Merge remote-tracking branch 'origin' into integrate-load-chunk

CHANGELOG.md

@@ -1,7 +1,9 @@
-## 7.21.5 (unreleased)
+## 8.0.0 (unreleased)
+Release 8.0.0 is in active development, with the goal of supporting much larger data sets, hopefully as large as 100GB. When officially released 8.0 will support (mostly) seamless upgrades from the 7.x series. However until the official release, upgrades will require backing up your data from any existing 7.x cluster and restoring into a new 8.0 cluster.
 ### Implementation changes and bug fixes
 - [PR #1337](https://github.com/rqlite/rqlite/pull/1337): Store can now load from an io.Reader.
 - [PR #1339](https://github.com/rqlite/rqlite/pull/1339), [PR #1340](https://github.com/rqlite/rqlite/pull/1340), [PR #1341](https://github.com/rqlite/rqlite/pull/1341): Add `LoadRequest` chunker/dechunker.
+- [PR #1343](https://github.com/rqlite/rqlite/pull/1343): Remove no-longer supported command-line options.
 
 ## 7.21.4 (July 8th 2023)
 ### Implementation changes and bug fixes

cluster/bootstrap_test.go

@@ -190,7 +190,7 @@ func Test_BootstrapperBootSingleNotifyHTTPS(t *testing.T) {
 		return n == 5
 	}
 
-	tlsConfig, err := rtls.CreateClientConfig("", "", "", true, false)
+	tlsConfig, err := rtls.CreateClientConfig("", "", "", true)
 	if err != nil {
 		t.Fatalf("failed to create TLS config: %s", err)
 	}

cluster/join_test.go

@@ -109,7 +109,7 @@ func Test_SingleJoinHTTPSOK(t *testing.T) {
 	ts.TLS = &tls.Config{NextProtos: []string{"h2", "http/1.1"}}
 	ts.StartTLS()
 
-	tlsConfig, err := rtls.CreateClientConfig("", "", "", true, false)
+	tlsConfig, err := rtls.CreateClientConfig("", "", "", true)
 	if err != nil {
 		t.Fatalf("failed to create TLS config: %s", err.Error())
 	}

cluster/service_mux_test.go

@@ -118,7 +118,7 @@ func mustNewDialer(header byte, remoteEncrypted, skipVerify bool) *tcp.Dialer {
 	var tlsConfig *tls.Config
 	var err error
 	if remoteEncrypted {
-		tlsConfig, err = rtls.CreateClientConfig("", "", "", skipVerify, false)
+		tlsConfig, err = rtls.CreateClientConfig("", "", "", skipVerify)
 		if err != nil {
 			panic(fmt.Sprintf("failed to create client TLS config: %s", err))
 		}

cmd/rqlited/flags.go

@@ -47,10 +47,6 @@ type Config struct {
 	// HTTPAdv is the advertised HTTP server network.
 	HTTPAdv string
 
-	// TLS1011 indicates whether the node should support deprecated
-	// encryption standards.
-	TLS1011 bool
-
 	// AuthFile is the path to the authentication file. May not be set.
 	AuthFile string `filepath:"true"`
 
@@ -76,9 +72,6 @@ type Config struct {
 	// HTTPVerifyClient indicates whether the HTTP server should verify client certificates.
 	HTTPVerifyClient bool
 
-	// NodeEncrypt indicates whether node encryption should be enabled.
-	NodeEncrypt bool
-
 	// NodeX509CACert is the path to the CA certficate file for when this node verifies
 	// other certificates for any inter-node communications. May not be set.
 	NodeX509CACert string `filepath:"true"`
@@ -150,9 +143,6 @@ type Config struct {
 	// OnDiskPath sets the path to the SQLite file. May not be set.
 	OnDiskPath string
 
-	// OnDiskStartup disables the in-memory on-disk startup optimization.
-	OnDiskStartup bool
-
 	// FKConstraints enables SQLite foreign key constraints.
 	FKConstraints bool
 
