Documentation and two redis config files.

Author: JanWielemaker

config-available/redis_sentinel.pl

@@ -0,0 +1,133 @@
+/*  Part of SWISH
+
+    Author:        Jan Wielemaker
+    E-mail:        [email protected]
+    WWW:           http://www.swi-prolog.org
+    Copyright (C): 2020-2024, SWI-Prolog Solutions b.v.
+    All rights reserved.
+
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions
+    are met:
+
+    1. Redistributions of source code must retain the above copyright
+       notice, this list of conditions and the following disclaimer.
+
+    2. Redistributions in binary form must reproduce the above copyright
+       notice, this list of conditions and the following disclaimer in
+       the documentation and/or other materials provided with the
+       distribution.
+
+    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+    "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+    LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+    FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+    COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+    INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+    BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+    LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+    CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+    LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+    ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+    POSSIBILITY OF SUCH DAMAGE.
+*/
+
+:- module(config_redis, []).
+% Edit with Redis consumer id.  Make sure each member of the cluster
+% has a unique id.
+swish:swish_node('<unassigned>').
+
+/** <module> Configure Redis
+
+SWISH may be configured to use the Redis key-value store for the various
+databases. This allows multiple SWISH instances to act as a cluster.
+
+Typically the configuration needs to be edited in two places:
+
+  - redis_server/3 must be called to address the Redis server
+  - redis_consumer may be set to identify this instance.  The
+    default is derived from the host name and port to which
+    this SWISH instance listens.  Clusters are advised to
+    assign a stable name to each cluster member.
+*/
+
+:- multifile swish_config:config/2.
+
+% Do not activate if we run SWISH in _ide_ mode
+:- if(\+swish_config:config(ide,true)).
+
+:- use_module(swish(lib/config), []).
+:- use_module(library(redis)).
+:- use_module(library(settings)).
+:- use_module(swish('config-available/user_profile')).
+:- use_module(library(profile/backend/profile_redis), []).
+:- use_module(library(http/http_session)).
+:- use_module(library(http/http_redis_plugin)).
+
+:- initialization
+    redis_servers.
+
+% Edit. List the sentinels. Normally we list   all of them. If there are
+% more though, they will be picked up as long   as we can get hold of at
+% least one from the list  below.  The   second  argument  is  the Redis
+% consumer. We use this to find a   working replicator that has the same
+% Redis consumer and thus  (hopefully)  has   the  lowest  latency. When
+% found, this is configured as "read only" Redis DB.
+sentinel('1.2.3.4':26379, node1).
+sentinel('1.2.3.5':26379, node2).
+sentinel('1.2.3.6':26379, node3).
+
+% edit: passwords.  Note that the sentinel and redis passwords
+% can be different.
+redis_connect_options(
+    [ user(swish),
+      password("********"),
+      version(3),
+      tls(true),
+      cacert('config-enabled/etc/redis/ca.crt'),
+      key('config-enabled/etc/redis/client.key'),
+      cert('config-enabled/etc/redis/client.cert'),
+      sentinels(Sentinels),
+      sentinel_user(query),
+      sentinel_password("********")
+    ]) :-
+    findall(Sentinel, sentinel(Sentinel, _), Sentinels).
+
+redis_servers :-
+    redis_master_server(swish),
+    redis_ro_server(swish, swish_ro).
+
+redis_master_server(ServerId) :-
+    redis_connect_options(Options),
+    redis_server(ServerId, sentinel(swipl), Options).
+
+:- dynamic ro_server/1 as volatile.
+
+redis_ro_server(Master, SlaveServerId) :-
+    redis_connect_options(Options),
+    swish:swish_node(Consumer),
+    sentinel(IP:_, Consumer),
+    sentinel_slave(Master, swipl, Slave, Options),
+    IP == Slave.ip,
+    Port = Slave.port,
+    redis_server(SlaveServerId, IP:Port, Options),
+    assertz(ro_server(SlaveServerId)).
+redis_ro_server(_, _).
+
+swish_config:config(redis_ro, Server) :-
+    ro_server(Server).
+swish_config:config(redis, swish).
+swish_config:config(redis_prefix, swish).
+swish_config:config(redis_consumer, Consumer) :-
+    swish:swish_node(Consumer).
+
+:- set_setting(user_profile:redis_server, swish).
+:- set_setting(user_profile:redis_prefix, 'swish:profiles').
+:- set_setting(user_profile:backend, impl_profile_redis).
+:- set_setting(user_profile:session_persistency, true).
+
+:- http_set_session_options([ redis_db(swish),
+                              redis_prefix('swish:http:session')
+                            ]).
+
+:- endif. % \+swish_config:config(ide,true)

