{
"memberStatuses" : { },
"statusCode" : "ENTITY_EXISTS",
"statusMessage" : "cache element Foo already exists.",
"successful" : false
} |
Code Block | ||||
---|---|---|---|---|
| ||||
{
"memberStatuses" : { },
"statusCode" : "ILLEGAL_ARGUMENT",
"statusMessage" : "Name of the region has to be specified.",
"successful" : false
} |
Code Block | ||||
---|---|---|---|---|
| ||||
{
"memberStatuses" : { },
"statusCode" : "ILLEGAL_ARGUMENT",
"statusMessage" : "Region names may not begin with a double-underscore: __Foo__",
"successful" : false
} |
Code Block | ||||
---|---|---|---|---|
| ||||
{
"memberStatuses" : { },
"statusCode" : "UNAUTHENTICATED",
"statusMessage" : "Authentication error. Please check your credentials",
"successful" : false
} |
Code Block | ||||
---|---|---|---|---|
| ||||
{
"memberStatuses" : { },
"statusCode" : "UNAUTHORIZED",
"statusMessage" : "user not authorized for DATA:MANAGE",
"successful" : false
} |
Code Block | ||||
---|---|---|---|---|
| ||||
{
"memberStatuses" : { },
"statusCode" : "ERROR",
"statusMessage" : "cluster persistence service is not running",
"successful" : false
} |
Notes:
- the CREATE[POST] endpoint is not idempotent, you will receive a 409 when creating the a region with the same name the 2nd time.
- if group name is "cluster" or omitted, the region will be created on all the data members in this cluster.
401 and 403 responses are omitted for the rest of the end points.
List members end point (Implemented)
...
Permission Required: CLUSTER:READ
...
Code Block | ||||
---|---|---|---|---|
| ||||
{
"memberStatuses": {},
"statusCode": "OK",
"statusMessage": null,
"result": [{
"class": "org.apache.geode.management.configuration.MemberConfig",
"id": "locator-0",
"host": "10.118.19.10",
"pid": "51876",
"cacheServers": [{...}],
"locator": true,
"coordinator": true
}, {
"class": "org.apache.geode.management.configuration.MemberConfig",
"id": "server-1",
"host": "10.118.19.10",
"pid": "51877",
"cacheServers": [{...}],
"locator": false,
"coordinator": false
}]
}
|
...
Endpoint:http://locator:8080/geode-management/v2/members?id=server-1
Method: GET
Headers: Authorization
Permission Required: CLUSTER:READ
...
Code Block | ||||
---|---|---|---|---|
| ||||
{
"memberStatuses": {},
"statusCode": "OK",
"statusMessage": null,
"result": [{
"class": "org.apache.geode.management.configuration.MemberConfig",
"id": "server-1",
"host": "10.118.19.10",
"pid": "51877",
"cacheServers": [{...}],
"locator": false,
"coordinator": false
}]
}
|
...
Endpoint:http://locator:8080/geode-management/v2/members?id=Non-Existent
Method: GET
Headers: Authorization
Permission Required: CLUSTER:READ
...
Code Block | ||||
---|---|---|---|---|
| ||||
{
"memberStatuses": {},
"statusCode": "OK",
"statusMessage": null,
"result": []
}
|
Get members end point (Implemented)
...
Permission Required: CLUSTER:READ
...
Detailed REST API endpoints with sample requests and responses are available here:
Code Block | ||||
---|---|---|---|---|
| ||||
{
"memberStatuses": {},
"statusCode": "OK",
"statusMessage": null,
"result": [{
"class": "org.apache.geode.management.configuration.MemberConfig",
"id": "server-1",
"host": "10.118.19.10",
"pid": "51877",
"cacheServers": [{...}],
"locator": false,
"coordinator": false
}]
}
|
...
Endpoint:http://locator:8080/geode-management/v2/members/Non-Existent
Method: GET
Headers: Authorization
Permission Required: CLUSTER:READ
...
Code Block | ||||
---|---|---|---|---|
| ||||
{
"memberStatuses": {},
"statusCode": "ENTITY_NOT_FOUND",
"statusMessage": "Unable to find the member with id = Non-Existent",
"result": []
}
|
Root End Point (Not implemented)
...
Endpoint: http://locator:8080/geode-management/v2
Method: GET
Headers: Authorization
...
200
Code Block | ||||
---|---|---|---|---|
| ||||
{
"number_of_locators": 3,
"number_of_servers": 8,
"region_url": "/geode/v2/regions",
"gateway_receiver_url": "/geode/v2/gwr",
"gateway_sender_url": "/geode/v2/gws"
}
|
...
Code Block | ||||
---|---|---|---|---|
| ||||
{
"message": "Missing authentication credential header(s)"
} |
...
Code Block | ||||
---|---|---|---|---|
| ||||
{
"message": "User1 not authorized for CLUSTER:READ"
} |
List End Point (not implemented)
Endpoint: http://locator:8080/geode-management/v2/regions
Method: GET
Headers: Authorization
200
Code Block | ||||
---|---|---|---|---|
| ||||
{
"Total_results": 10,
"Regions" : [
{
"Name": "Foo",
"Url": "/geode/v2/regions/Foo"
},
...
