add connection-policy configuration #2788
Labels
No labels
c/code
c/code-dirnodes
c/code-encoding
c/code-frontend
c/code-frontend-cli
c/code-frontend-ftp-sftp
c/code-frontend-magic-folder
c/code-frontend-web
c/code-mutable
c/code-network
c/code-nodeadmin
c/code-peerselection
c/code-storage
c/contrib
c/dev-infrastructure
c/docs
c/operational
c/packaging
c/unknown
c/website
kw:2pc
kw:410
kw:9p
kw:ActivePerl
kw:AttributeError
kw:DataUnavailable
kw:DeadReferenceError
kw:DoS
kw:FileZilla
kw:GetLastError
kw:IFinishableConsumer
kw:K
kw:LeastAuthority
kw:Makefile
kw:RIStorageServer
kw:StringIO
kw:UncoordinatedWriteError
kw:about
kw:access
kw:access-control
kw:accessibility
kw:accounting
kw:accounting-crawler
kw:add-only
kw:aes
kw:aesthetics
kw:alias
kw:aliases
kw:aliens
kw:allmydata
kw:amazon
kw:ambient
kw:annotations
kw:anonymity
kw:anonymous
kw:anti-censorship
kw:api_auth_token
kw:appearance
kw:appname
kw:apport
kw:archive
kw:archlinux
kw:argparse
kw:arm
kw:assertion
kw:attachment
kw:auth
kw:authentication
kw:automation
kw:avahi
kw:availability
kw:aws
kw:azure
kw:backend
kw:backoff
kw:backup
kw:backupdb
kw:backward-compatibility
kw:bandwidth
kw:basedir
kw:bayes
kw:bbfreeze
kw:beta
kw:binaries
kw:binutils
kw:bitcoin
kw:bitrot
kw:blacklist
kw:blocker
kw:blocks-cloud-deployment
kw:blocks-cloud-merge
kw:blocks-magic-folder-merge
kw:blocks-merge
kw:blocks-raic
kw:blocks-release
kw:blog
kw:bom
kw:bonjour
kw:branch
kw:branding
kw:breadcrumbs
kw:brians-opinion-needed
kw:browser
kw:bsd
kw:build
kw:build-helpers
kw:buildbot
kw:builders
kw:buildslave
kw:buildslaves
kw:cache
kw:cap
kw:capleak
kw:captcha
kw:cast
kw:centos
kw:cffi
kw:chacha
kw:charset
kw:check
kw:checker
kw:chroot
kw:ci
kw:clean
kw:cleanup
kw:cli
kw:cloud
kw:cloud-backend
kw:cmdline
kw:code
kw:code-checks
kw:coding-standards
kw:coding-tools
kw:coding_tools
kw:collection
kw:compatibility
kw:completion
kw:compression
kw:confidentiality
kw:config
kw:configuration
kw:configuration.txt
kw:conflict
kw:connection
kw:connectivity
kw:consistency
kw:content
kw:control
kw:control.furl
kw:convergence
kw:coordination
kw:copyright
kw:corruption
kw:cors
kw:cost
kw:coverage
kw:coveralls
kw:coveralls.io
kw:cpu-watcher
kw:cpyext
kw:crash
kw:crawler
kw:crawlers
kw:create-container
kw:cruft
kw:crypto
kw:cryptography
kw:cryptography-lib
kw:cryptopp
kw:csp
kw:curl
kw:cutoff-date
kw:cycle
kw:cygwin
kw:d3
kw:daemon
kw:darcs
kw:darcsver
kw:database
kw:dataloss
kw:db
kw:dead-code
kw:deb
kw:debian
kw:debug
kw:deep-check
kw:defaults
kw:deferred
kw:delete
kw:deletion
kw:denial-of-service
kw:dependency
kw:deployment
kw:deprecation
kw:desert-island
kw:desert-island-build
kw:design
kw:design-review-needed
kw:detection
kw:dev-infrastructure
kw:devpay
kw:directory
kw:directory-page
kw:dirnode
kw:dirnodes
kw:disconnect
kw:discovery
kw:disk
kw:disk-backend
kw:distribute
kw:distutils
kw:dns
kw:do_http
kw:doc-needed
kw:docker
kw:docs
kw:docs-needed
kw:dokan
kw:dos
kw:download
kw:downloader
kw:dragonfly
kw:drop-upload
kw:duplicity
kw:dusty
kw:earth-dragon
kw:easy
kw:ec2
kw:ecdsa
kw:ed25519
kw:egg-needed
kw:eggs
kw:eliot
kw:email
kw:empty
kw:encoding
kw:endpoint
kw:enterprise
