Nova postagem

Pesquisar

Artigo
· Mar. 4, 2024 4min de leitura

IKO - Lessons Learned (Part 2 - The IrisCluster)

#Melhores Práticas #Implantação #Kubernetes #Documentação #InterSystems IRIS #InterSystems IRIS for Health

We now get to make use of the IKO.

Below we define the environment we will be creating via a Custom Resource Definition (CRD). It lets us define something outside the realm of what the Kubernetes standard knows (this is objects such as your pods, services, persistent volumes (and claims), configmaps, secrets, and lots more). We are building a new kind of object, an IrisCluster object.

apiVersion: intersystems.com/v1alpha1
kind: IrisCluster
metadata:
  name: simple
spec:
  licenseKeySecret:
    #; to activate ISC license key
    name: iris-key-secret
  configSource:
    #; contains CSP-merge.ini, which is merged into IKO's
    #; auto-generated configuration.
    name: iris-cpf
  imagePullSecrets:
    - name: intersystems-pull-secret

  topology:
    data:
      image: containers.intersystems.com/intersystems/irishealth:2023.3
      compatibilityVersion: "2023.3"
    webgateway:
      replicas: 1
      image: containers.intersystems.com/intersystems/webgateway:2023.3
      applicationPaths:
        #; All of the IRIS instance's system default applications.
        #; For Management Portal only, just use '/csp/sys'.
        #; To support other applications, please add them to this list.
        - /csp/sys
        - /csp/broker
        - /api
        - /isc
        - /oauth2
        - /ui
        - /csp/healthshare
      alternativeServers: LoadBalancing
      loginSecret:
        name: iris-webgateway-secret

  serviceTemplate:
    # ; to enable external IP addresses
    spec:
      type: LoadBalancer

The IrisCluster object oversees and facilitates the deployment of all the components of our IRIS environment. In this specific environment we will have:

  • 1 IRIS For Health Instance (in the form of a data node)
  • 1 Web Gateway (in the form of a web gateway node)

The iris-key-secret is an an object of kind secret. Here we will store our key. To create it:

kubectl create secret generic iris-key-secret --from-file=iris.key

Note that you'll get an error if your file is not named iris.key. If you insist on naming it something else you can do this:

kubectl create secret generic iris-key-secret --from-file=iris.key=yourKeyFile.key

The iris-cpf is a configuration file. We will create it as an object of configmap kind.

kubectl create cm iris-cpf --from-file common.cpf

In the common.cpf file there is just the password hash. You can create it using the passwordhash image as follows:

$ docker run --rm -it containers.intersystems.com/intersystems/passwordhash:1.1 -algorithm SHA512 -workfactor 10000
Enter password:
Enter password again:
PasswordHash=2b679c8c944e2cbc2c5e4b12c62b76d5dee07f28099083940b816197ca0ffbd807c36cef7d16e17bdfe4f7a2cd45a09f6e50bef1bac8f5978362eef7d2997f3a,eac33175d6268d7bb89edb48600a3fd59d9ccd4777959bbbcc31cdb726f9b956e31fedd44c016a48d0098ffc605ac6a17b5767bfdebefe01b078ef2efd40f84f,10000,SHA512

Then put the output in your common.cpf (attached). Note that the data.cpf and compute.cpf mentioned in the IKO docs are to specify additional configuration of the data and compute nodes. This is overkill for us right now - just know that they exist.

We just want to define a password of our own at startup. If we do not, we will be prompted to change our password the first time we sign in (note that the first time the default username/password is _SYSTEM/SYS, in case you do not define one).

Onto the next secret, the one for pulling the image from the registry. I use the InterSystems Container Registry (ICR), but lots of our clients have their own registries where they push our images to. That is great too. Just note that how you create your secret depends on how you access your registry. For the ICR it is as follows:

kubectl create secret docker-registry intersystems-pull-secret --docker-server=https://containers.intersystems.com --docker-username='<your username>' --docker-password='<your password>' --docker-email='<your email>'

We have one secret left, but let's just gloss over the topology first.

