System Architecture

Below are sections presenting details of the Enterprise Gateway internals and other related items. While we will attempt to maintain its consistency, the ultimate answers are in the code itself.

Enterprise Gateway Process Proxy Extensions

Enterprise Gateway is follow-on project to Jupyter Kernel Gateway with additional abilities to support remote kernel sessions on behalf of multiple users within resource managed frameworks such as Apache Hadoop YARN or Kubernetes. Enterprise Gateway introduces these capabilities by extending the existing class hierarchies for KernelManager and MultiKernelManager classes, along with an additional abstraction known as a process proxy.

Overview

At its basic level, a running kernel consists of two components for its communication - a set of ports and a process.

Kernel Ports

The first component is a set of five zero-MQ ports used to convey the Jupyter protocol between the Notebook and the underlying kernel. In addition to the 5 ports, is an IP address, a key, and a signature scheme indicator used to interpret the key. These eight pieces of information are conveyed to the kernel via a json file, known as the connection file.

In today’s Jupyter Kernel Gateway implementation, the IP address must be a local IP address meaning that the kernel cannot be remote from the kernel gateway. The enforcement of this restriction is down in the jupyter_client module - two levels below JKG.

This component is the core communication mechanism between the Notebook and the kernel. All aspects, including life-cycle management, can occur via this component. The kernel process (below) comes into play only when port-based communication becomes unreliable or additional information is required.

Kernel Process

When a kernel is launched, one of the fields of the kernel’s associated kernel specification is used to identify a command to invoke. In today’s implementation, this command information, along with other environment variables (also described in the kernel specification), is passed to popen() which returns a process class. This class supports four basic methods following its creation:

  1. poll() to determine if the process is still running

  2. wait() to block the caller until the process has terminated

  3. send_signal(signum) to send a signal to the process

  4. kill() to terminate the process

As you can see, other forms of process communication can be achieved by abstracting the launch mechanism.

Kernel Specifications

The primary vehicle for indicating a given kernel should be handled in a different manner is the kernel specification, otherwise known as the kernel spec. Enterprise Gateway leverages the natively extensible metadata stanza to introduce a new stanza named process_proxy.

The process_proxy stanza identifies the class that provides the kernel’s process abstraction (while allowing for future extensions). This class then provides the kernel’s lifecycle management operations relative to the managed resource or functional equivalent.

Here’s an example of a kernel specification that uses the DistributedProcessProxy class for its abstraction:

{
  "language": "scala",
  "display_name": "Spark - Scala (YARN Client Mode)",
  "metadata": {
    "process_proxy": {
      "class_name": "enterprise_gateway.services.processproxies.distributed.DistributedProcessProxy"
    }
  },
  "env": {
    "SPARK_HOME": "/usr/hdp/current/spark2-client",
    "__TOREE_SPARK_OPTS__": "--master yarn --deploy-mode client --name ${KERNEL_ID:-ERROR__NO__KERNEL_ID}",
    "__TOREE_OPTS__": "",
    "LAUNCH_OPTS": "",
    "DEFAULT_INTERPRETER": "Scala"
  },
  "argv": [
    "/usr/local/share/jupyter/kernels/spark_scala_yarn_client/bin/run.sh",
    "--RemoteProcessProxy.kernel-id",
    "{kernel_id}",
    "--RemoteProcessProxy.response-address",
    "{response_address}"
  ]
}

See the Process Proxy section for more details on process proxies and those provided as part of the Enterprise Gateway release.

Remote Mapping Kernel Manager

RemoteMappingKernelManager is a subclass of Notebook’s MappingKernelManager and provides two functions.

  1. It provides the vehicle for making the RemoteKernelManager class known and available.

  2. It overrides start_kernel to look at the target kernel’s kernel spec to see if it contains a remote process proxy class entry. If so, it records the name of the class in its member variable to be made avaiable to the kernel start logic.

Remote Kernel Manager

RemoteKernelManager is a subclass of jupyter_client’s IOLoopKernelManager class and provides the primary integration points for remote process proxy invocations. It implements a number of methods which allow Enterprise Gateway to circumvent functionality that might otherwise be prevented. As a result, some of these overrides may not be necessary if lower layers of the Jupyter framework were modified. For example, some methods are required because Jupyter makes assumptions that the kernel process is local.

