Changes

← Older edit

Tahoe-LAFS

231 bytes removed, 06:55, 3 January 2018

no edit summary

Tahoe-LAFS is a distributed filesystem which provides redundancy and security for files.Our most recent incarnation was run on [[Infrastructure:Crashoverride|Crashoverride]]

==Connecting to VTLUUG's Tahoe Grid==

** Available in Arch's community repo

* Install various dependencies.

** On ~~CentOS 6~~Debian 9, ~~you'll need to~~ install <code>~~yum -y install libffi libffi-devel~~ python-~~devel openssl~~txtorcon tahoe-~~devel~~lafs tor</code>* ~~Get~~ * On Debian 8, the ~~latest version of Tahoe-LAFS. To use it with Torsocks 2.x,~~ distro packages are too old so you ~~must use [https://github.com/tahoe-lafs/tahoe-lafs the latest version from their Github] containing [[User:Mjh|mhazinsk]]'s patch~~need to install things manually.* ~~Create a hidden service by editing the~~ ** <code>~~torrc~~pip2 install -U pyopenssl txtorcon tahoe-lafs</code> ~~file, usually found at <code>~~*** Follow the Tor Project's [https:/~~etc~~/~~tor~~www.torproject.org/~~torrc<~~docs/~~code>~~debian.html. ~~Add~~ en instructions] for installing the ~~following:~~ ~~HiddenServiceDir /var/lib/~~latest stable version of tor~~/tahoe_storage/~~ on Debian Jessie. ~~HiddenServicePort 4456 127~~** CentOS 6 is unsupported, as Tahoe-LAFS now requires Python 2.07.~~0.1:4456~~* ~~Get the hostname for the hidden service by restarting tor and running~~ Edit <code>~~cat~~ /~~var/lib~~etc/tor/~~tahoe_storage/hostname~~torrc</code>* cd to where you cloned the Tahoe-LAFS repo and do uncomment the ~~following:~~** <code>~~python setup.py build~~ControlPort 9051</code> ~~to build the necessary binaries~~ line, then restart tor.** Edit the tahoe defaults file (<code>~~bin~~/etc/defaults/tahoe ~~create~~-~~node ''path''~~lafs</code> ) to ~~create a Tahoe directory in the given ''path''~~start your nodes along with tahoe-lafs startup. Note that ~~your~~ in this ~~will be used~~ example, I have two node directories underneath "/srv/tahoe-storage", "introducer" and "tor-storage". For most users you should only have one node directory for ~~both configuration data and encrypted blob~~ storage.** <~~code~~pre>~~vim ''path''/~~# Start only these tahoe-lafs nodes automatically via init script.~~cfg</code> and make it look like the following:~~ ~~[node]~~ Allowed # ~~Nicknames~~ values are ~~optional but useful~~ ~~nickname = mhazinsk~~"all", "none" or space separated list of tahoe-2 lafs nodes. If # ~~Optional web interface~~empty, "none" is assumed. ~~web.port~~ ##AUTOSTART= ~~tcp:3456:interface~~"all"AUTOSTART=~~127.0.0.1~~ "introducer tor-storage" ~~web.static~~ #AUTOSTART= ~~public_html~~"home office" # ~~This is what what you defined in tor~~Pass arguments to tahoe start. ~~tub~~Default to "--syslog".~~port = tcp:4456:interface=127.0.0.1~~ ~~tub.location~~ DAEMONARGS= ~~yourhiddenservicehostname.onion:4456~~ "--syslog" ~~[client]~~ ~~introducer.furl~~ CONFIG_DIR= ~~pb:~~"/srv/~~getthisstringfromanofficer@hiddenservice.onion:37204/otherstuff~~ [tahoe-storage]" ~~enabled = true~~</pre> ~~# You can change this if you have less space, but less than~~ * Create a ~~# few 10's of GB is not useful~~ ~~reserved_space = 100G~~ ~~expire.enabled = false~~ ~~# Read tahoe's docs if you want~~ Tahoe user and add it to ~~use~~ the ~~other options~~tor group ~~[helper]~~** <code>useradd tahoe-lafs</code> ~~enabled = false~~** <code>usermod -aG debian-tor tahoe-lafs</code> * Create the appropriate tahoe services, and start them: ~~[drop_upload]~~ ~~enabled~~ ** <code>sudo -u tahoe-lafs tahoe create-node --listen= ~~false~~ tor -n YOUR_NODE_NAME -C /srv/tahoe-storage/vtluug-tor-storage -i GET_THIS_STRING_FROM_AN_OFFICER</code>* ~~Finally, run~~ * <code>~~torify bin/~~systemctl start tahoe ~~start ''path''~~-lafs</code>~~. This will daemonize.~~

=== Tuning ===

===How do I delete files?===

You can't. The nodes are not trusted and therefore cannot be relied upon to remove the file's shares when asked. To render a file inaccessible, destroy all copies of the filecap. After 31 60 days, the file's lease will expire and its shares will be automatically garbage collected, or deleted, by the nodes.

===Wait, files expire? But I thought...===

~~Don~~VTLUUG'~~t panic. To stop~~ s grid uses a 2 month file ~~from being deleted after 1 month, simply renew its~~ lease~~. The recommended way of doing this is setting up an alias using tahoe create-alias tahoe, adding the filecap~~ to prevent the ~~alias, and setting~~ grid from filling up ~~a weekly cronjob to run tahoe deep-check --renew tahoe. This will renew the leases on all the files in the alias, which is similar to a directory~~permanently.

~~(Note: expiration was true~~ Don't panic. To stop a file from being deleted after 2 months, simply renew its lease. The recommended way of doing this is setting up an alias using tahoe create-alias tahoe, adding the ~~old Tahoe grid~~filecap to the alias, and setting up a weekly cronjob to run tahoe deep-check --renew tahoe. ~~The new one (established~~ This will renew the leases on all the files in ~~Dec 2014) has storage nodes that should be configured~~ the alias, which is similar to ~~''never'' expire files~~a directory.)

===Directory?===

* Tahoe's erasure coding maintains availability in the event of a loss of nodes, but not malicious nodes. It's trivial to DoS a grid either by a Sybil attack or just using up all available storage if you know the introducer furl string. A [https://tahoe-lafs.org/trac/tahoe-lafs/ticket/467 patch] is in the works to allow clients to choose their own storage nodes that should mitigate this.

[[Category:VTLUUG :Projects]][[Category:~~Infrastructure]][[Category:Software~~Deprecated]]

Anonymous user

imported>Pew

Linux and Unix Users Group at Virginia Teck Wiki β

Changes

Tahoe-LAFS

Linux and Unix Users Group at Virginia Teck Wiki ^β