doc: replace Scylla with ScyllaDB in Glossary

This commit replaces "Scylla" with "ScyllaDB" on the Glossary page.

The product has been rebranded as "ScyllaDB".

.github/CODEOWNERS

@@ -19,13 +19,13 @@ db/batch* @elcallio
 service/storage_proxy* @gleb-cloudius
 
 # COMPACTION
-compaction/* @raphaelsc @nyh
+compaction/* @raphaelsc
 
 # CQL TRANSPORT LAYER
 transport/*
 
 # CQL QUERY LANGUAGE
-cql3/* @tgrabiec @cvybhu @nyh
+cql3/* @tgrabiec
 
 # COUNTERS
 counters* @jul-stas
@@ -45,44 +45,44 @@ dist/docker/*
 utils/logalloc* @tgrabiec
 
 # MATERIALIZED VIEWS
-db/view/* @nyh @cvybhu @piodul
-cql3/statements/*view* @nyh @cvybhu @piodul
-test/boost/view_* @nyh @cvybhu @piodul
+db/view/* @nyh @piodul
+cql3/statements/*view* @nyh @piodul
+test/boost/view_* @nyh @piodul
 
 # PACKAGING
 dist/* @syuu1228
 
 # REPAIR
-repair/* @tgrabiec @asias @nyh
+repair/* @tgrabiec @asias
 
 # SCHEMA MANAGEMENT
-db/schema_tables* @tgrabiec @nyh
-db/legacy_schema_migrator* @tgrabiec @nyh
-service/migration* @tgrabiec @nyh
-schema* @tgrabiec @nyh
+db/schema_tables* @tgrabiec
+db/legacy_schema_migrator* @tgrabiec
+service/migration* @tgrabiec
+schema* @tgrabiec
 
 # SECONDARY INDEXES
-index/* @nyh @cvybhu @piodul
-cql3/statements/*index* @nyh @cvybhu @piodul
-test/boost/*index* @nyh @cvybhu @piodul
+index/* @nyh @piodul
+cql3/statements/*index* @nyh @piodul
+test/boost/*index* @nyh @piodul
 
 # SSTABLES
-sstables/* @tgrabiec @raphaelsc @nyh
+sstables/* @tgrabiec @raphaelsc
 
 # STREAMING
 streaming/* @tgrabiec @asias
 service/storage_service.* @tgrabiec @asias
 
 # ALTERNATOR
-alternator/* @nyh @havaker @nuivall
-test/alternator/* @nyh @havaker @nuivall
+alternator/* @havaker @nuivall
+test/alternator/* @havaker @nuivall
 
 # HINTED HANDOFF
 db/hints/* @piodul @vladzcloudius @eliransin
 
 # REDIS
-redis/* @nyh @syuu1228
-test/redis/* @nyh @syuu1228
+redis/* @syuu1228
+test/redis/* @syuu1228
 
 # READERS
 reader_* @denesb

.github/mergify.yml

@@ -0,0 +1,67 @@
+pull_request_rules:
+  - name: put PR in draft if conflicts
+    conditions:
+      - label = conflicts
+      - author = mergify[bot]
+      - head ~= ^mergify/
+    actions:
+      edit:
+         draft: true
+  - name: Delete mergify backport branch
+    conditions:
+      - base~=branch-
+      - or:
+        - merged
+        - closed
+    actions:
+      delete_head_branch:
+  - name: Automate backport pull request 5.2
+    conditions:
+      - or:
+        - closed
+        - merged
+      - or:
+          - base=master
+          - base=next
+      - label=backport/5.2 # The PR must have this label to trigger the backport
+      - label=promoted-to-master
+    actions:
+      copy:
+        title: "[Backport 5.2] {{ title }}"
+        body: |
+          {{ body }}
+
+          {% for c in commits %}
+          (cherry picked from commit {{ c.sha }})
+          {% endfor %}
+
+           Refs #{{number}}
+        branches:
+          - branch-5.2
+        assignees:
+          - "{{ author }}"
+  - name: Automate backport pull request 5.4
+    conditions:
+      - or:
+        - closed
+        - merged
+      - or:
+          - base=master
+          - base=next
+      - label=backport/5.4 # The PR must have this label to trigger the backport
+      - label=promoted-to-master
+    actions:
+      copy:
+        title: "[Backport 5.4] {{ title }}"
+        body: |
+          {{ body }}
+
+          {% for c in commits %}
+          (cherry picked from commit {{ c.sha }})
+          {% endfor %}
+
+          Refs #{{number}}
+        branches:
+          - branch-5.4
+        assignees:
+          - "{{ author }}"

.github/scripts/label_promoted_commits.py

@@ -0,0 +1,59 @@
+import requests
+from github import Github
+import argparse
+import re
+import sys
+import os
+
+try:
+    github_token = os.environ["GITHUB_TOKEN"]
+except KeyError:
+    print("Please set the 'GITHUB_TOKEN' environment variable")
+    sys.exit(1)
+
+
+def parser():
+    parser = argparse.ArgumentParser()
+    parser.add_argument('--repository', type=str, required=True,
+                        help='Github repository name (e.g., scylladb/scylladb)')
+    parser.add_argument('--commit_before_merge', type=str, required=True, help='Git commit ID to start labeling from ('
+                                                                               'newest commit).')
+    parser.add_argument('--commit_after_merge', type=str, required=True,
+                        help='Git commit ID to end labeling at (oldest '
+                             'commit, exclusive).')
+    parser.add_argument('--update_issue', type=bool, default=False, help='Set True to update issues when backport was '
+                                                                         'done')
+    parser.add_argument('--label', type=str, required=True, help='Label to use')
+    return parser.parse_args()
+
+
+def main():
+    args = parser()
+    pr_pattern = re.compile(r'Closes .*#([0-9]+)')
+    g = Github(github_token)
+    repo = g.get_repo(args.repository, lazy=False)
+
+    commits = repo.compare(head=args.commit_after_merge, base=args.commit_before_merge)
+    # Print commit information
+    for commit in commits.commits:
+        print(commit.sha)
+        match = pr_pattern.search(commit.commit.message)
+        if match:
+            pr_number = match.group(1)
+            url = f'https://api.github.com/repos/{args.repository}/issues/{pr_number}/labels'
+            data = {
+                "labels": [f'{args.label}']
+            }
+            headers = {
+                "Authorization": f"token {github_token}",
+                "Accept": "application/vnd.github.v3+json"
+            }
+            response = requests.post(url, headers=headers, json=data)
+            if response.ok:
+                print(f"Label added successfully to {url}")
+            else:
+                print(f"No label was added to {url}")
+
+
+if __name__ == "__main__":
+    main()

.github/scripts/sync_labels.py

@@ -0,0 +1,95 @@
+#!/usr/bin/env python3
+import argparse
+import os
+import sys
+from github import Github
+import re
+
+try:
+    github_token = os.environ["GITHUB_TOKEN"]
+except KeyError:
+    print("Please set the 'GITHUB_TOKEN' environment variable")
+    sys.exit(1)
+
+
+def parser():
+    parse = argparse.ArgumentParser()
+    parse.add_argument('--repo', type=str, required=True, help='Github repository name (e.g., scylladb/scylladb)')
+    parse.add_argument('--number', type=int, required=True, help='Pull request or issue number to sync labels from')
+    parse.add_argument('--label', type=str, default=None, help='Label to add/remove from an issue or PR')
+    parse.add_argument('--is_issue', action='store_true', help='Determined if label change is in Issue or not')
+    parse.add_argument('--action', type=str, choices=['opened', 'labeled', 'unlabeled'], required=True, help='Sync labels action')
+    return parse.parse_args()
+
+
+def copy_labels_from_linked_issues(repo, pr_number):
+    pr = repo.get_pull(pr_number)
+    if pr.body:
+        linked_issue_numbers = set(re.findall(r'Fixes:? (?:#|https.*?/issues/)(\d+)', pr.body))
+        for issue_number in linked_issue_numbers:
+            try:
+                issue = repo.get_issue(int(issue_number))
+                for label in issue.labels:
+                    pr.add_to_labels(label.name)
+                print(f"Labels from issue #{issue_number} copied to PR #{pr_number}")
+            except Exception as e:
+                print(f"Error processing issue #{issue_number}: {e}")
+
+
+def get_linked_pr_from_issue_number(repo, number):
+    linked_prs = []
+    for pr in repo.get_pulls(state='all', base='master'):
+        if pr.body and f'{number}' in pr.body:
+            linked_prs.append(pr.number)
+            break
+        else:
+            continue
+    return linked_prs
+
+
+def get_linked_issues_based_on_pr_body(repo, number):
+    pr = repo.get_pull(number)
+    repo_name = repo.full_name
+    pattern = rf"(?:fix(?:|es|ed)|resolve(?:|d|s))\s*:?\s*(?:(?:(?:{repo_name})?#)|https://github\.com/{repo_name}/issues/)(\d+)"
+    issue_number_from_pr_body = []
+    if pr.body is None:
+        return issue_number_from_pr_body
+    matches = re.findall(pattern, pr.body, re.IGNORECASE)
+    if matches:
+        for match in matches:
+            issue_number_from_pr_body.append(match)
+            print(f"Found issue number: {match}")
+    return issue_number_from_pr_body
+
+
+def sync_labels(repo, number, label, action, is_issue=False):
+    if is_issue:
+        linked_prs_or_issues = get_linked_pr_from_issue_number(repo, number)
+    else:
+        linked_prs_or_issues = get_linked_issues_based_on_pr_body(repo, number)
+    for pr_or_issue_number in linked_prs_or_issues:
+        if is_issue:
+            target = repo.get_issue(pr_or_issue_number)
+        else:
+            target = repo.get_issue(int(pr_or_issue_number))
+        if action == 'labeled':
+            target.add_to_labels(label)
+            print(f"Label '{label}' successfully added.")
+        elif action == 'unlabeled':
+            target.remove_from_labels(label)
+            print(f"Label '{label}' successfully removed.")
+        elif action == 'opened':
+            copy_labels_from_linked_issues(repo, number)
+        else:
+            print("Invalid action. Use 'labeled', 'unlabeled' or 'opened'.")
+
+
+def main():
+    args = parser()
+    github = Github(github_token)
+    repo = github.get_repo(args.repo)
+    sync_labels(repo, args.number, args.label, args.action, args.is_issue)
+
+
+if __name__ == "__main__":
+    main()

.github/workflows/add-label-when-promoted.yaml

@@ -0,0 +1,26 @@
+name: Check if commits are promoted
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  check-commit:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+      issues: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # Fetch all history for all tags and branches
+
+      - name: Install dependencies
+        run: sudo apt-get install -y python3-github
+
+      - name: Run python script
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: python .github/scripts/label_promoted_commits.py --commit_before_merge ${{ github.event.before }} --commit_after_merge ${{ github.event.after }} --repository ${{ github.repository }} --label promoted-to-master

.github/workflows/backport-pr-fixes-validation.yaml

@@ -0,0 +1,26 @@
+name: Fixes validation for backport PR
+
+on:
+  pull_request:
+    types: [opened, reopened, edited]
+    branches: [branch-*]
+
+jobs:
+  check-fixes-prefix:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check PR body for "Fixes" prefix patterns
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const body = context.payload.pull_request.body;
+            const repo = context.payload.repository.full_name;
+            
+            // Regular expression pattern to check for "Fixes" prefix
+            // Adjusted to dynamically insert the repository full name
+            const pattern = `Fixes:? (?:#|${repo.replace('/', '\\/')}#|https://github\\.com/${repo.replace('/', '\\/')}/issues/)(\\d+)`;
+            const regex = new RegExp(pattern);
+            
+            if (!regex.test(body)) {
+              core.setFailed("PR body does not contain a valid 'Fixes' reference.");
+            }

.github/workflows/codespell.yaml

@@ -0,0 +1,17 @@
+name: codespell
+on:
+  pull_request:
+    branches:
+      - master
+permissions: {}
+jobs:
+  codespell:
+    name: Check for spelling errors
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: codespell-project/actions-codespell@master
+        with:
+          only_warn: 1
+          ignore_words_list: "ans,datas,fo,ser,ue,crate,nd,reenable,strat,stap,te,raison"
+          skip: "./.git,./build,./tools,*.js,*.thrift,*.lock,./test,./licenses,./redis/lolwut.cc,*.svg"

.github/workflows/docs-amplify-enhanced.yaml

@@ -1,17 +0,0 @@
-name: "Docs / Amplify enhanced"
-
-on: issue_comment
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    if: ${{ github.event.issue.pull_request }}
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-      - name: Amplify enhanced
-        env:
-          TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        uses: scylladb/sphinx-scylladb-theme/.github/actions/amplify-enhanced@master

.github/workflows/docs-pages.yaml

@@ -4,12 +4,14 @@ name: "Docs / Publish"
 
 env:
   FLAG: ${{ github.repository == 'scylladb/scylla-enterprise' && 'enterprise' || 'opensource' }}
+  DEFAULT_BRANCH: ${{ github.repository == 'scylladb/scylla-enterprise' && 'enterprise' || 'master' }}
 
 on:
   push:
     branches:
       - 'master'
       - 'enterprise'
+      - 'branch-**'
     paths:
       - "docs/**"
   workflow_dispatch:
@@ -19,14 +21,15 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
+          ref: ${{ env.DEFAULT_BRANCH }}
           persist-credentials: false
           fetch-depth: 0
       - name: Set up Python
-        uses: actions/setup-python@v3
+        uses: actions/setup-python@v5
         with:
-          python-version: 3.7
+          python-version: "3.10"
       - name: Set up env
         run: make -C docs FLAG="${{ env.FLAG }}" setupenv
       - name: Build docs

.github/workflows/docs-pr.yaml

@@ -18,14 +18,14 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           persist-credentials: false
           fetch-depth: 0
       - name: Set up Python
-        uses: actions/setup-python@v3
+        uses: actions/setup-python@v5
         with:
-          python-version: 3.7
+          python-version: "3.10"
       - name: Set up env
         run: make -C docs FLAG="${{ env.FLAG }}" setupenv
       - name: Build docs

.github/workflows/pr-require-backport-label.yaml

@@ -0,0 +1,22 @@
+name: PR require backport label
+on:
+  pull_request:
+    types: [opened, labeled, unlabeled, synchronize]
+    branches:
+      - master
+      - next
+jobs:
+  label:
+    if: github.event.pull_request.draft == false
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+    steps:
+      - uses: mheap/github-action-required-labels@v5
+        with:
+          mode: minimum
+          count: 1
+          labels: "backport/none\nbackport/\\d.\\d"
+          use_regex: true
+          add_comment: false

.github/workflows/sync-labels.yaml

@@ -0,0 +1,45 @@
+name: Sync labels
+
+on:
+  pull_request_target:
+    types: [opened, labeled, unlabeled]
+    branches: [master, next]
+  issues:
+    types: [labeled, unlabeled]
+
+jobs:
+  label-sync:
+    if: ${{ github.repository == 'scylladb/scylladb' }}
+    name:  Synchronize labels between PR and the issue(s) fixed by it
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+      issues: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          sparse-checkout: |
+            .github/scripts/sync_labels.py
+          sparse-checkout-cone-mode: false
+
+      - name: Install dependencies
+        run: sudo apt-get install -y python3-github
+
+      - name: Pull request opened event
+        if: ${{ github.event.action == 'opened' }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: python .github/scripts/sync_labels.py --repo ${{ github.repository }} --number ${{ github.event.number }} --action ${{ github.event.action }}
+
+      - name: Pull request labeled or unlabeled event
+        if: github.event_name == 'pull_request' && startsWith(github.event.label.name, 'backport/')
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: python .github/scripts/sync_labels.py --repo ${{ github.repository }} --number ${{ github.event.number }} --action ${{ github.event.action }} --label ${{ github.event.label.name }}
+
+      - name: Issue labeled or unlabeled event
+        if: github.event_name == 'issues' && startsWith(github.event.label.name, 'backport/')
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: python .github/scripts/sync_labels.py --repo ${{ github.repository }} --number ${{ github.event.issue.number }} --action ${{ github.event.action }} --is_issue --label ${{ github.event.label.name }}

CMakeLists.txt

@@ -10,22 +10,39 @@ list(APPEND CMAKE_MODULE_PATH
 
 # Set the possible values of build type for cmake-gui
 set(scylla_build_types
-    "Debug" "Release" "Dev" "Sanitize" "Coverage")
-set_property(CACHE CMAKE_BUILD_TYPE PROPERTY STRINGS
-  ${scylla_build_types})
-if(NOT CMAKE_BUILD_TYPE)
-    set(CMAKE_BUILD_TYPE "Release" CACHE
-        STRING "Choose the type of build." FORCE)
-    message(WARNING "CMAKE_BUILD_TYPE not specified, Using 'Release'")
-elseif(NOT CMAKE_BUILD_TYPE IN_LIST scylla_build_types)
-    message(FATAL_ERROR "Unknown CMAKE_BUILD_TYPE: ${CMAKE_BUILD_TYPE}. "
-        "Following types are supported: ${scylla_build_types}")
-endif()
-string(TOUPPER "${CMAKE_BUILD_TYPE}" build_mode)
-include(mode.${build_mode})
+    "Debug" "RelWithDebInfo" "Dev" "Sanitize" "Coverage")
+if(DEFINED CMAKE_BUILD_TYPE)
+    set_property(CACHE CMAKE_BUILD_TYPE PROPERTY STRINGS
+     ${scylla_build_types})
+    if(NOT CMAKE_BUILD_TYPE)
+        set(CMAKE_BUILD_TYPE "RelWithDebInfo" CACHE
+            STRING "Choose the type of build." FORCE)
+        message(WARNING "CMAKE_BUILD_TYPE not specified, Using 'RelWithDebInfo'")
+    elseif(NOT CMAKE_BUILD_TYPE IN_LIST scylla_build_types)
+        message(FATAL_ERROR "Unknown CMAKE_BUILD_TYPE: ${CMAKE_BUILD_TYPE}. "
+            "Following types are supported: ${scylla_build_types}")
+    endif()
+endif(DEFINED CMAKE_BUILD_TYPE)
+
 include(mode.common)
+if(CMAKE_CONFIGURATION_TYPES)
+    foreach(config ${CMAKE_CONFIGURATION_TYPES})
+        include(mode.${config})
+        list(APPEND scylla_build_modes ${scylla_build_mode_${config}})
+    endforeach()
+    add_custom_target(mode_list
+        COMMAND ${CMAKE_COMMAND} -E echo "$<JOIN:${scylla_build_modes}, >"
+        COMMENT "List configured modes"
+        BYPRODUCTS mode-list.phony.stamp
+        COMMAND_EXPAND_LISTS)
+else()
+    include(mode.${CMAKE_BUILD_TYPE})
+    add_custom_target(mode_list
+        ${CMAKE_COMMAND} -E echo "${scylla_build_mode}"
+        COMMENT "List configured modes")
+endif()
+
 add_compile_definitions(
-    ${Seastar_DEFINITIONS_${build_mode}}
     FMT_DEPRECATED_OSTREAM)
 include(limit_jobs)
 # Configure Seastar compile options to align with Scylla
@@ -37,11 +54,17 @@ set(Seastar_TESTING ON CACHE BOOL "" FORCE)
 set(Seastar_API_LEVEL 7 CACHE STRING "" FORCE)
 set(Seastar_APPS ON CACHE BOOL "" FORCE)
 set(Seastar_EXCLUDE_APPS_FROM_ALL ON CACHE BOOL "" FORCE)
+set(Seastar_EXCLUDE_TESTS_FROM_ALL ON CACHE BOOL "" FORCE)
+set(Seastar_UNUSED_RESULT_ERROR ON CACHE BOOL "" FORCE)
 add_subdirectory(seastar)
 
 # System libraries dependencies
 find_package(Boost REQUIRED
     COMPONENTS filesystem program_options system thread regex unit_test_framework)
+target_link_libraries(Boost::regex
+  INTERFACE
+    ICU::i18n
+    ICU::uc)
 find_package(Lua REQUIRED)
 find_package(ZLIB REQUIRED)
 find_package(ICU COMPONENTS uc i18n REQUIRED)
@@ -108,6 +131,32 @@ target_link_libraries(scylla-main
     Snappy::snappy
     systemd
     ZLIB::ZLIB)
+
+option(Scylla_CHECK_HEADERS
+  "Add check-headers target for checking the self-containness of headers")
+if(Scylla_CHECK_HEADERS)
+    add_custom_target(check-headers)
+    # compatibility target used by CI, which builds "check-headers" only for
+    # the "Dev" mode.
+    # our CI currently builds "dev-headers" using ninja without specify a build
+    # mode. where "dev" is actually a prefix encoded in the target name for the
+    # underlying "headers" target. while we don't have this convention in CMake
+    # targets. in contrast, the "check-headers" which is built for all
+    # configurations defined by "CMAKE_DEFAULT_CONFIGS". however, we only need
+    # to build "check-headers" for the "Dev" configuration. Therefore, before
+    # updating the CI to use build "check-headers:Dev", let's add a new target
+    # that specifically builds "check-headers" only for Dev configuration. The
+    # new target will do nothing for other configurations.
+    add_custom_target(dev-headers
+        COMMAND ${CMAKE_COMMAND}
+          "$<IF:$<CONFIG:Dev>,--build;${CMAKE_BINARY_DIR};--config;$<CONFIG>;--target;check-headers,-E;echo;skipping;dev-headers;in;$<CONFIG>>"
+        COMMAND_EXPAND_LISTS)
+endif()
+
+include(check_headers)
+check_headers(check-headers scylla-main
+  GLOB ${CMAKE_CURRENT_SOURCE_DIR}/*.hh)
+
 add_subdirectory(api)
 add_subdirectory(alternator)
 add_subdirectory(db)
@@ -185,10 +234,6 @@ target_link_libraries(scylla PRIVATE
     transport
     types
     utils)
-target_link_libraries(Boost::regex
-  INTERFACE
-    ICU::i18n
-    ICU::uc)
 
 target_link_libraries(scylla PRIVATE
     seastar

SCYLLA-VERSION-GEN

@@ -28,7 +28,7 @@ The files created are:
 
 By default, these files are created in the 'build'
 subdirectory under the directory containing the script.
-The destination directory can be overriden by
+The destination directory can be overridden by
 using '-o PATH' option.
 END
 )
@@ -87,7 +87,6 @@ then
 else
 	SCYLLA_VERSION=$VERSION
 	if [ -z "$SCYLLA_RELEASE" ]; then
-		DATE=$(date --utc +%Y%m%d)
 		GIT_COMMIT=$(git -C "$SCRIPT_DIR" log --pretty=format:'%h' -n 1 --abbrev=12)
 		# For custom package builds, replace "0" with "counter.your_name",
 		# where counter starts at 1 and increments for successive versions.

alternator/CMakeLists.txt

@@ -28,3 +28,6 @@ target_link_libraries(alternator
   idl
   Seastar::seastar
   xxHash::xxhash)
+
+check_headers(check-headers alternator
+  GLOB_RECURSE ${CMAKE_CURRENT_SOURCE_DIR}/*.hh)

alternator/auth.cc

@@ -7,19 +7,17 @@
  */
 
 #include "alternator/error.hh"
+#include "auth/common.hh"
 #include "log.hh"
 #include <string>
 #include <string_view>
 #include "bytes.hh"
 #include "alternator/auth.hh"
 #include <fmt/format.h>
-#include "auth/common.hh"
 #include "auth/password_authenticator.hh"
-#include "auth/roles-metadata.hh"
 #include "service/storage_proxy.hh"
 #include "alternator/executor.hh"
 #include "cql3/selection/selection.hh"
-#include "query-result-set.hh"
 #include "cql3/result_set.hh"
 #include <seastar/core/coroutine.hh>
 
@@ -27,8 +25,8 @@ namespace alternator {
 
 static logging::logger alogger("alternator-auth");
 
-future<std::string> get_key_from_roles(service::storage_proxy& proxy, std::string username) {
-    schema_ptr schema = proxy.data_dictionary().find_schema("system_auth", "roles");
+future<std::string> get_key_from_roles(service::storage_proxy& proxy, auth::service& as, std::string username) {
+    schema_ptr schema = proxy.data_dictionary().find_schema(auth::get_auth_ks_name(as.query_processor()), "roles");
     partition_key pk = partition_key::from_single_value(*schema, utf8_type->decompose(username));
     dht::partition_range_vector partition_ranges{dht::partition_range(dht::decorate_key(*schema, pk))};
     std::vector<query::clustering_range> bounds{query::clustering_range::make_open_ended_both_sides()};

alternator/auth.hh

@@ -9,10 +9,8 @@
 #pragma once
 
 #include <string>
-#include <string_view>
-#include <array>
-#include "gc_clock.hh"
 #include "utils/loading_cache.hh"
+#include "auth/service.hh"
 
 namespace service {
 class storage_proxy;
@@ -22,6 +20,6 @@ namespace alternator {
 
 using key_cache = utils::loading_cache<std::string, std::string, 1>;
 
-future<std::string> get_key_from_roles(service::storage_proxy& proxy, std::string username);
+future<std::string> get_key_from_roles(service::storage_proxy& proxy, auth::service& as, std::string username);
 
 }

alternator/conditions.cc

@@ -6,12 +6,9 @@
  * SPDX-License-Identifier: AGPL-3.0-or-later
  */
 
-#include <list>
-#include <map>
 #include <string_view>
 #include "alternator/conditions.hh"
 #include "alternator/error.hh"
-#include "cql3/constants.hh"
 #include <unordered_map>
 #include "utils/rjson.hh"
 #include "serialization.hh"
@@ -342,7 +339,7 @@ static bool check_NOT_NULL(const rjson::value* val) {
 }
 
 // Only types S, N or B (string, number or bytes) may be compared by the
-// various comparion operators - lt, le, gt, ge, and between.
+// various comparison operators - lt, le, gt, ge, and between.
 // Note that in particular, if the value is missing (v->IsNull()), this
 // check returns false.
 static bool check_comparable_type(const rjson::value& v) {

alternator/conditions.hh

@@ -18,8 +18,6 @@
 
 #pragma once
 
-#include "cql3/restrictions/statement_restrictions.hh"
-#include "serialization.hh"
 #include "expressions_types.hh"
 
 namespace alternator {

alternator/controller.cc

@@ -73,11 +73,11 @@ future<> controller::start_server() {
         // shards - if necessary for LWT.
         smp_service_group_config c;
         c.max_nonlocal_requests = 5000;
-        _ssg = create_smp_service_group(c).get0();
+        _ssg = create_smp_service_group(c).get();
 
         rmw_operation::set_default_write_isolation(_config.alternator_write_isolation());
 
-        net::inet_address addr = utils::resolve(_config.alternator_address, family).get0();
+        net::inet_address addr = utils::resolve(_config.alternator_address, family).get();
 
         auto get_cdc_metadata = [] (cdc::generation_service& svc) { return std::ref(svc.get_cdc_metadata()); };
         auto get_timeout_in_ms = [] (const db::config& cfg) -> utils::updateable_value<uint32_t> {

alternator/error.hh

@@ -10,6 +10,7 @@
 
 #include <seastar/http/httpd.hh>
 #include "seastarx.hh"
+#include "utils/rjson.hh"
 
 namespace alternator {
 
@@ -27,10 +28,16 @@ public:
     status_type _http_code;
     std::string _type;
     std::string _msg;
-    api_error(std::string type, std::string msg, status_type http_code = status_type::bad_request)
+    // Additional data attached to the error, null value if not set. It's wrapped in copyable_value
+    // class because copy constructor is required for exception classes otherwise it won't compile
+    // (despite that its use may be optimized away).
+    rjson::copyable_value _extra_fields; 
+    api_error(std::string type, std::string msg, status_type http_code = status_type::bad_request,
+    rjson::value extra_fields = rjson::null_value())
         : _http_code(std::move(http_code))
         , _type(std::move(type))
         , _msg(std::move(msg))
+        , _extra_fields(std::move(extra_fields))
     { }
 
     // Factory functions for some common types of DynamoDB API errors
@@ -58,8 +65,13 @@ public:
     static api_error access_denied(std::string msg) {
         return api_error("AccessDeniedException", std::move(msg));
     }
-    static api_error conditional_check_failed(std::string msg) {
-        return api_error("ConditionalCheckFailedException", std::move(msg));
+    static api_error conditional_check_failed(std::string msg, rjson::value&& item) {
+        if (!item.IsNull()) {
+            auto tmp = rjson::empty_object();
+            rjson::add(tmp, "Item", std::move(item));
+            item = std::move(tmp);
+        }
+        return api_error("ConditionalCheckFailedException", std::move(msg), status_type::bad_request, std::move(item));
     }
     static api_error expired_iterator(std::string msg) {
         return api_error("ExpiredIteratorException", std::move(msg));

alternator/executor.cc

@@ -6,13 +6,11 @@
  * SPDX-License-Identifier: AGPL-3.0-or-later
  */
 
-#include "utils/base64.hh"
-
 #include <seastar/core/sleep.hh>
 #include "alternator/executor.hh"
+#include "db/config.hh"
 #include "log.hh"
 #include "schema/schema_builder.hh"
-#include "data_dictionary/keyspace_metadata.hh"
 #include "exceptions/exceptions.hh"
 #include "timestamp.hh"
 #include "types/map.hh"
@@ -21,17 +19,13 @@
 #include "query-result-reader.hh"
 #include "cql3/selection/selection.hh"
 #include "cql3/result_set.hh"
-#include "cql3/type_json.hh"
 #include "bytes.hh"
-#include "cql3/update_parameters.hh"
-#include "server.hh"
 #include "service/pager/query_pagers.hh"
 #include <functional>
 #include "error.hh"
 #include "serialization.hh"
 #include "expressions.hh"
 #include "conditions.hh"
-#include "cql3/constants.hh"
 #include "cql3/util.hh"
 #include <optional>
 #include "utils/overloaded_functor.hh"
@@ -41,6 +35,7 @@
 #include "schema/schema.hh"
 #include "db/tags/extension.hh"
 #include "db/tags/utils.hh"
+#include "replica/database.hh"
 #include "alternator/rmw_operation.hh"
 #include <seastar/core/coroutine.hh>
 #include <boost/range/adaptors.hpp>
@@ -48,7 +43,6 @@
 #include <unordered_set>
 #include "service/storage_proxy.hh"
 #include "gms/gossiper.hh"
-#include "schema/schema_registry.hh"
 #include "utils/error_injection.hh"
 #include "db/schema_tables.hh"
 #include "utils/rjson.hh"
@@ -77,10 +71,10 @@ static sstring_view table_status_to_sstring(table_status tbl_status) {
         case table_status::deleting:
             return "DELETING";
     }
-    return "UKNOWN";
+    return "UNKNOWN";
 }
 
