use nix

@ -0,0 +1,39 @@
# jepsen.garage
Jepsen checking of Garage consistency properties.
## Usage
- vagrant
- VirtualBox, configured so that nodes can take an IP in a private network ``
- a user that can create VirtualBox VMs
- leiningen
- gnuplot
Set up VMs:
vagrant up
Run tests (this one should fail):
lein run test --nodes-file nodes.vagrant --time-limit 64 --concurrency 50 --rate 50 --workload reg
These ones are working:
lein run test --nodes-file nodes.vagrant --time-limit 64 --rate 50 --concurrency 50 --workload set1
lein run test --nodes-file nodes.vagrant --time-limit 64 --rate 50 --concurrency 50 --workload set2
## License
Copyright © 2023 Alex Auvolat
This program and the accompanying materials are made available under the
terms of the GNU Affero General Public License v3.0.

@ -0,0 +1,29 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
def vm(config, hostname, ip)
config.vm.hostname = hostname "private_network", ip: ip
Vagrant.configure("2") do |config| = "generic/debian10"
config.vm.provider "virtualbox" do |vb|
vb.gui = false
vb.memory = "512"
config.vm.provision "shell", inline: <<-SHELL
echo "root:root" | chpasswd
mkdir -p /root/.ssh
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJpaBZdYxHqMxhv2RExAOa7nkKhPBOHupMP3mYaZ73w9 lx@lindy" >> /root/.ssh/authorized_keys
config.vm.define "n1" do |config| vm(config, "n1", "") end
config.vm.define "n2" do |config| vm(config, "n2", "") end
config.vm.define "n3" do |config| vm(config, "n3", "") end
config.vm.define "n4" do |config| vm(config, "n4", "") end
config.vm.define "n5" do |config| vm(config, "n5", "") end

(defproject jepsen.garage "0.1.0-SNAPSHOT"
:description "Jepsen testing for Garage"
:url ""
:license {:name "AGPLv3"
:url ""}
:main jepsen.garage
:dependencies [[org.clojure/clojure "1.11.1"]
[jepsen "0.3.2-SNAPSHOT"]
[amazonica "0.3.163"]]
:repl-options {:init-ns jepsen.garage})

{ pkgs ? import <nixpkgs> { } }:
pkgs.mkShell {
nativeBuildInputs = with pkgs; [

(ns jepsen.garage
[clojure.string :as str]
[checker :as checker]
[cli :as cli]
[generator :as gen]
[nemesis :as nemesis]
[tests :as tests]]
[jepsen.os.debian :as debian]
[grg :as grg]
[reg :as reg]
[set :as set]]))
(def workloads
"A map of workload names to functions that construct workloads, given opts."
{"reg" reg/workload
"set1" set/workload1
"set2" set/workload2})
(def cli-opts
"Additional command line options."
[["-I" "--increasing-timestamps" "Garage version with increasing timestamps on PutObject"
:default false]
["-r" "--rate HZ" "Approximate number of requests per second, per thread."
:default 10
:parse-fn read-string
:validate [#(and (number? %) (pos? %)) "Must be a positive number"]]
[nil "--ops-per-key NUM" "Maximum number of operations on any given key."
:default 100
:parse-fn parse-long
:validate [pos? "Must be a positive integer."]]
["-w" "--workload NAME" "Workload of test to run"
:default "reg"
:validate [workloads (cli/one-of workloads)]]])
(defn garage-test
"Given an options map from the command line runner (e.g. :nodes, :ssh,
:concurrency, ...), constructs a test map."
(let [workload ((get workloads (:workload opts)) opts)
garage-version (if (:increasing-timestamps opts)
(merge tests/noop-test
{:pure-generators true
:name (str "garage " (name (:workload opts)))
:os debian/os
:db (grg/db garage-version)
:client (:client workload)
:generator (gen/phases
(:generator workload)
(gen/stagger (/ (:rate opts)))
(cycle [(gen/sleep 5)
{:type :info, :f :start}
(gen/sleep 5)
{:type :info, :f :stop}]))
(gen/time-limit (:time-limit opts)))
(gen/log "Healing cluster")
(gen/nemesis (gen/once {:type :info, :f :stop}))
(gen/log "Waiting for recovery")
(gen/sleep 10)
(gen/clients (:final-generator workload)))
:nemesis (nemesis/partition-random-halves)
:checker (checker/compose
{:perf (checker/perf)
:workload (:checker workload)})
(defn -main
"Handles command line arguments. Can either run a test, or a web server for
browsing results."
[& args]
(cli/run! (merge (cli/single-test-cmd {:test-fn garage-test
:opt-spec cli-opts})

