4. Link multiple backends
This section details enabling communication between two Substra backends to allow them to exchange Functions and Models.
This can be achieved either at deployment time or when the backend is already deployed.
4.1. Update your Helm values
This guide assume that you have two organization in your network, one named ingen
and the other biotechnica
.
The process would be the same if you have more organizations as we have to pair them. For example with three orgs you would repeat it for (org1, org2), (org1, org3) and (org2, org3).
In this setup we want ingen
to exchange assets with biotechnica
.
We are assuming that you have two values files with the configuration for your existing deployment, one for each organization named: backend-ingen-values.yaml
, backend-biotechnica-values.yaml
.
Configure matching values for your 2 Organizations:
Create an account for MyOrg2 on MyOrg1. In
backend-ingen-values.yaml
, add the following content:addAccountOperator: incomingOrganizations: - name: biotechnica secret: SECRET_ORG1_ORG2 channel: our-channel
SECRET_ORG1_ORG2
is a passwordbiotechnica
needs to download assets fromingen
.our-channel
was defined in the backend channel configuration – bothingen
andbiotechnica
are members of it.Create an account for
ingen
onbiotechnica
. Inbackend-biotechnica-values.yaml
add the following content:addAccountOperator: incomingOrganizations: - name: ingen secret: SECRET_ORG2_ORG1 channel: our-channel
Configure
ingen
to use the right password when connecting tobiotechnica
. Inbackend-ingen-values.yaml
add the following content under theaddAccountOperator
key:outgoingOrganizations: - name: biotechnica secret: SECRET_ORG2_ORG1
SECRET_ORG2_ORG1
must naturally be the same as earlier.Configure
biotechnica
to use the right password when connecting toingen
. Inbackend-biotechnica-values.yaml
add the following content under theaddAccountOperator
key:outgoingOrganizations: - name: ingen secret: SECRET_ORG1_ORG2
In the end your configuration files should have a section looking like this:
addAccountOperator:
users: [...]
incomingOrganizations:
- name: biotechnica
secret: SECRET_ORG1_ORG2
channel: our-channel
outgoingOrganizations:
- name: biotechnica
secret: SECRET_ORG2_ORG1
in backend-ingen-values.yaml
, and:
addAccountOperator:
users: [...]
incomingOrganizations:
- name: ingen
secret: SECRET_ORG2_ORG1
channel: our-channel
outgoingOrganizations:
- name: ingen
secret: SECRET_ORG1_ORG2
in backend-biotechnica-values.yaml
.
4.2. Deploy the updated chart
Let’s upgrade our previous deployments with the new values. We’ll run this twice, once on cluster-1
to update ingen
and once on cluster-2
to update biotechnica
:
helm upgrade RELEASE-NAME --namespace NAMESPACE substra/substra-backend --version VERSION --values VALUES-FILE
RELEASE-NAME
and NAMESPACE
must be the same as earlier, depending on the cluster.
You can retrieve them with helm list -A
.VERSION
should be the same as earlier.VALUES-FILE
should be either backend-ingen-values.yaml
or backend-biotechnica-values.yaml
.4.3. Validate that organizations are connected
We provide a small utility on the Substra backend server to test which organizations are accessible from the current organization. Follow these steps:
Connect to the Substra backend pod:
kubectl exec -it $(kubectl get pod -l "app.kubernetes.io/name=substra-backend-server" -o name) -- /bin/bash
This opens a shell on the backend server pod.
List all organizations defined in the outgoing list and their status:
./manage.py get_outgoing_organization
The output should look like this:
| org_id | org_address | http_status | | biotechnica | http://api.cluster-2.DOMAIN:80 | 200 |
If there is an error while trying to connect to the node it will appear in the
http_status
column.