The Artisan Registry

SouthWinds Tech, August 2022

Keywords: Play, Artisan, Automation, Registry, Endpoint Configuration

Abstract: An Artisan Registry is a trusted source of Artisan packages that can be deployed on managed devices ...

Also available in: Español


artisan

An Artisan Registry is a repository for Artisan packages with an API that is understood by the Artisan CLI. This API allows Artisan to remotely manage the packages in the registry as if they where part of the file system.

The registry stores a combination of package logic and metadata and exposes the metadata over restful endpoints. The metadata contains, amongst other:

  • package labels
  • package API (i.e. available functions and their inputs)
  • a digest used to determine corruption of the package data
  • a digital seal

Artisan can execute the following operations on a registry:

  • push a package
  • pull a package
  • tag a package
  • list packages
  • remove packages

The following sections explain why the registry is a fundamental part of Artisan and how it facilitates artisan operations.

Make it easy to run packages that do not exist on a managed endpoint

When you want to execute a package on a managed endpoint, you do not need to have the package installed on the endpoint. Artisan can deploy the package automatically by pulling it from its registry. In order to facilitate this, the name of the package is the location of the package in an accessible registry. This principle is similar to the naming format used in container images.

For example, the command below will attempt to pull my-package:v1 from my-registry.com within the folder lib and execute my-function:

$ art exe my-registry.com/lib/my-package:v1 my-function


Provide a mechanism to manage multiple versions of the same package

Everytime a new package is built, a new unique ID for the package is created. However, it is not friendly to manage versions using an ID. The managing of versions for Artisan packages is facilitating through the notion of tagging.

Artisan tags are a specific type of metadata that can be used to convey essential information about the version of a specific package. Artisan registries store packages in repositories. A repository is a set of similar packages but different versions identified using tags. Package tags can be considered an alias to the package ID.

Tagging also allows to change the complete location of a package, this is typically used to move a package from one registry to another. The following example tags a package for a different registry:

$ art tag my-registry.com/lib/my-package:v1 my-new-registry.com/my-new-lib/my-package:v1

Now the same package points to two different registries, ie. my-registry.com and my-new-registry.com.


Can be used as a package cache in networks with high latency or low bandwidth

Consider the execution of automation in hosts within networks that have either low bandwidth or high network latency or both. Pulling packages onto managed hosts can become an expensive operation, therefore, it helps if a registry is placed within such network and the packages that are required are cached in the registry.

Golbal to Local Sync

Packages can be added to the registry at specific times of the day where the network activity is low. The expensive operation is performed once, and then all nodes within the network can benefit from a local pull for configuration packages.

Provides a way to import packages into secure networks

Imagine a network which does not allow push from a DMZ to the internal network because of security constraints. In this cases, two registries can be placed in the landscape, one in the DMZ and one in the internal network. The registry in the internal network can be set to sync packages from the DMZ using scheduled pulls.

Registry Sync

Provides a way to query package metadata for the purpose of selecting the logic to run.

The registry provides a programatic way to query metadata for the package it stores. Third party systems can for example, list packages, their functions and the variables required to run them. They can also generate documentation or execute especific searches.

Notify other services when a package has been pushed, pulled or removed.

Add webhooks to launch other processes when packages are pushed, pulled or removed from the registry.

Registry Webhooks

Registry editions

The registry currently comes in two different flavours, basic and ultralight. The basic registry is free and provides all package remote operations. It is fully functional but not supported for Enterprise scenarios.

You can the basic registry here.


Related Links: