ExternalVendorCode/tahoe-lafs
1
0
Fork 0
mirror of https://github.com/tahoe-lafs/tahoe-lafs.git synced 2024-12-20 13:33:09 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

immutable: new checker and verifier

Browse Source 
New checker and verifier use the new download class.  They are robust against various sorts of failures or corruption.  They return detailed results explaining what they learned about your immutable files.  Some grotesque sorts of corruption are not properly handled yet, and those ones are marked as TODO or commented-out in the unit tests.
There is also a repairer module in this patch with the beginnings of a repairer in it.  That repairer is mostly just the interface to the outside world -- the core operation of actually reconstructing the missing data blocks and uploading them is not in there yet.
This patch also refactors the unit tests in test_immutable so that the handling of each kind of corruption is reported as passing or failing separately, can be separately TODO'ified, etc.  The unit tests are also improved in various ways to require more of the code under test or to stop requiring unreasonable things of it.  :-)
This commit is contained in:
Zooko O'Whielacronx 2009-01-05 18:28:18 -07:00
parent 4921a9f243
commit 6a12f316a4
7 changed files with 713 additions and 484 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/allmydata/checker_results.py
View File

@ -20,8 +20,17 @@ class CheckerResults:
def set_healthy(self, healthy):
self.healthy = bool(healthy)
if self.healthy:
assert (not hasattr(self, 'recoverable')) or self.recoverable, hasattr(self, 'recoverable') and self.recoverable
self.recoverable = True
self.summary = "healthy"
else:
self.summary = "not healthy"
def set_recoverable(self, recoverable):
self.recoverable = recoverable
if not self.recoverable:
assert (not hasattr(self, 'healthy')) or not self.healthy
self.healthy = False
def set_needs_rebalancing(self, needs_rebalancing):
self.needs_rebalancing_p = bool(needs_rebalancing)
def set_data(self, data):

