From: Brian Warner <warner@lothar.com> Date: Tue, 17 Mar 2009 05:10:41 +0000 (-0700) Subject: GC: add date-cutoff -based expiration, add proposed docs X-Git-Tag: allmydata-tahoe-1.4.0~51 X-Git-Url: https://git.rkrishnan.org/%5B/%5D%20/uri/frontends/%22doc.html/?a=commitdiff_plain;h=c7254c5f1d43e6e98cb432c23c65820d03e9f35d;p=tahoe-lafs%2Ftahoe-lafs.git GC: add date-cutoff -based expiration, add proposed docs --- diff --git a/docs/proposed/garbage-collection.txt b/docs/proposed/garbage-collection.txt new file mode 100644 index 00000000..51998d67 --- /dev/null +++ b/docs/proposed/garbage-collection.txt @@ -0,0 +1,280 @@ += Garbage Collection in Tahoe = + +When a file or directory in the virtual filesystem is no longer referenced, +the space that its shares occupied on each storage server can be freed, +making room for other shares. Tahoe currently uses a garbage collection +("GC") mechanism to implement this space-reclamation process. Each share has +one or more "leases", which are managed by clients who want the +file/directory to be retained. The storage server accepts each share for a +pre-defined period of time, and is allowed to delete the share if all of the +leases are cancelled or allowed to expire. + +Garbage collection is not enabled by default: storage servers will not delete +shares without being explicitly configured to do so. When GC is enabled, +clients are responsible for renewing their leases on a periodic basis at +least frequently enough to prevent any of the leases from expiring before the +next renewal pass. + +There are several tradeoffs to be considered when choosing the renewal timer +and the lease duration, and there is no single optimal pair of values. See +the "lease-tradeoffs.svg" diagram to get an idea for the tradeoffs involved. +If lease renewal occurs quickly and with 100% reliability, than any renewal +time that is shorter than the lease duration will suffice, but a larger ratio +of duration-over-renewal-time will be more robust in the face of occasional +delays or failures. + +The current recommended values for a small Tahoe grid are to renew the leases +once a week, and to give each lease a duration of 31 days. Renewing leases +can be expected to take about one second per file/directory, depending upon +the number of servers and the network speeds involved. Note that in the +current release, the server code enforces a 31 day lease duration: there is +not yet a way for the client to request a different duration (however the +server can use the "expire.override_lease_duration" configuration setting to +increase or decrease the effective duration to something other than 31 days). + +== Client-side Renewal == + +If all of the files and directories which you care about are reachable from a +single starting point (usually referred to as a "rootcap"), and you store +that rootcap as an alias (via "tahoe create-alias"), then the simplest way to +renew these leases is with the following CLI command: + + tahoe deep-check --add-lease ALIAS: + +This will recursively walk every directory under the given alias and renew +the leases on all files and directories. (You may want to add a --repair flag +to perform repair at the same time). Simply run this command once a week (or +whatever other renewal period your grid recommends) and make sure it +completes successfully. As a side effect, a manifest of all unique files and +directories will be emitted to stdout, as well as a summary of file sizes and +counts. It may be useful to track these statistics over time. + +Note that newly uploaded files (and newly created directories) get an initial +lease too: the --add-lease process is only needed to ensure that all older +objects have up-to-date leases on them. + +For larger systems (such as a commercial grid), a separate "maintenance +daemon" is under development. This daemon will acquire manifests from +rootcaps on a periodic basis, keep track of checker results, manage +lease-addition, and prioritize repair needs, using multiple worker nodes to +perform these jobs in parallel. Eventually, this daemon will be made +appropriate for use by individual users as well, and may be incorporated +directly into the client node. + +== Server Side Expiration == + +Expiration must be explicitly