Hi,
Lets finalize our decision.
1. All distributed properties are published. - It's clear.
2. Do we add the description for the property (add method to the
interface DistributedProperty)?
If yes: is the description is persisted or hard-coded?
3. Permission:
- add one permission to modify all properties (the value of any property
may be read without permission)
- separate permission for each property.
I'm OK with both cases. It's obvious that one permission for all
properties is easier to implement.
On 08.09.2020 17:19, Nikolay Izhikov wrote:
Hello, Anton.
1) Publish distributed property
I propose to use SystemView API to accomplish this.
Actually, there is PR for it, already [1]
Distributed property will be available via SQL - «SELECT * FROM
SYS.DISTRIBUTED_METASTORAGE»
Or via JMX in the corresponding bean.
2) Permission for distributed properties
Do we really need separate permission for each property?
Would it be enough to have one permission «DISTRIBUTED_PROPERTY_WRITE» or
similar?
WIth it we allow to the user SET operation for any property.
[1] https://github.com/apache/ignite/pull/8225/files
8 сент. 2020 г., в 16:53, Anton Kalashnikov <kaa....@yandex.ru> написал(а):
Hi everyone,
I think I agree with Nikolay that we should make available all our property not
only some of them. Also maybe it makes sense to split this task into two tasks
in the following way: Publish all distributed property through public
interfaces(control.sh, jmx, etc.), Giving possibility to add permission to some
properties.
In my opinion, we need the following changes(it is just a high overview of my
ideas):
1) Publish distributed property
- DistributedConfigurationProcessor new methods: propertyList():
List<DistributedProperty>, get(propertyName): DistributedProperty
- DistributedProperty new methods: stringView(),
propagateFromString(valueAsString) - it's discussable, I still don't sure it is
great place for such methods. Perhaps we should have a some converter inside of
control.sh or whatever.
Usage:
List<DistributedProperty> allClusterProperties =
distributedConfigurationProcessor.list();
allClusterProperties.forEach( prop -> System.out.printl(prop.stringView()) );
DistributedProperty baselineAutoAdjustEnabled =
distributedConfigurationProcessor.get("baselineAutoAdjustEnabled");
baselineAutoAdjustEnabled.propagateFromString("true");//baselineAutoAdjustEnabled.propagate(true)
Open questions:
- How to update complex objects(any object which is not primitive)?
- Does it ok to convert the object to string inside the DistributedProperty?
2) Permission for distributed properties
- New class for permission - unfortunately, it's broking all
hierarchy(DistributedLongProperty, DistributedBooleanProperty etc.) but maybe
it is not a big problem
class PermissibleDistributedProperty<T> extends
SimpleDistributedProperty<InnerPermissionWrapper<T>> {
PermittedDistributedProperty(key, realValue, readPermission,
writePermission) {
super(key, new InnerPermissionWrapper(realValue, readPermission,
writePermission);
}
}
- I don't know a lot about ignite security so I don't sure where we should
check the permission in that case - it can be a new special processor or just
inside a job
One more idea - instead of creating the PermittedDistributedProperty we can store
some mapping <property, readPermission, writePermission> separately(it can be
static mapping or it can be stored in some new DistributedProperty). But in this
case, it is possible to lost permission after property renaming.
--
Best regards,
Anton Kalashnikov
05.09.2020, 10:09, "Nikolay Izhikov" <nizhi...@apache.org>:
Hello, Taras.
One more thing:
--property list - prints list of the available properties with description,
e.g.:
We have a convenient API to show Ignite internal objects - System Views [1]
Any system view available via SQL and JMX.
It seems we should have METASTORAGE view instead of this option.
P.S. Should we add some CMD interface for system views?
[1] https://apacheignite.readme.io/docs/system-views
3 сент. 2020 г., в 10:37, Nikolay Izhikov <nizhikov....@gmail.com> написал(а):
Hello, Taras.
I guess some properties (may be future properties) shouldn't be published
through generic cmd line interface.
With marker interface user have to wait for a new release to fix not
published property.
New release is a very long way for fixing one tiny configuration value.
Also, we shouldn’t hide anything from the administrator.
I’m sure that hiding any internals from our users is always a bad idea and
hides some issue in the codebase.
Let’s do it in Apache Way? :) - «Not restriction but common sense»
We can have some kind of `IgniteSystemProperty` with default read-only list
and description to it -
«User, you edit this properties fully on your own. We can’t predict results
of such kind of edits»
So user can fix this list manually.
WDYT?
3 сент. 2020 г., в 10:21, Taras Ledkov <tled...@gridgain.com> написал(а):
Hi,
Why do we want to restrict property management somehow?
I guess some properties (may be future properties) shouldn't be published
through generic cmd line interface.
May be its require separate more complex cmd line commands, some properties
may have dependencies and require complex management not only set/get.
In this case we can use distributed property without publish one via simpel
cmd line interface.
On 03.09.2020 10:05, Nikolay Izhikov wrote:
Hello, Taras.
It a shame we don’t have a well-written guide for the development of the
Ignite management interfaces at the moment.
For now, we have dozen of some management APIs - java, JMX, SQL, control.sh,
visorcmd.sh, REST
I think we should support 3 manage interfaces for each new command:
* CMD
* JMX
* SQL
You can take as an example implementation of the `KILL` command [1]
If we create the instance of this class the property can be managed by
command line.
Why do we want to restrict property management somehow?
This operation should be done by the administrator who knows what he or she
does.
I think we should provide a way to change any property value without any
restriction for admin.
So our users don’t have to wait «one more release» with only change
‘implements SimpleDistributedPublicProperty’ for some property.
[1] https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=145724615
2 сент. 2020 г., в 23:11, Taras Ledkov <tled...@gridgain.com> написал(а):
Hi,
Motivation: we have to manage SQL distributed property by command line and
introduce common approach to manage distributed properties.
Issue: IGNITE-13186 (see [1])
My proposal is:
Property classes & DistributedConfigurationProcessor changes (see PR [2]):
- introduce PublicProperty interface and implements it at the
PublicSimpleProperty;
- SimpleDistributedPublicProperty. If we create the instance of this class
the property can be managed by command line.
Command line interface:
--property list - prints list of the available properties with description,
e.g.:
sql.disabledFunctions : Disabled SQL functions
sql.defaultQueryTimeout : Default query timeout
--property get --name <prop_name> - prints the property value
--property set --name <prop_name> --val <prop_value> - change the property
value.
Possible we have to add the command:
--property reset --name <prop_name> - reset property to default value.
Please your comments.
Please pay your attention to concept & design of the publishing a property by
'PublicProperty' and set of the new commands.
[1]. https://issues.apache.org/jira/browse/IGNITE-13186
[2]. https://github.com/apache/ignite/pull/8208
--
Taras Ledkov
Mail-To: tled...@gridgain.com
--
Taras Ledkov
Mail-To: tled...@gridgain.com
--
Taras Ledkov
Mail-To: tled...@gridgain.com
