2019-01-24 20:15:10 +00:00
|
|
|
// Copyright (C) 2019 Storj Labs, Inc.
|
2018-10-09 22:10:37 +01:00
|
|
|
// See LICENSE for copying information.
|
|
|
|
|
|
|
|
package audit
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
|
|
|
"context"
|
|
|
|
"io"
|
2019-09-11 23:37:01 +01:00
|
|
|
"math/rand"
|
2019-03-19 17:37:26 +00:00
|
|
|
"time"
|
2018-10-09 22:10:37 +01:00
|
|
|
|
2019-11-08 20:40:39 +00:00
|
|
|
"github.com/spacemonkeygo/monkit/v3"
|
2018-10-09 22:10:37 +01:00
|
|
|
"github.com/vivint/infectious"
|
2019-01-29 20:42:27 +00:00
|
|
|
"github.com/zeebo/errs"
|
2019-03-18 10:55:06 +00:00
|
|
|
"go.uber.org/zap"
|
2018-10-09 22:10:37 +01:00
|
|
|
|
2019-12-27 11:48:47 +00:00
|
|
|
"storj.io/common/errs2"
|
|
|
|
"storj.io/common/identity"
|
|
|
|
"storj.io/common/memory"
|
|
|
|
"storj.io/common/pb"
|
|
|
|
"storj.io/common/pkcrypto"
|
|
|
|
"storj.io/common/rpc"
|
|
|
|
"storj.io/common/rpc/rpcstatus"
|
|
|
|
"storj.io/common/storj"
|
2019-06-19 10:02:25 +01:00
|
|
|
"storj.io/storj/satellite/metainfo"
|
2020-08-28 12:56:09 +01:00
|
|
|
"storj.io/storj/satellite/metainfo/metabase"
|
2019-03-28 20:09:23 +00:00
|
|
|
"storj.io/storj/satellite/orders"
|
2019-07-28 06:55:36 +01:00
|
|
|
"storj.io/storj/satellite/overlay"
|
2020-02-21 14:07:29 +00:00
|
|
|
"storj.io/uplink/private/eestream"
|
|
|
|
"storj.io/uplink/private/piecestore"
|
2018-10-09 22:10:37 +01:00
|
|
|
)
|
|
|
|
|
2019-03-19 17:37:26 +00:00
|
|
|
var (
|
|
|
|
mon = monkit.Package()
|
2019-05-27 12:13:47 +01:00
|
|
|
|
2020-08-11 15:50:01 +01:00
|
|
|
// ErrNotEnoughShares is the errs class for when not enough shares are available to do an audit.
|
2019-05-27 12:13:47 +01:00
|
|
|
ErrNotEnoughShares = errs.Class("not enough shares for successful audit")
|
2020-08-11 15:50:01 +01:00
|
|
|
// ErrSegmentDeleted is the errs class when the audited segment was deleted during the audit.
|
2019-06-19 10:02:25 +01:00
|
|
|
ErrSegmentDeleted = errs.Class("segment deleted during audit")
|
2020-08-11 15:50:01 +01:00
|
|
|
// ErrSegmentModified is the errs class used when a segment has been changed in any way.
|
2020-03-04 23:09:18 +00:00
|
|
|
ErrSegmentModified = errs.Class("segment has been modified")
|
2019-03-19 17:37:26 +00:00
|
|
|
)
|
2018-10-09 22:10:37 +01:00
|
|
|
|
2020-07-16 15:18:02 +01:00
|
|
|
// Share represents required information about an audited share.
|
2019-01-23 19:58:44 +00:00
|
|
|
type Share struct {
|
2019-03-18 10:55:06 +00:00
|
|
|
Error error
|
|
|
|
PieceNum int
|
2019-06-11 09:00:59 +01:00
|
|
|
NodeID storj.NodeID
|
2019-03-18 10:55:06 +00:00
|
|
|
Data []byte
|
2018-10-09 22:10:37 +01:00
|
|
|
}
|
|
|
|
|
2020-12-05 16:01:42 +00:00
|
|
|
// Verifier helps verify the correctness of a given stripe.
|
2019-09-10 14:24:16 +01:00
|
|
|
//
|
|
|
|
// architecture: Worker
|
2018-10-10 19:25:46 +01:00
|
|
|
type Verifier struct {
|
2019-06-03 10:17:09 +01:00
|
|
|
log *zap.Logger
|
2019-06-19 10:02:25 +01:00
|
|
|
metainfo *metainfo.Service
|
2019-06-03 10:17:09 +01:00
|
|
|
orders *orders.Service
|
|
|
|
auditor *identity.PeerIdentity
|
2019-09-19 05:46:39 +01:00
|
|
|
dialer rpc.Dialer
|
2019-08-06 17:35:59 +01:00
|
|
|
overlay *overlay.Service
|
2019-06-03 10:17:09 +01:00
|
|
|
containment Containment
|
|
|
|
minBytesPerSecond memory.Size
|
|
|
|
minDownloadTimeout time.Duration
|
2019-09-11 23:37:01 +01:00
|
|
|
|
|
|
|
OnTestingCheckSegmentAlteredHook func()
|
2018-10-09 22:10:37 +01:00
|
|
|
}
|
|
|
|
|
2020-07-16 15:18:02 +01:00
|
|
|
// NewVerifier creates a Verifier.
|
2019-09-19 05:46:39 +01:00
|
|
|
func NewVerifier(log *zap.Logger, metainfo *metainfo.Service, dialer rpc.Dialer, overlay *overlay.Service, containment Containment, orders *orders.Service, id *identity.FullIdentity, minBytesPerSecond memory.Size, minDownloadTimeout time.Duration) *Verifier {
|
2019-05-27 12:13:47 +01:00
|
|
|
return &Verifier{
|
2019-06-03 10:17:09 +01:00
|
|
|
log: log,
|
2019-06-19 10:02:25 +01:00
|
|
|
metainfo: metainfo,
|
2019-06-03 10:17:09 +01:00
|
|
|
orders: orders,
|
|
|
|
auditor: id.PeerIdentity(),
|
2019-09-19 05:46:39 +01:00
|
|
|
dialer: dialer,
|
2019-06-03 10:17:09 +01:00
|
|
|
overlay: overlay,
|
|
|
|
containment: containment,
|
|
|
|
minBytesPerSecond: minBytesPerSecond,
|
|
|
|
minDownloadTimeout: minDownloadTimeout,
|
2019-05-27 12:13:47 +01:00
|
|
|
}
|
2018-10-09 22:10:37 +01:00
|
|
|
}
|
|
|
|
|
2019-09-11 23:37:01 +01:00
|
|
|
// Verify downloads shares then verifies the data correctness at a random stripe.
|
2019-10-09 15:06:58 +01:00
|
|
|
func (verifier *Verifier) Verify(ctx context.Context, path storj.Path, skip map[storj.NodeID]bool) (report Report, err error) {
|
2019-03-20 10:54:37 +00:00
|
|
|
defer mon.Task()(&ctx)(&err)
|
|
|
|
|
2020-09-03 14:54:56 +01:00
|
|
|
pointerBytes, pointer, err := verifier.metainfo.GetWithBytes(ctx, metabase.SegmentKey(path))
|
2019-09-11 23:37:01 +01:00
|
|
|
if err != nil {
|
2019-12-10 20:21:30 +00:00
|
|
|
if storj.ErrObjectNotFound.Has(err) {
|
2020-08-25 14:32:05 +01:00
|
|
|
verifier.log.Debug("segment deleted before Verify")
|
|
|
|
return Report{}, nil
|
2019-09-11 23:37:01 +01:00
|
|
|
}
|
2019-10-09 15:06:58 +01:00
|
|
|
return Report{}, err
|
2019-09-11 23:37:01 +01:00
|
|
|
}
|
2020-12-15 11:45:19 +00:00
|
|
|
if !pointer.ExpirationDate.IsZero() && pointer.ExpirationDate.Before(time.Now()) {
|
2020-08-25 14:32:05 +01:00
|
|
|
verifier.log.Debug("segment expired before Verify")
|
|
|
|
return Report{}, nil
|
2019-11-05 19:41:48 +00:00
|
|
|
}
|
2019-09-11 23:37:01 +01:00
|
|
|
|
|
|
|
randomIndex, err := GetRandomStripe(ctx, pointer)
|
|
|
|
if err != nil {
|
2019-10-09 15:06:58 +01:00
|
|
|
return Report{}, err
|
2019-09-11 23:37:01 +01:00
|
|
|
}
|
|
|
|
|
2019-03-20 10:54:37 +00:00
|
|
|
shareSize := pointer.GetRemote().GetRedundancy().GetErasureShareSize()
|
2020-08-28 12:56:09 +01:00
|
|
|
segmentLocation, err := metabase.ParseSegmentKey(metabase.SegmentKey(path))
|
|
|
|
if err != nil {
|
|
|
|
return Report{}, err
|
|
|
|
}
|
2019-03-28 20:09:23 +00:00
|
|
|
|
2019-06-07 13:38:41 +01:00
|
|
|
var offlineNodes storj.NodeIDList
|
|
|
|
var failedNodes storj.NodeIDList
|
2019-11-19 16:30:28 +00:00
|
|
|
var unknownNodes storj.NodeIDList
|
2019-06-07 13:38:41 +01:00
|
|
|
containedNodes := make(map[int]storj.NodeID)
|
|
|
|
sharesToAudit := make(map[int]Share)
|
|
|
|
|
satellite/audit: use LastIPAndPort preferentially
This preserves the last_ip_and_port field from node lookups through
CreateAuditOrderLimits() and CreateAuditOrderLimit(), so that later
calls to (*Verifier).GetShare() can try to use that IP and port. If a
connection to the given IP and port cannot be made, or the connection
cannot be verified and secured with the target node identity, an
attempt is made to connect to the original node address instead.
A similar change is not necessary to the other Create*OrderLimits
functions, because they already replace node addresses with the cached
IP and port as appropriate. We might want to consider making a similar
change to CreateGetRepairOrderLimits(), though.
The audit situation is unique because the ramifications are especially
powerful when we get the address wrong. Failing a single audit can have
a heavy cost to a storage node. We need to make extra effort in order
to avoid imposing that cost unfairly.
Situation 1: If an audit fails because the repair worker failed to make
a DNS query (which might well be the fault on the satellite side), and
we have last_ip_and_port information available for the target node, it
would be unfair not to try connecting to that last_ip_and_port address.
Situation 2: If a node has changed addresses recently and the operator
correctly changed its DNS entry, but we don't bother querying DNS, it
would be unfair to penalize the node for our failure to connect to it.
So the audit worker must try both last_ip_and_port _and_ the node
address as supplied by the SNO.