Topology is the IRIS environment we want to create. Specifically, this is the data node and web gateway. Regarding the image, I see some people like to use the :latest tag as is normally good practice to ensure the most up to date software. I think in this case it would actually be better practice to specify what version one wants as it is best practice to specify the compatibilityVersion. See more about that here.

As for the webgateway, we can configure how many we want, what application paths should be available and the loginSecret. This secret is how the webgateway will be logging into IRIS.

kubectl create secret generic iris-webgateway-secret --from-literal='username=CSPSystem' --from-literal='password=SYS'

That's our last secret, but you can read up more about them on the Kubernetes documentation.

Finally, we have the serviceTemplate.

Our process will create two services that are of significance to us (the rest are outside the scope of this article and should not concern you at this time): 1) simple and 2) simple-webgateway.

For now, all you need to know about services is that they expose applications that run on pods. By running kubectl get svc, you can see external IP that these two services create. If you're running your kubernetes cluster on docker-desktop like me, then it will be localhost.

And we notice the familiar ports.

That's because this is our internal and external webservers. For example, we can go to our management portal through the external web server: http://localhost/csp/sys/UtilHome.csp. http takes us automatically to port 80 (https to 443) which is why we don't need to specify the port here.

That's it for now. In the next article we'll take another bite out of services.
 

1 Comment
Discussão (1)1
Entre ou crie uma conta para continuar
Anúncio
· Mar. 4, 2024

[Webinar in Hebrew] Introducing InterSystems Cloud Services

#Nuvem #Eventos #Webinar #Health Connect #InterSystems IRIS #InterSystems IRIS for Health

Hi Community,

We're pleased to invite you to the upcoming webinar in Hebrew:

👉 Introducing InterSystems Cloud Services 👈

📅 Date & time: March 20th, 3:00 PM IDT

In this session we will review InterSystems cloud options, introduce the InterSystems Cloud Portal and provide a quick overview of specific cloud services 

  • FHIR Server, and the FHIR SQL Builder
  • FHIR Transformation Service
  • IRIS Cloud SQL, and IntegratedML
  • IRIS Managed Cloud Service
  • Health Connect Cloud

Presenters:
🗣 @Ariel Glikman, Sales Engineer, InterSystems
🗣 @Keren Skubach, Senior Sales Engineer, InterSystems
🗣 @Tani Frankel, Sales Engineer Manager, InterSystems

➡️ Register today and enjoy!
 

Discussão (0)1
Entre ou crie uma conta para continuar
Artigo
· Mar. 2, 2024 4min de leitura

IKO - Lessons Learned (Part 1 - Helm)

#Melhores Práticas #Implantação #Kubernetes #InterSystems IRIS #InterSystems IRIS for Health

The IKO documentation is robust. A single web page, that consists of about 50 actual pages of documentation. For beginners that can be a bit overwhelming. As the saying goes: how do you eat an elephant? One bite at a time. Let's start with the first bite: helm.

What is Helm?

Helm is to Kubernetes what the InterSystems Package Manager (IPM, formerly ObjectScript Package Manager - ZPM) is to IRIS.

It facilitates the installation of applications on the platform - in a fashion suitable for Kubernetes. That's to say that it is developed in such a way to facilitate installation to your needs, whether it be a development, test, or production environment.

We provide on our WRC software distribution all you will need under the IRIS Components tab - it consists of a .tar.gz. Extract it and you will get a .tar. Extract it again and you will see a folder iris_operator_<yourversion>. In here are a README with instructions, as well as 3 folders - an image of the IKO (you could have also got this from the InterSystems Container Registry), chart, and samples. Samples is just to help you form your files but is not actually necessary for IKO installation. Chart, however, is necessary. Let's take a peek.

chart
|
|-> iris-operator
               |
               | -> README.md
               | -> .helmignore
               | -> Chart.yaml
               | -> values.yaml
               | -> templates 
                      | -> _helpers.tpl
                      | -> apiregistration.yaml
                      | -> appcatalog-user-roles.yaml
                      | -> cleaner.yaml
                      | -> cluster-role.yaml
                      | -> cluster-role-binding.yaml
                      | -> deployment.yaml
                      | -> mutating-webhook.yaml
                      | -> NOTES.txt
                      | -> service.yaml
                      | -> service-account.yaml
                      | -> user-roles.yaml
                      | -> validating-webhook.yaml

 

This is the meat and potatoes (a funny way to say basic ingredients) of the application we will be installing. Don't worry. The only thing that we care about is going to be the values.yaml. Everything else is going on behind the scenes, thanks to Helm. Phew! But it's important to know that though our operator may seem like an ordinary pod, it is a lot more than that.

