openstack/swift
Code Issues Proposed changes
23e1dba532
swift/test/probe/test_object_handoff.py

633 lines
27 KiB
Python
Raw Normal View History

Initial commit of Swift code
2010-07-12 17:03:45 -05:00
#!/usr/bin/python -u
Change OpenStack LLC to Foundation Change-Id: I7c3df47c31759dbeb3105f8883e2688ada848d58 Closes-bug: #1214176
2013-09-20 01:00:54 +08:00
# Copyright (c) 2010-2012 OpenStack Foundation
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
Add probetest for response with duplicate frags When an SSYNC connection fails after shipping a fragment, but before cleaning itself up - it can lead to multiple replicas of the same fragment index serviceable in the node_iter at the same time. Or perhaps more likely if a partner nodes win a race to rebuild waiting on a handoff. In this case, the proxy need not fail to service a GET just because of extra information. A similar guard was added to the reconstructor in a related change [1]. This underlying bug is acctually fixed by the related change [2], this probetest is just encoding the failure to help with future maintenance. 1. Related-Change: I91f3d4af52cbc66c9f7ce00726f247b5462e66f9 2. Related-Change: I2310981fd1c4622ff5d1a739cbcc59637ffe3fc3 Closes-Bug: 1624176 Change-Id: I06fc381a25613585dd18916d50e7ca2c68d406b6
2016-09-16 11:58:46 -07:00
from __future__ import print_function
refactor probe tests * refactor probe tests to use probe.common.ProbeTest * move reset_environment functionality to ProbeTest.setUp() * choose rings and policies that meet the criteria - raise SkipTest if nothing matches * replace all AssertionErrors in setup with SkipTest Change-Id: Id56c497d58083f5fd55f5283cdd346840df039d3
2015-02-12 11:30:21 -08:00
from unittest import main
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
from uuid import uuid4
EC GET path: require fragments to be of same set And if they are not, exhaust the node iter to go get more. The problem without this implementation is a simple overwrite where a GET follows before the handoff has put the newer obj back on the 'alive again' node such that the proxy gets n-1 fragments of the newest set and 1 of the older. This patch bucketizes the fragments by etag and if it doesn't have enough continues to exhaust the node iterator until it has a large enough matching set. Change-Id: Ib710a133ce1be278365067fd0d6610d80f1f7372 Co-Authored-By: Clay Gerrard <clay.gerrard@gmail.com> Co-Authored-By: Alistair Coles <alistair.coles@hp.com> Closes-Bug: 1457691
2015-08-12 13:32:50 -07:00
import random
from hashlib import md5
from collections import defaultdict
Make rsync ignore it's own temporary files In situations where rsync may inadvertently be unable to cleanup it's temporary files we shouldn't spread them around the cluster. By asking our rsync subexec to --exclude patterns that match it's own convention for temporary naming we'll only ever transfer real replicated artifacts and never temporary artifacts which should always be ignored until they are fully transfered. Cleanup of stale rsync droppings should be performed by the auditor and will be addressed in a separate change related to lp bug #1554005. Closes-Bug: #1553995 Change-Id: Ibe598b339af024d05e4d89c34d696e972d8189ff
2016-03-14 16:52:50 -07:00
import os
Add probetest for response with duplicate frags When an SSYNC connection fails after shipping a fragment, but before cleaning itself up - it can lead to multiple replicas of the same fragment index serviceable in the node_iter at the same time. Or perhaps more likely if a partner nodes win a race to rebuild waiting on a handoff. In this case, the proxy need not fail to service a GET just because of extra information. A similar guard was added to the reconstructor in a related change [1]. This underlying bug is acctually fixed by the related change [2], this probetest is just encoding the failure to help with future maintenance. 1. Related-Change: I91f3d4af52cbc66c9f7ce00726f247b5462e66f9 2. Related-Change: I2310981fd1c4622ff5d1a739cbcc59637ffe3fc3 Closes-Bug: 1624176 Change-Id: I06fc381a25613585dd18916d50e7ca2c68d406b6
2016-09-16 11:58:46 -07:00
import socket
import errno
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
Fixes for probe tests Updated the imports and added a head_account to the "is the cluster started yet?" checks. Hopefully this fixes the notorious timing issues of these tests where auth answers requests just a bit before the rest of the cluster is ready. Fixes bug 1014931 Change-Id: Iea1d62db2317560371da49af5e94a0279b646294
2012-06-27 05:01:55 +00:00
from swiftclient import client
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
Updated probe tests The probe tests were woefully out of date with all the changes that have ocurred since they were written. I've updated most of them and removed some that are hopeless outdated. I also greatly improved the timing issues (hopefully completely solved them? I ran them 25 times with no problems) and made them pep8 1.3.1 safe. Change-Id: I8e9dbb6e7d6e04e293843b1dce1ded99d84e0348
2012-06-30 20:23:24 +00:00
from swift.common import direct_client
Remove swiftclient dep on direct_client Partial Implements: blueprint remove-swiftclient-dependency Change-Id: I9af7150e5d21d50e5f880e57796314b8f05822d2
2013-12-23 17:57:56 +01:00
from swift.common.exceptions import ClientException
make probetests work with conf.d configs Change-Id: I451ff4629730a334ac1bd8fc6cd75de95314e153
2014-03-06 01:19:36 -08:00
from swift.common.manager import Manager
EC GET path: require fragments to be of same set And if they are not, exhaust the node iter to go get more. The problem without this implementation is a simple overwrite where a GET follows before the handoff has put the newer obj back on the 'alive again' node such that the proxy gets n-1 fragments of the newest set and 1 of the older. This patch bucketizes the fragments by etag and if it doesn't have enough continues to exhaust the node iterator until it has a large enough matching set. Change-Id: Ib710a133ce1be278365067fd0d6610d80f1f7372 Co-Authored-By: Clay Gerrard <clay.gerrard@gmail.com> Co-Authored-By: Alistair Coles <alistair.coles@hp.com> Closes-Bug: 1457691
2015-08-12 13:32:50 -07:00
from test.probe.common import (kill_server, start_server, ReplProbeTest,
ECProbeTest, Body)
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
refactor probe tests * refactor probe tests to use probe.common.ProbeTest * move reset_environment functionality to ProbeTest.setUp() * choose rings and policies that meet the criteria - raise SkipTest if nothing matches * replace all AssertionErrors in setup with SkipTest Change-Id: Id56c497d58083f5fd55f5283cdd346840df039d3
2015-02-12 11:30:21 -08:00
class TestObjectHandoff(ReplProbeTest):
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
def test_main(self):
Updated probe tests The probe tests were woefully out of date with all the changes that have ocurred since they were written. I've updated most of them and removed some that are hopeless outdated. I also greatly improved the timing issues (hopefully completely solved them? I ran them 25 times with no problems) and made them pep8 1.3.1 safe. Change-Id: I8e9dbb6e7d6e04e293843b1dce1ded99d84e0348
2012-06-30 20:23:24 +00:00
# Create container
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
container = 'container-%s' % uuid4()
Erasure Code Reconstructor This patch adds the erasure code reconstructor. It follows the design of the replicator but: - There is no notion of update() or update_deleted(). - There is a single job processor - Jobs are processed partition by partition. - At the end of processing a rebalanced or handoff partition, the reconstructor will remove successfully reverted objects if any. And various ssync changes such as the addition of reconstruct_fa() function called from ssync_sender which performs the actual reconstruction while sending the object to the receiver Co-Authored-By: Alistair Coles <alistair.coles@hp.com> Co-Authored-By: Thiago da Silva <thiago@redhat.com> Co-Authored-By: John Dickinson <me@not.mn> Co-Authored-By: Clay Gerrard <clay.gerrard@gmail.com> Co-Authored-By: Tushar Gohad <tushar.gohad@intel.com> Co-Authored-By: Samuel Merritt <sam@swiftstack.com> Co-Authored-By: Christian Schwede <christian.schwede@enovance.com> Co-Authored-By: Yuan Zhou <yuan.zhou@intel.com> blueprint ec-reconstructor Change-Id: I7d15620dc66ee646b223bb9fff700796cd6bef51
2014-10-28 09:51:06 -07:00
client.put_container(self.url, self.token, container,
headers={'X-Storage-Policy':
self.policy.name})
pyflakes cleanups, unused modules, and variables
2010-07-30 08:20:07 -04:00
move test comments around should make later refactoring easier Change-Id: I7af399a14c8bc78fcfc438e4440d2f023c8aa5db
2015-02-12 20:32:35 -08:00
# Kill one container/obj primary server
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
cpart, cnodes = self.container_ring.get_nodes(self.account, container)
cnode = cnodes[0]
obj = 'object-%s' % uuid4()
pyflakes cleanups, unused modules, and variables
2010-07-30 08:20:07 -04:00
opart, onodes = self.object_ring.get_nodes(
self.account, container, obj)
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
onode = onodes[0]
pids in probe is no longer used Change-Id: I1fd76004257a8c05ce8bb1f3ca0e45000509f833
2016-06-01 23:53:35 -07:00
