github: bug_report.yml: Improve bug report template structure

V1: Perform a yaml "face lift" on the old bug report md template, making bug reporting more efficient.

Add dedicated textarea fields for problem description and expected behavior
Include pre-filled placeholders to guide issue reporting
Add formatted log output section with shell syntax highlighting

V2: updated the contact details of scylla and performed some code cleanup.

.clang-format

@@ -0,0 +1,209 @@
+---
+Language: Cpp
+AccessModifierOffset: -4
+AlignAfterOpenBracket: DontAlign
+AlignArrayOfStructures: None
+AlignConsecutiveAssignments:
+  Enabled: false
+  AcrossEmptyLines: false
+  AcrossComments: false
+  AlignCompound: false
+  PadOperators: true
+AlignConsecutiveBitFields:
+  Enabled: false
+  AcrossEmptyLines: false
+  AcrossComments: false
+  AlignCompound: false
+  PadOperators: false
+AlignConsecutiveDeclarations:
+  Enabled: false
+  AcrossEmptyLines: false
+  AcrossComments: false
+  AlignCompound: false
+  PadOperators: false
+AlignConsecutiveMacros:
+  Enabled: false
+  AcrossEmptyLines: false
+  AcrossComments: false
+  AlignCompound: false
+  PadOperators: false
+AlignConsecutiveShortCaseStatements:
+  Enabled: false
+  AcrossEmptyLines: false
+  AcrossComments: false
+  AlignCaseColons: false
+AlignEscapedNewlines: Right
+AlignOperands: Align
+AlignTrailingComments:
+  Kind: Always
+  OverEmptyLines: 0
+AllowAllArgumentsOnNextLine: true
+AllowAllParametersOfDeclarationOnNextLine: true
+AllowShortBlocksOnASingleLine: Never
+AllowShortCaseLabelsOnASingleLine: false
+AllowShortEnumsOnASingleLine: true
+AllowShortFunctionsOnASingleLine: None
+AllowShortIfStatementsOnASingleLine: Never
+AllowShortLambdasOnASingleLine: Empty
+AllowShortLoopsOnASingleLine: false
+AlwaysBreakAfterDefinitionReturnType: None
+AlwaysBreakAfterReturnType: None
+AlwaysBreakBeforeMultilineStrings: false
+AlwaysBreakTemplateDeclarations: Yes
+AttributeMacros:
+  - __capability
+BinPackArguments: true
+BinPackParameters: true
+BitFieldColonSpacing: Both
+BraceWrapping:
+  AfterCaseLabel: false
+  AfterClass: false
+  AfterControlStatement: Never
+  AfterEnum: false
+  AfterExternBlock: false
+  AfterFunction: false
+  AfterNamespace: false
+  AfterObjCDeclaration: false
+  AfterStruct: false
+  AfterUnion: false
+  BeforeCatch: false
+  BeforeElse: false
+  BeforeLambdaBody: false
+  BeforeWhile: false
+  IndentBraces: false
+  SplitEmptyFunction: true
+  SplitEmptyRecord: true
+  SplitEmptyNamespace: true
+BreakAfterAttributes: Never
+BreakAfterJavaFieldAnnotations: false
+BreakArrays: true
+BreakBeforeBinaryOperators: None
+BreakBeforeConceptDeclarations: Always
+BreakBeforeBraces: Attach
+BreakBeforeInlineASMColon: OnlyMultiline
+BreakBeforeTernaryOperators: true
+BreakConstructorInitializers: BeforeComma
+BreakInheritanceList: BeforeColon
+BreakStringLiterals: true
+ColumnLimit: 160
+CommentPragmas: '^ IWYU pragma:'
+CompactNamespaces: false
+ConstructorInitializerIndentWidth: 4
+ContinuationIndentWidth: 8
+Cpp11BracedListStyle: true
+DerivePointerAlignment: false
+DisableFormat: false
+EmptyLineAfterAccessModifier: Never
+EmptyLineBeforeAccessModifier: LogicalBlock
+ExperimentalAutoDetectBinPacking: false
+FixNamespaceComments: true
+ForEachMacros:
+  - foreach
+  - Q_FOREACH
+  - BOOST_FOREACH
+IfMacros:
+  - KJ_IF_MAYBE
+IndentAccessModifiers: false
+IndentCaseBlocks: false
+IndentCaseLabels: false
+IndentExternBlock: AfterExternBlock
+IndentGotoLabels: true
+IndentPPDirectives: None
+IndentRequiresClause: true
+IndentWidth: 4
+IndentWrappedFunctionNames: false
+InsertBraces: false
+InsertNewlineAtEOF: true
+InsertTrailingCommas: None
+IntegerLiteralSeparator:
+  Binary: 0
+  BinaryMinDigits: 0
+  Decimal: 0
+  DecimalMinDigits: 0
+  Hex: 0
+  HexMinDigits: 0
+JavaScriptQuotes: Leave
+JavaScriptWrapImports: true
+KeepEmptyLinesAtTheStartOfBlocks: true
+KeepEmptyLinesAtEOF: false
+LambdaBodyIndentation: Signature
+LineEnding: DeriveLF
+MacroBlockBegin: ''
+MacroBlockEnd: ''
+MaxEmptyLinesToKeep: 2
+NamespaceIndentation: None
+PackConstructorInitializers: BinPack
+PenaltyBreakAssignment: 2
+PenaltyBreakBeforeFirstCallParameter: 19
+PenaltyBreakComment: 300
+PenaltyBreakFirstLessLess: 120
+PenaltyBreakOpenParenthesis: 0
+PenaltyBreakString: 1000
+PenaltyBreakTemplateDeclaration: 10
+PenaltyExcessCharacter: 1000000
+PenaltyIndentedWhitespace: 0
+PenaltyReturnTypeOnItsOwnLine: 60
+PointerAlignment: Left
+PPIndentWidth: -1
+QualifierAlignment: Leave
+ReferenceAlignment: Pointer
+ReflowComments: true
+RemoveBracesLLVM: false
+RemoveParentheses: Leave
+RemoveSemicolon: false
+RequiresClausePosition: OwnLine
+RequiresExpressionIndentation: OuterScope
+SeparateDefinitionBlocks: Leave
+ShortNamespaceLines: 1
+SortIncludes: Never
+SortJavaStaticImport: Before
+SortUsingDeclarations: Never
+SpaceAfterCStyleCast: false
+SpaceAfterLogicalNot: false
+SpaceAfterTemplateKeyword: true
+SpaceAroundPointerQualifiers: Default
+SpaceBeforeAssignmentOperators: true
+SpaceBeforeCaseColon: false
+SpaceBeforeCpp11BracedList: false
+SpaceBeforeCtorInitializerColon: true
+SpaceBeforeInheritanceColon: true
+SpaceBeforeJsonColon: false
+SpaceBeforeParens: ControlStatements
+SpaceBeforeParensOptions:
+  AfterControlStatements: true
+  AfterForeachMacros: true
+  AfterFunctionDefinitionName: false
+  AfterFunctionDeclarationName: false
+  AfterIfMacros: true
+  AfterOverloadedOperator: false
+  AfterRequiresInClause: false
+  AfterRequiresInExpression: false
+  BeforeNonEmptyParentheses: false
+SpaceBeforeRangeBasedForLoopColon: true
+SpaceBeforeSquareBrackets: false
+SpaceInEmptyBlock: false
+SpacesBeforeTrailingComments: 1
+SpacesInAngles: Never
+SpacesInContainerLiterals: true
+SpacesInLineCommentPrefix:
+  Minimum: 1
+  Maximum: -1
+SpacesInParens: Never
+SpacesInParensOptions:
+  InCStyleCasts: false
+  InConditionalStatements: false
+  InEmptyParentheses: false
+  Other: false
+SpacesInSquareBrackets: false
+Standard: Latest
+TabWidth: 8
+UseTab: Never
+VerilogBreakBetweenInstancePorts: true
+WhitespaceSensitiveMacros:
+  - BOOST_PP_STRINGIZE
+  - CF_SWIFT_NAME
+  - NS_SWIFT_NAME
+  - PP_STRINGIZE
+  - STRINGIZE
+...
+

.gitattributes

@@ -1,3 +1,4 @@
 *.cc diff=cpp
 *.hh diff=cpp
 *.svg binary
+docs/_static/api/js/* binary

.github/CODEOWNERS

@@ -1,5 +1,5 @@
 # AUTH
-auth/* @elcallio @vladzcloudius
+auth/* @nuivall @ptrsmrn @KrzaQ
 
 # CACHE
 row_cache* @tgrabiec
@@ -7,9 +7,9 @@ row_cache* @tgrabiec
 test/boost/mvcc* @tgrabiec
 
 # CDC
-cdc/* @kbr- @elcallio @piodul @jul-stas
-test/cql/cdc_* @kbr- @elcallio @piodul @jul-stas
-test/boost/cdc_* @kbr- @elcallio @piodul @jul-stas
+cdc/* @kbr-scylla @elcallio @piodul
+test/cql/cdc_* @kbr-scylla @elcallio @piodul
+test/boost/cdc_* @kbr-scylla @elcallio @piodul
 
 # COMMITLOG / BATCHLOG
 db/commitlog/* @elcallio @eliransin
@@ -25,18 +25,18 @@ compaction/* @raphaelsc
 transport/*
 
 # CQL QUERY LANGUAGE
-cql3/* @tgrabiec
+cql3/* @tgrabiec @nuivall @ptrsmrn @KrzaQ
 
 # COUNTERS
-counters* @jul-stas
-tests/counter_test* @jul-stas
+counters* @nuivall @ptrsmrn @KrzaQ
+tests/counter_test* @nuivall @ptrsmrn @KrzaQ
 
 # DOCS
 docs/* @annastuchlik @tzach
-docs/alternator @annastuchlik @tzach @nyh @havaker @nuivall
+docs/alternator @annastuchlik @tzach @nyh @nuivall @ptrsmrn @KrzaQ
 
 # GOSSIP
-gms/* @tgrabiec @asias
+gms/* @tgrabiec @asias @kbr-scylla
 
 # DOCKER
 dist/docker/*
@@ -74,8 +74,8 @@ streaming/* @tgrabiec @asias
 service/storage_service.* @tgrabiec @asias
 
 # ALTERNATOR
-alternator/* @havaker @nuivall
-test/alternator/* @havaker @nuivall
+alternator/* @nyh @nuivall @ptrsmrn @KrzaQ
+test/alternator/* @nyh @nuivall @ptrsmrn @KrzaQ
 
 # HINTED HANDOFF
 db/hints/* @piodul @vladzcloudius @eliransin
@@ -91,11 +91,14 @@ test/boost/mutation_reader_test.cc @denesb
 test/boost/querier_cache_test.cc @denesb
 
 # PYTEST-BASED CQL TESTS
-test/cql-pytest/* @nyh
+test/cqlpy/* @nyh
 
 # RAFT
-raft/* @kbr- @gleb-cloudius @kostja
-test/raft/* @kbr- @gleb-cloudius @kostja
+raft/* @kbr-scylla @gleb-cloudius @kostja
+test/raft/* @kbr-scylla @gleb-cloudius @kostja
 
 # HEAT-WEIGHTED LOAD BALANCING
 db/heat_load_balance.* @nyh @gleb-cloudius
+
+# Tools
+tools/* @denesb

.github/ISSUE_TEMPLATE.md

@@ -1,15 +0,0 @@
-This is Scylla's bug tracker, to be used for reporting bugs only.
-If you have a question about Scylla, and not a bug, please ask it in
-our mailing-list at scylladb-dev@googlegroups.com or in our slack channel.
-
-- [] I have read the disclaimer above, and I am reporting a suspected malfunction in Scylla.
-
-*Installation details*
-Scylla version (or git commit hash):
-Cluster size:
-OS (RHEL/CentOS/Ubuntu/AWS AMI):
-
-*Hardware details (for performance issues)*          Delete if unneeded
-Platform (physical/VM/cloud instance type/docker):
-Hardware: sockets= cores= hyperthreading= memory=
-Disks: (SSD/HDD, count)

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,86 @@
+name: "Report a bug"
+description: "File a bug report."
+title: "[Bug]: "
+type: "bug"
+labels: bug
+body:
+  - type: checkboxes
+    id: terms
+    attributes:
+      label: Code of Conduct
+      description: "This is Scylla's bug tracker, to be used for reporting bugs only.
+If you have a question about Scylla, and not a bug, please ask it in
+our forum at https://forum.scylladb.com/ or in our slack channel https://slack.scylladb.com/ "
+      options:
+        - label: I have read the disclaimer above and am reporting a suspected malfunction in Scylla.
+          required: true
+
+  - type: input
+    id: product-version
+    attributes:
+      label: product version
+      description: Scylla version (or git commit hash)
+      placeholder: ex. scylla-6.1.1
+    validations:
+      required: true
+      
+  - type: input
+    id: cluster-size
+    attributes:
+      label: Cluster Size
+    validations:
+      required: true  
+      
+  - type: input
+    id: os
+    attributes:
+      label: OS
+      placeholder: RHEL/CentOS/Ubuntu/AWS AMI
+    validations:
+      required: true
+      
+  - type: textarea
+    id: additional-data
+    attributes:
+      label: Additional Environmental Data
+      #description: 
+      placeholder: Add additional data
+      value: "Platform (physical/VM/cloud instance type/docker):\n
+Hardware: sockets=   cores=   hyperthreading=   memory=\n
+Disks: (SSD/HDD, count)"
+    validations:
+      required: false
+      
+  - type: textarea
+    id: reproducer-steps
+    attributes:
+      label: Reproduction Steps
+      placeholder: Describe how to reproduce the problem
+      value: "The steps to reproduce the problem are:"
+    validations:
+      required: true
+      
+  - type: textarea
+    id: the-problem
+    attributes:
+      label: What is the problem?
+      placeholder: Describe the problem you found
+      value: "The problem is that"
+    validations:
+      required: true
+      
+  - type: textarea
+    id: what-happened
+    attributes:
+      label: Expected behavior?
+      placeholder: Describe what should have happened
+      value: "I expected that "
+    validations:
+      required: true
+      
+  - type: textarea
+    id: logs
+    attributes:
+      label: Relevant log output
+      description: Please copy and paste any relevant log output. This will be automatically formatted into code, so no need for backticks.
+      render: shell

.github/actions/setup-build/action.yaml

@@ -1,84 +0,0 @@
-name: setup-build-env
-description: Setup Building Environment
-inputs:
-  install_clang_tool:
-    description: 'install clang-tool'
-    required: false
-    default: false
-    type: boolean
-  install_clang_tidy:
-    description: 'install clang-tidy'
-    required: false
-    default: false
-    type: boolean
-
-# use the stable branch
-# should be the same as the one used by the compositing workflow
-env:
-  CLANG_VERSION: 18
-
-runs:
-  using: 'composite'
-  steps:
-    - name: Add scylla-ppa repo
-      shell: bash
-      run: |
-        sudo add-apt-repository ppa:scylladb/ppa
-
-    - name: Add clang apt repo
-      if: ${{ inputs.install_clang_tool || inputs.install_clang_tidy }}
-      shell: bash
-      run: |
-        sudo apt-get install -y curl
-        curl -fsSL https://apt.llvm.org/llvm-snapshot.gpg.key | sudo tee /etc/apt/trusted.gpg.d/apt.llvm.org.asc >/dev/null
-        repo_component=llvm-toolchain-jammy
-        # use the development branch if $CLANG_VERSION is empty
-        if [ -n "$CLANG_VERSION" ]; then
-            repo_component+=-$CLANG_VERSION
-        fi
-        echo "deb http://apt.llvm.org/jammy/ $repo_component main" | sudo tee -a /etc/apt/sources.list.d/llvm.list
-        sudo apt-get update
-
-    - name: Install clang-tools
-      if: ${{ inputs.install_clang_tools }}
-      shell: bash
-      run: |
-        sudo apt-get install -y clang-tools-$CLANG_VERSION
-
-    - name: Install clang-tidy
-      if: ${{ inputs.install_clang_tidy }}
-      shell: bash
-      run: |
-        sudo apt-get install -y clang-tidy-$CLANG_VERSION
-
-    - name: Install GCC-12
-      # ubuntu:jammy comes with GCC-11. and libstdc++-11 fails to compile
-      # scylla which defines value type of std::unordered_map in .cc
-      shell: bash
-      run: |
-        sudo add-apt-repository -y ppa:ubuntu-toolchain-r/ppa
-        sudo apt-get install -y libstdc++-12-dev
-
-    - name: Install more build dependencies
-      shell: bash
-      run: |
-        # - do not install java dependencies, which is not only not necessary,
-        #   and they include "python", which is not EOL and not available.
-        # - replace "scylla-libthrift010" with "libthrift-dev". because
-        #   scylla-libthrift010 : Depends: libssl1.0.0 (>= 1.0.1) but it is not installable
-        # - we don't perform tests, so minio is not necessary.
-        sed -i.orig \
-          -e '/tools\/.*\/install-dependencies.sh/d' \
-          -e 's/scylla-libthrift010-dev/libthrift-dev/' \
-          -e 's/(minio_download_jobs)/(true)/' \
-          ./install-dependencies.sh
-        sudo ./install-dependencies.sh
-        mv ./install-dependencies.sh{.orig,}
-        # for ld.lld
-        sudo apt-get install -y lld-18
-
-    - name: Install {fmt} using cooking.sh
-      shell: bash
-      run: |
-        sudo apt-get remove -y libfmt-dev
-        seastar/cooking.sh -d build-fmt -p cooking -i fmt

.github/clang-include-cleaner.json

@@ -0,0 +1,20 @@
+{
+    "problemMatcher": [
+        {
+            "owner": "clang-include-cleaner",
+            "severity": "error",
+            "pattern": [
+                {
+                    "regexp": "^([^\\-\\+].*)$",
+                    "file": 1
+                },
+                {
+                    "regexp": "^(-\\s+[^\\s]+)\\s+@Line:(\\d+)$",
+                    "line": 2,
+                    "message": 1,
+                    "loop": true
+                }
+            ]
+        }
+    ]
+}

