Signature consensus ratio config

[Nana-EC]

Detailed description:
OPS and customers would benefit from the ability to customize the consensusRatio used by the importer to validate signature files.

• Add a consensusRatio field to the CommonDownloaderProperties
• Move signatureVerificationMetric from Downloader.java to NodeSignatureVerifier.java
• Add a NOT_FOUND status to the signatureVerificationMetric metric to capture nodes whose signature files were missing from the downloaded list

Which issue(s) this PR fixes:
Fixes #1869

Special notes for your reviewer:

Checklist

• Documentation added
• Tests updated

[codecov]

Codecov Report

Merging #1950 (6782926) into master (126751e) will increase coverage by 0.68%.
The diff coverage is 92.30%.

@@             Coverage Diff              @@
##             master    #1950      +/-   ##
============================================
+ Coverage     87.05%   87.73%   +0.68%     
- Complexity     1744     1822      +78     
============================================
  Files           315      319       +4     
  Lines          7731     8063     +332     
  Branches        740      814      +74     
============================================
+ Hits           6730     7074     +344     
+ Misses          772      744      -28     
- Partials        229      245      +16     

Impacted Files	Coverage Δ	Complexity Δ
...or/importer/domain/AddressBookServiceEndpoint.java	80.00% <80.00%> (ø)	5.00 <5.00> (?)
...r/importer/addressbook/AddressBookServiceImpl.java	89.56% <89.87%> (-1.72%)	41.00 <20.00> (+10.00)	⬇️
...edera/mirror/importer/domain/AddressBookEntry.java	85.18% <92.85%> (+6.92%)	15.00 <7.00> (-3.00)	⬆️
...ra/mirror/importer/domain/FileStreamSignature.java	85.71% <100.00%> (+0.86%)	17.00 <1.00> (+1.00)
...mporter/downloader/CommonDownloaderProperties.java	76.00% <100.00%> (+2.08%)	14.00 <1.00> (+1.00)
.../hedera/mirror/importer/downloader/Downloader.java	85.71% <100.00%> (-0.50%)	45.00 <0.00> (-1.00)
...ror/importer/downloader/NodeSignatureVerifier.java	93.47% <100.00%> (+3.00%)	26.00 <11.00> (+9.00)
...orter/parser/balance/AccountBalanceFileParser.java	71.92% <0.00%> (-26.32%)	4.00% <0.00%> (-4.00%)
...a/mirror/monitor/subscribe/AbstractSubscriber.java	77.14% <0.00%> (-20.00%)	3.00% <0.00%> (-1.00%)
health.js	43.75% <0.00%> (-10.10%)	0.00% <0.00%> (ø%)
... and 59 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ceceda6...6782926. Read the comment docs.

[ijungmann]

Looks good, couple small things. You also have field misspelled in the description.

[xin-hedera]

need to update the exception message

[Nana-EC]

Updated

[xin-hedera]

should we just collapse these into a single nodeAccountId tag?

[steven-sheehy]

My thinking was that when we had multiple shards or realms we could filter down by those. Perhaps we could just change that back when that becomes a reality though. Though one could argue we should really be using the node ID for these metrics as the node account ID can change.

[Nana-EC]

Yeah future support for shard, realm is good.
Though I do agree we should use nodeId instead. Will see if this is an easy fix or if a ticket and a future PR is better

[Nana-EC]

Mostly for the fact that it's a metric you would want the ability to break out charts for separate realms and shards. If we collapse it that makes it more challenging

[Nana-EC]

So turns out we store nodeId as an integer and not an EntityId in the db which supports the conversion.
I'll open a ticket that captures this and asks for using NodeId instead of NodeAccountId as the unique id in the node verification flow

[Nana-EC]

Captured in #1976

[xin-hedera]

inconsistency of nodeAccount

• here it's nodeAccountId
• for signatureVerificationMetric it's the entity number

[Nana-EC]

Will expand to support shard and realm based on a previous comment

[Nana-EC]

Conformed to use nodeAccountId full string

[steven-sheehy]

Two different counters can't be stored in the same map. As it is now, only the first counter is being created and then incremented for both. You will need two separate maps. Or if we combine metrics can ignore.

[Nana-EC]

Combined into one counter needing only one map

[steven-sheehy]

I think it might make sense to just have a single metric for both. We can add a SignatureStatus.NOT_FOUND to capture that unique state. The other reason it might be needed is the alert that we have:

sum(rate(hedera_mirror_download_signature_verification_total{application="hedera-mirror-importer", status="CONSENSUS_REACHED"}[2m])) by (namespace, pod, type)
/ sum(rate(hedera_mirror_download_signature_verification_total{application="hedera-mirror-importer"}[2m])) by (namespace, pod, type) < 0.33

Right now there's a problem that if a node is missing the dividend of that equation is decreasing, skewing the accuracy of that calculation. We need to ensure we always have the total be equal to the number of nodes in the address book.

[Nana-EC]

Combined into one counter

[steven-sheehy]

We don't need to store these as fields since their construction happens so rarely and it's better to encapsulate the metric creation in a single method. See PublishMetrics for an example.

[Nana-EC]

Adopted similar logic

[steven-sheehy]

Update troubleshooting doc

[Nana-EC]

Will do

[Nana-EC]

Looks like that file and the alert based on it has been out of date for ages. It's still looking for logs in the form “File could not be verified by at least 2/3 of nodes”

[Nana-EC]

Gonna modify this to start with "Insufficient downloaded signature file count, requires at least..." to make ti easier to alert on and understand.

[steven-sheehy]

How about "Unable to reach consensus"?

[Nana-EC]

Didn't see this before my last push.
However, I do want to call out the lack of downloaded files because we do the canReachConsensus before verification and again after. So it would be nice to distinguish.

[steven-sheehy]

Why are you string formatting twice?

Suggested change

	"Requires at least %s of signature files to reach consensus, got %d out of %d for file %s: %s",
	"Requires at least %.03f of signature files to reach consensus, got %d out of %d for file %s: %s",

[Nana-EC]

Fixed

[xin-hedera]

this will pass when no signature file is verified, i.e., signatureHashMap is empty

the possible effect is an illegitimate stream file can pass verification and get ingested

[Nana-EC]

Good point. You're highlighting the fact that even if consensusRatio is set to 0 we should still only proceed with no error if there are some valid signature stream files.
Makes sense, I'll update it as I don't see a scenario where we'd want to pass with no verified signature.

[Nana-EC]

Updated

[xin-hedera]

we probably should not log it at all unless it's important.

the updated if block is dead code, since when signatureHashMap.size() > 0, consensusCount will be > 0, and the the block above it with condition if (consensusCount > 0) will run instead

[Nana-EC]

You're right, I thought this was the scenario you highlighted in your original comment, no.
Initially the plan was to not fail when number of verified signature files was = 0 and commonDownloaderProperties.getConsensusRatio() == 0.
However, per you comment we probably only want to allow this with verified files.

Probably better to move this check up to after verification but before consensus calculation

[Nana-EC]

Fixed

[steven-sheehy]

LGTM

[xin-hedera]

LGTM

[ijungmann]

nit: still makes reference to the 1/3, should probably mention the new config value instead.

[Nana-EC]

Good catch, updated. Let me know if the wording works for you or you have a better suggestion

[ijungmann]

One small nit, otherwise LGTM, won't hold up approval for it.

[sonarcloud]

SonarCloud Quality Gate failed.

0 Bugs
0 Vulnerabilities
0 Security Hotspots
1 Code Smell

0.0% Coverage
0.3% Duplication