feat: new job to backup pins to s3

[joshghent]

⚠️ Requires a new migration on the psa_pins_request table to add the new backup_urls column. ⚠️

About this job

This new cron job which runs every 4 hours, grabs 10,000 pin requests, gets the car file and uploads it to s3.
It behaves in a similar way to nftstorage/backup.
It uses Dagula to grab the car file from the IPFS peer.

[github-actions]

Website preview 🔗✨

• 🙂 https://w3s.link/ipfs/bafybeidswl2nqzgzkndddbqtmkbcbeh43h2aivbxolxobxy77c4eoof7ay
• ⛅️ https://0ed9ff37.web3-storage-staging.pages.dev

build log

[flea89]

This is getting together 🎉
I did a really quick review pass and left some high-level comments for you.

Also noticed some types still need updating across the board.

[flea89]

What happens to this DAGs?
Is there a different approach we have in mind for those?

[joshghent]

We don't... but it's a pattern that is found in other areas of the system. So might be worth flagging.

[flea89]

The comment is not pointing to the right line anymore, should be line abovehttps://github.com/web3-storage/web3.storage/pull/1844/files#diff-4df8cd6f6a1194703527832b6e009d1515b1d8f708afe9a5af7c31f446f9aadeR25

@alanshaw you might know more about this.

[alanshaw]

My thinking was along the lines of that being the max in our ToS and wanting to have a cap at some point on the size of data we're willing to have uploaded/pinned. If you uploaded more than what we've said is the max allowed then we shouldn't be obliged to store that.

[flea89]

But we don't have that limit for pins do we? I can't find the ToS for pins, but I might just be missing it?

Assuming there isn't one, there's a chance content bigger than that is stored there and users should expect it to be migrated?

[flea89]

I've commented out the size check part, because, unless we have strong reasons not to, we should move all the files to eipfs.

[flea89]

Add logging to keep track of enormous dags

[flea89]

I added 2 pieces of logging:

1. every time for whatever reason dag export fails we log the number of bytes read to that point
2. If a successful export is greater than 32TiB, we log it.

[olizilla]

32TiB or 32 GiB? i think we want to know about pins >= 32 GiB

[flea89]

yeah, I actually added 32 GiB in the code 👍 (see here)

[joshghent]

Ok, so before this is merged it needs a the migration running which adds a new column backup_urls to the psa_pins_request.
This cron job will need verifying on staging and make sure that it successfully backs up the pins.
After that, it can be safely merged to production.

[github-actions]

package-lock.json changes

Summary

Status	Count
	98
	6

Click to toggle table visibility

Name	Status	Previous	Current
@achingbrain/ip-address		-	8.1.0
@achingbrain/nat-port-mapper		-	1.0.7
@achingbrain/ssdp		-	4.0.1
@aws-sdk/lib-storage		-	3.194.0
@aws-sdk/middleware-endpoint		-	3.193.0
@aws-sdk/util-middleware		-	3.193.0
@chainsafe/libp2p-noise		-	7.0.3
@libp2p/connection		-	2.0.4
@libp2p/crypto		-	1.0.7
@libp2p/interface-connection-encrypter		-	1.0.3
@libp2p/interface-connection		-	3.0.2
@libp2p/interface-keys		-	1.0.3
@libp2p/interface-peer-id		-	1.0.5
@libp2p/interface-peer-info		-	1.0.3
@libp2p/interface-peer-store		-	1.2.2
@libp2p/interface-record		-	2.0.1
@libp2p/interface-transport		-	1.0.4
@libp2p/interfaces		-	2.0.4
@libp2p/logger		-	2.0.2
@libp2p/mplex		-	1.2.2
@libp2p/multistream-select		-	1.0.6
@libp2p/peer-collections		-	2.2.0
@libp2p/peer-id-factory		-	1.0.19
@libp2p/peer-id		-	1.1.16
@libp2p/peer-record		-	1.0.12
@libp2p/peer-store		-	1.0.17
@libp2p/tcp		-	3.1.2
@libp2p/tracked-map		-	1.0.8
@libp2p/utils		-	3.0.2
@libp2p/websockets		-	3.0.4
@multiformats/mafmt		-	11.0.3
@multiformats/multiaddr-to-uri		-	9.0.2
@multiformats/multiaddr		-	10.5.0
@noble/secp256k1		1.4.0	1.7.0
@stablelib/aead		-	1.0.1
@stablelib/binary		-	1.0.1
@stablelib/bytes		-	1.0.1
@stablelib/chacha		-	1.0.1
@stablelib/chacha20poly1305		-	1.0.1
@stablelib/constant-time		-	1.0.1
@stablelib/hash		-	1.0.1
@stablelib/hkdf		-	1.0.1
@stablelib/hmac		-	1.0.1
@stablelib/int		-	1.0.1
@stablelib/keyagreement		-	1.0.1
@stablelib/poly1305		-	1.0.1
@stablelib/random		-	1.0.2
@stablelib/sha256		-	1.0.1
@stablelib/wipe		-	1.0.1
@stablelib/x25519		-	1.0.3
@web3-storage/fast-unixfs-exporter		-	0.2.1
abortable-iterator		-	4.0.2
aws-sdk		-	2.1239.0
byte-access		-	1.0.1
clone-regexp		-	3.0.0
conf		10.1.1	10.2.0
convert-hrtime		-	5.0.0
dagula		-	3.1.1
datastore-core		-	7.0.3
default-gateway		-	6.0.3
event-iterator		-	2.0.0
format-number		-	3.0.0
freeport-promise		-	2.0.0
function-timeout		-	0.1.1
hashlru		-	2.3.0
interface-blockstore		2.0.2	2.0.3
interface-datastore		6.0.3	6.1.1
is-loopback-addr		-	2.0.1
is-regexp		-	3.1.0
it-foreach		-	0.1.1
it-handshake		-	4.1.2
it-length-prefixed		-	7.0.1
it-merge		-	1.0.4
it-pair		-	2.0.3
it-pb-stream		-	2.0.2
it-pushable		-	2.0.2
it-reader		-	6.0.1
it-sort		-	1.0.1
it-stream-types		-	1.0.4
it-ws		-	5.0.3
jmespath		-	0.16.0
jsbn		-	1.1.0
libp2p		-	0.37.3
longbits		-	1.1.0
mime-db		1.51.0	1.52.0
mime-types		2.1.34	2.1.35
mortice		-	3.0.1
mutable-proxy		-	1.0.0
netmask		-	2.0.2
observable-webworkers		-	2.0.1
p-queue		-	7.3.0
private-ip		-	2.3.4
protons-runtime		-	2.0.2
sanitize-filename		-	1.6.3
set-delayed-interval		-	1.0.0
super-regex		-	0.2.0
time-span		-	5.1.0
truncate-utf8-bytes		-	1.0.2
ts-mocha		-	9.0.2
uint8-varint		-	1.0.4
uint8arraylist		-	2.3.3
utf8-byte-length		-	1.0.4
wherearewe		-	2.0.1
xsalsa20		-	1.2.0