-static lw_shared_ptr<keyspace_metadata> create_keyspace_metadata(std::string_view keyspace_name, service::storage_proxy& sp, gms::gossiper& gossiper, api::timestamp_type);
+static lw_shared_ptr<keyspace_metadata> create_keyspace_metadata(std::string_view keyspace_name, service::storage_proxy& sp, gms::gossiper& gossiper, api::timestamp_type, const std::map<sstring, sstring>& tags_map);
 
 static map_type attrs_type() {
     static thread_local auto t = map_type_impl::get_instance(utf8_type, bytes_type, true);
@@ -770,15 +764,33 @@ enum class update_tags_action { add_tags, delete_tags };
 static void update_tags_map(const rjson::value& tags, std::map<sstring, sstring>& tags_map, update_tags_action action) {
     if (action == update_tags_action::add_tags) {
         for (auto it = tags.Begin(); it != tags.End(); ++it) {
-            const rjson::value& key = (*it)["Key"];
-            const rjson::value& value = (*it)["Value"];
-            auto tag_key = rjson::to_string_view(key);
-            if (tag_key.empty() || tag_key.size() > 128 || !validate_legal_tag_chars(tag_key)) {
-                throw api_error::validation("The Tag Key provided is invalid string");
+            if (!it->IsObject()) {
+                throw api_error::validation("invalid tag object");
             }
-            auto tag_value = rjson::to_string_view(value);
-            if (tag_value.empty() || tag_value.size() > 256 || !validate_legal_tag_chars(tag_value)) {
-                throw api_error::validation("The Tag Value provided is invalid string");
+            const rjson::value* key = rjson::find(*it, "Key");
+            const rjson::value* value = rjson::find(*it, "Value");
+            if (!key || !key->IsString() || !value || !value->IsString()) {
+                throw api_error::validation("string Key and Value required");
+            }
+            auto tag_key = rjson::to_string_view(*key);
+            auto tag_value = rjson::to_string_view(*value);
+
+            if (tag_key.empty()) {
+                throw api_error::validation("A tag Key cannot be empty");
+            }
+            if (tag_key.size() > 128) {
+                throw api_error::validation("A tag Key is limited to 128 characters");
+            }
+            if (!validate_legal_tag_chars(tag_key)) {
+                throw api_error::validation("A tag Key can only contain letters, spaces, and [+-=._:/]");
+            }
+            // Note tag values are limited similarly to tag keys, but have a
+            // longer length limit, and *can* be empty.
+            if (tag_value.size() > 256) {
+                throw api_error::validation("A tag Value is limited to 256 characters");
+            }
+            if (!validate_legal_tag_chars(tag_value)) {
+                throw api_error::validation("A tag Value can only contain letters, spaces, and [+-=._:/]");
             }
             tags_map[sstring(tag_key)] = sstring(tag_value);
         }
@@ -994,7 +1006,7 @@ static future<executor::request_return_type> create_table_on_shard0(tracing::tra
                 add_column(view_builder, view_range_key, attribute_definitions, column_kind::clustering_key);
             }
             // Base key columns which aren't part of the index's key need to
-            // be added to the view nontheless, as (additional) clustering
+            // be added to the view nonetheless, as (additional) clustering
             // key(s).
             if  (hash_key != view_hash_key && hash_key != view_range_key) {
                 add_column(view_builder, hash_key, attribute_definitions, column_kind::clustering_key);
@@ -1002,6 +1014,8 @@ static future<executor::request_return_type> create_table_on_shard0(tracing::tra
             if  (!range_key.empty() && range_key != view_hash_key && range_key != view_range_key) {
                 add_column(view_builder, range_key, attribute_definitions, column_kind::clustering_key);
             }
+            // GSIs have no tags:
+            view_builder.add_extension(db::tags_extension::NAME, ::make_shared<db::tags_extension>());
             sstring where_clause = format("{} IS NOT NULL", cql3::util::maybe_quote(view_hash_key));
             if (!view_range_key.empty()) {
                 where_clause = format("{} AND {} IS NOT NULL", where_clause,
@@ -1051,7 +1065,7 @@ static future<executor::request_return_type> create_table_on_shard0(tracing::tra
             }
             add_column(view_builder, view_range_key, attribute_definitions, column_kind::clustering_key);
             // Base key columns which aren't part of the index's key need to
-            // be added to the view nontheless, as (additional) clustering
+            // be added to the view nonetheless, as (additional) clustering
             // key(s).
             if  (!range_key.empty() && view_range_key != range_key) {
                 add_column(view_builder, range_key, attribute_definitions, column_kind::clustering_key);
@@ -1066,6 +1080,11 @@ static future<executor::request_return_type> create_table_on_shard0(tracing::tra
                     cql3::util::maybe_quote(view_range_key));
             }
             where_clauses.push_back(std::move(where_clause));
+            // LSIs have no tags, but Scylla's "synchronous_updates" feature
+            // (which an LSIs need), is actually implemented as a tag so we
+            // need to add it here:
+            std::map<sstring, sstring> tags_map = {{db::SYNCHRONOUS_VIEW_UPDATES_TAG_KEY, "true"}};
+            view_builder.add_extension(db::tags_extension::NAME, ::make_shared<db::tags_extension>(tags_map));
             view_builders.emplace_back(std::move(view_builder));
         }
     }
@@ -1112,7 +1131,6 @@ static future<executor::request_return_type> create_table_on_shard0(tracing::tra
         }
         const bool include_all_columns = true;
         view_builder.with_view_info(*schema, include_all_columns, *where_clause_it);
-        view_builder.add_extension(db::tags_extension::NAME, ::make_shared<db::tags_extension>());
         ++where_clause_it;
     }
 
@@ -1121,7 +1139,19 @@ static future<executor::request_return_type> create_table_on_shard0(tracing::tra
     auto group0_guard = co_await mm.start_group0_operation();
     auto ts = group0_guard.write_timestamp();
     std::vector<mutation> schema_mutations;
-    auto ksm = create_keyspace_metadata(keyspace_name, sp, gossiper, ts);
+    auto ksm = create_keyspace_metadata(keyspace_name, sp, gossiper, ts, tags_map);
+    // Alternator Streams doesn't yet work when the table uses tablets (#16317)
+    if (stream_specification && stream_specification->IsObject()) {
+        auto stream_enabled = rjson::find(*stream_specification, "StreamEnabled");
+        if (stream_enabled && stream_enabled->IsBool() && stream_enabled->GetBool()) {
+            locator::replication_strategy_params params(ksm->strategy_options(), ksm->initial_tablets());
+            auto rs = locator::abstract_replication_strategy::create_replication_strategy(ksm->strategy_name(), params);
+            if (rs->uses_tablets()) {
+                co_return api_error::validation("Streams not yet supported on a table using tablets (issue #16317). "
+                "If you want to use streams, create a table with vnodes by setting the tag 'experimental:initial_tablets' set to 'none'.");
+            }
+        }
+    }
     try {
         schema_mutations = service::prepare_new_keyspace_announcement(sp.local_db(), ksm, ts);
     } catch (exceptions::already_exists_exception&) {
@@ -1135,8 +1165,18 @@ static future<executor::request_return_type> create_table_on_shard0(tracing::tra
     }
     co_await service::prepare_new_column_family_announcement(schema_mutations, sp, *ksm, schema, ts);
     for (schema_builder& view_builder : view_builders) {
+        view_ptr view(view_builder.build());
         db::schema_tables::add_table_or_view_to_schema_mutation(
-            view_ptr(view_builder.build()), ts, true, schema_mutations);
+            view, ts, true, schema_mutations);
+        // add_table_or_view_to_schema_mutation() is a low-level function that
+        // doesn't call the callbacks that prepare_new_view_announcement()
+        // calls. So we need to call this callback here :-( If we don't, among
+        // other things *tablets* will not be created for the new view.
+        // These callbacks need to be called in a Seastar thread.
+        co_await seastar::async([&sp, &ksm, &view, &schema_mutations, ts] {
+            return sp.local_db().get_notifier().before_create_column_family(*ksm, *view, schema_mutations, ts);
+        });
+
     }
     co_await mm.announce(std::move(schema_mutations), std::move(group0_guard), format("alternator-executor: create {} table", table_name));
 
@@ -1199,6 +1239,13 @@ future<executor::request_return_type> executor::update_table(client_state& clien
         rjson::value* stream_specification = rjson::find(request, "StreamSpecification");
         if (stream_specification && stream_specification->IsObject()) {
             add_stream_options(*stream_specification, builder, p.local());
+            // Alternator Streams doesn't yet work when the table uses tablets (#16317)
+            auto stream_enabled = rjson::find(*stream_specification, "StreamEnabled");
+            if (stream_enabled && stream_enabled->IsBool() && stream_enabled->GetBool() &&
+                p.local().local_db().find_keyspace(tab->ks_name()).get_replication_strategy().uses_tablets()) {
+                co_return api_error::validation("Streams not yet supported on a table using tablets (issue #16317). "
+                    "If you want to enable streams, re-create this table with vnodes (with the tag 'experimental:initial_tablets' set to 'none').");
+            }
         }
 
         auto schema = builder.build();
@@ -1489,11 +1536,31 @@ rmw_operation::returnvalues rmw_operation::parse_returnvalues(const rjson::value
     }
 }
 
+rmw_operation::returnvalues_on_condition_check_failure
+rmw_operation::parse_returnvalues_on_condition_check_failure(const rjson::value& request) {
+    const rjson::value* attribute_value = rjson::find(request, "ReturnValuesOnConditionCheckFailure");
+    if (!attribute_value) {
+        return rmw_operation::returnvalues_on_condition_check_failure::NONE;
+    }
+    if (!attribute_value->IsString()) {
+        throw api_error::validation(format("Expected string value for ReturnValuesOnConditionCheckFailure, got: {}", *attribute_value));
+    }
+    auto s = rjson::to_string_view(*attribute_value);
+    if (s == "NONE") {
+        return rmw_operation::returnvalues_on_condition_check_failure::NONE;
+    } else if (s == "ALL_OLD") {
+        return rmw_operation::returnvalues_on_condition_check_failure::ALL_OLD;
+    } else {
+        throw api_error::validation(format("Unrecognized value for ReturnValuesOnConditionCheckFailure: {}", s));
+    }
+}
+
 rmw_operation::rmw_operation(service::storage_proxy& proxy, rjson::value&& request)
     : _request(std::move(request))
     , _schema(get_table(proxy, _request))
     , _write_isolation(get_write_isolation_for_schema(_schema))
     , _returnvalues(parse_returnvalues(_request))
+    , _returnvalues_on_condition_check_failure(parse_returnvalues_on_condition_check_failure(_request))
 {
     // _pk and _ck will be assigned later, by the subclass's constructor
     // (each operation puts the key in a slightly different location in
@@ -1599,7 +1666,7 @@ future<executor::request_return_type> rmw_operation::execute(service::storage_pr
                     [this, &proxy, trace_state, permit = std::move(permit)] (std::unique_ptr<rjson::value> previous_item) mutable {
                 std::optional<mutation> m = apply(std::move(previous_item), api::new_timestamp());
                 if (!m) {
-                    return make_ready_future<executor::request_return_type>(api_error::conditional_check_failed("Failed condition."));
+                    return make_ready_future<executor::request_return_type>(api_error::conditional_check_failed("The conditional request failed", std::move(_return_attributes)));
                 }
                 return proxy.mutate(std::vector<mutation>{std::move(*m)}, db::consistency_level::LOCAL_QUORUM, executor::default_timeout(), trace_state, std::move(permit), db::allow_per_partition_rate_limit::yes).then([this] () mutable {
                     return rmw_operation_return(std::move(_return_attributes));
@@ -1624,7 +1691,7 @@ future<executor::request_return_type> rmw_operation::execute(service::storage_pr
             {timeout, std::move(permit), client_state, trace_state},
             db::consistency_level::LOCAL_SERIAL, db::consistency_level::LOCAL_QUORUM, timeout, timeout).then([this, read_command] (bool is_applied) mutable {
         if (!is_applied) {
-            return make_ready_future<executor::request_return_type>(api_error::conditional_check_failed("Failed condition."));
+            return make_ready_future<executor::request_return_type>(api_error::conditional_check_failed("The conditional request failed", std::move(_return_attributes)));
         }
         return rmw_operation_return(std::move(_return_attributes));
     });
@@ -1713,6 +1780,10 @@ public:
     virtual std::optional<mutation> apply(std::unique_ptr<rjson::value> previous_item, api::timestamp_type ts) const override {
         if (!verify_expected(_request, previous_item.get()) ||
             !verify_condition_expression(_condition_expression, previous_item.get())) {
+            if (previous_item && _returnvalues_on_condition_check_failure ==
+                returnvalues_on_condition_check_failure::ALL_OLD) {
+                _return_attributes = std::move(*previous_item);
+            }
             // If the update is to be cancelled because of an unfulfilled Expected
             // condition, return an empty optional mutation, which is more
             // efficient than throwing an exception.
@@ -1753,7 +1824,7 @@ future<executor::request_return_type> executor::put_item(client_state& client_st
         });
     }
     return op->execute(_proxy, client_state, trace_state, std::move(permit), needs_read_before_write, _stats).finally([op, start_time, this] {
-        _stats.api_operations.put_item_latency.add(std::chrono::steady_clock::now() - start_time);
+        _stats.api_operations.put_item_latency.mark(std::chrono::steady_clock::now() - start_time);
     });
 }
 
@@ -1798,6 +1869,10 @@ public:
     virtual std::optional<mutation> apply(std::unique_ptr<rjson::value> previous_item, api::timestamp_type ts) const override {
         if (!verify_expected(_request, previous_item.get()) ||
             !verify_condition_expression(_condition_expression, previous_item.get())) {
+            if (previous_item && _returnvalues_on_condition_check_failure ==
+                returnvalues_on_condition_check_failure::ALL_OLD) {
+                _return_attributes = std::move(*previous_item);
+            }
             // If the update is to be cancelled because of an unfulfilled Expected
             // condition, return an empty optional mutation, which is more
             // efficient than throwing an exception.
@@ -1838,7 +1913,7 @@ future<executor::request_return_type> executor::delete_item(client_state& client
         });
     }
     return op->execute(_proxy, client_state, trace_state, std::move(permit), needs_read_before_write, _stats).finally([op, start_time, this] {
-        _stats.api_operations.delete_item_latency.add(std::chrono::steady_clock::now() - start_time);
+        _stats.api_operations.delete_item_latency.mark(std::chrono::steady_clock::now() - start_time);
     });
 }
 
@@ -2240,7 +2315,7 @@ enum class select_type { regular, count, projection };
 static select_type parse_select(const rjson::value& request, table_or_view_type table_type) {
     const rjson::value* select_value = rjson::find(request, "Select");
     if (!select_value) {
-        // If "Select" is not specificed, it defaults to ALL_ATTRIBUTES
+        // If "Select" is not specified, it defaults to ALL_ATTRIBUTES
         // on a base table, or ALL_PROJECTED_ATTRIBUTES on an index
         return table_type == table_or_view_type::base ?
             select_type::regular : select_type::projection;
@@ -2677,22 +2752,35 @@ static std::optional<rjson::value> action_result(
     }, action._action);
 }
 
+}
+
 // Print an attribute_path_map_node<action> as the list of paths it contains:
-static std::ostream& operator<<(std::ostream& out, const attribute_path_map_node<parsed::update_expression::action>& h) {
+template <> struct fmt::formatter<alternator::attribute_path_map_node<alternator::parsed::update_expression::action>> {
+    constexpr auto parse(format_parse_context& ctx) { return ctx.begin(); }
+    // this function recursively call into itself, so we have to forward declare it.
+    auto format(const alternator::attribute_path_map_node<alternator::parsed::update_expression::action>& h, fmt::format_context& ctx) const
+      -> decltype(ctx.out());
+};
+
+auto fmt::formatter<alternator::attribute_path_map_node<alternator::parsed::update_expression::action>>::format(const alternator::attribute_path_map_node<alternator::parsed::update_expression::action>& h, fmt::format_context& ctx) const
+    -> decltype(ctx.out()) {
+    auto out = ctx.out();
     if (h.has_value()) {
-        out << " " << h.get_value()._path;
+        out = fmt::format_to(out, " {}", h.get_value()._path);
     } else if (h.has_members()) {
         for (auto& member : h.get_members()) {
-            out << *member.second;
+            out = fmt::format_to(out, "{}", *member.second);
         }
     } else if (h.has_indexes()) {
         for (auto& index : h.get_indexes()) {
-            out << *index.second;
+            out = fmt::format_to(out, "{}", *index.second);
         }
     }
     return out;
 }
 
+namespace alternator {
+
 // Apply the hierarchy of actions in an attribute_path_map_node<action> to a
 // JSON object which uses DynamoDB's serialization conventions. The complete,
 // unmodified, previous_item is also necessary for the right-hand sides of the
@@ -2794,6 +2882,10 @@ std::optional<mutation>
 update_item_operation::apply(std::unique_ptr<rjson::value> previous_item, api::timestamp_type ts) const {
     if (!verify_expected(_request, previous_item.get()) ||
         !verify_condition_expression(_condition_expression, previous_item.get())) {
+        if (previous_item && _returnvalues_on_condition_check_failure ==
+            returnvalues_on_condition_check_failure::ALL_OLD) {
+            _return_attributes = std::move(*previous_item);
+        }
         // If the update is to be cancelled because of an unfulfilled
         // condition, return an empty optional mutation, which is more
         // efficient than throwing an exception.
@@ -3085,14 +3177,14 @@ future<executor::request_return_type> executor::update_item(client_state& client
         });
     }
     return op->execute(_proxy, client_state, trace_state, std::move(permit), needs_read_before_write, _stats).finally([op, start_time, this] {
-        _stats.api_operations.update_item_latency.add(std::chrono::steady_clock::now() - start_time);
+        _stats.api_operations.update_item_latency.mark(std::chrono::steady_clock::now() - start_time);
     });
 }
 
 // Check according to the request's "ConsistentRead" field, which consistency
 // level we need to use for the read. The field can be True for strongly
 // consistent reads, or False for eventually consistent reads, or if this
-// field is absense, we default to eventually consistent reads.
+// field is absence, we default to eventually consistent reads.
 // In Scylla, eventually-consistent reads are implemented as consistency
 // level LOCAL_ONE, and strongly-consistent reads as LOCAL_QUORUM.
 static db::consistency_level get_read_consistency(const rjson::value& request) {
@@ -3169,7 +3261,7 @@ future<executor::request_return_type> executor::get_item(client_state& client_st
     return _proxy.query(schema, std::move(command), std::move(partition_ranges), cl,
             service::storage_proxy::coordinator_query_options(executor::default_timeout(), std::move(permit), client_state, trace_state)).then(
             [this, schema, partition_slice = std::move(partition_slice), selection = std::move(selection), attrs_to_get = std::move(attrs_to_get), start_time = std::move(start_time)] (service::storage_proxy::coordinator_query_result qr) mutable {
-        _stats.api_operations.get_item_latency.add(std::chrono::steady_clock::now() - start_time);
+        _stats.api_operations.get_item_latency.mark(std::chrono::steady_clock::now() - start_time);
         return make_ready_future<executor::request_return_type>(make_jsonable(describe_item(schema, partition_slice, *selection, *qr.query_result, std::move(attrs_to_get))));
     });
 }
@@ -3540,7 +3632,7 @@ public:
         // the JSON but take them out before finally returning the JSON.
         if (_attrs_to_get) {
             _filter.for_filters_on([&] (std::string_view attr) {
-                std::string a(attr); // no heterogenous maps searches :-(
+                std::string a(attr); // no heterogeneous maps searches :-(
                 if (!_attrs_to_get->contains(a)) {
                     _extra_filter_attrs.emplace(std::move(a));
                 }
@@ -3625,9 +3717,9 @@ public:
     }
 };
 
-static std::tuple<rjson::value, size_t> describe_items(const cql3::selection::selection& selection, std::unique_ptr<cql3::result_set> result_set, std::optional<attrs_to_get>&& attrs_to_get, filter&& filter) {
+static future<std::tuple<rjson::value, size_t>> describe_items(const cql3::selection::selection& selection, std::unique_ptr<cql3::result_set> result_set, std::optional<attrs_to_get>&& attrs_to_get, filter&& filter) {
     describe_items_visitor visitor(selection.get_columns(), attrs_to_get, filter);
-    result_set->visit(visitor);
+    co_await result_set->visit_gently(visitor);
     auto scanned_count = visitor.get_scanned_count();
     rjson::value items = std::move(visitor).get_items();
     rjson::value items_descr = rjson::empty_object();
@@ -3644,7 +3736,7 @@ static std::tuple<rjson::value, size_t> describe_items(const cql3::selection::se
     if (!attrs_to_get || !attrs_to_get->empty()) {
         rjson::add(items_descr, "Items", std::move(items));
     }
-    return {std::move(items_descr), size};
+    co_return std::tuple<rjson::value, size_t>{std::move(items_descr), size};
 }
 
 static rjson::value encode_paging_state(const schema& schema, const service::pager::paging_state& paging_state) {
@@ -3685,18 +3777,18 @@ static rjson::value encode_paging_state(const schema& schema, const service::pag
 static future<executor::request_return_type> do_query(service::storage_proxy& proxy,
         schema_ptr schema,
         const rjson::value* exclusive_start_key,
-        dht::partition_range_vector&& partition_ranges,
-        std::vector<query::clustering_range>&& ck_bounds,
-        std::optional<attrs_to_get>&& attrs_to_get,
+        dht::partition_range_vector partition_ranges,
+        std::vector<query::clustering_range> ck_bounds,
+        std::optional<attrs_to_get> attrs_to_get,
         uint32_t limit,
         db::consistency_level cl,
-        filter&& filter,
+        filter filter,
         query::partition_slice::option_set custom_opts,
         service::client_state& client_state,
         cql3::cql_stats& cql_stats,
         tracing::trace_state_ptr trace_state,
         service_permit permit) {
-    lw_shared_ptr<service::pager::paging_state> paging_state = nullptr;
+    lw_shared_ptr<service::pager::paging_state> old_paging_state = nullptr;
 
     tracing::trace(trace_state, "Performing a database query");
 
@@ -3706,7 +3798,7 @@ static future<executor::request_return_type> do_query(service::storage_proxy& pr
         if (schema->clustering_key_size() > 0) {
             pos = pos_from_json(*exclusive_start_key, schema);
         }
-        paging_state = make_lw_shared<service::pager::paging_state>(pk, pos, query::max_partitions, query_id::create_null_id(), service::pager::paging_state::replicas_per_token_range{}, std::nullopt, 0);
+        old_paging_state = make_lw_shared<service::pager::paging_state>(pk, pos, query::max_partitions, query_id::create_null_id(), service::pager::paging_state::replicas_per_token_range{}, std::nullopt, 0);
     }
 
     auto regular_columns = boost::copy_range<query::column_id_vector>(
@@ -3725,34 +3817,28 @@ static future<executor::request_return_type> do_query(service::storage_proxy& pr
     // FIXME: should be moved above, set on opts, so get_max_result_size knows it?
     command->slice.options.set<query::partition_slice::option::allow_short_read>();
     auto query_options = std::make_unique<cql3::query_options>(cl, std::vector<cql3::raw_value>{});
-    query_options = std::make_unique<cql3::query_options>(std::move(query_options), std::move(paging_state));
+    query_options = std::make_unique<cql3::query_options>(std::move(query_options), std::move(old_paging_state));
     auto p = service::pager::query_pagers::pager(proxy, schema, selection, *query_state_ptr, *query_options, command, std::move(partition_ranges), nullptr);
 
-    return p->fetch_page(limit, gc_clock::now(), executor::default_timeout()).then(
-            [p = std::move(p), schema, cql_stats, partition_slice = std::move(partition_slice),
-             selection = std::move(selection), query_state_ptr = std::move(query_state_ptr),
-             attrs_to_get = std::move(attrs_to_get),
-             query_options = std::move(query_options),
-             filter = std::move(filter)] (std::unique_ptr<cql3::result_set> rs) mutable {
-        if (!p->is_exhausted()) {
-            rs->get_metadata().set_paging_state(p->state());
-        }
-        auto paging_state = rs->get_metadata().paging_state();
-        bool has_filter = filter;
-        auto [items, size] = describe_items(*selection, std::move(rs), std::move(attrs_to_get), std::move(filter));
-        if (paging_state) {
-            rjson::add(items, "LastEvaluatedKey", encode_paging_state(*schema, *paging_state));
-        }
-        if (has_filter){
-            cql_stats.filtered_rows_read_total += p->stats().rows_read_total;
-            // update our "filtered_row_matched_total" for all the rows matched, despited the filter
-            cql_stats.filtered_rows_matched_total += size;
-        }
-        if (is_big(items)) {
-            return make_ready_future<executor::request_return_type>(make_streamed(std::move(items)));
-        }
-        return make_ready_future<executor::request_return_type>(make_jsonable(std::move(items)));
-    });
+    std::unique_ptr<cql3::result_set> rs = co_await p->fetch_page(limit, gc_clock::now(), executor::default_timeout());
+    if (!p->is_exhausted()) {
+        rs->get_metadata().set_paging_state(p->state());
+    }
+    auto paging_state = rs->get_metadata().paging_state();
+    bool has_filter = filter;
+    auto [items, size] = co_await describe_items(*selection, std::move(rs), std::move(attrs_to_get), std::move(filter));
+    if (paging_state) {
+        rjson::add(items, "LastEvaluatedKey", encode_paging_state(*schema, *paging_state));
+    }
+    if (has_filter){
+        cql_stats.filtered_rows_read_total += p->stats().rows_read_total;
+        // update our "filtered_row_matched_total" for all the rows matched, despited the filter
+        cql_stats.filtered_rows_matched_total += size;
+    }
+    if (is_big(items)) {
+        co_return executor::request_return_type(make_streamed(std::move(items)));
+    }
+    co_return executor::request_return_type(make_jsonable(std::move(items)));
 }
 
 static dht::token token_for_segment(int segment, int total_segments) {
@@ -4463,7 +4549,7 @@ future<executor::request_return_type> executor::describe_continuous_backups(clie
 // of nodes in the cluster: A cluster with 3 or more live nodes, gets RF=3.
 // A smaller cluster (presumably, a test only), gets RF=1. The user may
 // manually create the keyspace to override this predefined behavior.
-static lw_shared_ptr<keyspace_metadata> create_keyspace_metadata(std::string_view keyspace_name, service::storage_proxy& sp, gms::gossiper& gossiper, api::timestamp_type ts) {
+static lw_shared_ptr<keyspace_metadata> create_keyspace_metadata(std::string_view keyspace_name, service::storage_proxy& sp, gms::gossiper& gossiper, api::timestamp_type ts, const std::map<sstring, sstring>& tags_map) {
     int endpoint_count = gossiper.num_endpoints();
     int rf = 3;
     if (endpoint_count < rf) {
@@ -4473,7 +4559,36 @@ static lw_shared_ptr<keyspace_metadata> create_keyspace_metadata(std::string_vie
     }
     auto opts = get_network_topology_options(sp, gossiper, rf);
 
-    return keyspace_metadata::new_keyspace(keyspace_name, "org.apache.cassandra.locator.NetworkTopologyStrategy", std::move(opts), true);
+    // Even if the "tablets" experimental feature is available, we currently
+    // do not enable tablets by default on Alternator tables because LWT is
+    // not yet fully supported with tablets.
+    // The user can override the choice of whether or not to use tablets at
+    // table-creation time by supplying the following tag with a numeric value
+    // (setting the value to 0 means enabling tablets with automatic selection
+    // of the best number of tablets).
+    // Setting this tag to any non-numeric value (e.g., an empty string or the
+    // word "none") will ask to disable tablets.
+    // If we make this tag a permanent feature, it will get a "system:" prefix -
+    // until then we give it the "experimental:" prefix to not commit to it.
+    static constexpr auto INITIAL_TABLETS_TAG_KEY = "experimental:initial_tablets";
+    // initial_tablets currently defaults to unset, so tablets will not be
+    // used by default on new Alternator tables. Change this initialization
+    // to 0 enable tablets by default, with automatic number of tablets.
+    std::optional<unsigned> initial_tablets;
+    if (sp.get_db().local().get_config().check_experimental(db::experimental_features_t::feature::TABLETS)) {
+        auto it = tags_map.find(INITIAL_TABLETS_TAG_KEY);
+        if (it != tags_map.end()) {
+            // Tag set. If it's a valid number, use it. If not - e.g., it's
+            // empty or a word like "none", disable tablets by setting
+            // initial_tablets to a disengaged optional.
+            try {
+                initial_tablets = std::stol(tags_map.at(INITIAL_TABLETS_TAG_KEY));
+            } catch(...) {
+                initial_tablets = std::nullopt;
+            }
+        }
+    }
+    return keyspace_metadata::new_keyspace(keyspace_name, "org.apache.cassandra.locator.NetworkTopologyStrategy", std::move(opts), initial_tablets);
 }
 
 future<> executor::start() {

alternator/expressions.cc

@@ -133,21 +133,6 @@ void path::check_depth_limit() {
     }
 }
 
-std::ostream& operator<<(std::ostream& os, const path& p) {
-    os << p.root();
-    for (const auto& op : p.operators()) {
-        std::visit(overloaded_functor {
-            [&] (const std::string& member) {
-                os << '.' << member;
-            },
-            [&] (unsigned index) {
-                os << '[' << index << ']';
-            }
-        }, op);
-    }
-    return os;
-}
-
 } // namespace parsed
 
 // The following resolve_*() functions resolve references in parsed
@@ -756,3 +741,20 @@ rjson::value calculate_value(const parsed::set_rhs& rhs,
 }
 
 } // namespace alternator
+
+auto fmt::formatter<alternator::parsed::path>::format(const alternator::parsed::path& p, fmt::format_context& ctx) const
+        -> decltype(ctx.out()) {
+    auto out = ctx.out();
+    out = fmt::format_to(out, "{}", p.root());
+    for (const auto& op : p.operators()) {
+        std::visit(overloaded_functor {
+            [&] (const std::string& member) {
+                out = fmt::format_to(out, ".{}", member);
+            },
+            [&] (unsigned index) {
+                out = fmt::format_to(out, "[{}]", index);
+            }
+        }, op);
+    }
+    return out;
+}

alternator/expressions.hh

@@ -60,24 +60,30 @@ enum class calculate_value_caller {
     UpdateExpression, ConditionExpression, ConditionExpressionAlone
 };
 
