wbtiger
/
foundationdb
mirror of https://github.com/apple/foundationdb.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,476 Commits 34 Branches 312 Tags 291 MiB
Commit Graph

988 Commits

Author SHA1 Message Date
Evan Tschannen dbfc0cbcc0
Merge pull request #2781 from alexmiller-apple/certificate-refresh 
Refresh certificates used for handshaking when they change on disk
 2020-03-06 11:12:04 -08:00
Alex Miller f9969a853c Merge remote-tracking branch 'origin/certificate-refresh' into certificate-refresh 2020-03-06 11:10:05 -08:00
Alex Miller 188d9b8239 Don't swallow actor cancellation in certificate refreshing. 2020-03-06 11:09:17 -08:00
Alex Miller 9b760fae2d Rewrite all Errors into tls_errors if they happen as part of initializing TLS. 2020-03-06 11:06:19 -08:00
Alex Miller 1f56bf8933
Fix the build with success() 
Co-Authored-By: A.J. Beamon <ajbeamon@users.noreply.github.com>
 2020-03-06 10:15:04 -08:00
Alex Miller ac52b6b474 Rework a bit of error and exception handling. 
I went back and dug through all of the "what functions can throw what
types", and made sane decisions about them.  boost errors are
aggressively translated into FDB ones, whcih might result in multiple
lines of logging about errors, but this is in infrequently run code, so
it should be fine.
 2020-03-06 02:33:16 -08:00
Evan Tschannen 39050308ff lower accept batch size just to be conservative with the change 2020-03-05 18:17:49 -08:00
Evan Tschannen 1128666840 added additional logging on the log router 2020-03-05 18:17:06 -08:00
Alex Miller ccef3f7d05 Attempt to fix TLS_DISABLED compiles. 2020-03-05 17:32:10 -08:00
Alex Miller 2d95a1e64d Implement certificate refreshing 2020-03-05 17:25:33 -08:00
Alex Miller 595dd77ed1 Merge remote-tracking branch 'upstream/release-6.2' into certificate-refresh 2020-03-04 20:25:42 -08:00
Alex Miller 9b5ef3416e Refactor TLSParams into TLSConfig + LoadedTLSConfig 
The idea being that we keep around a TLSConfig that the configuration
that the user has provided, and then when we want to intialize an SSL
context, we ask the TLSConfig to load all certificates and return us a
LoadedTLSConfig that is a concrete set of certificate bytes in memory.

initTLS now just takes the in-memory bytes and applies them to the ssl
context.