kw:enum34
kw:environment
kw:erasure
kw:erasure-coding
kw:error
kw:escaping
kw:etag
kw:etch
kw:evangelism
kw:eventual
kw:example
kw:excess-authority
kw:exec
kw:exocet
kw:expiration
kw:extensibility
kw:extension
kw:failure
kw:fedora
kw:ffp
kw:fhs
kw:figleaf
kw:file
kw:file-descriptor
kw:filename
kw:filesystem
kw:fileutil
kw:fips
kw:firewall
kw:first
kw:floatingpoint
kw:flog
kw:foolscap
kw:forward-compatibility
kw:forward-secrecy
kw:forwarding
kw:free
kw:freebsd
kw:frontend
kw:fsevents
kw:ftp
kw:ftpd
kw:full
kw:furl
kw:fuse
kw:garbage
kw:garbage-collection
kw:gateway
kw:gatherer
kw:gc
kw:gcc
kw:gentoo
kw:get
kw:git
kw:git-annex
kw:github
kw:glacier
kw:globalcaps
kw:glossary
kw:google-cloud-storage
kw:google-drive-backend
kw:gossip
kw:governance
kw:grid
kw:grid-manager
kw:gridid
kw:gridsync
kw:grsec
kw:gsoc
kw:gvfs
kw:hackfest
kw:hacktahoe
kw:hang
kw:hardlink
kw:heartbleed
kw:heisenbug
kw:help
kw:helper
kw:hint
kw:hooks
kw:how
kw:how-to
kw:howto
kw:hp
kw:hp-cloud
kw:html
kw:http
kw:https
kw:i18n
kw:i2p
kw:i2p-collab
kw:illustration
kw:image
kw:immutable
kw:impressions
kw:incentives
kw:incident
kw:init
kw:inlineCallbacks
kw:inotify
kw:install
kw:installer
kw:integration
kw:integration-test
kw:integrity
kw:interactive
kw:interface
kw:interfaces
kw:interoperability
kw:interstellar-exploration
kw:introducer
kw:introduction
kw:iphone
kw:ipkg
kw:iputil
kw:ipv6
kw:irc
kw:jail
kw:javascript
kw:joke
kw:jquery
kw:json
kw:jsui
kw:junk
kw:key-value-store
kw:kfreebsd
kw:known-issue
kw:konqueror
kw:kpreid
kw:kvm
kw:l10n
kw:lae
kw:large
kw:latency
kw:leak
kw:leasedb
kw:leases
kw:libgmp
kw:license
kw:licenss
kw:linecount
kw:link
kw:linux
kw:lit
kw:localhost
kw:location
kw:locking
kw:logging
kw:logo
kw:loopback
kw:lucid
kw:mac
kw:macintosh
kw:magic-folder
kw:manhole
kw:manifest
kw:manual-test-needed
kw:map
kw:mapupdate
kw:max_space
kw:mdmf
kw:memcheck
kw:memory
kw:memory-leak
kw:mesh
kw:metadata
kw:meter
kw:migration
kw:mime
kw:mingw
kw:minimal
kw:misc
kw:miscapture
kw:mlp
kw:mock
kw:more-info-needed
kw:mountain-lion
kw:move
kw:multi-users
kw:multiple
kw:multiuser-gateway
kw:munin
kw:music
kw:mutability
kw:mutable
kw:mystery
kw:names
kw:naming
kw:nas
kw:navigation
kw:needs-review
kw:needs-spawn
kw:netbsd
kw:network
kw:nevow
kw:new-user
kw:newcaps
kw:news
kw:news-done
kw:news-needed
kw:newsletter
kw:newurls
kw:nfc
kw:nginx
kw:nixos
kw:no-clobber
kw:node
kw:node-url
kw:notification
kw:notifyOnDisconnect
kw:nsa310
kw:nsa320
kw:nsa325
kw:numpy
kw:objects
kw:old
kw:openbsd
kw:openitp-packaging
kw:openssl
kw:openstack
kw:opensuse
kw:operation-helpers
kw:operational
kw:operations
kw:ophandle
kw:ophandles
kw:ops
kw:optimization
kw:optional
kw:options
kw:organization
kw:os
kw:os.abort
kw:ostrom
kw:osx
kw:osxfuse
kw:otf-magic-folder-objective1
kw:otf-magic-folder-objective2
kw:otf-magic-folder-objective3
kw:otf-magic-folder-objective4
kw:otf-magic-folder-objective5
kw:otf-magic-folder-objective6
kw:p2p
kw:packaging
kw:partial
kw:password
kw:path
kw:paths
kw:pause
kw:peer-selection
kw:performance
kw:permalink
kw:permissions
kw:persistence
kw:phone
kw:pickle
kw:pip
kw:pipermail
kw:pkg_resources
kw:placement
kw:planning
