From c11808ecc55c62022ab286f9044670972f824c87 Mon Sep 17 00:00:00 2001 From: vrde Date: Thu, 23 Feb 2017 17:20:21 +0100 Subject: [PATCH 001/283] Move common stuff to generic Connection class --- bigchaindb/__init__.py | 4 ++ bigchaindb/backend/connection.py | 54 ++++++++++++++- bigchaindb/backend/mongodb/connection.py | 79 ++++++---------------- bigchaindb/backend/rethinkdb/connection.py | 51 ++------------ tests/backend/mongodb/test_admin.py | 2 +- tests/test_config_utils.py | 5 ++ tests/test_core.py | 2 + 7 files changed, 90 insertions(+), 107 deletions(-) diff --git a/bigchaindb/__init__.py b/bigchaindb/__init__.py index 10e9e6ce..1df2551c 100644 --- a/bigchaindb/__init__.py +++ b/bigchaindb/__init__.py @@ -10,6 +10,8 @@ _database_rethinkdb = { 'host': os.environ.get('BIGCHAINDB_DATABASE_HOST', 'localhost'), 'port': int(os.environ.get('BIGCHAINDB_DATABASE_PORT', 28015)), 'name': os.environ.get('BIGCHAINDB_DATABASE_NAME', 'bigchain'), + 'connection_timeout': 5000, + 'max_tries': 3, } _database_mongodb = { @@ -18,6 +20,8 @@ _database_mongodb = { 'port': int(os.environ.get('BIGCHAINDB_DATABASE_PORT', 27017)), 'name': os.environ.get('BIGCHAINDB_DATABASE_NAME', 'bigchain'), 'replicaset': os.environ.get('BIGCHAINDB_DATABASE_REPLICASET', 'bigchain-rs'), + 'connection_timeout': 5000, + 'max_tries': 3, } _database_map = { diff --git a/bigchaindb/backend/connection.py b/bigchaindb/backend/connection.py index df21321d..d0913cf6 100644 --- a/bigchaindb/backend/connection.py +++ b/bigchaindb/backend/connection.py @@ -1,8 +1,10 @@ +from itertools import repeat from importlib import import_module import logging import bigchaindb from bigchaindb.common.exceptions import ConfigurationError +from bigchaindb.backend.exceptions import ConnectionError BACKENDS = { @@ -13,7 +15,8 @@ BACKENDS = { logger = logging.getLogger(__name__) -def connect(backend=None, host=None, port=None, name=None, replicaset=None): +def connect(backend=None, host=None, port=None, name=None, max_tries=None, + connection_timeout=None, replicaset=None): """Create a new connection to the database backend. All arguments default to the current configuration's values if not @@ -58,7 +61,7 @@ def connect(backend=None, host=None, port=None, name=None, replicaset=None): raise ConfigurationError('Error loading backend `{}`'.format(backend)) from exc logger.debug('Connection: {}'.format(Class)) - return Class(host, port, dbname, replicaset=replicaset) + return Class(host=host, port=port, dbname=dbname, replicaset=replicaset) class Connection: @@ -68,17 +71,41 @@ class Connection: from and implements this class. """ - def __init__(self, host=None, port=None, dbname=None, *args, **kwargs): + def __init__(self, host=None, port=None, dbname=None, + connection_timeout=None, max_tries=None, + **kwargs): """Create a new :class:`~.Connection` instance. Args: host (str): the host to connect to. port (int): the port to connect to. dbname (str): the name of the database to use. + connection_timeout (int, optional): the milliseconds to wait + until timing out the database connection attempt. + Defaults to 5000ms. + max_tries (int, optional): how many tries before giving up, + if 0 then try forever. Defaults to 3. **kwargs: arbitrary keyword arguments provided by the configuration's ``database`` settings """ + dbconf = bigchaindb.config['database'] + + self.host = host or dbconf['host'] + self.port = port or dbconf['port'] + self.dbname = dbname or dbconf['name'] + self.connection_timeout = connection_timeout if connection_timeout is not None\ + else dbconf['connection_timeout'] + self.max_tries = max_tries if max_tries is not None else dbconf['max_tries'] + self.max_tries_counter = range(self.max_tries) if self.max_tries != 0 else repeat(0) + self._conn = None + + @property + def conn(self): + if self._conn is None: + self.connect() + return self._conn + def run(self, query): """Run a query. @@ -94,3 +121,24 @@ class Connection: """ raise NotImplementedError() + + def connect(self): + """Try to connect to the database. + + Raises: + :exc:`~ConnectionError`: If the connection to the database + fails. + """ + + attempt = 0 + for i in self.max_tries_counter: + attempt += 1 + try: + self._conn = self._connect() + except ConnectionError as exc: + logger.warning('Attempt %s/%s. Connection to %s:%s failed after %sms.', + attempt, self.max_tries if self.max_tries != 0 else '∞', + self.host, self.port, self.connection_timeout) + if attempt == self.max_tries: + logger.critical('Cannot connect to the Database. Giving up.') + raise ConnectionError() from exc diff --git a/bigchaindb/backend/mongodb/connection.py b/bigchaindb/backend/mongodb/connection.py index d01d5861..271d0e8e 100644 --- a/bigchaindb/backend/mongodb/connection.py +++ b/bigchaindb/backend/mongodb/connection.py @@ -1,6 +1,5 @@ import time import logging -from itertools import repeat import pymongo @@ -15,46 +14,20 @@ from bigchaindb.backend.connection import Connection logger = logging.getLogger(__name__) -# TODO: waiting for #1082 to be merged -# to move this constants in the configuration. - -CONNECTION_TIMEOUT = 4000 # in milliseconds -MAX_RETRIES = 3 # number of tries before giving up, if 0 then try forever - - class MongoDBConnection(Connection): - def __init__(self, host=None, port=None, dbname=None, - connection_timeout=None, max_tries=None, - replicaset=None): + def __init__(self, replicaset=None, **kwargs): """Create a new Connection instance. Args: - host (str, optional): the host to connect to. - port (int, optional): the port to connect to. - dbname (str, optional): the database to use. - connection_timeout (int, optional): the milliseconds to wait - until timing out the database connection attempt. - max_tries (int, optional): how many tries before giving up, - if 0 then try forever. replicaset (str, optional): the name of the replica set to connect to. + **kwargs: arbitrary keyword arguments provided by the + configuration's ``database`` settings """ - self.host = host or bigchaindb.config['database']['host'] - self.port = port or bigchaindb.config['database']['port'] + super().__init__(**kwargs) self.replicaset = replicaset or bigchaindb.config['database']['replicaset'] - self.dbname = dbname or bigchaindb.config['database']['name'] - self.connection_timeout = connection_timeout if connection_timeout is not None else CONNECTION_TIMEOUT - self.max_tries = max_tries if max_tries is not None else MAX_RETRIES - self.max_tries_counter = range(self.max_tries) if self.max_tries != 0 else repeat(0) - self.connection = None - - @property - def conn(self): - if self.connection is None: - self._connect() - return self.connection @property def db(self): @@ -94,34 +67,23 @@ class MongoDBConnection(Connection): fails. """ - attempt = 0 - for i in self.max_tries_counter: - attempt += 1 + try: + # we should only return a connection if the replica set is + # initialized. initialize_replica_set will check if the + # replica set is initialized else it will initialize it. + initialize_replica_set(self.host, self.port, self.connection_timeout) - try: - # we should only return a connection if the replica set is - # initialized. initialize_replica_set will check if the - # replica set is initialized else it will initialize it. - initialize_replica_set(self.host, self.port, self.connection_timeout) + # FYI: this might raise a `ServerSelectionTimeoutError`, + # that is a subclass of `ConnectionFailure`. + return pymongo.MongoClient(self.host, + self.port, + replicaset=self.replicaset, + serverselectiontimeoutms=self.connection_timeout) - # FYI: this might raise a `ServerSelectionTimeoutError`, - # that is a subclass of `ConnectionFailure`. - self.connection = pymongo.MongoClient(self.host, - self.port, - replicaset=self.replicaset, - serverselectiontimeoutms=self.connection_timeout) - - # `initialize_replica_set` might raise `ConnectionFailure` or `OperationFailure`. - except (pymongo.errors.ConnectionFailure, - pymongo.errors.OperationFailure) as exc: - logger.warning('Attempt %s/%s. Connection to %s:%s failed after %sms.', - attempt, self.max_tries if self.max_tries != 0 else '∞', - self.host, self.port, self.connection_timeout) - if attempt == self.max_tries: - logger.critical('Cannot connect to the Database. Giving up.') - raise ConnectionError() from exc - else: - break + # `initialize_replica_set` might raise `ConnectionFailure` or `OperationFailure`. + except (pymongo.errors.ConnectionFailure, + pymongo.errors.OperationFailure) as exc: + raise ConnectionError() from exc def initialize_replica_set(host, port, connection_timeout): @@ -166,9 +128,10 @@ def _check_replica_set(conn): replSet option. """ options = conn.admin.command('getCmdLineOpts') + print(options) try: repl_opts = options['parsed']['replication'] - repl_set_name = repl_opts.get('replSetName', None) or repl_opts['replSet'] + repl_set_name = repl_opts.get('replSetName', repl_opts.get('replSet')) except KeyError: raise ConfigurationError('mongod was not started with' ' the replSet option.') diff --git a/bigchaindb/backend/rethinkdb/connection.py b/bigchaindb/backend/rethinkdb/connection.py index 988573f6..e4d2c524 100644 --- a/bigchaindb/backend/rethinkdb/connection.py +++ b/bigchaindb/backend/rethinkdb/connection.py @@ -1,11 +1,7 @@ -import time -import logging - import rethinkdb as r from bigchaindb.backend.connection import Connection - -logger = logging.getLogger(__name__) +from bigchaindb.backend.exceptions import ConnectionError class RethinkDBConnection(Connection): @@ -17,23 +13,6 @@ class RethinkDBConnection(Connection): more times to run the query or open a connection. """ - def __init__(self, host, port, dbname, max_tries=3, **kwargs): - """Create a new :class:`~.RethinkDBConnection` instance. - - See :meth:`.Connection.__init__` for - :attr:`host`, :attr:`port`, and :attr:`dbname`. - - Args: - max_tries (int, optional): how many tries before giving up. - Defaults to 3. - """ - - self.host = host - self.port = port - self.dbname = dbname - self.max_tries = max_tries - self.conn = None - def run(self, query): """Run a RethinkDB query. @@ -45,16 +24,7 @@ class RethinkDBConnection(Connection): :attr:`~.RethinkDBConnection.max_tries`. """ - if self.conn is None: - self._connect() - - for i in range(self.max_tries): - try: - return query.run(self.conn) - except r.ReqlDriverError: - if i + 1 == self.max_tries: - raise - self._connect() + return query.run(self.conn) def _connect(self): """Set a connection to RethinkDB. @@ -66,16 +36,7 @@ class RethinkDBConnection(Connection): :attr:`~.RethinkDBConnection.max_tries`. """ - for i in range(1, self.max_tries + 1): - logging.debug('Connecting to database %s:%s/%s. (Attempt %s/%s)', - self.host, self.port, self.dbname, i, self.max_tries) - try: - self.conn = r.connect(host=self.host, port=self.port, db=self.dbname) - except r.ReqlDriverError: - if i == self.max_tries: - raise - wait_time = 2**i - logging.debug('Error connecting to database, waiting %ss', wait_time) - time.sleep(wait_time) - else: - break + try: + return r.connect(host=self.host, port=self.port, db=self.dbname) + except r.ReqlDriverError as exc: + raise ConnectionError() from exc diff --git a/tests/backend/mongodb/test_admin.py b/tests/backend/mongodb/test_admin.py index 148c853a..075ea2f9 100644 --- a/tests/backend/mongodb/test_admin.py +++ b/tests/backend/mongodb/test_admin.py @@ -40,7 +40,7 @@ def connection(): # executed to make sure that the replica set is correctly initialized. # Here we force the the connection setup so that all required # `Database.command` are executed before we mock them it in the tests. - connection._connect() + connection.connect() return connection diff --git a/tests/test_config_utils.py b/tests/test_config_utils.py index d69b789a..727c3ba3 100644 --- a/tests/test_config_utils.py +++ b/tests/test_config_utils.py @@ -139,12 +139,17 @@ def test_autoconfigure_read_both_from_file_and_env(monkeypatch, request): 'host': DATABASE_HOST, 'port': DATABASE_PORT, 'name': DATABASE_NAME, + 'connection_timeout': 5000, + 'max_tries': 3 } + database_mongodb = { 'backend': 'mongodb', 'host': DATABASE_HOST, 'port': DATABASE_PORT, 'name': DATABASE_NAME, + 'connection_timeout': 5000, + 'max_tries': 3, 'replicaset': 'bigchain-rs', } diff --git a/tests/test_core.py b/tests/test_core.py index 6bcabdc9..f6f56ed1 100644 --- a/tests/test_core.py +++ b/tests/test_core.py @@ -10,6 +10,8 @@ def config(request, monkeypatch): 'port': 28015, 'name': 'bigchain', 'replicaset': 'bigchain-rs', + 'connection_timeout': 5000, + 'max_tries': 3 }, 'keypair': { 'public': 'pubkey', From dbfcce34e73e71b9ea5a7c417c23377ac6ef24d1 Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Thu, 23 Feb 2017 12:07:38 +0100 Subject: [PATCH 002/283] voting.py --- bigchaindb/voting.py | 47 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 bigchaindb/voting.py diff --git a/bigchaindb/voting.py b/bigchaindb/voting.py new file mode 100644 index 00000000..0138e783 --- /dev/null +++ b/bigchaindb/voting.py @@ -0,0 +1,47 @@ +import collections + + +def filter_eligible_votes(votes, block_voters, keyring, check_signature): + """ + Filter votes from unknown nodes or nodes that are not listed on + block. Here is our sybill protection. + """ + eligible_voters = set(keyring) & set(block_voters) + eligible_votes = [] + + for vote in votes: + pubkey = vote['node_pubkey'] + voter_eligible = pubkey in eligible_voters + sig_legit = sig_is_legit(vote) + if voter_eligible and sig_legit: + eligible_votes[pubkey].append(vote) + + return eligible_votes + + +def count_votes(eligible_votes, check_schema): + by_voter = collections.defaultdict(list) + for vote in eligible_votes: + by_voter[vote['node_pubkey']].append(vote) + + n_valid = 0 + n_invalid = 0 + prev_blocks = collections.Counter() + + for pubkey, votes in by_voter.items(): + if len(votes) > 1 or not schema_is_correct(votes[0]): + n_invalid += 1 + continue + + vote = votes[0] + prev_blocks[vote['vote']['previous_block']] += 1 + if vote['vote']['is_block_valid']: + n_valid += 1 + else: + n_invalid += 1 + + return { + 'valid': n_valid, + 'invalid': n_invalid, + 'prev_block': prev_blocks.most_common()[0] + } From d71e560ba4b29c868cec497183054c1d8fede861 Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Thu, 23 Feb 2017 15:08:06 +0100 Subject: [PATCH 003/283] flesh out voting module --- bigchaindb/voting.py | 84 +++++++++++++++++++++++++++++++++++--------- tests/test_voting.py | 61 ++++++++++++++++++++++++++++++++ 2 files changed, 129 insertions(+), 16 deletions(-) create mode 100644 tests/test_voting.py diff --git a/bigchaindb/voting.py b/bigchaindb/voting.py index 0138e783..159f631f 100644 --- a/bigchaindb/voting.py +++ b/bigchaindb/voting.py @@ -1,25 +1,41 @@ +""" +Everything to do with creating and checking votes. +All functions in this module should be referentially transparent, that is, +they always give the same output for a given input. This makes it easier +to test. +""" import collections -def filter_eligible_votes(votes, block_voters, keyring, check_signature): +def partition_eligible_votes(votes, eligible_voters, verify_vote_signature): """ Filter votes from unknown nodes or nodes that are not listed on - block. Here is our sybill protection. + block. This is the primary Sybill protection. """ - eligible_voters = set(keyring) & set(block_voters) - eligible_votes = [] + eligible, ineligible = ([], []) for vote in votes: - pubkey = vote['node_pubkey'] - voter_eligible = pubkey in eligible_voters - sig_legit = sig_is_legit(vote) - if voter_eligible and sig_legit: - eligible_votes[pubkey].append(vote) + voter_eligible = vote['node_pubkey'] in eligible_voters + if voter_eligible and verify_vote_signature(vote): + eligible.append(vote) + else: + ineligible.append(vote) - return eligible_votes + return eligible, ineligible -def count_votes(eligible_votes, check_schema): +def count_votes(eligible_votes): + """ + Given a list of eligible votes, (votes from known nodes that are listed + as voters), count the votes to produce three quantities: + + Number of votes that say valid + Number of votes that say invalid + Highest agreement on previous block ID + + Also, detect if there are multiple votes from a single node and return them + in a separate "cheat" dictionary. + """ by_voter = collections.defaultdict(list) for vote in eligible_votes: by_voter[vote['node_pubkey']].append(vote) @@ -27,9 +43,11 @@ def count_votes(eligible_votes, check_schema): n_valid = 0 n_invalid = 0 prev_blocks = collections.Counter() + cheat = {} for pubkey, votes in by_voter.items(): - if len(votes) > 1 or not schema_is_correct(votes[0]): + if len(votes) > 1: + cheat[pubkey] = votes n_invalid += 1 continue @@ -41,7 +59,41 @@ def count_votes(eligible_votes, check_schema): n_invalid += 1 return { - 'valid': n_valid, - 'invalid': n_invalid, - 'prev_block': prev_blocks.most_common()[0] - } + 'n_valid': n_valid, + 'n_invalid': n_invalid, + 'n_agree_prev_block': prev_blocks.most_common()[0][1] + }, cheat + + +def decide_votes(n_voters, n_valid, n_invalid, n_agree_prev_block): + """ + Decide on votes. + + To return VALID there must be a clear majority that say VALID + and also agree on the previous block. This is achieved using the > operator. + + A tie on an even number of votes counts as INVALID so the >= operator is + used. + """ + + # Check insane cases. This is basic, not exhaustive. + if n_valid + n_invalid > n_voters or n_agree_prev_block > n_voters: + raise ValueError('Arguments not sane: %s' % { + 'n_voters': n_voters, + 'n_valid': n_valid, + 'n_invalid': n_invalid, + 'n_agree_prev_block': n_agree_prev_block, + }) + + if n_invalid * 2 >= n_voters: + return INVALID + if n_valid * 2 > n_voters: + if n_agree_prev_block * 2 > n_voters: + return VALID + return INVALID + return UNDECIDED + + +INVALID = 'invalid' +VALID = TX_VALID = 'valid' +UNDECIDED = TX_UNDECIDED = 'undecided' diff --git a/tests/test_voting.py b/tests/test_voting.py new file mode 100644 index 00000000..67c5c284 --- /dev/null +++ b/tests/test_voting.py @@ -0,0 +1,61 @@ +import pytest + +from bigchaindb.core import Bigchain +from bigchaindb.voting import (count_votes, partition_eligible_votes, + decide_votes, INVALID, VALID, UNDECIDED) + + +def test_partition_eligible_votes(): + nodes = list(map(Bigchain, 'abc')) + votes = [n.vote('block', 'a', True) for n in nodes] + + el, inel = partition_eligible_votes(votes, 'abc', lambda _: True) + + assert el == votes + assert inel == [] + + +def test_count_votes(): + nodes = list(map(Bigchain, 'abc')) + votes = [n.vote('block', 'a', True) for n in nodes] + + assert count_votes(votes) == ({ + 'n_valid': 3, + 'n_invalid': 0, + 'n_agree_prev_block': 3 + }, {}) + + +DECISION_TESTS = [dict( + zip(['n_voters', 'n_valid', 'n_invalid', 'n_agree_prev_block'], t)) + for t in [ + (1, 1, 1, 1), + (2, 2, 1, 2), + (3, 2, 2, 2), + (4, 3, 2, 3), + (5, 3, 3, 3), + (6, 4, 3, 4), + (7, 4, 4, 4), + (8, 5, 4, 5), + ] +] + + +@pytest.mark.parametrize('kwargs', DECISION_TESTS) +def test_decide_votes_valid(kwargs): + kwargs = kwargs.copy() + kwargs['n_invalid'] = 0 + assert decide_votes(**kwargs) == VALID + kwargs['n_agree_prev_block'] -= 1 + assert decide_votes(**kwargs) == INVALID + kwargs['n_valid'] -= 1 + assert decide_votes(**kwargs) == UNDECIDED + + +@pytest.mark.parametrize('kwargs', DECISION_TESTS) +def test_decide_votes_invalid(kwargs): + kwargs = kwargs.copy() + kwargs['n_valid'] = 0 + assert decide_votes(**kwargs) == INVALID + kwargs['n_invalid'] -= 1 + assert decide_votes(**kwargs) == UNDECIDED From 20f6539e10a7fa674b7a4c1f72597b1ca59bf82c Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Thu, 23 Feb 2017 17:29:46 +0100 Subject: [PATCH 004/283] check count_votes invalid input --- bigchaindb/voting.py | 10 +++++----- tests/test_voting.py | 17 +++++++++++++++++ 2 files changed, 22 insertions(+), 5 deletions(-) diff --git a/bigchaindb/voting.py b/bigchaindb/voting.py index 159f631f..af12f691 100644 --- a/bigchaindb/voting.py +++ b/bigchaindb/voting.py @@ -7,6 +7,11 @@ to test. import collections +VALID = 'valid' +INVALID = 'invalid' +UNDECIDED = 'undecided' + + def partition_eligible_votes(votes, eligible_voters, verify_vote_signature): """ Filter votes from unknown nodes or nodes that are not listed on @@ -92,8 +97,3 @@ def decide_votes(n_voters, n_valid, n_invalid, n_agree_prev_block): return VALID return INVALID return UNDECIDED - - -INVALID = 'invalid' -VALID = TX_VALID = 'valid' -UNDECIDED = TX_UNDECIDED = 'undecided' diff --git a/tests/test_voting.py b/tests/test_voting.py index 67c5c284..33be2fde 100644 --- a/tests/test_voting.py +++ b/tests/test_voting.py @@ -5,6 +5,10 @@ from bigchaindb.voting import (count_votes, partition_eligible_votes, decide_votes, INVALID, VALID, UNDECIDED) +################################################################################ +# Tests for checking vote eligibility + + def test_partition_eligible_votes(): nodes = list(map(Bigchain, 'abc')) votes = [n.vote('block', 'a', True) for n in nodes] @@ -26,6 +30,10 @@ def test_count_votes(): }, {}) +################################################################################ +# Tests for vote decision making + + DECISION_TESTS = [dict( zip(['n_voters', 'n_valid', 'n_invalid', 'n_agree_prev_block'], t)) for t in [ @@ -59,3 +67,12 @@ def test_decide_votes_invalid(kwargs): assert decide_votes(**kwargs) == INVALID kwargs['n_invalid'] -= 1 assert decide_votes(**kwargs) == UNDECIDED + + +def test_decide_votes_checks_arguments(): + with pytest.raises(ValueError): + decide_votes(n_voters=1, n_valid=2, n_invalid=0, n_agree_prev_block=0) + with pytest.raises(ValueError): + decide_votes(n_voters=1, n_valid=0, n_invalid=2, n_agree_prev_block=0) + with pytest.raises(ValueError): + decide_votes(n_voters=1, n_valid=0, n_invalid=0, n_agree_prev_block=2) From fdad8cd79687fc78f45fead2b748a4cb6cb113c5 Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Thu, 23 Feb 2017 17:58:08 +0100 Subject: [PATCH 005/283] Static Classify Voting --- bigchaindb/voting.py | 238 +++++++++++++++++++++++++++---------------- tests/test_voting.py | 36 ++++--- 2 files changed, 174 insertions(+), 100 deletions(-) diff --git a/bigchaindb/voting.py b/bigchaindb/voting.py index af12f691..dcef47b6 100644 --- a/bigchaindb/voting.py +++ b/bigchaindb/voting.py @@ -1,10 +1,7 @@ -""" -Everything to do with creating and checking votes. -All functions in this module should be referentially transparent, that is, -they always give the same output for a given input. This makes it easier -to test. -""" import collections +from bigchaindb.common.schema import SchemaValidationError, validate_vote_schema +from bigchaindb.common.utils import serialize +from bigchaindb.common.crypto import PublicKey VALID = 'valid' @@ -12,88 +9,159 @@ INVALID = 'invalid' UNDECIDED = 'undecided' -def partition_eligible_votes(votes, eligible_voters, verify_vote_signature): +class Voting: """ - Filter votes from unknown nodes or nodes that are not listed on - block. This is the primary Sybill protection. - """ - eligible, ineligible = ([], []) + Everything to do with creating and checking votes. - for vote in votes: - voter_eligible = vote['node_pubkey'] in eligible_voters - if voter_eligible and verify_vote_signature(vote): - eligible.append(vote) - else: - ineligible.append(vote) + All functions in this class should be referentially transparent, that is, + they always give the same output for a given input. This makes it easier + to test. This also means no logging! - return eligible, ineligible - - -def count_votes(eligible_votes): - """ - Given a list of eligible votes, (votes from known nodes that are listed - as voters), count the votes to produce three quantities: - - Number of votes that say valid - Number of votes that say invalid - Highest agreement on previous block ID - - Also, detect if there are multiple votes from a single node and return them - in a separate "cheat" dictionary. - """ - by_voter = collections.defaultdict(list) - for vote in eligible_votes: - by_voter[vote['node_pubkey']].append(vote) - - n_valid = 0 - n_invalid = 0 - prev_blocks = collections.Counter() - cheat = {} - - for pubkey, votes in by_voter.items(): - if len(votes) > 1: - cheat[pubkey] = votes - n_invalid += 1 - continue - - vote = votes[0] - prev_blocks[vote['vote']['previous_block']] += 1 - if vote['vote']['is_block_valid']: - n_valid += 1 - else: - n_invalid += 1 - - return { - 'n_valid': n_valid, - 'n_invalid': n_invalid, - 'n_agree_prev_block': prev_blocks.most_common()[0][1] - }, cheat - - -def decide_votes(n_voters, n_valid, n_invalid, n_agree_prev_block): - """ - Decide on votes. - - To return VALID there must be a clear majority that say VALID - and also agree on the previous block. This is achieved using the > operator. - - A tie on an even number of votes counts as INVALID so the >= operator is - used. + Assumptions regarding data: + * Vote is a dictionary, but it is not assumed that any properties are. + * Everything else is assumed to be structurally correct, otherwise errors + may be thrown. """ - # Check insane cases. This is basic, not exhaustive. - if n_valid + n_invalid > n_voters or n_agree_prev_block > n_voters: - raise ValueError('Arguments not sane: %s' % { - 'n_voters': n_voters, - 'n_valid': n_valid, - 'n_invalid': n_invalid, - 'n_agree_prev_block': n_agree_prev_block, - }) + @classmethod + def block_election(cls, block, votes, keyring): + """ + Calculate the election status of a block. + """ + eligible_voters = set(block['voters']) & set(keyring) + eligible_votes, ineligible_votes = \ + cls.partition_eligible_votes(votes, eligible_voters) + results = cls.count_votes(eligible_votes) + results['status'] = decide_votes(results['counts']) + results['ineligible'] = ineligible_votes + return results - if n_invalid * 2 >= n_voters: - return INVALID - if n_valid * 2 > n_voters: - if n_agree_prev_block * 2 > n_voters: - return VALID - return INVALID - return UNDECIDED + @classmethod + def partition_eligible_votes(cls, votes, eligible_voters): + """ + Filter votes from unknown nodes or nodes that are not listed on + block. This is the primary Sybill protection. + """ + eligible, ineligible = ([], []) + + for vote in votes: + voter_eligible = vote.get('node_pubkey') in eligible_voters + if voter_eligible and cls.verify_vote_signature(vote): + eligible.append(vote) + else: + ineligible.append(vote) + + return eligible, ineligible + + @classmethod + def count_votes(cls, eligible_votes): + """ + Given a list of eligible votes, (votes from known nodes that are listed + as voters), count the votes to produce three quantities: + + Number of votes that say valid + Number of votes that say invalid + Highest agreement on previous block ID + + Also, detect if there are multiple votes from a single node and return them + in a separate "cheat" dictionary. + """ + by_voter = collections.defaultdict(list) + for vote in eligible_votes: + by_voter[vote['node_pubkey']].append(vote) + + n_valid = 0 + n_invalid = 0 + prev_blocks = collections.Counter() + cheat = [] + malformed = [] + + for pubkey, votes in by_voter.items(): + if len(votes) > 1: + cheat.append(votes) + n_invalid += 1 + continue + + vote = votes[0] + + if not cls.verify_vote_schema(vote): + malformed.append(vote) + n_invalid += 1 + continue + + prev_blocks[vote['vote']['previous_block']] += 1 + if vote['vote']['is_block_valid']: + n_valid += 1 + else: + n_invalid += 1 + + return { + 'counts': { + 'n_valid': n_valid, + 'n_invalid': n_invalid, + 'n_agree_prev_block': prev_blocks.most_common()[0][1], + }, + 'cheat': cheat, + 'malformed': malformed, + } + + @classmethod + def decide_votes(cls, n_voters, n_valid, n_invalid, n_agree_prev_block): + """ + Decide on votes. + + To return VALID there must be a clear majority that say VALID + and also agree on the previous block. This is achieved using the > operator. + + A tie on an even number of votes counts as INVALID so the >= operator is + used. + """ + + # Check insane cases. This is basic, not exhaustive. + if n_valid + n_invalid > n_voters or n_agree_prev_block > n_voters: + raise ValueError('Arguments not sane: %s' % { + 'n_voters': n_voters, + 'n_valid': n_valid, + 'n_invalid': n_invalid, + 'n_agree_prev_block': n_agree_prev_block, + }) + + if n_invalid * 2 >= n_voters: + return INVALID + if n_valid * 2 > n_voters: + if n_agree_prev_block * 2 > n_voters: + return VALID + return INVALID + return UNDECIDED + + @classmethod + def verify_vote_signature(cls, vote): + """Verify the signature of a vote + + A valid vote should have been signed by a voter's private key. + + Args: + vote (list): voters of the block that is under election + + Returns: + bool: True if the signature is correct, False otherwise. + """ + signature = vote.get('signature') + pk_base58 = vote.get('node_pubkey') + + if not (type(signature) == str and type(pk_base58) == str): + raise ValueError("Malformed vote: %s" % vote) + + public_key = PublicKey(pk_base58) + body = serialize(signed_vote['vote']).encode() + return public_key.verify(body, signature) + + @classmethod + def verify_vote_schema(cls, vote): + # I'm not sure this is the correct approach. Maybe we should allow + # duck typing w/r/t votes. + try: + validate_vote_schema(vote) + return True + except SchemaValidationError: + return False diff --git a/tests/test_voting.py b/tests/test_voting.py index 33be2fde..2d7b723f 100644 --- a/tests/test_voting.py +++ b/tests/test_voting.py @@ -1,33 +1,36 @@ import pytest +from unittest.mock import patch from bigchaindb.core import Bigchain -from bigchaindb.voting import (count_votes, partition_eligible_votes, - decide_votes, INVALID, VALID, UNDECIDED) +from bigchaindb.voting import Voting, INVALID, VALID, UNDECIDED ################################################################################ # Tests for checking vote eligibility -def test_partition_eligible_votes(): +@patch('bigchaindb.voting.Voting.verify_vote_signature') +def test_partition_eligible_votes(_): nodes = list(map(Bigchain, 'abc')) votes = [n.vote('block', 'a', True) for n in nodes] - el, inel = partition_eligible_votes(votes, 'abc', lambda _: True) + el, inel = Voting.partition_eligible_votes(votes, 'abc') assert el == votes assert inel == [] -def test_count_votes(): +@patch('bigchaindb.voting.Voting.verify_vote_schema') +def test_count_votes(_): nodes = list(map(Bigchain, 'abc')) + votes = [n.vote('block', 'a', True) for n in nodes] - assert count_votes(votes) == ({ + assert Voting.count_votes(votes)['counts'] == { 'n_valid': 3, 'n_invalid': 0, 'n_agree_prev_block': 3 - }, {}) + } ################################################################################ @@ -53,26 +56,29 @@ DECISION_TESTS = [dict( def test_decide_votes_valid(kwargs): kwargs = kwargs.copy() kwargs['n_invalid'] = 0 - assert decide_votes(**kwargs) == VALID + assert Voting.decide_votes(**kwargs) == VALID kwargs['n_agree_prev_block'] -= 1 - assert decide_votes(**kwargs) == INVALID + assert Voting.decide_votes(**kwargs) == INVALID kwargs['n_valid'] -= 1 - assert decide_votes(**kwargs) == UNDECIDED + assert Voting.decide_votes(**kwargs) == UNDECIDED @pytest.mark.parametrize('kwargs', DECISION_TESTS) def test_decide_votes_invalid(kwargs): kwargs = kwargs.copy() kwargs['n_valid'] = 0 - assert decide_votes(**kwargs) == INVALID + assert Voting.decide_votes(**kwargs) == INVALID kwargs['n_invalid'] -= 1 - assert decide_votes(**kwargs) == UNDECIDED + assert Voting.decide_votes(**kwargs) == UNDECIDED def test_decide_votes_checks_arguments(): with pytest.raises(ValueError): - decide_votes(n_voters=1, n_valid=2, n_invalid=0, n_agree_prev_block=0) + Voting.decide_votes(n_voters=1, n_valid=2, n_invalid=0, + n_agree_prev_block=0) with pytest.raises(ValueError): - decide_votes(n_voters=1, n_valid=0, n_invalid=2, n_agree_prev_block=0) + Voting.decide_votes(n_voters=1, n_valid=0, n_invalid=2, + n_agree_prev_block=0) with pytest.raises(ValueError): - decide_votes(n_voters=1, n_valid=0, n_invalid=0, n_agree_prev_block=2) + Voting.decide_votes(n_voters=1, n_valid=0, n_invalid=0, + n_agree_prev_block=2) From c68856bc431d5d4d9989c657052f5675aac089d0 Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Thu, 23 Feb 2017 18:23:19 +0100 Subject: [PATCH 006/283] voting schema validate --- bigchaindb/voting.py | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/bigchaindb/voting.py b/bigchaindb/voting.py index dcef47b6..62eb27ee 100644 --- a/bigchaindb/voting.py +++ b/bigchaindb/voting.py @@ -32,7 +32,7 @@ class Voting: eligible_votes, ineligible_votes = \ cls.partition_eligible_votes(votes, eligible_voters) results = cls.count_votes(eligible_votes) - results['status'] = decide_votes(results['counts']) + results['status'] = cls.decide_votes(results['counts']) results['ineligible'] = ineligible_votes return results @@ -46,10 +46,15 @@ class Voting: for vote in votes: voter_eligible = vote.get('node_pubkey') in eligible_voters - if voter_eligible and cls.verify_vote_signature(vote): - eligible.append(vote) - else: - ineligible.append(vote) + if voter_eligible: + try: + cls.verify_vote_signature(vote) + except ValueError: + pass + else: + eligible.append(vote) + continue + ineligible.append(vote) return eligible, ineligible @@ -150,10 +155,10 @@ class Voting: pk_base58 = vote.get('node_pubkey') if not (type(signature) == str and type(pk_base58) == str): - raise ValueError("Malformed vote: %s" % vote) + raise ValueError('Malformed vote: %s' % vote) public_key = PublicKey(pk_base58) - body = serialize(signed_vote['vote']).encode() + body = serialize(vote['vote']).encode() return public_key.verify(body, signature) @classmethod From 7fd1de696c539da2057861a3a764486425aaebe4 Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Thu, 23 Feb 2017 18:31:40 +0100 Subject: [PATCH 007/283] move voting logic out of block_election_status --- bigchaindb/consensus.py | 32 ++------------- bigchaindb/core.py | 89 ++++++----------------------------------- bigchaindb/utils.py | 27 ------------- 3 files changed, 15 insertions(+), 133 deletions(-) diff --git a/bigchaindb/consensus.py b/bigchaindb/consensus.py index 0e7dc4bd..a0672577 100644 --- a/bigchaindb/consensus.py +++ b/bigchaindb/consensus.py @@ -1,11 +1,4 @@ -import logging - -from bigchaindb.utils import verify_vote_signature -from bigchaindb.common.schema import (SchemaValidationError, - validate_vote_schema) - - -logger = logging.getLogger(__name__) +from bigchaindb.voting import Voting class BaseConsensusRules(): @@ -16,34 +9,15 @@ class BaseConsensusRules(): All methods listed below must be implemented. """ + voting = Voting @staticmethod def validate_transaction(bigchain, transaction): """See :meth:`bigchaindb.models.Transaction.validate` - for documentation. - - """ + for documentation.""" return transaction.validate(bigchain) @staticmethod def validate_block(bigchain, block): """See :meth:`bigchaindb.models.Block.validate` for documentation.""" return block.validate(bigchain) - - @staticmethod - def verify_vote(voters, signed_vote): - """Verify the signature of a vote. - - Refer to the documentation of - :func:`bigchaindb.utils.verify_signature`. - """ - if verify_vote_signature(voters, signed_vote): - try: - validate_vote_schema(signed_vote) - return True - except SchemaValidationError as exc: - logger.warning(exc) - else: - logger.warning('Vote failed signature verification: ' - '%s with voters: %s', signed_vote, voters) - return False diff --git a/bigchaindb/core.py b/bigchaindb/core.py index b082eac4..d498a6d4 100644 --- a/bigchaindb/core.py +++ b/bigchaindb/core.py @@ -1,9 +1,6 @@ import random -import math -import collections from time import time -from itertools import compress from bigchaindb.common import crypto, exceptions from bigchaindb.common.utils import gen_timestamp, serialize from bigchaindb.common.transaction import TransactionLink @@ -203,8 +200,7 @@ class Bigchain(object): if include_status: if block: - status = self.block_election_status(block_id, - block['block']['voters']) + status = self.block_election_status(block) return block, status else: return block @@ -305,12 +301,8 @@ class Bigchain(object): blocks = backend.query.get_blocks_status_from_transaction(self.connection, txid) if blocks: # Determine the election status of each block - validity = { - block['id']: self.block_election_status( - block['id'], - block['block']['voters'] - ) for block in blocks - } + validity = {block['id']: self.block_election_status(block) + for block in blocks} # NOTE: If there are multiple valid blocks with this transaction, # something has gone wrong @@ -626,69 +618,12 @@ class Bigchain(object): # XXX: should this return instaces of Block? return backend.query.get_unvoted_blocks(self.connection, self.me) - def block_election_status(self, block_id, voters): - """Tally the votes on a block, and return the status: valid, invalid, or undecided.""" - - votes = list(backend.query.get_votes_by_block_id(self.connection, block_id)) - n_voters = len(voters) - - voter_counts = collections.Counter([vote['node_pubkey'] for vote in votes]) - for node in voter_counts: - if voter_counts[node] > 1: - raise exceptions.MultipleVotesError( - 'Block {block_id} has multiple votes ({n_votes}) from voting node {node_id}' - .format(block_id=block_id, n_votes=str(voter_counts[node]), node_id=node)) - - if len(votes) > n_voters: - raise exceptions.MultipleVotesError('Block {block_id} has {n_votes} votes cast, but only {n_voters} voters' - .format(block_id=block_id, n_votes=str(len(votes)), - n_voters=str(n_voters))) - - # vote_cast is the list of votes e.g. [True, True, False] - vote_cast = [vote['vote']['is_block_valid'] for vote in votes] - # prev_block are the ids of the nominal prev blocks e.g. - # ['block1_id', 'block1_id', 'block2_id'] - prev_block = [vote['vote']['previous_block'] for vote in votes] - # vote_validity checks whether a vote is valid - # or invalid, e.g. [False, True, True] - vote_validity = [self.consensus.verify_vote(voters, vote) for vote in votes] - - # element-wise product of stated vote and validity of vote - # vote_cast = [True, True, False] and - # vote_validity = [False, True, True] gives - # [True, False] - # Only the correctly signed votes are tallied. - vote_list = list(compress(vote_cast, vote_validity)) - - # Total the votes. Here, valid and invalid refer - # to the vote cast, not whether the vote itself - # is valid or invalid. - n_valid_votes = sum(vote_list) - n_invalid_votes = len(vote_cast) - n_valid_votes - - # The use of ceiling and floor is to account for the case of an - # even number of voters where half the voters have voted 'invalid' - # and half 'valid'. In this case, the block should be marked invalid - # to avoid a tie. In the case of an odd number of voters this is not - # relevant, since one side must be a majority. - if n_invalid_votes >= math.ceil(n_voters / 2): - return Bigchain.BLOCK_INVALID - elif n_valid_votes > math.floor(n_voters / 2): - # The block could be valid, but we still need to check if votes - # agree on the previous block. - # - # First, only consider blocks with legitimate votes - prev_block_list = list(compress(prev_block, vote_validity)) - # Next, only consider the blocks with 'yes' votes - prev_block_valid_list = list(compress(prev_block_list, vote_list)) - counts = collections.Counter(prev_block_valid_list) - # Make sure the majority vote agrees on previous node. - # The majority vote must be the most common, by definition. - # If it's not, there is no majority agreement on the previous - # block. - if counts.most_common()[0][1] > math.floor(n_voters / 2): - return Bigchain.BLOCK_VALID - else: - return Bigchain.BLOCK_INVALID - else: - return Bigchain.BLOCK_UNDECIDED + def block_election_status(self, block): + """Tally the votes on a block, and return the status: + valid, invalid, or undecided.""" + votes = list(backend.query.get_votes_by_block_id(self.connection, + block.id)) + keyring = self.nodes_except_me + [self.me] + result = self.consensus.voting.block_election(block, votes, keyring) + # TODO: logging + return result['status'] diff --git a/bigchaindb/utils.py b/bigchaindb/utils.py index 1860dd3e..4d7177d9 100644 --- a/bigchaindb/utils.py +++ b/bigchaindb/utils.py @@ -3,9 +3,6 @@ import threading import queue import multiprocessing as mp -from bigchaindb.common import crypto -from bigchaindb.common.utils import serialize - class ProcessGroup(object): @@ -116,30 +113,6 @@ def condition_details_has_owner(condition_details, owner): return False -def verify_vote_signature(voters, signed_vote): - """Verify the signature of a vote - - A valid vote should have been signed by a voter's private key. - - Args: - voters (list): voters of the block that is under election - signed_vote (dict): a vote with the `signature` included. - - Returns: - bool: True if the signature is correct, False otherwise. - """ - - signature = signed_vote['signature'] - pk_base58 = signed_vote['node_pubkey'] - - # immediately return False if the voter is not in the block voter list - if pk_base58 not in voters: - return False - - public_key = crypto.PublicKey(pk_base58) - return public_key.verify(serialize(signed_vote['vote']).encode(), signature) - - def is_genesis_block(block): """Check if the block is the genesis block. From ff7e4d11d1d05ec247f569e07202d00bc99761a1 Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Thu, 23 Feb 2017 18:56:39 +0100 Subject: [PATCH 008/283] remove test from test_core.py which is just wrong --- tests/test_core.py | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/tests/test_core.py b/tests/test_core.py index 6bcabdc9..d21e630d 100644 --- a/tests/test_core.py +++ b/tests/test_core.py @@ -80,16 +80,6 @@ def test_get_blocks_status_containing_tx(monkeypatch): bigchain.get_blocks_status_containing_tx('txid') -def test_has_previous_vote(monkeypatch): - from bigchaindb.core import Bigchain - monkeypatch.setattr( - 'bigchaindb.utils.verify_vote_signature', lambda voters, vote: False) - bigchain = Bigchain(public_key='pubkey', private_key='privkey') - block = {'votes': ({'node_pubkey': 'pubkey'},)} - with pytest.raises(Exception): - bigchain.has_previous_vote(block) - - @pytest.mark.parametrize('exists', (True, False)) def test_transaction_exists(monkeypatch, exists): from bigchaindb.core import Bigchain From 89e76ffec206b670aef249af8784f6ab1b943711 Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Thu, 23 Feb 2017 19:25:53 +0100 Subject: [PATCH 009/283] fix tests, temporarily disabling some tests that need to be re-written --- bigchaindb/core.py | 33 ++++++------ bigchaindb/pipelines/election.py | 3 +- bigchaindb/pipelines/vote.py | 3 +- bigchaindb/voting.py | 9 ++-- tests/db/test_bigchain_api.py | 43 ++------------- tests/pipelines/test_election.py | 4 +- tests/test_consensus.py | 40 -------------- tests/test_voting.py | 89 ++++++++++++++++++++++++++++++++ tests/web/test_statuses.py | 6 +-- 9 files changed, 124 insertions(+), 106 deletions(-) diff --git a/bigchaindb/core.py b/bigchaindb/core.py index d498a6d4..5186b7f2 100644 --- a/bigchaindb/core.py +++ b/bigchaindb/core.py @@ -486,12 +486,11 @@ class Bigchain(object): """ return self.consensus.validate_block(self, block) - def has_previous_vote(self, block_id, voters): + def has_previous_vote(self, block_id): """Check for previous votes from this node Args: block_id (str): the id of the block to check - voters (list(str)): the voters of the block to check Returns: bool: :const:`True` if this block already has a @@ -507,15 +506,14 @@ class Bigchain(object): if len(votes) > 1: raise exceptions.MultipleVotesError('Block {block_id} has {n_votes} votes from public key {me}' .format(block_id=block_id, n_votes=str(len(votes)), me=self.me)) - has_previous_vote = False - if votes: - if utils.verify_vote_signature(voters, votes[0]): - has_previous_vote = True - else: - raise exceptions.ImproperVoteError('Block {block_id} already has an incorrectly signed vote ' - 'from public key {me}'.format(block_id=block_id, me=self.me)) + if len(votes) < 1: + return False - return has_previous_vote + if self.consensus.voting.verify_vote_signature(votes[0]): + return True + else: + raise exceptions.ImproperVoteError('Block {block_id} already has an incorrectly signed vote ' + 'from public key {me}'.format(block_id=block_id, me=self.me)) def write_block(self, block): """Write a block to bigchain. @@ -618,12 +616,17 @@ class Bigchain(object): # XXX: should this return instaces of Block? return backend.query.get_unvoted_blocks(self.connection, self.me) - def block_election_status(self, block): - """Tally the votes on a block, and return the status: - valid, invalid, or undecided.""" + def block_election(self, block): + if type(block) != dict: + block = block.to_dict() votes = list(backend.query.get_votes_by_block_id(self.connection, - block.id)) + block['id'])) keyring = self.nodes_except_me + [self.me] result = self.consensus.voting.block_election(block, votes, keyring) # TODO: logging - return result['status'] + return result + + def block_election_status(self, block): + """Tally the votes on a block, and return the status: + valid, invalid, or undecided.""" + return self.block_election(block)['status'] diff --git a/bigchaindb/pipelines/election.py b/bigchaindb/pipelines/election.py index 850613a3..2e5efc3c 100644 --- a/bigchaindb/pipelines/election.py +++ b/bigchaindb/pipelines/election.py @@ -35,8 +35,7 @@ class Election: next_block = self.bigchain.get_block( next_vote['vote']['voting_for_block']) - block_status = self.bigchain.block_election_status(next_block['id'], - next_block['block']['voters']) + block_status = self.bigchain.block_election_status(next_block) if block_status == self.bigchain.BLOCK_INVALID: return Block.from_dict(next_block) diff --git a/bigchaindb/pipelines/vote.py b/bigchaindb/pipelines/vote.py index 8d4f4386..e055caac 100644 --- a/bigchaindb/pipelines/vote.py +++ b/bigchaindb/pipelines/vote.py @@ -57,8 +57,7 @@ class Vote: [([self.bigchain.me], 1)]) def validate_block(self, block): - if not self.bigchain.has_previous_vote(block['id'], - block['block']['voters']): + if not self.bigchain.has_previous_vote(block['id']): try: block = Block.from_dict(block) except (exceptions.InvalidHash): diff --git a/bigchaindb/voting.py b/bigchaindb/voting.py index 62eb27ee..bb39c517 100644 --- a/bigchaindb/voting.py +++ b/bigchaindb/voting.py @@ -28,11 +28,12 @@ class Voting: """ Calculate the election status of a block. """ - eligible_voters = set(block['voters']) & set(keyring) + eligible_voters = set(block['block']['voters']) & set(keyring) eligible_votes, ineligible_votes = \ cls.partition_eligible_votes(votes, eligible_voters) + n_voters = len(eligible_voters) results = cls.count_votes(eligible_votes) - results['status'] = cls.decide_votes(results['counts']) + results['status'] = cls.decide_votes(n_voters, **results['counts']) results['ineligible'] = ineligible_votes return results @@ -100,11 +101,13 @@ class Voting: else: n_invalid += 1 + n_prev = prev_blocks.most_common()[0][1] if prev_blocks else 0 + return { 'counts': { 'n_valid': n_valid, 'n_invalid': n_invalid, - 'n_agree_prev_block': prev_blocks.most_common()[0][1], + 'n_agree_prev_block': n_prev, }, 'cheat': cheat, 'malformed': malformed, diff --git a/tests/db/test_bigchain_api.py b/tests/db/test_bigchain_api.py index a530577b..2363f9e7 100644 --- a/tests/db/test_bigchain_api.py +++ b/tests/db/test_bigchain_api.py @@ -82,12 +82,12 @@ class TestBigchainApi(object): block = b.create_block([tx]) b.write_block(block) - assert b.has_previous_vote(block.id, block.voters) is False + assert b.has_previous_vote(block.id) is False vote = b.vote(block.id, b.get_last_voted_block().id, True) b.write_vote(vote) - assert b.has_previous_vote(block.id, block.voters) is True + assert b.has_previous_vote(block.id) is True @pytest.mark.genesis def test_get_spent_with_double_inclusion_detected(self, b, monkeypatch): @@ -428,43 +428,6 @@ class TestBigchainApi(object): assert retrieved_block_1 == retrieved_block_2 - @pytest.mark.genesis - def test_more_votes_than_voters(self, b): - from bigchaindb.common.exceptions import MultipleVotesError - - block_1 = dummy_block() - b.write_block(block_1) - # insert duplicate votes - vote_1 = b.vote(block_1.id, b.get_last_voted_block().id, True) - vote_2 = b.vote(block_1.id, b.get_last_voted_block().id, True) - vote_2['node_pubkey'] = 'aaaaaaa' - b.write_vote(vote_1) - b.write_vote(vote_2) - - with pytest.raises(MultipleVotesError) as excinfo: - b.block_election_status(block_1.id, block_1.voters) - assert excinfo.value.args[0] == 'Block {block_id} has {n_votes} votes cast, but only {n_voters} voters'\ - .format(block_id=block_1.id, n_votes=str(2), n_voters=str(1)) - - def test_multiple_votes_single_node(self, b, genesis_block): - from bigchaindb.common.exceptions import MultipleVotesError - - block_1 = dummy_block() - b.write_block(block_1) - # insert duplicate votes - for i in range(2): - b.write_vote(b.vote(block_1.id, genesis_block.id, True)) - - with pytest.raises(MultipleVotesError) as excinfo: - b.block_election_status(block_1.id, block_1.voters) - assert excinfo.value.args[0] == 'Block {block_id} has multiple votes ({n_votes}) from voting node {node_id}'\ - .format(block_id=block_1.id, n_votes=str(2), node_id=b.me) - - with pytest.raises(MultipleVotesError) as excinfo: - b.has_previous_vote(block_1.id, block_1.voters) - assert excinfo.value.args[0] == 'Block {block_id} has {n_votes} votes from public key {me}'\ - .format(block_id=block_1.id, n_votes=str(2), me=b.me) - @pytest.mark.genesis def test_improper_vote_error(selfs, b): from bigchaindb.common.exceptions import ImproperVoteError @@ -476,7 +439,7 @@ class TestBigchainApi(object): vote_1['signature'] = 'a' * 87 b.write_vote(vote_1) with pytest.raises(ImproperVoteError) as excinfo: - b.has_previous_vote(block_1.id, block_1.id) + b.has_previous_vote(block_1.id) assert excinfo.value.args[0] == 'Block {block_id} already has an incorrectly signed ' \ 'vote from public key {me}'.format(block_id=block_1.id, me=b.me) diff --git a/tests/pipelines/test_election.py b/tests/pipelines/test_election.py index 5cf6fc14..bb01b6d1 100644 --- a/tests/pipelines/test_election.py +++ b/tests/pipelines/test_election.py @@ -96,8 +96,10 @@ def test_check_for_quorum_valid(b, user_pk): for key_pair in key_pairs ] + keyring = e.bigchain.nodes_except_me = [key_pair[1] for key_pair in key_pairs] + # add voters to block and write - test_block.voters = [key_pair[1] for key_pair in key_pairs] + test_block.voters = keyring test_block = test_block.sign(b.me_private) b.write_block(test_block) diff --git a/tests/test_consensus.py b/tests/test_consensus.py index 7310f514..e69de29b 100644 --- a/tests/test_consensus.py +++ b/tests/test_consensus.py @@ -1,40 +0,0 @@ - -def test_verify_vote_passes(b, structurally_valid_vote): - from bigchaindb.consensus import BaseConsensusRules - from bigchaindb.common import crypto - from bigchaindb.common.utils import serialize - vote_body = structurally_valid_vote['vote'] - vote_data = serialize(vote_body) - signature = crypto.PrivateKey(b.me_private).sign(vote_data.encode()) - vote_signed = { - 'node_pubkey': b.me, - 'signature': signature.decode(), - 'vote': vote_body - } - assert BaseConsensusRules.verify_vote([b.me], vote_signed) - - -def test_verify_vote_fails_signature(b, structurally_valid_vote): - from bigchaindb.consensus import BaseConsensusRules - vote_body = structurally_valid_vote['vote'] - vote_signed = { - 'node_pubkey': b.me, - 'signature': 'a' * 86, - 'vote': vote_body - } - assert not BaseConsensusRules.verify_vote([b.me], vote_signed) - - -def test_verify_vote_fails_schema(b): - from bigchaindb.consensus import BaseConsensusRules - from bigchaindb.common import crypto - from bigchaindb.common.utils import serialize - vote_body = {} - vote_data = serialize(vote_body) - signature = crypto.PrivateKey(b.me_private).sign(vote_data.encode()) - vote_signed = { - 'node_pubkey': b.me, - 'signature': signature.decode(), - 'vote': vote_body - } - assert not BaseConsensusRules.verify_vote([b.me], vote_signed) diff --git a/tests/test_voting.py b/tests/test_voting.py index 2d7b723f..07f640fc 100644 --- a/tests/test_voting.py +++ b/tests/test_voting.py @@ -82,3 +82,92 @@ def test_decide_votes_checks_arguments(): with pytest.raises(ValueError): Voting.decide_votes(n_voters=1, n_valid=0, n_invalid=0, n_agree_prev_block=2) + + + +################################################################################ + +# DEBT + + + +def _test_verify_vote_passes(b, structurally_valid_vote): + from bigchaindb.consensus import BaseConsensusRules + from bigchaindb.common import crypto + from bigchaindb.common.utils import serialize + vote_body = structurally_valid_vote['vote'] + vote_data = serialize(vote_body) + signature = crypto.PrivateKey(b.me_private).sign(vote_data.encode()) + vote_signed = { + 'node_pubkey': b.me, + 'signature': signature.decode(), + 'vote': vote_body + } + assert BaseConsensusRules.verify_vote([b.me], vote_signed) + + +def _test_verify_vote_fails_signature(b, structurally_valid_vote): + from bigchaindb.consensus import BaseConsensusRules + vote_body = structurally_valid_vote['vote'] + vote_signed = { + 'node_pubkey': b.me, + 'signature': 'a' * 86, + 'vote': vote_body + } + assert not BaseConsensusRules.verify_vote([b.me], vote_signed) + + +def _test_verify_vote_fails_schema(b): + from bigchaindb.consensus import BaseConsensusRules + from bigchaindb.common import crypto + from bigchaindb.common.utils import serialize + vote_body = {} + vote_data = serialize(vote_body) + signature = crypto.PrivateKey(b.me_private).sign(vote_data.encode()) + vote_signed = { + 'node_pubkey': b.me, + 'signature': signature.decode(), + 'vote': vote_body + } + assert not BaseConsensusRules.verify_vote([b.me], vote_signed) + + +""" + @pytest.mark.genesis + def test_more_votes_than_voters(self, b): + from bigchaindb.common.exceptions import MultipleVotesError + + block_1 = dummy_block() + b.write_block(block_1) + # insert duplicate votes + vote_1 = b.vote(block_1.id, b.get_last_voted_block().id, True) + vote_2 = b.vote(block_1.id, b.get_last_voted_block().id, True) + vote_2['node_pubkey'] = 'aaaaaaa' + b.write_vote(vote_1) + b.write_vote(vote_2) + + with pytest.raises(MultipleVotesError) as excinfo: + b.block_election_status(block_1.id, block_1.voters) + assert excinfo.value.args[0] == 'Block {block_id} has {n_votes} votes cast, but only {n_voters} voters'\ + .format(block_id=block_1.id, n_votes=str(2), n_voters=str(1)) + + def test_multiple_votes_single_node(self, b, genesis_block): + from bigchaindb.common.exceptions import MultipleVotesError + + block_1 = dummy_block() + b.write_block(block_1) + # insert duplicate votes + for i in range(2): + b.write_vote(b.vote(block_1.id, genesis_block.id, True)) + + with pytest.raises(MultipleVotesError) as excinfo: + b.block_election_status(block_1.id, block_1.voters) + assert excinfo.value.args[0] == 'Block {block_id} has multiple votes ({n_votes}) from voting node {node_id}'\ + .format(block_id=block_1.id, n_votes=str(2), node_id=b.me) + + with pytest.raises(MultipleVotesError) as excinfo: + b.has_previous_vote(block_1.id) + assert excinfo.value.args[0] == 'Block {block_id} has {n_votes} votes from public key {me}'\ + .format(block_id=block_1.id, n_votes=str(2), me=b.me) + +""" diff --git a/tests/web/test_statuses.py b/tests/web/test_statuses.py index af9d09d3..716cc0d2 100644 --- a/tests/web/test_statuses.py +++ b/tests/web/test_statuses.py @@ -30,7 +30,7 @@ def test_get_block_status_endpoint_undecided(b, client): block = b.create_block([tx]) b.write_block(block) - status = b.block_election_status(block.id, block.voters) + status = b.block_election_status(block) res = client.get(STATUSES_ENDPOINT + '?block_id=' + block.id) assert status == res.json['status'] @@ -51,7 +51,7 @@ def test_get_block_status_endpoint_valid(b, client): vote = b.vote(block.id, b.get_last_voted_block().id, True) b.write_vote(vote) - status = b.block_election_status(block.id, block.voters) + status = b.block_election_status(block) res = client.get(STATUSES_ENDPOINT + '?block_id=' + block.id) assert status == res.json['status'] @@ -72,7 +72,7 @@ def test_get_block_status_endpoint_invalid(b, client): vote = b.vote(block.id, b.get_last_voted_block().id, False) b.write_vote(vote) - status = b.block_election_status(block.id, block.voters) + status = b.block_election_status(block) res = client.get(STATUSES_ENDPOINT + '?block_id=' + block.id) assert status == res.json['status'] From 1ff84bd670ad2b166cc7d57dbb2df2be2689285f Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Thu, 23 Feb 2017 21:10:12 +0100 Subject: [PATCH 010/283] test_partition_eligible_votes --- bigchaindb/voting.py | 7 +++---- tests/test_voting.py | 25 ++++++++++++++++++------- 2 files changed, 21 insertions(+), 11 deletions(-) diff --git a/bigchaindb/voting.py b/bigchaindb/voting.py index bb39c517..7962eec4 100644 --- a/bigchaindb/voting.py +++ b/bigchaindb/voting.py @@ -49,12 +49,11 @@ class Voting: voter_eligible = vote.get('node_pubkey') in eligible_voters if voter_eligible: try: - cls.verify_vote_signature(vote) + if cls.verify_vote_signature(vote): + eligible.append(vote) + continue except ValueError: pass - else: - eligible.append(vote) - continue ineligible.append(vote) return eligible, ineligible diff --git a/tests/test_voting.py b/tests/test_voting.py index 07f640fc..5f1a1069 100644 --- a/tests/test_voting.py +++ b/tests/test_voting.py @@ -9,15 +9,26 @@ from bigchaindb.voting import Voting, INVALID, VALID, UNDECIDED # Tests for checking vote eligibility -@patch('bigchaindb.voting.Voting.verify_vote_signature') -def test_partition_eligible_votes(_): - nodes = list(map(Bigchain, 'abc')) - votes = [n.vote('block', 'a', True) for n in nodes] +def test_partition_eligible_votes(): + class TestVoting(Voting): + @classmethod + def verify_vote_signature(cls, vote): + if vote['node_pubkey'] == 'invalid sig': + return False + if vote['node_pubkey'] == 'value error': + raise ValueError() + return True - el, inel = Voting.partition_eligible_votes(votes, 'abc') + voters = ['valid', 'invalid sig', 'value error', 'not in set'] + votes = [{'node_pubkey': k} for k in voters] - assert el == votes - assert inel == [] + el, inel = TestVoting.partition_eligible_votes(votes, voters[:-1]) + assert el == [votes[0]] + assert inel == votes[1:] + + +################################################################################ +# Test vote counting @patch('bigchaindb.voting.Voting.verify_vote_schema') From e88c98a695d12481eedd399647bc54da5ec96721 Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Thu, 23 Feb 2017 21:39:38 +0100 Subject: [PATCH 011/283] test_count_votes --- bigchaindb/voting.py | 2 +- tests/test_voting.py | 27 +++++++++++++++++++-------- 2 files changed, 20 insertions(+), 9 deletions(-) diff --git a/bigchaindb/voting.py b/bigchaindb/voting.py index 7962eec4..c5482e92 100644 --- a/bigchaindb/voting.py +++ b/bigchaindb/voting.py @@ -94,8 +94,8 @@ class Voting: n_invalid += 1 continue - prev_blocks[vote['vote']['previous_block']] += 1 if vote['vote']['is_block_valid']: + prev_blocks[vote['vote']['previous_block']] += 1 n_valid += 1 else: n_invalid += 1 diff --git a/tests/test_voting.py b/tests/test_voting.py index 5f1a1069..e70addf1 100644 --- a/tests/test_voting.py +++ b/tests/test_voting.py @@ -31,16 +31,27 @@ def test_partition_eligible_votes(): # Test vote counting -@patch('bigchaindb.voting.Voting.verify_vote_schema') -def test_count_votes(_): - nodes = list(map(Bigchain, 'abc')) +def test_count_votes(): + class TestVoting(Voting): + @classmethod + def verify_vote_schema(cls, vote): + return vote['node_pubkey'] != 'malformed' - votes = [n.vote('block', 'a', True) for n in nodes] + voters = ['cheat', 'cheat', 'says invalid', 'malformed'] + voters += ['kosher' + str(i) for i in range(10)] - assert Voting.count_votes(votes)['counts'] == { - 'n_valid': 3, - 'n_invalid': 0, - 'n_agree_prev_block': 3 + votes = [Bigchain(v).vote('block', 'a', True) for v in voters] + votes[2]['vote']['is_block_valid'] = False + votes[-1]['vote']['previous_block'] = 'z' + + assert TestVoting.count_votes(votes) == { + 'counts': { + 'n_valid': 10, + 'n_invalid': 3, + 'n_agree_prev_block': 9 + }, + 'cheat': [votes[:2]], + 'malformed': [votes[3]], } From c44c9d0282ae7c85b67f1dfb5517085e9e28593c Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Thu, 23 Feb 2017 21:52:59 +0100 Subject: [PATCH 012/283] tests for vote schema and signature validation --- bigchaindb/voting.py | 2 +- tests/test_voting.py | 62 ++++++++++++++------------------------------ 2 files changed, 21 insertions(+), 43 deletions(-) diff --git a/bigchaindb/voting.py b/bigchaindb/voting.py index c5482e92..21ce8195 100644 --- a/bigchaindb/voting.py +++ b/bigchaindb/voting.py @@ -170,5 +170,5 @@ class Voting: try: validate_vote_schema(vote) return True - except SchemaValidationError: + except SchemaValidationError as e: return False diff --git a/tests/test_voting.py b/tests/test_voting.py index e70addf1..cea34de0 100644 --- a/tests/test_voting.py +++ b/tests/test_voting.py @@ -106,52 +106,30 @@ def test_decide_votes_checks_arguments(): n_agree_prev_block=2) +################################################################################ +# Tests for vote signature + + +def test_verify_vote_signature_passes(b): + vote = b.vote('block', 'a', True) + assert Voting.verify_vote_signature(vote) + + +def test_verify_vote_signature_fails(b): + vote = b.vote('block', 'a', True) + vote['signature'] = '' + assert not Voting.verify_vote_signature(vote) + ################################################################################ - -# DEBT +# Tests for vote schema - -def _test_verify_vote_passes(b, structurally_valid_vote): - from bigchaindb.consensus import BaseConsensusRules - from bigchaindb.common import crypto - from bigchaindb.common.utils import serialize - vote_body = structurally_valid_vote['vote'] - vote_data = serialize(vote_body) - signature = crypto.PrivateKey(b.me_private).sign(vote_data.encode()) - vote_signed = { - 'node_pubkey': b.me, - 'signature': signature.decode(), - 'vote': vote_body - } - assert BaseConsensusRules.verify_vote([b.me], vote_signed) - - -def _test_verify_vote_fails_signature(b, structurally_valid_vote): - from bigchaindb.consensus import BaseConsensusRules - vote_body = structurally_valid_vote['vote'] - vote_signed = { - 'node_pubkey': b.me, - 'signature': 'a' * 86, - 'vote': vote_body - } - assert not BaseConsensusRules.verify_vote([b.me], vote_signed) - - -def _test_verify_vote_fails_schema(b): - from bigchaindb.consensus import BaseConsensusRules - from bigchaindb.common import crypto - from bigchaindb.common.utils import serialize - vote_body = {} - vote_data = serialize(vote_body) - signature = crypto.PrivateKey(b.me_private).sign(vote_data.encode()) - vote_signed = { - 'node_pubkey': b.me, - 'signature': signature.decode(), - 'vote': vote_body - } - assert not BaseConsensusRules.verify_vote([b.me], vote_signed) +def test_verify_vote_schema(b): + vote = b.vote('b' * 64, 'a' * 64, True) + assert Voting.verify_vote_schema(vote) + vote = b.vote('b', 'a', True) + assert not Voting.verify_vote_schema(vote) """ From e1312b88a396c6de610e325891f77da5e4e9774b Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Fri, 24 Feb 2017 10:04:24 +0100 Subject: [PATCH 013/283] Voting uses BigchainDBCritical --- bigchaindb/voting.py | 3 ++- tests/test_voting.py | 8 ++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/bigchaindb/voting.py b/bigchaindb/voting.py index 21ce8195..f8511644 100644 --- a/bigchaindb/voting.py +++ b/bigchaindb/voting.py @@ -1,4 +1,5 @@ import collections +from bigchaindb.backend.exceptions import BigchainDBCritical from bigchaindb.common.schema import SchemaValidationError, validate_vote_schema from bigchaindb.common.utils import serialize from bigchaindb.common.crypto import PublicKey @@ -126,7 +127,7 @@ class Voting: # Check insane cases. This is basic, not exhaustive. if n_valid + n_invalid > n_voters or n_agree_prev_block > n_voters: - raise ValueError('Arguments not sane: %s' % { + raise BigchainDBCritical('Arguments not sane: %s' % { 'n_voters': n_voters, 'n_valid': n_valid, 'n_invalid': n_invalid, diff --git a/tests/test_voting.py b/tests/test_voting.py index cea34de0..13822d6d 100644 --- a/tests/test_voting.py +++ b/tests/test_voting.py @@ -1,6 +1,6 @@ import pytest -from unittest.mock import patch +from bigchaindb.backend.exceptions import BigchainDBCritical from bigchaindb.core import Bigchain from bigchaindb.voting import Voting, INVALID, VALID, UNDECIDED @@ -95,13 +95,13 @@ def test_decide_votes_invalid(kwargs): def test_decide_votes_checks_arguments(): - with pytest.raises(ValueError): + with pytest.raises(BigchainDBCritical): Voting.decide_votes(n_voters=1, n_valid=2, n_invalid=0, n_agree_prev_block=0) - with pytest.raises(ValueError): + with pytest.raises(BigchainDBCritical): Voting.decide_votes(n_voters=1, n_valid=0, n_invalid=2, n_agree_prev_block=0) - with pytest.raises(ValueError): + with pytest.raises(BigchainDBCritical): Voting.decide_votes(n_voters=1, n_valid=0, n_invalid=0, n_agree_prev_block=2) From b5a1c90d63242b65c0a370824d39f9a3ecc7c53c Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Thu, 23 Feb 2017 12:07:38 +0100 Subject: [PATCH 014/283] voting.py --- bigchaindb/voting.py | 47 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 bigchaindb/voting.py diff --git a/bigchaindb/voting.py b/bigchaindb/voting.py new file mode 100644 index 00000000..0138e783 --- /dev/null +++ b/bigchaindb/voting.py @@ -0,0 +1,47 @@ +import collections + + +def filter_eligible_votes(votes, block_voters, keyring, check_signature): + """ + Filter votes from unknown nodes or nodes that are not listed on + block. Here is our sybill protection. + """ + eligible_voters = set(keyring) & set(block_voters) + eligible_votes = [] + + for vote in votes: + pubkey = vote['node_pubkey'] + voter_eligible = pubkey in eligible_voters + sig_legit = sig_is_legit(vote) + if voter_eligible and sig_legit: + eligible_votes[pubkey].append(vote) + + return eligible_votes + + +def count_votes(eligible_votes, check_schema): + by_voter = collections.defaultdict(list) + for vote in eligible_votes: + by_voter[vote['node_pubkey']].append(vote) + + n_valid = 0 + n_invalid = 0 + prev_blocks = collections.Counter() + + for pubkey, votes in by_voter.items(): + if len(votes) > 1 or not schema_is_correct(votes[0]): + n_invalid += 1 + continue + + vote = votes[0] + prev_blocks[vote['vote']['previous_block']] += 1 + if vote['vote']['is_block_valid']: + n_valid += 1 + else: + n_invalid += 1 + + return { + 'valid': n_valid, + 'invalid': n_invalid, + 'prev_block': prev_blocks.most_common()[0] + } From 4f997f60c0ad55af2570a77cb62abec0efb92409 Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Thu, 23 Feb 2017 15:08:06 +0100 Subject: [PATCH 015/283] flesh out voting module --- bigchaindb/voting.py | 84 +++++++++++++++++++++++++++++++++++--------- tests/test_voting.py | 61 ++++++++++++++++++++++++++++++++ 2 files changed, 129 insertions(+), 16 deletions(-) create mode 100644 tests/test_voting.py diff --git a/bigchaindb/voting.py b/bigchaindb/voting.py index 0138e783..159f631f 100644 --- a/bigchaindb/voting.py +++ b/bigchaindb/voting.py @@ -1,25 +1,41 @@ +""" +Everything to do with creating and checking votes. +All functions in this module should be referentially transparent, that is, +they always give the same output for a given input. This makes it easier +to test. +""" import collections -def filter_eligible_votes(votes, block_voters, keyring, check_signature): +def partition_eligible_votes(votes, eligible_voters, verify_vote_signature): """ Filter votes from unknown nodes or nodes that are not listed on - block. Here is our sybill protection. + block. This is the primary Sybill protection. """ - eligible_voters = set(keyring) & set(block_voters) - eligible_votes = [] + eligible, ineligible = ([], []) for vote in votes: - pubkey = vote['node_pubkey'] - voter_eligible = pubkey in eligible_voters - sig_legit = sig_is_legit(vote) - if voter_eligible and sig_legit: - eligible_votes[pubkey].append(vote) + voter_eligible = vote['node_pubkey'] in eligible_voters + if voter_eligible and verify_vote_signature(vote): + eligible.append(vote) + else: + ineligible.append(vote) - return eligible_votes + return eligible, ineligible -def count_votes(eligible_votes, check_schema): +def count_votes(eligible_votes): + """ + Given a list of eligible votes, (votes from known nodes that are listed + as voters), count the votes to produce three quantities: + + Number of votes that say valid + Number of votes that say invalid + Highest agreement on previous block ID + + Also, detect if there are multiple votes from a single node and return them + in a separate "cheat" dictionary. + """ by_voter = collections.defaultdict(list) for vote in eligible_votes: by_voter[vote['node_pubkey']].append(vote) @@ -27,9 +43,11 @@ def count_votes(eligible_votes, check_schema): n_valid = 0 n_invalid = 0 prev_blocks = collections.Counter() + cheat = {} for pubkey, votes in by_voter.items(): - if len(votes) > 1 or not schema_is_correct(votes[0]): + if len(votes) > 1: + cheat[pubkey] = votes n_invalid += 1 continue @@ -41,7 +59,41 @@ def count_votes(eligible_votes, check_schema): n_invalid += 1 return { - 'valid': n_valid, - 'invalid': n_invalid, - 'prev_block': prev_blocks.most_common()[0] - } + 'n_valid': n_valid, + 'n_invalid': n_invalid, + 'n_agree_prev_block': prev_blocks.most_common()[0][1] + }, cheat + + +def decide_votes(n_voters, n_valid, n_invalid, n_agree_prev_block): + """ + Decide on votes. + + To return VALID there must be a clear majority that say VALID + and also agree on the previous block. This is achieved using the > operator. + + A tie on an even number of votes counts as INVALID so the >= operator is + used. + """ + + # Check insane cases. This is basic, not exhaustive. + if n_valid + n_invalid > n_voters or n_agree_prev_block > n_voters: + raise ValueError('Arguments not sane: %s' % { + 'n_voters': n_voters, + 'n_valid': n_valid, + 'n_invalid': n_invalid, + 'n_agree_prev_block': n_agree_prev_block, + }) + + if n_invalid * 2 >= n_voters: + return INVALID + if n_valid * 2 > n_voters: + if n_agree_prev_block * 2 > n_voters: + return VALID + return INVALID + return UNDECIDED + + +INVALID = 'invalid' +VALID = TX_VALID = 'valid' +UNDECIDED = TX_UNDECIDED = 'undecided' diff --git a/tests/test_voting.py b/tests/test_voting.py new file mode 100644 index 00000000..67c5c284 --- /dev/null +++ b/tests/test_voting.py @@ -0,0 +1,61 @@ +import pytest + +from bigchaindb.core import Bigchain +from bigchaindb.voting import (count_votes, partition_eligible_votes, + decide_votes, INVALID, VALID, UNDECIDED) + + +def test_partition_eligible_votes(): + nodes = list(map(Bigchain, 'abc')) + votes = [n.vote('block', 'a', True) for n in nodes] + + el, inel = partition_eligible_votes(votes, 'abc', lambda _: True) + + assert el == votes + assert inel == [] + + +def test_count_votes(): + nodes = list(map(Bigchain, 'abc')) + votes = [n.vote('block', 'a', True) for n in nodes] + + assert count_votes(votes) == ({ + 'n_valid': 3, + 'n_invalid': 0, + 'n_agree_prev_block': 3 + }, {}) + + +DECISION_TESTS = [dict( + zip(['n_voters', 'n_valid', 'n_invalid', 'n_agree_prev_block'], t)) + for t in [ + (1, 1, 1, 1), + (2, 2, 1, 2), + (3, 2, 2, 2), + (4, 3, 2, 3), + (5, 3, 3, 3), + (6, 4, 3, 4), + (7, 4, 4, 4), + (8, 5, 4, 5), + ] +] + + +@pytest.mark.parametrize('kwargs', DECISION_TESTS) +def test_decide_votes_valid(kwargs): + kwargs = kwargs.copy() + kwargs['n_invalid'] = 0 + assert decide_votes(**kwargs) == VALID + kwargs['n_agree_prev_block'] -= 1 + assert decide_votes(**kwargs) == INVALID + kwargs['n_valid'] -= 1 + assert decide_votes(**kwargs) == UNDECIDED + + +@pytest.mark.parametrize('kwargs', DECISION_TESTS) +def test_decide_votes_invalid(kwargs): + kwargs = kwargs.copy() + kwargs['n_valid'] = 0 + assert decide_votes(**kwargs) == INVALID + kwargs['n_invalid'] -= 1 + assert decide_votes(**kwargs) == UNDECIDED From f8a7123f0a2937e56db8f6cf27a766a578b791f4 Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Thu, 23 Feb 2017 17:29:46 +0100 Subject: [PATCH 016/283] check count_votes invalid input --- bigchaindb/voting.py | 10 +++++----- tests/test_voting.py | 17 +++++++++++++++++ 2 files changed, 22 insertions(+), 5 deletions(-) diff --git a/bigchaindb/voting.py b/bigchaindb/voting.py index 159f631f..af12f691 100644 --- a/bigchaindb/voting.py +++ b/bigchaindb/voting.py @@ -7,6 +7,11 @@ to test. import collections +VALID = 'valid' +INVALID = 'invalid' +UNDECIDED = 'undecided' + + def partition_eligible_votes(votes, eligible_voters, verify_vote_signature): """ Filter votes from unknown nodes or nodes that are not listed on @@ -92,8 +97,3 @@ def decide_votes(n_voters, n_valid, n_invalid, n_agree_prev_block): return VALID return INVALID return UNDECIDED - - -INVALID = 'invalid' -VALID = TX_VALID = 'valid' -UNDECIDED = TX_UNDECIDED = 'undecided' diff --git a/tests/test_voting.py b/tests/test_voting.py index 67c5c284..33be2fde 100644 --- a/tests/test_voting.py +++ b/tests/test_voting.py @@ -5,6 +5,10 @@ from bigchaindb.voting import (count_votes, partition_eligible_votes, decide_votes, INVALID, VALID, UNDECIDED) +################################################################################ +# Tests for checking vote eligibility + + def test_partition_eligible_votes(): nodes = list(map(Bigchain, 'abc')) votes = [n.vote('block', 'a', True) for n in nodes] @@ -26,6 +30,10 @@ def test_count_votes(): }, {}) +################################################################################ +# Tests for vote decision making + + DECISION_TESTS = [dict( zip(['n_voters', 'n_valid', 'n_invalid', 'n_agree_prev_block'], t)) for t in [ @@ -59,3 +67,12 @@ def test_decide_votes_invalid(kwargs): assert decide_votes(**kwargs) == INVALID kwargs['n_invalid'] -= 1 assert decide_votes(**kwargs) == UNDECIDED + + +def test_decide_votes_checks_arguments(): + with pytest.raises(ValueError): + decide_votes(n_voters=1, n_valid=2, n_invalid=0, n_agree_prev_block=0) + with pytest.raises(ValueError): + decide_votes(n_voters=1, n_valid=0, n_invalid=2, n_agree_prev_block=0) + with pytest.raises(ValueError): + decide_votes(n_voters=1, n_valid=0, n_invalid=0, n_agree_prev_block=2) From d73134e6c3950371c3c102b4ddb5246d2b09d1ff Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Thu, 23 Feb 2017 17:58:08 +0100 Subject: [PATCH 017/283] Static Classify Voting --- bigchaindb/voting.py | 238 +++++++++++++++++++++++++++---------------- tests/test_voting.py | 36 ++++--- 2 files changed, 174 insertions(+), 100 deletions(-) diff --git a/bigchaindb/voting.py b/bigchaindb/voting.py index af12f691..dcef47b6 100644 --- a/bigchaindb/voting.py +++ b/bigchaindb/voting.py @@ -1,10 +1,7 @@ -""" -Everything to do with creating and checking votes. -All functions in this module should be referentially transparent, that is, -they always give the same output for a given input. This makes it easier -to test. -""" import collections +from bigchaindb.common.schema import SchemaValidationError, validate_vote_schema +from bigchaindb.common.utils import serialize +from bigchaindb.common.crypto import PublicKey VALID = 'valid' @@ -12,88 +9,159 @@ INVALID = 'invalid' UNDECIDED = 'undecided' -def partition_eligible_votes(votes, eligible_voters, verify_vote_signature): +class Voting: """ - Filter votes from unknown nodes or nodes that are not listed on - block. This is the primary Sybill protection. - """ - eligible, ineligible = ([], []) + Everything to do with creating and checking votes. - for vote in votes: - voter_eligible = vote['node_pubkey'] in eligible_voters - if voter_eligible and verify_vote_signature(vote): - eligible.append(vote) - else: - ineligible.append(vote) + All functions in this class should be referentially transparent, that is, + they always give the same output for a given input. This makes it easier + to test. This also means no logging! - return eligible, ineligible - - -def count_votes(eligible_votes): - """ - Given a list of eligible votes, (votes from known nodes that are listed - as voters), count the votes to produce three quantities: - - Number of votes that say valid - Number of votes that say invalid - Highest agreement on previous block ID - - Also, detect if there are multiple votes from a single node and return them - in a separate "cheat" dictionary. - """ - by_voter = collections.defaultdict(list) - for vote in eligible_votes: - by_voter[vote['node_pubkey']].append(vote) - - n_valid = 0 - n_invalid = 0 - prev_blocks = collections.Counter() - cheat = {} - - for pubkey, votes in by_voter.items(): - if len(votes) > 1: - cheat[pubkey] = votes - n_invalid += 1 - continue - - vote = votes[0] - prev_blocks[vote['vote']['previous_block']] += 1 - if vote['vote']['is_block_valid']: - n_valid += 1 - else: - n_invalid += 1 - - return { - 'n_valid': n_valid, - 'n_invalid': n_invalid, - 'n_agree_prev_block': prev_blocks.most_common()[0][1] - }, cheat - - -def decide_votes(n_voters, n_valid, n_invalid, n_agree_prev_block): - """ - Decide on votes. - - To return VALID there must be a clear majority that say VALID - and also agree on the previous block. This is achieved using the > operator. - - A tie on an even number of votes counts as INVALID so the >= operator is - used. + Assumptions regarding data: + * Vote is a dictionary, but it is not assumed that any properties are. + * Everything else is assumed to be structurally correct, otherwise errors + may be thrown. """ - # Check insane cases. This is basic, not exhaustive. - if n_valid + n_invalid > n_voters or n_agree_prev_block > n_voters: - raise ValueError('Arguments not sane: %s' % { - 'n_voters': n_voters, - 'n_valid': n_valid, - 'n_invalid': n_invalid, - 'n_agree_prev_block': n_agree_prev_block, - }) + @classmethod + def block_election(cls, block, votes, keyring): + """ + Calculate the election status of a block. + """ + eligible_voters = set(block['voters']) & set(keyring) + eligible_votes, ineligible_votes = \ + cls.partition_eligible_votes(votes, eligible_voters) + results = cls.count_votes(eligible_votes) + results['status'] = decide_votes(results['counts']) + results['ineligible'] = ineligible_votes + return results - if n_invalid * 2 >= n_voters: - return INVALID - if n_valid * 2 > n_voters: - if n_agree_prev_block * 2 > n_voters: - return VALID - return INVALID - return UNDECIDED + @classmethod + def partition_eligible_votes(cls, votes, eligible_voters): + """ + Filter votes from unknown nodes or nodes that are not listed on + block. This is the primary Sybill protection. + """ + eligible, ineligible = ([], []) + + for vote in votes: + voter_eligible = vote.get('node_pubkey') in eligible_voters + if voter_eligible and cls.verify_vote_signature(vote): + eligible.append(vote) + else: + ineligible.append(vote) + + return eligible, ineligible + + @classmethod + def count_votes(cls, eligible_votes): + """ + Given a list of eligible votes, (votes from known nodes that are listed + as voters), count the votes to produce three quantities: + + Number of votes that say valid + Number of votes that say invalid + Highest agreement on previous block ID + + Also, detect if there are multiple votes from a single node and return them + in a separate "cheat" dictionary. + """ + by_voter = collections.defaultdict(list) + for vote in eligible_votes: + by_voter[vote['node_pubkey']].append(vote) + + n_valid = 0 + n_invalid = 0 + prev_blocks = collections.Counter() + cheat = [] + malformed = [] + + for pubkey, votes in by_voter.items(): + if len(votes) > 1: + cheat.append(votes) + n_invalid += 1 + continue + + vote = votes[0] + + if not cls.verify_vote_schema(vote): + malformed.append(vote) + n_invalid += 1 + continue + + prev_blocks[vote['vote']['previous_block']] += 1 + if vote['vote']['is_block_valid']: + n_valid += 1 + else: + n_invalid += 1 + + return { + 'counts': { + 'n_valid': n_valid, + 'n_invalid': n_invalid, + 'n_agree_prev_block': prev_blocks.most_common()[0][1], + }, + 'cheat': cheat, + 'malformed': malformed, + } + + @classmethod + def decide_votes(cls, n_voters, n_valid, n_invalid, n_agree_prev_block): + """ + Decide on votes. + + To return VALID there must be a clear majority that say VALID + and also agree on the previous block. This is achieved using the > operator. + + A tie on an even number of votes counts as INVALID so the >= operator is + used. + """ + + # Check insane cases. This is basic, not exhaustive. + if n_valid + n_invalid > n_voters or n_agree_prev_block > n_voters: + raise ValueError('Arguments not sane: %s' % { + 'n_voters': n_voters, + 'n_valid': n_valid, + 'n_invalid': n_invalid, + 'n_agree_prev_block': n_agree_prev_block, + }) + + if n_invalid * 2 >= n_voters: + return INVALID + if n_valid * 2 > n_voters: + if n_agree_prev_block * 2 > n_voters: + return VALID + return INVALID + return UNDECIDED + + @classmethod + def verify_vote_signature(cls, vote): + """Verify the signature of a vote + + A valid vote should have been signed by a voter's private key. + + Args: + vote (list): voters of the block that is under election + + Returns: + bool: True if the signature is correct, False otherwise. + """ + signature = vote.get('signature') + pk_base58 = vote.get('node_pubkey') + + if not (type(signature) == str and type(pk_base58) == str): + raise ValueError("Malformed vote: %s" % vote) + + public_key = PublicKey(pk_base58) + body = serialize(signed_vote['vote']).encode() + return public_key.verify(body, signature) + + @classmethod + def verify_vote_schema(cls, vote): + # I'm not sure this is the correct approach. Maybe we should allow + # duck typing w/r/t votes. + try: + validate_vote_schema(vote) + return True + except SchemaValidationError: + return False diff --git a/tests/test_voting.py b/tests/test_voting.py index 33be2fde..2d7b723f 100644 --- a/tests/test_voting.py +++ b/tests/test_voting.py @@ -1,33 +1,36 @@ import pytest +from unittest.mock import patch from bigchaindb.core import Bigchain -from bigchaindb.voting import (count_votes, partition_eligible_votes, - decide_votes, INVALID, VALID, UNDECIDED) +from bigchaindb.voting import Voting, INVALID, VALID, UNDECIDED ################################################################################ # Tests for checking vote eligibility -def test_partition_eligible_votes(): +@patch('bigchaindb.voting.Voting.verify_vote_signature') +def test_partition_eligible_votes(_): nodes = list(map(Bigchain, 'abc')) votes = [n.vote('block', 'a', True) for n in nodes] - el, inel = partition_eligible_votes(votes, 'abc', lambda _: True) + el, inel = Voting.partition_eligible_votes(votes, 'abc') assert el == votes assert inel == [] -def test_count_votes(): +@patch('bigchaindb.voting.Voting.verify_vote_schema') +def test_count_votes(_): nodes = list(map(Bigchain, 'abc')) + votes = [n.vote('block', 'a', True) for n in nodes] - assert count_votes(votes) == ({ + assert Voting.count_votes(votes)['counts'] == { 'n_valid': 3, 'n_invalid': 0, 'n_agree_prev_block': 3 - }, {}) + } ################################################################################ @@ -53,26 +56,29 @@ DECISION_TESTS = [dict( def test_decide_votes_valid(kwargs): kwargs = kwargs.copy() kwargs['n_invalid'] = 0 - assert decide_votes(**kwargs) == VALID + assert Voting.decide_votes(**kwargs) == VALID kwargs['n_agree_prev_block'] -= 1 - assert decide_votes(**kwargs) == INVALID + assert Voting.decide_votes(**kwargs) == INVALID kwargs['n_valid'] -= 1 - assert decide_votes(**kwargs) == UNDECIDED + assert Voting.decide_votes(**kwargs) == UNDECIDED @pytest.mark.parametrize('kwargs', DECISION_TESTS) def test_decide_votes_invalid(kwargs): kwargs = kwargs.copy() kwargs['n_valid'] = 0 - assert decide_votes(**kwargs) == INVALID + assert Voting.decide_votes(**kwargs) == INVALID kwargs['n_invalid'] -= 1 - assert decide_votes(**kwargs) == UNDECIDED + assert Voting.decide_votes(**kwargs) == UNDECIDED def test_decide_votes_checks_arguments(): with pytest.raises(ValueError): - decide_votes(n_voters=1, n_valid=2, n_invalid=0, n_agree_prev_block=0) + Voting.decide_votes(n_voters=1, n_valid=2, n_invalid=0, + n_agree_prev_block=0) with pytest.raises(ValueError): - decide_votes(n_voters=1, n_valid=0, n_invalid=2, n_agree_prev_block=0) + Voting.decide_votes(n_voters=1, n_valid=0, n_invalid=2, + n_agree_prev_block=0) with pytest.raises(ValueError): - decide_votes(n_voters=1, n_valid=0, n_invalid=0, n_agree_prev_block=2) + Voting.decide_votes(n_voters=1, n_valid=0, n_invalid=0, + n_agree_prev_block=2) From d4af68a05d15ddffee9daed9a526857c1a05ef97 Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Thu, 23 Feb 2017 18:23:19 +0100 Subject: [PATCH 018/283] voting schema validate --- bigchaindb/voting.py | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/bigchaindb/voting.py b/bigchaindb/voting.py index dcef47b6..62eb27ee 100644 --- a/bigchaindb/voting.py +++ b/bigchaindb/voting.py @@ -32,7 +32,7 @@ class Voting: eligible_votes, ineligible_votes = \ cls.partition_eligible_votes(votes, eligible_voters) results = cls.count_votes(eligible_votes) - results['status'] = decide_votes(results['counts']) + results['status'] = cls.decide_votes(results['counts']) results['ineligible'] = ineligible_votes return results @@ -46,10 +46,15 @@ class Voting: for vote in votes: voter_eligible = vote.get('node_pubkey') in eligible_voters - if voter_eligible and cls.verify_vote_signature(vote): - eligible.append(vote) - else: - ineligible.append(vote) + if voter_eligible: + try: + cls.verify_vote_signature(vote) + except ValueError: + pass + else: + eligible.append(vote) + continue + ineligible.append(vote) return eligible, ineligible @@ -150,10 +155,10 @@ class Voting: pk_base58 = vote.get('node_pubkey') if not (type(signature) == str and type(pk_base58) == str): - raise ValueError("Malformed vote: %s" % vote) + raise ValueError('Malformed vote: %s' % vote) public_key = PublicKey(pk_base58) - body = serialize(signed_vote['vote']).encode() + body = serialize(vote['vote']).encode() return public_key.verify(body, signature) @classmethod From 62957499975b16c5105335dc5823e01127b100da Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Fri, 24 Feb 2017 10:12:26 +0100 Subject: [PATCH 019/283] pull in tests and fixes from integration branch --- bigchaindb/voting.py | 23 ++++++------ tests/test_voting.py | 86 ++++++++++++++++++++++++++++++++++---------- 2 files changed, 80 insertions(+), 29 deletions(-) diff --git a/bigchaindb/voting.py b/bigchaindb/voting.py index 62eb27ee..f8511644 100644 --- a/bigchaindb/voting.py +++ b/bigchaindb/voting.py @@ -1,4 +1,5 @@ import collections +from bigchaindb.backend.exceptions import BigchainDBCritical from bigchaindb.common.schema import SchemaValidationError, validate_vote_schema from bigchaindb.common.utils import serialize from bigchaindb.common.crypto import PublicKey @@ -28,11 +29,12 @@ class Voting: """ Calculate the election status of a block. """ - eligible_voters = set(block['voters']) & set(keyring) + eligible_voters = set(block['block']['voters']) & set(keyring) eligible_votes, ineligible_votes = \ cls.partition_eligible_votes(votes, eligible_voters) + n_voters = len(eligible_voters) results = cls.count_votes(eligible_votes) - results['status'] = cls.decide_votes(results['counts']) + results['status'] = cls.decide_votes(n_voters, **results['counts']) results['ineligible'] = ineligible_votes return results @@ -48,12 +50,11 @@ class Voting: voter_eligible = vote.get('node_pubkey') in eligible_voters if voter_eligible: try: - cls.verify_vote_signature(vote) + if cls.verify_vote_signature(vote): + eligible.append(vote) + continue except ValueError: pass - else: - eligible.append(vote) - continue ineligible.append(vote) return eligible, ineligible @@ -94,17 +95,19 @@ class Voting: n_invalid += 1 continue - prev_blocks[vote['vote']['previous_block']] += 1 if vote['vote']['is_block_valid']: + prev_blocks[vote['vote']['previous_block']] += 1 n_valid += 1 else: n_invalid += 1 + n_prev = prev_blocks.most_common()[0][1] if prev_blocks else 0 + return { 'counts': { 'n_valid': n_valid, 'n_invalid': n_invalid, - 'n_agree_prev_block': prev_blocks.most_common()[0][1], + 'n_agree_prev_block': n_prev, }, 'cheat': cheat, 'malformed': malformed, @@ -124,7 +127,7 @@ class Voting: # Check insane cases. This is basic, not exhaustive. if n_valid + n_invalid > n_voters or n_agree_prev_block > n_voters: - raise ValueError('Arguments not sane: %s' % { + raise BigchainDBCritical('Arguments not sane: %s' % { 'n_voters': n_voters, 'n_valid': n_valid, 'n_invalid': n_invalid, @@ -168,5 +171,5 @@ class Voting: try: validate_vote_schema(vote) return True - except SchemaValidationError: + except SchemaValidationError as e: return False diff --git a/tests/test_voting.py b/tests/test_voting.py index 2d7b723f..aa45e8d6 100644 --- a/tests/test_voting.py +++ b/tests/test_voting.py @@ -1,6 +1,6 @@ import pytest -from unittest.mock import patch +from bigchaindb.backend.exceptions import BigchainDBCritical from bigchaindb.core import Bigchain from bigchaindb.voting import Voting, INVALID, VALID, UNDECIDED @@ -9,27 +9,49 @@ from bigchaindb.voting import Voting, INVALID, VALID, UNDECIDED # Tests for checking vote eligibility -@patch('bigchaindb.voting.Voting.verify_vote_signature') -def test_partition_eligible_votes(_): - nodes = list(map(Bigchain, 'abc')) - votes = [n.vote('block', 'a', True) for n in nodes] +def test_partition_eligible_votes(): + class TestVoting(Voting): + @classmethod + def verify_vote_signature(cls, vote): + if vote['node_pubkey'] == 'invalid sig': + return False + if vote['node_pubkey'] == 'value error': + raise ValueError() + return True - el, inel = Voting.partition_eligible_votes(votes, 'abc') + voters = ['valid', 'invalid sig', 'value error', 'not in set'] + votes = [{'node_pubkey': k} for k in voters] - assert el == votes - assert inel == [] + el, inel = TestVoting.partition_eligible_votes(votes, voters[:-1]) + assert el == [votes[0]] + assert inel == votes[1:] -@patch('bigchaindb.voting.Voting.verify_vote_schema') -def test_count_votes(_): - nodes = list(map(Bigchain, 'abc')) +################################################################################ +# Test vote counting - votes = [n.vote('block', 'a', True) for n in nodes] - assert Voting.count_votes(votes)['counts'] == { - 'n_valid': 3, - 'n_invalid': 0, - 'n_agree_prev_block': 3 +def test_count_votes(): + class TestVoting(Voting): + @classmethod + def verify_vote_schema(cls, vote): + return vote['node_pubkey'] != 'malformed' + + voters = ['cheat', 'cheat', 'says invalid', 'malformed'] + voters += ['kosher' + str(i) for i in range(10)] + + votes = [Bigchain(v).vote('block', 'a', True) for v in voters] + votes[2]['vote']['is_block_valid'] = False + votes[-1]['vote']['previous_block'] = 'z' + + assert TestVoting.count_votes(votes) == { + 'counts': { + 'n_valid': 10, + 'n_invalid': 3, + 'n_agree_prev_block': 9 + }, + 'cheat': [votes[:2]], + 'malformed': [votes[3]], } @@ -73,12 +95,38 @@ def test_decide_votes_invalid(kwargs): def test_decide_votes_checks_arguments(): - with pytest.raises(ValueError): + with pytest.raises(BigchainDBCritical): Voting.decide_votes(n_voters=1, n_valid=2, n_invalid=0, n_agree_prev_block=0) - with pytest.raises(ValueError): + with pytest.raises(BigchainDBCritical): Voting.decide_votes(n_voters=1, n_valid=0, n_invalid=2, n_agree_prev_block=0) - with pytest.raises(ValueError): + with pytest.raises(BigchainDBCritical): Voting.decide_votes(n_voters=1, n_valid=0, n_invalid=0, n_agree_prev_block=2) + + +################################################################################ +# Tests for vote signature + + +def test_verify_vote_signature_passes(b): + vote = b.vote('block', 'a', True) + assert Voting.verify_vote_signature(vote) + + +def test_verify_vote_signature_fails(b): + vote = b.vote('block', 'a', True) + vote['signature'] = '' + assert not Voting.verify_vote_signature(vote) + + +################################################################################ +# Tests for vote schema + + +def test_verify_vote_schema(b): + vote = b.vote('b' * 64, 'a' * 64, True) + assert Voting.verify_vote_schema(vote) + vote = b.vote('b', 'a', True) + assert not Voting.verify_vote_schema(vote) From f860753192bb76ba2584a431813fd915fe96846e Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Fri, 24 Feb 2017 10:43:30 +0100 Subject: [PATCH 020/283] test for block_election --- tests/test_voting.py | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/tests/test_voting.py b/tests/test_voting.py index aa45e8d6..ea61fa6a 100644 --- a/tests/test_voting.py +++ b/tests/test_voting.py @@ -130,3 +130,35 @@ def test_verify_vote_schema(b): assert Voting.verify_vote_schema(vote) vote = b.vote('b', 'a', True) assert not Voting.verify_vote_schema(vote) + + +################################################################################ +# block_election tests +# A more thorough test will follow as part of #1217 + + +def test_block_election(b): + + class TestVoting(Voting): + @classmethod + def verify_vote_signature(cls, vote): + return True + + @classmethod + def verify_vote_schema(cls, vote): + return True + + keyring = 'abc' + block = {'block': {'voters': 'ab'}} + votes = [{ + 'node_pubkey': c, + 'vote': {'is_block_valid': True, 'previous_block': 'a'} + } for c in 'abc'] + + assert TestVoting.block_election(block, votes, keyring) == { + 'status': VALID, + 'counts': {'n_agree_prev_block': 2, 'n_valid': 2, 'n_invalid': 0}, + 'ineligible': [votes[-1]], + 'cheat': [], + 'malformed': [], + } From ae8367c6c7f02b545a74574f746d626fb961dc48 Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Fri, 24 Feb 2017 13:27:48 +0100 Subject: [PATCH 021/283] log election results in election pipeline --- bigchaindb/core.py | 1 - bigchaindb/pipelines/election.py | 25 +++++++++++++++++++++---- bigchaindb/voting.py | 1 + tests/test_voting.py | 3 ++- 4 files changed, 24 insertions(+), 6 deletions(-) diff --git a/bigchaindb/core.py b/bigchaindb/core.py index 5186b7f2..1f82fd78 100644 --- a/bigchaindb/core.py +++ b/bigchaindb/core.py @@ -623,7 +623,6 @@ class Bigchain(object): block['id'])) keyring = self.nodes_except_me + [self.me] result = self.consensus.voting.block_election(block, votes, keyring) - # TODO: logging return result def block_election_status(self, block): diff --git a/bigchaindb/pipelines/election.py b/bigchaindb/pipelines/election.py index 2e5efc3c..8e080183 100644 --- a/bigchaindb/pipelines/election.py +++ b/bigchaindb/pipelines/election.py @@ -16,6 +16,7 @@ from bigchaindb import Bigchain logger = logging.getLogger(__name__) +logger_results = logging.getLogger('pipeline.election.results') class Election: @@ -32,13 +33,29 @@ class Election: next_vote: The next vote. """ - next_block = self.bigchain.get_block( - next_vote['vote']['voting_for_block']) + try: + block_id = next_vote['vote']['voting_for_block'] + node = next_vote['node_pubkey'] + except IndexError: + return - block_status = self.bigchain.block_election_status(next_block) - if block_status == self.bigchain.BLOCK_INVALID: + next_block = self.bigchain.get_block(block_id) + + result = self.bigchain.block_election_status(next_block) + if result['status'] == self.bigchain.BLOCK_INVALID: return Block.from_dict(next_block) + # Log the result + if result['status'] != self.bigchain.BLOCK_UNDECIDED: + msg = 'node:%s block:%s status:%s' % \ + (node, block_id, result['status']) + # Extra data can be accessed via the log formatter. + # See logging.dictConfig. + logger_results.debug(msg, extra={ + 'current_vote': next_vote, + 'election_result': result, + }) + def requeue_transactions(self, invalid_block): """ Liquidates transactions from invalid blocks so they can be processed again diff --git a/bigchaindb/voting.py b/bigchaindb/voting.py index f8511644..3b36303f 100644 --- a/bigchaindb/voting.py +++ b/bigchaindb/voting.py @@ -34,6 +34,7 @@ class Voting: cls.partition_eligible_votes(votes, eligible_voters) n_voters = len(eligible_voters) results = cls.count_votes(eligible_votes) + results['block_id'] = block['id'] results['status'] = cls.decide_votes(n_voters, **results['counts']) results['ineligible'] = ineligible_votes return results diff --git a/tests/test_voting.py b/tests/test_voting.py index ea61fa6a..8fa72ca2 100644 --- a/tests/test_voting.py +++ b/tests/test_voting.py @@ -149,7 +149,7 @@ def test_block_election(b): return True keyring = 'abc' - block = {'block': {'voters': 'ab'}} + block = {'id': 'xyz', 'block': {'voters': 'ab'}} votes = [{ 'node_pubkey': c, 'vote': {'is_block_valid': True, 'previous_block': 'a'} @@ -157,6 +157,7 @@ def test_block_election(b): assert TestVoting.block_election(block, votes, keyring) == { 'status': VALID, + 'block_id': 'xyz', 'counts': {'n_agree_prev_block': 2, 'n_valid': 2, 'n_invalid': 0}, 'ineligible': [votes[-1]], 'cheat': [], From f858fc8f8d006176e39c264717021609f7d4079d Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Sat, 25 Feb 2017 10:21:40 +0100 Subject: [PATCH 022/283] fix voting bug with prev_block --- bigchaindb/voting.py | 53 +++++++------- tests/test_voting.py | 167 ++++++++++++++++++++++++++----------------- 2 files changed, 127 insertions(+), 93 deletions(-) diff --git a/bigchaindb/voting.py b/bigchaindb/voting.py index f8511644..67741bb5 100644 --- a/bigchaindb/voting.py +++ b/bigchaindb/voting.py @@ -1,5 +1,5 @@ import collections -from bigchaindb.backend.exceptions import BigchainDBCritical + from bigchaindb.common.schema import SchemaValidationError, validate_vote_schema from bigchaindb.common.utils import serialize from bigchaindb.common.crypto import PublicKey @@ -56,31 +56,30 @@ class Voting: except ValueError: pass ineligible.append(vote) - return eligible, ineligible @classmethod def count_votes(cls, eligible_votes): """ Given a list of eligible votes, (votes from known nodes that are listed - as voters), count the votes to produce three quantities: + as voters), produce the number that say valid and the number that say + invalid. - Number of votes that say valid - Number of votes that say invalid - Highest agreement on previous block ID - - Also, detect if there are multiple votes from a single node and return them - in a separate "cheat" dictionary. + * Detect if there are multiple votes from a single node and return them + in a separate "cheat" dictionary. + * Votes must agree on previous block, otherwise they become invalid. """ - by_voter = collections.defaultdict(list) - for vote in eligible_votes: - by_voter[vote['node_pubkey']].append(vote) - n_valid = 0 n_invalid = 0 prev_blocks = collections.Counter() cheat = [] malformed = [] + prev_block = None + + # Group by pubkey to detect duplicate voting + by_voter = collections.defaultdict(list) + for vote in eligible_votes: + by_voter[vote['node_pubkey']].append(vote) for pubkey, votes in by_voter.items(): if len(votes) > 1: @@ -101,20 +100,28 @@ class Voting: else: n_invalid += 1 - n_prev = prev_blocks.most_common()[0][1] if prev_blocks else 0 + # Neutralise difference between valid block and previous block, + # so that nodes must agree on previous block + if n_valid: + prev_block, n_prev = prev_blocks.most_common()[0] + del prev_blocks[prev_block] + diff = n_valid - n_prev + n_valid -= diff + n_invalid += diff return { 'counts': { 'n_valid': n_valid, 'n_invalid': n_invalid, - 'n_agree_prev_block': n_prev, }, 'cheat': cheat, 'malformed': malformed, + 'previous_block': prev_block, + 'other_previous_block': dict(prev_blocks), } @classmethod - def decide_votes(cls, n_voters, n_valid, n_invalid, n_agree_prev_block): + def decide_votes(cls, n_voters, n_valid, n_invalid): """ Decide on votes. @@ -124,22 +131,10 @@ class Voting: A tie on an even number of votes counts as INVALID so the >= operator is used. """ - - # Check insane cases. This is basic, not exhaustive. - if n_valid + n_invalid > n_voters or n_agree_prev_block > n_voters: - raise BigchainDBCritical('Arguments not sane: %s' % { - 'n_voters': n_voters, - 'n_valid': n_valid, - 'n_invalid': n_invalid, - 'n_agree_prev_block': n_agree_prev_block, - }) - if n_invalid * 2 >= n_voters: return INVALID if n_valid * 2 > n_voters: - if n_agree_prev_block * 2 > n_voters: - return VALID - return INVALID + return VALID return UNDECIDED @classmethod diff --git a/tests/test_voting.py b/tests/test_voting.py index ea61fa6a..404f4c93 100644 --- a/tests/test_voting.py +++ b/tests/test_voting.py @@ -1,6 +1,6 @@ import pytest +from collections import Counter -from bigchaindb.backend.exceptions import BigchainDBCritical from bigchaindb.core import Bigchain from bigchaindb.voting import Voting, INVALID, VALID, UNDECIDED @@ -37,21 +37,45 @@ def test_count_votes(): def verify_vote_schema(cls, vote): return vote['node_pubkey'] != 'malformed' - voters = ['cheat', 'cheat', 'says invalid', 'malformed'] - voters += ['kosher' + str(i) for i in range(10)] + voters = (['cheat', 'cheat', 'says invalid', 'malformed'] + + ['kosher' + str(i) for i in range(10)]) votes = [Bigchain(v).vote('block', 'a', True) for v in voters] votes[2]['vote']['is_block_valid'] = False + # Incorrect previous block subtracts from n_valid and adds to n_invalid votes[-1]['vote']['previous_block'] = 'z' assert TestVoting.count_votes(votes) == { 'counts': { - 'n_valid': 10, - 'n_invalid': 3, - 'n_agree_prev_block': 9 + 'n_valid': 9, # 9 kosher votes + 'n_invalid': 4, # 1 cheat, 1 invalid, 1 malformed, 1 rogue prev block }, 'cheat': [votes[:2]], 'malformed': [votes[3]], + 'previous_block': 'a', + 'other_previous_block': {'z': 1}, + } + + +def test_must_agree_prev_block(): + class TestVoting(Voting): + @classmethod + def verify_vote_schema(cls, vote): + return True + + voters = 'abcd' + votes = [Bigchain(v).vote('block', 'a', True) for v in voters] + votes[0]['vote']['previous_block'] = 'b' + votes[1]['vote']['previous_block'] = 'c' + assert TestVoting.count_votes(votes) == { + 'counts': { + 'n_valid': 2, + 'n_invalid': 2, + }, + 'previous_block': 'a', + 'other_previous_block': {'b': 1, 'c': 1}, + 'malformed': [], + 'cheat': [], } @@ -60,16 +84,16 @@ def test_count_votes(): DECISION_TESTS = [dict( - zip(['n_voters', 'n_valid', 'n_invalid', 'n_agree_prev_block'], t)) + zip(['n_voters', 'n_valid', 'n_invalid'], t)) for t in [ - (1, 1, 1, 1), - (2, 2, 1, 2), - (3, 2, 2, 2), - (4, 3, 2, 3), - (5, 3, 3, 3), - (6, 4, 3, 4), - (7, 4, 4, 4), - (8, 5, 4, 5), + (1, 1, 1), + (2, 2, 1), + (3, 2, 2), + (4, 3, 2), + (5, 3, 3), + (6, 4, 3), + (7, 4, 4), + (8, 5, 4), ] ] @@ -79,8 +103,6 @@ def test_decide_votes_valid(kwargs): kwargs = kwargs.copy() kwargs['n_invalid'] = 0 assert Voting.decide_votes(**kwargs) == VALID - kwargs['n_agree_prev_block'] -= 1 - assert Voting.decide_votes(**kwargs) == INVALID kwargs['n_valid'] -= 1 assert Voting.decide_votes(**kwargs) == UNDECIDED @@ -94,16 +116,67 @@ def test_decide_votes_invalid(kwargs): assert Voting.decide_votes(**kwargs) == UNDECIDED -def test_decide_votes_checks_arguments(): - with pytest.raises(BigchainDBCritical): - Voting.decide_votes(n_voters=1, n_valid=2, n_invalid=0, - n_agree_prev_block=0) - with pytest.raises(BigchainDBCritical): - Voting.decide_votes(n_voters=1, n_valid=0, n_invalid=2, - n_agree_prev_block=0) - with pytest.raises(BigchainDBCritical): - Voting.decide_votes(n_voters=1, n_valid=0, n_invalid=0, - n_agree_prev_block=2) +################################################################################ +# Actions - test state transitions + + +@pytest.mark.parametrize('n_voters', range(8)) +def test_vote_actions(n_voters): + """ + * Legal transitions are UNDECIDED -> [VALID|INVALID] only + * Block is never left UNDECIDED after voting + * Accomodates rogues on previous block / invalid schema + """ + class TestVoting(Voting): + @classmethod + def verify_vote_schema(cls, vote): + return type(vote['vote']['is_block_valid']) == bool + + @classmethod + def verify_vote_signature(cls, vote): + return True + + keyring = 'abcdefghijklmnopqrstuvwxyz'[:n_voters] + block = {'id': 'block', 'block': {'voters': keyring}} + state = UNDECIDED + todo = [(state, [], [])] + + def branch(p, r): + todo.append((state, votes, votes + [{ + 'node_pubkey': keyring[len(votes)], + 'vote': {'previous_block': p, 'is_block_valid': r} + }])) + + while todo: + prev_state, prev_votes, votes = todo.pop(0) + results = Counter(v['vote']['is_block_valid'] for v in votes) + prev_blocks = Counter(v['vote']['previous_block'] for v in votes) + majority = n_voters // 2 + 1 + honest = (len(votes) == majority and len(prev_blocks) == 1 and + not results['lol'] and len(results) == 1) + closed = len(votes) == n_voters + + # Test legal transition + if votes: + state = TestVoting.block_election(block, votes, keyring)['status'] + assert prev_state in [state, UNDECIDED] + + # Test that decision has been reached + if honest or closed: + assert state != UNDECIDED or n_voters == 0 + + if closed: + continue + + # Can accomodate more votes, add them to the todo list. + # This vote is the good case + branch('A', True) + # This vote disagrees on previous block + branch('B', True) + # This vote says the block is invalid + branch('A', False) + # This vote is invalid + branch('A', 'lol') ################################################################################ @@ -113,10 +186,6 @@ def test_decide_votes_checks_arguments(): def test_verify_vote_signature_passes(b): vote = b.vote('block', 'a', True) assert Voting.verify_vote_signature(vote) - - -def test_verify_vote_signature_fails(b): - vote = b.vote('block', 'a', True) vote['signature'] = '' assert not Voting.verify_vote_signature(vote) @@ -128,37 +197,7 @@ def test_verify_vote_signature_fails(b): def test_verify_vote_schema(b): vote = b.vote('b' * 64, 'a' * 64, True) assert Voting.verify_vote_schema(vote) - vote = b.vote('b', 'a', True) + vote = b.vote('b' * 64, 'a', True) + assert not Voting.verify_vote_schema(vote) + vote = b.vote('b', 'a' * 64, True) assert not Voting.verify_vote_schema(vote) - - -################################################################################ -# block_election tests -# A more thorough test will follow as part of #1217 - - -def test_block_election(b): - - class TestVoting(Voting): - @classmethod - def verify_vote_signature(cls, vote): - return True - - @classmethod - def verify_vote_schema(cls, vote): - return True - - keyring = 'abc' - block = {'block': {'voters': 'ab'}} - votes = [{ - 'node_pubkey': c, - 'vote': {'is_block_valid': True, 'previous_block': 'a'} - } for c in 'abc'] - - assert TestVoting.block_election(block, votes, keyring) == { - 'status': VALID, - 'counts': {'n_agree_prev_block': 2, 'n_valid': 2, 'n_invalid': 0}, - 'ineligible': [votes[-1]], - 'cheat': [], - 'malformed': [], - } From 6ab1089bda074a8d79f2e039cab4ade5255abf12 Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Sat, 25 Feb 2017 14:18:06 +0100 Subject: [PATCH 023/283] voting cleanup --- bigchaindb/voting.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bigchaindb/voting.py b/bigchaindb/voting.py index b86797d2..837621b1 100644 --- a/bigchaindb/voting.py +++ b/bigchaindb/voting.py @@ -12,14 +12,14 @@ UNDECIDED = 'undecided' class Voting: """ - Everything to do with creating and checking votes. + Everything to do with verifying and counting votes for block election. All functions in this class should be referentially transparent, that is, they always give the same output for a given input. This makes it easier to test. This also means no logging! Assumptions regarding data: - * Vote is a dictionary, but it is not assumed that any properties are. + * Vote is a dictionary, but no assumptions are made on it's properties. * Everything else is assumed to be structurally correct, otherwise errors may be thrown. """ @@ -30,9 +30,9 @@ class Voting: Calculate the election status of a block. """ eligible_voters = set(block['block']['voters']) & set(keyring) + n_voters = len(eligible_voters) eligible_votes, ineligible_votes = \ cls.partition_eligible_votes(votes, eligible_voters) - n_voters = len(eligible_voters) results = cls.count_votes(eligible_votes) results['block_id'] = block['id'] results['status'] = cls.decide_votes(n_voters, **results['counts']) From 2116d199d5d10ff6dea3eda53fa54041e3e1c260 Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Sun, 26 Feb 2017 12:28:13 +0100 Subject: [PATCH 024/283] simplify vote counting --- bigchaindb/voting.py | 40 +++++++++++----------------------------- 1 file changed, 11 insertions(+), 29 deletions(-) diff --git a/bigchaindb/voting.py b/bigchaindb/voting.py index 67741bb5..b4e8a9e9 100644 --- a/bigchaindb/voting.py +++ b/bigchaindb/voting.py @@ -69,12 +69,9 @@ class Voting: in a separate "cheat" dictionary. * Votes must agree on previous block, otherwise they become invalid. """ - n_valid = 0 - n_invalid = 0 prev_blocks = collections.Counter() cheat = [] malformed = [] - prev_block = None # Group by pubkey to detect duplicate voting by_voter = collections.defaultdict(list) @@ -84,35 +81,28 @@ class Voting: for pubkey, votes in by_voter.items(): if len(votes) > 1: cheat.append(votes) - n_invalid += 1 continue vote = votes[0] if not cls.verify_vote_schema(vote): malformed.append(vote) - n_invalid += 1 continue - if vote['vote']['is_block_valid']: + if vote['vote']['is_block_valid'] is True: prev_blocks[vote['vote']['previous_block']] += 1 - n_valid += 1 - else: - n_invalid += 1 - # Neutralise difference between valid block and previous block, - # so that nodes must agree on previous block - if n_valid: - prev_block, n_prev = prev_blocks.most_common()[0] + n_valid = 0 + prev_block = None + # Valid votes must agree on previous block + if prev_blocks: + prev_block, n_valid = prev_blocks.most_common()[0] del prev_blocks[prev_block] - diff = n_valid - n_prev - n_valid -= diff - n_invalid += diff return { 'counts': { 'n_valid': n_valid, - 'n_invalid': n_invalid, + 'n_invalid': len(by_voter) - n_valid, }, 'cheat': cheat, 'malformed': malformed, @@ -126,10 +116,9 @@ class Voting: Decide on votes. To return VALID there must be a clear majority that say VALID - and also agree on the previous block. This is achieved using the > operator. + and also agree on the previous block. - A tie on an even number of votes counts as INVALID so the >= operator is - used. + A tie on an even number of votes counts as INVALID. """ if n_invalid * 2 >= n_voters: return INVALID @@ -139,15 +128,8 @@ class Voting: @classmethod def verify_vote_signature(cls, vote): - """Verify the signature of a vote - - A valid vote should have been signed by a voter's private key. - - Args: - vote (list): voters of the block that is under election - - Returns: - bool: True if the signature is correct, False otherwise. + """ + Verify the signature of a vote """ signature = vote.get('signature') pk_base58 = vote.get('node_pubkey') From 213139d4c6d9d64d1e6fd2ad68790ee68559c5d5 Mon Sep 17 00:00:00 2001 From: vrde Date: Mon, 27 Feb 2017 02:36:51 +0100 Subject: [PATCH 025/283] Improve tests and connection class --- bigchaindb/backend/connection.py | 6 +++- bigchaindb/backend/rethinkdb/changefeed.py | 3 +- bigchaindb/backend/rethinkdb/connection.py | 9 +++-- tests/backend/rethinkdb/test_connection.py | 41 +++++++++++++++------- 4 files changed, 41 insertions(+), 18 deletions(-) diff --git a/bigchaindb/backend/connection.py b/bigchaindb/backend/connection.py index d0913cf6..c1f0a629 100644 --- a/bigchaindb/backend/connection.py +++ b/bigchaindb/backend/connection.py @@ -61,7 +61,9 @@ def connect(backend=None, host=None, port=None, name=None, max_tries=None, raise ConfigurationError('Error loading backend `{}`'.format(backend)) from exc logger.debug('Connection: {}'.format(Class)) - return Class(host=host, port=port, dbname=dbname, replicaset=replicaset) + return Class(host=host, port=port, dbname=dbname, + max_tries=max_tries, connection_timeout=connection_timeout, + replicaset=replicaset) class Connection: @@ -142,3 +144,5 @@ class Connection: if attempt == self.max_tries: logger.critical('Cannot connect to the Database. Giving up.') raise ConnectionError() from exc + else: + break diff --git a/bigchaindb/backend/rethinkdb/changefeed.py b/bigchaindb/backend/rethinkdb/changefeed.py index e762d905..fb2dec1f 100644 --- a/bigchaindb/backend/rethinkdb/changefeed.py +++ b/bigchaindb/backend/rethinkdb/changefeed.py @@ -3,6 +3,7 @@ import logging import rethinkdb as r from bigchaindb import backend +from bigchaindb.backend.exceptions import BackendError from bigchaindb.backend.changefeed import ChangeFeed from bigchaindb.backend.utils import module_dispatch_registrar from bigchaindb.backend.rethinkdb.connection import RethinkDBConnection @@ -23,7 +24,7 @@ class RethinkDBChangeFeed(ChangeFeed): try: self.run_changefeed() break - except (r.ReqlDriverError, r.ReqlOpFailedError) as exc: + except BackendError as exc: logger.exception(exc) time.sleep(1) diff --git a/bigchaindb/backend/rethinkdb/connection.py b/bigchaindb/backend/rethinkdb/connection.py index e4d2c524..e917e326 100644 --- a/bigchaindb/backend/rethinkdb/connection.py +++ b/bigchaindb/backend/rethinkdb/connection.py @@ -1,7 +1,7 @@ import rethinkdb as r from bigchaindb.backend.connection import Connection -from bigchaindb.backend.exceptions import ConnectionError +from bigchaindb.backend.exceptions import ConnectionError, OperationError class RethinkDBConnection(Connection): @@ -24,7 +24,10 @@ class RethinkDBConnection(Connection): :attr:`~.RethinkDBConnection.max_tries`. """ - return query.run(self.conn) + try: + return query.run(self.conn) + except r.ReqlDriverError as exc: + raise OperationError from exc def _connect(self): """Set a connection to RethinkDB. @@ -39,4 +42,4 @@ class RethinkDBConnection(Connection): try: return r.connect(host=self.host, port=self.port, db=self.dbname) except r.ReqlDriverError as exc: - raise ConnectionError() from exc + raise ConnectionError from exc diff --git a/tests/backend/rethinkdb/test_connection.py b/tests/backend/rethinkdb/test_connection.py index 073fecee..318ff850 100644 --- a/tests/backend/rethinkdb/test_connection.py +++ b/tests/backend/rethinkdb/test_connection.py @@ -1,6 +1,7 @@ import time import multiprocessing as mp from threading import Thread +from unittest import mock from unittest.mock import patch import pytest @@ -34,6 +35,7 @@ def test_run_a_simple_query(): def test_raise_exception_when_max_tries(): from bigchaindb.backend import connect + from bigchaindb.backend.exceptions import OperationError class MockQuery: def run(self, conn): @@ -41,28 +43,41 @@ def test_raise_exception_when_max_tries(): conn = connect() - with pytest.raises(r.ReqlDriverError): + with pytest.raises(OperationError): conn.run(MockQuery()) def test_reconnect_when_connection_lost(): from bigchaindb.backend import connect - def raise_exception(*args, **kwargs): - raise r.ReqlDriverError('mock') - - conn = connect() original_connect = r.connect - r.connect = raise_exception - def delayed_start(): - time.sleep(1) - r.connect = original_connect + with patch('rethinkdb.connect') as mock_connect: + mock_connect.side_effect = [ + r.ReqlDriverError('mock'), + original_connect() + ] - thread = Thread(target=delayed_start) - query = r.expr('1') - thread.start() - assert conn.run(query) == '1' + conn = connect() + query = r.expr('1') + assert conn.run(query) == '1' + + +def test_reconnect_when_connection_lost_tries_n_times(): + from bigchaindb.backend import connect + from bigchaindb.backend.exceptions import ConnectionError + + with patch('rethinkdb.connect') as mock_connect: + mock_connect.side_effect = [ + r.ReqlDriverError('mock'), + r.ReqlDriverError('mock'), + r.ReqlDriverError('mock') + ] + + conn = connect(max_tries=3) + query = r.expr('1') + with pytest.raises(ConnectionError): + assert conn.run(query) == '1' def test_changefeed_reconnects_when_connection_lost(monkeypatch): From f9748042c2fb94f006444ad1106b3d38397fc218 Mon Sep 17 00:00:00 2001 From: vrde Date: Mon, 27 Feb 2017 11:14:11 +0100 Subject: [PATCH 026/283] Fix exception handling in changefeed --- bigchaindb/backend/rethinkdb/changefeed.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bigchaindb/backend/rethinkdb/changefeed.py b/bigchaindb/backend/rethinkdb/changefeed.py index fb2dec1f..390ada9a 100644 --- a/bigchaindb/backend/rethinkdb/changefeed.py +++ b/bigchaindb/backend/rethinkdb/changefeed.py @@ -24,8 +24,8 @@ class RethinkDBChangeFeed(ChangeFeed): try: self.run_changefeed() break - except BackendError as exc: - logger.exception(exc) + except (BackendError, r.ReqlDriverError) as exc: + logger.exception('Error connecting to the database, retrying') time.sleep(1) def run_changefeed(self): From f21811323f9d2e7d0038cdf9c4a13e878200f864 Mon Sep 17 00:00:00 2001 From: vrde Date: Mon, 27 Feb 2017 11:51:06 +0100 Subject: [PATCH 027/283] Remove unused import --- tests/backend/rethinkdb/test_connection.py | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/backend/rethinkdb/test_connection.py b/tests/backend/rethinkdb/test_connection.py index 318ff850..880862af 100644 --- a/tests/backend/rethinkdb/test_connection.py +++ b/tests/backend/rethinkdb/test_connection.py @@ -1,7 +1,6 @@ import time import multiprocessing as mp from threading import Thread -from unittest import mock from unittest.mock import patch import pytest From 3523036617e383995d217d0094c996c6b8f803ae Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Mon, 27 Feb 2017 15:23:53 +0100 Subject: [PATCH 028/283] don't load consensus in vote pipeline (unneeded) --- bigchaindb/pipelines/vote.py | 9 --------- 1 file changed, 9 deletions(-) diff --git a/bigchaindb/pipelines/vote.py b/bigchaindb/pipelines/vote.py index a857ba78..da28cb30 100644 --- a/bigchaindb/pipelines/vote.py +++ b/bigchaindb/pipelines/vote.py @@ -13,9 +13,7 @@ from multipipes import Pipeline, Node import bigchaindb from bigchaindb import Bigchain from bigchaindb import backend -from bigchaindb import config_utils from bigchaindb.backend.changefeed import ChangeFeed -from bigchaindb.consensus import BaseConsensusRules from bigchaindb.models import Transaction, Block from bigchaindb.common import exceptions @@ -37,13 +35,6 @@ class Vote: # we need to create a temporary instance of BigchainDB that we use # only to query RethinkDB - consensusPlugin = bigchaindb.config.get('consensus_plugin') - - if consensusPlugin: - self.consensus = config_utils.load_consensus_plugin(consensusPlugin) - else: - self.consensus = BaseConsensusRules - # This is the Bigchain instance that will be "shared" (aka: copied) # by all the subprocesses From ffb1d7a624f2711c4aba3efb409fb128c3ed9d5d Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Mon, 27 Feb 2017 15:29:49 +0100 Subject: [PATCH 029/283] Docs on using special SSH keypair with ACS/Kubernetes --- docs/server/source/appendices/aws-setup.md | 17 +------ .../appendices/generate-key-pair-for-ssh.md | 34 +++++++++++++ docs/server/source/appendices/index.rst | 1 + .../template-kubernetes-azure.rst | 48 +++++++++++++++++-- 4 files changed, 81 insertions(+), 19 deletions(-) create mode 100644 docs/server/source/appendices/generate-key-pair-for-ssh.md diff --git a/docs/server/source/appendices/aws-setup.md b/docs/server/source/appendices/aws-setup.md index 0471f8af..38ce2c1c 100644 --- a/docs/server/source/appendices/aws-setup.md +++ b/docs/server/source/appendices/aws-setup.md @@ -42,23 +42,10 @@ This writes two files: `~/.aws/credentials` and `~/.aws/config`. AWS tools and p Eventually, you'll have one or more instances (virtual machines) running on AWS and you'll want to SSH to them. To do that, you need a public/private key pair. The public key will be sent to AWS, and you can tell AWS to put it in any instances you provision there. You'll keep the private key on your local workstation. -First you need to make up a key name. Some ideas: +See the [page about how to generate a key pair for SSH](generate-key-pair-for-ssh.html). -* `bcdb-troy-1` -* `bigchaindb-7` -* `bcdb-jupiter` -If you already have key pairs on AWS (Amazon EC2), you have to pick a name that's not already being used. -Below, replace every instance of `` with your actual key name. -To generate a public/private RSA key pair with that name: -```text -ssh-keygen -t rsa -C "" -f ~/.ssh/ -``` - -It will ask you for a passphrase. You can use whatever passphrase you like, but don't lose it. Two keys (files) will be created in `~/.ssh/`: - -1. `~/.ssh/.pub` is the public key -2. `~/.ssh/` is the private key +## Send the Public Key to AWS To send the public key to AWS, use the AWS Command-Line Interface: ```text diff --git a/docs/server/source/appendices/generate-key-pair-for-ssh.md b/docs/server/source/appendices/generate-key-pair-for-ssh.md new file mode 100644 index 00000000..18b19392 --- /dev/null +++ b/docs/server/source/appendices/generate-key-pair-for-ssh.md @@ -0,0 +1,34 @@ +# Generate a Key Pair for SSH + +This page describes how to use `ssh-keygen` +to generate a public/private RSA key pair +that can be used with SSH. +(Note: `ssh-keygen` is found on most Linux and Unix-like +operating systems; if you're using Windows, +then you'll have to use another tool, +such as PuTTYgen.) + +By convention, SSH key pairs get stored in the `~/.ssh/` directory. +Check what keys you already have there: +```text +ls -1 ~/.ssh/ +``` + +Next, make up a new key pair name (called `` below). +Here are some ideas: + +* `aws-bdb-2` +* `tim-bdb-azure` +* `chris-bcdb-key` + +Next, generate a public/private RSA key pair with that name: +```text +ssh-keygen -t rsa -C "" -f ~/.ssh/ +``` + +It will ask you for a passphrase. +You can use whatever passphrase you like, but don't lose it. +Two keys (files) will be created in `~/.ssh/`: + +1. `~/.ssh/.pub` is the public key +2. `~/.ssh/` is the private key diff --git a/docs/server/source/appendices/index.rst b/docs/server/source/appendices/index.rst index 41b742b9..365bedfa 100755 --- a/docs/server/source/appendices/index.rst +++ b/docs/server/source/appendices/index.rst @@ -17,6 +17,7 @@ Appendices pipelines backend aws-setup + generate-key-pair-for-ssh firewall-notes ntp-notes example-rethinkdb-storage-setups diff --git a/docs/server/source/cloud-deployment-templates/template-kubernetes-azure.rst b/docs/server/source/cloud-deployment-templates/template-kubernetes-azure.rst index ad4a8b04..a5d6f086 100644 --- a/docs/server/source/cloud-deployment-templates/template-kubernetes-azure.rst +++ b/docs/server/source/cloud-deployment-templates/template-kubernetes-azure.rst @@ -18,7 +18,20 @@ You may find that you have to sign up for a Free Trial subscription first. That's okay: you can have many subscriptions. -Step 2: Deploy an Azure Container Service (ACS) +Step 2: Create an SSH Key Pair +------------------------------ + +You'll want an SSH key pair so you'll be able to SSH +to the virtual machines that you'll deploy in the next step. +(If you already have an SSH key pair, you *could* reuse it, +but it's probably a good idea to make a new SSH key pair +for your Kubernetes VMs and nothing else.) + +See the +:ref:`page about how to generate a key pair for SSH `. + + +Step 3: Deploy an Azure Container Service (ACS) ----------------------------------------------- It's *possible* to deploy an Azure Container Service (ACS) @@ -82,8 +95,7 @@ Finally, you can deploy an ACS using something like: --agent-count 3 \ --agent-vm-size Standard_D2_v2 \ --dns-prefix \ - --generate-ssh-keys \ - --location \ + --ssh-key-value ~/.ssh/.pub \ --orchestrator-type kubernetes There are more options. For help understanding all the options, use the built-in help: @@ -100,4 +112,32 @@ and click on the one you created to see all the resources in it. Next, you can :doc:`run a BigchainDB node on your new -Kubernetes cluster `. \ No newline at end of file +Kubernetes cluster `. + + +Optional: SSH to Your New Kubernetes Cluster Nodes +-------------------------------------------------- + +You can SSH to one of the just-deployed Kubernetes "master" nodes +(virtual machines) using: + +.. code:: bash + + $ ssh -i ~/.ssh/.pub azureuser@ + +where you can get the IP address or hostname +of a master node from the Azure Portal. +Note how the default username is ``azureuser``. + +The "agent" nodes don't get public IP addresses or hostnames, +so you can't SSH to them *directly*, +but you can first SSH to the master +and then SSH to an agent from there +(using the *private* IP address of the agent node). +To do that, you either need to copy your SSH key pair to +the master (a bad idea), +or use something like +`SSH agent forwarding `_ (better). + +Next, you can :doc:`run a BigchainDB node on your new +Kubernetes cluster `. From 9bdc8ca3415c09321991d5a207dcc53d083c7d9a Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Mon, 27 Feb 2017 16:23:46 +0100 Subject: [PATCH 030/283] fix in election pipeline --- bigchaindb/pipelines/election.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bigchaindb/pipelines/election.py b/bigchaindb/pipelines/election.py index 8e080183..fe4fbc68 100644 --- a/bigchaindb/pipelines/election.py +++ b/bigchaindb/pipelines/election.py @@ -41,7 +41,7 @@ class Election: next_block = self.bigchain.get_block(block_id) - result = self.bigchain.block_election_status(next_block) + result = self.bigchain.block_election(next_block) if result['status'] == self.bigchain.BLOCK_INVALID: return Block.from_dict(next_block) From ebeb94f35a0975e7733ad522ae2714910822423d Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Mon, 27 Feb 2017 16:25:29 +0100 Subject: [PATCH 031/283] cleanup has_previous_vote --- bigchaindb/common/exceptions.py | 8 -------- bigchaindb/core.py | 18 ++---------------- tests/db/test_bigchain_api.py | 15 --------------- 3 files changed, 2 insertions(+), 39 deletions(-) diff --git a/bigchaindb/common/exceptions.py b/bigchaindb/common/exceptions.py index 60340492..1b869e5c 100644 --- a/bigchaindb/common/exceptions.py +++ b/bigchaindb/common/exceptions.py @@ -62,14 +62,6 @@ class StartupError(BigchainDBError): """Raised when there is an error starting up the system""" -class ImproperVoteError(BigchainDBError): - """Raised if a vote is not constructed correctly, or signed incorrectly""" - - -class MultipleVotesError(BigchainDBError): - """Raised if a voter has voted more than once""" - - class GenesisBlockAlreadyExistsError(BigchainDBError): """Raised when trying to create the already existing genesis block""" diff --git a/bigchaindb/core.py b/bigchaindb/core.py index 1f82fd78..e4419bb4 100644 --- a/bigchaindb/core.py +++ b/bigchaindb/core.py @@ -496,24 +496,10 @@ class Bigchain(object): bool: :const:`True` if this block already has a valid vote from this node, :const:`False` otherwise. - Raises: - ImproperVoteError: If there is already a vote, - but the vote is invalid. - """ votes = list(backend.query.get_votes_by_block_id_and_voter(self.connection, block_id, self.me)) - - if len(votes) > 1: - raise exceptions.MultipleVotesError('Block {block_id} has {n_votes} votes from public key {me}' - .format(block_id=block_id, n_votes=str(len(votes)), me=self.me)) - if len(votes) < 1: - return False - - if self.consensus.voting.verify_vote_signature(votes[0]): - return True - else: - raise exceptions.ImproperVoteError('Block {block_id} already has an incorrectly signed vote ' - 'from public key {me}'.format(block_id=block_id, me=self.me)) + el, _ = self.consensus.voting.partition_eligible_votes(votes, [self.me]) + return bool(el) def write_block(self, block): """Write a block to bigchain. diff --git a/tests/db/test_bigchain_api.py b/tests/db/test_bigchain_api.py index 2363f9e7..5f5aa5c5 100644 --- a/tests/db/test_bigchain_api.py +++ b/tests/db/test_bigchain_api.py @@ -428,21 +428,6 @@ class TestBigchainApi(object): assert retrieved_block_1 == retrieved_block_2 - @pytest.mark.genesis - def test_improper_vote_error(selfs, b): - from bigchaindb.common.exceptions import ImproperVoteError - - block_1 = dummy_block() - b.write_block(block_1) - vote_1 = b.vote(block_1.id, b.get_last_voted_block().id, True) - # mangle the signature - vote_1['signature'] = 'a' * 87 - b.write_vote(vote_1) - with pytest.raises(ImproperVoteError) as excinfo: - b.has_previous_vote(block_1.id) - assert excinfo.value.args[0] == 'Block {block_id} already has an incorrectly signed ' \ - 'vote from public key {me}'.format(block_id=block_1.id, me=b.me) - @pytest.mark.usefixtures('inputs') def test_assign_transaction_one_node(self, b, user_pk, user_sk): from bigchaindb.backend import query From c993f954e088e3ccd88c156e8bab570286c1637e Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Mon, 27 Feb 2017 20:56:01 +0100 Subject: [PATCH 032/283] wip --- bigchaindb/core.py | 25 ++++++++----------------- bigchaindb/models.py | 6 ++++-- tests/pipelines/test_election.py | 16 ++++++++-------- tests/test_models.py | 3 +-- 4 files changed, 21 insertions(+), 29 deletions(-) diff --git a/bigchaindb/core.py b/bigchaindb/core.py index e4419bb4..61ea5e8c 100644 --- a/bigchaindb/core.py +++ b/bigchaindb/core.py @@ -69,6 +69,9 @@ class Bigchain(object): if not self.me or not self.me_private: raise exceptions.KeypairNotFoundException() + federation = property(lambda self: set(self.nodes_except_me + [self.me])) + """ Set of federation member public keys """ + def write_transaction(self, signed_transaction): """Write the transaction to bigchain. @@ -107,19 +110,8 @@ class Bigchain(object): dict: database response or None if no reassignment is possible """ - if self.nodes_except_me: - try: - federation_nodes = self.nodes_except_me + [self.me] - index_current_assignee = federation_nodes.index(transaction['assignee']) - new_assignee = random.choice(federation_nodes[:index_current_assignee] + - federation_nodes[index_current_assignee + 1:]) - except ValueError: - # current assignee not in federation - new_assignee = random.choice(self.nodes_except_me) - - else: - # There is no other node to assign to - new_assignee = self.me + other_nodes = self.federation.difference([transaction['assignee']]) + new_assignee = random.choice(other_nodes) if other_nodes else self.me return backend.query.update_transaction( self.connection, transaction['id'], @@ -467,7 +459,7 @@ class Bigchain(object): raise exceptions.OperationError('Empty block creation is not ' 'allowed') - voters = self.nodes_except_me + [self.me] + voters = list(self.federation) block = Block(validated_transactions, self.me, gen_timestamp(), voters) block = block.sign(self.me_private) @@ -607,9 +599,8 @@ class Bigchain(object): block = block.to_dict() votes = list(backend.query.get_votes_by_block_id(self.connection, block['id'])) - keyring = self.nodes_except_me + [self.me] - result = self.consensus.voting.block_election(block, votes, keyring) - return result + return self.consensus.voting.block_election(block, votes, + self.federation) def block_election_status(self, block): """Tally the votes on a block, and return the status: diff --git a/bigchaindb/models.py b/bigchaindb/models.py index ee7efe8f..2d16800f 100644 --- a/bigchaindb/models.py +++ b/bigchaindb/models.py @@ -236,10 +236,12 @@ class Block(object): InvalidSignature: If a Block's signature is invalid. """ # Check if the block was created by a federation node - possible_voters = (bigchain.nodes_except_me + [bigchain.me]) - if self.node_pubkey not in possible_voters: + if self.node_pubkey not in bigchain.federation: raise OperationError('Only federation nodes can create blocks') + if set(self.voters) != bigchain.federation: + raise OperationError('Block voters differs from server keyring') + # Check that the signature is valid if not self.is_signature_valid(): raise InvalidSignature('Invalid block signature') diff --git a/tests/pipelines/test_election.py b/tests/pipelines/test_election.py index bb01b6d1..e7491656 100644 --- a/tests/pipelines/test_election.py +++ b/tests/pipelines/test_election.py @@ -83,12 +83,6 @@ def test_check_for_quorum_invalid_prev_node(b, user_pk): def test_check_for_quorum_valid(b, user_pk): from bigchaindb.models import Transaction - e = election.Election() - - # create blocks with transactions - tx1 = Transaction.create([b.me], [([user_pk], 1)]) - test_block = b.create_block([tx1]) - # simulate a federation with four voters key_pairs = [crypto.generate_key_pair() for _ in range(4)] test_federation = [ @@ -96,10 +90,13 @@ def test_check_for_quorum_valid(b, user_pk): for key_pair in key_pairs ] - keyring = e.bigchain.nodes_except_me = [key_pair[1] for key_pair in key_pairs] + b.nodes_except_me = [key_pair[1] for key_pair in key_pairs] + + # create blocks with transactions + tx1 = Transaction.create([b.me], [([user_pk], 1)]) + test_block = b.create_block([tx1]) # add voters to block and write - test_block.voters = keyring test_block = test_block.sign(b.me_private) b.write_block(test_block) @@ -110,6 +107,9 @@ def test_check_for_quorum_valid(b, user_pk): for vote in votes: b.write_vote(vote) + e = election.Election() + e.bigchain = b + # since this block is valid, should go nowhere assert e.check_for_quorum(votes[-1]) is None diff --git a/tests/test_models.py b/tests/test_models.py index 8de3a6c2..0b8be0b0 100644 --- a/tests/test_models.py +++ b/tests/test_models.py @@ -115,13 +115,12 @@ class TestBlockModel(object): transactions = [Transaction.create([b.me], [([b.me], 1)])] timestamp = gen_timestamp() - voters = ['Qaaa', 'Qbbb'] block = { 'timestamp': timestamp, 'transactions': [tx.to_dict() for tx in transactions], 'node_pubkey': b.me, - 'voters': voters, + 'voters': list(b.federation), } block_body = { From b3e697f05be3b08d69521d8d562f54e2ebdd7630 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Tue, 28 Feb 2017 11:25:57 +0100 Subject: [PATCH 033/283] docs: can SSH to k8s agent via master using private hostname --- .../cloud-deployment-templates/template-kubernetes-azure.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/server/source/cloud-deployment-templates/template-kubernetes-azure.rst b/docs/server/source/cloud-deployment-templates/template-kubernetes-azure.rst index a5d6f086..62f765d0 100644 --- a/docs/server/source/cloud-deployment-templates/template-kubernetes-azure.rst +++ b/docs/server/source/cloud-deployment-templates/template-kubernetes-azure.rst @@ -133,7 +133,7 @@ The "agent" nodes don't get public IP addresses or hostnames, so you can't SSH to them *directly*, but you can first SSH to the master and then SSH to an agent from there -(using the *private* IP address of the agent node). +(using the *private* IP address or hostname of the agent node). To do that, you either need to copy your SSH key pair to the master (a bad idea), or use something like From 6821170fcd102e65f84531b073c17feb7b4b2e48 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Tue, 28 Feb 2017 13:58:44 +0100 Subject: [PATCH 034/283] docs: rm paren. sentence re/ deploying an ACS --- .../cloud-deployment-templates/template-kubernetes-azure.rst | 4 ---- 1 file changed, 4 deletions(-) diff --git a/docs/server/source/cloud-deployment-templates/template-kubernetes-azure.rst b/docs/server/source/cloud-deployment-templates/template-kubernetes-azure.rst index 62f765d0..0758912d 100644 --- a/docs/server/source/cloud-deployment-templates/template-kubernetes-azure.rst +++ b/docs/server/source/cloud-deployment-templates/template-kubernetes-azure.rst @@ -39,10 +39,6 @@ from the `Azure Portal `_ (i.e. online in your web browser) but it's actually easier to do it using the Azure Command-Line Interface (CLI). -(The Azure Portal will ask you for a public SSH key -and a "service principal," and you'll have to create those -first if they don't exist. The CLI will create them -for you if necessary.) Microsoft has `instructions to install the Azure CLI 2.0 on most common operating systems From f2f1ee8ef109131c92078016bd3d321a19d13371 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Tue, 28 Feb 2017 19:08:13 +0100 Subject: [PATCH 035/283] docs: create k8s StorageClass & PVC --- .../node-on-kubernetes.rst | 116 ++++++++++++++++-- 1 file changed, 109 insertions(+), 7 deletions(-) diff --git a/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst b/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst index 03ffb2fe..9ae16675 100644 --- a/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst +++ b/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst @@ -21,7 +21,7 @@ Step 2: Configure kubectl The default location of the kubectl configuration file is ``~/.kube/config``. If you don't have that file, then you need to get it. -If you deployed your Kubernetes cluster on Azure +**Azure.** If you deployed your Kubernetes cluster on Azure using the Azure CLI 2.0 (as per :doc:`our template `), then you can get the ``~/.kube/config`` file using: @@ -32,15 +32,117 @@ then you can get the ``~/.kube/config`` file using: --name -Step 3: Run a MongoDB Container -------------------------------- +Step 3: Create a StorageClass +----------------------------- -To start a MongoDB Docker container in a pod on one of the cluster nodes: +MongoDB needs somewhere to store its data persistently, +outside the container where MongoDB is running. +Explaining how Kubernetes handles persistent volumes, +and the associated terminology, +is beyond the scope of this documentation; +see `the Kubernetes docs about persistent volumes +`_. + +The first thing to do is create a Kubernetes StorageClass. + +**Azure.** First, you need an Azure storage account. +While you might be able to use an existing one, +create a new one specifically for MongoDB data: .. code:: bash - $ kubectl ????? + $ az storage account create --name \ + --resource-group \ + --location \ + --sku Standard_LRS + +where LRS means locally-redundant storage. Other option-values (and other options) can be found in `the docs for az storage account create `_. + +Next, create a Kubernetes Storage Class named ``slow`` +by writing a file named ``azureStorageClass.yml`` containing: + +.. code:: yaml + + kind: StorageClass + apiVersion: storage.k8s.io/v1beta1 + metadata: + name: slow + provisioner: kubernetes.io/azure-disk + parameters: + skuName: Standard_LRS + location: + +and then: + +.. code:: bash + + $ kubectl apply -f azureStorageClass.yml + +You can check if it worked using ``kubectl get storageclasses``. + +Note that there is no line of the form +``storageAccount: `` +under ``parameters:``. When we included one +and then created a PersistentVolumeClaim based on it, +the PersistentVolumeClaim would get stuck +in a "Pending" state. -Note: The BigchainDB Dashboard can be deployed -as a Docker container, like everything else. +Step 4: Create a PersistentVolumeClaim +-------------------------------------- + +Next, you'll create a PersistentVolumeClaim named ``mongoclaim``. +Create a file named ``mongoclaim.yml`` +with the following contents: + +.. code:: yaml + + kind: PersistentVolumeClaim + apiVersion: v1 + metadata: + name: mongoclaim + annotations: + volume.beta.kubernetes.io/storage-class: slow + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + +Note how there's no explicit depencency on the storage provider. +``ReadWriteOnce`` (RWO) means the volume can be mounted as +read-write by a single Kubernetes node. +(``ReadWriteOnce`` is the *only* access mode supported +by AzureDisk.) +``storage: 2Gi`` means the volume has a size of two +`gibibytes `_. +(You can change that if you like.) + +Create ``mongoclaim`` in your Kubernetes cluster: + +.. code:: bash + + $ kubectl apply -f mongoclaim.yml + +You can check its status using: + +.. code:: bash + + $ kubectl get pvc + +Initially, the status of ``mongoclaim`` might be "Pending" +but it should become "Bound" fairly quickly. + +.. code:: bash + + $ kubectl describe pvc + Name: mongoclaim + Namespace: default + StorageClass: slow + Status: Bound + Volume: pvc-ebed81f1-fdca-11e6-abf0-000d3a27ab21 + Labels: + Capacity: 2Gi + Access Modes: RWO + No events. From 35ee6e55398062f3fa365c9e3d9830c91e3c4ffe Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Wed, 1 Mar 2017 13:35:31 +0100 Subject: [PATCH 036/283] docs: add instructions to update az command --- .../template-kubernetes-azure.rst | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/server/source/cloud-deployment-templates/template-kubernetes-azure.rst b/docs/server/source/cloud-deployment-templates/template-kubernetes-azure.rst index 0758912d..0fe8c378 100644 --- a/docs/server/source/cloud-deployment-templates/template-kubernetes-azure.rst +++ b/docs/server/source/cloud-deployment-templates/template-kubernetes-azure.rst @@ -45,6 +45,12 @@ on most common operating systems `_. Do that. +First, update the Azure CLI to the latest version: + +.. code:: bash + + $ az component update + Next, login to your account using: .. code:: bash From 8be2e2055944e00b60b3914fc8ab558cae5f19d0 Mon Sep 17 00:00:00 2001 From: Trent McConaghy Date: Wed, 1 Mar 2017 15:29:09 +0100 Subject: [PATCH 037/283] Update CONTRIBUTING.md --- CONTRIBUTING.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 03d02403..eedb866a 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -2,6 +2,8 @@ There are many ways you can contribute to the BigchainDB project, some very easy and others more involved. We want to be friendly and welcoming to all potential contributors, so we ask that everyone involved abide by some simple guidelines outlined in our [Code of Conduct](./CODE_OF_CONDUCT.md). +Or, are you interested in contributing full-time? BigchainDB is hiring. See [here](https://github.com/bigchaindb/org/blob/master/engjob.md). + ## Easy Ways to Contribute The BigchainDB community has a Google Group and a Gitter chatroom. Our [Community page](https://www.bigchaindb.com/community) has more information about those. From 77c6b138a82491b538945a8b0115c6cb41585804 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Wed, 1 Mar 2017 15:49:20 +0100 Subject: [PATCH 038/283] expanded docs re/ Azure storage accounts & ACS --- .../node-on-kubernetes.rst | 35 ++++++++++++------- 1 file changed, 23 insertions(+), 12 deletions(-) diff --git a/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst b/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst index 9ae16675..f64b8207 100644 --- a/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst +++ b/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst @@ -46,19 +46,28 @@ see `the Kubernetes docs about persistent volumes The first thing to do is create a Kubernetes StorageClass. **Azure.** First, you need an Azure storage account. -While you might be able to use an existing one, -create a new one specifically for MongoDB data: +If you deployed your Kubernetes cluster on Azure +using the Azure CLI 2.0 +(as per :doc:`our template `), +then the `az acs create` command already created two +storage accounts in the same location and resource group +as your Kubernetes cluster. +Both should have the same "storage account SKU": ``Standard_LRS``. +Standard storage is lower-cost and lower-performance. +It uses hard disk drives (HDD). +LRS means locally-redundant storage: three replicas +in the same data center. -.. code:: bash +Premium storage is higher-cost and higher-performance. +It uses solid state drives (SSD). +At the time of writing, +when we created a storage account with SKU ``Premium_LRS`` +and tried to use that, +the PersistentVolumeClaim would get stuck in a "Pending" state. +For future reference, the command to create a storage account is +`az storage account create `_. - $ az storage account create --name \ - --resource-group \ - --location \ - --sku Standard_LRS - -where LRS means locally-redundant storage. Other option-values (and other options) can be found in `the docs for az storage account create `_. - -Next, create a Kubernetes Storage Class named ``slow`` +Create a Kubernetes Storage Class named ``slow`` by writing a file named ``azureStorageClass.yml`` containing: .. code:: yaml @@ -86,6 +95,8 @@ under ``parameters:``. When we included one and then created a PersistentVolumeClaim based on it, the PersistentVolumeClaim would get stuck in a "Pending" state. +Kubernetes just looks for a storageAccount +with the specified skuName and location. Step 4: Create a PersistentVolumeClaim @@ -110,7 +121,7 @@ with the following contents: requests: storage: 2Gi -Note how there's no explicit depencency on the storage provider. +Note how there's no explicit mention of Azure, AWS or whatever. ``ReadWriteOnce`` (RWO) means the volume can be mounted as read-write by a single Kubernetes node. (``ReadWriteOnce`` is the *only* access mode supported From 4e32a492b16e9ec838631fbb88315481d9c72049 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Wed, 1 Mar 2017 16:26:57 +0100 Subject: [PATCH 039/283] docs: changed PersistentVolumeClaim from 2Gi to 20Gi --- .../source/cloud-deployment-templates/node-on-kubernetes.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst b/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst index f64b8207..afb0b438 100644 --- a/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst +++ b/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst @@ -119,14 +119,14 @@ with the following contents: - ReadWriteOnce resources: requests: - storage: 2Gi + storage: 20Gi Note how there's no explicit mention of Azure, AWS or whatever. ``ReadWriteOnce`` (RWO) means the volume can be mounted as read-write by a single Kubernetes node. (``ReadWriteOnce`` is the *only* access mode supported by AzureDisk.) -``storage: 2Gi`` means the volume has a size of two +``storage: 20Gi`` means the volume has a size of 20 `gibibytes `_. (You can change that if you like.) From b20278430db488117927731162d34c28b7e2e319 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Thu, 2 Mar 2017 12:23:49 +0100 Subject: [PATCH 040/283] Pin down rapidjson --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 7e8c3441..1ff6bdbb 100644 --- a/setup.py +++ b/setup.py @@ -65,7 +65,7 @@ install_requires = [ 'pymongo~=3.4', 'pysha3~=1.0.2', 'cryptoconditions>=0.5.0', - 'python-rapidjson>=0.0.8', + 'python-rapidjson==0.0.8', 'logstats>=0.2.1', 'flask>=0.10.1', 'flask-restful~=0.3.0', From 6702ad192b3047a267e141f56384abb3a54bdd8f Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Thu, 2 Mar 2017 12:41:26 +0100 Subject: [PATCH 041/283] Update change log for 0.9.2 --- CHANGELOG.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f1f8d6b4..62dac89c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,14 @@ For reference, the possible headings are: * **External Contributors** to list contributors outside of BigchainDB GmbH. * **Notes** +## [0.9.2] - 2017-03-02 +Tag name: v0.9.2 + +### Fixed +Pin `python-rapidjson` library in `setup.py` to prevent `bigchaindb`'s +installation to fail due to +https://github.com/python-rapidjson/python-rapidjson/issues/62. + ## [0.9.1] - 2017-02-06 Tag name: v0.9.1 From 1d935b9ae65c4058e695c419c5af363cc16bddcb Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Thu, 2 Mar 2017 14:35:20 +0100 Subject: [PATCH 042/283] dedupe tx in block, reject duplicate tx in block --- bigchaindb/common/exceptions.py | 4 ++++ bigchaindb/models.py | 8 ++++++- bigchaindb/pipelines/block.py | 32 +++++++++++++++++++++----- tests/integration/test_integration.py | 21 ----------------- tests/pipelines/stepping.py | 6 +++-- tests/pipelines/test_block_creation.py | 9 ++++++++ tests/pipelines/test_steps.py | 19 ++++++++++++++- tests/test_models.py | 8 +++++++ 8 files changed, 76 insertions(+), 31 deletions(-) diff --git a/bigchaindb/common/exceptions.py b/bigchaindb/common/exceptions.py index 60340492..c9b741b8 100644 --- a/bigchaindb/common/exceptions.py +++ b/bigchaindb/common/exceptions.py @@ -41,6 +41,10 @@ class InvalidSignature(BigchainDBError): operation""" +class DuplicateTransaction(ValidationError): + """Raised if a duplicated transaction is found""" + + class DatabaseAlreadyExists(BigchainDBError): """Raised when trying to create the database but the db is already there""" diff --git a/bigchaindb/models.py b/bigchaindb/models.py index ee7efe8f..56dbec28 100644 --- a/bigchaindb/models.py +++ b/bigchaindb/models.py @@ -3,7 +3,8 @@ from bigchaindb.common.exceptions import (InvalidHash, InvalidSignature, OperationError, DoubleSpend, TransactionDoesNotExist, TransactionNotInValidBlock, - AssetIdMismatch, AmountError) + AssetIdMismatch, AmountError, + DuplicateTransaction) from bigchaindb.common.transaction import Transaction from bigchaindb.common.utils import gen_timestamp, serialize from bigchaindb.common.schema import validate_transaction_schema @@ -261,7 +262,12 @@ class Block(object): DoubleSpend: if the transaction is a double spend InvalidHash: if the hash of the transaction is wrong InvalidSignature: if the signature of the transaction is wrong + ValidationError: If the block contains a duplicated TX """ + txids = [tx.id for tx in self.transactions] + if len(txids) != len(set(txids)): + raise DuplicateTransaction('Block has duplicate transaction') + for tx in self.transactions: # If a transaction is not valid, `validate_transactions` will # throw an an exception and block validation will be canceled. diff --git a/bigchaindb/pipelines/block.py b/bigchaindb/pipelines/block.py index 1f2e9017..c7d7ebc1 100644 --- a/bigchaindb/pipelines/block.py +++ b/bigchaindb/pipelines/block.py @@ -31,7 +31,7 @@ class BlockPipeline: def __init__(self): """Initialize the BlockPipeline creator""" self.bigchain = Bigchain() - self.txs = [] + self.txs = tx_collector() def filter_tx(self, tx): """Filter a transaction. @@ -98,11 +98,10 @@ class BlockPipeline: :class:`~bigchaindb.models.Block`: The block, if a block is ready, or ``None``. """ - if tx: - self.txs.append(tx) - if len(self.txs) == 1000 or (timeout and self.txs): - block = self.bigchain.create_block(self.txs) - self.txs = [] + txs = self.txs.send(tx) + if len(txs) == 1000 or (timeout and txs): + block = self.bigchain.create_block(txs) + self.txs = tx_collector() return block def write(self, block): @@ -134,6 +133,27 @@ class BlockPipeline: return block +def tx_collector(): + """ A helper to deduplicate transactions """ + + def snowflake(): + txids = set() + txs = [] + while True: + tx = yield txs + if tx: + if tx.id not in txids: + txids.add(tx.id) + txs.append(tx) + else: + logger.info('Refusing to add tx to block twice: ' + + tx.id) + + s = snowflake() + s.send(None) + return s + + def create_pipeline(): """Create and return the pipeline of operations to be distributed on different processes.""" diff --git a/tests/integration/test_integration.py b/tests/integration/test_integration.py index 6597a0e7..2bf0ebcd 100644 --- a/tests/integration/test_integration.py +++ b/tests/integration/test_integration.py @@ -5,27 +5,6 @@ import pytest pytestmark = [pytest.mark.bdb, pytest.mark.usefixtures('processes')] -def test_fast_double_create(b, user_pk): - from bigchaindb.models import Transaction - from bigchaindb.backend.query import count_blocks - tx = Transaction.create([b.me], [([user_pk], 1)], - metadata={'test': 'test'}).sign([b.me_private]) - - # write everything fast - b.write_transaction(tx) - b.write_transaction(tx) - - time.sleep(2) - tx_returned = b.get_transaction(tx.id) - - # test that the tx can be queried - assert tx_returned == tx - # test the transaction appears only once - last_voted_block = b.get_last_voted_block() - assert len(last_voted_block.transactions) == 1 - assert count_blocks(b.connection) == 2 - - def test_double_create(b, user_pk): from bigchaindb.models import Transaction from bigchaindb.backend.query import count_blocks diff --git a/tests/pipelines/stepping.py b/tests/pipelines/stepping.py index 0e286829..030863c6 100644 --- a/tests/pipelines/stepping.py +++ b/tests/pipelines/stepping.py @@ -72,6 +72,7 @@ class MultipipesStepper: r = f(**kwargs) if r is not None: self._enqueue(next_name, r) + return r self.tasks[name] = functools.wraps(f)(inner) self.input_tasks.add(name) @@ -90,6 +91,7 @@ class MultipipesStepper: out = f(*args, **kwargs) if out is not None and next: self._enqueue(next_name, out) + return out task = functools.wraps(f)(inner) self.tasks[name] = task @@ -111,12 +113,12 @@ class MultipipesStepper: logging.debug('Stepping %s', name) task = self.tasks[name] if name in self.input_tasks: - task(**kwargs) + return task(**kwargs) else: queue = self.queues.get(name, []) if not queue: raise Empty(name) - task(*queue.pop(0), **kwargs) + return task(*queue.pop(0), **kwargs) logging.debug('Stepped %s', name) @property diff --git a/tests/pipelines/test_block_creation.py b/tests/pipelines/test_block_creation.py index 2991f3cf..89c74891 100644 --- a/tests/pipelines/test_block_creation.py +++ b/tests/pipelines/test_block_creation.py @@ -226,3 +226,12 @@ def test_full_pipeline(b, user_pk): block_len = len(block_doc.transactions) assert chained_block == block_doc assert number_assigned_to_others == 100 - block_len + + +def test_block_snowflake(create_tx, signed_transfer_tx): + from bigchaindb.pipelines.block import tx_collector + snowflake = tx_collector() + snowflake.send(create_tx) + snowflake.send(signed_transfer_tx) + snowflake.send(create_tx) + assert snowflake.send(None) == [create_tx, signed_transfer_tx] diff --git a/tests/pipelines/test_steps.py b/tests/pipelines/test_steps.py index c63a673a..834162fc 100644 --- a/tests/pipelines/test_steps.py +++ b/tests/pipelines/test_steps.py @@ -20,9 +20,26 @@ def test_stepping_changefeed_produces_update(b, steps): [tx.id, tx.id]) +@pytest.mark.bdb +@pytest.mark.genesis +def test_dupe_tx_in_block(b, steps): + tx = input_single_create(b) + for i in range(2): + steps.stale_check_transactions() + steps.stale_reassign_transactions() + steps.block_changefeed() + steps.block_filter_tx() + steps.block_validate_tx() + steps.block_validate_tx() + assert steps.counts == {'block_create': 2} + steps.block_create(timeout=False) + block = steps.block_create(timeout=True) + assert block.transactions == [tx] + + def input_single_create(b): from bigchaindb.common.transaction import Transaction metadata = {'r': random.random()} - tx = Transaction.create([b.me], [([b.me], 1)], metadata) + tx = Transaction.create([b.me], [([b.me], 1)], metadata).sign([b.me_private]) b.write_transaction(tx) return tx diff --git a/tests/test_models.py b/tests/test_models.py index 8de3a6c2..59d8e0be 100644 --- a/tests/test_models.py +++ b/tests/test_models.py @@ -163,3 +163,11 @@ class TestBlockModel(object): public_key = PublicKey(b.me) assert public_key.verify(expected_block_serialized, block.signature) + + def test_block_dupe_tx(self, b): + from bigchaindb.models import Transaction + from bigchaindb.common.exceptions import DuplicateTransaction + tx = Transaction.create([b.me], [([b.me], 1)]) + block = b.create_block([tx, tx]) + with raises(DuplicateTransaction): + block._validate_block_transactions(b) From a71dc66e97c796d4e9006e8037933bc13c5e2a37 Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Thu, 2 Mar 2017 18:48:03 +0100 Subject: [PATCH 043/283] extra test for tx_collector and docs fix --- bigchaindb/models.py | 2 +- tests/pipelines/test_block_creation.