Swift Account Reaper Deletion Status

Pete Zaitcev zaitcev at redhat.com
Thu Dec 9 02:00:31 UTC 2021

On Wed, 8 Dec 2021 13:36:17 -0500
Matthew Grinnell <mgrinnell at datto.com> wrote:

> [...] I see the
> reaper report my test object is deleted, HEAD requests against the account
> still return the same 410 Gone.  Is there a way to tell when everything for
> an account has been purged, ie does the 410 return change at some point
> when that happens?

The account server continues to return 410 until replicator reclaims the
account DB.

        if resp.status_int == HTTP_NOT_FOUND:
            if resp.headers.get('X-Account-Status', '').lower() == 'deleted':
                resp.status = HTTP_GONE

The basic problem here is that the Swift proxy cannot possibly know if
your data is not hiding somewhere on a handoff that is coincidentaly offline.
However, the reclaim period is large (one week) and operators are strictly
told never let anything that's been down that long back into the cluster.
So after a week replicator deletes the account DB and only then you
have a "guarantee" that everything is gone. It is an operational
guarantee though. Cannot get you a better one in a distributed system.

If you really want to have things GONE, you have to encrypt them to begin
with, then destroy keys at the decision time. The key store is centralized,
so it's not a subject to the general distributed system problem as per above.

-- Pete

More information about the openstack-discuss mailing list