wbtiger
/
foundationdb
mirror of https://github.com/apple/foundationdb.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'release-6.2' 

# Conflicts:
#	CMakeLists.txt
#	documentation/sphinx/source/release-notes.rst
#	fdbserver/fdbserver.actor.cpp
#	versions.target
This commit is contained in:
Evan Tschannen 2020-02-28 12:11:05 -08:00
parent 13e72f7b3b a97d0df07e
commit 6054c05963
15 changed files with 194 additions and 115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
bindings/c/fdb_c.cpp
View File

@ -107,12 +107,7 @@ fdb_error_t fdb_network_set_option( FDBNetworkOption option,
}
fdb_error_t fdb_setup_network_impl() {
CATCH_AND_RETURN(
try {
API->setupNetwork();
} catch (boost::system::system_error& e) {
return error_code_tls_error;
} );
CATCH_AND_RETURN( API->setupNetwork(); );
}
fdb_error_t fdb_setup_network_v13( const char* localAddress ) {

24
documentation/sphinx/source/downloads.rst
View File

@ -10,38 +10,38 @@ macOS
The macOS installation package is supported on macOS 10.7+. It includes the client and (optionally) the server.
* `FoundationDB-6.2.16.pkg <https://www.foundationdb.org/downloads/6.2.16/macOS/installers/FoundationDB-6.2.16.pkg>`_
* `FoundationDB-6.2.17.pkg <https://www.foundationdb.org/downloads/6.2.17/macOS/installers/FoundationDB-6.2.17.pkg>`_
Ubuntu
------
The Ubuntu packages are supported on 64-bit Ubuntu 12.04+, but beware of the Linux kernel bug in Ubuntu 12.x.
* `foundationdb-clients-6.2.16-1_amd64.deb <https://www.foundationdb.org/downloads/6.2.16/ubuntu/installers/foundationdb-clients_6.2.16-1_amd64.deb>`_
* `foundationdb-server-6.2.16-1_amd64.deb <https://www.foundationdb.org/downloads/6.2.16/ubuntu/installers/foundationdb-server_6.2.16-1_amd64.deb>`_ (depends on the clients package)
* `foundationdb-clients-6.2.17-1_amd64.deb <https://www.foundationdb.org/downloads/6.2.17/ubuntu/installers/foundationdb-clients_6.2.17-1_amd64.deb>`_
* `foundationdb-server-6.2.17-1_amd64.deb <https://www.foundationdb.org/downloads/6.2.17/ubuntu/installers/foundationdb-server_6.2.17-1_amd64.deb>`_ (depends on the clients package)
RHEL/CentOS EL6
---------------
The RHEL/CentOS EL6 packages are supported on 64-bit RHEL/CentOS 6.x.
* `foundationdb-clients-6.2.16-1.el6.x86_64.rpm <https://www.foundationdb.org/downloads/6.2.16/rhel6/installers/foundationdb-clients-6.2.16-1.el6.x86_64.rpm>`_
* `foundationdb-server-6.2.16-1.el6.x86_64.rpm <https://www.foundationdb.org/downloads/6.2.16/rhel6/installers/foundationdb-server-6.2.16-1.el6.x86_64.rpm>`_ (depends on the clients package)
* `foundationdb-clients-6.2.17-1.el6.x86_64.rpm <https://www.foundationdb.org/downloads/6.2.17/rhel6/installers/foundationdb-clients-6.2.17-1.el6.x86_64.rpm>`_