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/bigchaindb/models.py b/bigchaindb/models.py index 56dbec28..e6a4dc73 100644 --- a/bigchaindb/models.py +++ b/bigchaindb/models.py @@ -262,7 +262,7 @@ class Block(object): DoubleSpend: if the transaction is a double spend InvalidHash: if the hash of the transaction is wrong InvalidSignature: if the signature of the transaction is wrong - ValidationError: If the block contains a duplicated TX + DuplicateTransaction: If the block contains a duplicated TX """ txids = [tx.id for tx in self.transactions] if len(txids) != len(set(txids)): diff --git a/tests/pipelines/test_block_creation.py b/tests/pipelines/test_block_creation.py index 89c74891..b7d3e03e 100644 --- a/tests/pipelines/test_block_creation.py +++ b/tests/pipelines/test_block_creation.py @@ -231,7 +231,7 @@ def test_full_pipeline(b, user_pk): def test_block_snowflake(create_tx, signed_transfer_tx): from bigchaindb.pipelines.block import tx_collector snowflake = tx_collector() - snowflake.send(create_tx) + assert snowflake.send(create_tx) == [create_tx] snowflake.send(signed_transfer_tx) snowflake.send(create_tx) assert snowflake.send(None) == [create_tx, signed_transfer_tx] From 64f4afb7ad14b5b0fd3243f04c59cce231eddb75 Mon Sep 17 00:00:00 2001 From: "krish7919 (Krish)" Date: Fri, 3 Mar 2017 10:19:09 +0100 Subject: [PATCH 044/283] Run bdb v0.9.1 as a pod in k8s --- k8s/node-ss.yaml | 89 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 89 insertions(+) create mode 100644 k8s/node-ss.yaml diff --git a/k8s/node-ss.yaml b/k8s/node-ss.yaml new file mode 100644 index 00000000..9580daf6 --- /dev/null +++ b/k8s/node-ss.yaml @@ -0,0 +1,89 @@ +##################################################### +# This config file uses bdb v0.9.1 with bundled rdb # +##################################################### + +apiVersion: v1 +kind: Service +metadata: + name: bdb-service + namespace: default + labels: + name: bdb-service +spec: + selector: + app: bdb + ports: + - port: 9984 + targetPort: 9984 + name: bdb-http-api + - port: 8080 + targetPort: 8080 + name: bdb-rethinkdb-api + type: LoadBalancer +--- +apiVersion: apps/v1beta1 +kind: StatefulSet +metadata: + name: bdb + namespace: default +spec: + serviceName: bdb + replicas: 1 + template: + metadata: + name: bdb + labels: + app: bdb + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "bdb091-configure", + "image": "bigchaindb/bigchaindb:0.9.1", + "command": ["bigchaindb", "-y", "configure", "rethinkdb"], + "volumeMounts": [ + { + "name": "bigchaindb-data", + "mountPath": "/data" + } + ] + } + ]' + spec: + terminationGracePeriodSeconds: 10 + containers: + - name: bdb091-server + image: bigchaindb/bigchaindb:0.9.1 + args: + - -c + - /data/.bigchaindb + - start + imagePullPolicy: IfNotPresent + ports: + - containerPort: 9984 + hostPort: 9984 + name: bdb-port + protocol: TCP + volumeMounts: + - name: bigchaindb-data + mountPath: /data + resources: + limits: + cpu: 200m + memory: 768Mi + livenessProbe: + httpGet: + path: / + port: 9984 + initialDelaySeconds: 15 + timeoutSeconds: 10 + readinessProbe: + httpGet: + path: / + port: 9984 + initialDelaySeconds: 15 + timeoutSeconds: 10 + restartPolicy: Always + volumes: + - name: bigchaindb-data + hostPath: + path: /disk/bigchaindb-data From dc9f93dfbc2ee1427b58f6775854df8578db73df Mon Sep 17 00:00:00 2001 From: Krish Date: Fri, 3 Mar 2017 10:29:30 +0100 Subject: [PATCH 045/283] Enhancements to run with docker locally (#1239) --- .../server/source/appendices/run-with-docker.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/docs/server/source/appendices/run-with-docker.md b/docs/server/source/appendices/run-with-docker.md index 6c1d2ce0..6700391e 100644 --- a/docs/server/source/appendices/run-with-docker.md +++ b/docs/server/source/appendices/run-with-docker.md @@ -75,6 +75,8 @@ docker run \ --name=rethinkdb \ --publish=172.17.0.1:28015:28015 \ --publish=172.17.0.1:58080:8080 \ + --restart=always \ + --volume "$HOME/bigchaindb_docker:/data" \ rethinkdb:2.3 ``` @@ -85,11 +87,25 @@ You can also access the RethinkDB dashboard at #### For MongoDB +Note: MongoDB runs as user `mongodb` which had the UID `999` and GID `999` +inside the container. For the volume to be mounted properly, as user `mongodb` +in your host, you should have a `mongodb` user with UID and GID `999`. +If you have another user on the host with UID `999`, the mapped files will +be owned by this user in the host. +If there is no owner with UID 999, you can create the corresponding user and +group. + +`groupadd -r --gid 999 mongodb && useradd -r --uid 999 -g mongodb mongodb` + + ```text docker run \ --detach \ --name=mongodb \ --publish=172.17.0.1:27017:27017 \ + --restart=always \ + --volume=/tmp/mongodb_docker/db:/data/db \ + --volume=/tmp/mongodb_docker/configdb:/data/configdb \ mongo:3.4.1 --replSet=bigchain-rs ``` @@ -100,6 +116,7 @@ docker run \ --detach \ --name=bigchaindb \ --publish=59984:9984 \ + --restart=always \ --volume=$HOME/bigchaindb_docker:/data \ bigchaindb/bigchaindb \ start From 5584de59b0020cae8addc85049300433318637c6 Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Fri, 3 Mar 2017 11:36:50 +0100 Subject: [PATCH 046/283] Make ValidationError a superclass of all validation errors and use it --- bigchaindb/common/exceptions.py | 106 +++++++++++++------------ bigchaindb/core.py | 32 +------- bigchaindb/models.py | 71 +++++------------ bigchaindb/pipelines/block.py | 14 ++-- bigchaindb/pipelines/vote.py | 10 ++- bigchaindb/web/views/transactions.py | 27 +------ tests/assets/test_digital_assets.py | 5 +- tests/db/test_bigchain_api.py | 21 ++--- tests/pipelines/test_block_creation.py | 27 +++---- tests/pipelines/test_vote.py | 15 +++- tests/test_models.py | 8 +- tests/web/test_transactions.py | 10 +-- 12 files changed, 140 insertions(+), 206 deletions(-) diff --git a/bigchaindb/common/exceptions.py b/bigchaindb/common/exceptions.py index 60340492..4b95f84b 100644 --- a/bigchaindb/common/exceptions.py +++ b/bigchaindb/common/exceptions.py @@ -7,40 +7,6 @@ class ConfigurationError(BigchainDBError): """Raised when there is a problem with server configuration""" -class OperationError(BigchainDBError): - """Raised when an operation cannot go through""" - - -class TransactionDoesNotExist(BigchainDBError): - """Raised if the transaction is not in the database""" - - -class TransactionOwnerError(BigchainDBError): - """Raised if a user tries to transfer a transaction they don't own""" - - -class DoubleSpend(BigchainDBError): - """Raised if a double spend is found""" - - -class ValidationError(BigchainDBError): - """Raised if there was an error in validation""" - - -class InvalidHash(ValidationError): - """Raised if there was an error checking the hash for a particular - operation""" - - -class SchemaValidationError(ValidationError): - """Raised if there was any error validating an object's schema""" - - -class InvalidSignature(BigchainDBError): - """Raised if there was an error checking the signature for a particular - operation""" - - class DatabaseAlreadyExists(BigchainDBError): """Raised when trying to create the database but the db is already there""" @@ -49,6 +15,18 @@ class DatabaseDoesNotExist(BigchainDBError): """Raised when trying to delete the database but the db is not there""" +class StartupError(BigchainDBError): + """Raised when there is an error starting up the system""" + + +class GenesisBlockAlreadyExistsError(BigchainDBError): + """Raised when trying to create the already existing genesis block""" + + +class CyclicBlockchainError(BigchainDBError): + """Raised when there is a cycle in the blockchain""" + + class KeypairNotFoundException(BigchainDBError): """Raised if operation cannot proceed because the keypair was not given""" @@ -58,34 +36,64 @@ class KeypairMismatchException(BigchainDBError): current owner(s)""" -class StartupError(BigchainDBError): - """Raised when there is an error starting up the system""" +class OperationError(BigchainDBError): + """Raised when an operation cannot go through""" -class ImproperVoteError(BigchainDBError): +################################################################################ +# Validation errors + + +class ValidationError(BigchainDBError): + """Raised if there was an error in validation""" + + +class DoubleSpend(ValidationError): + """Raised if a double spend is found""" + + +class InvalidHash(ValidationError): + """Raised if there was an error checking the hash for a particular + operation""" + + +class SchemaValidationError(ValidationError): + """Raised if there was any error validating an object's schema""" + + +class InvalidSignature(ValidationError): + """Raised if there was an error checking the signature for a particular + operation""" + + +class ImproperVoteError(ValidationError): """Raised if a vote is not constructed correctly, or signed incorrectly""" -class MultipleVotesError(BigchainDBError): +class MultipleVotesError(ValidationError): """Raised if a voter has voted more than once""" -class GenesisBlockAlreadyExistsError(BigchainDBError): - """Raised when trying to create the already existing genesis block""" - - -class CyclicBlockchainError(BigchainDBError): - """Raised when there is a cycle in the blockchain""" - - -class TransactionNotInValidBlock(BigchainDBError): +class TransactionNotInValidBlock(ValidationError): """Raised when a transfer transaction is attempting to fulfill the outputs of a transaction that is in an invalid or undecided block""" -class AssetIdMismatch(BigchainDBError): +class AssetIdMismatch(ValidationError): """Raised when multiple transaction inputs related to different assets""" -class AmountError(BigchainDBError): +class AmountError(ValidationError): """Raised when there is a problem with a transaction's output amounts""" + + +class TransactionDoesNotExist(ValidationError): + """Raised if the transaction is not in the database""" + + +class TransactionOwnerError(ValidationError): + """Raised if a user tries to transfer a transaction they don't own""" + + +class SybilError(ValidationError): + """If a block or vote comes from an unidentifiable node""" diff --git a/bigchaindb/core.py b/bigchaindb/core.py index 9f93d47a..084df928 100644 --- a/bigchaindb/core.py +++ b/bigchaindb/core.py @@ -162,31 +162,6 @@ class Bigchain(object): return self.consensus.validate_transaction(self, transaction) - def is_valid_transaction(self, transaction): - """Check whether a transaction is valid or invalid. - - Similar to :meth:`~bigchaindb.Bigchain.validate_transaction` - but never raises an exception. It returns :obj:`False` if - the transaction is invalid. - - Args: - transaction (:Class:`~bigchaindb.models.Transaction`): transaction - to check. - - Returns: - The :class:`~bigchaindb.models.Transaction` instance if valid, - otherwise :obj:`False`. - """ - - try: - return self.validate_transaction(transaction) - except (ValueError, exceptions.OperationError, - exceptions.TransactionDoesNotExist, - exceptions.TransactionOwnerError, exceptions.DoubleSpend, - exceptions.InvalidHash, exceptions.InvalidSignature, - exceptions.TransactionNotInValidBlock, exceptions.AmountError): - return False - def is_new_transaction(self, txid, exclude_block_id=None): """ Return True if the transaction does not exist in any @@ -386,10 +361,9 @@ class Bigchain(object): if self.get_transaction(transaction['id']): num_valid_transactions += 1 if num_valid_transactions > 1: - raise exceptions.DoubleSpend(('`{}` was spent more than' - ' once. There is a problem' - ' with the chain') - .format(txid)) + raise exceptions.BigchainDBCritical( + '`{}` was spent more than once. There is a problem' + ' with the chain'.format(txid)) if num_valid_transactions: return Transaction.from_dict(transactions[0]) diff --git a/bigchaindb/models.py b/bigchaindb/models.py index ee7efe8f..fd71f98d 100644 --- a/bigchaindb/models.py +++ b/bigchaindb/models.py @@ -1,9 +1,9 @@ from bigchaindb.common.crypto import hash_data, PublicKey, PrivateKey from bigchaindb.common.exceptions import (InvalidHash, InvalidSignature, - OperationError, DoubleSpend, - TransactionDoesNotExist, + DoubleSpend, TransactionDoesNotExist, TransactionNotInValidBlock, - AssetIdMismatch, AmountError) + AssetIdMismatch, AmountError, + SybilError, ValidationError) from bigchaindb.common.transaction import Transaction from bigchaindb.common.utils import gen_timestamp, serialize from bigchaindb.common.schema import validate_transaction_schema @@ -22,19 +22,10 @@ class Transaction(Transaction): invalid. Raises: - OperationError: if the transaction operation is not supported - TransactionDoesNotExist: if the input of the transaction is not - found - TransactionNotInValidBlock: if the input of the transaction is not - in a valid block - TransactionOwnerError: if the new transaction is using an input it - doesn't own - DoubleSpend: if the transaction is a double spend - InvalidHash: if the hash of the transaction is wrong - InvalidSignature: if the signature of the transaction is wrong + ValidationError: If the transaction is invalid """ if len(self.inputs) == 0: - raise ValueError('Transaction contains no inputs') + raise ValidationError('Transaction contains no inputs') input_conditions = [] inputs_defined = all([input_.fulfills for input_ in self.inputs]) @@ -46,20 +37,20 @@ class Transaction(Transaction): if self.operation in (Transaction.CREATE, Transaction.GENESIS): # validate asset if self.asset['data'] is not None and not isinstance(self.asset['data'], dict): - raise TypeError(('`asset.data` must be a dict instance or ' - 'None for `CREATE` transactions')) + raise ValidationError(('`asset.data` must be a dict instance or ' + 'None for `CREATE` transactions')) # validate inputs if inputs_defined: - raise ValueError('A CREATE operation has no inputs') + raise ValidationError('A CREATE operation has no inputs') elif self.operation == Transaction.TRANSFER: # validate asset if not isinstance(self.asset['id'], str): - raise ValueError(('`asset.id` must be a string for ' - '`TRANSFER` transations')) + raise ValidationError('`asset.id` must be a string for ' + '`TRANSFER` transations') # check inputs if not inputs_defined: - raise ValueError('Only `CREATE` transactions can have null ' - 'inputs') + raise ValidationError('Only `CREATE` transactions can have ' + 'null inputs') # store the inputs so that we can check if the asset ids match input_txs = [] @@ -116,8 +107,8 @@ class Transaction(Transaction): else: allowed_operations = ', '.join(Transaction.ALLOWED_OPERATIONS) - raise TypeError('`operation`: `{}` must be either {}.' - .format(self.operation, allowed_operations)) + raise ValidationError('`operation`: `{}` must be either {}.' + .format(self.operation, allowed_operations)) if not self.inputs_valid(input_conditions): raise InvalidSignature('Transaction signature is invalid.') @@ -205,18 +196,8 @@ class Block(object): raised. Raises: - OperationError: If a non-federation node signed the Block. - InvalidSignature: If a Block's signature is invalid or if the - block contains a transaction with an invalid signature. - OperationError: if the transaction operation is not supported - TransactionDoesNotExist: if the input of the transaction is not - found - TransactionNotInValidBlock: if the input of the transaction is not - in a valid block - TransactionOwnerError: if the new transaction is using an input it - doesn't own - DoubleSpend: if the transaction is a double spend - InvalidHash: if the hash of the transaction is wrong + ValidationError: If the block or any transaction in the block does + not validate """ self._validate_block(bigchain) @@ -232,13 +213,12 @@ class Block(object): object. Raises: - OperationError: If a non-federation node signed the Block. - InvalidSignature: If a Block's signature is invalid. + ValidationError: If there is a problem with the block """ # Check if the block was created by a federation node possible_voters = (bigchain.nodes_except_me + [bigchain.me]) if self.node_pubkey not in possible_voters: - raise OperationError('Only federation nodes can create blocks') + raise SybilError('Only federation nodes can create blocks') # Check that the signature is valid if not self.is_signature_valid(): @@ -251,16 +231,7 @@ class Block(object): bigchain (Bigchain): an instantiated bigchaindb.Bigchain object. Raises: - OperationError: if the transaction operation is not supported - TransactionDoesNotExist: if the input of the transaction is not - found - TransactionNotInValidBlock: if the input of the transaction is not - in a valid block - TransactionOwnerError: if the new transaction is using an input it - doesn't own - DoubleSpend: if the transaction is a double spend - InvalidHash: if the hash of the transaction is wrong - InvalidSignature: if the signature of the transaction is wrong + ValidationError: If an invalid transaction is found """ for tx in self.transactions: # If a transaction is not valid, `validate_transactions` will @@ -341,10 +312,10 @@ class Block(object): dict: The Block as a dict. Raises: - OperationError: If the Block doesn't contain any transactions. + ValueError: If the Block doesn't contain any transactions. """ if len(self.transactions) == 0: - raise OperationError('Empty block creation is not allowed') + raise ValueError('Empty block creation is not allowed') block = { 'timestamp': self.timestamp, diff --git a/bigchaindb/pipelines/block.py b/bigchaindb/pipelines/block.py index 1f2e9017..2a43686a 100644 --- a/bigchaindb/pipelines/block.py +++ b/bigchaindb/pipelines/block.py @@ -13,8 +13,7 @@ import bigchaindb from bigchaindb import backend from bigchaindb.backend.changefeed import ChangeFeed from bigchaindb.models import Transaction -from bigchaindb.common.exceptions import (SchemaValidationError, InvalidHash, - InvalidSignature, AmountError) +from bigchaindb.common.exceptions import ValidationError from bigchaindb import Bigchain @@ -63,8 +62,7 @@ class BlockPipeline: """ try: tx = Transaction.from_dict(tx) - except (SchemaValidationError, InvalidHash, InvalidSignature, - AmountError): + except ValidationError: return None # If transaction is in any VALID or UNDECIDED block we @@ -74,12 +72,14 @@ class BlockPipeline: return None # If transaction is not valid it should not be included - if not self.bigchain.is_valid_transaction(tx): + try: + tx.validate(self.bigchain) + return tx + except ValidationError as e: + # todo: log self.bigchain.delete_transaction(tx.id) return None - return tx - def create(self, tx, timeout=False): """Create a block. diff --git a/bigchaindb/pipelines/vote.py b/bigchaindb/pipelines/vote.py index da28cb30..088c4eac 100644 --- a/bigchaindb/pipelines/vote.py +++ b/bigchaindb/pipelines/vote.py @@ -61,7 +61,7 @@ class Vote: return block['id'], [self.invalid_dummy_tx] try: block._validate_block(self.bigchain) - except (exceptions.OperationError, exceptions.InvalidSignature): + except exceptions.ValidationError: # XXX: if a block is invalid we should skip the `validate_tx` # step, but since we are in a pipeline we cannot just jump to # another function. Hackish solution: generate an invalid @@ -105,7 +105,13 @@ class Vote: if not new: return False, block_id, num_tx - valid = bool(self.bigchain.is_valid_transaction(tx)) + try: + tx.validate(self.bigchain) + valid = True + except exceptions.ValidationError: + # TODO: log + valid = False + return valid, block_id, num_tx def vote(self, tx_validity, block_id, num_tx): diff --git a/bigchaindb/web/views/transactions.py b/bigchaindb/web/views/transactions.py index 7acaa279..925aed7a 100644 --- a/bigchaindb/web/views/transactions.py +++ b/bigchaindb/web/views/transactions.py @@ -9,20 +9,7 @@ import logging from flask import current_app, request from flask_restful import Resource, reqparse - -from bigchaindb.common.exceptions import ( - AmountError, - DoubleSpend, - InvalidHash, - InvalidSignature, - SchemaValidationError, - OperationError, - TransactionDoesNotExist, - TransactionOwnerError, - TransactionNotInValidBlock, - ValidationError, -) - +from bigchaindb.common.exceptions import SchemaValidationError, ValidationError from bigchaindb.models import Transaction from bigchaindb.web.views.base import make_error from bigchaindb.web.views import parameters @@ -84,7 +71,7 @@ class TransactionListApi(Resource): message='Invalid transaction schema: {}'.format( e.__cause__.message) ) - except (ValidationError, InvalidSignature) as e: + except ValidationError as e: return make_error( 400, 'Invalid transaction ({}): {}'.format(type(e).__name__, e) @@ -93,15 +80,7 @@ class TransactionListApi(Resource): with pool() as bigchain: try: bigchain.validate_transaction(tx_obj) - except (ValueError, - OperationError, - TransactionDoesNotExist, - TransactionOwnerError, - DoubleSpend, - InvalidHash, - InvalidSignature, - TransactionNotInValidBlock, - AmountError) as e: + except ValidationError as e: return make_error( 400, 'Invalid transaction ({}): {}'.format(type(e).__name__, e) diff --git a/tests/assets/test_digital_assets.py b/tests/assets/test_digital_assets.py index 1dc4764f..d44bc52c 100644 --- a/tests/assets/test_digital_assets.py +++ b/tests/assets/test_digital_assets.py @@ -1,3 +1,4 @@ +from bigchaindb.common.exceptions import ValidationError import pytest import random @@ -26,7 +27,7 @@ def test_validate_bad_asset_creation(b, user_pk): tx.asset['data'] = 'a' tx_signed = tx.sign([b.me_private]) - with pytest.raises(TypeError): + with pytest.raises(ValidationError): b.validate_transaction(tx_signed) @@ -108,4 +109,4 @@ def test_create_valid_divisible_asset(b, user_pk, user_sk): tx = Transaction.create([user_pk], [([user_pk], 2)]) tx_signed = tx.sign([user_sk]) - assert b.is_valid_transaction(tx_signed) + tx_signed.validate(b) diff --git a/tests/db/test_bigchain_api.py b/tests/db/test_bigchain_api.py index 96779e60..1f71862a 100644 --- a/tests/db/test_bigchain_api.py +++ b/tests/db/test_bigchain_api.py @@ -3,6 +3,8 @@ from time import sleep import pytest from unittest.mock import patch +from bigchaindb.common.exceptions import ValidationError + pytestmark = pytest.mark.bdb @@ -565,14 +567,14 @@ class TestTransactionValidation(object): # Manipulate input so that it has a `fulfills` defined even # though it shouldn't have one create_tx.inputs[0].fulfills = TransactionLink('abc', 0) - with pytest.raises(ValueError) as excinfo: + with pytest.raises(ValidationError) as excinfo: b.validate_transaction(create_tx) assert excinfo.value.args[0] == 'A CREATE operation has no inputs' def test_transfer_operation_no_inputs(self, b, user_pk, signed_transfer_tx): signed_transfer_tx.inputs[0].fulfills = None - with pytest.raises(ValueError) as excinfo: + with pytest.raises(ValidationError) as excinfo: b.validate_transaction(signed_transfer_tx) assert excinfo.value.args[0] == 'Only `CREATE` transactions can have null inputs' @@ -741,7 +743,7 @@ class TestBlockValidation(object): b.validate_block(block) def test_invalid_node_pubkey(self, b): - from bigchaindb.common.exceptions import OperationError + from bigchaindb.common.exceptions import SybilError from bigchaindb.common import crypto # blocks can only be created by a federation node @@ -758,8 +760,8 @@ class TestBlockValidation(object): # from a non federation node block = block.sign(tmp_sk) - # check that validate_block raises an OperationError - with pytest.raises(OperationError): + # check that validate_block raises an SybilError + with pytest.raises(SybilError): b.validate_block(block) @@ -778,7 +780,7 @@ class TestMultipleInputs(object): tx = tx.sign([user_sk]) # validate transaction - assert b.is_valid_transaction(tx) == tx + tx.validate(b) assert len(tx.inputs) == 1 assert len(tx.outputs) == 1 @@ -800,7 +802,7 @@ class TestMultipleInputs(object): asset_id=input_tx.id) tx = tx.sign([user_sk]) - assert b.is_valid_transaction(tx) == tx + tx.validate(b) assert len(tx.inputs) == 1 assert len(tx.outputs) == 1 @@ -832,7 +834,7 @@ class TestMultipleInputs(object): transfer_tx = transfer_tx.sign([user_sk, user2_sk]) # validate transaction - assert b.is_valid_transaction(transfer_tx) == transfer_tx + transfer_tx.validate(b) assert len(transfer_tx.inputs) == 1 assert len(transfer_tx.outputs) == 1 @@ -865,7 +867,7 @@ class TestMultipleInputs(object): asset_id=tx_input.id) tx = tx.sign([user_sk, user2_sk]) - assert b.is_valid_transaction(tx) == tx + tx.validate(b) assert len(tx.inputs) == 1 assert len(tx.outputs) == 1 @@ -1219,7 +1221,6 @@ def test_cant_spend_same_input_twice_in_tx(b, genesis_block): tx_transfer = Transaction.transfer(dup_inputs, [([b.me], 200)], asset_id=tx_create.id) tx_transfer_signed = tx_transfer.sign([b.me_private]) - assert b.is_valid_transaction(tx_transfer_signed) is False with pytest.raises(DoubleSpend): tx_transfer_signed.validate(b) diff --git a/tests/pipelines/test_block_creation.py b/tests/pipelines/test_block_creation.py index 2991f3cf..de829167 100644 --- a/tests/pipelines/test_block_creation.py +++ b/tests/pipelines/test_block_creation.py @@ -46,28 +46,19 @@ def test_validate_transaction_handles_exceptions(b, signed_create_tx): """ from bigchaindb.pipelines.block import BlockPipeline block_maker = BlockPipeline() + from bigchaindb.common.exceptions import ValidationError - # Test SchemaValidationError tx_dict = signed_create_tx.to_dict() - tx_dict['invalid_key'] = 'schema validation gonna getcha!' - assert block_maker.validate_tx(tx_dict) is None - # Test InvalidHash - tx_dict = signed_create_tx.to_dict() - tx_dict['id'] = 'a' * 64 - assert block_maker.validate_tx(tx_dict) is None + with patch('bigchaindb.models.Transaction.validate') as validate: + # Assert that validationerror gets caught + validate.side_effect = ValidationError() + assert block_maker.validate_tx(tx_dict) is None - # Test InvalidSignature when we pass a bad fulfillment - tx_dict = signed_create_tx.to_dict() - tx_dict['inputs'][0]['fulfillment'] = 'cf:0:aaaaaaaaaaaaaaaaaaaaaaaaa' - assert block_maker.validate_tx(tx_dict) is None - - # Test AmountError - signed_create_tx.outputs[0].amount = 0 - tx_dict = signed_create_tx.to_dict() - # set the correct value back so that we can continue using it - signed_create_tx.outputs[0].amount = 1 - assert block_maker.validate_tx(tx_dict) is None + # Assert that another error doesnt + validate.side_effect = IOError() + with pytest.raises(IOError): + block_maker.validate_tx(tx_dict) def test_create_block(b, user_pk): diff --git a/tests/pipelines/test_vote.py b/tests/pipelines/test_vote.py index 20beac1e..aaa184f0 100644 --- a/tests/pipelines/test_vote.py +++ b/tests/pipelines/test_vote.py @@ -135,10 +135,17 @@ def test_vote_validate_transaction(b): validation = vote_obj.validate_tx(tx, 123, 1) assert validation == (True, 123, 1) - # NOTE: Submit unsigned transaction to `validate_tx` yields `False`. - tx = Transaction.create([b.me], [([b.me], 1)]) - validation = vote_obj.validate_tx(tx, 456, 10) - assert validation == (False, 456, 10) + with patch('bigchaindb.models.Transaction.validate') as validate: + # Assert that validationerror gets caught + validate.side_effect = ValidationError() + validation = vote_obj.validate_tx(tx, 456, 10) + assert validation == (False, 456, 10) + + # Assert that another error doesnt + validate.side_effect = IOError() + with pytest.raises(IOError): + validation = vote_obj.validate_tx(tx, 456, 10) + @pytest.mark.genesis diff --git a/tests/test_models.py b/tests/test_models.py index 8de3a6c2..e3252f9b 100644 --- a/tests/test_models.py +++ b/tests/test_models.py @@ -1,4 +1,5 @@ from pytest import raises +from bigchaindb.common.exceptions import ValidationError class TestTransactionModel(object): @@ -8,12 +9,12 @@ class TestTransactionModel(object): tx = Transaction.create([b.me], [([b.me], 1)]) tx.operation = 'something invalid' - with raises(TypeError): + with raises(ValidationError): tx.validate(b) tx.operation = 'CREATE' tx.inputs = [] - with raises(ValueError): + with raises(ValidationError): tx.validate(b) @@ -61,11 +62,10 @@ class TestBlockModel(object): assert block.to_dict() == expected def test_block_invalid_serializaton(self): - from bigchaindb.common.exceptions import OperationError from bigchaindb.models import Block block = Block([]) - with raises(OperationError): + with raises(ValueError): block.to_dict() def test_block_deserialization(self, b): diff --git a/tests/web/test_transactions.py b/tests/web/test_transactions.py index 71f4f0e9..cf4105e9 100644 --- a/tests/web/test_transactions.py +++ b/tests/web/test_transactions.py @@ -1,4 +1,3 @@ -import builtins import json from unittest.mock import patch @@ -113,18 +112,15 @@ def test_post_create_transaction_with_invalid_schema(client, caplog): ('DoubleSpend', 'Nope! It is gone now!'), ('InvalidHash', 'Do not smoke that!'), ('InvalidSignature', 'Falsche Unterschrift!'), - ('OperationError', 'Create and transfer!'), + ('ValidationError', 'Create and transfer!'), ('TransactionDoesNotExist', 'Hallucinations?'), ('TransactionOwnerError', 'Not yours!'), ('TransactionNotInValidBlock', 'Wait, maybe?'), - ('ValueError', '?'), + ('ValidationError', '?'), )) def test_post_invalid_transaction(client, exc, msg, monkeypatch, caplog): from bigchaindb.common import exceptions - try: - exc_cls = getattr(exceptions, exc) - except AttributeError: - exc_cls = getattr(builtins, 'ValueError') + exc_cls = getattr(exceptions, exc) def mock_validation(self_, tx): raise exc_cls(msg) From 59e21bfa4dba107e189f5bfb9aab998fcccff06b Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Fri, 3 Mar 2017 11:52:12 +0100 Subject: [PATCH 047/283] fix test, log tx validation errors and document ValidationError --- bigchaindb/common/exceptions.py | 5 +++++ bigchaindb/pipelines/block.py | 2 +- bigchaindb/pipelines/vote.py | 4 ++-- tests/pipelines/test_vote.py | 3 +-- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/bigchaindb/common/exceptions.py b/bigchaindb/common/exceptions.py index 4b95f84b..76513010 100644 --- a/bigchaindb/common/exceptions.py +++ b/bigchaindb/common/exceptions.py @@ -42,6 +42,11 @@ class OperationError(BigchainDBError): ################################################################################ # Validation errors +# +# All validation errors (which are handleable errors, not faults) should +# subclass ValidationError. However, where possible they should also have their +# own distinct type to differentiate them from other validation errors, +# especially for the purposes of testing. class ValidationError(BigchainDBError): diff --git a/bigchaindb/pipelines/block.py b/bigchaindb/pipelines/block.py index 2a43686a..b1d6cdee 100644 --- a/bigchaindb/pipelines/block.py +++ b/bigchaindb/pipelines/block.py @@ -76,7 +76,7 @@ class BlockPipeline: tx.validate(self.bigchain) return tx except ValidationError as e: - # todo: log + logger.warning('Invalid tx: %s' % e) self.bigchain.delete_transaction(tx.id) return None diff --git a/bigchaindb/pipelines/vote.py b/bigchaindb/pipelines/vote.py index 088c4eac..0431e20b 100644 --- a/bigchaindb/pipelines/vote.py +++ b/bigchaindb/pipelines/vote.py @@ -108,8 +108,8 @@ class Vote: try: tx.validate(self.bigchain) valid = True - except exceptions.ValidationError: - # TODO: log + except exceptions.ValidationError as e: + logger.warning('Invalid tx: %s' % e) valid = False return valid, block_id, num_tx diff --git a/tests/pipelines/test_vote.py b/tests/pipelines/test_vote.py index aaa184f0..fa167d17 100644 --- a/tests/pipelines/test_vote.py +++ b/tests/pipelines/test_vote.py @@ -128,7 +128,7 @@ def test_validate_block_with_invalid_signature(b): @pytest.mark.genesis def test_vote_validate_transaction(b): from bigchaindb.pipelines import vote - from bigchaindb.models import Transaction + from bigchaindb.common.exceptions import ValidationError tx = dummy_tx(b) vote_obj = vote.Vote() @@ -147,7 +147,6 @@ def test_vote_validate_transaction(b): validation = vote_obj.validate_tx(tx, 456, 10) - @pytest.mark.genesis def test_vote_accumulates_transactions(b): from bigchaindb.pipelines import vote From 9228e693551f8ad514e99a0ef2c44fa9672f60c0 Mon Sep 17 00:00:00 2001 From: "krish7919 (Krish)" Date: Fri, 3 Mar 2017 12:07:49 +0100 Subject: [PATCH 048/283] Run bdb:latest with rdb:2.3 as separate containers in the same pod --- k8s/node-ss.yaml | 46 ++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 40 insertions(+), 6 deletions(-) diff --git a/k8s/node-ss.yaml b/k8s/node-ss.yaml index 9580daf6..f660aebc 100644 --- a/k8s/node-ss.yaml +++ b/k8s/node-ss.yaml @@ -1,6 +1,6 @@ -##################################################### -# This config file uses bdb v0.9.1 with bundled rdb # -##################################################### +################################################################## +# This config file uses bdb:latest with a spearate rethinkdb:2.3 # +################################################################## apiVersion: v1 kind: Service @@ -37,8 +37,8 @@ spec: annotations: pod.beta.kubernetes.io/init-containers: '[ { - "name": "bdb091-configure", - "image": "bigchaindb/bigchaindb:0.9.1", + "name": "bdb-configure", + "image": "bigchaindb/bigchaindb:latest", "command": ["bigchaindb", "-y", "configure", "rethinkdb"], "volumeMounts": [ { @@ -52,7 +52,7 @@ spec: terminationGracePeriodSeconds: 10 containers: - name: bdb091-server - image: bigchaindb/bigchaindb:0.9.1 + image: bigchaindb/bigchaindb:latest args: - -c - /data/.bigchaindb @@ -82,8 +82,42 @@ spec: port: 9984 initialDelaySeconds: 15 timeoutSeconds: 10 + - name: rethinkdb + image: rethinkdb:2.3 + imagePullPolicy: IfNotPresent + ports: + - containerPort: 8080 + hostPort: 8080 + name: rdb-http-port + protocol: TCP + - containerPort: 28015 + hostPort: 28015 + name: rdb-client-port + protocol: TCP + volumeMounts: + - name: rdb-data + mountPath: /data + resources: + limits: + cpu: 200m + memory: 768Mi + livenessProbe: + httpGet: + path: / + port: 8080 + initialDelaySeconds: 15 + timeoutSeconds: 10 + readinessProbe: + httpGet: + path: / + port: 8080 + initialDelaySeconds: 15 + timeoutSeconds: 10 restartPolicy: Always volumes: - name: bigchaindb-data hostPath: path: /disk/bigchaindb-data + - name: rdb-data + hostPath: + path: /disk/rdb-data From bbe9d4fc88625e5c880525482b16fb51cd061c78 Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Fri, 3 Mar 2017 13:24:30 +0100 Subject: [PATCH 049/283] add some clarifications to test_voting.py --- tests/test_voting.py | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/tests/test_voting.py b/tests/test_voting.py index 404f4c93..a14345a2 100644 --- a/tests/test_voting.py +++ b/tests/test_voting.py @@ -49,6 +49,9 @@ def test_count_votes(): 'counts': { 'n_valid': 9, # 9 kosher votes 'n_invalid': 4, # 1 cheat, 1 invalid, 1 malformed, 1 rogue prev block + # One of the cheat votes counts towards n_invalid, the other is + # not counted here. + # len(cheat) + n_valid + n_invalid == len(votes) }, 'cheat': [votes[:2]], 'malformed': [votes[3]], @@ -83,18 +86,15 @@ def test_must_agree_prev_block(): # Tests for vote decision making -DECISION_TESTS = [dict( - zip(['n_voters', 'n_valid', 'n_invalid'], t)) - for t in [ - (1, 1, 1), - (2, 2, 1), - (3, 2, 2), - (4, 3, 2), - (5, 3, 3), - (6, 4, 3), - (7, 4, 4), - (8, 5, 4), - ] +DECISION_TESTS = [ + {'n_voters': 1, 'n_valid': 1, 'n_invalid': 1}, + {'n_voters': 2, 'n_valid': 2, 'n_invalid': 1}, + {'n_voters': 3, 'n_valid': 2, 'n_invalid': 2}, + {'n_voters': 4, 'n_valid': 3, 'n_invalid': 2}, + {'n_voters': 5, 'n_valid': 3, 'n_invalid': 3}, + {'n_voters': 6, 'n_valid': 4, 'n_invalid': 3}, + {'n_voters': 7, 'n_valid': 4, 'n_invalid': 4}, + {'n_voters': 8, 'n_valid': 5, 'n_invalid': 4} ] From 3346fcb47b993c6d6fb88a20792fdb8b0fa47202 Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Fri, 3 Mar 2017 13:48:52 +0100 Subject: [PATCH 050/283] break BigchainDBCritical into CriticalDoubleSpend and CriticalDoubleInclusion and add test --- bigchaindb/backend/exceptions.py | 8 ++++-- bigchaindb/core.py | 4 +-- tests/db/test_bigchain_api.py | 43 +++++++++++++++++++++++++++++--- 3 files changed, 47 insertions(+), 8 deletions(-) diff --git a/bigchaindb/backend/exceptions.py b/bigchaindb/backend/exceptions.py index 3b712b08..a5eff242 100644 --- a/bigchaindb/backend/exceptions.py +++ b/bigchaindb/backend/exceptions.py @@ -17,5 +17,9 @@ class DuplicateKeyError(OperationError): """Exception raised when an insert fails because the key is not unique""" -class BigchainDBCritical(Exception): - """Unhandleable error that requires attention""" +class CriticalDoubleSpend(BigchainDBError): + """Data integrity error that requires attention""" + + +class CriticalDoubleInclusion(BigchainDBError): + """Data integrity error that requires attention""" diff --git a/bigchaindb/core.py b/bigchaindb/core.py index 084df928..c0da6177 100644 --- a/bigchaindb/core.py +++ b/bigchaindb/core.py @@ -308,7 +308,7 @@ class Bigchain(object): if list(validity.values()).count(Bigchain.BLOCK_VALID) > 1: block_ids = str([block for block in validity if validity[block] == Bigchain.BLOCK_VALID]) - raise backend_exceptions.BigchainDBCritical( + raise backend_exceptions.CriticalDoubleInclusion( 'Transaction {tx} is present in ' 'multiple valid blocks: {block_ids}' .format(tx=txid, block_ids=block_ids)) @@ -361,7 +361,7 @@ class Bigchain(object): if self.get_transaction(transaction['id']): num_valid_transactions += 1 if num_valid_transactions > 1: - raise exceptions.BigchainDBCritical( + raise backend_exceptions.CriticalDoubleSpend( '`{}` was spent more than once. There is a problem' ' with the chain'.format(txid)) diff --git a/tests/db/test_bigchain_api.py b/tests/db/test_bigchain_api.py index 1f71862a..f56c9e5a 100644 --- a/tests/db/test_bigchain_api.py +++ b/tests/db/test_bigchain_api.py @@ -93,7 +93,7 @@ class TestBigchainApi(object): @pytest.mark.genesis def test_get_spent_with_double_inclusion_detected(self, b, monkeypatch): - from bigchaindb.backend.exceptions import BigchainDBCritical + from bigchaindb.backend.exceptions import CriticalDoubleInclusion from bigchaindb.models import Transaction tx = Transaction.create([b.me], [([b.me], 1)]) @@ -123,12 +123,47 @@ class TestBigchainApi(object): vote = b.vote(block3.id, b.get_last_voted_block().id, True) b.write_vote(vote) - with pytest.raises(BigchainDBCritical): + with pytest.raises(CriticalDoubleInclusion): + b.get_spent(tx.id, 0) + + @pytest.mark.genesis + def test_get_spent_with_double_spend_detected(self, b, monkeypatch): + from bigchaindb.backend.exceptions import CriticalDoubleSpend + from bigchaindb.models import Transaction + + tx = Transaction.create([b.me], [([b.me], 1)]) + tx = tx.sign([b.me_private]) + + monkeypatch.setattr('time.time', lambda: 1000000000) + block1 = b.create_block([tx]) + b.write_block(block1) + + monkeypatch.setattr('time.time', lambda: 1000000020) + transfer_tx = Transaction.transfer(tx.to_inputs(), [([b.me], 1)], + asset_id=tx.id) + transfer_tx = transfer_tx.sign([b.me_private]) + block2 = b.create_block([transfer_tx]) + b.write_block(block2) + + monkeypatch.setattr('time.time', lambda: 1000000030) + transfer_tx2 = Transaction.transfer(tx.to_inputs(), [([b.me], 2)], + asset_id=tx.id) + transfer_tx2 = transfer_tx2.sign([b.me_private]) + block3 = b.create_block([transfer_tx2]) + b.write_block(block3) + + # Vote both block2 and block3 valid + vote = b.vote(block2.id, b.get_last_voted_block().id, True) + b.write_vote(vote) + vote = b.vote(block3.id, b.get_last_voted_block().id, True) + b.write_vote(vote) + + with pytest.raises(CriticalDoubleSpend): b.get_spent(tx.id, 0) @pytest.mark.genesis def test_get_block_status_for_tx_with_double_inclusion(self, b, monkeypatch): - from bigchaindb.backend.exceptions import BigchainDBCritical + from bigchaindb.backend.exceptions import CriticalDoubleInclusion from bigchaindb.models import Transaction tx = Transaction.create([b.me], [([b.me], 1)]) @@ -148,7 +183,7 @@ class TestBigchainApi(object): vote = b.vote(block2.id, b.get_last_voted_block().id, True) b.write_vote(vote) - with pytest.raises(BigchainDBCritical): + with pytest.raises(CriticalDoubleInclusion): b.get_blocks_status_containing_tx(tx.id) @pytest.mark.genesis From 30db8a4e3027e25b8d77559e641d5fbcd6ee2763 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Fri, 3 Mar 2017 14:20:43 +0100 Subject: [PATCH 051/283] Renamed 'bdb091-server' to 'bdb-server' --- k8s/node-ss.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/node-ss.yaml b/k8s/node-ss.yaml index f660aebc..ecbf1fcd 100644 --- a/k8s/node-ss.yaml +++ b/k8s/node-ss.yaml @@ -51,7 +51,7 @@ spec: spec: terminationGracePeriodSeconds: 10 containers: - - name: bdb091-server + - name: bdb-server image: bigchaindb/bigchaindb:latest args: - -c From e1d7f95a8c874d3eb9c48cf0425acd3e428e60ea Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Fri, 3 Mar 2017 15:57:35 +0100 Subject: [PATCH 052/283] Switch to PVC for RDB in single BDB+RDB StatefulSet --- k8s/node-ss.yaml | 43 ++++++++++++++++++------------------------- 1 file changed, 18 insertions(+), 25 deletions(-) diff --git a/k8s/node-ss.yaml b/k8s/node-ss.yaml index ecbf1fcd..1ec05868 100644 --- a/k8s/node-ss.yaml +++ b/k8s/node-ss.yaml @@ -34,38 +34,34 @@ spec: name: bdb labels: app: bdb - annotations: - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "bdb-configure", - "image": "bigchaindb/bigchaindb:latest", - "command": ["bigchaindb", "-y", "configure", "rethinkdb"], - "volumeMounts": [ - { - "name": "bigchaindb-data", - "mountPath": "/data" - } - ] - } - ]' spec: terminationGracePeriodSeconds: 10 containers: - name: bdb-server image: bigchaindb/bigchaindb:latest args: - - -c - - /data/.bigchaindb - start + env: + - name: BIGCHAINDB_KEYPAIR_PRIVATE + value: 56mEvwwVxcYsFQ3Y8UTFB8DVBv38yoUhxzDW3DAdLVd2 + - name: BIGCHAINDB_KEYPAIR_PUBLIC + value: 9DsHwiEtvk51UHmNM2eV66czFha69j3CdtNrCj1RcZWR + - name: BIGCHAINDB_KEYRING + value: "" + - name: BIGCHAINDB_DATABASE_BACKEND + value: rethinkdb + - name: BIGCHAINDB_DATABASE_PORT + value: "28015" + - name: BIGCHAINDB_DATABASE_HOST + value: localhost + - name: BIGCHAINDB_SERVER_BIND + value: "0.0.0.0:9984" imagePullPolicy: IfNotPresent ports: - containerPort: 9984 hostPort: 9984 name: bdb-port - protocol: TCP - volumeMounts: - - name: bigchaindb-data - mountPath: /data + protocol: TCP resources: limits: cpu: 200m @@ -115,9 +111,6 @@ spec: timeoutSeconds: 10 restartPolicy: Always volumes: - - name: bigchaindb-data - hostPath: - path: /disk/bigchaindb-data - name: rdb-data - hostPath: - path: /disk/rdb-data + persistentVolumeClaim: + claimName: mongoclaim From 43284798febd805de558b1baed6fcd90cb19ec30 Mon Sep 17 00:00:00 2001 From: "krish7919 (Krish)" Date: Fri, 3 Mar 2017 17:34:50 +0100 Subject: [PATCH 053/283] Run bdb:latest with mongodb:3.4.1 as separate containers in the same pod --- k8s/node-mdb-ss.yaml | 116 +++++++++++++++++++++++++ k8s/{node-ss.yaml => node-rdb-ss.yaml} | 0 2 files changed, 116 insertions(+) create mode 100644 k8s/node-mdb-ss.yaml rename k8s/{node-ss.yaml => node-rdb-ss.yaml} (100%) diff --git a/k8s/node-mdb-ss.yaml b/k8s/node-mdb-ss.yaml new file mode 100644 index 00000000..c4a9f2f3 --- /dev/null +++ b/k8s/node-mdb-ss.yaml @@ -0,0 +1,116 @@ +################################################################## +# This config file uses bdb:latest with a spearate mongodb:3.4.1 # +################################################################## + +apiVersion: v1 +kind: Service +metadata: + name: bdb-service + namespace: default + labels: + name: bdb-service +spec: + selector: + app: bdb + ports: + - port: 9984 + targetPort: 9984 + name: bdb-http-api + - port: 27017 + targetPort: 27017 + name: bdb-mdb-port + type: LoadBalancer +--- +apiVersion: apps/v1beta1 +kind: StatefulSet +metadata: + name: bdb + namespace: default +spec: + serviceName: bdb + replicas: 1 + template: + metadata: + name: bdb + labels: + app: bdb + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "bdb-configure", + "image": "bigchaindb/bigchaindb:latest", + "command": ["bigchaindb", "-y", "configure", "mongodb"], + "volumeMounts": [ + { + "name": "bigchaindb-data", + "mountPath": "/data" + } + ] + } + ]' + spec: + terminationGracePeriodSeconds: 10 + containers: + - name: bdb-server + image: bigchaindb/bigchaindb:latest + args: + - -c + - /data/.bigchaindb + - start + imagePullPolicy: IfNotPresent + ports: + - containerPort: 9984 + hostPort: 9984 + name: bdb-port + protocol: TCP + volumeMounts: + - name: bigchaindb-data + mountPath: /data + resources: + limits: + cpu: 200m + memory: 768Mi + livenessProbe: + httpGet: + path: / + port: bdb-port + initialDelaySeconds: 15 + timeoutSeconds: 10 +# readinessProbe: +# httpGet: +# path: / +# port: bdb-port +# initialDelaySeconds: 15 +# timeoutSeconds: 10 + - name: mongodb + image: mongo:3.4.1 + args: + - --replSet=bigchain-rs + imagePullPolicy: IfNotPresent + ports: + - containerPort: 27017 + hostPort: 27017 + name: mdb-port + protocol: TCP + volumeMounts: + - name: mdb-data + mountPath: /data + resources: + limits: + cpu: 200m + memory: 768Mi + livenessProbe: + tcpSocket: + port: mdb-port + successThreshold: 1 + failureThreshold: 3 + periodSeconds: 15 + timeoutSeconds: 1 + restartPolicy: Always + volumes: + - name: bigchaindb-data + hostPath: + path: /disk/bigchaindb-data + - name: mdb-data + hostPath: + path: /disk/mdb-data diff --git a/k8s/node-ss.yaml b/k8s/node-rdb-ss.yaml similarity index 100% rename from k8s/node-ss.yaml rename to k8s/node-rdb-ss.yaml From 81dee294ea4c4b83b53241a44853f48fa7aeb6fa Mon Sep 17 00:00:00 2001 From: diminator Date: Fri, 17 Feb 2017 09:58:55 +0100 Subject: [PATCH 054/283] unitest for bug --- tests/web/test_outputs.py | 65 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) diff --git a/tests/web/test_outputs.py b/tests/web/test_outputs.py index fd17d46d..0a606991 100644 --- a/tests/web/test_outputs.py +++ b/tests/web/test_outputs.py @@ -47,3 +47,68 @@ def test_get_outputs_endpoint_with_invalid_unspent(client, user_pk): res = client.get(OUTPUTS_ENDPOINT + params) assert expected == res.json assert res.status_code == 400 + + +@pytest.mark.bdb +@pytest.mark.usefixtures('inputs') +def test_get_divisble_transactions_returns_500(b, client): + from bigchaindb.models import Transaction + from bigchaindb.common import crypto + import json + + TX_ENDPOINT = '/api/v1/transactions' + + def mine(tx_list): + block = b.create_block(tx_list) + b.write_block(block) + + # vote the block valid + vote = b.vote(block.id, b.get_last_voted_block().id, True) + b.write_vote(vote) + + alice_priv, alice_pub = crypto.generate_key_pair() + bob_priv, bob_pub = crypto.generate_key_pair() + carly_priv, carly_pub = crypto.generate_key_pair() + + create_tx = Transaction.create([alice_pub], [([alice_pub], 4)]) + create_tx.sign([alice_priv]) + + res = client.post(TX_ENDPOINT, data=json.dumps(create_tx.to_dict())) + assert res.status_code == 202 + + mine([create_tx]) + + transfer_tx = Transaction.transfer(create_tx.to_inputs(), + [([alice_pub], 3), ([bob_pub], 1)], + asset_id=create_tx.id) + transfer_tx.sign([alice_priv]) + + res = client.post(TX_ENDPOINT, data=json.dumps(transfer_tx.to_dict())) + assert res.status_code == 202 + + mine([transfer_tx]) + + transfer_tx_carly = Transaction.transfer([transfer_tx.to_inputs()[1]], + [([carly_pub], 1)], + asset_id=create_tx.id) + transfer_tx_carly.sign([bob_priv]) + + res = client.post(TX_ENDPOINT, data=json.dumps(transfer_tx_carly.to_dict())) + assert res.status_code == 202 + + mine([transfer_tx_carly]) + + asset_id = create_tx.id + + url = TX_ENDPOINT + "?asset_id=" + asset_id + assert client.get(url).status_code == 200 + assert len(client.get(url).json) == 3 + + url = OUTPUTS_ENDPOINT + '?public_key=' + alice_pub + assert client.get(url).status_code == 200 + + url = OUTPUTS_ENDPOINT + '?public_key=' + bob_pub + assert client.get(url).status_code == 200 + + url = OUTPUTS_ENDPOINT + '?public_key=' + carly_pub + assert client.get(url).status_code == 200 From 56243a57ab8f8112e9a75ccc9f1c94eb9b9abc66 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Fri, 3 Mar 2017 02:00:17 +0100 Subject: [PATCH 055/283] Fix indent --- tests/web/test_outputs.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/web/test_outputs.py b/tests/web/test_outputs.py index 0a606991..b8f18d68 100644 --- a/tests/web/test_outputs.py +++ b/tests/web/test_outputs.py @@ -89,8 +89,8 @@ def test_get_divisble_transactions_returns_500(b, client): mine([transfer_tx]) transfer_tx_carly = Transaction.transfer([transfer_tx.to_inputs()[1]], - [([carly_pub], 1)], - asset_id=create_tx.id) + [([carly_pub], 1)], + asset_id=create_tx.id) transfer_tx_carly.sign([bob_priv]) res = client.post(TX_ENDPOINT, data=json.dumps(transfer_tx_carly.to_dict())) From f64401eed3b005c4420c852d4e9c9bb913c27229 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Fri, 3 Mar 2017 17:43:25 +0100 Subject: [PATCH 056/283] Only append tx if it meets the conditions fixes #1231 --- bigchaindb/core.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/bigchaindb/core.py b/bigchaindb/core.py index 9f93d47a..5c72a12b 100644 --- a/bigchaindb/core.py +++ b/bigchaindb/core.py @@ -430,14 +430,13 @@ class Bigchain(object): # check if the owner is in the condition `owners_after` if len(output['public_keys']) == 1: if output['condition']['details']['public_key'] == owner: - tx_link = TransactionLink(tx['id'], index) + links.append(TransactionLink(tx['id'], index)) else: # for transactions with multiple `public_keys` there will be several subfulfillments nested # in the condition. We need to iterate the subfulfillments to make sure there is a # subfulfillment for `owner` if utils.condition_details_has_owner(output['condition']['details'], owner): - tx_link = TransactionLink(tx['id'], index) - links.append(tx_link) + links.append(TransactionLink(tx['id'], index)) return links def get_owned_ids(self, owner): From 93d06b4e2abceb25cb46eecfb9ba43c6120229ab Mon Sep 17 00:00:00 2001 From: "krish7919 (Krish)" Date: Sat, 4 Mar 2017 20:05:30 +0100 Subject: [PATCH 057/283] PVC for MDB in single BDB+MDB StatefulSet --- k8s/node-mdb-ss.yaml | 60 +++++++++++++++++++++----------------------- k8s/node-rdb-ss.yaml | 4 +-- 2 files changed, 30 insertions(+), 34 deletions(-) diff --git a/k8s/node-mdb-ss.yaml b/k8s/node-mdb-ss.yaml index c4a9f2f3..10f22f0f 100644 --- a/k8s/node-mdb-ss.yaml +++ b/k8s/node-mdb-ss.yaml @@ -34,38 +34,43 @@ spec: name: bdb labels: app: bdb - annotations: - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "bdb-configure", - "image": "bigchaindb/bigchaindb:latest", - "command": ["bigchaindb", "-y", "configure", "mongodb"], - "volumeMounts": [ - { - "name": "bigchaindb-data", - "mountPath": "/data" - } - ] - } - ]' + #annotations: + #pod.beta.kubernetes.io/init-containers: '[ + # TODO mongodb user and group; id = 999 spec: terminationGracePeriodSeconds: 10 containers: - name: bdb-server image: bigchaindb/bigchaindb:latest args: - - -c - - /data/.bigchaindb - start + env: + - name: BIGCHAINDB_KEYPAIR_PRIVATE + value: 3CjmRhu718gT1Wkba3LfdqX5pfYuBdaMPLd7ENUga5dm + - name: BIGCHAINDB_KEYPAIR_PUBLIC + value: EEWUAhsk94ZUHhVw7qx9oZiXYDAWc9cRz93eMrsTG4kZ + - name: BIGCHAINDB_KEYRING + value: "" + - name: BIGCHAINDB_DATABASE_BACKEND + value: mongodb + - name: BIGCHAINDB_DATABASE_HOST + value: localhost + - name: BIGCHAINDB_DATABASE_PORT + value: "27017" + - name: BIGCHAINDB_SERVER_BIND + value: "0.0.0.0:9984" + - name: BIGCHAINDB_DATABASE_REPLICASET + value: bigchain-rs + - name: BIGCHAINDB_DATABASE_NAME + value: bigchain + - name: BIGCHAINDB_BACKLOG_REASSIGN_DELAY + value: "120" imagePullPolicy: IfNotPresent ports: - containerPort: 9984 hostPort: 9984 name: bdb-port - protocol: TCP - volumeMounts: - - name: bigchaindb-data - mountPath: /data + protocol: TCP resources: limits: cpu: 200m @@ -76,12 +81,6 @@ spec: port: bdb-port initialDelaySeconds: 15 timeoutSeconds: 10 -# readinessProbe: -# httpGet: -# path: / -# port: bdb-port -# initialDelaySeconds: 15 -# timeoutSeconds: 10 - name: mongodb image: mongo:3.4.1 args: @@ -91,7 +90,7 @@ spec: - containerPort: 27017 hostPort: 27017 name: mdb-port - protocol: TCP + protocol: TCP volumeMounts: - name: mdb-data mountPath: /data @@ -108,9 +107,6 @@ spec: timeoutSeconds: 1 restartPolicy: Always volumes: - - name: bigchaindb-data - hostPath: - path: /disk/bigchaindb-data - name: mdb-data - hostPath: - path: /disk/mdb-data + persistentVolumeClaim: + claimName: mongoclaim diff --git a/k8s/node-rdb-ss.yaml b/k8s/node-rdb-ss.yaml index 1ec05868..4a995213 100644 --- a/k8s/node-rdb-ss.yaml +++ b/k8s/node-rdb-ss.yaml @@ -50,10 +50,10 @@ spec: value: "" - name: BIGCHAINDB_DATABASE_BACKEND value: rethinkdb - - name: BIGCHAINDB_DATABASE_PORT - value: "28015" - name: BIGCHAINDB_DATABASE_HOST value: localhost + - name: BIGCHAINDB_DATABASE_PORT + value: "28015" - name: BIGCHAINDB_SERVER_BIND value: "0.0.0.0:9984" imagePullPolicy: IfNotPresent From 880729cac2059556eb6a25208a571a4dcb900c21 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Sun, 5 Mar 2017 16:47:12 +0100 Subject: [PATCH 058/283] minor changes to 2 yml files + added RDB intracluster port --- k8s/node-mdb-ss.yaml | 10 ++++++---- k8s/node-rdb-ss.yaml | 25 ++++++++++++++++++++----- 2 files changed, 26 insertions(+), 9 deletions(-) diff --git a/k8s/node-mdb-ss.yaml b/k8s/node-mdb-ss.yaml index 10f22f0f..304750c2 100644 --- a/k8s/node-mdb-ss.yaml +++ b/k8s/node-mdb-ss.yaml @@ -1,6 +1,8 @@ -################################################################## -# This config file uses bdb:latest with a spearate mongodb:3.4.1 # -################################################################## +################################################################# +# This YAML file desribes a StatefulSet with two containers: # +# bigchaindb/bigchaindb:latest and mongo:3.4.1 # +# It also describes a Service to expose BigchainDB and MongoDB. # +################################################################# apiVersion: v1 kind: Service @@ -18,7 +20,7 @@ spec: name: bdb-http-api - port: 27017 targetPort: 27017 - name: bdb-mdb-port + name: mongodb-port type: LoadBalancer --- apiVersion: apps/v1beta1 diff --git a/k8s/node-rdb-ss.yaml b/k8s/node-rdb-ss.yaml index 4a995213..fc157746 100644 --- a/k8s/node-rdb-ss.yaml +++ b/k8s/node-rdb-ss.yaml @@ -1,6 +1,10 @@ -################################################################## -# This config file uses bdb:latest with a spearate rethinkdb:2.3 # -################################################################## +############################################################## +# This YAML file desribes a StatefulSet with two containers: # +# bigchaindb/bigchaindb:latest and rethinkdb:2.3 # +# It also describes a Service to expose BigchainDB, # +# the RethinkDB intracluster communications port, and # +# the RethinkDB web interface port. # +############################################################## apiVersion: v1 kind: Service @@ -16,9 +20,12 @@ spec: - port: 9984 targetPort: 9984 name: bdb-http-api + - port: 29015 + targetPort: 29015 + name: rdb-intracluster-comm-port - port: 8080 targetPort: 8080 - name: bdb-rethinkdb-api + name: rdb-web-interface-port type: LoadBalancer --- apiVersion: apps/v1beta1 @@ -56,6 +63,10 @@ spec: value: "28015" - name: BIGCHAINDB_SERVER_BIND value: "0.0.0.0:9984" + - name: BIGCHAINDB_DATABASE_NAME + value: bigchain + - name: BIGCHAINDB_BACKLOG_REASSIGN_DELAY + value: "120" imagePullPolicy: IfNotPresent ports: - containerPort: 9984 @@ -84,7 +95,11 @@ spec: ports: - containerPort: 8080 hostPort: 8080 - name: rdb-http-port + name: rdb-web-interface-port + protocol: TCP + - containerPort: 29015 + hostPort: 29015 + name: rdb-intra-port protocol: TCP - containerPort: 28015 hostPort: 28015 From 0ffa93cd441364df2c32a310adb2fa435a1bff97 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Sun, 5 Mar 2017 17:23:42 +0100 Subject: [PATCH 059/283] docs: fixed typo; changed 2Gi to 20Gi in kubectl cmd output --- .../source/cloud-deployment-templates/node-on-kubernetes.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst b/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst index afb0b438..00b77bb8 100644 --- a/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst +++ b/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst @@ -154,6 +154,6 @@ but it should become "Bound" fairly quickly. Status: Bound Volume: pvc-ebed81f1-fdca-11e6-abf0-000d3a27ab21 Labels: - Capacity: 2Gi + Capacity: 20Gi Access Modes: RWO No events. From 33deff8760f19920e068fa6256d313f67a443ec7 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Sun, 5 Mar 2017 17:49:00 +0100 Subject: [PATCH 060/283] docs: add instructions to deploy MongoDB & BigchainDB on k8s cluster --- .../node-on-kubernetes.rst | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst b/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst index 00b77bb8..1a8e5deb 100644 --- a/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst +++ b/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst @@ -157,3 +157,38 @@ but it should become "Bound" fairly quickly. Capacity: 20Gi Access Modes: RWO No events. + + +Step 5: Deploy MongoDB & BigchainDB +----------------------------------- + +Now you can deploy MongoDB and BigchainDB to your Kubernetes cluster. +Currently, the way we do that is we create a StatefulSet with two +containers: BigchainDB and MongoDB. (In the future, we'll put them +in separate pods, and we'll ensure those pods are in different nodes.) +We expose BigchainDB's port 9984 (the HTTP API port) +and MongoDB's port 27017 using a Kubernetes Service. + +Get the file ``node-mdb-ss.yaml`` from GitHub using: + +.. code:: bash + + $ wget https://raw.githubusercontent.com/bigchaindb/bigchaindb/master/k8s/node-mdb-ss.yaml + +Take a look inside that file to see how it defines the Service +and the StatefulSet. +Note how the MongoDB container uses the ``mongoclaim`` PersistentVolumeClaim +for its ``/data`` diretory (mount path). + +Create the StatefulSet and Service in your cluster using: + +.. code:: bash + + $ kubectl apply -f node-mdb-ss.yaml + +You can check that they're working using: + +.. code:: bash + + $ kubectl get services + $ kubectl get statefulsets From 352627b83ab6549e5951ab6934440b59fe9721e4 Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Mon, 6 Mar 2017 12:12:04 +0100 Subject: [PATCH 061/283] add test that asset id is a string --- tests/db/test_bigchain_api.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tests/db/test_bigchain_api.py b/tests/db/test_bigchain_api.py index f56c9e5a..d2cc82eb 100644 --- a/tests/db/test_bigchain_api.py +++ b/tests/db/test_bigchain_api.py @@ -1313,3 +1313,10 @@ def test_is_new_transaction(b, genesis_block): # Tx is new because it's only found in an invalid block assert b.is_new_transaction(tx.id) assert b.is_new_transaction(tx.id, exclude_block_id=block.id) + + +def test_validate_asset_id_string(signed_transfer_tx): + from bigchaindb.common.exceptions import ValidationError + signed_transfer_tx.asset['id'] = 1 + with pytest.raises(ValidationError): + signed_transfer_tx.validate(None) From 1c03ab754c4ea4c9326b812548aa4d7c81ac0d36 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Mon, 6 Mar 2017 11:58:07 +0100 Subject: [PATCH 062/283] Update change log for 0.9.3 --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 62dac89c..75337b19 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,12 @@ For reference, the possible headings are: * **External Contributors** to list contributors outside of BigchainDB GmbH. * **Notes** +## [0.9.3] - 2017-03-06 +Tag name: v0.9.3 + +### Fixed +Fixed HTTP API 500 error on `GET /outputs: issues #1200 and #1231. + ## [0.9.2] - 2017-03-02 Tag name: v0.9.2 From 8bad32dc13bd295a2e0b45e695fc555679ec506f Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Mon, 6 Mar 2017 13:38:34 +0100 Subject: [PATCH 063/283] Fix typo [skip ci] --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 75337b19..538d2ccc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,7 +19,7 @@ For reference, the possible headings are: Tag name: v0.9.3 ### Fixed -Fixed HTTP API 500 error on `GET /outputs: issues #1200 and #1231. +Fixed HTTP API 500 error on `GET /outputs`: issues #1200 and #1231. ## [0.9.2] - 2017-03-02 Tag name: v0.9.2 From 1374f133f9a7b5b34c105e1572643e5f38ccfbcd Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Mon, 6 Mar 2017 14:18:48 +0100 Subject: [PATCH 064/283] remove stray print call --- bigchaindb/backend/mongodb/connection.py | 1 - 1 file changed, 1 deletion(-) diff --git a/bigchaindb/backend/mongodb/connection.py b/bigchaindb/backend/mongodb/connection.py index 271d0e8e..8688e243 100644 --- a/bigchaindb/backend/mongodb/connection.py +++ b/bigchaindb/backend/mongodb/connection.py @@ -128,7 +128,6 @@ def _check_replica_set(conn): replSet option. """ options = conn.admin.command('getCmdLineOpts') - print(options) try: repl_opts = options['parsed']['replication'] repl_set_name = repl_opts.get('replSetName', repl_opts.get('replSet')) From 6ce8ba9ae3e2f0fcc82aa49bff4be5e8380d6288 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Wed, 22 Feb 2017 17:28:52 +0100 Subject: [PATCH 065/283] Replace logging statements with print that is more or less the recommended approach for command line interfaces see https://docs.python.org/3.6/howto/logging.html#when-to-use-logging --- bigchaindb/commands/bigchain.py | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/bigchaindb/commands/bigchain.py b/bigchaindb/commands/bigchain.py index c118f857..69270f7d 100644 --- a/bigchaindb/commands/bigchain.py +++ b/bigchaindb/commands/bigchain.py @@ -122,7 +122,7 @@ def run_configure(args, skip_if_exists=False): def run_export_my_pubkey(args): """Export this node's public key to standard output """ - logger.debug('bigchaindb args = {}'.format(args)) + print('bigchaindb args = {}'.format(args)) bigchaindb.config_utils.autoconfigure(filename=args.config, force=True) pubkey = bigchaindb.config['keypair']['public'] if pubkey is not None: @@ -141,9 +141,9 @@ def _run_init(): schema.init_database(connection=b.connection) - logger.info('Create genesis block.') + print('Create genesis block.') b.create_genesis_block() - logger.info('Done, have fun!') + print('Done, have fun!') def run_init(args): @@ -176,8 +176,7 @@ def run_drop(args): def run_start(args): """Start the processes to run the node""" - logger.info('BigchainDB Version {}'.format(bigchaindb.__version__)) - + print('BigchainDB Version {}'.format(bigchaindb.__version__)) bigchaindb.config_utils.autoconfigure(filename=args.config, force=True) if args.allow_temp_keypair: @@ -229,7 +228,7 @@ def _run_load(tx_left, stats): def run_load(args): bigchaindb.config_utils.autoconfigure(filename=args.config, force=True) - logger.info('Starting %s processes', args.multiprocess) + print('Starting %s processes', args.multiprocess) stats = logstats.Logstats() logstats.thread.start(stats) @@ -248,7 +247,7 @@ def run_set_shards(args): try: set_shards(conn, shards=args.num_shards) except OperationError as e: - logger.warn(e) + print(e) def run_set_replicas(args): @@ -256,7 +255,7 @@ def run_set_replicas(args): try: set_replicas(conn, replicas=args.num_replicas) except OperationError as e: - logger.warn(e) + print(e) def run_add_replicas(args): @@ -267,9 +266,9 @@ def run_add_replicas(args): try: add_replicas(conn, args.replicas) except (OperationError, NotImplementedError) as e: - logger.warn(e) + print(e) else: - logger.info('Added {} to the replicaset.'.format(args.replicas)) + print('Added {} to the replicaset.'.format(args.replicas)) def run_remove_replicas(args): @@ -280,9 +279,9 @@ def run_remove_replicas(args): try: remove_replicas(conn, args.replicas) except (OperationError, NotImplementedError) as e: - logger.warn(e) + print(e) else: - logger.info('Removed {} from the replicaset.'.format(args.replicas)) + print('Removed {} from the replicaset.'.format(args.replicas)) def create_parser(): From c1cf79d0e025cc6cae9029d9a0974915b858663a Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Wed, 22 Feb 2017 20:22:12 +0100 Subject: [PATCH 066/283] Pass a message to the exception otherwise nothing gets printed when printing the exception --- bigchaindb/backend/rethinkdb/admin.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bigchaindb/backend/rethinkdb/admin.py b/bigchaindb/backend/rethinkdb/admin.py index 23b55048..863ffb31 100644 --- a/bigchaindb/backend/rethinkdb/admin.py +++ b/bigchaindb/backend/rethinkdb/admin.py @@ -96,7 +96,7 @@ def reconfigure(connection, *, table, shards, replicas, try: return connection.run(r.table(table).reconfigure(**params)) except (r.ReqlOpFailedError, r.ReqlQueryLogicError) as e: - raise OperationError from e + raise OperationError('Failed to reconfigure tables.') from e @register_admin(RethinkDBConnection) From 10026680825a70dbdf719827bcf4476afdd03ae6 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Wed, 22 Feb 2017 20:23:00 +0100 Subject: [PATCH 067/283] Fix broken tests --- tests/commands/rethinkdb/test_commands.py | 14 ++++++++------ tests/commands/test_commands.py | 6 ++++-- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/tests/commands/rethinkdb/test_commands.py b/tests/commands/rethinkdb/test_commands.py index 5fb75f4d..5fc0379e 100644 --- a/tests/commands/rethinkdb/test_commands.py +++ b/tests/commands/rethinkdb/test_commands.py @@ -59,8 +59,7 @@ def test_set_shards(mock_reconfigure, monkeypatch, b): mock_reconfigure.assert_called_with(replicas=3, shards=3, dry_run=False) -@patch('logging.Logger.warn') -def test_set_shards_raises_exception(mock_log, monkeypatch, b): +def test_set_shards_raises_exception(monkeypatch, b, capsys): from bigchaindb.commands.bigchain import run_set_shards # test that we are correctly catching the exception @@ -76,7 +75,9 @@ def test_set_shards_raises_exception(mock_log, monkeypatch, b): args = Namespace(num_shards=3) run_set_shards(args) - assert mock_log.called + out, err = capsys.readouterr() + assert out[:-1] == 'Failed to reconfigure tables.' + assert not err @patch('rethinkdb.ast.Table.reconfigure') @@ -103,8 +104,7 @@ def test_set_replicas(mock_reconfigure, monkeypatch, b): mock_reconfigure.assert_called_with(replicas=2, shards=3, dry_run=False) -@patch('logging.Logger.warn') -def test_set_replicas_raises_exception(mock_log, monkeypatch, b): +def test_set_replicas_raises_exception(monkeypatch, b, capsys): from bigchaindb.commands.bigchain import run_set_replicas # test that we are correctly catching the exception @@ -120,4 +120,6 @@ def test_set_replicas_raises_exception(mock_log, monkeypatch, b): args = Namespace(num_replicas=2) run_set_replicas(args) - assert mock_log.called + out, err = capsys.readouterr() + assert out[:-1] == 'Failed to reconfigure tables.' + assert not err diff --git a/tests/commands/test_commands.py b/tests/commands/test_commands.py index f806eb7c..5b206762 100644 --- a/tests/commands/test_commands.py +++ b/tests/commands/test_commands.py @@ -132,8 +132,10 @@ def test_bigchain_export_my_pubkey_when_pubkey_set(capsys, monkeypatch): _, _ = capsys.readouterr() # has the effect of clearing capsys run_export_my_pubkey(args) out, err = capsys.readouterr() - assert out == config['keypair']['public'] + '\n' - assert out == 'Charlie_Bucket\n' + lines = out.splitlines() + assert config['keypair']['public'] in lines + assert 'Charlie_Bucket' in lines + assert 'bigchaindb args = {}'.format(args) in lines def test_bigchain_export_my_pubkey_when_pubkey_not_set(monkeypatch): From 894784b9e412e984af020b763251f1a59659a6f2 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Tue, 28 Feb 2017 17:24:24 +0100 Subject: [PATCH 068/283] Add pytest-mock - a thin wrapper around mock --- setup.py | 1 + 1 file changed, 1 insertion(+) diff --git a/setup.py b/setup.py index 1ff6bdbb..dadd7385 100644 --- a/setup.py +++ b/setup.py @@ -50,6 +50,7 @@ tests_require = [ 'pytest>=3.0.0', 'pytest-catchlog>=1.2.2', 'pytest-cov>=2.2.1', + 'pytest-mock', 'pytest-xdist', 'pytest-flask', 'tox', From 4e82615845b834dc587826068a4c82389cdb052b Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Tue, 28 Feb 2017 17:26:28 +0100 Subject: [PATCH 069/283] Add module to hold messages used in commands --- bigchaindb/commands/messages.py | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 bigchaindb/commands/messages.py diff --git a/bigchaindb/commands/messages.py b/bigchaindb/commands/messages.py new file mode 100644 index 00000000..c65fe973 --- /dev/null +++ b/bigchaindb/commands/messages.py @@ -0,0 +1,10 @@ +"""Module to store messages used in commands, such as error messages, +warnings, prompts, etc. + +""" +CANNOT_START_KEYPAIR_NOT_FOUND = ( + "Can't start BigchainDB, no keypair found. " + 'Did you run `bigchaindb configure`?' +) + +RETHINKDB_STARTUP_ERROR = 'Error starting RethinkDB, reason is: {}' From d1d994f0e76df8c5e666f79176531b4697753509 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Tue, 28 Feb 2017 17:27:42 +0100 Subject: [PATCH 070/283] Add fixture for run_start cmdline args Note: has the possibility to be parametrized. --- tests/commands/conftest.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/commands/conftest.py b/tests/commands/conftest.py index 1cffbc2f..fde478b5 100644 --- a/tests/commands/conftest.py +++ b/tests/commands/conftest.py @@ -1,3 +1,5 @@ +from argparse import Namespace + import pytest @@ -38,3 +40,13 @@ def mock_bigchaindb_backup_config(monkeypatch): 'backlog_reassign_delay': 5 } monkeypatch.setattr('bigchaindb._config', config) + + +@pytest.fixture +def run_start_args(request): + param = getattr(request, 'param', {}) + return Namespace( + config=param.get('config'), + start_rethinkdb=param.get('start_rethinkdb', False), + allow_temp_keypair=param.get('allow_temp_keypair', False), + ) From 24eb18fb59daf19b6db4b7fa219ab992c1056722 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Tue, 28 Feb 2017 17:30:44 +0100 Subject: [PATCH 071/283] Add tests for errors on startup --- tests/commands/test_commands.py | 58 +++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/tests/commands/test_commands.py b/tests/commands/test_commands.py index 5b206762..9d071131 100644 --- a/tests/commands/test_commands.py +++ b/tests/commands/test_commands.py @@ -304,6 +304,64 @@ def test_allow_temp_keypair_doesnt_override_if_keypair_found(mock_gen_keypair, assert bigchaindb.config['keypair']['public'] == original_public_key +def test_run_start_when_db_already_exists(mocker, monkeypatch, run_start_args): + from bigchaindb.commands.bigchain import run_start + from bigchaindb.common.exceptions import DatabaseAlreadyExists + mocked_start = mocker.patch('bigchaindb.processes.start') + + def mock_run_init(): + raise DatabaseAlreadyExists() + + monkeypatch.setattr( + 'bigchaindb.commands.bigchain._run_init', mock_run_init) + run_start(run_start_args) + assert mocked_start.called + + +def test_run_start_when_keypair_not_found(mocker, monkeypatch, run_start_args): + from bigchaindb.commands.bigchain import run_start + from bigchaindb.commands.messages import CANNOT_START_KEYPAIR_NOT_FOUND + from bigchaindb.common.exceptions import KeypairNotFoundException + mocked_start = mocker.patch('bigchaindb.processes.start') + + def mock_run_init(): + raise KeypairNotFoundException() + + monkeypatch.setattr( + 'bigchaindb.commands.bigchain._run_init', mock_run_init) + + with pytest.raises(SystemExit) as exc: + run_start(run_start_args) + + assert len(exc.value.args) == 1 + assert exc.value.args[0] == CANNOT_START_KEYPAIR_NOT_FOUND + assert not mocked_start.called + + +def test_run_start_when_start_rethinkdb_fails(mocker, + monkeypatch, + run_start_args): + from bigchaindb.commands.bigchain import run_start + from bigchaindb.commands.messages import RETHINKDB_STARTUP_ERROR + from bigchaindb.common.exceptions import StartupError + run_start_args.start_rethinkdb = True + mocked_start = mocker.patch('bigchaindb.processes.start') + err_msg = 'Error starting rethinkdb.' + + def mock_start_rethinkdb(): + raise StartupError(err_msg) + + monkeypatch.setattr( + 'bigchaindb.commands.utils.start_rethinkdb', mock_start_rethinkdb) + + with pytest.raises(SystemExit) as exc: + run_start(run_start_args) + + assert len(exc.value.args) == 1 + assert exc.value.args[0] == RETHINKDB_STARTUP_ERROR.format(err_msg) + assert not mocked_start.called + + @patch('argparse.ArgumentParser.parse_args') @patch('bigchaindb.commands.utils.base_parser') @patch('bigchaindb.commands.utils.start') From edc5887b42510c3e049a96bba1146e619245b04e Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Tue, 28 Feb 2017 17:31:19 +0100 Subject: [PATCH 072/283] Use hardcoded (constant) messages This provides a bit of re-usability and helps testing. --- bigchaindb/commands/bigchain.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/bigchaindb/commands/bigchain.py b/bigchaindb/commands/bigchain.py index 69270f7d..69124661 100644 --- a/bigchaindb/commands/bigchain.py +++ b/bigchaindb/commands/bigchain.py @@ -26,6 +26,10 @@ from bigchaindb.backend.admin import (set_replicas, set_shards, add_replicas, remove_replicas) from bigchaindb.backend.exceptions import OperationError from bigchaindb.commands import utils +from bigchaindb.commands.messages import ( + CANNOT_START_KEYPAIR_NOT_FOUND, + RETHINKDB_STARTUP_ERROR, +) from bigchaindb import processes @@ -193,7 +197,7 @@ def run_start(args): try: proc = utils.start_rethinkdb() except StartupError as e: - sys.exit('Error starting RethinkDB, reason is: {}'.format(e)) + sys.exit(RETHINKDB_STARTUP_ERROR.format(e)) logger.info('RethinkDB started with PID %s' % proc.pid) try: @@ -201,8 +205,7 @@ def run_start(args): except DatabaseAlreadyExists: pass except KeypairNotFoundException: - sys.exit("Can't start BigchainDB, no keypair found. " - 'Did you run `bigchaindb configure`?') + sys.exit(CANNOT_START_KEYPAIR_NOT_FOUND) logger.info('Starting BigchainDB main process with public key %s', bigchaindb.config['keypair']['public']) From 2e398f606f666bd9fa4f6285d46bf71cf635375f Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Thu, 2 Mar 2017 14:36:52 +0100 Subject: [PATCH 073/283] Make some improvements to command line messages and error handling --- bigchaindb/commands/bigchain.py | 16 +++++++-------- tests/commands/rethinkdb/test_commands.py | 20 ++++++++---------- tests/commands/test_commands.py | 25 +++++++++++++++-------- 3 files changed, 31 insertions(+), 30 deletions(-) diff --git a/bigchaindb/commands/bigchain.py b/bigchaindb/commands/bigchain.py index 69124661..6b8bdb07 100644 --- a/bigchaindb/commands/bigchain.py +++ b/bigchaindb/commands/bigchain.py @@ -126,7 +126,6 @@ def run_configure(args, skip_if_exists=False): def run_export_my_pubkey(args): """Export this node's public key to standard output """ - print('bigchaindb args = {}'.format(args)) bigchaindb.config_utils.autoconfigure(filename=args.config, force=True) pubkey = bigchaindb.config['keypair']['public'] if pubkey is not None: @@ -145,9 +144,8 @@ def _run_init(): schema.init_database(connection=b.connection) - print('Create genesis block.') b.create_genesis_block() - print('Done, have fun!') + logger.info('Genesis block created.') def run_init(args): @@ -180,7 +178,7 @@ def run_drop(args): def run_start(args): """Start the processes to run the node""" - print('BigchainDB Version {}'.format(bigchaindb.__version__)) + logger.info('BigchainDB Version %s', bigchaindb.__version__) bigchaindb.config_utils.autoconfigure(filename=args.config, force=True) if args.allow_temp_keypair: @@ -231,7 +229,7 @@ def _run_load(tx_left, stats): def run_load(args): bigchaindb.config_utils.autoconfigure(filename=args.config, force=True) - print('Starting %s processes', args.multiprocess) + logger.info('Starting %s processes', args.multiprocess) stats = logstats.Logstats() logstats.thread.start(stats) @@ -250,7 +248,7 @@ def run_set_shards(args): try: set_shards(conn, shards=args.num_shards) except OperationError as e: - print(e) + sys.exit(str(e)) def run_set_replicas(args): @@ -258,7 +256,7 @@ def run_set_replicas(args): try: set_replicas(conn, replicas=args.num_replicas) except OperationError as e: - print(e) + sys.exit(str(e)) def run_add_replicas(args): @@ -269,7 +267,7 @@ def run_add_replicas(args): try: add_replicas(conn, args.replicas) except (OperationError, NotImplementedError) as e: - print(e) + sys.exit(str(e)) else: print('Added {} to the replicaset.'.format(args.replicas)) @@ -282,7 +280,7 @@ def run_remove_replicas(args): try: remove_replicas(conn, args.replicas) except (OperationError, NotImplementedError) as e: - print(e) + sys.exit(str(e)) else: print('Removed {} from the replicaset.'.format(args.replicas)) diff --git a/tests/commands/rethinkdb/test_commands.py b/tests/commands/rethinkdb/test_commands.py index 5fc0379e..5208587e 100644 --- a/tests/commands/rethinkdb/test_commands.py +++ b/tests/commands/rethinkdb/test_commands.py @@ -59,7 +59,7 @@ def test_set_shards(mock_reconfigure, monkeypatch, b): mock_reconfigure.assert_called_with(replicas=3, shards=3, dry_run=False) -def test_set_shards_raises_exception(monkeypatch, b, capsys): +def test_set_shards_raises_exception(monkeypatch, b): from bigchaindb.commands.bigchain import run_set_shards # test that we are correctly catching the exception @@ -73,11 +73,9 @@ def test_set_shards_raises_exception(monkeypatch, b, capsys): monkeypatch.setattr(rethinkdb.ast.Table, 'reconfigure', mock_raise) args = Namespace(num_shards=3) - run_set_shards(args) - - out, err = capsys.readouterr() - assert out[:-1] == 'Failed to reconfigure tables.' - assert not err + with pytest.raises(SystemExit) as exc: + run_set_shards(args) + assert exc.value.args == ('Failed to reconfigure tables.',) @patch('rethinkdb.ast.Table.reconfigure') @@ -104,7 +102,7 @@ def test_set_replicas(mock_reconfigure, monkeypatch, b): mock_reconfigure.assert_called_with(replicas=2, shards=3, dry_run=False) -def test_set_replicas_raises_exception(monkeypatch, b, capsys): +def test_set_replicas_raises_exception(monkeypatch, b): from bigchaindb.commands.bigchain import run_set_replicas # test that we are correctly catching the exception @@ -118,8 +116,6 @@ def test_set_replicas_raises_exception(monkeypatch, b, capsys): monkeypatch.setattr(rethinkdb.ast.Table, 'reconfigure', mock_raise) args = Namespace(num_replicas=2) - run_set_replicas(args) - - out, err = capsys.readouterr() - assert out[:-1] == 'Failed to reconfigure tables.' - assert not err + with pytest.raises(SystemExit) as exc: + run_set_replicas(args) + assert exc.value.args == ('Failed to reconfigure tables.',) diff --git a/tests/commands/test_commands.py b/tests/commands/test_commands.py index 9d071131..991f4961 100644 --- a/tests/commands/test_commands.py +++ b/tests/commands/test_commands.py @@ -135,7 +135,6 @@ def test_bigchain_export_my_pubkey_when_pubkey_set(capsys, monkeypatch): lines = out.splitlines() assert config['keypair']['public'] in lines assert 'Charlie_Bucket' in lines - assert 'bigchaindb args = {}'.format(args) in lines def test_bigchain_export_my_pubkey_when_pubkey_not_set(monkeypatch): @@ -455,14 +454,18 @@ def test_run_add_replicas(mock_add_replicas): mock_add_replicas.reset_mock() # test add_replicas with `OperationError` - mock_add_replicas.side_effect = OperationError() - assert run_add_replicas(args) is None + mock_add_replicas.side_effect = OperationError('err') + with pytest.raises(SystemExit) as exc: + run_add_replicas(args) + assert exc.value.args == ('err',) assert mock_add_replicas.call_count == 1 mock_add_replicas.reset_mock() # test add_replicas with `NotImplementedError` - mock_add_replicas.side_effect = NotImplementedError() - assert run_add_replicas(args) is None + mock_add_replicas.side_effect = NotImplementedError('err') + with pytest.raises(SystemExit) as exc: + run_add_replicas(args) + assert exc.value.args == ('err',) assert mock_add_replicas.call_count == 1 mock_add_replicas.reset_mock() @@ -482,14 +485,18 @@ def test_run_remove_replicas(mock_remove_replicas): mock_remove_replicas.reset_mock() # test add_replicas with `OperationError` - mock_remove_replicas.side_effect = OperationError() - assert run_remove_replicas(args) is None + mock_remove_replicas.side_effect = OperationError('err') + with pytest.raises(SystemExit) as exc: + run_remove_replicas(args) + assert exc.value.args == ('err',) assert mock_remove_replicas.call_count == 1 mock_remove_replicas.reset_mock() # test add_replicas with `NotImplementedError` - mock_remove_replicas.side_effect = NotImplementedError() - assert run_remove_replicas(args) is None + mock_remove_replicas.side_effect = NotImplementedError('err') + with pytest.raises(SystemExit) as exc: + run_remove_replicas(args) + assert exc.value.args == ('err',) assert mock_remove_replicas.call_count == 1 mock_remove_replicas.reset_mock() From 7e0e46e8205d6e96efdb1838400fb52b9c202d56 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Mon, 6 Mar 2017 15:53:48 +0100 Subject: [PATCH 074/283] Pass host and port to rethinkdb connection This is needed when running the tests in containers for instance --- tests/backend/rethinkdb/test_connection.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/backend/rethinkdb/test_connection.py b/tests/backend/rethinkdb/test_connection.py index 880862af..df393716 100644 --- a/tests/backend/rethinkdb/test_connection.py +++ b/tests/backend/rethinkdb/test_connection.py @@ -46,7 +46,7 @@ def test_raise_exception_when_max_tries(): conn.run(MockQuery()) -def test_reconnect_when_connection_lost(): +def test_reconnect_when_connection_lost(db_host, db_port): from bigchaindb.backend import connect original_connect = r.connect @@ -54,7 +54,7 @@ def test_reconnect_when_connection_lost(): with patch('rethinkdb.connect') as mock_connect: mock_connect.side_effect = [ r.ReqlDriverError('mock'), - original_connect() + original_connect(host=db_host, port=db_port) ] conn = connect() From 9bb2ec276a3bd521a6cf9301972fab8145b329bb Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Tue, 7 Mar 2017 11:24:21 +0100 Subject: [PATCH 075/283] clarify interface of Voting.count_votes --- bigchaindb/voting.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/bigchaindb/voting.py b/bigchaindb/voting.py index b4e8a9e9..57a0192b 100644 --- a/bigchaindb/voting.py +++ b/bigchaindb/voting.py @@ -68,6 +68,12 @@ class Voting: * Detect if there are multiple votes from a single node and return them in a separate "cheat" dictionary. * Votes must agree on previous block, otherwise they become invalid. + + note: + The sum of votes returned by this function does not neccesarily + equal the length of the list of votes fed in. It may differ for + example if there are found to be multiple votes submitted by a + single voter. """ prev_blocks = collections.Counter() cheat = [] From 083d1678ced0c6fd7b5c3ce58a77eee451ad1482 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Tue, 7 Mar 2017 11:24:26 +0100 Subject: [PATCH 076/283] Must update meaning of 'latest' image on Docker Hub when do a minor release --- Release_Process.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/Release_Process.md b/Release_Process.md index a4e3d427..ec51ceaf 100644 --- a/Release_Process.md +++ b/Release_Process.md @@ -14,10 +14,8 @@ A minor release is preceeded by a feature freeze and created from the 'master' b 1. In `bigchaindb/version.py`, update `__version__` and `__short_version__`, e.g. to `0.9` and `0.9.0` (with no `.dev` on the end) 1. Commit that change, and push the new branch to GitHub 1. Follow steps outlined in [Common Steps](#common-steps) -1. In 'master' branch, Edit `bigchaindb/version.py`, increment the minor version to the next planned release, e.g. `0.10.0.dev' -This is so people reading the latest docs will know that they're for the latest (master branch) -version of BigchainDB Server, not the docs at the time of the most recent release (which are also -available). +1. In 'master' branch, Edit `bigchaindb/version.py`, increment the minor version to the next planned release, e.g. `0.10.0.dev`. This is so people reading the latest docs will know that they're for the latest (master branch) version of BigchainDB Server, not the docs at the time of the most recent release (which are also available). +1. Go to [Docker Hub](https://hub.docker.com/), sign in, go to Settings - Build Settings, and under the build with Docker Tag Name equal to `latest`, change the Name to the number of the new release, e.g. `0.9` Congratulations, you have released BigchainDB! From 33bef7d99305cf356cf8f8d6179af37ada6cb792 Mon Sep 17 00:00:00 2001 From: libscott Date: Tue, 7 Mar 2017 11:29:16 +0100 Subject: [PATCH 077/283] I can't spell neccesarily --- bigchaindb/voting.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bigchaindb/voting.py b/bigchaindb/voting.py index 57a0192b..b12bc4df 100644 --- a/bigchaindb/voting.py +++ b/bigchaindb/voting.py @@ -70,7 +70,7 @@ class Voting: * Votes must agree on previous block, otherwise they become invalid. note: - The sum of votes returned by this function does not neccesarily + The sum of votes returned by this function does not necessarily equal the length of the list of votes fed in. It may differ for example if there are found to be multiple votes submitted by a single voter. From d3bd9d0300120c7a99269e958e2025ba560e1538 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Tue, 7 Mar 2017 11:43:49 +0100 Subject: [PATCH 078/283] Server docs: Removed the old 'Topic Guides' section --- bigchaindb/README.md | 2 +- docs/server/source/index.rst | 1 - docs/server/source/topic-guides/index.rst | 12 ------------ docs/server/source/topic-guides/models.md | 6 ------ 4 files changed, 1 insertion(+), 20 deletions(-) delete mode 100644 docs/server/source/topic-guides/index.rst delete mode 100644 docs/server/source/topic-guides/models.md diff --git a/bigchaindb/README.md b/bigchaindb/README.md index dbb59a1e..cd177c85 100644 --- a/bigchaindb/README.md +++ b/bigchaindb/README.md @@ -12,7 +12,7 @@ The `Bigchain` class is defined here. Most operations outlined in the [whitepap ### [`models.py`](./models.py) -`Block`, `Transaction`, and `Asset` classes are defined here. The classes mirror the block and transaction structure from the [documentation](https://docs.bigchaindb.com/projects/server/en/latest/topic-guides/models.html), but also include methods for validation and signing. +`Block`, `Transaction`, and `Asset` classes are defined here. The classes mirror the block and transaction structure from the [documentation](https://docs.bigchaindb.com/projects/server/en/latest/data-models/index.html), but also include methods for validation and signing. ### [`consensus.py`](./consensus.py) diff --git a/docs/server/source/index.rst b/docs/server/source/index.rst index 7f85a228..6ac4b9f5 100644 --- a/docs/server/source/index.rst +++ b/docs/server/source/index.rst @@ -13,7 +13,6 @@ BigchainDB Server Documentation server-reference/index drivers-clients/index clusters-feds/index - topic-guides/index data-models/index schema/transaction schema/vote diff --git a/docs/server/source/topic-guides/index.rst b/docs/server/source/topic-guides/index.rst deleted file mode 100644 index 9386fe87..00000000 --- a/docs/server/source/topic-guides/index.rst +++ /dev/null @@ -1,12 +0,0 @@ -Topic Guides -============ - -.. note:: - - Most of the Topic Guides have been moved over to `the root BigchainDB project docs `_. - - -.. toctree:: - :maxdepth: 1 - - models diff --git a/docs/server/source/topic-guides/models.md b/docs/server/source/topic-guides/models.md deleted file mode 100644 index 7f993feb..00000000 --- a/docs/server/source/topic-guides/models.md +++ /dev/null @@ -1,6 +0,0 @@ -# The Transaction, Block and Vote Models - -This page about transaction concepts and data models was getting too big, so it was split into smaller pages. It will be deleted eventually, so update your links. Here's where you can find the new pages: - -* [Transaction Concepts](https://docs.bigchaindb.com/en/latest/transaction-concepts.html) -* [Data Models (all of them)](../data-models/index.html) From 0ad0d89fcd45267d64c592842178028bf7dc4268 Mon Sep 17 00:00:00 2001 From: Brett Sun Date: Fri, 24 Feb 2017 11:05:28 +0100 Subject: [PATCH 079/283] Move `input_on_stderr()` to commands.utils module --- bigchaindb/commands/bigchain.py | 15 +++------------ bigchaindb/commands/utils.py | 10 ++++++++++ 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/bigchaindb/commands/bigchain.py b/bigchaindb/commands/bigchain.py index 6b8bdb07..667ceba8 100644 --- a/bigchaindb/commands/bigchain.py +++ b/bigchaindb/commands/bigchain.py @@ -3,12 +3,11 @@ the command-line interface (CLI) for BigchainDB Server. """ import os -import sys import logging import argparse import copy import json -import builtins +import sys import logstats @@ -20,7 +19,7 @@ import bigchaindb import bigchaindb.config_utils from bigchaindb.models import Transaction from bigchaindb.utils import ProcessGroup -from bigchaindb import backend +from bigchaindb import backend, processes from bigchaindb.backend import schema from bigchaindb.backend.admin import (set_replicas, set_shards, add_replicas, remove_replicas) @@ -30,21 +29,13 @@ from bigchaindb.commands.messages import ( CANNOT_START_KEYPAIR_NOT_FOUND, RETHINKDB_STARTUP_ERROR, ) -from bigchaindb import processes +from bigchaindb.commands.utils import input_on_stderr logging.basicConfig(level=logging.INFO) logger = logging.getLogger(__name__) -# We need this because `input` always prints on stdout, while it should print -# to stderr. It's a very old bug, check it out here: -# - https://bugs.python.org/issue1927 -def input_on_stderr(prompt=''): - print(prompt, end='', file=sys.stderr) - return builtins.input() - - def run_show_config(args): """Show the current configuration""" # TODO Proposal: remove the "hidden" configuration. Only show config. If diff --git a/bigchaindb/commands/utils.py b/bigchaindb/commands/utils.py index 80ee7a6b..d3bcbbd4 100644 --- a/bigchaindb/commands/utils.py +++ b/bigchaindb/commands/utils.py @@ -3,8 +3,10 @@ for ``argparse.ArgumentParser``. """ import argparse +import builtins import multiprocessing as mp import subprocess +import sys import rethinkdb as r from pymongo import uri_parser @@ -15,6 +17,14 @@ from bigchaindb.common.exceptions import StartupError from bigchaindb.version import __version__ +# We need this because `input` always prints on stdout, while it should print +# to stderr. It's a very old bug, check it out here: +# - https://bugs.python.org/issue1927 +def input_on_stderr(prompt=''): + print(prompt, end='', file=sys.stderr) + return builtins.input() + + def start_rethinkdb(): """Start RethinkDB as a child process and wait for it to be available. From fce6b6af522ca637002a93ffb36ccd8e53ef56cc Mon Sep 17 00:00:00 2001 From: Brett Sun Date: Fri, 24 Feb 2017 11:16:17 +0100 Subject: [PATCH 080/283] Standardize output streams for outputs of commands --- bigchaindb/commands/bigchain.py | 8 +++++++- tests/commands/test_commands.py | 2 ++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/bigchaindb/commands/bigchain.py b/bigchaindb/commands/bigchain.py index 667ceba8..4134bb0c 100644 --- a/bigchaindb/commands/bigchain.py +++ b/bigchaindb/commands/bigchain.py @@ -36,6 +36,12 @@ logging.basicConfig(level=logging.INFO) logger = logging.getLogger(__name__) +# Note about printing: +# We try to print to stdout for results of a command that may be useful to +# someone (or another program). Strictly informational text, or errors, +# should be printed to stderr. + + def run_show_config(args): """Show the current configuration""" # TODO Proposal: remove the "hidden" configuration. Only show config. If @@ -84,7 +90,7 @@ def run_configure(args, skip_if_exists=False): # select the correct config defaults based on the backend print('Generating default configuration for backend {}' - .format(args.backend)) + .format(args.backend), file=sys.stderr) conf['database'] = bigchaindb._database_map[args.backend] if not args.yes: diff --git a/tests/commands/test_commands.py b/tests/commands/test_commands.py index 991f4961..95587e6c 100644 --- a/tests/commands/test_commands.py +++ b/tests/commands/test_commands.py @@ -133,8 +133,10 @@ def test_bigchain_export_my_pubkey_when_pubkey_set(capsys, monkeypatch): run_export_my_pubkey(args) out, err = capsys.readouterr() lines = out.splitlines() + err_lines = err.splitlines() assert config['keypair']['public'] in lines assert 'Charlie_Bucket' in lines + assert 'bigchaindb args = {}'.format(args) in err_lines def test_bigchain_export_my_pubkey_when_pubkey_not_set(monkeypatch): From df9fd6dc23cffbb78541d0cc2f888a9d8034e9cf Mon Sep 17 00:00:00 2001 From: Brett Sun Date: Fri, 24 Feb 2017 11:25:45 +0100 Subject: [PATCH 081/283] Move arguments related only to `start` command to be under `start` --- bigchaindb/commands/bigchain.py | 24 ++++++++++++------------ tests/commands/test_commands.py | 15 +++++++++------ 2 files changed, 21 insertions(+), 18 deletions(-) diff --git a/bigchaindb/commands/bigchain.py b/bigchaindb/commands/bigchain.py index 4134bb0c..2d5c4201 100644 --- a/bigchaindb/commands/bigchain.py +++ b/bigchaindb/commands/bigchain.py @@ -287,16 +287,6 @@ def create_parser(): description='Control your BigchainDB node.', parents=[utils.base_parser]) - parser.add_argument('--dev-start-rethinkdb', - dest='start_rethinkdb', - action='store_true', - help='Run RethinkDB on start') - - parser.add_argument('--dev-allow-temp-keypair', - dest='allow_temp_keypair', - action='store_true', - help='Generate a random keypair on start') - # all the commands are contained in the subparsers object, # the command selected by the user will be stored in `args.command` # that is used by the `main` function to select which other @@ -328,8 +318,18 @@ def create_parser(): help='Drop the database') # parser for starting BigchainDB - subparsers.add_parser('start', - help='Start BigchainDB') + start_parser = subparsers.add_parser('start', + help='Start BigchainDB') + + start_parser.add_argument('--dev-allow-temp-keypair', + dest='allow_temp_keypair', + action='store_true', + help='Generate a random keypair on start') + + start_parser.add_argument('--dev-start-rethinkdb', + dest='start_rethinkdb', + action='store_true', + help='Run RethinkDB on start') # parser for configuring the number of shards sharding_parser = subparsers.add_parser('set-shards', diff --git a/tests/commands/test_commands.py b/tests/commands/test_commands.py index 95587e6c..cb9e7641 100644 --- a/tests/commands/test_commands.py +++ b/tests/commands/test_commands.py @@ -381,11 +381,6 @@ def test_calling_main(start_mock, base_parser_mock, parse_args_mock, main() assert argparser_mock.called is True - assert parser.add_argument.called is True - parser.add_argument.assert_any_call('--dev-start-rethinkdb', - dest='start_rethinkdb', - action='store_true', - help='Run RethinkDB on start') parser.add_subparsers.assert_called_with(title='Commands', dest='command') subparsers.add_parser.assert_any_call('configure', @@ -399,11 +394,19 @@ def test_calling_main(start_mock, base_parser_mock, parse_args_mock, 'key') subparsers.add_parser.assert_any_call('init', help='Init the database') subparsers.add_parser.assert_any_call('drop', help='Drop the database') + subparsers.add_parser.assert_any_call('start', help='Start BigchainDB') + subsubparsers.add_argument.assert_any_call('--dev-start-rethinkdb', + dest='start_rethinkdb', + action='store_true', + help='Run RethinkDB on start') + subsubparsers.add_argument.assert_any_call('--dev-allow-temp-keypair', + dest='allow_temp_keypair', + action='store_true', + help='Generate a random keypair on start') subparsers.add_parser.assert_any_call('set-shards', help='Configure number of shards') - subsubparsers.add_argument.assert_any_call('num_shards', metavar='num_shards', type=int, default=1, From 54ea18dd2badd08d18d42c2cc00a79b2b4f76960 Mon Sep 17 00:00:00 2001 From: Brett Sun Date: Fri, 24 Feb 2017 11:57:32 +0100 Subject: [PATCH 082/283] Use decorator to automatically configure before starting any command (that requires configuration) --- bigchaindb/commands/bigchain.py | 21 +++++++++++---------- bigchaindb/commands/utils.py | 11 +++++++++++ tests/commands/rethinkdb/test_commands.py | 8 ++++---- 3 files changed, 26 insertions(+), 14 deletions(-) diff --git a/bigchaindb/commands/bigchain.py b/bigchaindb/commands/bigchain.py index 2d5c4201..efefa9d7 100644 --- a/bigchaindb/commands/bigchain.py +++ b/bigchaindb/commands/bigchain.py @@ -16,7 +16,6 @@ from bigchaindb.common.exceptions import (StartupError, DatabaseAlreadyExists, KeypairNotFoundException) import bigchaindb -import bigchaindb.config_utils from bigchaindb.models import Transaction from bigchaindb.utils import ProcessGroup from bigchaindb import backend, processes @@ -29,7 +28,7 @@ from bigchaindb.commands.messages import ( CANNOT_START_KEYPAIR_NOT_FOUND, RETHINKDB_STARTUP_ERROR, ) -from bigchaindb.commands.utils import input_on_stderr +from bigchaindb.commands.utils import configure_bigchaindb, input_on_stderr logging.basicConfig(level=logging.INFO) @@ -42,12 +41,12 @@ logger = logging.getLogger(__name__) # should be printed to stderr. +@configure_bigchaindb def run_show_config(args): """Show the current configuration""" # TODO Proposal: remove the "hidden" configuration. Only show config. If # the system needs to be configured, then display information on how to # configure the system. - bigchaindb.config_utils.autoconfigure(filename=args.config, force=True) config = copy.deepcopy(bigchaindb.config) del config['CONFIGURED'] private_key = config['keypair']['private'] @@ -120,10 +119,10 @@ def run_configure(args, skip_if_exists=False): print('Ready to go!', file=sys.stderr) +@configure_bigchaindb def run_export_my_pubkey(args): """Export this node's public key to standard output """ - bigchaindb.config_utils.autoconfigure(filename=args.config, force=True) pubkey = bigchaindb.config['keypair']['public'] if pubkey is not None: print(pubkey) @@ -145,9 +144,9 @@ def _run_init(): logger.info('Genesis block created.') +@configure_bigchaindb def run_init(args): """Initialize the database""" - bigchaindb.config_utils.autoconfigure(filename=args.config, force=True) # TODO Provide mechanism to: # 1. prompt the user to inquire whether they wish to drop the db # 2. force the init, (e.g., via -f flag) @@ -158,9 +157,9 @@ def run_init(args): print('If you wish to re-initialize it, first drop it.', file=sys.stderr) +@configure_bigchaindb def run_drop(args): """Drop the database""" - bigchaindb.config_utils.autoconfigure(filename=args.config, force=True) dbname = bigchaindb.config['database']['name'] if not args.yes: @@ -173,10 +172,10 @@ def run_drop(args): schema.drop_database(conn, dbname) +@configure_bigchaindb def run_start(args): """Start the processes to run the node""" logger.info('BigchainDB Version %s', bigchaindb.__version__) - bigchaindb.config_utils.autoconfigure(filename=args.config, force=True) if args.allow_temp_keypair: if not (bigchaindb.config['keypair']['private'] or @@ -224,8 +223,8 @@ def _run_load(tx_left, stats): break +@configure_bigchaindb def run_load(args): - bigchaindb.config_utils.autoconfigure(filename=args.config, force=True) logger.info('Starting %s processes', args.multiprocess) stats = logstats.Logstats() logstats.thread.start(stats) @@ -240,6 +239,7 @@ def run_load(args): workers.start() +@configure_bigchaindb def run_set_shards(args): conn = backend.connect() try: @@ -248,6 +248,7 @@ def run_set_shards(args): sys.exit(str(e)) +@configure_bigchaindb def run_set_replicas(args): conn = backend.connect() try: @@ -256,9 +257,9 @@ def run_set_replicas(args): sys.exit(str(e)) +@configure_bigchaindb def run_add_replicas(args): # Note: This command is specific to MongoDB - bigchaindb.config_utils.autoconfigure(filename=args.config, force=True) conn = backend.connect() try: @@ -269,9 +270,9 @@ def run_add_replicas(args): print('Added {} to the replicaset.'.format(args.replicas)) +@configure_bigchaindb def run_remove_replicas(args): # Note: This command is specific to MongoDB - bigchaindb.config_utils.autoconfigure(filename=args.config, force=True) conn = backend.connect() try: diff --git a/bigchaindb/commands/utils.py b/bigchaindb/commands/utils.py index d3bcbbd4..b04499d9 100644 --- a/bigchaindb/commands/utils.py +++ b/bigchaindb/commands/utils.py @@ -4,6 +4,7 @@ for ``argparse.ArgumentParser``. import argparse import builtins +import functools import multiprocessing as mp import subprocess import sys @@ -12,11 +13,21 @@ import rethinkdb as r from pymongo import uri_parser import bigchaindb +import bigchaindb.config_utils from bigchaindb import backend from bigchaindb.common.exceptions import StartupError from bigchaindb.version import __version__ +def configure_bigchaindb(command): + @functools.wraps(command) + def configure(args): + bigchaindb.config_utils.autoconfigure(filename=args.config, force=True) + command(args) + + return configure + + # We need this because `input` always prints on stdout, while it should print # to stderr. It's a very old bug, check it out here: # - https://bugs.python.org/issue1927 diff --git a/tests/commands/rethinkdb/test_commands.py b/tests/commands/rethinkdb/test_commands.py index 5208587e..f0ae1090 100644 --- a/tests/commands/rethinkdb/test_commands.py +++ b/tests/commands/rethinkdb/test_commands.py @@ -45,7 +45,7 @@ def test_set_shards(mock_reconfigure, monkeypatch, b): return {'shards': [{'replicas': [1]}]} monkeypatch.setattr(rethinkdb.RqlQuery, 'run', mockreturn_one_replica) - args = Namespace(num_shards=3) + args = Namespace(num_shards=3, config=None) run_set_shards(args) mock_reconfigure.assert_called_with(replicas=1, shards=3, dry_run=False) @@ -72,7 +72,7 @@ def test_set_shards_raises_exception(monkeypatch, b): monkeypatch.setattr(rethinkdb.RqlQuery, 'run', mockreturn_one_replica) monkeypatch.setattr(rethinkdb.ast.Table, 'reconfigure', mock_raise) - args = Namespace(num_shards=3) + args = Namespace(num_shards=3, config=None) with pytest.raises(SystemExit) as exc: run_set_shards(args) assert exc.value.args == ('Failed to reconfigure tables.',) @@ -88,7 +88,7 @@ def test_set_replicas(mock_reconfigure, monkeypatch, b): return {'shards': [1, 2]} monkeypatch.setattr(rethinkdb.RqlQuery, 'run', mockreturn_two_shards) - args = Namespace(num_replicas=2) + args = Namespace(num_replicas=2, config=None) run_set_replicas(args) mock_reconfigure.assert_called_with(replicas=2, shards=2, dry_run=False) @@ -115,7 +115,7 @@ def test_set_replicas_raises_exception(monkeypatch, b): monkeypatch.setattr(rethinkdb.RqlQuery, 'run', mockreturn_two_shards) monkeypatch.setattr(rethinkdb.ast.Table, 'reconfigure', mock_raise) - args = Namespace(num_replicas=2) + args = Namespace(num_replicas=2, config=None) with pytest.raises(SystemExit) as exc: run_set_replicas(args) assert exc.value.args == ('Failed to reconfigure tables.',) From ffe0eb60b9d776fde13e201bc68b7b02b3e52913 Mon Sep 17 00:00:00 2001 From: Brett Sun Date: Fri, 24 Feb 2017 13:44:50 +0100 Subject: [PATCH 083/283] Move tests related to commands/tests.py to separate test file --- tests/commands/test_commands.py | 54 +--------------------------- tests/commands/test_utils.py | 63 +++++++++++++++++++++++++++++++++ 2 files changed, 64 insertions(+), 53 deletions(-) create mode 100644 tests/commands/test_utils.py diff --git a/tests/commands/test_commands.py b/tests/commands/test_commands.py index cb9e7641..37bec6fa 100644 --- a/tests/commands/test_commands.py +++ b/tests/commands/test_commands.py @@ -1,6 +1,6 @@ import json from unittest.mock import Mock, patch -from argparse import Namespace, ArgumentTypeError +from argparse import Namespace import copy import pytest @@ -26,42 +26,6 @@ def test_make_sure_we_dont_remove_any_command(): assert parser.parse_args(['remove-replicas', 'localhost:27017']).command -def test_start_raises_if_command_not_implemented(): - from bigchaindb.commands.bigchain import utils - from bigchaindb.commands.bigchain import create_parser - - parser = create_parser() - - with pytest.raises(NotImplementedError): - # Will raise because `scope`, the third parameter, - # doesn't contain the function `run_start` - utils.start(parser, ['start'], {}) - - -def test_start_raises_if_no_arguments_given(): - from bigchaindb.commands.bigchain import utils - from bigchaindb.commands.bigchain import create_parser - - parser = create_parser() - - with pytest.raises(SystemExit): - utils.start(parser, [], {}) - - -@patch('multiprocessing.cpu_count', return_value=42) -def test_start_sets_multiprocess_var_based_on_cli_args(mock_cpu_count): - from bigchaindb.commands.bigchain import utils - from bigchaindb.commands.bigchain import create_parser - - def run_load(args): - return args - - parser = create_parser() - - assert utils.start(parser, ['load'], {'run_load': run_load}).multiprocess == 1 - assert utils.start(parser, ['load', '--multiprocess'], {'run_load': run_load}).multiprocess == 42 - - @patch('bigchaindb.commands.utils.start') def test_main_entrypoint(mock_start): from bigchaindb.commands.bigchain import main @@ -504,19 +468,3 @@ def test_run_remove_replicas(mock_remove_replicas): assert exc.value.args == ('err',) assert mock_remove_replicas.call_count == 1 mock_remove_replicas.reset_mock() - - -def test_mongodb_host_type(): - from bigchaindb.commands.utils import mongodb_host - - # bad port provided - with pytest.raises(ArgumentTypeError): - mongodb_host('localhost:11111111111') - - # no port information provided - with pytest.raises(ArgumentTypeError): - mongodb_host('localhost') - - # bad host provided - with pytest.raises(ArgumentTypeError): - mongodb_host(':27017') diff --git a/tests/commands/test_utils.py b/tests/commands/test_utils.py new file mode 100644 index 00000000..aadd24b5 --- /dev/null +++ b/tests/commands/test_utils.py @@ -0,0 +1,63 @@ +import argparse +import pytest + +from unittest.mock import patch + + +def test_start_raises_if_command_not_implemented(): + from bigchaindb.commands import utils + from bigchaindb.commands.bigchain import create_parser + + parser = create_parser() + + with pytest.raises(NotImplementedError): + # Will raise because `scope`, the third parameter, + # doesn't contain the function `run_start` + utils.start(parser, ['start'], {}) + + +def test_start_raises_if_no_arguments_given(): + from bigchaindb.commands import utils + from bigchaindb.commands.bigchain import create_parser + + parser = create_parser() + + with pytest.raises(SystemExit): + utils.start(parser, [], {}) + + +@patch('multiprocessing.cpu_count', return_value=42) +def test_start_sets_multiprocess_var_based_on_cli_args(mock_cpu_count): + from bigchaindb.commands import utils + + def run_mp_arg_test(args): + return args + + parser = argparse.ArgumentParser() + subparser = parser.add_subparsers(title='Commands', + dest='command') + mp_arg_test_parser = subparser.add_parser('mp_arg_test') + mp_arg_test_parser.add_argument('-m', '--multiprocess', + nargs='?', + type=int, + default=False) + + scope = {'run_mp_arg_test': run_mp_arg_test} + assert utils.start(parser, ['mp_arg_test'], scope).multiprocess == 1 + assert utils.start(parser, ['mp_arg_test', '--multiprocess'], scope).multiprocess == 42 + + +def test_mongodb_host_type(): + from bigchaindb.commands.utils import mongodb_host + + # bad port provided + with pytest.raises(argparse.ArgumentTypeError): + mongodb_host('localhost:11111111111') + + # no port information provided + with pytest.raises(argparse.ArgumentTypeError): + mongodb_host('localhost') + + # bad host provided + with pytest.raises(argparse.ArgumentTypeError): + mongodb_host(':27017') From 75d0a917d7bac8d16d98f058b42cb6821001eeb8 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Mon, 6 Mar 2017 15:25:50 +0100 Subject: [PATCH 084/283] Remove stderr check --- tests/commands/test_commands.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tests/commands/test_commands.py b/tests/commands/test_commands.py index 37bec6fa..e10b3157 100644 --- a/tests/commands/test_commands.py +++ b/tests/commands/test_commands.py @@ -95,12 +95,10 @@ def test_bigchain_export_my_pubkey_when_pubkey_set(capsys, monkeypatch): monkeypatch.setitem(config['keypair'], 'public', 'Charlie_Bucket') _, _ = capsys.readouterr() # has the effect of clearing capsys run_export_my_pubkey(args) - out, err = capsys.readouterr() + out, _ = capsys.readouterr() lines = out.splitlines() - err_lines = err.splitlines() assert config['keypair']['public'] in lines assert 'Charlie_Bucket' in lines - assert 'bigchaindb args = {}'.format(args) in err_lines def test_bigchain_export_my_pubkey_when_pubkey_not_set(monkeypatch): From e5dd5c665ba707fc40e9369889f92cff59f8761b Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Tue, 7 Mar 2017 13:15:31 +0100 Subject: [PATCH 085/283] address vrde's comments, reshuffle some exceptions around --- bigchaindb/backend/exceptions.py | 8 -------- bigchaindb/common/exceptions.py | 4 ++-- bigchaindb/core.py | 6 +++--- bigchaindb/exceptions.py | 8 ++++++++ bigchaindb/models.py | 6 +++--- tests/db/test_bigchain_api.py | 6 +++--- 6 files changed, 19 insertions(+), 19 deletions(-) diff --git a/bigchaindb/backend/exceptions.py b/bigchaindb/backend/exceptions.py index a5eff242..017e19e4 100644 --- a/bigchaindb/backend/exceptions.py +++ b/bigchaindb/backend/exceptions.py @@ -15,11 +15,3 @@ class OperationError(BackendError): class DuplicateKeyError(OperationError): """Exception raised when an insert fails because the key is not unique""" - - -class CriticalDoubleSpend(BigchainDBError): - """Data integrity error that requires attention""" - - -class CriticalDoubleInclusion(BigchainDBError): - """Data integrity error that requires attention""" diff --git a/bigchaindb/common/exceptions.py b/bigchaindb/common/exceptions.py index 76513010..5cffda7c 100644 --- a/bigchaindb/common/exceptions.py +++ b/bigchaindb/common/exceptions.py @@ -92,8 +92,8 @@ class AmountError(ValidationError): """Raised when there is a problem with a transaction's output amounts""" -class TransactionDoesNotExist(ValidationError): - """Raised if the transaction is not in the database""" +class InputDoesNotExist(ValidationError): + """Raised if a transaction input does not exist""" class TransactionOwnerError(ValidationError): diff --git a/bigchaindb/core.py b/bigchaindb/core.py index c0da6177..283969e3 100644 --- a/bigchaindb/core.py +++ b/bigchaindb/core.py @@ -4,6 +4,7 @@ import collections from time import time from itertools import compress +from bigchaindb import exceptions as core_exceptions from bigchaindb.common import crypto, exceptions from bigchaindb.common.utils import gen_timestamp, serialize from bigchaindb.common.transaction import TransactionLink @@ -11,7 +12,6 @@ from bigchaindb.common.transaction import TransactionLink import bigchaindb from bigchaindb import backend, config_utils, utils -from bigchaindb.backend import exceptions as backend_exceptions from bigchaindb.consensus import BaseConsensusRules from bigchaindb.models import Block, Transaction @@ -308,7 +308,7 @@ class Bigchain(object): if list(validity.values()).count(Bigchain.BLOCK_VALID) > 1: block_ids = str([block for block in validity if validity[block] == Bigchain.BLOCK_VALID]) - raise backend_exceptions.CriticalDoubleInclusion( + raise core_exceptions.CriticalDoubleInclusion( 'Transaction {tx} is present in ' 'multiple valid blocks: {block_ids}' .format(tx=txid, block_ids=block_ids)) @@ -361,7 +361,7 @@ class Bigchain(object): if self.get_transaction(transaction['id']): num_valid_transactions += 1 if num_valid_transactions > 1: - raise backend_exceptions.CriticalDoubleSpend( + raise core_exceptions.CriticalDoubleSpend( '`{}` was spent more than once. There is a problem' ' with the chain'.format(txid)) diff --git a/bigchaindb/exceptions.py b/bigchaindb/exceptions.py index d8a4cd73..336ce231 100644 --- a/bigchaindb/exceptions.py +++ b/bigchaindb/exceptions.py @@ -1,2 +1,10 @@ class BigchainDBError(Exception): """Base class for BigchainDB exceptions.""" + + +class CriticalDoubleSpend(BigchainDBError): + """Data integrity error that requires attention""" + + +class CriticalDoubleInclusion(BigchainDBError): + """Data integrity error that requires attention""" diff --git a/bigchaindb/models.py b/bigchaindb/models.py index fd71f98d..7c390967 100644 --- a/bigchaindb/models.py +++ b/bigchaindb/models.py @@ -1,6 +1,6 @@ from bigchaindb.common.crypto import hash_data, PublicKey, PrivateKey from bigchaindb.common.exceptions import (InvalidHash, InvalidSignature, - DoubleSpend, TransactionDoesNotExist, + DoubleSpend, InputDoesNotExist, TransactionNotInValidBlock, AssetIdMismatch, AmountError, SybilError, ValidationError) @@ -60,8 +60,8 @@ class Transaction(Transaction): get_transaction(input_txid, include_status=True) if input_tx is None: - raise TransactionDoesNotExist("input `{}` doesn't exist" - .format(input_txid)) + raise InputDoesNotExist("input `{}` doesn't exist" + .format(input_txid)) if status != bigchain.TX_VALID: raise TransactionNotInValidBlock( diff --git a/tests/db/test_bigchain_api.py b/tests/db/test_bigchain_api.py index d2cc82eb..b1f94b73 100644 --- a/tests/db/test_bigchain_api.py +++ b/tests/db/test_bigchain_api.py @@ -93,7 +93,7 @@ class TestBigchainApi(object): @pytest.mark.genesis def test_get_spent_with_double_inclusion_detected(self, b, monkeypatch): - from bigchaindb.backend.exceptions import CriticalDoubleInclusion + from bigchaindb.exceptions import CriticalDoubleInclusion from bigchaindb.models import Transaction tx = Transaction.create([b.me], [([b.me], 1)]) @@ -128,7 +128,7 @@ class TestBigchainApi(object): @pytest.mark.genesis def test_get_spent_with_double_spend_detected(self, b, monkeypatch): - from bigchaindb.backend.exceptions import CriticalDoubleSpend + from bigchaindb.exceptions import CriticalDoubleSpend from bigchaindb.models import Transaction tx = Transaction.create([b.me], [([b.me], 1)]) @@ -163,7 +163,7 @@ class TestBigchainApi(object): @pytest.mark.genesis def test_get_block_status_for_tx_with_double_inclusion(self, b, monkeypatch): - from bigchaindb.backend.exceptions import CriticalDoubleInclusion + from bigchaindb.exceptions import CriticalDoubleInclusion from bigchaindb.models import Transaction tx = Transaction.create([b.me], [([b.me], 1)]) From 1db8d59a880df7170c1e4cc3e889c22cad5072b8 Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Tue, 7 Mar 2017 13:24:20 +0100 Subject: [PATCH 086/283] use comma for arguments in logging calls instead of format operator --- bigchaindb/pipelines/block.py | 2 +- bigchaindb/pipelines/vote.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/bigchaindb/pipelines/block.py b/bigchaindb/pipelines/block.py index b1d6cdee..fd503867 100644 --- a/bigchaindb/pipelines/block.py +++ b/bigchaindb/pipelines/block.py @@ -76,7 +76,7 @@ class BlockPipeline: tx.validate(self.bigchain) return tx except ValidationError as e: - logger.warning('Invalid tx: %s' % e) + logger.warning('Invalid tx: %s', e) self.bigchain.delete_transaction(tx.id) return None diff --git a/bigchaindb/pipelines/vote.py b/bigchaindb/pipelines/vote.py index 0431e20b..e4273470 100644 --- a/bigchaindb/pipelines/vote.py +++ b/bigchaindb/pipelines/vote.py @@ -109,7 +109,7 @@ class Vote: tx.validate(self.bigchain) valid = True except exceptions.ValidationError as e: - logger.warning('Invalid tx: %s' % e) + logger.warning('Invalid tx: %s', e) valid = False return valid, block_id, num_tx From ca21c7b321c67b02ff6ade6cce5b7bbee5c154ae Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Tue, 7 Mar 2017 16:14:39 +0100 Subject: [PATCH 087/283] Remove all stuff related to 'bigchaindb load' in AWS scripts --- deploy-cluster-aws/awsdeploy.sh | 100 ++++++++---------- deploy-cluster-aws/example_deploy_conf.py | 4 - deploy-cluster-aws/fabfile.py | 15 --- deploy-cluster-aws/launch_ec2_nodes.py | 10 +- .../clusters-feds/aws-testing-cluster.md | 1 - 5 files changed, 46 insertions(+), 84 deletions(-) diff --git a/deploy-cluster-aws/awsdeploy.sh b/deploy-cluster-aws/awsdeploy.sh index 00d1f431..b733ef2d 100755 --- a/deploy-cluster-aws/awsdeploy.sh +++ b/deploy-cluster-aws/awsdeploy.sh @@ -39,7 +39,6 @@ fi echo "NUM_NODES = "$NUM_NODES echo "BRANCH = "$BRANCH -echo "WHAT_TO_DEPLOY = "$WHAT_TO_DEPLOY echo "SSH_KEY_NAME" = $SSH_KEY_NAME echo "USE_KEYPAIRS_FILE = "$USE_KEYPAIRS_FILE echo "IMAGE_ID = "$IMAGE_ID @@ -85,7 +84,7 @@ if [[ $CONFILES_COUNT != $NUM_NODES ]]; then fi # Auto-generate the tag to apply to all nodes in the cluster -TAG="BDB-"$WHAT_TO_DEPLOY"-"`date +%m-%d@%H:%M` +TAG="BDB-Server-"`date +%m-%d@%H:%M` echo "TAG = "$TAG # Change the file permissions on the SSH private key file @@ -121,25 +120,24 @@ fab install_base_software fab get_pip3 fab upgrade_setuptools -if [ "$WHAT_TO_DEPLOY" == "servers" ]; then - # (Re)create the RethinkDB configuration file conf/rethinkdb.conf - if [ "$ENABLE_WEB_ADMIN" == "True" ]; then - if [ "$BIND_HTTP_TO_LOCALHOST" == "True" ]; then - python create_rethinkdb_conf.py --enable-web-admin --bind-http-to-localhost - else - python create_rethinkdb_conf.py --enable-web-admin - fi +# (Re)create the RethinkDB configuration file conf/rethinkdb.conf +if [ "$ENABLE_WEB_ADMIN" == "True" ]; then + if [ "$BIND_HTTP_TO_LOCALHOST" == "True" ]; then + python create_rethinkdb_conf.py --enable-web-admin --bind-http-to-localhost else - python create_rethinkdb_conf.py + python create_rethinkdb_conf.py --enable-web-admin fi - # Rollout RethinkDB and start it - fab prep_rethinkdb_storage:$USING_EBS - fab install_rethinkdb - fab configure_rethinkdb - fab delete_rethinkdb_data - fab start_rethinkdb +else + python create_rethinkdb_conf.py fi +# Rollout RethinkDB and start it +fab prep_rethinkdb_storage:$USING_EBS +fab install_rethinkdb +fab configure_rethinkdb +fab delete_rethinkdb_data +fab start_rethinkdb + # Rollout BigchainDB (but don't start it yet) if [ "$BRANCH" == "pypi" ]; then fab install_bigchaindb_from_pypi @@ -156,48 +154,40 @@ fi # Configure BigchainDB on all nodes -if [ "$WHAT_TO_DEPLOY" == "servers" ]; then - # The idea is to send a bunch of locally-created configuration - # files out to each of the instances / nodes. +# The idea is to send a bunch of locally-created configuration +# files out to each of the instances / nodes. - # Assume a set of $NUM_NODES BigchaindB config files - # already exists in the confiles directory. - # One can create a set using a command like - # ./make_confiles.sh confiles $NUM_NODES - # (We can't do that here now because this virtual environment - # is a Python 2 environment that may not even have - # bigchaindb installed, so bigchaindb configure can't be called) +# Assume a set of $NUM_NODES BigchaindB config files +# already exists in the confiles directory. +# One can create a set using a command like +# ./make_confiles.sh confiles $NUM_NODES +# (We can't do that here now because this virtual environment +# is a Python 2 environment that may not even have +# bigchaindb installed, so bigchaindb configure can't be called) - # Transform the config files in the confiles directory - # to have proper keyrings etc. - if [ "$USE_KEYPAIRS_FILE" == "True" ]; then - python clusterize_confiles.py -k confiles $NUM_NODES - else - python clusterize_confiles.py confiles $NUM_NODES - fi - - # Send one of the config files to each instance - for (( HOST=0 ; HOST<$NUM_NODES ; HOST++ )); do - CONFILE="bcdb_conf"$HOST - echo "Sending "$CONFILE - fab set_host:$HOST send_confile:$CONFILE - done - - # Initialize BigchainDB (i.e. Create the RethinkDB database, - # the tables, the indexes, and genesis glock). Note that - # this will only be sent to one of the nodes, see the - # definition of init_bigchaindb() in fabfile.py to see why. - fab init_bigchaindb - fab set_shards:$NUM_NODES - echo "To set the replication factor to 3, do: fab set_replicas:3" - echo "To start BigchainDB on all the nodes, do: fab start_bigchaindb" +# Transform the config files in the confiles directory +# to have proper keyrings etc. +if [ "$USE_KEYPAIRS_FILE" == "True" ]; then + python clusterize_confiles.py -k confiles $NUM_NODES else - # Deploying clients - fab send_client_confile:client_confile - - # Start sending load from the clients to the servers - fab start_bigchaindb_load + python clusterize_confiles.py confiles $NUM_NODES fi +# Send one of the config files to each instance +for (( HOST=0 ; HOST<$NUM_NODES ; HOST++ )); do + CONFILE="bcdb_conf"$HOST + echo "Sending "$CONFILE + fab set_host:$HOST send_confile:$CONFILE +done + +# Initialize BigchainDB (i.e. Create the RethinkDB database, +# the tables, the indexes, and genesis glock). Note that +# this will only be sent to one of the nodes, see the +# definition of init_bigchaindb() in fabfile.py to see why. +fab init_bigchaindb +fab set_shards:$NUM_NODES +echo "To set the replication factor to 3, do: fab set_replicas:3" +echo "To start BigchainDB on all the nodes, do: fab start_bigchaindb" + # cleanup rm add2known_hosts.sh diff --git a/deploy-cluster-aws/example_deploy_conf.py b/deploy-cluster-aws/example_deploy_conf.py index 623151ef..6aab8f30 100644 --- a/deploy-cluster-aws/example_deploy_conf.py +++ b/deploy-cluster-aws/example_deploy_conf.py @@ -23,10 +23,6 @@ NUM_NODES=3 # It's where to get the BigchainDB code to be deployed on the nodes BRANCH="master" -# WHAT_TO_DEPLOY is either "servers" or "clients" -# What do you want to deploy? -WHAT_TO_DEPLOY="servers" - # SSH_KEY_NAME is the name of the SSH private key file # in $HOME/.ssh/ # It is used for SSH communications with AWS instances. diff --git a/deploy-cluster-aws/fabfile.py b/deploy-cluster-aws/fabfile.py index 9ef24edd..737109f9 100644 --- a/deploy-cluster-aws/fabfile.py +++ b/deploy-cluster-aws/fabfile.py @@ -237,15 +237,6 @@ def send_confile(confile): run('bigchaindb show-config') -@task -@parallel -def send_client_confile(confile): - put(confile, 'tempfile') - run('mv tempfile ~/.bigchaindb') - print('For this node, bigchaindb show-config says:') - run('bigchaindb show-config') - - # Initialize BigchainDB # i.e. create the database, the tables, # the indexes, and the genesis block. @@ -278,12 +269,6 @@ def start_bigchaindb(): sudo('screen -d -m bigchaindb -y start &', pty=False) -@task -@parallel -def start_bigchaindb_load(): - sudo('screen -d -m bigchaindb load &', pty=False) - - # Install and run New Relic @task @parallel diff --git a/deploy-cluster-aws/launch_ec2_nodes.py b/deploy-cluster-aws/launch_ec2_nodes.py index e02b7b62..5418069f 100644 --- a/deploy-cluster-aws/launch_ec2_nodes.py +++ b/deploy-cluster-aws/launch_ec2_nodes.py @@ -26,7 +26,7 @@ import boto3 from awscommon import get_naeips -SETTINGS = ['NUM_NODES', 'BRANCH', 'WHAT_TO_DEPLOY', 'SSH_KEY_NAME', +SETTINGS = ['NUM_NODES', 'BRANCH', 'SSH_KEY_NAME', 'USE_KEYPAIRS_FILE', 'IMAGE_ID', 'INSTANCE_TYPE', 'SECURITY_GROUP', 'USING_EBS', 'EBS_VOLUME_SIZE', 'EBS_OPTIMIZED', 'ENABLE_WEB_ADMIN', 'BIND_HTTP_TO_LOCALHOST'] @@ -77,9 +77,6 @@ if not isinstance(NUM_NODES, int): if not isinstance(BRANCH, str): raise SettingsTypeError('BRANCH should be a string') -if not isinstance(WHAT_TO_DEPLOY, str): - raise SettingsTypeError('WHAT_TO_DEPLOY should be a string') - if not isinstance(SSH_KEY_NAME, str): raise SettingsTypeError('SSH_KEY_NAME should be a string') @@ -117,11 +114,6 @@ if NUM_NODES > 64: 'The AWS deployment configuration file sets it to {}'. format(NUM_NODES)) -if WHAT_TO_DEPLOY not in ['servers', 'clients']: - raise ValueError('WHAT_TO_DEPLOY should be either "servers" or "clients". ' - 'The AWS deployment configuration file sets it to {}'. - format(WHAT_TO_DEPLOY)) - if SSH_KEY_NAME in ['not-set-yet', '', None]: raise ValueError('SSH_KEY_NAME should be set. ' 'The AWS deployment configuration file sets it to {}'. diff --git a/docs/server/source/clusters-feds/aws-testing-cluster.md b/docs/server/source/clusters-feds/aws-testing-cluster.md index ac1deff1..d4b4c12e 100644 --- a/docs/server/source/clusters-feds/aws-testing-cluster.md +++ b/docs/server/source/clusters-feds/aws-testing-cluster.md @@ -86,7 +86,6 @@ Step 2 is to make an AWS deployment configuration file, if necessary. There's an ```text NUM_NODES=3 BRANCH="master" -WHAT_TO_DEPLOY="servers" SSH_KEY_NAME="not-set-yet" USE_KEYPAIRS_FILE=False IMAGE_ID="ami-8504fdea" From 421b5b03b3ceca33d92d6c7133ed7345ef09c2cd Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Tue, 7 Mar 2017 17:41:25 +0100 Subject: [PATCH 088/283] Changed 'federation' to 'cluster' or 'consortium' in docs and some code --- benchmarking-tests/README.md | 2 +- deploy-cluster-aws/launch_ec2_nodes.py | 2 +- docs/root/source/assets.rst | 2 +- docs/root/source/decentralized.md | 14 +++++++------- docs/root/source/diversity.md | 4 ++-- docs/root/source/immutable.md | 6 +++--- docs/root/source/terminology.md | 10 +++++----- .../source/cloud-deployment-templates/index.rst | 2 +- docs/server/source/clusters-feds/backup.md | 4 ++-- docs/server/source/clusters-feds/index.rst | 6 +++--- ...{set-up-a-federation.md => set-up-a-cluster.md} | 10 +++++----- docs/server/source/data-models/block-model.rst | 8 ++++---- docs/server/source/introduction.md | 4 ++-- docs/server/source/nodes/node-assumptions.md | 4 ++-- docs/server/source/nodes/setup-run-node.md | 8 ++++---- 15 files changed, 43 insertions(+), 43 deletions(-) rename docs/server/source/clusters-feds/{set-up-a-federation.md => set-up-a-cluster.md} (69%) diff --git a/benchmarking-tests/README.md b/benchmarking-tests/README.md index 3ae00969..d94ec70b 100644 --- a/benchmarking-tests/README.md +++ b/benchmarking-tests/README.md @@ -1,3 +1,3 @@ # Benchmarking tests -This folder contains util files and test case folders to benchmark the performance of a BigchainDB federation. \ No newline at end of file +This folder contains util files and test case folders to benchmark the performance of a BigchainDB cluster. \ No newline at end of file diff --git a/deploy-cluster-aws/launch_ec2_nodes.py b/deploy-cluster-aws/launch_ec2_nodes.py index e02b7b62..3d10332b 100644 --- a/deploy-cluster-aws/launch_ec2_nodes.py +++ b/deploy-cluster-aws/launch_ec2_nodes.py @@ -298,7 +298,7 @@ print('Writing hostlist.py') with open('hostlist.py', 'w') as f: f.write('# -*- coding: utf-8 -*-\n') f.write('"""A list of the public DNS names of all the nodes in this\n') - f.write('BigchainDB cluster/federation.\n') + f.write('BigchainDB cluster.\n') f.write('"""\n') f.write('\n') f.write('from __future__ import unicode_literals\n') diff --git a/docs/root/source/assets.rst b/docs/root/source/assets.rst index 50b8ad25..14982406 100644 --- a/docs/root/source/assets.rst +++ b/docs/root/source/assets.rst @@ -3,7 +3,7 @@ How BigchainDB is Good for Asset Registrations & Transfers BigchainDB can store data of any kind (within reason), but it's designed to be particularly good for storing asset registrations and transfers: -* The fundamental thing that one submits to a BigchainDB federation to be checked and stored (if valid) is a *transaction*, and there are two kinds: CREATE transactions and TRANSFER transactions. +* The fundamental thing that one sends to a BigchainDB cluster, to be checked and stored (if valid), is a *transaction*, and there are two kinds: CREATE transactions and TRANSFER transactions. * A CREATE transaction can be use to register any kind of asset (divisible or indivisible), along with arbitrary metadata. * An asset can have zero, one, or several owners. * The owners of an asset can specify (crypto-)conditions which must be satisified by anyone wishing transfer the asset to new owners. For example, a condition might be that at least 3 of the 5 current owners must cryptographically sign a transfer transaction. diff --git a/docs/root/source/decentralized.md b/docs/root/source/decentralized.md index 7f0b8e95..3b82ae46 100644 --- a/docs/root/source/decentralized.md +++ b/docs/root/source/decentralized.md @@ -4,18 +4,18 @@ Decentralization means that no one owns or controls everything, and there is no Ideally, each node in a BigchainDB cluster is owned and controlled by a different person or organization. Even if the cluster lives within one organization, it's still preferable to have each node controlled by a different person or subdivision. -We use the phrase "BigchainDB federation" (or just "federation") to refer to the set of people and/or organizations who run the nodes of a BigchainDB cluster. A federation requires some form of governance to make decisions such as membership and policies. The exact details of the governance process are determined by each federation, but it can be very decentralized (e.g. purely vote-based, where each node gets a vote, and there are no special leadership roles). +We use the phrase "BigchainDB consortium" (or just "consortium") to refer to the set of people and/or organizations who run the nodes of a BigchainDB cluster. A consortium requires some form of governance to make decisions such as membership and policies. The exact details of the governance process are determined by each consortium, but it can be very decentralized (e.g. purely vote-based, where each node gets a vote, and there are no special leadership roles). -The actual data is decentralized in that it doesn’t all get stored in one place. Each federation node stores the primary of one shard and replicas of some other shards. (A shard is a subset of the total set of documents.) Sharding and replication are handled by RethinkDB. +If sharding is turned on (i.e. if the number of shards is larger than one), then the actual data is decentralized in that no one node stores all the data. -Every node has its own locally-stored list of the public keys of other federation members: the so-called keyring. There's no centrally-stored or centrally-shared keyring. +Every node has its own locally-stored list of the public keys of other consortium members: the so-called keyring. There's no centrally-stored or centrally-shared keyring. -A federation can increase its decentralization (and its resilience) by increasing its jurisdictional diversity, geographic diversity, and other kinds of diversity. This idea is expanded upon in [the section on node diversity](diversity.html). +A consortium can increase its decentralization (and its resilience) by increasing its jurisdictional diversity, geographic diversity, and other kinds of diversity. This idea is expanded upon in [the section on node diversity](diversity.html). -There’s no node that has a long-term special position in the federation. All nodes run the same software and perform the same duties. +There’s no node that has a long-term special position in the cluster. All nodes run the same software and perform the same duties. -RethinkDB has an “admin” user which can’t be deleted and which can make big changes to the database, such as dropping a table. Right now, that’s a big security vulnerability, but we have plans to mitigate it by: +RethinkDB and MongoDB have an “admin” user which can’t be deleted and which can make big changes to the database, such as dropping a table. Right now, that’s a big security vulnerability, but we have plans to mitigate it by: 1. Locking down the admin user as much as possible. -2. Having all nodes inspect RethinkDB admin-type requests before acting on them. Requests can be checked against an evolving whitelist of allowed actions (voted on by federation nodes). +2. Having all nodes inspect admin-type requests before acting on them. Requests can be checked against an evolving whitelist of allowed actions. Nodes requesing non-allowed requests can be removed from the list of cluster nodes. It’s worth noting that the RethinkDB admin user can’t transfer assets, even today. The only way to create a valid transfer transaction is to fulfill the current (crypto) conditions on the asset, and the admin user can’t do that because the admin user doesn’t have the necessary private keys (or preimages, in the case of hashlock conditions). They’re not stored in the database. diff --git a/docs/root/source/diversity.md b/docs/root/source/diversity.md index 4819a0af..20c9afb5 100644 --- a/docs/root/source/diversity.md +++ b/docs/root/source/diversity.md @@ -6,6 +6,6 @@ Steps should be taken to make it difficult for any one actor or event to control 2. **Geographic diversity.** The servers should be physically located at multiple geographic locations, so that it becomes difficult for a natural disaster (such as a flood or earthquake) to damage enough of them to cause problems. 3. **Hosting diversity.** The servers should be hosted by multiple hosting providers (e.g. Amazon Web Services, Microsoft Azure, Digital Ocean, Rackspace), so that it becomes difficult for one hosting provider to influence enough of the nodes. 4. **Operating system diversity.** The servers should use a variety of operating systems, so that a security bug in one OS can’t be used to exploit enough of the nodes. -5. **Diversity in general.** In general, membership diversity (of all kinds) confers many advantages on a federation. For example, it provides the federation with a source of various ideas for addressing challenges. +5. **Diversity in general.** In general, membership diversity (of all kinds) confers many advantages on a consortium. For example, it provides the consortium with a source of various ideas for addressing challenges. -Note: If all the nodes are running the same code, i.e. the same implementation of BigchainDB, then a bug in that code could be used to compromise all of the nodes. Ideally, there would be several different, well-maintained implementations of BigchainDB Server (e.g. one in Python, one in Go, etc.), so that a federation could also have a diversity of server implementations. +Note: If all the nodes are running the same code, i.e. the same implementation of BigchainDB, then a bug in that code could be used to compromise all of the nodes. Ideally, there would be several different, well-maintained implementations of BigchainDB Server (e.g. one in Python, one in Go, etc.), so that a consortium could also have a diversity of server implementations. diff --git a/docs/root/source/immutable.md b/docs/root/source/immutable.md index 28fb5999..a20c40b8 100644 --- a/docs/root/source/immutable.md +++ b/docs/root/source/immutable.md @@ -8,12 +8,12 @@ It’s true that blockchain data is more difficult to change than usual: it’s BigchainDB achieves strong tamper-resistance in the following ways: -1. **Replication.** All data is sharded and shards are replicated in several (different) places. The replication factor can be set by the federation. The higher the replication factor, the more difficult it becomes to change or delete all replicas. +1. **Replication.** All data is sharded and shards are replicated in several (different) places. The replication factor can be set by the consortium. The higher the replication factor, the more difficult it becomes to change or delete all replicas. 2. **Internal watchdogs.** All nodes monitor all changes and if some unallowed change happens, then appropriate action is taken. For example, if a valid block is deleted, then it is put back. -3. **External watchdogs.** Federations may opt to have trusted third-parties to monitor and audit their data, looking for irregularities. For federations with publicly-readable data, the public can act as an auditor. +3. **External watchdogs.** A consortium may opt to have trusted third-parties to monitor and audit their data, looking for irregularities. For a consortium with publicly-readable data, the public can act as an auditor. 4. **Cryptographic signatures** are used throughout BigchainDB as a way to check if messages (transactions, blocks and votes) have been tampered with enroute, and as a way to verify who signed the messages. Each block is signed by the node that created it. Each vote is signed by the node that cast it. A creation transaction is signed by the node that created it, although there are plans to improve that by adding signatures from the sending client and multiple nodes; see [Issue #347](https://github.com/bigchaindb/bigchaindb/issues/347). Transfer transactions can contain multiple inputs (fulfillments, one per asset transferred). Each fulfillment will typically contain one or more signatures from the owners (i.e. the owners before the transfer). Hashlock fulfillments are an exception; there’s an open issue ([#339](https://github.com/bigchaindb/bigchaindb/issues/339)) to address that. 5. **Full or partial backups** of the database may be recorded from time to time, possibly on magnetic tape storage, other blockchains, printouts, etc. 6. **Strong security.** Node owners can adopt and enforce strong security policies. 7. **Node diversity.** Diversity makes it so that no one thing (e.g. natural disaster or operating system bug) can compromise enough of the nodes. See [the section on the kinds of node diversity](diversity.html). -Some of these things come "for free" as part of the BigchainDB software, and others require some extra effort from the federation and node owners. +Some of these things come "for free" as part of the BigchainDB software, and others require some extra effort from the consortium and node owners. diff --git a/docs/root/source/terminology.md b/docs/root/source/terminology.md index fb2a3bdf..c4ef84c2 100644 --- a/docs/root/source/terminology.md +++ b/docs/root/source/terminology.md @@ -1,6 +1,6 @@ # Terminology -There is some specialized terminology associated with BigchainDB. To get started, you should at least know what what we mean by a BigchainDB *node*, *cluster* and *federation*. +There is some specialized terminology associated with BigchainDB. To get started, you should at least know what what we mean by a BigchainDB *node*, *cluster* and *consortium*. ## Node @@ -13,10 +13,10 @@ A **BigchainDB node** is a machine or set of closely-linked machines running Ret A set of BigchainDB nodes can connect to each other to form a **cluster**. Each node in the cluster runs the same software. A cluster contains one logical RethinkDB datastore. A cluster may have additional machines to do things such as cluster monitoring. -## Federation +## Consortium -The people and organizations that run the nodes in a cluster belong to a **federation** (i.e. another organization). A federation must have some sort of governance structure to make decisions. If a cluster is run by a single company, then the federation is just that company. +The people and organizations that run the nodes in a cluster belong to a **consortium** (i.e. another organization). A consortium must have some sort of governance structure to make decisions. If a cluster is run by a single company, then the "consortium" is just that company. -**What's the Difference Between a Cluster and a Federation?** +**What's the Difference Between a Cluster and a Consortium?** -A cluster is just a bunch of connected nodes. A federation is an organization which has a cluster, and where each node in the cluster has a different operator. Confusingly, we sometimes call a federation's cluster its "federation." You can probably tell what we mean from context. \ No newline at end of file +A cluster is just a bunch of connected nodes. A consortium is an organization which has a cluster, and where each node in the cluster has a different operator. \ No newline at end of file diff --git a/docs/server/source/cloud-deployment-templates/index.rst b/docs/server/source/cloud-deployment-templates/index.rst index 67a2ace4..666e2327 100644 --- a/docs/server/source/cloud-deployment-templates/index.rst +++ b/docs/server/source/cloud-deployment-templates/index.rst @@ -5,7 +5,7 @@ We have some "templates" to deploy a basic, working, but bare-bones BigchainDB n You don't have to use the tools we use in the templates. You can use whatever tools you prefer. -If you find the cloud deployment templates for nodes helpful, then you may also be interested in our scripts for :doc:`deploying a testing cluster on AWS <../clusters-feds/aws-testing-cluster>` (documented in the Clusters & Federations section). +If you find the cloud deployment templates for nodes helpful, then you may also be interested in our scripts for :doc:`deploying a testing cluster on AWS <../clusters-feds/aws-testing-cluster>` (documented in the Clusters section). .. toctree:: :maxdepth: 1 diff --git a/docs/server/source/clusters-feds/backup.md b/docs/server/source/clusters-feds/backup.md index 93fd9aac..5faf3465 100644 --- a/docs/server/source/clusters-feds/backup.md +++ b/docs/server/source/clusters-feds/backup.md @@ -64,7 +64,7 @@ In the future, it will be possible for clients to query for the blocks containin **How could we be sure blocks and votes from a client are valid?** -All blocks and votes are signed by federation nodes. Only federation nodes can produce valid signatures because only federation nodes have the necessary private keys. A client can't produce a valid signature for a block or vote. +All blocks and votes are signed by cluster nodes (owned and operated by consortium members). Only cluster nodes can produce valid signatures because only cluster nodes have the necessary private keys. A client can't produce a valid signature for a block or vote. **Could we restore an entire BigchainDB database using client-saved blocks and votes?** @@ -109,7 +109,7 @@ Considerations for BigchainDB: Although it's not advertised as such, RethinkDB's built-in replication feature is similar to continous backup, except the "backup" (i.e. the set of replica shards) is spread across all the nodes. One could take that idea a bit farther by creating a set of backup-only servers with one full backup: * Give all the original BigchainDB nodes (RethinkDB nodes) the server tag `original`. This is the default if you used the RethinkDB config file suggested in the section titled [Configure RethinkDB Server](../dev-and-test/setup-run-node.html#configure-rethinkdb-server). -* Set up a group of servers running RethinkDB only, and give them the server tag `backup`. The `backup` servers could be geographically separated from all the `original` nodes (or not; it's up to the federation). +* Set up a group of servers running RethinkDB only, and give them the server tag `backup`. The `backup` servers could be geographically separated from all the `original` nodes (or not; it's up to the consortium to decide). * Clients shouldn't be able to read from or write to servers in the `backup` set. * Send a RethinkDB reconfigure command to the RethinkDB cluster to make it so that the `original` set has the same number of replicas as before (or maybe one less), and the `backup` set has one replica. Also, make sure the `primary_replica_tag='original'` so that all primary shards live on the `original` nodes. diff --git a/docs/server/source/clusters-feds/index.rst b/docs/server/source/clusters-feds/index.rst index d13221ce..93258057 100644 --- a/docs/server/source/clusters-feds/index.rst +++ b/docs/server/source/clusters-feds/index.rst @@ -1,10 +1,10 @@ -Clusters & Federations -====================== +Clusters +======== .. toctree:: :maxdepth: 1 - set-up-a-federation + set-up-a-cluster backup aws-testing-cluster diff --git a/docs/server/source/clusters-feds/set-up-a-federation.md b/docs/server/source/clusters-feds/set-up-a-cluster.md similarity index 69% rename from docs/server/source/clusters-feds/set-up-a-federation.md rename to docs/server/source/clusters-feds/set-up-a-cluster.md index ed1ddd1a..c8193dd2 100644 --- a/docs/server/source/clusters-feds/set-up-a-federation.md +++ b/docs/server/source/clusters-feds/set-up-a-cluster.md @@ -1,11 +1,11 @@ -# Set Up a Federation +# Set Up a Cluster -This section is about how to set up a BigchainDB _federation_, where each node is operated by a different operator. If you want to set up and run a testing cluster on AWS (where all nodes are operated by you), then see [the section about that](aws-testing-cluster.html). +This section is about how to set up a BigchainDB cluster where each node is operated by a different operator. If you want to set up and run a testing cluster on AWS (where all nodes are operated by you), then see [the section about that](aws-testing-cluster.html). ## Initial Checklist -* Do you have a governance process for making federation-level decisions, such as how to admit new members? +* Do you have a governance process for making consortium-level decisions, such as how to admit new members? * What will you store in creation transactions (data payload)? Is there a data schema? * Will you use transfer transactions? Will they include a non-empty data payload? * Who will be allowed to submit transactions? Who will be allowed to read or query transactions? How will you enforce the access rules? @@ -13,7 +13,7 @@ This section is about how to set up a BigchainDB _federation_, where each node i ## Set Up the Initial Cluster -The federation must decide some things before setting up the initial cluster (initial set of BigchainDB nodes): +The consortium must decide some things before setting up the initial cluster (initial set of BigchainDB nodes): 1. Who will operate a node in the initial cluster? 2. What will the replication factor be? (It must be 3 or more for [RethinkDB failover](https://rethinkdb.com/docs/failover/) to work.) @@ -21,7 +21,7 @@ The federation must decide some things before setting up the initial cluster (in Once those things have been decided, each node operator can begin setting up their BigchainDB (production) node. -Each node operator will eventually need two pieces of information from all other nodes in the federation: +Each node operator will eventually need two pieces of information from all other nodes: 1. Their RethinkDB hostname, e.g. `rdb.farm2.organization.org` 2. Their BigchainDB public key, e.g. `Eky3nkbxDTMgkmiJC8i5hKyVFiAQNmPP4a2G4JdDxJCK` diff --git a/docs/server/source/data-models/block-model.rst b/docs/server/source/data-models/block-model.rst index 3c94fca1..8b184261 100644 --- a/docs/server/source/data-models/block-model.rst +++ b/docs/server/source/data-models/block-model.rst @@ -11,7 +11,7 @@ A block has the following structure: "timestamp": "", "transactions": [""], "node_pubkey": "", - "voters": [""] + "voters": [""] }, "signature": "" } @@ -23,9 +23,9 @@ A block has the following structure: - ``timestamp``: The Unix time when the block was created. It's provided by the node that created the block. - ``transactions``: A list of the transactions included in the block. - ``node_pubkey``: The public key of the node that created the block. - - ``voters``: A list of the public keys of federation nodes at the time the block was created. - It's the list of federation nodes which can cast a vote on this block. - This list can change from block to block, as nodes join and leave the federation. + - ``voters``: A list of the public keys of all cluster nodes at the time the block was created. + It's the list of nodes which can cast a vote on this block. + This list can change from block to block, as nodes join and leave the cluster. - ``signature``: :ref:`Cryptographic signature ` of the block by the node that created the block (i.e. the node with public key ``node_pubkey``). To generate the signature, the node signs the serialized inner ``block`` (the same thing that was hashed to determine the ``id``) using the private key corresponding to ``node_pubkey``. diff --git a/docs/server/source/introduction.md b/docs/server/source/introduction.md index b9e6bf0a..02cf5ecf 100644 --- a/docs/server/source/introduction.md +++ b/docs/server/source/introduction.md @@ -10,7 +10,7 @@ Note that there are a few kinds of nodes: - A **bare-bones node** is a node deployed in the cloud, either as part of a testing cluster or as a starting point before upgrading the node to be production-ready. Our cloud deployment templates deploy a bare-bones node, as do our scripts for deploying a testing cluster on AWS. -- A **production node** is a node that is part of a federation's BigchainDB cluster. A production node has the most components and requirements. +- A **production node** is a node that is part of a consortium's BigchainDB cluster. A production node has the most components and requirements. ## Setup Instructions for Various Cases @@ -19,7 +19,7 @@ Note that there are a few kinds of nodes: * [Set up and run a bare-bones node in the cloud](cloud-deployment-templates/index.html) * [Set up and run a local dev/test node for developing and testing BigchainDB Server](dev-and-test/setup-run-node.html) * [Deploy a testing cluster on AWS](clusters-feds/aws-testing-cluster.html) -* [Set up and run a federation (including production nodes)](clusters-feds/set-up-a-federation.html) +* [Set up and run a cluster (including production nodes)](clusters-feds/set-up-a-cluster.html) Instructions for setting up a client will be provided once there's a public test net. diff --git a/docs/server/source/nodes/node-assumptions.md b/docs/server/source/nodes/node-assumptions.md index f7e8379f..8275be32 100644 --- a/docs/server/source/nodes/node-assumptions.md +++ b/docs/server/source/nodes/node-assumptions.md @@ -1,12 +1,12 @@ # Production Node Assumptions -If you're not sure what we mean by a BigchainDB *node*, *cluster*, *federation*, or *production node*, then see [the section in the Introduction where we defined those terms](../introduction.html#some-basic-vocabulary). +If you're not sure what we mean by a BigchainDB *node*, *cluster*, *consortium*, or *production node*, then see [the section in the Introduction where we defined those terms](../introduction.html#some-basic-vocabulary). We make some assumptions about production nodes: 1. **Each production node is set up and managed by an experienced professional system administrator (or a team of them).** -2. Each production node in a federation's cluster is managed by a different person or team. +2. Each production node in a cluster is managed by a different person or team. Because of the first assumption, we don't provide a detailed cookbook explaining how to secure a server, or other things that a sysadmin should know. (We do provide some [templates](../cloud-deployment-templates/index.html), but those are just a starting point.) diff --git a/docs/server/source/nodes/setup-run-node.md b/docs/server/source/nodes/setup-run-node.md index 41a9cdd1..cace5003 100644 --- a/docs/server/source/nodes/setup-run-node.md +++ b/docs/server/source/nodes/setup-run-node.md @@ -19,7 +19,7 @@ There are some [notes on BigchainDB-specific firewall setup](../appendices/firew A BigchainDB node uses its system clock to generate timestamps for blocks and votes, so that clock should be kept in sync with some standard clock(s). The standard way to do that is to run an NTP daemon (Network Time Protocol daemon) on the node. (You could also use tlsdate, which uses TLS timestamps rather than NTP, but don't: it's not very accurate and it will break with TLS 1.3, which removes the timestamp.) -NTP is a standard protocol. There are many NTP daemons implementing it. We don't recommend a particular one. On the contrary, we recommend that different nodes in a federation run different NTP daemons, so that a problem with one daemon won't affect all nodes. +NTP is a standard protocol. There are many NTP daemons implementing it. We don't recommend a particular one. On the contrary, we recommend that different nodes in a cluster run different NTP daemons, so that a problem with one daemon won't affect all nodes. Please see the [notes on NTP daemon setup](../appendices/ntp-notes.html) in the Appendices. @@ -72,7 +72,7 @@ direct-io join=node0_hostname:29015 join=node1_hostname:29015 join=node2_hostname:29015 -# continue until there's a join= line for each node in the federation +# continue until there's a join= line for each node in the cluster ``` * `directory=/data` tells the RethinkDB node to store its share of the database data in `/data`. @@ -153,7 +153,7 @@ Edit the created config file: * Open `$HOME/.bigchaindb` (the created config file) in your text editor. * Change `"server": {"bind": "localhost:9984", ... }` to `"server": {"bind": "0.0.0.0:9984", ... }`. This makes it so traffic can come from any IP address to port 9984 (the HTTP Client-Server API port). -* Change `"keyring": []` to `"keyring": ["public_key_of_other_node_A", "public_key_of_other_node_B", "..."]` i.e. a list of the public keys of all the other nodes in the federation. The keyring should _not_ include your node's public key. +* Change `"keyring": []` to `"keyring": ["public_key_of_other_node_A", "public_key_of_other_node_B", "..."]` i.e. a list of the public keys of all the other nodes in the cluster. The keyring should _not_ include your node's public key. For more information about the BigchainDB config file, see [Configuring a BigchainDB Node](configuration.html). @@ -185,7 +185,7 @@ where: * `bigchaindb init` creates the database within RethinkDB, the tables, the indexes, and the genesis block. * `numshards` should be set to the number of nodes in the initial cluster. -* `numreplicas` should be set to the database replication factor decided by the federation. It must be 3 or more for [RethinkDB failover](https://rethinkdb.com/docs/failover/) to work. +* `numreplicas` should be set to the database replication factor decided by the consortium. It must be 3 or more for [RethinkDB failover](https://rethinkdb.com/docs/failover/) to work. Once the RethinkDB database is configured, every node operator can start BigchainDB using: ```text From a3fccbc599c47457abd11f954bec9a0384f4e21b Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Wed, 8 Mar 2017 13:01:52 +0100 Subject: [PATCH 089/283] change TransactionDoesNotExist to InputDoesNotExist in tests --- tests/db/test_bigchain_api.py | 8 ++++---- tests/web/test_transactions.py | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/db/test_bigchain_api.py b/tests/db/test_bigchain_api.py index b1f94b73..c39a104f 100644 --- a/tests/db/test_bigchain_api.py +++ b/tests/db/test_bigchain_api.py @@ -567,7 +567,7 @@ class TestBigchainApi(object): @pytest.mark.usefixtures('inputs') def test_non_create_input_not_found(self, b, user_pk): from cryptoconditions import Ed25519Fulfillment - from bigchaindb.common.exceptions import TransactionDoesNotExist + from bigchaindb.common.exceptions import InputDoesNotExist from bigchaindb.common.transaction import Input, TransactionLink from bigchaindb.models import Transaction from bigchaindb import Bigchain @@ -579,7 +579,7 @@ class TestBigchainApi(object): tx = Transaction.transfer([input], [([user_pk], 1)], asset_id='mock_asset_link') - with pytest.raises(TransactionDoesNotExist): + with pytest.raises(InputDoesNotExist): tx.validate(Bigchain()) def test_count_backlog(self, b, user_pk): @@ -615,11 +615,11 @@ class TestTransactionValidation(object): assert excinfo.value.args[0] == 'Only `CREATE` transactions can have null inputs' def test_non_create_input_not_found(self, b, user_pk, signed_transfer_tx): - from bigchaindb.common.exceptions import TransactionDoesNotExist + from bigchaindb.common.exceptions import InputDoesNotExist from bigchaindb.common.transaction import TransactionLink signed_transfer_tx.inputs[0].fulfills = TransactionLink('c', 0) - with pytest.raises(TransactionDoesNotExist): + with pytest.raises(InputDoesNotExist): b.validate_transaction(signed_transfer_tx) @pytest.mark.usefixtures('inputs') diff --git a/tests/web/test_transactions.py b/tests/web/test_transactions.py index cf4105e9..5533dbd0 100644 --- a/tests/web/test_transactions.py +++ b/tests/web/test_transactions.py @@ -113,7 +113,7 @@ def test_post_create_transaction_with_invalid_schema(client, caplog): ('InvalidHash', 'Do not smoke that!'), ('InvalidSignature', 'Falsche Unterschrift!'), ('ValidationError', 'Create and transfer!'), - ('TransactionDoesNotExist', 'Hallucinations?'), + ('InputDoesNotExist', 'Hallucinations?'), ('TransactionOwnerError', 'Not yours!'), ('TransactionNotInValidBlock', 'Wait, maybe?'), ('ValidationError', '?'), From e011f50bc70318a19bd8abaa01c21c4e1b578baa Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Wed, 8 Mar 2017 17:33:35 +0100 Subject: [PATCH 090/283] remove stray test --- tests/test_core.py | 9 --------- 1 file changed, 9 deletions(-) diff --git a/tests/test_core.py b/tests/test_core.py index cd2b96d2..8e0a63fc 100644 --- a/tests/test_core.py +++ b/tests/test_core.py @@ -82,15 +82,6 @@ def test_get_blocks_status_containing_tx(monkeypatch): bigchain.get_blocks_status_containing_tx('txid') -@pytest.mark.parametrize('exists', (True, False)) -def test_transaction_exists(monkeypatch, exists): - from bigchaindb.core import Bigchain - monkeypatch.setattr( - 'bigchaindb.backend.query.has_transaction', lambda x, y: exists) - bigchain = Bigchain(public_key='pubkey', private_key='privkey') - assert bigchain.transaction_exists('txid') is exists - - def test_has_previous_vote(monkeypatch): from bigchaindb.core import Bigchain monkeypatch.setattr( From 7dbd374838e2137c8db9d82143680f91b688e965 Mon Sep 17 00:00:00 2001 From: Krish Date: Thu, 9 Mar 2017 16:53:00 +0100 Subject: [PATCH 091/283] Running a single node on k8s (#1269) * Single node as a StatefulSet in k8s - uses bigchaindb/bigchaindb:0.9.1 * Updating README * rdb, mdb as stateful services * [WIP] bdb as a statefulset * [WIP] bdb w/ rdb and bdb w/ mdb backends - does not work as of now * Split mdb & bdb into separate pods + enhancements * discovery of the mongodb service by the bdb pod by using dns name. * using separate storage classes to map 2 different volumes exposed by the mongo docker container; one for /data/db (dbPath) and the other for /data/configdb (configDB). * using the `persistentVolumeReclaimPolicy: Retain` in k8s pvc. However, this seems to be unsupported in Azure and the disks still show a reclaim policy of `delete`. * mongodb container runs the `mongod` process as user `mongodb` and group `mongodb. The corresponding `uid` and `gid` for the `mongod` process is 999 and 999 respectively. When the constinaer runs on a host with a mounted disk, the writes fail, when there is no user with uid 999. To avoid this, I use the docker provided feature of --cap-add=FOWNER in k8s. This bypasses the uid and gid permission checks during writes and allows writes. Ref: https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities * Delete redundant k8s files, add cluster deletion steps. * Single node as a StatefulSet in k8s - uses bigchaindb/bigchaindb:0.9.1 * Updating README * rdb, mdb as stateful services * [WIP] bdb as a statefulset * [WIP] bdb w/ rdb and bdb w/ mdb backends - does not work as of now * Split mdb & bdb into separate pods + enhancements * discovery of the mongodb service by the bdb pod by using dns name. * using separate storage classes to map 2 different volumes exposed by the mongo docker container; one for /data/db (dbPath) and the other for /data/configdb (configDB). * using the `persistentVolumeReclaimPolicy: Retain` in k8s pvc. However, this seems to be unsupported in Azure and the disks still show a reclaim policy of `delete`. * mongodb container runs the `mongod` process as user `mongodb` and group `mongodb. The corresponding `uid` and `gid` for the `mongod` process is 999 and 999 respectively. When the constinaer runs on a host with a mounted disk, the writes fail, when there is no user with uid 999. To avoid this, I use the docker provided feature of --cap-add=FOWNER in k8s. This bypasses the uid and gid permission checks during writes and allows writes. Ref: https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities * Delete redundant k8s files, add cluster deletion steps. * Documentation: running a single node with distinct mongodb and bigchaindb pods on k8s * Updates as per @ttmc's comments --- .../node-on-kubernetes.rst | 238 ++++++++++++------ .../template-kubernetes-azure.rst | 51 +++- k8s/bigchaindb/bigchaindb-dep.yaml | 83 ++++++ k8s/deprecated.to.del/bdb-mdb-dep.yaml | 89 +++++++ k8s/deprecated.to.del/bdb-rdb-dep.yaml | 87 +++++++ k8s/{ => deprecated.to.del}/node-mdb-ss.yaml | 4 +- k8s/{ => deprecated.to.del}/node-rdb-ss.yaml | 0 k8s/deprecated.to.del/node-ss.yaml | 89 +++++++ k8s/deprecated.to.del/rethinkdb-ss.yaml | 75 ++++++ k8s/mongodb/mongo-data-configdb-pvc.yaml | 18 ++ k8s/mongodb/mongo-data-configdb-sc.yaml | 12 + k8s/mongodb/mongo-data-db-pvc.yaml | 18 ++ k8s/mongodb/mongo-data-db-sc.yaml | 12 + k8s/mongodb/mongo-ss.yaml | 76 ++++++ k8s/toolbox/Dockerfile | 12 + k8s/toolbox/README.md | 12 + 16 files changed, 793 insertions(+), 83 deletions(-) create mode 100644 k8s/bigchaindb/bigchaindb-dep.yaml create mode 100644 k8s/deprecated.to.del/bdb-mdb-dep.yaml create mode 100644 k8s/deprecated.to.del/bdb-rdb-dep.yaml rename k8s/{ => deprecated.to.del}/node-mdb-ss.yaml (97%) rename k8s/{ => deprecated.to.del}/node-rdb-ss.yaml (100%) create mode 100644 k8s/deprecated.to.del/node-ss.yaml create mode 100644 k8s/deprecated.to.del/rethinkdb-ss.yaml create mode 100644 k8s/mongodb/mongo-data-configdb-pvc.yaml create mode 100644 k8s/mongodb/mongo-data-configdb-sc.yaml create mode 100644 k8s/mongodb/mongo-data-db-pvc.yaml create mode 100644 k8s/mongodb/mongo-data-db-sc.yaml create mode 100644 k8s/mongodb/mongo-ss.yaml create mode 100644 k8s/toolbox/Dockerfile create mode 100644 k8s/toolbox/README.md diff --git a/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst b/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst index 1a8e5deb..e1ed43e7 100644 --- a/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst +++ b/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst @@ -32,18 +32,34 @@ then you can get the ``~/.kube/config`` file using: --name -Step 3: Create a StorageClass ------------------------------ +Step 3: Create Storage Classes +------------------------------ MongoDB needs somewhere to store its data persistently, outside the container where MongoDB is running. + +The official MongoDB Docker container exports two volume mounts with correct +permissions from inside the container: + + +* The directory where the mongod instance stores its data - ``/data/db``, + described at `storage.dbpath `_. + +* The directory where mongodb instance stores the metadata for a sharded + cluster - ``/data/configdb/``, described at + `sharding.configDB `_. + + Explaining how Kubernetes handles persistent volumes, and the associated terminology, is beyond the scope of this documentation; see `the Kubernetes docs about persistent volumes `_. -The first thing to do is create a Kubernetes StorageClass. +The first thing to do is create the Kubernetes storage classes. +We will accordingly create two storage classes and persistent volume claims in +Kubernetes. + **Azure.