Page MenuHomePhabricator
Create Task
Maniphest T5833

Build "Almanac", a service/host/device directory
Closed, ResolvedPublic
Actions

Description

See https://secure.phabricator.com/chatlog/channel/6/?at=156708 for naming discussion, if anyone objects or comes up with something better before this lands. Leading alternatives were "Startchart", "Proclaim" and "Fleet"/"Armada".

Almanac is a service/host/device directory, similar to SMC at Facebook or the DNS system. Major objects are something like:

  • Hosts/Devices -- a physical (or maybe virtual) device which may have services on it, like box001.datacenter.company.com.
  • Services -- a named service, like www.company.com.

Rough, a service is defined as a group of devices. For example, the www.company.com service might be the HTTP load balancers lb001.company.com, lb002.company.com, and lb003.company.com.

Clients can ask it DNS-like questions like:

  • How do I connect to www.company.com?
  • How do I connect to mysql.phabricator.company.com, for writing?

Administrators can use the web UI to change the answers to these questions (e.g., bring servers up / down, move hosts in/out of service pools, change host attributes to control masters/slaves).

In the short term, we want to be able to deploy Phabricator across multiple machines easily. Some installs are nearing the effective one-machine scalability limit when using hosted repositories, and we want to define a large service cluster for SAAS. Putting this information inside Phabricator will let us do this in a reasonable way, and solve tangential issues like allowing machines to identify one another for authentication.

In the mid term, we want to deploy SAAS, and this tooling can make it easier to manage hosts, let us build Phage, etc. Drydock and Harbormaster can also benefit from centralized host management, the ability to define pools, etc.

In the long term, this could be a general purpose-service.

A tangential but reasonable feature is to support host monitoring/detection (like Reticle) so we can show if a service is up or down and report basics like deployed software versions, at a minimum. Eventually this could be more full-featured.

Revisions and Commits

rP Phabricator
D11452rPadf209e6555a When registering a device, write a device ID
D11447rP20dbdd7c28d6 Fix validation of network names in Almanac
D11372rP20e9cfac672c Add a "ClusterDatabase" Almanac service type
D11024rP340373f7bbc9 Almanac: forced interface PHIDs, prefix/suffix device query…
D11016rPe0f4e19c3f3d Add an Almanac service typeahead datasource
D10996rP3fa519da74d4 Allow Almanac service types to define default properties
D10995rPc85327ca3e58 Give AlmanacServices a service type
D10880rP15ab2141da15 Fix almanac.queryservices for no results
D10862rP2ac987714bcd Add almanac.queryservices Conduit API method
D10825rPaf6ffd8c7b34 Allow Almanac devices to have SSH keys
D10824rP32cdc23efc52 Separate SSH key management from the settings panel
D10805rPbf17b12daf43 Standardize SSH key storage
D10791rPe29955b48d64 Move SSHKey table to Auth database
D10790rP6f0d3b07962a Add a query/policy layer on top of SSH keys for Almanac
D10782rP2b495f1f032d Implement PhabricatorProjectInterface on Almanac Services and Devices
D10781rPfcad9435ea82 Allow Almanac Devices and Bindings to have properties
D10777rP2f1b5ae01022 Give Almanac generic, custom-field-based properties
D10745rPd5b70e2c1cab Add AlmanacBinding, to bind a service to an interface
D10718rP3e516e40f319 Build AlmanacInterface
D10715rP3e704f6c788f Build AlmanacNetwork
D10714rP247cb94d5ae0 Build AlmanacDevice UI
D10713rP796921021b7f Build AlmanacService

Related Objects
Search...

Event Timeline

epriestley created this task.Aug 9 2014, 3:46 PM
epriestley claimed this task.
epriestley raised the priority of this task from to Normal.
epriestley updated the task description. (Show Details)
epriestley added a project: Almanac.
epriestley added subscribers: epriestley, chad, btrahan, hach-que.
chad added a comment.Aug 9 2014, 3:48 PM

I already ordered "Almanac 2016 Launch" T-Shirts, so we're stuck on that name.

epriestley added a comment.Aug 9 2014, 3:54 PM

Phacility Grand Strategic Plan:

  1. Build new beta applications and increase scope.
  2. Never finish anything or make any money.
  3. ???
  4. Bankruptcy.
chad added a comment.EditedAug 9 2014, 3:55 PM

T5834: We really should be able to give Tokens to comments

talshiri added a subscriber: talshiri.Aug 9 2014, 5:54 PM
dereckson added a subscriber: dereckson.Aug 13 2014, 12:35 AM
In T5833#5, @chad wrote:

I already ordered "Almanac 2016 Launch" T-Shirts, so we're stuck on that name.

Are you serious?