Most of the contents of the values.yaml are also going to be out of the scope of this article because you will not have to worry about them. We will care about just 4 fields (okay, 5 at most).

They are operator.registry, operator.repository, operator.tag, imagePullSecrets.name[0], and imagePullPolicy.

Where is your IKO image? Is your organization using a private repository? Are you planning on pulling from the ICR? Specify your image details in the registry, repository, and tag fields. If you are using the ICR you can leave it as is.

How will you access the ICR, or your organization repository? Assuming it is private you will need to specify your details with which you can access it for pulling. In the next article I touch on how to create this secret, which we can call intersystems-pull-secret instead of the standard dockerhub-secret which is what is presently there if you downloaded the files from the WRC.

Finally for the imagePullPolicy we can leave it as Always, or alternatively change it to IfNotPresent or Never. I'll refer you to the Kubernetes documentation if you need clarification - here. I tend to use IfNotPresent.

Looks like we're good to go (assuming you already have helm installed, if not install it first)! Let's install the IKO. We are going to need to tell helm where the folder with all our goodies is (that's the iris-operator folder you see above). If we were to be sitting at the chart directory you can use the command

helm install intersystems iris-operator

but perhaps you're sitting a little higher. No problem. This is fine too assuming you are sitting in a repository with iris_operator_amd-3.6.7.100:

helm install intersystems iris_operator_amd-3.6.7.100/chart/iris-operator

You'll get a message that the installation was a success and you can double check your deployment is running as is noted by the message and in our docs.

kubectl --namespace=default get deployments -l "release=intersystems, app=iris-operator"

In the next post we'll put the InterSystems Kubernetes Operator to use.

2 Comments
Discussão (2)2
Entre ou crie uma conta para continuar
Pergunta
· Mar. 1, 2024

POST request with paging FHIR bundle

#FHIR #HealthShare

Hi everyone,

I'm looking for a strategy for dividing a large FHIR message, in a post request, into smaller parts. 

I have found the paging modifier for the GET request, but not a similiar one for the POST request. Maybe the 'batch' type of a Bundle could help me to indicate this aim but there aren't any attribute to say the total or the i-th element. 

Do you know of any method for implementing 'paging' in a post request?

2 Comments
Discussão (2)2
Entre ou crie uma conta para continuar
Artigo
· Fev. 29, 2024 5min de leitura

インデックス再構築が終わるまで新しく定義したインデックスを使用させない方法

#SQL #Indexando #Dicas e truques #Caché #Ensemble #HealthShare #InterSystems IRIS #InterSystems IRIS for Health

これは InterSystems FAQ サイトの記事です。

新しいインデックスを定義した後、インデックスの再構築が完了する前にクエリを実行するとデータが存在しているにもかかわらず「検索結果0件」や検索結果数が徐々に増えるような状況が発生します。

インデックスを永続クラス定義(またはテーブル定義)に追加しコンパイルすることで今まで使用していたクエリ実行経路が削除され、再度同じクエリを実行するタイミングで新しいインデックス定義を含めた実行経路が作成されるためです。(この時にインデックス再構築が完了していないとインデックスデータが存在しない、または不完全であるため0件や徐々に検索結果数が増えるような状況を起こします。)

これを起こさなために、新しいインデックスの再構築が終了するまでクエリオプティマイザにインデックスを使用させないように指定する方法が用意されています。

※ 2024/8/2: 2024.1以降から利用できる方法を追加しました。

 

2024.1以降

CREATE INDEXのDEFERオプションを使用します(オプションを付けないCREATE INDEX文では、作成時にインデックスの再構築も同時に行われます)。

DEFERオプションを使用することで、インデックスは追加されますがインデックスの再構築は行われず、追加したインデックスはクエリオプティマイザが使用しないように「選択不可」に設定されます。