* `foundationdb-server-6.2.17-1.el6.x86_64.rpm <https://www.foundationdb.org/downloads/6.2.17/rhel6/installers/foundationdb-server-6.2.17-1.el6.x86_64.rpm>`_ (depends on the clients package)
RHEL/CentOS EL7
---------------
The RHEL/CentOS EL7 packages are supported on 64-bit RHEL/CentOS 7.x.
* `foundationdb-clients-6.2.16-1.el7.x86_64.rpm <https://www.foundationdb.org/downloads/6.2.16/rhel7/installers/foundationdb-clients-6.2.16-1.el7.x86_64.rpm>`_
* `foundationdb-server-6.2.16-1.el7.x86_64.rpm <https://www.foundationdb.org/downloads/6.2.16/rhel7/installers/foundationdb-server-6.2.16-1.el7.x86_64.rpm>`_ (depends on the clients package)
* `foundationdb-clients-6.2.17-1.el7.x86_64.rpm <https://www.foundationdb.org/downloads/6.2.17/rhel7/installers/foundationdb-clients-6.2.17-1.el7.x86_64.rpm>`_
* `foundationdb-server-6.2.17-1.el7.x86_64.rpm <https://www.foundationdb.org/downloads/6.2.17/rhel7/installers/foundationdb-server-6.2.17-1.el7.x86_64.rpm>`_ (depends on the clients package)
Windows
-------
The Windows installer is supported on 64-bit Windows XP and later. It includes the client and (optionally) the server.
* `foundationdb-6.2.16-x64.msi <https://www.foundationdb.org/downloads/6.2.16/windows/installers/foundationdb-6.2.16-x64.msi>`_
* `foundationdb-6.2.17-x64.msi <https://www.foundationdb.org/downloads/6.2.17/windows/installers/foundationdb-6.2.17-x64.msi>`_
API Language Bindings
=====================
@ -58,18 +58,18 @@ On macOS and Windows, the FoundationDB Python API bindings are installed as part
If you need to use the FoundationDB Python API from other Python installations or paths, use the Python package manager ``pip`` (``pip install foundationdb``) or download the Python package:
* `foundationdb-6.2.16.tar.gz <https://www.foundationdb.org/downloads/6.2.16/bindings/python/foundationdb-6.2.16.tar.gz>`_
* `foundationdb-6.2.17.tar.gz <https://www.foundationdb.org/downloads/6.2.17/bindings/python/foundationdb-6.2.17.tar.gz>`_
Ruby 1.9.3/2.0.0+
-----------------
* `fdb-6.2.16.gem <https://www.foundationdb.org/downloads/6.2.16/bindings/ruby/fdb-6.2.16.gem>`_
* `fdb-6.2.17.gem <https://www.foundationdb.org/downloads/6.2.17/bindings/ruby/fdb-6.2.17.gem>`_
Java 8+
-------
* `fdb-java-6.2.16.jar <https://www.foundationdb.org/downloads/6.2.16/bindings/java/fdb-java-6.2.16.jar>`_
* `fdb-java-6.2.16-javadoc.jar <https://www.foundationdb.org/downloads/6.2.16/bindings/java/fdb-java-6.2.16-javadoc.jar>`_
* `fdb-java-6.2.17.jar <https://www.foundationdb.org/downloads/6.2.17/bindings/java/fdb-java-6.2.17.jar>`_
* `fdb-java-6.2.17-javadoc.jar <https://www.foundationdb.org/downloads/6.2.17/bindings/java/fdb-java-6.2.17-javadoc.jar>`_
Go 1.11+
--------

