recodex-wiki/Overall-architecture.md

# Overall Architecture

## Description

**ReCodEx** is designed to be very modular and configurable. One such configuration is sketched in the following picture. There are two separate frontend instances with distinct databases sharing common backend part. This configuration may be suitable for MFF UK -- basic programming course and KSP competition. Note, that connections between components are not fully accurate.

![Overall architecture](https://github.com/ReCodEx/wiki/blob/master/images/Overall_Architecture.png)

**Web app** is main part of whole project from user point of view. It provides nice user interface and it is the only part, that interacts with outside world directly. **Web API** contains almost all logic of the app including _user management and authentication_, _storing and versioning files_ (with help of **File server**), _counting and assigning points_ to users etc. Advanced users may connect to the API directly or may create custom frontends. **Broker** is essential part of whole architecture. It maintains list of available **Workers**, receives submissions from the **Web API** and routes them further and reports progress of evaluations back to the **Web app**. **Worker** securely runs each received job and evaluate its results. **Monitor** resends evaluation progress messages to the **Web app** in order to be presented to users.


## Communication

Detailed communication inside the ReCodEx system is captured in the following 
image and described in sections below. Red connections are through ZeroMQ 
sockets, blue are through WebSockets and green are through HTTP(S). All ZeroMQ 
messages are sent as multipart with one string (command, option) per part, with 
no empty frames (unles explicitly specified otherwise).

![Communication schema](https://github.com/ReCodEx/wiki/raw/master/images/Backend_Connections.png)


### Broker - Worker communication

Broker acts as server when communicating with worker. Listening IP address and port are configurable, protocol family is TCP. Worker socket is of DEALER type, broker one is ROUTER type. Because of that, very first part of every (multipart) message from broker to worker must be target worker's socket identity (which is saved on its **init** command).

#### Commands from broker to worker:

- **eval** -- evaluate a job. Requires 3 message frames:
    - `job_id` -- identifier of the job (in ASCII representation -- we avoid 
      endianness issues and also support alphabetic ids)
    - `job_url` -- URL of the archive with job configuration and submitted source 
      code
    - `result_url` -- URL where the results should be stored after evaluation
- **intro** -- introduce yourself to the broker (with **init** command) -- this is 
  required when the broker loses track of the worker who sent the command. 
  Possible reasons for such event are e.g. that one of the communicating sides 
  shut down and restarted without the other side noticing.
- **pong** -- reply to **ping** command, no arguments

#### Commands from worker to broker:

- **init** -- introduce self to the broker. Useful on startup or after reestablishing lost connection. Requires at least 2 arguments:
    - `hwgroup` -- hardware group of this worker
    - `header` -- additional header describing worker capabilities. Format must 
      be `header_name=value`, every header shall be in a separate message frame. 
      There is no limit on number of headers.

    There is also an optional third argument -- additional information. If 
    present, it should be separated from the headers with an empty frame. The 
    format is the same as headers. Supported keys for additional information are:
    - `description` -- a human readable description of the worker for 
      administrators (it will show up in broker logs)
    - `current_job` -- an identifier of a job the worker is now processing. This 
      is useful when we are reassembling a connection to the broker and need it 
      to know the worker will not accept a new job.
- **done** -- notifying of finished job. Contains following message frames:
    - `job_id` -- identifier of finished job
    - `result` -- response result, possible values are:
        - OK -- evaluation finished successfully
        - FAILED -- job failed and cannot be reassigned to another worker (e.g. 
                   due to error in configuration)
        - INTERNAL_ERROR -- job failed due to internal worker error, but another 
                           worker might be able to process it (e.g. downloading a file failed)
    - `message` -- a human readable error message
- **progress** -- notice about current evaluation progress. Contains following message frames:
    - `job_id` -- identifier of current job
    - `state` -- what is happening now. 
        - DOWNLOADED -- submission successfuly fetched from fileserver
        - FAILED -- something bad happened and job was not executed at all
        - UPLOADED -- results are uploaded to fileserver
        - STARTED -- evaluation of tasks started
        - ENDED -- evaluation of tasks is finished
        - ABORTED -- evaluation of job encountered internal error, job will be rescheduled to another worker
        - FINISHED -- whole execution is finished and worker ready for another job execution
        - TASK -- task state changed -- see below
    - `task_id` -- only present for "TASK" state -- identifier of task in current job
    - `task_state` -- only present for "TASK" state -- result of task evaluation. One of:
        - COMPLETED -- task was successfully executed without any error, subsequent task will be executed
        - FAILED -- task ended up with some error, subsequent task will be skipped
        - SKIPPED -- some of the previous dependencies failed to execute, so this task will not be executed at all
- **ping** -- tell broker I am alive, no arguments


#### Heartbeating

It is important for the broker and workers to know if the other side is still 
working (and connected). This is achieved with a simple heartbeating protocol.