enabled on each storage server, since the +default behavior is to never expire shares. Expiration is enabled by adding +config keys to the "[storage]" section of the tahoe.cfg file (as described +below) and restarting the server node. + +Each lease has two parameters: a create/renew timestamp and a duration. The +timestamp is updated when the share is first uploaded (i.e. the file or +directory is created), and updated again each time the lease is renewed (i.e. +"tahoe check --add-lease" is performed). The duration is currently fixed at +31 days, and the "nominal lease expiration time" is simply $duration seconds +after the $create_renew timestamp. (In a future release of Tahoe, the client +will get to request a specific duration, and the server will accept or reject +the request depending upon its local configuration, so that servers can +achieve better control over their storage obligations). + +The lease-expiration code has two modes of operation. The first is age-based: +leases are expired when their age is greater than their duration. This is the +preferred mode: as long as clients consistently update their leases on a +periodic basis, and that period is shorter than the lease duration, then all +active files and directories will be preserved, and the garbage will +collected in a timely fashion. + +Since there is not yet a way for clients to request a lease duration of other +than 31 days, there is a tahoe.cfg setting to override the duration of all +leases. If, for example, this alternative duration is set to 60 days, then +clients could safely renew their leases with an add-lease operation perhaps +once every 50 days: even though nominally their leases would expire 31 days +after the renewal, the server would not actually expire the leases until 60 +days after renewal. + +The other mode is an absolute-date-cutoff: it compares the create/renew +timestamp against some absolute date, and expires any lease which was not +created or renewed since the cutoff date. If all clients have performed an +add-lease some time after March 20th, you could tell the storage server to +expire all leases that were created or last renewed on March 19th or earlier. +This is most useful if you have a manual (non-periodic) add-lease process. +Note that there is not much point to running a storage server in this mode +for a long period of time: once the lease-checker has examined all shares and +expired whatever it is going to expire, the second and subsequent passes are +not going to find any new leases to remove. + +The tahoe.cfg file uses the following keys to control lease expiration: + +[storage] + +expire.enabled = (boolean, optional) + + If this is True, the storage server will delete shares on which all leases + have expired. Other controls dictate when leases are considered to have + expired. The default is False. + +expire.mode = (string, "age" or "date-cutoff", required if expiration enabled) + + If this string is "age", the age-based expiration scheme is used, and the + "expire.override_lease_duration" setting can be provided to influence the + lease ages. If it is "date-cutoff", the absolute-date-cutoff mode is used, + and the "expire.cutoff_date" setting must be provided to specify the cutoff + date. The mode setting currently has no default: you must provide a value. + + In a future release, this setting is likely to default to "age", but in this + release it was deemed safer to require an explicit mode specification. + +expire.override_lease_duration = (duration string, optional) + + When age-based expiration is in use, a lease will be expired if its + "lease.create_renew" timestamp plus its "lease.duration" time is + earlier/older than the current time. This key, if present, overrides the + duration value for all leases, changing the algorithm from: + + if (lease.create_renew_timestamp + lease.duration) < now: + expire_lease() + + to: + + if (lease.create_renew_timestamp + override_lease_duration) < now: + expire_lease() + + The value of this setting is a "duration string", which is a number of days, + months, or years, followed by a units suffix, and optionally separated by a + space, such as one of the following: + + 7days + 31day + 60 days + 2mo + 3 month + 12 months + 2years + + This