* Split the logic of write target initialization to different packages;
* Refactor patch and put services: since both service initialize the target
themselves.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
Since Go 1.22 a "for" statement with a "range" clause is able
to iterate through integer values from zero to an upper limit.
gopatch script:
@@
var i, e expression
@@
-for i := 0; i <= e - 1; i++ {
+for i := range e {
...
}
@@
var i, e expression
@@
-for i := 0; i <= e; i++ {
+for i := range e + 1 {
...
}
@@
var i, e expression
@@
-for i := 0; i < e; i++ {
+for i := range e {
...
}
Signed-off-by: Ekaterina Lebedeva <ekaterina.lebedeva@yadro.com>
The `TestGCDropsObjectInhumedFromWritecache` test was flaky because a
running asynchronous rebuild operation prevented GC from deleting the
object. A test-only shard option `WithDisabledRebuild` has been added
to fix this.
Signed-off-by: Aleksey Savchuk <a.savchuk@yadro.com>
exportloopref is deprecated.
gopatch:
```
@@
var index, value identifier
var slice expression
@@
for index, value := range slice {
...
-value := value
...
}
@@
var index, value identifier
var slice expression
@@
for index, value := range slice {
...
-index := index
...
}
@@
var value identifier
var channel expression
@@
for value := range channel {
...
-value := value
...
}
```
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
Benchmark results:
```
goos: linux
goarch: amd64
pkg: git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/pilorama
cpu: 11th Gen Intel(R) Core(TM) i5-1135G7 @ 2.40GHz
│ old │ new │
│ sec/op │ sec/op vs base │
ForestSortedIteration/bbolt,root-8 207.2µ ± 6% 173.6µ ± 6% -16.23% (p=0.000 n=10)
ForestSortedIteration/bbolt,leaf-8 3.910µ ± 5% 3.928µ ± 7% ~ (p=0.529 n=10)
geomean 28.46µ 26.11µ -8.27%
```
They are not representative, as the worst case is when we have multiple
items of different lengths. However, `FileName` is usually less than 100
in practice, so the asymptotics is the same.
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
Renamed parameters `min/max` to avoid conflicts with
predeclared identifiers.
Replaced background context with parent context without
cancellation in closer functions in frostfs-node.
Signed-off-by: Ekaterina Lebedeva <ekaterina.lebedeva@yadro.com>
When node put chunk into EC container, `policer` may remove it as redundant.
This chunk marked as removed. When parent object removed and `gc` start iterating over chunk,
node count removing chunk twice.
Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
* Also, resolve dependencies and conflicts for object service
by creating stub for `Patch` method.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
The synchronized service reload protocol added in systemd version 253
requires that the service provides a MONOTONIC_USEC field alongside the
RELOADING=1 notification message for synchronization purposes. The value
carried in this field must be the system CLOCK_MONOTONIC timestamp at
the time the notification message was generated as systemd compares it
to other CLOCK_MONOTONIC timestamps taken by pid1.
Signed-off-by: Ekaterina Lebedeva <ekaterina.lebedeva@yadro.com>
This reverts commit 327d364f34.
Reverted due to the problem with reload signal sent by systemd.
`frostfs-ir` service reconfigures correctly and service's
statuses are being reported to systemd. However, since we
replaced `go:linkname` & `nanotime()` with `time.Since()`,
systemd refuses to accept reload signal response from
`frostfs-ir`. To maintain correct behaviour it was decided to
revevrt systemd-related changes until a better solution is
found.
Signed-off-by: Ekaterina Lebedeva <ekaterina.lebedeva@yadro.com>
EC parent and split gc marks should be deleted after last EC chunk delete.
Also should delete split info for EC parent and split parent.
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
* Methods `Head`, `Get`, `GetRangeHash` should no longer use APE pre-checks
as that leads only to incorrect rule chain processing for requests:
1. Immediate return with `NoRuleFound` may be unexpected as some `Allow`
rule is actually defined but can't be matched yet as it gets no object
attributes;
2. Immdediate return with `Allow` may be incorrect as some `Deny` rule
is actually defined but can't bet matched yet as it gets no object
attirbutes;
3. Pre-check breaks compatibility for converted EACL-tables.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
It is required to save split parent ID too, not only split ID.
Otherwise inhume operation works incorrect: shard with last part may be skipped
and parent object will be available.
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
getSvc may change the values of some fields, so Head will affect Delete
or Put. In this case, the change is necessary so that the session token
is stored in the tombstone object (EC assemble calls `ForgetTokens`).
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
Now EC objects assembling is performed concurrently.
Also fixed issue with an error in case of getting
EC object via non-container node.
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
Previously we used pointer, this could have worked,
because most of the time, the netmap is cached.
This didn't work, however, because `lastNm` field was always nil.
Rework the mechanism completely:
1. Use epoch to track netmap versions, as it it simpler and
is unrelated to the TTL of an underlying cache.
2. Fix a bug where the epoch could change while mutex was unlocked.
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
* We used several utility functions to parse frostfsid client
subject and extended subject. However, following the changes
in TrueCloudLab/frostfs-contract#97, these utility functions
have become public. So there is no more need to have them here.
* There was a mismatch of slice parameter required length between
frostfs-node's and frostfs-contract's utility functions,
`checkStackItem()` solves this problem.
Signed-off-by: Ekaterina Lebedeva <ekaterina.lebedeva@yadro.com>
When AddByPath() is called concurrently on 2 different nodes,
internal path components may be created twice. This violates some
of our assumptions in GetByPath() and, indirectly, in S3 handling of
GetSubTree() results.