27
documentation/sphinx/source/old-release-notes/release-notes-620.rst
View File

@ -2,13 +2,36 @@
Release Notes
#############
6.2.16
6.2.17
======
Fixes
-----
* Restored the ability to set TLS configuration using environment variables. `(PR #2755) <https://github.com/apple/foundationdb/pull/2755>`_.
6.2.16
======
Performance
-----------
* Reduced tail commit latencies by improving commit pipelining on the proxies. `(PR #2589) <https://github.com/apple/foundationdb/pull/2589>`_.
* Data distribution does a better job balancing data when disks are more than 70% full. `(PR #2722) <https://github.com/apple/foundationdb/pull/2722>`_.
* Reverse range reads could read too much data from disk, resulting in poor performance relative to forward range reads. `(PR #2650) <https://github.com/apple/foundationdb/pull/2650>`_.
* Switched from LibreSSL to OpenSSL to improve the speed of establishing connections. `(PR #2650) <https://github.com/apple/foundationdb/pull/2650>`_.
* The cluster controller does a better job avoiding multiple recoveries when first recruited. `(PR #2698) <https://github.com/apple/foundationdb/pull/2698>`_.
Fixes
-----
* Storage servers could fail to advance their version correctly in response to empty commits. `(PR #2617) <https://github.com/apple/foundationdb/pull/2617>`_.
* Status could not label more than 5 processes as proxies. `(PR #2653) <https://github.com/apple/foundationdb/pull/2653>`_.
* The ``TR_FLAG_DISABLE_MACHINE_TEAM_REMOVER``, ``TR_FLAG_REMOVE_MT_WITH_MOST_TEAMS``, ``TR_FLAG_DISABLE_SERVER_TEAM_REMOVER``, and ``BUGGIFY_ALL_COORDINATION`` knobs could not be set at runtime. `(PR #2661) <https://github.com/apple/foundationdb/pull/2661>`_.
* Backup container filename parsing was unnecessarily consulting the local filesystem which will error when permission is denied. `(PR #2693) <https://github.com/apple/foundationdb/pull/2693>`_.
* Rebalancing data movement could stop doing work even though the data in the cluster was not well balanced. `(PR #2703) <https://github.com/apple/foundationdb/pull/2703>`_.
* Data movement uses available space rather than free space when deciding how full a process is. `(PR #2708) <https://github.com/apple/foundationdb/pull/2708>`_.
* Fetching status attempts to reuse its connection with the cluster controller. `(PR #2583) <https://github.com/apple/foundationdb/pull/2583>`_.
6.2.15
======
@ -253,4 +276,4 @@ Earlier release notes
* :doc:`Beta 2 (API Version 22) </old-release-notes/release-notes-022>`
* :doc:`Beta 1 (API Version 21) </old-release-notes/release-notes-021>`
* :doc:`Alpha 6 (API Version 16) </old-release-notes/release-notes-016>`
* :doc:`Alpha 5 (API Version 14) </old-release-notes/release-notes-014>`
* :doc:`Alpha 5 (API Version 14) </old-release-notes/release-notes-014>`

3
fdbcli/fdbcli.actor.cpp
View File

@ -3790,8 +3790,5 @@ int main(int argc, char **argv) {
} catch (Error& e) {
printf("ERROR: %s (%d)\n", e.what(), e.code());
return 1;
} catch (boost::system::system_error& e) {
printf("ERROR: %s (%d)\n", e.what(), e.code().value());
return 1;
}
}