The protocol requires the workers to send a **ping** command regularly (the 
interval is configurable on both sides -- future releases might let the worker 
send its ping interval with the **init** command). Upon receiving a **ping** 
command, the broker responds with **pong**.

Whenever a heartbeating message doesn't arrive, a counter called _liveness_ is 
decreased. When this counter drops to zero, the other side is considered 
disconnected. When a message arrives, the liveness counter is set back to its 
maximum value, which is configurable for both sides.

When the broker decides a worker disconnected, it tries to reschedule its jobs 
to other workers.

If a worker thinks the broker crashed, it tries to reconnect periodically, with 
a bounded, exponentially increasing delay.

This protocol proved great robustness in real world testing. Thus whole backend 
is reliable and can outlive short term issues with connection without problems. 
Also, increasing delay of ping messages does not flood the network when there 
are problems. We experienced no issues since we are using this protocol.

### Worker - File Server communication

Worker is communicating with file server only from _execution thread_. Supported 
protocol is HTTP optionally with SSL encryption (**recommended**). If supported 
by server and used version of libcurl, HTTP/2 standard is also available. File 
server should be set up to require basic HTTP authentication and worker is 
capable to send corresponding credentials with each request.

#### Worker side

Workers comunicate with the file server in both directions -- they download 
student's submissions and then upload evaluation results. Internally, worker is 
using libcurl C library with very similar setup. In both cases it can verify 
HTTPS certificate (on Linux against system cert list, on Windows against 
downloaded one from CURL website during installation), support basic HTTP 
authentication, offer HTTP/2 with fallback to HTTP/1.1 and fail on error 
(returned HTTP status code is >=400). Worker have list of credentials to all 
available file servers in its config file.

- download file -- standard HTTP GET request to given URL expecting file content as response
- upload file -- standard HTTP PUT request to given URL with file data as body -- same as command line tool `curl` with option `--upload-file`

#### File server side

File server has its own internal directory structure, where all the files are stored. It provides simple REST API to get them or create new ones. File server does not provide authentication or secured connection by itself, but it is supposed to run file server as WSGI script inside a web server (like Apache) with proper configuration. Relevant commands for communication with workers:

- **GET /submission_archives/\<id\>.\<ext\>** -- gets an archive with submitted source code and corresponding configuration of this job evaluation
- **GET /exercises/\<hash\>** -- gets a file, common usage is for input files or 
  reference result files
- **PUT /results/\<id\>.\<ext\>** -- upload archive with evaluation results under specified name (should be same _id_ as name of submission archive). On successful upload returns JSON `{ "result": "OK" }` as body of returned page.

If not specified otherwise, `zip` format of archives is used. Symbol `/` in API description is root of file server's domain. If the domain is for example `fs.recodex.org` with SSL support, getting input file for one task could look as GET request to `https://fs.recodex.org/tasks/8b31e12787bdae1b5766ebb8534b0adc10a1c34c`.


### Broker - Monitor communication

Broker communicates with monitor also through ZeroMQ over TCP protocol. Type of 
socket is same on both sides, ROUTER. Monitor is set to act as server in this 
communication, its IP address and port are configurable in monitor's config 
file. ZeroMQ socket ID (set on monitor's side) is "recodex-monitor" and must be 
sent as first frame of every multipart message -- see ZeroMQ ROUTER socket 
documentation for more info. 

Note that the monitor is designed so that it can receive data both from the 
broker and workers. The current architecture prefers the broker to do all the 
communication so that the workers do not have to know too many network services.

Monitor is treated as a somewhat optional part of whole solution, so no special 
effort on communication realibility was made.

#### Commands from monitor to broker:

Because there is no need for the monitor to communicate with the broker, there 
are no commands so far. Any message from monitor to broker is logged and 
discarded.

Commands from broker to monitor:

- **progress** -- notification about progress with job evaluation. See [Progress callback](#progress-callback) section for more info.


### Broker - Web API communication

Broker communicates with main REST API through ZeroMQ connection over TCP. Socket 
type on broker side is ROUTER, on frontend part it is DEALER. Broker acts as a 
server, its IP address and port is configurable in the API.