Its primary functionality, however, is to override the _launch_kernel method (which is the method closest to the process invocation) and instantiates the appropriate process proxy instance - which is then returned in place of the process instance used in today’s implementation. Any interaction with the process then takes place via the process proxy.

Both RemoteMappingKernelManager and RemoteKernelManager class definitions can be found in remotemanager.py

Process Proxy

Process proxy classes derive from the abstract base class BaseProcessProxyABC - which defines the four basic process methods. There are two immediate subclasses of BaseProcessProxyABC - LocalProcessProxy and RemoteProcessProxy.

LocalProcessProxy is essentially a pass-through to the current implementation. KernelSpecs that do not contain a process_proxy stanza will use LocalProcessProxy.

RemoteProcessProxy is an abstract base class representing remote kernel processes. Currently, there are six built-in subclasses of RemoteProcessProxy

  • DistributedProcessProxy - largely a proof of concept class, DistributedProcessProxy is responsible for the launch and management of kernels distributed across and explicitly defined set of hosts using ssh. Hosts are determined via a round-robin algorithm (that we should make pluggable someday).

  • YarnClusterProcessProxy - is responsible for the discovery and management of kernels hosted as yarn applications within a YARN-managed cluster.

  • KubernetesProcessProxy - is responsible for the discovery and management of kernels hosted within a Kubernetes cluster.

  • DockerSwarmProcessProxy - is responsible for the discovery and management of kernels hosted within a Docker Swarm cluster.

  • DockerProcessProxy - is responsible for the discovery and management of kernels hosted within Docker configuration. Note: because these kernels will always run local to the corresponding Enterprise Gateway instance, these process proxies are of limited use.

  • ConductorClusterProcessProxy - is responsible for the discovery and management of kernels hosted within an IBM Spectrum Conductor cluster.

You might notice that the last five process proxies do not necessarily control the launch of the kernel. This is because the native jupyter framework is utilized such that the script that is invoked by the framework is what launches the kernel against that particular resource manager. As a result, the startup time actions of these process proxies is more about discovering where the kernel landed within the cluster in order to establish a mechanism for determining lifetime. Discovery typically consists of using the resource manager’s API to locate the kernel who’s name includes its kernel ID in some fashion.

On the other hand, the DistributedProcessProxy essentially wraps the kernelspec argument vector (i.e., invocation string) in a remote shell since the host is determined by Enterprise Gateway, eliminating the discovery step from its implementation.

These class definitions can be found in the processproxies package. However, Enterprise Gateway is architected such that additonal process proxy implementations can be provided and are not required to be located within the Enterprise Gateway hierarchy - i.e., we embrace a bring your own process proxy model.

Process Class Hierarchy

The process proxy constructor looks as follows:

def __init__(self, kernel_manager, proxy_config):

where

  • kernel_manager is an instance of a RemoteKernelManager class.

  • proxy_config is a dictionary of configuration values present in the kernel spec’s json file. These values can be used to override or amend various global configuration values on a per-kernel basis. See Process Proxy Configuration for more information.

@abstractmethod
def launch_process(self, kernel_cmd, *kw):

where

  • kernel_cmd is a list (argument vector) that should be invoked to launch the kernel. This parameter is an artifact of the kernel manager _launch_kernel() method.

  • **kw is a set key-word arguments which includes an env dictionary element consisting of the names and values of which environment variables to set at launch time.

The launch_process() method is the primary method exposed on the Process Proxy classes. It’s responsible for performing the appropriate actions relative to the target type. The process must be in a running state prior to returning from this method - otherwise attempts to use the connections will not be successful since the (remote) kernel needs to have created the sockets.

All process proxy subclasses should ensure BaseProcessProxyABC.launch_process() is called - which will automatically place a variable named KERNEL_ID (consisting of the kernel’s unique ID) into the corresponding kernel’s environment variable list since KERNEL_ID is a primary mechanism for associating remote applications to a specific kernel instance.

def poll(self):

The poll() method is used by the Jupyter framework to determine if the process is still alive. By default, the framework’s heartbeat mechanism calls poll() every 3 seconds. This method returns None if the process is still running, False otherwise (per the popen() contract).

def wait(self):

The wait() method is used by the Jupyter framework when terminating a kernel. Its purpose is to block return to the caller until the process has terminated. Since this could be a while, its best to return control in a reasonable amount of time since the kernel instance is destroyed anyway. This method does not return a value.

def send_signal(self, signum):

The send_signal() method is used by the Jupyter framework to send a signal to the process. Currently, SIGINT (2) (to interrupt the kernel) is the signal sent.

