Ok. now I see your point. We will implement 3rd approach than.
On Wed, Jul 15, 2015 at 12:12 AM, Dmitriy Setrakyan <[email protected]> wrote: > Guys, > > Neither 1st or 2nd approaches are secure. Keep in mind that agent has a > connection with the outside world, so it already will be considered a > higher security risk. The safest way for it to connect to the cluster is > via standard HTTP over port 80. > > Generally, any approach that requires anything other than HTTP (port 80) > introduces higher security risk. On top of that, it requires punching holes > in a firewall, extra approvals, etc. > > My strong preference is 3rd approach. Web agent is simply a proxy between > the web-control-center and the grid. It should simply forward > requests/responses and have almost no logic of its own. > > D. > > On Tue, Jul 14, 2015 at 9:57 AM, Alexey Kuznetsov <[email protected] > > > wrote: > > > We need web-agent for three use cases: > > #1 Grid monitoring. > > #2 SQL. > > #3 Collect metadata from RDBMS. > > > > #1 and #2 will require interaction with grid. > > #3 just connect to DB and grab metadata. > > > > So, in this thread three approaches to design web-agent were introduced. > > Let's see their pro and cons. > > > > First approach: implement web-agent as Ignite plugin that will start > > singleton service. > > Pro: Native to Ignite, automatic failover, easy to deploy (just put a > > jar into classpath). > > Cons: How to implement use case #3? What about security? Production > grid > > usually deployed in closed network. > > > > Second approach: implement web-agent as separate application that will > > start daemon node inside when needed. Actually this is how Visor works. > > Pro: Also native to Ignite (could reuse Visor tasks already). Easy to > > deploy (as Visor) - just put some jars in bin/web-agent folder + > > bin\web-agent.sh > > Secure. Web-agent could use binary rest protocol as Visor and > > work even via ssh tunnel. > > Cons: No automatic failover. > > > > Third approach: implement web-agent as lightweight proxy between > > web-server and Ignite. > > Web-agent will retranslate http request to grid and retranslate > results > > from grid to web control center. > > Pro: It is lightweight and could be implemented without dependencies > > from Ignite. > > Cons: Not native to Ignite. We need to implement two protocols: > > web-control-center <-> web agent and web agent <-> Ignite. > > > > > > As for me I most like second approach because we have a lot of experience > > with Visor and could reuse code. > > > > > > Thought? > > > > > > On Tue, Jul 14, 2015 at 11:38 PM, Nikita Ivanov <[email protected]> > > wrote: > > > > > +1 on Dmitriy's approach. > > > > > > -- > > > Nikita Ivanov > > > > > > > > > On Tue, Jul 14, 2015 at 9:30 AM, Dmitriy Setrakyan < > > [email protected]> > > > wrote: > > > > > > > On Tue, Jul 14, 2015 at 8:30 AM, Yakov Zhdanov <[email protected]> > > > > wrote: > > > > > > > > > Why? Do you understand how many problems you bring with this > > approach? > > > > > > > > > > > > > Yakov, unfortunately this is not about ease of implementation, but > > about > > > > security. We will not be allowed to connect to the grid cluster from > > > where > > > > the web agent is running. > > > > > > > > I also don't see how we are adding a lot of complexity either. The > way > > I > > > > see it being implemented is by creating a set of tasks that will > return > > > > JSON objects for metrics, topology, etc. which will be processed on > the > > > > browser side. These tasks can be easily executed over HTTP REST > > protocol. > > > > > > > > > > > > > > > > > > --Yakov > > > > > > > > > > 2015-07-14 18:00 GMT+03:00 Dmitriy Setrakyan < > [email protected] > > >: > > > > > > > > > > > Yakov, > > > > > > > > > > > > We cannot start a client inside of an agent simply because agent > > will > > > > be > > > > > > started outside of the cluster where grid is deployed. Agent will > > be > > > > > > connecting to the grid using HTTP Rest requests. > > > > > > > > > > > > D. > > > > > > > > > > > > On Tue, Jul 14, 2015 at 6:16 AM, Yakov Zhdanov < > > [email protected]> > > > > > > wrote: > > > > > > > > > > > > > I like the design where agent is a plugin to Ignite. > > > > > Agent-ControlCenter > > > > > > > can be incorporated into the singleton cluster-wide service > > > deployed > > > > by > > > > > > > plugin on start. This approach seems very good and clean