Hello! I'm still not fully convinced, but Val's approach sounds rational to me.
Regards, -- Ilya Kasnacheev чт, 22 апр. 2021 г. в 12:45, Atri Sharma <a...@apache.org>: > Hello! > > I actually saw the shared container scenario being tried by somebody > who wanted an external script to monitor all IPs being used by his > clusters and hence thought of this idea. Another thing that came in > was the Firewall blocking a few IP addresses, hence the idea. > > I feel that the footprint of this change is small, and can be useful > for esoteric use cases too without really interfering in any existing > code path. Val's suggestion seems the right way to go since it gives > the functionality without much change. > > Thoughts? > > On Thu, Apr 22, 2021 at 2:47 PM Ilya Kasnacheev > <ilya.kasnach...@gmail.com> wrote: > > > > Hello! > > > > AFAIK, a S3 container, Azure blob container, etc, is a relatively > > lightweight entity, similar to a table in an SQL database. Why would > > different clusters need to share the same discovery storage container? > > When I tested Azure IP finder, it created several blob containers for me > on > > demand, based on the parameter passed to IP finder. If I wanted to have > > more than one cluster it should have been seamless already. > > > > I can theoretically see how address filtering may be useful to remove > > public / private addresses or Docker gateway address, but it is usually > > handled by setting localHost setting, although requiring tuning it for > each > > instance individually. Overall benefit seems to small. > > > > This is why I am asking, do you have any specific scenario in mind where > > this feature is an enabler? How did you arrive at the conclusion to go > > forward with it? > > > > Regards, > > -- > > Ilya Kasnacheev > > > > > > чт, 22 апр. 2021 г. в 07:51, Atri Sharma <a...@apache.org>: > > > > > Hi Val, > > > > > > Consider a scenario where multiple Ignite clusters are running and for > > > operational ease (and also compliance, in some cases, e.g. to make > > > auditing easier), people can configure cloud based IP finders to share > > > the same container (blob container in Azure, S3 container in AWS etc). > > > > > > In such a case, IPs for all clusters will be in the same container. > > > IPFinders of both the clusters will read the entire list. In this > > > case, address filtering will help ignore the irrelevant IP addresses. > > > > > > Thank you for pointing me to the alternate direction. Let me research > > > that and revert. > > > > > > Atri > > > > > > On Wed, Apr 21, 2021 at 10:46 PM Valentin Kulichenko > > > <valentin.kuliche...@gmail.com> wrote: > > > > > > > > Hi Atri, > > > > > > > > Can you describe the scenario in a little more detail? What exactly > do > > > you > > > > mean by a container shared by multiple clusters? What are the > > > consequences > > > > of this? How does the proposed solution solve the problem? > > > > > > > > Also, I would suggest revisiting the design - I'm not sure such > filtering > > > > should be done on the IP finder level. Why not do this on the SPI > level > > > > instead? I would simply add something like "addressFilter" to the > > > > TcpDiscoverySpi. The filter can be a generic IgnitePredicate, so you > will > > > > be able to provide any implementations, including regex or anything > else. > > > > > > > > -Val > > > > > > > > On Wed, Apr 21, 2021 at 9:04 AM Atri Sharma <a...@apache.org> wrote: > > > > > > > > > Hi, > > > > > > > > > > When a container is shared by multiple clusters, then this can be > > > useful > > > > > for filtering IPs. > > > > > > > > > > Also, things like VPC based barriers can be circumvented using this > > > > > technique. > > > > > > > > > > On Wed, 21 Apr 2021, 15:49 Ilya Kasnacheev, < > ilya.kasnach...@gmail.com > > > > > > > > > wrote: > > > > > > > > > > > Hello! > > > > > > > > > > > > What are the expected use cases for this feature? Can you please > > > > > elaborate? > > > > > > > > > > > > Thanks, > > > > > > -- > > > > > > Ilya Kasnacheev > > > > > > > > > > > > > > > > > > ср, 21 апр. 2021 г. в 08:23, Atri Sharma <a...@apache.org>: > > > > > > > > > > > > > Hi All, > > > > > > > > > > > > > > I have opened the following JIRA for the said topic: > > > > > > > > > > > > > > https://issues.apache.org/jira/browse/IGNITE-14606 > > > > > > > > > > > > > > The concept is to filter IPs based on a pattern or a blocklist > in > > > > > > > IPFinders while consuming IPs. This is more pertinent for cloud > > > based > > > > > > > IPFinders since they can have shared containers. > > > > > > > > > > > > > > For the moment, I have implemented regex based filtering: > > > > > > > > > > > > > > https://issues.apache.org/jira/browse/IGNITE-14607 > > > > > > > > > > > > > > for Azure Blob Storage IP Finder. Over time, we can extend the > > > same to > > > > > > > other IP finders. > > > > > > > > > > > > > > Please see the PR: > > > > > > > > > > > > > > https://github.com/apache/ignite/pull/9024 > > > > > > > > > > > > > > Regards, > > > > > > > > > > > > > > Atri > > > > > > > > > > > > > > -- > > > > > > > Regards, > > > > > > > > > > > > > > Atri > > > > > > > Apache Concerted > > > > > > > > > > > > > > > > > > > > > > > > -- > > > Regards, > > > > > > Atri > > > Apache Concerted > > > > > -- > Regards, > > Atri > Apache Concerted >
