Service registry lookup

[deis-admin]

From @mboersma on October 16, 2013 16:9

Come up with simple design for new object models / dynamic config / envvars to be Deis' service registry and attachment workflow.

Copied from original issue: deis/deis#231

[deis-admin]

From @gabrtv on November 18, 2013 17:54

I've been working on a design for this with the Opscode guys. I hope to post a specification here shortly and get a PR together that implements a manual service registry that we can later make more dynamic (late binding, multi-tenancy, etc.)

[deis-admin]

From @bacongobbler on December 1, 2013 8:37

@gabrtv, do you still have that spec hiding around somewhere for this issue? :)

[deis-admin]

From @bacongobbler on December 4, 2013 23:23

Standalone Service Registry

The service registry is a wrapper to common web services for
centralized service creation (known as provisioning). It can work with
common on-premise services such as a local mysql database or a Redis server
for a "private" or on-premise service registry, or with public SaaS applications
such as MongoLab or ElephantSQL for a public service offering.

Technical Overview

This project will be a generic wrapper for web services, giving administrators
the power to make their consumable service readily available to any PaaS that
uses this service registry.

Similar to Heroku Add-ons, customers use the service registry to provision an
addon offered by a third-party provider for their applications. When this
happens, the service registry sends a request to a providers's service gateway,
which then creates a new private addon. This addon represents an instance of
the provider's service.

Target Market

The service registry aims to target the PaaS industry, where new PaaS vendors
are looking to add data services to their PaaS offering (similar to Heroku
Add-Ons). Private PaaS solutions may also implement this solution by
connecting to external databases or services instead, whether those services
are internal to a clustered environment or are in a large datacenter in another
region.

It also targets the SaaS market, where new providers are looking to get some
public visibility of their product through third parties that implement
this service in their offering.

Administrator's Spec

An administrator of the registry can manage all of the registered gateways.
You can view the gateways that are bound to the registry with the
deis services:list command:

$ deis services:list
builtin-mysql
builtin-postgresql
amazon-rds-oracledb
mongolab

Registering a Gateway

Adds the gateway to the registry. The gateway is disabled by default.

$ deis services:add builtin-mysql --endpoint http://my-gateway-fqdn.com:port/
Adding builtin-mysql...done
Use `deis services:enable builtin-mysql` to enable this service

Unregistering a Gateway

Removes the gateway from the registry. Any addons created with this gateway
will NOT be deprovisioned when this gateway is removed.

$ deis services:remove builtin-mysql
Are you sure you want to remove builtin-mysql? (y or n)
Removing builtin-mysql...done

Disabling a Gateway

Disables a gateway, denying any calls to provision a new addon.

$ deis services:disable builtin-mysql

Enabling a Gateway

Enables a Gateway for use.

$ deis services:enable builtin-mysql

Developer Spec

A developer can manage their addons through the command line interface. You can view your current addons that are bound to your application with the deis addons:list command:

$ deis addons:list
builtin-mysql:free
builtin-postgresql:free
amazon-rds-oracledb:small
mongolab:enterprise

Adding an Addon

Adds the addon to the application, and forces a new release.

$ deis addons:add builtin-redis --plan=free
Adding builtin-redis:free to myapp...done
Use `deis addons:docs builtin-redis --plan=free` to view documentation

Removing an Addon

Removes the addon from the application, and forces a new release.

$ deis addons:remove builtin-redis --plan=free
Removing builtin-redis:free from myapp...done

Switching Plans

Changes the addon credentials within the application to reflect the upgraded (or downgraded) plan's new endpoint. Forces a new release.

$ deis addons:update builtin-redis --plan=paid
Upgrading builtin-redis:paid to myapp... done
You are now being billed for this addon at $0.06/container/hr
Use `deis addons:docs builtin-redis --plan=paid` to view documentation

Opening an Addon's Dashboard

Opens a management page on the provider's website for the addon, giving the user administrative access to the addon.

$ deis addons:open builtin-redis
Opening builtin-redis:free for myapp.

Read Documentation on an Addon

Opens documentation on how to use the addon with the application.

$ deis addons:docs builtin-redis:free
Opening documentation on builtin-redis:free for myapp.

Registry Endpoints

GET     /gateways
    retrieve information about all gateways available

POST    /gateways
    attach a gateway to the registry

GET     /gateways/:gateway_name
    get information about this specific gateway

PUT     /gateways/:gateway_name
    update configuration for a gateway

DELETE  /gateways/:gateway_name
    unregister a gateway. also unprovisions all addons provisioned with this gateway

GET     /addons
    get information on all addons available

GET     /addons?user=:username
    get all addons provisioned by :username

GET     /addons?gateway=:gateway_name
    get all addons provisioned by a specific gateway

