[tahoe-dev] use case request for accounting/leasedb

David-Sarah Hopwood david-sarah at jacaranda.org
Fri Oct 12 22:29:33 UTC 2012


On 12/10/12 22:32, Zooko Wilcox-O'Hearn wrote:
> I've never been satisfied with our garbage collection scheme. It
> requires that the client repeatedly refresh leases on its data, and if
> it fails to do so then the server will eventually delete that data. It
> makes me feel unsafe about the longevity of my data. What if I get
> sick? What if I the renewer script breaks and I don't notice that it
> broke?

Same here.

> Secondly, a good way to handle the problem of forgotten garbage —
> stuff that you've deleted all references to but that the storage
> server is still holding the ciphertext — is for you to run a "mark and
> sweep" or "lease renewal and garbage collection" process, when you are
> ready to do so. You tell your local Tahoe-LAFS gateway to do a
> "deep-add-lease" on all of your files which are reachable from a
> certain starting directory. Make sure that everything you care about
> is reachable from there! Then once that's done, you tell the storage
> server "Anything that hasn't been marked (lease-renewed) recently, you
> can delete that now.".
> 
> The only difference between this and the current scheme is that the
> storage server will never do that on its own — it only does it when
> you tell it that it is okay to do it.

Okay, so I think this means that lease expiry -- the operation of removing
leases that are past their expiration date -- needs to be triggered separately
from deletion of unleased shares.

If lease expiry can be triggered independently per account, then that
becomes the "okay to expire" operation. The accounting crawler will only
delete shares with no lease on any account, and will not itself expire
leases.

Does this seem like it supports what you want?

If it does, then it doesn't require changes to the current leasedb
schema. There was previously some redundancy in the schema because an
lease that is past its expiration time was equivalent to no lease. Now
we're just distinguishing between those cases.

-- 
David-Sarah Hopwood ⚥

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20121012/0e06650c/attachment.pgp>


More information about the tahoe-dev mailing list