16
fdbclient/NativeAPI.actor.cpp
View File

@ -800,6 +800,8 @@ Database Database::createDatabase( Reference<ClusterConnectionFile> connFile, in
}
}
g_network->initTLS();
Reference<AsyncVar<ClientDBInfo>> clientInfo(new AsyncVar<ClientDBInfo>());
Reference<AsyncVar<Reference<ClusterConnectionFile>>> connectionFile(new AsyncVar<Reference<ClusterConnectionFile>>());
connectionFile->set(connFile);
@ -887,20 +889,24 @@ void setNetworkOption(FDBNetworkOptions::Option option, Optional<StringRef> valu
break;
case FDBNetworkOptions::TLS_CERT_PATH:
validateOptionValue(value, true);
tlsParams.tlsCertBytes = "";
tlsParams.tlsCertPath = value.get().toString();
break;
case FDBNetworkOptions::TLS_CERT_BYTES: {
validateOptionValue(value, true);
tlsParams.tlsCertPath = "";
tlsParams.tlsCertBytes = value.get().toString();
break;
}
case FDBNetworkOptions::TLS_CA_PATH: {
validateOptionValue(value, true);
tlsParams.tlsCABytes = "";
tlsParams.tlsCAPath = value.get().toString();
break;
}
case FDBNetworkOptions::TLS_CA_BYTES: {
validateOptionValue(value, true);
tlsParams.tlsCAPath = "";
tlsParams.tlsCABytes = value.get().toString();
break;
}
@ -909,11 +915,13 @@ void setNetworkOption(FDBNetworkOptions::Option option, Optional<StringRef> valu
tlsParams.tlsPassword = value.get().toString();
break;
case FDBNetworkOptions::TLS_KEY_PATH:
validateOptionValue(value, true);
validateOptionValue(value, true);
tlsParams.tlsKeyBytes = "";
tlsParams.tlsKeyPath = value.get().toString();
break;
case FDBNetworkOptions::TLS_KEY_BYTES: {
validateOptionValue(value, true);
tlsParams.tlsKeyPath = "";
tlsParams.tlsKeyBytes = value.get().toString();
break;
}
@ -921,11 +929,7 @@ void setNetworkOption(FDBNetworkOptions::Option option, Optional<StringRef> valu
validateOptionValue(value, true);
initTLSPolicy();
#ifndef TLS_DISABLED
if (!tlsPolicy->set_verify_peers({ value.get().toString() })) {
TraceEvent(SevWarnAlways, "TLSValidationSetError")
.detail("Input", value.get().toString() );
throw invalid_option_value();
}
tlsPolicy->set_verify_peers({ value.get().toString() });
#endif
break;
case FDBNetworkOptions::CLIENT_BUGGIFY_ENABLE:

21
fdbrpc/Platform.cpp
View File

@ -112,24 +112,6 @@ int eraseDirectoryRecursive(std::string const& dir) {
return __eraseDirectoryRecurseiveCount;
}
std::string getDefaultConfigPath() {
#ifdef _WIN32
TCHAR szPath[MAX_PATH];
if( SHGetFolderPath(NULL, CSIDL_COMMON_APPDATA, NULL, 0, szPath) != S_OK ) {
TraceEvent(SevError, "WindowsAppDataError").GetLastError();
throw platform_error();
}
std::string _filepath(szPath);
return _filepath + "\\foundationdb";
#elif defined(__linux__)
return "/etc/foundationdb";
#elif defined(__APPLE__)
return "/usr/local/etc/foundationdb";
#else
#error Port me!
#endif
}
bool isSse42Supported()
{
#if defined(_WIN32)
@ -145,7 +127,4 @@ bool isSse42Supported()
#endif
}
std::string getDefaultClusterFilePath() {
return joinPath(platform::getDefaultConfigPath(), "fdb.cluster");
}
} // namespace platform

6
fdbrpc/Platform.h
View File

@ -30,12 +30,6 @@ namespace platform {
// Avoid in production code: not atomic, not fast, not reliable in all environments
int eraseDirectoryRecursive(std::string const& directory);
// Returns the absolute platform-dependant path for the default fdb.cluster file
std::string getDefaultClusterFilePath();
// Returns the absolute platform-dependant path for server-based files
std::string getDefaultConfigPath();
bool isSse42Supported();
} // namespace platform

10
fdbserver/fdbserver.actor.cpp
View File

@ -1628,7 +1628,13 @@ int main(int argc, char* argv[]) {
} else {
#ifndef TLS_DISABLED
if ( opts.tlsVerifyPeers.size() ) {
opts.tlsPolicy->set_verify_peers( opts.tlsVerifyPeers );
try {
opts.tlsPolicy->set_verify_peers( opts.tlsVerifyPeers );
} catch( Error &e ) {
fprintf(stderr, "ERROR: The format of the --tls_verify_peers option is incorrect.\n");
printHelpTeaser(argv[0]);
flushAndExit(FDB_EXIT_ERROR);
}
}
#endif
g_network = newNet2(opts.useThreadPool, true, opts.tlsPolicy, opts.tlsParams);
@ -1645,6 +1651,7 @@ int main(int argc, char* argv[]) {
openTraceFile(opts.publicAddresses.address, opts.rollsize, opts.maxLogsSize, opts.logFolder, "trace",
opts.logGroup);
g_network->initTLS();
if (expectsPublicAddress) {
for (int ii = 0; ii < (opts.publicAddresses.secondaryAddress.present() ? 2 : 1); ++ii) {
@ -2063,6 +2070,7 @@ int main(int argc, char* argv[]) {
//printf("\n%d tests passed; %d tests failed\n", passCount, failCount);
flushAndExit(FDB_EXIT_MAIN_ERROR);
} catch (boost::system::system_error& e) {
ASSERT_WE_THINK(false); // boost errors shouldn't leak
fprintf(stderr, "boost::system::system_error: %s (%d)", e.what(), e.code().value());
TraceEvent(SevError, "MainError").error(unknown_error()).detail("RootException", e.what());
//printf("\n%d tests passed; %d tests failed\n", passCount, failCount);