.github/clang-matcher.json

@@ -1,7 +1,7 @@
 {
     "problemMatcher": [
         {
-            "owner": "clang-tidy",
+            "owner": "clang",
             "pattern": [
                 {
                     "regexp": "^([^:]+):(\\d+):(\\d+):\\s+(warning|error):\\s+(.*?)\\s+\\[(.*?)\\]$",

.github/dependabot.yml

@@ -0,0 +1,9 @@
+version: 2
+updates:
+- package-ecosystem: "pip"
+  directory: "/docs"
+  schedule:
+    interval: "daily"
+  allow:
+  - dependency-name: "sphinx-scylladb-theme"
+  - dependency-name: "sphinx-multiversion-scylla"

.github/mergify.yml

@@ -15,7 +15,7 @@ pull_request_rules:
         - closed
     actions:
       delete_head_branch:
-  - name: Automate backport pull request 5.2
+  - name: Automate backport pull request 6.2
     conditions:
       - or:
         - closed
@@ -23,36 +23,11 @@ pull_request_rules:
       - or:
           - base=master
           - base=next
-      - label=backport/5.2 # The PR must have this label to trigger the backport
+      - label=backport/6.2 # The PR must have this label to trigger the backport
       - label=promoted-to-master
     actions:
       copy:
-        title: "[Backport 5.2] {{ title }}"
-        body: |
-          {{ body }}
-
-          {% for c in commits %}
-          (cherry picked from commit {{ c.sha }})
-          {% endfor %}
-
-           Refs #{{number}}
-        branches:
-          - branch-5.2
-        assignees:
-          - "{{ author }}"
-  - name: Automate backport pull request 5.4
-    conditions:
-      - or:
-        - closed
-        - merged
-      - or:
-          - base=master
-          - base=next
-      - label=backport/5.4 # The PR must have this label to trigger the backport
-      - label=promoted-to-master
-    actions:
-      copy:
-        title: "[Backport 5.4] {{ title }}"
+        title: "[Backport 6.2] {{ title }}"
         body: |
           {{ body }}
 
@@ -62,6 +37,56 @@ pull_request_rules:
 
           Refs #{{number}}
         branches:
-          - branch-5.4
+          - branch-6.2
+        assignees:
+          - "{{ author }}"
+  - name: Automate backport pull request 6.1
+    conditions:
+      - or:
+        - closed
+        - merged
+      - or:
+          - base=master
+          - base=next
+      - label=backport/6.1 # The PR must have this label to trigger the backport
+      - label=promoted-to-master
+    actions:
+      copy:
+        title: "[Backport 6.1] {{ title }}"
+        body: |
+          {{ body }}
+
+          {% for c in commits %}
+          (cherry picked from commit {{ c.sha }})
+          {% endfor %}
+
+           Refs #{{number}}
+        branches:
+          - branch-6.1
+        assignees:
+          - "{{ author }}"
+  - name: Automate backport pull request 6.0
+    conditions:
+      - or:
+        - closed
+        - merged
+      - or:
+          - base=master
+          - base=next
+      - label=backport/6.0 # The PR must have this label to trigger the backport
+      - label=promoted-to-master
+    actions:
+      copy:
+        title: "[Backport 6.0] {{ title }}"
+        body: |
+          {{ body }}
+
+          {% for c in commits %}
+          (cherry picked from commit {{ c.sha }})
+          {% endfor %}
+
+           Refs #{{number}}
+        branches:
+          - branch-6.0
         assignees:
           - "{{ author }}"

.github/scripts/auto-backport.py

@@ -0,0 +1,181 @@
+#!/usr/bin/env python3
+
+import argparse
+import os
+import re
+import sys
+import tempfile
+import logging
+
+from github import Github, GithubException
+from git import Repo, GitCommandError
+
+logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s')
+try:
+    github_token = os.environ["GITHUB_TOKEN"]
+except KeyError:
+    print("Please set the 'GITHUB_TOKEN' environment variable")
+    sys.exit(1)
+
+
+def is_pull_request():
+    return '--pull-request' in sys.argv[1:]
+
+
+def parse_args():
+    parser = argparse.ArgumentParser()
+    parser.add_argument('--repo', type=str, required=True, help='Github repository name')
+    parser.add_argument('--base-branch', type=str, default='refs/heads/master', help='Base branch')
+    parser.add_argument('--commits', default=None, type=str, help='Range of promoted commits.')
+    parser.add_argument('--pull-request', type=int, help='Pull request number to be backported')
+    parser.add_argument('--head-commit', type=str, required=is_pull_request(), help='The HEAD of target branch after the pull request specified by --pull-request is merged')
+    return parser.parse_args()
+
+
+def create_pull_request(repo, new_branch_name, base_branch_name, pr, backport_pr_title, commits, is_draft=False):
+    pr_body = f'{pr.body}\n\n'
+    for commit in commits:
+        pr_body += f'- (cherry picked from commit {commit})\n\n'
+    pr_body += f'Parent PR: #{pr.number}'
+    try:
+        backport_pr = repo.create_pull(
+            title=backport_pr_title,
+            body=pr_body,
+            head=f'scylladbbot:{new_branch_name}',
+            base=base_branch_name,
+            draft=is_draft
+        )
+        logging.info(f"Pull request created: {backport_pr.html_url}")
+        backport_pr.add_to_assignees(pr.user)
+        logging.info(f"Assigned PR to original author: {pr.user}")
+        return backport_pr
+    except GithubException as e:
+        if 'A pull request already exists' in str(e):
+            logging.warning(f'A pull request already exists for {pr.user}:{new_branch_name}')
+        else:
+            logging.error(f'Failed to create PR: {e}')
+
+
+def get_pr_commits(repo, pr, stable_branch, start_commit=None):
+    commits = []
+    if pr.merged:
+        merge_commit = repo.get_commit(pr.merge_commit_sha)
+        if len(merge_commit.parents) > 1:  # Check if this merge commit includes multiple commits
+            commits.append(pr.merge_commit_sha)
+        else:
+            if start_commit:
+                promoted_commits = repo.compare(start_commit, stable_branch).commits
+            else:
+                promoted_commits = repo.get_commits(sha=stable_branch)
+            for commit in pr.get_commits():
+                for promoted_commit in promoted_commits:
+                    commit_title = commit.commit.message.splitlines()[0]
+                    # In Scylla-pkg and scylla-dtest, for example,
+                    # we don't create a merge commit for a PR with multiple commits,
+                    # according to the GitHub API, the last commit will be the merge commit,
+                    # which is not what we need when backporting (we need all the commits).
+                    # So here, we are validating the correct SHA for each commit so we can cherry-pick
+                    if promoted_commit.commit.message.startswith(commit_title):
+                        commits.append(promoted_commit.sha)
+
+    elif pr.state == 'closed':
+        events = pr.get_issue_events()
+        for event in events:
+            if event.event == 'closed':
+                commits.append(event.commit_id)
+    return commits
+
+
+def create_pr_comment_and_remove_label(pr, comment_body):
+    labels = pr.get_labels()
+    pattern = re.compile(r"backport/\d+\.\d+$")
+    for label in labels:
+        if pattern.match(label.name):
+            print(f"Removing label: {label.name}")
+            comment_body += f'- {label.name}\n'
+            pr.remove_from_labels(label)
+    pr.create_issue_comment(comment_body)
+
+
+def backport(repo, pr, version, commits, backport_base_branch):
+    new_branch_name = f'backport/{pr.number}/to-{version}'
+    backport_pr_title = f'[Backport {version}] {pr.title}'
+    repo_url = f'https://scylladbbot:{github_token}@github.com/{repo.full_name}.git'
+    fork_repo = f'https://scylladbbot:{github_token}@github.com/scylladbbot/{repo.name}.git'
+    with (tempfile.TemporaryDirectory() as local_repo_path):
+        try:
+            repo_local = Repo.clone_from(repo_url, local_repo_path, branch=backport_base_branch)
+            repo_local.git.checkout(b=new_branch_name)
+            is_draft = False
+            for commit in commits:
+                try:
+                    repo_local.git.cherry_pick(commit, '-m1', '-x')
+                except GitCommandError as e:
+                    logging.warning(f'Cherry-pick conflict on commit {commit}: {e}')
+                    is_draft = True
+                    repo_local.git.add(A=True)
+                    repo_local.git.cherry_pick('--continue')
+            if not repo.private and not repo.has_in_collaborators(pr.user.login):
+                repo.add_to_collaborators(pr.user.login, permission="push")
+                comment = f':warning:  @{pr.user.login} you have been added as collaborator to scylladbbot fork '
+                comment += f'Please check your inbox and approve the invitation, once it is done, please add the backport labels again'
+                create_pr_comment_and_remove_label(pr, comment)
+                return
+            repo_local.git.push(fork_repo, new_branch_name, force=True)
+            create_pull_request(repo, new_branch_name, backport_base_branch, pr, backport_pr_title, commits,
+                                is_draft=is_draft)
+
+        except GitCommandError as e:
+            logging.warning(f"GitCommandError: {e}")
+
+
+def main():
+    args = parse_args()
+    base_branch = args.base_branch.split('/')[2]
+    promoted_label = 'promoted-to-master'
+    repo_name = args.repo
+    if 'scylla-enterprise' in args.repo:
+        promoted_label = 'promoted-to-enterprise'
+    stable_branch = base_branch
+    backport_branch = 'branch-'
+
+    backport_label_pattern = re.compile(r'backport/\d+\.\d+$')
+
+    g = Github(github_token)
+    repo = g.get_repo(repo_name)
+    closed_prs = []
+    start_commit = None
+
+    if args.commits:
+        start_commit, end_commit = args.commits.split('..')
+        commits = repo.compare(start_commit, end_commit).commits
+        for commit in commits:
+            match = re.search(rf"Closes .*#([0-9]+)", commit.commit.message, re.IGNORECASE)
+            if match:
+                pr_number = int(match.group(1))
+                pr = repo.get_pull(pr_number)
+                closed_prs.append(pr)
+    if args.pull_request:
+        start_commit = args.head_commit
+        pr = repo.get_pull(args.pull_request)
+        closed_prs = [pr]
+
+    for pr in closed_prs:
+        labels = [label.name for label in pr.labels]
+        backport_labels = [label for label in labels if backport_label_pattern.match(label)]
+        if promoted_label not in labels:
+            print(f'no {promoted_label} label: {pr.number}')
+            continue
+        if not backport_labels:
+            print(f'no backport label: {pr.number}')
+            continue
+        commits = get_pr_commits(repo, pr, stable_branch, start_commit)
+        logging.info(f"Found PR #{pr.number} with commit {commits} and the following labels: {backport_labels}")
+        for backport_label in backport_labels:
+            version = backport_label.replace('backport/', '')
+            backport_base_branch = backport_label.replace('backport/', backport_branch)
+            backport(repo, pr, version, commits, backport_base_branch)
+
+
+if __name__ == "__main__":
+    main()

.github/scripts/label_promoted_commits.py

@@ -1,9 +1,9 @@
-import requests
-from github import Github
 import argparse
 import re
 import sys
 import os
+from github import Github
+from github.GithubException import UnknownObjectException
 
 try:
     github_token = os.environ["GITHUB_TOKEN"]
@@ -16,43 +16,72 @@ def parser():
     parser = argparse.ArgumentParser()
     parser.add_argument('--repository', type=str, required=True,
                         help='Github repository name (e.g., scylladb/scylladb)')
-    parser.add_argument('--commit_before_merge', type=str, required=True, help='Git commit ID to start labeling from ('
-                                                                               'newest commit).')
-    parser.add_argument('--commit_after_merge', type=str, required=True,
-                        help='Git commit ID to end labeling at (oldest '
-                             'commit, exclusive).')
-    parser.add_argument('--update_issue', type=bool, default=False, help='Set True to update issues when backport was '
-                                                                         'done')
-    parser.add_argument('--label', type=str, required=True, help='Label to use')
+    parser.add_argument('--commits', type=str, required=True, help='Range of promoted commits.')
+    parser.add_argument('--label', type=str, default='promoted-to-master', help='Label to use')
+    parser.add_argument('--ref', type=str, required=True, help='PR target branch')
     return parser.parse_args()
 
 
+def add_comment_and_close_pr(pr, comment):
+    if pr.state == 'open':
+        pr.create_issue_comment(comment)
+        pr.edit(state="closed")
+
+
+def mark_backport_done(repo, ref_pr_number, branch):
+    pr = repo.get_pull(int(ref_pr_number))
+    label_to_remove = f'backport/{branch}'
+    label_to_add = f'{label_to_remove}-done'
+    current_labels = [label.name for label in pr.get_labels()]
+    if label_to_remove in current_labels:
+        pr.remove_from_labels(label_to_remove)
+    if label_to_add not in current_labels:
+        pr.add_to_labels(label_to_add)
+
+
 def main():
+    # This script is triggered by a push event to either the master branch or a branch named branch-x.y (where x and y represent version numbers). Based on the pushed branch, the script performs the following actions:
+    # - When ref branch is `master`, it will add the `promoted-to-master` label, which we need later for the auto backport process
+    # - When ref branch is `branch-x.y` (which means we backported a patch), it will replace in the original PR the `backport/x.y` label with `backport/x.y-done` and will close the backport PR (Since GitHub close only the one referring to default branch)
     args = parser()
     pr_pattern = re.compile(r'Closes .*#([0-9]+)')
+    target_branch = re.search(r'branch-(\d+\.\d+)', args.ref)
     g = Github(github_token)
     repo = g.get_repo(args.repository, lazy=False)
-
-    commits = repo.compare(head=args.commit_after_merge, base=args.commit_before_merge)
+    start_commit, end_commit = args.commits.split('..')
+    commits = repo.compare(start_commit, end_commit).commits
+    processed_prs = set()
     # Print commit information
-    for commit in commits.commits:
-        print(commit.sha)
-        match = pr_pattern.search(commit.commit.message)
+    for commit in commits:
+        print(f'Commit sha is: {commit.sha}')
+        pr_last_line = commit.commit.message.splitlines()[-1]
+        match = pr_pattern.search(pr_last_line)
         if match:
-            pr_number = match.group(1)
-            url = f'https://api.github.com/repos/{args.repository}/issues/{pr_number}/labels'
-            data = {
-                "labels": [f'{args.label}']
-            }
-            headers = {
-                "Authorization": f"token {github_token}",
-                "Accept": "application/vnd.github.v3+json"
-            }
-            response = requests.post(url, headers=headers, json=data)
-            if response.ok:
-                print(f"Label added successfully to {url}")
+            pr_number = int(match.group(1))
+            if pr_number in processed_prs:
+                continue
+            if target_branch:
+                pr = repo.get_pull(pr_number)
+                branch_name = target_branch[1]
+                refs_pr = re.findall(r'Parent PR: (?:#|https.*?)(\d+)', pr.body)
+                if refs_pr:
+                    print(f'branch-{target_branch.group(1)}, pr number is: {pr_number}')
+                    # 1. change the backport label of the parent PR to note that
+                    #    we've merged the corresponding backport PR
+                    # 2. close the backport PR and leave a comment on it to note
+                    #    that it has been merged with a certain git commit.
+                    ref_pr_number = refs_pr[0]
+                    mark_backport_done(repo, ref_pr_number, branch_name)
+                    comment = f'Closed via {commit.sha}'
+                    add_comment_and_close_pr(pr, comment)
             else:
-                print(f"No label was added to {url}")
+                try:
+                    pr = repo.get_pull(pr_number)
+                    pr.add_to_labels('promoted-to-master')
+                    print(f'master branch, pr number is: {pr_number}')
+                except UnknownObjectException:
+                    print(f'{pr_number} is not a PR but an issue, no need to add label')
+            processed_prs.add(pr_number)
 
 
 if __name__ == "__main__":

.github/workflows/add-label-when-promoted.yaml

@@ -4,6 +4,11 @@ on:
   push:
     branches:
       - master
+      - branch-*.*
+      - enterprise
+    pull_request_target:
+      types: [labeled]
+      branches: [master, next, enterprise]
 
 jobs:
   check-commit:
@@ -12,15 +17,55 @@ jobs:
       pull-requests: write
       issues: write
     steps:
+      - name: Dump GitHub context
+        env:
+          GITHUB_CONTEXT: ${{ toJson(github) }}
+        run: echo "$GITHUB_CONTEXT"
+      - name: Set Default Branch
+        id: set_branch
+        run: |
+          if [[ "${{ github.repository }}" == *enterprise* ]]; then
+            echo "DEFAULT_BRANCH=enterprise" >> $GITHUB_ENV
+          else
+            echo "DEFAULT_BRANCH=master" >> $GITHUB_ENV
+          fi
       - name: Checkout repository
         uses: actions/checkout@v4
         with:
+          repository: ${{ github.repository }}
+          ref: ${{ env.DEFAULT_BRANCH }}
+          token: ${{ secrets.AUTO_BACKPORT_TOKEN }}
           fetch-depth: 0  # Fetch all history for all tags and branches
-
+      - name: Set up Git identity
+        run: |
+          git config --global user.name "GitHub Action"
+          git config --global user.email "action@github.com"
+          git config --global merge.conflictstyle diff3
       - name: Install dependencies
-        run: sudo apt-get install -y python3-github
-
+        run: sudo apt-get install -y python3-github python3-git
       - name: Run python script
+        if: github.event_name == 'push'
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: python .github/scripts/label_promoted_commits.py --commit_before_merge ${{ github.event.before }} --commit_after_merge ${{ github.event.after }} --repository ${{ github.repository }} --label promoted-to-master
+          GITHUB_TOKEN: ${{ secrets.AUTO_BACKPORT_TOKEN }}
+        run: python .github/scripts/label_promoted_commits.py  --commits ${{ github.event.before }}..${{ github.sha }} --repository ${{ github.repository }} --ref ${{ github.ref }}
+      - name: Run auto-backport.py when promotion completed
+        if: github.event_name == 'push' && github.ref == 'refs/heads/${{ env.DEFAULT_BRANCH }}'
+        env:
+          GITHUB_TOKEN: ${{ secrets.AUTO_BACKPORT_TOKEN }}
+        run: python .github/scripts/auto-backport.py --repo ${{ github.repository }} --base-branch ${{ github.ref }} --commits ${{ github.event.before }}..${{ github.sha }}
+      - name: Check if label starts with 'backport/' and contains digits
+        id: check_label
+        run: |
+          label_name="${{ github.event.label.name }}"
+          if [[ "$label_name" =~ ^backport/[0-9]+\.[0-9]+$ ]]; then
+            echo "Label matches backport/X.X pattern."
+            echo "backport_label=true" >> $GITHUB_OUTPUT
+          else
+            echo "Label does not match the required pattern."
+            echo "backport_label=false" >> $GITHUB_OUTPUT
+          fi
+      - name: Run auto-backport.py when label was added
+        if: github.event_name == 'pull_request_target' && steps.check_label.outputs.backport_label == 'true' && (github.event.pull_request.state == 'closed' && github.event.pull_request.merged == true)
+        env:
+          GITHUB_TOKEN: ${{ secrets.AUTO_BACKPORT_TOKEN }}
+        run: python .github/scripts/auto-backport.py --repo ${{ github.repository }} --base-branch ${{ github.ref }} --pull-request ${{ github.event.pull_request.number }} --head-commit ${{ github.event.pull_request.base.sha }}

