<div dir="ltr">Hey!<div><br></div><div>The multi-tenancy support for Hot Rod and REST has been implemented [2]. Since the PR is gigantic, I marked some interesting places for review so you might want to skip boilerplate parts.</div><div><br></div><div>The Memcached and WebSockets implementations are currently out of scope. If you would like us to implement them, please vote on the following tickets:</div><div><ul><li>Memcached <a href="https://issues.jboss.org/browse/ISPN-6639">https://issues.jboss.org/browse/ISPN-6639</a></li><li>Web Sockets <a href="https://issues.jboss.org/browse/ISPN-6638">https://issues.jboss.org/browse/ISPN-6638</a><br></li></ul></div><div>Thanks</div><div>Sebastian</div><div><br></div><div>[2] <a href="https://github.com/infinispan/infinispan/pull/4348">https://github.com/infinispan/infinispan/pull/4348</a></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, May 26, 2016 at 4:51 PM, Sebastian Laskawiec <span dir="ltr"><<a href="mailto:slaskawi@redhat.com" target="_blank">slaskawi@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hey Galder!<div><br></div><div>Comments inlined.</div><div><br></div><div>Thanks</div><div>Sebastian</div><div class="gmail_extra"><br><div class="gmail_quote"><span class="">On Wed, May 25, 2016 at 10:52 AM, Galder Zamarreño <span dir="ltr"><<a href="mailto:galder@redhat.com" target="_blank">galder@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Hi all,<br>
<br>
Sorry for the delay getting back on this.<br>
<br>
The addition of a new component does not worry me so much. It has the advantage of implementing it once independent of the backend endpoint, whether HR or Rest.<br>
<br>
What I'm struggling to understand is what protocol the clients will use to talk to the router. It seems wasteful having to build two protocols at this level, e.g. one at TCP level and one at REST level. If you're going to end up building two protocols, the benefit of the router component dissapears and then you might as well embedded the two routing protocols within REST and HR directly.<br></blockquote><div><br></div></span><div>I think I wasn't clear enough in the design how the routing works...</div><div><br></div><div>In your scenario - both servers (hotrod and rest) will start EmbeddedCacheManagers internally but none of them will start Netty transport. The only transport that will be turned on is the router. The router will be responsible for recognizing the request type (if HTTP - find proper REST server, if HotRod protocol - find proper HotRod) and attaching handlers at the end of the pipeline.</div><div><br></div><div>Regarding to custom protocol (this usecase could be used with Hotrod clients which do not use SSL (so SNI routing is not possible)), you and Tristan got me thinking whether we really need it. Maybe we should require SSL+SNI when using HotRod protocol with no exceptions? The thing that bothers me is that SSL makes the whole setup twice slower: <a href="https://gist.github.com/slaskawi/51f76b0658b9ee0c9351bd17224b1ba2#file-gistfile1-txt-L1753-L1754" target="_blank">https://gist.github.com/slaskawi/51f76b0658b9ee0c9351bd17224b1ba2#file-gistfile1-txt-L1753-L1754</a></div><span class=""><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br>
In other words, for the router component to make sense, I think it should:<br>
<br>
1. Clients, no matter whether HR or REST, to use 1 single protocol to the router. The natural thing here would be HTTP/2 or similar protocol.<br></blockquote><div><br></div></span><div>Yes, that's the goal.</div><span class=""><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
2. The router then talks HR or REST to the backend. Here the router uses TCP or HTTP protocol based on the backend needs.<br></blockquote><div><br></div></span><div>It's even simpler - it just uses the backend's Netty Handlers.</div><div><br></div><div>Since the SNI implementation is ready, please have a look: <a href="https://github.com/infinispan/infinispan/pull/4348" target="_blank">https://github.com/infinispan/infinispan/pull/4348</a></div><div><div class="h5"><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br>
^ The above implies that HR client has to talk TCP when using HR server directly or HTTP/2 when using it via router, but I don't think this is too bad and it gives us some experience working with HTTP/2 besides the work Anton is carrying out as part of GSoC. </blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br>
Cheers,<br>
--<br>
Galder Zamarreño<br>
Infinispan, Red Hat<br>
<div><div><br>
> On 11 May 2016, at 10:38, Sebastian Laskawiec <<a href="mailto:slaskawi@redhat.com" target="_blank">slaskawi@redhat.com</a>> wrote:<br>
><br>
> Hey Tristan!<br>
><br>
> If I understood you correctly, you're suggesting to enhance the ProtocolServer to support multiple EmbeddedCacheManagers (probably with shared transport and by that I mean started on the same Netty server).<br>
><br>
> Yes, that also could work but I'm not convinced if we won't loose some configuration flexibility.<br>