kill_server((onode['ip'], onode['port']), self.ipport2server)
move test comments around should make later refactoring easier Change-Id: I7af399a14c8bc78fcfc438e4440d2f023c8aa5db
2015-02-12 20:32:35 -08:00
# Create container/obj (goes to two primary servers and one handoff)
py3: (mostly) port probe tests There's still one problem, though: since swiftclient on py3 doesn't support non-ASCII characters in metadata names, none of the tests in TestReconstructorRebuildUTF8 will pass. Change-Id: I4ec879ade534e09c3a625414d8aa1f16fd600fa4
2019-07-16 17:01:19 -07:00
client.put_object(self.url, self.token, container, obj, b'VERIFY')
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
odata = client.get_object(self.url, self.token, container, obj)[-1]
py3: (mostly) port probe tests There's still one problem, though: since swiftclient on py3 doesn't support non-ASCII characters in metadata names, none of the tests in TestReconstructorRebuildUTF8 will pass. Change-Id: I4ec879ade534e09c3a625414d8aa1f16fd600fa4
2019-07-16 17:01:19 -07:00
if odata != b'VERIFY':
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
raise Exception('Object GET did not return VERIFY, instead it '
'returned: %s' % repr(odata))
move test comments around should make later refactoring easier Change-Id: I7af399a14c8bc78fcfc438e4440d2f023c8aa5db
2015-02-12 20:32:35 -08:00
Enable object body and metadata encryption Adds encryption middlewares. All object servers and proxy servers should be upgraded before introducing encryption middleware. Encryption middleware should be first introduced with the encryption middleware disable_encryption option set to True. Once all proxies have encryption middleware installed this option may be set to False (the default). Increases constraints.py:MAX_HEADER_COUNT by 4 to allow for headers generated by encryption-related middleware. Co-Authored-By: Tim Burke <tim.burke@gmail.com> Co-Authored-By: Christian Cachin <cca@zurich.ibm.com> Co-Authored-By: Mahati Chamarthy <mahati.chamarthy@gmail.com> Co-Authored-By: Peter Chng <pchng@ca.ibm.com> Co-Authored-By: Alistair Coles <alistair.coles@hpe.com> Co-Authored-By: Jonathan Hinson <jlhinson@us.ibm.com> Co-Authored-By: Hamdi Roumani <roumani@ca.ibm.com> UpgradeImpact Change-Id: Ie6db22697ceb1021baaa6bddcf8e41ae3acb5376
2016-06-07 15:01:32 +01:00
# Stash the on disk data from a primary for future comparison with the
# handoff - this may not equal 'VERIFY' if for example the proxy has
# crypto enabled
direct_get_data = direct_client.direct_get_object(
onodes[1], opart, self.account, container, obj, headers={
'X-Backend-Storage-Policy-Index': self.policy.idx})[-1]
move test comments around should make later refactoring easier Change-Id: I7af399a14c8bc78fcfc438e4440d2f023c8aa5db
2015-02-12 20:32:35 -08:00
# Kill other two container/obj primary servers
# to ensure GET handoff works
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
for node in onodes[1:]:
pids in probe is no longer used Change-Id: I1fd76004257a8c05ce8bb1f3ca0e45000509f833
2016-06-01 23:53:35 -07:00
kill_server((node['ip'], node['port']), self.ipport2server)
move test comments around should make later refactoring easier Change-Id: I7af399a14c8bc78fcfc438e4440d2f023c8aa5db
2015-02-12 20:32:35 -08:00
# Indirectly through proxy assert we can get container/obj
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
odata = client.get_object(self.url, self.token, container, obj)[-1]
py3: (mostly) port probe tests There's still one problem, though: since swiftclient on py3 doesn't support non-ASCII characters in metadata names, none of the tests in TestReconstructorRebuildUTF8 will pass. Change-Id: I4ec879ade534e09c3a625414d8aa1f16fd600fa4
2019-07-16 17:01:19 -07:00
if odata != b'VERIFY':
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
raise Exception('Object GET did not return VERIFY, instead it '
'returned: %s' % repr(odata))
move test comments around should make later refactoring easier Change-Id: I7af399a14c8bc78fcfc438e4440d2f023c8aa5db
2015-02-12 20:32:35 -08:00
# Restart those other two container/obj primary servers
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
for node in onodes[1:]:
pids in probe is no longer used Change-Id: I1fd76004257a8c05ce8bb1f3ca0e45000509f833
2016-06-01 23:53:35 -07:00
start_server((node['ip'], node['port']), self.ipport2server)
move test comments around should make later refactoring easier Change-Id: I7af399a14c8bc78fcfc438e4440d2f023c8aa5db
2015-02-12 20:32:35 -08:00
# We've indirectly verified the handoff node has the container/object,
# but let's directly verify it.
Replace it.next() with next(it) for py3 compat The Python 2 next() method of iterators was renamed to __next__() on Python 3. Use the builtin next() function instead which works on Python 2 and Python 3. Change-Id: Ic948bc574b58f1d28c5c58e3985906dee17fa51d
2015-06-15 22:10:45 +05:30
another_onode = next(self.object_ring.get_more_nodes(opart))
Updated probe tests The probe tests were woefully out of date with all the changes that have ocurred since they were written. I've updated most of them and removed some that are hopeless outdated. I also greatly improved the timing issues (hopefully completely solved them? I ran them 25 times with no problems) and made them pep8 1.3.1 safe. Change-Id: I8e9dbb6e7d6e04e293843b1dce1ded99d84e0348
2012-06-30 20:23:24 +00:00
odata = direct_client.direct_get_object(
Fixes probe tests with non-zero default storage policy Add headers param to direct_client.direct_get_object, which is used in probetests to passthrough the X-Storage-Policy-Index header. DocImpact Implements: blueprint storage-policies Change-Id: I19adbbcefbc086c8467bd904a275d55cde596412
2014-04-15 16:06:22 +08:00
another_onode, opart, self.account, container, obj, headers={
Replace POLICY and POLICY_INDEX with string literals Replaced throughout code base & tox'd. Functional as well as probe tests pass with and without policies defined. POLICY --> 'X-Storage-Policy' POLICY_INDEX --> 'X-Backend-Storage-Policy-Index' Change-Id: Iea3d06de80210e9e504e296d4572583d7ffabeac
2014-06-23 12:52:50 -07:00
'X-Backend-Storage-Policy-Index': self.policy.idx})[-1]
Enable object body and metadata encryption Adds encryption middlewares. All object servers and proxy servers should be upgraded before introducing encryption middleware. Encryption middleware should be first introduced with the encryption middleware disable_encryption option set to True. Once all proxies have encryption middleware installed this option may be set to False (the default). Increases constraints.py:MAX_HEADER_COUNT by 4 to allow for headers generated by encryption-related middleware. Co-Authored-By: Tim Burke <tim.burke@gmail.com> Co-Authored-By: Christian Cachin <cca@zurich.ibm.com> Co-Authored-By: Mahati Chamarthy <mahati.chamarthy@gmail.com> Co-Authored-By: Peter Chng <pchng@ca.ibm.com> Co-Authored-By: Alistair Coles <alistair.coles@hpe.com> Co-Authored-By: Jonathan Hinson <jlhinson@us.ibm.com> Co-Authored-By: Hamdi Roumani <roumani@ca.ibm.com> UpgradeImpact Change-Id: Ie6db22697ceb1021baaa6bddcf8e41ae3acb5376
2016-06-07 15:01:32 +01:00
self.assertEqual(direct_get_data, odata)
move test comments around should make later refactoring easier Change-Id: I7af399a14c8bc78fcfc438e4440d2f023c8aa5db
2015-02-12 20:32:35 -08:00
Make rsync ignore it's own temporary files In situations where rsync may inadvertently be unable to cleanup it's temporary files we shouldn't spread them around the cluster. By asking our rsync subexec to --exclude patterns that match it's own convention for temporary naming we'll only ever transfer real replicated artifacts and never temporary artifacts which should always be ignored until they are fully transfered. Cleanup of stale rsync droppings should be performed by the auditor and will be addressed in a separate change related to lp bug #1554005. Closes-Bug: #1553995 Change-Id: Ibe598b339af024d05e4d89c34d696e972d8189ff
2016-03-14 16:52:50 -07:00
# drop a tempfile in the handoff's datadir, like it might have
# had if there was an rsync failure while it was previously a
# primary
handoff_device_path = self.device_dir('object', another_onode)
data_filename = None
for root, dirs, files in os.walk(handoff_device_path):
for filename in files:
if filename.endswith('.data'):
data_filename = filename
temp_filename = '.%s.6MbL6r' % data_filename
temp_filepath = os.path.join(root, temp_filename)
if not data_filename:
self.fail('Did not find any data files on %r' %
handoff_device_path)
open(temp_filepath, 'w')
move test comments around should make later refactoring easier Change-Id: I7af399a14c8bc78fcfc438e4440d2f023c8aa5db
2015-02-12 20:32:35 -08:00
# Assert container listing (via proxy and directly) has container/obj
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
objs = [o['name'] for o in
Updated tools and client.py to work with ACLs
2010-09-03 21:39:44 -07:00
client.get_container(self.url, self.token, container)[1]]
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
if obj not in objs:
raise Exception('Container listing did not know about object')
for cnode in cnodes:
objs = [o['name'] for o in