@@ -445,13 +435,11 @@ func ParseFlags(name, desc string, build *BuildInfo) (*Config, error) {
 	flag.StringVar(&config.NodeID, "node-id", "", "Unique ID for node. If not set, set to advertised Raft address")
 	flag.StringVar(&config.HTTPAddr, HTTPAddrFlag, "localhost:4001", "HTTP server bind address. To enable HTTPS, set X.509 certificate and key")
 	flag.StringVar(&config.HTTPAdv, HTTPAdvAddrFlag, "", "Advertised HTTP address. If not set, same as HTTP server bind address")
-	flag.BoolVar(&config.TLS1011, "tls1011", false, "Support deprecated TLS versions 1.0 and 1.1")
 	flag.StringVar(&config.HTTPx509CACert, "http-ca-cert", "", "Path to X.509 CA certificate for HTTPS")
 	flag.StringVar(&config.HTTPx509Cert, HTTPx509CertFlag, "", "Path to HTTPS X.509 certificate")
 	flag.StringVar(&config.HTTPx509Key, HTTPx509KeyFlag, "", "Path to HTTPS X.509 private key")
 	flag.BoolVar(&config.NoHTTPVerify, "http-no-verify", false, "Skip verification of remote node's HTTPS certificate when joining a cluster")
 	flag.BoolVar(&config.HTTPVerifyClient, "http-verify-client", false, "Enable mutual TLS for HTTPS")
-	flag.BoolVar(&config.NodeEncrypt, "node-encrypt", false, "Ignored, control node-to-node encryption by setting node certificate and key")
 	flag.StringVar(&config.NodeX509CACert, "node-ca-cert", "", "Path to X.509 CA certificate for node-to-node encryption")
 	flag.StringVar(&config.NodeX509Cert, NodeX509CertFlag, "", "Path to X.509 certificate for node-to-node mutual authentication and encryption")
 	flag.StringVar(&config.NodeX509Key, NodeX509KeyFlag, "", "Path to X.509 private key for node-to-node mutual authentication and encryption")
@@ -476,7 +464,6 @@ func ParseFlags(name, desc string, build *BuildInfo) (*Config, error) {
 	flag.BoolVar(&config.PprofEnabled, "pprof", true, "Serve pprof data on HTTP server")
 	flag.BoolVar(&config.OnDisk, "on-disk", false, "Use an on-disk SQLite database")
 	flag.StringVar(&config.OnDiskPath, "on-disk-path", "", "Path for SQLite on-disk database file. If not set, use a file in data directory")
-	flag.BoolVar(&config.OnDiskStartup, "on-disk-startup", false, "Ignored, on-disk startup optimization control no longer necessary")
 	flag.BoolVar(&config.FKConstraints, "fk", false, "Enable SQLite foreign key constraints")
 	flag.BoolVar(&showVersion, "version", false, "Show version information and exit")
 	flag.BoolVar(&config.RaftNonVoter, "raft-non-voter", false, "Configure as non-voting node")

cmd/rqlited/main.go

@@ -371,7 +371,6 @@ func startHTTPService(cfg *Config, str *store.Store, cltr *cluster.Client, credS
 	s.CACertFile = cfg.HTTPx509CACert
 	s.CertFile = cfg.HTTPx509Cert
 	s.KeyFile = cfg.HTTPx509Key
-	s.TLS1011 = cfg.TLS1011
 	s.ClientVerify = cfg.HTTPVerifyClient
 	s.Expvar = cfg.Expvar
 	s.Pprof = cfg.PprofEnabled
@@ -462,7 +461,7 @@ func createClusterClient(cfg *Config, clstr *cluster.Service) (*cluster.Client,
 	var err error
 	if cfg.NodeX509Cert != "" || cfg.NodeX509CACert != "" {
 		dialerTLSConfig, err = rtls.CreateClientConfig(cfg.NodeX509Cert, cfg.NodeX509Key,
-			cfg.NodeX509CACert, cfg.NoNodeVerify, cfg.TLS1011)
+			cfg.NodeX509CACert, cfg.NoNodeVerify)
 		if err != nil {
 			return nil, fmt.Errorf("failed to create TLS config for cluster dialer: %s", err.Error())
 		}
@@ -629,5 +628,5 @@ func createHTTPTLSConfig(cfg *Config) (*tls.Config, error) {
 		return nil, nil
 	}
 	return rtls.CreateClientConfig(cfg.HTTPx509Cert, cfg.HTTPx509Key, cfg.HTTPx509CACert,
-		cfg.NoHTTPVerify, cfg.TLS1011)
+		cfg.NoHTTPVerify)
 }

