Since connection issues between pub/subs are out of the realm of what the master knows about, one option would be adding TTL to master resource (topic/service) registrations--meaning that advertisers would need to poke foreign masters to keep the topic in the master's topic dictionary active.
If we adopt a "public master" approach, then the public masters would be the advertisers themselves instead of the nodes behind the public master (which would reduce the keep-alive traffic, since there are many more resource providers than masters).
> If we go with the public master approach, do you think it is a better to have the public master as a full secondary
> master in sync? or some sort of a master_sync relay with an xml/rpc server to accept requests. The latter should
> be fairly easy to prototype.
By "full secondary" vs "relay", do you mean "sync's all resources between private and public master" vs "only a specified list"? If so I'd say enumerating only what you want externally shared is preferred. Exposing everything over a lossy connection invites users to shoot themselves in the foot by subscribing to topics that could essentially take down the network due to bandwidth constraints. You won’t want to expose a high-frequency point cloud topic over 802.11g would you? If you needed to you would just expose a heavily throttled topic to prevent mishaps.
> The main problem with the XMLRPC api is that it doesn't really know about when machines go offline, since it relies on an explicit "unregister" call to remove connections.
Yes, exactly. I believe we modified this API (maserslave.py) to send some keep-alive traffic, but on a disconnect it took a long time for the keep-alive to time out (python => ROSTCP). In retrospect, we could/should have used python UDP sockets outside of ROS… or, god forbid, done a system call to ping.
> By "full secondary" vs "relay", do you mean "sync's all resources between private and public master" vs "only a specified list"?
We found the “whitelist” approach described to work well from a configuration standpoint. We were also playing with a regex/wildcard-based whitelist. I bet there are existing libraries to read and resolve rules of this form (think apache’s “allow from, deny from” – it’s even based on hierarchical namespaces [domains]).
-Nick
A wildcard/regex whitelist for resource (topic/service) exposure would probably suffice over an (even apache-simple) acl language.
I think an acl language would be more interesting on connections between masters themselves: only allow syncing between masters on certain domains, etc.
We really have to decide on how automatic we want master syncing to be and what lies in configuration and what lies in programmatic interfaces.
Here are some open questions I have:
How would a subscription/call to a foreign resource work as far as namespacing?
- Do you need to know the machine name (or whatever unique prefix we use)?
o When do we need to know it: at configuration time or runtime (launch file param, or query the master programmatically? Both?)
Should running nodes even receive callback events on resource adds/removals?
Jeff
By "full secondary" vs "relay", do you mean "sync's all resources between private and public master" vs "only a specified list"? If so I'd say enumerating only what you want externally shared is preferred. Exposing everything over a lossy connection invites users to shoot themselves in the foot by subscribing to topics that could essentially take down the network due to bandwidth constraints. You won’t want to expose a high-frequency point cloud topic over 802.11g would you? If you needed to you would just expose a heavily throttled topic to prevent mishaps.
How would a subscription/call to a foreign resource work as far as namespacing?
- Do you need to know the machine name (or whatever unique prefix we use)?
o When do we need to know it: at configuration time or runtime (launch file param, or query the master programmatically? Both?)
Both perhaps? I can't see the added functionality hurting. Having this programmatically should help auto discovery as well.
Should running nodes even receive callback events on resource adds/removals?
> A wildcard/regex whitelist for resource (topic/service) exposure would probably suffice over an (even apache-simple) acl language.
Agreed… but let’s not write one from scratch if there’s a more fully-featured one already available. Also want to mention that I don’t think we’re *actually* talking about access control – perhaps I should have referenced DNS bind routing rules instead.
I agree with Piyush on all counts.
Seems like we’re trying to build a non-pub/sub overlay network on top of a pub/sub network.
What if we considered the unique_id (as in “/unique_id/odom”) to be literally hostname:port or ip:port (as in “/bender:11311/odom”)? Let DNS/IP layers do what they do, and not mix that functionality into ROS. In fact, we could view the regular ROS pub/sub as a special case: “/*/odom”.
???
-N
> > A wildcard/regex whitelist for resource (topic/service) exposure would probably suffice over an (even apache-simple) acl language.
> Agreed… but let’s not write one from scratch if there’s a more fully-featured one already available. Also want
> to mention that I don’t think we’re *actually* talking about access control – perhaps I should have referenced
> DNS bind routing rules instead.
I understand what you’re aiming at. I merely brought up actual access control because the use of the words ‘allow’ and ‘deny’ from apache triggered the idea of filtering masters from each other. We can probably table that discussion for later though.
As far as a regex/whitelist is concerned, I must still be misunderstanding the particulars because given a string topic list already available from a master query, it’s just a simple regex to filter those that match an expression (python has decent regex support out-of-box). Again, I’m probably missing something. Are there other features you can think of that we’d need that an external library would be good for?
>
> I agree with Piyush on all counts.
Piyush’s comments align with my use-case as well. As long as there aren’t any lurkers on the list that have good counter arguments, I think we have a pretty good consensus.
