Swift Account Reaper Deletion Status
Hello,
I was curious about expected account-reaper behavior after deleting an account and if there is a way to be able to tell when all data for the account has been reaped. When I issue a delete on a swift account, I see subsequent HEAD requests on the account then return 410 Gone. Testing with debug logging I can see that after passing the delay_reaping time I see the reaper report my test object is deleted, HEAD requests against the account still return the same 410 Gone. Is there a way to tell when everything for an account has been purged, ie does the 410 return change at some point when that happens?
Thanks, Matt
On Wed, 8 Dec 2021 13:36:17 -0500 Matthew Grinnell mgrinnell@datto.com wrote:
[...] I see the reaper report my test object is deleted, HEAD requests against the account still return the same 410 Gone. Is there a way to tell when everything for an account has been purged, ie does the 410 return change at some point when that happens?
The account server continues to return 410 until replicator reclaims the account DB.
swift/proxy/controllers/account.py: if resp.status_int == HTTP_NOT_FOUND: if resp.headers.get('X-Account-Status', '').lower() == 'deleted': resp.status = HTTP_GONE
The basic problem here is that the Swift proxy cannot possibly know if your data is not hiding somewhere on a handoff that is coincidentaly offline. However, the reclaim period is large (one week) and operators are strictly told never let anything that's been down that long back into the cluster. So after a week replicator deletes the account DB and only then you have a "guarantee" that everything is gone. It is an operational guarantee though. Cannot get you a better one in a distributed system.
If you really want to have things GONE, you have to encrypt them to begin with, then destroy keys at the decision time. The key store is centralized, so it's not a subject to the general distributed system problem as per above.
-- Pete
participants (2)
-
Matthew Grinnell
-
Pete Zaitcev