** First, you need an Azure storage account. If you deployed your Kubernetes cluster on Azure @@ -67,25 +83,26 @@ the PersistentVolumeClaim would get stuck in a "Pending" state. For future reference, the command to create a storage account is `az storage account create `_. -Create a Kubernetes Storage Class named ``slow`` -by writing a file named ``azureStorageClass.yml`` containing: -.. code:: yaml - - kind: StorageClass - apiVersion: storage.k8s.io/v1beta1 - metadata: - name: slow - provisioner: kubernetes.io/azure-disk - parameters: - skuName: Standard_LRS - location: - -and then: +Get the files ``mongo-data-db-sc.yaml`` and ``mongo-data-configdb-sc.yaml`` +from GitHub using: .. code:: bash - $ kubectl apply -f azureStorageClass.yml + $ wget https://raw.githubusercontent.com/bigchaindb/bigchaindb/master/k8s/mongodb/mongo-data-db-sc.yaml + $ wget https://raw.githubusercontent.com/bigchaindb/bigchaindb/master/k8s/mongodb/mongo-data-configdb-sc.yaml + +You may want to update the ``parameters.location`` field in both the files to +specify the location you are using in Azure. + + +Create the required StorageClass using + +.. code:: bash + + $ kubectl apply -f mongo-data-db-sc.yaml + $ kubectl apply -f mongo-data-configdb-sc.yaml + You can check if it worked using ``kubectl get storageclasses``. @@ -99,27 +116,19 @@ Kubernetes just looks for a storageAccount with the specified skuName and location. -Step 4: Create a PersistentVolumeClaim --------------------------------------- +Step 4: Create Persistent Volume Claims +--------------------------------------- -Next, you'll create a PersistentVolumeClaim named ``mongoclaim``. -Create a file named ``mongoclaim.yml`` -with the following contents: +Next, we'll create two PersistentVolumeClaim objects ``mongo-db-claim`` and +``mongo-configdb-claim``. -.. code:: yaml +Get the files ``mongo-data-db-sc.yaml`` and ``mongo-data-configdb-sc.yaml`` +from GitHub using: - kind: PersistentVolumeClaim - apiVersion: v1 - metadata: - name: mongoclaim - annotations: - volume.beta.kubernetes.io/storage-class: slow - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi +.. code:: bash + + $ wget https://raw.githubusercontent.com/bigchaindb/bigchaindb/master/k8s/mongodb/mongo-data-db-pvc.yaml + $ wget https://raw.githubusercontent.com/bigchaindb/bigchaindb/master/k8s/mongodb/mongo-data-configdb-pvc.yaml Note how there's no explicit mention of Azure, AWS or whatever. ``ReadWriteOnce`` (RWO) means the volume can be mounted as @@ -128,67 +137,144 @@ read-write by a single Kubernetes node. by AzureDisk.) ``storage: 20Gi`` means the volume has a size of 20 `gibibytes `_. -(You can change that if you like.) -Create ``mongoclaim`` in your Kubernetes cluster: +You may want to update the ``spec.resources.requests.storage`` field in both +the files to specify a different disk size. + +Create the required PersistentVolumeClaim using: .. code:: bash - $ kubectl apply -f mongoclaim.yml + $ kubectl apply -f mongo-data-db-pvc.yaml + $ kubectl apply -f mongo-data-configdb-pvc.yaml -You can check its status using: -.. code:: bash +You can check its status using: ``kubectl get pvc -w`` - $ kubectl get pvc - -Initially, the status of ``mongoclaim`` might be "Pending" +Initially, the status of persistent volume claims might be "Pending" but it should become "Bound" fairly quickly. -.. code:: bash - $ kubectl describe pvc - Name: mongoclaim - Namespace: default - StorageClass: slow - Status: Bound - Volume: pvc-ebed81f1-fdca-11e6-abf0-000d3a27ab21 - Labels: - Capacity: 20Gi - Access Modes: RWO - No events. +Now we are ready to run MongoDB and BigchainDB on our Kubernetes cluster. +Step 5: Run MongoDB as a StatefulSet +------------------------------------ -Step 5: Deploy MongoDB & BigchainDB ------------------------------------ - -Now you can deploy MongoDB and BigchainDB to your Kubernetes cluster. -Currently, the way we do that is we create a StatefulSet with two -containers: BigchainDB and MongoDB. (In the future, we'll put them -in separate pods, and we'll ensure those pods are in different nodes.) -We expose BigchainDB's port 9984 (the HTTP API port) -and MongoDB's port 27017 using a Kubernetes Service. - -Get the file ``node-mdb-ss.yaml`` from GitHub using: +Get the file ``mongo-ss.yaml`` from GitHub using: .. code:: bash - $ wget https://raw.githubusercontent.com/bigchaindb/bigchaindb/master/k8s/node-mdb-ss.yaml + $ wget https://raw.githubusercontent.com/bigchaindb/bigchaindb/master/k8s/mongodb/mongo-ss.yaml -Take a look inside that file to see how it defines the Service -and the StatefulSet. -Note how the MongoDB container uses the ``mongoclaim`` PersistentVolumeClaim -for its ``/data`` diretory (mount path). -Create the StatefulSet and Service in your cluster using: +Note how the MongoDB container uses the ``mongo-db-claim`` and the +``mongo-configdb-claim`` PersistentVolumeClaims for its ``/data/db`` and +``/data/configdb`` diretories (mount path). Note also that we use the pod's +``securityContext.capabilities.add`` specification to add the ``FOWNER`` +capability to the container. + +That is because MongoDB container has the user ``mongodb``, with uid ``999`` +and group ``mongodb``, with gid ``999``. +When this container runs on a host with a mounted disk, the writes fail when +there is no user with uid ``999``. + +To avoid this, we use the Docker feature of ``--cap-add=FOWNER``. +This bypasses the uid and gid permission checks during writes and allows data +to be persisted to disk. +Refer to the +`Docker doc `_ +for details. + +As we gain more experience running MongoDB in testing and production, we will +tweak the ``resources.limits.cpu`` and ``resources.limits.memory``. +We will also stop exposing port ``27017`` globally and/or allow only certain +hosts to connect to the MongoDB instance in the future. + +Create the required StatefulSet using: .. code:: bash - $ kubectl apply -f node-mdb-ss.yaml + $ kubectl apply -f mongo-ss.yaml -You can check that they're working using: +You can check its status using the commands ``kubectl get statefulsets -w`` +and ``kubectl get svc -w`` + + +Step 6: Run BigchainDB as a Deployment +-------------------------------------- + +Get the file ``bigchaindb-dep.yaml`` from GitHub using: .. code:: bash - $ kubectl get services - $ kubectl get statefulsets + $ wget https://raw.githubusercontent.com/bigchaindb/bigchaindb/master/k8s/bigchaindb/bigchaindb-dep.yaml + +Note that we set the ``BIGCHAINDB_DATABASE_HOST`` to ``mdb`` which is the name +of the MongoDB service defined earlier. + +We also hardcode the ``BIGCHAINDB_KEYPAIR_PUBLIC``, +``BIGCHAINDB_KEYPAIR_PRIVATE`` and ``BIGCHAINDB_KEYRING`` for now. + +As we gain more experience running BigchainDB in testing and production, we +will tweak the ``resources.limits`` values for CPU and memory, and as richer +monitoring and probing becomes available in BigchainDB, we will tweak the +``livenessProbe`` and ``readinessProbe`` parameters. + +We also plan to specify scheduling policies for the BigchainDB deployment so +that we ensure that BigchainDB and MongoDB are running in separate nodes, and +build security around the globally exposed port ``9984``. + +Create the required Deployment using: + +.. code:: bash + + $ kubectl apply -f bigchaindb-dep.yaml + +You can check its status using the command ``kubectl get deploy -w`` + + +Step 7: Verify the BigchainDB Node Setup +---------------------------------------- + +Step 7.1: Testing Externally +^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Try to access the ``:9984`` on your +browser. You must receive a json output that shows the BigchainDB server +version among other things. + +Try to access the ``:27017`` on your +browser. You must receive a message from MongoDB stating that it doesn't allow +HTTP connections to the port anymore. + + +Step 7.2: Testing Internally +^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Run a container that provides utilities like ``nslookup``, ``curl`` and ``dig`` +on the cluster and query the internal DNS and IP endpoints. + +.. code:: bash + + $ kubectl run -it toolbox -- image --restart=Never --rm + +It will drop you to the shell prompt. +Now we can query for the ``mdb`` and ``bdb`` service details. + +.. code:: bash + + $ nslookup mdb + $ dig +noall +answer _mdb_port._tcp.mdb.default.svc.cluster.local SRV + $ curl -X GET http://mdb:27017 + $ curl -X GET http://bdb:9984 + +There is a generic image based on alpine:3.5 with the required utilities +hosted at Docker Hub under ``bigchaindb/toolbox``. +The corresponding Dockerfile is `here +`_. +You can use it as below to get started immediately: + +.. code:: bash + + $ kubectl run -it toolbox --image bigchaindb/toolbox --restart=Never --rm + diff --git a/docs/server/source/cloud-deployment-templates/template-kubernetes-azure.rst b/docs/server/source/cloud-deployment-templates/template-kubernetes-azure.rst index 0fe8c378..d5c9a20d 100644 --- a/docs/server/source/cloud-deployment-templates/template-kubernetes-azure.rst +++ b/docs/server/source/cloud-deployment-templates/template-kubernetes-azure.rst @@ -94,7 +94,9 @@ Finally, you can deploy an ACS using something like: $ az acs create --name \ --resource-group \ + --master-count 3 \ --agent-count 3 \ + --admin-username ubuntu \ --agent-vm-size Standard_D2_v2 \ --dns-prefix \ --ssh-key-value ~/.ssh/.pub \ @@ -113,9 +115,6 @@ go to **Resource groups** (with the blue cube icon) and click on the one you created to see all the resources in it. -Next, you can :doc:`run a BigchainDB node on your new -Kubernetes cluster `. - Optional: SSH to Your New Kubernetes Cluster Nodes -------------------------------------------------- @@ -125,11 +124,10 @@ You can SSH to one of the just-deployed Kubernetes "master" nodes .. code:: bash - $ ssh -i ~/.ssh/.pub azureuser@ + $ ssh -i ~/.ssh/.pub ubuntu@ where you can get the IP address or hostname of a master node from the Azure Portal. -Note how the default username is ``azureuser``. The "agent" nodes don't get public IP addresses or hostnames, so you can't SSH to them *directly*, @@ -141,5 +139,48 @@ the master (a bad idea), or use something like `SSH agent forwarding `_ (better). + +Optional: Set up SSH Forwarding +------------------------------- + +On the system you will use to access the cluster, run + +.. code:: bash + + $ echo -e "Host \n ForwardAgent yes" >> ~/.ssh/config + +To verify whether SSH Forwarding works properly, login to the one of the master +machines and run + +.. code:: bash + + $ echo "$SSH_AUTH_SOCK" + +If you get an empty response, SSH forwarding hasn't been set up correctly. +If you get a non-empty response, SSH forwarding should work fine and you can +try to login to one of the k8s nodes from the master. + + +Optional: Delete the Kubernetes Cluster +--------------------------------------- + +.. code:: bash + + $ az acs delete \ + --name \ + --resource-group + + +Optional: Delete the Resource Group +----------------------------------- + +CAUTION: You might end up deleting resources other than the ACS cluster. + +.. code:: bash + + $ az group delete \ + --name + + Next, you can :doc:`run a BigchainDB node on your new Kubernetes cluster `. diff --git a/k8s/bigchaindb/bigchaindb-dep.yaml b/k8s/bigchaindb/bigchaindb-dep.yaml new file mode 100644 index 00000000..7bf68f06 --- /dev/null +++ b/k8s/bigchaindb/bigchaindb-dep.yaml @@ -0,0 +1,83 @@ +############################################################### +# This config file runs bigchaindb:master as a k8s Deployment # +# and it connects to the mongodb backend on a separate pod # +############################################################### + +apiVersion: v1 +kind: Service +metadata: + name: bdb + namespace: default + labels: + name: bdb +spec: + selector: + app: bdb + ports: + - port: 9984 + targetPort: 9984 + name: bdb-port + type: LoadBalancer +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: bdb +spec: + replicas: 1 + template: + metadata: + labels: + app: bdb + spec: + terminationGracePeriodSeconds: 10 + containers: + - name: bigchaindb + image: bigchaindb/bigchaindb:master + args: + - start + env: + - name: BIGCHAINDB_DATABASE_HOST + value: mdb + - name: BIGCHAINDB_DATABASE_PORT + # TODO(Krish): remove hardcoded port + value: "27017" + - name: BIGCHAINDB_DATABASE_REPLICASET + value: bigchain-rs + - name: BIGCHAINDB_DATABASE_BACKEND + value: mongodb + - name: BIGCHAINDB_DATABASE_NAME + value: bigchain + - name: BIGCHAINDB_SERVER_BIND + value: 0.0.0.0:9984 + - name: BIGCHAINDB_KEYPAIR_PUBLIC + value: EEWUAhsk94ZUHhVw7qx9oZiXYDAWc9cRz93eMrsTG4kZ + - name: BIGCHAINDB_KEYPAIR_PRIVATE + value: 3CjmRhu718gT1Wkba3LfdqX5pfYuBdaMPLd7ENUga5dm + - name: BIGCHAINDB_BACKLOG_REASSIGN_DELAY + value: "120" + - name: BIGCHAINDB_KEYRING + value: "" + imagePullPolicy: IfNotPresent + ports: + - containerPort: 9984 + hostPort: 9984 + name: bdb-port + protocol: TCP + resources: + limits: + cpu: 200m + memory: 768Mi + livenessProbe: + httpGet: + path: / + port: 9984 + initialDelaySeconds: 15 + timeoutSeconds: 10 + readinessProbe: + httpGet: + path: / + port: 9984 + initialDelaySeconds: 15 + timeoutSeconds: 10 + restartPolicy: Always diff --git a/k8s/deprecated.to.del/bdb-mdb-dep.yaml b/k8s/deprecated.to.del/bdb-mdb-dep.yaml new file mode 100644 index 00000000..c985b285 --- /dev/null +++ b/k8s/deprecated.to.del/bdb-mdb-dep.yaml @@ -0,0 +1,89 @@ +############################################################### +# This config file runs bigchaindb:latest and connects to the # +# mongodb backend as a service # +############################################################### + +apiVersion: v1 +kind: Service +metadata: + name: bdb-mdb-service + namespace: default + labels: + name: bdb-mdb-service +spec: + selector: + app: bdb-mdb + ports: + - port: 9984 + targetPort: 9984 + name: bdb-api + type: LoadBalancer +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: bdb-mdb +spec: + replicas: 1 + template: + metadata: + labels: + app: bdb-mdb + spec: + terminationGracePeriodSeconds: 10 + containers: + - name: bdb-mdb + image: bigchaindb/bigchaindb:latest + args: + - start + env: + - name: BIGCHAINDB_DATABASE_HOST + value: mdb-service + - name: BIGCHAINDB_DATABASE_PORT + value: "27017" + - name: BIGCHAINDB_DATABASE_REPLICASET + value: bigchain-rs + - name: BIGCHIANDB_DATABASE_BACKEND + value: mongodb + - name: BIGCHAINDB_DATABASE_NAME + value: bigchain + - name: BIGCHAINDB_SERVER_BIND + value: 0.0.0.0:9984 + - name: BIGCHAINDB_KEYPAIR_PUBLIC + value: EEWUAhsk94ZUHhVw7qx9oZiXYDAWc9cRz93eMrsTG4kZ + - name: BIGCHAINDB_KEYPAIR_PRIVATE + value: 3CjmRhu718gT1Wkba3LfdqX5pfYuBdaMPLd7ENUga5dm + - name: BIGCHAINDB_BACKLOG_REASSIGN_DELAY + value: "120" + - name: BIGCHAINDB_KEYRING + value: "" + imagePullPolicy: IfNotPresent + ports: + - containerPort: 9984 + hostPort: 9984 + name: bdb-port + protocol: TCP + volumeMounts: + - name: bigchaindb-data + mountPath: /data + resources: + limits: + cpu: 200m + memory: 768Mi + livenessProbe: + httpGet: + path: / + port: 9984 + initialDelaySeconds: 15 + timeoutSeconds: 10 + readinessProbe: + httpGet: + path: / + port: 9984 + initialDelaySeconds: 15 + timeoutSeconds: 10 + restartPolicy: Always + volumes: + - name: bigchaindb-data + hostPath: + path: /disk/bigchaindb-data diff --git a/k8s/deprecated.to.del/bdb-rdb-dep.yaml b/k8s/deprecated.to.del/bdb-rdb-dep.yaml new file mode 100644 index 00000000..06daca43 --- /dev/null +++ b/k8s/deprecated.to.del/bdb-rdb-dep.yaml @@ -0,0 +1,87 @@ +############################################################### +# This config file runs bigchaindb:latest and connects to the # +# rethinkdb backend as a service # +############################################################### + +apiVersion: v1 +kind: Service +metadata: + name: bdb-rdb-service + namespace: default + labels: + name: bdb-rdb-service +spec: + selector: + app: bdb-rdb + ports: + - port: 9984 + targetPort: 9984 + name: bdb-rdb-api + type: LoadBalancer +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: bdb-rdb +spec: + replicas: 1 + template: + metadata: + labels: + app: bdb-rdb + spec: + terminationGracePeriodSeconds: 10 + containers: + - name: bdb-rdb + image: bigchaindb/bigchaindb:latest + args: + - start + env: + - name: BIGCHAINDB_DATABASE_HOST + value: rdb-service + - name: BIGCHAINDB_DATABASE_PORT + value: "28015" + - name: BIGCHIANDB_DATABASE_BACKEND + value: rethinkdb + - name: BIGCHAINDB_DATABASE_NAME + value: bigchain + - name: BIGCHAINDB_SERVER_BIND + value: 0.0.0.0:9984 + - name: BIGCHAINDB_KEYPAIR_PUBLIC + value: EEWUAhsk94ZUHhVw7qx9oZiXYDAWc9cRz93eMrsTG4kZ + - name: BIGCHAINDB_KEYPAIR_PRIVATE + value: 3CjmRhu718gT1Wkba3LfdqX5pfYuBdaMPLd7ENUga5dm + - name: BIGCHAINDB_BACKLOG_REASSIGN_DELAY + value: "120" + - name: BIGCHAINDB_KEYRING + value: "" + imagePullPolicy: IfNotPresent + ports: + - containerPort: 9984 + hostPort: 9984 + name: bdb-port + protocol: TCP + volumeMounts: + - name: bigchaindb-data + mountPath: /data + resources: + limits: + cpu: 200m + memory: 768Mi + livenessProbe: + httpGet: + path: / + port: 9984 + initialDelaySeconds: 15 + timeoutSeconds: 10 + readinessProbe: + httpGet: + path: / + port: 9984 + initialDelaySeconds: 15 + timeoutSeconds: 10 + restartPolicy: Always + volumes: + - name: bigchaindb-data + hostPath: + path: /disk/bigchaindb-data diff --git a/k8s/node-mdb-ss.yaml b/k8s/deprecated.to.del/node-mdb-ss.yaml similarity index 97% rename from k8s/node-mdb-ss.yaml rename to k8s/deprecated.to.del/node-mdb-ss.yaml index 304750c2..3c126d2d 100644 --- a/k8s/node-mdb-ss.yaml +++ b/k8s/deprecated.to.del/node-mdb-ss.yaml @@ -42,8 +42,8 @@ spec: spec: terminationGracePeriodSeconds: 10 containers: - - name: bdb-server - image: bigchaindb/bigchaindb:latest + - name: bigchaindb + image: bigchaindb/bigchaindb:master args: - start env: diff --git a/k8s/node-rdb-ss.yaml b/k8s/deprecated.to.del/node-rdb-ss.yaml similarity index 100% rename from k8s/node-rdb-ss.yaml rename to k8s/deprecated.to.del/node-rdb-ss.yaml diff --git a/k8s/deprecated.to.del/node-ss.yaml b/k8s/deprecated.to.del/node-ss.yaml new file mode 100644 index 00000000..9580daf6 --- /dev/null +++ b/k8s/deprecated.to.del/node-ss.yaml @@ -0,0 +1,89 @@ +##################################################### +# This config file uses bdb v0.9.1 with bundled rdb # +##################################################### + +apiVersion: v1 +kind: Service +metadata: + name: bdb-service + namespace: default + labels: + name: bdb-service +spec: + selector: + app: bdb + ports: + - port: 9984 + targetPort: 9984 + name: bdb-http-api + - port: 8080 + targetPort: 8080 + name: bdb-rethinkdb-api + type: LoadBalancer +--- +apiVersion: apps/v1beta1 +kind: StatefulSet +metadata: + name: bdb + namespace: default +spec: + serviceName: bdb + replicas: 1 + template: + metadata: + name: bdb + labels: + app: bdb + annotations: + pod.beta.kubernetes.io/init-containers: '[ + { + "name": "bdb091-configure", + "image": "bigchaindb/bigchaindb:0.9.1", + "command": ["bigchaindb", "-y", "configure", "rethinkdb"], + "volumeMounts": [ + { + "name": "bigchaindb-data", + "mountPath": "/data" + } + ] + } + ]' + spec: + terminationGracePeriodSeconds: 10 + containers: + - name: bdb091-server + image: bigchaindb/bigchaindb:0.9.1 + args: + - -c + - /data/.bigchaindb + - start + imagePullPolicy: IfNotPresent + ports: + - containerPort: 9984 + hostPort: 9984 + name: bdb-port + protocol: TCP + volumeMounts: + - name: bigchaindb-data + mountPath: /data + resources: + limits: + cpu: 200m + memory: 768Mi + livenessProbe: + httpGet: + path: / + port: 9984 + initialDelaySeconds: 15 + timeoutSeconds: 10 + readinessProbe: + httpGet: + path: / + port: 9984 + initialDelaySeconds: 15 + timeoutSeconds: 10 + restartPolicy: Always + volumes: + - name: bigchaindb-data + hostPath: + path: /disk/bigchaindb-data diff --git a/k8s/deprecated.to.del/rethinkdb-ss.yaml b/k8s/deprecated.to.del/rethinkdb-ss.yaml new file mode 100644 index 00000000..081a5f6c --- /dev/null +++ b/k8s/deprecated.to.del/rethinkdb-ss.yaml @@ -0,0 +1,75 @@ +#################################################### +# This config file runs rethinkdb:2.3 as a service # +#################################################### + +apiVersion: v1 +kind: Service +metadata: + name: rdb-service + namespace: default + labels: + name: rdb-service +spec: + selector: + app: rdb + ports: + - port: 8080 + targetPort: 8080 + name: rethinkdb-http-port + - port: 28015 + targetPort: 28015 + name: rethinkdb-driver-port + type: LoadBalancer +--- +apiVersion: apps/v1beta1 +kind: StatefulSet +metadata: + name: rdb + namespace: default +spec: + serviceName: rdb + replicas: 1 + template: + metadata: + name: rdb + labels: + app: rdb + spec: + terminationGracePeriodSeconds: 10 + containers: + - name: rethinkdb + image: rethinkdb:2.3 + imagePullPolicy: IfNotPresent + ports: + - containerPort: 8080 + hostPort: 8080 + name: rdb-http-port + protocol: TCP + - containerPort: 28015 + hostPort: 28015 + name: rdb-client-port + protocol: TCP + volumeMounts: + - name: rdb-data + mountPath: /data + resources: + limits: + cpu: 200m + memory: 768Mi + livenessProbe: + httpGet: + path: / + port: 8080 + initialDelaySeconds: 15 + timeoutSeconds: 10 + readinessProbe: + httpGet: + path: / + port: 8080 + initialDelaySeconds: 15 + timeoutSeconds: 10 + restartPolicy: Always + volumes: + - name: rdb-data + hostPath: + path: /disk/rdb-data diff --git a/k8s/mongodb/mongo-data-configdb-pvc.yaml b/k8s/mongodb/mongo-data-configdb-pvc.yaml new file mode 100644 index 00000000..7d3dc8a3 --- /dev/null +++ b/k8s/mongodb/mongo-data-configdb-pvc.yaml @@ -0,0 +1,18 @@ +########################################################## +# This YAML file desribes a k8s pvc for mongodb configDB # +########################################################## + +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: mongo-configdb-claim + annotations: + volume.beta.kubernetes.io/storage-class: slow-configdb +spec: + accessModes: + - ReadWriteOnce + # FIXME(Uncomment when ACS supports this!) + # persistentVolumeReclaimPolicy: Retain + resources: + requests: + storage: 20Gi diff --git a/k8s/mongodb/mongo-data-configdb-sc.yaml b/k8s/mongodb/mongo-data-configdb-sc.yaml new file mode 100644 index 00000000..b431db67 --- /dev/null +++ b/k8s/mongodb/mongo-data-configdb-sc.yaml @@ -0,0 +1,12 @@ +################################################################### +# This YAML file desribes a StorageClass for the mongodb configDB # +################################################################### + +kind: StorageClass +apiVersion: storage.k8s.io/v1beta1 +metadata: + name: slow-configdb +provisioner: kubernetes.io/azure-disk +parameters: + skuName: Standard_LRS + location: westeurope diff --git a/k8s/mongodb/mongo-data-db-pvc.yaml b/k8s/mongodb/mongo-data-db-pvc.yaml new file mode 100644 index 00000000..e9689346 --- /dev/null +++ b/k8s/mongodb/mongo-data-db-pvc.yaml @@ -0,0 +1,18 @@ +######################################################## +# This YAML file desribes a k8s pvc for mongodb dbPath # +######################################################## + +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: mongo-db-claim + annotations: + volume.beta.kubernetes.io/storage-class: slow-db +spec: + accessModes: + - ReadWriteOnce + # FIXME(Uncomment when ACS supports this!) + # persistentVolumeReclaimPolicy: Retain + resources: + requests: + storage: 20Gi diff --git a/k8s/mongodb/mongo-data-db-sc.yaml b/k8s/mongodb/mongo-data-db-sc.yaml new file mode 100644 index 00000000..f700223d --- /dev/null +++ b/k8s/mongodb/mongo-data-db-sc.yaml @@ -0,0 +1,12 @@ +################################################################# +# This YAML file desribes a StorageClass for the mongodb dbPath # +################################################################# + +kind: StorageClass +apiVersion: storage.k8s.io/v1beta1 +metadata: + name: slow-db +provisioner: kubernetes.io/azure-disk +parameters: + skuName: Standard_LRS + location: westeurope diff --git a/k8s/mongodb/mongo-ss.yaml b/k8s/mongodb/mongo-ss.yaml new file mode 100644 index 00000000..63c7d27d --- /dev/null +++ b/k8s/mongodb/mongo-ss.yaml @@ -0,0 +1,76 @@ +######################################################################## +# This YAML file desribes a StatefulSet with a service for running and # +# exposing a MongoDB service. # +# It depends on the configdb and db k8s pvc. # +######################################################################## + +apiVersion: v1 +kind: Service +metadata: + name: mdb + namespace: default + labels: + name: mdb +spec: + selector: + app: mdb + ports: + - port: 27017 + targetPort: 27017 + name: mdb-port + type: LoadBalancer +--- +apiVersion: apps/v1beta1 +kind: StatefulSet +metadata: + name: mdb + namespace: default +spec: + serviceName: mdb + replicas: 1 + template: + metadata: + name: mdb + labels: + app: mdb + spec: + terminationGracePeriodSeconds: 10 + containers: + - name: mongodb + image: mongo:3.4.1 + args: + - --replSet=bigchain-rs + securityContext: + capabilities: + add: + - FOWNER + imagePullPolicy: IfNotPresent + ports: + - containerPort: 27017 + hostPort: 27017 + name: mdb-port + protocol: TCP + volumeMounts: + - name: mdb-db + mountPath: /data/db + - name: mdb-configdb + mountPath: /data/configdb + resources: + limits: + cpu: 200m + memory: 768Mi + livenessProbe: + tcpSocket: + port: mdb-port + successThreshold: 1 + failureThreshold: 3 + periodSeconds: 15 + timeoutSeconds: 1 + restartPolicy: Always + volumes: + - name: mdb-db + persistentVolumeClaim: + claimName: mongo-db-claim + - name: mdb-configdb + persistentVolumeClaim: + claimName: mongo-configdb-claim diff --git a/k8s/toolbox/Dockerfile b/k8s/toolbox/Dockerfile new file mode 100644 index 00000000..6bcb1298 --- /dev/null +++ b/k8s/toolbox/Dockerfile @@ -0,0 +1,12 @@ +# Toolbox container for debugging +# Run as: +# docker run -it --rm --entrypoint sh krish7919/toolbox +# kubectl run -it toolbox --image krish7919/toolbox --restart=Never --rm + +FROM alpine:3.5 +MAINTAINER github.com/krish7919 +WORKDIR / + +RUN apk add --no-cache curl bind-tools + +ENTRYPOINT ["/bin/sh"] diff --git a/k8s/toolbox/README.md b/k8s/toolbox/README.md new file mode 100644 index 00000000..b9000ab1 --- /dev/null +++ b/k8s/toolbox/README.md @@ -0,0 +1,12 @@ +## Docker container with debugging tools + +* curl +* bind-utils - provides nslookup, dig + +## Build + +`docker build -t bigchaindb/toolbox .` + +## Push + +`docker push bigchaindb/toolbox` From 646859f1d68805979edecbff523f322b5a3d9f4d Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Fri, 10 Mar 2017 11:47:58 +0100 Subject: [PATCH 092/283] revised docs re/ SSHing to nodes in a k8s cluster --- .../template-kubernetes-azure.rst | 53 ++++++++++++------- 1 file changed, 34 insertions(+), 19 deletions(-) diff --git a/docs/server/source/cloud-deployment-templates/template-kubernetes-azure.rst b/docs/server/source/cloud-deployment-templates/template-kubernetes-azure.rst index d5c9a20d..93cf1e08 100644 --- a/docs/server/source/cloud-deployment-templates/template-kubernetes-azure.rst +++ b/docs/server/source/cloud-deployment-templates/template-kubernetes-azure.rst @@ -127,38 +127,53 @@ You can SSH to one of the just-deployed Kubernetes "master" nodes $ ssh -i ~/.ssh/.pub ubuntu@ where you can get the IP address or hostname -of a master node from the Azure Portal. +of a master node from the Azure Portal. For example: -The "agent" nodes don't get public IP addresses or hostnames, +.. code:: bash + + $ ssh -i ~/.ssh/mykey123.pub ubuntu@mydnsprefix.westeurope.cloudapp.azure.com + +.. note:: + + All the master nodes should have the *same* IP address and hostname + (also called the Master FQDN). + +The "agent" nodes shouldn't get public IP addresses or hostnames, so you can't SSH to them *directly*, but you can first SSH to the master -and then SSH to an agent from there -(using the *private* IP address or hostname of the agent node). -To do that, you either need to copy your SSH key pair to -the master (a bad idea), -or use something like -`SSH agent forwarding `_ (better). - - -Optional: Set up SSH Forwarding -------------------------------- - -On the system you will use to access the cluster, run +and then SSH to an agent from there. +To do that, you could +copy your SSH key pair to the master (a bad idea), +or use SSH agent forwarding (better). +To do the latter, do the following on the machine you used +to SSH to the master: .. code:: bash $ echo -e "Host \n ForwardAgent yes" >> ~/.ssh/config -To verify whether SSH Forwarding works properly, login to the one of the master -machines and run +To verify that SSH agent forwarding works properly, +SSH to the one of the master nodes and do: .. code:: bash $ echo "$SSH_AUTH_SOCK" -If you get an empty response, SSH forwarding hasn't been set up correctly. -If you get a non-empty response, SSH forwarding should work fine and you can -try to login to one of the k8s nodes from the master. +If you get an empty response, +then SSH agent forwarding hasn't been set up correctly. +If you get a non-empty response, +then SSH agent forwarding should work fine +and you can SSH to one of the agent nodes (from a master) +using something like: + +.. code:: bash + + $ ssh ssh ubuntu@k8s-agent-4AC80E97-0 + +where ``k8s-agent-4AC80E97-0`` is the name +of a Kubernetes agent node in your Kubernetes cluster. +You will have to replace it by the name +of an agent node in your cluster. Optional: Delete the Kubernetes Cluster From 72ba9761d43f34b4286fe7895e744e716fe537d2 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Fri, 10 Mar 2017 14:42:27 +0100 Subject: [PATCH 093/283] Use parametrized host & port in test to support docker-based tests or different test envs --- tests/backend/mongodb/test_connection.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/backend/mongodb/test_connection.py b/tests/backend/mongodb/test_connection.py index 786b7d7b..6350a7c5 100644 --- a/tests/backend/mongodb/test_connection.py +++ b/tests/backend/mongodb/test_connection.py @@ -32,15 +32,15 @@ def mongodb_connection(): port=bigchaindb.config['database']['port']) -def test_get_connection_returns_the_correct_instance(): +def test_get_connection_returns_the_correct_instance(db_host, db_port): from bigchaindb.backend import connect from bigchaindb.backend.connection import Connection from bigchaindb.backend.mongodb.connection import MongoDBConnection config = { 'backend': 'mongodb', - 'host': 'localhost', - 'port': 27017, + 'host': db_host, + 'port': db_port, 'name': 'test', 'replicaset': 'bigchain-rs' } From 962a88b1d9f5ef2f6a0c7b207793f31ef2f514e8 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Sat, 11 Mar 2017 13:59:23 +0100 Subject: [PATCH 094/283] removed 'bigchaindb load' command & tests --- bigchaindb/commands/bigchain.py | 56 --------------------------------- tests/commands/test_commands.py | 22 ------------- 2 files changed, 78 deletions(-) diff --git a/bigchaindb/commands/bigchain.py b/bigchaindb/commands/bigchain.py index efefa9d7..767f6ccc 100644 --- a/bigchaindb/commands/bigchain.py +++ b/bigchaindb/commands/bigchain.py @@ -9,15 +9,11 @@ import copy import json import sys -import logstats - from bigchaindb.common import crypto from bigchaindb.common.exceptions import (StartupError, DatabaseAlreadyExists, KeypairNotFoundException) import bigchaindb -from bigchaindb.models import Transaction -from bigchaindb.utils import ProcessGroup from bigchaindb import backend, processes from bigchaindb.backend import schema from bigchaindb.backend.admin import (set_replicas, set_shards, add_replicas, @@ -206,39 +202,6 @@ def run_start(args): processes.start() -def _run_load(tx_left, stats): - logstats.thread.start(stats) - b = bigchaindb.Bigchain() - - while True: - tx = Transaction.create([b.me], [([b.me], 1)]) - tx = tx.sign([b.me_private]) - b.write_transaction(tx) - - stats['transactions'] += 1 - - if tx_left is not None: - tx_left -= 1 - if tx_left == 0: - break - - -@configure_bigchaindb -def run_load(args): - logger.info('Starting %s processes', args.multiprocess) - stats = logstats.Logstats() - logstats.thread.start(stats) - - tx_left = None - if args.count > 0: - tx_left = int(args.count / args.multiprocess) - - workers = ProcessGroup(concurrency=args.multiprocess, - target=_run_load, - args=(tx_left, stats.get_child())) - workers.start() - - @configure_bigchaindb def run_set_shards(args): conn = backend.connect() @@ -373,25 +336,6 @@ def create_parser(): help='A list of space separated hosts to ' 'remove from the replicaset. Each host ' 'should be in the form `host:port`.') - - load_parser = subparsers.add_parser('load', - help='Write transactions to the backlog') - - load_parser.add_argument('-m', '--multiprocess', - nargs='?', - type=int, - default=False, - help='Spawn multiple processes to run the command, ' - 'if no value is provided, the number of processes ' - 'is equal to the number of cores of the host machine') - - load_parser.add_argument('-c', '--count', - default=0, - type=int, - help='Number of transactions to push. If the parameter -m ' - 'is set, the count is distributed equally to all the ' - 'processes') - return parser diff --git a/tests/commands/test_commands.py b/tests/commands/test_commands.py index e10b3157..198c39d1 100644 --- a/tests/commands/test_commands.py +++ b/tests/commands/test_commands.py @@ -21,7 +21,6 @@ def test_make_sure_we_dont_remove_any_command(): assert parser.parse_args(['start']).command assert parser.parse_args(['set-shards', '1']).command assert parser.parse_args(['set-replicas', '1']).command - assert parser.parse_args(['load']).command assert parser.parse_args(['add-replicas', 'localhost:27017']).command assert parser.parse_args(['remove-replicas', 'localhost:27017']).command @@ -382,27 +381,6 @@ def test_calling_main(start_mock, base_parser_mock, parse_args_mock, help='Number of replicas (i.e. ' 'the replication factor)') - subparsers.add_parser.assert_any_call('load', - help='Write transactions to the ' - 'backlog') - - subsubparsers.add_argument.assert_any_call('-m', '--multiprocess', - nargs='?', type=int, - default=False, - help='Spawn multiple processes ' - 'to run the command, if no ' - 'value is provided, the number ' - 'of processes is equal to the ' - 'number of cores of the host ' - 'machine') - subsubparsers.add_argument.assert_any_call('-c', '--count', - default=0, - type=int, - help='Number of transactions ' - 'to push. If the parameter -m ' - 'is set, the count is ' - 'distributed equally to all ' - 'the processes') assert start_mock.called is True From 042133faf8caeeb4847bf5c5b9fa649a0a277f1d Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Sat, 11 Mar 2017 14:00:01 +0100 Subject: [PATCH 095/283] removed docs about 'bigchaindb load' command --- docs/server/source/server-reference/bigchaindb-cli.md | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/docs/server/source/server-reference/bigchaindb-cli.md b/docs/server/source/server-reference/bigchaindb-cli.md index 5fdf8fdf..9612fd30 100644 --- a/docs/server/source/server-reference/bigchaindb-cli.md +++ b/docs/server/source/server-reference/bigchaindb-cli.md @@ -69,16 +69,6 @@ e.g. `bigchaindb --dev-start-rethinkdb start`. Note that this will also shutdown The option `--dev-allow-temp-keypair` will generate a keypair on the fly if no keypair is found, this is useful when you want to run a temporary instance of BigchainDB in a Docker container, for example. -## bigchaindb load - -Write transactions to the backlog (for benchmarking tests). You can learn more about it using: -```text -$ bigchaindb load -h -``` - -Note: This command uses the Python Server API to write transactions to the database. It _doesn't_ use the HTTP API or a driver that wraps the HTTP API. - - ## bigchaindb set-shards This command is specific to RethinkDB so it will only run if BigchainDB is From dc58466de3bd071fbf4190c7ebf577da652f8d4c Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Mon, 13 Mar 2017 13:35:03 +0100 Subject: [PATCH 096/283] Merge branch 'master' into voting-class-integration --- bigchaindb/backend/exceptions.py | 4 - bigchaindb/common/exceptions.py | 121 +++++++++++++++---------- bigchaindb/core.py | 40 ++------ bigchaindb/exceptions.py | 8 ++ bigchaindb/models.py | 76 +++++----------- bigchaindb/pipelines/block.py | 14 +-- bigchaindb/pipelines/vote.py | 10 +- bigchaindb/web/views/transactions.py | 27 +----- tests/assets/test_digital_assets.py | 5 +- tests/db/test_bigchain_api.py | 79 ++++++++++++---- tests/pipelines/test_block_creation.py | 27 ++---- tests/pipelines/test_stale_monitor.py | 8 +- tests/pipelines/test_vote.py | 16 +++- tests/test_core.py | 10 -- tests/test_models.py | 8 +- tests/web/test_transactions.py | 12 +-- 16 files changed, 226 insertions(+), 239 deletions(-) diff --git a/bigchaindb/backend/exceptions.py b/bigchaindb/backend/exceptions.py index 3b712b08..017e19e4 100644 --- a/bigchaindb/backend/exceptions.py +++ b/bigchaindb/backend/exceptions.py @@ -15,7 +15,3 @@ class OperationError(BackendError): class DuplicateKeyError(OperationError): """Exception raised when an insert fails because the key is not unique""" - - -class BigchainDBCritical(Exception): - """Unhandleable error that requires attention""" diff --git a/bigchaindb/common/exceptions.py b/bigchaindb/common/exceptions.py index 18a926b1..258001b8 100644 --- a/bigchaindb/common/exceptions.py +++ b/bigchaindb/common/exceptions.py @@ -7,44 +7,6 @@ class ConfigurationError(BigchainDBError): """Raised when there is a problem with server configuration""" -class OperationError(BigchainDBError): - """Raised when an operation cannot go through""" - - -class TransactionDoesNotExist(BigchainDBError): - """Raised if the transaction is not in the database""" - - -class TransactionOwnerError(BigchainDBError): - """Raised if a user tries to transfer a transaction they don't own""" - - -class DoubleSpend(BigchainDBError): - """Raised if a double spend is found""" - - -class ValidationError(BigchainDBError): - """Raised if there was an error in validation""" - - -class InvalidHash(ValidationError): - """Raised if there was an error checking the hash for a particular - operation""" - - -class SchemaValidationError(ValidationError): - """Raised if there was any error validating an object's schema""" - - -class InvalidSignature(BigchainDBError): - """Raised if there was an error checking the signature for a particular - operation""" - - -class DuplicateTransaction(ValidationError): - """Raised if a duplicated transaction is found""" - - class DatabaseAlreadyExists(BigchainDBError): """Raised when trying to create the database but the db is already there""" @@ -53,15 +15,6 @@ class DatabaseDoesNotExist(BigchainDBError): """Raised when trying to delete the database but the db is not there""" -class KeypairNotFoundException(BigchainDBError): - """Raised if operation cannot proceed because the keypair was not given""" - - -class KeypairMismatchException(BigchainDBError): - """Raised if the private key(s) provided for signing don't match any of the - current owner(s)""" - - class StartupError(BigchainDBError): """Raised when there is an error starting up the system""" @@ -74,14 +27,82 @@ class CyclicBlockchainError(BigchainDBError): """Raised when there is a cycle in the blockchain""" -class TransactionNotInValidBlock(BigchainDBError): +class KeypairNotFoundException(BigchainDBError): + """Raised if operation cannot proceed because the keypair was not given""" + + +class KeypairMismatchException(BigchainDBError): + """Raised if the private key(s) provided for signing don't match any of the + current owner(s)""" + + +class OperationError(BigchainDBError): + """Raised when an operation cannot go through""" + + +################################################################################ +# Validation errors +# +# All validation errors (which are handleable errors, not faults) should +# subclass ValidationError. However, where possible they should also have their +# own distinct type to differentiate them from other validation errors, +# especially for the purposes of testing. + + +class ValidationError(BigchainDBError): + """Raised if there was an error in validation""" + + +class DoubleSpend(ValidationError): + """Raised if a double spend is found""" + + +class InvalidHash(ValidationError): + """Raised if there was an error checking the hash for a particular + operation""" + + +class SchemaValidationError(ValidationError): + """Raised if there was any error validating an object's schema""" + + +class InvalidSignature(ValidationError): + """Raised if there was an error checking the signature for a particular + operation""" + + +class ImproperVoteError(ValidationError): + """Raised if a vote is not constructed correctly, or signed incorrectly""" + + +class MultipleVotesError(ValidationError): + """Raised if a voter has voted more than once""" + + +class TransactionNotInValidBlock(ValidationError): """Raised when a transfer transaction is attempting to fulfill the outputs of a transaction that is in an invalid or undecided block""" -class AssetIdMismatch(BigchainDBError): +class AssetIdMismatch(ValidationError): """Raised when multiple transaction inputs related to different assets""" -class AmountError(BigchainDBError): +class AmountError(ValidationError): """Raised when there is a problem with a transaction's output amounts""" + + +class InputDoesNotExist(ValidationError): + """Raised if a transaction input does not exist""" + + +class TransactionOwnerError(ValidationError): + """Raised if a user tries to transfer a transaction they don't own""" + + +class SybilError(ValidationError): + """If a block or vote comes from an unidentifiable node""" + + +class DuplicateTransaction(ValidationError): + """Raised if a duplicated transaction is found""" diff --git a/bigchaindb/core.py b/bigchaindb/core.py index 9ac024c1..a9143f33 100644 --- a/bigchaindb/core.py +++ b/bigchaindb/core.py @@ -1,6 +1,7 @@ import random from time import time +from bigchaindb import exceptions as core_exceptions from bigchaindb.common import crypto, exceptions from bigchaindb.common.utils import gen_timestamp, serialize from bigchaindb.common.transaction import TransactionLink @@ -8,7 +9,6 @@ from bigchaindb.common.transaction import TransactionLink import bigchaindb from bigchaindb import backend, config_utils, utils -from bigchaindb.backend import exceptions as backend_exceptions from bigchaindb.consensus import BaseConsensusRules from bigchaindb.models import Block, Transaction @@ -110,7 +110,9 @@ class Bigchain(object): dict: database response or None if no reassignment is possible """ - other_nodes = self.federation.difference([transaction['assignee']]) + other_nodes = tuple( + self.federation.difference([transaction['assignee']]) + ) new_assignee = random.choice(other_nodes) if other_nodes else self.me return backend.query.update_transaction( @@ -151,31 +153,6 @@ class Bigchain(object): return self.consensus.validate_transaction(self, transaction) - def is_valid_transaction(self, transaction): - """Check whether a transaction is valid or invalid. - - Similar to :meth:`~bigchaindb.Bigchain.validate_transaction` - but never raises an exception. It returns :obj:`False` if - the transaction is invalid. - - Args: - transaction (:Class:`~bigchaindb.models.Transaction`): transaction - to check. - - Returns: - The :class:`~bigchaindb.models.Transaction` instance if valid, - otherwise :obj:`False`. - """ - - try: - return self.validate_transaction(transaction) - except (ValueError, exceptions.OperationError, - exceptions.TransactionDoesNotExist, - exceptions.TransactionOwnerError, exceptions.DoubleSpend, - exceptions.InvalidHash, exceptions.InvalidSignature, - exceptions.TransactionNotInValidBlock, exceptions.AmountError): - return False - def is_new_transaction(self, txid, exclude_block_id=None): """ Return True if the transaction does not exist in any @@ -317,7 +294,7 @@ class Bigchain(object): if list(validity.values()).count(Bigchain.BLOCK_VALID) > 1: block_ids = str([block for block in validity if validity[block] == Bigchain.BLOCK_VALID]) - raise backend_exceptions.BigchainDBCritical( + raise core_exceptions.CriticalDoubleInclusion( 'Transaction {tx} is present in ' 'multiple valid blocks: {block_ids}' .format(tx=txid, block_ids=block_ids)) @@ -370,10 +347,9 @@ class Bigchain(object): if self.get_transaction(transaction['id']): num_valid_transactions += 1 if num_valid_transactions > 1: - raise exceptions.DoubleSpend(('`{}` was spent more than' - ' once. There is a problem' - ' with the chain') - .format(txid)) + raise core_exceptions.CriticalDoubleSpend( + '`{}` was spent more than once. There is a problem' + ' with the chain'.format(txid)) if num_valid_transactions: return Transaction.from_dict(transactions[0]) diff --git a/bigchaindb/exceptions.py b/bigchaindb/exceptions.py index d8a4cd73..336ce231 100644 --- a/bigchaindb/exceptions.py +++ b/bigchaindb/exceptions.py @@ -1,2 +1,10 @@ class BigchainDBError(Exception): """Base class for BigchainDB exceptions.""" + + +class CriticalDoubleSpend(BigchainDBError): + """Data integrity error that requires attention""" + + +class CriticalDoubleInclusion(BigchainDBError): + """Data integrity error that requires attention""" diff --git a/bigchaindb/models.py b/bigchaindb/models.py index f3a20ebf..bf6bafd5 100644 --- a/bigchaindb/models.py +++ b/bigchaindb/models.py @@ -1,9 +1,9 @@ from bigchaindb.common.crypto import hash_data, PublicKey, PrivateKey from bigchaindb.common.exceptions import (InvalidHash, InvalidSignature, - OperationError, DoubleSpend, - TransactionDoesNotExist, + DoubleSpend, InputDoesNotExist, TransactionNotInValidBlock, AssetIdMismatch, AmountError, + SybilError, ValidationError, DuplicateTransaction) from bigchaindb.common.transaction import Transaction from bigchaindb.common.utils import gen_timestamp, serialize @@ -23,19 +23,10 @@ class Transaction(Transaction): invalid. Raises: - OperationError: if the transaction operation is not supported - TransactionDoesNotExist: if the input of the transaction is not - found - TransactionNotInValidBlock: if the input of the transaction is not - in a valid block - TransactionOwnerError: if the new transaction is using an input it - doesn't own - DoubleSpend: if the transaction is a double spend - InvalidHash: if the hash of the transaction is wrong - InvalidSignature: if the signature of the transaction is wrong + ValidationError: If the transaction is invalid """ if len(self.inputs) == 0: - raise ValueError('Transaction contains no inputs') + raise ValidationError('Transaction contains no inputs') input_conditions = [] inputs_defined = all([input_.fulfills for input_ in self.inputs]) @@ -47,20 +38,20 @@ class Transaction(Transaction): if self.operation in (Transaction.CREATE, Transaction.GENESIS): # validate asset if self.asset['data'] is not None and not isinstance(self.asset['data'], dict): - raise TypeError(('`asset.data` must be a dict instance or ' - 'None for `CREATE` transactions')) + raise ValidationError(('`asset.data` must be a dict instance or ' + 'None for `CREATE` transactions')) # validate inputs if inputs_defined: - raise ValueError('A CREATE operation has no inputs') + raise ValidationError('A CREATE operation has no inputs') elif self.operation == Transaction.TRANSFER: # validate asset if not isinstance(self.asset['id'], str): - raise ValueError(('`asset.id` must be a string for ' - '`TRANSFER` transations')) + raise ValidationError('`asset.id` must be a string for ' + '`TRANSFER` transations') # check inputs if not inputs_defined: - raise ValueError('Only `CREATE` transactions can have null ' - 'inputs') + raise ValidationError('Only `CREATE` transactions can have ' + 'null inputs') # store the inputs so that we can check if the asset ids match input_txs = [] @@ -70,8 +61,8 @@ class Transaction(Transaction): get_transaction(input_txid, include_status=True) if input_tx is None: - raise TransactionDoesNotExist("input `{}` doesn't exist" - .format(input_txid)) + raise InputDoesNotExist("input `{}` doesn't exist" + .format(input_txid)) if status != bigchain.TX_VALID: raise TransactionNotInValidBlock( @@ -117,8 +108,8 @@ class Transaction(Transaction): else: allowed_operations = ', '.join(Transaction.ALLOWED_OPERATIONS) - raise TypeError('`operation`: `{}` must be either {}.' - .format(self.operation, allowed_operations)) + raise ValidationError('`operation`: `{}` must be either {}.' + .format(self.operation, allowed_operations)) if not self.inputs_valid(input_conditions): raise InvalidSignature('Transaction signature is invalid.') @@ -206,18 +197,8 @@ class Block(object): raised. Raises: - OperationError: If a non-federation node signed the Block. - InvalidSignature: If a Block's signature is invalid or if the - block contains a transaction with an invalid signature. - OperationError: if the transaction operation is not supported - TransactionDoesNotExist: if the input of the transaction is not - found - TransactionNotInValidBlock: if the input of the transaction is not - in a valid block - TransactionOwnerError: if the new transaction is using an input it - doesn't own - DoubleSpend: if the transaction is a double spend - InvalidHash: if the hash of the transaction is wrong + ValidationError: If the block or any transaction in the block does + not validate """ self._validate_block(bigchain) @@ -233,15 +214,14 @@ class Block(object): object. Raises: - OperationError: If a non-federation node signed the Block. - InvalidSignature: If a Block's signature is invalid. + ValidationError: If there is a problem with the block """ # Check if the block was created by a federation node if self.node_pubkey not in bigchain.federation: - raise OperationError('Only federation nodes can create blocks') + raise SybilError('Only federation nodes can create blocks') if set(self.voters) != bigchain.federation: - raise OperationError('Block voters differs from server keyring') + raise SybilError('Block voters differs from server keyring') # Check that the signature is valid if not self.is_signature_valid(): @@ -254,17 +234,7 @@ class Block(object): bigchain (Bigchain): an instantiated bigchaindb.Bigchain object. Raises: - OperationError: if the transaction operation is not supported - TransactionDoesNotExist: if the input of the transaction is not - found - TransactionNotInValidBlock: if the input of the transaction is not - in a valid block - TransactionOwnerError: if the new transaction is using an input it - doesn't own - DoubleSpend: if the transaction is a double spend - InvalidHash: if the hash of the transaction is wrong - InvalidSignature: if the signature of the transaction is wrong - DuplicateTransaction: If the block contains a duplicated TX + ValidationError: If an invalid transaction is found """ txids = [tx.id for tx in self.transactions] if len(txids) != len(set(txids)): @@ -349,10 +319,10 @@ class Block(object): dict: The Block as a dict. Raises: - OperationError: If the Block doesn't contain any transactions. + ValueError: If the Block doesn't contain any transactions. """ if len(self.transactions) == 0: - raise OperationError('Empty block creation is not allowed') + raise ValueError('Empty block creation is not allowed') block = { 'timestamp': self.timestamp, diff --git a/bigchaindb/pipelines/block.py b/bigchaindb/pipelines/block.py index c7d7ebc1..0fe327bb 100644 --- a/bigchaindb/pipelines/block.py +++ b/bigchaindb/pipelines/block.py @@ -13,8 +13,7 @@ import bigchaindb from bigchaindb import backend from bigchaindb.backend.changefeed import ChangeFeed from bigchaindb.models import Transaction -from bigchaindb.common.exceptions import (SchemaValidationError, InvalidHash, - InvalidSignature, AmountError) +from bigchaindb.common.exceptions import ValidationError from bigchaindb import Bigchain @@ -63,8 +62,7 @@ class BlockPipeline: """ try: tx = Transaction.from_dict(tx) - except (SchemaValidationError, InvalidHash, InvalidSignature, - AmountError): + except ValidationError: return None # If transaction is in any VALID or UNDECIDED block we @@ -74,12 +72,14 @@ class BlockPipeline: return None # If transaction is not valid it should not be included - if not self.bigchain.is_valid_transaction(tx): + try: + tx.validate(self.bigchain) + return tx + except ValidationError as e: + logger.warning('Invalid tx: %s', e) self.bigchain.delete_transaction(tx.id) return None - return tx - def create(self, tx, timeout=False): """Create a block. diff --git a/bigchaindb/pipelines/vote.py b/bigchaindb/pipelines/vote.py index 4dd8b77c..9664c520 100644 --- a/bigchaindb/pipelines/vote.py +++ b/bigchaindb/pipelines/vote.py @@ -60,7 +60,7 @@ class Vote: return block['id'], [self.invalid_dummy_tx] try: block._validate_block(self.bigchain) - except (exceptions.OperationError, exceptions.InvalidSignature): + except exceptions.ValidationError: # XXX: if a block is invalid we should skip the `validate_tx` # step, but since we are in a pipeline we cannot just jump to # another function. Hackish solution: generate an invalid @@ -104,7 +104,13 @@ class Vote: if not new: return False, block_id, num_tx - valid = bool(self.bigchain.is_valid_transaction(tx)) + try: + tx.validate(self.bigchain) + valid = True + except exceptions.ValidationError as e: + logger.warning('Invalid tx: %s', e) + valid = False + return valid, block_id, num_tx def vote(self, tx_validity, block_id, num_tx): diff --git a/bigchaindb/web/views/transactions.py b/bigchaindb/web/views/transactions.py index 7acaa279..925aed7a 100644 --- a/bigchaindb/web/views/transactions.py +++ b/bigchaindb/web/views/transactions.py @@ -9,20 +9,7 @@ import logging from flask import current_app, request from flask_restful import Resource, reqparse - -from bigchaindb.common.exceptions import ( - AmountError, - DoubleSpend, - InvalidHash, - InvalidSignature, - SchemaValidationError, - OperationError, - TransactionDoesNotExist, - TransactionOwnerError, - TransactionNotInValidBlock, - ValidationError, -) - +from bigchaindb.common.exceptions import SchemaValidationError, ValidationError from bigchaindb.models import Transaction from bigchaindb.web.views.base import make_error from bigchaindb.web.views import parameters @@ -84,7 +71,7 @@ class TransactionListApi(Resource): message='Invalid transaction schema: {}'.format( e.__cause__.message) ) - except (ValidationError, InvalidSignature) as e: + except ValidationError as e: return make_error( 400, 'Invalid transaction ({}): {}'.format(type(e).__name__, e) @@ -93,15 +80,7 @@ class TransactionListApi(Resource): with pool() as bigchain: try: bigchain.validate_transaction(tx_obj) - except (ValueError, - OperationError, - TransactionDoesNotExist, - TransactionOwnerError, - DoubleSpend, - InvalidHash, - InvalidSignature, - TransactionNotInValidBlock, - AmountError) as e: + except ValidationError as e: return make_error( 400, 'Invalid transaction ({}): {}'.format(type(e).__name__, e) diff --git a/tests/assets/test_digital_assets.py b/tests/assets/test_digital_assets.py index 1dc4764f..d44bc52c 100644 --- a/tests/assets/test_digital_assets.py +++ b/tests/assets/test_digital_assets.py @@ -1,3 +1,4 @@ +from bigchaindb.common.exceptions import ValidationError import pytest import random @@ -26,7 +27,7 @@ def test_validate_bad_asset_creation(b, user_pk): tx.asset['data'] = 'a' tx_signed = tx.sign([b.me_private]) - with pytest.raises(TypeError): + with pytest.raises(ValidationError): b.validate_transaction(tx_signed) @@ -108,4 +109,4 @@ def test_create_valid_divisible_asset(b, user_pk, user_sk): tx = Transaction.create([user_pk], [([user_pk], 2)]) tx_signed = tx.sign([user_sk]) - assert b.is_valid_transaction(tx_signed) + tx_signed.validate(b) diff --git a/tests/db/test_bigchain_api.py b/tests/db/test_bigchain_api.py index 7a4b1f94..c5c9f1ae 100644 --- a/tests/db/test_bigchain_api.py +++ b/tests/db/test_bigchain_api.py @@ -3,6 +3,8 @@ from time import sleep import pytest from unittest.mock import patch +from bigchaindb.common.exceptions import ValidationError + pytestmark = pytest.mark.bdb @@ -91,7 +93,7 @@ class TestBigchainApi(object): @pytest.mark.genesis def test_get_spent_with_double_inclusion_detected(self, b, monkeypatch): - from bigchaindb.backend.exceptions import BigchainDBCritical + from bigchaindb.exceptions import CriticalDoubleInclusion from bigchaindb.models import Transaction tx = Transaction.create([b.me], [([b.me], 1)]) @@ -121,12 +123,47 @@ class TestBigchainApi(object): vote = b.vote(block3.id, b.get_last_voted_block().id, True) b.write_vote(vote) - with pytest.raises(BigchainDBCritical): + with pytest.raises(CriticalDoubleInclusion): + b.get_spent(tx.id, 0) + + @pytest.mark.genesis + def test_get_spent_with_double_spend_detected(self, b, monkeypatch): + from bigchaindb.exceptions import CriticalDoubleSpend + from bigchaindb.models import Transaction + + tx = Transaction.create([b.me], [([b.me], 1)]) + tx = tx.sign([b.me_private]) + + monkeypatch.setattr('time.time', lambda: 1000000000) + block1 = b.create_block([tx]) + b.write_block(block1) + + monkeypatch.setattr('time.time', lambda: 1000000020) + transfer_tx = Transaction.transfer(tx.to_inputs(), [([b.me], 1)], + asset_id=tx.id) + transfer_tx = transfer_tx.sign([b.me_private]) + block2 = b.create_block([transfer_tx]) + b.write_block(block2) + + monkeypatch.setattr('time.time', lambda: 1000000030) + transfer_tx2 = Transaction.transfer(tx.to_inputs(), [([b.me], 2)], + asset_id=tx.id) + transfer_tx2 = transfer_tx2.sign([b.me_private]) + block3 = b.create_block([transfer_tx2]) + b.write_block(block3) + + # Vote both block2 and block3 valid + vote = b.vote(block2.id, b.get_last_voted_block().id, True) + b.write_vote(vote) + vote = b.vote(block3.id, b.get_last_voted_block().id, True) + b.write_vote(vote) + + with pytest.raises(CriticalDoubleSpend): b.get_spent(tx.id, 0) @pytest.mark.genesis def test_get_block_status_for_tx_with_double_inclusion(self, b, monkeypatch): - from bigchaindb.backend.exceptions import BigchainDBCritical + from bigchaindb.exceptions import CriticalDoubleInclusion from bigchaindb.models import Transaction tx = Transaction.create([b.me], [([b.me], 1)]) @@ -146,7 +183,7 @@ class TestBigchainApi(object): vote = b.vote(block2.id, b.get_last_voted_block().id, True) b.write_vote(vote) - with pytest.raises(BigchainDBCritical): + with pytest.raises(CriticalDoubleInclusion): b.get_blocks_status_containing_tx(tx.id) @pytest.mark.genesis @@ -478,7 +515,7 @@ class TestBigchainApi(object): @pytest.mark.usefixtures('inputs') def test_non_create_input_not_found(self, b, user_pk): from cryptoconditions import Ed25519Fulfillment - from bigchaindb.common.exceptions import TransactionDoesNotExist + from bigchaindb.common.exceptions import InputDoesNotExist from bigchaindb.common.transaction import Input, TransactionLink from bigchaindb.models import Transaction from bigchaindb import Bigchain @@ -490,7 +527,7 @@ class TestBigchainApi(object): tx = Transaction.transfer([input], [([user_pk], 1)], asset_id='mock_asset_link') - with pytest.raises(TransactionDoesNotExist): + with pytest.raises(InputDoesNotExist): tx.validate(Bigchain()) def test_count_backlog(self, b, user_pk): @@ -513,24 +550,24 @@ class TestTransactionValidation(object): # Manipulate input so that it has a `fulfills` defined even # though it shouldn't have one create_tx.inputs[0].fulfills = TransactionLink('abc', 0) - with pytest.raises(ValueError) as excinfo: + with pytest.raises(ValidationError) as excinfo: b.validate_transaction(create_tx) assert excinfo.value.args[0] == 'A CREATE operation has no inputs' def test_transfer_operation_no_inputs(self, b, user_pk, signed_transfer_tx): signed_transfer_tx.inputs[0].fulfills = None - with pytest.raises(ValueError) as excinfo: + with pytest.raises(ValidationError) as excinfo: b.validate_transaction(signed_transfer_tx) assert excinfo.value.args[0] == 'Only `CREATE` transactions can have null inputs' def test_non_create_input_not_found(self, b, user_pk, signed_transfer_tx): - from bigchaindb.common.exceptions import TransactionDoesNotExist + from bigchaindb.common.exceptions import InputDoesNotExist from bigchaindb.common.transaction import TransactionLink signed_transfer_tx.inputs[0].fulfills = TransactionLink('c', 0) - with pytest.raises(TransactionDoesNotExist): + with pytest.raises(InputDoesNotExist): b.validate_transaction(signed_transfer_tx) @pytest.mark.usefixtures('inputs') @@ -689,7 +726,7 @@ class TestBlockValidation(object): b.validate_block(block) def test_invalid_node_pubkey(self, b): - from bigchaindb.common.exceptions import OperationError + from bigchaindb.common.exceptions import SybilError from bigchaindb.common import crypto # blocks can only be created by a federation node @@ -706,8 +743,8 @@ class TestBlockValidation(object): # from a non federation node block = block.sign(tmp_sk) - # check that validate_block raises an OperationError - with pytest.raises(OperationError): + # check that validate_block raises an SybilError + with pytest.raises(SybilError): b.validate_block(block) @@ -726,7 +763,7 @@ class TestMultipleInputs(object): tx = tx.sign([user_sk]) # validate transaction - assert b.is_valid_transaction(tx) == tx + tx.validate(b) assert len(tx.inputs) == 1 assert len(tx.outputs) == 1 @@ -748,7 +785,7 @@ class TestMultipleInputs(object): asset_id=input_tx.id) tx = tx.sign([user_sk]) - assert b.is_valid_transaction(tx) == tx + tx.validate(b) assert len(tx.inputs) == 1 assert len(tx.outputs) == 1 @@ -780,7 +817,7 @@ class TestMultipleInputs(object): transfer_tx = transfer_tx.sign([user_sk, user2_sk]) # validate transaction - assert b.is_valid_transaction(transfer_tx) == transfer_tx + transfer_tx.validate(b) assert len(transfer_tx.inputs) == 1 assert len(transfer_tx.outputs) == 1 @@ -813,7 +850,7 @@ class TestMultipleInputs(object): asset_id=tx_input.id) tx = tx.sign([user_sk, user2_sk]) - assert b.is_valid_transaction(tx) == tx + tx.validate(b) assert len(tx.inputs) == 1 assert len(tx.outputs) == 1 @@ -1167,7 +1204,6 @@ def test_cant_spend_same_input_twice_in_tx(b, genesis_block): tx_transfer = Transaction.transfer(dup_inputs, [([b.me], 200)], asset_id=tx_create.id) tx_transfer_signed = tx_transfer.sign([b.me_private]) - assert b.is_valid_transaction(tx_transfer_signed) is False with pytest.raises(DoubleSpend): tx_transfer_signed.validate(b) @@ -1225,3 +1261,10 @@ def test_is_new_transaction(b, genesis_block): # Tx is new because it's only found in an invalid block assert b.is_new_transaction(tx.id) assert b.is_new_transaction(tx.id, exclude_block_id=block.id) + + +def test_validate_asset_id_string(signed_transfer_tx): + from bigchaindb.common.exceptions import ValidationError + signed_transfer_tx.asset['id'] = 1 + with pytest.raises(ValidationError): + signed_transfer_tx.validate(None) diff --git a/tests/pipelines/test_block_creation.py b/tests/pipelines/test_block_creation.py index b7d3e03e..27efc65d 100644 --- a/tests/pipelines/test_block_creation.py +++ b/tests/pipelines/test_block_creation.py @@ -46,28 +46,19 @@ def test_validate_transaction_handles_exceptions(b, signed_create_tx): """ from bigchaindb.pipelines.block import BlockPipeline block_maker = BlockPipeline() + from bigchaindb.common.exceptions import ValidationError - # Test SchemaValidationError tx_dict = signed_create_tx.to_dict() - tx_dict['invalid_key'] = 'schema validation gonna getcha!' - assert block_maker.validate_tx(tx_dict) is None - # Test InvalidHash - tx_dict = signed_create_tx.to_dict() - tx_dict['id'] = 'a' * 64 - assert block_maker.validate_tx(tx_dict) is None + with patch('bigchaindb.models.Transaction.validate') as validate: + # Assert that validationerror gets caught + validate.side_effect = ValidationError() + assert block_maker.validate_tx(tx_dict) is None - # Test InvalidSignature when we pass a bad fulfillment - tx_dict = signed_create_tx.to_dict() - tx_dict['inputs'][0]['fulfillment'] = 'cf:0:aaaaaaaaaaaaaaaaaaaaaaaaa' - assert block_maker.validate_tx(tx_dict) is None - - # Test AmountError - signed_create_tx.outputs[0].amount = 0 - tx_dict = signed_create_tx.to_dict() - # set the correct value back so that we can continue using it - signed_create_tx.outputs[0].amount = 1 - assert block_maker.validate_tx(tx_dict) is None + # Assert that another error doesnt + validate.side_effect = IOError() + with pytest.raises(IOError): + block_maker.validate_tx(tx_dict) def test_create_block(b, user_pk): diff --git a/tests/pipelines/test_stale_monitor.py b/tests/pipelines/test_stale_monitor.py index 06ee5b5f..6e2b12b8 100644 --- a/tests/pipelines/test_stale_monitor.py +++ b/tests/pipelines/test_stale_monitor.py @@ -36,7 +36,11 @@ def test_reassign_transactions(b, user_pk): stm = stale.StaleTransactionMonitor(timeout=0.001, backlog_reassign_delay=0.001) - stm.reassign_transactions(tx.to_dict()) + # This worked previously because transaction['assignee'] was only used if + # bigchain.nodes_except_me was not empty. + tx_dict = tx.to_dict() + tx_dict['assignee'] = b.me + stm.reassign_transactions(tx_dict) # test with federation tx = Transaction.create([b.me], [([user_pk], 1)]) @@ -58,7 +62,7 @@ def test_reassign_transactions(b, user_pk): tx = tx.sign([b.me_private]) stm.bigchain.nodes_except_me = ['lol'] b.write_transaction(tx) - stm.bigchain.nodes_except_me = None + stm.bigchain.nodes_except_me = [] tx = list(query.get_stale_transactions(b.connection, 0))[0] stm.reassign_transactions(tx) diff --git a/tests/pipelines/test_vote.py b/tests/pipelines/test_vote.py index 20beac1e..fa167d17 100644 --- a/tests/pipelines/test_vote.py +++ b/tests/pipelines/test_vote.py @@ -128,17 +128,23 @@ def test_validate_block_with_invalid_signature(b): @pytest.mark.genesis def test_vote_validate_transaction(b): from bigchaindb.pipelines import vote - from bigchaindb.models import Transaction + from bigchaindb.common.exceptions import ValidationError tx = dummy_tx(b) vote_obj = vote.Vote() validation = vote_obj.validate_tx(tx, 123, 1) assert validation == (True, 123, 1) - # NOTE: Submit unsigned transaction to `validate_tx` yields `False`. - tx = Transaction.create([b.me], [([b.me], 1)]) - validation = vote_obj.validate_tx(tx, 456, 10) - assert validation == (False, 456, 10) + with patch('bigchaindb.models.Transaction.validate') as validate: + # Assert that validationerror gets caught + validate.side_effect = ValidationError() + validation = vote_obj.validate_tx(tx, 456, 10) + assert validation == (False, 456, 10) + + # Assert that another error doesnt + validate.side_effect = IOError() + with pytest.raises(IOError): + validation = vote_obj.validate_tx(tx, 456, 10) @pytest.mark.genesis diff --git a/tests/test_core.py b/tests/test_core.py index 8e0a63fc..f939ad05 100644 --- a/tests/test_core.py +++ b/tests/test_core.py @@ -80,13 +80,3 @@ def test_get_blocks_status_containing_tx(monkeypatch): bigchain = Bigchain(public_key='pubkey', private_key='privkey') with pytest.raises(Exception): bigchain.get_blocks_status_containing_tx('txid') - - -def test_has_previous_vote(monkeypatch): - from bigchaindb.core import Bigchain - monkeypatch.setattr( - 'bigchaindb.utils.verify_vote_signature', lambda voters, vote: False) - bigchain = Bigchain(public_key='pubkey', private_key='privkey') - block = {'votes': ({'node_pubkey': 'pubkey'},)} - with pytest.raises(Exception): - bigchain.has_previous_vote(block) diff --git a/tests/test_models.py b/tests/test_models.py index 975d9ea1..8acf6507 100644 --- a/tests/test_models.py +++ b/tests/test_models.py @@ -1,4 +1,5 @@ from pytest import raises +from bigchaindb.common.exceptions import ValidationError class TestTransactionModel(object): @@ -8,12 +9,12 @@ class TestTransactionModel(object): tx = Transaction.create([b.me], [([b.me], 1)]) tx.operation = 'something invalid' - with raises(TypeError): + with raises(ValidationError): tx.validate(b) tx.operation = 'CREATE' tx.inputs = [] - with raises(ValueError): + with raises(ValidationError): tx.validate(b) @@ -61,11 +62,10 @@ class TestBlockModel(object): assert block.to_dict() == expected def test_block_invalid_serializaton(self): - from bigchaindb.common.exceptions import OperationError from bigchaindb.models import Block block = Block([]) - with raises(OperationError): + with raises(ValueError): block.to_dict() def test_block_deserialization(self, b): diff --git a/tests/web/test_transactions.py b/tests/web/test_transactions.py index 71f4f0e9..5533dbd0 100644 --- a/tests/web/test_transactions.py +++ b/tests/web/test_transactions.py @@ -1,4 +1,3 @@ -import builtins import json from unittest.mock import patch @@ -113,18 +112,15 @@ def test_post_create_transaction_with_invalid_schema(client, caplog): ('DoubleSpend', 'Nope! It is gone now!'), ('InvalidHash', 'Do not smoke that!'), ('InvalidSignature', 'Falsche Unterschrift!'), - ('OperationError', 'Create and transfer!'), - ('TransactionDoesNotExist', 'Hallucinations?'), + ('ValidationError', 'Create and transfer!'), + ('InputDoesNotExist', 'Hallucinations?'), ('TransactionOwnerError', 'Not yours!'), ('TransactionNotInValidBlock', 'Wait, maybe?'), - ('ValueError', '?'), + ('ValidationError', '?'), )) def test_post_invalid_transaction(client, exc, msg, monkeypatch, caplog): from bigchaindb.common import exceptions - try: - exc_cls = getattr(exceptions, exc) - except AttributeError: - exc_cls = getattr(builtins, 'ValueError') + exc_cls = getattr(exceptions, exc) def mock_validation(self_, tx): raise exc_cls(msg) From 294afa123f8d470dad2b0ac730cda4b36cecfee2 Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Tue, 7 Mar 2017 10:56:26 +0100 Subject: [PATCH 097/283] rename validate_structure to validate_id --- bigchaindb/common/transaction.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bigchaindb/common/transaction.py b/bigchaindb/common/transaction.py index 9da2421a..02332c38 100644 --- a/bigchaindb/common/transaction.py +++ b/bigchaindb/common/transaction.py @@ -1009,7 +1009,7 @@ class Transaction(object): return asset_ids.pop() @staticmethod - def validate_structure(tx_body): + def validate_id(tx_body): """Validate the transaction ID of a transaction Args: @@ -1041,7 +1041,7 @@ class Transaction(object): Returns: :class:`~bigchaindb.common.transaction.Transaction` """ - cls.validate_structure(tx) + cls.validate_id(tx) inputs = [Input.from_dict(input_) for input_ in tx['inputs']] outputs = [Output.from_dict(output) for output in tx['outputs']] return cls(tx['operation'], tx['asset'], inputs, outputs, From cb6bd34744ae7c89e6ccef4c125d2d857577d10e Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Tue, 7 Mar 2017 12:58:32 +0100 Subject: [PATCH 098/283] test create tx does not have an asset id --- bigchaindb/common/schema/__init__.py | 6 ++++++ .../common/schema/transaction_create.yaml | 17 +++++++++++++++++ .../common/schema/transaction_transfer.yaml | 18 ++++++++++++++++++ bigchaindb/common/transaction.py | 3 ++- bigchaindb/models.py | 9 +++++---- tests/test_behaviours.py | 17 +++++++++++++++++ 6 files changed, 65 insertions(+), 5 deletions(-) create mode 100644 bigchaindb/common/schema/transaction_create.yaml create mode 100644 bigchaindb/common/schema/transaction_transfer.yaml create mode 100644 tests/test_behaviours.py diff --git a/bigchaindb/common/schema/__init__.py b/bigchaindb/common/schema/__init__.py index 52c70c13..2c005ac5 100644 --- a/bigchaindb/common/schema/__init__.py +++ b/bigchaindb/common/schema/__init__.py @@ -29,6 +29,8 @@ def _load_schema(name): TX_SCHEMA_PATH, TX_SCHEMA = _load_schema('transaction') +_, TX_SCHEMA_CREATE = _load_schema('transaction_create') +_, TX_SCHEMA_TRANSFER = _load_schema('transaction_transfer') VOTE_SCHEMA_PATH, VOTE_SCHEMA = _load_schema('vote') @@ -43,6 +45,10 @@ def _validate_schema(schema, body): def validate_transaction_schema(tx): """ Validate a transaction dict """ _validate_schema(TX_SCHEMA, tx) + if tx['operation'] == 'TRANSFER': + _validate_schema(TX_SCHEMA_TRANSFER, tx) + else: + _validate_schema(TX_SCHEMA_CREATE, tx) def validate_vote_schema(vote): diff --git a/bigchaindb/common/schema/transaction_create.yaml b/bigchaindb/common/schema/transaction_create.yaml new file mode 100644 index 00000000..090d4680 --- /dev/null +++ b/bigchaindb/common/schema/transaction_create.yaml @@ -0,0 +1,17 @@ +--- +"$schema": "http://json-schema.org/draft-04/schema#" +type: object +title: Transaction Schema - CREATE/GENESIS specific properties +required: +- asset +properties: + asset: + additionalProperties: false + properties: + data: + description: | + User provided metadata associated with the asset. May also be ``null``. + anyOf: + - type: object + additionalProperties: true + - type: 'null' diff --git a/bigchaindb/common/schema/transaction_transfer.yaml b/bigchaindb/common/schema/transaction_transfer.yaml new file mode 100644 index 00000000..80abbf95 --- /dev/null +++ b/bigchaindb/common/schema/transaction_transfer.yaml @@ -0,0 +1,18 @@ +--- +"$schema": "http://json-schema.org/draft-04/schema#" +type: object +title: Transaction Schema - TRANSFER specific properties +required: +- asset +properties: + asset: + additionalProperties: false + properties: + id: + "$ref": "#/definitions/sha3_hexdigest" + description: | + ID of the transaction that created the asset. +definitions: + sha3_hexdigest: + pattern: "[0-9a-f]{64}" + type: string diff --git a/bigchaindb/common/transaction.py b/bigchaindb/common/transaction.py index 02332c38..23b8f169 100644 --- a/bigchaindb/common/transaction.py +++ b/bigchaindb/common/transaction.py @@ -999,7 +999,8 @@ class Transaction(object): transactions = [transactions] # create a set of the transactions' asset ids - asset_ids = {tx.id if tx.operation == Transaction.CREATE else tx.asset['id'] + asset_ids = {tx.id if tx.operation == Transaction.CREATE + else tx.asset['id'] for tx in transactions} # check that all the transasctions have the same asset id diff --git a/bigchaindb/models.py b/bigchaindb/models.py index 4f7d31f2..5d4b6c9d 100644 --- a/bigchaindb/models.py +++ b/bigchaindb/models.py @@ -25,9 +25,6 @@ class Transaction(Transaction): Raises: ValidationError: If the transaction is invalid """ - if len(self.inputs) == 0: - raise ValidationError('Transaction contains no inputs') - input_conditions = [] inputs_defined = all([input_.fulfills for input_ in self.inputs]) @@ -117,8 +114,12 @@ class Transaction(Transaction): return self @classmethod - def from_dict(cls, tx_body): + def validate_structure(cls, tx_body): validate_transaction_schema(tx_body) + + @classmethod + def from_dict(cls, tx_body): + cls.validate_structure(tx_body) return super().from_dict(tx_body) diff --git a/tests/test_behaviours.py b/tests/test_behaviours.py new file mode 100644 index 00000000..72bb4f17 --- /dev/null +++ b/tests/test_behaviours.py @@ -0,0 +1,17 @@ +import pytest +from bigchaindb.common import exceptions as exc +from bigchaindb.models import Transaction + + +################################################################################ +# 1.1 - The asset ID of a CREATE transaction is the same as it's ID + + +def test_create_tx_no_asset_id(b): + tx = Transaction.create([b.me], [([b.me], 1)]) + # works + Transaction.validate_structure(tx.to_dict()) + # broken + tx.asset['id'] = 'b' * 64 + with pytest.raises(exc.SchemaValidationError): + Transaction.validate_structure(tx.to_dict()) From 31b3ad8f960b66d385fb7b8c3b6ad7258f57933c Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Tue, 7 Mar 2017 12:58:48 +0100 Subject: [PATCH 099/283] fix bad quotes in test_outputs --- tests/web/test_outputs.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/web/test_outputs.py b/tests/web/test_outputs.py index b8f18d68..b5a02f76 100644 --- a/tests/web/test_outputs.py +++ b/tests/web/test_outputs.py @@ -100,7 +100,7 @@ def test_get_divisble_transactions_returns_500(b, client): asset_id = create_tx.id - url = TX_ENDPOINT + "?asset_id=" + asset_id + url = TX_ENDPOINT + '?asset_id=' + asset_id assert client.get(url).status_code == 200 assert len(client.get(url).json) == 3 From 8077956b95bd2c4772b914daf8c365d4ec018bb6 Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Tue, 7 Mar 2017 15:59:23 +0100 Subject: [PATCH 100/283] test serialization hash function --- tests/common/test_transaction.py | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/tests/common/test_transaction.py b/tests/common/test_transaction.py index a2782583..bc04f36a 100644 --- a/tests/common/test_transaction.py +++ b/tests/common/test_transaction.py @@ -352,6 +352,17 @@ def test_tx_serialization_with_incorrect_hash(utx): utx_dict.pop('id') +def test_tx_serialization_hash_function(tx): + import sha3 + import json + tx_dict = tx.to_dict() + tx_dict['inputs'][0]['fulfillment'] = None + del tx_dict['id'] + payload = json.dumps(tx_dict, skipkeys=False, sort_keys=True, + separators=(',', ':')) + assert sha3.sha3_256(payload.encode()).hexdigest() == tx.id + + def test_invalid_input_initialization(user_input, user_pub): from bigchaindb.common.transaction import Input From 5b2d22efd43e61c06be8f2a03f725727e6406f07 Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Tue, 7 Mar 2017 16:36:25 +0100 Subject: [PATCH 101/283] test asset schema --- tests/common/schema/test_transaction_schema.py | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tests/common/schema/test_transaction_schema.py b/tests/common/schema/test_transaction_schema.py index c9545ab3..b6cf294a 100644 --- a/tests/common/schema/test_transaction_schema.py +++ b/tests/common/schema/test_transaction_schema.py @@ -29,3 +29,17 @@ def test_validate_fails_metadata_empty_dict(create_tx): create_tx.metadata = {} with raises(SchemaValidationError): validate_transaction_schema(create_tx.to_dict()) + + +def test_transfer_asset_schema(signed_transfer_tx): + from bigchaindb.common.schema import (SchemaValidationError, + validate_transaction_schema) + tx = signed_transfer_tx.to_dict() + validate_transaction_schema(tx) + tx['asset']['data'] = {} + with raises(SchemaValidationError): + validate_transaction_schema(tx) + del tx['asset']['data'] + tx['asset']['id'] = 'b' * 63 + with raises(SchemaValidationError): + validate_transaction_schema(tx) From dbf24a6065503c1c2c722a48d882fb8f9034b59b Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Tue, 7 Mar 2017 17:12:12 +0100 Subject: [PATCH 102/283] schema validates that create txes only have 1 input and that it has no fulfills --- .../common/schema/transaction_create.yaml | 17 ++++++++++++++--- .../common/schema/test_transaction_schema.py | 19 +++++++++++++++++-- 2 files changed, 31 insertions(+), 5 deletions(-) diff --git a/bigchaindb/common/schema/transaction_create.yaml b/bigchaindb/common/schema/transaction_create.yaml index 090d4680..2383a102 100644 --- a/bigchaindb/common/schema/transaction_create.yaml +++ b/bigchaindb/common/schema/transaction_create.yaml @@ -1,17 +1,28 @@ --- "$schema": "http://json-schema.org/draft-04/schema#" type: object -title: Transaction Schema - CREATE/GENESIS specific properties +title: Transaction Schema - CREATE/GENESIS specific constraints required: - asset +- inputs properties: asset: additionalProperties: false properties: data: - description: | - User provided metadata associated with the asset. May also be ``null``. anyOf: - type: object additionalProperties: true - type: 'null' + inputs: + type: array + title: "Transaction inputs" + maxItems: 1 + minItems: 1 + items: + type: "object" + required: + - fulfills + properties: + fulfills: + type: "null" diff --git a/tests/common/schema/test_transaction_schema.py b/tests/common/schema/test_transaction_schema.py index b6cf294a..dca10e70 100644 --- a/tests/common/schema/test_transaction_schema.py +++ b/tests/common/schema/test_transaction_schema.py @@ -32,8 +32,6 @@ def test_validate_fails_metadata_empty_dict(create_tx): def test_transfer_asset_schema(signed_transfer_tx): - from bigchaindb.common.schema import (SchemaValidationError, - validate_transaction_schema) tx = signed_transfer_tx.to_dict() validate_transaction_schema(tx) tx['asset']['data'] = {} @@ -43,3 +41,20 @@ def test_transfer_asset_schema(signed_transfer_tx): tx['asset']['id'] = 'b' * 63 with raises(SchemaValidationError): validate_transaction_schema(tx) + + +def test_create_single_input(create_tx): + tx = create_tx.to_dict() + tx['inputs'] += tx['inputs'] + with raises(SchemaValidationError): + validate_transaction_schema(tx) + tx['inputs'] = [] + with raises(SchemaValidationError): + validate_transaction_schema(tx) + + +def test_create_tx_no_fulfills(create_tx): + tx = create_tx.to_dict() + tx['inputs'][0]['fulfills'] = {'tx': 'a' * 64, 'output': 0} + with raises(SchemaValidationError): + validate_transaction_schema(tx) From e8ee2ec0a64ce600d157f145f0f6c0417982fc1c Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Wed, 8 Mar 2017 12:52:46 +0100 Subject: [PATCH 103/283] fix tests --- tests/common/test_transaction.py | 44 +++++--------------------------- 1 file changed, 6 insertions(+), 38 deletions(-) diff --git a/tests/common/test_transaction.py b/tests/common/test_transaction.py index bc04f36a..b9d64add 100644 --- a/tests/common/test_transaction.py +++ b/tests/common/test_transaction.py @@ -456,12 +456,15 @@ def test_transaction_link_eq(): def test_add_input_to_tx(user_input, asset_definition): from bigchaindb.common.transaction import Transaction + from .utils import validate_transaction_model tx = Transaction(Transaction.CREATE, asset_definition, [], []) tx.add_input(user_input) assert len(tx.inputs) == 1 + validate_transaction_model(tx) + def test_add_input_to_tx_with_invalid_parameters(asset_definition): from bigchaindb.common.transaction import Transaction @@ -471,11 +474,11 @@ def test_add_input_to_tx_with_invalid_parameters(asset_definition): tx.add_input('somewronginput') -def test_add_output_to_tx(user_output, asset_definition): +def test_add_output_to_tx(user_output, user_input, asset_definition): from bigchaindb.common.transaction import Transaction from .utils import validate_transaction_model - tx = Transaction(Transaction.CREATE, asset_definition) + tx = Transaction(Transaction.CREATE, asset_definition, [user_input]) tx.add_output(user_output) assert len(tx.outputs) == 1 @@ -557,40 +560,6 @@ def test_validate_input_with_invalid_parameters(utx): assert not valid -def test_validate_multiple_inputs(user_input, user_output, user_priv, - asset_definition): - from copy import deepcopy - - from bigchaindb.common.crypto import PrivateKey - from bigchaindb.common.transaction import Transaction - from .utils import validate_transaction_model - - tx = Transaction(Transaction.CREATE, asset_definition, - [user_input, deepcopy(user_input)], - [user_output, deepcopy(user_output)]) - - expected_first = deepcopy(tx) - expected_second = deepcopy(tx) - expected_first.inputs = [expected_first.inputs[0]] - expected_second.inputs = [expected_second.inputs[1]] - - expected_first_bytes = str(expected_first).encode() - expected_first.inputs[0].fulfillment.sign(expected_first_bytes, - PrivateKey(user_priv)) - expected_second_bytes = str(expected_second).encode() - expected_second.inputs[0].fulfillment.sign(expected_second_bytes, - PrivateKey(user_priv)) - tx.sign([user_priv]) - - assert tx.inputs[0].to_dict()['fulfillment'] == \ - expected_first.inputs[0].fulfillment.serialize_uri() - assert tx.inputs[1].to_dict()['fulfillment'] == \ - expected_second.inputs[0].fulfillment.serialize_uri() - assert tx.inputs_valid() is True - - validate_transaction_model(tx) - - def test_validate_tx_threshold_create_signature(user_user2_threshold_input, user_user2_threshold_output, user_pub, @@ -632,8 +601,7 @@ def test_multiple_input_validation_of_transfer_tx(user_input, user_output, from cryptoconditions import Ed25519Fulfillment from .utils import validate_transaction_model - tx = Transaction(Transaction.CREATE, asset_definition, - [user_input, deepcopy(user_input)], + tx = Transaction(Transaction.CREATE, asset_definition, [user_input], [user_output, deepcopy(user_output)]) tx.sign([user_priv]) From 4050389df7a1396f9e385afee257a26ecfb8fdcd Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Mon, 13 Mar 2017 14:01:29 +0100 Subject: [PATCH 104/283] move test_create_tx_no_asset_id --- tests/common/test_transaction.py | 12 ++++++++++++ tests/test_behaviours.py | 17 ----------------- 2 files changed, 12 insertions(+), 17 deletions(-) delete mode 100644 tests/test_behaviours.py diff --git a/tests/common/test_transaction.py b/tests/common/test_transaction.py index b9d64add..e24519c9 100644 --- a/tests/common/test_transaction.py +++ b/tests/common/test_transaction.py @@ -964,3 +964,15 @@ def test_validate_version(utx): utx.version = '1.0.0' with raises(SchemaValidationError): validate_transaction_model(utx) + + +def test_create_tx_no_asset_id(b): + from bigchaindb.common.exceptions import SchemaValidationError + from bigchaindb.models import Transaction + tx = Transaction.create([b.me], [([b.me], 1)]) + # works + Transaction.validate_structure(tx.to_dict()) + # broken + tx.asset['id'] = 'b' * 64 + with raises(SchemaValidationError): + Transaction.validate_structure(tx.to_dict()) diff --git a/tests/test_behaviours.py b/tests/test_behaviours.py deleted file mode 100644 index 72bb4f17..00000000 --- a/tests/test_behaviours.py +++ /dev/null @@ -1,17 +0,0 @@ -import pytest -from bigchaindb.common import exceptions as exc -from bigchaindb.models import Transaction - - -################################################################################ -# 1.1 - The asset ID of a CREATE transaction is the same as it's ID - - -def test_create_tx_no_asset_id(b): - tx = Transaction.create([b.me], [([b.me], 1)]) - # works - Transaction.validate_structure(tx.to_dict()) - # broken - tx.asset['id'] = 'b' * 64 - with pytest.raises(exc.SchemaValidationError): - Transaction.validate_structure(tx.to_dict()) From b997057962b1209f3e69cab8dfa19bcfdff5a9b4 Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Mon, 13 Mar 2017 14:25:36 +0100 Subject: [PATCH 105/283] fix tests --- bigchaindb/models.py | 6 +----- tests/common/test_transaction.py | 12 ++++-------- tests/test_models.py | 17 ----------------- 3 files changed, 5 insertions(+), 30 deletions(-) diff --git a/bigchaindb/models.py b/bigchaindb/models.py index 5d4b6c9d..a46f2b73 100644 --- a/bigchaindb/models.py +++ b/bigchaindb/models.py @@ -113,13 +113,9 @@ class Transaction(Transaction): return self - @classmethod - def validate_structure(cls, tx_body): - validate_transaction_schema(tx_body) - @classmethod def from_dict(cls, tx_body): - cls.validate_structure(tx_body) + validate_transaction_schema(tx_body) return super().from_dict(tx_body) diff --git a/tests/common/test_transaction.py b/tests/common/test_transaction.py index e24519c9..5b06f801 100644 --- a/tests/common/test_transaction.py +++ b/tests/common/test_transaction.py @@ -966,13 +966,9 @@ def test_validate_version(utx): validate_transaction_model(utx) -def test_create_tx_no_asset_id(b): +def test_create_tx_no_asset_id(b, utx): from bigchaindb.common.exceptions import SchemaValidationError - from bigchaindb.models import Transaction - tx = Transaction.create([b.me], [([b.me], 1)]) - # works - Transaction.validate_structure(tx.to_dict()) - # broken - tx.asset['id'] = 'b' * 64 + from .utils import validate_transaction_model + utx.asset['id'] = 'b' * 64 with raises(SchemaValidationError): - Transaction.validate_structure(tx.to_dict()) + validate_transaction_model(utx) diff --git a/tests/test_models.py b/tests/test_models.py index 54d407f8..982ba2ba 100644 --- a/tests/test_models.py +++ b/tests/test_models.py @@ -1,21 +1,4 @@ from pytest import raises -from bigchaindb.common.exceptions import ValidationError - - -class TestTransactionModel(object): - def test_validating_an_invalid_transaction(self, b): - from bigchaindb.models import Transaction - - tx = Transaction.create([b.me], [([b.me], 1)]) - tx.operation = 'something invalid' - - with raises(ValidationError): - tx.validate(b) - - tx.operation = 'CREATE' - tx.inputs = [] - with raises(ValidationError): - tx.validate(b) class TestBlockModel(object): From 0fb4ea424b16c965f6f7579cfc1016df23fae28f Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Mon, 13 Mar 2017 14:55:03 +0100 Subject: [PATCH 106/283] remove stray validation --- bigchaindb/models.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/bigchaindb/models.py b/bigchaindb/models.py index bf6bafd5..771d6d6a 100644 --- a/bigchaindb/models.py +++ b/bigchaindb/models.py @@ -220,9 +220,6 @@ class Block(object): if self.node_pubkey not in bigchain.federation: raise SybilError('Only federation nodes can create blocks') - if set(self.voters) != bigchain.federation: - raise SybilError('Block voters differs from server keyring') - # Check that the signature is valid if not self.is_signature_valid(): raise InvalidSignature('Invalid block signature') From 58a1a25d43ab78d8b47a0b6567cc732f5ab89590 Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Mon, 13 Mar 2017 16:26:41 +0100 Subject: [PATCH 107/283] test for invalid vote in election pipeline --- bigchaindb/pipelines/election.py | 2 +- tests/pipelines/test_election.py | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/bigchaindb/pipelines/election.py b/bigchaindb/pipelines/election.py index fe4fbc68..a5818b3e 100644 --- a/bigchaindb/pipelines/election.py +++ b/bigchaindb/pipelines/election.py @@ -36,7 +36,7 @@ class Election: try: block_id = next_vote['vote']['voting_for_block'] node = next_vote['node_pubkey'] - except IndexError: + except KeyError: return next_block = self.bigchain.get_block(block_id) diff --git a/tests/pipelines/test_election.py b/tests/pipelines/test_election.py index e7491656..3127dcaf 100644 --- a/tests/pipelines/test_election.py +++ b/tests/pipelines/test_election.py @@ -114,6 +114,13 @@ def test_check_for_quorum_valid(b, user_pk): assert e.check_for_quorum(votes[-1]) is None +@patch('bigchaindb.core.Bigchain.get_block') +def test_invalid_vote(get_block, b): + e = election.Election() + assert e.check_for_quorum({}) is None + get_block.assert_not_called() + + @pytest.mark.bdb def test_check_requeue_transaction(b, user_pk): from bigchaindb.models import Transaction From e0366468ecb46181ecc4810dea3631f74000d271 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Mon, 13 Mar 2017 18:14:18 +0100 Subject: [PATCH 108/283] Fix comments in bigchaindb/toolbox Dockerfile The comments were referring to another Docker image (`krish7919/toolbox`). --- k8s/toolbox/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/k8s/toolbox/Dockerfile b/k8s/toolbox/Dockerfile index 6bcb1298..bac50f0a 100644 --- a/k8s/toolbox/Dockerfile +++ b/k8s/toolbox/Dockerfile @@ -1,7 +1,7 @@ # Toolbox container for debugging # Run as: -# docker run -it --rm --entrypoint sh krish7919/toolbox -# kubectl run -it toolbox --image krish7919/toolbox --restart=Never --rm +# docker run -it --rm --entrypoint sh bigchaindb/toolbox +# kubectl run -it toolbox --image bigchaindb/toolbox --restart=Never --rm FROM alpine:3.5 MAINTAINER github.com/krish7919 From 7c461e47d7c6fb77ac3f70eb307fa979d111c083 Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Tue, 14 Mar 2017 12:39:57 +0100 Subject: [PATCH 109/283] remove structural and schematic validations from Transaction.validate which is validating the spend --- .../common/schema/transaction_transfer.yaml | 11 +++++ bigchaindb/models.py | 40 ++----------------- tests/assets/test_digital_assets.py | 8 ++-- tests/assets/test_divisible_assets.py | 3 ++ tests/common/test_transaction.py | 9 +++++ tests/db/test_bigchain_api.py | 27 ------------- 6 files changed, 30 insertions(+), 68 deletions(-) diff --git a/bigchaindb/common/schema/transaction_transfer.yaml b/bigchaindb/common/schema/transaction_transfer.yaml index 80abbf95..09a5aa1b 100644 --- a/bigchaindb/common/schema/transaction_transfer.yaml +++ b/bigchaindb/common/schema/transaction_transfer.yaml @@ -12,6 +12,17 @@ properties: "$ref": "#/definitions/sha3_hexdigest" description: | ID of the transaction that created the asset. + inputs: + type: array + title: "Transaction inputs" + minItems: 1 + items: + type: "object" + required: + - fulfills + properties: + fulfills: + type: "object" definitions: sha3_hexdigest: pattern: "[0-9a-f]{64}" diff --git a/bigchaindb/models.py b/bigchaindb/models.py index a46f2b73..43313a2b 100644 --- a/bigchaindb/models.py +++ b/bigchaindb/models.py @@ -3,7 +3,7 @@ from bigchaindb.common.exceptions import (InvalidHash, InvalidSignature, DoubleSpend, InputDoesNotExist, TransactionNotInValidBlock, AssetIdMismatch, AmountError, - SybilError, ValidationError, + SybilError, DuplicateTransaction) from bigchaindb.common.transaction import Transaction from bigchaindb.common.utils import gen_timestamp, serialize @@ -12,7 +12,7 @@ from bigchaindb.common.schema import validate_transaction_schema class Transaction(Transaction): def validate(self, bigchain): - """Validate a transaction. + """Validate transaction spend Args: bigchain (Bigchain): an instantiated bigchaindb.Bigchain object. @@ -26,30 +26,8 @@ class Transaction(Transaction): ValidationError: If the transaction is invalid """ input_conditions = [] - inputs_defined = all([input_.fulfills for input_ in self.inputs]) - - # validate amounts - if any(output.amount < 1 for output in self.outputs): - raise AmountError('`amount` needs to be greater than zero') - - if self.operation in (Transaction.CREATE, Transaction.GENESIS): - # validate asset - if self.asset['data'] is not None and not isinstance(self.asset['data'], dict): - raise ValidationError(('`asset.data` must be a dict instance or ' - 'None for `CREATE` transactions')) - # validate inputs - if inputs_defined: - raise ValidationError('A CREATE operation has no inputs') - elif self.operation == Transaction.TRANSFER: - # validate asset - if not isinstance(self.asset['id'], str): - raise ValidationError('`asset.id` must be a string for ' - '`TRANSFER` transations') - # check inputs - if not inputs_defined: - raise ValidationError('Only `CREATE` transactions can have ' - 'null inputs') + if self.operation == Transaction.TRANSFER: # store the inputs so that we can check if the asset ids match input_txs = [] for input_ in self.inputs: @@ -74,8 +52,6 @@ class Transaction(Transaction): output = input_tx.outputs[input_.fulfills.output] input_conditions.append(output) input_txs.append(input_tx) - if output.amount < 1: - raise AmountError('`amount` needs to be greater than zero') # Validate that all inputs are distinct links = [i.fulfills.to_uri() for i in self.inputs] @@ -89,11 +65,6 @@ class Transaction(Transaction): ' match the asset id of the' ' transaction')) - # validate the amounts - for output in self.outputs: - if output.amount < 1: - raise AmountError('`amount` needs to be greater than zero') - input_amount = sum([input_condition.amount for input_condition in input_conditions]) output_amount = sum([output_condition.amount for output_condition in self.outputs]) @@ -103,11 +74,6 @@ class Transaction(Transaction): ' in the outputs `{}`') .format(input_amount, output_amount)) - else: - allowed_operations = ', '.join(Transaction.ALLOWED_OPERATIONS) - raise ValidationError('`operation`: `{}` must be either {}.' - .format(self.operation, allowed_operations)) - if not self.inputs_valid(input_conditions): raise InvalidSignature('Transaction signature is invalid.') diff --git a/tests/assets/test_digital_assets.py b/tests/assets/test_digital_assets.py index d44bc52c..c31ec3da 100644 --- a/tests/assets/test_digital_assets.py +++ b/tests/assets/test_digital_assets.py @@ -28,7 +28,7 @@ def test_validate_bad_asset_creation(b, user_pk): tx_signed = tx.sign([b.me_private]) with pytest.raises(ValidationError): - b.validate_transaction(tx_signed) + Transaction.from_dict(tx_signed.to_dict()) @pytest.mark.bdb @@ -93,15 +93,15 @@ def test_asset_id_mismatch(b, user_pk): def test_create_invalid_divisible_asset(b, user_pk, user_sk): from bigchaindb.models import Transaction - from bigchaindb.common.exceptions import AmountError + from bigchaindb.common.exceptions import ValidationError # Asset amount must be more than 0 tx = Transaction.create([user_pk], [([user_pk], 1)]) tx.outputs[0].amount = 0 tx.sign([user_sk]) - with pytest.raises(AmountError): - b.validate_transaction(tx) + with pytest.raises(ValidationError): + Transaction.from_dict(tx.to_dict()) def test_create_valid_divisible_asset(b, user_pk, user_sk): diff --git a/tests/assets/test_divisible_assets.py b/tests/assets/test_divisible_assets.py index 31e7890f..87a29c2b 100644 --- a/tests/assets/test_divisible_assets.py +++ b/tests/assets/test_divisible_assets.py @@ -638,6 +638,7 @@ def test_divide(b, user_pk, user_sk): # Check that negative inputs are caught when creating a TRANSFER transaction +@pytest.mark.skip(reason='part of tx structural tests') @pytest.mark.bdb @pytest.mark.usefixtures('inputs') def test_non_positive_amounts_on_transfer(b, user_pk): @@ -662,6 +663,7 @@ def test_non_positive_amounts_on_transfer(b, user_pk): # Check that negative inputs are caught when validating a TRANSFER transaction +@pytest.mark.skip(reason='part of tx structural tests') @pytest.mark.bdb @pytest.mark.usefixtures('inputs') def test_non_positive_amounts_on_transfer_validate(b, user_pk, user_sk): @@ -704,6 +706,7 @@ def test_non_positive_amounts_on_create(b, user_pk): # Check that negative inputs are caught when validating a CREATE transaction +@pytest.mark.skip(reason='part of tx structural tests') @pytest.mark.bdb @pytest.mark.usefixtures('inputs') def test_non_positive_amounts_on_create_validate(b, user_pk): diff --git a/tests/common/test_transaction.py b/tests/common/test_transaction.py index 5b06f801..45cadc3b 100644 --- a/tests/common/test_transaction.py +++ b/tests/common/test_transaction.py @@ -972,3 +972,12 @@ def test_create_tx_no_asset_id(b, utx): utx.asset['id'] = 'b' * 64 with raises(SchemaValidationError): validate_transaction_model(utx) + + +def test_transfer_tx_asset_schema(transfer_utx): + from bigchaindb.common.exceptions import SchemaValidationError + from .utils import validate_transaction_model + tx = transfer_utx + tx.asset['data'] = {} + with raises(SchemaValidationError): + validate_transaction_model(tx) diff --git a/tests/db/test_bigchain_api.py b/tests/db/test_bigchain_api.py index c39a104f..f1062777 100644 --- a/tests/db/test_bigchain_api.py +++ b/tests/db/test_bigchain_api.py @@ -3,8 +3,6 @@ from time import sleep import pytest from unittest.mock import patch -from bigchaindb.common.exceptions import ValidationError - pytestmark = pytest.mark.bdb @@ -596,24 +594,6 @@ class TestBigchainApi(object): class TestTransactionValidation(object): - def test_create_operation_with_inputs(self, b, user_pk, create_tx): - from bigchaindb.common.transaction import TransactionLink - - # Manipulate input so that it has a `fulfills` defined even - # though it shouldn't have one - create_tx.inputs[0].fulfills = TransactionLink('abc', 0) - with pytest.raises(ValidationError) as excinfo: - b.validate_transaction(create_tx) - assert excinfo.value.args[0] == 'A CREATE operation has no inputs' - - def test_transfer_operation_no_inputs(self, b, user_pk, - signed_transfer_tx): - signed_transfer_tx.inputs[0].fulfills = None - with pytest.raises(ValidationError) as excinfo: - b.validate_transaction(signed_transfer_tx) - - assert excinfo.value.args[0] == 'Only `CREATE` transactions can have null inputs' - def test_non_create_input_not_found(self, b, user_pk, signed_transfer_tx): from bigchaindb.common.exceptions import InputDoesNotExist from bigchaindb.common.transaction import TransactionLink @@ -1313,10 +1293,3 @@ def test_is_new_transaction(b, genesis_block): # Tx is new because it's only found in an invalid block assert b.is_new_transaction(tx.id) assert b.is_new_transaction(tx.id, exclude_block_id=block.id) - - -def test_validate_asset_id_string(signed_transfer_tx): - from bigchaindb.common.exceptions import ValidationError - signed_transfer_tx.asset['id'] = 1 - with pytest.raises(ValidationError): - signed_transfer_tx.validate(None) From 696dbe7844df014e0d308da613534b4290cd7e20 Mon Sep 17 00:00:00 2001 From: Thomas Conte Date: Tue, 14 Mar 2017 14:23:30 +0100 Subject: [PATCH 110/283] SSL connection support --- bigchaindb/backend/connection.py | 6 ++++-- bigchaindb/backend/mongodb/connection.py | 14 +++++++++----- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/bigchaindb/backend/connection.py b/bigchaindb/backend/connection.py index c1f0a629..cf6bece7 100644 --- a/bigchaindb/backend/connection.py +++ b/bigchaindb/backend/connection.py @@ -16,7 +16,7 @@ logger = logging.getLogger(__name__) def connect(backend=None, host=None, port=None, name=None, max_tries=None, - connection_timeout=None, replicaset=None): + connection_timeout=None, replicaset=None, ssl=False): """Create a new connection to the database backend. All arguments default to the current configuration's values if not @@ -50,6 +50,8 @@ def connect(backend=None, host=None, port=None, name=None, max_tries=None, # to handle these these additional args. In case of RethinkDBConnection # it just does not do anything with it. replicaset = replicaset or bigchaindb.config['database'].get('replicaset') + ssl = bigchaindb.config['database'].get('ssl') if bigchaindb.config['database'].get('ssl') is not None \ + else ssl try: module_name, _, class_name = BACKENDS[backend].rpartition('.') @@ -63,7 +65,7 @@ def connect(backend=None, host=None, port=None, name=None, max_tries=None, logger.debug('Connection: {}'.format(Class)) return Class(host=host, port=port, dbname=dbname, max_tries=max_tries, connection_timeout=connection_timeout, - replicaset=replicaset) + replicaset=replicaset, ssl=ssl) class Connection: diff --git a/bigchaindb/backend/mongodb/connection.py b/bigchaindb/backend/mongodb/connection.py index 8688e243..274d64c1 100644 --- a/bigchaindb/backend/mongodb/connection.py +++ b/bigchaindb/backend/mongodb/connection.py @@ -16,7 +16,7 @@ logger = logging.getLogger(__name__) class MongoDBConnection(Connection): - def __init__(self, replicaset=None, **kwargs): + def __init__(self, replicaset=None, ssl=False, **kwargs): """Create a new Connection instance. Args: @@ -28,6 +28,8 @@ class MongoDBConnection(Connection): super().__init__(**kwargs) self.replicaset = replicaset or bigchaindb.config['database']['replicaset'] + self.ssl = bigchaindb.config['database'].get('ssl') if bigchaindb.config['database'].get('ssl') is not None \ + else ssl @property def db(self): @@ -71,14 +73,15 @@ class MongoDBConnection(Connection): # we should only return a connection if the replica set is # initialized. initialize_replica_set will check if the # replica set is initialized else it will initialize it. - initialize_replica_set(self.host, self.port, self.connection_timeout) + initialize_replica_set(self.host, self.port, self.connection_timeout, self.ssl) # FYI: this might raise a `ServerSelectionTimeoutError`, # that is a subclass of `ConnectionFailure`. return pymongo.MongoClient(self.host, self.port, replicaset=self.replicaset, - serverselectiontimeoutms=self.connection_timeout) + serverselectiontimeoutms=self.connection_timeout, + ssl=self.ssl) # `initialize_replica_set` might raise `ConnectionFailure` or `OperationFailure`. except (pymongo.errors.ConnectionFailure, @@ -86,7 +89,7 @@ class MongoDBConnection(Connection): raise ConnectionError() from exc -def initialize_replica_set(host, port, connection_timeout): +def initialize_replica_set(host, port, connection_timeout, ssl): """Initialize a replica set. If already initialized skip.""" # Setup a MongoDB connection @@ -95,7 +98,8 @@ def initialize_replica_set(host, port, connection_timeout): # you try to connect to a replica set that is not yet initialized conn = pymongo.MongoClient(host=host, port=port, - serverselectiontimeoutms=connection_timeout) + serverselectiontimeoutms=connection_timeout, + ssl=ssl) _check_replica_set(conn) host = '{}:{}'.format(bigchaindb.config['database']['host'], bigchaindb.config['database']['port']) From f51b40b6dcc61ab37a1525453cc5376b8a4eea12 Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Tue, 14 Mar 2017 17:07:18 +0100 Subject: [PATCH 111/283] some documentation and nomenclature fixes in common.schema --- bigchaindb/common/schema/__init__.py | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/bigchaindb/common/schema/__init__.py b/bigchaindb/common/schema/__init__.py index 2c005ac5..a69793ad 100644 --- a/bigchaindb/common/schema/__init__.py +++ b/bigchaindb/common/schema/__init__.py @@ -28,7 +28,7 @@ def _load_schema(name): return path, schema -TX_SCHEMA_PATH, TX_SCHEMA = _load_schema('transaction') +TX_SCHEMA_PATH, TX_SCHEMA_COMMON = _load_schema('transaction') _, TX_SCHEMA_CREATE = _load_schema('transaction_create') _, TX_SCHEMA_TRANSFER = _load_schema('transaction_transfer') VOTE_SCHEMA_PATH, VOTE_SCHEMA = _load_schema('vote') @@ -43,8 +43,13 @@ def _validate_schema(schema, body): def validate_transaction_schema(tx): - """ Validate a transaction dict """ - _validate_schema(TX_SCHEMA, tx) + """ + Validate a transaction dict. + + TX_SCHEMA_COMMON contains properties that are common to all types of + transaction. TX_SCHEMA_[TRANSFER|CREATE] add additional constraints on top. + """ + _validate_schema(TX_SCHEMA_COMMON, tx) if tx['operation'] == 'TRANSFER': _validate_schema(TX_SCHEMA_TRANSFER, tx) else: From c3d9717b07069e08ea96270a1ff5280bd311bdf3 Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Tue, 14 Mar 2017 18:40:04 +0100 Subject: [PATCH 112/283] fix breakage from other branch --- tests/common/schema/test_schema.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/common/schema/test_schema.py b/tests/common/schema/test_schema.py index 02a00ee2..3116fa7d 100644 --- a/tests/common/schema/test_schema.py +++ b/tests/common/schema/test_schema.py @@ -1,5 +1,5 @@ from bigchaindb.common.schema import ( - TX_SCHEMA, VOTE_SCHEMA, drop_schema_descriptions) + TX_SCHEMA_COMMON, VOTE_SCHEMA, drop_schema_descriptions) def _test_additionalproperties(node, path=''): @@ -19,7 +19,7 @@ def _test_additionalproperties(node, path=''): def test_transaction_schema_additionalproperties(): - _test_additionalproperties(TX_SCHEMA) + _test_additionalproperties(TX_SCHEMA_COMMON) def test_vote_schema_additionalproperties(): From 4daeff28f82c95096eefdf1ffe2e5c21034ce130 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Tue, 14 Mar 2017 20:23:46 +0100 Subject: [PATCH 113/283] Tip for `az acs kubernetes get-credentials...` Added a tip for when `$ az acs kubernetes get-credentials...` command gives an error after you enter the correct password. --- .../cloud-deployment-templates/node-on-kubernetes.rst | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst b/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst index e1ed43e7..199694d4 100644 --- a/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst +++ b/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst @@ -31,6 +31,12 @@ then you can get the ``~/.kube/config`` file using: --resource-group \ --name +If it asks for a password (to unlock the SSH key) +and you enter the correct password, +but you get an error message, +then try adding ``--ssh-key-file ~/.ssh/`` +to the above command (i.e. the path to the private key). + Step 3: Create Storage Classes ------------------------------ From ea6ce5c1a1cf013675ed0d4dd109084aac341649 Mon Sep 17 00:00:00 2001 From: Krish Date: Wed, 15 Mar 2017 16:22:49 +0100 Subject: [PATCH 114/283] Single node/cluster bootstrap and node addition workflow in k8s (#1278) * Combining configs * Combining the persistent volume claims into a single file. * Combining the storage classes into a single file. * Updating documentation * Multiple changes * Support for ConfigMap * Custom MongoDB container for BigchainDB * Update documentation to run a single node on k8s * Additional documentation * Documentation to add a node to an existing BigchainDB cluster * Commit on rolling upgrades * Fixing minor documentation mistakes * Documentation updates as per @ttmc's comments * Block formatting error * Change in ConfigMap yaml config --- docs/root/source/terminology.md | 4 +- .../add-node-on-kubernetes.rst | 168 +++++++++++++ .../cloud-deployment-templates/index.rst | 2 +- .../node-on-kubernetes.rst | 221 +++++++++++++++--- k8s/deprecated.to.del/mongo-statefulset.yaml | 57 +++++ k8s/mongodb/container/Dockerfile | 12 + k8s/mongodb/container/Makefile | 51 ++++ k8s/mongodb/container/README.md | 88 +++++++ k8s/mongodb/container/mongod.conf.template | 89 +++++++ .../mongod_entrypoint/mongod_entrypoint.go | 154 ++++++++++++ k8s/mongodb/mongo-cm.yaml | 13 ++ k8s/mongodb/mongo-data-configdb-pvc.yaml | 18 -- k8s/mongodb/mongo-data-configdb-sc.yaml | 12 - k8s/mongodb/mongo-data-db-pvc.yaml | 18 -- k8s/mongodb/mongo-data-db-sc.yaml | 12 - k8s/mongodb/mongo-pvc.yaml | 35 +++ k8s/mongodb/mongo-sc.yaml | 23 ++ k8s/mongodb/mongo-ss.yaml | 22 +- 18 files changed, 900 insertions(+), 99 deletions(-) create mode 100644 docs/server/source/cloud-deployment-templates/add-node-on-kubernetes.rst create mode 100644 k8s/deprecated.to.del/mongo-statefulset.yaml create mode 100644 k8s/mongodb/container/Dockerfile create mode 100644 k8s/mongodb/container/Makefile create mode 100644 k8s/mongodb/container/README.md create mode 100644 k8s/mongodb/container/mongod.conf.template create mode 100644 k8s/mongodb/container/mongod_entrypoint/mongod_entrypoint.go create mode 100644 k8s/mongodb/mongo-cm.yaml delete mode 100644 k8s/mongodb/mongo-data-configdb-pvc.yaml delete mode 100644 k8s/mongodb/mongo-data-configdb-sc.yaml delete mode 100644 k8s/mongodb/mongo-data-db-pvc.yaml delete mode 100644 k8s/mongodb/mongo-data-db-sc.yaml create mode 100644 k8s/mongodb/mongo-pvc.yaml create mode 100644 k8s/mongodb/mongo-sc.yaml diff --git a/docs/root/source/terminology.md b/docs/root/source/terminology.md index fb2a3bdf..25fd00f6 100644 --- a/docs/root/source/terminology.md +++ b/docs/root/source/terminology.md @@ -5,7 +5,7 @@ There is some specialized terminology associated with BigchainDB. To get started ## Node -A **BigchainDB node** is a machine or set of closely-linked machines running RethinkDB Server, BigchainDB Server, and related software. (A "machine" might be a bare-metal server, a virtual machine or a container.) Each node is controlled by one person or organization. +A **BigchainDB node** is a machine or set of closely-linked machines running RethinkDB/MongoDB Server, BigchainDB Server, and related software. (A "machine" might be a bare-metal server, a virtual machine or a container.) Each node is controlled by one person or organization. ## Cluster @@ -19,4 +19,4 @@ The people and organizations that run the nodes in a cluster belong to a **feder **What's the Difference Between a Cluster and a Federation?** -A cluster is just a bunch of connected nodes. A federation is an organization which has a cluster, and where each node in the cluster has a different operator. Confusingly, we sometimes call a federation's cluster its "federation." You can probably tell what we mean from context. \ No newline at end of file +A cluster is just a bunch of connected nodes. A federation is an organization which has a cluster, and where each node in the cluster has a different operator. Confusingly, we sometimes call a federation's cluster its "federation." You can probably tell what we mean from context. diff --git a/docs/server/source/cloud-deployment-templates/add-node-on-kubernetes.rst b/docs/server/source/cloud-deployment-templates/add-node-on-kubernetes.rst new file mode 100644 index 00000000..542d3d2b --- /dev/null +++ b/docs/server/source/cloud-deployment-templates/add-node-on-kubernetes.rst @@ -0,0 +1,168 @@ +Add a BigchainDB Node in a Kubernetes Cluster +============================================= + +**Refer this document if you want to add a new BigchainDB node to an existing +cluster** + +**If you want to start your first BigchainDB node in the BigchainDB cluster, +refer** +:doc:`this ` + + +Terminology Used +---------------- + +``existing cluster`` will refer to the existing (or any one of the existing) +Kubernetes cluster that already hosts a BigchainDB instance with a MongoDB +backend. + +``ctx-1`` will refer to the kubectl context of the existing cluster. + +``new cluster`` will refer to the new Kubernetes cluster that will run a new +BigchainDB instance with a MongoDB backend. + +``ctx-2`` will refer to the kubectl context of the new cluster. + +``new MongoDB instance`` will refer to the MongoDB instance in the new cluster. + +``existing MongoDB instance`` will refer to the MongoDB instance in the +existing cluster. + +``new BigchainDB instance`` will refer to the BigchainDB instance in the new +cluster. + +``existing BigchainDB instance`` will refer to the BigchainDB instance in the +existing cluster. + + +Step 1: Prerequisites +--------------------- + +* You will need to have a public and private key for the new BigchainDB + instance you will set up. + +* The public key should be shared offline with the other existing BigchainDB + instances. The means to achieve this requirement is beyond the scope of this + document. + +* You will need the public keys of all the existing BigchainDB instances. The + means to achieve this requirement is beyond the scope of this document. + +* A new Kubernetes cluster setup with kubectl configured to access it. + If you are using Kubernetes on Azure Container Server (ACS), please refer + our documentation `here ` for the set up. + +If you haven't read our guide to set up a +:doc:`node on Kubernetes `, now is a good time to jump in +there and then come back here as these instructions build up from there. + + +NOTE: If you are managing multiple kubernetes clusters, from your local +system, you can run ``kubectl config view`` to list all the contexts that +are available for the local kubectl. +To target a specific cluster, add a ``--context`` flag to the kubectl CLI. For +example: + +.. code:: bash + + $ kubectl --context ctx-1 apply -f example.yaml + $ kubectl --context ctx-2 apply -f example.yaml + $ kubectl --context ctx-1 proxy --port 8001 + $ kubectl --context ctx-2 proxy --port 8002 + + +Step 2: Prepare the New Kubernetes cluster +------------------------------------------ +Follow the steps in the sections to set up Storage Classes and Persisten Volume +Claims, and to run MongoDB in the new cluster: + +1. :ref:`Add Storage Classes ` +2. :ref:`Add Persistent Volume Claims ` +3. :ref:`Create the Config Map ` +4. :ref:`Run MongoDB instance ` + + +Step 3: Add the New MongoDB Instance to the Existing Replica Set +---------------------------------------------------------------- +Note that by ``replica set`` we are referring to the MongoDB replica set, and not +to Kubernetes' ``ReplicaSet``. + +If you are not the administrator of an existing MongoDB/BigchainDB instance, you +will have to coordinate offline with an existing administrator so that s/he can +add the new MongoDB instance to the replica set. The means to achieve this is +beyond the scope of this document. + +Add the new instance of MongoDB from an existing instance by accessing the +``mongo`` shell. + +.. code:: bash + + $ kubectl --context ctx-1 exec -it mdb-0 -c mongodb -- /bin/bash + root@mdb-0# mongo --port 27017 + +We can only add members to a replica set from the ``PRIMARY`` instance. +The ``mongo`` shell prompt should state that this is the primary member in the +replica set. +If not, then you can use the ``rs.status()`` command to find out who the +primary is and login to the ``mongo`` shell in the primary. + +Run the ``rs.add()`` command with the FQDN and port number of the other instances: + +.. code:: bash + + PRIMARY> rs.add(":") + + +Step 4: Verify the replica set membership +----------------------------------------- + +You can use the ``rs.conf()`` and the ``rs.status()`` commands available in the +mongo shell to verify the replica set membership. + +The new MongoDB instance should be listed in the membership information +displayed. + + +Step 5: Start the new BigchainDB instance +----------------------------------------- + +Get the file ``bigchaindb-dep.yaml`` from GitHub using: + +.. code:: bash + + $ wget https://raw.githubusercontent.com/bigchaindb/bigchaindb/master/k8s/bigchaindb/bigchaindb-dep.yaml + +Note that we set the ``BIGCHAINDB_DATABASE_HOST`` to ``mdb`` which is the name +of the MongoDB service defined earlier. + +Edit the ``BIGCHAINDB_KEYPAIR_PUBLIC`` with the public key of this instance, +the ``BIGCHAINDB_KEYPAIR_PRIVATE`` with the private key of this instance and +the ``BIGCHAINDB_KEYRING`` with a ``:`` delimited list of all the public keys +in the BigchainDB cluster. + +Create the required Deployment using: + +.. code:: bash + + $ kubectl --context ctx-2 apply -f bigchaindb-dep.yaml + +You can check its status using the command ``kubectl get deploy -w`` + + +Step 6: Restart the existing BigchainDB instance(s) +--------------------------------------------------- +Add public key of the new BigchainDB instance to the keyring of all the +existing instances and update the BigchainDB instances using: + +.. code:: bash + + $ kubectl --context ctx-1 replace -f bigchaindb-dep.yaml + +This will create a ``rolling deployment`` in Kubernetes where a new instance of +BigchainDB will be created, and if the health check on the new instance is +successful, the earlier one will be terminated. This ensures that there is +zero downtime during updates. + +You can login to an existing BigchainDB instance and run the ``bigchaindb +show-config`` command to see the configuration update to the keyring. + diff --git a/docs/server/source/cloud-deployment-templates/index.rst b/docs/server/source/cloud-deployment-templates/index.rst index 67a2ace4..dee7cd4b 100644 --- a/docs/server/source/cloud-deployment-templates/index.rst +++ b/docs/server/source/cloud-deployment-templates/index.rst @@ -15,4 +15,4 @@ If you find the cloud deployment templates for nodes helpful, then you may also azure-quickstart-template template-kubernetes-azure node-on-kubernetes - \ No newline at end of file + add-node-on-kubernetes diff --git a/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst b/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst index 199694d4..650d2f45 100644 --- a/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst +++ b/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst @@ -1,6 +1,12 @@ -Run a BigchainDB Node in a Kubernetes Cluster -============================================= +Bootstrap a BigchainDB Node in a Kubernetes Cluster +=================================================== +**Refer this document if you are starting your first BigchainDB instance in +a BigchainDB cluster or starting a stand-alone BigchainDB instance** + +**If you want to add a new BigchainDB node to an existing cluster, refer** +:doc:`this ` + Assuming you already have a `Kubernetes `_ cluster up and running, this page describes how to run a BigchainDB node in it. @@ -90,24 +96,21 @@ For future reference, the command to create a storage account is `az storage account create `_. -Get the files ``mongo-data-db-sc.yaml`` and ``mongo-data-configdb-sc.yaml`` -from GitHub using: +Get the file ``mongo-sc.yaml`` from GitHub using: .. code:: bash - $ wget https://raw.githubusercontent.com/bigchaindb/bigchaindb/master/k8s/mongodb/mongo-data-db-sc.yaml - $ wget https://raw.githubusercontent.com/bigchaindb/bigchaindb/master/k8s/mongodb/mongo-data-configdb-sc.yaml + $ wget https://raw.githubusercontent.com/bigchaindb/bigchaindb/master/k8s/mongodb/mongo-sc.yaml You may want to update the ``parameters.location`` field in both the files to specify the location you are using in Azure. -Create the required StorageClass using +Create the required storage classes using .. code:: bash - $ kubectl apply -f mongo-data-db-sc.yaml - $ kubectl apply -f mongo-data-configdb-sc.yaml + $ kubectl apply -f mongo-sc.yaml You can check if it worked using ``kubectl get storageclasses``. @@ -128,13 +131,11 @@ Step 4: Create Persistent Volume Claims Next, we'll create two PersistentVolumeClaim objects ``mongo-db-claim`` and ``mongo-configdb-claim``. -Get the files ``mongo-data-db-sc.yaml`` and ``mongo-data-configdb-sc.yaml`` -from GitHub using: +Get the file ``mongo-pvc.yaml`` from GitHub using: .. code:: bash - $ wget https://raw.githubusercontent.com/bigchaindb/bigchaindb/master/k8s/mongodb/mongo-data-db-pvc.yaml - $ wget https://raw.githubusercontent.com/bigchaindb/bigchaindb/master/k8s/mongodb/mongo-data-configdb-pvc.yaml + $ wget https://raw.githubusercontent.com/bigchaindb/bigchaindb/master/k8s/mongodb/mongo-pvc.yaml Note how there's no explicit mention of Azure, AWS or whatever. ``ReadWriteOnce`` (RWO) means the volume can be mounted as @@ -147,12 +148,11 @@ by AzureDisk.) You may want to update the ``spec.resources.requests.storage`` field in both the files to specify a different disk size. -Create the required PersistentVolumeClaim using: +Create the required Persistent Volume Claims using: .. code:: bash - $ kubectl apply -f mongo-data-db-pvc.yaml - $ kubectl apply -f mongo-data-configdb-pvc.yaml + $ kubectl apply -f mongo-pvc.yaml You can check its status using: ``kubectl get pvc -w`` @@ -161,9 +161,81 @@ Initially, the status of persistent volume claims might be "Pending" but it should become "Bound" fairly quickly. +Step 5: Create the Config Map - Optional +---------------------------------------- + +This step is required only if you are planning to set up multiple +`BigchainDB nodes +`_, else you can +skip to the :ref:`next step `. + +MongoDB reads the local ``/etc/hosts`` file while bootstrapping a replica set +to resolve the hostname provided to the ``rs.initiate()`` command. It needs to +ensure that the replica set is being initialized in the same instance where +the MongoDB instance is running. + +To achieve this, we create a ConfigMap with the FQDN of the MongoDB instance +and populate the ``/etc/hosts`` file with this value so that a replica set can +be created seamlessly. + +Get the file ``mongo-cm.yaml`` from GitHub using: + +.. code:: bash + + $ wget https://raw.githubusercontent.com/bigchaindb/bigchaindb/master/k8s/mongodb/mongo-cm.yaml + +You may want to update the ``data.fqdn`` field in the file before creating the +ConfigMap. ``data.fqdn`` field will be the DNS name of your MongoDB instance. +This will be used by other MongoDB instances when forming a MongoDB +replica set. It should resolve to the MongoDB instance in your cluster when +you are done with the setup. This will help when we are adding more MongoDB +instances to the replica set in the future. + + +For ACS +^^^^^^^ +In Kubernetes on ACS, the name you populate in the ``data.fqdn`` field +will be used to configure a DNS name for the public IP assigned to the +Kubernetes Service that is the frontend for the MongoDB instance. + +We suggest using a name that will already be available in Azure. +We use ``mdb-instance-0``, ``mdb-instance-1`` and so on in this document, +which gives us ``mdb-instance-0..cloudapp.azure.com``, +``mdb-instance-1..cloudapp.azure.com``, etc. as the FQDNs. +The ```` is the Azure datacenter location you are using, +which can also be obtained using the ``az account list-locations`` command. + +You can also try to assign a name to an Public IP in Azure before starting +the process, or use ``nslookup`` with the name you have in mind to check +if it's available for use. + +In the rare chance that name in the ``data.fqdn`` field is not available, +we will need to create a ConfigMap with a unique name and restart the +MongoDB instance. + +For Kubernetes on bare-metal or other cloud providers +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +On other environments, you need to provide the name resolution function +by other means (using DNS providers like GoDaddy, CloudFlare or your own +private DNS server). The DNS set up for other environments is currently +beyond the scope of this document. + + +Create the required ConfigMap using: + +.. code:: bash + + $ kubectl apply -f mongo-cm.yaml + + +You can check its status using: ``kubectl get cm`` + + + Now we are ready to run MongoDB and BigchainDB on our Kubernetes cluster. -Step 5: Run MongoDB as a StatefulSet +Step 6: Run MongoDB as a StatefulSet ------------------------------------ Get the file ``mongo-ss.yaml`` from GitHub using: @@ -188,7 +260,7 @@ To avoid this, we use the Docker feature of ``--cap-add=FOWNER``. This bypasses the uid and gid permission checks during writes and allows data to be persisted to disk. Refer to the -`Docker doc `_ +`Docker docs `_ for details. As we gain more experience running MongoDB in testing and production, we will @@ -205,8 +277,91 @@ Create the required StatefulSet using: You can check its status using the commands ``kubectl get statefulsets -w`` and ``kubectl get svc -w`` - -Step 6: Run BigchainDB as a Deployment +You may have to wait for upto 10 minutes wait for disk to be created +and attached on the first run. The pod can fail several times with the message +specifying that the timeout for mounting the disk has exceeded. + + +Step 7: Initialize a MongoDB Replica Set - Optional +--------------------------------------------------- + +This step is required only if you are planning to set up multiple +`BigchainDB nodes +`_, else you can +skip to the :ref:`step 9 `. + + +Login to the running MongoDB instance and access the mongo shell using: + +.. code:: bash + + $ kubectl exec -it mdb-0 -c mongodb -- /bin/bash + root@mdb-0:/# mongo --port 27017 + +We initialize the replica set by using the ``rs.initiate()`` command from the +mongo shell. Its syntax is: + +.. code:: bash + + rs.initiate({ + _id : ":" + } ] + }) + +An example command might look like: + +.. code:: bash + + > rs.initiate({ _id : "bigchain-rs", members: [ { _id : 0, host :"mdb-instance-0.westeurope.cloudapp.azure.com:27017" } ] }) + + +where ``mdb-instance-0.westeurope.cloudapp.azure.com`` is the value stored in +the ``data.fqdn`` field in the ConfigMap created using ``mongo-cm.yaml``. + + +You should see changes in the mongo shell prompt from ``>`` +to ``bigchain-rs:OTHER>`` to ``bigchain-rs:SECONDARY>`` and finally +to ``bigchain-rs:PRIMARY>``. + +You can use the ``rs.conf()`` and the ``rs.status()`` commands to check the +detailed replica set configuration now. + + +Step 8: Create a DNS record - Optional +-------------------------------------- + +This step is required only if you are planning to set up multiple +`BigchainDB nodes +`_, else you can +skip to the :ref:`next step `. + +Since we currently rely on Azure to provide us with a public IP and manage the +DNS entries of MongoDB instances, we detail only the steps required for ACS +here. + +Select the current Azure resource group and look for the ``Public IP`` +resource. You should see at least 2 entries there - one for the Kubernetes +master and the other for the MongoDB instance. You may have to ``Refresh`` the +Azure web page listing the resources in a resource group for the latest +changes to be reflected. + +Select the ``Public IP`` resource that is attached to your service (it should +have the Kubernetes cluster name alongwith a random string), +select ``Configuration``, add the DNS name that was added in the +ConfigMap earlier, click ``Save``, and wait for the changes to be applied. + +To verify the DNS setting is operational, you can run ``nslookup `` from your local Linux shell. + + +This will ensure that when you scale the replica set later, other MongoDB +members in the replica set can reach this instance. + + +Step 9: Run BigchainDB as a Deployment -------------------------------------- Get the file ``bigchaindb-dep.yaml`` from GitHub using: @@ -239,23 +394,23 @@ Create the required Deployment using: You can check its status using the command ``kubectl get deploy -w`` -Step 7: Verify the BigchainDB Node Setup ----------------------------------------- +Step 10: Verify the BigchainDB Node Setup +----------------------------------------- -Step 7.1: Testing Externally -^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Step 10.1: Testing Externally +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Try to access the ``:9984`` on your -browser. You must receive a json output that shows the BigchainDB server -version among other things. +Try to access the ``:9984`` +on your browser. You must receive a json output that shows the BigchainDB +server version among other things. -Try to access the ``:27017`` on your -browser. You must receive a message from MongoDB stating that it doesn't allow -HTTP connections to the port anymore. +Try to access the ``:27017`` +on your browser. You must receive a message from MongoDB stating that it +doesn't allow HTTP connections to the port anymore. -Step 7.2: Testing Internally -^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Step 10.2: Testing Internally +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Run a container that provides utilities like ``nslookup``, ``curl`` and ``dig`` on the cluster and query the internal DNS and IP endpoints. @@ -270,7 +425,7 @@ Now we can query for the ``mdb`` and ``bdb`` service details. .. code:: bash $ nslookup mdb - $ dig +noall +answer _mdb_port._tcp.mdb.default.svc.cluster.local SRV + $ dig +noall +answer _mdb-port._tcp.mdb.default.svc.cluster.local SRV $ curl -X GET http://mdb:27017 $ curl -X GET http://bdb:9984 diff --git a/k8s/deprecated.to.del/mongo-statefulset.yaml b/k8s/deprecated.to.del/mongo-statefulset.yaml new file mode 100644 index 00000000..a71567f3 --- /dev/null +++ b/k8s/deprecated.to.del/mongo-statefulset.yaml @@ -0,0 +1,57 @@ +apiVersion: v1 +kind: Service +metadata: + name: mongodb + labels: + name: mongodb +spec: + ports: + - port: 27017 + targetPort: 27017 + clusterIP: None + selector: + role: mongodb +--- +apiVersion: apps/v1beta1 +kind: StatefulSet +metadata: + name: mongodb +spec: + serviceName: mongodb + replicas: 3 + template: + metadata: + labels: + role: mongodb + environment: staging + spec: + terminationGracePeriodSeconds: 10 + containers: + - name: mongo + image: mongo:3.4.1 + command: + - mongod + - "--replSet" + - bigchain-rs + #- "--smallfiles" + #- "--noprealloc" + ports: + - containerPort: 27017 + volumeMounts: + - name: mongo-persistent-storage + mountPath: /data/db + - name: mongo-sidecar + image: cvallance/mongo-k8s-sidecar + env: + - name: MONGO_SIDECAR_POD_LABELS + value: "role=mongo,environment=staging" + volumeClaimTemplates: + - metadata: + name: mongo-persistent-storage + annotations: + volume.beta.kubernetes.io/storage-class: "fast" + spec: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: 100Gi diff --git a/k8s/mongodb/container/Dockerfile b/k8s/mongodb/container/Dockerfile new file mode 100644 index 00000000..11fc80cf --- /dev/null +++ b/k8s/mongodb/container/Dockerfile @@ -0,0 +1,12 @@ +FROM mongo:3.4.2 +LABEL maintainer "dev@bigchaindb.com" +WORKDIR / +RUN apt-get update \ + && apt-get -y upgrade \ + && apt-get autoremove \ + && apt-get clean +COPY mongod.conf.template /etc/mongod.conf.template +COPY mongod_entrypoint/mongod_entrypoint / +VOLUME /data/db /data/configdb +EXPOSE 27017 +ENTRYPOINT ["/mongod_entrypoint"] diff --git a/k8s/mongodb/container/Makefile b/k8s/mongodb/container/Makefile new file mode 100644 index 00000000..72ec4f79 --- /dev/null +++ b/k8s/mongodb/container/Makefile @@ -0,0 +1,51 @@ +# Targets: +# all: Cleans, formats src files, builds the code, builds the docker image +# clean: Removes the binary and docker image +# format: Formats the src files +# build: Builds the code +# docker: Builds the code and docker image +# push: Push the docker image to Docker hub + +GOCMD=go +GOVET=$(GOCMD) tool vet +GOINSTALL=$(GOCMD) install +GOFMT=gofmt -s -w + +DOCKER_IMAGE_NAME?=bigchaindb/mongodb +DOCKER_IMAGE_TAG?=latest + +PWD=$(shell pwd) +BINARY_PATH=$(PWD)/mongod_entrypoint/ +BINARY_NAME=mongod_entrypoint +MAIN_FILE = $(BINARY_PATH)/mongod_entrypoint.go +SRC_FILES = $(BINARY_PATH)/mongod_entrypoint.go + +.PHONY: all + +all: clean build docker + +clean: + @echo "removing any pre-built binary"; + -@rm $(BINARY_PATH)/$(BINARY_NAME); + @echo "remove any pre-built docker image"; + -@docker rmi $(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG); + +format: + $(GOFMT) $(SRC_FILES) + +build: format + $(shell cd $(BINARY_PATH) && \ + export GOPATH="$(BINARY_PATH)" && \ + export GOBIN="$(BINARY_PATH)" && \ + CGO_ENABLED=0 GOOS=linux $(GOINSTALL) -ldflags "-s" -a -installsuffix cgo $(MAIN_FILE)) + +docker: build + docker build \ + -t $(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG) .; + +vet: + $(GOVET) . + +push: + docker push \ + $(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG); diff --git a/k8s/mongodb/container/README.md b/k8s/mongodb/container/README.md new file mode 100644 index 00000000..7896a912 --- /dev/null +++ b/k8s/mongodb/container/README.md @@ -0,0 +1,88 @@ +## Custom MongoDB container for BigchainDB Backend + +### Need + +* MongoDB needs the hostname provided in the rs.initiate() command to be + resolvable through the hosts file locally. +* In the future, with the introduction of TLS for inter-cluster MongoDB + communications, we will need a way to specify detailed configuration. +* We also need a way to overwrite certain parameters to suit our use case. + + +### Step 1: Build the Latest Container + +`make` from the root of this project. + + +### Step 2: Run the Container + +``` +docker run \ +--name=mdb1 \ +--publish=17017:17017 \ +--rm=true \ +bigchaindb/mongodb \ +--replica-set-name \ +--fqdn \ +--port +``` + +#### Step 3: Initialize the Replica Set + +Login to one of the MongoDB containers, say mdb1: + +`docker exec -it mdb1 bash` + +Start the `mongo` shell: + +`mongo --port 27017` + + +Run the rs.initiate() command: +``` +rs.initiate({ + _id : ":" + } ] +}) +``` + +For example: + +``` +rs.initiate({ _id : "test-repl-set", members: [ { _id : 0, host : +"mdb-instance-0.westeurope.cloudapp.azure.com:27017" } ] }) +``` + +You should also see changes in the mongo shell prompt from `>` to +`test-repl-set:OTHER>` to `test-repl-set:SECONDARY>` to finally +`test-repl-set:PRIMARY>`. +If this instance is not the primary, you can use the `rs.status()` command to +find out who is the primary. + + +#### Step 4: Add members to the Replica Set + +We can only add members to a replica set from the PRIMARY instance. +Login to the PRIMARY and open a `mongo` shell. + +Run the rs.add() command with the ip and port number of the other +containers/instances: +``` +rs.add(":") +``` + +For example: + +Add mdb2 to replica set from mdb1: +``` +rs.add("bdb-cluster-1.northeurope.cloudapp.azure.com:27017") +``` + +Add mdb3 to replica set from mdb1: +``` +rs.add("bdb-cluster-2.northeurope.cloudapp.azure.com:27017") +``` + diff --git a/k8s/mongodb/container/mongod.conf.template b/k8s/mongodb/container/mongod.conf.template new file mode 100644 index 00000000..28e74acf --- /dev/null +++ b/k8s/mongodb/container/mongod.conf.template @@ -0,0 +1,89 @@ +# mongod.conf + +# for documentation of all options, see: +# http://docs.mongodb.org/manual/reference/configuration-options/ + +# where to write logging data. +systemLog: + verbosity: 0 + #TODO traceAllExceptions: true + timeStampFormat: iso8601-utc + component: + accessControl: + verbosity: 0 + command: + verbosity: 0 + control: + verbosity: 0 + ftdc: + verbosity: 0 + geo: + verbosity: 0 + index: + verbosity: 0 + network: + verbosity: 0 + query: + verbosity: 0 + replication: + verbosity: 0 + sharding: + verbosity: 0 + storage: + verbosity: 0 + journal: + verbosity: 0 + write: + verbosity: 0 + +processManagement: + fork: false + pidFilePath: /tmp/mongod.pid + +net: + port: PORT + bindIp: 0.0.0.0 + maxIncomingConnections: 8192 + wireObjectCheck: false + unixDomainSocket: + enabled: false + pathPrefix: /tmp + filePermissions: 0700 + http: + enabled: false + compression: + compressors: snappy + #ssl: TODO + +#security: TODO + +#setParameter: + #notablescan: 1 TODO + #logUserIds: 1 TODO + +storage: + dbPath: /data/db + indexBuildRetry: true + journal: + enabled: true + commitIntervalMs: 100 + directoryPerDB: true + engine: wiredTiger + wiredTiger: + engineConfig: + journalCompressor: snappy + collectionConfig: + blockCompressor: snappy + indexConfig: + prefixCompression: true # TODO false may affect performance? + +operationProfiling: + mode: slowOp + slowOpThresholdMs: 100 + +replication: + replSetName: REPLICA_SET_NAME + enableMajorityReadConcern: true + +#sharding: + diff --git a/k8s/mongodb/container/mongod_entrypoint/mongod_entrypoint.go b/k8s/mongodb/container/mongod_entrypoint/mongod_entrypoint.go new file mode 100644 index 00000000..57b48974 --- /dev/null +++ b/k8s/mongodb/container/mongod_entrypoint/mongod_entrypoint.go @@ -0,0 +1,154 @@ +package main + +import ( + "bytes" + "errors" + "flag" + "fmt" + "io/ioutil" + "log" + "net" + "os" + "regexp" + "syscall" +) + +const ( + mongoConfFilePath string = "/etc/mongod.conf" + mongoConfTemplateFilePath string = "/etc/mongod.conf.template" + hostsFilePath string = "/etc/hosts" +) + +var ( + // Use the same entrypoint as the mongo:3.4.2 image; just supply it with + // the mongod conf file with custom params + mongoStartCmd []string = []string{"/entrypoint.sh", "mongod", "--config", + mongoConfFilePath} +) + +// context struct stores the user input and the constraints for the specified +// input. It also stores the keyword that needs to be replaced in the template +// files. +type context struct { + cliInput string + templateKeyword string + regex string +} + +// sanity function takes the pre-defined constraints and the user inputs as +// arguments and validates user input based on regex matching +func sanity(input map[string]*context, fqdn, ip string) error { + var format *regexp.Regexp + for _, ctx := range input { + format = regexp.MustCompile(ctx.regex) + if format.MatchString(ctx.cliInput) == false { + return errors.New(fmt.Sprintf( + "Invalid value: '%s' for '%s'. Can be '%s'", + ctx.cliInput, + ctx.templateKeyword, + ctx.regex)) + } + } + + format = regexp.MustCompile(`[a-z0-9-.]+`) + if format.MatchString(fqdn) == false { + return errors.New(fmt.Sprintf( + "Invalid value: '%s' for FQDN. Can be '%s'", + fqdn, + format)) + } + + if net.ParseIP(ip) == nil { + return errors.New(fmt.Sprintf( + "Invalid value: '%s' for IPv4. Can be a.b.c.d", + ip)) + } + + return nil +} + +// createFile function takes the pre-defined keywords, user inputs, the +// template file path and the new file path location as parameters, and +// creates a new file at file path with all the keywords replaced by inputs. +func createFile(input map[string]*context, + template string, conf string) error { + // read the template + contents, err := ioutil.ReadFile(template) + if err != nil { + return err + } + // replace + for _, ctx := range input { + contents = bytes.Replace(contents, []byte(ctx.templateKeyword), + []byte(ctx.cliInput), -1) + } + // write + err = ioutil.WriteFile(conf, contents, 0644) + if err != nil { + return err + } + return nil +} + +// updateHostsFile takes the FQDN supplied as input to the container and adds +// an entry to /etc/hosts +func updateHostsFile(ip, fqdn string) error { + fileHandle, err := os.OpenFile(hostsFilePath, os.O_APPEND|os.O_WRONLY, + os.ModeAppend) + if err != nil { + return err + } + defer fileHandle.Close() + // append + _, err = fileHandle.WriteString(fmt.Sprintf("\n%s %s\n", ip, fqdn)) + if err != nil { + return err + } + return nil +} + +func main() { + var fqdn, ip string + input := make(map[string]*context) + + input["replica-set-name"] = &context{} + input["replica-set-name"].regex = `[a-z]+` + input["replica-set-name"].templateKeyword = "REPLICA_SET_NAME" + flag.StringVar(&input["replica-set-name"].cliInput, + "replica-set-name", + "", + "replica set name") + + input["port"] = &context{} + input["port"].regex = `[0-9]{4,5}` + input["port"].templateKeyword = "PORT" + flag.StringVar(&input["port"].cliInput, + "port", + "", + "mongodb port number") + + flag.StringVar(&fqdn, "fqdn", "", "FQDN of the MongoDB instance") + flag.StringVar(&ip, "ip", "", "IPv4 address of the container") + + flag.Parse() + err := sanity(input, fqdn, ip) + if err != nil { + log.Fatal(err) + } + + err = createFile(input, mongoConfTemplateFilePath, mongoConfFilePath) + if err != nil { + log.Fatal(err) + } + + err = updateHostsFile(ip, fqdn) + if err != nil { + log.Fatal(err) + } + + fmt.Printf("Starting Mongod....") + err = syscall.Exec(mongoStartCmd[0], mongoStartCmd[0:], os.Environ()) + if err != nil { + panic(err) + } +} diff --git a/k8s/mongodb/mongo-cm.yaml b/k8s/mongodb/mongo-cm.yaml new file mode 100644 index 00000000..bf4b4f82 --- /dev/null +++ b/k8s/mongodb/mongo-cm.yaml @@ -0,0 +1,13 @@ +##################################################################### +# This YAML file desribes a ConfigMap with the FQDN of the mongo # +# instance to be started. MongoDB instance uses the value from this # +# ConfigMap to bootstrap itself during startup. # +##################################################################### + +apiVersion: v1 +kind: ConfigMap +metadata: + name: mdb-fqdn + namespace: default +data: + fqdn: mdb-instance-0.westeurope.cloudapp.azure.com diff --git a/k8s/mongodb/mongo-data-configdb-pvc.yaml b/k8s/mongodb/mongo-data-configdb-pvc.yaml deleted file mode 100644 index 7d3dc8a3..00000000 --- a/k8s/mongodb/mongo-data-configdb-pvc.yaml +++ /dev/null @@ -1,18 +0,0 @@ -########################################################## -# This YAML file desribes a k8s pvc for mongodb configDB # -########################################################## - -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: mongo-configdb-claim - annotations: - volume.beta.kubernetes.io/storage-class: slow-configdb -spec: - accessModes: - - ReadWriteOnce - # FIXME(Uncomment when ACS supports this!) - # persistentVolumeReclaimPolicy: Retain - resources: - requests: - storage: 20Gi diff --git a/k8s/mongodb/mongo-data-configdb-sc.yaml b/k8s/mongodb/mongo-data-configdb-sc.yaml deleted file mode 100644 index b431db67..00000000 --- a/k8s/mongodb/mongo-data-configdb-sc.yaml +++ /dev/null @@ -1,12 +0,0 @@ -################################################################### -# This YAML file desribes a StorageClass for the mongodb configDB # -################################################################### - -kind: StorageClass -apiVersion: storage.k8s.io/v1beta1 -metadata: - name: slow-configdb -provisioner: kubernetes.io/azure-disk -parameters: - skuName: Standard_LRS - location: westeurope diff --git a/k8s/mongodb/mongo-data-db-pvc.yaml b/k8s/mongodb/mongo-data-db-pvc.yaml deleted file mode 100644 index e9689346..00000000 --- a/k8s/mongodb/mongo-data-db-pvc.yaml +++ /dev/null @@ -1,18 +0,0 @@ -######################################################## -# This YAML file desribes a k8s pvc for mongodb dbPath # -######################################################## - -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: mongo-db-claim - annotations: - volume.beta.kubernetes.io/storage-class: slow-db -spec: - accessModes: - - ReadWriteOnce - # FIXME(Uncomment when ACS supports this!) - # persistentVolumeReclaimPolicy: Retain - resources: - requests: - storage: 20Gi diff --git a/k8s/mongodb/mongo-data-db-sc.yaml b/k8s/mongodb/mongo-data-db-sc.yaml deleted file mode 100644 index f700223d..00000000 --- a/k8s/mongodb/mongo-data-db-sc.yaml +++ /dev/null @@ -1,12 +0,0 @@ -################################################################# -# This YAML file desribes a StorageClass for the mongodb dbPath # -################################################################# - -kind: StorageClass -apiVersion: storage.k8s.io/v1beta1 -metadata: - name: slow-db -provisioner: kubernetes.io/azure-disk -parameters: - skuName: Standard_LRS - location: westeurope diff --git a/k8s/mongodb/mongo-pvc.yaml b/k8s/mongodb/mongo-pvc.yaml new file mode 100644 index 00000000..da257527 --- /dev/null +++ b/k8s/mongodb/mongo-pvc.yaml @@ -0,0 +1,35 @@ +########################################################### +# This section file desribes a k8s pvc for mongodb dbPath # +########################################################### +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: mongo-db-claim + annotations: + volume.beta.kubernetes.io/storage-class: slow-db +spec: + accessModes: + - ReadWriteOnce + # FIXME(Uncomment when ACS supports this!) + # persistentVolumeReclaimPolicy: Retain + resources: + requests: + storage: 20Gi +--- +############################################################# +# This YAML section desribes a k8s pvc for mongodb configDB # +############################################################# +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: mongo-configdb-claim + annotations: + volume.beta.kubernetes.io/storage-class: slow-configdb +spec: + accessModes: + - ReadWriteOnce + # FIXME(Uncomment when ACS supports this!) + # persistentVolumeReclaimPolicy: Retain + resources: + requests: + storage: 1Gi diff --git a/k8s/mongodb/mongo-sc.yaml b/k8s/mongodb/mongo-sc.yaml new file mode 100644 index 00000000..2f291ffe --- /dev/null +++ b/k8s/mongodb/mongo-sc.yaml @@ -0,0 +1,23 @@ +#################################################################### +# This YAML section desribes a StorageClass for the mongodb dbPath # +#################################################################### +kind: StorageClass +apiVersion: storage.k8s.io/v1beta1 +metadata: + name: slow-db +provisioner: kubernetes.io/azure-disk +parameters: + skuName: Standard_LRS + location: westeurope +--- +###################################################################### +# This YAML section desribes a StorageClass for the mongodb configDB # +###################################################################### +kind: StorageClass +apiVersion: storage.k8s.io/v1beta1 +metadata: + name: slow-configdb +provisioner: kubernetes.io/azure-disk +parameters: + skuName: Standard_LRS + location: westeurope diff --git a/k8s/mongodb/mongo-ss.yaml b/k8s/mongodb/mongo-ss.yaml index 63c7d27d..fb6a73f8 100644 --- a/k8s/mongodb/mongo-ss.yaml +++ b/k8s/mongodb/mongo-ss.yaml @@ -37,14 +37,30 @@ spec: terminationGracePeriodSeconds: 10 containers: - name: mongodb - image: mongo:3.4.1 + # TODO(FIXME): Do not use latest in production as it is harder to track + # versions during updates and rollbacks. Also, once fixed, change the + # imagePullPolicy to IfNotPresent for faster bootup + image: bigchaindb/mongodb:latest + env: + - name: MONGODB_FQDN + valueFrom: + configMapKeyRef: + name: mdb-fqdn + key: fqdn + - name: MONGODB_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP args: - - --replSet=bigchain-rs + - --replica-set-name=bigchain-rs + - --fqdn=$(MONGODB_FQDN) + - --port=27017 + - --ip=$(MONGODB_POD_IP) securityContext: capabilities: add: - FOWNER - imagePullPolicy: IfNotPresent + imagePullPolicy: Always ports: - containerPort: 27017 hostPort: 27017 From f00f68e03fe73950ceabe606ac81a527188ae2bf Mon Sep 17 00:00:00 2001 From: Rodolphe Marques Date: Thu, 16 Mar 2017 14:10:04 +0100 Subject: [PATCH 115/283] _sign_threshold now signs all subconditions for a public key. Created test. --- bigchaindb/common/transaction.py | 26 +++++++++++------------ tests/common/test_transaction.py | 36 ++++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+), 13 deletions(-) diff --git a/bigchaindb/common/transaction.py b/bigchaindb/common/transaction.py index 23b8f169..e956812f 100644 --- a/bigchaindb/common/transaction.py +++ b/bigchaindb/common/transaction.py @@ -768,20 +768,19 @@ class Transaction(object): key_pairs (dict): The keys to sign the Transaction with. """ input_ = deepcopy(input_) - for owner_before in input_.owners_before: - try: - # TODO: CC should throw a KeypairMismatchException, instead of - # our manual mapping here + for owner_before in set(input_.owners_before): + # TODO: CC should throw a KeypairMismatchException, instead of + # our manual mapping here - # TODO FOR CC: Naming wise this is not so smart, - # `get_subcondition` in fact doesn't return a - # condition but a fulfillment + # TODO FOR CC: Naming wise this is not so smart, + # `get_subcondition` in fact doesn't return a + # condition but a fulfillment - # TODO FOR CC: `get_subcondition` is singular. One would not - # expect to get a list back. - ccffill = input_.fulfillment - subffill = ccffill.get_subcondition_from_vk(owner_before)[0] - except IndexError: + # TODO FOR CC: `get_subcondition` is singular. One would not + # expect to get a list back. + ccffill = input_.fulfillment + subffills = ccffill.get_subcondition_from_vk(owner_before) + if not subffills: raise KeypairMismatchException('Public key {} cannot be found ' 'in the fulfillment' .format(owner_before)) @@ -794,7 +793,8 @@ class Transaction(object): # cryptoconditions makes no assumptions of the encoding of the # message to sign or verify. It only accepts bytestrings - subffill.sign(tx_serialized.encode(), private_key) + for subffill in subffills: + subffill.sign(tx_serialized.encode(), private_key) self.inputs[index] = input_ def inputs_valid(self, outputs=None): diff --git a/tests/common/test_transaction.py b/tests/common/test_transaction.py index 45cadc3b..f74e535e 100644 --- a/tests/common/test_transaction.py +++ b/tests/common/test_transaction.py @@ -590,6 +590,42 @@ def test_validate_tx_threshold_create_signature(user_user2_threshold_input, validate_transaction_model(tx) +def test_validate_tx_threshold_duplicated_pk(user_pub, user_priv, + asset_definition): + from copy import deepcopy + from cryptoconditions import Ed25519Fulfillment, ThresholdSha256Fulfillment + from bigchaindb.common.transaction import Input, Output, Transaction + from bigchaindb.common.crypto import PrivateKey + + threshold = ThresholdSha256Fulfillment(threshold=2) + threshold.add_subfulfillment(Ed25519Fulfillment(public_key=user_pub)) + threshold.add_subfulfillment(Ed25519Fulfillment(public_key=user_pub)) + + threshold_input = Input(threshold, [user_pub, user_pub]) + threshold_output = Output(threshold, [user_pub, user_pub]) + + tx = Transaction(Transaction.CREATE, asset_definition, + [threshold_input], [threshold_output]) + expected = deepcopy(threshold_input) + expected.fulfillment.subconditions[0]['body'].sign(str(tx).encode(), + PrivateKey(user_priv)) + expected.fulfillment.subconditions[1]['body'].sign(str(tx).encode(), + PrivateKey(user_priv)) + + tx.sign([user_priv, user_priv]) + + subconditions = tx.inputs[0].fulfillment.subconditions + expected_subconditions = expected.fulfillment.subconditions + assert subconditions[0]['body'].to_dict()['signature'] == \ + expected_subconditions[0]['body'].to_dict()['signature'] + assert subconditions[1]['body'].to_dict()['signature'] == \ + expected_subconditions[1]['body'].to_dict()['signature'] + + assert tx.inputs[0].to_dict()['fulfillment'] == \ + expected.fulfillment.serialize_uri() + assert tx.inputs_valid() is True + + def test_multiple_input_validation_of_transfer_tx(user_input, user_output, user_priv, user2_pub, user2_priv, user3_pub, From 4aa6ed106710239d24b6f1fc1bc93bd5837cf7d9 Mon Sep 17 00:00:00 2001 From: Rodolphe Marques Date: Thu, 16 Mar 2017 14:18:57 +0100 Subject: [PATCH 116/283] fixed pep8 error --- tests/common/test_transaction.