Policy Training

Rule Engine Plugins

Policy Training

Rule Engine Plugins

Jason Coposky

@jason_coposky

Executive Director, iRODS Consortium

August 3-6, 2020

KU Leuven Training

Webinar Presentation

Anatomy of a Rule Engine Plugin

Each plugin must define seven operations:

  • start
  • stop
  • rule_exists
  • list_rules
  • exec_rule
  • exec_rule_text
  • exec_rule_expression

 

The Rule Engine Plugin Framework

Manages multiple instantiations of rule engine plugins

  • First by regex match
  • Second by rule_exists()

Delegates policy invocation to rule engine plugins

If a policy returns success, meaning a zero, the framework stops

order matters!

Walks plugins sequentially looking for a plugin to satisfy the invocation

If a policy returns RULE_ENGINE_CONTINUE, the process continues which allows for a clean separation of concerns

If a policy returns an error, meaning a negative value, the framework stops

Rule Engine Continuation

acPostProcForPut() { 
  if($rescName == "demoResc") {
      # extract and apply metadata
  }
  else if($rescName == "cacheResc") {
      # async replication to archive
  }
  else if($objPath like "/tempZone/home/alice/*" &&
          $rescName == "indexResc") {
      # launch an indexing job
  }
  else if(xyz) {
      # compute checksums ...        
  }
  
  # and so on ...
}

The original approach to policy implementation

Rule Engine Continuation

Separate the implementation into several rule bases:

pep_api_data_obj_put_post(*INSTANCE_NAME, *COMM, *DATAOBJINP, *BUFFER, *PORTAL_OPR_OUT) {
  # metadata extraction and application code
  
  RULE_ENGINE_CONTINUE
}

/etc/irods/metadata.re

pep_api_data_obj_put_post(*INSTANCE_NAME, *COMM, *DATAOBJINP, *BUFFER, *PORTAL_OPR_OUT) {
  # checksum code
  
  RULE_ENGINE_CONTINUE
}

/etc/irods/checksum.re

pep_api_data_obj_put_post(*INSTANCE_NAME, *COMM, *DATAOBJINP, *BUFFER, *PORTAL_OPR_OUT) {
  # access time application code
  
  RULE_ENGINE_CONTINUE
}

/etc/irods/access_time.re

Configuration of Rule Engine Plugins

Server configuration is found in /etc/irods/server_config.json

...

"federation": [],
"server_control_plane_port": 1248,
"plugin_configuration": {
    "rule_engines": [
        {
            // native rule engine configuration
        },
        {
            // python rule engine configuration
        },
        {
            // C++ default rule engine configuration
        }      
        ...
    ]
}

All plugins may have configuration parameters in the 'plugin_configuration' object

All instances of rule engine plugins must be configured in the 'rule_engines' array

Configuration of Rule Engine Plugins

Anatomy of a rule engine plugin instance

...

"federation": [],
"server_control_plane_port": 1248,
"plugin_configuration": {
    "rule_engines": [
        {
            "instance_name": "<UNIQUE NAME>",
            "plugin_name": "<DERIVED FROM SHARED OBJECT>",
            "plugin_specific_configuration": {
                <ANYTHING GOES HERE>
            }
            "shared_memory_instance": "<UNIQUE SHM NAME>"
        },
        ...
    ]
}

iRODS Rule Language Configuration

{
    "instance_name": "irods_rule_engine_plugin-irods_rule_language-instance", 
    "plugin_name": "irods_rule_engine_plugin-irods_rule_language", 
    "plugin_specific_configuration": {
        "re_data_variable_mapping_set": [
            "core"
        ], 
        "re_function_name_mapping_set": [
            "core"
        ], 
        "re_rulebase_set": [
            "example_custom_rule_base_0",
            "example_custom_rule_base_1",
            "example_custom_rule_base_2",          
            "core"
        ], 
        "regexes_for_supported_peps": [
            "ac[^ ]*", 
            "msi[^ ]*", 
            "[^ ]*pep_[^ ]*_(pre|post)"
        ]
    }, 
    "shared_memory_instance": "upgraded_legacy_re"
}

iRODS Rule Language Configuration

/etc/irods/core.re is the default implementation and should remain unchanged

Rule implementations are found in /etc/irods/

Custom rule implementations reside in /etc/irods/ and should be configured above core in re_rule_base_set

Basic iRODS Rule Language Example

Static (Legacy) Policy Enforcement Points

Dynamic Policy Enforcement Points

acPostProcForPut() {
    if("ufs_cache" == $KVPairs.rescName) {
        delay("<PLUSET>1s</PLUSET><EF>1h DOUBLE UNTIL SUCCESS OR 6 TIMES</EF>") {
            *CacheRescName = "comp_resc;ufs_cache";
            msisync_to_archive("*CacheRescName", $filePath, $objPath );
        }
    }
}
pep_resource_resolve_hierarchy_pre(*INST_NAME, *CTX, *OUT, *OP_TYPE, *HOST, *RESC_HIER, *VOTE)
{
    if( "CREATE" == *OP_TYPE ) {
        if( "pt1" == *INST_NAME) {
            *OUT = "read=1.0;write=0.5"
        }
        else if ( "pt2" == *INST_NAME ) {
            *OUT = "read=1.0;write=1.0"
        }
    }
}

