2024-04-12 Sys Ops & Management SIG Agenda and Meeting notes

New: Responses to the feedback . Posted April 10 by Craig:

Architectural PoC Preview Feedback

Meeting Notes April 12:

IKuss: Is the open source version of Kong enough for library production use ?
Nils: Sees concerns whether Kong remains opensource

IKuss: A graphical administrative UI is a good point/argument
Nils: ..if it also/still allows scripting
Florian Kreft: Metrics can be useful/Okapi has some means of metric, too
Ghassen Taijini: (Missing) features don't seem to be a major effort to be implemented in Okapi
FKref: Switching to Kong has the possibility of being funneled towards the commerial product losing / Okapi remains OpenSource
FGlei: keycloak and authentication : changing to a role based authentication was the main reason to go to Keycloak / Kong supports that
FGlei: Modules take over authentication responsibility
FKref: [After a look into the mgr-applications repo] (mgr-applications apparently is a module that makes avaiability checks)
Ghassen Taijini / Ingolf: Introducing complexity with several sidecards and Kong as an Okapi replacement doesn't seem to be justified
Nils: IndexData has interest and an incentive to bring forward FOLIO hence also bring forward Okapi. An open source community of Kong might not

Old:

the FOLIO Architectural PoC Review Feedback will serve as a mechanism to provide feedback and questions

Some reported API calls which will "break on the new platform": MODSIDECAR-13: Options for handling modules which call OKAPI

Looking at architectural proof-of-concept:

• Keycloak - replace home-grown auth. https://www.keycloak.org/guides ,  Guides set-up via Kubernetes or Docker environments.
• Kong Gateway - https://docs.konghq.com/gateway/latest/get-started/, create service not in Kubernetes, existing Helm charts.

Notes 2024/03/15:

• What is the reason for Kong gateway vs. Okapi
• Ingolf: have heard from more than one place, that speed is an issue. Okapi knowingly slow in migrations (was "bottlneck" in Jeremy's AirFlow Migration scenario). Also heard from GoKB people, that harvesting data from GoKB is slow ("would take 3 to 4 weeks"), mainly because all data go through Okapi.
• Jeremy: But license issue for Kong is unsolved.
• Uwe: There is a "published version" of Kong; code is published, but may not be modified. Ingolf: Heard from Julian and others that we need commercial version of Kong if we want to serve our libraries.
• Uwe: There are alternatives to Kong, for example tyk. Why have those not been taken into account (or have they?) https://tyk.io/tyk-vs-kong/
• Uwe: Sidecars module seem to be in late stages of development; for me this is more than a "Proof of Concept". Has this all been discussed in the TC ?
• Uwe: Sidecars solves the "bottleneck" issue (of data going all thru a gateway) by using direct inter-module communication
• Ingolf: What will replace the registration of the modules at Okapi ? Will there be a central registration at all ??
• Uwe: The Manager component mgr-tenant-entitlement will be the piece of software that will take that place. See here:
  • MODSIDECAR-13: Options for handling modules which call OKAPI

  • Okapi interface provision using mgr-components

    mgr-tenant-entitlement

    mgr-applications

  • the entitlement module is a request broker, but in a centralised way.
  • All components described here (Sidecar, Keycloak and the manager components) seem to be developed beyond a stage of "proof of concept".

Notes 2024/03/22:

• Will Kong replace Okapi or will Sys Ops have an option to choose between Okapi and Kong ?
• Will Okapi still be maintained by IndexData ?

Sidecars:

• Jason: I see some advantages for that. You'll get less bottlenecking from the gateway. All modules now have a Kafka plugin.
• At the moment, many modules have to communicate through the API gateway. I.e. 8 modules for inventory.
• Florian: Maybe module boundaries should be redrawn.
• Jason: Probably sidecars are intermediate

Okapi as bottleneck:

• For some applications like ERM, Okapi isn't the bottleneck. Adding database indexes did enhances performance greatly.

POC:

• No documentation.
• Architectural description missing.
• Kong is in place, but unclear if modifications are necessary to get FOLIO working with Kong
• Functionality built in in Okapi has to be transferred to extra modules - the Manager modules.
• Uwe: According to the diagram https://github.com/folio-org/folio-module-sidecar?tab=readme-ov-file#security, sidecars seems to introduce more complexity for inter-module-communcation than Okapi does. But that complexity is there for authentication and inter-module communication.
• Sidecar handles token-retrieval; it's more the solution to a problem. The problem itself is authetication.
• There is no authentication piece in Okapi. You have to add mod-authtoken. So if Okapi goes away, we need some other way to handle this.
• Can we use Kong, Tyk, maybe some other gateway like nginx ?? They don't have a license issue.
• Why did they use this gateway for the PoC ?
• There is no users module built-in for Okapi. There is a built-in supertenant. There is no permissions, users and authentication-module. Hence the reason for the Sidecars.

A few exciting updates to share for WOLFcon 2024:Call for Proposals Now Open:

 Got ideas about open-source to share? Talk about it at WOLFcon.

 Submit a presentation, panel, short talk, or pre-conference workshop. The deadline for submissions is March 31, 2024.

 Submit a session here.

  Early Bird Registration Now Open: Join us at Senate House, University of London. September 24-26, 2024. 

 Register now through July 31, 2024 for an early bird discounted rate

 .Learn more about WOLFcon 2024: Want to learn more about the Open Library Foundation and WOLFcon? Be sure to visit our website where you can learn more about the foundation, members projects, communities, and the annual conference.

Submissions for SysOps presentation, panel, short talk or pre-conference workshop? Have a SysOps session or talk, could be hybrid.

Notes 2024/03/15

• no progress today due to low audience (Uwe only signed in as a "guest"). Will resume discussion next week.

Notes 2024/03/22

• Jeremy and Florian Kreft expect to attend in person. Jason, Ingolf: still uncertain.
• A session on data migration could be of interest. New folks may now how to deploy, but still data migration is an issue
  
• Maybe a hands-on demo of deployment; could be with Ansible

Notes 2024/04/12

No news. Haven't submitted a session, yet. The submittal deadline has been extended til the end of this month. Unlcear, if some of us wants to present and moderate a session on-site. How to present the data migration topic ? Jeremy is bound with a day-long pre-conference workshop on AI which he leads. → Deferred to next meeting.