.github/workflows/backport-pr-fixes-validation.yaml

@@ -22,5 +22,12 @@ jobs:
             const regex = new RegExp(pattern);
             
             if (!regex.test(body)) {
-              core.setFailed("PR body does not contain a valid 'Fixes' reference.");
+              const error = "PR body does not contain a valid 'Fixes' reference.";
+              core.setFailed(error);
+              await github.rest.issues.createComment({
+                issue_number: context.issue.number,
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                body: `:warning: ${error}`
+              });
             }

.github/workflows/build-scylla.yaml

@@ -0,0 +1,39 @@
+name: Build Scylla
+
+on:
+  workflow_call:
+    inputs:
+      build_mode:
+        description: 'the build mode'
+        type: string
+        required: true
+    outputs:
+      md5sum:
+        description: 'the md5sum for scylla executable'
+        value: ${{ jobs.build.outputs.md5sum }}
+
+jobs:
+  read-toolchain:
+    uses: ./.github/workflows/read-toolchain.yaml
+  build:
+    if: github.repository == 'scylladb/scylladb'
+    needs:
+      - read-toolchain
+    runs-on: ubuntu-latest
+    container: ${{ needs.read-toolchain.outputs.image }}
+    outputs:
+      md5sum: ${{ steps.checksum.outputs.md5sum }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: recursive
+      - name: Generate the building system
+        run: |
+          git config --global --add safe.directory $GITHUB_WORKSPACE
+          ./configure.py --mode ${{ inputs.build_mode }} --with scylla
+      - run: |
+          ninja build/${{ inputs.build_mode }}/scylla
+      - id: checksum
+        run: |
+          checksum=$(md5sum build/${{ inputs.build_mode }}/scylla | cut -c -32)
+          echo "md5sum=$checksum" >> $GITHUB_OUTPUT

.github/workflows/clang-nightly.yaml

@@ -0,0 +1,66 @@
+name: clang-nightly
+
+on:
+  schedule:
+    # only at 5AM Saturday
+    - cron: '0 5 * * SAT'
+
+env:
+  # use the development branch explicitly
+  CLANG_VERSION: 20
+  BUILD_DIR: build
+
+permissions: {}
+
+# cancel the in-progress run upon a repush
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  clang-dev:
+    name: Build with clang nightly
+    if: github.repository == 'scylladb/scylladb'
+    runs-on: ubuntu-latest
+    container: fedora:40
+    strategy:
+      matrix:
+        build_type:
+          - Debug
+          - RelWithDebInfo
+          - Dev
+    steps:
+      - run: |
+          sudo dnf -y install git
+      - uses: actions/checkout@v4
+        with:
+          submodules: true
+      - name: Install build dependencies
+        run: |
+          # use the copr repo for llvm snapshot builds, see
+          # https://copr.fedorainfracloud.org/coprs/g/fedora-llvm-team/llvm-snapshots/
+          sudo dnf -y install 'dnf-command(copr)'
+          sudo dnf copr enable -y @fedora-llvm-team/llvm-snapshots
+          # do not install java dependencies, which is not only not used here
+          sed -i.orig \
+            -e '/tools\/.*\/install-dependencies.sh/d' \
+            -e 's/(minio_download_jobs)/(true)/' \
+            ./install-dependencies.sh
+          sudo ./install-dependencies.sh
+          sudo dnf -y install lld
+      - name: Generate the building system
+        run: |
+          cmake                                         \
+            -DCMAKE_BUILD_TYPE=${{ matrix.build_type }} \
+            -DCMAKE_C_COMPILER=clang-$CLANG_VERSION     \
+            -DCMAKE_CXX_COMPILER=clang++-$CLANG_VERSION \
+            -G Ninja                                    \
+            -B $BUILD_DIR                               \
+            -S .
+      # see https://github.com/actions/toolkit/blob/main/docs/problem-matchers.md
+      - run: |
+          echo "::add-matcher::.github/clang-matcher.json"
+      - run: |
+          cmake --build $BUILD_DIR --target scylla
+      - run: |
+          echo "::remove-matcher owner=clang::"

.github/workflows/clang-tidy.yaml

@@ -10,13 +10,11 @@ on:
       - 'docs/**'
       - '.github/**'
   workflow_dispatch:
-  schedule:
-    # only at 5AM Saturday
-    - cron: '0 5 * * SAT'
+  issue_comment:
+    types:
+      - created
 
 env:
-  # use the stable branch
-  CLANG_VERSION: 18
   BUILD_TYPE: RelWithDebInfo
   BUILD_DIR: build
   CLANG_TIDY_CHECKS: '-*,bugprone-use-after-move'
@@ -29,35 +27,42 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
+  read-toolchain:
+    if: github.event_name == 'pull_request' || (github.event.issue.pull_request && startsWith(github.event.comment.body, '/clang-tidy'))
+    uses: ./.github/workflows/read-toolchain.yaml
   clang-tidy:
     name: Run clang-tidy
+    needs:
+      - read-toolchain
     runs-on: ubuntu-latest
+    container: ${{ needs.read-toolchain.outputs.image }}
     steps:
+      - env:
+          IMAGE: ${{ needs.read-toolchain.image }}
+        run: |
+          echo ${{ needs.read-toolchain.image }}
       - uses: actions/checkout@v4
         with:
           submodules: true
-      - uses: ./.github/actions/setup-build
-        with:
-          install_clang_tidy: true
+      - run: |
+          sudo dnf -y install clang-tools-extra
       - name: Generate the building system
         run: |
           cmake                                         \
             -DCMAKE_BUILD_TYPE=$BUILD_TYPE              \
-            -DCMAKE_C_COMPILER=clang-$CLANG_VERSION     \
-            -DScylla_USE_LINKER=ld.lld-$CLANG_VERSION   \
-            -DCMAKE_CXX_COMPILER=clang++-$CLANG_VERSION \
+            -DCMAKE_C_COMPILER=clang                    \
+            -DScylla_USE_LINKER=ld.lld                  \
+            -DCMAKE_CXX_COMPILER=clang++                \
             -DCMAKE_EXPORT_COMPILE_COMMANDS=ON          \
-            -DCMAKE_CXX_CLANG_TIDY="clang-tidy-$CLANG_VERSION;--checks=$CLANG_TIDY_CHECKS" \
-            -DCMAKE_CXX_FLAGS=-DFMT_HEADER_ONLY         \
-            -DCMAKE_PREFIX_PATH=$PWD/cooking            \
+            -DCMAKE_CXX_CLANG_TIDY="clang-tidy;--checks=$CLANG_TIDY_CHECKS" \
             -G Ninja                                    \
             -B $BUILD_DIR                               \
             -S .
       # see https://github.com/actions/toolkit/blob/main/docs/problem-matchers.md
       - run: |
-          echo "::add-matcher::.github/clang-tidy-matcher.json"
+          echo "::add-matcher::.github/clang-matcher.json"
       - name: Build with clang-tidy enabled
         run: |
           cmake --build $BUILD_DIR --target scylla
       - run: |
-          echo "::remove-matcher owner=clang-tidy::"
+          echo "::remove-matcher owner=clang::"

.github/workflows/codespell.yaml

@@ -14,4 +14,4 @@ jobs:
         with:
           only_warn: 1
           ignore_words_list: "ans,datas,fo,ser,ue,crate,nd,reenable,strat,stap,te,raison"
-          skip: "./.git,./build,./tools,*.js,*.thrift,*.lock,./test,./licenses,./redis/lolwut.cc,*.svg"
+          skip: "./.git,./build,./tools,*.js,*.lock,./test,./licenses,./redis/lolwut.cc,*.svg"

.github/workflows/conflict_reminder.yaml

@@ -0,0 +1,45 @@
+name: Notify PR Authors of Conflicts
+
+on:
+  schedule:
+    - cron: '0 10 * * 1,4'  # Runs every Monday and Thursday at 10:00am
+  workflow_dispatch:      # Manual trigger for testing
+
+jobs:
+  notify_conflict_prs:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Notify PR Authors of Conflicts
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const prs = await github.paginate(github.rest.pulls.list, {
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              state: 'open',
+              per_page: 100
+            });
+            const branchPrefix = 'branch-';
+            const threeDaysAgo = new Date();
+            const conflictLabel = 'conflicts';          
+            threeDaysAgo.setDate(threeDaysAgo.getDate() - 3);
+            for (const pr of prs) {
+              if (!pr.base.ref.startsWith(branchPrefix)) continue;
+              const hasConflictLabel = pr.labels.some(label => label.name === conflictLabel);
+              if (!hasConflictLabel) continue;
+              const updatedDate = new Date(pr.updated_at);
+              if (updatedDate >= threeDaysAgo) continue;
+              if (pr.assignee === null) continue;
+              const assignee = pr.assignee;
+              if (assignee) {
+                await github.rest.issues.createComment({
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                  issue_number: pr.number,
+                  body: `@${assignee}, this PR has been open with conflicts. Please resolve the conflicts so we can merge it.`,
+                });
+                console.log(`Notified @${assignee} for PR #${pr.number}`);
+              } 
+            }
+            console.log(`Total PRs checked: ${prs.length}`);

.github/workflows/docs-pr.yaml

@@ -12,7 +12,8 @@ on:
       - enterprise
     paths:
       - "docs/**"
-
+      - "db/config.hh"
+      - "db/config.cc"
 jobs:
   build:
     runs-on: ubuntu-latest

.github/workflows/iwyu.yaml

@@ -0,0 +1,82 @@
+name: iwyu
+
+on:
+  pull_request:
+    branches:
+      - master
+
+env:
+  BUILD_TYPE: RelWithDebInfo
+  BUILD_DIR: build
+  CLEANER_OUTPUT_PATH: build/clang-include-cleaner.log
+  # the "idl" subdirectory does not contain C++ source code. the .hh files in it are
+  # supposed to be processed by idl-compiler.py, so we don't check them using the cleaner
+  CLEANER_DIRS: test/unit exceptions alternator api auth cdc compaction db dht gms index lang
+
+permissions: {}
+
+# cancel the in-progress run upon a repush
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  read-toolchain:
+    uses: ./.github/workflows/read-toolchain.yaml
+  clang-include-cleaner:
+    name: "Analyze #includes in source files"
+    needs:
+      - read-toolchain
+    runs-on: ubuntu-latest
+    container: ${{ needs.read-toolchain.outputs.image }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: true
+      - run: |
+          sudo dnf -y install clang-tools-extra
+      - name: Generate compilation database
+        run: |
+          cmake                                         \
+            -DCMAKE_BUILD_TYPE=$BUILD_TYPE              \
+            -DCMAKE_C_COMPILER=clang                    \
+            -DCMAKE_CXX_COMPILER=clang++                \
+            -DCMAKE_EXPORT_COMPILE_COMMANDS=ON          \
+            -G Ninja                                    \
+            -B $BUILD_DIR                               \
+            -S .
+      - name: Build headers
+        run: |
+          swagger_targets=''
+          for f in api/api-doc/*.json; do
+            if test "${f#*.}" = json; then
+              name=$(basename "$f" .json)
+              if test $name != swagger20_header; then
+                swagger_targets+=" scylla_swagger_gen_$name"
+              fi
+            fi
+          done
+          cmake                                         \
+            --build build                               \
+             --target seastar_http_request_parser       \
+             --target idl-sources                       \
+             --target $swagger_targets
+      - run: |
+          echo "::add-matcher::.github/clang-include-cleaner.json"
+      - name: clang-include-cleaner
+        run: |
+          for d in $CLEANER_DIRS; do
+            find $d -name '*.cc' -o -name '*.hh'          \
+              -exec echo {} \;                            \
+              -exec clang-include-cleaner                 \
+                --ignore-headers=seastarx.hh              \
+                --print=changes                           \
+                -p $BUILD_DIR                             \
+                {} \; | tee --append $CLEANER_OUTPUT_PATH
+          done
+      - run: |
+          echo "::remove-matcher owner=clang-include-cleaner::"
+      - uses: actions/upload-artifact@v4
+        with:
+          name: Logs (clang-include-cleaner)
+          path: "./${{ env.CLEANER_OUTPUT_PATH }}"

.github/workflows/read-toolchain.yaml

@@ -0,0 +1,23 @@
+name: Read Toolchain
+
+on:
+  workflow_call:
+    outputs:
+      image:
+        description: "the toolchain docker image"
+        value: ${{ jobs.read-toolchain.outputs.image }}
+
+jobs:
+  read-toolchain:
+    runs-on: ubuntu-latest
+    outputs:
+      image: ${{ steps.read.outputs.image }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          sparse-checkout: tools/toolchain/image
+          sparse-checkout-cone-mode: false
+      - id: read
+        run: |
+          image=$(cat tools/toolchain/image)
+          echo "image=$image" >> $GITHUB_OUTPUT

.github/workflows/reproducible-build.yaml

@@ -0,0 +1,35 @@
+name: Check Reproducible Build
+
+on:
+  schedule:
+    # 5AM every friday
+    - cron: '0 5 * * FRI'
+
+permissions: {}
+
+env:
+  BUILD_MODE: release
+jobs:
+  build-a:
+    uses: ./.github/workflows/build-scylla.yaml
+    with:
+      build_mode: release
+  build-b:
+    uses: ./.github/workflows/build-scylla.yaml
+    with:
+      build_mode: release
+  compare-checksum:
+    if: github.repository == 'scylladb/scylladb'
+    runs-on: ubuntu-latest
+    needs:
+      - build-a
+      - build-b
+    steps:
+      - env:
+          CHECKSUM_A: ${{needs.build-a.outputs.md5sum}}
+          CHECKSUM_B: ${{needs.build-b.outputs.md5sum}}
+        run: |
+          if [ $CHECKSUM_A != $CHECKSUM_B ]; then                             \
+            echo "::error::mismatched checksums: $CHECKSUM_A != $CHECKSUM_B"; \
+            exit 1;                                                           \
+          fi

.github/workflows/seastar.yaml

@@ -0,0 +1,50 @@
+name: Build with the latest Seastar
+
+on:
+  schedule:
+    # 5AM everyday
+    - cron: '0 5 * * *'
+
+permissions: {}
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  BUILD_DIR: build
+
+jobs:
+  build-with-the-latest-seastar:
+    runs-on: ubuntu-latest
+    # be consistent with tools/toolchain/image
+    container: scylladb/scylla-toolchain:fedora-40-20240621
+    strategy:
+      matrix:
+        build_type:
+          - Debug
+          - RelWithDebInfo
+          - Dev
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: true
+      - run: |
+          rm -rf seastar
+      - uses: actions/checkout@v4
+        with:
+          repository: scylladb/seastar
+          submodules: true
+          path: seastar
+      - name: Generate the building system
+        run: |
+          git config --global --add safe.directory $GITHUB_WORKSPACE
+          cmake                                         \
+            -DCMAKE_BUILD_TYPE=${{ matrix.build_type }} \
+            -DCMAKE_C_COMPILER=clang                    \
+            -DCMAKE_CXX_COMPILER=clang++                \
+            -G Ninja                                    \
+            -B $BUILD_DIR                               \
+            -S .
+      - run: |
+          cmake --build $BUILD_DIR --target scylla

.github/workflows/sync-labels.yaml

@@ -16,6 +16,10 @@ jobs:
       pull-requests: write
       issues: write
     steps:
+      - name: Dump GitHub context
+        env:
+          GITHUB_CONTEXT: ${{ toJson(github) }}
+        run: echo "$GITHUB_CONTEXT"
       - name: Checkout repository
         uses: actions/checkout@v4
         with:
@@ -33,7 +37,7 @@ jobs:
         run: python .github/scripts/sync_labels.py --repo ${{ github.repository }} --number ${{ github.event.number }} --action ${{ github.event.action }}
 
       - name: Pull request labeled or unlabeled event
-        if: github.event_name == 'pull_request' && startsWith(github.event.label.name, 'backport/')
+        if: github.event_name == 'pull_request_target' && startsWith(github.event.label.name, 'backport/')
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: python .github/scripts/sync_labels.py --repo ${{ github.repository }} --number ${{ github.event.number }} --action ${{ github.event.action }} --label ${{ github.event.label.name }}

.gitignore

@@ -3,6 +3,8 @@
 .settings
 build
 build.ninja
+cmake-build-*
+build.ninja.new
 cscope.*
 /debian/
 dist/ami/files/*.rpm
@@ -12,13 +14,14 @@ dist/ami/scylla_deploy.sh
 Cql.tokens
 .kdev4
 *.kdev4
+.idea
 CMakeLists.txt.user
 .cache
 .tox
 *.egg-info
 __pycache__CMakeLists.txt.user
 .gdbinit
-resources
+/resources
 .pytest_cache
 /expressions.tokens
 tags
@@ -31,3 +34,4 @@ compile_commands.json
 .mypy_cache
 .envrc
 clang_build
+.idea/

.gitmodules

@@ -9,9 +9,6 @@
 [submodule "abseil"]
 	path = abseil
 	url = ../abseil-cpp
-[submodule "scylla-jmx"]
-	path = tools/jmx
-	url = ../scylla-jmx
 [submodule "scylla-tools"]
 	path = tools/java
 	url = ../scylla-tools-java

CMakeLists.txt

@@ -2,8 +2,6 @@ cmake_minimum_required(VERSION 3.27)
 
 project(scylla)
 