config-available/redis.pl config-available/redis_simple.pl

@@ -0,0 +1,164 @@
+# Running SWISH for large user communities
+
+By default,  SWISH uses the local  filesystem to store its  data.  All
+data  is stored  in  a directory  `data`.  Data  such  as chats,  user
+profile, etc  are stored using SWI-Prolog's  `library(persistency)` as
+Prolog  terms.  Files  are saved  in _gitty_  format as  files to  the
+subdirectory `data`.  The _gitty_ format  is based on GIT, saving data
+based on  the SHA1 hash of  the content and linking  versions of files
+together as _commits_.  This format only allows a single SWISH server.
+
+## Using Redis
+
+Alternatively, a [redis](https://redis.io/) database  can be used that
+stores the  chats, user profile  data and  the _HEAD_ commit  for each
+file.  The  files themselves  are still  stored in  the `data/storage`
+directory using the  same format.  This setup uses  Redis _streams_ to
+broadcast events of interest to all SWISH nodes in the cluster.  These
+events are  used to  make chat  work over the  cluster members  and to
+replicate new objects for the `storage` directory:
+
+  - If an object (hashed document) is added to the store, the cluster
+    is informed.  Each cluster member stores the object.
+  - If a cluster member is down when the object is added, it will
+    find the most recent HEAD commit hash from the Redis DB.  If
+	the referenced object is not in its store, it broadcasts a
+	_discovery request_ for the hash.   The cluster member that
+	has a copy of this document will repost it.
+
+To deploy  multiple SWISH instances  using this setup, one  must first
+setup a Redis DB.  Currently SWI-Prolog's redis library supports three
+of the four redis configurations:
+
+  - Single node.  This is easy, but vulnerable to data loss.  The
+    single node also easily becomes a bottleneck.
+  - Single node with static replicators.   This avoids data loss.
+    It also allows SWISH instances to configure Redis write operations
+	to use the master and read operations to use a nearby replicator.
+    No files can be saved if the master goes down.
+  - High availability cluster.   In this case a set of redis nodes are
+    monitored by a set of _sentinels_, minimally 3.  The network
+	operates as above, but if the sentinels discover that the master
+	is down, they elect a new master and reconfigure the network.
+	The SWISH client asks the sentinels for the current configuration.
+	If the client gets Redis errors it will reconsult the sentinels and
+	reconnect to the possibly changed configuration.
+
+### Getting the Redis network up
+
+Getting the cluster up consists of these steps:
+
+  1. Decide on the Redis configuration to use and configure the
+     Redis Db (cluster).
+  2. Select a matching SWISH Redis configuration, copy it from
+     `config-available` to `config-enabled` and edit to suit
+     your setup.  Available configurations:
+
+	   - `config-available/redis_simple.pl` <br>
+         Simple single node clear-text connection.   Only use on trusted
+         networks!
+       - `config-available/redis_sentinel.pl`
+         Sentinel cluster using TLS for establishing secure connections.
+  3. Bring up SWISH
+  4. If you have old data, you may use `lib/redis_transfer.pl` to transfer
+     the existing data from the Prolog .db files to populate the Redis DB.
+  5. Add new nodes.  Make sure to edit the _Redis consumer_ in each
+     enabled configuration.
+
+After  the above,  we have  multiple  SWISH instances  that share  the
+files, user  profiles, chat  and HTTP  session management.   Each node
+needs to be contacted at its own address though.
+
+## Making the nodes operate as a single service
+
+To make the nodes accessible as a  single service we need some form of
