Assignment 2.1 and 2 - Science Gateway Architectures...
-
Upload
nguyencong -
Category
Documents
-
view
215 -
download
1
Transcript of Assignment 2.1 and 2 - Science Gateway Architectures...
Assignments2.1and2.2
• DueFebruary1at12noon.• Assignment2.1:peerreviewthecodeofoneoftheotherteams.
• Identifyatleast1bugor1suggestedimprovement• Usetheissueboard
• Assignment2.2:peerreviewthecodeofoneoftheotherteams.• Identifyatleast1bugor1suggestedimprovement• Usetheissueboard
ProjectMilestone2Requirements
• YourprojectshouldrunasaserviceandwithapreliminaryAPI.• Basethisontheapplicationdeveloped inMilestone1.• APImethodsmustbeforsubmitting,monitoring,andcanceling jobs.
• Youmustprovidealsoclientsorclientsamplesforyourcode.• Clientsamplescanbeyourchoice:PHP,bash,Javaclients,etc.
• Instructorsmustbeabletocompileandrunboththeservice andtheclientsamples.
• Theentireenvironmentforrunningthingsshouldbeautomated.• Thelessworkinstructorshavetodo,thebetter.• Don’tassumeclientsandandtheservershareanything.
• OKtouselocalhost• Thatis,runserveronalaptop.• InthenearfuturewewillhaveVMsforyou.
ThisisNotaRESTTutorial• Youcanfindlotsoftutorialbysearching.• RESTisanarchitecturalstyle,notaprotocol,soyoumayfindconflictingdiscussionsonsomefine(andnotsofine)points.
• TherearegoodwaysandbadwaystoimplementRESTarchitecture.• RESThassomeshortcomings,somakeinformedchoices.
FromtheSource:RoyFielding
"RepresentationStateTransferisintendedtoevokeanimageofhowawell-designedWebapplicationbehaves:anetworkofwebpages(avirtualstate-machine),wheretheuserprogressesthroughanapplicationbyselectinglinks(statetransitions),resultinginthenextpage(representingthenextstateoftheapplication)beingtransferredtotheuserandrenderedfortheiruse."
Fielding, RoyThomas."Architecturalstyles andthedesign of network-based softwarearchitectures."PhDdiss.,University ofCalifornia, Irvine, 2000.
FeaturesoftheHTTPProtocolinREST• HTTPOfficialspecifications
• https://tools.ietf.org/html/rfc2616• Request-Response• UsesURLstoidentifyandaddressresources.• Stateless(butextendable)• Limitedsetofoperations
• GET, PUT,POST,DELETE, HEAD
• Transfershypermediainthebody• XML, JSON,RSS,Atom,etc.
• Extendablebymodifyingitsheader• Security, etc.
• Pointtopointsecurity• TLS
• Welldefinederrorcodes
RESTandHTTP
• HTTPisaformallyspecifiedprotocolfornetworkinteractions.
• RESTisanarchitecturalstylethatusesHTTP.
• “Architecturalstyle”• Art+technicalskill
• TheartofRESTistodefineAPIsusingHTTPthatarebeautifulandelegantaswellasuseful.
RESTandHTTP
• InREST,HTTPoperationsareVERBS.• Thereareonly~5verbs.
• URLsareNOUNS• Don’thaveAPImethodslike“/getUserID”,“/updateUserID”. • UseHTTPGETandPOSTforthese instead.
• VERBSactonNOUNStochangetheresourcestate.• Clientstatesarecontainedintheresponsemessage.• Resourcestatesaremaintainedbytheserver
© Peter R. Egli 2015 11/33 Rev. 2.40
REST – Representational State Transfer indigoo.com
Product List
Product
Purchase order
4. REST ‘protocol’ (3/5) Example of a REST-ful access (1/3):
HTTP Response: XML doc
HTTP GET request
Web client Web server
HTTP Response: XML doc
HTTP GET request
HTTP POST PO: XML doc
URL2
URL1
URL3
HTTP response
1
2
3
4
5
6
URLPatternsforRESTServices
• DesigninggoodURLsforRESTservicesisanart.• Baddesignwillstillwork• Leadstoinsidioustechnicaldebt
• Bestpracticeistousestructured,notflatURLs.• Thinkofyourresourcesascollections.• Moreimportantly,havetherightabstractionAPI
• Defineyourresourcesfirst• SpecificURLsmaychange.• HATEOAS
• AreanygatewayoperationsnotcoveredbyGET,PUT,POST,DELETE?
