Skip to content

v0.2.0 — clustering foundations

Choose a tag to compare

View all tags
@incognick incognick released this 12 Jun 18:23
· 55 commits to main since this release
Immutable release. Only release title and notes can be modified.
v0.2.0
22fd1ff

The second Hamster release: clustering foundations.

Dev preview. The metadata cluster is real and runnable; the S3 endpoint stays single-node until erasure coding gives objects a replicated home (v0.3). On-disk and on-wire formats may change between v0 releases. Try the cluster preview — three terminals, about two minutes.

What's in v0.2

  • Raft-replicated metadata: one consensus group, every committed write on every member, rebuilt bit-identically from snapshot plus log on restart. Object data will never pass through this log — that's the design's first invariant.
  • hamster cluster: init founds a cluster, token mints single-use, TTL-bound join tokens, run -token joins and runs in one restart-safe command, status shows membership and leadership from any node, recover is the explicit, documented exit from permanent quorum loss.
  • Mutual TLS between nodes, always: init mints a cluster CA, joiners authenticate the cluster through the token's pinned CA hash before trusting anything, and every inter-node byte rides mTLS with certificate-bound identity. There is no plaintext mode and no flag to create one — and nothing to configure.
  • Learners and the voter cap: nodes join as learners and are promoted to voters automatically once caught up, capped at five voters so quorum cost stays constant no matter how large the cluster grows.
  • Crash-safe compaction: snapshot-carrying single-frame log rotation; a lagging or brand-new member catches up via a streamed snapshot that carries the address book with the data.

How it's verified

  • The deterministic simulation harness runs the consensus layer through seeded schedules: elections, leader crashes, partitions, snapshot catch-up, membership growth, voter-cap enforcement, recovery from quorum loss — including the case where recovery must preserve a write the dead majority may have committed. Election timing is Hamster's own and fully schedulable, so the same seed replays the same history, elections included.
  • An e2e suite drives the real binary through the operator's lifecycle: init, token joins, status, a leader killed mid-flight, failover, restart from disk, clean shutdown.
  • The race detector and the v0.1 compatibility suite (aws CLI, rclone, restic, s3cmd) keep passing.

Binaries below are static (CGO_ENABLED=0), version-stamped (hamster version), with SHA-256 checksums in SHA256SUMS. Next up, v0.3: erasure coding with self-healing repair — and the S3 endpoint joins the cluster.

Assets 8
Loading