505
src/allmydata/immutable/checker.py
View File

@ -1,278 +1,273 @@
"""
Given a StorageIndex, count how many shares we can find.
This does no verification of the shares whatsoever. If the peer claims to
have the share, we believe them.
"""
from twisted.internet import defer
from twisted.python import log
from allmydata import storage
from twisted.python import failure
from foolscap import DeadReferenceError
from allmydata import hashtree, storage
from allmydata.checker_results import CheckerResults
from allmydata.immutable import download
from allmydata.uri import CHKFileURI
from allmydata.util import hashutil
from allmydata.uri import CHKFileVerifierURI
from allmydata.util.assertutil import precondition
from allmydata.util import base32, deferredutil, hashutil, log, nummedobj, rrefutil
class SimpleCHKFileChecker:
"""Return a list of (needed, total, found, sharemap), where sharemap maps
share number to a list of (binary) nodeids of the shareholders."""
from allmydata.immutable import layout
def __init__(self, client, uri, storage_index, needed_shares, total_shares):
self.peer_getter = client.get_permuted_peers
self.needed_shares = needed_shares
self.total_shares = total_shares
self.found_shares = set()
self.uri = uri
self.storage_index = storage_index
self.sharemap = {}
self.responded = set()
def _permute_servers(servers, key):
return sorted(servers, key=lambda x: sha.new(key+x[0]).digest())
'''
def check_synchronously(self, si):
# this is how we would write this class if we were using synchronous
# messages (or if we used promises).
found = set()
for (pmpeerid, peerid, connection) in self.peer_getter(storage_index):
buckets = connection.get_buckets(si)
found.update(buckets.keys())
return len(found)
'''
class Checker(log.PrefixingLogMixin):
""" I query all servers to see if M uniquely-numbered shares are available.
def start(self):
d = self._get_all_shareholders(self.storage_index)
d.addCallback(self._done)
return d
If the verify flag was passed to my constructor, then for each share I download every data
block and all metadata from each server and perform a cryptographic integrity check on all
of it. If not, I just ask each server "Which shares do you have?" and believe its answer.
def _get_all_shareholders(self, storage_index):
dl = []
for (peerid, ss) in self.peer_getter("storage", storage_index):
d = ss.callRemote("get_buckets", storage_index)
d.addCallbacks(self._got_response, self._got_error,
callbackArgs=(peerid,))
dl.append(d)
return defer.DeferredList(dl)
In either case, I wait until I have gotten responses from all servers. This fact -- that I
wait -- means that an ill-behaved server which fails to answer my questions will make me
wait indefinitely. If it is ill-behaved in a way that triggers the underlying foolscap
timeouts, then I will wait only as long as those foolscap timeouts, but if it is ill-behaved
in a way which placates the foolscap timeouts but still doesn't answer my question then I
will wait indefinitely.
def _got_response(self, buckets, peerid):
# buckets is a dict: maps shum to an rref of the server who holds it
self.found_shares.update(buckets.keys())
for k in buckets:
if k not in self.sharemap:
self.sharemap[k] = []
self.sharemap[k].append(peerid)
self.responded.add(peerid)
Before I send any new request to a server, I always ask the "monitor" object that was passed
into my constructor whether this task has been cancelled (by invoking its
raise_if_cancelled() method).
"""
def __init__(self, client, verifycap, servers, verify, monitor):
assert precondition(isinstance(verifycap, CHKFileVerifierURI), verifycap, type(verifycap))
assert precondition(isinstance(servers, (set, frozenset)), servers)
for (serverid, serverrref) in servers:
assert precondition(isinstance(serverid, str))
assert precondition(isinstance(serverrref, rrefutil.WrappedRemoteReference), serverrref)
def _got_error(self, f):
if f.check(KeyError):
pass
log.err(f)
pass
prefix = "%s" % base32.b2a_l(verifycap.storage_index[:8], 60)
log.PrefixingLogMixin.__init__(self, facility="tahoe.immutable.checker", prefix=prefix)
def _done(self, res):
r = CheckerResults(self.uri, self.storage_index)
report = []
healthy = bool(len(self.found_shares) >= self.total_shares)
r.set_healthy(healthy)
recoverable = bool(len(self.found_shares) >= self.needed_shares)
r.set_recoverable(recoverable)
data = {"count-shares-good": len(self.found_shares),
"count-shares-needed": self.needed_shares,
"count-shares-expected": self.total_shares,
"count-wrong-shares": 0,
}
if recoverable:
data["count-recoverable-versions"] = 1
data["count-unrecoverable-versions"] = 0
else:
data["count-recoverable-versions"] = 0
data["count-unrecoverable-versions"] = 1
data["count-corrupt-shares"] = 0 # non-verifier doesn't see corruption
data["list-corrupt-shares"] = []
hosts = set()
sharemap = {}
for (shnum,nodeids) in self.sharemap.items():
hosts.update(nodeids)
sharemap[shnum] = nodeids
data["count-good-share-hosts"] = len(hosts)
data["servers-responding"] = list(self.responded)
data["sharemap"] = sharemap
r.set_data(data)
r.set_needs_rebalancing(bool( len(self.found_shares) > len(hosts) ))
#r.stuff = (self.needed_shares, self.total_shares,
# len(self.found_shares), self.sharemap)
if len(self.found_shares) < self.total_shares:
wanted = set(range(self.total_shares))
missing = wanted - self.found_shares
report.append("Missing shares: %s" %
",".join(["sh%d" % shnum
for shnum in sorted(missing)]))
r.set_report(report)
if healthy:
r.set_summary("Healthy")
else:
r.set_summary("Not Healthy")
# TODO: more detail
return r
class VerifyingOutput:
def __init__(self, total_length, results):
self._crypttext_hasher = hashutil.crypttext_hasher()
self.length = 0
self.total_length = total_length
self._segment_number = 0
self._crypttext_hash_tree = None
self._opened = False
self._results = results
results.set_healthy(False)
results.set_recoverable(False)
results.set_summary("Not Healthy")
def got_crypttext_hash_tree(self, crypttext_hashtree):
self._crypttext_hash_tree = crypttext_hashtree
def write_segment(self, crypttext):
self.length += len(crypttext)
self._crypttext_hasher.update(crypttext)
if self._crypttext_hash_tree:
ch = hashutil.crypttext_segment_hasher()
ch.update(crypttext)
crypttext_leaves = {self._segment_number: ch.digest()}
self._crypttext_hash_tree.set_hashes(leaves=crypttext_leaves)
self._segment_number += 1
def close(self):
self.crypttext_hash = self._crypttext_hasher.digest()
def finish(self):
self._results.set_healthy(True)
self._results.set_recoverable(True)
self._results.set_summary("Healthy")
# the return value of finish() is passed out of FileDownloader._done,
# but SimpleCHKFileVerifier overrides this with the CheckerResults
# instance instead.
class SimpleCHKFileVerifier(download.FileDownloader):
# this reconstructs the crypttext, which verifies that at least 'k' of
# the shareholders are around and have valid data. It does not check the
# remaining shareholders, and it cannot verify the plaintext.
check_plaintext_hash = False
def __init__(self, client, u, storage_index, k, N, size, ueb_hash):
precondition(isinstance(u, CHKFileURI), u)
download.FileDownloader.__init__(self, client, u, None);
self._client = client
self._verifycap = verifycap
self._uri = u
self._storage_index = storage_index
self._uri_extension_hash = ueb_hash
self._total_shares = N
self._size = size
self._num_needed_shares = k
self._monitor = monitor
self._servers = servers
self._verify = verify # bool: verify what the servers claim, or not?
self._si_s = storage.si_b2a(self._storage_index)
self.init_logging()
self._share_hash_tree = None
self._crypttext_hash_tree = None
self._check_results = r = CheckerResults(self._uri, self._storage_index)
r.set_data({"count-shares-needed": k,
"count-shares-expected": N,
})
self._output = VerifyingOutput(self._size, r)
self._paused = False
self._stopped = False
def _get_buckets(self, server, storageindex, serverid):
""" Return a deferred that eventually fires with ({sharenum: bucket}, serverid,
success). In case the server is disconnected or returns a Failure then it fires with
({}, serverid, False) (A server disconnecting or returning a Failure when we ask it for
buckets is the same, for our purposes, as a server that says it has none, except that we
want to track and report whether or not each server responded.)"""
self._results = None
self.active_buckets = {} # k: shnum, v: bucket
self._share_buckets = [] # list of (sharenum, bucket) tuples
self._share_vbuckets = {} # k: shnum, v: set of ValidatedBuckets
self._uri_extension_sources = []
d = server.callRemote("get_buckets", storageindex)
self._uri_extension_data = None
def _wrap_results(res):
for k in res:
res[k] = rrefutil.WrappedRemoteReference(res[k])
return (res, serverid, True)
self._fetch_failures = {"uri_extension": 0,
"plaintext_hashroot": 0,
"plaintext_hashtree": 0,
"crypttext_hashroot": 0,
"crypttext_hashtree": 0,
}
def _trap_errs(f):
level = log.WEIRD
if f.check(DeadReferenceError):
level = log.UNUSUAL
self.log("failure from server on 'get_buckets' the REMOTE failure was:", facility="tahoe.immutable.checker", failure=f, level=level, umid="3uuBUQ")
return ({}, serverid, False)
def init_logging(self):
self._log_prefix = prefix = storage.si_b2a(self._storage_index)[:5]
num = self._client.log("SimpleCHKFileVerifier(%s): starting" % prefix)
self._log_number = num
def log(self, *args, **kwargs):
if not "parent" in kwargs:
kwargs['parent'] = self._log_number
# add a prefix to the message, regardless of how it is expressed
prefix = "SimpleCHKFileVerifier(%s): " % self._log_prefix
if "format" in kwargs:
kwargs["format"] = prefix + kwargs["format"]
elif "message" in kwargs:
kwargs["message"] = prefix + kwargs["message"]