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/common/test_transaction.py b/tests/common/test_transaction.py index f74e535e..16ba34e6 100644 --- a/tests/common/test_transaction.py +++ b/tests/common/test_transaction.py @@ -617,12 +617,12 @@ def test_validate_tx_threshold_duplicated_pk(user_pub, user_priv, subconditions = tx.inputs[0].fulfillment.subconditions expected_subconditions = expected.fulfillment.subconditions assert subconditions[0]['body'].to_dict()['signature'] == \ - expected_subconditions[0]['body'].to_dict()['signature'] + expected_subconditions[0]['body'].to_dict()['signature'] assert subconditions[1]['body'].to_dict()['signature'] == \ - expected_subconditions[1]['body'].to_dict()['signature'] + expected_subconditions[1]['body'].to_dict()['signature'] assert tx.inputs[0].to_dict()['fulfillment'] == \ - expected.fulfillment.serialize_uri() + expected.fulfillment.serialize_uri() assert tx.inputs_valid() is True From 7aa94447cd9e018b5cbf26263adfd8c1ba7c8699 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Thu, 16 Mar 2017 14:42:32 +0100 Subject: [PATCH 117/283] docs: copyedited 2 pages re/ node on k8s --- .../add-node-on-kubernetes.rst | 79 +++++++-------- .../node-on-kubernetes.rst | 99 +++++++------------ 2 files changed, 73 insertions(+), 105 deletions(-) diff --git a/docs/server/source/cloud-deployment-templates/add-node-on-kubernetes.rst b/docs/server/source/cloud-deployment-templates/add-node-on-kubernetes.rst index 542d3d2b..ea435ed3 100644 --- a/docs/server/source/cloud-deployment-templates/add-node-on-kubernetes.rst +++ b/docs/server/source/cloud-deployment-templates/add-node-on-kubernetes.rst @@ -1,25 +1,26 @@ -Add a BigchainDB Node in a Kubernetes Cluster -============================================= +Kubernetes Template: Add a BigchainDB Node to an Existing BigchainDB Cluster +============================================================================ -**Refer this document if you want to add a new BigchainDB node to an existing -cluster** +This page describes how to deploy a BigchainDB node using Kubernetes, +and how to add that node to an existing BigchainDB cluster. +It assumes you already have a running Kubernetes cluster +where you can deploy the new BigchainDB node. -**If you want to start your first BigchainDB node in the BigchainDB cluster, -refer** -:doc:`this ` +If you want to deploy the first BigchainDB node in a BigchainDB cluster, +or a stand-alone BigchainDB node, +then see :doc:`the page about that `. Terminology Used ---------------- -``existing cluster`` will refer to the existing (or any one of the existing) -Kubernetes cluster that already hosts a BigchainDB instance with a MongoDB -backend. +``existing cluster`` will refer to one of the existing Kubernetes clusters +hosting one of the existing BigchainDB nodes. ``ctx-1`` will refer to the kubectl context of the existing cluster. ``new cluster`` will refer to the new Kubernetes cluster that will run a new -BigchainDB instance with a MongoDB backend. +BigchainDB node (including a BigchainDB instance and a MongoDB instance). ``ctx-2`` will refer to the kubectl context of the new cluster. @@ -38,26 +39,19 @@ existing cluster. Step 1: Prerequisites --------------------- -* You will need to have a public and private key for the new BigchainDB - instance you will set up. +* A public/private key pair for the new BigchainDB instance. * The public key should be shared offline with the other existing BigchainDB - instances. The means to achieve this requirement is beyond the scope of this - document. + nodes in the existing BigchainDB cluster. -* You will need the public keys of all the existing BigchainDB instances. The - means to achieve this requirement is beyond the scope of this document. +* You will need the public keys of all the existing BigchainDB nodes. * A new Kubernetes cluster setup with kubectl configured to access it. - If you are using Kubernetes on Azure Container Server (ACS), please refer - our documentation `here ` for the set up. -If you haven't read our guide to set up a -:doc:`node on Kubernetes `, now is a good time to jump in -there and then come back here as these instructions build up from there. +* Some familiarity with deploying a BigchainDB node on Kubernetes. + See our :doc:`other docs about that `. - -NOTE: If you are managing multiple kubernetes clusters, from your local +Note: If you are managing multiple Kubernetes clusters, from your local system, you can run ``kubectl config view`` to list all the contexts that are available for the local kubectl. To target a specific cluster, add a ``--context`` flag to the kubectl CLI. For @@ -71,9 +65,10 @@ example: $ kubectl --context ctx-2 proxy --port 8002 -Step 2: Prepare the New Kubernetes cluster +Step 2: Prepare the New Kubernetes Cluster ------------------------------------------ -Follow the steps in the sections to set up Storage Classes and Persisten Volume + +Follow the steps in the sections to set up Storage Classes and Persistent Volume Claims, and to run MongoDB in the new cluster: 1. :ref:`Add Storage Classes ` @@ -84,13 +79,13 @@ Claims, and to run MongoDB in the new cluster: Step 3: Add the New MongoDB Instance to the Existing Replica Set ---------------------------------------------------------------- -Note that by ``replica set`` we are referring to the MongoDB replica set, and not -to Kubernetes' ``ReplicaSet``. -If you are not the administrator of an existing MongoDB/BigchainDB instance, you -will have to coordinate offline with an existing administrator so that s/he can -add the new MongoDB instance to the replica set. The means to achieve this is -beyond the scope of this document. +Note that by ``replica set``, we are referring to the MongoDB replica set, +not a Kubernetes' ``ReplicaSet``. + +If you are not the administrator of an existing BigchainDB node, you +will have to coordinate offline with an existing administrator so that they can +add the new MongoDB instance to the replica set. Add the new instance of MongoDB from an existing instance by accessing the ``mongo`` shell. @@ -100,7 +95,7 @@ Add the new instance of MongoDB from an existing instance by accessing the $ kubectl --context ctx-1 exec -it mdb-0 -c mongodb -- /bin/bash root@mdb-0# mongo --port 27017 -We can only add members to a replica set from the ``PRIMARY`` instance. +One can only add members to a replica set from the ``PRIMARY`` instance. The ``mongo`` shell prompt should state that this is the primary member in the replica set. If not, then you can use the ``rs.status()`` command to find out who the @@ -113,7 +108,7 @@ Run the ``rs.add()`` command with the FQDN and port number of the other instance PRIMARY> rs.add(":") -Step 4: Verify the replica set membership +Step 4: Verify the Replica Set Membership ----------------------------------------- You can use the ``rs.conf()`` and the ``rs.status()`` commands available in the @@ -123,7 +118,7 @@ The new MongoDB instance should be listed in the membership information displayed. -Step 5: Start the new BigchainDB instance +Step 5: Start the New BigchainDB Instance ----------------------------------------- Get the file ``bigchaindb-dep.yaml`` from GitHub using: @@ -149,20 +144,20 @@ Create the required Deployment using: You can check its status using the command ``kubectl get deploy -w`` -Step 6: Restart the existing BigchainDB instance(s) +Step 6: Restart the Existing BigchainDB Instance(s) --------------------------------------------------- -Add public key of the new BigchainDB instance to the keyring of all the -existing instances and update the BigchainDB instances using: + +Add the public key of the new BigchainDB instance to the keyring of all the +existing BigchainDB instances and update the BigchainDB instances using: .. code:: bash $ kubectl --context ctx-1 replace -f bigchaindb-dep.yaml -This will create a ``rolling deployment`` in Kubernetes where a new instance of +This will create a "rolling deployment" in Kubernetes where a new instance of BigchainDB will be created, and if the health check on the new instance is successful, the earlier one will be terminated. This ensures that there is zero downtime during updates. -You can login to an existing BigchainDB instance and run the ``bigchaindb -show-config`` command to see the configuration update to the keyring. - +You can SSH to an existing BigchainDB instance and run the ``bigchaindb +show-config`` command to check that the keyring is updated. diff --git a/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst b/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst index 650d2f45..b19d79a3 100644 --- a/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst +++ b/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst @@ -1,15 +1,13 @@ -Bootstrap a BigchainDB Node in a Kubernetes Cluster -=================================================== +Kubernetes Template: Deploy a Single BigchainDB Node +==================================================== -**Refer this document if you are starting your first BigchainDB instance in -a BigchainDB cluster or starting a stand-alone BigchainDB instance** +This page describes how to deploy the first BigchainDB node +in a BigchainDB cluster, or a stand-alone BigchainDB node, +using `Kubernetes `_. +It assumes you already have a running Kubernetes cluster. -**If you want to add a new BigchainDB node to an existing cluster, refer** -:doc:`this ` - -Assuming you already have a `Kubernetes `_ -cluster up and running, this page describes how to run a -BigchainDB node in it. +If you want to add a new BigchainDB node to an existing BigchainDB cluster, +refer to :doc:`the page about that `. Step 1: Install kubectl @@ -49,18 +47,17 @@ Step 3: Create Storage Classes MongoDB needs somewhere to store its data persistently, outside the container where MongoDB is running. - -The official MongoDB Docker container exports two volume mounts with correct +Our MongoDB Docker container +(based on the official MongoDB Docker container) +exports two volume mounts with correct permissions from inside the container: +* The directory where the mongod instance stores its data: ``/data/db``. + There's more explanation in the MongoDB docs about `storage.dbpath `_. -* The directory where the mongod instance stores its data - ``/data/db``, - described at `storage.dbpath `_. - -* The directory where mongodb instance stores the metadata for a sharded - cluster - ``/data/configdb/``, described at - `sharding.configDB `_. - +* The directory where the mongodb instance stores the metadata for a sharded + cluster: ``/data/configdb/``. + There's more explanation in the MongoDB docs about `sharding.configDB `_. Explaining how Kubernetes handles persistent volumes, and the associated terminology, @@ -69,9 +66,6 @@ see `the Kubernetes docs about persistent volumes `_. The first thing to do is create the Kubernetes storage classes. -We will accordingly create two storage classes and persistent volume claims in -Kubernetes. - **Azure.** First, you need an Azure storage account. If you deployed your Kubernetes cluster on Azure @@ -85,7 +79,6 @@ Standard storage is lower-cost and lower-performance. It uses hard disk drives (HDD). LRS means locally-redundant storage: three replicas in the same data center. - Premium storage is higher-cost and higher-performance. It uses solid state drives (SSD). At the time of writing, @@ -102,11 +95,10 @@ Get the file ``mongo-sc.yaml`` from GitHub using: $ wget https://raw.githubusercontent.com/bigchaindb/bigchaindb/master/k8s/mongodb/mongo-sc.yaml -You may want to update the ``parameters.location`` field in both the files to +You may have to update the ``parameters.location`` field in both the files to specify the location you are using in Azure. - -Create the required storage classes using +Create the required storage classes using: .. code:: bash @@ -115,7 +107,7 @@ Create the required storage classes using You can check if it worked using ``kubectl get storageclasses``. -Note that there is no line of the form +**Azure.** Note that there is no line of the form ``storageAccount: `` under ``parameters:``. When we included one and then created a PersistentVolumeClaim based on it, @@ -128,9 +120,8 @@ with the specified skuName and location. Step 4: Create Persistent Volume Claims --------------------------------------- -Next, we'll create two PersistentVolumeClaim objects ``mongo-db-claim`` and +Next, you will create two PersistentVolumeClaim objects ``mongo-db-claim`` and ``mongo-configdb-claim``. - Get the file ``mongo-pvc.yaml`` from GitHub using: .. code:: bash @@ -166,15 +157,14 @@ Step 5: Create the Config Map - Optional This step is required only if you are planning to set up multiple `BigchainDB nodes -`_, else you can -skip to the :ref:`next step `. +`_. MongoDB reads the local ``/etc/hosts`` file while bootstrapping a replica set to resolve the hostname provided to the ``rs.initiate()`` command. It needs to ensure that the replica set is being initialized in the same instance where the MongoDB instance is running. -To achieve this, we create a ConfigMap with the FQDN of the MongoDB instance +To achieve this, you will create a ConfigMap with the FQDN of the MongoDB instance and populate the ``/etc/hosts`` file with this value so that a replica set can be created seamlessly. @@ -188,35 +178,29 @@ You may want to update the ``data.fqdn`` field in the file before creating the ConfigMap. ``data.fqdn`` field will be the DNS name of your MongoDB instance. This will be used by other MongoDB instances when forming a MongoDB replica set. It should resolve to the MongoDB instance in your cluster when -you are done with the setup. This will help when we are adding more MongoDB +you are done with the setup. This will help when you are adding more MongoDB instances to the replica set in the future. -For ACS -^^^^^^^ +**Azure.** In Kubernetes on ACS, the name you populate in the ``data.fqdn`` field will be used to configure a DNS name for the public IP assigned to the Kubernetes Service that is the frontend for the MongoDB instance. - We suggest using a name that will already be available in Azure. We use ``mdb-instance-0``, ``mdb-instance-1`` and so on in this document, which gives us ``mdb-instance-0..cloudapp.azure.com``, ``mdb-instance-1..cloudapp.azure.com``, etc. as the FQDNs. The ```` is the Azure datacenter location you are using, which can also be obtained using the ``az account list-locations`` command. - You can also try to assign a name to an Public IP in Azure before starting the process, or use ``nslookup`` with the name you have in mind to check if it's available for use. - In the rare chance that name in the ``data.fqdn`` field is not available, -we will need to create a ConfigMap with a unique name and restart the +you must create a ConfigMap with a unique name and restart the MongoDB instance. -For Kubernetes on bare-metal or other cloud providers -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -On other environments, you need to provide the name resolution function +**Kubernetes on bare-metal or other cloud providers.** +You need to provide the name resolution function by other means (using DNS providers like GoDaddy, CloudFlare or your own private DNS server). The DNS set up for other environments is currently beyond the scope of this document. @@ -231,10 +215,9 @@ Create the required ConfigMap using: You can check its status using: ``kubectl get cm`` +Now you are ready to run MongoDB and BigchainDB on our Kubernetes cluster. -Now we are ready to run MongoDB and BigchainDB on our Kubernetes cluster. - Step 6: Run MongoDB as a StatefulSet ------------------------------------ @@ -250,12 +233,10 @@ Note how the MongoDB container uses the ``mongo-db-claim`` and the ``/data/configdb`` diretories (mount path). Note also that we use the pod's ``securityContext.capabilities.add`` specification to add the ``FOWNER`` capability to the container. - That is because MongoDB container has the user ``mongodb``, with uid ``999`` and group ``mongodb``, with gid ``999``. When this container runs on a host with a mounted disk, the writes fail when there is no user with uid ``999``. - To avoid this, we use the Docker feature of ``--cap-add=FOWNER``. This bypasses the uid and gid permission checks during writes and allows data to be persisted to disk. @@ -277,9 +258,9 @@ Create the required StatefulSet using: You can check its status using the commands ``kubectl get statefulsets -w`` and ``kubectl get svc -w`` -You may have to wait for upto 10 minutes wait for disk to be created +You may have to wait for up to 10 minutes for the disk to be created and attached on the first run. The pod can fail several times with the message -specifying that the timeout for mounting the disk has exceeded. +saying that the timeout for mounting the disk was exceeded. Step 7: Initialize a MongoDB Replica Set - Optional @@ -287,8 +268,7 @@ Step 7: Initialize a MongoDB Replica Set - Optional This step is required only if you are planning to set up multiple `BigchainDB nodes -`_, else you can -skip to the :ref:`step 9 `. +`_. Login to the running MongoDB instance and access the mongo shell using: @@ -298,7 +278,7 @@ Login to the running MongoDB instance and access the mongo shell using: $ kubectl exec -it mdb-0 -c mongodb -- /bin/bash root@mdb-0:/# mongo --port 27017 -We initialize the replica set by using the ``rs.initiate()`` command from the +You will initiate the replica set by using the ``rs.initiate()`` command from the mongo shell. Its syntax is: .. code:: bash @@ -335,28 +315,21 @@ Step 8: Create a DNS record - Optional This step is required only if you are planning to set up multiple `BigchainDB nodes -`_, else you can -skip to the :ref:`next step `. +`_. -Since we currently rely on Azure to provide us with a public IP and manage the -DNS entries of MongoDB instances, we detail only the steps required for ACS -here. - -Select the current Azure resource group and look for the ``Public IP`` +**Azure.** Select the current Azure resource group and look for the ``Public IP`` resource. You should see at least 2 entries there - one for the Kubernetes master and the other for the MongoDB instance. You may have to ``Refresh`` the Azure web page listing the resources in a resource group for the latest changes to be reflected. - Select the ``Public IP`` resource that is attached to your service (it should -have the Kubernetes cluster name alongwith a random string), +have the Kubernetes cluster name along with a random string), select ``Configuration``, add the DNS name that was added in the ConfigMap earlier, click ``Save``, and wait for the changes to be applied. To verify the DNS setting is operational, you can run ``nslookup `` from your local Linux shell. - This will ensure that when you scale the replica set later, other MongoDB members in the replica set can reach this instance. @@ -420,7 +393,7 @@ on the cluster and query the internal DNS and IP endpoints. $ kubectl run -it toolbox -- image --restart=Never --rm It will drop you to the shell prompt. -Now we can query for the ``mdb`` and ``bdb`` service details. +Now you can query for the ``mdb`` and ``bdb`` service details. .. code:: bash From b849656d3bbbc08fdb6e7e5fd06cb5a5636dd51a Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Tue, 14 Mar 2017 11:47:44 +0100 Subject: [PATCH 118/283] Use namedtuple for key pair --- bigchaindb/common/crypto.py | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/bigchaindb/common/crypto.py b/bigchaindb/common/crypto.py index acce02d9..99663fe9 100644 --- a/bigchaindb/common/crypto.py +++ b/bigchaindb/common/crypto.py @@ -1,18 +1,31 @@ # Separate all crypto code so that we can easily test several implementations +from collections import namedtuple import sha3 from cryptoconditions import crypto +CryptoKeypair = namedtuple('CryptoKeypair', ('private_key', 'public_key')) + + def hash_data(data): """Hash the provided data using SHA3-256""" return sha3.sha3_256(data.encode()).hexdigest() def generate_key_pair(): + """Generates a cryptographic key pair. + + Returns: + :class:`~bigchaindb.common.crypto.CryptoKeypair`: A + :obj:`collections.namedtuple` with named fields + :attr:`~bigchaindb.common.crypto.CryptoKeypair.private_key` and + :attr:`~bigchaindb.common.crypto.CryptoKeypair.public_key`. + + """ # TODO FOR CC: Adjust interface so that this function becomes unnecessary - private_key, public_key = crypto.ed25519_generate_key_pair() - return private_key.decode(), public_key.decode() + return CryptoKeypair( + *(k.decode() for k in crypto.ed25519_generate_key_pair())) PrivateKey = crypto.Ed25519SigningKey From 102406dd357ba8a14c85d32c99ea16d05bd9b521 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Thu, 16 Mar 2017 14:05:09 +0100 Subject: [PATCH 119/283] Add fixtures for alice, bob, and carol --- tests/conftest.py | 48 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/tests/conftest.py b/tests/conftest.py index 9612f38b..e943d0a9 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -223,6 +223,54 @@ def user2_pk(): return USER2_PK +@pytest.fixture +def alice(): + from bigchaindb.common.crypto import generate_key_pair + return generate_key_pair() + + +@pytest.fixture +def alice_privkey(alice): + return alice.private_key + + +@pytest.fixture +def alice_pubkey(alice): + return alice.public_key + + +@pytest.fixture +def bob(): + from bigchaindb.common.crypto import generate_key_pair + return generate_key_pair() + + +@pytest.fixture +def bob_privkey(bob): + return bob.private_key + + +@pytest.fixture +def bob_pubkey(carol): + return bob.public_key + + +@pytest.fixture +def carol(): + from bigchaindb.common.crypto import generate_key_pair + return generate_key_pair() + + +@pytest.fixture +def carol_privkey(carol): + return carol.private_key + + +@pytest.fixture +def carol_pubkey(carol): + return carol.public_key + + @pytest.fixture def b(): from bigchaindb import Bigchain From c12f08a92c3c16cc2078d95eedbf5fcada923095 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Thu, 16 Mar 2017 14:01:43 +0100 Subject: [PATCH 120/283] Add test to reproduce false double spend see issue #1271 --- tests/test_core.py | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/tests/test_core.py b/tests/test_core.py index f939ad05..b8803e9b 100644 --- a/tests/test_core.py +++ b/tests/test_core.py @@ -80,3 +80,46 @@ def test_get_blocks_status_containing_tx(monkeypatch): bigchain = Bigchain(public_key='pubkey', private_key='privkey') with pytest.raises(Exception): bigchain.get_blocks_status_containing_tx('txid') + + +@pytest.mark.genesis +def test_get_spent_issue_1271(b, alice, bob, carol): + from bigchaindb.models import Transaction + + tx_1 = Transaction.create( + [carol.public_key], + [([carol.public_key], 8)], + ).sign([carol.private_key]) + + tx_2 = Transaction.transfer( + tx_1.to_inputs(), + [([bob.public_key], 2), + ([alice.public_key], 2), + ([carol.public_key], 4)], + asset_id=tx_1.id, + ).sign([carol.private_key]) + + tx_3 = Transaction.transfer( + tx_2.to_inputs()[2:3], + [([alice.public_key], 1), + ([carol.public_key], 3)], + asset_id=tx_1.id, + ).sign([carol.private_key]) + + tx_4 = Transaction.transfer( + tx_2.to_inputs()[1:2] + tx_3.to_inputs()[0:1], + [([bob.public_key], 3)], + asset_id=tx_1.id, + ).sign([alice.private_key]) + + tx_5 = Transaction.transfer( + tx_2.to_inputs()[0:1], + [([alice.public_key], 2)], + asset_id=tx_1.id, + ).sign([bob.private_key]) + block_5 = b.create_block([tx_1, tx_2, tx_3, tx_4, tx_5]) + b.write_block(block_5) + assert b.get_spent(tx_2.id, 0) == tx_5 + assert not b.get_spent(tx_5.id, 0) + assert b.get_outputs_filtered(alice.public_key) + assert b.get_outputs_filtered(alice.public_key, include_spent=False) From c5bad99f4ea8b5bbe9f8aa2085d7af38bcd6128d Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Thu, 16 Mar 2017 13:40:25 +0100 Subject: [PATCH 121/283] Add test for get_spent for tx with two inputs --- tests/backend/mongodb/test_queries.py | 37 +++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/tests/backend/mongodb/test_queries.py b/tests/backend/mongodb/test_queries.py index 80e3cc91..1d7bfc39 100644 --- a/tests/backend/mongodb/test_queries.py +++ b/tests/backend/mongodb/test_queries.py @@ -159,6 +159,43 @@ def test_get_spent(signed_create_tx, signed_transfer_tx): assert spents[0] == signed_transfer_tx.to_dict() +def test_get_spent_for_tx_with_multiple_inputs(carol): + from bigchaindb.backend import connect, query + from bigchaindb.models import Block, Transaction + conn = connect() + tx_0 = Transaction.create( + [carol.public_key], + [([carol.public_key], 1), + ([carol.public_key], 1), + ([carol.public_key], 2)], + ).sign([carol.private_key]) + block = Block(transactions=[tx_0]) + conn.db.bigchain.insert_one(block.to_dict()) + spents = list(query.get_spent(conn, tx_0.id, 0)) + assert not spents + + tx_1 = Transaction.transfer( + tx_0.to_inputs()[2:3], + [([carol.public_key], 1), + ([carol.public_key], 1)], + asset_id=tx_0.id, + ).sign([carol.private_key]) + block = Block(transactions=[tx_1]) + conn.db.bigchain.insert_one(block.to_dict()) + spents = list(query.get_spent(conn, tx_0.id, 0)) + assert not spents + + tx_2 = Transaction.transfer( + tx_0.to_inputs()[0:1] + tx_1.to_inputs()[1:2], + [([carol.public_key], 2)], + asset_id=tx_0.id, + ).sign([carol.private_key]) + block = Block(transactions=[tx_2]) + conn.db.bigchain.insert_one(block.to_dict()) + spents = list(query.get_spent(conn, tx_0.id, 1)) + assert not spents + + def test_get_owned_ids(signed_create_tx, user_pk): from bigchaindb.backend import connect, query from bigchaindb.models import Block From b94a9ec7e9cf4d9009920e10b1420891d3e3f89d Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Thu, 16 Mar 2017 13:39:34 +0100 Subject: [PATCH 122/283] Fix get_spent mongodb-based query fixes #1271 --- bigchaindb/backend/mongodb/query.py | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/bigchaindb/backend/mongodb/query.py b/bigchaindb/backend/mongodb/query.py index 1988db04..74b9c35a 100644 --- a/bigchaindb/backend/mongodb/query.py +++ b/bigchaindb/backend/mongodb/query.py @@ -153,14 +153,22 @@ def get_spent(conn, transaction_id, output): cursor = conn.run( conn.collection('bigchain').aggregate([ {'$match': { - 'block.transactions.inputs.fulfills.txid': transaction_id, - 'block.transactions.inputs.fulfills.output': output + 'block.transactions.inputs': { + '$elemMatch': { + 'fulfills.txid': transaction_id, + 'fulfills.output': output, + }, + }, }}, {'$unwind': '$block.transactions'}, {'$match': { - 'block.transactions.inputs.fulfills.txid': transaction_id, - 'block.transactions.inputs.fulfills.output': output - }} + 'block.transactions.inputs': { + '$elemMatch': { + 'fulfills.txid': transaction_id, + 'fulfills.output': output, + }, + }, + }}, ])) # we need to access some nested fields before returning so lets use a # generator to avoid having to read all records on the cursor at this point From 08f040d2186335e04560f97cc3ad844e74254319 Mon Sep 17 00:00:00 2001 From: Thomas Conte Date: Fri, 17 Mar 2017 09:09:06 +0100 Subject: [PATCH 123/283] Authentication support --- bigchaindb/backend/connection.py | 6 ++++-- bigchaindb/backend/mongodb/connection.py | 27 +++++++++++++++++------- 2 files changed, 23 insertions(+), 10 deletions(-) diff --git a/bigchaindb/backend/connection.py b/bigchaindb/backend/connection.py index cf6bece7..56b5cd82 100644 --- a/bigchaindb/backend/connection.py +++ b/bigchaindb/backend/connection.py @@ -16,7 +16,7 @@ logger = logging.getLogger(__name__) def connect(backend=None, host=None, port=None, name=None, max_tries=None, - connection_timeout=None, replicaset=None, ssl=False): + connection_timeout=None, replicaset=None, ssl=False, login=None, password=None): """Create a new connection to the database backend. All arguments default to the current configuration's values if not @@ -52,6 +52,8 @@ def connect(backend=None, host=None, port=None, name=None, max_tries=None, replicaset = replicaset or bigchaindb.config['database'].get('replicaset') ssl = bigchaindb.config['database'].get('ssl') if bigchaindb.config['database'].get('ssl') is not None \ else ssl + login = login or bigchaindb.config['database'].get('login') + password = password or bigchaindb.config['database'].get('password') try: module_name, _, class_name = BACKENDS[backend].rpartition('.') @@ -65,7 +67,7 @@ def connect(backend=None, host=None, port=None, name=None, max_tries=None, logger.debug('Connection: {}'.format(Class)) return Class(host=host, port=port, dbname=dbname, max_tries=max_tries, connection_timeout=connection_timeout, - replicaset=replicaset, ssl=ssl) + replicaset=replicaset, ssl=ssl, login=login, password=password) class Connection: diff --git a/bigchaindb/backend/mongodb/connection.py b/bigchaindb/backend/mongodb/connection.py index 274d64c1..9168190a 100644 --- a/bigchaindb/backend/mongodb/connection.py +++ b/bigchaindb/backend/mongodb/connection.py @@ -16,7 +16,7 @@ logger = logging.getLogger(__name__) class MongoDBConnection(Connection): - def __init__(self, replicaset=None, ssl=False, **kwargs): + def __init__(self, replicaset=None, ssl=False, login=None, password=None, **kwargs): """Create a new Connection instance. Args: @@ -30,6 +30,8 @@ class MongoDBConnection(Connection): self.replicaset = replicaset or bigchaindb.config['database']['replicaset'] self.ssl = bigchaindb.config['database'].get('ssl') if bigchaindb.config['database'].get('ssl') is not None \ else ssl + self.login = login or bigchaindb.config['database'].get('login') + self.password = password or bigchaindb.config['database'].get('password') @property def db(self): @@ -73,15 +75,20 @@ class MongoDBConnection(Connection): # we should only return a connection if the replica set is # initialized. initialize_replica_set will check if the # replica set is initialized else it will initialize it. - initialize_replica_set(self.host, self.port, self.connection_timeout, self.ssl) + initialize_replica_set(self.host, self.port, self.connection_timeout, self.dbname, self.ssl, self.login, self.password) # FYI: this might raise a `ServerSelectionTimeoutError`, # that is a subclass of `ConnectionFailure`. - return pymongo.MongoClient(self.host, - self.port, - replicaset=self.replicaset, - serverselectiontimeoutms=self.connection_timeout, - ssl=self.ssl) + client = pymongo.MongoClient(self.host, + self.port, + replicaset=self.replicaset, + serverselectiontimeoutms=self.connection_timeout, + ssl=self.ssl) + + if self.login is not None and self.password is not None: + client[self.dbname].authenticate(self.login, self.password) + + return client # `initialize_replica_set` might raise `ConnectionFailure` or `OperationFailure`. except (pymongo.errors.ConnectionFailure, @@ -89,7 +96,7 @@ class MongoDBConnection(Connection): raise ConnectionError() from exc -def initialize_replica_set(host, port, connection_timeout, ssl): +def initialize_replica_set(host, port, connection_timeout, dbname, ssl, login, password): """Initialize a replica set. If already initialized skip.""" # Setup a MongoDB connection @@ -100,6 +107,10 @@ def initialize_replica_set(host, port, connection_timeout, ssl): port=port, serverselectiontimeoutms=connection_timeout, ssl=ssl) + + if login is not None and password is not None: + conn[dbname].authenticate(login, password) + _check_replica_set(conn) host = '{}:{}'.format(bigchaindb.config['database']['host'], bigchaindb.config['database']['port']) From ff132a9464e60197289d95ea4474123c874807f6 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Fri, 17 Mar 2017 09:28:16 +0100 Subject: [PATCH 124/283] Updated copyright year in docs footers --- docs/root/source/conf.py | 2 +- docs/server/source/conf.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/root/source/conf.py b/docs/root/source/conf.py index 50dec3ea..0d799fed 100644 --- a/docs/root/source/conf.py +++ b/docs/root/source/conf.py @@ -58,7 +58,7 @@ master_doc = 'index' # General information about the project. project = 'BigchainDB' -copyright = '2016, BigchainDB Contributors' +copyright = '2017, BigchainDB Contributors' author = 'BigchainDB Contributors' # The version info for the project you're documenting, acts as replacement for diff --git a/docs/server/source/conf.py b/docs/server/source/conf.py index 5550e994..756a8d13 100644 --- a/docs/server/source/conf.py +++ b/docs/server/source/conf.py @@ -82,7 +82,7 @@ master_doc = 'index' # General information about the project. project = 'BigchainDB Server' -copyright = '2016' +copyright = '2017, BigchainDB Contributors' author = 'BigchainDB Contributors' # The version info for the project you're documenting, acts as replacement for From 94877cb9c19f2a9c894b0c234f5c4cd3eaa05788 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Thu, 16 Mar 2017 17:01:01 +0100 Subject: [PATCH 125/283] Update change log --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 538d2ccc..9af7ccc3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,13 @@ For reference, the possible headings are: * **External Contributors** to list contributors outside of BigchainDB GmbH. * **Notes** +## [0.9.4] - 2017-03-16 +Tag name: v0.9.4 + +### Fixed +Fixed #1271 (false double spend error). Thanks to @jmduque for reporting the +problem along with a very detailed diagnosis and useful recommendations. + ## [0.9.3] - 2017-03-06 Tag name: v0.9.3 From 8526246f7802141fc323540250672b9b248b88f6 Mon Sep 17 00:00:00 2001 From: Thomas Conte Date: Fri, 17 Mar 2017 10:01:58 +0100 Subject: [PATCH 126/283] Fix unit test --- tests/backend/mongodb/test_connection.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/backend/mongodb/test_connection.py b/tests/backend/mongodb/test_connection.py index 6350a7c5..a02b1735 100644 --- a/tests/backend/mongodb/test_connection.py +++ b/tests/backend/mongodb/test_connection.py @@ -168,7 +168,7 @@ def test_initialize_replica_set(mock_cmd_line_opts): ] # check that it returns - assert initialize_replica_set('host', 1337, 1000) is None + assert initialize_replica_set('host', 1337, 1000, False, None, None) is None # test it raises OperationError if anything wrong with mock.patch.object(Database, 'command') as mock_command: @@ -178,4 +178,4 @@ def test_initialize_replica_set(mock_cmd_line_opts): ] with pytest.raises(pymongo.errors.OperationFailure): - initialize_replica_set('host', 1337, 1000) + initialize_replica_set('host', 1337, 1000, False, None, None) From 3b1e6adb43b72d0b3ae1a13ffdaefcc6484f95cd Mon Sep 17 00:00:00 2001 From: Thomas Conte Date: Fri, 17 Mar 2017 10:05:11 +0100 Subject: [PATCH 127/283] Formatting --- bigchaindb/backend/mongodb/connection.py | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/bigchaindb/backend/mongodb/connection.py b/bigchaindb/backend/mongodb/connection.py index 9168190a..8b30b2db 100644 --- a/bigchaindb/backend/mongodb/connection.py +++ b/bigchaindb/backend/mongodb/connection.py @@ -75,16 +75,17 @@ class MongoDBConnection(Connection): # we should only return a connection if the replica set is # initialized. initialize_replica_set will check if the # replica set is initialized else it will initialize it. - initialize_replica_set(self.host, self.port, self.connection_timeout, self.dbname, self.ssl, self.login, self.password) + initialize_replica_set(self.host, self.port, self.connection_timeout, + self.dbname, self.ssl, self.login, self.password) # FYI: this might raise a `ServerSelectionTimeoutError`, # that is a subclass of `ConnectionFailure`. - client = pymongo.MongoClient(self.host, - self.port, - replicaset=self.replicaset, - serverselectiontimeoutms=self.connection_timeout, - ssl=self.ssl) - + client = pymongo.MongoClient(self.host, + self.port, + replicaset=self.replicaset, + serverselectiontimeoutms=self.connection_timeout, + ssl=self.ssl) + if self.login is not None and self.password is not None: client[self.dbname].authenticate(self.login, self.password) From 3b99daa0802d2999ccd845634987394cd9dac92e Mon Sep 17 00:00:00 2001 From: Andrej Svenke Date: Fri, 17 Mar 2017 12:18:20 +0100 Subject: [PATCH 128/283] Docker image optimization. (#1277) --- Dockerfile | 39 +++++++++++++++++++-------------------- 1 file changed, 19 insertions(+), 20 deletions(-) diff --git a/Dockerfile b/Dockerfile index bcfa8609..021f6772 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,33 +1,32 @@ FROM ubuntu:xenial -# From http://stackoverflow.com/a/38553499 - -RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y locales - -RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \ - echo 'LANG="en_US.UTF-8"'>/etc/default/locale && \ - dpkg-reconfigure --frontend=noninteractive locales && \ - update-locale LANG=en_US.UTF-8 - ENV LANG en_US.UTF-8 - -# The `apt-get update` command executed with the install instructions should -# not use a locally cached storage layer. Force update the cache again. -# https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/#run -RUN apt-get update && apt-get -y install python3 python3-pip libffi-dev \ - && pip3 install --upgrade pip \ - && pip3 install --upgrade setuptools +ENV DEBIAN_FRONTEND noninteractive RUN mkdir -p /usr/src/app - COPY . /usr/src/app/ - WORKDIR /usr/src/app -RUN pip3 install --no-cache-dir -e . +RUN locale-gen en_US.UTF-8 && \ + apt-get -q update && \ + apt-get install -qy --no-install-recommends \ + python3 \ + python3-pip \ + libffi-dev \ + python3-dev \ + build-essential && \ + \ + pip3 install --upgrade --no-cache-dir pip setuptools && \ + \ + pip3 install --no-cache-dir -e . && \ + \ + apt-get remove -qy --purge gcc cpp binutils perl && \ + apt-get -qy autoremove && \ + apt-get -q clean all && \ + rm -rf /usr/share/perl /usr/share/perl5 /usr/share/man /usr/share/info /usr/share/doc && \ + rm -rf /var/lib/apt/lists/* VOLUME ["/data"] - WORKDIR /data ENV BIGCHAINDB_CONFIG_PATH /data/.bigchaindb From 550b9cb804db8a6add84eea768b7b9355bbe27ac Mon Sep 17 00:00:00 2001 From: Thomas Conte Date: Fri, 17 Mar 2017 10:33:26 +0100 Subject: [PATCH 129/283] Fix unit test --- tests/backend/mongodb/test_connection.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/backend/mongodb/test_connection.py b/tests/backend/mongodb/test_connection.py index a02b1735..e0b161b0 100644 --- a/tests/backend/mongodb/test_connection.py +++ b/tests/backend/mongodb/test_connection.py @@ -168,7 +168,7 @@ def test_initialize_replica_set(mock_cmd_line_opts): ] # check that it returns - assert initialize_replica_set('host', 1337, 1000, False, None, None) is None + assert initialize_replica_set('host', 1337, 1000, 'dbname', False, None, None) is None # test it raises OperationError if anything wrong with mock.patch.object(Database, 'command') as mock_command: @@ -178,4 +178,4 @@ def test_initialize_replica_set(mock_cmd_line_opts): ] with pytest.raises(pymongo.errors.OperationFailure): - initialize_replica_set('host', 1337, 1000, False, None, None) + initialize_replica_set('host', 1337, 1000, 'dbname', False, None, None) From 10365bae52a6a937b38881f3786322cb5da73332 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Fri, 17 Mar 2017 13:40:06 +0100 Subject: [PATCH 130/283] docs: removed docs re load testing w/ Docker --- .../source/appendices/run-with-docker.md | 32 ------------------- 1 file changed, 32 deletions(-) diff --git a/docs/server/source/appendices/run-with-docker.md b/docs/server/source/appendices/run-with-docker.md index 6700391e..516978dd 100644 --- a/docs/server/source/appendices/run-with-docker.md +++ b/docs/server/source/appendices/run-with-docker.md @@ -140,38 +140,6 @@ machine running the Docker engine. If you are running docker-machine (e.g. on Mac OS X) this will be the IP of the Docker machine (`docker-machine ip machine_name`). -### Load Testing with Docker - -Now that we have BigchainDB running in the Docker container named `bigchaindb`, we can -start another BigchainDB container to generate a load test for it. - -First, make sure the container named `bigchaindb` is still running. You can check that using: -```text -docker ps -``` - -You should see a container named `bigchaindb` in the list. - -You can load test the BigchainDB running in that container by running the `bigchaindb load` command in a second container: - -```text -docker run \ - --env BIGCHAINDB_DATABASE_HOST=bigchaindb \ - --link bigchaindb \ - --rm \ - --volume "$HOME/bigchaindb_docker:/data" \ - bigchaindb/bigchaindb \ - load -``` - -Note the `--link` option to link to the first container (named `bigchaindb`). - -Aside: The `bigchaindb load` command has several options (e.g. `-m`). You can read more about it in [the documentation about the BigchainDB command line interface](../server-reference/bigchaindb-cli.html). - -If you look at the RethinkDB dashboard (in your web browser), you should see the effects of the load test. You can also see some effects in the Docker logs using: -```text -docker logs -f bigchaindb -``` ## Building Your Own Image From 43f779a18b35af04db96079fcd72caa31dc60af9 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Mon, 13 Mar 2017 17:55:11 +0100 Subject: [PATCH 131/283] Add logging infrastructure --- bigchaindb/__init__.py | 17 +- bigchaindb/commands/bigchain.py | 4 + bigchaindb/log/__init__.py | 0 bigchaindb/log/configs.py | 59 ++++ bigchaindb/log/setup.py | 169 +++++++++++ setup.py | 1 + tests/commands/conftest.py | 9 + tests/commands/rethinkdb/test_commands.py | 4 +- tests/commands/test_commands.py | 39 ++- tests/log/test_setup.py | 328 ++++++++++++++++++++++ tests/test_config_utils.py | 3 +- tests/web/test_transactions.py | 74 ++++- 12 files changed, 680 insertions(+), 27 deletions(-) create mode 100644 bigchaindb/log/__init__.py create mode 100644 bigchaindb/log/configs.py create mode 100644 bigchaindb/log/setup.py create mode 100644 tests/log/test_setup.py diff --git a/bigchaindb/__init__.py b/bigchaindb/__init__.py index 1df2551c..c0e4fd56 100644 --- a/bigchaindb/__init__.py +++ b/bigchaindb/__init__.py @@ -45,7 +45,22 @@ config = { 'private': None, }, 'keyring': [], - 'backlog_reassign_delay': 120 + 'backlog_reassign_delay': 120, + 'log': { + # TODO Document here or elsewhere. + # Example of config: + # 'file': '/var/log/bigchaindb.log', + # 'level_console': 'info', + # 'level_logfile': 'info', + # 'datefmt_console': '%Y-%m-%d %H:%M:%S', + # 'datefmt_logfile': '%Y-%m-%d %H:%M:%S', + # 'fmt_console': '%(asctime)s [%(levelname)s] (%(name)s) %(message)s', + # 'fmt_logfile': '%(asctime)s [%(levelname)s] (%(name)s) %(message)s', + # 'granular_levels': { + # 'bichaindb.backend': 'info', + # 'bichaindb.core': 'info', + # }, + }, } # We need to maintain a backup copy of the original config dict in case diff --git a/bigchaindb/commands/bigchain.py b/bigchaindb/commands/bigchain.py index 767f6ccc..62f3a7f6 100644 --- a/bigchaindb/commands/bigchain.py +++ b/bigchaindb/commands/bigchain.py @@ -25,6 +25,7 @@ from bigchaindb.commands.messages import ( RETHINKDB_STARTUP_ERROR, ) from bigchaindb.commands.utils import configure_bigchaindb, input_on_stderr +from bigchaindb.log.setup import setup_logging logging.basicConfig(level=logging.INFO) @@ -173,6 +174,9 @@ def run_start(args): """Start the processes to run the node""" logger.info('BigchainDB Version %s', bigchaindb.__version__) + # TODO setup logging -- pass logging config, extracted out from main config + setup_logging() + if args.allow_temp_keypair: if not (bigchaindb.config['keypair']['private'] or bigchaindb.config['keypair']['public']): diff --git a/bigchaindb/log/__init__.py b/bigchaindb/log/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/bigchaindb/log/configs.py b/bigchaindb/log/configs.py new file mode 100644 index 00000000..7a8acc7c --- /dev/null +++ b/bigchaindb/log/configs.py @@ -0,0 +1,59 @@ +import logging +from os.path import expanduser, join + + +DEFAULT_LOG_DIR = expanduser('~') + +PUBLISHER_LOGGING_CONFIG = { + 'version': 1, + 'disable_existing_loggers': False, + 'root': { + 'level': logging.DEBUG, + }, +} + +SUBSCRIBER_LOGGING_CONFIG = { + 'version': 1, + 'disable_existing_loggers': False, + 'formatters': { + 'console': { + 'class': 'logging.Formatter', + 'format': ( + '%(name)-15s %(levelname)-8s %(processName)-10s %(message)s' + ), + 'datefmt': '%Y-%m-%d %H:%M:%S', + }, + 'file': { + 'class': 'logging.Formatter', + 'format': ('[%(asctime)s] [%(levelname)s] (%(name)s) ' + '%(message)s (%(processName)-10s - pid: %(process)d)'), + 'datefmt': '%Y-%m-%d %H:%M:%S', + }, + }, + 'handlers': { + 'console': { + 'class': 'logging.StreamHandler', + 'formatter': 'console', + 'level': logging.INFO, + }, + 'file': { + 'class': 'logging.FileHandler', + 'filename': join(DEFAULT_LOG_DIR, 'bigchaindb.log'), + 'mode': 'w', + 'formatter': 'file', + 'level': logging.INFO, + }, + 'errors': { + 'class': 'logging.FileHandler', + 'filename': join(DEFAULT_LOG_DIR, 'bigchaindb-errors.log'), + 'mode': 'w', + 'level': logging.ERROR, + 'formatter': 'file', + }, + }, + 'loggers': {}, + 'root': { + 'level': logging.DEBUG, + 'handlers': ['console', 'file', 'errors'] + }, +} diff --git a/bigchaindb/log/setup.py b/bigchaindb/log/setup.py new file mode 100644 index 00000000..fdf8e49b --- /dev/null +++ b/bigchaindb/log/setup.py @@ -0,0 +1,169 @@ +"""Setup logging.""" +from copy import deepcopy +import logging +from logging.config import dictConfig +import logging.handlers +import pickle +from socketserver import StreamRequestHandler, ThreadingTCPServer +import struct +import sys +from multiprocessing import Process + +from .configs import PUBLISHER_LOGGING_CONFIG, SUBSCRIBER_LOGGING_CONFIG +from bigchaindb.common.exceptions import ConfigurationError + + +def _normalize_log_level(level): + try: + return level.upper() + except AttributeError as exc: + raise ConfigurationError('Log level must be a string!') from exc + + +def setup_pub_logger(): + dictConfig(PUBLISHER_LOGGING_CONFIG) + socket_handler = logging.handlers.SocketHandler( + 'localhost', logging.handlers.DEFAULT_TCP_LOGGING_PORT) + socket_handler.setLevel(logging.DEBUG) + logger = logging.getLogger() + logger.addHandler(socket_handler) + + +def setup_sub_logger(*, user_log_config=None): + server = LogRecordSocketServer() + with server: + server_proc = Process( + target=server.serve_forever, + kwargs={'log_config': user_log_config}, + ) + server_proc.start() + + +def setup_logging(*, user_log_config=None): + setup_pub_logger() + setup_sub_logger(user_log_config=user_log_config) + + +def create_subscriber_logging_config(*, user_log_config=None): + sub_log_config = deepcopy(SUBSCRIBER_LOGGING_CONFIG) + + if not user_log_config: + return sub_log_config + + if 'file' in user_log_config: + filename = user_log_config['file'] + sub_log_config['handlers']['file']['filename'] = filename + + if 'level_console' in user_log_config: + level = _normalize_log_level(user_log_config['level_console']) + sub_log_config['handlers']['console']['level'] = level + + if 'level_logfile' in user_log_config: + level = _normalize_log_level(user_log_config['level_logfile']) + sub_log_config['handlers']['file']['level'] = level + + if 'fmt_console' in user_log_config: + fmt = user_log_config['fmt_console'] + sub_log_config['formatters']['console']['format'] = fmt + + if 'fmt_logfile' in user_log_config: + fmt = user_log_config['fmt_logfile'] + sub_log_config['formatters']['file']['format'] = fmt + + if 'datefmt_console' in user_log_config: + fmt = user_log_config['datefmt_console'] + sub_log_config['formatters']['console']['datefmt'] = fmt + + if 'datefmt_logfile' in user_log_config: + fmt = user_log_config['datefmt_logfile'] + sub_log_config['formatters']['file']['datefmt'] = fmt + + log_levels = user_log_config.get('granular_levels', {}) + + for logger_name, level in log_levels.items(): + level = _normalize_log_level(level) + try: + sub_log_config['loggers'][logger_name]['level'] = level + except KeyError: + sub_log_config['loggers'][logger_name] = {'level': level} + + return sub_log_config + + +class LogRecordStreamHandler(StreamRequestHandler): + """Handler for a streaming logging request. + + This basically logs the record using whatever logging policy is + configured locally. + """ + + def handle(self): + """ + Handle multiple requests - each expected to be a 4-byte length, + followed by the LogRecord in pickle format. Logs the record + according to whatever policy is configured locally. + """ + while True: + chunk = self.connection.recv(4) + if len(chunk) < 4: + break + slen = struct.unpack('>L', chunk)[0] + chunk = self.connection.recv(slen) + while len(chunk) < slen: + chunk = chunk + self.connection.recv(slen - len(chunk)) + obj = self.unpickle(chunk) + record = logging.makeLogRecord(obj) + self.handle_log_record(record) + + def unpickle(self, data): + try: + return pickle.loads(data) + except (pickle.UnpicklingError, + AttributeError, EOFError, TypeError) as exc: + return { + 'msg': '({}) Log handling error: un-pickling failed!'.format( + exc.__class__.__name__), + 'exc_info': exc.args, + 'level': logging.ERROR, + 'func': self.unpickle.__name__, + } + + def handle_log_record(self, record): + logger = logging.getLogger(record.name) + logger.handle(record) + + +class LogRecordSocketServer(ThreadingTCPServer): + """ + Simple TCP socket-based logging server. + + """ + allow_reuse_address = True + + def __init__(self, + host='localhost', + port=logging.handlers.DEFAULT_TCP_LOGGING_PORT, + handler=LogRecordStreamHandler): + super().__init__((host, port), handler) + + def serve_forever(self, *, poll_interval=0.5, log_config=None): + sub_logging_config = create_subscriber_logging_config( + user_log_config=log_config) + dictConfig(sub_logging_config) + try: + super().serve_forever(poll_interval=poll_interval) + except KeyboardInterrupt: + pass + + +# NOTE: Because the context manager is only available +# from 3.6 and up, we add it for lower versions. +if sys.version_info < (3, 6): + def __enter__(self): + return self + + def __exit__(self, *args): + self.server_close() + + LogRecordSocketServer.__enter__ = __enter__ + LogRecordSocketServer.__exit__ = __exit__ diff --git a/setup.py b/setup.py index dadd7385..7a38bb1f 100644 --- a/setup.py +++ b/setup.py @@ -31,6 +31,7 @@ dev_require = [ 'ipdb', 'ipython', 'watchdog', + 'logging_tree', ] docs_require = [ diff --git a/tests/commands/conftest.py b/tests/commands/conftest.py index fde478b5..96a2c608 100644 --- a/tests/commands/conftest.py +++ b/tests/commands/conftest.py @@ -50,3 +50,12 @@ def run_start_args(request): start_rethinkdb=param.get('start_rethinkdb', False), allow_temp_keypair=param.get('allow_temp_keypair', False), ) + + +@pytest.fixture +def mocked_setup_logging(mocker): + return mocker.patch( + 'bigchaindb.commands.bigchain.setup_logging', + autospec=True, + spec_set=True, + ) diff --git a/tests/commands/rethinkdb/test_commands.py b/tests/commands/rethinkdb/test_commands.py index f0ae1090..bf6e0931 100644 --- a/tests/commands/rethinkdb/test_commands.py +++ b/tests/commands/rethinkdb/test_commands.py @@ -9,12 +9,14 @@ from argparse import Namespace def test_bigchain_run_start_with_rethinkdb(mock_start_rethinkdb, mock_run_configure, mock_processes_start, - mock_db_init_with_existing_db): + mock_db_init_with_existing_db, + mocked_setup_logging): from bigchaindb.commands.bigchain import run_start args = Namespace(start_rethinkdb=True, allow_temp_keypair=False, config=None, yes=True) run_start(args) mock_start_rethinkdb.assert_called_with() + mocked_setup_logging.assert_called_once_with() @patch('subprocess.Popen') diff --git a/tests/commands/test_commands.py b/tests/commands/test_commands.py index 198c39d1..8bf00959 100644 --- a/tests/commands/test_commands.py +++ b/tests/commands/test_commands.py @@ -33,15 +33,20 @@ def test_main_entrypoint(mock_start): assert mock_start.called -def test_bigchain_run_start(mock_run_configure, mock_processes_start, mock_db_init_with_existing_db): +def test_bigchain_run_start(mock_run_configure, + mock_processes_start, + mock_db_init_with_existing_db, + mocked_setup_logging): from bigchaindb.commands.bigchain import run_start args = Namespace(start_rethinkdb=False, allow_temp_keypair=False, config=None, yes=True) run_start(args) + mocked_setup_logging.assert_called_once_with() @pytest.mark.skipif(reason="BigchainDB doesn't support the automatic creation of a config file anymore") -def test_bigchain_run_start_assume_yes_create_default_config(monkeypatch, mock_processes_start, - mock_generate_key_pair, mock_db_init_with_existing_db): +def test_bigchain_run_start_assume_yes_create_default_config( + monkeypatch, mock_processes_start, mock_generate_key_pair, + mock_db_init_with_existing_db, mocked_setup_logging): import bigchaindb from bigchaindb.commands.bigchain import run_start from bigchaindb import config_utils @@ -61,6 +66,7 @@ def test_bigchain_run_start_assume_yes_create_default_config(monkeypatch, mock_p args = Namespace(config=None, yes=True) run_start(args) + mocked_setup_logging.assert_called_once_with() assert value['return'] == expected_config @@ -228,9 +234,9 @@ def test_run_configure_with_backend(backend, monkeypatch, mock_write_config): @patch('bigchaindb.common.crypto.generate_key_pair', return_value=('private_key', 'public_key')) @pytest.mark.usefixtures('ignore_local_config_file') -def test_allow_temp_keypair_generates_one_on_the_fly(mock_gen_keypair, - mock_processes_start, - mock_db_init_with_existing_db): +def test_allow_temp_keypair_generates_one_on_the_fly( + mock_gen_keypair, mock_processes_start, + mock_db_init_with_existing_db, mocked_setup_logging): import bigchaindb from bigchaindb.commands.bigchain import run_start @@ -239,6 +245,7 @@ def test_allow_temp_keypair_generates_one_on_the_fly(mock_gen_keypair, args = Namespace(allow_temp_keypair=True, start_rethinkdb=False, config=None, yes=True) run_start(args) + mocked_setup_logging.assert_called_once_with() assert bigchaindb.config['keypair']['private'] == 'private_key' assert bigchaindb.config['keypair']['public'] == 'public_key' @@ -248,7 +255,8 @@ def test_allow_temp_keypair_generates_one_on_the_fly(mock_gen_keypair, @pytest.mark.usefixtures('ignore_local_config_file') def test_allow_temp_keypair_doesnt_override_if_keypair_found(mock_gen_keypair, mock_processes_start, - mock_db_init_with_existing_db): + mock_db_init_with_existing_db, + mocked_setup_logging): import bigchaindb from bigchaindb.commands.bigchain import run_start @@ -262,11 +270,15 @@ def test_allow_temp_keypair_doesnt_override_if_keypair_found(mock_gen_keypair, args = Namespace(allow_temp_keypair=True, start_rethinkdb=False, config=None, yes=True) run_start(args) + mocked_setup_logging.assert_called_once_with() assert bigchaindb.config['keypair']['private'] == original_private_key assert bigchaindb.config['keypair']['public'] == original_public_key -def test_run_start_when_db_already_exists(mocker, monkeypatch, run_start_args): +def test_run_start_when_db_already_exists(mocker, + monkeypatch, + run_start_args, + mocked_setup_logging): from bigchaindb.commands.bigchain import run_start from bigchaindb.common.exceptions import DatabaseAlreadyExists mocked_start = mocker.patch('bigchaindb.processes.start') @@ -277,10 +289,14 @@ def test_run_start_when_db_already_exists(mocker, monkeypatch, run_start_args): monkeypatch.setattr( 'bigchaindb.commands.bigchain._run_init', mock_run_init) run_start(run_start_args) + mocked_setup_logging.assert_called_once_with() assert mocked_start.called -def test_run_start_when_keypair_not_found(mocker, monkeypatch, run_start_args): +def test_run_start_when_keypair_not_found(mocker, + monkeypatch, + run_start_args, + mocked_setup_logging): from bigchaindb.commands.bigchain import run_start from bigchaindb.commands.messages import CANNOT_START_KEYPAIR_NOT_FOUND from bigchaindb.common.exceptions import KeypairNotFoundException @@ -295,6 +311,7 @@ def test_run_start_when_keypair_not_found(mocker, monkeypatch, run_start_args): with pytest.raises(SystemExit) as exc: run_start(run_start_args) + mocked_setup_logging.assert_called_once_with() assert len(exc.value.args) == 1 assert exc.value.args[0] == CANNOT_START_KEYPAIR_NOT_FOUND assert not mocked_start.called @@ -302,7 +319,8 @@ def test_run_start_when_keypair_not_found(mocker, monkeypatch, run_start_args): def test_run_start_when_start_rethinkdb_fails(mocker, monkeypatch, - run_start_args): + run_start_args, + mocked_setup_logging): from bigchaindb.commands.bigchain import run_start from bigchaindb.commands.messages import RETHINKDB_STARTUP_ERROR from bigchaindb.common.exceptions import StartupError @@ -319,6 +337,7 @@ def test_run_start_when_start_rethinkdb_fails(mocker, with pytest.raises(SystemExit) as exc: run_start(run_start_args) + mocked_setup_logging.assert_called_once_with() assert len(exc.value.args) == 1 assert exc.value.args[0] == RETHINKDB_STARTUP_ERROR.format(err_msg) assert not mocked_start.called diff --git a/tests/log/test_setup.py b/tests/log/test_setup.py new file mode 100644 index 00000000..e0434eb9 --- /dev/null +++ b/tests/log/test_setup.py @@ -0,0 +1,328 @@ +import logging +import pickle +from logging import getLogger +from logging.config import dictConfig +from logging.handlers import SocketHandler + +from pytest import fixture, mark, raises + + +@fixture +def reset_logging_config(): + original_root_logger_level = getLogger().level + dictConfig({'version': 1, 'root': {'level': 'NOTSET'}}) + yield + getLogger().setLevel(original_root_logger_level) + + +@fixture +def mocked_process(mocker): + return mocker.patch( + 'bigchaindb.log.setup.Process', autospec=True, spec_set=True) + + +@fixture +def mocked_socket_server(mocker): + return mocker.patch( + 'bigchaindb.log.setup.LogRecordSocketServer', + autospec=True, + spec_set=True, + ) + + +@fixture +def mocked_setup_pub_logger(mocker): + return mocker.patch( + 'bigchaindb.log.setup.setup_pub_logger', autospec=True, spec_set=True) + + +@fixture +def mocked_setup_sub_logger(mocker): + return mocker.patch( + 'bigchaindb.log.setup.setup_sub_logger', autospec=True, spec_set=True) + + +@fixture +def log_record_dict(): + return { + 'args': None, + 'created': 1489584900.595193, + 'exc_info': None, + 'exc_text': None, + 'filename': 'config_utils.py', + 'funcName': 'autoconfigure', + 'levelname': 'DEBUG', + 'levelno': 10, + 'lineno': 228, + 'module': 'config_utils', + 'msecs': 595.1929092407227, + 'msg': 'System already configured, skipping autoconfiguration', + 'name': 'bigchaindb.config_utils', + 'pathname': '/usr/src/app/bigchaindb/config_utils.py', + 'process': 1981, + 'processName': 'MainProcess', + 'relativeCreated': 398.4854221343994, + 'stack_info': None, + 'thread': 140352503879424, + 'threadName': 'MainThread', + } + + +@fixture +def log_record(log_record_dict): + return logging.makeLogRecord(log_record_dict) + + +@fixture +def log_record_bytes(log_record_dict): + return pickle.dumps(log_record_dict) + + +@mark.usefixtures('reset_logging_config') +def test_setup_logging(mocked_setup_pub_logger, mocked_setup_sub_logger): + from bigchaindb.log.setup import setup_logging + setup_logging() + mocked_setup_pub_logger.assert_called_once_with() + mocked_setup_sub_logger.assert_called_once_with(user_log_config=None) + + +@mark.usefixtures('reset_logging_config') +def test_setup_pub_logger(): + from bigchaindb.log.setup import setup_pub_logger + from bigchaindb.log.configs import PUBLISHER_LOGGING_CONFIG + root_logger = getLogger() + assert root_logger.level == logging.NOTSET + setup_pub_logger() + assert root_logger.level == PUBLISHER_LOGGING_CONFIG['root']['level'] + assert root_logger.hasHandlers() + assert isinstance(root_logger.handlers[0], SocketHandler) + + +@mark.usefixtures('reset_logging_config') +def test_setup_sub_logger_without_config(mocked_socket_server, mocked_process): + from bigchaindb.log.setup import setup_sub_logger + setup_sub_logger() + root_logger = getLogger() + assert root_logger.level == logging.NOTSET + mocked_socket_server.assert_called_once_with() + mocked_process.assert_called_once_with( + target=mocked_socket_server.return_value.serve_forever, + kwargs={'log_config': None}, + ) + mocked_process.return_value.start.assert_called_once_with() + + +@mark.usefixtures('reset_logging_config') +def test_setup_sub_logger_with_config(mocked_socket_server, mocked_process): + from bigchaindb.log.setup import setup_sub_logger + user_log_config = { + 'file': '/var/log/bdb.log', + 'level_console': 'warning', + 'level_logfile': 'info', + 'fmt_console': '[%(levelname)s] (%(name)s) %(message)s', + 'fmt_logfile': '[%(asctime)s] [%(levelname)s] (%(name)s) %(message)s', + 'granular_levels': { + 'bigchaindb.core': 'debug', + }, + } + root_logger = getLogger() + setup_sub_logger(user_log_config=user_log_config) + assert root_logger.level == logging.NOTSET + mocked_socket_server.assert_called_once_with() + mocked_process.assert_called_once_with( + target=mocked_socket_server.return_value.serve_forever, + kwargs={'log_config': user_log_config}, + ) + mocked_process.return_value.start.assert_called_once_with() + + +def test_create_subscriber_logging_config_without_user_given_config(): + from bigchaindb.log.setup import create_subscriber_logging_config + from bigchaindb.log.configs import SUBSCRIBER_LOGGING_CONFIG + config = create_subscriber_logging_config() + assert config == SUBSCRIBER_LOGGING_CONFIG + + +def test_create_subscriber_logging_config_with_user_given_config(): + from bigchaindb.log.setup import create_subscriber_logging_config + from bigchaindb.log.configs import ( + SUBSCRIBER_LOGGING_CONFIG as expected_log_config) + user_log_config = { + 'file': '/var/log/bigchaindb/bdb.log', + 'level_console': 'warning', + 'level_logfile': 'info', + 'fmt_console': '[%(levelname)s] (%(name)s) %(message)s', + 'fmt_logfile': '[%(asctime)s] [%(levelname)s] (%(name)s) %(message)s', + 'datefmt_console': '%H:%M:%S', + 'datefmt_logfile': '%a, %d %b %Y %H:%M:%S +0000', + 'granular_levels': { + 'bigchaindb.core': 'debug', + }, + } + config = create_subscriber_logging_config(user_log_config=user_log_config) + assert config['root']['level'] == expected_log_config['root']['level'] + assert all(config['loggers'][logger]['level'] == level.upper() + for logger, level in user_log_config['granular_levels'].items()) + assert len(config) == len(expected_log_config) + assert config['version'] == expected_log_config['version'] + assert (config['disable_existing_loggers'] == + expected_log_config['disable_existing_loggers']) + assert (config['formatters']['console']['format'] == + user_log_config['fmt_console']) + assert (config['formatters']['file']['format'] == + user_log_config['fmt_logfile']) + assert (config['formatters']['console']['datefmt'] == + user_log_config['datefmt_console']) + assert (config['formatters']['file']['datefmt'] == + user_log_config['datefmt_logfile']) + assert (config['handlers']['console']['level'] == + user_log_config['level_console'].upper()) + assert (config['handlers']['file']['level'] == + user_log_config['level_logfile'].upper()) + assert config['handlers']['file']['filename'] == user_log_config['file'] + del config['handlers']['console']['level'] + del config['handlers']['file']['level'] + del config['handlers']['file']['filename'] + del config['formatters']['console']['format'] + del config['formatters']['console']['datefmt'] + del config['formatters']['file']['format'] + del config['formatters']['file']['datefmt'] + del expected_log_config['handlers']['console']['level'] + del expected_log_config['handlers']['file']['level'] + del expected_log_config['handlers']['file']['filename'] + del expected_log_config['formatters']['console']['format'] + del expected_log_config['formatters']['console']['datefmt'] + del expected_log_config['formatters']['file']['format'] + del expected_log_config['formatters']['file']['datefmt'] + assert (config['handlers']['console'] == + expected_log_config['handlers']['console']) + assert (config['handlers']['file'] == + expected_log_config['handlers']['file']) + assert (config['formatters']['console'] == + expected_log_config['formatters']['console']) + assert (config['formatters']['file'] == + expected_log_config['formatters']['file']) + + +def test_normalize_log_level(): + from bigchaindb.common.exceptions import ConfigurationError + from bigchaindb.log.setup import _normalize_log_level + with raises(ConfigurationError) as exc: + _normalize_log_level(2) + assert exc.value.args == ('Log level must be a string!',) + assert isinstance(exc.value.__cause__, AttributeError) + assert exc.value.__cause__.args == ( + "'int' object has no attribute 'upper'",) + + +class TestLogRecordSocketServer: + + def test_init(self): + from bigchaindb.log.setup import (LogRecordSocketServer, + LogRecordStreamHandler) + server = LogRecordSocketServer() + assert server.allow_reuse_address + assert server.server_address == ( + '127.0.0.1', logging.handlers.DEFAULT_TCP_LOGGING_PORT) + assert server.RequestHandlerClass == LogRecordStreamHandler + + @mark.parametrize('side_effect', (None, KeyboardInterrupt)) + def test_server_forever(self, mocker, side_effect): + from bigchaindb.log.setup import LogRecordSocketServer + nocked_create_subscriber_logging_config = mocker.patch( + 'bigchaindb.log.setup.create_subscriber_logging_config', + autospec=True, + spec_set=True, + ) + mocked_dict_config = mocker.patch('bigchaindb.log.setup.dictConfig', + autospec=True, spec_set=True) + mocked_parent_serve_forever = mocker.patch( + 'bigchaindb.log.setup.ThreadingTCPServer.serve_forever', + autospec=True, + spec_set=True, + side_effect=side_effect, + ) + server = LogRecordSocketServer() + with server: + server.serve_forever() + nocked_create_subscriber_logging_config.assert_called_once_with( + user_log_config=None) + mocked_dict_config.assert_called_once_with( + nocked_create_subscriber_logging_config.return_value) + mocked_parent_serve_forever.assert_called_once_with(server, + poll_interval=0.5) + + +class TestLogRecordStreamHandler: + + def test_handle(self, mocker, log_record_dict, log_record_bytes): + from bigchaindb.log.setup import LogRecordStreamHandler + + chunks = [log_record_bytes, b'\x00\x00\x02T'] + mocked_handle_log_record = mocker.patch( + 'bigchaindb.log.setup.LogRecordStreamHandler.handle_log_record', + autospec=True, + spec_set=True, + ) + + def mocked_recv(bufsize): + try: + return chunks.pop() + except IndexError: + return b' ' + + request = mocker.patch('socket.socket', autospec=True, spec_set=True) + request.return_value.recv = mocked_recv + client_address = ('127.0.0.1', 9020) + LogRecordStreamHandler( + request.return_value, client_address, None) + assert mocked_handle_log_record.called + assert (mocked_handle_log_record.call_args[0][1].__dict__ == + log_record_dict) + + def test_handle_log_record(self, mocker, log_record): + from bigchaindb.log.setup import LogRecordStreamHandler + mocker.patch('bigchaindb.log.setup.LogRecordStreamHandler.handle') + mocked_logger_handle = mocker.patch( + 'bigchaindb.log.setup.logging.Logger.handle', + autospec=True, spec_set=True) + request = mocker.patch('socket.socket', autospec=True, spec_set=True) + client_address = ('127.0.0.1', 9020) + handler = LogRecordStreamHandler( + request.return_value, client_address, None) + handler.handle_log_record(log_record) + assert log_record in mocked_logger_handle.call_args[0] + + def test_unpickle(self, mocker, log_record_bytes, log_record_dict): + from bigchaindb.log.setup import LogRecordStreamHandler + mocker.patch('bigchaindb.log.setup.LogRecordStreamHandler.handle') + request = mocker.patch('socket.socket', autospec=True, spec_set=True) + client_address = ('127.0.0.1', 9020) + handler = LogRecordStreamHandler( + request.return_value, client_address, None) + obj = handler.unpickle(log_record_bytes) + assert obj == log_record_dict + + @mark.parametrize('error', ( + pickle.UnpicklingError, AttributeError, EOFError, TypeError)) + def test_unpickle_error(self, mocker, error): + from bigchaindb.log.setup import LogRecordStreamHandler + mocker.patch('bigchaindb.log.setup.LogRecordStreamHandler.handle') + mocker.patch( + 'bigchaindb.log.setup.pickle.loads', + autospec=True, + spec_set=True, + side_effect=error('msg'), + ) + request = mocker.patch('socket.socket', autospec=True, spec_set=True) + client_address = ('127.0.0.1', 9020) + handler = LogRecordStreamHandler( + request.return_value, client_address, None) + obj = handler.unpickle(None) + assert obj == { + 'msg': '({}) Log handling error: un-pickling failed!'.format( + error.__name__), + 'exc_info': ('msg',), + 'level': logging.ERROR, + 'func': handler.unpickle.__name__, + } diff --git a/tests/test_config_utils.py b/tests/test_config_utils.py index 0fa5135b..4234e242 100644 --- a/tests/test_config_utils.py +++ b/tests/test_config_utils.py @@ -202,7 +202,8 @@ def test_autoconfigure_read_both_from_file_and_env(monkeypatch, request): 'private': None, }, 'keyring': KEYRING.split(':'), - 'backlog_reassign_delay': 5 + 'backlog_reassign_delay': 5, + 'log': {}, } diff --git a/tests/web/test_transactions.py b/tests/web/test_transactions.py index 5533dbd0..4c6e76c1 100644 --- a/tests/web/test_transactions.py +++ b/tests/web/test_transactions.py @@ -44,7 +44,8 @@ def test_post_create_transaction_endpoint(b, client): assert res.json['outputs'][0]['public_keys'][0] == user_pub -def test_post_create_transaction_with_invalid_id(b, client, caplog): +@patch('bigchaindb.web.views.base.logger') +def test_post_create_transaction_with_invalid_id(mock_logger, b, client): from bigchaindb.common.exceptions import InvalidHash from bigchaindb.models import Transaction user_priv, user_pub = crypto.generate_key_pair() @@ -56,16 +57,29 @@ def test_post_create_transaction_with_invalid_id(b, client, caplog): res = client.post(TX_ENDPOINT, data=json.dumps(tx)) expected_status_code = 400 expected_error_message = ( - 'Invalid transaction ({}): The transaction\'s id \'{}\' isn\'t equal to ' - 'the hash of its body, i.e. it\'s not valid.' + "Invalid transaction ({}): The transaction's id '{}' isn't equal to " + "the hash of its body, i.e. it's not valid." ).format(InvalidHash.__name__, tx['id']) assert res.status_code == expected_status_code assert res.json['message'] == expected_error_message - assert caplog.records[0].args['status'] == expected_status_code - assert caplog.records[0].args['message'] == expected_error_message + assert mock_logger.error.called + assert ( + 'HTTP API error: %(status)s - %(message)s' in + mock_logger.error.call_args[0] + ) + assert ( + {'message': expected_error_message, 'status': expected_status_code} in + mock_logger.error.call_args[0] + ) + # TODO put back caplog based asserts once possible + # assert caplog.records[0].args['status'] == expected_status_code + # assert caplog.records[0].args['message'] == expected_error_message -def test_post_create_transaction_with_invalid_signature(b, client, caplog): +@patch('bigchaindb.web.views.base.logger') +def test_post_create_transaction_with_invalid_signature(mock_logger, + b, + client): from bigchaindb.common.exceptions import InvalidSignature from bigchaindb.models import Transaction user_priv, user_pub = crypto.generate_key_pair() @@ -82,8 +96,18 @@ def test_post_create_transaction_with_invalid_signature(b, client, caplog): ).format(InvalidSignature.__name__) assert res.status_code == expected_status_code assert res.json['message'] == expected_error_message - assert caplog.records[0].args['status'] == expected_status_code - assert caplog.records[0].args['message'] == expected_error_message + assert mock_logger.error.called + assert ( + 'HTTP API error: %(status)s - %(message)s' in + mock_logger.error.call_args[0] + ) + assert ( + {'message': expected_error_message, 'status': expected_status_code} in + mock_logger.error.call_args[0] + ) + # TODO put back caplog based asserts once possible + # assert caplog.records[0].args['status'] == expected_status_code + # assert caplog.records[0].args['message'] == expected_error_message def test_post_create_transaction_with_invalid_structure(client): @@ -91,7 +115,8 @@ def test_post_create_transaction_with_invalid_structure(client): assert res.status_code == 400 -def test_post_create_transaction_with_invalid_schema(client, caplog): +@patch('bigchaindb.web.views.base.logger') +def test_post_create_transaction_with_invalid_schema(mock_logger, client): from bigchaindb.models import Transaction user_priv, user_pub = crypto.generate_key_pair() tx = Transaction.create( @@ -103,8 +128,18 @@ def test_post_create_transaction_with_invalid_schema(client, caplog): "Invalid transaction schema: 'version' is a required property") assert res.status_code == expected_status_code assert res.json['message'] == expected_error_message - assert caplog.records[0].args['status'] == expected_status_code - assert caplog.records[0].args['message'] == expected_error_message + assert mock_logger.error.called + assert ( + 'HTTP API error: %(status)s - %(message)s' in + mock_logger.error.call_args[0] + ) + assert ( + {'message': expected_error_message, 'status': expected_status_code} in + mock_logger.error.call_args[0] + ) + # TODO put back caplog based asserts once possible + # assert caplog.records[0].args['status'] == expected_status_code + # assert caplog.records[0].args['message'] == expected_error_message @pytest.mark.parametrize('exc,msg', ( @@ -118,7 +153,8 @@ def test_post_create_transaction_with_invalid_schema(client, caplog): ('TransactionNotInValidBlock', 'Wait, maybe?'), ('ValidationError', '?'), )) -def test_post_invalid_transaction(client, exc, msg, monkeypatch, caplog): +@patch('bigchaindb.web.views.base.logger') +def test_post_invalid_transaction(mock_logger, client, exc, msg, monkeypatch,): from bigchaindb.common import exceptions exc_cls = getattr(exceptions, exc) @@ -135,8 +171,18 @@ def test_post_invalid_transaction(client, exc, msg, monkeypatch, caplog): assert res.status_code == expected_status_code assert (res.json['message'] == 'Invalid transaction ({}): {}'.format(exc, msg)) - assert caplog.records[2].args['status'] == expected_status_code - assert caplog.records[2].args['message'] == expected_error_message + assert mock_logger.error.called + assert ( + 'HTTP API error: %(status)s - %(message)s' in + mock_logger.error.call_args[0] + ) + assert ( + {'message': expected_error_message, 'status': expected_status_code} in + mock_logger.error.call_args[0] + ) + # TODO put back caplog based asserts once possible + # assert caplog.records[2].args['status'] == expected_status_code + # assert caplog.records[2].args['message'] == expected_error_message @pytest.mark.bdb From ddbdf64e33637bcebfb0af04121fac9974f6d3b6 Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Mon, 20 Mar 2017 17:30:02 +0100 Subject: [PATCH 132/283] voting module raises CriticalDuplicateVote if there's a duplicate vote --- bigchaindb/exceptions.py | 4 ++++ bigchaindb/voting.py | 46 +++++++++++++++++----------------------- tests/test_voting.py | 37 +++++++++++++++++++++----------- 3 files changed, 48 insertions(+), 39 deletions(-) diff --git a/bigchaindb/exceptions.py b/bigchaindb/exceptions.py index 336ce231..a11fd4f8 100644 --- a/bigchaindb/exceptions.py +++ b/bigchaindb/exceptions.py @@ -8,3 +8,7 @@ class CriticalDoubleSpend(BigchainDBError): class CriticalDoubleInclusion(BigchainDBError): """Data integrity error that requires attention""" + + +class CriticalDuplicateVote(BigchainDBError): + """Data integrity error that requires attention""" diff --git a/bigchaindb/voting.py b/bigchaindb/voting.py index 0622a363..cc20944d 100644 --- a/bigchaindb/voting.py +++ b/bigchaindb/voting.py @@ -1,6 +1,7 @@ import collections from bigchaindb.common.schema import SchemaValidationError, validate_vote_schema +from bigchaindb.exceptions import CriticalDuplicateVote from bigchaindb.common.utils import serialize from bigchaindb.common.crypto import PublicKey @@ -33,7 +34,8 @@ class Voting: n_voters = len(eligible_voters) eligible_votes, ineligible_votes = \ cls.partition_eligible_votes(votes, eligible_voters) - results = cls.count_votes(eligible_votes) + by_voter = cls.dedupe_by_voter(eligible_votes) + results = cls.count_votes(by_voter) results['block_id'] = block['id'] results['status'] = cls.decide_votes(n_voters, **results['counts']) results['ineligible'] = ineligible_votes @@ -60,38 +62,29 @@ class Voting: return eligible, ineligible @classmethod - def count_votes(cls, eligible_votes): + def dedupe_by_voter(cls, eligible_votes): + """ + Throw a critical error if there is a duplicate vote + """ + by_voter = {} + for vote in eligible_votes: + pubkey = vote['node_pubkey'] + if pubkey in by_voter: + raise CriticalDuplicateVote(pubkey) + by_voter[pubkey] = vote + return by_voter + + @classmethod + def count_votes(cls, by_voter): """ Given a list of eligible votes, (votes from known nodes that are listed as voters), produce the number that say valid and the number that say - invalid. - - * Detect if there are multiple votes from a single node and return them - in a separate "cheat" dictionary. - * Votes must agree on previous block, otherwise they become invalid. - - note: - The sum of votes returned by this function does not necessarily - equal the length of the list of votes fed in. It may differ for - example if there are found to be multiple votes submitted by a - single voter. + invalid. Votes must agree on previous block, otherwise they become invalid. """ prev_blocks = collections.Counter() - cheat = [] malformed = [] - # Group by pubkey to detect duplicate voting - by_voter = collections.defaultdict(list) - for vote in eligible_votes: - by_voter[vote['node_pubkey']].append(vote) - - for pubkey, votes in by_voter.items(): - if len(votes) > 1: - cheat.append(votes) - continue - - vote = votes[0] - + for vote in by_voter.values(): if not cls.verify_vote_schema(vote): malformed.append(vote) continue @@ -111,7 +104,6 @@ class Voting: 'n_valid': n_valid, 'n_invalid': len(by_voter) - n_valid, }, - 'cheat': cheat, 'malformed': malformed, 'previous_block': prev_block, 'other_previous_block': dict(prev_blocks), diff --git a/tests/test_voting.py b/tests/test_voting.py index d1e1957d..07a60f24 100644 --- a/tests/test_voting.py +++ b/tests/test_voting.py @@ -2,6 +2,7 @@ import pytest from collections import Counter from bigchaindb.core import Bigchain +from bigchaindb.exceptions import CriticalDuplicateVote from bigchaindb.voting import Voting, INVALID, VALID, UNDECIDED @@ -37,24 +38,22 @@ def test_count_votes(): def verify_vote_schema(cls, vote): return vote['node_pubkey'] != 'malformed' - voters = (['cheat', 'cheat', 'says invalid', 'malformed'] + + voters = (['says invalid', 'malformed'] + ['kosher' + str(i) for i in range(10)]) votes = [Bigchain(v).vote('block', 'a', True) for v in voters] - votes[2]['vote']['is_block_valid'] = False + votes[0]['vote']['is_block_valid'] = False # Incorrect previous block subtracts from n_valid and adds to n_invalid votes[-1]['vote']['previous_block'] = 'z' - assert TestVoting.count_votes(votes) == { + by_voter = dict(enumerate(votes)) + + assert TestVoting.count_votes(by_voter) == { 'counts': { 'n_valid': 9, # 9 kosher votes - 'n_invalid': 4, # 1 cheat, 1 invalid, 1 malformed, 1 rogue prev block - # One of the cheat votes counts towards n_invalid, the other is - # not counted here. - # len(cheat) + n_valid + n_invalid == len(votes) + 'n_invalid': 3, # 1 invalid, 1 malformed, 1 rogue prev block }, - 'cheat': [votes[:2]], - 'malformed': [votes[3]], + 'malformed': [votes[1]], 'previous_block': 'a', 'other_previous_block': {'z': 1}, } @@ -70,7 +69,8 @@ def test_must_agree_prev_block(): votes = [Bigchain(v).vote('block', 'a', True) for v in voters] votes[0]['vote']['previous_block'] = 'b' votes[1]['vote']['previous_block'] = 'c' - assert TestVoting.count_votes(votes) == { + by_voter = dict(enumerate(votes)) + assert TestVoting.count_votes(by_voter) == { 'counts': { 'n_valid': 2, 'n_invalid': 2, @@ -78,7 +78,6 @@ def test_must_agree_prev_block(): 'previous_block': 'a', 'other_previous_block': {'b': 1, 'c': 1}, 'malformed': [], - 'cheat': [], } @@ -230,8 +229,22 @@ def test_block_election(b): 'block_id': 'xyz', 'counts': {'n_valid': 2, 'n_invalid': 0}, 'ineligible': [votes[-1]], - 'cheat': [], 'malformed': [], 'previous_block': 'a', 'other_previous_block': {}, } + + +def test_duplicate_vote_throws_critical_error(b): + class TestVoting(Voting): + @classmethod + def verify_vote_signature(cls, vote): + return True + keyring = 'abc' + block = {'id': 'xyz', 'block': {'voters': 'ab'}} + votes = [{ + 'node_pubkey': c, + 'vote': {'is_block_valid': True, 'previous_block': 'a'} + } for c in 'aabc'] + with pytest.raises(CriticalDuplicateVote): + TestVoting.block_election(block, votes, keyring) From c0498abed395412afd7069ab17790c8d54c64716 Mon Sep 17 00:00:00 2001 From: Brett Sun Date: Fri, 24 Feb 2017 13:31:07 +0100 Subject: [PATCH 133/283] Add log-level option for all CLI commands --- bigchaindb/commands/utils.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/bigchaindb/commands/utils.py b/bigchaindb/commands/utils.py index b04499d9..adf0d19c 100644 --- a/bigchaindb/commands/utils.py +++ b/bigchaindb/commands/utils.py @@ -151,6 +151,10 @@ base_parser.add_argument('-c', '--config', help='Specify the location of the configuration file ' '(use "-" for stdout)') +base_parser.add_argument('-l', '--log-level', + choices=['DEBUG', 'INFO', 'WARNING', 'ERROR', 'CRITICAL'], + help='Log level') + base_parser.add_argument('-y', '--yes', '--yes-please', action='store_true', help='Assume "yes" as answer to all prompts and run ' From d688e695e6f54e37bb5ea07266c4849d3575eb7e Mon Sep 17 00:00:00 2001 From: Brett Sun Date: Fri, 24 Feb 2017 13:31:49 +0100 Subject: [PATCH 134/283] Configure logging in `bigchaindb_configure` decorator --- bigchaindb/commands/bigchain.py | 1 - bigchaindb/commands/utils.py | 7 +++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/bigchaindb/commands/bigchain.py b/bigchaindb/commands/bigchain.py index 62f3a7f6..080a8cb2 100644 --- a/bigchaindb/commands/bigchain.py +++ b/bigchaindb/commands/bigchain.py @@ -25,7 +25,6 @@ from bigchaindb.commands.messages import ( RETHINKDB_STARTUP_ERROR, ) from bigchaindb.commands.utils import configure_bigchaindb, input_on_stderr -from bigchaindb.log.setup import setup_logging logging.basicConfig(level=logging.INFO) diff --git a/bigchaindb/commands/utils.py b/bigchaindb/commands/utils.py index adf0d19c..aaa92804 100644 --- a/bigchaindb/commands/utils.py +++ b/bigchaindb/commands/utils.py @@ -16,6 +16,7 @@ import bigchaindb import bigchaindb.config_utils from bigchaindb import backend from bigchaindb.common.exceptions import StartupError +from bigchaindb.log.setup import setup_logging from bigchaindb.version import __version__ @@ -23,6 +24,12 @@ def configure_bigchaindb(command): @functools.wraps(command) def configure(args): bigchaindb.config_utils.autoconfigure(filename=args.config, force=True) + + logging_config = bigchaindb.config['logging'] or {} + if 'log_level' in args and args.log_level: + logging_config['level'] = args.log_level + setup_logging(logging_config) + command(args) return configure From f549b008138388b5caed2964b6f82867da76fcd7 Mon Sep 17 00:00:00 2001 From: Brett Sun Date: Fri, 24 Feb 2017 14:48:22 +0100 Subject: [PATCH 135/283] Add tests for setting log-level from CLI --- bigchaindb/config_utils.py | 7 ++++-- tests/commands/test_utils.py | 47 +++++++++++++++++++++++++++++++++--- tests/conftest.py | 11 +++++++++ 3 files changed, 60 insertions(+), 5 deletions(-) diff --git a/bigchaindb/config_utils.py b/bigchaindb/config_utils.py index 87a25d3f..5a72a7d6 100644 --- a/bigchaindb/config_utils.py +++ b/bigchaindb/config_utils.py @@ -220,11 +220,14 @@ def write_config(config, filename=None): json.dump(config, f, indent=4) +def is_configured(): + return bool(bigchaindb.config.get('CONFIGURED')) + + def autoconfigure(filename=None, config=None, force=False): """Run ``file_config`` and ``env_config`` if the module has not been initialized.""" - - if not force and bigchaindb.config.get('CONFIGURED'): + if not force and is_configured(): logger.debug('System already configured, skipping autoconfiguration') return diff --git a/tests/commands/test_utils.py b/tests/commands/test_utils.py index aadd24b5..6879e0eb 100644 --- a/tests/commands/test_utils.py +++ b/tests/commands/test_utils.py @@ -1,9 +1,50 @@ import argparse import pytest +from argparse import ArgumentTypeError, Namespace from unittest.mock import patch +@pytest.fixture +def reset_bigchaindb_config(monkeypatch): + import bigchaindb + monkeypatch.setattr('bigchaindb.config', bigchaindb._config) + + +@pytest.mark.usefixtures('ignore_local_config_file', 'reset_bigchaindb_config') +def test_configure_bigchaindb_configures_bigchaindb(): + from bigchaindb.commands.utils import configure_bigchaindb + from bigchaindb.config_utils import is_configured + assert not is_configured() + + @configure_bigchaindb + def test_configure(args): + assert is_configured() + + args = Namespace(config=None) + test_configure(args) + + +@pytest.mark.usefixtures('ignore_local_config_file', + 'reset_bigchaindb_config', + 'reset_logging_config') +@pytest.mark.parametrize('log_level', ('DEBUG', 'INFO', 'WARNING', 'ERROR', 'CRITICAL')) +def test_configure_bigchaindb_configures_logging(log_level): + import logging + from logging import getLogger + from bigchaindb.commands.utils import configure_bigchaindb + root_logger = getLogger() + assert root_logger.level == 0 + + @configure_bigchaindb + def test_configure_logger(args): + root_logger = getLogger() + assert root_logger.level == getattr(logging, log_level) + + args = Namespace(config=None, log_level=log_level) + test_configure_logger(args) + + def test_start_raises_if_command_not_implemented(): from bigchaindb.commands import utils from bigchaindb.commands.bigchain import create_parser @@ -51,13 +92,13 @@ def test_mongodb_host_type(): from bigchaindb.commands.utils import mongodb_host # bad port provided - with pytest.raises(argparse.ArgumentTypeError): + with pytest.raises(ArgumentTypeError): mongodb_host('localhost:11111111111') # no port information provided - with pytest.raises(argparse.ArgumentTypeError): + with pytest.raises(ArgumentTypeError): mongodb_host('localhost') # bad host provided - with pytest.raises(argparse.ArgumentTypeError): + with pytest.raises(ArgumentTypeError): mongodb_host(':27017') diff --git a/tests/conftest.py b/tests/conftest.py index e943d0a9..210d526e 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -12,6 +12,8 @@ import random import pytest +from logging import getLogger +from logging.config import dictConfig from bigchaindb.common import crypto TEST_DB_NAME = 'bigchain_test' @@ -203,6 +205,15 @@ def ignore_local_config_file(monkeypatch): mock_file_config) +@pytest.fixture +def reset_logging_config(): + # root_logger_level = getLogger().level + root_logger_level = 'DEBUG' + dictConfig({'version': 1, 'root': {'level': 'NOTSET'}}) + yield + getLogger().setLevel(root_logger_level) + + @pytest.fixture def user_sk(): return USER_PRIVATE_KEY From 53d5232be8787ac1c01b40dbb0e47249c20e1958 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Mon, 20 Mar 2017 15:46:54 +0100 Subject: [PATCH 136/283] Remove leftover line from rebase --- bigchaindb/commands/bigchain.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/bigchaindb/commands/bigchain.py b/bigchaindb/commands/bigchain.py index 080a8cb2..767f6ccc 100644 --- a/bigchaindb/commands/bigchain.py +++ b/bigchaindb/commands/bigchain.py @@ -173,9 +173,6 @@ def run_start(args): """Start the processes to run the node""" logger.info('BigchainDB Version %s', bigchaindb.__version__) - # TODO setup logging -- pass logging config, extracted out from main config - setup_logging() - if args.allow_temp_keypair: if not (bigchaindb.config['keypair']['private'] or bigchaindb.config['keypair']['public']): From eff8e3adf3f6a5a1a8ace24c7f26112a48fdd299 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Mon, 20 Mar 2017 15:47:47 +0100 Subject: [PATCH 137/283] Update logging related code and tests after rebase --- bigchaindb/commands/utils.py | 6 +-- tests/commands/conftest.py | 2 +- tests/commands/rethinkdb/test_commands.py | 18 +++++--- tests/commands/test_commands.py | 54 ++++++++++++++++------- tests/commands/test_utils.py | 11 +++-- tests/conftest.py | 12 +++++ tests/log/test_setup.py | 13 +----- 7 files changed, 77 insertions(+), 39 deletions(-) diff --git a/bigchaindb/commands/utils.py b/bigchaindb/commands/utils.py index aaa92804..73313f05 100644 --- a/bigchaindb/commands/utils.py +++ b/bigchaindb/commands/utils.py @@ -25,10 +25,10 @@ def configure_bigchaindb(command): def configure(args): bigchaindb.config_utils.autoconfigure(filename=args.config, force=True) - logging_config = bigchaindb.config['logging'] or {} + logging_config = bigchaindb.config['log'] or {} if 'log_level' in args and args.log_level: - logging_config['level'] = args.log_level - setup_logging(logging_config) + logging_config['level_console'] = args.log_level + setup_logging(user_log_config=logging_config) command(args) diff --git a/tests/commands/conftest.py b/tests/commands/conftest.py index 96a2c608..30c577f5 100644 --- a/tests/commands/conftest.py +++ b/tests/commands/conftest.py @@ -55,7 +55,7 @@ def run_start_args(request): @pytest.fixture def mocked_setup_logging(mocker): return mocker.patch( - 'bigchaindb.commands.bigchain.setup_logging', + 'bigchaindb.commands.utils.setup_logging', autospec=True, spec_set=True, ) diff --git a/tests/commands/rethinkdb/test_commands.py b/tests/commands/rethinkdb/test_commands.py index bf6e0931..ac100075 100644 --- a/tests/commands/rethinkdb/test_commands.py +++ b/tests/commands/rethinkdb/test_commands.py @@ -16,7 +16,7 @@ def test_bigchain_run_start_with_rethinkdb(mock_start_rethinkdb, run_start(args) mock_start_rethinkdb.assert_called_with() - mocked_setup_logging.assert_called_once_with() + mocked_setup_logging.assert_called_once_with(user_log_config={}) @patch('subprocess.Popen') @@ -38,7 +38,7 @@ def test_start_rethinkdb_exits_when_cannot_start(mock_popen): @patch('rethinkdb.ast.Table.reconfigure') -def test_set_shards(mock_reconfigure, monkeypatch, b): +def test_set_shards(mock_reconfigure, monkeypatch, b, mocked_setup_logging): from bigchaindb.commands.bigchain import run_set_shards # this will mock the call to retrieve the database config @@ -50,6 +50,8 @@ def test_set_shards(mock_reconfigure, monkeypatch, b): args = Namespace(num_shards=3, config=None) run_set_shards(args) mock_reconfigure.assert_called_with(replicas=1, shards=3, dry_run=False) + mocked_setup_logging.assert_called_once_with(user_log_config={}) + mocked_setup_logging.reset_mock() # this will mock the call to retrieve the database config # we will set it to return three replica @@ -59,9 +61,10 @@ def test_set_shards(mock_reconfigure, monkeypatch, b): monkeypatch.setattr(rethinkdb.RqlQuery, 'run', mockreturn_three_replicas) run_set_shards(args) mock_reconfigure.assert_called_with(replicas=3, shards=3, dry_run=False) + mocked_setup_logging.assert_called_once_with(user_log_config={}) -def test_set_shards_raises_exception(monkeypatch, b): +def test_set_shards_raises_exception(monkeypatch, b, mocked_setup_logging): from bigchaindb.commands.bigchain import run_set_shards # test that we are correctly catching the exception @@ -78,10 +81,11 @@ def test_set_shards_raises_exception(monkeypatch, b): with pytest.raises(SystemExit) as exc: run_set_shards(args) assert exc.value.args == ('Failed to reconfigure tables.',) + mocked_setup_logging.assert_called_once_with(user_log_config={}) @patch('rethinkdb.ast.Table.reconfigure') -def test_set_replicas(mock_reconfigure, monkeypatch, b): +def test_set_replicas(mock_reconfigure, monkeypatch, b, mocked_setup_logging): from bigchaindb.commands.bigchain import run_set_replicas # this will mock the call to retrieve the database config @@ -93,6 +97,8 @@ def test_set_replicas(mock_reconfigure, monkeypatch, b): args = Namespace(num_replicas=2, config=None) run_set_replicas(args) mock_reconfigure.assert_called_with(replicas=2, shards=2, dry_run=False) + mocked_setup_logging.assert_called_once_with(user_log_config={}) + mocked_setup_logging.reset_mock() # this will mock the call to retrieve the database config # we will set it to return three shards @@ -102,9 +108,10 @@ def test_set_replicas(mock_reconfigure, monkeypatch, b): monkeypatch.setattr(rethinkdb.RqlQuery, 'run', mockreturn_three_shards) run_set_replicas(args) mock_reconfigure.assert_called_with(replicas=2, shards=3, dry_run=False) + mocked_setup_logging.assert_called_once_with(user_log_config={}) -def test_set_replicas_raises_exception(monkeypatch, b): +def test_set_replicas_raises_exception(monkeypatch, b, mocked_setup_logging): from bigchaindb.commands.bigchain import run_set_replicas # test that we are correctly catching the exception @@ -121,3 +128,4 @@ def test_set_replicas_raises_exception(monkeypatch, b): with pytest.raises(SystemExit) as exc: run_set_replicas(args) assert exc.value.args == ('Failed to reconfigure tables.',) + mocked_setup_logging.assert_called_once_with(user_log_config={}) diff --git a/tests/commands/test_commands.py b/tests/commands/test_commands.py index 8bf00959..eebd86ea 100644 --- a/tests/commands/test_commands.py +++ b/tests/commands/test_commands.py @@ -40,7 +40,7 @@ def test_bigchain_run_start(mock_run_configure, from bigchaindb.commands.bigchain import run_start args = Namespace(start_rethinkdb=False, allow_temp_keypair=False, config=None, yes=True) run_start(args) - mocked_setup_logging.assert_called_once_with() + mocked_setup_logging.assert_called_once_with(user_log_config={}) @pytest.mark.skipif(reason="BigchainDB doesn't support the automatic creation of a config file anymore") @@ -74,7 +74,7 @@ def test_bigchain_run_start_assume_yes_create_default_config( # interfere with capsys. # See related issue: https://github.com/pytest-dev/pytest/issues/128 @pytest.mark.usefixtures('ignore_local_config_file') -def test_bigchain_show_config(capsys): +def test_bigchain_show_config(capsys, mocked_setup_logging): from bigchaindb import config from bigchaindb.commands.bigchain import run_show_config @@ -85,9 +85,11 @@ def test_bigchain_show_config(capsys): del config['CONFIGURED'] config['keypair']['private'] = 'x' * 45 assert output_config == config + mocked_setup_logging.assert_called_once_with(user_log_config={}) -def test_bigchain_export_my_pubkey_when_pubkey_set(capsys, monkeypatch): +def test_bigchain_export_my_pubkey_when_pubkey_set(capsys, monkeypatch, + mocked_setup_logging): from bigchaindb import config from bigchaindb.commands.bigchain import run_export_my_pubkey @@ -104,9 +106,11 @@ def test_bigchain_export_my_pubkey_when_pubkey_set(capsys, monkeypatch): lines = out.splitlines() assert config['keypair']['public'] in lines assert 'Charlie_Bucket' in lines + mocked_setup_logging.assert_called_once_with(user_log_config={}) -def test_bigchain_export_my_pubkey_when_pubkey_not_set(monkeypatch): +def test_bigchain_export_my_pubkey_when_pubkey_not_set(monkeypatch, + mocked_setup_logging): from bigchaindb import config from bigchaindb.commands.bigchain import run_export_my_pubkey @@ -122,41 +126,49 @@ def test_bigchain_export_my_pubkey_when_pubkey_not_set(monkeypatch): # https://docs.python.org/3/library/exceptions.html#SystemExit assert exc_info.value.code == \ "This node's public key wasn't set anywhere so it can't be exported" + mocked_setup_logging.assert_called_once_with(user_log_config={}) -def test_bigchain_run_init_when_db_exists(mock_db_init_with_existing_db): +def test_bigchain_run_init_when_db_exists(mocked_setup_logging, + mock_db_init_with_existing_db): from bigchaindb.commands.bigchain import run_init args = Namespace(config=None) run_init(args) + mocked_setup_logging.assert_called_once_with(user_log_config={}) @patch('bigchaindb.backend.schema.drop_database') -def test_drop_db_when_assumed_yes(mock_db_drop): +def test_drop_db_when_assumed_yes(mock_db_drop, mocked_setup_logging): from bigchaindb.commands.bigchain import run_drop args = Namespace(config=None, yes=True) run_drop(args) assert mock_db_drop.called + mocked_setup_logging.assert_called_once_with(user_log_config={}) @patch('bigchaindb.backend.schema.drop_database') -def test_drop_db_when_interactive_yes(mock_db_drop, monkeypatch): +def test_drop_db_when_interactive_yes(mock_db_drop, monkeypatch, + mocked_setup_logging): from bigchaindb.commands.bigchain import run_drop args = Namespace(config=None, yes=False) monkeypatch.setattr('bigchaindb.commands.bigchain.input_on_stderr', lambda x: 'y') run_drop(args) assert mock_db_drop.called + mocked_setup_logging.assert_called_once_with(user_log_config={}) @patch('bigchaindb.backend.schema.drop_database') -def test_drop_db_does_not_drop_when_interactive_no(mock_db_drop, monkeypatch): +def test_drop_db_does_not_drop_when_interactive_no(mock_db_drop, monkeypatch, + mocked_setup_logging): from bigchaindb.commands.bigchain import run_drop args = Namespace(config=None, yes=False) monkeypatch.setattr('bigchaindb.commands.bigchain.input_on_stderr', lambda x: 'n') run_drop(args) assert not mock_db_drop.called + mocked_setup_logging.assert_called_once_with(user_log_config={}) def test_run_configure_when_config_exists_and_skipping(monkeypatch): @@ -245,7 +257,7 @@ def test_allow_temp_keypair_generates_one_on_the_fly( args = Namespace(allow_temp_keypair=True, start_rethinkdb=False, config=None, yes=True) run_start(args) - mocked_setup_logging.assert_called_once_with() + mocked_setup_logging.assert_called_once_with(user_log_config={}) assert bigchaindb.config['keypair']['private'] == 'private_key' assert bigchaindb.config['keypair']['public'] == 'public_key' @@ -270,7 +282,7 @@ def test_allow_temp_keypair_doesnt_override_if_keypair_found(mock_gen_keypair, args = Namespace(allow_temp_keypair=True, start_rethinkdb=False, config=None, yes=True) run_start(args) - mocked_setup_logging.assert_called_once_with() + mocked_setup_logging.assert_called_once_with(user_log_config={}) assert bigchaindb.config['keypair']['private'] == original_private_key assert bigchaindb.config['keypair']['public'] == original_public_key @@ -289,7 +301,7 @@ def test_run_start_when_db_already_exists(mocker, monkeypatch.setattr( 'bigchaindb.commands.bigchain._run_init', mock_run_init) run_start(run_start_args) - mocked_setup_logging.assert_called_once_with() + mocked_setup_logging.assert_called_once_with(user_log_config={}) assert mocked_start.called @@ -311,7 +323,7 @@ def test_run_start_when_keypair_not_found(mocker, with pytest.raises(SystemExit) as exc: run_start(run_start_args) - mocked_setup_logging.assert_called_once_with() + mocked_setup_logging.assert_called_once_with(user_log_config={}) assert len(exc.value.args) == 1 assert exc.value.args[0] == CANNOT_START_KEYPAIR_NOT_FOUND assert not mocked_start.called @@ -337,7 +349,7 @@ def test_run_start_when_start_rethinkdb_fails(mocker, with pytest.raises(SystemExit) as exc: run_start(run_start_args) - mocked_setup_logging.assert_called_once_with() + mocked_setup_logging.assert_called_once_with(user_log_config={}) assert len(exc.value.args) == 1 assert exc.value.args[0] == RETHINKDB_STARTUP_ERROR.format(err_msg) assert not mocked_start.called @@ -405,7 +417,7 @@ def test_calling_main(start_mock, base_parser_mock, parse_args_mock, @pytest.mark.usefixtures('ignore_local_config_file') @patch('bigchaindb.commands.bigchain.add_replicas') -def test_run_add_replicas(mock_add_replicas): +def test_run_add_replicas(mock_add_replicas, mocked_setup_logging): from bigchaindb.commands.bigchain import run_add_replicas from bigchaindb.backend.exceptions import OperationError @@ -415,7 +427,9 @@ def test_run_add_replicas(mock_add_replicas): mock_add_replicas.return_value = None assert run_add_replicas(args) is None assert mock_add_replicas.call_count == 1 + mocked_setup_logging.assert_called_once_with(user_log_config={}) mock_add_replicas.reset_mock() + mocked_setup_logging.reset_mock() # test add_replicas with `OperationError` mock_add_replicas.side_effect = OperationError('err') @@ -423,7 +437,9 @@ def test_run_add_replicas(mock_add_replicas): run_add_replicas(args) assert exc.value.args == ('err',) assert mock_add_replicas.call_count == 1 + mocked_setup_logging.assert_called_once_with(user_log_config={}) mock_add_replicas.reset_mock() + mocked_setup_logging.reset_mock() # test add_replicas with `NotImplementedError` mock_add_replicas.side_effect = NotImplementedError('err') @@ -431,12 +447,14 @@ def test_run_add_replicas(mock_add_replicas): run_add_replicas(args) assert exc.value.args == ('err',) assert mock_add_replicas.call_count == 1 + mocked_setup_logging.assert_called_once_with(user_log_config={}) mock_add_replicas.reset_mock() + mocked_setup_logging.reset_mock() @pytest.mark.usefixtures('ignore_local_config_file') @patch('bigchaindb.commands.bigchain.remove_replicas') -def test_run_remove_replicas(mock_remove_replicas): +def test_run_remove_replicas(mock_remove_replicas, mocked_setup_logging): from bigchaindb.commands.bigchain import run_remove_replicas from bigchaindb.backend.exceptions import OperationError @@ -446,6 +464,8 @@ def test_run_remove_replicas(mock_remove_replicas): mock_remove_replicas.return_value = None assert run_remove_replicas(args) is None assert mock_remove_replicas.call_count == 1 + mocked_setup_logging.assert_called_once_with(user_log_config={}) + mocked_setup_logging.reset_mock() mock_remove_replicas.reset_mock() # test add_replicas with `OperationError` @@ -454,6 +474,8 @@ def test_run_remove_replicas(mock_remove_replicas): run_remove_replicas(args) assert exc.value.args == ('err',) assert mock_remove_replicas.call_count == 1 + mocked_setup_logging.assert_called_once_with(user_log_config={}) + mocked_setup_logging.reset_mock() mock_remove_replicas.reset_mock() # test add_replicas with `NotImplementedError` @@ -462,4 +484,6 @@ def test_run_remove_replicas(mock_remove_replicas): run_remove_replicas(args) assert exc.value.args == ('err',) assert mock_remove_replicas.call_count == 1 + mocked_setup_logging.assert_called_once_with(user_log_config={}) + mocked_setup_logging.reset_mock() mock_remove_replicas.reset_mock() diff --git a/tests/commands/test_utils.py b/tests/commands/test_utils.py index 6879e0eb..c8519d52 100644 --- a/tests/commands/test_utils.py +++ b/tests/commands/test_utils.py @@ -12,7 +12,7 @@ def reset_bigchaindb_config(monkeypatch): @pytest.mark.usefixtures('ignore_local_config_file', 'reset_bigchaindb_config') -def test_configure_bigchaindb_configures_bigchaindb(): +def test_configure_bigchaindb_configures_bigchaindb(mocked_setup_logging): from bigchaindb.commands.utils import configure_bigchaindb from bigchaindb.config_utils import is_configured assert not is_configured() @@ -23,26 +23,31 @@ def test_configure_bigchaindb_configures_bigchaindb(): args = Namespace(config=None) test_configure(args) + mocked_setup_logging.assert_called_once_with(user_log_config={}) @pytest.mark.usefixtures('ignore_local_config_file', 'reset_bigchaindb_config', 'reset_logging_config') @pytest.mark.parametrize('log_level', ('DEBUG', 'INFO', 'WARNING', 'ERROR', 'CRITICAL')) -def test_configure_bigchaindb_configures_logging(log_level): +def test_configure_bigchaindb_configures_logging(log_level, + mocked_setup_sub_logger): import logging from logging import getLogger from bigchaindb.commands.utils import configure_bigchaindb + from bigchaindb.log.configs import PUBLISHER_LOGGING_CONFIG root_logger = getLogger() assert root_logger.level == 0 @configure_bigchaindb def test_configure_logger(args): root_logger = getLogger() - assert root_logger.level == getattr(logging, log_level) + assert root_logger.level == PUBLISHER_LOGGING_CONFIG['root']['level'] args = Namespace(config=None, log_level=log_level) test_configure_logger(args) + mocked_setup_sub_logger.assert_called_once_with( + user_log_config={'level_console': log_level}) def test_start_raises_if_command_not_implemented(): diff --git a/tests/conftest.py b/tests/conftest.py index 210d526e..26beac11 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -442,3 +442,15 @@ def db_name(db_config): def db_conn(): from bigchaindb.backend import connect return connect() + + +@pytest.fixture +def mocked_setup_pub_logger(mocker): + return mocker.patch( + 'bigchaindb.log.setup.setup_pub_logger', autospec=True, spec_set=True) + + +@pytest.fixture +def mocked_setup_sub_logger(mocker): + return mocker.patch( + 'bigchaindb.log.setup.setup_sub_logger', autospec=True, spec_set=True) diff --git a/tests/log/test_setup.py b/tests/log/test_setup.py index e0434eb9..39a55995 100644 --- a/tests/log/test_setup.py +++ b/tests/log/test_setup.py @@ -30,18 +30,6 @@ def mocked_socket_server(mocker): ) -@fixture -def mocked_setup_pub_logger(mocker): - return mocker.patch( - 'bigchaindb.log.setup.setup_pub_logger', autospec=True, spec_set=True) - - -@fixture -def mocked_setup_sub_logger(mocker): - return mocker.patch( - 'bigchaindb.log.setup.setup_sub_logger', autospec=True, spec_set=True) - - @fixture def log_record_dict(): return { @@ -225,6 +213,7 @@ class TestLogRecordSocketServer: assert server.server_address == ( '127.0.0.1', logging.handlers.DEFAULT_TCP_LOGGING_PORT) assert server.RequestHandlerClass == LogRecordStreamHandler + server.server_close() @mark.parametrize('side_effect', (None, KeyboardInterrupt)) def test_server_forever(self, mocker, side_effect): From 87758b8a64fefa53979aed315632d1bd11f90627 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Mon, 20 Mar 2017 15:49:24 +0100 Subject: [PATCH 138/283] Re-organize imports --- tests/commands/test_utils.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tests/commands/test_utils.py b/tests/commands/test_utils.py index c8519d52..fab67cb6 100644 --- a/tests/commands/test_utils.py +++ b/tests/commands/test_utils.py @@ -1,7 +1,10 @@ import argparse +from argparse import ArgumentTypeError, Namespace +import logging +from logging import getLogger + import pytest -from argparse import ArgumentTypeError, Namespace from unittest.mock import patch @@ -32,8 +35,6 @@ def test_configure_bigchaindb_configures_bigchaindb(mocked_setup_logging): @pytest.mark.parametrize('log_level', ('DEBUG', 'INFO', 'WARNING', 'ERROR', 'CRITICAL')) def test_configure_bigchaindb_configures_logging(log_level, mocked_setup_sub_logger): - import logging - from logging import getLogger from bigchaindb.commands.utils import configure_bigchaindb from bigchaindb.log.configs import PUBLISHER_LOGGING_CONFIG root_logger = getLogger() From f740ebc7ce96ec49875a2f8a4efb6986d5f92f5f Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Mon, 20 Mar 2017 15:52:29 +0100 Subject: [PATCH 139/283] Use logging module constants for levels --- tests/commands/test_utils.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tests/commands/test_utils.py b/tests/commands/test_utils.py index fab67cb6..223c1f99 100644 --- a/tests/commands/test_utils.py +++ b/tests/commands/test_utils.py @@ -32,13 +32,19 @@ def test_configure_bigchaindb_configures_bigchaindb(mocked_setup_logging): @pytest.mark.usefixtures('ignore_local_config_file', 'reset_bigchaindb_config', 'reset_logging_config') -@pytest.mark.parametrize('log_level', ('DEBUG', 'INFO', 'WARNING', 'ERROR', 'CRITICAL')) +@pytest.mark.parametrize('log_level', ( + logging.DEBUG, + logging.INFO, + logging.WARNING, + logging.ERROR, + logging.CRITICAL, +)) def test_configure_bigchaindb_configures_logging(log_level, mocked_setup_sub_logger): from bigchaindb.commands.utils import configure_bigchaindb from bigchaindb.log.configs import PUBLISHER_LOGGING_CONFIG root_logger = getLogger() - assert root_logger.level == 0 + assert root_logger.level == logging.NOTSET @configure_bigchaindb def test_configure_logger(args): From e4ed122a1c56a25109aa323b166994921f2fb82d Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Tue, 21 Mar 2017 14:08:38 +0100 Subject: [PATCH 140/283] Correct default log datefmt for console --- bigchaindb/log/configs.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/bigchaindb/log/configs.py b/bigchaindb/log/configs.py index 7a8acc7c..1be5c485 100644 --- a/bigchaindb/log/configs.py +++ b/bigchaindb/log/configs.py @@ -18,9 +18,8 @@ SUBSCRIBER_LOGGING_CONFIG = { 'formatters': { 'console': { 'class': 'logging.Formatter', - 'format': ( - '%(name)-15s %(levelname)-8s %(processName)-10s %(message)s' - ), + 'format': ('[%(asctime)s] [%(levelname)s] (%(name)s) ' + '%(message)s (%(processName)-10s - pid: %(process)d)'), 'datefmt': '%Y-%m-%d %H:%M:%S', }, 'file': { From 05db44a6366385f0210b869abc8cc05fb1550836 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Tue, 21 Mar 2017 14:09:06 +0100 Subject: [PATCH 141/283] Add documentation for log configuration --- .../source/server-reference/configuration.md | 215 ++++++++++++++++++ 1 file changed, 215 insertions(+) diff --git a/docs/server/source/server-reference/configuration.md b/docs/server/source/server-reference/configuration.md index f12b8247..2c94e870 100644 --- a/docs/server/source/server-reference/configuration.md +++ b/docs/server/source/server-reference/configuration.md @@ -22,6 +22,15 @@ For convenience, here's a list of all the relevant environment variables (docume `BIGCHAINDB_CONFIG_PATH`
`BIGCHAINDB_BACKLOG_REASSIGN_DELAY`
`BIGCHAINDB_CONSENSUS_PLUGIN`
+`BIGCHAINDB_LOG`
+`BIGCHAINDB_LOG_FILE`
+`BIGCHAINDB_LOG_LEVEL_CONSOLE`
+`BIGCHAINDB_LOG_LEVEL_LOGFILE`
+`BIGCHAINDB_LOG_DATEFMT_CONSOLE`
+`BIGCHAINDB_LOG_DATEFMT_LOGFILE`
+`BIGCHAINDB_LOG_FMT_CONSOLE`
+`BIGCHAINDB_LOG_FMT_LOGFILE`
+`BIGCHAINDB_LOG_GRANULAR_LEVELS`
The local config file is `$HOME/.bigchaindb` by default (a file which might not even exist), but you can tell BigchainDB to use a different file by using the `-c` command-line option, e.g. `bigchaindb -c path/to/config_file.json start` or using the `BIGCHAINDB_CONFIG_PATH` environment variable, e.g. `BIGHAINDB_CONFIG_PATH=.my_bigchaindb_config bigchaindb start`. @@ -173,3 +182,209 @@ export BIGCHAINDB_CONSENSUS_PLUGIN=default ```js "consensus_plugin": "default" ``` + +## log +The `log` key is expected to point to a mapping (set of key/value pairs) +holding the logging configuration. + +**Example**: + +``` +{ + "log": { + "file": "/var/log/bigchaindb.log", + "level_console": "info", + "level_logfile": "info", + "datefmt_console": "%Y-%m-%d %H:%M:%S", + "datefmt_logfile": "%Y-%m-%d %H:%M:%S", + "fmt_console": "%(asctime)s [%(levelname)s] (%(name)s) %(message)s", + "fmt_logfile": "%(asctime)s [%(levelname)s] (%(name)s) %(message)s", + "granular_levels": { + "bichaindb.backend": "info", + "bichaindb.core": "info" + } +} +``` + +**Defaults to**: `"{}"`. + +Please note that although the default is `"{}"` as per the configuration file, +internal defaults are used, such that the actual operational default is: + +``` +{ + "log": { + "file": "~/bigchaindb.log", + "level_console": "info", + "level_logfile": "info", + "datefmt_console": "%Y-%m-%d %H:%M:%S", + "datefmt_logfile": "%Y-%m-%d %H:%M:%S", + "fmt_console": "%(asctime)s [%(levelname)s] (%(name)s) %(message)s", + "fmt_logfile": "%(asctime)s [%(levelname)s] (%(name)s) %(message)s", + "granular_levels": {} +} +``` + +The next subsections explain each field of the `log` configuration. + + +### log.file +The full path to the file where logs should be written to. + +**Example**: + +``` +{ + "log": { + "file": "/var/log/bigchaindb/bigchaindb.log" + } +} +``` + +**Defaults to**: `"~/bigchaindb.log"`. + +Please note that the user running `bigchaindb` must have write access to the +location. + + +### log.level_console +The log level used to log to the console. Possible allowed values are the ones +defined by [Python](https://docs.python.org/3.6/library/logging.html#levels): + +``` +"CRITICAL", "ERROR", "WARNING", "INFO", "DEBUG", "NOTSET" +``` + +**Example**: + +``` +{ + "log": { + "level_console": "info" + } +} +``` + +**Defaults to**: `"info"`. + + +### log.level_logfile +The log level used to log to the log file. Possible allowed values are the ones +defined by [Python](https://docs.python.org/3.6/library/logging.html#levels): + +``` +"CRITICAL", "ERROR", "WARNING", "INFO", "DEBUG", "NOTSET" +``` + +**Example**: + +``` +{ + "log": { + "level_file": "info" + } +} +``` + +**Defaults to**: `"info"`. + + +### log.datefmt_console +The format string for the date/time portion of a message, when logged to the +console. + +**Example**: + +``` +{ + "log": { + "datefmt_console": "%x %X %Z" + } +} +``` + +**Defaults to**: `"%Y-%m-%d %H:%M:%S"`. + +For more information on how to construct the format string please consult the +table under Python's documentation of + [`time.strftime(format[, t])`](https://docs.python.org/3.6/library/time.html#time.strftime) + +### log.datefmt_logfile +The format string for the date/time portion of a message, when logged to a log + file. + +**Example**: + +``` +{ + "log": { + "datefmt_logfile": "%c %z" + } +} +``` + +**Defaults to**: `"%Y-%m-%d %H:%M:%S"`. + +For more information on how to construct the format string please consult the +table under Python's documentation of + [`time.strftime(format[, t])`](https://docs.python.org/3.6/library/time.html#time.strftime) + + +### log.fmt_console +A string used to format the log messages when logged to the console. + +**Example**: + +``` +{ + "log": { + "fmt_console": "%(asctime)s [%(levelname)s] %(message)s %(process)d" + } +} +``` + +**Defaults to**: `"[%(asctime)s] [%(levelname)s] (%(name)s) %(message)s (%(processName)-10s - pid: %(process)d)"` + +For more information on possible formatting options please consult Python's +documentation on +[LogRecord attributes](https://docs.python.org/3.6/library/logging.html#logrecord-attributes) + + +### log.fmt_logfile +A string used to format the log messages when logged to a log file. + +**Example**: + +``` +{ + "log": { + "fmt_logfile": "%(asctime)s [%(levelname)s] %(message)s %(process)d" + } +} +``` + +**Defaults to**: `"[%(asctime)s] [%(levelname)s] (%(name)s) %(message)s (%(processName)-10s - pid: %(process)d)"` + +For more information on possible formatting options please consult Python's +documentation on +[LogRecord attributes](https://docs.python.org/3.6/library/logging.html#logrecord-attributes) + + +### log.granular_levels +Log levels for BigchainDB's modules. This can be useful to control the log +level of specific parts of the application. As an example, if you wanted the +`core.py` to be more verbose, you would set the configuration shown in the +example below. + +**Example**: + +``` +{ + "log": { + "granular_levels": { + "bichaindb.core": "debug" + } +} +``` + +**Defaults to**: `"{}"` From d867983a891fcb2c9f4fa1881da78bc581b37ba3 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Tue, 21 Mar 2017 14:37:26 +0100 Subject: [PATCH 142/283] Document cmd line option for the log level --- docs/server/source/server-reference/bigchaindb-cli.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/server/source/server-reference/bigchaindb-cli.md b/docs/server/source/server-reference/bigchaindb-cli.md index 9612fd30..88294621 100644 --- a/docs/server/source/server-reference/bigchaindb-cli.md +++ b/docs/server/source/server-reference/bigchaindb-cli.md @@ -68,6 +68,14 @@ You can also use the `--dev-start-rethinkdb` command line option to automaticall e.g. `bigchaindb --dev-start-rethinkdb start`. Note that this will also shutdown rethinkdb when the bigchaindb process stops. The option `--dev-allow-temp-keypair` will generate a keypair on the fly if no keypair is found, this is useful when you want to run a temporary instance of BigchainDB in a Docker container, for example. +### Options +The log level for the console can be set via the option `--log-level` or its +abbreviation `-l`. Example: + +```bash +$ bigchaindb --log-level INFO start +``` + ## bigchaindb set-shards From 433863798325beefd5ab8c1c77b055b4ec5641fd Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Tue, 21 Mar 2017 15:43:00 +0100 Subject: [PATCH 143/283] Add docs for allowed log levels for cmd line --- docs/server/source/server-reference/bigchaindb-cli.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/server/source/server-reference/bigchaindb-cli.md b/docs/server/source/server-reference/bigchaindb-cli.md index 88294621..31c955cd 100644 --- a/docs/server/source/server-reference/bigchaindb-cli.md +++ b/docs/server/source/server-reference/bigchaindb-cli.md @@ -76,6 +76,11 @@ abbreviation `-l`. Example: $ bigchaindb --log-level INFO start ``` +The allowed levels are `DEBUG`, `INFO` , `WARNING`, `ERROR`, and `CRITICAL`. +For an explanation regarding these levels please consult the +[Logging Levels](https://docs.python.org/3.6/library/logging.html#levels) +section of Python's documentation. + ## bigchaindb set-shards From 3a812701010c8d4e2f73ccadc17eba43763bbe80 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Tue, 21 Mar 2017 15:54:18 +0100 Subject: [PATCH 144/283] Add link to configuration file settings --- docs/server/source/server-reference/bigchaindb-cli.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/server/source/server-reference/bigchaindb-cli.md b/docs/server/source/server-reference/bigchaindb-cli.md index 31c955cd..05f321f9 100644 --- a/docs/server/source/server-reference/bigchaindb-cli.md +++ b/docs/server/source/server-reference/bigchaindb-cli.md @@ -81,6 +81,9 @@ For an explanation regarding these levels please consult the [Logging Levels](https://docs.python.org/3.6/library/logging.html#levels) section of Python's documentation. +For a more fine-grained control over the logging configuration you can use the +configuration file as documented under +[Configuration Settings](configuration.html). ## bigchaindb set-shards From 45ae58448f05793ce34517457db5fe7ffe045406 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Tue, 21 Mar 2017 15:54:35 +0100 Subject: [PATCH 145/283] Correct wording --- docs/server/source/server-reference/configuration.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/server/source/server-reference/configuration.md b/docs/server/source/server-reference/configuration.md index 2c94e870..32a6c3a0 100644 --- a/docs/server/source/server-reference/configuration.md +++ b/docs/server/source/server-reference/configuration.md @@ -373,8 +373,8 @@ documentation on ### log.granular_levels Log levels for BigchainDB's modules. This can be useful to control the log level of specific parts of the application. As an example, if you wanted the -`core.py` to be more verbose, you would set the configuration shown in the -example below. +logging of the `core.py` module to be more verbose, you would set the + configuration shown in the example below. **Example**: From 9987041ac04465ed4c53957ae8746ef38097cfba Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Tue, 21 Mar 2017 15:58:18 +0100 Subject: [PATCH 146/283] Add note about case insensitivity of log levels --- docs/server/source/server-reference/configuration.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/docs/server/source/server-reference/configuration.md b/docs/server/source/server-reference/configuration.md index 32a6c3a0..4cd9e9d4 100644 --- a/docs/server/source/server-reference/configuration.md +++ b/docs/server/source/server-reference/configuration.md @@ -249,10 +249,11 @@ location. ### log.level_console The log level used to log to the console. Possible allowed values are the ones -defined by [Python](https://docs.python.org/3.6/library/logging.html#levels): +defined by [Python](https://docs.python.org/3.6/library/logging.html#levels), +but case insensitive for convenience's sake: ``` -"CRITICAL", "ERROR", "WARNING", "INFO", "DEBUG", "NOTSET" +"critical", "error", "warning", "info", "debug", "notset" ``` **Example**: @@ -270,10 +271,11 @@ defined by [Python](https://docs.python.org/3.6/library/logging.html#levels): ### log.level_logfile The log level used to log to the log file. Possible allowed values are the ones -defined by [Python](https://docs.python.org/3.6/library/logging.html#levels): +defined by [Python](https://docs.python.org/3.6/library/logging.html#levels), +but case insensitive for convenience's sake: ``` -"CRITICAL", "ERROR", "WARNING", "INFO", "DEBUG", "NOTSET" +"critical", "error", "warning", "info", "debug", "notset" ``` **Example**: From 10d83c2ab90822f3819eced18c701e0570e4cf84 Mon Sep 17 00:00:00 2001 From: Rodolphe Marques Date: Wed, 22 Mar 2017 14:25:16 +0100 Subject: [PATCH 147/283] No duplicate vote inserts with mongodb (#1258) * prevent duplicate vote inserts --- bigchaindb/backend/mongodb/schema.py | 3 ++- tests/backend/mongodb/test_queries.py | 18 ++++++++++++++++++ tests/db/test_bigchain_api.py | 17 ----------------- tests/web/test_votes.py | 8 +++++++- 4 files changed, 27 insertions(+), 19 deletions(-) diff --git a/bigchaindb/backend/mongodb/schema.py b/bigchaindb/backend/mongodb/schema.py index 4c5189ac..ad89f9bc 100644 --- a/bigchaindb/backend/mongodb/schema.py +++ b/bigchaindb/backend/mongodb/schema.py @@ -100,4 +100,5 @@ def create_votes_secondary_index(conn, dbname): ASCENDING), ('node_pubkey', ASCENDING)], - name='block_and_voter') + name='block_and_voter', + unique=True) diff --git a/tests/backend/mongodb/test_queries.py b/tests/backend/mongodb/test_queries.py index 1d7bfc39..bd7e75f1 100644 --- a/tests/backend/mongodb/test_queries.py +++ b/tests/backend/mongodb/test_queries.py @@ -212,6 +212,7 @@ def test_get_owned_ids(signed_create_tx, user_pk): def test_get_votes_by_block_id(signed_create_tx, structurally_valid_vote): + from bigchaindb.common.crypto import generate_key_pair from bigchaindb.backend import connect, query from bigchaindb.models import Block conn = connect() @@ -219,10 +220,14 @@ def test_get_votes_by_block_id(signed_create_tx, structurally_valid_vote): # create and insert a block block = Block(transactions=[signed_create_tx]) conn.db.bigchain.insert_one(block.to_dict()) + # create and insert some votes structurally_valid_vote['vote']['voting_for_block'] = block.id conn.db.votes.insert_one(structurally_valid_vote) + # create a second vote under a different key + _, pk = generate_key_pair() structurally_valid_vote['vote']['voting_for_block'] = block.id + structurally_valid_vote['node_pubkey'] = pk structurally_valid_vote.pop('_id') conn.db.votes.insert_one(structurally_valid_vote) @@ -325,6 +330,19 @@ def test_write_vote(structurally_valid_vote): assert vote_db == structurally_valid_vote +def test_duplicate_vote_raises_duplicate_key(structurally_valid_vote): + from bigchaindb.backend import connect, query + from bigchaindb.backend.exceptions import DuplicateKeyError + conn = connect() + + # write a vote + query.write_vote(conn, structurally_valid_vote) + + # write the same vote a second time + with pytest.raises(DuplicateKeyError): + query.write_vote(conn, structurally_valid_vote) + + def test_get_genesis_block(genesis_block): from bigchaindb.backend import connect, query conn = connect() diff --git a/tests/db/test_bigchain_api.py b/tests/db/test_bigchain_api.py index 50d3f7b6..3f05385c 100644 --- a/tests/db/test_bigchain_api.py +++ b/tests/db/test_bigchain_api.py @@ -446,23 +446,6 @@ class TestBigchainApi(object): b.write_vote(b.vote(block_3.id, b.get_last_voted_block().id, True)) assert b.get_last_voted_block().id == block_3.id - def test_no_vote_written_if_block_already_has_vote(self, b, genesis_block): - from bigchaindb.models import Block - - block_1 = dummy_block() - b.write_block(block_1) - - b.write_vote(b.vote(block_1.id, genesis_block.id, True)) - retrieved_block_1 = b.get_block(block_1.id) - retrieved_block_1 = Block.from_dict(retrieved_block_1) - - # try to vote again on the retrieved block, should do nothing - b.write_vote(b.vote(retrieved_block_1.id, genesis_block.id, True)) - retrieved_block_2 = b.get_block(block_1.id) - retrieved_block_2 = Block.from_dict(retrieved_block_2) - - assert retrieved_block_1 == retrieved_block_2 - @pytest.mark.usefixtures('inputs') def test_assign_transaction_one_node(self, b, user_pk, user_sk): from bigchaindb.backend import query diff --git a/tests/web/test_votes.py b/tests/web/test_votes.py index bae31b9a..0bdd1081 100644 --- a/tests/web/test_votes.py +++ b/tests/web/test_votes.py @@ -27,6 +27,8 @@ def test_get_votes_endpoint(b, client): @pytest.mark.bdb @pytest.mark.usefixtures('inputs') def test_get_votes_endpoint_multiple_votes(b, client): + from bigchaindb.common.crypto import generate_key_pair + tx = Transaction.create([b.me], [([b.me], 1)]) tx = tx.sign([b.me_private]) @@ -37,8 +39,12 @@ def test_get_votes_endpoint_multiple_votes(b, client): vote_valid = b.vote(block.id, last_block, True) b.write_vote(vote_valid) - # vote the block valid + # vote the block invalid + # a note can only vote once so we need a new node_pubkey for the second + # vote + _, pk = generate_key_pair() vote_invalid = b.vote(block.id, last_block, False) + vote_invalid['node_pubkey'] = pk b.write_vote(vote_invalid) res = client.get(VOTES_ENDPOINT + '?block_id=' + block.id) From 425397f644f7f6427cd617dfc66a8386c5586ac1 Mon Sep 17 00:00:00 2001 From: Krish Date: Wed, 22 Mar 2017 14:25:25 +0100 Subject: [PATCH 148/283] NGINX frontend for MongoDB and BigchainDB (#1304) - Added NGINX deployment to frontend both BDB and MDB. - Nginx is configured with a whitelist (which is read from a ConfigMap) to allow only other MDB nodes in the closter to communicate with it. - Azure LB apparently does not support proxy protocol and hence whitelisting fails as nginx always observer the LB IP instead of the real IP in the TCP stream. - Whitelisting source IPs for MongoDB - Removing deprecated folder - Better log format - Intuitive port number usage - README and examples - Addressed a typo in PYTHON_STYLE_GUIDE.md - Azure LB apparently does not support proxy protocol and hence whitelisting fails as nginx always observer the LB IP instead of the real IP in the TCP stream. - Whitelisting source IPs for MongoDB - Removing deprecated folder - Multiple changes: - Better log format - Intuitive port number usage - README and examples - Addressed a typo in PYTHON_STYLE_GUIDE.md - Documentation - add the k8s directory to the ignore list in codecov.yml --- PYTHON_STYLE_GUIDE.md | 4 +- codecov.yml | 1 + .../add-node-on-kubernetes.rst | 15 ++ .../node-on-kubernetes.rst | 121 ++++++++++++---- .../template-kubernetes-azure.rst | 2 +- k8s/bigchaindb/bigchaindb-dep.yaml | 20 +-- k8s/deprecated.to.del/bdb-mdb-dep.yaml | 89 ------------ k8s/deprecated.to.del/bdb-rdb-dep.yaml | 87 ------------ k8s/deprecated.to.del/mongo-statefulset.yaml | 57 -------- k8s/deprecated.to.del/node-mdb-ss.yaml | 114 --------------- k8s/deprecated.to.del/node-rdb-ss.yaml | 131 ------------------ k8s/deprecated.to.del/node-ss.yaml | 89 ------------ k8s/deprecated.to.del/rethinkdb-ss.yaml | 75 ---------- k8s/mongodb/container/README.md | 2 +- k8s/mongodb/mongo-ss.yaml | 21 +-- k8s/nginx/container/Dockerfile | 11 ++ k8s/nginx/container/README.md | 70 ++++++++++ k8s/nginx/container/nginx.conf.template | 108 +++++++++++++++ k8s/nginx/container/nginx_entrypoint.bash | 44 ++++++ k8s/nginx/nginx-cm.yaml | 13 ++ k8s/nginx/nginx-dep.yaml | 82 +++++++++++ 21 files changed, 462 insertions(+), 694 deletions(-) delete mode 100644 k8s/deprecated.to.del/bdb-mdb-dep.yaml delete mode 100644 k8s/deprecated.to.del/bdb-rdb-dep.yaml delete mode 100644 k8s/deprecated.to.del/mongo-statefulset.yaml delete mode 100644 k8s/deprecated.to.del/node-mdb-ss.yaml delete mode 100644 k8s/deprecated.to.del/node-rdb-ss.yaml delete mode 100644 k8s/deprecated.to.del/node-ss.yaml delete mode 100644 k8s/deprecated.to.del/rethinkdb-ss.yaml create mode 100644 k8s/nginx/container/Dockerfile create mode 100644 k8s/nginx/container/README.md create mode 100644 k8s/nginx/container/nginx.conf.template create mode 100755 k8s/nginx/container/nginx_entrypoint.bash create mode 100644 k8s/nginx/nginx-cm.yaml create mode 100644 k8s/nginx/nginx-dep.yaml diff --git a/PYTHON_STYLE_GUIDE.md b/PYTHON_STYLE_GUIDE.md index befe4eeb..5ca44e83 100644 --- a/PYTHON_STYLE_GUIDE.md +++ b/PYTHON_STYLE_GUIDE.md @@ -82,6 +82,6 @@ flake8 --max-line-length 119 bigchaindb/ ## Writing and Running (Python) Tests -The content of this section was moved to [`bigchiandb/tests/README.md`](./tests/README.md). +The content of this section was moved to [`bigchaindb/tests/README.md`](./tests/README.md). -Note: We automatically run all tests on all pull requests (using Travis CI), so you should definitely run all tests locally before you submit a pull request. See the above-linked README file for instructions. \ No newline at end of file +Note: We automatically run all tests on all pull requests (using Travis CI), so you should definitely run all tests locally before you submit a pull request. See the above-linked README file for instructions. diff --git a/codecov.yml b/codecov.yml index b6f22af9..547c6b99 100644 --- a/codecov.yml +++ b/codecov.yml @@ -32,6 +32,7 @@ coverage: - "benchmarking-tests/*" - "speed-tests/*" - "ntools/*" + - "k8s/*" comment: # @stevepeak (from codecov.io) suggested we change 'suggestions' to 'uncovered' diff --git a/docs/server/source/cloud-deployment-templates/add-node-on-kubernetes.rst b/docs/server/source/cloud-deployment-templates/add-node-on-kubernetes.rst index ea435ed3..7dcf1104 100644 --- a/docs/server/source/cloud-deployment-templates/add-node-on-kubernetes.rst +++ b/docs/server/source/cloud-deployment-templates/add-node-on-kubernetes.rst @@ -161,3 +161,18 @@ zero downtime during updates. You can SSH to an existing BigchainDB instance and run the ``bigchaindb show-config`` command to check that the keyring is updated. + + +Step 7: Run NGINX as a Deployment +--------------------------------- + +Please refer :ref:`this ` to +set up NGINX in your new node. + + +Step 8: Test Your New BigchainDB Node +------------------------------------- + +Please refer to the testing steps :ref:`here ` to verify that your new BigchainDB node is working as expected. + diff --git a/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst b/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst index b19d79a3..6a59c750 100644 --- a/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst +++ b/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst @@ -195,9 +195,9 @@ which can also be obtained using the ``az account list-locations`` command. You can also try to assign a name to an Public IP in Azure before starting the process, or use ``nslookup`` with the name you have in mind to check if it's available for use. -In the rare chance that name in the ``data.fqdn`` field is not available, -you must create a ConfigMap with a unique name and restart the -MongoDB instance. + +You should ensure that the the name specified in the ``data.fqdn`` field is +a unique one. **Kubernetes on bare-metal or other cloud providers.** You need to provide the name resolution function @@ -343,8 +343,8 @@ Get the file ``bigchaindb-dep.yaml`` from GitHub using: $ wget https://raw.githubusercontent.com/bigchaindb/bigchaindb/master/k8s/bigchaindb/bigchaindb-dep.yaml -Note that we set the ``BIGCHAINDB_DATABASE_HOST`` to ``mdb`` which is the name -of the MongoDB service defined earlier. +Note that we set the ``BIGCHAINDB_DATABASE_HOST`` to ``mdb-svc`` which is the +name of the MongoDB service defined earlier. We also hardcode the ``BIGCHAINDB_KEYPAIR_PUBLIC``, ``BIGCHAINDB_KEYPAIR_PRIVATE`` and ``BIGCHAINDB_KEYRING`` for now. @@ -367,22 +367,55 @@ Create the required Deployment using: You can check its status using the command ``kubectl get deploy -w`` -Step 10: Verify the BigchainDB Node Setup +Step 10: Run NGINX as a Deployment +---------------------------------- + +NGINX is used as a proxy to both the BigchainDB and MongoDB instances in the +node. +It proxies HTTP requests on port 80 to the BigchainDB backend, and TCP +connections on port 27017 to the MongoDB backend. + +You can also configure a whitelist in NGINX to allow only connections from +other instances in the MongoDB replica set to access the backend MongoDB +instance. + +Get the file ``nginx-cm.yaml`` from GitHub using: + +.. code:: bash + + $ wget https://raw.githubusercontent.com/bigchaindb/bigchaindb/master/k8s/nginx/nginx-cm.yaml + +The IP address whitelist can be explicitly configured in ``nginx-cm.yaml`` +file. You will need a list of the IP addresses of all the other MongoDB +instances in the cluster. If the MongoDB intances specify a hostname, then this +needs to be resolved to the corresponding IP addresses. If the IP address of +any MongoDB instance changes, we can start a 'rolling upgrade' of NGINX after +updating the corresponding ConfigMap without affecting availabilty. + + +Create the ConfigMap for the whitelist using: + +.. code:: bash + + $ kubectl apply -f nginx-cm.yaml + +Get the file ``nginx-dep.yaml`` from GitHub using: + +.. code:: bash + + $ wget https://raw.githubusercontent.com/bigchaindb/bigchaindb/master/k8s/nginx/nginx-dep.yaml + +Create the NGINX deployment using: + +.. code:: bash + + $ kubectl apply -f nginx-dep.yaml + + +Step 11: Verify the BigchainDB Node Setup ----------------------------------------- -Step 10.1: Testing Externally -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Try to access the ``:9984`` -on your browser. You must receive a json output that shows the BigchainDB -server version among other things. - -Try to access the ``:27017`` -on your browser. You must receive a message from MongoDB stating that it -doesn't allow HTTP connections to the port anymore. - - -Step 10.2: Testing Internally +Step 11.1: Testing Internally ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Run a container that provides utilities like ``nslookup``, ``curl`` and ``dig`` @@ -392,23 +425,53 @@ on the cluster and query the internal DNS and IP endpoints. $ kubectl run -it toolbox -- image --restart=Never --rm -It will drop you to the shell prompt. -Now you can query for the ``mdb`` and ``bdb`` service details. - -.. code:: bash - - $ nslookup mdb - $ dig +noall +answer _mdb-port._tcp.mdb.default.svc.cluster.local SRV - $ curl -X GET http://mdb:27017 - $ curl -X GET http://bdb:9984 - There is a generic image based on alpine:3.5 with the required utilities hosted at Docker Hub under ``bigchaindb/toolbox``. The corresponding Dockerfile is `here `_. + You can use it as below to get started immediately: .. code:: bash $ kubectl run -it toolbox --image bigchaindb/toolbox --restart=Never --rm +It will drop you to the shell prompt. +Now you can query for the ``mdb`` and ``bdb`` service details. + +.. code:: bash + + # nslookup mdb-svc + # nslookup bdb-svc + # nslookup ngx-svc + # dig +noall +answer _mdb-port._tcp.mdb-svc.default.svc.cluster.local SRV + # dig +noall +answer _bdb-port._tcp.bdb-svc.default.svc.cluster.local SRV + # dig +noall +answer _ngx-public-mdb-port._tcp.ngx-svc.default.svc.cluster.local SRV + # dig +noall +answer _ngx-public-bdb-port._tcp.ngx-svc.default.svc.cluster.local SRV + # curl -X GET http://mdb-svc:27017 + # curl -X GET http://bdb-svc:9984 + # curl -X GET http://ngx-svc:80 + # curl -X GET http://ngx-svc:27017 + +The ``nslookup`` commands should output the configured IP addresses of the +services in the cluster + +The ``dig`` commands should return the port numbers configured for the +various services in the cluster. + +Finally, the ``curl`` commands test the availability of the services +themselves. + +Step 11.2: Testing Externally +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Try to access the ``:80`` +on your browser. You must receive a json output that shows the BigchainDB +server version among other things. + +Try to access the ``:27017`` +on your browser. If your IP is in the whitelist, you will receive a message +from the MongoDB instance stating that it doesn't allow HTTP connections to +the port anymore. If your IP is not in the whitelist, your access will be +blocked and you will not see any response from the MongoDB instance. + diff --git a/docs/server/source/cloud-deployment-templates/template-kubernetes-azure.rst b/docs/server/source/cloud-deployment-templates/template-kubernetes-azure.rst index 93cf1e08..b967e764 100644 --- a/docs/server/source/cloud-deployment-templates/template-kubernetes-azure.rst +++ b/docs/server/source/cloud-deployment-templates/template-kubernetes-azure.rst @@ -168,7 +168,7 @@ using something like: .. code:: bash - $ ssh ssh ubuntu@k8s-agent-4AC80E97-0 + $ ssh ubuntu@k8s-agent-4AC80E97-0 where ``k8s-agent-4AC80E97-0`` is the name of a Kubernetes agent node in your Kubernetes cluster. diff --git a/k8s/bigchaindb/bigchaindb-dep.yaml b/k8s/bigchaindb/bigchaindb-dep.yaml index 7bf68f06..83daaaaf 100644 --- a/k8s/bigchaindb/bigchaindb-dep.yaml +++ b/k8s/bigchaindb/bigchaindb-dep.yaml @@ -1,44 +1,47 @@ ############################################################### # This config file runs bigchaindb:master as a k8s Deployment # -# and it connects to the mongodb backend on a separate pod # +# and it connects to the mongodb backend running as a # +# separate pod # ############################################################### apiVersion: v1 kind: Service metadata: - name: bdb + name: bdb-svc namespace: default labels: - name: bdb + name: bdb-svc spec: selector: - app: bdb + app: bdb-dep ports: - port: 9984 targetPort: 9984 name: bdb-port - type: LoadBalancer + type: ClusterIP + clusterIP: None --- apiVersion: extensions/v1beta1 kind: Deployment metadata: - name: bdb + name: bdb-dep spec: replicas: 1 template: metadata: labels: - app: bdb + app: bdb-dep spec: terminationGracePeriodSeconds: 10 containers: - name: bigchaindb image: bigchaindb/bigchaindb:master + imagePullPolicy: IfNotPresent args: - start env: - name: BIGCHAINDB_DATABASE_HOST - value: mdb + value: mdb-svc - name: BIGCHAINDB_DATABASE_PORT # TODO(Krish): remove hardcoded port value: "27017" @@ -58,7 +61,6 @@ spec: value: "120" - name: BIGCHAINDB_KEYRING value: "" - imagePullPolicy: IfNotPresent ports: - containerPort: 9984 hostPort: 9984 diff --git a/k8s/deprecated.to.del/bdb-mdb-dep.yaml b/k8s/deprecated.to.del/bdb-mdb-dep.yaml deleted file mode 100644 index c985b285..00000000 --- a/k8s/deprecated.to.del/bdb-mdb-dep.yaml +++ /dev/null @@ -1,89 +0,0 @@ -############################################################### -# This config file runs bigchaindb:latest and connects to the # -# mongodb backend as a service # -############################################################### - -apiVersion: v1 -kind: Service -metadata: - name: bdb-mdb-service - namespace: default - labels: - name: bdb-mdb-service -spec: - selector: - app: bdb-mdb - ports: - - port: 9984 - targetPort: 9984 - name: bdb-api - type: LoadBalancer ---- -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: bdb-mdb -spec: - replicas: 1 - template: - metadata: - labels: - app: bdb-mdb - spec: - terminationGracePeriodSeconds: 10 - containers: - - name: bdb-mdb - image: bigchaindb/bigchaindb:latest - args: - - start - env: - - name: BIGCHAINDB_DATABASE_HOST - value: mdb-service - - name: BIGCHAINDB_DATABASE_PORT - value: "27017" - - name: BIGCHAINDB_DATABASE_REPLICASET - value: bigchain-rs - - name: BIGCHIANDB_DATABASE_BACKEND - value: mongodb - - name: BIGCHAINDB_DATABASE_NAME - value: bigchain - - name: BIGCHAINDB_SERVER_BIND - value: 0.0.0.0:9984 - - name: BIGCHAINDB_KEYPAIR_PUBLIC - value: EEWUAhsk94ZUHhVw7qx9oZiXYDAWc9cRz93eMrsTG4kZ - - name: BIGCHAINDB_KEYPAIR_PRIVATE - value: 3CjmRhu718gT1Wkba3LfdqX5pfYuBdaMPLd7ENUga5dm - - name: BIGCHAINDB_BACKLOG_REASSIGN_DELAY - value: "120" - - name: BIGCHAINDB_KEYRING - value: "" - imagePullPolicy: IfNotPresent - ports: - - containerPort: 9984 - hostPort: 9984 - name: bdb-port - protocol: TCP - volumeMounts: - - name: bigchaindb-data - mountPath: /data - resources: - limits: - cpu: 200m - memory: 768Mi - livenessProbe: - httpGet: - path: / - port: 9984 - initialDelaySeconds: 15 - timeoutSeconds: 10 - readinessProbe: - httpGet: - path: / - port: 9984 - initialDelaySeconds: 15 - timeoutSeconds: 10 - restartPolicy: Always - volumes: - - name: bigchaindb-data - hostPath: - path: /disk/bigchaindb-data diff --git a/k8s/deprecated.to.del/bdb-rdb-dep.yaml b/k8s/deprecated.to.del/bdb-rdb-dep.yaml deleted file mode 100644 index 06daca43..00000000 --- a/k8s/deprecated.to.del/bdb-rdb-dep.yaml +++ /dev/null @@ -1,87 +0,0 @@ -############################################################### -# This config file runs bigchaindb:latest and connects to the # -# rethinkdb backend as a service # -############################################################### - -apiVersion: v1 -kind: Service -metadata: - name: bdb-rdb-service - namespace: default - labels: - name: bdb-rdb-service -spec: - selector: - app: bdb-rdb - ports: - - port: 9984 - targetPort: 9984 - name: bdb-rdb-api - type: LoadBalancer ---- -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: bdb-rdb -spec: - replicas: 1 - template: - metadata: - labels: - app: bdb-rdb - spec: - terminationGracePeriodSeconds: 10 - containers: - - name: bdb-rdb - image: bigchaindb/bigchaindb:latest - args: - - start - env: - - name: BIGCHAINDB_DATABASE_HOST - value: rdb-service - - name: BIGCHAINDB_DATABASE_PORT - value: "28015" - - name: BIGCHIANDB_DATABASE_BACKEND - value: rethinkdb - - name: BIGCHAINDB_DATABASE_NAME - value: bigchain - - name: BIGCHAINDB_SERVER_BIND - value: 0.0.0.0:9984 - - name: BIGCHAINDB_KEYPAIR_PUBLIC - value: EEWUAhsk94ZUHhVw7qx9oZiXYDAWc9cRz93eMrsTG4kZ - - name: BIGCHAINDB_KEYPAIR_PRIVATE - value: 3CjmRhu718gT1Wkba3LfdqX5pfYuBdaMPLd7ENUga5dm - - name: BIGCHAINDB_BACKLOG_REASSIGN_DELAY - value: "120" - - name: BIGCHAINDB_KEYRING - value: "" - imagePullPolicy: IfNotPresent - ports: - - containerPort: 9984 - hostPort: 9984 - name: bdb-port - protocol: TCP - volumeMounts: - - name: bigchaindb-data - mountPath: /data - resources: - limits: - cpu: 200m - memory: 768Mi - livenessProbe: - httpGet: - path: / - port: 9984 - initialDelaySeconds: 15 - timeoutSeconds: 10 - readinessProbe: - httpGet: - path: / - port: 9984 - initialDelaySeconds: 15 - timeoutSeconds: 10 - restartPolicy: Always - volumes: - - name: bigchaindb-data - hostPath: - path: /disk/bigchaindb-data diff --git a/k8s/deprecated.to.del/mongo-statefulset.yaml b/k8s/deprecated.to.del/mongo-statefulset.yaml deleted file mode 100644 index a71567f3..00000000 --- a/k8s/deprecated.to.del/mongo-statefulset.yaml +++ /dev/null @@ -1,57 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: mongodb - labels: - name: mongodb -spec: - ports: - - port: 27017 - targetPort: 27017 - clusterIP: None - selector: - role: mongodb ---- -apiVersion: apps/v1beta1 -kind: StatefulSet -metadata: - name: mongodb -spec: - serviceName: mongodb - replicas: 3 - template: - metadata: - labels: - role: mongodb - environment: staging - spec: - terminationGracePeriodSeconds: 10 - containers: - - name: mongo - image: mongo:3.4.1 - command: - - mongod - - "--replSet" - - bigchain-rs - #- "--smallfiles" - #- "--noprealloc" - ports: - - containerPort: 27017 - volumeMounts: - - name: mongo-persistent-storage - mountPath: /data/db - - name: mongo-sidecar - image: cvallance/mongo-k8s-sidecar - env: - - name: MONGO_SIDECAR_POD_LABELS - value: "role=mongo,environment=staging" - volumeClaimTemplates: - - metadata: - name: mongo-persistent-storage - annotations: - volume.beta.kubernetes.io/storage-class: "fast" - spec: - accessModes: [ "ReadWriteOnce" ] - resources: - requests: - storage: 100Gi diff --git a/k8s/deprecated.to.del/node-mdb-ss.yaml b/k8s/deprecated.to.del/node-mdb-ss.yaml deleted file mode 100644 index 3c126d2d..00000000 --- a/k8s/deprecated.to.del/node-mdb-ss.yaml +++ /dev/null @@ -1,114 +0,0 @@ -################################################################# -# This YAML file desribes a StatefulSet with two containers: # -# bigchaindb/bigchaindb:latest and mongo:3.4.1 # -# It also describes a Service to expose BigchainDB and MongoDB. # -################################################################# - -apiVersion: v1 -kind: Service -metadata: - name: bdb-service - namespace: default - labels: - name: bdb-service -spec: - selector: - app: bdb - ports: - - port: 9984 - targetPort: 9984 - name: bdb-http-api - - port: 27017 - targetPort: 27017 - name: mongodb-port - type: LoadBalancer ---- -apiVersion: apps/v1beta1 -kind: StatefulSet -metadata: - name: bdb - namespace: default -spec: - serviceName: bdb - replicas: 1 - template: - metadata: - name: bdb - labels: - app: bdb - #annotations: - #pod.beta.kubernetes.io/init-containers: '[ - # TODO mongodb user and group; id = 999 - spec: - terminationGracePeriodSeconds: 10 - containers: - - name: bigchaindb - image: bigchaindb/bigchaindb:master - args: - - start - env: - - name: BIGCHAINDB_KEYPAIR_PRIVATE - value: 3CjmRhu718gT1Wkba3LfdqX5pfYuBdaMPLd7ENUga5dm - - name: BIGCHAINDB_KEYPAIR_PUBLIC - value: EEWUAhsk94ZUHhVw7qx9oZiXYDAWc9cRz93eMrsTG4kZ - - name: BIGCHAINDB_KEYRING - value: "" - - name: BIGCHAINDB_DATABASE_BACKEND - value: mongodb - - name: BIGCHAINDB_DATABASE_HOST - value: localhost - - name: BIGCHAINDB_DATABASE_PORT - value: "27017" - - name: BIGCHAINDB_SERVER_BIND - value: "0.0.0.0:9984" - - name: BIGCHAINDB_DATABASE_REPLICASET - value: bigchain-rs - - name: BIGCHAINDB_DATABASE_NAME - value: bigchain - - name: BIGCHAINDB_BACKLOG_REASSIGN_DELAY - value: "120" - imagePullPolicy: IfNotPresent - ports: - - containerPort: 9984 - hostPort: 9984 - name: bdb-port - protocol: TCP - resources: - limits: - cpu: 200m - memory: 768Mi - livenessProbe: - httpGet: - path: / - port: bdb-port - initialDelaySeconds: 15 - timeoutSeconds: 10 - - name: mongodb - image: mongo:3.4.1 - args: - - --replSet=bigchain-rs - imagePullPolicy: IfNotPresent - ports: - - containerPort: 27017 - hostPort: 27017 - name: mdb-port - protocol: TCP - volumeMounts: - - name: mdb-data - mountPath: /data - resources: - limits: - cpu: 200m - memory: 768Mi - livenessProbe: - tcpSocket: - port: mdb-port - successThreshold: 1 - failureThreshold: 3 - periodSeconds: 15 - timeoutSeconds: 1 - restartPolicy: Always - volumes: - - name: mdb-data - persistentVolumeClaim: - claimName: mongoclaim diff --git a/k8s/deprecated.to.del/node-rdb-ss.yaml b/k8s/deprecated.to.del/node-rdb-ss.yaml deleted file mode 100644 index fc157746..00000000 --- a/k8s/deprecated.to.del/node-rdb-ss.yaml +++ /dev/null @@ -1,131 +0,0 @@ -############################################################## -# This YAML file desribes a StatefulSet with two containers: # -# bigchaindb/bigchaindb:latest and rethinkdb:2.3 # -# It also describes a Service to expose BigchainDB, # -# the RethinkDB intracluster communications port, and # -# the RethinkDB web interface port. # -############################################################## - -apiVersion: v1 -kind: Service -metadata: - name: bdb-service - namespace: default - labels: - name: bdb-service -spec: - selector: - app: bdb - ports: - - port: 9984 - targetPort: 9984 - name: bdb-http-api - - port: 29015 - targetPort: 29015 - name: rdb-intracluster-comm-port - - port: 8080 - targetPort: 8080 - name: rdb-web-interface-port - type: LoadBalancer ---- -apiVersion: apps/v1beta1 -kind: StatefulSet -metadata: - name: bdb - namespace: default -spec: - serviceName: bdb - replicas: 1 - template: - metadata: - name: bdb - labels: - app: bdb - spec: - terminationGracePeriodSeconds: 10 - containers: - - name: bdb-server - image: bigchaindb/bigchaindb:latest - args: - - start - env: - - name: BIGCHAINDB_KEYPAIR_PRIVATE - value: 56mEvwwVxcYsFQ3Y8UTFB8DVBv38yoUhxzDW3DAdLVd2 - - name: BIGCHAINDB_KEYPAIR_PUBLIC - value: 9DsHwiEtvk51UHmNM2eV66czFha69j3CdtNrCj1RcZWR - - name: BIGCHAINDB_KEYRING - value: "" - - name: BIGCHAINDB_DATABASE_BACKEND - value: rethinkdb - - name: BIGCHAINDB_DATABASE_HOST - value: localhost - - name: BIGCHAINDB_DATABASE_PORT - value: "28015" - - name: BIGCHAINDB_SERVER_BIND - value: "0.0.0.0:9984" - - name: BIGCHAINDB_DATABASE_NAME - value: bigchain - - name: BIGCHAINDB_BACKLOG_REASSIGN_DELAY - value: "120" - imagePullPolicy: IfNotPresent - ports: - - containerPort: 9984 - hostPort: 9984 - name: bdb-port - protocol: TCP - resources: - limits: - cpu: 200m - memory: 768Mi - livenessProbe: - httpGet: - path: / - port: 9984 - initialDelaySeconds: 15 - timeoutSeconds: 10 - readinessProbe: - httpGet: - path: / - port: 9984 - initialDelaySeconds: 15 - timeoutSeconds: 10 - - name: rethinkdb - image: rethinkdb:2.3 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - hostPort: 8080 - name: rdb-web-interface-port - protocol: TCP - - containerPort: 29015 - hostPort: 29015 - name: rdb-intra-port - protocol: TCP - - containerPort: 28015 - hostPort: 28015 - name: rdb-client-port - protocol: TCP - volumeMounts: - - name: rdb-data - mountPath: /data - resources: - limits: - cpu: 200m - memory: 768Mi - livenessProbe: - httpGet: - path: / - port: 8080 - initialDelaySeconds: 15 - timeoutSeconds: 10 - readinessProbe: - httpGet: - path: / - port: 8080 - initialDelaySeconds: 15 - timeoutSeconds: 10 - restartPolicy: Always - volumes: - - name: rdb-data - persistentVolumeClaim: - claimName: mongoclaim diff --git a/k8s/deprecated.to.del/node-ss.yaml b/k8s/deprecated.to.del/node-ss.yaml deleted file mode 100644 index 9580daf6..00000000 --- a/k8s/deprecated.to.del/node-ss.yaml +++ /dev/null @@ -1,89 +0,0 @@ -##################################################### -# This config file uses bdb v0.9.1 with bundled rdb # -##################################################### - -apiVersion: v1 -kind: Service -metadata: - name: bdb-service - namespace: default - labels: - name: bdb-service -spec: - selector: - app: bdb - ports: - - port: 9984 - targetPort: 9984 - name: bdb-http-api - - port: 8080 - targetPort: 8080 - name: bdb-rethinkdb-api - type: LoadBalancer ---- -apiVersion: apps/v1beta1 -kind: StatefulSet -metadata: - name: bdb - namespace: default -spec: - serviceName: bdb - replicas: 1 - template: - metadata: - name: bdb - labels: - app: bdb - annotations: - pod.beta.kubernetes.io/init-containers: '[ - { - "name": "bdb091-configure", - "image": "bigchaindb/bigchaindb:0.9.1", - "command": ["bigchaindb", "-y", "configure", "rethinkdb"], - "volumeMounts": [ - { - "name": "bigchaindb-data", - "mountPath": "/data" - } - ] - } - ]' - spec: - terminationGracePeriodSeconds: 10 - containers: - - name: bdb091-server - image: bigchaindb/bigchaindb:0.9.1 - args: - - -c - - /data/.bigchaindb - - start - imagePullPolicy: IfNotPresent - ports: - - containerPort: 9984 - hostPort: 9984 - name: bdb-port - protocol: TCP - volumeMounts: - - name: bigchaindb-data - mountPath: /data - resources: - limits: - cpu: 200m - memory: 768Mi - livenessProbe: - httpGet: - path: / - port: 9984 - initialDelaySeconds: 15 - timeoutSeconds: 10 - readinessProbe: - httpGet: - path: / - port: 9984 - initialDelaySeconds: 15 - timeoutSeconds: 10 - restartPolicy: Always - volumes: - - name: bigchaindb-data - hostPath: - path: /disk/bigchaindb-data diff --git a/k8s/deprecated.to.del/rethinkdb-ss.yaml b/k8s/deprecated.to.del/rethinkdb-ss.yaml deleted file mode 100644 index 081a5f6c..00000000 --- a/k8s/deprecated.to.del/rethinkdb-ss.yaml +++ /dev/null @@ -1,75 +0,0 @@ -#################################################### -# This config file runs rethinkdb:2.3 as a service # -#################################################### - -apiVersion: v1 -kind: Service -metadata: - name: rdb-service - namespace: default - labels: - name: rdb-service -spec: - selector: - app: rdb - ports: - - port: 8080 - targetPort: 8080 - name: rethinkdb-http-port - - port: 28015 - targetPort: 28015 - name: rethinkdb-driver-port - type: LoadBalancer ---- -apiVersion: apps/v1beta1 -kind: StatefulSet -metadata: - name: rdb - namespace: default -spec: - serviceName: rdb - replicas: 1 - template: - metadata: - name: rdb - labels: - app: rdb - spec: - terminationGracePeriodSeconds: 10 - containers: - - name: rethinkdb - image: rethinkdb:2.3 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - hostPort: 8080 - name: rdb-http-port - protocol: TCP - - containerPort: 28015 - hostPort: 28015 - name: rdb-client-port - protocol: TCP - volumeMounts: - - name: rdb-data - mountPath: /data - resources: - limits: - cpu: 200m - memory: 768Mi - livenessProbe: - httpGet: - path: / - port: 8080 - initialDelaySeconds: 15 - timeoutSeconds: 10 - readinessProbe: - httpGet: - path: / - port: 8080 - initialDelaySeconds: 15 - timeoutSeconds: 10 - restartPolicy: Always - volumes: - - name: rdb-data - hostPath: - path: /disk/rdb-data diff --git a/k8s/mongodb/container/README.md b/k8s/mongodb/container/README.md index 7896a912..baad9f13 100644 --- a/k8s/mongodb/container/README.md +++ b/k8s/mongodb/container/README.md @@ -19,7 +19,7 @@ ``` docker run \ --name=mdb1 \ ---publish=17017:17017 \ +--publish=: \ --rm=true \ bigchaindb/mongodb \ --replica-set-name \ diff --git a/k8s/mongodb/mongo-ss.yaml b/k8s/mongodb/mongo-ss.yaml index fb6a73f8..089a0a96 100644 --- a/k8s/mongodb/mongo-ss.yaml +++ b/k8s/mongodb/mongo-ss.yaml @@ -1,38 +1,39 @@ ######################################################################## # This YAML file desribes a StatefulSet with a service for running and # -# exposing a MongoDB service. # +# exposing a MongoDB instance. # # It depends on the configdb and db k8s pvc. # ######################################################################## apiVersion: v1 kind: Service metadata: - name: mdb + name: mdb-svc namespace: default labels: - name: mdb + name: mdb-svc spec: selector: - app: mdb + app: mdb-ss ports: - port: 27017 targetPort: 27017 name: mdb-port - type: LoadBalancer + type: ClusterIP + clusterIP: None --- apiVersion: apps/v1beta1 kind: StatefulSet metadata: - name: mdb + name: mdb-ss namespace: default spec: - serviceName: mdb + serviceName: mdb-svc replicas: 1 template: metadata: - name: mdb + name: mdb-ss labels: - app: mdb + app: mdb-ss spec: terminationGracePeriodSeconds: 10 containers: @@ -41,6 +42,7 @@ spec: # versions during updates and rollbacks. Also, once fixed, change the # imagePullPolicy to IfNotPresent for faster bootup image: bigchaindb/mongodb:latest + imagePullPolicy: Always env: - name: MONGODB_FQDN valueFrom: @@ -60,7 +62,6 @@ spec: capabilities: add: - FOWNER - imagePullPolicy: Always ports: - containerPort: 27017 hostPort: 27017 diff --git a/k8s/nginx/container/Dockerfile b/k8s/nginx/container/Dockerfile new file mode 100644 index 00000000..c6c4dd3f --- /dev/null +++ b/k8s/nginx/container/Dockerfile @@ -0,0 +1,11 @@ +FROM nginx:1.11.10 +LABEL maintainer "dev@bigchaindb.com" +WORKDIR / +RUN apt-get update \ + && apt-get -y upgrade \ + && apt-get autoremove \ + && apt-get clean +COPY nginx.conf.template /etc/nginx/nginx.conf +COPY nginx_entrypoint.bash / +EXPOSE 80 443 27017 +ENTRYPOINT ["/nginx_entrypoint.bash"] diff --git a/k8s/nginx/container/README.md b/k8s/nginx/container/README.md new file mode 100644 index 00000000..9cb44246 --- /dev/null +++ b/k8s/nginx/container/README.md @@ -0,0 +1,70 @@ +## Custom Nginx container for a Node + +### Need + +* Since, BigchainDB and MongoDB both need to expose ports to the outside + world (inter and intra cluster), we need to have a basic DDoS mitigation + strategy to ensure that we can provide proper uptime and security these + core services. + +* We can have a proxy like nginx/haproxy in every node that listens to + global connections and applies cluster level entry policy. + +### Implementation +* For MongoDB cluster communication, we will use nginx with an environment + variable specifying a ":" separated list of IPs in the whitelist. This list + contains the IPs of exising instances in the MongoDB replica set so as to + allow connections from the whitelist and avoid a DDoS. + +* For BigchainDB connections, nginx needs to have rules to throttle + connections that are using resources over a threshold. + + +### Step 1: Build the Latest Container + +Run `docker build -t bigchaindb/nginx .