scylladb

mirrors/scylladb

Fork 0

mirror of https://github.com/scylladb/scylladb.git synced 2026-06-09 16:33:35 +00:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Abhinav	fc42571591	test: Parametrize 'replacement with inter-dc encryption' test to confirm behavior in zero token node cases. In the current scenario, 'test_replace_with_encryption' only confirms the replacement with inter-dc encryption for normal nodes. This commit increases the coverage of test by parametrizing the test to confirm behavior for zero token node replacement as well. This test also implicitly provides coverage for bootstrap with encryption of zero token nodes. This PR increases coverage for existing code. Hence we need to backport it. Since only 6.2 version has zero token node support, hence we only backport it to 6.2 Fixes: scylladb/scylladb#21096 Closes scylladb/scylladb#21609 (cherry picked from commit `acd643bd75`) Closes scylladb/scylladb#21764	2024-12-04 11:22:39 +01:00
Gleb Natapov	17f4a151ce	topology coordinator: do not add replacing node without a ring to topology When only inter dc encryption is enabled a non encrypted connection between two nodes is allowed only if both nodes are in the same dc. If a nodes that initiates the connection knows that dst is in the same dc and hence use non encrypted connection, but the dst not yet knows the topology of the src such connection will not be allowed since dst cannot guaranty that dst is in the same dc. Currently, when topology coordinator is used, a replacing node will appear in the coordinator's topology immediately after it is added to the group0. The coordinator will try to send raft message to the new node and (assuming only inter dc encryption is enabled and replacing node and the coordinator are in the same dc) it will try to open regular, non encrypted, connection to it. But the replacing node will not have the coordinator in it's topology yet (it needs to sync the raft state for that). so it will reject such connection. To solve the problem the patch does not add a replacing node that was just added to group0 to the topology. It will be added later, when tokens will be assigned to it. At this point a replacing node will already make sure that its topology state is up-to-date (since it will execute a raft barrier in join_node_response_params handler) and it knows coordinator's topology. This aligns replace behaviour with bootstrap since bootstrap also does not add a node without a ring to the topology. The patch effectively reverts `b8ee8911ca` Fixes: scylladb/scylladb#19025	2024-08-29 17:14:09 +03:00
Gleb Natapov	2f1b1fd45e	test: add test for replace in clusters with encryption enabled	2024-08-29 17:14:09 +03:00

Abhinav

fc42571591

test: Parametrize 'replacement with inter-dc encryption' test to confirm behavior in zero token node cases.

In the current scenario, 'test_replace_with_encryption' only confirms the replacement with inter-dc encryption
for normal nodes. This commit increases the coverage of test by parametrizing the test to confirm behavior
for zero token node replacement as well. This test also implicitly provides
coverage for bootstrap with encryption of zero token nodes.

This PR increases coverage for existing code. Hence we need to backport it. Since only 6.2 version has zero
token node support, hence we only backport it to 6.2

Fixes: scylladb/scylladb#21096

Closes scylladb/scylladb#21609

(cherry picked from commit acd643bd75)

Closes scylladb/scylladb#21764

2024-12-04 11:22:39 +01:00

Gleb Natapov

17f4a151ce

topology coordinator: do not add replacing node without a ring to topology

When only inter dc encryption is enabled a non encrypted connection
between two nodes is allowed only if both nodes are in the same dc.
If a nodes that initiates the connection knows that dst is in the same
dc and hence use non encrypted connection, but the dst not yet knows the
topology of the src such connection will not be allowed since dst cannot
guaranty that dst is in the same dc.

Currently, when topology coordinator is used, a replacing node will
appear in the coordinator's topology immediately after it is added to the
group0. The coordinator will try to send raft message to the new node
and (assuming only inter dc encryption is enabled and replacing node and
the coordinator are in the same dc) it will try to open regular, non encrypted,
connection to it. But the replacing node will not have the coordinator
in it's topology yet (it needs to sync the raft state for that). so it
will reject such connection.

To solve the problem the patch does not add a replacing node that was
just added to group0 to the topology. It will be added later, when
tokens will be assigned to it. At this point a replacing node will
already make sure that its topology state is up-to-date (since it will
execute a raft barrier in join_node_response_params handler) and it knows
coordinator's topology. This aligns replace behaviour with bootstrap
since bootstrap also does not add a node without a ring to the topology.

The patch effectively reverts b8ee8911ca

Fixes: scylladb/scylladb#19025

2024-08-29 17:14:09 +03:00

Gleb Natapov

2f1b1fd45e

test: add test for replace in clusters with encryption enabled

2024-08-29 17:14:09 +03:00

3 Commits