POST    /addons
    provisions a new addon

GET     /addons/:addon_name
    get information about the addon

PUT     /addons/:addon_name
    update an addon's config

DELETE /addons/:addon_name
    deprovision an addon

Architecture Diagram

+-------------+    deis addons:add mysql --plan=free    +--------+
|             |-----------------------------------------| Client |
|  Controller |-----+                                   +--------+
|             |     |
+-------------+     |   POST /addons { type: mysql, plan: free }
                    |   RETURN { status: 200, creds: { MYSQL_URL: ... }, name: mysql-746017aa }
192.168.0.1         |                   |
+------------+      | <-----------------+
|            |      |
|  Registry  |------+
|            |
|            |         CREATE DATABASE 746017aa; GRANT USER ...;
+------------+                                   |
      |                                          |
      | POST / { plan: free }                    |
      | RETURN { status: 200, creds: {...} }     |
      |            |                             |
      |            |           192.168.0.2       |      192.168.0.3:3306
      |            |        +---------------+    |      +---------------+
      |            V        |               |    V      |               |
      +---------------------|    Gateway    |-----------|   MySQL       |
      |                     |               |           |               |
      |                     +---------------+           +---------------+
      |                        192.168.0.4              192.168.0.3:5432
      |                     +---------------+           +---------------+
      |                     |               |           |               |
      +---------------------|    Gateway    |-----------|   PostgreSQL  |
      |                     |               |           |               |
      |                     +---------------+           +---------------+
      |                        192.168.0.5              http://mongolab.com/
      |                     +---------------+           +---------------+
      |                     |               |           |               |
      +---------------------|    Gateway    |-----------|   MongoLab    |
                            |               |           |               |
                            +---------------+           +---------------+

[deis-admin]

From @gabrtv on December 4, 2013 23:59

@bacongobbler This looks great. Let's flesh out the developer UX next. For example, how does a developer actually attach a database to an existing application using the CLI?

With Heroku this looks like heroku addons:add <provider>:<plan>. Maybe for Deis this means deis services:add <provider>:<plan>? What about the other parts of the lifecycle? Let's flesh that out, taking inspiration from Heroku's command-line workflow..

[deis-admin]

From @bacongobbler on December 6, 2013 7:15

optionally, you should also be able to make this scriptable by specifying the --application=<appname> option on any command, or whatever name makes most sense to make this command apply to a specific application.

[deis-admin]

From @gabrtv on December 10, 2013 0:25

Thanks for this @bacongobbler. After much chin stroking and IRC discussion, here are the next steps before we can start implementation:

• Merge Upgrade/Downgrade into a single 'Change' or 'Update' function
• Change developer commands to deis addons:action -- for Heroku compatibility
• Define ops/admin commands with deis services:action -- how does the admin inject services into the registry and manage them?
• Revamp the spec into a single comment, so we can see the latest version all at once

Once we agree on moving forward, I suggest we start with a PostgreSQL reference implementation!

[deis-admin]

From @bacongobbler on December 10, 2013 7:19

Features to discuss before this spec is considered final. These may also be cut from the final spec (as we don't need to concern ourselves with SPOF for now):

• optimally, the registry should have no Single Points Of Failure. This means that if the registry went down in the cluster, the entire system should still be usable.
• gateways and registries should have a shared secret key for authentication. We don't want someone to attach a rogue gateway to our registry, and we don't want to be the culprit of a MITM attack! This can be done using OAuth tokens.
• health management of the services. We should know when MongoLab is down or when our internal postgresql database is undergoing maintenance.
• more clarity on how the registry and the gateway communicate with each other (through bi-directional http API requests and OAuth tokens).
• how does a developer create their own custom service gateway?

[deis-admin]

From @bacongobbler on December 15, 2013 0:33

Work in progress at https://github.com/bacongobbler/service-registry

[deis-admin]

From @bacongobbler on January 7, 2014 10:23

It's very much alpha in it's current state, but I have a working proof of concept where the service registry will create and delete new MySQL databases, as well as return a URI for use. Documentation (and tests!) has still yet to be written, but you can try it out and see what kind of changes you guys would like to see.

Instructions on getting started:

1. install the dependencies required for MySQL-python
2. install rabbitmq for celery tasks
3. run the following:

$ git clone git://github.com/bacongobbler/service-registry.git -b develop
$ cd service-registry
$ virtualenv venv && source venv/bin/activate
$ pip install -r requirements.txt
$ python manage.py syncdb --noinput
$ python manage.py runserver

4. go to http://127.0.0.1:8000/api/v1/providers/, add a MySQL provider, enable it by ticking the checkbox, and click POST
5. go to http://127.0.0.1:8000/api/v1/services/, add a new service with the name asdfqwerty, the new provider we just created, the free or paid plan, leave the URI field or write in it (will be overwritten later), any url for the dashboard, and any url for the docs.

After clicking POST to save, the entry should have been created, and the new database should be created in your local MySQL service. To verify, take a look at the uri to ensure that it was populated, then open up a mysql shell:

$ mysql
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 13
Server version: 5.6.15 Source distribution

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| asdfqwerty         |
| mysql              |
| performance_schema |
+--------------------+
4 rows in set (0.00 sec)

mysql> select User from mysql.user;
+------------------+
| User             |
+------------------+
| root             |
| root             |
|                  |
|                  |
| 8w685g6qkha3spot |
| root             |
+------------------+
6 rows in set (0.00 sec)

For example, my uri field is now set to mysql://8w685g6qkha3spot:qrpsgu8yk64ig97h@localhost:3306/asdfqwerty, so I can connect trying to use that information:

$ mysql -u 8w685g6qkha3spot -pqrpsgu8yk64ig97h asdfqwerty
Warning: Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 28
Server version: 5.6.15 Source distribution

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show tables;
Empty set (0.00 sec)

[deis-admin]

From @tombh on January 7, 2014 10:48

So exciting! Great work :)

The code's on the develop branch right?