We elect here to try last_ip_and_port first, on the grounds that (a) it
is expected to work in the large majority of cases, and (b) there
should not be any security concerns with connecting to an out-or-date
address, and (c) avoiding DNS queries on the satellite side helps
alleviate satellite operational load.
Change-Id: I9bf6c6c79866d879adecac6144a6c346f4f61200
2020-09-30 05:53:43 +01:00
|
|
|
orderLimits, privateKey, cachedIPsAndPorts, err := verifier.orders.CreateAuditOrderLimits(ctx, segmentLocation.Bucket(), pointer, skip)
|
2019-03-28 20:09:23 +00:00
|
|
|
if err != nil {
|
2019-10-09 15:06:58 +01:00
|
|
|
return Report{}, err
|
2019-03-28 20:09:23 +00:00
|
|
|
}
|
2019-03-20 10:54:37 +00:00
|
|
|
|
2019-08-20 15:23:14 +01:00
|
|
|
// NOTE offlineNodes will include disqualified nodes because they aren't in
|
|
|
|
// the skip list
|
2019-09-11 23:37:01 +01:00
|
|
|
offlineNodes = getOfflineNodes(pointer, orderLimits, skip)
|
2019-06-07 13:38:41 +01:00
|
|
|
if len(offlineNodes) > 0 {
|
2019-10-08 11:51:57 +01:00
|
|
|
verifier.log.Debug("Verify: order limits not created for some nodes (offline/disqualified)",
|
|
|
|
zap.Strings("Node IDs", offlineNodes.Strings()))
|
2019-06-07 13:38:41 +01:00
|
|
|
}
|
|
|
|
|
satellite/audit: use LastIPAndPort preferentially
This preserves the last_ip_and_port field from node lookups through
CreateAuditOrderLimits() and CreateAuditOrderLimit(), so that later
calls to (*Verifier).GetShare() can try to use that IP and port. If a
connection to the given IP and port cannot be made, or the connection
cannot be verified and secured with the target node identity, an
attempt is made to connect to the original node address instead.
A similar change is not necessary to the other Create*OrderLimits
functions, because they already replace node addresses with the cached
IP and port as appropriate. We might want to consider making a similar
change to CreateGetRepairOrderLimits(), though.
The audit situation is unique because the ramifications are especially
powerful when we get the address wrong. Failing a single audit can have
a heavy cost to a storage node. We need to make extra effort in order
to avoid imposing that cost unfairly.
Situation 1: If an audit fails because the repair worker failed to make
a DNS query (which might well be the fault on the satellite side), and
we have last_ip_and_port information available for the target node, it
would be unfair not to try connecting to that last_ip_and_port address.
Situation 2: If a node has changed addresses recently and the operator
correctly changed its DNS entry, but we don't bother querying DNS, it
would be unfair to penalize the node for our failure to connect to it.
So the audit worker must try both last_ip_and_port _and_ the node
address as supplied by the SNO.
We elect here to try last_ip_and_port first, on the grounds that (a) it
is expected to work in the large majority of cases, and (b) there
should not be any security concerns with connecting to an out-or-date
address, and (c) avoiding DNS queries on the satellite side helps
alleviate satellite operational load.
Change-Id: I9bf6c6c79866d879adecac6144a6c346f4f61200
2020-09-30 05:53:43 +01:00
|
|
|
shares, err := verifier.DownloadShares(ctx, orderLimits, privateKey, cachedIPsAndPorts, randomIndex, shareSize)
|
2019-03-20 10:54:37 +00:00
|
|
|
if err != nil {
|
2019-10-09 15:06:58 +01:00
|
|
|
return Report{
|
2019-06-19 10:02:25 +01:00
|
|
|
Offlines: offlineNodes,
|
|
|
|
}, err
|
|
|
|
}
|
|
|
|
|
2020-03-04 23:09:18 +00:00
|
|
|
err = verifier.checkIfSegmentAltered(ctx, path, pointer, pointerBytes)
|
2019-06-19 10:02:25 +01:00
|
|
|
if err != nil {
|
2020-08-25 14:32:05 +01:00
|
|
|
if ErrSegmentDeleted.Has(err) {
|
|
|
|
verifier.log.Debug("segment deleted during Verify")
|
|
|
|
return Report{}, nil
|
|
|
|
}
|
|
|
|
if ErrSegmentModified.Has(err) {
|
|
|
|
verifier.log.Debug("segment modified during Verify")
|
|
|
|
return Report{}, nil
|
|
|
|
}
|
2019-10-09 15:06:58 +01:00
|
|
|
return Report{
|
2019-06-19 10:02:25 +01:00
|
|
|
Offlines: offlineNodes,
|
|
|
|
}, err
|
2019-03-20 10:54:37 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
for pieceNum, share := range shares {
|
2019-06-07 13:38:41 +01:00
|
|
|
if share.Error == nil {
|
|
|
|
// no error -- share downloaded successfully
|
|
|
|
sharesToAudit[pieceNum] = share
|
|
|
|
continue
|
|
|
|
}
|
2019-09-19 05:46:39 +01:00
|
|
|
if rpc.Error.Has(share.Error) {
|
2019-06-26 08:38:07 +01:00
|
|
|
if errs.Is(share.Error, context.DeadlineExceeded) {
|
2019-06-07 13:38:41 +01:00
|
|
|
// dial timeout
|
2019-06-11 09:00:59 +01:00
|
|
|
offlineNodes = append(offlineNodes, share.NodeID)
|
2019-10-08 11:51:57 +01:00
|
|
|
verifier.log.Debug("Verify: dial timeout (offline)",
|
|
|
|
zap.Stringer("Node ID", share.NodeID),
|
|
|
|
zap.Error(share.Error))
|
2019-06-07 13:38:41 +01:00
|
|
|
continue
|
2019-03-20 10:54:37 +00:00
|
|
|
}
|
2019-09-19 05:46:39 +01:00
|
|
|
if errs2.IsRPC(share.Error, rpcstatus.Unknown) {
|
2019-06-07 13:38:41 +01:00
|
|
|
// dial failed -- offline node
|
2019-06-11 09:00:59 +01:00
|
|
|
offlineNodes = append(offlineNodes, share.NodeID)
|
2019-10-08 11:51:57 +01:00
|
|
|
verifier.log.Debug("Verify: dial failed (offline)",
|
|
|
|
zap.Stringer("Node ID", share.NodeID),
|
|
|
|
zap.Error(share.Error))
|
2019-06-07 13:38:41 +01:00
|
|
|
continue
|
|
|
|
}
|
|
|
|
// unknown transport error
|
2019-11-19 16:30:28 +00:00
|
|
|
unknownNodes = append(unknownNodes, share.NodeID)
|
2020-03-30 19:09:50 +01:00
|
|
|
verifier.log.Info("Verify: unknown transport error (skipped)",
|
2019-10-08 11:51:57 +01:00
|
|
|
zap.Stringer("Node ID", share.NodeID),
|
|
|
|
zap.Error(share.Error))
|
2019-10-11 19:40:02 +01:00
|
|
|
continue
|
2019-06-07 13:38:41 +01:00
|
|
|
}
|
|
|
|
|
2019-09-19 05:46:39 +01:00
|
|
|
if errs2.IsRPC(share.Error, rpcstatus.NotFound) {
|
2019-06-07 13:38:41 +01:00
|
|
|
// missing share
|
2019-06-11 09:00:59 +01:00
|
|
|
failedNodes = append(failedNodes, share.NodeID)
|
2020-03-30 19:09:50 +01:00
|
|
|
verifier.log.Info("Verify: piece not found (audit failed)",
|
2019-10-08 11:51:57 +01:00
|
|
|
zap.Stringer("Node ID", share.NodeID),
|
|
|
|
zap.Error(share.Error))
|
2019-06-07 13:38:41 +01:00
|
|
|
continue
|
2019-03-20 10:54:37 +00:00
|
|
|
}
|
2019-06-07 13:38:41 +01:00
|
|
|
|
2019-09-19 05:46:39 +01:00
|
|
|
if errs2.IsRPC(share.Error, rpcstatus.DeadlineExceeded) {
|
2019-06-07 13:38:41 +01:00
|
|
|
// dial successful, but download timed out
|
2019-06-11 09:00:59 +01:00
|
|
|
containedNodes[pieceNum] = share.NodeID
|
2020-03-30 19:09:50 +01:00
|
|
|
verifier.log.Info("Verify: download timeout (contained)",
|
2019-10-08 11:51:57 +01:00
|
|
|
zap.Stringer("Node ID", share.NodeID),
|
|
|
|
zap.Error(share.Error))
|
2019-06-07 13:38:41 +01:00
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
// unknown error
|
2019-11-19 16:30:28 +00:00
|
|
|
unknownNodes = append(unknownNodes, share.NodeID)
|
2020-03-30 19:09:50 +01:00
|
|
|
verifier.log.Info("Verify: unknown error (skipped)",
|
2019-10-08 11:51:57 +01:00
|
|
|
zap.Stringer("Node ID", share.NodeID),
|
|
|
|
zap.Error(share.Error))
|
2019-03-20 10:54:37 +00:00
|
|
|
}
|
|
|
|
|
2020-10-13 13:13:41 +01:00
|
|
|
mon.IntVal("verify_shares_downloaded_successfully").Observe(int64(len(sharesToAudit))) //mon:locked
|
2020-02-26 21:19:58 +00:00
|
|
|
|
2019-03-20 10:54:37 +00:00
|
|
|
required := int(pointer.Remote.Redundancy.GetMinReq())
|
|
|
|
total := int(pointer.Remote.Redundancy.GetTotal())
|
|
|
|
|
|
|
|
if len(sharesToAudit) < required {
|
2020-04-01 18:26:45 +01:00
|
|
|
mon.Counter("not_enough_shares_for_audit").Inc(1)
|
2019-10-09 15:06:58 +01:00
|
|
|
return Report{
|
2019-06-07 13:38:41 +01:00
|
|
|
Fails: failedNodes,
|
2019-05-23 23:32:19 +01:00
|
|
|
Offlines: offlineNodes,
|
2019-11-19 16:30:28 +00:00
|
|
|
Unknown: unknownNodes,
|
2019-05-27 12:13:47 +01:00
|
|
|
}, ErrNotEnoughShares.New("got %d, required %d", len(sharesToAudit), required)
|
2019-03-20 10:54:37 +00:00
|
|
|
}
|
2020-04-01 18:26:45 +01:00
|
|
|
// ensure we get values, even if only zero values, so that redash can have an alert based on this
|
|
|
|
mon.Counter("not_enough_shares_for_audit").Inc(0)
|
2019-03-20 10:54:37 +00:00
|
|
|
|
2019-05-23 21:07:19 +01:00
|
|
|
pieceNums, correctedShares, err := auditShares(ctx, required, total, sharesToAudit)
|
2019-03-20 10:54:37 +00:00
|
|
|
if err != nil {
|
2019-10-09 15:06:58 +01:00
|
|
|
return Report{
|
2019-06-07 13:38:41 +01:00
|
|
|
Fails: failedNodes,
|
2019-05-23 23:32:19 +01:00
|
|
|
Offlines: offlineNodes,
|
2019-11-19 16:30:28 +00:00
|
|
|
Unknown: unknownNodes,
|
2019-05-23 21:07:19 +01:00
|
|
|
}, err
|
2019-03-20 10:54:37 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
for _, pieceNum := range pieceNums {
|
2019-06-11 09:00:59 +01:00
|
|
|