-inline std::ostream& operator<<(std::ostream& out, calculate_value_caller caller) {
-    switch (caller) {
-        case calculate_value_caller::UpdateExpression:
-            out << "UpdateExpression";
-            break;
-        case calculate_value_caller::ConditionExpression:
-            out << "ConditionExpression";
-            break;
-        case calculate_value_caller::ConditionExpressionAlone:
-            out << "ConditionExpression";
-            break;
-        default:
-            out << "unknown type of expression";
-            break;
-    }
-    return out;
 }
 
+template <> struct fmt::formatter<alternator::calculate_value_caller> {
+    constexpr auto parse(format_parse_context& ctx) { return ctx.begin(); }
+    auto format(alternator::calculate_value_caller caller, fmt::format_context& ctx) const {
+        std::string_view name = "unknown type of expression";
+        switch (caller) {
+            using enum alternator::calculate_value_caller;
+            case UpdateExpression:
+                name = "UpdateExpression";
+                break;
+            case ConditionExpression:
+                name = "ConditionExpression";
+                break;
+            case ConditionExpressionAlone:
+                name = "ConditionExpression";
+                break;
+        }
+        return fmt::format_to(ctx.out(), "{}", name);
+    }
+};
+
+namespace alternator {
+
 rjson::value calculate_value(const parsed::value& v,
         calculate_value_caller caller,
         const rjson::value* previous_item);

alternator/expressions_types.hh

@@ -255,3 +255,7 @@ public:
 
 } // namespace parsed
 } // namespace alternator
+
+template <> struct fmt::formatter<alternator::parsed::path> : fmt::formatter<std::string_view> {
+    auto format(const alternator::parsed::path&, fmt::format_context& ctx) const -> decltype(ctx.out());
+};

alternator/rmw_operation.hh

@@ -19,7 +19,7 @@ namespace alternator {
 // operations which may involve a read of the item before the write
 // (so-called Read-Modify-Write operations). These operations include PutItem,
 // UpdateItem and DeleteItem: All of these may be conditional operations (the
-// "Expected" parameter) which requir a read before the write, and UpdateItem
+// "Expected" parameter) which require a read before the write, and UpdateItem
 // may also have an update expression which refers to the item's old value.
 //
 // The code below supports running the read and the write together as one
@@ -69,7 +69,11 @@ protected:
     enum class returnvalues {
         NONE, ALL_OLD, UPDATED_OLD, ALL_NEW, UPDATED_NEW
     } _returnvalues;
+    enum class returnvalues_on_condition_check_failure {
+        NONE, ALL_OLD
+    } _returnvalues_on_condition_check_failure;
     static returnvalues parse_returnvalues(const rjson::value& request);
+    static returnvalues_on_condition_check_failure parse_returnvalues_on_condition_check_failure(const rjson::value& request);
     // When _returnvalues != NONE, apply() should store here, in JSON form,
     // the values which are to be returned in the "Attributes" field.
     // The default null JSON means do not return an Attributes field at all.
@@ -77,6 +81,8 @@ protected:
     // it (see explanation below), but note that because apply() may be
     // called more than once, if apply() will sometimes set this field it
     // must set it (even if just to the default empty value) every time.
+    // Additionally when _returnvalues_on_condition_check_failure is ALL_OLD
+    // then condition check failure will also result in storing values here.
     mutable rjson::value _return_attributes;
 public:
     // The constructor of a rmw_operation subclass should parse the request

alternator/serialization.cc

@@ -11,7 +11,6 @@
 #include "log.hh"
 #include "serialization.hh"
 #include "error.hh"
-#include "rapidjson/writer.h"
 #include "concrete_types.hh"
 #include "cql3/type_json.hh"
 #include "mutation/position_in_partition.hh"
@@ -59,7 +58,7 @@ type_representation represent_type(alternator_type atype) {
 // calculate its magnitude and precision from its scale() and unscaled_value().
 // So in the following ugly implementation we calculate them from the string
 // representation instead. We assume the number was already parsed
-// sucessfully to a big_decimal to it follows its syntax rules.
+// successfully to a big_decimal to it follows its syntax rules.
 //
 // FIXME: rewrite this function to take a big_decimal, not a string.
 // Maybe a snippet like this can help:

alternator/server.cc

@@ -23,7 +23,6 @@
 #include "service/storage_proxy.hh"
 #include "gms/gossiper.hh"
 #include "utils/overloaded_functor.hh"
-#include "utils/fb_utilities.hh"
 #include "utils/aws_sigv4.hh"
 
 static logging::logger slogger("alternator-server");
@@ -118,7 +117,7 @@ public:
                  }
                  return make_ready_future<std::unique_ptr<reply>>(std::move(rep));
              }
-             auto res = resf.get0();
+             auto res = resf.get();
              std::visit(overloaded_functor {
                  [&] (const json::json_return_type& json_return_value) {
                      slogger.trace("api_handler success case");
@@ -156,6 +155,9 @@ public:
 protected:
     void generate_error_reply(reply& rep, const api_error& err) {
         rjson::value results = rjson::empty_object();
+        if (!err._extra_fields.IsNull() && err._extra_fields.IsObject()) {
+            results = rjson::copy(err._extra_fields);
+        }
         rjson::add(results, "__type", rjson::from_string("com.amazonaws.dynamodb.v20120810#" + err._type));
         rjson::add(results, "message", err._msg);
         rep._content = rjson::print(std::move(results));
@@ -308,8 +310,8 @@ future<std::string> server::verify_signature(const request& req, const chunked_c
         }
     }
 
-    auto cache_getter = [&proxy = _proxy] (std::string username) {
-        return get_key_from_roles(proxy, std::move(username));
+    auto cache_getter = [&proxy = _proxy, &as = _auth_service] (std::string username) {
+        return get_key_from_roles(proxy, as, std::move(username));
     };
     return _key_cache.get_ptr(user, cache_getter).then([this, &req, &content,
                                                     user = std::move(user),
@@ -566,14 +568,14 @@ future<> server::init(net::inet_address addr, std::optional<uint16_t> port, std:
             set_routes(_https_server._routes);
             _https_server.set_content_length_limit(server::content_length_limit);
             _https_server.set_content_streaming(true);
-            _https_server.set_tls_credentials(creds->build_reloadable_server_credentials([](const std::unordered_set<sstring>& files, std::exception_ptr ep) {
+            auto server_creds = creds->build_reloadable_server_credentials([](const std::unordered_set<sstring>& files, std::exception_ptr ep) {
                 if (ep) {
                     slogger.warn("Exception loading {}: {}", files, ep);
                 } else {
                     slogger.info("Reloaded {}", files);
                 }
-            }).get0());
-            _https_server.listen(socket_address{addr, *https_port}).get();
+            }).get();
+            _https_server.listen(socket_address{addr, *https_port}, std::move(server_creds)).get();
             _enabled_servers.push_back(std::ref(_https_server));
         }
     });

alternator/stats.cc

@@ -21,10 +21,12 @@ stats::stats() : api_operations{} {
     _metrics.add_group("alternator", {
 #define OPERATION(name, CamelCaseName) \
                 seastar::metrics::make_total_operations("operation", api_operations.name, \
-                        seastar::metrics::description("number of operations via Alternator API"), {op(CamelCaseName)}),
+                        seastar::metrics::description("number of operations via Alternator API"), {op(CamelCaseName)}).set_skip_when_empty(),
 #define OPERATION_LATENCY(name, CamelCaseName) \
                 seastar::metrics::make_histogram("op_latency", \
-                        seastar::metrics::description("Latency histogram of an operation via Alternator API"), {op(CamelCaseName)}, [this]{return to_metrics_histogram(api_operations.name);}),
+                        seastar::metrics::description("Latency histogram of an operation via Alternator API"), {op(CamelCaseName)}, [this]{return to_metrics_histogram(api_operations.name.histogram());}).aggregate({seastar::metrics::shard_label}).set_skip_when_empty(), \
+				seastar::metrics::make_summary("op_latency_summary", \
+						                        seastar::metrics::description("Latency summary of an operation via Alternator API"), [this]{return to_metrics_summary(api_operations.name.summary());})(op(CamelCaseName)).set_skip_when_empty(),
             OPERATION(batch_get_item, "BatchGetItem")
             OPERATION(batch_write_item, "BatchWriteItem")
             OPERATION(create_backup, "CreateBackup")

alternator/stats.hh

@@ -11,8 +11,8 @@
 #include <cstdint>
 
 #include <seastar/core/metrics_registration.hh>
-#include "seastarx.hh"
 #include "utils/estimated_histogram.hh"
+#include "utils/histogram.hh"
 #include "cql3/stats.hh"
 
 namespace alternator {
@@ -66,11 +66,11 @@ public:
         uint64_t get_shard_iterator = 0;
         uint64_t get_records = 0;
 
-        utils::time_estimated_histogram put_item_latency;
-        utils::time_estimated_histogram get_item_latency;
-        utils::time_estimated_histogram delete_item_latency;
-        utils::time_estimated_histogram update_item_latency;
-        utils::time_estimated_histogram get_records_latency;
+        utils::timed_rate_moving_average_summary_and_histogram put_item_latency;
+        utils::timed_rate_moving_average_summary_and_histogram get_item_latency;
+        utils::timed_rate_moving_average_summary_and_histogram delete_item_latency;
+        utils::timed_rate_moving_average_summary_and_histogram update_item_latency;
+        utils::timed_rate_moving_average_summary_and_histogram get_records_latency;
     } api_operations;
     // Miscellaneous event counters
     uint64_t total_operations = 0;

alternator/streams.cc

@@ -13,8 +13,6 @@
 
 #include <seastar/json/formatter.hh>
 
-#include "utils/base64.hh"
-#include "log.hh"
 #include "db/config.hh"
 
 #include "cdc/log.hh"
@@ -25,7 +23,6 @@
 #include "utils/UUID_gen.hh"
 #include "cql3/selection/selection.hh"
 #include "cql3/result_set.hh"
-#include "cql3/type_json.hh"
 #include "cql3/column_identifier.hh"
 #include "schema/schema_builder.hh"
 #include "service/storage_proxy.hh"
@@ -33,7 +30,6 @@
 #include "gms/feature_service.hh"
 
 #include "executor.hh"
-#include "rmw_operation.hh"
 #include "data_dictionary/data_dictionary.hh"
 
 /**
@@ -280,7 +276,7 @@ struct sequence_number {
          * Timeuuids viewed as msb<<64|lsb are _not_,
          * but they are still sorted as
          *  timestamp() << 64|lsb
-         * so we can simpy unpack the mangled msb
+         * so we can simply unpack the mangled msb
          * and use as hi 64 in our "bignum".
          */
         uint128_t hi = uint64_t(num.uuid.timestamp());
@@ -419,7 +415,7 @@ using namespace std::string_literals;
  *
  * In scylla, this is sort of akin to an ID having corresponding ID/ID:s
  * that cover the token range it represents. Because ID:s are per
- * vnode shard however, this relation can be somewhat ambigous.
+ * vnode shard however, this relation can be somewhat ambiguous.
  * We still provide some semblance of this by finding the ID in
  * older generation that has token start < current ID token start.
  * This will be a partial overlap, but it is the best we can do.
@@ -526,7 +522,7 @@ future<executor::request_return_type> executor::describe_stream(client_state& cl
         // (see explanation above) since we want to find closest
         // token boundary when determining parent.
         // #7346 - we processed and searched children/parents in
-        // stored order, which is not neccesarily token order,
+        // stored order, which is not necessarily token order,
         // so the finding of "closest" token boundary (using upper bound)
         // could give somewhat weird results.
         static auto token_cmp = [](const cdc::stream_id& id1, const cdc::stream_id& id2) {
@@ -1020,7 +1016,7 @@ future<executor::request_return_type> executor::get_records(client_state& client
             // shard did end, then the next read will have nrecords == 0 and
             // will notice end end of shard and not return NextShardIterator.
             rjson::add(ret, "NextShardIterator", next_iter);
-            _stats.api_operations.get_records_latency.add(std::chrono::steady_clock::now() - start_time);
+            _stats.api_operations.get_records_latency.mark(std::chrono::steady_clock::now() - start_time);
             return make_ready_future<executor::request_return_type>(make_jsonable(std::move(ret)));
         }
 
@@ -1043,7 +1039,7 @@ future<executor::request_return_type> executor::get_records(client_state& client
                 shard_iterator next_iter(iter.table, iter.shard, utils::UUID_gen::min_time_UUID(high_ts.time_since_epoch()), true);
                 rjson::add(ret, "NextShardIterator", iter);
             }
-            _stats.api_operations.get_records_latency.add(std::chrono::steady_clock::now() - start_time);
+            _stats.api_operations.get_records_latency.mark(std::chrono::steady_clock::now() - start_time);
             if (is_big(ret)) {
                 return make_ready_future<executor::request_return_type>(make_streamed(std::move(ret)));
             }

alternator/ttl.cc

@@ -32,13 +32,11 @@
 #include "service/pager/paging_state.hh"
 #include "service/pager/query_pagers.hh"
 #include "gms/feature_service.hh"
-#include "sstables/types.hh"
 #include "mutation/mutation.hh"
 #include "types/types.hh"
 #include "types/map.hh"
 #include "utils/rjson.hh"
 #include "utils/big_decimal.hh"
-#include "utils/fb_utilities.hh"
 #include "cql3/selection/selection.hh"
 #include "cql3/values.hh"
 #include "cql3/query_options.hh"
@@ -81,6 +79,11 @@ future<executor::request_return_type> executor::update_time_to_live(client_state
         co_return api_error::validation("UpdateTimeToLive requires boolean Enabled");
     }
     bool enabled = v->GetBool();
+    // Alternator TTL doesn't yet work when the table uses tablets (#16567)
+    if (enabled && _proxy.local_db().find_keyspace(schema->ks_name()).get_replication_strategy().uses_tablets()) {
+        co_return api_error::validation("TTL not yet supported on a table using tablets (issue #16567). "
+            "Create a table with the tag 'experimental:initial_tablets' set to 'none' to use vnodes.");
+    }
     v = rjson::find(*spec, "AttributeName");
     if (!v || !v->IsString()) {
         co_return api_error::validation("UpdateTimeToLive requires string AttributeName");
@@ -155,7 +158,7 @@ future<executor::request_return_type> executor::describe_time_to_live(client_sta
 // node owning this range as a "primary range" (the first node in the ring
 // with this range), but when this node is down, the secondary owner (the
 // second in the ring) may take over.
-// An expiration thread is reponsible for all tables which need expiration
+// An expiration thread is responsible for all tables which need expiration
 // scans. Currently, the different tables are scanned sequentially (not in
 // parallel).
 // The expiration thread scans item using CL=QUORUM to ensures that it reads
@@ -417,6 +420,7 @@ class token_ranges_owned_by_this_shard {
     };
 
     schema_ptr _s;
+    locator::effective_replication_map_ptr _erm;
     // _token_ranges will contain a list of token ranges owned by this node.
     // We'll further need to split each such range to the pieces owned by
     // the current shard, using _intersecter.
@@ -430,15 +434,14 @@ class token_ranges_owned_by_this_shard {
     size_t _range_idx;
     size_t _end_idx;
     std::optional<dht::selective_token_range_sharder> _intersecter;
-    locator::effective_replication_map_ptr _erm;
 public:
     token_ranges_owned_by_this_shard(replica::database& db, gms::gossiper& g, schema_ptr s)
         :  _s(s)
-        , _token_ranges(db.find_keyspace(s->ks_name()).get_effective_replication_map(),
-                g, utils::fb_utilities::get_broadcast_address())
+        , _erm(s->table().get_effective_replication_map())
+        , _token_ranges(db.find_keyspace(s->ks_name()).get_vnode_effective_replication_map(),
+                g, _erm->get_topology().my_address())
         , _range_idx(random_offset(0, _token_ranges.size() - 1))
         , _end_idx(_range_idx + _token_ranges.size())
-        , _erm(s->table().get_effective_replication_map())
     {
         tlogger.debug("Generating token ranges starting from base range {} of {}", _range_idx, _token_ranges.size());
     }

api/CMakeLists.txt

@@ -15,10 +15,12 @@ set(swagger_files
   api-doc/lsa.json
   api-doc/messaging_service.json
   api-doc/metrics.json
+  api-doc/raft.json
   api-doc/storage_proxy.json
   api-doc/storage_service.json
   api-doc/stream_manager.json
   api-doc/system.json
+  api-doc/tasks.json
   api-doc/task_manager.json
   api-doc/task_manager_test.json
   api-doc/utils.json)
@@ -52,12 +54,15 @@ target_sources(api
     hinted_handoff.cc
     lsa.cc
     messaging_service.cc
+    raft.cc
     storage_proxy.cc
     storage_service.cc
     stream_manager.cc
     system.cc
+    tasks.cc
     task_manager.cc
     task_manager_test.cc
+    token_metadata.cc
     ${swagger_gen_files})
 target_include_directories(api
   PUBLIC
@@ -66,6 +71,8 @@ target_include_directories(api
 target_link_libraries(api
   idl
   wasmtime_bindings
-
   Seastar::seastar
   xxHash::xxhash)
+
+check_headers(check-headers api
+  GLOB_RECURSE ${CMAKE_CURRENT_SOURCE_DIR}/*.hh)

api/api-doc/column_family.json

@@ -84,6 +84,14 @@
                      "type":"string",
                      "paramType":"path"
                   },
+                  {
+                     "name":"flush_memtables",
+                     "description":"Controls flushing of memtables before compaction (true by default). Set to \"false\" to skip automatic flushing of memtables before compaction, e.g. when the table is flushed explicitly before invoking the compaction api.",
+                     "required":false,
+                     "allowMultiple":false,
+                     "type":"boolean",
+                     "paramType":"query"
+                  },
                   {
                      "name":"split_output",
                      "description":"true if the output of the major compaction should be split in several sstables",
@@ -203,7 +211,7 @@
          "operations":[
             {
                "method":"POST",
-               "summary":"Sets the minumum and maximum number of sstables in queue before compaction kicks off",
+               "summary":"Sets the minimum and maximum number of sstables in queue before compaction kicks off",
                "type":"string",
                "nickname":"set_compaction_threshold",
                "produces":[

api/api-doc/commitlog.json

@@ -144,6 +144,21 @@
           "parameters": []
         }
       ]
+    },
+    {
+      "path": "/commitlog/metrics/max_disk_size",
+      "operations": [
+        {
+          "method": "GET",
+          "summary": "Get max disk size",
+          "type": "long",
+          "nickname": "get_max_disk_size",
+          "produces": [
+            "application/json"
+          ],
+          "parameters": []
+        }
+      ]
     }
    ]
 }

api/api-doc/error_injection.json

@@ -90,6 +90,30 @@
             }
          ]
       },
+      {
+         "path":"/v2/error_injection/disconnect/{ip}",
+         "operations":[
+            {
+               "method":"POST",
+               "summary":"Drop connection to a given IP",
+               "type":"void",
+               "nickname":"inject_disconnect",
+               "produces":[
+                  "application/json"
+               ],
+               "parameters":[
+                  {
+                     "name":"ip",
+                     "description":"IP address to disconnect from",
+                     "required":true,
+                     "allowMultiple":false,
+                     "type":"string",
+                     "paramType":"path"
+                  }
+               ]
+            }
+         ]
+      },
       {
          "path":"/v2/error_injection/injection",
          "operations":[

api/api-doc/gossiper.json

@@ -12,7 +12,7 @@
          "operations":[
             {
                "method":"GET",
-               "summary":"Get the addreses of the down endpoints",
+               "summary":"Get the addresses of the down endpoints",
                "type":"array",
                "items":{
                   "type":"string"
@@ -31,7 +31,7 @@
          "operations":[
             {
                "method":"GET",
-               "summary":"Get the addreses of live endpoints",
+               "summary":"Get the addresses of live endpoints",
                "type":"array",
                "items":{
                   "type":"string"

api/api-doc/metrics.def.json

@@ -7,11 +7,11 @@
                 "items": {
                     "type": "string"
                 },
-                "description": "The source labels, a match is based on concatination of the labels"
+                "description": "The source labels, a match is based on concatenation of the labels"
             },
             "action": {
                 "type": "string",
-                "description": "The action to perfrom on match",
+                "description": "The action to perform on match",
                 "enum": ["skip_when_empty", "report_when_empty", "replace", "keep", "drop", "drop_label"]
             },
             "target_label": {
@@ -28,7 +28,7 @@
             },
             "separator": {
                 "type": "string",
-                "description": "The separator string to use when concatinating the labels"
+                "description": "The separator string to use when concatenating the labels"
             }
         }
     }

api/api-doc/raft.json

@@ -0,0 +1,67 @@
+{
+   "apiVersion":"0.0.1",
+   "swaggerVersion":"1.2",
+   "basePath":"{{Protocol}}://{{Host}}",
+   "resourcePath":"/raft",
+   "produces":[
+      "application/json"
+   ],
+   "apis":[
+      {
+         "path":"/raft/trigger_snapshot/{group_id}",
+         "operations":[
+            {
+               "method":"POST",
+               "summary":"Triggers snapshot creation and log truncation for the given Raft group",
+               "type":"string",
+               "nickname":"trigger_snapshot",
+               "produces":[
+                  "application/json"
+               ],
+               "parameters":[
+                  {
+                     "name":"group_id",
+                     "description":"The ID of the group which should get snapshotted",
+                     "required":true,
+                     "allowMultiple":false,
+                     "type":"string",
+                     "paramType":"path"
+                  },
+                  {
+                     "name":"timeout",
+                     "description":"Timeout in seconds after which the endpoint returns a failure. If not provided, 60s is used.",
+                     "required":false,
+                     "allowMultiple":false,
+                     "type":"long",
+                     "paramType":"query"
+                  }
+               ]
+            }
+         ]
+      },
+      {
+         "path":"/raft/leader_host",
+         "operations":[
+            {
+               "method":"GET",
+               "summary":"Returns host ID of the current leader of the given Raft group",
+               "type":"string",
+               "nickname":"get_leader_host",
+               "produces":[
+                  "application/json"
+               ],
+               "parameters":[
+                  {
+                     "name":"group_id",
+                     "description":"The ID of the group. When absent, group0 is used.",
+                     "required":false,
+                     "allowMultiple":false,
+                     "type":"string",
+                     "paramType":"query"
+                  }
+               ]
+            }
+         ]
+      }
+   ]
+}

api/api-doc/storage_service.json

@@ -336,6 +336,14 @@
                      "allowMultiple":false,
                      "type":"boolean",
                      "paramType":"query"
+                  },
+                  {
+                     "name":"cf",
+                     "description":"Column family name",
+                     "required":false,
+                     "allowMultiple":false,
+                     "type":"string",
+                     "paramType":"query"
                   }
                ]
             }
@@ -368,25 +376,6 @@
             }
          ]
       },
-      {
-         "path":"/storage_service/describe_ring/",
-         "operations":[
-            {
-               "method":"GET",
-               "summary":"The TokenRange for a any keyspace",
-               "type":"array",
-               "items":{
-                  "type":"token_range"
-               },
-               "nickname":"describe_any_ring",
-               "produces":[
-                  "application/json"
-               ],
-               "parameters":[
-               ]
-            }
-         ]
-      },
       {
          "path":"/storage_service/describe_ring/{keyspace}",
          "operations":[
@@ -409,6 +398,14 @@
                      "allowMultiple":false,
                      "type":"string",
                      "paramType":"path"
+                  },
+                  {
+                     "name":"table",
+                     "description":"The name of table to fetch information about",
+                     "required":false,
+                     "allowMultiple":false,
+                     "type":"string",
+                     "paramType":"query"
                   }
                ]
             }
@@ -436,6 +433,14 @@
                      "allowMultiple":false,
                      "type":"string",
                      "paramType":"path"
+                  },
+                  {
+                     "name":"cf",
+                     "description":"Column family name",
+                     "required":false,
+                     "allowMultiple":false,
+                     "type":"string",
+                     "paramType":"query"
                   }
                ]
             }
@@ -701,6 +706,30 @@
             }
          ]
       },
+      {
+         "path":"/storage_service/compact",
+         "operations":[
+            {
+               "method":"POST",
+               "summary":"Forces major compaction in all keyspaces",
+               "type":"void",
+               "nickname":"force_compaction",
+               "produces":[
+                  "application/json"
+               ],
+               "parameters":[
+                  {
+                     "name":"flush_memtables",
+                     "description":"Controls flushing of memtables before compaction (true by default). Set to \"false\" to skip automatic flushing of memtables before compaction, e.g. when tables were flushed explicitly before invoking the compaction api.",
+                     "required":false,
+                     "allowMultiple":false,
+                     "type":"boolean",
+                     "paramType":"query"
+                  }
+               ]
+            }
+         ]
+      },
       {
          "path":"/storage_service/keyspace_compaction/{keyspace}",
          "operations":[
@@ -715,7 +744,7 @@
                "parameters":[
                   {
                      "name":"keyspace",
-                     "description":"The keyspace to query about",
+                     "description":"The keyspace to compact",
                      "required":true,
                      "allowMultiple":false,
                      "type":"string",
@@ -728,6 +757,14 @@
                      "allowMultiple":false,
                      "type":"string",
                      "paramType":"query"
+                  },
+                  {
+                     "name":"flush_memtables",
+                     "description":"Controls flushing of memtables before compaction (true by default). Set to \"false\" to skip automatic flushing of memtables before compaction, e.g. when tables were flushed explicitly before invoking the compaction api.",
+                     "required":false,
+                     "allowMultiple":false,
+                     "type":"boolean",
+                     "paramType":"query"
                   }
                ]
             }
@@ -747,7 +784,7 @@
                "parameters":[
                   {
                      "name":"keyspace",
-                     "description":"The keyspace to query about",
+                     "description":"The keyspace to cleanup",
                      "required":true,
                      "allowMultiple":false,
                      "type":"string",
@@ -765,6 +802,21 @@
             }
          ]
       },
+      {
+         "path":"/storage_service/cleanup_all",
+         "operations":[
+            {
+               "method":"POST",
+               "summary":"Trigger a global cleanup",
+               "type":"long",
+               "nickname":"cleanup_all",
+               "produces":[
+                  "application/json"
+               ],
+               "parameters":[]
+            }
+         ]
+      },
       {
          "path":"/storage_service/keyspace_offstrategy_compaction/{keyspace}",
          "operations":[
@@ -912,6 +964,21 @@
             }
          ]
       },
+      {
+         "path":"/storage_service/flush",
+         "operations":[
+            {
+               "method":"POST",
+               "summary":"Flush all memtables in all keyspaces.",
+               "type":"void",
+               "nickname":"force_flush",
+               "produces":[
+                  "application/json"
+               ],
+               "parameters":[]
+            }
+         ]
+      },
       {
          "path":"/storage_service/keyspace_flush/{keyspace}",
          "operations":[
@@ -1122,6 +1189,14 @@
                      "allowMultiple":false,
                      "type":"string",
                      "paramType":"query"
+                  },
+                  {
+                     "name":"small_table_optimization",
+                     "description":"If the value is the string 'true' with any capitalization, perform small table optimization. When this option is enabled, user can send the repair request to any of the nodes in the cluster. There is no need to send repair requests to multiple nodes. All token ranges for the table will be repaired automatically.",
+                     "required":false,
+                     "allowMultiple":false,
+                     "type":"string",
+                     "paramType":"query"
                   }
                ]
             },
@@ -1455,6 +1530,15 @@
                      "type":"string",
                      "enum": [ "all", "user", "non_local_strategy" ],
                      "paramType":"query"
+                  },
+                  {
+                     "name":"replication",
+                     "description":"Filter keyspaces for the replication used: vnodes or tablets (default: all)",
+                     "required":false,
+                     "allowMultiple":false,
+                     "type":"string",
+                     "enum": [ "all", "vnodes", "tablets" ],
+                     "paramType":"query"
                   }
                ]
             }
@@ -1602,7 +1686,7 @@
             },
             {
                "method":"POST",
-               "summary":"allows a user to reenable thrift",
+               "summary":"allows a user to re-enable thrift",
                "type":"void",
                "nickname":"start_rpc_server",
                "produces":[
@@ -2410,6 +2494,238 @@
             }
          ]
       },
+      {
+         "path":"/storage_service/tablets/move",
+         "operations":[
+            {
+               "nickname":"move_tablet",
+               "method":"POST",
+               "summary":"Moves a tablet replica",
+               "type":"void",
+               "produces":[
+                  "application/json"
+               ],
+               "parameters":[
+                  {
+                     "name":"ks",
+                     "description":"Keyspace name",
+                     "required":true,
+                     "allowMultiple":false,
+                     "type":"string",
+                     "paramType":"query"
+                  },
+                  {
+                     "name":"table",
+                     "description":"Table name",
+                     "required":true,
+                     "allowMultiple":false,
+                     "type":"string",
+                     "paramType":"query"
+                  },
+                  {
+                     "name":"token",
+                     "description":"Token owned by the tablet to move",
+                     "required":true,
+                     "allowMultiple":false,
+                     "type":"integer",
+                     "paramType":"query"
+                  },
+                  {
+                     "name":"src_host",
+                     "description":"Source host id",
+                     "required":true,
+                     "allowMultiple":false,
+                     "type":"string",
+                     "paramType":"query"
+                  },
+                  {
+                     "name":"dst_host",
+                     "description":"Destination host id",
+                     "required":true,
+                     "allowMultiple":false,
+                     "type":"string",
+                     "paramType":"query"
+                  },
+                  {
+                     "name":"src_shard",
+                     "description":"Source shard number",
+                     "required":true,
+                     "allowMultiple":false,
+                     "type":"integer",
+                     "paramType":"query"
+                  },
+                  {
+                     "name":"dst_shard",
+                     "description":"Destination shard number",
+                     "required":true,
+                     "allowMultiple":false,
+                     "type":"integer",
+                     "paramType":"query"
+                  },
+                  {
+                     "name":"force",
+                     "description":"When set to true, replication strategy constraints can be broken (false by default)",
+                     "required":false,
+                     "allowMultiple":false,
+                     "type":"boolean",
+                     "paramType":"query"
+                  }
+               ]
+            }
+         ]
+      },
+      {
+         "path":"/storage_service/tablets/add_replica",
+         "operations":[
+            {
+               "nickname":"add_tablet_replica",
+               "method":"POST",
+               "summary":"Adds replica to tablet",
+               "type":"void",
+               "produces":[
+                  "application/json"
+               ],
+               "parameters":[
+                  {
+                     "name":"ks",
+                     "description":"Keyspace name",
+                     "required":true,
+                     "allowMultiple":false,
+                     "type":"string",
+                     "paramType":"query"
+                  },
+                  {
+                     "name":"table",
+                     "description":"Table name",
+                     "required":true,
+                     "allowMultiple":false,
+                     "type":"string",
+                     "paramType":"query"
+                  },
+                  {
+                     "name":"token",
+                     "description":"Token owned by the tablet to add replica to",
+                     "required":true,
+                     "allowMultiple":false,
+                     "type":"integer",
+                     "paramType":"query"
+                  },
+                  {
+                     "name":"dst_host",
+                     "description":"Destination host id",
+                     "required":true,
+                     "allowMultiple":false,
+                     "type":"string",
+                     "paramType":"query"
+                  },
+                  {
+                     "name":"dst_shard",
+                     "description":"Destination shard number",
+                     "required":true,
+                     "allowMultiple":false,
+                     "type":"integer",
+                     "paramType":"query"
+                  },
+                  {
+                     "name":"force",
+                     "description":"When set to true, replication strategy constraints can be broken (false by default)",
+                     "required":false,
+                     "allowMultiple":false,
+                     "type":"boolean",
+                     "paramType":"query"
+                  }
+               ]
+            }
+         ]
+      },
+      {
+         "path":"/storage_service/tablets/del_replica",
+         "operations":[
+            {
+               "nickname":"del_tablet_replica",
+               "method":"POST",
+               "summary":"Deletes replica from tablet",
+               "type":"void",
+               "produces":[
+                  "application/json"
+               ],
+               "parameters":[
+                  {
+                     "name":"ks",
+                     "description":"Keyspace name",
+                     "required":true,
+                     "allowMultiple":false,
+                     "type":"string",
+                     "paramType":"query"
+                  },
+                  {
+                     "name":"table",
+                     "description":"Table name",
+                     "required":true,
+                     "allowMultiple":false,
+                     "type":"string",
+                     "paramType":"query"
+                  },
+                  {
+                     "name":"token",
+                     "description":"Token owned by the tablet to delete replica from",
+                     "required":true,
+                     "allowMultiple":false,
+                     "type":"integer",
+                     "paramType":"query"
+                  },
+                  {
+                     "name":"host",
+                     "description":"Host id to remove replica from",
+                     "required":true,
+                     "allowMultiple":false,
+                     "type":"string",
+                     "paramType":"query"
+                  },
+                  {
+                     "name":"shard",
+                     "description":"Shard number to remove replica from",
+                     "required":true,
+                     "allowMultiple":false,
+                     "type":"integer",
+                     "paramType":"query"
+                  },
+                  {
+                     "name":"force",
+                     "description":"When set to true, replication strategy constraints can be broken (false by default)",
+                     "required":false,
+                     "allowMultiple":false,
+                     "type":"boolean",
+                     "paramType":"query"
+                  }
+               ]
+            }
+         ]
+      },
+      {
+         "path":"/storage_service/tablets/balancing",
+         "operations":[
+            {
+               "nickname":"tablet_balancing_enable",
+               "method":"POST",
+               "summary":"Controls tablet load-balancing",
+               "type":"void",
+               "produces":[
+                  "application/json"
+               ],
+               "parameters":[
+                  {
+                     "name":"enabled",
+                     "description":"When set to false, tablet load balancing is disabled",
+                     "required":true,
+                     "allowMultiple":false,
+                     "type":"boolean",
+                     "paramType":"query"
+                  }
+               ]
+            }
+         ]
+      },
       {
          "path":"/storage_service/metrics/total_hints",
          "operations":[
@@ -2511,6 +2827,33 @@
                ]
             }
          ]
+      },
+      {
+         "path":"/storage_service/raft_topology/upgrade",
+         "operations":[
+            {
+               "method":"POST",
+               "summary":"Trigger the upgrade to topology on raft.",
+               "type":"void",
+               "nickname":"upgrade_to_raft_topology",
+               "produces":[
+                  "application/json"
+               ],
+               "parameters":[
+               ]
+            },
+            {
+               "method":"GET",
+               "summary":"Get information about the current upgrade status of topology on raft.",
+               "type":"string",
+               "nickname":"raft_topology_upgrade_status",
+               "produces":[
+                  "application/json"
+               ],
+               "parameters":[
+               ]
+            }
+         ]
       }
    ],
    "models":{

