Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HCD-63: Upgrade Netty to 4.1.108 and BoringSSL to 2.0.66 #1544

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

HCD-63: Upgrade Netty to 4.1.108 and BoringSSL to 2.0.66 #1544

wants to merge 2 commits into from

Conversation

szymon-miezal
Copy link

@szymon-miezal szymon-miezal commented Feb 4, 2025
edited
Loading

The primary motivation for this change is a bug that manifests in loading
the cipher list for inter-node connections, which is slightly wider than the
configured list. This bug appears to be a consequence of how OpenSSL handles
cipher loading. Changing it doesn't seem feasible.

Netty introduced changes to mitigate this misbehavior:

To take advantage of these fixes, we need to upgrade Netty to at least
version 4.1.108. Upgrading Netty also necessitates bumping BoringSSL.

I have found some old CC tests in fallout that I decided to reuse to ensure the performance stays unchanged:

I have used the fallout perf tool to compare the results with main and they seem pretty comparable to me. Example chart:
image

I am unsure whether there are other tests that exercise CC which could be reused.

@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 4, 2025

Checklist before you submit for review

  • Make sure there is a PR in the CNDB project updating the Converged Cassandra version
  • Use NoSpamLogger for log lines that may appear frequently in the logs
  • Verify test results on Butler
  • Test coverage for new/modified code is > 80%
  • Proper code formatting
  • Proper title for each commit staring with the project-issue number, like CNDB-1234
  • Each commit has a meaningful description
  • Each commit is not very long and contains related changes
  • Renames, moves and reformatting are in distinct commits

@szymon-miezal
HCD-63: Upgrade Netty to 4.1.108 and BoringSSL to 2.0.66
b683351 
The primary motivation for this change is a bug that manifests in loading
the cipher list for inter-node connections, which is slightly wider than the
configured list. This bug appears to be a consequence of how OpenSSL handles
cipher loading. Changing it doesn't seem feasible.

Netty introduced changes to mitigate this misbehavior:
- netty/netty#13810
- netty/netty#13840

To take advantage of these fixes, we need to upgrade Netty to at least
version 4.1.108. Upgrading Netty also necessitates bumping BoringSSL.
@szymon-miezal szymon-miezal changed the title [WIP] HCD-63: Experimentally upgrade netty and boringssl [WIP] HCD-63: Upgrade Netty to 4.1.108 and BoringSSL to 2.0.66 Feb 7, 2025
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Feb 7, 2025

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@cassci-bot
Copy link

❌ Build ds-cassandra-pr-gate/PR-1544 rejected by Butler

1 new test failure(s) in 4 builds
See build details here

Found 1 new test failures

Test Explanation Branch history Upstream history
o.a.c.u.b.BinLogTest.testTruncationReleasesLogS... regression 🔴🔴🔴🔴 🔵🔵🔵🔵🔵🔵🔵

Found 14 known test failures

@szymon-miezal szymon-miezal changed the title [WIP] HCD-63: Upgrade Netty to 4.1.108 and BoringSSL to 2.0.66 HCD-63: Upgrade Netty to 4.1.108 and BoringSSL to 2.0.66 Feb 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@szymon-miezal @cassci-bot