failedNodes = append(failedNodes, shares[pieceNum].NodeID)
|
2019-03-20 10:54:37 +00:00
|
|
|
}
|
|
|
|
|
2019-11-19 16:30:28 +00:00
|
|
|
successNodes := getSuccessNodes(ctx, shares, failedNodes, offlineNodes, unknownNodes, containedNodes)
|
2019-05-23 21:07:19 +01:00
|
|
|
|
2019-09-11 23:37:01 +01:00
|
|
|
totalInPointer := len(pointer.GetRemote().GetRemotePieces())
|
2019-05-31 21:46:25 +01:00
|
|
|
numOffline := len(offlineNodes)
|
|
|
|
numSuccessful := len(successNodes)
|
|
|
|
numFailed := len(failedNodes)
|
2019-06-07 13:38:41 +01:00
|
|
|
numContained := len(containedNodes)
|
2019-11-19 16:30:28 +00:00
|
|
|
numUnknown := len(unknownNodes)
|
2019-06-07 13:38:41 +01:00
|
|
|
totalAudited := numSuccessful + numFailed + numOffline + numContained
|
2019-05-31 21:46:25 +01:00
|
|
|
auditedPercentage := float64(totalAudited) / float64(totalInPointer)
|
|
|
|
offlinePercentage := float64(0)
|
|
|
|
successfulPercentage := float64(0)
|
|
|
|
failedPercentage := float64(0)
|
2019-06-07 13:38:41 +01:00
|
|
|
containedPercentage := float64(0)
|
2019-11-19 16:30:28 +00:00
|
|
|
unknownPercentage := float64(0)
|
2019-05-31 21:46:25 +01:00
|
|
|
if totalAudited > 0 {
|
|
|
|
offlinePercentage = float64(numOffline) / float64(totalAudited)
|
|
|
|
successfulPercentage = float64(numSuccessful) / float64(totalAudited)
|
|
|
|
failedPercentage = float64(numFailed) / float64(totalAudited)
|
2019-06-07 13:38:41 +01:00
|
|
|
containedPercentage = float64(numContained) / float64(totalAudited)
|
2019-11-19 16:30:28 +00:00
|
|
|
unknownPercentage = float64(numUnknown) / float64(totalAudited)
|
|
|
|
}
|
|
|
|
|
2020-10-13 13:13:41 +01:00
|
|
|
mon.Meter("audit_success_nodes_global").Mark(numSuccessful) //mon:locked
|
|
|
|
mon.Meter("audit_fail_nodes_global").Mark(numFailed) //mon:locked
|
|
|
|
mon.Meter("audit_offline_nodes_global").Mark(numOffline) //mon:locked
|
|
|
|
mon.Meter("audit_contained_nodes_global").Mark(numContained) //mon:locked
|
|
|
|
mon.Meter("audit_unknown_nodes_global").Mark(numUnknown) //mon:locked
|
|
|
|
mon.Meter("audit_total_nodes_global").Mark(totalAudited) //mon:locked
|
|
|
|
mon.Meter("audit_total_pointer_nodes_global").Mark(totalInPointer) //mon:locked
|
|
|
|
|
|
|
|
mon.IntVal("audit_success_nodes").Observe(int64(numSuccessful)) //mon:locked
|
|
|
|
mon.IntVal("audit_fail_nodes").Observe(int64(numFailed)) //mon:locked
|
|
|
|
mon.IntVal("audit_offline_nodes").Observe(int64(numOffline)) //mon:locked
|
|
|
|
mon.IntVal("audit_contained_nodes").Observe(int64(numContained)) //mon:locked
|
|
|
|
mon.IntVal("audit_unknown_nodes").Observe(int64(numUnknown)) //mon:locked
|
|
|
|
mon.IntVal("audit_total_nodes").Observe(int64(totalAudited)) //mon:locked
|
|
|
|
mon.IntVal("audit_total_pointer_nodes").Observe(int64(totalInPointer)) //mon:locked
|
|
|
|
mon.FloatVal("audited_percentage").Observe(auditedPercentage) //mon:locked
|
|
|
|
mon.FloatVal("audit_offline_percentage").Observe(offlinePercentage) //mon:locked
|
|
|
|
mon.FloatVal("audit_successful_percentage").Observe(successfulPercentage) //mon:locked
|
|
|
|
mon.FloatVal("audit_failed_percentage").Observe(failedPercentage) //mon:locked
|
|
|
|
mon.FloatVal("audit_contained_percentage").Observe(containedPercentage) //mon:locked
|
|
|
|
mon.FloatVal("audit_unknown_percentage").Observe(unknownPercentage) //mon:locked
|
2019-05-31 21:46:25 +01:00
|
|
|
|
2019-09-11 23:37:01 +01:00
|
|
|
pendingAudits, err := createPendingAudits(ctx, containedNodes, correctedShares, pointer, randomIndex, path)
|
2019-05-23 21:07:19 +01:00
|
|
|
if err != nil {
|
2019-10-09 15:06:58 +01:00
|
|
|
return Report{
|
2019-05-23 23:32:19 +01:00
|
|
|
Successes: successNodes,
|
|
|
|
Fails: failedNodes,
|
|
|
|
Offlines: offlineNodes,
|
2019-11-19 16:30:28 +00:00
|
|
|
Unknown: unknownNodes,
|
2019-05-23 21:07:19 +01:00
|
|
|
}, err
|
|
|
|
}
|
2019-03-20 10:54:37 +00:00
|
|
|
|
2019-10-09 15:06:58 +01:00
|
|
|
return Report{
|
2019-05-23 23:32:19 +01:00
|
|
|
Successes: successNodes,
|
|
|
|
Fails: failedNodes,
|
|
|
|
Offlines: offlineNodes,
|
|
|
|
PendingAudits: pendingAudits,
|
2019-11-19 16:30:28 +00:00
|
|
|
Unknown: unknownNodes,
|
2019-03-20 10:54:37 +00:00
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
2020-07-16 15:18:02 +01:00
|
|
|
// DownloadShares downloads shares from the nodes where remote pieces are located.
|
satellite/audit: use LastIPAndPort preferentially
This preserves the last_ip_and_port field from node lookups through
CreateAuditOrderLimits() and CreateAuditOrderLimit(), so that later
calls to (*Verifier).GetShare() can try to use that IP and port. If a
connection to the given IP and port cannot be made, or the connection
cannot be verified and secured with the target node identity, an
attempt is made to connect to the original node address instead.
A similar change is not necessary to the other Create*OrderLimits
functions, because they already replace node addresses with the cached
IP and port as appropriate. We might want to consider making a similar
change to CreateGetRepairOrderLimits(), though.
The audit situation is unique because the ramifications are especially
powerful when we get the address wrong. Failing a single audit can have
a heavy cost to a storage node. We need to make extra effort in order
to avoid imposing that cost unfairly.
Situation 1: If an audit fails because the repair worker failed to make
a DNS query (which might well be the fault on the satellite side), and
we have last_ip_and_port information available for the target node, it
would be unfair not to try connecting to that last_ip_and_port address.
Situation 2: If a node has changed addresses recently and the operator
correctly changed its DNS entry, but we don't bother querying DNS, it
would be unfair to penalize the node for our failure to connect to it.
So the audit worker must try both last_ip_and_port _and_ the node
address as supplied by the SNO.
We elect here to try last_ip_and_port first, on the grounds that (a) it
is expected to work in the large majority of cases, and (b) there
should not be any security concerns with connecting to an out-or-date
address, and (c) avoiding DNS queries on the satellite side helps
alleviate satellite operational load.
Change-Id: I9bf6c6c79866d879adecac6144a6c346f4f61200
2020-09-30 05:53:43 +01:00
|
|
|
func (verifier *Verifier) DownloadShares(ctx context.Context, limits []*pb.AddressedOrderLimit, piecePrivateKey storj.PiecePrivateKey, cachedIPsAndPorts map[storj.NodeID]string, stripeIndex int64, shareSize int32) (shares map[int]Share, err error) {
|
2019-03-20 10:54:37 +00:00
|
|
|
defer mon.Task()(&ctx)(&err)
|
|
|
|
|
|
|
|
shares = make(map[int]Share, len(limits))
|
2019-06-11 09:00:59 +01:00
|
|
|
ch := make(chan *Share, len(limits))
|
2019-03-20 10:54:37 +00:00
|
|
|
|
|
|
|
for i, limit := range limits {
|
|
|
|
if limit == nil {
|
2019-06-11 09:00:59 +01:00
|
|
|
ch <- nil
|
2019-03-20 10:54:37 +00:00
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
satellite/audit: use LastIPAndPort preferentially
This preserves the last_ip_and_port field from node lookups through
CreateAuditOrderLimits() and CreateAuditOrderLimit(), so that later
calls to (*Verifier).GetShare() can try to use that IP and port. If a
connection to the given IP and port cannot be made, or the connection
cannot be verified and secured with the target node identity, an
attempt is made to connect to the original node address instead.
A similar change is not necessary to the other Create*OrderLimits
functions, because they already replace node addresses with the cached
IP and port as appropriate. We might want to consider making a similar
change to CreateGetRepairOrderLimits(), though.
The audit situation is unique because the ramifications are especially
powerful when we get the address wrong. Failing a single audit can have
a heavy cost to a storage node. We need to make extra effort in order
to avoid imposing that cost unfairly.
Situation 1: If an audit fails because the repair worker failed to make
a DNS query (which might well be the fault on the satellite side), and
we have last_ip_and_port information available for the target node, it
would be unfair not to try connecting to that last_ip_and_port address.
Situation 2: If a node has changed addresses recently and the operator
correctly changed its DNS entry, but we don't bother querying DNS, it
would be unfair to penalize the node for our failure to connect to it.
So the audit worker must try both last_ip_and_port _and_ the node
address as supplied by the SNO.
We elect here to try last_ip_and_port first, on the grounds that (a) it
is expected to work in the large majority of cases, and (b) there
should not be any security concerns with connecting to an out-or-date
address, and (c) avoiding DNS queries on the satellite side helps
alleviate satellite operational load.