key is meant to compensate for the fact that clients do not yet have + the ability to ask for leases that last longer than 31 days. A grid which + wants to use faster or slower GC than a 31-day lease timer permits can use + this parameter to implement it. The current fixed 31-day lease duration + makes the server behave as if "lease.override_lease_duration = 31days" had + been passed. + + This key is only valid when age-based expiration is in use (i.e. when + "expire.mode = age" is used). It will be rejected if date-cutoff expiration + is in use. + +expire.cutoff_date = (date string, required if mode=date-cutoff) + + When date-cutoff expiration is in use, a lease will be expired if its + create/renew timestamp is older than the cutoff date. This string will be a + date in the following format: + + 16-Jan-2009 + 02-Feb-2008 + 25-Dec-2007 + + The actual cutoff time shall be midnight UTC at the beginning of the given + day. Lease timers should naturally be generous enough to not depend upon + differences in timezone: there should be at least a few days between the + last renewal time and the cutoff date. + + This key is only valid when cutoff-based expiration is in use (i.e. when + "expire.mode = date-cutoff"). It will be rejected if age-based expiration is + in use. + +expire.immutable = (boolean, optional) + + If this is False, then immutable shares will never be deleted, even if their + leases have expired. This can be used in special situations to perform GC on + mutable files but not immutable ones. The default is True. + +expire.mutable = (boolean, optional) + + If this is False, then mutable shares will never be deleted, even if their + leases have expired. This can be used in special situations to perform GC on + immutable files but not mutable ones. The default is True. + +== Expiration Progress == + +In the current release, leases are stored as metadata in each share file, and +no separate database is maintained. As a result, checking and expiring leases +on a large server may require multiple reads from each of several million +share files. This process can take a long time and be very disk-intensive, so +a "share crawler" is used. The crawler limits the amount of time looking at +shares to a reasonable percentage of the storage server's overall usage: by +default it uses no more than 10% CPU, and yields to other code after 100ms. A +typical server with 1.1M shares was observed to take 3.5 days to perform this +rate-limited crawl through the whole set of shares, with expiration disabled. +It is expected to take perhaps 4 or 5 days to do the crawl with expiration +turned on. + +The crawler's status is displayed on the "Storage Server Status Page", a web +page dedicated to the storage server. This page resides at $NODEURL/storage, +and there is a link to it from the front "welcome" page. The "Lease +Expiration crawler" section of the status page shows the progress of the +current crawler cycle, expected completion time, amount of space recovered, +and details of how many shares have been examined. + +The crawler's state is persistent: restarting the node will not cause it to +lose significant progress. The state file is located in two files +($BASEDIR/storage/lease_checker.state and lease_checker.history), and the +crawler can be forcibly reset by stopping the node, deleting these two files, +then restarting the node. + +== Future Directions == + +Tahoe's GC mechanism is undergoing significant changes. The global +mark-and-sweep garbage-collection scheme can require considerable network +traffic for large grids, interfering with the bandwidth available for regular +uploads and downloads (and for non-Tahoe users of the network). + +A preferable method might be to have a timer-per-client instead of a +timer-per-lease: the leases would not be expired until/unless the client had +not checked in with the server for a pre-determined duration. This would +reduce the network traffic considerably (one message per week instead of +thousands), but retain the same general failure characteristics. + +In addition, using timers is not fail-safe (from the client's point of view), +in that a client which leaves the network for an extended period of time may +return to discover that all of their