UTxO-HD: Store snapshot metadata alongside its data (#1431)

# Description

This PR adds snapshot metadata to the snapshotting mechanism in order
for different types of snapshots to be distinguishable without needing
to inspect their contents.

Fixes #1416

Author: fraser-iohk

ouroboros-consensus-cardano/app/DBAnalyser/Parsers.hs

@@ -18,7 +18,6 @@ import           Options.Applicative
 import           Ouroboros.Consensus.Block (SlotNo (..), WithOrigin (..))
 import           Ouroboros.Consensus.Byron.Node (PBftSignatureThreshold (..))
 import           Ouroboros.Consensus.Shelley.Node (Nonce (..))
-import           Ouroboros.Consensus.Storage.LedgerDB.Snapshots
 
 {-------------------------------------------------------------------------------
   Parsing
@@ -42,17 +41,6 @@ parseDBAnalyserConfig = DBAnalyserConfig
     <*> parseValidationPolicy
     <*> parseAnalysis
     <*> parseLimit
-    <*> flag DoDiskSnapshotChecksum NoDoDiskSnapshotChecksum (mconcat [
-            long "no-snapshot-checksum-on-read"
-          , help "Don't check the '.checksum' file when reading a ledger snapshot"
-          ])
-    <*> flag DoDiskSnapshotChecksum NoDoDiskSnapshotChecksum (mconcat [
-            long "no-snapshot-checksum-on-write"
-          , help (unlines [ "Don't calculate the checksum and"
-                          , "write the '.checksum' file"
-                          , "when taking a ledger snapshot"
-                          ])
-          ])
     <*> Foldable.asum [
           flag' V1InMem $ mconcat [
                 long "v1-in-mem"

ouroboros-consensus-cardano/app/snapshot-converter.hs

@@ -65,9 +65,6 @@ data Config = Config
     -- ^ Which format the output snapshot must be in
     , outpath       :: FilePath
     -- ^ Path to the output snapshot
-    , writeChecksum :: Flag "DoDiskSnapshotChecksum"
-    -- ^ Write and check checksums
-    , checkChecksum :: Flag "DoDiskSnapshotChecksum"
     }
 
 getCommandLineConfig :: IO (Config, BlockType)
@@ -107,18 +104,6 @@ parseConfig =
                 , metavar "PATH-OUT"
                 ]
             )
-        <*> flag DoDiskSnapshotChecksum NoDoDiskSnapshotChecksum
-            ( mconcat
-                [ long "no-write-checksum"
-                , help "Disable writing checksums"
-                ]
-            )
-        <*> flag DoDiskSnapshotChecksum NoDoDiskSnapshotChecksum
-            ( mconcat
-                [ long "no-read-checksum"
-                , help "Disable checking checksums"
-                ]
-            )
 
 -- Helpers
 
@@ -140,13 +125,15 @@ data Error blk
     | TablesCantDeserializeError DeserialiseFailure
     | TablesTrailingBytes
     | SnapshotFormatMismatch Format String
+    | ReadSnapshotCRCError FsPath CRCError
     deriving Exception
 
 instance StandardHash blk => Show (Error blk) where
     show (SnapshotError err) = "Couldn't deserialize the snapshot. Are you running the same node version that created the snapshot? " <> show err
     show (TablesCantDeserializeError err) = "Couldn't deserialize the tables: " <> show err
     show TablesTrailingBytes = "Malformed tables, there are trailing bytes!"
     show (SnapshotFormatMismatch expected err) = "The input snapshot does not seem to correspond to the input format:\n\t" <> show expected <> "\n\tThe provided path " <> err
+    show (ReadSnapshotCRCError fp err) = "An error occurred while reading the snapshot checksum at " <> show fp <> ": \n\t" <> show err
 