cmd/version.go

@@ -3,7 +3,7 @@ package cmd
 // These variables are populated via the Go linker.
 var (
 	// Version of rqlite.
-	Version = "7"
+	Version = "8"
 
 	// Commit this code was built at.
 	Commit = "unknown"

http/service.go

@@ -303,7 +303,6 @@ type Service struct {
 	CACertFile   string // Path to x509 CA certificate used to verify certificates.
 	CertFile     string // Path to server's own x509 certificate.
 	KeyFile      string // Path to server's own x509 private key.
-	TLS1011      bool   // Whether older, deprecated TLS should be supported.
 	ClientVerify bool   // Whether client certificates should verified.
 	tlsConfig    *tls.Config
 
@@ -356,7 +355,7 @@ func (s *Service) Start() error {
 			return err
 		}
 	} else {
-		s.tlsConfig, err = rtls.CreateServerConfig(s.CertFile, s.KeyFile, s.CACertFile, !s.ClientVerify, s.TLS1011)
+		s.tlsConfig, err = rtls.CreateServerConfig(s.CertFile, s.KeyFile, s.CACertFile, !s.ClientVerify)
 		if err != nil {
 			return err
 		}

rtls/config.go

@@ -14,9 +14,9 @@ import (
 // is true, the client will not verify the server's certificate. If mutual is true,
 // the server will verify the client's certificate. If tls1011 is true, the client will
 // accept TLS 1.0 or 1.1. Otherwise, it will require TLS 1.2 or higher.
-func CreateConfig(certFile, keyFile, caCertFile string, noverify, mutual, tls1011 bool) (*tls.Config, error) {
+func CreateConfig(certFile, keyFile, caCertFile string, noverify, mutual bool) (*tls.Config, error) {
 	var err error
-	config := createBaseTLSConfig(noverify, tls1011)
+	config := createBaseTLSConfig(noverify)
 
 	// load the certificate and key
 	if certFile != "" && keyFile != "" {
@@ -57,10 +57,10 @@ func CreateConfig(certFile, keyFile, caCertFile string, noverify, mutual, tls101
 // presented by the server. If noverify is true, the client will not verify the server's certificate.
 // If tls1011 is true, the client will accept TLS 1.0 or 1.1. Otherwise, it will require TLS 1.2
 // or higher.
-func CreateClientConfig(certFile, keyFile, caCertFile string, noverify, tls1011 bool) (*tls.Config, error) {
+func CreateClientConfig(certFile, keyFile, caCertFile string, noverify bool) (*tls.Config, error) {
 	var err error
 
-	config := createBaseTLSConfig(noverify, tls1011)
+	config := createBaseTLSConfig(noverify)
 	if certFile != "" && keyFile != "" {
 		config.Certificates = make([]tls.Certificate, 1)
 		config.Certificates[0], err = tls.LoadX509KeyPair(certFile, keyFile)
@@ -89,10 +89,10 @@ func CreateClientConfig(certFile, keyFile, caCertFile string, noverify, tls1011
 // client. If noverify is true, the server will not verify the client's certificate. If
 // tls1011 is true, the server will accept TLS 1.0 or 1.1. Otherwise, it will require TLS 1.2
 // or higher.
-func CreateServerConfig(certFile, keyFile, caCertFile string, noverify, tls1011 bool) (*tls.Config, error) {
+func CreateServerConfig(certFile, keyFile, caCertFile string, noverify bool) (*tls.Config, error) {
 	var err error
 
