Improve DB logic + Misc changes

.gitignore

@@ -1,7 +1,5 @@
 .vscode
 src/*.egg-info/
-user_code_example/logs
-user_code_example/data
 __pycache__
 dist
 *.csv

colext_setup/ansible/plays/add_user_to_server.yaml

@@ -1,4 +1,5 @@
 
 Create local user account
 Create user in harbor
-docker login flserver:5000
+docker login flserver:5000
+add user to docker and microk8s groups

colext_setup/ansible/plays/configure_sbc.yaml

@@ -26,6 +26,6 @@
           # microk8s add-node --token a1ef095d59c2fef65d5263090e678cc0 -l 31536000
           # /var/snap/microk8s/current/credentials/cluster-tokens.txt
         priv_registry:
-          hostname: flserver
+          hostname: colext
           internal_ip: 10.0.0.100
           port: 5000

colext_setup/ansible/plays/roles/microk8s_worker/tasks/main.yaml

@@ -28,7 +28,7 @@
   ansible.builtin.import_tasks: configure_containerd.yaml
   when: "'jetsons' in group_names"
 
-Jetsons lack of ipset mod makes it impatible with Calico the default CNI: https://github.com/canonical/microk8s/issues/2110
+# Jetsons lack of ipset mod makes it impatible with Calico the default CNI: https://github.com/canonical/microk8s/issues/2110
 - name: Disable HA to support Flannel over Calico (jetsons don't like it)
   become: false
   ansible.builtin.shell:

colext_setup/db_setup/generate_db.sql

@@ -10,7 +10,8 @@ CREATE TABLE users (
 
 CREATE TABLE projects (
     project_id SERIAL PRIMARY KEY,
-    project_name VARCHAR(100) UNIQUE
+    project_name VARCHAR(100) UNIQUE,
+    is_active BOOLEAN,
 );
 
 CREATE TABLE project_user (
@@ -118,8 +119,8 @@ CREATE TABLE monsoon_measurements (
 SELECT create_hypertable('monsoon_measurements', 'time', if_not_exists => TRUE, create_default_indexes => TRUE);
 
 -- Add security
-
 CREATE ROLE colext_user;
+ALTER ROLE colext_user SET search_path TO fl_testbed_logging;
 GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA fl_testbed_logging TO colext_user;
 
 ALTER TABLE jobs ENABLE ROW LEVEL SECURITY;
@@ -131,12 +132,18 @@ ALTER TABLE batches ENABLE ROW LEVEL SECURITY;
 ALTER TABLE device_measurements ENABLE ROW LEVEL SECURITY;
 ALTER TABLE monsoon_measurements ENABLE ROW LEVEL SECURITY;
 
+-- CREATE POLICY pc_jobs ON jobs
 CREATE POLICY p_jobs ON jobs
-    USING (project_id IN (SELECT DISTINCT project_id FROM project_users JOIN users USING(user_id) WHERE user_name = current_user));
+    USING (project_id IN (SELECT DISTINCT project_id FROM projects WHERE is_active = TRUE));
+    -- USING (project_id IN (SELECT DISTINCT project_id FROM project_users JOIN users USING(user_id) WHERE user_name = current_user));
 CREATE POLICY p_rounds ON rounds USING (job_id IN (SELECT DISTINCT job_id FROM jobs));
 CREATE POLICY p_clients ON clients USING (job_id IN (SELECT DISTINCT job_id FROM jobs));
 CREATE POLICY p_clients_in_round ON clients_in_round USING (client_id IN (SELECT DISTINCT client_id FROM clients));
 CREATE POLICY p_epochs ON epochs USING (cir_id IN (SELECT DISTINCT cir_id FROM clients_in_round));
 CREATE POLICY p_batches ON batches USING (cir_id IN (SELECT DISTINCT cir_id FROM clients_in_round));
 CREATE POLICY p_device_measurements ON device_measurements USING (client_id IN (SELECT DISTINCT client_id FROM clients));
 CREATE POLICY p_monsoon_measurements ON monsoon_measurements USING (client_id IN (SELECT DISTINCT client_id FROM clients));
+
+GRANT USAGE ON SEQUENCE
+    jobs_job_id_seq, rounds_round_id_seq, clients_client_id_seq, clients_in_round_cir_id_seq
+    TO colext_user;

src/colext/common/vars.py

@@ -1,4 +1,4 @@
-REGISTY="flserver:5000"
+REGISTY="colext:5000"
 
