Backport ccm main #1296
Backport ccm main #1296
Conversation
|
|
Lorak-mmk
force-pushed
the
backport-ccm-main
branch
3 times, most recently
from
ad0c3aa to
6e14276
Compare
|
Possible improvements / API changes after a brief glance at the code:
|
Notice that I implemented all of this when we had old certificates in the repository. We had to update them, because of the errors thrown by Why old certs worked for
|
|
Moving such workflows to CCM has 2 advantages:
If we move only part of it, we get neither. So I'll cherry pick commits that move auth, and skip TLS for now. We can do that in the future. Btw is it possible to use domain names instead of ip addresses with scylla? In other words, can we have domain names instead of ip addresses in system.peers in driver-relevant columns? |
scylla can use hostnames, but then you need a dns server to map them. I think generating certs as needed is the best approach, and also give the flexibility to try more variants as needed. |
Is there functionality in CCM to generate certs? Or do we have to do it other way? If Scylla can use hostnames, then we should test it too. @fruch one other question for you. Could you describe (or point to documentation if such exists) what exactly wait-related flags do in CCM, and how do they interact if I specify more than one? |
you are more then welcome to document it. |
I'd be happy to make a PR that improves descriptions, but I would have to first understand those options myself. |
Lorak-mmk
force-pushed
the
backport-ccm-main
branch
from
6e14276 to
aeabc5e
Compare
|
I backported the commits that move auth to CCM. I also removed TLS support from CCM for now. |
|
Marking as ready. The way I see it the only improvement I can make here is better CCM API - which needs input from others, which is basically a review. |
Lorak-mmk
requested review from
wprzytula and
muzarski
and removed request for
wprzytula
There was a problem hiding this comment.
We hold nodes in Arc<RwLock<>>, and methods that give user nodes return that. Maybe we could return refs / mut refs and get rid of Arc<RwLock<>>? I'm not sure.
As of now, there is no use case for Arc<RwLock<>> - I think we can return refs/mutrefs for now. We could always revert this in the future. It also simplifies the API - I believe NodeList is no longer necessary then. Instead, we can expose nodes_iter_[mut]() and get_node_[mut]_by_id methods on Cluster.
Currently, append_node() and add_node() methods return Arc<RwLock<>>. They could return node id instead.
|
Lorak-mmk
force-pushed
the
backport-ccm-main
branch
from
aeabc5e to
d546b53
Compare
|
I have one more idea: we can split off another file from cluster.rs, I would call it |
Lorak-mmk
force-pushed
the
backport-ccm-main
branch
from
d546b53 to
f05e4dc
Compare
|
I did this for 2 commands as an experiment, in additional commit. I like the new version, so unless anyone has different opinion I'll convert the rest of the command to this. @dkropachev I see that both |
Lorak-mmk
force-pushed
the
backport-ccm-main
branch
3 times, most recently
from
b605f97 to
a02254c
Compare
I love the idea. The code in |
Lorak-mmk
force-pushed
the
backport-ccm-main
branch
2 times, most recently
from
db70e01 to
8253f0d
Compare
|
New version of the PR. Finalized the move to a separate command builders and made a lot of other changes. |
| fn append_node(&mut self, node_options: NodeOptions) -> &mut Node { | ||
| let node_name = node_options.name(); | ||
| let node = Node::new(node_options, self.ccm_cmd.for_node(node_name)); | ||
|
|
||
| self.nodes.push(node); | ||
| self.nodes.0.last_mut().unwrap() | ||
| } |
There was a problem hiding this comment.
I like that we return &mut Node here. (previously that was Arc<RwLock<_>>, correct?)
There was a problem hiding this comment.
I'm not sure tbh.
Lorak-mmk
force-pushed
the
backport-ccm-main
branch
from
8253f0d to
3e4b32a
Compare
|
Addressed Mikolaj's comment. |
| .PHONY: use_cargo_lock_msrv | ||
| use_cargo_lock_msrv: | ||
| mv Cargo.lock Cargo.lock.bak | ||
| mv Cargo.lock.msrv Cargo.lock | ||
|
|
||
| .PHONY: restore_cargo_lock | ||
| restore_cargo_lock: | ||
| mv Cargo.lock Cargo.lock.msrv | ||
| mv Cargo.lock.bak Cargo.lock | ||
|
|
||
| .PHONY: test_cargo_lock_msrv | ||
| test_cargo_lock_msrv: use_cargo_lock_msrv check restore_cargo_lock |
There was a problem hiding this comment.
🔧 Can you please add comments explaining use case of these commands?
There was a problem hiding this comment.
I'll remove this before merging. If we add it, it should be in a separate PR.
| pub(crate) fn wait_options(mut self, options: Option<NodeStartOptions>) -> Self { | ||
| self.wait_opts = options; | ||
| self | ||
| } | ||
| pub(crate) fn scylla_smp(mut self, smp: u16) -> Self { | ||
| self.scylla_smp = Some(smp); | ||
| self | ||
| } | ||
|
|
||
| pub(crate) fn scylla_mem_megabytes(mut self, mem_megabytes: u32) -> Self { | ||
| self.scylla_mem_megabytes = Some(mem_megabytes); | ||
| self | ||
| } |
There was a problem hiding this comment.
