Swift Account Reaper Deletion Status
zaitcev at redhat.com
Thu Dec 9 02:00:31 UTC 2021
On Wed, 8 Dec 2021 13:36:17 -0500
Matthew Grinnell <mgrinnell at datto.com> wrote:
> [...] I see the
> reaper report my test object is deleted, HEAD requests against the account
> still return the same 410 Gone. Is there a way to tell when everything for
> an account has been purged, ie does the 410 return change at some point
> when that happens?
The account server continues to return 410 until replicator reclaims the
if resp.status_int == HTTP_NOT_FOUND:
if resp.headers.get('X-Account-Status', '').lower() == 'deleted':
resp.status = HTTP_GONE
The basic problem here is that the Swift proxy cannot possibly know if
your data is not hiding somewhere on a handoff that is coincidentaly offline.
However, the reclaim period is large (one week) and operators are strictly
told never let anything that's been down that long back into the cluster.
So after a week replicator deletes the account DB and only then you
have a "guarantee" that everything is gone. It is an operational
guarantee though. Cannot get you a better one in a distributed system.
If you really want to have things GONE, you have to encrypt them to begin
with, then destroy keys at the decision time. The key store is centralized,
so it's not a subject to the general distributed system problem as per above.
More information about the openstack-discuss