of Kiss Coda Wiki
The primary goal is to make the codebase more understandable and manageable.
The main approach is:
no code should be present for possibilities/features which can be implemented independently or postponed safely until the need arises
When the code base is simplified and deployment streamlined, further improvemens (say, supporting ipv6) will become feasible.
in no strict order (completed steps can be moved up to reflect the resulting timeline).
volume names to be treated as comments, meant for humans only, dropping the corresponding indirection layer and the related code
server id to be treated as the primary means to identify a server, to be known also to clients (to be able to enumerate the AVSG while requesting resolution)
volume location service is to be dropped as a whole, removing the related code
volume ids shall be assigned realm-wise not server-wise (each replica of the same volume shall bear the same volume id), dropping the extra mapping from repvol to volreps and the corresponding code
mountpoints are to contain a volume id and a list of serverids (representing the VSG), no longer involving the Coda servers in the resolution of a mount point (this implies a possibility to create inconsistent mount points, which though doesn’t look too dangerous) so that clients read VSGs directly from mountpoints (servers get the corresponding lists, in that case representing AVSGs, from the clients during resolution)
coordination of volume ids is to be considered a deployment-time task, to be solved by external tools / independently of the core code
support for mountpoints referring to “foreign” realms is to be dropped, the functionality is more cleanly representable by symlinks, without referring to the internal data of the “foreign” realm
both clients and servers shall map server ids to endpoints via DNS SRV records
when servers have higher demands on reliablity of the mapping
it can be ensured by deployment-specific tools like setting up
a trusted DNS server near the servers (instead of e.g. adding code
to parse a “
db/servers”-lookalike representing the corresponding
placement of the remaining Coda services shall be made independent from each other; the placement is not to be reflected in the core code but delegated to possible deployment-time independent tools; “scm” notion is to be more correctly represented by multiple separate master databases:
krb5.conf-like file and a keytab
management of replication of the authentication service for every authority is to be delegated to deployment time and not be cared for in the core code
arrangment of possible remote management tools for all kinds of master databases listed above is encouraged but left for external implementation (i.e. ignored for the moment)
au” utility, improvements postponed
to summarize, DNS shall contain following SRV records
authentication announcement service
Coda password authentication services
the endpoint(s) of all file servers of the realm - IMPLEMENTED!
DNS TTL can not be trusted and opens an attack surface, so ignoring it.
For the time being an expiration threshold is hardcoded.
enumeration of the servers carrying the root volume (which is to be allocated a predefined reserved volume id) - IMPLEMENTED!
these records are to contain the corresponding server ids in the priority field, which makes it inappropriate to interpret them according to the usual SRV semantics
because of this the endpoint information present here shall be ignored
to make it obvious that the target host/port information is
65535 are to be supplied
(both are valid values, see rfc6761 and rfc2782)
the format of DNS-entries for the future remote management tools is to be decided later
the kernel part of the Coda client is to be simplified by dropping the pioctl part which should be implemented differently (the alternatives being a “usual” socket connection to Venus or redirecting the data flow via the upcall interface, Venus is already doing some analysis of symlink target format which in other words is available as a communication channel)
alternatively should the interface be reimplemented via FUSE
replace callbacks with log-based polling
change the token format for future-proof crypto
update the authentication handshake
implement rpc2 over tcp
fully remove support for anonymous rpc2 connections (feasible given the present anonymous tokens functionality and removal of callbacks)
make volume management (create, delete, list) access controlled by membership in a certain group and put the corresponding interface into cfs
Last modified: Thu Nov 12 18:32:27 UTC 2015