This is a large refactor to lead up into certificate refeshing, where we
will periodically check for changes to the certificates, and then
re-load them and apply them to a new SSL context.
 2020-03-04 20:14:47 -08:00
Evan Tschannen 2a877bce9a
Merge pull request #2777 from etschannen/feature-accept-batch 
Accept connections in batches of 20 to improve performance
 2020-03-04 16:14:24 -08:00
Evan Tschannen c73cae0feb
Merge pull request #2760 from ajbeamon/client-version-fixes 
Improvements to client version reporting
 2020-03-04 15:52:49 -08:00
A.J. Beamon b3c3f8aa5f
Update flow/genericactors.actor.h 
Pass by reference
 2020-03-04 15:35:51 -08:00
Evan Tschannen 7cbabca124 remove printing to stderr from initTLS because that could cause problems on clients 2020-03-04 15:06:22 -08:00
Evan Tschannen 35a1ac6482 prepare net2 for new versions of boost 2020-03-04 14:26:01 -08:00
Evan Tschannen da579faf62 add missing task priority 2020-03-04 14:25:30 -08:00
Evan Tschannen 820957025f accept connections in batches of 20 to improve performance 2020-03-04 14:24:57 -08:00
Andrew Noyes 24bbf5a8f0 Avoid invalid read on invalid Void msg 2020-03-02 12:11:43 -08:00
Andrew Noyes cdbe3117d7 Fix typo 2020-03-02 12:11:43 -08:00
Andrew Noyes 7119b46eb2 Add unit test 2020-03-02 12:11:43 -08:00
Andrew Noyes e6d36a0aa5 Fix Makefile build 2020-02-28 13:16:58 -08:00
Andrew Noyes f29d6c3f67 Move implementation of ArenaBlock members to Arena.cpp 2020-02-28 12:33:57 -08:00
A.J. Beamon d1e1fea42d Our binaries that act like clients (fdbcli, backup and DR binaries) were reporting an unknown client version. Clients did not react if the list of supported versions changed. 2020-02-28 09:35:21 -08:00
Evan Tschannen 707fc1ddea only capture the policy to match prior code 2020-02-26 19:04:49 -08:00
Evan Tschannen c3299b8ebe if tls cannot be initialized, throw an error from createDatabase 2020-02-26 18:53:06 -08:00
Evan Tschannen bf5a95e6df Merge commit 'dc39bdfbbf94a7f470386f439df08c044d08d90c' into feature-tls-environment-vars 
# Conflicts:
#	flow/Net2.actor.cpp
 2020-02-26 18:02:56 -08:00
Evan Tschannen f035bed870 defer initializing TLS to avoid throwing errors from a constructor and so that errors can be logged to the trace file 2020-02-26 17:50:07 -08:00
Evan Tschannen f85af10a18 fixed a few problems with tls setup 2020-02-26 16:06:45 -08:00
Evan Tschannen d1598e7c99 set_verify_peers throws an error instead of returning a value 2020-02-26 16:06:16 -08:00
Evan Tschannen 2586bade68 re-added support for configuration TLS options with environment variables 2020-02-26 15:33:48 -08:00
A.J. Beamon 0f5c999d4b Better containment of boost errors related to TLS. 2020-02-26 12:26:43 -08:00
Evan Tschannen 65fbe0d0bc revert AcceptSocket priority change because of bad performance results 2020-02-21 19:22:14 -08:00
A.J. Beamon 4c696d5bf2 Merge branch 'release-6.2' into dd-better-rebalance-logging 
# Conflicts:
#	fdbserver/DataDistributionQueue.actor.cpp
 2020-02-21 17:41:00 -08:00
A.J. Beamon dfa5f76c01 Remove unused parameter. Don't put check for g_network presence in ASSERT_WE_THINK. 2020-02-21 16:28:03 -08:00
A.J. Beamon 2431d4d788 Always compute the time for a trace event when it is being logged rather than when it is being created. Usually these are the same, but if they aren't, doing the opposite can lead to out of order trace events. 2020-02-21 13:57:04 -08:00
A.J. Beamon 6810a03283 Add more logging to valley filler and mountain chopper 2020-02-21 10:55:14 -08:00
Alvin Moore 90b4050eca Added required include for stringstream 2020-02-21 09:59:11 -08:00
Alvin Moore d02d84a577 Added required include for std:set which is for some reason only missing within Windows build 2020-02-21 09:36:24 -08:00
Alvin Moore 9042cab7bc Changed ordering of link libraries 2020-02-21 08:56:52 -08:00
Evan Tschannen dc3826e2fd fix: tls throttling would re-insert the failure into the map 2020-02-20 18:17:39 -08:00
Evan Tschannen f04e311a1e Merge commit 'b46d6e25e24993ab5a5f04091fd3235050b7cd09' into feature-boost-ssl 
# Conflicts:
#	fdbserver/SimulatedCluster.actor.cpp
#	flow/Net2.actor.cpp
 2020-02-20 17:36:38 -08:00
Alex Miller 927cff3317 Report errors on TLS misconfigurations ... or at least try to. 2020-02-20 16:57:29 -08:00
Evan Tschannen d7c841a28a
Merge pull request #2589 from etschannen/feature-proxy-delay 
Improve version pipelining on the proxy
 2020-02-20 15:23:30 -08:00
Evan Tschannen 8129f74a10
Merge pull request #2698 from etschannen/feature-recruit-delay 
The CC waits until no new workers register before starting a bad recruitment
 2020-02-20 14:42:37 -08:00
Evan Tschannen 7d54acf4ca removed an unnecessary yield 2020-02-20 14:41:49 -08:00
A.J. Beamon 5586e6f6d8
Merge pull request #2697 from etschannen/feature-correctness-fixes 
A variety of correctness fixes
 2020-02-20 13:32:18 -08:00
Evan Tschannen 08c318d28a re-added the connect lock in the fdbcli so that the timeout is not spent before a connection has been initiated (because of the handshake lock) 2020-02-20 10:43:34 -08:00
Evan Tschannen 69b5a1fbe3 more priority improvements 2020-02-20 10:11:43 -08:00