ReturnCodesandErrors
• RESTerrorsreturnHTTPerrorcodes.• Returntherightcodes.
• 200’s:everythingisOK• 400’s:clienterrors• 500’s:servererrors
• Errorcodesaremachineparse-able.• HTTPdoesn’thaveapplicationspecificerrorsforyourservice.• Includehelpfulinformationonwhytheerroroccurred.
• Challengetomakethismachineparse-able.• Comparewithexceptionsandtry-catchblocks
SomeRESTAdvantages
• Leverage25yearsofHTTPinvestments• Security,extensibility,popularity
• Lowentrybarriertogetpeopletotryyourservice• Usecurlcommandtotrythingsout
• Messageformatindependent• LikeJSON?UseJSON• LikeXML?UseXML• LikeCSV?
RESTChallenges
• Datamodelsforyourmessages• Need topickalanguage (JSON, etc)• Typesarelanguage-dependent
• Changingmessageformatswillbreakservices.• Messageformatsarevalidatedbytheserviceimplementation,notatthemessagetransportlevel
• Versioningisinformal• EveryREST implementationcomesupwithitsownstrategy.• Backward-forward compatibilityofdifferentversions
• Programmaticerrorcatchingishard• Noequivalent toJavaexceptions• EverythingisanHTTPerrorcodeplussomeconventionaltext
HypermediaastheEngineofApplicationState
HATEOAShttp://roy.gbiv.com/untangled/2008/rest-apis-must-be-hypertext-driven
YouAreDoingItCompletelyWrong
• RESTAPIsevolve.• Youaddnewfeatures.• Youchangethemessageformats• YouchangetheURLpatterns
• Thisbreaksclients.• Maintainingbackwardcompatibilityforlegacyclientsgetsharderovertime
• HATEOASisa“designpattern”topreventthisproblem.• Keepyourclientsandserverlooselycoupled• PartofFielding’soriginalRESTconceptionthatgetsoverlooked.
HisforHypermedia
• MainideaofHATEOAS:RESTservicesreturnhypermediaresponses.• Hypermediaisjustadocumentwithlinkstootherdocuments.• In”proper”REST,hypermediadocumentscontainlinkstowhattheclientcando.
• SemanticsoftheAPIneedtobeunderstoodanddefinedupfront.• Specificdetails(linksthatenablespecificactions)canchange.
HATEOASinBrief• Uselinks thatcontain“rel”,“href”,and“type”orequivalent.• Thespecificlinksinaspecificmessagedependonthecurrentstateofthedialogbetweenclientandserver.
• Noteverymessagecontainsallofyourrels.
Attribute Description
Rel Thisisyournoun. Youshouldhavepersistent,consistent“rels”forallyournouns.
Type Thisistheformatusedinthecommunicationswiththehref. Manystandardtypes(”text/html”). Customtypesshouldfollowstandardconventionsfornaming
Href This istheURLthatpointstoyournouninthisspecific interaction.
WWW.JPOINT.NL"""""|"""""[email protected]""""|"""""TWITTER:"@JOSDIRKSEN"
25
~"NetGlix"API"~"HATEOAS Part 1: Links
<link href="http://.../catalog/titles/series/70023522/cast” rel="http://schemas.netflix.com/catalog/people" title="cast"> <cast> <link href="http://api.netflix.com/catalog/people/30011713" rel="http://schemas.netflix.com/catalog/person" title="Steve Carell"/> <link href="http://api.netflix.com/catalog/people/30014922" rel="http://schemas.netflix.com/catalog/person" title="John Krasinski"/> <link href="http://api.netflix.com/catalog/people/20047634" rel="http://schemas.netflix.com/catalog/person" title="Jenna Fischer"/> </cast> </link>
http://www.slideshare.net/josdirksen/rest-from-get-to-hateoas
http://www.slideshare.net/josdirksen/rest-from-get-to-hateoasWWW.JPOINT.NL"""""|"""""[email protected]""""|"""""TWITTER:"@JOSDIRKSEN"
36
~"API"should"tell"us"what"to"do"~"
eBay: add to watchlist GET .../item/180881974947 { “name” : “Monty Python and the Holy Grail white rabbit big pointy teeth”, “id” : “180881974947”, “start-price” : “6.50”, “currency” : “GBP”, ... “links” : [ { “type: “application/vnd.ebay.item”, “rel”: “Add item to watchlist”, “href”: “https://.../user/12345678/watchlist/180881974947”}, { // and a whole lot of other operations ] }
JSON,XML,HTML,andHATEOAS
• What’sthebestlanguageforHATEOASmessages?• JSON:you’llneedtodefine“link”becauseJSONdoesn’thaveit.• XML:lotsofpowertolinkandref.
