Commit Graph

3478 Commits

Author SHA1 Message Date
Zooko O'Whielacronx
6011f4522f immutable: do not catch arbitrary exceptions/failures from the attempt to get a crypttext hash tree -- catch only ServerFailure, IntegrityCheckReject, LayoutInvalid, ShareVersionIncompatible, and DeadReferenceError
Once again I inserted a bug into the code, and once again it was hidden by something catching arbitrary exception/failure and assuming that it means the server failed to provide valid data.
2009-01-07 22:25:51 -07:00
Zooko O'Whielacronx
e598ca2f3f download: make sure you really get all the crypttext hashes
We were not making sure that we really got all the crypttext hashes during download.  If a server were to return less than the complete set of crypttext hashes, then our subsequent attempt to verify the correctness of the ciphertext would fail.  (And it wouldn't be obvious without very careful debugging why it had failed.)
This patch makes it so that you keep trying to get ciphertext hashes until you have a full set or you run out of servers to ask.
2009-01-07 20:26:38 -07:00
Zooko O'Whielacronx
2122ba78b3 util: deferredutil: undo my recent patch to use our own implementation of gatherResults
It seems to cause lots of failures on some builders.
2009-01-07 11:00:05 -07:00
Zooko O'Whielacronx
79535e4f5b util: deferredutil: implement our own gatherResults instead of using Twisted's
Because we want to maintain backwards compatibility to Twisted 2.4.0.
2009-01-07 10:32:07 -07:00
Zooko O'Whielacronx
78306cf7fa trivial: M-x whitespace-cleanup 2009-01-07 10:25:28 -07:00
Zooko O'Whielacronx
a54eba1d80 util: deferredutil: add basic test for deferredutil.gatherResults
Also I checked and Twisted 2.4.0 supports .subFailure and the other parts of the API that we require.
2009-01-07 08:13:42 -07:00
Zooko O'Whielacronx
d5a6eed407 trivial: fix redefinition of name "log" in imports (pyflakes) 2009-01-06 22:08:29 -07:00
Zooko O'Whielacronx
c85f75bb08 immutable: refactor uploader to do just encoding-and-uploading, not encryption
This makes Uploader take an EncryptedUploadable object instead of an Uploadable object.  I also changed it to return a verify cap instead of a tuple of the bits of data that one finds in a verify cap.
This will facilitate hooking together an Uploader and a Downloader to make a Repairer.
Also move offloaded.py into src/allmydata/immutable/.
2009-01-06 21:48:22 -07:00
Zooko O'Whielacronx
81add135dc trivial: whitespace and docstring tidyups 2009-01-06 21:41:04 -07:00
Brian Warner
ebe767bccf storage.py: explain what this large and hard-to-recognize 4294967295 number is 2009-01-06 13:57:21 -07:00
Zooko O'Whielacronx
5e6f90a015 rename "checker results" to "check results", because it is more parallel to "check-and-repair results" 2009-01-06 13:37:03 -07:00
Zooko O'Whielacronx
4ada923e2b immutable: tests: verifier doesn't always catch corrupted share hashes
Maybe it already got one of the corrupted hashes from a different server and it doesn't double-check that the hash from every server is correct.  Or another problem.  But in any case I'm marking this as TODO because an even better (more picky) verifier is less urgent than repairer.
2009-01-06 13:04:49 -07:00
Zooko O'Whielacronx
3bc4b015c8 immutable: fix the writing of share data size into share file in case the share file is used by a < v1.3.0 storage server
Brian noticed that the constant was wrong, and in fixing that I noticed that we should be saturating instead of modding.
This code would never matter unless a server downgraded or a share migrated from Tahoe >= v1.3.0 to Tahoe < v1.3.0.  Even in that case, this bug would never matter unless the share size were exactly 4,294,967,296 bytes long.
Brian, for good reason, wanted this to be spelled "2**32" instead of "4294967296", but I couldn't stand to see a couple of more Python bytecodes interpreted in the middle of a core, frequent operation on the server like immutable share creation.