kw:policy
kw:port
kw:portability
kw:portal
kw:posthook
kw:pratchett
kw:preformance
kw:preservation
kw:privacy
kw:process
kw:profile
kw:profiling
kw:progress
kw:proxy
kw:publish
kw:pyOpenSSL
kw:pyasn1
kw:pycparser
kw:pycrypto
kw:pycrypto-lib
kw:pycryptopp
kw:pyfilesystem
kw:pyflakes
kw:pylint
kw:pypi
kw:pypy
kw:pysqlite
kw:python
kw:python3
kw:pythonpath
kw:pyutil
kw:pywin32
kw:quickstart
kw:quiet
kw:quotas
kw:quoting
kw:raic
kw:rainhill
kw:random
kw:random-access
kw:range
kw:raspberry-pi
kw:reactor
kw:readonly
kw:rebalancing
kw:recovery
kw:recursive
kw:redhat
kw:redirect
kw:redressing
kw:refactor
kw:referer
kw:referrer
kw:regression
kw:rekey
kw:relay
kw:release
kw:release-blocker
kw:reliability
kw:relnotes
kw:remote
kw:removable
kw:removable-disk
kw:rename
kw:renew
kw:repair
kw:replace
kw:report
kw:repository
kw:research
kw:reserved_space
kw:response-needed
kw:response-time
kw:restore
kw:retrieve
kw:retry
kw:review
kw:review-needed
kw:reviewed
kw:revocation
kw:roadmap
kw:rollback
kw:rpm
kw:rsa
kw:rss
kw:rst
kw:rsync
kw:rusty
kw:s3
kw:s3-backend
kw:s3-frontend
kw:s4
kw:same-origin
kw:sandbox
kw:scalability
kw:scaling
kw:scheduling
kw:schema
kw:scheme
kw:scp
kw:scripts
kw:sdist
kw:sdmf
kw:security
kw:self-contained
kw:server
kw:servermap
kw:servers-of-happiness
kw:service
kw:setup
kw:setup.py
kw:setup_requires
kw:setuptools
kw:setuptools_darcs
kw:sftp
kw:shared
kw:shareset
kw:shell
kw:signals
kw:simultaneous
kw:six
kw:size
kw:slackware
kw:slashes
kw:smb
kw:sneakernet
kw:snowleopard
kw:socket
kw:solaris
kw:space
kw:space-efficiency
kw:spam
kw:spec
kw:speed
kw:sqlite
kw:ssh
kw:ssh-keygen
kw:sshfs
kw:ssl
kw:stability
kw:standards
kw:start
kw:startup
kw:static
kw:static-analysis
kw:statistics
kw:stats
kw:stats_gatherer
kw:status
kw:stdeb
kw:storage
kw:streaming
kw:strports
kw:style
kw:stylesheet
kw:subprocess
kw:sumo
kw:survey
kw:svg
kw:symlink
kw:synchronous
kw:tac
kw:tahoe-*
kw:tahoe-add-alias
kw:tahoe-admin
kw:tahoe-archive
kw:tahoe-backup
kw:tahoe-check
kw:tahoe-cp
kw:tahoe-create-alias
kw:tahoe-create-introducer
kw:tahoe-debug
kw:tahoe-deep-check
kw:tahoe-deepcheck
kw:tahoe-lafs-trac-stream
kw:tahoe-list-aliases
kw:tahoe-ls
kw:tahoe-magic-folder
kw:tahoe-manifest
kw:tahoe-mkdir
kw:tahoe-mount
kw:tahoe-mv
kw:tahoe-put
kw:tahoe-restart
kw:tahoe-rm
kw:tahoe-run
kw:tahoe-start
kw:tahoe-stats
kw:tahoe-unlink
kw:tahoe-webopen
kw:tahoe.css
kw:tahoe_files
kw:tahoewapi
kw:tarball
kw:tarballs
kw:tempfile
kw:templates
kw:terminology
kw:test
kw:test-and-set
kw:test-from-egg
kw:test-needed
kw:testgrid
kw:testing
kw:tests
kw:throttling
kw:ticket999-s3-backend
kw:tiddly
kw:time
kw:timeout
kw:timing
kw:to
kw:to-be-closed-on-2011-08-01
kw:tor
kw:tor-protocol
kw:torsocks
kw:tox
kw:trac
kw:transparency
kw:travis
kw:travis-ci
kw:trial
kw:trickle
kw:trivial
kw:truckee
kw:tub
kw:tub.location
kw:twine
kw:twistd
kw:twistd.log
kw:twisted
kw:twisted-14
kw:twisted-trial
kw:twitter
kw:twn
kw:txaws
kw:type
kw:typeerror
kw:ubuntu
kw:ucwe
kw:ueb
kw:ui
kw:unclean
kw:uncoordinated-writes
kw:undeletable
kw:unfinished-business
kw:unhandled-error
kw:unhappy
kw:unicode
kw:unit
kw:unix
kw:unlink
kw:update
kw:upgrade