 checkSnapshotFileStructure :: Format -> FsPath -> SomeHasFS IO -> ExceptT (Error blk) IO ()
 checkSnapshotFileStructure m p (SomeHasFS fs) = case m of
@@ -189,22 +176,23 @@ load config@Config{inpath = pathToDiskSnapshot -> Just (fs@(SomeHasFS hasFS), pa
   case from config of
     Legacy -> do
       checkSnapshotFileStructure Legacy path fs
-      (st, mbChecksumAsRead) <-
+      (st, checksumAsRead) <-
              first unstowLedgerTables
          <$> withExceptT
                (SnapshotError . InitFailureRead . ReadSnapshotFailed)
-               (readExtLedgerState fs (decodeDiskExtLedgerState ccfg) decode checkChecksum path)
-      Monad.when (getFlag checkChecksum) $ do
-        let crcPath = path <.> "checksum"
+               (readExtLedgerState fs (decodeDiskExtLedgerState ccfg) decode path)
+      let crcPath = path <.> "checksum"
+      crcFileExists <- Trans.lift $ doesFileExist hasFS crcPath
+      Monad.when crcFileExists $ do
         snapshotCRC <-
-            withExceptT (SnapshotError . InitFailureRead . ReadSnapshotCRCError crcPath) $
+            withExceptT (ReadSnapshotCRCError crcPath) $
               readCRC hasFS crcPath
-        Monad.when (mbChecksumAsRead /= Just snapshotCRC) $
+        Monad.when (checksumAsRead /= snapshotCRC) $
           throwError $ SnapshotError $ InitFailureRead ReadSnapshotDataCorruption
       pure (forgetLedgerTables st, projectLedgerTables st)
     Mem -> do
       checkSnapshotFileStructure Mem path fs
-      (ls, _) <- withExceptT SnapshotError $ V2.loadSnapshot rr ccfg fs checkChecksum ds
+      (ls, _) <- withExceptT SnapshotError $ V2.loadSnapshot rr ccfg fs ds
       let h = V2.currentHandle ls
       (V2.state h,) <$> Trans.lift (V2.readAll (V2.tables h))
     LMDB -> do
@@ -216,11 +204,8 @@ load config@Config{inpath = pathToDiskSnapshot -> Just (fs@(SomeHasFS hasFS), pa
           (V1.LMDBBackingStoreArgs tempFP defaultLMDBLimits Dict.Dict)
           ccfg
           (V1.SnapshotsFS fs)
-          checkChecksum
           ds
       (V1.current dbch,) <$> Trans.lift (V1.bsReadAll bstore (V1.changelogLastFlushedState dbch))
-  where
-    Config { checkChecksum } = config
 load _ _ _ _ = error "Malformed input path!"
 
 store ::
@@ -238,21 +223,18 @@ store config@Config{outpath = pathToDiskSnapshot -> Just (fs@(SomeHasFS hasFS),
    case to config of
     Legacy -> do
       crc <- writeExtLedgerState fs (encodeDiskExtLedgerState ccfg) path (stowLedgerTables $ state `withLedgerTables` tbs)
-      Monad.when (getFlag writeChecksum) $
-        withFile hasFS (path <.> "checksum") (WriteMode MustBeNew) $ \h ->
-          Monad.void $ hPutAll hasFS h . BS.toLazyByteString . BS.word32HexFixed $ getCRC crc
+      withFile hasFS (path <.> "checksum") (WriteMode MustBeNew) $ \h ->
+        Monad.void $ hPutAll hasFS h . BS.toLazyByteString . BS.word32HexFixed $ getCRC crc
     Mem -> do
       lseq <- V2.empty state tbs $ V2.newInMemoryLedgerTablesHandle fs
       let h = V2.currentHandle lseq
-      Monad.void $ V2.takeSnapshot ccfg nullTracer fs suffix writeChecksum h
+      Monad.void $ V2.takeSnapshot ccfg nullTracer fs suffix h
     LMDB -> do
       chlog <- newTVarIO (V1.empty state)
       lock <- V1.mkLedgerDBLock
       bs <- V1.newLMDBBackingStore nullTracer defaultLMDBLimits (V1.LiveLMDBFS tempFS) (V1.SnapshotsFS fs) (V1.InitFromValues (pointSlot $ getTip state) state tbs)
       Monad.void $ V1.withReadLock lock $ do
-        V1.takeSnapshot chlog ccfg nullTracer (V1.SnapshotsFS fs) bs suffix writeChecksum
-  where
-   Config { writeChecksum } = config
+        V1.takeSnapshot chlog ccfg nullTracer (V1.SnapshotsFS fs) bs suffix
 store _ _ _ _ = error "Malformed output path!"
 
 main :: IO ()

ouroboros-consensus-cardano/src/unstable-cardano-tools/Cardano/Tools/DBAnalyser/Run.hs

@@ -34,7 +34,6 @@ import qualified Ouroboros.Consensus.Storage.ChainDB.Impl.Args as ChainDB
 import qualified Ouroboros.Consensus.Storage.ImmutableDB as ImmutableDB
 import qualified Ouroboros.Consensus.Storage.ImmutableDB.Stream as ImmutableDB
 import qualified Ouroboros.Consensus.Storage.LedgerDB as LedgerDB
-import qualified Ouroboros.Consensus.Storage.LedgerDB.Snapshots as LedgerDB
 import qualified Ouroboros.Consensus.Storage.LedgerDB.V1 as LedgerDB.V1
 import qualified Ouroboros.Consensus.Storage.LedgerDB.V1.Args as LedgerDB.V1
 import qualified Ouroboros.Consensus.Storage.LedgerDB.V1.BackingStore.Impl.LMDB as LMDB
@@ -149,37 +148,19 @@ analyse dbaConfig args =
           args'' =
             args' {
               ChainDB.cdbLgrDbArgs =
-                (\x -> x {
-                    LedgerDB.lgrSnapshotPolicyArgs =
-                      (\y -> y {
-                          LedgerDB.spaDoChecksum = diskSnapshotChecksumOnRead
-                          })
-                      $ LedgerDB.lgrSnapshotPolicyArgs x
-                  , LedgerDB.lgrConfig =
+                (\x -> x
+                  { LedgerDB.lgrConfig =
                       LedgerDB.LedgerDbCfg
                         (SecurityParam (knownNonZeroBounded @1))
                         (LedgerDB.ledgerDbCfg $ LedgerDB.lgrConfig x)
                         OmitLedgerEvents
-                    }
+                  }
                 )
                 (ChainDB.cdbLgrDbArgs args')
               }
           chainDbArgs = maybeValidateAll $ ChainDB.updateTracer chainDBTracer args''
           immutableDbArgs = ChainDB.cdbImmDbArgs chainDbArgs
-          args''' =
-            args'' {
-              ChainDB.cdbLgrDbArgs =
-                (\x -> x {
-                    LedgerDB.lgrSnapshotPolicyArgs =
-                      (\y -> y {
-                          LedgerDB.spaDoChecksum = diskSnapshotChecksumOnWrite
-                          })
-                      $ LedgerDB.lgrSnapshotPolicyArgs x
-                    }
-                )
-                (ChainDB.cdbLgrDbArgs args'')
-              }
-          ldbArgs = ChainDB.cdbLgrDbArgs args'''
+          ldbArgs = ChainDB.cdbLgrDbArgs args''
 
       withImmutableDB immutableDbArgs $ \(immutableDB, internal) -> do
         SomeAnalysis (Proxy :: Proxy startFrom) ana <- pure $ runAnalysis analysis
@@ -219,8 +200,6 @@ analyse dbaConfig args =
       , validation
       , verbose
       , ldbBackend
-      , diskSnapshotChecksumOnRead
-      , diskSnapshotChecksumOnWrite
       } = dbaConfig
 
     SelectImmutableDB startSlot = selectDB

ouroboros-consensus-cardano/src/unstable-cardano-tools/Cardano/Tools/DBAnalyser/Types.hs

@@ -11,15 +11,13 @@ data SelectDB =
     SelectImmutableDB (WithOrigin SlotNo)
 
 data DBAnalyserConfig = DBAnalyserConfig {
-    dbDir                       :: FilePath
-  , verbose                     :: Bool
-  , selectDB                    :: SelectDB
-  , validation                  :: Maybe ValidateBlocks
-  , analysis                    :: AnalysisName
-  , confLimit                   :: Limit
-  , diskSnapshotChecksumOnRead  :: Flag "DoDiskSnapshotChecksum"
-  , diskSnapshotChecksumOnWrite :: Flag "DoDiskSnapshotChecksum"
-  , ldbBackend                  :: LedgerDBBackend
+    dbDir      :: FilePath
+  , verbose    :: Bool
+  , selectDB   :: SelectDB
+  , validation :: Maybe ValidateBlocks
+  , analysis   :: AnalysisName
+  , confLimit  :: Limit
+  , ldbBackend :: LedgerDBBackend
   }
 
 data AnalysisName =

ouroboros-consensus-cardano/test/tools-test/Main.hs

@@ -8,7 +8,6 @@ import qualified Cardano.Tools.DBSynthesizer.Run as DBSynthesizer
 import           Cardano.Tools.DBSynthesizer.Types
 import           Ouroboros.Consensus.Block
 import           Ouroboros.Consensus.Cardano.Block
-import           Ouroboros.Consensus.Storage.LedgerDB.Snapshots
 import qualified Test.Cardano.Tools.Headers
 import           Test.Tasty
 import           Test.Tasty.HUnit
@@ -70,8 +69,6 @@ testAnalyserConfig =
     , validation                  = Just ValidateAllBlocks
     , analysis                    = CountBlocks
     , confLimit                   = Unlimited
-    , diskSnapshotChecksumOnRead  = NoDoDiskSnapshotChecksum
-    , diskSnapshotChecksumOnWrite = NoDoDiskSnapshotChecksum
     }
 
 testBlockArgs :: Cardano.Args (CardanoBlock StandardCrypto)

ouroboros-consensus/ouroboros-consensus.cabal

@@ -296,6 +296,7 @@ library
 
   build-depends:
     FailT ^>=0.1.2,
+    aeson,
     base >=4.14 && <4.22,
     base-deriving-via,
     base16-bytestring,
@@ -705,6 +706,7 @@ test-suite storage-test
     Test.Ouroboros.Storage.ImmutableDB.StateMachine
     Test.Ouroboros.Storage.LedgerDB
     Test.Ouroboros.Storage.LedgerDB.Serialisation
+    Test.Ouroboros.Storage.LedgerDB.Snapshots
     Test.Ouroboros.Storage.LedgerDB.SnapshotPolicy
     Test.Ouroboros.Storage.LedgerDB.StateMachine
     Test.Ouroboros.Storage.LedgerDB.StateMachine.TestBlock
@@ -722,6 +724,7 @@ test-suite storage-test
 
   build-depends:
     QuickCheck,
+    aeson,
     base,
     bifunctors,
     binary,

ouroboros-consensus/src/ouroboros-consensus/Ouroboros/Consensus/Storage/LedgerDB.hs

@@ -26,7 +26,6 @@ import           Ouroboros.Consensus.Storage.ImmutableDB.Stream
 import           Ouroboros.Consensus.Storage.LedgerDB.API
 import           Ouroboros.Consensus.Storage.LedgerDB.Args
 import           Ouroboros.Consensus.Storage.LedgerDB.Forker
-import           Ouroboros.Consensus.Storage.LedgerDB.Snapshots
 import           Ouroboros.Consensus.Storage.LedgerDB.TraceEvent
 import qualified Ouroboros.Consensus.Storage.LedgerDB.V1 as V1
 import qualified Ouroboros.Consensus.Storage.LedgerDB.V2 as V2
@@ -123,7 +122,6 @@ openDBInternal args@(LedgerDbArgs { lgrHasFS = SomeHasFS fs }) initDb stream rep
             replayGoal
             initDb
             lgrStartSnapshot
-            doDiskSnapshotChecksum
     (ledgerDb, internal) <- mkLedgerDb initDb db
     return (ledgerDb, replayCounter, internal)
 
@@ -137,5 +135,3 @@ openDBInternal args@(LedgerDbArgs { lgrHasFS = SomeHasFS fs }) initDb stream rep
 
     replayTracer = LedgerReplayEvent     >$< lgrTracer
     snapTracer   = LedgerDBSnapshotEvent >$< lgrTracer
-
-    SnapshotPolicyArgs _ _ doDiskSnapshotChecksum = lgrSnapshotPolicyArgs args

ouroboros-consensus/src/ouroboros-consensus/Ouroboros/Consensus/Storage/LedgerDB/API.hs

@@ -465,7 +465,7 @@ type InitDB :: Type -> (Type -> Type) -> Type -> Type
 data InitDB db m blk = InitDB {
     initFromGenesis  :: !(m db)
     -- ^ Create a DB from the genesis state
-  , initFromSnapshot :: !(Flag "DoDiskSnapshotChecksum" -> DiskSnapshot -> m (Either (SnapshotFailure blk) (db, RealPoint blk)))
+  , initFromSnapshot :: !(DiskSnapshot -> m (Either (SnapshotFailure blk) (db, RealPoint blk)))
     -- ^ Create a DB from a Snapshot
   , closeDb          :: !(db -> m ())
     -- ^ Closing the database, to be reopened again with a different snapshot or
@@ -516,7 +516,6 @@ initialize ::
   -> Point blk
   -> InitDB db m blk
   -> Maybe DiskSnapshot
-  -> Flag "DoDiskSnapshotChecksum"
   -> m (InitLog blk, db, Word64)
 initialize replayTracer
            snapTracer
@@ -525,22 +524,20 @@ initialize replayTracer
            stream
            replayGoal
            dbIface
-           fromSnapshot
-           doDoDiskSnapshotChecksum =
+           fromSnapshot =
     case fromSnapshot of
-      Nothing   -> listSnapshots hasFS >>= tryNewestFirst doDoDiskSnapshotChecksum id
-      Just snap -> tryNewestFirst doDoDiskSnapshotChecksum id [snap]
+      Nothing   -> listSnapshots hasFS >>= tryNewestFirst id
+      Just snap -> tryNewestFirst id [snap]
   where
     InitDB {initFromGenesis, initFromSnapshot, closeDb} = dbIface
 
