You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficcontrol.apache.org by GitBox <gi...@apache.org> on 2021/05/12 21:19:51 UTC

[GitHub] [trafficcontrol] rawlinp edited a comment on pull request #5834: CDN Locks Blueprint

rawlinp edited a comment on pull request #5834:
URL: https://github.com/apache/trafficcontrol/pull/5834#issuecomment-840103884


   > i think you've overcomplicated it. i think this is all that is needed:
   > ```
   > exclusive lock: only owner can make cdn changes/snap/queue
   > shared lock: only owner can snap/queue; owner and non-owners can make cdn changes
   > no lock: anyone can make cdn changes/snap/queue
   > ```
   > the user can decide what level of protection they are looking for. i'm pretty sure this is what @rawlinp was thinking when he proposed the shared lock.
   
   Yeah, that is what I was thinking. I thought there would only be a single exclusive lock and a single shared lock (per-CDN). Each lock can only have one owner at a time, and only one type of lock can be held at a time.
   
   I think it helps to start with the use cases behind each type of lock. For example, if I wanted to update a DS certificate, I could grab the exclusive lock since I don't want anyone else's changes to be propagated until I've had a chance to test the new cert on a single cache. Once I've verified the cert, I will queue the entire CDN then release the exclusive lock.
   
   As another example, say there are a lot of certs about to expire and we want to divide the work among multiple operators. One operator would grab the shared lock (preventing anyone else from queuing updates). The other operators are still free to update their certs anytime (since only a shared lock is held), and when ready, the lock holder will queue updates on single cache. Then all the operators can test their certs before the lock holder queues the entire CDN and releases the shared lock.
   
   We shouldn't make this solution overly complicated, since I see this more as a temporary solution until we have the time to tackle the full solution (delivery service snapshots and server snapshots). Right?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org