elif args:
m = prefix + args[0]
args = (m,) + args[1:]
return self._client.log(*args, **kwargs)
def start(self):
log.msg("starting download [%s]" % storage.si_b2a(self._storage_index)[:5])
# first step: who should we download from?
d = defer.maybeDeferred(self._get_all_shareholders)
d.addCallback(self._got_all_shareholders)
# now get the uri_extension block from somebody and validate it
d.addCallback(self._obtain_uri_extension)
d.addCallback(self._get_crypttext_hash_tree)
# once we know that, we can download blocks from everybody
d.addCallback(self._download_all_segments)
d.addCallback(self._done)
d.addCallbacks(self._verify_done, self._verify_failed)
d.addCallbacks(_wrap_results, _trap_errs)
return d
def _verify_done(self, ignored):
# TODO: The following results are just stubs, and need to be replaced
# with actual values. These exist to make things like deep-check not
# fail.
self._check_results.set_needs_rebalancing(False)
N = self._total_shares
data = {
"count-shares-good": N,
"count-good-share-hosts": N,
"count-corrupt-shares": 0,
"list-corrupt-shares": [],
"servers-responding": [],
"sharemap": {},
"count-wrong-shares": 0,
"count-recoverable-versions": 1,
"count-unrecoverable-versions": 0,
}
self._check_results.set_data(data)
return self._check_results
def _download_and_verify(self, serverid, sharenum, bucket):
""" Start an attempt to download and verify every block in this bucket and return a
deferred that will eventually fire once the attempt completes.
def _verify_failed(self, ignored):
# TODO: The following results are just stubs, and need to be replaced
# with actual values. These exist to make things like deep-check not
# fail.
self._check_results.set_needs_rebalancing(False)
N = self._total_shares
data = {
"count-shares-good": 0,
"count-good-share-hosts": 0,
"count-corrupt-shares": 0,
"list-corrupt-shares": [],
"servers-responding": [],
"sharemap": {},
"count-wrong-shares": 0,
"count-recoverable-versions": 0,
"count-unrecoverable-versions": 1,
}
self._check_results.set_data(data)
return self._check_results
If you download and verify every block then fire with (True, sharenum, None), else if
the share data couldn't be parsed because it was of an unknown version number fire with
(False, sharenum, 'incompatible'), else if any of the blocks were invalid, fire with
(False, sharenum, 'corrupt'), else if the server disconnected (False, sharenum,
'disconnect'), else if the server returned a Failure during the process fire with
(False, sharenum, 'failure').
If there is an internal error such as an uncaught exception in this code, then the
deferred will errback, but if there is a remote error such as the server failing or the
returned data being incorrect then it will not errback -- it will fire normally with the
indicated results. """
b = layout.ReadBucketProxy(bucket, serverid, self._verifycap.storage_index)
veup = download.ValidatedExtendedURIProxy(b, self._verifycap)
d = veup.start()
def _errb(f):
# Okay, we didn't succeed at fetching and verifying all the blocks of this
# share. Now we need to handle different reasons for failure differently. If
# the failure isn't one of the following four classes then it will get
# re-raised.
failtype = f.trap(DeadReferenceError, rrefutil.ServerFailure, layout.LayoutInvalid, layout.RidiculouslyLargeURIExtensionBlock, download.BadOrMissingHash, download.BadURIExtensionHashValue)
if failtype is DeadReferenceError:
return (False, sharenum, 'disconnect')
elif failtype is rrefutil.ServerFailure:
return (False, sharenum, 'failure')
elif failtype is layout.ShareVersionIncompatible:
return (False, sharenum, 'incompatible')
else:
return (False, sharenum, 'corrupt')
def _got_ueb(vup):
self._share_hash_tree = hashtree.IncompleteHashTree(self._verifycap.total_shares)
self._share_hash_tree.set_hashes({0: vup.share_root_hash})
vrbp = download.ValidatedReadBucketProxy(sharenum, b, self._share_hash_tree, vup.num_segments, vup.block_size, vup.share_size)
ds = []
for blocknum in range(vup.num_segments):
def _discard_result(r):
assert isinstance(r, str), r
# to free up the RAM
return None
d2 = vrbp.get_block(blocknum)
d2.addCallback(_discard_result)
ds.append(d2)
dl = deferredutil.gatherResults(ds)
# dl will fire once every block of this share has been downloaded and verified, or else it will errback.
def _cb(result):
return (True, sharenum, None)
dl.addCallback(_cb)
return dl
d.addCallback(_got_ueb)
d.addErrback(_errb)
return d
def _verify_server_shares(self, serverid, ss):
""" Return a deferred which eventually fires with a tuple of (set(sharenum), serverid,
set(corruptsharenum), set(incompatiblesharenum), success) showing all the shares
verified to be served by this server, and all the corrupt shares served by the server,
and all the incompatible shares served by the server. In case the server is
disconnected or returns a Failure then it fires with the last element False. A server
disconnecting or returning a failure when we ask it for shares is the same, for our
purposes, as a server that says it has none or offers invalid ones, except that we want
to track and report the server's behavior. Similarly, the presence of corrupt shares is
mainly of use for diagnostics -- you can typically treat it as just like being no share
at all by just observing its absence from the verified shares dict and ignoring its
presence in the corrupt shares dict. The 'success' argument means whether the server
responded to *any* queries during this process, so if it responded to some queries and
then disconnected and ceased responding, or returned a failure, it is still marked with
the True flag for 'success'.
"""
d = self._get_buckets(ss, self._verifycap.storage_index, serverid)
def _got_buckets(result):
bucketdict, serverid, success = result
shareverds = []
for (sharenum, bucket) in bucketdict.items():
d = self._download_and_verify(serverid, sharenum, bucket)
shareverds.append(d)
dl = deferredutil.gatherResults(shareverds)
def collect(results):
verified = set()
corrupt = set()
incompatible = set()
for succ, sharenum, whynot in results:
if succ:
verified.add(sharenum)
else:
if whynot == 'corrupt':
corrupt.add(sharenum)
elif whynot == 'incompatible':
incompatible.add(sharenum)
return (verified, serverid, corrupt, incompatible, success)
dl.addCallback(collect)
return dl
def _err(f):
f.trap(rrefutil.ServerFailure)
return (set(), serverid, set(), set(), False)
d.addCallbacks(_got_buckets, _err)
return d
def _check_server_shares(self, serverid, ss):
""" Return a deferred which eventually fires with a tuple of (set(sharenum), serverid,
set(), set(), responded) showing all the shares claimed to be served by this server. In
case the server is disconnected then it fires with (set() serverid, set(), set(), False)
(a server disconnecting when we ask it for buckets is the same, for our purposes, as a
server that says it has none, except that we want to track and report whether or not
each server responded.)"""
def _curry_empty_corrupted(res):
buckets, serverid, responded = res
return (set(buckets), serverid, set(), set(), responded)
d = self._get_buckets(ss, self._verifycap.storage_index, serverid)
d.addCallback(_curry_empty_corrupted)
return d
def _format_results(self, results):
cr = CheckerResults(self._verifycap, self._verifycap.storage_index)
d = {}
d['count-shares-needed'] = self._verifycap.needed_shares
d['count-shares-expected'] = self._verifycap.total_shares
verifiedshares = {} # {sharenum: set(serverid)}
servers = {} # {serverid: set(sharenums)}
corruptsharelocators = [] # (serverid, storageindex, sharenum)
incompatiblesharelocators = [] # (serverid, storageindex, sharenum)
for theseverifiedshares, thisserverid, thesecorruptshares, theseincompatibleshares, thisresponded in results:
servers.setdefault(thisserverid, set()).update(theseverifiedshares)
for sharenum in theseverifiedshares:
verifiedshares.setdefault(sharenum, set()).add(thisserverid)
for sharenum in thesecorruptshares:
corruptsharelocators.append((thisserverid, self._verifycap.storage_index, sharenum))
for sharenum in theseincompatibleshares:
incompatiblesharelocators.append((thisserverid, self._verifycap.storage_index, sharenum))
d['count-shares-good'] = len(verifiedshares)
d['count-good-share-hosts'] = len([s for s in servers.keys() if servers[s]])
assert len(verifiedshares) <= self._verifycap.total_shares, (verifiedshares.keys(), self._verifycap.total_shares)
if len(verifiedshares) == self._verifycap.total_shares:
cr.set_healthy(True)
else:
cr.set_healthy(False)
if len(verifiedshares) >= self._verifycap.needed_shares:
cr.set_recoverable(True)
d['count-recoverable-versions'] = 1
d['count-unrecoverable-versions'] = 0
else:
cr.set_recoverable(False)
d['count-recoverable-versions'] = 0
d['count-unrecoverable-versions'] = 1
d['servers-responding'] = list(servers)
d['sharemap'] = verifiedshares
d['count-wrong-shares'] = 0 # no such thing as wrong shares of an immutable file
d['list-corrupt-shares'] = corruptsharelocators
d['count-corrupt-shares'] = len(corruptsharelocators)
d['list-incompatible-shares'] = incompatiblesharelocators
d['count-incompatible-shares'] = len(incompatiblesharelocators)
# The file needs rebalancing if the set of servers that have at least one share is less
# than the number of uniquely-numbered shares available.
cr.set_needs_rebalancing(d['count-good-share-hosts'] < d['count-shares-good'])
cr.set_data(d)
return cr
def start(self):
ds = []
if self._verify:
for (serverid, ss) in self._servers:
ds.append(self._verify_server_shares(serverid, ss))
else:
for (serverid, ss) in self._servers:
ds.append(self._check_server_shares(serverid, ss))
return deferredutil.gatherResults(ds).addCallback(self._format_results)