api/api-doc/system.json

@@ -179,6 +179,21 @@
                ]
             }
          ]
+      },
+      {
+         "path":"/system/dump_llvm_profile",
+         "operations":[
+            {
+               "method":"POST",
+               "summary":"Dump llvm profile data (raw profile data) that can later be used for coverage reporting or PGO (no-op if the current binary is not instrumented)",
+               "type":"void",
+               "nickname":"dump_profile",
+               "produces":[
+                  "application/json"
+               ],
+               "parameters":[]
+            }
+         ]
       }
    ]
 }

api/api-doc/tasks.json

@@ -0,0 +1,230 @@
+{
+   "apiVersion":"0.0.1",
+   "swaggerVersion":"1.2",
+   "basePath":"{{Protocol}}://{{Host}}",
+   "resourcePath":"/tasks",
+   "produces":[
+      "application/json"
+   ],
+   "apis":[
+      {
+         "path":"/tasks/compaction/keyspace_compaction/{keyspace}",
+         "operations":[
+            {
+               "method":"POST",
+               "summary":"Forces major compaction of a single keyspace asynchronously, returns uuid which can be used to check progress with task manager",
+               "type":"string",
+               "nickname":"force_keyspace_compaction_async",
+               "produces":[
+                  "application/json"
+               ],
+               "parameters":[
+                  {
+                     "name":"keyspace",
+                     "description":"The keyspace to query about",
+                     "required":true,
+                     "allowMultiple":false,
+                     "type":"string",
+                     "paramType":"path"
+                  },
+                  {
+                     "name":"cf",
+                     "description":"Comma-separated table (column family) names",
+                     "required":false,
+                     "allowMultiple":false,
+                     "type":"string",
+                     "paramType":"query"
+                  },
+                  {
+                     "name":"flush_memtables",
+                     "description":"Controls flushing of memtables before compaction (true by default). Set to \"false\" to skip automatic flushing of memtables before compaction, e.g. when tables were flushed explicitly before invoking the compaction api.",
+                     "required":false,
+                     "allowMultiple":false,
+                     "type":"boolean",
+                     "paramType":"query"
+                  }
+               ]
+            }
+         ]
+      },
+      {
+         "path":"/tasks/compaction/keyspace_cleanup/{keyspace}",
+         "operations":[
+            {
+               "method":"POST",
+               "summary":"Trigger a cleanup of keys on a single keyspace asynchronously, returns uuid which can be used to check progress with task manager",
+               "type": "string",
+               "nickname":"force_keyspace_cleanup_async",
+               "produces":[
+                  "application/json"
+               ],
+               "parameters":[
+                  {
+                     "name":"keyspace",
+                     "description":"The keyspace to query about",
+                     "required":true,
+                     "allowMultiple":false,
+                     "type":"string",
+                     "paramType":"path"
+                  },
+                  {
+                     "name":"cf",
+                     "description":"Comma-separated table (column family) names",
+                     "required":false,
+                     "allowMultiple":false,
+                     "type":"string",
+                     "paramType":"query"
+                  }
+               ]
+            }
+         ]
+      },
+      {
+         "path":"/tasks/compaction/keyspace_offstrategy_compaction/{keyspace}",
+         "operations":[
+            {
+               "method":"POST",
+               "summary":"Perform offstrategy compaction, if needed, in a single keyspace asynchronously, returns uuid which can be used to check progress with task manager",
+               "type":"string",
+               "nickname":"perform_keyspace_offstrategy_compaction_async",
+               "produces":[
+                  "application/json"
+               ],
+               "parameters":[
+                  {
+                     "name":"keyspace",
+                     "description":"The keyspace to operate on",
+                     "required":true,
+                     "allowMultiple":false,
+                     "type":"string",
+                     "paramType":"path"
+                  },
+                  {
+                     "name":"cf",
+                     "description":"Comma-separated table (column family) names",
+                     "required":false,
+                     "allowMultiple":false,
+                     "type":"string",
+                     "paramType":"query"
+                  }
+               ]
+            }
+         ]
+      },
+      {
+         "path":"/tasks/compaction/keyspace_scrub/{keyspace}",
+         "operations":[
+            {
+               "method":"GET",
+               "summary":"Scrub (deserialize + reserialize at the latest version, resolving corruptions if any) the given keyspace asynchronously, returns uuid which can be used to check progress with task manager. If columnFamilies array is empty, all CFs are scrubbed. Scrubbed CFs will be snapshotted first, if disableSnapshot is false. Scrub has the following modes: Abort (default) - abort scrub if corruption is detected; Skip (same as `skip_corrupted=true`) skip over corrupt data, omitting them from the output; Segregate - segregate data into multiple sstables if needed, such that each sstable contains data with valid order; Validate - read (no rewrite) and validate data, logging any problems found.",
+               "type": "string",
+               "nickname":"scrub_async",
+               "produces":[
+                  "application/json"
+               ],
+               "parameters":[
+                  {
+                     "name":"disable_snapshot",
+                     "description":"When set to true, disable snapshot",
+                     "required":false,
+                     "allowMultiple":false,
+                     "type":"boolean",
+                     "paramType":"query"
+                  },
+                  {
+                     "name":"skip_corrupted",
+                     "description":"When set to true, skip corrupted",
+                     "required":false,
+                     "allowMultiple":false,
+                     "type":"boolean",
+                     "paramType":"query"
+                  },
+                  {
+                     "name":"scrub_mode",
+                     "description":"How to handle corrupt data (overrides 'skip_corrupted'); ",
+                     "required":false,
+                     "allowMultiple":false,
+                     "type":"string",
+                     "enum":[
+                        "ABORT",
+                        "SKIP",
+                        "SEGREGATE",
+                        "VALIDATE"
+                     ],
+                     "paramType":"query"
+                  },
+                  {
+                     "name":"quarantine_mode",
+                     "description":"Controls whether to scrub quarantined sstables (default INCLUDE)",
+                     "required":false,
+                     "allowMultiple":false,
+                     "type":"string",
+                     "enum":[
+                        "INCLUDE",
+                        "EXCLUDE",
+                        "ONLY"
+                     ],
+                     "paramType":"query"
+                  },
+                  {
+                     "name":"keyspace",
+                     "description":"The keyspace to query about",
+                     "required":true,
+                     "allowMultiple":false,
+                     "type":"string",
+                     "paramType":"path"
+                  },
+                  {
+                     "name":"cf",
+                     "description":"Comma-separated table (column family) names",
+                     "required":false,
+                     "allowMultiple":false,
+                     "type":"string",
+                     "paramType":"query"
+                  }
+               ]
+            }
+         ]
+      },
+      {
+         "path":"/tasks/compaction/keyspace_upgrade_sstables/{keyspace}",
+         "operations":[
+            {
+               "method":"GET",
+               "summary":"Rewrite all sstables to the latest version. Unlike scrub, it doesn't skip bad rows and do not snapshot sstables first asynchronously, returns uuid which can be used to check progress with task manager.",
+               "type": "string",
+               "nickname":"upgrade_sstables_async",
+               "produces":[
+                  "application/json"
+               ],
+               "parameters":[
+                  {
+                     "name":"keyspace",
+                     "description":"The keyspace",
+                     "required":true,
+                     "allowMultiple":false,
+                     "type":"string",
+                     "paramType":"path"
+                  },
+                  {
+                     "name":"exclude_current_version",
+                     "description":"When set to true exclude current version",
+                     "required":false,
+                     "allowMultiple":false,
+                     "type":"boolean",
+                     "paramType":"query"
+                  },
+                  {
+                     "name":"cf",
+                     "description":"Comma-separated table (column family) names",
+                     "required":false,
+                     "allowMultiple":false,
+                     "type":"string",
+                     "paramType":"query"
+                  }
+               ]
+            }
+         ]
+      }
+   ]
+}

api/api.cc

@@ -11,6 +11,7 @@
 #include <seastar/http/transformers.hh>
 #include <seastar/http/api_docs.hh>
 #include "storage_service.hh"
+#include "token_metadata.hh"
 #include "commitlog.hh"
 #include "gossiper.hh"
 #include "failure_detector.hh"
@@ -31,6 +32,8 @@
 #include "api/config.hh"
 #include "task_manager.hh"
 #include "task_manager_test.hh"
+#include "tasks.hh"
+#include "raft.hh"
 
 logging::logger apilog("api");
 
@@ -65,6 +68,9 @@ future<> set_server_init(http_context& ctx) {
                 "The system related API");
         rb02->add_definitions_file(r, "metrics");
         set_system(ctx, r);
+        rb->register_function(r, "error_injection",
+            "The error injection API");
+        set_error_injection(ctx, r);
     });
 }
 
@@ -155,6 +161,14 @@ future<> unset_server_snapshot(http_context& ctx) {
     return ctx.http_server.set_routes([&ctx] (routes& r) { unset_snapshot(ctx, r); });
 }
 
+future<> set_server_token_metadata(http_context& ctx, sharded<locator::shared_token_metadata>& tm) {
+    return ctx.http_server.set_routes([&ctx, &tm] (routes& r) { set_token_metadata(ctx, r, tm); });
+}
+
+future<> unset_server_token_metadata(http_context& ctx) {
+    return ctx.http_server.set_routes([&ctx] (routes& r) { unset_token_metadata(ctx, r); });
+}
+
 future<> set_server_snitch(http_context& ctx, sharded<locator::snitch_ptr>& snitch) {
     return register_api(ctx, "endpoint_snitch_info", "The endpoint snitch info API", [&snitch] (http_context& ctx, routes& r) {
         set_endpoint_snitch(ctx, r, snitch);
@@ -172,14 +186,14 @@ future<> set_server_gossip(http_context& ctx, sharded<gms::gossiper>& g) {
                 });
 }
 
-future<> set_server_load_sstable(http_context& ctx, sharded<db::system_keyspace>& sys_ks) {
+future<> set_server_column_family(http_context& ctx, sharded<db::system_keyspace>& sys_ks) {
     return register_api(ctx, "column_family",
                 "The column family API", [&sys_ks] (http_context& ctx, routes& r) {
                     set_column_family(ctx, r, sys_ks);
                 });
 }
 
-future<> unset_server_load_sstable(http_context& ctx) {
+future<> unset_server_column_family(http_context& ctx) {
     return ctx.http_server.set_routes([&ctx] (routes& r) { unset_column_family(ctx, r); });
 }
 
@@ -264,9 +278,6 @@ future<> set_server_done(http_context& ctx) {
         rb->register_function(r, "collectd",
                 "The collectd API");
         set_collectd(ctx, r);
-        rb->register_function(r, "error_injection",
-                "The error injection API");
-        set_error_injection(ctx, r);
     });
 }
 
@@ -302,6 +313,32 @@ future<> unset_server_task_manager_test(http_context& ctx) {
 
 #endif
 
+future<> set_server_tasks_compaction_module(http_context& ctx, sharded<service::storage_service>& ss, sharded<db::snapshot_ctl>& snap_ctl) {
+    auto rb = std::make_shared < api_registry_builder > (ctx.api_doc);
+
+    return ctx.http_server.set_routes([rb, &ctx, &ss, &snap_ctl](routes& r) {
+        rb->register_function(r, "tasks",
+                "The tasks API");
+        set_tasks_compaction_module(ctx, r, ss, snap_ctl);
+    });
+}
+
+future<> unset_server_tasks_compaction_module(http_context& ctx) {
+    return ctx.http_server.set_routes([&ctx] (routes& r) { unset_tasks_compaction_module(ctx, r); });
+}
+
+future<> set_server_raft(http_context& ctx, sharded<service::raft_group_registry>& raft_gr) {
+    auto rb = std::make_shared<api_registry_builder>(ctx.api_doc);
+    return ctx.http_server.set_routes([rb, &ctx, &raft_gr] (routes& r) {
+        rb->register_function(r, "raft", "The Raft API");
+        set_raft(ctx, r, raft_gr);
+    });
+}
+
+future<> unset_server_raft(http_context& ctx) {
+    return ctx.http_server.set_routes([&ctx] (routes& r) { unset_raft(ctx, r); });
+}
+
 void req_params::process(const request& req) {
     // Process mandatory parameters
     for (auto& [name, ent] : params) {

api/api.hh

@@ -14,11 +14,11 @@
 #include <boost/algorithm/string/split.hpp>
 #include <boost/algorithm/string/classification.hpp>
 #include <boost/units/detail/utility.hpp>
+#include "api/api_init.hh"
 #include "api/api-doc/utils.json.hh"
 #include "utils/histogram.hh"
 #include "utils/estimated_histogram.hh"
 #include <seastar/http/exception.hh>
-#include "api_init.hh"
 #include "seastarx.hh"
 
 namespace api {
@@ -26,7 +26,9 @@ namespace api {
 template<class T>
 std::vector<sstring> container_to_vec(const T& container) {
     std::vector<sstring> res;
-    for (auto i : container) {
+    res.reserve(std::size(container));
+
+    for (const auto& i : container) {
         res.push_back(fmt::to_string(i));
     }
     return res;
@@ -35,27 +37,31 @@ std::vector<sstring> container_to_vec(const T& container) {
 template<class T>
 std::vector<T> map_to_key_value(const std::map<sstring, sstring>& map) {
     std::vector<T> res;
-    for (auto i : map) {
+    res.reserve(map.size());
+
+    for (const auto& [key, value] : map) {
         res.push_back(T());
-        res.back().key = i.first;
-        res.back().value = i.second;
+        res.back().key = key;
+        res.back().value = value;
     }
     return res;
 }
 
 template<class T, class MAP>
 std::vector<T>& map_to_key_value(const MAP& map, std::vector<T>& res) {
-    for (auto i : map) {
+    res.reserve(res.size() + std::size(map));
+
+    for (const auto& [key, value] : map) {
         T val;
-        val.key = fmt::to_string(i.first);
-        val.value = fmt::to_string(i.second);
+        val.key = fmt::to_string(key);
+        val.value = fmt::to_string(value);
         res.push_back(val);
     }
     return res;
 }
 template <typename T, typename S = T>
 T map_sum(T&& dest, const S& src) {
-    for (auto i : src) {
+    for (const auto& i : src) {
         dest[i.first] += i.second;
     }
     return std::move(dest);
@@ -64,6 +70,8 @@ T map_sum(T&& dest, const S& src) {
 template <typename MAP>
 std::vector<sstring> map_keys(const MAP& map) {
     std::vector<sstring> res;
+    res.reserve(std::size(map));
+
     for (const auto& i : map) {
         res.push_back(fmt::to_string(i.first));
     }

api/api_init.hh

@@ -23,6 +23,7 @@ class load_meter;
 class storage_proxy;
 class storage_service;
 class raft_group0_client;
+class raft_group_registry;
 
 } // namespace service
 
@@ -32,6 +33,10 @@ namespace streaming {
 class stream_manager;
 }
 
+namespace gms {
+    class inet_address;
+}
+
 namespace locator {
 
 class token_metadata;
@@ -73,14 +78,12 @@ struct http_context {
     httpd::http_server_control http_server;
     distributed<replica::database>& db;
     service::load_meter& lmeter;
-    const sharded<locator::shared_token_metadata>& shared_token_metadata;
 
     http_context(distributed<replica::database>& _db,
-            service::load_meter& _lm, const sharded<locator::shared_token_metadata>& _stm)
-            : db(_db), lmeter(_lm), shared_token_metadata(_stm) {
+            service::load_meter& _lm)
+            : db(_db), lmeter(_lm)
+    {
     }
-
-    const locator::token_metadata& get_token_metadata();
 };
 
 future<> set_server_init(http_context& ctx);
@@ -103,9 +106,11 @@ future<> set_server_authorization_cache(http_context& ctx, sharded<auth::service
 future<> unset_server_authorization_cache(http_context& ctx);
 future<> set_server_snapshot(http_context& ctx, sharded<db::snapshot_ctl>& snap_ctl);
 future<> unset_server_snapshot(http_context& ctx);
+future<> set_server_token_metadata(http_context& ctx, sharded<locator::shared_token_metadata>& tm);
+future<> unset_server_token_metadata(http_context& ctx);
 future<> set_server_gossip(http_context& ctx, sharded<gms::gossiper>& g);
-future<> set_server_load_sstable(http_context& ctx, sharded<db::system_keyspace>& sys_ks);
-future<> unset_server_load_sstable(http_context& ctx);
+future<> set_server_column_family(http_context& ctx, sharded<db::system_keyspace>& sys_ks);
+future<> unset_server_column_family(http_context& ctx);
 future<> set_server_messaging_service(http_context& ctx, sharded<netw::messaging_service>& ms);
 future<> unset_server_messaging_service(http_context& ctx);
 future<> set_server_storage_proxy(http_context& ctx, sharded<service::storage_proxy>& proxy);
@@ -122,5 +127,9 @@ future<> set_server_task_manager(http_context& ctx, sharded<tasks::task_manager>
 future<> unset_server_task_manager(http_context& ctx);
 future<> set_server_task_manager_test(http_context& ctx, sharded<tasks::task_manager>& tm);
 future<> unset_server_task_manager_test(http_context& ctx);
+future<> set_server_tasks_compaction_module(http_context& ctx, sharded<service::storage_service>& ss, sharded<db::snapshot_ctl>& snap_ctl);
+future<> unset_server_tasks_compaction_module(http_context& ctx);
+future<> set_server_raft(http_context&, sharded<service::raft_group_registry>&);
+future<> unset_server_raft(http_context&);
 
 }

api/authorization_cache.cc

@@ -9,8 +9,6 @@
 #include "api/api-doc/authorization_cache.json.hh"
 
 #include "api/authorization_cache.hh"
-#include "api/api.hh"
-#include "auth/common.hh"
 #include "auth/service.hh"
 
 namespace api {

api/cache_service.cc

@@ -197,7 +197,7 @@ void set_cache_service(http_context& ctx, routes& r) {
 
     cs::get_row_capacity.set(r, [&ctx] (std::unique_ptr<http::request> req) {
         return ctx.db.map_reduce0([](replica::database& db) -> uint64_t {
-            return db.row_cache_tracker().region().occupancy().used_space();
+            return memory::stats().total_memory();
         }, uint64_t(0), std::plus<uint64_t>()).then([](const int64_t& res) {
             return make_ready_future<json::json_return_type>(res);
         });
@@ -240,9 +240,9 @@ void set_cache_service(http_context& ctx, routes& r) {
 
     cs::get_row_size.set(r, [&ctx] (std::unique_ptr<http::request> req) {
         // In origin row size is the weighted size.
-        // We currently do not support weights, so we use num entries instead
+        // We currently do not support weights, so we use raw size in bytes instead
         return ctx.db.map_reduce0([](replica::database& db) -> uint64_t {
-            return db.row_cache_tracker().partitions();
+            return db.row_cache_tracker().region().occupancy().used_space();
         }, uint64_t(0), std::plus<uint64_t>()).then([](const int64_t& res) {
             return make_ready_future<json::json_return_type>(res);
         });

api/collectd.cc

@@ -10,9 +10,9 @@
 #include "api/api-doc/collectd.json.hh"
 #include <seastar/core/scollectd.hh>
 #include <seastar/core/scollectd_api.hh>
-#include "endian.h"
 #include <boost/range/irange.hpp>
 #include <regex>
+#include "api/api_init.hh"
 
 namespace api {
 

api/collectd.hh

@@ -8,10 +8,13 @@
 
 #pragma once
 
-#include "api.hh"
+namespace seastar::httpd {
+class routes;
+}
 
 namespace api {
 
-void set_collectd(http_context& ctx, httpd::routes& r);
+struct http_context;
+void set_collectd(http_context& ctx, seastar::httpd::routes& r);
 
 }

api/column_family.cc

@@ -7,6 +7,7 @@
  */
 
 #include "column_family.hh"
+#include "api/api.hh"
 #include "api/api-doc/column_family.json.hh"
 #include <vector>
 #include <seastar/http/exception.hh>
@@ -306,7 +307,9 @@ ratio_holder filter_recent_false_positive_as_ratio_holder(const sstables::shared
 void set_column_family(http_context& ctx, routes& r, sharded<db::system_keyspace>& sys_ks) {
     cf::get_column_family_name.set(r, [&ctx] (const_req req){
         std::vector<sstring> res;
-        ctx.db.local().get_tables_metadata().for_each_table_id([&] (const std::pair<sstring, sstring>& kscf, table_id) {
+        const replica::database::tables_metadata& meta = ctx.db.local().get_tables_metadata();
+        res.reserve(meta.size());
+        meta.for_each_table_id([&] (const std::pair<sstring, sstring>& kscf, table_id) {
             res.push_back(kscf.first + ":" + kscf.second);
         });
         return res;
@@ -326,8 +329,10 @@ void set_column_family(http_context& ctx, routes& r, sharded<db::system_keyspace
 
     cf::get_column_family_name_keyspace.set(r, [&ctx] (const_req req){
         std::vector<sstring> res;
-        for (auto i = ctx.db.local().get_keyspaces().cbegin(); i!=  ctx.db.local().get_keyspaces().cend(); i++) {
-            res.push_back(i->first);
+        const flat_hash_map<sstring, replica::keyspace>& keyspaces = ctx.db.local().get_keyspaces();
+        res.reserve(keyspaces.size());
+        for (const auto& i : keyspaces) {
+            res.push_back(i.first);
         }
         return res;
     });
@@ -1047,12 +1052,19 @@ void set_column_family(http_context& ctx, routes& r, sharded<db::system_keyspace
     });
 
     cf::force_major_compaction.set(r, [&ctx](std::unique_ptr<http::request> req) -> future<json::json_return_type> {
-        if (req->get_query_param("split_output") != "") {
+        auto params = req_params({
+            std::pair("name", mandatory::yes),
+            std::pair("flush_memtables", mandatory::no),
+            std::pair("split_output", mandatory::no),
+        });
+        params.process(*req);
+        if (params.get("split_output")) {
             fail(unimplemented::cause::API);
         }
+        auto [ks, cf] = parse_fully_qualified_cf_name(*params.get("name"));
+        auto flush = params.get_as<bool>("flush_memtables").value_or(true);
+        apilog.info("column_family/force_major_compaction: name={} flush={}", req->param["name"], flush);
 
-        apilog.info("column_family/force_major_compaction: name={}", req->param["name"]);
-        auto [ks, cf] = parse_fully_qualified_cf_name(req->param["name"]);
         auto keyspace = validate_keyspace(ctx, ks);
         std::vector<table_info> table_infos = {table_info{
             .name = cf,
@@ -1060,7 +1072,11 @@ void set_column_family(http_context& ctx, routes& r, sharded<db::system_keyspace
         }};
 
         auto& compaction_module = ctx.db.local().get_compaction_manager().get_task_manager_module();
-        auto task = co_await compaction_module.make_and_start_task<major_keyspace_compaction_task_impl>({}, std::move(keyspace), ctx.db, std::move(table_infos));
+        std::optional<flush_mode> fmopt;
+        if (!flush) {
+            fmopt = flush_mode::skip;
+        }
+        auto task = co_await compaction_module.make_and_start_task<major_keyspace_compaction_task_impl>({}, std::move(keyspace), tasks::task_id::create_null_id(), ctx.db, std::move(table_infos), fmopt);
         co_await task->done();
         co_return json_void();
     });

api/column_family.hh

@@ -8,11 +8,11 @@
 
 #pragma once
 
-#include "api.hh"
-#include "api/api-doc/column_family.json.hh"
 #include "replica/database.hh"
 #include <seastar/core/future-util.hh>
+#include <seastar/json/json_elements.hh>
 #include <any>
+#include "api/api_init.hh"
 
 namespace db {
 class system_keyspace;

api/commitlog.cc

@@ -9,6 +9,7 @@
 #include "commitlog.hh"
 #include "db/commitlog/commitlog.hh"
 #include "api/api-doc/commitlog.json.hh"
+#include "api/api_init.hh"
 #include "replica/database.hh"
 #include <vector>
 
@@ -16,7 +17,7 @@ namespace api {
 using namespace seastar::httpd;
 
 template<typename T>
-static auto acquire_cl_metric(http_context& ctx, std::function<T (db::commitlog*)> func) {
+static auto acquire_cl_metric(http_context& ctx, std::function<T (const db::commitlog*)> func) {
     typedef T ret_type;
 
     return ctx.db.map_reduce0([func = std::move(func)](replica::database& db) {
@@ -62,6 +63,9 @@ void set_commitlog(http_context& ctx, routes& r) {
     httpd::commitlog_json::get_total_commit_log_size.set(r, [&ctx](std::unique_ptr<request> req) {
         return acquire_cl_metric<uint64_t>(ctx, std::bind(&db::commitlog::get_total_size, std::placeholders::_1));
     });
+    httpd::commitlog_json::get_max_disk_size.set(r, [&ctx](std::unique_ptr<request> req) {
+        return acquire_cl_metric<uint64_t>(ctx, std::bind(&db::commitlog::disk_limit, std::placeholders::_1));
+    });
 }
 
 }

api/commitlog.hh

@@ -8,10 +8,12 @@
 
 #pragma once
 
-#include "api.hh"
+namespace seastar::httpd {
+class routes;
+}
 
 namespace api {
-
-void set_commitlog(http_context& ctx, httpd::routes& r);
+struct http_context;
+void set_commitlog(http_context& ctx, seastar::httpd::routes& r);
 