It should be noted that for normal processes - both local and remote - poll() and kill() functionality can be implemented via send_signal with signum values of 0 and 9, respectively.

This method returns None if the process is still running, False otherwise.

def kill(self):

The kill() method is used by the Jupyter framework to terminate the kernel process. This method is only necessary when the request to shutdown the kernel - sent via the control port of the zero-MQ ports - does not respond in an appropriate amount of time.

This method returns None if the process is killed successfully, False otherwise.

RemoteProcessProxy

As noted above, RemoteProcessProxy is an abstract base class that derives from BaseProcessProxyABC. Subclasses of RemoteProcessProxy must implement two methods - confirm_remote_startup() and handle_timeout():

@abstractmethod
def confirm_remote_startup(self, kernel_cmd, **kw):

where

  • kernel_cmd is a list (argument vector) that should be invoked to launch the kernel. This parameter is an artifact of the kernel manager _launch_kernel() method.

  • **kw is a set key-word arguments.

confirm_remote_startup() is responsible for detecting that the remote kernel has been appropriately launched and is ready to receive requests. This can include gather application status from the remote resource manager but is really a function of having received the connection information from the remote kernel launcher. (See Kernel Launchers)

@abstractmethod
def handle_timeout(self):

handle_timeout() is responsible for detecting that the remote kernel has failed to startup in an acceptable time. It should be called from confirm_remote_startup(). If the timeout expires, handle_timeout() should throw HTTP Error 500 (Internal Server Error).

Kernel launch timeout expiration is expressed via the environment variable KERNEL_LAUNCH_TIMEOUT. If this value does not exist, it defaults to the Enterprise Gateway process environment variable EG_KERNEL_LAUNCH_TIMEOUT - which defaults to 30 seconds if unspecified. Since all KERNEL_ environment variables “flow” from NB2KG, the launch timeout can be specified as a client attribute of the Notebook session.

YarnClusterProcessProxy

As part of its base offering, Enterprise Gateway provides an implementation of a process proxy that communicates with the YARN resource manager that has been instructed to launch a kernel on one of its worker nodes. The node on which the kernel is launched is up to the resource manager - which enables an optimized distribution of kernel resources.

Derived from RemoteProcessProxy, YarnClusterProcessProxy uses the yarn-api-client library to locate the kernel and monitor its life-cycle. However, once the kernel has returned its connection information, the primary kernel operations naturally take place over the ZeroMQ ports.

This process proxy is reliant on the --EnterpriseGatewayApp.yarn_endpoint command line option or the EG_YARN_ENDPOINT environment variable to determine where the YARN resource manager is located. To accommodate increased flexibility, the endpoint definition can be defined within the process proxy stanza of the kernelspec, enabling the ability to direct specific kernels to different YARN clusters.

In cases where the YARN cluster is configured for high availability, then the --EnterpriseGatewayApp.alt_yarn_endpoint command line option or the EG_ALT_YARN_ENDPOINT environment variable should also be defined. When set, the underlying yarn-api-client library will choose the active Resource Manager between the two.

In cases where the YARN cluster is configured for high availability, then the --EnterpriseGatewayApp.alt_yarn_endpoint command line option or the EG_ALT_YARN_ENDPOINT environment variable should also be defined. When set, the underlying yarn-api-client library will choose the active Resource Manager between the two.

Note: If Enterprise Gateway is running on an edge node of the YARN cluster and has a valid yarn-site.xml file in HADOOP_CONF_DIR, neither of these values are required (default = None). In such cases, the yarn-api-client library will choose the active Resource Manager from the configuration files.

See Enabling YARN Cluster Mode Support for details.

DistributedProcessProxy

Like YarnClusterProcessProxy, Enterprise Gateway also provides an implementation of a basic round-robin remoting mechanism that is part of the DistributedProcessProxy class. This class uses the --EnterpriseGatewayApp.remote_hosts command line option (or EG_REMOTE_HOSTS environment variable) to determine on which hosts a given kernel should be launched. It uses a basic round-robin algorithm to index into the list of remote hosts for selecting the target host. It then uses ssh to launch the kernel on the target host. As a result, all kernelspec files must reside on the remote hosts in the same directory structure as on the Enterprise Gateway server.