2009-01-06 12:24:04 -07:00
Zooko O'Whielacronx
8e92dd1231 trivial: whitespace cleanup 2009-01-06 11:20:58 -07:00
Zooko O'Whielacronx
d4a5f9131b util: base32: require str-not-unicode inputs -- effectively rolls back [3306] and [3307] 2009-01-06 10:41:22 -07:00
Zooko O'Whielacronx
c35a6ee3a2 trivial: fix a bunch of pyflakes complaints 2009-01-06 08:00:54 -07:00
Zooko O'Whielacronx
821e64203c cli: make startstop_node wait 40 seconds instead of 20 for a process to go away after we signalled it to go away, before emitting a warning
Because the unit tests on the VirtualZooko? buildslave failed when it took 31 seconds for a process to go away.
Perhaps getting warning message after only 5 seconds instead of 40 seconds is desirable, and we should change the unit tests and set this back to 5, but I don't know exactly how to change the unit tests. Perhaps match this particular warning message about the shutdown taking a while and allow the code under test to pass if the only stderr that it emits is this warning.
2009-01-06 07:51:06 -07:00
Zooko O'Whielacronx
6a12f316a4 immutable: new checker and verifier
New checker and verifier use the new download class.  They are robust against various sorts of failures or corruption.  They return detailed results explaining what they learned about your immutable files.  Some grotesque sorts of corruption are not properly handled yet, and those ones are marked as TODO or commented-out in the unit tests.
There is also a repairer module in this patch with the beginnings of a repairer in it.  That repairer is mostly just the interface to the outside world -- the core operation of actually reconstructing the missing data blocks and uploading them is not in there yet.
This patch also refactors the unit tests in test_immutable so that the handling of each kind of corruption is reported as passing or failing separately, can be separately TODO'ified, etc.  The unit tests are also improved in various ways to require more of the code under test or to stop requiring unreasonable things of it.  :-)
2009-01-05 18:28:18 -07:00
Zooko O'Whielacronx
4921a9f243 trivial: fix inline comment in test code 2009-01-05 17:53:42 -07:00
Zooko O'Whielacronx
206ab2b44d immutable: handle another form of share corruption with LayoutInvalid exception instead of AssertionError 2009-01-05 17:46:45 -07:00
Zooko O'Whielacronx
c84bb795f3 trivial: remove unused import (pyflakes) 2009-01-05 17:31:20 -07:00
Zooko O'Whielacronx
67d72aadd3 immutable: skip the test of large files, because that is too hard on the host if it doesn't efficiently handle sparse files 2009-01-05 17:07:27 -07:00
Zooko O'Whielacronx
f4fab23bf6 immutable: raise a LayoutInvalid exception instead of an AssertionError if the share is corrupted so that the sharehashtree is the wrong size 2009-01-05 14:01:14 -07:00
Zooko O'Whielacronx
98b28c1d5e immutable: stop reading past the end of the sharefile in the process of optimizing download -- Tahoe storage servers < 1.3.0 return an error if you read past the end of the share file 2009-01-05 13:40:57 -07:00
Zooko O'Whielacronx
8a840469c3 immutable: tidy up the notification of waiters for ReadBucketProxy 2009-01-05 13:35:22 -07:00
Zooko O'Whielacronx
778167c2b1 immutable: refactor downloader to be more reusable for checker/verifier/repairer (and better)
The code for validating the share hash tree and the block hash tree has been rewritten to make sure it handles all cases, to share metadata about the file (such as the share hash tree, block hash trees, and UEB) among different share downloads, and not to require hashes to be stored on the server unnecessarily, such as the roots of the block hash trees (not needed since they are also the leaves of the share hash tree), and the root of the share hash tree (not needed since it is also included in the UEB).  It also passes the latest tests including handling corrupted shares well.
  