❓ Why does wait_options() accept Options and the other two functions accept non-Options?
There was a problem hiding this comment.
The way I understand it being able to use None in the public interface (like Cluster::start) was a usability request from a hackathon participant, which I agree with.
Now comes the question: what to use in internal interface (cli_wrapper) that you commented on?
I chose to also use Option in order to have only a single place to handle default value (in run method).
I'm not strongly attached to this, so I can change it if you disagree.
| _ => return Err(anyhow::anyhow!("Ipv6 addresses are not yet supported!")), | ||
| }; | ||
| let subnet_id: LocalSubnetIdentifier = ipv4.into(); | ||
|
|
||
| if !self.used_ips.remove(&subnet_id) { | ||
| return Err(anyhow::anyhow!( | ||
| "IP prefix {} was not allocated - something gone wrong!", | ||
| ip_prefix | ||
| )); |
There was a problem hiding this comment.
♻️ consider using anyhow::bail! as an idiomatic way.
There was a problem hiding this comment.
I'm not sure if using this macro is a good idea.
Normally when glancing over a function you need to look for return and ? to find early exit points. Such macros break this assumption.
| tracing::info!( | ||
| "{:15} -> failed to wait on child process: = {}", | ||
| format!("exited[{}]", run_id), | ||
| e | ||
| ); |
There was a problem hiding this comment.
❓ Just to make sure I undestand correctly: would the following be equivalent?
There was a problem hiding this comment.
| tracing::info!( | |
| "{:15} -> failed to wait on child process: = {}", | |
| format!("exited[{}]", run_id), | |
| e | |
| ); | |
| tracing::info!( | |
| "exited[{:7}] -> failed to wait on child process: = {}", | |
| run_id | |
| e | |
| ); |
There was a problem hiding this comment.
I think so, and your version is more readable imo. I'll change it,
There was a problem hiding this comment.
Turns out it is not the same. The difference is in where the whitespace is. In former version, it will be added after exited[run_id]. In your version, it will be added before the closing bracket, which looks weird (and fails tests).
There was a problem hiding this comment.
If you replace format! with format_args! you can perhaps avoid the allocation (I suppose it doesn't allocate?), but I checked and it does not honor the directive to add the padding whitespace.
Lorak-mmk
force-pushed
the
backport-ccm-main
branch
4 times, most recently
from
7c6d135 to
a939123
Compare
Lorak-mmk
force-pushed
the
backport-ccm-main
branch
2 times, most recently
from
2f483e0 to
eadb748
Compare
ccm module will contain tests that require ccm. It's lib submodule will contain the ccm integration. Why do it this way - which is different than what we did during a hackathon? - Old way required ugly hacks to share test utils between integration test targets, and those hacks did not work well with rust-analyzer. - One target means better compilation time CCM tests will be guardded by a cfg, so we will still be able to run the subset that we want: - All tests: run integration tests with the required cfg - Only CCM tests: as above, but filter by ccm folder - Only non-ccm test: run without the cfg
Lorak-mmk
force-pushed
the
backport-ccm-main
branch
from
eadb748 to
b34fd43
Compare
|
Addressed most @wprzytula comments, and responded to rest. |
Lorak-mmk
force-pushed
the
backport-ccm-main
branch
from
b34fd43 to
e157681
Compare
Co-authored-by: Mikołaj Uzarski <[email protected]> Co-authored-by: Dmitry Kropachev <[email protected]>
For now it will run on each PR. If at some point it becomes too slow we can switch it to running manually and before release.
Co-authored-by: Mikołaj Uzarski <[email protected]>
Auth tests are now run as a part of CCM test suite.
@muzarski @wprzytula This is a draft of the CCM backport into main branch.
I mostly took the current state from branch-hackathon. One important change I made is to remove separate
ccm-integrationtest target. Instead ccm tests are now a module inintegration.This avoids the problem with sharing utils. It should also be quicker to compile - no need to link 2 separate binaries.
Apart from that I did not really modify CCM integration. Now the question is: what do we do with it.
Are we satisfied with the API? Probably not.
If not, what should the API be like?
This is fully internal to the crate, so we can change it freely, so there is no need to spend too much time on it - we can always improve later.
Still, we should retain some reasonable level of quality, so I'd like to discuss this a bit.
On the above matter @muzarski : How should I adapt CCM given that we now support multiple TLS backends?
I see we have in mod.rs DB_TLS_CERT_PATH, DB_TLS_KEY_PATH and CA_TLS_CERT_PATH (which I removed for now because it was guarded by old feature name).
I also see that on branch-hackathon you wrote a TLS test. We should probably make a test per backend, right?
What about those vars? Do they make sense for all the tests? In that case we just need to change feature guard on CA_TLS_CERT_PATH to be activated when any backend is active - or to even make it always active because why not.
Pre-review checklist
./docs/source/.Fixes:annotations to PR description.