><br>
> Let's consider a configuration file - <a href="https://gist.github.com/slaskawi/c85105df571eeb56b12752d7f5777ce9" rel="noreferrer" target="_blank">https://gist.github.com/slaskawi/c85105df571eeb56b12752d7f5777ce9</a>, how for example use authentication for CacheContainer cc1 (and not for cc2) and encryption for cc1 (and not for cc1)? Both are tied to hotrod-connector. I think using this kind of different options makes sense in terms of multi tenancy. And please note that if we start a new Netty server for each CacheContainer - we almost ended up with the router I proposed.<br>
><br>
> The second argument for using a router is extracting the routing logic into a separate module. Otherwise we would probably end up with several if(isMultiTenent()) statements in Hotrod as well as REST server. Extracting this has also additional advantage that we limit changes in those modules (actually there will be probably 2 changes #1 we should be able to start a ProtocolServer without starting a Netty server (the Router will do it in multi tenant configuration) and #2 collect Netty handlers from ProtocolServer).<br>
><br>
> To sum it up - the router's implementation seems to be more complicated but in the long run I think it might be worth it.<br>
><br>
> I also wrote the summary of the above here: <a href="https://github.com/infinispan/infinispan/wiki/Multi-tenancy-for-Hotrod-Server#alternative-approach" rel="noreferrer" target="_blank">https://github.com/infinispan/infinispan/wiki/Multi-tenancy-for-Hotrod-Server#alternative-approach</a><br>
><br>
> @Galder - you wrote a huge part of the Hot Rod server - I would love to hear your opinion as well.<br>
><br>
> Thanks<br>
> Sebastian<br>
><br>
><br>
><br>
> On Tue, May 10, 2016 at 10:59 AM, Tristan Tarrant <<a href="mailto:ttarrant@redhat.com" target="_blank">ttarrant@redhat.com</a>> wrote:<br>
> Not sure I like the introduction of another component at the front.<br>
><br>
> My original idea for allowing the client to choose the container was:<br>
><br>
> - with TLS: use SNI to choose the container<br>
> - without TLS: enhance the PING operation of the Hot Rod protocol to<br>
> also take the server name. This would need to be a requirement when<br>
> exposing multiple containers over the same endpoint.<br>
><br>
> From a client API perspective, there would be no difference between the<br>
> above two approaches: just specify the server name and depending on the<br>
> transport, select the right one.<br>
><br>
> Tristan<br>
><br>
> On 29/04/2016 17:29, Sebastian Laskawiec wrote:<br>
> > Dear Community,<br>
> ><br>
> > Please have a look at the design of Multi tenancy support for Infinispan<br>
> > [1]. I would be more than happy to get some feedback from you.<br>
> ><br>
> > Highlights:<br>
> ><br>
> > * The implementation will be based on a Router (which will be built<br>
> > based on Netty)<br>
> > * Multiple Hot Rod and REST servers will be attached to the router<br>
> > which in turn will be attached to the endpoint<br>
> > * The router will operate on a binary protocol when using Hot Rod<br>
> > clients and path-based routing when using REST<br>
> > * Memcached will be out of scope<br>
> > * The router will support SSL+SNI<br>
> ><br>
> > Thanks<br>
> > Sebastian<br>
> ><br>
> > [1]<br>
> > <a href="https://github.com/infinispan/infinispan/wiki/Multi-tenancy-for-Hotrod-Server" rel="noreferrer" target="_blank">https://github.com/infinispan/infinispan/wiki/Multi-tenancy-for-Hotrod-Server</a><br>
> ><br>
> ><br>
> > _______________________________________________<br>
> > infinispan-dev mailing list<br>
> > <a href="mailto:infinispan-dev@lists.jboss.org" target="_blank">infinispan-dev@lists.jboss.org</a><br>
> > <a href="https://lists.jboss.org/mailman/listinfo/infinispan-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/infinispan-dev</a><br>
> ><br>
><br>
> --<br>
> Tristan Tarrant<br>
> Infinispan Lead<br>
> JBoss, a division of Red Hat<br>
> _______________________________________________<br>
> infinispan-dev mailing list<br>
> <a href="mailto:infinispan-dev@lists.jboss.org" target="_blank">infinispan-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/infinispan-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/infinispan-dev</a><br>
><br>
> _______________________________________________<br>
> infinispan-dev mailing list<br>
> <a href="mailto:infinispan-dev@lists.jboss.org" target="_blank">infinispan-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/infinispan-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/infinispan-dev</a><br>
<br>
<br>
_______________________________________________<br>
infinispan-dev mailing list<br>
<a href="mailto:infinispan-dev@lists.jboss.org" target="_blank">infinispan-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/infinispan-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/infinispan-dev</a></div></div></blockquote></div></div></div><br></div></div>
</blockquote></div><br></div>