 }

api/compaction_manager.cc

@@ -10,6 +10,7 @@
 
 #include "compaction_manager.hh"
 #include "compaction/compaction_manager.hh"
+#include "api/api.hh"
 #include "api/api-doc/compaction_manager.json.hh"
 #include "db/system_keyspace.hh"
 #include "column_family.hh"
@@ -50,7 +51,7 @@ void set_compaction_manager(http_context& ctx, routes& r) {
 
             for (const auto& c : cm.get_compactions()) {
                 cm::summary s;
-                s.id = c.compaction_uuid.to_sstring();
+                s.id = fmt::to_string(c.compaction_uuid);
                 s.ks = c.ks_name;
                 s.cf = c.cf_name;
                 s.unit = "keys";
@@ -115,9 +116,9 @@ void set_compaction_manager(http_context& ctx, routes& r) {
             table_names = map_keys(ctx.db.local().find_keyspace(ks_name).metadata().get()->cf_meta_data());
         }
         auto type = req->get_query_param("type");
-        co_await ctx.db.invoke_on_all([&ks_name, &table_names, type] (replica::database& db) {
+        co_await ctx.db.invoke_on_all([&] (replica::database& db) {
             auto& cm = db.get_compaction_manager();
-            return parallel_for_each(table_names, [&db, &cm, &ks_name, type] (sstring& table_name) {
+            return parallel_for_each(table_names, [&] (sstring& table_name) {
                 auto& t = db.find_column_family(ks_name, table_name);
                 return t.parallel_foreach_table_state([&] (compaction::table_state& ts) {
                     return cm.stop_compaction(type, &ts);
@@ -157,7 +158,7 @@ void set_compaction_manager(http_context& ctx, routes& r) {
                 return s.write("[").then([&ctx, &s, &first] {
                     return ctx.db.local().get_compaction_manager().get_compaction_history([&s, &first](const db::compaction_history_entry& entry) mutable {
                         cm::history h;
-                        h.id = entry.id.to_sstring();
+                        h.id = fmt::to_string(entry.id);
                         h.ks = std::move(entry.ks);
                         h.cf = std::move(entry.cf);
                         h.compacted_at = entry.compacted_at;

api/compaction_manager.hh

@@ -8,10 +8,12 @@
 
 #pragma once
 
-#include "api.hh"
+namespace seastar::httpd {
+class routes;
+}
 
 namespace api {
-
-void set_compaction_manager(http_context& ctx, httpd::routes& r);
+struct http_context;
+void set_compaction_manager(http_context& ctx, seastar::httpd::routes& r);
 
 }

api/config.cc

@@ -11,6 +11,7 @@
 #include "db/config.hh"
 #include <sstream>
 #include <boost/algorithm/string/replace.hpp>
+#include <seastar/http/exception.hh>
 
 namespace api {
 using namespace seastar::httpd;

api/config.hh

@@ -8,7 +8,7 @@
 
 #pragma once
 
-#include "api.hh"
+#include "api/api_init.hh"
 #include <seastar/http/api_docs.hh>
 
 namespace api {

api/endpoint_snitch.cc

@@ -6,45 +6,15 @@
  * SPDX-License-Identifier: AGPL-3.0-or-later
  */
 
-#include "locator/token_metadata.hh"
 #include "locator/snitch_base.hh"
-#include "locator/production_snitch_base.hh"
 #include "endpoint_snitch.hh"
 #include "api/api-doc/endpoint_snitch_info.json.hh"
 #include "api/api-doc/storage_service.json.hh"
-#include "utils/fb_utilities.hh"
 
 namespace api {
 using namespace seastar::httpd;
 
 void set_endpoint_snitch(http_context& ctx, routes& r, sharded<locator::snitch_ptr>& snitch) {
-    static auto host_or_broadcast = [](const_req req) {
-        auto host = req.get_query_param("host");
-        return host.empty() ? gms::inet_address(utils::fb_utilities::get_broadcast_address()) : gms::inet_address(host);
-    };
-
-    httpd::endpoint_snitch_info_json::get_datacenter.set(r, [&ctx](const_req req) {
-        auto& topology = ctx.shared_token_metadata.local().get()->get_topology();
-        auto ep = host_or_broadcast(req);
-        if (!topology.has_endpoint(ep)) {
-            // Cannot return error here, nodetool status can race, request
-            // info about just-left node and not handle it nicely
-            return locator::endpoint_dc_rack::default_location.dc;
-        }
-        return topology.get_datacenter(ep);
-    });
-
-    httpd::endpoint_snitch_info_json::get_rack.set(r, [&ctx](const_req req) {
-        auto& topology = ctx.shared_token_metadata.local().get()->get_topology();
-        auto ep = host_or_broadcast(req);
-        if (!topology.has_endpoint(ep)) {
-            // Cannot return error here, nodetool status can race, request
-            // info about just-left node and not handle it nicely
-            return locator::endpoint_dc_rack::default_location.rack;
-        }
-        return topology.get_rack(ep);
-    });
-
     httpd::endpoint_snitch_info_json::get_snitch_name.set(r, [&snitch] (const_req req) {
         return snitch.local()->get_name();
     });
@@ -60,8 +30,6 @@ void set_endpoint_snitch(http_context& ctx, routes& r, sharded<locator::snitch_p
 }
 
 void unset_endpoint_snitch(http_context& ctx, routes& r) {
-    httpd::endpoint_snitch_info_json::get_datacenter.unset(r);
-    httpd::endpoint_snitch_info_json::get_rack.unset(r);
     httpd::endpoint_snitch_info_json::get_snitch_name.unset(r);
     httpd::storage_service_json::update_snitch.unset(r);
 }

api/endpoint_snitch.hh

@@ -8,7 +8,7 @@
 
 #pragma once
 
-#include "api.hh"
+#include "api/api_init.hh"
 
 namespace locator {
 class snitch_ptr;

api/error_injection.hh

@@ -8,7 +8,7 @@
 
 #pragma once
 
-#include "api.hh"
+#include "api/api_init.hh"
 
 namespace api {
 

api/failure_detector.cc

@@ -7,6 +7,7 @@
  */
 
 #include "failure_detector.hh"
+#include "api/api.hh"
 #include "api/api-doc/failure_detector.json.hh"
 #include "gms/application_state.hh"
 #include "gms/gossiper.hh"
@@ -18,37 +19,43 @@ namespace fd = httpd::failure_detector_json;
 
 void set_failure_detector(http_context& ctx, routes& r, gms::gossiper& g) {
     fd::get_all_endpoint_states.set(r, [&g](std::unique_ptr<request> req) {
-        std::vector<fd::endpoint_state> res;
-        res.reserve(g.num_endpoints());
-        g.for_each_endpoint_state([&] (const gms::inet_address& addr, const gms::endpoint_state& eps) {
-            fd::endpoint_state val;
-            val.addrs = fmt::to_string(addr);
-            val.is_alive = g.is_alive(addr);
-            val.generation = eps.get_heart_beat_state().get_generation().value();
-            val.version = eps.get_heart_beat_state().get_heart_beat_version().value();
-            val.update_time = eps.get_update_timestamp().time_since_epoch().count();
-            for (const auto& [as_type, app_state] : eps.get_application_state_map()) {
-                fd::version_value version_val;
-                // We return the enum index and not it's name to stay compatible to origin
-                // method that the state index are static but the name can be changed.
-                version_val.application_state = static_cast<std::underlying_type<gms::application_state>::type>(as_type);
-                version_val.value = app_state.value();
-                version_val.version = app_state.version().value();
-                val.application_state.push(version_val);
-            }
-            res.emplace_back(std::move(val));
+        return g.container().invoke_on(0, [] (gms::gossiper& g) {
+            std::vector<fd::endpoint_state> res;
+            res.reserve(g.num_endpoints());
+            g.for_each_endpoint_state([&] (const gms::inet_address& addr, const gms::endpoint_state& eps) {
+                fd::endpoint_state val;
+                val.addrs = fmt::to_string(addr);
+                val.is_alive = g.is_alive(addr);
+                val.generation = eps.get_heart_beat_state().get_generation().value();
+                val.version = eps.get_heart_beat_state().get_heart_beat_version().value();
+                val.update_time = eps.get_update_timestamp().time_since_epoch().count();
+                for (const auto& [as_type, app_state] : eps.get_application_state_map()) {
+                    fd::version_value version_val;
+                    // We return the enum index and not it's name to stay compatible to origin
+                    // method that the state index are static but the name can be changed.
+                    version_val.application_state = static_cast<std::underlying_type<gms::application_state>::type>(as_type);
+                    version_val.value = app_state.value();
+                    version_val.version = app_state.version().value();
+                    val.application_state.push(version_val);
+                }
+                res.emplace_back(std::move(val));
+            });
+            return make_ready_future<json::json_return_type>(res);
         });
-        return make_ready_future<json::json_return_type>(res);
     });
 
     fd::get_up_endpoint_count.set(r, [&g](std::unique_ptr<request> req) {
-        int res = g.get_up_endpoint_count();
-        return make_ready_future<json::json_return_type>(res);
+        return g.container().invoke_on(0, [] (gms::gossiper& g) {
+            int res = g.get_up_endpoint_count();
+            return make_ready_future<json::json_return_type>(res);
+        });
     });
 
     fd::get_down_endpoint_count.set(r, [&g](std::unique_ptr<request> req) {
-        int res = g.get_down_endpoint_count();
-        return make_ready_future<json::json_return_type>(res);
+        return g.container().invoke_on(0, [] (gms::gossiper& g) {
+            int res = g.get_down_endpoint_count();
+            return make_ready_future<json::json_return_type>(res);
+        });
     });
 
     fd::get_phi_convict_threshold.set(r, [] (std::unique_ptr<request> req) {
@@ -56,11 +63,13 @@ void set_failure_detector(http_context& ctx, routes& r, gms::gossiper& g) {
     });
 
     fd::get_simple_states.set(r, [&g] (std::unique_ptr<request> req) {
-        std::map<sstring, sstring> nodes_status;
-        g.for_each_endpoint_state([&] (const gms::inet_address& node, const gms::endpoint_state&) {
-            nodes_status.emplace(node.to_sstring(), g.is_alive(node) ? "UP" : "DOWN");
+        return g.container().invoke_on(0, [] (gms::gossiper& g) {
+            std::map<sstring, sstring> nodes_status;
+            g.for_each_endpoint_state([&] (const gms::inet_address& node, const gms::endpoint_state&) {
+                nodes_status.emplace(node.to_sstring(), g.is_alive(node) ? "UP" : "DOWN");
+            });
+            return make_ready_future<json::json_return_type>(map_to_key_value<fd::mapper>(nodes_status));
         });
-        return make_ready_future<json::json_return_type>(map_to_key_value<fd::mapper>(nodes_status));
     });
 
     fd::set_phi_convict_threshold.set(r, [](std::unique_ptr<request> req) {
@@ -71,13 +80,15 @@ void set_failure_detector(http_context& ctx, routes& r, gms::gossiper& g) {
     });
 
     fd::get_endpoint_state.set(r, [&g] (std::unique_ptr<request> req) {
-        auto state = g.get_endpoint_state_ptr(gms::inet_address(req->param["addr"]));
-        if (!state) {
-            return make_ready_future<json::json_return_type>(format("unknown endpoint {}", req->param["addr"]));
-        }
-        std::stringstream ss;
-        g.append_endpoint_state(ss, *state);
-        return make_ready_future<json::json_return_type>(sstring(ss.str()));
+        return g.container().invoke_on(0, [req = std::move(req)] (gms::gossiper& g) {
+            auto state = g.get_endpoint_state_ptr(gms::inet_address(req->param["addr"]));
+            if (!state) {
+                return make_ready_future<json::json_return_type>(format("unknown endpoint {}", req->param["addr"]));
+            }
+            std::stringstream ss;
+            g.append_endpoint_state(ss, *state);
+            return make_ready_future<json::json_return_type>(sstring(ss.str()));
+        });
     });
 
     fd::get_endpoint_phi_values.set(r, [](std::unique_ptr<request> req) {

api/failure_detector.hh

@@ -8,7 +8,7 @@
 
 #pragma once
 
-#include "api.hh"
+#include "api_init.hh"
 
 namespace gms {
 

api/gossiper.cc

@@ -12,6 +12,7 @@
 #include "api/api-doc/gossiper.json.hh"
 #include "gms/endpoint_state.hh"
 #include "gms/gossiper.hh"
+#include "api/api.hh"
 
 namespace api {
 using namespace seastar::httpd;

api/gossiper.hh

@@ -8,7 +8,7 @@
 
 #pragma once
 
-#include "api.hh"
+#include "api/api_init.hh"
 
 namespace gms {
 

api/hinted_handoff.cc

@@ -6,10 +6,10 @@
  * SPDX-License-Identifier: AGPL-3.0-or-later
  */
 
-#include <algorithm>
 #include <vector>
 
 #include "hinted_handoff.hh"
+#include "api/api.hh"
 #include "api/api-doc/hinted_handoff.json.hh"
 
 #include "gms/inet_address.hh"

api/hinted_handoff.hh

@@ -9,7 +9,7 @@
 #pragma once
 
 #include <seastar/core/sharded.hh>
-#include "api.hh"
+#include "api/api_init.hh"
 
 namespace service { class storage_proxy; }
 

api/lsa.cc

@@ -8,12 +8,10 @@
 
 #include "api/api-doc/lsa.json.hh"
 #include "api/lsa.hh"
-#include "api/api.hh"
 
 #include <seastar/http/exception.hh>
 #include "utils/logalloc.hh"
 #include "log.hh"
-#include "replica/database.hh"
 
 namespace api {
 using namespace seastar::httpd;
@@ -21,9 +19,9 @@ using namespace seastar::httpd;
 static logging::logger alogger("lsa-api");
 
 void set_lsa(http_context& ctx, routes& r) {
-    httpd::lsa_json::lsa_compact.set(r, [&ctx](std::unique_ptr<request> req) {
+    httpd::lsa_json::lsa_compact.set(r, [](std::unique_ptr<request> req) {
         alogger.info("Triggering compaction");
-        return ctx.db.invoke_on_all([] (replica::database&) {
+        return smp::invoke_on_all([] {
             logalloc::shard_tracker().reclaim(std::numeric_limits<size_t>::max());
         }).then([] {
             return json::json_return_type(json::json_void());

api/lsa.hh

@@ -8,7 +8,7 @@
 
 #pragma once
 
-#include "api.hh"
+#include "api/api_init.hh"
 
 namespace api {
 

api/messaging_service.cc

@@ -10,8 +10,8 @@
 #include "message/messaging_service.hh"
 #include <seastar/rpc/rpc_types.hh>
 #include "api/api-doc/messaging_service.json.hh"
-#include <iostream>
-#include <sstream>
+#include "api/api-doc/error_injection.json.hh"
+#include "api/api.hh"
 
 using namespace seastar::httpd;
 using namespace httpd::messaging_service_json;
@@ -19,6 +19,8 @@ using namespace netw;
 
 namespace api {
 
+namespace hf = httpd::error_injection_json;
+
 using shard_info = messaging_service::shard_info;
 using msg_addr = messaging_service::msg_addr;
 
@@ -112,7 +114,7 @@ void set_messaging_service(http_context& ctx, routes& r, sharded<netw::messaging
     }));
 
     get_version.set(r, [&ms](const_req req) {
-        return ms.local().get_raw_version(req.get_query_param("addr"));
+        return ms.local().get_raw_version(gms::inet_address(req.get_query_param("addr")));
     });
 
     get_dropped_messages_by_ver.set(r, [&ms](std::unique_ptr<request> req) {
@@ -142,6 +144,14 @@ void set_messaging_service(http_context& ctx, routes& r, sharded<netw::messaging
             return make_ready_future<json::json_return_type>(res);
         });
     });
+
+    hf::inject_disconnect.set(r, [&ms] (std::unique_ptr<request> req) -> future<json::json_return_type> {
+        auto ip = msg_addr(req->param["ip"]);
+        co_await ms.invoke_on_all([ip] (netw::messaging_service& ms) {
+            ms.remove_rpc_client(ip);
+        });
+        co_return json::json_void();
+    });
 }
 
 void unset_messaging_service(http_context& ctx, routes& r) {
@@ -155,6 +165,7 @@ void unset_messaging_service(http_context& ctx, routes& r) {
     get_respond_completed_messages.unset(r);
     get_version.unset(r);
     get_dropped_messages_by_ver.unset(r);
+    hf::inject_disconnect.unset(r);
 }
 
 }

api/messaging_service.hh

@@ -8,7 +8,7 @@
 
 #pragma once
 
-#include "api.hh"
+#include "api/api_init.hh"
 
 namespace netw { class messaging_service; }
 

api/raft.cc

@@ -0,0 +1,84 @@
+/*
+ * Copyright (C) 2024-present ScyllaDB
+ */
+
+/*
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+#include <seastar/core/coroutine.hh>
+
+#include "api/api.hh"
+#include "api/api-doc/raft.json.hh"
+
+#include "service/raft/raft_group_registry.hh"
+
+using namespace seastar::httpd;
+
+extern logging::logger apilog;
+
+namespace api {
+
+namespace r = httpd::raft_json;
+using namespace json;
+
+void set_raft(http_context&, httpd::routes& r, sharded<service::raft_group_registry>& raft_gr) {
+    r::trigger_snapshot.set(r, [&raft_gr] (std::unique_ptr<http::request> req) -> future<json_return_type> {
+        raft::group_id gid{utils::UUID{req->param["group_id"]}};
+        auto timeout_dur = std::invoke([timeout_str = req->get_query_param("timeout")] {
+            if (timeout_str.empty()) {
+                return std::chrono::seconds{60};
+            }
+            auto dur = std::stoll(timeout_str);
+            if (dur <= 0) {
+                throw std::runtime_error{"Timeout must be a positive number."};
+            }
+            return std::chrono::seconds{dur};
+        });
+
+        std::atomic<bool> found_srv{false};
+        co_await raft_gr.invoke_on_all([gid, timeout_dur, &found_srv] (service::raft_group_registry& raft_gr) -> future<> {
+            auto* srv = raft_gr.find_server(gid);
+            if (!srv) {
+                co_return;
+            }
+
+            found_srv = true;
+            abort_on_expiry aoe(lowres_clock::now() + timeout_dur);
+            apilog.info("Triggering Raft group {} snapshot", gid);
+            auto result = co_await srv->trigger_snapshot(&aoe.abort_source());
+            if (result) {
+                apilog.info("New snapshot for Raft group {} created", gid);
+            } else {
+                apilog.info("Could not create new snapshot for Raft group {}, no new entries applied", gid);
+            }
+        });
+
+        if (!found_srv) {
+            throw std::runtime_error{fmt::format("Server for group ID {} not found", gid)};
+        }
+
+        co_return json_void{};
+    });
+    r::get_leader_host.set(r, [&raft_gr] (std::unique_ptr<http::request> req) -> future<json_return_type> {
+        return smp::submit_to(0, [&] {
+            auto& srv = std::invoke([&] () -> raft::server& {
+                if (req->query_parameters.contains("group_id")) {
+                    raft::group_id id{utils::UUID{req->get_query_param("group_id")}};
+                    return raft_gr.local().get_server(id);
+                } else {
+                    return raft_gr.local().group0();
+                }
+            });
+            return json_return_type(srv.current_leader().to_sstring());
+        });
+    });
+}
+
+void unset_raft(http_context&, httpd::routes& r) {
+    r::trigger_snapshot.unset(r);
+    r::get_leader_host.unset(r);
+}
+
+}
+

api/raft.hh

@@ -0,0 +1,18 @@
+/*
+ * Copyright (C) 2023-present ScyllaDB
+ */
+
+/*
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+#pragma once
+
+#include "api_init.hh"
+
+namespace api {
+
+void set_raft(http_context& ctx, httpd::routes& r, sharded<service::raft_group_registry>& raft_gr);
+void unset_raft(http_context& ctx, httpd::routes& r);
+
+}

api/scrub_status.hh

@@ -0,0 +1,18 @@
+/*
+ * Copyright (C) 2023-present ScyllaDB
+ */
+
+/*
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+namespace api {
+
+enum class scrub_status {
+    successful = 0,
+    aborted,
+    unable_to_cancel,   // Not used in Scylla, included to ensure compatibility with nodetool api.
+    validation_errors,
+};
+
+} // namespace api

api/storage_proxy.cc

@@ -8,6 +8,7 @@
 
 #include "storage_proxy.hh"
 #include "service/storage_proxy.hh"
+#include "api/api.hh"
 #include "api/api-doc/storage_proxy.json.hh"
 #include "api/api-doc/utils.json.hh"
 #include "db/config.hh"
@@ -27,7 +28,7 @@ utils::time_estimated_histogram timed_rate_moving_average_summary_merge(utils::t
 }
 
 /**
- * This function implement a two dimentional map reduce where
+ * This function implement a two dimensional map reduce where
  * the first level is a distributed storage_proxy class and the
  * second level is the stats per scheduling group class.
  * @param d -  a reference to the storage_proxy distributed class.
@@ -48,7 +49,7 @@ future<V> two_dimensional_map_reduce(distributed<service::storage_proxy>& d,
 }
 
 /**
- * This function implement a two dimentional map reduce where
+ * This function implement a two dimensional map reduce where
  * the first level is a distributed storage_proxy class and the
  * second level is the stats per scheduling group class.
  * @param d -  a reference to the storage_proxy distributed class.

api/storage_proxy.hh

@@ -9,7 +9,7 @@
 #pragma once
 
 #include <seastar/core/sharded.hh>
-#include "api.hh"
+#include "api/api_init.hh"
 
 namespace service { class storage_proxy; }
 

api/storage_service.cc

@@ -7,8 +7,11 @@
  */
 
 #include "storage_service.hh"
+#include "api/api.hh"
+#include "api/api-doc/column_family.json.hh"
 #include "api/api-doc/storage_service.json.hh"
 #include "api/api-doc/storage_proxy.json.hh"
+#include "api/scrub_status.hh"
 #include "db/config.hh"
 #include "db/schema_tables.hh"
 #include "utils/hash.hh"
@@ -16,11 +19,14 @@
 #include <sstream>
 #include <time.h>
 #include <algorithm>
+#include <functional>
+#include <iterator>
 #include <boost/range/adaptor/map.hpp>
 #include <boost/range/adaptor/filtered.hpp>
 #include <boost/algorithm/string/trim_all.hpp>
 #include <boost/algorithm/string/case_conv.hpp>
 #include <boost/functional/hash.hpp>
+#include "service/raft/raft_group0_client.hh"
 #include "service/storage_service.hh"
 #include "service/load_meter.hh"
 #include "db/commitlog/commitlog.hh"
@@ -35,6 +41,7 @@
 #include "log.hh"
 #include "release.hh"
 #include "compaction/compaction_manager.hh"
+#include "compaction/task_manager_module.hh"
 #include "sstables/sstables.hh"
 #include "replica/database.hh"
 #include "db/extensions.hh"
@@ -58,26 +65,66 @@ namespace ss = httpd::storage_service_json;
 namespace sp = httpd::storage_proxy_json;
 using namespace json;
 
-sstring validate_keyspace(http_context& ctx, sstring ks_name) {
+sstring validate_keyspace(const http_context& ctx, sstring ks_name) {
     if (ctx.db.local().has_keyspace(ks_name)) {
         return ks_name;
     }
     throw bad_param_exception(replica::no_such_keyspace(ks_name).what());
 }
 
-sstring validate_keyspace(http_context& ctx, const parameters& param) {
+sstring validate_keyspace(const http_context& ctx, const parameters& param) {
     return validate_keyspace(ctx, param["keyspace"]);
 }
 
+static void validate_table(const http_context& ctx, sstring ks_name, sstring table_name) {
+    auto& db = ctx.db.local();
+    try {
+        db.find_column_family(ks_name, table_name);
+    } catch (replica::no_such_column_family& e) {
+        throw bad_param_exception(e.what());
+    }
+}
+
+static void ensure_tablets_disabled(const http_context& ctx, const sstring& ks_name, const sstring& api_endpoint_path) {
+    if (ctx.db.local().find_keyspace(ks_name).uses_tablets()) {
+        throw bad_param_exception{fmt::format("{} is per-table in keyspace '{}'. Please provide table name using 'cf' parameter.", api_endpoint_path, ks_name)};
+    }
+}
+
+static bool any_of_keyspaces_use_tablets(const http_context& ctx) {
+    auto& db = ctx.db.local();
+    auto uses_tablets = [&db](const auto& ks_name) {
+        return db.find_keyspace(ks_name).uses_tablets();
+    };
+
+    auto keyspaces = db.get_all_keyspaces();
+    return std::any_of(std::begin(keyspaces), std::end(keyspaces), uses_tablets);
+}
+
 locator::host_id validate_host_id(const sstring& param) {
     auto hoep = locator::host_id_or_endpoint(param, locator::host_id_or_endpoint::param_type::host_id);
-    return hoep.id;
+    return hoep.id();
+}
+
+bool validate_bool(const sstring& param) {
+    if (param == "true") {
+        return true;
+    } else if (param == "false") {
+        return false;
+    } else {
+        throw std::runtime_error("Parameter must be either 'true' or 'false'");
+    }
+}
+
+static
+int64_t validate_int(const sstring& param) {
+    return std::atoll(param.c_str());
 }
 
 // splits a request parameter assumed to hold a comma-separated list of table names
 // verify that the tables are found, otherwise a bad_param_exception exception is thrown
 // containing the description of the respective no_such_column_family error.
-std::vector<sstring> parse_tables(const sstring& ks_name, http_context& ctx, sstring value) {
+std::vector<sstring> parse_tables(const sstring& ks_name, const http_context& ctx, sstring value) {
     if (value.empty()) {
         return map_keys(ctx.db.local().find_keyspace(ks_name).metadata().get()->cf_meta_data());
     }
@@ -92,7 +139,7 @@ std::vector<sstring> parse_tables(const sstring& ks_name, http_context& ctx, sst
     return names;
 }
 
-std::vector<sstring> parse_tables(const sstring& ks_name, http_context& ctx, const std::unordered_map<sstring, sstring>& query_params, sstring param_name) {
+std::vector<sstring> parse_tables(const sstring& ks_name, const http_context& ctx, const std::unordered_map<sstring, sstring>& query_params, sstring param_name) {
     auto it = query_params.find(param_name);
     if (it == query_params.end()) {
         return {};
@@ -100,7 +147,7 @@ std::vector<sstring> parse_tables(const sstring& ks_name, http_context& ctx, con
     return parse_tables(ks_name, ctx, it->second);
 }
 
-std::vector<table_info> parse_table_infos(const sstring& ks_name, http_context& ctx, sstring value) {
+std::vector<table_info> parse_table_infos(const sstring& ks_name, const http_context& ctx, sstring value) {
     std::vector<table_info> res;
     try {
         if (value.empty()) {
@@ -125,30 +172,11 @@ std::vector<table_info> parse_table_infos(const sstring& ks_name, http_context&
     return res;
 }
 
-std::vector<table_info> parse_table_infos(const sstring& ks_name, http_context& ctx, const std::unordered_map<sstring, sstring>& query_params, sstring param_name) {
+std::vector<table_info> parse_table_infos(const sstring& ks_name, const http_context& ctx, const std::unordered_map<sstring, sstring>& query_params, sstring param_name) {
     auto it = query_params.find(param_name);
     return parse_table_infos(ks_name, ctx, it != query_params.end() ? it->second : "");
 }
 
-// Run on all tables, skipping dropped tables
-future<> run_on_existing_tables(sstring op, replica::database& db, std::string_view keyspace, const std::vector<table_info> local_tables, std::function<future<> (replica::table&)> func) {
-    std::exception_ptr ex;
-    for (const auto& ti : local_tables) {
-        apilog.debug("Starting {} on {}.{}", op, keyspace, ti);
-        try {
-            co_await func(db.find_column_family(ti.id));
-        } catch (const replica::no_such_column_family& e) {
-            apilog.warn("Skipping {} of {}.{}: {}", op, keyspace, ti, e.what());
-        } catch (...) {
-            ex = std::current_exception();
-            apilog.error("Failed {} of {}.{}: {}", op, keyspace, ti, ex);
-        }
-        if (ex) {
-            co_await coroutine::return_exception_ptr(std::move(ex));
-        }
-    }
-}
-
 static ss::token_range token_range_endpoints_to_json(const dht::token_range_endpoints& d) {
     ss::token_range r;
     r.start_token = d._start_token;
@@ -249,18 +277,86 @@ future<json::json_return_type> set_tables_tombstone_gc(http_context& ctx, const
     });
 }
 
+future<scrub_info> parse_scrub_options(const http_context& ctx, sharded<db::snapshot_ctl>& snap_ctl, std::unique_ptr<http::request> req) {
+    scrub_info info;
+    auto rp = req_params({
+        {"keyspace", {mandatory::yes}},
+        {"cf", {""}},
+        {"scrub_mode", {}},
+        {"skip_corrupted", {}},
+        {"disable_snapshot", {}},
+        {"quarantine_mode", {}},
+    });
+    rp.process(*req);
+    info.keyspace = validate_keyspace(ctx, *rp.get("keyspace"));
+    info.column_families = parse_tables(info.keyspace, ctx, *rp.get("cf"));
+    auto scrub_mode_opt = rp.get("scrub_mode");
+    auto scrub_mode = sstables::compaction_type_options::scrub::mode::abort;
+
+    if (!scrub_mode_opt) {
+        const auto skip_corrupted = rp.get_as<bool>("skip_corrupted").value_or(false);
+
+        if (skip_corrupted) {
+            scrub_mode = sstables::compaction_type_options::scrub::mode::skip;
+        }
+    } else {
+        auto scrub_mode_str = *scrub_mode_opt;
+        if (scrub_mode_str == "ABORT") {
+            scrub_mode = sstables::compaction_type_options::scrub::mode::abort;
+        } else if (scrub_mode_str == "SKIP") {
+            scrub_mode = sstables::compaction_type_options::scrub::mode::skip;
+        } else if (scrub_mode_str == "SEGREGATE") {
+            scrub_mode = sstables::compaction_type_options::scrub::mode::segregate;
+        } else if (scrub_mode_str == "VALIDATE") {
+            scrub_mode = sstables::compaction_type_options::scrub::mode::validate;
+        } else {
+            throw httpd::bad_param_exception(fmt::format("Unknown argument for 'scrub_mode' parameter: {}", scrub_mode_str));
+        }
+    }
+
+    if (!req_param<bool>(*req, "disable_snapshot", false)) {
+        auto tag = format("pre-scrub-{:d}", db_clock::now().time_since_epoch().count());
+        co_await coroutine::parallel_for_each(info.column_families, [&snap_ctl, keyspace = info.keyspace, tag](sstring cf) {
+            // We always pass here db::snapshot_ctl::snap_views::no since:
+            // 1. When scrubbing particular tables, there's no need to auto-snapshot their views.
+            // 2. When scrubbing the whole keyspace, column_families will contain both base tables and views.
+            return snap_ctl.local().take_column_family_snapshot(keyspace, cf, tag, db::snapshot_ctl::snap_views::no, db::snapshot_ctl::skip_flush::no);
+        });
+    }
+
+    info.opts = {
+        .operation_mode = scrub_mode,
+    };
+    const sstring quarantine_mode_str = req_param<sstring>(*req, "quarantine_mode", "INCLUDE");
+    if (quarantine_mode_str == "INCLUDE") {
+        info.opts.quarantine_operation_mode = sstables::compaction_type_options::scrub::quarantine_mode::include;
+    } else if (quarantine_mode_str == "EXCLUDE") {
+        info.opts.quarantine_operation_mode = sstables::compaction_type_options::scrub::quarantine_mode::exclude;
+    } else if (quarantine_mode_str == "ONLY") {
+        info.opts.quarantine_operation_mode = sstables::compaction_type_options::scrub::quarantine_mode::only;
+    } else {
+        throw httpd::bad_param_exception(fmt::format("Unknown argument for 'quarantine_mode' parameter: {}", quarantine_mode_str));
+    }
+
+    co_return info;
+}
+
 void set_transport_controller(http_context& ctx, routes& r, cql_transport::controller& ctl) {
-    ss::start_native_transport.set(r, [&ctl](std::unique_ptr<http::request> req) {
+    ss::start_native_transport.set(r, [&ctx, &ctl](std::unique_ptr<http::request> req) {
         return smp::submit_to(0, [&] {
-            return ctl.start_server();
+            return with_scheduling_group(ctx.db.local().get_statement_scheduling_group(), [&ctl] {
+                return ctl.start_server();
+            });
         }).then([] {
             return make_ready_future<json::json_return_type>(json_void());
         });
     });
 