Change-Id: I9bf6c6c79866d879adecac6144a6c346f4f61200
2020-09-30 05:53:43 +01:00
|
|
|
ip := cachedIPsAndPorts[limit.Limit.StorageNodeId]
|
2019-06-11 09:00:59 +01:00
|
|
|
go func(i int, limit *pb.AddressedOrderLimit) {
|
satellite/audit: use LastIPAndPort preferentially
This preserves the last_ip_and_port field from node lookups through
CreateAuditOrderLimits() and CreateAuditOrderLimit(), so that later
calls to (*Verifier).GetShare() can try to use that IP and port. If a
connection to the given IP and port cannot be made, or the connection
cannot be verified and secured with the target node identity, an
attempt is made to connect to the original node address instead.
A similar change is not necessary to the other Create*OrderLimits
functions, because they already replace node addresses with the cached
IP and port as appropriate. We might want to consider making a similar
change to CreateGetRepairOrderLimits(), though.
The audit situation is unique because the ramifications are especially
powerful when we get the address wrong. Failing a single audit can have
a heavy cost to a storage node. We need to make extra effort in order
to avoid imposing that cost unfairly.
Situation 1: If an audit fails because the repair worker failed to make
a DNS query (which might well be the fault on the satellite side), and
we have last_ip_and_port information available for the target node, it
would be unfair not to try connecting to that last_ip_and_port address.
Situation 2: If a node has changed addresses recently and the operator
correctly changed its DNS entry, but we don't bother querying DNS, it
would be unfair to penalize the node for our failure to connect to it.
So the audit worker must try both last_ip_and_port _and_ the node
address as supplied by the SNO.
We elect here to try last_ip_and_port first, on the grounds that (a) it
is expected to work in the large majority of cases, and (b) there
should not be any security concerns with connecting to an out-or-date
address, and (c) avoiding DNS queries on the satellite side helps
alleviate satellite operational load.
Change-Id: I9bf6c6c79866d879adecac6144a6c346f4f61200
2020-09-30 05:53:43 +01:00
|
|
|
share, err := verifier.GetShare(ctx, limit, piecePrivateKey, ip, stripeIndex, shareSize, i)
|
2019-06-11 09:00:59 +01:00
|
|
|
if err != nil {
|
|
|
|
share = Share{
|
|
|
|
Error: err,
|
|
|
|
PieceNum: i,
|
|
|
|
NodeID: limit.GetLimit().StorageNodeId,
|
|
|
|
Data: nil,
|
|
|
|
}
|
2019-03-20 10:54:37 +00:00
|
|
|
}
|
2019-06-11 09:00:59 +01:00
|
|
|
ch <- &share
|
|
|
|
}(i, limit)
|
|
|
|
}
|
2019-03-20 10:54:37 +00:00
|
|
|
|
2019-06-11 09:00:59 +01:00
|
|
|
for range limits {
|
|
|
|
share := <-ch
|
|
|
|
if share != nil {
|
|
|
|
shares[share.PieceNum] = *share
|
|
|
|
}
|
2019-03-20 10:54:37 +00:00
|
|
|
}
|
|
|
|
|
2019-06-11 09:00:59 +01:00
|
|
|
return shares, nil
|
2019-03-20 10:54:37 +00:00
|
|
|
}
|
|
|
|
|
2020-07-16 15:18:02 +01:00
|
|
|
// Reverify reverifies the contained nodes in the stripe.
|
2019-10-09 15:06:58 +01:00
|
|
|
func (verifier *Verifier) Reverify(ctx context.Context, path storj.Path) (report Report, err error) {
|
2019-05-27 12:13:47 +01:00
|
|
|
defer mon.Task()(&ctx)(&err)
|
|
|
|
|
|
|
|
// result status enum
|
|
|
|
const (
|
|
|
|
skipped = iota
|
|
|
|
success
|
|
|
|
offline
|
|
|
|
failed
|
|
|
|
contained
|
2019-11-19 16:30:28 +00:00
|
|
|
unknown
|
2021-03-02 17:53:47 +00:00
|
|
|
remove
|
2019-05-27 12:13:47 +01:00
|
|
|
erred
|
|
|
|
)
|
|
|
|
|
|
|
|
type result struct {
|
|
|
|
nodeID storj.NodeID
|
|
|
|
status int
|
|
|
|
pendingAudit *PendingAudit
|
|
|
|
err error
|
|
|
|
}
|
|
|
|
|
2020-10-19 14:53:23 +01:00
|
|
|
pointer, err := verifier.metainfo.Get(ctx, metabase.SegmentKey(path))
|
2019-09-11 23:37:01 +01:00
|
|
|
if err != nil {
|
2019-12-10 20:21:30 +00:00
|
|
|
if storj.ErrObjectNotFound.Has(err) {
|
2020-08-25 14:32:05 +01:00
|
|
|
verifier.log.Debug("segment deleted before Reverify")
|
|
|
|
return Report{}, nil
|
2019-09-11 23:37:01 +01:00
|
|
|
}
|
2019-10-09 15:06:58 +01:00
|
|
|
return Report{}, err
|
2019-09-11 23:37:01 +01:00
|
|
|
}
|
2020-12-15 11:45:19 +00:00
|
|
|
if !pointer.ExpirationDate.IsZero() && pointer.ExpirationDate.Before(time.Now()) {
|
2020-08-25 14:32:05 +01:00
|
|
|
verifier.log.Debug("Segment expired before Reverify")
|
|
|
|
return Report{}, nil
|
2019-11-05 19:41:48 +00:00
|
|
|
}
|
2019-09-11 23:37:01 +01:00
|
|
|
|
|
|
|
pieces := pointer.GetRemote().GetRemotePieces()
|
2019-05-27 12:13:47 +01:00
|
|
|
ch := make(chan result, len(pieces))
|
2019-06-18 13:54:52 +01:00
|
|
|
var containedInSegment int64
|
2019-05-27 12:13:47 +01:00
|
|
|
|
|
|
|
for _, piece := range pieces {
|
|
|
|
pending, err := verifier.containment.Get(ctx, piece.NodeId)
|
|
|
|
if err != nil {
|
|
|
|
if ErrContainedNotFound.Has(err) {
|
|
|
|
ch <- result{nodeID: piece.NodeId, status: skipped}
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
ch <- result{nodeID: piece.NodeId, status: erred, err: err}
|
2020-03-30 19:09:50 +01:00
|
|
|
verifier.log.Debug("Reverify: error getting from containment db", zap.Stringer("Node ID", piece.NodeId), zap.Error(err))
|
2019-05-27 12:13:47 +01:00
|
|
|
continue
|
|
|
|
}
|
2019-06-18 13:54:52 +01:00
|
|
|
containedInSegment++
|
2019-05-27 12:13:47 +01:00
|
|
|
|
2019-09-19 00:45:15 +01:00
|
|
|
go func(pending *PendingAudit) {
|
2020-09-03 14:54:56 +01:00
|
|
|
pendingPointerBytes, pendingPointer, err := verifier.metainfo.GetWithBytes(ctx, metabase.SegmentKey(pending.Path))
|
2019-09-19 00:45:15 +01:00
|
|
|
if err != nil {
|
2019-12-10 20:21:30 +00:00
|
|
|
if storj.ErrObjectNotFound.Has(err) {
|
2021-03-02 17:53:47 +00:00
|
|
|
ch <- result{nodeID: pending.NodeID, status: remove}
|
2019-09-29 03:03:15 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2019-09-19 00:45:15 +01:00
|
|
|
ch <- result{nodeID: pending.NodeID, status: erred, err: err}
|
2020-03-30 19:09:50 +01:00
|
|
|
verifier.log.Debug("Reverify: error getting pending pointer from metainfo", zap.Stringer("Node ID", pending.NodeID), zap.Error(err))
|
2019-09-19 00:45:15 +01:00
|
|
|
return
|
|
|
|
}
|
2020-12-15 11:45:19 +00:00
|
|
|
if !pendingPointer.ExpirationDate.IsZero() && pendingPointer.ExpirationDate.Before(time.Now().UTC()) {
|
2020-03-30 19:09:50 +01:00
|
|
|
verifier.log.Debug("Reverify: segment already expired", zap.Stringer("Node ID", pending.NodeID))
|
2021-03-02 17:53:47 +00:00
|
|
|
ch <- result{nodeID: pending.NodeID, status: remove}
|
2019-11-05 19:41:48 +00:00
|
|
|
return
|
|
|
|
}
|
2019-10-07 21:06:10 +01:00
|
|
|
|
2019-09-29 03:03:15 +01:00
|
|
|
if pendingPointer.GetRemote().RootPieceId != pending.PieceID {
|
2021-03-02 17:53:47 +00:00
|
|
|
ch <- result{nodeID: pending.NodeID, status: remove}
|
2019-09-29 03:03:15 +01:00
|
|
|
return
|
|
|
|
}
|
2019-09-19 00:45:15 +01:00
|
|
|
var pieceNum int32
|
|
|
|
found := false
|
|
|
|
for _, piece := range pendingPointer.GetRemote().GetRemotePieces() {
|
|
|
|
if piece.NodeId == pending.NodeID {
|
|
|
|
pieceNum = piece.PieceNum
|
|
|
|
found = true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if !found {
|
2021-03-02 17:53:47 +00:00
|
|
|
ch <- result{nodeID: pending.NodeID, status: remove}
|
2019-09-19 00:45:15 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2020-08-28 12:56:09 +01:00
|
|
|
segmentLocation, err := metabase.ParseSegmentKey(metabase.SegmentKey(pending.Path)) // TODO: this should be parsed in pending
|
|
|
|
if err != nil {
|
2021-03-02 17:53:47 +00:00
|
|
|
ch <- result{nodeID: pending.NodeID, status: remove}
|
2020-08-28 12:56:09 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
satellite/audit: use LastIPAndPort preferentially
This preserves the last_ip_and_port field from node lookups through
CreateAuditOrderLimits() and CreateAuditOrderLimit(), so that later
calls to (*Verifier).GetShare() can try to use that IP and port. If a
connection to the given IP and port cannot be made, or the connection
cannot be verified and secured with the target node identity, an
attempt is made to connect to the original node address instead.
A similar change is not necessary to the other Create*OrderLimits
functions, because they already replace node addresses with the cached
IP and port as appropriate. We might want to consider making a similar
change to CreateGetRepairOrderLimits(), though.
The audit situation is unique because the ramifications are especially
powerful when we get the address wrong. Failing a single audit can have
a heavy cost to a storage node. We need to make extra effort in order
to avoid imposing that cost unfairly.
Situation 1: If an audit fails because the repair worker failed to make
a DNS query (which might well be the fault on the satellite side), and
we have last_ip_and_port information available for the target node, it
would be unfair not to try connecting to that last_ip_and_port address.
