ceph/src/TODO

big items
- quotas
  - accounting
  - enforcement
- rados cow/snapshot infrastructure
- mds snapshots
- mds security enforcement
- client, user authentication
- cas

- meta vs data crush rules
- use libuuid

userspace client
- handle session STALE
- rm -rf on fragmented directory
- time out caps, wake up waiters on renewal
  - link caps with mds session
- validate dn leases
- fix lease validation to check session ttl
- clean up ll_ interface, now that we have leases!
- clean up client mds session vs mdsmap behavior?

kernel client
- flush caps on sync, fsync, etc.
  - do we need to block?
- timeout mds session close on umount
- deal with CAP_RDCACHE properly: invalidate cache pages?
- procfs/debugfs
  - adjust granular debug levels too
    - should we be using debugfs?
  - a dir for each client instance (client###)?
  - hooks to get mds, osd, monmap epoch #s
- clean up messenger vs ktcp
 - hook into sysfs?
- vfs
 - can we use dentry_path(), if it gets merged into mainline?
- io / osd client
  - osd ack vs commit handling.  hmm!

client
- clean up client mds session vs mdsmap behavior?

osdmon
- monitor needs to monitor some osds...

crush
- more efficient failure when all/too many osds are down
- allow forcefeed for more complicated rule structures.  (e.g. make force_stack a list< set<int> >)
- "knob" bucket

pgmon
- monitor pg states, notify on out?
- watch osd utilization; adjust overload in cluster map

mon
- paxos need to clean up old states.
- some sort of tester for PaxosService...
- osdmon needs to lower-bound old osdmap versions it keeps around?

mds
- dir frags
 - fix replay  (dont want dir frozen, pins, etc.?)
 - fix accounting

- proper handling of cache expire messages during rejoin phase?
  -> i think cache expires are fine; the rejoin_ack handler just has to behave if rejoining items go missing
- try_remove_unlinked_dn thing

- rerun destro trace against latest, with various journal lengths

- lease length heuristics
  - mds lock last_change stamp?

- handle slow client reconnect (i.e. after mds has gone active)

- fix reconnect/rejoin open file weirdness
- get rid of C*Discover objects for replicate_to .. encode to bufferlists directly?

- can we get rid of the dirlock remote auth_pin weirdness on subtree roots?
- anchor_destroy needs to xlock linklock.. which means it needs a Mutation wrapper?
  - ... when it gets a caller.. someday..

- make truncate faster with a trunc_seq, attached to objects as attributes?

- osd needs a set_floor_and_read op for safe failover/STOGITH-like semantics.

- could mark dir complete in EMetaBlob by counting how many dentries are dirtied in the current log epoch in CDir...

- FIXME how to journal/store root and stray inode content? 
  - in particular, i care about dirfragtree.. get it on rejoin?
  - and dir sizes, if i add that... also on rejoin?

- efficient stat for single writers
- add FILE_CAP_EXTEND capability bit


journaler
- fix up for large events (e.g. imports)
- use set_floor_and_read for safe takeover from possibly-not-quite-dead otherguy.
- should we pad with zeros to avoid splitting individual entries?
  - make it a g_conf flag?
  - have to fix reader to skip over zeros (either <4 bytes for size, or zeroed sizes)
- need to truncate at detected (valid) write_pos to clear out any other partial trailing writes


fsck
- fsck.ebofs
- online mds fsck?
- object backpointer attrs to hint catastrophic reconstruction?

objecter
- maybe_request_map should set a timer event to periodically re-request.
- transaction prepare/commit?
- read+floor_lockout

osd/rados
- how does an admin intervene when a pg needs a dead osd to repeer?

- a more general fencing mechanism?  per-object granularity isn't usually a good match.

- consider implications of nvram writeahead logs

- flag missing log entries on crash recovery  --> WRNOOP? or WRLOST?

- efficiently replicate clone() objects
- fix heartbeat wrt new replication
- mark residual pgs obsolete  ???
- rdlocks
- optimize remove wrt recovery pushes
- report crashed pgs?

messenger
- fix messenger shutdown.. we shouldn't delete messenger, since the caller may be referencing it, etc.

simplemessenger
- close idle connections

objectcacher
- merge clean bh's
- ocacher caps transitions vs locks
- test read locks

reliability
- heartbeat vs ping?
- osdmonitor, filter

ebofs
- btrees
  - checksums
  - dups
  - sets

- optionally scrub deallocated extents
- clone()

- map ObjectStore

- verify proper behavior of conflicting/overlapping reads of clones
- combine inodes and/or cnodes into same blocks
- fix bug in node rotation on insert (and reenable)
- fix NEAR_LAST_FWD (?)

- awareness of underlying software/hardware raid in allocator so that we
  write full stripes _only_.
  - hmm, that's basically just a large block size.

