diff --git a/bindings/c/fdb_c.cpp b/bindings/c/fdb_c.cpp index 762c65596f..b89c43af47 100644 --- a/bindings/c/fdb_c.cpp +++ b/bindings/c/fdb_c.cpp @@ -107,12 +107,7 @@ fdb_error_t fdb_network_set_option( FDBNetworkOption option, } fdb_error_t fdb_setup_network_impl() { - CATCH_AND_RETURN( - try { - API->setupNetwork(); - } catch (boost::system::system_error& e) { - return error_code_tls_error; - } ); + CATCH_AND_RETURN( API->setupNetwork(); ); } fdb_error_t fdb_setup_network_v13( const char* localAddress ) { diff --git a/documentation/sphinx/source/downloads.rst b/documentation/sphinx/source/downloads.rst index b375025a59..e6dd3c444f 100644 --- a/documentation/sphinx/source/downloads.rst +++ b/documentation/sphinx/source/downloads.rst @@ -10,38 +10,38 @@ macOS The macOS installation package is supported on macOS 10.7+. It includes the client and (optionally) the server. -* `FoundationDB-6.2.16.pkg `_ +* `FoundationDB-6.2.17.pkg `_ Ubuntu ------ The Ubuntu packages are supported on 64-bit Ubuntu 12.04+, but beware of the Linux kernel bug in Ubuntu 12.x. -* `foundationdb-clients-6.2.16-1_amd64.deb `_ -* `foundationdb-server-6.2.16-1_amd64.deb `_ (depends on the clients package) +* `foundationdb-clients-6.2.17-1_amd64.deb `_ +* `foundationdb-server-6.2.17-1_amd64.deb `_ (depends on the clients package) RHEL/CentOS EL6 --------------- The RHEL/CentOS EL6 packages are supported on 64-bit RHEL/CentOS 6.x. -* `foundationdb-clients-6.2.16-1.el6.x86_64.rpm `_ -* `foundationdb-server-6.2.16-1.el6.x86_64.rpm `_ (depends on the clients package) +* `foundationdb-clients-6.2.17-1.el6.x86_64.rpm `_ +* `foundationdb-server-6.2.17-1.el6.x86_64.rpm `_ (depends on the clients package) RHEL/CentOS EL7 --------------- The RHEL/CentOS EL7 packages are supported on 64-bit RHEL/CentOS 7.x. -* `foundationdb-clients-6.2.16-1.el7.x86_64.rpm `_ -* `foundationdb-server-6.2.16-1.el7.x86_64.rpm `_ (depends on the clients package) +* `foundationdb-clients-6.2.17-1.el7.x86_64.rpm `_ +* `foundationdb-server-6.2.17-1.el7.x86_64.rpm `_ (depends on the clients package) Windows ------- The Windows installer is supported on 64-bit Windows XP and later. It includes the client and (optionally) the server. -* `foundationdb-6.2.16-x64.msi `_ +* `foundationdb-6.2.17-x64.msi `_ API Language Bindings ===================== @@ -58,18 +58,18 @@ On macOS and Windows, the FoundationDB Python API bindings are installed as part If you need to use the FoundationDB Python API from other Python installations or paths, use the Python package manager ``pip`` (``pip install foundationdb``) or download the Python package: -* `foundationdb-6.2.16.tar.gz `_ +* `foundationdb-6.2.17.tar.gz `_ Ruby 1.9.3/2.0.0+ ----------------- -* `fdb-6.2.16.gem `_ +* `fdb-6.2.17.gem `_ Java 8+ ------- -* `fdb-java-6.2.16.jar `_ -* `fdb-java-6.2.16-javadoc.jar `_ +* `fdb-java-6.2.17.jar `_ +* `fdb-java-6.2.17-javadoc.jar `_ Go 1.11+ -------- diff --git a/documentation/sphinx/source/old-release-notes/release-notes-620.rst b/documentation/sphinx/source/old-release-notes/release-notes-620.rst index 4f86c1dab2..d71b525542 100644 --- a/documentation/sphinx/source/old-release-notes/release-notes-620.rst +++ b/documentation/sphinx/source/old-release-notes/release-notes-620.rst @@ -2,13 +2,36 @@ Release Notes ############# -6.2.16 +6.2.17 ====== Fixes ----- +* Restored the ability to set TLS configuration using environment variables. `(PR #2755) `_. + +6.2.16 +====== + +Performance +----------- + +* Reduced tail commit latencies by improving commit pipelining on the proxies. `(PR #2589) `_. +* Data distribution does a better job balancing data when disks are more than 70% full. `(PR #2722) `_. +* Reverse range reads could read too much data from disk, resulting in poor performance relative to forward range reads. `(PR #2650) `_. +* Switched from LibreSSL to OpenSSL to improve the speed of establishing connections. `(PR #2650) `_. +* The cluster controller does a better job avoiding multiple recoveries when first recruited. `(PR #2698) `_. + +Fixes +----- + * Storage servers could fail to advance their version correctly in response to empty commits. `(PR #2617) `_. +* Status could not label more than 5 processes as proxies. `(PR #2653) `_. +* The ``TR_FLAG_DISABLE_MACHINE_TEAM_REMOVER``, ``TR_FLAG_REMOVE_MT_WITH_MOST_TEAMS``, ``TR_FLAG_DISABLE_SERVER_TEAM_REMOVER``, and ``BUGGIFY_ALL_COORDINATION`` knobs could not be set at runtime. `(PR #2661) `_. +* Backup container filename parsing was unnecessarily consulting the local filesystem which will error when permission is denied. `(PR #2693) `_. +* Rebalancing data movement could stop doing work even though the data in the cluster was not well balanced. `(PR #2703) `_. +* Data movement uses available space rather than free space when deciding how full a process is. `(PR #2708) `_. +* Fetching status attempts to reuse its connection with the cluster controller. `(PR #2583) `_. 6.2.15 ====== @@ -253,4 +276,4 @@ Earlier release notes * :doc:`Beta 2 (API Version 22) ` * :doc:`Beta 1 (API Version 21) ` * :doc:`Alpha 6 (API Version 16) ` -* :doc:`Alpha 5 (API Version 14) ` +* :doc:`Alpha 5 (API Version 14) ` \ No newline at end of file diff --git a/fdbcli/fdbcli.actor.cpp b/fdbcli/fdbcli.actor.cpp index bf16223cc4..e1420f1cab 100644 --- a/fdbcli/fdbcli.actor.cpp +++ b/fdbcli/fdbcli.actor.cpp @@ -3790,8 +3790,5 @@ int main(int argc, char **argv) { } catch (Error& e) { printf("ERROR: %s (%d)\n", e.what(), e.code()); return 1; - } catch (boost::system::system_error& e) { - printf("ERROR: %s (%d)\n", e.what(), e.code().value()); - return 1; } } diff --git a/fdbclient/NativeAPI.actor.cpp b/fdbclient/NativeAPI.actor.cpp index d9b022f2ff..ffb6cc5288 100644 --- a/fdbclient/NativeAPI.actor.cpp +++ b/fdbclient/NativeAPI.actor.cpp @@ -800,6 +800,8 @@ Database Database::createDatabase( Reference connFile, in } } + g_network->initTLS(); + Reference> clientInfo(new AsyncVar()); Reference>> connectionFile(new AsyncVar>()); connectionFile->set(connFile); @@ -887,20 +889,24 @@ void setNetworkOption(FDBNetworkOptions::Option option, Optional valu break; case FDBNetworkOptions::TLS_CERT_PATH: validateOptionValue(value, true); + tlsParams.tlsCertBytes = ""; tlsParams.tlsCertPath = value.get().toString(); break; case FDBNetworkOptions::TLS_CERT_BYTES: { validateOptionValue(value, true); + tlsParams.tlsCertPath = ""; tlsParams.tlsCertBytes = value.get().toString(); break; } case FDBNetworkOptions::TLS_CA_PATH: { validateOptionValue(value, true); + tlsParams.tlsCABytes = ""; tlsParams.tlsCAPath = value.get().toString(); break; } case FDBNetworkOptions::TLS_CA_BYTES: { validateOptionValue(value, true); + tlsParams.tlsCAPath = ""; tlsParams.tlsCABytes = value.get().toString(); break; } @@ -909,11 +915,13 @@ void setNetworkOption(FDBNetworkOptions::Option option, Optional valu tlsParams.tlsPassword = value.get().toString(); break; case FDBNetworkOptions::TLS_KEY_PATH: - validateOptionValue(value, true); + validateOptionValue(value, true); + tlsParams.tlsKeyBytes = ""; tlsParams.tlsKeyPath = value.get().toString(); break; case FDBNetworkOptions::TLS_KEY_BYTES: { validateOptionValue(value, true); + tlsParams.tlsKeyPath = ""; tlsParams.tlsKeyBytes = value.get().toString(); break; } @@ -921,11 +929,7 @@ void setNetworkOption(FDBNetworkOptions::Option option, Optional valu validateOptionValue(value, true); initTLSPolicy(); #ifndef TLS_DISABLED - if (!tlsPolicy->set_verify_peers({ value.get().toString() })) { - TraceEvent(SevWarnAlways, "TLSValidationSetError") - .detail("Input", value.get().toString() ); - throw invalid_option_value(); - } + tlsPolicy->set_verify_peers({ value.get().toString() }); #endif break; case FDBNetworkOptions::CLIENT_BUGGIFY_ENABLE: diff --git a/fdbrpc/Platform.cpp b/fdbrpc/Platform.cpp index a680540d53..12af7491d0 100644 --- a/fdbrpc/Platform.cpp +++ b/fdbrpc/Platform.cpp @@ -112,24 +112,6 @@ int eraseDirectoryRecursive(std::string const& dir) { return __eraseDirectoryRecurseiveCount; } -std::string getDefaultConfigPath() { -#ifdef _WIN32 - TCHAR szPath[MAX_PATH]; - if( SHGetFolderPath(NULL, CSIDL_COMMON_APPDATA, NULL, 0, szPath) != S_OK ) { - TraceEvent(SevError, "WindowsAppDataError").GetLastError(); - throw platform_error(); - } - std::string _filepath(szPath); - return _filepath + "\\foundationdb"; -#elif defined(__linux__) - return "/etc/foundationdb"; -#elif defined(__APPLE__) - return "/usr/local/etc/foundationdb"; -#else - #error Port me! -#endif -} - bool isSse42Supported() { #if defined(_WIN32) @@ -145,7 +127,4 @@ bool isSse42Supported() #endif } -std::string getDefaultClusterFilePath() { - return joinPath(platform::getDefaultConfigPath(), "fdb.cluster"); -} } // namespace platform diff --git a/fdbrpc/Platform.h b/fdbrpc/Platform.h index fe6eb69542..8051057fd4 100644 --- a/fdbrpc/Platform.h +++ b/fdbrpc/Platform.h @@ -30,12 +30,6 @@ namespace platform { // Avoid in production code: not atomic, not fast, not reliable in all environments int eraseDirectoryRecursive(std::string const& directory); -// Returns the absolute platform-dependant path for the default fdb.cluster file -std::string getDefaultClusterFilePath(); - -// Returns the absolute platform-dependant path for server-based files -std::string getDefaultConfigPath(); - bool isSse42Supported(); } // namespace platform diff --git a/fdbserver/fdbserver.actor.cpp b/fdbserver/fdbserver.actor.cpp index 4ab538ff8a..53989f0210 100644 --- a/fdbserver/fdbserver.actor.cpp +++ b/fdbserver/fdbserver.actor.cpp @@ -1628,7 +1628,13 @@ int main(int argc, char* argv[]) { } else { #ifndef TLS_DISABLED if ( opts.tlsVerifyPeers.size() ) { - opts.tlsPolicy->set_verify_peers( opts.tlsVerifyPeers ); + try { + opts.tlsPolicy->set_verify_peers( opts.tlsVerifyPeers ); + } catch( Error &e ) { + fprintf(stderr, "ERROR: The format of the --tls_verify_peers option is incorrect.