Situation 2: If a node has changed addresses recently and the operator
correctly changed its DNS entry, but we don't bother querying DNS, it
would be unfair to penalize the node for our failure to connect to it.
So the audit worker must try both last_ip_and_port _and_ the node
address as supplied by the SNO.
We elect here to try last_ip_and_port first, on the grounds that (a) it
is expected to work in the large majority of cases, and (b) there
should not be any security concerns with connecting to an out-or-date
address, and (c) avoiding DNS queries on the satellite side helps
alleviate satellite operational load.
Change-Id: I9bf6c6c79866d879adecac6144a6c346f4f61200
2020-09-30 05:53:43 +01:00
|
|
|
limit, piecePrivateKey, cachedIPAndPort, err := verifier.orders.CreateAuditOrderLimit(ctx, segmentLocation.Bucket(), pending.NodeID, pieceNum, pending.PieceID, pending.ShareSize)
|
2019-05-27 12:13:47 +01:00
|
|
|
if err != nil {
|
2019-06-24 15:46:10 +01:00
|
|
|
if overlay.ErrNodeDisqualified.Has(err) {
|
2019-09-19 00:45:15 +01:00
|
|
|
_, errDelete := verifier.containment.Delete(ctx, pending.NodeID)
|
2019-06-24 15:46:10 +01:00
|
|
|
if errDelete != nil {
|
2020-03-30 19:09:50 +01:00
|
|
|
verifier.log.Debug("Error deleting disqualified node from containment db", zap.Stringer("Node ID", pending.NodeID), zap.Error(errDelete))
|
2019-06-24 15:46:10 +01:00
|
|
|
}
|
2019-09-19 00:45:15 +01:00
|
|
|
ch <- result{nodeID: pending.NodeID, status: erred, err: err}
|
2020-03-30 19:09:50 +01:00
|
|
|
verifier.log.Debug("Reverify: order limit not created (disqualified)", zap.Stringer("Node ID", pending.NodeID))
|
2019-06-24 15:46:10 +01:00
|
|
|
return
|
|
|
|
}
|
2020-08-13 13:00:56 +01:00
|
|
|
if overlay.ErrNodeFinishedGE.Has(err) {
|
|
|
|
_, errDelete := verifier.containment.Delete(ctx, pending.NodeID)
|
|
|
|
if errDelete != nil {
|
|
|
|
verifier.log.Debug("Error deleting gracefully exited node from containment db", zap.Stringer("Node ID", pending.NodeID), zap.Error(errDelete))
|
|
|
|
}
|
|
|
|
ch <- result{nodeID: pending.NodeID, status: erred, err: err}
|
|
|
|
verifier.log.Debug("Reverify: order limit not created (completed graceful exit)", zap.Stringer("Node ID", pending.NodeID))
|
|
|
|
return
|
|
|
|
}
|
2019-05-27 12:13:47 +01:00
|
|
|
if overlay.ErrNodeOffline.Has(err) {
|
2019-09-19 00:45:15 +01:00
|
|
|
ch <- result{nodeID: pending.NodeID, status: offline}
|
2020-03-30 19:09:50 +01:00
|
|
|
verifier.log.Debug("Reverify: order limit not created (offline)", zap.Stringer("Node ID", pending.NodeID))
|
2019-05-27 12:13:47 +01:00
|
|
|
return
|
|
|
|
}
|
2019-09-19 00:45:15 +01:00
|
|
|
ch <- result{nodeID: pending.NodeID, status: erred, err: err}
|
2020-03-30 19:09:50 +01:00
|
|
|
verifier.log.Debug("Reverify: error creating order limit", zap.Stringer("Node ID", pending.NodeID), zap.Error(err))
|
2019-05-27 12:13:47 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
satellite/audit: use LastIPAndPort preferentially
This preserves the last_ip_and_port field from node lookups through
CreateAuditOrderLimits() and CreateAuditOrderLimit(), so that later
calls to (*Verifier).GetShare() can try to use that IP and port. If a
connection to the given IP and port cannot be made, or the connection
cannot be verified and secured with the target node identity, an
attempt is made to connect to the original node address instead.
A similar change is not necessary to the other Create*OrderLimits
functions, because they already replace node addresses with the cached
IP and port as appropriate. We might want to consider making a similar
change to CreateGetRepairOrderLimits(), though.
The audit situation is unique because the ramifications are especially
powerful when we get the address wrong. Failing a single audit can have
a heavy cost to a storage node. We need to make extra effort in order
to avoid imposing that cost unfairly.
Situation 1: If an audit fails because the repair worker failed to make
a DNS query (which might well be the fault on the satellite side), and
we have last_ip_and_port information available for the target node, it
would be unfair not to try connecting to that last_ip_and_port address.
Situation 2: If a node has changed addresses recently and the operator
correctly changed its DNS entry, but we don't bother querying DNS, it
would be unfair to penalize the node for our failure to connect to it.
So the audit worker must try both last_ip_and_port _and_ the node
address as supplied by the SNO.
We elect here to try last_ip_and_port first, on the grounds that (a) it
is expected to work in the large majority of cases, and (b) there
should not be any security concerns with connecting to an out-or-date
address, and (c) avoiding DNS queries on the satellite side helps
alleviate satellite operational load.
Change-Id: I9bf6c6c79866d879adecac6144a6c346f4f61200
2020-09-30 05:53:43 +01:00
|
|
|
share, err := verifier.GetShare(ctx, limit, piecePrivateKey, cachedIPAndPort, pending.StripeIndex, pending.ShareSize, int(pieceNum))
|
2019-06-19 10:02:25 +01:00
|
|
|
|
|
|
|
// check if the pending audit was deleted while downloading the share
|
2019-09-19 00:45:15 +01:00
|
|
|
_, getErr := verifier.containment.Get(ctx, pending.NodeID)
|
2019-06-19 10:02:25 +01:00
|
|
|
if getErr != nil {
|
|
|
|
if ErrContainedNotFound.Has(getErr) {
|
2019-09-19 00:45:15 +01:00
|
|
|
ch <- result{nodeID: pending.NodeID, status: skipped}
|
2020-03-30 19:09:50 +01:00
|
|
|
verifier.log.Debug("Reverify: pending audit deleted during reverification", zap.Stringer("Node ID", pending.NodeID), zap.Error(getErr))
|
2019-06-19 10:02:25 +01:00
|
|
|
return
|
|
|
|
}
|
2019-09-19 00:45:15 +01:00
|
|
|
ch <- result{nodeID: pending.NodeID, status: erred, err: getErr}
|
2020-03-30 19:09:50 +01:00
|
|
|
verifier.log.Debug("Reverify: error getting from containment db", zap.Stringer("Node ID", pending.NodeID), zap.Error(getErr))
|
2019-06-19 10:02:25 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// analyze the error from GetShare
|
2019-05-27 12:13:47 +01:00
|
|
|
if err != nil {
|
2019-09-19 05:46:39 +01:00
|
|
|
if rpc.Error.Has(err) {
|
2019-06-26 08:38:07 +01:00
|
|
|
if errs.Is(err, context.DeadlineExceeded) {
|
2019-06-07 13:38:41 +01:00
|
|
|
// dial timeout
|
2019-09-19 00:45:15 +01:00
|
|
|
ch <- result{nodeID: pending.NodeID, status: offline}
|
2020-03-30 19:09:50 +01:00
|
|
|
verifier.log.Debug("Reverify: dial timeout (offline)", zap.Stringer("Node ID", pending.NodeID), zap.Error(err))
|
2019-06-07 13:38:41 +01:00
|
|
|
return
|
|
|
|
}
|
2019-09-19 05:46:39 +01:00
|
|
|
if errs2.IsRPC(err, rpcstatus.Unknown) {
|
2019-06-07 13:38:41 +01:00
|
|
|
// dial failed -- offline node
|
2020-03-30 19:09:50 +01:00
|
|
|
verifier.log.Debug("Reverify: dial failed (offline)", zap.Stringer("Node ID", pending.NodeID), zap.Error(err))
|
2019-09-19 00:45:15 +01:00
|
|
|
ch <- result{nodeID: pending.NodeID, status: offline}
|
2019-06-07 13:38:41 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
// unknown transport error
|
2019-11-19 16:30:28 +00:00
|
|
|
ch <- result{nodeID: pending.NodeID, status: unknown, pendingAudit: pending}
|
2020-03-30 19:09:50 +01:00
|
|
|
verifier.log.Info("Reverify: unknown transport error (skipped)", zap.Stringer("Node ID", pending.NodeID), zap.Error(err))
|
2019-06-07 13:38:41 +01:00
|
|
|
return
|
|
|
|
}
|
2019-09-19 05:46:39 +01:00
|
|
|
if errs2.IsRPC(err, rpcstatus.NotFound) {
|
2019-07-18 19:08:15 +01:00
|
|
|
// Get the original segment pointer in the metainfo
|
2020-03-04 23:09:18 +00:00
|
|
|
err := verifier.checkIfSegmentAltered(ctx, pending.Path, pendingPointer, pendingPointerBytes)
|
2019-07-18 19:08:15 +01:00
|
|
|
if err != nil {
|
2021-03-02 17:53:47 +00:00
|
|
|
ch <- result{nodeID: pending.NodeID, status: remove}
|
2020-03-30 19:09:50 +01:00
|
|
|
verifier.log.Debug("Reverify: audit source changed before reverification", zap.Stringer("Node ID", pending.NodeID), zap.Error(err))
|
2019-07-18 19:08:15 +01:00
|
|
|
return
|
|
|
|
}
|
2019-06-07 13:38:41 +01:00
|
|
|
// missing share
|
2019-09-19 00:45:15 +01:00
|
|
|
ch <- result{nodeID: pending.NodeID, status: failed}
|
2020-03-30 19:09:50 +01:00
|
|
|
verifier.log.Info("Reverify: piece not found (audit failed)", zap.Stringer("Node ID", pending.NodeID), zap.Error(err))
|
2019-06-07 13:38:41 +01:00
|
|
|
return
|
|
|
|
}
|
2019-09-19 05:46:39 +01:00
|
|
|
if errs2.IsRPC(err, rpcstatus.DeadlineExceeded) {
|
2019-06-07 13:38:41 +01:00
|
|
|
// dial successful, but download timed out
|
2019-09-19 00:45:15 +01:00
|
|
|
ch <- result{nodeID: pending.NodeID, status: contained, pendingAudit: pending}
|
2020-03-30 19:09:50 +01:00
|
|
|
verifier.log.Info("Reverify: download timeout (contained)", zap.Stringer("Node ID", pending.NodeID), zap.Error(err))
|
2019-06-07 13:38:41 +01:00
|
|
|
return
|
2019-05-27 12:13:47 +01:00
|
|
|
}
|
2019-06-07 13:38:41 +01:00
|
|
|
// unknown error
|
2019-11-19 16:30:28 +00:00
|
|
|
ch <- result{nodeID: pending.NodeID, status: unknown, pendingAudit: pending}
|
2020-03-30 19:09:50 +01:00
|
|
|