+session aware  load balancing.  There are  many ways to do  this.  The
+public  site  using  an  [nginx](https://www.nginx.com/)  instance  as
+_reverse proxy_.  The nginx _upstream_ mechanism with policy `ip_hash`
+is used  for load balancing.   The skeleton setup is  below.  Details,
+such as error pages, HTTPS configuration, etc. are left out.
+
+```
+upstream swish {
+    ip_hash;
+    server <url1>
+    server <url2>
+	...
+}
+
+server {
+        location / {
+                proxy_pass https://swish;
+                proxy_http_version 1.1;
+                proxy_buffering off;
+                client_body_buffer_size 100k;
+                proxy_cache off;
+                proxy_set_header Host $host
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+                proxy_read_timeout 86400;
+        }
+
+        location /chat {
+                proxy_pass https://swish;
+                proxy_http_version 1.1;
+                proxy_set_header Host $host
+                proxy_set_header Upgrade $http_upgrade;
+                proxy_set_header Connection "upgrade";
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_read_timeout 86400;
+        }
+}
+```
+
+## Many files need better search: enable Elastic search
+
+File search in the file tab  and top-right search box by default using
+simple Prolog search.  This works great  with a few hundreds of files,
+but above it gets too expensive to walk over each file HEAD commit and
+possibly its content.
+
+For  this purpose  we  provided an  [Elastic](https://www.elastic.co/)
+plugin.  The setup works as follows:
+
+  1. Launch Elastic
+  2. Copy `config-available/elastic.pl` to `config-enabled` and edit
+     the location of the Elastic instance and the connection details
+     (password, certificates).
+  3. Use `lib/plugin/es_swish.pl` (loaded by `config-enabled/elastic.pl`) to
+     1. Create the Elastic index using `?- es_create_index.`
+	 2. Run `?- es_add(0, 1 000 000).` to populate the index.  The
+		arguments are offset and limit, so you can do the job in
+		batches to see how it goes.
+
+After enabling,  new documents  are automatically  added to  the index
+when they are saved.  If there has been a disruption or you can update
+the index with all documents added or modified using `es_add_since/1`,
+which takes the number of seconds  to look back.  So, to add documents
+for the past week, use:
+
+    ?- es_add_since(7*24*3600).
+
+## Deployment hints
+
+The public instance runs on docker images created using the Dockerfile
+from the GIT repo below.
+
+    - https://github.com/SWI-Prolog/docker-swish-public.git
+
+The docker version deploys the  `libssh` pack that allows logging into
+the running SWISH server using SSH.   This is used notably for running
+the maintenance commands above.
+
+We  maintain the  `config-enabled` directory  of  each node  as a  git
+repository that is  a clone of a version maintain  on the machine from
+which we  control all instances.  The  version at the node  is checked
+out on  a branch  with a  commit that  reflects the  local differences
+(consumer in `redis.pl` and the public network address in `network.pl`
+if  each server  can  also  be accessed  explicitly).   To update  the
+configuration we
+
+  1. Edit it on the maintenance machine
+  2. Run `git push <remote> master` to update the remote master
+  3. On the node run `git rebase master` to update the node config
+Do a  4. Restart SWISH.

doc/PublicInstall.md

@@ -35,7 +35,7 @@
 :- module(es_swish,
           [ es_create_index/0,
             es_add_file/1,                        % +File
-            es_add/2,                             % +Offset, +Limit +Count
+            es_add/2,                             % +Offset, +Limit
             es_add_since/1,                       % +Time
             es_query/2
           ]).