[tahoe-lafs-trac-stream] [tahoe-lafs] #1280: if bucket_counter.state or lease_checker.state can't be written, stop the node with an error message
tahoe-lafs
trac at tahoe-lafs.org
Thu Aug 18 22:27:00 PDT 2011
#1280: if bucket_counter.state or lease_checker.state can't be written, stop the
node with an error message
--------------------------------+--------------------------------
Reporter: francois | Owner: zooko
Type: defect | Status: reopened
Priority: major | Milestone: 1.9.0
Component: code-nodeadmin | Version: 1.8.1
Resolution: | Keywords: pickle reliability
Launchpad Bug: |
--------------------------------+--------------------------------
Comment (by zooko):
Replying to [comment:7 davidsarah]:
> Replying to [comment:6 zooko]:
> > Why stop the node? Because there is no other reliable way to get the
operator's attention.
>
> Seems to me that's a bug right there.
Well, let's open a ticket for it, but I still think that even if we fix
that issue by providing a reliable way to get the operator's attention,
that stopping the node is still the right thing to do when we discover
something wrong like this, because (a) it increases the likelihood of
getting the operator's attention, (b) it reduces the chance of damage or
exploitation, and (c) it helps the operator with post-mortem diagnostics.
> There should be some other way to get the operator's attention, and if
there were, there would be lots of things that could use it without
introducing SPoFs by stopping the node.
What do you mean ''S''!PoFs?
> Straw-man suggestion: send (rate-limited) email to an admin address
giving a link to the log.
I guess the [source:trunk/docs/logging.rst#incident-gatherer Incident
Gatherer] is perfect for this.
--
Ticket URL: <http://tahoe-lafs.org/trac/tahoe-lafs/ticket/1280#comment:8>
tahoe-lafs <http://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list