-	config := createBaseTLSConfig(false, tls1011)
+	config := createBaseTLSConfig(false)
 	config.Certificates = make([]tls.Certificate, 1)
 	config.Certificates[0], err = tls.LoadX509KeyPair(certFile, keyFile)
 	if err != nil {
@@ -115,15 +115,10 @@ func CreateServerConfig(certFile, keyFile, caCertFile string, noverify, tls1011
 	return config, nil
 }
 
-func createBaseTLSConfig(noverify, tls1011 bool) *tls.Config {
-	var minTLS = uint16(tls.VersionTLS12)
-	if tls1011 {
-		minTLS = tls.VersionTLS10
-	}
-
+func createBaseTLSConfig(noverify bool) *tls.Config {
 	return &tls.Config{
 		InsecureSkipVerify: noverify,
 		NextProtos:         []string{"h2", "http/1.1"},
-		MinVersion:         minTLS,
+		MinVersion:         uint16(tls.VersionTLS12),
 	}
 }

rtls/config_test.go

@@ -26,7 +26,7 @@ func Test_CreateConfig(t *testing.T) {
 	caCertFile := mustWriteTempFile(t, caCertPEM)
 
 	// create a config with no server or client verification
-	config, err := CreateConfig(certFile, keyFile, caCertFile, true, false, false)
+	config, err := CreateConfig(certFile, keyFile, caCertFile, true, false)
 	if err != nil {
 		t.Fatalf("failed to create config: %v", err)
 	}
@@ -69,7 +69,7 @@ func Test_CreateConfig(t *testing.T) {
 	}
 
 	// create a config with server cert verification only
-	config, err = CreateConfig(certFile, keyFile, caCertFile, false, false, false)
+	config, err = CreateConfig(certFile, keyFile, caCertFile, false, false)
 	if err != nil {
 		t.Fatalf("failed to create config: %v", err)
 	}
@@ -81,7 +81,7 @@ func Test_CreateConfig(t *testing.T) {
 	}
 
 	// create a config with both server and client verification
-	config, err = CreateConfig(certFile, keyFile, "", false, true, false)
+	config, err = CreateConfig(certFile, keyFile, "", false, true)
 	if err != nil {
 		t.Fatalf("failed to create config: %v", err)
 	}
@@ -103,7 +103,7 @@ func Test_CreateServerConfig(t *testing.T) {
 	keyFile := mustWriteTempFile(t, keyPEM)
 
 	// create a server config with no client verification
-	config, err := CreateServerConfig(certFile, keyFile, "", true, false)
+	config, err := CreateServerConfig(certFile, keyFile, "", true)
 	if err != nil {
 		t.Fatalf("failed to create server config: %v", err)
 	}
@@ -130,7 +130,7 @@ func Test_CreateServerConfig(t *testing.T) {
 	}
 
 	// create a server config with client verification
-	config, err = CreateServerConfig(certFile, keyFile, "", false, false)
+	config, err = CreateServerConfig(certFile, keyFile, "", false)
 	if err != nil {
 		t.Fatalf("failed to create server config: %v", err)
 	}
@@ -149,7 +149,7 @@ func Test_CreateClientConfig(t *testing.T) {
 	keyFile := mustWriteTempFile(t, keyPEM)
 
 	// create a client config with no server verification
-	config, err := CreateClientConfig(certFile, keyFile, "", true, false)
+	config, err := CreateClientConfig(certFile, keyFile, "", true)
 	if err != nil {
 		t.Fatalf("failed to create client config: %v", err)
 	}
@@ -176,7 +176,7 @@ func Test_CreateClientConfig(t *testing.T) {
 	}
 
