ingest/ledgerbackend: Implement db backed ledger store for the captive core backend #3203
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tamirms
force-pushed
the
ledger-store
branch
from
ce39105 to
2e5ee7f
Compare
bartekn
reviewed
Nov 13, 2020
tamirms
force-pushed
the
ledger-store
branch
from
9310799 to
5fdf5ac
Compare
|
@bartekn can you take another look? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
PR Checklist
PR Structure
otherwise).
services/friendbot, orallordocif the changes are broad or impact manypackages.
Thoroughness
.mdfiles, etc... affected by this change). Take a look in the
docsfolder for a given service,like this one.
Release planning
needed with deprecations, added features, breaking changes, and DB schema changes.
semver, or if it's mainly a patch change. The PR is targeted at the next
release branch if it's not a patch change.
What
When running
stellar-core run --start-at-ledger <sequence>you need to provide an additional--start-at-hashparameter. We were only able to use--start-at-ledgervalues which are checkpoint sequences because we can obtain the ledger hash for any checkpoint from the history archives.However, we do have ledger hashes for the ledgers Horizon has previously ingested. This PR uses the horizon database of ingested ledgers as an additional source for obtaining ledger hashes.
Why
The history archives cannot be fully trusted because there's always the possibility that someone can compromise the history archives either by compromising the S3 bucket which stores the archives or compromising one of the layers above the s3 bucket. When we provide a corrupt ledger hash to stellar core as
--start-at-hashparameter, stellar core will download the ledger chain and validate all the hashes from consensus back to the start hash. If the start hash is not valid, stellar-core will exit with an error before streaming any ledgers. This means that ingestion will be blocked until the history archives are fixed.Since stellar core will always verify the ledger chain before emitting any ledgers, we can assume that any ledger hashes ingested into the horizon database are correct. So, in the scenario where the history archives are corrupt, we can avoid blocking ingestion by using ledger hashes found in the Horizon database.
Close #3172