Changes
no edit summary
Tahoe-LAFS is a distributed filesystem which provides redundancy and security for files.Our most recent incarnation was run on [[Infrastructure:Crashoverride|Crashoverride]]
==Connecting to VTLUUG's Tahoe Grid==
** Available in Arch's community repo
* Install various dependencies.
** On CentOS 6Debian 9, install <code>python-txtorcon tahoe-lafs tor</code>** On Debian 8, the distro packages are too old so you'll need to install things manually.*** <code>yum -y pip2 install libffi libffi-devel pythonU pyopenssl txtorcon tahoe-devel openssl-devellafs</code>* Get ** Follow the latest version of Tahoe-LAFS. Until [[User:Mjh|mhazinskTor Project's]] patch for Torsocks 2.x gets merged, clone it from [https://githubwww.torproject.comorg/matthazinskidocs/tahoedebian.html.en instructions] for installing the latest stable version of tor on Debian Jessie.** CentOS 6 is unsupported, as Tahoe-lafs his github]LAFS now requires Python 2.7.* Create a hidden service by editing Edit <code>/etc/tor/torrc</code> and uncomment the <code>torrcControlPort 9051</code> line, then restart tor.* Edit the tahoe defaults file, usually found at (<code>/etc/tordefaults/torrctahoe-lafs</code>) to start your nodes along with tahoe-lafs startup. Add the following: HiddenServiceDir Note that in this example, I have two node directories underneath "/var/libsrv/tahoe-storage", "introducer" and "tor/tahoe_storage/ -storage". For most users you should only have one node directory for storage.<pre> HiddenServicePort 4456 127# Start only these tahoe-lafs nodes automatically via init script.0 Allowed# values are "all", "none" or space separated list of tahoe-lafs nodes.0If# empty, "none" is assumed.1:4456* Get the hostname for the hidden service by restarting ##AUTOSTART="all"AUTOSTART="introducer tor and running <code>cat -storage"#AUTOSTART="home office" # Pass arguments to tahoe start. Default to "--syslog".DAEMONARGS="--syslog"CONFIG_DIR="/varsrv/lib/tor/tahoe_storage/hostnametahoe-storage"</codepre>* cd Create a Tahoe user and add it to where you cloned the Tahoetor group** <code>useradd tahoe-LAFS repo and do the following:lafs</code>** <code>python setup.py buildusermod -aG debian-tor tahoe-lafs</code> to build * Create the necessary binaries appropriate tahoe services, and start them:** <code>bin/sudo -u tahoe-lafs tahoe create-node ''path''--listen=tor -n YOUR_NODE_NAME -C /srv/tahoe-storage/vtluug-tor-storage -i GET_THIS_STRING_FROM_AN_OFFICER</code> to create a Tahoe directory in the given ''path''. Note that your this will be used for both configuration data and encrypted blob storage.** <code>vim ''path''/systemctl start tahoe.cfg-lafs</code> and make it look like the following: [node] # Nicknames are optional but useful nickname = mhazinsk-2 # Optional web interface. web.port = tcp:3456:interface=127.0.0.1 web.static Tuning === public_html # This is what what you defined in torYou should adjust the encoding parameters to strike the desired balance between upload bandwidth and replication. tub* shares.port = tcp:4456:interface=127needed refers to the number of storage nodes (out of shares.0total) need to be available to reconstruct a file.0* shares.1 happy refers to the minimum number of storage nodes a file should be striped upon tub* shares.location = yourhiddenservicehostname.onion:4456total refers to how many stripes of a file should be made [Note that in order to upload a file, the ''client] introducer'' does the striping.furl = pb://getthisstringfromanofficer@hiddenserviceThis can cause significant latency if the client is on a consumer internet connection.onion:37204/otherstuff [storage] enabled = true # You can change eliminate this if issue by relying upon a ''helper'' node which does striping for you have less space. Blobs are still encrypted on the client side, but less than a # few 10's of GB is so not much trust needs to be placed in this. Helpers are useful reserved_space = 100G expire.enabled = false # Read tahoe's docs if you want have access to use the other options [helper] enabled = false [drop_upload] enabled = false * Finally, run <code>torify bin/tahoe start ''path''</code>. This will daemonizea server with significantly higher bandwidth than your client.
==Troubleshooting==
This is a list of various problems I've encountered. --[[User:Mjh|Mjh]] ([[User talk:Mjh|talk]]) 00:47, 30 December 2014 (EST)
=== tahoe Tahoe daemonized and then terminated immediately ===
This can be caused by several factors when running with torsocks.
* You're trying to bind to an IP other than localhost and torsocks blocked this** For the introducer '''only''', it doesn't appear to be possible to restrict the interfaces it binds to. Instead, modify <code>/etc/tor/torsocks.conf</code> and add <code>AllowInbound 1</code>. Then use iptables to deny inbound connections to non-localhost on that port.** For all other nodes (including storage nodes), modify Ensure the tub.port or and web.port lines in tahoeare set to restrict traffic to localhost.cfg* Tahoe is attempting to establish a UDP connection to identify its local IP address. Torsocks restricts UDP connections, causing Tahoe to throw exceptions and terminate. Use Ensure you are using the [https://github.com/matthazinskitahoe-lafs/tahoe-lafs mhazinsklatest trunk version] rather than the version supplied by your OS. === Can's fork] until t connect to introducer ===* Ensure tor is running and that Tahoe is started through torify.* Ensure the <code>introducer.furl</code> parameter is not enclosed with quotes in <code>tahoe.cfg</code>. For some reason this is merged upstreamhas caused connection issues for me.
==FAQs==
Technical documentation on tahoe Tahoe can be found at on its website. However, for the prospective user, here's a simple explanation in Q&A format:
===What does it do?===
===How do I delete files?===
You can't. The nodes are not trusted and therefore cannot be relied upon to remove the file's shares when asked. To render a file inaccessible, destroy all copies of the filecap. After 31 60 days, the file's lease will expire and its shares will be automatically garbage collected, or deleted, by the nodes.
===Wait, files expire? But I thought...===
===Directory?===
There are; they just aren't built-in. Tahoe's high latency makes it rather unwieldy for use as part of a conventional filesystem. Append operations in particular are extremely inefficient. It is recommended that you use the web and CLI interfaces to manage files stored in tahoe.
===What are the downsides?===Currently there's a reliance on a central introducer. This has several disadvantages:* If the introducer goes away, every node in the system must be reconfigured to choose a new introducer furl string.* Tahoe's erasure coding maintains availability in the event of a loss of nodes, but not malicious nodes. It's trivial to DoS a grid either by a Sybil attack or just using up all available storage if you know the introducer furl string. A [[Categoryhttps:VTLUUG Projects]//tahoe-lafs.org/trac/tahoe-lafs/ticket/467 patch]is in the works to allow clients to choose their own storage nodes that should mitigate this. [[Category:InfrastructureVTLUUG:Projects]][[Category:SoftwareDeprecated]]