| // Licensed to the Apache Software Foundation (ASF) under one |
| // or more contributor license agreements. See the NOTICE file |
| // distributed with this work for additional information |
| // regarding copyright ownership. The ASF licenses this file |
| // to you under the Apache License, Version 2.0 (the |
| // "License"); you may not use this file except in compliance |
| // with the License. You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, |
| // software distributed under the License is distributed on an |
| // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| // KIND, either express or implied. See the License for the |
| // specific language governing permissions and limitations |
| // under the License. |
| |
| #include "recycler/s3_accessor.h" |
| |
| #include <aws/core/auth/AWSAuthSigner.h> |
| #include <aws/core/auth/AWSCredentials.h> |
| #include <aws/core/auth/AWSCredentialsProviderChain.h> |
| #include <aws/core/client/DefaultRetryStrategy.h> |
| #include <aws/identity-management/auth/STSAssumeRoleCredentialsProvider.h> |
| #include <aws/s3/S3Client.h> |
| #include <aws/sts/STSClient.h> |
| #include <bvar/reducer.h> |
| #include <gen_cpp/cloud.pb.h> |
| |
| #include <algorithm> |
| #ifdef USE_AZURE |
| #include <azure/storage/blobs/blob_container_client.hpp> |
| #include <azure/storage/common/storage_credential.hpp> |
| #endif |
| #include <execution> |
| #include <memory> |
| #include <utility> |
| |
| #include "common/config.h" |
| #include "common/encryption_util.h" |
| #include "common/logging.h" |
| #include "common/simple_thread_pool.h" |
| #include "common/string_util.h" |
| #include "common/util.h" |
| #include "cpp/aws_logger.h" |
| #include "cpp/obj_retry_strategy.h" |
| #include "cpp/s3_rate_limiter.h" |
| #include "cpp/sync_point.h" |
| #ifdef USE_AZURE |
| #include "recycler/azure_obj_client.h" |
| #endif |
| #include "recycler/obj_storage_client.h" |
| #include "recycler/s3_obj_client.h" |
| #include "recycler/storage_vault_accessor.h" |
| |
| namespace doris::cloud { |
| namespace s3_bvar { |
| bvar::LatencyRecorder s3_get_latency("s3_get"); |
| bvar::LatencyRecorder s3_put_latency("s3_put"); |
| bvar::LatencyRecorder s3_delete_object_latency("s3_delete_object"); |
| bvar::LatencyRecorder s3_delete_objects_latency("s3_delete_objects"); |
| bvar::LatencyRecorder s3_head_latency("s3_head"); |
| bvar::LatencyRecorder s3_multi_part_upload_latency("s3_multi_part_upload"); |
| bvar::LatencyRecorder s3_list_latency("s3_list"); |
| bvar::LatencyRecorder s3_list_object_versions_latency("s3_list_object_versions"); |
| bvar::LatencyRecorder s3_get_bucket_version_latency("s3_get_bucket_version"); |
| bvar::LatencyRecorder s3_copy_object_latency("s3_copy_object"); |
| }; // namespace s3_bvar |
| |
| bvar::Adder<int64_t> get_rate_limit_ns("get_rate_limit_ns"); |
| bvar::Adder<int64_t> get_rate_limit_exceed_req_num("get_rate_limit_exceed_req_num"); |
| bvar::Adder<int64_t> put_rate_limit_ns("put_rate_limit_ns"); |
| bvar::Adder<int64_t> put_rate_limit_exceed_req_num("put_rate_limit_exceed_req_num"); |
| |
| AccessorRateLimiter::AccessorRateLimiter() |