63
src/allmydata/immutable/filenode.py
View File

@ -10,8 +10,9 @@ from allmydata.interfaces import IFileNode, IFileURI, ICheckable, \
IDownloadTarget
from allmydata.util import log, base32
from allmydata.uri import from_string as uri_from_string
from allmydata.immutable.checker import SimpleCHKFileChecker, \
SimpleCHKFileVerifier
from allmydata.immutable.checker import Checker
from allmydata.checker_results import CheckAndRepairResults
from allmydata.immutable.repairer import Repairer
from allmydata.immutable import download
class _ImmutableFileNodeBase(object):
@ -168,9 +169,6 @@ class DownloadCache:
class FileNode(_ImmutableFileNodeBase):
checker_class = SimpleCHKFileChecker
verifier_class = SimpleCHKFileVerifier
def __init__(self, uri, client, cachefile):
_ImmutableFileNodeBase.__init__(self, uri, client)
self.download_cache = DownloadCache(self, cachefile)
@ -187,39 +185,34 @@ class FileNode(_ImmutableFileNodeBase):
def get_storage_index(self):
return self.u.storage_index
def check(self, monitor, verify=False):
# TODO: pass the Monitor to SimpleCHKFileChecker or
# SimpleCHKFileVerifier, have it call monitor.raise_if_cancelled()
# before sending each request.
storage_index = self.u.storage_index
assert IFileURI.providedBy(self.u), self.u
k = self.u.needed_shares
N = self.u.total_shares
size = self.u.size
ueb_hash = self.u.uri_extension_hash
if verify:
v = self.verifier_class(self._client,
uri_from_string(self.get_uri()), storage_index,
k, N, size, ueb_hash)
else:
v = self.checker_class(self._client,
uri_from_string(self.get_uri()), storage_index,
k, N)
return v.start()
def check_and_repair(self, monitor, verify=False):
# this is a stub, to allow the deep-check tests to pass.
#raise NotImplementedError("not implemented yet")
from allmydata.checker_results import CheckAndRepairResults
cr = CheckAndRepairResults(self.u.storage_index)
d = self.check(verify)
def _done(r):
cr.pre_repair_results = cr.post_repair_results = r
cr.repair_attempted = False
return cr
d.addCallback(_done)
verifycap = self.get_verify_cap()
servers = self._client.get_servers("storage")
c = Checker(client=self._client, verifycap=verifycap, servers=servers, verify=verify, monitor=monitor)
d = c.start()
def _maybe_repair(cr):
crr = CheckAndRepairResults(self.u.storage_index)
crr.pre_repair_results = cr
if cr.is_healthy():
crr.post_repair_results = cr
return defer.succeed(crr)
else:
def _gather_repair_results(rr):
crr.post_repair_results = rr
return crr
r = Repairer(client=self._client, verifycap=verifycap, servers=servers, monitor=monitor)
d = r.start()
d.addCallback(_gather_repair_results)
return d
d.addCallback(_maybe_repair)
return d
def check(self, monitor, verify=False):
v = Checker(client=self._client, verifycap=self.get_verify_cap(), servers=self._client.get_servers("storage"), verify=verify, monitor=monitor)
return v.start()
def read(self, consumer, offset=0, size=None):
if size is None:
size = self.get_size() - offset