kw:upload
kw:upload-helper
kw:uri
kw:url
kw:usability
kw:use-case
kw:utf-8
kw:util
kw:uwsgi
kw:ux
kw:validation
kw:variables
kw:vdrive
kw:verify
kw:verlib
kw:version
kw:versioning
kw:versions
kw:video
kw:virtualbox
kw:virtualenv
kw:vista
kw:visualization
kw:visualizer
kw:vm
kw:volunteergrid2
kw:volunteers
kw:vpn
kw:wapi
kw:warners-opinion-needed
kw:warning
kw:weapi
kw:web
kw:web.port
kw:webapi
kw:webdav
kw:webdrive
kw:webport
kw:websec
kw:website
kw:websocket
kw:welcome
kw:welcome-page
kw:welcomepage
kw:wiki
kw:win32
kw:win64
kw:windows
kw:windows-related
kw:winscp
kw:workaround
kw:world-domination
kw:wrapper
kw:write-enabler
kw:wui
kw:x86
kw:x86-64
kw:xhtml
kw:xml
kw:xss
kw:zbase32
kw:zetuptoolz
kw:zfec
kw:zookos-opinion-needed
kw:zope
kw:zope.interface
p/blocker
p/critical
p/major
p/minor
p/normal
p/supercritical
p/trivial
r/cannot reproduce
r/duplicate
r/fixed
r/invalid
r/somebody else's problem
r/was already fixed
r/wontfix
r/worksforme
t/defect
t/enhancement
t/task
v/0.2.0
v/0.3.0
v/0.4.0
v/0.5.0
v/0.5.1
v/0.6.0
v/0.6.1
v/0.7.0
v/0.8.0
v/0.9.0
v/1.0.0
v/1.1.0
v/1.10.0
v/1.10.1
v/1.10.2
v/1.10a2
v/1.11.0
v/1.12.0
v/1.12.1
v/1.13.0
v/1.14.0
v/1.15.0
v/1.15.1
v/1.2.0
v/1.3.0
v/1.4.1
v/1.5.0
v/1.6.0
v/1.6.1
v/1.7.0
v/1.7.1
v/1.7β
v/1.8.0
v/1.8.1
v/1.8.2
v/1.8.3
v/1.8β
v/1.9.0
v/1.9.0-s3branch
v/1.9.0a1
v/1.9.0a2
v/1.9.0b1
v/1.9.1
v/1.9.2
v/1.9.2a1
v/cloud-branch
v/unknown
No project
No assignees
3 participants
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: tahoe-lafs/trac#2788
Loading…
Add table
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This ticket is for implementing the cache/reuse/override scheme described in #2759 (but that ticket is specifically about multiple Tubs, which is already done).
Here are the relevant ideas, copied from #2759:
workflow:
So our idea was that each YAML clause has two chunks of data: one local, one copied from the introducer announcement. The local data should include a string of some form that specifies the properties of the Tub that should be used for connections to this server. The StorageFarmBroker will spin up a new Tub for each connection, configure it according to those properties, then call getReference() (actually connectTo(), to get the reconnect-on-drop behavior).
The tahoe.cfg settings for foolscap connection-hint handlers get written into the cached introducer data. StorageFarmBroker creates Tubs that obey those rules because those rules are sitting next to the announcement that will contain the FURL.
Current status: reviewing https://github.com/tahoe-lafs/tahoe-lafs/pull/281 . Then we'll look at https://github.com/david415/tahoe-lafs/tree/2759.add_connections_yaml_config.0 .
In testing out PR281, I noticed that the
yaml.dump()
is emitting some pretty horrible-looking YAML, because of the preponderance of unicode strings in our announcements (which comes from the fact that we're shipping around JSON, in which everything is unicode). One test node I looked at had aNODEDIR/private/introducer_cache.yaml
with entries like:That's.. pretty ugly, and I'm not sure I'd want to ask someone to copy/edit/paste it into an override file.
