diff --git a/CHANGELOG.md b/CHANGELOG.md index fe0495e9..9ea4203e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,9 @@ -## 7.21.5 (unreleased) +## 8.0.0 (unreleased) +Release 8.0.0 is in active development, with the goal of supporting much larger data sets, hopefully as large as 100GB. When officially released 8.0 will support (mostly) seamless upgrades from the 7.x series. However until the official release, upgrades will require backing up your data from any existing 7.x cluster and restoring into a new 8.0 cluster. ### Implementation changes and bug fixes - [PR #1337](https://github.com/rqlite/rqlite/pull/1337): Store can now load from an io.Reader. - [PR #1339](https://github.com/rqlite/rqlite/pull/1339), [PR #1340](https://github.com/rqlite/rqlite/pull/1340), [PR #1341](https://github.com/rqlite/rqlite/pull/1341): Add `LoadRequest` chunker/dechunker. +- [PR #1343](https://github.com/rqlite/rqlite/pull/1343): Remove no-longer supported command-line options. ## 7.21.4 (July 8th 2023) ### Implementation changes and bug fixes diff --git a/cluster/bootstrap_test.go b/cluster/bootstrap_test.go index 3d0a5c10..79d25832 100644 --- a/cluster/bootstrap_test.go +++ b/cluster/bootstrap_test.go @@ -190,7 +190,7 @@ func Test_BootstrapperBootSingleNotifyHTTPS(t *testing.T) { return n == 5 } - tlsConfig, err := rtls.CreateClientConfig("", "", "", true, false) + tlsConfig, err := rtls.CreateClientConfig("", "", "", true) if err != nil { t.Fatalf("failed to create TLS config: %s", err) } diff --git a/cluster/join_test.go b/cluster/join_test.go index cdb46c18..6441c8e7 100644 --- a/cluster/join_test.go +++ b/cluster/join_test.go @@ -109,7 +109,7 @@ func Test_SingleJoinHTTPSOK(t *testing.T) { ts.TLS = &tls.Config{NextProtos: []string{"h2", "http/1.1"}} ts.StartTLS() - tlsConfig, err := rtls.CreateClientConfig("", "", "", true, false) + tlsConfig, err := rtls.CreateClientConfig("", "", "", true) if err != nil { t.Fatalf("failed to create TLS config: %s", err.Error()) } diff --git a/cluster/service_mux_test.go b/cluster/service_mux_test.go index 7b68562d..443e126f 100644 --- a/cluster/service_mux_test.go +++ b/cluster/service_mux_test.go @@ -118,7 +118,7 @@ func mustNewDialer(header byte, remoteEncrypted, skipVerify bool) *tcp.Dialer { var tlsConfig *tls.Config var err error if remoteEncrypted { - tlsConfig, err = rtls.CreateClientConfig("", "", "", skipVerify, false) + tlsConfig, err = rtls.CreateClientConfig("", "", "", skipVerify) if err != nil { panic(fmt.Sprintf("failed to create client TLS config: %s", err)) } diff --git a/cmd/rqlited/flags.go b/cmd/rqlited/flags.go index ae0dd00a..90a80e06 100644 --- a/cmd/rqlited/flags.go +++ b/cmd/rqlited/flags.go @@ -47,10 +47,6 @@ type Config struct { // HTTPAdv is the advertised HTTP server network. HTTPAdv string - // TLS1011 indicates whether the node should support deprecated - // encryption standards. - TLS1011 bool - // AuthFile is the path to the authentication file. May not be set. AuthFile string `filepath:"true"` @@ -76,9 +72,6 @@ type Config struct { // HTTPVerifyClient indicates whether the HTTP server should verify client certificates. HTTPVerifyClient bool - // NodeEncrypt indicates whether node encryption should be enabled. - NodeEncrypt bool - // NodeX509CACert is the path to the CA certficate file for when this node verifies // other certificates for any inter-node communications. May not be set. NodeX509CACert string `filepath:"true"` @@ -150,9 +143,6 @@ type Config struct { // OnDiskPath sets the path to the SQLite file. May not be