Installing the Python Rule Engine Plugin

sudo apt-get -y install irods-rule-engine-plugin-python

ls /usr/lib/irods/plugins/rule_engines/

libirods_rule_engine_plugin-cpp_default_policy.so  

libirods_rule_engine_plugin-irods_rule_language.so

libirods_rule_engine_plugin-python.so

Install the plugin

See the new shared objects

Python Rule Engine Configuration

Create /etc/irods/core.py from packaged template file

irods $ cp /etc/irods/core.py.template /etc/irods/core.py
"rule_engines": [
    {
         "instance_name" : "irods_rule_engine_plugin-python-instance",
         "plugin_name" : "irods_rule_engine_plugin-python",
         "plugin_specific_configuration" : {}
    }, 
    {
         "instance_name": "irods_rule_engine_plugin-irods_rule_language-instance",
...

Add the plugin configuration to /etc/irods/server_config.json

Python Rule Language Example

def acPostProcForPut(rule_args, callback, rei):
    Map = session_vars.get_map(rei)
    Kvp = { str(a):str(b) for a,b in Map['key_value_pairs'].items() }
    if 'ufs_cache' == Kvp['rescName']:
        callback.delayExec( 
           ("<PLUSET>1s</PLUSET><EF>1h DOUBLE UNTIL SUCCESS OR 6 TIMES</EF>" +
            "<INST_NAME>irods_rule_engine_plugin-python-instance</INST_NAME>" ),
           "callback.msisync_to_archive('{cacheResc}','{file_path}','{object_path}')".format( cacheResc='comp_resc;ufs_cache', 
                                                                                              **Map['data_object'] ), "")
def pep_resource_resolve_hierarchy_pre(rule_args, callback):
   (INST_NAME, CTX, OUT, OP_TYPE, HOST, RESC_HIER, VOTE) = rule_args
  
   if "CREATE" == OP_TYPE :

       if   "pt1" == INST_NAME:
           rule_args[2] = "read=1.0;write=0.5"

       elif "pt2" == INST_NAME:
           rule_args[2] = "read=1.0;write=1.0"

Static (Legacy) Policy Enforcement Points

Dynamic Policy Enforcement Points

A Combination Use of Both Python and iRODS Rules

Add a custom rulebase to /etc/irods/server_config.json

"rule_engines": [
    {
         "instance_name" : "irods_rule_engine_plugin-python-instance",
         "plugin_name" : "irods_rule_engine_plugin-python",
         "plugin_specific_configuration" : {}
    },
    {
        "instance_name": "irods_rule_engine_plugin-irods_rule_language-instance",
        "plugin_name": "irods_rule_engine_plugin-irods_rule_language",
        "plugin_specific_configuration": {
            "re_data_variable_mapping_set": [
                "core"
            ],
            "re_function_name_mapping_set": [
                "core"
            ],
            "re_rulebase_set": [
          ----> "training", <----
                "core"
            ],

A Combination Use of Both Python and iRODS Rules

Create /etc/irods/training.re rulebase

add_metadata_to_objpath(*str, *objpath, *objtype) {
    msiString2KeyValPair(*str, *kvp);
    msiAssociateKeyValuePairsToObj(*kvp, *objpath, *objtype);
}

getSessionVar(*name,*output) {
    *output = eval("str($"++*name++")");
}

A Combination Use of Both Python and iRODS Rules

Copy core.py and python_storage_balancing.py into /etc/irods

 

 

 

This will overwrite the default core.py

sudo cp ~/irods_training/advanced/python_storage_balancing.py /etc/irods/
sudo cp ~/irods_training/advanced/core.py /etc/irods/

The python instantiation of the static PEP now in core.py:

def acPostProcForPut(rule_args, callback, rei):
    sv = session_vars.get_map(rei)
    phypath = sv['data_object']['file_path']
    objpath = sv['data_object']['object_path']
    exiflist = []
    with open(phypath, 'rb') as f:
        tags = EXIF.process_file(f, details=False)
        for (k, v) in tags.iteritems():
            if k not in ('JPEGThumbnail', 'TIFFThumbnail', 'Filename', 'EXIF MakerNote'):
                exifpair = '{0}={1}'.format(k, v)
                exiflist.append(exifpair)
    exifstring = '%'.join(exiflist)
    callback.add_metadata_to_objpath(exifstring, objpath, '-d')
    callback.writeLine('serverLog', 'PYTHON - acPostProcForPut() complete')

Test our combination of rules

wget https://github.com/irods/irods_training/raw/master/stickers.jpg

iput stickers.jpg

Get some test data into iRODS

imeta ls -d stickers.jpg

Confirm the EXIF metadata was harvested

irm -f stickers.jpg

Make sure earlier stickers example is removed

AVUs defined for dataObj stickers.jpg:

attribute: Image Orientation
value: Horizontal (normal)
units:
----
attribute: EXIF ColorSpace
value: sRGB
units:
----

Microservices

We were using the word before it was cool...

