Perun component schema

From MetaCentrum
Jump to navigation Jump to search

Back to Perun main page

System Perun is designed as a composition of mutually cooperating modules. The modularity is considered as a great advantage because any subset of modules containing Core will work as an independent system.

Component_schema.

Auditer

Component creating and logging all events occurred in system. This component can push events of predefined type to any other component.

Cabinet

This component is serves for MetaCentrum purposes only where records containing publications with acknowledgment to MetaCentrum are stored. Based on them, users will obtain particular benefits.

Controller

Component communicating via database with Engine and Dispacher and cooperating with Engine and Dispatcher on propagation management.

Core

Core of Perun system.

Dispatcher

Internal events are parsed in this component. When event related with any service is detected, it is send to Engine.

Engine

Engine processes events and propagates new state to affected destinations.

First, it calls GEN scripts to prepare new configuration files. Consequently, SEND scripts send configuration files generated in first step to predefined destinations (to email address, to http web page, to machine via SSH). As an advantage, it works with a tiny delay to send events in a batch. The aggregation of events serves to smoother propagation via system.

SLAVE script is stored in each particular machine. It processes configuration file in the machine, does the change (e.g. update new line in passwd) in resource and as a response returns code to SEND script, which report it back to Perun system. Moreover, hooks to program new features into SLAVE scripts are available.

Identity consolidator

Web application for user identities consolidation. User can link his account with his identities provided by identity providers. Widely used authentication methods are personal certificates and federation, but any database storing combination "login and password", for example LDAP or Kerberos, can serve as a source of identities for user access to the system.

LDAPc

LDAP connector. It analyses system events, seeks for particular changes concerning user membership in groups and saves them in LDAP database in nearly real time speed.

Notifications

This highly customizable component intercepts system log. Based on events found in log, it does specific predefined action, for example send an email to particular address, aggregate events or send message after specific time period. Whole system is fully functional but still in a process of development.

Registrar

This component maintains whole process of enrollment, not only creating and customizing application form but also customizable email notifications and regular account extension.

RPC

Interface connecting several components (see first figure) including Core. It uses his own protocol (based on HTTP and JSON) or VOOT protocol as an alternative .