set. OnDiskPath string - // OnDiskStartup disables the in-memory on-disk startup optimization. - OnDiskStartup bool - // FKConstraints enables SQLite foreign key constraints. FKConstraints bool @@ -445,13 +435,11 @@ func ParseFlags(name, desc string, build *BuildInfo) (*Config, error) { flag.StringVar(&config.NodeID, "node-id", "", "Unique ID for node. If not set, set to advertised Raft address") flag.StringVar(&config.HTTPAddr, HTTPAddrFlag, "localhost:4001", "HTTP server bind address. To enable HTTPS, set X.509 certificate and key") flag.StringVar(&config.HTTPAdv, HTTPAdvAddrFlag, "", "Advertised HTTP address. If not set, same as HTTP server bind address") - flag.BoolVar(&config.TLS1011, "tls1011", false, "Support deprecated TLS versions 1.0 and 1.1") flag.StringVar(&config.HTTPx509CACert, "http-ca-cert", "", "Path to X.509 CA certificate for HTTPS") flag.StringVar(&config.HTTPx509Cert, HTTPx509CertFlag, "", "Path to HTTPS X.509 certificate") flag.StringVar(&config.HTTPx509Key, HTTPx509KeyFlag, "", "Path to HTTPS X.509 private key") flag.BoolVar(&config.NoHTTPVerify, "http-no-verify", false, "Skip verification of remote node's HTTPS certificate when joining a cluster") flag.BoolVar(&config.HTTPVerifyClient, "http-verify-client", false, "Enable mutual TLS for HTTPS") - flag.BoolVar(&config.NodeEncrypt, "node-encrypt", false, "Ignored, control node-to-node encryption by setting node certificate and key") flag.StringVar(&config.NodeX509CACert, "node-ca-cert", "", "Path to X.509 CA certificate for node-to-node encryption") flag.StringVar(&config.NodeX509Cert, NodeX509CertFlag, "", "Path to X.509 certificate for node-to-node mutual authentication and encryption") flag.StringVar(&config.NodeX509Key, NodeX509KeyFlag, "", "Path to X.509 private key for node-to-node mutual authentication and encryption") @@ -476,7 +464,6 @@ func ParseFlags(name, desc string, build *BuildInfo) (*Config, error) { flag.BoolVar(&config.PprofEnabled, "pprof", true, "Serve pprof data on HTTP server") flag.BoolVar(&config.OnDisk, "on-disk", false, "Use an on-disk SQLite database") flag.StringVar(&config.OnDiskPath, "on-disk-path", "", "Path for SQLite on-disk database file. If not set, use a file in data directory") - flag.BoolVar(&config.OnDiskStartup, "on-disk-startup", false, "Ignored, on-disk startup optimization control no longer necessary") flag.BoolVar(&config.FKConstraints, "fk", false, "Enable SQLite foreign key constraints") flag.BoolVar(&showVersion, "version", false, "Show version information and exit") flag.BoolVar(&config.RaftNonVoter, "raft-non-voter", false, "Configure as non-voting node") diff --git a/cmd/rqlited/main.go b/cmd/rqlited/main.go index b4def963..fef9d2f2 100644 --- a/cmd/rqlited/main.go +++ b/cmd/rqlited/main.go @@ -371,7 +371,6 @@ func startHTTPService(cfg *Config, str *store.Store, cltr *cluster.Client, credS s.CACertFile = cfg.HTTPx509CACert s.CertFile = cfg.HTTPx509Cert s.KeyFile = cfg.HTTPx509Key - s.TLS1011 = cfg.TLS1011 s.ClientVerify = cfg.HTTPVerifyClient s.Expvar = cfg.Expvar s.Pprof = cfg.PprofEnabled @@ -462,7 +461,7 @@ func createClusterClient(cfg *Config, clstr *cluster.Service) (*cluster.Client, var err error if cfg.NodeX509Cert != "" || cfg.NodeX509CACert != "" { dialerTLSConfig, err = rtls.CreateClientConfig(cfg.NodeX509Cert, cfg.NodeX509Key, - cfg.NodeX509CACert, cfg.NoNodeVerify, cfg.TLS1011) + cfg.NodeX509CACert, cfg.NoNodeVerify) if err != nil { return nil, fmt.Errorf("failed to create TLS config for cluster dialer: %s", err.Error()) } @@ -629,5 +628,5 @@ func