Skip to content
This repository has been archived by the owner on Nov 14, 2024. It is now read-only.

[CentOS Migration] Part 1: Configurable Ban on New Clients #4712

Merged
merged 4 commits into from
Apr 20, 2020
Merged

[CentOS Migration] Part 1: Configurable Ban on New Clients #4712

merged 4 commits into from
Apr 20, 2020

Conversation

jeremyk-91
Copy link
Contributor

Goals (and why):

  • Many support procedures including the internal migration work we're planning make assumptions that the list of clients is fixed.
  • Ordinarily TimeLock allows you to just register a new client freely, so these procedures aren't fully tight.

Implementation Description (bullets):

  • Add an install time config that allows configuration of whether operations on novel namespaces should be permitted. A novel namespace is one that a node has never seen before (but, importantly, including in the lifetime of previous JVMs), and is adjudicated based on the Paxos directory state.
  • Prevent creating Paxos components for novel namespaces, as defined above.

Testing (What was existing testing like? What have you done to improve it?):
Added two tests: with false you can't create a client, but you can for something already there.

Concerns (what feedback would you like?):

  • Should this be runtime config? I preferred install so you could force a rolling bounce to ensure everyone is up to date.
  • Is there a problem with using the existence of the Paxos directory as a check on what namespaces have historically been seen?

Where should we start reviewing?: LocalPaxosComponents

Priority (whenever / two weeks / yesterday): This week.

@jeremyk-91 jeremyk-91 requested a review from sudiksha27 April 16, 2020 12:54
@changelog-app
Copy link

changelog-app bot commented Apr 16, 2020
edited by jeremyk-91
Loading

Generate changelog in changelog/@unreleased

Type

  • Feature
  • Improvement
  • Fix
  • Break
  • Deprecation
  • Manual task
  • Migration

Description

Allow timelock to be configured to prohibit new clients from being created (via setting can-create-new-clients to false). The operation of extracting all live clients is common in operational workflows.

Note that this configuration takes place on a node level. Thus, if there are clients where some nodes never participated in any quorum, then these nodes may reject requests made for these clients. The cluster will be able to service clients which a majority of nodes knew about before this configuration option was enabled.

Check the box to generate changelog(s)

  • Generate changelog entry

sudiksha27
sudiksha27 approved these changes Apr 20, 2020
View reviewed changes
Copy link
Contributor

@sudiksha27 sudiksha27 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@jeremyk-91 jeremyk-91 merged commit d4f7721 into develop Apr 20, 2020
@delete-merged-branch delete-merged-branch bot deleted the jkong/lock-client-creation branch April 20, 2020 16:10
@svc-autorelease
Copy link
Collaborator

Released 0.209.1

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@sudiksha27 sudiksha27 sudiksha27 approved these changes

Assignees
No one assigned
Labels
autorelease
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jeremyk-91 @svc-autorelease @sudiksha27