It should be noted that kernels launched with this process proxy run in YARN client mode - so their resources (within the kernel process itself) are not managed by the YARN resource manager.

Like the yarn endpoint parameter the remote_hosts parameter can be specified within the process proxy configuration to override the global value - enabling finer-grained kernel distributions.

See Enabling YARN Client Mode or Spark Standalone Support for details.

KubernetesProcessProxy

With the popularity of Kubernetes within the enterprise, Enterprise Gateway now provides an implementation of a process proxy that communicates with the Kubernetes resource manager via the Kubernetes API. Unlike the other offerings, in the case of Kubernetes, Enterprise Gateway is itself deployed within the Kubernetes cluster as a Service and Deployment. The primary vehicle by which this is accomplished is via the enterprise-gateway.yaml file that contains the necessary metadata to define its deployment.

See Enabling Kubernetes Support for details.

DockerSwarmProcessProxy

Enterprise Gateway provides an implementation of a process proxy that communicates with the Docker Swarm resource manager via the Docker API. When used, the kernels are launched as swarm services and can reside anywhere in the managed cluster. To leverage kernels configured in this manner, Enterprise Gateway can be deployed either as a Docker Swarm service or a traditional Docker container.

A similar DockerProcessProxy implementation has also been provided. When used, the corresponding kernel will be launched as a traditional docker container that runs local to the launching Enterprise Gateway instance. As a result, its use has limited value.

See Enabling Docker Swarm Support for details.

ConductorClusterProcessProxy

Enterprise Gateway also provides an implementation of a process proxy that communicates with an IBM Spectrum Conductor resource manager that has been instructed to launch a kernel on one of its worker nodes. The node on which the kernel is launched is up to the resource manager - which enables an optimized distribution of kernel resources.

Derived from RemoteProcessProxy, ConductorClusterProcessProxy uses Conductor’s REST-ful API to locate the kernel and monitor its life-cycle. However, once the kernel has returned its connection information, the primary kernel operations naturally take place over the ZeroMQ ports.

This process proxy is reliant on the --EnterpriseGatewayApp.conductor_endpoint command line option or the EG_CONDUCTOR_ENDPOINT environment variable to determine where the Conductor resource manager is located.

See Enabling IBM Spectrum Conductor Support for details.

Process Proxy Configuration

Each kernel.json’s process-proxy stanza can specify an optional config stanza that is converted into a dictionary of name/value pairs and passed as an argument to the each process-proxy constructor relative to the class identified by the class_name entry.

How each dictionary entry is interpreted is completely a function of the constructor relative to that process-proxy class or its super-class. For example, an alternate list of remote hosts has meaning to the DistributedProcessProxy but not to its super-classes. As a result, the super-class constructors will not attempt to interpret that value.

In addition, certain dictionary entries can override or amend system-level configuration values set on the command-line, thereby allowing administrators to tune behaviors down to the kernel level. For example, an administrator might want to constrain python kernels configured to use specific resources to an entirely different set of hosts (and ports) that other remote kernels might be targeting in order to isolate valuable resources. Similarly, an administrator might want to only authorize specific users to a given kernel.

In such situations, one might find the following process-proxy stanza:

{
  "metadata": {
    "process_proxy": {
      "class_name": "enterprise_gateway.services.processproxies.distributed.DistributedProcessProxy",
      "config": {
        "remote_hosts": "priv_host1,priv_host2",
        "port_range": "40000..41000",
        "authorized_users": "bob,alice"
      }
    }
  }
}

In this example, the kernel associated with this kernel.json file is relegated to hosts priv_host1 and priv_host2 where kernel ports will be restricted to a range between 40000 and 41000 and only users bob and alice can launch such kernels (provided neither appear in the global set of unauthorized_users since denial takes precedence).

For a current enumeration of which system-level configuration values can be overridden or amended on a per-kernel basis see Per-kernel Configuration Overrides.

Kernel Launchers

As noted above a kernel is considered started once the launch_process() method has conveyed its connection information back to the Enterprise Gateway server process. Conveyance of connection information from a remote kernel is the responsibility of the remote kernel launcher.

