Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
Z
ZKAPAuthorizer
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
This is an archived project. Repository and other project resources are read-only.
Show more breadcrumbs
Administrator
ZKAPAuthorizer
Commits
b6b09e7b
Commit
b6b09e7b
authored
3 years ago
by
Jean-Paul Calderone
Browse files
Options
Downloads
Patches
Plain Diff
put the writecap on the filesystem
parent
50611737
No related branches found
No related tags found
1 merge request
!293
Design document for replication and recovery system
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
docs/source/designs/backup-recovery.rst
+13
-1
13 additions, 1 deletion
docs/source/designs/backup-recovery.rst
with
13 additions
and
1 deletion
docs/source/designs/backup-recovery.rst
+
13
−
1
View file @
b6b09e7b
...
@@ -324,7 +324,7 @@ The replication process is as follows:
...
@@ -324,7 +324,7 @@ The replication process is as follows:
#. The *replica directory*,
#. The *replica directory*,
a new mutable directory,
a new mutable directory,
is created on grid.
is created on grid.
#. The write capability is
added
to the
database.
#. The write capability is
written
to the
Tahoe-LAFS client node's private directory. [18]_
#. The read capability is returned to the external caller.
#. The read capability is returned to the external caller.
#. If there is not a sufficiently up-to-date snapshot [1]_ on the grid then one is created [7]_ in the *replica directory*.
#. If there is not a sufficiently up-to-date snapshot [1]_ on the grid then one is created [7]_ in the *replica directory*.
...
@@ -601,3 +601,15 @@ Footnotes
...
@@ -601,3 +601,15 @@ Footnotes
.. [16] The additional implementation work required to package and distribute the resulting implementation.
.. [16] The additional implementation work required to package and distribute the resulting implementation.
.. [17] The cost to maintain this option over the course of continuing ZKAPAuthorizer development.
.. [17] The cost to maintain this option over the course of continuing ZKAPAuthorizer development.
.. [18] Tahoe-LAFS mutable objects should be written by at most one writer or consistency issues arise.
The writer for this replica directory is exactly the one Tahoe-LAFS client node which created it.
If that client node's directory is lost then there should never be another write to the replica directory.
By putting the write capability there we ensure that the ability to write to the replica directory is lost with the client.
Additionally,
if the write capability is in the database itself then it can be obtained using the read capability.
By avoiding this capability amplification we support the goal of preventing changes to the replica from outside of the replication system.
If the write capability is somehow lost from this directory *without* the whole client being lost then the replica will have to be reconfigured.
This is not a catastrophic failure mode since even as it progresses the old replica directory remains available for recovery.
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