152
flow/Net2.actor.cpp
View File

@ -111,7 +111,8 @@ thread_local INetwork* thread_network = 0;
class Net2 sealed : public INetwork, public INetworkConnections {
public:
Net2(bool useThreadPool, bool useMetrics, Reference<TLSPolicy> policy, const TLSParams& tlsParams);
Net2(bool useThreadPool, bool useMetrics, Reference<TLSPolicy> tlsPolicy, const TLSParams& tlsParams);
void initTLS();
void run();
void initMetrics();
@ -158,10 +159,12 @@ public:
#ifndef TLS_DISABLED
boost::asio::ssl::context sslContext;
#endif
std::string tlsPassword;
Reference<TLSPolicy> tlsPolicy;
TLSParams tlsParams;
bool tlsInitialized;
std::string get_password() const {
return tlsPassword;
return tlsParams.tlsPassword;
}
INetworkConnections *network; // initially this, but can be changed
@ -853,7 +856,7 @@ bool insecurely_always_accept(bool _1, boost::asio::ssl::verify_context& _2) {
}
#endif
Net2::Net2(bool useThreadPool, bool useMetrics, Reference<TLSPolicy> policy, const TLSParams& tlsParams)
Net2::Net2(bool useThreadPool, bool useMetrics, Reference<TLSPolicy> tlsPolicy, const TLSParams& tlsParams)
: useThreadPool(useThreadPool),
network(this),
reactor(this),
@ -863,7 +866,9 @@ Net2::Net2(bool useThreadPool, bool useMetrics, Reference<TLSPolicy> policy, con
tsc_begin(0), tsc_end(0), taskBegin(0), currentTaskID(TaskPriority::DefaultYield),
lastMinTaskID(TaskPriority::Zero),
numYields(0),
tlsPassword(tlsParams.tlsPassword)
tlsInitialized(false),
tlsPolicy(tlsPolicy),
tlsParams(tlsParams)
#ifndef TLS_DISABLED
,sslContext(boost::asio::ssl::context(boost::asio::ssl::context::tlsv12))
#endif
@ -871,40 +876,6 @@ Net2::Net2(bool useThreadPool, bool useMetrics, Reference<TLSPolicy> policy, con
{
TraceEvent("Net2Starting");
#ifndef TLS_DISABLED
sslContext.set_options(boost::asio::ssl::context::default_workarounds);
sslContext.set_verify_mode(boost::asio::ssl::context::verify_peer | boost::asio::ssl::verify_fail_if_no_peer_cert);
if (policy) {
sslContext.set_verify_callback([policy](bool preverified, boost::asio::ssl::verify_context& ctx) {
return policy->verify_peer(preverified, ctx.native_handle());
});
} else {
sslContext.set_verify_callback(boost::bind(&insecurely_always_accept, _1, _2));
}
sslContext.set_password_callback(std::bind(&Net2::get_password, this));
if (tlsParams.tlsCertPath.size() ) {
sslContext.use_certificate_chain_file(tlsParams.tlsCertPath);
}
if (tlsParams.tlsCertBytes.size() ) {
sslContext.use_certificate(boost::asio::buffer(tlsParams.tlsCertBytes.data(), tlsParams.tlsCertBytes.size()), boost::asio::ssl::context::pem);
}
if (tlsParams.tlsCAPath.size()) {
std::string cert = readFileBytes(tlsParams.tlsCAPath, FLOW_KNOBS->CERT_FILE_MAX_SIZE);
sslContext.add_certificate_authority(boost::asio::buffer(cert.data(), cert.size()));