` from this folder. + +Optional: Upload container to Docker Hub: +`docker push bigchaindb/nginx:` + +### Step 2: Run the Container + +Note that the whilelist IPs must be specified with the subnet in the CIDR +format, eg: `1.2.3.4/16` + +``` +docker run \ +--env "MONGODB_FRONTEND_PORT=" \ +--env "MONGODB_BACKEND_HOST=" \ +--env "MONGODB_BACKEND_PORT=" \ +--env "BIGCHAINDB_FRONTEND_PORT=" \ +--env "BIGCHAINDB_BACKEND_HOST=" \ +--env "BIGCHAINDB_BACKEND_PORT=" \ +--env "MONGODB_WHITELIST=" \ +--name=ngx \ +--publish=: \ +--publish=: \ +--rm=true \ +bigchaindb/nginx +``` + +For example: +``` +docker run \ +--env "MONGODB_FRONTEND_PORT=17017" \ +--env "MONGODB_BACKEND_HOST=localhost" \ +--env "MONGODB_BACKEND_PORT=27017" \ +--env "BIGCHAINDB_FRONTEND_PORT=80" \ +--env "BIGCHAINDB_BACKEND_HOST=localhost" \ +--env "BIGCHAINDB_BACKEND_PORT=9984" \ +--env "MONGODB_WHITELIST="192.168.0.0/16:10.0.2.0/24" \ +--name=ngx \ +--publish=80:80 \ +--publish=17017:17017 \ +--rm=true \ +bigchaindb/nginx +``` + diff --git a/k8s/nginx/container/nginx.conf.template b/k8s/nginx/container/nginx.conf.template new file mode 100644 index 00000000..eda3e7c7 --- /dev/null +++ b/k8s/nginx/container/nginx.conf.template @@ -0,0 +1,108 @@ +worker_processes 2; +daemon off; +user nobody nogroup; +pid /tmp/nginx.pid; +error_log /etc/nginx/nginx.error.log; + +events { + worker_connections 256; + accept_mutex on; + use epoll; +} + +http { + server_names_hash_bucket_size 128; + resolver 8.8.8.8 8.8.4.4; + access_log /etc/nginx/nginx.access.log combined buffer=16k flush=5s; + + # allow 10 req/sec from the same IP address, and store the counters in a + # `zone` or shared memory location tagged as 'one'. + limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s; + + # enable logging when requests are being throttled + limit_req_log_level notice; + + # the http status code to return to the client when throttling; + # 429 is for TooManyRequests, + # ref. RFC 6585 + limit_req_status 429; + + upstream bdb_backend { + server BIGCHAINDB_BACKEND_HOST:BIGCHAINDB_BACKEND_PORT max_fails=5 fail_timeout=30; + } + + server { + listen BIGCHAINDB_FRONTEND_PORT; + # server_name "FRONTEND_DNS_NAME"; + underscores_in_headers on; + + # max client request body size: avg transaction size + client_max_body_size 15k; + + # keepalive connection settings + keepalive_timeout 20s; + + # `slowloris` attack mitigation settings + client_body_timeout 10s; + client_header_timeout 10s; + + location / { + proxy_ignore_client_abort on; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $http_host; + proxy_redirect off; + + # TODO proxy_set_header X-Forwarded-Proto https; + + # limit requests from the same client, allow `burst` to 20 r/s, + # `nodelay` or drop connection immediately in case it exceeds this + # threshold. + limit_req zone=one burst=20 nodelay; + + proxy_pass http://bdb_backend; + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /etc/nginx/50x.html; + } + } +} + +# NGINX stream block for TCP and UDP proxies +stream { + log_format mdb_log '[$time_iso8601] $realip_remote_addr $remote_addr ' + '$proxy_protocol_addr $proxy_protocol_port ' + '$protocol $status $session_time $bytes_sent ' + '$bytes_received "$upstream_addr" "$upstream_bytes_sent" ' + '"$upstream_bytes_received" "$upstream_connect_time" '; + + access_log /etc/nginx/nginx.stream.access.log mdb_log buffer=16k flush=5s; + + # define a zone 'two' of size 10 megabytes to store the counters + # that hold number of TCP connections from a specific IP address + limit_conn_zone $binary_remote_addr zone=two:10m; + + # enable logging when connections are being throttled + limit_conn_log_level notice; + + upstream mdb_backend { + server MONGODB_BACKEND_HOST:MONGODB_BACKEND_PORT max_fails=5 fail_timeout=30 max_conns=1024; + } + + server { + listen MONGODB_FRONTEND_PORT so_keepalive=10m:1m:5; + preread_timeout 30s; + tcp_nodelay on; + + # whitelist + MONGODB_WHITELIST + # deny access to everyone else + deny all; + + # allow 512 connections from the same IP address + limit_conn two 512; + + proxy_pass mdb_backend; + } +} diff --git a/k8s/nginx/container/nginx_entrypoint.bash b/k8s/nginx/container/nginx_entrypoint.bash new file mode 100755 index 00000000..9b63e278 --- /dev/null +++ b/k8s/nginx/container/nginx_entrypoint.bash @@ -0,0 +1,44 @@ +#!/bin/bash +set -euo pipefail + +mongo_frontend_port=`printenv MONGODB_FRONTEND_PORT` +mongo_backend_host=`printenv MONGODB_BACKEND_HOST` +mongo_backend_port=`printenv MONGODB_BACKEND_PORT` +bdb_frontend_port=`printenv BIGCHAINDB_FRONTEND_PORT` +bdb_backend_host=`printenv BIGCHAINDB_BACKEND_HOST` +bdb_backend_port=`printenv BIGCHAINDB_BACKEND_PORT` +mongo_whitelist=`printenv MONGODB_WHITELIST` + +# sanity checks +if [[ -z "${mongo_frontend_port}" || \ + -z "${mongo_backend_host}" || \ + -z "${mongo_backend_port}" || \ + -z "${bdb_frontend_port}" || \ + -z "${bdb_backend_host}" || \ + -z "${bdb_backend_port}" ]] ; then + echo "Invalid environment settings detected. Exiting!" + exit 1 +fi + +NGINX_CONF_FILE=/etc/nginx/nginx.conf + +# configure the nginx.conf file with env variables +sed -i "s|MONGODB_FRONTEND_PORT|${mongo_frontend_port}|g" $NGINX_CONF_FILE +sed -i "s|MONGODB_BACKEND_HOST|${mongo_backend_host}|g" $NGINX_CONF_FILE +sed -i "s|MONGODB_BACKEND_PORT|${mongo_backend_port}|g" $NGINX_CONF_FILE +sed -i "s|BIGCHAINDB_FRONTEND_PORT|${bdb_frontend_port}|g" $NGINX_CONF_FILE +sed -i "s|BIGCHAINDB_BACKEND_HOST|${bdb_backend_host}|g" $NGINX_CONF_FILE +sed -i "s|BIGCHAINDB_BACKEND_PORT|${bdb_backend_port}|g" $NGINX_CONF_FILE + +# populate the whitelist in the conf file as per MONGODB_WHITELIST env var +hosts=$(echo ${mongo_whitelist} | tr ":" "\n") +for host in $hosts; do + sed -i "s|MONGODB_WHITELIST|allow ${host};\n MONGODB_WHITELIST|g" $NGINX_CONF_FILE +done + +# remove the MONGODB_WHITELIST marker string from template +sed -i "s|MONGODB_WHITELIST||g" $NGINX_CONF_FILE + +# start nginx +echo "INFO: starting nginx..." +exec nginx -c /etc/nginx/nginx.conf diff --git a/k8s/nginx/nginx-cm.yaml b/k8s/nginx/nginx-cm.yaml new file mode 100644 index 00000000..7a255aae --- /dev/null +++ b/k8s/nginx/nginx-cm.yaml @@ -0,0 +1,13 @@ +######################################################################### +# This YAML file desribes a ConfigMap with a valid list of IP addresses # +# that can connect to the MongoDB instance. # +######################################################################### + +apiVersion: v1 +kind: ConfigMap +metadata: + name: mongodb-whitelist + namespace: default +data: + # ':' separated list of allowed hosts + allowed-hosts: 192.168.0.0/16:10.0.2.0/24 diff --git a/k8s/nginx/nginx-dep.yaml b/k8s/nginx/nginx-dep.yaml new file mode 100644 index 00000000..d7739a56 --- /dev/null +++ b/k8s/nginx/nginx-dep.yaml @@ -0,0 +1,82 @@ +############################################################### +# This config file runs nginx as a k8s deployment and exposes # +# it using an external load balancer. # +# This deployment is used as a front end to both BigchainDB # +# and MongoDB. # +############################################################### + +apiVersion: v1 +kind: Service +metadata: + name: ngx-svc + namespace: default + labels: + name: ngx-svc + annotations: + # NOTE: the following annotation is a beta feature and + # only available in GCE/GKE and Azure as of now + service.beta.kubernetes.io/external-traffic: OnlyLocal +spec: + selector: + app: ngx-dep + ports: + - port: 27017 + targetPort: 27017 + name: ngx-public-mdb-port + protocol: TCP + - port: 80 + targetPort: 80 + name: ngx-public-bdb-port + protocol: TCP + type: LoadBalancer +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: ngx-dep +spec: + replicas: 1 + template: + metadata: + labels: + app: ngx-dep + spec: + terminationGracePeriodSeconds: 10 + containers: + - name: nginx + image: bigchaindb/nginx:latest + imagePullPolicy: Always + env: + - name: MONGODB_FRONTEND_PORT + value: "27017" + - name: MONGODB_BACKEND_HOST + value: mdb-svc + - name: MONGODB_BACKEND_PORT + value: "27017" + - name: BIGCHAINDB_FRONTEND_PORT + value: "80" + - name: BIGCHAINDB_BACKEND_HOST + value: bdb-svc + - name: BIGCHAINDB_BACKEND_PORT + value: "9984" + - name: MONGODB_WHITELIST + valueFrom: + configMapKeyRef: + name: mongodb-whitelist + key: allowed-hosts + ports: + - containerPort: 27017 + hostPort: 27017 + name: public-mdb-port + protocol: TCP + - containerPort: 80 + hostPort: 80 + name: public-bdb-port + protocol: TCP + resources: + limits: + cpu: 200m + memory: 768Mi + #livenessProbe: TODO(Krish) + #readinessProbe: TODO(Krish) + restartPolicy: Always From f98a634d65e3be5a0aa5f06e2fea13843fc73c70 Mon Sep 17 00:00:00 2001 From: Rodolphe Marques Date: Wed, 22 Mar 2017 14:37:37 +0100 Subject: [PATCH 149/283] clarify allowed maximum complexity of conditions --- docs/server/source/data-models/inputs-outputs.rst | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/docs/server/source/data-models/inputs-outputs.rst b/docs/server/source/data-models/inputs-outputs.rst index 9f1b5d56..e81aa3b2 100644 --- a/docs/server/source/data-models/inputs-outputs.rst +++ b/docs/server/source/data-models/inputs-outputs.rst @@ -22,7 +22,12 @@ One can also put different weights on the inputs to a threshold condition, along The (single) output of a threshold condition can be used as one of the inputs of other threshold conditions. This means that one can combine threshold conditions to build complex logical expressions, e.g. (x OR y) AND (u OR v). -When one creates a condition, one can calculate its fulfillment length (e.g. 96). The more complex the condition, the larger its fulfillment length will be. A BigchainDB federation can put an upper limit on the allowed fulfillment length, as a way of capping the complexity of conditions (and the computing time required to validate them). +When one creates a condition, one can calculate its fulfillment length (e.g. +96). The more complex the condition, the larger its fulfillment length will be. +A BigchainDB federation can put an upper limit on the complexity of the +conditions, either directly by setting an allowed maximum fulfillment length, +or indirectly by setting a maximum allowed transaction size which would limit +the overall complexity accross all inputs and outputs of a transaction. If someone tries to make a condition where the output of a threshold condition feeds into the input of another “earlier” threshold condition (i.e. in a closed logical circuit), then their computer will take forever to calculate the (infinite) “condition URI”, at least in theory. In practice, their computer will run out of memory or their client software will timeout after a while. From 0ae9d19a542a6c9882eac864ad827cf903e4fbf8 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Wed, 22 Mar 2017 14:33:25 +0100 Subject: [PATCH 150/283] Separate log configuration from logging process Closes #1317 --- bigchaindb/commands/bigchain.py | 4 +- bigchaindb/commands/utils.py | 50 +++++++++++++++++++---- tests/commands/rethinkdb/test_commands.py | 16 ++------ tests/commands/test_commands.py | 42 ++++--------------- tests/commands/test_utils.py | 19 ++++----- 5 files changed, 66 insertions(+), 65 deletions(-) diff --git a/bigchaindb/commands/bigchain.py b/bigchaindb/commands/bigchain.py index 767f6ccc..be17d75f 100644 --- a/bigchaindb/commands/bigchain.py +++ b/bigchaindb/commands/bigchain.py @@ -24,7 +24,8 @@ from bigchaindb.commands.messages import ( CANNOT_START_KEYPAIR_NOT_FOUND, RETHINKDB_STARTUP_ERROR, ) -from bigchaindb.commands.utils import configure_bigchaindb, input_on_stderr +from bigchaindb.commands.utils import ( + configure_bigchaindb, start_logging_process, input_on_stderr) logging.basicConfig(level=logging.INFO) @@ -169,6 +170,7 @@ def run_drop(args): @configure_bigchaindb +@start_logging_process def run_start(args): """Start the processes to run the node""" logger.info('BigchainDB Version %s', bigchaindb.__version__) diff --git a/bigchaindb/commands/utils.py b/bigchaindb/commands/utils.py index 73313f05..f4a311fa 100644 --- a/bigchaindb/commands/utils.py +++ b/bigchaindb/commands/utils.py @@ -21,20 +21,56 @@ from bigchaindb.version import __version__ def configure_bigchaindb(command): + """Decorator to be used by command line functions, such that the + configuration of bigchaindb is performed before the execution of + the command. + + Args: + command: The command to decorate. + + Returns: + The command wrapper function. + + """ @functools.wraps(command) def configure(args): - bigchaindb.config_utils.autoconfigure(filename=args.config, force=True) - - logging_config = bigchaindb.config['log'] or {} - if 'log_level' in args and args.log_level: - logging_config['level_console'] = args.log_level - setup_logging(user_log_config=logging_config) - + try: + config_from_cmdline = {'log': {'level_console': args.log_level}} + except AttributeError: + config_from_cmdline = None + bigchaindb.config_utils.autoconfigure( + filename=args.config, config=config_from_cmdline, force=True) command(args) return configure +def start_logging_process(command): + """Decorator to start the logging subscriber process. + + Args: + command: The command to decorate. + + Returns: + The command wrapper function. + + .. important:: + + Configuration, if needed, should be applied before invoking this + decorator, as starting the subscriber process for logging will + configure the root logger for the child process based on the + state of :obj:`bigchaindb.config` at the moment this decorator + is invoked. + + """ + @functools.wraps(command) + def start_logging(args): + from bigchaindb import config + setup_logging(user_log_config=config.get('log')) + command(args) + return start_logging + + # We need this because `input` always prints on stdout, while it should print # to stderr. It's a very old bug, check it out here: # - https://bugs.python.org/issue1927 diff --git a/tests/commands/rethinkdb/test_commands.py b/tests/commands/rethinkdb/test_commands.py index ac100075..165fef0d 100644 --- a/tests/commands/rethinkdb/test_commands.py +++ b/tests/commands/rethinkdb/test_commands.py @@ -38,7 +38,7 @@ def test_start_rethinkdb_exits_when_cannot_start(mock_popen): @patch('rethinkdb.ast.Table.reconfigure') -def test_set_shards(mock_reconfigure, monkeypatch, b, mocked_setup_logging): +def test_set_shards(mock_reconfigure, monkeypatch, b): from bigchaindb.commands.bigchain import run_set_shards # this will mock the call to retrieve the database config @@ -50,8 +50,6 @@ def test_set_shards(mock_reconfigure, monkeypatch, b, mocked_setup_logging): args = Namespace(num_shards=3, config=None) run_set_shards(args) mock_reconfigure.assert_called_with(replicas=1, shards=3, dry_run=False) - mocked_setup_logging.assert_called_once_with(user_log_config={}) - mocked_setup_logging.reset_mock() # this will mock the call to retrieve the database config # we will set it to return three replica @@ -61,10 +59,9 @@ def test_set_shards(mock_reconfigure, monkeypatch, b, mocked_setup_logging): monkeypatch.setattr(rethinkdb.RqlQuery, 'run', mockreturn_three_replicas) run_set_shards(args) mock_reconfigure.assert_called_with(replicas=3, shards=3, dry_run=False) - mocked_setup_logging.assert_called_once_with(user_log_config={}) -def test_set_shards_raises_exception(monkeypatch, b, mocked_setup_logging): +def test_set_shards_raises_exception(monkeypatch, b): from bigchaindb.commands.bigchain import run_set_shards # test that we are correctly catching the exception @@ -81,11 +78,10 @@ def test_set_shards_raises_exception(monkeypatch, b, mocked_setup_logging): with pytest.raises(SystemExit) as exc: run_set_shards(args) assert exc.value.args == ('Failed to reconfigure tables.',) - mocked_setup_logging.assert_called_once_with(user_log_config={}) @patch('rethinkdb.ast.Table.reconfigure') -def test_set_replicas(mock_reconfigure, monkeypatch, b, mocked_setup_logging): +def test_set_replicas(mock_reconfigure, monkeypatch, b): from bigchaindb.commands.bigchain import run_set_replicas # this will mock the call to retrieve the database config @@ -97,8 +93,6 @@ def test_set_replicas(mock_reconfigure, monkeypatch, b, mocked_setup_logging): args = Namespace(num_replicas=2, config=None) run_set_replicas(args) mock_reconfigure.assert_called_with(replicas=2, shards=2, dry_run=False) - mocked_setup_logging.assert_called_once_with(user_log_config={}) - mocked_setup_logging.reset_mock() # this will mock the call to retrieve the database config # we will set it to return three shards @@ -108,10 +102,9 @@ def test_set_replicas(mock_reconfigure, monkeypatch, b, mocked_setup_logging): monkeypatch.setattr(rethinkdb.RqlQuery, 'run', mockreturn_three_shards) run_set_replicas(args) mock_reconfigure.assert_called_with(replicas=2, shards=3, dry_run=False) - mocked_setup_logging.assert_called_once_with(user_log_config={}) -def test_set_replicas_raises_exception(monkeypatch, b, mocked_setup_logging): +def test_set_replicas_raises_exception(monkeypatch, b): from bigchaindb.commands.bigchain import run_set_replicas # test that we are correctly catching the exception @@ -128,4 +121,3 @@ def test_set_replicas_raises_exception(monkeypatch, b, mocked_setup_logging): with pytest.raises(SystemExit) as exc: run_set_replicas(args) assert exc.value.args == ('Failed to reconfigure tables.',) - mocked_setup_logging.assert_called_once_with(user_log_config={}) diff --git a/tests/commands/test_commands.py b/tests/commands/test_commands.py index eebd86ea..50b995b0 100644 --- a/tests/commands/test_commands.py +++ b/tests/commands/test_commands.py @@ -74,7 +74,7 @@ def test_bigchain_run_start_assume_yes_create_default_config( # interfere with capsys. # See related issue: https://github.com/pytest-dev/pytest/issues/128 @pytest.mark.usefixtures('ignore_local_config_file') -def test_bigchain_show_config(capsys, mocked_setup_logging): +def test_bigchain_show_config(capsys): from bigchaindb import config from bigchaindb.commands.bigchain import run_show_config @@ -85,11 +85,9 @@ def test_bigchain_show_config(capsys, mocked_setup_logging): del config['CONFIGURED'] config['keypair']['private'] = 'x' * 45 assert output_config == config - mocked_setup_logging.assert_called_once_with(user_log_config={}) -def test_bigchain_export_my_pubkey_when_pubkey_set(capsys, monkeypatch, - mocked_setup_logging): +def test_bigchain_export_my_pubkey_when_pubkey_set(capsys, monkeypatch): from bigchaindb import config from bigchaindb.commands.bigchain import run_export_my_pubkey @@ -106,11 +104,9 @@ def test_bigchain_export_my_pubkey_when_pubkey_set(capsys, monkeypatch, lines = out.splitlines() assert config['keypair']['public'] in lines assert 'Charlie_Bucket' in lines - mocked_setup_logging.assert_called_once_with(user_log_config={}) -def test_bigchain_export_my_pubkey_when_pubkey_not_set(monkeypatch, - mocked_setup_logging): +def test_bigchain_export_my_pubkey_when_pubkey_not_set(monkeypatch): from bigchaindb import config from bigchaindb.commands.bigchain import run_export_my_pubkey @@ -126,49 +122,41 @@ def test_bigchain_export_my_pubkey_when_pubkey_not_set(monkeypatch, # https://docs.python.org/3/library/exceptions.html#SystemExit assert exc_info.value.code == \ "This node's public key wasn't set anywhere so it can't be exported" - mocked_setup_logging.assert_called_once_with(user_log_config={}) -def test_bigchain_run_init_when_db_exists(mocked_setup_logging, - mock_db_init_with_existing_db): +def test_bigchain_run_init_when_db_exists(mock_db_init_with_existing_db): from bigchaindb.commands.bigchain import run_init args = Namespace(config=None) run_init(args) - mocked_setup_logging.assert_called_once_with(user_log_config={}) @patch('bigchaindb.backend.schema.drop_database') -def test_drop_db_when_assumed_yes(mock_db_drop, mocked_setup_logging): +def test_drop_db_when_assumed_yes(mock_db_drop): from bigchaindb.commands.bigchain import run_drop args = Namespace(config=None, yes=True) run_drop(args) assert mock_db_drop.called - mocked_setup_logging.assert_called_once_with(user_log_config={}) @patch('bigchaindb.backend.schema.drop_database') -def test_drop_db_when_interactive_yes(mock_db_drop, monkeypatch, - mocked_setup_logging): +def test_drop_db_when_interactive_yes(mock_db_drop, monkeypatch): from bigchaindb.commands.bigchain import run_drop args = Namespace(config=None, yes=False) monkeypatch.setattr('bigchaindb.commands.bigchain.input_on_stderr', lambda x: 'y') run_drop(args) assert mock_db_drop.called - mocked_setup_logging.assert_called_once_with(user_log_config={}) @patch('bigchaindb.backend.schema.drop_database') -def test_drop_db_does_not_drop_when_interactive_no(mock_db_drop, monkeypatch, - mocked_setup_logging): +def test_drop_db_does_not_drop_when_interactive_no(mock_db_drop, monkeypatch): from bigchaindb.commands.bigchain import run_drop args = Namespace(config=None, yes=False) monkeypatch.setattr('bigchaindb.commands.bigchain.input_on_stderr', lambda x: 'n') run_drop(args) assert not mock_db_drop.called - mocked_setup_logging.assert_called_once_with(user_log_config={}) def test_run_configure_when_config_exists_and_skipping(monkeypatch): @@ -417,7 +405,7 @@ def test_calling_main(start_mock, base_parser_mock, parse_args_mock, @pytest.mark.usefixtures('ignore_local_config_file') @patch('bigchaindb.commands.bigchain.add_replicas') -def test_run_add_replicas(mock_add_replicas, mocked_setup_logging): +def test_run_add_replicas(mock_add_replicas): from bigchaindb.commands.bigchain import run_add_replicas from bigchaindb.backend.exceptions import OperationError @@ -427,9 +415,7 @@ def test_run_add_replicas(mock_add_replicas, mocked_setup_logging): mock_add_replicas.return_value = None assert run_add_replicas(args) is None assert mock_add_replicas.call_count == 1 - mocked_setup_logging.assert_called_once_with(user_log_config={}) mock_add_replicas.reset_mock() - mocked_setup_logging.reset_mock() # test add_replicas with `OperationError` mock_add_replicas.side_effect = OperationError('err') @@ -437,9 +423,7 @@ def test_run_add_replicas(mock_add_replicas, mocked_setup_logging): run_add_replicas(args) assert exc.value.args == ('err',) assert mock_add_replicas.call_count == 1 - mocked_setup_logging.assert_called_once_with(user_log_config={}) mock_add_replicas.reset_mock() - mocked_setup_logging.reset_mock() # test add_replicas with `NotImplementedError` mock_add_replicas.side_effect = NotImplementedError('err') @@ -447,14 +431,12 @@ def test_run_add_replicas(mock_add_replicas, mocked_setup_logging): run_add_replicas(args) assert exc.value.args == ('err',) assert mock_add_replicas.call_count == 1 - mocked_setup_logging.assert_called_once_with(user_log_config={}) mock_add_replicas.reset_mock() - mocked_setup_logging.reset_mock() @pytest.mark.usefixtures('ignore_local_config_file') @patch('bigchaindb.commands.bigchain.remove_replicas') -def test_run_remove_replicas(mock_remove_replicas, mocked_setup_logging): +def test_run_remove_replicas(mock_remove_replicas): from bigchaindb.commands.bigchain import run_remove_replicas from bigchaindb.backend.exceptions import OperationError @@ -464,8 +446,6 @@ def test_run_remove_replicas(mock_remove_replicas, mocked_setup_logging): mock_remove_replicas.return_value = None assert run_remove_replicas(args) is None assert mock_remove_replicas.call_count == 1 - mocked_setup_logging.assert_called_once_with(user_log_config={}) - mocked_setup_logging.reset_mock() mock_remove_replicas.reset_mock() # test add_replicas with `OperationError` @@ -474,8 +454,6 @@ def test_run_remove_replicas(mock_remove_replicas, mocked_setup_logging): run_remove_replicas(args) assert exc.value.args == ('err',) assert mock_remove_replicas.call_count == 1 - mocked_setup_logging.assert_called_once_with(user_log_config={}) - mocked_setup_logging.reset_mock() mock_remove_replicas.reset_mock() # test add_replicas with `NotImplementedError` @@ -484,6 +462,4 @@ def test_run_remove_replicas(mock_remove_replicas, mocked_setup_logging): run_remove_replicas(args) assert exc.value.args == ('err',) assert mock_remove_replicas.call_count == 1 - mocked_setup_logging.assert_called_once_with(user_log_config={}) - mocked_setup_logging.reset_mock() mock_remove_replicas.reset_mock() diff --git a/tests/commands/test_utils.py b/tests/commands/test_utils.py index 223c1f99..5f190717 100644 --- a/tests/commands/test_utils.py +++ b/tests/commands/test_utils.py @@ -1,7 +1,6 @@ import argparse from argparse import ArgumentTypeError, Namespace import logging -from logging import getLogger import pytest @@ -15,7 +14,7 @@ def reset_bigchaindb_config(monkeypatch): @pytest.mark.usefixtures('ignore_local_config_file', 'reset_bigchaindb_config') -def test_configure_bigchaindb_configures_bigchaindb(mocked_setup_logging): +def test_configure_bigchaindb_configures_bigchaindb(): from bigchaindb.commands.utils import configure_bigchaindb from bigchaindb.config_utils import is_configured assert not is_configured() @@ -26,7 +25,6 @@ def test_configure_bigchaindb_configures_bigchaindb(mocked_setup_logging): args = Namespace(config=None) test_configure(args) - mocked_setup_logging.assert_called_once_with(user_log_config={}) @pytest.mark.usefixtures('ignore_local_config_file', @@ -39,22 +37,19 @@ def test_configure_bigchaindb_configures_bigchaindb(mocked_setup_logging): logging.ERROR, logging.CRITICAL, )) -def test_configure_bigchaindb_configures_logging(log_level, - mocked_setup_sub_logger): +def test_configure_bigchaindb_logging(log_level): from bigchaindb.commands.utils import configure_bigchaindb - from bigchaindb.log.configs import PUBLISHER_LOGGING_CONFIG - root_logger = getLogger() - assert root_logger.level == logging.NOTSET + from bigchaindb import config + assert not config['log'] @configure_bigchaindb def test_configure_logger(args): - root_logger = getLogger() - assert root_logger.level == PUBLISHER_LOGGING_CONFIG['root']['level'] + pass args = Namespace(config=None, log_level=log_level) test_configure_logger(args) - mocked_setup_sub_logger.assert_called_once_with( - user_log_config={'level_console': log_level}) + from bigchaindb import config + assert config['log'] == {'level_console': log_level} def test_start_raises_if_command_not_implemented(): From b42264e27e934d34e0bbc63bf988ee1cb5120629 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Wed, 22 Mar 2017 14:46:21 +0100 Subject: [PATCH 151/283] Add commands subpackage documentation --- docs/server/source/appendices/commands.rst | 18 ++++++++++++++++++ docs/server/source/appendices/index.rst | 1 + 2 files changed, 19 insertions(+) create mode 100644 docs/server/source/appendices/commands.rst diff --git a/docs/server/source/appendices/commands.rst b/docs/server/source/appendices/commands.rst new file mode 100644 index 00000000..35d37b27 --- /dev/null +++ b/docs/server/source/appendices/commands.rst @@ -0,0 +1,18 @@ +###################### +Command Line Interface +###################### + +.. automodule:: bigchaindb.commands + :special-members: __init__ + + +:mod:`bigchaindb.commands.bigchain` +----------------------------------- + +.. automodule:: bigchaindb.commands.bigchain + + +:mod:`bigchaindb.commands.utils` +-------------------------------- + +.. automodule:: bigchaindb.commands.utils diff --git a/docs/server/source/appendices/index.rst b/docs/server/source/appendices/index.rst index 365bedfa..7beb27f5 100755 --- a/docs/server/source/appendices/index.rst +++ b/docs/server/source/appendices/index.rst @@ -16,6 +16,7 @@ Appendices consensus pipelines backend + commands aws-setup generate-key-pair-for-ssh firewall-notes From 054fb48ca8f4be1b88e864cd979b19edc58f75a4 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Wed, 22 Mar 2017 16:36:10 +0100 Subject: [PATCH 152/283] Set cmd line log level option default --- bigchaindb/commands/utils.py | 1 + 1 file changed, 1 insertion(+) diff --git a/bigchaindb/commands/utils.py b/bigchaindb/commands/utils.py index f4a311fa..b67c8ee8 100644 --- a/bigchaindb/commands/utils.py +++ b/bigchaindb/commands/utils.py @@ -196,6 +196,7 @@ base_parser.add_argument('-c', '--config', base_parser.add_argument('-l', '--log-level', choices=['DEBUG', 'INFO', 'WARNING', 'ERROR', 'CRITICAL'], + default='INFO', help='Log level') base_parser.add_argument('-y', '--yes', '--yes-please', From 6e3f25a1432eaa1ed9cc7a7e30a115130d5af25a Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Wed, 22 Mar 2017 17:39:04 +0100 Subject: [PATCH 153/283] Set log level for gunicorn --- bigchaindb/commands/utils.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/bigchaindb/commands/utils.py b/bigchaindb/commands/utils.py index b67c8ee8..cf8ddb4f 100644 --- a/bigchaindb/commands/utils.py +++ b/bigchaindb/commands/utils.py @@ -35,7 +35,10 @@ def configure_bigchaindb(command): @functools.wraps(command) def configure(args): try: - config_from_cmdline = {'log': {'level_console': args.log_level}} + config_from_cmdline = { + 'log': {'level_console': args.log_level}, + 'server': {'loglevel': args.log_level}, + } except AttributeError: config_from_cmdline = None bigchaindb.config_utils.autoconfigure( From cea78b3ae2aa3db943027788c3dd2e32e1f2490a Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Thu, 23 Mar 2017 15:28:01 +0100 Subject: [PATCH 154/283] Integrate gunicorn logs with bigchaindb logs Closes #1329 --- bigchaindb/__init__.py | 1 + bigchaindb/log/configs.py | 5 +++++ bigchaindb/log/loggers.py | 32 ++++++++++++++++++++++++++++++++ bigchaindb/log/setup.py | 9 +++++++-- tests/log/test_loggers.py | 18 ++++++++++++++++++ tests/test_config_utils.py | 1 + 6 files changed, 64 insertions(+), 2 deletions(-) create mode 100644 bigchaindb/log/loggers.py create mode 100644 tests/log/test_loggers.py diff --git a/bigchaindb/__init__.py b/bigchaindb/__init__.py index c0e4fd56..00085314 100644 --- a/bigchaindb/__init__.py +++ b/bigchaindb/__init__.py @@ -36,6 +36,7 @@ config = { 'bind': os.environ.get('BIGCHAINDB_SERVER_BIND') or 'localhost:9984', 'workers': None, # if none, the value will be cpu_count * 2 + 1 'threads': None, # if none, the value will be cpu_count * 2 + 1 + 'logger_class': 'bigchaindb.log.loggers.HttpServerLogger', }, 'database': _database_map[ os.environ.get('BIGCHAINDB_DATABASE_BACKEND', 'rethinkdb') diff --git a/bigchaindb/log/configs.py b/bigchaindb/log/configs.py index 1be5c485..9dac0dcb 100644 --- a/bigchaindb/log/configs.py +++ b/bigchaindb/log/configs.py @@ -1,7 +1,12 @@ import logging +from logging.handlers import DEFAULT_TCP_LOGGING_PORT from os.path import expanduser, join +DEFAULT_SOCKET_LOGGING_HOST = 'localhost' +DEFAULT_SOCKET_LOGGING_PORT = DEFAULT_TCP_LOGGING_PORT +DEFAULT_SOCKET_LOGGING_ADDR = (DEFAULT_SOCKET_LOGGING_HOST, + DEFAULT_SOCKET_LOGGING_PORT) DEFAULT_LOG_DIR = expanduser('~') PUBLISHER_LOGGING_CONFIG = { diff --git a/bigchaindb/log/loggers.py b/bigchaindb/log/loggers.py new file mode 100644 index 00000000..f8c18320 --- /dev/null +++ b/bigchaindb/log/loggers.py @@ -0,0 +1,32 @@ +import logging.handlers + +from gunicorn.glogging import Logger + +from .configs import DEFAULT_SOCKET_LOGGING_HOST, DEFAULT_SOCKET_LOGGING_PORT + + +class HttpServerLogger(Logger): + """Custom logger class for ``gunicorn`` logs. + + Meant for internal usage only, to set the ``logger_class`` + configuration setting on gunicorn. + + """ + def setup(self, cfg): + """Setup the gunicorn access and error loggers. This overrides + the parent method. Its main goal is to simply pipe all the logs to + the TCP socket used througout BigchainDB. + + Args: + cfg (:obj:`gunicorn.config.Config`): Gunicorn configuration + object. *Ignored*. + + """ + self._set_socklog_handler(self.error_log) + self._set_socklog_handler(self.access_log) + + def _set_socklog_handler(self, log): + socket_handler = logging.handlers.SocketHandler( + DEFAULT_SOCKET_LOGGING_HOST, DEFAULT_SOCKET_LOGGING_PORT) + socket_handler._gunicorn = True + log.addHandler(socket_handler) diff --git a/bigchaindb/log/setup.py b/bigchaindb/log/setup.py index fdf8e49b..f3e8f7a3 100644 --- a/bigchaindb/log/setup.py +++ b/bigchaindb/log/setup.py @@ -9,7 +9,12 @@ import struct import sys from multiprocessing import Process -from .configs import PUBLISHER_LOGGING_CONFIG, SUBSCRIBER_LOGGING_CONFIG +from .configs import ( + DEFAULT_SOCKET_LOGGING_HOST, + DEFAULT_SOCKET_LOGGING_PORT, + PUBLISHER_LOGGING_CONFIG, + SUBSCRIBER_LOGGING_CONFIG, +) from bigchaindb.common.exceptions import ConfigurationError @@ -23,7 +28,7 @@ def _normalize_log_level(level): def setup_pub_logger(): dictConfig(PUBLISHER_LOGGING_CONFIG) socket_handler = logging.handlers.SocketHandler( - 'localhost', logging.handlers.DEFAULT_TCP_LOGGING_PORT) + DEFAULT_SOCKET_LOGGING_HOST, DEFAULT_SOCKET_LOGGING_PORT) socket_handler.setLevel(logging.DEBUG) logger = logging.getLogger() logger.addHandler(socket_handler) diff --git a/tests/log/test_loggers.py b/tests/log/test_loggers.py new file mode 100644 index 00000000..795de046 --- /dev/null +++ b/tests/log/test_loggers.py @@ -0,0 +1,18 @@ +from logging.handlers import SocketHandler + + +class TestHttpServerLogger: + + def test_init(self, mocker): + from bigchaindb.log.configs import ( + DEFAULT_SOCKET_LOGGING_ADDR as expected_socket_address) + from bigchaindb.log.loggers import HttpServerLogger + mocked_config = mocker.patch( + 'gunicorn.config.Config', autospec=True, spec_set=True) + logger = HttpServerLogger(mocked_config.return_value) + assert len(logger.access_log.handlers) == 1 + assert len(logger.error_log.handlers) == 1 + assert isinstance(logger.access_log.handlers[0], SocketHandler) + assert isinstance(logger.error_log.handlers[0], SocketHandler) + assert logger.access_log.handlers[0].address == expected_socket_address + assert logger.error_log.handlers[0].address == expected_socket_address diff --git a/tests/test_config_utils.py b/tests/test_config_utils.py index 4234e242..2e843914 100644 --- a/tests/test_config_utils.py +++ b/tests/test_config_utils.py @@ -195,6 +195,7 @@ def test_autoconfigure_read_both_from_file_and_env(monkeypatch, request): 'bind': SERVER_BIND, 'workers': None, 'threads': None, + 'logger_class': 'bigchaindb.log.loggers.HttpServerLogger', }, 'database': database, 'keypair': { From f5a32e35c5f2bdea89fcf79cb821e6f694b050f7 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Thu, 23 Mar 2017 18:21:55 +0100 Subject: [PATCH 155/283] docs: 1st draft of page about updating all s/w on a BDB node on k8s --- .../cloud-deployment-templates/index.rst | 2 + .../upgrade-on-kubernetes.rst | 105 ++++++++++++++++++ 2 files changed, 107 insertions(+) create mode 100644 docs/server/source/cloud-deployment-templates/upgrade-on-kubernetes.rst diff --git a/docs/server/source/cloud-deployment-templates/index.rst b/docs/server/source/cloud-deployment-templates/index.rst index 837dc66d..28ac7923 100644 --- a/docs/server/source/cloud-deployment-templates/index.rst +++ b/docs/server/source/cloud-deployment-templates/index.rst @@ -16,3 +16,5 @@ If you find the cloud deployment templates for nodes helpful, then you may also template-kubernetes-azure node-on-kubernetes add-node-on-kubernetes + upgrade-on-kubernetes + \ No newline at end of file diff --git a/docs/server/source/cloud-deployment-templates/upgrade-on-kubernetes.rst b/docs/server/source/cloud-deployment-templates/upgrade-on-kubernetes.rst new file mode 100644 index 00000000..348abf22 --- /dev/null +++ b/docs/server/source/cloud-deployment-templates/upgrade-on-kubernetes.rst @@ -0,0 +1,105 @@ +Kubernetes Template: Upgrade all Software in a BigchainDB Node +============================================================== + +This page outlines how to upgrade all the software associated +with a BigchainDB node running on Kubernetes, +including host operating systems, Docker, Kubernetes, +and BigchainDB-related software. + + +Upgrade Host OS, Docker and Kubernetes +-------------------------------------- + +Some Kubernetes installation & management systems +can do full or partial upgrades of host OSes, Docker, +or Kubernetes, e.g. +`Tectonic `_, +`Rancher `_, +and +`Kubo `_. +Consult the documentation for your system. + +**Azure Container Service (ACS).** +On Dec. 15, 2016, a Microsoft employee +`wrote `_: +"In the coming months we [the Azure Kubernetes team] will be building managed updates in the ACS service." +At the time of writing, managed updates were not yet available, +but you should check the latest +`ACS documentation `_ +to see what's available now. +Also at the time of writing, ACS only supported Ubuntu +as the host (master and agent) operating system. +You can upgrade Ubuntu and Docker on Azure +by SSHing into each of the hosts, +as documented on +:ref:`another page `. + +In general, you can SSH to each host in your Kubernetes Cluster +to update the OS and Docker. + +.. note:: + + Once you are in an SSH session with a host, + the ``docker info`` command is a handy way to detemine the + host OS (including version) and the Docker version. + +When you want to upgrade the software on a Kubernetes node, +you should "drain" the node first, +i.e. tell Kubernetes to gracefully terminate all pods +on the node and mark it as unscheduleable +(so no new pods get put on the node during its downtime). + +.. code:: + + kubectl drain $NODENAME + +There are `more details in the Kubernetes docs `_, +including instructions to make the node scheduleable again. + +To manually upgrade the host OS, +see the docs for that OS. + +To manually upgrade Docker, see +`the Docker docs `_. + +To manually upgrade all Kubernetes software in your Kubernetes cluster, see +`the Kubernetes docs `_. + + +Upgrade BigchainDB-Related Software +----------------------------------- + +We use Kubernetes "Deployments" for NGINX, BigchainDB, +and most other BigchainDB-related software. +The only exception is MongoDB; we use a Kubernetes +StatefulSet for that. + +The nice thing about Kubernetes Deployments +is that Kubernetes can manage most of the upgrade process. +A typical upgrade workflow for a single Deployment would be: + +.. code:: + + $ KUBE_EDITOR=nano kubectl edit deployment/ + +The `kubectl edit `_ +command opens the specified editor (nano in the above example), +allowing you to edit the specified Deployment *in the Kubernetes cluster*. +You can change the version tag on the Docker image, for example. +Don't forget to save your edits before exiting the editor. +The Kubernetes docs have more information about +`updating a Deployment `_. + + +The upgrade story for the MongoDB StatefulSet is *different*. +(This is because MongoDB has persistent state, +which is stored in some storage associated with a PersistentVolumeClaim.) +At the time of writing, StatefulSets were still in beta, +and they did not support automated image upgrade (Docker image tag upgrade). +We expect that to change. +Rather than trying to keep these docs up-to-date, +we advise you to check out the current +`Kubernetes docs about updating containers in StatefulSets +`_. + + From c61e3333d0e37405dcb2a7d2f30e46672bb44fa0 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Fri, 24 Mar 2017 10:57:56 +0100 Subject: [PATCH 156/283] improved readthedocs.org instructions in Release_Process.md --- Release_Process.md | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/Release_Process.md b/Release_Process.md index ec51ceaf..22572837 100644 --- a/Release_Process.md +++ b/Release_Process.md @@ -45,10 +45,16 @@ These steps are common between minor and patch releases: 1. Make sure your local Git is in the same state as the release: e.g. `git fetch ` and `git checkout v0.9.1` 1. Make sure you have a `~/.pypirc` file containing credentials for PyPI 1. Do a `make release` to build and publish the new `bigchaindb` package on PyPI -1. Login to readthedocs.org as a maintainer of the BigchainDB Server docs. - Go to Admin --> Versions and under **Choose Active Versions**, make sure that the new version's tag is - "Active" and "Public", and make sure the new version's branch - (without the 'v' in front) is _not_ active -1. Also in readthedocs.org, go to Admin --> Advanced Settings - and make sure that "Default branch:" (i.e. what "latest" points to) - is set to the new release's tag, e.g. `v0.9.1`. (Don't miss the 'v' in front.) +1. [Login to readthedocs.org](https://readthedocs.org/accounts/login/) + as a maintainer of the BigchainDB Server docs, and: + - Go to Admin --> Advanced Settings + and make sure that "Default branch:" (i.e. what "latest" points to) + is set to the new release's tag, e.g. `v0.9.1`. + (Don't miss the 'v' in front.) + - Go to Admin --> Versions + and under **Choose Active Versions**, do these things: + 1. Make sure that the new version's tag is "Active" and "Public" + 2. Make sure the new version's branch + (without the 'v' in front) is _not_ active. + 3. Make sure the **stable** branch is _not_ active. + 4. Scroll to the bottom of the page and click the Submit button. From 0edb1c18f2c5f678cba86ad5c91a30502e2c7c6d Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Fri, 24 Mar 2017 11:56:35 +0100 Subject: [PATCH 157/283] Keep gunicorn logger_class internal closes #1334 --- bigchaindb/__init__.py | 1 - bigchaindb/web/server.py | 1 + tests/test_config_utils.py | 1 - 3 files changed, 1 insertion(+), 2 deletions(-) diff --git a/bigchaindb/__init__.py b/bigchaindb/__init__.py index 00085314..c0e4fd56 100644 --- a/bigchaindb/__init__.py +++ b/bigchaindb/__init__.py @@ -36,7 +36,6 @@ config = { 'bind': os.environ.get('BIGCHAINDB_SERVER_BIND') or 'localhost:9984', 'workers': None, # if none, the value will be cpu_count * 2 + 1 'threads': None, # if none, the value will be cpu_count * 2 + 1 - 'logger_class': 'bigchaindb.log.loggers.HttpServerLogger', }, 'database': _database_map[ os.environ.get('BIGCHAINDB_DATABASE_BACKEND', 'rethinkdb') diff --git a/bigchaindb/web/server.py b/bigchaindb/web/server.py index bcd44d11..b1525f9f 100644 --- a/bigchaindb/web/server.py +++ b/bigchaindb/web/server.py @@ -88,6 +88,7 @@ def create_server(settings): if not settings.get('threads'): settings['threads'] = (multiprocessing.cpu_count() * 2) + 1 + settings['logger_class'] = 'bigchaindb.log.loggers.HttpServerLogger' app = create_app(debug=settings.get('debug', False), threads=settings['threads']) standalone = StandaloneApplication(app, settings) diff --git a/tests/test_config_utils.py b/tests/test_config_utils.py index 2e843914..4234e242 100644 --- a/tests/test_config_utils.py +++ b/tests/test_config_utils.py @@ -195,7 +195,6 @@ def test_autoconfigure_read_both_from_file_and_env(monkeypatch, request): 'bind': SERVER_BIND, 'workers': None, 'threads': None, - 'logger_class': 'bigchaindb.log.loggers.HttpServerLogger', }, 'database': database, 'keypair': { From 9fd40682f235d043b12e48f83308a2b4e6de9087 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Fri, 24 Mar 2017 15:38:27 +0100 Subject: [PATCH 158/283] docs re: database.connection_timeout and database.max_tries --- .../source/server-reference/configuration.md | 27 +++++++++++++++---- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/docs/server/source/server-reference/configuration.md b/docs/server/source/server-reference/configuration.md index 4cd9e9d4..42f22d4e 100644 --- a/docs/server/source/server-reference/configuration.md +++ b/docs/server/source/server-reference/configuration.md @@ -16,6 +16,8 @@ For convenience, here's a list of all the relevant environment variables (docume `BIGCHAINDB_DATABASE_PORT`
`BIGCHAINDB_DATABASE_NAME`
`BIGCHAINDB_DATABASE_REPLICASET`
+`BIGCHAINDB_DATABASE_CONNECTION_TIMEOUT`
+`BIGCHAINDB_DATABASE_MAX_TRIES`
`BIGCHAINDB_SERVER_BIND`
`BIGCHAINDB_SERVER_WORKERS`
`BIGCHAINDB_SERVER_THREADS`
@@ -85,9 +87,18 @@ Note how the keys in the list are separated by colons. ``` -## database.backend, database.host, database.port, database.name & database.replicaset +## database.* -The database backend to use (`rethinkdb` or `mongodb`) and its hostname, port and name. If the database backend is `mongodb`, then there's a fifth setting: the name of the replica set. If the database backend is `rethinkdb`, you *can* set the name of the replica set, but it won't be used for anything. +The settings with names of the form `database.*` are for the database backend +(currently either RethinkDB or MongoDB). They are: + +* `database.backend` is either `rethinkdb` or `mongodb`. +* `database.host` is the hostname (FQDN) of the backend database. +* `database.port` is self-explanatory. +* `database.name` is a user-chosen name for the database inside RethinkDB or MongoDB, e.g. `bigchain`. +* `database.replicaset` is only relevant if using MongoDB; it's the name of the MongoDB replica set, e.g. `bigchain-rs`. +* `database.connection_timeout` is the maximum number of milliseconds that BigchainDB will wait before giving up on one attempt to connect to the database backend. +* `database.max_tries` is the maximum number of times that BigchainDB will try to establish a connection with the database backend. If 0, then it will try forever. **Example using environment variables** ```text @@ -96,6 +107,8 @@ export BIGCHAINDB_DATABASE_HOST=localhost export BIGCHAINDB_DATABASE_PORT=27017 export BIGCHAINDB_DATABASE_NAME=bigchain export BIGCHAINDB_DATABASE_REPLICASET=bigchain-rs +export BIGCHAINDB_DATABASE_CONNECTION_TIMEOUT=5000 +export BIGCHAINDB_DATABASE_MAX_TRIES=3 ``` **Default values** @@ -105,8 +118,10 @@ If (no environment variables were set and there's no local config file), or you "database": { "backend": "rethinkdb", "host": "localhost", + "port": 28015, "name": "bigchain", - "port": 28015 + "connection_timeout": 5000, + "max_tries": 3 } ``` @@ -115,9 +130,11 @@ If you used `bigchaindb -y configure mongodb` to create a default local config f "database": { "backend": "mongodb", "host": "localhost", - "name": "bigchain", "port": 27017, - "replicaset": "bigchain-rs" + "name": "bigchain", + "replicaset": "bigchain-rs", + "connection_timeout": 5000, + "max_tries": 3 } ``` From 58d80e9731333eced2bbd513cf9f71f4281fc6bf Mon Sep 17 00:00:00 2001 From: Thomas Conte Date: Mon, 27 Mar 2017 10:43:40 +0200 Subject: [PATCH 159/283] Fix ssl param default value --- bigchaindb/backend/connection.py | 5 ++--- bigchaindb/backend/mongodb/connection.py | 5 ++--- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/bigchaindb/backend/connection.py b/bigchaindb/backend/connection.py index 56b5cd82..b717703b 100644 --- a/bigchaindb/backend/connection.py +++ b/bigchaindb/backend/connection.py @@ -16,7 +16,7 @@ logger = logging.getLogger(__name__) def connect(backend=None, host=None, port=None, name=None, max_tries=None, - connection_timeout=None, replicaset=None, ssl=False, login=None, password=None): + connection_timeout=None, replicaset=None, ssl=None, login=None, password=None): """Create a new connection to the database backend. All arguments default to the current configuration's values if not @@ -50,8 +50,7 @@ def connect(backend=None, host=None, port=None, name=None, max_tries=None, # to handle these these additional args. In case of RethinkDBConnection # it just does not do anything with it. replicaset = replicaset or bigchaindb.config['database'].get('replicaset') - ssl = bigchaindb.config['database'].get('ssl') if bigchaindb.config['database'].get('ssl') is not None \ - else ssl + ssl = ssl if ssl is not None else bigchaindb.config['database'].get('ssl', False) login = login or bigchaindb.config['database'].get('login') password = password or bigchaindb.config['database'].get('password') diff --git a/bigchaindb/backend/mongodb/connection.py b/bigchaindb/backend/mongodb/connection.py index 8b30b2db..5c54470a 100644 --- a/bigchaindb/backend/mongodb/connection.py +++ b/bigchaindb/backend/mongodb/connection.py @@ -16,7 +16,7 @@ logger = logging.getLogger(__name__) class MongoDBConnection(Connection): - def __init__(self, replicaset=None, ssl=False, login=None, password=None, **kwargs): + def __init__(self, replicaset=None, ssl=None, login=None, password=None, **kwargs): """Create a new Connection instance. Args: @@ -28,8 +28,7 @@ class MongoDBConnection(Connection): super().__init__(**kwargs) self.replicaset = replicaset or bigchaindb.config['database']['replicaset'] - self.ssl = bigchaindb.config['database'].get('ssl') if bigchaindb.config['database'].get('ssl') is not None \ - else ssl + self.ssl = ssl if ssl is not None else bigchaindb.config['database'].get('ssl', False) self.login = login or bigchaindb.config['database'].get('login') self.password = password or bigchaindb.config['database'].get('password') From 441ad914cf854ba64769ed3ce1bf5dd911fc9e24 Mon Sep 17 00:00:00 2001 From: vrde Date: Tue, 28 Mar 2017 11:24:16 +0200 Subject: [PATCH 160/283] Improve test coverage --- tests/backend/mongodb/test_connection.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/backend/mongodb/test_connection.py b/tests/backend/mongodb/test_connection.py index e0b161b0..3edc31b1 100644 --- a/tests/backend/mongodb/test_connection.py +++ b/tests/backend/mongodb/test_connection.py @@ -99,6 +99,18 @@ def test_connection_run_errors(mock_client, mock_init_repl_set): assert query.run.call_count == 1 +@mock.patch('pymongo.database.Database.authenticate') +def test_connection_with_credentials(mock_authenticate): + import bigchaindb + from bigchaindb.backend.mongodb.connection import MongoDBConnection + conn = MongoDBConnection(host=bigchaindb.config['database']['host'], + port=bigchaindb.config['database']['port'], + login='theplague', + password='secret') + conn.connect() + assert mock_authenticate.call_count == 2 + + def test_check_replica_set_not_enabled(mongodb_connection): from bigchaindb.backend.mongodb.connection import _check_replica_set from bigchaindb.common.exceptions import ConfigurationError From 9679561d89c0c0fcf22c67dfb9b9a83737c5543d Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Tue, 28 Mar 2017 12:14:50 +0200 Subject: [PATCH 161/283] Update pytest command in Makefile Use new command "pytest", add verbosity, and distribute tests across available CPU cores --- Makefile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 7fc9c1c0..afa992bf 100644 --- a/Makefile +++ b/Makefile @@ -51,8 +51,7 @@ lint: ## check style with flake8 flake8 bigchaindb tests test: ## run tests quickly with the default Python - py.test - + pytest -v -n auto test-all: ## run tests on every Python version with tox tox From 1083e04dd5eaad5289470fe478a37e03f32ec3ee Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Tue, 28 Mar 2017 12:17:35 +0200 Subject: [PATCH 162/283] Fix Makefile (test) coverage target --- Makefile | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index afa992bf..37bf6db8 100644 --- a/Makefile +++ b/Makefile @@ -57,11 +57,8 @@ test-all: ## run tests on every Python version with tox tox coverage: ## check code coverage quickly with the default Python - coverage run --source bigchaindb py.test - - coverage report -m - coverage html - $(BROWSER) htmlcov/index.html + pytest -v -n auto --cov=bigchaindb --cov-report term --cov-report html + $(BROWSER) htmlcov/index.html docs: ## generate Sphinx HTML documentation, including API docs $(MAKE) -C docs/root clean From 699e615d47bb6b24f4d373c8edfd3a84d4b6e0c1 Mon Sep 17 00:00:00 2001 From: vrde Date: Tue, 28 Mar 2017 14:51:02 +0200 Subject: [PATCH 163/283] Add ssl, login, and passwd to configure command --- bigchaindb/__init__.py | 36 +++++++++++++++++++++++++++------ bigchaindb/commands/bigchain.py | 3 ++- tests/test_config_utils.py | 12 +++++++++++ 3 files changed, 44 insertions(+), 7 deletions(-) diff --git a/bigchaindb/__init__.py b/bigchaindb/__init__.py index 1df2551c..53e7fd2b 100644 --- a/bigchaindb/__init__.py +++ b/bigchaindb/__init__.py @@ -5,24 +5,48 @@ import os # PORT_NUMBER = reduce(lambda x, y: x * y, map(ord, 'BigchainDB')) % 2**16 # basically, the port number is 9984 -_database_rethinkdb = { - 'backend': os.environ.get('BIGCHAINDB_DATABASE_BACKEND', 'rethinkdb'), + +_base_database_rethinkdb = { 'host': os.environ.get('BIGCHAINDB_DATABASE_HOST', 'localhost'), 'port': int(os.environ.get('BIGCHAINDB_DATABASE_PORT', 28015)), 'name': os.environ.get('BIGCHAINDB_DATABASE_NAME', 'bigchain'), - 'connection_timeout': 5000, - 'max_tries': 3, } -_database_mongodb = { - 'backend': os.environ.get('BIGCHAINDB_DATABASE_BACKEND', 'mongodb'), +# This might sound excessive, but having an order on the keys will +# stress users (and us) less. +_base_database_rethinkdb_keys = ('host', 'port', 'name') + +_base_database_mongodb = { 'host': os.environ.get('BIGCHAINDB_DATABASE_HOST', 'localhost'), 'port': int(os.environ.get('BIGCHAINDB_DATABASE_PORT', 27017)), 'name': os.environ.get('BIGCHAINDB_DATABASE_NAME', 'bigchain'), 'replicaset': os.environ.get('BIGCHAINDB_DATABASE_REPLICASET', 'bigchain-rs'), + 'ssl': bool(os.environ.get('BIGCHAINDB_DATABASE_SSL', False)), + 'login': os.environ.get('BIGCHAINDB_DATABASE_LOGIN'), + 'password': os.environ.get('BIGCHAINDB_DATABASE_PASSWORD') +} + +_base_database_mongodb_keys = ('host', 'port', 'name', 'replicaset', + 'ssl', 'login', 'password') + +_database_rethinkdb = { + 'backend': os.environ.get('BIGCHAINDB_DATABASE_BACKEND', 'rethinkdb'), 'connection_timeout': 5000, 'max_tries': 3, } +_database_rethinkdb.update(_base_database_rethinkdb) + +_database_mongodb = { + 'backend': os.environ.get('BIGCHAINDB_DATABASE_BACKEND', 'mongodb'), + 'connection_timeout': 5000, + 'max_tries': 3, +} +_database_mongodb.update(_base_database_mongodb) + +_database_keys_map = { + 'mongodb': _base_database_mongodb_keys, + 'rethinkdb': _base_database_rethinkdb_keys +} _database_map = { 'mongodb': _database_mongodb, diff --git a/bigchaindb/commands/bigchain.py b/bigchaindb/commands/bigchain.py index efefa9d7..a5ec9c6a 100644 --- a/bigchaindb/commands/bigchain.py +++ b/bigchaindb/commands/bigchain.py @@ -90,6 +90,7 @@ def run_configure(args, skip_if_exists=False): # select the correct config defaults based on the backend print('Generating default configuration for backend {}' .format(args.backend), file=sys.stderr) + database_keys = bigchaindb._database_keys_map[args.backend] conf['database'] = bigchaindb._database_map[args.backend] if not args.yes: @@ -99,7 +100,7 @@ def run_configure(args, skip_if_exists=False): input_on_stderr('API Server {}? (default `{}`): '.format(key, val)) \ or val - for key in ('host', 'port', 'name'): + for key in database_keys: val = conf['database'][key] conf['database'][key] = \ input_on_stderr('Database {}? (default `{}`): '.format(key, val)) \ diff --git a/tests/test_config_utils.py b/tests/test_config_utils.py index 0fa5135b..d81f5f75 100644 --- a/tests/test_config_utils.py +++ b/tests/test_config_utils.py @@ -19,6 +19,15 @@ def clean_config(monkeypatch, request): monkeypatch.setattr('bigchaindb.config', original_config) +def test_ordered_keys_match_database_config(): + import bigchaindb + + assert set(bigchaindb._base_database_rethinkdb.keys()) ==\ + set(bigchaindb._base_database_rethinkdb_keys) + assert set(bigchaindb._base_database_mongodb.keys()) ==\ + set(bigchaindb._base_database_mongodb_keys) + + def test_bigchain_instance_is_initialized_when_conf_provided(request): import bigchaindb from bigchaindb import config_utils @@ -181,6 +190,9 @@ def test_autoconfigure_read_both_from_file_and_env(monkeypatch, request): 'connection_timeout': 5000, 'max_tries': 3, 'replicaset': 'bigchain-rs', + 'ssl': False, + 'login': None, + 'password': None } database = {} From 047108046acd57dcd6bbddd344d5a213def1d985 Mon Sep 17 00:00:00 2001 From: vrde Date: Tue, 28 Mar 2017 15:01:10 +0200 Subject: [PATCH 164/283] Revert "Add ssl, login, and passwd to configure command" This reverts commit 699e615d47bb6b24f4d373c8edfd3a84d4b6e0c1. --- bigchaindb/__init__.py | 36 ++++++--------------------------- bigchaindb/commands/bigchain.py | 3 +-- tests/test_config_utils.py | 12 ----------- 3 files changed, 7 insertions(+), 44 deletions(-) diff --git a/bigchaindb/__init__.py b/bigchaindb/__init__.py index 53e7fd2b..1df2551c 100644 --- a/bigchaindb/__init__.py +++ b/bigchaindb/__init__.py @@ -5,48 +5,24 @@ import os # PORT_NUMBER = reduce(lambda x, y: x * y, map(ord, 'BigchainDB')) % 2**16 # basically, the port number is 9984 - -_base_database_rethinkdb = { +_database_rethinkdb = { + 'backend': os.environ.get('BIGCHAINDB_DATABASE_BACKEND', 'rethinkdb'), 'host': os.environ.get('BIGCHAINDB_DATABASE_HOST', 'localhost'), 'port': int(os.environ.get('BIGCHAINDB_DATABASE_PORT', 28015)), 'name': os.environ.get('BIGCHAINDB_DATABASE_NAME', 'bigchain'), + 'connection_timeout': 5000, + 'max_tries': 3, } -# This might sound excessive, but having an order on the keys will -# stress users (and us) less. -_base_database_rethinkdb_keys = ('host', 'port', 'name') - -_base_database_mongodb = { +_database_mongodb = { + 'backend': os.environ.get('BIGCHAINDB_DATABASE_BACKEND', 'mongodb'), 'host': os.environ.get('BIGCHAINDB_DATABASE_HOST', 'localhost'), 'port': int(os.environ.get('BIGCHAINDB_DATABASE_PORT', 27017)), 'name': os.environ.get('BIGCHAINDB_DATABASE_NAME', 'bigchain'), 'replicaset': os.environ.get('BIGCHAINDB_DATABASE_REPLICASET', 'bigchain-rs'), - 'ssl': bool(os.environ.get('BIGCHAINDB_DATABASE_SSL', False)), - 'login': os.environ.get('BIGCHAINDB_DATABASE_LOGIN'), - 'password': os.environ.get('BIGCHAINDB_DATABASE_PASSWORD') -} - -_base_database_mongodb_keys = ('host', 'port', 'name', 'replicaset', - 'ssl', 'login', 'password') - -_database_rethinkdb = { - 'backend': os.environ.get('BIGCHAINDB_DATABASE_BACKEND', 'rethinkdb'), 'connection_timeout': 5000, 'max_tries': 3, } -_database_rethinkdb.update(_base_database_rethinkdb) - -_database_mongodb = { - 'backend': os.environ.get('BIGCHAINDB_DATABASE_BACKEND', 'mongodb'), - 'connection_timeout': 5000, - 'max_tries': 3, -} -_database_mongodb.update(_base_database_mongodb) - -_database_keys_map = { - 'mongodb': _base_database_mongodb_keys, - 'rethinkdb': _base_database_rethinkdb_keys -} _database_map = { 'mongodb': _database_mongodb, diff --git a/bigchaindb/commands/bigchain.py b/bigchaindb/commands/bigchain.py index a5ec9c6a..efefa9d7 100644 --- a/bigchaindb/commands/bigchain.py +++ b/bigchaindb/commands/bigchain.py @@ -90,7 +90,6 @@ def run_configure(args, skip_if_exists=False): # select the correct config defaults based on the backend print('Generating default configuration for backend {}' .format(args.backend), file=sys.stderr) - database_keys = bigchaindb._database_keys_map[args.backend] conf['database'] = bigchaindb._database_map[args.backend] if not args.yes: @@ -100,7 +99,7 @@ def run_configure(args, skip_if_exists=False): input_on_stderr('API Server {}? (default `{}`): '.format(key, val)) \ or val - for key in database_keys: + for key in ('host', 'port', 'name'): val = conf['database'][key] conf['database'][key] = \ input_on_stderr('Database {}? (default `{}`): '.format(key, val)) \ diff --git a/tests/test_config_utils.py b/tests/test_config_utils.py index d81f5f75..0fa5135b 100644 --- a/tests/test_config_utils.py +++ b/tests/test_config_utils.py @@ -19,15 +19,6 @@ def clean_config(monkeypatch, request): monkeypatch.setattr('bigchaindb.config', original_config) -def test_ordered_keys_match_database_config(): - import bigchaindb - - assert set(bigchaindb._base_database_rethinkdb.keys()) ==\ - set(bigchaindb._base_database_rethinkdb_keys) - assert set(bigchaindb._base_database_mongodb.keys()) ==\ - set(bigchaindb._base_database_mongodb_keys) - - def test_bigchain_instance_is_initialized_when_conf_provided(request): import bigchaindb from bigchaindb import config_utils @@ -190,9 +181,6 @@ def test_autoconfigure_read_both_from_file_and_env(monkeypatch, request): 'connection_timeout': 5000, 'max_tries': 3, 'replicaset': 'bigchain-rs', - 'ssl': False, - 'login': None, - 'password': None } database = {} From c6de90fa79c080bb1403260b36f873e0ed1b4a69 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Wed, 29 Mar 2017 09:56:41 +0200 Subject: [PATCH 165/283] Upgrade rapidjson to latest 0.0.11 --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 7a38bb1f..5fb201f4 100644 --- a/setup.py +++ b/setup.py @@ -67,7 +67,7 @@ install_requires = [ 'pymongo~=3.4', 'pysha3~=1.0.2', 'cryptoconditions>=0.5.0', - 'python-rapidjson==0.0.8', + 'python-rapidjson==0.0.11', 'logstats>=0.2.1', 'flask>=0.10.1', 'flask-restful~=0.3.0', From ead832a130ed2136dac7735e502af5b708468b3a Mon Sep 17 00:00:00 2001 From: morrme Date: Mon, 27 Mar 2017 05:13:29 -0500 Subject: [PATCH 166/283] added Python 3.6 per issue #1331 --- .travis.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index da7ae05f..e558d154 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,7 +4,8 @@ cache: pip python: - 3.4 - 3.5 - + - 3.6 + env: - TOXENV=flake8 - TOXENV=docsroot @@ -30,6 +31,12 @@ matrix: env: BIGCHAINDB_DATABASE_BACKEND=rethinkdb - python: 3.5 env: BIGCHAINDB_DATABASE_BACKEND=mongodb + - python: 3.6 + addons: + rethinkdb: '2.3.5' + env: BIGCHAINDB_DATABASE_BACKEND=rethinkdb + - python: 3.6 + env: BIGCHAINDB_DATABASE_BACKEND=mongodb before_install: sudo .ci/travis-before-install.sh From 5c2bab078fac8bdd65a3ec77a8e524084fff0c70 Mon Sep 17 00:00:00 2001 From: morrme Date: Mon, 27 Mar 2017 05:14:40 -0500 Subject: [PATCH 167/283] Update tox.ini --- tox.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tox.ini b/tox.ini index d2cd2a2c..8f299471 100644 --- a/tox.ini +++ b/tox.ini @@ -1,6 +1,6 @@ [tox] skipsdist = true -envlist = py{34,35}-{rethinkdb,mongodb}, flake8, docsroot, docsserver +envlist = py{34,35,36}-{rethinkdb,mongodb}, flake8, docsroot, docsserver [base] basepython = python3.5 From 4bcd7dd1e2a80feb56d5e0fd4d93f1879b6f9ae2 Mon Sep 17 00:00:00 2001 From: Rodolphe Marques Date: Thu, 30 Mar 2017 14:56:33 +0200 Subject: [PATCH 168/283] Delete outdated speed-tests folder --- speed-tests/README.md | 3 -- speed-tests/speed_tests.py | 97 -------------------------------------- 2 files changed, 100 deletions(-) delete mode 100644 speed-tests/README.md delete mode 100644 speed-tests/speed_tests.py diff --git a/speed-tests/README.md b/speed-tests/README.md deleted file mode 100644 index 7b07d338..00000000 --- a/speed-tests/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# Speed Tests - -This folder contains tests related to the code performance of a single node. \ No newline at end of file diff --git a/speed-tests/speed_tests.py b/speed-tests/speed_tests.py deleted file mode 100644 index 87a81b0f..00000000 --- a/speed-tests/speed_tests.py +++ /dev/null @@ -1,97 +0,0 @@ -import json -import time - -import rapidjson -from line_profiler import LineProfiler - -import bigchaindb - -# BIG TODO: Adjust for new transaction model - - -def speedtest_validate_transaction(): - # create a transaction - b = bigchaindb.Bigchain() - tx = b.create_transaction(b.me, b.me, None, 'CREATE') - tx_signed = b.sign_transaction(tx, b.me_private) - - # setup the profiler - profiler = LineProfiler() - profiler.enable_by_count() - profiler.add_function(bigchaindb.Bigchain.validate_transaction) - - # validate_transaction 1000 times - for i in range(1000): - b.validate_transaction(tx_signed) - - profiler.print_stats() - - -def speedtest_serialize_block_json(): - # create a block - b = bigchaindb.Bigchain() - tx = b.create_transaction(b.me, b.me, None, 'CREATE') - tx_signed = b.sign_transaction(tx, b.me_private) - block = b.create_block([tx_signed] * 1000) - - time_start = time.time() - for _ in range(1000): - _ = json.dumps(block, skipkeys=False, ensure_ascii=False, sort_keys=True) - time_elapsed = time.time() - time_start - - print('speedtest_serialize_block_json: {} s'.format(time_elapsed)) - - -def speedtest_serialize_block_rapidjson(): - # create a block - b = bigchaindb.Bigchain() - tx = b.create_transaction(b.me, b.me, None, 'CREATE') - tx_signed = b.sign_transaction(tx, b.me_private) - block = b.create_block([tx_signed] * 1000) - - time_start = time.time() - for _ in range(1000): - _ = rapidjson.dumps(block, skipkeys=False, ensure_ascii=False, sort_keys=True) - time_elapsed = time.time() - time_start - - print('speedtest_serialize_block_rapidjson: {} s'.format(time_elapsed)) - - -def speedtest_deserialize_block_json(): - # create a block - b = bigchaindb.Bigchain() - tx = b.create_transaction(b.me, b.me, None, 'CREATE') - tx_signed = b.sign_transaction(tx, b.me_private) - block = b.create_block([tx_signed] * 1000) - block_serialized = json.dumps(block, skipkeys=False, ensure_ascii=False, sort_keys=True) - - time_start = time.time() - for _ in range(1000): - _ = json.loads(block_serialized) - time_elapsed = time.time() - time_start - - print('speedtest_deserialize_block_json: {} s'.format(time_elapsed)) - - -def speedtest_deserialize_block_rapidjson(): - # create a block - b = bigchaindb.Bigchain() - tx = b.create_transaction(b.me, b.me, None, 'CREATE') - tx_signed = b.sign_transaction(tx, b.me_private) - block = b.create_block([tx_signed] * 1000) - block_serialized = rapidjson.dumps(block, skipkeys=False, ensure_ascii=False, sort_keys=True) - - time_start = time.time() - for _ in range(1000): - _ = rapidjson.loads(block_serialized) - time_elapsed = time.time() - time_start - - print('speedtest_deserialize_block_rapidjson: {} s'.format(time_elapsed)) - - -if __name__ == '__main__': - speedtest_validate_transaction() - speedtest_serialize_block_json() - speedtest_serialize_block_rapidjson() - speedtest_deserialize_block_json() - speedtest_deserialize_block_rapidjson() From 64ef0dd9a17e70b3e02b7a2c5f67eda03073e13d Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Fri, 31 Mar 2017 10:54:02 +0200 Subject: [PATCH 169/283] Test docs building and flake8 only for Python 3.6 --- .travis.yml | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index e558d154..9fc4e278 100644 --- a/.travis.yml +++ b/.travis.yml @@ -14,11 +14,17 @@ env: matrix: fast_finish: true exclude: - - python: 3.4 + - python: 3.4 env: TOXENV=flake8 - - python: 3.4 + - python: 3.4 env: TOXENV=docsroot - - python: 3.4 + - python: 3.4 + env: TOXENV=docsserver + - python: 3.5 + env: TOXENV=flake8 + - python: 3.5 + env: TOXENV=docsroot + - python: 3.5 env: TOXENV=docsserver include: - python: 3.4 From 36edbc5f354e1b5b62af03246e60e546951f82a8 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Fri, 31 Mar 2017 10:54:59 +0200 Subject: [PATCH 170/283] Set base version for Python to 3.6 in tox.ini --- tox.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tox.ini b/tox.ini index 8f299471..bdaea034 100644 --- a/tox.ini +++ b/tox.ini @@ -3,7 +3,7 @@ skipsdist = true envlist = py{34,35,36}-{rethinkdb,mongodb}, flake8, docsroot, docsserver [base] -basepython = python3.5 +basepython = python3.6 deps = pip>=9.0.1 [testenv] From 6fb793e52f716a356579fc60349840fe6e2bd282 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Wed, 29 Mar 2017 10:22:15 +0200 Subject: [PATCH 171/283] Update changelog for 0.9.5 --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9af7ccc3..2148903b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,13 @@ For reference, the possible headings are: * **External Contributors** to list contributors outside of BigchainDB GmbH. * **Notes** +## [0.9.5] - 2017-03-29 +Tag name: v0.9.5 + +### Fixed +Upgrade `python-rapidjson` to `0.0.11`(fixes #1350 - thanks to @ferOnti for +reporting). + ## [0.9.4] - 2017-03-16 Tag name: v0.9.4 From 87eb070ed68533abd42f736b3ac293e0c6883416 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Fri, 3 Mar 2017 01:47:08 +0100 Subject: [PATCH 172/283] Refactor core.BigchainDB.get_outputs --- bigchaindb/core.py | 64 +++++++++++++++++++++++++-------------------- bigchaindb/utils.py | 13 +++++++++ 2 files changed, 49 insertions(+), 28 deletions(-) diff --git a/bigchaindb/core.py b/bigchaindb/core.py index a9143f33..e6783a6d 100644 --- a/bigchaindb/core.py +++ b/bigchaindb/core.py @@ -19,14 +19,17 @@ class Bigchain(object): Create, read, sign, write transactions to the database """ - # return if a block has been voted invalid BLOCK_INVALID = 'invalid' - # return if a block is valid, or tx is in valid block + """return if a block has been voted invalid""" + BLOCK_VALID = TX_VALID = 'valid' - # return if block is undecided, or tx is in undecided block + """return if a block is valid, or tx is in valid block""" + BLOCK_UNDECIDED = TX_UNDECIDED = 'undecided' - # return if transaction is in backlog + """return if block is undecided, or tx is in undecided block""" + TX_IN_BACKLOG = 'backlog' + """return if transaction is in backlog""" def __init__(self, public_key=None, private_key=None, keyring=[], connection=None, backlog_reassign_delay=None): """Initialize the Bigchain instance @@ -372,32 +375,37 @@ class Bigchain(object): """ # get all transactions in which owner is in the `owners_after` list response = backend.query.get_owned_ids(self.connection, owner) - links = [] + return [ + TransactionLink(tx['id'], index) + for tx in response + if not self.is_tx_strictly_in_invalid_block(tx['id']) + for index, output in enumerate(tx['outputs']) + if utils.output_has_owner(output, owner) + ] - for tx in response: - # disregard transactions from invalid blocks - validity = self.get_blocks_status_containing_tx(tx['id']) - if Bigchain.BLOCK_VALID not in validity.values(): - if Bigchain.BLOCK_UNDECIDED not in validity.values(): - continue + def is_tx_strictly_in_invalid_block(self, txid): + """ + Checks whether the transaction with the given ``txid`` + *strictly* belongs to an invalid block. - # NOTE: It's OK to not serialize the transaction here, as we do not - # use it after the execution of this function. - # a transaction can contain multiple outputs so we need to iterate over all of them - # to get a list of outputs available to spend - for index, output in enumerate(tx['outputs']): - # for simple signature conditions there are no subfulfillments - # check if the owner is in the condition `owners_after` - if len(output['public_keys']) == 1: - if output['condition']['details']['public_key'] == owner: - links.append(TransactionLink(tx['id'], index)) - else: - # for transactions with multiple `public_keys` there will be several subfulfillments nested - # in the condition. We need to iterate the subfulfillments to make sure there is a - # subfulfillment for `owner` - if utils.condition_details_has_owner(output['condition']['details'], owner): - links.append(TransactionLink(tx['id'], index)) - return links + Args: + txid (str): Transaction id. + + Returns: + bool: ``True`` if the transaction *strictly* belongs to a + block that is invalid. ``False`` otherwise. + + Note: + Since a transaction may be in multiple blocks, with + different statuses, the term "strictly" is used to + emphasize that if a transaction is said to be in an invalid + block, it means that it is not in any other block that is + either valid or undecided. + + """ + validity = self.get_blocks_status_containing_tx(txid) + return (Bigchain.BLOCK_VALID not in validity.values() and + Bigchain.BLOCK_UNDECIDED not in validity.values()) def get_owned_ids(self, owner): """Retrieve a list of ``txid`` s that can be used as inputs. diff --git a/bigchaindb/utils.py b/bigchaindb/utils.py index 4d7177d9..f87916b7 100644 --- a/bigchaindb/utils.py +++ b/bigchaindb/utils.py @@ -113,6 +113,19 @@ def condition_details_has_owner(condition_details, owner): return False +def output_has_owner(output, owner): + # TODO + # Check whether it is really necessary to treat the single key case + # differently from the multiple keys case, and why not just use the same + # function for both cases. + if len(output['public_keys']) > 1: + return condition_details_has_owner( + output['condition']['details'], owner) + elif len(output['public_keys']) == 1: + return output['condition']['details']['public_key'] == owner + # TODO raise proper exception, e.g. invalid tx payload? + + def is_genesis_block(block): """Check if the block is the genesis block. From ca200b1da7ba77f9aa753fd20b8eb09ea4a95838 Mon Sep 17 00:00:00 2001 From: Jack Riches Date: Sun, 2 Apr 2017 12:22:56 +0100 Subject: [PATCH 173/283] Treat --log-level argument as case-insensitive --- bigchaindb/commands/utils.py | 1 + 1 file changed, 1 insertion(+) diff --git a/bigchaindb/commands/utils.py b/bigchaindb/commands/utils.py index cf8ddb4f..6cc5cb6a 100644 --- a/bigchaindb/commands/utils.py +++ b/bigchaindb/commands/utils.py @@ -198,6 +198,7 @@ base_parser.add_argument('-c', '--config', '(use "-" for stdout)') base_parser.add_argument('-l', '--log-level', + type=lambda l: l.upper(), # case insensitive conversion choices=['DEBUG', 'INFO', 'WARNING', 'ERROR', 'CRITICAL'], default='INFO', help='Log level') From 09866920af8ae5b197dc45eb976ebf2c0cb0d1bd Mon Sep 17 00:00:00 2001 From: Anuj Date: Sun, 2 Apr 2017 17:53:39 +0530 Subject: [PATCH 174/283] Pretty message when dropping a non-existent database --- bigchaindb/commands/bigchain.py | 8 ++++++-- tests/commands/test_commands.py | 12 ++++++++++++ 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/bigchaindb/commands/bigchain.py b/bigchaindb/commands/bigchain.py index be17d75f..ce0cbfa0 100644 --- a/bigchaindb/commands/bigchain.py +++ b/bigchaindb/commands/bigchain.py @@ -12,7 +12,8 @@ import sys from bigchaindb.common import crypto from bigchaindb.common.exceptions import (StartupError, DatabaseAlreadyExists, - KeypairNotFoundException) + KeypairNotFoundException, + DatabaseDoesNotExist) import bigchaindb from bigchaindb import backend, processes from bigchaindb.backend import schema @@ -166,7 +167,10 @@ def run_drop(args): conn = backend.connect() dbname = bigchaindb.config['database']['name'] - schema.drop_database(conn, dbname) + try: + schema.drop_database(conn, dbname) + except DatabaseDoesNotExist: + print("Cannot drop '{name}'. The database does not exist.".format(name=dbname), file=sys.stderr) @configure_bigchaindb diff --git a/tests/commands/test_commands.py b/tests/commands/test_commands.py index 50b995b0..ad603351 100644 --- a/tests/commands/test_commands.py +++ b/tests/commands/test_commands.py @@ -149,6 +149,18 @@ def test_drop_db_when_interactive_yes(mock_db_drop, monkeypatch): assert mock_db_drop.called +@patch('bigchaindb.backend.schema.drop_database') +def test_drop_db_when_db_does_not_exist(mock_db_drop, capsys): + from bigchaindb.commands.bigchain import run_drop + from bigchaindb.common.exceptions import DatabaseDoesNotExist + args = Namespace(config=None, yes=True) + mock_db_drop.side_effect = DatabaseDoesNotExist + + run_drop(args) + output_message = capsys.readouterr()[1] + assert output_message == "Cannot drop 'bigchain'. The database does not exist.\n" + + @patch('bigchaindb.backend.schema.drop_database') def test_drop_db_does_not_drop_when_interactive_no(mock_db_drop, monkeypatch): from bigchaindb.commands.bigchain import run_drop From f3f1ecdaecf2e42f713e6090176eeb24f6b074e3 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Sun, 2 Apr 2017 16:46:41 +0200 Subject: [PATCH 175/283] Added to HOW_TO_HANDLE_PULL_REQUESTS.md Added new subsection: How to Handle CLA Agreement Emails with No Associated Pull Request --- HOW_TO_HANDLE_PULL_REQUESTS.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/HOW_TO_HANDLE_PULL_REQUESTS.md b/HOW_TO_HANDLE_PULL_REQUESTS.md index 4dfbec15..6114c7ac 100644 --- a/HOW_TO_HANDLE_PULL_REQUESTS.md +++ b/HOW_TO_HANDLE_PULL_REQUESTS.md @@ -51,3 +51,15 @@ END BLOCK (END OF EMAIL) The next step is to wait for them to copy that comment into the comments of the indicated pull request. Once they do so, it's safe to merge the pull request. + +## How to Handle CLA Agreement Emails with No Associated Pull Request + +Reply with an email like this: + +Hi [First Name], + +Today I got an email (copied below) to tell me that you agreed to the BigchainDB Contributor License Agreement. Did you intend to do that? + +If no, then you can ignore this email. + +If yes, then there's another step to connect your email address with your GitHub account. To do that, you must first create a pull request in one of the BigchainDB repositories on GitHub. Once you've done that, please reply to this email with a link to the pull request. Then I'll send you a special block of text to paste into the comments on that pull request. From eff1406c09a6f05eb7d9c97fcf840f8daa8d29d8 Mon Sep 17 00:00:00 2001 From: Jack Riches Date: Sun, 2 Apr 2017 23:46:44 +0100 Subject: [PATCH 176/283] Refactor awawy unnecessary lambda to str.upper --- bigchaindb/commands/utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bigchaindb/commands/utils.py b/bigchaindb/commands/utils.py index 6cc5cb6a..15887340 100644 --- a/bigchaindb/commands/utils.py +++ b/bigchaindb/commands/utils.py @@ -198,7 +198,7 @@ base_parser.add_argument('-c', '--config', '(use "-" for stdout)') base_parser.add_argument('-l', '--log-level', - type=lambda l: l.upper(), # case insensitive conversion + type=str.upper # convert to uppercase for comparison to choices choices=['DEBUG', 'INFO', 'WARNING', 'ERROR', 'CRITICAL'], default='INFO', help='Log level') From c3f89fd447e7729dad98b521c5c484311e1e2a8a Mon Sep 17 00:00:00 2001 From: Anuj Date: Mon, 3 Apr 2017 13:13:22 +0530 Subject: [PATCH 177/283] Taking DB name from config in test for non-existent db drop --- tests/commands/test_commands.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/commands/test_commands.py b/tests/commands/test_commands.py index ad603351..c0e2b5af 100644 --- a/tests/commands/test_commands.py +++ b/tests/commands/test_commands.py @@ -151,6 +151,7 @@ def test_drop_db_when_interactive_yes(mock_db_drop, monkeypatch): @patch('bigchaindb.backend.schema.drop_database') def test_drop_db_when_db_does_not_exist(mock_db_drop, capsys): + from bigchaindb import config from bigchaindb.commands.bigchain import run_drop from bigchaindb.common.exceptions import DatabaseDoesNotExist args = Namespace(config=None, yes=True) @@ -158,7 +159,8 @@ def test_drop_db_when_db_does_not_exist(mock_db_drop, capsys): run_drop(args) output_message = capsys.readouterr()[1] - assert output_message == "Cannot drop 'bigchain'. The database does not exist.\n" + assert output_message == "Cannot drop '{name}'. The database does not exist.\n".format( + name=config['database']['name']) @patch('bigchaindb.backend.schema.drop_database') From e7b0b227f18f88747a992e29367d52d20167185f Mon Sep 17 00:00:00 2001 From: Lavina Date: Wed, 29 Mar 2017 20:05:01 +0530 Subject: [PATCH 178/283] Rename bigchain.py command module to bigchaindb.py --- .../commands/{bigchain.py => bigchaindb.py} | 0 docs/server/source/appendices/commands.rst | 4 +- setup.py | 2 +- tests/commands/conftest.py | 8 +-- tests/commands/rethinkdb/test_commands.py | 10 ++-- tests/commands/test_commands.py | 58 +++++++++---------- tests/commands/test_utils.py | 4 +- 7 files changed, 43 insertions(+), 43 deletions(-) rename bigchaindb/commands/{bigchain.py => bigchaindb.py} (100%) diff --git a/bigchaindb/commands/bigchain.py b/bigchaindb/commands/bigchaindb.py similarity index 100% rename from bigchaindb/commands/bigchain.py rename to bigchaindb/commands/bigchaindb.py diff --git a/docs/server/source/appendices/commands.rst b/docs/server/source/appendices/commands.rst index 35d37b27..fd367cdb 100644 --- a/docs/server/source/appendices/commands.rst +++ b/docs/server/source/appendices/commands.rst @@ -6,10 +6,10 @@ Command Line Interface :special-members: __init__ -:mod:`bigchaindb.commands.bigchain` +:mod:`bigchaindb.commands.bigchaindb` ----------------------------------- -.. automodule:: bigchaindb.commands.bigchain +.. automodule:: bigchaindb.commands.bigchaindb :mod:`bigchaindb.commands.utils` diff --git a/setup.py b/setup.py index 5fb201f4..c05b554a 100644 --- a/setup.py +++ b/setup.py @@ -117,7 +117,7 @@ setup( entry_points={ 'console_scripts': [ - 'bigchaindb=bigchaindb.commands.bigchain:main' + 'bigchaindb=bigchaindb.commands.bigchaindb:main' ], }, install_requires=install_requires, diff --git a/tests/commands/conftest.py b/tests/commands/conftest.py index 30c577f5..4a60c0cc 100644 --- a/tests/commands/conftest.py +++ b/tests/commands/conftest.py @@ -5,8 +5,8 @@ import pytest @pytest.fixture def mock_run_configure(monkeypatch): - from bigchaindb.commands import bigchain - monkeypatch.setattr(bigchain, 'run_configure', lambda *args, **kwargs: None) + from bigchaindb.commands import bigchaindb + monkeypatch.setattr(bigchaindb, 'run_configure', lambda *args, **kwargs: None) @pytest.fixture @@ -17,8 +17,8 @@ def mock_write_config(monkeypatch): @pytest.fixture def mock_db_init_with_existing_db(monkeypatch): - from bigchaindb.commands import bigchain - monkeypatch.setattr(bigchain, '_run_init', lambda: None) + from bigchaindb.commands import bigchaindb + monkeypatch.setattr(bigchaindb, '_run_init', lambda: None) @pytest.fixture diff --git a/tests/commands/rethinkdb/test_commands.py b/tests/commands/rethinkdb/test_commands.py index 165fef0d..0eab914c 100644 --- a/tests/commands/rethinkdb/test_commands.py +++ b/tests/commands/rethinkdb/test_commands.py @@ -11,7 +11,7 @@ def test_bigchain_run_start_with_rethinkdb(mock_start_rethinkdb, mock_processes_start, mock_db_init_with_existing_db, mocked_setup_logging): - from bigchaindb.commands.bigchain import run_start + from bigchaindb.commands.bigchaindb import run_start args = Namespace(start_rethinkdb=True, allow_temp_keypair=False, config=None, yes=True) run_start(args) @@ -39,7 +39,7 @@ def test_start_rethinkdb_exits_when_cannot_start(mock_popen): @patch('rethinkdb.ast.Table.reconfigure') def test_set_shards(mock_reconfigure, monkeypatch, b): - from bigchaindb.commands.bigchain import run_set_shards + from bigchaindb.commands.bigchaindb import run_set_shards # this will mock the call to retrieve the database config # we will set it to return one replica @@ -62,7 +62,7 @@ def test_set_shards(mock_reconfigure, monkeypatch, b): def test_set_shards_raises_exception(monkeypatch, b): - from bigchaindb.commands.bigchain import run_set_shards + from bigchaindb.commands.bigchaindb import run_set_shards # test that we are correctly catching the exception def mock_raise(*args, **kwargs): @@ -82,7 +82,7 @@ def test_set_shards_raises_exception(monkeypatch, b): @patch('rethinkdb.ast.Table.reconfigure') def test_set_replicas(mock_reconfigure, monkeypatch, b): - from bigchaindb.commands.bigchain import run_set_replicas + from bigchaindb.commands.bigchaindb import run_set_replicas # this will mock the call to retrieve the database config # we will set it to return two shards @@ -105,7 +105,7 @@ def test_set_replicas(mock_reconfigure, monkeypatch, b): def test_set_replicas_raises_exception(monkeypatch, b): - from bigchaindb.commands.bigchain import run_set_replicas + from bigchaindb.commands.bigchaindb import run_set_replicas # test that we are correctly catching the exception def mock_raise(*args, **kwargs): diff --git a/tests/commands/test_commands.py b/tests/commands/test_commands.py index 50b995b0..186dfbc6 100644 --- a/tests/commands/test_commands.py +++ b/tests/commands/test_commands.py @@ -8,7 +8,7 @@ import pytest def test_make_sure_we_dont_remove_any_command(): # thanks to: http://stackoverflow.com/a/18161115/597097 - from bigchaindb.commands.bigchain import create_parser + from bigchaindb.commands.bigchaindb import create_parser parser = create_parser() @@ -27,7 +27,7 @@ def test_make_sure_we_dont_remove_any_command(): @patch('bigchaindb.commands.utils.start') def test_main_entrypoint(mock_start): - from bigchaindb.commands.bigchain import main + from bigchaindb.commands.bigchaindb import main main() assert mock_start.called @@ -37,7 +37,7 @@ def test_bigchain_run_start(mock_run_configure, mock_processes_start, mock_db_init_with_existing_db, mocked_setup_logging): - from bigchaindb.commands.bigchain import run_start + from bigchaindb.commands.bigchaindb import run_start args = Namespace(start_rethinkdb=False, allow_temp_keypair=False, config=None, yes=True) run_start(args) mocked_setup_logging.assert_called_once_with(user_log_config={}) @@ -48,7 +48,7 @@ def test_bigchain_run_start_assume_yes_create_default_config( monkeypatch, mock_processes_start, mock_generate_key_pair, mock_db_init_with_existing_db, mocked_setup_logging): import bigchaindb - from bigchaindb.commands.bigchain import run_start + from bigchaindb.commands.bigchaindb import run_start from bigchaindb import config_utils value = {} @@ -76,7 +76,7 @@ def test_bigchain_run_start_assume_yes_create_default_config( @pytest.mark.usefixtures('ignore_local_config_file') def test_bigchain_show_config(capsys): from bigchaindb import config - from bigchaindb.commands.bigchain import run_show_config + from bigchaindb.commands.bigchaindb import run_show_config args = Namespace(config=None) _, _ = capsys.readouterr() @@ -89,7 +89,7 @@ def test_bigchain_show_config(capsys): def test_bigchain_export_my_pubkey_when_pubkey_set(capsys, monkeypatch): from bigchaindb import config - from bigchaindb.commands.bigchain import run_export_my_pubkey + from bigchaindb.commands.bigchaindb import run_export_my_pubkey args = Namespace(config='dummy') # so in run_export_my_pubkey(args) below, @@ -108,7 +108,7 @@ def test_bigchain_export_my_pubkey_when_pubkey_set(capsys, monkeypatch): def test_bigchain_export_my_pubkey_when_pubkey_not_set(monkeypatch): from bigchaindb import config - from bigchaindb.commands.bigchain import run_export_my_pubkey + from bigchaindb.commands.bigchaindb import run_export_my_pubkey args = Namespace(config='dummy') monkeypatch.setitem(config['keypair'], 'public', None) @@ -125,14 +125,14 @@ def test_bigchain_export_my_pubkey_when_pubkey_not_set(monkeypatch): def test_bigchain_run_init_when_db_exists(mock_db_init_with_existing_db): - from bigchaindb.commands.bigchain import run_init + from bigchaindb.commands.bigchaindb import run_init args = Namespace(config=None) run_init(args) @patch('bigchaindb.backend.schema.drop_database') def test_drop_db_when_assumed_yes(mock_db_drop): - from bigchaindb.commands.bigchain import run_drop + from bigchaindb.commands.bigchaindb import run_drop args = Namespace(config=None, yes=True) run_drop(args) @@ -141,9 +141,9 @@ def test_drop_db_when_assumed_yes(mock_db_drop): @patch('bigchaindb.backend.schema.drop_database') def test_drop_db_when_interactive_yes(mock_db_drop, monkeypatch): - from bigchaindb.commands.bigchain import run_drop + from bigchaindb.commands.bigchaindb import run_drop args = Namespace(config=None, yes=False) - monkeypatch.setattr('bigchaindb.commands.bigchain.input_on_stderr', lambda x: 'y') + monkeypatch.setattr('bigchaindb.commands.bigchaindb.input_on_stderr', lambda x: 'y') run_drop(args) assert mock_db_drop.called @@ -151,16 +151,16 @@ def test_drop_db_when_interactive_yes(mock_db_drop, monkeypatch): @patch('bigchaindb.backend.schema.drop_database') def test_drop_db_does_not_drop_when_interactive_no(mock_db_drop, monkeypatch): - from bigchaindb.commands.bigchain import run_drop + from bigchaindb.commands.bigchaindb import run_drop args = Namespace(config=None, yes=False) - monkeypatch.setattr('bigchaindb.commands.bigchain.input_on_stderr', lambda x: 'n') + monkeypatch.setattr('bigchaindb.commands.bigchaindb.input_on_stderr', lambda x: 'n') run_drop(args) assert not mock_db_drop.called def test_run_configure_when_config_exists_and_skipping(monkeypatch): - from bigchaindb.commands.bigchain import run_configure + from bigchaindb.commands.bigchaindb import run_configure monkeypatch.setattr('os.path.exists', lambda path: True) args = Namespace(config='foo', yes=True) return_value = run_configure(args, skip_if_exists=True) @@ -174,7 +174,7 @@ def test_run_configure_when_config_does_not_exist(monkeypatch, mock_write_config, mock_generate_key_pair, mock_bigchaindb_backup_config): - from bigchaindb.commands.bigchain import run_configure + from bigchaindb.commands.bigchaindb import run_configure monkeypatch.setattr('os.path.exists', lambda path: False) monkeypatch.setattr('builtins.input', lambda: '\n') args = Namespace(config='foo', backend='rethinkdb', yes=True) @@ -191,7 +191,7 @@ def test_run_configure_when_config_does_exist(monkeypatch, def mock_write_config(newconfig, filename=None): value['return'] = newconfig - from bigchaindb.commands.bigchain import run_configure + from bigchaindb.commands.bigchaindb import run_configure monkeypatch.setattr('os.path.exists', lambda path: True) monkeypatch.setattr('builtins.input', lambda: '\n') monkeypatch.setattr('bigchaindb.config_utils.write_config', mock_write_config) @@ -207,7 +207,7 @@ def test_run_configure_when_config_does_exist(monkeypatch, )) def test_run_configure_with_backend(backend, monkeypatch, mock_write_config): import bigchaindb - from bigchaindb.commands.bigchain import run_configure + from bigchaindb.commands.bigchaindb import run_configure value = {} @@ -238,7 +238,7 @@ def test_allow_temp_keypair_generates_one_on_the_fly( mock_gen_keypair, mock_processes_start, mock_db_init_with_existing_db, mocked_setup_logging): import bigchaindb - from bigchaindb.commands.bigchain import run_start + from bigchaindb.commands.bigchaindb import run_start bigchaindb.config['keypair'] = {'private': None, 'public': None} @@ -258,7 +258,7 @@ def test_allow_temp_keypair_doesnt_override_if_keypair_found(mock_gen_keypair, mock_db_init_with_existing_db, mocked_setup_logging): import bigchaindb - from bigchaindb.commands.bigchain import run_start + from bigchaindb.commands.bigchaindb import run_start # Preconditions for the test original_private_key = bigchaindb.config['keypair']['private'] @@ -279,7 +279,7 @@ def test_run_start_when_db_already_exists(mocker, monkeypatch, run_start_args, mocked_setup_logging): - from bigchaindb.commands.bigchain import run_start + from bigchaindb.commands.bigchaindb import run_start from bigchaindb.common.exceptions import DatabaseAlreadyExists mocked_start = mocker.patch('bigchaindb.processes.start') @@ -287,7 +287,7 @@ def test_run_start_when_db_already_exists(mocker, raise DatabaseAlreadyExists() monkeypatch.setattr( - 'bigchaindb.commands.bigchain._run_init', mock_run_init) + 'bigchaindb.commands.bigchaindb._run_init', mock_run_init) run_start(run_start_args) mocked_setup_logging.assert_called_once_with(user_log_config={}) assert mocked_start.called @@ -297,7 +297,7 @@ def test_run_start_when_keypair_not_found(mocker, monkeypatch, run_start_args, mocked_setup_logging): - from bigchaindb.commands.bigchain import run_start + from bigchaindb.commands.bigchaindb import run_start from bigchaindb.commands.messages import CANNOT_START_KEYPAIR_NOT_FOUND from bigchaindb.common.exceptions import KeypairNotFoundException mocked_start = mocker.patch('bigchaindb.processes.start') @@ -306,7 +306,7 @@ def test_run_start_when_keypair_not_found(mocker, raise KeypairNotFoundException() monkeypatch.setattr( - 'bigchaindb.commands.bigchain._run_init', mock_run_init) + 'bigchaindb.commands.bigchaindb._run_init', mock_run_init) with pytest.raises(SystemExit) as exc: run_start(run_start_args) @@ -321,7 +321,7 @@ def test_run_start_when_start_rethinkdb_fails(mocker, monkeypatch, run_start_args, mocked_setup_logging): - from bigchaindb.commands.bigchain import run_start + from bigchaindb.commands.bigchaindb import run_start from bigchaindb.commands.messages import RETHINKDB_STARTUP_ERROR from bigchaindb.common.exceptions import StartupError run_start_args.start_rethinkdb = True @@ -348,7 +348,7 @@ def test_run_start_when_start_rethinkdb_fails(mocker, @patch('bigchaindb.commands.utils.start') def test_calling_main(start_mock, base_parser_mock, parse_args_mock, monkeypatch): - from bigchaindb.commands.bigchain import main + from bigchaindb.commands.bigchaindb import main argparser_mock = Mock() parser = Mock() @@ -404,9 +404,9 @@ def test_calling_main(start_mock, base_parser_mock, parse_args_mock, @pytest.mark.usefixtures('ignore_local_config_file') -@patch('bigchaindb.commands.bigchain.add_replicas') +@patch('bigchaindb.commands.bigchaindb.add_replicas') def test_run_add_replicas(mock_add_replicas): - from bigchaindb.commands.bigchain import run_add_replicas + from bigchaindb.commands.bigchaindb import run_add_replicas from bigchaindb.backend.exceptions import OperationError args = Namespace(config=None, replicas=['localhost:27017']) @@ -435,9 +435,9 @@ def test_run_add_replicas(mock_add_replicas): @pytest.mark.usefixtures('ignore_local_config_file') -@patch('bigchaindb.commands.bigchain.remove_replicas') +@patch('bigchaindb.commands.bigchaindb.remove_replicas') def test_run_remove_replicas(mock_remove_replicas): - from bigchaindb.commands.bigchain import run_remove_replicas + from bigchaindb.commands.bigchaindb import run_remove_replicas from bigchaindb.backend.exceptions import OperationError args = Namespace(config=None, replicas=['localhost:27017']) diff --git a/tests/commands/test_utils.py b/tests/commands/test_utils.py index 5f190717..f3b64c18 100644 --- a/tests/commands/test_utils.py +++ b/tests/commands/test_utils.py @@ -54,7 +54,7 @@ def test_configure_bigchaindb_logging(log_level): def test_start_raises_if_command_not_implemented(): from bigchaindb.commands import utils - from bigchaindb.commands.bigchain import create_parser + from bigchaindb.commands.bigchaindb import create_parser parser = create_parser() @@ -66,7 +66,7 @@ def test_start_raises_if_command_not_implemented(): def test_start_raises_if_no_arguments_given(): from bigchaindb.commands import utils - from bigchaindb.commands.bigchain import create_parser + from bigchaindb.commands.bigchaindb import create_parser parser = create_parser() From 57d3770564d8ef8d6665815a3d53f2d30faa6ac4 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Fri, 31 Mar 2017 13:26:19 +0200 Subject: [PATCH 179/283] Add missing underline title characters --- docs/server/source/appendices/commands.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/server/source/appendices/commands.rst b/docs/server/source/appendices/commands.rst index fd367cdb..460145f4 100644 --- a/docs/server/source/appendices/commands.rst +++ b/docs/server/source/appendices/commands.rst @@ -7,7 +7,7 @@ Command Line Interface :mod:`bigchaindb.commands.bigchaindb` ------------------------------------ +------------------------------------- .. automodule:: bigchaindb.commands.bigchaindb From cee2f94f89f632fd853430825a683c7d92407729 Mon Sep 17 00:00:00 2001 From: Rodolphe Marques Date: Mon, 3 Apr 2017 11:57:56 +0200 Subject: [PATCH 180/283] Remove benchmarking-tests folder. Remove references to removed folders. --- .gitattributes | 4 +- .gitignore | 2 - benchmarking-tests/README.md | 3 - benchmarking-tests/benchmark_utils.py | 154 -------------------------- benchmarking-tests/fabfile.py | 46 -------- benchmarking-tests/test1/README.md | 20 ---- codecov.yml | 2 - 7 files changed, 1 insertion(+), 230 deletions(-) delete mode 100644 benchmarking-tests/README.md delete mode 100644 benchmarking-tests/benchmark_utils.py delete mode 100644 benchmarking-tests/fabfile.py delete mode 100644 benchmarking-tests/test1/README.md diff --git a/.gitattributes b/.gitattributes index cd945c78..d278a72d 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,11 +1,9 @@ -benchmarking-tests export-ignore deploy-cluster-aws export-ignore docs export-ignore ntools export-ignore -speed-tests export-ignore tests export-ignore .gitattributes export-ignore .gitignore export-ignore .travis.yml export-ignore *.md export-ignore -codecov.yml export-ignore \ No newline at end of file +codecov.yml export-ignore diff --git a/.gitignore b/.gitignore index efa00db2..7aba48d1 100644 --- a/.gitignore +++ b/.gitignore @@ -71,8 +71,6 @@ deploy-cluster-aws/confiles/ deploy-cluster-aws/client_confile deploy-cluster-aws/hostlist.py deploy-cluster-aws/ssh_key.py -benchmarking-tests/hostlist.py -benchmarking-tests/ssh_key.py # Ansible-specific files ntools/one-m/ansible/hosts diff --git a/benchmarking-tests/README.md b/benchmarking-tests/README.md deleted file mode 100644 index d94ec70b..00000000 --- a/benchmarking-tests/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# Benchmarking tests - -This folder contains util files and test case folders to benchmark the performance of a BigchainDB cluster. \ No newline at end of file diff --git a/benchmarking-tests/benchmark_utils.py b/benchmarking-tests/benchmark_utils.py deleted file mode 100644 index d7418a36..00000000 --- a/benchmarking-tests/benchmark_utils.py +++ /dev/null @@ -1,154 +0,0 @@ -import multiprocessing as mp -import uuid -import argparse -import csv -import time -import logging -import rethinkdb as r - -from bigchaindb.common.transaction import Transaction - -from bigchaindb import Bigchain -from bigchaindb.utils import ProcessGroup -from bigchaindb.commands import utils - - -SIZE_OF_FILLER = {'minimal': 0, - 'small': 10**3, - 'medium': 10**4, - 'large': 10**5} - - -logging.basicConfig(level=logging.INFO) -logger = logging.getLogger(__name__) - - -def create_write_transaction(tx_left, payload_filler): - b = Bigchain() - payload_dict = {} - if payload_filler: - payload_dict['filler'] = payload_filler - while tx_left > 0: - # Include a random uuid string in the payload - # to prevent duplicate transactions - # (i.e. transactions with the same hash) - payload_dict['msg'] = str(uuid.uuid4()) - tx = Transaction.create([b.me], [b.me], payload=payload_dict) - tx = tx.sign([b.me_private]) - b.write_transaction(tx) - tx_left -= 1 - - -def run_add_backlog(args): - tx_left = args.num_transactions // mp.cpu_count() - payload_filler = 'x' * SIZE_OF_FILLER[args.payload_size] - workers = ProcessGroup(target=create_write_transaction, - args=(tx_left, payload_filler)) - workers.start() - - -def run_gather_metrics(args): - # setup a rethinkdb connection - conn = r.connect(args.bigchaindb_host, 28015, 'bigchain') - - # setup csv writer - csv_file = open(args.csvfile, 'w') - csv_writer = csv.writer(csv_file) - - # query for the number of transactions on the backlog - num_transactions = r.table('backlog').count().run(conn) - num_transactions_received = 0 - initial_time = None - logger.info('Starting gathering metrics.') - logger.info('{} transasctions in the backlog'.format(num_transactions)) - logger.info('This process should exit automatically. ' - 'If this does not happen you can exit at any time using Ctrl-C ' - 'saving all the metrics gathered up to this point.') - - logger.info('\t{:<20} {:<20} {:<20} {:<20}'.format( - 'timestamp', - 'tx in block', - 'tx/s', - '% complete' - )) - - # listen to the changefeed - try: - for change in r.table('bigchain').changes().run(conn): - # check only for new blocks - if change['old_val'] is None: - block_num_transactions = len( - change['new_val']['block']['transactions'] - ) - time_now = time.time() - csv_writer.writerow( - [str(time_now), str(block_num_transactions)] - ) - - # log statistics - if initial_time is None: - initial_time = time_now - - num_transactions_received += block_num_transactions - elapsed_time = time_now - initial_time - percent_complete = round( - (num_transactions_received / num_transactions) * 100 - ) - - if elapsed_time != 0: - transactions_per_second = round( - num_transactions_received / elapsed_time - ) - else: - transactions_per_second = float('nan') - - logger.info('\t{:<20} {:<20} {:<20} {:<20}'.format( - time_now, - block_num_transactions, - transactions_per_second, - percent_complete - )) - - if (num_transactions - num_transactions_received) == 0: - break - except KeyboardInterrupt: - logger.info('Interrupted. Exiting early...') - finally: - # close files - csv_file.close() - - -def main(): - parser = argparse.ArgumentParser(description='BigchainDB benchmarking utils') - subparsers = parser.add_subparsers(title='Commands', dest='command') - - # add transactions to backlog - backlog_parser = subparsers.add_parser('add-backlog', - help='Add transactions to the backlog') - backlog_parser.add_argument('num_transactions', - metavar='num_transactions', - type=int, default=0, - help='Number of transactions to add to the backlog') - backlog_parser.add_argument('-s', '--payload-size', - choices=SIZE_OF_FILLER.keys(), - default='minimal', - help='Payload size') - - # metrics - metrics_parser = subparsers.add_parser('gather-metrics', - help='Gather metrics to a csv file') - - metrics_parser.add_argument('-b', '--bigchaindb-host', - required=True, - help=('Bigchaindb node hostname to connect ' - 'to gather cluster metrics')) - - metrics_parser.add_argument('-c', '--csvfile', - required=True, - help='Filename to save the metrics') - - utils.start(parser, globals()) - - -if __name__ == '__main__': - main() diff --git a/benchmarking-tests/fabfile.py b/benchmarking-tests/fabfile.py deleted file mode 100644 index 0dd4e964..00000000 --- a/benchmarking-tests/fabfile.py +++ /dev/null @@ -1,46 +0,0 @@ -from __future__ import with_statement, unicode_literals - -from fabric.api import sudo, env, hosts -from fabric.api import task, parallel -from fabric.contrib.files import sed -from fabric.operations import run, put -from fabric.context_managers import settings - -from hostlist import public_dns_names -from ssh_key import ssh_key_path - -# Ignore known_hosts -# http://docs.fabfile.org/en/1.10/usage/env.html#disable-known-hosts -env.disable_known_hosts = True - -# What remote servers should Fabric connect to? With what usernames? -env.user = 'ubuntu' -env.hosts = public_dns_names - -# SSH key files to try when connecting: -# http://docs.fabfile.org/en/1.10/usage/env.html#key-filename -env.key_filename = ssh_key_path - - -@task -@parallel -def put_benchmark_utils(): - put('benchmark_utils.py') - - -@task -@parallel -def prepare_backlog(num_transactions=10000): - run('python3 benchmark_utils.py add-backlog {}'.format(num_transactions)) - - -@task -@parallel -def start_bigchaindb(): - run('screen -d -m bigchaindb start &', pty=False) - - -@task -@parallel -def kill_bigchaindb(): - run('killall bigchaindb') diff --git a/benchmarking-tests/test1/README.md b/benchmarking-tests/test1/README.md deleted file mode 100644 index 38a4569b..00000000 --- a/benchmarking-tests/test1/README.md +++ /dev/null @@ -1,20 +0,0 @@ -# Transactions per second - -Measure how many blocks per second are created on the _bigchain_ with a pre filled backlog. - -1. Deploy an aws cluster https://docs.bigchaindb.com/projects/server/en/latest/clusters-feds/aws-testing-cluster.html -2. Make a symbolic link to hostlist.py: `ln -s ../deploy-cluster-aws/hostlist.py .` -3. Make a symbolic link to bigchaindb.pem: -```bash -mkdir pem -cd pem -ln -s ../deploy-cluster-aws/pem/bigchaindb.pem . -``` - -Then: - -```bash -fab put_benchmark_utils -fab prepare_backlog: # wait for process to finish -fab start_bigchaindb -``` diff --git a/codecov.yml b/codecov.yml index 547c6b99..0ab4582d 100644 --- a/codecov.yml +++ b/codecov.yml @@ -29,8 +29,6 @@ coverage: - "docs/*" - "tests/*" - "bigchaindb/version.py" - - "benchmarking-tests/*" - - "speed-tests/*" - "ntools/*" - "k8s/*" From 2560f02c36c08867c544858159cdb576160668ec Mon Sep 17 00:00:00 2001 From: Jack Riches Date: Mon, 3 Apr 2017 17:19:03 +0100 Subject: [PATCH 181/283] Fix syntax error (missing comma) --- bigchaindb/commands/utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bigchaindb/commands/utils.py b/bigchaindb/commands/utils.py index 15887340..9bec5a03 100644 --- a/bigchaindb/commands/utils.py +++ b/bigchaindb/commands/utils.py @@ -198,7 +198,7 @@ base_parser.add_argument('-c', '--config', '(use "-" for stdout)') base_parser.add_argument('-l', '--log-level', - type=str.upper # convert to uppercase for comparison to choices + type=str.upper, # convert to uppercase for comparison to choices choices=['DEBUG', 'INFO', 'WARNING', 'ERROR', 'CRITICAL'], default='INFO', help='Log level') From d5c8d3067e06a95ae72d39e0bf9698bb6000ba68 Mon Sep 17 00:00:00 2001 From: Jack Riches Date: Mon, 3 Apr 2017 23:06:36 +0100 Subject: [PATCH 182/283] Use two spaces before inline comment (PEP8) (fix flake8 error) --- bigchaindb/commands/utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bigchaindb/commands/utils.py b/bigchaindb/commands/utils.py index 9bec5a03..f163a825 100644 --- a/bigchaindb/commands/utils.py +++ b/bigchaindb/commands/utils.py @@ -198,7 +198,7 @@ base_parser.add_argument('-c', '--config', '(use "-" for stdout)') base_parser.add_argument('-l', '--log-level', - type=str.upper, # convert to uppercase for comparison to choices + type=str.upper, # convert to uppercase for comparison to choices choices=['DEBUG', 'INFO', 'WARNING', 'ERROR', 'CRITICAL'], default='INFO', help='Log level') From bb68a44b9674fd0a10f38254188b5526400eaba8 Mon Sep 17 00:00:00 2001 From: Anuj Date: Tue, 4 Apr 2017 13:55:24 +0530 Subject: [PATCH 183/283] Renamed bigchain import to bigchaindb --- tests/commands/test_commands.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/commands/test_commands.py b/tests/commands/test_commands.py index 2670725a..6fb424d6 100644 --- a/tests/commands/test_commands.py +++ b/tests/commands/test_commands.py @@ -152,7 +152,7 @@ def test_drop_db_when_interactive_yes(mock_db_drop, monkeypatch): @patch('bigchaindb.backend.schema.drop_database') def test_drop_db_when_db_does_not_exist(mock_db_drop, capsys): from bigchaindb import config - from bigchaindb.commands.bigchain import run_drop + from bigchaindb.commands.bigchaindb import run_drop from bigchaindb.common.exceptions import DatabaseDoesNotExist args = Namespace(config=None, yes=True) mock_db_drop.side_effect = DatabaseDoesNotExist From 6f916d5781c3cea4e7c7d6447652953fe0b5be30 Mon Sep 17 00:00:00 2001 From: Rodolphe Marques Date: Tue, 4 Apr 2017 11:25:26 +0200 Subject: [PATCH 184/283] Fixed documentation about transactions endpoint. (#1360) * Fixed documentation about transactions endpoint. * clarify how bigchaindb handles invalid transactions * rephrase --- .../source/drivers-clients/http-client-server-api.rst | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/docs/server/source/drivers-clients/http-client-server-api.rst b/docs/server/source/drivers-clients/http-client-server-api.rst index 26ccd2f5..39e4395e 100644 --- a/docs/server/source/drivers-clients/http-client-server-api.rst +++ b/docs/server/source/drivers-clients/http-client-server-api.rst @@ -46,8 +46,12 @@ Transactions Get the transaction with the ID ``tx_id``. - This endpoint returns a transaction only if a ``VALID`` block on - ``bigchain`` exists. + This endpoint returns a transaction if it was included in a ``VALID`` block, + if it is still waiting to be processed (``BACKLOG``) or is still in an + undecided block (``UNDECIDED``). All instances of a transaction in invalid + blocks are ignored and treated as if they don't exist. If a request is made + for a transaction and instances of that transaction are found only in + invalid blocks, then the response will be ``404 Not Found``. :param tx_id: transaction ID :type tx_id: hex string From 1e07a5b111efff10451b6ca94f5dade14c8d0c58 Mon Sep 17 00:00:00 2001 From: vrde Date: Tue, 28 Mar 2017 14:51:02 +0200 Subject: [PATCH 185/283] Add ssl, login, and passwd to configure command --- bigchaindb/__init__.py | 39 +++++++++++++++++++++++----- bigchaindb/commands/bigchaindb.py | 17 +++++-------- bigchaindb/commands/utils.py | 42 +++++++++++++++++++++++++++++-- tests/commands/test_utils.py | 27 ++++++++++++++++++++ tests/test_config_utils.py | 12 +++++++++ 5 files changed, 118 insertions(+), 19 deletions(-) diff --git a/bigchaindb/__init__.py b/bigchaindb/__init__.py index c0e4fd56..1be419b3 100644 --- a/bigchaindb/__init__.py +++ b/bigchaindb/__init__.py @@ -5,24 +5,51 @@ import os # PORT_NUMBER = reduce(lambda x, y: x * y, map(ord, 'BigchainDB')) % 2**16 # basically, the port number is 9984 -_database_rethinkdb = { - 'backend': os.environ.get('BIGCHAINDB_DATABASE_BACKEND', 'rethinkdb'), + +_base_database_rethinkdb = { 'host': os.environ.get('BIGCHAINDB_DATABASE_HOST', 'localhost'), 'port': int(os.environ.get('BIGCHAINDB_DATABASE_PORT', 28015)), 'name': os.environ.get('BIGCHAINDB_DATABASE_NAME', 'bigchain'), - 'connection_timeout': 5000, - 'max_tries': 3, } -_database_mongodb = { - 'backend': os.environ.get('BIGCHAINDB_DATABASE_BACKEND', 'mongodb'), +# The following variable is used by `bigchaindb configure` to +# prompt the user for database values. We cannot rely on +# _base_database_rethinkdb.keys() or _base_database_mongodb.keys() +# because dicts are unordered. I tried to configure + +_base_database_rethinkdb_keys = ('host', 'port', 'name') + +_base_database_mongodb = { 'host': os.environ.get('BIGCHAINDB_DATABASE_HOST', 'localhost'), 'port': int(os.environ.get('BIGCHAINDB_DATABASE_PORT', 27017)), 'name': os.environ.get('BIGCHAINDB_DATABASE_NAME', 'bigchain'), 'replicaset': os.environ.get('BIGCHAINDB_DATABASE_REPLICASET', 'bigchain-rs'), + 'ssl': bool(os.environ.get('BIGCHAINDB_DATABASE_SSL', False)), + 'login': os.environ.get('BIGCHAINDB_DATABASE_LOGIN'), + 'password': os.environ.get('BIGCHAINDB_DATABASE_PASSWORD') +} + +_base_database_mongodb_keys = ('host', 'port', 'name', 'replicaset', + 'ssl', 'login', 'password') + +_database_rethinkdb = { + 'backend': os.environ.get('BIGCHAINDB_DATABASE_BACKEND', 'rethinkdb'), 'connection_timeout': 5000, 'max_tries': 3, } +_database_rethinkdb.update(_base_database_rethinkdb) + +_database_mongodb = { + 'backend': os.environ.get('BIGCHAINDB_DATABASE_BACKEND', 'mongodb'), + 'connection_timeout': 5000, + 'max_tries': 3, +} +_database_mongodb.update(_base_database_mongodb) + +_database_keys_map = { + 'mongodb': _base_database_mongodb_keys, + 'rethinkdb': _base_database_rethinkdb_keys +} _database_map = { 'mongodb': _database_mongodb, diff --git a/bigchaindb/commands/bigchaindb.py b/bigchaindb/commands/bigchaindb.py index ce0cbfa0..d4e37daa 100644 --- a/bigchaindb/commands/bigchaindb.py +++ b/bigchaindb/commands/bigchaindb.py @@ -88,26 +88,21 @@ def run_configure(args, skip_if_exists=False): # select the correct config defaults based on the backend print('Generating default configuration for backend {}' .format(args.backend), file=sys.stderr) + database_keys = bigchaindb._database_keys_map[args.backend] conf['database'] = bigchaindb._database_map[args.backend] if not args.yes: for key in ('bind', ): val = conf['server'][key] - conf['server'][key] = \ - input_on_stderr('API Server {}? (default `{}`): '.format(key, val)) \ - or val + conf['server'][key] = input_on_stderr('API Server {}? (default `{}`): '.format(key, val), val) - for key in ('host', 'port', 'name'): + for key in database_keys: val = conf['database'][key] - conf['database'][key] = \ - input_on_stderr('Database {}? (default `{}`): '.format(key, val)) \ - or val + conf['database'][key] = input_on_stderr('Database {}? (default `{}`): '.format(key, val), val) val = conf['backlog_reassign_delay'] - conf['backlog_reassign_delay'] = \ - input_on_stderr(('Stale transaction reassignment delay (in ' - 'seconds)? (default `{}`): '.format(val))) \ - or val + conf['backlog_reassign_delay'] = input_on_stderr( + 'Stale transaction reassignment delay (in seconds)? (default `{}`): '.format(val), val) if config_path != '-': bigchaindb.config_utils.write_config(conf, config_path) diff --git a/bigchaindb/commands/utils.py b/bigchaindb/commands/utils.py index f163a825..cd59856c 100644 --- a/bigchaindb/commands/utils.py +++ b/bigchaindb/commands/utils.py @@ -74,12 +74,50 @@ def start_logging_process(command): return start_logging +def _convert(value, default=None, convert=None): + def convert_bool(value): + if value.lower() in ('true', 't', 'yes', 'y'): + return True + if value.lower() in ('false', 'f', 'no', 'n'): + return False + raise ValueError('{} cannot be converted to bool'.format(value)) + + if value == '': + value = None + + if convert is None: + if default is not None: + convert = type(default) + else: + convert = str + + if convert == bool: + convert = convert_bool + + if value is None: + return default + else: + return convert(value) + + # We need this because `input` always prints on stdout, while it should print # to stderr. It's a very old bug, check it out here: # - https://bugs.python.org/issue1927 -def input_on_stderr(prompt=''): +def input_on_stderr(prompt='', default=None, convert=None): + """Output a string to stderr and wait for input. + + Args: + prompt (str): the message to display. + default: the default value to return if the user + leaves the field empty + convert (callable): a callable to be used to convert + the value the user inserted. If None, the type of + ``default`` will be used. + """ + print(prompt, end='', file=sys.stderr) - return builtins.input() + value = builtins.input() + return _convert(value, default, convert) def start_rethinkdb(): diff --git a/tests/commands/test_utils.py b/tests/commands/test_utils.py index f3b64c18..85aa8de4 100644 --- a/tests/commands/test_utils.py +++ b/tests/commands/test_utils.py @@ -13,6 +13,33 @@ def reset_bigchaindb_config(monkeypatch): monkeypatch.setattr('bigchaindb.config', bigchaindb._config) +def test_input_on_stderr(): + from bigchaindb.commands.utils import input_on_stderr, _convert + + with patch('builtins.input', return_value='I love cats'): + assert input_on_stderr() == 'I love cats' + + # input_on_stderr uses `_convert` internally, from now on we will + # just use that function + + assert _convert('hack the planet') == 'hack the planet' + assert _convert('42') == '42' + assert _convert('42', default=10) == 42 + assert _convert('', default=10) == 10 + assert _convert('42', convert=int) == 42 + assert _convert('True', convert=bool) is True + assert _convert('False', convert=bool) is False + assert _convert('t', convert=bool) is True + assert _convert('3.14', default=1.0) == 3.14 + assert _convert('TrUe', default=False) is True + + with pytest.raises(ValueError): + assert _convert('TRVE', default=False) + + with pytest.raises(ValueError): + assert _convert('ಠ_ಠ', convert=int) + + @pytest.mark.usefixtures('ignore_local_config_file', 'reset_bigchaindb_config') def test_configure_bigchaindb_configures_bigchaindb(): from bigchaindb.commands.utils import configure_bigchaindb diff --git a/tests/test_config_utils.py b/tests/test_config_utils.py index 4234e242..51e4d595 100644 --- a/tests/test_config_utils.py +++ b/tests/test_config_utils.py @@ -19,6 +19,15 @@ def clean_config(monkeypatch, request): monkeypatch.setattr('bigchaindb.config', original_config) +def test_ordered_keys_match_database_config(): + import bigchaindb + + assert set(bigchaindb._base_database_rethinkdb.keys()) ==\ + set(bigchaindb._base_database_rethinkdb_keys) + assert set(bigchaindb._base_database_mongodb.keys()) ==\ + set(bigchaindb._base_database_mongodb_keys) + + def test_bigchain_instance_is_initialized_when_conf_provided(request): import bigchaindb from bigchaindb import config_utils @@ -181,6 +190,9 @@ def test_autoconfigure_read_both_from_file_and_env(monkeypatch, request): 'connection_timeout': 5000, 'max_tries': 3, 'replicaset': 'bigchain-rs', + 'ssl': False, + 'login': None, + 'password': None } database = {} From cb87221bdf2761f4d399b4da5cf45d8040f0587d Mon Sep 17 00:00:00 2001 From: Rodolphe Marques Date: Tue, 4 Apr 2017 17:57:44 +0200 Subject: [PATCH 186/283] Voting pipeline now checks for duplicated transactions in blocks during validation. --- bigchaindb/models.py | 9 +++++---- tests/pipelines/test_vote.py | 12 ++++++++++++ tests/test_models.py | 2 +- 3 files changed, 18 insertions(+), 5 deletions(-) diff --git a/bigchaindb/models.py b/bigchaindb/models.py index c371e792..2f46ba20 100644 --- a/bigchaindb/models.py +++ b/bigchaindb/models.py @@ -187,6 +187,11 @@ class Block(object): if not self.is_signature_valid(): raise InvalidSignature('Invalid block signature') + # Check that the block contains no duplicated transactions + txids = [tx.id for tx in self.transactions] + if len(txids) != len(set(txids)): + raise DuplicateTransaction('Block has duplicate transaction') + def _validate_block_transactions(self, bigchain): """Validate Block transactions. @@ -196,10 +201,6 @@ class Block(object): Raises: ValidationError: If an invalid transaction is found """ - txids = [tx.id for tx in self.transactions] - if len(txids) != len(set(txids)): - raise DuplicateTransaction('Block has duplicate transaction') - for tx in self.transactions: # If a transaction is not valid, `validate_transactions` will # throw an an exception and block validation will be canceled. diff --git a/tests/pipelines/test_vote.py b/tests/pipelines/test_vote.py index fa167d17..7df7ca11 100644 --- a/tests/pipelines/test_vote.py +++ b/tests/pipelines/test_vote.py @@ -111,6 +111,18 @@ def test_validate_block_with_invalid_id(b): assert invalid_dummy_tx == [vote_obj.invalid_dummy_tx] +@pytest.mark.genesis +def test_validate_block_with_duplicated_transactions(b): + from bigchaindb.pipelines import vote + + tx = dummy_tx(b) + block = b.create_block([tx, tx]).to_dict() + + vote_obj = vote.Vote() + block_id, invalid_dummy_tx = vote_obj.validate_block(block) + assert invalid_dummy_tx == [vote_obj.invalid_dummy_tx] + + @pytest.mark.genesis def test_validate_block_with_invalid_signature(b): from bigchaindb.pipelines import vote diff --git a/tests/test_models.py b/tests/test_models.py index db6a6975..6e559cb2 100644 --- a/tests/test_models.py +++ b/tests/test_models.py @@ -152,4 +152,4 @@ class TestBlockModel(object): tx = Transaction.create([b.me], [([b.me], 1)]) block = b.create_block([tx, tx]) with raises(DuplicateTransaction): - block._validate_block_transactions(b) + block._validate_block(b) From 5d2f66524c04be4ef30f73732d5fb13ddab8ecae Mon Sep 17 00:00:00 2001 From: vrde Date: Tue, 4 Apr 2017 18:58:34 +0200 Subject: [PATCH 187/283] Cleanup configuration keys for db --- bigchaindb/__init__.py | 13 ++++--------- tests/test_config_utils.py | 10 ---------- 2 files changed, 4 insertions(+), 19 deletions(-) diff --git a/bigchaindb/__init__.py b/bigchaindb/__init__.py index 1be419b3..4c555e47 100644 --- a/bigchaindb/__init__.py +++ b/bigchaindb/__init__.py @@ -17,7 +17,10 @@ _base_database_rethinkdb = { # _base_database_rethinkdb.keys() or _base_database_mongodb.keys() # because dicts are unordered. I tried to configure -_base_database_rethinkdb_keys = ('host', 'port', 'name') +_database_keys_map = { + 'mongodb': ('host', 'port', 'name', 'replicaset'), + 'rethinkdb': ('host', 'port', 'name') +} _base_database_mongodb = { 'host': os.environ.get('BIGCHAINDB_DATABASE_HOST', 'localhost'), @@ -29,9 +32,6 @@ _base_database_mongodb = { 'password': os.environ.get('BIGCHAINDB_DATABASE_PASSWORD') } -_base_database_mongodb_keys = ('host', 'port', 'name', 'replicaset', - 'ssl', 'login', 'password') - _database_rethinkdb = { 'backend': os.environ.get('BIGCHAINDB_DATABASE_BACKEND', 'rethinkdb'), 'connection_timeout': 5000, @@ -46,11 +46,6 @@ _database_mongodb = { } _database_mongodb.update(_base_database_mongodb) -_database_keys_map = { - 'mongodb': _base_database_mongodb_keys, - 'rethinkdb': _base_database_rethinkdb_keys -} - _database_map = { 'mongodb': _database_mongodb, 'rethinkdb': _database_rethinkdb diff --git a/tests/test_config_utils.py b/tests/test_config_utils.py index 51e4d595..04c70325 100644 --- a/tests/test_config_utils.py +++ b/tests/test_config_utils.py @@ -11,7 +11,6 @@ ORIGINAL_CONFIG = copy.deepcopy(bigchaindb._config) @pytest.fixture(scope='function', autouse=True) def clean_config(monkeypatch, request): - import bigchaindb original_config = copy.deepcopy(ORIGINAL_CONFIG) backend = request.config.getoption('--database-backend') @@ -19,15 +18,6 @@ def clean_config(monkeypatch, request): monkeypatch.setattr('bigchaindb.config', original_config) -def test_ordered_keys_match_database_config(): - import bigchaindb - - assert set(bigchaindb._base_database_rethinkdb.keys()) ==\ - set(bigchaindb._base_database_rethinkdb_keys) - assert set(bigchaindb._base_database_mongodb.keys()) ==\ - set(bigchaindb._base_database_mongodb_keys) - - def test_bigchain_instance_is_initialized_when_conf_provided(request): import bigchaindb from bigchaindb import config_utils From 09a440ee91b7bc3bd64069f70177338887981d04 Mon Sep 17 00:00:00 2001 From: Rodolphe Marques Date: Wed, 5 Apr 2017 16:52:56 +0200 Subject: [PATCH 188/283] Fix get_spent incorrectly raising CriticalDoubleSpent --- bigchaindb/core.py | 55 +++++++++++++++++++++++++++++----------------- 1 file changed, 35 insertions(+), 20 deletions(-) diff --git a/bigchaindb/core.py b/bigchaindb/core.py index e6783a6d..91f19f66 100644 --- a/bigchaindb/core.py +++ b/bigchaindb/core.py @@ -324,8 +324,12 @@ class Bigchain(object): def get_spent(self, txid, output): """Check if a `txid` was already used as an input. - A transaction can be used as an input for another transaction. Bigchain needs to make sure that a - given `txid` is only used once. + A transaction can be used as an input for another transaction. Bigchain + needs to make sure that a given `txid` is only used once. + + This method will check if the `txid` and `output` has already been + spent in a transaction that is in either the `VALID`, `UNDECIDED` or + `BACKLOG` state. Args: txid (str): The id of the transaction @@ -334,32 +338,43 @@ class Bigchain(object): Returns: The transaction (Transaction) that used the `txid` as an input else `None` + + Raises: + CriticalDoubleSpend: If the given `txid` and `output` was spent in + more than one valid transaction. """ # checks if an input was already spent # checks if the bigchain has any transaction with input {'txid': ..., # 'output': ...} - transactions = list(backend.query.get_spent(self.connection, txid, output)) + transactions = list(backend.query.get_spent(self.connection, txid, + output)) # a transaction_id should have been spent at most one time - if transactions: - # determine if these valid transactions appear in more than one valid block - num_valid_transactions = 0 - for transaction in transactions: - # ignore invalid blocks - # FIXME: Isn't there a faster solution than doing I/O again? - if self.get_transaction(transaction['id']): - num_valid_transactions += 1 - if num_valid_transactions > 1: - raise core_exceptions.CriticalDoubleSpend( - '`{}` was spent more than once. There is a problem' - ' with the chain'.format(txid)) + # determine if these valid transactions appear in more than one valid + # block + num_valid_transactions = 0 + non_invalid_transactions = [] + for transaction in transactions: + # ignore transactions in invalid blocks + # FIXME: Isn't there a faster solution than doing I/O again? + _, status = self.get_transaction(transaction['id'], + include_status=True) + if status == self.TX_VALID: + num_valid_transactions += 1 + # `txid` can only have been spent in at most on valid block. + if num_valid_transactions > 1: + raise core_exceptions.CriticalDoubleSpend( + '`{}` was spent more than once. There is a problem' + ' with the chain'.format(txid)) + # if its not and invalid transaction + if status is not None: + non_invalid_transactions.append(transaction) - if num_valid_transactions: - return Transaction.from_dict(transactions[0]) - else: - # all queried transactions were invalid - return None + if non_invalid_transactions: + return Transaction.from_dict(non_invalid_transactions[0]) else: + # Either no transaction was returned spending the `txid` as + # input or the returned transactions are not valid. return None def get_outputs(self, owner): From de04dcda0c0a51bdf24d5f0c15772c624a5a558d Mon Sep 17 00:00:00 2001 From: Rodolphe Marques Date: Thu, 6 Apr 2017 16:07:35 +0200 Subject: [PATCH 189/283] Fixed docstring. Removed redundant `else` branch. --- bigchaindb/core.py | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/bigchaindb/core.py b/bigchaindb/core.py index 91f19f66..5d2e9c03 100644 --- a/bigchaindb/core.py +++ b/bigchaindb/core.py @@ -325,9 +325,9 @@ class Bigchain(object): """Check if a `txid` was already used as an input. A transaction can be used as an input for another transaction. Bigchain - needs to make sure that a given `txid` is only used once. + needs to make sure that a given `(txid, output)` is only used once. - This method will check if the `txid` and `output` has already been + This method will check if the `(txid, output)` has already been spent in a transaction that is in either the `VALID`, `UNDECIDED` or `BACKLOG` state. @@ -336,11 +336,11 @@ class Bigchain(object): output (num): the index of the output in the respective transaction Returns: - The transaction (Transaction) that used the `txid` as an input else - `None` + The transaction (Transaction) that used the `(txid, output)` as an + input else `None` Raises: - CriticalDoubleSpend: If the given `txid` and `output` was spent in + CriticalDoubleSpend: If the given `(txid, output)` was spent in more than one valid transaction. """ # checks if an input was already spent @@ -372,10 +372,9 @@ class Bigchain(object): if non_invalid_transactions: return Transaction.from_dict(non_invalid_transactions[0]) - else: - # Either no transaction was returned spending the `txid` as - # input or the returned transactions are not valid. - return None + + # Either no transaction was returned spending the `(txid, output)` as + # input or the returned transactions are not valid. def get_outputs(self, owner): """Retrieve a list of links to transaction outputs for a given public From 0cbf144ddf364813d2651793494ad71ab0d58553 Mon Sep 17 00:00:00 2001 From: Rodolphe Marques Date: Tue, 28 Mar 2017 16:05:44 +0200 Subject: [PATCH 190/283] Initial implementation of an event_handler --- bigchaindb/events.py | 33 +++++++++++++++++++ bigchaindb/pipelines/election.py | 24 +++++++++++--- .../pipelines/events_consumer_example.py | 14 ++++++++ bigchaindb/processes.py | 16 ++++++++- 4 files changed, 81 insertions(+), 6 deletions(-) create mode 100644 bigchaindb/events.py create mode 100644 bigchaindb/pipelines/events_consumer_example.py diff --git a/bigchaindb/events.py b/bigchaindb/events.py new file mode 100644 index 00000000..a061ad50 --- /dev/null +++ b/bigchaindb/events.py @@ -0,0 +1,33 @@ +from enum import Enum +from multiprocessing import Queue + + +class EventTypes(Enum): + BLOCK_VALID = 1 + BLOCK_INVALID = 2 + + +class Event(object): + + def __init__(self, event_type, event_data): + self.type = event_type + self.data = event_data + + +class EventHandler(object): + + def __init__(self, events_queue): + self.events_queue = events_queue + + def put_event(self, event, timeout=None): + # TODO: handle timeouts + self.events_queue.put(event, timeout=None) + + def get_event(self, timeout=None): + # TODO: handle timeouts + return self.events_queue.get(timeout=None) + + +def setup_events_queue(): + # TODO: set bounds to the queue + return Queue() diff --git a/bigchaindb/pipelines/election.py b/bigchaindb/pipelines/election.py index a5818b3e..b17f5722 100644 --- a/bigchaindb/pipelines/election.py +++ b/bigchaindb/pipelines/election.py @@ -13,6 +13,7 @@ from bigchaindb import backend from bigchaindb.backend.changefeed import ChangeFeed from bigchaindb.models import Block from bigchaindb import Bigchain +from bigchaindb.events import EventHandler, Event, EventTypes logger = logging.getLogger(__name__) @@ -22,8 +23,9 @@ logger_results = logging.getLogger('pipeline.election.results') class Election: """Election class.""" - def __init__(self): + def __init__(self, events_queue): self.bigchain = Bigchain() + self.event_handler = EventHandler(events_queue) def check_for_quorum(self, next_vote): """ @@ -42,6 +44,7 @@ class Election: next_block = self.bigchain.get_block(block_id) result = self.bigchain.block_election(next_block) + self.handle_block_events(result, block_id) if result['status'] == self.bigchain.BLOCK_INVALID: return Block.from_dict(next_block) @@ -67,9 +70,20 @@ class Election: self.bigchain.write_transaction(tx) return invalid_block + def handle_block_events(self, result, block_id): + if result['status'] == self.bigchain.BLOCK_UNDECIDED: + return + elif result['status'] == self.bigchain.BLOCK_INVALID: + event_type = EventTypes.BLOCK_INVALID + elif result['status'] == self.bigchain.BLOCK_VALID: + event_type = EventTypes.BLOCK_VALID -def create_pipeline(): - election = Election() + event = Event(event_type, {'block_id': block_id}) + self.event_handler.put_event(event) + + +def create_pipeline(events_queue): + election = Election(events_queue) election_pipeline = Pipeline([ Node(election.check_for_quorum), @@ -84,8 +98,8 @@ def get_changefeed(): return backend.get_changefeed(connection, 'votes', ChangeFeed.INSERT) -def start(): - pipeline = create_pipeline() +def start(events_queue): + pipeline = create_pipeline(events_queue) pipeline.setup(indata=get_changefeed()) pipeline.start() return pipeline diff --git a/bigchaindb/pipelines/events_consumer_example.py b/bigchaindb/pipelines/events_consumer_example.py new file mode 100644 index 00000000..7e833c82 --- /dev/null +++ b/bigchaindb/pipelines/events_consumer_example.py @@ -0,0 +1,14 @@ +import multiprocessing as mp + +from bigchaindb.events import EventHandler + + +def consume_events(events_queue): + event_handler = EventHandler(events_queue) + while True: + event = event_handler.get_event() + print('Event type: {} Event data: {}'.format(event.type, event.data)) + + +def events_consumer(events_queue): + return mp.Process(target=consume_events, args=(events_queue,)) diff --git a/bigchaindb/processes.py b/bigchaindb/processes.py index 01d7a55a..687422ca 100644 --- a/bigchaindb/processes.py +++ b/bigchaindb/processes.py @@ -3,6 +3,8 @@ import multiprocessing as mp import bigchaindb from bigchaindb.pipelines import vote, block, election, stale +from bigchaindb.pipelines.events_consumer_example import events_consumer +from bigchaindb.events import setup_events_queue from bigchaindb.web import server @@ -25,6 +27,13 @@ BANNER = """ def start(): logger.info('Initializing BigchainDB...') + # Create the events queue + # The events queue needs to be initialized once and shared between + # processes. This seems the best way to do it + # At this point only the election processs and the event consumer require + # this queue. + events_queue = setup_events_queue() + # start the processes logger.info('Starting block') block.start() @@ -36,12 +45,17 @@ def start(): stale.start() logger.info('Starting election') - election.start() + election.start(events_queue) # start the web api app_server = server.create_server(bigchaindb.config['server']) p_webapi = mp.Process(name='webapi', target=app_server.run) p_webapi.start() + # start the example events consumer + logger.info('Starting the events consumer example') + p_events_consumer = events_consumer(events_queue) + p_events_consumer.start() + # start message logger.info(BANNER.format(bigchaindb.config['server']['bind'])) From 5d39b42b7a8f32389a28b456ca1cd855a8f47b31 Mon Sep 17 00:00:00 2001 From: vrde Date: Thu, 30 Mar 2017 17:27:03 +0200 Subject: [PATCH 191/283] Add dependencies and first test --- bigchaindb/web/websocket_server.py | 56 ++++++++++++++++++++++++++++++ setup.py | 1 + tests/web/test_websocket_server.py | 15 ++++++++ 3 files changed, 72 insertions(+) create mode 100644 bigchaindb/web/websocket_server.py create mode 100644 tests/web/test_websocket_server.py diff --git a/bigchaindb/web/websocket_server.py b/bigchaindb/web/websocket_server.py new file mode 100644 index 00000000..7a5b3d77 --- /dev/null +++ b/bigchaindb/web/websocket_server.py @@ -0,0 +1,56 @@ +"""WebSocket server for the BigchainDB Event Stream API.""" + +import asyncio +from uuid import uuid4 + +from aiohttp import web + + +class PoisonPill: + pass + + +POISON_PILL = PoisonPill() + + +class Dispatcher: + + def __init__(self, event_source): + self.event_source = event_source + self.subscribers = {} + + def subscribe(self, uuid, ws): + self.subscribers[uuid] = ws + + @asyncio.coroutine + def publish(self): + while True: + event = yield from self.event_source.get() + if event == POISON_PILL: + return + for uuid, ws in self.subscribers.items(): + ws.send_str(event) + + +@asyncio.coroutine +def websocket_handler(request): + ws = web.WebSocketResponse() + yield from ws.prepare(request) + uuid = uuid4() + request.app['dispatcher'].subscribe(uuid, ws) + while True: + # Consume input buffer + yield from ws.receive() + return ws + + +def init_app(event_source, loop=None): + dispatcher = Dispatcher(event_source) + + # Schedule the dispatcher + loop.create_task(dispatcher.publish()) + + app = web.Application(loop=loop) + app['dispatcher'] = dispatcher + app.router.add_get('/', websocket_handler) + return app diff --git a/setup.py b/setup.py index c05b554a..ee8871d4 100644 --- a/setup.py +++ b/setup.py @@ -54,6 +54,7 @@ tests_require = [ 'pytest-mock', 'pytest-xdist', 'pytest-flask', + 'pytest-aiohttp', 'tox', ] + docs_require diff --git a/tests/web/test_websocket_server.py b/tests/web/test_websocket_server.py new file mode 100644 index 00000000..fb6d555b --- /dev/null +++ b/tests/web/test_websocket_server.py @@ -0,0 +1,15 @@ +import asyncio + + +@asyncio.coroutine +def test_websocket(test_client, loop): + from bigchaindb.web.websocket_server import init_app, POISON_PILL + + event_source = asyncio.Queue(loop=loop) + app = init_app(event_source, loop=loop) + client = yield from test_client(app) + ws = yield from client.ws_connect('/') + yield from event_source.put('antani') + yield from event_source.put(POISON_PILL) + result = yield from ws.receive() + assert result.data == 'antani' From 83397de397179d219938dc63280a61f5f8b56f58 Mon Sep 17 00:00:00 2001 From: vrde Date: Fri, 31 Mar 2017 15:56:29 +0200 Subject: [PATCH 192/283] Add more tests and utils --- bigchaindb/web/websocket_server.py | 61 +++++++++++++++++++++++---- tests/web/test_websocket_server.py | 67 ++++++++++++++++++++++++++++-- 2 files changed, 118 insertions(+), 10 deletions(-) diff --git a/bigchaindb/web/websocket_server.py b/bigchaindb/web/websocket_server.py index 7a5b3d77..9d8f5ef9 100644 --- a/bigchaindb/web/websocket_server.py +++ b/bigchaindb/web/websocket_server.py @@ -1,29 +1,48 @@ """WebSocket server for the BigchainDB Event Stream API.""" import asyncio +import logging from uuid import uuid4 +import aiohttp from aiohttp import web -class PoisonPill: - pass - - -POISON_PILL = PoisonPill() +logger = logging.getLogger(__name__) +POISON_PILL = 'POISON_PILL' class Dispatcher: + """Dispatch events to websockets. + + This class implements a simple publish/subscribe pattern. + """ def __init__(self, event_source): + """Create a new instance. + + Args: + event_source: a source of events. Elements in the queue + should be strings. + """ + self.event_source = event_source self.subscribers = {} def subscribe(self, uuid, ws): + """Add a websocket to the list of subscribers. + + Args: + uuid (str): a unique identifier for the websocket. + ws: the websocket to publish information. + """ + self.subscribers[uuid] = ws @asyncio.coroutine def publish(self): + """Publish new events to the subscribers.""" + while True: event = yield from self.event_source.get() if event == POISON_PILL: @@ -34,17 +53,29 @@ class Dispatcher: @asyncio.coroutine def websocket_handler(request): + """Handle a new socket connection.""" + + logger.debug('New websocket connection.') ws = web.WebSocketResponse() yield from ws.prepare(request) uuid = uuid4() request.app['dispatcher'].subscribe(uuid, ws) + while True: # Consume input buffer - yield from ws.receive() - return ws + msg = yield from ws.receive() + if msg.type == aiohttp.WSMsgType.ERROR: + logger.debug('Websocket exception: {}'.format(ws.exception())) + return def init_app(event_source, loop=None): + """Init the application server. + + Return: + An aiohttp application. + """ + dispatcher = Dispatcher(event_source) # Schedule the dispatcher @@ -54,3 +85,19 @@ def init_app(event_source, loop=None): app['dispatcher'] = dispatcher app.router.add_get('/', websocket_handler) return app + + +@asyncio.coroutine +def constant_event_source(event_source): + while True: + yield from asyncio.sleep(1) + yield from event_source.put('meow') + + +if __name__ == '__main__': + loop = asyncio.get_event_loop() + event_source = asyncio.Queue() + + loop.create_task(constant_event_source(event_source)) + app = init_app(event_source, loop=loop) + aiohttp.web.run_app(app, port=9985) diff --git a/tests/web/test_websocket_server.py b/tests/web/test_websocket_server.py index fb6d555b..382a20f0 100644 --- a/tests/web/test_websocket_server.py +++ b/tests/web/test_websocket_server.py @@ -1,6 +1,41 @@ +import pytest import asyncio +class MockWebSocket: + def __init__(self): + self.received = [] + + def send_str(self, s): + self.received.append(s) + + +@asyncio.coroutine +@pytest.mark.skipif(reason='This test raises a RuntimeError, dunno how to solve it now.') +def test_dispatcher(loop): + from bigchaindb.web.websocket_server import Dispatcher, POISON_PILL + + ws0 = MockWebSocket() + ws1 = MockWebSocket() + + event_source = asyncio.Queue(loop=loop) + dispatcher = Dispatcher(event_source) + + dispatcher.subscribe(0, ws0) + dispatcher.subscribe(1, ws1) + + yield from event_source.put('hack') + yield from event_source.put('the') + + yield from event_source.put('planet!') + yield from event_source.put(POISON_PILL) + + loop.run_until_complete(dispatcher.publish()) + + assert ws0.received == ['hack', 'the', 'planet!'] + assert ws1.received == ['planet!'] + + @asyncio.coroutine def test_websocket(test_client, loop): from bigchaindb.web.websocket_server import init_app, POISON_PILL @@ -9,7 +44,33 @@ def test_websocket(test_client, loop): app = init_app(event_source, loop=loop) client = yield from test_client(app) ws = yield from client.ws_connect('/') - yield from event_source.put('antani') - yield from event_source.put(POISON_PILL) + + yield from event_source.put('hack') + yield from event_source.put('the') + yield from event_source.put('planet!') + result = yield from ws.receive() - assert result.data == 'antani' + assert result.data == 'hack' + + result = yield from ws.receive() + assert result.data == 'the' + + result = yield from ws.receive() + assert result.data == 'planet!' + + yield from event_source.put(POISON_PILL) + + +@asyncio.coroutine +@pytest.mark.skipif(reason="Still don't understand how to trigger custom errors.") +def test_websocket_error(test_client, loop): + from bigchaindb.web.websocket_server import init_app, POISON_PILL + + event_source = asyncio.Queue(loop=loop) + app = init_app(event_source, loop=loop) + client = yield from test_client(app) + ws = yield from client.ws_connect('/') + + yield from ws.close() + + yield from event_source.put(POISON_PILL) From 96daa986994413cefdfc6f933091840233a53ff5 Mon Sep 17 00:00:00 2001 From: Rodolphe Marques Date: Wed, 29 Mar 2017 12:09:14 +0200 Subject: [PATCH 193/283] Adverstise Event stream api in api info endpoint. Updated tests. --- bigchaindb/web/views/base.py | 5 +++++ bigchaindb/web/views/info.py | 9 ++++++--- tests/web/test_info.py | 1 + 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/bigchaindb/web/views/base.py b/bigchaindb/web/views/base.py index 171a3bb6..5a0ec97b 100644 --- a/bigchaindb/web/views/base.py +++ b/bigchaindb/web/views/base.py @@ -21,3 +21,8 @@ def make_error(status_code, message=None): def base_url(): return '%s://%s/' % (request.environ['wsgi.url_scheme'], request.environ['HTTP_HOST']) + + +def base_ws_uri(): + """Base websocket uri.""" + return '%s://%s/' % ('ws', request.environ['HTTP_HOST']) diff --git a/bigchaindb/web/views/info.py b/bigchaindb/web/views/info.py index 04a15749..b35c6378 100644 --- a/bigchaindb/web/views/info.py +++ b/bigchaindb/web/views/info.py @@ -4,7 +4,7 @@ import flask from flask_restful import Resource import bigchaindb -from bigchaindb.web.views.base import base_url +from bigchaindb.web.views.base import base_url, base_ws_uri from bigchaindb import version @@ -30,16 +30,19 @@ class RootIndex(Resource): class ApiV1Index(Resource): def get(self): api_root = base_url() + 'api/v1/' + websocket_root = base_ws_uri() + 'api/v1/' docs_url = [ 'https://docs.bigchaindb.com/projects/server/en/v', version.__version__, '/drivers-clients/http-client-server-api.html', ] - return { + return flask.jsonify({ '_links': { 'docs': ''.join(docs_url), 'self': api_root, 'statuses': api_root + 'statuses/', 'transactions': api_root + 'transactions/', + # TODO: The version should probably not be hardcoded + 'streams_v1': websocket_root + 'streams/', }, - } + }) diff --git a/tests/web/test_info.py b/tests/web/test_info.py index c55f467f..93e14cbd 100644 --- a/tests/web/test_info.py +++ b/tests/web/test_info.py @@ -31,5 +31,6 @@ def test_api_v1_endpoint(client): 'self': 'http://localhost/api/v1/', 'statuses': 'http://localhost/api/v1/statuses/', 'transactions': 'http://localhost/api/v1/transactions/', + 'streams_v1': 'ws://localhost/api/v1/streams/', } } From 83a7cffc3fe88c2ffeda8a15a19d72c9f010309d Mon Sep 17 00:00:00 2001 From: Rodolphe Marques Date: Mon, 3 Apr 2017 14:29:31 +0200 Subject: [PATCH 194/283] fix tests --- bigchaindb/pipelines/election.py | 31 +++++++++++++++++-------------- bigchaindb/processes.py | 2 +- tests/test_processes.py | 10 ++++++---- 3 files changed, 24 insertions(+), 19 deletions(-) diff --git a/bigchaindb/pipelines/election.py b/bigchaindb/pipelines/election.py index b17f5722..8f3116cc 100644 --- a/bigchaindb/pipelines/election.py +++ b/bigchaindb/pipelines/election.py @@ -23,9 +23,11 @@ logger_results = logging.getLogger('pipeline.election.results') class Election: """Election class.""" - def __init__(self, events_queue): + def __init__(self, events_queue=None): self.bigchain = Bigchain() - self.event_handler = EventHandler(events_queue) + self.event_handler = None + if events_queue: + self.event_handler = EventHandler(events_queue) def check_for_quorum(self, next_vote): """ @@ -71,19 +73,20 @@ class Election: return invalid_block def handle_block_events(self, result, block_id): - if result['status'] == self.bigchain.BLOCK_UNDECIDED: - return - elif result['status'] == self.bigchain.BLOCK_INVALID: - event_type = EventTypes.BLOCK_INVALID - elif result['status'] == self.bigchain.BLOCK_VALID: - event_type = EventTypes.BLOCK_VALID + if self.event_handler: + if result['status'] == self.bigchain.BLOCK_UNDECIDED: + return + elif result['status'] == self.bigchain.BLOCK_INVALID: + event_type = EventTypes.BLOCK_INVALID + elif result['status'] == self.bigchain.BLOCK_VALID: + event_type = EventTypes.BLOCK_VALID - event = Event(event_type, {'block_id': block_id}) - self.event_handler.put_event(event) + event = Event(event_type, {'block_id': block_id}) + self.event_handler.put_event(event) -def create_pipeline(events_queue): - election = Election(events_queue) +def create_pipeline(events_queue=None): + election = Election(events_queue=events_queue) election_pipeline = Pipeline([ Node(election.check_for_quorum), @@ -98,8 +101,8 @@ def get_changefeed(): return backend.get_changefeed(connection, 'votes', ChangeFeed.INSERT) -def start(events_queue): - pipeline = create_pipeline(events_queue) +def start(events_queue=None): + pipeline = create_pipeline(events_queue=events_queue) pipeline.setup(indata=get_changefeed()) pipeline.start() return pipeline diff --git a/bigchaindb/processes.py b/bigchaindb/processes.py index 687422ca..5194c05a 100644 --- a/bigchaindb/processes.py +++ b/bigchaindb/processes.py @@ -45,7 +45,7 @@ def start(): stale.start() logger.info('Starting election') - election.start(events_queue) + election.start(events_queue=events_queue) # start the web api app_server = server.create_server(bigchaindb.config['server']) diff --git a/tests/test_processes.py b/tests/test_processes.py index bd69d52c..32d784bb 100644 --- a/tests/test_processes.py +++ b/tests/test_processes.py @@ -1,6 +1,6 @@ from unittest.mock import patch -from multiprocessing import Process +from multiprocessing import Process, Queue from bigchaindb.pipelines import vote, block, election, stale @@ -9,14 +9,16 @@ from bigchaindb.pipelines import vote, block, election, stale @patch.object(block, 'start') @patch.object(vote, 'start') @patch.object(Process, 'start') -def test_processes_start(mock_vote, mock_block, mock_election, mock_stale, - mock_process): +def test_processes_start(mock_process, mock_vote, mock_block, mock_election, + mock_stale): from bigchaindb import processes processes.start() mock_vote.assert_called_with() mock_block.assert_called_with() - mock_election.assert_called_with() mock_stale.assert_called_with() mock_process.assert_called_with() + assert mock_election.call_count == 1 + # the events queue is declared inside processes.start() + assert type(mock_election.call_args[1]['events_queue']) == type(Queue()) From 730b7482f6c8df79d30b8de48152770d9596cfdf Mon Sep 17 00:00:00 2001 From: Rodolphe Marques Date: Mon, 3 Apr 2017 14:31:38 +0200 Subject: [PATCH 195/283] cleanup code --- bigchaindb/events.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bigchaindb/events.py b/bigchaindb/events.py index a061ad50..bc448ce3 100644 --- a/bigchaindb/events.py +++ b/bigchaindb/events.py @@ -7,14 +7,14 @@ class EventTypes(Enum): BLOCK_INVALID = 2 -class Event(object): +class Event: def __init__(self, event_type, event_data): self.type = event_type self.data = event_data -class EventHandler(object): +class EventHandler: def __init__(self, events_queue): self.events_queue = events_queue From bcc2e1f781f5c082df091e75ba4aa8ebad7fe20f Mon Sep 17 00:00:00 2001 From: Rodolphe Marques Date: Mon, 3 Apr 2017 14:48:50 +0200 Subject: [PATCH 196/283] fixed pep8 issue --- tests/test_processes.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/test_processes.py b/tests/test_processes.py index 32d784bb..7f8ffcd9 100644 --- a/tests/test_processes.py +++ b/tests/test_processes.py @@ -19,6 +19,5 @@ def test_processes_start(mock_process, mock_vote, mock_block, mock_election, mock_block.assert_called_with() mock_stale.assert_called_with() mock_process.assert_called_with() - assert mock_election.call_count == 1 # the events queue is declared inside processes.start() - assert type(mock_election.call_args[1]['events_queue']) == type(Queue()) + assert mock_election.call_count == 1 From a92c091eeb11b4fd1cc1c20684c10e0e1576392f Mon Sep 17 00:00:00 2001 From: Rodolphe Marques Date: Mon, 3 Apr 2017 14:55:21 +0200 Subject: [PATCH 197/283] fix pep8 issue --- tests/test_processes.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_processes.py b/tests/test_processes.py index 7f8ffcd9..00716010 100644 --- a/tests/test_processes.py +++ b/tests/test_processes.py @@ -1,6 +1,6 @@ from unittest.mock import patch -from multiprocessing import Process, Queue +from multiprocessing import Process from bigchaindb.pipelines import vote, block, election, stale From 64a033b17a49e68b685a386a2ef258290b6c612a Mon Sep 17 00:00:00 2001 From: vrde Date: Mon, 3 Apr 2017 11:48:48 +0200 Subject: [PATCH 198/283] Code cleanup, rename some vars --- bigchaindb/web/websocket_server.py | 60 +++++++++++++++++++----------- 1 file changed, 38 insertions(+), 22 deletions(-) diff --git a/bigchaindb/web/websocket_server.py b/bigchaindb/web/websocket_server.py index 9d8f5ef9..6915d54a 100644 --- a/bigchaindb/web/websocket_server.py +++ b/bigchaindb/web/websocket_server.py @@ -29,15 +29,15 @@ class Dispatcher: self.event_source = event_source self.subscribers = {} - def subscribe(self, uuid, ws): + def subscribe(self, uuid, websocket): """Add a websocket to the list of subscribers. Args: uuid (str): a unique identifier for the websocket. - ws: the websocket to publish information. + websocket: the websocket to publish information. """ - self.subscribers[uuid] = ws + self.subscribers[uuid] = websocket @asyncio.coroutine def publish(self): @@ -47,8 +47,8 @@ class Dispatcher: event = yield from self.event_source.get() if event == POISON_PILL: return - for uuid, ws in self.subscribers.items(): - ws.send_str(event) + for uuid, websocket in self.subscribers.items(): + websocket.send_str(event) @asyncio.coroutine @@ -56,20 +56,20 @@ def websocket_handler(request): """Handle a new socket connection.""" logger.debug('New websocket connection.') - ws = web.WebSocketResponse() - yield from ws.prepare(request) + websocket = web.WebSocketResponse() + yield from websocket.prepare(request) uuid = uuid4() - request.app['dispatcher'].subscribe(uuid, ws) + request.app['dispatcher'].subscribe(uuid, websocket) while True: # Consume input buffer - msg = yield from ws.receive() + msg = yield from websocket.receive() if msg.type == aiohttp.WSMsgType.ERROR: - logger.debug('Websocket exception: {}'.format(ws.exception())) + logger.debug('Websocket exception: %s', websocket.exception()) return -def init_app(event_source, loop=None): +def init_app(event_source, *, loop=None): """Init the application server. Return: @@ -87,17 +87,33 @@ def init_app(event_source, loop=None): return app -@asyncio.coroutine -def constant_event_source(event_source): - while True: - yield from asyncio.sleep(1) - yield from event_source.put('meow') +def start(event_source, *, loop=None): + """Create and start the WebSocket server.""" + + if not loop: + loop = asyncio.get_event_loop() + + app = init_app(event_source, loop=loop) + aiohttp.web.run_app(app, port=9985) + + +def test_websocket_server(): + """Set up a server and output a message every second. + Used for testing purposes.""" + + @asyncio.coroutine + def constant_event_source(event_source): + """Put a message in ``event_source`` every second.""" + + while True: + yield from asyncio.sleep(1) + yield from event_source.put('meow') + + loop = asyncio.get_event_loop() + event_source = asyncio.Queue() + loop.create_task(constant_event_source(event_source)) + start(event_source, loop=loop) if __name__ == '__main__': - loop = asyncio.get_event_loop() - event_source = asyncio.Queue() - - loop.create_task(constant_event_source(event_source)) - app = init_app(event_source, loop=loop) - aiohttp.web.run_app(app, port=9985) + test_websocket_server() From f23faaa65fa1bdbe487266432faea9e4331cecae Mon Sep 17 00:00:00 2001 From: vrde Date: Fri, 7 Apr 2017 09:16:22 +0200 Subject: [PATCH 199/283] Add WebSocket server --- bigchaindb/pipelines/election.py | 2 +- bigchaindb/processes.py | 12 +- bigchaindb/web/views/base.py | 2 +- bigchaindb/web/websocket_server.py | 103 ++++++++++++---- setup.py | 1 + tests/web/test_info.py | 2 +- tests/web/test_websocket_server.py | 183 +++++++++++++++++++++++++---- 7 files changed, 246 insertions(+), 59 deletions(-) diff --git a/bigchaindb/pipelines/election.py b/bigchaindb/pipelines/election.py index 8f3116cc..fc7cb077 100644 --- a/bigchaindb/pipelines/election.py +++ b/bigchaindb/pipelines/election.py @@ -81,7 +81,7 @@ class Election: elif result['status'] == self.bigchain.BLOCK_VALID: event_type = EventTypes.BLOCK_VALID - event = Event(event_type, {'block_id': block_id}) + event = Event(event_type, self.bigchain.get_block(block_id)) self.event_handler.put_event(event) diff --git a/bigchaindb/processes.py b/bigchaindb/processes.py index 5194c05a..205cdd3c 100644 --- a/bigchaindb/processes.py +++ b/bigchaindb/processes.py @@ -3,9 +3,8 @@ import multiprocessing as mp import bigchaindb from bigchaindb.pipelines import vote, block, election, stale -from bigchaindb.pipelines.events_consumer_example import events_consumer from bigchaindb.events import setup_events_queue -from bigchaindb.web import server +from bigchaindb.web import server, websocket_server logger = logging.getLogger(__name__) @@ -52,10 +51,11 @@ def start(): p_webapi = mp.Process(name='webapi', target=app_server.run) p_webapi.start() - # start the example events consumer - logger.info('Starting the events consumer example') - p_events_consumer = events_consumer(events_queue) - p_events_consumer.start() + logger.info('WebSocket server started') + p_websocket_server = mp.Process(name='ws', + target=websocket_server.start, + args=(events_queue,)) + p_websocket_server.start() # start message logger.info(BANNER.format(bigchaindb.config['server']['bind'])) diff --git a/bigchaindb/web/views/base.py b/bigchaindb/web/views/base.py index 5a0ec97b..5ab409b0 100644 --- a/bigchaindb/web/views/base.py +++ b/bigchaindb/web/views/base.py @@ -25,4 +25,4 @@ def base_url(): def base_ws_uri(): """Base websocket uri.""" - return '%s://%s/' % ('ws', request.environ['HTTP_HOST']) + return 'ws://localhost:9985/' diff --git a/bigchaindb/web/websocket_server.py b/bigchaindb/web/websocket_server.py index 6915d54a..dc320754 100644 --- a/bigchaindb/web/websocket_server.py +++ b/bigchaindb/web/websocket_server.py @@ -1,15 +1,64 @@ """WebSocket server for the BigchainDB Event Stream API.""" +# NOTE +# +# This module contains some functions and utilities that might belong to other +# modules. For now, I prefer to keep everything in this module. Why? Because +# those functions are needed only here. +# +# When we will extend this part of the project and we find that we need those +# functionalities elsewhere, we can start creating new modules and organizing +# things in a better way. + + +import json import asyncio import logging +import threading from uuid import uuid4 import aiohttp from aiohttp import web +from bigchaindb.events import EventTypes + logger = logging.getLogger(__name__) POISON_PILL = 'POISON_PILL' +EVENTS_ENDPOINT = '/api/v1/streams/' + + +def _put_into_capped_queue(queue, value): + """Put a new item in a capped queue. + + If the queue reached its limit, get the first element + ready and put the new one. Note that the first element + will be lost (that's the purpose of a capped queue). + + Args: + queue: a queue + value: the value to put + """ + while True: + try: + queue.put_nowait(value) + return + except asyncio.QueueFull: + queue.get_nowait() + + +def _multiprocessing_to_asyncio(in_queue, out_queue, loop): + """Bridge between a synchronous multiprocessing queue + and an asynchronous asyncio queue. + + Args: + in_queue (multiprocessing.Queue): input queue + out_queue (asyncio.Queue): output queue + """ + + while True: + value = in_queue.get() + loop.call_soon_threadsafe(_put_into_capped_queue, out_queue, value) class Dispatcher: @@ -45,10 +94,27 @@ class Dispatcher: while True: event = yield from self.event_source.get() + str_buffer = [] + if event == POISON_PILL: return - for uuid, websocket in self.subscribers.items(): - websocket.send_str(event) + + if isinstance(event, str): + str_buffer.append(event) + + elif event.type == EventTypes.BLOCK_VALID: + block = event.data + + for tx in block['block']['transactions']: + asset_id = tx['id'] if tx['operation'] == 'CREATE' else tx['asset']['id'] + data = {'blockid': block['id'], + 'assetid': asset_id, + 'txid': tx['id']} + str_buffer.append(json.dumps(data)) + + for _, websocket in self.subscribers.items(): + for str_item in str_buffer: + websocket.send_str(str_item) @asyncio.coroutine @@ -83,37 +149,22 @@ def init_app(event_source, *, loop=None): app = web.Application(loop=loop) app['dispatcher'] = dispatcher - app.router.add_get('/', websocket_handler) + app.router.add_get(EVENTS_ENDPOINT, websocket_handler) return app -def start(event_source, *, loop=None): +def start(sync_event_source, loop=None): """Create and start the WebSocket server.""" if not loop: loop = asyncio.get_event_loop() + event_source = asyncio.Queue(maxsize=1024, loop=loop) + + bridge = threading.Thread(target=_multiprocessing_to_asyncio, + args=(sync_event_source, event_source, loop), + daemon=True) + bridge.start() + app = init_app(event_source, loop=loop) aiohttp.web.run_app(app, port=9985) - - -def test_websocket_server(): - """Set up a server and output a message every second. - Used for testing purposes.""" - - @asyncio.coroutine - def constant_event_source(event_source): - """Put a message in ``event_source`` every second.""" - - while True: - yield from asyncio.sleep(1) - yield from event_source.put('meow') - - loop = asyncio.get_event_loop() - event_source = asyncio.Queue() - loop.create_task(constant_event_source(event_source)) - start(event_source, loop=loop) - - -if __name__ == '__main__': - test_websocket_server() diff --git a/setup.py b/setup.py index ee8871d4..45d6f04f 100644 --- a/setup.py +++ b/setup.py @@ -77,6 +77,7 @@ install_requires = [ 'multipipes~=0.1.0', 'jsonschema~=2.5.1', 'pyyaml~=3.12', + 'aiohttp~=2.0', ] setup( diff --git a/tests/web/test_info.py b/tests/web/test_info.py index 93e14cbd..4dc60168 100644 --- a/tests/web/test_info.py +++ b/tests/web/test_info.py @@ -31,6 +31,6 @@ def test_api_v1_endpoint(client): 'self': 'http://localhost/api/v1/', 'statuses': 'http://localhost/api/v1/statuses/', 'transactions': 'http://localhost/api/v1/transactions/', - 'streams_v1': 'ws://localhost/api/v1/streams/', + 'streams_v1': 'ws://localhost:9985/api/v1/streams/', } } diff --git a/tests/web/test_websocket_server.py b/tests/web/test_websocket_server.py index 382a20f0..b205fb25 100644 --- a/tests/web/test_websocket_server.py +++ b/tests/web/test_websocket_server.py @@ -1,6 +1,23 @@ +import json +import random + import pytest import asyncio +from bigchaindb.models import Transaction + + +def create_block(b, total=1): + transactions = [ + Transaction.create( + [b.me], + [([b.me], 1)], + metadata={'msg': random.random()}, + ).sign([b.me_private]) + for _ in range(total) + ] + return b.create_block(transactions) + class MockWebSocket: def __init__(self): @@ -11,39 +28,100 @@ class MockWebSocket: @asyncio.coroutine -@pytest.mark.skipif(reason='This test raises a RuntimeError, dunno how to solve it now.') -def test_dispatcher(loop): - from bigchaindb.web.websocket_server import Dispatcher, POISON_PILL +def test_bridge_sync_async_queue(loop): + import queue + import threading + from bigchaindb.web.websocket_server import _multiprocessing_to_asyncio - ws0 = MockWebSocket() - ws1 = MockWebSocket() + sync_queue = queue.Queue() + async_queue = asyncio.Queue(loop=loop) - event_source = asyncio.Queue(loop=loop) - dispatcher = Dispatcher(event_source) + bridge = threading.Thread(target=_multiprocessing_to_asyncio, + args=(sync_queue, async_queue, loop), + daemon=True) + bridge.start() - dispatcher.subscribe(0, ws0) - dispatcher.subscribe(1, ws1) + sync_queue.put('fahren') + sync_queue.put('auf') + sync_queue.put('der') + sync_queue.put('Autobahn') - yield from event_source.put('hack') - yield from event_source.put('the') + result = yield from async_queue.get() + assert result == 'fahren' - yield from event_source.put('planet!') - yield from event_source.put(POISON_PILL) + result = yield from async_queue.get() + assert result == 'auf' - loop.run_until_complete(dispatcher.publish()) + result = yield from async_queue.get() + assert result == 'der' - assert ws0.received == ['hack', 'the', 'planet!'] - assert ws1.received == ['planet!'] + result = yield from async_queue.get() + assert result == 'Autobahn' + + assert async_queue.qsize() == 0 @asyncio.coroutine -def test_websocket(test_client, loop): - from bigchaindb.web.websocket_server import init_app, POISON_PILL +def test_put_into_capped_queue(loop): + from bigchaindb.web.websocket_server import _put_into_capped_queue + q = asyncio.Queue(maxsize=2, loop=loop) + + _put_into_capped_queue(q, 'Friday') + assert q._queue[0] == 'Friday' + + _put_into_capped_queue(q, "I'm") + assert q._queue[0] == 'Friday' + assert q._queue[1] == "I'm" + + _put_into_capped_queue(q, 'in') + assert q._queue[0] == "I'm" + assert q._queue[1] == 'in' + + _put_into_capped_queue(q, 'love') + assert q._queue[0] == 'in' + assert q._queue[1] == 'love' + + +@asyncio.coroutine +def test_capped_queue(loop): + import queue + import threading + import time + from bigchaindb.web.websocket_server import _multiprocessing_to_asyncio + + sync_queue = queue.Queue() + async_queue = asyncio.Queue(maxsize=2, loop=loop) + + bridge = threading.Thread(target=_multiprocessing_to_asyncio, + args=(sync_queue, async_queue, loop), + daemon=True) + bridge.start() + + sync_queue.put('we') + sync_queue.put('are') + sync_queue.put('the') + sync_queue.put('robots') + + # Wait until the thread processes all the items + time.sleep(1) + + result = yield from async_queue.get() + assert result == 'the' + + result = yield from async_queue.get() + assert result == 'robots' + + assert async_queue.qsize() == 0 + + +@asyncio.coroutine +def test_websocket_string_event(test_client, loop): + from bigchaindb.web.websocket_server import init_app, POISON_PILL, EVENTS_ENDPOINT event_source = asyncio.Queue(loop=loop) app = init_app(event_source, loop=loop) client = yield from test_client(app) - ws = yield from client.ws_connect('/') + ws = yield from client.ws_connect(EVENTS_ENDPOINT) yield from event_source.put('hack') yield from event_source.put('the') @@ -62,15 +140,72 @@ def test_websocket(test_client, loop): @asyncio.coroutine -@pytest.mark.skipif(reason="Still don't understand how to trigger custom errors.") -def test_websocket_error(test_client, loop): - from bigchaindb.web.websocket_server import init_app, POISON_PILL +def test_websocket_block_event(b, test_client, loop): + from bigchaindb import events + from bigchaindb.web.websocket_server import init_app, POISON_PILL, EVENTS_ENDPOINT event_source = asyncio.Queue(loop=loop) app = init_app(event_source, loop=loop) client = yield from test_client(app) - ws = yield from client.ws_connect('/') + ws = yield from client.ws_connect(EVENTS_ENDPOINT) + block = create_block(b, 10).to_dict() + block_event = events.Event(events.EventTypes.BLOCK_VALID, block) - yield from ws.close() + yield from event_source.put(block_event) + + for tx in block['block']['transactions']: + result = yield from ws.receive() + json_result = json.loads(result.data) + assert json_result['txid'] == tx['id'] + # Since the transactions are all CREATEs, asset id == transaction id + assert json_result['assetid'] == tx['id'] + assert json_result['blockid'] == block['id'] yield from event_source.put(POISON_PILL) + + +@pytest.mark.skip('Processes are not stopping properly, and the whole test suite would hang') +@pytest.mark.genesis +def test_integration_from_webapi_to_websocket(monkeypatch, client, loop): + # XXX: I think that the `pytest-aiohttp` plugin is sparkling too much + # magic in the `asyncio` module: running this test without monkey-patching + # `asycio.get_event_loop` (and without the `loop` fixture) raises a: + # RuntimeError: There is no current event loop in thread 'MainThread'. + # + # That's pretty weird because this test doesn't use the pytest-aiohttp + # plugin explicitely. + monkeypatch.setattr('asyncio.get_event_loop', lambda: loop) + + import json + import random + import aiohttp + + from bigchaindb.common import crypto + from bigchaindb import processes + from bigchaindb.models import Transaction + + # Start BigchainDB + processes.start() + + loop = asyncio.get_event_loop() + + import time + time.sleep(1) + + ws_url = client.get('http://localhost:9984/api/v1/').json['_links']['streams_v1'] + + # Connect to the WebSocket endpoint + session = aiohttp.ClientSession() + ws = loop.run_until_complete(session.ws_connect(ws_url)) + + # Create a keypair and generate a new asset + user_priv, user_pub = crypto.generate_key_pair() + asset = {'random': random.random()} + tx = Transaction.create([user_pub], [([user_pub], 1)], asset=asset) + tx = tx.sign([user_priv]) + # Post the transaction to the BigchainDB Web API + client.post('/api/v1/transactions/', data=json.dumps(tx.to_dict())) + + result = loop.run_until_complete(ws.receive()) + json_result = json.loads(result.data) + assert json_result['txid'] == tx.id From cf006e34a5135ef433b204530abd1c5a1d605003 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Thu, 6 Apr 2017 15:58:41 +0200 Subject: [PATCH 200/283] Make the keyword argument a keyword-only argument As per PEP 3102. This helps making the code clearer. --- bigchaindb/web/server.