Updated probe tests The probe tests were woefully out of date with all the changes that have ocurred since they were written. I've updated most of them and removed some that are hopeless outdated. I also greatly improved the timing issues (hopefully completely solved them? I ran them 25 times with no problems) and made them pep8 1.3.1 safe. Change-Id: I8e9dbb6e7d6e04e293843b1dce1ded99d84e0348
2012-06-30 20:23:24 +00:00
direct_client.direct_get_container(
cnode, cpart, self.account, container)[1]]
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
if obj not in objs:
raise Exception(
'Container server %s:%s did not know about object' %
(cnode['ip'], cnode['port']))
move test comments around should make later refactoring easier Change-Id: I7af399a14c8bc78fcfc438e4440d2f023c8aa5db
2015-02-12 20:32:35 -08:00
# Bring the first container/obj primary server back up
pids in probe is no longer used Change-Id: I1fd76004257a8c05ce8bb1f3ca0e45000509f833
2016-06-01 23:53:35 -07:00
start_server((onode['ip'], onode['port']), self.ipport2server)
move test comments around should make later refactoring easier Change-Id: I7af399a14c8bc78fcfc438e4440d2f023c8aa5db
2015-02-12 20:32:35 -08:00
# Assert that it doesn't have container/obj yet
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
try:
Fixes probe tests with non-zero default storage policy Add headers param to direct_client.direct_get_object, which is used in probetests to passthrough the X-Storage-Policy-Index header. DocImpact Implements: blueprint storage-policies Change-Id: I19adbbcefbc086c8467bd904a275d55cde596412
2014-04-15 16:06:22 +08:00
direct_client.direct_get_object(
onode, opart, self.account, container, obj, headers={
Replace POLICY and POLICY_INDEX with string literals Replaced throughout code base & tox'd. Functional as well as probe tests pass with and without policies defined. POLICY --> 'X-Storage-Policy' POLICY_INDEX --> 'X-Backend-Storage-Policy-Index' Change-Id: Iea3d06de80210e9e504e296d4572583d7ffabeac
2014-06-23 12:52:50 -07:00
'X-Backend-Storage-Policy-Index': self.policy.idx})
Remove swiftclient dep on direct_client Partial Implements: blueprint remove-swiftclient-dependency Change-Id: I9af7150e5d21d50e5f880e57796314b8f05822d2
2013-12-23 17:57:56 +01:00
except ClientException as err:
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3 in the following dir: test/probe/* Change-Id: Ie08dd7a8a6c48e3452dfe4f2b41676330ce455d5
2015-08-06 09:28:51 -05:00
self.assertEqual(err.http_status, 404)
fixed ugly code pattern in probe tests Change-Id: I242f095ea0ca8d6d69c3b2258cce6b51c7963dce
2015-02-26 14:21:47 -08:00
else:
self.fail("Expected ClientException but didn't get it")
move test comments around should make later refactoring easier Change-Id: I7af399a14c8bc78fcfc438e4440d2f023c8aa5db
2015-02-12 20:32:35 -08:00
# Run object replication, ensuring we run the handoff node last so it
# will remove its extra handoff partition
Updated probe tests The probe tests were woefully out of date with all the changes that have ocurred since they were written. I've updated most of them and removed some that are hopeless outdated. I also greatly improved the timing issues (hopefully completely solved them? I ran them 25 times with no problems) and made them pep8 1.3.1 safe. Change-Id: I8e9dbb6e7d6e04e293843b1dce1ded99d84e0348
2012-06-30 20:23:24 +00:00
for node in onodes:
Implementation of replication servers Support separate replication ip address: - Added new function in utils. This function provides ability to select separate IP address for replication service. - Db_replicator and object replicators were changed. Replication process uses new function now. Replication network parameters: - Replication network fields (replication_ip, replication_port) support was added to device dictionary in swift-ring-builder script. - Changes were made to support new fields in search, show and set_info functions. Implementation of replication servers: - Separate replication servers use the same code as normal replication servers, but with replication_server parameter = True. When using a separate replication network, the non-replication servers set replication_server = False. When there is no separate replication network (the default case), replication_server is not included in the config. DocImpact Change-Id: Ie9af5bdcdf9241c355e36053ca4adfe49dc35bd0 Implements: blueprint dedicated-replication-network
2012-12-17 06:39:25 -05:00
try:
port_num = node['replication_port']
except KeyError:
port_num = node['port']
py3: (mostly) port probe tests There's still one problem, though: since swiftclient on py3 doesn't support non-ASCII characters in metadata names, none of the tests in TestReconstructorRebuildUTF8 will pass. Change-Id: I4ec879ade534e09c3a625414d8aa1f16fd600fa4
2019-07-16 17:01:19 -07:00
node_id = (port_num - 6000) // 10
make probetests work with conf.d configs Change-Id: I451ff4629730a334ac1bd8fc6cd75de95314e153
2014-03-06 01:19:36 -08:00
Manager(['object-replicator']).once(number=node_id)
Implementation of replication servers Support separate replication ip address: - Added new function in utils. This function provides ability to select separate IP address for replication service. - Db_replicator and object replicators were changed. Replication process uses new function now. Replication network parameters: - Replication network fields (replication_ip, replication_port) support was added to device dictionary in swift-ring-builder script. - Changes were made to support new fields in search, show and set_info functions. Implementation of replication servers: - Separate replication servers use the same code as normal replication servers, but with replication_server parameter = True. When using a separate replication network, the non-replication servers set replication_server = False. When there is no separate replication network (the default case), replication_server is not included in the config. DocImpact Change-Id: Ie9af5bdcdf9241c355e36053ca4adfe49dc35bd0 Implements: blueprint dedicated-replication-network
2012-12-17 06:39:25 -05:00
try:
another_port_num = another_onode['replication_port']
except KeyError:
another_port_num = another_onode['port']
py3: (mostly) port probe tests There's still one problem, though: since swiftclient on py3 doesn't support non-ASCII characters in metadata names, none of the tests in TestReconstructorRebuildUTF8 will pass. Change-Id: I4ec879ade534e09c3a625414d8aa1f16fd600fa4
2019-07-16 17:01:19 -07:00
another_num = (another_port_num - 6000) // 10
make probetests work with conf.d configs Change-Id: I451ff4629730a334ac1bd8fc6cd75de95314e153
2014-03-06 01:19:36 -08:00
Manager(['object-replicator']).once(number=another_num)
move test comments around should make later refactoring easier Change-Id: I7af399a14c8bc78fcfc438e4440d2f023c8aa5db
2015-02-12 20:32:35 -08:00
# Assert the first container/obj primary server now has container/obj
Fixes probe tests with non-zero default storage policy Add headers param to direct_client.direct_get_object, which is used in probetests to passthrough the X-Storage-Policy-Index header. DocImpact Implements: blueprint storage-policies Change-Id: I19adbbcefbc086c8467bd904a275d55cde596412
2014-04-15 16:06:22 +08:00
odata = direct_client.direct_get_object(
onode, opart, self.account, container, obj, headers={
Replace POLICY and POLICY_INDEX with string literals Replaced throughout code base & tox'd. Functional as well as probe tests pass with and without policies defined. POLICY --> 'X-Storage-Policy' POLICY_INDEX --> 'X-Backend-Storage-Policy-Index' Change-Id: Iea3d06de80210e9e504e296d4572583d7ffabeac
2014-06-23 12:52:50 -07:00
'X-Backend-Storage-Policy-Index': self.policy.idx})[-1]
Enable object body and metadata encryption Adds encryption middlewares. All object servers and proxy servers should be upgraded before introducing encryption middleware. Encryption middleware should be first introduced with the encryption middleware disable_encryption option set to True. Once all proxies have encryption middleware installed this option may be set to False (the default). Increases constraints.py:MAX_HEADER_COUNT by 4 to allow for headers generated by encryption-related middleware. Co-Authored-By: Tim Burke <tim.burke@gmail.com> Co-Authored-By: Christian Cachin <cca@zurich.ibm.com> Co-Authored-By: Mahati Chamarthy <mahati.chamarthy@gmail.com> Co-Authored-By: Peter Chng <pchng@ca.ibm.com> Co-Authored-By: Alistair Coles <alistair.coles@hpe.com> Co-Authored-By: Jonathan Hinson <jlhinson@us.ibm.com> Co-Authored-By: Hamdi Roumani <roumani@ca.ibm.com> UpgradeImpact Change-Id: Ie6db22697ceb1021baaa6bddcf8e41ae3acb5376
2016-06-07 15:01:32 +01:00
self.assertEqual(direct_get_data, odata)
move test comments around should make later refactoring easier Change-Id: I7af399a14c8bc78fcfc438e4440d2f023c8aa5db
2015-02-12 20:32:35 -08:00
Make rsync ignore it's own temporary files In situations where rsync may inadvertently be unable to cleanup it's temporary files we shouldn't spread them around the cluster. By asking our rsync subexec to --exclude patterns that match it's own convention for temporary naming we'll only ever transfer real replicated artifacts and never temporary artifacts which should always be ignored until they are fully transfered. Cleanup of stale rsync droppings should be performed by the auditor and will be addressed in a separate change related to lp bug #1554005. Closes-Bug: #1553995 Change-Id: Ibe598b339af024d05e4d89c34d696e972d8189ff