  • C++ plugins bound into the rule languages
  • Necessary to reach certainly custom libraries
  • Useful for complex or compute intensive applications

Many are provided by the server but additional plugins may be installed 

We will walk through the statically linked plugins here:

Microservices

Can be invoked directly by the native rule engine

example_rule()
{
    msiDataObjChksum("/tempZone/home/rods/example.txt", "verifyChksum=++++ChksumAll=", *result)
}
def example_rule(rule_args, callback):
    callback.msiDataObjChksum("/tempZone/home/rods/example.txt", "verifyChksum=++++ChksumAll=", *result)

May be reached in python through the callback mechanism

Delayed Execution

iRODS provides an asynchronous means to execute rules

The delay() directive will schedule its body of code into the delayed execution queue

The delay() directive is built into the iRODS rule language and available using the callback mechanism in Python

Delayed Execution

  • EA
  • ET
  • PLUSET
  • EF
  • INST_NAME

The delay is configured via a string using XML parameter syntax

Options include:

execution address, host where the delayed execution needs to be performed

execution time, absolute time when it needs to be performed.

relative execution time to current time when it needs to execute

execution frequency (in time widths) it needs to be performed.

rule engine plugin instance name to target for this rule

Delayed Execution

The EF value is of the format: nnnnU <directive>

  • nnnn is a number
  • U is the unit of the number (s-sec,m-min,h-hour,d-day,y-year)
  •     <empty-directive> same as REPEAT FOR EVER
  •     REPEAT FOR EVER
  •     REPEAT UNTIL SUCCESS
  •     REPEAT nnnn TIMES where nnnn is an integer
  •     REPEAT UNTIL <time>
  •     REPEAT UNTIL SUCCESS OR UNTIL <time>
  •     REPEAT UNTIL SUCCESS OR nnnn TIMES
  •     DOUBLE FOR EVER
  •     DOUBLE UNTIL SUCCESS where delay is doubled every time.
  •     DOUBLE nnnn TIMES
  •     DOUBLE UNTIL <time>
  •     DOUBLE UNTIL SUCCESS OR UNTIL <time>
  •     DOUBLE UNTIL SUCCESS OR nnnn TIMES
  •     DOUBLE UNTIL SUCCESS UPTO <time>

Where <directive> can be of the form:

Delayed Execution

The <time> format may be one of three forms:

  • nnnn
  • nnnns
  • nnnnm
  • nnnnh
  • nnnnd
  • nnnny

<dd.hh:mm:ss> where dd, hh, mm and ss are 2 digits integers

                            representing days, hours minutes and seconds

Truncation from the end is allowed. e.g. 20:40 means mm:ss

an integer. assumed to be in sec

an integer followed by 's' meaning in seconds

an integer followed by 'm' meaning in minutes

an integer followed by 'h' meaning in hours

an integer followed by 'd' meaning in days

an integer followed by 'y' meaning in years

The input can also be full calendar time in the form:
      YYYY-MM-DD.hh:mm:ss

Truncation from the beginning is allowed.
      e.g., 2007-07-29.12 means noon of July 29, 2007.

Delayed Execution

For the native rule language it takes one parameter:

def example_python_rule(rule_args, callback, rei):
    rule_body = """callback.msiObjStat("/tempZone/home/rods/example.txt", stat_out)"""
    callback.delayExec( 
           ("<PLUSET>1s</PLUSET><EF>1h DOUBLE UNTIL SUCCESS OR 6 TIMES</EF>" +
            "<INST_NAME>irods_rule_engine_plugin-python-instance</INST_NAME>" ),
            rule_body)
example_delayed_rule() {
    delay("<EF>REPEAT FOR EVER<\EF><INST_NAME>irods-rule-language-instance<\INST_NAME>") {
        msiObjStat("/tempZone/home/rods/example.txt", *stat_out)
    }
}

For the python rule language it takes two parameters, the configuration and the rule body

Remote Execution

The remote directive executes the body of its code on another iRODS server with a signature of:

 

remote("server.host.name", "<ZONE>zone_name</ZONE>")

Remote Execution

The native rule engine plugin usage is similar to the delay()

def example_python_rule(rule_args, callback, rei):
    rule_code = """
def main(rule_args, callback, rei):
    print('This is a test of the Python Remote Rule Execution')"""
    
    callback.py_remote('irods.example.org', '', rule_code, '')            
example_delayed_rule() {
    remote("irods.example.org", "<ZONE>tempZone<\ZONE>") {
        msiObjStat("/tempZone/home/rods/example.txt", *stat_out)
    }
}

For the python rule language there is a separate implementation

Questions?

KU Leuven Policy Training - Rule Engine Plugins

By jason coposky

KU Leuven Policy Training - Rule Engine Plugins

  • 324
Loading comments...

More from jason coposky