JSON topology configuration file for ARCHERY¶
New in version 6.5.
JSON configuration file for archery-manage
is a most flexible and customizable topology source for provisioning ARCHERY.
Following sections exmplains JSON syntax with the example use-cases.
Simple ARC services group¶
The simplest JSON config that describes single group of ARC services (matching the arcce-list
plain-text source)
can be written as follows. The arc-services
keyword will trigger automatic endpoints discovery from ARC information system.
{
"arc-services": [
"arc1.example.org",
"arc2.example.org"
]
}
Defining nested groups and arbitrarty services¶
The following JSON configures the 2 subgroups - ARC
and Storage
.
The ARC
subgroup contains 2 ARC CE.
ARC CE endpoints will be discovered automatically by means of querying information system.
The Storage
subgroup contains 2 manually defined services. All service endpoints specification is included into JSON file.
{
"groups": [
{
"id": "ARC",
"arc-services": [ "arc1.example.org", "arc2.example.org" ]
},
{
"id": "Storage",
"services": [
{
"id": "se1.example.org",
"type": "DPM",
"endpoints": [ { "httpg://se1.example.org:8446/srm/managerv2": "SRM" } ]
},
{
"id": "se2.exmple.org",
"type": "dCache",
"endpoints": [
{ "gsiftp://ccsrm.ihep.ac.cn:2811": "gsiftp" },
{ "httpg://ccsrm.ihep.ac.cn:8446/srm/managerv2": "SRM" },
{ "xroot://ccsrm.ihep.ac.cn:1094": "xroot" }
]
}
]
}
]
}
Integration with BDII¶
The archery-manage
is able to fetch services and their endpoints from Site-BDII.
The external-source
keyword in JSON configuration allows to inject discovered services to the desired branch of the ARCHERY registry tree.
{
"groups": [
{
"id": "NGI_XX",
"type": "ngi.type",
"groups": [
{
"id": "XX-Site1",
"type": "site.type",
"external-source": {
"sitebdii": "ldap://bdii.site1.example.org:2170/GLUE2DomainID=XX-Site1,o=glue",
}
},
{
"id": "XX-Site2",
"type": "site.type",
"external-source": {
"sitebdii": "ldap://bdii.site2.example.org:2170/GLUE2DomainID=XX-Site2,o=glue",
}
}
]
},
{
"id": "NGI_YY",
"type": "ngi.type",
"groups": [
{
"id": "YY-WLCG-Site",
"type": "site.type",
"external-source": {
"sitebdii": "ldap://bdii.wlcgsite.example.org:2170/GLUE2DomainID=YY-WLCG-Site,o=glue",
"filters": [ "vo:atlas,cms", "portscan" ]
}
}
]
},
]
}
Plese notice that for YY-WLCG-Site
site, during the information fetching from the Site-BDII, only services (and their endpoints) that match defined filters will be added to ARCHERY registry. In particular, it is services that according to published AccessPolicy allows to use endpoints by atlas
or cms
VOs and pass the network reachability test.
ARCHERY as a cummunity trusted software registry¶
New in version 6.5.
The archery-manage
is able to provision community trusted software rigistry objects into the ARCHERY zone.
The JSON configuration should define the software
and points to RunTimeEnvironment scripts location:
{
"software": {
"rtes_dir": "/home/community/rtesroot"
}
}
Read more details in this document.
Referencing existing ARCHERY objects¶
ARCHERY allows to embedd overlapped trees into the DNS.
For example if particular service or group is already represented in DNS, it can be “linked” to another ARCHERY tree.
To specify such linking to existing objects the external-archery-object
keyword should be defined in JSON config.
{
"groups": [
{
"id": "Sweden",
"type": "country",
"arc-services": [
"arc1.example.org",
"arc2.example.org",
"arc3.example.org"
]
},
{
"external-archery-object": "dns://_archery.norway.nordugrid.org"
},
{
"id": "Infrastructure Services",
"services": [
{
"external-archery-object": "dns://voms.services.cern.ch"
},
{
"id": "voms.ndgf.org",
"type": "org.glite.voms",
"endpoints": [
{ "voms://voms.ndgf.org:15015/nordugrid.org": "org.glite.voms" },
{ "https://voms.ndgf.org:8443/voms/nordugrid.org": "org.glite.voms-admin" }
]
}
]
}
]
}
Example JSON configuration above defines 3 subgroups in the ARCHERY:
- Sweden ARC services defined with
arc-services
- Reference to existing country-level ARCHERY deployment under
norway.nordugrid.org
domain- Common
Infrastructure Services
group that includes manual specification ofvoms.ndgf.org
service endpoints and external VOMS service defined in another ARCHERY instance undervoms.services.cern.ch
domain.
Custom DNS data in ARCHERY zone controlled by archery-manage¶
It is possible to add arbitrary records into the ARCHERY DNS zone.
In particular it is useful to handle subzone delegation by declaring the NS and A records in the same configuration file.
Use raw-dns
keyword to defiene array of the DNS records to be managed in the zone.
Each record is represented by object that have name
, DNS record type
and rdata
field that contains:
- string for a single record
- list of strings for set of records
null
if this record shold be removed from the DNS
{
"groups": [
{
"id": "si",
"arc-service": [
"meja.arnes.si",
"jost.arnes.si"
]
},
{
"external-archery-object": "dns://_archery.ua.archery.nordugrid.org"
}
],
"raw-dns": [
{ "name": "ua", "type": "NS", "rdata": [
"ns1.ua.archery.nordugrid.org.",
"ns2.ua.archery.nordugrid.org."
]
},
{ "name": "ns1.ua", "type": "A", "rdata": "194.44.249.94" },
{ "name": "ns2.ua", "type": "A", "rdata": "194.44.249.10" }
]
}
Example JSON configuration above defines:
- 2 subgroups: one for Slovenia (
si
) and one delegated for Ukraine- NS and 2 glue A records to define subzone delegation to the different server