files have been garbage-collected. (It +*is* fail-safe from the server's point of view, in that a server is not +obligated to provide disk space in perpetuity to an unresponsive client). It +may be useful to create a "renewal agent" to which a client can pass a list +of renewal-caps: the agent then takes the responsibility for keeping these +leases renewed, so the client can go offline safely. Of course, this requires +a certain amount of coordination: the renewal agent should not be keeping +files alive that the client has actually deleted. The client can send the +renewal-agent a manifest of renewal caps, and each new manifest should +replace the previous set. + +The GC mechanism is also not immediate: a client which deletes a file will +nevertheless be consuming extra disk space (and might be charged or otherwise +held accountable for it) until the ex-file's leases finally expire on their +own. If the client is certain that they've removed their last reference to +the file, they could accelerate the GC process by cancelling their lease. The +current storage server API provides a method to cancel a lease, but the +client must be careful to coordinate with anyone else who might be +referencing the same lease (perhaps a second directory in the same virtual +drive), otherwise they might accidentally remove a lease that should have +been retained. + +In the current release, these leases are each associated with a single "node +secret" (stored in $BASEDIR/private/secret), which is used to generate +renewal- and cancel- secrets for each lease. Two nodes with different secrets +will produce separate leases, and will not be able to renew or cancel each +others' leases. + +Once the Accounting project is in place, leases will be scoped by a +sub-delegatable "account id" instead of a node secret, so clients will be able +to manage multiple leases per file. In addition, servers will be able to +identify which shares are leased by which clients, so that clients can safely +reconcile their idea of which files/directories are active against the +server's list, and explicitly cancel leases on objects that aren't on the +active list. + +By reducing the size of the "lease scope", the coordination problem is made +easier. In general, mark-and-sweep is easier to implement (it requires mere +vigilance, rather than coordination), so unless the space used by deleted +files is not expiring fast enough, the renew/expire timed lease approach is +recommended. + diff --git a/src/allmydata/storage/expirer.py b/src/allmydata/storage/expirer.py index 9a7d13c1..714a63ac 100644 --- a/src/allmydata/storage/expirer.py +++ b/src/allmydata/storage/expirer.py @@ -15,7 +15,7 @@ class LeaseCheckingCrawler(ShareCrawler): status page, including:: Space recovered during this cycle-so-far: - actual (only if expire_leases=True): + actual (only if expiration_enabled=True): num-buckets, num-shares, sum of share sizes, real disk usage ('real disk usage' means we use stat(fn).st_blocks*512 and include any space used by the directory) @@ -37,7 +37,7 @@ class LeaseCheckingCrawler(ShareCrawler): Histogram of leases-per-share: this-cycle-to-date last 10 cycles <-- separate pickle - Histogram of lease ages, buckets = expiration_time/10 + Histogram of lease ages, buckets = 1day cycle-to-date last 10 cycles <-- separate pickle @@ -49,10 +49,16 @@ class LeaseCheckingCrawler(ShareCrawler): minimum_cycle_time = 12*60*60 # not more than twice per day def __init__(self, server, statefile, historyfile, - expire_leases, expiration_time): + expiration_enabled, expiration_mode): self.historyfile = historyfile - self.expire_leases = expire_leases - self.age_limit = expiration_time + self.expiration_enabled = expiration_enabled + self.mode = expiration_mode + if self.mode[0] not in ("age", "date-cutoff"): + raise ValueError("garbage-collection mode '%s' must be 'age' or 'date-cutoff'" % self.mode[0]) + if self.mode[0] == "age": + assert isinstance(expiration_mode[1], int) # seconds + elif self.mode[0] == "date-cutoff": + assert isinstance(expiration_mode[1], int) # seconds-since-epoch ShareCrawler.