Update In-market-test runbook

* add tracing to the apply_dp_noise fn * tmp commit * update build_network_file.py to allow for providing urls in CLI * update print_helper_logs to download logs and add parse_logs.py to generate reports * update parse_logs.py to handle logs with multiple queries * add types to python scripts * remove @Property from report_table method * update readme
private-attribution · Aug 16, 2024 · 79a61e5 · 79a61e5
1 parent fbc56af
commit 79a61e5
Show file tree

Hide file tree

Showing 7 changed files with 400 additions and 23 deletions.
diff --git a/in-market-test/v2/README.md b/in-market-test/v2/README.md
@@ -85,19 +85,27 @@ These are all public keys, and are only used for encryption, not decryption.
 
 Helpers must also agree on identities (1, 2, or 3). The order does not have impact on the process.
 
-### Upload network.toml
+After adding these to `in-market-test/v2/deployed_keys`, it should contain:
+- 1-cert.pem
+- 1-mk.pub
+- 2-cert.pem
+- 2-mk.pub
+- 3-cert.pem
+- 3-mk.pub
+
+With all of these, and the url for each helper, you can then generate the `network.toml` file:
 
-You'll now need to update the network.toml file and upload it.
+```
+python3 in-market-test/v2/ansible/build_network_file.py --helper1-url <helper1_url> --helper2-url <helper2_url> --helper3-url <helper3_url>
+```
 
+If running a test with 3 servers, this can also load these automatically from `~/.ssh/config` and `inventory.ini` with:
 ```
-cp in-market-test/v2/ansible/templates/network-template.toml in-market-test/v2/ansible/network.toml
+python3 in-market-test/v2/ansible/build_network_file.py --config
 ```
 
-All three helpers need to have the same network.toml, in the same order. For each helper, you'll update:
-1. Their `cert`, from their cert.pem
-2. Their `url` (the hostname / ip address)
-3. Their `public_key`, from mk.pub
 
+### Upload network.toml
 
 ```
 ansible-playbook -i in-market-test/v2/ansible/inventory.ini in-market-test/v2/ansible/upload_network_toml.yaml
@@ -114,9 +122,48 @@ ansible-playbook -i in-market-test/v2/ansible/inventory.ini in-market-test/v2/an
 ```
 ansible-playbook -i in-market-test/v2/ansible/inventory.ini in-market-test/v2/ansible/print_helper_logs.yaml
 ```
+There is also a script to parse the logs and get a run time report:
+```
+python3 in-market-test/v2/ansible/parse_logs.py
+```
+
 
 ### Kill helper
 