I'm wondering if we should move to JSON instead (with
indent=1
on the output so we get newlines and indentation). It's not entirely human-friendly, but it wouldn't treat unicode as something magical.I noticed that if we used
yaml.safe_dump()
to write the file, intead ofyaml.dump()
, then both unicode and bytes get written out as normal strings (without the!!python/unicode
mess). When parsed withyaml.safe_load()
(or unsafeyaml.load()
), these come back as either bytes or unicode (probably depending upon whether it can be represented as ASCII or not). That's not ideal (I wish it would be consistently unicode), but it'd be easier to work with than the!!python/unicode
things.I'm changing the PR281 branch to use
safe_dump()
, to avoid this. Thanks to dstufft, I'm also modifying the loading side to always give us unicode strings, to match what we wrote out.In the longer run, I'm still thinking about JSON instead of YAML. On IRC, dstufft and simpson were in favor of JSON for machine-written files, but either YAML or TOML for files written by humans. (He said that Python is likely to be using TOML in the future, and !Rust/Cargo already does).
What about this: the cache could be in JSON, but the override file could be in YAML or TOML? I think we're only going to be putting three things in the override file (serverid as the key, FURL and connection-policy as the values), so it might not be necessary to copy-and-paste stuff from one to the other very much, and YAML/TOML is certainly easier to edit than JSON.
In 73b08d2/trunk:
The distutils-sig folks did a review of various structured-data file formats, in https://gist.github.com/njsmith/78f68204c5d969f8c8bc645ef77d4a8f , which makes for interesting reading.
here's the step 1 of the connections.yaml file:
https://github.com/tahoe-lafs/tahoe-lafs/pull/283
Daira has reviewed it. I committed a fix. What's next?
step 2 of the connections.yaml will include multiple introducers.
step 3 allow specification of transport plugins in various scopes; per server, per introducer and globally scoped.
Updating ticket title: this ticket is now the right place for connections.yaml stuff, and using the cache is just a minor part of that effort.
We spent most of today's devchat exploring syntax options for the "connection policy configuration file", aka connections.yaml.
We're still not entirely sure what to call it.
connections.yaml
?policy.yaml
?config.yaml
? We're also not sure about using YAML at all. We did decide that we like the nested-dictionary aspect of YAML, but we're leery of the gotchas that YAML offers (like strings vs identifiers vs booleans vs numbers, where some things are quoted and others are not). I'd still like to evaluate TOML for this, but I don't know if it does nested dictionaries nicely.But we did come up with syntax ideas that seem pretty good.
Introducers
First off: introducers. The
introducers:
section would map introducer nickname to FURL:The nickname is used to name the cache file. The introducer.furl from
tahoe.cfg
is also used (if any), and it gets some default-ish nickname likeintroducer
.If someone really convinces us, we could add connection-policy clauses (described below). But in the devchat we couldn't think of a use case where you'd want different policies for connecting to different introducers. And you can already influence the connection by just editing the FURL to change the hint types.
We also agreed that having different connection policies for the servers you learned from one introducer versus another was not likely to be a good idea (as in, "every server I learn from introducer A should get Tor-ified, but I'll make direct TCP connections to servers I meet through introducer B). Especially when dawuud pointed out that you might learn about the same storage server from two different introducers, in which case you'd have to figure out how to reconcile their two policies. But if you really wanted to do this, you could have another policy stanza under each introducer section, somehow named to make it clear that you're talking about servers learned through the introducer, rather than how you talk to the introducer itself.