ValidatedReadBucketProxy takes a share_hash_tree argument to its constructor, which is a reference to a share hash tree shared by all ValidatedReadBucketProxies for that immutable file download.
  
ValidatedReadBucketProxy requires the block_size and share_size to be provided in its constructor, and it then uses those to compute the offsets and lengths of blocks when it needs them, instead of reading those values out of the share.  The user of ValidatedReadBucketProxy therefore has to have first used a ValidatedExtendedURIProxy to compute those two values from the validated contents of the URI.  This is pleasingly simplifies safety analysis: the client knows which span of bytes corresponds to a given block from the validated URI data, rather than from the unvalidated data stored on the storage server.  It also simplifies unit testing of verifier/repairer, because now it doesn't care about the contents of the "share size" and "block size" fields in the share.  It does not relieve the need for share data v2 layout, because we still need to store and retrieve the offsets of the fields which come after the share data, therefore we still need to use share data v2 with its 8-byte fields if we want to store share data larger than about 2^32.
  
Specify which subset of the block hashes and share hashes you need while downloading a particular share.  In the future this will hopefully be used to fetch only a subset, for network efficiency, but currently all of them are fetched, regardless of which subset you specify.
  
ReadBucketProxy hides the question of whether it has "started" or not (sent a request to the server to get metadata) from its user.

Download is optimized to do as few roundtrips and as few requests as possible, hopefully speeding up download a bit.
2009-01-05 09:51:45 -07:00
Zooko O'Whielacronx
5d5e89d96d util: add gatherResults which is a deferred-list-like thing that doesn't wrap failures in a FirstError 2009-01-04 10:52:02 -07:00
Zooko O'Whielacronx
38f293a913 immutable: fix think-o in previous patch which caused all reads to return "", and also optimize by not opening the file when the answer is going to be "" 2009-01-03 14:02:45 -07:00
Zooko O'Whielacronx
53b28c1650 immutable: when storage server reads from immutable share, don't try to read past the end of the file (Python allocates space according to the amount of data requested, so if there is corruption and that number is huge it will do a huge memory allocation) 2009-01-03 13:22:22 -07:00
Zooko O'Whielacronx
de4269a643 immutable: mark a failing download test as "todo", because I think it is revealing a limitation of the current downloader's handling of corrupted shares 2009-01-03 13:00:03 -07:00
Zooko O'Whielacronx
aa1ffa8ecf docs: update install.html to recommend Python v2 instead of Python v2.5.2 2009-01-03 12:31:00 -07:00
Zooko O'Whielacronx
8f5cc24948 trivial: remove unused import (pyflakes) 2009-01-03 12:22:15 -07:00
cgalvan
1c816b1670 merge_install.patch 2009-01-02 10:44:34 -07:00
Zooko O'Whielacronx
d45780faf0 setup: new install doc -- doesn't require GNU make or a C++ compiler any more! 2008-12-01 12:09:33 -07:00
Zooko O'Whielacronx
5954ab456d immutable: fix test for truncated reads of URI extension block size 2009-01-03 11:44:27 -07:00
Zooko O'Whielacronx
7adf905b9f immutable: further loosen the performance-regression test to allow up to 45 reads
This does raise the question of if there is any point to this test, since I apparently don't know what the answer *should* be, and whenever one of the buildbots fails then I redefine success.

But, I'm about to commit a bunch of patches to implement checker, verifier, and repairer as well as to refactor downloader, and I would really like to know if these patches *increase* the number of reads required even higher than it currently is.
2009-01-03 11:41:09 -07:00
Zooko O'Whielacronx
2788c80496 trivial: another place where I accidentally committed a note-to-self about the lease fields in the server-side share file 2009-01-03 11:29:41 -07:00
Zooko O'Whielacronx
54787771c3 immutable: fix detection of truncated shares to take into account the fieldsize -- either 4 or 8 2009-01-02 18:57:45 -07:00
Zooko O'Whielacronx
21e0ff97f2 immutable: raise LayoutInvalid instead of struct.error when a share is truncated
To fix this error from the Windows buildslave:

[ERROR]: allmydata.test.test_immutable.Test.test_download_from_only_3_remaining_shares