 STD_DATASETS_PATH="/colext/datasets/"
 PYTORCH_DATASETS_PATH="/colext/pytorch_datasets/"

src/colext/exp_deployers/db_utils.py

@@ -7,7 +7,7 @@ def __init__(self) -> None:
 
     def create_db_connection(self):
         # Connection string is read from env variable pointing to pgpassfile
-        return psycopg.connect(autocommit=True)
+        return psycopg.connect(dbname="colext_db", autocommit=True)
 
     def project_exists(self, project_name) -> bool:
         try:

src/colext/exp_deployers/sbc_deployer/Dockerfiles/pip/docker-bake.hcl

@@ -97,7 +97,7 @@ target "jetson" {
     BASE_IMAGE: (
       PY38 ?
       "nvcr.io/nvidia/l4t-pytorch:r35.2.1-pth2.0-py3" :
-      "flserver:5000/colext/jetson-ox:latest" # pytorch 2.2
+      "colext:5000/colext/jetson-ox:latest" # pytorch 2.2
     )
     INSTALL_OPTIONS: "[jetson]",
     BUILD_TYPE: "jetson"
@@ -111,8 +111,8 @@ target "jetson-nano" {
   args = {
     BASE_IMAGE: (
       PY38 ?
-      "flserver:5000/colext/jetson-nano:torch1.10-r32.7.1-py38" :
-      "flserver:5000/colext/jetson-nano:torch1.13-r32.7.1-py310"
+      "colext:5000/colext/jetson-nano:torch1.10-r32.7.1-py38" :
+      "colext:5000/colext/jetson-nano:torch1.13-r32.7.1-py310"
     )
   }
   tags = ["${REGISTY}/${PROJECT_NAME}/jetson-nano:latest"]

src/colext/exp_deployers/sbc_deployer/microk8s/templates/client_pod.yaml.jinja

@@ -49,12 +49,18 @@ spec:
       - name: COLEXT_PYTORCH_DATASETS
         value: "/colext/pytorch_datasets"
 
+      - name: PGHOSTADDR
+        value: 10.0.0.100
+      - name: PGDATABASE
+        value: colext_db
+      - name:  PGUSER
+        value: colext_user
       - name: PGPASSFILE
-        value: /.pgpass
+        value: /pgcreds/.pgpass
 
     volumeMounts:
       - name: pgcreds
-        mountPath: /
+        mountPath: /pgcreds
       - name: colext-std-datasets
         mountPath: /colext/datasets
       - name: colext-pytorch-datasets
@@ -67,6 +73,7 @@ spec:
     - name: pgcreds
       secret:
         secretName: pgcreds-file
+        defaultMode: 0400
     - name: colext-std-datasets
       hostPath:
         path: {{ std_datasets_path }}

src/colext/exp_deployers/sbc_deployer/microk8s/templates/server.yaml.jinja

@@ -24,13 +24,18 @@ spec:
       - name: COLEXT_PYTORCH_DATASETS
         value: "/colext/pytorch_datasets"
 
+      - name: PGHOSTADDR
+        value: 10.0.0.100
+      - name: PGDATABASE
+        value: colext_db
+      - name:  PGUSER
+        value: colext_user
       - name: PGPASSFILE
-        value: /.pgpass
+        value: /pgcreds/.pgpass
 
     volumeMounts:
       - name: pgcreds
-        mountPath: /
-        readOnly: true
+        mountPath: /pgcreds
       - name: colext-std-datasets
         mountPath: /colext/datasets
       - name: colext-pytorch-datasets
@@ -50,6 +55,7 @@ spec:
     - name: pgcreds
       secret:
         secretName: pgcreds-file
+        defaultMode: 0400
     - name: colext-std-datasets
       hostPath:
         path: {{ std_datasets_path }}

src/colext/metric_collection/decorators/flwr_server_decorator.py

@@ -33,7 +33,7 @@ def __init__(self, *args, **kwargs):
             self.eval_round_id = None
 
         def create_db_connection(self):
-            # Connection string is read from env variable pointing to pgpassfile
+            # DB parameters are read from env variables
             return psycopg.connect()
 
         def record_start_round(self, server_round: int, stage: str):

src/colext/metric_collection/metric_manager.py

@@ -36,7 +36,7 @@ def __init__(self, finish_event: multiprocessing.Event, st_metric_queue: multipr
         self.db_pool = self.create_db_pool()
 
     def create_db_pool(self):
-        # Connection string is read from env variable pointing to pgpassfile
+        # DB parameters are read from env variables
         return ConnectionPool(open=True, min_size=2, max_size=2)
 
     def start_metric_gathering(self):