Rolling upgrades

Upgrading a Concentrated Dispersalsystem, particularly those with a very small number of stores (3 or 4) encounter the same problem of "rolling site outages", where data written with the first node down will become unreadable once the first node comes back online and the second node goes down for upgrade. This manifests as a "double node failure" and it may be impossible for very small systems to tolerate without availability loss during upgrades.

To prevent availability outages during upgrades of a Concentrated Dispersal system, the rolling upgrades process will wait at least 72 hours before proceeding to upgrade the next Slicestor device. This provides ample time for rebuilding to occur and guarantee full availability for all objects in the system during the upgrade of subsequent Slicestor devices.

Outside the context of upgrades, any outage of two or more Slicestor devices occurring within a short time window (less than 72 hours) may lead to an availability outage of some objects. More specifically, for the duration of the second Slicestor device’s outage, objects written during the first Slicestor device’s outage may be unreadable. Full object availability is restored when the second Slicestor device becomes available and following the rebuilding of missed objects (which can take up to 72 hours to complete), full fault tolerance for Slicestor device outages returns.