HostID Collision detection

Author: mathewc

src/WebJobs.Script.WebHost/WebHostServiceCollectionExtensions.cs

@@ -124,7 +124,6 @@ public static void AddWebJobsScriptHost(this IServiceCollection services, IConfi
             services.AddSingleton<IInstanceManager, InstanceManager>();
             services.AddSingleton(_ => new HttpClient());
             services.AddSingleton<StartupContextProvider>();
-            services.AddSingleton<HostNameProvider>();
             services.AddSingleton<IFileSystem>(_ => FileUtility.Instance);
             services.AddTransient<VirtualFileSystem>();
             services.AddTransient<VirtualFileSystemMiddleware>();

src/WebJobs.Script/Environment/EnvironmentSettingNames.cs

@@ -58,6 +58,7 @@ public static class EnvironmentSettingNames
         public const string TestDataCapEnabled = "WEBSITE_FUNCTIONS_TESTDATA_CAP_ENABLED";
         public const string AzureMonitorCategories = "WEBSITE_FUNCTIONS_AZUREMONITOR_CATEGORIES";
         public const string FunctionsRequestBodySizeLimit = "FUNCTIONS_REQUEST_BODY_SIZE_LIMIT";
+        public const string FunctionsHostIdCheckLevel = "FUNCTIONS_HOSTID_CHECK_LEVEL";
 
         //Function in Kubernetes
         public const string PodNamespace = "POD_NAMESPACE";