If not, I would recommend to use the archaic English (and French still current) spelling almanach with an h, so we can get the best alternative to -ph- name adding this h.

epriestley added a comment.Aug 16 2014, 2:19 AM

Some discussion in IRC starting here: https://secure.phabricator.com/chatlog/channel/6/?at=159258

Rough outline is:

  • Device: A physical (or virtual or whatever, but approximately physical) device. Usually a server, but maybe a router or load balancer. (And maybe an employee cell phone or laptop if you just want a reasonable way to keep track of them.)
  • Network: Basically a namespace for addresses. Most stuff will probably be on "the public internet", but if you have VPNs/VPCs this can let Almanac be smart about two devices with IP address "10.0.0.3" not being a conflict if they're in the NYC and SF corpnets. Especially initially, the UI should smooth this over as much as possible.
  • Interface: Describes a way to connect to a device, usually a <network, address> pair. Devices have interfaces. Most devices will have one interface, but, may have more than one if they have public / private IPs.
  • Service: Some high-level business service like "Phabricator MySQL".
  • Binding: Binds services to interfaces, letting you say "these are the places to connect to if you need to talk to Phabricator MySQL: A (read/write), B (readonly), C (readonly), D (disabled/maintenance)"
epriestley added a project: Phacility.Oct 3 2014, 12:15 PM
aderumier added a subscriber: aderumier.Oct 4 2014, 7:22 AM
epriestley added a comment.Oct 14 2014, 6:57 PM

The specific functionality I want in v0 is support for these SAAS use cases:

Instance Management: When a web machine hosting multiple colocated Phabricator instances receives a request to something.site.com, it should be able to identify which instance (if any) it should execute by querying Almanac. In particular, if a user requests xyz.site.com, the host should be able to query Almanac to answer these questions:

  • Does xyz.site.com exist, or should we 404?
  • Where are the bootstrapping services (notably, the database) for the xyz instance?
  • What additional settings should be configured for this install before executing the main codepath (e.g., readonly mode, service notices, other forced config settings).

Roughly, this means that each instance will have an AlmanacService entry.

Repository Location: When an instanced Phabricator or clustered Phabricator needs to make a Conduit service call, it should be able to use Almanac to figure out which host it should connect to. Specifically, something like:

  • The PhabricatorRepository lists a servicePHID.
  • The servicePHID points to an AlmanacService which describes which hosts a repository is located on.
  • (We probably need to push this down to installs rather than having them talk to the mothership, which might open up some sync questions.)

Device Identity and Trust: This is partially implemented, but Almanac should provide a framework for managing device keys and establishing device trust in clusters and instanced environments. For example:

  • When a daemon makes a Conduit request for repository information, it should be able to sign the request with the calling device key and authenticate to the remote host.
epriestley added a revision: D10713: Build AlmanacService.Oct 16 2014, 5:46 PM
epriestley added a revision: D10714: Build AlmanacDevice UI.Oct 16 2014, 6:20 PM
epriestley added a revision: D10715: Build AlmanacNetwork.Oct 16 2014, 6:55 PM
joshuaspence added a subscriber: joshuaspence.Oct 16 2014, 7:52 PM
epriestley added a revision: D10718: Build AlmanacInterface.Oct 16 2014, 8:34 PM
chasemp awarded a token.Oct 17 2014, 3:38 AM
epriestley added a commit: rP796921021b7f: Build AlmanacService.Oct 17 2014, 12:02 PM
epriestley added a commit: rP247cb94d5ae0: Build AlmanacDevice UI.
epriestley added a commit: rP3e704f6c788f: Build AlmanacNetwork.Oct 17 2014, 12:04 PM
epriestley added a commit: rP3e516e40f319: Build AlmanacInterface.
epriestley added a revision: D10745: Add AlmanacBinding, to bind a service to an interface.Oct 24 2014, 5:14 PM
epriestley added a commit: rPd5b70e2c1cab: Add AlmanacBinding, to bind a service to an interface.Oct 27 2014, 8:39 PM
epriestley added a revision: D10777: Give Almanac generic, custom-field-based properties.Nov 3 2014, 5:03 PM
epriestley added a revision: D10781: Allow Almanac Devices and Bindings to have properties.Nov 4 2014, 1:50 PM
epriestley added a revision: D10782: Implement PhabricatorProjectInterface on Almanac Services and Devices.Nov 4 2014, 2:58 PM
epriestley added a revision: D10790: Add a query/policy layer on top of SSH keys for Almanac.Nov 5 2014, 8:14 PM
epriestley added a revision: D10791: Move SSHKey table to Auth database.Nov 5 2014, 8:28 PM
epriestley added a commit: rP2f1b5ae01022: Give Almanac generic, custom-field-based properties.Nov 5 2014, 11:27 PM
epriestley added a commit: rPfcad9435ea82: Allow Almanac Devices and Bindings to have properties.
epriestley added a commit: rP2b495f1f032d: Implement PhabricatorProjectInterface on Almanac Services and Devices.Nov 5 2014, 11:30 PM
epriestley added a commit: rP6f0d3b07962a: Add a query/policy layer on top of SSH keys for Almanac.Nov 6 2014, 8:37 PM
epriestley added a commit: rPe29955b48d64: Move SSHKey table to Auth database.
epriestley mentioned this in T6484: Conduit API for SSH key retreival.Nov 6 2014, 9:52 PM
epriestley added a revision: D10805: Standardize SSH key storage.Nov 7 2014, 1:12 PM
epriestley added a commit: rPbf17b12daf43: Standardize SSH key storage.Nov 7 2014, 11:34 PM
dereckson removed a subscriber: dereckson.Nov 8 2014, 10:26 PM
epriestley added a revision: D10824: Separate SSH key management from the settings panel.Nov 9 2014, 6:42 PM
epriestley added a revision: D10825: Allow Almanac devices to have SSH keys.Nov 9 2014, 7:17 PM
Diffusion added a commit: rP32cdc23efc52: Separate SSH key management from the settings panel.Nov 11 2014, 4:18 PM
epriestley added a commit: rPaf6ffd8c7b34: Allow Almanac devices to have SSH keys.Nov 11 2014, 4:20 PM
btrahan moved this task from Backlog to v0 Closed Beta on the Phacility board.Nov 11 2014, 10:40 PM
epriestley mentioned this in T6240: Implement Conduit request signing for host-to-host calls.Nov 11 2014, 10:49 PM
epriestley added a revision: D10862: Add almanac.queryservices Conduit API method.Nov 16 2014, 1:49 PM
epriestley added a commit: rP2ac987714bcd: Add almanac.queryservices Conduit API method.Nov 16 2014, 9:54 PM
epriestley added a revision: D10880: Fix almanac.queryservices for no results.Nov 19 2014, 11:15 PM
epriestley added a commit: rP15ab2141da15: Fix almanac.queryservices for no results.Nov 19 2014, 11:19 PM
epriestley added a revision: D10995: Give AlmanacServices a service type.Dec 15 2014, 9:05 PM
epriestley added a revision: D10996: Allow Almanac service types to define default properties.Dec 16 2014, 10:09 AM
epriestley added a commit: rPc85327ca3e58: Give AlmanacServices a service type.Dec 17 2014, 7:10 PM
epriestley added a commit: rP3fa519da74d4: Allow Almanac service types to define default properties.
epriestley closed subtask T6741: Lock Almanac networks, and allow Almanac domain namespaces to be locked as Resolved.Dec 18 2014, 10:31 PM
epriestley added a revision: D11016: Add an Almanac service typeahead datasource.Dec 18 2014, 11:14 PM
epriestley added a commit: rPe0f4e19c3f3d: Add an Almanac service typeahead datasource.Dec 19 2014, 8:36 PM
epriestley reopened subtask T6741: Lock Almanac networks, and allow Almanac domain namespaces to be locked as Open.Dec 20 2014, 1:12 PM
epriestley added a revision: D11024: Almanac: forced interface PHIDs, prefix/suffix device query, DestructibleInterface.Dec 20 2014, 5:39 PM
epriestley added a commit: rP340373f7bbc9: Almanac: forced interface PHIDs, prefix/suffix device query….Dec 22 2014, 8:50 PM
epriestley added a revision: D11372: Add a "ClusterDatabase" Almanac service type.Jan 13 2015, 7:55 PM
epriestley added a commit: rP20e9cfac672c: Add a "ClusterDatabase" Almanac service type.Jan 13 2015, 7:59 PM
epriestley added a revision: D11447: Fix validation of network names in Almanac.Jan 20 2015, 9:34 PM
epriestley added a commit: rP20dbdd7c28d6: Fix validation of network names in Almanac.Jan 20 2015, 10:14 PM
epriestley added a revision: D11452: When registering a device, write a device ID.Jan 21 2015, 12:15 AM
epriestley added a commit: rPadf209e6555a: When registering a device, write a device ID.Jan 23 2015, 12:06 AM
epriestley closed this task as Resolved.Feb 1 2015, 1:01 AM

We're planning to put this into production shortly. There's some followup work in T6741 but the remaining part is nonblocking.

epriestley closed subtask T6741: Lock Almanac networks, and allow Almanac domain namespaces to be locked as Resolved.Feb 25 2016, 11:38 AM
talshiri removed a subscriber: talshiri.Feb 25 2016, 10:53 PM
Phabricator · Built by Phacility