-    ss::stop_native_transport.set(r, [&ctl](std::unique_ptr<http::request> req) {
+    ss::stop_native_transport.set(r, [&ctx, &ctl](std::unique_ptr<http::request> req) {
         return smp::submit_to(0, [&] {
-            return ctl.request_stop_server();
+            return with_scheduling_group(ctx.db.local().get_statement_scheduling_group(), [&ctl] {
+                return ctl.request_stop_server();
+            });
         }).then([] {
             return make_ready_future<json::json_return_type>(json_void());
         });
@@ -282,17 +378,21 @@ void unset_transport_controller(http_context& ctx, routes& r) {
 }
 
 void set_rpc_controller(http_context& ctx, routes& r, thrift_controller& ctl) {
-    ss::stop_rpc_server.set(r, [&ctl](std::unique_ptr<http::request> req) {
+    ss::stop_rpc_server.set(r, [&ctx, &ctl](std::unique_ptr<http::request> req) {
         return smp::submit_to(0, [&] {
-            return ctl.request_stop_server();
+            return with_scheduling_group(ctx.db.local().get_statement_scheduling_group(), [&ctl] {
+                return ctl.request_stop_server();
+            });
         }).then([] {
             return make_ready_future<json::json_return_type>(json_void());
         });
     });
 
-    ss::start_rpc_server.set(r, [&ctl](std::unique_ptr<http::request> req) {
+    ss::start_rpc_server.set(r, [&ctx, &ctl](std::unique_ptr<http::request> req) {
         return smp::submit_to(0, [&] {
-            return ctl.start_server();
+            return with_scheduling_group(ctx.db.local().get_statement_scheduling_group(), [&ctl] {
+                return ctl.start_server();
+            });
         }).then([] {
             return make_ready_future<json::json_return_type>(json_void());
         });
@@ -315,9 +415,22 @@ void unset_rpc_controller(http_context& ctx, routes& r) {
 
 void set_repair(http_context& ctx, routes& r, sharded<repair_service>& repair) {
     ss::repair_async.set(r, [&ctx, &repair](std::unique_ptr<http::request> req) {
-        static std::vector<sstring> options = {"primaryRange", "parallelism", "incremental",
+        static std::unordered_set<sstring> options = {"primaryRange", "parallelism", "incremental",
                 "jobThreads", "ranges", "columnFamilies", "dataCenters", "hosts", "ignore_nodes", "trace",
-                "startToken", "endToken", "ranges_parallelism"};
+                "startToken", "endToken", "ranges_parallelism", "small_table_optimization"};
+
+        // Nodetool still sends those unsupported options. Ignore them to avoid failing nodetool repair.
+        static std::unordered_set<sstring> legacy_options_to_ignore = {"pullRepair", "ignoreUnreplicatedKeyspaces"};
+
+        for (auto& x : req->query_parameters) {
+            if (legacy_options_to_ignore.contains(x.first)) {
+                continue;
+            }
+            if (!options.contains(x.first)) {
+                return make_exception_future<json::json_return_type>(
+                        httpd::bad_param_exception(format("option {} is not supported", x.first)));
+            }
+        }
         std::unordered_map<sstring, sstring> options_map;
         for (auto o : options) {
             auto s = req->get_query_param(o);
@@ -347,7 +460,7 @@ void set_repair(http_context& ctx, routes& r, sharded<repair_service>& repair) {
                 .then_wrapped([] (future<repair_status>&& fut) {
             ss::ns_repair_async_status::return_type_wrapper res;
             try {
-                res = fut.get0();
+                res = fut.get();
             } catch(std::runtime_error& e) {
                 throw httpd::bad_param_exception(e.what());
             }
@@ -380,7 +493,7 @@ void set_repair(http_context& ctx, routes& r, sharded<repair_service>& repair) {
                 .then_wrapped([] (future<repair_status>&& fut) {
             ss::ns_repair_async_status::return_type_wrapper res;
             try {
-                res = fut.get0();
+                res = fut.get();
             } catch (std::exception& e) {
                 return make_exception_future<json::json_return_type>(httpd::bad_param_exception(e.what()));
             }
@@ -462,25 +575,11 @@ static future<json::json_return_type> describe_ring_as_json(sharded<service::sto
     co_return json::json_return_type(stream_range_as_array(co_await ss.local().describe_ring(keyspace), token_range_endpoints_to_json));
 }
 
+static future<json::json_return_type> describe_ring_as_json_for_table(const sharded<service::storage_service>& ss, sstring keyspace, sstring table) {
+    co_return json::json_return_type(stream_range_as_array(co_await ss.local().describe_ring_for_table(keyspace, table), token_range_endpoints_to_json));
+}
+
 void set_storage_service(http_context& ctx, routes& r, sharded<service::storage_service>& ss, service::raft_group0_client& group0_client) {
-    ss::local_hostid.set(r, [&ss](std::unique_ptr<http::request> req) {
-        auto id = ss.local().get_token_metadata().get_my_id();
-        return make_ready_future<json::json_return_type>(id.to_sstring());
-    });
-
-    ss::get_tokens.set(r, [&ss] (std::unique_ptr<http::request> req) {
-        return make_ready_future<json::json_return_type>(stream_range_as_array(ss.local().get_token_metadata().sorted_tokens(), [](const dht::token& i) {
-           return fmt::to_string(i);
-        }));
-    });
-
-    ss::get_node_tokens.set(r, [&ss] (std::unique_ptr<http::request> req) {
-        gms::inet_address addr(req->param["endpoint"]);
-        return make_ready_future<json::json_return_type>(stream_range_as_array(ss.local().get_token_metadata().get_tokens(addr), [](const dht::token& i) {
-           return fmt::to_string(i);
-       }));
-    });
-
     ss::get_commitlog.set(r, [&ctx](const_req req) {
         return ctx.db.local().commitlog()->active_config().commit_log_location;
     });
@@ -544,24 +643,6 @@ void set_storage_service(http_context& ctx, routes& r, sharded<service::storage_
         });
     });
 
-    ss::get_leaving_nodes.set(r, [&ss](const_req req) {
-        return container_to_vec(ss.local().get_token_metadata().get_leaving_endpoints());
-    });
-
-    ss::get_moving_nodes.set(r, [](const_req req) {
-        std::unordered_set<sstring> addr;
-        return container_to_vec(addr);
-    });
-
-    ss::get_joining_nodes.set(r, [&ss](const_req req) {
-        auto points = ss.local().get_token_metadata().get_bootstrap_tokens();
-        std::unordered_set<sstring> addr;
-        for (auto i: points) {
-            addr.insert(fmt::to_string(i.second));
-        }
-        return container_to_vec(addr);
-    });
-
     ss::get_release_version.set(r, [&ss](const_req req) {
         return ss.local().get_release_version();
     });
@@ -583,8 +664,23 @@ void set_storage_service(http_context& ctx, routes& r, sharded<service::storage_
 
     ss::get_range_to_endpoint_map.set(r, [&ctx, &ss](std::unique_ptr<http::request> req) -> future<json::json_return_type> {
         auto keyspace = validate_keyspace(ctx, req->param);
+        auto table = req->get_query_param("cf");
+
+        auto erm = std::invoke([&]() -> locator::effective_replication_map_ptr {
+            auto& ks = ctx.db.local().find_keyspace(keyspace);
+            if (table.empty()) {
+                ensure_tablets_disabled(ctx, keyspace, "storage_service/range_to_endpoint_map");
+                return ks.get_vnode_effective_replication_map();
+            } else {
+                validate_table(ctx, keyspace, table);
+
+                auto& cf = ctx.db.local().find_column_family(keyspace, table);
+                return cf.get_effective_replication_map();
+            }
+        });
+
         std::vector<ss::maplist_mapper> res;
-        co_return stream_range_as_array(co_await ss.local().get_range_to_address_map(keyspace),
+        co_return stream_range_as_array(co_await ss.local().get_range_to_address_map(erm),
                 [](const std::pair<dht::token_range, inet_address_vector_replica_set>& entry){
             ss::maplist_mapper m;
             if (entry.first.start()) {
@@ -612,25 +708,19 @@ void set_storage_service(http_context& ctx, routes& r, sharded<service::storage_
         return make_ready_future<json::json_return_type>(res);
     });
 
-    ss::describe_any_ring.set(r, [&ctx, &ss](std::unique_ptr<http::request> req) {
-        // Find an arbitrary non-system keyspace.
-        auto keyspaces = ctx.db.local().get_non_local_vnode_based_strategy_keyspaces();
-        if (keyspaces.empty()) {
-            throw std::runtime_error("No keyspace provided and no non system kespace exist");
-        }
-        auto ks = keyspaces[0];
-        return describe_ring_as_json(ss, ks);
-    });
-
     ss::describe_ring.set(r, [&ctx, &ss](std::unique_ptr<http::request> req) {
+        if (!req->param.exists("keyspace")) {
+            throw bad_param_exception("The keyspace param is not provided");
+        }
+        auto keyspace = req->param["keyspace"];
+        auto table = req->get_query_param("table");
+        if (!table.empty()) {
+            validate_table(ctx, keyspace, table);
+            return describe_ring_as_json_for_table(ss, keyspace, table);
+        }
         return describe_ring_as_json(ss, validate_keyspace(ctx, req->param));
     });
 
-    ss::get_host_id_map.set(r, [&ss](const_req req) {
-        std::vector<ss::mapper> res;
-        return map_to_key_value(ss.local().get_token_metadata().get_endpoint_to_host_id_map_for_reading(), res);
-    });
-
     ss::get_load.set(r, [&ctx](std::unique_ptr<http::request> req) {
         return get_cf_stats(ctx, &replica::column_family_stats::live_disk_space_used);
     });
@@ -649,7 +739,7 @@ void set_storage_service(http_context& ctx, routes& r, sharded<service::storage_
     });
 
     ss::get_current_generation_number.set(r, [&ss](std::unique_ptr<http::request> req) {
-        gms::inet_address ep(utils::fb_utilities::get_broadcast_address());
+        auto ep = ss.local().get_token_metadata().get_topology().my_address();
         return ss.local().gossiper().get_current_generation_number(ep).then([](gms::generation_type res) {
             return make_ready_future<json::json_return_type>(res.value());
         });
@@ -669,14 +759,50 @@ void set_storage_service(http_context& ctx, routes& r, sharded<service::storage_
         });
     });
 
-    ss::force_keyspace_compaction.set(r, [&ctx](std::unique_ptr<http::request> req) -> future<json::json_return_type> {
+    ss::force_compaction.set(r, [&ctx](std::unique_ptr<http::request> req) -> future<json::json_return_type> {
         auto& db = ctx.db;
-        auto keyspace = validate_keyspace(ctx, req->param);
-        auto table_infos = parse_table_infos(keyspace, ctx, req->query_parameters, "cf");
-        apilog.debug("force_keyspace_compaction: keyspace={} tables={}", keyspace, table_infos);
+        auto params = req_params({
+            std::pair("flush_memtables", mandatory::no),
+        });
+        params.process(*req);
+        auto flush = params.get_as<bool>("flush_memtables").value_or(true);
+        apilog.info("force_compaction: flush={}", flush);
 
         auto& compaction_module = db.local().get_compaction_manager().get_task_manager_module();
-        auto task = co_await compaction_module.make_and_start_task<major_keyspace_compaction_task_impl>({}, std::move(keyspace), db, table_infos);
+        std::optional<flush_mode> fmopt;
+        if (!flush) {
+            fmopt = flush_mode::skip;
+        }
+        auto task = co_await compaction_module.make_and_start_task<global_major_compaction_task_impl>({}, db, fmopt);
+        try {
+            co_await task->done();
+        } catch (...) {
+            apilog.error("force_compaction failed: {}", std::current_exception());
+            throw;
+        }
+
+        co_return json_void();
+    });
+
+    ss::force_keyspace_compaction.set(r, [&ctx](std::unique_ptr<http::request> req) -> future<json::json_return_type> {
+        auto& db = ctx.db;
+        auto params = req_params({
+            std::pair("keyspace", mandatory::yes),
+            std::pair("cf", mandatory::no),
+            std::pair("flush_memtables", mandatory::no),
+        });
+        params.process(*req);
+        auto keyspace = validate_keyspace(ctx, *params.get("keyspace"));
+        auto table_infos = parse_table_infos(keyspace, ctx, params.get("cf").value_or(""));
+        auto flush = params.get_as<bool>("flush_memtables").value_or(true);
+        apilog.debug("force_keyspace_compaction: keyspace={} tables={}, flush={}", keyspace, table_infos, flush);
+
+        auto& compaction_module = db.local().get_compaction_manager().get_task_manager_module();
+        std::optional<flush_mode> fmopt;
+        if (!flush) {
+            fmopt = flush_mode::skip;
+        }
+        auto task = co_await compaction_module.make_and_start_task<major_keyspace_compaction_task_impl>({}, std::move(keyspace), tasks::task_id::create_null_id(), db, table_infos, fmopt);
         try {
             co_await task->done();
         } catch (...) {
@@ -691,6 +817,12 @@ void set_storage_service(http_context& ctx, routes& r, sharded<service::storage_
         auto& db = ctx.db;
         auto keyspace = validate_keyspace(ctx, req->param);
         auto table_infos = parse_table_infos(keyspace, ctx, req->query_parameters, "cf");
+        const auto& rs = db.local().find_keyspace(keyspace).get_replication_strategy();
+        if (rs.get_type() == locator::replication_strategy_type::local || !rs.is_vnode_based()) {
+            auto reason = rs.get_type() == locator::replication_strategy_type::local ? "require" : "support";
+            apilog.info("Keyspace {} does not {} cleanup", keyspace, reason);
+            co_return json::json_return_type(0);
+        }
         apilog.info("force_keyspace_cleanup: keyspace={} tables={}", keyspace, table_infos);
         if (!co_await ss.local().is_cleanup_allowed(keyspace)) {
             auto msg = "Can not perform cleanup operation when topology changes";
@@ -699,7 +831,8 @@ void set_storage_service(http_context& ctx, routes& r, sharded<service::storage_
         }
 
         auto& compaction_module = db.local().get_compaction_manager().get_task_manager_module();
-        auto task = co_await compaction_module.make_and_start_task<cleanup_keyspace_compaction_task_impl>({}, std::move(keyspace), db, table_infos);
+        auto task = co_await compaction_module.make_and_start_task<cleanup_keyspace_compaction_task_impl>(
+            {}, std::move(keyspace), db, table_infos, flush_mode::all_tables);
         try {
             co_await task->done();
         } catch (...) {
@@ -710,11 +843,36 @@ void set_storage_service(http_context& ctx, routes& r, sharded<service::storage_
         co_return json::json_return_type(0);
     });
 
+    ss::cleanup_all.set(r, [&ctx, &ss](std::unique_ptr<http::request> req) -> future<json::json_return_type> {
+        apilog.info("cleanup_all");
+        auto done = co_await ss.invoke_on(0, [] (service::storage_service& ss) -> future<bool> {
+            if (!ss.is_topology_coordinator_enabled()) {
+                co_return false;
+            }
+            co_await ss.do_cluster_cleanup();
+            co_return true;
+        });
+        if (done) {
+            co_return json::json_return_type(0);
+        }
+        // fall back to the local global cleanup if topology coordinator is not enabled
+        auto& db = ctx.db;
+        auto& compaction_module = db.local().get_compaction_manager().get_task_manager_module();
+        auto task = co_await compaction_module.make_and_start_task<global_cleanup_compaction_task_impl>({}, db);
+        try {
+            co_await task->done();
+        } catch (...) {
+            apilog.error("cleanup_all failed: {}", std::current_exception());
+            throw;
+        }
+        co_return json::json_return_type(0);
+    });
+
     ss::perform_keyspace_offstrategy_compaction.set(r, wrap_ks_cf(ctx, [] (http_context& ctx, std::unique_ptr<http::request> req, sstring keyspace, std::vector<table_info> table_infos) -> future<json::json_return_type> {
         apilog.info("perform_keyspace_offstrategy_compaction: keyspace={} tables={}", keyspace, table_infos);
         bool res = false;
         auto& compaction_module = ctx.db.local().get_compaction_manager().get_task_manager_module();
-        auto task = co_await compaction_module.make_and_start_task<offstrategy_keyspace_compaction_task_impl>({}, std::move(keyspace), ctx.db, table_infos, res);
+        auto task = co_await compaction_module.make_and_start_task<offstrategy_keyspace_compaction_task_impl>({}, std::move(keyspace), ctx.db, table_infos, &res);
         try {
             co_await task->done();
         } catch (...) {
@@ -743,6 +901,14 @@ void set_storage_service(http_context& ctx, routes& r, sharded<service::storage_
         co_return json::json_return_type(0);
     }));
 
+    ss::force_flush.set(r, [&ctx](std::unique_ptr<http::request> req) -> future<json::json_return_type> {
+        apilog.info("flush all tables");
+        co_await ctx.db.invoke_on_all([] (replica::database& db) {
+            return db.flush_all_tables();
+        });
+        co_return json_void();
+    });
+
     ss::force_keyspace_flush.set(r, [&ctx](std::unique_ptr<http::request> req) -> future<json::json_return_type> {
         auto keyspace = validate_keyspace(ctx, req->param);
         auto column_families = parse_tables(keyspace, ctx, req->query_parameters, "cf");
@@ -860,12 +1026,22 @@ void set_storage_service(http_context& ctx, routes& r, sharded<service::storage_
 
     ss::get_keyspaces.set(r, [&ctx](const_req req) {
         auto type = req.get_query_param("type");
+        auto replication = req.get_query_param("replication");
+        std::vector<sstring> keyspaces;
         if (type == "user") {
-            return ctx.db.local().get_user_keyspaces();
+            keyspaces = ctx.db.local().get_user_keyspaces();
         } else if (type == "non_local_strategy") {
-            return ctx.db.local().get_non_local_strategy_keyspaces();
+            keyspaces = ctx.db.local().get_non_local_strategy_keyspaces();
+        } else {
+            keyspaces = map_keys(ctx.db.local().get_keyspaces());
         }
-        return map_keys(ctx.db.local().get_keyspaces());
+        if (replication.empty() || replication == "all") {
+            return keyspaces;
+        }
+        const auto want_tablets = replication == "tablets";
+        return boost::copy_range<std::vector<sstring>>(keyspaces | boost::adaptors::filtered([&ctx, want_tablets] (const sstring& ks) {
+            return ctx.db.local().find_keyspace(ks).get_replication_strategy().uses_tablets() == want_tablets;
+        }));
     });
 
     ss::stop_gossiping.set(r, [&ss](std::unique_ptr<http::request> req) {
@@ -897,7 +1073,7 @@ void set_storage_service(http_context& ctx, routes& r, sharded<service::storage_
 
     ss::is_initialized.set(r, [&ss](std::unique_ptr<http::request> req) {
         return ss.local().get_operation_mode().then([&ss] (auto mode) {
-            bool is_initialized = mode >= service::storage_service::mode::STARTING;
+            bool is_initialized = mode >= service::storage_service::mode::STARTING && mode != service::storage_service::mode::MAINTENANCE;
             if (mode == service::storage_service::mode::NORMAL) {
                 is_initialized = ss.local().gossiper().is_enabled();
             }
@@ -911,7 +1087,7 @@ void set_storage_service(http_context& ctx, routes& r, sharded<service::storage_
 
     ss::is_joined.set(r, [&ss] (std::unique_ptr<http::request> req) {
         return ss.local().get_operation_mode().then([] (auto mode) {
-            return make_ready_future<json::json_return_type>(mode >= service::storage_service::mode::JOINING);
+            return make_ready_future<json::json_return_type>(mode >= service::storage_service::mode::JOINING && mode != service::storage_service::mode::MAINTENANCE);
         });
     });
 
@@ -1194,7 +1370,11 @@ void set_storage_service(http_context& ctx, routes& r, sharded<service::storage_
         return make_ready_future<json::json_return_type>(0);
     });
 
-    ss::get_ownership.set(r, [&ss] (std::unique_ptr<http::request> req) {
+    ss::get_ownership.set(r, [&ctx, &ss] (std::unique_ptr<http::request> req) {
+        if (any_of_keyspaces_use_tablets(ctx)) {
+            throw httpd::bad_param_exception("storage_service/ownership cannot be used when a keyspace uses tablets");
+        }
+
         return ss.local().get_ownership().then([] (auto&& ownership) {
             std::vector<storage_service_json::mapper> res;
             return make_ready_future<json::json_return_type>(map_to_key_value(ownership, res));
@@ -1203,7 +1383,17 @@ void set_storage_service(http_context& ctx, routes& r, sharded<service::storage_
 
     ss::get_effective_ownership.set(r, [&ctx, &ss] (std::unique_ptr<http::request> req) {
         auto keyspace_name = req->param["keyspace"] == "null" ? "" : validate_keyspace(ctx, req->param);
-        return ss.local().effective_ownership(keyspace_name).then([] (auto&& ownership) {
+        auto table_name = req->get_query_param("cf");
+
+        if (!keyspace_name.empty()) {
+            if (table_name.empty()) {
+                ensure_tablets_disabled(ctx, keyspace_name, "storage_service/ownership");
+            } else {
+                validate_table(ctx, keyspace_name, table_name);
+            }
+        }
+
+        return ss.local().effective_ownership(keyspace_name, table_name).then([] (auto&& ownership) {
             std::vector<storage_service_json::mapper> res;
             return make_ready_future<json::json_return_type>(map_to_key_value(ownership, res));
         });
@@ -1348,6 +1538,90 @@ void set_storage_service(http_context& ctx, routes& r, sharded<service::storage_
         co_return json_void();
     });
 
+    ss::upgrade_to_raft_topology.set(r,
+            [&ss] (std::unique_ptr<http::request> req) -> future<json::json_return_type> {
+        apilog.info("Requested to schedule upgrade to raft topology");
+        try {
+            co_await ss.invoke_on(0, [] (auto& ss) {
+                return ss.start_upgrade_to_raft_topology();
+            });
+        } catch (...) {
+            auto ex = std::current_exception();
+            apilog.error("Failed to schedule upgrade to raft topology: {}", ex);
+            std::rethrow_exception(std::move(ex));
+        }
+        co_return json_void();
+    });
+
+    ss::raft_topology_upgrade_status.set(r,
+            [&ss] (std::unique_ptr<http::request> req) -> future<json::json_return_type> {
+        const auto ustate = co_await ss.invoke_on(0, [] (auto& ss) {
+            return ss.get_topology_upgrade_state();
+        });
+        co_return sstring(format("{}", ustate));
+    });
+
+    ss::move_tablet.set(r, [&ctx, &ss] (std::unique_ptr<http::request> req) -> future<json_return_type> {
+        auto src_host_id = validate_host_id(req->get_query_param("src_host"));
+        shard_id src_shard_id = validate_int(req->get_query_param("src_shard"));
+        auto dst_host_id = validate_host_id(req->get_query_param("dst_host"));
+        shard_id dst_shard_id = validate_int(req->get_query_param("dst_shard"));
+        auto token = dht::token::from_int64(validate_int(req->get_query_param("token")));
+        auto ks = req->get_query_param("ks");
+        auto table = req->get_query_param("table");
+        validate_table(ctx, ks, table);
+        auto table_id = ctx.db.local().find_column_family(ks, table).schema()->id();
+        auto force_str = req->get_query_param("force");
+        auto force = service::loosen_constraints(force_str == "" ? false : validate_bool(force_str));
+
+        co_await ss.local().move_tablet(table_id, token,
+            locator::tablet_replica{src_host_id, src_shard_id},
+            locator::tablet_replica{dst_host_id, dst_shard_id},
+            force);
+
+        co_return json_void();
+    });
+
+    ss::add_tablet_replica.set(r, [&ctx, &ss] (std::unique_ptr<http::request> req) -> future<json_return_type> {
+        auto dst_host_id = validate_host_id(req->get_query_param("dst_host"));
+        shard_id dst_shard_id = validate_int(req->get_query_param("dst_shard"));
+        auto token = dht::token::from_int64(validate_int(req->get_query_param("token")));
+        auto ks = req->get_query_param("ks");
+        auto table = req->get_query_param("table");
+        auto table_id = ctx.db.local().find_column_family(ks, table).schema()->id();
+        auto force_str = req->get_query_param("force");
+        auto force = service::loosen_constraints(force_str == "" ? false : validate_bool(force_str));
+
+        co_await ss.local().add_tablet_replica(table_id, token,
+            locator::tablet_replica{dst_host_id, dst_shard_id},
+            force);
+
+        co_return json_void();
+    });
+
+    ss::del_tablet_replica.set(r, [&ctx, &ss] (std::unique_ptr<http::request> req) -> future<json_return_type> {
+        auto dst_host_id = validate_host_id(req->get_query_param("host"));
+        shard_id dst_shard_id = validate_int(req->get_query_param("shard"));
+        auto token = dht::token::from_int64(validate_int(req->get_query_param("token")));
+        auto ks = req->get_query_param("ks");
+        auto table = req->get_query_param("table");
+        auto table_id = ctx.db.local().find_column_family(ks, table).schema()->id();
+        auto force_str = req->get_query_param("force");
+        auto force = service::loosen_constraints(force_str == "" ? false : validate_bool(force_str));
+
+        co_await ss.local().del_tablet_replica(table_id, token,
+            locator::tablet_replica{dst_host_id, dst_shard_id},
+            force);
+
+        co_return json_void();
+    });
+
+    ss::tablet_balancing_enable.set(r, [&ss] (std::unique_ptr<http::request> req) -> future<json_return_type> {
+        auto enabled = validate_bool(req->get_query_param("enabled"));
+        co_await ss.local().set_tablet_balancing_enabled(enabled);
+        co_return json_void();
+    });
+
     sp::get_schema_versions.set(r, [&ss](std::unique_ptr<http::request> req)  {
         return ss.local().describe_schema_versions().then([] (auto result) {
             std::vector<sp::mapper_list> res;
@@ -1363,15 +1637,9 @@ void set_storage_service(http_context& ctx, routes& r, sharded<service::storage_
 }
 
 void unset_storage_service(http_context& ctx, routes& r) {
-    ss::local_hostid.unset(r);
-    ss::get_tokens.unset(r);
-    ss::get_node_tokens.unset(r);
     ss::get_commitlog.unset(r);
     ss::get_token_endpoint.unset(r);
     ss::toppartitions_generic.unset(r);
-    ss::get_leaving_nodes.unset(r);
-    ss::get_moving_nodes.unset(r);
-    ss::get_joining_nodes.unset(r);
     ss::get_release_version.unset(r);
     ss::get_scylla_release_version.unset(r);
     ss::get_schema_version.unset(r);
@@ -1379,18 +1647,19 @@ void unset_storage_service(http_context& ctx, routes& r) {
     ss::get_saved_caches_location.unset(r);
     ss::get_range_to_endpoint_map.unset(r);
     ss::get_pending_range_to_endpoint_map.unset(r);
-    ss::describe_any_ring.unset(r);
     ss::describe_ring.unset(r);
-    ss::get_host_id_map.unset(r);
     ss::get_load.unset(r);
     ss::get_load_map.unset(r);
     ss::get_current_generation_number.unset(r);
     ss::get_natural_endpoints.unset(r);
     ss::cdc_streams_check_and_repair.unset(r);
+    ss::force_compaction.unset(r);
     ss::force_keyspace_compaction.unset(r);
     ss::force_keyspace_cleanup.unset(r);
+    ss::cleanup_all.unset(r);
     ss::perform_keyspace_offstrategy_compaction.unset(r);
     ss::upgrade_sstables.unset(r);
+    ss::force_flush.unset(r);
     ss::force_keyspace_flush.unset(r);
     ss::decommission.unset(r);
     ss::move.unset(r);
@@ -1450,51 +1719,45 @@ void unset_storage_service(http_context& ctx, routes& r) {
     ss::get_effective_ownership.unset(r);
     ss::sstable_info.unset(r);
     ss::reload_raft_topology_state.unset(r);
+    ss::upgrade_to_raft_topology.unset(r);
+    ss::raft_topology_upgrade_status.unset(r);
+    ss::move_tablet.unset(r);
+    ss::add_tablet_replica.unset(r);
+    ss::del_tablet_replica.unset(r);
+    ss::tablet_balancing_enable.unset(r);
     sp::get_schema_versions.unset(r);
 }
 