createHTTPTLSConfig(cfg *Config) (*tls.Config, error) { return nil, nil } return rtls.CreateClientConfig(cfg.HTTPx509Cert, cfg.HTTPx509Key, cfg.HTTPx509CACert, - cfg.NoHTTPVerify, cfg.TLS1011) + cfg.NoHTTPVerify) } diff --git a/cmd/version.go b/cmd/version.go index 6744b57e..b1b3734f 100644 --- a/cmd/version.go +++ b/cmd/version.go @@ -3,7 +3,7 @@ package cmd // These variables are populated via the Go linker. var ( // Version of rqlite. - Version = "7" + Version = "8" // Commit this code was built at. Commit = "unknown" diff --git a/http/service.go b/http/service.go index 6ffa1b27..016fb1d6 100644 --- a/http/service.go +++ b/http/service.go @@ -303,7 +303,6 @@ type Service struct { CACertFile string // Path to x509 CA certificate used to verify certificates. CertFile string // Path to server's own x509 certificate. KeyFile string // Path to server's own x509 private key. - TLS1011 bool // Whether older, deprecated TLS should be supported. ClientVerify bool // Whether client certificates should verified. tlsConfig *tls.Config @@ -356,7 +355,7 @@ func (s *Service) Start() error { return err } } else { - s.tlsConfig, err = rtls.CreateServerConfig(s.CertFile, s.KeyFile, s.CACertFile, !s.ClientVerify, s.TLS1011) + s.tlsConfig, err = rtls.CreateServerConfig(s.CertFile, s.KeyFile, s.CACertFile, !s.ClientVerify) if err != nil { return err } diff --git a/rtls/config.go b/rtls/config.go index 2523d972..5243255d 100644 --- a/rtls/config.go +++ b/rtls/config.go @@ -14,9 +14,9 @@ import ( // is true, the client will not verify the server's certificate. If mutual is true, // the server will verify the client's certificate. If tls1011 is true, the client will // accept TLS 1.0 or 1.1. Otherwise, it will require TLS 1.2 or higher. -func CreateConfig(certFile, keyFile, caCertFile string, noverify, mutual, tls1011 bool) (*tls.Config, error) { +func CreateConfig(certFile, keyFile, caCertFile string, noverify, mutual bool) (*tls.Config, error) { var err error - config := createBaseTLSConfig(noverify, tls1011) + config := createBaseTLSConfig(noverify) // load the certificate and key if certFile != "" && keyFile != "" { @@ -57,10 +57,10 @@ func CreateConfig(certFile, keyFile, caCertFile string, noverify, mutual, tls101 // presented by the server. If noverify is true, the client will not verify the server's certificate. // If tls1011 is true, the client will accept TLS 1.0 or 1.1. Otherwise, it will require TLS 1.2 // or higher. -func CreateClientConfig(certFile, keyFile, caCertFile string, noverify, tls1011 bool) (*tls.Config, error) { +func CreateClientConfig(certFile, keyFile, caCertFile string, noverify bool) (*tls.Config, error) { var err error - config := createBaseTLSConfig(noverify, tls1011) + config := createBaseTLSConfig(noverify) if certFile != "" && keyFile != "" { config.Certificates = make([]tls.Certificate, 1) config.Certificates[0], err = tls.LoadX509KeyPair(certFile, keyFile) @@ -89,10 +89,10 @@ func CreateClientConfig(certFile, keyFile, caCertFile string, noverify, tls1011 // client. If noverify is true, the server will not verify the client's certificate. If // tls1011 is true, the server will accept TLS 1.0 or 1.1. Otherwise, it will require TLS 1.2 // or higher. -func CreateServerConfig(certFile, keyFile, caCertFile string, noverify, tls1011 bool) (*tls.Config, error) { +func CreateServerConfig(certFile, keyFile, caCertFile string, noverify bool) (*tls.Config, error) { var err error - config := createBaseTLSConfig(false, tls1011) + config := createBaseTLSConfig(false) config.Certificates = make([]tls.Certificate, 1) config.Certificates[0], err = tls.LoadX509KeyPair(certFile, keyFile) if err != nil { @@ -115,15 +115,10 @@ func CreateServerConfig(certFile, keyFile, caCertFile string, noverify, tls1011 return config, nil } -func createBaseTLSConfig(noverify, tls1011 bool) *tls.Config { - var minTLS = uint16(tls.VersionTLS12) - if tls1011 { - minTLS = tls.VersionTLS10 - } - +func createBaseTLSConfig(noverify bool) *tls.Config { return &tls.Config{ InsecureSkipVerify: noverify, NextProtos: []string{"h2", "http/1.1"}, - MinVersion: minTLS, + MinVersion: uint16(tls.VersionTLS12), } } diff --git a/rtls/config_test.go b/rtls/config_test.go index 5fa66305..13d314be 100644 --- a/rtls/config_test.go +++ b/rtls/config_test.go @@ -26,7 +26,7 @@ func Test_CreateConfig(t *testing.T) { caCertFile := mustWriteTempFile(t, caCertPEM) // create a config with no server or client verification - config, err := CreateConfig(certFile, keyFile, caCertFile, true, false, false) + config, err := CreateConfig(certFile, keyFile, caCertFile, true, false) if err != nil { t.Fatalf("failed to create config: %v", err) } @@ -69,7 +69,7 @@ func Test_CreateConfig(t *testing.T) { } // create a config with server cert verification only - config, err = CreateConfig(certFile, keyFile, caCertFile, false, false, false) + config, err = CreateConfig(certFile, keyFile, caCertFile, false, false) if err != nil { t.Fatalf("failed to create config: %v", err) } @@ -81,7 +81,7 @@ func Test_CreateConfig(t *testing.T) { } // create a config with both server and client verification - config, err = CreateConfig(certFile, keyFile, "", false, true, false) + config, err = CreateConfig(certFile, keyFile, "", false, true) if err != nil { t.Fatalf("failed to create config: %v", err) } @@ -103,7 +103,7 @@ func Test_CreateServerConfig(t *testing.T) { keyFile := mustWriteTempFile(t, keyPEM) // create a server config with no client verification - config, err := CreateServerConfig(certFile, keyFile, "", true, false) + config, err := CreateServerConfig(certFile, keyFile, "", true) if err != nil { t.Fatalf("failed to create server config: %v", err) } @@ -130,7 +130,7 @@ func Test_CreateServerConfig(t *testing.T) { } // create a server config with client verification - config, err = CreateServerConfig(certFile, keyFile, "", false, false) + config, err = CreateServerConfig(certFile, keyFile, "", false) if err != nil { t.Fatalf("failed to create server config: %v", err) } @@ -149,7 +149,7 @@ func Test_CreateClientConfig(t *testing.T) { keyFile := mustWriteTempFile(t, keyPEM) // create a client config with no server verification - config, err := CreateClientConfig(certFile, keyFile, "", true, false) + config, err := CreateClientConfig(certFile, keyFile, "", true) if err != nil { t.Fatalf("failed to create client config: %v", err) } @@ -176,7 +176,7 @@ func Test_CreateClientConfig(t *testing.T) { } // create a client config with server verification - config, err = CreateClientConfig(certFile, keyFile, "", false, false) + config, err = CreateClientConfig(certFile, keyFile, "", false) if err != nil { t.Fatalf("failed to create client config: %v", err) } diff --git a/scripts/package.sh b/scripts/package.sh index 1b872366..4d6c4bd5 100755 --- a/scripts/package.sh +++ b/scripts/package.sh @@ -36,7 +36,7 @@ upload_asset () { if [ $# -lt 1 ]; then echo "$0 [release_id api_token]" - echo "Example: $0 v6.9.2 4284284 w40987joiudfigouuysdfgu_d" + echo "Example: $0 v8.9.2 4284284 w40987joiudfigouuysdfgu_d" exit 1 fi diff --git a/system_test/cluster_test.go