#### Commands from API to broker:

- **eval** -- evaluate a job. Requires at least 4 frames:
    - `job_id` -- identifier of this job (in ASCII representation -- we avoid endianness issues and also support alphabetic ids)
    - `header` -- additional header describing worker capabilities. Format must be `header_name=value`, every header shall be in a separate message frame. There is no maximum limit on number of headers. There may be also no headers at all. A worker is considered suitable for the job if and only if it satisfies all of its headers.
    - empty frame -- frame which contains only empty string and serves only as breakpoint after headers
    - `job_url` -- URI location of archive with job configuration and submitted source code
    - `result_url` -- remote URI where results will be pushed to

#### Commands from broker to API (all are responses to **eval** command):

- **ack** -- this is first message which is sent back to frontend right after eval command arrives, basically it means "Hi, I am all right and am capable of receiving job requests", after sending this broker will try to find acceptable worker for arrived request
- **accept** -- broker is capable of routing request to a worker
- **reject** -- broker cannot handle this job (for example when the requirements 
  specified by the headers cannot be met). There are (rare) cases when the 
  broker finds that it cannot handle the job after it was confirmed. In such 
  cases it uses the frontend REST API to mark the job as failed.
  

#### Asynchronous communication between broker and API

Only a fraction of the errors that can happen during evaluation can be detected 
while there is a ZeroMQ connection between the API and broker. To notify the 
frontend of the rest, we need an asynchronous communication channel that can be 
used by the broker when the status of a job changes (it's finished, it failed 
permanently, the only worker capable of processing it disconnected...).

This functionality is supplied by the `broker-reports/` API endpoint group -- 
see its documentation for more details.

### File Server - Web API communication

File server has a REST API for interaction with other parts of ReCodEx. Description of communication with workers is in [File server side](#file-server-side) section. On top of that, there are other commands for interaction with the API:

- **GET /results/\<id\>.\<ext\>** -- download archive with evaluated results of job _id_
- **POST /submissions/\<id\>** -- upload new submission with identifier _id_. Expects that the body of the POST request uses file paths as keys and the content of the files as values. On successful upload returns JSON `{ "archive_path": <archive_url>, "result_path": <result_url> }` in response body. From _archive_path_ the submission can be downloaded (by worker) and corresponding evaluation results should be uploaded to _result_path_.
- **POST /tasks** -- upload new files, which will be available by names equal to `sha1sum` of their content. There can be uploaded more files at once. On successful upload returns JSON `{ "result": "OK", "files": <file_list> }` in response body, where _file_list_ is dictionary of original file name as key and new URL with already hashed name as value.

There are no plans yet to support deleting files from this API. This may change in time.

Web API calls these fileserver endpoints with standard HTTP requests. There are no special commands involved. There is no communication in opposite direction.


### Monitor - Web app communication

Monitor interacts with web application through WebSocket connection. Monitor acts as server and browsers are connecting to it. IP address and port are configurable. When client connects to the monitor, it sends a message with string representation of channel id (which messages are interested in, usually id of evaluating job). There can be multiple listeners per channel, even (shortly) delayed connections will receive all messages from the very beginning.

When monitor receives **progress** message from broker there are two options:

- there is no WebSocket connection for listed channel (job id) -- message is dropped
- there is active WebSocket connection for listed channel -- message is parsed into JSON format (see below) and send as string to that established channel. Messages for active connections are queued, so no messages are discarded even on heavy workload.

Message JSON format is dictionary (associative array) with keys:

- **command** -- type of progress, one of:
    - DOWNLOADED -- submission successfuly fetched from fileserver
    - FAILED -- something bad happened and job was not executed at all
    - UPLOADED -- results are uploaded to fileserver
    - STARTED -- evaluation of tasks started
    - ENDED -- evaluation of all tasks finished, worker now just have to send results and cleanup after execution
    - ABORTED -- evaluation of job encountered internal error, job will be rescheduled to another worker
    - FINISHED -- whole execution finished and worker is ready for another job execution
    - TASK -- task state changed, further information will be provided -- see below
- **task_id** -- id of currently evaluated task. Present only if **command** is "TASK".
- **task_state** -- state of task with id **task_id**. Present only if **command** is "TASK". Value is one of "COMPLETED", "FAILED" and "SKIPPED".
    - COMPLETED -- task was successfully executed without any error, subsequent task will be executed
    - FAILED -- task ended up with some error, subsequent task will be skipped
    - SKIPPED -- some of the previous dependencies failed to execute, so this task will not be executed at all


### Web app - Web API communication

Provided web application runs as javascript client inside user's browser. It communicates with REST API on the server through standard HTTP requests. Documentation of the main REST API is in separate [document](https://recodex.github.io/api/) due to its extensiveness. Results are returned as JSON payload, which is simply parsed in web application and presented to the users.