\n"); + printHelpTeaser(argv[0]); + flushAndExit(FDB_EXIT_ERROR); + } } #endif g_network = newNet2(opts.useThreadPool, true, opts.tlsPolicy, opts.tlsParams); @@ -1645,6 +1651,7 @@ int main(int argc, char* argv[]) { openTraceFile(opts.publicAddresses.address, opts.rollsize, opts.maxLogsSize, opts.logFolder, "trace", opts.logGroup); + g_network->initTLS(); if (expectsPublicAddress) { for (int ii = 0; ii < (opts.publicAddresses.secondaryAddress.present() ? 2 : 1); ++ii) { @@ -2063,6 +2070,7 @@ int main(int argc, char* argv[]) { //printf("\n%d tests passed; %d tests failed\n", passCount, failCount); flushAndExit(FDB_EXIT_MAIN_ERROR); } catch (boost::system::system_error& e) { + ASSERT_WE_THINK(false); // boost errors shouldn't leak fprintf(stderr, "boost::system::system_error: %s (%d)", e.what(), e.code().value()); TraceEvent(SevError, "MainError").error(unknown_error()).detail("RootException", e.what()); //printf("\n%d tests passed; %d tests failed\n", passCount, failCount); diff --git a/flow/Net2.actor.cpp b/flow/Net2.actor.cpp index 281316af91..15a24b6dc3 100644 --- a/flow/Net2.actor.cpp +++ b/flow/Net2.actor.cpp @@ -111,7 +111,8 @@ thread_local INetwork* thread_network = 0; class Net2 sealed : public INetwork, public INetworkConnections { public: - Net2(bool useThreadPool, bool useMetrics, Reference policy, const TLSParams& tlsParams); + Net2(bool useThreadPool, bool useMetrics, Reference tlsPolicy, const TLSParams& tlsParams); + void initTLS(); void run(); void initMetrics(); @@ -158,10 +159,12 @@ public: #ifndef TLS_DISABLED boost::asio::ssl::context sslContext; #endif - std::string tlsPassword; + Reference tlsPolicy; + TLSParams tlsParams; + bool tlsInitialized; std::string get_password() const { - return tlsPassword; + return tlsParams.tlsPassword; } INetworkConnections *network; // initially this, but can be changed @@ -853,7 +856,7 @@ bool insecurely_always_accept(bool _1, boost::asio::ssl::verify_context& _2) { } #endif -Net2::Net2(bool useThreadPool, bool useMetrics, Reference policy, const TLSParams& tlsParams) +Net2::Net2(bool useThreadPool, bool useMetrics, Reference tlsPolicy, const TLSParams& tlsParams) : useThreadPool(useThreadPool), network(this), reactor(this), @@ -863,7 +866,9 @@ Net2::Net2(bool useThreadPool, bool useMetrics, Reference policy, con tsc_begin(0), tsc_end(0), taskBegin(0), currentTaskID(TaskPriority::DefaultYield), lastMinTaskID(TaskPriority::Zero), numYields(0), - tlsPassword(tlsParams.tlsPassword) + tlsInitialized(false), + tlsPolicy(tlsPolicy), + tlsParams(tlsParams) #ifndef TLS_DISABLED ,sslContext(boost::asio::ssl::context(boost::asio::ssl::context::tlsv12)) #endif @@ -871,40 +876,6 @@ Net2::Net2(bool useThreadPool, bool useMetrics, Reference policy, con { TraceEvent("Net2Starting"); -#ifndef TLS_DISABLED - sslContext.set_options(boost::asio::ssl::context::default_workarounds); - sslContext.set_verify_mode(boost::asio::ssl::context::verify_peer | boost::asio::ssl::verify_fail_if_no_peer_cert); - if (policy) { - sslContext.set_verify_callback([policy](bool preverified, boost::asio::ssl::verify_context& ctx) { - return policy->verify_peer(preverified, ctx.native_handle()); - }); - } else { - sslContext.set_verify_callback(boost::bind(&insecurely_always_accept, _1, _2)); - } - - sslContext.set_password_callback(std::bind(&Net2::get_password, this)); - - if (tlsParams.tlsCertPath.size() ) { - sslContext.use_certificate_chain_file(tlsParams.tlsCertPath); - } - if (tlsParams.tlsCertBytes.size() ) { - sslContext.use_certificate(boost::asio::buffer(tlsParams.tlsCertBytes.data(), tlsParams.tlsCertBytes.size()), boost::asio::ssl::context::pem); - } - if (tlsParams.tlsCAPath.size()) { - std::string cert = readFileBytes(tlsParams.tlsCAPath, FLOW_KNOBS->CERT_FILE_MAX_SIZE); - sslContext.add_certificate_authority(boost::asio::buffer(cert.data(), cert.size())); - } - if (tlsParams.tlsCABytes.size()) { - sslContext.add_certificate_authority(boost::asio::buffer(tlsParams.tlsCABytes.data(), tlsParams.tlsCABytes.size())); - } - if (tlsParams.tlsKeyPath.size()) { - sslContext.use_private_key_file(tlsParams.tlsKeyPath, boost::asio::ssl::context::pem); - } - if (tlsParams.tlsKeyBytes.size()) { - sslContext.use_private_key(boost::asio::buffer(tlsParams.tlsKeyBytes.data(), tlsParams.tlsKeyBytes.size()), boost::asio::ssl::context::pem); - } -#endif - // Set the global members if(useMetrics) { setGlobal(INetwork::enTDMetrics, (flowGlobalType) &tdmetrics); @@ -926,6 +897,102 @@ Net2::Net2(bool useThreadPool, bool useMetrics, Reference policy, con } +void Net2::initTLS() { + if(tlsInitialized) { + return; + } +#ifndef TLS_DISABLED + try { + const char *defaultCertFileName = "fdb.pem"; + + if( tlsPolicy && !tlsPolicy->rules.size() ) { + std::string verify_peers; + if (platform::getEnvironmentVar("FDB_TLS_VERIFY_PEERS", verify_peers)) { + tlsPolicy->set_verify_peers({ verify_peers }); + } else { + tlsPolicy->set_verify_peers({ std::string("Check.Valid=1")}); + } + } + + sslContext.set_options(boost::asio::ssl::context::default_workarounds); + sslContext.set_verify_mode(boost::asio::ssl::context::verify_peer | boost::asio::ssl::verify_fail_if_no_peer_cert); + if (tlsPolicy) { + Reference policy = tlsPolicy; + sslContext.set_verify_callback([policy](bool preverified, boost::asio::ssl::verify_context& ctx) { + return policy->verify_peer(preverified, ctx.native_handle()); + }); + } else { + sslContext.set_verify_callback(boost::bind(&insecurely_always_accept, _1, _2)); + } + + if ( !tlsParams.tlsPassword.size() ) { + platform::getEnvironmentVar( "FDB_TLS_PASSWORD", tlsParams.tlsPassword ); + } + sslContext.set_password_callback(std::bind(&Net2::get_password, this)); + + if ( tlsParams.tlsCertBytes.size() ) { + sslContext.use_certificate_chain(boost::asio::buffer(tlsParams.tlsCertBytes.data(), tlsParams.tlsCertBytes.size())); + } + else { + if ( !tlsParams.tlsCertPath.size() ) { + if ( !platform::getEnvironmentVar( "FDB_TLS_CERTIFICATE_FILE", tlsParams.tlsCertPath ) ) { + if( fileExists(defaultCertFileName) ) { + tlsParams.tlsCertPath = defaultCertFileName; + } else if( fileExists( joinPath(platform::getDefaultConfigPath(), defaultCertFileName) ) ) { + tlsParams.tlsCertPath = joinPath(platform::getDefaultConfigPath(), defaultCertFileName); + } + } + } + if ( tlsParams.tlsCertPath.size() ) { + sslContext.use_certificate_chain_file(tlsParams.tlsCertPath); + } + } + + if ( tlsParams.tlsCABytes.size() ) { + sslContext.add_certificate_authority(boost::asio::buffer(tlsParams.tlsCABytes.data(), tlsParams.tlsCABytes.size())); + } + else { + if ( !tlsParams.tlsCAPath.size() ) { + platform::getEnvironmentVar("FDB_TLS_CA_FILE", tlsParams.tlsCAPath); + } + if ( tlsParams.tlsCAPath.size() ) { + try { + std::string cert = readFileBytes(tlsParams.tlsCAPath, FLOW_KNOBS->CERT_FILE_MAX_SIZE); + sslContext.add_certificate_authority(boost::asio::buffer(cert.data(), cert.size())); + } + catch (Error& e) { + fprintf(stderr, "Error reading CA file %s: %s\n", tlsParams.tlsCAPath.c_str(), e.what()); + TraceEvent("Net2TLSReadCAError").error(e); + throw tls_error(); + } + } + } + + if (tlsParams.tlsKeyBytes.size()) { + sslContext.use_private_key(boost::asio::buffer(tlsParams.tlsKeyBytes.data(), tlsParams.tlsKeyBytes.size()), boost::asio::ssl::context::pem); + } else { + if (!tlsParams.tlsKeyPath.size()) { + if(!platform::getEnvironmentVar( "FDB_TLS_KEY_FILE", tlsParams.tlsKeyPath)) { + if( fileExists(defaultCertFileName) ) { + tlsParams.tlsKeyPath = defaultCertFileName; + } else if( fileExists( joinPath(platform::getDefaultConfigPath(), defaultCertFileName) ) ) { + tlsParams.tlsKeyPath = joinPath(platform::getDefaultConfigPath(), defaultCertFileName); + } + } + } + if (tlsParams.tlsKeyPath.size()) { + sslContext.use_private_key_file(tlsParams.tlsKeyPath, boost::asio::ssl::context::pem); + } + } + } catch(boost::system::system_error e) { + fprintf(stderr, "Error initializing TLS: %s\n", e.what()); + TraceEvent("Net2TLSInitError").detail("Message", e.what()); + throw tls_error(); + } +#endif + tlsInitialized = true; +} + ACTOR Future Net2::logTimeOffset() { loop { double processTime = timer_monotonic(); @@ -1282,6 +1349,7 @@ THREAD_HANDLE Net2::startThread( THREAD_FUNC_RETURN (*func) (void*), void *arg ) Future< Reference > Net2::connect( NetworkAddress toAddr, std::string host ) { #ifndef TLS_DISABLED + initTLS(); if ( toAddr.isTLS() ) { return SSLConnection::connect(&this->reactor.ios, &this->sslContext, toAddr); } @@ -1361,6 +1429,7 @@ bool Net2::isAddressOnThisHost( NetworkAddress const& addr ) { Reference Net2::listen( NetworkAddress localAddr ) { try { #ifndef TLS_DISABLED + initTLS(); if ( localAddr.isTLS() ) { return Reference(new SSLListener( reactor.ios, &this->sslContext, localAddr )); } @@ -1380,6 +1449,9 @@ Reference Net2::listen( NetworkAddress localAddr ) { Error x = unknown_error(); TraceEvent("Net2ListenError").error(x).detail("Message", e.what()); throw x; + } catch (Error &e ) { + TraceEvent("Net2ListenError").error(e); + throw e; } catch (...) { Error x = unknown_error(); TraceEvent("Net2ListenError").error(x); @@ -1465,7 +1537,7 @@ INetwork* newNet2(bool useThreadPool, bool useMetrics, Reference poli } catch(boost::system::system_error e) { TraceEvent("Net2InitError").detail("Message", e.what()); - throw; + throw unknown_error(); } catch(std::exception const& e) { TraceEvent("Net2InitError").detail("Message", e.what()); diff --git a/flow/Platform.cpp b/flow/Platform.cpp index 0847c9c2d4..e803612f23 100644 --- a/flow/Platform.cpp +++ b/flow/Platform.cpp @@ -2369,26 +2369,28 @@ std::string getWorkingDirectory() { extern std::string format( const char *form, ... ); - namespace platform { - -std::string getDefaultPluginPath( const char* plugin_name ) { +std::string getDefaultConfigPath() { #ifdef _WIN32 - std::string installPath; - if(!platform::getEnvironmentVar("FOUNDATIONDB_INSTALL_PATH", installPath)) { - // This is relying of the DLL search order to load the plugin, - // starting in the same directory as the executable. - return plugin_name; + TCHAR szPath[MAX_PATH]; + if( SHGetFolderPath(NULL, CSIDL_COMMON_APPDATA, NULL, 