Managing ARCHERY data in DNS

ARCHERY reuses the existing DNS infrastructure services thus eliminating the need to develop, deploy and operate new set of custom dedicated services.

To simplify the process of rendering ARCHERY records and injecting those into the DNS, ARC6 comes with the archery-manage information management tool.

The archery-manage tool had been designed to simplify common operations with ARCHERY, including registry initial bootstrap, data migration from the other service registries and keeping dynamic information up to date. It discover service endpoints, querying the resources in the defined topology configuration, then based on this information generate DNS records suitable for ARCHERY operations.

Relying on the dynamic DNS updates feature, the archery-manage had been designed to modify data in the DNS zone remotely, eliminating the need to interact with DNS zone configuration itself after the initial setup.

This approach also makes the setup and access rights delegation simple, fully separating the DNS hosting itself and ARCHERY data management machine.

Example of the DNS zone configuration can be found in Initial setup of ARCHERY instance guide.

The archery-manage data processing

It is important to understand the archery-manage data processing chain to efficiently maintain the ARCHERY instance:

The archery-manage data processing chain

Fig. 9 The archery-manage data processing chain

Step 1. Define e-Infrastructure topology

Topology data defines how services are grouped within the e-Infrastructure. It comes either from a configuration file or from other databases that holds such information (including another ARCHERY instance). Interaction with already established databases (e.g. GOCDB) simplifies the integration and/or migration process.

Static list of ARC CE hostnames defined line-by-line in the plain text file is a trivial topology source that can form a group of computing elements that represent country or organization.

Step 2. Fetch service data

Topology database provides the pointers to information services that can be used to query service data. During this step the archery-manage tool discovers available endpoints and fetches service information.

For ARC CE hosts, the infosys LDAP GLUE2 is used to discover available endpoints with a fall-back to legacy LDAP Nordugrid schema querying.

Step 3. Filter endpoints

Set of discovered endpoints later passed to the filtering process. Based on the endpoint data (e.g. endpoint type), or additional testing (e.g. endpoint network availability check) endpoints that does not pass the filters are excluded.

Filters are extensible by design. The up to date list of currently supported filters can be obtailed passing -f help to archery-manage. The overview of mostly used filters can be found in operations guide.

Step 4a. Incremental DDNS Update

The target automation use-case is to push the discovered data to the DNS database. This is done automatically with Dynamic DNS updates over the network. Comparing the data already available in the DNS with discovered information, archery-manage constructs the incremental update that only applies the difference.

Step 4b. Output data

In addition to automatic updating of the DNS database, it is also possible to automate manual operation use-case. For this the tool following the same processing chain, can be used to print out endpoint or service lists with their types or the ARCHERY DNS records that can be manually added to DNS zone configurations.