• XMLextensions likeRSSandAtomarealsohavewaysofexpressingthe“link”conceptsdirectly.
• Timeconceptsbuiltinalso:usetoexpressstatemachineevolution.
• HTML:RESTisbasedonobservationsofhowtheWebworks,soHTMLobviouslyhaswhatyouneed.
RESTDescriptionLanguages
• Therearealotofattempts:https://en.wikipedia.org/wiki/Overview_of_RESTful_API_Description_Languages
• Generalproblem:RESTservicesneedtobediscoverableandunderstandablebybothhumansandmachines.
• “SelfDescribing”
ExamplesofRealProblem#1
• YouaddanewAPImethod• YouchangethewayanoldAPImethodworks.• Youchangetheinputsandoutputs• YouwanttoaddsomeerrorhandlinghintsassociatedwiththeAPI• YouchangeAPIendpoints.• HATEOASmayhelpwithsomeofthis.
MoreaboutRealProblem#2
•HATEOAS’ssolution istouse“type”attribute•Datamodelscanbecomplicatedtocodeupsoeveryclienthasalocallibrarytodothis.
•Datamodelsevolveandbreakclients. • Typesindatamodelsdependondatamodellanguage(JSON,XML,etc).
UsualsolutionistocreateanSDKwrapperaroundtheAPI.
HelpsusersusetheAPIcorrectly,validatedataagainstdatamodels,etc.
Swagger->OpenAPI Initiatve,orOAI
• SwaggerwasaspecificationfordescribingRESTservices• Swaggeristoolsforimplementingthespecification• OpenAPI Initiativespinsoffthespecificationpart• OAIisopenlygoverned,availablefromGitHub
• https://github.com/OAI/OpenAPI-Specification
OAIGoals
• Defineastandard,language-agnosticinterfacetoRESTAPIs• Allowbothhumansandcomputerstodiscoverandunderstandthecapabilitiesoftheservicewithoutaccesstosourcecode,documentation,orthroughnetworktrafficinspection.
• Whenproperlydefined,aconsumercanunderstandandinteractwiththeremoteservicewithaminimalamountofimplementationlogic.
• Similartowhatinterfaceshavedoneforlower-levelprogramming,Swaggerremovestheguessworkincallingtheservice.
http://swagger.io/introducing-the-open-api-initiative/
”HelloWorld!”inSwagger
http://swagger.io/getting-started-with-swagger-i-what-is-swagger/
Moreexamples:https://github.com/OAI/OpenAPI-Specification/tree/master/examples/v2.0/json
CreatingOAIDefinitions
• TopDown:YouDon’tHaveanAPI• Usethe SwaggerEditor tocreateyourSwaggerdefinition• Usetheintegrated SwaggerCodegen toolstogenerateserverimplementation.
• BottomUp:YouAlreadyHaveanAPI• CreatethedefinitionmanuallyusingthesameSwaggerEditor,OR• AutomaticallygeneratetheSwaggerdefinitionfromyourAPI
• Supportedframeworks:JAX-RS,node.js,etc
• Myadvice:stayawayfromautomaticallygeneratedcode.
RESTandScienceGateways
• Youractionsarealreadydefined:GET,etc• Defineyournounsandnouncollections: youneedtogetthisright
• Computingresources:staticinformationandstates• Applications:globalinformationaboutaspecificscientificapplication• Applicationinterfaces:resourcespecificinformationaboutanapplication• Users• Userexperiments:staticinformationandstates
• Definedatamodelsforyournouns• Youwillgetthiswrong,butdon’tworry
• Definetheoperationpatternsonyournouns• Composedofrequest-responseatomicinteractions
• YouneedtospecifyyourHATEOAShypermediaformats• Youroperationpatternsmaptothese.
ACaseStudy:CIPRESGatewayandREST
Miller,MarkA.,TerriSchwartz,BrettE.Pickett,SherryHe,EdwardB.Klem,RichardH.Scheuermann,MariaPassarotti,SethKaufman,and
MaureenA.O’Leary."ARESTfulAPIforAccesstoPhylogeneticToolsviatheCIPRESScienceGateway." Evolutionarybioinformaticsonline 11
(2015):43.