-include(CTest)
-
 list(APPEND CMAKE_MODULE_PATH
   ${CMAKE_CURRENT_SOURCE_DIR}/cmake
   ${CMAKE_CURRENT_SOURCE_DIR}/seastar/cmake)
@@ -25,7 +23,8 @@ if(DEFINED CMAKE_BUILD_TYPE)
 endif(DEFINED CMAKE_BUILD_TYPE)
 
 include(mode.common)
-if(CMAKE_CONFIGURATION_TYPES)
+get_property(is_multi_config GLOBAL PROPERTY GENERATOR_IS_MULTI_CONFIG)
+if(is_multi_config)
     foreach(config ${CMAKE_CONFIGURATION_TYPES})
         include(mode.${config})
         list(APPEND scylla_build_modes ${scylla_build_mode_${config}})
@@ -44,29 +43,75 @@ endif()
 
 include(limit_jobs)
 # Configure Seastar compile options to align with Scylla
-set(CMAKE_CXX_STANDARD "20" CACHE INTERNAL "")
+set(CMAKE_CXX_STANDARD "23" CACHE INTERNAL "")
 set(CMAKE_CXX_EXTENSIONS ON CACHE INTERNAL "")
+set(CMAKE_CXX_SCAN_FOR_MODULES OFF CACHE INTERNAL "")
 set(CMAKE_CXX_VISIBILITY_PRESET hidden)
 
-set(Seastar_TESTING ON CACHE BOOL "" FORCE)
-set(Seastar_API_LEVEL 7 CACHE STRING "" FORCE)
-set(Seastar_APPS ON CACHE BOOL "" FORCE)
-set(Seastar_EXCLUDE_APPS_FROM_ALL ON CACHE BOOL "" FORCE)
-set(Seastar_EXCLUDE_TESTS_FROM_ALL ON CACHE BOOL "" FORCE)
-set(Seastar_UNUSED_RESULT_ERROR ON CACHE BOOL "" FORCE)
-add_subdirectory(seastar)
+if(is_multi_config)
+    find_package(Seastar)
+    # this is atypical compared to standard ExternalProject usage:
+    # - Seastar's build system should already be configured at this point.
+    # - We maintain separate project variants for each configuration type.
+    #
+    # Benefits of this approach:
+    # - Allows the parent project to consume the compile options exposed by
+    #   .pc file. as the compile options vary from one config to another.
+    # - Allows application of config-specific settings
+    # - Enables building Seastar within the parent project's build system
+    # - Facilitates linking of artifacts with the external project target,
+    #   establishing proper dependencies between them
+    include(ExternalProject)
+
+    ExternalProject_Add(Seastar
+        SOURCE_DIR "${PROJECT_SOURCE_DIR}/seastar"
+        BINARY_DIR "${CMAKE_BINARY_DIR}/$<CONFIG>/seastar"
+        CONFIGURE_COMMAND ""
+        BUILD_COMMAND ${CMAKE_COMMAND} --build <BINARY_DIR>
+          --target seastar
+          --target seastar_testing
+          --target seastar_perf_testing
+          --target app_iotune
+        BUILD_ALWAYS ON
+        BUILD_BYPRODUCTS
+          <BINARY_DIR>/libseastar.$<IF:$<CONFIG:Debug,Dev>,so,a>
+          <BINARY_DIR>/libseastar_testing.$<IF:$<CONFIG:Debug,Dev>,so,a>
+          <BINARY_DIR>/libseastar_perf_testing.$<IF:$<CONFIG:Debug,Dev>,so,a>
+          <BINARY_DIR>/apps/iotune/iotune
+          <BINARY_DIR>/gen/include/seastar/http/chunk_parsers.hh
+          <BINARY_DIR>/gen/include/seastar/http/request_parser.hh
+          <BINARY_DIR>/gen/include/seastar/http/response_parser.hh
+        INSTALL_COMMAND "")
+    add_dependencies(Seastar::seastar Seastar)
+    add_dependencies(Seastar::seastar_testing Seastar)
+else()
+    set(Seastar_TESTING ON CACHE BOOL "" FORCE)
+    set(Seastar_API_LEVEL 7 CACHE STRING "" FORCE)
+    set(Seastar_DEPRECATED_OSTREAM_FORMATTERS OFF CACHE BOOL "" FORCE)
+    set(Seastar_APPS ON CACHE BOOL "" FORCE)
+    set(Seastar_EXCLUDE_APPS_FROM_ALL ON CACHE BOOL "" FORCE)
+    set(Seastar_EXCLUDE_TESTS_FROM_ALL ON CACHE BOOL "" FORCE)
+    set(Seastar_IO_URING OFF CACHE BOOL "" FORCE)
+    set(Seastar_SCHEDULING_GROUPS_COUNT 16 CACHE STRING "" FORCE)
+    set(Seastar_UNUSED_RESULT_ERROR ON CACHE BOOL "" FORCE)
+    add_subdirectory(seastar)
+    target_compile_definitions (seastar
+      PRIVATE
+        SEASTAR_NO_EXCEPTION_HACK)
+endif()
+
 set(ABSL_PROPAGATE_CXX_STD ON CACHE BOOL "" FORCE)
 
 find_package(Sanitizers QUIET)
 set(sanitizer_cxx_flags
-    $<$<IN_LIST:$<CONFIG>,Debug;Sanitize>:$<TARGET_PROPERTY:Sanitizers::address,INTERFACE_COMPILE_OPTIONS>;$<TARGET_PROPERTY:Sanitizers::undefined_behavior,INTERFACE_COMPILE_OPTIONS>>)
+    $<$<CONFIG:Debug,Sanitize>:$<TARGET_PROPERTY:Sanitizers::address,INTERFACE_COMPILE_OPTIONS>;$<TARGET_PROPERTY:Sanitizers::undefined_behavior,INTERFACE_COMPILE_OPTIONS>>)
 if(CMAKE_CXX_COMPILER_ID STREQUAL "GNU")
     set(ABSL_GCC_FLAGS ${sanitizer_cxx_flags})
 elseif(CMAKE_CXX_COMPILER_ID STREQUAL "Clang")
     set(ABSL_LLVM_FLAGS ${sanitizer_cxx_flags})
 endif()
 set(ABSL_DEFAULT_LINKOPTS
-    $<$<IN_LIST:$<CONFIG>,Debug;Sanitize>:$<TARGET_PROPERTY:Sanitizers::address,INTERFACE_LINK_LIBRARIES>;$<TARGET_PROPERTY:Sanitizers::undefined_behavior,INTERFACE_LINK_LIBRARIES>>)
+    $<$<CONFIG:Debug,Sanitize>:$<TARGET_PROPERTY:Sanitizers::address,INTERFACE_LINK_LIBRARIES>;$<TARGET_PROPERTY:Sanitizers::undefined_behavior,INTERFACE_LINK_LIBRARIES>>)
 add_subdirectory(abseil)
 add_library(absl-headers INTERFACE)
 target_include_directories(absl-headers SYSTEM INTERFACE
@@ -93,13 +138,14 @@ target_link_libraries(Boost::regex
 find_package(Lua REQUIRED)
 find_package(ZLIB REQUIRED)
 find_package(ICU COMPONENTS uc i18n REQUIRED)
-find_package(fmt 9.0.0 REQUIRED)
+find_package(fmt 10.0.0 REQUIRED)
 find_package(libdeflate REQUIRED)
 find_package(libxcrypt REQUIRED)
 find_package(Snappy REQUIRED)
 find_package(RapidJSON REQUIRED)
-find_package(Thrift REQUIRED)
 find_package(xxHash REQUIRED)
+find_package(yaml-cpp REQUIRED)
+find_package(zstd REQUIRED)
 
 set(scylla_gen_build_dir "${CMAKE_BINARY_DIR}/gen")
 file(MAKE_DIRECTORY "${scylla_gen_build_dir}")
@@ -107,6 +153,14 @@ file(MAKE_DIRECTORY "${scylla_gen_build_dir}")
 include(add_version_library)
 generate_scylla_version()
 
+add_library(scylla-zstd STATIC
+    zstd.cc)
+target_link_libraries(scylla-zstd
+  PRIVATE
+    db
+    Seastar::seastar
+    zstd::libzstd)
+
 add_library(scylla-main STATIC)
 target_sources(scylla-main
   PRIVATE
@@ -128,6 +182,7 @@ target_sources(scylla-main
     keys.cc
     multishard_mutation_query.cc
     mutation_query.cc
+    node_ops/task_manager_module.cc
     partition_slice_builder.cc
     querier.cc
     query.cc
@@ -141,14 +196,15 @@ target_sources(scylla-main
     serializer.cc
     sstables_loader.cc
     table_helper.cc
+    tasks/task_handler.cc
     tasks/task_manager.cc
     timeout_config.cc
     unimplemented.cc
     validation.cc
-    vint-serialization.cc
-    zstd.cc)
+    vint-serialization.cc)
 target_link_libraries(scylla-main
   PRIVATE
+    "$<LINK_LIBRARY:WHOLE_ARCHIVE,scylla-zstd>"
     db
     absl::headers
     absl::btree
@@ -184,6 +240,12 @@ include(check_headers)
 check_headers(check-headers scylla-main
   GLOB ${CMAKE_CURRENT_SOURCE_DIR}/*.hh)
 
+option(Scylla_DIST
+  "Build dist targets"
+  ON)
+
+add_custom_target(compiler-training)
+
 add_subdirectory(api)
 add_subdirectory(alternator)
 add_subdirectory(db)
@@ -196,7 +258,6 @@ add_subdirectory(dht)
 add_subdirectory(gms)
 add_subdirectory(idl)
 add_subdirectory(index)
-add_subdirectory(interface)
 add_subdirectory(lang)
 add_subdirectory(locator)
 add_subdirectory(message)
@@ -214,7 +275,6 @@ add_subdirectory(service)
 add_subdirectory(sstables)
 add_subdirectory(streaming)
 add_subdirectory(test)
-add_subdirectory(thrift)
 add_subdirectory(tools)
 add_subdirectory(tracing)
 add_subdirectory(transport)
@@ -255,7 +315,6 @@ target_link_libraries(scylla PRIVATE
     sstables
     streaming
     test-perf
-    thrift
     tools
     tracing
     transport
@@ -263,12 +322,20 @@ target_link_libraries(scylla PRIVATE
     utils)
 
 target_link_libraries(scylla PRIVATE
-    seastar
+    Seastar::seastar
     absl::headers
+    yaml-cpp::yaml-cpp
     Boost::program_options)
 
 target_include_directories(scylla PRIVATE
     "${CMAKE_CURRENT_SOURCE_DIR}"
     "${scylla_gen_build_dir}")
 
-add_subdirectory(dist)
+add_custom_target(maybe-scylla
+  DEPENDS $<$<CONFIG:Dev>:$<TARGET_FILE:scylla>>)
+add_dependencies(compiler-training
+  maybe-scylla)
+
+if(Scylla_DIST)
+  add_subdirectory(dist)
+endif()

HACKING.md

@@ -19,18 +19,18 @@ $ git submodule update --init --recursive
 ### Dependencies
 
 Scylla is fairly fussy about its build environment, requiring a very recent
-version of the C++20 compiler and numerous tools and libraries to build.
+version of the C++23 compiler and numerous tools and libraries to build.
 
 Run `./install-dependencies.sh` (as root) to use your Linux distributions's
 package manager to install the appropriate packages on your build machine.
 However, this will only work on very recent distributions. For example,
 currently Fedora users must upgrade to Fedora 32 otherwise the C++ compiler
-will be too old, and not support the new C++20 standard that Scylla uses.
+will be too old, and not support the new C++23 standard that Scylla uses.
 
 Alternatively, to avoid having to upgrade your build machine or install
 various packages on it, we provide another option - the **frozen toolchain**.
 This is a script, `./tools/toolchain/dbuild`, that can execute build or run
-commands inside a Docker image that contains exactly the right build tools and
+commands inside a container that contains exactly the right build tools and
 libraries. The `dbuild` technique is useful for beginners, but is also the way
 in which ScyllaDB produces official releases, so it is highly recommended.
 
@@ -43,6 +43,12 @@ $ ./tools/toolchain/dbuild ninja build/release/scylla
 $ ./tools/toolchain/dbuild ./build/release/scylla --developer-mode 1
 ```
 
+Note: do not mix environemtns - either perform all your work with dbuild, or natively on the host.
+Note2: you can get to an interactive shell within dbuild by running it without any parameters:
+```bash
+$ ./tools/toolchain/dbuild
+```
+
 ### Build system
 
 **Note**: Compiling Scylla requires, conservatively, 2 GB of memory per native
@@ -116,6 +122,13 @@ Run all tests through the test execution wrapper with
 $ ./test.py --mode={debug,release}
 ```
 
+or, if you are using `dbuild`, you need to build the code and the tests and then you can run them at will:
+
+```bash
+$ ./tools/toolchain/dbuild ninja {debug,release,dev}-build
+$ ./tools/toolchain/dbuild ./test.py --mode {debug,release,dev}
+```
+
 The `--name` argument can be specified to run a particular test.
 
 Alternatively, you can execute the test executable directly. For example,
@@ -199,7 +212,7 @@ The `scylla.yaml` file in the repository by default writes all database data to
 
 Scylla has a number of requirements for the file-system and operating system to operate ideally and at peak performance. However, during development, these requirements can be relaxed with the `--developer-mode` flag.
 
-Additionally, when running on under-powered platforms like portable laptops, the `--overprovisined` flag is useful.
+Additionally, when running on under-powered platforms like portable laptops, the `--overprovisioned` flag is useful.
 
 On a development machine, one might run Scylla as
 

README.md

@@ -15,7 +15,7 @@ For more information, please see the [ScyllaDB web site].
 ## Build Prerequisites
 
 Scylla is fairly fussy about its build environment, requiring very recent
-versions of the C++20 compiler and of many libraries to build. The document
+versions of the C++23 compiler and of many libraries to build. The document
 [HACKING.md](HACKING.md) includes detailed information on building and
 developing Scylla, but to get Scylla building quickly on (almost) any build
 machine, Scylla offers a [frozen toolchain](tools/toolchain/README.md),
@@ -65,11 +65,13 @@ $ ./tools/toolchain/dbuild ./build/release/scylla --help
 
 ## Testing
 
+[![Build with the latest Seastar](https://github.com/scylladb/scylladb/actions/workflows/seastar.yaml/badge.svg)](https://github.com/scylladb/scylladb/actions/workflows/seastar.yaml) [![Check Reproducible Build](https://github.com/scylladb/scylladb/actions/workflows/reproducible-build.yaml/badge.svg)](https://github.com/scylladb/scylladb/actions/workflows/reproducible-build.yaml) [![clang-nightly](https://github.com/scylladb/scylladb/actions/workflows/clang-nightly.yaml/badge.svg)](https://github.com/scylladb/scylladb/actions/workflows/clang-nightly.yaml)
+
 See [test.py manual](docs/dev/testing.md).
 
 ## Scylla APIs and compatibility
-By default, Scylla is compatible with Apache Cassandra and its APIs - CQL and
-Thrift. There is also support for the API of Amazon DynamoDB™,
+By default, Scylla is compatible with Apache Cassandra and its API - CQL.
+There is also support for the API of Amazon DynamoDB™,
 which needs to be enabled and configured in order to be used. For more
 information on how to enable the DynamoDB™ API in Scylla,
 and the current compatibility of this feature as well as Scylla-specific extensions, see
@@ -82,11 +84,11 @@ Documentation can be found [here](docs/dev/README.md).
 Seastar documentation can be found [here](http://docs.seastar.io/master/index.html).
 User documentation can be found [here](https://docs.scylladb.com/).
 
-## Training 
+## Training
 
-Training material and online courses can be found at [Scylla University](https://university.scylladb.com/). 
-The courses are free, self-paced and include hands-on examples. They cover a variety of topics including Scylla data modeling, 
-administration, architecture, basic NoSQL concepts, using drivers for application development, Scylla setup, failover, compactions, 
+Training material and online courses can be found at [Scylla University](https://university.scylladb.com/).
+The courses are free, self-paced and include hands-on examples. They cover a variety of topics including Scylla data modeling,
+administration, architecture, basic NoSQL concepts, using drivers for application development, Scylla setup, failover, compactions,
 multi-datacenters and how Scylla integrates with third-party applications.
 
