Skip to main content

Architecture

Bootstrap

When starting FlowG, it sets up a single-node cluster automatically. Every node in the cluster needs a unique identifier. If none is given, a random one will be generated.

You can tell your instance to join an existing cluster by indicating the name of the node to join, and its management endpoint.

NB: Automatic cluster formation is planned via:

  • Kubernetes headless Service resource
  • Consul's service mesh
  • DNS discovery

Here is an example of how to start a 3-nodes cluster:

flowg-server \
  --cluster-node-id flowg-node0 \
  --auth-dir ./data/node0/auth \
  --log-dir ./data/node0/logs \
  --config-dir ./data/node0/config \
  --http-bind 127.0.0.1:5080 \
  --mgmt-bind 127.0.0.1:9113 \
  --syslog-bind 127.0.0.1:5514 &

flowg-server \
  --cluster-node-id flowg-node1 \
  --cluster-join-node-id flowg-node0 \
  --cluster-join-endpoint http://localhost:9113 \
  --auth-dir ./data/node1/auth \
  --log-dir ./data/node1/logs \
  --config-dir ./data/node1/config \
  --http-bind 127.0.0.1:5081 \
  --mgmt-bind 127.0.0.1:9114 \
  --syslog-bind 127.0.0.1:5515 &

flowg-server \
  --cluster-node-id flowg-node2 \
  --cluster-join-node-id flowg-node1 \
  --cluster-join-endpoint http://localhost:9114 \
  --auth-dir ./data/node2/auth \
  --log-dir ./data/node2/logs \
  --config-dir ./data/node2/config \
  --http-bind 127.0.0.1:5082 \
  --mgmt-bind 127.0.0.1:9115 \
  --syslog-bind 127.0.0.1:5516 &

NB: Don't use & to run FlowG in the background, this is just an example.

You can also enable authentication between nodes by using a secret key that each node requires:

cookie=$(openssl rand -hex 32)

flowg-server \
  --cluster-node-id flowg-node0 \
  --cluster-cookie ${cookie} \
  --auth-dir ./data/node0/auth \
  --log-dir ./data/node0/logs \
  --config-dir ./data/node0/config \
  --http-bind 127.0.0.1:5080 \
  --mgmt-bind 127.0.0.1:9113 \
  --syslog-bind 127.0.0.1:5514 &

flowg-server \
  --cluster-node-id flowg-node1 \
  --cluster-cookie ${cookie} \
  --cluster-join-node-id flowg-node0 \
  --cluster-join-endpoint http://localhost:9113 \
  --auth-dir ./data/node1/auth \
  --log-dir ./data/node1/logs \
  --config-dir ./data/node1/config \
  --http-bind 127.0.0.1:5081 \
  --mgmt-bind 127.0.0.1:9114 \
  --syslog-bind 127.0.0.1:5515 &

flowg-server \
  --cluster-node-id flowg-node2 \
  --cluster-cookie ${cookie} \
  --cluster-join-node-id flowg-node1 \
  --cluster-join-endpoint http://localhost:9114 \
  --auth-dir ./data/node2/auth \
  --log-dir ./data/node2/logs \
  --config-dir ./data/node2/config \
  --http-bind 127.0.0.1:5082 \
  --mgmt-bind 127.0.0.1:9115 \
  --syslog-bind 127.0.0.1:5516 &

Here is a diagram of the bootstrap process:

Transport Endpoints

The protocol is provided on top of FlowG's HTTP management interface:

Cluster Status

Description: Return the currently known local cluster mesh.

GET /cluster/nodes
ResponseWhen
200 OKOn success
500 Internal Server ErrorOn failure

Example:

{
  "nodes": [
    {
      "node-id": "flowg-node0",
      "endpoint": "http://<private ip address>:9113"
    },
    {
      "node-id": "flowg-node1",
      "endpoint": "http://<private ip address>:9114"
    },
    {
      "node-id": "flowg-node2",
      "endpoint": "http://<private ip address>:9115"
    }
  ]
}
Gossip (Packet mode)

Description: Endpoint used by the SWIM protocol to exchange notifications.

POST /cluster/gossip
Origin: <node endpoint url>
X-FlowG-ClusterKey: <optional cluster cookie>
ResponseWhen
202 AcceptedOn success
400 Bad RequestThe Origin header identifying the node who originated the request
401 UnauthorizedThe node requires authentification, and the X-FlowG-ClusterKey header was invalid
500 Internal Server ErrorOn failure
Gossip (stream mode)

Description: Bidirectional endpoint used by the SWIM protocol to exchange data.

POST /cluster/gossip
Upgrade: flowg
X-FlowG-ClusterKey: <optional cluster cookie>
ResponseWhen
101 Switching ProtocolsThe connection has been accepted, and the socket will be used for bi-directional exchange
501 Not ImplementedThe server does not support hijacking the socket, maybe there is a Reverse Proxy in between?
401 UnauthorizedThe node requires authentification, and the X-FlowG-ClusterKey header was invalid
500 Internal Server ErrorOn failure