89 lines
2.3 KiB
Markdown
89 lines
2.3 KiB
Markdown
# Supervisor Overview
|
|
|
|
The Supervisor is the job dispatcher layer in Horus. It receives jobs, verifies signatures, and routes them to appropriate runners.
|
|
|
|
## Architecture
|
|
|
|
```
|
|
Client → Supervisor → Redis Queue → Runner
|
|
```
|
|
|
|
## Responsibilities
|
|
|
|
### 1. **Job Admission**
|
|
- Receive jobs via OpenRPC interface
|
|
- Validate job structure and required fields
|
|
- Verify cryptographic signatures
|
|
|
|
### 2. **Authentication & Authorization**
|
|
- Verify job signatures using public keys
|
|
- Ensure jobs are from authorized sources
|
|
- Reject unsigned or invalid jobs
|
|
|
|
### 3. **Job Routing**
|
|
- Route jobs to appropriate runner queues
|
|
- Maintain runner registry
|
|
- Load balance across available runners
|
|
|
|
### 4. **Job Management**
|
|
- Track job status and lifecycle
|
|
- Provide job query and listing APIs
|
|
- Store job results and logs
|
|
|
|
### 5. **Runner Management**
|
|
- Register and track available runners
|
|
- Monitor runner health and availability
|
|
- Handle runner disconnections
|
|
|
|
## OpenRPC Interface
|
|
|
|
The Supervisor exposes an OpenRPC API for job management:
|
|
|
|
### Job Operations
|
|
- `create_job`: Submit a new job
|
|
- `get_job`: Retrieve job details
|
|
- `list_jobs`: List all jobs
|
|
- `delete_job`: Remove a job
|
|
- `get_job_logs`: Retrieve job execution logs
|
|
|
|
### Runner Operations
|
|
- `register_runner`: Register a new runner
|
|
- `list_runners`: List available runners
|
|
- `get_runner_status`: Check runner health
|
|
|
|
## Job Lifecycle
|
|
|
|
1. **Submission**: Client submits job via OpenRPC
|
|
2. **Validation**: Supervisor validates structure and signature
|
|
3. **Queueing**: Job pushed to runner's Redis queue
|
|
4. **Execution**: Runner processes job
|
|
5. **Completion**: Result stored in Redis
|
|
6. **Retrieval**: Client retrieves result via OpenRPC
|
|
|
|
## Transport Options
|
|
|
|
The Supervisor supports multiple transport layers:
|
|
|
|
- **HTTP**: Standard HTTP/HTTPS transport
|
|
- **Mycelium**: Peer-to-peer encrypted transport
|
|
|
|
## Configuration
|
|
|
|
```bash
|
|
# Start supervisor
|
|
supervisor --port 8080 --redis-url redis://localhost:6379
|
|
|
|
# With Mycelium
|
|
supervisor --port 8080 --mycelium --redis-url redis://localhost:6379
|
|
```
|
|
|
|
## Security
|
|
|
|
- All jobs must be cryptographically signed
|
|
- Signatures verified before job admission
|
|
- Public key infrastructure for identity
|
|
- Optional TLS for HTTP transport
|
|
- End-to-end encryption via Mycelium
|
|
|
|
[→ Authentication Documentation](./auth.md)
|