Merge pull request #953 from skalenetwork/fix-regression-update

Add missing locking

Author: DmytroNazarenko

VERSION

@@ -1 +1 @@
-2.5.0
+2.5.1

core/schains/checks.py

@@ -17,30 +17,28 @@
 #   You should have received a copy of the GNU Affero General Public License
 #   along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
-import filecmp
 import os
-import time
 import logging
+import time
 from abc import ABC, abstractmethod
-from typing import Any, Dict
+from typing import Any, Dict, Optional
 
 from core.schains.config.directory import (
-    upstreams_for_rotation_id_version,
+    config_synced_with_upstream,
     get_schain_check_filepath,
     get_schain_config,
+    get_upstream_config_filepath,
     schain_config_dir,
-    schain_config_filepath
+    schain_config_filepath,
+    upstreams_for_rotation_id_version,
 )
 from core.schains.config.helper import (
     get_base_port_from_config,
     get_node_ips_from_config,
     get_own_ip_from_config,
     get_local_schain_http_endpoint
 )
-from core.schains.config.main import (
-    get_upstream_config_filepath,
-    get_rotation_ids_from_config_file
-)
+from core.schains.config.main import get_config_rotations_ids, get_upstream_rotation_ids
 from core.schains.dkg.utils import get_secret_key_share_filepath
 from core.schains.firewall.types import IRuleController
 from core.schains.process_manager_helper import is_monitor_process_alive
@@ -49,6 +47,7 @@
     check_endpoint_blocks,
     get_endpoint_alive_check_timeout
 )
+from core.schains.external_config import ExternalConfig, ExternalState
 from core.schains.runner import get_container_name
 from core.schains.skaled_exit_codes import SkaledExitCodes
 
@@ -113,13 +112,17 @@ def __init__(
         node_id: int,
         schain_record: SChainRecord,
         rotation_id: int,
-        stream_version: str
+        stream_version: str,
+        estate: ExternalState,
+        econfig: Optional[ExternalConfig] = None
     ):
         self.name = schain_name
         self.node_id = node_id
         self.schain_record = schain_record
         self.rotation_id = rotation_id
         self.stream_version = stream_version
+        self.estate = estate
+        self.econfig = econfig or ExternalConfig(schain_name)
 
     def get_all(self, log=True, save=False, checks_filter=None) -> Dict:
         if checks_filter:
@@ -161,11 +164,18 @@ def upstream_config(self) -> CheckRes:
             self.stream_version
         )
         logger.debug('Upstream configs for %s: %s', self.name, upstreams)
-        return len(upstreams) > 0 and self.schain_record.config_version == self.stream_version
+        return CheckRes(
+            len(upstreams) > 0 and self.schain_record.config_version == self.stream_version
+        )
 
-    def is_healthy(self) -> bool:
-        checks = self.get_all()
-        return False not in checks.values()
+    @property
+    def external_state(self) -> CheckRes:
+        actual_state = self.econfig.get()
+        logger.debug(
+            'Checking external config. Current %s. Saved %s',
+            self.estate, actual_state
+        )
+        return CheckRes(self.econfig.synced(self.estate))
 
 
 class SkaledChecks(IChecks):
@@ -175,14 +185,14 @@ def __init__(
         schain_record: SChainRecord,
         rule_controller: IRuleController,
         *,
-        ima_linked: bool = True,
+        econfig: Optional[ExternalConfig] = None,
         dutils: DockerUtils = None
     ):
         self.name = schain_name
         self.schain_record = schain_record
         self.dutils = dutils or DockerUtils()
         self.container_name = get_container_name(SCHAIN_CONTAINER, self.name)
-        self.ima_linked = ima_linked
+        self.econfig = econfig or ExternalConfig(name=schain_name)
         self.rc = rule_controller
 
     def get_all(self, log=True, save=False, checks_filter=None) -> Dict:
@@ -210,27 +220,20 @@ def upstream_exists(self) -> CheckRes:
     def rotation_id_updated(self) -> int:
         if not self.config:
             return CheckRes(False)
-        upstream_path = get_upstream_config_filepath(self.name)
-        config_path = schain_config_filepath(self.name)
-        upstream_rotations = get_rotation_ids_from_config_file(upstream_path)
-        config_rotations = get_rotation_ids_from_config_file(config_path)
+        upstream_rotations = get_upstream_rotation_ids(self.name)
+        config_rotations = get_config_rotations_ids(self.name)
         logger.debug(
-            'Comparing rotation_ids between upstream %s and %s',
-            upstream_path,
-            config_path
+            'Comparing rotation_ids. Upstream: %s. Config: %s',
+            upstream_rotations,
+            config_rotations
         )
         return CheckRes(upstream_rotations == config_rotations)
 
     @property
     def config_updated(self) -> CheckRes:
         if not self.config:
             return CheckRes(False)
-        upstream_path = get_upstream_config_filepath(self.name)
-        config_path = schain_config_filepath(self.name)
-        logger.debug('Checking if %s updated according to %s', config_path, upstream_path)
-        if not upstream_path:
-            return CheckRes(True)
-        return CheckRes(filecmp.cmp(upstream_path, config_path))
+        return CheckRes(config_synced_with_upstream(self.name))
 
     @property
     def config(self) -> CheckRes:
@@ -251,12 +254,14 @@ def firewall_rules(self) -> CheckRes:
             base_port = get_base_port_from_config(conf)
             node_ips = get_node_ips_from_config(conf)
             own_ip = get_own_ip_from_config(conf)
+            ranges = self.econfig.ranges
             self.rc.configure(
                 base_port=base_port,
                 own_ip=own_ip,
-                node_ips=node_ips
+                node_ips=node_ips,
+                sync_ip_ranges=ranges
             )
-            logger.info(f'Rule controller {self.rc.expected_rules()}')
+            logger.debug(f'Rule controller {self.rc.expected_rules()}')
             return CheckRes(self.rc.is_rules_synced())
         return CheckRes(False)
 