-enum class scrub_status {
-    successful = 0,
-    aborted,
-    unable_to_cancel,   // Not used in Scylla, included to ensure compability with nodetool api.
-    validation_errors,
-};
-
 void set_snapshot(http_context& ctx, routes& r, sharded<db::snapshot_ctl>& snap_ctl) {
-    ss::get_snapshot_details.set(r, [&snap_ctl](std::unique_ptr<http::request> req) {
-        return snap_ctl.local().get_snapshot_details().then([] (std::unordered_map<sstring, std::vector<db::snapshot_ctl::snapshot_details>>&& result) {
-            std::function<future<>(output_stream<char>&&)> f = [result = std::move(result)](output_stream<char>&& s) {
-                return do_with(output_stream<char>(std::move(s)), true, [&result] (output_stream<char>& s, bool& first){
-                    return s.write("[").then([&s, &first, &result] {
-                        return do_for_each(result, [&s, &first](std::tuple<sstring, std::vector<db::snapshot_ctl::snapshot_details>>&& map){
-                            return do_with(ss::snapshots(), [&s, &first, &map](ss::snapshots& all_snapshots) {
-                                all_snapshots.key = std::get<0>(map);
-                                future<> f = first ? make_ready_future<>() : s.write(", ");
-                                first = false;
-                                std::vector<ss::snapshot> snapshot;
-                                for (auto& cf: std::get<1>(map)) {
-                                    ss::snapshot snp;
-                                    snp.ks = cf.ks;
-                                    snp.cf = cf.cf;
-                                    snp.live = cf.live;
-                                    snp.total = cf.total;
-                                    snapshot.push_back(std::move(snp));
-                                }
-                                all_snapshots.value = std::move(snapshot);
-                                return f.then([&s, &all_snapshots] {
-                                    return all_snapshots.write(s);
-                                });
-                            });
-                        });
-                    }).then([&s] {
-                        return s.write("]").then([&s] {
-                            return s.close();
-                        });
-                    });
-                });
-            };
+    ss::get_snapshot_details.set(r, [&snap_ctl](std::unique_ptr<http::request> req) -> future<json::json_return_type> {
+        auto result = co_await snap_ctl.local().get_snapshot_details();
+        co_return std::function([res = std::move(result)] (output_stream<char>&& o) -> future<> {
+            auto result = std::move(res);
+            output_stream<char> out = std::move(o);
+            bool first = true;
 
-            return make_ready_future<json::json_return_type>(std::move(f));
+            co_await out.write("[");
+            for (auto&& map : result) {
+                if (!first) {
+                    co_await out.write(", ");
+                }
+                std::vector<ss::snapshot> snapshot;
+                for (auto& cf : std::get<1>(map)) {
+                    ss::snapshot snp;
+                    snp.ks = cf.ks;
+                    snp.cf = cf.cf;
+                    snp.live = cf.live;
+                    snp.total = cf.total;
+                    snapshot.push_back(std::move(snp));
+                }
+                ss::snapshots all_snapshots;
+                all_snapshots.key = std::get<0>(map);
+                all_snapshots.value = std::move(snapshot);
+                co_await all_snapshots.write(out);
+                first = false;
+            }
+            co_await out.write("]");
+            co_await out.close();
         });
     });
 
@@ -1554,68 +1817,11 @@ void set_snapshot(http_context& ctx, routes& r, sharded<db::snapshot_ctl>& snap_
 
     ss::scrub.set(r, [&ctx, &snap_ctl] (std::unique_ptr<http::request> req) -> future<json::json_return_type> {
         auto& db = ctx.db;
-        auto rp = req_params({
-            {"keyspace", {mandatory::yes}},
-            {"cf", {""}},
-            {"scrub_mode", {}},
-            {"skip_corrupted", {}},
-            {"disable_snapshot", {}},
-            {"quarantine_mode", {}},
-        });
-        rp.process(*req);
-        auto keyspace = validate_keyspace(ctx, *rp.get("keyspace"));
-        auto column_families = parse_tables(keyspace, ctx, *rp.get("cf"));
-        auto scrub_mode_opt = rp.get("scrub_mode");
-        auto scrub_mode = sstables::compaction_type_options::scrub::mode::abort;
-
-        if (!scrub_mode_opt) {
-            const auto skip_corrupted = rp.get_as<bool>("skip_corrupted").value_or(false);
-
-            if (skip_corrupted) {
-                scrub_mode = sstables::compaction_type_options::scrub::mode::skip;
-            }
-        } else {
-            auto scrub_mode_str = *scrub_mode_opt;
-            if (scrub_mode_str == "ABORT") {
-                scrub_mode = sstables::compaction_type_options::scrub::mode::abort;
-            } else if (scrub_mode_str == "SKIP") {
-                scrub_mode = sstables::compaction_type_options::scrub::mode::skip;
-            } else if (scrub_mode_str == "SEGREGATE") {
-                scrub_mode = sstables::compaction_type_options::scrub::mode::segregate;
-            } else if (scrub_mode_str == "VALIDATE") {
-                scrub_mode = sstables::compaction_type_options::scrub::mode::validate;
-            } else {
-                throw httpd::bad_param_exception(fmt::format("Unknown argument for 'scrub_mode' parameter: {}", scrub_mode_str));
-            }
-        }
-
-        if (!req_param<bool>(*req, "disable_snapshot", false)) {
-            auto tag = format("pre-scrub-{:d}", db_clock::now().time_since_epoch().count());
-            co_await coroutine::parallel_for_each(column_families, [&snap_ctl, keyspace, tag](sstring cf) {
-                // We always pass here db::snapshot_ctl::snap_views::no since:
-                // 1. When scrubbing particular tables, there's no need to auto-snapshot their views.
-                // 2. When scrubbing the whole keyspace, column_families will contain both base tables and views.
-                return snap_ctl.local().take_column_family_snapshot(keyspace, cf, tag, db::snapshot_ctl::snap_views::no, db::snapshot_ctl::skip_flush::no);
-            });
-        }
-
-        sstables::compaction_type_options::scrub opts = {
-            .operation_mode = scrub_mode,
-        };
-        const sstring quarantine_mode_str = req_param<sstring>(*req, "quarantine_mode", "INCLUDE");
-        if (quarantine_mode_str == "INCLUDE") {
-            opts.quarantine_operation_mode = sstables::compaction_type_options::scrub::quarantine_mode::include;
-        } else if (quarantine_mode_str == "EXCLUDE") {
-            opts.quarantine_operation_mode = sstables::compaction_type_options::scrub::quarantine_mode::exclude;
-        } else if (quarantine_mode_str == "ONLY") {
-            opts.quarantine_operation_mode = sstables::compaction_type_options::scrub::quarantine_mode::only;
-        } else {
-            throw httpd::bad_param_exception(fmt::format("Unknown argument for 'quarantine_mode' parameter: {}", quarantine_mode_str));
-        }
+        auto info = co_await parse_scrub_options(ctx, snap_ctl, std::move(req));
 
         sstables::compaction_stats stats;
         auto& compaction_module = db.local().get_compaction_manager().get_task_manager_module();
-        auto task = co_await compaction_module.make_and_start_task<scrub_sstables_compaction_task_impl>({}, std::move(keyspace), db, column_families, opts, stats);
+        auto task = co_await compaction_module.make_and_start_task<scrub_sstables_compaction_task_impl>({}, info.keyspace, db, info.column_families, info.opts, &stats);
         try {
             co_await task->done();
             if (stats.validation_errors) {
@@ -1624,7 +1830,7 @@ void set_snapshot(http_context& ctx, routes& r, sharded<db::snapshot_ctl>& snap_
         } catch (const sstables::compaction_aborted_exception&) {
             co_return json::json_return_type(static_cast<int>(scrub_status::aborted));
         } catch (...) {
-            apilog.error("scrub keyspace={} tables={} failed: {}", keyspace, column_families, std::current_exception());
+            apilog.error("scrub keyspace={} tables={} failed: {}", info.keyspace, info.column_families, std::current_exception());
             throw;
         }
 

api/storage_service.hh

@@ -8,10 +8,9 @@
 
 #pragma once
 
-#include <iostream>
-
 #include <seastar/core/sharded.hh>
-#include "api.hh"
+#include <seastar/json/json_elements.hh>
+#include "api/api_init.hh"
 #include "db/data_listeners.hh"
 
 namespace cql_transport { class controller; }
@@ -37,25 +36,35 @@ namespace api {
 
 // verify that the keyspace is found, otherwise a bad_param_exception exception is thrown
 // containing the description of the respective keyspace error.
-sstring validate_keyspace(http_context& ctx, sstring ks_name);
+sstring validate_keyspace(const http_context& ctx, sstring ks_name);
 
 // verify that the keyspace parameter is found, otherwise a bad_param_exception exception is thrown
 // containing the description of the respective keyspace error.
-sstring validate_keyspace(http_context& ctx, const httpd::parameters& param);
+sstring validate_keyspace(const http_context& ctx, const httpd::parameters& param);
 
 // splits a request parameter assumed to hold a comma-separated list of table names
 // verify that the tables are found, otherwise a bad_param_exception exception is thrown
 // containing the description of the respective no_such_column_family error.
 // Returns an empty vector if no parameter was found.
 // If the parameter is found and empty, returns a list of all table names in the keyspace.
-std::vector<sstring> parse_tables(const sstring& ks_name, http_context& ctx, const std::unordered_map<sstring, sstring>& query_params, sstring param_name);
+std::vector<sstring> parse_tables(const sstring& ks_name, const http_context& ctx, const std::unordered_map<sstring, sstring>& query_params, sstring param_name);
 
 // splits a request parameter assumed to hold a comma-separated list of table names
 // verify that the tables are found, otherwise a bad_param_exception exception is thrown
 // containing the description of the respective no_such_column_family error.
 // Returns a vector of all table infos given by the parameter, or
 // if the parameter is not found or is empty, returns a list of all table infos in the keyspace.
-std::vector<table_info> parse_table_infos(const sstring& ks_name, http_context& ctx, const std::unordered_map<sstring, sstring>& query_params, sstring param_name);
+std::vector<table_info> parse_table_infos(const sstring& ks_name, const http_context& ctx, const std::unordered_map<sstring, sstring>& query_params, sstring param_name);
+
+std::vector<table_info> parse_table_infos(const sstring& ks_name, const http_context& ctx, sstring value);
+
+struct scrub_info {
+    sstables::compaction_type_options::scrub opts;
+    sstring keyspace;
+    std::vector<sstring> column_families;
+};
+
+future<scrub_info> parse_scrub_options(const http_context& ctx, sharded<db::snapshot_ctl>& snap_ctl, std::unique_ptr<http::request> req);
 
 void set_storage_service(http_context& ctx, httpd::routes& r, sharded<service::storage_service>& ss, service::raft_group0_client&);
 void unset_storage_service(http_context& ctx, httpd::routes& r);

api/stream_manager.cc

@@ -9,8 +9,10 @@
 #include "stream_manager.hh"
 #include "streaming/stream_manager.hh"
 #include "streaming/stream_result_future.hh"
+#include "api/api.hh"
 #include "api/api-doc/stream_manager.json.hh"
 #include <vector>
+#include <rapidjson/document.h>
 #include "gms/gossiper.hh"
 
 namespace api {

api/stream_manager.hh

@@ -8,7 +8,7 @@
 
 #pragma once
 
-#include "api.hh"
+#include "api/api_init.hh"
 
 namespace api {
 

api/system.cc

@@ -6,21 +6,20 @@
  * SPDX-License-Identifier: AGPL-3.0-or-later
  */
 
+#include "api/api_init.hh"
 #include "api/api-doc/system.json.hh"
 #include "api/api-doc/metrics.json.hh"
+#include "replica/database.hh"
 
-#include "api/api.hh"
-
+#include <rapidjson/document.h>
 #include <seastar/core/reactor.hh>
 #include <seastar/core/metrics_api.hh>
 #include <seastar/core/relabel_config.hh>
 #include <seastar/http/exception.hh>
 #include <seastar/util/short_streams.hh>
 #include <seastar/http/short_streams.hh>
-#include "utils/rjson.hh"
 
 #include "log.hh"
-#include "replica/database.hh"
 
 extern logging::logger apilog;
 
@@ -30,6 +29,10 @@ using namespace seastar::httpd;
 namespace hs = httpd::system_json;
 namespace hm = httpd::metrics_json;
 
+extern "C" void __attribute__((weak)) __llvm_profile_dump();
+extern "C" const char * __attribute__((weak)) __llvm_profile_get_filename();
+extern "C" void __attribute__((weak)) __llvm_profile_reset_counters();
+
 void set_system(http_context& ctx, routes& r) {
     hm::get_metrics_config.set(r, [](const_req req) {
         std::vector<hm::metrics_config> res;
@@ -158,6 +161,27 @@ void set_system(http_context& ctx, routes& r) {
             return json::json_return_type(json::json_void());
         });
     });
+
+    hs::dump_profile.set(r, [](std::unique_ptr<request> req) {
+        if (!__llvm_profile_dump) {
+            apilog.info("Profile will not be dumped, executable is not instrumented with profile dumping.");
+            return make_ready_future<json::json_return_type>(json::json_return_type(json::json_void()));
+        }
+        sstring profile_dest(__llvm_profile_get_filename ? __llvm_profile_get_filename() : "disk");
+        apilog.info("Dumping profile to {}", profile_dest);
+        __llvm_profile_dump();
+        if (__llvm_profile_reset_counters) {
+            // If counters are not reset the profile dumping mechanism will issue a warning and exit
+            // next time it is attempted. If the counters are reset, profiles can be accumulated
+            // (if %m is present in LLVM_PROFILE_FILE pattern) so it can be dumped in stages or
+            // multiple times during runtime.
+            __llvm_profile_reset_counters();
+        } else {
+            apilog.warn("Could not reset profile counters, profile dumping will be skipped next time it is attempted");
+        }
+        apilog.info("Profile dumped to {}", profile_dest);
+        return make_ready_future<json::json_return_type>(json::json_return_type(json::json_void()));
+    }) ;
 }
 
 }

api/task_manager.cc

@@ -7,13 +7,12 @@
  */
 
 #include <seastar/core/coroutine.hh>
+#include <seastar/http/exception.hh>
 
 #include "task_manager.hh"
+#include "api/api.hh"
 #include "api/api-doc/task_manager.json.hh"
 #include "db/system_keyspace.hh"
-#include "column_family.hh"
-#include "unimplemented.hh"
-#include "storage_service.hh"
 
 #include <utility>
 #include <boost/range/adaptors.hpp>
@@ -232,8 +231,8 @@ void set_task_manager(http_context& ctx, routes& r, sharded<tasks::task_manager>
         while (!q.empty()) {
             auto& current = q.front();
             res.push_back(co_await retrieve_status(current));
-            for (size_t i = 0; i < current->get_children().size(); ++i) {
-                q.push(co_await current->get_children()[i].copy());
+            for (auto& child: current->get_children()) {
+                q.push(co_await child.copy());
             }
             q.pop();
         }

api/task_manager.hh

@@ -9,7 +9,7 @@
 #pragma once
 
 #include <seastar/core/sharded.hh>
-#include "api.hh"
+#include "api/api_init.hh"
 #include "db/config.hh"
 
 namespace tasks {

api/tasks.cc

@@ -0,0 +1,118 @@
+/*
+ * Copyright (C) 2022-present ScyllaDB
+ */
+
+/*
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+#include <seastar/core/coroutine.hh>
+
+#include "api/api.hh"
+#include "api/storage_service.hh"
+#include "api/api-doc/tasks.json.hh"
+#include "compaction/compaction_manager.hh"
+#include "compaction/task_manager_module.hh"
+#include "service/storage_service.hh"
+#include "tasks/task_manager.hh"
+
+using namespace seastar::httpd;
+
+extern logging::logger apilog;
+
+namespace api {
+
+namespace t = httpd::tasks_json;
+using namespace json;
+
+using ks_cf_func = std::function<future<json::json_return_type>(http_context&, std::unique_ptr<http::request>, sstring, std::vector<table_info>)>;
+
+static auto wrap_ks_cf(http_context &ctx, ks_cf_func f) {
+    return [&ctx, f = std::move(f)](std::unique_ptr<http::request> req) {
+        auto keyspace = validate_keyspace(ctx, req->param);
+        auto table_infos = parse_table_infos(keyspace, ctx, req->query_parameters, "cf");
+        return f(ctx, std::move(req), std::move(keyspace), std::move(table_infos));
+    };
+}
+
+void set_tasks_compaction_module(http_context& ctx, routes& r, sharded<service::storage_service>& ss, sharded<db::snapshot_ctl>& snap_ctl) {
+    t::force_keyspace_compaction_async.set(r, [&ctx](std::unique_ptr<http::request> req) -> future<json::json_return_type> {
+        auto& db = ctx.db;
+        auto params = req_params({
+            std::pair("keyspace", mandatory::yes),
+            std::pair("cf", mandatory::no),
+            std::pair("flush_memtables", mandatory::no),
+        });
+        params.process(*req);
+        auto keyspace = validate_keyspace(ctx, *params.get("keyspace"));
+        auto table_infos = parse_table_infos(keyspace, ctx, params.get("cf").value_or(""));
+        auto flush = params.get_as<bool>("flush_memtables").value_or(true);
+        apilog.debug("force_keyspace_compaction_async: keyspace={} tables={}, flush={}", keyspace, table_infos, flush);
+
+        auto& compaction_module = db.local().get_compaction_manager().get_task_manager_module();
+        std::optional<flush_mode> fmopt;
+        if (!flush) {
+            fmopt = flush_mode::skip;
+        }
+        auto task = co_await compaction_module.make_and_start_task<major_keyspace_compaction_task_impl>({}, std::move(keyspace), tasks::task_id::create_null_id(), db, table_infos, fmopt);
+
+        co_return json::json_return_type(task->get_status().id.to_sstring());
+    });
+
+    t::force_keyspace_cleanup_async.set(r, [&ctx, &ss](std::unique_ptr<http::request> req) -> future<json::json_return_type> {
+        auto& db = ctx.db;
+        auto keyspace = validate_keyspace(ctx, req->param);
+        auto table_infos = parse_table_infos(keyspace, ctx, req->query_parameters, "cf");
+        apilog.info("force_keyspace_cleanup_async: keyspace={} tables={}", keyspace, table_infos);
+        if (!co_await ss.local().is_cleanup_allowed(keyspace)) {
+            auto msg = "Can not perform cleanup operation when topology changes";
+            apilog.warn("force_keyspace_cleanup_async: keyspace={} tables={}: {}", keyspace, table_infos, msg);
+            co_await coroutine::return_exception(std::runtime_error(msg));
+        }
+
+        auto& compaction_module = db.local().get_compaction_manager().get_task_manager_module();
+        auto task = co_await compaction_module.make_and_start_task<cleanup_keyspace_compaction_task_impl>({}, std::move(keyspace), db, table_infos, flush_mode::all_tables);
+
+        co_return json::json_return_type(task->get_status().id.to_sstring());
+    });
+
+    t::perform_keyspace_offstrategy_compaction_async.set(r, wrap_ks_cf(ctx, [] (http_context& ctx, std::unique_ptr<http::request> req, sstring keyspace, std::vector<table_info> table_infos) -> future<json::json_return_type> {
+        apilog.info("perform_keyspace_offstrategy_compaction: keyspace={} tables={}", keyspace, table_infos);
+        auto& compaction_module = ctx.db.local().get_compaction_manager().get_task_manager_module();
+        auto task = co_await compaction_module.make_and_start_task<offstrategy_keyspace_compaction_task_impl>({}, std::move(keyspace), ctx.db, table_infos, nullptr);
+
+        co_return json::json_return_type(task->get_status().id.to_sstring());
+    }));
+
+    t::upgrade_sstables_async.set(r, wrap_ks_cf(ctx, [] (http_context& ctx, std::unique_ptr<http::request> req, sstring keyspace, std::vector<table_info> table_infos) -> future<json::json_return_type> {
+        auto& db = ctx.db;
+        bool exclude_current_version = req_param<bool>(*req, "exclude_current_version", false);
+
+        apilog.info("upgrade_sstables: keyspace={} tables={} exclude_current_version={}", keyspace, table_infos, exclude_current_version);
+
+        auto& compaction_module = db.local().get_compaction_manager().get_task_manager_module();
+        auto task = co_await compaction_module.make_and_start_task<upgrade_sstables_compaction_task_impl>({}, std::move(keyspace), db, table_infos, exclude_current_version);
+
+        co_return json::json_return_type(task->get_status().id.to_sstring());
+    }));
+
+    t::scrub_async.set(r, [&ctx, &snap_ctl] (std::unique_ptr<http::request> req) -> future<json::json_return_type> {
+        auto& db = ctx.db;
+        auto info = co_await parse_scrub_options(ctx, snap_ctl, std::move(req));
+
+        auto& compaction_module = db.local().get_compaction_manager().get_task_manager_module();
+        auto task = co_await compaction_module.make_and_start_task<scrub_sstables_compaction_task_impl>({}, std::move(info.keyspace), db, std::move(info.column_families), info.opts, nullptr);
+
+        co_return json::json_return_type(task->get_status().id.to_sstring());
+    });
+}
+
+void unset_tasks_compaction_module(http_context& ctx, httpd::routes& r) {
+    t::force_keyspace_compaction_async.unset(r);
+    t::force_keyspace_cleanup_async.unset(r);
+    t::perform_keyspace_offstrategy_compaction_async.unset(r);
+    t::upgrade_sstables_async.unset(r);
+    t::scrub_async.unset(r);
+}
+
+}

api/tasks.hh

@@ -0,0 +1,19 @@
+/*
+ * Copyright (C) 2023-present ScyllaDB
+ */
+
+/*
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+#pragma once
+
+#include "api.hh"
+#include "db/config.hh"
+
+namespace api {
+
+void set_tasks_compaction_module(http_context& ctx, httpd::routes& r, sharded<service::storage_service>& ss, sharded<db::snapshot_ctl>& snap_ctl);
+void unset_tasks_compaction_module(http_context& ctx, httpd::routes& r);
+
+}

api/token_metadata.cc

@@ -0,0 +1,114 @@
+/*
+ * Copyright (C) 2023-present ScyllaDB
+ */
+
+/*
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+#include "api/api.hh"
+#include "api/api-doc/storage_service.json.hh"
+#include "api/api-doc/endpoint_snitch_info.json.hh"
+#include "locator/token_metadata.hh"
+
+using namespace seastar::httpd;
+
+namespace api {
+
+namespace ss = httpd::storage_service_json;
+using namespace json;
+
+void set_token_metadata(http_context& ctx, routes& r, sharded<locator::shared_token_metadata>& tm) {
+    ss::local_hostid.set(r, [&tm](std::unique_ptr<http::request> req) {
+        auto id = tm.local().get()->get_my_id();
+        return make_ready_future<json::json_return_type>(id.to_sstring());
+    });
+
+    ss::get_tokens.set(r, [&tm] (std::unique_ptr<http::request> req) {
+        return make_ready_future<json::json_return_type>(stream_range_as_array(tm.local().get()->sorted_tokens(), [](const dht::token& i) {
+           return fmt::to_string(i);
+        }));
+    });
+
+    ss::get_node_tokens.set(r, [&tm] (std::unique_ptr<http::request> req) {
+        gms::inet_address addr(req->param["endpoint"]);
+        auto& local_tm = *tm.local().get();
+        const auto host_id = local_tm.get_host_id_if_known(addr);
+        return make_ready_future<json::json_return_type>(stream_range_as_array(host_id ? local_tm.get_tokens(*host_id): std::vector<dht::token>{}, [](const dht::token& i) {
+            return fmt::to_string(i);
+        }));
+    });
+
+    ss::get_leaving_nodes.set(r, [&tm](const_req req) {
+        const auto& local_tm = *tm.local().get();
+        const auto& leaving_host_ids = local_tm.get_leaving_endpoints();
+        std::unordered_set<gms::inet_address> eps;
+        eps.reserve(leaving_host_ids.size());
+        for (const auto host_id: leaving_host_ids) {
+            eps.insert(local_tm.get_endpoint_for_host_id(host_id));
+        }
+        return container_to_vec(eps);
+    });
+
+    ss::get_moving_nodes.set(r, [](const_req req) {
+        std::unordered_set<sstring> addr;
+        return container_to_vec(addr);
+    });
+
+    ss::get_joining_nodes.set(r, [&tm](const_req req) {
+        const auto& local_tm = *tm.local().get();
+        const auto& points = local_tm.get_bootstrap_tokens();
+        std::unordered_set<gms::inet_address> eps;
+        eps.reserve(points.size());
+        for (const auto& [token, host_id]: points) {
+            eps.insert(local_tm.get_endpoint_for_host_id(host_id));
+        }
+        return container_to_vec(eps);
+    });
+
+    ss::get_host_id_map.set(r, [&tm](const_req req) {
+        std::vector<ss::mapper> res;
+        return map_to_key_value(tm.local().get()->get_endpoint_to_host_id_map_for_reading(), res);
+    });
+
+    static auto host_or_broadcast = [&tm](const_req req) {
+        auto host = req.get_query_param("host");
+        return host.empty() ? tm.local().get()->get_topology().my_address() : gms::inet_address(host);
+    };
+
+    httpd::endpoint_snitch_info_json::get_datacenter.set(r, [&tm](const_req req) {
+        auto& topology = tm.local().get()->get_topology();
+        auto ep = host_or_broadcast(req);
+        if (!topology.has_endpoint(ep)) {
+            // Cannot return error here, nodetool status can race, request
+            // info about just-left node and not handle it nicely
+            return locator::endpoint_dc_rack::default_location.dc;
+        }
+        return topology.get_datacenter(ep);
+    });
+
+    httpd::endpoint_snitch_info_json::get_rack.set(r, [&tm](const_req req) {
+        auto& topology = tm.local().get()->get_topology();
+        auto ep = host_or_broadcast(req);
+        if (!topology.has_endpoint(ep)) {
+            // Cannot return error here, nodetool status can race, request
+            // info about just-left node and not handle it nicely
+            return locator::endpoint_dc_rack::default_location.rack;
+        }
+        return topology.get_rack(ep);
+    });
+}
+
+void unset_token_metadata(http_context& ctx, routes& r) {
+    ss::local_hostid.unset(r);
+    ss::get_tokens.unset(r);
+    ss::get_node_tokens.unset(r);
+    ss::get_leaving_nodes.unset(r);
+    ss::get_moving_nodes.unset(r);
+    ss::get_joining_nodes.unset(r);
+    ss::get_host_id_map.unset(r);
+    httpd::endpoint_snitch_info_json::get_datacenter.unset(r);
+    httpd::endpoint_snitch_info_json::get_rack.unset(r);
+}
+
+}

api/token_metadata.hh

@@ -0,0 +1,21 @@
+/*
+ * Copyright (C) 2023-present ScyllaDB
+ */
+
+/*
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+#pragma once
+
+#include <seastar/core/sharded.hh>
+#include "api/api_init.hh"
+
+namespace locator { class shared_token_metadata; }
+
+namespace api {
+
+void set_token_metadata(http_context& ctx, httpd::routes& r, sharded<locator::shared_token_metadata>& tm);
+void unset_token_metadata(http_context& ctx, httpd::routes& r);
+
+}

auth/CMakeLists.txt

@@ -20,7 +20,8 @@ target_sources(scylla_auth
     sasl_challenge.cc
     service.cc
     standard_role_manager.cc
-    transitional.cc)
+    transitional.cc
+    maintenance_socket_role_manager.cc)
 target_include_directories(scylla_auth
   PUBLIC
     ${CMAKE_SOURCE_DIR})
@@ -35,3 +36,6 @@ target_link_libraries(scylla_auth
     libxcrypt::libxcrypt)
 
 add_whole_archive(auth scylla_auth)
+
+check_headers(check-headers scylla_auth
+  GLOB_RECURSE ${CMAKE_CURRENT_SOURCE_DIR}/*.hh)

auth/allow_all_authenticator.cc

@@ -20,6 +20,7 @@ static const class_registrator<
         authenticator,
         allow_all_authenticator,
         cql3::query_processor&,
+        ::service::raft_group0_client&,
         ::service::migration_manager&> registration("org.apache.cassandra.auth.AllowAllAuthenticator");
 
 }

auth/allow_all_authenticator.hh

@@ -28,7 +28,7 @@ extern const std::string_view allow_all_authenticator_name;
 
 class allow_all_authenticator final : public authenticator {
 public:
-    allow_all_authenticator(cql3::query_processor&, ::service::migration_manager&) {
+    allow_all_authenticator(cql3::query_processor&, ::service::raft_group0_client&, ::service::migration_manager&) {
     }
 
     virtual future<> start() override {
@@ -59,15 +59,15 @@ public:
         return make_ready_future<authenticated_user>(anonymous_user());
     }
 
-    virtual future<> create(std::string_view, const authentication_options& options) const override {
+    virtual future<> create(std::string_view, const authentication_options& options) override {
         return make_ready_future();
     }
 
-    virtual future<> alter(std::string_view, const authentication_options& options) const override {
+    virtual future<> alter(std::string_view, const authentication_options& options) override {
         return make_ready_future();
     }
 
-    virtual future<> drop(std::string_view) const override {
+    virtual future<> drop(std::string_view) override {
         return make_ready_future();
     }
 

auth/allow_all_authorizer.cc

@@ -20,6 +20,7 @@ static const class_registrator<
     authorizer,
     allow_all_authorizer,
     cql3::query_processor&,
+    ::service::raft_group0_client&,
     ::service::migration_manager&> registration("org.apache.cassandra.auth.AllowAllAuthorizer");
 
 }

auth/allow_all_authorizer.hh

@@ -9,7 +9,6 @@
 #pragma once
 
 #include "auth/authorizer.hh"
-#include "exceptions/exceptions.hh"
 
 namespace cql3 {
 class query_processor;
@@ -17,6 +16,7 @@ class query_processor;
 
 namespace service {
 class migration_manager;
+class raft_group0_client;
 }
 
 namespace auth {
@@ -25,7 +25,7 @@ extern const std::string_view allow_all_authorizer_name;
 
 class allow_all_authorizer final  : public authorizer {
 public:
-    allow_all_authorizer(cql3::query_processor&, ::service::migration_manager&) {
+    allow_all_authorizer(cql3::query_processor&, ::service::raft_group0_client&, ::service::migration_manager&) {
     }
 
     virtual future<> start() override {
@@ -44,12 +44,12 @@ public:
         return make_ready_future<permission_set>(permissions::ALL);
     }
 
-    virtual future<> grant(std::string_view, permission_set, const resource&) const override {
+    virtual future<> grant(std::string_view, permission_set, const resource&) override {
         return make_exception_future<>(
                 unsupported_authorization_operation("GRANT operation is not supported by AllowAllAuthorizer"));
     }
 
-    virtual future<> revoke(std::string_view, permission_set, const resource&) const override {
+    virtual future<> revoke(std::string_view, permission_set, const resource&) override {
         return make_exception_future<>(
                 unsupported_authorization_operation("REVOKE operation is not supported by AllowAllAuthorizer"));
     }
@@ -60,12 +60,12 @@ public:
                         "LIST PERMISSIONS operation is not supported by AllowAllAuthorizer"));
     }
 