"Introducerless mode" means
tahoe.cfg
has an emptyintroducer.furl=
, and there is nointroducers:
section in the YAML file. "Multi-introducer mode" means there are two or more introducers among tahoe.cfg andintroducers:
.Connection Policy
Now the global connection policy section. This tells Tahoe what to do when asked to make connections (to Foolscap connection hints now, later to HTTP things). For each type of connection hint, the policy file specifies a "handler" and some arguments. The default values are something like:
(We aren't sure this should be in a "global" section.. maybe the "connection_types" string should be at the top level. Also we aren't sure that it should be spelled "connection_types": maybe "connections" or "foolscap_connections" or something shorter)
The
tcp:
section controls what happens when a FURL wants you to connect via plain TCP (because the connection hint looks liketcp:example.org:1234
). Thehandler: tcp
goes to a lookup table that tells Tahoe to use a foolscap connection handler that uses plain TCP. In the future,handler: xyz
could ask the setuptools/twisted/zope.interface plugin system for a module that has registered itself with the name "xyz" (and to handle some specific Interface).The
tor:
section handles connection hints liketor:abcxyz.onion:80
. Thetor
handler would probably live in the Tahoe source tree (for now), and would try to import txtorcon (and log+ignore if it couldn't be imported). The keys undertor:
that aren't "handler" are passed as keyword arguments into the plugin. In this case, we're telling the tor-for-foolscap plugin that it's expected to launch it's own copy of the Tor daemon. Other options would be likecontrol_endpoint: tcp:localhost:9051
, to use a pre-running system Tor daemon.(question: we originally discussed:
with the extra
args:
because we originally thoughthandler:
would be a fully-qualified import+funcname string, like what setuptools entrypoint specifications do. In that case,args
would be passed as keyword arguments to the referenced callable. But withhandler:
being an index instead, we could probably be a bit more flexible about how arguments are passed. Also having the args at the same level ashandler:
is a bit cleaner. Maybe we should just pass the entire dictionary into the plugin and let it ignorehandler:
itself)For nodes that are configured to use Tor instead of plain TCP, there would be two nearly-identical sections, one for
tcp:
and one fortor:
, both specifying the "tor" handler:Note that any connection hint type not listed here would be ignored, to avoid the possibility of a new future connection type accidentally violating anonymity. Or maybe we only do that if
anonymous=1
is set.We can also imagine:
Server Overrides and New Servers
The
servers:
clause would serve two purposes. The first is to provide data on brand new (synthetic) servers, ones that might not be advertised through any introducer. This would mostly be used for the "introducerless" mode, but could also be used augment the regular introducer-based grid with a private server for just your own client.The second is to modify data about introducer-advertised servers, generally their connection policy and/or FURL. The following example would allow a private TCP-based server on a mostly-Tor grid (where the global policy says tcp should go to tor).
The dictionary key is the server identity key (an !Ed25519 public verifying key, currently used as the main index for introducer announcements). (we need to experiment to see if YAML can have hyphens or non-identifier characters in dictionary keys; we'd rather not put quotes around the string if we can avoid it).
Many of the other keys would replace or augment the data heard from the introducer. "nickname" is published by servers themselves, but could be overridden locally, in which case it would behave more like a pet name.
anonymous-storage-FURL
is the current way that clients connect to storage servers, although that will change when #666 Accounting happens (probably toaccounting-storage-FURL
or similar), andstorage-URL
will happen when we move to an HTTP-based storage protocol.permutation-seed-base32
is important for compatibility of share placement for older servers, but I think newer servers default to using the !Ed25519 pubkey for this, so it could maybe be omitted for synthetic servers.And then the
connection_types
section would control the connection policy. The idea is that each server (theallmydata.storage_client.NativeStorageServer
instance) will use the connection policy from theservers[$SERVERID]connection_types
dict if that's present, else it will fall back to theglobalconnection_types
config.We must be careful to prevent servers from publishing
connection_types:
themselves. We originally thought of putting the server-provided keys in one place, and the locally-specified keys in another, like:but it felt too verbose. Without the separate
announcement:
section, the code should probably first check forconnection_types
, then overlay the announcement with all remaining keys:The introducer announcement includes a lot of additional data that isn't very useful to override: version strings, sequence numbers, a "nonce" that I don't even remember the purpose of. While it might be useful to allow the YAML file to override any possible announcement key, it might be better to throw an error if we see any unknown key, or a key that doesn't make sense to override.
Finally, note that the Introducer was designed to let you publish more than just storage servers: each announcement includes a
service-name
field, and we originally planned to advertise Helpers, repairers, and even extra introducers through these announcements. The client only subscribes tostorage
, and we don't have any code to publish anything else. For brevity, we'll probably declare that the YAML file'sservers:
section is only referring to storage servers. If some future version of tahoe adds a new thing that we really want to call a "server" but which isn't a storage server, we'll have to come up with a new YAML section to describe it. Or, we could change the YAML section fromservers:
tostorage:
orstorage-servers:
or something.Accidentally Introducing A New Config-File Format
We know that we'd like to eventually move away from the INI-format
tahoe.cfg
file, for two reasons. The first is that it doesn't really support structured data (the original multi-introducer syntax would have needed lines likeintroducer.furl1=
andintroducer.furl2=
, since INI doesn't have lists). The second is that it'd be nice to safely machine-edit the config file.In Petmail, I've been experimenting with keeping all state in a SQLite database (config, runtime updates, user messages, everything). Config changes are done with CLI tools, or a web-based wizard-thing that gets to write changes as you click the boxes. While it's sad to not be able to point emacs at the file, you win transactional changes, schema enforcement, and no data-killing race conditions between user edits and program changes.