 ## Contributing to Scylla

SCYLLA-VERSION-GEN

@@ -78,7 +78,7 @@ fi
 
 # Default scylla product/version tags
 PRODUCT=scylla
-VERSION=5.5.0-dev
+VERSION=6.3.0-dev
 
 if test -f version
 then
@@ -104,7 +104,7 @@ else
 fi
 
 if [ -f "$OUTPUT_DIR/SCYLLA-RELEASE-FILE" ]; then
-	GIT_COMMIT_FILE=$(cat "$OUTPUT_DIR/SCYLLA-RELEASE-FILE" |cut -d . -f 3)
+	GIT_COMMIT_FILE=$(cat "$OUTPUT_DIR/SCYLLA-RELEASE-FILE" | rev | cut -d . -f 1 | rev)
 	if [ "$GIT_COMMIT" = "$GIT_COMMIT_FILE" ]; then
 		exit 0
 	fi

alternator/auth.cc

@@ -8,7 +8,7 @@
 
 #include "alternator/error.hh"
 #include "auth/common.hh"
-#include "log.hh"
+#include "utils/log.hh"
 #include <string>
 #include <string_view>
 #include "bytes.hh"
@@ -19,6 +19,7 @@
 #include "alternator/executor.hh"
 #include "cql3/selection/selection.hh"
 #include "cql3/result_set.hh"
+#include "types/types.hh"
 #include <seastar/core/coroutine.hh>
 
 namespace alternator {
@@ -31,11 +32,12 @@ future<std::string> get_key_from_roles(service::storage_proxy& proxy, auth::serv
     dht::partition_range_vector partition_ranges{dht::partition_range(dht::decorate_key(*schema, pk))};
     std::vector<query::clustering_range> bounds{query::clustering_range::make_open_ended_both_sides()};
     const column_definition* salted_hash_col = schema->get_column_definition(bytes("salted_hash"));
-    if (!salted_hash_col) {
-        co_await coroutine::return_exception(api_error::unrecognized_client(format("Credentials cannot be fetched for: {}", username)));
+    const column_definition* can_login_col = schema->get_column_definition(bytes("can_login"));
+    if (!salted_hash_col || !can_login_col) {
+        co_await coroutine::return_exception(api_error::unrecognized_client(fmt::format("Credentials cannot be fetched for: {}", username)));
     }
-    auto selection = cql3::selection::selection::for_columns(schema, {salted_hash_col});
-    auto partition_slice = query::partition_slice(std::move(bounds), {}, query::column_id_vector{salted_hash_col->id}, selection->get_query_options());
+    auto selection = cql3::selection::selection::for_columns(schema, {salted_hash_col, can_login_col});
+    auto partition_slice = query::partition_slice(std::move(bounds), {}, query::column_id_vector{salted_hash_col->id, can_login_col->id}, selection->get_query_options());
     auto command = ::make_lw_shared<query::read_command>(schema->id(), schema->version(), partition_slice,
             proxy.get_max_result_size(partition_slice), query::tombstone_limit(proxy.get_tombstone_limit()));
     auto cl = auth::password_authenticator::consistency_for_user(username);
@@ -49,11 +51,18 @@ future<std::string> get_key_from_roles(service::storage_proxy& proxy, auth::serv
 
     auto result_set = builder.build();
     if (result_set->empty()) {
-        co_await coroutine::return_exception(api_error::unrecognized_client(format("User not found: {}", username)));
+        co_await coroutine::return_exception(api_error::unrecognized_client(fmt::format("User not found: {}", username)));
     }
-    const managed_bytes_opt& salted_hash = result_set->rows().front().front(); // We only asked for 1 row and 1 column
+    const auto& result = result_set->rows().front();
+    bool can_login = result[1] && value_cast<bool>(boolean_type->deserialize(*result[1]));
+    if (!can_login) {
+        // This is a valid role name, but has "login=False" so should not be
+        // usable for authentication (see #19735).
+        co_await coroutine::return_exception(api_error::unrecognized_client(fmt::format("Role {} has login=false so cannot be used for login", username)));
+    }
+    const managed_bytes_opt& salted_hash = result.front();
     if (!salted_hash) {
-        co_await coroutine::return_exception(api_error::unrecognized_client(format("No password found for user: {}", username)));
+        co_await coroutine::return_exception(api_error::unrecognized_client(fmt::format("No password found for user: {}", username)));
     }
     co_return value_cast<sstring>(utf8_type->deserialize(*salted_hash));
 }

alternator/conditions.cc

@@ -15,8 +15,6 @@
 #include "utils/base64.hh"
 #include "utils/rjson.hh"
 #include <stdexcept>
-#include <boost/algorithm/cxx11/all_of.hpp>
-#include <boost/algorithm/cxx11/any_of.hpp>
 #include "utils/overloaded_functor.hh"
 
 #include "expressions.hh"
@@ -42,12 +40,12 @@ comparison_operator_type get_comparison_operator(const rjson::value& comparison_
             {"NOT_CONTAINS", comparison_operator_type::NOT_CONTAINS},
     };
     if (!comparison_operator.IsString()) {
-        throw api_error::validation(format("Invalid comparison operator definition {}", rjson::print(comparison_operator)));
+        throw api_error::validation(fmt::format("Invalid comparison operator definition {}", rjson::print(comparison_operator)));
     }
     std::string op = comparison_operator.GetString();
     auto it = ops.find(op);
     if (it == ops.end()) {
-        throw api_error::validation(format("Unsupported comparison operator {}", op));
+        throw api_error::validation(fmt::format("Unsupported comparison operator {}", op));
     }
     return it->second;
 }
@@ -429,7 +427,7 @@ static bool check_BETWEEN(const T& v, const T& lb, const T& ub, bool bounds_from
     if (cmp_lt()(ub, lb)) {
         if (bounds_from_query) {
             throw api_error::validation(
-                format("BETWEEN operator requires lower_bound <= upper_bound, but {} > {}", lb, ub));
+                fmt::format("BETWEEN operator requires lower_bound <= upper_bound, but {} > {}", lb, ub));
         } else {
             return false;
         }
@@ -613,7 +611,7 @@ conditional_operator_type get_conditional_operator(const rjson::value& req) {
         return conditional_operator_type::OR;
     } else {
         throw api_error::validation(
-                format("'ConditionalOperator' parameter must be AND, OR or missing. Found {}.", s));
+                fmt::format("'ConditionalOperator' parameter must be AND, OR or missing. Found {}.", s));
     }
 }
 
@@ -743,9 +741,9 @@ bool verify_condition_expression(
             };
             switch (list.op) {
             case '&':
-                return boost::algorithm::all_of(list.conditions, verify_condition);
+                return std::ranges::all_of(list.conditions, verify_condition);
             case '|':
-                return boost::algorithm::any_of(list.conditions, verify_condition);
+                return std::ranges::any_of(list.conditions, verify_condition);
             default:
                 // Shouldn't happen unless we have a bug in the parser
                 throw std::logic_error("bad operator in condition_list");

alternator/controller.cc

@@ -32,8 +32,10 @@ controller::controller(
         sharded<service::memory_limiter>& memory_limiter,
         sharded<auth::service>& auth_service,
         sharded<qos::service_level_controller>& sl_controller,
-        const db::config& config)
-    : _gossiper(gossiper)
+        const db::config& config,
+        seastar::scheduling_group sg)
+    : protocol_server(sg)
+    , _gossiper(gossiper)
     , _proxy(proxy)
     , _mm(mm)
     , _sys_dist_ks(sys_dist_ks)
@@ -62,7 +64,9 @@ std::vector<socket_address> controller::listen_addresses() const {
 }
 
 future<> controller::start_server() {
-    return seastar::async([this] {
+    seastar::thread_attributes attr;
+    attr.sched_group = _sched_group;
+    return seastar::async(std::move(attr), [this] {
         _listen_addresses.clear();
 
         auto preferred = _config.listen_interface_prefer_ipv6() ? std::make_optional(net::inet_address::family::INET6) : std::nullopt;
@@ -126,10 +130,10 @@ future<> controller::start_server() {
                 std::throw_with_nested(std::runtime_error("Failed to set up Alternator TLS credentials"));
             }
         }
-        bool alternator_enforce_authorization = _config.alternator_enforce_authorization();
         _server.invoke_on_all(
-                [this, addr, alternator_port, alternator_https_port, creds = std::move(creds), alternator_enforce_authorization] (server& server) mutable {
-            return server.init(addr, alternator_port, alternator_https_port, creds, alternator_enforce_authorization,
+                [this, addr, alternator_port, alternator_https_port, creds = std::move(creds)] (server& server) mutable {
+            return server.init(addr, alternator_port, alternator_https_port, creds,
+                    _config.alternator_enforce_authorization,
                     &_memory_limiter.local().get_semaphore(),
                     _config.max_concurrent_requests_per_shard);
         }).handle_exception([this, addr, alternator_port, alternator_https_port] (std::exception_ptr ep) {
@@ -156,7 +160,9 @@ future<> controller::stop_server() {
 }
 
 future<> controller::request_stop_server() {
-    return stop_server();
+    return with_scheduling_group(_sched_group, [this] {
+        return stop_server();
+    });
 }
 
 }

alternator/controller.hh

@@ -80,7 +80,8 @@ public:
         sharded<service::memory_limiter>& memory_limiter,
         sharded<auth::service>& auth_service,
         sharded<qos::service_level_controller>& sl_controller,
-        const db::config& config);
+        const db::config& config,
+        seastar::scheduling_group sg);
 
     virtual sstring name() const override;
     virtual sstring protocol() const override;

alternator/executor.hh

@@ -9,7 +9,6 @@
 #pragma once
 
 #include <seastar/core/future.hh>
-#include <seastar/http/httpd.hh>
 #include "seastarx.hh"
 #include <seastar/json/json_elements.hh>
 #include <seastar/core/sharded.hh>
@@ -24,6 +23,8 @@
 #include "utils/rjson.hh"
 #include "utils/updateable_value.hh"
 
+#include "tracing/trace_state.hh"
+
 namespace db {
     class system_distributed_keyspace;
 }
@@ -51,6 +52,8 @@ class gossiper;
 
 }
 
+class schema_builder;
+
 namespace alternator {
 
 class rmw_operation;
@@ -159,6 +162,7 @@ class executor : public peering_sharded_service<executor> {
     service::migration_manager& _mm;
     db::system_distributed_keyspace& _sdks;
     cdc::metadata& _cdc_metadata;
+    utils::updateable_value<bool> _enforce_authorization;
     // An smp_service_group to be used for limiting the concurrency when
     // forwarding Alternator request between shards - if necessary for LWT.
     smp_service_group _ssg;
@@ -177,10 +181,7 @@ public:
              db::system_distributed_keyspace& sdks,
              cdc::metadata& cdc_metadata,
              smp_service_group ssg,
-             utils::updateable_value<uint32_t> default_timeout_in_ms)
-        : _gossiper(gossiper), _proxy(proxy), _mm(mm), _sdks(sdks), _cdc_metadata(cdc_metadata), _ssg(ssg) {
-        s_default_timeout_in_ms = std::move(default_timeout_in_ms);
-    }
+             utils::updateable_value<uint32_t> default_timeout_in_ms);
 
     future<request_return_type> create_table(client_state& client_state, tracing::trace_state_ptr trace_state, service_permit permit, rjson::value request);
     future<request_return_type> describe_table(client_state& client_state, tracing::trace_state_ptr trace_state, service_permit permit, rjson::value request);
@@ -263,4 +264,9 @@ public:
 // add more than a couple of levels in its own output construction.
 bool is_big(const rjson::value& val, int big_size = 100'000);
 
+// Check CQL's Role-Based Access Control (RBAC) permission (MODIFY,
+// SELECT, DROP, etc.) on the given table. When permission is denied an
+// appropriate user-readable api_error::access_denied is thrown.
+future<> verify_permission(bool enforce_authorization, const service::client_state&, const schema_ptr&, auth::permission);
+
 }

alternator/expressions.cc

@@ -20,15 +20,12 @@
 #include <seastar/core/print.hh>
 #include <seastar/util/log.hh>
 
-#include <boost/algorithm/cxx11/any_of.hpp>
-#include <boost/algorithm/cxx11/all_of.hpp>
-
 #include <functional>
 #include <unordered_map>
 
 namespace alternator {
 
-template <typename Func, typename Result = std::result_of_t<Func(expressionsParser&)>>
+template <typename Func, typename Result = std::invoke_result_t<Func, expressionsParser&>>
 static Result do_with_parser(std::string_view input, Func&& f) {
     expressionsLexer::InputStreamType input_stream{
         reinterpret_cast<const ANTLR_UINT8*>(input.data()),
@@ -43,7 +40,7 @@ static Result do_with_parser(std::string_view input, Func&& f) {
     return result;
 }
 
-template <typename Func, typename Result = std::result_of_t<Func(expressionsParser&)>>
+template <typename Func, typename Result = std::invoke_result_t<Func, expressionsParser&>>
 static Result parse(const char* input_name, std::string_view input, Func&& f) {
     if (input.length() > 4096) {
         throw expressions_syntax_error(format("{} expression size {} exceeds allowed maximum 4096.",
@@ -57,10 +54,10 @@ static Result parse(const char* input_name, std::string_view input, Func&& f) {
         // TODO: displayRecognitionError could set a position inside the
         // expressions_syntax_error in throws, and we could use it here to
         // mark the broken position in 'input'.
-        throw expressions_syntax_error(format("Failed parsing {} '{}': {}",
+        throw expressions_syntax_error(fmt::format("Failed parsing {} '{}': {}",
             input_name, input, e.what()));
     } catch (...) {
-        throw expressions_syntax_error(format("Failed parsing {} '{}': {}",
+        throw expressions_syntax_error(fmt::format("Failed parsing {} '{}': {}",
             input_name, input, std::current_exception()));
     }
 }
@@ -160,12 +157,12 @@ static std::optional<std::string> resolve_path_component(const std::string& colu
     if (column_name.size() > 0 && column_name.front() == '#') {
         if (!expression_attribute_names) {
             throw api_error::validation(
-                    format("ExpressionAttributeNames missing, entry '{}' required by expression", column_name));
+                    fmt::format("ExpressionAttributeNames missing, entry '{}' required by expression", column_name));
         }
         const rjson::value* value = rjson::find(*expression_attribute_names, column_name);
         if (!value || !value->IsString()) {
             throw api_error::validation(
-                    format("ExpressionAttributeNames missing entry '{}' required by expression", column_name));
+                    fmt::format("ExpressionAttributeNames missing entry '{}' required by expression", column_name));
         }
         used_attribute_names.emplace(column_name);
         return std::string(rjson::to_string_view(*value));
@@ -202,16 +199,16 @@ static void resolve_constant(parsed::constant& c,
         [&] (const std::string& valref) {
             if (!expression_attribute_values) {
                 throw api_error::validation(
-                        format("ExpressionAttributeValues missing, entry '{}' required by expression", valref));
+                        fmt::format("ExpressionAttributeValues missing, entry '{}' required by expression", valref));
             }
             const rjson::value* value = rjson::find(*expression_attribute_values, valref);
             if (!value) {
                 throw api_error::validation(
-                        format("ExpressionAttributeValues missing entry '{}' required by expression", valref));
+                        fmt::format("ExpressionAttributeValues missing entry '{}' required by expression", valref));
             }
             if (value->IsNull()) {
                 throw api_error::validation(
-                        format("ExpressionAttributeValues null value for entry '{}' required by expression", valref));
+                        fmt::format("ExpressionAttributeValues null value for entry '{}' required by expression", valref));
             }
             validate_value(*value, "ExpressionAttributeValues");
             used_attribute_values.emplace(valref);
@@ -708,7 +705,7 @@ rjson::value calculate_value(const parsed::value& v,
             auto function_it = function_handlers.find(std::string_view(f._function_name));
             if (function_it == function_handlers.end()) {
                 throw api_error::validation(
-                        format("{}: unknown function '{}' called.", caller, f._function_name));
+                        fmt::format("{}: unknown function '{}' called.", caller, f._function_name));
             }
             return function_it->second(caller, previous_item, f);
         },

alternator/expressions_types.hh

@@ -66,7 +66,6 @@ public:
     std::vector<std::variant<std::string, unsigned>>& operators() {
         return _operators;
     }
-    friend std::ostream& operator<<(std::ostream&, const path&);
 };
 
 // When an expression is first parsed, all constants are references, like

alternator/rmw_operation.hh

@@ -12,6 +12,8 @@
 #include "service/paxos/cas_request.hh"
 #include "utils/rjson.hh"
 #include "executor.hh"
+#include "tracing/trace_state.hh"
+#include "keys.hh"
 
 namespace alternator {
 

alternator/serialization.cc

@@ -8,7 +8,7 @@
 
 #include "utils/base64.hh"
 #include "utils/rjson.hh"
-#include "log.hh"
+#include "utils/log.hh"
 #include "serialization.hh"
 #include "error.hh"
 #include "concrete_types.hh"
@@ -143,17 +143,17 @@ static big_decimal parse_and_validate_number(std::string_view s) {
         big_decimal ret(s);
         auto [magnitude, precision] = internal::get_magnitude_and_precision(s);
         if (magnitude > 125) {
-            throw api_error::validation(format("Number overflow: {}. Attempting to store a number with magnitude larger than supported range.", s));
+            throw api_error::validation(fmt::format("Number overflow: {}. Attempting to store a number with magnitude larger than supported range.", s));
         }
         if (magnitude < -130) {
-            throw api_error::validation(format("Number underflow: {}. Attempting to store a number with magnitude lower than supported range.", s));
+            throw api_error::validation(fmt::format("Number underflow: {}. Attempting to store a number with magnitude lower than supported range.", s));
         }
         if (precision > 38) {
-            throw api_error::validation(format("Number too precise: {}. Attempting to store a number with more significant digits than supported.", s));
+            throw api_error::validation(fmt::format("Number too precise: {}. Attempting to store a number with more significant digits than supported.", s));
         }
         return ret;
     } catch (const marshal_exception& e) {
-        throw api_error::validation(format("The parameter cannot be converted to a numeric value: {}", s));
+        throw api_error::validation(fmt::format("The parameter cannot be converted to a numeric value: {}", s));
     }
 
 }
@@ -265,7 +265,7 @@ bytes get_key_column_value(const rjson::value& item, const column_definition& co
     std::string column_name = column.name_as_text();
     const rjson::value* key_typed_value = rjson::find(item, column_name);
     if (!key_typed_value) {
-        throw api_error::validation(format("Key column {} not found", column_name));
+        throw api_error::validation(fmt::format("Key column {} not found", column_name));
     }
     return get_key_from_typed_value(*key_typed_value, column);
 }
@@ -277,19 +277,26 @@ bytes get_key_column_value(const rjson::value& item, const column_definition& co
 // mentioned in the exception message).
 // If the type does match, a reference to the encoded value is returned.
 static const rjson::value& get_typed_value(const rjson::value& key_typed_value, std::string_view type_str, std::string_view name, std::string_view value_name) {
-    if (!key_typed_value.IsObject() || key_typed_value.MemberCount() != 1 ||
-            !key_typed_value.MemberBegin()->value.IsString()) {
+    if (!key_typed_value.IsObject() || key_typed_value.MemberCount() != 1) {
         throw api_error::validation(
-                format("Malformed value object for {} {}: {}",
+                fmt::format("Malformed value object for {} {}: {}",
                         value_name, name, key_typed_value));
     }
 
     auto it = key_typed_value.MemberBegin();
     if (rjson::to_string_view(it->name) != type_str) {
         throw api_error::validation(
-                format("Type mismatch: expected type {} for {} {}, got type {}",
+                fmt::format("Type mismatch: expected type {} for {} {}, got type {}",
                         type_str, value_name, name, it->name));
     }
+    // We assume this function is called just for key types (S, B, N), and
+    // all of those always have a string value in the JSON.
+    if (!it->value.IsString()) {
+        throw api_error::validation(
+            fmt::format("Malformed value object for {} {}: {}",
+                    value_name, name, key_typed_value));
+
+    }
     return it->value;
 }
 