}
if (tlsParams.tlsCABytes.size()) {
sslContext.add_certificate_authority(boost::asio::buffer(tlsParams.tlsCABytes.data(), tlsParams.tlsCABytes.size()));
}
if (tlsParams.tlsKeyPath.size()) {
sslContext.use_private_key_file(tlsParams.tlsKeyPath, boost::asio::ssl::context::pem);
}
if (tlsParams.tlsKeyBytes.size()) {
sslContext.use_private_key(boost::asio::buffer(tlsParams.tlsKeyBytes.data(), tlsParams.tlsKeyBytes.size()), boost::asio::ssl::context::pem);
}
#endif
// Set the global members
if(useMetrics) {
setGlobal(INetwork::enTDMetrics, (flowGlobalType) &tdmetrics);
@ -926,6 +897,102 @@ Net2::Net2(bool useThreadPool, bool useMetrics, Reference<TLSPolicy> policy, con
}
void Net2::initTLS() {
if(tlsInitialized) {
return;
}
#ifndef TLS_DISABLED
try {
const char *defaultCertFileName = "fdb.pem";
if( tlsPolicy && !tlsPolicy->rules.size() ) {
std::string verify_peers;
if (platform::getEnvironmentVar("FDB_TLS_VERIFY_PEERS", verify_peers)) {
tlsPolicy->set_verify_peers({ verify_peers });
} else {
tlsPolicy->set_verify_peers({ std::string("Check.Valid=1")});
}
}
sslContext.set_options(boost::asio::ssl::context::default_workarounds);
sslContext.set_verify_mode(boost::asio::ssl::context::verify_peer | boost::asio::ssl::verify_fail_if_no_peer_cert);
if (tlsPolicy) {
Reference<TLSPolicy> policy = tlsPolicy;
sslContext.set_verify_callback([policy](bool preverified, boost::asio::ssl::verify_context& ctx) {
return policy->verify_peer(preverified, ctx.native_handle());
});
} else {
sslContext.set_verify_callback(boost::bind(&insecurely_always_accept, _1, _2));
}
if ( !tlsParams.tlsPassword.size() ) {
platform::getEnvironmentVar( "FDB_TLS_PASSWORD", tlsParams.tlsPassword );
}
sslContext.set_password_callback(std::bind(&Net2::get_password, this));
if ( tlsParams.tlsCertBytes.size() ) {
sslContext.use_certificate_chain(boost::asio::buffer(tlsParams.tlsCertBytes.data(), tlsParams.tlsCertBytes.size()));
}
else {
if ( !tlsParams.tlsCertPath.size() ) {
if ( !platform::getEnvironmentVar( "FDB_TLS_CERTIFICATE_FILE", tlsParams.tlsCertPath ) ) {
if( fileExists(defaultCertFileName) ) {
tlsParams.tlsCertPath = defaultCertFileName;
} else if( fileExists( joinPath(platform::getDefaultConfigPath(), defaultCertFileName) ) ) {
tlsParams.tlsCertPath = joinPath(platform::getDefaultConfigPath(), defaultCertFileName);
}
}
}
if ( tlsParams.tlsCertPath.size() ) {
sslContext.use_certificate_chain_file(tlsParams.tlsCertPath);
}
}
if ( tlsParams.tlsCABytes.size() ) {
sslContext.add_certificate_authority(boost::asio::buffer(tlsParams.tlsCABytes.data(), tlsParams.tlsCABytes.size()));
}
else {
if ( !tlsParams.tlsCAPath.size() ) {
platform::getEnvironmentVar("FDB_TLS_CA_FILE", tlsParams.tlsCAPath);
