[tahoe-dev] different uids, and multiple introducer/client/server nodes on one box

Brian Warner warner at lothar.com
Mon Jul 26 03:24:58 UTC 2010


On 7/23/10 1:52 PM, Greg Troxel wrote:
> 
>   Run the introducer node as a service uid, like tahoe.tahoe, similar
>   to how one runs servers as an unprivileged user.

Yeah, good idea.

>   Run a server node as a service uid, perhaps the same as above, on
>   many machines. This would mean introducer and server would have same
>   uid. Or tahoei and tahoes. I don't see a real reason to separate
>   them.

Agreed.

>     A) Run the client as me, so I can interact with it.
> 
>   or
> 
>     B) Run the client as tahoec, because it interacts with people via
>     capabilities and the WAPI, so it doesn't matter that it's the same
>     uid as the person using it.

Each user on a multi-user machine should have their own ~/.tahoe
directory, with their own private/aliases file. The decision of whether
to have those users share a single Tahoe client instance or not depends
upon whether each user is comfortable relying upon the admin who manages
that client instance. If the box-wide root sysadmin runs it, then
they're no worse off either way, and there are probably some performance
advantages to be had.

OTOH, we've considered making the client node responsible for periodic
file maintenance (deep-check+repair, lease-renewal, etc), which would it
needs a rootcap as a starting point. To take advantage of this in a
shared-client situtation, you'd have to leave your rootcaps somewhere
that the client node could find them, or we'd need to build some sort of
webapi interface that lets you register/unregister rootcaps for it to
maintain. I'm not sure what the cleanest approach would be.

> I think A might be needed, because the command-line program uses
> private/aliases. But perhaps if I symlink node.url from my ~/.tahoe to
> the tahoec client, all is well, and I can separate the command-line
> client and the node instance.

Yeah, we made sure that node.url is the only point-of-connection between
the ~/.tahoe that the CLI tools use and the working directory that the
tahoe client node uses. If you run your own node, then both can share a
~/.tahoe and everything Just Works. If you aren't running your own node,
you just have to copy node.url from the right place to make everything
work.

> Is this what others do?  Does it make sense?
> Will it work to run three nodes on one system?

Yeah, you can run as many nodes as you like. The only potential conflict
is the default webapi port: clients and servers are configured to grab
3456 unless you override it on the "tahoe create-client/create-node"
command line.

I create half-a-dozen nodes at once all the time, for testing and demos.
"tahoe start -m TESTDIR/node-*" is how I start them all up at once
(where node-0 is the introducer).

cheers,
 -Brian



More information about the tahoe-dev mailing list