Page 1 of 1
Can one mlapi server provide service to multiple zone minder event servers
Posted: Wed Oct 13, 2021 2:58 pm
by wgs
Hi,
I am running the dlandon zm/es server at two locations and have successfully built a standalone mlapi server. I have the first zm instance working with the mlapi server, but am trying to get the second to work. In the secrets file on the mlapi instance I had to provide the portal address for the first instance. When api calls come from the second instance, it is trying to pull the event images from the 1st server. Is there a way to serve both servers from one mlapi instance? I could spin up a second mlapi instance, but that would use twice the memory.
Thanks,
Bill
Re: Can one mlapi server provide service to multiple zone minder event servers
Posted: Wed Oct 13, 2021 8:04 pm
by tsp84
Not in its current implementation, however I have forked and am rewriting alot of zmes, pyzm, and mlapi. I could add support for this in my forked version, it might be a week or more depending on how much time I have.
I am releasing my forked components soon for general public beta testing. Would you be interested in testing this type of functionality?
Re: Can one mlapi server provide service to multiple zone minder event servers
Posted: Wed Oct 13, 2021 8:07 pm
by tsp84
Thinking of it, it shouldn't be that hard. Just have zmes send the url and credentials (hashed with a salt known by both) with the request to mlapi.
Currently you configure mlapi to talk to a certain zmes host but if the zmes request contains the reply url and credentials mlapi could use that to hit the zmes host APIs.
This might be really easy to implement.
Re: Can one mlapi server provide service to multiple zone minder event servers
Posted: Wed Oct 13, 2021 8:39 pm
by tsp84
Here is some log output from some initial testing. This shouldnt take me long to implement, just need to get it tested as I dont run 2 zm hosts.
Code: Select all
10/13/21 14:36:46.948451 zm_mlapi[42669] DBG1 mlapi:164 [TEST!!! -> ZMES has requested a detection with a reply addre
ss of 'https://zm.<redacted>.com/zm/api']
10/13/21 14:36:46.950233 zm_mlapi[42669] DBG1 mlapi:165 [TEST!!! -> ZMES API has supplied these credentials to reply
with -> token=eyJ0eXA<redacted>....]
And here is some log output after adding pre defined key encryption (this will add 1 more dependancy, 'cryptography' package)->
Code: Select all
10/13/21 16:06:15.149993 zm_mlapi[44282] DBG1 mlapi:172 [TEST!!! -> ZMES has requested a detection with a reply addre
ss of 'https://zm.<redacted>.com/zm/api']
10/13/21 16:06:15.151978 zm_mlapi[44282] DBG1 mlapi:173 [TEST!!! -> ZMES API has supplied these ENCRYPTED credentials
to reply with -> gAAAAABhZ1hX-_sBd8HBvo1cJNIae2q-0VYHonT6kLrIUlQ4r0ZZjC4YFyChKbjuHViBoKH6KBP7v7htlW74236Idr3aCLH5ynK
VZmul6Lv2uTuDtiO1eOhdn8xn98BCasujnWvKpN7PPmLjCsriRWig6kKWnBFDqZCU8YFbR-KoT9BxNr5VXmz0x4avoClGUatSkrfCEACA8NFBN-PRiPEM
PWzI-g4f-Barf2El_rO_dNXSR8vBwa0EvvLGZfNZYMF8mmREhixtJaazuoW7NF8DQT2wiDkkgL9g4LV6yt1Zzp2S1IKxUWMeeJLH1admXux2xX2iumyN8
VOg4AaLBPIXuatMpnVDkA==]
10/13/21 16:06:15.153841 zm_mlapi[44282] DBG1 mlapi:175 [decrypted=b'token=eyJ0eX<redacted>']
Just need to polish it and bug test it out. Not a huge change to the code base and actually this way is a whole lot better I would say. Makes mlapi more dynamic!
Almost there! I have succesfully modified the codebase to use this system and also still use comply with legacy requests. Benchmarking so far shows on par to negligable difference in speed, and it will only get faster as I keep optimizing.
Code: Select all
10/14/21 02:01:29.53893 zm_mlapi[56113] DBG1 mlapi:165 [mlapi: ZMES sent encrypted data! Checking the keystore for 'd
efault route']
10/14/21 02:01:29.577527 zm_mlapi[56113] DBG1 mlapi:180 [decrypted={'auth_type': 'token', 'api_url': 'https://zm.<redacted>.com/zm/api', 'portal_url': 'https://zm.<redacted>.com/zm', 'user': 'some dude', 'pass': 'some crazy long string'}]
Re: Can one mlapi server provide service to multiple zone minder event servers
Posted: Thu Oct 14, 2021 10:52 am
by wgs
This looks very promising! Thanks! If you need me to test anything on my end I'd be happy to.
Re: Can one mlapi server provide service to multiple zone minder event servers
Posted: Thu Oct 21, 2021 5:52 pm
by tsp84
Check out the neo-ZMES Public beta post. The functionality you want is built in as the default mechanism for mlapi AUTH. Use it, break it, report it so I can fix things please
.