 	// create a client config with server verification
-	config, err = CreateClientConfig(certFile, keyFile, "", false, false)
+	config, err = CreateClientConfig(certFile, keyFile, "", false)
 	if err != nil {
 		t.Fatalf("failed to create client config: %v", err)
 	}

scripts/package.sh

@@ -36,7 +36,7 @@ upload_asset () {
 
 if [ $# -lt 1 ]; then
     echo "$0 <version> [release_id api_token]"
-    echo "Example: $0 v6.9.2 4284284 w40987joiudfigouuysdfgu_d"
+    echo "Example: $0 v8.9.2 4284284 w40987joiudfigouuysdfgu_d"
     exit 1
 fi
 

system_test/cluster_test.go

@@ -504,7 +504,7 @@ func Test_MultiNodeClusterBootstrapLaterJoinHTTPS(t *testing.T) {
 	node3.Store.BootstrapExpect = 3
 	defer node3.Deprovision()
 
-	tlsConfig, err := rtls.CreateClientConfig("", "", "", true, false)
+	tlsConfig, err := rtls.CreateClientConfig("", "", "", true)
 	if err != nil {
 		t.Fatalf("failed to create TLS config: %s", err)
 	}

system_test/e2e/helpers.py

@@ -184,7 +184,7 @@ class Node(object):
       if self.http_no_verify:
         command += ['-http-no-verify']
     if self.node_cert is not None:
-      command += ['-node-encrypt', '-node-cert', self.node_cert, '-node-key', self.node_key]
+      command += ['-node-cert', self.node_cert, '-node-key', self.node_key]
       if self.node_no_verify:
         command += ['-node-no-verify']
     if self.on_disk:

system_test/helpers.go

@@ -29,6 +29,10 @@ import (
 const (
 	// SnapshotInterval is the period between snapshot checks
 	SnapshotInterval = time.Second
+
+	// ElectionTimeout is the period between elections. It's longer than
+	// the default to allow for slow CI systems.
+	ElectionTimeout = 2 * time.Second
 )
 
 var (
@@ -690,6 +694,7 @@ func mustNodeEncryptedOnDisk(dir string, enableSingle, httpEncrypt bool, mux *tc
 	})
 	node.Store.SnapshotThreshold = 100
 	node.Store.SnapshotInterval = SnapshotInterval
+	node.Store.ElectionTimeout = ElectionTimeout
 
 	if err := node.Store.Open(); err != nil {
 		node.Deprovision()

system_test/request_forwarding_test.go

@@ -381,7 +381,7 @@ func mustNewDialer(header byte, remoteEncrypted, skipVerify bool) *tcp.Dialer {
 	var tlsConfig *tls.Config
 	var err error
 	if remoteEncrypted {
-		tlsConfig, err = rtls.CreateClientConfig("", "", "", skipVerify, false)
+		tlsConfig, err = rtls.CreateClientConfig("", "", "", skipVerify)
 		if err != nil {
 			panic(fmt.Sprintf("failed to create client TLS config: %s", err))
 		}

tcp/dialer_test.go

@@ -57,7 +57,7 @@ func Test_DialerHeaderTLS(t *testing.T) {
 	defer os.Remove(key)
 	go s.Start(t)
 
-	tlsConfig, err := rtls.CreateClientConfig("", "", "", true, false)
+	tlsConfig, err := rtls.CreateClientConfig("", "", "", true)
 	if err != nil {
 		t.Fatalf("failed to create TLS config: %s", err.Error())
 	}
@@ -154,7 +154,7 @@ func mustNewEchoServerTLS() (*echoServer, string, string) {
 	cert := x509.CertFile("")
 	key := x509.KeyFile("")
 
-	tlsConfig, err := rtls.CreateServerConfig(cert, key, "", true, false)
+	tlsConfig, err := rtls.CreateServerConfig(cert, key, "", true)
 	if err != nil {
 		panic("failed to create TLS config")
 	}

tcp/mux.go

@@ -103,7 +103,7 @@ func NewTLSMux(ln net.Listener, adv net.Addr, cert, key, caCert string, insecure
 		return nil, err
 	}
 
-	mux.tlsConfig, err = rtls.CreateConfig(cert, key, caCert, insecure, mutual, false)
+	mux.tlsConfig, err = rtls.CreateConfig(cert, key, caCert, insecure, mutual)
 	if err != nil {
 		return nil, fmt.Errorf("cannot create TLS config: %s", err)
 	}