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bigchaindb/web/server.py b/bigchaindb/web/server.py index b1525f9f..6604a177 100644 --- a/bigchaindb/web/server.py +++ b/bigchaindb/web/server.py @@ -22,7 +22,7 @@ class StandaloneApplication(gunicorn.app.base.BaseApplication): - http://docs.gunicorn.org/en/latest/custom.html """ - def __init__(self, app, options=None): + def __init__(self, app, *, options=None): '''Initialize a new standalone application. Args: @@ -91,5 +91,5 @@ def create_server(settings): settings['logger_class'] = 'bigchaindb.log.loggers.HttpServerLogger' app = create_app(debug=settings.get('debug', False), threads=settings['threads']) - standalone = StandaloneApplication(app, settings) + standalone = StandaloneApplication(app, options=settings) return standalone From c64a35c362c2dd71fddbeb59c7fcfc24e88cf66b Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Thu, 6 Apr 2017 16:01:42 +0200 Subject: [PATCH 201/283] Use new super syntax as per PEP 3135 --- bigchaindb/web/server.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bigchaindb/web/server.py b/bigchaindb/web/server.py index 6604a177..46495368 100644 --- a/bigchaindb/web/server.py +++ b/bigchaindb/web/server.py @@ -32,7 +32,7 @@ class StandaloneApplication(gunicorn.app.base.BaseApplication): ''' self.options = options or {} self.application = app - super(StandaloneApplication, self).__init__() + super().__init__() def load_config(self): config = dict((key, value) for key, value in self.options.items() From d260e16f117a2bfc75a0fc7f03b325e802978ba2 Mon Sep 17 00:00:00 2001 From: vrde Date: Fri, 7 Apr 2017 10:51:00 +0200 Subject: [PATCH 202/283] Add configuration for websocket server --- bigchaindb/__init__.py | 4 ++++ bigchaindb/commands/bigchaindb.py | 4 ++++ bigchaindb/web/views/base.py | 5 ++++- bigchaindb/web/websocket_server.py | 5 ++++- 4 files changed, 16 insertions(+), 2 deletions(-) diff --git a/bigchaindb/__init__.py b/bigchaindb/__init__.py index 4c555e47..98e6b27b 100644 --- a/bigchaindb/__init__.py +++ b/bigchaindb/__init__.py @@ -59,6 +59,10 @@ config = { 'workers': None, # if none, the value will be cpu_count * 2 + 1 'threads': None, # if none, the value will be cpu_count * 2 + 1 }, + 'wsserver': { + 'host': os.environ.get('BIGCHAINDB_WSSERVER_HOST') or 'localhost', + 'port': int(os.environ.get('BIGCHAINDB_WSSERVER_PORT', 9985)), + }, 'database': _database_map[ os.environ.get('BIGCHAINDB_DATABASE_BACKEND', 'rethinkdb') ], diff --git a/bigchaindb/commands/bigchaindb.py b/bigchaindb/commands/bigchaindb.py index d4e37daa..a46019da 100644 --- a/bigchaindb/commands/bigchaindb.py +++ b/bigchaindb/commands/bigchaindb.py @@ -96,6 +96,10 @@ def run_configure(args, skip_if_exists=False): val = conf['server'][key] conf['server'][key] = input_on_stderr('API Server {}? (default `{}`): '.format(key, val), val) + for key in ('host', 'port'): + val = conf['wsserver'][key] + conf['wsserver'][key] = input_on_stderr('WebSocket Server {}? (default `{}`): '.format(key, val), val) + for key in database_keys: val = conf['database'][key] conf['database'][key] = input_on_stderr('Database {}? (default `{}`): '.format(key, val), val) diff --git a/bigchaindb/web/views/base.py b/bigchaindb/web/views/base.py index 5ab409b0..7b12c5bb 100644 --- a/bigchaindb/web/views/base.py +++ b/bigchaindb/web/views/base.py @@ -5,6 +5,9 @@ import logging from flask import jsonify, request +from bigchaindb import config + + logger = logging.getLogger(__name__) @@ -25,4 +28,4 @@ def base_url(): def base_ws_uri(): """Base websocket uri.""" - return 'ws://localhost:9985/' + return 'ws://{host}:{port}/'.format(**config['wsserver']) diff --git a/bigchaindb/web/websocket_server.py b/bigchaindb/web/websocket_server.py index dc320754..dad06b94 100644 --- a/bigchaindb/web/websocket_server.py +++ b/bigchaindb/web/websocket_server.py @@ -20,6 +20,7 @@ from uuid import uuid4 import aiohttp from aiohttp import web +from bigchaindb import config from bigchaindb.events import EventTypes @@ -167,4 +168,6 @@ def start(sync_event_source, loop=None): bridge.start() app = init_app(event_source, loop=loop) - aiohttp.web.run_app(app, port=9985) + aiohttp.web.run_app(app, + host=config['wsserver']['host'], + port=config['wsserver']['port']) From be763022ad7c448cdee4629e9e5f4565d35bd7ce Mon Sep 17 00:00:00 2001 From: vrde Date: Fri, 7 Apr 2017 14:07:05 +0200 Subject: [PATCH 203/283] Update documentation (tnx @ttmc) --- docs/server/source/drivers-clients/index.rst | 1 - docs/server/source/index.rst | 1 + .../{drivers-clients => }/websocket-event-stream-api.rst | 3 --- 3 files changed, 1 insertion(+), 4 deletions(-) rename docs/server/source/{drivers-clients => }/websocket-event-stream-api.rst (97%) diff --git a/docs/server/source/drivers-clients/index.rst b/docs/server/source/drivers-clients/index.rst index 704832c0..18894f60 100644 --- a/docs/server/source/drivers-clients/index.rst +++ b/docs/server/source/drivers-clients/index.rst @@ -15,7 +15,6 @@ community projects listed below. :maxdepth: 1 http-client-server-api - websocket-event-stream-api The Python Driver Transaction CLI diff --git a/docs/server/source/index.rst b/docs/server/source/index.rst index 6ac4b9f5..7a458934 100644 --- a/docs/server/source/index.rst +++ b/docs/server/source/index.rst @@ -11,6 +11,7 @@ BigchainDB Server Documentation nodes/index dev-and-test/index server-reference/index + websocket-event-stream-api drivers-clients/index clusters-feds/index data-models/index diff --git a/docs/server/source/drivers-clients/websocket-event-stream-api.rst b/docs/server/source/websocket-event-stream-api.rst similarity index 97% rename from docs/server/source/drivers-clients/websocket-event-stream-api.rst rename to docs/server/source/websocket-event-stream-api.rst index 22effbc1..88efb7bb 100644 --- a/docs/server/source/drivers-clients/websocket-event-stream-api.rst +++ b/docs/server/source/websocket-event-stream-api.rst @@ -1,9 +1,6 @@ The WebSocket Event Stream API ============================== -.. important:: - This is currently scheduled to be implemented in BigchainDB Server 0.10. - BigchainDB provides real-time event streams over the WebSocket protocol with the Event Stream API. From aeb8827e30bd313eee756b88318c6c5f69654d19 Mon Sep 17 00:00:00 2001 From: vrde Date: Fri, 7 Apr 2017 14:07:24 +0200 Subject: [PATCH 204/283] Use try..except..else --- bigchaindb/web/websocket_server.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bigchaindb/web/websocket_server.py b/bigchaindb/web/websocket_server.py index dad06b94..a725f9ee 100644 --- a/bigchaindb/web/websocket_server.py +++ b/bigchaindb/web/websocket_server.py @@ -43,9 +43,10 @@ def _put_into_capped_queue(queue, value): while True: try: queue.put_nowait(value) - return except asyncio.QueueFull: queue.get_nowait() + else: + return def _multiprocessing_to_asyncio(in_queue, out_queue, loop): From be3f62dd108f021ce64d8623ba3dad3aefbd9cd3 Mon Sep 17 00:00:00 2001 From: vrde Date: Fri, 7 Apr 2017 14:57:11 +0200 Subject: [PATCH 205/283] Update endpoints and docs --- bigchaindb/web/views/base.py | 2 +- bigchaindb/web/views/info.py | 5 +++-- bigchaindb/web/websocket_server.py | 2 +- docs/server/source/websocket-event-stream-api.rst | 7 ++++++- tests/test_config_utils.py | 8 ++++++++ tests/web/test_info.py | 2 +- 6 files changed, 20 insertions(+), 6 deletions(-) diff --git a/bigchaindb/web/views/base.py b/bigchaindb/web/views/base.py index 7b12c5bb..0c226d7d 100644 --- a/bigchaindb/web/views/base.py +++ b/bigchaindb/web/views/base.py @@ -28,4 +28,4 @@ def base_url(): def base_ws_uri(): """Base websocket uri.""" - return 'ws://{host}:{port}/'.format(**config['wsserver']) + return 'ws://{host}:{port}'.format(**config['wsserver']) diff --git a/bigchaindb/web/views/info.py b/bigchaindb/web/views/info.py index b35c6378..9b084ac5 100644 --- a/bigchaindb/web/views/info.py +++ b/bigchaindb/web/views/info.py @@ -6,6 +6,7 @@ from flask_restful import Resource import bigchaindb from bigchaindb.web.views.base import base_url, base_ws_uri from bigchaindb import version +from bigchaindb.web.websocket_server import EVENTS_ENDPOINT class RootIndex(Resource): @@ -30,7 +31,7 @@ class RootIndex(Resource): class ApiV1Index(Resource): def get(self): api_root = base_url() + 'api/v1/' - websocket_root = base_ws_uri() + 'api/v1/' + websocket_root = base_ws_uri() + EVENTS_ENDPOINT docs_url = [ 'https://docs.bigchaindb.com/projects/server/en/v', version.__version__, @@ -43,6 +44,6 @@ class ApiV1Index(Resource): 'statuses': api_root + 'statuses/', 'transactions': api_root + 'transactions/', # TODO: The version should probably not be hardcoded - 'streams_v1': websocket_root + 'streams/', + 'streams_v1': websocket_root, }, }) diff --git a/bigchaindb/web/websocket_server.py b/bigchaindb/web/websocket_server.py index a725f9ee..ae7d6da2 100644 --- a/bigchaindb/web/websocket_server.py +++ b/bigchaindb/web/websocket_server.py @@ -26,7 +26,7 @@ from bigchaindb.events import EventTypes logger = logging.getLogger(__name__) POISON_PILL = 'POISON_PILL' -EVENTS_ENDPOINT = '/api/v1/streams/' +EVENTS_ENDPOINT = '/api/v1/streams/valid_tx' def _put_into_capped_queue(queue, value): diff --git a/docs/server/source/websocket-event-stream-api.rst b/docs/server/source/websocket-event-stream-api.rst index 88efb7bb..1dedc45f 100644 --- a/docs/server/source/websocket-event-stream-api.rst +++ b/docs/server/source/websocket-event-stream-api.rst @@ -1,6 +1,11 @@ The WebSocket Event Stream API ============================== +.. important:: + The WebSocket Event Stream runs on a different port than the Web API. The + default port for the Web API is `9984`, while the one for the Event Stream + is `9985`. + BigchainDB provides real-time event streams over the WebSocket protocol with the Event Stream API. @@ -25,7 +30,7 @@ response contains a ``streams_`` property in ``_links``:: { "_links": { - "streams_v1": "ws://example.com:9984/api/v1/streams/" + "streams_v1": "ws://example.com:9985/api/v1/streams/" } } diff --git a/tests/test_config_utils.py b/tests/test_config_utils.py index 04c70325..7ee74432 100644 --- a/tests/test_config_utils.py +++ b/tests/test_config_utils.py @@ -144,6 +144,8 @@ def test_autoconfigure_read_both_from_file_and_env(monkeypatch, request): DATABASE_PORT = 4242 DATABASE_BACKEND = request.config.getoption('--database-backend') SERVER_BIND = '1.2.3.4:56' + WSSERVER_HOST = '1.2.3.4' + WSSERVER_PORT = 57 KEYRING = 'pubkey_0:pubkey_1:pubkey_2' file_config = { @@ -157,6 +159,8 @@ def test_autoconfigure_read_both_from_file_and_env(monkeypatch, request): 'BIGCHAINDB_DATABASE_PORT': str(DATABASE_PORT), 'BIGCHAINDB_DATABASE_BACKEND': DATABASE_BACKEND, 'BIGCHAINDB_SERVER_BIND': SERVER_BIND, + 'BIGCHAINDB_WSSERVER_HOST': WSSERVER_HOST, + 'BIGCHAINDB_WSSERVER_PORT': WSSERVER_PORT, 'BIGCHAINDB_KEYRING': KEYRING}) import bigchaindb @@ -198,6 +202,10 @@ def test_autoconfigure_read_both_from_file_and_env(monkeypatch, request): 'workers': None, 'threads': None, }, + 'wsserver': { + 'host': WSSERVER_HOST, + 'port': WSSERVER_PORT, + }, 'database': database, 'keypair': { 'public': None, diff --git a/tests/web/test_info.py b/tests/web/test_info.py index 4dc60168..eeb80f78 100644 --- a/tests/web/test_info.py +++ b/tests/web/test_info.py @@ -31,6 +31,6 @@ def test_api_v1_endpoint(client): 'self': 'http://localhost/api/v1/', 'statuses': 'http://localhost/api/v1/statuses/', 'transactions': 'http://localhost/api/v1/transactions/', - 'streams_v1': 'ws://localhost:9985/api/v1/streams/', + 'streams_v1': 'ws://localhost:9985/api/v1/streams/valid_tx', } } From da29bbc605caeb2f0ea9ab1ef712176b73c0ecee Mon Sep 17 00:00:00 2001 From: Rodolphe Marques Date: Fri, 7 Apr 2017 15:02:49 +0200 Subject: [PATCH 206/283] added tests for the events --- .../pipelines/events_consumer_example.py | 14 ----------- tests/pipelines/test_election.py | 24 +++++++++++++++++++ tests/test_events.py | 21 ++++++++++++++++ 3 files changed, 45 insertions(+), 14 deletions(-) delete mode 100644 bigchaindb/pipelines/events_consumer_example.py create mode 100644 tests/test_events.py diff --git a/bigchaindb/pipelines/events_consumer_example.py b/bigchaindb/pipelines/events_consumer_example.py deleted file mode 100644 index 7e833c82..00000000 --- a/bigchaindb/pipelines/events_consumer_example.py +++ /dev/null @@ -1,14 +0,0 @@ -import multiprocessing as mp - -from bigchaindb.events import EventHandler - - -def consume_events(events_queue): - event_handler = EventHandler(events_queue) - while True: - event = event_handler.get_event() - print('Event type: {} Event data: {}'.format(event.type, event.data)) - - -def events_consumer(events_queue): - return mp.Process(target=consume_events, args=(events_queue,)) diff --git a/tests/pipelines/test_election.py b/tests/pipelines/test_election.py index 3127dcaf..c3254601 100644 --- a/tests/pipelines/test_election.py +++ b/tests/pipelines/test_election.py @@ -199,3 +199,27 @@ def test_full_pipeline(b, user_pk): tx_from_block = set([tx.id for tx in invalid_block.transactions]) tx_from_backlog = set([tx['id'] for tx in list(query.get_stale_transactions(b.connection, 0))]) assert tx_from_block == tx_from_backlog + + +def test_handle_block_events(): + from bigchaindb.events import setup_events_queue, EventTypes + + events_queue = setup_events_queue() + e = election.Election(events_queue=events_queue) + block_id = 'a' * 64 + + assert events_queue.qsize() == 0 + + # no event should be emited in case a block is undecided + e.handle_block_events({'status': Bigchain.BLOCK_UNDECIDED}, block_id) + assert events_queue.qsize() == 0 + + # put an invalid block event in the queue + e.handle_block_events({'status': Bigchain.BLOCK_INVALID}, block_id) + event = e.event_handler.get_event() + assert event.type == EventTypes.BLOCK_INVALID + + # put an valid block event in the queue + e.handle_block_events({'status': Bigchain.BLOCK_VALID}, block_id) + event = e.event_handler.get_event() + assert event.type == EventTypes.BLOCK_VALID diff --git a/tests/test_events.py b/tests/test_events.py new file mode 100644 index 00000000..22369b51 --- /dev/null +++ b/tests/test_events.py @@ -0,0 +1,21 @@ +def tests_event_handler(): + from bigchaindb.events import (EventTypes, Event, EventHandler, + setup_events_queue) + + # create and event + event_data = {'msg': 'some data'} + event = Event(EventTypes.BLOCK_VALID, event_data) + # create the events queue + events_queue = setup_events_queue() + + # create event handler + event_handler = EventHandler(events_queue) + + # push and event to the queue + event_handler.put_event(event) + + # get the event from the queue + event_from_queue = event_handler.get_event() + + assert event_from_queue.type == event.type + assert event_from_queue.data == event.data From 85d5d085067ccc96c616bf7f3234a5aa1be61996 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Fri, 7 Apr 2017 15:40:17 +0200 Subject: [PATCH 207/283] Add tip on upgrading to CONTRIBUTING.md --- CONTRIBUTING.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index eedb866a..840a0895 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -145,6 +145,13 @@ Once you accept and submit the CLA, we'll email you with further instructions. ( Someone will then merge your branch or suggest changes. If we suggest changes, you won't have to open a new pull request, you can just push new code to the same branch (on `origin`) as you did before creating the pull request. +### Tip: Upgrading All BigchainDB Dependencies + +Over time, your versions of the Python packages used by BigchainDB will get out of date. You can upgrade them using: +```text +pip install --upgrade -e .[dev] +``` + ## Quick Links * [BigchainDB Community links](https://www.bigchaindb.com/community) From b4988b29e3cacbfcb6376c7225009100362af12c Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Mon, 10 Apr 2017 13:58:58 +0200 Subject: [PATCH 208/283] Moved HTTP API docs to a top-level section --- .gitignore | 2 +- .../generate_http_server_api_documentation.py | 2 +- docs/server/source/drivers-clients/index.rst | 3 +- .../http-client-server-api.rst | 38 +++++++++---------- docs/server/source/index.rst | 1 + 5 files changed, 23 insertions(+), 23 deletions(-) rename docs/server/source/{drivers-clients => }/http-client-server-api.rst (92%) diff --git a/.gitignore b/.gitignore index 7aba48d1..20d71296 100644 --- a/.gitignore +++ b/.gitignore @@ -78,7 +78,7 @@ ntools/one-m/ansible/ansible.cfg # Just in time documentation docs/server/source/schema -docs/server/source/drivers-clients/samples +docs/server/source/http-samples # Terraform state files # See https://stackoverflow.com/a/41482391 diff --git a/docs/server/generate_http_server_api_documentation.py b/docs/server/generate_http_server_api_documentation.py index ba082ba3..731bee2c 100644 --- a/docs/server/generate_http_server_api_documentation.py +++ b/docs/server/generate_http_server_api_documentation.py @@ -269,7 +269,7 @@ def main(): ctx['block_list'] = pretty_json(block_list) base_path = os.path.join(os.path.dirname(__file__), - 'source/drivers-clients/samples') + 'source/http-samples') if not os.path.exists(base_path): os.makedirs(base_path) diff --git a/docs/server/source/drivers-clients/index.rst b/docs/server/source/drivers-clients/index.rst index 704832c0..6eabb429 100644 --- a/docs/server/source/drivers-clients/index.rst +++ b/docs/server/source/drivers-clients/index.rst @@ -14,13 +14,12 @@ community projects listed below. .. toctree:: :maxdepth: 1 - http-client-server-api websocket-event-stream-api The Python Driver Transaction CLI -Community Driven Libraries and Tools +Community-Driven Libraries and Tools ------------------------------------ Please note that some of these projects may be work in progress, but may nevertheless be very useful. diff --git a/docs/server/source/drivers-clients/http-client-server-api.rst b/docs/server/source/http-client-server-api.rst similarity index 92% rename from docs/server/source/drivers-clients/http-client-server-api.rst rename to docs/server/source/http-client-server-api.rst index 39e4395e..957e6c8e 100644 --- a/docs/server/source/drivers-clients/http-client-server-api.rst +++ b/docs/server/source/http-client-server-api.rst @@ -22,7 +22,7 @@ or ``https://example.com:9984`` then you should get an HTTP response with something like the following in the body: -.. literalinclude:: samples/index-response.http +.. literalinclude:: http-samples/index-response.http :language: http @@ -35,7 +35,7 @@ or ``https://example.com:9984/api/v1/``, then you should get an HTTP response that allows you to discover the BigchainDB API endpoints: -.. literalinclude:: samples/api-index-response.http +.. literalinclude:: http-samples/api-index-response.http :language: http @@ -58,12 +58,12 @@ Transactions **Example request**: - .. literalinclude:: samples/get-tx-id-request.http + .. literalinclude:: http-samples/get-tx-id-request.http :language: http **Example response**: - .. literalinclude:: samples/get-tx-id-response.http + .. literalinclude:: http-samples/get-tx-id-response.http :language: http :resheader Content-Type: ``application/json`` @@ -110,12 +110,12 @@ Transactions **Example request**: - .. literalinclude:: samples/get-tx-by-asset-request.http + .. literalinclude:: http-samples/get-tx-by-asset-request.http :language: http **Example response**: - .. literalinclude:: samples/get-tx-by-asset-response.http + .. literalinclude:: http-samples/get-tx-by-asset-response.http :language: http :resheader Content-Type: ``application/json`` @@ -139,12 +139,12 @@ Transactions **Example request**: - .. literalinclude:: samples/post-tx-request.http + .. literalinclude:: http-samples/post-tx-request.http :language: http **Example response**: - .. literalinclude:: samples/post-tx-response.http + .. literalinclude:: http-samples/post-tx-response.http :language: http :resheader Content-Type: ``application/json`` @@ -227,12 +227,12 @@ Statuses **Example request**: - .. literalinclude:: samples/get-statuses-tx-request.http + .. literalinclude:: http-samples/get-statuses-tx-request.http :language: http **Example response**: - .. literalinclude:: samples/get-statuses-tx-valid-response.http + .. literalinclude:: http-samples/get-statuses-tx-valid-response.http :language: http :resheader Content-Type: ``application/json`` @@ -250,17 +250,17 @@ Statuses **Example request**: - .. literalinclude:: samples/get-statuses-block-request.http + .. literalinclude:: http-samples/get-statuses-block-request.http :language: http **Example response**: - .. literalinclude:: samples/get-statuses-block-invalid-response.http + .. literalinclude:: http-samples/get-statuses-block-invalid-response.http :language: http **Example response**: - .. literalinclude:: samples/get-statuses-block-valid-response.http + .. literalinclude:: http-samples/get-statuses-block-valid-response.http :language: http :resheader Content-Type: ``application/json`` @@ -298,12 +298,12 @@ Blocks **Example request**: - .. literalinclude:: samples/get-block-request.http + .. literalinclude:: http-samples/get-block-request.http :language: http **Example response**: - .. literalinclude:: samples/get-block-response.http + .. literalinclude:: http-samples/get-block-response.http :language: http @@ -353,12 +353,12 @@ Blocks **Example request**: - .. literalinclude:: samples/get-block-txid-request.http + .. literalinclude:: http-samples/get-block-txid-request.http :language: http **Example response**: - .. literalinclude:: samples/get-block-txid-response.http + .. literalinclude:: http-samples/get-block-txid-response.http :language: http :resheader Content-Type: ``application/json`` @@ -384,12 +384,12 @@ Votes **Example request**: - .. literalinclude:: samples/get-vote-request.http + .. literalinclude:: http-samples/get-vote-request.http :language: http **Example response**: - .. literalinclude:: samples/get-vote-response.http + .. literalinclude:: http-samples/get-vote-response.http :language: http :resheader Content-Type: ``application/json`` diff --git a/docs/server/source/index.rst b/docs/server/source/index.rst index 6ac4b9f5..018ad329 100644 --- a/docs/server/source/index.rst +++ b/docs/server/source/index.rst @@ -11,6 +11,7 @@ BigchainDB Server Documentation nodes/index dev-and-test/index server-reference/index + http-client-server-api drivers-clients/index clusters-feds/index data-models/index From 8964ba33b406dbaee3bd0effb4d5e3d6f88fa1b2 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Mon, 10 Apr 2017 15:14:18 +0200 Subject: [PATCH 209/283] updated links to the HTTP API docs in this repo --- bigchaindb/web/views/blocks.py | 4 +--- bigchaindb/web/views/info.py | 2 +- bigchaindb/web/views/statuses.py | 4 +--- bigchaindb/web/views/transactions.py | 4 +--- bigchaindb/web/views/votes.py | 4 +--- docs/root/source/index.rst | 2 +- docs/server/source/server-reference/configuration.md | 2 +- tests/web/test_info.py | 2 +- 8 files changed, 8 insertions(+), 16 deletions(-) diff --git a/bigchaindb/web/views/blocks.py b/bigchaindb/web/views/blocks.py index 7e840fe5..1ea1a28f 100644 --- a/bigchaindb/web/views/blocks.py +++ b/bigchaindb/web/views/blocks.py @@ -1,8 +1,6 @@ """This module provides the blueprint for the blocks API endpoints. -For more information please refer to the documentation on ReadTheDocs: - - https://docs.bigchaindb.com/projects/server/en/latest/drivers-clients/ - http-client-server-api.html +For more information please refer to the documentation: http://bigchaindb.com/http-api """ from flask import current_app from flask_restful import Resource, reqparse diff --git a/bigchaindb/web/views/info.py b/bigchaindb/web/views/info.py index 04a15749..02232d19 100644 --- a/bigchaindb/web/views/info.py +++ b/bigchaindb/web/views/info.py @@ -33,7 +33,7 @@ class ApiV1Index(Resource): docs_url = [ 'https://docs.bigchaindb.com/projects/server/en/v', version.__version__, - '/drivers-clients/http-client-server-api.html', + '/http-client-server-api.html', ] return { '_links': { diff --git a/bigchaindb/web/views/statuses.py b/bigchaindb/web/views/statuses.py index 39f880b1..a8186146 100644 --- a/bigchaindb/web/views/statuses.py +++ b/bigchaindb/web/views/statuses.py @@ -1,8 +1,6 @@ """This module provides the blueprint for the statuses API endpoints. -For more information please refer to the documentation on ReadTheDocs: - - https://docs.bigchaindb.com/projects/server/en/latest/drivers-clients/ - http-client-server-api.html +For more information please refer to the documentation: http://bigchaindb.com/http-api """ from flask import current_app from flask_restful import Resource, reqparse diff --git a/bigchaindb/web/views/transactions.py b/bigchaindb/web/views/transactions.py index 925aed7a..9f024f54 100644 --- a/bigchaindb/web/views/transactions.py +++ b/bigchaindb/web/views/transactions.py @@ -1,8 +1,6 @@ """This module provides the blueprint for some basic API endpoints. -For more information please refer to the documentation on ReadTheDocs: - - https://docs.bigchaindb.com/projects/server/en/latest/drivers-clients/ - http-client-server-api.html +For more information please refer to the documentation: http://bigchaindb.com/http-api """ import logging diff --git a/bigchaindb/web/views/votes.py b/bigchaindb/web/views/votes.py index 68265b40..45a86812 100644 --- a/bigchaindb/web/views/votes.py +++ b/bigchaindb/web/views/votes.py @@ -1,8 +1,6 @@ """This module provides the blueprint for the votes API endpoints. -For more information please refer to the documentation on ReadTheDocs: - - https://docs.bigchaindb.com/projects/server/en/latest/drivers-clients/ - http-client-server-api.html +For more information please refer to the documentation: http://bigchaindb.com/http-api """ from flask import current_app from flask_restful import Resource, reqparse diff --git a/docs/root/source/index.rst b/docs/root/source/index.rst index 003d07b3..1dd71003 100644 --- a/docs/root/source/index.rst +++ b/docs/root/source/index.rst @@ -53,7 +53,7 @@ At a high level, one can communicate with a BigchainDB cluster (set of nodes) us
- HTTP API Docs + HTTP API Docs
Python Driver Docs diff --git a/docs/server/source/server-reference/configuration.md b/docs/server/source/server-reference/configuration.md index 4cd9e9d4..50003d10 100644 --- a/docs/server/source/server-reference/configuration.md +++ b/docs/server/source/server-reference/configuration.md @@ -124,7 +124,7 @@ If you used `bigchaindb -y configure mongodb` to create a default local config f ## server.bind, server.workers & server.threads -These settings are for the [Gunicorn HTTP server](http://gunicorn.org/), which is used to serve the [HTTP client-server API](../drivers-clients/http-client-server-api.html). +These settings are for the [Gunicorn HTTP server](http://gunicorn.org/), which is used to serve the [HTTP client-server API](../http-client-server-api.html). `server.bind` is where to bind the Gunicorn HTTP server socket. It's a string. It can be any valid value for [Gunicorn's bind setting](http://docs.gunicorn.org/en/stable/settings.html#bind). If you want to allow IPv4 connections from anyone, on port 9984, use '0.0.0.0:9984'. In a production setting, we recommend you use Gunicorn behind a reverse proxy server. If Gunicorn and the reverse proxy are running on the same machine, then use 'localhost:PORT' where PORT is _not_ 9984 (because the reverse proxy needs to listen on port 9984). Maybe use PORT=9983 in that case because we know 9983 isn't used. If Gunicorn and the reverse proxy are running on different machines, then use 'A.B.C.D:9984' where A.B.C.D is the IP address of the reverse proxy. There's [more information about deploying behind a reverse proxy in the Gunicorn documentation](http://docs.gunicorn.org/en/stable/deploy.html). (They call it a proxy.) diff --git a/tests/web/test_info.py b/tests/web/test_info.py index c55f467f..c0233159 100644 --- a/tests/web/test_info.py +++ b/tests/web/test_info.py @@ -23,7 +23,7 @@ def test_api_root_endpoint(client): def test_api_v1_endpoint(client): res = client.get('/api/v1') docs_url = ['https://docs.bigchaindb.com/projects/server/en/vtsttst', - '/drivers-clients/http-client-server-api.html', + '/http-client-server-api.html', ] assert res.json == { '_links': { From ed6c90b86365fe725ef43ac2984378498d3587ea Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Tue, 11 Apr 2017 10:45:09 +0200 Subject: [PATCH 210/283] renamed docs/server/source/nodes -> production-nodes --- .../cloud-deployment-templates/template-ansible.md | 2 +- docs/server/source/nodes/index.rst | 10 ---------- docs/server/source/production-nodes/index.rst | 10 ++++++++++ .../{nodes => production-nodes}/node-assumptions.md | 0 .../{nodes => production-nodes}/node-components.md | 0 .../{nodes => production-nodes}/node-requirements.md | 0 .../{nodes => production-nodes}/setup-run-node.md | 0 7 files changed, 11 insertions(+), 11 deletions(-) delete mode 100644 docs/server/source/nodes/index.rst create mode 100644 docs/server/source/production-nodes/index.rst rename docs/server/source/{nodes => production-nodes}/node-assumptions.md (100%) rename docs/server/source/{nodes => production-nodes}/node-components.md (100%) rename docs/server/source/{nodes => production-nodes}/node-requirements.md (100%) rename docs/server/source/{nodes => production-nodes}/setup-run-node.md (100%) diff --git a/docs/server/source/cloud-deployment-templates/template-ansible.md b/docs/server/source/cloud-deployment-templates/template-ansible.md index 666ad790..f296a2cf 100644 --- a/docs/server/source/cloud-deployment-templates/template-ansible.md +++ b/docs/server/source/cloud-deployment-templates/template-ansible.md @@ -81,4 +81,4 @@ where, as before, `` must be replaced. ## Next Steps -You could make changes to the Ansible playbook (and the resources it uses) to make the node more production-worthy. See [the section on production node assumptions, components and requirements](../nodes/index.html). +You could make changes to the Ansible playbook (and the resources it uses) to make the node more production-worthy. See [the section on production node assumptions, components and requirements](../production-nodes/index.html). diff --git a/docs/server/source/nodes/index.rst b/docs/server/source/nodes/index.rst deleted file mode 100644 index 1c3671f0..00000000 --- a/docs/server/source/nodes/index.rst +++ /dev/null @@ -1,10 +0,0 @@ -Production Node Assumptions, Components & Requirements -====================================================== - -.. toctree:: - :maxdepth: 1 - - node-assumptions - node-components - node-requirements - setup-run-node diff --git a/docs/server/source/production-nodes/index.rst b/docs/server/source/production-nodes/index.rst new file mode 100644 index 00000000..7b42cbaa --- /dev/null +++ b/docs/server/source/production-nodes/index.rst @@ -0,0 +1,10 @@ +Production Nodes +================ + +.. toctree:: + :maxdepth: 1 + + node-assumptions + node-components + node-requirements + setup-run-node diff --git a/docs/server/source/nodes/node-assumptions.md b/docs/server/source/production-nodes/node-assumptions.md similarity index 100% rename from docs/server/source/nodes/node-assumptions.md rename to docs/server/source/production-nodes/node-assumptions.md diff --git a/docs/server/source/nodes/node-components.md b/docs/server/source/production-nodes/node-components.md similarity index 100% rename from docs/server/source/nodes/node-components.md rename to docs/server/source/production-nodes/node-components.md diff --git a/docs/server/source/nodes/node-requirements.md b/docs/server/source/production-nodes/node-requirements.md similarity index 100% rename from docs/server/source/nodes/node-requirements.md rename to docs/server/source/production-nodes/node-requirements.md diff --git a/docs/server/source/nodes/setup-run-node.md b/docs/server/source/production-nodes/setup-run-node.md similarity index 100% rename from docs/server/source/nodes/setup-run-node.md rename to docs/server/source/production-nodes/setup-run-node.md From fb2d4b19a9ac826943b27cee76e6d15ed4c42f59 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Tue, 11 Apr 2017 10:59:56 +0200 Subject: [PATCH 211/283] bugfix: fixed ref to production-nodes/index in server index.rst --- docs/server/source/index.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/server/source/index.rst b/docs/server/source/index.rst index 6ac4b9f5..3de3cb5c 100644 --- a/docs/server/source/index.rst +++ b/docs/server/source/index.rst @@ -8,7 +8,7 @@ BigchainDB Server Documentation introduction quickstart cloud-deployment-templates/index - nodes/index + production-nodes/index dev-and-test/index server-reference/index drivers-clients/index From 392be982891083f9642d5fac54099c0c76106a92 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Tue, 11 Apr 2017 11:15:21 +0200 Subject: [PATCH 212/283] docs: updated Production Node Assumptions page --- .../source/production-nodes/node-assumptions.md | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/docs/server/source/production-nodes/node-assumptions.md b/docs/server/source/production-nodes/node-assumptions.md index 8275be32..9d52aa5a 100644 --- a/docs/server/source/production-nodes/node-assumptions.md +++ b/docs/server/source/production-nodes/node-assumptions.md @@ -1,13 +1,16 @@ # Production Node Assumptions -If you're not sure what we mean by a BigchainDB *node*, *cluster*, *consortium*, or *production node*, then see [the section in the Introduction where we defined those terms](../introduction.html#some-basic-vocabulary). +Be sure you know the key BigchainDB terminology: + +* [BigchainDB node, BigchainDB cluster and BigchainDB consortum](https://docs.bigchaindb.com/en/latest/terminology.html) +* [dev/test node, bare-bones node and production node](../introduction.html) We make some assumptions about production nodes: -1. **Each production node is set up and managed by an experienced professional system administrator (or a team of them).** - -2. Each production node in a cluster is managed by a different person or team. - -Because of the first assumption, we don't provide a detailed cookbook explaining how to secure a server, or other things that a sysadmin should know. (We do provide some [templates](../cloud-deployment-templates/index.html), but those are just a starting point.) +1. Production nodes use MongoDB, not RethinkDB. +1. Each production node is set up and managed by an experienced professional system administrator or a team of them. +1. Each production node in a cluster is managed by a different person or team. +You can use RethinkDB when building prototypes, but we don't advise or support using it in production. +We don't provide a detailed cookbook explaining how to secure a server, or other things that a sysadmin should know. (We do provide some [templates](../cloud-deployment-templates/index.html), but those are just a starting point.) From 6cc1e7559513fc6e0acb96cd417b125dd493cf66 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Tue, 11 Apr 2017 11:15:55 +0200 Subject: [PATCH 213/283] root docs: updated Terminology page --- docs/root/source/terminology.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/root/source/terminology.md b/docs/root/source/terminology.md index 025bea71..66375b38 100644 --- a/docs/root/source/terminology.md +++ b/docs/root/source/terminology.md @@ -1,21 +1,21 @@ # Terminology -There is some specialized terminology associated with BigchainDB. To get started, you should at least know what what we mean by a BigchainDB *node*, *cluster* and *consortium*. +There is some specialized terminology associated with BigchainDB. To get started, you should at least know the following: -## Node +## BigchainDB Node -A **BigchainDB node** is a machine or set of closely-linked machines running RethinkDB/MongoDB Server, BigchainDB Server, and related software. (A "machine" might be a bare-metal server, a virtual machine or a container.) Each node is controlled by one person or organization. +A **BigchainDB node** is a machine or set of closely-linked machines running RethinkDB/MongoDB Server, BigchainDB Server, and related software. Each node is controlled by one person or organization. -## Cluster +## BigchainDB Cluster -A set of BigchainDB nodes can connect to each other to form a **cluster**. Each node in the cluster runs the same software. A cluster contains one logical RethinkDB datastore. A cluster may have additional machines to do things such as cluster monitoring. +A set of BigchainDB nodes can connect to each other to form a **BigchainDB cluster**. Each node in the cluster runs the same software. A cluster contains one logical RethinkDB/MongoDB datastore. A cluster may have additional machines to do things such as cluster monitoring. -## Consortium +## BigchainDB Consortium -The people and organizations that run the nodes in a cluster belong to a **consortium** (i.e. another organization). A consortium must have some sort of governance structure to make decisions. If a cluster is run by a single company, then the "consortium" is just that company. +The people and organizations that run the nodes in a cluster belong to a **BigchainDB consortium** (i.e. another organization). A consortium must have some sort of governance structure to make decisions. If a cluster is run by a single company, then the "consortium" is just that company. **What's the Difference Between a Cluster and a Consortium?** From c3f173528f91547231f9fd2fb89f17e8f6769c0b Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Tue, 11 Apr 2017 13:23:10 +0200 Subject: [PATCH 214/283] updated docs page: Production Node Components --- .../server/source/_static/Node-components.png | Bin 83733 -> 36249 bytes .../production-nodes/node-components.md | 27 +++++++----------- 2 files changed, 10 insertions(+), 17 deletions(-) diff --git a/docs/server/source/_static/Node-components.png b/docs/server/source/_static/Node-components.png index cd08607313fa2e20f77e8fd9c955da0951d98da3..427bc4c6cbdc8a10ed5d57d7712f113bd7646fd8 100644 GIT binary patch literal 36249 zcmeFZg;$kd6fJtB1qlHGX%PWQrMtVkyBq0l0cjEGF6l05C8fL0p+ma6-}d+J9e2Dp z-W%io0hi(M$T{EnV(+!rnrqIv4Of(xKu0A+g+L(aQj(&|5D1(H1oG?v1rEG}*zg_v z4S{zSmQqDQL4mC*tbku%yNGGJs5qFrxEnc{K`iVY?93RPO`Ock?42zgT#n#7_#qH- zh?J<1sz>_%qQ9=()f42{L{GZ2CxM8=9%eR+E2cEntih(_@^-33&D1PcSx$+LP9=+3 z_OEtIs`e_oSn;3cavQx;$GFN!8%9RGrk_85I;I|xS@0a%3*Dii)4M zzpg|H<|tY=QaO|u2$+tM2k%Ul<9U04Ygx8%gG0TF{h+C?^th;PzCPzj=vq}%qeGq6 zxSn+wLW4?A(Yy}IOIAPin2Pvno(i8mEDw$jzK!pPR^Wo0(3ju|RHwn^=H#w;pzSfL z&>3BBgOPCkbhv6K(E<=Psvc=H?@x;cZe*EAUT0P@y^}e1-b>3KMFUjjrRVAKv z69cz!&ZwRIA|WBc&h*~TAfg5(Xvkpyu5QOuN-Dg84m?%1`?zrS@C{e&=FaTd)pQ-A z%sqw^C$s{bK43`p&NGyq8`8=M@%iUP*~Ub2O- zEdPx~c zAs*^6c+yuJzesz$U%y%~`C3B&Ci!Z+EznJ5F5-yYpRFq~MMu|lcVKaO_ua`8?7jad zhn@+~wbG<%jG0-oI>TxXvxPgo)}0h+>eOe~ShD^W4-#+>kVzT%gK?3&K}_d`wtMCI zJN{H&*MN$pl{X?uw$f_ODV4VZvboKuR13DoC&p>T43ejsj zMo*g>U?{VNYuDuIN-S1q?C@ver?{52L)Ulu9N%KR!<&>6&u=pPc++>3ri4o;prV6A z_VWIEysIvH96T!c^WH#g;ApvvAKGF=7epR*TGMDBF}<=5hS|g7d_vIsM}zsPYUyv0 z(1v?Ux%1uvzpT<%{Jysv$G>&^FFL9k(`Lea>)Abyzvhs(2a@@*-oWzFZ4w!N8<%g~ z8iZl~t{NYz0HsJZi!%gAPXXo%=l4?$M1K3oI0Sp`3&CWWR@EtV`LEp9P3f8PiQHj(z~{2 zHod=Ce{ngySNeE>Xa5RZV5NR<8ujAh?l1pOaHLl)IFdwf!5`Z8a8(kKav4*ysgT9n zKfDl5E_ps{rI6LIw88eH-9STS__|xom2nz`g*@i%zm$;G zhFQu-^cVznV!3vyh~*h|XCH?1ON9BmhenTnGU}#5Jl}8iHl^ZwFTnTfret*L-ipUS z+pi4&SR5`@T(a1vfI+A4VB+a7|LJ}eGblW&kmNf)(iEkj`vb!S?674u4FZe=)vY=f`BwzQ3xY+^Za^FmrV* z=N+1svEy2;39APmk42tOeEgSgvmFBdpQ+&gm3>j_z(D~>R&U1GIr8}YCrOW6rNYS{ z{#WifSP#SWe*D2F=(6+l;sugb%fI~Kh0lPXJ=w1^l2vhVb7!snkiw0IhGsVlW=ZfU zH$<>yEJN+5K+C^emS84!NT2w>(wtr`cm5@1V=S9B=KXn>^X8;jB%W2vzi|KWq=j>zqshZp^!!RSZ|*>cGrR=ZB>PFM+tfBh1K)x$&Ta+e2_ znCkVyIAkWh@0h<_pV7F~)`Wa7u%cld%P(>x_^ z1QNSh{D6vP*E9AYa*&~XKOH>_BClz=sxW9dnN6_a=;m7U-D>A#aFg#%8gyIHM9UtJXmi;N+7 z@p^;Py`f9@uc*qcjlyR^v?aM=%d?wWd~5$o9(COukNo4)`>C$3u7w3%*ah5*-c%_( zLqx7bMC=CHpUV4sC*F*|oJl(?ylK2%s(qD^K)isxS^MvJiDYyYW1b3qvs<-b04d^% z4y2zQW9+mAHdGxe4uxKbe^+8GYr=3&xeY$&aeN8V#|q;NS|kQ;5;5(?>3Kv<4Ano- z^%8RQd5OT%#@f0)Dn^-|Plt$z+pc%2LKhX_6l>B2|KqdRJFcd%^z`&j;jV0f*ATfq zy**1Yig6zf4FiEJ1^A@Dr2U7+-w`2othU!xYH`2K?z>c*PbgwT=+w);_M83#cD`B; z&+C+nUBnbu`Yzqrhjt`N{2V`-TepZq&dr*eo3j{owEysNx=b0Ws7xNf8uMsMz~hW@ zSP6^`Y@SxGty85buoL7M_?66cdA}+1M9j7TljBF)yf5f!Z+21n!~BOXqXvu(E*o>g zDZ9L=DA|_(rZ;0xq6Aev)PHGLTN4r>9w!ldyIdhx-9Mg%>`zKciXo>1X-;B?KVZD9 z2-tkabLrQ@e==y)6=qdU1qs+;VZi*p$;$s#TT3fKl)_E}IiOvH=O6Gi8%%nrvbcK8 zyW{@m4hI>7KS$o_E40_dTN^d}P*Yo5ub0s%;^xNgqmk{aJ*O&270;l%!SD29XRB-e z12LMQ1B*pqUU83vjYiqJQ`76$uMvc^pkDbz{iZdq=+q?(CR$s0?Pd|rt@##n%PT9h z?D>5E+U^a*aNZ2SjqyZ(BzL3wYaDUPo05=FU`R+vdAXgdD_er}w41A7 zj{ zJ8ejciXzlq|F*f%&3@oM*_+OJGvBdaZ8ox7odySKreJLf;Wr>^4}J-^{Rcyo*&NG3o1SYg-!{W*_XH6XS}R7#pLa zp|LPC6TAp*D1~2=PPH3HMF?UuvYDuDaJ7%;0R?ci$@ZkXpUlhCvyG=X4*@O^bPTdo zrRC)zG-%v%!GY?u3C-1bwvUV_4<}TqEohMJK2fUA7qgRE)y5$Wbh(Z+5kK>Shg$VQ&ei14EEG~tl~h%~H_%Pkfhe}K zwdLjIm6nltGZ1t*J=`H~#yo$zIq3K2F4Gi6j}fffxaT=C8NQ1P3rm+fKd+Y{M;_uB z*<6bYxpK0%UU7|g9^B>LOlXj8JFq^e@0r{-2NE1EtjXqxAm;&xw&M|^xxvIEM)pD+ z`Z$m=8@bx*WJ~GgCT9yv%c6$8)7}jyPY;iug5;b|8z`m>NQBcF4AAS(mFi^}0lblr zRvz`fvW4_kEvk3`N*s_bksy4*Icb{2xDlgjPsO zyvL20F4YM8{CQ(@^Bon{Wr5aY_UvwhU<;LtoTUrO5G&G(-a5|4h0SIqT%aKAl_wv# zSxd1i1Sk%*Jg*OZR-e;hV(Bx;5(UUvk3#LRMhDPtLW6TH!MIgcI*5z+#*pxwpP$$1 zy#={AQ;>-CCFzBlN24w(YaOtNXAsQd*E zN&*KB_xImeGW+JfZ_}}chj_@K6Y<;r7M|tvzO-zicnWBHCU`VHEqLd=GTSV$!w2XW$wbyiMnstV*`nK6JcAJ6Uo{~jB5L>7BmDccRE7ciEwATN-fdA0 zTnly>kBH%UkaZ z5=6OJl^ze&9CgO{eoE};elH%IClzsDMfSAO=6!MN-#k_C@RZv&%`Pu3eM=Ng5lcGV z_TT-upm4`i`FC%fu{oabH*f?f7lV|T8y+q-C`zWJq~zxIB+GVjdfI8w@iJT#`_-$E z4)%{9cQ(BR&htT$OG{36dBB&IaA6+9!^7+JF@Xq{{*dPoaNSjHG-x zeC@e&i5t>4~CDu5?jyk3_dHk3s zUBk!c97QCewgn6Yx9qQGl=!_bkC)nra_Qblc)mAqxHvVy{yCtap`ihwO*ZwI+|FV$ znKUK#&F!r+&G)md(W{cO9@LQBqN1X*vZ&vN^akzsatip7J+EH9s;;hJqr}9YG{c0^5vJZv6z_H^AO<>;g?ugzl^JY$fg95WTmC0#mB#m zlN=fzo-Nn0u(pmcC@CtUVPR3B$5Wxf#l*xE5D+};=~OFKw}aM&k8Y{ZeE;)D5*az{;qJ=9%uK34*~VsXIE`byh5C6&CxcGI ziYo>>dXI(xG6KTCyI<`Jvt`$zh#Rx4`|<^4+QED@laCk!x#cgo%-Y(TCVgUB8c`5A zO~l{7f1Nmq!$pGx;QVrBsbr+2R-KxVkdQJnGc&GBc*;0vR61jQxFE1fkZpHYv() zrKL80ety*Evv?Ui-8w(%5P#kj5sZq*$4lfEfan zS&;mbn;Qn06Ew6u=ReMAjqb=6Lc5`!&P!+pNxBtB{KdR<>@o}4WE@p-O8qa`rOtQwiK8{foI zDWn;#woe@Z$e`DRap8*-Cpnc+UydD4NlqRhNIo?+bsk#Q24 z0tSPbptq0o4-M5dH2j#{K?%CPzW&6S4&qT%RMh1jRl0!r!-ucpdDAm9gaicSDA+Gw z8kw1G?(OO5=%l5lYHMgv<3(N_E=H1n(WDp0LJ%8|#Ao`}Z;Bw4o{_=F#|N@?P*9Ku zuRfSGP0hKPa-Hf(9v+^%ySt<14zj1$LKJb<*4EIHC|yPcNy#s4I5t(%#d_4M|F&YS|J#;6O)-Ti89&3K=_j3F&OJt|hq7Fze7ot>S7V-^PU zp8O#voKsa(gH5!EiH^?3!m@X*u_y*Ikeyhh4u^du<{d4s+2Gs>PP2M-d+(AfX!Qp9 zG)QP3q;!1$3|l%M#(E0)G;ZM(?gYxv7s`GjHQ`kB7u0b71n1kESGfJ|BzV1*F3a1` z{^>aj1$)`#YpdQi2cL`GX?bMm{{H^l+}!r|Hdy_xhp3Cf#j2nJIdZ1g)G(ultnKbL zJ1p~0x6jDaF)<}cQi23Er-P4=j~)I!CFMpuu%VyOMlIkhb>Ko z%Gz2MKPD9wm9ma2utb%MzYm+QFa9xQ=AxveeDfx!y`A*VJ|iRJWWdDnWg1bG8g?u| zuy6SJNipldgaIgeffn`Ui=@2#$mrU2Q`{@79r@w|VsUdRAjpZ{rn+pA@-cOxKSq6`XVX5n;+PU<)h)hw8LWx@bd%r22M#XnYO6?(S`uKin zX=#ASJ$W)9fEB4T5YmegI<)$xMJg>ycw_eN_zPm!&ttQ2ru`y3oBg3J`;`cfg4 zRjM8fO-Z@9Zdx!>f}c%uxeQ=*>m1=6#fPNp)iAOK1G0O%&Naujh8+x6SL zUU>)htt2MoD;Hl^q9O>XviKVF(Ub@vf`^usldG2amodB&9QjhD%UJ$_{1|5Ig1zgf z-Adi&Pwx#MX7wu6vg#?XBcti=ec=+%k9jxD>pX`~zetfq%_V%Oq&`AhQubnXR;i454 z6_1aPcb5k$54B5rrp#JKMsMOI>FMcJ@4gJ1yYr42_v1D1MN(jgTj!wMI1G7Dstu-I zb6o$pc?T^PQFuh2N#R+v|0%~zJYI8;wN>#%x%m779W7^Ml%q;(SGrh?WW%iA>>_nR)YWSYv&L-* z5zaaGX#H31$nf9-vxC`oILnLyb)(GC4IMV=jk0>u1!2sXL>J$GY~=_N-*q7_s+b)f zK}7Dw#f7E-d$f30`|EV5PW0~3^@3dguzH_m(`Le7_OIVh*oG{ii6mU(@$TQ*2Ar<$ zTP9(j_=b0Y6c&-oP%Bz*Hj>T->h8|Yjt7rIj-siV*|=pL#{;3B zo?dm&fXDO1E$pNDLq-e?46vrkM*u)FWxlC*?VZ_OQ4>~Dt@i>{f^so#+F*45$VlSg z=E%qhO3=^d=2H(|ANyM2oIm~jJMDd5(eiSk&F@oqCaTSDg1xVzdX-wV^V;p{?e44Z zv%F4Yke&Tcv<3*chpT-_-D$SN0STQ~4z8Ep_eA2``LMM-t92gwrB9_ILL`J<-@MK@Vl4FMxlaRc_meSTHOp#U3Af0A- z@#4kA!~`5X{K5Wy6&W6YH}rTQW3@Lh%}z`(gC7P4IdZJzw6rr1-r|ASrtEBTj4&Jm zf-iC<*eD2KTpJo1goK1pf^6ri0=rf@xwyo{#j(S?hlYkSW$zYJ@D4I~lux(SZ*i8q z6_9VE4Q#f*yga?*OPy`G)yUk^)wD+BmQrYZDhZemyTorB*8+@|!ChF?=$1*X18W-x zD5`UHR`DP&fG7pCW@@?tf*6yO_e;6a^n$OB>*c-{QgGnIg@%ctAr=XVT;BNZ-rkN2 z_hSaQ>Bfr(fZJLD{1hY?m5`vOq#WBhPfaCkEhm2Ya&><{D#Q&GPo&@+ZXv1i{JJ_; zE-o!F*2u`U^R@uD_!zxPkv0E7a1b>v|EEyzaZS4qO zX;77IY_#arLDjakEh{K^mo{wwl+&!#k;KGv+Hxi!ng6oGpv+o}-)4Y%nN*bwhRh(w z;P@n`xMb2;n*&?qs!b6LFyqaRN5HqQ_(C_rS5vuOxX|p$W4O9yhaQ|mLx_*xxB3Z8 zBkT8i0wiO&>V*)fmMYa-pLE};D_mII{=Ju%*X89Uv;u15LS^dqaXF|g zM@YkeWhH0#DVWcX#=+}0%G5Mp{ZaMgdN%|O^JsaJgMc@YUH<^GS!;pXv=AUUMZ}3E z^fm12sLj%ge`rjx9H*tJ=|;#T@6iz6H~9Blbk%J6OipZp87Zq}c0(y-$sQ@VnYsrx zA{Vsv3NkW#mu=5PDPH0k?CtH5kdS~W5El=nQvVBKNM*5zsjYREl>F0R2m51MBSVVN+XUr}vMB&TV zCGQfEN_jrP@7s}F&62VEKHP*>+HN(Iqn!GpPd2{(pI!i;{T`OWHsP6}i*xn1>)_tr z`be$ALG_CuCdi zUq6>ouNaVdI)r!^UZs92JMKB#;#o7sLb#!L^ZbX)v#~a}!-W*UC#R?H9~?Z~=D`Y7 zX%*5r1JTF1BD<2rowA|V6$qt_@LVX@++U@ZDV0TARL2tct84-a<` zvq6F!48^4kYjZA)eV}8zIq90ghoJZgc*=P=j$kuQ(?q6NeoXkdJe=Kw#WWHisk_p+ z-iT3I)Xg$gS`LS$g|V@(adA1#b?XQ3 z@FJUZ85=AXS_H|lj&JT6^+k(SothRhhtlSv>l${ueE!n6cvfg4I}Iwl^Vbu@LdZHf z|KZ}|qW+Guy)f^rizB=Qr+7-X{?3ElCTGQ+G>9AoTGtpoWN}SYt6;AW%@uiDT|;Bi zvJNA&K#}J1X!&Sw&&Jla)p1=MH3TF@ugCkF?(S|<$;i2QKvbs4{;2DEPpk7TPVzW< z-n;4e_;^IEzM=v{K#4YiIYoB*MWn+^JNeNweH^!(!`QMZ)8-Jd!D)VL>!t)xp2pI| z?!$YdpE*W4eMHfDUOuGhNso)G`)!AVa4_x{X|DHcp7E#ilN@FI5W&T~uvm`10^PEX z?hVa-^sk+#oJYAs7Q)gJ=~}kqQ2Urg zf0-}GY*z?><8tA!iF{f(KmWA2FeERl*hT_bk$Z5gNo0csn@ZAhCJKz7vrPsd!u{@z zCSstcx3#qebuKS2kBE@)^z;-o_jhjJ#jrmAHtg=}ySnM?21O_&G}O8U51POES;)?n zJZ+4c0>$a(UaPg+Hq><}MsH5Q&6%gJFFht^B;vvm95F~p=r?zML4*2kyEGakp@pAL zHxO@&Br=o$_wh+;1ss$1@F(UIKwG~x?s7pXkL@(1b5^g=wF2{J+=B`iSml1Sl*Zw3 zI9J{E`}gXi)>8@874)YEfRM!wUszm}la=j_CF}6IunrLpBq>&;0a%(!KHbvT*x1}0 z4^U{nxTK^pb|j;w%qq&tSO`K&E}-X?rJ4j00e*UW&B3qNB%mfsNl8gdM*vU*R&Ykf zVmMCaB~}-9xF%pdl9OctQ3qO%>ltq80w?f~IW2Q@bCCD@1UlXBs;jDgjc7MHndxM# zmgx1ZuC9WD1iE$5q|ULqAKE@(Rsw!Pko=cd)ZpOYNg7zL&+mkjWvOEORJ>8k_`#`w zU2C5&Zw30qM06zB8$@Rw8f>C;85>sXm(Ds|LWl1^9e6+KZ%)p^!Qr2U1v}s0X}04z zN5XJ9xsg5QQE;utgk%RJ_-96H;qaW9>;;+Jl-uh701eO|AVQjSD*zCP?15Gpb+x49 zDY-I#*Q5sxUe^r$Kfc3z1c*o=i&CIqV__+R4(s)6z*~X10OhLN_~dsmGT;;u;Q}@3 zdvOlK!oms*3jqsocYSS0G>V9fOhiCnh?WGdAxa^H)jc_hBQ`!XBnuKV;1i7BZnw9$ zgTUeE=Z}er@!=PE|6Ym`8?c#}VoKE1)cjdw#Kg8%R^bPIzqZb*A9sN%3=lP6zhXH% zJBN#YOHUtKKLLPy@)Q|IUG2VJlp?O*6!b&jwQKeB=g-?aI}8Txx(DqbYZo%wS|RSOKsk77>s3{ns~Xm zUM~}l_V*W89cL|SaT3d$nwt9f@CK0sdJo_$&Ci!-XI;5$mvOp`7Pa$WM!l~dCv%U_ z&WPA;HO0gbGvA2jDC#yjA>KU#00e%3L=I@9zV(ySvonz0j$5$8yEisA08w>%>I8_r zgoF?~guSgTK)MnV6YsCDudl6ju71+h(*x~bgkF|#PJUrwWY5~HygyF3XnlSC91>*t2lNcit>9r7+ zjEoE>W-MT3-T5S>XMs>m@#IEc+S92p`&mGVrX&_`Ry{M>l*<=4grdX$X*cA|of5k( z5WY=h*6l+r!b~7B(Mlxd?@WOnrjh7orXR8=paLczc+YY z`1FmHH=6*xYboO073v@&j9I=)r8U@xUmQ#Har<@S-Yx~9Lo^=$dd z;x5OMR_kwh^}$#2qhlwo)R}Fmi2E^qGhflB>3_0e#0lHR344r3)AmqHRry3~H+v#I zqJ1XSTdqIvJ{)@^R_{WXVs!Q}+fOI!AGt-u%HlEhh)U;Y@XJGb}&4nnn`rv{CJ^ws`}bx%!Tq zoBOxp^UDgfk_b!#e(LMmW@(2N!GSxnxnbA(tPaENWBcHuZ?b(-&51k`*>&_AR*vZd8_XROq&Q{5=m>g@ZCuyV zRoX0mibRdUgWPkSRjiK7>8}DH2;#S9l83{jowc=8eS@fnm`czuA3QWpOP^ew{kb-4 zZ~J~ey(-4Lv;!37B_@}5`{*tA0Ufdh)qj?i@?w59&$5!W?aHHA4kJI~(Ge+3-5O># zHZ@p+FHe#EVhJq^%jEL10O$+e+)0P5Zrbcbp!}_CeBJqoy%mNMF~n;&9(}@cp_rUz8Ec zZzpCo8f#y9Y6cdwa??0Vsjr*W8aU8(uLcWBr=YDw`GT129g-&d{bFGo%F+tf<2~tBT z4|V%Ac^1h0dPMuJGZ!`-?e`SsQH$hKlRQE z1!lt=i>WVvP{dGdyZ~!PD(UT6gYn^X@u~R1d#`3K@Xw((IgJWZT!b7u(b$hP&Wbl zI!ygqhLBWu-9Omi0O2UN_R9UHMV(&H@I9_nTl=4Gvag(?0yb#^>_fVr&g=X&)m^?g zJ9)hhBDapV9qxblcocSY>2bs4d4v7@5+ja%p*qcOuXe%aE|WoTfe)uHUy%kdAwW^A zaoJI}H95=RaS#3c85b9~=pBsq{rlAu4=~VO8sjtx0~l1@*@`r%A;Po?Yrl0UvC9Di zz1Zx^N?2Y|F#>}T9oMgC(e5Vv9J#v9ohZCvayamF^u^x_Bi~sJOKTvrt8du%?a)$Sv*L`uy*_n+^Gw!$ zcysa2&*teF19hwjR=&Om5!1`%)-Zw7$1YcA-}ZP`-nrJLw&_Xy;WTTWj9!o>!!K?V z#+#Zt(n0-HLNRC|Y>lV;Vb(TzUtaJWUd zkHnaj-oqBs^IBLrIG9{?zg3%5#$e>^AD?W=jhcL$QF~7NtzE9lY$S-L^f^%eL8a4a z3;ykutcJg0Tx)%4N z%j093_wR+2zV{f1gmvt~bqi}ZD!ADc)|aEE$&ujWhb4h9snVpkMbO^M7Ar-JCF4uw zE5BeJNj=_hl!(`tA|m_9_sH@xN}TQ7Eo=PrPllFmUDM6VAvrw~lb&I?99k#;V&)B< zkOcCR3xKPPj#7`l9^jSL1+jnL^Gsry4) z{s$^!9shuE9^u;X kcJKl6KZtSp&O4`iURL?lql`AmTrKIaS=4SlG7YWqhYXw|3 z4g36=H!QJjM;w>!%UB2>vrLH_I-l9}(WU9qItj?>A4BX{bjl>qDyWBsaBA50TEX+?% zgNN(hjgKswluiXW>S2yWqCM1XzPU16Yf4+zL+W<|`xEctWxp{fP!NDQI|3nlzy7dzeT-1WMfiqAj zH_*udS4)GNnwB;@JL}AuzP)Wp7%g6)3_2)~Ie`!bqyb6Ffzi>%`g*;3>sNt-UqG^r zj;;sfo{Nj>f8qzw+h}NtygQx&zm16r4rp#19F|Ao?CtG=P!Cc74r&NMTiD?UcNG*A z+_k@QU_#l`L12@?{jG&(?Ba-HstR%}B@ssdogd=kWoH4*YTtw%?He7Yc+o|@lYfUT zf4^pZ!QPr-C^EF!*|=VTqb#M+t9f@?HS9xm0Z#l71dQH(ZKSwdrb|xkQq|FoZNN^l&ChO}L6T|%1*5!l|kL9*rfw9gy@~^|(afx0`T)5N@FqJGO+!trs zKLzC#Cde^WB}YdiN4~pKWfEg24oY}BLzg{lvagN{eQSAsqQR)|`PjPCTTe9IacaNV z>bv)s;X&xuB&sj!BdOeL9`mS^?T;pXQ9lTjqWbC*YT?LHjP30YkB(y59;;^Ud{g7% zjO^|8)z!gr6Qhb35f-MPps0GbxH*^<*<;L~RjEi*q-qV&CXf*SlW>eb5CHfBT5=zL zgJRX)ogL8j0^djJl32ZIUkpiNVj^f!feC<>5Zz!@gd7WlguBjSG!qcpz{EhCkP2vM zLc)j(N(Z1wi05sB9%gF`w7o#J5f>G$<1QVXpMQ;c11LBK0lU3OX<1oOCEyUEOOS?# zhp#VGr0X9Xbar$5`w3_nT$I@F-@JLl%37C1PaQ0XrawM;Fj|!o&|x+wo7{D6d0+N3 zdKs^DWJ>H`zfcU7CYlb(2h*BwbntMsI3ro2NU2AX78^aj3*e0nm1-%z5(%pv+RTx3 zVOy%CFdJ#k?H^}?c*!nwijKdgWMx{Lqn4hCxDP}vaqoTW-ut?I9qj`J@$6x8a;`7P z=is{>O%VC3X?(S=H*WZKH(4{S&ID(l}`iT`3diyy=nK174*O) z3Q{ZJ-qUGZe718q-662r2j9XpgVqs#xBQfWQvoBeGU0$1`U?CF%gvs94f(4x(K<;X zxdSF@9uU7z28VllG6l+3tk9p1>tK#_oNbobz~Z>}BAuRPkU>EZwzRY?y+M195VUJe z26{I7K16#!WL`Vr`}i`*m*=-Y$^;+F%LbtOY znXk45Fs`g%@O+LUaba)Q2huZ_j!SP((z+f0*dtHi7uceMQ5E&SjtuDYzlBJ zx^MRh$j|uUTy^{wL6+zaO;JeWHKl1YGhYW|Hu~i8Cb9=R@}J*>7(;>{55zNexTxB* zX9TTixANJq^oqzn82$o1jJ|(S1pa7NB;!;pDTn>`@k@nQv6Ti*L2WaN@0PiR<5Z#7 zf2JL4w3}F*m7Tm&Bp1H8-{U2q9V;*tMy=y!B?@>&G%mSq-Q%Sx=Qm3>7Btt+0)YE% zmg!vodbFsjW+!AN2tk2n{K7&?p6M+ShStW!Qc$(PsGh_l>{Iu=eBmpNbb!{16Gz|% zvDxg0P)bfv01`J#z*mJo7@@ZpyXYa2%CvhJIW}Nsx%3a2N47!ve06Nmn0f05`cs_N zNDop*+y|KN4db2_mG#3hpTjMEX{P~ZCQa%6X=L(=i?*ok+}*m|RLpB;m*aqE@KxiY zYJi`m$1~{gBSHHGR;+O~Xg(eq+p zl*7l2XLj>8f$rJ{U9Bcbh1W`%Q7lTzfE+i|Z71YQg^uAXSW4Wk%tu0X zRYu9Bo052zKU?ddRMAmfndRSLhi%Vhv}HEz{mfewEphbjFsx!HZv3k(`V}YeIP-pd z@>Sg3Mr@`VtUG5g|I1O zruC|Gr}~Lb7V0)N?Z`~J(uOauFz3`Qz`G}@{$=yKI6)f40hx{)UC6xTJ_7y@V= zyH3`-5PP0QY7E`aakF}{d7c-|W{LqbCna_!0Sa}3^a%uzZB9;3Q*a;HIgrtQm7Ci_ zfZvrT&}{^}Qpkb-uv}p7m+yQ;b=^s7(S(kKo53nsVu7~sN5aHf6Rp9GUO-(HG?n^l z906e8vqU92)JH7>BBffT6*S9+rjPHeeg@{R2HsGv`z|xsJRP!@7?~bZg9`U{nBt2F zvNRDH7gX*X#LE_byY>3d;LjAr(Aqiq!gqc^M@#TALFgPAfg=uQyB}|vxZ1!ax?Ir*9fN4Aq-GfL7BUz6-VG6n#8?4P786Sz9ofjN%av%U*AvvLhYja#wiF zRp8ZI*a{V`P?hVOa|G5iS*k|ep!W&VVnFl@sIHR$(MX#BY>J5thA6+X-FL5m{h5Q$ zV*h9LE7x**yL7hAcn3^8H;MAP^|h2qzRBEZ?X}0WYzYgJVoXfwcHrz*nw5f4WOM#LPw*OH`q;L;H~W-iFKdFJTZl zXs~U|Ew4Fk2CYl|o|i}%E1n;L6%AT*6z-$pn%q@AxVc$l{_qKtwATbW)aln}nmowB z0OxU3u@BFMsP8AEUZ(Y@ zc!+CovtQi)du1nTK8yb3|JHVoaE!w+$O1PN@A==joxVuBa&Z~J+z{}iA>&KjZKE0r zkmUXI*xr5^`v~s>WD_Rsm-&FxJ$`IES~t=2y&p2yEJcLgMMoFhG~w@BgPWp25l%C0 zrupE38xk~K3uN216*VA)GGz)F5Vl&EEE3hRcv)ooz9s5l7-1?Y=c>VY66xS(7XYBR zD`m>9q5YXdt@@b;klncqLk2omFSHfjm+!`wsP2guO-|m$>_;3KTVWfrp)4APl4~xI?P1q4Tt8P(wo1%^kGqYETM_FkhKWF3J z-Zh%5|Io$hYb#Tin*}X-Bps)NUHs=#C_!I9>7ab7)d&O(_640rCcmF8$LK}R*^iR9 zV#^hgVZQEdMK5X}|(ZO|SECSX$p-E&oaz3)TL)4K#|AiHc0 zrJO;RuGO>5Ci1~n@E;{1bL&NkUnMEMz3=49oO^cJZDz`55BsjPX(BF%+Lif8EMrOj zbU1E0&HYs^dv1BuY&bWq>B4wXot+D^Y@PJ@;pC$R+eI$~Azfd7oi@Xzlz3jB zw7|p?nb;)<+o<_!G}y#1w~E0JB3$h%byYzIyraG3x=h5Qyl&-~;Si zO+PI?gWg1o+uXRnmI)0&HssHWZ3A?}G-N?<9#cM(w>U8$ZvE&eD=seZVQ0D40yC2{ zck=$>p*nhO`5f^4+eb$RT3RKrndGWP;{1ukiCiPO@M1|VscXFP!tx|Y}CZI zv@NOz#06T~fti^G3qO=gm+Xh&yFD6IvHHB}>8;we^nEaNRf3V^e})va6%>ki6b+UQ zkNZsu#MgUMM$-!%KFm3*(RrsB^+sm}IB4>CEpQ?Tl@ZidH-aD=BeNYlFKg@m?2N}$ zUt@v6ac{9-4tyI9b+2z6WP9iqn1?#h0R5)9CJ51HGyD~>-WTiKv;ejg0htL1fb#b} zvovslW7ZJh>nnMd+_zr;;@_IHJ7}A12mTtLn|M)*`5H4B&}=j{aV2IN12p;qDbHqf z*3*TXM8;_D_qtjZXhMJk{T($mOUe)wsy)r74R-5X|8t8QTfIFvIA~d7_f>%lBxhl% z?RyN~-w}k-G;#Hx3ZPMgRq?^4`%BoB{=0YNucPfRbV*1uHphwP4E%c@xk-hvpp+_S zDGjoTcPlyN=Vt`UQyhm>twzX4fU(AWNcIGd1fE7pcS?>E-*v|>i4ujtXOJSJ4+Ly% zY@po%JLiOOQ+KMc}D}+m@~-`!J^)ImMe723ma%ZFK__#D4#N zY=$o*NmsX9IG=|WRp?>`xTmD0!N86YE&7@Jn=^PgxNfj(%x3B}P@ceYWn^S5RWFy8 zljHL^Hng)lSZr}`c^BUfnriS={H6r2UYQx6(xOX(HW3&R?k@H?JdRhuHUZ$cpPQdw z&H869?(ED3(DC8+0tjEFrKMd0!b+@EROZJkzrlMf?CeV*${*u2=`SxXNZ4%&+;US= z<{uyKs$+o{Jv{t5aK2#WXJ`NF?iL0A;{+F%k;K2hygM4ZfEOF^2Lb}1w`_178p{!h zYq(kyQ*r^WP2ge%C*ND{cv@(324D;NQIk)taa*aJDun%Uk}h?)KjL=4_O!nK7RTC1^A+%q z`&##l$*^Rx@5ub=17tA-?1Z|x(QEY>2k8a4uX%Y}-+B+Wz6IN=fP-F^3Jn9JSGo#U zdu|VGJOwU5+5~OzerD##>L+Y$Y|3x`mnG0P@5aJH>J(WpS)kWtPKoL_UEBH#{L1+F zg#`shcj&-!2yBiBLLdU;`+*xDxQ#2y%7C#CkS9P-)cnxJJz7lwRD3Y^@$onf%YwiT zmoy0Wy*=8Hf&2j&Zm=g$T>xyg0b8^vv5U=aKgfD`cxY-S0}ci>@aE<}fVINONf`~M z$yeP5rzTU?1=OZ*Ku{(i_$TFqtse3HAPbr@&wqcfQsrod7x@YgFO>WXFtgUy0+kV* z1P}+Hl?Qqi5yxY#rU-3M^EQbD?R{0C4v!BKLyV=t8-xN1B z%}1;rL!He)rhhBE<>|RDQk&OH@D^plU+~Id>f(B}3!n=0$AjnJn07Qcz%KW%Yh$slKr>i_?+f zGETWTDki3(z8-8!=#d7rGqd0QHCPiSIv8Ii^MM`FmT8w_wMwjEu*T6{%+wTNJ|I^(jwB`NQa2h z-67H~Esdmrbc1xaz@bY(y5Z2>-Q9Qbf1dl{j(f))cf8+T27@?f?|s%@@vAlG+#(9N zL@)mWa?fY5Kg>vQCMUAi23&UQOyP(L8{Q4DHa-Z&=cI?mCy|Ha@m; z@ZDy))LkBO5r*b)3AptN*iD%dkGlh^R#{$^FAlYD3Mr9+VBbZ-3hQOJezExMcPXC% zF+_+1VdSS@;o+F5s51cknV6^nHn)K~&1NocQxgb0t2>Cet`oaffolZZtEwi~ot+)f zGzSNcg(B%3MG%IR$7Kq?iRfDg^YjYP(Dx7K8@`8ONJvPyS8(9rm+P!NMHpAd26qeq z2dk&IC~KvoqgV3d-^XcC@3{R@y`H+SudhE9P6yyn0G8X^yD^mJwbmUOmo>7!z7EJI zZf>iTpkG{$mYzj^0@U*TIptR=vS6njASl3x0(c{+Qw3s>n7bq>7J$VAfJ^e|*8oin zFe@r5DpMC94B6_&6!5mMg=f9~dOOaJ_F-Y*t zz0+>}oC+eprHp^m#r~y&%~Na>AXr9xd|*l)Ot9hz3r;iQ3HZuA6wBkzqw7OfTqHDX zom#Z~8rA2`KS0HwWD-o<#w6ADfY#F7b}1PA+Prn=YHu}LoZw)X`+5!=KTI{egfu1t z4+1!jqGDp@--w8acK7$^*>?%u;PFCoc$bl%Fd%t<{;(h+A&p;uoh;Lnc(5W_ITD0e z+U^9BdFI~~m{S!yfz8jG8vq$GC<+F&t6L!lURI|7N9%CHb2@k@!2aCv{n_yq4K2jm z+Z*r)psuCn)QmrbzmKJcUtN8V{1g-Y^aYk$*B2I1QBloOj%djoK&S#+)SH_{9)97d z&bGQxyoclip)cM=mnNkPX;pWoz%cITsgI6~nC)th=Lnkjc~VKI`Y?N{@O?RwUjgW* zDT^#y<-00S0bUiw?D8iqG|}(-#-})>n^W-FqnQI@^I`f-)E+-?#MJHb;1%+7z?TH| zUyGt!=n!z8U_iB*E{B93mC>Qr@`|4nGg)wA;+ZlXP!$3Y7?8VH{gB(c6zStSwkRn5`!2c%09x>aK2Xd4 zrlF@V0z@{z8MSb%2oIO*d)0I`& z^WQyFr){$W?n=Y)Fuk}iPJ&5zZcyI^0T)gHvn3${L5U0+;@OW0u(TSnkgFs#sI*6$Loj76~=>uQTIyz z1ChDP>*?tMt-5+850to+9pB(RVuMiy@QNcNQJUaV?K-x1*-bJv3!j{wNa)i9cRP#D zRWJ#O&;v}XZPPogt94pgGYFc_Io?1T@$&W__l#$o9%`*uz$W0zN>p<46CfWTbkT{p z&fGWBNr&wwSOJf*x7VD&(P?jr92XUUGytXpNFC6{g3|V(>OgllaE=v!{s8nLaJfJP z0ATIQbY_T%iM7?$O#w_`d%HlH?maOE7dx6BC#=Jy_2YBcO6E+l!E+Hng>l}S8aeR+ z><8c_f#CtbwHJuMKY}v+_0<)CZslJ%4R1Suxe5q)k)J-~C<0ViNy+|Wjq|20>t;CF z-$jdn9*zQzTrJuhT=8xh%2$yQ2A}(QTdXH4zRq{?icJhu4?2p!4F-fVyI73+aI<;~ z4$k(&@Sz9eS#^mdLH2>&>!~imq@hjrG?#JsGQr7P#-<_*fXF*IH~`H7G3nRxD-duI z5)uNl2_s6B-e`0=<+7f;+89U%F#p9CuP37mjt0vQI5{vt08U0m!rg$eQ)$Xsr}^Hj zfb&q)2Xj3;&#da^4v3SOPHklfrs8DNL1L?o*J0Wx%a;I1WocyvB4M@DdgB3`O`PQM zwdLjGwVr5TC#R;=(a}QOsHh&#tV)o@8FO=A>Y5riHQV6M1lVPBMGR@+8(-D zB)o0tS-kF=jw&i=p?_LQ;fb#7HyIOOo%2}rWi+HM;-&{o(=!J*8-yow#C5)aiPeDn zVPIl97|wuq#K#PEA=DKW^>O%+2O?hrcH?){)RXQ`cx&1ocvhFB)gWFO;Xaa@@Tzy( zP!4aNcRYg%wU{-1EvmRAoxR_@mKclEV<^MoJj(NZ+sj;hlyI>*787N4%f*^-7A{nn zl~w6+djTM<0JY|{HBA2IO*+PqCry5qL^z-spKXtAHXJsOjgQ~2h6_!U>dgMdxo@k< z-|TWzwK)-Ja;|wpo#*L1%hUMzXL#-FtG?cAs5@_b*FF2u&-{Wom&dA>gJ0j1BBZ2V zMA&~lZa}itK;zP`w9_;h%{W~!XqYavtQWiYt?$?X2oZcH?JZcrSVxGYE$RT^x6{&Y z1Nt$Da{*$ze`qN0VC$K1DPDy;sEuQ4BH)5@1erSOiI7sxAfm{Z&I>yhhk(yOZ(qp_Y8#m zn3N@1thHAeYM$Q?gC|=y-NYuf4?VyQ4J{6dvpZhth^1EptVs~)=1!1QL+nJUD8xcv z?|W{+4jST_?|6G|Z>}rBg08s2eNP?viA^u>IoYHA_SJ|6N;x$%iAWzDj1PbU12M_M zh~JNbBGK&ZZ9A>hGgInl3eAG4ggpGAfVn!CJeHPpf+7ueRWYG14F%QG!i$1ue+}14 z&4E?0OLc&cy&N8mQKkgy}$j6xiC2FJ8ZM-!ZiZo?mEj2!R z`1U(E8Z?Z+%C8;4U|;eTK0d(k&@GGAya^<98L3{ewXZxTM)S4|6*U|z!0#crDe}{(3EGA2P-;Xg47e(Tigr!z{Gp7Tgvf*L?%m(uYz&+PNx(?#w zSd(0>2&B+P({rue7Fka*XH-Z88bB3$g5`@Tbhos=&grzL&hLPRo)w92wP{^l9-fLy z@8^K@4C2CSJy#1*p#X}?$HN0SuN2()mr_2KpydDz=t1l@kJ=#Pj0K6Hkfs6=aw4c& z0L)(sucKzOyNj(Y>wHG~i20hh6!P}&)UC1U^Lbi`@WGQtfO`2`LBZz6#<|f^JD^|i zeGAVp;~2jrI$6x{N+%LI`VZV+39#X4x!8OUR>Dx45H~wJpTiawX}$l=_*F<;NpCgO z`ts_THQRIVN5d}w(bgRaXqrn)UqGn@L^2~O$b{jYdQiWJ)>P|wc(E8<>NA~GD^87OkfW>f!i2x5Y&JkL)m05Mq1jQsi|6}JlU4J z6EtvSStbMMyF?bpJ8(T|IW&l4dS)gNfgvIzW5x>s879z02n@7dMx#|2QADbGNcPI( zLx#}M0S^K^s*uacJ5El=#bytOu4f&8v-yO5lh{l~g>PHSq8AbpsxtV{z_FmJ1&@R= zoC1d%fK4)jEvn8iu@Wo9m~c_~f#K;02o1tIou+7ax_+rKo>fihc^3Ex@L~=+v+RA1)u?;xJ3CKaEYmD=Y$fdvYeN#j>x~m`Pr9gxQL`NPB4x%*T zCid~9Zwa16LC+DyZ<+hJ8LZ}W&;Nmq_a<;-I|#wm)j1ZPqAY?Ys5x8 z|M?ZHZr-!GWlqKbOXXk!vRT)EU&0&T#|ucIWwrHKhu@9|xGXYCbdlFwYEjM)=j)Z@@LUTvb(v{?()-m;`I zN2E10^!3pZ?`v<#9&=aIHTagq_C@^gAa-32Cl;nSng`V1mJ5NBP)$8A2XQ>Jwdg;h zwU({Dz)SF9T8(kTviQO>UB6vsEPnLT*Qm2dBNbp|)T)7vj*l9$$-jG4Jg#N~AVzZf z&8_t!{~V)J_stiC8CHqdVRIhG%IuC!ImM|QTSOv4InOn5&zt6cX zaX5oIBkf%+`k2{!YX9-PrqULV4z7PS-i{qudEQeOEwdKN2V9AFnQvwZnQSRWYYjXK z`GJQ3D?eM#pFg!F8G_)tv0Se8bsBa5^Ehs>s7E=44*8*0lN*b9;c2lk5z@|YlUNC^ z##DwJ>NI(b;L^Vx$>|GJR#)+Qtk?EoZJMnbKd_l3vI$xDnNR#W0OkSAlnEik=;ik_ z6l=N>IaM9chd%Gd+qB68bzMm`ae8_NJPUBU@o(X@pz=hl-+n!A2;@*2IRwH%yaNI< zV@vRM%q#H*c<@~dq0s)4$zh>OvUZ*xa594UELJW50cc_x#(UC7e*N_OrS=x2r7b*& z@aJ?>qA*}P0#YmRC9}CHUS(MfT8Gi&mk{i89cX@gjVO%>F?E-RI(%gz5c`PH zjOA&(T;U>O;xq4xE^y~2tf2pLz7CkW1(t0Lh#%HyiQ1%fQ+;mJ=STZT*30I0t9@P! zGQQ$R@8%a&z6Yj2`BLWF2YQKLGf>@T{q6m!-S#dFKCcr|z1e4=n}WSkg`JrokbFMk zkzNwejcYqgYdiAF>JHm`>v|guKx?PH>je?79ZP&y4j+*7bteG_G7rQh;pB$3fVSN} z48S#i`S+J~tZS&=;ew561r9=kglaj6E%u8KgB~d4tRvxvbB)|%Cf2d}=HAH$UYpHM7b&)zxDan*(Gj|L ze7A$(|4pXE*w{!9dWNq<7xzIZJp#8*&abD+YQ)OGFghSvuF);1;>E@7*i|LGxU++Y zr2SCp3YJ-vx0%Z>mlz~P4r$(F`Lj4Mj9jBD20B!y&U7HBGQRR@bxiT-G~*Z@vNKA^ z3xnW89>SAp^$sj%k#=n)bbCraLnA|>+DjIyo8!aTOB8xP(3<@{KF5QJp3xbfg9I>P zki=(^w~2OK!Y+=8_eGFt8EM^KpVMqStfsTKn%S^fHaI}bcTKI$COTnL|BBJ)KR<&I z3gKE&Op5A+y3)mCy)DKP4EH$ZKUiP?8!`FW1}xe$^z#9R8BI+s;8|HKO^a;uCy!9d z#KEq}ThAHfaH}p^f$uLDE5t)ke02gYc0KMz`hWbDx&~x4V=J%3wSh5Mdi7BE>Y;%1 zv8`yP`rC3=3qB7&2`w=X^YJ9#XY<7jD#=B}$c<-Ie0ia%2e?DzO;&u8Lc8u)`}WH< zY$sRXI{0B^9%quKT4ML*Oz_zj%pX5c85vfMj1hcU9CsTQ-lm)iu8HN7O$l;8iNRV~ zXpoRP$3wq_hl3ylW~#ikRN>;B$a3h}&E~dIRK!`09!#sh;@x)CmDSzlD&d<_w{_9J zpK#@M<(*U2)J}~vmXevyaZNqhC>uUn>UIm5X%tMcEL{jmZPwpy${X^f$eO!7li$pL zc!if55l32K&rbf1irluJnO<2%`6JIcwcqas+ug4p){d)MoGL5c`8}6dXt+Fc5j9V8 zJ52T9oz`x2+}y|-H{mYHm?#ypgFTj=f>*zv?c$uD)$RTk_rt0oy-*$*Tv&5v;&024 z%6l1hAH~k*;e6QQ%6xM*vo4J&rmP}h_^`4DcJc?q7{|vS8r@}-RVW+CkRcpwG@3ca zUne@j06R8HAxHkCEQ?-jl=X~$prUxVE=ta*L2wtbb}IGO`@3$oT{AH`GH%_m3U*y& z7|}@tNIphW`C(PlX({aXlIr2YM0W4W%-t-BoK z_UyFr@&(YGM@{7KzhCl~LMhnxD%IsmPbMKZJo!UzUFlVLi%9~Bc@d2F(E5d~pJ66R z1A6~0)|gcwx<;N*aq^jz5Akf98K&lTf|=TKAaJ%M?miSY z;fF=Uu2g7*LT-hA?vg|ZVhX>AKIcqia3#-&)Mw79S0 z5sxP^kE=Yo^q9~5x_L{<9)k7N=%&oAb|(2XjwsvdNkP1_+~etj@c^onBno+=i@WGg zXd?=Fy>>|)<3lqniGpUy%)F3Gt>Aj0I^f1Oh}JK{Qsl>Zi;(inIs}sDziBF>|C90% znOwRv?_t<;92tAX8G8pU=)+0S08pM=U2G^(0j?>{I}^cQ-#lFc`SYjyN#r4zeyJ{f ziCoL1jmZ$*|HJ|aCxf>KyQ7$TUgE~Ysmbfrm=|cMYtj`KmR`qkPuJC#K#|G8@>=`V zpHviOzJ~-^8k2{nvlL6u9&vEWYNHo@*ZRy@@LkL0-IgR;nEB*IT$<-0a#yo7qCr;= z`zU2Hob0C-r^ETm6|40ii^&|RQlX!p2L^5T_2rOl_s!CNM>^7Ppj1gRM1EpEfP=W> zm5%tdePMg8wK0?gHE)l&4rxMaU?Y%`)ox1t9a&|xAgx-No906?09K5T~BRL?k%oDo$7$TYn1HNqdBdm%qQ9 zMuXYSPkq-C=mRQxUg<6PXcSz=;ePq#$;vEFkl1fWrIM877|3IZerM#&CVH`Dj9=?` zKNxM|^qWTpxt!IeVds%7n$pjqnx*XeqdCgqBN<#OpHp_MS+YI1wb9z~t;5ciKzGN2 zNfMJ<2v(aRi>#G;-L1n?$Iov2<(FWzKZ_v^k+4VAi%V72_4=3WawGiaA;DuREF}E0 z=(zpvQ05u6xiKQ-ig~fg>+!*2acn04{9HoKFcOgvhgxeBDe!VQWyOYBaUt8#_`T!q z+oo_@a?W|%o4IiyEX?1ZvS6u~GaLTcaQrR?K%f5A?JhxK9Q8_&Va!QW5n5$cHMzw< zj+fh~FewF<^IRc07J?V?r1M+oh>%cHSrT8xKb0(G%Tq&#Yl$swZRk}lC}!JjHL*px zkLssAKy6$@c*Lh->io2kEC8ea@yx|YrOGWWl}VsJ!{}N1vvgCDpec=nS&f9J3PTK9 z=?IVu@5TxS$%}9Rh`k{YHor`eVMUPR0-0^^7a32FGB89I2MNy`F`6eaa{|%-^^`aC zUxWM(kVDZuvmwFYzzRi8Ras}hPAUoc^xV>qptNwsOQRVPt6EY^;No7d#6bssff(e! zBS{2}?TH2p*lD~&o~d%C?my>U-^86~xWE({cC_Yrb^A&@y&-xav~@Ta50Z-`M|tQQ z`X&-rs_Yyguls<5H=+NkZZW5K%;P5TK+5vlfDASt4VSSSPb=1AZSM!PV)RhW=I{ATnd9Mf-*TU7#kmVe zr3_dIK#uKQ|7DZ}1Pax3Ze1BAKfH8)SC}>Umq!+P#Ha2vg28jxjMD2N&`@Arg{L@- zYxLl=*(RPddyzie>;?+Qlg)Wm3cI`ErQL7QIjrACZVe8&af?xq&bdSk;X_R`It{x! z6f|925CXF#ol!-RUj`L^P*Ew-G&|o~H2C`_&sw0K=HN%M{bZ|Iff?xVbh0qhjAg)I z0Xf-ITILJeFx|AH*dPQ|m~`7V&i~W+{(qPf|35uNx*i?^OU`V|tXa3Yo_;_6_N5Tt zp;a9yBIVcq`J_&cs}g*5jQ}%Vd?||D)4L3?-#fcC>#yMXFyHw#Qh)Ftmrl+T_mCMG z8#iVlVARaFg=rmqpUb6V&=I@Or5n&RKZR-LSIMhcY#ri2a8ZNtaDM@cisaCs%uug; zbX-bgY+`CkVq{8cqLKnR%sMA$#3u`Uj}_+7HProJl1rX%Y*NuG%?+T_60b*spI4Rc z6!JQ$(k!%}8VHfCLj*zEpcmzOt}mj4Kg{85_oBh1ZNi^9W-0$%5pYNgHfo5BnWCNmTBGyg+I{AQWH z{?C2=QlI;zWj+Nrd-8Fzb91swsKm~9PW@?eL;J z>@4>xE4_Y8$_`kLb^eLgk)U9Y#&F`As8)q$BX}cTJXJh|TE<(dxXeB7M_y@UKg*$9 zLVMfx_F$pb{&9hV{*+6HSAEJEfFigbPTD1}spCHB=45v?Nr$;y>^wx{7bMm--OgM( z?2HZ7>18zz@6I`X(=>ltGFyR}2)rGg{7oc;w$yjB3L=pfLbt79Ag`%e|C2nHQbdj$ z9~Za~){J+&bTco37~tBJ;>uV5K2Zaj!>86HG6E+r4;6+FQn$M|zanc0S5^yd6!?ww z{=!sRqSO)Vl!2UMrIl<`^o7hXD(TaM{o#;<59bhZG+~huQD1CT>%fbiEMl|NX`96tuxht$9P-ipjp-E(ssC4ZvRx(HhJdF3+6=s z{i|=T7ugC9dGgBAh^rDdLzP`aW1t?p1H25I^SR>G&u0SLvKfCr)}7U1zZM0aCZ7V> z<==lqU%N5~9N?ldynCzp4toSRx~Egn^$#P*937RCDX7gb{ z+;MOjIewRy&X*k~ro|k!b#}Oo1PGWV)`1iFn6dR9ZKhRk$%TUZP7aAR_lC!#4n9DR zN?6!%IcO+!4koU3`=~Jmu^lFD`x%JnPmkNR5ifRg*9NniXDDWUtPt{X}518)LkAJTZb~gO(=U7 zjh|6NrXBiouy>j7a*xLZpve~!OrNEfgV}18@QX@!P^am41GZ>pT2nLjx!p>eMCP9ex{91jWLd?kPY-(a;ojKwo<~&+P zK||+q!}k8bND(x&{J5us(n!aOafV>~`-NGJ#e+OLC)fP5XTlpGM$m&+!CIX6Pns<7 zcZ?(vg_tNeJ>6ZmQjp|QDOH0DX9$U2@9qM-LP)d)ekKua6A)~TdM;@(xhKaZMn}b^ zfS*Z;QujiXjFmaLt`bs8^h)<5@RnRdgvCQ++1%6+4t{V4oJwM;1>`p0y@+;|9;1?i0?WJvCJ^qFZ66ts`dRidhH}O$ZWsv3P;=+Ilsw0tY5WEnBS$ z2K689_wvhTgL}TX-`LZOtGHbIkH&Z874q`3yk0g!n`5Sr<=>;o3_ybTuck1Nb|K(`T$c!J1 zD%pD?Mc?;fMOwr^U-NgY8g6`qvb?gUys|2}J3Y3_`a1sI;|6eV6?TBHE|RZ!Y% zt*fXBJxX z^emd@-OTgLeXRw8e!858io30ST}vHX#tbV<*DakUgSzj?gBZA*Fc@#G?W8~~UWR~f zES%@1T}$m=$(hmAg7`;QO}6_F5QtAE0)mQ$$~_%tO}6yZpt^*XRMW%^KCMQFQJYg| zy*B!w*Zy+5frg0fbrFo1gwat+O!uA|5n|*IPNaxy)T&tR|6yN4S5#O)=@i!~F)5QX z!^*JJ0j=^fJPyfM37emJEWeSkVst#skQ%jn?uVs1*#jG?JVO)xq$|?XI6ytP_%ma{ z$iVu$!#or-FCGb!4?pMl!Y-qB&q^~aeZtFUvdtjuHGk7=x=b6uUi%4t|%v-?VLRYD5?`C$RGuw%Zr zQc**e%G!MWMv#fs;E;{1&^y$jj?eSKb9q9ES+Qb|A$0dq3jsn2BK|rSs8?RbJ@2@t z>DS?%cE<4HRA~ZJECx$r>^d;$5+Y zBRBjMDtGAsJ#~N<&2qy*-%Fqah7lg8Rx zu4fW*k?VTHFSEIwJXV30Uj^)68z#dbJq=2z>&u6w^=l$l_&gg=$Kx8gvwXT_ab#Nj zU>?gjhYaPX%C; zKBDhA@t%p)*cM5nyVwR1NPmpZxaUKdcU5G65KI(j@Z~s zC?GY1HIgSrX3961C@|sD=QA?u0haNjx`0dLp`g;GcnV{v65Evv0wt1~Y~}(OfYARv zmy!%~Vk#Rddnl`dox>hAXGi9SJLit9EwNkv#MI-cGq~W}ZPGgCPIfj{X&r`X+_lZJ z28GQt6qx_=yx=`KF6u2bm$iSjNvaA<)bGvtIaT}5!JO$wR_kScij=|g03kfwc-y3+ z7uzQEHojts7?0;4`#I~C+(|Y|ea95Xz}B;{5bzyyc_Dbs&x7%VZI=oEpR#S1F9_XL zy@fk=8J`9v?!rAUZsJo+*iM6AKsnnn8FE2r(Tz_$;&Uh2v*b)%cQ;1yst>+Qyy0oW zpKt$EAbPeW#*>L~9oxYy+4mAuDcGNPtb>j^?P{?6y(@r;W~(VLrY>xMImyD8ZAbgZ{sP`Pq;dH2)Pkoy6T)1Iljb<80spuhy- zz@X7g*U%LS+Pu>N&4x*VfX6GD+q^#B_pxBt;sWWVXeaZ$Np_#iiDV-fTt^Fg%2x9`-uF$+H+>WHw1-T3r=)m4>O4+TTL}V zuV-H1q2)W$yz5GnWtxMUNKI-2;R!}*0(5oL78o0wMUOg!99SyaTPNl;UJfcj$HT;L zqMwXZ&LiG?u8Y2`;<7x<9LvDW&MOG%^Rs5Jkz7oE4INPr=W{4cgU03xPz+Z< zdO^;@(YJ~zif_%5;|wKQy-om)_xr0nM=~wo`!*Env*T;+10YT@&$60>n!hRl0JjeW` zI2~bRlo#Qj`(Ey8ZHSfZTTEInvXPl(E2(8wUWq@mpi;5`4uqOpwhUM0@V$Md>UZ$r zKdPz7KZupoMKZ;=8(Z<5>u56pu7_}w&8TKV7Lh@@gUCq^>oNY-Izoi1lXFqWbs)jL1a``aIyJLVR) zi4m>^y~g9(Zm0T&ntSS+7 zGcYUMq>aUOM;pH1ML(HHWnntI(Y{q>aH(-@RhN_CD>N#25?k1xc_}J-z#q$0a9x#> zV+%UiIuxe^*ojm$r<=6;hwVfEqE^ND1NZi412RSIF?8hCb`IG^j!!HoPiExd;m14lAE{z zEQMXPk3QN<`zLQHEfzL#V5>1Kb#@1D~=~o3S z=>Vo4-c5aokk1=ybYu>YPdz$P|8m|k$IZ<*I8FTYS+Uc5v`>Z?RUb&&coj3HL5O6X zc0V$Yv28LtSvsF|FG4MPV4qZ}o3kNHJQ3JxD(XlLhP!_waiRHE;$cnh;cZ&};T~?dey5CQmabq2wRiFGJg4T$FD?xG^;vr0B@2NJZxYc2 z|L*~iINtLp080Ygv9el|P$-CVDE zn#yGbEWv+*3WXXBs?iy#o~2E^81=-R_!zW-Kqd{&b|qJ<+KNJ6h8=M*o;MedsEui_IFXbVf*S1WVdy_#Oy?^`U2Qv|86Ocpd~X^R**d=y~)W?stmdd z?0g1TShYPA{(9@elpNNocWc)B^aUWA0)uf&xh%x*Y?a-2Z^}wP6gxBbo8J)~9qb@< z``6=^RAVr6^T|obH7txlIDR#!3;=DAMvqJ86I=GBs$W5J^TgjeI_Lguj6shWD@H3F z9FJ;QAmok=npObxhRaC9V#Rnq+!UgEP{(3376cYzDPq@b(`4^NMT)yQER# zLQItt^zwa`x*&cL^{;@0R_Pluu(R;^IYJL?ilxJHOdTB@D%kCWT1X%?Mg3vv}pL&4c1BSY?-YR%^qiiKV6{1SZ`ncQ#fRSfX3 zdKMYaNsp3xMG=^NF1;m&eo}4}h(NH>U{pZBg6i-^3 z-l2l<``8#1o36%sl2h}?x}TVn2SQ#UnzKi(*&sUuuNS^ouE;OsrCI6ePP^-3nx;q@ z5vWODbLuZ@^ugXX2H7WY1bpEd*>J6l_8r?#PZJJEu2r%uv7 z>9vg;t!e4C{AUaHrHFw^kU(7~fnv9P+w&tZJ7bhDy-`CC0WkOK*r*QQylF04B{>R0g+^i0-@tLaqkfUJbzSUFb%`q zm4rp3ZV_!!Q@%^qfR-$Bq(d$H(ZQ4kA-n9^7KP4t-m~RzT}+(ZMa6}wEpCE>pD6=_+tGhz4gVSro+GTP@^o>tdvJ_ZxB~@@78H$#hYWwcH%-u=(?vX$Q83 zzS2|_t;oozc)^8oq~S=61oY7v>DcN$v%I5{mli^J-K3u^a~(UZifz_eTMsx@Bj3+}3mZFBr{`r_S zmGALc{|v~GgG5?_3JY@rOMnS($KPA|qrp5>Cih|{!O3wqU65qcnpf98Y9`#=CQ||# zWM-5)cFauMrbhxhEuiNyqP;9kirH;`OL^S+;dc7+h0kfvgB;=w^Nu>Soj<@oaISFj zUHV?*?}iC}H+QPNi~zz0xlOOmT~PB0)BZ^e%UcBj3rsx-gcZi&j?F~L?^3dL#6p`q zMlOlDLa^9Ivcf^VX52?#ff>Y}Ed!^SRPTm2%}B2tqa21Lm=cj03iu(wOEXLCqOVp87!OZIKo?eS3bfT8 z0B}ShV{~2$rNY3xyONcgpX4UO)#c%1|F=9QP9!qV$S6=n*&odk8*o;@oZ|m{<;Ghb zwh_R&_|}T2Fvw!UiO+y!$L|R;A{g6lJpS7+Fe#dP!)Pau9UnIyN7Q`b@A>SU0;paT zJc5K;_sn-Tb&Q)IfA21nOe72IkzYh9E9b|LXTThUaHH)|pHz@_IpS4u{g4Wq zL-+8XKJFb>RPVFB8~%Z$(|R0HD)2C1gzYrw4XV+@n{7~!)f0H?_QE;+icF9j!eL&M-%S6DCvDI z;@c20Nu@zm{Jr93rlYN`i-XX|cWw59@;2Ef;c|W-LJ6lzCN$}lJTQ_Sk0)A4pP>f- z1pDTd5B*k6gYzXQbmc2_@ekLo!=TkEI>Q)dCnq#EU=GtdITe z??9~t@qBx0*DDTdbb6GAGP3eaa21o(|PoKx2i6c-NamIsG?PfZpORwAEs*L+<>3CnMp@cfQ z!@eK~J9~7`UGC!2Gr~lho7=zZcA=rO|2_y+R~~BX{Scl8Cu&wQ^t9NlQ2Kr2Um=-$lZ?r1?uPC1CxOHx26Xij-Y zgOPkbot#Hlb5vCGJ0)eL0#fC^s~4o8n^mg&0&MyJuC%bRH1AHXS~k`G>dHqk59((W z_;2?aLLV)*KIHor;kO&hrip{~Qm1s;5Jn4Fp8!>z*Yvq8o&&;`Ia+K6O1@c$PH6S# zh64}jv#e!!_e*&7&XE9C$!b<*Wlhh#MX`cDG;lpOyPO&WC`5OeEBy>mO(5FZ z(c^WlYj#40oG^bmJSG&-kNKrM=BC^OLa6{Srh7|4 zfSLAml`2=hC)EAS%*FoL;aS?IU<)mTrWu|u46sAQBqW|N&vqrLWUg93cE4<)={FMJ z_LkY?VXBBNP)i#J)D)`|l6eta6$KYc-=1_naVwM|J)IWpuyzf=HyWYzac;~U4_ zM{fPnKcZLHB_i(u#2+JAHkZ#Ij*s}p&^sAtp7uffFMfY&?GoUp0zx6!M2v7g*M|CG z0sVtZk%MM?Ru#NEE7;X?OIovtGb%#$<62eZYQR{^3fU8^{GY#+m&VT8JH2zvH)%U9 zpw}!Wi(`K-JT@DpF*sqM<^hzdvrK}$6A(%~+#1aM(z~Dm^j-PJ2@ zVP(bpL<0o(8!SR4-e<@L9uVnv{?*j<$WddD40o_q$*sc@Jy4^8?L=yOFq0*5*_Cf6XCes&u^U+X?^FI+R-?&jX(wfL zM!3>sV+IV8HQHz?`rwHJb;?~#xQ@3krAiS3=TVy+ncwy{hNc#I+_p9q7fYXS4~~C( z+JwA#^PmaqWAN0s=@NuTe1GnIAmyAN9`TcMtZRUDYYlK?q(EV_V+>229xntuLQ3<5 zL)Gg3Rae!KLOH7(MVs|v9Vz(|8gYHqp|Sqdczx)9RSg^@isaTs6|}$JtoohZGLKq! z{Uai%Ip9n`gm6o+qg|8GtE-c1vlx{}{x}9gEL($c=@EpPpg+Erf4}*)Ew@5?$Xg*( z%Eb4h@#PVMLQPg$m!Onq;?s9LP4E>!Fz2a)e%hkB^;?UVxrrT}IW_SoNcm zu`yHh$OoO!l9HU#R32P{wyo&Me56XM&;JhdX@Q|KAWXqadi=okRI7b~dn>RNm;((3_gvWfST5?l0VTyB!NeQXq) z{$~vYa=#Aq+<|+OyM@a&J^>OY-yYM9g-mfYjQGhy4f|IDV!pYSTs5(AN%fj&=Xd}m z-8ld5j`7{so*haeHeHic0ed|5Q;0hsAu#2Ny1IhkQSFGk4UT-Ob^QbpI&xdL%)%`58^zXjH{2*bRU0^Z;xoU=9PknyK>B z!6(PZb#9y1AHP;hv_!@a>g002@Wzh%Nl6|4`(jJzq$&Tir6q$VUi!j_`v>}0L_`gS zJuCft#p3jved9DckWlsR4huf6gM(=xW&MhNwmNoEgdKvL)QHRY#3()87_i9b(YV^> z=eIz6!-shwFjHaP5Ky1H=p@Ad7ygaXi3&8P<>AJn;82mM0R!OpIL*hB0JkSp^6u1+ zWY-yg1K(=Ce!QnA=;_5Yemq9<4-9y>hZlg?<_4$-rKC@6gKgR8=~JMWee)$myby%K z-RjQbbAVHKpoWvjv(tpe0MasGSC5&<=H)hTuTIU5RC$FrU(~)QSn2}|0pR;3bX(l0 zS9FmqcFPS~$hfV41GNA^--!9Cjb9QY{H7K#`iFDU8=MauwyigpX3ARZ^`3Bzn{W|I z0LJoilA_(Gti?TU3CNQG6@caC*5z+og9z!raI;Kv=;-OobQ;X+FbXN_!(IqnLL}WPugDZur2DW4!KIs#Is@qWM0HhaOTwK5( zKoEEO{q%qSt#he!SHVbb{mXowJ_R1|@_}JuVg!7%a|vjIG%JiX#2rw*2qO-05w4TALaHq)$ literal 83733 zcmbq)WmgCM@-`*HxYHed>Oy^)|Z)|MsU}ocZ_O62u1R@4WhzS00O+U^s z)%zhj2Q{@`(5X!`nqqImnFMFgiGO_mQ82cI*jd-zlMs&*yC*E6gjMht!-uxuA3}&E zylL$VtEX*OUX2jLbKj5{fyNHBW=m@>2N#!D2b0nCcOQj({QtMMu>GAHVDSI9T;8W| z+S~rO9RI(5>zT2cU^T2)t3O-zJd`#O7UmU%K)UGJkx24vtWnSBQ1`RAEw;t;6&HHp z|Mzva%UXKD=}O4{^q4r_4>v9(6CW-HUW^dm2W_nwd=j3*j=yky9L3h2d3HMs@7=U! z`oGs+Fs@*imZquWd9?CGm~ya%BLE=_s5&Ch!k%SpnQ3+zN_B_7lR3zUaEZTl_}@1@ zyK`4;RcN)*^Et&-vd56Q;RZP+EyIG;s&PU@JcA<_8qG_m4i4$1IRCd^c?qyMczJo- zU3Br!g6fvu0)-At>K9s;5K;eIQQo3ryG2FVxy z_#zgS&f|7jtW>x=mc@XHh=7Ve-(aH~D;}Va8?}WyYn7tNjZCn(`n=@7;N0o#n3D0| zm(K0jFzadg*V7aF$DGVVgn(crZk#;ury(GMcI3&ZEWHl37X!O^^xwk6!&`V`M&5Gd zmWZ1^x&f|)5>p7gva(`_9}M~B<|aXg?njJ{fk6^rP_33NF90@XP7xu60qNm>k0Xj#IcKma&ig9Z22nx z(Bx#?6zN%Kwg3pt0GK3qLQPY1X?i+u?#PLofTkKaj?x+U|E(y z?)=6wR&4G5r-Rb>H+5{(b-@({%zRC2@eCbbv86hm?>pWFM;`LK_WYES(L7&aw$c+f z#RNhyT=ae5!-8R-9JyPo_e#vS2-HmrM%fKKcksyKGBWw*sTsfNfkjIzEhlGVW@d)* z zDaR#&Y+m5MRBf0Pi+?;jI}lohkCgqce`$CL*PK8E!eL`$qEwY(7TB)|Gg>-2UhmiE z0-3a9=Wh~mv9YmCOiT(23b4L^tkkBqIue28)|M#5Ov)*~=3O#EdBq7Lfqdn! z?`tcyXsOMPD7An8oGWmO9`*VzScG&{>tdz8HaU-riOuA7$(k?e`8dBZn^=%q5+?OE zP=~J_P1bGLx`B}2t+CA%i@89F+vk2gmIsKFZLQIV06;o(&e(esG<7@QZ^LuN*Jf&FE z>K|IHb6e>#uZ7BG)|;OUvPpG#JKnM^`m87J7VOW9ARlqzDJ=e&wW!<6T%vWq89=jOnc!QA_>)Sv}myl3kt|7C~C8`0r0Z6KJAOd zD=jGj`{~VaaC4^;hghSn?yj#lIvi+iV+ygS1u|d?o|`6xZE*HfvGtCIy=ThnSY6~(aNrYj?oO0EyoYonBZJ^<^HC}vI2BGoI5CmcgOaI& z8UV4B7g$V3Sy@@(062s~`Jaw!fo=5Q%OVEHk+tMMl0coz&)TKP&?CRISk5!17MwV{ zOGrqVnCzyq{XBMdS5s3nFfg#Rq;1(AMzp=t813w|D;%fl4TLBa^U|7N;3am^_byn? z{?e{%Ddb4Q40E!BbWi_CG|k|9olK{~4I&9(M6RztBnhCdLx^S|1`8D{ehHW#MeMFx zq7HW069iXN|71_At*IGJ=ZcSy2clj?M5I!utuKn;=-^<$d6P`SKI1aueL&0#{d-W1 zI2mFfDG7;h4rP!&y>|2OjEpwpA?(7bgOiht>8BoM?5dR5~EQ7b)LbqR%F z+)uaX^(gHwlKj2RwV0yHDk_AWw!{n!KuO=<-}iloFq+CHMTuE2gX4e^%^P%k3PiT0 zk9adB};NqZNUvp#VS0Be>~Mycopukm;cj?Oyh zQr||mQygBNVXquU>7TqN#$yfNliIbE#Xz7JeD8uhn9fd02Bq|4tGP^NX|-EzUsXG_ zRxSj9!;*MXH~%G4kTEcm@p?4qzR#7Np>vXgho>-BJ|VV40tOr)W?m;)p; z#VUh`9JB?ECIZO7^TQPYUU$n5V;FKgKpAapeRJW$4Z3*nQ1SeV9tw~I4UNy;jM(8{ zIXGPIPFH|B%^3xh188rrsHkWi-HZJx0|IpA!*Nxv;b2)4Lo09A7>*-nRK`=?QkiTa z1_?aWj!*aB77_@=UK&U&;YUnIo-0n;%Q(E_xOl=Iq;HFl0}g}}B%PTp05K=w^M0Pu`_Fl5BN zyu4&)W=^D47gG4GQI3j+79A0R{NaPXl9LX>(Z9~l3B&b7LKu+GjVQfVW0ljz zP;hWzetz54=r{YO^s&9G({{4o_#Cmf0~}=Np}+~Ocls~%q?DJJ2L=XG$fm2cdvJ9# z;sybfDKIFgM*Yvib-Yi!K5A5Emv(vM@v)t!=gVluH#7q7?bA~}qyCtMTGJsTW?3^X z>-Sb%r3>DY`HBn-l|a7L5HboC)zs9qwm#2S8y?M;vwV&OfvVMpu`A9mE+#DMs1r&& z?GMt0&!bqM zw$~f;tCYqGf;_FQt%2HXx$U8uvYnWicz9@$A)6E*4`gIFyhUiQLAgrljKvGEo}cGa zgVH&MJMGc{LG-|b{&H4Ru;Mo{9;Sb;8})Afe4@Fz88{kcW##<*{E;+{XcV5^N8+fZ zbW~$pH9#CxRx-3OPpZ@n7*tQs%qXj>67hSr78LXuF#~J}0$w!YBqsjfiJazao&J&I zdlJIH$H<7W|MsIw5UlX~Xnd96)WBn~8*N3ch;ivF7A9tyW&>(>)zfJU11YKBij4ad z%I^BUvzlt7mCk39o>8eI$L7Ps!@)txHXSsOt%Cy+7<_(rhlY$iZBeIMiQ?k&jg#{i zF#%RXef@35n-}9v%G{1*gZ1#c-d)c;%94r#`=OF7{+E5>e8menhAzg4sRJI@^Yti# zZyp{VMF4(dlT;)WjsT$6ytu+>seMx3qlc>fSzoGi$cc zP&ogdhnb5?f4V=`qOSRBm0hTR$3BDG$>Qbl27tk>zR36iBUoP_ygUb6EgTj91!7u| zPp?67Sy`*=#b&-#QfgY7dFt)OMQC_E9k~w zn;u8A7(y~VJ`QM>n5-;aRaFEMWH2}c*qpGiNi$ZhRG^|AUGihyt@%TMxCgMf&^eDfasFb&6a|=B;nV=5G*ED4Wn~2geY-c#&(Fny-(_W0C^45$zeKg9&?{v|-pNd%26yk+ zGa)N!YNlmmWW>iCHY{~_cR$@6;b35NCs1uSA{{998dqzSb7xquG&?!Bc=knnf`Nf~ z>t{07UaI>!hmD2B`+C2nQC>fExC@v*%OF;n+I9w+DFBmAN7Je3=n^FJi;IgrpKg_@ z6VkVa?2^V&!jM1$;7^f#larIc_O`UN$fdE%Z(2%*TBJ>~HsaZNf4c^-94Ht_hEH5cRL__P?%XEi@g`MA7J!Oya-`X92 z2^%t~T>!$c9ylv4Egpy6VSrKAM|=V{_+T<0NS$~JIe`6Zsq+HmOET>mkO73ezy4-t zlW=jl0rdqCy;{jwVrc8m3RR_>td%a*Iu;f%)kZm&G)t^-Mi4 zn55prw#D0ixlJpS=aA$=47e$iTCR*yV6U&Q9cvfT6BF4T_vQJr#++dBUFaKPH)|M? zfsc`tl2WbIp+gS^ij?Vaa%_4!Ep~Xz(%&W60EiH>Fw0HdSDbKrJiMbrM<@42T!-!tvksBG6CLuPX{qtAh zKEy!gV|GeMPo*lr$O-?-!otGKt4*IIm%`k;ww5)e9rZ1INx_Z)6?!;R3TWm6xvbHx z3xK*r5%KfscLl(_gI~@tr#DNrE-KZz7*f4)!h+$8YyaT&>V?QB5km&JT~Yd+qcb*5 zrTVx*Ik-5YEn0uW4K$Ev{uIG(1pj18YRtgo1K_HdVy5eGU0HlFze7rt5E@(StuMOA3 z?K7Hwt3OVY!f}A+2a3WqA>9Ya|NAn~vh(4;eC(dLq%R#&P%>Ri)G@L{B$rFUSSsa^ zxNKhfoAypr0p6d4g2HqtkyLxe_ToU(@9S*R3Q8|D5e zlAxc1$1yYqC*CuH4>Zfa8jt*R!HjOU89e{X#M`&<9;8-28x$18_H%ZflMhG~z&BpO zwzGYfvql2cFThq9H2#_a@HR0qF-KUWh?zfkG?vNRVzpHN@yquJf^Uh?Bd!$$kWWEz z4pI}p$J0fRyC1rN2blq1fcG1dlWPZyfAlDkcjTA1B&NAnB~#fB7(-6(&>_(|wp6b* z_4OW)%%={3x*pt&H3G=3E9h|wW<(hTv7Mf?vmcNUNI$aiS z+HwLIF*!9Qm&wCrJouZCC0j(H;>)LR^;VB37ZTN-Fcy3gf2mRyHpd$@=H_fV#$Ywqebo$>{b`iWKGiEHQ zmdCNABy!o1kGSxQRA0OQGzY2R^gg>qXo;+Qa}}I?2Z3(svBSGf9Ez3WMp@&x&ICaJ z5>P|j)b`z+AjqG zeyW+-{9kh=Vd3sF^;$pyp6>sl4znlVsk-TZy@{5Syq@T1#22zv*G{KDj3(GyeKTkg zqK5^|aHRfSwZ76Nn)}AL{=<2}H2khiokxtc-7CjDZRKGj=^NW=4MhPe=6NO7y%p?kt zsiya!klsxnA0H^8ds%Zcz&vI=_`G+AQ$9!T%0{3FA}c8-*BV~gFz~L<%}Jqx%;Ggc zAfbK}mrK|COHr0y(#)A%t>)eNRvYK?w~f$b+pIfX0*du3$m0}60EE=hZRf7iCP&3z znRc5A*#NhoO*IrE022I12o`}|<+v)mx4;ApMg3r7Z=JjhCXd1?r|lmDT|{?oMR|9~ zQ8f$Nq1CTv&ueCU(c^e!NbM^xFN4BYI(QW5I+@R=xB#;2WTwsXa{*GNt@9Gtdw$K< zyEHd6r1v~vhBa7{bw`CXXXD}(GU2Bnb;~G|wv=|u+bri?8ahk&Xe-XgqqGx>wk5Yw z?@ZYBoj1YxQy*sn=O^fW$105Kq)%rD&-_qQ$74^2&Km>8Dt9p?-1VIjETh`R!1LSl zoxhy>#C{UFPLVDiiz<*pLe5&Zts5fkP-y5vCh7ppZFCLN}NyhcPbOmr~Qj2 zv$c_H`a$}KvRU^m#_Gx5JjmRPnSe(H6YEfPLhq(v3LzRt;;UcwOIIZMQ!a)gWvcq? z(?xtr5}b$qbJ4x8rw|ON&gs#GZ((xY5*cZdhsB{vi+*wjFR_AG<%b3u$$lCptAnC9 zxU=G&o7ZaCAvZL8s}~i=llv)7i#naxSWl!1Ua0@e2ck$J>W?7M59`Ux!`%ctS>#hZ zco489e4hj5|6R#TD8<9dnIt-?h4eD+SHwO3qWS=P=a__gf>ZCYa-pPd+?({-MD}oK z?;|S3&6SOq2&qor1!=L``bqI0%03ep&)V&Ofs@=EP4@@t!b0zOwCI0zM>#y9>i#ir z_LkiLi=gxYzhco=b2$gbg!7)qnIv1Y`3{KP1( z57Kb=Z52CS?GEP;fEG?)^dZ|XGvuE2&Mnan8{VIFEkdx%S?TO*<#FjlrE2Y`0TY&Y zv;A2qOd>~HCNA=L^`@ua6n(bti%2HWBBG#7$MY$ZY-wZ3w6`&!J1!;oUq3M$MmhW; zhz~{`M&2!3lR1GzZI6#Fyk*Eq0>pr}aJ!jNO`_9O(a_-j4`Zwjw!rcz9Mlu0{a#Zq}+uGqAwXV@l&odz;OhAnEiy zg}lnW^_e+aE~M4!i|yK^$ulp4Dc_U+ zS-ocycG}ia{=pL}&S>(q&Gh&_8um#)pYDlmBWfn4Y{-rKwJ)F8*l$`*moBrKjt1Mb z2}^H_$8`iKS(%#m=6Wb;%SzL)s{`z|x}1WYDWY4}1DPp`+g{se{w(Y2g$x4Z_z>53 zibA!QC1#&V0tQP{*-u7wI(Quh7Pr!zjpT4M`k#*A4FVwD#Hspbsr70E3lGY#UKaV% ze_eY!7k|AQ`4e`SxYLmZMw@kYAAIpt&h|Y8`79%`dBE7rZohsHf0^oak05`Vtb-<& z^Rj#Wc>c1bbc;W%+se~z;9$L$)v~|$BK#D{%SgU4$1i)z<(S!AVB>vZjgxwKX-Vl~bI$iHBv--BD zhuNH(ASltNaSp2eojY%aa3x zY%4@CR!$c0$C{be^_5rfR-(6)D6GA$g-_gCjRRCAEXVrhq!||vPmG2Gxsb1PmnLvi1Qrk77RZu3&wLD2qzk)JC57n)B|4T^qt3 zO0IdqA2k>5mgSASIcq+ax0{O>cZ4Zc|Emf3S@QXj961oz%T*wnp4N9hjnh={rRvUz1r2Xm{7i#F@G2h zWiubB?-v|G!Zr7?&Z{;ISRsF&RyIi@IXBm;f~vptJpG1)_n1x6^A>+S>s=d0P9Hrr zcc&4akcn`84RO2wH1IF*I2lljvKR*SM&RNOFb>~(x_wRhY!*ZUgQ}JKr?6>do%9&Z`YSe-QKwF?`99 z#!*^?XFRNKdi<{a1jG+W=hlbiB45ugh<}OGBfqmzuh^6FOg)f;ADFysc=?0$<>xG0 z6T=?jq2Ik8uWtK`=0ie4G8?uJ058((`5xfG^lDY>4|`d6x3{NmR@;rW`|!O^+!-Cu zmqRfm!itKD)}jZz+4B2)dmMI~J%A3e1Oz$YP1c%@0ZqkrD{srk#6AbpXpiefN|>z1 z`dC8hgC&ND#E=Ji9Bq{a*1JgMcS=I@bz(t+d*K$j-E9FLe)<9i>Fg{Guq4xE4Lza{ zmu_$Yw$tNgh2dR{!`gJls>*?|I<>2Q5L<=opI5I%vvt%)LfZbZ1?rxy5#l}ZLjfLy zBuQbEVeQV3MfL9<>v19sDob@u(C|m&^Hg*w!tk@&VBeK+9M>E}4mm zjY%bZ3)go`C(~Zeg$kqxR7`$nlhq{b1}B?Q8o7c{I5J;DINx|ORFdCAqRhoUVw>np zSvjBJvnRv)^3=RzeGo{*LuT0PlJQa_Ah305BE-bzsUHztPf&t@xCE-8C@G=fx`vIh zL-@jmtv)axFqlv3l`p%N(?E82iF5uTKtQqVttHE*)Q0uaEpHYYIrhbs%R9Ts_q|UDaD8YvCjdggfd9;#+Qx_TPEWe%HlIajsAtiw;$fV=To04*>4a5$A}dMA zNx|sye%Ls2Luv=)t+xFby(oD+%4b$_T5Ru&UK}~zo9UBfG}~nq$2!1L%!rNM0NkrC z&4$zO=%HksoUXHF>N`6-LrDyPuT^U@qF8Fv(l6bzQvYkGA^t2pR^oo{1PKhQ+9HvM z4kIK$xvdYG<@mIs42%{9{F{?1{>j)UN*W|MQ}-(X1Q$bgo~RNYo#dCDQp>f&>W>Sr z@7<=L6n@Z=W$kIQ8`Jp$ME2^lYkYW4MGrR2xV1u)jK6vomiC8P`=+An+&~FC4ZnZH z0YWebr{us%Aa`G%VvUzI?0=42{rvSGgDwJ8Pp!)I>>e~*2(?27{bL+Hhl$OiU#-2f z^&L4qBp~|NzUG{DYf?*2wX<2E!h&ZHK<##HK$;NpYcrx(euVauscdx}>IteOF_{|= ztbmU`MBtBNh(sI!Lye_*;Oroi+%zHD1n@9+%amxXaJ(=@7#wV-yuhfpr-#`e1W;9R zuk;kFpx%q3-x(2>Ztl;O8j7b3xq3^@2g@JHcW6ijtn6vG_|*67;Z{r^R}DVC@iVOA z5uG5AOykj-)V_mO<#C?$cPgNa6ab8HExF<1yg*f4LUo@gfLN^*`C{s1t-rWfIML)u^|B>q-M4>?Wt|{ttg%Iw%uUW2o z1`qfR&EJJZLXs+zYI2$%v~-Mx;}4o!`YciBQqsdPQj%^7=U;;?v&498I2Xx92<4GlW}a_;n0OtN)d3geFO92etlZCaagJS(X= z0=!v%KeBW7clSI70+Ri5rKlYB$)8hY_$#@&%e))28c0b+u8xA@$!l}}h;zIhtq8#^ zFmSnEomytcV1h$zfXm}lRMT2K-)zA{hW}Y=-{m`MIJ8A|)rG?jNMqT7D2csg@n2whCoEH0`OdmOEe5~f5Q1Y~q zStpkh4Obo=Y3X4lIo>*pnG#^=X`FQhun?B>*U#GSbdpwv%~-vjFQ6QZ&?g&q6k)I^ zY3%o032|{V3ya5{BwgH~4~U4(2k}xIwt~Uk?f0c`YOGm6LNfJ?a&x>g9NoJ%b!tH&h2>1ybn-2dB|Dpr9mxU@K~JEzU`~c zRhG2#Qn31w>=M%P4faoCna&n{c;q#SEj~zKVmNeIN+r!opO_IrTJKK~nou~byp0{oSKv^#4x`E(UET8JQ?g=SkJgfH=#}PnRGYqe* zSinO6JgfA=kK7G7oq&0*TA}p;1V%mt z@h|(!UEQZEU4pOJ7Zqu{<0dYjBkJq_e2x3Jtw<6r#+mVZ!ZJw`?x?}^@u~6seetJ& z#4^4~fOcKp!trHUPH57qAOz_nrpS|GCl5O#2cv%^0_oLr<9?R-3Y$A%!n#BP=Rr8I zw*e9eOSwqDitk{caXsZ#7@qm4M}*%^ zw%NfII3i?O&rJ+MuNEkV2!hN~%_lXFohhOWtr4rm`wbx$z>Ts~fCNZ4Tc|`JLh%c$ z7Jr$Lh2sJwsdlfxr6UWI7TM-O#I_uPYLvuF6=Ru2KSCJ6BiLf46OszZ(Jl`?6T^x0`tE2JePJ^`}@R)k6e6Ic7Bz4_+9fNB7=L;$j8t&6$; znGx9mnBh4~qD^prx(^f$!9qmt?uywkPX4zAB(KAMDks`foFtY)xQ$$NTxwJYMd-1NpqAu{9mRvaEB+tUm~*^C)(xJ|tF_Uqc)0j~UhkAbz$E??&g3nv zIRzGzdFYnuuuzsj_k5nBTkIJ#>O3Sy>P(GOySVaz5|g8^E6e|^CJ5* zBVAJ{|EZDCp{T7!9D8t9*02+)is0jP>7IbPU{FJh|mq^SHWz5=BQvof>gy z=;*u-rrF$PF-qiL__>VQhp(8>jE?4{9qn~IRh<8F^C(l9q8a16UeGiY?K*;ca>Ncu zr(fL2BMu-Xaf8w+kp$4HP)O*tYO)uGL2}IDK|Z<;Yga3w6UQE&8z~I!&)HBp+FGFH z?fLd{mz|xRzHjgNsi9S=fb#I4?>k^T4tOu)cq?6YZb$i!tn2cjb@mij0DVQedsT^J z>4Cz{iui(ciw);n%W|U1?^_z(aeMRD7Rd4P__pgu=6eC|Gh$u+t-1DU#+q7~`KzR? zjP}bH|8Sk%{m<4-n;NunGrh|n?C`7nyE)TcmA^X!Ip*XIe;yOi-YBWdy*Foc*WL`$x(^KAhw6_%kgmj6 zRxUQu42izT;0!bF3rVa1{w`-a$Ln~yZ1cIn%9@v7*$Ys=Y@4j3K=T9@fSxG*$?Cj& zRVmO6`f`#P@*z^BR0H#63PMdxX@BxF7KV3#E$`J<;M_rxG z7t_W5P*hfOx2l9C`Jt&HQ3!jwG`GzOK@m(IBUah=Q~`$Nph= zMg4QL*3-SL&NjRr?hn^$zHc2RGAxYvYGtE<)N9hhbdQ)4wOLLuZumBW4c+Bk;D2?_ z)0i7fJf|+adL$;js(bN?%QHCE$N+u`6T@r4A(^RiDF*Y#)T9RwZD0}fQx zoqC+k$MeBNUiZ=V3j$y_kItE5zf&;%nNan&ij@u~FdG|t>550yXx&GWZQDjK4JXI# zaopG#ON;7cT6TPcrob7m)xje9vzozz&6>w#TOw~=4siCA#GY1BNjXRVSHIr@0({Yw zt!jHm<-er@L7>`R1&xXQ9J7{gt~4cuH6z5ylH9IV;((Dynm(*w&?ou`$W7t^SqdlS(qX+S(Lne27BdhKppx}*YiHap6x*_*nYo7x zt9#Qm<)_AtXe%vIk#7Hf(<-bTL^f$D)JVk5?ftNScGNe@{rmS!>F>BrsT;cT!~iq? z$Y4KDYhz`Z_r2UM39L-thqgAHgG+Oo-;>Da|2#;-Ja%l7HC2{p&A{C%ypWH9<1>)o z2Aox$609XAa(%gI&04@j?;Yi}rF0(JlCnrz;Ct7Ye+|96nL>)m$M@(>*W@Ah1EIi4x}KD2rfsnv?`3JA46q$Y()dvN$ueW7#RuiETHfsiJ$7Hs2lM zMe@KBeIvC#%k~rND_qANW++pj5~U8r6au_2Uf|v%TeQfrJYKt3RkNh=*l7C{edFh_-TK=G zT21##0Ou5!_pyEw^Pxm<^mxWn}>`;mN0>g)v|^Kd-q zqwljkJ2<$P@%(K&Ia>Gu!;k8NFLNj{*Q)nf_Ejg$Dd(Gpg9b#1gG-g;hz;^~K+~O?ni_bxXaPl6H{e<(@|(&F_d~I%TZ8F| zTu`=o2_4FmQ?@yI;h*nYBuSF@|6!4i#_IJ`v;!vd26XL|p33I=vMrbxKFibH%Ea2( zl5FJ5Ktm?cmw50Xbs9PUgG23V9B!$0)9dy$f)W$B;dI~=FD-mG6FgHTKQA+L&yk|> z)|5>-Auk#Ciy2Ai)>#{m3fU$RpZeeRmX#Ox;6Yjx}*VpwRy*%;drK91y} ziY4bmx1Shrx_#tVEH;&V8QPh+r7vzX)d%s4Okj?a(a-6h6BBfs_T*phh~#drR8(dT zv)oN(7XN{B2UHYi8xPZ<)7Ej1f4keqnOUREjE9=ll^aG&#$& z{ct3jJ)aEzv$RT5eCFG$D@oR~@kp%prw5|8i+?_=oz3uD09*aK6M3QFB_~VNvllOB zAla^ydhxu~9YLPfJ|oEj$Otx`o}+~nfMT>gcLqgli3&gZReDM2-kkweaac2Dtf($FV^qO+`FW9BE^;VvLhpY67`DplDsLH z#P`j=>06NgV995o?O~aR71S9ca5pZ1=J&5|)fx-~2uF~>9~GI2h>l8&+utyNK2|xn zcEhniHc1;2MLQy@K8Jd~7v&BOaH($9SL-L; zwAQ=vz+NJ`CixtH-19r-f&4D0j@Cqni}+gJKd(0bk3zw6*mrUt;6dpC7X9@O$ZCiq zyPzN>Fk@U;y*D#l%hU5F;vkHMoPPlL2X#3D2=09&!hQ1wCw89l9?mS{`#cd^$cGcj zKu#)^kS)e7S36^wp@U=l+<~A)EXyuC+)pJJH!72?TRT)Xmh5{tGt(St^~VD%E_pFI z$$i*U0}e@DemusC`fJ;I`C2`U5uHZv$N4+&eg)skpoT@?b~A~8`C}hH&HguMRCGzA zInS@_L;@IVUv6?pqE#nN8v54J;OC!vwTuo7ktF>7J%4fwjB=$tl^dHiXV-rxO;XjS zwX!ZkiU_&BoHF2)ox09PdVe#c%qQ4sP%T1+R|*3A_L=^WVR7)VBanJu=*u!rj1pq4=`j=UqJAA0j|wM zipr(Ua)Xm!7_c+l!BXBwh2cvKTT+aFu7f`MdnJL|1Bb)X^iHUdQ% zqEhr01i*pMAM(aUziG2-f?{7V#nDYUUh6$s=XLq5!*b9vX&*MBZQYN-2<9tweAa7p zWBc-#MJL5IGu|1psh*s$e4)Udo!{O5h#{lLx^e@W7vM{mx0hfFS6KJ!gMWU^za5^<7=>x1#x9M>y7afQJzP{j%(6JunPR)M#~h zz5J$95+R)!X{#AJSZ+2r7$X|_=FXX0w%-*^)UK&vyK3HWwsQW|_m%&Mn!27|_j2m_ zZY+y;N^9->>28hNa@KE{WeA&ozQ$5wBws2miD9A6IicHRh}+p{q(N76B=KsG+56?v zp|CruVmsQAivTa_`LA*B{o?tX?w3O)<=S7t*mu7WfPy_) z#PN~y_FvIG;4yKW45l)23sSC&2K=h~o2rE2KM5~dKn`z$Pxp5oAFS2h43zYfp~&#- zly6S!FL&2ncE|$f4L|oFLcTs8dOx0bSJaOhvfOPg<9y`)s*A6yb>yuBTpgHPu-}d` zV}F2`$z|cf0{lO2pxjEyMYvi#{&@*z_%Zz#{J_Hzm`q%C4v|su!V+b|6t!7&I*p8G zhc{ngaTqjD%{DJ+Eomx{C0frtWMmm2zx%G*l?gO`qoQx!pJQPR#d^5Ye-9it_T3>u ztE-67!e>6M7k*}9G_bYUKPa=;Zi6B2k#(2HbXe~Xq;t1FZJ{`wDLhT#p?_EpH3-Z3 z2n$RTugEN>c$%GT<($bfA|oLor7;=y0RdMub6agXkD@>Cl3JE+2m@X+RqP*JnmAbQy3#Kzconc!$ir%xrj=vYDQ;sXpm zAy^)-$CLicwdgHQXZp&xF$zm(9C&@{yathB7X@jd>z&Wu;OxRxtps!;+h@xIPxIZ0@=ke$)vETgF?w@@L``><$$KB-$z;**r$2aRdO6$-5tXS@ef=bcr0e<1NG)d1 z;mjM-#QXnd0m?F;9&Jc`GoPX`r8CAU#&sh*qtXDEbB1~#b)>LEJ@s_!t8UXqUSZ3y zrJd29D%;TrYGJsbs+Cl;y+KR|bQ(cX$IHfZalI()a2M!(E-1nOwL0x$EV{9KIx}4= zvCw2Cyz~r40)~2en-|>z*)Ev8wACZ_qu`+z_xG;g4dCgkHNb>gsw!fKW(GOH&n1$*dUJwBPj_JDW4!Q=B&z(aZJ$|5&hYwr-IQK zYD^$lW^YX|^^M)+4Ow!&? z6anw!=i)8OBpT1NApI9%?vzR*A!103m@F2;eeqvDYx`nK=4l%7BUwnYB7GF%-Q|^C zH`B28*HGk(sK{%Hs4G(l;^kd3D|?f-qK6F;Pdc4BYEkBC>f=hRD`e{kKLrQFyPj~WKi76taD zus`n;1p-v`0Uho%JFzd|3GSiv=?*m(`~c@0jgSAbo($LH!}kH^l$t6?FhOX!(uFZg ztUtfY979Pd-k)cB^0iHPhdJ9PS`IgX)7prkNqW2B{wgvr4NdXRIn!pdN}H(_u8j~HG?N@4+o2{%v|e|Tci8B-(eFjm#WA) zqPu9mGx^he-;~&#<3|POMhXap4$jNGcz#{_+?TV*kd$ms>fcv5?M@nrBu<^IY}D%s zo3jz3pP>#O4I;Wt9tXd~A2fyITd#Fgc+<-WoIjDq0_IL}x$Gc~KzN66JUKqsH-`!%!$XSPyePL$fh=js10;%~l~F zh;mz=!}3b$9S*Tz2%=P4$V#6x1BGmyvohpKI)#>Koo)a$T-PKnDQ73HP^V$Sn*;$Jy=5m$`@mFwOm*$PV(ubk7P;U zTg6Ejuc2Wk?5uqu!&KKoAg=|1$Pc>LKd7KF`w_2x4i7CU?Ju*sG+1T_ti?Wq7d3Od z@|X$z6ia<<5$ly5kW5sHfi+2iB#9h1_@l@vx$zu#ZjUwYcMvie5(FN)s-==H3g0>z z<3xbEYPFoTN1ZG(A*$E@;d7W;k5oH~!~Kg`Xsl>SZUMO_{fA&cD2 z4uMg>6=M9$^jou&U6y)nnI8p;hH(ahiuZUdcqg*RGLOTHUNSOndKkXu1~Ufv3+ji> zxvY}-p^FL}tO1Rynf!|BY)&iu;CB>mchK~-(QDO6j2e!wtRm3IXT^> zwCe{?3X|Vj(xoVe9!V}5ja60cO@1z$N%hGwrEFi=or4R`1UlEgYl#I&!lPdkTU8kn zx7KDBFl0!JBN?Uthw$JK>J8@s%;v^1bZG#<79xApKM>IA9e&6BAm z1TaOSw{N)$BwzYUKy&0 zW|rcwIJomQde=B>8rP4x5)aF#?~jD3kniRzB-<%b-;IO6?0e<}+^whps#KFa%$V6F(J?#tV!q ze<&{%#NJzk;}Ny%Wqz^gLWh}ZH#E9HVDR^}X3tRNRFnJZATIQhMW~G=U*u?gbLIQS zTs_oA*FDtbw#{r<5K!d$$o+C$-@*Lrk4Z=|azw=m*sKbdSNWnOt&UdZ#5my9r>~YP zh>Jd{G#`)Ka^({i2Hz9~5P_HUSp`*vQwMuR)uv!&Qxv zwXM?{1XA;$y$3uEw>_9HPyJ!fbecc@X?kw6h$(xI+HQKv%nXw6QxMtD@fV!TZoi^eOCb zk!h>9YZIJx+l$xyNvgC7=bu$dzxi`Ht49q%LSnHzoSW(Jl4?i+xmBVlOGv1=}lC}@7w=qp}wR*iwxB}o3F@szV5j8c-`ET?_6&v zyA?-hpk`eS|7Zfqme2nBacSipA(Nn>z>3Pa(9^(Q_V(Y^8n%+zeh9O6jmSXkM|E$% zNwbVwn*JO50&m6@hj^uaH1FbzCI7(v3Z&L2pxyXzQQLZcc1E(b9ExtI$KZqt1N~Lt zk3|dm6SQD}kw?Gu4+{AfGy7+uJs$d@+OUi9OIkJNc0 zVkQR_RtpIAe#lkpkP$zJp@)YP)Rf}2KSRhs;SGMjpztpS6@M-H3*&R>Q;i|8|2~F2 z(@x6T1SePcQ$`i8iyfP#a#nrKycb$V6dlOAak>+-866 z?b(iAQc-gLjg_SaMxxTPvj0?sK#0_N1E;JFW(pDq$E{rcj@P=E<`bAH4Nh}!`__Ig z-z(xIQmqJ9$@itBLKj!7!071EbSy0+(~X2FEh*VSQ#7#yY~W;XoYz1T&O=9B0$X#L zGpzsg4wxW52L|3~=dXG_tkk=>5i)Ufeb-Gi=y}2O2F*sccu^6Dfhv>raHiWN|)uUVrVEjVuDQ^SEsT9nx>4Lm4(Yv<;bV= z+wCvj4X3wUmsd5WELdOP`5#sT$kDbkIUIr*F=CG-6TbQMf=sK~`+TYix(&D|cE&dK7`K`$qZ=jN7v z^d(h1+}g%|<;}rOdHHs8@@G8i26@^Dpdw$3mHDo*Yxr=ITu@M8;Lb!z$r%718ZNG? zipqZvZ8LG;4JD;;hgqyD@NrdFtLJXdwfhTo<7W*lU3BUcwu`I&&1*bF4T~C_i_iUQ zxiZc<>35VlI({p^Xl#>AV{-Q_YE_X`pyzb{?3O@^ni_2|CqC}^r#_eYgF{{r^S(BL zvy<`p*!y-Jjg1$wCg2ff@Jn+Itor+Q(x_iU;SUcFfX~59Pk(j0^e6&0hF`yaiF^CX zN=mL3LUW2V%Ju4jo|HkgAXHh6Qn;H3htNb%M`s6sU#3Jw3fq4k$K&S~C|shVmD97% zJ}#KI#{8J=dnw@YwA*D9?InqO_udQgvNwju`+Z8BT^7UscVU4|RN#OSpl8&vl*U0t z3h2J8|HBpHZr{AyCbMSk*4uk`s8JCqFK=yEG`!H@wG!y#YJX5Zm{&5jJ3cAxMK;~3~bqn9smI$+ z!VCL{$!$m9!=|A3#S?G{agr3IH<1wuNlF<3l`TJ?p0%5_+nsE>+)S>i(489_5o0HK zwXHxKCO_#x=iS`Y^q(2oVKH#U1>;RUjSw3d7ZfZAL~t<5^XGO;E&Ax;c;Fksjv-nF zSA+-&xvY+g;IJ<#&8Rb479PHH9%_%yoNjF`X(Cx=67|SN8~n1<6+qt7^(G^v#(}4{ zdeDEbcl(kpN@@5Ty-v*h{l7%zVzqXhm39fCVZ5okUH`c`!S6Xi+LER{uvl61!PIK- z*3{J0d?JhJ8TrkFlMEf3pWoZuoSJ$-U)-Lr-JYX*BS_+&)@fU#&B9oQ0{4uU6X!!g z3TYpmnCbmttC@WL?}8y8>xPre$TyzRQb?wqL%l_8C z#*v9m?7=6f(zal~;t#xCmi_gT8vj82mnLo`g_VFVYEsy-ZC_MW;;|!qJpukIpV# zruWg?i`=|Z3&y+6sL*P7#xW#9V8Mw4{(Gp2itm&YG{ye?@*(V9JLwfacFD}Cw^bmPwx#qesnIXZnpXM!kLKzg4{fD zxs=Fge48g<-7^6;cb~&%4`6+-XgZM-wIrpKcr_(E53mcG!3x-c(1vA9{Sm`+X399^N&9sq>RtXc|uq7d@Xf74Eo`x>+$?>OdT>xv$d!5k5T>8!J7E%=Y-^S zf~tQWwvMSGr~y6w!o-ef<$sp%7W> zIAAh=SS5dyRaBhZJ%1`p65AH>@|TMEO2hl^AgJ}<5>}TN#DUKR*oUXoHG)w>-ix-% z{!r_a4)Iy^*Gx4iyc!qf)0n7vxXM9=Jrfl)u!V9>$2p24Q4sy%5}MvPt?6!WrxFzO znJ7_TIo69!`-e=-Fuy35UwNsI%8t&(Ab2|;W+L&EnxL!hYI>AdwSc{L4Lulob6uxE zLMkjQc#whrM(`q|bLEphcC0v-!Z<*um6Vs4my}TExQVaHIDYED_bp|OJj}Ne;G)W{ z$}X=zh%1e3zJJQAxkqG?IIefS|6FuWNpUHIibAJ4~7{qdS{aPkECCx%fIW`Pr zDj+BE0dGuBD$|Kco%Bk>JYs!gHGWj{GEPlm3Jx1bC$6QsbbY0392h z{As*DRYfrHcZXYZn0>?Pyfc-mUZ!v`Ma8qBsI-d7<;*d)-nY?7k=0`f7NimzgC}FS zdDu*HI}#E zLvMVe3)WsmX);6NuhP<&XE<<3mk{!Zsbdz0x2e3Vnvqz5O)I=OhPLa*il?$UM9%Pj z*h5K#eOBQy7wy-0@BW?rW*?R&T_GI}b@!ZYO|#%7`KNGg(9ayjW%aIimJj4Pf1YvlI?XRXmBHE<<-A;c15Z16 z@TUr|s`p%t&utEE)A(2zX#ecqm=mqu zG~8T1-i`)Jopwc%=T8>#M=22zTqZ9)?)Q9Z8eNrfcXuyQV+=2Vz&6~gCrI>o;bK8K(E{XfqJ_UH z#V{0)^Nox`EHbuQ!8)5)jwH#+KJu*b3ST*g2LAz_B(!9rPxO8jixw+);oxdLxApo| z^l@wV(5`C6!0ULzhg_$~WBhR+>v3d@o3sAc4P3!fetMiuNZG*qV}I>j=Iy@fmoEwx zt#@pRa$%_3J9{?^Os(RO=Ib3@BzTh94%>w2`5)Zn*lhCF*2;|!cIsy8@^J3{$}boS zNs1AYjK%d@r=`i65w8hcnwMSa;mY*XLeru>k0TFMT$@U{Rt@DfEk|cF-B~`*Ozzs| z$TI{!&Ms_C&QDXS_I!MtT0#rr@XVZR-4%Q1a(a)oyUCfV zB?(HbUPIkWjXztg9-2MAWKq6)d_f9A+xa>t-CFw$QU8bi<5fZ@e7{UFt&X6cJX^iI zOW`V&FZLzD1(#FU{y(=qbra^JD|u~x$>&WgE3YYUF1y$C_jJDqOi{p4z;MIB60TosGi1Iv zzFcf{5$)D*&{+%oHN-e5>lj-iQj7e&O6?;{q{={GMFS4{wu3VzinFRfp=YxI?;AI%_eRNLJsPKCf?T;JBO%`g|YNI2lVs5lw z_ih~gSe`fE-hNfOBpRQZB7ZJ~T`TJ^t_&bZRDj)LRIT&Eo0;Cu`^C6~50loF# zI&75O#>UYF>nfn22ZsI7&APj$c&vvHPL`e!sq8`n&p;P}DZiWbg^0}{>EJO)uW6-v z{}lIM9u+(uW*QM%5tLJ*c1~rESnSbd=%25Mui;}S*;|8d&Ubxm(fk>AJf90K8C~SN zcJOW342n)J&KFy}ru?v$sA6TcP;a-YqJPy^Z<2}_X!w@rHs|)w(|C#^icz4ve7wn- zEI#Y!$wE!SzIRQyDl3+$D)e|t4>!jfT^n~zs+;{oX>)_TrGrM!7Bt@rlSA^yRrIuO zx?3L?=cXdM??S&XXZigyZ_BA??nfujz$PVBPjsWWJ;s~Vp^xeW@8n`i-7HDvwZjhbUak9{p&KDF30-87vgf18;khnkw& znjo1V1|B)2-xH5cZEL?>n&fhEZk#+koQ~UcL>RnbP&qu{CveDUA-Y09lx;3`M;k;zAE$uv;P5?Pf)WY#^ zggfI6Z*Ft*eZ=tODG6JA@1I=w{heQ##%mZ6oId{TcY>Elzs;-C1O*(vs^{JcP$K3P zf?uwKpOU#L`ncD>{!aAx=!9NamzJBJNrW!;hj%lkfykAQf(#NR#NIW)ja>q=T`7=M zAzWu<98>^JpR&h=4ivm3+>-5XN_Ewdrk8@ z^WjjJnHf$cayCijf0bc5hUSuM8XQFE0J{rNS2_1ed9SA=6&IWfo?{at!_H1Fe0Q!5 zeQ(+T_Kck)!x;?#;SM0<$akl z`K-rRC;%|gsGts?F2v`)XCz=vdE6*!2^Bxik1>wI-i9hO;^8SUB%CBf=Dm4oA=NF@pEq_?1kQBJRK;FdInqoLY~1V# z8(}}891|*rRAgww>+_$eqm0#k<8xH>)FX3K{h}ko_SNsG*N zhr_A5%%if>^VJvQCC9v^=zkXFt(t?%Mu$hwLk3_9gUPBnIkB z%n0;qo$u)Vd0%7|`sI%?&Un01@1EX6V8*f8?QyH%X3I3v;0##;HqI(L>|tsv_J6yn zCEw*wmHb#0yVPPyhGNC_|BMhnn&? zjQ}f>7&-)tf zVwHxuUq18ATgKQTZtLd8OmoX%Gfrs>SNE?^kgUsedhjyhV)4lErP(z~64BeCaGbam zL}VP&C&Zd3B%9*HJ@TFJoo}!lI}5DCep5u-!*Y4Rl&^X0;Gh3@8YyK4;@2Hbq z;Jx@KvDzsaq#020M4ir4AtWSN-{3zG3jWFc1A%c%Y@ana;dbjV6C{~ES61LU3;o$X zxWBp#!T*|<`KbveW_QGLdUJ@oSN-zR9!`@TfR=XEL$n0ihlC4c++QS-{T*qyJ} z(Hf!fmB*RE?!D@8X+R)X8h>>#uor1Emh= z`7zmatNn)(B;y-(<^{v+py4^eSmeN-@6@;;@?YWEQ%|+`TYkP&Lft)9&WI8U%{dvw z$k0X$0vogA-S^<9Yvn2YZTcQ7;#g{HmTKspy`5F&tJ2SrHVW~46&gCa!-YnVvAnk* zdiqJDY^ci}(Q+>J!_J^^Ss$Ox+sA99?3VMy4{(85L9o?jkv(=0J^h0rTaF(2RwBY{ z>eC8g=2!Z7ze5rj;_IB?;^XiOyjR}usM~~o3lUq_%h+pLrjm(%yaNzW+Knt6rx|aS z*_9hy)c(7J;xNU?n})c!g=Jq4ujM!|?Kly|WH#fc)NxNje>pqfh1fV-C`Mj#-WzGc z%(j!W2G&B%caR|g3Foh4uJP(&2L}hBd<@8{z@Q8tXzj@ev-yyiuTnf{zMHG#MmZ&+ zOwZhrOWx9B?`D}`>-wWnakILK56H{0i<Ea(L>Tjwrq+ zsvKi!UG(yZKj==n?V@(UU)%Is0My&ZCv6Z6D`1wJ7bGT}=7YjPn+Sj!bC@(uA#F}~ zC)FXeQDGOSqf4HJp%mYO_nwCNEVVsX7zcv^WTHs0aq>dvQ|iRJr67QE_AZ&#I8ur* zs3#_1^%yiYc^gekt=Sb8D46ONhFJ8|re@8FW0ucxo{7iQIzOCIqcSx(zj(>5U}0v~ ze19C$PMB+k4;DV?*XwWh#sOf*jFKZP!D@FEn9AX?01MXBrMJZxooVYyx z?0Jd|3ve~^EP5~GX=z-m6LbQ9Dh!P!7aMm4U10-*MFc9YB+ung2amK7NJAzkX&09% zKa*!}z622F-B}q6#OPVHMhfV5LLgldXHQ^w?L;qLb1Ps0)ZtXQ{)dzsL4qk+z3`k4 zY9jFO;GuvzRlU5mz!lG9okAa9E*>+Ub2H%qy3B>+Gh<_%BTuo3iS($PD#{f>gUNE4 z|Ks3P_e!oGC0yPwRmvt54k<1!*ROY8KVI$b#BenP3GaUaIGGTANxcUx$S~peoX33B zoL`qYSj&nk>ZbXfT)ErlU6ac5Cih|=n;&DSLl}2uK=$XFbt;* ze9Fqp?Z1V%G>VVAnwy*3+n0MvZw+;r;b_VRF2^lOO6p<4I*d0(?^lkRtilciI$1(> zL)wpLLToS(1!tS9sK5TI`Soz?@Mve(!W;T&^ZKMR9E4#%U9~aS);?YiY80;Cey~#v zaoGjn>r0Y`W!l7UUkQB)&BFZ0YA_Q+52p0)T^hI5*wJ$Pe}X275X`W?a+}d@SE1pE z;B`S<@I@kG05;l@dWwcLJhYC0uG?YSnUcGQ2!F%PrjG`emtTM0Kk>SbDM;~6rr@v3 zqm=ldz|@yu4hQNEGwj=g%Kgw_BYz?8DbcBxYyiuzHX?FS=as#b4+E<4LEbL^z9u zex|``?jil@1}4|=se0l>;pxl1@csq?mS-_t!3Fwr?wbd~(-RZVk^Xtjx<@${^B_(or4dw8dIzZXP*X$RBPUYo^L!_jo?Pq_5 zZF&W7&rxzwQi{HWhb|1U>AD$Bu06|Lp6th@M0+0e3?=9p*}TtHxsSOjUUB(%2DVbq z3lF7Zp^t}#hm#YNDMIKN7=ybax{qT^AL%3?K4cCHdNx(pcXki&%GxjP;Ae%%1atr8 zOTM<5Bq1{Xf2pvEh3fVU08Le2U;jg0WslM4)#IAxAQ7@zV~&r)c(sU_hTx0I zq>EB~K}fbFV+y<5-GQBtXVmJOhu@i>M~{_hm2yE2Yi*nAbGYYqIoy2t>3L^RK7Ky_ z*UcwLM61CK!Ko#$8V6gPXG#V*h^r1Wc`h?&5D?ubK4xC)1J~o53!)y&E7ycW`b8z* zquz#Ul&V{`$E#bfpX6sz=hF@uu-jZLaIHJf+)NnG*ww^UnHh)}VBG;=fiHK?4Q~Y_ zf*tgaSy}DdgE4aO|Eg0UKs_0ggr7ojJ0rN?Ub8KcNheDZ1s_~WSCnvwoP~U7^4pZm zJqRjHMls#rqVr(a25X!AC@zIKlu-M8wM6WM)E>Ao)lna?t!Pe;vj2!^xMgEX6Na6SGRYnx0)P| z$=!8VQ*+2W3sbtHzf-~75|DG0+O@O1dEpl?74eZ}KZJBrAW~nYY2F=92yI=Z5_mV>>kg<7a-UsJznl)?hnfP^Kaz1QTs z8Y6@jVU(|9^;0M4AMF!WidjEQT!zZae59iW)ru2{P79;5z;a7zHtI^yj;H)U`JH!;hg=f6v*4za zQLrVCjetU(F9x&=$F)_|G+a0K(i<%lGT$(WFf1;+qCF2o?SjDgKBvi*3Heou^*mR1 ztn8UuN`@zV<2Nk)bP0q0nV#0lS4l}urpuIZM1^Dn1n}LRuTxu7uA>YGeIZuc=$s}Q%7 zYeH7?!NwC+M2xD`M3%pct*f+__lIv9RIP7;;zusu_u+E5hPU?W#WiXr9W&?IrN7_L z>=sb%?#7JB^*Znv1`)VZeAOOrsXQ!Az$LD2%if+ZL?%e#tH99OHa2wa za%}0LqP#{iTSc-{S|N*X(8x8O$+Y#Z)nX_ysqys!=%4KDZqAL(qhlxXILXidAd<`$ zZGP~_}o`J0W6&1uTL zUrd$)zC0QmC+5W^-lRXN>S1&<+7Zu>i8aLzT<}!kSbE80lGl7up&c zN%T%WPY_U}NU4ySiGO68-`c$1##?=$Xd*XD;s-b6V8J6~J9gy@%RGFblSQ+$of|D|a}5UnJjYuW)rB{GIy-_}cc zV=9b;TLju1LaN{3Ro;utw$fou1~LB>klKt%@RMaRf48>ZCP^dy7$0~_gYWj}?Jr}S zce(a+^wY?wfW&^zPT2{ym_9fHg~ansR9GV>9yz~GrZ6L?Fo!H_V~S{84udr$^_D&r2b1_* zYLmG?iiqO_(D{Nr6~`{S8MILVBHp|6-AuaLR(u~>-_3*9glhbYxrI#CMQQIi&EaB53k0B z--P!S7>Woypj?j-{-CpxpbnxDY|V`bi=A;9ldu0bH_aaqFafTX3glW(rVLH8-D3vLfoP2NP)~9#7&HLfH|Y#X zntY_gA8rCq5$P4y2FKTJb+U)C+b~*>K_z!tWlOC{O+$=Y|KEQ2j#A@id2i!ez>tTS z80hiW_iUq<+@z$WIpNMB|87k70y8APKhTe5Ig&hf7U0IhGC8mfraI_w#V|AYA4gN4 z=5qa^{qp4?tgacIR^oQl0x-xVB>MaNJ1OQC0s0<{5->B%r*}PkrpE>jw4uJf*?N~k zPrmRoETUE5W(=&FP_6u+wejNlCI<{`YJ0y&D;czZ=8j1uhG&_0WJAA&?Bzz6UcJp9 z1Hit@O3q_?BeraMz(ZkSV^dO7K6s|*pdJhb^YNlq0nHJtOZ~;x(4Gk>oCNb@=Vpkx z0-3p^sy>T73qki-qK}!1d0*Xh(fi@7b;nLlfwse<&O}_ue`&k875T zhv$HqME{YeL2rBX$NX!Anje_)q4&e6O)Od}Z+JWYbsX3&a%KK2CjdFr2mS!rtUt$| z{RePzB|DXLLl0lhCu=JDb0MWz!6?Mid5A0TU4Q#pq3GxgyA*btoA-Eh>FrLIYMEQ$o9TdYW41+~4jbXV5n-6m*6N8n7+ zK;eMlK4?vdsSSs?d6Pza4VYwZ?(v4mv+lli_6iL9uZmWQb8$nj3Wsd2d1fZd`sYkz zc1@dC{bYXnq*AL4EvV^s4izS9BisDM#J9NIZz*T2cpNI=}5vGdZ_ zo58HCu*0JB)p4+oufo`lb7{oB#~|!|AqW_T7H>R!pECZBq9Z7B#Okv zoTL{|>e3fd$-R%6g@?r#z?ypX#@Q6)W?-VkQ59Z24}u#7jMj;WjKs4zxhSYmgQgY~ z0_BrQHzvnp$-Cb~Q&T(%$r|!mf^Lg`9)qoitYW__J(A|^K-52ZXF}%{^#X|kjRU=% zePCi+hCUp}KoW8+=E|p;mC| z-qXR&ZZ5%zgGxohUVA?L>=~?04`iA|rgQJ0a3IX?qQct?TI zYG4L^lG!X5quUMATNlj8tn>+%a{j2fMwg|M^{m?~uNNWD?XJytK{ln$JXs;~Xx^Qa z{_ls8NA6ssLyMt~Ua*%uq`0)qe>IWs2@+!>jzJcb`I7<#?6@VUMCU{ zqv5uR{;8WQpAbaI-hArme(<11soQ2!`ml%&RpQ$eGQ8Y-4o@=wrh|W1v9TW)y%9#o z_3s?mmT*CYOv6-g*ukPOz7aB8ir=5O%#DW_D{w0S?EN*EK@b@cfopQ)jRniAs^YTPB?~VQm>r~x&Pe6( z(77zxcja%rUYYxfC@QX^9p`3Ae5>hKXTDZ9z@}lR^~2KOB7r%iy{!@_)f_^>Gg0mE zuwQmm^ux-fz|uAKfSxguBd}*dU({^UG`_HRu6x&kt(n(sLo%)NL+uPuUm-OP+E>l8 zw5KIN1yeA(VbRLfoc{c5Q%B+FZ@bX<>x7RY7%5B`*wH6Hp{E{}fh236vMf%L!o z{2l`7X}o@gV@1Kya;*kNr$YYOIb)Wb^y+=$tln0sib_g`KR$0;5#$(adT^xX(+E;kbxM!ES1+HT#a=-eSYhhO4IL`d&l&0pm*D8UEPnh zmJosxZfnpt>W;daGF-H_w=OO#S5Q>Kn>=VF7;+YPGqBoTFQXkC78cE!ite6vzfNdS zucoRrs&f4S@9vU=3Bb-4xc%;+2?reMeieSW!};Z zoK)A7X4LeWn8dB#-|%v$#zfUbv1vHSl4UZ>>SeCFT#_*|Fk{PaL13X26i6oW5UV1a zo|zh-<+$tbi2Wf?#$T>bnU9Na<3l+7BzM*cD{j7lli=dwgf7cpuUI9J2{Y)xBj^GF zjC7YwPea>`ipt7Jr#a?P-s6E`YU*lg31A?g-2B|v7U70=cKHt03? z_l${MG+m5pXb>?|`HtI1ZTIY^u|a(-ppcQx!wLEPGyn?!uEF$4lG6Bz7$(q(z}epz zD)+jOARM(+d~bUG@{m`&PT`?sr>0hS{FhQTtgJjo5<}u2 z^16S8^~8uM)#D@p6n2M?1E6A{*k?thvJ%n>M|frejSBXel_by_iy?tw0asNkpWb9X zp7l$l^tS1ISy>|AUH0?yZc$72?T$JE)oy_BS-8!!Z#7aaY0nims`?*>{X^ZHD z-aN&^(~j7?2*MIIYxNJ-fkO(>92@B*h!IQ9A|6I#KF6Jo?eNM|P)iwh5sH2SgxRET z;tch*S>pSH^J$494?3TBUdt$viu%Hf)hy3v!z;tNuAk!+bDMcqrZr}+)&;6cN$2`J z{8Z&QRu*{>dFo@KjJLkKtE;XKh9V2~@SL-l#tjm419DY7}Dm_DIGlj)$lk|8h1OzSV2$56V@z?mxoCn`u zJ{{)C!MR`&UO;tW-x9P3D*e@7g2-(z3A{#|}PJMxt>EJ*@SP9a1deyNV zL29o1Eo-ik$^FGmy#g`eF0#{0SOAm)LjR2ZnPqr=xhy%Ho?=9lTZrFd7&g>vOlC;m zs->#V~_2M$?q<6 zfu=D-*IAK7IEbTWj`Z+h_nu|R*2dOWB*XBiFQQ`7(Ax65!-`kSfr?*YJ(tB?X04&2 zj^EFkx}vp1wq^qZ4dbfWMbGuY+K1x2)Sn8|8Tks z5gQfPSEsFy$8KUsQrUEwK9Xh1qIYYb4a;Yb#!mf%AvZTS2$_%!7UoH79=Sy4(cH`X z(_x29{#4Nqw&t~>>iHVrG^@B@dzm&U&HnM^y1QCnfBLOSa_i+W6WfDAnevNZlx;Vi z@ErL}=@h*#IjvSC!(g*2+Aqb$B_BbvZ(^-`+}q)%&Nh8D?96LPLG+_uWU8@xnOoZi0zrztydT2K~)eK z2oxl{rHJKG3K!ar@6H+vyuE#DxOpCTelDqL=;7gcL^?_6oA~KB4}Q3{y-sD|qQfN5 z7}Z+xJejsa3K(BzPZKO$;F*~kF09VqPmaE8sA=G3=2Xj8p{DNaU8__Qy|UdyaO76W z2#`cgkeBJV-jo8(m7b1TQhF>mug|aAEDys?qU*QM!fv}>JA`iAdq;yAU|P%{CaUMY zinL0AP9%@@-xj~y4&<2TPdPN^5>_S*Zc8|)g?X? z1>m(}VPNO~k=xvEd*JHg5fSx85-xt+bGMo|K-5*3AHdCb!7Klta--|S}* z6-^ZJy$N!iK+WeSF+&so?z6<_B%zj~6JPw{(*xlC95>mMBbOhODwzjD(GfchtDYLU@ElkEix5^`Ie-S#i-?@__DE*8mU zRsD-2rU#V*0s|VQga1JU!dE?m3)Yd{tVtc2c$2uo-=LUn+mW_pAAbg%>s@)&m{PS@x4*oA~SIu5GK4wx~Z`39vR>J9{Pk9?R#KwBDYn z{88i_?pL5-e>Cs+J%Kclhte^xQ0)J;03r;E)757;-4nXpuM|Mv!BXXb29o{n-#;)E z6P$BTmSn@uu>Dw(8N%h1l>C9PrBES_R&HJw1!l@lET36Wdd@{=A{L-gI9hM@{0k#L zH$Ary5mIRHy6Iay1)yT-r0sz0qtbqAdlINjhy(?CY4&Y{YHT+l&^6V+@~k!C+C;o`;@167MR7!PR-8G3<)^&c^QFzzxY;O zwTf_HFKjg&I`;SPgPrnubCs%0VTe~MclG)HKI!Dfq+-P2DDcJE)w*i$A)t|{?eB%6 zvEkN<2?fyp5ypHqR+C?^ywr+bLqzDQ78XISLn_AE-zPw&XUNfg1Y+eXf}P; zCJ!R{{;=TPknCcui@)!ObT!&9QPBwKq<+cmUA!A?8AfJM@Z0E7wOh$B{v-_g$BCrt ztC@BrN1J4^1`b>&Ri{O(8i?!W=BCEkMh-mU0Ss9#*wIPoIwM|9#CWo zgj_Y6iIC@{+2^+Rs;am|MD%?Ny1@n8U;^cTNo_|*n~Ry0-aG$Lu?$5*QquoMSfk?7 zh90Zd%GY)@Jh=TaBuF7z`gg>&!GW^W>g^V>E0NS-w!@?MII(c=+A77qe1wsz&y{!3 z3PX7FWsI7BD|bm01qLCy~ZG7Qo@*d6W?n8ikpsji=VdI*KXe_tsLX|;ZW zhDSw-c%9^dikRo;B~C~-sNb;Y)`YgH)^gm#KrJW}5Kvkl?;SWkXs=mA;eVcd&EyGg zX`$s=6@${!J?k?=mrzBkM;Ozi_V=tuBC@SeF@8tC9cNNve^Tp6yN!k?6@+-flyK4{ z(VZ;hE-E#S1a%N~NX^k?G0atANJ~ql!Fj9uu2Cl!C#U00)GEJXvC918kuX!zM`t4? z`@;ItmYPr9)9rKA@%=z^Tfg|t;k$!M5ni(O4o+N{O1>{RYzTy%4|8M=^s84+K|;=( z)?8k5kWH8TgW05Z=0$t`H+#!eFr57Uq@S%&F@tgOU$c0bMg+J)K5&CD1du=g@+_Fs z24)lz9`?2rgd7M%U{cD$VYmhKa-nYvtWr0xZ3GI5Q(Z3p68iL0AdsInCCR@muA6o} z(z;IXMQwv+BCYn1sS#l>FsB_reWdg+$@1=H!d9azF;~uXcBWC*O4ek8skpH zI|L{8$C4k`?Mc2$tJlxD;)pIZ#w^cJfG`NiOCgPXOgLetYLk%CiQtiS&QKz->lN0% z=swQIh9Myjm?Y{X3cEEem|JKC=P(4Kc6oM8%Y%N+)g>P-cG#?mJI21c|xyECh>%jcqakcy(||6gy-$o_DT)8h?E z6!_yQjVZK}$fIVUX;|nx2kh~iHdmMSC-bimNNia9h|y8)6l|fcN4g0!*hy?RSQAW-U?by2-GRvgu{le z0vUmBwWU?1H4Xnq(^ZE>wSDbDPzFI9I;2Ykq@F#fNf6q66+~>LX!Z35rK6|hAt~ba@2oUVtT;IigYqRQ!&{iHJ_!{I3 zi|MtVSt_9xg&#llh`ZL-ex0FCRz%LFrB&sW7M7ijOwW?#E;0sUVl-SVUCc}Wuzh{> z2?P`foN4VW;2olvTtceGo*M%D^1MIZJ+&^U?j@4yoxcbr+7aX_&~9osj(#aEGLT2U zWq(b&A?;=Bs*|?iA$pnf*POfF+8K|BLN#E(Vq*GS&-zpW6Auk#2LeUjmV53+)GE@t zsPSD7!9cd?1=^;d0*8NR4@u@|nD7r)oSJ2F-2WdVU29Gk`-lc*GkV`+dW*I#oLx9+gcWC1r>^|M{R%d_$C*gb@eJb%d6_cF%OE zl{!8zKR3ViAE%ltJ@NYaiMEeHjYe@n{>Nm|fV*ZZB@<%@1eto4A;OaAasW4r#ZoB4ftc4+=n&iR(?uS-y_@l;f-V9c z2K#5$FHpx<4$bI%ynQrMG75)mu+f)(73!Pl=mzp-fr$N2pV6u@`vQljrB@VyflF(% zf@Xgm^VL3j3>Tm6;z#`hO1|nBTC^@g#Ho!9{D^0LEin@%9hI1SlU2U%&xgVMXjgrO z{SKw;In^ca_ND39sl_F1<@MPSb#WpXl#9>U$LrE$LhN$*KU^>khDx8O9#h`U(t=~R z4u^4WZOsVSY!8AfZ!d2QVNBnMx-7us@~EkJ5e^@@OA`d^ULjEl`KFgva-Z zYo*qW=N5WFI*_cae2;pXz{)^1wMU&ZRE=@fSxMeeVe}|`kq3>;<W-z=Vt^IVp-eFwwp^O5hJ0}6sim+v3^&~O_l_*VGQkT}?XVUi{4Mv9Y6%!Ay# z&$bPd6UeNNj*hUfs~#R6PIvse01%?2e59vG1;rZmB?swagPAbv^^4Mj$t`We#q$eM z%isHK&xRfrRIj|fM651=_ky?XjTu4tJ=>eZ%KqoZ0qMT+hBxcKtEY`5RkA$3p~lmO zyr+JrJJcA1Q2uZ*`S53XvS@>J8~fEZ!n^1KqwbSj3Ld_cQ7?CQOQ}WC#aq$1n3&kU z0scIiqf;w8i?xlZbDoqepk{B(&GQ&np@=?|Rh8AhmtyE^XdiEOqG2}m#rE^5@wur+ zwUK{NGDc${^&5uv>dKm>qqYb{vZ3(<-QT)XgA)_X4?BH+ND7h-$uOX)e^PyJC(Vjr9^dy8?A<~#UdS|5uN?mvU57OT!yp`fSLQ82LmhG9bC_+dS%7O$Q6ml48o}eRUr}Mg@n2o1lzj@7swe@oM8=5n> zP@jvtK?>;k*VG(s&IaFV*@ILXp9C8^*JIpr6V*!U_zc0KrH)h>tt?hMG0{I3X zY3pdeHu*CBQgeYjnS_pNf7<6p_AJxt$5s5DjoZeb`yLa><6J_B(Aer}=MS0r9ca>H zQUdWe#=~i8Z#=!4qvSj*UGBR%>?R-w)&-VjBRJ7|?7q{EBB&Q}?KkPgeYe*xjBk+I zR{C%@ z%J;xruEbQuTYr7eV6py(*L+zL>(54|qjm(s_UaDa=8$n$!4IB~0gKJ?n!W1#2LsRB zwKB8rb3Ii2Ah8El7e;C*Y9ulXyf1pCFAO7OT~yQFR-({3{U3%`i;Zf8?8il%L{38) zFurHL#-3hflZv3c1N!xrHqZHKNRY?+sBO7Zyp9fA1Uzb>73e*8WPS0rqGC9_;jq6< zb=b$p+wau({gZb`mygY!pU{QAXnetQ>Uyo2ca4^oFUO4SUF3k(P#ooeYQv$nx<#Z$ zo>7Udv71GqE?atB#(OOeR-NxZ?}uNz`!e9|6#Pto;i?zqtn$E3YPm?Ad|loJWB=G8 zGui~wB!1Hfl|nTYbqoS&5w9G!xwpr5>k`w4oxxiPDxq)H*!H&fsXy6H6gSFno3llS zBRBgO$OdgET}*Xd|9r~-ymXQgB!B%^gexO2-7(S2ygW-w%REX6K^a|+`UXW zi}FFcRaM`=f6q=mSwgY!d2HQ7G6u3RU`Q3z)A*&>xI4{0uSmEN$eBk7igge4a+mAd z38*UqEFTQsj;Ga{L8vGR?RKK=Ztj4owz-8khvV<1UhR5UHwz}P@R ze||3it=_GixETbZY3@yr+`-@Ij9AWjWR{-G9lXG|&&2rI_(izpYQl{r*(fnrR3+1eF7q7W_a@WVQ*Sr`<99&4BXWIYzO6hHdT}Xr$PzRaF zXQgSGC4(TRaz>_?V6aVrrlg?(_lur1(fHU{#_Fo*P}J670DkWdb^6_%V#xp&omaYS zWDCxqGc9f)_03U7VPdkCQrP&eNYziCT~|bUovZ-K&>ZBPe2Ja)QBwEw6Z|HQUt8zu z6t++nl&usCJJ;&xfLejl{D(Qx^x`IuEXvQPGr`%^F5#)w-6o0rX^A!hbq$qB-osV< ziNeXc3w^7Y;o9V!TVaP4oHbnSnca5EsiJc1MDzM3?k83ELM+vyF3H)5qdSI&E9&cw z^L4`lw?>dd31eep&_|@(g?BK_e*J+P#{%>3i$+}fme$szTy$U4V!e+u2Duy#3y-q;Ut?W#Q)=;7| zUPsXhYlyMq|BwqGG6Q*ZU!SHb69$+`(2+fQ^oDY8X9U@J@BaP!kmjB(Jo8j!ZI<*n zQY}>o2LEwMSp;O{1YDTku(e(=*fP%jn3)qud|>`!Tg_NiP>g7<0Ul zJbeG)T*#P*oNN)eX9(0W)oY-BT)%tJoQ%zm(bCtaZWFnAQ}NXPm4p-T{?-HO1Ug|; zHOls#4PQ?Qo`!|S^<5@x1mHK6@D?p#Q3t!}%a@!S94#-xPp0Q?;pgjCgEOoP%t$5Ae2C=$0QNr2=elTg@vc8-E8C|mu=m9 zf(9gwXbBL{@tkBebK6@LFB{hD)%&lG?(b)8ym_+lsOXP|tm-}0%(TZ5qKP%>K6&k@ zkM~)6cNVx^O#Ne(ulfwPEq*L26|=iR2o#m$%CnHJ@Z)bGBnnyU#3qj ztov0!QJgO2UmhS#8Pe?Z_s>>ZX_Cl37u9aqpg`fbuCzISvN_ z(kFa-ic1JH#r6oQ%u~01;*@Nvly@B~ohiY;uYmWCU?BXc>AJ_2mXLiv)3V2n9(-_uO<_?EHbt88ZkS}?M&1^3pwE1v=7ApuLmojL`?;GhV=V7Kc)(UvRz=mE zOF|`!($mwk87{ib!NH%bW?$7ZM30lzBRAatOuLh+BA}ET(RNido{yCc(ok3Jhk}hn z-}BP%o7ezLd3g6z zO%3%lK5_Hj{W{hImGiBh<3$tWoP&PLjggzXl4>f-ZzKcAyS{9k&2KbjwS_No_v%TA ziwb_$e1(hb-MLLG#KY5o#bN*W@gH!}l5eF&qE*&g!zo(3mf*J0Ka|NE=my?9@Wz-K zpFEdQ+L#|2|J8k6XTvpC7BTz5ajNRh-J8)@t*!pr+SqMKV`DMyZVpCLC7sUq572bM z7+?H=ySon#@d=}efRlj}jz|tEzMjVfk{BJwikZ* zfa1wXQPPi^#y}vPxoPS@rCU=Kj-VPcts73bUwX&-4ZTw%dLB} z13G+d2kYc(ziVr43w(@LB#h&x2kO25y|pWi+z00*8d%kD0k zBq2hCmf@o>evkq5tNb2<5|DCzUc3xGT0=vu+(`teD#OVNf5sUh0_N7s2w0b3#Z_iA z%y#qUjmW#g8TPD5{-=YOy#R3mVdnK0(xwsM^ddD@8%g?FUu>cmOxes|_3hU8Y8~%cO?KDxo<6>;9EU;!g?~R_^4>>M7G<;Jm7_z zA$}M=Ev>rA-`28Ii_Q&=jJ}J*q#QSU=y9=Iugjf7MUD8j^Jex@7N40VAR&2Pu0Po` z78&LFa)8;EuL5Pk7;5ZGXMAm5!VZ=j$G-c4dgoaFpfQKl z#(;AXH;E5Q2UgU|ia>#`3ewcWLzvk#>}t4&!{{BKbFK@9fGV`pOrJ8cfiQthDUL}Q z6I0a%95>z;Big6IS(ou{;+}{-Cg`;GIm2$gGP#e7X0NQW_q`y*LZMUM+X=XbefDhmy?UzuZVr8wlcZ}PgPED)1otOZb>6r+=_xj4;%6l48UnV5f$3AM z87$wwE|YlJ{x&i&s#s{Xe3r7nXK(kcpg3PsL%DC|YkRcsv(Jw_>6npVH!3D#8gbwH zzN_zGkEVOC(Y7ueJh{c(y>HU{M@R1)>7~9-S;{{U@!0mYRJ3%^qk^gg12$I=)3b(k_FDO9Ej2EvC1nSR}mOZ=^Ah; zE$Egl7|^%SbWI+vsI|2?hWWn3;%pmf+%}NzH7TDFO;!{7rW(RmR9sv!Y74te_KcJe znquVx?+PM+^7fD_4EaFoEU}kiJeg5; zzl=p8C>Ynr%g2f9fd1m>OVXqZs)1J`+F{D(T6pL^c2evBK}OaC$T%|_?3F=F-JUq zTkOaTR*3`x!8oSRy)r`ntXiAVWzf;ILnDVq1PMfMb~xVqiWeYxD}pZ?`{kv;z-yF` zf9xP+Omm_eDomai^U~5%(-GTWZAR?SMDwvJF`52YlI4nc&Q~s8`FHjp0|4_hiEs_FT21Rv{gH|4K*GN5;p+|(Gab}OiHCuh3ld>nCkcwMNh+{2t} z@*y{N@6KsM5&Mor?-#Ci=QkJL)8yt{OW7s!ChoH$8H+)?S@qan(=v>Cq3um(YYnyA zeo0P_t0*Ul^KG*PMgdU?CbN>$r-ctV%j>Ba(70Jp2SG(j(yZ@ z*^~O${n|dUoQrt)@FOxoL>Kd#y#zZUkAQ$|~NDpYpvbJnxp_7&kt{ppnJ zVXCMWAV`y4ZH3#AZr4Tff+6&4eyPewp8}gP`jl8ErtP_Jluzhyt0l)QFK$Rz7IVFy zBcy?^eMVWoTIq*0TCK1hb>3a-|M5fZ;N<)}SxO%Hr^#vu$Rt!B{BWhzKC|Q7a~6dv zvw5B<3%)BC`hQPoG?~7vO5Etf=rnnK(WPM8$Q@KP}Z$`|ftbPzJu5 zcbz{VB49c2b9E0caF38>j4V?9&1-Fgdu8*bJ3Nx&ub31Tza2e}xSig8QejKAt4|__ zX#eu2)cn+FiizM`w|H67#y+=ky?((EVG-*~`R`C(GZPO3=~K@2|b++8)IZprIuZKU@saDjtTHkGFT24s>kOonV{E$HzBg z;dw`)HapUs1y&h$+d4MIlUf*~+5`R^IhadvTWX~kizXl!j$r=p^Q zS_S@sdsm-@binL*YcJUlN_^kQRPXbLFQukl6z50oRdud~wg+Hb`uYfpH0dl(NQ|~F zgHM({Lx>~m#L3C2&lw&L+AAk)v=yZr0dP#r#*L2EZf#Sjrkr+;sWg;2?L zZVbFEpziSd>vwepVbk^O#ku3p^y`&c+7nliI4vR^u~_JDi4S(FZ!eDhJ&(Wh;73Q= znLIu&P`Aa>mu3lRKG)}@PJ6?C(Pt$9txMjsuEdS310CD!p`a0|#FQbbyP5XZi z1$QLlY9`oCCJg-kbq%TQra*^($?af7O4`|Fv9ZQ^<29^as&tWkD&8%b;;}k}@I#r;(fB&A%GWE`32ieCU)lB8IO@SQMNvA*V`;Ds;l0q^J&s%&n z=ZIvq`hK4&+S`u%4QV82w{sbP@r`V_&}uothlfpX{>4j_4o5&BRh+L#P81U;y+Gi`E`hU}(s#+%HW>=ThRtGg>)RuGlf>p>el+AS{ z>U={cS;AYloA7yjAzK>Tp;A1~RBs6(5{B$5sa}lgJ zfBoV%svf-EKB%8Q{AmFb=Bwm^k{E&7|bsFdV70E$t8)9fdt{9a6DZ`2n^mA5EgXxNUf=^UULT;AnEeQ zf^DYg%WagKl$VfHDcT(K90{FWU5Xnvh-ULTSq`#r%ym*sOmXqXKb1I{)4?}&QecQs zQ7zBUyTKL-f`^+dER|aXrO%@?``de$Y&qrS=?EbgHP+R`BRn?&H&i3f#>R%k&+y<| zVJ#Dc)#j=uwY9X6l9StySN0p7jD&|01Tg%YjY~>O_6W7iXR(J_=xIAmU{~ls2cn=2 zlA1R{cGPIA)nA38qM|+JO7c%I;P`D|V9>hUhZV@T;ANba>2ZDB@m<5$QNm%F159_X?CweJCJB47Qxi+Y!@LJ%&!m-$-*yTk9W7P$+5+EgVG4xg9Ow! zewV2dNP>f_3Im2CL4`ee&ep*21|}vtTGQM-N5tI;d;EdZSuw>!=xxMGhR!mfbc_Pl#HSR+pyG9SzB#>B+L{(Yv< zlb3w!YineZrC4Cpv$tnwWrZRezUCOvN(NEXhSjdm(CEPC=@Do`fxX&NTpZdFkIl%E z)TNh5W(k*;x4_WEgeS^q{CRA4suNxUD9Z-XHb=5XUUVi*q1fMJluF~$0 zD^Y4}rH{D&`=zv*t2j6~Tn6P_tgJyS-vNGFo2YrHHbg;0W$2j!mE6py?Qe~gH5OHe zL>s6%?ta)z#H4KGs^OlbPb)7G;fO zehXN^AQl7~@9J=IZ&#N~xi%9McXUj&O~sf(E3F8U5eWQ4L-V$B@>e>Q9vWhSuR6$X zc6VLN^!>JGTA^A5%7N$@I}s7Z-A$)-yP(uQiXyHnnpI-iGv_2P8%unTwt;K1DbWBc z1Y+Yy*4!;`urkfWfk?) z=$Vz-Z?Z_dFwW!3qNop**Jau7fgO5ozZJJheJz;q{`&RczqeJ9K?+hwz8TVB zMwhe9X?l0rUBLups}tzt=o7JVa>VaJveKd>XGKwtVZ^0WSfwJU=!<3UUZw z6B38jNfa9!^tNm!yRu+5gLXL+2fh+$j6lK112VjiA5)|Q>h%lV|6S{5idXX4L)NWQ zD=#l&wEp+!8*oV#;3=u8tULsF^05ksObIV%HMNM+NMa%{7O?x++1~#6@uNu8OT_b= z7k}MLY#|3>-)@Y3`@6Iy0}kpE;`Hn+CnpCcz8Qy9A>>)vN)I0<>2kQ0-)4%A7P0cC zfdW37PE!BjLreZ-Sdr;=QK20T(@@DNTs|_i6gRCPMmA-kU`r_fZA%=C_2*S@5E{vg zaK{aK&GAm_G7i-petwj5=KVV%&7a{!gW@%cTCg*Ha#%@Dcf5VEpt!!;WiiT-+vKZN ztRXj?_DoFI7kB(lRP2op%sLKZ-XeH3oBT3|B^GYfcyDtSe5~>IMKdSfHdz;%Y5DRO z=IMge>fYXBvZx**#W_AAG7lMDU0oVcXB=lgs}3;%F9#K-Yfb(5E2ps zBW5uF*k6n0*1)9KQfK5= zvfjNsb(iaYFa`fRTDrHl2M#D?C&(&pdwzr~IS2rgEi+ihe5V?Rrgy5=IjCe;p6Z%hNu1dD=76;Tl44=XDcb1@rmwwSQP=RHB0L2+ zN^yo@HV?M-PzJ(;V6i8CRj5Ew?m8xh0U0$5H`)zgxc&Y8@^Yb!MG9_1N^p4B*8c1; zB^5ObW{{Bo0A$FgLa9OCrJ!Pjg)5xeO*sn~Y(PLjgp-}!nq{WnuZfA0PlM+2fh z7Z%7yeO&y^*G7FWgjB6%`ONdSy(N+Zk9|EJVRz(6TXCeqSq5>#4ue7(Fxdw0O5@$6u#x4V02*_EIfke-_`+wh}{hBE|erSI`K z$*uOJtOkBz z>U2RE{wCB=CJp}JWO47kTI}~HBy4JjThRf39YuQJh(B1L=;`TkS?s9;bt^Oyc6N5s zC!@XaziP}{uR0@ts^MP2BjVGkIgmll>%5wH>T>hNjFIghvCJ=eoeIc)iw230wpa z_C!z%UPZ{n%`Nrk5TRkvLqhlj_#H3+3Q%ktGkDTux%#={<;CzgSn zM(>ul=-BD+j`Z(pn7|Pq47*05jDYe3hVUp#$|c)yLt@i?HOfJVg8}+HXK}5Lo}L#x zPEbGM;^Ml{fNoJ)hbrjEDKU@UKP?&iF4r8vu>t-DimwFJHc7W@c7ZRdo}iRgQz*A*O5I zZ$1BRjN6Ok!SaQAH3DpE)Xvu019zI;0o(7%(w{h(U zE%r1wzbp7*ELLGFCs|6wetA42!cA|LwqKkvAa*M>OX6|1WV)|m`mpoXPqab<&PbNY z^S{0f>SL|Q&;OntOvHSxzuiwKhNa4S=%XY&0?Kgek+BEtGoNQgtW`T4_Fv;3ky&_g9&w#iN6=D^UQ#AQ8YUglbHVBb^Q9}`{m5Dzm~9QBpm-B+MQs)*(-UFCeNg-rUtDs zy2BMjx|x|K5PAvvKHs(9Wgx5uEkA!UEO?{e?QSK1`@@q8ZlpYl!Uh#nnTmzAZ$zWP zMIW9^#-gf?b) zjQT1Dx-AX`(g?O4G zt2QbrX&Al^S5ntvcPa%jF)Z#|NnP-$6%JV|#}N<`CMvPO(^Fi3Z0+w~Z(Iz%OfOLU z1TaX4Xaf~h)gW3x@u#X#XxQH2ior%rt;utE;iuFet9=a2{_v3(0x;@~aA~EQ+QV_A;T9wYV>>19>u=ZqlNd7)P$IFD7#! zgX>eEzJ?>qfT7_^^(lTbF?n`JCk`*}>!ZS>`2-4wsk7y{%XHRzN8`05NyTg_OenOG zq~xN*MEQvAy?Bz~Y>K85T=dfNvYwIAZKz(u4<-G-$RJ_f9`JYMGx(*6(?nHPia;SS z-oLsBRpA3ywIAb9@Lf|d&(@yD~i@?)D^&Wxw=t)#Q|?N;Yk@7m37vlsjNj1`?(_7-<` z&Uw*T2%MYE>jY<0kNuWDKkaLDS-cq)MFNnBNqe2w&ifDlT@|{km~%8Z#({Gb+VN9p zCZ08Wo3_oqW3yJfrux!ezWHXJ+?LVw6FJA)N)VN@E&)Y3jU{6Y8QyfWsy;I^B6QIOayEpfRYCvb!%$Cr7EY^JQcA*$>k%ZZhO(q*!$q>&qEypjuS1$jT!*rHKJNknh? z-Nqo4tWxGh7-J0BJ%ad_%Jp^3a_~6|#Hwq^be4r9Z+-l*{%$V<@uH#Jw~3&cI!f?C4b-xR}r_ltCC8AO@FlZ~(6}#p&Itu%Fo8-K}+5 z)Bs8t=z3A2KXy(5tN@s5$lA@?`lCi3HsVe90+e--O$Na``;x(M9C8By*56M=Lz5O4 z$0U_XceQO~-O-Vz-JAf?$46tii-19uT_b7kp1eHMnDsS0#rf1b1F) z9t2TcvLjTqyVqr4;NHh#Q93sE!-)UY6YXQtFa|rq_My{2X}d`c;&(&##UBcK)o5=l z6)GyZIzp=eI!g}l%Pd&Ti+mI+Jn7jyDik4aW@ZL}Ua?^nB(P1qecu1rv~(2mtQrif zoOAQ@^WVLj0}(k}ymGI%v5b78$+@4{xSyfFc*_Hu#Uj#U>3$6JAD+j^UM0IRswd?p{EqCVk1)r%Txo* z1TO+_USlZvP1}^2Ef>N0^r@%yVDtf_vqS)61H1YDy+L6WmrC}gm_fibfz3ZeQC?G1 z1F{pK{U8Hlq-+bPPXb|@YnPys+kDh1!}qsa?{P$h-Po_m$@-_=)Cnr{wl2Y!!EOjp zGHrI!hSPZ-B6P!HD-V>zyyk5YmKk0P^GPP4&oBN2-aZZiHBhR7$PVl**9t2puj1i- z@98;jrayNCsIaN2>ALjkCRAGiP0h`knNnv-@P-4L(zKsTk%^O&4+A#G1Gr6CvX&jr z6PT14g(@$|5pX~ep(TKoRY;tYrG#b=l#P?uEWY2=C!ioUQjBkUm8Z#EE&g5iGy{s* z8jubYhDCXVmP;8$`8aA83n8GeH`KW9!@f;fN^|o`Z48d=u0hE>-&4KBfN{&$-P4Dw zmbg>LCt?-LGxLrj<@OWS{K??hv{)^t9I^Fpn3pcbsur>-A#K`(0iw5rF=Js=R1|nH z!=NkC;$pSoeAT1jBwe0~$~6@i|KZt>aRhQ2zLL83Akf2L>|WYU#SJ!Qv9Uye-?Fk3PvMPOI!yev(CFLBm}qJ3GiEF7UW>r zPE?nD`t%80tH3u>&DfWnFwu{}wz60^$gy>f7!R#Af{X5Os>NhsA>7-g4ZdFG3FISR z;dhqUsH7imHn;UCK_C)majGsOMraA67DWMhT>Et*?H-b|amP$_y;1rVx2*Jk_*r3L zx0@tu#$s=}_yNSe>2W2#dGkg)=WZ;^5zue_pnQxb3XbF}`tZT?V8R0nK^S7*m3X`P z)SqJ5DIHIJpx{B_@n-Y&($dnT+Xg~uH|2r}kc{dB=m)R*l)jmLR?5}M;^67sajqIS z`;5F1vJ>W#VEiAmoh(R4sUk_Ni67SH{bU$;+{u){-ZvaqpO)Ji2TNgUq zf}vxeILgb*pPnByBz4UrAc$)VZ0Eh82#;q||5#A4y1oucK=9(HBmgI?6_aE#gqE(Z zE8q?QF}{8K7Vch^VLkLP|JJ0`;U55pWRdC80aDO8o2Mlv!Z$`T!qt}W+I|9)s^VgY zr%&HMD7ekZSx`{G$fHC zz`qyR-2g-W!>q*y0oa0`x;#Js76Zc{$ngUUrvEI)`un$53W`7K{`<_D(r3E5hD09d z(0^GDZbtMK;KRQ%Q~=St)eN9R3d?>_Y+UCw+XkN<79!N*98yyCd3lR~d%-*aT2>-b zB6C9{qkoTA(EDd$*+7R33kx&$nup*?x~N&$=`n=nxP&y|w+ACbC}B-1>}lH$*D9v& zB9&Ryc+YNn;&qA^#POF99K5XoOCDR9-er|kR32z+EQ!fG+gN*Y50HTW*XAKvYpC6&n zz_f>G<02r9Xln9sa~Bm9)Bq{;WTSzen%Wy|eIQj-kdqT)W1xjUgB@+ax@@;On2z7=p}*=lyg-Y%XeroOiWB7oP2!&$5=cOE`Y{$zvUGPuz;};(3t_45EK;T zT?hSr!B7|<$jdo7@fqiqm-7df!Q1O!TmAr?qE-rEN7JQ^pk$)~2FXo4u>D9Meb=NL8GXWkc0AnR|JdC5-)oyh z@TcV4TVab{;oZR~;@`Nk2&KS3o|BEvIB?1#nvGNMqX&?(8SQ6svA5#p_;^TLmTbPL z5@G606j*Q=5hcUc3A|rX7X;AVqB~|1lv&V&WD3NT*s0C3#PSyp8Su~@t7pID{t^bt zP|gySIey!zZJu`220rK&n6BX9(1^SLJzC7%81vs-xgX&KFte#CqjFqR^-pYiPD~7o zG7v0)kd4Re^Dye5jqV3TVwerB%;$j|Pn>7KTadL7}QC0?bGS5&>+bIMe z)f5pC0q_#Q4-yxrJ7&Q(9r4ZUj=s)+LMuXw>T_G4db9)uMbVRu4Gp-QFBJaLaB)#= z-~O>%w4Q-qVecZ*yW{Ena|tQ;XD_>{v#m{(^1Jae`_xGZu8OjSnK_vCdNBD?Hw#XnMIS3m*yuqU*TWt zQKG%`)BC8(RoolkX{a98#wu1_t6N&+Fp2r>Ezx zbQfy2DKqUv7S*yn-}TQ|8XK38OaE(!+s>MNu;_!-v+Fm?f271%U%hI(!C%}f^>+A~ zXU4_O0`1mxmP&GMQNBgjbdF9i-|>;Iu)x__sb6uC;jf>gN80^V#rcmiS5_CKAa9}ocl#P3dNB_CMgzXM`)LidtI8A#xO(mKJW2KyaUr4aZR_3Bmr z$B&R8ItF`~X29`4NeM3_CY2!+G9VIE64KIqk9U{h?f~0AF)0bWqmsH{a8^-KagVM9 zo@O3kWPQ9}0C@P~?Cc$<8TsM5V)@`ZD0G!>T&&pB$vM0_@-fZ;zk?rp<6B#N6Xad0 z;S_HOuuP0=^t4Sbwj7MF_xT8xRWxj#NSoYd_qCp>oLNb^mPyZoWMa1X@x#e{HN{{* zP2%1}pVj7`l=oI=?RS!QKZe!)MKXGM3Sj-xkO?JFaZCL zSh3)&d_>*whX1LAEQ)!JoQUb_ZSpS1qMgkN$awsRXj}HA-TDUs`$H5Jlmo!8kmv;) zu2Cp9?tB9=Ip>2ced23Kf71zgo~GV z^F^o>QEX!%L+D^7WmG$|aYW19%Wk5w(kc>7MEoZNi>s*U6`_#z>#K>gPY6gX2tL|d z$)mWHGt1}u_z>R!-IBlex;RhK*K=vvMwnlxo%G@T3*V!e`mi`sW$sMAvo0IqavG`k zue;)M)P!nsDnGJyQo3$$3x>wDTJH>6{UuD4VP|Uz#d@z~c6a5?RMA+;LVj{Pw{dz( z8bj`KcIOJadEa+V6Z#pai5AAI`6HBAx70DMxm)Ai-$DzNK451}Nu^0JYaa%0wq zxyOJ|(ahW&GKBZnCr)JKGvSDPfmJf{35mvp!sBAd5rpc@)rsK4k+~J??tXwmF=3FH zYHx2Afk>>5+gw*S_xTS!O{(L8lBevv|IVqM$3)!kwlEX>w|2RkN^f}wZpJtSj~N(6ggekJHa(;%K2HF^dqO{zIpMY2R4V91 z6HOjqA(R9Zb{}zt)K|v{ni^hkC=ue;?2LThuC5-e9MPM-7ep>cLNa5MV&JNh+c;JO zleK2sr&cNLXuGEn7tike>u_+*Bu(r4eAbI|0fk)F$Ra!Y{#yyMQc_bAEzgpAy%;dB zRV-kP%*$iRzOB`wH*b1XIS%$>U#Qe!4tE#E#rz>VOqzsrJ8tUTiq6~~?jF&Rkt&gq z_IFa%+ZY%xv-6LLSpLN9R8{PBaftnx7-$Dy5ab2ZqE02_C8M^6UIh4l48~e;Aoj zk#`3sB#GtP{;>-}c!2hTPtJ9Cy3-5TX+u>8Bh&WClVs2`GSfaop*2plH=WSiz0d(>e+Gtf)puxj(PxaH=qkh}y57{`cjW1CeqO3@M`a zpLEz(d0vnz7rhakeW0!ECYSS|P$euvtK*%1!pcRFvD1!mY^!xwN(?a>@ek+mncaLk zYqA$8h_-pMxpgjGkO&<+{`8$j|N7zy=_hxsRcx1DhC~RU&|od}^{eX~J9k@UR@OAM zn7}LNPN%vIkXVll5)gJj7}Ng!`c zxg3iVOMF9;TPk?*a|xdyx4xCab*#;u?cJSS_JTrbNA5)p<>g|NM`tn=#$c2|eCxCJ z>`V^d6`FRu<3IV@y);Re5PyLGlOe+{#Pu$K)eh4)^2UnpqV!o`gXEKUSvvVYp6+yb zouJ^LYJ!QPP3P-dMMag&PBBYp223Ki(eJ^**YWXpob7pI8)wEAjGl%0noi!+&yAZG zDK`oKihF#3x0iP;!PmysJ4Ul#y|4ffHdEx4K+le5dC$xH_2d424DEY@Etjts zD16(x_?fezO?XsZvEhHGH!ym&`q~L^8-?OV)Du}a5DcU*77r_IasPsz-b23{95;(oxQ13S{Hs;Y~_c4<%yL#Xu3 z;^M(@!+F`;w|`*L2i+FTsh}pdg~_;-#@egl6Ag58-Vg&>UfDcwR_?3!LB5* zr!J$am*C_xta0yFaJT~@@_K+_4z!8F69+>Vq6~0gVN9G1MlI5SdxYy}yZEReC>QaQIpuL=& zY%)Jdotz^;@GWS}Bkx_Wn%arg=+F)d|oP%)*(Tytf+`+MNG|6B?2)VmyC-_xwI#Ug!J>sHn8Y7^&hbn zq97yt-;9R>ie>ZgrY3Y&^NWUt0PvPrh4#I`KSC|e=iP|5Yx{~***2@X<)egVJzzoT<=Pnu{I*CAFC&CbG<{ULk1 zt|9vUQQ_ftC<(Z_ z78VxDD=HKf6o3o&_3Kx#C;-w5Y)c@;jJ&(^Q2&)X(mZkK=ic5Y#vPFRd83ybV?#>4f;eUldDV|D@%aLj5-8OHMJB#&I> z5rMwf69V2g34}X=7!fTsnWW`pt*qy$>8tLiK8xudfOkITPaa=p{I=r@?tj>Odq1Au zLCECm?oR=!#QgIk7+r)6);E5$NOK~>N_h{P`3bb65SLT48j;-b=Mtk~l{L@^_eKZu z!1bP%K>eC>Pek+j;oqiw=$VT0#-73#cu>&V^o1~MIR><$Rsu~8Ku#-J{A}@0M@+x~ zse~EgcGV#v?eSik&6l$LVzl%}(@7~9ce|a-uUi#92Zoly1zl*^sxvSeh>4?sX9bNI z%;hW61W3GyajsmE+WA{5=lkazyL_%L;p&C2IIkh3J8?h3ByBqUBh8) zMsOizO;7=3DgDhG_UbC8=46L^m+Oq7>NGbqJ9e-I>WQ_rwUrgjv`JHna{b>c z8vMu3ZvZ3a#*G`79V*MqA3Rzjd!GY=Av9(gi$rL+_I;0Gnf2{SA0W`|2`a$hPqPc{ zIJm28n1u76h`eI#1~oM(md9^-qvhwY;Bx5~MumnhHGGB!3_1+}OW;*hq`@97qy75N zHT=>6^ajH#c_yop2L)s*v{hm#bgs_m@F+vmX2_0ZDE~wY zl(_(FBR$@E_?WQ!XOagr8b$t@>K!>1d{XL8VPRq@* z0{G^@I&06tt$g^6-X9llAV+UvVxp#o zvc(;hk_^L%$N@_Lo-0S9*QJwFQ`oAy&myIqJ^-5zNh)A*z?g^?!SrPXiuuN-HZ9+p zt~EA5Ja^>e?CkX%*2n$m!Uk3xITT0@^8lL%P(D&!PoH?Z!4Utqc=&ev*dyRm2hfUO z!anvW1=?I|U0^AcnDOMsSUl>zh@7(3Gk_*#egE(0AlZe4TJruqT>uUjl|}G`gc3B{ zzys{zx7sU#?cG5ba7+Mn$xti`Ka5@n&fIQK5a3H zmInIs7z2zPDl<=?WQ~;J%Avp{0i;)ZP0dMJ75(A~UEpmtJ>7dOgf#Y2{%VrhLoIi8 zaX}m{U8#*qhmUu>qjU%91RJgk-U1Bxf>)@JAb|dcapAlgF9C<<`}Yc1;i=y+9^9=u zr~eiDd4O~?A42iCtcpYsVeXq{gzI04Q87E$lW1z!y(Q0)E}Z(jPjFiSvhF zXclQKu@wHd8OB7#ST^tw&Yh|N*4lwgG?YWcdF5iEWx(c9+G`OJAu1@0^+<_a-`TlK z>-jOG{GNx0+ZRi-5B`0!06I$9(@%b0UH+ zE(RsXlL2Tmp!N>Uk#I@Jf`ot-3J^ZlX&%iB*($O{7yVH+N(JgS zdEWrZLMkL$dbM$}`isjujjllq`iL|zECT~Dw&tBG=5!+hDd&Zz^S$dM7bLB(axlW_ zahG zmNNfO0{YQhCp?0u&ISn76;Hg=pInxu9$i}6_h<%q8~}-wuE&dg{f23v)7WenMb&9j zbLJ|pSvwT}3~B;kPIJ3MZF#`^ZsNauD@JT0Egfr965d=so+1VG1o5w^iha|KH#is) zAUy$S>~u(_wt^0YN25MyD@EXN;pFyK90izrgR^HYt@~t^xiH*X^6fmcco7SV+gaah z7zZ8R<4m_JOP|_@2FYc?gG(lH1O_5DPj-Q21j;M|5rLH%5}fq_`b%I>={C343@ z5b|4H56omhA^;Du5Bo=1`ei{342;>?SyUgjl&XA_1TbH0P+-bDV;*26E$OY;@(&0r zj7X=UM1pSpyo0B?xjC;p0ux?9+AzSmSlOJHSGzh}oHSix0nMiF+jm?nowBwVOhJHh z<)T3HZ=Tko-ZXb>A!TyT(DrJ7n>RG^ICgX)!Q9(-Fnr?@h^kgq#dCUrYxX=G?3(?97-?e z*mnHwVL$*aag6WkUb=SD6RE??165+^?v{)) zYi1Q5dE?0osAG~c3;?}{#3&g|3W2nR%}?K}cI4{ue1s^>htr5OnRYu?A(g# zFo;~z`M%)%m|#bxg8N%JDIGYRn&QpQv>!bTN3WDt5{^X$5#uLYXuj`_+qB#^1V4BaPT{W!CpLLE>uzVc%55?=xWs{>)k=n%e1J@a2+$9#TxVB{`(Tu z8*w+?-KqVy?84s5ok&N=>6%D$lG3E}$KL^T?xXKb>f2J8*XnW~*HUg-WcF|7d313L zBFf}xbE9a%EG3`hEBKe6tS3+KWG}F z%L9M&fET(|FTp!jZdgy+@E^#+Bi?^bsS{IEvBJc7@4?I_5v{UkRUFFTKhpob zf~vb;Jaa=PBaiNC(&VjkH5RZfkL*g&=88v08iVOu{eJ5yUx2T#u0$ed}lR zXJ?AHxX+Gv-lel@>3;2RSWzNv{9VMrGb`?!x5;e&2P4lpy7lUIEp@tufBUWO;!~^E z=_sdDCJC^?8)$pd-x&On-}iuY$# z2`Fc6Y9k0@_jJH)S~^#?d@9y-a@jRnm!#@3QUw$jMn+kK76Ubn`L0+}*~Ljl2Y2hj z0XN%YWIgK}GwL~o8X6Ev%D`+;TRn-T<0hqmL7$69$fiT_DN$2yoA}>&V zX5g4m!Y;!UB6+LZZ`*IOpRN2%K3a;JCPc-go2H(9ucPFLB1I zLT@m=e$T-FZ?Lxhh4I|t>=vrXeT^cvy|&a=+Emf9zPNbq5&V;yUY$k8S(#uNOF8Rl z14fqL^6u9NAl2{4s*tA!hS;0idt1T{Y|~3`&`{4F+aW#(lP(-gOZ?rsH;M9&tS$7{ z)!9uDI9|`o!`Xm#X_0*D@}ECk1IV9UdzmKuJ^WMmS2_=n5cbSR>iNm8a5qwKC=U`Q zhg#Wl7#@)@IBcMVRxxj^uY*N$69N{De+DOWy8nXaZuQ1bfx)7$D;D_BY~bJu=31ZR zh|`z>E@@eyR5Q0mB(KX`v|&Fc>t;BF6xXpjb+6?%Es?E#6+bL@MElKlrBA!>YQk() z7q+Fy)el?jb>15CZE@HUnP6_^dT8>J&&6T#i!H`jcR&g9{>`PuEO*W)$VBzA7cdZ- z?_28!bJ)u}RJGS3MUq#u=B{ab0Fq7|PYHQ3)!Mkf0C1ig$;{1BLrJ9!{r>Y-+-aDm z^I+Q7e&4-q{Mph_)zI4;FI;BXdkc$r_?AV40s#%ufPTh(p}DWuOzU>M!P@d?RK2$2 z-`@xO4(D3%lTESWkif4wPhpEBXmE}To$k%Ix#4y#~*Wh zwZLcSa_9@`P;R^L>dEvs9XPvH-|i1MC>88~gYDv4(tf?~D0IBCrKorIXMNWHerbuB zVJN);%?(}L>$X-)PpkbZwW@_I?4hIrW|7--#*9sP+gIlDg;k%8Z;w%jn|WD{F?|ta zqw-OWHRY=Wh}pSWL*I*+k)>(Yk1S--IZ$W@f!u+oDlK1sE%Fj+AIG+T04l!4Wg^yG zIUsI*X5PKHz3aU+cFDNo;%`I`eWL?C?-Q1Ql; zbA8QeLVLEe%+K0t zgl_7)BU^mlu}7lm7sgCi@Dl2BIy>;j#qefh$NpFEteCc=H~wA6FXm;XW;hK`Npvgo&)7~kT4_a@h6PYn25(`F4PpWW@FBa+r0KAxT5gGV`2 zrAA>BzKR)kHja7(FYB6NeOAU+6J3q?@& z;G%c7`}{uav^M~xa7dg&{yU#}zuSj7^k@)v__7o8M}^aKe86o}@c9m|t3G94KPmr) zS~GPV=vK`J2w)b-@09N0^)n`r8D^^h)2!e6;P07@9{gw}L>7aAcoJf$rDfpJ&^oq( z|5l5ryx|I{=qwqux87Re=fH+52iSB}wBwpROkJ5Xq3GX7QXr7V!zS}afh1#gyJ}*= z=Id9L7iSrdx4#Z3Sab^R+aEsu4*gE{em7zb+g?txZz`@fA|I*$PP~0_ck|oz&NwCe?~?Gr#Vh3&1T>E3 zvZwv#`gdHw>iR;v-*4v!fis0h&6Sry?LTWN)BisfK$tv6(nzOvc{m_oas&Ubd)mhR z@m_K9WY20iaOE(aTGWJpq~?^PRy&kj3AbF*z8ocORT^;K0q=3t|Mj#o<)A*G?ck)p zo?2C&mQGC@lO*1BF;Fy9MVBwC?@4SqAB^-aKCaE!jFM~@7y0;ArR%~2#&0MjM?5U+ z0m*8v#GMr<56RArhH;dih!Msf#t)=dPUW7MtWL%^WP`-WBwBe?5gN4-5@ zX`?b~%3+$rb3LJa(Y=+DIxFCEK|FT9OKY)p2bI6?zseht{haNS_e_M({?&J^q-;y2 z^2_D=eKA<~qh%+(WM17I$)XK~Eh+gTd98AscfYk` z*;waA3W5Zi^|iN%`HBN!X@l#s)Tq7SPjoQEr8k}qARf62nbxKy*fCnfha)3snt>7bzbr)GzjOv z*HKa@c!nTWMoN9oPw}x<4xW)4DI7?znih~HzPWKWIf+5S9GUl`aoMs4h+n$-d`A#; z_6c^sZJHt}1R|^HO4V(pf+&Um5IKG0%`&esUR4VFJ>-OQcJII3wqWT0aqKNEj8v(l zGSdH05GIq;*6=&JJN5-IpH)MBg5@EpaV7r?rf0Lel>{-Z`%;AfXU*;Z*-81j!XbrQ->3kD#=Ew;>*L2fX*;7sl4eb)t<@`)wj~62$cUYSWh{H=p|L&$d?1kCy)8a}d2X zsV8&up+x3HWz9{f{l`OojKNyMSZT#Q*L;2J93)-%y61HJntNUlyF+FRfT{CuvhqMPD4%6Hz-GQzK@n)hsMXQgFQd`X3S@%5&AD3wxf zTjSis3+O`x8OCnT(SNUoFINv)GW-@n=q+^7-bnh>qrP%hc6Xc*oD^S_$2}_D z-Z+Xd9J4X^Bp&gvbCdM``Fm=)Zm*MC$+7X!NQ?G%?{jcxOt0VZTS?{nS}fl$j}1l3 zO$Ji{j!KtO0&@TJw$6`EJEM{7!mUT8(Jyyq55AQp-g|FEm}8TKB~i;YN;S1#(LID~ zuT^xbuZVFcq1J@`LXPFJH!wGL9)znxe0+uiM{Om9bx7VD`}H4GIcw9_)=Gh<?!=-9?(*m8nz7$~Q`4oU3u6@Zn>U>0@$F z&`H$QGpSCcM?xN1D3-JI4vPbQ;R$ZXv@Wxjz1h57a^c~7%V_cP7e^TWH?4v!w5EOw z2Q=Wua`Op>)%JrMfBNEa-OJBM22MpZB-qSyzft= zZca+i+dW5aX7$rQti1|ppI1hf#Mh=`Q#UB&&yzgI~7wyJY@jKHE%=a7cwaI-0N4Oo4PCw z*fQ=+(md_zm%gy{ByVVHi^ya6T%spo^}Au8EyHp0Ad)Fk^nTp7{^utIT-$-?e*f)r z1av>ZZy~rUr<^5C5zgOUav)ej^k5%%pd8$tY_@C!^6CrTD1s;Cf1UoO(qVqPH+01(UFSg&|%v3p$mS!yLXXxv2*l!Fp zNon4@z(K~D0M0wOR^tI9>WCcJ)hXNF#F3Cx?)`bOqr1mx&k90HCtJE0&PmYq zfTl5tl=t=3<5h-AxTwqkr+Z_aEY-{lsOPoB7;A4{H?@E`EJ;@}hx#1jyPVwYn5a|7 z?l)uw_xHf4Q{b#T9=Ab>ZYEEttV?u}n85++#@m>;| zD?mDsvYdOkVK0td5)!!7Gh+Vb!j-!Qm9+|j2QY}|PkS61RLHV+VrLj81buvc`s%@Q z-*006?Cd9>lCrMHV?rJ-Z>n%>rrS>aI*CGTlo@&|Qwmkn<3|@gA_{(l5swU~ms_}_ zr2UiE`W_BpAlVjhuyfCbeI2T-;+BF`*z#ax?&BiiL5UvNv|^|{kWu@u7!{xoDj0jx z68?OX)&HIXq3m~Yq!jAC<(SNO~($@K%XWdj*M;5qzY6u;fj=df4Mfu)!o~S?-nR<2HD}y(o6U89>SStyZlhy+ef3x=;nH63MB1P`u)P2$5|77qgF3N?*M z^;_p}z15w?3lIpzJ1rO#6Ua<+N=RFZ@$ZI@(J6rlm4RRW;s9s?xj96CqfQ!TK~JPa zz55y$&Df_tGWW@_3cSk^J1{Qpm+KBP-6F*fw7FQMvA);t8ob3TPBO7VT0Gq-6`r4Y zjnDPyc zU+85}48o!gv;~X~&vK@=|1Eb2j7t8fC(Cm-_QLD|UmcfVS@k0%jDsdm&3al&UR?V> z4ypLQSDE8{tSPxQ|8Zd-Q`j!nm*gvi$HGl>N*v#SUNj8Z^~|(!fs;5qagGI3ZgE1e z;&X}9PS3xxVW-^nwKf*0mUQ)16v?8 zvoGAJ4Segt?xd-7j0Ci8#>LG;)jz0@y|v@=DyZ&_ZT}Q&$bd?@&F z9(&5WzTw1ux)oHXE&oa9k8gRYt!3<7$@2NB4{^lT8a=$m)`;sK9g%0C^$e&>yxvOU zQ1jF;YN#;FF@vP)N2a5q>|aJU;X+FkkuXGNK3f^9YbcdBEjc0%!%0(hG3^yO_CSOc zx;c(~iFC2%fQpr_e_2>I9Ep*6-5;Dfyf4g6^pqec1+|tMIusk_j0UBPcdV1ot)x~M#1Vge2=!7Q9L*fow|{ckPO$m zWQB?JV+fp@rL~?5DP2)i^1G0ay?{SU8U|0X{WT##{?>y@VhjRlR#N|4F-oL{gD)=o z%561@0l#GFZ0n9!xX0~Ef^YcK_bA*5Jhaf?bMIr;Nlp#!elK8Kkb1EW7Xk?ks5O?s zoc7oL3a4AE}PtFJk!!h+JLCfts+im)c$)q zg7BAq`+}Z&Pdp=d(M$=52pDvRMr;%5!ZH8iB0pgWzfng*jPyT0;XJSlVBg{1(uq*R zP+3fIvg;jIv69aW$t@g_#6!s6?E2{CKmVgS&5{$feN0ZKXc}d(obq;nDXmoDc|HCm ze_G~N%^36vga9?ZcQ|*dTcDanls75PM*D?#s%#@n@U1v}Wc~1vTbO4!+pg~et@``N zenjZCjUKoIWS+^&2MN@F*#vd(Z~D_o7m!(x3DB1_efGRJv)=<}#CKS*NPpX|#Ph+_ z?_+eBn~G35Sri=sQ&mb>Zp43}Qmy8;A9aERT5&#A4)*rDs5)hyuf%t66e>y3Q)KFi^c#D(h zATY#hU-2gcV3Pz_xc_>tNPRpQMpdmkv&};IYvqiZx`?;OVcaPYrqF8=E1D*oq^+ow zYe-8?O-&PJuZ#P-dLD@>cXt~z*)wIwzt;d7LcE+FMmGf^CMo90ECD8Kgzgie&&K$f zbMtW#`VLEb4>Lrs%GqL?=QA;(;>Ai_yxjP~72`G(I*5k??@Eu}olrsoAs{S}T_M(4yS;dctQd75iH;EB8OHmT!oCVqgDJdh zloSZ2B=bpgNp_Zt=dOH=%SgvbR<8*gHHbSzLul*i*$y-KS}sr+QNHuNY5`i=5b;>H zlcV(XjX@(+`nH0pPH)jYb%DrZLYMy}b+Ep9cU`V|U|$p(W==C^cwJ5_4$|Eo#2dO? zH7oE^BA>m<-+wC@-5P!8%@`uE#~)nr-K4SbD-z76(^r(aDLA`nLSRlSYjll&kYn9l zf5tf+>aurw$Vo|o8XJk>i(yzqPTNUdv;TSX5-m#5QV~cu^^I-wJ9+524ZTGE$PJHi zn96);K*h1>J79k@(`7FFLWEa;mo7NF@QuwtpV>@QlCv08fHhaEs%L7E9!YxSn*a1q zKcT=~IKVOh&8uZ6Go7y*rJC2dFK;ih-&5$ew$(QMw5)d#>dE2KSCu0~hXixbcDz)m zscDS1=<#en?{Z_2B1Evm(coxke@N1D>9L|i(ziE(fE_9UIN1W`z5L4N;iYflSX|%C z714u3N%^ExGHm$ozshwh{%TOPBiT>(B=KLUZMAh1%prj*9_)CbB0XTTZXczSnF2ZU zTt5&BSn@k37jQ8Hq);DxcPBC#RSnwr6EuM^#Q&hLS*^>HC=`nOnRK_8kLSIAGM!9$ z0qm2`CNuYo?h%BULR#~+JF{Syb-?zo5%0Xq(EP(2-$X(U=PwL#}YRZKCpuac)ucPc=` zg2yfSzZH1@1^#xOvit0DRG3mgMZXEnEAPL{y0;%V1^ReLY=+s?uV72s_WPxaFT*e!PF_ z(wrPnO#X|iwsX)~8-ttrIvE$T5#Np8SRcQ^wtT*pTI(y{Ez^odqpXwI**&JwJoQrU z3x8T!MS8T*)H?2;RGimIav#(R*t9LUj&aE4zT7xxPye@rDK)=bNNvh8pfSyYgBX|9 zws^;1s$6$^#)&J1QY#|rasJCXAk&fJb}8{5qqSC`jwX>tlbp>om{MpR7XlF)(JnL8 zG6QC_5+NUnkrf?g^z0-URI2DEG2${%tK%yc-NpPd0Pz>Tb7>aHBoOq2ixXKRu?D-z zLNsRrf#Q1fQO4fBpY*?7V&*ceMZ@xeb8&i+<;#~^djneB`@Q8DTT&Zl-NEuHI}g&D zZ<0rukGPs|m(OF}2U1jsO8P1drnIm3?XOw0)Huq&{0R(z?t znAAB9YB(ssoeS`oS((DCBR|Dp@5WU1*sNV@^)i$m$`25-Y5rtyw*9)SzaT8HXwG74 zTVUPQl{Eh~dB{jZoIDLpQJ1jBT7}ndo_0lh3$X18fAK0W{A3Bd%7OH# zCqvBp{9j#f^P(>svHK&->_ls@Ai>%-eGxA~VL>UHWjb`T5U_u?Ta|AxGbR+4p>m zg%QOl28B$bMn=mA!79VfQ24_h=Y9n;;FukTU?R1(akV3F`-}`%=;)4FR0;s;gZ~dj znwDC{((V&UXQTVyiR#5?%|gqPRrbBW>YBfpe!prqVxe^p?1qnKYA`7T&$&{n}Mj-9HnihCku1 zpBRgVfWilUp$8)A^USP0%k|_WQ*x))(s3smCuOO;r&l9sy9Txx+sJA#HtC~C7%*%{~DKg@lBZCyhNE35rTfeOFBrs zlU*_IQS&=}L7(}otf^ni*gKofOSMwZlP9mqnGQ zd~;&ZnO%?ixs1KwLNi#uzkcYdp%^ssr*w5#v-{+@OEb+U*;c;2_FS3jFM2nMRkMeLnFlP^?Vbsc zL^KPcNy>Hjic1}uyFZ0~v(LEAVRq%7(9pf`Iu_BQ*R`)7V*aV;UIEOg1>P;>$7D{5 z@2_Sx&t^~6HH2l(O@Ly@l!Zj$)0f|1L;zMa4EgJaE3@JVQPnm# z6oK{qb%9^R*x`80L$1i97FCng%DwIfbfLdoCKRCBxT# z3sB+mlI_ZU7`^k41!gnwcQF%HIKjWZPE>F|qT4K4`hoV(h+c?78Dq#o94fObKEU}d zMk-=im54en`7BhXDp{|C8KoGs%&`rH$uW!>%i>%83HOt8&8-wR^UQmY`s-CgR7YV z&iR1N0QOI5md<(JX7TXxT=Ud@qxq98ztXv;tCH8d=gGViYrqJ%I^qa?*8J@?fw@I* zYzIC`8z`1VBR1;1E?{#=YObwK^f0FM#q05EEN5kzOVioZAJMLEZC(OG?o1ID$$vITPD#TIN3;jVYEVdH z1hO4sQ`ffh&~$!&{+~20KwTu8)A=gtBy#;Rtv*$SF+Mqx?!=CwAQ3U4{t+ldTX?-G zAP)^5Ic7kA5{M2XAw+(zT2>3MR1o*N5<9l0POmzB0&og*Mt-LgKxT%GMbAY!tJHCv z0!Y2$$S9Je<3YvwKXo}OJVOJsQAx~CLX&ZYALRsvEbw$VWTkAl27iy+`NcniW)E6C zB(yYtJFb{0S`jZmvPk!-T>9xrT z=1?l`!T13Q!Wp7Pu|mOYD90DIB=vUQ4kV+ozro)=&t53;n&~8c*3DJMgj2(msbU6b zKmPU>F{lrN$bX=+3Hw7xi9}z)?8r28HYm-~`7mOo;Q2&jh!2`Qderam{kK~(wJ97z zb{a~WKloXB{V$jJ6DbaZH<++*H&vWQ`mzHHTqF-VDvjN)TJi~()SmKTtL6$Rf$FPq zE6uhJN9sH3Ya?9{jNnbUpn=5mfOTD3J>LtN75Dst{4t#BleA$wXIwe2oJ+QhH&D2< z>g-yizQ=9^;nLfGKZ!AWOOgv<1T{6^t|=ESZN*+Asek6Dj#XnkpzQaOx&NG>lkc$p zsidzY&#q6An!vhIP;pH0IqT^h79Q@U6iM+JhBR~O%-TfK)a3X?hF5TtAibcf=ZX@- zDy{80v;5{vtKH_zEwN`sDFZm%$RGW3d(M*ap=u`*(_q<)$@Xq&*gw^J#%vhaUQF1W zdI?!n3$O^=Wp3=>tk=K1Ufuuh7c#+{t5|GaZPk4jPt`a5BGywT-u_)reZWO$ylxt( zox>>$Bbnl#B$)@?RA;pw%yYf8yZk);(tXq!gMiVmnw+59P4{s^N+5cm0TndusO@-n z|Jk!=`IYRect{|zkMSVLZO~dAy1livce98867b}N?yOAs%Ov9RRCKZ84NW^C)M#6@ z3cZ@XOH*x`Sy=(2V*nAMYVzT=d`urb!iwJ6>q@*;{?-al7;?w#>)pw7YiyN=QOF zGkf@Y@&F81;pmjq56nFNFgNZT<%eP`yHaKoq`1Z^Pyo5tYQMFgEJ?Q@g=Pa~6#$UW6HY}#I{jVKVs5>OaC>T;L#!wL zTxo4A`%7;kHN(Oq)ztAXY79C_6GKal5;{HZ%?rfJ9*vXsR0Ul^GpjRX;bOWBxR;PmD29t#d(v2&^dLAI4;G`}C`+K6pI_LRK|_dEhVW zhklZ55UL-*YqXgG+|^(~RkhE75(#z+8D2p%C8H(s->Uq(K;hux7DW{2pccfS05Lqg zq0V%T6ni_r^TVb#tkc9@Q%8!XSvA-gNI!l}^h11RbnpQ2-w}uO>C?pHz!lme#yv^# zxAP@ZDC&t2)qk&@rxvD&eO)XB2bo*&pE%^Ji2s_fb8>QA@KitXYVh@i2dDK>3Ied^ zkovn;5kcuD6m@tG{Xi9c1d19nm~x9a*sdf?%J}#+`ALMJmG|twpdx-4ED+|Qttd3S zuFdl3^-xM~?c|0Fvn9_9?WCaJrcFfX0Je)0YWmTNnJD`4_v{qQ3N~0oSG>d>1PvDmi^7Bd9dyp_g-TPI?jatj+z~NKSfrHS zV)or)=3b0PyQhjm-X}a)YjFp^wo*`ODv&V*#M2dyfxXQtMJyd@v>S!3XiY%*@M?dpUj9VlaI@JvRYN=^ zuv?VA>r63bAKHaps?>`fneiu;(lZn?vjC?eC>lIlwx-nQ_pgr&+nVkDRwq2}r|MfT z6fGh<%8rFZqvjm&%kG1KRRjz5PtRtDe30H!a7O zX$KCVzD|oyNMa^0plqfQSWD(JGT#)rp%e}+s$X2XotAiEyKTwbWGn~F<(vHTQHB6& za(QW^F@+g43-5OsEqh$Wyg%1`{+I4f3bQS1$!B#}i={3V*UU>&@MA|xFR`t_Rk!)E z|6T11MYp5A9tz=#03fzaRj8npKuOG+{D!CNrwll)G=#y%uz$5kmfzOlcJiQs^N0ee zxX@wqataJ9i0S!+QM=t;JB4>)d%NfYjaurs7<8gSo$wKeUC+9_ZJeCgqfb?cy51HW zwqJ5R*Wzb+Ss!Y-qH18J<2QnUP2~AB^8otlJm@%1S2O}jWmNgXygn|9N z1sV@wgib*{7_@xFE`7mQk_=+0d7mVGgxXOa2v0MyX;hv$#OYfCiM90N?0~I6+S3p* zJU(ggnAL#))%6Mkt@=t@^xS{W@P$X0X4Hh3S;KTcRv{0ZSS=~kip;nP1ZEeztAJ?` zHUtU#UQse)Ri(|maU@NG+mkW&{)PdxcR^JA033&POzgxCd| zGIO4GcO45$%If0+Ec|dW9E|(h0@2LvW@?mNdZ#Lf`PPZR@eZC0Abtt77)c|bPmn*i zF6B_;Q*&brBbCP?ihc_QGbVQZ(MYqZh8ADVvF~4Jn{rlGlr?Ta&83?l{P3?qj}&xG zFvC+n?);?K(V)f5MA6$iX7I=H&W}U`Xb^q>Ly5adQ-f_j--E>MGz!BhK{%1thb|Ah zg`4hUCU+=vhG6l3Bl9IQ&2sD%SYf)an=&s39@gccY#p15>gpU2H}tDuPy|m9SkM7R zrMuII-N(aQ&^9ZJ)zV{2v*=0yJM8Ycx>^dbow%ykS~>}3o8;roY^(&3@4=Ko3joUO z=3s@RBUDh9&G%=KFa7PeGjHEN`Vqw+v(>enApb~3dM{}>)Jzh z<0Pj|Bcu8CpL#e5JV>y@0hlkkdqu)<>G7aX5OMq6_b`<23y?h0Am8jNnfDi)PD}4w z+?Jx5PIOsh>xDnP0$HoW+FS~f-E((Zet$JH?3JnPnLR|DqV zc#MC3dYZhR=Af^kmtZMeAVRsS#Qr5-@gF^-s^~DW0QDKdsmH{$D zfO!$y!(~!tO$^<6);aj5;A3O~?p0^{8JVB&wvre}=%sgJUMNkdH}e1|PVTZmrl~;E zy7s!)ny@WH*vr!qpbSG?p!OdX16X&e)CBXH=g>O$6A$-ujF6xR-+|GYi3u%Ui*dCX z5-PdTy7Q&-q2YQ`+?kpr4^kN7*p_k8sQqqz&S5|V|1v&@nhS~%^0!u5C&`nSPitds zdazs0)ULwXX2Hj?o!>eL#z=xJ(X^F5-6^ zT(BW=)XulFo{k3G$wL>V5vz}aEArU`%#Sm-9b24_=*t!y9PRBD%fsbSH9!mSMZwfa zyo3W9ga|RwC8b#rQ`@nPIjF5eLaEN_WwM$5e+JU4;k%>j$}oiyIe>67ogzV;;lW zGfvt#M3n-fvOyFU0eC*z^Dm)cua>=-r7O_G^^+Xgm@4=b2AB**5-o`#-(+bGA)NeE z-+QP`32iUe2 z{=jlt7Bo%=K_UP&7WVGcq6SmA8UJ=m*XP>tq@RT>Xs^6iIletyRG}n@{XswxV5H^A zO%!<@Qt8AT6mBoIl=HM|q2#LZ?aBB&VeVU~H;pd01vBC)x zui#LzbeTN0@j_*~bk+5=(HH2Z^CVml;k!2<)mt+E zeA=3#L&{b$%U2!Mzz{f~G(N42jRAvx0%Tl%VP)GIgIvy&&|ilS$!P>~>EDobMhT04 zlxK)P;|4F4f=h-ecQdG}HA!5fzR!Ps&%mK}X2SC(zqWKl}Ef=nYB%0uDz#g-=x!2LxSQa*W6oYbl; z+t`2XpAbAXbd`kp6M;tmY-0bkt={zf)75J!XPGp91XMPBrCqDl{W92FO6hSZ z3|$O$m}W0%=N6t1eNIV!U71rRYcPY?en_ePQHfzLZ>3jj2UcJu+9C zBp@VMG*(G4%Lp5;)K)_^nBRZvG+6MXh~@M+5B;7g20^5la@g{uT}4!l3egR)->DG8 ziDSCra|+iQ^wXb00x6L&f(KNUUepv|&*3PtWpHh8cm@P*@XIAl?N6UZ%1~sfX})eZ z!5ZNFN41)A(Ei5h#!uRO?up+r)lyB(cCLSN@NY}P5I}>~%1X9Coo-DdMn-2Tf{uWb z780jTWiq;rNtyDyZZ9*S{Z4Z!E;%&m$tD=zNn?SF~wdU-!2#U0%z9rEq2zSBnLBlH-hKL}i^3FxD$=Tl zAvHyw{v)hLVPPWU=)>QYhUJmSp>l%{wyyAb_ZA72sgKBG(vu8!YILS}_qSZ|g-+Mg zwv$-_TX@EE(SCPRK4Rr4-l~TRhT^*iGBDz0_nG1XH?f&Yz^I81zN@I1F z&g~w{K$22%nXl!5$9deo*7;(hZT0QWHyNXMj<*Y0t@#6MF+Wy?1{?%`sTt^BZ2Rmx z2uz;F2MD=z<+e7Rng0&MFvGsL``)|v+;h%7=lfY{zb{>x_f+6Uc-P{Q=P0B8so*#M zxr*yw<-Q3V=mp))%h_}8L*ST@1VNyb`sa zjhb~UspCvjhCl?l&O_{H8;h#9*stA}M?9RtXimUBQgIsm`pZA7$M@Y%!XwWPrZoN2 zKf!9R>bC_@A7ok27Jm{apD_Ggk$NTg$E7D8hq%rA z8(Y`ik?A=F&K1>9K{q`Sy25D#-B;-#J=Sq8!V@7-|NJ0oaQlbcuZ9o0c4zZ|AN8w5Ir(ibNn{%AmP>NNLAtY zv^IaKkZHSmoAu#2X_ao`7c2evq=u4S_vJ_L2O4!a6UpliIIYGc-d&0^EeYOk=m+1LP=@n8@MRz4mGKJ4P!;_Jzt;5WPUg3H&C!{1fwns;}@3 zjpvxH`Q|Yu=EFA>432eQ%NSVGwm)BTvnN5lW!~9O6Rt9Io_J);t@>C`TZgz6tyxbY_q6~fxI`ZFU(fn3udS%=O@2h82G(}V3HMW zNH9JualiKhlRh~yIw|q1fRkIY99UFVvT%yEm0)AXs5h<7(`tCB7#IkG>>IABtlhR- zRw{Bfvk9#BRFLhntYl$eN6E#3%j=rTu85P9NNEWyky(!z4EGe;^G6>qBD~ah2zN@e z0F&=&S?P$wj8ZA;1I-jvaHizkK}UL7S6i%DAyY%!!59JDZuh0qX3g(UI9!@s-#!&L z+(x&1<1nis!*fM^w}L6?v7xbt`whgvhyrpZWpu;iXciDHiNV^Nnk2z4rx?0Oi+}-$ z8!DxXtcOgdKp~l|9=AYO9F7KNPXkVmzRlmQpN6eW)(wtge;(N4a4&IDOt{Aij$<=F zKRhKfwz7|*TE19Kp0pMXhAonIT`YX!G7gM#`}vgJj`Rf*&hi?;fz}ty+B;L_KHK06Z=g5*sh)QuvOmCKr##TrktoA&~EqD zpUfmW@2p7=dJG)&{nmWWg&wK7H4Yw1E-<>ZONuJ!+O4{Df!}{AA-t1j9-9*$JWb~d z0nyr$o(II_2>$Li2Ugf^xllyRw|(Md=VHvrOv$j+_T|!ZN7DUW@e8O+d_v01|L1tJL@_QHk&`N_i-Jp{>bFx zF(u)b$P~86)7)s*lc8z5U=cIBKlCUeeszii&9N<}@%%=o8h&tYS(>Ep!M0Sm^y#60 zy-svl;l*T6(dx5ga%d10w}HnIP@b4N=Bl(@%gCCdBveB(&~cXO1!sU{%sWAc7hK_B z!Y}Fun|?AdH}dQm9rUX=pAWtAu}~CeGeLuJj*7Ns~#9G1>TTXW{xxEzx=b01s-8E_Ab zjc{$B>gp!AeSZzZc@!g)j@VbTC-%g_HJcI|DIa|X?&Nfq_JpMKr`};g6Um=&a@E<4 zg$7}@CEuNRqcjXFoqK;03kJC(|E_+`xOh4pm+|7saXd?&RYI|zI+Ei)6j+c%Ay-x} z$5`__U0YYbvR}qx3EQnzC!9Ce?^yKn&Inpp?dy~0@YK9;=Bm8tYGfmjIsRTDqHXu* zMat2Lm-Tk5-FFmoa}87R>0lCrKo4=#(szP~!rQ)kZj-{|29hmso={ck>wk}Yc`m zuJs1WH^()*2k8ZFLL9pOmeaXzm%bC!A*V81@u!GH^yc@OI(BLk$CXtrC~BQMfJZf=W{?b7~$@;-i-7m6NH{oQCfE{`q9 zyU+^p+z#}NXDBI=d9FixLwR(gG+p}LpWQa9jvS)U#a!T%fk>w7MXX6DyRid4JBfVO z)Ll-)mS4S|Zk3Zfy`r!PIBLJL|DnkCF@DFT*Q$)~q>a!?iRw)Rh#oPQJ?7C&Cbiih zUf%6bP@&Fq=b|{<9up%{Q)kp4cLcNG1;q;Z`7X0_xe{+Km?-@ATh$%;fgjZKz5N0_ zNTZAOn&fyYt0+w)a|2nAH!T&8-@mkJ1{32!BtehYz*PBu`-S;-{Zhzac_sJ57O zg3(LhG#EK-2(fRG^YB^Ee`9`vHvTc~$G2gg_Ve`Ph)5Rse-$1;LR@f5J)!qK+LWpJ zU9jAIi!1C_#$}>x++MDs5+(O66v8o3UGuMt9FxJ={I2_Zq!-4wd?TK8;)G|=Yk&Jy zijVUh_pmqQ;l%kbY(%?XWuJaBc}%YOj|fPG!~E-{=WVY*P2G1SN>jcPE@GLy%P)Tw zC~N&_I{!^9@OVbVZNDXp*qO<9OCwUgTNak1yy;?ti{hQeXiqK^E4pLk(*1mP6`D6n zi`et)w(H|GV_D^3IC2_?F9@PKs6n`pH@Xh?ZtZF->!(&+*&Fgu1Mf5QS=A*J|9vyC zm#D%UyZl@WGgKgYCS&d9uxUBStJo%;BL=-!k|Yl`H5jFPS>hEvE+TF)VI%eF%@{LE zdfw^t@Omrav3& zEN7Y7d>elJ)W(Y1@vVC){~RH^+UXT1ArTSqC0Fca6~JC>4sPtJRBdg+QQhSjmur z<10>L^ii*QIk3R7HsJ@~9=uKf3|&M-Cu=yRxx<1Lu`H~pksJAKFtyJmC;84oUW|>Z z(*u;}^7NJcRiATdGs*4X2<+0W%LI5 z$Kazh!Qzvy->0|=j?kX?7pImcdfG(V0O11I7SGn!tFijFU}N0X^%(Fyw_F>iY^1Mm zby4w?HApc`mXO8X&8&OiuU(|p&Q?Dgyi?9;qDT32!NVww8V~`isyc18Yo{4VLT*4n zDWD@%M@#EzB7YYEpN`o*Tw*2*?{fDyrH({vK6{MG)(}MV4dsgl=f+J>s`llEt`HTxYN}awZNg zmay!4OI&W&E(*m_khDR;$H9>1-8K<5aSe}e+&e~fY7qZH(2BBKx)irspbbh zSNEoA60J!giONTq3?ENZgT5vXMoDDl&R+s#oF~P~$qw>6e;?Jf+n@12f$Y|OmX=NM z0Y(}9e#cl=pL+9G4RVtLJUc@LKS$MWADo|XnbMfe9;b>|H#DqjrH{mBP^=tw^|H%~ z-fEps|IM937vU(_y(8x8Jzu^Ad2bYidkgECFE+4ZJ?r}GbxB8}sql*b>NK<1jp=zSQOIF4rwCC?H_Y)-8I1`VxDl^x$)@C^LLAy&ubY)|Mr}U*vh#7T~`ceCuQj4KNJX`YjpjY{h%YH>12wE`<3c7V@@V( z>-8y>k18kxy#2F%Awl}3=Z=tbOM&#^SaM#ni`28su})i2 zu=0tu-oX7gw4V=t22!j*4puCL1&o>%AhqiagEiioDak&+6o|iqmFYT~aGqMi;=e;s zHZ<$uSLai8a5Kc*ZlEduECKOPu(*bcYmOLF=Bg zF+b0?#zTyJc17-IF_SGZd0V#Wc%9^c{3%DX!@MEpudI<+` z_2{U)3@N`2_?i7dzp_<`aE&E0^JPyN9ubU2q;hvPjmlMklj4$L&~K#$S7mh zru0zeWu=|$AS289$z8TRcb}}HF1MzZ8xYvisfOTf_(>#sGJ<2;w!(n+~hoOU***LN<@(kfLl2V*~w%R*eNj)3dB zy?f@$D0wj)tky$Edxjx57>PJAdpc?@NNwy^)C$K=EFX8{lgf_*SIns9&By6U@nZWR zWZ7te*2G~|l-ho!O%#b5nNOw+1ejYem%(}q7>Opja1`J1sl0U!qvZJV8=3|`J);+j z3t+4cbF?~*&WYW{Cx~q_+qlBZi_Td`-cmh}TLlI4@yW*~)YTzY^p)MjvM}2@pU&Bl z$IMzUkfOz}2oy8^+*PAkwtEqIjHO*3c zPEktG^Y)~5H@dMjWwuPo(Fn7(;e*d2DN~o(R5~SOTov=?clEUErlfaOMU%Pr6v&!p z{O;{2ysGy$HNrgN!QN)3A8DL?pmYHId75Cc#{a$1(9F6&*s>D_8NO?D;>Tc;{Sf(T zwSF*r`Q(1#@?mXmG}4@5j>%8;&-w@)Bem`Jav4_Fr%->dfQT@qSypAPyh8n zrhZ6m+mzFZrv0RZL7!!Vj`Yiu9$Y4g=BtkC{@Tmaeo8;y9!!h(WvMxp4{cc50B^*N zP=ZXZTWJZ1g&zUe#eTNEo(92pWZmbTckF+7u+m3fS}ybqK04!qp@Z*Ts7IGPc}tB> z5_KOs*lD_6Y*bA%s&dyTOS|P6Hz&FA-0#a4P)YY)NIj96`*MojGZw}0<JE?3Rq6@T^<*YdU`t`<(<1FD{*k4E#Y5Wuss;JcqcdNrC)7y;gWsDhyV)3$ zsDqCRM6*=*V_j?ajY2Eh7ooDv1 z$8(#DjOts5?7|2TKv(>Hy@rmPjvGBS(^rV<| z(oEuNRnO|6mhBFD4&fOG0`TUD4MI?Fj`*}(oBn{0ovjwwXnL&j3yZm!-hx*@f%n{+kK({03G$RzJ3vZ3v7`YGA` zS-SAs(4I-FA{b*U3vq#7%I@smeor;`h5J2c??M#cx;Sp@ds{JCaw* zNk(Nhr)~F91I&q1MX>gpUK6cMUc2r-fvni?qW-XfL{YoV&o@Y-b@H^S%*>I{qaEbg zX0uzN*fYzn^1fM}{#7<)*)Y({OS-zcuR?+ZcM_msp5T@7tBzK(Ye}C)N3TjZeSQ@^ zvvBzY|AZR>lY{c%5f5M@1XKG>vN;s6TG0W0(IVRzzF;V3)$}>EK(xW!Xkr5^EZCq= zm-2|)9x&@a9&J}-a-k8>whJ!Jq-QL~rw)->HB;x`u&NJG3VOmh>-3C%Mi_#3bs`VA zx0Rp%eqoUZ>!gmSnv&7IjEpc1eI4yh7ZiI)d3=BjR)`vpHLmWgeGTgIw_oTE?R})d z^XUQdj?Vf&PeqtrNP0JWb-KfnjL+l9-_3-=zL;iDgJDD`hFQ=B1bZurJiI(yYKVih zS}bK|T|q#F@Yv2ty1=;|`w43gW^dw^UCBH5+D(ZThxNxeZN+7=Dkx=$U>Z#Jts4LV54K|#vt!Ll_Wjf)jTHe4ouvhX!N*@4iz+ve%B zrzt#=8xl<)eC}On@pgxmFdSYc^oiA8|N3=mDKBWrd{9>a!g?MabpoAdHtLy8yM4(; zMwhP*8{`B`b$8I2Tr{_!kRT1)k9k9O!qYH zLTeM%)?9pF{+-&#Nv2NfXc{eTp9)K*qXOfjf$QSgJLpah)Z;^*S&#e)rikzSb6&+) z*UfdT^eb;d9868q6YtBHWp1*i+n3qyj|n#D`1!n6xPG3L89Vh>)bFSIXTtexUs};C z_IPERfd>)gTv)@)*wgZhd^+56M@?KsM}PnT&5(ZjH6et!*dgcpFQopSuz5vKs>UiH z#|~qBUeJ%`37%iA&HJs+J!EPz?H;xFuJB$ewTR>Ctuz$#P*#PT)aJ6_Sl%YyGKfpJ z^gN6=UB^>1;1JH&kwZ~EKIUjP`!l3;RUVg9Fvljw-_047DAlsBo4VoVcL`@v+iU#kETS0amwXq5YS4DcTES1Bq@N=A+VXd8EyY0){ zZH4Iec)!-N+}{2X7i3fr0t)%^w|CmxUn3X^g6w>Msi?_D{s`JeG2(kBW7ZgHue{jo z_M|s2FUD-y{}@_D_4W$}-Qz>XCO7+M(qq53&Obyum2{k+PTX1*Onp{#wzO55V$@p6 zrjcSiZdn(_%|qPt$o&v6@LB)A98}u~)wVctXQZGmrO$=!yUlu~Thb`8pCerY{Ld@Po&(6hbbIR4-*NkY7 zGw(L+A9*u4I2iS?^qvf2l z=CN@Q2&6s>(=#nsvD5HS8&VIY@?Q-Cux>$3$Fk$6I-{rdXtTT z`_Vd>#_5t=7V0HgjwY+=r~&~Vo%EBNK%@2n4oag$`(fAMU1+y%T($-)C6UtfbvQxh z-%G`VxF1Y%ahZG>OY(uwsieArq$&#jobtG4I+uFMfpvn~=O0fhN0L{{UIZD}Egpv7PemByWR<)_L5 z7E$BE>G^Kz48zHmJbbJw`)OH684fPX@1L(0SFAO`xs9ri_V?mx9!FM~BjcnmtzK33 zlx53ja_Ayc42>)%tzR_3TdMaTLNmyEbF}$7&f>{U63I3S8sS5NQYM|s#-3*Z30E=6 zcGUXXDY@gWM<3CFe8)IHTZ*NBaw?O`T&-k2GYQD@7Plqm!Ps*=8<_X#o&hZ_v%CVoAt zRNBdxu67#T-jn}+=biXhmG-~7B^^tIBs&I~MCM(*FSaH4jJy};A1V=X^zx>;p6_NJ zuA+GYGk$-q@DBZerE=d(9kl<%w_hW+q=5AFUO*4WOC8wUr}-7gPHXh4#&PfCL1mxi z>@Sii*q`yn!2_OF&@47-Eqz{GofEWurcU{g}r)J^QJe+-mcDuRZUac@7tF3UDnj`9job zg4a{F=juknX0n<6!Gw5fqby2Mw0v((YWYOT8{{IU2XTz)iSQ2g_hZ+*K3jS&=ObAj zyVkbh`F6Xrppy}@&@ET5*s;x95S$KVDC8@=oiIZgIKwv}f9M|pXm}4h?F=VoqOdN+ zzP`9^yuy2yTcz77sycgvE*11md6hjPKd8amuJdfK9u0o zrSvD0Pc9F6c^)l7=fe5kKVolB{3MHq=MhiEyib4UG1MFddrKo~^*XvG$AhkhX`mbo zr=JMqE0CadIlajlRc_D_=Su>1?qoqb%AG>fK_pAR7KgRsKT%&Na()4IWDYZb(U%}491t*zTXRfBIq>{^{> zDtKIR17dKa=Y}fb)~5}I*Dq@psP5t$dy7L1Vog;rGQN9^Dj2`hUjbmPP-hyZ0!g5m z{XtW@BF@`8&93`2a`G?)PDZ~;zUBVw2oI#^dF!jPY2W-u%&1D#_gs`gR%c zVe@rF)-Y%ZXWhsA%ceY{4i4*j8@AnLS*1^bv%BHbGyBNa&*xWy{2BS*l~QuzGc&<8^Duz=6zZ_J`Eo>Hiiat+?iv6m9(6-*M%Mr4`c%KeEkcdj$w z`^snJzFnd&kG#s&%hIC18?|qKeCwu4H@)f&2nWvj@wWnw0e{$`qq~f5^HzAtI0&pG z@U8AZdkMOKY#ixxVHDg@yFMSzmA}WZa)UC&wL!+B$wIp%p+CnmJf60_XK6utT=HFS zGdaH7EmE{?ekDHmuY^Sz#X(6Vk=iV;@$!yc%5gWkf1EujE)r=3#bIfY{kB3}e0nAuI4V(7 znD^WR95jtU`WbX?kP3V0SJQHL?JwMI;9P6vjQhax?W31f2I`?i>HtWBDfFLkJjh%O zi@F1mBII8iq&YceH^?R0aqci>Vf0yHq3F?#XmFF67O!)=qo7fSESc3$wHILy6)Ze< zs)t&R(+7MorlIJ$2NmMP$M?%gVq9zLA8)G6=$%El^%-a$WI zye~G!bhR6zaNUcB8(DyI-mI-4km1z-eyOv`R6!ol7G zg{gp`=~!W*ClzrahonPs`S7^s`tK`|0qTO)Pd6JCVQhig@BM(gn?IqJQsg>#Zo7vJN^LUqe+d%I6R%api}K(mn|fxYPOBwk0S z@7%Z8SZ`4qCt%+JwjJQ{#bkWyb4izkqYmUSD*zWG3|M-g$v5>^Ao_6@>E%_eUtL8s z`f`4MzRtYPn7ez_Z#rJBoBH*TW2ttxuAW>pU#Pv7YrqW%wJfydk`nX_91nVL98h-( zJn7Z}K`&o7gQ}OS_lAV}hlH!$g)8vch@OrMvqq8=p??Yb3 z7(y@h96)T@czyra&`5X@zQcU$s&(;RbLkkpPT!lTl|IkE*IefS^j{jZeP);DzP_J%LKp zV)eZx-cx4a`@vD3$D4YFhO-17ywBTwQg5#*D?0&DLG0K%i?__bQ=>CIPquvye-97z zO0t2@KsN(G15cb;g@!2-By)0bz~5;0lAZ=Vzmqlm``}c(ttbNa9gCIGU87*DPo@c= zHa3EZ=!g*03VvFqhqJ=;Fd*`bgQ)9j?I=? z=0jyCHBIbU^U)IfvwLV&WjH!AIXPLCT;!CwRf7|O9Q)N4=(hQT8NH||1w-++e*Tp^ zz2j%um1d~)=T=5OhstNw4Q{-Oh+A#Hx3eM%b(nzuYqW03gu+SKhmmg;-hj=Ql0whl z7IOhiup$SVmfz$Xz|M~oXx2kBD)#q#(*ABxDY2As&l~xSOwmT{2K>O?GUV!Yg40XQ z{np#{}mtxt;?D*3cGAF%T!O0aFlQ|z-@X-rh%^iXVT(|NODCA za!Mn&rGDqK^d7?Y1^E!yotYM^t~7@sd*OWNl5YBsxxAwm&qn1!nNfgf9EUgrxgus+ zXuESfM4bHzAE+9vh%hDM{R)1AI;C!E1&`r{@Ui;9>H*p2#&{~E(HqBW|D~N)-w(qU z3eYlC#}T{2$EN0xZ0!R5Id{6w@_=qIBiH7<|70&kAvcGa3M;z^q!#6$&wewtS5 zNr+2RgYu|NKf%ws;sw5n!SubW*EsTMvlm@#Il#L)1sq9ST+Vn}kQlp%eFRl`CP;g^ zW$$;s{89anOM}8m&~68ePUIaZ+yhn+K(#F_Ez75D!nTM|8hqY2AT@nYi~6;N+<5_6 zZf0zG_f-GqP1|SY&Lz_f`NZy$k^Zu>iym3S5O_q_TVKDgX3y|pZ{O4RKMS8y7!|}D zT01Ekw<>vTjqU6E_DxxYiqfD&zMnF1_(RN_=Oz>nCsbz5|`x3_|gt4>O8bR7L;~{bXm}@1S3V zeMU`Dl;W34G zkTE;A=EoPm>#Oio%S2iDOBfX*qD zpKl{zU2G7@`?lA0Cv#p@JRn%<3>zp&R)xcS`O9@TN7ZE*MC?-9UMsu2g38>?tOK3Q z?_pp+aNcvHq^#xaPq}eVXpSnJ^-%>E6VRmEm?#;|Q)lO1DaA#;Y`26V00^pf-uHa| z`sxJWK|YEZ-ee|-F|98zcLW!AGUH6j=g>%RBE`L6z!5h5%6qR1L~rUzf?=!`%&=H| zIoPu_$^ii!+d93BkHylVD5N)dAgM7V1GNA>LlDAfPbHbHCt{KSN? z-<5ZG7lQJaD-t+oEq7I7n~Zh<&D4;4a;DxHZ1QPwQq+$TpayOj_Z@iiQUl)J*4fcU z8PMuq=m;s&DpWWL-yH=X_xFZ-T3JDXUX?{muSt@SHKyMTfbkTR$)HrE|Ef-Qx$xEu zAP_v>f4TtYmqj{da}}mo6v184qm( z-PHIuZv?gtm2<`K+r121;#m~7P%;)Y%6WoW`OCPdq*LQAnFdh5@*yOk|7%3hP)|<` zeCo$u1xBkz8U;rJ8CoPcuAHd*?k|8?R!FZMk z$VrShk30d1vuA0~vsq0|O**|SCnspBPJ^S9Hv$e_dr1p+sn0I~-_dkR7XI1YlS1V& zRF8{Nk)=f2`elS=QjIRxutimM^^4(E4UXlLb16o35Wupk2&w@JG0;M5@j0iYqUtGw z??b0A;ouR4eXHP7iRHq!y>{q{Vwm?ni0oMSY}rs(SC^fg4R**yL`00nj>x$-#f9sHv31M1Zi0p9IJwN9>W8WUqO0 z&G$P71_mrKK)(cZM#r*7l(VWl%d1=}9T^!Bq$Ni2K76Q}HwsvVLv}blWijE`L3haT zz?{LAP4tU3)zi!H+h6VlA+Dg1P;W&93~1f~B?hZ%&>0Rskv~y1O2U|Qmuuk1r_j-R ztb~ptn^P6EBq0=ffQSZe;j=se7!(4rNCHenJv}`@%%t%GJS7wUcjT%ocX+wosj}1e z=3HmU)*}2b52BTS>jOLR^0hcE{pVSq$+5AqnVC(e`Wd_0$qid;>rty}faNmPOIs77 zjRYK7t_T2CLxBZl%t8uWI#-r%*_|)Cb;mfJmVDQ6ancar+Nh>K!n98 zvr>k8G#df%o{>ElB_YmDU<>I<1c>fNKCafcrw`iG+kEX5KM(-TpEHRb9a zoJ&^5#heJHuk!5yhn@$1OWONWSz1Wb^g*iskXEL8uA=k-aL}M?A$S||nFGD%5&wkZ zb`Tg3YNG(R${ZIH1L)?|!F-8N9gS%b7S;NeNz!ZNhA$%qqZFh%ZZOWfBU_71R#RN9 zE|LLzTJv5!JxR#)mg|4SI1dCFP8;CFa8ZK66d#}C9=J5c7+Or$fDfjUA%!>P=Z>2Z zQB1cW9IH;E^k6ceB?DcjFs5RR2a5-%Bcr1?Am&XPc8B0uqun|7iI}x;=pdheOhMk) zd0nI=5f8A9FqCX9Yi&f$Z@Hav@^;54cdi`(K3w|X+MYYPb#+OJT3FMH2hbUKNLk2V zYbBh#bhqf&bVcEX+PB_+rYo}!75B@At|5zWb}xOc$`K&8($<#ti69y?v!4y?`MUS0 zo-p1j(Z(J$!J+yk!en7Xg8dc6Z*AqF|4r@?n32aj*VFtB`l}~aI&?y_?;5RUYYvZL-m^K^+#ksk6B_b@` z9aK|Zj*Mk(od?4VC=7uiGp3a{S}^`6B7!Jt2}pndQZ$&{(^~*&S-vW<-I}$OQ0GU0 z5&*{L-)Ru$vT3peI5+)ee}ke^GH_o1AsR5_{(VBm|9ca8f-HDDs6GUj^Y5?J8_1X7 eAUI4s@S3zIW-vajU5y(8UMh;u6iN}V1O5kK{*8|S diff --git a/docs/server/source/production-nodes/node-components.md b/docs/server/source/production-nodes/node-components.md index 9d6b41ec..83707118 100644 --- a/docs/server/source/production-nodes/node-components.md +++ b/docs/server/source/production-nodes/node-components.md @@ -1,23 +1,16 @@ # Production Node Components -A BigchainDB node must include, at least: +A production BigchainDB node must include BigchainDB Server, MongoDB Server (mongod), and scalable storage for MongoDB, but it could include several other components, including: -* BigchainDB Server and -* RethinkDB Server. - -When doing development and testing, it's common to install both on the same machine, but in a production environment, it may make more sense to install them on separate machines. - -In a production environment, a BigchainDB node should have several other components, including: - -* nginx or similar, as a reverse proxy and/or load balancer for the Gunicorn server(s) inside the node -* An NTP daemon running on all machines running BigchainDB code, and possibly other machines -* A RethinkDB proxy server -* A RethinkDB "wire protocol firewall" (in the future: this component doesn't exist yet) -* Scalable storage for RethinkDB (e.g. using RAID) -* Monitoring software, to monitor all the machines in the node -* Configuration management agents (if you're using a configuration managment system that uses agents) +* NGINX or similar, to provide authentication, rate limiting, etc. +* An NTP daemon running on all machines running BigchainDB Server or mongod, and possibly other machines +* **Not** MongoDB Automation Agent. It's for automating the deployment of an entire MongoDB cluster, not just one MongoDB node within a cluster. +* MongoDB Monitoring Agent +* MongoDB Backup Agent +* Log aggregation software +* Monitoring software * Maybe more -The relationship between these components is illustrated below. +The relationship between the main components is illustrated below. Note that BigchainDB Server must be able to communicate with all other mongod instances in the BigchainDB cluster (i.e. in other BigchainDB nodes). -![Components of a node](../_static/Node-components.png) +![Components of a production node](../_static/Node-components.png) From 22cc47b0c544bfc5e7e2a669748d4a9436ba537f Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Tue, 11 Apr 2017 14:27:17 +0200 Subject: [PATCH 215/283] Updated docs re: prod node reqs. Moved RethinkDB reqs to Appendices --- docs/server/source/appendices/index.rst | 1 + .../source/appendices/rethinkdb-reqs.md | 47 ++++++++++++++++ .../production-nodes/node-components.md | 8 ++- .../production-nodes/node-requirements.md | 54 +++---------------- 4 files changed, 61 insertions(+), 49 deletions(-) create mode 100644 docs/server/source/appendices/rethinkdb-reqs.md diff --git a/docs/server/source/appendices/index.rst b/docs/server/source/appendices/index.rst index 7beb27f5..7ff0cf9c 100755 --- a/docs/server/source/appendices/index.rst +++ b/docs/server/source/appendices/index.rst @@ -21,6 +21,7 @@ Appendices generate-key-pair-for-ssh firewall-notes ntp-notes + rethinkdb-reqs example-rethinkdb-storage-setups licenses install-with-lxd diff --git a/docs/server/source/appendices/rethinkdb-reqs.md b/docs/server/source/appendices/rethinkdb-reqs.md new file mode 100644 index 00000000..f5c41c92 --- /dev/null +++ b/docs/server/source/appendices/rethinkdb-reqs.md @@ -0,0 +1,47 @@ +# RethinkDB Requirements + +[The RethinkDB documentation](https://rethinkdb.com/docs/) should be your first source of information about its requirements. This page serves mostly to document some of its more obscure requirements. + +RethinkDB Server [will run on any modern OS](https://www.rethinkdb.com/docs/install/). Note that the Fedora package isn't officially supported. Also, official support for Windows is fairly recent ([April 2016](https://rethinkdb.com/blog/2.3-release/)). + + +## Storage Requirements + +When it comes to storage for RethinkDB, there are many things that are nice to have (e.g. SSDs, high-speed input/output [IOPS], replication, reliability, scalability, pay-for-what-you-use), but there are few _requirements_ other than: + +1. have enough storage to store all your data (and its replicas), and +2. make sure your storage solution (hardware and interconnects) can handle your expected read & write rates. + +For RethinkDB's failover mechanisms to work, [every RethinkDB table must have at least three replicas](https://rethinkdb.com/docs/failover/) (i.e. a primary replica and two others). For example, if you want to store 10 GB of unique data, then you need at least 30 GB of storage. (Indexes and internal metadata are stored in RAM.) + +As for the read & write rates, what do you expect those to be for your situation? It's not enough for the storage system alone to handle those rates: the interconnects between the nodes must also be able to handle them. + + +## Memory (RAM) Requirements + +In their [FAQ](https://rethinkdb.com/faq/), RethinkDB recommends that, "RethinkDB servers have at least 2GB of RAM..." ([source](https://rethinkdb.com/faq/)) + +In particular: "RethinkDB requires data structures in RAM on each server proportional to the size of the data on that server’s disk, usually around 1% of the size of the total data set." ([source](https://rethinkdb.com/limitations/)) We asked what they meant by "total data set" and [they said](https://github.com/rethinkdb/rethinkdb/issues/5902#issuecomment-230860607) it's "referring to only the data stored on the particular server." + +Also, "The storage engine is used in conjunction with a custom, B-Tree-aware caching engine which allows file sizes many orders of magnitude greater than the amount of available memory. RethinkDB can operate on a terabyte of data with about ten gigabytes of free RAM." ([source](https://www.rethinkdb.com/docs/architecture/)) (In this case, it's the _cluster_ which has a total of one terabyte of data, and it's the _cluster_ which has a total of ten gigabytes of RAM. That is, if you add up the RethinkDB RAM on all the servers, it's ten gigabytes.) + +In reponse to our questions about RAM requirements, @danielmewes (of RethinkDB) [wrote](https://github.com/rethinkdb/rethinkdb/issues/5902#issuecomment-230860607): + +> ... If you replicate the data, the amount of data per server increases accordingly, because multiple copies of the same data will be held by different servers in the cluster. + +For example, if you increase the data replication factor from 1 to 2 (i.e. the primary plus one copy), then that will double the RAM needed for metadata. Also from @danielmewes: + +> **For reasonable performance, you should probably aim at something closer to 5-10% of the data size.** [Emphasis added] The 1% is the bare minimum and doesn't include any caching. If you want to run near the minimum, you'll also need to manually lower RethinkDB's cache size through the `--cache-size` parameter to free up enough RAM for the metadata overhead... + +RethinkDB has [documentation about its memory requirements](https://rethinkdb.com/docs/memory-usage/). You can use that page to get a better estimate of how much memory you'll need. In particular, note that RethinkDB automatically configures the cache size limit to be about half the available memory, but it can be no lower than 100 MB. As @danielmewes noted, you can manually change the cache size limit (e.g. to free up RAM for queries, metadata, or other things). + +If a RethinkDB process (on a server) runs out of RAM, the operating system will start swapping RAM out to disk, slowing everything down. According to @danielmewes: + +> Going into swap is usually pretty bad for RethinkDB, and RethinkDB servers that have gone into swap often become so slow that other nodes in the cluster consider them unavailable and terminate the connection to them. I recommend adjusting RethinkDB's cache size conservatively to avoid this scenario. RethinkDB will still make use of additional RAM through the operating system's block cache (though less efficiently than when it can keep data in its own cache). + + +## Filesystem Requirements + +RethinkDB "supports most commonly used file systems" ([source](https://www.rethinkdb.com/docs/architecture/)) but it has [issues with BTRFS](https://github.com/rethinkdb/rethinkdb/issues/2781) (B-tree file system). + +It's best to use a filesystem that supports direct I/O, because that will improve RethinkDB performance (if you tell RethinkDB to use direct I/O). Many compressed or encrypted filesystems don't support direct I/O. diff --git a/docs/server/source/production-nodes/node-components.md b/docs/server/source/production-nodes/node-components.md index 83707118..62c5c9a9 100644 --- a/docs/server/source/production-nodes/node-components.md +++ b/docs/server/source/production-nodes/node-components.md @@ -1,6 +1,12 @@ # Production Node Components -A production BigchainDB node must include BigchainDB Server, MongoDB Server (mongod), and scalable storage for MongoDB, but it could include several other components, including: +A production BigchainDB node must include: + +* BigchainDB Server +* MongoDB Server (mongod) +* Scalable storage for MongoDB + +It could also include several other components, including: * NGINX or similar, to provide authentication, rate limiting, etc. * An NTP daemon running on all machines running BigchainDB Server or mongod, and possibly other machines diff --git a/docs/server/source/production-nodes/node-requirements.md b/docs/server/source/production-nodes/node-requirements.md index 56d52f13..9588747b 100644 --- a/docs/server/source/production-nodes/node-requirements.md +++ b/docs/server/source/production-nodes/node-requirements.md @@ -1,59 +1,17 @@ # Production Node Requirements -Note: This section will be broken apart into several pages, e.g. NTP requirements, RethinkDB requirements, BigchainDB requirements, etc. and those pages will add more details. +**This page is about the requirements of BigchainDB Server.** You can find the requirements of MongoDB, NGINX, your NTP daemon, your monitoring software, and other [production node components](node-components.html) in the documentation for that software. ## OS Requirements -* RethinkDB Server [will run on any modern OS](https://www.rethinkdb.com/docs/install/). Note that the Fedora package isn't officially supported. Also, official support for Windows is fairly recent ([April 2016](https://rethinkdb.com/blog/2.3-release/)). -* BigchainDB Server requires Python 3.4+ and Python 3.4+ [will run on any modern OS](https://docs.python.org/3.4/using/index.html). -* BigchaindB Server uses the Python `multiprocessing` package and [some functionality in the `multiprocessing` package doesn't work on OS X](https://docs.python.org/3.4/library/multiprocessing.html#multiprocessing.Queue.qsize). You can still use Mac OS X if you use Docker or a virtual machine. +BigchainDB Server requires Python 3.4+ and Python 3.4+ [will run on any modern OS](https://docs.python.org/3.4/using/index.html), but we recommend using an LTS version of [Ubuntu Server](https://www.ubuntu.com/server) or a similarly server-grade Linux distribution. -The BigchainDB core dev team uses recent LTS versions of Ubuntu and recent versions of Fedora. - -We don't test BigchainDB on Windows or Mac OS X, but you can try. - -* If you run into problems on Windows, then you may want to try using Vagrant. One of our community members ([@Mec-Is](https://github.com/Mec-iS)) wrote [a page about how to install BigchainDB on a VM with Vagrant](https://gist.github.com/Mec-iS/b84758397f1b21f21700). -* If you have Mac OS X and want to experiment with BigchainDB, then you could do that [using Docker](../appendices/run-with-docker.html). +_Don't use macOS_ (formerly OS X, formerly Mac OS X), because it's not a server-grade operating system. Also, BigchaindB Server uses the Python multiprocessing package and [some functionality in the multiprocessing package doesn't work on Mac OS X](https://docs.python.org/3.4/library/multiprocessing.html#multiprocessing.Queue.qsize). -## Storage Requirements +## General Considerations -When it comes to storage for RethinkDB, there are many things that are nice to have (e.g. SSDs, high-speed input/output [IOPS], replication, reliability, scalability, pay-for-what-you-use), but there are few _requirements_ other than: +BigchainDB Server runs many concurrent processes, so more RAM and more CPU cores is better. -1. have enough storage to store all your data (and its replicas), and -2. make sure your storage solution (hardware and interconnects) can handle your expected read & write rates. - -For RethinkDB's failover mechanisms to work, [every RethinkDB table must have at least three replicas](https://rethinkdb.com/docs/failover/) (i.e. a primary replica and two others). For example, if you want to store 10 GB of unique data, then you need at least 30 GB of storage. (Indexes and internal metadata are stored in RAM.) - -As for the read & write rates, what do you expect those to be for your situation? It's not enough for the storage system alone to handle those rates: the interconnects between the nodes must also be able to handle them. - - -## Memory (RAM) Requirements - -In their [FAQ](https://rethinkdb.com/faq/), RethinkDB recommends that, "RethinkDB servers have at least 2GB of RAM..." ([source](https://rethinkdb.com/faq/)) - -In particular: "RethinkDB requires data structures in RAM on each server proportional to the size of the data on that server’s disk, usually around 1% of the size of the total data set." ([source](https://rethinkdb.com/limitations/)) We asked what they meant by "total data set" and [they said](https://github.com/rethinkdb/rethinkdb/issues/5902#issuecomment-230860607) it's "referring to only the data stored on the particular server." - -Also, "The storage engine is used in conjunction with a custom, B-Tree-aware caching engine which allows file sizes many orders of magnitude greater than the amount of available memory. RethinkDB can operate on a terabyte of data with about ten gigabytes of free RAM." ([source](https://www.rethinkdb.com/docs/architecture/)) (In this case, it's the _cluster_ which has a total of one terabyte of data, and it's the _cluster_ which has a total of ten gigabytes of RAM. That is, if you add up the RethinkDB RAM on all the servers, it's ten gigabytes.) - -In reponse to our questions about RAM requirements, @danielmewes (of RethinkDB) [wrote](https://github.com/rethinkdb/rethinkdb/issues/5902#issuecomment-230860607): - -> ... If you replicate the data, the amount of data per server increases accordingly, because multiple copies of the same data will be held by different servers in the cluster. - -For example, if you increase the data replication factor from 1 to 2 (i.e. the primary plus one copy), then that will double the RAM needed for metadata. Also from @danielmewes: - -> **For reasonable performance, you should probably aim at something closer to 5-10% of the data size.** [Emphasis added] The 1% is the bare minimum and doesn't include any caching. If you want to run near the minimum, you'll also need to manually lower RethinkDB's cache size through the `--cache-size` parameter to free up enough RAM for the metadata overhead... - -RethinkDB has [documentation about its memory requirements](https://rethinkdb.com/docs/memory-usage/). You can use that page to get a better estimate of how much memory you'll need. In particular, note that RethinkDB automatically configures the cache size limit to be about half the available memory, but it can be no lower than 100 MB. As @danielmewes noted, you can manually change the cache size limit (e.g. to free up RAM for queries, metadata, or other things). - -If a RethinkDB process (on a server) runs out of RAM, the operating system will start swapping RAM out to disk, slowing everything down. According to @danielmewes: - -> Going into swap is usually pretty bad for RethinkDB, and RethinkDB servers that have gone into swap often become so slow that other nodes in the cluster consider them unavailable and terminate the connection to them. I recommend adjusting RethinkDB's cache size conservatively to avoid this scenario. RethinkDB will still make use of additional RAM through the operating system's block cache (though less efficiently than when it can keep data in its own cache). - - -## Filesystem Requirements - -RethinkDB "supports most commonly used file systems" ([source](https://www.rethinkdb.com/docs/architecture/)) but it has [issues with BTRFS](https://github.com/rethinkdb/rethinkdb/issues/2781) (B-tree file system). - -It's best to use a filesystem that supports direct I/O, because that will improve RethinkDB performance (if you tell RethinkDB to use direct I/O). Many compressed or encrypted filesystems don't support direct I/O. +As mentioned on the page about [production node components](node-components.html), every machine running BigchainDB Server should be running an NTP daemon. From ffc08eaef933605bab94b6c19c832ed49fc84866 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Tue, 11 Apr 2017 16:29:08 +0200 Subject: [PATCH 216/283] updated docs page 'Set Up and Run a Cluster Node' --- .../example-rethinkdb-storage-setups.md | 25 ---- docs/server/source/appendices/index.rst | 1 - .../source/appendices/rethinkdb-reqs.md | 14 ++ .../source/production-nodes/setup-run-node.md | 122 ++++-------------- 4 files changed, 41 insertions(+), 121 deletions(-) delete mode 100755 docs/server/source/appendices/example-rethinkdb-storage-setups.md diff --git a/docs/server/source/appendices/example-rethinkdb-storage-setups.md b/docs/server/source/appendices/example-rethinkdb-storage-setups.md deleted file mode 100755 index 0fc4c273..00000000 --- a/docs/server/source/appendices/example-rethinkdb-storage-setups.md +++ /dev/null @@ -1,25 +0,0 @@ -# Example RethinkDB Storage Setups - -## Example Amazon EC2 Setups - -We have some scripts for [deploying a _test_ BigchainDB cluster on AWS](../clusters-feds/aws-testing-cluster.html). Those scripts include command sequences to set up storage for RethinkDB. -In particular, look in the file [/deploy-cluster-aws/fabfile.py](https://github.com/bigchaindb/bigchaindb/blob/master/deploy-cluster-aws/fabfile.py), under `def prep_rethinkdb_storage(USING_EBS)`. Note that there are two cases: - -1. **Using EBS ([Amazon Elastic Block Store](https://aws.amazon.com/ebs/)).** This is always an option, and for some instance types ("EBS-only"), it's the only option. -2. **Using an "instance store" volume provided with an Amazon EC2 instance.** Note that our scripts only use one of the (possibly many) volumes in the instance store. - -There's some explanation of the steps in the [Amazon EC2 documentation about making an Amazon EBS volume available for use](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-using-volumes.html). - -You shouldn't use an EC2 "instance store" to store RethinkDB data for a production node, because it's not replicated and it's only intended for temporary, ephemeral data. If the associated instance crashes, is stopped, or is terminated, the data in the instance store is lost forever. Amazon EBS storage is replicated, has incremental snapshots, and is low-latency. - - -## Example Using Amazon EFS - -TODO - - -## Other Examples? - -TODO - -Maybe RAID, ZFS, ... (over EBS volumes, i.e. a DIY Amazon EFS) diff --git a/docs/server/source/appendices/index.rst b/docs/server/source/appendices/index.rst index 7ff0cf9c..c34b752e 100755 --- a/docs/server/source/appendices/index.rst +++ b/docs/server/source/appendices/index.rst @@ -22,6 +22,5 @@ Appendices firewall-notes ntp-notes rethinkdb-reqs - example-rethinkdb-storage-setups licenses install-with-lxd diff --git a/docs/server/source/appendices/rethinkdb-reqs.md b/docs/server/source/appendices/rethinkdb-reqs.md index f5c41c92..f1351612 100644 --- a/docs/server/source/appendices/rethinkdb-reqs.md +++ b/docs/server/source/appendices/rethinkdb-reqs.md @@ -16,6 +16,20 @@ For RethinkDB's failover mechanisms to work, [every RethinkDB table must have at As for the read & write rates, what do you expect those to be for your situation? It's not enough for the storage system alone to handle those rates: the interconnects between the nodes must also be able to handle them. +**Storage Notes Specific to RethinkDB** + +* The RethinkDB storage engine has a number of SSD optimizations, so you _can_ benefit from using SSDs. ([source](https://www.rethinkdb.com/docs/architecture/)) + +* If you want a RethinkDB cluster to store an amount of data D, with a replication factor of R (on every table), and the cluster has N nodes, then each node will need to be able to store R×D/N data. + +* RethinkDB tables can have [at most 64 shards](https://rethinkdb.com/limitations/). For example, if you have only one table and more than 64 nodes, some nodes won't have the primary of any shard, i.e. they will have replicas only. In other words, once you pass 64 nodes, adding more nodes won't provide more storage space for new data. If the biggest single-node storage available is d, then the most you can store in a RethinkDB cluster is < 64×d: accomplished by putting one primary shard in each of 64 nodes, with all replica shards on other nodes. (This is assuming one table. If there are T tables, then the most you can store is < 64×d×T.) + +* When you set up storage for your RethinkDB data, you may have to select a filesystem. (Sometimes, the filesystem is already decided by the choice of storage.) We recommend using a filesystem that supports direct I/O (Input/Output). Many compressed or encrypted file systems don't support direct I/O. The ext4 filesystem supports direct I/O (but be careful: if you enable the data=journal mode, then direct I/O support will be disabled; the default is data=ordered). If your chosen filesystem supports direct I/O and you're using Linux, then you don't need to do anything to request or enable direct I/O. RethinkDB does that. + +

What is direct I/O? It allows RethinkDB to write directly to the storage device (or use its own in-memory caching mechanisms), rather than relying on the operating system's file read and write caching mechanisms. (If you're using Linux, a write-to-file normally writes to the in-memory Page Cache first; only later does that Page Cache get flushed to disk. The Page Cache is also used when reading files.)