2016-03-14 16:52:50 -07:00
# and that it does *not* have a temporary rsync dropping!
found_data_filename = False
primary_device_path = self.device_dir('object', onode)
for root, dirs, files in os.walk(primary_device_path):
for filename in files:
if filename.endswith('.6MbL6r'):
self.fail('Found unexpected file %s' %
os.path.join(root, filename))
if filename == data_filename:
found_data_filename = True
self.assertTrue(found_data_filename,
'Did not find data file %r on %r' % (
data_filename, primary_device_path))
move test comments around should make later refactoring easier Change-Id: I7af399a14c8bc78fcfc438e4440d2f023c8aa5db
2015-02-12 20:32:35 -08:00
# Assert the handoff server no longer has container/obj
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
try:
Fixes probe tests with non-zero default storage policy Add headers param to direct_client.direct_get_object, which is used in probetests to passthrough the X-Storage-Policy-Index header. DocImpact Implements: blueprint storage-policies Change-Id: I19adbbcefbc086c8467bd904a275d55cde596412
2014-04-15 16:06:22 +08:00
direct_client.direct_get_object(
another_onode, opart, self.account, container, obj, headers={
Replace POLICY and POLICY_INDEX with string literals Replaced throughout code base & tox'd. Functional as well as probe tests pass with and without policies defined. POLICY --> 'X-Storage-Policy' POLICY_INDEX --> 'X-Backend-Storage-Policy-Index' Change-Id: Iea3d06de80210e9e504e296d4572583d7ffabeac
2014-06-23 12:52:50 -07:00
'X-Backend-Storage-Policy-Index': self.policy.idx})
Remove swiftclient dep on direct_client Partial Implements: blueprint remove-swiftclient-dependency Change-Id: I9af7150e5d21d50e5f880e57796314b8f05822d2
2013-12-23 17:57:56 +01:00
except ClientException as err:
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3 in the following dir: test/probe/* Change-Id: Ie08dd7a8a6c48e3452dfe4f2b41676330ce455d5
2015-08-06 09:28:51 -05:00
self.assertEqual(err.http_status, 404)
fixed ugly code pattern in probe tests Change-Id: I242f095ea0ca8d6d69c3b2258cce6b51c7963dce
2015-02-26 14:21:47 -08:00
else:
self.fail("Expected ClientException but didn't get it")
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
move test comments around should make later refactoring easier Change-Id: I7af399a14c8bc78fcfc438e4440d2f023c8aa5db
2015-02-12 20:32:35 -08:00
# Kill the first container/obj primary server again (we have two
# primaries and the handoff up now)
pids in probe is no longer used Change-Id: I1fd76004257a8c05ce8bb1f3ca0e45000509f833
2016-06-01 23:53:35 -07:00
kill_server((onode['ip'], onode['port']), self.ipport2server)
move test comments around should make later refactoring easier Change-Id: I7af399a14c8bc78fcfc438e4440d2f023c8aa5db
2015-02-12 20:32:35 -08:00
# Delete container/obj
Fixes probe tests with non-zero default storage policy Add headers param to direct_client.direct_get_object, which is used in probetests to passthrough the X-Storage-Policy-Index header. DocImpact Implements: blueprint storage-policies Change-Id: I19adbbcefbc086c8467bd904a275d55cde596412
2014-04-15 16:06:22 +08:00
try:
client.delete_object(self.url, self.token, container, obj)
except client.ClientException as err:
if self.object_ring.replica_count > 2:
raise
# Object DELETE returning 503 for (404, 204)
# remove this with fix for
# https://bugs.launchpad.net/swift/+bug/1318375
self.assertEqual(503, err.http_status)
move test comments around should make later refactoring easier Change-Id: I7af399a14c8bc78fcfc438e4440d2f023c8aa5db
2015-02-12 20:32:35 -08:00
# Assert we can't head container/obj
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
try:
client.head_object(self.url, self.token, container, obj)
Remove swiftclient dep on direct_client Partial Implements: blueprint remove-swiftclient-dependency Change-Id: I9af7150e5d21d50e5f880e57796314b8f05822d2
2013-12-23 17:57:56 +01:00
except client.ClientException as err:
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3 in the following dir: test/probe/* Change-Id: Ie08dd7a8a6c48e3452dfe4f2b41676330ce455d5
2015-08-06 09:28:51 -05:00
self.assertEqual(err.http_status, 404)
fixed ugly code pattern in probe tests Change-Id: I242f095ea0ca8d6d69c3b2258cce6b51c7963dce
2015-02-26 14:21:47 -08:00
else:
self.fail("Expected ClientException but didn't get it")
move test comments around should make later refactoring easier Change-Id: I7af399a14c8bc78fcfc438e4440d2f023c8aa5db
2015-02-12 20:32:35 -08:00
# Assert container/obj is not in the container listing, both indirectly
# and directly
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
objs = [o['name'] for o in
Updated tools and client.py to work with ACLs
2010-09-03 21:39:44 -07:00
client.get_container(self.url, self.token, container)[1]]
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
if obj in objs:
raise Exception('Container listing still knew about object')
for cnode in cnodes:
objs = [o['name'] for o in
pyflakes cleanups, unused modules, and variables
2010-07-30 08:20:07 -04:00
direct_client.direct_get_container(
Updated direct_client to match the changes in client
2010-09-05 21:06:16 -07:00
cnode, cpart, self.account, container)[1]]
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
if obj in objs:
raise Exception(
'Container server %s:%s still knew about object' %
(cnode['ip'], cnode['port']))
move test comments around should make later refactoring easier Change-Id: I7af399a14c8bc78fcfc438e4440d2f023c8aa5db
2015-02-12 20:32:35 -08:00
# Restart the first container/obj primary server again
pids in probe is no longer used Change-Id: I1fd76004257a8c05ce8bb1f3ca0e45000509f833
2016-06-01 23:53:35 -07:00
start_server((onode['ip'], onode['port']), self.ipport2server)
move test comments around should make later refactoring easier Change-Id: I7af399a14c8bc78fcfc438e4440d2f023c8aa5db
2015-02-12 20:32:35 -08:00
# Assert it still has container/obj
Fixes probe tests with non-zero default storage policy Add headers param to direct_client.direct_get_object, which is used in probetests to passthrough the X-Storage-Policy-Index header. DocImpact Implements: blueprint storage-policies Change-Id: I19adbbcefbc086c8467bd904a275d55cde596412
2014-04-15 16:06:22 +08:00
direct_client.direct_get_object(
onode, opart, self.account, container, obj, headers={
Replace POLICY and POLICY_INDEX with string literals Replaced throughout code base & tox'd. Functional as well as probe tests pass with and without policies defined. POLICY --> 'X-Storage-Policy' POLICY_INDEX --> 'X-Backend-Storage-Policy-Index' Change-Id: Iea3d06de80210e9e504e296d4572583d7ffabeac
2014-06-23 12:52:50 -07:00
'X-Backend-Storage-Policy-Index': self.policy.idx})
move test comments around should make later refactoring easier Change-Id: I7af399a14c8bc78fcfc438e4440d2f023c8aa5db
2015-02-12 20:32:35 -08:00
# Run object replication, ensuring we run the handoff node last so it
# will remove its extra handoff partition
Updated probe tests The probe tests were woefully out of date with all the changes that have ocurred since they were written. I've updated most of them and removed some that are hopeless outdated. I also greatly improved the timing issues (hopefully completely solved them? I ran them 25 times with no problems) and made them pep8 1.3.1 safe. Change-Id: I8e9dbb6e7d6e04e293843b1dce1ded99d84e0348
2012-06-30 20:23:24 +00:00
for node in onodes:
Implementation of replication servers Support separate replication ip address: - Added new function in utils. This function provides ability to select separate IP address for replication service. - Db_replicator and object replicators were changed. Replication process uses new function now. Replication network parameters: - Replication network fields (replication_ip, replication_port) support was added to device dictionary in swift-ring-builder script. - Changes were made to support new fields in search, show and set_info functions. Implementation of replication servers: - Separate replication servers use the same code as normal replication servers, but with replication_server parameter = True. When using a separate replication network, the non-replication servers set replication_server = False. When there is no separate replication network (the default case), replication_server is not included in the config. DocImpact Change-Id: Ie9af5bdcdf9241c355e36053ca4adfe49dc35bd0 Implements: blueprint dedicated-replication-network
2012-12-17 06:39:25 -05:00
try:
port_num = node['replication_port']
except KeyError:
port_num = node['port']
