Discussion: Evaluate geoserver-cloud integration

[mwallschlaeger]

Task Description

As geoserver is basically the only service not scalable in geonode-k8s, there are currently two approaches to make this happen. One mentioned by Geosolutions, loadbalancing incomming traffic to multiple geoserver instances. The other one would be to use the geoserver-cloud deployment from camptocamp. As far as I understand this can not be integrated directly as it is missing at least the geoserver geonode plugin, which uses geonode to authorize geoserver login attempts. It might be possible to bypass this plugin by configuring geoserver to use oauth2 to authorize users with geonode. Does anybody has experiences or did further evaluation on including ether loadbalancing geoserver or geoserver cloud into geonode or geonode-k8s? @AlexGacon @ridoo

Additional Information

Any additional information or context that may be helpful in completing the task.

[AlexGacon]

I work on daily basis with geoserver cloud so I would be happy to have it in geonode-k8s but there are several obstacles to do so:

• as you mentionned, the geonode plugins are not integrated/ported to geoserver-cloud. Not sure that your idea for bypassing the geonode oauth2 will work either.
• Geoserver Cloud does not support GeoFence. We have developed GeoServer ACL as a replacement but the REST API is not exactly the same as GeoFence so it cannot be drop like this in replacement.

Some of our customers ask for quotation on developing this but no progress so far.

Regarding the use of a cluster of GeoServer, it is possible but you have to put a mechanism to synchronize the configuration between the different GeoServer instances, since you cannot share a configuration folder between them on K8s. One option could be to store the GeoServer configuration into database (there are several community extensions for that); in this case you only have to find how to tell all the instances to update their configuration cache after a change in GeoNode (generally it means deploying somethings like JMX or RabbitMQ).

[mwallschlaeger]

@giohappy does geosolution has an idea on how to scale geoserver on kubernetes. By overcomming geonode plugins or by loadbalancing geoserver?

[giohappy]

@mwallschlaeger we're working on it. For the moment the solution will be based on the JMS plugin, which is not perfect but it seems ok. We have planned to develop a different clustering solution in the future but we don't have a timeline yet. We will contribute back the JMS based solution once it's ready. There are a few things we had to fix in the JMS plugin and we're testing them.

[ridoo]

@mwallschlaeger no deeper experience in clustering/loadbalancing geoserver so far.

ATM, the "geonode plugin" for GeoServer is quite opaque to me, but I may have missed the right entry point to dive into. I do know https://github.com/GeoNode/geoserver-geonode-ext/, though, it just provides some binary jar files and an empty data directory.

I have not looked into ACL and geofence, yet, so I cannot forsee, if oauth2 and ACL offer an alternative to standard geofence which might enables geoserver-cloud as an alternative to standard geoserver ... However, it would be very interesting to test out what would be possible with ACL and oauth2.

Edit: I tried to find out which plugins are actually needed by GeoNode:

The geonode/geoserver image downloads a pre-build geoserver version which is built by some custom script. I found this one in the geonode-docker repo (which also prepares the data dir). This version seems to be for future builds as it pushes to S3 -- AFAIK, so far the builds where always done by a Jenkins pipeline. However, the Maven build command includes the following extensions (enabled via Maven profile flag -P):

mvn ... -PsldService,printing,monitor,control-flow,wps,kmlppio,wps-download,excel,querylayer,gdal,authkey,css,ysld,importer,wmts-multi-dimensional,backup-restore,oauth2-geonode,oauth2-openid-connect,geofence-server,geofence-wps

Each would have to be re-implemented to be able to run in geoserver-cloud. I guess, this would require far more efforts than trying to evaluate how GeoNode could work with ACL and OAuth2.