}
if ( tlsParams.tlsCAPath.size() ) {
try {
std::string cert = readFileBytes(tlsParams.tlsCAPath, FLOW_KNOBS->CERT_FILE_MAX_SIZE);
sslContext.add_certificate_authority(boost::asio::buffer(cert.data(), cert.size()));
}
catch (Error& e) {
fprintf(stderr, "Error reading CA file %s: %s\n", tlsParams.tlsCAPath.c_str(), e.what());
TraceEvent("Net2TLSReadCAError").error(e);
throw tls_error();
}
}
}
if (tlsParams.tlsKeyBytes.size()) {
sslContext.use_private_key(boost::asio::buffer(tlsParams.tlsKeyBytes.data(), tlsParams.tlsKeyBytes.size()), boost::asio::ssl::context::pem);
} else {
if (!tlsParams.tlsKeyPath.size()) {
if(!platform::getEnvironmentVar( "FDB_TLS_KEY_FILE", tlsParams.tlsKeyPath)) {
if( fileExists(defaultCertFileName) ) {
tlsParams.tlsKeyPath = defaultCertFileName;
} else if( fileExists( joinPath(platform::getDefaultConfigPath(), defaultCertFileName) ) ) {
tlsParams.tlsKeyPath = joinPath(platform::getDefaultConfigPath(), defaultCertFileName);
}
}
}
if (tlsParams.tlsKeyPath.size()) {
sslContext.use_private_key_file(tlsParams.tlsKeyPath, boost::asio::ssl::context::pem);
}
}
} catch(boost::system::system_error e) {
fprintf(stderr, "Error initializing TLS: %s\n", e.what());
TraceEvent("Net2TLSInitError").detail("Message", e.what());
throw tls_error();
}
#endif
tlsInitialized = true;
}
ACTOR Future<Void> Net2::logTimeOffset() {
loop {
double processTime = timer_monotonic();
@ -1282,6 +1349,7 @@ THREAD_HANDLE Net2::startThread( THREAD_FUNC_RETURN (*func) (void*), void *arg )
Future< Reference<IConnection> > Net2::connect( NetworkAddress toAddr, std::string host ) {
#ifndef TLS_DISABLED
initTLS();
if ( toAddr.isTLS() ) {
return SSLConnection::connect(&this->reactor.ios, &this->sslContext, toAddr);
}
@ -1361,6 +1429,7 @@ bool Net2::isAddressOnThisHost( NetworkAddress const& addr ) {
Reference<IListener> Net2::listen( NetworkAddress localAddr ) {
try {
#ifndef TLS_DISABLED
initTLS();
if ( localAddr.isTLS() ) {
return Reference<IListener>(new SSLListener( reactor.ios, &this->sslContext, localAddr ));
}
@ -1380,6 +1449,9 @@ Reference<IListener> Net2::listen( NetworkAddress localAddr ) {
Error x = unknown_error();
TraceEvent("Net2ListenError").error(x).detail("Message", e.what());
throw x;
} catch (Error &e ) {
TraceEvent("Net2ListenError").error(e);
throw e;
} catch (...) {
Error x = unknown_error();
TraceEvent("Net2ListenError").error(x);
@ -1465,7 +1537,7 @@ INetwork* newNet2(bool useThreadPool, bool useMetrics, Reference<TLSPolicy> poli
}
catch(boost::system::system_error e) {
TraceEvent("Net2InitError").detail("Message", e.what());
throw;
throw unknown_error();
}
catch(std::exception const& e) {
TraceEvent("Net2InitError").detail("Message", e.what());