(ns jepsen.garage.grg
(:require [ :refer :all]
[jepsen [control :as c]
[db :as db]]
[jepsen.control.util :as cu]
[ :as s3]
[slingshot.slingshot :refer [try+]]))
(def dir "/opt/garage")
(def binary (str dir "/garage"))
(def logfile (str dir "/garage.log"))
(def pidfile (str dir "/"))
(def grg-admin-token "icanhazadmin")
(def grg-key "jepsen")
(def grg-bucket "jepsen")
(defn db
"Garage DB for a particular version"
(reify db/DB
(setup! [_ test node]
(info node "installing garage" version)
(c/exec :mkdir :-p dir)
(let [url (str "" version "/x86_64-unknown-linux-musl/garage")
cache (cu/wget! url)]
(c/exec :cp cache binary))
(c/exec :chmod :+x binary)
(str "rpc_secret = \"0fffabe52542c2b89a56b2efb7dfd477e9dafb285c9025cbdf1de7ca21a6b372\"\n"
"rpc_bind_addr = \"\"\n"
"rpc_public_addr = \"" node ":3901\"\n"
"db_engine = \"lmdb\"\n"
"replication_mode = \"3\"\n"
"data_dir = \"" dir "/data\"\n"
"metadata_dir = \"" dir "/meta\"\n"
"s3_region = \"us-east-1\"\n"
"api_bind_addr = \"\"\n"
"api_bind_addr = \"\"\n"
"api_bind_addr = \"\"\n"
"admin_token = \"" grg-admin-token "\"\n")
{:logfile logfile
:pidfile pidfile
:chdir dir}
(Thread/sleep 100)
(let [node-id (c/exec binary :node :id :-q)]
(info node "node id:" node-id)
(c/on-many (:nodes test)
(c/exec binary :node :connect node-id))
(c/exec binary :layout :assign (subs node-id 0 16) :-c 1 :-z :dc1 :-t node))
(if (= node (first (:nodes test)))
(Thread/sleep 2000)
(c/exec binary :layout :apply :--version 1)
(info node "garage status:" (c/exec binary :status))
(c/exec binary :key :new :--name grg-key)
(c/exec binary :bucket :create grg-bucket)
(c/exec binary :bucket :allow :--read :--write grg-bucket :--key grg-key)
(info node "key info: " (c/exec binary :key :info grg-key))))))
(teardown! [_ test node]
(info node "tearing down garage" version)
(cu/stop-daemon! binary pidfile)
(c/exec :rm :-rf dir)))
(log-files [_ test node]
(defn s3-creds
"Get S3 credentials for node"
(let [key-info (c/on node (c/exec binary :key :info grg-key))
[_ ak sk] (re-matches
#"(?s).*Key ID: (.*)\nSecret key: (.*)\nCan create.*"
{:access-key ak
:secret-key sk
:endpoint (str "http://" node ":3900")
:bucket grg-bucket
:client-config {:path-style-access-enabled true}}))
(defn s3-get
"Helper for GetObject"
[creds k]
(-> (s3/get-object creds (:bucket creds) k)
(catch (re-find #"Key not found" (.getMessage %)) ex
(defn s3-put
"Helper for PutObject or DeleteObject (is a delete if value is nil)"
[creds k v]
(if (= v nil)
(s3/delete-object creds
:bucket-name (:bucket creds)
:key k)
(let [some-bytes (.getBytes v "UTF-8")
bytes-stream ( some-bytes)]
(s3/put-object creds
:bucket-name (:bucket creds)
:key k
:input-stream bytes-stream
:metadata {:content-length (count some-bytes)}))))
(defn s3-list
"Helper for ListObjects -- just lists everything in the bucket"
[creds prefix]
(defn list-inner [ct accum]
(let [list-result (s3/list-objects-v2 creds
{:bucket-name (:bucket creds)
:prefix prefix
:continuation-token ct})
new-object-summaries (:object-summaries list-result)
new-objects (map (fn [d] (:key d)) new-object-summaries)
objects (concat new-objects accum)]
(if (:truncated? list-result)
(list-inner (:next-continuation-token list-result) objects)
(list-inner nil []))