b/system_test/cluster_test.go index 55a7157c..b76df298 100644 --- a/system_test/cluster_test.go +++ b/system_test/cluster_test.go @@ -504,7 +504,7 @@ func Test_MultiNodeClusterBootstrapLaterJoinHTTPS(t *testing.T) { node3.Store.BootstrapExpect = 3 defer node3.Deprovision() - tlsConfig, err := rtls.CreateClientConfig("", "", "", true, false) + tlsConfig, err := rtls.CreateClientConfig("", "", "", true) if err != nil { t.Fatalf("failed to create TLS config: %s", err) } diff --git a/system_test/e2e/helpers.py b/system_test/e2e/helpers.py index 416328fc..65b73cd7 100644 --- a/system_test/e2e/helpers.py +++ b/system_test/e2e/helpers.py @@ -184,7 +184,7 @@ class Node(object): if self.http_no_verify: command += ['-http-no-verify'] if self.node_cert is not None: - command += ['-node-encrypt', '-node-cert', self.node_cert, '-node-key', self.node_key] + command += ['-node-cert', self.node_cert, '-node-key', self.node_key] if self.node_no_verify: command += ['-node-no-verify'] if self.on_disk: diff --git a/system_test/helpers.go b/system_test/helpers.go index f41684ae..de10b8c4 100644 --- a/system_test/helpers.go +++ b/system_test/helpers.go @@ -29,6 +29,10 @@ import ( const ( // SnapshotInterval is the period between snapshot checks SnapshotInterval = time.Second + + // ElectionTimeout is the period between elections. It's longer than + // the default to allow for slow CI systems. + ElectionTimeout = 2 * time.Second ) var ( @@ -690,6 +694,7 @@ func mustNodeEncryptedOnDisk(dir string, enableSingle, httpEncrypt bool, mux *tc }) node.Store.SnapshotThreshold = 100 node.Store.SnapshotInterval = SnapshotInterval + node.Store.ElectionTimeout = ElectionTimeout if err := node.Store.Open(); err != nil { node.Deprovision() diff --git a/system_test/request_forwarding_test.go b/system_test/request_forwarding_test.go index 3b133390..4a5fb301 100644 --- a/system_test/request_forwarding_test.go +++ b/system_test/request_forwarding_test.go @@ -381,7 +381,7 @@ func mustNewDialer(header byte, remoteEncrypted, skipVerify bool) *tcp.Dialer { var tlsConfig *tls.Config var err error if remoteEncrypted { - tlsConfig, err = rtls.CreateClientConfig("", "", "", skipVerify, false) + tlsConfig, err = rtls.CreateClientConfig("", "", "", skipVerify) if err != nil { panic(fmt.Sprintf("failed to create client TLS config: %s", err)) } diff --git a/tcp/dialer_test.go b/tcp/dialer_test.go index bea9325a..8e6d1841 100644 --- a/tcp/dialer_test.go +++ b/tcp/dialer_test.go @@ -57,7 +57,7 @@ func Test_DialerHeaderTLS(t *testing.T) { defer os.Remove(key) go s.Start(t) - tlsConfig, err := rtls.CreateClientConfig("", "", "", true, false) + tlsConfig, err := rtls.CreateClientConfig("", "", "", true) if err != nil { t.Fatalf("failed to create TLS config: %s", err.Error()) } @@ -154,7 +154,7 @@ func mustNewEchoServerTLS() (*echoServer, string, string) { cert := x509.CertFile("") key := x509.KeyFile("") - tlsConfig, err := rtls.CreateServerConfig(cert, key, "", true, false) + tlsConfig, err := rtls.CreateServerConfig(cert, key, "", true) if err != nil { panic("failed to create TLS config") } diff --git a/tcp/mux.go b/tcp/mux.go index 1887e326..2c782935 100644 --- a/tcp/mux.go +++ b/tcp/mux.go @@ -103,7 +103,7 @@ func NewTLSMux(ln net.Listener, adv net.Addr, cert, key, caCert string, insecure return nil, err } - mux.tlsConfig, err = rtls.CreateConfig(cert, key, caCert, insecure, mutual, false) + mux.tlsConfig, err = rtls.CreateConfig(cert, key, caCert, insecure, mutual) if err != nil { return nil, fmt.Errorf("cannot create TLS config: %s", err) }