+ +* RethinkDB stores its data in a specific directory. You can tell RethinkDB _which_ directory using the RethinkDB config file, as explained below. In this documentation, we assume the directory is `/data`. If you set up a separate device (partition, RAID array, or logical volume) to store the RethinkDB data, then mount that device on `/data`. + ## Memory (RAM) Requirements diff --git a/docs/server/source/production-nodes/setup-run-node.md b/docs/server/source/production-nodes/setup-run-node.md index cace5003..2d938dd0 100644 --- a/docs/server/source/production-nodes/setup-run-node.md +++ b/docs/server/source/production-nodes/setup-run-node.md @@ -1,17 +1,13 @@ # Set Up and Run a Cluster Node -This is a page of general guidelines for setting up a production node. It says nothing about how to upgrade software, storage, processing, etc. or other details of node management. It will be expanded more in the future. +This is a page of general guidelines for setting up a production BigchainDB node. Before continuing, please review the pages about production node [assumptions](node-assumptions.html), [components](node-components.html) and [requirements](node-requirements.html). + +Note: These are just guidelines. You can modify them to suit your needs. For example, if you want to initialize the MongoDB replica set before installing BigchainDB, you _can_ do that. We don't cover all possible setup procedures here. -## Get a Server - -The first step is to get a server (or equivalent) which meets [the requirements for a BigchainDB node](node-requirements.html). - - -## Secure Your Server - -The steps that you must take to secure your server depend on your server OS and where your server is physically located. There are many articles and books about how to secure a server. Here we just cover special considerations when securing a BigchainDB node. +## Security Guidelines +There are many articles, websites and books about securing servers, virtual machines, networks, etc. Consult those. There are some [notes on BigchainDB-specific firewall setup](../appendices/firewall-notes.html) in the Appendices. @@ -24,11 +20,9 @@ NTP is a standard protocol. There are many NTP daemons implementing it. We don't Please see the [notes on NTP daemon setup](../appendices/ntp-notes.html) in the Appendices. -## Set Up Storage for RethinkDB Data +## Set Up Storage for MongoDB -Below are some things to consider when setting up storage for the RethinkDB data. The Appendices have a [section with concrete examples](../appendices/example-rethinkdb-storage-setups.html). - -We suggest you set up a separate storage "device" (partition, RAID array, or logical volume) to store the RethinkDB data. Here are some questions to ask: +We suggest you set up a separate storage device (partition, RAID array, or logical volume) to store the data in the MongoDB database. Here are some questions to ask: * How easy will it be to add storage in the future? Will I have to shut down my server? * How big can the storage get? (Remember that [RAID](https://en.wikipedia.org/wiki/RAID) can be used to make several physical drives look like one.) @@ -39,67 +33,23 @@ We suggest you set up a separate storage "device" (partition, RAID array, or log * What's in the Service Level Agreement (SLA), if applicable? * What's the cost? -There are many options and tradeoffs. Don't forget to look into Amazon Elastic Block Store (EBS) and Amazon Elastic File System (EFS), or their equivalents from other providers. - -**Storage Notes Specific to RethinkDB** - -* The RethinkDB storage engine has a number of SSD optimizations, so you _can_ benefit from using SSDs. ([source](https://www.rethinkdb.com/docs/architecture/)) - -* If you want a RethinkDB cluster to store an amount of data D, with a replication factor of R (on every table), and the cluster has N nodes, then each node will need to be able to store R×D/N data. - -* RethinkDB tables can have [at most 64 shards](https://rethinkdb.com/limitations/). For example, if you have only one table and more than 64 nodes, some nodes won't have the primary of any shard, i.e. they will have replicas only. In other words, once you pass 64 nodes, adding more nodes won't provide more storage space for new data. If the biggest single-node storage available is d, then the most you can store in a RethinkDB cluster is < 64×d: accomplished by putting one primary shard in each of 64 nodes, with all replica shards on other nodes. (This is assuming one table. If there are T tables, then the most you can store is < 64×d×T.) - -* When you set up storage for your RethinkDB data, you may have to select a filesystem. (Sometimes, the filesystem is already decided by the choice of storage.) We recommend using a filesystem that supports direct I/O (Input/Output). Many compressed or encrypted file systems don't support direct I/O. The ext4 filesystem supports direct I/O (but be careful: if you enable the data=journal mode, then direct I/O support will be disabled; the default is data=ordered). If your chosen filesystem supports direct I/O and you're using Linux, then you don't need to do anything to request or enable direct I/O. RethinkDB does that. - -

What is direct I/O? It allows RethinkDB to write directly to the storage device (or use its own in-memory caching mechanisms), rather than relying on the operating system's file read and write caching mechanisms. (If you're using Linux, a write-to-file normally writes to the in-memory Page Cache first; only later does that Page Cache get flushed to disk. The Page Cache is also used when reading files.)

- -* RethinkDB stores its data in a specific directory. You can tell RethinkDB _which_ directory using the RethinkDB config file, as explained below. In this documentation, we assume the directory is `/data`. If you set up a separate device (partition, RAID array, or logical volume) to store the RethinkDB data, then mount that device on `/data`. +There are many options and tradeoffs. -## Install RethinkDB Server +## Install and Run MongoDB -If you don't already have RethinkDB Server installed, you must install it. The RethinkDB documentation has instructions for [how to install RethinkDB Server on a variety of operating systems](https://rethinkdb.com/docs/install/). - - -## Configure RethinkDB Server - -Create a RethinkDB configuration file (text file) named `instance1.conf` with the following contents (explained below): -```text -directory=/data -bind=all -direct-io -# Replace node?_hostname with actual node hostnames below, e.g. rdb.examples.com -join=node0_hostname:29015 -join=node1_hostname:29015 -join=node2_hostname:29015 -# continue until there's a join= line for each node in the cluster -``` - -* `directory=/data` tells the RethinkDB node to store its share of the database data in `/data`. -* `bind=all` binds RethinkDB to all local network interfaces (e.g. loopback, Ethernet, wireless, whatever is available), so it can communicate with the outside world. (The default is to bind only to local interfaces.) -* `direct-io` tells RethinkDB to use direct I/O (explained earlier). Only include this line if your file system supports direct I/O. -* `join=hostname:29015` lines: A cluster node needs to find out the hostnames of all the other nodes somehow. You _could_ designate one node to be the one that every other node asks, and put that node's hostname in the config file, but that wouldn't be very decentralized. Instead, we include _every_ node in the list of nodes-to-ask. - -If you're curious about the RethinkDB config file, there's [a RethinkDB documentation page about it](https://www.rethinkdb.com/docs/config-file/). The [explanations of the RethinkDB command-line options](https://rethinkdb.com/docs/cli-options/) are another useful reference. - -See the [RethinkDB documentation on securing your cluster](https://rethinkdb.com/docs/security/). - - -## Install Python 3.4+ - -If you don't already have it, then you should [install Python 3.4+](https://www.python.org/downloads/). - -If you're testing or developing BigchainDB on a stand-alone node, then you should probably create a Python 3.4+ virtual environment and activate it (e.g. using virtualenv or conda). Later we will install several Python packages and you probably only want those installed in the virtual environment. +* [Install MongoDB](https://docs.mongodb.com/manual/installation/) +* [Run MongoDB (mongod)](https://docs.mongodb.com/manual/reference/program/mongod/) ## Install BigchainDB Server -First, [install the OS-level dependencies of BigchainDB Server (link)](../appendices/install-os-level-deps.html). +### Install BigchainDB Server Dependencies -With OS-level dependencies installed, you can install BigchainDB Server with `pip` or from source. +* [Install OS-level dependencies](../appendices/install-os-level-deps.html) +* [Install Python 3.4+](https://www.python.org/downloads/) - -### How to Install BigchainDB with pip +### How to Install BigchainDB Server with pip BigchainDB (i.e. both the Server and the officially-supported drivers) is distributed as a Python package on PyPI so you can install it using `pip`. First, make sure you have an up-to-date Python 3.4+ version of `pip` installed: ```text @@ -131,7 +81,7 @@ pip3 install bigchaindb Note: You can use `pip3` to upgrade the `bigchaindb` package to the latest version using `pip3 install --upgrade bigchaindb`. -### How to Install BigchainDB from Source +### How to Install BigchainDB Server from Source If you want to install BitchainDB from source because you want to use the very latest bleeding-edge code, clone the public repository: ```text @@ -142,52 +92,34 @@ python setup.py install ## Configure BigchainDB Server -Start by creating a default BigchainDB config file: +Start by creating a default BigchainDB config file for a MongoDB backend: ```text -bigchaindb -y configure rethinkdb +bigchaindb -y configure mongodb ``` -(There's documentation for the `bigchaindb` command is in the section on [the BigchainDB Command Line Interface (CLI)](bigchaindb-cli.html).) +(There's documentation for the `bigchaindb` command is in the section on [the BigchainDB Command Line Interface (CLI)](../server-reference/bigchaindb-cli.html).) -Edit the created config file: +Edit the created config file by opening `$HOME/.bigchaindb` (the created config file) in your text editor: -* Open `$HOME/.bigchaindb` (the created config file) in your text editor. * Change `"server": {"bind": "localhost:9984", ... }` to `"server": {"bind": "0.0.0.0:9984", ... }`. This makes it so traffic can come from any IP address to port 9984 (the HTTP Client-Server API port). * Change `"keyring": []` to `"keyring": ["public_key_of_other_node_A", "public_key_of_other_node_B", "..."]` i.e. a list of the public keys of all the other nodes in the cluster. The keyring should _not_ include your node's public key. +* Ensure that `database.host` and `database.port` are set to the hostname and port of your MongoDB instance. (The port is usually 27017, unless you changed it.) -For more information about the BigchainDB config file, see [Configuring a BigchainDB Node](configuration.html). +For more information about the BigchainDB config file, see the page about the [BigchainDB configuration settings](../server-reference/configuration.html). -## Run RethinkDB Server +## Maybe Update the MongoDB Replica Set -Start RethinkDB using: +**If this isn't the first node in the BigchainDB cluster**, then you must add your MongoDB instance to the MongoDB replica set. You can do so using: ```text -rethinkdb --config-file path/to/instance1.conf +bigchaindb add-replicas your-mongod-hostname:27017 ``` -except replace the path with the actual path to `instance1.conf`. - -Note: It's possible to [make RethinkDB start at system startup](https://www.rethinkdb.com/docs/start-on-startup/). - -You can verify that RethinkDB is running by opening the RethinkDB web interface in your web browser. It should be at `http://rethinkdb-hostname:8080/`. If you're running RethinkDB on localhost, that would be [http://localhost:8080/](http://localhost:8080/). +where you must replace `your-mongod-hostname` with the actual hostname of your MongoDB instance, and you may have to replace `27017` with the actual port. -## Run BigchainDB Server +## Start BigchainDB -After all node operators have started RethinkDB, but before they start BigchainDB, one designated node operator must configure the RethinkDB database by running the following commands: -```text -bigchaindb init -bigchaindb set-shards numshards -bigchaindb set-replicas numreplicas -``` - -where: - -* `bigchaindb init` creates the database within RethinkDB, the tables, the indexes, and the genesis block. -* `numshards` should be set to the number of nodes in the initial cluster. -* `numreplicas` should be set to the database replication factor decided by the consortium. It must be 3 or more for [RethinkDB failover](https://rethinkdb.com/docs/failover/) to work. - -Once the RethinkDB database is configured, every node operator can start BigchainDB using: ```text bigchaindb start ``` From a673d9c6efcc2d37b72f545b2170ead2995762d3 Mon Sep 17 00:00:00 2001 From: vrde Date: Tue, 11 Apr 2017 16:34:50 +0200 Subject: [PATCH 217/283] Add more code coverage --- tests/web/test_websocket_server.py | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tests/web/test_websocket_server.py b/tests/web/test_websocket_server.py index b205fb25..ee0cfc6e 100644 --- a/tests/web/test_websocket_server.py +++ b/tests/web/test_websocket_server.py @@ -1,5 +1,6 @@ import json import random +from unittest.mock import patch import pytest import asyncio @@ -114,6 +115,19 @@ def test_capped_queue(loop): assert async_queue.qsize() == 0 +@patch('threading.Thread.start') +@patch('aiohttp.web.run_app') +@patch('bigchaindb.web.websocket_server.init_app') +@patch('asyncio.get_event_loop', return_value='event-loop') +@patch('asyncio.Queue', return_value='event-queue') +def test_start_creates_an_event_loop(queue_mock, get_event_loop_mock, init_app_mock, run_app_mock, thread_start_mock): + from bigchaindb.web.websocket_server import start + + start(None) + + init_app_mock.assert_called_with('event-queue', loop='event-loop') + + @asyncio.coroutine def test_websocket_string_event(test_client, loop): from bigchaindb.web.websocket_server import init_app, POISON_PILL, EVENTS_ENDPOINT From beace99fc0a1de9d8c69c34698b4463f33a7e2c7 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Tue, 11 Apr 2017 16:47:30 +0200 Subject: [PATCH 218/283] some edits to setup-run-node.md --- .../source/production-nodes/setup-run-node.md | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/docs/server/source/production-nodes/setup-run-node.md b/docs/server/source/production-nodes/setup-run-node.md index 2d938dd0..cee34508 100644 --- a/docs/server/source/production-nodes/setup-run-node.md +++ b/docs/server/source/production-nodes/setup-run-node.md @@ -1,8 +1,8 @@ # Set Up and Run a Cluster Node -This is a page of general guidelines for setting up a production BigchainDB node. Before continuing, please review the pages about production node [assumptions](node-assumptions.html), [components](node-components.html) and [requirements](node-requirements.html). +This is a page of general guidelines for setting up a production BigchainDB node. Before continuing, make sure you've read the pages about production node [assumptions](node-assumptions.html), [components](node-components.html) and [requirements](node-requirements.html). -Note: These are just guidelines. You can modify them to suit your needs. For example, if you want to initialize the MongoDB replica set before installing BigchainDB, you _can_ do that. We don't cover all possible setup procedures here. +Note: These are just guidelines. You can modify them to suit your needs. For example, if you want to initialize the MongoDB replica set before installing BigchainDB, you _can_ do that. If you'd prefer to use Docker and Kubernetes, you can (and [we have a template](../cloud-deployment-templates/node-on-kubernetes.html)). We don't cover all possible setup procedures here. ## Security Guidelines @@ -13,7 +13,9 @@ There are some [notes on BigchainDB-specific firewall setup](../appendices/firew ## Sync Your System Clock -A BigchainDB node uses its system clock to generate timestamps for blocks and votes, so that clock should be kept in sync with some standard clock(s). The standard way to do that is to run an NTP daemon (Network Time Protocol daemon) on the node. (You could also use tlsdate, which uses TLS timestamps rather than NTP, but don't: it's not very accurate and it will break with TLS 1.3, which removes the timestamp.) +A BigchainDB node uses its system clock to generate timestamps for blocks and votes, so that clock should be kept in sync with some standard clock(s). The standard way to do that is to run an NTP daemon (Network Time Protocol daemon) on the node. + +MongoDB also recommends having an NTP daemon running on all MongoDB nodes. NTP is a standard protocol. There are many NTP daemons implementing it. We don't recommend a particular one. On the contrary, we recommend that different nodes in a cluster run different NTP daemons, so that a problem with one daemon won't affect all nodes. @@ -35,6 +37,8 @@ We suggest you set up a separate storage device (partition, RAID array, or logic There are many options and tradeoffs. +Consult the MongoDB documentation for its recommendations regarding storage hardware, software and settings, e.g. in the [MongoDB Production Notes](https://docs.mongodb.com/manual/administration/production-notes/). + ## Install and Run MongoDB @@ -46,8 +50,7 @@ There are many options and tradeoffs. ### Install BigchainDB Server Dependencies -* [Install OS-level dependencies](../appendices/install-os-level-deps.html) -* [Install Python 3.4+](https://www.python.org/downloads/) +Before you can install BigchainDB Server, you must [install its OS-level dependencies](../appendices/install-os-level-deps.html) and you may have to [install Python 3.4+](https://www.python.org/downloads/). ### How to Install BigchainDB Server with pip From 79997848cd469fe75c237c1f97312c34f5f1c2f5 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Tue, 11 Apr 2017 17:21:25 +0200 Subject: [PATCH 219/283] Refine test for the election pipeline process test that the process is started with the events_queue kwargs --- tests/test_processes.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/tests/test_processes.py b/tests/test_processes.py index 00716010..e6503541 100644 --- a/tests/test_processes.py +++ b/tests/test_processes.py @@ -9,8 +9,9 @@ from bigchaindb.pipelines import vote, block, election, stale @patch.object(block, 'start') @patch.object(vote, 'start') @patch.object(Process, 'start') -def test_processes_start(mock_process, mock_vote, mock_block, mock_election, - mock_stale): +@patch('bigchaindb.events.setup_events_queue', spec_set=True, autospec=True) +def test_processes_start(mock_setup_events_queue, mock_process, mock_vote, + mock_block, mock_election, mock_stale): from bigchaindb import processes processes.start() @@ -19,5 +20,5 @@ def test_processes_start(mock_process, mock_vote, mock_block, mock_election, mock_block.assert_called_with() mock_stale.assert_called_with() mock_process.assert_called_with() - # the events queue is declared inside processes.start() - assert mock_election.call_count == 1 + mock_election.assert_called_once_with( + events_queue=mock_setup_events_queue.return_value) From e0e997755e8666dc495a1e0c15c831437baf7731 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Tue, 11 Apr 2017 18:31:56 +0200 Subject: [PATCH 220/283] Re-order imports (pep8) --- tests/web/test_websocket_server.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/web/test_websocket_server.py b/tests/web/test_websocket_server.py index ee0cfc6e..55564ec2 100644 --- a/tests/web/test_websocket_server.py +++ b/tests/web/test_websocket_server.py @@ -1,9 +1,9 @@ +import asyncio import json import random from unittest.mock import patch import pytest -import asyncio from bigchaindb.models import Transaction From 98e52e047e866027d0210c7d1d6749414afc4e35 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Tue, 11 Apr 2017 18:32:21 +0200 Subject: [PATCH 221/283] Make utility test function into a fixture --- tests/web/test_websocket_server.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/tests/web/test_websocket_server.py b/tests/web/test_websocket_server.py index 55564ec2..403b037d 100644 --- a/tests/web/test_websocket_server.py +++ b/tests/web/test_websocket_server.py @@ -8,7 +8,9 @@ import pytest from bigchaindb.models import Transaction -def create_block(b, total=1): +@pytest.fixture +def _block(b, request): + total = getattr(request, 'param', 1) transactions = [ Transaction.create( [b.me], @@ -154,7 +156,8 @@ def test_websocket_string_event(test_client, loop): @asyncio.coroutine -def test_websocket_block_event(b, test_client, loop): +@pytest.mark.parametrize('_block', (10,), indirect=('_block',), ids=('block',)) +def test_websocket_block_event(b, _block, test_client, loop): from bigchaindb import events from bigchaindb.web.websocket_server import init_app, POISON_PILL, EVENTS_ENDPOINT @@ -162,7 +165,7 @@ def test_websocket_block_event(b, test_client, loop): app = init_app(event_source, loop=loop) client = yield from test_client(app) ws = yield from client.ws_connect(EVENTS_ENDPOINT) - block = create_block(b, 10).to_dict() + block = _block.to_dict() block_event = events.Event(events.EventTypes.BLOCK_VALID, block) yield from event_source.put(block_event) From 8361fae8159b3a6fd4b4baccffbe25a15a7e2d1c Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Wed, 12 Apr 2017 11:16:49 +0200 Subject: [PATCH 222/283] clarified notes on RethinkDB storage based on @r-marques comments --- docs/server/source/appendices/rethinkdb-reqs.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/server/source/appendices/rethinkdb-reqs.md b/docs/server/source/appendices/rethinkdb-reqs.md index f1351612..0d3468b7 100644 --- a/docs/server/source/appendices/rethinkdb-reqs.md +++ b/docs/server/source/appendices/rethinkdb-reqs.md @@ -20,9 +20,9 @@ As for the read & write rates, what do you expect those to be for your situation * The RethinkDB storage engine has a number of SSD optimizations, so you _can_ benefit from using SSDs. ([source](https://www.rethinkdb.com/docs/architecture/)) -* If you want a RethinkDB cluster to store an amount of data D, with a replication factor of R (on every table), and the cluster has N nodes, then each node will need to be able to store R×D/N data. +* If you have an N-node RethinkDB cluster and 1) you want to use it to store an amount of data D (unique records, before replication), 2) you want the replication factor to be R (all tables), and 3) you want N shards (all tables), then each BigchainDB node must have storage space of at least R×D/N. -* RethinkDB tables can have [at most 64 shards](https://rethinkdb.com/limitations/). For example, if you have only one table and more than 64 nodes, some nodes won't have the primary of any shard, i.e. they will have replicas only. In other words, once you pass 64 nodes, adding more nodes won't provide more storage space for new data. If the biggest single-node storage available is d, then the most you can store in a RethinkDB cluster is < 64×d: accomplished by putting one primary shard in each of 64 nodes, with all replica shards on other nodes. (This is assuming one table. If there are T tables, then the most you can store is < 64×d×T.) +* RethinkDB tables can have [at most 64 shards](https://rethinkdb.com/limitations/). What does that imply? Suppose you only have one table, with 64 shards. How big could that table be? It depends on how much data can be stored in each node. If the maximum amount of data that a node can store is d, then the biggest-possible shard is d, and the biggest-possible table size is 64 times that. (All shard replicas would have to be stored on other nodes beyond the initial 64.) If there are two tables, the second table could also have 64 shards, stored on 64 other maxed-out nodes, so the total amount of unique data in the database would be (64 shards/table)×(2 tables)×d. In general, if you have T tables, the maximum amount of unique data that can be stored in the database (i.e. the amount of data before replication) is 64×T×d. * When you set up storage for your RethinkDB data, you may have to select a filesystem. (Sometimes, the filesystem is already decided by the choice of storage.) We recommend using a filesystem that supports direct I/O (Input/Output). Many compressed or encrypted file systems don't support direct I/O. The ext4 filesystem supports direct I/O (but be careful: if you enable the data=journal mode, then direct I/O support will be disabled; the default is data=ordered). If your chosen filesystem supports direct I/O and you're using Linux, then you don't need to do anything to request or enable direct I/O. RethinkDB does that. From 8b861131d87d80f3b3a72ca4e5bee1d24b98a4e4 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Wed, 12 Apr 2017 11:18:20 +0200 Subject: [PATCH 223/283] docs: added that we require MongoDB 3.4+ --- docs/server/source/production-nodes/node-components.md | 2 +- docs/server/source/production-nodes/setup-run-node.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/server/source/production-nodes/node-components.md b/docs/server/source/production-nodes/node-components.md index 62c5c9a9..e95a26b7 100644 --- a/docs/server/source/production-nodes/node-components.md +++ b/docs/server/source/production-nodes/node-components.md @@ -3,7 +3,7 @@ A production BigchainDB node must include: * BigchainDB Server -* MongoDB Server (mongod) +* MongoDB Server 3.4+ (mongod) * Scalable storage for MongoDB It could also include several other components, including: diff --git a/docs/server/source/production-nodes/setup-run-node.md b/docs/server/source/production-nodes/setup-run-node.md index cee34508..42a11b04 100644 --- a/docs/server/source/production-nodes/setup-run-node.md +++ b/docs/server/source/production-nodes/setup-run-node.md @@ -42,7 +42,7 @@ Consult the MongoDB documentation for its recommendations regarding storage hard ## Install and Run MongoDB -* [Install MongoDB](https://docs.mongodb.com/manual/installation/) +* [Install MongoDB 3.4+](https://docs.mongodb.com/manual/installation/). (BigchainDB only works with MongoDB 3.4+.) * [Run MongoDB (mongod)](https://docs.mongodb.com/manual/reference/program/mongod/) From a6ce7b40aa1bd6915f12a2476bd737c307a7b1c1 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Wed, 12 Apr 2017 11:23:34 +0200 Subject: [PATCH 224/283] docs fix: the bigchaindb package on PyPI no longer includes the Python driver --- docs/server/source/production-nodes/setup-run-node.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/server/source/production-nodes/setup-run-node.md b/docs/server/source/production-nodes/setup-run-node.md index 42a11b04..c1777cff 100644 --- a/docs/server/source/production-nodes/setup-run-node.md +++ b/docs/server/source/production-nodes/setup-run-node.md @@ -54,7 +54,7 @@ Before you can install BigchainDB Server, you must [install its OS-level depende ### How to Install BigchainDB Server with pip -BigchainDB (i.e. both the Server and the officially-supported drivers) is distributed as a Python package on PyPI so you can install it using `pip`. First, make sure you have an up-to-date Python 3.4+ version of `pip` installed: +BigchainDB is distributed as a Python package on PyPI so you can install it using `pip`. First, make sure you have an up-to-date Python 3.4+ version of `pip` installed: ```text pip -V ``` @@ -74,7 +74,7 @@ pip3 install --upgrade pip setuptools pip3 -V ``` -Now you can install BigchainDB Server (and officially-supported BigchainDB drivers) using: +Now you can install BigchainDB Server using: ```text pip3 install bigchaindb ``` From 75dd645ec9dfdc2b39918bce11c2a31c215b2b75 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Wed, 12 Apr 2017 13:47:58 +0200 Subject: [PATCH 225/283] Import stdlib pkgs at the top of the test module --- tests/web/test_websocket_server.py | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/tests/web/test_websocket_server.py b/tests/web/test_websocket_server.py index 403b037d..3b3f2e39 100644 --- a/tests/web/test_websocket_server.py +++ b/tests/web/test_websocket_server.py @@ -1,6 +1,9 @@ import asyncio import json +import queue import random +import threading +import time from unittest.mock import patch import pytest @@ -32,8 +35,6 @@ class MockWebSocket: @asyncio.coroutine def test_bridge_sync_async_queue(loop): - import queue - import threading from bigchaindb.web.websocket_server import _multiprocessing_to_asyncio sync_queue = queue.Queue() @@ -87,9 +88,6 @@ def test_put_into_capped_queue(loop): @asyncio.coroutine def test_capped_queue(loop): - import queue - import threading - import time from bigchaindb.web.websocket_server import _multiprocessing_to_asyncio sync_queue = queue.Queue() From e614834a0360ce8e474fb5334972710a99e2821d Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Wed, 12 Apr 2017 13:49:10 +0200 Subject: [PATCH 226/283] Import Transaction class within fixture --- tests/web/test_websocket_server.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/web/test_websocket_server.py b/tests/web/test_websocket_server.py index 3b3f2e39..4323685a 100644 --- a/tests/web/test_websocket_server.py +++ b/tests/web/test_websocket_server.py @@ -8,11 +8,10 @@ from unittest.mock import patch import pytest -from bigchaindb.models import Transaction - @pytest.fixture def _block(b, request): + from bigchaindb.models import Transaction total = getattr(request, 'param', 1) transactions = [ Transaction.create( From 0347fbccf49d95c3add28ce9339d58025aad439d Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Wed, 12 Apr 2017 13:50:09 +0200 Subject: [PATCH 227/283] Add a few more checks to the test --- tests/web/test_websocket_server.py | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/tests/web/test_websocket_server.py b/tests/web/test_websocket_server.py index 4323685a..13015dbb 100644 --- a/tests/web/test_websocket_server.py +++ b/tests/web/test_websocket_server.py @@ -114,17 +114,30 @@ def test_capped_queue(loop): assert async_queue.qsize() == 0 -@patch('threading.Thread.start') +@patch('threading.Thread') @patch('aiohttp.web.run_app') @patch('bigchaindb.web.websocket_server.init_app') @patch('asyncio.get_event_loop', return_value='event-loop') @patch('asyncio.Queue', return_value='event-queue') -def test_start_creates_an_event_loop(queue_mock, get_event_loop_mock, init_app_mock, run_app_mock, thread_start_mock): - from bigchaindb.web.websocket_server import start +def test_start_creates_an_event_loop(queue_mock, get_event_loop_mock, + init_app_mock, run_app_mock, + thread_mock): + from bigchaindb import config + from bigchaindb.web.websocket_server import start, _multiprocessing_to_asyncio start(None) - + thread_mock.assert_called_once_with( + target=_multiprocessing_to_asyncio, + args=(None, queue_mock.return_value, get_event_loop_mock.return_value), + daemon=True, + ) + thread_mock.return_value.start.assert_called_once_with() init_app_mock.assert_called_with('event-queue', loop='event-loop') + run_app_mock.assert_called_once_with( + init_app_mock.return_value, + host=config['wsserver']['host'], + port=config['wsserver']['port'], + ) @asyncio.coroutine From 40e3c78c9a725b7b2c6e6467fe09f709c80a7b60 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Wed, 12 Apr 2017 13:55:07 +0200 Subject: [PATCH 228/283] modified the Bigchaindb node diagram & notes on it --- .../server/source/_static/Node-components.png | Bin 36249 -> 38521 bytes .../production-nodes/node-components.md | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/server/source/_static/Node-components.png b/docs/server/source/_static/Node-components.png index 427bc4c6cbdc8a10ed5d57d7712f113bd7646fd8..326b6af69c44b7c817275afbd33954af8d1f791d 100644 GIT binary patch literal 38521 zcmdSBWmMH)6gGGf6{Mw+Zlt9fL_)edE*;VhmzEX*k&-R}k?t-j>Fx&U?uI%1-+ABp zG_z)A&6oMD<+{sz;oK8@Kl?d*KbtT`c}Y~HH%Jf&1Xb#zm@)+N%m@5qL3{?@F*SH^ z3SQuyM5R;_5fSHB6qdn%37o|>omK42oZSo^O(EvCb~dI=PR5R=rnXKNcFu?JEkY0o z8AM9#y{dc4-h!{L%ETkWk+Hm1x&2m0KBc65CxjRY4hatK9S%IE*fUJ*Q@1||va)xf z{;%Hphh_P{@`w8j$BXUQ)&G`VQHeEAKJhafj_F9L65j2DgYd%PGqLL`rI@Zm% zx2uetH5`skbmh)ZNsRUs|H7*@nqEg5ufn{Fv01?@S)mfZ3^oB3-M7@3XBG)<X*frs*!h((QmEFj$!mx$&M2%{)dA5qwM@x>$U@o^V>RpZd306szB?S&fF7vH=*z zuqZ~8p40BedA^-IZ3B|r4-V7Wd(X?i#b9zzU!GvO{%Zq`Q@~5a^%YoH5E-n^sjBkV zUuLk+;BywR+Zjq2P2j~(;{Dl^UA=iR0%ioU!2Un^a4zJ*TFLuzpc!3oF_AsO^5Mqn z)I8Z5Rp)JkOThHXaW+Dq_Xe@Fd~3@>6_ZijP@_KMvd_Xo-oQYUy9gLq5Mg9a!=%R6 zoo{fKpz8Rz9l=%JY3cNW(1!IQWWHUfkvA_AZ}qmavQjlRHCn1OU#?7J9B`oy;Ir>pq>0`G$Gaq(64FW+y!Dwnav~+ShMwgV_+PPuUn|K%r z^6BFe>wMvL=5QNAG5K;J-A2^w)^p4*-A0$+{EgFtbqw#=4;j2>9hWj)Z*#Bk^yK@w zT*ghUl*`35hmAbUyOA8^B^)A_))vkBqXm7T4^O)VAs%cxoIHm$7?1=B)Ot?N!3R*FVhtN5oxI+2+># zup1ZWgKRd};C{oLAGa{rCyR=z?{zi3oli5Cy6Gw4J?nM9gR|*DvW5yhY={BQIjjcO zsNj10QuOaP!F*bTo~s*%nIgj1BgaBALVs%dPtT5>Q_g2-txjcFmUYs&xJyv(oyE6k z?sPs}5YBNI37@L;sK#uQGU|EX@5JqDlz5d|pS$BenbjHP@XEY~{utp*Odj64c}p($ zXrJBNGSjmkWyOacJ+=$q^dIA4=kwJayNGnq4rv3|@>TZzKPN^thrm-jyD*61SmL zTmc(f+s;y%byF)Lug6W5&Xjz+mqlp%cZj6LSNP2 z+x+v^#cgwl%m0xCoZ>D(<=lc1e)}h&5+U`s`hNmj$Z0a0;=3SxLbhIp>L2N%1eBR1 zfd4%qxD^e)e521f(u|tLp9p9H3N-zrE6)Ew%Z9F1rUK+maTATqS2(8Tg@r{u{}WoL zp0l9#_6baHsQb-sS~{Jg*CmoNp;9$q{O_o|#udda4SfW*7OnSjX%?$yqBHJtBYEua z{|F589Ho8bEqy71-4~a+OX`8vJ3IS+F9SdHyu#TGG&M&MZ{Y(dOfp~hi=PTJtboC8 zFK`Oa{Z@{heN)yuX73BkA2@k0lEZ8>OS&PGa6C49qHH+>K=A$NBXe@}arETxjz8M! zpU3t6P}jYg7|Bc;N~)qFBja%=5GT|*1(Q?|IlFjPr(3L?e{*mpAtAxZ$?5Ip6^Icb zVa$r}ee>iB_83j@t>4IxjGxAZqfGgK5S{}||qut;PAO2;#0f&=7 z%saC)#D&);2~wZk%<3MTGXwYNKb}@zTdu8j2|wPQ$`35?b5^-oeX{z=d49QW*JNsG zet9wHYBx7G_W=bS@)F}DyQaMS`_Sg2ec{nm!IasY4u5SUKn$*SzxTFk_r0p{6}#vK ze~YtxEpPTOPs+cXn)j9H{;DUhyH30H^lA1fE-uCfJZTgHS$^>`Tt7}a?%R)Vv9V{D zOGDO6iS0VeM!a*Pl9C~@MmM~ni-SFf!heU}-bJ&x+dsZHP*il+b95|8RyGgWOmv2Vt%m_@-qxH{&Mx(+7HfM@)7>_^EV`9^HpCa=5y@2CTWo45ffkpRmX?<*dn3p6m{iQzbiF!QY$7DD^trzwY1SQ5 zkfy^<6Y_@je5bbNx((uA6J|SSa^_2IGtku1a^N94-;axn3knLdxiBfyl$V!x=4
  • 0J|3f`11G zgC92G#OSd3`1oGFd`ZIR{EH@2ukp9HxBdP7 z_uaBbETp8QWa1gO^{W>ArigHGs$6!}Bbw-nhe86RsW9E5E@cPge0aREC6wS$lP%6} z{0o~TTl(DWou@JDs2Lf*?tKwyQPj}DBOsVDgq&4%baW7~n=M0Ys;f_~?>aifpwOjc zZo5^RrElLb1~ewfJw0!K{rZ()d4lOKu-Fwr7-o04&`{(1=p&SVxV5FJuP>iH5*qRh z9)3dQ;_mwN-Me>fZEY2118kg}`w=I%Rm~BLjoBV;eevF43)e4w(wi|LshU^*d3Ds> zUh6deBHxme3m$IK{elO6y!+7fdi&qM@!{cbiHTau%AYS$E*lH#YIt~foU3T#drYc5 zzC=Yu<>k?)4@HHChet-zR9DPcp9>Nb5p6l&^u{qbIXb@laCR{v`W-)5+%`uiANJyV7Ea(^+bxRHWv$L~nYTTrHkS7!K zfBiy4LUMF|dQebNfgN;=a9K}_5UEpPzE;RDF78Tab32${XmB&epKM0C^GoKkQGSea zK3Zu43ZhO>J19qN0MC|54y#W-hL(su~z0eDkK-dggP>Tyt}?Xr|)5 zQk`zIX&>(0c3N6m2s)|H%C@jVx>$*5=8r?JM|TIMwtPxfH^ein4{txz&`J!rmR47n zbv-8e`L9kE=~!A?W@cvU>+6HB!4Jm4#y)aylz%uoTx^;f9WBqu@M|*|wy32rO4@^o<-rd>35S7kRritO?=3Y~H9VQkZACH5Bqe@>@Ud~2EWpaJ8zJpL%QL%P< zElU$4pGQkWla!dKrmBiDBqt+-jD*zN-w%Ls$6=8drTzIcxH##mnwsvKf9p@r3X~yE z8V@hw=*T`uw9TjtoWHfTwX%vz81X;Hy1F{vX87cR;=;nSqoe6cODu;wd3kUY0K;x> zZ#6VDfU)tV>MJTPudKZHvi((9C@Uk=E^PRB{RCW~Z04$u-31b5gE24>pNHcC7>M#+ z;a!zm2@VeC%I=@#ft}Hb{v8-7YL`5I1~%Eq+&oVoqQn$z2#ykL62K!yT$vnYaWSzU z$;nuxbtY_yzzwXe8G}R(S@Fxt%4~{xK2l+NAp~NCcVdQjg5w8>q2gQMwm&PLH+Ebz zyR-zo_x+e~<`Yt(oL}iy%FUJh-F+)OGd8oy#|r|Z_%~K%+)cpKz=JH0^fe;l$qC@n zhgzJsF&7EL(7(-8StUe8DclM&(9?^Giq`5LgkjMhjR;OmOn~otczBp9)^l=kN#%3- z9Uc8Ts=GaeY{j=XN7>TIh+=W6K#`7-iD_(f)b(J#$AFcdfuX&2A%(|3>Q7N| zadkz->G^q+>;9Xv;3QT0qWpZYtkko@pLu!dLf&s4wV4xuU-Ye?^!N9pP5FmKMd5{s z0YCwGB!T!gPTJ1yaCOya^=3C1m5>TkN?ZGl&w^@>@<1v-Hy79B&=7h{>1dA>u^>#9 z3?nckh15Q}U6Nm|@SK`Nzb>z~J1gJTDIh`ucPl-5n$(UOr&;^zMJ`Q^)>5D`)y zdlBXYth^}0AKBT)pFVv85W_urw7ss*5^N|G?)^1a_UnTq!$0P&bguwhCTPw0OeX;> z4I#d@Rb-Vu1H`7XvUiK_Hg>>`5HkYy<<%6=8iY)w`t2Ea>QTrs-sjE;^T zh_U#--0ctqYD`Sb&>5E8++479fM#Nm6oC|!lrz>`5fWDHsSg%V^ZN$}LCB)%Vo=H-2MAJSHHEn_m6|f%5r$=KWHipg zL`X=OoRow)&~YIkAP|aN+11sBi;K&0Ez@DZ`b|5JPxK=lHs;|6W##XhjJadmAmEIU9esmdfMfGoOZEby>8aEu6AvV&B^dUD_*DjDP=rAe+a}J{n z7t8wc<;&A{JkMACBr5t$bZfaSU@JZC2%OSNlrmlH*RNl}I$i8URat6aA4ETp2>Be@ z^tLSuGD4dAxGkbr!~V35yw|0fJW>@Mwz0_#d6(F~smB8x`llkDP1o(RV7*b9`#=&W zu~5Ol7D?koD6PLHqXc4HZ0s+n0bpJdh);lHXkcV?@}~ljfa>y_r9UshDW9zOfe;S7 zUp-&dW@BP}Vxni=(bw1aJgx_9cA2!SiwkG4VMifVN>LG0^9#FPH%H~k{~kp0Ffqr? zLEM_VjnP?tC3%-zpJV^Q{}rAE=(Km zSkM-~cOfXR95Li})DWR{PfWO+{Oifj&j(m=F#46|OyQ>57x(x>cZ-Ee>CMB{YXIcn znI(GeoBjkjX##cLx2~CrntFP~goJ$ttN_lAtl;z}tcV9e?9{2Tl^dMS7M5v?2}c z$X|J%m3EIvj?&I|SV7&<*(okA?oc-mU;xN=XdM~XhR#|H!p;Zj6ARq5JF;T6}Y&#aIvuq^%`*7 zOaK1;dl2Dtkh%q6^g?T|g5PC|FeU=F?gz1GRqP#3?MbJlJ>+-U!Jet|TkKeORHMgP zl#y*^>2iSH`7&88p)MQKC<0RQ>4RoadFuvEMdeA?=%AR;Jo$QM=G(8 zz=47LaH)lLt{S!nH}&t)cv%+R-Q59TdqYU5LWhmgeq(g>c(FgHMz3aXe}t^lb5-YT zJdPRAW>7I>R8~8H@Y;(tAuQ}wLSGJWr3abi)P9~jlQHxrYdzVz^xB_A(KBS+c8-QDZWeUFY4qo)rCgd>dC$J$vmwxuQgW)sRf z%%oF|LXQ3BjWh=VAPPpt#(+-Ugl;7qYN4W`Ngx*K)I_>}(Pf4pY_l@-M|jEjPT;-BMnz02;=nT>^oV)}q+-q^zYJfH~jj;A;Z61}gx|rd3GWTVKyn z&ObRhiIq0}^of3PrQfK`fH*yviZ2b&{={-tld zxpa<;m6er(;?LmV;L;K)ITZ%tPvy4>eMNOGB#cVCc}mI=eTU( zzv~sa|17xc1rBcvBm*h~0>DQqM^{&HYxfdLm(RmOn6EI8(qzA_l0h$yi-g)oHFEE-48J!kS$b;6h>)E2q~W#4xBAZb?)LMl1rBrN{4< zvzd2s!~^+eai3?UTZG4`Q(ZU!`6z-5E@AliAHOc7a#$)G7%cykiW$FLId)I&Sd1j* zx3;kXwB^c6C{EhN$q5-5nX;G@xBoJK$zLk14ed9+nBTbSNaW+^$1?u;S`=`)jwx&;YHscta8<3X)yz@8 zzP)A9D*rd30i`zjI$)-urq3T_4mv2r4Ftg zpPZfoC{IaEWs3e-SX4CO*5ylK!#w$$lxQily~2te6aUe&dIoS|9ZgL}-P$9MwLg4s zA-;2Ov3q-BXwivy{7R&Np??q+1=onsbh4P9M(1s1a7A@+0Q=bXC}X|UoXV41Rpp|l zrsn0nznR|58~zCH$S?u3p% zBIxH^+9hHXJ%9gRxv%Xk{(cE5XFNMsyq_8EfgwXI^j%%6!M)&SI1e~IS>RFJyVll; zZ1s}4XEpg_ybPjz_{0#{>q;2sTAtC$1B(g+i%WGsBP59m8%a-Bmkt{#svF#vf$`AC z!8|-nO->eC zA16V50T&cMxWLT^TM!Uv`?}#FB110hFd1p-jp?Duk&*3%PY|+%$jHIQOTGqVMv&*# z<<912;NM-imS>kVj2Z%qcYQOs3k|RFA&|ze%#wEE;xEiksP2_+yp^6td)|IrUr$NT zV5r3a5lP>2JX>sVivpkwjeREa_|9}T7R1tMy%!J>eivTYy5qG4d{_7-yaAbKKzncy zCj{dCvu{L4L&Ll^aO;J3WM>)#)VsDQ^&%HooH%NKhdzg_OTb* z66QEH?CipEH)_C|v4avGb>V=#_G!M&z=wxpGFRgXgKK1ANHn0TkiGqY8 z(}4J4)E()P!8ZT2?8r33=l8ao@j-8I*$C4)zCYDv@4`2-E;mVEG#^xOTsT7Pr(X`b zcKyK;{$C%~ta{}%adLS0OLz>VUymKfJlXnxDaR(A+i%9tE5iIF z_xqql;Vp7(RZ zuD&!EsC44lO@#^{E{+|4{_r_<5`n*||3P9hy?W*kzBu~^>-|!VqYLY{m%_%6=xRHM z$>)5fsFH3cn5YV|b1i&ndYa6>(}5USiuz?~*AgAti(a%93HhLmB9gx2Hd64Z&7>+S z@g=M)=EoK8bvDg$=iF!ZDYh28gnJDCyppVKbgg}3HRQ=tjacEkB3ii*jRxXlq%3tU zg%|JC%zvEAQr_vTkHy#DbbaY_V~a|=gj%?4^@$*@$Dv(XTc}F^bOa+NE`<;Mvs*4j z=w5y=?DjM@nF9^|BDJc!i3cUMKIp{v+dt)mF6R+8pNt73b9W;wT6{a# z`N7*P4nCn)M(%96ff7Fob%S4NI16uD{|`?Z#D!Po8od)vDa&rA%?v~s95R6h`dBt(qeZ7$)C z97`Rs&vtpKmz2xH*V*8!){oT9!FOhci=@QU7~al*198L@$_p>bHp@-!Ei<{0S953V zI4eUfutdf4exopPC-K^_`*NERUBq6O^EKgPKK596k{?MCImFh!P_`*{%U-#2-rTgKU+t_w>4ogll> z6nnUxVc?KEOH)}^cqbmF$Ouc^G(F;$nc5}Ur(C~e&$9tD>iQA%A}ALtEHr(5BrAO5 zuuF6BmPj}Od|&1DcsaKmkIA1e?MvyBh=$V@Hqeu92VwHGa%Q&VD~y;l9WL-;fR;J! zoP_q^?ffvss)r#uC`#HHh?S^buyX7m2A%XKiG*B4fi13kfUe`{=@S0aOu~z=Gta*= zk~8}4Hx1Wv*Mp}UrYl^+!NSPz!5eh)rF+ynPQxn9yD^?rbI(@G>uT-ielvD20|Pe+ z4avE_1KIxHx~lh)pHqfM8%zJ5pPIO!hHK;qlx(Xr7Dh@5kd(!DKf2odyYV=YY+=%m zyJ3@BGhoLdS9Q?3Xe54 zX5RJ=V~Q{qc_lL&1O3B~&aYv2c2h`>q5;CCa(t?@W*xd$<{tg;DBc3&4A`4TR%S+3&ud8Buf@+2NlD0|85<)vL=m}&$9JNGBIr2Yd1V*zjI%+bJW z&^eed$5`+ABrK87l)A#jdTo+ z^^Us>C>hGGI;gB2o1btmXV(*1=dwzS{1NW!yUv_H^k(ql2Hwjpu5*mb6)b2RF{Z$; zjC&u(|L{xoLecB^qSvn`pRfHl_2s4c-JUh~zKJX1!>^d4ccOILira6apFh4K@8BZR z^SM(oA|e2K7Ww3o-Ov{cceHRaLyw{?J47#CAMAiNXQ8HeA zc)FQ8C_1Y)AFRuMyeqrA%6p|09?B$xd;gfNz9E4~u4Mx+`gh#@?vT4#I`ZDnUA0N? zs&VyrzH@~XFIJ(!zApAE={LLVy>}}*4vw#ElW=2`X|vNO1|#-MMpRvnWE-A(aBSAf zWr<_eF3~gY$H3D8K`25g)lhgZFnG+3wYedXx;2xlsQ*gWL`7ri;~nB?RBWd2Voi28 z3q_!4{G$~N$EWr4s&o~6QuOzRw88N2t~BA&Lqaye`nC|r^^Ijg%>bf#pkmn3@9t5P zA=4i2A&Hvpg4mDiUzIqz=#p+EjL~AQ-lP|eo5{ulE8JQ7O^US?^P^5|Y~uAjg&_6! zkEZC<%5`G&hhDK5$(`nwp7Rw+VdIroU>`Fojts~vHK=sJmnF4G7i<9nCQ zIEy}U6GB3;J0ojlhtW)BG|&DU16r@2nyPnYdbhsTr()*?bvtonf$@yxVKd$Wf;A|Q z2GQ5|9>!=`=^7DG6?C*m^?SK4WBq$SqU=aovGc0is&ir7S3dNwrG1)&I^9ng8JrFZ z3D}GJY4Iazb4VbqWK#;+HG&!lSS&S(iIPJ#hjmZT?;)c)Ge6o>`*RRrl3!Fy4>M!l z4hlObNmPlqlJ~vPV!|BxZ+Y$|HLrQL5vF-^v^g@W>9;1k(d|o*qe3vkG`etkwM1Eh zl83g>HavXRLE!~WVRcr{pW-dNOR*M9tAD(U<~94*l4ch$>-E|4bQFzC<>U(QvV*a> z)=N_Tmgi#Za>A{&>fdre<9NRBO9~l>8T9B(CAUupB+Rn6yF)F^&_a58p5vL^eIRc! z(;BEOWlI;bs-HoL0i^>I4I~IY_Dk6_inA6~izO#3K9^@u`y3GS1i8jFdJG67ZH0|# z1#7;(`*QK;MVg}z-4HY5<+1~Nv$piV%Xk)~25;P<0K=hC$6gH4gJO2Rr5GW{=b|5H z3O_x51F*|VWmDE*I@!F;g`W5($~=-FtY+$%o8ErJI{lKdUezRH$oh_+2MP){9zpml z5iRVy0jcAjv$yErj^a7yW}dg{bJn)wLa5FHt#Q7t&q2&g#@t><)?iL)`4Q*yZ*k$4 zoiW$RTy9glzqE3Db`FpUy-|gd^Xfcn+nzP3*rRT!+UAB)FoyIH6J_;ZQm%ZcQKfhI z*pZl2znCcE+oZJOd3PSJ{Hvf6hGxwG3~hp=YFLBTy<(H;2iY{$i{XH7??pDXz`Z|? zf!{h&TyH}db1MLY0=_&8#qKtzN|sOc!$>mbeMKJYapsjw94x0>#mv?alc3LIMF+>|D4>1$A{O;OU*Z3v$ajssp*kjjQXqh3uSgKL(IC{E!D?Tl%f{p z@4EXA?}?$EDLl9B+kLd~8qdiB(GKJ)I9*V5@xNm5xgTYSjk+e`g3G0%u+6!&DSBAT z8vcbWz2}ea7EO(%ElyvvTeN<_n506aDTN;OXXe?KdiLZO*8Z{}P0*eeLN~x%?|z52 zhhWBQ4tafeD7Cx}MgbtW!m#9RNbP=UHyh37nfz8Y)e!JX5D?bdT=R;P`xNMtbwVpt z?k*~e^_3V4i{t0b-)vDI9(gXN0j%0zTOBO`JeSuR{+yuxIUt34I*oTz-fLULEo`l6 zn-*;TQoi%kj66KNA} zeHr4*P~cB%IxS&mZ&$%#b}RTcRztvjKJb^gjYP!jqfE7x5f5;f zF=%m^bG+68Klj7K8stp&kuUU8>xI`g?+JvlIDb+oAug!JS@ml z)aQ-9e&T$ql71LQU$abUS$qvC_1i&VN+{yN#KRb zdOw@^$>8F$37%zMZse@;A#;y`*uj2~tmklwCn0j*bsX2EWChgc+|=36EW3!z zZne1gFMmc1zuRDin*GHO7Q~8^Dba6P0(dYsk;v(tRYaY4F9WUS%O{#fbtnF{kxqcTwF4evyG**-h_Cd!aGAsk#xsm~gKOlBcJ z@8k<}?j8!+P1d`;8I!q>z$?!aTrWBqKKp0IY;}59un2HBKyfk)mw1|uOvQ>!R`{Hz09=9G8toCn3lJRzbKZa_Xd=k*tKD7X( z(zGhdn5#ZU@6Fa>e6haKY4ya7so|y%uB3OFxZOW1Js4j?-@0QR$bh~_1cfevU`k3# z1_lN>Ik~Wx?~(@&Vs_rQWUA5!Jjnoh4H$!;LFAxwUyE`o0TB75{SVVt; zYn}BqllYj*EFv+WwKnQT&jQ9|Bv=mI-yfU5PQPV2)x)`oZhUyJkX3^kCMJ3&(`Uj4 zlE_(57^_$7l#wNZ$_LTM_KIrV!`)62;mAG5O8-5d`^c|*4N-*1NWR0X2Ne5Z`jFXO z@Sfr!N0-6( zH5tsGYggiI^-I)!t&f(by}iAt=;tnTeAb)M3$Q09BGEJ46fv=mJs%Ap>@?5|9@&ySQ*+xg5Si4Ci*`;AZ z=BvGs`;mdWySs^riKgasc>1LI(W?&k0L}j~uT**3veNe!NoB|Nmw4{8L!f=&{mS2- zQBr#5bWG4c@H3%po)E%UVLek0iYg%Y4pbkYs*fj}X}4Sv!p_D9O7*sjjdhOe(m|rH zad0@z`thBdPC+FoCofMX$L25*4wkA&cUK_(qORcG!9{gKiEeR$RYS*$2*L<*E3!RL z%E^hNii!$5dqq|jMS0(QSsJI6KS8fvy#mSUmdA(NG(pd4YuESh{d02GYaP}E1O-7M z96*8eM4JuudvszUuW9pQh8Z;!3cmJ`x|so9uPfG>pfk2m{fzZAxAZXPOhr0=w*ye9 z2d0mPin=eHFOj2cV`IZ@JO2aJ*rum7wY7IZWh(k3C~cgbpYQMO0a248*sS4U5!W1T zQ7X(Pn@_T?I051N&N1wH3Nd=(EMpdDM$_za%|sAQs{;S`B}~Pu|Ng0}sZqyC+gMxw zE-3KaEp7TcJ?##ZcAyvyBq9YRB~hWFK>H9D76z&^W4UrbmBVMhEb>_Bl>sE0#u3}g zX%rcUvZ+_~vNV(pU-Wb9wur4n5_;=B5(FXjoAGgBP}BX#L<^uzoIZFFkm2pVg^_c9;0UIe|6tqs`Nd@&SXmTaoJ}a zuuG;4cCYEw2DhH#tOQGD7}HXcL-k#Jmp&RK@Y@#Nwrqh`lh5?|?o>j2JPkFq2k@HE zW?fLPG&C#&azdcOyScfMNni%m8=y`Z9#-`B_Lh<98y+4`Ng>)N?0;4nP+pg~hY3sE z$eQZvdDn7P{@>V&K0R?W@{!&SCd>&s`uc+=Yy$%WLGU&kKxA}rd<=koC`Tp%6jqIm zjkld)+S;>~mSaF}28MS#T-4Lj3Il2CxMvxu9Nh1G{S$P&oJH3sX3^}*&_qfY80)@f zu5h`kdpmp4$0ent^sgOzd3(dd!vh%`!m2bL$D0A5Qt9b=^;lhAjtQM+d;3<3IbqEW z)~Yf7`Bewx40nJj-yh?~40_XZcXuir*xqy}0#)Ge(v7qK=rW(ThJLj*;n#4~tdT#%rsqy%&eHda>2DJg|zG+Si_ zDs7-(_i}Z*z_y(grDY6$kxZRFZpRHa{5cH*rk$o<4U-DjcR@ub)Yg93TQL3<^S{){ zH&w6eOLn4ms?-V;qq6bHsbYG7c>ukPghW?H(_FDE4ZrV0qb4IRQV?cX$Mp1cTN_-| z3LGB^YL>=nB^&IvbJHQ%p9@N~gCl6y1&3-}F=IZMGE;6E4$$f0{&rzup{F?X`4w@f zx0lzGVh=NF1&H84?QGP7!>ExXp^sSA8y?c?>jt?&3KE?uGY%;zuo4jwad0>uOy#f2 z=&qXMOA!J3g9%!UH7OLVQ2)t*>ng|@6Hq?@Uju9c=!trJrOW%aS%4Dl3l0MsF`x4( zs3CLP1qTKKy~vLrKOEM&fJSb`jV%5nl}Q4Sa`>sUK)fT{4E}9y0-;rFXD2lqo8$e> zxrxSj%Q9Bzv5-fcw3?EV!^7P*z(64N3dAT&i4O{T0V+)mnh@Cg7JRc8eB2YQD2q<0 zyVtA*Xlfc72+yCFY8HM7L9@KPn_B#=Kn6q;6w!#lHf?P7mzNDpO*>84IHBk$6{7-0 zL}o9D2O$=bK$E4VMG(^dj-8$1t-sPPORxeN&>45pVn~XMk62U!nH*s(DtntLtBIx7zzOW`~91ql~plQ z5vb&%KuLCf-U}!*czJo*62IAb10@E>OiWGc(IeN%_Am5|qpy0Rji`9N7UK|4^D>fsjA`VM6e$ z4nMKsofm#4y3CiOIWo?CK(V1qg&D0ES^W-(-DohT#>WE#0}b$T2?_aa=WBt&f(hD8 z1RQT50GPu+PzDBpNivG${On8@s5pQL8Sbe;4OsDafJN{NVq;^AiHU)b;pM%}>$Gt; z`Fs`3bY?A)oyG}CA^a1mz)v(%uBFLfK_8;YS(vV>YsCeL%N45zAw%TK^K(d{B+^05~v7f9aZhCr0pPOepL$U z`+yg_1f$=24M;W@4{oJz7YQ*RrnJE1TwBuIu^MVut94q`pF0ZY6T4KHO>)x|gcVa`4%SWvN7CgF zd1Av3OC5$Dz(SJ~UaD^X)F72w!YR+an!hG#Dq7|R4Y*rSI_zGcl|DT^1#lnF0xf=` zE*8UW04F3R(*-=rK_C$ zJFS1K78wc&lZzh^dk&^fhf|)NIAOhDuxhiBTX#zL=y2m<&r{fm{O3&oAsNEu zRaH&S+uxP*Ik>q)CXzmaYhe_LV7=`EpMt^=(5`bYd9hPd=M*5kdm}6#l`G@LudFd; zUkFE%!UN`i%rdB|{~mFm=2oM=qC1K`(ZpHFF<_d_7ztrWd>-H1J5aGN-IpS8P%ocr zIIjSDGm*VLn>f_k;xqm0+d@eVdwS->PHg4}U}oA6ce@Et>Z=!Ki`ES1&vXkJ>tVgi zrXpw0h80G(&k73*LqidPIv>dN%lilz>FMdK?UoLa&@+j;Xxd}(}{-1G57nib0bt9$l==yq_^y{cu1oYzz+vGf~DAy}zwD2Gd z*on@VUGK)l3k4#{KcX`Ma9^{YXFzqTtrMG?1ci>dDJcVDJzrV~*6I4}jOVXDJw|UL zy4H>-i}gJBrr*gif0QB?LLm=?R@vCarY*+g<_<<>NRAcRxzC$XPR@SuJ#Or`{bVbF zs1%IWd1>uE`TN1b%E~Ha=$YX2B7MjWKU#v`ojTVzzfm}QM z32p(~m|?t!?Lv}nd^rNXvy*}9g80=Eo-j_I9kCCAisvoJwJ@E@2`o4k_$)j>I6u+M zz4}yHhE6h*E>y|`Ou)K2>R1k(z=I7UsU!3sLAbEo03N_;ON(i z?U5BVY1rSO_=tOSVWWB8)n*H)(j*N6NT?CF_bn2F0}&eqA4F%Me|rD^Jy2c($r`w2 zn`m&b(#7=xo(`I0z&QXV4oTGJ#zwXI5D9L$xU1!(!ll}dIYWF*bP^|EPX>EF(>+P%9Paq0xSMaLA=-p^vS|5FR#bDewEpTn>tIPr+8 z?|3|Wo?*iu@5%h*T_R-zG(AOQdiG}Tl(X+RQzyMd>tV&W#xv0S3*M29lGLp_+ZGP! zB}bt`dASAzw+(KGKwuvZR9j_6FJ^Ggp+L0{1W3>PMW`?xKu1cH+tx5SFoTF9Y%`uo zgRc)Q@nK!&=K^+p6nNcAl;^9X=#OrX?*qRL9vLDpl`U0rKuB-I2>8bB3)_B0KfZa% z`90T)XVMR!=Kg#G6(JHAHwBmYewzdA<{q)qPM=$8cN9bD<6Xu0*}X^5Rop_2Y_5$K z$wx+ub=JPSxgoBn(Hs4=x>S@Yg6Fp-nK|(7pSIqC3O$Xy@|?Cf|qi(lQ6&D5uQi!q%#a!ObTp?G?A!g=Q}xTYy^H zdU){0^Z-;6e$vmbe|y!=TBg}(Gsgw^C*YSkxw+tmmd@jl)!h6rocTdWNC^G_O&kQS z_Oh3Hy?TL)(r`=8Bj5YDA6mk%c8Zb!*xMz_TUF$NjRbL!kD%T(L*bCNuAnHRoxsok zi*ybRE$ykhfUoakYilcz(!X~Z3#zZ@Gm^jvXj?vZ2N~y!i;FiTiSxdUj;{T5^jhUE zo~>SKAh;IPSUJi+{Jf>-?2oEkPiQ+u$%3jvD!(^0+!kt89F=K+7M5A>F+gTrp3;4` zrfi9zUm!Vo4sgiI+d}B**S9I)uz;H+IRCQ%fVtf)?Na&UnpBw7_+r;2;pHs&TM!1V z;O{K}rwfgW;s&h~($YI!Su*!2Vide!f6|9QPX>@(0tu++#a>xe6|rj3UBWxhdP@*1 zf!;c33O6QOZSQ#x~b8}iTRc*=l?r)2LgE^=PiuF%@>sr zAiDeBT#Dt6K2E((niod1c)CpvStUV1rGQV7L`a5 z5`91!-P4oE?`8`q9QXqdkB4#8@rt;J&sFIsW@fZbW$55Dr0(zCFd@UJ;N(E^3^X=f z$>H5hl*{p;w2M)^POAlu0`esSBzE9(LB+g|=-1WS2u8J$`xks?o>(0{EL9+fOZdSVUGH`joUZ`NAHd_bz7ujV52yY9JPhnIlmKJ)h*+QgEf1H{CMCq<};0Kxa*i<*^v{SOW$k5P`)c4N8!=p}-4%Apc6Nd@j94P=bq3a?k_Z7^U zAQW6YDsB=kdJus>xRN(nm%8!PR95QV<&^&mA+?jTI#_6$Ix5Y~Syw0z-)U8aXD^r8 z@{1g_4~8@Dt?WT#zBm z080Y>7r-^%l+-}873n-L_ix?Le~;a|?V^xMxbn{0NzShPeY72EE<5}10J<8A1r7gG z7vB7OBloFOyP`#~{IIVCRbsngR(sB#hJB0D1v*hpY7h0C{#EN!bMfn_Uv0Z6N=U!i z`TYA+IT>#P`Tvj`-r#_K7gbfU|IU4HXXoZbh7R=i`1wK1%{PJlX;NoL1f`Mq3i(vB ztP00w&K|WiElD#in$=0NMb60cZni1Wo$;tvRandP^Q5f=MI| zwl99#k-pZit+bue$Z|5(_F(8~!*9YHgz8q9+~1&k3$HfGxH4(Ku(G*lW2ZelOB|?;o>f&8!)gi>1Q7 z=iK+a?~Z3b``LS!Q-$*L1U!*Xlb|f{vg6>>AP(gkG2ztoRJ4v7cc6F1)^|o)jtP1Q_4M?>a6nGj z6+iY0fc~)#tnR#pdyTxdwL#>C<-;uWW%UBs#AYeV<>u`N= zZ!4Z$lr6Zo%B${=ylX(O7EvS-rzx2tRaP-hmQ>wW*{RDCB_%c0ei3D-N~tQZ{v<`( z%6De5b#Uo!G(9~&XBzuaXk2!wA46W>YCuSfT;GRKB)Gb1CDMf?h@j-+C$ux@i= zR7k)4*PlnxrPKcfa%_^iU#wQ6;y0&`6}v@ro;iTZ+AhM!f*{z`$mpnm;WH^_N2y`w z$?lw`sVOlzdA&h9dKt@Rl+2C)z4KZzf<{Kg%M}xWWVj9<01v%?9(H1c3VF_g$dR6< znb`xAdrC|MR8iG-t36&#{(qCWEx~@=$HnzoaL~uCdV{bLB3ALy$kF&X<&kn%k-x z*a?v*LwkGP0~LLJ-6@EjiXU|(MQCHXgOeA_G#*n$K}WB#t*wY?&|~NrTv;)KqX4~T zBqSu1l;1rIuhl`N0?0{JD!T z2wqN95vq%V?_uYw7iv6xw#WNcU;jNc3qbt`5J;%t92b}?AskVI4|WIwBhN(^(YXw* zyhp>}nlS#?K*h!73}U0ovM5TQG#@=Q1YM$1e>>>JfDY#?k&|74qP(pu#Is=uRNS~W zTqh$stvK2*zQL$9gx`PXBcAGx|9Vqtk;h&dG1x978v!6Xg+$Bn(H z8QUakT3>NC`oW8Fk=Fk1{`=@&&(_o2BV%H!t52bGOR~h@E^2veYin`wiS=|vXB0IG z3W}wL#cv%vgt_2*a}yXpPN8n_Z#~`H!^7kJc&i#*v;R<&=Y_D>B?%Q(lTkN**IaSN z=pSgqft(4Pd$rA6Ydr-*9p1+A-Jwt^C!nYdXG%s zJv3I?*w{?gsRKY5aK{zlRu`+aY++qO8oF&d8f9grQ2`#^t@5{1s$}lKo|hvYQ(#D_t{VoQpAdhWoU(?Zut4QpRT!D8O_!o$&;g4nyTm2hMAI+ z+_*1Qea$6UKyM#u4ZsKj&>0p9Fi)ATodF0rGl^wB{v8Re$vsQxI%`XiK#%>s!C^La z-tH7xRq{Qfi-epUI?`>XE4pWAFSn=4K{dk#lrONMbegbiSIdsC`%uu6i147Ip`vwa zynEPqC~#rI%q(wNC&`~SS_UrE7I&WX)Uac|(S4~y?}7OuBUNxt!#0iv3h$%qfDa)} zVFjaA&0dx7Nn{@2@3Ub&@c$ST6tq9f0!5?-mb;=3aHX@iyd{QNzYXb@@25Sqt9=>C z=GUR{ciz)QAOL-Wpq`E_f(Y&l7x#(F{-Wo_$<^iIAl#%+u;`I5)t;l>8-u>`$*!}b z3DUSKB6ux!I{#Y}<4|XvFFLpFVhQfh%K!E2y<`i-11N2}(LeMfB_~YZKhm@^YA8$z zhZ`J}Gr@6k`WPG2Ue7h84^cO}Zi7ap1!2{n+g`YN!aGBi58T9}TGkI@(wjpgLKTBu zq$rMC|E&^-DsD!#~lMuj#Wo#4nw z2)Uv67(T3Myw3)qR(O7rf5p*sAaVo7KdNnHr`N5$lU+6N**EhoOw}22s81Je&SSHS zLY>XOSejc{NJ&cWOqJhm#wSmPCMJmYLZ`nq6`gd?3F!0Mu6cB^KV~&nQG1`9w9l5` zIrKU!dUYin3rjlkBxz-f1$b^*x=kkea?~~gLzaIvLO*>?OrmV zT?PS)tllr(oDY#x_`iH%f@g%F2qpmF^)MpVvZ^X=I^NmdDi-uEf2M{LW=2w3yBCi8XBMTZVKe$ajaUu3N`(lC2yd`&_3sefSB0X zbC6odlV7r0TwPtD)YV$F>zKw5MJOWT{=`)YjhmLbO3NgXL!8V5s|0SH=*Q06Zj=Aq zaTeBz*tDecHXBsT2Ea3!IHt#5tzI_pz@%1E;O=zTJOeEAX;>h zhnrCK$u%nfjJlFn^35Q9p0NJ#dmQ|<`)L06lPC0Td2M#sQ8W7OuO4F^XX$2N;yI|j z$&dPSNS2zyaaf&-ZfDmFN_yE7H?HUP%e<|E@x>9(+z>9b+%LNA#d!CgX=x2ma@J); z-*-8d8tYX*^SpTz#F~+Ud-#}#L!q{~tbFUE@fI;oMRlNnuPC_*w9p%M;cj;2xm(viJ_8i znq3smeoRWGduG7;_FN#0b z>zH7cX&uPp12T6y(r=- zE8#+~qi)(wcJnl*vHvkjS5Nn%4#9?gu*7e0MbLk`y|>p4kpMPIwFt}d@84{CwI0`} zdJmlIr>l_csf68*{;tY3VEpkI+PY%SFDqMo%47OME_T|Y_i}{8|6{<1wEdPQbo4j* zW0~lIi!ve^_i6oCWa#~Id5GqQx}J_-dB=wZ-}5bv zx$x&W!dOmR@ud7K|8(x_Od;KYIYFH_DsNt^ywQGj`IrsN|JSc2pGE1xm4fQl?RPVC zGqVCqvwTal0+v(N>l4xsU+wJeDhP$6KM`kV0(z^@H9k z4)>10@q)Crw%7hA8M z)2&zkE5{ShcDo9id9x7gVIe=E`|SN=@r`uyYJXFgkUPOf`waLY4l7;Jcyv;I2~Q1A zwx?#QZTB``5(5BTd42O0eP}$~q2kbXwxvE)0eN@^E%;t5*oFS-I{U-n``-6bqv^U; z#>bUnV+X8fW(SaL_Uk5)v&g8R?Queu)b3r0a39A{!S z?t8JFX4pJTrQzpi8F$lQJuxua5+q(k10qwIx9aJ4kZx}72o_&7hjpz zw?!E*^Tg%Z_WL?P=+xWq>-3MjUWUmG^bg3raFL~r4wj(3x)~iFhJ*#Tdv3Hho;~Mf zvWcZ7IRU{KVZj5jqtG-BDR#_f&KPza9N=lkUVl4Rq$m)Llk4x9B00kmH=AZkkb6YS zid-ZY`a;KA5Xu3)y}eMd1zH>Alt5#k67fn&zx~3Ao)wy!o`&!ZB%Ff${V~b7P$6M4 zLz1wqE^(`~b=wVkPBT%$Qi)0ftCO~R9ZB@8kOaYh*bMT;lhx)$xI>~ud5BV*>{df_ za@K(b#A`JMe*1KgTp5cJF}X+lxwV-i(rtlj2=b8?o=#i6jFt1>lqWM@qwyJso{)c4mAQT zbY}Z7iPA6o%Fx>^G|d53ZE$c8n)e}1BkZNz5RHN?7$NP!C&{;yCHl7W4T&P&O{u9m zGBUxy`h<{P7IFbm=X=q!wUB><`o_ti$W2Xsy)AHt+CvE;rtuz^r4uG~l>S-T@0P>3qpHuI@vLp&_ zi!n&AauibQK;Wq6fH;`s^2Z(ctxrONf)I@X^x@av$ic(Y0k0K<*CO0R=gMRcn}LQQ z0Q7z+IN;SzA;UW;LX|;>YQm4|koWY(8l`uW-H*=>mH}*l(gWPoZydO({i`;*PoQ&g zt5E?JYpYQtMn*=8usfd+;D=T zLX=$+E4S{O&N@{2_1m|7wmS}VbAq3s%EC11KtoUOuaM*1UVrpJk}&*=n5{VRDPd-{ zy{y_150@Q0a2ItNF^J0vEUN3PQ0g*v?{@>v0Ww3k6`1mJ3`|U*K3=ulzq`+X7OIQI zdK@)AZpUHaLQE@`z+Fi;P3EG0$L)zWZ6Z9_`GzU*Tw14_UD0$Uf9`H*;}bO2A=eF- z+ih&(HfF{o#C*?Lpx$HlA;A};$06flVqh?aR337C8X6j44pFk&jbGE9m^^esl)o!p z)X2{Cm6-*i@<`H66_u7}Zroh|Jk|7&kZjjmys~bzlnU~Tc31lAZ(X>W`snz$$DEE3 z@(f1WG?jzR=PbWSvYn0bp;M#)PeOuON-NU~7kspPEu=+K5_4g4Z&fDD@?H}wP$a9q zO89)eyO?A=SuQ9n!o{(st1bShysX&QH>|SVDt)-s@B^&eGOtaeTRMX@tt+1ZnORHv zfR4Ctrt{}0_p{W_rk^PXY!beL;qFyl>&OiS2>4&^=`>|!AJNmV%+}iP?(Ra8Ia`up zDAK1+OS?c!aP4&Y8M31M!jwy47Kof4mH$0EegdhKswN+|03#0r$klzbRZ!~wdaOk< z&OPueF1zk3hGV{8c9PpEceL~+1Z9wcvEW6+oqY{=K7T_7pOM2(q%Hfa$%+>){Z{^! zbdiLFMc!*l*1p%}_8rClB$Z>6^xgz=o0+ZjP1kYKuRj@Vlq@ z!t*yjoRo->|5(70`U_zQ2mz8&QOysZz62BZ#PU4UJf@^Gt#{%I&%vobJkQePjMg8l zdfj>P?Hh#6OV*#NkB{q3|C@P2Zt0I3HK^Bc@#A~W`x6tywKEq3MtK=IkqVQ41gA@= z8T@KLb62s-U#>~KWqck=Pe#{ z-LE>9+Dl9#n6?GI%?~z_KwQ&>`0fw&O3qJUoJBm(38<+Th7VajuExoeMhR7MjpZ=2 zaKC#dmm~ipl4P{9QY8fj?pQFnCLpqJ#@alWv=6z$e|_p(IMf*)@lNM>NNP3jCT*{BI# zXAfg0@emgI=lKhwJPnYVKdR&+dP!D)=QigzEZ#yvaw(3JOPa zE;+0q4R&TV*p)c@nSXws$CWuVaFeag(3KknTFkd^E=k_w$uhz+lUg?m^VHUtsVWbkVcx954`tV4Iz5Etx8FlsD}y`&7vq zz~!wdkOMmx)P~f^YaMn{<}Qk)g!|c9{hIfhofr5_a*_XZMb`Cpipma5uY7H#eESv z+>eFkYOMqWs}na(CcD2ihw+~B?n-ReJ5<)x5bR~TQQiIUB|F=~!kWkC*NWdR8+s@! zJNF%gX+N0<6f-r`AXU!z{l?MX?|Wv7wuRHc#ih72%1prh&Z>1x_yFE#H#a2R2A(GBb zqefxx>)BG`qs`cEmr==aA2m{?{v~%d0|v=&MLblLS33v>#p=bn-*9Yx>qu@O=5j8#8e&+l%ebC!$mzo0OLQIkn6QH#A?RX{e;^VsrJ_)YJY@^;2*F#+-Ezt#d zO8>qY|Fr)8z7W0Q#Rv*$jEf4Mxw>k*;g;InEXm=}o);8+Tlehhx_S%Qk;oQfgB&93 ztpvQ!vsYQU64&=}J@%Adcg#Q%&o8-}qqHmH8gAxz@Ysj_cBlyMeQRlgKFF?D&fB(*g57a=W`JO#q@J{Gl2a}c{K5d&RR|i$RaA#JXySIa0_`~HNinyMS8TOH!GFYDI)!f~( za)<*TR_?Xn_1;-Q>r^NUJ}BwLoISkKoh=W?L1Iz=-q2{%c=qx;{;w@40aLn*73(I3 z^XjNznZ@FbQ#7s9s=Zd(v{)VS??Qb>?hIx=biZW;@)r`=*brsus?dNUrt_7kl!oEvT3;mf58){CXLl* zQy(h(S|YKZ&}%J@id9J__5inpPJ&iRRY!G5R6#+lwisVLSo|A+X(MB*u@}s}EFaA` zxm=N4ktAJ*Jz(a*e+CG2p9y-k1huwaX13x4AW@@Z2ouD{$CZ;$!r4cqdCBUCgybqI z>1xf&&8JC9Xv`o-&Pn?Lq&%Z{pMN`QR}dFXk6rB!MK{{+o!>Y#9mAMuDk{s5Yqz-^ z!|)Vu#1%JQrFQkWW*iIaT#x_!G+~vnU9+(}GU!AAFYOu}}GZ&?|7 zQeA$Lmp7I*R_gV19rD#nR^*{E0Vg|Hk%c>%)rPPlzb>}bWgq=1=G0}(i6w|5Bi%|& zCfnRH3oqm39a7^RQ)2AxS=3qc{!GyI0^NwRKdwH=uI43DyRoLE@e~pR9}+`+*0Nqs zQw&3Il4jDIsW(ZQiEpsE;-M<_%>-y? zBBZ5n)wI3{J#cFV^~4TI2EnEq`pscwM{dztyh>+|-ZQSWrh zw_mrmme)9~aKG#6HH2+C{npE#3vnazxbpJ8y2eoJvnLb22j}qK|M^l{|5rNJSO4x4 zv!&Fn2)Zm5%b92-k}T>dId?7}vIj_RW7N$S;Jp8H&hS&J1~>Q~yrn!?G@l~G0?mvs zbUD&E2YEg0GMGY6bnnPlY}|3t{1fj>e-nCE@7caB*E!&ZeGn2B+6e;*et7FPdo`L3 z(*jBXEFEj>#{aNw1Dur>_3-DmRu9jT<7^-G^SNHp<}BTH%%bb*L*R zao>;nxPd#3xnhQFCBlOc zARhxL)4zPs^b5kS+a@UBZe@l~EUUjui*SSIJEQ((`wSB^6$dRa{gJzcO56#6J>0$4L z$_@|CF0oHoXOAu_sp2+vmrBNElW-)_JPDIT%e z)$_ew&RpQ7$9?|X)#Y&S}Mazn1;|H6cl2$uo|kHTrYmeb{Wuavr6@B z$P12cm9G6o!D*xW+vrb%vy4~>!oc?*Na3SnV32%JQC1iMyuw?V;s1PXSR%I4^FlK6 z;%^xaHoNj3iz$!6IrSY=i_NzmMzQ5QldlfzbZnI4i&MEbfBbzf;VW??amS|~{5%z? zkV{Dgif5o=gW4%{P6BBVKcT$iFl zXdRd{__||YW|7HE-46F_piwBm#mzZj!L)c@Pe@T9Gyou0kl4R8_}EM=_xA zXupP;DBn>n=tJ*>WlERNciP@fgkm2?B3&eU%VJCEc*=k{jo zxupkhKb7OT(`EMDheTHfLqYA1T7f7E3!E*%oTmOJN<3#?4jSI($|TC zSsF+GVg~m=ET{CRqL5Xl)(pYuCZ8&?;?n}I+#b1{NDY3+d*y+S>*hUKxj6z+Dc|!f zOQ_8(3~e|j-F&jX^GRyr?Qsa)51UI!Ik_HB?rWQ{jd?v{X`zYOe-xOor8`spqr*Sa z*%4CjhhU#0G9}VDf4L55fJzZs*7 zfi7f%juwQoOyTNs}* zxKDmciM>-gd^asJ3r#W$H0nN9gB1|6V>MYJSOW^pIsvB~b3WN5g(MQ6B$6xT%cM-- zhEI1jrIlamD#VSbE6G(-e;6XCk@yssd8~|=BCYgc)&eC-Q)gyqf8p+f_Ek)(s3_du zha!aWoWg1o_z>cr?t;69G1Jl^&#>j{)%D-TSJ)k{?wH2GEXs(5}iwo=>Xu=%C? zF*B2X#Q~ATT`|AxzoZ$u=^}LgD@L-+Fa9TD869K`1fuG+EP-Ym2({Ez< zzSp4iE_@*(LKhc|Rybh86@>;igtji=lK}}H_*EpBfnSnmfWD@t*75cUG^|7I;5{qu zgL}6V01cL53$H#iYGh<^QbUTz;Gm~ZcJsL5s^~*B> z4oi)YJibYVAE-3u^{#9@Qh1#cS7(WL5b#@}hVttd4-L(dWlV}J{U?yKhXO`01|qBI zQI)Z8GL~lG(dv7hey`LEsXnr})fLvP)W`pMI15YAFNcVX39}b~(af5b`HBe|MxH%8 zOBOO58ejAl)p9CMc$}o;2bg(Z(oJ;(^J%**UIROVXy3=~m1^4s&;xFCIq>aVh7lul z{-Es)LiLi8?ch|QV`0AtPxQ#CDzs->eGff>`*A3~>z9zo{Lsw(a_-~pwlNA5tln2a zCgxuyKW+Nq8kE+y69T%VMwjy?JTH?;F)o&k$?((HbJXUP(Xo_-BxP--?*&tXE!sF$ zdq@Zsp^%b!o*zN&0nE79`4Pxxe;YP~*5cc)9boX*^ZURYNk(|v!<%Q6=k%KI{AD&8 zdj<_VKY5#S-P84I_}7J{pv-x~AQ|G}(QB2Sp~g!Wvu-UAfs5|>iQ=4|wEm;jGn1_S z%6ZOe172k9f;>}0J&RYde$H$p2F4HSqEHYvlt5`7zHr4Uu!AHlR$EDb;2ov#_h+WA zi>K4y)V-CTuB6ngc3u!_cp;ryc4~EY$m@!l0VWZWNUA?(C!2qHwl(j5c(NStoxoif z?e~)XvKE(y%dSMT?ZA-^CAsR^VP!D!wZOn1^Vf8KJVtZ#p00zLZ;0G`>au+4kr7~D z&h7+$nV2C0Z__N8n3Jb$RUb8-S(Qa#=ZH>=CekYQT3u;z8LoI( zPEFFL`P;!=J}v!_=JOz0PkY zYw_y@Pnnr51JeJJT5vn39R4Yp{8sOaCobhMeUDd5gk2hqaaRbQeDbpP~5aisz=>_E?3|kK>_7M?C*lPJtbmFcV7>?1pQT91{>pU@; z$g4-pu_3Go!JOXU_vUrd+j}Pv^W&wL<*A<2=|ULy1KH!LDzk>SpAO~IX>xuVTsfy` zasMzSk0|L1uxpr=3fG6EW8U*K>IOf5|F?!|}!&b|gQ6 z<3Z|G@I=%49o>1O(wh4zh6c^%;*q{ejxpiESvvAYzM=gmIg)WfVZA3WliJs^O$gTr zy~k8kt2oE4-#foD@p6?k-a!z;3dOG-51@}(SR;;8C)*sVJM4RG^*kr-8YZj!H_ifp z6i%@2P&eR3KcMfU9vI=^hM;-4!=xPM4ua4;5K+V*R+l}#gDXVx4jBQV6rYk($gl&G zC`?sP@8-`aqyH<=HUKjPtXUYk0&SS!(SBe8=z>cJg|hv>e+{0HKx>r7t^o}Cfk7=0 zH-kSrD8RnNxW%5@+AdD_;5s$hY*jC9F<`zA%-I6w!sDQyc%IgxB>&~HgxpVZ^Yejd zUCh1s?iuv{K{*%SSanhEzg!L!k=0aG#+=BB!k{E;I6Q{fgq*DjV$um_W@cw5$sjZa zEh2aXh|_=+iNU#}(`#5h5dLFvLT+H}#+wGD#oIB-%l9;=aCL+>jT(k0aJ%?P!(uBc8% zs~H-*f7XXa^0~7_wy*7K^FQ60j%3B~xFr@3{kwIM4{)b#Km?1^>(b>v_nUd@zJHe9 zG?$y)&2CKVAE!XBFOh>rRCNy`4t92SEiElq*MG&_uT)f^h5z6fsB!S|pDbRg4lb;; zH}$M=akF&yx?z|8_+?a-TiDKX%~D(#Av?g8IeM@6v2>%$>E%nRsKJTR%<~!zj9;cj zd8V+RG)XLs*W#rG<#;m-BAhE*PKd%~2Rx38e8#(I@KM2>{@juG$5`azUI>>TU^Vz? zEVDd^%>2oCv@FzrA$oMoWBt!o-zBiN{1WHix!+%6#Xu^#3+sy~u3@{?Bm_f7{JM-Y&cTWX`779p?k z=oROGz<&(=Tc*KQH%Sset>f2j3Kntj?{hHr46d5k)uc3BrYVP|1<{iNRc1c8`FW-S zx5+`hgi9w9rkc+_-fmco;B}61y`N%GJFUNpDgm705dZm$3HifxK?+McYhK&FCtEAk z{}{q8{D%%$%h$pkZ3a(?e!-d2drV{r93o&oKfn)xQ%8^A4Ks_Bln!9BTRgj-lbu~_ zy(j|W!1oZDzGvRNUSRwPm4eD`_Sig17CQW!uG)5HX#>-%>Efn18-w2Ir5qhPtsIC% z=sB+ZOKyPAt0qBN6fAhTxW|3(u6|$Wa}5*2s`Q$xnDs>z?_#vsm7E+&ow^Hg*y6B= zY8@1;9wp8DEneyucb;}9F15xnzZg6Lt z($m!P_FNbV?fOX=9i(WJnha#Czjax9UKGUSbg(!Yit!h}>D6xHevpHeWUQI`EJ4BS zQF3FwkOrm(N6{eL9*(s2tp;)}*5(yZ32f zb&zts!6}aMmsd@y?2q$w4XfQIdz^dy;TsiSzS{@RB=)60A=tVYIHLN!z7u@>UR9MK zUXlC*?u&kA3DkhjZ*WSAlZD8(79nEW*4o*!5D|S>g>j1if@J(cP4O7gHOhlSCvC3w z9awS*fEF%&AP9s7I5mTPlBM`*k3K zj}447VG$H;fMyA3VP{}i1;&d5KjmKLkLI^+&4hle$9Ur9-WW+7BVK*4EZ09s!SRGY z-+8<~9TCxRwT!EseHnaZSyp&7x^n7E$HsHBL*y%&wAh>E<|Jj){j=?eXq{rug3eN8h-;lW6#5m42W7Gwz|hlzGV3`pE(r5@F@II*vh3!mdZjA z>_NqM5QH#7BwFk54dF}JvQYFnBJ%#b^4ea5_+?bT6i!j38gg$=#J)q>S=oDIEDRc8 zArT78&>yKOeeSf$Y-j53Mdby1f)Xg$bj8KM+1!ww7J-YutHx7OtJfr<7sl+O{aPsk z*Dmp5J^mOq=wRZBr3NYu9c3j^r#UpRWEeSAz^bae`l8SER5o&lM6?Z!8NO zH{c+MI=!*cZ~goFtPgSyPuIUEr^@7HT6)LG+bxg@J^a*kQlq;^9D zFvs#xn%=~PUBu;D;WB>M5;Az)7rkt)RBs{9_2pQbK=v}!GlmdM;axe}RHMwheG{Xy z#ZtUf5RdKY8oj^y=V5a{vEZ-K%!kdr>Poa2&E{gHoW*BZF9dw;ebV^P7aWcCyZ8Q< zUZ3+0La?w{-@;X(Mp1WWHZuJqw`er_Edm1JtgM8X3h~}O>5>DZPY%>Acxubdr+u#c znz(3Mv|%jqV@MTjP1N}_}!u067Mx136BfKj~bnSH1Xf6 zsZBdNSvaXl1n#uwdD^}?WCY}uE;nIEw(RA`=DFXqq-xKZWL+HiX`j;3Rkw|MA@t=! zt&a_$SPp6BTk+|Q5gQe7Oi|bc>3d)7X$c(%HG9K4Pv0G$L5H1Q z^1PRqqOOi+k=dy&SfRebH2UJL@^?&omj`bt;aoP@$&e4&8tKicDp-*PV!UiZJ~9fEYx>#$P?Vb|vYqPSNW! zu495Aj;BC#^*CO_fQ72lOe>VyEmC$izp4N1ez;h+5CtmsQX((pJLesyxK0 z^4|cNY2Y~2%)VF;ZCPVThRkOCX==56a3gb3?fNZ?Xm6p)?6RX)cM^{%*FeoNBQ{ek6K5_GD`owoQ$m1LvKpic9DK(J*0xUTQD4PGD9hxMn5=;yxc#qefR z*(rcv!^9a zeyYC$g7b9*^5qu2_jqUUr5rD}td{&B003fd;{5YBTqdQpVi}58Jn1CO=ldN#mU)_z zzBv|~Qv$v=IVOawL{H(t9cp@+P3>afg^;oi;6^8uTAd<++4T~kQftj^Iy^d#{4&#u z)w(=Vg52w*S95se=q}uf%i`x)E@hvT4;OiDr$N z+ZiJM*-L|yX8tOclJz(M2U2L9lsd;hMT_CHpQg_{z|~Tk+Tb)?lDJpJwa>-FTQTTVgQekj5WKL1Htee+dY^Kh@Z#R=U1 zZ2r&cOyy@U`{6s-iz7|1;L)+me#NJ^X{>_?Ph|wpV;){%ZY^2elV0vjzyclENZ#3m zr4fyfypnV2O9Trmz;B$i{&vX(V#4mNyK*F|;E;m9IYM5x;wU|_-E8$W>*1uuzJtd0 zHMerS0_6wXo-Wq+sm-Q)wHGX=;qs)wi!oYoJV}bqNEb zAoN0BkE`8rVKYxc+!ms!U!ZX94Ia3NaQXga;AV(0#Ju^k@qBVP<&D)Z2z*b zM(dBQ?ZRYcVkq8eM@(asp98Q5X;^>z35p;EKA1FntHZ}u>%wrsAzS-En*Lj4i6*MWq!lG%gNu^8r@;B2FI~19Su2+RMZB!- zU-@G$f8IUiPw|zcqMcNxD{CaD~oNvd$ zTAehZq@I^&o9O!eHy3xWXQ^^y+FJAdPvn!@{zLKgo6Oz45BzHu>Snc+2O-lUA2x4A z+37#8pCr-0sm0;Bn)9CR{%)^nWfK;n1AF`yiLZY7uDqoq1uT$;RZ+Tn@A3DNuc00e# zdnIwS^q=%1r#*lCdBqs;oVRp?3D%uIT`m4O&gKE|VEe106+hrK;e`(spq%7TzYnQyRF$g^6RSfrv5>9R82L0jz2n=TiY~h$k#DC zGxlC0ww)L6^Vat|L|zV5aE-j^e+&-}GG_GimJ78DVec5;i-|86rFl@h@*U}sTMB_# z;{&-VYPxC1+I?S|UEiAs_4;WX)cMkqb^+}4>L8g1Z=)|&gvW!r!Y)YZPUmL5uV zFU^Z@O$U>>9%(=IY(nl8j#CxUI^^=Md|H^*oOr@E=DAnxovKf>3u-4xAi*~;?FXmq zqcHKmGjJlhNR;|(*%f~4w0mdjHpDQjZ&B^PAt{H);KuRC@j;n`%hZ(j1h68m}6iUN>$XEv(NHQInZXd+&@bJ%4-*oyCkxT-CXm@AsIOzaH$b+pD)~Rd_M)VOh)yVcT>!NQT|G}T7!G*?wE=m!{**+vrhjYti z9hLYluk`XsTS+mmJM#em3cd=;QV%LR9Q-D#<9Ds2^2+(ue#XA6i;9(zwuN1OY~FRQ z*hAgOY_R_>69G|>;I@^AqYTaqy>OwEq~)vU!y)Gzn;%xwzPW5|lWb2Ha(lXFj``p3 zJTct;{$TpwZ{8o1%ua{`Jj}w-4}PxiKrPO0sjS1|iDiix@!=sqnTl~k!4@;5@o?Lp zPm$Och_lz@Rte*@rV<2dYccJe@%BV&{pT9&Savi!+A-qy+3rCNmtU|yR4OZ$Al^yx z(cH(vl)|9u`k-n7ai$B;fs3O)-aOK%=l2)Br8D5W&1jJ%9Oq0WnUQY}IgBw0IhZAl zj%mMolc?S&)6eXds*{qWs-p3CxJzbYY`X7lNqN)_!hKG|gWbideCT16QvP{64AEut z-BJGVSVDMD5!1J1&L_WkpZq#aTnX^hgf;V>H2{FvQVaH}Pg-V^dcG67in2`j%YI z@wWnHhcOig?mYfYX2=B3)FNAGt4azvn!`0;bv$PJ-p5|R%w(wc#B$7xfM2I~a<=VP zulp}{M9c^*REfLu$G^k7-%cmYEZ@#_6m)#%R#{oG;Muhi`r3^Mm|FZ-m8IBEv%lt6 zd@cFS8#Tk1LiL$tL~@!C!nqn-V-=KUH$^LH{#@cI z7-dRI;sUOiqxDO063$*ULg_$g z3yeFD?*zUcNW4j!BPGvi=&0%_YpSX*eAIdKOGQOltp{Wh3i2&VT4#t)?#)pUXIT99ZP_BbOH~{y2H~HNp*7jyT8M>uM-x!nw5wI?wD z{MHDyDF_sR-@GY5d6kIW*~NX4BCaZM0xxW|69{^a3s{I3j-T;gyz&`iv=3V5Z)0};&IMe zKU-nDeed;a!5BuxCTGqDd$~Jb1Zs#+emIx0|L5MPoTc{8-rxUCyDU&mfbg!<=50=s z{Nc$-M?Egkg)as+xH&oLy8n;H&OI8+G>+pBrEIOs9>au0u}dQ=BpQv||L^u=t;@Iu>MS!OW)Y#-v`OWGad z2A&oAGiR_7H_UZRz;6wBY9?3RIj3BEdVaxwuZ2Zalpz+KFR`a`f`FEg2nq4#sSydc zc3>OorGi2&m(#93NxTH|Cp05dbZ2T7T7`R2kBDy`h>ZPZ2O1D})<&~fEr7mX9@mT9 zFi*8$*qPHZ-5Y;x0p$zPZhYR8&+Dyb#T|@QUslBnAqu8Az8VK}1(EoUXt&aU)VujL zqGu|I>hpiyQev+~n%Rb*q?^*}qU!**Kjom-8rQz!c9>^M(e@P4ot|3`k1AA=k)ERn z?x8!XzvU1&hCiV_v1&G_L=E|cSQVHLSHG1AsaG38!a9}~w6!fU3%}_+X<9%nI%A8- zbit53yM*}syzjvKGVFb>8WrhqV0U@?smUm6=m77#JO)4Yu11*+x&9U%^^z@9A zfq#lAU*z5n7O2S5lCb#C6D`?fpK%_4`KfkAx*XMwKt@%po|OxJeL>qsly#z*e1MZM zbslK2liqgmG^b#3cdarHh~qX^SP$jD_J?-#^6*%`E+h~v^*)L3msN0vcvE#}>L@ZdRA2hIDq&u5 zoOYM?)FtZ4->@czt*VDX!2yKlT&GfXV}i}-Z|?(w1#5#QT$6;JNEmY^AQG( zEB2i@G4b&s5WJZ?7q~|Y8Z*uM^*k;?|1}V4AB%`cnC3Z0TSqrxMOE|32Al$>um+rK zsa0>H#zcE&T_?y?r0EDsR$Ibi7t1)U?-|`yiPb^@pCgnyyyyedka&l_{`M;y)~F8H z*zRJh&*)9rclCLJ)Rz(BBxsF1Y}!UjIVJZC{JAM3qYa9sD~`^+r{F+vuhKB8?cw9o ztgDj%=)9&LhlXxeOYcSX=(DK+pLkcrtSU1ODNb{5CAS^as4uoU_j^u54wp;ni&X-D z<$FVpGJp|kwVBi=y9o!&APjknn+)7p{3rZuDyOnjns()A?Zc_*-zv^m>6T4QT(bC7E;2QuL z&QD|+cqZV$%&s7+!C{F?WV8=UNFuri<}UcE5&Hip=}Yg-)~S@ySqP0te^6oChhbA( N_%qQ9=()f42{L{GZ2CxM8=9%eR+E2cEntih(_@^-33&D1PcSx$+LP9=+3 z_OEtIs`e_oSn;3cavQx;$GFN!8%9RGrk_85I;I|xS@0a%3*Dii)4M zzpg|H<|tY=QaO|u2$+tM2k%Ul<9U04Ygx8%gG0TF{h+C?^th;PzCPzj=vq}%qeGq6 zxSn+wLW4?A(Yy}IOIAPin2Pvno(i8mEDw$jzK!pPR^Wo0(3ju|RHwn^=H#w;pzSfL z&>3BBgOPCkbhv6K(E<=Psvc=H?@x;cZe*EAUT0P@y^}e1-b>3KMFUjjrRVAKv z69cz!&ZwRIA|WBc&h*~TAfg5(Xvkpyu5QOuN-Dg84m?%1`?zrS@C{e&=FaTd)pQ-A z%sqw^C$s{bK43`p&NGyq8`8=M@%iUP*~Ub2O- zEdPx~c zAs*^6c+yuJzesz$U%y%~`C3B&Ci!Z+EznJ5F5-yYpRFq~MMu|lcVKaO_ua`8?7jad zhn@+~wbG<%jG0-oI>TxXvxPgo)}0h+>eOe~ShD^W4-#+>kVzT%gK?3&K}_d`wtMCI zJN{H&*MN$pl{X?uw$f_ODV4VZvboKuR13DoC&p>T43ejsj zMo*g>U?{VNYuDuIN-S1q?C@ver?{52L)Ulu9N%KR!<&>6&u=pPc++>3ri4o;prV6A z_VWIEysIvH96T!c^WH#g;ApvvAKGF=7epR*TGMDBF}<=5hS|g7d_vIsM}zsPYUyv0 z(1v?Ux%1uvzpT<%{Jysv$G>&^FFL9k(`Lea>)Abyzvhs(2a@@*-oWzFZ4w!N8<%g~ z8iZl~t{NYz0HsJZi!%gAPXXo%=l4?$M1K3oI0Sp`3&CWWR@EtV`LEp9P3f8PiQHj(z~{2 zHod=Ce{ngySNeE>Xa5RZV5NR<8ujAh?l1pOaHLl)IFdwf!5`Z8a8(kKav4*ysgT9n zKfDl5E_ps{rI6LIw88eH-9STS__|xom2nz`g*@i%zm$;G zhFQu-^cVznV!3vyh~*h|XCH?1ON9BmhenTnGU}#5Jl}8iHl^ZwFTnTfret*L-ipUS z+pi4&SR5`@T(a1vfI+A4VB+a7|LJ}eGblW&kmNf)(iEkj`vb!S?674u4FZe=)vY=f`BwzQ3xY+^Za^FmrV* z=N+1svEy2;39APmk42tOeEgSgvmFBdpQ+&gm3>j_z(D~>R&U1GIr8}YCrOW6rNYS{ z{#WifSP#SWe*D2F=(6+l;sugb%fI~Kh0lPXJ=w1^l2vhVb7!snkiw0IhGsVlW=ZfU zH$<>yEJN+5K+C^emS84!NT2w>(wtr`cm5@1V=S9B=KXn>^X8;jB%W2vzi|KWq=j>zqshZp^!!RSZ|*>cGrR=ZB>PFM+tfBh1K)x$&Ta+e2_ znCkVyIAkWh@0h<_pV7F~)`Wa7u%cld%P(>x_^ z1QNSh{D6vP*E9AYa*&~XKOH>_BClz=sxW9dnN6_a=;m7U-D>A#aFg#%8gyIHM9UtJXmi;N+7 z@p^;Py`f9@uc*qcjlyR^v?aM=%d?wWd~5$o9(COukNo4)`>C$3u7w3%*ah5*-c%_( zLqx7bMC=CHpUV4sC*F*|oJl(?ylK2%s(qD^K)isxS^MvJiDYyYW1b3qvs<-b04d^% z4y2zQW9+mAHdGxe4uxKbe^+8GYr=3&xeY$&aeN8V#|q;NS|kQ;5;5(?>3Kv<4Ano- z^%8RQd5OT%#@f0)Dn^-|Plt$z+pc%2LKhX_6l>B2|KqdRJFcd%^z`&j;jV0f*ATfq zy**1Yig6zf4FiEJ1^A@Dr2U7+-w`2othU!xYH`2K?z>c*PbgwT=+w);_M83#cD`B; z&+C+nUBnbu`Yzqrhjt`N{2V`-TepZq&dr*eo3j{owEysNx=b0Ws7xNf8uMsMz~hW@ zSP6^`Y@SxGty85buoL7M_?66cdA}+1M9j7TljBF)yf5f!Z+21n!~BOXqXvu(E*o>g zDZ9L=DA|_(rZ;0xq6Aev)PHGLTN4r>9w!ldyIdhx-9Mg%>`zKciXo>1X-;B?KVZD9 z2-tkabLrQ@e==y)6=qdU1qs+;VZi*p$;$s#TT3fKl)_E}IiOvH=O6Gi8%%nrvbcK8 zyW{@m4hI>7KS$o_E40_dTN^d}P*Yo5ub0s%;^xNgqmk{aJ*O&270;l%!SD29XRB-e z12LMQ1B*pqUU83vjYiqJQ`76$uMvc^pkDbz{iZdq=+q?(CR$s0?Pd|rt@##n%PT9h z?D>5E+U^a*aNZ2SjqyZ(BzL3wYaDUPo05=FU`R+vdAXgdD_er}w41A7 zj{ zJ8ejciXzlq|F*f%&3@oM*_+OJGvBdaZ8ox7odySKreJLf;Wr>^4}J-^{Rcyo*&NG3o1SYg-!{W*_XH6XS}R7#pLa zp|LPC6TAp*D1~2=PPH3HMF?UuvYDuDaJ7%;0R?ci$@ZkXpUlhCvyG=X4*@O^bPTdo zrRC)zG-%v%!GY?u3C-1bwvUV_4<}TqEohMJK2fUA7qgRE)y5$Wbh(Z+5kK>Shg$VQ&ei14EEG~tl~h%~H_%Pkfhe}K zwdLjIm6nltGZ1t*J=`H~#yo$zIq3K2F4Gi6j}fffxaT=C8NQ1P3rm+fKd+Y{M;_uB z*<6bYxpK0%UU7|g9^B>LOlXj8JFq^e@0r{-2NE1EtjXqxAm;&xw&M|^xxvIEM)pD+ z`Z$m=8@bx*WJ~GgCT9yv%c6$8)7}jyPY;iug5;b|8z`m>NQBcF4AAS(mFi^}0lblr zRvz`fvW4_kEvk3`N*s_bksy4*Icb{2xDlgjPsO zyvL20F4YM8{CQ(@^Bon{Wr5aY_UvwhU<;LtoTUrO5G&G(-a5|4h0SIqT%aKAl_wv# zSxd1i1Sk%*Jg*OZR-e;hV(Bx;5(UUvk3#LRMhDPtLW6TH!MIgcI*5z+#*pxwpP$$1 zy#={AQ;>-CCFzBlN24w(YaOtNXAsQd*E zN&*KB_xImeGW+JfZ_}}chj_@K6Y<;r7M|tvzO-zicnWBHCU`VHEqLd=GTSV$!w2XW$wbyiMnstV*`nK6JcAJ6Uo{~jB5L>7BmDccRE7ciEwATN-fdA0 zTnly>kBH%UkaZ z5=6OJl^ze&9CgO{eoE};elH%IClzsDMfSAO=6!MN-#k_C@RZv&%`Pu3eM=Ng5lcGV z_TT-upm4`i`FC%fu{oabH*f?f7lV|T8y+q-C`zWJq~zxIB+GVjdfI8w@iJT#`_-$E z4)%{9cQ(BR&htT$OG{36dBB&IaA6+9!^7+JF@Xq{{*dPoaNSjHG-x zeC@e&i5t>4~CDu5?jyk3_dHk3s zUBk!c97QCewgn6Yx9qQGl=!_bkC)nra_Qblc)mAqxHvVy{yCtap`ihwO*ZwI+|FV$ znKUK#&F!r+&G)md(W{cO9@LQBqN1X*vZ&vN^akzsatip7J+EH9s;;hJqr}9YG{c0^5vJZv6z_H^AO<>;g?ugzl^JY$fg95WTmC0#mB#m zlN=fzo-Nn0u(pmcC@CtUVPR3B$5Wxf#l*xE5D+};=~OFKw}aM&k8Y{ZeE;)D5*az{;qJ=9%uK34*~VsXIE`byh5C6&CxcGI ziYo>>dXI(xG6KTCyI<`Jvt`$zh#Rx4`|<^4+QED@laCk!x#cgo%-Y(TCVgUB8c`5A zO~l{7f1Nmq!$pGx;QVrBsbr+2R-KxVkdQJnGc&GBc*;0vR61jQxFE1fkZpHYv() zrKL80ety*Evv?Ui-8w(%5P#kj5sZq*$4lfEfan zS&;mbn;Qn06Ew6u=ReMAjqb=6Lc5`!&P!+pNxBtB{KdR<>@o}4WE@p-O8qa`rOtQwiK8{foI zDWn;#woe@Z$e`DRap8*-Cpnc+UydD4NlqRhNIo?+bsk#Q24 z0tSPbptq0o4-M5dH2j#{K?%CPzW&6S4&qT%RMh1jRl0!r!-ucpdDAm9gaicSDA+Gw z8kw1G?(OO5=%l5lYHMgv<3(N_E=H1n(WDp0LJ%8|#Ao`}Z;Bw4o{_=F#|N@?P*9Ku zuRfSGP0hKPa-Hf(9v+^%ySt<14zj1$LKJb<*4EIHC|yPcNy#s4I5t(%#d_4M|F&YS|J#;6O)-Ti89&3K=_j3F&OJt|hq7Fze7ot>S7V-^PU zp8O#voKsa(gH5!EiH^?3!m@X*u_y*Ikeyhh4u^du<{d4s+2Gs>PP2M-d+(AfX!Qp9 zG)QP3q;!1$3|l%M#(E0)G;ZM(?gYxv7s`GjHQ`kB7u0b71n1kESGfJ|BzV1*F3a1` z{^>aj1$)`#YpdQi2cL`GX?bMm{{H^l+}!r|Hdy_xhp3Cf#j2nJIdZ1g)G(ultnKbL zJ1p~0x6jDaF)<}cQi23Er-P4=j~)I!CFMpuu%VyOMlIkhb>Ko z%Gz2MKPD9wm9ma2utb%MzYm+QFa9xQ=AxveeDfx!y`A*VJ|iRJWWdDnWg1bG8g?u| zuy6SJNipldgaIgeffn`Ui=@2#$mrU2Q`{@79r@w|VsUdRAjpZ{rn+pA@-cOxKSq6`XVX5n;+PU<)h)hw8LWx@bd%r22M#XnYO6?(S`uKin zX=#ASJ$W)9fEB4T5YmegI<)$xMJg>ycw_eN_zPm!&ttQ2ru`y3oBg3J`;`cfg4 zRjM8fO-Z@9Zdx!>f}c%uxeQ=*>m1=6#fPNp)iAOK1G0O%&Naujh8+x6SL zUU>)htt2MoD;Hl^q9O>XviKVF(Ub@vf`^usldG2amodB&9QjhD%UJ$_{1|5Ig1zgf z-Adi&Pwx#MX7wu6vg#?XBcti=ec=+%k9jxD>pX`~zetfq%_V%Oq&`AhQubnXR;i454 z6_1aPcb5k$54B5rrp#JKMsMOI>FMcJ@4gJ1yYr42_v1D1MN(jgTj!wMI1G7Dstu-I zb6o$pc?T^PQFuh2N#R+v|0%~zJYI8;wN>#%x%m779W7^Ml%q;(SGrh?WW%iA>>_nR)YWSYv&L-* z5zaaGX#H31$nf9-vxC`oILnLyb)(GC4IMV=jk0>u1!2sXL>J$GY~=_N-*q7_s+b)f zK}7Dw#f7E-d$f30`|EV5PW0~3^@3dguzH_m(`Le7_OIVh*oG{ii6mU(@$TQ*2Ar<$ zTP9(j_=b0Y6c&-oP%Bz*Hj>T->h8|Yjt7rIj-siV*|=pL#{;3B zo?dm&fXDO1E$pNDLq-e?46vrkM*u)FWxlC*?VZ_OQ4>~Dt@i>{f^so#+F*45$VlSg z=E%qhO3=^d=2H(|ANyM2oIm~jJMDd5(eiSk&F@oqCaTSDg1xVzdX-wV^V;p{?e44Z zv%F4Yke&Tcv<3*chpT-_-D$SN0STQ~4z8Ep_eA2``LMM-t92gwrB9_ILL`J<-@MK@Vl4FMxlaRc_meSTHOp#U3Af0A- z@#4kA!~`5X{K5Wy6&W6YH}rTQW3@Lh%}z`(gC7P4IdZJzw6rr1-r|ASrtEBTj4&Jm zf-iC<*eD2KTpJo1goK1pf^6ri0=rf@xwyo{#j(S?hlYkSW$zYJ@D4I~lux(SZ*i8q z6_9VE4Q#f*yga?*OPy`G)yUk^)wD+BmQrYZDhZemyTorB*8+@|!ChF?=$1*X18W-x zD5`UHR`DP&fG7pCW@@?tf*6yO_e;6a^n$OB>*c-{QgGnIg@%ctAr=XVT;BNZ-rkN2 z_hSaQ>Bfr(fZJLD{1hY?m5`vOq#WBhPfaCkEhm2Ya&><{D#Q&GPo&@+ZXv1i{JJ_; zE-o!F*2u`U^R@uD_!zxPkv0E7a1b>v|EEyzaZS4qO zX;77IY_#arLDjakEh{K^mo{wwl+&!#k;KGv+Hxi!ng6oGpv+o}-)4Y%nN*bwhRh(w z;P@n`xMb2;n*&?qs!b6LFyqaRN5HqQ_(C_rS5vuOxX|p$W4O9yhaQ|mLx_*xxB3Z8 zBkT8i0wiO&>V*)fmMYa-pLE};D_mII{=Ju%*X89Uv;u15LS^dqaXF|g zM@YkeWhH0#DVWcX#=+}0%G5Mp{ZaMgdN%|O^JsaJgMc@YUH<^GS!;pXv=AUUMZ}3E z^fm12sLj%ge`rjx9H*tJ=|;#T@6iz6H~9Blbk%J6OipZp87Zq}c0(y-$sQ@VnYsrx zA{Vsv3NkW#mu=5PDPH0k?CtH5kdS~W5El=nQvVBKNM*5zsjYREl>F0R2m51MBSVVN+XUr}vMB&TV zCGQfEN_jrP@7s}F&62VEKHP*>+HN(Iqn!GpPd2{(pI!i;{T`OWHsP6}i*xn1>)_tr z`be$ALG_CuCdi zUq6>ouNaVdI)r!^UZs92JMKB#;#o7sLb#!L^ZbX)v#~a}!-W*UC#R?H9~?Z~=D`Y7 zX%*5r1JTF1BD<2rowA|V6$qt_@LVX@++U@ZDV0TARL2tct84-a<` zvq6F!48^4kYjZA)eV}8zIq90ghoJZgc*=P=j$kuQ(?q6NeoXkdJe=Kw#WWHisk_p+ z-iT3I)Xg$gS`LS$g|V@(adA1#b?XQ3 z@FJUZ85=AXS_H|lj&JT6^+k(SothRhhtlSv>l${ueE!n6cvfg4I}Iwl^Vbu@LdZHf z|KZ}|qW+Guy)f^rizB=Qr+7-X{?3ElCTGQ+G>9AoTGtpoWN}SYt6;AW%@uiDT|;Bi zvJNA&K#}J1X!&Sw&&Jla)p1=MH3TF@ugCkF?(S|<$;i2QKvbs4{;2DEPpk7TPVzW< z-n;4e_;^IEzM=v{K#4YiIYoB*MWn+^JNeNweH^!(!`QMZ)8-Jd!D)VL>!t)xp2pI| z?!$YdpE*W4eMHfDUOuGhNso)G`)!AVa4_x{X|DHcp7E#ilN@FI5W&T~uvm`10^PEX z?hVa-^sk+#oJYAs7Q)gJ=~}kqQ2Urg zf0-}GY*z?><8tA!iF{f(KmWA2FeERl*hT_bk$Z5gNo0csn@ZAhCJKz7vrPsd!u{@z zCSstcx3#qebuKS2kBE@)^z;-o_jhjJ#jrmAHtg=}ySnM?21O_&G}O8U51POES;)?n zJZ+4c0>$a(UaPg+Hq><}MsH5Q&6%gJFFht^B;vvm95F~p=r?zML4*2kyEGakp@pAL zHxO@&Br=o$_wh+;1ss$1@F(UIKwG~x?s7pXkL@(1b5^g=wF2{J+=B`iSml1Sl*Zw3 zI9J{E`}gXi)>8@874)YEfRM!wUszm}la=j_CF}6IunrLpBq>&;0a%(!KHbvT*x1}0 z4^U{nxTK^pb|j;w%qq&tSO`K&E}-X?rJ4j00e*UW&B3qNB%mfsNl8gdM*vU*R&Ykf zVmMCaB~}-9xF%pdl9OctQ3qO%>ltq80w?f~IW2Q@bCCD@1UlXBs;jDgjc7MHndxM# zmgx1ZuC9WD1iE$5q|ULqAKE@(Rsw!Pko=cd)ZpOYNg7zL&+mkjWvOEORJ>8k_`#`w zU2C5&Zw30qM06zB8$@Rw8f>C;85>sXm(Ds|LWl1^9e6+KZ%)p^!Qr2U1v}s0X}04z zN5XJ9xsg5QQE;utgk%RJ_-96H;qaW9>;;+Jl-uh701eO|AVQjSD*zCP?15Gpb+x49 zDY-I#*Q5sxUe^r$Kfc3z1c*o=i&CIqV__+R4(s)6z*~X10OhLN_~dsmGT;;u;Q}@3 zdvOlK!oms*3jqsocYSS0G>V9fOhiCnh?WGdAxa^H)jc_hBQ`!XBnuKV;1i7BZnw9$ zgTUeE=Z}er@!=PE|6Ym`8?c#}VoKE1)cjdw#Kg8%R^bPIzqZb*A9sN%3=lP6zhXH% zJBN#YOHUtKKLLPy@)Q|IUG2VJlp?O*6!b&jwQKeB=g-?aI}8Txx(DqbYZo%wS|RSOKsk77>s3{ns~Xm zUM~}l_V*W89cL|SaT3d$nwt9f@CK0sdJo_$&Ci!-XI;5$mvOp`7Pa$WM!l~dCv%U_ z&WPA;HO0gbGvA2jDC#yjA>KU#00e%3L=I@9zV(ySvonz0j$5$8yEisA08w>%>I8_r zgoF?~guSgTK)MnV6YsCDudl6ju71+h(*x~bgkF|#PJUrwWY5~HygyF3XnlSC91>*t2lNcit>9r7+ zjEoE>W-MT3-T5S>XMs>m@#IEc+S92p`&mGVrX&_`Ry{M>l*<=4grdX$X*cA|of5k( z5WY=h*6l+r!b~7B(Mlxd?@WOnrjh7orXR8=paLczc+YY z`1FmHH=6*xYboO073v@&j9I=)r8U@xUmQ#Har<@S-Yx~9Lo^=$dd z;x5OMR_kwh^}$#2qhlwo)R}Fmi2E^qGhflB>3_0e#0lHR344r3)AmqHRry3~H+v#I zqJ1XSTdqIvJ{)@^R_{WXVs!Q}+fOI!AGt-u%HlEhh)U;Y@XJGb}&4nnn`rv{CJ^ws`}bx%!Tq zoBOxp^UDgfk_b!#e(LMmW@(2N!GSxnxnbA(tPaENWBcHuZ?b(-&51k`*>&_AR*vZd8_XROq&Q{5=m>g@ZCuyV zRoX0mibRdUgWPkSRjiK7>8}DH2;#S9l83{jowc=8eS@fnm`czuA3QWpOP^ew{kb-4 zZ~J~ey(-4Lv;!37B_@}5`{*tA0Ufdh)qj?i@?w59&$5!W?aHHA4kJI~(Ge+3-5O># zHZ@p+FHe#EVhJq^%jEL10O$+e+)0P5Zrbcbp!}_CeBJqoy%mNMF~n;&9(}@cp_rUz8Ec zZzpCo8f#y9Y6cdwa??0Vsjr*W8aU8(uLcWBr=YDw`GT129g-&d{bFGo%F+tf<2~tBT z4|V%Ac^1h0dPMuJGZ!`-?e`SsQH$hKlRQE z1!lt=i>WVvP{dGdyZ~!PD(UT6gYn^X@u~R1d#`3K@Xw((IgJWZT!b7u(b$hP&Wbl zI!ygqhLBWu-9Omi0O2UN_R9UHMV(&H@I9_nTl=4Gvag(?0yb#^>_fVr&g=X&)m^?g zJ9)hhBDapV9qxblcocSY>2bs4d4v7@5+ja%p*qcOuXe%aE|WoTfe)uHUy%kdAwW^A zaoJI}H95=RaS#3c85b9~=pBsq{rlAu4=~VO8sjtx0~l1@*@`r%A;Po?Yrl0UvC9Di zz1Zx^N?2Y|F#>}T9oMgC(e5Vv9J#v9ohZCvayamF^u^x_Bi~sJOKTvrt8du%?a)$Sv*L`uy*_n+^Gw!$ zcysa2&*teF19hwjR=&Om5!1`%)-Zw7$1YcA-}ZP`-nrJLw&_Xy;WTTWj9!o>!!K?V z#+#Zt(n0-HLNRC|Y>lV;Vb(TzUtaJWUd zkHnaj-oqBs^IBLrIG9{?zg3%5#$e>^AD?W=jhcL$QF~7NtzE9lY$S-L^f^%eL8a4a z3;ykutcJg0Tx)%4N z%j093_wR+2zV{f1gmvt~bqi}ZD!ADc)|aEE$&ujWhb4h9snVpkMbO^M7Ar-JCF4uw zE5BeJNj=_hl!(`tA|m_9_sH@xN}TQ7Eo=PrPllFmUDM6VAvrw~lb&I?99k#;V&)B< zkOcCR3xKPPj#7`l9^jSL1+jnL^Gsry4) z{s$^!9shuE9^u;X kcJKl6KZtSp&O4`iURL?lql`AmTrKIaS=4SlG7YWqhYXw|3 z4g36=H!QJjM;w>!%UB2>vrLH_I-l9}(WU9qItj?>A4BX{bjl>qDyWBsaBA50TEX+?% zgNN(hjgKswluiXW>S2yWqCM1XzPU16Yf4+zL+W<|`xEctWxp{fP!NDQI|3nlzy7dzeT-1WMfiqAj zH_*udS4)GNnwB;@JL}AuzP)Wp7%g6)3_2)~Ie`!bqyb6Ffzi>%`g*;3>sNt-UqG^r zj;;sfo{Nj>f8qzw+h}NtygQx&zm16r4rp#19F|Ao?CtG=P!Cc74r&NMTiD?UcNG*A z+_k@QU_#l`L12@?{jG&(?Ba-HstR%}B@ssdogd=kWoH4*YTtw%?He7Yc+o|@lYfUT zf4^pZ!QPr-C^EF!*|=VTqb#M+t9f@?HS9xm0Z#l71dQH(ZKSwdrb|xkQq|FoZNN^l&ChO}L6T|%1*5!l|kL9*rfw9gy@~^|(afx0`T)5N@FqJGO+!trs zKLzC#Cde^WB}YdiN4~pKWfEg24oY}BLzg{lvagN{eQSAsqQR)|`PjPCTTe9IacaNV z>bv)s;X&xuB&sj!BdOeL9`mS^?T;pXQ9lTjqWbC*YT?LHjP30YkB(y59;;^Ud{g7% zjO^|8)z!gr6Qhb35f-MPps0GbxH*^<*<;L~RjEi*q-qV&CXf*SlW>eb5CHfBT5=zL zgJRX)ogL8j0^djJl32ZIUkpiNVj^f!feC<>5Zz!@gd7WlguBjSG!qcpz{EhCkP2vM zLc)j(N(Z1wi05sB9%gF`w7o#J5f>G$<1QVXpMQ;c11LBK0lU3OX<1oOCEyUEOOS?# zhp#VGr0X9Xbar$5`w3_nT$I@F-@JLl%37C1PaQ0XrawM;Fj|!o&|x+wo7{D6d0+N3 zdKs^DWJ>H`zfcU7CYlb(2h*BwbntMsI3ro2NU2AX78^aj3*e0nm1-%z5(%pv+RTx3 zVOy%CFdJ#k?H^}?c*!nwijKdgWMx{Lqn4hCxDP}vaqoTW-ut?I9qj`J@$6x8a;`7P z=is{>O%VC3X?(S=H*WZKH(4{S&ID(l}`iT`3diyy=nK174*O) z3Q{ZJ-qUGZe718q-662r2j9XpgVqs#xBQfWQvoBeGU0$1`U?CF%gvs94f(4x(K<;X zxdSF@9uU7z28VllG6l+3tk9p1>tK#_oNbobz~Z>}BAuRPkU>EZwzRY?y+M195VUJe z26{I7K16#!WL`Vr`}i`*m*=-Y$^;+F%LbtOY znXk45Fs`g%@O+LUaba)Q2huZ_j!SP((z+f0*dtHi7uceMQ5E&SjtuDYzlBJ zx^MRh$j|uUTy^{wL6+zaO;JeWHKl1YGhYW|Hu~i8Cb9=R@}J*>7(;>{55zNexTxB* zX9TTixANJq^oqzn82$o1jJ|(S1pa7NB;!;pDTn>`@k@nQv6Ti*L2WaN@0PiR<5Z#7 zf2JL4w3}F*m7Tm&Bp1H8-{U2q9V;*tMy=y!B?@>&G%mSq-Q%Sx=Qm3>7Btt+0)YE% zmg!vodbFsjW+!AN2tk2n{K7&?p6M+ShStW!Qc$(PsGh_l>{Iu=eBmpNbb!{16Gz|% zvDxg0P)bfv01`J#z*mJo7@@ZpyXYa2%CvhJIW}Nsx%3a2N47!ve06Nmn0f05`cs_N zNDop*+y|KN4db2_mG#3hpTjMEX{P~ZCQa%6X=L(=i?*ok+}*m|RLpB;m*aqE@KxiY zYJi`m$1~{gBSHHGR;+O~Xg(eq+p zl*7l2XLj>8f$rJ{U9Bcbh1W`%Q7lTzfE+i|Z71YQg^uAXSW4Wk%tu0X zRYu9Bo052zKU?ddRMAmfndRSLhi%Vhv}HEz{mfewEphbjFsx!HZv3k(`V}YeIP-pd z@>Sg3Mr@`VtUG5g|I1O zruC|Gr}~Lb7V0)N?Z`~J(uOauFz3`Qz`G}@{$=yKI6)f40hx{)UC6xTJ_7y@V= zyH3`-5PP0QY7E`aakF}{d7c-|W{LqbCna_!0Sa}3^a%uzZB9;3Q*a;HIgrtQm7Ci_ zfZvrT&}{^}Qpkb-uv}p7m+yQ;b=^s7(S(kKo53nsVu7~sN5aHf6Rp9GUO-(HG?n^l z906e8vqU92)JH7>BBffT6*S9+rjPHeeg@{R2HsGv`z|xsJRP!@7?~bZg9`U{nBt2F zvNRDH7gX*X#LE_byY>3d;LjAr(Aqiq!gqc^M@#TALFgPAfg=uQyB}|vxZ1!ax?Ir*9fN4Aq-GfL7BUz6-VG6n#8?4P786Sz9ofjN%av%U*AvvLhYja#wiF zRp8ZI*a{V`P?hVOa|G5iS*k|ep!W&VVnFl@sIHR$(MX#BY>J5thA6+X-FL5m{h5Q$ zV*h9LE7x**yL7hAcn3^8H;MAP^|h2qzRBEZ?X}0WYzYgJVoXfwcHrz*nw5f4WOM#LPw*OH`q;L;H~W-iFKdFJTZl zXs~U|Ew4Fk2CYl|o|i}%E1n;L6%AT*6z-$pn%q@AxVc$l{_qKtwATbW)aln}nmowB z0OxU3u@BFMsP8AEUZ(Y@ zc!+CovtQi)du1nTK8yb3|JHVoaE!w+$O1PN@A==joxVuBa&Z~J+z{}iA>&KjZKE0r zkmUXI*xr5^`v~s>WD_Rsm-&FxJ$`IES~t=2y&p2yEJcLgMMoFhG~w@BgPWp25l%C0 zrupE38xk~K3uN216*VA)GGz)F5Vl&EEE3hRcv)ooz9s5l7-1?Y=c>VY66xS(7XYBR zD`m>9q5YXdt@@b;klncqLk2omFSHfjm+!`wsP2guO-|m$>_;3KTVWfrp)4APl4~xI?P1q4Tt8P(wo1%^kGqYETM_FkhKWF3J z-Zh%5|Io$hYb#Tin*}X-Bps)NUHs=#C_!I9>7ab7)d&O(_640rCcmF8$LK}R*^iR9 zV#^hgVZQEdMK5X}|(ZO|SECSX$p-E&oaz3)TL)4K#|AiHc0 zrJO;RuGO>5Ci1~n@E;{1bL&NkUnMEMz3=49oO^cJZDz`55BsjPX(BF%+Lif8EMrOj zbU1E0&HYs^dv1BuY&bWq>B4wXot+D^Y@PJ@;pC$R+eI$~Azfd7oi@Xzlz3jB zw7|p?nb;)<+o<_!G}y#1w~E0JB3$h%byYzIyraG3x=h5Qyl&-~;Si zO+PI?gWg1o+uXRnmI)0&HssHWZ3A?}G-N?<9#cM(w>U8$ZvE&eD=seZVQ0D40yC2{ zck=$>p*nhO`5f^4+eb$RT3RKrndGWP;{1ukiCiPO@M1|VscXFP!tx|Y}CZI zv@NOz#06T~fti^G3qO=gm+Xh&yFD6IvHHB}>8;we^nEaNRf3V^e})va6%>ki6b+UQ zkNZsu#MgUMM$-!%KFm3*(RrsB^+sm}IB4>CEpQ?Tl@ZidH-aD=BeNYlFKg@m?2N}$ zUt@v6ac{9-4tyI9b+2z6WP9iqn1?#h0R5)9CJ51HGyD~>-WTiKv;ejg0htL1fb#b} zvovslW7ZJh>nnMd+_zr;;@_IHJ7}A12mTtLn|M)*`5H4B&}=j{aV2IN12p;qDbHqf z*3*TXM8;_D_qtjZXhMJk{T($mOUe)wsy)r74R-5X|8t8QTfIFvIA~d7_f>%lBxhl% z?RyN~-w}k-G;#Hx3ZPMgRq?^4`%BoB{=0YNucPfRbV*1uHphwP4E%c@xk-hvpp+_S zDGjoTcPlyN=Vt`UQyhm>twzX4fU(AWNcIGd1fE7pcS?>E-*v|>i4ujtXOJSJ4+Ly% zY@po%JLiOOQ+KMc}D}+m@~-`!J^)ImMe723ma%ZFK__#D4#N zY=$o*NmsX9IG=|WRp?>`xTmD0!N86YE&7@Jn=^PgxNfj(%x3B}P@ceYWn^S5RWFy8 zljHL^Hng)lSZr}`c^BUfnriS={H6r2UYQx6(xOX(HW3&R?k@H?JdRhuHUZ$cpPQdw z&H869?(ED3(DC8+0tjEFrKMd0!b+@EROZJkzrlMf?CeV*${*u2=`SxXNZ4%&+;US= z<{uyKs$+o{Jv{t5aK2#WXJ`NF?iL0A;{+F%k;K2hygM4ZfEOF^2Lb}1w`_178p{!h zYq(kyQ*r^WP2ge%C*ND{cv@(324D;NQIk)taa*aJDun%Uk}h?)KjL=4_O!nK7RTC1^A+%q z`&##l$*^Rx@5ub=17tA-?1Z|x(QEY>2k8a4uX%Y}-+B+Wz6IN=fP-F^3Jn9JSGo#U zdu|VGJOwU5+5~OzerD##>L+Y$Y|3x`mnG0P@5aJH>J(WpS)kWtPKoL_UEBH#{L1+F zg#`shcj&-!2yBiBLLdU;`+*xDxQ#2y%7C#CkS9P-)cnxJJz7lwRD3Y^@$onf%YwiT zmoy0Wy*=8Hf&2j&Zm=g$T>xyg0b8^vv5U=aKgfD`cxY-S0}ci>@aE<}fVINONf`~M z$yeP5rzTU?1=OZ*Ku{(i_$TFqtse3HAPbr@&wqcfQsrod7x@YgFO>WXFtgUy0+kV* z1P}+Hl?Qqi5yxY#rU-3M^EQbD?R{0C4v!BKLyV=t8-xN1B z%}1;rL!He)rhhBE<>|RDQk&OH@D^plU+~Id>f(B}3!n=0$AjnJn07Qcz%KW%Yh$slKr>i_?+f zGETWTDki3(z8-8!=#d7rGqd0QHCPiSIv8Ii^MM`FmT8w_wMwjEu*T6{%+wTNJ|I^(jwB`NQa2h z-67H~Esdmrbc1xaz@bY(y5Z2>-Q9Qbf1dl{j(f))cf8+T27@?f?|s%@@vAlG+#(9N zL@)mWa?fY5Kg>vQCMUAi23&UQOyP(L8{Q4DHa-Z&=cI?mCy|Ha@m; z@ZDy))LkBO5r*b)3AptN*iD%dkGlh^R#{$^FAlYD3Mr9+VBbZ-3hQOJezExMcPXC% zF+_+1VdSS@;o+F5s51cknV6^nHn)K~&1NocQxgb0t2>Cet`oaffolZZtEwi~ot+)f zGzSNcg(B%3MG%IR$7Kq?iRfDg^YjYP(Dx7K8@`8ONJvPyS8(9rm+P!NMHpAd26qeq z2dk&IC~KvoqgV3d-^XcC@3{R@y`H+SudhE9P6yyn0G8X^yD^mJwbmUOmo>7!z7EJI zZf>iTpkG{$mYzj^0@U*TIptR=vS6njASl3x0(c{+Qw3s>n7bq>7J$VAfJ^e|*8oin zFe@r5DpMC94B6_&6!5mMg=f9~dOOaJ_F-Y*t zz0+>}oC+eprHp^m#r~y&%~Na>AXr9xd|*l)Ot9hz3r;iQ3HZuA6wBkzqw7OfTqHDX zom#Z~8rA2`KS0HwWD-o<#w6ADfY#F7b}1PA+Prn=YHu}LoZw)X`+5!=KTI{egfu1t z4+1!jqGDp@--w8acK7$^*>?%u;PFCoc$bl%Fd%t<{;(h+A&p;uoh;Lnc(5W_ITD0e z+U^9BdFI~~m{S!yfz8jG8vq$GC<+F&t6L!lURI|7N9%CHb2@k@!2aCv{n_yq4K2jm z+Z*r)psuCn)QmrbzmKJcUtN8V{1g-Y^aYk$*B2I1QBloOj%djoK&S#+)SH_{9)97d z&bGQxyoclip)cM=mnNkPX;pWoz%cITsgI6~nC)th=Lnkjc~VKI`Y?N{@O?RwUjgW* zDT^#y<-00S0bUiw?D8iqG|}(-#-})>n^W-FqnQI@^I`f-)E+-?#MJHb;1%+7z?TH| zUyGt!=n!z8U_iB*E{B93mC>Qr@`|4nGg)wA;+ZlXP!$3Y7?8VH{gB(c6zStSwkRn5`!2c%09x>aK2Xd4 zrlF@V0z@{z8MSb%2oIO*d)0I`& z^WQyFr){$W?n=Y)Fuk}iPJ&5zZcyI^0T)gHvn3${L5U0+;@OW0u(TSnkgFs#sI*6$Loj76~=>uQTIyz z1ChDP>*?tMt-5+850to+9pB(RVuMiy@QNcNQJUaV?K-x1*-bJv3!j{wNa)i9cRP#D zRWJ#O&;v}XZPPogt94pgGYFc_Io?1T@$&W__l#$o9%`*uz$W0zN>p<46CfWTbkT{p z&fGWBNr&wwSOJf*x7VD&(P?jr92XUUGytXpNFC6{g3|V(>OgllaE=v!{s8nLaJfJP z0ATIQbY_T%iM7?$O#w_`d%HlH?maOE7dx6BC#=Jy_2YBcO6E+l!E+Hng>l}S8aeR+ z><8c_f#CtbwHJuMKY}v+_0<)CZslJ%4R1Suxe5q)k)J-~C<0ViNy+|Wjq|20>t;CF z-$jdn9*zQzTrJuhT=8xh%2$yQ2A}(QTdXH4zRq{?icJhu4?2p!4F-fVyI73+aI<;~ z4$k(&@Sz9eS#^mdLH2>&>!~imq@hjrG?#JsGQr7P#-<_*fXF*IH~`H7G3nRxD-duI z5)uNl2_s6B-e`0=<+7f;+89U%F#p9CuP37mjt0vQI5{vt08U0m!rg$eQ)$Xsr}^Hj zfb&q)2Xj3;&#da^4v3SOPHklfrs8DNL1L?o*J0Wx%a;I1WocyvB4M@DdgB3`O`PQM zwdLjGwVr5TC#R;=(a}QOsHh&#tV)o@8FO=A>Y5riHQV6M1lVPBMGR@+8(-D zB)o0tS-kF=jw&i=p?_LQ;fb#7HyIOOo%2}rWi+HM;-&{o(=!J*8-yow#C5)aiPeDn zVPIl97|wuq#K#PEA=DKW^>O%+2O?hrcH?){)RXQ`cx&1ocvhFB)gWFO;Xaa@@Tzy( zP!4aNcRYg%wU{-1EvmRAoxR_@mKclEV<^MoJj(NZ+sj;hlyI>*787N4%f*^-7A{nn zl~w6+djTM<0JY|{HBA2IO*+PqCry5qL^z-spKXtAHXJsOjgQ~2h6_!U>dgMdxo@k< z-|TWzwK)-Ja;|wpo#*L1%hUMzXL#-FtG?cAs5@_b*FF2u&-{Wom&dA>gJ0j1BBZ2V zMA&~lZa}itK;zP`w9_;h%{W~!XqYavtQWiYt?$?X2oZcH?JZcrSVxGYE$RT^x6{&Y z1Nt$Da{*$ze`qN0VC$K1DPDy;sEuQ4BH)5@1erSOiI7sxAfm{Z&I>yhhk(yOZ(qp_Y8#m zn3N@1thHAeYM$Q?gC|=y-NYuf4?VyQ4J{6dvpZhth^1EptVs~)=1!1QL+nJUD8xcv z?|W{+4jST_?|6G|Z>}rBg08s2eNP?viA^u>IoYHA_SJ|6N;x$%iAWzDj1PbU12M_M zh~JNbBGK&ZZ9A>hGgInl3eAG4ggpGAfVn!CJeHPpf+7ueRWYG14F%QG!i$1ue+}14 z&4E?0OLc&cy&N8mQKkgy}$j6xiC2FJ8ZM-!ZiZo?mEj2!R z`1U(E8Z?Z+%C8;4U|;eTK0d(k&@GGAya^<98L3{ewXZxTM)S4|6*U|z!0#crDe}{(3EGA2P-;Xg47e(Tigr!z{Gp7Tgvf*L?%m(uYz&+PNx(?#w zSd(0>2&B+P({rue7Fka*XH-Z88bB3$g5`@Tbhos=&grzL&hLPRo)w92wP{^l9-fLy z@8^K@4C2CSJy#1*p#X}?$HN0SuN2()mr_2KpydDz=t1l@kJ=#Pj0K6Hkfs6=aw4c& z0L)(sucKzOyNj(Y>wHG~i20hh6!P}&)UC1U^Lbi`@WGQtfO`2`LBZz6#<|f^JD^|i zeGAVp;~2jrI$6x{N+%LI`VZV+39#X4x!8OUR>Dx45H~wJpTiawX}$l=_*F<;NpCgO z`ts_THQRIVN5d}w(bgRaXqrn)UqGn@L^2~O$b{jYdQiWJ)>P|wc(E8<>NA~GD^87OkfW>f!i2x5Y&JkL)m05Mq1jQsi|6}JlU4J z6EtvSStbMMyF?bpJ8(T|IW&l4dS)gNfgvIzW5x>s879z02n@7dMx#|2QADbGNcPI( zLx#}M0S^K^s*uacJ5El=#bytOu4f&8v-yO5lh{l~g>PHSq8AbpsxtV{z_FmJ1&@R= zoC1d%fK4)jEvn8iu@Wo9m~c_~f#K;02o1tIou+7ax_+rKo>fihc^3Ex@L~=+v+RA1)u?;xJ3CKaEYmD=Y$fdvYeN#j>x~m`Pr9gxQL`NPB4x%*T zCid~9Zwa16LC+DyZ<+hJ8LZ}W&;Nmq_a<;-I|#wm)j1ZPqAY?Ys5x8 z|M?ZHZr-!GWlqKbOXXk!vRT)EU&0&T#|ucIWwrHKhu@9|xGXYCbdlFwYEjM)=j)Z@@LUTvb(v{?()-m;`I zN2E10^!3pZ?`v<#9&=aIHTagq_C@^gAa-32Cl;nSng`V1mJ5NBP)$8A2XQ>Jwdg;h zwU({Dz)SF9T8(kTviQO>UB6vsEPnLT*Qm2dBNbp|)T)7vj*l9$$-jG4Jg#N~AVzZf z&8_t!{~V)J_stiC8CHqdVRIhG%IuC!ImM|QTSOv4InOn5&zt6cX zaX5oIBkf%+`k2{!YX9-PrqULV4z7PS-i{qudEQeOEwdKN2V9AFnQvwZnQSRWYYjXK z`GJQ3D?eM#pFg!F8G_)tv0Se8bsBa5^Ehs>s7E=44*8*0lN*b9;c2lk5z@|YlUNC^ z##DwJ>NI(b;L^Vx$>|GJR#)+Qtk?EoZJMnbKd_l3vI$xDnNR#W0OkSAlnEik=;ik_ z6l=N>IaM9chd%Gd+qB68bzMm`ae8_NJPUBU@o(X@pz=hl-+n!A2;@*2IRwH%yaNI< zV@vRM%q#H*c<@~dq0s)4$zh>OvUZ*xa594UELJW50cc_x#(UC7e*N_OrS=x2r7b*& z@aJ?>qA*}P0#YmRC9}CHUS(MfT8Gi&mk{i89cX@gjVO%>F?E-RI(%gz5c`PH zjOA&(T;U>O;xq4xE^y~2tf2pLz7CkW1(t0Lh#%HyiQ1%fQ+;mJ=STZT*30I0t9@P! zGQQ$R@8%a&z6Yj2`BLWF2YQKLGf>@T{q6m!-S#dFKCcr|z1e4=n}WSkg`JrokbFMk zkzNwejcYqgYdiAF>JHm`>v|guKx?PH>je?79ZP&y4j+*7bteG_G7rQh;pB$3fVSN} z48S#i`S+J~tZS&=;ew561r9=kglaj6E%u8KgB~d4tRvxvbB)|%Cf2d}=HAH$UYpHM7b&)zxDan*(Gj|L ze7A$(|4pXE*w{!9dWNq<7xzIZJp#8*&abD+YQ)OGFghSvuF);1;>E@7*i|LGxU++Y zr2SCp3YJ-vx0%Z>mlz~P4r$(F`Lj4Mj9jBD20B!y&U7HBGQRR@bxiT-G~*Z@vNKA^ z3xnW89>SAp^$sj%k#=n)bbCraLnA|>+DjIyo8!aTOB8xP(3<@{KF5QJp3xbfg9I>P zki=(^w~2OK!Y+=8_eGFt8EM^KpVMqStfsTKn%S^fHaI}bcTKI$COTnL|BBJ)KR<&I z3gKE&Op5A+y3)mCy)DKP4EH$ZKUiP?8!`FW1}xe$^z#9R8BI+s;8|HKO^a;uCy!9d z#KEq}ThAHfaH}p^f$uLDE5t)ke02gYc0KMz`hWbDx&~x4V=J%3wSh5Mdi7BE>Y;%1 zv8`yP`rC3=3qB7&2`w=X^YJ9#XY<7jD#=B}$c<-Ie0ia%2e?DzO;&u8Lc8u)`}WH< zY$sRXI{0B^9%quKT4ML*Oz_zj%pX5c85vfMj1hcU9CsTQ-lm)iu8HN7O$l;8iNRV~ zXpoRP$3wq_hl3ylW~#ikRN>;B$a3h}&E~dIRK!`09!#sh;@x)CmDSzlD&d<_w{_9J zpK#@M<(*U2)J}~vmXevyaZNqhC>uUn>UIm5X%tMcEL{jmZPwpy${X^f$eO!7li$pL zc!if55l32K&rbf1irluJnO<2%`6JIcwcqas+ug4p){d)MoGL5c`8}6dXt+Fc5j9V8 zJ52T9oz`x2+}y|-H{mYHm?#ypgFTj=f>*zv?c$uD)$RTk_rt0oy-*$*Tv&5v;&024 z%6l1hAH~k*;e6QQ%6xM*vo4J&rmP}h_^`4DcJc?q7{|vS8r@}-RVW+CkRcpwG@3ca zUne@j06R8HAxHkCEQ?-jl=X~$prUxVE=ta*L2wtbb}IGO`@3$oT{AH`GH%_m3U*y& z7|}@tNIphW`C(PlX({aXlIr2YM0W4W%-t-BoK z_UyFr@&(YGM@{7KzhCl~LMhnxD%IsmPbMKZJo!UzUFlVLi%9~Bc@d2F(E5d~pJ66R z1A6~0)|gcwx<;N*aq^jz5Akf98K&lTf|=TKAaJ%M?miSY z;fF=Uu2g7*LT-hA?vg|ZVhX>AKIcqia3#-&)Mw79S0 z5sxP^kE=Yo^q9~5x_L{<9)k7N=%&oAb|(2XjwsvdNkP1_+~etj@c^onBno+=i@WGg zXd?=Fy>>|)<3lqniGpUy%)F3Gt>Aj0I^f1Oh}JK{Qsl>Zi;(inIs}sDziBF>|C90% znOwRv?_t<;92tAX8G8pU=)+0S08pM=U2G^(0j?>{I}^cQ-#lFc`SYjyN#r4zeyJ{f ziCoL1jmZ$*|HJ|aCxf>KyQ7$TUgE~Ysmbfrm=|cMYtj`KmR`qkPuJC#K#|G8@>=`V zpHviOzJ~-^8k2{nvlL6u9&vEWYNHo@*ZRy@@LkL0-IgR;nEB*IT$<-0a#yo7qCr;= z`zU2Hob0C-r^ETm6|40ii^&|RQlX!p2L^5T_2rOl_s!CNM>^7Ppj1gRM1EpEfP=W> zm5%tdePMg8wK0?gHE)l&4rxMaU?Y%`)ox1t9a&|xAgx-No906?09K5T~BRL?k%oDo$7$TYn1HNqdBdm%qQ9 zMuXYSPkq-C=mRQxUg<6PXcSz=;ePq#$;vEFkl1fWrIM877|3IZerM#&CVH`Dj9=?` zKNxM|^qWTpxt!IeVds%7n$pjqnx*XeqdCgqBN<#OpHp_MS+YI1wb9z~t;5ciKzGN2 zNfMJ<2v(aRi>#G;-L1n?$Iov2<(FWzKZ_v^k+4VAi%V72_4=3WawGiaA;DuREF}E0 z=(zpvQ05u6xiKQ-ig~fg>+!*2acn04{9HoKFcOgvhgxeBDe!VQWyOYBaUt8#_`T!q z+oo_@a?W|%o4IiyEX?1ZvS6u~GaLTcaQrR?K%f5A?JhxK9Q8_&Va!QW5n5$cHMzw< zj+fh~FewF<^IRc07J?V?r1M+oh>%cHSrT8xKb0(G%Tq&#Yl$swZRk}lC}!JjHL*px zkLssAKy6$@c*Lh->io2kEC8ea@yx|YrOGWWl}VsJ!{}N1vvgCDpec=nS&f9J3PTK9 z=?IVu@5TxS$%}9Rh`k{YHor`eVMUPR0-0^^7a32FGB89I2MNy`F`6eaa{|%-^^`aC zUxWM(kVDZuvmwFYzzRi8Ras}hPAUoc^xV>qptNwsOQRVPt6EY^;No7d#6bssff(e! zBS{2}?TH2p*lD~&o~d%C?my>U-^86~xWE({cC_Yrb^A&@y&-xav~@Ta50Z-`M|tQQ z`X&-rs_Yyguls<5H=+NkZZW5K%;P5TK+5vlfDASt4VSSSPb=1AZSM!PV)RhW=I{ATnd9Mf-*TU7#kmVe zr3_dIK#uKQ|7DZ}1Pax3Ze1BAKfH8)SC}>Umq!+P#Ha2vg28jxjMD2N&`@Arg{L@- zYxLl=*(RPddyzie>;?+Qlg)Wm3cI`ErQL7QIjrACZVe8&af?xq&bdSk;X_R`It{x! z6f|925CXF#ol!-RUj`L^P*Ew-G&|o~H2C`_&sw0K=HN%M{bZ|Iff?xVbh0qhjAg)I z0Xf-ITILJeFx|AH*dPQ|m~`7V&i~W+{(qPf|35uNx*i?^OU`V|tXa3Yo_;_6_N5Tt zp;a9yBIVcq`J_&cs}g*5jQ}%Vd?||D)4L3?-#fcC>#yMXFyHw#Qh)Ftmrl+T_mCMG z8#iVlVARaFg=rmqpUb6V&=I@Or5n&RKZR-LSIMhcY#ri2a8ZNtaDM@cisaCs%uug; zbX-bgY+`CkVq{8cqLKnR%sMA$#3u`Uj}_+7HProJl1rX%Y*NuG%?+T_60b*spI4Rc z6!JQ$(k!%}8VHfCLj*zEpcmzOt}mj4Kg{85_oBh1ZNi^9W-0$%5pYNgHfo5BnWCNmTBGyg+I{AQWH z{?C2=QlI;zWj+Nrd-8Fzb91swsKm~9PW@?eL;J z>@4>xE4_Y8$_`kLb^eLgk)U9Y#&F`As8)q$BX}cTJXJh|TE<(dxXeB7M_y@UKg*$9 zLVMfx_F$pb{&9hV{*+6HSAEJEfFigbPTD1}spCHB=45v?Nr$;y>^wx{7bMm--OgM( z?2HZ7>18zz@6I`X(=>ltGFyR}2)rGg{7oc;w$yjB3L=pfLbt79Ag`%e|C2nHQbdj$ z9~Za~){J+&bTco37~tBJ;>uV5K2Zaj!>86HG6E+r4;6+FQn$M|zanc0S5^yd6!?ww z{=!sRqSO)Vl!2UMrIl<`^o7hXD(TaM{o#;<59bhZG+~huQD1CT>%fbiEMl|NX`96tuxht$9P-ipjp-E(ssC4ZvRx(HhJdF3+6=s z{i|=T7ugC9dGgBAh^rDdLzP`aW1t?p1H25I^SR>G&u0SLvKfCr)}7U1zZM0aCZ7V> z<==lqU%N5~9N?ldynCzp4toSRx~Egn^$#P*937RCDX7gb{ z+;MOjIewRy&X*k~ro|k!b#}Oo1PGWV)`1iFn6dR9ZKhRk$%TUZP7aAR_lC!#4n9DR zN?6!%IcO+!4koU3`=~Jmu^lFD`x%JnPmkNR5ifRg*9NniXDDWUtPt{X}518)LkAJTZb~gO(=U7 zjh|6NrXBiouy>j7a*xLZpve~!OrNEfgV}18@QX@!P^am41GZ>pT2nLjx!p>eMCP9ex{91jWLd?kPY-(a;ojKwo<~&+P zK||+q!}k8bND(x&{J5us(n!aOafV>~`-NGJ#e+OLC)fP5XTlpGM$m&+!CIX6Pns<7 zcZ?(vg_tNeJ>6ZmQjp|QDOH0DX9$U2@9qM-LP)d)ekKua6A)~TdM;@(xhKaZMn}b^ zfS*Z;QujiXjFmaLt`bs8^h)<5@RnRdgvCQ++1%6+4t{V4oJwM;1>`p0y@+;|9;1?i0?WJvCJ^qFZ66ts`dRidhH}O$ZWsv3P;=+Ilsw0tY5WEnBS$ z2K689_wvhTgL}TX-`LZOtGHbIkH&Z874q`3yk0g!n`5Sr<=>;o3_ybTuck1Nb|K(`T$c!J1 zD%pD?Mc?;fMOwr^U-NgY8g6`qvb?gUys|2}J3Y3_`a1sI;|6eV6?TBHE|RZ!Y% zt*fXBJxX z^emd@-OTgLeXRw8e!858io30ST}vHX#tbV<*DakUgSzj?gBZA*Fc@#G?W8~~UWR~f zES%@1T}$m=$(hmAg7`;QO}6_F5QtAE0)mQ$$~_%tO}6yZpt^*XRMW%^KCMQFQJYg| zy*B!w*Zy+5frg0fbrFo1gwat+O!uA|5n|*IPNaxy)T&tR|6yN4S5#O)=@i!~F)5QX z!^*JJ0j=^fJPyfM37emJEWeSkVst#skQ%jn?uVs1*#jG?JVO)xq$|?XI6ytP_%ma{ z$iVu$!#or-FCGb!4?pMl!Y-qB&q^~aeZtFUvdtjuHGk7=x=b6uUi%4t|%v-?VLRYD5?`C$RGuw%Zr zQc**e%G!MWMv#fs;E;{1&^y$jj?eSKb9q9ES+Qb|A$0dq3jsn2BK|rSs8?RbJ@2@t z>DS?%cE<4HRA~ZJECx$r>^d;$5+Y zBRBjMDtGAsJ#~N<&2qy*-%Fqah7lg8Rx zu4fW*k?VTHFSEIwJXV30Uj^)68z#dbJq=2z>&u6w^=l$l_&gg=$Kx8gvwXT_ab#Nj zU>?gjhYaPX%C; zKBDhA@t%p)*cM5nyVwR1NPmpZxaUKdcU5G65KI(j@Z~s zC?GY1HIgSrX3961C@|sD=QA?u0haNjx`0dLp`g;GcnV{v65Evv0wt1~Y~}(OfYARv zmy!%~Vk#Rddnl`dox>hAXGi9SJLit9EwNkv#MI-cGq~W}ZPGgCPIfj{X&r`X+_lZJ z28GQt6qx_=yx=`KF6u2bm$iSjNvaA<)bGvtIaT}5!JO$wR_kScij=|g03kfwc-y3+ z7uzQEHojts7?0;4`#I~C+(|Y|ea95Xz}B;{5bzyyc_Dbs&x7%VZI=oEpR#S1F9_XL zy@fk=8J`9v?!rAUZsJo+*iM6AKsnnn8FE2r(Tz_$;&Uh2v*b)%cQ;1yst>+Qyy0oW zpKt$EAbPeW#*>L~9oxYy+4mAuDcGNPtb>j^?P{?6y(@r;W~(VLrY>xMImyD8ZAbgZ{sP`Pq;dH2)Pkoy6T)1Iljb<80spuhy- zz@X7g*U%LS+Pu>N&4x*VfX6GD+q^#B_pxBt;sWWVXeaZ$Np_#iiDV-fTt^Fg%2x9`-uF$+H+>WHw1-T3r=)m4>O4+TTL}V zuV-H1q2)W$yz5GnWtxMUNKI-2;R!}*0(5oL78o0wMUOg!99SyaTPNl;UJfcj$HT;L zqMwXZ&LiG?u8Y2`;<7x<9LvDW&MOG%^Rs5Jkz7oE4INPr=W{4cgU03xPz+Z< zdO^;@(YJ~zif_%5;|wKQy-om)_xr0nM=~wo`!*Env*T;+10YT@&$60>n!hRl0JjeW` zI2~bRlo#Qj`(Ey8ZHSfZTTEInvXPl(E2(8wUWq@mpi;5`4uqOpwhUM0@V$Md>UZ$r zKdPz7KZupoMKZ;=8(Z<5>u56pu7_}w&8TKV7Lh@@gUCq^>oNY-Izoi1lXFqWbs)jL1a``aIyJLVR) zi4m>^y~g9(Zm0T&ntSS+7 zGcYUMq>aUOM;pH1ML(HHWnntI(Y{q>aH(-@RhN_CD>N#25?k1xc_}J-z#q$0a9x#> zV+%UiIuxe^*ojm$r<=6;hwVfEqE^ND1NZi412RSIF?8hCb`IG^j!!HoPiExd;m14lAE{z zEQMXPk3QN<`zLQHEfzL#V5>1Kb#@1D~=~o3S z=>Vo4-c5aokk1=ybYu>YPdz$P|8m|k$IZ<*I8FTYS+Uc5v`>Z?RUb&&coj3HL5O6X zc0V$Yv28LtSvsF|FG4MPV4qZ}o3kNHJQ3JxD(XlLhP!_waiRHE;$cnh;cZ&};T~?dey5CQmabq2wRiFGJg4T$FD?xG^;vr0B@2NJZxYc2 z|L*~iINtLp080Ygv9el|P$-CVDE zn#yGbEWv+*3WXXBs?iy#o~2E^81=-R_!zW-Kqd{&b|qJ<+KNJ6h8=M*o;MedsEui_IFXbVf*S1WVdy_#Oy?^`U2Qv|86Ocpd~X^R**d=y~)W?stmdd z?0g1TShYPA{(9@elpNNocWc)B^aUWA0)uf&xh%x*Y?a-2Z^}wP6gxBbo8J)~9qb@< z``6=^RAVr6^T|obH7txlIDR#!3;=DAMvqJ86I=GBs$W5J^TgjeI_Lguj6shWD@H3F z9FJ;QAmok=npObxhRaC9V#Rnq+!UgEP{(3376cYzDPq@b(`4^NMT)yQER# zLQItt^zwa`x*&cL^{;@0R_Pluu(R;^IYJL?ilxJHOdTB@D%kCWT1X%?Mg3vv}pL&4c1BSY?-YR%^qiiKV6{1SZ`ncQ#fRSfX3 zdKMYaNsp3xMG=^NF1;m&eo}4}h(NH>U{pZBg6i-^3 z-l2l<``8#1o36%sl2h}?x}TVn2SQ#UnzKi(*&sUuuNS^ouE;OsrCI6ePP^-3nx;q@ z5vWODbLuZ@^ugXX2H7WY1bpEd*>J6l_8r?#PZJJEu2r%uv7 z>9vg;t!e4C{AUaHrHFw^kU(7~fnv9P+w&tZJ7bhDy-`CC0WkOK*r*QQylF04B{>R0g+^i0-@tLaqkfUJbzSUFb%`q zm4rp3ZV_!!Q@%^qfR-$Bq(d$H(ZQ4kA-n9^7KP4t-m~RzT}+(ZMa6}wEpCE>pD6=_+tGhz4gVSro+GTP@^o>tdvJ_ZxB~@@78H$#hYWwcH%-u=(?vX$Q83 zzS2|_t;oozc)^8oq~S=61oY7v>DcN$v%I5{mli^J-K3u^a~(UZifz_eTMsx@Bj3+}3mZFBr{`r_S zmGALc{|v~GgG5?_3JY@rOMnS($KPA|qrp5>Cih|{!O3wqU65qcnpf98Y9`#=CQ||# zWM-5)cFauMrbhxhEuiNyqP;9kirH;`OL^S+;dc7+h0kfvgB;=w^Nu>Soj<@oaISFj zUHV?*?}iC}H+QPNi~zz0xlOOmT~PB0)BZ^e%UcBj3rsx-gcZi&j?F~L?^3dL#6p`q zMlOlDLa^9Ivcf^VX52?#ff>Y}Ed!^SRPTm2%}B2tqa21Lm=cj03iu(wOEXLCqOVp87!OZIKo?eS3bfT8 z0B}ShV{~2$rNY3xyONcgpX4UO)#c%1|F=9QP9!qV$S6=n*&odk8*o;@oZ|m{<;Ghb zwh_R&_|}T2Fvw!UiO+y!$L|R;A{g6lJpS7+Fe#dP!)Pau9UnIyN7Q`b@A>SU0;paT zJc5K;_sn-Tb&Q)IfA21nOe72IkzYh9E9b|LXTThUaHH)|pHz@_IpS4u{g4Wq zL-+8XKJFb>RPVFB8~%Z$(|R0HD)2C1gzYrw4XV+@n{7~!)f0H?_QE;+icF9j!eL&M-%S6DCvDI z;@c20Nu@zm{Jr93rlYN`i-XX|cWw59@;2Ef;c|W-LJ6lzCN$}lJTQ_Sk0)A4pP>f- z1pDTd5B*k6gYzXQbmc2_@ekLo!=TkEI>Q)dCnq#EU=GtdITe z??9~t@qBx0*DDTdbb6GAGP3eaa21o(|PoKx2i6c-NamIsG?PfZpORwAEs*L+<>3CnMp@cfQ z!@eK~J9~7`UGC!2Gr~lho7=zZcA=rO|2_y+R~~BX{Scl8Cu&wQ^t9NlQ2Kr2Um=-$lZ?r1?uPC1CxOHx26Xij-Y zgOPkbot#Hlb5vCGJ0)eL0#fC^s~4o8n^mg&0&MyJuC%bRH1AHXS~k`G>dHqk59((W z_;2?aLLV)*KIHor;kO&hrip{~Qm1s;5Jn4Fp8!>z*Yvq8o&&;`Ia+K6O1@c$PH6S# zh64}jv#e!!_e*&7&XE9C$!b<*Wlhh#MX`cDG;lpOyPO&WC`5OeEBy>mO(5FZ z(c^WlYj#40oG^bmJSG&-kNKrM=BC^OLa6{Srh7|4 zfSLAml`2=hC)EAS%*FoL;aS?IU<)mTrWu|u46sAQBqW|N&vqrLWUg93cE4<)={FMJ z_LkY?VXBBNP)i#J)D)`|l6eta6$KYc-=1_naVwM|J)IWpuyzf=HyWYzac;~U4_ zM{fPnKcZLHB_i(u#2+JAHkZ#Ij*s}p&^sAtp7uffFMfY&?GoUp0zx6!M2v7g*M|CG z0sVtZk%MM?Ru#NEE7;X?OIovtGb%#$<62eZYQR{^3fU8^{GY#+m&VT8JH2zvH)%U9 zpw}!Wi(`K-JT@DpF*sqM<^hzdvrK}$6A(%~+#1aM(z~Dm^j-PJ2@ zVP(bpL<0o(8!SR4-e<@L9uVnv{?*j<$WddD40o_q$*sc@Jy4^8?L=yOFq0*5*_Cf6XCes&u^U+X?^FI+R-?&jX(wfL zM!3>sV+IV8HQHz?`rwHJb;?~#xQ@3krAiS3=TVy+ncwy{hNc#I+_p9q7fYXS4~~C( z+JwA#^PmaqWAN0s=@NuTe1GnIAmyAN9`TcMtZRUDYYlK?q(EV_V+>229xntuLQ3<5 zL)Gg3Rae!KLOH7(MVs|v9Vz(|8gYHqp|Sqdczx)9RSg^@isaTs6|}$JtoohZGLKq! z{Uai%Ip9n`gm6o+qg|8GtE-c1vlx{}{x}9gEL($c=@EpPpg+Erf4}*)Ew@5?$Xg*( z%Eb4h@#PVMLQPg$m!Onq;?s9LP4E>!Fz2a)e%hkB^;?UVxrrT}IW_SoNcm zu`yHh$OoO!l9HU#R32P{wyo&Me56XM&;JhdX@Q|KAWXqadi=okRI7b~dn>RNm;((3_gvWfST5?l0VTyB!NeQXq) z{$~vYa=#Aq+<|+OyM@a&J^>OY-yYM9g-mfYjQGhy4f|IDV!pYSTs5(AN%fj&=Xd}m z-8ld5j`7{so*haeHeHic0ed|5Q;0hsAu#2Ny1IhkQSFGk4UT-Ob^QbpI&xdL%)%`58^zXjH{2*bRU0^Z;xoU=9PknyK>B z!6(PZb#9y1AHP;hv_!@a>g002@Wzh%Nl6|4`(jJzq$&Tir6q$VUi!j_`v>}0L_`gS zJuCft#p3jved9DckWlsR4huf6gM(=xW&MhNwmNoEgdKvL)QHRY#3()87_i9b(YV^> z=eIz6!-shwFjHaP5Ky1H=p@Ad7ygaXi3&8P<>AJn;82mM0R!OpIL*hB0JkSp^6u1+ zWY-yg1K(=Ce!QnA=;_5Yemq9<4-9y>hZlg?<_4$-rKC@6gKgR8=~JMWee)$myby%K z-RjQbbAVHKpoWvjv(tpe0MasGSC5&<=H)hTuTIU5RC$FrU(~)QSn2}|0pR;3bX(l0 zS9FmqcFPS~$hfV41GNA^--!9Cjb9QY{H7K#`iFDU8=MauwyigpX3ARZ^`3Bzn{W|I z0LJoilA_(Gti?TU3CNQG6@caC*5z+og9z!raI;Kv=;-OobQ;X+FbXN_!(IqnLL}WPugDZur2DW4!KIs#Is@qWM0HhaOTwK5( zKoEEO{q%qSt#he!SHVbb{mXowJ_R1|@_}JuVg!7%a|vjIG%JiX#2rw*2qO-05w4TALaHq)$ diff --git a/docs/server/source/production-nodes/node-components.md b/docs/server/source/production-nodes/node-components.md index e95a26b7..d7d4e85b 100644 --- a/docs/server/source/production-nodes/node-components.md +++ b/docs/server/source/production-nodes/node-components.md @@ -17,6 +17,6 @@ It could also include several other components, including: * Monitoring software * Maybe more -The relationship between the main components is illustrated below. Note that BigchainDB Server must be able to communicate with all other mongod instances in the BigchainDB cluster (i.e. in other BigchainDB nodes). +The relationship between the main components is illustrated below. Note that BigchainDB Server must be able to communicate with the _primary_ MongoDB instance, and any of the MongoDB instances might be the primary, so BigchainDB Server must be able to communicate with all the MongoDB instances. Also, all MongoDB instances must be able to communicate with each other. ![Components of a production node](../_static/Node-components.png) From 7c3f912fe0a7f9ea61f06d97c470b20bf094c202 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Wed, 12 Apr 2017 13:56:09 +0200 Subject: [PATCH 229/283] Addressed remaining comments on PR #1386 --- docs/server/source/production-nodes/setup-run-node.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/docs/server/source/production-nodes/setup-run-node.md b/docs/server/source/production-nodes/setup-run-node.md index c1777cff..78b4d22c 100644 --- a/docs/server/source/production-nodes/setup-run-node.md +++ b/docs/server/source/production-nodes/setup-run-node.md @@ -89,6 +89,7 @@ Note: You can use `pip3` to upgrade the `bigchaindb` package to the latest versi If you want to install BitchainDB from source because you want to use the very latest bleeding-edge code, clone the public repository: ```text git clone git@github.com:bigchaindb/bigchaindb.git +cd bigchaindb python setup.py install ``` @@ -113,16 +114,19 @@ For more information about the BigchainDB config file, see the page about the [B ## Maybe Update the MongoDB Replica Set -**If this isn't the first node in the BigchainDB cluster**, then you must add your MongoDB instance to the MongoDB replica set. You can do so using: +**If this isn't the first node in the BigchainDB cluster**, then someone with an existing BigchainDB node (not you) must add your MongoDB instance to the MongoDB replica set. They can do so (on their node) using: ```text bigchaindb add-replicas your-mongod-hostname:27017 ``` -where you must replace `your-mongod-hostname` with the actual hostname of your MongoDB instance, and you may have to replace `27017` with the actual port. +where they must replace `your-mongod-hostname` with the actual hostname of your MongoDB instance, and they may have to replace `27017` with the actual port. ## Start BigchainDB +**Warning: If you're not deploying the first node in the BigchainDB cluster, then don't start BigchainDB before your MongoDB instance has been added to the MongoDB replica set (as outlined above).** + ```text +# See warning above bigchaindb start ``` From ad37441115b95ae800de7edd23a6c71d826c76b8 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Wed, 12 Apr 2017 14:24:11 +0200 Subject: [PATCH 230/283] docs: moved rethinkdb backup notes to appendices --- docs/server/source/appendices/index.rst | 1 + .../backup.md => appendices/rethinkdb-backup.md} | 4 ++-- docs/server/source/clusters-feds/index.rst | 1 - 3 files changed, 3 insertions(+), 3 deletions(-) rename docs/server/source/{clusters-feds/backup.md => appendices/rethinkdb-backup.md} (96%) diff --git a/docs/server/source/appendices/index.rst b/docs/server/source/appendices/index.rst index 7beb27f5..a901b58a 100755 --- a/docs/server/source/appendices/index.rst +++ b/docs/server/source/appendices/index.rst @@ -22,5 +22,6 @@ Appendices firewall-notes ntp-notes example-rethinkdb-storage-setups + rethinkdb-backup licenses install-with-lxd diff --git a/docs/server/source/clusters-feds/backup.md b/docs/server/source/appendices/rethinkdb-backup.md similarity index 96% rename from docs/server/source/clusters-feds/backup.md rename to docs/server/source/appendices/rethinkdb-backup.md index 5faf3465..732323ed 100644 --- a/docs/server/source/clusters-feds/backup.md +++ b/docs/server/source/appendices/rethinkdb-backup.md @@ -1,6 +1,6 @@ -# Backing Up & Restoring Data +# Backing Up and Restoring Data -There are several ways to backup and restore the data in a BigchainDB cluster. +This page was written when BigchainDB only worked with RethinkDB, so its focus is on RethinkDB-based backup. BigchainDB now supports MongoDB as a backend database and we recommend that you use MongoDB in production. Nevertheless, some of the following backup ideas are still relevant regardless of the backend database being used, so we moved this page to the Appendices. ## RethinkDB's Replication as a form of Backup diff --git a/docs/server/source/clusters-feds/index.rst b/docs/server/source/clusters-feds/index.rst index 93258057..40e3b873 100644 --- a/docs/server/source/clusters-feds/index.rst +++ b/docs/server/source/clusters-feds/index.rst @@ -5,6 +5,5 @@ Clusters :maxdepth: 1 set-up-a-cluster - backup aws-testing-cluster From 2bedc9b059a3ff7d25e574978f927c977d05f4c1 Mon Sep 17 00:00:00 2001 From: vrde Date: Wed, 12 Apr 2017 14:39:15 +0200 Subject: [PATCH 231/283] Fix typos --- tests/pipelines/test_election.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/pipelines/test_election.py b/tests/pipelines/test_election.py index c3254601..f0dd232d 100644 --- a/tests/pipelines/test_election.py +++ b/tests/pipelines/test_election.py @@ -210,7 +210,7 @@ def test_handle_block_events(): assert events_queue.qsize() == 0 - # no event should be emited in case a block is undecided + # no event should be emitted in case a block is undecided e.handle_block_events({'status': Bigchain.BLOCK_UNDECIDED}, block_id) assert events_queue.qsize() == 0 @@ -219,7 +219,7 @@ def test_handle_block_events(): event = e.event_handler.get_event() assert event.type == EventTypes.BLOCK_INVALID - # put an valid block event in the queue + # put a valid block event in the queue e.handle_block_events({'status': Bigchain.BLOCK_VALID}, block_id) event = e.event_handler.get_event() assert event.type == EventTypes.BLOCK_VALID From ee3c7f607c26b4ebdb782097729e56e664a067ea Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Wed, 12 Apr 2017 14:55:56 +0200 Subject: [PATCH 232/283] updated set-up-a-cluster.md in server docs --- .../source/clusters-feds/set-up-a-cluster.md | 20 +++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/docs/server/source/clusters-feds/set-up-a-cluster.md b/docs/server/source/clusters-feds/set-up-a-cluster.md index c8193dd2..277a4656 100644 --- a/docs/server/source/clusters-feds/set-up-a-cluster.md +++ b/docs/server/source/clusters-feds/set-up-a-cluster.md @@ -3,7 +3,9 @@ This section is about how to set up a BigchainDB cluster where each node is operated by a different operator. If you want to set up and run a testing cluster on AWS (where all nodes are operated by you), then see [the section about that](aws-testing-cluster.html). -## Initial Checklist +## Initial Questions + +There are many questions that must be answered before setting up a BigchainDB cluster. For example: * Do you have a governance process for making consortium-level decisions, such as how to admit new members? * What will you store in creation transactions (data payload)? Is there a data schema? @@ -15,14 +17,16 @@ This section is about how to set up a BigchainDB cluster where each node is oper The consortium must decide some things before setting up the initial cluster (initial set of BigchainDB nodes): -1. Who will operate a node in the initial cluster? -2. What will the replication factor be? (It must be 3 or more for [RethinkDB failover](https://rethinkdb.com/docs/failover/) to work.) -3. Which node will be responsible for sending the commands to configure the RethinkDB database? +1. Who will operate each node in the initial cluster? +2. What will the replication factor be? (It should be 3 or more.) +3. Who will deploy the first node? +4. Who will add subsequent nodes? (It must be one of the existing nodes.) -Once those things have been decided, each node operator can begin setting up their BigchainDB (production) node. +Once those things have been decided, the cluster deployment process can begin. The process for deploying a production node is outlined in the section on production nodes. -Each node operator will eventually need two pieces of information from all other nodes: +Each BigchainDB node operator will eventually need some information from all other nodes: -1. Their RethinkDB hostname, e.g. `rdb.farm2.organization.org` -2. Their BigchainDB public key, e.g. `Eky3nkbxDTMgkmiJC8i5hKyVFiAQNmPP4a2G4JdDxJCK` +1. Their BigchainDB public key, e.g. `Eky3nkbxDTMgkmiJC8i5hKyVFiAQNmPP4a2G4JdDxJCK` +1. Their MongoDB hostname and port, e.g. `mdb.farm2.organization.org:27017` +To secure communications, more information will be needed. From 8fa6b1685ef4d41b924c30378710b194211e0a13 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Wed, 12 Apr 2017 14:57:36 +0200 Subject: [PATCH 233/283] Clarify that AWS depl. scripts deploy w/ RethinkDB --- docs/server/source/clusters-feds/aws-testing-cluster.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/server/source/clusters-feds/aws-testing-cluster.md b/docs/server/source/clusters-feds/aws-testing-cluster.md index d4b4c12e..497d20a2 100644 --- a/docs/server/source/clusters-feds/aws-testing-cluster.md +++ b/docs/server/source/clusters-feds/aws-testing-cluster.md @@ -1,6 +1,6 @@ -# Deploy a Testing Cluster on AWS +# Deploy a RethinkDB-Based Testing Cluster on AWS -This section explains a way to deploy a cluster of BigchainDB nodes on Amazon Web Services (AWS) for testing purposes. +This section explains a way to deploy a _RethinkDB-based_ cluster of BigchainDB nodes on Amazon Web Services (AWS) for testing purposes. ## Why? From da634c3892a4dbf4d1bcc63605216667a979a8a5 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Wed, 12 Apr 2017 15:10:36 +0200 Subject: [PATCH 234/283] more edits to cluster setup docs --- docs/server/source/clusters-feds/set-up-a-cluster.md | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/docs/server/source/clusters-feds/set-up-a-cluster.md b/docs/server/source/clusters-feds/set-up-a-cluster.md index 277a4656..4b02bd9f 100644 --- a/docs/server/source/clusters-feds/set-up-a-cluster.md +++ b/docs/server/source/clusters-feds/set-up-a-cluster.md @@ -19,14 +19,10 @@ The consortium must decide some things before setting up the initial cluster (in 1. Who will operate each node in the initial cluster? 2. What will the replication factor be? (It should be 3 or more.) -3. Who will deploy the first node? -4. Who will add subsequent nodes? (It must be one of the existing nodes.) +3. Who will deploy the first node, second node, etc.? -Once those things have been decided, the cluster deployment process can begin. The process for deploying a production node is outlined in the section on production nodes. +Once those things have been decided, the cluster deployment process can begin. The process for deploying a production node is outlined in [the section on production nodes](../production-nodes/index.html). -Each BigchainDB node operator will eventually need some information from all other nodes: +Every time a new BigchainDB node is added, every other node must update their [BigchainDB keyring](../server-reference/configuration.html#keyring) (one of the BigchainDB configuration settings): they must add the public key of the new node. -1. Their BigchainDB public key, e.g. `Eky3nkbxDTMgkmiJC8i5hKyVFiAQNmPP4a2G4JdDxJCK` -1. Their MongoDB hostname and port, e.g. `mdb.farm2.organization.org:27017` - -To secure communications, more information will be needed. +To secure communications between BigchainDB nodes, each BigchainDB node can use a firewall or similar, and doing that will require additional coordination. From b741c51dbca4b4145e224bb58f09571a8390bf6c Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Wed, 12 Apr 2017 15:14:44 +0200 Subject: [PATCH 235/283] docs: added step where other nodes update their keyring --- docs/server/source/production-nodes/setup-run-node.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/server/source/production-nodes/setup-run-node.md b/docs/server/source/production-nodes/setup-run-node.md index 78b4d22c..87b7d78c 100644 --- a/docs/server/source/production-nodes/setup-run-node.md +++ b/docs/server/source/production-nodes/setup-run-node.md @@ -112,6 +112,11 @@ Edit the created config file by opening `$HOME/.bigchaindb` (the created config For more information about the BigchainDB config file, see the page about the [BigchainDB configuration settings](../server-reference/configuration.html). +## Get All Other Nodes to Update Their Keyring + +All other BigchainDB nodes in the cluster must add your new node's public key to their BigchainDB keyring. Currently, that means they must shut down BigchainDB Server and start it again. + + ## Maybe Update the MongoDB Replica Set **If this isn't the first node in the BigchainDB cluster**, then someone with an existing BigchainDB node (not you) must add your MongoDB instance to the MongoDB replica set. They can do so (on their node) using: From 659ff0a8136adabf591951aaef3af8613913663c Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Wed, 12 Apr 2017 15:18:08 +0200 Subject: [PATCH 236/283] docs: clarify that the keyring update process --- docs/server/source/production-nodes/setup-run-node.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/server/source/production-nodes/setup-run-node.md b/docs/server/source/production-nodes/setup-run-node.md index 87b7d78c..6e7ddbea 100644 --- a/docs/server/source/production-nodes/setup-run-node.md +++ b/docs/server/source/production-nodes/setup-run-node.md @@ -114,7 +114,7 @@ For more information about the BigchainDB config file, see the page about the [B ## Get All Other Nodes to Update Their Keyring -All other BigchainDB nodes in the cluster must add your new node's public key to their BigchainDB keyring. Currently, that means they must shut down BigchainDB Server and start it again. +All other BigchainDB nodes in the cluster must add your new node's public key to their BigchainDB keyring. Currently, the only way to get BigchainDB Server to "notice" a changed keyring is to shut it down and start it back up again (with the new keyring). ## Maybe Update the MongoDB Replica Set From 4c9adededd558a4c4d29965e11c60b86da4bdafe Mon Sep 17 00:00:00 2001 From: vrde Date: Wed, 12 Apr 2017 15:54:11 +0200 Subject: [PATCH 237/283] Remove TODO --- bigchaindb/web/views/info.py | 1 - 1 file changed, 1 deletion(-) diff --git a/bigchaindb/web/views/info.py b/bigchaindb/web/views/info.py index 9b084ac5..51b59643 100644 --- a/bigchaindb/web/views/info.py +++ b/bigchaindb/web/views/info.py @@ -43,7 +43,6 @@ class ApiV1Index(Resource): 'self': api_root, 'statuses': api_root + 'statuses/', 'transactions': api_root + 'transactions/', - # TODO: The version should probably not be hardcoded 'streams_v1': websocket_root, }, }) From a7ed28e539a1ff605a5f5954efeabb078eb9bf26 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Wed, 12 Apr 2017 16:12:41 +0200 Subject: [PATCH 238/283] Test command helper _run_init --- tests/commands/test_commands.py | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/tests/commands/test_commands.py b/tests/commands/test_commands.py index 6fb424d6..fa3ecf42 100644 --- a/tests/commands/test_commands.py +++ b/tests/commands/test_commands.py @@ -130,6 +130,22 @@ def test_bigchain_run_init_when_db_exists(mock_db_init_with_existing_db): run_init(args) +def test__run_init(mocker): + from bigchaindb.commands.bigchaindb import _run_init + bigchain_mock = mocker.patch( + 'bigchaindb.commands.bigchaindb.bigchaindb.Bigchain') + init_db_mock = mocker.patch( + 'bigchaindb.commands.bigchaindb.schema.init_database', + autospec=True, + spec_set=True, + ) + _run_init() + bigchain_mock.assert_called_once_with() + init_db_mock.assert_called_once_with( + connection=bigchain_mock.return_value.connection) + bigchain_mock.return_value.create_genesis_block.assert_called_once_with() + + @patch('bigchaindb.backend.schema.drop_database') def test_drop_db_when_assumed_yes(mock_db_drop): from bigchaindb.commands.bigchaindb import run_drop From 303e12ee280befb2cbe0bc707c5b62f7ef896066 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Wed, 12 Apr 2017 16:38:18 +0200 Subject: [PATCH 239/283] Test command run_init when db already exists --- tests/commands/test_commands.py | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/tests/commands/test_commands.py b/tests/commands/test_commands.py index fa3ecf42..087e1afe 100644 --- a/tests/commands/test_commands.py +++ b/tests/commands/test_commands.py @@ -124,10 +124,23 @@ def test_bigchain_export_my_pubkey_when_pubkey_not_set(monkeypatch): "This node's public key wasn't set anywhere so it can't be exported" -def test_bigchain_run_init_when_db_exists(mock_db_init_with_existing_db): +def test_bigchain_run_init_when_db_exists(mocker, capsys): from bigchaindb.commands.bigchaindb import run_init + from bigchaindb.common.exceptions import DatabaseAlreadyExists + init_db_mock = mocker.patch( + 'bigchaindb.commands.bigchaindb.schema.init_database', + autospec=True, + spec_set=True, + ) + init_db_mock.side_effect = DatabaseAlreadyExists args = Namespace(config=None) run_init(args) + output_message = capsys.readouterr()[1] + print(output_message) + assert output_message == ( + 'The database already exists.\n' + 'If you wish to re-initialize it, first drop it.\n' + ) def test__run_init(mocker): From 414d915033c9e37476a37449a3899abc6a69ba7d Mon Sep 17 00:00:00 2001 From: vrde Date: Thu, 13 Apr 2017 08:54:34 +0200 Subject: [PATCH 240/283] Snakecaseify keys --- bigchaindb/web/websocket_server.py | 6 +++--- docs/server/source/websocket-event-stream-api.rst | 6 +++--- tests/web/test_websocket_server.py | 8 ++++---- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/bigchaindb/web/websocket_server.py b/bigchaindb/web/websocket_server.py index ae7d6da2..5507f504 100644 --- a/bigchaindb/web/websocket_server.py +++ b/bigchaindb/web/websocket_server.py @@ -109,9 +109,9 @@ class Dispatcher: for tx in block['block']['transactions']: asset_id = tx['id'] if tx['operation'] == 'CREATE' else tx['asset']['id'] - data = {'blockid': block['id'], - 'assetid': asset_id, - 'txid': tx['id']} + data = {'block_id': block['id'], + 'asset_id': asset_id, + 'tx_id': tx['id']} str_buffer.append(json.dumps(data)) for _, websocket in self.subscribers.items(): diff --git a/docs/server/source/websocket-event-stream-api.rst b/docs/server/source/websocket-event-stream-api.rst index 1dedc45f..3ce86553 100644 --- a/docs/server/source/websocket-event-stream-api.rst +++ b/docs/server/source/websocket-event-stream-api.rst @@ -82,9 +82,9 @@ the transaction's ID, associated asset ID, and containing block's ID. Example message:: { - "txid": "", - "assetid": "", - "blockid": "" + "tx_id": "", + "asset_id": "", + "block_id": "" } diff --git a/tests/web/test_websocket_server.py b/tests/web/test_websocket_server.py index 13015dbb..6484ef4e 100644 --- a/tests/web/test_websocket_server.py +++ b/tests/web/test_websocket_server.py @@ -183,10 +183,10 @@ def test_websocket_block_event(b, _block, test_client, loop): for tx in block['block']['transactions']: result = yield from ws.receive() json_result = json.loads(result.data) - assert json_result['txid'] == tx['id'] + assert json_result['tx_id'] == tx['id'] # Since the transactions are all CREATEs, asset id == transaction id - assert json_result['assetid'] == tx['id'] - assert json_result['blockid'] == block['id'] + assert json_result['asset_id'] == tx['id'] + assert json_result['block_id'] == block['id'] yield from event_source.put(POISON_PILL) @@ -235,4 +235,4 @@ def test_integration_from_webapi_to_websocket(monkeypatch, client, loop): result = loop.run_until_complete(ws.receive()) json_result = json.loads(result.data) - assert json_result['txid'] == tx.id + assert json_result['tx_id'] == tx.id From 93baa922c8ec2d77867c801c12023a403ba0fd96 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Thu, 13 Apr 2017 09:56:03 +0200 Subject: [PATCH 241/283] Made the consensus plugin an undocumented feature --- docs/server/source/appendices/consensus.rst | 5 ----- docs/server/source/appendices/index.rst | 1 - .../source/server-reference/configuration.md | 15 +-------------- 3 files changed, 1 insertion(+), 20 deletions(-) delete mode 100644 docs/server/source/appendices/consensus.rst diff --git a/docs/server/source/appendices/consensus.rst b/docs/server/source/appendices/consensus.rst deleted file mode 100644 index 34c0c032..00000000 --- a/docs/server/source/appendices/consensus.rst +++ /dev/null @@ -1,5 +0,0 @@ -######### -Consensus -######### - -.. automodule:: bigchaindb.consensus diff --git a/docs/server/source/appendices/index.rst b/docs/server/source/appendices/index.rst index 7beb27f5..4cfa7ed9 100755 --- a/docs/server/source/appendices/index.rst +++ b/docs/server/source/appendices/index.rst @@ -13,7 +13,6 @@ Appendices json-serialization cryptography the-Bigchain-class - consensus pipelines backend commands diff --git a/docs/server/source/server-reference/configuration.md b/docs/server/source/server-reference/configuration.md index 4cd9e9d4..91fa4efb 100644 --- a/docs/server/source/server-reference/configuration.md +++ b/docs/server/source/server-reference/configuration.md @@ -21,7 +21,6 @@ For convenience, here's a list of all the relevant environment variables (docume `BIGCHAINDB_SERVER_THREADS`
    `BIGCHAINDB_CONFIG_PATH`
    `BIGCHAINDB_BACKLOG_REASSIGN_DELAY`
    -`BIGCHAINDB_CONSENSUS_PLUGIN`
    `BIGCHAINDB_LOG`
    `BIGCHAINDB_LOG_FILE`
    `BIGCHAINDB_LOG_LEVEL_CONSOLE`