(ns jepsen.garage.reg
(:require [ :refer :all]
[clojure.string :as str]
[jepsen [checker :as checker]
[cli :as cli]
[client :as client]
[control :as c]
[db :as db]
[generator :as gen]
[independent :as independent]
[nemesis :as nemesis]
[tests :as tests]]
[jepsen.checker.timeline :as timeline]
[jepsen.control.util :as cu]
[jepsen.os.debian :as debian]
[jepsen.garage.grg :as grg]
[knossos.model :as model]
[slingshot.slingshot :refer [try+]]))
(defn op-get [_ _] {:type :invoke, :f :read, :value nil})
(defn op-put [_ _] {:type :invoke, :f :write, :value (str (rand-int 9))})
(defn op-del [_ _] {:type :invoke, :f :write, :value nil})
(defrecord RegClient [creds]
(open! [this test node]
(let [creds (grg/s3-creds node)]
(info node "s3 credentials:" creds)
(assoc this :creds creds)))
(setup! [this test])
(invoke! [this test op]
(let [[k v] (:value op)]
(case (:f op)
(let [value (grg/s3-get (:creds this) k)]
(assoc op :type :ok, :value (independent/tuple k value)))
(grg/s3-put (:creds this) k v)
(assoc op :type :ok)))))
(teardown! [this test])
(close! [this test]))
(defn workload
"Tests linearizable reads and writes"
{:client (RegClient. nil)
:checker (independent/checker
{:linear (checker/linearizable
{:model (model/register)
:algorithm :linear})
:timeline (timeline/html)}))
:generator (independent/concurrent-generator
(fn [k]
(gen/mix [op-get op-put op-del])
(gen/limit (:ops-per-key opts)))))})

(ns jepsen.garage.set
(:require [ :refer :all]
[clojure.string :as str]
[clojure.set :as set]
[jepsen [checker :as checker]
[cli :as cli]
[client :as client]
[control :as c]
[checker :as checker]
[db :as db]
[generator :as gen]
[independent :as independent]
[nemesis :as nemesis]
[tests :as tests]]
[jepsen.checker.timeline :as timeline]
[jepsen.control.util :as cu]
[jepsen.os.debian :as debian]
[jepsen.garage.grg :as grg]
[knossos.model :as model]
[slingshot.slingshot :refer [try+]]))
(defn op-add-rand100 [_ _] {:type :invoke, :f :add, :value (rand-int 100)})
(defn op-read [_ _] {:type :invoke, :f :read, :value nil})
(defrecord SetClient [creds]
(open! [this test node]
(let [creds (grg/s3-creds node)]
(info node "s3 credentials:" creds)
(assoc this :creds creds)))
(setup! [this test])
(invoke! [this test op]
(let [[k v] (:value op)
prefix (str "set" k "/")]
(case (:f op)
(grg/s3-put (:creds this) (str prefix v) "present")
(assoc op :type :ok))
(let [items (grg/s3-list (:creds this) prefix)
items-stripped (map (fn [o] (str/replace-first o prefix "")) items)
items-set (set (map read-string items-stripped))]
(assoc op :type :ok, :value (independent/tuple k items-set))))))
(teardown! [this test])
(close! [this test]))
(defn set-read-after-write
"Read-after-Write checker for set operations"
(reify checker/Checker
(check [this test history opts]
(let [init {:add-started #{}
:add-done #{}
:read-must-contain {}
:missed #{}
:unexpected #{}}
final (reduce
(fn [state op]
(case [(:type op) (:f op)]
([:invoke :add])
(assoc state :add-started (conj (:add-started state) (:value op)))
([:ok :add])
(assoc state :add-done (conj (:add-done state) (:value op)))
([:invoke :read])
(assoc-in state [:read-must-contain (:process op)] (:add-done state))
([:ok :read])
(let [read-must-contain (get (:process op) (:read-must-contain state))
new-missed (set/difference read-must-contain (:value op))
new-unexpected (set/difference (:value op) (:add-started state))]
(assoc state
:read-must-contain (dissoc (:read-must-contain state) (:process op))
:missed (set/union (:missed state) new-missed),
:unexpected (set/union (:unexpected state) new-unexpected)))
init history)
valid? (and (empty? (:missed final)) (empty? (:unexpected final)))]
(assoc final :valid? valid?)))))
(defn workload1
"Tests insertions and deletions"
{:client (SetClient. nil)
:checker (independent/checker
{:set (checker/set)
:timeline (timeline/html)}))
:generator (independent/concurrent-generator
(range 100)
(fn [k]
(->> (range)
(map (fn [x] {:type :invoke, :f :add, :value x}))
(gen/limit (:ops-per-key opts)))))
:final-generator (independent/sequential-generator
(range 100)
(fn [k] (gen/once op-read)))})
(defn workload2
"Tests insertions and deletions"
{:client (SetClient. nil)
:checker (independent/checker
{:set-full (checker/set-full {:linearizable? false})
:set-read-after-write (set-read-after-write)
:timeline (timeline/html)}))
:generator (independent/concurrent-generator
(fn [k]
(gen/mix [op-add-rand100 op-read])))})

