Perun component schema

System Perun is designed as a composition of mutually cooperating modules. The modularity is considered as a great advantage because any subset of modules containing Core will work as an independent system.


Component creating and logging all events occurred in system. This component can push events of predefined type to any other component.


This component serves for MetaCentrum purposes only where records containing publications with acknowledgment to MetaCentrum are stored. Based on them, users will obtain particular benefits.


Component communicating via a database with Engine and Dispatcher and cooperating with Engine and Dispatcher on propagation management.


Core of Perun system.


Internal events are parsed in this component. When event related to any service is detected, it is sent to Engine.


Engine processes events and propagates new state to affected destinations.

First, it calls GEN scripts to prepare new configuration files. Consequently, SEND scripts to send configuration files generated in the first step to predefined destinations (to an email address, to HTTP web page, to the machine via SSH). As an advantage, it works with a tiny delay to send events in a batch. The aggregation of events serves to smoother propagation via the system.

SLAVE script is stored in each particular machine. It processes configuration file in the machine, does the change (e.g. update new line in passwd) in resource and as a response returns code to SEND script, which reports it back to Perun system. Moreover, hooks to program new features into SLAVE scripts are available.

Identity consolidator

Web application for user identities consolidation. User can link his account with his identities provided by identity providers. Widely used authentication methods are personal certificates and federation, but any database storing combination "login and password", for example LDAP or Kerberos, can serve as a source of identities for user access to the system.


LDAP connector. It analyses system events, seeks for particular changes concerning user membership in groups and saves them in LDAP database in nearly real-time speed.


This highly customizable component intercepts system log. Based on events found in log, it does specific predefined action, for example send an email to a particular address, aggregate events or send a message after specific time period. The whole system is fully functional but still in a process of development.


This component maintains the whole process of enrollment, not only creating and customizing application form but also customizable email notifications and regular account extension.


Interface connecting several components (see the first figure) including Core. It uses his own protocol (based on HTTP and JSON) or VOOT protocol as an alternative.