| : _rate_limiters( |
| {std::make_unique<S3RateLimiterHolder>( |
| config::s3_get_token_per_second, config::s3_get_bucket_tokens, |
| config::s3_get_token_limit, |
| metric_func_factory(get_rate_limit_ns, get_rate_limit_exceed_req_num)), |
| std::make_unique<S3RateLimiterHolder>( |
| config::s3_put_token_per_second, config::s3_put_bucket_tokens, |
| config::s3_put_token_limit, |
| metric_func_factory(put_rate_limit_ns, |
| put_rate_limit_exceed_req_num))}) {} |
| |
| S3RateLimiterHolder* AccessorRateLimiter::rate_limiter(S3RateLimitType type) { |
| CHECK(type == S3RateLimitType::GET || type == S3RateLimitType::PUT) << to_string(type); |
| return _rate_limiters[static_cast<size_t>(type)].get(); |
| } |
| |
| AccessorRateLimiter& AccessorRateLimiter::instance() { |
| static AccessorRateLimiter instance; |
| return instance; |
| } |
| |
| int reset_s3_rate_limiter(S3RateLimitType type, size_t max_speed, size_t max_burst, size_t limit) { |
| if (type == S3RateLimitType::UNKNOWN) { |
| return -1; |
| } |
| if (type == S3RateLimitType::GET) { |
| max_speed = (max_speed == 0) ? config::s3_get_token_per_second : max_speed; |
| max_burst = (max_burst == 0) ? config::s3_get_bucket_tokens : max_burst; |
| limit = (limit == 0) ? config::s3_get_token_limit : limit; |
| } else { |
| max_speed = (max_speed == 0) ? config::s3_put_token_per_second : max_speed; |
| max_burst = (max_burst == 0) ? config::s3_put_bucket_tokens : max_burst; |
| limit = (limit == 0) ? config::s3_put_token_limit : limit; |
| } |
| return AccessorRateLimiter::instance().rate_limiter(type)->reset(max_speed, max_burst, limit); |
| } |
| |
| class S3Environment { |
| public: |
| S3Environment() { |
| aws_options_ = Aws::SDKOptions {}; |
| auto logLevel = static_cast<Aws::Utils::Logging::LogLevel>(config::aws_log_level); |
| aws_options_.loggingOptions.logLevel = logLevel; |
| aws_options_.loggingOptions.logger_create_fn = [logLevel] { |
| return std::make_shared<DorisAWSLogger>(logLevel); |
| }; |
| Aws::InitAPI(aws_options_); |
| } |
| |
| ~S3Environment() { Aws::ShutdownAPI(aws_options_); } |
| |
| private: |
| Aws::SDKOptions aws_options_; |
| }; |
| |
| class S3ListIterator final : public ListIterator { |
| public: |
| S3ListIterator(std::unique_ptr<ObjectListIterator> iter, size_t prefix_length) |
| : iter_(std::move(iter)), prefix_length_(prefix_length) {} |
| |
| ~S3ListIterator() override = default; |
| |
| bool is_valid() override { return iter_->is_valid(); } |
| |
| bool has_next() override { return iter_->has_next(); } |
| |
| std::optional<FileMeta> next() override { |
| std::optional<FileMeta> ret; |
| if (auto obj = iter_->next(); obj.has_value()) { |
| ret = FileMeta { |
| .path = get_relative_path(obj->key), |
| .size = obj->size, |
| .mtime_s = obj->mtime_s, |
| }; |
| } |
| return ret; |
| } |
| |
| private: |
| std::string get_relative_path(const std::string& key) const { |
| return key.substr(prefix_length_); |
| } |
| |
| std::unique_ptr<ObjectListIterator> iter_; |
| size_t prefix_length_; |
| }; |
| |
| std::optional<S3Conf> S3Conf::from_obj_store_info(const ObjectStoreInfoPB& obj_info, |
| bool skip_aksk) { |
