JSON topology configuration file for ARCHERY

New in version 6.5.

JSON configuration file for archery-manage is a most flexible and customizable topology source for provisioning ARCHERY.

Following sections exmplains JSON syntax with the example use-cases.

Simple ARC services group

The simplest JSON config that describes single group of ARC services (matching the arcce-list plain-text source) can be written as follows. The arc-services keyword will trigger automatic endpoints discovery from ARC information system.

{
  "arc-services": [
     "arc1.example.org",
     "arc2.example.org"
  ]
}

Defining nested groups and arbitrarty services

The following JSON configures the 2 subgroups - ARC and Storage.

The ARC subgroup contains 2 ARC CE. ARC CE endpoints will be discovered automatically by means of querying information system.

The Storage subgroup contains 2 manually defined services. All service endpoints specification is included into JSON file.

{
   "groups": [
      {
         "id": "ARC",
         "arc-services": [ "arc1.example.org", "arc2.example.org" ]
      },
      {
         "id": "Storage",
         "services": [
           {
             "id": "se1.example.org",
             "type": "DPM",
             "endpoints": [ { "httpg://se1.example.org:8446/srm/managerv2": "SRM" } ]
           },
           {
             "id": "se2.exmple.org",
             "type": "dCache",
             "endpoints": [
               { "gsiftp://ccsrm.ihep.ac.cn:2811": "gsiftp" },
               { "httpg://ccsrm.ihep.ac.cn:8446/srm/managerv2": "SRM" },
               { "xroot://ccsrm.ihep.ac.cn:1094": "xroot" }
             ]
           }
         ]
      }
   ]
}

Integration with BDII

The archery-manage is able to fetch services and their endpoints from Site-BDII.

The external-source keyword in JSON configuration allows to inject discovered services to the desired branch of the ARCHERY registry tree.

{
  "groups": [
    {
      "id": "NGI_XX",
      "type": "ngi.type",
      "groups": [
        {
          "id": "XX-Site1",
          "type": "site.type",
          "external-source": {
             "sitebdii": "ldap://bdii.site1.example.org:2170/GLUE2DomainID=XX-Site1,o=glue",
          }
        },
        {
          "id": "XX-Site2",
          "type": "site.type",
          "external-source": {
             "sitebdii": "ldap://bdii.site2.example.org:2170/GLUE2DomainID=XX-Site2,o=glue",
          }
        }
      ]
    },
    {
      "id": "NGI_YY",
      "type": "ngi.type",
      "groups": [
        {
          "id": "YY-WLCG-Site",
          "type": "site.type",
          "external-source": {
             "sitebdii": "ldap://bdii.wlcgsite.example.org:2170/GLUE2DomainID=YY-WLCG-Site,o=glue",
             "filters": [ "vo:atlas,cms", "portscan" ]
          }
        }
      ]
    },
  ]
}

Plese notice that for YY-WLCG-Site site, during the information fetching from the Site-BDII, only services (and their endpoints) that match defined filters will be added to ARCHERY registry. In particular, it is services that according to published AccessPolicy allows to use endpoints by atlas or cms VOs and pass the network reachability test.

ARCHERY as a cummunity trusted software registry

New in version 6.5.

The archery-manage is able to provision community trusted software rigistry objects into the ARCHERY zone.

The JSON configuration should define the software and points to RunTimeEnvironment scripts location:

{
  "software": {
     "rtes_dir": "/home/community/rtesroot"
  }
}

Read more details in this document.

Referencing existing ARCHERY objects

ARCHERY allows to embedd overlapped trees into the DNS.

For example if particular service or group is already represented in DNS, it can be “linked” to another ARCHERY tree.

To specify such linking to existing objects the external-archery-object keyword should be defined in JSON config.

{
  "groups": [
    {
      "id": "Sweden",
      "type": "country",
      "arc-services": [
          "arc1.example.org",
          "arc2.example.org",
          "arc3.example.org"
      ]
    },
    {
      "external-archery-object": "dns://_archery.norway.nordugrid.org"
    },
    {
      "id": "Infrastructure Services",
      "services": [
        {
          "external-archery-object": "dns://voms.services.cern.ch"
        },
        {
          "id": "voms.ndgf.org",
          "type": "org.glite.voms",
          "endpoints": [
              { "voms://voms.ndgf.org:15015/nordugrid.org": "org.glite.voms" },
              { "https://voms.ndgf.org:8443/voms/nordugrid.org": "org.glite.voms-admin" }
          ]
        }
      ]
    }
  ]
}

Example JSON configuration above defines 3 subgroups in the ARCHERY:

  • Sweden ARC services defined with arc-services
  • Reference to existing country-level ARCHERY deployment under norway.nordugrid.org domain
  • Common Infrastructure Services group that includes manual specification of voms.ndgf.org service endpoints and external VOMS service defined in another ARCHERY instance under voms.services.cern.ch domain.

Custom DNS data in ARCHERY zone controlled by archery-manage

It is possible to add arbitrary records into the ARCHERY DNS zone.

In particular it is useful to handle subzone delegation by declaring the NS and A records in the same configuration file.

Use raw-dns keyword to defiene array of the DNS records to be managed in the zone. Each record is represented by object that have name, DNS record type and rdata field that contains:

  • string for a single record
  • list of strings for set of records
  • null if this record shold be removed from the DNS
{
  "groups": [
    {
      "id": "si",
      "arc-service": [
        "meja.arnes.si",
        "jost.arnes.si"
      ]
    },
    {
      "external-archery-object": "dns://_archery.ua.archery.nordugrid.org"
    }
  ],
  "raw-dns": [
     { "name": "ua", "type": "NS", "rdata": [
         "ns1.ua.archery.nordugrid.org.",
         "ns2.ua.archery.nordugrid.org."
       ]
     },
     { "name": "ns1.ua", "type": "A", "rdata": "194.44.249.94" },
     { "name": "ns2.ua", "type": "A", "rdata": "194.44.249.10" }
  ]
}

Example JSON configuration above defines:

  • 2 subgroups: one for Slovenia (si) and one delegated for Ukraine
  • NS and 2 glue A records to define subzone delegation to the different server