]
} |
Code Block | ||||
---|---|---|---|---|
| ||||
{
"message": "Missing authentication credential header(s)"
} |
Code Block | ||||
---|---|---|---|---|
| ||||
{
"message": "User1 not authorized for CLUSTER:READ"
} |
Describe End Point (Not Implemented)
Endpoint: http://locator:8080/geode-management/v2/regions/Foo
Method: GET
Headers: Authorization
200
Code Block | ||||
---|---|---|---|---|
| ||||
{
"Name": "Foo",
"Data_Policy": "partition",
"Hosting_Members": [
"s1",
"s2",
"s3"
],
"Size": 0,
"Indices": [
{
"Id": 111,
"Url": "/geode/v2/regions/Customer/index/111"
}
]
} |
Code Block | ||||
---|---|---|---|---|
| ||||
{
"message": "Missing authentication credential header(s)"
} |
Code Block | ||||
---|---|---|---|---|
| ||||
{
"message": "User1 not authorized for CLUSTER:READ"
} |
Code Block | ||||
---|---|---|---|---|
| ||||
{
"message": "Region with name '/Foo' does not exist"
} |
Update End Point (not implemented)
Endpoint: http://locator:8080/geode-management/v2/regions/Foo
Method: PATCH
Headers: Authorization
Body:
Code Block | ||||
---|---|---|---|---|
| ||||
{
"regionConfig": {
"gateway_sender_id": ["1","2"]
}
} |
200
Code Block | ||||
---|---|---|---|---|
| ||||
{
"Metadata": {
"Url": "/geode/v2/regions/Foo"
}
} |
Code Block | ||||
---|---|---|---|---|
| ||||
{
"message": "Invalid parameter specified"
} |
Code Block | ||||
---|---|---|---|---|
| ||||
{
"message": "Missing authentication credential header(s)"
} |
Code Block | ||||
---|---|---|---|---|
| ||||
{
"message": "User1 not authorized for DATA:MANAGE"
} |
Code Block | ||||
---|---|---|---|---|
| ||||
{
"message": "Region with name '/Foo' does not exist"
} |
Code Block | ||||
---|---|---|---|---|
| ||||
{
"message": "Failed to update region /Foo because of <reason>"
} |
Delete End Point (Not Implemented)
Endpoint: http://locator:8080/geode-management/v2/regions/Foo
Method: DELETE
Headers: Authorization
204
<Successful deletion>
Code Block | ||||
---|---|---|---|---|
| ||||
{
"message": "Region with name '/Foo' does not exist"
} |
Code Block | ||||
---|---|---|---|---|
| ||||
{
"message": "Missing authentication credential header(s)"
} |
Code Block | ||||
---|---|---|---|---|
| ||||
{
"message": "User1 not authorized for DATA:MANAGE"
} |
Code Block | ||||
---|---|---|---|---|
| ||||
{
"message": "Failed to delete region /Foo because of <reason>"
} |
Note that the DELETE endpoint is idempotent – i.e. it should be a NOOP if the region does not exist.
Let's look at some code to see how users can use this service. The below example shows how to create a region using CMS.
Curl (any standard REST client)
Code Block | ||||
---|---|---|---|---|
| ||||
curl [-v] [-u user[:password]] -H "Content-Type: application/json" http://<locator.host>:7070/geode-management/v2/regions -XPOST -d ' { "name": "Foo", "type": "PARTITION", "group": "optional-group-name" }' Sample to copy/paste: curl -H "Content-Type: application/json" http://localhost:7070/geode-management/v2/regions -XPOST -d '{"name": "Foo","type": "PARTITION"}' curl -H "Content-Type: application/json" http://localhost:7070/geode-management/v2/regions -XPOST -d '{"name": "Foo","type": "PARTITION", "group": "optional-group-name"}' |
Java Client
To ease the interaction with the rest end point, we provided a java client version of Cluster Management Service. Here is an example to get an instance of this service and use it in any java client code. You will need to have geode-management.jar in your classpath.
About the definition of Region type , can refer to the following class:
org.apache.geode.cache.configuration.RegionType
Code Block | ||||
---|---|---|---|---|
| ||||
public static void main(String[] args) { String regionName = args[0]; ClusterManagementService cms = ClusterManagementServiceProvider.getService("localhost", 7070); BasicRegionConfig config = new BasicRegionConfig(); config.setName(regionName); config.setType(RegionType.PARTITION); config.setGroup("optional-group-name"); ClusterManagementResult result = cms.create(config); if (!result.isSuccessful()) { throw new RuntimeException( "Failure creating region: " + result.getStatusMessage()); } } |
The above example is for interacting with the Cluster Management Service's REST end point which has no ssl nor security turned on. To manage a cluster that has security and SSL enabled, you will need to provide a SSLContext
and credentials when getting the service:
Code Block | ||||
---|---|---|---|---|
| ||||
public static void main(String[] args) { String regionName = args[0]; SSLContext sslContext = SSLContext.getDefault(); HostnameVerifier hostnameVerifier = new NoopHostnameVerifier(); ClusterManagementService cms = ClusterManagementServiceProvider.getService("localhost", 7070, sslContext, hostnameVerifier, "username", "password"); ..... } |
Note: In the context of Geode client, an instance of the ClusterManagementService
can be retrieved be calling ClusterManagementServiceProvider.getService()
with providing any parameters. This will attempt to use any existing security or SSL configuration to determine the CMS REST endpoint. For this to automagically work If a SecurityManager
is enabled, the Geode properties security-username
and security-password
must be set.
...