Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unseal #181

Merged
merged 40 commits into from
Sep 16, 2024
Merged

Unseal #181

merged 40 commits into from
Sep 16, 2024

Conversation

magik6k
Copy link
Collaborator

@magik6k magik6k commented Aug 29, 2024
edited
Loading

tldr

This PR adds an unseal pipeline along with a simple tagging system on sectors which allows SPs to specify the desired sector unseal state.

Sector target-unseal mark

Sectors now have a target_unseal_state marker which has 3 states:

  • none (default) - don't do anything relating to the unsealed file. If it's there don't remove, if it's not there don't unseal
  • false - mark for GC when it appears in storage (only removes after the GC mark is separately approved)
  • true - currently, when the value flips from other state to true AND the unsealed file isn't present in storage an entry for the sector will be added to the unseal pipeline
    • Eventually there will be a separate mechanism monitoring storage for missing unsealed files that might be able to perform recovery, but for now to avoid triggering accidental unseals when some storage gets disconnected temporary from the cluster, unseals only get scheduled on target state change.

Unseal Pipeline

The unseal pipeline is vastly more robust than unseal requests in lotus-miner ever were, and at the same time much simpler. There are only two tasks:

  • SDRKeyRegen - creates sector key on an SDR worker
    • This key is stored in scratch space
    • Only the key (last layer) is kept on-disk after the compute is done
  • UnsealDecode - gets (potentially remote) streams of the sector key and sealed data, and outputs unsealed data straight to long-term-storage
    • This handles both snap and sdr unseal. Both decode processes appear to be fast enough to run even on quite under-powered storage machines
    • After this step is done the sector key is removed from scratch space

Tools

Some tools added in this PR:

  • curio unseal info - outputs most relevant information about unsealed sector data
    2024-09-05-015827_640x234_scrot

  • curio unseal list-sectors - very basic aggregate output dumping the unseal pipeline state + target unseal states, output is not pretty but enough for visibility
    2024-09-05-015744_1550x616_scrot

  • curio unseal set-target-state [spid] [sector] [true/false/none] - setting target unseal state for sectors

  • curio unseal check [spid] [sector] - run a CommP on stored unsealed file to verify its integrity
    2024-09-05-020427_728x113_scrot

todo

  • Generate Key
  • Decode
    • BONUS: Snap
  • Pipeline
  • CommK GC
  • Wire into curio run
  • Default build works
  • Command to mark sectors for unseal
  • Shared SDR max counter
  • GC awareness for target-no-unsealed
  • MetadataGC for Unseal pipeline
  • Test run
  • Command to verify unsealed sector data
  • Change commp check config to mach market commp

@magik6k magik6k mentioned this pull request Aug 29, 2024
Closed
15 tasks
@magik6k magik6k force-pushed the feat/unseal branch 2 times, most recently from 9c3e4af to bf57350 Compare September 2, 2024 11:13
@magik6k magik6k mentioned this pull request Sep 4, 2024
Open
@magik6k magik6k force-pushed the feat/unseal branch 2 times, most recently from f250428 to d579d2e Compare September 4, 2024 13:38
@magik6k magik6k changed the title [WIP] Unseal Unseal Sep 4, 2024
@magik6k magik6k marked this pull request as ready for review September 4, 2024 23:29
snadrus
snadrus approved these changes Sep 5, 2024
View reviewed changes
cmd/curio/unseal.go Outdated Show resolved Hide resolved
lib/ffi/cunative/decode_snap.go Outdated Show resolved Hide resolved
lib/ffi/sdr_funcs.go Outdated Show resolved Hide resolved
lib/proof/datacid.go Show resolved Hide resolved
tasks/gc/pipeline_meta_gc.go Show resolved Hide resolved
tasks/scrub/task_scrub_commd.go Outdated Show resolved Hide resolved
tasks/scrub/task_scrub_commd.go Show resolved Hide resolved
tasks/unseal/task_unseal_decode.go Show resolved Hide resolved
LexLuthr
LexLuthr approved these changes Sep 6, 2024
View reviewed changes
Copy link
Contributor

@LexLuthr LexLuthr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good with some small nits.

cmd/curio/unseal.go Outdated Show resolved Hide resolved
cmd/curio/unseal.go Show resolved Hide resolved
cmd/curio/unseal.go Show resolved Hide resolved
cmd/curio/unseal.go Show resolved Hide resolved
cmd/curio/unseal.go Outdated Show resolved Hide resolved
cmd/curio/unseal.go Outdated Show resolved Hide resolved
cmd/curio/unseal.go Outdated Show resolved Hide resolved
cmd/curio/unseal.go Show resolved Hide resolved
lib/ffi/sdr_funcs.go Outdated Show resolved Hide resolved
@magik6k magik6k force-pushed the feat/unseal branch 4 times, most recently from cdf1bc9 to 20bf029 Compare September 6, 2024 15:00
@magik6k magik6k merged commit b2e2def into main Sep 16, 2024
10 checks passed
@magik6k magik6k deleted the feat/unseal branch September 16, 2024 16:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@snadrus snadrus snadrus approved these changes

@LexLuthr LexLuthr LexLuthr approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@magik6k @snadrus @LexLuthr