Application Information¶

Architecture¶

A Kubernetes Pod runs an infinite loop that executes mc mirror to copy objects from the Summit S3 LFA bucket to the USDF S3 LFA bucket (located in the s3dfrgw public S3 storage) and then sleeps for a configured time.

Since this service needs to contact the Summit network, it uses a socat proxy to gain access to IP addresses on the (untunneled) LHN network. The proxy works by capturing the DNS lookup in the vcluster for s3.cp.lsst.org and pointing it to the proxy’s S3DF-internal end.

Since the Summit LFA bucket (but not the USDF one) is purged of old objects, it is expected that mc mirror will continue to perform adequately throughout Operations.

Architecture Diagram¶

        architecture-beta
  group vcluster(cloud)[vcluster]

  service summitCeph(disk)[Summit LFA S3]
  service proxy(server)[socat Proxy] in vcluster
  service mirror(server)[Mirror] in vcluster
  service usdfCeph(disk)[USDF LFA S3]

  summitCeph:R --> L:proxy
  proxy:R --> L:mirror
  mirror:R --> L:usdfCeph

LFA Replication architecture¶

Associated Systems¶

A separate deployment of the “Embargo Transfer” service code is used to ingest certain LFA objects into the main Butler repo.

Configuration Location¶

Config Area	Location
Configuration	slaclab/rubin-lfa-replicate-deploy
socat Proxy	slaclab/lhn-proxy
Vault Secrets Dev	N/A
Vault Secrets Prod	secret/rubin/usdf-lfa

Data Flow¶

Objects are copied from the rubinobs-lfa-cp bucket at the Summit to the corresponding bucket at USDF in the s3dfrgw endpoint.

Dependencies - S3DF¶

s3dfrgw Ceph S3 object store
Long Haul Network for connection to Summit
Kubernetes infrastructure

Dependencies - External¶

No external dependencies.

Disaster Recovery¶

None. mc mirror should recover itself when next run.