Data Services

The typical functional goal of this work is the development and use of a Graph that can be accessed via a triplestore (Graph Database). To do that we need a set of additional containers to support this and expose these services on the web through a single domain with https support.

• Object Store
  An S3 compliant object store supporting S3 APIs including S3Select. For open source this is best satisfied with the Minio Object Store. For commercial cloud AWS S3 or hosted Ceph services will work.

• Graph Database

• Web Router (technically optional)

Gleaner Data Services (DS)

If you wish to work with a triplestore and wish to use the default app used by OIH you can use the compose file that sets up the Gleaner Data Services environment.

This adds the Blazegraph triplestore to the configuration along with the object store.

The details of the OIH data services are found in the Data Services section.

Fig. 3 Gleaner Data Service Activity Workflow

Typically, a user would wish to run the full Gleaner DS stack which supports both the indexing process and the serving of the resulting data warehouse and graph database capacity.

Combined, these would then look like the following where the indexing and data services shared a common object store.

Fig. 4 Gleaner Indexing and Data Service Combined

Object store pattern

Within in the object store the following digital object pattern is used.
This is based on the work of the RDA Digital Fabric working group.

Fig. 5 Gleaner Digital Object Pattern

At this point the graph and data warehouse (object store) can be exposed to the net for use by clients such as jupyter notebooks or direct client calls to the S3 object APIs and SPARQL endpoint.

Gleaner Data Services (DS) Environment Variables The Docker Compose file used to launch the Gleaner DS has a set of configurable elements that can be set and passed to the orchestration system with environment variables.

These can be set manually or through the command line. A simple script to set the variables could look like:

– Environment Var settings script

The actual services can be deployed via a Docker Compose file (also works with Podman). An example of that file and details about it follow.

Let’s take a look at this.

#!/bin/bash

# domains 
export GLEANER_ADMIN_DOMAIN=admin.local.dev
export GLEANER_OSS_DOMAIN=oss.local.dev
export GLEANER_GRAPH_DOMAIN=graph.local.dev
export GLEANER_WEB_DOMAIN=web.local.dev
export GLEANER_WEB2_DOMAIN=web2.local.dev

# Object store keys
export MINIO_ACCESS_KEY=worldsbestaccesskey
export MINIO_SECRET_KEY=worldsbestsecretkey

# local data volumes
export GLEANER_BASE=/tmp/gleaner/
export GLEANER_TRAEFIK=${GLEANER_BASE}/config
export GLEANER_OBJECTS=${GLEANER_BASE}/datavol/s3
export GLEANER_GRAPH=${GLEANER_BASE}/datavol/graph

– Break down the compose file here

version: '3'

# ${GLEANER_ADMIN_DOMAIN}
# ${GLEANER_OSS_DOMAIN}
# ${GLEANER_GRAPH_DOMAIN}
# ${GLEANER_WEB_DOMAIN}  
# ${GLEANER_WEB2_DOMAIN}
# ${MINIO_ACCESS_KEY}  
# ${MINIO_SECRET_KEY}
#
# ${GLEANER_TRAEFIK}
# ${GLEANER_OBJECTS}
# ${GLEANER_GRAPH}

services:
  triplestore:
    image: nawer/blazegraph 
    environment:
      JAVA_XMS: 2g
      JAVA_XMX: 8g
      JAVA_OPTS: -Xmx6g -Xms2g --XX:+UseG1GC
    ports:
      - 9999:9999
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.triplestore.entrypoints=http"
      - "traefik.http.routers.triplestore.rule=Host(`${GLEANER_GRAPH_DOMAIN}`)"
      - "traefik.http.middlewares.triplestore-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.triplestore.middlewares=triplestore-https-redirect"
      - "traefik.http.routers.triplestore-secure.entrypoints=https"
      - "traefik.http.routers.triplestore-secure.rule=Host(`${GLEANER_GRAPH_DOMAIN}`)"
      - "traefik.http.routers.triplestore-secure.tls=true"
      - "traefik.http.routers.triplestore-secure.tls.certresolver=http"
      - "traefik.http.routers.triplestore-secure.service=triplestore"
      - "traefik.http.middlewares.triplestore-secure.headers.accesscontrolallowmethods=GET,OPTIONS,PUT,POST"
      - "traefik.http.middlewares.triplestore-secure.headers.accesscontrolalloworigin=*"
      - "traefik.http.middlewares.triplestore-secure.headers.accesscontrolmaxage=200"
      - "traefik.http.middlewares.triplestore-secure.headers.addvaryheader=true"
      - "traefik.http.middlewares.triplestore-secure.headers.accesscontrolallowcredentials=true"
      - "traefik.http.middlewares.triplestore-secure.headers.accesscontrolallowheaders=Authorization,Origin,Content-Type,Accept"
      - "traefik.http.middlewares.triplestore-secure.headers.customresponseheaders.Access-Control-Allow-Headers=Authorization,Origin,Content-Type,Accept"
      - "traefik.http.routers.triplestore-secure.middlewares=triplestore-secure@docker" 
      - "traefik.http.services.triplestore.loadbalancer.server.port=9999"
      - "traefik.docker.network=traefik_default"
    volumes:
      - ${GLEANER_GRAPH}:/var/lib/blazegraph
    networks:
      - traefik_default