__init__(self, server, statefile) def add_initial_state(self): @@ -159,10 +165,19 @@ class LeaseCheckingCrawler(ShareCrawler): num_valid_leases_original += 1 # expired-or-not according to our configured age limit - if age < self.age_limit: - num_valid_leases_configured += 1 + if self.mode[0] == "age": + age_limit = self.mode[1] + if age < age_limit: + num_valid_leases_configured += 1 + else: + expired_leases_configured.append(li) else: - expired_leases_configured.append(li) + assert self.mode[0] == "date-cutoff" + date_cutoff = self.mode[1] + if grant_renew_time > date_cutoff: + num_valid_leases_configured += 1 + else: + expired_leases_configured.append(li) so_far = self.state["cycle-to-date"] self.increment(so_far["leases-per-share-histogram"], num_leases, 1) @@ -172,7 +187,7 @@ class LeaseCheckingCrawler(ShareCrawler): would_keep_share = [1, 1, 1] - if self.expire_leases: + if self.expiration_enabled: for li in expired_leases_configured: sf.cancel_lease(li.cancel_secret) @@ -183,7 +198,7 @@ class LeaseCheckingCrawler(ShareCrawler): if num_valid_leases_configured == 0: would_keep_share[1] = 0 self.increment_space("configured-leasetimer", s) - if self.expire_leases: + if self.expiration_enabled: would_keep_share[2] = 0 self.increment_space("actual", s) @@ -211,7 +226,7 @@ class LeaseCheckingCrawler(ShareCrawler): d[k] += delta def add_lease_age_to_histogram(self, age): - bucket_interval = self.age_limit / 10.0 + bucket_interval = 24*60*60 bucket_number = int(age/bucket_interval) bucket_start = bucket_number * bucket_interval bucket_end = bucket_start + bucket_interval @@ -235,8 +250,8 @@ class LeaseCheckingCrawler(ShareCrawler): start = self.state["current-cycle-start-time"] now = time.time() h["cycle-start-finish-times"] = (start, now) - h["expiration-enabled"] = self.expire_leases - h["configured-expiration-time"] = self.age_limit + h["expiration-enabled"] = self.expiration_enabled + h["configured-expiration-mode"] = self.mode s = self.state["cycle-to-date"] @@ -277,7 +292,7 @@ class LeaseCheckingCrawler(ShareCrawler): cycle-to-date: expiration-enabled - configured-expiration-time + configured-expiration-mode lease-age-histogram (list of (minage,maxage,sharecount) tuples) leases-per-share-histogram corrupt-shares (list of (si_b32,shnum) tuples, minimal verification) @@ -302,7 +317,7 @@ class LeaseCheckingCrawler(ShareCrawler): history: maps cyclenum to a dict with the following keys: cycle-start-finish-times expiration-enabled - configured-expiration-time + configured-expiration-mode lease-age-histogram leases-per-share-histogram corrupt-shares @@ -344,8 +359,8 @@ class LeaseCheckingCrawler(ShareCrawler): lah = so_far["lease-age-histogram"] so_far["lease-age-histogram"] = self.convert_lease_age_histogram(lah) - so_far["expiration-enabled"] = self.expire_leases - so_far["configured-expiration-time"] = self.age_limit + so_far["expiration-enabled"] = self.expiration_enabled + so_far["configured-expiration-mode"] = self.mode so_far_sr = so_far["space-recovered"] remaining_sr = {} diff --git a/src/allmydata/storage/server.py b/src/allmydata/storage/server.py index e922854a..1f07ed7e 100644 --- a/src/allmydata/storage/server.py +++ b/src/allmydata/storage/server.py @@ -40,7 +40,8 @@ class StorageServer(service.MultiService, Referenceable): def __init__(self, storedir, nodeid, reserved_space=0, discard_storage=False, readonly_storage=False, stats_provider=None, - expire_leases=False, expiration_time=31*24*60*60): + expiration_enabled=False, + expiration_mode=("age", 31*24*60*60)): service.MultiService.__init__(self) assert isinstance(nodeid, str) assert len(nodeid) == 20 @@ -81,20 +82,20 @@ class StorageServer(service.MultiService, Referenceable): "cancel": [], } self.add_bucket_counter() - self.add_lease_checker(expire_leases, expiration_time) + self.add_lease_checker(expiration_enabled, expiration_mode) def add_bucket_counter(self): statefile = os.path.join(self.storedir, "bucket_counter.state") self.bucket_counter = BucketCountingCrawler(self, statefile) self.bucket_counter.setServiceParent(self) - def add_lease_checker(self, expire_leases, expiration_time): + def add_lease_checker(self, expiration_enabled, expiration_mode): statefile = os.path.join(self.storedir, "lease_checker.state") historyfile = os.path.join(self.storedir, "lease_checker.history") klass = self.LeaseCheckerClass self.lease_checker = klass(self, statefile, historyfile, - expire_leases=expire_leases, - expiration_time=expiration_time) + expiration_enabled=expiration_enabled, + expiration_mode=expiration_mode) self.lease_checker.setServiceParent(self) def count(self, name, delta=1): diff --git a/src/allmydata/test/test_storage.py b/src/allmydata/test/test_storage.py index 286efe11..85d39033 100644 --- a/src/allmydata/test/test_storage.py +++ b/src/allmydata/test/test_storage.py @@ -1611,6 +1611,8 @@ class LeaseCrawler(unittest.TestCase, pollmixin.PollMixin, WebRenderingMixin): ss.setServiceParent(self.s) + DAY = 24*60*60 + d = eventual.fireEventually() # now examine the state right after the first bucket has been @@ -1625,12 +1627,12 @@ class LeaseCrawler(unittest.TestCase, pollmixin.PollMixin, WebRenderingMixin): so_far = initial_state["cycle-to-date"] self.failUnlessEqual(so_far["expiration-enabled"], False) - self.failUnless("configured-expiration-time" in so_far) + self.failUnless("configured-expiration-mode" in so_far) self.failUnless("lease-age-histogram" in so_far) lah = so_far["lease-age-histogram"] self.failUnlessEqual(type(lah), list) self.failUnlessEqual(len(lah), 1) - self.failUnlessEqual(lah, [ (0.0, lc.age_limit/10.0, 1) ] ) + self.failUnlessEqual(lah, [ (0.0, DAY, 1) ] ) self.failUnlessEqual(so_far["leases-per-share-histogram"], {1: 1}) self.failUnlessEqual(so_far["buckets-examined"], 1) self.failUnlessEqual(so_far["shares-examined"], 1) @@ -1684,13 +1686,13 @@ class LeaseCrawler(unittest.TestCase, pollmixin.PollMixin, WebRenderingMixin): self.failUnless("cycle-start-finish-times" in last) self.failUnlessEqual(type(last["cycle-start-finish-times"]), tuple) self.failUnlessEqual(last["expiration-enabled"], False) - self.failUnless("configured-expiration-time" in last) + self.failUnless("configured-expiration-mode" in last) self.failUnless("lease-age-histogram" in last) lah = last["lease-age-histogram"] self.failUnlessEqual(type(lah), list) self.failUnlessEqual(len(lah), 1) - self.failUnlessEqual(lah, [ (0.0, lc.age_limit/10.0, 6) ] ) + self.failUnlessEqual(lah, [ (0.0, DAY, 6) ] ) self.failUnlessEqual(last["leases-per-share-histogram"], {1: 2, 2: 2}) @@ -1742,14 +1744,14 @@ class LeaseCrawler(unittest.TestCase, pollmixin.PollMixin, WebRenderingMixin): return raise IndexError("unable to renew non-existent lease") - def test_expire(self): - basedir = "storage/LeaseCrawler/expire" + def test_expire_age(self): + basedir = "storage/LeaseCrawler/expire_age" fileutil.make_dirs(basedir) # setting expiration_time to 2000 means that any lease which is more # than 2000s old will be expired. ss = InstrumentedStorageServer(basedir, "\x00" * 20, - expire_leases=True, - expiration_time=2000) + expiration_enabled=True, + expiration_mode=("age",2000)) # make it start sooner than usual. lc = ss.lease_checker lc.slow_start = 0 @@ -1841,7 +1843,8 @@ class LeaseCrawler(unittest.TestCase, pollmixin.PollMixin, WebRenderingMixin): last = s["history"][0] self.failUnlessEqual(last["expiration-enabled"], True) - self.failUnlessEqual(last["configured-expiration-time"], 2000) + self.failUnlessEqual(last["configured-expiration-mode"], + ("age",2000)) self.failUnlessEqual(last["buckets-examined"], 4) self.failUnlessEqual(last["shares-examined"], 4) self.failUnlessEqual(last["leases-per-share-histogram"], @@ -1871,10 +1874,164 @@ class LeaseCrawler(unittest.TestCase, pollmixin.PollMixin, WebRenderingMixin): def _check_html(html): s = remove_tags(html) self.failUnlessIn("Expiration Enabled: expired leases will be removed", s) + self.failUnlessIn("leases created or last renewed more than 33 minutes ago will be considered expired", s) + self.failUnlessIn(" recovered: 2 shares, 2 buckets, ", s) + d.addCallback(_check_html) + return d + + def test_expire_date_cutoff(self): + basedir = "storage/LeaseCrawler/expire_date_cutoff" + fileutil.make_dirs(basedir) + # setting date-cutoff to 2000 seconds ago means that any lease which + # is more than 2000s old will be expired. + now = time.time() + then = int(now - 2000) + ss = InstrumentedStorageServer(basedir, "\x00" * 20, + expiration_enabled=True, + expiration_mode=("date-cutoff",then)) + # make it start sooner than usual. + lc = ss.lease_checker + lc.slow_start = 0 + lc.stop_after_first_bucket = True + webstatus = StorageStatus(ss) + + # create