@@ -395,16 +402,16 @@ position_in_partition pos_from_json(const rjson::value& item, schema_ptr schema)
 
 big_decimal unwrap_number(const rjson::value& v, std::string_view diagnostic) {
     if (!v.IsObject() || v.MemberCount() != 1) {
-        throw api_error::validation(format("{}: invalid number object", diagnostic));
+        throw api_error::validation(fmt::format("{}: invalid number object", diagnostic));
     }
     auto it = v.MemberBegin();
     if (it->name != "N") {
-        throw api_error::validation(format("{}: expected number, found type '{}'", diagnostic, it->name));
+        throw api_error::validation(fmt::format("{}: expected number, found type '{}'", diagnostic, it->name));
     }
     if (!it->value.IsString()) {
         // We shouldn't reach here. Callers normally validate their input
         // earlier with validate_value().
-        throw api_error::validation(format("{}: improperly formatted number constant", diagnostic));
+        throw api_error::validation(fmt::format("{}: improperly formatted number constant", diagnostic));
     }
     big_decimal ret = parse_and_validate_number(rjson::to_string_view(it->value));
     return ret;
@@ -485,7 +492,7 @@ rjson::value set_sum(const rjson::value& v1, const rjson::value& v2) {
     auto [set1_type, set1] = unwrap_set(v1);
     auto [set2_type, set2] = unwrap_set(v2);
     if (set1_type != set2_type) {
-        throw api_error::validation(format("Mismatched set types: {} and {}", set1_type, set2_type));
+        throw api_error::validation(fmt::format("Mismatched set types: {} and {}", set1_type, set2_type));
     }
     if (!set1 || !set2) {
         throw api_error::validation("UpdateExpression: ADD operation for sets must be given sets as arguments");
@@ -513,7 +520,7 @@ std::optional<rjson::value> set_diff(const rjson::value& v1, const rjson::value&
     auto [set1_type, set1] = unwrap_set(v1);
     auto [set2_type, set2] = unwrap_set(v2);
     if (set1_type != set2_type) {
-        throw api_error::validation(format("Set DELETE type mismatch: {} and {}", set1_type, set2_type));
+        throw api_error::validation(fmt::format("Set DELETE type mismatch: {} and {}", set1_type, set2_type));
     }
     if (!set1 || !set2) {
         throw api_error::validation("UpdateExpression: DELETE operation can only be performed on a set");

alternator/server.cc

@@ -7,7 +7,8 @@
  */
 
 #include "alternator/server.hh"
-#include "log.hh"
+#include "gms/application_state.hh"
+#include "utils/log.hh"
 #include <fmt/ranges.h>
 #include <seastar/http/function_handlers.hh>
 #include <seastar/http/short_streams.hh>
@@ -17,10 +18,15 @@
 #include <seastar/util/short_streams.hh>
 #include "seastarx.hh"
 #include "error.hh"
+#include "service/client_state.hh"
 #include "service/qos/service_level_controller.hh"
+#include "utils/assert.hh"
+#include "timeout_config.hh"
 #include "utils/rjson.hh"
 #include "auth.hh"
 #include <cctype>
+#include <string_view>
+#include <utility>
 #include "service/storage_proxy.hh"
 #include "gms/gossiper.hh"
 #include "utils/overloaded_functor.hh"
@@ -34,8 +40,6 @@ using reply = http::reply;
 
 namespace alternator {
 
-static constexpr auto TARGET = "X-Amz-Target";
-
 inline std::vector<std::string_view> split(std::string_view text, char separator) {
     std::vector<std::string_view> tokens;
     if (text == "") {
@@ -208,11 +212,35 @@ protected:
         // using _gossiper().get_live_members(). But getting
         // just the list of live nodes in this DC needs more elaborate code:
         auto& topology = _proxy.get_token_metadata_ptr()->get_topology();
-        sstring local_dc = topology.get_datacenter();
-        std::unordered_set<gms::inet_address> local_dc_nodes = topology.get_datacenter_endpoints().at(local_dc);
+        // /localnodes lists nodes in a single DC. By default the DC of this
+        // server is used, but it can be overridden by a "dc" query option.
+        // If the DC does not exist, we return an empty list - not an error.
+        sstring query_dc = req->get_query_param("dc");
+        sstring local_dc = query_dc.empty() ? topology.get_datacenter() : query_dc;
+        std::unordered_set<gms::inet_address> local_dc_nodes;
+        const auto& endpoints = topology.get_datacenter_endpoints();
+        auto dc_it = endpoints.find(local_dc);
+        if (dc_it != endpoints.end()) {
+            local_dc_nodes = dc_it->second;
+        }
+        // By default, /localnodes lists the nodes of all racks in the given
+        // DC, unless a single rack is selected by the "rack" query option.
+        // If the rack does not exist, we return an empty list - not an error.
+        sstring query_rack = req->get_query_param("rack");
         for (auto& ip : local_dc_nodes) {
-            if (_gossiper.is_alive(ip)) {
-                rjson::push_back(results, rjson::from_string(fmt::to_string(ip)));
+            if (!query_rack.empty()) {
+                auto rack = _gossiper.get_application_state_value(ip, gms::application_state::RACK);
+                if (rack != query_rack) {
+                    continue;
+                }
+            }
+            // Note that it's not enough for the node to be is_alive() - a
+            // node joining the cluster is also "alive" but not responsive to
+            // requests. We need the node to be in normal state. See #19694.
+            if (_gossiper.is_normal(ip)) {
+                // Use the gossiped broadcast_rpc_address if available instead
+                // of the internal IP address "ip". See discussion in #18711.
+                rjson::push_back(results, rjson::from_string(_gossiper.get_rpc_address(ip)));
             }
         }
         rep->set_status(reply::status_type::ok);
@@ -255,7 +283,7 @@ future<std::string> server::verify_signature(const request& req, const chunked_c
     std::string_view authorization_header = authorization_it->second;
     auto pos = authorization_header.find_first_of(' ');
     if (pos == std::string_view::npos || authorization_header.substr(0, pos) != "AWS4-HMAC-SHA256") {
-        throw api_error::invalid_signature(format("Authorization header must use AWS4-HMAC-SHA256 algorithm: {}", authorization_header));
+        throw api_error::invalid_signature(fmt::format("Authorization header must use AWS4-HMAC-SHA256 algorithm: {}", authorization_header));
     }
     authorization_header.remove_prefix(pos+1);
     std::string credential;
@@ -290,7 +318,7 @@ future<std::string> server::verify_signature(const request& req, const chunked_c
 
     std::vector<std::string_view> credential_split = split(credential, '/');
     if (credential_split.size() != 5) {
-        throw api_error::validation(format("Incorrect credential information format: {}", credential));
+        throw api_error::validation(fmt::format("Incorrect credential information format: {}", credential));
     }
     std::string user(credential_split[0]);
     std::string datestamp(credential_split[1]);
@@ -375,7 +403,7 @@ static tracing::trace_state_ptr maybe_trace_query(service::client_state& client_
         std::string buf;
         tracing::add_session_param(trace_state, "alternator_op", op);
         tracing::add_query(trace_state, truncated_content_view(query, buf));
-        tracing::begin(trace_state, format("Alternator {}", op), client_state.get_client_address());
+        tracing::begin(trace_state, seastar::format("Alternator {}", op), client_state.get_client_address());
         if (!username.empty()) {
             tracing::set_username(trace_state, auth::authenticated_user(username));
         }
@@ -385,10 +413,10 @@ static tracing::trace_state_ptr maybe_trace_query(service::client_state& client_
 
 future<executor::request_return_type> server::handle_api_request(std::unique_ptr<request> req) {
     _executor._stats.total_operations++;
-    sstring target = req->get_header(TARGET);
-    std::vector<std::string_view> split_target = split(target, '.');
-    //NOTICE(sarna): Target consists of Dynamo API version followed by a dot '.' and operation type (e.g. CreateTable)
-    std::string op = split_target.empty() ? std::string() : std::string(split_target.back());
+    sstring target = req->get_header("X-Amz-Target");
+    // target is DynamoDB API version followed by a dot '.' and operation type (e.g. CreateTable)
+    auto dot = target.find('.');
+    std::string_view op = (dot == sstring::npos) ? std::string_view() : std::string_view(target).substr(dot+1);
     // JSON parsing can allocate up to roughly 2x the size of the raw
     // document, + a couple of bytes for maintenance.
     // TODO: consider the case where req->content_length is missing. Maybe
@@ -400,7 +428,7 @@ future<executor::request_return_type> server::handle_api_request(std::unique_ptr
         ++_executor._stats.requests_blocked_memory;
     }
     auto units = co_await std::move(units_fut);
-    assert(req->content_stream);
+    SCYLLA_ASSERT(req->content_stream);
     chunked_content content = co_await util::read_entire_stream(*req->content_stream);
     auto username = co_await verify_signature(*req, content);
 
@@ -411,7 +439,7 @@ future<executor::request_return_type> server::handle_api_request(std::unique_ptr
     auto callback_it = _callbacks.find(op);
     if (callback_it == _callbacks.end()) {
         _executor._stats.unsupported_operations++;
-        co_return api_error::unknown_operation(format("Unsupported operation {}", op));
+        co_return api_error::unknown_operation(fmt::format("Unsupported operation {}", op));
     }
     if (_pending_requests.get_count() >= _max_concurrent_requests) {
         _executor._stats.requests_shed++;
@@ -419,11 +447,11 @@ future<executor::request_return_type> server::handle_api_request(std::unique_ptr
     }
     _pending_requests.enter();
     auto leave = defer([this] () noexcept { _pending_requests.leave(); });
-    //FIXME: Client state can provide more context, e.g. client's endpoint address
-    // We use unique_ptr because client_state cannot be moved or copied
-    executor::client_state client_state = username.empty()
-        ? service::client_state{service::client_state::internal_tag()}
-        : service::client_state{service::client_state::internal_tag(), _auth_service, _sl_controller, username};
+    executor::client_state client_state(service::client_state::external_tag(),
+        _auth_service, &_sl_controller, _timeout_config.current_values(), req->get_client_address());
+    if (!username.empty()) {
+        client_state.set_login(auth::authenticated_user(username));
+    }
     co_await client_state.maybe_update_per_service_level_params();
 
     tracing::trace_state_ptr trace_state = maybe_trace_query(client_state, username, op, content);
@@ -470,6 +498,7 @@ server::server(executor& exec, service::storage_proxy& proxy, gms::gossiper& gos
         , _enforce_authorization(false)
         , _enabled_servers{}
         , _pending_requests{}
+        , _timeout_config(_proxy.data_dictionary().get_config())
       , _callbacks{
         {"CreateTable", [] (executor& e, executor::client_state& client_state, tracing::trace_state_ptr trace_state, service_permit permit, rjson::value json_request, std::unique_ptr<request> req) {
             return e.create_table(client_state, std::move(trace_state), std::move(permit), std::move(json_request));
@@ -547,9 +576,9 @@ server::server(executor& exec, service::storage_proxy& proxy, gms::gossiper& gos
 }
 
 future<> server::init(net::inet_address addr, std::optional<uint16_t> port, std::optional<uint16_t> https_port, std::optional<tls::credentials_builder> creds,
-        bool enforce_authorization, semaphore* memory_limiter, utils::updateable_value<uint32_t> max_concurrent_requests) {
+        utils::updateable_value<bool> enforce_authorization, semaphore* memory_limiter, utils::updateable_value<uint32_t> max_concurrent_requests) {
     _memory_limiter = memory_limiter;
-    _enforce_authorization = enforce_authorization;
+    _enforce_authorization = std::move(enforce_authorization);
     _max_concurrent_requests = std::move(max_concurrent_requests);
     if (!port && !https_port) {
         return make_exception_future<>(std::runtime_error("Either regular port or TLS port"
@@ -634,7 +663,7 @@ future<> server::json_parser::stop() {
 
 const char* api_error::what() const noexcept {
     if (_what_string.empty()) {
-        _what_string = format("{} {}: {}", static_cast<int>(_http_code), _type, _msg);
+        _what_string = fmt::format("{} {}: {}", std::to_underlying(_http_code), _type, _msg);
     }
     return _what_string.c_str();
 }

alternator/server.hh

@@ -39,9 +39,14 @@ class server {
     qos::service_level_controller& _sl_controller;
 
     key_cache _key_cache;
-    bool _enforce_authorization;
+    utils::updateable_value<bool> _enforce_authorization;
     utils::small_vector<std::reference_wrapper<seastar::httpd::http_server>, 2> _enabled_servers;
     gate _pending_requests;
+    // In some places we will need a CQL updateable_timeout_config object even
+    // though it isn't really relevant for Alternator which defines its own
+    // timeouts separately. We can create this object only once.
+    updateable_timeout_config _timeout_config;
+
     alternator_callbacks_map _callbacks;
 
     semaphore* _memory_limiter;
@@ -71,7 +76,7 @@ public:
     server(executor& executor, service::storage_proxy& proxy, gms::gossiper& gossiper, auth::service& service, qos::service_level_controller& sl_controller);
 
     future<> init(net::inet_address addr, std::optional<uint16_t> port, std::optional<uint16_t> https_port, std::optional<tls::credentials_builder> creds,
-            bool enforce_authorization, semaphore* memory_limiter, utils::updateable_value<uint32_t> max_concurrent_requests);
+            utils::updateable_value<bool> enforce_authorization, semaphore* memory_limiter, utils::updateable_value<uint32_t> max_concurrent_requests);
     future<> stop();
 private:
     void set_routes(seastar::httpd::routes& r);

alternator/stats.cc

@@ -67,6 +67,8 @@ stats::stats() : api_operations{} {
             OPERATION_LATENCY(get_item_latency, "GetItem")
             OPERATION_LATENCY(delete_item_latency, "DeleteItem")
             OPERATION_LATENCY(update_item_latency, "UpdateItem")
+            OPERATION_LATENCY(batch_write_item_latency, "BatchWriteItem")
+            OPERATION_LATENCY(batch_get_item_latency, "BatchGetItem")
             OPERATION(list_streams, "ListStreams")
             OPERATION(describe_stream, "DescribeStream")
             OPERATION(get_shard_iterator, "GetShardIterator")
@@ -94,6 +96,10 @@ stats::stats() : api_operations{} {
                     seastar::metrics::description("number of rows read and matched during filtering operations")),
             seastar::metrics::make_total_operations("filtered_rows_dropped_total", [this] { return cql_stats.filtered_rows_read_total - cql_stats.filtered_rows_matched_total; },
                     seastar::metrics::description("number of rows read and dropped during filtering operations")),
+                    seastar::metrics::make_counter("batch_item_count", seastar::metrics::description("The total number of items processed across all batches"),{op("BatchWriteItem")},
+                            api_operations.batch_write_item_batch_total).set_skip_when_empty(),
+                    seastar::metrics::make_counter("batch_item_count", seastar::metrics::description("The total number of items processed across all batches"),{op("BatchGetItem")},
+                            api_operations.batch_get_item_batch_total).set_skip_when_empty(),
     });
 }
 

alternator/stats.hh

@@ -11,7 +11,6 @@
 #include <cstdint>
 
 #include <seastar/core/metrics_registration.hh>
-#include "utils/estimated_histogram.hh"
 #include "utils/histogram.hh"
 #include "cql3/stats.hh"
 
@@ -27,6 +26,8 @@ public:
     struct {
         uint64_t batch_get_item = 0;
         uint64_t batch_write_item = 0;
+        uint64_t batch_get_item_batch_total = 0;
+        uint64_t batch_write_item_batch_total = 0;
         uint64_t create_backup = 0;
         uint64_t create_global_table = 0;
         uint64_t create_table = 0;
@@ -70,6 +71,8 @@ public:
         utils::timed_rate_moving_average_summary_and_histogram get_item_latency;
         utils::timed_rate_moving_average_summary_and_histogram delete_item_latency;
         utils::timed_rate_moving_average_summary_and_histogram update_item_latency;
+        utils::timed_rate_moving_average_summary_and_histogram batch_write_item_latency;
+        utils::timed_rate_moving_average_summary_and_histogram batch_get_item_latency;
         utils::timed_rate_moving_average_summary_and_histogram get_records_latency;
     } api_operations;
     // Miscellaneous event counters

alternator/streams.cc

@@ -13,6 +13,7 @@
 
 #include <seastar/json/formatter.hh>
 
+#include "auth/permission.hh"
 #include "db/config.hh"
 
 #include "cdc/log.hh"
@@ -233,11 +234,8 @@ struct shard_id {
 
     // dynamo specifies shardid as max 65 chars. 
     friend std::ostream& operator<<(std::ostream& os, const shard_id& id) {
-        boost::io::ios_flags_saver fs(os);
-        return os << marker << std::hex  
-            << id.time.time_since_epoch().count()
-            << ':' << id.id.to_bytes()
-            ;
+        fmt::print(os, "{} {:x}:{}", marker, id.time.time_since_epoch().count(), id.id.to_bytes());
+        return os;
     }
 };
 
@@ -779,7 +777,7 @@ struct event_id {
     cdc::stream_id stream;
     utils::UUID timestamp;
 
-    static const auto marker = 'E';
+    static constexpr auto marker = 'E';
 
     event_id(cdc::stream_id s, utils::UUID ts)
         : stream(s)
@@ -787,10 +785,8 @@ struct event_id {
     {}
     
     friend std::ostream& operator<<(std::ostream& os, const event_id& id) {
-        boost::io::ios_flags_saver fs(os);
-        return os << marker << std::hex << id.stream.to_bytes()
-            << ':' << id.timestamp
-            ;
+        fmt::print(os, "{}{}:{}", marker, id.stream.to_bytes(), id.timestamp);
+        return os;
     }
 };
 }
@@ -823,11 +819,13 @@ future<executor::request_return_type> executor::get_records(client_state& client
     }
 
     if (!schema || !base || !is_alternator_keyspace(schema->ks_name())) {
-        throw api_error::resource_not_found(fmt::to_string(iter.table));
+        co_return api_error::resource_not_found(fmt::to_string(iter.table));
     }
 
     tracing::add_table_name(trace_state, schema->ks_name(), schema->cf_name());
 