src/WebJobs.Script/Host/HostIdValidator.cs

@@ -0,0 +1,213 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+using System;
+using System.IO;
+using System.Threading.Tasks;
+using Azure;
+using Azure.Storage.Blobs;
+using Microsoft.Azure.WebJobs.Hosting;
+using Microsoft.Azure.WebJobs.Script.Properties;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Logging;
+using Newtonsoft.Json;
+using IApplicationLifetime = Microsoft.AspNetCore.Hosting.IApplicationLifetime;
+
+namespace Microsoft.Azure.WebJobs.Script
+{
+    /// <summary>
+    /// Used to perform Host ID validation checks, ensuring that when hosts are sharing
+    /// a storage account, their computed IDs don't collide.
+    /// </summary>
+    /// <remarks>
+    /// <see cref="ScriptHostIdProvider"/> computes a Host ID and truncates it if needed to
+    /// ensure it's under length limits. For two different Function Apps, this can result in
+    /// both apps resolving to the same Host ID. This can cause problems if those apps share
+    /// a storage account. This class helps detect/prevent such cases.
+    /// </remarks>
+    public class HostIdValidator
+    {
+        public const string BlobPathFormat = "ids/usage/{0}";
+        private const LogLevel DefaultLevel = LogLevel.Warning;
+
+        private readonly IEnvironment _environment;
+        private readonly IAzureStorageProvider _storageProvider;
+        private readonly IServiceProvider _serviceProvider;
+        private readonly IApplicationLifetime _applicationLifetime;
+        private readonly HostNameProvider _hostNameProvider;
+        private readonly ILogger _logger;
+
+        private readonly object _syncLock = new object();
+        private bool _validationScheduled;
+
+        public HostIdValidator(IEnvironment environment, IAzureStorageProvider storageProvider, IApplicationLifetime applicationLifetime,
+            HostNameProvider hostNameProvider, ILogger<HostIdValidator> logger, IServiceProvider serviceProvider)
+        {
+            _environment = environment;
+            _storageProvider = storageProvider;
+            _serviceProvider = serviceProvider;
+            _applicationLifetime = applicationLifetime;
+            _hostNameProvider = hostNameProvider;
+            _logger = logger;
+        }
+
+        internal bool ValidationScheduled => _validationScheduled;
+
+        public virtual void ScheduleValidation(string hostId, int validationDelaySeconds = 10)
+        {
+            lock (_syncLock)
+            {
+                if (!_validationScheduled)
+                {
+                    // Schedule the validation to run asynchronously after a delay. This delay ensures
+                    // we're not impacting coldstart, and also gives time for the primary host to be
+                    // identified.
+                    Utility.ExecuteAfterDelay(() => Task.Run(() => ValidateHostIdUsageAsync(hostId)), TimeSpan.FromSeconds(validationDelaySeconds));
+                    _validationScheduled = true;
+                }
+            }
+        }
+
+        internal async Task ValidateHostIdUsageAsync(string hostId)
+        {
+            try
+            {
+                if (!_storageProvider.ConnectionExists(ConnectionStringNames.Storage))
+                {
+                    return;
+                }
+
+                var primaryHostStateProvider = _serviceProvider.GetScriptHostServiceOrNull<IPrimaryHostStateProvider>();
+                if (primaryHostStateProvider != null && !primaryHostStateProvider.IsPrimary)
+                {
+                    // as an optimization, only validate on the primary host
+                    return;
+                }
+
+                HostIdInfo hostIdInfo = await ReadHostIdInfoAsync(hostId);
+
+                if (hostIdInfo != null)
+                {
+                    // an existing record exists for this host ID
+                    CheckForCollision(hostId, hostIdInfo);
+                }
+                else
+                {
+                    // no existing record, so write one, claiming this host ID for this host name
+                    // in this storage account
+                    hostIdInfo = new HostIdInfo
+                    {
+                        Hostname = _hostNameProvider.Value
+                    };
+                    await WriteHostIdAsync(hostId, hostIdInfo);
+                }
+            }
+            catch (Exception ex)
+            {
+                // best effort - log error and continue
+                _logger.LogError(ex, "Error validating host ID usage.");
+            }
+        }
+
+        private void CheckForCollision(string hostId, HostIdInfo hostIdInfo)
+        {
+            // verify the host name is the same as our host name
+            if (!string.Equals(_hostNameProvider.Value, hostIdInfo.Hostname, StringComparison.OrdinalIgnoreCase))
+            {
+                HandleCollision(hostId);
+            }
+        }
+
+        private void HandleCollision(string hostId)
+        {
+            // see if the user has specified a level, otherwise default
+            string value = _environment.GetEnvironmentVariable(EnvironmentSettingNames.FunctionsHostIdCheckLevel);
+            if (!Enum.TryParse<LogLevel>(value, out LogLevel level))
+            {
+                level = DefaultLevel;
+            }
+
+            string message = string.Format(Resources.HostIdCollisionFormat, hostId);
+            if (level == LogLevel.Error)
+            {
+                _logger.LogError(message);
+                _applicationLifetime.StopApplication();
+            }
+            else
+            {
+                // we only allow Warning/Error levels to be specified, so anything other than
+                // Error is treated as warning
+                _logger.LogWarning(message);
+            }
+        }
+
+        internal async Task WriteHostIdAsync(string hostId, HostIdInfo hostIdInfo)
+        {
+            try
+            {
+                var containerClient = _storageProvider.GetBlobContainerClient();
+                string blobPath = string.Format(BlobPathFormat, hostId);
+                BlobClient blobClient = containerClient.GetBlobClient(blobPath);
+                BinaryData data = BinaryData.FromObjectAsJson(hostIdInfo);
+                await blobClient.UploadAsync(data);
+
+                _logger.LogDebug($"Host ID record written (ID:{hostId}, HostName:{hostIdInfo.Hostname})");
+            }
+            catch (RequestFailedException rfex) when (rfex.Status == 409)
+            {
+                // Another instance wrote the blob between the time when we initially
+                // checked and when we attempted to write. Read the blob and validate it.
+                hostIdInfo = await ReadHostIdInfoAsync(hostId);
+                if (hostIdInfo != null)
+                {
+                    CheckForCollision(hostId, hostIdInfo);
+                }
+            }
+            catch (Exception ex)
+            {
+                // best effort
+                _logger.LogError(ex, "Error writing host ID info");
+            }
+        }
+
+        internal async Task<HostIdInfo> ReadHostIdInfoAsync(string hostId)
+        {
+            HostIdInfo hostIdInfo = null;
+
+            try
+            {
+                // check storage to see if a record already exists for this host ID
+                var containerClient = _storageProvider.GetBlobContainerClient();
+                string blobPath = string.Format(BlobPathFormat, hostId);
+                BlobClient blobClient = containerClient.GetBlobClient(blobPath);
+                var downloadResponse = await blobClient.DownloadAsync();
+                string content;
+                using (StreamReader reader = new StreamReader(downloadResponse.Value.Content))
+                {
+                    content = reader.ReadToEnd();
+                }
+
+                if (!string.IsNullOrEmpty(content))
+                {
+                    hostIdInfo = JsonConvert.DeserializeObject<HostIdInfo>(content);
+                }
+            }
+            catch (RequestFailedException exception) when (exception.Status == 404)
+            {
+                // no record stored for this host ID
+            }
+            catch (Exception ex)
+            {
+                // best effort
+                _logger.LogError(ex, "Error reading host ID info");
+            }
+
+            return hostIdInfo;
+        }
+
+        internal class HostIdInfo
+        {
+            public string Hostname { get; set; }
+        }
+    }
+}

src/WebJobs.Script/Host/ScriptHost.cs

@@ -46,7 +46,6 @@ public class ScriptHost : JobHost, IScriptJobHost
         internal const string GeneratedTypeName = "Functions";
         private readonly IApplicationLifetime _applicationLifetime;
         private readonly IScriptHostManager _scriptHostManager;
-        private readonly string _storageConnectionString;
         private readonly IDistributedLockManager _distributedLockManager;
         private readonly IFunctionMetadataManager _functionMetadataManager;
         private readonly IFileLoggingStatusManager _fileLoggingStatusManager;
@@ -118,7 +117,6 @@ public ScriptHost(IOptions<JobHostOptions> options,
             _instanceId = Guid.NewGuid().ToString();
             _hostOptions = options;
             _configuration = configuration;
-            _storageConnectionString = configuration.GetWebJobsConnectionString(ConnectionStringNames.Storage);
             _distributedLockManager = distributedLockManager;
             _functionMetadataManager = functionMetadataManager;
             _fileLoggingStatusManager = fileLoggingStatusManager;

src/WebJobs.Script/Host/ScriptHostIdProvider.cs

@@ -18,21 +18,36 @@ public class ScriptHostIdProvider : IHostIdProvider
         private readonly IConfiguration _config;
         private readonly IEnvironment _environment;
         private readonly IOptionsMonitor<ScriptApplicationHostOptions> _options;
+        private readonly HostIdValidator _hostIdValidator;
 
