VPN/container env script and process enhance
As a user (more precisely: IT team(s) deploying an instance of Fed-BioMed for the real clinical/researcher/data-scientist end-user) i want better script/packaging so as to deploy more easily a Fed-BioMed instance using VPN/container env.
- This comes as a followup of #138 (closed) (
fedbiomed_vpn
script). - Target scenario to simplify is the one from
fedbiomed/fedbiomed.gitlabpages.inria.fr
VPN/container deployment tutorialdocs/user-guide/deployment/deployment-vpn.md
.
WIP tasks list for process:
-
[ ] updatedone in #448docker-compose
to v2.x (newer version of docker come with a 2.xdocker compose
; standalone compose install is being abandonned https://docs.docker.com/compose/install/ ) -
use a dedicated (bridge) network instead of the default bridge
-
consider replacing wireguard implementation boringtun by a more widely adopted/distributed (through package manager) implementation ( wireguard
,wireguard-go
)
WIP tasks list for env script:
-
add support for GPU -
add fedbiomed_vpn configure node NODETAG
(currently you can't specify NODETAG, "node1" is hardcoded, so it is not usable for multiple nodes deployment) -
(optional, requires modifying GUI) modify GUI so that it can be launched when no ${FEDBIOMED_DIR}/etc/config_node.ini
exists (eg: periodic retries to see ifconfig_node.ini
was created) -
modify fedbiomed_vpn start
(at leastfedbiomed_vpn start node
: test ifvpnserver
container is running. If not, write message "vpnserver not on this machine, register node public key from file xxx on vpnserver" -
(also requires modifying configure_peer.py genconf
, entrypoint scripts, etc.) addMQTT_BROKER(_PORT)
andUPLOADS_URL
toconfig.env
file- goal: auto-transmit infos from vpnserver to containers
-
modify fedbiomed_vpn {node,researcher}
to useMQTT_BROKER(_PORT)
andUPLOADS_URL
fromconfig.env
(don't try to guess them anymore) -
add fedbiomed_vpn run {node,researcher}
to run arbitry command in the container as the user ($(id -u)
) eg-
fedbiomed_vpn run node bash
for interactive session fedbiomed_vpn run node uname -a
-
-
add support for handling node ( fedbiomed_run node start
) as a service in the node container- plus add
fedbiomed_vpn node-service {start,stop,status}
for using it easily (connect to container as root and launch service as user)
- plus add
-
add a fedbiomed_vpn certificate-oneclone-setup
wizard for configuring secagg certificates in the case researcher + 2 nodes are running in the same clone -
optionally implement #521 for nicer handling of multiple nodes on one machine
Edited by VESIN Marc