We talked a week or two ago about a
tahoe configure
command which could ask you some questions ("should we offer storage? you have X GB, how much should I use?") walk you through the setup process, examine your network situation ("it looks like you're behind NAT. Do you know what port-forwarding is? Let me test your setup. Great, we can be reached from the outside, enabling server."), sanity-check the config, then start the node. To re-run this tool inside a running node, we'd need the ability to safely modify the config file after startup.So I just want to avoid accidentally moving us to a YAML-based config file, if maybe we should be deliberately moving to an SQLite-based one. This YAML syntax is kind of nice, I can imagine moving other tahoe.cfg items over to it (eventually deprecating tahoe.cfg and automatically converting it to YAML at startup). But if we're going to do that, we should probably be intentional about it.
cache server information, use later (with overrides)to add connection-policy configurationI'm reading through the TOML spec. If we make "servers" into a list, with the pubkey as a dictionary item (instead of a key), then I our example would look like this:
Some notes:
servers
andintroducers
sectionsfoo.bar.baz
indicators, or with the inline{key = { subkey = "value"} }
syntax (which can be spread over multiple lines, like in python)"1.4"
(string) and1.4
(float).I think this pull-request is still relevant:
https://github.com/tahoe-lafs/tahoe-lafs/pull/283
It implements the connections.yaml 'servers' section, only.
Next I am going to work on the other two features that the connections.yaml should provide:
ok here's the multi-intro feature, the minimal code change without the web ui:
https://github.com/tahoe-lafs/tahoe-lafs/pull/284
ok next all add the transport plugin system...
btw i do think it will be a relatively easy code change if we want to switch away from yaml and use toml instead. if we wanna get fancy this of course could be abstracted into some api that sit's between the Client and the configuration. Maybe we should evaluate what that API would look like? It should help us switch to a database format as well.
note that the commit history for my multi-intro dev branch (pull request 284) preserves an epic battle against unit test failure. there was much bit rot. all fixed now:
https://github.com/david415/tahoe-lafs/commits/2788.multi_intro.0
I could make all this be a single commit or so if you want the fix-it commits removed.
Further... i had to add the web-ui changes (from truckee) in order to get all the tests to pass.
here's my work in progress implementing the transport plugin system:
https://github.com/david415/tahoe-lafs/tree/2788.transport_plugins.0
i'm still trying to fix it and get the tests to pass here. maybe you want a different plugin system than this one... but it should be easy to change it's design once i get it working.
ok then according to our discussion about transport plugins we've decided to utilize the existing twisted/zope IPlugin interface to manage the loading of plugins. Our connections.yaml file will merely refer to plugins by name which we will reference in our lookup table of plugins. Simple!
Foolscap transport plugins made to use the twisted/zope IPlugin interface and properly install the plugins into the twisted plugins directory via setup.py best practices, looky here! -->
https://foolscap.lothar.com/trac/ticket/256
i've also attempted to get my dev branch to use the twisted plugin system to load the foolscap transport plugins. so far it doesn't work... i'm doing something wrong but haven't tracked down my all mistakes yet. so what we have is a broken dev branch of an unfinished plugin system. ;-p
further, this dev branch ( https://github.com/david415/tahoe-lafs/tree/2788.transport_plugins.0 )
must be used with the corresponding foolscap dev branch with the IPlugin implementation of the transport plugins as specified in the previously mentioned foolscap trac ticket 256.
OK I've fixed an obvious bug and got most of the
test_introducer
unit tests to pass.Many of these unit tests are further complicated by our continuing to support the old intro V1 protocol... So I'm going to remove that code (there's a ticket open already --> #2784) because doing the code removal first saves lots of time.