py3: (mostly) port probe tests There's still one problem, though: since swiftclient on py3 doesn't support non-ASCII characters in metadata names, none of the tests in TestReconstructorRebuildUTF8 will pass. Change-Id: I4ec879ade534e09c3a625414d8aa1f16fd600fa4
2019-07-16 17:01:19 -07:00
node_id = (port_num - 6000) // 10
make probetests work with conf.d configs Change-Id: I451ff4629730a334ac1bd8fc6cd75de95314e153
2014-03-06 01:19:36 -08:00
Manager(['object-replicator']).once(number=node_id)
py3: (mostly) port probe tests There's still one problem, though: since swiftclient on py3 doesn't support non-ASCII characters in metadata names, none of the tests in TestReconstructorRebuildUTF8 will pass. Change-Id: I4ec879ade534e09c3a625414d8aa1f16fd600fa4
2019-07-16 17:01:19 -07:00
another_node_id = (another_port_num - 6000) // 10
make probetests work with conf.d configs Change-Id: I451ff4629730a334ac1bd8fc6cd75de95314e153
2014-03-06 01:19:36 -08:00
Manager(['object-replicator']).once(number=another_node_id)
move test comments around should make later refactoring easier Change-Id: I7af399a14c8bc78fcfc438e4440d2f023c8aa5db
2015-02-12 20:32:35 -08:00
# Assert primary node no longer has container/obj
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
try:
Fixes probe tests with non-zero default storage policy Add headers param to direct_client.direct_get_object, which is used in probetests to passthrough the X-Storage-Policy-Index header. DocImpact Implements: blueprint storage-policies Change-Id: I19adbbcefbc086c8467bd904a275d55cde596412
2014-04-15 16:06:22 +08:00
direct_client.direct_get_object(
another_onode, opart, self.account, container, obj, headers={
Replace POLICY and POLICY_INDEX with string literals Replaced throughout code base & tox'd. Functional as well as probe tests pass with and without policies defined. POLICY --> 'X-Storage-Policy' POLICY_INDEX --> 'X-Backend-Storage-Policy-Index' Change-Id: Iea3d06de80210e9e504e296d4572583d7ffabeac
2014-06-23 12:52:50 -07:00
'X-Backend-Storage-Policy-Index': self.policy.idx})
Remove swiftclient dep on direct_client Partial Implements: blueprint remove-swiftclient-dependency Change-Id: I9af7150e5d21d50e5f880e57796314b8f05822d2
2013-12-23 17:57:56 +01:00
except ClientException as err:
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3 in the following dir: test/probe/* Change-Id: Ie08dd7a8a6c48e3452dfe4f2b41676330ce455d5
2015-08-06 09:28:51 -05:00
self.assertEqual(err.http_status, 404)
fixed ugly code pattern in probe tests Change-Id: I242f095ea0ca8d6d69c3b2258cce6b51c7963dce
2015-02-26 14:21:47 -08:00
else:
self.fail("Expected ClientException but didn't get it")
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
Return 404 on a GET if tombstone is newer Currently the proxy keeps iterating through the connections in hope of finding a success even if it already has found a tombstone (404). This change changes the code a little bit to compare the timestamp of a 200 and a 404, if the tombstone is newer, then it should be returned, instead of returning a stale 200. Closes-Bug: #1560574 Co-Authored-By: Tim Burke <tim.burke@gmail.com> Change-Id: Ia81d6832709d18fe9a01ad247d75bf765e8a89f4 Signed-off-by: Thiago da Silva <thiago@redhat.com>
2016-09-15 16:45:06 -04:00
def test_stale_reads(self):
# Create container
container = 'container-%s' % uuid4()
client.put_container(self.url, self.token, container,
headers={'X-Storage-Policy':
self.policy.name})
# Kill one primary obj server
obj = 'object-%s' % uuid4()
opart, onodes = self.object_ring.get_nodes(
self.account, container, obj)
onode = onodes[0]
kill_server((onode['ip'], onode['port']), self.ipport2server)
# Create container/obj (goes to two primaries and one handoff)
py3: (mostly) port probe tests There's still one problem, though: since swiftclient on py3 doesn't support non-ASCII characters in metadata names, none of the tests in TestReconstructorRebuildUTF8 will pass. Change-Id: I4ec879ade534e09c3a625414d8aa1f16fd600fa4
2019-07-16 17:01:19 -07:00
client.put_object(self.url, self.token, container, obj, b'VERIFY')
Return 404 on a GET if tombstone is newer Currently the proxy keeps iterating through the connections in hope of finding a success even if it already has found a tombstone (404). This change changes the code a little bit to compare the timestamp of a 200 and a 404, if the tombstone is newer, then it should be returned, instead of returning a stale 200. Closes-Bug: #1560574 Co-Authored-By: Tim Burke <tim.burke@gmail.com> Change-Id: Ia81d6832709d18fe9a01ad247d75bf765e8a89f4 Signed-off-by: Thiago da Silva <thiago@redhat.com>
2016-09-15 16:45:06 -04:00
odata = client.get_object(self.url, self.token, container, obj)[-1]
py3: (mostly) port probe tests There's still one problem, though: since swiftclient on py3 doesn't support non-ASCII characters in metadata names, none of the tests in TestReconstructorRebuildUTF8 will pass. Change-Id: I4ec879ade534e09c3a625414d8aa1f16fd600fa4
2019-07-16 17:01:19 -07:00
if odata != b'VERIFY':
Return 404 on a GET if tombstone is newer Currently the proxy keeps iterating through the connections in hope of finding a success even if it already has found a tombstone (404). This change changes the code a little bit to compare the timestamp of a 200 and a 404, if the tombstone is newer, then it should be returned, instead of returning a stale 200. Closes-Bug: #1560574 Co-Authored-By: Tim Burke <tim.burke@gmail.com> Change-Id: Ia81d6832709d18fe9a01ad247d75bf765e8a89f4 Signed-off-by: Thiago da Silva <thiago@redhat.com>
2016-09-15 16:45:06 -04:00
raise Exception('Object GET did not return VERIFY, instead it '
'returned: %s' % repr(odata))
# Stash the on disk data from a primary for future comparison with the
# handoff - this may not equal 'VERIFY' if for example the proxy has
# crypto enabled
direct_get_data = direct_client.direct_get_object(
onodes[1], opart, self.account, container, obj, headers={
'X-Backend-Storage-Policy-Index': self.policy.idx})[-1]
# Restart the first container/obj primary server again
start_server((onode['ip'], onode['port']), self.ipport2server)
# send a delete request to primaries
client.delete_object(self.url, self.token, container, obj)
# there should be .ts files in all primaries now
for node in onodes:
try:
direct_client.direct_get_object(
node, opart, self.account, container, obj, headers={
'X-Backend-Storage-Policy-Index': self.policy.idx})
except ClientException as err:
self.assertEqual(err.http_status, 404)
else:
self.fail("Expected ClientException but didn't get it")
# verify that handoff still has the data, DELETEs should have gone
# only to primaries
another_onode = next(self.object_ring.get_more_nodes(opart))
handoff_data = direct_client.direct_get_object(
another_onode, opart, self.account, container, obj, headers={
'X-Backend-Storage-Policy-Index': self.policy.idx})[-1]
self.assertEqual(handoff_data, direct_get_data)
# Indirectly (i.e., through proxy) try to GET object, it should return
# a 404, before bug #1560574, the proxy would return the stale object
# from the handoff
try:
client.get_object(self.url, self.token, container, obj)
except client.ClientException as err:
self.assertEqual(err.http_status, 404)
else:
self.fail("Expected ClientException but didn't get it")
Ignore 404s from handoffs for objects when calculating quorum We previously realized we needed to do that for accounts and containers where the consequences of treating the 404 as authoritative were more obvious: we'd cache the non-existence which prevented writes until it fell out of cache. The same basic logic applies for objects, though: if we see (Timeout, Timeout, Timeout, 404, 404, 404) on a triple-replica policy, we don't really have any reason to think that a 404 is appropriate. In fact, it seems reasonably likely that there's a thundering-herd problem where there are too many concurrent requests for data that *definitely is there*. By responding with a 503, we apply some back-pressure to clients, who hopefully have some exponential backoff in their retries. The situation gets a bit more complicated with erasure-coded data, but the same basic principle applies. We're just more likely to have confirmation that there *is* data out there, we just can't reconstruct it (right now). Note that we *still want to check* those handoffs, of course. Our fail-in-place strategy has us replicate (and, more recently, reconstruct) to handoffs to maintain durability; it'd be silly *not* to look. UpgradeImpact: -------------- Be aware that this may cause an increase in 503 Service Unavailable responses served by proxy-servers. However, this should more accurately reflect the state of the system. Co-Authored-By: Thiago da Silva <thiagodasilva@gmail.com> Change-Id: Ia832e9bab13167948f01bc50aa8a61974ce189fb Closes-Bug: #1837819 Related-Bug: #1833612 Related-Change: I53ed04b5de20c261ddd79c98c629580472e09961 Related-Change: Ief44ed39d97f65e4270bf73051da9a2dd0ddbaec