> Seems like we’re trying to build a non-pub/sub overlay network on top of a pub/sub network.
Not entirely sure what you mean here.
I’ve done overlays on pub/subs before (out of necessity, not choice); this effort seems to be evolving into more of a “gateway” design that tries to keep the pub/sub metaphor intact (you’ll still be publishing and subscribing, just with only a subgraph). The master backend never was a pub/sub system itself and really what we’re doing here is adding a special case master instance.
> What if we considered the unique_id (as in “/unique_id/odom”) to be literally hostname:port or ip:port (as in
> “/bender:11311/odom”)? Let DNS/IP layers do what they do, and not mix that functionality into ROS. In fact,
> we could view the regular ROS pub/sub as a special case: “/*/odom”.
+1
This seems reasonable to me.
> it’s just a simple regex to filter those that match an expression (python has decent regex support out-of-box)
Good point. A regex whitelist would be trivial to do in Python, and would probably provide 90% of what people would get out of a more complicated language.
> more of a “gateway” design that tries to keep the pub/sub metaphor intact (you’ll still be publishing and subscribing, just with only a subgraph)
Agreed, this is a good way of thinking about it.
-N
By "full secondary" vs "relay", do you mean "sync's all resources between private and public master" vs "only a specified list"? If so I'd say enumerating only what you want externally shared is preferred. Exposing everything over a lossy connection invites users to shoot themselves in the foot by subscribing to topics that could essentially take down the network due to bandwidth constraints. You won’t want to expose a high-frequency point cloud topic over 802.11g would you? If you needed to you would just expose a heavily throttled topic to prevent mishaps.I should have elaborated clearly. The building manager docs suggested that the secondary (or public) master was a second instantiation of the regular master exposing a subset of the available resources as necessary. This public master would be kept in sync with the primary master using something like master_sync. To me, it is not clear whether this is the best route to take -- as the public master does not need matchmaking skills. Anyhow, it looks like we are proceeding with an implementation discussion anyway, so some of these things will get ironed out.I have replied on the questions you laid out based on my own use case. Over the next month I should probably have better answers.
How would a subscription/call to a foreign resource work as far as namespacing?I vote for attaching a unique id to the topic name. Something like /odom -> /unique_id/odom- Do you need to know the machine name (or whatever unique prefix we use)?At first, we should know the unique id of a foreign machine. We can later figure out how to do this automatically using auto discovery. This is mainly because a number of people with small setups wouldn't necessarily mind assigning the unique id themselves.o When do we need to know it: at configuration time or runtime (launch file param, or query the master programmatically? Both?)Both perhaps? I can't see the added functionality hurting. Having this programmatically should help auto discovery as well.
Should running nodes even receive callback events on resource adds/removals?Yes. My application will have a centralized planner. It will need to know how many services are available, and when they go offline.
PiyushOn Fri, May 11, 2012 at 10:17 AM, Jeff Rousseau <jrou...@aptima.com> <jrou...@aptima.com> wrote:
A wildcard/regex whitelist for resource (topic/service) exposure would probably suffice over an (even apache-simple) acl language.
I think an acl language would be more interesting on connections between masters themselves: only allow syncing between masters on certain domains, etc.
We really have to decide on how automatic we want master syncing to be and what lies in configuration and what lies in programmatic interfaces.
> > A wildcard/regex whitelist for resource (topic/service) exposure would probably suffice over an (even apache-simple) acl language.
> Agreed… but let’s not write one from scratch if there’s a more fully-featured one already available. Also want
> to mention that I don’t think we’re *actually* talking about access control – perhaps I should have referenced
> DNS bind routing rules instead.
I understand what you’re aiming at. I merely brought up actual access control because the use of the words ‘allow’ and ‘deny’ from apache triggered the idea of filtering masters from each other. We can probably table that discussion for later though.
As far as a regex/whitelist is concerned, I must still be misunderstanding the particulars because given a string topic list already available from a master query, it’s just a simple regex to filter those that match an expression (python has decent regex support out-of-box). Again, I’m probably missing something. Are there other features you can think of that we’d need that an external library would be good for?
>
> I agree with Piyush on all counts.
Piyush’s comments align with my use-case as well. As long as there aren’t any lurkers on the list that have good counter arguments, I think we have a pretty good consensus.
> Seems like we’re trying to build a non-pub/sub overlay network on top of a pub/sub network.
Not entirely sure what you mean here.
I’ve done overlays on pub/subs before (out of necessity, not choice); this effort seems to be evolving into more of a “gateway” design that tries to keep the pub/sub metaphor intact (you’ll still be publishing and subscribing, just with only a subgraph). The master backend never was a pub/sub system itself and really what we’re doing here is adding a special case master instance.
> What if we considered the unique_id (as in “/unique_id/odom”) to be literally hostname:port or ip:port (as in
> “/bender:11311/odom”)? Let DNS/IP layers do what they do, and not mix that functionality into ROS. In fact,
> we could view the regular ROS pub/sub as a special case: “/*/odom”.
+1
This seems reasonable to me.