a few shares, with some leases on them + self.make_shares(ss) + [immutable_si_0, immutable_si_1, mutable_si_2, mutable_si_3] = self.sis + + def count_shares(si): + return len(list(ss._iter_share_files(si))) + def _get_sharefile(si): + return list(ss._iter_share_files(si))[0] + def count_leases(si): + return len(list(_get_sharefile(si).get_leases())) + + self.failUnlessEqual(count_shares(immutable_si_0), 1) + self.failUnlessEqual(count_leases(immutable_si_0), 1) + self.failUnlessEqual(count_shares(immutable_si_1), 1) + self.failUnlessEqual(count_leases(immutable_si_1), 2) + self.failUnlessEqual(count_shares(mutable_si_2), 1) + self.failUnlessEqual(count_leases(mutable_si_2), 1) + self.failUnlessEqual(count_shares(mutable_si_3), 1) + self.failUnlessEqual(count_leases(mutable_si_3), 2) + + # artificially crank back the expiration time on the first lease of + # each share, to make it look like was renewed 3000s ago. To achieve + # this, we need to set the expiration time to now-3000+31days. This + # will change when the lease format is improved to contain both + # create/renew time and duration. + new_expiration_time = now - 3000 + 31*24*60*60 + + # Some shares have an extra lease which is set to expire at the + # default time in 31 days from now (age=31days). We then run the + # crawler, which will expire the first lease, making some shares get + # deleted and others stay alive (with one remaining lease) + + sf0 = _get_sharefile(immutable_si_0) + self.backdate_lease(sf0, self.renew_secrets[0], new_expiration_time) + sf0_size = os.stat(sf0.home).st_size + + # immutable_si_1 gets an extra lease + sf1 = _get_sharefile(immutable_si_1) + self.backdate_lease(sf1, self.renew_secrets[1], new_expiration_time) + + sf2 = _get_sharefile(mutable_si_2) + self.backdate_lease(sf2, self.renew_secrets[3], new_expiration_time) + sf2_size = os.stat(sf2.home).st_size + + # mutable_si_3 gets an extra lease + sf3 = _get_sharefile(mutable_si_3) + self.backdate_lease(sf3, self.renew_secrets[4], new_expiration_time) + + ss.setServiceParent(self.s) + + d = eventual.fireEventually() + # examine the state right after the first bucket has been processed + def _after_first_bucket(ignored): + p = lc.get_progress() + self.failUnless(p["cycle-in-progress"]) + d.addCallback(_after_first_bucket) + d.addCallback(lambda ign: self.render1(webstatus)) + def _check_html_in_cycle(html): + s = remove_tags(html) + # the first bucket encountered gets deleted, and its prefix + # happens to be about 1/5th of the way through the ring, so the + # predictor thinks we'll have 5 shares and that we'll delete them + # all. This part of the test depends upon the SIs landing right + # where they do now. + self.failUnlessIn("The remainder of this cycle is expected to " + "recover: 4 shares, 4 buckets", s) + self.failUnlessIn("The whole cycle is expected to examine " + "5 shares in 5 buckets and to recover: " + "5 shares, 5 buckets", s) + d.addCallback(_check_html_in_cycle) + + # wait for the crawler to finish the first cycle. Two shares should + # have been removed + def _wait(): + return bool(lc.get_state()["last-cycle-finished"] is not None) + d.addCallback(lambda ign: self.poll(_wait)) + + def _after_first_cycle(ignored): + self.failUnlessEqual(count_shares(immutable_si_0), 0) + self.failUnlessEqual(count_shares(immutable_si_1), 1) + self.failUnlessEqual(count_leases(immutable_si_1), 1) + self.failUnlessEqual(count_shares(mutable_si_2), 0) + self.failUnlessEqual(count_shares(mutable_si_3), 1) + self.failUnlessEqual(count_leases(mutable_si_3), 1) + + s = lc.get_state() + last = s["history"][0] + + self.failUnlessEqual(last["expiration-enabled"], True) + self.failUnlessEqual(last["configured-expiration-mode"], + ("date-cutoff",then)) + self.failUnlessEqual(last["buckets-examined"], 4) + self.failUnlessEqual(last["shares-examined"], 4) + self.failUnlessEqual(last["leases-per-share-histogram"], + {1: 2, 2: 2}) + + rec = last["space-recovered"] + self.failUnlessEqual(rec["actual-numbuckets"], 2) + self.failUnlessEqual(rec["original-leasetimer-numbuckets"], 0) + self.failUnlessEqual(rec["configured-leasetimer-numbuckets"], 2) + self.failUnlessEqual(rec["actual-numshares"], 2) + self.failUnlessEqual(rec["original-leasetimer-numshares"], 