@@ -277,6 +282,8 @@ def exit_code_ok(self) -> CheckRes:
     @property
     def ima_container(self) -> CheckRes:
         """Checks that IMA container is running"""
+        if not self.econfig.ima_linked:
+            return CheckRes(True)
         name = get_container_name(IMA_CONTAINER, self.name)
         return CheckRes(self.dutils.is_container_running(name))
 
@@ -314,9 +321,10 @@ def __init__(
         schain_record: SChainRecord,
         rule_controller: IRuleController,
         stream_version: str,
+        estate: ExternalState,
         rotation_id: int = 0,
         *,
-        ima_linked: bool = True,
+        econfig: Optional[ExternalConfig] = None,
         dutils: DockerUtils = None
     ):
         self._subjects = [
@@ -325,13 +333,15 @@ def __init__(
                 node_id=node_id,
                 schain_record=schain_record,
                 rotation_id=rotation_id,
-                stream_version=stream_version
+                stream_version=stream_version,
+                estate=estate,
+                econfig=econfig
             ),
             SkaledChecks(
                 schain_name=schain_name,
                 schain_record=schain_record,
                 rule_controller=rule_controller,
-                ima_linked=ima_linked,
+                econfig=econfig,
                 dutils=dutils
             )
         ]
@@ -354,17 +364,16 @@ def get_all(self, log=True, save=False, checks_filter=None):
                 checks_filter=checks_filter
             )
             plain_checks.update(subj_checks)
+        if not self.estate.ima_linked:
+            if 'ima_container' in plain_checks:
+                del plain_checks['ima_container']
 
         if log:
             log_checks_dict(self.name, plain_checks)
         if save:
             save_checks_dict(self.name, plain_checks)
         return plain_checks
 
-    def is_healthy(self):
-        checks = self.get_all()
-        return False not in checks.values()
-
 
 def save_checks_dict(schain_name, checks_dict):
     schain_check_path = get_schain_check_filepath(schain_name)

core/schains/cleaner.py

@@ -37,6 +37,7 @@
 )
 from core.schains.process_manager_helper import terminate_schain_process
 from core.schains.runner import get_container_name, is_exited
+from core.schains.external_config import ExternalConfig
 from core.schains.types import ContainerType
 from core.schains.firewall.utils import get_sync_agent_ranges
 
@@ -45,7 +46,6 @@
 from tools.configs.containers import (
     SCHAIN_CONTAINER, IMA_CONTAINER, SCHAIN_STOP_TIMEOUT
 )
-from tools.configs.ima import DISABLE_IMA
 from tools.docker_utils import DockerUtils
 from tools.helper import merged_unique, read_json, is_node_part_of_chain
 from tools.sgx_utils import SGX_SERVER_URL
@@ -205,16 +205,25 @@ def remove_schain(skale, node_id, schain_name, msg, dutils=None) -> None:
     sync_agent_ranges = get_sync_agent_ranges(skale)
     rotation_data = skale.node_rotation.get_rotation(schain_name)
     rotation_id = rotation_data['rotation_id']
+    estate = ExternalConfig(name=schain_name).get()
     cleanup_schain(
         node_id,
         schain_name,
         sync_agent_ranges,
         rotation_id=rotation_id,
+        estate=estate,
         dutils=dutils
     )
 
 
-def cleanup_schain(node_id, schain_name, sync_agent_ranges, rotation_id, dutils=None) -> None:
+def cleanup_schain(
+    node_id,
+    schain_name,
+    sync_agent_ranges,
+    rotation_id,
+    estate,
+    dutils=None
+) -> None:
     dutils = dutils or DockerUtils()
     schain_record = upsert_schain_record(schain_name)
 
@@ -229,7 +238,8 @@ def cleanup_schain(node_id, schain_name, sync_agent_ranges, rotation_id, dutils=
         rule_controller=rc,
         stream_version=stream_version,
         schain_record=schain_record,
-        rotation_id=rotation_id
+        rotation_id=rotation_id,
+        estate=estate
     )
     if checks.skaled_container.status or is_exited(
         schain_name,
@@ -246,7 +256,7 @@ def cleanup_schain(node_id, schain_name, sync_agent_ranges, rotation_id, dutils=
             node_ips = get_node_ips_from_config(conf)
             rc.configure(base_port=base_port, own_ip=own_ip, node_ips=node_ips)
             rc.cleanup()
-    if not DISABLE_IMA:
+    if estate.ima_linked:
         if checks.ima_container.status or is_exited(
             schain_name,
             container_type=ContainerType.ima,

core/schains/cmd.py

@@ -28,16 +28,16 @@
 
 def get_schain_container_cmd(
     schain_name: str,
-    public_key: str = None,
     start_ts: int = None,
+    download_snapshot: bool = False,
     enable_ssl: bool = True,
     snapshot_from: str = ''
 ) -> str:
     """Returns parameters that will be passed to skaled binary in the sChain container"""
     opts = get_schain_container_base_opts(schain_name, enable_ssl=enable_ssl)
     if snapshot_from:
         opts.extend(['--no-snapshot-majority', snapshot_from])
-    if public_key:
+    if download_snapshot:
         sync_opts = get_schain_container_sync_opts(start_ts)
         opts.extend(sync_opts)
     return ' '.join(opts)