Thoughts from our meeting today:
tub_options
that are passed throughStorageFarmBroker
intoNativeStorageServer
. It would change thattub_options
from a dictionary into a tuple of two dictionaries. The first dict would be used to callTub.setOption()
as now. The second would be used to callTub.addConnectionHintHandler()
(so the keys would be hint types and the values would be handler instances).DefaultTCP
in a stable place (foolscap#260), then change thetub_options
default to include{"tcp": DefaultTCP()}
, and changeNativeStorageServer.start_connecting()
to callTub.removeAllConnectionHintHandlers()
first. This will make it easy to modify the global connection policy in a later stepIn parallel to that, we can continue as planned (in comment:401734) to add patches that read from
connections.yaml
, one section at a time (maybe starting withintroducers
), leaving the connection policy stuff (and thus Tor) until the end.i quickly wrote an untested WIP dev branch to make tub_options be the 2-tuple as Brian describes above:
https://github.com/tahoe-lafs/tahoe-lafs/pull/311
i fixed some bugs in my code and made all the tests pass. that pull request is now ready for review
PR311 (tub_options/tub_handlers cleanup) landed in [61eb8398]
Make StorageFarmBroker use specified or default handler
another pull request
https://github.com/tahoe-lafs/tahoe-lafs/pull/317
please review
In reviewing the code to implement this, I'm starting to think that
connections.yaml
should only contain the per-server configuration (either overrides for introducer-announced servers, or complete information for non-Introducer locally-defined servers). And as a result, it should be calledservers.yaml
.Then
tahoe.cfg
would contain both the defaults (e.g. "use Tor to connect to TCP things"), and the details of how each connection type is implemented (e.g. "to use Tor, speak SOCKS to localhost:9050"). Neither one needs a lot of structure, so I don't think we need the nested dictionaries of YAML to control them.So I'm suggesting the following
tahoe.cfg
syntax:The
tor
section is defined as in #517 (defaulting to SOCKS on 9050/9150). Theconnections
section maps Foolscap connection-hint type (or "tcp" for HTTP) to a handler. To disable a type, map it to "disabled
" (which replaces thetor enable = false
setting from #517):(note that any unrecognized value for a
connections
key will cause a boot-time error, which should aid discovery of the correct syntax)Then
servers.yaml
won't have aglobal
section. It would still have a top-level section name (to preserve room for other sections, if we need to add them in the future), but I think it could be namedstorage
instead ofservers
, to make it clear that everything below is talking about storage servers and not about Helpers or something else. To add a brand-new (non-Introducer) server, you'd populate theannouncement
clause with a few important keys:(if you're pinning an introducer announcement, you could copy and indent the
ann
clause fromintroducer_cache.yaml
, although you don't strictly need to copy all the keys:What should happen if the same server-id show up in both
servers.yaml
and an introducer announcement? We could haveservers.yaml
overlay the announcement data (e.g.ann = introducer_ann.copy(); ann.update(yaml)
), which would let you override specific properties. But I can't think of any good use for that. I think it might be better to log an error when the announcement shows up. Since this log won't be very discoverable, it'd be a good idea to record the fact that an announcement appeared, and display a note on the relevant WUI page ("warning: announcement received (and ignored) for static server, see logs for details").Note that synthetic servers don't need a real server-id, and announcements are only accepted if they're signed, and the public verification key is the the server-id. So if you make up a server-id, there's no way for an announcement to ever overlap:
Each storage server has an implicit
connections
section, which is filled with the settings fromtahoe.cfg connections
. To handle Leif's use-case of a TCP-enabled server on a otherwise-Tor-restricted client, you'll need to overrideconnections
, to replace thetcp: tor
mapping withtcp: tcp
:tahoe.cfg
:servers.yaml
:In 66fcd6e/trunk:
dawuud reminded me that connections.yaml was also supposed to hold the multiple-introducer config. The proposed section was called
introducers
and contained a dictionary mapping introducer-petname to a dictionary with one defined key namedfurl
:(note that the original patch used "nickname" instead of "petname", which I think is inconsistent because this name is being chosen by the local client, whereas a "nickname", in our usage, is chosen by the object being named)
Since this is basically just a list of (petname, furl) tuples, I don't think we need the full power of YAML to represent it. So I'm thinking it can go into
tahoe.cfg
, right next to the oldintroducer.furl=
key. We just declare that every key which matchesintroducer-.*\.furl
is adding an introducer, and the part after the dash is the petname. This limits the petnames somewhat (no spaces, no dots, no punctuation), but I don't think that's a big deal.We can still use the petnames to build filenames for the local cache. The normal introducer has a petname of "" and uses
private/introducer_cache.yaml
. Atahoe.cfg
key ofintroducer-local.furl = pb://etc
would have a petname oflocal
and would useprivate/introducer_cache_local.yaml
.In 386edeb/trunk:
Note: https://github.com/tahoe-lafs/tahoe-lafs/pull/320 is really close to finishing this. Tor support works as it's supposed to. I2P is not yet implemented, but the framework is in place.
In 73d5376b/trunk:
In 0951201/trunk:
Two small updates:
tor enabled = false
instead ofconnections tor = disabled
, because that way I can avoid importing tor/txtorcon when we aren't going to use it. (the function that does the tor import is only paying attention to thetor
section, it was cleanest that way)tor enabled = false
, nottor enable = false
. I initially implemented it asenable
, but I'm fixing that now, since all other uses of enable/disable in tahoe.cfg use the past-tense (present-participle?) form, "enabled" / "disabled".In a03f68b/trunk: