diff options
| author | Christian Grothoff <christian@grothoff.org> | 2021-01-06 20:00:07 +0100 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2021-01-06 20:00:07 +0100 |
| commit | b1841f2970d4f205774a0f0b667bd04770ca6c07 (patch) | |
| tree | 5be9d4a6d639db2cec1e05529586bb83988ec7a2 | |
| parent | 00818f108242fd3f47713cc0b94344de0847ec64 (diff) | |
| download | docs-b1841f2970d4f205774a0f0b667bd04770ca6c07.tar.gz docs-b1841f2970d4f205774a0f0b667bd04770ca6c07.tar.bz2 docs-b1841f2970d4f205774a0f0b667bd04770ca6c07.zip | |
discuss how to deal with UPDATED (mutable) tables during auditor replication
| -rw-r--r-- | design-documents/011-auditor-db-sync.rst | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/design-documents/011-auditor-db-sync.rst b/design-documents/011-auditor-db-sync.rst index bf8f9a52..aba7b503 100644 --- a/design-documents/011-auditor-db-sync.rst +++ b/design-documents/011-auditor-db-sync.rst @@ -94,6 +94,34 @@ Proposed Solution * The canonical Postgres synchronization between exchange and the auditor's "ingress" database must use transport security. +The above solution does not gracefully handle mutable tables on which +the exchange performs UPDATE statements, as such updates will not bump +the BIGSERIAL and thus would not be replicated by the helper. Thus, we +need to consider all tables that the exchange ever performs UPDATE on. +Those are: + +* /reserves/ --- the exchange updates the remaining reserve balance; + here the auditor currently performs a sanity check against + its own reserve balance calculation. The proposed way to address + this is to make this sanity check optional and to be only used if + the auditor auditor runs against the "primary" exchange database + (like an internal audit). This is acceptable, as an inaccurate + reserve balance is mostly used to raise an early warning and not + indicative of any actualized financial gains or losses from the + exchange. +* /deposits/ --- the exchange updates the /tiny/ and /done/ bit + fields. /tiny/ can be trivially established by the auditor, and + we can simply avoid the auditor considering that bit. /done/ + was so far only used to enrich the reporting. The proposed way + to address the uses of both fields is thus to only use them in + internal audits (against the primary exchange database). Both + can be safely ignored by the external audit. +* /prewire/ --- the exchange updates the /finished/ and /failed/ + bits. The entire table is not used by the auditor and its + main values cannot be validated by the auditor anyway. +* /auditors/ --- the exchange updates the /is_active/ and /last_change/ + fields. The entire table is of no concern to the auditor. + Alternatives ============ |