[flea89]

@alanshaw, while there are still a few tweaks required (ie. some types are missing/need fixing), I wonder if you could review this PR to see if the approach is what you expected it to be.
@joshghent is off for a few days, it'd be great to have your thoughts so that he can tidy everything up and action feedback (if any) from you.

[alanshaw]

You should check with @olizilla that the DB change is similar to what he's expecting to do.

[alanshaw]

Why not just schedule for the max amount of time a job can run for 6h?

[flea89]

If I understand this correctly the job has 2 goals:

1. move historical pins to EIPFS
2. keep moving new psa requests to EIPFS until we move to pickup.

For 2 I guess it's ideal to keep moving stuff as promptly as possible (30 min make sense, even less than that?) while we know the first runs of the job will be super slow (since they will have to go through all the historical data).

Isn't a solution to satisfy both words to keep the schedule as is and set concurrency on the job?

[alanshaw]

Might be nice if this was NOT NULL DEFAULT [] so you don't have to distinguish between null and empty.

[joshghent]

Changed :) FWIW, I used the same definition as backup_urls in uploads. Should I change that one too?

[flea89]

@olizilla can you please give this a thorough review 🙏
Let me know if you want to take it from here, or you will need more support from my end as well.

[flea89]

Cache instances for same peer location.

It should be fine to keep a single lilp2p instance

[flea89]

Done.

[flea89]

Add a per batch summary:

• failed cids (and their size)
• Successful (bigger than MAX_UPLOAD_DAG_SIZE)

Remove all unnecessary per cids logging, log just errors by default. (leave it with higher debug)

[flea89]

Done!

Default logging (DEBUG=backupPins:log ) is quite succinct now, while the job can be run manually passing a more verbose DEBUG=backupPins:* through workflow inputs.

Example of default logging:

❯ DEBUG=backupPins:log npm test --workspace=packages/cron

❯ DEBUG=backupPins:log npm test --workspace=packages/cron

[flea89]

Delete stale code

[flea89]

Done!

[flea89]

Look into sending checksum for file, reject the upload if the bytes of car don't match the cid

[flea89]

I wonder if this is required.
Looking at the headers sent by the client

  'content-type': 'application/xml',
  'content-length': '11985',
  Expect: '100-continue',
  host: '127.0.0.1',
  'x-amz-user-agent': 'aws-sdk-js/3.53.1',
  'user-agent': 'aws-sdk-js/3.53.1 os/darwin/21.6.0 lang/js md/nodejs/16.14.0 md/crt-avail api/s3/3.53.1',
  'amz-sdk-invocation-id': '25110079-acaf-425f-8933-3527fd8366c7',
  'amz-sdk-request': 'attempt=1; max=3',
  'x-amz-date': '20221031T122520Z',
  'x-amz-content-sha256': 'ebd8a0f42b66a7756aaee73e6275d918143525f125137b584e6b079b364a6b5f',
  authorization: 'AWS4-HMAC-SHA256 Credential=minioadmin/20221031/us-east-1/s3/aws4_request, SignedHeaders=amz-sdk-invocation-id;amz-sdk-request;content-length;content-type;host;x-amz-content-sha256;x-amz-date;x-amz-user-agent, Signature=90453c633c07234480f3319eb3c1b058d25b39a077eb3653063165c5bc137722'
}

you can see it sends x-amz-content-sha256 which is the sha256 of the payload and implies the payload is signed (see docs.

If every chunk is hashed and verified I don't think we need the overall one? Or am I missing something?

[flea89]

cc @olizilla