Cortex Operations
Docker Deployment
A Cortex may be quickly deployed using pre-built docker containers which are built with each Synapse release.
The Cortex docker container is configured to allocate all local storage within the directory /vertex/storage
which
may be mapped in as a volume.
Note
It is strongly recommended that production deployments specify a specific container version such as vertexproject/synapse-cortex:v2.4.0
to make version updates an opt-in behavior.
The following example docker-compose.yml file will execute a cortex with an external storage volume mapped and ports mapped to expose the Cortex:
services:
core_000:
environment:
- SYN_LOG_LEVEL=DEBUG
- SYN_CORTEX_AUTH_PASSWD=secret
image: vertexproject/synapse-cortex:master
ports:
- 443:4443
- 27492:27492
volumes:
- ./core_000:/vertex/storage
version: '3'
Note
The SYN_CORTEX_AUTH_PASSWD
environment variable or auth:passwd
key in cell.yaml
will initialize the password
for the root
user. Additional custom Cortex configuration may be done via additional environment variables or
options within the cell.yaml
.
You can now connect to the Cortex using the cmdr
tool:
python -m synapse.tools.cmdr tcp://root:secret@localhost:27492
Storm Query Logging
The Cortex can be configured to log Storm queries executed by users. This is done by setting the storm:log
and
storm:log:level
configuration options ( Cortex Configuration Options ). The storm:log:level
option may be one of
DEBUG
, INFO
, WARNING
, ERROR
, CRITICAL
; or as a corresponding Python logging log level as an
integer value. This allows an organization to set what log level their Storm queries are logged at.
When enabled, the log message contains the query text and username:
2021-06-28 16:17:55,775 [INFO] Executing storm query {inet:ipv4=1.2.3.4} as [root] [cortex.py:_logStormQuery:MainThread:MainProcess]
When structured logging is also enabled for a Cortex, the query text, username, and user iden are included as individual fields in the logged message as well:
{
"message": "Executing storm query {inet:ipv4=1.2.3.4} as [root]",
"logger": {
"name": "synapse.storm",
"process": "MainProcess",
"filename": "cortex.py",
"func": "_logStormQuery"
},
"level": "INFO",
"time": "2021-06-28 16:18:47,232",
"text": "inet:ipv4=1.2.3.4",
"username": "root",
"user": "3189065f95d3ab0a6904e604260c0be2"
}
This logging does interplay with the underlying Cell log configuration ( Cell Logging ). The
storm:log:level
value must be greater than or equal to the base log level of the Cell, otherwise the Storm log will
not be emitted.
Configuring A Mirror
A Cortex mirror replicates an entire Cortex to another host allowing it to act as a parallel query execution engine or hot-spare. Mirrors may be created in “tree” configurations where one mirror is used to synchronize several downstream mirrors to offload replication load from the main Cortex. Additionally, Cortex mirrors support write-back, allowing the mirror to appear to be read-write by passing edits to the upstream Cortex and awaiting synchronization to apply the change locally.
To deploy a Cortex mirror, you must first ensure that the nexuslog:en
setting on your Cortex is enabled in cell.yaml
.
This is enabled by default, but may be disabled in some high-performance custom configurations. The initial state of a
mirror is created by creating a backup of the Cortex using the standard synapse service backup tool:
python -m synapse.tools.backup /path/to/cortex /path/to/mirror/cortex
A single backup may be copied multiple times to deploy several mirrors. Once the backup is created, edit the cell.yaml
of the new mirror to include a telepath URL to the upstream Cortex:
mirror: "tcp://user:passwd@cortexhost/"
Note
The telepath URL must contain a valid user/password with global admin priviledges on the upstream Cortex.
Once the mirror
option is configured, the new mirror Cortex may be deployed normally and will stay synchronized
in near real-time provided it can maintain the network link.
Configuring A Remote Axon
By default a Cortex will initialize a local Axon for general object / blob storage. This allows certain Cortex functionality to work without additional configuration. The local Axon is not exposed in a remote fashion.
An Axon can instead be deployed as a remote server (see Axon Operations) and the Cortex can be configured to be aware
of it, by specifying the Axon’s Telepath URL in the axon
configuration parameter (see Cortex Configuration Options).
For example, if the remote Axon is listening on port 27592
, and has a service user core00
, then the
Cortex cell.yaml
file could have the following configuration:
---
axon: tcp://core00:secret@<axon_host_ip>:27592
...
For interacting with byte storage inside of Storm, see $lib.bytes for APIs related to interacting with the Axon.
Configuring a Mirrored Layer
A Cortex may be configured to mirror a layer from a remote Cortex which will synchronize all edits from the remote layer and use write-back support to facilitate edits originating from the downstream layer. The mirrored layer will be an exact copy of the layer on the remote system including all edit history and will only allow changes which are first sent to the upstream layer.
When configuring a mirrored layer, you may choose to mirror from a remote layer or from the top layer of a remote view. If you choose to mirror from the top layer of a remote view, that view will have the opportunity to fire triggers and enforce model constraints on the changes being provided by the mirrored layer.
To specify a remote layer as the upstream, use a Telepath URL which includes the shared object */layer/<layeriden>
such as
tcp://cortex.vertex.link/*/layer/8ea600d1732f2c4ef593120b3226dea3
. To specify a remote view, use the shared object
*/view/<viewiden>
such as tcp://cortex.vertex.link/*/view/8ea600d1732f2c4ef593120b3226dea3
.
When you specify a --mirror
option to the layer.add
command or within a layer definition provided to the $lib.layer.add()
Storm API the telepath URL will not be checked. This allows configuration of a remote layer or view which is not yet provisioned
or is currently offline.
Note
To allow write access, the telepath URL must allow admin access to the remote Cortex due to being able to fabricate edit origins. The telepath URL may use aliased names or TLS client side certs to prevent credential disclosure.
Once a mirrored layer is configured, it will need to stream down the entire history of events from the upstream layer. During
this process, the layer will be readable but writes will hang due to needing to await the write-back to be fully caught up to
guarantee that edits are immediately observable like a normal layer. During that process, you may track progress by calling
the getMirrorStatus()
API on the storm:layer
object within the Storm runtime.
Using Synapse Power-Ups
The Vertex Project provides a number of Power-Ups that extend the functionality of Synapse. For more information on configuring your Cortex to use Power-Ups, see the blog post on Synapse Power-Ups.
Managing Nexus log size
The Cortex supports Telepath APIs for rotating (see synapse.lib.cell.CellApi.rotateNexsLog
)
and culling (see synapse.lib.cell.CellApi.cullNexsLog
) the Nexus log.
These operations are also distributed to downstream consumers of the Nexus log (e.g. mirrors),
and therefore it is recommended to use the trim API (see synapse.lib.cell.CellApi.trimNexsLog
).
The trim API can also be invoked from Storm (see $lib.cell.trimNexsLog(consumers=None, timeout=30)).
The trim API executes the following steps:
If a list of consumers are provided, check that they are all online.
Rotate the Nexus log at the current offset, which is also distributed downstream.
If consumers are provided, wait until they catch-up to the current offset.
Cull the Nexus log, which deletes entries up to and including the current offset.
If the cull API is called directly, only rotated logs where the last index is less than the provided offset will be removed from disk.
Warning
Culling the Nexus log directly, or not providing a complete list of consumers to trim, can result in mirror desync if they are not caught up to the culled offset.
0.1.x to 2.x.x Migration
Warning
The 0.1.x
to 2.x.x
migration tools have been removed in Synapse v2.9.0
.
For information about migrating older Cortexes to v2.8.0, please refer to the v2.8.0
documentation
here.