+    co_await verify_permission(_enforce_authorization, client_state, schema, auth::permission::SELECT);
+
     db::consistency_level cl = db::consistency_level::LOCAL_QUORUM;
     partition_key pk = iter.shard.id.to_partition_key(*schema);
 
@@ -846,19 +844,21 @@ future<executor::request_return_type> executor::get_records(client_state& client
     static const bytes op_column_name = cdc::log_meta_column_name_bytes("operation");
     static const bytes eor_column_name = cdc::log_meta_column_name_bytes("end_of_batch");
 
-    std::optional<attrs_to_get> key_names = boost::copy_range<attrs_to_get>(
-        boost::range::join(std::move(base->partition_key_columns()), std::move(base->clustering_key_columns()))
-        | boost::adaptors::transformed([&] (const column_definition& cdef) {
+    std::optional<attrs_to_get> key_names =
+        base->primary_key_columns()
+        | std::views::transform([&] (const column_definition& cdef) {
             return std::make_pair<std::string, attrs_to_get_node>(cdef.name_as_text(), {}); })
-    );
+        | std::ranges::to<attrs_to_get>()
+    ;
     // Include all base table columns as values (in case pre or post is enabled).
     // This will include attributes not stored in the frozen map column
-    std::optional<attrs_to_get> attr_names = boost::copy_range<attrs_to_get>(base->regular_columns()
+    std::optional<attrs_to_get> attr_names = base->regular_columns()
         // this will include the :attrs column, which we will also force evaluating. 
         // But not having this set empty forces out any cdc columns from actual result 
-        | boost::adaptors::transformed([] (const column_definition& cdef) {
+        | std::views::transform([] (const column_definition& cdef) {
             return std::make_pair<std::string, attrs_to_get_node>(cdef.name_as_text(), {}); })
-    );
+        | std::ranges::to<attrs_to_get>()
+    ;
 
     std::vector<const column_definition*> columns;
     columns.reserve(schema->all_columns().size());
@@ -869,10 +869,11 @@ future<executor::request_return_type> executor::get_records(client_state& client
     std::transform(pks.begin(), pks.end(), std::back_inserter(columns), [](auto& c) { return &c; });
     std::transform(cks.begin(), cks.end(), std::back_inserter(columns), [](auto& c) { return &c; });
 
-    auto regular_columns = boost::copy_range<query::column_id_vector>(schema->regular_columns() 
-        | boost::adaptors::filtered([](const column_definition& cdef) { return cdef.name() == op_column_name || cdef.name() == eor_column_name || !cdc::is_cdc_metacolumn_name(cdef.name_as_text()); })
-        | boost::adaptors::transformed([&] (const column_definition& cdef) { columns.emplace_back(&cdef); return cdef.id; })
-    );
+    auto regular_columns = schema->regular_columns()
+        | std::views::filter([](const column_definition& cdef) { return cdef.name() == op_column_name || cdef.name() == eor_column_name || !cdc::is_cdc_metacolumn_name(cdef.name_as_text()); })
+        | std::views::transform([&] (const column_definition& cdef) { columns.emplace_back(&cdef); return cdef.id; })
+        | std::ranges::to<query::column_id_vector>()
+    ;
 
     stream_view_type type = cdc_options_to_steam_view_type(base->cdc_options());
 
@@ -892,7 +893,7 @@ future<executor::request_return_type> executor::get_records(client_state& client
     auto command = ::make_lw_shared<query::read_command>(schema->id(), schema->version(), partition_slice, _proxy.get_max_result_size(partition_slice),
             query::tombstone_limit(_proxy.get_tombstone_limit()), query::row_limit(limit * mul));
 
-    return _proxy.query(schema, std::move(command), std::move(partition_ranges), cl, service::storage_proxy::coordinator_query_options(default_timeout(), std::move(permit), client_state)).then(
+    co_return co_await _proxy.query(schema, std::move(command), std::move(partition_ranges), cl, service::storage_proxy::coordinator_query_options(default_timeout(), std::move(permit), client_state)).then(
             [this, schema, partition_slice = std::move(partition_slice), selection = std::move(selection), start_time = std::move(start_time), limit, key_names = std::move(key_names), attr_names = std::move(attr_names), type, iter, high_ts] (service::storage_proxy::coordinator_query_result qr) mutable {       
         cql3::selection::result_set_builder builder(*selection, gc_clock::now());
         query::result_view::consume(*qr.query_result, partition_slice, cql3::selection::result_set_builder::visitor(builder, *schema, *selection));

alternator/ttl.cc

@@ -23,9 +23,10 @@
 #include "gms/inet_address.hh"
 #include "inet_address_vectors.hh"
 #include "locator/abstract_replication_strategy.hh"
-#include "log.hh"
+#include "utils/log.hh"
 #include "gc_clock.hh"
 #include "replica/database.hh"
+#include "service/client_state.hh"
 #include "service_permit.hh"
 #include "timestamp.hh"
 #include "service/storage_proxy.hh"
@@ -35,6 +36,7 @@
 #include "mutation/mutation.hh"
 #include "types/types.hh"
 #include "types/map.hh"
+#include "utils/assert.hh"
 #include "utils/rjson.hh"
 #include "utils/big_decimal.hh"
 #include "cql3/selection/selection.hh"
@@ -97,6 +99,7 @@ future<executor::request_return_type> executor::update_time_to_live(client_state
     }
     sstring attribute_name(v->GetString(), v->GetStringLength());
 
+    co_await verify_permission(_enforce_authorization, client_state, schema, auth::permission::ALTER);
     co_await db::modify_tags(_mm, schema->ks_name(), schema->cf_name(), [&](std::map<sstring, sstring>& tags_map) {
         if (enabled) {
             if (tags_map.contains(TTL_TAG_KEY)) {
@@ -312,7 +315,7 @@ static size_t random_offset(size_t min, size_t max) {
 // this range's primary node is down. For this we need to return not just
 // a list of this node's secondary ranges - but also the primary owner of
 // each of those ranges.
-static std::vector<std::pair<dht::token_range, gms::inet_address>> get_secondary_ranges(
+static future<std::vector<std::pair<dht::token_range, gms::inet_address>>> get_secondary_ranges(
         const locator::effective_replication_map_ptr& erm,
         gms::inet_address ep) {
     const auto& tm = *erm->get_token_metadata_ptr();
@@ -323,6 +326,7 @@ static std::vector<std::pair<dht::token_range, gms::inet_address>> get_secondary
     }
     auto prev_tok = sorted_tokens.back();
     for (const auto& tok : sorted_tokens) {
+        co_await coroutine::maybe_yield();
         inet_address_vector_replica_set eps = erm->get_natural_endpoints(tok);
         if (eps.size() <= 1 || eps[1] != ep) {
             prev_tok = tok;
@@ -350,7 +354,7 @@ static std::vector<std::pair<dht::token_range, gms::inet_address>> get_secondary
         }
         prev_tok = tok;
     }
-    return ret;
+    co_return ret;
 }
 
 
@@ -386,63 +390,63 @@ static std::vector<std::pair<dht::token_range, gms::inet_address>> get_secondary
 //
 // FIXME: Check if this algorithm is safe with tablet migration.
 // https://github.com/scylladb/scylladb/issues/16567
-enum primary_or_secondary_t {primary, secondary};
-template<primary_or_secondary_t primary_or_secondary>
-class token_ranges_owned_by_this_shard {
-    // ranges_holder_primary holds just the primary ranges themselves
-    class ranges_holder_primary {
-        const dht::token_range_vector _token_ranges;
-     public:
-        ranges_holder_primary(const locator::vnode_effective_replication_map_ptr& erm, gms::gossiper& g, gms::inet_address ep)
-            : _token_ranges(erm->get_primary_ranges(ep)) {}
-        std::size_t size() const { return _token_ranges.size(); }
-        const dht::token_range& operator[](std::size_t i) const {
-            return _token_ranges[i];
-        }
-        bool should_skip(std::size_t i) const {
-            return false;
-        }
-    };
-    // ranges_holder<secondary> holds the secondary token ranges plus each
-    // range's primary owner, needed to implement should_skip().
-    class ranges_holder_secondary {
-        std::vector<std::pair<dht::token_range, gms::inet_address>> _token_ranges;
-        gms::gossiper& _gossiper;
-     public:
-        ranges_holder_secondary(const locator::effective_replication_map_ptr& erm, gms::gossiper& g, gms::inet_address ep)
-            : _token_ranges(get_secondary_ranges(erm, ep))
-            , _gossiper(g) {}
-        std::size_t size() const { return _token_ranges.size(); }
-        const dht::token_range& operator[](std::size_t i) const {
-            return _token_ranges[i].first;
-        }
-        // range i should be skipped if its primary owner is alive.
-        bool should_skip(std::size_t i) const {
-            return _gossiper.is_alive(_token_ranges[i].second);
-        }
-    };
 
+// ranges_holder_primary holds just the primary ranges themselves
+class ranges_holder_primary {
+    dht::token_range_vector _token_ranges;
+public:
+    explicit ranges_holder_primary(dht::token_range_vector token_ranges) : _token_ranges(std::move(token_ranges)) {}
+    static future<ranges_holder_primary> make(const locator::vnode_effective_replication_map_ptr& erm, gms::inet_address ep) {
+        co_return ranges_holder_primary(co_await erm->get_primary_ranges(ep));
+    }
+    std::size_t size() const { return _token_ranges.size(); }
+    const dht::token_range& operator[](std::size_t i) const {
+        return _token_ranges[i];
+    }
+    bool should_skip(std::size_t i) const {
+        return false;
+    }
+};
+// ranges_holder<secondary> holds the secondary token ranges plus each
+// range's primary owner, needed to implement should_skip().
+class ranges_holder_secondary {
+    std::vector<std::pair<dht::token_range, gms::inet_address>> _token_ranges;
+    const gms::gossiper& _gossiper;
+public:
+    explicit ranges_holder_secondary(std::vector<std::pair<dht::token_range, gms::inet_address>> token_ranges, const gms::gossiper& g)
+        : _token_ranges(std::move(token_ranges))
+        , _gossiper(g) {}
+    static future<ranges_holder_secondary> make(const locator::effective_replication_map_ptr& erm, gms::inet_address ep, const gms::gossiper& g) {
+        co_return ranges_holder_secondary(co_await get_secondary_ranges(erm, ep), g);
+    }
+    std::size_t size() const { return _token_ranges.size(); }
+    const dht::token_range& operator[](std::size_t i) const {
+        return _token_ranges[i].first;
+    }
+    // range i should be skipped if its primary owner is alive.
+    bool should_skip(std::size_t i) const {
+        return _gossiper.is_alive(_token_ranges[i].second);
+    }
+};
+
+template<class primary_or_secondary_t>
+class token_ranges_owned_by_this_shard {
     schema_ptr _s;
     locator::effective_replication_map_ptr _erm;
     // _token_ranges will contain a list of token ranges owned by this node.
     // We'll further need to split each such range to the pieces owned by
     // the current shard, using _intersecter.
-    using ranges_holder = std::conditional_t<
-            primary_or_secondary == primary_or_secondary_t::primary,
-            ranges_holder_primary,
-            ranges_holder_secondary>;
-    const ranges_holder _token_ranges;
+    const primary_or_secondary_t _token_ranges;
     // NOTICE: _range_idx is used modulo _token_ranges size when accessing
     // the data to ensure that it doesn't go out of bounds
     size_t _range_idx;
     size_t _end_idx;
     std::optional<dht::selective_token_range_sharder> _intersecter;
 public:
-    token_ranges_owned_by_this_shard(replica::database& db, gms::gossiper& g, schema_ptr s)
+    token_ranges_owned_by_this_shard(schema_ptr s, primary_or_secondary_t token_ranges)
         :  _s(s)
         , _erm(s->table().get_effective_replication_map())
-        , _token_ranges(db.find_keyspace(s->ks_name()).get_vnode_effective_replication_map(),
-                g, _erm->get_topology().my_address())
+        , _token_ranges(std::move(token_ranges))
         , _range_idx(random_offset(0, _token_ranges.size() - 1))
         , _end_idx(_range_idx + _token_ranges.size())
     {
@@ -498,6 +502,7 @@ struct scan_ranges_context {
     bytes column_name;
     std::optional<std::string> member;
 
+    service::client_state internal_client_state;
     ::shared_ptr<cql3::selection::selection> selection;
     std::unique_ptr<service::query_state> query_state_ptr;
     std::unique_ptr<cql3::query_options> query_options;
@@ -507,6 +512,7 @@ struct scan_ranges_context {
         : s(s)
         , column_name(column_name)
         , member(member)
+        , internal_client_state(service::client_state::internal_tag())
     {
         // FIXME: don't read the entire items - read only parts of it.
         // We must read the key columns (to be able to delete) and also
@@ -515,8 +521,9 @@ struct scan_ranges_context {
         // be good if we can read only the single item of the map - it
         // should be possible (and a must for issue #7751!).
         lw_shared_ptr<service::pager::paging_state> paging_state = nullptr;
-        auto regular_columns = boost::copy_range<query::column_id_vector>(
-            s->regular_columns() | boost::adaptors::transformed([] (const column_definition& cdef) { return cdef.id; }));
+        auto regular_columns =
+            s->regular_columns() | std::views::transform([] (const column_definition& cdef) { return cdef.id; })
+            | std::ranges::to<query::column_id_vector>();
         selection = cql3::selection::selection::wildcard(s);
         query::partition_slice::option_set opts = selection->get_query_options();
         opts.set<query::partition_slice::option::allow_short_read>();
@@ -525,10 +532,9 @@ struct scan_ranges_context {
         std::vector<query::clustering_range> ck_bounds{query::clustering_range::make_open_ended_both_sides()};
         auto partition_slice = query::partition_slice(std::move(ck_bounds), {}, std::move(regular_columns), opts);
         command = ::make_lw_shared<query::read_command>(s->id(), s->version(), partition_slice, proxy.get_max_result_size(partition_slice), query::tombstone_limit(proxy.get_tombstone_limit()));
-        executor::client_state client_state{executor::client_state::internal_tag()};
         tracing::trace_state_ptr trace_state;
         // NOTICE: empty_service_permit is used because the TTL service has fixed parallelism
-        query_state_ptr = std::make_unique<service::query_state>(client_state, trace_state, empty_service_permit());
+        query_state_ptr = std::make_unique<service::query_state>(internal_client_state, trace_state, empty_service_permit());
         // FIXME: What should we do on multi-DC? Will we run the expiration on the same ranges on all
         // DCs or only once for each range? If the latter, we need to change the CLs in the
         // scanner and deleter.
@@ -551,7 +557,7 @@ static future<> scan_table_ranges(
         expiration_service::stats& expiration_stats)
 {
     const schema_ptr& s = scan_ctx.s;
-    assert (partition_ranges.size() == 1); // otherwise issue #9167 will cause incorrect results.
+    SCYLLA_ASSERT (partition_ranges.size() == 1); // otherwise issue #9167 will cause incorrect results.
     auto p = service::pager::query_pagers::pager(proxy, s, scan_ctx.selection, *scan_ctx.query_state_ptr,
             *scan_ctx.query_options, scan_ctx.command, std::move(partition_ranges), nullptr);
     while (!p->is_exhausted()) {
@@ -724,7 +730,9 @@ static future<bool> scan_table(
     expiration_stats.scan_table++;
     // FIXME: need to pace the scan, not do it all at once.
     scan_ranges_context scan_ctx{s, proxy, std::move(column_name), std::move(member)};
-    token_ranges_owned_by_this_shard<primary> my_ranges(db.real_database(), gossiper, s);
+    auto erm = db.real_database().find_keyspace(s->ks_name()).get_vnode_effective_replication_map();
+    auto my_address = erm->get_topology().my_address();
+    token_ranges_owned_by_this_shard my_ranges(s, co_await ranges_holder_primary::make(erm, my_address));
     while (std::optional<dht::partition_range> range = my_ranges.next_partition_range()) {
         // Note that because of issue #9167 we need to run a separate
         // query on each partition range, and can't pass several of
@@ -744,7 +752,7 @@ static future<bool> scan_table(
     // by tasking another node to take over scanning of the dead node's primary
     // ranges. What we do here is that this node will also check expiration
     // on its *secondary* ranges - but only those whose primary owner is down.
-    token_ranges_owned_by_this_shard<secondary> my_secondary_ranges(db.real_database(), gossiper, s);
+    token_ranges_owned_by_this_shard my_secondary_ranges(s, co_await ranges_holder_secondary::make(erm, my_address, gossiper));
     while (std::optional<dht::partition_range> range = my_secondary_ranges.next_partition_range()) {
         expiration_stats.secondary_ranges_scanned++;
         dht::partition_range_vector partition_ranges;

api/CMakeLists.txt

@@ -1,4 +1,29 @@
 # Generate C++ sources from Swagger definitions
+
+function(generate_swagger)
+  set(one_value_args TARGET VAR IN_FILE OUT_DIR)
+  cmake_parse_arguments(args "" "${one_value_args}" "" ${ARGN})
+  get_filename_component(in_file_name ${args_IN_FILE} NAME)
+  set(generator ${PROJECT_SOURCE_DIR}/seastar/scripts/seastar-json2code.py)
+  set(header_out ${args_OUT_DIR}/${in_file_name}.hh)
+  set(source_out ${args_OUT_DIR}/${in_file_name}.cc)
+
+  add_custom_command(
+    DEPENDS
+      ${args_IN_FILE}
+      ${generator}
+    OUTPUT ${header_out} ${source_out}
+    COMMAND ${CMAKE_COMMAND} -E make_directory ${args_OUT_DIR}
+    COMMAND ${generator} --create-cc -f ${args_IN_FILE} -o ${header_out})
+
+  add_custom_target(${args_TARGET}
+    DEPENDS
+      ${header_out}
+      ${source_out})
+
+  set(${args_VAR} ${header_out} ${source_out} PARENT_SCOPE)
+endfunction()
+
 set(swagger_files
   api-doc/authorization_cache.json
   api-doc/cache_service.json
@@ -7,6 +32,7 @@ set(swagger_files
   api-doc/commitlog.json
   api-doc/compaction_manager.json
   api-doc/config.json
+  api-doc/cql_server_test.json
   api-doc/endpoint_snitch_info.json
   api-doc/error_injection.json
   api-doc/failure_detector.json
@@ -28,7 +54,7 @@ set(swagger_files
 foreach(f ${swagger_files})
   get_filename_component(fname "${f}" NAME_WE)
   get_filename_component(dir "${f}" DIRECTORY)
-  seastar_generate_swagger(
+  generate_swagger(
     TARGET scylla_swagger_gen_${fname}
     VAR scylla_swagger_gen_${fname}_files
     IN_FILE "${CMAKE_CURRENT_SOURCE_DIR}/${f}"
@@ -36,7 +62,7 @@ foreach(f ${swagger_files})
   list(APPEND swagger_gen_files "${scylla_swagger_gen_${fname}_files}")
 endforeach()
 