3
src/allmydata/immutable/layout.py
View File

@ -418,7 +418,8 @@ class ReadBucketProxy:
raise LayoutInvalid("share hash tree corrupted -- should occupy a multiple of %d bytes, not %d bytes" % ((2+HASH_SIZE), size))
d = self._read(offset, size)
def _unpack_share_hashes(data):
assert len(data) == size
if len(data) != size:
raise LayoutInvalid("share hash tree corrupted -- got a short read of the share data -- should have gotten %d, not %d bytes" % (size, len(data)))
hashes = []
for i in range(0, size, 2+HASH_SIZE):
hashnum = struct.unpack(">H", data[i:i+2])[0]

167
src/allmydata/immutable/repairer.py Normal file
View File

@ -0,0 +1,167 @@
from twisted.internet import defer
from twisted.python import failure
from allmydata import storage
from allmydata.checker_results import CheckerResults, CheckAndRepairResults
from allmydata.immutable import download
from allmydata.util import base32, hashutil, log, nummedobj
from allmydata.util.assertutil import precondition
from allmydata.uri import CHKFileVerifierURI
from allmydata.immutable import layout
import sha
def _permute_servers(servers, key):
return sorted(servers, key=lambda x: sha.new(key+x[0]).digest())
class LogMixin(nummedobj.NummedObj):
def __init__(self, client, verifycap):
nummedobj.NummedObj.__init__(self)
self._client = client
self._verifycap = verifycap
self._storageindex = self._verifycap.storage_index
self._log_prefix = prefix = storage.si_b2a(self._storageindex)[:5]
self._parentmsgid = self._client.log("%s(%s): starting" % (self.__repr__(), self._log_prefix))
def log(self, msg, parent=None, *args, **kwargs):
if parent is None:
parent = self._parentmsgid
return self._client.log("%s(%s): %s" % (self.__repr__(), self._log_prefix, msg), parent=parent, *args, **kwargs)
class Repairer(LogMixin):
""" I generate any shares which were not available and upload them to servers.
Which servers? Well, I take the list of servers and if I used the Checker in verify mode
then I exclude any servers which claimed to have a share but then either failed to serve it
up or served up a corrupted one when I asked for it. (If I didn't use verify mode, then I
won't exclude any servers, not even servers which, when I subsequently attempt to download
the file during repair, claim to have a share but then fail to produce it or then produce a
corrupted share.) Then I perform the normal server-selection process of permuting the order
of the servers with the storage index, and choosing the next server which doesn't already
have more shares than others.
My process of uploading replacement shares proceeds in a segment-wise fashion -- first I ask
servers if they can hold the new shares, and wait until enough have agreed then I download
the first segment of the file and upload the first block of each replacement share, and only
after all those blocks have been uploaded do I download the second segment of the file and
upload the second block of each replacement share to its respective server. (I do it this
way in order to minimize the amount of downloading I have to do and the amount of memory I
have to use at any one time.)
If any of the servers to which I am uploading replacement shares fails to accept the blocks
during this process, then I just stop using that server, abandon any share-uploads that were
going to that server, and proceed to finish uploading the remaining shares to their
respective servers. At the end of my work, I produce an object which satisfies the
ICheckAndRepairResults interface (by firing the deferred that I returned from start() and
passing that check-and-repair-results object).
Before I send any new request to a server, I always ask the "monitor" object that was passed
into my constructor whether this task has been cancelled (by invoking its
raise_if_cancelled() method).
"""
def __init__(self, client, verifycap, servers, monitor):
assert precondition(isinstance(verifycap, CHKFileVerifierURI))
assert precondition(isinstance(servers, (set, frozenset)))
for (serverid, serverrref) in servers:
assert precondition(isinstance(serverid, str))
LogMixin.__init__(self, client, verifycap)
self._monitor = monitor
self._servers = servers
def start(self):
self.log("starting download")
d = defer.succeed(_permute_servers(self._servers, self._storageindex))
d.addCallback(self._check_phase)
d.addCallback(self._repair_phase)
return d
def _check_phase(self, unused=None):
return unused
def _repair_phase(self, unused=None):
bogusresults = CheckAndRepairResults(self._storageindex) # XXX THIS REPAIRER NOT HERE YET
bogusresults.pre_repair_results = CheckerResults(self._verifycap, self._storageindex)
bogusresults.pre_repair_results.set_healthy(True)
bogusresults.pre_repair_results.set_needs_rebalancing(False)
bogusresults.post_repair_results = CheckerResults(self._verifycap, self._storageindex)
bogusresults.post_repair_results.set_healthy(True)
bogusresults.post_repair_results.set_needs_rebalancing(False)
bogusdata = {}
bogusdata['count-shares-good'] = "this repairer not here yet"
bogusdata['count-shares-needed'] = "this repairer not here yet"
bogusdata['count-shares-expected'] = "this repairer not here yet"
bogusdata['count-good-share-hosts'] = "this repairer not here yet"
bogusdata['count-corrupt-shares'] = "this repairer not here yet"
bogusdata['count-list-corrupt-shares'] = [] # XXX THIS REPAIRER NOT HERE YET
bogusdata['servers-responding'] = [] # XXX THIS REPAIRER NOT HERE YET
bogusdata['sharemap'] = {} # XXX THIS REPAIRER NOT HERE YET
bogusdata['count-wrong-shares'] = "this repairer not here yet"
bogusdata['count-recoverable-versions'] = "this repairer not here yet"
bogusdata['count-unrecoverable-versions'] = "this repairer not here yet"
bogusresults.pre_repair_results.data.update(bogusdata)
bogusresults.post_repair_results.data.update(bogusdata)
return bogusresults
def _get_all_shareholders(self, ignored=None):
dl = []
for (peerid,ss) in self._client.get_permuted_peers("storage",
self._storageindex):
d = ss.callRemote("get_buckets", self._storageindex)
d.addCallbacks(self._got_response, self._got_error,
callbackArgs=(peerid,))
dl.append(d)
self._responses_received = 0
self._queries_sent = len(dl)
if self._status:
self._status.set_status("Locating Shares (%d/%d)" %
(self._responses_received,
self._queries_sent))
return defer.DeferredList(dl)
def _got_response(self, buckets, peerid):
self._responses_received += 1
if self._results:
elapsed = time.time() - self._started
self._results.timings["servers_peer_selection"][peerid] = elapsed
if self._status:
self._status.set_status("Locating Shares (%d/%d)" %
(self._responses_received,
self._queries_sent))
for sharenum, bucket in buckets.iteritems():
b = layout.ReadBucketProxy(bucket, peerid, self._si_s)
self.add_share_bucket(sharenum, b)
self._uri_extension_sources.append(b)
if self._results:
if peerid not in self._results.servermap:
self._results.servermap[peerid] = set()
self._results.servermap[peerid].add(sharenum)
def _got_all_shareholders(self, res):
if self._results:
now = time.time()
self._results.timings["peer_selection"] = now - self._started
if len(self._share_buckets) < self._num_needed_shares:
raise NotEnoughSharesError
def _verify_done(self, ignored):
# TODO: The following results are just stubs, and need to be replaced
# with actual values. These exist to make things like deep-check not
# fail. XXX
self._check_results.set_needs_rebalancing(False)
N = self._total_shares
data = {
"count-shares-good": N,
"count-good-share-hosts": N,
"count-corrupt-shares": 0,
"list-corrupt-shares": [],
"servers-responding": [],
"sharemap": {},
"count-wrong-shares": 0,
"count-recoverable-versions": 1,
"count-unrecoverable-versions": 0,
}
self._check_results.set_data(data)
return self._check_results