-    tryNewestFirst :: Flag "DoDiskSnapshotChecksum"
-                   -> (InitLog blk -> InitLog blk)
+    tryNewestFirst :: (InitLog blk -> InitLog blk)
                    -> [DiskSnapshot]
                    -> m ( InitLog   blk
                         , db
                         , Word64
                         )
-    tryNewestFirst _ acc [] = do
+    tryNewestFirst acc [] = do
       -- We're out of snapshots. Start at genesis
       traceWith (TraceReplayStartEvent >$< replayTracer) ReplayFromGenesis
       let replayTracer'' = decorateReplayTracerWithStart (Point Origin) replayTracer'
@@ -564,24 +561,38 @@ initialize replayTracer
                  , replayed
                  )
 
-    tryNewestFirst doChecksum acc allSnapshot@(s:ss) = do
-      eInitDb <- initFromSnapshot doChecksum s
+    tryNewestFirst acc (s:ss) = do
+      eInitDb <- initFromSnapshot s
       case eInitDb of
-        -- If a checksum file is missing for a snapshot,
-        -- issue a warning and retry the same snapshot
-        -- ignoring the checksum
-        Left (InitFailureRead (ReadSnapshotCRCError _ CRCNoFile)) -> do
-          traceWith snapTracer $ SnapshotMissingChecksum s
-          tryNewestFirst NoDoDiskSnapshotChecksum acc allSnapshot
+        -- If the snapshot is missing a metadata file, issue a warning and try
+        -- the next oldest snapshot
+        Left err@(InitFailureRead (ReadMetadataError _ MetadataFileDoesNotExist)) -> do
+          traceWith snapTracer $ SnapshotMetadataMissing s
+          tryNewestFirst (acc . InitFailure s err) ss
+
+        -- If the snapshot's backend is incorrect, issue a warning and try
+        -- the next oldest snapshot
+        Left err@(InitFailureRead (ReadMetadataError _ MetadataBackendMismatch)) -> do
+          traceWith snapTracer $ SnapshotMetadataBackendMismatch s
+          tryNewestFirst (acc . InitFailure s err) ss
+
+        -- If the snapshot has a checksum that doesn't match the actual data,
+        -- issue a warning, delete it, and try the next oldest snapshot
+        Left err@(InitFailureRead ReadSnapshotDataCorruption) -> do
+          traceWith snapTracer $ InvalidSnapshot s err
+          Monad.when (diskSnapshotIsTemporary s) $ do
+            traceWith snapTracer $ DeletedSnapshot s
+            deleteSnapshot hasFS s
+          tryNewestFirst (acc . InitFailure s err) ss
 
         -- If we fail to use this snapshot for any other reason, delete it and
         -- try an older one
         Left err -> do
-          Monad.when (diskSnapshotIsTemporary s || err == InitFailureGenesis) $
+          Monad.when (diskSnapshotIsTemporary s || err == InitFailureGenesis) $ do
+            traceWith snapTracer $ DeletedSnapshot s
             deleteSnapshot hasFS s
           traceWith snapTracer . InvalidSnapshot s $ err
-          -- reset checksum flag to the initial state after failure
-          tryNewestFirst doChecksum (acc . InitFailure s err) ss
+          tryNewestFirst (acc . InitFailure s err) ss
 
         Right (initDb, pt) -> do
           let pt' = realPointToPoint pt
@@ -600,7 +611,7 @@ initialize replayTracer
               traceWith snapTracer . InvalidSnapshot s $ err
               Monad.when (diskSnapshotIsTemporary s) $ deleteSnapshot hasFS s
               closeDb initDb
-              tryNewestFirst doChecksum (acc . InitFailure s err) ss
+              tryNewestFirst (acc . InitFailure s err) ss
             Right (db, replayed) -> do
               db' <- pruneDb dbIface db
               return (acc (InitFromSnapshot s pt), db', replayed)
@@ -762,4 +773,4 @@ type LedgerSupportsLedgerDB blk =
 --   1. @0@ in places where it is necessary
 --   2. the security parameter as is, in other places
 data LedgerDbPrune = LedgerDbPruneAll | LedgerDbPruneKeeping SecurityParam
-  deriving Show
+  deriving Show