-        public ScriptHostIdProvider(IConfiguration config, IEnvironment environment, IOptionsMonitor<ScriptApplicationHostOptions> options)
+        public ScriptHostIdProvider(IConfiguration config, IEnvironment environment, IOptionsMonitor<ScriptApplicationHostOptions> options, HostIdValidator hostIdValidator)
         {
             _config = config;
             _environment = environment;
             _options = options;
+            _hostIdValidator = hostIdValidator;
         }
 
         public Task<string> GetHostIdAsync(CancellationToken cancellationToken)
         {
-            return Task.FromResult(_config[ConfigurationSectionNames.HostIdPath] ?? GetDefaultHostId(_environment, _options.CurrentValue));
+            string hostId = _config[ConfigurationSectionNames.HostIdPath];
+            if (hostId == null)
+            {
+                HostIdResult result = GetDefaultHostId(_environment, _options.CurrentValue);
+                hostId = result.HostId;
+                if (result.IsTruncated && !result.IsLocal)
+                {
+                    _hostIdValidator.ScheduleValidation(hostId);
+                }
+            }
+
+            return Task.FromResult(hostId);
         }
 
-        internal static string GetDefaultHostId(IEnvironment environment, ScriptApplicationHostOptions scriptOptions)
+        internal static HostIdResult GetDefaultHostId(IEnvironment environment, ScriptApplicationHostOptions scriptOptions)
         {
+            HostIdResult result = new HostIdResult();
+
             // We're setting the default here on the newly created configuration
             // If the user has explicitly set the HostID via host.json, it will overwrite
             // what we set here
@@ -64,19 +79,32 @@ internal static string GetDefaultHostId(IEnvironment environment, ScriptApplicat
                     .Where(char.IsLetterOrDigit)
                     .Aggregate(new StringBuilder(), (b, c) => b.Append(c)).ToString();
                 hostId = $"{sanitizedMachineName}-{Math.Abs(Utility.GetStableHash(scriptOptions.ScriptPath))}";
+                result.IsLocal = true;
             }
 
             if (!string.IsNullOrEmpty(hostId))
             {
                 if (hostId.Length > ScriptConstants.MaximumHostIdLength)
                 {
-                    // Truncate to the max host name length if needed
+                    // Truncate to the max host name length
                     hostId = hostId.Substring(0, ScriptConstants.MaximumHostIdLength);
+                    result.IsTruncated = true;
                 }
             }
 
             // Lowercase and trim any trailing '-' as they can cause problems with queue names
-            return hostId?.ToLowerInvariant().TrimEnd('-');
+            result.HostId = hostId?.ToLowerInvariant().TrimEnd('-');
+
+            return result;
+        }
+
+        public class HostIdResult
+        {
+            public string HostId { get; set; }
+
+            public bool IsTruncated { get; set; }
+
+            public bool IsLocal { get; set; }
         }
     }
 }

src/WebJobs.Script.WebHost/HostNameProvider.cs renamed to src/WebJobs.Script/HostNameProvider.cs

@@ -5,7 +5,7 @@
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 
-namespace Microsoft.Azure.WebJobs.Script.WebHost
+namespace Microsoft.Azure.WebJobs.Script
 {
     /// <summary>
     /// Provides the current HostName for the Function App.

src/WebJobs.Script/Properties/Resources.Designer.cs

@@ -164,4 +164,7 @@
   IsStopwatchHighResolution: {3}
 }}</value>
   </data>
+  <data name="HostIdCollisionFormat" xml:space="preserve">
+    <value>A collision for Host ID '{0}' was detected in the configured storage account. For more information, see https://aka.ms/functions-hostid-collision.</value>
+  </data>
 </root>

src/WebJobs.Script/Properties/Resources.resx

@@ -330,6 +330,8 @@ public static void AddCommonServices(IServiceCollection services)
             // to be careful with caching, etc. E.g. these services will get
             // initially created in placeholder mode and live on through the
             // specialized app.
+            services.AddSingleton<HostNameProvider>();
+            services.AddSingleton<HostIdValidator>();
             services.AddSingleton<IHostIdProvider, ScriptHostIdProvider>();
             services.TryAddSingleton<IScriptEventManager, ScriptEventManager>();