- rewrite the btree code!
  - multithreaded
  - eliminate nodepools
  - allow btree sets
  - allow arbitrary embedded data?
  - allow arbitrary btrees
  - allow root node(s?) to be embedded in onode, or whereever.
  - keys and values can be uniform (fixed-size) or non-uniform.  
    - fixed size (if any) is a value in the btree struct.  
      - negative indicates bytes of length value?  (1 -> 255bytes, 2 -> 65535 bytes, etc.?)
    - non-uniform records preceeded by length.  
    - keys sorted via a comparator defined in btree root.  
      - lexicographically, by default.

- goal
  - object btree key->value payload, not just a data blob payload.
  - better threading behavior.
    - with transactional goodness!

- onode
  - object attributes.. as a btree?
  - blob stream
  - map stream.
    - allow blob values.

  - 



remaining hard problems
- how to cope with file size changes and read/write sharing


snapshot notes --

typedef __u64 snapid_t;
#define MAXSNAP (spanid_t)(-2)
#define NOSNAP (spanid_t)(-1)


mds
- break mds hierarchy into snaprealms
  - keep per-realm inode xlists, so that breaking a realm is O(size(realm))
struct snap {
  snapid_t snapid;
  string name;
  utime_t ctime;
};

struct snaprealm {
  map<snapid_t, snap> snaps;
  snaprealm *parent;
  list<snaprealm> children;
  xlist<CInode*> inodes_with_caps;   // used for efficient realm splits
};


- link client caps to realm, so that snapshot creation is O(num_child_realms*num_clients)
  - keep per-realm, per-client record with cap refcount, to avoid traversinng realm inode lists looking for caps

struct CapabilityGroup {
   int client;
   xlist<Capability*> caps;
   snaprealm *realm;
};
in snaprealm, 
   map<int, CapabilityGroup*> client_cap_groups;  // used to identify clients who need snap notifications


- what is snapid?
  - can we get away with it _not_ being ordered?
    - for osds.. yes.
    - for mds.. may make the cdentry range info tricky!
  - so.. let's assign it via using a the monitor state machine, for now.  simple and safe, though a bit slow.
    - for now, state is simply last_snapid


metadata
- fix up inode_map to key off vinodeno.. or have a second map for non-zero snapids.. 
  - no, just key of vinodeno_t, and make it 

CInode *get_inode(inodeno_t ino, snapid_t sn=NOSNAP);

struct vinodeno_t {
  inodeno_t ino;
  snapid_t snapid;
};

- dentry: replace dname -> ino, rino+rtype with
     (dname, csnap, dsnap) -> vino, vino+rtype (where valid range is [csnap, dsnap)
  - live dentries have dsnap = NOSNAP.  kept in separate map:
     - map<string, CDentry*> items;
     - map<pair<string,dsnap>, CDentry> vitems;
  - or?

CDentry *lookup(string dname, snapid_t sn=NOSNAP);

  - track vitem count in fragstat.
     - when vitem count gets large, add pointer in fnode indicating vitem range stored in separate dir object.


client
- also keep caps linked into snaprealm list
- current snapid (lineage) for each snaprealm
- attach snapid (lineage) to each dirty page
  - can we cow page if its dirty but a different realm?
    ...hmm probably not, but we can flush it in write_begin, just like when we do a read to make it clean


osd
- pass realm lineage with osd op/capability
- tag each non-live object with the set of realms it is defined over
  - osdmap has sparse map of extant snapids.  incrementals are simple rmsnapid, and max_snapid increase


rados snapshots
- integrate revisions into ObjectCacher?
- clean up oid.rev vs op.rev in osd+osdc

- attr.crev is rev we were created in.
- oid.rev=0 is "live".  defined for attr.crev <= rev.
- otherwise, defined for attr.crev <= rev < oid.rev  (i.e. oid.rev is deletion time.  upper bound, non-inclusive.)

- write|delete is tagged with op.rev
  - if attr.crev != op.rev
    - we clone to oid.rev=rev (clone keeps old crev)
    - tag clone with list of revs it is defined over
    - change live attr.crev=rev.
  - apply update
- read is tagged with op.rev
  - if 0, we read from 0 (if it exists).
  - otherwise we choose object rev based on op.rev vs oid.rev, and then verifying attr.crev <= op.rev.
    - walk backwards through snap lineage?  i.e. if lineage = 1, 5, 30, 77, 100(now), and op.rev = 30, try 100, 77.

- or, tag live (0) object with attr listing which revs exist (and keep it around at size 0 if it doesn't logically exist)
  - no, the dir lookup on old revs will be in a cached btrfs btree dir node (no inode needed until we have a hit)

btrfs rev de-duping
- i.e. when sub_op_push gets an object
- query checksums
  - userland will read+verify ranges are actually a match?
- punch hole (?)
- clone file range (not entire file)




interface
$ ls -al .snapshot      # list snaps.  show both symbolic names, and timestamp names?  (symbolic -> timestamp symlinks, maybe)
$ mkdir .snapshot/blah  # create snap
$ rmdir .snapshot/blah  # remove it