2019-07-22 12:38:30 -07:00
def test_missing_primaries(self):
# Create container
container = 'container-%s' % uuid4()
client.put_container(self.url, self.token, container,
headers={'X-Storage-Policy':
self.policy.name})
# Create container/obj (goes to all three primaries)
obj = 'object-%s' % uuid4()
py3: (mostly) port probe tests There's still one problem, though: since swiftclient on py3 doesn't support non-ASCII characters in metadata names, none of the tests in TestReconstructorRebuildUTF8 will pass. Change-Id: I4ec879ade534e09c3a625414d8aa1f16fd600fa4
2019-07-16 17:01:19 -07:00
client.put_object(self.url, self.token, container, obj, b'VERIFY')
Ignore 404s from handoffs for objects when calculating quorum We previously realized we needed to do that for accounts and containers where the consequences of treating the 404 as authoritative were more obvious: we'd cache the non-existence which prevented writes until it fell out of cache. The same basic logic applies for objects, though: if we see (Timeout, Timeout, Timeout, 404, 404, 404) on a triple-replica policy, we don't really have any reason to think that a 404 is appropriate. In fact, it seems reasonably likely that there's a thundering-herd problem where there are too many concurrent requests for data that *definitely is there*. By responding with a 503, we apply some back-pressure to clients, who hopefully have some exponential backoff in their retries. The situation gets a bit more complicated with erasure-coded data, but the same basic principle applies. We're just more likely to have confirmation that there *is* data out there, we just can't reconstruct it (right now). Note that we *still want to check* those handoffs, of course. Our fail-in-place strategy has us replicate (and, more recently, reconstruct) to handoffs to maintain durability; it'd be silly *not* to look. UpgradeImpact: -------------- Be aware that this may cause an increase in 503 Service Unavailable responses served by proxy-servers. However, this should more accurately reflect the state of the system. Co-Authored-By: Thiago da Silva <thiagodasilva@gmail.com> Change-Id: Ia832e9bab13167948f01bc50aa8a61974ce189fb Closes-Bug: #1837819 Related-Bug: #1833612 Related-Change: I53ed04b5de20c261ddd79c98c629580472e09961 Related-Change: Ief44ed39d97f65e4270bf73051da9a2dd0ddbaec
2019-07-22 12:38:30 -07:00
odata = client.get_object(self.url, self.token, container, obj)[-1]
py3: (mostly) port probe tests There's still one problem, though: since swiftclient on py3 doesn't support non-ASCII characters in metadata names, none of the tests in TestReconstructorRebuildUTF8 will pass. Change-Id: I4ec879ade534e09c3a625414d8aa1f16fd600fa4
2019-07-16 17:01:19 -07:00
if odata != b'VERIFY':
Ignore 404s from handoffs for objects when calculating quorum We previously realized we needed to do that for accounts and containers where the consequences of treating the 404 as authoritative were more obvious: we'd cache the non-existence which prevented writes until it fell out of cache. The same basic logic applies for objects, though: if we see (Timeout, Timeout, Timeout, 404, 404, 404) on a triple-replica policy, we don't really have any reason to think that a 404 is appropriate. In fact, it seems reasonably likely that there's a thundering-herd problem where there are too many concurrent requests for data that *definitely is there*. By responding with a 503, we apply some back-pressure to clients, who hopefully have some exponential backoff in their retries. The situation gets a bit more complicated with erasure-coded data, but the same basic principle applies. We're just more likely to have confirmation that there *is* data out there, we just can't reconstruct it (right now). Note that we *still want to check* those handoffs, of course. Our fail-in-place strategy has us replicate (and, more recently, reconstruct) to handoffs to maintain durability; it'd be silly *not* to look. UpgradeImpact: -------------- Be aware that this may cause an increase in 503 Service Unavailable responses served by proxy-servers. However, this should more accurately reflect the state of the system. Co-Authored-By: Thiago da Silva <thiagodasilva@gmail.com> Change-Id: Ia832e9bab13167948f01bc50aa8a61974ce189fb Closes-Bug: #1837819 Related-Bug: #1833612 Related-Change: I53ed04b5de20c261ddd79c98c629580472e09961 Related-Change: Ief44ed39d97f65e4270bf73051da9a2dd0ddbaec
2019-07-22 12:38:30 -07:00
raise Exception('Object GET did not return VERIFY, instead it '
'returned: %s' % repr(odata))
# Kill all primaries obj server
obj = 'object-%s' % uuid4()
opart, onodes = self.object_ring.get_nodes(
self.account, container, obj)
for onode in onodes:
kill_server((onode['ip'], onode['port']), self.ipport2server)
# Indirectly (i.e., through proxy) try to GET object, it should return
# a 503, since all primaries will Timeout and handoffs return a 404.
try:
client.get_object(self.url, self.token, container, obj)
except client.ClientException as err:
self.assertEqual(err.http_status, 503)
else:
self.fail("Expected ClientException but didn't get it")
# Restart the first container/obj primary server again
onode = onodes[0]
start_server((onode['ip'], onode['port']), self.ipport2server)
# Send a delete that will reach first primary and handoff.
# Sure, the DELETE will return a 404 since the handoff doesn't
# have a .data file, but object server will still write a
# Tombstone in the handoff node!
try:
client.delete_object(self.url, self.token, container, obj)
except client.ClientException as err:
self.assertEqual(err.http_status, 404)
# kill the first container/obj primary server again
kill_server((onode['ip'], onode['port']), self.ipport2server)
# a new GET should return a 404, since all primaries will Timeout
# and the handoff will return a 404 but this time with a tombstone
try:
client.get_object(self.url, self.token, container, obj)
except client.ClientException as err:
self.assertEqual(err.http_status, 404)
else:
self.fail("Expected ClientException but didn't get it")
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
Add probetest for response with duplicate frags When an SSYNC connection fails after shipping a fragment, but before cleaning itself up - it can lead to multiple replicas of the same fragment index serviceable in the node_iter at the same time. Or perhaps more likely if a partner nodes win a race to rebuild waiting on a handoff. In this case, the proxy need not fail to service a GET just because of extra information. A similar guard was added to the reconstructor in a related change [1]. This underlying bug is acctually fixed by the related change [2], this probetest is just encoding the failure to help with future maintenance. 1. Related-Change: I91f3d4af52cbc66c9f7ce00726f247b5462e66f9 2. Related-Change: I2310981fd1c4622ff5d1a739cbcc59637ffe3fc3 Closes-Bug: 1624176 Change-Id: I06fc381a25613585dd18916d50e7ca2c68d406b6
2016-09-16 11:58:46 -07:00
class TestECObjectHandoff(ECProbeTest):
EC GET path: require fragments to be of same set And if they are not, exhaust the node iter to go get more. The problem without this implementation is a simple overwrite where a GET follows before the handoff has put the newer obj back on the 'alive again' node such that the proxy gets n-1 fragments of the newest set and 1 of the older. This patch bucketizes the fragments by etag and if it doesn't have enough continues to exhaust the node iterator until it has a large enough matching set. Change-Id: Ib710a133ce1be278365067fd0d6610d80f1f7372 Co-Authored-By: Clay Gerrard <clay.gerrard@gmail.com> Co-Authored-By: Alistair Coles <alistair.coles@hp.com> Closes-Bug: 1457691
2015-08-12 13:32:50 -07:00
def get_object(self, container_name, object_name):
headers, body = client.get_object(self.url, self.token,
container_name,
object_name,
resp_chunk_size=64 * 2 ** 10)
resp_checksum = md5()
for chunk in body:
resp_checksum.update(chunk)
return resp_checksum.hexdigest()
def test_ec_handoff_overwrite(self):
container_name = 'container-%s' % uuid4()
object_name = 'object-%s' % uuid4()
# create EC container
headers = {'X-Storage-Policy': self.policy.name}
client.put_container(self.url, self.token, container_name,
headers=headers)
# PUT object
old_contents = Body()
client.put_object(self.url, self.token, container_name,