Kernel launchers provide a means of normalizing behaviors across kernels while avoiding kernel modifications. Besides providing a location where connection file creation can occur, they also provide a ‘hook’ for other kinds of behaviors - like establishing virtual environments or sandboxes, providing collaboration behavior, adhering to port range restrictions, etc.

There are four primary tasks of a kernel launcher:

  1. Creation of the connection file and ZMQ ports on the remote (target) system along with a gateway listener socket

  2. Conveyance of the connection (and listener socket) information back to the Enterprise Gateway process

  3. Invocation of the target kernel

  4. Listen for interrupt and shutdown requests from Enterprise Gateway and carry out the action when appropriate

Kernel launchers are minimally invoked with two parameters (both of which are conveyed by the argv stanza of the corresponding kernel.json file) - the kernel’s ID as created by the server and conveyed via the placeholder {kernel_id} and a response address consisting of the Enterprise Gateway server IP and port on which to return the connection information similarly represented by the placeholder {response_address}.

The kernel’s id is identified by the parameter --RemoteProcessProxy.kernel-id. Its value ({kernel_id}) is essentially used to build a connection file to pass to the to-be-launched kernel, along with any other things - like log files, etc.

The response address is identified by the parameter --RemoteProcessProxy.response-address. Its value ({response_address}) consists of a string of the form <IPV4:port> where the IPV4 address points back to the Enterprise Gateway server - which is listening for a response on the provided port.

Here’s a kernel.json file illustrating these parameters…

{
  "language": "python",
  "display_name": "Spark - Python (YARN Cluster Mode)",
  "metadata": {
    "process_proxy": {
      "class_name": "enterprise_gateway.services.processproxies.yarn.YarnClusterProcessProxy"
    }
  },
  "env": {
    "SPARK_HOME": "/usr/hdp/current/spark2-client",
    "SPARK_OPTS": "--master yarn --deploy-mode cluster --name ${KERNEL_ID:-ERROR__NO__KERNEL_ID} --conf spark.yarn.submit.waitAppCompletion=false",
    "LAUNCH_OPTS": ""
  },
  "argv": [
    "/usr/local/share/jupyter/kernels/spark_python_yarn_cluster/bin/run.sh",
    "--RemoteProcessProxy.kernel-id",
    "{kernel_id}",
    "--RemoteProcessProxy.response-address",
    "{response_address}"
  ]
}

Other options supported by launchers include:

  • --RemoteProcessProxy.port-range {port_range} - passes configured port-range to launcher where launcher applies that range to kernel ports. The port-range may be configured globally or on a per-kernelspec basis, as previously described.

  • --RemoteProcessProxy.spark-context-initialization-mode [lazy|eager|none] - indicates the timeframe in which the spark context will be created.

    • lazy (default) attempts to defer initialization as late as possible - although can vary depending on the underlying kernel and launcher implementation.

    • eager attempts to create the spark context as soon as possible.

    • none skips spark context creation altogether.

    Note that some launchers may not be able to support all modes. For example, the scala launcher uses the Toree kernel - which currently assumes a spark context will exist. As a result, a mode of none doesn’t apply. Similarly, the lazy and eager modes in the Python launcher are essentially the same, with the spark context creation occurring immediately, but in the background thereby minimizing the kernel’s startup time.

Kernel.json files also include a LAUNCH_OPTS: section in the env stanza to allow for custom parameters to be conveyed in the launcher’s environment. LAUNCH_OPTS are then referenced in the run.sh script as the initial arguments to the launcher (see launch_ipykernel.py) …

eval exec \
     "${SPARK_HOME}/bin/spark-submit" \
     "${SPARK_OPTS}" \
     "${PROG_HOME}/scripts/launch_ipykernel.py" \
     "${LAUNCH_OPTS}" \
     "$@"

Extending Enterprise Gateway

Theoretically speaking, enabling a kernel for use in other frameworks amounts to the following:

  1. Build a kernel specification file that identifies the process proxy class to be used.

  2. Implement the process proxy class such that it supports the four primitive functions of poll(), wait(), send_signal(signum) and kill() along with launch_process().

  3. If the process proxy corresponds to a remote process, derive the process proxy class from RemoteProcessProxy and implement confirm_remote_startup() and handle_timeout().

  4. Insert invocation of a launcher (if necessary) which builds the connection file and returns its contents on the {response_address} socket.