[Lustre-devel] Recovering opens by reconstruction

Mikhail Pershin Mikhail.Pershin at Sun.COM
Sat Jul 4 00:14:13 PDT 2009

On Sat, 04 Jul 2009 04:48:51 +0400, Nicolas Williams  
<Nicolas.Williams at sun.com> wrote:

> On Fri, Jul 03, 2009 at 04:55:28PM -0500, Nicolas Williams wrote:
>> On Fri, Jul 03, 2009 at 11:02:16PM +0400, Mikhail Pershin wrote:
>> > On Fri, 03 Jul 2009 02:39:45 +0400, Nicolas Williams
>> > <Nicolas.Williams at sun.com> wrote:
>> > >We're working on adding replay RPC signatures, so that clients may  
>> only
>> > >replay RPCs that have been seen by the server (thus signed).
>> >
>> > Could you explain that more? All replays have been seen by server  
>> just by
>> > definition because client got reply from server, so what is purpose of
>> > such signing?
>> They've been seen, indeed, but when replayed not all the same
>> permissions checks may be done, so the server needs to know that the
>> replay is safe to process.  There's two ways to do that: never skip any
>> permissions checks when processing replayed RPCs, or have the server
>> sign replayable RPCs so the server can know validate any replays.  I've
>> not looked at a complete list of checks that are skipped on replays --
>> perhaps we should have such a list before we go down the replay
>> signature path.
> Oh, I forgot for a moment, but the other point of replay signatures is
> to prevent clients from causing other clients to be evicted.

Ah, I am interesting even more in some background about this idea. I  
thought this was needed as protection from malformed clients only but it  
looks more functional.

Mikhail Pershin
Staff Engineer
Lustre Group
Sun Microsystems, Inc.

More information about the lustre-devel mailing list