object_name, contents=old_contents)
# get our node lists
opart, onodes = self.object_ring.get_nodes(
self.account, container_name, object_name)
# shutdown one of the primary data nodes
failed_primary = random.choice(onodes)
failed_primary_device_path = self.device_dir('object', failed_primary)
Enable object body and metadata encryption Adds encryption middlewares. All object servers and proxy servers should be upgraded before introducing encryption middleware. Encryption middleware should be first introduced with the encryption middleware disable_encryption option set to True. Once all proxies have encryption middleware installed this option may be set to False (the default). Increases constraints.py:MAX_HEADER_COUNT by 4 to allow for headers generated by encryption-related middleware. Co-Authored-By: Tim Burke <tim.burke@gmail.com> Co-Authored-By: Christian Cachin <cca@zurich.ibm.com> Co-Authored-By: Mahati Chamarthy <mahati.chamarthy@gmail.com> Co-Authored-By: Peter Chng <pchng@ca.ibm.com> Co-Authored-By: Alistair Coles <alistair.coles@hpe.com> Co-Authored-By: Jonathan Hinson <jlhinson@us.ibm.com> Co-Authored-By: Hamdi Roumani <roumani@ca.ibm.com> UpgradeImpact Change-Id: Ie6db22697ceb1021baaa6bddcf8e41ae3acb5376
2016-06-07 15:01:32 +01:00
# first read its ec etag value for future reference - this may not
# equal old_contents.etag if for example the proxy has crypto enabled
req_headers = {'X-Backend-Storage-Policy-Index': int(self.policy)}
headers = direct_client.direct_head_object(
failed_primary, opart, self.account, container_name,
object_name, headers=req_headers)
old_backend_etag = headers['X-Object-Sysmeta-EC-Etag']
EC GET path: require fragments to be of same set And if they are not, exhaust the node iter to go get more. The problem without this implementation is a simple overwrite where a GET follows before the handoff has put the newer obj back on the 'alive again' node such that the proxy gets n-1 fragments of the newest set and 1 of the older. This patch bucketizes the fragments by etag and if it doesn't have enough continues to exhaust the node iterator until it has a large enough matching set. Change-Id: Ib710a133ce1be278365067fd0d6610d80f1f7372 Co-Authored-By: Clay Gerrard <clay.gerrard@gmail.com> Co-Authored-By: Alistair Coles <alistair.coles@hp.com> Closes-Bug: 1457691
2015-08-12 13:32:50 -07:00
self.kill_drive(failed_primary_device_path)
# overwrite our object with some new data
new_contents = Body()
client.put_object(self.url, self.token, container_name,
object_name, contents=new_contents)
self.assertNotEqual(new_contents.etag, old_contents.etag)
# restore failed primary device
self.revive_drive(failed_primary_device_path)
# sanity - failed node has old contents
req_headers = {'X-Backend-Storage-Policy-Index': int(self.policy)}
headers = direct_client.direct_head_object(
failed_primary, opart, self.account, container_name,
object_name, headers=req_headers)
self.assertEqual(headers['X-Object-Sysmeta-EC-Etag'],
Enable object body and metadata encryption Adds encryption middlewares. All object servers and proxy servers should be upgraded before introducing encryption middleware. Encryption middleware should be first introduced with the encryption middleware disable_encryption option set to True. Once all proxies have encryption middleware installed this option may be set to False (the default). Increases constraints.py:MAX_HEADER_COUNT by 4 to allow for headers generated by encryption-related middleware. Co-Authored-By: Tim Burke <tim.burke@gmail.com> Co-Authored-By: Christian Cachin <cca@zurich.ibm.com> Co-Authored-By: Mahati Chamarthy <mahati.chamarthy@gmail.com> Co-Authored-By: Peter Chng <pchng@ca.ibm.com> Co-Authored-By: Alistair Coles <alistair.coles@hpe.com> Co-Authored-By: Jonathan Hinson <jlhinson@us.ibm.com> Co-Authored-By: Hamdi Roumani <roumani@ca.ibm.com> UpgradeImpact Change-Id: Ie6db22697ceb1021baaa6bddcf8e41ae3acb5376
2016-06-07 15:01:32 +01:00
old_backend_etag)
EC GET path: require fragments to be of same set And if they are not, exhaust the node iter to go get more. The problem without this implementation is a simple overwrite where a GET follows before the handoff has put the newer obj back on the 'alive again' node such that the proxy gets n-1 fragments of the newest set and 1 of the older. This patch bucketizes the fragments by etag and if it doesn't have enough continues to exhaust the node iterator until it has a large enough matching set. Change-Id: Ib710a133ce1be278365067fd0d6610d80f1f7372 Co-Authored-By: Clay Gerrard <clay.gerrard@gmail.com> Co-Authored-By: Alistair Coles <alistair.coles@hp.com> Closes-Bug: 1457691
2015-08-12 13:32:50 -07:00
# we have 1 primary with wrong old etag, and we should have 5 with
# new etag plus a handoff with the new etag, so killing 2 other
# primaries forces proxy to try to GET from all primaries plus handoff.
other_nodes = [n for n in onodes if n != failed_primary]
random.shuffle(other_nodes)
Enable object body and metadata encryption Adds encryption middlewares. All object servers and proxy servers should be upgraded before introducing encryption middleware. Encryption middleware should be first introduced with the encryption middleware disable_encryption option set to True. Once all proxies have encryption middleware installed this option may be set to False (the default). Increases constraints.py:MAX_HEADER_COUNT by 4 to allow for headers generated by encryption-related middleware. Co-Authored-By: Tim Burke <tim.burke@gmail.com> Co-Authored-By: Christian Cachin <cca@zurich.ibm.com> Co-Authored-By: Mahati Chamarthy <mahati.chamarthy@gmail.com> Co-Authored-By: Peter Chng <pchng@ca.ibm.com> Co-Authored-By: Alistair Coles <alistair.coles@hpe.com> Co-Authored-By: Jonathan Hinson <jlhinson@us.ibm.com> Co-Authored-By: Hamdi Roumani <roumani@ca.ibm.com> UpgradeImpact Change-Id: Ie6db22697ceb1021baaa6bddcf8e41ae3acb5376
2016-06-07 15:01:32 +01:00
# grab the value of the new content's ec etag for future reference
headers = direct_client.direct_head_object(
other_nodes[0], opart, self.account, container_name,
object_name, headers=req_headers)
new_backend_etag = headers['X-Object-Sysmeta-EC-Etag']
EC GET path: require fragments to be of same set And if they are not, exhaust the node iter to go get more. The problem without this implementation is a simple overwrite where a GET follows before the handoff has put the newer obj back on the 'alive again' node such that the proxy gets n-1 fragments of the newest set and 1 of the older. This patch bucketizes the fragments by etag and if it doesn't have enough continues to exhaust the node iterator until it has a large enough matching set. Change-Id: Ib710a133ce1be278365067fd0d6610d80f1f7372 Co-Authored-By: Clay Gerrard <clay.gerrard@gmail.com> Co-Authored-By: Alistair Coles <alistair.coles@hp.com> Closes-Bug: 1457691
2015-08-12 13:32:50 -07:00
for node in other_nodes[:2]:
self.kill_drive(self.device_dir('object', node))
# sanity, after taking out two primaries we should be down to
# only four primaries, one of which has the old etag - but we
# also have a handoff with the new etag out there
found_frags = defaultdict(int)
req_headers = {'X-Backend-Storage-Policy-Index': int(self.policy)}
for node in onodes + list(self.object_ring.get_more_nodes(opart)):
try:
headers = direct_client.direct_head_object(
node, opart, self.account, container_name,
object_name, headers=req_headers)
except Exception:
continue
found_frags[headers['X-Object-Sysmeta-EC-Etag']] += 1
self.assertEqual(found_frags, {
Enable object body and metadata encryption Adds encryption middlewares. All object servers and proxy servers should be upgraded before introducing encryption middleware. Encryption middleware should be first introduced with the encryption middleware disable_encryption option set to True. Once all proxies have encryption middleware installed this option may be set to False (the default). Increases constraints.py:MAX_HEADER_COUNT by 4 to allow for headers generated by encryption-related middleware. Co-Authored-By: Tim Burke <tim.burke@gmail.com> Co-Authored-By: Christian Cachin <cca@zurich.ibm.com> Co-Authored-By: Mahati Chamarthy <mahati.chamarthy@gmail.com> Co-Authored-By: Peter Chng <pchng@ca.ibm.com> Co-Authored-By: Alistair Coles <alistair.coles@hpe.com> Co-Authored-By: Jonathan Hinson <jlhinson@us.ibm.com> Co-Authored-By: Hamdi Roumani <roumani@ca.ibm.com> UpgradeImpact Change-Id: Ie6db22697ceb1021baaa6bddcf8e41ae3acb5376
2016-06-07 15:01:32 +01:00
new_backend_etag: 4, # this should be enough to rebuild!
