[ARVADOS] updated: 5dd88c53ca3357f96bb98ad286d0fb0a52ef5f54

git at public.curoverse.com git at public.curoverse.com
Wed Sep 9 12:32:36 EDT 2015


Summary of changes:
 services/keepstore/volume.go | 51 ++++++++++++++++++++++++++++++--------------
 1 file changed, 35 insertions(+), 16 deletions(-)

       via  5dd88c53ca3357f96bb98ad286d0fb0a52ef5f54 (commit)
      from  eeeb4aef6e54d5cd3290bdeba91a8009f3e261bc (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 5dd88c53ca3357f96bb98ad286d0fb0a52ef5f54
Author: Tom Clegg <tom at curoverse.com>
Date:   Wed Sep 9 12:32:30 2015 -0400

    7179: Improve description of how races must be handled.

diff --git a/services/keepstore/volume.go b/services/keepstore/volume.go
index 2e80fac..60e4b86 100644
--- a/services/keepstore/volume.go
+++ b/services/keepstore/volume.go
@@ -50,12 +50,15 @@ type Volume interface {
 	// different content, Put must either overwrite the existing
 	// data with the new data or return a non-nil error.
 	//
+	// Put also sets the timestamp for the given locator to the
+	// current time.
+	//
 	// Put must return a non-nil error unless it can guarantee
 	// that the entire block has been written and flushed to
-	// persistent storage. Of course, this guarantee is only as
-	// good as the underlying storage device, but it is Put's
-	// responsibility to at least get whatever guarantee is
-	// offered by the storage device.
+	// persistent storage, and that its timestamp is current. Of
+	// course, this guarantee is only as good as the underlying
+	// storage device, but it is Put's responsibility to at least
+	// get whatever guarantee is offered by the storage device.
 	//
 	// Put should not verify that loc==hash(block): this is the
 	// caller's responsibility.
@@ -119,32 +122,48 @@ type Volume interface {
 	// If the timestamp for the given locator is newer than
 	// blob_signature_ttl, Delete must not delete the data.
 	//
-	// If callers in different goroutines invoke overlapping
-	// Delete() and Touch() operations on the same locator, the
-	// implementation must guarantee that Touch() returns a
-	// non-nil error, or Delete() does not delete the block, or
-	// both.
+	// If a Delete operation overlaps with any Touch or Put
+	// operations on the same locator, the implementation must
+	// ensure one of the following outcomes:
+	//
+	//   - Touch and Put return a non-nil error, or
+	//   - Delete does not delete the block, or
+	//   - Both of the above.
+	//
+	// If it is possible for the storage device to be accessed by
+	// a different process or host, the synchronization mechanism
+	// should also guard against races with other processes and
+	// hosts. If such a mechanism is not available, there must be
+	// a mechanism for detecting unsafe configurations, alerting
+	// the operator, and aborting or falling back to a read-only
+	// state. In other words, running multiple keepstore processes
+	// with the same underlying storage device must either work
+	// reliably or fail outright.
+	//
+	// Corollary: A successful Touch or Put guarantees a block
+	// will not be deleted for at least blob_signature_ttl
+	// seconds.
 	Delete(loc string) error
 
-	// Status() returns a *VolumeStatus representing the current
+	// Status returns a *VolumeStatus representing the current
 	// in-use and available storage capacity and an
 	// implementation-specific volume identifier (e.g., "mount
 	// point" for a UnixVolume).
 	Status() *VolumeStatus
 
-	// String() returns an identifying label for this volume,
+	// String returns an identifying label for this volume,
 	// suitable for including in log messages. It should contain
 	// enough information to uniquely identify the underlying
 	// storage device, but should not contain any credentials or
 	// secrets.
 	String() string
 
-	// Writable() returns false if all future Put(), Mtime(), and
-	// Delete() calls are expected to fail.
+	// Writable returns false if all future Put, Mtime, and Delete
+	// calls are expected to fail.
 	//
-	// If the volume is only temporarily unwritable -- or if Put()
-	// will fail because it is full, but Mtime() or Delete() can
-	// succeed -- then Writable() should return false.
+	// If the volume is only temporarily unwritable -- or if Put
+	// will fail because it is full, but Mtime or Delete can
+	// succeed -- then Writable should return false.
 	Writable() bool
 }
 

-----------------------------------------------------------------------


hooks/post-receive
-- 




More information about the arvados-commits mailing list