to me: > > > > > > > 1. Easy to config - just drop JAR with plugin to classpath > > > > > > > 2. It is native to the cluster - it operates inside. > > > > > > > 3. Failover works out of the box. > > > > > > > > > > > > > > Thanks! > > > > > > > > > > > > > > --Yakov > > > > > > > > > > > > > > 2015-07-02 19:35 GMT+03:00 Dmitriy Setrakyan < > > > [email protected] > > > > >: > > > > > > > > > > > > > > > On Thu, Jul 2, 2015 at 8:08 AM, Sergey Evdokimov < > > > > > > > [email protected]> > > > > > > > > wrote: > > > > > > > > > > > > > > > > > Yes, Web Agent can open connection to Control Center at any > > > time. > > > > > Web > > > > > > > > Agent > > > > > > > > > is started up as much as started up cluster, but user looks > > to > > > > > > Control > > > > > > > > > Center infrequently. Web Agent have to keep connection > always > > > > > opened > > > > > > or > > > > > > > > we > > > > > > > > > need a way to notify Web Agent about new web-session on Web > > > > Control > > > > > > > > Center. > > > > > > > > > > > > > > > > > > > > > > > > > Sergey, the agent should automatically reconnect whenever a > > > > > connection > > > > > > is > > > > > > > > lost. For example, it can send a keep-alive ping every 2 > > seconds > > > > back > > > > > > to > > > > > > > > the web control center. > > > > > > > > > > > > > > > > If you having doubts in the approach, please ping me on Skype > > so > > > we > > > > > > could > > > > > > > > flush out the details. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Thu, Jul 2, 2015 at 5:53 PM, Dmitriy Setrakyan < > > > > > > > [email protected] > > > > > > > > > > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > On Thu, Jul 2, 2015 at 7:29 AM, Sergey Evdokimov < > > > > > > > > > [email protected]> > > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > > > Web Agent can be shipped as Ignite plugin and start > > inside > > > > the > > > > > > > > cluster > > > > > > > > > as > > > > > > > > > > > service to avoid unnecessary configuration. > > > > > > > > > > > > > > > > > > > > > > How Web Agent will detect that Web Control Center need > a > > > > data? > > > > > > Web > > > > > > > > > > Control > > > > > > > > > > > Center cannot open connection to cluster, because > cluster > > > may > > > > > be > > > > > > in > > > > > > > > > local > > > > > > > > > > > network without static IP. Do you mean that Web Agent > > will > > > > keep > > > > > > > > opened > > > > > > > > > > > connection to Web Control Center always? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > However, the Ignite web agent should be able to open a > > > > connection > > > > > > to > > > > > > > > the > > > > > > > > > > web control center, no? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Thu, Jul 2, 2015 at 5:12 PM, Alexey Kuznetsov < > > > > > > > > > > [email protected]> > > > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > > > > > Igniters, > > > > > > > > > > > > > > > > > > > > > > > > I'm working on Web Control Center and first release > is > > > > near. > > > > > > > > > > > > In first release we will provide UI for cluster and > > > caches > > > > > > > > > > configuration. > > > > > > > > > > > > > > > > > > > > > > > > In next releases we will provide Monitoring, SQL and > > > Schema > > > > > > > Import > > > > > > > > > > > Utility. > > > > > > > > > > > > But those advanced features require access to Ignite > > > > cluster > > > > > > (for > > > > > > > > > > > > Monitoring and SQL) > > > > > > > > > > > > and access to DB server for Schema Import. > > > > > > > > > > > > > > > > > > > > > > > > After some thoughts we decided to create a so-called > > "web > > > > > > agent" > > > > > > > it > > > > > > > > > > will > > > > > > > > > > > be > > > > > > > > > > > > started "near" cluster and DB will connect to it and > > send > > > > all > > > > > > > > needed > > > > > > > > > > info > > > > > > > > > > > > to Web Control Center. > > > > > > > > > > > > > > > > > > > > > > > > Any ideas, thoughts and suggestions are very welcome. > > > > > > > > > > > > > > > > > > > > > > > > Thanks. > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > > > > Alexey Kuznetsov > > > > > > > > > > > > GridGain Systems > > > > > > > > > > > > www.gridgain.com > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > Alexey Kuznetsov > > GridGain Systems > > www.gridgain.com > > > -- Alexey Kuznetsov GridGain Systems www.gridgain.com
