Feature #14199
closed[keepstore] copy block from remote keepstore to local keepstore
Description
API to instruct keepstore to fetch a remote block, save it, and return signed locator (variation on "proxy a block read request" with the added feature of saving the block).
Proposed API:
Request header "X-Keep-Signature: local, time=T" (where T is an RFC3339 timestamp) implies the block should be retained by keepstore.
The response includes the header "X-Keep-Locator: abc+123+Aabc"
The client will do a HEAD request (equivalent to the GET request) on remote signed locator and look for a response header that has a new locator with local block signature.
All keepstore GET and HEAD responses for block requests should support this new header/response
When the "X-Keep-Signature" request header is provided, the timestamp on the underlying block must be updated before a new signature can be returned.
Responses with an X-Keep-Locator header must also include a "Vary: X-Keep-Signature" header.
Updated by Peter Amstutz over 6 years ago
Federated block queries: currently do GET with a signed locator, returns content
We want to retrieve a federated block, save it, and returned the signed locator
Do a HEAD request (equivalent to the GET request) and look for a header that has a new locator with local block signature.
Updated by Peter Amstutz over 6 years ago
- Subject changed from [controller] Convert +R to +A in collection POST and PUT operations to [keepstore] copy remote block to local keepstore
- Description updated (diff)
Updated by Peter Amstutz over 6 years ago
- Related to Feature #14259: [SDK] Python collection class uses copy remote block to local keepstore added
Updated by Peter Amstutz over 6 years ago
- Subject changed from [keepstore] copy remote block to local keepstore to [keepstore] copy block from remote keepstore to local keepstore
Updated by Ward Vandewege about 6 years ago
- Target version changed from To Be Groomed to 2018-10-17 sprint
Updated by Tom Clegg about 6 years ago
14199-copy-from-remote @ fde27ce0e46521db9828c228e7fb531e003724a8 https://ci.curoverse.com/view/Developer/job/developer-run-tests/918/
All keepstore GET and HEAD responses for block requests should support this new header/response
I haven't done this part: so far, the X-Keep-Signature header is ignored in GET requests that aren't proxied with the +R remote signature. IIRC this requirement was supposed to help long-running clients keep their signatures alive longer than blob-signature-ttl without creating a collection. It turns out not to be trivial to implement, and I'm now doubting [a] updating the block's timestamp on the storage backend is a reasonable way to do that, especially now that auto-expiring temp collections are supported, and [b] (even if so) it deserves to be rolled into this pull-from-remote story.
Responses with an X-Keep-Locator header must also include a "Vary: X-Keep-Signature" header.
I think the correct requirement is "Responses that can vary depending on the X-Keep-Signature request header," i.e., requests with +R signatures and no +A signatures in the path, regardless of whether the X-Keep-Signature/X-Keep-Locator headers appear. For example, if a client does "GET without x-k-s", then "GET with x-k-s", the first response has to include the Vary header to prevent a proxy from reusing it for the second request. Implemented accordingly.
Updated by Tom Clegg about 6 years ago
14199-copy-from-remote @ 005951a5e62a55894eace6e8fb3fe91d5c4ba84c
Fixes occasional test suite deadlock/timeout. From commit message:
If a KeepClient has been created using an API server address that is no longer reachable, calling keepclient.RefreshServiceDiscovery() puts the poll() goroutine into an endless retry loop, and a second call never returns because ent.clear is never ready to receive. Work around this in the pull worker tests by only refreshing services from the API server actually being used, not on additional ones referenced by previous test cases.
Updated by Peter Amstutz about 6 years ago
- It checks for the presence of
X-Keep-Signature
but doesn't check the value. Maybe there should be some validation, even if we don't do anything with it?
func (rrc *remoteResponseCacher) Flush(ctx context.Context) {
- This doesn't match the
http.Flusher
interface. Should it? Or should it be renamed? (maybeFinish()
)
Rest LGTM.
Updated by Tom Clegg about 6 years ago
- invoke local cache/signature on X-Keep-Signature: local[, ...]
- rename Flush to Close (its semantics are much, um, closer to io.Closer than http.Flusher so this seems less confusing)
Updated by Peter Amstutz about 6 years ago
Tom Clegg wrote:
14199-copy-from-remote @ 77ee37c567ba73a0c33455ecf8d5c8200cf69d72
- invoke local cache/signature on X-Keep-Signature: local[, ...]
- rename Flush to Close (its semantics are much, um, closer to io.Closer than http.Flusher so this seems less confusing)
LGTM.
Updated by Tom Clegg about 6 years ago
- Status changed from In Progress to Resolved
Updated by Tom Clegg about 6 years ago
- Related to Feature #14406: [SDK] Go collection uses copy remote block to local keepstore added