24
flow/Platform.cpp
View File

@ -2369,26 +2369,28 @@ std::string getWorkingDirectory() {
extern std::string format( const char *form, ... );
namespace platform {
std::string getDefaultPluginPath( const char* plugin_name ) {
std::string getDefaultConfigPath() {
#ifdef _WIN32
std::string installPath;
if(!platform::getEnvironmentVar("FOUNDATIONDB_INSTALL_PATH", installPath)) {
// This is relying of the DLL search order to load the plugin,
// starting in the same directory as the executable.
return plugin_name;
TCHAR szPath[MAX_PATH];
if( SHGetFolderPath(NULL, CSIDL_COMMON_APPDATA, NULL, 0, szPath) != S_OK ) {
TraceEvent(SevError, "WindowsAppDataError").GetLastError();
throw platform_error();
}
return format( "%splugins\\%s.dll", installPath.c_str(), plugin_name );
std::string _filepath(szPath);
return _filepath + "\\foundationdb";
#elif defined(__linux__)
return format( "/usr/lib/foundationdb/plugins/%s.so", plugin_name );
return "/etc/foundationdb";
#elif defined(__APPLE__)
return format( "/usr/local/foundationdb/plugins/%s.dylib", plugin_name );
return "/usr/local/etc/foundationdb";
#else
#error Port me!
#endif
}
std::string getDefaultClusterFilePath() {
return joinPath(getDefaultConfigPath(), "fdb.cluster");
}
} // namespace platform
#ifdef ALLOC_INSTRUMENTATION

7
flow/Platform.h
View File

@ -375,8 +375,11 @@ int setEnvironmentVar(const char *name, const char *value, int overwrite);
std::string getWorkingDirectory();
// Returns the ... something something figure out plugin locations
std::string getDefaultPluginPath( const char* plugin_name );
// Returns the absolute platform-dependant path for server-based files
std::string getDefaultConfigPath();
// Returns the absolute platform-dependant path for the default fdb.cluster file
std::string getDefaultClusterFilePath();
void *getImageOffset();

5
flow/TLSPolicy.cpp
View File

@ -215,7 +215,7 @@ static X509Location locationForNID(NID nid) {
}
}
bool TLSPolicy::set_verify_peers(std::vector<std::string> verify_peers) {
void TLSPolicy::set_verify_peers(std::vector<std::string> verify_peers) {
for (int i = 0; i < verify_peers.size(); i++) {
try {
std::string& verifyString = verify_peers[i];
@ -235,10 +235,9 @@ bool TLSPolicy::set_verify_peers(std::vector<std::string> verify_peers) {
rules.clear();
std::string& verifyString = verify_peers[i];
TraceEvent(SevError, "FDBLibTLSVerifyPeersParseError").detail("Config", verifyString);
return false;
throw tls_error();
}
}
return true;
}
TLSPolicy::Rule::Rule(std::string input) {

2
flow/TLSPolicy.h
View File

@ -89,7 +89,7 @@ public:
#ifndef TLS_DISABLED
static std::string ErrorString(boost::system::error_code e);
bool set_verify_peers(std::vector<std::string> verify_peers);
void set_verify_peers(std::vector<std::string> verify_peers);
bool verify_peer(bool preverified, X509_STORE_CTX* store_ctx);
std::string toString() const;

3
flow/network.h
View File

@ -487,6 +487,9 @@ public:
virtual void initMetrics() {}
// Metrics must be initialized after FlowTransport::createInstance has been called
virtual void initTLS() {}
// TLS must be initialized before using the network
virtual void getDiskBytes( std::string const& directory, int64_t& free, int64_t& total) = 0;
//Gets the number of free and total bytes available on the disk which contains directory

2
packaging/msi/FDBInstaller.wxs
View File

@ -32,7 +32,7 @@
<Wix xmlns='http://schemas.microsoft.com/wix/2006/wi'>
<Product Name='$(var.Title)'
Id='{A367558A-B357-463E-B43A-829823A3CE72}'
Id='{F1D7D860-8033-4592-8A68-18E4BD8DAB5C}'
UpgradeCode='{A95EA002-686E-4164-8356-C715B7F8B1C8}'
Version='$(var.Version)'
Manufacturer='$(var.Manufacturer)'