JSON topology configuration file for ARCHERY
JSON configuration file for archery-manage is a most flexible and customizable topology source for provisioning ARCHERY.
Following sections exmplains JSON syntax with the example use-cases.
Simple ARC services group
The simplest JSON config that describes single group of ARC services (matching the arcce-list plain-text source)
can be written as follows. The arc-services keyword will trigger automatic endpoints discovery from ARC information system.
{
"arc-services": [
"arc1.example.org",
"arc2.example.org"
]
}
Defining nested groups and arbitrarty services
The following JSON configures the 2 subgroups - ARC and Storage.
The ARC subgroup contains 2 ARC CE.
ARC CE endpoints will be discovered automatically by means of querying information system.
The Storage subgroup contains 2 manually defined services. All service endpoints specification is included into JSON file.
{
"groups": [
{
"id": "ARC",
"arc-services": [ "arc1.example.org", "arc2.example.org" ]
},
{
"id": "Storage",
"services": [
{
"id": "se1.example.org",
"type": "DPM",
"endpoints": [ { "httpg://se1.example.org:8446/srm/managerv2": "SRM" } ]
},
{
"id": "se2.exmple.org",
"type": "dCache",
"endpoints": [
{ "gsiftp://ccsrm.ihep.ac.cn:2811": "gsiftp" },
{ "httpg://ccsrm.ihep.ac.cn:8446/srm/managerv2": "SRM" },
{ "xroot://ccsrm.ihep.ac.cn:1094": "xroot" }
]
}
]
}
]
}
Integration with BDII
The archery-manage is able to fetch services and their endpoints from Site-BDII.
The external-source keyword in JSON configuration allows to inject discovered services to the desired branch of the ARCHERY registry tree.
{
"groups": [
{
"id": "NGI_XX",
"type": "ngi.type",
"groups": [
{
"id": "XX-Site1",
"type": "site.type",
"external-source": {
"sitebdii": "ldap://bdii.site1.example.org:2170/GLUE2DomainID=XX-Site1,o=glue",
}
},
{
"id": "XX-Site2",
"type": "site.type",
"external-source": {
"sitebdii": "ldap://bdii.site2.example.org:2170/GLUE2DomainID=XX-Site2,o=glue",
}
}
]
},
{
"id": "NGI_YY",
"type": "ngi.type",
"groups": [
{
"id": "YY-WLCG-Site",
"type": "site.type",
"external-source": {
"sitebdii": "ldap://bdii.wlcgsite.example.org:2170/GLUE2DomainID=YY-WLCG-Site,o=glue",
"filters": [ "vo:atlas,cms", "portscan" ]
}
}
]
},
]
}
Plese notice that for YY-WLCG-Site site, during the information fetching from the Site-BDII, only services (and their endpoints) that match defined filters will be added to ARCHERY registry. In particular, it is services that according to published AccessPolicy allows to use endpoints by atlas or cms VOs and pass the network reachability test.
ARCHERY as a cummunity trusted software registry
The archery-manage is able to provision community trusted software rigistry objects into the ARCHERY zone.
The JSON configuration should define the software and points to RunTimeEnvironment scripts location:
{
"software": {
"rtes_dir": "/home/community/rtesroot"
}
}
Read more details in this document.
Referencing existing ARCHERY objects
ARCHERY allows to embedd overlapped trees into the DNS.
For example if particular service or group is already represented in DNS, it can be “linked” to another ARCHERY tree.
To specify such linking to existing objects the external-archery-object keyword should be defined in JSON config.
{
"groups": [
{
"id": "Sweden",
"type": "country",
"arc-services": [
"arc1.example.org",
"arc2.example.org",
"arc3.example.org"
]
},
{
"external-archery-object": "dns://_archery.norway.nordugrid.org"
},
{
"id": "Infrastructure Services",
"services": [
{
"external-archery-object": "dns://voms.services.cern.ch"
},
{
"id": "voms.ndgf.org",
"type": "org.glite.voms",
"endpoints": [
{ "voms://voms.ndgf.org:15015/nordugrid.org": "org.glite.voms" },
{ "https://voms.ndgf.org:8443/voms/nordugrid.org": "org.glite.voms-admin" }
]
}
]
}
]
}
Example JSON configuration above defines 3 subgroups in the ARCHERY:
Sweden ARC services defined with
arc-servicesReference to existing country-level ARCHERY deployment under
norway.nordugrid.orgdomainCommon
Infrastructure Servicesgroup that includes manual specification ofvoms.ndgf.orgservice endpoints and external VOMS service defined in another ARCHERY instance undervoms.services.cern.chdomain.
Custom DNS data in ARCHERY zone controlled by archery-manage
It is possible to add arbitrary records into the ARCHERY DNS zone.
In particular it is useful to handle subzone delegation by declaring the NS and A records in the same configuration file.
Use raw-dns keyword to defiene array of the DNS records to be managed in the zone.
Each record is represented by object that have name, DNS record type and rdata field that contains:
string for a single record
list of strings for set of records
nullif this record shold be removed from the DNS
{
"groups": [
{
"id": "si",
"arc-service": [
"meja.arnes.si",
"jost.arnes.si"
]
},
{
"external-archery-object": "dns://_archery.ua.archery.nordugrid.org"
}
],
"raw-dns": [
{ "name": "ua", "type": "NS", "rdata": [
"ns1.ua.archery.nordugrid.org.",
"ns2.ua.archery.nordugrid.org."
]
},
{ "name": "ns1.ua", "type": "A", "rdata": "194.44.249.94" },
{ "name": "ns2.ua", "type": "A", "rdata": "194.44.249.10" }
]
}
Example JSON configuration above defines:
2 subgroups: one for Slovenia (
si) and one delegated for UkraineNS and 2 glue A records to define subzone delegation to the different server