0, szPath) != S_OK ) { + TraceEvent(SevError, "WindowsAppDataError").GetLastError(); + throw platform_error(); } - return format( "%splugins\\%s.dll", installPath.c_str(), plugin_name ); + std::string _filepath(szPath); + return _filepath + "\\foundationdb"; #elif defined(__linux__) - return format( "/usr/lib/foundationdb/plugins/%s.so", plugin_name ); + return "/etc/foundationdb"; #elif defined(__APPLE__) - return format( "/usr/local/foundationdb/plugins/%s.dylib", plugin_name ); + return "/usr/local/etc/foundationdb"; #else #error Port me! #endif } + +std::string getDefaultClusterFilePath() { + return joinPath(getDefaultConfigPath(), "fdb.cluster"); +} } // namespace platform #ifdef ALLOC_INSTRUMENTATION diff --git a/flow/Platform.h b/flow/Platform.h index 85c81f59bd..282f465df6 100644 --- a/flow/Platform.h +++ b/flow/Platform.h @@ -375,8 +375,11 @@ int setEnvironmentVar(const char *name, const char *value, int overwrite); std::string getWorkingDirectory(); -// Returns the ... something something figure out plugin locations -std::string getDefaultPluginPath( const char* plugin_name ); +// Returns the absolute platform-dependant path for server-based files +std::string getDefaultConfigPath(); + +// Returns the absolute platform-dependant path for the default fdb.cluster file +std::string getDefaultClusterFilePath(); void *getImageOffset(); diff --git a/flow/TLSPolicy.cpp b/flow/TLSPolicy.cpp index c3a71abe1e..cc83a24629 100644 --- a/flow/TLSPolicy.cpp +++ b/flow/TLSPolicy.cpp @@ -215,7 +215,7 @@ static X509Location locationForNID(NID nid) { } } -bool TLSPolicy::set_verify_peers(std::vector verify_peers) { +void TLSPolicy::set_verify_peers(std::vector verify_peers) { for (int i = 0; i < verify_peers.size(); i++) { try { std::string& verifyString = verify_peers[i]; @@ -235,10 +235,9 @@ bool TLSPolicy::set_verify_peers(std::vector verify_peers) { rules.clear(); std::string& verifyString = verify_peers[i]; TraceEvent(SevError, "FDBLibTLSVerifyPeersParseError").detail("Config", verifyString); - return false; + throw tls_error(); } } - return true; } TLSPolicy::Rule::Rule(std::string input) { diff --git a/flow/TLSPolicy.h b/flow/TLSPolicy.h index 1af5abfb73..9a0ddfcfa9 100644 --- a/flow/TLSPolicy.h +++ b/flow/TLSPolicy.h @@ -89,7 +89,7 @@ public: #ifndef TLS_DISABLED static std::string ErrorString(boost::system::error_code e); - bool set_verify_peers(std::vector verify_peers); + void set_verify_peers(std::vector verify_peers); bool verify_peer(bool preverified, X509_STORE_CTX* store_ctx); std::string toString() const; diff --git a/flow/network.h b/flow/network.h index c0f4ad6be1..dbee86faa9 100644 --- a/flow/network.h +++ b/flow/network.h @@ -487,6 +487,9 @@ public: virtual void initMetrics() {} // Metrics must be initialized after FlowTransport::createInstance has been called + virtual void initTLS() {} + // TLS must be initialized before using the network + virtual void getDiskBytes( std::string const& directory, int64_t& free, int64_t& total) = 0; //Gets the number of free and total bytes available on the disk which contains directory diff --git a/packaging/msi/FDBInstaller.wxs b/packaging/msi/FDBInstaller.wxs index 50cb2932ec..286dd84f19 100644 --- a/packaging/msi/FDBInstaller.wxs +++ b/packaging/msi/FDBInstaller.wxs @@ -32,7 +32,7 @@