Old backend, also known as Cstore, has a number of design problems.
Things that are impossible in the current system that one may want to see:
- Rollback without reboot.
- Commit dry-run (check the config correctness but do not apply).
- "show | display set" (not entirely impossible, but not in a natural way)
- Remote API (again, not impossible, but needs a lot of additional layers)
Read and write operations disparity
Config read (cli-shell-api and Vyatta::Config) and write APIs are separated. Write API relies on /opt/vyatta/sbin/my_cli_bin calls and specific environment setup, which makes it hard to impossible to make the config modification API programmatic and especially remote access friendly without additional abstraction layers.
Problem: Config is represented as a directory tree with values stored in files.
- Increased number of system calls (and thus context switches) affects performance.
- Makes it difficult to implement flexible permissions system (would require assigning multiple ACLs to nodes on creation)
Possible solution: Use in-memory multi-way tree.
Running and proposed config organization
Problem: Uniform access to the running and proposed config from session is achieved with union mounting corresponding directories with UnionFS.
- Blocks upgrade to newer kernels because kernel implementation of UnionFS is not longer maintained.
- Further complicates data organization.
Possible solution: Temporary: use userspace UnionFS. Permanent: use in-memory datastructures.
Commit dependency model (or lack thereof)
Problem: Dependencies between config parts are expressed as hardcoded priorities.
- Makes commit strictly sequential and impossible to parallelize.
- Makes rollback implementation difficult.
Possible solution: Use dependency-based model.
Problem: Each part of the config is performs commit-time checks and updates the configs independently.
- If an errors occurs at any stage, the system does not rollback, it stays in inconsistent state. In case commited changes were mutually dependent, it may render the system unusable until manual intervention or reboot initiated by commit-confirm.
Possible solution: Split commit in three stages: validate, update, and apply.
New backend requirements
- Programmer-friendly read and write operations.
- Network transparent API.
- Separate commit stages (verify, generate configs, apply).
- Dependency-based commit model.