verifier.log.Info("Reverify: unknown error (skipped)", zap.Stringer("Node ID", pending.NodeID), zap.Error(err))
|
2019-05-27 12:13:47 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
downloadedHash := pkcrypto.SHA256Hash(share.Data)
|
|
|
|
if bytes.Equal(downloadedHash, pending.ExpectedShareHash) {
|
2019-09-19 00:45:15 +01:00
|
|
|
ch <- result{nodeID: pending.NodeID, status: success}
|
2020-03-30 19:09:50 +01:00
|
|
|
verifier.log.Info("Reverify: hashes match (audit success)", zap.Stringer("Node ID", pending.NodeID))
|
2019-05-27 12:13:47 +01:00
|
|
|
} else {
|
2020-03-04 23:09:18 +00:00
|
|
|
err := verifier.checkIfSegmentAltered(ctx, pending.Path, pendingPointer, pendingPointerBytes)
|
2019-07-18 19:08:15 +01:00
|
|
|
if err != nil {
|
2021-03-02 17:53:47 +00:00
|
|
|
ch <- result{nodeID: pending.NodeID, status: remove}
|
2020-03-30 19:09:50 +01:00
|
|
|
verifier.log.Debug("Reverify: audit source changed before reverification", zap.Stringer("Node ID", pending.NodeID), zap.Error(err))
|
2019-07-18 19:08:15 +01:00
|
|
|
return
|
|
|
|
}
|
2020-03-30 19:09:50 +01:00
|
|
|
verifier.log.Info("Reverify: hashes mismatch (audit failed)", zap.Stringer("Node ID", pending.NodeID),
|
2019-06-07 13:38:41 +01:00
|
|
|
zap.Binary("expected hash", pending.ExpectedShareHash), zap.Binary("downloaded hash", downloadedHash))
|
2019-09-19 00:45:15 +01:00
|
|
|
ch <- result{nodeID: pending.NodeID, status: failed}
|
2019-05-27 12:13:47 +01:00
|
|
|
}
|
2019-09-19 00:45:15 +01:00
|
|
|
}(pending)
|
2019-05-27 12:13:47 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
for range pieces {
|
|
|
|
result := <-ch
|
|
|
|
switch result.status {
|
2021-03-02 17:53:47 +00:00
|
|
|
case skipped:
|
2019-05-27 12:13:47 +01:00
|
|
|
case success:
|
|
|
|
report.Successes = append(report.Successes, result.nodeID)
|
|
|
|
case offline:
|
|
|
|
report.Offlines = append(report.Offlines, result.nodeID)
|
|
|
|
case failed:
|
|
|
|
report.Fails = append(report.Fails, result.nodeID)
|
|
|
|
case contained:
|
|
|
|
report.PendingAudits = append(report.PendingAudits, result.pendingAudit)
|
2019-11-19 16:30:28 +00:00
|
|
|
case unknown:
|
|
|
|
report.Unknown = append(report.Unknown, result.nodeID)
|
2021-03-02 17:53:47 +00:00
|
|
|
case remove:
|
2020-03-04 23:09:18 +00:00
|
|
|
_, errDelete := verifier.containment.Delete(ctx, result.nodeID)
|
|
|
|
if errDelete != nil {
|
|
|
|
verifier.log.Debug("Error deleting node from containment db", zap.Stringer("Node ID", result.nodeID), zap.Error(errDelete))
|
|
|
|
}
|
2019-05-27 12:13:47 +01:00
|
|
|
case erred:
|
|
|
|
err = errs.Combine(err, result.err)
|
2021-03-02 17:53:47 +00:00
|
|
|
default:
|
2019-05-27 12:13:47 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-10-13 13:13:41 +01:00
|
|
|
mon.Meter("reverify_successes_global").Mark(len(report.Successes)) //mon:locked
|
|
|
|
mon.Meter("reverify_offlines_global").Mark(len(report.Offlines)) //mon:locked
|
|
|
|
mon.Meter("reverify_fails_global").Mark(len(report.Fails)) //mon:locked
|
|
|
|
mon.Meter("reverify_contained_global").Mark(len(report.PendingAudits)) //mon:locked
|
|
|
|
mon.Meter("reverify_unknown_global").Mark(len(report.Unknown)) //mon:locked
|
2019-06-18 13:54:52 +01:00
|
|
|
|
2020-10-13 13:13:41 +01:00
|
|
|
mon.IntVal("reverify_successes").Observe(int64(len(report.Successes))) //mon:locked
|
|
|
|
mon.IntVal("reverify_offlines").Observe(int64(len(report.Offlines))) //mon:locked
|
|
|
|
mon.IntVal("reverify_fails").Observe(int64(len(report.Fails))) //mon:locked
|
|
|
|
mon.IntVal("reverify_contained").Observe(int64(len(report.PendingAudits))) //mon:locked
|
|
|
|
mon.IntVal("reverify_unknown").Observe(int64(len(report.Unknown))) //mon:locked
|
2019-06-18 13:54:52 +01:00
|
|
|
|
2020-10-13 13:13:41 +01:00
|
|
|
mon.IntVal("reverify_contained_in_segment").Observe(containedInSegment) //mon:locked
|
|
|
|
mon.IntVal("reverify_total_in_segment").Observe(int64(len(pieces))) //mon:locked
|
2019-06-18 13:54:52 +01:00
|
|
|
|
2019-05-27 12:13:47 +01:00
|
|
|
return report, err
|
|
|
|
}
|
|
|
|
|
2020-07-16 15:18:02 +01:00
|
|
|
// GetShare use piece store client to download shares from nodes.
|
satellite/audit: use LastIPAndPort preferentially
This preserves the last_ip_and_port field from node lookups through
CreateAuditOrderLimits() and CreateAuditOrderLimit(), so that later
calls to (*Verifier).GetShare() can try to use that IP and port. If a
connection to the given IP and port cannot be made, or the connection
cannot be verified and secured with the target node identity, an
attempt is made to connect to the original node address instead.
A similar change is not necessary to the other Create*OrderLimits
functions, because they already replace node addresses with the cached
IP and port as appropriate. We might want to consider making a similar
change to CreateGetRepairOrderLimits(), though.
The audit situation is unique because the ramifications are especially
powerful when we get the address wrong. Failing a single audit can have
a heavy cost to a storage node. We need to make extra effort in order
to avoid imposing that cost unfairly.
Situation 1: If an audit fails because the repair worker failed to make
a DNS query (which might well be the fault on the satellite side), and
we have last_ip_and_port information available for the target node, it
would be unfair not to try connecting to that last_ip_and_port address.
Situation 2: If a node has changed addresses recently and the operator
correctly changed its DNS entry, but we don't bother querying DNS, it
would be unfair to penalize the node for our failure to connect to it.
So the audit worker must try both last_ip_and_port _and_ the node
address as supplied by the SNO.
We elect here to try last_ip_and_port first, on the grounds that (a) it
is expected to work in the large majority of cases, and (b) there
should not be any security concerns with connecting to an out-or-date
address, and (c) avoiding DNS queries on the satellite side helps
alleviate satellite operational load.
Change-Id: I9bf6c6c79866d879adecac6144a6c346f4f61200
2020-09-30 05:53:43 +01:00
|
|
|
func (verifier *Verifier) GetShare(ctx context.Context, limit *pb.AddressedOrderLimit, piecePrivateKey storj.PiecePrivateKey, cachedIPAndPort string, stripeIndex int64, shareSize int32, pieceNum int) (share Share, err error) {
|
2018-10-09 22:10:37 +01:00
|
|
|
defer mon.Task()(&ctx)(&err)
|
2019-01-10 20:13:40 +00:00
|
|
|
|
2019-03-19 17:37:26 +00:00
|
|
|
bandwidthMsgSize := shareSize
|
|
|
|
|
|
|
|
// determines number of seconds allotted for receiving data from a storage node
|
2019-03-22 13:14:17 +00:00
|
|
|
timedCtx := ctx
|
2019-05-17 19:48:32 +01:00
|
|
|
if verifier.minBytesPerSecond > 0 {
|
|
|
|
maxTransferTime := time.Duration(int64(time.Second) * int64(bandwidthMsgSize) / verifier.minBytesPerSecond.Int64())
|
2019-06-03 10:17:09 +01:00
|
|
|
if maxTransferTime < verifier.minDownloadTimeout {
|
|
|
|
maxTransferTime = verifier.minDownloadTimeout
|
2019-04-03 18:17:29 +01:00
|
|
|
}
|
2019-03-22 13:14:17 +00:00
|
|
|
var cancel func()
|
|
|
|
timedCtx, cancel = context.WithTimeout(ctx, maxTransferTime)
|
|
|
|
defer cancel()
|
|
|
|
}
|
2019-03-19 17:37:26 +00:00
|
|
|
|
satellite/audit: use LastIPAndPort preferentially
This preserves the last_ip_and_port field from node lookups through
CreateAuditOrderLimits() and CreateAuditOrderLimit(), so that later
calls to (*Verifier).GetShare() can try to use that IP and port. If a
connection to the given IP and port cannot be made, or the connection
cannot be verified and secured with the target node identity, an
attempt is made to connect to the original node address instead.
A similar change is not necessary to the other Create*OrderLimits
functions, because they already replace node addresses with the cached
IP and port as appropriate. We might want to consider making a similar
change to CreateGetRepairOrderLimits(), though.
The audit situation is unique because the ramifications are especially
powerful when we get the address wrong. Failing a single audit can have
a heavy cost to a storage node. We need to make extra effort in order
to avoid imposing that cost unfairly.
Situation 1: If an audit fails because the repair worker failed to make
a DNS query (which might well be the fault on the satellite side), and
we have last_ip_and_port information available for the target node, it
would be unfair not to try connecting to that last_ip_and_port address.
Situation 2: If a node has changed addresses recently and the operator
correctly changed its DNS entry, but we don't bother querying DNS, it
would be unfair to penalize the node for our failure to connect to it.
So the audit worker must try both last_ip_and_port _and_ the node
address as supplied by the SNO.
We elect here to try last_ip_and_port first, on the grounds that (a) it
is expected to work in the large majority of cases, and (b) there
should not be any security concerns with connecting to an out-or-date
address, and (c) avoiding DNS queries on the satellite side helps
alleviate satellite operational load.