| S3Conf s3_conf; |
| |
| switch (obj_info.provider()) { |
| case ObjectStoreInfoPB_Provider_OSS: |
| case ObjectStoreInfoPB_Provider_S3: |
| case ObjectStoreInfoPB_Provider_COS: |
| case ObjectStoreInfoPB_Provider_OBS: |
| case ObjectStoreInfoPB_Provider_BOS: |
| s3_conf.provider = S3Conf::S3; |
| break; |
| case ObjectStoreInfoPB_Provider_GCP: |
| s3_conf.provider = S3Conf::GCS; |
| break; |
| case ObjectStoreInfoPB_Provider_AZURE: |
| s3_conf.provider = S3Conf::AZURE; |
| break; |
| default: |
| LOG_WARNING("unknown provider type {}").tag("obj_info", proto_to_json(obj_info)); |
| return std::nullopt; |
| } |
| |
| if (!skip_aksk) { |
| if (!obj_info.ak().empty() && !obj_info.sk().empty()) { |
| if (obj_info.has_encryption_info()) { |
| AkSkPair plain_ak_sk_pair; |
| int ret = decrypt_ak_sk_helper(obj_info.ak(), obj_info.sk(), |
| obj_info.encryption_info(), &plain_ak_sk_pair); |
| if (ret != 0) { |
| LOG_WARNING("fail to decrypt ak sk").tag("obj_info", proto_to_json(obj_info)); |
| return std::nullopt; |
| } else { |
| s3_conf.ak = std::move(plain_ak_sk_pair.first); |
| s3_conf.sk = std::move(plain_ak_sk_pair.second); |
| } |
| } else { |
| s3_conf.ak = obj_info.ak(); |
| s3_conf.sk = obj_info.sk(); |
| } |
| } |
| |
| if (obj_info.has_role_arn() && !obj_info.role_arn().empty()) { |
| s3_conf.role_arn = obj_info.role_arn(); |
| s3_conf.external_id = obj_info.external_id(); |
| s3_conf.cred_provider_type = CredProviderType::InstanceProfile; |
| } |
| } |
| |
| s3_conf.endpoint = obj_info.endpoint(); |
| s3_conf.region = obj_info.region(); |
| s3_conf.bucket = obj_info.bucket(); |
| s3_conf.prefix = obj_info.prefix(); |
| s3_conf.use_virtual_addressing = !obj_info.use_path_style(); |
| |
| return s3_conf; |
| } |
| |
| S3Accessor::S3Accessor(S3Conf conf) |
| : StorageVaultAccessor(AccessorType::S3), conf_(std::move(conf)) {} |
| |
| S3Accessor::~S3Accessor() = default; |
| |
| std::string S3Accessor::get_key(const std::string& relative_path) const { |
| return conf_.prefix.empty() ? relative_path : conf_.prefix + '/' + relative_path; |
| } |
| |
| std::string S3Accessor::to_uri(const std::string& relative_path) const { |
| return uri_ + '/' + relative_path; |
| } |
| |
| int S3Accessor::create(S3Conf conf, std::shared_ptr<S3Accessor>* accessor) { |
| TEST_SYNC_POINT_RETURN_WITH_VALUE("S3Accessor::init.s3_init_failed", (int)-1); |
| switch (conf.provider) { |
| case S3Conf::GCS: |
| *accessor = std::make_shared<GcsAccessor>(conf); |
| break; |
| default: |
| *accessor = std::make_shared<S3Accessor>(conf); |
| break; |
| } |
| |
| return (*accessor)->init(); |
| } |
| |
| static std::shared_ptr<SimpleThreadPool> worker_pool; |
| |
| std::shared_ptr<Aws::Auth::AWSCredentialsProvider> S3Accessor::get_aws_credentials_provider( |
| const S3Conf& s3_conf) { |
| if (!s3_conf.ak.empty() && !s3_conf.sk.empty()) { |
| Aws::Auth::AWSCredentials aws_cred(s3_conf.ak, s3_conf.sk); |
| DCHECK(!aws_cred.IsExpiredOrEmpty()); |
| return std::make_shared<Aws::Auth::SimpleAWSCredentialsProvider>(std::move(aws_cred)); |
| } |
| |
| if (s3_conf.cred_provider_type == CredProviderType::InstanceProfile) { |
| if (s3_conf.role_arn.empty()) { |
| return std::make_shared<Aws::Auth::InstanceProfileCredentialsProvider>(); |
| } |
| |
| auto stsClient = std::make_shared<Aws::STS::STSClient>( |
| std::make_shared<Aws::Auth::InstanceProfileCredentialsProvider>()); |
| |
| return std::make_shared<Aws::Auth::STSAssumeRoleCredentialsProvider>( |
| s3_conf.role_arn, Aws::String(), s3_conf.external_id, |
| Aws::Auth::DEFAULT_CREDS_LOAD_FREQ_SECONDS, stsClient); |
| } |
| return std::make_shared<Aws::Auth::DefaultAWSCredentialsProviderChain>(); |
| } |
| |
| int S3Accessor::init() { |
| static std::once_flag log_annotated_tags_key_once; |
| std::call_once(log_annotated_tags_key_once, [&]() { |
| LOG_INFO("start s3 accessor parallel worker pool"); |
| worker_pool = |
| std::make_shared<SimpleThreadPool>(config::recycle_pool_parallelism, "s3_accessor"); |
| worker_pool->start(); |
| }); |
| switch (conf_.provider) { |
| case S3Conf::AZURE: { |
| #ifdef USE_AZURE |
| Azure::Storage::Blobs::BlobClientOptions options; |
| options.Retry.StatusCodes.insert(Azure::Core::Http::HttpStatusCode::TooManyRequests); |
| options.Retry.MaxRetries = config::max_s3_client_retry; |
| auto cred = |
| std::make_shared<Azure::Storage::StorageSharedKeyCredential>(conf_.ak, conf_.sk); |
| if (config::force_azure_blob_global_endpoint) { |
| uri_ = fmt::format("https://{}.blob.core.windows.net/{}", conf_.ak, conf_.bucket); |
| } else { |
| uri_ = fmt::format("{}/{}", conf_.endpoint, conf_.bucket); |
| if (uri_.find("://") == std::string::npos) { |
| uri_ = "https://" + uri_; |
| } |
| } |
| // In Azure's HTTP requests, all policies in the vector are called in a chained manner following the HTTP pipeline approach. |
| // Within the RetryPolicy, the nextPolicy is called multiple times inside a loop. |
| // All policies in the PerRetryPolicies are downstream of the RetryPolicy. |
| // Therefore, you only need to add a policy to check if the response code is 429 and if the retry count meets the condition, it can record the retry count. |
| options.PerRetryPolicies.emplace_back( |
| std::make_unique<AzureRetryRecordPolicy>(config::max_s3_client_retry)); |
| auto container_client = std::make_shared<Azure::Storage::Blobs::BlobContainerClient>( |
| uri_, cred, std::move(options)); |
| // uri format for debug: ${scheme}://${ak}.blob.core.windows.net/${bucket}/${prefix} |
| uri_ = uri_ + '/' + conf_.prefix; |
| obj_client_ = std::make_shared<AzureObjClient>(std::move(container_client)); |
| return 0; |
| #else |
| LOG_FATAL("BE is not compiled with azure support, export BUILD_AZURE=ON before building"); |
| return 0; |
| #endif |
| } |
| default: { |
| if (conf_.prefix.empty()) { |
| uri_ = conf_.endpoint + '/' + conf_.bucket; |
| } else { |
| uri_ = conf_.endpoint + '/' + conf_.bucket + '/' + conf_.prefix; |
| } |
| |
| static S3Environment s3_env; |
| |
| // S3Conf::S3 |
| Aws::Client::ClientConfiguration aws_config; |
| aws_config.endpointOverride = conf_.endpoint; |
| aws_config.region = conf_.region; |
| // Aws::Http::CurlHandleContainer::AcquireCurlHandle() may be blocked if the connecitons are bottleneck |
| aws_config.maxConnections = std::max((long)(config::recycle_pool_parallelism + |
| config::instance_recycler_worker_pool_size), |
| (long)aws_config.maxConnections); |
| |
| if (config::s3_client_http_scheme == "http") { |
| aws_config.scheme = Aws::Http::Scheme::HTTP; |
| } |
| aws_config.retryStrategy = std::make_shared<S3CustomRetryStrategy>( |
| config::max_s3_client_retry /*scaleFactor = 25*/); |
| auto s3_client = std::make_shared<Aws::S3::S3Client>( |
| get_aws_credentials_provider(conf_), std::move(aws_config), |
| Aws::Client::AWSAuthV4Signer::PayloadSigningPolicy::Never, |
| conf_.use_virtual_addressing /* useVirtualAddressing */); |
| obj_client_ = std::make_shared<S3ObjClient>(std::move(s3_client), conf_.endpoint); |
| return 0; |
| } |
| } |
| } |
| |
| int S3Accessor::delete_prefix_impl(const std::string& path_prefix, int64_t expiration_time) { |
| LOG_INFO("delete prefix").tag("uri", to_uri(path_prefix)); |
| return obj_client_ |
| ->delete_objects_recursively({.bucket = conf_.bucket, .key = get_key(path_prefix)}, |
| {.executor = worker_pool}, expiration_time) |
| .ret; |
| } |
| |
| int S3Accessor::delete_prefix(const std::string& path_prefix, int64_t expiration_time) { |
| auto norm_path_prefix = path_prefix; |
| strip_leading(norm_path_prefix, "/"); |
| if (norm_path_prefix.empty()) { |
| LOG_WARNING("invalid path_prefix {}", path_prefix); |
| return -1; |
| } |
| |
| return delete_prefix_impl(norm_path_prefix, expiration_time); |
| } |
| |
| int S3Accessor::delete_directory(const std::string& dir_path) { |
| auto norm_dir_path = dir_path; |
| strip_leading(norm_dir_path, "/"); |
| if (norm_dir_path.empty()) { |
| LOG_WARNING("invalid dir_path {}", dir_path); |
| return -1; |
| } |
| |
| return delete_prefix_impl(!norm_dir_path.ends_with('/') ? norm_dir_path + '/' : norm_dir_path); |
| } |
| |
| int S3Accessor::delete_all(int64_t expiration_time) { |
| return delete_prefix_impl("", expiration_time); |
| } |
| |
| int S3Accessor::delete_files(const std::vector<std::string>& paths) { |
| if (paths.empty()) { |
| return 0; |
| } |
| |
| std::vector<std::string> keys; |
| keys.reserve(paths.size()); |
| for (auto&& path : paths) { |
| LOG_INFO("delete file").tag("uri", to_uri(path)); |
| keys.emplace_back(get_key(path)); |
| } |
| |
| return obj_client_->delete_objects(conf_.bucket, std::move(keys), {.executor = worker_pool}) |
| .ret; |
| } |
| |
| int S3Accessor::delete_file(const std::string& path) { |
| LOG_INFO("delete file").tag("uri", to_uri(path)); |
| int ret = obj_client_->delete_object({.bucket = conf_.bucket, .key = get_key(path)}).ret; |
| static_assert(ObjectStorageResponse::OK == 0); |
| if (ret == ObjectStorageResponse::OK || ret == ObjectStorageResponse::NOT_FOUND) { |
| return 0; |
| } |
| return ret; |
| } |
| |
| int S3Accessor::put_file(const std::string& path, const std::string& content) { |
| return obj_client_->put_object({.bucket = conf_.bucket, .key = get_key(path)}, content).ret; |
| } |
| |
| int S3Accessor::list_prefix(const std::string& path_prefix, std::unique_ptr<ListIterator>* res) { |
| *res = std::make_unique<S3ListIterator>( |
| obj_client_->list_objects({conf_.bucket, get_key(path_prefix)}), |