old_backend_etag: 1,
EC GET path: require fragments to be of same set And if they are not, exhaust the node iter to go get more. The problem without this implementation is a simple overwrite where a GET follows before the handoff has put the newer obj back on the 'alive again' node such that the proxy gets n-1 fragments of the newest set and 1 of the older. This patch bucketizes the fragments by etag and if it doesn't have enough continues to exhaust the node iterator until it has a large enough matching set. Change-Id: Ib710a133ce1be278365067fd0d6610d80f1f7372 Co-Authored-By: Clay Gerrard <clay.gerrard@gmail.com> Co-Authored-By: Alistair Coles <alistair.coles@hp.com> Closes-Bug: 1457691
2015-08-12 13:32:50 -07:00
})
# clear node error limiting
Manager(['proxy']).restart()
resp_etag = self.get_object(container_name, object_name)
self.assertEqual(resp_etag, new_contents.etag)
Add probetest for response with duplicate frags When an SSYNC connection fails after shipping a fragment, but before cleaning itself up - it can lead to multiple replicas of the same fragment index serviceable in the node_iter at the same time. Or perhaps more likely if a partner nodes win a race to rebuild waiting on a handoff. In this case, the proxy need not fail to service a GET just because of extra information. A similar guard was added to the reconstructor in a related change [1]. This underlying bug is acctually fixed by the related change [2], this probetest is just encoding the failure to help with future maintenance. 1. Related-Change: I91f3d4af52cbc66c9f7ce00726f247b5462e66f9 2. Related-Change: I2310981fd1c4622ff5d1a739cbcc59637ffe3fc3 Closes-Bug: 1624176 Change-Id: I06fc381a25613585dd18916d50e7ca2c68d406b6
2016-09-16 11:58:46 -07:00
def _check_nodes(self, opart, onodes, container_name, object_name):
found_frags = defaultdict(int)
req_headers = {'X-Backend-Storage-Policy-Index': int(self.policy)}
for node in onodes + list(self.object_ring.get_more_nodes(opart)):
try:
headers = direct_client.direct_head_object(
node, opart, self.account, container_name,
object_name, headers=req_headers)
except socket.error as e:
if e.errno != errno.ECONNREFUSED:
raise
except direct_client.DirectClientException as e:
if e.http_status != 404:
raise
else:
found_frags[headers['X-Object-Sysmeta-Ec-Frag-Index']] += 1
return found_frags
def test_ec_handoff_duplicate_available(self):
container_name = 'container-%s' % uuid4()
object_name = 'object-%s' % uuid4()
# create EC container
headers = {'X-Storage-Policy': self.policy.name}
client.put_container(self.url, self.token, container_name,
headers=headers)
# get our node lists
opart, onodes = self.object_ring.get_nodes(
self.account, container_name, object_name)
# find both primary servers that have both of their devices in
# the primary node list
group_nodes_by_config = defaultdict(list)
for n in onodes:
group_nodes_by_config[self.config_number(n)].append(n)
double_disk_primary = []
for config_number, node_list in group_nodes_by_config.items():
if len(node_list) > 1:
double_disk_primary.append((config_number, node_list))
# sanity, in a 4+2 with 8 disks two servers will be doubled
self.assertEqual(len(double_disk_primary), 2)
# shutdown the first double primary
primary0_config_number, primary0_node_list = double_disk_primary[0]
Manager(['object-server']).stop(number=primary0_config_number)
# PUT object
contents = Body()
client.put_object(self.url, self.token, container_name,
object_name, contents=contents)
# sanity fetch two frags on handoffs
handoff_frags = []
for node in self.object_ring.get_more_nodes(opart):
headers, data = direct_client.direct_get_object(
node, opart, self.account, container_name, object_name,
headers={'X-Backend-Storage-Policy-Index': int(self.policy)}
)
handoff_frags.append((node, headers, data))
# bring the first double primary back, and fail the other one
Manager(['object-server']).start(number=primary0_config_number)
primary1_config_number, primary1_node_list = double_disk_primary[1]
Manager(['object-server']).stop(number=primary1_config_number)
# we can still GET the object
resp_etag = self.get_object(container_name, object_name)
self.assertEqual(resp_etag, contents.etag)
# now start to "revert" the first handoff frag
node = primary0_node_list[0]
handoff_node, headers, data = handoff_frags[0]
# N.B. object server api returns quoted ETag
headers['ETag'] = headers['Etag'].strip('"')
headers['X-Backend-Storage-Policy-Index'] = int(self.policy)
direct_client.direct_put_object(
node, opart,
self.account, container_name, object_name,
contents=data, headers=headers)
# sanity - check available frags
frag2count = self._check_nodes(opart, onodes,
container_name, object_name)
# ... five frags total
self.assertEqual(sum(frag2count.values()), 5)
# ... only 4 unique indexes
self.assertEqual(len(frag2count), 4)
# we can still GET the object
resp_etag = self.get_object(container_name, object_name)
self.assertEqual(resp_etag, contents.etag)
# ... but we need both handoffs or we get a error
for handoff_node, hdrs, data in handoff_frags:
Manager(['object-server']).stop(
number=self.config_number(handoff_node))
with self.assertRaises(Exception) as cm:
self.get_object(container_name, object_name)
self.assertIn(cm.exception.http_status, (404, 503))
Manager(['object-server']).start(
number=self.config_number(handoff_node))
# fix everything
Manager(['object-server']).start(number=primary1_config_number)
Manager(["object-reconstructor"]).once()
# sanity - check available frags
frag2count = self._check_nodes(opart, onodes,
container_name, object_name)
# ... six frags total
self.assertEqual(sum(frag2count.values()), 6)
# ... all six unique
self.assertEqual(len(frag2count), 6)
Ignore 404s from handoffs for objects when calculating quorum We previously realized we needed to do that for accounts and containers where the consequences of treating the 404 as authoritative were more obvious: we'd cache the non-existence which prevented writes until it fell out of cache. The same basic logic applies for objects, though: if we see (Timeout, Timeout, Timeout, 404, 404, 404) on a triple-replica policy, we don't really have any reason to think that a 404 is appropriate. In fact, it seems reasonably likely that there's a thundering-herd problem where there are too many concurrent requests for data that *definitely is there*. By responding with a 503, we apply some back-pressure to clients, who hopefully have some exponential backoff in their retries. The situation gets a bit more complicated with erasure-coded data, but the same basic principle applies. We're just more likely to have confirmation that there *is* data out there, we just can't reconstruct it (right now). Note that we *still want to check* those handoffs, of course. Our fail-in-place strategy has us replicate (and, more recently, reconstruct) to handoffs to maintain durability; it'd be silly *not* to look. UpgradeImpact: -------------- Be aware that this may cause an increase in 503 Service Unavailable responses served by proxy-servers. However, this should more accurately reflect the state of the system. Co-Authored-By: Thiago da Silva <thiagodasilva@gmail.com> Change-Id: Ia832e9bab13167948f01bc50aa8a61974ce189fb Closes-Bug: #1837819 Related-Bug: #1833612 Related-Change: I53ed04b5de20c261ddd79c98c629580472e09961 Related-Change: Ief44ed39d97f65e4270bf73051da9a2dd0ddbaec
2019-07-22 12:38:30 -07:00
def test_ec_primary_timeout(self):
container_name = 'container-%s' % uuid4()
object_name = 'object-%s' % uuid4()
# create EC container
headers = {'X-Storage-Policy': self.policy.name}
client.put_container(self.url, self.token, container_name,
headers=headers)
# PUT object, should go to primary nodes
old_contents = Body()
client.put_object(self.url, self.token, container_name,
object_name, contents=old_contents)
# get our node lists
opart, onodes = self.object_ring.get_nodes(
self.account, container_name, object_name)
# shutdown three of the primary data nodes
for i in range(3):
failed_primary = onodes[i]
failed_primary_device_path = self.device_dir('object',
failed_primary)
self.kill_drive(failed_primary_device_path)
# Indirectly (i.e., through proxy) try to GET object, it should return
# a 503, since all primaries will Timeout and handoffs return a 404.
try:
client.get_object(self.url, self.token, container_name,
object_name)
except client.ClientException as err:
self.assertEqual(err.http_status, 503)
else:
self.fail("Expected ClientException but didn't get it")
# Send a delete to write down tombstones in the handoff nodes
client.delete_object(self.url, self.token, container_name, object_name)
# Now a new GET should return 404 because the handoff nodes
# return a 404 with a Tombstone.
try:
client.get_object(self.url, self.token, container_name,
object_name)
except client.ClientException as err:
self.assertEqual(err.http_status, 404)
else:
self.fail("Expected ClientException but didn't get it")
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
if __name__ == '__main__':
Updated probe tests The probe tests were woefully out of date with all the changes that have ocurred since they were written. I've updated most of them and removed some that are hopeless outdated. I also greatly improved the timing issues (hopefully completely solved them? I ran them 25 times with no problems) and made them pep8 1.3.1 safe. Change-Id: I8e9dbb6e7d6e04e293843b1dce1ded99d84e0348
2012-06-30 20:23:24 +00:00
main()
Copy Permalink