0) + self.failUnlessEqual(rec["configured-leasetimer-numshares"], 2) + size = sf0_size + sf2_size + self.failUnlessEqual(rec["actual-sharebytes"], size) + self.failUnlessEqual(rec["original-leasetimer-sharebytes"], 0) + self.failUnlessEqual(rec["configured-leasetimer-sharebytes"], size) + # different platforms have different notions of "blocks used by + # this file", so merely assert that it's a number + self.failUnless(rec["actual-diskbytes"] >= 0, + rec["actual-diskbytes"]) + self.failUnless(rec["original-leasetimer-diskbytes"] >= 0, + rec["original-leasetimer-diskbytes"]) + self.failUnless(rec["configured-leasetimer-diskbytes"] >= 0, + rec["configured-leasetimer-diskbytes"]) + d.addCallback(_after_first_cycle) + d.addCallback(lambda ign: self.render1(webstatus)) + def _check_html(html): + s = remove_tags(html) + self.failUnlessIn("Expiration Enabled:" + " expired leases will be removed", s) + date = time.strftime("%d-%b-%Y", time.gmtime(then)) + self.failUnlessIn("leases created or last renewed before %s" + " will be considered expired" % date, s) self.failUnlessIn(" recovered: 2 shares, 2 buckets, ", s) d.addCallback(_check_html) return d + def test_bad_mode(self): + basedir = "storage/LeaseCrawler/bad_mode" + fileutil.make_dirs(basedir) + e = self.failUnlessRaises(ValueError, + StorageServer, basedir, "\x00" * 20, + expiration_mode=("bogus", 0)) + self.failUnless("garbage-collection mode 'bogus'" + " must be 'age' or 'date-cutoff'" in str(e), str(e)) + def test_limited_history(self): basedir = "storage/LeaseCrawler/limited_history" fileutil.make_dirs(basedir) @@ -1970,7 +2127,7 @@ class LeaseCrawler(unittest.TestCase, pollmixin.PollMixin, WebRenderingMixin): basedir = "storage/LeaseCrawler/no_st_blocks" fileutil.make_dirs(basedir) ss = No_ST_BLOCKS_StorageServer(basedir, "\x00" * 20, - expiration_time=-1000) + expiration_mode=("age",-1000)) # a negative expiration_time= means the "configured-leasetimer-" # space-recovered counts will be non-zero, since all shares will have # expired by then diff --git a/src/allmydata/web/storage.py b/src/allmydata/web/storage.py index f827bb58..dec972ba 100644 --- a/src/allmydata/web/storage.py +++ b/src/allmydata/web/storage.py @@ -122,16 +122,22 @@ class StorageStatus(rend.Page): def render_lease_expiration_enabled(self, ctx, data): lc = self.storage.lease_checker - if lc.expire_leases: + if lc.expiration_enabled: return ctx.tag["Enabled: expired leases will be removed"] else: return ctx.tag["Disabled: scan-only mode, no leases will be removed"] - def render_lease_expiration_age_limit(self, ctx, data): - lc = self.storage.lease_checker - return ctx.tag["leases created or last renewed more than %s ago " - "will be considered expired" - % abbreviate_time(lc.age_limit)] + def render_lease_expiration_mode(self, ctx, data): + mode = self.storage.lease_checker.mode + if mode[0] == "age": + return ctx.tag["leases created or last renewed more than %s ago " + "will be considered expired" + % abbreviate_time(mode[1])] + else: + assert mode[0] == "date-cutoff" + date = time.strftime("%d-%b-%Y", time.gmtime(mode[1])) + return ctx.tag["leases created or last renewed before %s " + "will be considered expired" % date] def format_recovered(self, sr, a): def maybe(d): @@ -189,9 +195,8 @@ class StorageStatus(rend.Page): self.format_recovered(ecr, "configured-leasetimer")) add("if we were using each lease's default 31-day lease lifetime " - "(instead of our configured %s lifetime), " - "this cycle would be expected to recover: " - % abbreviate_time(so_far["configured-expiration-time"]), + "(instead of our configured node), " + "this cycle would be expected to recover: ", self.format_recovered(ecr, "original-leasetimer")) if so_far["corrupt-shares"]: diff --git a/src/allmydata/web/storage_status.xhtml b/src/allmydata/web/storage_status.xhtml index 16c4307c..7579e591 100644 --- a/src/allmydata/web/storage_status.xhtml +++ b/src/allmydata/web/storage_status.xhtml @@ -73,7 +73,7 @@ <ul> <li>Expiration <span n:render="lease_expiration_enabled" /></li> - <li n:render="lease_expiration_age_limit" /> + <li n:render="lease_expiration_mode" /> <li n:render="lease_current_cycle_progress" /> <li n:render="lease_current_cycle_results" /> <li n:render="lease_last_cycle_results" />