[ridoo]

For the record: https://github.com/geoserver/geoserver-cloud/pull/475

[AlexGacon]

@ridoo some of the extensions are already available in GS Cloud (wps, css)

[ridoo]

@AlexGacon are we able to create a "supported" matrix?

plugin	supported by gs-cloud	comment
authkey (docs)	:question:
backup-restore	:question:
control-flow (docs)	:question:
css	:heavy_check_mark:	as indicated
excel (docs)	:question:
gdal	:question:
geofence-server (docs)	:question:	resolved by geoserver-acl?
geofence-wps (docs)	:question:
kmlppio	:question:
importer (docs)	:question:
monitor (docs)	:question:
oauth2-geonode	:question:	resolved by https://github.com/geoserver/geoserver-cloud/pull/475?
oauth2-openid-connect	:question:	resolved by https://github.com/geoserver/geoserver-cloud/pull/475?
printing (docs)	:question:
querylayer (docs)	:question:
sldService (docs)	:question:
wmts-multi-dimensional (docs)	:question:
wps	:heavy_check_mark:	as indicated
wps-download (docs)	:question:
ysld	:question:

[AlexGacon]

To me monitor and control-flow are not mandatory but a nice to have.

For monitoring, GS Cloud have metrics endpoint you can use with Prometheus or so (metrics per end-point, not as precise as the monitoring extension).

For control-flow, you can easily add new pods if required. We will also work soon on autoscaling.

[AlexGacon]

@mwallschlaeger @ridoo we are looking for fundings to work on a GS Cloud integration. Is it something which can be arranged on your side?

[groldan]

Hi, here's a working demo docker compose for geoserver cloud integration https://github.com/groldan/geonode-geoserver-cloud-compose Note this is to check the Oauth2 functionality only.

Re the required extensions:

• authkey: integrated and enabled by default
• backup-restore: pending. When tried to integrate it had some bugs I don't recall. May try to resurrect it.
• control-flow: it probably makes more sense to do something in the gateway.
• css: integrated.
• excel: pending. Difficulty: easy
• gdal: pending. Difficulty: medium/complex.
• geofence/wps: replaced by ACL in gs-cloud. The ACL REST API is different than Geofence's. The python client can be generated with the openapi tools.
• kmlppio: pending. Difficulty: easy
• importer: integrated in the web-ui service, but pending on the rest-service. In web-ui it needs to be enabled with the webui.importer.enabled config property (i.e. ConfigMap, System prop, env variable)
• monitor: As mentioned by Alex, we'd rather work on spring-boot friendlier integrations (probably opentelemetry). There's the prometheus export and several other spring boot actuator endpoints for metrics and other stuff.
• oauth2-geonode
• printing: not integrated. May deserve its own microservice?
• querylayer: pending. Difficulty: easy
• sldService: pending. Difficulty: easy
• wmts-multi-dimentional: pending. Difficulty: dunno
• wps: wps-service
• wps-download: : pending. Difficulty: easy/medium. May just be a matter of having a prescribed pv/mount-point for shared tmp dirs?
• ysld: pending. Difficulty: easy

[mwallschlaeger]

@AlexGacon hi sorry for my late reply, I was on holiday. As the geonode-k8s maintainer i would really like to see the integration of geoserver cloud into this project. But as a devops engineer at my current position, I cannot see further benefits for our team to run geoserver-cloud within our geonode installation, therefore i do not see any possibilities to arrange any kind of funding for this purpose.

[ridoo]

Hi, here's a working demo docker compose for geoserver cloud integration https://github.com/groldan/geonode-geoserver-cloud-compose

@groldan thanks for the hint. Will try it out.

we are looking for fundings to work on a GS Cloud integration. Is it something which can be arranged on your side?

@AlexGacon I fear, we cannot arrange funding from our side ATM.

[anthieni]

Good morning all, we are working on an evaluation and development, already advanced, of the integration of GeoNode with GS-Cloud ACL where we will be releasing the first version, today we have it functional but we are doing the last tests. @dgquail We are doing this with our own funding but also looking at potential customers for this version and for our version of GeoExpress Cloud.

@groldan is more than useful and it is working perfectly for us. 💯

We have already separated the Mapstore Client for better scaling and looking at adding the html that is still in the Django/ jinja templates. We are also considering updating the tool versions.

I hope that next weeks we will have news to share with you.