 ```
 ansible-playbook -i in-market-test/v2/ansible/inventory.ini in-market-test/v2/ansible/kill_helper.yaml
 ```
+
+
+## Run a test query
+
+### Start 3 helper servers
+If you spin up 3 servers, and put all 3 of them in your `~/.ssh/config` and `inventory.ini`, you should be able to get them all running with just the provided commands, e.g.:
+
+```
+ansible-playbook -i in-market-test/v2/ansible/inventory.ini in-market-test/v2/ansible/kill_helper.yaml
+ansible-playbook -i in-market-test/v2/ansible/inventory.ini in-market-test/v2/ansible/provision.yaml
+ansible-playbook -i in-market-test/v2/ansible/inventory.ini in-market-test/v2/ansible/gen_keys.yaml
+python3 in-market-test/v2/ansible/build_network_file.py --config
+ansible-playbook -i in-market-test/v2/ansible/inventory.ini in-market-test/v2/ansible/upload_network_toml.yaml
+ansible-playbook -i in-market-test/v2/ansible/inventory.ini in-market-test/v2/ansible/start_helper.yaml
+```
+
+### Run a test query
+You can do this portion locally or from a 4th server, so long as you have access to port 433 on all 3 servers.
+
+First, build the report collector binary:
+
+```
+cargo build --bin report_collector --features="cli test-fixture web-app"
+```
+
+Generate input data:
+```
+./target/debug/report_collector gen-ipa-inputs -n 10000 > input-data-10000.txt
+```
+
+Run a test query:
+```
+./target/debug/report_collector --network in-market-test/v2/ansible/network.toml --input-file input-data-10000.txt oprf-ipa --max-breakdown-key 64 --per-user-credit-cap 64 --plaintext-match-keys
+```
diff --git a/in-market-test/v2/ansible/build_network_file.py b/in-market-test/v2/ansible/build_network_file.py
@@ -0,0 +1,126 @@
+import argparse
+import configparser
+import os
+import re
+import sys
+from pathlib import Path
+
+
+def get_urls_from_config() -> tuple[str]:
+    # Read the Ansible inventory file
+    config = configparser.ConfigParser()
+    config.read(Path("in-market-test/v2/ansible/inventory.ini"))
+
+    hosts = [s.split(" ")[0] for s in list(config["myhosts"].keys())]
+
+    if len(hosts) != 3:
+        print(f"ERROR: Expected 3 hosts in inventory.ini, but found {len(hosts)}")
+        sys.exit(1)
+
+    ssh_config_path = os.path.expanduser("~/.ssh/config")
+    # Read the SSH config file
+    with open(ssh_config_path, "r") as f:
+        ssh_config = f.read()
+    # Parse the SSH config file to get the hostname for each host
+    hostnames = {}
+    hostname_match = re.findall(r"Host (\S+)\n[\s\t]+HostName (\S+)", ssh_config)
+    hostnames = {host: hostname for (host, hostname) in hostname_match if host in hosts}
+
+    missing_hosts = [host for host in hosts if hostnames.get(host) is None]
+    if missing_hosts:
+        print(
+            f"ERROR: ~/.ssh/config is missing hostnames for host: {', '.join(missing_hosts)}"
+        )
+        sys.exit(1)
+
+    return tuple(hostnames[host] for host in hosts)
+
+
+def get_urls():
+    parser = argparse.ArgumentParser(description="Tool to build network.toml from keys")
+    parser.add_argument(
+        "--config",
+        action="store_true",
+        help="Load urls from inventory.ini and ~/.ssh/config",
+    )
+    parser.add_argument(
+        "--helper1-url",
+        required=False,
+        help="URL of helper1",
+    )
+    parser.add_argument(
+        "--helper2-url",
+        required=False,
+        help="URL of helper2",
+    )
+    parser.add_argument(
+        "--helper3-url",
+        required=False,
+        help="URL of helper3",
+    )
+    args = vars(parser.parse_args())
+
+    if args["config"]:
+        return get_urls_from_config()
+    else:
+        missing_args = [arg for (arg, url) in args.items() if url is None]
+        if missing_args:
+            print(
+                "ERROR: If not loading from config, --helper1-url, --helper2-url, "
+                "and, --helper3-url are all required."
+            )
+            sys.exit(1)
+        return (args["helper1_url"], args["helper2_url"], args["helper3_url"])
+
+
+def main():
+
+    urls = get_urls()
+    certs = (
+        Path("in-market-test/v2/deployed_keys/1-cert.pem").read_text(),
+        Path("in-market-test/v2/deployed_keys/2-cert.pem").read_text(),
+        Path("in-market-test/v2/deployed_keys/3-cert.pem").read_text(),
+    )
+    public_keys = (
+        Path("in-market-test/v2/deployed_keys/1-mk.pub").read_text(),
+        Path("in-market-test/v2/deployed_keys/2-mk.pub").read_text(),
+        Path("in-market-test/v2/deployed_keys/3-mk.pub").read_text(),
+    )
+
+    network_template = f"""
+[[peers]]
+certificate = \"\"\"
+{certs[0]}\"\"\"
+url = "{urls[0]}"
+
+[peers.hpke]
+public_key = "{public_keys[0]}"
+
+[[peers]]
+certificate = \"\"\"
+{certs[1]}\"\"\"
+url = "{urls[1]}"
+
+[peers.hpke]
+public_key = "{public_keys[1]}"
+
+[[peers]]
+certificate = \"\"\"
+{certs[2]}\"\"\"
+url = "{urls[2]}"
+
+[peers.hpke]
+public_key = "{public_keys[2]}"
+
+[client.http_config]
+ping_interval_secs = 90.0
+version = "http2"
+"""
+
+    network_file = Path("in-market-test/v2/ansible/network.toml")
+
+    network_file.write_text(network_template)
+
+
+if __name__ == "__main__":
+    main()
diff --git a/in-market-test/v2/ansible/gen_keys.yaml b/in-market-test/v2/ansible/gen_keys.yaml
@@ -35,9 +35,9 @@
 
     - name: Fetch the public keys
       fetch:
-        src: "{{ ansible_env.HOME }}/ipa/{{ key_directory}}/{{ item }}"
-        dest: "{{ local_public_key_directory }}/{{ hostname.stdout }}-{{ item }}"
+        src: "{{ ansible_env.HOME }}/ipa/{{ key_directory}}/{{ timestamp }}-{{ item }}"
+        dest: "{{ local_public_key_directory }}/{{ identity }}-{{ item }}"
         flat: yes
       loop:
-        - "{{ timestamp }}-cert.pem"
-        - "{{ timestamp }}-mk.pub"
+        - "cert.pem"
+        - "mk.pub"