-    virtual future<> revoke_all(std::string_view) const override {
+    virtual future<> revoke_all(std::string_view) override {
         return make_exception_future(
                 unsupported_authorization_operation("REVOKE operation is not supported by AllowAllAuthorizer"));
     }
 
-    virtual future<> revoke_all(const resource&) const override {
+    virtual future<> revoke_all(const resource&) override {
         return make_exception_future(
                 unsupported_authorization_operation("REVOKE operation is not supported by AllowAllAuthorizer"));
     }

auth/authentication_options.hh

@@ -8,7 +8,6 @@
 
 #pragma once
 
-#include <iosfwd>
 #include <optional>
 #include <stdexcept>
 #include <unordered_map>

auth/authenticator.cc

@@ -11,10 +11,6 @@
 #include "auth/authenticator.hh"
 
 #include "auth/authenticated_user.hh"
-#include "auth/common.hh"
-#include "auth/password_authenticator.hh"
-#include "cql3/query_processor.hh"
-#include "utils/class_registrator.hh"
 
 const sstring auth::authenticator::USERNAME_KEY("username");
 const sstring auth::authenticator::PASSWORD_KEY("password");

auth/authenticator.hh

@@ -12,8 +12,6 @@
 
 #include <string_view>
 #include <memory>
-#include <set>
-#include <stdexcept>
 #include <unordered_map>
 #include <optional>
 #include <functional>
@@ -26,9 +24,6 @@
 #include "auth/authentication_options.hh"
 #include "auth/resource.hh"
 #include "auth/sasl_challenge.hh"
-#include "bytes.hh"
-#include "enum_set.hh"
-#include "exceptions/exceptions.hh"
 
 namespace db {
     class config;
@@ -111,7 +106,7 @@ public:
     ///
     /// The options provided must be a subset of `supported_options()`.
     ///
-    virtual future<> create(std::string_view role_name, const authentication_options& options) const = 0;
+    virtual future<> create(std::string_view role_name, const authentication_options& options) = 0;
 
     ///
     /// Alter the authentication record of an existing user.
@@ -120,12 +115,12 @@ public:
     ///
     /// Callers must ensure that the specification of `alterable_options()` is adhered to.
     ///
-    virtual future<> alter(std::string_view role_name, const authentication_options& options) const = 0;
+    virtual future<> alter(std::string_view role_name, const authentication_options& options) = 0;
 
     ///
     /// Delete the authentication record for a user. This will disallow the user from logging in.
     ///
-    virtual future<> drop(std::string_view role_name) const = 0;
+    virtual future<> drop(std::string_view role_name) = 0;
 
     ///
     /// Query for custom options (those corresponding to \ref authentication_options::options).

auth/authorizer.hh

@@ -11,8 +11,6 @@
 #pragma once
 
 #include <string_view>
-#include <functional>
-#include <optional>
 #include <stdexcept>
 #include <tuple>
 #include <vector>
@@ -83,14 +81,14 @@ public:
     ///
     /// \throws \ref unsupported_authorization_operation if granting permissions is not supported.
     ///
-    virtual future<> grant(std::string_view role_name, permission_set, const resource&) const = 0;
+    virtual future<> grant(std::string_view role_name, permission_set, const resource&) = 0;
 
     ///
     /// Revoke a set of permissions from a role for a particular \ref resource.
     ///
     /// \throws \ref unsupported_authorization_operation if revoking permissions is not supported.
     ///
-    virtual future<> revoke(std::string_view role_name, permission_set, const resource&) const = 0;
+    virtual future<> revoke(std::string_view role_name, permission_set, const resource&) = 0;
 
     ///
     /// Query for all directly granted permissions.
@@ -104,14 +102,14 @@ public:
     ///
     /// \throws \ref unsupported_authorization_operation if revoking permissions is not supported.
     ///
-    virtual future<> revoke_all(std::string_view role_name) const = 0;
+    virtual future<> revoke_all(std::string_view role_name) = 0;
 
     ///
     /// Revoke all permissions granted to any role for a particular resource.
     ///
     /// \throws \ref unsupported_authorization_operation if revoking permissions is not supported.
     ///
-    virtual future<> revoke_all(const resource&) const = 0;
+    virtual future<> revoke_all(const resource&) = 0;
 
     ///
     /// System resources used internally as part of the implementation. These are made inaccessible to users.

auth/certificate_authenticator.cc

@@ -30,13 +30,14 @@ static const std::string cfg_source_altname = "ALTNAME";
 static const class_registrator<auth::authenticator
     , auth::certificate_authenticator
     , cql3::query_processor&
+    , ::service::raft_group0_client&
     , ::service::migration_manager&> cert_auth_reg(CERT_AUTH_NAME);
 
 enum class auth::certificate_authenticator::query_source {
     subject, altname
 };
 
-auth::certificate_authenticator::certificate_authenticator(cql3::query_processor& qp, ::service::migration_manager&)
+auth::certificate_authenticator::certificate_authenticator(cql3::query_processor& qp, ::service::raft_group0_client&, ::service::migration_manager&)
     : _queries([&] {
         auto& conf = qp.db().get_config();
         auto queries = conf.auth_certificate_role_queries();
@@ -154,16 +155,16 @@ future<auth::authenticated_user> auth::certificate_authenticator::authenticate(c
     throw exceptions::authentication_exception("Cannot authenticate using attribute map");
 }
 
-future<> auth::certificate_authenticator::create(std::string_view role_name, const authentication_options& options) const {
+future<> auth::certificate_authenticator::create(std::string_view role_name, const authentication_options& options) {
     // TODO: should we keep track of roles/enforce existence? Role manager should deal with this...
     co_return;
 }
 
-future<> auth::certificate_authenticator::alter(std::string_view role_name, const authentication_options& options) const {
+future<> auth::certificate_authenticator::alter(std::string_view role_name, const authentication_options& options) {
     co_return;
 }
 
-future<> auth::certificate_authenticator::drop(std::string_view role_name) const {
+future<> auth::certificate_authenticator::drop(std::string_view role_name) {
     co_return;
 }
 

auth/certificate_authenticator.hh

@@ -20,6 +20,7 @@ class query_processor;
 
 namespace service {
 class migration_manager;
+class raft_group0_client;
 }
 
 namespace auth {
@@ -30,7 +31,7 @@ class certificate_authenticator : public authenticator {
     enum class query_source;
     std::vector<std::pair<query_source, boost::regex>> _queries;
 public:
-    certificate_authenticator(cql3::query_processor&, ::service::migration_manager&);
+    certificate_authenticator(cql3::query_processor&, ::service::raft_group0_client&, ::service::migration_manager&);
     ~certificate_authenticator();
 
     future<> start() override;
@@ -46,9 +47,9 @@ public:
     future<authenticated_user> authenticate(const credentials_map& credentials) const override;
     future<std::optional<authenticated_user>> authenticate(session_dn_func) const override;
 
-    future<> create(std::string_view role_name, const authentication_options& options) const override;
-    future<> alter(std::string_view role_name, const authentication_options& options) const override;
-    future<> drop(std::string_view role_name) const override;
+    future<> create(std::string_view role_name, const authentication_options& options) override;
+    future<> alter(std::string_view role_name, const authentication_options& options) override;
+    future<> drop(std::string_view role_name) override;
 
     future<custom_options> query_custom_options(std::string_view role_name) const override;
 

auth/common.cc

@@ -6,30 +6,51 @@
  * SPDX-License-Identifier: AGPL-3.0-or-later
  */
 
-#include <seastar/core/coroutine.hh>
 #include "auth/common.hh"
 
+#include <optional>
+#include <seastar/core/coroutine.hh>
 #include <seastar/core/shared_ptr.hh>
+#include <seastar/core/sharded.hh>
 
+#include "mutation/canonical_mutation.hh"
+#include "schema/schema_fwd.hh"
+#include "timestamp.hh"
+#include "utils/exponential_backoff_retry.hh"
 #include "cql3/query_processor.hh"
 #include "cql3/statements/create_table_statement.hh"
-#include "replica/database.hh"
 #include "schema/schema_builder.hh"
 #include "service/migration_manager.hh"
+#include "service/raft/group0_state_machine.hh"
 #include "timeout_config.hh"
+#include "db/config.hh"
+#include "db/system_auth_keyspace.hh"
+#include "utils/error_injection.hh"
 
 namespace auth {
 
 namespace meta {
 
-constinit const std::string_view AUTH_KS("system_auth");
-constinit const std::string_view USERS_CF("users");
+namespace legacy {
+    constinit const std::string_view AUTH_KS("system_auth");
+    constinit const std::string_view USERS_CF("users");
+} // namespace legacy
 constinit const std::string_view AUTH_PACKAGE_NAME("org.apache.cassandra.auth.");
-
-}
+} // namespace meta
 
 static logging::logger auth_log("auth");
 
+bool legacy_mode(cql3::query_processor& qp) {
+    return qp.auth_version < db::system_auth_keyspace::version_t::v2;
+}
+
+std::string_view get_auth_ks_name(cql3::query_processor& qp) {
+    if (legacy_mode(qp)) {
+        return meta::legacy::AUTH_KS;
+    }
+    return db::system_auth_keyspace::NAME;
+}
+
 // Func must support being invoked more than once.
 future<> do_after_system_ready(seastar::abort_source& as, seastar::noncopyable_function<future<>()> func) {
     struct empty_state { };
@@ -55,7 +76,7 @@ static future<> create_metadata_table_if_missing_impl(
     auto parsed_statement = cql3::query_processor::parse_statement(cql);
     auto& parsed_cf_statement = static_cast<cql3::statements::raw::cf_statement&>(*parsed_statement);
 
-    parsed_cf_statement.prepare_keyspace(meta::AUTH_KS);
+    parsed_cf_statement.prepare_keyspace(meta::legacy::AUTH_KS);
 
     auto statement = static_pointer_cast<cql3::statements::create_table_statement>(
             parsed_cf_statement.prepare(db, qp.get_cql_stats())->statement);
@@ -98,4 +119,88 @@ future<> create_metadata_table_if_missing(
     return qs;
 }
 
+static future<> announce_mutations_with_guard(
+        ::service::raft_group0_client& group0_client,
+        std::vector<canonical_mutation> muts,
+        ::service::group0_guard group0_guard,
+        seastar::abort_source* as,
+        std::optional<::service::raft_timeout> timeout) {
+    auto group0_cmd = group0_client.prepare_command(
+        ::service::write_mutations{
+            .mutations{std::move(muts)},
+        },
+        group0_guard,
+        "auth: modify internal data"
+    );
+    return group0_client.add_entry(std::move(group0_cmd), std::move(group0_guard), as, timeout);
+}
+
+future<> announce_mutations_with_batching(
+        ::service::raft_group0_client& group0_client,
+        start_operation_func_t start_operation_func,
+        std::function<mutations_generator(api::timestamp_type& t)> gen,
+        seastar::abort_source* as,
+        std::optional<::service::raft_timeout> timeout) {
+    // account for command's overhead, it's better to use smaller threshold than constantly bounce off the limit
+    size_t memory_threshold = group0_client.max_command_size() * 0.75;
+    utils::get_local_injector().inject("auth_announce_mutations_command_max_size",
+        [&memory_threshold] {
+        memory_threshold = 1000;
+    });
+
+    size_t memory_usage = 0;
+    std::vector<canonical_mutation> muts;
+
+    // guard has to be taken before we execute code in gen as
+    // it can do read-before-write and we want announce_mutations
+    // operation to be linearizable with other such calls,
+    // for instance if we do select and then delete in gen
+    // we want both to operate on the same data or fail
+    // if someone else modified it in the middle
+    std::optional<::service::group0_guard> group0_guard;
+    group0_guard = co_await start_operation_func(as);
+    auto timestamp = group0_guard->write_timestamp();
+
+    auto g = gen(timestamp);
+    while (auto mut = co_await g()) {
+        muts.push_back(canonical_mutation{*mut});
+        memory_usage += muts.back().representation().size();
+        if (memory_usage >= memory_threshold) {
+            if (!group0_guard) {
+                group0_guard = co_await start_operation_func(as);
+                timestamp = group0_guard->write_timestamp();
+            }
+            co_await announce_mutations_with_guard(group0_client, std::move(muts), std::move(*group0_guard), as, timeout);
+            group0_guard = std::nullopt;
+            memory_usage = 0;
+            muts = {};
+        }
+    }
+    if (!muts.empty()) {
+        if (!group0_guard) {
+            group0_guard = co_await start_operation_func(as);
+            timestamp = group0_guard->write_timestamp();
+        }
+        co_await announce_mutations_with_guard(group0_client, std::move(muts), std::move(*group0_guard), as, timeout);
+    }
+}
+
+future<> announce_mutations(
+        cql3::query_processor& qp,
+        ::service::raft_group0_client& group0_client,
+        const sstring query_string,
+        std::vector<data_value_or_unset> values,
+        seastar::abort_source* as,
+        std::optional<::service::raft_timeout> timeout) {
+    auto group0_guard = co_await group0_client.start_operation(as, timeout);
+    auto timestamp = group0_guard.write_timestamp();
+    auto muts = co_await qp.get_mutations_internal(
+            query_string,
+            internal_distributed_query_state(),
+            timestamp,
+            std::move(values));
+    std::vector<canonical_mutation> cmuts = {muts.begin(), muts.end()};
+    co_await announce_mutations_with_guard(group0_client, std::move(cmuts), std::move(group0_guard), as, timeout);
+}
+
 }

auth/common.hh

@@ -8,7 +8,6 @@
 
 #pragma once
 
-#include <chrono>
 #include <string_view>
 
 #include <seastar/core/future.hh>
@@ -19,9 +18,9 @@
 #include <seastar/core/sstring.hh>
 #include <seastar/core/smp.hh>
 
-#include "log.hh"
-#include "seastarx.hh"
-#include "utils/exponential_backoff_retry.hh"
+#include "schema/schema_registry.hh"
+#include "types/types.hh"
+#include "service/raft/raft_group0_client.hh"
 
 using namespace std::chrono_literals;
 
@@ -42,12 +41,22 @@ namespace auth {
 
 namespace meta {
 
-constexpr std::string_view DEFAULT_SUPERUSER_NAME("cassandra");
+namespace legacy {
 extern constinit const std::string_view AUTH_KS;
 extern constinit const std::string_view USERS_CF;
+} // namespace legacy
+
+constexpr std::string_view DEFAULT_SUPERUSER_NAME("cassandra");
 extern constinit const std::string_view AUTH_PACKAGE_NAME;
 
-}
+} // namespace meta
+
+// This is a helper to check whether auth-v2 is on.
+bool legacy_mode(cql3::query_processor& qp);
+
+// We have legacy implementation using different keyspace
+// and need to parametrize depending on runtime feature.
+std::string_view get_auth_ks_name(cql3::query_processor& qp);
 
 template <class Task>
 future<> once_among_shards(Task&& f) {
@@ -72,4 +81,28 @@ future<> create_metadata_table_if_missing(
 ///
 ::service::query_state& internal_distributed_query_state() noexcept;
 
+// Execute update query via group0 mechanism, mutations will be applied on all nodes.
+// Use this function when need to perform read before write on a single guard or if
+// you have more than one mutation and potentially exceed single command size limit.
+using start_operation_func_t = std::function<future<::service::group0_guard>(abort_source*)>;
+using mutations_generator = coroutine::experimental::generator<mutation>;
+future<> announce_mutations_with_batching(
+        ::service::raft_group0_client& group0_client,
+        // since we can operate also in topology coordinator context where we need stronger
+        // guarantees than start_operation from group0_client gives we allow to inject custom
+        // function here
+        start_operation_func_t start_operation_func,
+        std::function<mutations_generator(api::timestamp_type& t)> gen,
+        seastar::abort_source* as,
+        std::optional<::service::raft_timeout> timeout);
+
+// Execute update query via group0 mechanism, mutations will be applied on all nodes.
+future<> announce_mutations(
+        cql3::query_processor& qp,
+        ::service::raft_group0_client& group0_client,
+        const sstring query_string,
+        std::vector<data_value_or_unset> values,
+        seastar::abort_source* as,
+        std::optional<::service::raft_timeout> timeout);
+
 }

auth/default_authorizer.cc

@@ -9,20 +9,18 @@
  */
 
 #include "auth/default_authorizer.hh"
+#include "db/system_auth_keyspace.hh"
 
 extern "C" {
 #include <crypt.h>
 #include <unistd.h>
 }
 
-#include <chrono>
-#include <random>
-
 #include <boost/algorithm/string/join.hpp>
 #include <boost/range.hpp>
 #include <seastar/core/seastar.hh>
+#include <seastar/core/sleep.hh>
 
-#include "auth/authenticated_user.hh"
 #include "auth/common.hh"
 #include "auth/permission.hh"
 #include "auth/role_or_anonymous.hh"
@@ -30,7 +28,6 @@ extern "C" {
 #include "cql3/untyped_result_set.hh"
 #include "exceptions/exceptions.hh"
 #include "log.hh"
-#include "replica/database.hh"
 #include "utils/class_registrator.hh"
 
 namespace auth {
@@ -51,10 +48,12 @@ static const class_registrator<
         authorizer,
         default_authorizer,
         cql3::query_processor&,
+        ::service::raft_group0_client&,
         ::service::migration_manager&> password_auth_reg("org.apache.cassandra.auth.CassandraAuthorizer");
 
-default_authorizer::default_authorizer(cql3::query_processor& qp, ::service::migration_manager& mm)
+default_authorizer::default_authorizer(cql3::query_processor& qp, ::service::raft_group0_client& g0, ::service::migration_manager& mm)
         : _qp(qp)
+        , _group0_client(g0)
         , _migration_manager(mm) {
 }
 
@@ -64,11 +63,11 @@ default_authorizer::~default_authorizer() {
 static const sstring legacy_table_name{"permissions"};
 
 bool default_authorizer::legacy_metadata_exists() const {
-    return _qp.db().has_schema(meta::AUTH_KS, legacy_table_name);
+    return _qp.db().has_schema(meta::legacy::AUTH_KS, legacy_table_name);
 }
 
-future<bool> default_authorizer::any_granted() const {
-    static const sstring query = format("SELECT * FROM {}.{} LIMIT 1", meta::AUTH_KS, PERMISSIONS_CF);
+future<bool> default_authorizer::legacy_any_granted() const {
+    static const sstring query = format("SELECT * FROM {}.{} LIMIT 1", meta::legacy::AUTH_KS, PERMISSIONS_CF);
 
     return _qp.execute_internal(
             query,
@@ -79,9 +78,9 @@ future<bool> default_authorizer::any_granted() const {
     });
 }
 
-future<> default_authorizer::migrate_legacy_metadata() const {
+future<> default_authorizer::migrate_legacy_metadata() {
     alogger.info("Starting migration of legacy permissions metadata.");
-    static const sstring query = format("SELECT * FROM {}.{}", meta::AUTH_KS, legacy_table_name);
+    static const sstring query = format("SELECT * FROM {}.{}", meta::legacy::AUTH_KS, legacy_table_name);
 
     return _qp.execute_internal(
             query,
@@ -112,7 +111,7 @@ future<> default_authorizer::start() {
             "{} set<text>,"
             "PRIMARY KEY({}, {})"
             ") WITH gc_grace_seconds={}",
-            meta::AUTH_KS,
+            meta::legacy::AUTH_KS,
             PERMISSIONS_CF,
             ROLE_NAME,
             RESOURCE_NAME,
@@ -129,11 +128,11 @@ future<> default_authorizer::start() {
                 _migration_manager).then([this] {
             _finished = do_after_system_ready(_as, [this] {
                 return async([this] {
-                    _migration_manager.wait_for_schema_agreement(_qp.db().real_database(), db::timeout_clock::time_point::max(), &_as).get0();
+                    _migration_manager.wait_for_schema_agreement(_qp.db().real_database(), db::timeout_clock::time_point::max(), &_as).get();
 
                     if (legacy_metadata_exists()) {
-                        if (!any_granted().get0()) {
-                            migrate_legacy_metadata().get0();
+                        if (!legacy_any_granted().get()) {
+                            migrate_legacy_metadata().get();
                             return;
                         }
 
@@ -153,27 +152,25 @@ future<> default_authorizer::stop() {
 future<permission_set>
 default_authorizer::authorize(const role_or_anonymous& maybe_role, const resource& r) const {
     if (is_anonymous(maybe_role)) {
-        return make_ready_future<permission_set>(permissions::NONE);
+        co_return permissions::NONE;
     }
 
-    static const sstring query = format("SELECT {} FROM {}.{} WHERE {} = ? AND {} = ?",
+    const sstring query = format("SELECT {} FROM {}.{} WHERE {} = ? AND {} = ?",
             PERMISSIONS_NAME,
-            meta::AUTH_KS,
+            get_auth_ks_name(_qp),
             PERMISSIONS_CF,
             ROLE_NAME,
             RESOURCE_NAME);
 
-    return _qp.execute_internal(
+    const auto results = co_await _qp.execute_internal(
             query,
             db::consistency_level::LOCAL_ONE,
             {*maybe_role.name, r.name()},
-            cql3::query_processor::cache_internal::yes).then([](::shared_ptr<cql3::untyped_result_set> results) {
-        if (results->empty()) {
-            return permissions::NONE;
-        }
-
-        return permissions::from_strings(results->one().get_set<sstring>(PERMISSIONS_NAME));
-    });
+            cql3::query_processor::cache_internal::yes);
+    if (results->empty()) {
+        co_return permissions::NONE;
+    }
+    co_return permissions::from_strings(results->one().get_set<sstring>(PERMISSIONS_NAME));
 }
 
 future<>
@@ -181,88 +178,88 @@ default_authorizer::modify(
         std::string_view role_name,
         permission_set set,
         const resource& resource,
-        std::string_view op) const {
-    return do_with(
-            format("UPDATE {}.{} SET {} = {} {} ? WHERE {} = ? AND {} = ?",
-                    meta::AUTH_KS,
-                    PERMISSIONS_CF,
-                    PERMISSIONS_NAME,
-                    PERMISSIONS_NAME,
-                    op,
-                    ROLE_NAME,
-                    RESOURCE_NAME),
-            [this, &role_name, set, &resource](const auto& query) {
-        return _qp.execute_internal(
+        std::string_view op) {
+    const sstring query = format("UPDATE {}.{} SET {} = {} {} ? WHERE {} = ? AND {} = ?",
+            get_auth_ks_name(_qp),
+            PERMISSIONS_CF,
+            PERMISSIONS_NAME,
+            PERMISSIONS_NAME,
+            op,
+            ROLE_NAME,
+            RESOURCE_NAME);
+    if (legacy_mode(_qp)) {
+        co_return co_await _qp.execute_internal(
                 query,
                 db::consistency_level::ONE,
                 internal_distributed_query_state(),
                 {permissions::to_strings(set), sstring(role_name), resource.name()},
                 cql3::query_processor::cache_internal::no).discard_result();
-    });
+    }
+    co_return co_await announce_mutations(_qp, _group0_client, query,
+        {permissions::to_strings(set), sstring(role_name), resource.name()}, &_as, ::service::raft_timeout{});
 }
 
 
-future<> default_authorizer::grant(std::string_view role_name, permission_set set, const resource& resource) const {
+future<> default_authorizer::grant(std::string_view role_name, permission_set set, const resource& resource) {
     return modify(role_name, std::move(set), resource, "+");
 }
 
-future<> default_authorizer::revoke(std::string_view role_name, permission_set set, const resource& resource) const {
+future<> default_authorizer::revoke(std::string_view role_name, permission_set set, const resource& resource) {
     return modify(role_name, std::move(set), resource, "-");
 }
 
 future<std::vector<permission_details>> default_authorizer::list_all() const {
-    static const sstring query = format("SELECT {}, {}, {} FROM {}.{}",
+    const sstring query = format("SELECT {}, {}, {} FROM {}.{}",
             ROLE_NAME,
             RESOURCE_NAME,
             PERMISSIONS_NAME,
-            meta::AUTH_KS,
+            get_auth_ks_name(_qp),
             PERMISSIONS_CF);
 
-    return _qp.execute_internal(
+    const auto results = co_await _qp.execute_internal(
             query,
             db::consistency_level::ONE,
             internal_distributed_query_state(),
             {},
-            cql3::query_processor::cache_internal::yes).then([](::shared_ptr<cql3::untyped_result_set> results) {
-        std::vector<permission_details> all_details;
+            cql3::query_processor::cache_internal::yes);
 
-        for (const auto& row : *results) {
-            if (row.has(PERMISSIONS_NAME)) {
-                auto role_name = row.get_as<sstring>(ROLE_NAME);
-                auto resource = parse_resource(row.get_as<sstring>(RESOURCE_NAME));
-                auto perms = permissions::from_strings(row.get_set<sstring>(PERMISSIONS_NAME));
-                all_details.push_back(permission_details{std::move(role_name), std::move(resource), std::move(perms)});
-            }
+    std::vector<permission_details> all_details;
+    for (const auto& row : *results) {
+        if (row.has(PERMISSIONS_NAME)) {
+            auto role_name = row.get_as<sstring>(ROLE_NAME);
+            auto resource = parse_resource(row.get_as<sstring>(RESOURCE_NAME));
+            auto perms = permissions::from_strings(row.get_set<sstring>(PERMISSIONS_NAME));
+            all_details.push_back(permission_details{std::move(role_name), std::move(resource), std::move(perms)});
         }
-
-        return all_details;
-    });
+    }
+    co_return all_details;
 }
 
-future<> default_authorizer::revoke_all(std::string_view role_name) const {
-    static const sstring query = format("DELETE FROM {}.{} WHERE {} = ?",
-            meta::AUTH_KS,
-            PERMISSIONS_CF,
-            ROLE_NAME);
-
-    return _qp.execute_internal(
-            query,
-            db::consistency_level::ONE,
-            internal_distributed_query_state(),
-            {sstring(role_name)},
-            cql3::query_processor::cache_internal::no).discard_result().handle_exception([role_name](auto ep) {
-        try {
-            std::rethrow_exception(ep);
-        } catch (exceptions::request_execution_exception& e) {
-            alogger.warn("CassandraAuthorizer failed to revoke all permissions of {}: {}", role_name, e);
+future<> default_authorizer::revoke_all(std::string_view role_name) {
+    try {
+        const sstring query = format("DELETE FROM {}.{} WHERE {} = ?",
+                get_auth_ks_name(_qp),
+                PERMISSIONS_CF,
+                ROLE_NAME);
+        if (legacy_mode(_qp)) {
+            co_await _qp.execute_internal(
+                    query,
+                    db::consistency_level::ONE,
+                    internal_distributed_query_state(),
+                    {sstring(role_name)},
+                    cql3::query_processor::cache_internal::no).discard_result();
+        } else {
+            co_await announce_mutations(_qp, _group0_client, query, {sstring(role_name)}, &_as, ::service::raft_timeout{});
         }
-    });
+    } catch (exceptions::request_execution_exception& e) {
+        alogger.warn("CassandraAuthorizer failed to revoke all permissions of {}: {}", role_name, e);
+    }
 }
 
-future<> default_authorizer::revoke_all(const resource& resource) const {
+future<> default_authorizer::revoke_all_legacy(const resource& resource) {
     static const sstring query = format("SELECT {} FROM {}.{} WHERE {} = ? ALLOW FILTERING",
             ROLE_NAME,
-            meta::AUTH_KS,
+            get_auth_ks_name(_qp),
             PERMISSIONS_CF,
             RESOURCE_NAME);
 
@@ -272,13 +269,13 @@ future<> default_authorizer::revoke_all(const resource& resource) const {
             {resource.name()},
             cql3::query_processor::cache_internal::no).then_wrapped([this, resource](future<::shared_ptr<cql3::untyped_result_set>> f) {
         try {
-            auto res = f.get0();
+            auto res = f.get();
             return parallel_for_each(
                     res->begin(),
                     res->end(),
                     [this, res, resource](const cql3::untyped_result_set::row& r) {
                 static const sstring query = format("DELETE FROM {}.{} WHERE {} = ? AND {} = ?",
-                        meta::AUTH_KS,
+                        get_auth_ks_name(_qp),
                         PERMISSIONS_CF,
                         ROLE_NAME,
                         RESOURCE_NAME);
@@ -304,8 +301,55 @@ future<> default_authorizer::revoke_all(const resource& resource) const {
     });
 }
 
+future<> default_authorizer::revoke_all(const resource& resource) {
+    if (legacy_mode(_qp)) {
+        co_return co_await revoke_all_legacy(resource);
+    }
+    auto name = resource.name();
+    try {
+        auto gen = [this, name] (api::timestamp_type& t) -> mutations_generator {
+            const sstring query = format("SELECT {} FROM {}.{} WHERE {} = ? ALLOW FILTERING",
+                    ROLE_NAME,
+                    get_auth_ks_name(_qp),
+                    PERMISSIONS_CF,
+                    RESOURCE_NAME);
+            auto res = co_await _qp.execute_internal(
+                    query,
+                    db::consistency_level::LOCAL_ONE,
+                    {name},
+                    cql3::query_processor::cache_internal::no);
+            for (const auto& r : *res) {
+                const sstring query = format("DELETE FROM {}.{} WHERE {} = ? AND {} = ?",
+                        get_auth_ks_name(_qp),
+                        PERMISSIONS_CF,
+                        ROLE_NAME,
+                        RESOURCE_NAME);
+                auto muts = co_await _qp.get_mutations_internal(
+                        query,
+                        internal_distributed_query_state(),
+                        t,
+                        {r.get_as<sstring>(ROLE_NAME), name});
+                if (muts.size() != 1) {
+                    on_internal_error(alogger,
+                        format("expecting single delete mutation, got {}", muts.size()));
+                }
+                co_yield std::move(muts[0]);
+            }
+        };
+        const auto timeout = ::service::raft_timeout{};
+        co_await announce_mutations_with_batching(
+                _group0_client,
+                [this, timeout](abort_source* as) { return _group0_client.start_operation(as, timeout); },
+                std::move(gen),
+                &_as,
+            timeout);
+    } catch (exceptions::request_execution_exception& e) {
+        alogger.warn("CassandraAuthorizer failed to revoke all permissions on {}: {}", name, e);
+    }
+}
+
 const resource_set& default_authorizer::protected_resources() const {
-    static const resource_set resources({ make_data_resource(meta::AUTH_KS, PERMISSIONS_CF) });
+    static const resource_set resources({ make_data_resource(meta::legacy::AUTH_KS, PERMISSIONS_CF) });
     return resources;
 }