Add a test for the correct behaviour, fixes will follow.
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
* Make session token expired at `current_epoch + 1` but
not at `current_epoch` when it's still valid.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
* Refactor object and tree service - they should instantiate
chain router cheking the bearer token. If there are no bearer
token rules, then defaul chain router is used.
* Fix unit-tests.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
* Unlike default chain router, `BearerChainFedRouter` performs checks for
overrides defined in the bearer token;
* Add unit-test for the introduced router.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
* `getStreamBasicChecker` must define `containerOwner` for backward checks,
otherwise bearer token cannot be validated for the token issuer.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
We used several utility functions to parse frostfsid client
subject and extended subject. However, following the changes
in TrueCloudLab/frostfs-contract#97, these utility functions
have become public. So there is no more need to have them here.
Signed-off-by: Ekaterina Lebedeva <ekaterina.lebedeva@yadro.com>
For REP updating split info is handled explicitly by a high-level PUT logic.
For EC it is trickier, because the address of an object we put is only
distantly related to a split info.
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
* If EC-parent is a part of Split itself, then save to root bucket
its parent;
* If EC-parent is not a part of Split itself, then save to root bucket
OID of this EC-parent.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
* Resolve conflicts for apemanager since api-go
contains ape and apemanager packages and SDK only
ape package.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
Required to work with neo-go v0.106.0 node
with default hardfork configuration. Without
neo-go client version bump, it throws error.
failed to get network magic: unexpected hardfork: Cockatrice
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
* Introduce grpc server for apemanager service and
its implementation in `pkg/services/apemanager`.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
* `ProxyVerificationContractStorage` uses Proxy contract as a cosigner.
* `ProxyVerificationContractStorage` recreates a contract storage for each handler
invocation because of an issue: rpc-actor from morph client may be expired. This
way won't create a bottlenecks because it is expected that this contract storage
implementation will be used not so often.
* Make morph client return `RPCActor` (that is websocket client in fact).
* Make `SwitchRPCGuardedActor` return `RPCActor` as it will be used for
`ProxyVerificationContractStorage`.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
* `GetECHeader` is not correct way to determine if an object's got
EC-header: `ECHeader` must be used for that.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
* Update go.mod with a new version of policy-engine pacakge.
* Adapt SwitchRPCGuardedActor to ContractStorage interface.
* Fix `frostfs-adm` util.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
* `FormFrostfsIDRequestProperties` gets user claim tags and group id and sets them
as ape request properties.
* Make tree, container and object service use the method.
* Fix unit-tests.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
They are mostly useless unless we need to _debug_ a specific issue.
The amount of logs we produce is too big.
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
* Make `verifyClient` method perform APE check if a container
was created with zero-filled basic ACL.
* Object verbs are used in APE, until tree verbs are introduced.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
DB value is only valid while the tx is alive.
But handler may to run something in other goroutine.
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
If blobovnicza contains objects larger than object size parameter
value, then rebuild fails with an error, because there is no such
bucket in database. This commit forces to create bucket on rebuild.
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
metabase.Open() now reports metabase mode metric. shard.UpdateID()
needs to read shard ID from metabase => needs to open metabase.
It caused reporting 'shard undefined' metrics. To avoid reporting
wrong metrics metabase.GetShardID() was added which also opens
metabase and does not report metrics.
Signed-off-by: Ekaterina Lebedeva <ekaterina.lebedeva@yadro.com>
It used to always show CLOSED regardless of actual mode.
Now metric represents actual metabase mode of operations.
Signed-off-by: Ekaterina Lebedeva <ekaterina.lebedeva@yadro.com>
It used to always show CLOSED after setting shard mode
to read-only regardless of actual mode.
Now metric represents actual blobstor mode of operations.
Signed-off-by: Ekaterina Lebedeva <ekaterina.lebedeva@yadro.com>
No big deal, but it is called multiple times in sorting routine, this
easily results in 20 allocations per group traversal.
```
goos: linux
goarch: amd64
pkg: git.frostfs.info/TrueCloudLab/frostfs-node/pkg/network
cpu: 11th Gen Intel(R) Core(TM) i5-1135G7 @ 2.40GHz
│ old │ new │
│ sec/op │ sec/op vs base │
AddressTLSEnabled-8 184.6n ± 1% 103.3n ± 6% -44.04% (p=0.000 n=10)
│ old │ new │
│ B/op │ B/op vs base │
AddressTLSEnabled-8 704.0 ± 0% 0.0 ± 0% -100.00% (p=0.000 n=10)
│ old │ new │
│ allocs/op │ allocs/op vs base │
AddressTLSEnabled-8 1.000 ± 0% 0.000 ± 0% -100.00% (p=0.000 n=10)
```
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
* Introduce ContainerOwner field in RequestContext.
* Set ContainerOwner in aclv2 middleware.
* Set PropertyKeyContainerOwnerID for object ape request.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
* Skip APE check if a role is Container.
* Skip APE check if a role is IR and methods are get-like.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
`fmt.Errorf can be replaced with errors.New` and `fmt.Sprintf can be replaced with string addition`
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
* Remove removed flag in service.proto for RemoveChainLocalOverrideResponse.
* Regenerate control API.
* Return error only if RemoveOverride returns non-NotFound code.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
* If APE check returns NoRuleFound, then it is taken for request deny.
* Add more unit-test for ape container middleware.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
* Soft APE check means that APE should allow request even
it gets status NoRuleFound for a request. Otherwise,
it is interpreted as Deny.
* Soft APE check is performed if basic ACL mask is not set.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>