399
src/allmydata/test/test_immutable.py
View File

@ -1,4 +1,3 @@
from allmydata.test.common import SystemTestMixin, ShareManglingMixin
from allmydata.monitor import Monitor
from allmydata.interfaces import IURI, NotEnoughSharesError
@ -23,6 +22,10 @@ def corrupt_field(data, offset, size, debug=False):
log.msg("testing: corrupting offset %d, size %d randomizing field, orig: %r, newval: %r" % (offset, size, data[offset:offset+size], newval))
return data[:offset]+newval+data[offset+size:]
def _corrupt_nothing(data):
""" Leave the data pristine. """
return data
def _corrupt_file_version_number(data):
""" Scramble the file data -- the share file version number have one bit flipped or else
will be changed to a random value."""
@ -45,7 +48,7 @@ def _corrupt_sharedata_version_number(data):
newsharevernumbytes = struct.pack(">l", newsharevernum)
return data[:0x0c] + newsharevernumbytes + data[0x0c+4:]
def _corrupt_sharedata_version_number_to_known_version(data):
def _corrupt_sharedata_version_number_to_plausible_version(data):
""" Scramble the file data -- the share data version number will
be changed to 2 if it is 1 or else to 1 if it is 2."""
sharevernum = struct.unpack(">l", data[0x0c:0x0c+4])[0]
@ -324,16 +327,16 @@ class Test(ShareManglingMixin, unittest.TestCase):
# The following process of leaving 8 of the shares deleted and asserting that you can't
# repair it is more to test this test code than to test the Tahoe code...
def _then_repair(unused=None):
d2 = self.filenode.check_and_repair(Monitor(), verify=False)
def _after_repair(checkandrepairresults):
prerepairres = checkandrepairresults.get_pre_repair_results()
postrepairres = checkandrepairresults.get_post_repair_results()
self.failIf(prerepairres.is_healthy())
self.failIf(postrepairres.is_healthy())
d2.addCallback(_after_repair)
return d2
d.addCallback(_then_repair)
#TODO def _then_repair(unused=None):
#TODO d2 = self.filenode.check_and_repair(Monitor(), verify=False)
#TODO def _after_repair(checkandrepairresults):
#TODO prerepairres = checkandrepairresults.get_pre_repair_results()
#TODO postrepairres = checkandrepairresults.get_post_repair_results()
#TODO self.failIf(prerepairres.is_healthy())
#TODO self.failIf(postrepairres.is_healthy())
#TODO d2.addCallback(_after_repair)
#TODO return d2
#TODO d.addCallback(_then_repair)
return d
def _count_reads(self):
@ -357,19 +360,22 @@ class Test(ShareManglingMixin, unittest.TestCase):
k = ks[0]
shares[k] = corruptor_func(shares[k])
self.replace_shares(shares, storage_index=self.uri.storage_index)
return corruptor_func
def _corrupt_all_shares(self, unused, corruptor_func):
""" All shares on disk will be corrupted by corruptor_func. """
shares = self.find_shares()
for k in shares.keys():
self._corrupt_a_share(unused, corruptor_func, k[1])
return corruptor_func
def _corrupt_a_random_share(self, unused, corruptor_func):
""" Exactly one share on disk will be corrupted by corruptor_func. """
shares = self.find_shares()
ks = shares.keys()
k = random.choice(ks)
return self._corrupt_a_share(unused, corruptor_func, k[1])
self._corrupt_a_share(unused, corruptor_func, k[1])
return corruptor_func
def test_download(self):
""" Basic download. (This functionality is more or less already tested by test code in
@ -507,25 +513,10 @@ class Test(ShareManglingMixin, unittest.TestCase):
return d
def test_check_with_verify(self):
""" Check says the file is healthy when none of the shares have been touched. It says
that the file is unhealthy if any field of any share has been corrupted. It doesn't use
more than twice as many reads as it needs. """
def _help_test_verify(self, corruptor_funcs, judgement_func):
LEEWAY = 7 # We'll allow you to pass this test even if you trigger seven times as many disk reads and blocks sends as would be optimal.
DELTA_READS = 10 * LEEWAY # N = 10
d = defer.succeed(self.filenode)
def _check_pristine(filenode):
before_check_reads = self._count_reads()
d2 = filenode.check(Monitor(), verify=True)
def _after_check(checkresults):
after_check_reads = self._count_reads()
self.failIf(after_check_reads - before_check_reads > DELTA_READS, (after_check_reads, before_check_reads, DELTA_READS))
self.failUnless(checkresults.is_healthy())
d2.addCallback(_after_check)
return d2
d.addCallback(_check_pristine)
d = defer.succeed(None)
d.addCallback(self.find_shares)
stash = [None]
@ -533,156 +524,238 @@ class Test(ShareManglingMixin, unittest.TestCase):
stash[0] = res
return res
d.addCallback(_stash_it)
def _check_after_feckless_corruption(ignored, corruptor_func):
# Corruption which has no effect -- bits of the share file that are unused.
before_check_reads = self._count_reads()
d2 = self.filenode.check(Monitor(), verify=True)
def _after_check(checkresults):
after_check_reads = self._count_reads()
self.failIf(after_check_reads - before_check_reads > DELTA_READS)
self.failUnless(checkresults.is_healthy(), (checkresults, checkresults.is_healthy(), checkresults.get_data(), corruptor_func))
data = checkresults.get_data()
self.failUnless(data['count-shares-good'] == 10, data)
self.failUnless(len(data['sharemap']) == 10, data)
self.failUnless(data['count-shares-needed'] == 3, data)
self.failUnless(data['count-shares-expected'] == 10, data)
self.failUnless(data['count-good-share-hosts'] == 5, data)
self.failUnless(len(data['servers-responding']) == 5, data)
self.failUnless(len(data['list-corrupt-shares']) == 0, data)
d2.addCallback(_after_check)
return d2
def _put_it_all_back(ignored):
self.replace_shares(stash[0], storage_index=self.uri.storage_index)
return ignored
for corruptor_func in (
def _verify_after_corruption(corruptor_func):
before_check_reads = self._count_reads()
d2 = self.filenode.check(Monitor(), verify=True)
def _after_check(checkresults):
after_check_reads = self._count_reads()
self.failIf(after_check_reads - before_check_reads > DELTA_READS)
try:
return judgement_func(checkresults)
except Exception, le:
le.args = tuple(le.args + ("corruptor_func: " + corruptor_func.__name__,))
raise
d2.addCallback(_after_check)
return d2
for corruptor_func in corruptor_funcs:
d.addCallback(self._corrupt_a_random_share, corruptor_func)
d.addCallback(_verify_after_corruption)
d.addCallback(_put_it_all_back)
return d
def test_verify_no_problem(self):
""" Verify says the file is healthy when none of the shares have been touched in a way
that matters. It doesn't use more than seven times as many reads as it needs."""
def judge(checkresults):
self.failUnless(checkresults.is_healthy(), (checkresults, checkresults.is_healthy(), checkresults.get_data()))
data = checkresults.get_data()
self.failUnless(data['count-shares-good'] == 10, data)
self.failUnless(len(data['sharemap']) == 10, data)
self.failUnless(data['count-shares-needed'] == 3, data)
self.failUnless(data['count-shares-expected'] == 10, data)
self.failUnless(data['count-good-share-hosts'] == 5, data)
self.failUnless(len(data['servers-responding']) == 5, data)
self.failUnless(len(data['list-corrupt-shares']) == 0, data)
return self._help_test_verify([
_corrupt_nothing,
_corrupt_size_of_file_data,
_corrupt_size_of_sharedata,
_corrupt_segment_size,
):
d.addCallback(self._corrupt_a_random_share, corruptor_func)
d.addCallback(_check_after_feckless_corruption, corruptor_func=corruptor_func)
d.addCallback(_put_it_all_back)
_corrupt_segment_size, ], judge)
def _check_after_server_visible_corruption(ignored, corruptor_func):
# Corruption which is detected by the server means that the server will send you
# back a Failure in response to get_bucket instead of giving you the share data.
before_check_reads = self._count_reads()
d2 = self.filenode.check(Monitor(), verify=True)
def _after_check(checkresults):
after_check_reads = self._count_reads()
self.failIf(after_check_reads - before_check_reads > DELTA_READS)
self.failIf(checkresults.is_healthy(), (checkresults, checkresults.is_healthy(), checkresults.get_data(), corruptor_func))
data = checkresults.get_data()
# The server might fail to serve up its other share as well as the corrupted
# one, so count-shares-good could be 8 or 9.
self.failUnless(data['count-shares-good'] in (8, 9), data)
self.failUnless(len(data['sharemap']) in (8, 9,), data)
self.failUnless(data['count-shares-needed'] == 3, data)
self.failUnless(data['count-shares-expected'] == 10, data)
# The server may have served up the non-corrupted share, or it may not have, so
# the checker could have detected either 4 or 5 good servers.
self.failUnless(data['count-good-share-hosts'] in (4, 5), data)
self.failUnless(len(data['servers-responding']) in (4, 5), data)
# If the server served up the other share, then the checker should consider it good, else it should
# not.
self.failUnless((data['count-shares-good'] == 9) == (data['count-good-share-hosts'] == 5), data)
self.failUnless(len(data['list-corrupt-shares']) == 0, data)
d2.addCallback(_after_check)
return d2
for corruptor_func in (
def test_verify_server_visible_corruption(self):
""" Corruption which is detected by the server means that the server will send you back
a Failure in response to get_bucket instead of giving you the share data. Test that
verifier handles these answers correctly. It doesn't use more than seven times as many
reads as it needs."""
def judge(checkresults):
self.failIf(checkresults.is_healthy(), (checkresults, checkresults.is_healthy(), checkresults.get_data()))
data = checkresults.get_data()
# The server might fail to serve up its other share as well as the corrupted
# one, so count-shares-good could be 8 or 9.
self.failUnless(data['count-shares-good'] in (8, 9), data)
self.failUnless(len(data['sharemap']) in (8, 9,), data)
self.failUnless(data['count-shares-needed'] == 3, data)
self.failUnless(data['count-shares-expected'] == 10, data)
# The server may have served up the non-corrupted share, or it may not have, so
# the checker could have detected either 4 or 5 good servers.
self.failUnless(data['count-good-share-hosts'] in (4, 5), data)
self.failUnless(len(data['servers-responding']) in (4, 5), data)
# If the server served up the other share, then the checker should consider it good, else it should
# not.
self.failUnless((data['count-shares-good'] == 9) == (data['count-good-share-hosts'] == 5), data)
self.failUnless(len(data['list-corrupt-shares']) == 0, data)
return self._help_test_verify([
_corrupt_file_version_number,
):
d.addCallback(self._corrupt_a_random_share, corruptor_func)
d.addCallback(_check_after_server_visible_corruption, corruptor_func=corruptor_func)
d.addCallback(_put_it_all_back)
], judge)
def _check_after_share_incompatibility(ignored, corruptor_func):
# Corruption which means the share is indistinguishable from a share of an
# incompatible version.
before_check_reads = self._count_reads()
d2 = self.filenode.check(Monitor(), verify=True)
def _after_check(checkresults):
after_check_reads = self._count_reads()
self.failIf(after_check_reads - before_check_reads > DELTA_READS)
self.failIf(checkresults.is_healthy(), (checkresults, checkresults.is_healthy(), checkresults.get_data(), corruptor_func))
data = checkresults.get_data()
self.failUnless(data['count-shares-good'] == 9, data)
self.failUnless(len(data['sharemap']) == 9, data)
self.failUnless(data['count-shares-needed'] == 3, data)
self.failUnless(data['count-shares-expected'] == 10, data)
self.failUnless(data['count-good-share-hosts'] == 5, data)
self.failUnless(len(data['servers-responding']) == 5, data)
self.failUnless(len(data['list-corrupt-shares']) == 0, data)
self.failUnless(len(data['list-corrupt-shares']) == data['count-corrupt-shares'], data)
self.failUnless(len(data['list-incompatible-shares']) == data['count-incompatible-shares'], data)