再構築が行えるタイミングで BUILD INDEX文を利用することで、再構築が終了すると同時に追加したインデックスが「選択可能」に自動的に設定されます。

なお、追加したインデックスの選択可/不可は管理ポータルのSQL画面で確認できます(管理ポータル > [SQL] > ネームスペース選択 > テーブル選択 > (画面右)カタログの詳細 > [マップ/インデックス]をチェック)。

※インデックスの「選択可能」「選択不可」は、以降でご紹介するSetMapSelectability()メソッドを利用しても変更できます。

※永続クラス定義を利用している場合、デフォルトではDDLの発行が無効化されています。クラス定義文に DdlAllowed属性 を追加することでDDL文の発行ができます(設定後、クラス定義をコンパイルする必要があります)。

 

以下定義を行った場合は、管理ポータルでは図のように見えます。

CREATE INDEX NameIdx On Sample.Person (Name) DEFER
CREATE INDEX PrefIdx On Sample.Person (Pref)

 

インデックス追加から再構築までの手順は以下の通りです。

1) 永続クラス定義の場合、DdlAllowed属性を設定します。

Class Sample.Person Extends %Persistent [ DdlAllowed ]

 

2) CREATE INDEXのDEFERオプションを付けてインデックス定義を追加します。

CREATE INDEX NameIdx On Sample.Person (Name) DEFER

 

3) 再構築ができるタイミングで、BUILD INDEXを実行します。

BUILD INDEX FOR TABLE Sample.Person INDEX NameIdx

 

4) BUILD INDEXが終了したら、追加したインデックスで影響を受けそうなクエリキャッシュを破棄します。

管理ポータルでクエリキャッシュを削除するには、管理ポータル > [システムエクスプローラ] > [SQL] > (対象ネームスペースに切り替えた後) > [アクション] > [クエリキャッシュ削除]

プログラムからキャッシュを破棄する場合は、「プログラムでクエリキャッシュを削除する方法」をご参照ください。

 

2023.1以前

2022.1以降では、$SYSTEM.SQL.Util.SetMapSelectability()を使用します。

※インデックスの再構築が完了したら、必ず指定を元に戻してください。

(2021.1以前では、$SYSTEM.SQL.SetMapSelectability()を使用します。引数の指定方法は2022.1以降と同様です。)

 

SetMapSelectability()メソッドは%Statusの戻り値が設定されています。
ステータスOKの場合は1が戻ります。エラーステータスの場合は以下のメソッドを使用してエラー内容を確認してください。

write $SYSTEM.Status.GetErrorText(ステータスが入った変数)

ご参考:%Statusのエラーが返ってきたら

 

以下、Training.Employeeに新インデックス:NewIndexを定義する例でご紹介します。

1) 定義予定の新インデックス名をクエリオプティマイザが使用しないように設定します。

set status=$SYSTEM.SQL.Util.SetMapSelectability("Training.Employee","NewIndex",0)
  • 第1引数:クラス名
  • 第2引数:インデックス名(これから指定する新インデックス名を指定します。)
  • 第3引数:隠す場合は0、見せる場合は1

2) インデックスを追加します。

  • 永続クラスの場合はインデックスを追加しコンパイルし、インデックス再構築を実行します。
  • SQL文で実行する場合はCREATE INDEXを実行した後インデックス再構築が自動的に開始されます。

3) クエリオプティマイザにインデックスを見せるように変更します。

 ※インデックスの再構築が終了してから行います。

$system.SQL.Util.SetMapSelectability("Training.Employee","NewIndex",1)

4) クエリキャッシュを削除します。

方法詳細は、2024.1以降の手順でご紹介した図解をご参照ください。

 

関連項目として、インデックスの再構築を複数のプロセスで行う方法もあります。
詳細は:「アプリケーション使用中にインデックス再構築を複数プロセスで実行する方法」をご覧ください。 

《注意》CREATE INDEX文でインデックスを追加した場合、インデックス追加後すぐに再構築が開始されますが、インデックスをクラス定義文で追加した場合インデックス再構築は実行を命令するまで開始されません。

1 Comment
Discussão (1)1
Entre ou crie uma conta para continuar