    @@ -169,21 +168,9 @@ export BIGCHAINDB_BACKLOG_REASSIGN_DELAY=30 "backlog_reassign_delay": 120 ``` -## consensus_plugin - -The [consensus plugin](../appendices/consensus.html) to use. - -**Example using an environment variable** -```text -export BIGCHAINDB_CONSENSUS_PLUGIN=default -``` - -**Example config file snippet: the default** -```js -"consensus_plugin": "default" -``` ## log + The `log` key is expected to point to a mapping (set of key/value pairs) holding the logging configuration. From 861bfa2aab3332c8d929482ee7314af1e7ec2d50 Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Thu, 13 Apr 2017 11:38:17 +0200 Subject: [PATCH 242/283] use patch instead of subclassing --- tests/test_voting.py | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/tests/test_voting.py b/tests/test_voting.py index 07a60f24..06d56de1 100644 --- a/tests/test_voting.py +++ b/tests/test_voting.py @@ -1,4 +1,5 @@ import pytest +from unittest.mock import patch from collections import Counter from bigchaindb.core import Bigchain @@ -235,11 +236,8 @@ def test_block_election(b): } +@patch('bigchaindb.voting.Voting.verify_vote_signature', return_value=True) def test_duplicate_vote_throws_critical_error(b): - class TestVoting(Voting): - @classmethod - def verify_vote_signature(cls, vote): - return True keyring = 'abc' block = {'id': 'xyz', 'block': {'voters': 'ab'}} votes = [{ @@ -247,4 +245,4 @@ def test_duplicate_vote_throws_critical_error(b): 'vote': {'is_block_valid': True, 'previous_block': 'a'} } for c in 'aabc'] with pytest.raises(CriticalDuplicateVote): - TestVoting.block_election(block, votes, keyring) + Voting.block_election(block, votes, keyring) From 2d9ce8a9632c71aeeca122cc530cdfba462886c7 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Thu, 13 Apr 2017 11:41:44 +0200 Subject: [PATCH 243/283] first draft of v0.10.0 CHANGELOG.md --- CHANGELOG.md | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2148903b..e24fb226 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,62 @@ For reference, the possible headings are: * **External Contributors** to list contributors outside of BigchainDB GmbH. * **Notes** +## [0.10.0] - 2017-04-18 +Tag name: v0.10.0 + +### Added +* More logging. Added `--log-level` option to `bigchaindb start` command. Added new logging configuration settings. Pull Requests +[#1285](https://github.com/bigchaindb/bigchaindb/pull/1285), +[#1307](https://github.com/bigchaindb/bigchaindb/pull/1307), +[#1324](https://github.com/bigchaindb/bigchaindb/pull/1324), +[#1326](https://github.com/bigchaindb/bigchaindb/pull/1326), +[#1327](https://github.com/bigchaindb/bigchaindb/pull/1327), +[#1330](https://github.com/bigchaindb/bigchaindb/pull/1330) and +[#1365](https://github.com/bigchaindb/bigchaindb/pull/1365) +* Events API using WebSocket protocol. Pull Requests +[#1086](https://github.com/bigchaindb/bigchaindb/pull/1086), +[#1347](https://github.com/bigchaindb/bigchaindb/pull/1347), +[#1349](https://github.com/bigchaindb/bigchaindb/pull/1349), +[#1356](https://github.com/bigchaindb/bigchaindb/pull/1356) and +[#1368](https://github.com/bigchaindb/bigchaindb/pull/1368) +* Initial support for using SSL with MongoDB (work in progress). Pull Requests +[#1299](https://github.com/bigchaindb/bigchaindb/pull/1299) and +[#1348](https://github.com/bigchaindb/bigchaindb/pull/1348) + +### Changed +* The main BigchainDB Dockerfile (and its generated Docker image) now contains only BigchainDB Server. (It used to contain both BigchainDB Server and RethinkDB.) You must now run MongoDB or RethinkDB in a separate Docker container. [Pull Request #1174](https://github.com/bigchaindb/bigchaindb/pull/1174) +* Made separate schemas for CREATE and TRANSFER transactions. [Pull Request #1257](https://github.com/bigchaindb/bigchaindb/pull/1257) +* When signing transactions with threshold conditions, we now sign all subconditions for a public key. [Pull Request #1294](https://github.com/bigchaindb/bigchaindb/pull/1294) +* Many changes to the voting-related code, including how we validate votes and prevent duplicate votes by the same node. Pull Requests [#1215](https://github.com/bigchaindb/bigchaindb/pull/1215) and [#1258](https://github.com/bigchaindb/bigchaindb/pull/1258) + +### Removed +* Removed the `bigchaindb load` command. Pull Requests +[#1261](https://github.com/bigchaindb/bigchaindb/pull/1261), +[#1273](https://github.com/bigchaindb/bigchaindb/pull/1273) and +[#1301](https://github.com/bigchaindb/bigchaindb/pull/1301) +* Removed old `/speed-tests` and `/benchmarking-tests` directories. [Pull Request #1359](https://github.com/bigchaindb/bigchaindb/pull/1359) + +### Fixed +* Fixed the URL of the BigchainDB docs returned by the HTTP API. [Pull Request #1178](https://github.com/bigchaindb/bigchaindb/pull/1178) +* Fixed the MongoDB changefeed: it wasn't reporting update operations. [Pull Request #1193](https://github.com/bigchaindb/bigchaindb/pull/1193) +* Fixed the block-creation process: it wasn't checking if the transaction was previously included in: + * a valid block. [Pull Request #1208](https://github.com/bigchaindb/bigchaindb/pull/1208) + * the block-under-construction. Pull Requests [#1237](https://github.com/bigchaindb/bigchaindb/issues/1237) and [#1377](https://github.com/bigchaindb/bigchaindb/issues/1377) + +### External Contributors +* @tymlez - Pull Requests [#1108](https://github.com/bigchaindb/bigchaindb/pull/1108) & [#1209](https://github.com/bigchaindb/bigchaindb/pull/1209) +* @anryko - [Pull Request #1277](https://github.com/bigchaindb/bigchaindb/pull/1277) +* @lavinasachdev3 - [Pull Request #1358](https://github.com/bigchaindb/bigchaindb/pull/1358) +* @jackric - [Pull Request #1365](https://github.com/bigchaindb/bigchaindb/pull/1365) +* @anujism - [Pull Request #1366](https://github.com/bigchaindb/bigchaindb/pull/1366) +* @tomconte - [Pull Request #1299](https://github.com/bigchaindb/bigchaindb/pull/1299) +* @morrme - [Pull Request #1340](https://github.com/bigchaindb/bigchaindb/pull/1340) + +### Notes +* We now recommend the used of MongoDB in production, not RethinkDB. +* Initial docs about how to deploy a BigchainDB node on Kubernetes (work in progress). + + ## [0.9.5] - 2017-03-29 Tag name: v0.9.5 From d937933627bc885160165cba8e7019ca54a32aa8 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Thu, 13 Apr 2017 11:46:01 +0200 Subject: [PATCH 244/283] updated link to python-rapidjson repo on github --- docs/server/source/appendices/json-serialization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/server/source/appendices/json-serialization.md b/docs/server/source/appendices/json-serialization.md index c2d03f6e..8322b2de 100644 --- a/docs/server/source/appendices/json-serialization.md +++ b/docs/server/source/appendices/json-serialization.md @@ -24,7 +24,7 @@ deserialize(serialize(data)) == data True ``` -Since BigchainDB performs a lot of serialization we decided to use [python-rapidjson](https://github.com/kenrobbins/python-rapidjson) +Since BigchainDB performs a lot of serialization we decided to use [python-rapidjson](https://github.com/python-rapidjson/python-rapidjson) which is a python wrapper for [rapidjson](https://github.com/miloyip/rapidjson) a fast and fully RFC complient JSON parser. ```python From 6a7eeec23ae0c049a20bf8a5a373e97c824bb72e Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Thu, 13 Apr 2017 12:04:49 +0200 Subject: [PATCH 245/283] Updated link to AWS docs re access keys --- docs/server/source/appendices/aws-setup.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/server/source/appendices/aws-setup.md b/docs/server/source/appendices/aws-setup.md index 38ce2c1c..793f4d36 100644 --- a/docs/server/source/appendices/aws-setup.md +++ b/docs/server/source/appendices/aws-setup.md @@ -18,7 +18,7 @@ pip install awscli ## Create an AWS Access Key -The next thing you'll need is an AWS access key. If you don't have one, you can create one using the [instructions in the AWS documentation](http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSGettingStartedGuide/AWSCredentials.html). You should get an access key ID (e.g. AKIAIOSFODNN7EXAMPLE) and a secret access key (e.g. wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY). +The next thing you'll need is AWS access keys (access key ID and secret access key). If you don't have those, see [the AWS documentation about access keys](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys). You should also pick a default AWS region name (e.g. `eu-central-1`). That's where your cluster will run. The AWS documentation has [a list of them](http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region). From 24f7e2662bd8e6742113cc5b08d9ae4d2465fe6f Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Thu, 13 Apr 2017 12:10:36 +0200 Subject: [PATCH 246/283] fixed 2 problematic hyperlinks in run-with-docker.md --- docs/server/source/appendices/run-with-docker.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/server/source/appendices/run-with-docker.md b/docs/server/source/appendices/run-with-docker.md index 516978dd..a44da2ea 100644 --- a/docs/server/source/appendices/run-with-docker.md +++ b/docs/server/source/appendices/run-with-docker.md @@ -45,7 +45,7 @@ Let's analyze that command: `$HOME/bigchaindb_docker` to the container directory `/data`; this allows us to have the data persisted on the host machine, you can read more in the [official Docker - documentation](https://docs.docker.com/engine/tutorials/dockervolumes/#/mount-a-host-directory-as-a-data-volume) + documentation](https://docs.docker.com/engine/tutorials/dockervolumes) * `bigchaindb/bigchaindb` the image to use. All the options after the container name are passed on to the entrypoint inside the container. * `-y configure` execute the `configure` sub-command (of the `bigchaindb` command) inside the container, with the `-y` option to automatically use all the default config values @@ -80,9 +80,9 @@ docker run \ rethinkdb:2.3 ``` + -You can also access the RethinkDB dashboard at -[http://172.17.0.1:58080/](http://172.17.0.1:58080/) +You can also access the RethinkDB dashboard at http://172.17.0.1:58080/ #### For MongoDB From 7f8ab60d3beec6bbdc5b7e3f67389ebc2995079a Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Thu, 13 Apr 2017 12:29:53 +0200 Subject: [PATCH 247/283] repaired problematic kubernetes hyperlinks --- .../cloud-deployment-templates/node-on-kubernetes.rst | 11 +++++------ .../upgrade-on-kubernetes.rst | 8 ++++---- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst b/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst index 6a59c750..8c38e384 100644 --- a/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst +++ b/docs/server/source/cloud-deployment-templates/node-on-kubernetes.rst @@ -157,7 +157,7 @@ Step 5: Create the Config Map - Optional This step is required only if you are planning to set up multiple `BigchainDB nodes -`_. +`_. MongoDB reads the local ``/etc/hosts`` file while bootstrapping a replica set to resolve the hostname provided to the ``rs.initiate()`` command. It needs to @@ -268,7 +268,7 @@ Step 7: Initialize a MongoDB Replica Set - Optional This step is required only if you are planning to set up multiple `BigchainDB nodes -`_. +`_. Login to the running MongoDB instance and access the mongo shell using: @@ -315,7 +315,7 @@ Step 8: Create a DNS record - Optional This step is required only if you are planning to set up multiple `BigchainDB nodes -`_. +`_. **Azure.** Select the current Azure resource group and look for the ``Public IP`` resource. You should see at least 2 entries there - one for the Kubernetes @@ -426,9 +426,8 @@ on the cluster and query the internal DNS and IP endpoints. $ kubectl run -it toolbox -- image --restart=Never --rm There is a generic image based on alpine:3.5 with the required utilities -hosted at Docker Hub under ``bigchaindb/toolbox``. -The corresponding Dockerfile is `here -`_. +hosted at Docker Hub under `bigchaindb/toolbox `_. +The corresponding Dockerfile is in the bigchaindb/bigchaindb repository on GitHub, at `https://github.com/bigchaindb/bigchaindb/blob/master/k8s/toolbox/Dockerfile `_. You can use it as below to get started immediately: diff --git a/docs/server/source/cloud-deployment-templates/upgrade-on-kubernetes.rst b/docs/server/source/cloud-deployment-templates/upgrade-on-kubernetes.rst index 348abf22..ba109fbe 100644 --- a/docs/server/source/cloud-deployment-templates/upgrade-on-kubernetes.rst +++ b/docs/server/source/cloud-deployment-templates/upgrade-on-kubernetes.rst @@ -53,7 +53,7 @@ on the node and mark it as unscheduleable kubectl drain $NODENAME -There are `more details in the Kubernetes docs `_, +There are `more details in the Kubernetes docs `_, including instructions to make the node scheduleable again. To manually upgrade the host OS, @@ -82,13 +82,13 @@ A typical upgrade workflow for a single Deployment would be: $ KUBE_EDITOR=nano kubectl edit deployment/ -The `kubectl edit `_ -command opens the specified editor (nano in the above example), +The ``kubectl edit`` command +opens the specified editor (nano in the above example), allowing you to edit the specified Deployment *in the Kubernetes cluster*. You can change the version tag on the Docker image, for example. Don't forget to save your edits before exiting the editor. The Kubernetes docs have more information about -`updating a Deployment `_. +`Deployments `_ (including updating them). The upgrade story for the MongoDB StatefulSet is *different*. From efa20aea6673309c20d1957088252baab3378155 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Thu, 13 Apr 2017 12:35:30 +0200 Subject: [PATCH 248/283] fixed problematic hyperlinks in setup-run-node.md --- docs/server/source/dev-and-test/setup-run-node.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/server/source/dev-and-test/setup-run-node.md b/docs/server/source/dev-and-test/setup-run-node.md index bb7285b4..d53c2112 100644 --- a/docs/server/source/dev-and-test/setup-run-node.md +++ b/docs/server/source/dev-and-test/setup-run-node.md @@ -23,7 +23,9 @@ Start RethinkDB using: $ rethinkdb ``` -You can verify that RethinkDB is running by opening the RethinkDB web interface in your web browser. It should be at [http://localhost:8080/](http://localhost:8080/). +You can verify that RethinkDB is running by opening the RethinkDB web interface in your web browser. It should be at http://localhost:8080/ + + To run BigchainDB Server, do: ```text @@ -87,11 +89,11 @@ Start RethinkDB: docker-compose up -d rdb ``` -The RethinkDB web interface should be accessible at . +The RethinkDB web interface should be accessible at http://localhost:58080/. Depending on which platform, and/or how you are running docker, you may need to change `localhost` for the `ip` of the machine that is running docker. As a dummy example, if the `ip` of that machine was `0.0.0.0`, you would access the -web interface at: . +web interface at: http://0.0.0.0:58080/. Start a BigchainDB node: From 9f474f51617140141a0fe9e8bb1c6c4029270f9a Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Thu, 13 Apr 2017 12:40:48 +0200 Subject: [PATCH 249/283] fixed problematic hyperlink in http-client-server-api.rst --- docs/server/source/drivers-clients/http-client-server-api.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/server/source/drivers-clients/http-client-server-api.rst b/docs/server/source/drivers-clients/http-client-server-api.rst index 39e4395e..6acba3d2 100644 --- a/docs/server/source/drivers-clients/http-client-server-api.rst +++ b/docs/server/source/drivers-clients/http-client-server-api.rst @@ -406,7 +406,7 @@ Determining the API Root URL When you start BigchainDB Server using ``bigchaindb start``, an HTTP API is exposed at some address. The default is: -`http://localhost:9984/api/v1/ `_ +``http://localhost:9984/api/v1/`` It's bound to ``localhost``, so you can access it from the same machine, From 333dc9bb9385a3962d7529b1f3516279c548a065 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Thu, 13 Apr 2017 12:43:35 +0200 Subject: [PATCH 250/283] Updated link to Haskell transaction builder in drivers-clients/index.rst --- docs/server/source/drivers-clients/index.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/server/source/drivers-clients/index.rst b/docs/server/source/drivers-clients/index.rst index 704832c0..39a1cbdc 100644 --- a/docs/server/source/drivers-clients/index.rst +++ b/docs/server/source/drivers-clients/index.rst @@ -26,6 +26,6 @@ Please note that some of these projects may be work in progress, but may nevertheless be very useful. * `Javascript transaction builder `_ -* `Haskell transaction builder `_ +* `Haskell transaction builder `_ * `Go driver `_ * `Java driver `_ From 183edb1081fb5ddf2a852bdc1569c936dd0a413e Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Thu, 13 Apr 2017 15:23:33 +0200 Subject: [PATCH 251/283] Revised Notes in CHANGELOG.md --- CHANGELOG.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e24fb226..c47dbdb3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -67,8 +67,8 @@ Tag name: v0.10.0 * @morrme - [Pull Request #1340](https://github.com/bigchaindb/bigchaindb/pull/1340) ### Notes -* We now recommend the used of MongoDB in production, not RethinkDB. -* Initial docs about how to deploy a BigchainDB node on Kubernetes (work in progress). +* MongoDB is now the recommended database backend (not RethinkDB). +* There are some initial docs about how to deploy a BigchainDB node on Kubernetes. It's work in progress. ## [0.9.5] - 2017-03-29 From df02a77788b6d879fddb0321da6dd0319e4b265c Mon Sep 17 00:00:00 2001 From: Krish Date: Thu, 13 Apr 2017 16:17:18 +0200 Subject: [PATCH 252/283] Documentation for running BigchainDB in docker containers on mac (#1265) * Documentation for running bigchaindb docker image on mac --- .../server/source/appendices/docker-on-mac.md | 101 ++++++++++++++++++ docs/server/source/appendices/index.rst | 1 + .../source/appendices/run-with-docker.md | 7 +- 3 files changed, 106 insertions(+), 3 deletions(-) create mode 100644 docs/server/source/appendices/docker-on-mac.md diff --git a/docs/server/source/appendices/docker-on-mac.md b/docs/server/source/appendices/docker-on-mac.md new file mode 100644 index 00000000..7f87540f --- /dev/null +++ b/docs/server/source/appendices/docker-on-mac.md @@ -0,0 +1,101 @@ +# Run BigchainDB with Docker On Mac + +**NOT for Production Use** + +Those developing on Mac can follow this document to run BigchainDB in docker +containers for a quick dev setup. +Running BigchainDB on Mac (Docker or otherwise) is not officially supported. + +Support is very much limited as there are certain things that work differently +in Docker for Mac than Docker for other platforms. +Also, we do not use mac for our development and testing. :) + +This page may not be up to date with various settings and docker updates at +all the times. + +These steps work as of this writing (2017.Mar.09) and might break in the +future with updates to Docker for mac. +Community contribution to make BigchainDB run on Docker for Mac will always be +welcome. + + +## Prerequisite + +Install Docker for Mac. + +## (Optional) For a clean start + +1. Stop all BigchainDB and RethinkDB/MongoDB containers. +2. Delete all BigchainDB docker images. +3. Delete the ~/bigchaindb_docker folder. + + +## Pull the images + +Pull the bigchaindb and other required docker images from docker hub. + +```text +docker pull bigchaindb/bigchaindb:master +docker pull [rethinkdb:2.3|mongo:3.4.1] +``` + +## Create the BigchainDB configuration file on Mac +```text +docker run \ + --rm \ + --volume $HOME/bigchaindb_docker:/data \ + bigchaindb/bigchaindb:master \ + -y configure \ + [mongodb|rethinkdb] +``` + +To ensure that BigchainDB connects to the backend database bound to the virtual +interface `172.17.0.1`, you must edit the BigchainDB configuration file +(`~/bigchaindb_docker/.bigchaindb`) and change database.host from `localhost` +to `172.17.0.1`. + + +## Run the backend database on Mac + +From v0.9 onwards, you can run RethinkDB or MongoDB. + +We use the virtual interface created by the Docker daemon to allow +communication between the BigchainDB and database containers. +It has an IP address of 172.17.0.1 by default. + +You can also use docker host networking or bind to your primary (eth) +interface, if needed. + +### For RethinkDB backend +```text +docker run \ + --name=rethinkdb \ + --publish=28015:28015 \ + --publish=8080:8080 \ + --restart=always \ + --volume $HOME/bigchaindb_docker:/data \ + rethinkdb:2.3 +``` + +### For MongoDB backend +```text +docker run \ + --name=mongodb \ + --publish=27017:27017 \ + --restart=always \ + --volume=$HOME/bigchaindb_docker/db:/data/db \ + --volume=$HOME/bigchaindb_docker/configdb:/data/configdb \ + mongo:3.4.1 --replSet=bigchain-rs +``` + +### Run BigchainDB on Mac +```text +docker run \ + --name=bigchaindb \ + --publish=9984:9984 \ + --restart=always \ + --volume=$HOME/bigchaindb_docker:/data \ + bigchaindb/bigchaindb \ + start +``` + diff --git a/docs/server/source/appendices/index.rst b/docs/server/source/appendices/index.rst index e0a3ee29..1c969c05 100755 --- a/docs/server/source/appendices/index.rst +++ b/docs/server/source/appendices/index.rst @@ -10,6 +10,7 @@ Appendices install-os-level-deps install-latest-pip run-with-docker + docker-on-mac json-serialization cryptography the-Bigchain-class diff --git a/docs/server/source/appendices/run-with-docker.md b/docs/server/source/appendices/run-with-docker.md index a44da2ea..fef0e638 100644 --- a/docs/server/source/appendices/run-with-docker.md +++ b/docs/server/source/appendices/run-with-docker.md @@ -25,7 +25,7 @@ docker run \ --interactive \ --rm \ --tty \ - --volume "$HOME/bigchaindb_docker:/data" \ + --volume $HOME/bigchaindb_docker:/data \ bigchaindb/bigchaindb \ -y configure \ [mongodb|rethinkdb] @@ -76,7 +76,7 @@ docker run \ --publish=172.17.0.1:28015:28015 \ --publish=172.17.0.1:58080:8080 \ --restart=always \ - --volume "$HOME/bigchaindb_docker:/data" \ + --volume $HOME/bigchaindb_docker:/data \ rethinkdb:2.3 ``` @@ -95,7 +95,7 @@ be owned by this user in the host. If there is no owner with UID 999, you can create the corresponding user and group. -`groupadd -r --gid 999 mongodb && useradd -r --uid 999 -g mongodb mongodb` +`useradd -r --uid 999 mongodb` OR `groupadd -r --gid 999 mongodb && useradd -r --uid 999 -g mongodb mongodb` should work. ```text @@ -156,3 +156,4 @@ docker build --tag local-bigchaindb . ``` Now you can use your own image to run BigchainDB containers. + From 7701963f5efab6bad906760d1679084d4f461169 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Thu, 13 Apr 2017 15:25:00 +0200 Subject: [PATCH 253/283] Use rotating file handler for logging closes #1204 --- bigchaindb/log/configs.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/bigchaindb/log/configs.py b/bigchaindb/log/configs.py index 9dac0dcb..ae4edfb5 100644 --- a/bigchaindb/log/configs.py +++ b/bigchaindb/log/configs.py @@ -41,9 +41,11 @@ SUBSCRIBER_LOGGING_CONFIG = { 'level': logging.INFO, }, 'file': { - 'class': 'logging.FileHandler', + 'class': 'logging.RotatingFileHandler', 'filename': join(DEFAULT_LOG_DIR, 'bigchaindb.log'), 'mode': 'w', + 'maxBytes': 209715200, + 'backupCount': 5, 'formatter': 'file', 'level': logging.INFO, }, From 28042a7e83ff81750f41cababcae0af1859802dd Mon Sep 17 00:00:00 2001 From: Krish Date: Thu, 13 Apr 2017 17:34:25 +0200 Subject: [PATCH 254/283] Add NGINX integration with 3scale on Kubernetes (#1392) * Add NGINX integration with 3scale on Kubernetes --- k8s/nginx-3scale/nginx-3scale-cm.yaml | 13 +++ k8s/nginx-3scale/nginx-3scale-dep.yaml | 96 +++++++++++++++++++++++ k8s/nginx-3scale/nginx-3scale-secret.yaml | 13 +++ k8s/nginx-3scale/nginx-3scale-svc.yaml | 29 +++++++ 4 files changed, 151 insertions(+) create mode 100644 k8s/nginx-3scale/nginx-3scale-cm.yaml create mode 100644 k8s/nginx-3scale/nginx-3scale-dep.yaml create mode 100644 k8s/nginx-3scale/nginx-3scale-secret.yaml create mode 100644 k8s/nginx-3scale/nginx-3scale-svc.yaml diff --git a/k8s/nginx-3scale/nginx-3scale-cm.yaml b/k8s/nginx-3scale/nginx-3scale-cm.yaml new file mode 100644 index 00000000..6f87b494 --- /dev/null +++ b/k8s/nginx-3scale/nginx-3scale-cm.yaml @@ -0,0 +1,13 @@ +############################################################################ +# This YAML file desribes a ConfigMap with a valid list of ':' separated # +# IP addresses (or 'all' for all IP addresses) that can connect to the # +# MongoDB instance. We only support the value 'all' currently. # +############################################################################ + +apiVersion: v1 +kind: ConfigMap +metadata: + name: mongodb-whitelist + namespace: default +data: + allowed-hosts: "all" diff --git a/k8s/nginx-3scale/nginx-3scale-dep.yaml b/k8s/nginx-3scale/nginx-3scale-dep.yaml new file mode 100644 index 00000000..49695315 --- /dev/null +++ b/k8s/nginx-3scale/nginx-3scale-dep.yaml @@ -0,0 +1,96 @@ +############################################################### +# This config file runs nginx as a k8s deployment and exposes # +# it using an external load balancer. # +# This deployment is used as a front end to both BigchainDB # +# and MongoDB. # +############################################################### + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: ngx-instance-0-dep +spec: + replicas: 1 + template: + metadata: + labels: + app: ngx-instance-0-dep + spec: + terminationGracePeriodSeconds: 10 + containers: + - name: nginx-3scale + image: bigchaindb/nginx_3scale:0.1 + # TODO(Krish): Change later to IfNotPresent + imagePullPolicy: Always + env: + - name: MONGODB_FRONTEND_PORT + value: $(NGX_INSTANCE_0_SERVICE_PORT_NGX_PUBLIC_MDB_PORT) + - name: MONGODB_BACKEND_HOST + value: mdb-instance-0.default.svc.cluster.local + - name: MONGODB_BACKEND_PORT + value: "27017" + - name: BIGCHAINDB_FRONTEND_PORT + value: $(NGX_INSTANCE_0_SERVICE_PORT_NGX_PUBLIC_BDB_PORT) + - name: BIGCHAINDB_BACKEND_HOST + value: bdb-instance-0.default.svc.cluster.local + - name: BIGCHAINDB_BACKEND_PORT + value: "9984" + - name: MONGODB_WHITELIST + valueFrom: + configMapKeyRef: + name: mongodb-whitelist + key: allowed-hosts + - name: DNS_SERVER + value: "10.0.0.10" + - name: NGINX_HEALTH_CHECK_PORT + value: "8888" + # TODO(Krish): use secrets for sensitive info + - name: THREESCALE_SECRET_TOKEN + value: "" + - name: THREESCALE_SERVICE_ID + value: "" + - name: THREESCALE_VERSION_HEADER + value: "" + - name: THREESCALE_PROVIDER_KEY + value: "" + - name: THREESCALE_FRONTEND_API_DNS_NAME + value: "" + - name: THREESCALE_UPSTREAM_API_PORT + value: "" + ports: + - containerPort: 27017 + hostPort: 27017 + name: public-mdb-port + protocol: TCP + - containerPort: 443 + hostPort: 443 + name: public-bdb-port + protocol: TCP + - containerPort: 8888 + hostPort: 8888 + name: health-check + protocol: TCP + - containerPort: 8080 + hostPort: 8080 + name: public-api-port + protocol: TCP + volumeMounts: + - name: https + mountPath: /usr/local/openresty/nginx/conf/ssl/ + readOnly: true + resources: + limits: + cpu: 200m + memory: 768Mi + livenessProbe: + httpGet: + path: / + port: 8888 + initialDelaySeconds: 15 + timeoutSeconds: 10 + restartPolicy: Always + volumes: + - name: https + secret: + secretName: certs + defaultMode: 0400 diff --git a/k8s/nginx-3scale/nginx-3scale-secret.yaml b/k8s/nginx-3scale/nginx-3scale-secret.yaml new file mode 100644 index 00000000..8f725313 --- /dev/null +++ b/k8s/nginx-3scale/nginx-3scale-secret.yaml @@ -0,0 +1,13 @@ +# Certificate data should be base64 encoded before embedding them here by using +# `cat cert.pem | base64 -w 0 > cert.pem.b64` and then copy the resulting +# value here. Same goes for cert.key. +# Ref: https://kubernetes.io/docs/concepts/configuration/secret/ + +apiVersion: v1 +kind: Secret +metadata: + name: certs +type: Opaque +data: + cert.pem: + cert.key: diff --git a/k8s/nginx-3scale/nginx-3scale-svc.yaml b/k8s/nginx-3scale/nginx-3scale-svc.yaml new file mode 100644 index 00000000..db212222 --- /dev/null +++ b/k8s/nginx-3scale/nginx-3scale-svc.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: Service +metadata: + name: ngx-instance-0 + namespace: default + labels: + name: ngx-instance-0 + annotations: + # NOTE: the following annotation is a beta feature and + # only available in GCE/GKE and Azure as of now + # Ref: https://kubernetes.io/docs/tutorials/services/source-ip/ + service.beta.kubernetes.io/external-traffic: OnlyLocal +spec: + selector: + app: ngx-instance-0-dep + ports: + - port: 443 + targetPort: 443 + name: ngx-public-bdb-port + protocol: TCP + - port: 8080 + targetPort: 8080 + name: ngx-public-3scale-port + protocol: TCP + - port: 27017 + targetPort: 27017 + name: ngx-public-mdb-port + protocol: TCP + type: LoadBalancer From cae017eb2289d27b9c6b201cb6066760a123b37d Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Thu, 13 Apr 2017 17:23:12 +0200 Subject: [PATCH 255/283] Fix logging file handler --- bigchaindb/log/configs.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bigchaindb/log/configs.py b/bigchaindb/log/configs.py index ae4edfb5..14c6e319 100644 --- a/bigchaindb/log/configs.py +++ b/bigchaindb/log/configs.py @@ -41,7 +41,7 @@ SUBSCRIBER_LOGGING_CONFIG = { 'level': logging.INFO, }, 'file': { - 'class': 'logging.RotatingFileHandler', + 'class': 'logging.handlers.RotatingFileHandler', 'filename': join(DEFAULT_LOG_DIR, 'bigchaindb.log'), 'mode': 'w', 'maxBytes': 209715200, From aa4d532e47230ba01b1c72910e4b1cbf9bb8dd1d Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Sun, 16 Apr 2017 21:22:12 +0200 Subject: [PATCH 256/283] added docs re enforcing max tx size with a reverse proxy --- .../source/data-models/inputs-outputs.rst | 5 +- docs/server/source/production-nodes/index.rst | 2 + .../production-nodes/reverse-proxy-notes.md | 72 +++++++++++++++++++ 3 files changed, 78 insertions(+), 1 deletion(-) create mode 100644 docs/server/source/production-nodes/reverse-proxy-notes.md diff --git a/docs/server/source/data-models/inputs-outputs.rst b/docs/server/source/data-models/inputs-outputs.rst index e81aa3b2..5ad360ec 100644 --- a/docs/server/source/data-models/inputs-outputs.rst +++ b/docs/server/source/data-models/inputs-outputs.rst @@ -26,7 +26,10 @@ When one creates a condition, one can calculate its fulfillment length (e.g. 96). The more complex the condition, the larger its fulfillment length will be. A BigchainDB federation can put an upper limit on the complexity of the conditions, either directly by setting an allowed maximum fulfillment length, -or indirectly by setting a maximum allowed transaction size which would limit +or +`indirectly `_ +by :ref:`setting a maximum allowed transaction size ` +which would limit the overall complexity accross all inputs and outputs of a transaction. If someone tries to make a condition where the output of a threshold condition feeds into the input of another “earlier” threshold condition (i.e. in a closed logical circuit), then their computer will take forever to calculate the (infinite) “condition URI”, at least in theory. In practice, their computer will run out of memory or their client software will timeout after a while. diff --git a/docs/server/source/production-nodes/index.rst b/docs/server/source/production-nodes/index.rst index 7b42cbaa..4a9cb15b 100644 --- a/docs/server/source/production-nodes/index.rst +++ b/docs/server/source/production-nodes/index.rst @@ -8,3 +8,5 @@ Production Nodes node-components node-requirements setup-run-node + reverse-proxy-notes + \ No newline at end of file diff --git a/docs/server/source/production-nodes/reverse-proxy-notes.md b/docs/server/source/production-nodes/reverse-proxy-notes.md new file mode 100644 index 00000000..18930942 --- /dev/null +++ b/docs/server/source/production-nodes/reverse-proxy-notes.md @@ -0,0 +1,72 @@ +# Using a Reverse Proxy + +You may want to: + +* rate limit inbound HTTP requests, +* authenticate/authorize inbound HTTP requests, +* block requests with an HTTP request body that's too large, or +* enable HTTPS (TLS) between your users and your node. + +While we could have built all that into BigchainDB Server, +we didn't, because you can do all that (and more) +using a reverse proxy such as NGINX or HAProxy. +(You would put it in front of your BigchainDB Server, +so that all inbound HTTP requests would arrive +at the reverse proxy before *maybe* being proxied +onwards to your BigchainDB Server.) +For detailed instructions, see the documentation +for your reverse proxy. + +Below, we note how a reverse proxy can be used +to do some BigchainDB-specific things. + +You may also be interested in +[our NGINX configuration file template](https://github.com/bigchaindb/nginx_3scale/blob/master/nginx.conf.template) +(open source, on GitHub). + + +## Enforcing a Max Transaction Size + +The BigchainDB HTTP API has several endpoints, +but only one of them, the `POST /transactions` endpoint, +expects a non-empty HTTP request body: +the transaction (JSON) being submitted by the user. + +If you want to enforce a maximum-allowed transaction size +(discarding any that are larger), +then you can do so by configuring a maximum request body size +in your reverse proxy. +For example, NGINX has the `client_max_body_size` +configuration setting. You could set it to 15 kB +with the following line in your NGINX config file: + +```text +client_max_body_size 15k; +``` + +For more information, see +[the NGINX docs about client_max_body_size](https://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size). + +Note: By enforcing a maximum transaction size, you +[indirectly enforce a maximum crypto-conditions complexity](https://github.com/bigchaindb/bigchaindb/issues/356#issuecomment-288085251). + + +**Aside: Why 15 kB?** + +Both [RethinkDB](https://rethinkdb.com/limitations/) and +[MongoDB have a maximum document size of 16 MB](https://docs.mongodb.com/manual/reference/limits/#limit-bson-document-size). +In BigchainDB, the biggest documents are the blocks. +A BigchainDB block can contain up to 1000 transactions, +plus some other data (e.g. the timestamp). +If we ignore the other data as negligible relative to all the transactions, +then a block of size 16 MB +will have an average transaction size of (16 MB)/1000 = 16 kB. +Therefore by limiting the max transaction size to 15 kB, +you can be fairly sure that no blocks will ever be +bigger than 16 MB. + +Note: Technically, the documents that MongoDB stores aren't the JSON +that BigchainDB users think of; they're JSON converted to BSON. +Moreover, [one can use GridFS with MongoDB to store larger documents](https://docs.mongodb.com/manual/core/gridfs/). +Therefore the above calculation shoud be seen as a rough guide, +not the last word. From 0ec29abd24f372f81c302aecedad0437247de6ba Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Sun, 16 Apr 2017 21:57:05 +0200 Subject: [PATCH 257/283] docs: added note re only real way to limit CC complexity today --- docs/server/source/data-models/inputs-outputs.rst | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/server/source/data-models/inputs-outputs.rst b/docs/server/source/data-models/inputs-outputs.rst index 5ad360ec..4309a4c8 100644 --- a/docs/server/source/data-models/inputs-outputs.rst +++ b/docs/server/source/data-models/inputs-outputs.rst @@ -25,12 +25,16 @@ The (single) output of a threshold condition can be used as one of the inputs of When one creates a condition, one can calculate its fulfillment length (e.g. 96). The more complex the condition, the larger its fulfillment length will be. A BigchainDB federation can put an upper limit on the complexity of the -conditions, either directly by setting an allowed maximum fulfillment length, +conditions, either directly by setting a maximum allowed fulfillment length, or `indirectly `_ by :ref:`setting a maximum allowed transaction size ` which would limit the overall complexity accross all inputs and outputs of a transaction. +Note: At the time of writing, there was no configuration setting +to set a maximum allowed fulfillment length, +so the only real option was to +:ref:`set a maximum allowed transaction size `. If someone tries to make a condition where the output of a threshold condition feeds into the input of another “earlier” threshold condition (i.e. in a closed logical circuit), then their computer will take forever to calculate the (infinite) “condition URI”, at least in theory. In practice, their computer will run out of memory or their client software will timeout after a while. From a65c8799dd8b6c86a352d0ec28bddd41ea4908c9 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Thu, 13 Apr 2017 16:18:02 +0200 Subject: [PATCH 258/283] Document gunicorn loglevel setting --- docs/server/source/server-reference/configuration.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/docs/server/source/server-reference/configuration.md b/docs/server/source/server-reference/configuration.md index 91fa4efb..15726659 100644 --- a/docs/server/source/server-reference/configuration.md +++ b/docs/server/source/server-reference/configuration.md @@ -17,6 +17,7 @@ For convenience, here's a list of all the relevant environment variables (docume `BIGCHAINDB_DATABASE_NAME`
    `BIGCHAINDB_DATABASE_REPLICASET`
    `BIGCHAINDB_SERVER_BIND`
    +`BIGCHAINDB_SERVER_LOGLEVEL`
    `BIGCHAINDB_SERVER_WORKERS`
    `BIGCHAINDB_SERVER_THREADS`
    `BIGCHAINDB_CONFIG_PATH`
    @@ -121,17 +122,22 @@ If you used `bigchaindb -y configure mongodb` to create a default local config f ``` -## server.bind, server.workers & server.threads +## server.bind, server.loglevel, server.workers & server.threads These settings are for the [Gunicorn HTTP server](http://gunicorn.org/), which is used to serve the [HTTP client-server API](../drivers-clients/http-client-server-api.html). `server.bind` is where to bind the Gunicorn HTTP server socket. It's a string. It can be any valid value for [Gunicorn's bind setting](http://docs.gunicorn.org/en/stable/settings.html#bind). If you want to allow IPv4 connections from anyone, on port 9984, use '0.0.0.0:9984'. In a production setting, we recommend you use Gunicorn behind a reverse proxy server. If Gunicorn and the reverse proxy are running on the same machine, then use 'localhost:PORT' where PORT is _not_ 9984 (because the reverse proxy needs to listen on port 9984). Maybe use PORT=9983 in that case because we know 9983 isn't used. If Gunicorn and the reverse proxy are running on different machines, then use 'A.B.C.D:9984' where A.B.C.D is the IP address of the reverse proxy. There's [more information about deploying behind a reverse proxy in the Gunicorn documentation](http://docs.gunicorn.org/en/stable/deploy.html). (They call it a proxy.) +`server.loglevel` sets the log level of Gunicorn's Error log outputs. See +[Gunicorn's documentation](http://docs.gunicorn.org/en/latest/settings.html#loglevel) +for more information. + `server.workers` is [the number of worker processes](http://docs.gunicorn.org/en/stable/settings.html#workers) for handling requests. If `None` (the default), the value will be (cpu_count * 2 + 1). `server.threads` is [the number of threads-per-worker](http://docs.gunicorn.org/en/stable/settings.html#threads) for handling requests. If `None` (the default), the value will be (cpu_count * 2 + 1). The HTTP server will be able to handle `server.workers` * `server.threads` requests simultaneously. **Example using environment variables** ```text export BIGCHAINDB_SERVER_BIND=0.0.0.0:9984 +export BIGCHAINDB_SERVER_LOGLEVEL=debug export BIGCHAINDB_SERVER_WORKERS=5 export BIGCHAINDB_SERVER_THREADS=5 ``` @@ -140,6 +146,7 @@ export BIGCHAINDB_SERVER_THREADS=5 ```js "server": { "bind": "0.0.0.0:9984", + "loglevel": "debug", "workers": 5, "threads": 5 } @@ -149,6 +156,7 @@ export BIGCHAINDB_SERVER_THREADS=5 ```js "server": { "bind": "localhost:9984", + "loglevel": "info", "workers": null, "threads": null } From 6921b1386c5c4dbfce72bd7cf693c1d2b5a5dc8d Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Tue, 18 Apr 2017 10:53:27 +0200 Subject: [PATCH 259/283] docs: noted that rethinkdb doesn't use database.connection_timeout setting yet --- docs/server/source/server-reference/configuration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/server/source/server-reference/configuration.md b/docs/server/source/server-reference/configuration.md index 42f22d4e..32672129 100644 --- a/docs/server/source/server-reference/configuration.md +++ b/docs/server/source/server-reference/configuration.md @@ -97,7 +97,7 @@ The settings with names of the form `database.*` are for the database backend * `database.port` is self-explanatory. * `database.name` is a user-chosen name for the database inside RethinkDB or MongoDB, e.g. `bigchain`. * `database.replicaset` is only relevant if using MongoDB; it's the name of the MongoDB replica set, e.g. `bigchain-rs`. -* `database.connection_timeout` is the maximum number of milliseconds that BigchainDB will wait before giving up on one attempt to connect to the database backend. +* `database.connection_timeout` is the maximum number of milliseconds that BigchainDB will wait before giving up on one attempt to connect to the database backend. Note: At the time of writing, this setting was only used by MongoDB; there was an open [issue to make RethinkDB use it as well](https://github.com/bigchaindb/bigchaindb/issues/1337). * `database.max_tries` is the maximum number of times that BigchainDB will try to establish a connection with the database backend. If 0, then it will try forever. **Example using environment variables** From 02db6d9827679a660861e2e2434e16031f5afd84 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Tue, 18 Apr 2017 12:03:05 +0200 Subject: [PATCH 260/283] reorder extern contributors in changelog in alpha order --- CHANGELOG.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c47dbdb3..4e9e4b50 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -58,13 +58,14 @@ Tag name: v0.10.0 * the block-under-construction. Pull Requests [#1237](https://github.com/bigchaindb/bigchaindb/issues/1237) and [#1377](https://github.com/bigchaindb/bigchaindb/issues/1377) ### External Contributors -* @tymlez - Pull Requests [#1108](https://github.com/bigchaindb/bigchaindb/pull/1108) & [#1209](https://github.com/bigchaindb/bigchaindb/pull/1209) +In alphabetical order by GitHub username: * @anryko - [Pull Request #1277](https://github.com/bigchaindb/bigchaindb/pull/1277) -* @lavinasachdev3 - [Pull Request #1358](https://github.com/bigchaindb/bigchaindb/pull/1358) -* @jackric - [Pull Request #1365](https://github.com/bigchaindb/bigchaindb/pull/1365) * @anujism - [Pull Request #1366](https://github.com/bigchaindb/bigchaindb/pull/1366) -* @tomconte - [Pull Request #1299](https://github.com/bigchaindb/bigchaindb/pull/1299) +* @jackric - [Pull Request #1365](https://github.com/bigchaindb/bigchaindb/pull/1365) +* @lavinasachdev3 - [Pull Request #1358](https://github.com/bigchaindb/bigchaindb/pull/1358) * @morrme - [Pull Request #1340](https://github.com/bigchaindb/bigchaindb/pull/1340) +* @tomconte - [Pull Request #1299](https://github.com/bigchaindb/bigchaindb/pull/1299) +* @tymlez - Pull Requests [#1108](https://github.com/bigchaindb/bigchaindb/pull/1108) & [#1209](https://github.com/bigchaindb/bigchaindb/pull/1209) ### Notes * MongoDB is now the recommended database backend (not RethinkDB). From 5831a6233cad48b12a4afa0a31121772b215fdc4 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Tue, 18 Apr 2017 12:07:23 +0200 Subject: [PATCH 261/283] Expanded notes about logging improvements in changelog --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4e9e4b50..453d41ed 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,7 +19,7 @@ For reference, the possible headings are: Tag name: v0.10.0 ### Added -* More logging. Added `--log-level` option to `bigchaindb start` command. Added new logging configuration settings. Pull Requests +* Improved logging. Added logging to file. Added `--log-level` option to `bigchaindb start` command. Added new logging configuration settings. Pull Requests [#1285](https://github.com/bigchaindb/bigchaindb/pull/1285), [#1307](https://github.com/bigchaindb/bigchaindb/pull/1307), [#1324](https://github.com/bigchaindb/bigchaindb/pull/1324), From c04a62a1e87a0e91dd692b6667fb4bbdd75df957 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Tue, 18 Apr 2017 14:43:32 +0200 Subject: [PATCH 262/283] updated firewall setup docs re/ port 9985 for WebSocket API --- docs/server/source/appendices/firewall-notes.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/docs/server/source/appendices/firewall-notes.md b/docs/server/source/appendices/firewall-notes.md index cd440774..b7af6c22 100644 --- a/docs/server/source/appendices/firewall-notes.md +++ b/docs/server/source/appendices/firewall-notes.md @@ -8,9 +8,10 @@ This is a page of notes on the ports potentially used by BigchainDB nodes and th Assuming you aren't exposing the RethinkDB web interface on port 8080 (or any other port, because [there are more secure ways to access it](https://www.rethinkdb.com/docs/security/#binding-the-web-interface-port)), there are only three ports that should expect unsolicited inbound traffic: 1. **Port 22** can expect inbound SSH (TCP) traffic from the node administrator (i.e. a small set of IP addresses). -2. **Port 9984** can expect inbound HTTP (TCP) traffic from BigchainDB clients sending transactions to the BigchainDB HTTP API. -3. If you're using RethinkDB, **Port 29015** can expect inbound TCP traffic from other RethinkDB nodes in the RethinkDB cluster (for RethinkDB intracluster communications). -4. If you're using MongoDB, **Port 27017** can expect inbound TCP traffic from other nodes. +1. **Port 9984** can expect inbound HTTP (TCP) traffic from BigchainDB clients sending transactions to the BigchainDB HTTP API. +1. **Port 9985** can expect inbount WebSocket traffic from BigchainDB clients. +1. If you're using RethinkDB, **Port 29015** can expect inbound TCP traffic from other RethinkDB nodes in the RethinkDB cluster (for RethinkDB intracluster communications). +1. If you're using MongoDB, **Port 27017** can expect inbound TCP traffic from other nodes. All other ports should only get inbound traffic in response to specific requests from inside the node. @@ -59,6 +60,11 @@ If Gunicorn and the reverse proxy are running on the same server, then you'll ha You may want to have Gunicorn and the reverse proxy running on different servers, so that both can listen on port 9984. That would also help isolate the effects of a denial-of-service attack. +## Port 9985 + +Port 9985 is the default port for the [BigchainDB WebSocket Event Stream API](../websocket-event-stream-api.html). + + ## Port 28015 Port 28015 is the default port used by RethinkDB client driver connections (TCP). If your BigchainDB node is just one server, then Port 28015 only needs to listen on localhost, because all the client drivers will be running on localhost. Port 28015 doesn't need to accept inbound traffic from the outside world. From f94a1e020c2f77ef412efa0859414bdd48112828 Mon Sep 17 00:00:00 2001 From: vrde Date: Tue, 18 Apr 2017 15:57:50 +0200 Subject: [PATCH 263/283] Dispatcher is a consumer, no capped queue needed --- bigchaindb/web/websocket_server.py | 24 ++------------ tests/web/test_websocket_server.py | 51 ------------------------------ 2 files changed, 2 insertions(+), 73 deletions(-) diff --git a/bigchaindb/web/websocket_server.py b/bigchaindb/web/websocket_server.py index 5507f504..0aa51ecb 100644 --- a/bigchaindb/web/websocket_server.py +++ b/bigchaindb/web/websocket_server.py @@ -29,26 +29,6 @@ POISON_PILL = 'POISON_PILL' EVENTS_ENDPOINT = '/api/v1/streams/valid_tx' -def _put_into_capped_queue(queue, value): - """Put a new item in a capped queue. - - If the queue reached its limit, get the first element - ready and put the new one. Note that the first element - will be lost (that's the purpose of a capped queue). - - Args: - queue: a queue - value: the value to put - """ - while True: - try: - queue.put_nowait(value) - except asyncio.QueueFull: - queue.get_nowait() - else: - return - - def _multiprocessing_to_asyncio(in_queue, out_queue, loop): """Bridge between a synchronous multiprocessing queue and an asynchronous asyncio queue. @@ -60,7 +40,7 @@ def _multiprocessing_to_asyncio(in_queue, out_queue, loop): while True: value = in_queue.get() - loop.call_soon_threadsafe(_put_into_capped_queue, out_queue, value) + loop.call_soon_threadsafe(out_queue.put_nowait, value) class Dispatcher: @@ -161,7 +141,7 @@ def start(sync_event_source, loop=None): if not loop: loop = asyncio.get_event_loop() - event_source = asyncio.Queue(maxsize=1024, loop=loop) + event_source = asyncio.Queue(loop=loop) bridge = threading.Thread(target=_multiprocessing_to_asyncio, args=(sync_event_source, event_source, loop), diff --git a/tests/web/test_websocket_server.py b/tests/web/test_websocket_server.py index 6484ef4e..f25e183f 100644 --- a/tests/web/test_websocket_server.py +++ b/tests/web/test_websocket_server.py @@ -3,7 +3,6 @@ import json import queue import random import threading -import time from unittest.mock import patch import pytest @@ -64,56 +63,6 @@ def test_bridge_sync_async_queue(loop): assert async_queue.qsize() == 0 -@asyncio.coroutine -def test_put_into_capped_queue(loop): - from bigchaindb.web.websocket_server import _put_into_capped_queue - q = asyncio.Queue(maxsize=2, loop=loop) - - _put_into_capped_queue(q, 'Friday') - assert q._queue[0] == 'Friday' - - _put_into_capped_queue(q, "I'm") - assert q._queue[0] == 'Friday' - assert q._queue[1] == "I'm" - - _put_into_capped_queue(q, 'in') - assert q._queue[0] == "I'm" - assert q._queue[1] == 'in' - - _put_into_capped_queue(q, 'love') - assert q._queue[0] == 'in' - assert q._queue[1] == 'love' - - -@asyncio.coroutine -def test_capped_queue(loop): - from bigchaindb.web.websocket_server import _multiprocessing_to_asyncio - - sync_queue = queue.Queue() - async_queue = asyncio.Queue(maxsize=2, loop=loop) - - bridge = threading.Thread(target=_multiprocessing_to_asyncio, - args=(sync_queue, async_queue, loop), - daemon=True) - bridge.start() - - sync_queue.put('we') - sync_queue.put('are') - sync_queue.put('the') - sync_queue.put('robots') - - # Wait until the thread processes all the items - time.sleep(1) - - result = yield from async_queue.get() - assert result == 'the' - - result = yield from async_queue.get() - assert result == 'robots' - - assert async_queue.qsize() == 0 - - @patch('threading.Thread') @patch('aiohttp.web.run_app') @patch('bigchaindb.web.websocket_server.init_app') From b4eb75ede5c763f797012ca04b94b92e94be8bd7 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Thu, 13 Apr 2017 15:37:18 +0200 Subject: [PATCH 264/283] Use MongoDB as default db in docker-compose file --- docker-compose.yml | 4 +-- .../source/dev-and-test/setup-run-node.md | 12 +++---- tests/README.md | 32 +++++++++---------- 3 files changed, 24 insertions(+), 24 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index f5dbcdc9..fbd35022 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -28,7 +28,7 @@ services: - /data command: "true" - bdb: + bdb-rdb: build: context: . dockerfile: Dockerfile-dev @@ -50,7 +50,7 @@ services: - "9984" command: bigchaindb start - bdb-mdb: + bdb: build: context: . dockerfile: Dockerfile-dev diff --git a/docs/server/source/dev-and-test/setup-run-node.md b/docs/server/source/dev-and-test/setup-run-node.md index d53c2112..1b60e3c3 100644 --- a/docs/server/source/dev-and-test/setup-run-node.md +++ b/docs/server/source/dev-and-test/setup-run-node.md @@ -98,19 +98,19 @@ web interface at: http://0.0.0.0:58080/. Start a BigchainDB node: ```bash -docker-compose up -d bdb +docker-compose up -d bdb-rdb ``` You can monitor the logs: ```bash -docker-compose logs -f bdb +docker-compose logs -f bdb-rdb ``` If you wish to run the tests: ```bash -docker-compose run --rm bdb py.test -v -n auto +docker-compose run --rm bdb-rdb py.test -v -n auto ``` ### Docker with MongoDB @@ -130,19 +130,19 @@ $ docker-compose port mdb 27017 Start a BigchainDB node: ```bash -docker-compose up -d bdb-mdb +docker-compose up -d bdb ``` You can monitor the logs: ```bash -docker-compose logs -f bdb-mdb +docker-compose logs -f bdb ``` If you wish to run the tests: ```bash -docker-compose run --rm bdb-mdb py.test -v --database-backend=mongodb +docker-compose run --rm bdb py.test -v --database-backend=mongodb ``` ### Accessing the HTTP API diff --git a/tests/README.md b/tests/README.md index ce4ac22c..d0e2da52 100644 --- a/tests/README.md +++ b/tests/README.md @@ -68,20 +68,6 @@ The `pytest` command has many options. If you want to learn about all the things You can also use [Docker Compose](https://docs.docker.com/compose/) to run all the tests. -#### With RethinkDB as the backend - -First, start `RethinkDB` in the background: - -```text -$ docker-compose up -d rdb -``` - -then run the tests using: - -```text -$ docker-compose run --rm bdb py.test -v -``` - #### With MongoDB as the backend First, start `MongoDB` in the background: @@ -93,7 +79,7 @@ $ docker-compose up -d mdb then run the tests using: ```text -$ docker-compose run --rm bdb-mdb py.test -v +$ docker-compose run --rm bdb py.test -v ``` If you've upgraded to a newer version of BigchainDB, you might have to rebuild @@ -103,8 +89,22 @@ the images before being able to run the tests. Run: $ docker-compose build ``` +#### With RethinkDB as the backend + +First, start `RethinkDB` in the background: + +```text +$ docker-compose up -d rdb +``` + +then run the tests using: + +```text +$ docker-compose run --rm bdb-rdb py.test -v +``` + to rebuild all the images (usually you only need to rebuild the `bdb` and - `bdb-mdb` images). + `bdb-rdb` images). ## Automated Testing of All Pull Requests From 82a170402e826e508443d72e3bc254c71d5376e8 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Tue, 18 Apr 2017 11:57:54 +0200 Subject: [PATCH 265/283] Upgrade MongoDB in docker-compose file --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index fbd35022..322cbcf6 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,7 +2,7 @@ version: '2' services: mdb: - image: mongo:3.4.1 + image: mongo:3.4.3 ports: - "27017" command: mongod --replSet=bigchain-rs From 675d011a76337a105508faaa42a1a29e71ad4cce Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Tue, 18 Apr 2017 12:02:43 +0200 Subject: [PATCH 266/283] Set error logs file handler to a rotating one --- bigchaindb/log/configs.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/bigchaindb/log/configs.py b/bigchaindb/log/configs.py index 14c6e319..034256a4 100644 --- a/bigchaindb/log/configs.py +++ b/bigchaindb/log/configs.py @@ -50,11 +50,13 @@ SUBSCRIBER_LOGGING_CONFIG = { 'level': logging.INFO, }, 'errors': { - 'class': 'logging.FileHandler', + 'class': 'logging.handlers.RotatingFileHandler', 'filename': join(DEFAULT_LOG_DIR, 'bigchaindb-errors.log'), 'mode': 'w', - 'level': logging.ERROR, + 'maxBytes': 209715200, + 'backupCount': 5, 'formatter': 'file', + 'level': logging.ERROR, }, }, 'loggers': {}, From 6d4245dfd91b02382fb229400cc6a6400d341480 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Tue, 18 Apr 2017 12:05:05 +0200 Subject: [PATCH 267/283] Set error log file according to user given setting --- bigchaindb/log/setup.py | 6 +++++- tests/log/test_setup.py | 4 ++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/bigchaindb/log/setup.py b/bigchaindb/log/setup.py index f3e8f7a3..b6b45b00 100644 --- a/bigchaindb/log/setup.py +++ b/bigchaindb/log/setup.py @@ -49,7 +49,7 @@ def setup_logging(*, user_log_config=None): setup_sub_logger(user_log_config=user_log_config) -def create_subscriber_logging_config(*, user_log_config=None): +def create_subscriber_logging_config(*, user_log_config=None): # noqa: C901 sub_log_config = deepcopy(SUBSCRIBER_LOGGING_CONFIG) if not user_log_config: @@ -59,6 +59,10 @@ def create_subscriber_logging_config(*, user_log_config=None): filename = user_log_config['file'] sub_log_config['handlers']['file']['filename'] = filename + if 'error_file' in user_log_config: + error_filename = user_log_config['error_file'] + sub_log_config['handlers']['errors']['filename'] = error_filename + if 'level_console' in user_log_config: level = _normalize_log_level(user_log_config['level_console']) sub_log_config['handlers']['console']['level'] = level diff --git a/tests/log/test_setup.py b/tests/log/test_setup.py index 39a55995..0e608d26 100644 --- a/tests/log/test_setup.py +++ b/tests/log/test_setup.py @@ -137,6 +137,7 @@ def test_create_subscriber_logging_config_with_user_given_config(): SUBSCRIBER_LOGGING_CONFIG as expected_log_config) user_log_config = { 'file': '/var/log/bigchaindb/bdb.log', + 'error_file': '/var/log/bigchaindb/bdb-err.log', 'level_console': 'warning', 'level_logfile': 'info', 'fmt_console': '[%(levelname)s] (%(name)s) %(message)s', @@ -167,7 +168,10 @@ def test_create_subscriber_logging_config_with_user_given_config(): user_log_config['level_console'].upper()) assert (config['handlers']['file']['level'] == user_log_config['level_logfile'].upper()) + assert config['handlers']['errors']['level'] == logging.ERROR assert config['handlers']['file']['filename'] == user_log_config['file'] + assert (config['handlers']['errors']['filename'] == + user_log_config['error_file']) del config['handlers']['console']['level'] del config['handlers']['file']['level'] del config['handlers']['file']['filename'] From 4c0fc52e9e3a8e6f37470ce10af7670f631efdb8 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Tue, 18 Apr 2017 12:05:36 +0200 Subject: [PATCH 268/283] Document error log file setting and log rotation --- .../source/server-reference/configuration.md | 38 ++++++++++++++++--- 1 file changed, 33 insertions(+), 5 deletions(-) diff --git a/docs/server/source/server-reference/configuration.md b/docs/server/source/server-reference/configuration.md index df508326..c15fec52 100644 --- a/docs/server/source/server-reference/configuration.md +++ b/docs/server/source/server-reference/configuration.md @@ -26,6 +26,7 @@ For convenience, here's a list of all the relevant environment variables (docume `BIGCHAINDB_BACKLOG_REASSIGN_DELAY`
    `BIGCHAINDB_LOG`
    `BIGCHAINDB_LOG_FILE`
    +`BIGCHAINDB_LOG_ERROR_FILE`
    `BIGCHAINDB_LOG_LEVEL_CONSOLE`
    `BIGCHAINDB_LOG_LEVEL_LOGFILE`
    `BIGCHAINDB_LOG_DATEFMT_CONSOLE`
    @@ -205,6 +206,7 @@ holding the logging configuration. { "log": { "file": "/var/log/bigchaindb.log", + "error_file": "/var/log/bigchaindb-errors.log", "level_console": "info", "level_logfile": "info", "datefmt_console": "%Y-%m-%d %H:%M:%S", @@ -240,8 +242,8 @@ internal defaults are used, such that the actual operational default is: The next subsections explain each field of the `log` configuration. -### log.file -The full path to the file where logs should be written to. +### log.file & log.error_file +The full paths to the files where logs and error logs should be written to. **Example**: @@ -249,15 +251,41 @@ The full path to the file where logs should be written to. { "log": { "file": "/var/log/bigchaindb/bigchaindb.log" + "error_file": "/var/log/bigchaindb/bigchaindb-errors.log" } } ``` -**Defaults to**: `"~/bigchaindb.log"`. +**Defaults to**: + + * `"~/bigchaindb.log"` + * `"~/bigchaindb-errors.log"` Please note that the user running `bigchaindb` must have write access to the -location. - +locations. + +#### Log rotation + +Log files have a size limit of 200 MB and will be rotated up to five times. + +For example if we consider the log file setting: + +``` +{ + "log": { + "file": "~/bigchain.log" + } +} +``` + +logs would always be written to `bigchain.log`. Each time the file +`bigchain.log` reaches 200 MB it would be closed and renamed +`bigchain.log.1`. If `bigchain.log.1` and `bigchain.log.2` already exist they +would be renamed `bigchain.log.2` and `bigchain.log.3`. This pattern would be +applied up to `bigchain.log.5` after which `bigchain.log.5` would be +overwritten by `bigchain.log.4`, thus ending the rotation cycle of whatever +logs were in `bigchain.log.5`. + ### log.level_console The log level used to log to the console. Possible allowed values are the ones From b3290f12d24aed895e5e5eb1c8ab89935adbd323 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Tue, 18 Apr 2017 14:51:12 +0200 Subject: [PATCH 269/283] Apply log level cmd line option to log file --- bigchaindb/__init__.py | 26 +++++++++++++------------- bigchaindb/commands/utils.py | 5 ++++- tests/commands/test_utils.py | 3 ++- 3 files changed, 19 insertions(+), 15 deletions(-) diff --git a/bigchaindb/__init__.py b/bigchaindb/__init__.py index 98e6b27b..fc8142a0 100644 --- a/bigchaindb/__init__.py +++ b/bigchaindb/__init__.py @@ -1,6 +1,9 @@ import copy +import logging import os +from bigchaindb.log.configs import SUBSCRIBER_LOGGING_CONFIG as log_config + # from functools import reduce # PORT_NUMBER = reduce(lambda x, y: x * y, map(ord, 'BigchainDB')) % 2**16 # basically, the port number is 9984 @@ -73,19 +76,16 @@ config = { 'keyring': [], 'backlog_reassign_delay': 120, 'log': { - # TODO Document here or elsewhere. - # Example of config: - # 'file': '/var/log/bigchaindb.log', - # 'level_console': 'info', - # 'level_logfile': 'info', - # 'datefmt_console': '%Y-%m-%d %H:%M:%S', - # 'datefmt_logfile': '%Y-%m-%d %H:%M:%S', - # 'fmt_console': '%(asctime)s [%(levelname)s] (%(name)s) %(message)s', - # 'fmt_logfile': '%(asctime)s [%(levelname)s] (%(name)s) %(message)s', - # 'granular_levels': { - # 'bichaindb.backend': 'info', - # 'bichaindb.core': 'info', - # }, + 'file': log_config['handlers']['file']['filename'], + 'error_file': log_config['handlers']['errors']['filename'], + 'level_console': logging.getLevelName( + log_config['handlers']['console']['level']), + 'level_logfile': logging.getLevelName( + log_config['handlers']['file']['level']), + 'datefmt_console': log_config['formatters']['console']['datefmt'], + 'datefmt_logfile': log_config['formatters']['file']['datefmt'], + 'fmt_console': log_config['formatters']['console']['format'], + 'fmt_logfile': log_config['formatters']['file']['format'], }, } diff --git a/bigchaindb/commands/utils.py b/bigchaindb/commands/utils.py index cd59856c..d6840d68 100644 --- a/bigchaindb/commands/utils.py +++ b/bigchaindb/commands/utils.py @@ -36,7 +36,10 @@ def configure_bigchaindb(command): def configure(args): try: config_from_cmdline = { - 'log': {'level_console': args.log_level}, + 'log': { + 'level_console': args.log_level, + 'level_logfile': args.log_level, + }, 'server': {'loglevel': args.log_level}, } except AttributeError: diff --git a/tests/commands/test_utils.py b/tests/commands/test_utils.py index 85aa8de4..d361efcb 100644 --- a/tests/commands/test_utils.py +++ b/tests/commands/test_utils.py @@ -76,7 +76,8 @@ def test_configure_bigchaindb_logging(log_level): args = Namespace(config=None, log_level=log_level) test_configure_logger(args) from bigchaindb import config - assert config['log'] == {'level_console': log_level} + assert config['log']['level_console'] == log_level + assert config['log']['level_logfile'] == log_level def test_start_raises_if_command_not_implemented(): From 4d8f9dd777c81b90824eea1647b0598c339271aa Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Tue, 18 Apr 2017 14:57:11 +0200 Subject: [PATCH 270/283] Explicitly set default log config Closes #1318 --- bigchaindb/__init__.py | 3 +++ tests/commands/rethinkdb/test_commands.py | 3 ++- tests/commands/test_commands.py | 18 ++++++++++------ tests/commands/test_utils.py | 17 +++++++-------- tests/test_config_utils.py | 26 ++++++++++++++++++++--- 5 files changed, 48 insertions(+), 19 deletions(-) diff --git a/bigchaindb/__init__.py b/bigchaindb/__init__.py index fc8142a0..c8ea8185 100644 --- a/bigchaindb/__init__.py +++ b/bigchaindb/__init__.py @@ -59,6 +59,8 @@ config = { # Note: this section supports all the Gunicorn settings: # - http://docs.gunicorn.org/en/stable/settings.html 'bind': os.environ.get('BIGCHAINDB_SERVER_BIND') or 'localhost:9984', + 'loglevel': logging.getLevelName( + log_config['handlers']['console']['level']).lower(), 'workers': None, # if none, the value will be cpu_count * 2 + 1 'threads': None, # if none, the value will be cpu_count * 2 + 1 }, @@ -86,6 +88,7 @@ config = { 'datefmt_logfile': log_config['formatters']['file']['datefmt'], 'fmt_console': log_config['formatters']['console']['format'], 'fmt_logfile': log_config['formatters']['file']['format'], + 'granular_levels': {}, }, } diff --git a/tests/commands/rethinkdb/test_commands.py b/tests/commands/rethinkdb/test_commands.py index 0eab914c..e40b3ff2 100644 --- a/tests/commands/rethinkdb/test_commands.py +++ b/tests/commands/rethinkdb/test_commands.py @@ -11,12 +11,13 @@ def test_bigchain_run_start_with_rethinkdb(mock_start_rethinkdb, mock_processes_start, mock_db_init_with_existing_db, mocked_setup_logging): + from bigchaindb import config from bigchaindb.commands.bigchaindb import run_start args = Namespace(start_rethinkdb=True, allow_temp_keypair=False, config=None, yes=True) run_start(args) mock_start_rethinkdb.assert_called_with() - mocked_setup_logging.assert_called_once_with(user_log_config={}) + mocked_setup_logging.assert_called_once_with(user_log_config=config['log']) @patch('subprocess.Popen') diff --git a/tests/commands/test_commands.py b/tests/commands/test_commands.py index 087e1afe..37079ddd 100644 --- a/tests/commands/test_commands.py +++ b/tests/commands/test_commands.py @@ -37,10 +37,11 @@ def test_bigchain_run_start(mock_run_configure, mock_processes_start, mock_db_init_with_existing_db, mocked_setup_logging): + from bigchaindb import config from bigchaindb.commands.bigchaindb import run_start args = Namespace(start_rethinkdb=False, allow_temp_keypair=False, config=None, yes=True) run_start(args) - mocked_setup_logging.assert_called_once_with(user_log_config={}) + mocked_setup_logging.assert_called_once_with(user_log_config=config['log']) @pytest.mark.skipif(reason="BigchainDB doesn't support the automatic creation of a config file anymore") @@ -288,7 +289,8 @@ def test_allow_temp_keypair_generates_one_on_the_fly( args = Namespace(allow_temp_keypair=True, start_rethinkdb=False, config=None, yes=True) run_start(args) - mocked_setup_logging.assert_called_once_with(user_log_config={}) + mocked_setup_logging.assert_called_once_with( + user_log_config=bigchaindb.config['log']) assert bigchaindb.config['keypair']['private'] == 'private_key' assert bigchaindb.config['keypair']['public'] == 'public_key' @@ -313,7 +315,8 @@ def test_allow_temp_keypair_doesnt_override_if_keypair_found(mock_gen_keypair, args = Namespace(allow_temp_keypair=True, start_rethinkdb=False, config=None, yes=True) run_start(args) - mocked_setup_logging.assert_called_once_with(user_log_config={}) + mocked_setup_logging.assert_called_once_with( + user_log_config=bigchaindb.config['log']) assert bigchaindb.config['keypair']['private'] == original_private_key assert bigchaindb.config['keypair']['public'] == original_public_key @@ -322,6 +325,7 @@ def test_run_start_when_db_already_exists(mocker, monkeypatch, run_start_args, mocked_setup_logging): + from bigchaindb import config from bigchaindb.commands.bigchaindb import run_start from bigchaindb.common.exceptions import DatabaseAlreadyExists mocked_start = mocker.patch('bigchaindb.processes.start') @@ -332,7 +336,7 @@ def test_run_start_when_db_already_exists(mocker, monkeypatch.setattr( 'bigchaindb.commands.bigchaindb._run_init', mock_run_init) run_start(run_start_args) - mocked_setup_logging.assert_called_once_with(user_log_config={}) + mocked_setup_logging.assert_called_once_with(user_log_config=config['log']) assert mocked_start.called @@ -340,6 +344,7 @@ def test_run_start_when_keypair_not_found(mocker, monkeypatch, run_start_args, mocked_setup_logging): + from bigchaindb import config from bigchaindb.commands.bigchaindb import run_start from bigchaindb.commands.messages import CANNOT_START_KEYPAIR_NOT_FOUND from bigchaindb.common.exceptions import KeypairNotFoundException @@ -354,7 +359,7 @@ def test_run_start_when_keypair_not_found(mocker, with pytest.raises(SystemExit) as exc: run_start(run_start_args) - mocked_setup_logging.assert_called_once_with(user_log_config={}) + mocked_setup_logging.assert_called_once_with(user_log_config=config['log']) assert len(exc.value.args) == 1 assert exc.value.args[0] == CANNOT_START_KEYPAIR_NOT_FOUND assert not mocked_start.called @@ -364,6 +369,7 @@ def test_run_start_when_start_rethinkdb_fails(mocker, monkeypatch, run_start_args, mocked_setup_logging): + from bigchaindb import config from bigchaindb.commands.bigchaindb import run_start from bigchaindb.commands.messages import RETHINKDB_STARTUP_ERROR from bigchaindb.common.exceptions import StartupError @@ -380,7 +386,7 @@ def test_run_start_when_start_rethinkdb_fails(mocker, with pytest.raises(SystemExit) as exc: run_start(run_start_args) - mocked_setup_logging.assert_called_once_with(user_log_config={}) + mocked_setup_logging.assert_called_once_with(user_log_config=config['log']) assert len(exc.value.args) == 1 assert exc.value.args[0] == RETHINKDB_STARTUP_ERROR.format(err_msg) assert not mocked_start.called diff --git a/tests/commands/test_utils.py b/tests/commands/test_utils.py index d361efcb..0ddec6ef 100644 --- a/tests/commands/test_utils.py +++ b/tests/commands/test_utils.py @@ -57,17 +57,16 @@ def test_configure_bigchaindb_configures_bigchaindb(): @pytest.mark.usefixtures('ignore_local_config_file', 'reset_bigchaindb_config', 'reset_logging_config') -@pytest.mark.parametrize('log_level', ( - logging.DEBUG, - logging.INFO, - logging.WARNING, - logging.ERROR, - logging.CRITICAL, -)) +@pytest.mark.parametrize('log_level', tuple(map( + logging.getLevelName, + (logging.DEBUG, + logging.INFO, + logging.WARNING, + logging.ERROR, + logging.CRITICAL) +))) def test_configure_bigchaindb_logging(log_level): from bigchaindb.commands.utils import configure_bigchaindb - from bigchaindb import config - assert not config['log'] @configure_bigchaindb def test_configure_logger(args): diff --git a/tests/test_config_utils.py b/tests/test_config_utils.py index 7ee74432..f93d0bd2 100644 --- a/tests/test_config_utils.py +++ b/tests/test_config_utils.py @@ -1,4 +1,5 @@ import copy +import logging from unittest.mock import mock_open, patch import pytest @@ -147,12 +148,16 @@ def test_autoconfigure_read_both_from_file_and_env(monkeypatch, request): WSSERVER_HOST = '1.2.3.4' WSSERVER_PORT = 57 KEYRING = 'pubkey_0:pubkey_1:pubkey_2' + LOG_FILE = '/somewhere/something.log' file_config = { 'database': { 'host': DATABASE_HOST }, - 'backlog_reassign_delay': 5 + 'backlog_reassign_delay': 5, + 'log': { + 'level_console': 'debug', + }, } monkeypatch.setattr('bigchaindb.config_utils.file_config', lambda *args, **kwargs: file_config) monkeypatch.setattr('os.environ', {'BIGCHAINDB_DATABASE_NAME': DATABASE_NAME, @@ -161,10 +166,12 @@ def test_autoconfigure_read_both_from_file_and_env(monkeypatch, request): 'BIGCHAINDB_SERVER_BIND': SERVER_BIND, 'BIGCHAINDB_WSSERVER_HOST': WSSERVER_HOST, 'BIGCHAINDB_WSSERVER_PORT': WSSERVER_PORT, - 'BIGCHAINDB_KEYRING': KEYRING}) + 'BIGCHAINDB_KEYRING': KEYRING, + 'BIGCHAINDB_LOG_FILE': LOG_FILE}) import bigchaindb from bigchaindb import config_utils + from bigchaindb.log.configs import SUBSCRIBER_LOGGING_CONFIG as log_config config_utils.autoconfigure() database_rethinkdb = { @@ -199,6 +206,8 @@ def test_autoconfigure_read_both_from_file_and_env(monkeypatch, request): 'CONFIGURED': True, 'server': { 'bind': SERVER_BIND, + 'loglevel': logging.getLevelName( + log_config['handlers']['console']['level']).lower(), 'workers': None, 'threads': None, }, @@ -213,7 +222,18 @@ def test_autoconfigure_read_both_from_file_and_env(monkeypatch, request): }, 'keyring': KEYRING.split(':'), 'backlog_reassign_delay': 5, - 'log': {}, + 'log': { + 'file': LOG_FILE, + 'error_file': log_config['handlers']['errors']['filename'], + 'level_console': 'debug', + 'level_logfile': logging.getLevelName( + log_config['handlers']['file']['level']), + 'datefmt_console': log_config['formatters']['console']['datefmt'], + 'datefmt_logfile': log_config['formatters']['file']['datefmt'], + 'fmt_console': log_config['formatters']['console']['format'], + 'fmt_logfile': log_config['formatters']['file']['format'], + 'granular_levels': {}, + }, } From 965334e9b65e345236fd385737975b087e1f0a2b Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Tue, 18 Apr 2017 15:58:14 +0200 Subject: [PATCH 271/283] Use lower case for default log level --- bigchaindb/__init__.py | 4 ++-- tests/test_config_utils.py | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bigchaindb/__init__.py b/bigchaindb/__init__.py index c8ea8185..9c981385 100644 --- a/bigchaindb/__init__.py +++ b/bigchaindb/__init__.py @@ -81,9 +81,9 @@ config = { 'file': log_config['handlers']['file']['filename'], 'error_file': log_config['handlers']['errors']['filename'], 'level_console': logging.getLevelName( - log_config['handlers']['console']['level']), + log_config['handlers']['console']['level']).lower(), 'level_logfile': logging.getLevelName( - log_config['handlers']['file']['level']), + log_config['handlers']['file']['level']).lower(), 'datefmt_console': log_config['formatters']['console']['datefmt'], 'datefmt_logfile': log_config['formatters']['file']['datefmt'], 'fmt_console': log_config['formatters']['console']['format'], diff --git a/tests/test_config_utils.py b/tests/test_config_utils.py index f93d0bd2..bb445d83 100644 --- a/tests/test_config_utils.py +++ b/tests/test_config_utils.py @@ -227,7 +227,7 @@ def test_autoconfigure_read_both_from_file_and_env(monkeypatch, request): 'error_file': log_config['handlers']['errors']['filename'], 'level_console': 'debug', 'level_logfile': logging.getLevelName( - log_config['handlers']['file']['level']), + log_config['handlers']['file']['level']).lower(), 'datefmt_console': log_config['formatters']['console']['datefmt'], 'datefmt_logfile': log_config['formatters']['file']['datefmt'], 'fmt_console': log_config['formatters']['console']['format'], From 8206a4a18c8aa98bdffd06a48951f54d524cba94 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Tue, 18 Apr 2017 15:59:31 +0200 Subject: [PATCH 272/283] Update docs --- docs/server/source/server-reference/configuration.md | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/docs/server/source/server-reference/configuration.md b/docs/server/source/server-reference/configuration.md index c15fec52..6f3c8878 100644 --- a/docs/server/source/server-reference/configuration.md +++ b/docs/server/source/server-reference/configuration.md @@ -220,21 +220,19 @@ holding the logging configuration. } ``` -**Defaults to**: `"{}"`. - -Please note that although the default is `"{}"` as per the configuration file, -internal defaults are used, such that the actual operational default is: +**Defaults to**: ``` { "log": { "file": "~/bigchaindb.log", + "error_file": "~/bigchaindb-errors.log", "level_console": "info", "level_logfile": "info", "datefmt_console": "%Y-%m-%d %H:%M:%S", "datefmt_logfile": "%Y-%m-%d %H:%M:%S", - "fmt_console": "%(asctime)s [%(levelname)s] (%(name)s) %(message)s", - "fmt_logfile": "%(asctime)s [%(levelname)s] (%(name)s) %(message)s", + "fmt_logfile": "[%(asctime)s] [%(levelname)s] (%(name)s) %(message)s (%(processName)-10s - pid: %(process)d)", + "fmt_console": "[%(asctime)s] [%(levelname)s] (%(name)s) %(message)s (%(processName)-10s - pid: %(process)d)", "granular_levels": {} } ``` From e5eb49952950decacffdc50639adef4fe3bead23 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Tue, 18 Apr 2017 16:22:17 +0200 Subject: [PATCH 273/283] more updates to changelog for 0.10.0 --- CHANGELOG.md | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 453d41ed..4ada804c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -25,14 +25,20 @@ Tag name: v0.10.0 [#1324](https://github.com/bigchaindb/bigchaindb/pull/1324), [#1326](https://github.com/bigchaindb/bigchaindb/pull/1326), [#1327](https://github.com/bigchaindb/bigchaindb/pull/1327), -[#1330](https://github.com/bigchaindb/bigchaindb/pull/1330) and -[#1365](https://github.com/bigchaindb/bigchaindb/pull/1365) +[#1330](https://github.com/bigchaindb/bigchaindb/pull/1330), +[#1365](https://github.com/bigchaindb/bigchaindb/pull/1365), +[#1394](https://github.com/bigchaindb/bigchaindb/pull/1394), +[#1396](https://github.com/bigchaindb/bigchaindb/pull/1396), +[#1398](https://github.com/bigchaindb/bigchaindb/pull/1398) and +[#1402](https://github.com/bigchaindb/bigchaindb/pull/1402) * Events API using WebSocket protocol. Pull Requests [#1086](https://github.com/bigchaindb/bigchaindb/pull/1086), [#1347](https://github.com/bigchaindb/bigchaindb/pull/1347), [#1349](https://github.com/bigchaindb/bigchaindb/pull/1349), -[#1356](https://github.com/bigchaindb/bigchaindb/pull/1356) and -[#1368](https://github.com/bigchaindb/bigchaindb/pull/1368) +[#1356](https://github.com/bigchaindb/bigchaindb/pull/1356), +[#1368](https://github.com/bigchaindb/bigchaindb/pull/1368), +[#1401](https://github.com/bigchaindb/bigchaindb/pull/1401) and +[#1403](https://github.com/bigchaindb/bigchaindb/pull/1403) * Initial support for using SSL with MongoDB (work in progress). Pull Requests [#1299](https://github.com/bigchaindb/bigchaindb/pull/1299) and [#1348](https://github.com/bigchaindb/bigchaindb/pull/1348) From 44aa52b71a53e1aca058f13754ba18840278d55a Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Tue, 18 Apr 2017 16:55:57 +0200 Subject: [PATCH 274/283] updated version.py for the 0.10.0 release --- bigchaindb/version.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bigchaindb/version.py b/bigchaindb/version.py index c59a3cbe..2b3026d5 100644 --- a/bigchaindb/version.py +++ b/bigchaindb/version.py @@ -1,2 +1,2 @@ -__version__ = '0.10.0.dev' -__short_version__ = '0.10.dev' +__version__ = '0.10.0' +__short_version__ = '0.10' From 3c9753221939cd7190775ab9b9c7cde8ef2ce475 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Tue, 18 Apr 2017 17:35:12 +0200 Subject: [PATCH 275/283] Update Makefile so 'release' depends on 'dist' --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 37bf6db8..a3012a03 100644 --- a/Makefile +++ b/Makefile @@ -70,7 +70,7 @@ docs: ## generate Sphinx HTML documentation, including API docs servedocs: docs ## compile the docs watching for changes watchmedo shell-command -p '*.rst' -c '$(MAKE) -C docs html' -R -D . -release: clean ## package and upload a release +release: dist ## package and upload a release twine upload dist/* dist: clean ## builds source (and not for now, wheel package) From 9e52537cd3e5f7043cbd35f9af86f414119bd220 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Tue, 18 Apr 2017 17:45:18 +0200 Subject: [PATCH 276/283] updated version in version.py to 0.11.0.dev --- bigchaindb/version.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bigchaindb/version.py b/bigchaindb/version.py index 2b3026d5..6bf027a0 100644 --- a/bigchaindb/version.py +++ b/bigchaindb/version.py @@ -1,2 +1,2 @@ -__version__ = '0.10.0' -__short_version__ = '0.10' +__version__ = '0.11.0.dev' +__short_version__ = '0.11.dev' From 411e682a6c62a0ee2eb300836026bf6e9bbe8552 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Wed, 19 Apr 2017 11:21:59 +0200 Subject: [PATCH 277/283] added docs for wssserver.host and .port --- .../source/server-reference/configuration.md | 36 +++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/docs/server/source/server-reference/configuration.md b/docs/server/source/server-reference/configuration.md index 6f3c8878..053ed68b 100644 --- a/docs/server/source/server-reference/configuration.md +++ b/docs/server/source/server-reference/configuration.md @@ -22,6 +22,8 @@ For convenience, here's a list of all the relevant environment variables (docume `BIGCHAINDB_SERVER_LOGLEVEL`
    `BIGCHAINDB_SERVER_WORKERS`
    `BIGCHAINDB_SERVER_THREADS`
    +`BIGCHAINDB_WSSERVER_HOST`
    +`BIGCHAINDB_WSSERVER_PORT`
    `BIGCHAINDB_CONFIG_PATH`
    `BIGCHAINDB_BACKLOG_REASSIGN_DELAY`
    `BIGCHAINDB_LOG`
    @@ -180,6 +182,40 @@ export BIGCHAINDB_SERVER_THREADS=5 } ``` + +## wsserver.host and wsserver.port + +These settings are for the +[aiohttp server](https://aiohttp.readthedocs.io/en/stable/index.html), +which is used to serve the +[WebSocket Event Stream API](../websocket-event-stream-api.html). +`wsserver.host` is where to bind the aiohttp server socket and +`wsserver.port` is the corresponding port. +If you want to allow connections from anyone, on port 9985, +set `wsserver.host` to 0.0.0.0 and `wsserver.port` to 9985. + +**Example using environment variables** +```text +export BIGCHAINDB_WSSERVER_HOST=0.0.0.0 +export BIGCHAINDB_WSSERVER_PORT=9985 +``` + +**Example config file snippet** +```js +"wsserver": { + "host": "0.0.0.0", + "port": 65000 +} +``` + +**Default values (from a config file)** +```js +"wsserver": { + "host": "localhost", + "port": 9985 +} +``` + ## backlog_reassign_delay Specifies how long, in seconds, transactions can remain in the backlog before being reassigned. Long-waiting transactions must be reassigned because the assigned node may no longer be responsive. The default duration is 120 seconds. From ecbcf68de7ceefad6814679fa8004c6531074620 Mon Sep 17 00:00:00 2001 From: Krish Date: Wed, 19 Apr 2017 16:07:44 +0200 Subject: [PATCH 278/283] Refactor Dockerfile post `locale` errors (#1410) * Basing BigchainDB docker image from `python:3.6` in `Dockerfile` and `Dockerfile-dev`. * Added ENV var for websocket interface * Optimization to Dockerfile-dev to save build time during dev/test. Pre-installing the `pynacl` dependeny in separate command so that devs do not need to wait while testing. The trade-off is that devs will need to clear (`rmi`) the image to start from scratch. --- Dockerfile | 39 ++++++++------------------------------- Dockerfile-dev | 24 ++++++++++++++++-------- 2 files changed, 24 insertions(+), 39 deletions(-) diff --git a/Dockerfile b/Dockerfile index 021f6772..cdcb4289 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,40 +1,17 @@ -FROM ubuntu:xenial - -ENV LANG en_US.UTF-8 -ENV DEBIAN_FRONTEND noninteractive - +FROM python:3.6 +LABEL maintainer "dev@bigchaindb.com" RUN mkdir -p /usr/src/app COPY . /usr/src/app/ WORKDIR /usr/src/app - -RUN locale-gen en_US.UTF-8 && \ - apt-get -q update && \ - apt-get install -qy --no-install-recommends \ - python3 \ - python3-pip \ - libffi-dev \ - python3-dev \ - build-essential && \ - \ - pip3 install --upgrade --no-cache-dir pip setuptools && \ - \ - pip3 install --no-cache-dir -e . && \ - \ - apt-get remove -qy --purge gcc cpp binutils perl && \ - apt-get -qy autoremove && \ - apt-get -q clean all && \ - rm -rf /usr/share/perl /usr/share/perl5 /usr/share/man /usr/share/info /usr/share/doc && \ - rm -rf /var/lib/apt/lists/* - +RUN apt-get -qq update \ + && apt-get -y upgrade \ + && pip install --no-cache-dir -e . \ + && apt-get autoremove \ + && apt-get clean VOLUME ["/data"] WORKDIR /data - ENV BIGCHAINDB_CONFIG_PATH /data/.bigchaindb ENV BIGCHAINDB_SERVER_BIND 0.0.0.0:9984 -# BigchainDB Server doesn't need BIGCHAINDB_API_ENDPOINT any more -# but maybe our Docker or Docker Compose stuff does? -# ENV BIGCHAINDB_API_ENDPOINT http://bigchaindb:9984/api/v1 - +ENV BIGCHAINDB_WSSERVER_HOST 0.0.0.0 ENTRYPOINT ["bigchaindb"] - CMD ["start"] diff --git a/Dockerfile-dev b/Dockerfile-dev index 2ae4e2ba..17c8b073 100644 --- a/Dockerfile-dev +++ b/Dockerfile-dev @@ -1,13 +1,21 @@ -FROM python:3.5 +FROM python:3.6 +LABEL maintainer "dev@bigchaindb.com" -RUN apt-get update && apt-get install -y python3.4 vim +RUN apt-get update \ + && apt-get install -y vim \ + && pip install pynacl \ + && apt-get autoremove \ + && apt-get clean + +VOLUME ["/data"] +WORKDIR /data + +ENV BIGCHAINDB_CONFIG_PATH /data/.bigchaindb +ENV BIGCHAINDB_SERVER_BIND 0.0.0.0:9984 +ENV BIGCHAINDB_WSSERVER_HOST 0.0.0.0 RUN mkdir -p /usr/src/app -WORKDIR /usr/src/app - -RUN pip install --upgrade pip - COPY . /usr/src/app/ - +WORKDIR /usr/src/app RUN pip install --no-cache-dir -e .[dev] -RUN bigchaindb -y configure rethinkdb +RUN bigchaindb -y configure mongodb From e97ce7683676bc36095d93cbeee32ab70f938b80 Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Wed, 19 Apr 2017 16:11:11 +0200 Subject: [PATCH 279/283] Updated CHANGELOG.md for v0.10.1 --- CHANGELOG.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4ada804c..3db903e3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,16 @@ For reference, the possible headings are: * **External Contributors** to list contributors outside of BigchainDB GmbH. * **Notes** +## [0.10.1] - 2017-04-19 +Tag name: v0.10.1 + +## Added +* Documentation for the BigchainDB settings `wsserver.host` and `wsserver.port`. [Pull Request #1408](https://github.com/bigchaindb/bigchaindb/pull/1408) + +## Fixed +* Fixed `Dockerfile`, which was failing to build. It now starts `FROM python:3.6` (instead of `FROM ubuntu:xenial`). [Pull Request #1410](https://github.com/bigchaindb/bigchaindb/pull/1410) +* Fixed the `Makefile` so that `release` depends on `dist`. [Pull Request #1405](https://github.com/bigchaindb/bigchaindb/pull/1405) + ## [0.10.0] - 2017-04-18 Tag name: v0.10.0 From 4f5ec32d2af65aac4bfe7d865c045ab38a63453e Mon Sep 17 00:00:00 2001 From: Troy McConaghy Date: Wed, 19 Apr 2017 16:52:03 +0200 Subject: [PATCH 280/283] minor addition to Release_Process.md --- Release_Process.md | 1 + 1 file changed, 1 insertion(+) diff --git a/Release_Process.md b/Release_Process.md index 22572837..e4a988a1 100644 --- a/Release_Process.md +++ b/Release_Process.md @@ -27,6 +27,7 @@ A patch release is similar to a minor release, but piggybacks on an existing min 1. Apply the changes you want, e.g. using `git cherry-pick`. 1. Update the `CHANGELOG.md` file 1. Increment the patch version in `bigchaindb/version.py`, e.g. "0.9.1" +1. Commit that change, and push the updated branch to GitHub 1. Follow steps outlined in [Common Steps](#common-steps) 1. Cherry-pick the `CHANGELOG.md` update commit (made above) to the `master` branch From f2e14fb73cc680744699300bb74a20bbff85bb0a Mon Sep 17 00:00:00 2001 From: Krish Date: Thu, 20 Apr 2017 10:38:06 +0200 Subject: [PATCH 281/283] Remove `editable` flag in Dockerfile (#1416) From `pip install --help`: ``` -e, --editable Install a project in editable mode (i.e. setuptools "develop mode") from a local project path or a VCS url. ``` --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index cdcb4289..807761fe 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,7 +5,7 @@ COPY . /usr/src/app/ WORKDIR /usr/src/app RUN apt-get -qq update \ && apt-get -y upgrade \ - && pip install --no-cache-dir -e . \ + && pip install --no-cache-dir . \ && apt-get autoremove \ && apt-get clean VOLUME ["/data"] From cc66d5aaa5e83e48746bc17ceccb7d2f633f03d8 Mon Sep 17 00:00:00 2001 From: Krish Date: Fri, 21 Apr 2017 14:41:12 +0200 Subject: [PATCH 282/283] Single node setup (#1418) * Add more tools to the toolbox container * Add mongodb monitoring agent * Add a bigchaindb/mongodb-monitoring-agent container that includes the monitoring agent. * It makes use of an api key provided by MongoDB Cloud Manager. This is included in the configuration/config-map.yaml file. * Changes to mongodb StatefulSet configuration Changes to bump up mongodb version to v3.4.3. Add configuration settings for mongodb instance name in ConfigMap. Split the mongodb service to a new configuration file. * Modify bigchaindb deployment config * Bugfix to remove keyring field for the first node. * Split the mongodb service to a new configuration file. * Add mongodb backup agent * Add a bigchaindb/mongodb-backup-agent container that includes the backup agent. * It makes use of an api key provided by MongoDB Cloud Manager. This is included in the configuration/config-map.yaml file. * Changes to nginx deployment config * Allow 'all' by default for now. This is included in the configuration/config-map.yaml file. * Dynamically resolve DNS addresses of our backend services; cache DNS resolution for 20s. * Configure DNS based on user provided resolver. This helps in user deciding to provide 8.8.8.8 or a custom DNS for name resolution. For k8s deployments, we use the hardcoded k8s DNS IP of 10.0.0.10. * Changes to nginx-3scale deployment config * Use the common ConfigMap in configuration/config-map.yaml file. * Removing prefix `v` from the docker tag for mongodb-monitoring-agent and mongodb containers * Bumping up version for nginx-3scale container * Add small helper scripts for docker build and push of mongodb monitoring and backup agents * Documentation for setting up the first node with monitoring and backup agents --- .../cloud-deployment-templates/first-node.rst | 455 ++++++++++++++++++ .../cloud-deployment-templates/index.rst | 2 +- k8s/bigchaindb/bigchaindb-dep.yaml | 43 +- k8s/bigchaindb/bigchaindb-svc.yaml | 16 + k8s/configuration/config-map.yaml | 36 ++ k8s/mongodb-backup-agent/container/Dockerfile | 19 + .../container/docker_build_and_push.bash | 5 + .../mongodb_backup_agent_entrypoint.bash | 20 + .../mongo-backup-dep.yaml | 27 ++ .../container/Dockerfile | 54 +++ .../container/docker_build_and_push.bash | 5 + .../mongodb_mon_agent_entrypoint.bash | 30 ++ .../mongo-mon-dep.yaml | 38 ++ k8s/mongodb/container/Dockerfile | 2 +- k8s/mongodb/container/Makefile | 2 +- k8s/mongodb/mongo-cm.yaml | 13 - k8s/mongodb/mongo-ss.yaml | 32 +- k8s/mongodb/mongo-svc.yaml | 16 + k8s/nginx-3scale/nginx-3scale-cm.yaml | 13 - k8s/nginx-3scale/nginx-3scale-dep.yaml | 4 +- k8s/nginx/container/README.md | 11 +- k8s/nginx/container/nginx.conf.template | 29 +- k8s/nginx/container/nginx_entrypoint.bash | 5 +- k8s/nginx/nginx-cm.yaml | 13 - k8s/nginx/nginx-dep.yaml | 45 +- k8s/nginx/nginx-svc.yaml | 24 + k8s/toolbox/Dockerfile | 11 +- k8s/toolbox/README.md | 2 + 28 files changed, 817 insertions(+), 155 deletions(-) create mode 100644 docs/server/source/cloud-deployment-templates/first-node.rst create mode 100644 k8s/bigchaindb/bigchaindb-svc.yaml create mode 100644 k8s/configuration/config-map.yaml create mode 100644 k8s/mongodb-backup-agent/container/Dockerfile create mode 100755 k8s/mongodb-backup-agent/container/docker_build_and_push.bash create mode 100755 k8s/mongodb-backup-agent/container/mongodb_backup_agent_entrypoint.bash create mode 100644 k8s/mongodb-backup-agent/mongo-backup-dep.yaml create mode 100644 k8s/mongodb-monitoring-agent/container/Dockerfile create mode 100755 k8s/mongodb-monitoring-agent/container/docker_build_and_push.bash create mode 100755 k8s/mongodb-monitoring-agent/container/mongodb_mon_agent_entrypoint.bash create mode 100644 k8s/mongodb-monitoring-agent/mongo-mon-dep.yaml delete mode 100644 k8s/mongodb/mongo-cm.yaml create mode 100644 k8s/mongodb/mongo-svc.yaml delete mode 100644 k8s/nginx-3scale/nginx-3scale-cm.yaml delete mode 100644 k8s/nginx/nginx-cm.yaml create mode 100644 k8s/nginx/nginx-svc.yaml diff --git a/docs/server/source/cloud-deployment-templates/first-node.rst b/docs/server/source/cloud-deployment-templates/first-node.rst new file mode 100644 index 00000000..06b3843b --- /dev/null +++ b/docs/server/source/cloud-deployment-templates/first-node.rst @@ -0,0 +1,455 @@ +First Node or Bootstrap Node Setup +================================== + +This document is a work in progress and will evolve over time to include +security, websocket and other settings. + +Step 1: Set Up the Cluster +-------------------------- + + .. code:: bash + + az group create --name bdb-test-cluster-0 --location westeurope --debug -- output json + + az acs create --name k8s-bdb-test-cluster-0 \ + --resource-group bdb-test-cluster-0 \ + --master-count 3 \ + --agent-count 2 \ + --admin-username ubuntu \ + --agent-vm-size Standard_D2_v2 \ + --dns-prefix k8s-bdb-test-cluster-0 \ + --ssh-key-value ~/.ssh/ \ + --orchestrator-type kubernetes \ + --debug --output json + + az acs kubernetes get-credentials \ + --resource-group bdb-test-cluster-0 \ + --name k8s-bdb-test-cluster-0 \ + --debug --output json + + echo -e "Host k8s-bdb-test-cluster-0.westeurope.cloudapp.azure.com\n ForwardAgent yes" >> ~/.ssh/config + + ssh ubuntu@k8s-bdb-test-cluster-0.westeurope.cloudapp.azure.com + + +Step 2: Connect to the Cluster UI - (optional) +---------------------------------------------- + + * Get the kubectl context for this cluster using ``kubectl config view``. + + * For the above commands, the context would be ``k8s-bdb-test-cluster-0``. + + .. code:: bash + + kubectl --context k8s-bdb-test-cluster-0 proxy -p 8001 + +Step 3. Configure the Cluster +----------------------------- + + * Use the ConfigMap in ``configuration/config-map.yaml`` file for configuring + the cluster. + + * Log in the the MongoDB Cloud Manager and select the group that will monitor + and backup this cluster from the dropdown box. + + * Go to Settings, Group Settings and copy the ``Agent Api Key``. + + * Replace the ```` field with this key. + + * Since this is the first node of the cluster, ensure that the ``data.fqdn`` + field has the value ``mdb-instance-0``. + + * We only support the value ``all`` in the ``data.allowed-hosts`` field for now. + + * Create the ConfigMap + + .. code:: bash + + kubectl --context k8s-bdb-test-cluster-0 apply -f configuration/config-map.yaml + +Step 4. Start the NGINX Service +------------------------------- + + * This will will give us a public IP for the cluster. + + * Once you complete this step, you might need to wait up to 10 mins for the + public IP to be assigned. + + * You have the option to use vanilla NGINX or an OpenResty NGINX integrated + with 3scale API Gateway. + + +Step 4.1. Vanilla NGINX +^^^^^^^^^^^^^^^^^^^^^^^ + + * This configuration is located in the file ``nginx/nginx-svc.yaml``. + + * Since this is the first node, rename ``metadata.name`` and ``metadata.labels.name`` + to ``ngx-instance-0``, and ``spec.selector.app`` to ``ngx-instance-0-dep``. + + * Start the Kubernetes Service: + + .. code:: bash + + kubectl --context k8s-bdb-test-cluster-0 apply -f nginx/nginx-svc.yaml + + +Step 4.2. OpenResty NGINX + 3scale +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * You have to enable HTTPS for this one and will need an HTTPS certificate + for your domain + + * Assuming that the public key chain is named ``cert.pem`` and private key is + ``cert.key``, run the following commands to encode the certificates into + single continuous string that can be embedded in yaml. + + .. code:: bash + + cat cert.pem | base64 -w 0 > cert.pem.b64 + + cat cert.key | base64 -w 0 > cert.key.b64 + + + * Copy the contents of ``cert.pem.b64`` in the ``cert.pem`` field, and the + contents of ``cert.key.b64`` in the ``cert.key`` field in the file + ``nginx-3scale/nginx-3scale-secret.yaml`` + + * Create the Kubernetes Secret: + + .. code:: bash + + kubectl --context k8s-bdb-test-cluster-0 apply -f nginx-3scale/nginx-3scale-secret.yaml + + * Since this is the first node, rename ``metadata.name`` and ``metadata.labels.name`` + to ``ngx-instance-0``, and ``spec.selector.app`` to ``ngx-instance-0-dep`` in + ``nginx-3scale/nginx-3scale-svc.yaml`` file. + + * Start the Kubernetes Service: + + .. code:: bash + + kubectl --context k8s-bdb-test-cluster-0 apply -f nginx-3scale/nginx-3scale-svc.yaml + + +Step 5. Assign DNS Name to the NGINX Public IP +---------------------------------------------- + + * The following command can help you find out if the nginx service strated above + has been assigned a public IP or external IP address: + + .. code:: bash + + kubectl --context k8s-bdb-test-cluster-0 get svc -w + + * Once a public IP is assigned, you can log in to the Azure portal and map it to + a DNS name. + + * We usually start with bdb-test-cluster-0, bdb-test-cluster-1 and so on. + + * Let us assume that we assigned the unique name of ``bdb-test-cluster-0`` here. + + +Step 6. Start the Mongo Kubernetes Service +------------------------------------------ + + * Change ``metadata.name`` and ``metadata.labels.name`` to + ``mdb-instance-0``, and ``spec.selector.app`` to ``mdb-instance-0-ss``. + + .. code:: bash + + kubectl --context k8s-bdb-test-cluster-0 apply -f mongodb/mongo-svc.yaml + + +Step 7. Start the BigchainDB Kubernetes Service +----------------------------------------------- + + * Change ``metadata.name`` and ``metadata.labels.name`` to + ``bdb-instance-0``, and ``spec.selector.app`` to ``bdb-instance-0-dep``. + + .. code:: bash + + kubectl --context k8s-bdb-test-cluster-0 apply -f bigchaindb/bigchaindb-svc.yaml + + +Step 8. Start the NGINX Kubernetes Deployment +--------------------------------------------- + + * As in step 4, you have the option to use vanilla NGINX or an OpenResty NGINX + integrated with 3scale API Gateway. + +Step 8.1. Vanilla NGINX +^^^^^^^^^^^^^^^^^^^^^^^ + + * This configuration is located in the file ``nginx/nginx-dep.yaml``. + + * Since this is the first node, change the ``metadata.name`` and + ``spec.template.metadata.labels.app`` to ``ngx-instance-0-dep``. + + * Set ``MONGODB_BACKEND_HOST`` env var to + ``mdb-instance-0.default.svc.cluster.local``. + + * Set ``BIGCHAINDB_BACKEND_HOST`` env var to + ``bdb-instance-0.default.svc.cluster.local``. + + * Set ``MONGODB_FRONTEND_PORT`` to + ``$(NGX_INSTANCE_0_SERVICE_PORT_NGX_PUBLIC_MDB_PORT)``. + + * Set ``BIGCHAINDB_FRONTEND_PORT`` to + ``$(NGX_INSTANCE_0_SERVICE_PORT_NGX_PUBLIC_BDB_PORT)``. + + .. code:: bash + + kubectl --context k8s-bdb-test-cluster-0 apply -f nginx/nginx-dep.yaml + +Step 8.2. OpenResty NGINX + 3scale +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * This configuration is located in the file + ``nginx-3scale/nginx-3scale-dep.yaml``. + + * Since this is the first node, change the metadata.name and + spec.template.metadata.labels.app to ``ngx-instance-0-dep``. + + * Set ``MONGODB_BACKEND_HOST`` env var to + ``mdb-instance-0.default.svc.cluster.local``. + + * Set ``BIGCHAINDB_BACKEND_HOST`` env var to + ``bdb-instance-0.default.svc.cluster.local``. + + * Set ``MONGODB_FRONTEND_PORT`` to + ``$(NGX_INSTANCE_0_SERVICE_PORT_NGX_PUBLIC_MDB_PORT)``. + + * Set ``BIGCHAINDB_FRONTEND_PORT`` to + ``$(NGX_INSTANCE_0_SERVICE_PORT_NGX_PUBLIC_BDB_PORT)``. + + * Also, replace the placeholder strings for the env vars with the values + obtained from 3scale. You will need the Secret Token, Service ID, Version Header + and Provider Key from 3scale. + + * The ``THREESCALE_FRONTEND_API_DNS_NAME`` will be DNS name registered for your + HTTPS certificate. + + * You can set the ``THREESCALE_UPSTREAM_API_PORT`` to any port other than 9984, + 9985, 443, 8888 and 27017. We usually use port ``9999``. + + .. code:: bash + + kubectl --context k8s-bdb-test-cluster-0 apply -f nginx-3scale/nginx-3scale-dep.yaml + + +Step 9. Create a Kubernetes Storage Class for MongoDB +----------------------------------------------------- + + .. code:: bash + + kubectl --context k8s-bdb-test-cluster-0 apply -f mongodb/mongo-sc.yaml + + +Step 10. Create a Kubernetes PersistentVolumeClaim +-------------------------------------------------- + + .. code:: bash + + kubectl --context k8s-bdb-test-cluster-0 apply -f mongodb/mongo-pvc.yaml + + +Step 11. Start a Kubernetes StatefulSet for MongoDB +--------------------------------------------------- + + * Change ``spec.serviceName`` to ``mdb-instance-0``. + + * Change the ``metadata.name``, ``template.metadata.name`` and + ``template.metadata.labels.app`` to ``mdb-instance-0-ss``. + + * It might take up to 10 minutes for the disks to be created and attached to + the pod. + + * The UI might show that the pod has errored with the + message "timeout expired waiting for volumes to attach/mount". + + * Use the CLI below to check the status of the pod in this case, + instead of the UI. This happens due to a bug in Azure ACS. + + .. code:: bash + + kubectl --context k8s-bdb-test-cluster-0 apply -f mongodb/mongo-ss.yaml + + * You can check the status of the pod using the command: + + .. code:: bash + + kubectl --context k8s-bdb-test-cluster-0 get po -w + + +Step 12. Start a Kubernetes Deployment for Bigchaindb +----------------------------------------------------- + + * Change both ``metadata.name`` and ``spec.template.metadata.labels.app`` + to ``bdb-instance-0-dep``. + + * Set ``BIGCHAINDB_DATABASE_HOST`` to ``mdb-instance-0``. + + * Set the appropriate ``BIGCHAINDB_KEYPAIR_PUBLIC``, + ``BIGCHAINDB_KEYPAIR_PRIVATE`` values. + + * One way to generate BigchainDB keypair is to run a Python shell with + the command + ``from bigchaindb_driver import crypto; crypto.generate_keypair()``. + + .. code:: bash + + kubectl --context k8s-bdb-test-cluster-0 apply -f bigchaindb/bigchaindb-dep.yaml + + +Step 13. Start a Kubernetes Deployment for MongoDB Monitoring Agent +------------------------------------------------------------------- + + * Change both metadata.name and spec.template.metadata.labels.app to + ``mdb-mon-instance-0-dep``. + + .. code:: bash + + kubectl --context k8s-bdb-test-cluster-0 apply -f mongodb-monitoring-agent/mongo-mon-dep.yaml + + * Get the pod name and check its logs: + + .. code:: bash + + kubectl --context k8s-bdb-test-cluster-0 get po + + kubectl --context k8s-bdb-test-cluster-0 logs -f + + +Step 14. Configure MongoDB Cloud Manager for Monitoring +------------------------------------------------------- + + * Open `MongoDB Cloud Manager `_. + + * Click ``Login`` under ``MongoDB Cloud Manager`` and log in to the Cloud Manager. + + * Select the group from the dropdown box on the page. + + * Go to Settings, Group Settings and add a Preferred Hostnames regexp as + ``^mdb-instance-[0-9]{1,2}$``. It may take up to 5 mins till this setting + is in effect. You may refresh the browser window and verify whether the changes + have been saved or not. + + * Next, click the ``Deployment`` tab, and then the ``Manage Existing`` button. + + * On the ``Import your deployment for monitoring`` page, enter the hostname as + ``mdb-instance-0``, port number as ``27017``, with no authentication and no + TLS/SSL settings. + + * Once the deployment is found, click the ``Continue`` button. + This may take about a minute or two. + + * Do not add ``Automation Agent`` when given an option to add it. + + * Verify on the UI that data is being by the monitoring agent. + + +Step 15. Start a Kubernetes Deployment for MongoDB Backup Agent +--------------------------------------------------------------- + + * Change both ``metadata.name`` and ``spec.template.metadata.labels.app`` + to ``mdb-backup-instance-0-dep``. + + .. code:: bash + + kubectl --context k8s-bdb-test-cluster-0 apply -f mongodb-backup-agent/mongo-backup-dep.yaml + + * Get the pod name and check its logs: + + .. code:: bash + + kubectl --context k8s-bdb-test-cluster-0 get po + + kubectl --context k8s-bdb-test-cluster-0 logs -f + + +Step 16. Configure MongoDB Cloud Manager for Backup +--------------------------------------------------- + + * Open `MongoDB Cloud Manager `_. + + * Click ``Login`` under ``MongoDB Cloud Manager`` and log in to the Cloud + Manager. + + * Select the group from the dropdown box on the page. + + * Click ``Backup`` tab. + + * Click on the ``Begin Setup`` after the replica set name at the bottom of + the page. + + * Click on ``Next``, select the replica set from the dropdown menu. + + * Verify the details of your MongoDB instance and click on ``Start`` again. + + * It might take up to 5 minutes to start the backup process. + + * Verify that data is being backed up on the UI. + + +Step 17. Verify that the Cluster is Correctly Set Up +---------------------------------------------------- + + * Start the toolbox container in the cluster + + .. code:: bash + + kubectl --context k8s-bdb-test-cluster-0 \ + run -it toolbox \ + --image bigchaindb/toolbox \ + --image-pull-policy=Always \ + --restart=Never --rm + + * Verify MongoDB instance + + .. code:: bash + + nslookup mdb-instance-0 + + dig +noall +answer _mdb-port._tcp.mdb-instance-0.default.svc.cluster.local SRV + + curl -X GET http://mdb-instance-0:27017 + + * Verify BigchainDB instance + + .. code:: bash + + nslookup bdb-instance-0 + + dig +noall +answer _bdb-port._tcp.bdb-instance-0.default.svc.cluster.local SRV + + curl -X GET http://bdb-instance-0:9984 + + * Verify NGINX instance + + .. code:: bash + + nslookup ngx-instance-0 + + dig +noall +answer _ngx-public-mdb-port._tcp.ngx-instance-0.default.svc.cluster.local SRV + + curl -X GET http://ngx-instance-0:27017 # results in curl: (56) Recv failure: Connection reset by peer + + dig +noall +answer _ngx-public-bdb-port._tcp.ngx-instance-0.default.svc.cluster.local SRV + + * If you have run the vanilla NGINX instance, run + + .. code:: bash + + curl -X GET http://ngx-instance-0:80 + + * If you have the OpenResty NGINX + 3scale instance, run + + .. code:: bash + + curl -X GET http://ngx-instance-0:443 + + * Check the MongoDB monitoring and backup agent on the MOngoDB Coud Manager portal to verify they are working fine. + + * Send some transactions to BigchainDB and verify it's up and running! + diff --git a/docs/server/source/cloud-deployment-templates/index.rst b/docs/server/source/cloud-deployment-templates/index.rst index 28ac7923..d5b60a0e 100644 --- a/docs/server/source/cloud-deployment-templates/index.rst +++ b/docs/server/source/cloud-deployment-templates/index.rst @@ -17,4 +17,4 @@ If you find the cloud deployment templates for nodes helpful, then you may also node-on-kubernetes add-node-on-kubernetes upgrade-on-kubernetes - \ No newline at end of file + first-node diff --git a/k8s/bigchaindb/bigchaindb-dep.yaml b/k8s/bigchaindb/bigchaindb-dep.yaml index 83daaaaf..b8550249 100644 --- a/k8s/bigchaindb/bigchaindb-dep.yaml +++ b/k8s/bigchaindb/bigchaindb-dep.yaml @@ -1,49 +1,31 @@ ############################################################### -# This config file runs bigchaindb:master as a k8s Deployment # +# This config file runs bigchaindb:0.10.1 as a k8s Deployment # # and it connects to the mongodb backend running as a # # separate pod # ############################################################### -apiVersion: v1 -kind: Service -metadata: - name: bdb-svc - namespace: default - labels: - name: bdb-svc -spec: - selector: - app: bdb-dep - ports: - - port: 9984 - targetPort: 9984 - name: bdb-port - type: ClusterIP - clusterIP: None ---- apiVersion: extensions/v1beta1 kind: Deployment metadata: - name: bdb-dep + name: bdb-instance-0-dep spec: replicas: 1 template: metadata: labels: - app: bdb-dep + app: bdb-instance-0-dep spec: terminationGracePeriodSeconds: 10 containers: - name: bigchaindb - image: bigchaindb/bigchaindb:master + image: bigchaindb/bigchaindb:0.10.1 imagePullPolicy: IfNotPresent args: - start env: - name: BIGCHAINDB_DATABASE_HOST - value: mdb-svc + value: mdb-instance-0 - name: BIGCHAINDB_DATABASE_PORT - # TODO(Krish): remove hardcoded port value: "27017" - name: BIGCHAINDB_DATABASE_REPLICASET value: bigchain-rs @@ -54,13 +36,20 @@ spec: - name: BIGCHAINDB_SERVER_BIND value: 0.0.0.0:9984 - name: BIGCHAINDB_KEYPAIR_PUBLIC - value: EEWUAhsk94ZUHhVw7qx9oZiXYDAWc9cRz93eMrsTG4kZ + value: "" - name: BIGCHAINDB_KEYPAIR_PRIVATE - value: 3CjmRhu718gT1Wkba3LfdqX5pfYuBdaMPLd7ENUga5dm + value: "" - name: BIGCHAINDB_BACKLOG_REASSIGN_DELAY value: "120" - - name: BIGCHAINDB_KEYRING - value: "" + - name: BIGCHAINDB_DATABASE_MAXTRIES + value: "3" + - name: BIGCHAINDB_DATABASE_CONNECTION_TIMEOUT + value: "120" + - name: BIGCHAINDB_LOG_LEVEL_CONSOLE + value: debug + # The following env var is not required for the bootstrap/first node + #- name: BIGCHAINDB_KEYRING + # value: "" ports: - containerPort: 9984 hostPort: 9984 diff --git a/k8s/bigchaindb/bigchaindb-svc.yaml b/k8s/bigchaindb/bigchaindb-svc.yaml new file mode 100644 index 00000000..9927a92d --- /dev/null +++ b/k8s/bigchaindb/bigchaindb-svc.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: bdb-instance-0 + namespace: default + labels: + name: bdb-instance-0 +spec: + selector: + app: bdb-instance-0-dep + ports: + - port: 9984 + targetPort: 9984 + name: bdb-port + type: ClusterIP + clusterIP: None diff --git a/k8s/configuration/config-map.yaml b/k8s/configuration/config-map.yaml new file mode 100644 index 00000000..1c04dbf7 --- /dev/null +++ b/k8s/configuration/config-map.yaml @@ -0,0 +1,36 @@ +####################################################### +# This YAML file desribes a ConfigMap for the cluster # +####################################################### + +apiVersion: v1 +kind: ConfigMap +metadata: + name: mdb-mon + namespace: default +data: + api-key: "" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: mdb-backup + namespace: default +data: + api-key: "" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: mdb-fqdn + namespace: default +data: + fqdn: mdb-instance-0 +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: mongodb-whitelist + namespace: default +data: + allowed-hosts: "all" + diff --git a/k8s/mongodb-backup-agent/container/Dockerfile b/k8s/mongodb-backup-agent/container/Dockerfile new file mode 100644 index 00000000..8407fb09 --- /dev/null +++ b/k8s/mongodb-backup-agent/container/Dockerfile @@ -0,0 +1,19 @@ +FROM ubuntu:xenial +LABEL maintainer "dev@bigchaindb.com" +ARG DEBIAN_FRONTEND=noninteractive +ARG DEB_FILE=mongodb-mms-backup-agent_latest_amd64.ubuntu1604.deb +ARG FILE_URL="https://cloud.mongodb.com/download/agent/backup/"$DEB_FILE +WORKDIR / +RUN apt update \ + && apt -y upgrade \ + && apt -y install --no-install-recommends curl ca-certificates logrotate \ + libsasl2-2 \ + && curl -OL $FILE_URL \ + && dpkg -i $DEB_FILE \ + && rm -f $DEB_FILE \ + && apt -y purge curl \ + && apt -y autoremove \ + && apt clean +COPY mongodb_backup_agent_entrypoint.bash / +RUN chown -R mongodb-mms-agent:mongodb-mms-agent /etc/mongodb-mms/ +ENTRYPOINT ["/mongodb_backup_agent_entrypoint.bash"] diff --git a/k8s/mongodb-backup-agent/container/docker_build_and_push.bash b/k8s/mongodb-backup-agent/container/docker_build_and_push.bash new file mode 100755 index 00000000..e57e58a1 --- /dev/null +++ b/k8s/mongodb-backup-agent/container/docker_build_and_push.bash @@ -0,0 +1,5 @@ +#!/bin/bash + +docker build -t bigchaindb/mongodb-backup-agent:1.0 . + +docker push bigchaindb/mongodb-backup-agent:1.0 diff --git a/k8s/mongodb-backup-agent/container/mongodb_backup_agent_entrypoint.bash b/k8s/mongodb-backup-agent/container/mongodb_backup_agent_entrypoint.bash new file mode 100755 index 00000000..3eb20633 --- /dev/null +++ b/k8s/mongodb-backup-agent/container/mongodb_backup_agent_entrypoint.bash @@ -0,0 +1,20 @@ +#!/bin/bash + +set -euo pipefail + +MONGODB_BACKUP_CONF_FILE=/etc/mongodb-mms/backup-agent.config + +mms_api_key=`printenv MMS_API_KEY` + +if [[ -z "${mms_api_key}" ]]; then + echo "Invalid environment settings detected. Exiting!" + exit 1 +fi + +sed -i '/mmsApiKey/d' $MONGODB_BACKUP_CONF_FILE + +echo "mmsApiKey="${mms_api_key} >> $MONGODB_BACKUP_CONF_FILE + +echo "INFO: starting mdb backup..." +exec mongodb-mms-backup-agent \ + -c $MONGODB_BACKUP_CONF_FILE diff --git a/k8s/mongodb-backup-agent/mongo-backup-dep.yaml b/k8s/mongodb-backup-agent/mongo-backup-dep.yaml new file mode 100644 index 00000000..b3d5a9ec --- /dev/null +++ b/k8s/mongodb-backup-agent/mongo-backup-dep.yaml @@ -0,0 +1,27 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: mdb-backup-instance-0-dep +spec: + replicas: 1 + template: + metadata: + labels: + app: mdb-backup-instance-0-dep + spec: + terminationGracePeriodSeconds: 10 + containers: + - name: mdb-backup + image: bigchaindb/mongodb-backup-agent:1.0 + imagePullPolicy: Always + env: + - name: MMS_API_KEY + valueFrom: + configMapKeyRef: + name: mdb-backup + key: api-key + resources: + limits: + cpu: 200m + memory: 768Mi + restartPolicy: Always diff --git a/k8s/mongodb-monitoring-agent/container/Dockerfile b/k8s/mongodb-monitoring-agent/container/Dockerfile new file mode 100644 index 00000000..ec6496d8 --- /dev/null +++ b/k8s/mongodb-monitoring-agent/container/Dockerfile @@ -0,0 +1,54 @@ +# Dockerfile for MongoDB Monitoring Agent +# Use it to create bigchaindb/mongodb-monitoring-agent +# on Docker Hub. + +# "Never install the Monitoring Agent on the same server as a data bearing mongod instance." +# More help: +# https://docs.cloudmanager.mongodb.com/tutorial/install-monitoring-agent-with-deb-package/ + +FROM ubuntu:xenial +LABEL maintainer "dev@bigchaindb.com" +# Using ARG, one can set DEBIAN_FRONTEND=noninteractive and others +# just for the duration of the build: +ARG DEBIAN_FRONTEND=noninteractive +ARG DEB_FILE=mongodb-mms-monitoring-agent_latest_amd64.ubuntu1604.deb +ARG FILE_URL="https://cloud.mongodb.com/download/agent/monitoring/"$DEB_FILE + +# Download the Monitoring Agent as a .deb package and install it +WORKDIR / +RUN apt update \ + && apt -y upgrade \ + && apt -y install --no-install-recommends curl ca-certificates logrotate \ + libsasl2-2 \ + && curl -OL $FILE_URL \ + && dpkg -i $DEB_FILE \ + && rm -f $DEB_FILE \ + && apt -y purge curl \ + && apt -y autoremove \ + && apt clean + +# The above installation puts a default config file in +# /etc/mongodb-mms/monitoring-agent.config +# It should contain a line like: "mmsApiKey=" +# i.e. with no value specified. +# We need to set that value to the "agent API key" value from Cloud Manager, +# but of course that value varies from user to user, +# so we can't hard-code it into the Docker image. + +# Kubernetes can set an MMS_API_KEY environment variable +# in the container +# (including from Secrets or ConfigMaps) +# An entrypoint bash script can then use the value of MMS_API_KEY +# to write the mmsApiKey value in the config file +# /etc/mongodb-mms/monitoring-agent.config +# before running the MongoDB Monitoring Agent. + +# The MongoDB Monitoring Agent has other +# config settings besides mmsApiKey, +# but it's the only one that *must* be set. See: +# https://docs.cloudmanager.mongodb.com/reference/monitoring-agent/ + +COPY mongodb_mon_agent_entrypoint.bash / +RUN chown -R mongodb-mms-agent:mongodb-mms-agent /etc/mongodb-mms/ +#USER mongodb-mms-agent - BUG(Krish) Uncomment after tests are complete +ENTRYPOINT ["/mongodb_mon_agent_entrypoint.bash"] diff --git a/k8s/mongodb-monitoring-agent/container/docker_build_and_push.bash b/k8s/mongodb-monitoring-agent/container/docker_build_and_push.bash new file mode 100755 index 00000000..d2219b08 --- /dev/null +++ b/k8s/mongodb-monitoring-agent/container/docker_build_and_push.bash @@ -0,0 +1,5 @@ +#!/bin/bash + +docker build -t bigchaindb/mongodb-monitoring-agent:1.0 . + +docker push bigchaindb/mongodb-monitoring-agent:1.0 diff --git a/k8s/mongodb-monitoring-agent/container/mongodb_mon_agent_entrypoint.bash b/k8s/mongodb-monitoring-agent/container/mongodb_mon_agent_entrypoint.bash new file mode 100755 index 00000000..6454c729 --- /dev/null +++ b/k8s/mongodb-monitoring-agent/container/mongodb_mon_agent_entrypoint.bash @@ -0,0 +1,30 @@ +#!/bin/bash + +set -euo pipefail +# -e Abort at the first failed line (i.e. if exit status is not 0) +# -u Abort when undefined variable is used +# -o pipefail (Bash-only) Piped commands return the status +# of the last failed command, rather than the status of the last command + +MONGODB_MON_CONF_FILE=/etc/mongodb-mms/monitoring-agent.config + +mms_api_key=`printenv MMS_API_KEY` + +if [[ -z "${mms_api_key}" ]]; then + echo "Invalid environment settings detected. Exiting!" + exit 1 +fi + +# Delete all lines containing "mmsApiKey" in the MongoDB Monitoring Agent +# config file /etc/mongodb-mms/monitoring-agent.config +sed -i '/mmsApiKey/d' $MONGODB_MON_CONF_FILE + +# Append a new line of the form +# mmsApiKey=value_of_MMS_API_KEY +echo "mmsApiKey="${mms_api_key} >> $MONGODB_MON_CONF_FILE + +# start mdb monitoring agent +echo "INFO: starting mdb monitor..." +exec mongodb-mms-monitoring-agent \ + --conf $MONGODB_MON_CONF_FILE \ + --loglevel debug diff --git a/k8s/mongodb-monitoring-agent/mongo-mon-dep.yaml b/k8s/mongodb-monitoring-agent/mongo-mon-dep.yaml new file mode 100644 index 00000000..98abe92b --- /dev/null +++ b/k8s/mongodb-monitoring-agent/mongo-mon-dep.yaml @@ -0,0 +1,38 @@ +############################################################ +# This config file defines a k8s Deployment for the # +# bigchaindb/mongodb-monitoring-agent:latest Docker image # +# # +# It connects to a MongoDB instance in a separate pod, # +# all remote MongoDB instances in the cluster, # +# and also to MongoDB Cloud Manager (an external service). # +# Notes: # +# MongoDB agents connect to Cloud Manager on port 443. # +############################################################ + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: mdb-mon-instance-0-dep +spec: + replicas: 1 + template: + metadata: + labels: + app: mdb-mon-instance-0-dep + spec: + terminationGracePeriodSeconds: 10 + containers: + - name: mdb-mon + image: bigchaindb/mongodb-monitoring-agent:1.0 + imagePullPolicy: Always + env: + - name: MMS_API_KEY + valueFrom: + configMapKeyRef: + name: mdb-mon + key: api-key + resources: + limits: + cpu: 200m + memory: 768Mi + restartPolicy: Always diff --git a/k8s/mongodb/container/Dockerfile b/k8s/mongodb/container/Dockerfile index 11fc80cf..e9667f95 100644 --- a/k8s/mongodb/container/Dockerfile +++ b/k8s/mongodb/container/Dockerfile @@ -1,4 +1,4 @@ -FROM mongo:3.4.2 +FROM mongo:3.4.3 LABEL maintainer "dev@bigchaindb.com" WORKDIR / RUN apt-get update \ diff --git a/k8s/mongodb/container/Makefile b/k8s/mongodb/container/Makefile index 72ec4f79..0a3779af 100644 --- a/k8s/mongodb/container/Makefile +++ b/k8s/mongodb/container/Makefile @@ -12,7 +12,7 @@ GOINSTALL=$(GOCMD) install GOFMT=gofmt -s -w DOCKER_IMAGE_NAME?=bigchaindb/mongodb -DOCKER_IMAGE_TAG?=latest +DOCKER_IMAGE_TAG?=3.4.3 PWD=$(shell pwd) BINARY_PATH=$(PWD)/mongod_entrypoint/ diff --git a/k8s/mongodb/mongo-cm.yaml b/k8s/mongodb/mongo-cm.yaml deleted file mode 100644 index bf4b4f82..00000000 --- a/k8s/mongodb/mongo-cm.yaml +++ /dev/null @@ -1,13 +0,0 @@ -##################################################################### -# This YAML file desribes a ConfigMap with the FQDN of the mongo # -# instance to be started. MongoDB instance uses the value from this # -# ConfigMap to bootstrap itself during startup. # -##################################################################### - -apiVersion: v1 -kind: ConfigMap -metadata: - name: mdb-fqdn - namespace: default -data: - fqdn: mdb-instance-0.westeurope.cloudapp.azure.com diff --git a/k8s/mongodb/mongo-ss.yaml b/k8s/mongodb/mongo-ss.yaml index 089a0a96..2f180929 100644 --- a/k8s/mongodb/mongo-ss.yaml +++ b/k8s/mongodb/mongo-ss.yaml @@ -4,45 +4,25 @@ # It depends on the configdb and db k8s pvc. # ######################################################################## -apiVersion: v1 -kind: Service -metadata: - name: mdb-svc - namespace: default - labels: - name: mdb-svc -spec: - selector: - app: mdb-ss - ports: - - port: 27017 - targetPort: 27017 - name: mdb-port - type: ClusterIP - clusterIP: None ---- apiVersion: apps/v1beta1 kind: StatefulSet metadata: - name: mdb-ss + name: mdb-instance-0-ss namespace: default spec: - serviceName: mdb-svc + serviceName: mdb-instance-0 replicas: 1 template: metadata: - name: mdb-ss + name: mdb-instance-0-ss labels: - app: mdb-ss + app: mdb-instance-0-ss spec: terminationGracePeriodSeconds: 10 containers: - name: mongodb - # TODO(FIXME): Do not use latest in production as it is harder to track - # versions during updates and rollbacks. Also, once fixed, change the - # imagePullPolicy to IfNotPresent for faster bootup - image: bigchaindb/mongodb:latest - imagePullPolicy: Always + image: bigchaindb/mongodb:3.4.3 + imagePullPolicy: IfNotPresent env: - name: MONGODB_FQDN valueFrom: diff --git a/k8s/mongodb/mongo-svc.yaml b/k8s/mongodb/mongo-svc.yaml new file mode 100644 index 00000000..2c81797a --- /dev/null +++ b/k8s/mongodb/mongo-svc.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: mdb-instance-0 + namespace: default + labels: + name: mdb-instance-0 +spec: + selector: + app: mdb-instance-0-ss + ports: + - port: 27017 + targetPort: 27017 + name: mdb-port + type: ClusterIP + clusterIP: None diff --git a/k8s/nginx-3scale/nginx-3scale-cm.yaml b/k8s/nginx-3scale/nginx-3scale-cm.yaml deleted file mode 100644 index 6f87b494..00000000 --- a/k8s/nginx-3scale/nginx-3scale-cm.yaml +++ /dev/null @@ -1,13 +0,0 @@ -############################################################################ -# This YAML file desribes a ConfigMap with a valid list of ':' separated # -# IP addresses (or 'all' for all IP addresses) that can connect to the # -# MongoDB instance. We only support the value 'all' currently. # -############################################################################ - -apiVersion: v1 -kind: ConfigMap -metadata: - name: mongodb-whitelist - namespace: default -data: - allowed-hosts: "all" diff --git a/k8s/nginx-3scale/nginx-3scale-dep.yaml b/k8s/nginx-3scale/nginx-3scale-dep.yaml index 49695315..8b1fa673 100644 --- a/k8s/nginx-3scale/nginx-3scale-dep.yaml +++ b/k8s/nginx-3scale/nginx-3scale-dep.yaml @@ -19,19 +19,21 @@ spec: terminationGracePeriodSeconds: 10 containers: - name: nginx-3scale - image: bigchaindb/nginx_3scale:0.1 + image: bigchaindb/nginx_3scale:1.0 # TODO(Krish): Change later to IfNotPresent imagePullPolicy: Always env: - name: MONGODB_FRONTEND_PORT value: $(NGX_INSTANCE_0_SERVICE_PORT_NGX_PUBLIC_MDB_PORT) - name: MONGODB_BACKEND_HOST + # NGINX requires FQDN to resolve names value: mdb-instance-0.default.svc.cluster.local - name: MONGODB_BACKEND_PORT value: "27017" - name: BIGCHAINDB_FRONTEND_PORT value: $(NGX_INSTANCE_0_SERVICE_PORT_NGX_PUBLIC_BDB_PORT) - name: BIGCHAINDB_BACKEND_HOST + # NGINX requires FQDN to resolve names value: bdb-instance-0.default.svc.cluster.local - name: BIGCHAINDB_BACKEND_PORT value: "9984" diff --git a/k8s/nginx/container/README.md b/k8s/nginx/container/README.md index 9cb44246..30f42bfe 100644 --- a/k8s/nginx/container/README.md +++ b/k8s/nginx/container/README.md @@ -22,7 +22,7 @@ ### Step 1: Build the Latest Container -Run `docker build -t bigchaindb/nginx .` from this folder. +Run `docker build -t bigchaindb/nginx: .` from this folder. Optional: Upload container to Docker Hub: `docker push bigchaindb/nginx:` @@ -38,11 +38,10 @@ docker run \ --env "MONGODB_BACKEND_HOST=" \ --env "MONGODB_BACKEND_PORT=" \ --env "BIGCHAINDB_FRONTEND_PORT=" \ ---env "BIGCHAINDB_BACKEND_HOST=" \ ---env "BIGCHAINDB_BACKEND_PORT=" \ +--env "BIGCHAINDB_BACKEND_HOST=" \ +--env "BIGCHAINDB_BACKEND_PORT=" \ --env "MONGODB_WHITELIST=    " \ +--env "DNS_SERVER=" \ --name=ngx \ --publish=: \ --publish= Date: Mon, 24 Apr 2017 10:25:15 +0200 Subject: [PATCH 283/283] Updating docs (#1433) * Include the key generation step * Fix typos in CLIs --- .../cloud-deployment-templates/first-node.rst | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/docs/server/source/cloud-deployment-templates/first-node.rst b/docs/server/source/cloud-deployment-templates/first-node.rst index 06b3843b..9130696a 100644 --- a/docs/server/source/cloud-deployment-templates/first-node.rst +++ b/docs/server/source/cloud-deployment-templates/first-node.rst @@ -9,7 +9,9 @@ Step 1: Set Up the Cluster .. code:: bash - az group create --name bdb-test-cluster-0 --location westeurope --debug -- output json + az group create --name bdb-test-cluster-0 --location westeurope --debug --output json + + ssh-keygen -t rsa -C "k8s-bdb-test-cluster-0" -f ~/.ssh/k8s-bdb-test-cluster-0 az acs create --name k8s-bdb-test-cluster-0 \ --resource-group bdb-test-cluster-0 \ @@ -18,7 +20,7 @@ Step 1: Set Up the Cluster --admin-username ubuntu \ --agent-vm-size Standard_D2_v2 \ --dns-prefix k8s-bdb-test-cluster-0 \ - --ssh-key-value ~/.ssh/ \ + --ssh-key-value ~/.ssh/k8s-bdb-test-cluster-0.pub \ --orchestrator-type kubernetes \ --debug --output json @@ -29,8 +31,6 @@ Step 1: Set Up the Cluster echo -e "Host k8s-bdb-test-cluster-0.westeurope.cloudapp.azure.com\n ForwardAgent yes" >> ~/.ssh/config - ssh ubuntu@k8s-bdb-test-cluster-0.westeurope.cloudapp.azure.com - Step 2: Connect to the Cluster UI - (optional) ---------------------------------------------- @@ -380,8 +380,7 @@ Step 16. Configure MongoDB Cloud Manager for Backup * Click ``Backup`` tab. - * Click on the ``Begin Setup`` after the replica set name at the bottom of - the page. + * Click on the ``Begin Setup``. * Click on ``Next``, select the replica set from the dropdown menu. @@ -447,7 +446,7 @@ Step 17. Verify that the Cluster is Correctly Set Up .. code:: bash - curl -X GET http://ngx-instance-0:443 + curl -X GET https://ngx-instance-0 * Check the MongoDB monitoring and backup agent on the MOngoDB Coud Manager portal to verify they are working fine.