self.failUnless(len(data['list-incompatible-shares']) == 1, data)
d2.addCallback(_after_check)
return d2
for corruptor_func in (
def test_verify_share_incompatibility(self):
def judge(checkresults):
self.failIf(checkresults.is_healthy(), (checkresults, checkresults.is_healthy(), checkresults.get_data()))
data = checkresults.get_data()
self.failUnless(data['count-shares-good'] == 9, data)
self.failUnless(len(data['sharemap']) == 9, data)
self.failUnless(data['count-shares-needed'] == 3, data)
self.failUnless(data['count-shares-expected'] == 10, data)
self.failUnless(data['count-good-share-hosts'] == 5, data)
self.failUnless(len(data['servers-responding']) == 5, data)
self.failUnless(len(data['list-corrupt-shares']) == 1, data)
self.failUnless(len(data['list-corrupt-shares']) == data['count-corrupt-shares'], data)
self.failUnless(len(data['list-incompatible-shares']) == data['count-incompatible-shares'], data)
self.failUnless(len(data['list-incompatible-shares']) == 0, data)
return self._help_test_verify([
_corrupt_sharedata_version_number,
):
d.addCallback(self._corrupt_a_random_share, corruptor_func)
d.addCallback(_check_after_share_incompatibility, corruptor_func=corruptor_func)
d.addCallback(_put_it_all_back)
], judge)
def _check_after_server_invisible_corruption(ignored, corruptor_func):
# Corruption which is not detected by the server means that the server will send you
# back the share data, but you will detect that it is wrong.
before_check_reads = self._count_reads()
d2 = self.filenode.check(Monitor(), verify=True)
def _after_check(checkresults):
after_check_reads = self._count_reads()
# print "delta was ", after_check_reads - before_check_reads
self.failIf(after_check_reads - before_check_reads > DELTA_READS)
self.failIf(checkresults.is_healthy(), (checkresults, checkresults.is_healthy(), checkresults.get_data(), corruptor_func))
data = checkresults.get_data()
self.failUnless(data['count-shares-good'] == 9, data)
self.failUnless(data['count-shares-needed'] == 3, data)
self.failUnless(data['count-shares-expected'] == 10, data)
self.failUnless(data['count-good-share-hosts'] == 5, data)
self.failUnless(data['count-corrupt-shares'] == 1, (data, corruptor_func))
self.failUnless(len(data['list-corrupt-shares']) == 1, data)
self.failUnless(len(data['list-corrupt-shares']) == data['count-corrupt-shares'], data)
self.failUnless(len(data['list-incompatible-shares']) == data['count-incompatible-shares'], data)
self.failUnless(len(data['list-incompatible-shares']) == 0, data)
self.failUnless(len(data['servers-responding']) == 5, data)
self.failUnless(len(data['sharemap']) == 9, data)
d2.addCallback(_after_check)
return d2
for corruptor_func in (
_corrupt_sharedata_version_number_to_known_version,
def test_verify_server_invisible_corruption(self):
def judge(checkresults):
self.failIf(checkresults.is_healthy(), (checkresults, checkresults.is_healthy(), checkresults.get_data()))
data = checkresults.get_data()
self.failUnless(data['count-shares-good'] == 9, data)
self.failUnless(data['count-shares-needed'] == 3, data)
self.failUnless(data['count-shares-expected'] == 10, data)
self.failUnless(data['count-good-share-hosts'] == 5, data)
self.failUnless(data['count-corrupt-shares'] == 1, (data,))
self.failUnless(len(data['list-corrupt-shares']) == 1, data)
self.failUnless(len(data['list-corrupt-shares']) == data['count-corrupt-shares'], data)
self.failUnless(len(data['list-incompatible-shares']) == data['count-incompatible-shares'], data)
self.failUnless(len(data['list-incompatible-shares']) == 0, data)
self.failUnless(len(data['servers-responding']) == 5, data)
self.failUnless(len(data['sharemap']) == 9, data)
return self._help_test_verify([
_corrupt_offset_of_sharedata,
_corrupt_offset_of_ciphertext_hash_tree,
_corrupt_offset_of_block_hashes,
_corrupt_offset_of_share_hashes,
_corrupt_offset_of_uri_extension,
_corrupt_offset_of_uri_extension_to_force_short_read,
_corrupt_share_data,
_corrupt_crypttext_hash_tree,
_corrupt_block_hashes,
_corrupt_share_hashes,
_corrupt_length_of_uri_extension,
_corrupt_uri_extension,
):
d.addCallback(self._corrupt_a_random_share, corruptor_func)
d.addCallback(_check_after_server_invisible_corruption, corruptor_func=corruptor_func)
d.addCallback(_put_it_all_back)
return d
test_check_with_verify.todo = "We haven't implemented a verifier this thorough yet."
], judge)
def test_verify_server_invisible_corruption_offset_of_block_hashtree_TODO(self):
def judge(checkresults):
self.failIf(checkresults.is_healthy(), (checkresults, checkresults.is_healthy(), checkresults.get_data()))
data = checkresults.get_data()
self.failUnless(data['count-shares-good'] == 9, data)
self.failUnless(data['count-shares-needed'] == 3, data)
self.failUnless(data['count-shares-expected'] == 10, data)
self.failUnless(data['count-good-share-hosts'] == 5, data)
self.failUnless(data['count-corrupt-shares'] == 1, (data,))
self.failUnless(len(data['list-corrupt-shares']) == 1, data)
self.failUnless(len(data['list-corrupt-shares']) == data['count-corrupt-shares'], data)
self.failUnless(len(data['list-incompatible-shares']) == data['count-incompatible-shares'], data)
self.failUnless(len(data['list-incompatible-shares']) == 0, data)
self.failUnless(len(data['servers-responding']) == 5, data)
self.failUnless(len(data['sharemap']) == 9, data)
return self._help_test_verify([
_corrupt_offset_of_block_hashes,
], judge)
test_verify_server_invisible_corruption_offset_of_block_hashtree_TODO.todo = "Verifier doesn't yet properly detect this kind of corruption."
def test_verify_server_invisible_corruption_sharedata_plausible_version(self):
def judge(checkresults):
self.failIf(checkresults.is_healthy(), (checkresults, checkresults.is_healthy(), checkresults.get_data()))
data = checkresults.get_data()
self.failUnless(data['count-shares-good'] == 9, data)
self.failUnless(data['count-shares-needed'] == 3, data)
self.failUnless(data['count-shares-expected'] == 10, data)
self.failUnless(data['count-good-share-hosts'] == 5, data)
self.failUnless(data['count-corrupt-shares'] == 1, (data,))
self.failUnless(len(data['list-corrupt-shares']) == 1, data)
self.failUnless(len(data['list-corrupt-shares']) == data['count-corrupt-shares'], data)
self.failUnless(len(data['list-incompatible-shares']) == data['count-incompatible-shares'], data)
self.failUnless(len(data['list-incompatible-shares']) == 0, data)
self.failUnless(len(data['servers-responding']) == 5, data)
self.failUnless(len(data['sharemap']) == 9, data)
return self._help_test_verify([
_corrupt_sharedata_version_number_to_plausible_version,
], judge)
def test_verify_server_invisible_corruption_offset_of_share_hashtree_TODO(self):
def judge(checkresults):
self.failIf(checkresults.is_healthy(), (checkresults, checkresults.is_healthy(), checkresults.get_data()))
data = checkresults.get_data()
self.failUnless(data['count-shares-good'] == 9, data)
self.failUnless(data['count-shares-needed'] == 3, data)
self.failUnless(data['count-shares-expected'] == 10, data)
self.failUnless(data['count-good-share-hosts'] == 5, data)
self.failUnless(data['count-corrupt-shares'] == 1, (data,))
self.failUnless(len(data['list-corrupt-shares']) == 1, data)
self.failUnless(len(data['list-corrupt-shares']) == data['count-corrupt-shares'], data)
self.failUnless(len(data['list-incompatible-shares']) == data['count-incompatible-shares'], data)
self.failUnless(len(data['list-incompatible-shares']) == 0, data)
self.failUnless(len(data['servers-responding']) == 5, data)
self.failUnless(len(data['sharemap']) == 9, data)
return self._help_test_verify([
_corrupt_offset_of_share_hashes,
], judge)
test_verify_server_invisible_corruption_offset_of_share_hashtree_TODO.todo = "Verifier doesn't yet properly detect this kind of corruption."
def test_verify_server_invisible_corruption_offset_of_ciphertext_hashtree_TODO(self):
def judge(checkresults):
self.failIf(checkresults.is_healthy(), (checkresults, checkresults.is_healthy(), checkresults.get_data()))
data = checkresults.get_data()
self.failUnless(data['count-shares-good'] == 9, data)
self.failUnless(data['count-shares-needed'] == 3, data)
self.failUnless(data['count-shares-expected'] == 10, data)
self.failUnless(data['count-good-share-hosts'] == 5, data)
self.failUnless(data['count-corrupt-shares'] == 1, (data,))
self.failUnless(len(data['list-corrupt-shares']) == 1, data)
self.failUnless(len(data['list-corrupt-shares']) == data['count-corrupt-shares'], data)
self.failUnless(len(data['list-incompatible-shares']) == data['count-incompatible-shares'], data)
self.failUnless(len(data['list-incompatible-shares']) == 0, data)
self.failUnless(len(data['servers-responding']) == 5, data)
self.failUnless(len(data['sharemap']) == 9, data)
return self._help_test_verify([
_corrupt_offset_of_ciphertext_hash_tree,
], judge)
test_verify_server_invisible_corruption_offset_of_ciphertext_hashtree_TODO.todo = "Verifier doesn't yet properly detect this kind of corruption."
def test_verify_server_invisible_corruption_cryptext_hash_tree_TODO(self):
def judge(checkresults):
self.failIf(checkresults.is_healthy(), (checkresults, checkresults.is_healthy(), checkresults.get_data()))
data = checkresults.get_data()
self.failUnless(data['count-shares-good'] == 9, data)
self.failUnless(data['count-shares-needed'] == 3, data)
self.failUnless(data['count-shares-expected'] == 10, data)
self.failUnless(data['count-good-share-hosts'] == 5, data)
self.failUnless(data['count-corrupt-shares'] == 1, (data,))
self.failUnless(len(data['list-corrupt-shares']) == 1, data)
self.failUnless(len(data['list-corrupt-shares']) == data['count-corrupt-shares'], data)
self.failUnless(len(data['list-incompatible-shares']) == data['count-incompatible-shares'], data)
self.failUnless(len(data['list-incompatible-shares']) == 0, data)
self.failUnless(len(data['servers-responding']) == 5, data)
self.failUnless(len(data['sharemap']) == 9, data)
return self._help_test_verify([
_corrupt_crypttext_hash_tree,
], judge)
test_verify_server_invisible_corruption_cryptext_hash_tree_TODO.todo = "Verifier doesn't yet properly detect this kind of corruption."
def test_verify_server_invisible_corruption_block_hash_tree_TODO(self):
def judge(checkresults):
self.failIf(checkresults.is_healthy(), (checkresults, checkresults.is_healthy(), checkresults.get_data()))
data = checkresults.get_data()
self.failUnless(data['count-shares-good'] == 9, data)
self.failUnless(data['count-shares-needed'] == 3, data)
self.failUnless(data['count-shares-expected'] == 10, data)
self.failUnless(data['count-good-share-hosts'] == 5, data)
self.failUnless(data['count-corrupt-shares'] == 1, (data,))
self.failUnless(len(data['list-corrupt-shares']) == 1, data)
self.failUnless(len(data['list-corrupt-shares']) == data['count-corrupt-shares'], data)
self.failUnless(len(data['list-incompatible-shares']) == data['count-incompatible-shares'], data)
self.failUnless(len(data['list-incompatible-shares']) == 0, data)
self.failUnless(len(data['servers-responding']) == 5, data)
self.failUnless(len(data['sharemap']) == 9, data)
return self._help_test_verify([
_corrupt_block_hashes,
], judge)
test_verify_server_invisible_corruption_block_hash_tree_TODO.todo = "Verifier doesn't yet properly detect this kind of corruption."
def test_repair(self):
""" Repair replaces a share that got deleted. """
@ -782,7 +855,7 @@ class Test(ShareManglingMixin, unittest.TestCase):
for corruptor_func in (
_corrupt_file_version_number,
_corrupt_sharedata_version_number,
_corrupt_sharedata_version_number_to_known_version,
_corrupt_sharedata_version_number_to_plausible_version,
_corrupt_offset_of_sharedata,
_corrupt_offset_of_ciphertext_hash_tree,
_corrupt_offset_of_block_hashes,