There are highly-evolved legacy desktop/browser applications that help with matrix assembly, but have no tree inference tools or are under powered:
raxmlGUI
CIPRES slides courtesy of Mark Miller, SDSC
CSGXSEDE
Parallel codes
We received funding to create a public CIPRES RESTful API (CRA) to help with these use cases….
raxmlGUI
Morpho-Bank
MB-DB
CharacterRecording
Character Matrix
Assembly
Team Data Sharing
CharacterQuantification
CharacterVisualization
Character Matrix
Publication
Use Cases: MorphoBank and REST ServicesMorphoBank provides powerful visual tools for creating and sharing data matrices among large teams……
Morpho-Bank
MB-DB
CharacterRecording
Character Matrix
Assembly
Team Data Sharing
CharacterQuantification
CharacterVisualization
Character Matrix
Publication
Use Cases: MorphoBank and REST Services
But its has no concept of trees or tree inference……
Morpho-Bank
MB-DB
CharacterRecording
Character Matrix
Assembly
Team Data Sharing
CharacterQuantification
CharacterVisualization
Character Matrix
Publication
Use Cases: MorphoBank and REST Services
CRAXSEDE
Parallel codes
CIPRES RESTful API allows users to proceed with their workflow within the MorphoBank environment……
Use Cases: Individual developers and REST Services
Advanced phylogenetic researchers want:
• to run many jobs simultaneously
• create ad hoc workflows
Advanced phylogenetic researchers don’t want:
• to assemble and click each job one at a time
• to manually port the output of one job to the subsequent job in their workflow
CRAXSEDE
Parallel codes
ScriptingTools
Use Cases: Individual developers and REST Services
Assuming modest scripting skills, an advanced researcher can accomplish this goal using the CIPRES RESTful API to avoid the clumsy browser interface
Advantages of offering REST services:
• Preserves the investment in creating and learning touse complex software environments.
• Makes interaction with the application more flexible forindividuals with scripting skills.
There are several immediate consequences of providing this kind of access:
• Responsibility for the end-user interface is shifted from the CIPRES development group to outside developers.
• Shift in responsibility for provenance and persistence of the user’s work products from CIPRES to user.
• Developers of unknown intent and skill level will have access to powerful computing resources.
There are several immediate requirements for providing this kind of access:
• The interface between “outside” developers and the CRA software must be versatile and simple.
• Changes in phylogenetic codes accessed by the CRA must be easy to propagate to client applications.
• Changes in phylogenetic codes must be incorporated strictly at the discretion of the client application.
• Resources must be protected from unintentional (and intentional) abuse.
Basic structure of the CRA
CIPRES Workbench(Executive)
CIPRESREST API
CIPRES Web App
Front End Middleware
Compute Resources
Remote Resources
The web application provides a browser GUI based on Struts2, whereas the CRA was created using Jersey.
CIPRESBrowser GUI
Third partyClient
To manage the requirement for preventing abuse and retaining accountability each job submission must include a unique user ID and a unique application ID
These IDs must be registered either with the CRA, or an application that has a trust relationship with the CRA.
Registration:There are three specific use cases:
– An individual user/scripter who wishes to submit a job through their own scripts
– An individual wants to submit through a third party software package that can talk to CRA
– A public website that has registered users that access the CRA
User validation/job submission in CRAUser created
client
Third party desktop client
Public Web app
User ID
User ID + Umbrella App ID
App ID
App ID
The first two use cases require registration of the user and the application they wish to use.
User Registration:• A user must register at the CRA web site, and provide their
institution and country affiliation. This influences how much time they may access.
• Any registered user may create and register an application at the CRA web site.
• Any registered user may use any application that is registered with the CRA.
In the third use case, the CRA uses “umbrella” accounts to support public web sites which have registered user who wish to access the CRA.
A trust relationship exists between CRA and the third party web application, and the third party application provides unique user identifiers as part of the regular job submission. These users do not need to be registered with the CRA.
Applications in this category register and are vetted as “umbrella” providers.
Throttling:Job submissions are controlled as follows:
– Any individual user is allowed to submit only a certain number of jobs
– Any individual user can only encumber as many core hours as they currently have in their account.
– A given application can only submit a certain number of jobs
– Submissions by specific users or applications can be blocked
Other consequences of REST v Browser apps
• The CRA provides asynchronous job submission, which eliminates the latency associated with synchronous browser-based submissions.
• The client app must poll for results if they want to detect changes in state of the job.
• With the Web Ap, CIPRES is responsible for data provenance and archiving; but with the CRA, the user is responsible for both.