Change-Id: I9bf6c6c79866d879adecac6144a6c346f4f61200
2020-09-30 05:53:43 +01:00
|
|
|
targetNodeID := limit.GetLimit().StorageNodeId
|
|
|
|
log := verifier.log.Named(targetNodeID.String())
|
|
|
|
var ps *piecestore.Client
|
|
|
|
|
|
|
|
// if cached IP is given, try connecting there first
|
|
|
|
if cachedIPAndPort != "" {
|
|
|
|
nodeAddr := storj.NodeURL{
|
|
|
|
ID: targetNodeID,
|
|
|
|
Address: cachedIPAndPort,
|
|
|
|
}
|
|
|
|
ps, err = piecestore.DialNodeURL(timedCtx, verifier.dialer, nodeAddr, log, piecestore.DefaultConfig)
|
|
|
|
if err != nil {
|
|
|
|
log.Debug("failed to connect to audit target node at cached IP", zap.String("cached-ip-and-port", cachedIPAndPort), zap.Error(err))
|
|
|
|
}
|
2020-05-19 16:49:13 +01:00
|
|
|
}
|
satellite/audit: use LastIPAndPort preferentially
This preserves the last_ip_and_port field from node lookups through
CreateAuditOrderLimits() and CreateAuditOrderLimit(), so that later
calls to (*Verifier).GetShare() can try to use that IP and port. If a
connection to the given IP and port cannot be made, or the connection
cannot be verified and secured with the target node identity, an
attempt is made to connect to the original node address instead.
A similar change is not necessary to the other Create*OrderLimits
functions, because they already replace node addresses with the cached
IP and port as appropriate. We might want to consider making a similar
change to CreateGetRepairOrderLimits(), though.
The audit situation is unique because the ramifications are especially
powerful when we get the address wrong. Failing a single audit can have
a heavy cost to a storage node. We need to make extra effort in order
to avoid imposing that cost unfairly.
Situation 1: If an audit fails because the repair worker failed to make
a DNS query (which might well be the fault on the satellite side), and
we have last_ip_and_port information available for the target node, it
would be unfair not to try connecting to that last_ip_and_port address.
Situation 2: If a node has changed addresses recently and the operator
correctly changed its DNS entry, but we don't bother querying DNS, it
would be unfair to penalize the node for our failure to connect to it.
So the audit worker must try both last_ip_and_port _and_ the node
address as supplied by the SNO.
We elect here to try last_ip_and_port first, on the grounds that (a) it
is expected to work in the large majority of cases, and (b) there
should not be any security concerns with connecting to an out-or-date
address, and (c) avoiding DNS queries on the satellite side helps
alleviate satellite operational load.
Change-Id: I9bf6c6c79866d879adecac6144a6c346f4f61200
2020-09-30 05:53:43 +01:00
|
|
|
|
|
|
|
// if no cached IP was given, or connecting to cached IP failed, use node address
|
|
|
|
if ps == nil {
|
|
|
|
nodeAddr := storj.NodeURL{
|
|
|
|
ID: targetNodeID,
|
|
|
|
Address: limit.GetStorageNodeAddress().Address,
|
|
|
|
}
|
|
|
|
ps, err = piecestore.DialNodeURL(timedCtx, verifier.dialer, nodeAddr, log, piecestore.DefaultConfig)
|
|
|
|
if err != nil {
|
|
|
|
return Share{}, Error.Wrap(err)
|
|
|
|
}
|
2018-10-09 22:10:37 +01:00
|
|
|
}
|
satellite/audit: use LastIPAndPort preferentially
This preserves the last_ip_and_port field from node lookups through
CreateAuditOrderLimits() and CreateAuditOrderLimit(), so that later
calls to (*Verifier).GetShare() can try to use that IP and port. If a
connection to the given IP and port cannot be made, or the connection
cannot be verified and secured with the target node identity, an
attempt is made to connect to the original node address instead.
A similar change is not necessary to the other Create*OrderLimits
functions, because they already replace node addresses with the cached
IP and port as appropriate. We might want to consider making a similar
change to CreateGetRepairOrderLimits(), though.
The audit situation is unique because the ramifications are especially
powerful when we get the address wrong. Failing a single audit can have
a heavy cost to a storage node. We need to make extra effort in order
to avoid imposing that cost unfairly.
Situation 1: If an audit fails because the repair worker failed to make
a DNS query (which might well be the fault on the satellite side), and
we have last_ip_and_port information available for the target node, it
would be unfair not to try connecting to that last_ip_and_port address.
Situation 2: If a node has changed addresses recently and the operator
correctly changed its DNS entry, but we don't bother querying DNS, it
would be unfair to penalize the node for our failure to connect to it.
So the audit worker must try both last_ip_and_port _and_ the node
address as supplied by the SNO.
We elect here to try last_ip_and_port first, on the grounds that (a) it
is expected to work in the large majority of cases, and (b) there
should not be any security concerns with connecting to an out-or-date
address, and (c) avoiding DNS queries on the satellite side helps
alleviate satellite operational load.
Change-Id: I9bf6c6c79866d879adecac6144a6c346f4f61200
2020-09-30 05:53:43 +01:00
|
|
|
|
2019-04-03 14:42:24 +01:00
|
|
|
defer func() {
|
|
|
|
err := ps.Close()
|
|
|
|
if err != nil {
|
2019-05-17 19:48:32 +01:00
|
|
|
verifier.log.Error("audit verifier failed to close conn to node: %+v", zap.Error(err))
|
2019-04-03 14:42:24 +01:00
|
|
|
}
|
|
|
|
}()
|
2018-10-09 22:10:37 +01:00
|
|
|
|
2019-03-18 10:55:06 +00:00
|
|
|
offset := int64(shareSize) * stripeIndex
|
2018-10-09 22:10:37 +01:00
|
|
|
|
2019-07-11 21:51:40 +01:00
|
|
|
downloader, err := ps.Download(timedCtx, limit.GetLimit(), piecePrivateKey, offset, int64(shareSize))
|
2018-10-09 22:10:37 +01:00
|
|
|
if err != nil {
|
2019-03-18 10:55:06 +00:00
|
|
|
return Share{}, err
|
2018-10-09 22:10:37 +01:00
|
|
|
}
|
2019-03-18 10:55:06 +00:00
|
|
|
defer func() { err = errs.Combine(err, downloader.Close()) }()
|
2018-10-09 22:10:37 +01:00
|
|
|
|
|
|
|
buf := make([]byte, shareSize)
|
2019-03-18 10:55:06 +00:00
|
|
|
_, err = io.ReadFull(downloader, buf)
|
2018-10-09 22:10:37 +01:00
|
|
|
if err != nil {
|
2019-03-18 10:55:06 +00:00
|
|
|
return Share{}, err
|
2018-10-09 22:10:37 +01:00
|
|
|
}
|
|
|
|
|
2019-03-18 10:55:06 +00:00
|
|
|
return Share{
|
|
|
|
Error: nil,
|
|
|
|
PieceNum: pieceNum,
|
satellite/audit: use LastIPAndPort preferentially
This preserves the last_ip_and_port field from node lookups through
CreateAuditOrderLimits() and CreateAuditOrderLimit(), so that later
calls to (*Verifier).GetShare() can try to use that IP and port. If a
connection to the given IP and port cannot be made, or the connection
cannot be verified and secured with the target node identity, an
attempt is made to connect to the original node address instead.
A similar change is not necessary to the other Create*OrderLimits
functions, because they already replace node addresses with the cached
IP and port as appropriate. We might want to consider making a similar
change to CreateGetRepairOrderLimits(), though.
The audit situation is unique because the ramifications are especially
powerful when we get the address wrong. Failing a single audit can have
a heavy cost to a storage node. We need to make extra effort in order
to avoid imposing that cost unfairly.
Situation 1: If an audit fails because the repair worker failed to make
a DNS query (which might well be the fault on the satellite side), and
we have last_ip_and_port information available for the target node, it
would be unfair not to try connecting to that last_ip_and_port address.
Situation 2: If a node has changed addresses recently and the operator
correctly changed its DNS entry, but we don't bother querying DNS, it
would be unfair to penalize the node for our failure to connect to it.
So the audit worker must try both last_ip_and_port _and_ the node
address as supplied by the SNO.
We elect here to try last_ip_and_port first, on the grounds that (a) it
is expected to work in the large majority of cases, and (b) there
should not be any security concerns with connecting to an out-or-date
address, and (c) avoiding DNS queries on the satellite side helps
alleviate satellite operational load.
Change-Id: I9bf6c6c79866d879adecac6144a6c346f4f61200
2020-09-30 05:53:43 +01:00
|
|
|
NodeID: targetNodeID,
|
2019-03-18 10:55:06 +00:00
|
|
|
Data: buf,
|
|
|
|
}, nil
|
2018-10-09 22:10:37 +01:00
|
|
|
}
|
|
|
|
|
2019-09-11 23:37:01 +01:00
|
|
|
// checkIfSegmentAltered checks if path's pointer has been altered since path was selected.
|
2020-09-03 14:54:56 +01:00
|
|
|
func (verifier *Verifier) checkIfSegmentAltered(ctx context.Context, segmentKey string, oldPointer *pb.Pointer, oldPointerBytes []byte) (err error) {
|
2019-06-19 10:02:25 +01:00
|
|
|
defer mon.Task()(&ctx)(&err)
|
|
|
|
|
2019-09-11 23:37:01 +01:00
|
|
|
if verifier.OnTestingCheckSegmentAlteredHook != nil {
|
|
|
|
verifier.OnTestingCheckSegmentAlteredHook()
|
|
|
|
}
|
|
|
|
|
2020-09-03 14:54:56 +01:00
|
|
|
newPointerBytes, newPointer, err := verifier.metainfo.GetWithBytes(ctx, metabase.SegmentKey(segmentKey))
|
2019-06-19 10:02:25 +01:00
|
|
|
if err != nil {
|
2019-12-10 20:21:30 +00:00
|
|
|
if storj.ErrObjectNotFound.Has(err) {
|
2020-09-03 14:54:56 +01:00
|
|
|
return ErrSegmentDeleted.New("%q", segmentKey)
|
2019-06-19 10:02:25 +01:00
|
|
|
}
|
2020-03-04 23:09:18 +00:00
|
|
|
return err
|
2019-06-19 10:02:25 +01:00
|
|
|
}
|
|
|
|
|
2019-07-18 19:08:15 +01:00
|
|
|
if oldPointer != nil && oldPointer.CreationDate != newPointer.CreationDate {
|
2020-09-03 14:54:56 +01:00
|
|
|
return ErrSegmentDeleted.New("%q", segmentKey)
|
2020-03-04 23:09:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if !bytes.Equal(oldPointerBytes, newPointerBytes) {
|
2020-09-03 14:54:56 +01:00
|
|
|
return ErrSegmentModified.New("%q", segmentKey)
|
2019-06-19 10:02:25 +01:00
|
|
|
}
|
2020-03-04 23:09:18 +00:00
|
|
|
return nil
|
2019-06-19 10:02:25 +01:00
|
|
|
}
|
|
|
|
|
2018-10-09 22:10:37 +01:00
|
|
|
// auditShares takes the downloaded shares and uses infectious's Correct function to check that they
|
2019-05-23 21:07:19 +01:00
|
|
|
// haven't been altered. auditShares returns a slice containing the piece numbers of altered shares,
|
|
|
|
// and a slice of the corrected shares.
