Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HCD-63: Upgrade Netty to 4.1.117 and BoringSSL to 2.0.69 #1544

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

HCD-63: Upgrade Netty to 4.1.117 and BoringSSL to 2.0.69 #1544

wants to merge 2 commits into from
+17 −9

Conversation

szymon-miezal
Copy link

@szymon-miezal szymon-miezal commented Feb 4, 2025
edited
Loading

The primary motivation for this change is a bug that manifests in loading
the cipher list for inter-node connections, which is slightly wider than the
configured list. This bug appears to be a consequence of how OpenSSL handles
cipher loading. Changing it doesn't seem feasible.

Netty introduced changes to mitigate this misbehavior:

To take advantage of these fixes, we need to upgrade Netty to at least
version 4.1.108. Upgrading Netty also necessitates bumping BoringSSL.

I have found some old CC tests in fallout that I decided to reuse to ensure the performance stays unchanged:

I have used the fallout perf tool to compare the results with main and they seem pretty comparable to me. Example chart:
image

I am unsure whether there are other tests that exercise CC which could be reused.

@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 4, 2025
edited by szymon-miezal
Loading

Checklist before you submit for review

  • Make sure there is a PR in the CNDB project updating the Converged Cassandra version
  • Use NoSpamLogger for log lines that may appear frequently in the logs
  • Verify test results on Butler
  • Test coverage for new/modified code is > 80%
  • Proper code formatting
  • Proper title for each commit staring with the project-issue number, like CNDB-1234
  • Each commit has a meaningful description
  • Each commit is not very long and contains related changes
  • Renames, moves and reformatting are in distinct commits

@szymon-miezal szymon-miezal force-pushed the HCD-63 branch 2 times, most recently from acbda4f to b683351 Compare February 7, 2025 13:57
@szymon-miezal szymon-miezal changed the title [WIP] HCD-63: Experimentally upgrade netty and boringssl [WIP] HCD-63: Upgrade Netty to 4.1.108 and BoringSSL to 2.0.66 Feb 7, 2025
@szymon-miezal szymon-miezal changed the title [WIP] HCD-63: Upgrade Netty to 4.1.108 and BoringSSL to 2.0.66 HCD-63: Upgrade Netty to 4.1.108 and BoringSSL to 2.0.66 Feb 7, 2025
@szymon-miezal
Copy link
Author

https://github.com/riptano/cndb/pull/12894

eolivelli
eolivelli approved these changes Feb 10, 2025
View reviewed changes
Copy link

@eolivelli eolivelli left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lgtm

@bereng
Copy link

bereng commented Feb 10, 2025

Approved. Perf tests reports show nothing out of the ordinary. The test failures Butler complains about are from previous SHA runs. The last remaining one fails in the same manner as al older run.

I would be good to complete the checklist imo.

@szymon-miezal
HCD-63: Upgrade Netty to 4.1.108 and BoringSSL to 2.0.66
cc3553c 
The primary motivation for this change is a bug that manifests in loading
the cipher list for inter-node connections, which is slightly wider than the
configured list. This bug appears to be a consequence of how OpenSSL handles
cipher loading. Changing it doesn't seem feasible.

Netty introduced changes to mitigate this misbehavior:
- netty/netty#13810
- netty/netty#13840

To take advantage of these fixes, we need to upgrade Netty to at least
version 4.1.108. Upgrading Netty also necessitates bumping BoringSSL.
@szymon-miezal
Copy link
Author

szymon-miezal commented Feb 10, 2025
edited
Loading

After giving it a bit more thought I think it doesn't make much sense to upgrade to non-latest. I am going to bump it to 4.1.117 and retest. It will also allow us to tackle https://github.com/riptano/cndb/pull/12902 at the same time.

@szymon-miezal szymon-miezal changed the title HCD-63: Upgrade Netty to 4.1.108 and BoringSSL to 2.0.66 HCD-63: Upgrade Netty to 4.1.117 and BoringSSL to 2.0.69 Feb 10, 2025
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@cassci-bot
Copy link

❌ Build ds-cassandra-pr-gate/PR-1544 rejected by Butler

1 new test failure(s) in 6 builds
See build details here

Found 1 new test failures

Test Explanation Branch history Upstream history
o.a.c.u.b.BinLogTest.testTruncationReleasesLogS... regression 🔴🔴🔴🔴🔴🔴 🔵🔵🔵🔵🔵🔵🔵

Found 15 known test failures

@szymon-miezal
Copy link
Author

Update: I am rerunning fallout tests after bumping to 4.1.117.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bereng bereng bereng approved these changes

@eolivelli eolivelli eolivelli approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@szymon-miezal @bereng @cassci-bot @eolivelli