WIP: separate private and public blocks #1538
Conversation
|
|
So would you want something like this? or what would the interface for what youre thinking look like? |
|
I'm thinking that the actual put call by the blockstore can write a small header before the blocks, including a permissions/capabilities info, as well as a timestamp. Then consumers of the blockstore can get a handle to the blockstore with a given capabilities set, and can only read blocks that match their caps, and all blocks they write would be written with their caps, querying that blockstore handle would only return blocks with matching caps, etc. The timestamp allows us to ignore recently added blocks during a GC, which is going to be very important to avoid randomly breaking user operations with a rouge GC. The downside here is that each subsequent write of a given block would have to write the entire block again to update the timestamp (since the datastore interface doesnt support partial writes). |
whyrusleeping
force-pushed
the
dev0.4.0
branch
from
25fd6b9 to
f39597e
Compare
whyrusleeping
force-pushed
the
private-blocks
branch
from
609a335 to
ec6a2a8
Compare
|
@jbenet re: our discussion yesterday, you wanna CR this? |
| Blocks *bserv.BlockService // the block service, get/add blocks. | ||
|
|
||
| DAG merkledag.DAGService // the merkle dag service, get/add objects. | ||
| PrivDAG merkledag.DAGService // the private merkledag service for local objects |
|
I'm not certain that this works for pinning + gc. can you outline the logic flow of how a GC operation would work now, given the pinset and the objects are in two different dagservices with two different GCBlockstores? |
|
We're just going to have to run two separate GC operations, one on the normal blockstore, and one on the private blockstore. |
|
@jbenet i'm trying to determine the best places to take the private blockstores GC locks now. |
|
@jbenet I think the simplest thing to do would be to always lock both blockstores. at which point we might as well just have one lock. This is tricky. |
Yeah, this is the sort of trickiness i worried about. |
| @@ -21,6 +21,8 @@ var log = eventlog.Logger("blockstore") | |||
| // BlockPrefix namespaces blockstore datastores | |||
| var BlockPrefix = ds.NewKey("blocks") | |||
|
|
|||
| var PrivateBlockPrefix = ds.NewKey("private") | |||
There was a problem hiding this comment.
let's rename these:
StateBlocks -- the state of the node
DataBlocks -- the data of the node
There was a problem hiding this comment.
(fine to keep DataBlocks at /blocks to avoid a migration there
|
@whyrusleeping confirm this is how this is supposed to work:
Seems to work. Need to test the hell out of this. need one test that:
(this will likely need to be in Go) |
|
Ok, i think this will work, but
|
whyrusleeping
force-pushed
the
dev0.4.0
branch
from
4a66fb4 to
ff3ad99
Compare
whyrusleeping
force-pushed
the
private-blocks
branch
3 times, most recently
from
44e955a to
bc2d27d
Compare
|
@jbenet i think this is ready for another look over (when you have time) |
whyrusleeping
force-pushed
the
dev0.4.0
branch
from
ff3ad99 to
6e5d1df
Compare
This used to lead to large refcount numbers, causing Flush to create a lot of IPFS objects, and merkledag to consume tens of gigabytes of RAM. License: MIT Signed-off-by: Jeromy <jeromyj@gmail.com>
OS X sed is documented as "-i SUFFIX", GNU sed as "-iSUFFIX". The one consistent case seems to be "-iSUFFIX", where suffix cannot empty (or OS X will parse the next argument as the suffix). This used to leave around files named `refsout=` on Linux, and was just confusing. License: MIT Signed-off-by: Jeromy <jeromyj@gmail.com>
License: MIT Signed-off-by: Jeromy <jeromyj@gmail.com>
Without this, all entries will have nlink==0, which confuses a bunch of tools. Most dramatically, systemd-nspawn enters a busy loop in its lock utility function. License: MIT Signed-off-by: Tommi Virtanen <tv@eagain.net>
This used to cause files e.g. being edited with `vi` to become 0-size. License: MIT Signed-off-by: Tommi Virtanen <tv@eagain.net>
Callers assume this is safe to call whenever, let's make it so. License: MIT Signed-off-by: Tommi Virtanen <tv@eagain.net>
whyrusleeping
force-pushed
the
dev0.4.0
branch
from
6e5d1df to
47d6836
Compare
License: MIT Signed-off-by: Jeromy <jeromyj@gmail.com> run GC over internal blockstore as well License: MIT Signed-off-by: Jeromy <jeromyj@gmail.com> rename blockstores to Data and State License: MIT Signed-off-by: Jeromy <jeromyj@gmail.com> fix up garbage collection and add a test License: MIT Signed-off-by: Jeromy <jeromyj@gmail.com> separate flatfs License: MIT Signed-off-by: Jeromy <jeromyj@gmail.com>
whyrusleeping
force-pushed
the
private-blocks
branch
from
bc2d27d to
23511bf
Compare
|
@jbenet CR when you can. |
|
at first pass it looks fine. i'll do a deeper look later today. |
License: MIT Signed-off-by: Jeromy <jeromyj@gmail.com>
| u "github.com/ipfs/go-ipfs/util" | ||
| ) | ||
|
|
||
| func TestBasicSeparation(t *testing.T) { |
There was a problem hiding this comment.
for the sort of guarantees we expect from this separation, we'll probably want some sharness tests too.
There was a problem hiding this comment.
theres not really any way of knowing any of the pinners internal hashes through the API, but we can check 'ipfs refs local' to make sure that the only entries there are actual data. sound alright?
There was a problem hiding this comment.
some blocks should be internal only, like for example keys. could add the private key or something.
sure that's fine.
There was a problem hiding this comment.
when we migrate keys to the blockstore we can have a test like that, but we arent there yet.
I don't feel confident in this. I'm not sure that this is actually going to do what we expect it to. It seems right to me, but i'm not sure about all the corner cases in which expectations may be incorrect. Up to @whyrusleeping |
License: MIT Signed-off-by: Jeromy <jeromyj@gmail.com>
|
@jbenet I'm really not sure how I could possibly write a sharness test for this, outside of the code, theres no way to know what the keys of the 'private objects' are, they wont show up in 'ipfs refs local'. The tests I have in core/corerepo/gc_test.go construct a node the same way a daemon would, and they work as expected. |
|
Fine let's wait until keystore is implemented — On Mon, Sep 21, 2015 at 6:25 PM, Jeromy Johnson notifications@github.com
|
whyrusleeping
force-pushed
the
dev0.4.0
branch
3 times, most recently
from
764bef9 to
1bbc472
Compare
ghost
added
the
whyrusleeping
force-pushed
the
dev0.4.0
branch
2 times, most recently
from
68b9745 to
b0a8591
Compare
whyrusleeping
force-pushed
the
dev0.4.0
branch
from
cf514d8 to
3224ae0
Compare
Use a different datastore prefix to keep private and public blocks separate. Abstract this upwards into a private blockstore and a private dagservice.
License: MIT
Signed-off-by: Jeromy jeromyj@gmail.com