| conf_.prefix.length() + 1 /* {prefix}/ */); |
| return 0; |
| } |
| |
| int S3Accessor::list_directory(const std::string& dir_path, std::unique_ptr<ListIterator>* res) { |
| auto norm_dir_path = dir_path; |
| strip_leading(norm_dir_path, "/"); |
| if (norm_dir_path.empty()) { |
| LOG_WARNING("invalid dir_path {}", dir_path); |
| return -1; |
| } |
| |
| return list_prefix(!norm_dir_path.ends_with('/') ? norm_dir_path + '/' : norm_dir_path, res); |
| } |
| |
| int S3Accessor::list_all(std::unique_ptr<ListIterator>* res) { |
| return list_prefix("", res); |
| } |
| |
| int S3Accessor::exists(const std::string& path) { |
| ObjectMeta obj_meta; |
| return obj_client_->head_object({.bucket = conf_.bucket, .key = get_key(path)}, &obj_meta).ret; |
| } |
| |
| int S3Accessor::get_life_cycle(int64_t* expiration_days) { |
| return obj_client_->get_life_cycle(conf_.bucket, expiration_days).ret; |
| } |
| |
| int S3Accessor::check_versioning() { |
| return obj_client_->check_versioning(conf_.bucket).ret; |
| } |
| |
| int GcsAccessor::delete_prefix_impl(const std::string& path_prefix, int64_t expiration_time) { |
| LOG_INFO("begin delete prefix").tag("uri", to_uri(path_prefix)); |
| |
| int ret = 0; |
| int cnt = 0; |
| int skip = 0; |
| int64_t del_nonexisted = 0; |
| int del = 0; |
| auto iter = obj_client_->list_objects({conf_.bucket, get_key(path_prefix)}); |
| for (auto obj = iter->next(); obj.has_value(); obj = iter->next()) { |
| if (!(++cnt % 100)) { |
| LOG_INFO("loop delete prefix") |
| .tag("uri", to_uri(path_prefix)) |
| .tag("total_obj_cnt", cnt) |
| .tag("deleted", del) |
| .tag("del_nonexisted", del_nonexisted) |
| .tag("skipped", skip); |
| } |
| if (expiration_time > 0 && obj->mtime_s > expiration_time) { |
| skip++; |
| continue; |
| } |
| del++; |
| |
| // FIXME(plat1ko): Delete objects by batch with genuine GCS client |
| int del_ret = obj_client_->delete_object({conf_.bucket, obj->key}).ret; |
| del_nonexisted += (del_ret == ObjectStorageResponse::NOT_FOUND); |
| static_assert(ObjectStorageResponse::OK == 0); |
| if (del_ret != ObjectStorageResponse::OK && del_ret != ObjectStorageResponse::NOT_FOUND) { |
| ret = del_ret; |
| } |
| } |
| |
| LOG_INFO("finish delete prefix") |
| .tag("uri", to_uri(path_prefix)) |
| .tag("total_obj_cnt", cnt) |
| .tag("deleted", del) |
| .tag("del_nonexisted", del_nonexisted) |
| .tag("skipped", skip); |
| |
| if (!iter->is_valid()) { |
| return -1; |
| } |
| |
| return ret; |
| } |
| |
| int GcsAccessor::delete_files(const std::vector<std::string>& paths) { |
| std::vector<int> delete_rets(paths.size()); |
| #ifdef USE_LIBCPP |
| std::transform(paths.begin(), paths.end(), delete_rets.begin(), |
| #else |
| std::transform(std::execution::par, paths.begin(), paths.end(), delete_rets.begin(), |
| #endif |
| [this](const std::string& path) { |
| LOG_INFO("delete file").tag("uri", to_uri(path)); |
| return delete_file(path); |
| }); |
| |
| int ret = 0; |
| for (int delete_ret : delete_rets) { |
| if (delete_ret != 0) { |
| ret = delete_ret; |
| break; |
| } |
| } |
| return ret; |
| } |
| |
| } // namespace doris::cloud |