  s3system:
    image: minio/minio:latest
    ports:
      - 9000:9000
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.s3system.entrypoints=http"
      - "traefik.http.routers.s3system.rule=Host(`${GLEANER_OSS_DOMAIN}`)"
      - "traefik.http.middlewares.s3system-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.s3system.middlewares=s3system-https-redirect"
      - "traefik.http.routers.s3system-secure.entrypoints=https"
      - "traefik.http.routers.s3system-secure.rule=Host(`${GLEANER_OSS_DOMAIN}`)"
      - "traefik.http.routers.s3system-secure.tls=true"
      - "traefik.http.routers.s3system-secure.tls.certresolver=http"
      - "traefik.http.routers.s3system-secure.service=s3system"
      - "traefik.http.services.s3system.loadbalancer.server.port=9000"
      - "traefik.docker.network=traefik_default"
    volumes:
      - ${GLEANER_OBJECTS}:/data
    environment:
      - MINIO_ACCESS_KEY=${MINIO_ACCESS_KEY}
      - MINIO_SECRET_KEY=${MINIO_SECRET_KEY}
    networks:
      - traefik_default
    command: ["server", "/data"]

  features:
    image: fils/grow-general:latest
    ports:
      - 8080:8080
    environment:
      - S3ADDRESS=s3system:9000
      - S3BUCKET=sites
      - S3PREFIX=domain
      - DOMAIN=https://${GLEANER_WEB_DOMAIN}/
      - S3KEY=${MINIO_ACCESS_KEY}
      - S3SECRET=${MINIO_SECRET_KEY}
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.features.entrypoints=http"
      - "traefik.http.routers.features.rule=Host(`${GLEANER_WEB_DOMAIN}`, `${GLEANER_WEB2_DOMAIN}`)"
      - "traefik.http.middlewares.features-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.features.middlewares=features-https-redirect"
      - "traefik.http.routers.features-secure.entrypoints=https"
      - "traefik.http.routers.features-secure.rule=Host(`${GLEANER_WEB_DOMAIN}`,`${GLEANER_WEB2_DOMAIN}`)"
      - "traefik.http.routers.features-secure.tls=true"
      - "traefik.http.routers.features-secure.tls.certresolver=http"
      - "traefik.http.routers.features-secure.service=features"
      - "traefik.http.services.features.loadbalancer.server.port=8080"
      - "traefik.docker.network=traefik_default"
      - "traefik.http.middlewares.features.headers.accesscontrolallowmethods=GET,OPTIONS,PUT,POST"
      - "traefik.http.middlewares.features.headers.accesscontrolalloworigin=*"
      - "traefik.http.middlewares.features.headers.accesscontrolmaxage=100"
      - "traefik.http.middlewares.features.headers.addvaryheader=true"
      - "traefik.http.middlewares.features-secure.headers.accesscontrolallowheaders=*"
      - "traefik.http.middlewares.features-secure.headers.customresponseheaders.Access-Control-Allow-Headers=*"
    networks:
      - traefik_default

networks:
  traefik_default:

NOTE: DS also needs the object -> graph sync (via Nabu) NOTE: Should also add in (here or to the side) the ELT local Data Lake to Data Warehouse path (ala CSDCO VaultWalker)