|
|
|
|
func auditShares(ctx context.Context, required, total int, originals map[int]Share) (pieceNums []int, corrected []infectious.Share, err error) {
|
2018-10-09 22:10:37 +01:00
|
|
|
defer mon.Task()(&ctx)(&err)
|
|
|
|
f, err := infectious.NewFEC(required, total)
|
|
|
|
if err != nil {
|
2019-05-23 21:07:19 +01:00
|
|
|
return nil, nil, err
|
2018-10-09 22:10:37 +01:00
|
|
|
}
|
2018-11-07 01:16:43 +00:00
|
|
|
|
2018-10-09 22:10:37 +01:00
|
|
|
copies, err := makeCopies(ctx, originals)
|
|
|
|
if err != nil {
|
2019-05-23 21:07:19 +01:00
|
|
|
return nil, nil, err
|
2018-10-09 22:10:37 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
err = f.Correct(copies)
|
|
|
|
if err != nil {
|
2019-05-23 21:07:19 +01:00
|
|
|
return nil, nil, err
|
2018-10-09 22:10:37 +01:00
|
|
|
}
|
2019-03-19 17:37:26 +00:00
|
|
|
|
2018-11-28 07:33:17 +00:00
|
|
|
for _, share := range copies {
|
|
|
|
if !bytes.Equal(originals[share.Number].Data, share.Data) {
|
2018-10-09 22:10:37 +01:00
|
|
|
pieceNums = append(pieceNums, share.Number)
|
|
|
|
}
|
|
|
|
}
|
2019-05-23 21:07:19 +01:00
|
|
|
return pieceNums, copies, nil
|
2018-10-09 22:10:37 +01:00
|
|
|
}
|
|
|
|
|
2020-07-16 15:18:02 +01:00
|
|
|
// makeCopies takes in a map of audit Shares and deep copies their data to a slice of infectious Shares.
|
2019-03-20 10:54:37 +00:00
|
|
|
func makeCopies(ctx context.Context, originals map[int]Share) (copies []infectious.Share, err error) {
|
2018-10-09 22:10:37 +01:00
|
|
|
defer mon.Task()(&ctx)(&err)
|
2019-03-20 10:54:37 +00:00
|
|
|
copies = make([]infectious.Share, 0, len(originals))
|
|
|
|
for _, original := range originals {
|
|
|
|
copies = append(copies, infectious.Share{
|
|
|
|
Data: append([]byte{}, original.Data...),
|
|
|
|
Number: original.PieceNum})
|
2018-10-16 18:40:34 +01:00
|
|
|
}
|
2019-03-20 10:54:37 +00:00
|
|
|
return copies, nil
|
2018-10-16 18:40:34 +01:00
|
|
|
}
|
|
|
|
|
2019-08-20 15:23:14 +01:00
|
|
|
// getOfflines nodes returns these storage nodes from pointer which have no
|
|
|
|
// order limit nor are skipped.
|
2019-06-07 13:38:41 +01:00
|
|
|
func getOfflineNodes(pointer *pb.Pointer, limits []*pb.AddressedOrderLimit, skip map[storj.NodeID]bool) storj.NodeIDList {
|
|
|
|
var offlines storj.NodeIDList
|
|
|
|
|
|
|
|
nodesWithLimit := make(map[storj.NodeID]bool, len(limits))
|
|
|
|
for _, limit := range limits {
|
|
|
|
if limit != nil {
|
|
|
|
nodesWithLimit[limit.GetLimit().StorageNodeId] = true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, piece := range pointer.GetRemote().GetRemotePieces() {
|
|
|
|
if !nodesWithLimit[piece.NodeId] && !skip[piece.NodeId] {
|
|
|
|
offlines = append(offlines, piece.NodeId)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return offlines
|
|
|
|
}
|
|
|
|
|
2020-07-16 15:18:02 +01:00
|
|
|
// getSuccessNodes uses the failed nodes, offline nodes and contained nodes arrays to determine which nodes passed the audit.
|
2019-11-19 16:30:28 +00:00
|
|
|
func getSuccessNodes(ctx context.Context, shares map[int]Share, failedNodes, offlineNodes, unknownNodes storj.NodeIDList, containedNodes map[int]storj.NodeID) (successNodes storj.NodeIDList) {
|
2019-06-04 12:36:27 +01:00
|
|
|
defer mon.Task()(&ctx)(nil)
|
2018-11-29 18:39:27 +00:00
|
|
|
fails := make(map[storj.NodeID]bool)
|
2018-10-16 18:40:34 +01:00
|
|
|
for _, fail := range failedNodes {
|
|
|
|
fails[fail] = true
|
2018-10-09 22:10:37 +01:00
|
|
|
}
|
2018-10-16 18:40:34 +01:00
|
|
|
for _, offline := range offlineNodes {
|
|
|
|
fails[offline] = true
|
|
|
|
}
|
2019-11-19 16:30:28 +00:00
|
|
|
for _, unknown := range unknownNodes {
|
|
|
|
fails[unknown] = true
|
|
|
|
}
|
2019-05-23 21:07:19 +01:00
|
|
|
for _, contained := range containedNodes {
|
|
|
|
fails[contained] = true
|
|
|
|
}
|
2018-10-16 18:40:34 +01:00
|
|
|
|
2019-06-11 09:00:59 +01:00
|
|
|
for _, share := range shares {
|
|
|
|
if !fails[share.NodeID] {
|
|
|
|
successNodes = append(successNodes, share.NodeID)
|
2018-10-16 18:40:34 +01:00
|
|
|
}
|
|
|
|
}
|
2019-02-01 14:48:57 +00:00
|
|
|
|
2018-10-16 18:40:34 +01:00
|
|
|
return successNodes
|
|
|
|
}
|
2019-03-28 20:09:23 +00:00
|
|
|
|
2019-09-11 23:37:01 +01:00
|
|
|
func createPendingAudits(ctx context.Context, containedNodes map[int]storj.NodeID, correctedShares []infectious.Share, pointer *pb.Pointer, randomIndex int64, path storj.Path) (pending []*PendingAudit, err error) {
|
2019-06-04 12:36:27 +01:00
|
|
|
defer mon.Task()(&ctx)(&err)
|
2019-06-07 13:38:41 +01:00
|
|
|
|
|
|
|
if len(containedNodes) == 0 {
|
2019-05-23 21:07:19 +01:00
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
|
2019-09-11 23:37:01 +01:00
|
|
|
redundancy := pointer.GetRemote().GetRedundancy()
|
2019-05-23 21:07:19 +01:00
|
|
|
required := int(redundancy.GetMinReq())
|
|
|
|
total := int(redundancy.GetTotal())
|
|
|
|
shareSize := redundancy.GetErasureShareSize()
|
|
|
|
|
|
|
|
fec, err := infectious.NewFEC(required, total)
|
|
|
|
if err != nil {
|
2019-05-27 12:13:47 +01:00
|
|
|
return nil, Error.Wrap(err)
|
2019-05-23 21:07:19 +01:00
|
|
|
}
|
|
|
|
|
2019-06-04 12:36:27 +01:00
|
|
|
stripeData, err := rebuildStripe(ctx, fec, correctedShares, int(shareSize))
|
2019-05-23 21:07:19 +01:00
|
|
|
if err != nil {
|
2019-05-27 12:13:47 +01:00
|
|
|
return nil, Error.Wrap(err)
|
2019-05-23 21:07:19 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
for pieceNum, nodeID := range containedNodes {
|
|
|
|
share := make([]byte, shareSize)
|
|
|
|
err = fec.EncodeSingle(stripeData, share, pieceNum)
|
|
|
|
if err != nil {
|
2019-05-27 12:13:47 +01:00
|
|
|
return nil, Error.Wrap(err)
|
2019-05-23 21:07:19 +01:00
|
|
|
}
|
2019-06-07 13:38:41 +01:00
|
|
|
pending = append(pending, &PendingAudit{
|
2019-05-23 21:07:19 +01:00
|
|
|
NodeID: nodeID,
|
2019-09-11 23:37:01 +01:00
|
|
|
PieceID: pointer.GetRemote().RootPieceId,
|
|
|
|
StripeIndex: randomIndex,
|
2019-05-23 21:07:19 +01:00
|
|
|
ShareSize: shareSize,
|
|
|
|
ExpectedShareHash: pkcrypto.SHA256Hash(share),
|
2019-09-11 23:37:01 +01:00
|
|
|
Path: path,
|
2019-05-23 21:07:19 +01:00
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2019-06-07 13:38:41 +01:00
|
|
|
return pending, nil
|
2019-05-23 21:07:19 +01:00
|
|
|
}
|
|
|
|
|
2019-06-04 12:36:27 +01:00
|
|
|
func rebuildStripe(ctx context.Context, fec *infectious.FEC, corrected []infectious.Share, shareSize int) (_ []byte, err error) {
|
|
|
|
defer mon.Task()(&ctx)(&err)
|
2019-05-23 21:07:19 +01:00
|
|
|
stripe := make([]byte, fec.Required()*shareSize)
|
2019-06-04 12:36:27 +01:00
|
|
|
err = fec.Rebuild(corrected, func(share infectious.Share) {
|
2019-05-23 21:07:19 +01:00
|
|
|
copy(stripe[share.Number*shareSize:], share.Data)
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return stripe, nil
|
|
|
|
}
|
2019-09-11 23:37:01 +01:00
|
|
|
|
|
|
|
// GetRandomStripe takes a pointer and returns a random stripe index within that pointer.
|
|
|
|
func GetRandomStripe(ctx context.Context, pointer *pb.Pointer) (index int64, err error) {
|
|
|
|
defer mon.Task()(&ctx)(&err)
|
|
|
|
redundancy, err := eestream.NewRedundancyStrategyFromProto(pointer.GetRemote().GetRedundancy())
|
|
|
|
if err != nil {
|
|
|
|
return 0, err
|
|
|
|
}
|
|
|
|
|
|
|
|
// the last segment could be smaller than stripe size
|
|
|
|
if pointer.GetSegmentSize() < int64(redundancy.StripeSize()) {
|
|
|
|
return 0, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
var src cryptoSource
|
|
|
|
rnd := rand.New(src)
|
|
|
|
numStripes := pointer.GetSegmentSize() / int64(redundancy.StripeSize())
|
|
|
|
randomStripeIndex := rnd.Int63n(numStripes)
|
|
|
|
|
|
|
|
return randomStripeIndex, nil
|
|
|
|
}
|