Traceback (most recent call last):
  File "C:\Documents and Settings\buildslave\windows-native-tahoe\windows\build\src\allmydata\immutable\download.py", line 135, in _bad
    raise NotEnoughSharesError("ran out of peers, last error was %s" % (f,))
allmydata.interfaces.NotEnoughSharesError: ran out of peers, last error was [Failure instance: Traceback: <class 'struct.error'>: unpack requires a string argument of length 4
c:\documents and settings\buildslave\windows-native-tahoe\windows\build\support\lib\site-packages\foolscap-0.3.2-py2.5.egg\foolscap\call.py:667:_done
c:\documents and settings\buildslave\windows-native-tahoe\windows\build\support\lib\site-packages\foolscap-0.3.2-py2.5.egg\foolscap\call.py:53:complete
c:\Python25\lib\site-packages\twisted\internet\defer.py:239:callback
c:\Python25\lib\site-packages\twisted\internet\defer.py:304:_startRunCallbacks
--- <exception caught here> ---
c:\Python25\lib\site-packages\twisted\internet\defer.py:317:_runCallbacks
C:\Documents and Settings\buildslave\windows-native-tahoe\windows\build\src\allmydata\immutable\layout.py:374:_got_length
C:\Python25\lib\struct.py:87:unpack
]
===============================================================================
2009-01-02 18:48:06 -07:00
Zooko O'Whielacronx
5a21638853 immutable: whoops, it actually takes up to 39 reads sometimes to download a corrupted file 2009-01-02 17:43:02 -07:00
Zooko O'Whielacronx
e26cec2502 immutable: add more detailed tests of download, including testing the count of how many reads different sorts of downloads take 2009-01-02 16:54:59 -07:00
Zooko O'Whielacronx
cc70c163ba trivial: a few improvements to in-line doc and code, and renaming of test/test_immutable_checker.py to test/test_immutable.py
That file currently tests checker and verifier and repairer, and will soon also test downloader.
2009-01-02 16:49:41 -07:00
Zooko O'Whielacronx
a52b5542e9 immutable: fix name change from BadOrMissingShareHash to BadOrMissingHash
One of the instances of the name accidentally didn't get changed, and pyflakes noticed.  The new downloader/checker/verifier/repairer unit tests would also have noticed, but those tests haven't been rolled into a patch and applied to this repo yet...
2009-01-02 13:27:09 -07:00
Zooko O'Whielacronx
c72be1c553 trivial: remove unused import -- thanks, pyflakes 2009-01-02 13:21:28 -07:00
Zooko O'Whielacronx
d8c9c3dc99 immutable: download.py: Raise the appropriate type of exception to indicate the cause of failure, e.g. BadOrMissingHash, ServerFailure, IntegrityCheckReject (which is a supertype of BadOrMissingHash). This helps users (such as verifier/repairer) catch certain classes of reasons for "why did this download not work". The tests of verifier/repairer test this code and rely on this code. 2009-01-02 12:58:58 -07:00
Zooko O'Whielacronx
fa5c1d8326 immutable: ReadBucketProxy defines classes of exception: LayoutInvalid and its two subtypes RidiculouslyLargeURIExtensionBlock and ShareVersionIncompatible. This helps users (such as verifier/repairer) catch certain classes of reasons for "why did this download not work". This code gets exercised by the verifier/repairer unit tests, which corrupt the shares on disk in order to trigger problems like these. 2009-01-02 12:15:54 -07:00
Zooko O'Whielacronx
0ee027c180 immutable: ValidatedExtendedURIProxy computes and stores block_size and share_size for the convenience of its users 2009-01-02 11:43:17 -07:00
cgalvan
f1feb08f6a remove_sumo_install.patch 2009-01-02 10:23:47 -07:00
Zooko O'Whielacronx
fe707630af doc: remove notes to self that I accidentally included in a recent patch 2009-01-01 22:14:57 -07:00
Zooko O'Whielacronx
9d6c79a9df docs: remove caveat about Nevow incompatibility with Python 2.6 since the latest version of Nevow has fixed it 2009-01-01 21:41:35 -07:00