51
src/allmydata/test/test_system.py
View File

@ -2167,25 +2167,25 @@ class DeepCheckWebGood(DeepCheckBase, unittest.TestCase):
d.addCallback(self.check_and_repair_is_healthy, self.root, "root")
d.addCallback(lambda ign: self.mutable.check_and_repair(Monitor()))
d.addCallback(self.check_and_repair_is_healthy, self.mutable, "mutable")
d.addCallback(lambda ign: self.large.check_and_repair(Monitor()))
d.addCallback(self.check_and_repair_is_healthy, self.large, "large")
d.addCallback(lambda ign: self.small.check_and_repair(Monitor()))
d.addCallback(self.failUnlessEqual, None, "small")
d.addCallback(lambda ign: self.small2.check_and_repair(Monitor()))
d.addCallback(self.failUnlessEqual, None, "small2")
#TODO d.addCallback(lambda ign: self.large.check_and_repair(Monitor()))
#TODO d.addCallback(self.check_and_repair_is_healthy, self.large, "large")
#TODO d.addCallback(lambda ign: self.small.check_and_repair(Monitor()))
#TODO d.addCallback(self.failUnlessEqual, None, "small")
#TODO d.addCallback(lambda ign: self.small2.check_and_repair(Monitor()))
#TODO d.addCallback(self.failUnlessEqual, None, "small2")
# check_and_repair(verify=True)
d.addCallback(lambda ign: self.root.check_and_repair(Monitor(), verify=True))
d.addCallback(self.check_and_repair_is_healthy, self.root, "root")
d.addCallback(lambda ign: self.mutable.check_and_repair(Monitor(), verify=True))
d.addCallback(self.check_and_repair_is_healthy, self.mutable, "mutable")
d.addCallback(lambda ign: self.large.check_and_repair(Monitor(), verify=True))
d.addCallback(self.check_and_repair_is_healthy, self.large, "large",
incomplete=True)
d.addCallback(lambda ign: self.small.check_and_repair(Monitor(), verify=True))
d.addCallback(self.failUnlessEqual, None, "small")
d.addCallback(lambda ign: self.small2.check_and_repair(Monitor(), verify=True))
d.addCallback(self.failUnlessEqual, None, "small2")
#TODO d.addCallback(lambda ign: self.large.check_and_repair(Monitor(), verify=True))
#TODO d.addCallback(self.check_and_repair_is_healthy, self.large, "large",
#TODO incomplete=True)
#TODO d.addCallback(lambda ign: self.small.check_and_repair(Monitor(), verify=True))
#TODO d.addCallback(self.failUnlessEqual, None, "small")
#TODO d.addCallback(lambda ign: self.small2.check_and_repair(Monitor(), verify=True))
#TODO d.addCallback(self.failUnlessEqual, None, "small2")
# now deep-check the root, with various verify= and repair= options
@ -2703,11 +2703,8 @@ class DeepCheckWebBad(DeepCheckBase, unittest.TestCase):
d.addCallback(lambda ign: _checkv("mutable-unrecoverable",
self.check_is_unrecoverable))
d.addCallback(lambda ign: _checkv("large-good", self.check_is_healthy))
# disabled pending immutable verifier
#d.addCallback(lambda ign: _checkv("large-missing-shares",
# self.check_is_missing_shares))
#d.addCallback(lambda ign: _checkv("large-corrupt-shares",
# self.check_has_corrupt_shares))
d.addCallback(lambda ign: _checkv("large-missing-shares", self.check_is_missing_shares))
d.addCallback(lambda ign: _checkv("large-corrupt-shares", self.check_has_corrupt_shares))
d.addCallback(lambda ign: _checkv("large-unrecoverable",
self.check_is_unrecoverable))
@ -2734,13 +2731,10 @@ class DeepCheckWebBad(DeepCheckBase, unittest.TestCase):
self.failUnless(IDeepCheckResults.providedBy(cr))
c = cr.get_counters()
self.failUnlessEqual(c["count-objects-checked"], 9)
# until we have a real immutable verifier, these counts will be
# off
#self.failUnlessEqual(c["count-objects-healthy"], 3)
#self.failUnlessEqual(c["count-objects-unhealthy"], 6)
self.failUnlessEqual(c["count-objects-healthy"], 5) # todo
self.failUnlessEqual(c["count-objects-unhealthy"], 4)
self.failUnlessEqual(c["count-objects-unrecoverable"], 2, str(c))
self.failUnlessEqual(c["count-objects-healthy"], 3)
self.failUnlessEqual(c["count-objects-unhealthy"], 6)
self.failUnlessEqual(c["count-objects-healthy"], 3) # root, mutable good, large good
self.failUnlessEqual(c["count-objects-unrecoverable"], 2) # mutable unrecoverable, large unrecoverable
d.addCallback(_check2)
return d
@ -2819,11 +2813,8 @@ class DeepCheckWebBad(DeepCheckBase, unittest.TestCase):
self.json_is_unrecoverable))
d.addCallback(lambda ign: _checkv("large-good",
self.json_is_healthy))
# disabled pending immutable verifier
#d.addCallback(lambda ign: _checkv("large-missing-shares",
# self.json_is_missing_shares))
#d.addCallback(lambda ign: _checkv("large-corrupt-shares",
# self.json_has_corrupt_shares))
d.addCallback(lambda ign: _checkv("large-missing-shares", self.json_is_missing_shares))
d.addCallback(lambda ign: _checkv("large-corrupt-shares", self.json_has_corrupt_shares))
d.addCallback(lambda ign: _checkv("large-unrecoverable",
self.json_is_unrecoverable))