-add_library(api)
+add_library(api STATIC)
 target_sources(api
   PRIVATE
     api.cc
@@ -46,6 +72,7 @@ target_sources(api
     commitlog.cc
     compaction_manager.cc
     config.cc
+    cql_server_test.cc
     endpoint_snitch.cc
     error_injection.cc
     authorization_cache.cc

api/api-doc/collectd.json

@@ -67,7 +67,7 @@
                "parameters":[
                   {
                      "name":"pluginid",
-                     "description":"The plugin ID, describe the component the metric belongs to. Examples are cache, thrift, etc'. Regex are supported.The plugin ID, describe the component the metric belong to. Examples are: cache, thrift etc'. regex are supported",
+                     "description":"The plugin ID, describe the component the metric belongs to. Examples are cache and alternator, etc'. Regex are supported.",
                      "required":true,
                      "allowMultiple":false,
                      "type":"string",
@@ -199,4 +199,4 @@
          }
       }
    }
-}
+}

api/api-doc/column_family.json

@@ -92,6 +92,14 @@
                      "type":"boolean",
                      "paramType":"query"
                   },
+                  {
+                     "name":"consider_only_existing_data",
+                     "description":"Set to \"true\" to flush all memtables and force tombstone garbage collection to check only the sstables being compacted (false by default). The memtable, commitlog and other uncompacted sstables will not be checked during tombstone garbage collection.",
+                     "required":false,
+                     "allowMultiple":false,
+                     "type":"boolean",
+                     "paramType":"query"
+                  },
                   {
                      "name":"split_output",
                      "description":"true if the output of the major compaction should be split in several sstables",

api/api-doc/cql_server_test.json

@@ -0,0 +1,26 @@
+{
+    "apiVersion":"0.0.1",
+    "swaggerVersion":"1.2",
+    "basePath":"{{Protocol}}://{{Host}}",
+    "resourcePath":"/cql_server_test",
+    "produces":[
+        "application/json"
+    ],
+    "apis":[
+        {
+            "path":"/cql_server_test/connections_params",
+            "operations":[
+                {
+                    "method":"GET",
+                    "summary":"Get service level params of each CQL connection",
+                    "type":"connections_service_level_params",
+                    "nickname":"connections_params",
+                    "produces":[
+                        "application/json"
+                    ],
+                    "parameters":[]
+                }
+            ]
+        }
+    ]
+}

api/api-doc/error_injection.json

@@ -63,6 +63,28 @@
                      "paramType":"path"
                   }
                ]
+            },
+            {
+               "method":"GET",
+               "summary":"Read the state of an injection from all shards",
+               "type":"array",
+               "items":{
+                  "type":"error_injection_info"
+               },
+               "nickname":"read_injection",
+               "produces":[
+                  "application/json"
+               ],
+               "parameters":[
+                  {
+                     "name":"injection",
+                     "description":"injection name",
+                     "required":true,
+                     "allowMultiple":false,
+                     "type":"string",
+                     "paramType":"path"
+                  }
+               ]
             }
          ]
       },
@@ -152,5 +174,39 @@
             }
          }
       }
+   },
+   "models":{
+      "mapper":{
+         "id":"mapper",
+         "description":"A key value mapping",
+         "properties":{
+            "key":{
+               "type":"string",
+               "description":"The key"
+            },
+            "value":{
+               "type":"string",
+               "description":"The value"
+            }
+         }
+      },
+       "error_injection_info":{
+         "id":"error_injection_info",
+         "description":"Information about an error injection",
+         "properties":{
+            "enabled":{
+               "type":"boolean",
+               "description":"Is the error injection enabled"
+            },
+            "parameters":{
+               "type":"array",
+               "items":{
+                  "type":"mapper"
+               },
+               "description":"The parameter values"
+            }
+         },
+         "required":["enabled"]
+      }
    }
 }

api/api-doc/raft.json

@@ -62,6 +62,70 @@
                ]
             }
          ]
+      },
+      {
+         "path": "/raft/read_barrier",
+         "operations": [
+            {
+               "method": "POST",
+               "summary": "Triggers read barrier for the given Raft group to wait for previously committed commands in this group to be applied locally. For example, can be used on group 0 to wait for the node to obtain latest schema changes.",
+               "type": "string",
+               "nickname": "read_barrier",
+               "produces": [
+                  "application/json"
+               ],
+               "parameters": [
+                  {
+                     "name": "group_id",
+                     "description": "The ID of the group. When absent, group0 is used.",
+                     "required": false,
+                     "allowMultiple": false,
+                     "type": "string",
+                     "paramType": "query"
+                  },
+                  {
+                     "name": "timeout",
+                     "description": "Timeout in seconds after which the endpoint returns a failure. If not provided, 60s is used.",
+                     "required": false,
+                     "allowMultiple": false,
+                     "type": "long",
+                     "paramType": "query"
+                  }
+               ]
+            }
+         ]
+      },
+      {
+         "path":"/raft/trigger_stepdown/",
+         "operations":[
+            {
+               "method":"POST",
+               "summary":"Triggers stepdown of a leader for given Raft group or group0 if not provided (returns an error if the node is not a leader)",
+               "type":"string",
+               "nickname":"trigger_stepdown",
+               "produces":[
+                  "application/json"
+               ],
+               "parameters":[
+                  {
+                     "name":"group_id",
+                     "description":"The ID of the group which leader should stepdown",
+                     "required":false,
+                     "allowMultiple":false,
+                     "type":"string",
+                     "paramType":"query"
+                  },
+                  {
+                     "name":"timeout",
+                     "description":"Timeout in seconds after which the endpoint returns a failure. If not provided, 60s is used.",
+                     "required":false,
+                     "allowMultiple":false,
+                     "type":"long",
+                     "paramType":"query"
+                  }
+               ]
+            }
+         ]
       }
    ]
 }

api/api-doc/storage_service.json

@@ -741,11 +741,151 @@
                      "allowMultiple":false,
                      "type":"boolean",
                      "paramType":"query"
+                  },
+                  {
+                     "name":"consider_only_existing_data",
+                     "description":"Set to \"true\" to flush all memtables and force tombstone garbage collection to check only the sstables being compacted (false by default). The memtable, commitlog and other uncompacted sstables will not be checked during tombstone garbage collection.",
+                     "required":false,
+                     "allowMultiple":false,
+                     "type":"boolean",
+                     "paramType":"query"
                   }
                ]
             }
          ]
       },
+      {
+          "path":"/storage_service/backup",
+          "operations":[
+              {
+                  "method":"POST",
+                  "summary":"Starts copying SSTables from a specified keyspace to a designated bucket in object storage",
+                  "type":"string",
+                  "nickname":"start_backup",
+                  "produces":[
+                      "application/json"
+                  ],
+                  "parameters":[
+                      {
+                          "name":"endpoint",
+                          "description":"ID of the configured object storage endpoint to copy sstables to",
+                          "required":true,
+                          "allowMultiple":false,
+                          "type":"string",
+                          "paramType":"query"
+                      },
+                      {
+                          "name":"bucket",
+                          "description":"Name of the bucket to backup sstables to",
+                          "required":true,
+                          "allowMultiple":false,
+                          "type":"string",
+                          "paramType":"query"
+                      },
+                      {
+                           "name":"prefix",
+                           "description":"The prefix of the objects for the backuped sstables",
+                           "required":true,
+                           "allowMultiple":false,
+                           "type":"string",
+                           "paramType":"query"
+                      },
+                      {
+                          "name":"keyspace",
+                          "description":"Name of a keyspace to copy sstables from",
+                          "required":true,
+                          "allowMultiple":false,
+                          "type":"string",
+                          "paramType":"query"
+                      },
+                      {
+                          "name":"table",
+                          "description":"Name of a table to copy sstables from",
+                          "required":true,
+                          "allowMultiple":false,
+                          "type":"string",
+                          "paramType":"query"
+                      },
+                      {
+                          "name":"snapshot",
+                          "description":"Name of a snapshot to copy sstables from",
+                          "required":false,
+                          "allowMultiple":false,
+                          "type":"string",
+                          "paramType":"query"
+                      }
+                  ]
+              }
+          ]
+      },
+      {
+          "path":"/storage_service/restore",
+          "operations":[
+              {
+                  "method":"POST",
+                  "summary":"Starts copying SSTables from a designated bucket in object storage to a specified keyspace",
+                  "type":"string",
+                  "nickname":"start_restore",
+                  "produces":[
+                      "application/json"
+                  ],
+                  "parameters":[
+                      {
+                          "name":"endpoint",
+                          "description":"ID of the configured object storage endpoint to copy SSTables from",
+                          "required":true,
+                          "allowMultiple":false,
+                          "type":"string",
+                          "paramType":"query"
+                      },
+                      {
+                          "name":"bucket",
+                          "description":"Name of the bucket to read SSTables from",
+                          "required":true,
+                          "allowMultiple":false,
+                          "type":"string",
+                          "paramType":"query"
+                      },
+                      {
+                          "name":"prefix",
+                          "description":"The prefix of the object keys for the backuped SSTables",
+                          "required":true,
+                          "allowMultiple":false,
+                          "type":"string",
+                          "paramType":"query"
+                      },
+                      {
+                          "in": "body",
+                          "name": "sstables",
+                          "description": "The list of the object keys of the TOC component of the SSTables to be restored",
+                          "required":true,
+                          "schema" :{
+                              "type": "array",
+                              "items": {
+                                  "type": "string"
+                              }
+                          }
+                      },
+                      {
+                          "name":"keyspace",
+                          "description":"Name of a keyspace to copy SSTables to",
+                          "required":true,
+                          "allowMultiple":false,
+                          "type":"string",
+                          "paramType":"query"
+                      },
+                      {
+                          "name":"table",
+                          "description":"Name of a table to copy SSTables to",
+                          "required":true,
+                          "allowMultiple":false,
+                          "type":"string",
+                          "paramType":"query"
+                      }
+                  ]
+              }
+          ]
+      },
       {
          "path":"/storage_service/keyspace_compaction/{keyspace}",
          "operations":[
@@ -781,6 +921,14 @@
                      "allowMultiple":false,
                      "type":"boolean",
                      "paramType":"query"
+                  },
+                  {
+                     "name":"consider_only_existing_data",
+                     "description":"Set to \"true\" to flush all memtables and force tombstone garbage collection to check only the sstables being compacted (false by default). The memtable, commitlog and other uncompacted sstables will not be checked during tombstone garbage collection.",
+                     "required":false,
+                     "allowMultiple":false,
+                     "type":"boolean",
+                     "paramType":"query"
                   }
                ]
             }
@@ -1689,33 +1837,11 @@
       {
          "path":"/storage_service/rpc_server",
          "operations":[
-            {
-               "method":"DELETE",
-               "summary":"Allows a user to disable thrift",
-               "type":"void",
-               "nickname":"stop_rpc_server",
-               "produces":[
-                  "application/json"
-               ],
-               "parameters":[
-               ]
-            },
-            {
-               "method":"POST",
-               "summary":"allows a user to re-enable thrift",
-               "type":"void",
-               "nickname":"start_rpc_server",
-               "produces":[
-                  "application/json"
-               ],
-               "parameters":[
-               ]
-            },
             {
                "method":"GET",
                "summary":"Determine if thrift is running",
                "type":"boolean",
-               "nickname":"is_rpc_server_running",
+               "nickname":"is_thrift_server_running",
                "produces":[
                   "application/json"
                ],
@@ -1913,6 +2039,14 @@
                      "allowMultiple":false,
                      "type":"string",
                      "paramType":"query"
+                  },
+                  {
+                     "name":"force",
+                     "description":"Enforce the source_dc option, even if it unsafe to use for rebuild",
+                     "required":false,
+                     "allowMultiple":false,
+                     "type":"boolean",
+                     "paramType":"query"
                   }
                ]
             }
@@ -2070,7 +2204,7 @@
          "operations":[
             {
                "method":"POST",
-               "summary":"Enables/Disables tracing for the whole system. Only thrift requests can start tracing currently",
+               "summary":"Enables/Disables tracing for the whole system.",
                "type":"void",
                "nickname":"set_trace_probability",
                "produces":[

api/api-doc/system.json

@@ -194,6 +194,21 @@
                "parameters":[]
             }
          ]
+      },
+      {
+         "path":"/system/highest_supported_sstable_version",
+         "operations":[
+            {
+               "method":"GET",
+               "summary":"Get highest supported sstable version",
+               "type":"string",
+               "nickname":"get_highest_supported_sstable_version",
+               "produces":[
+                  "application/json"
+               ],
+               "parameters":[]
+            }
+         ]
       }
    ]
 }

api/api-doc/task_manager.json

@@ -115,7 +115,7 @@
                "parameters":[
                   {
                      "name":"task_id",
-                     "description":"The uuid of a task to abort",
+                     "description":"The uuid of a task to abort; if the task is not abortable, 403 status code is returned",
                      "required":true,
                      "allowMultiple":false,
                      "type":"string",
@@ -144,6 +144,14 @@
                      "allowMultiple":false,
                      "type":"string",
                      "paramType":"path"
+                  },
+                  {
+                     "name":"timeout",
+                     "description":"Timeout for waiting; if times out, 408 status code is returned",
+                     "required":false,
+                     "allowMultiple":false,
+                     "type":"long",
+                     "paramType":"query"
                   }
                ]
             }
@@ -197,11 +205,36 @@
                      "paramType":"query"
                   }
                ]
+            },
+            {
+               "method":"GET",
+               "summary":"Get current ttl value",
+               "type":"long",
+               "nickname":"get_ttl",
+               "produces":[
+                  "application/json"
+               ],
+               "parameters":[
+               ]
             }
          ]
       }
    ],
    "models":{
+      "task_identity":{
+         "id": "task_identity",
+         "description":"Id and node of a task",
+         "properties":{
+            "task_id":{
+               "type":"string",
+               "description":"The uuid of a task"
+            },
+            "node":{
+               "type":"string",
+               "description":"Address of a server on which a task is created"
+            }
+         }
+      },
       "task_stats" :{
          "id": "task_stats",
          "description":"A task statistics object",
@@ -224,6 +257,14 @@
                "type":"string",
                "description":"The description of the task"
             },
+            "kind":{
+               "type":"string",
+               "enum":[
+                  "node",
+                  "cluster"
+               ],
+               "description":"The kind of a task"
+            },
             "scope":{
                "type":"string",
                "description":"The scope of the task"
@@ -258,6 +299,14 @@
                "type":"string",
                "description":"The description of the task"
             },
+            "kind":{
+               "type":"string",
+               "enum":[
+                  "node",
+                  "cluster"
+               ],
+               "description":"The kind of a task"
+            },
             "scope":{
                "type":"string",
                "description":"The scope of the task"
@@ -327,9 +376,9 @@
             "children_ids":{
                "type":"array",
                "items":{
-                  "type":"string"
+                  "type":"task_identity"
                },
-               "description":"Task IDs of children of this task"
+               "description":"Task identities of children of this task"
             }
          }
       }

api/api-doc/utils.json

@@ -75,7 +75,7 @@
                "items":{
                   "type":"double"
                },
-               "description":"One, five and fifteen mintues rates"
+               "description":"One, five and fifteen minutes rates"
             },
             "mean_rate": {
                "type":"double",

api/api.cc

@@ -10,6 +10,7 @@
 #include <seastar/http/file_handler.hh>
 #include <seastar/http/transformers.hh>
 #include <seastar/http/api_docs.hh>
+#include "cql_server_test.hh"
 #include "storage_service.hh"
 #include "token_metadata.hh"
 #include "commitlog.hh"
@@ -71,6 +72,10 @@ future<> set_server_init(http_context& ctx) {
         rb->register_function(r, "error_injection",
             "The error injection API");
         set_error_injection(ctx, r);
+        rb->register_function(r, "storage_proxy",
+                "The storage proxy API");
+        rb->register_function(r, "storage_service",
+                "The storage service API");
     });
 }
 
@@ -81,6 +86,10 @@ future<> set_server_config(http_context& ctx, const db::config& cfg) {
     });
 }
 
+future<> unset_server_config(http_context& ctx) {
+    return ctx.http_server.set_routes([&ctx] (routes& r) { unset_config(ctx, r); });
+}
+
 static future<> register_api(http_context& ctx, const sstring& api_name,
         const sstring api_desc,
         std::function<void(http_context& ctx, routes& r)> f) {
@@ -100,16 +109,16 @@ future<> unset_transport_controller(http_context& ctx) {
     return ctx.http_server.set_routes([&ctx] (routes& r) { unset_transport_controller(ctx, r); });
 }
 
-future<> set_rpc_controller(http_context& ctx, thrift_controller& ctl) {
-    return ctx.http_server.set_routes([&ctx, &ctl] (routes& r) { set_rpc_controller(ctx, r, ctl); });
+future<> set_thrift_controller(http_context& ctx) {
+    return ctx.http_server.set_routes([&ctx] (routes& r) { set_thrift_controller(ctx, r); });
 }
 
-future<> unset_rpc_controller(http_context& ctx) {
-    return ctx.http_server.set_routes([&ctx] (routes& r) { unset_rpc_controller(ctx, r); });
+future<> unset_thrift_controller(http_context& ctx) {
+    return ctx.http_server.set_routes([&ctx] (routes& r) { unset_thrift_controller(ctx, r); });
 }
 
 future<> set_server_storage_service(http_context& ctx, sharded<service::storage_service>& ss, service::raft_group0_client& group0_client) {
-    return register_api(ctx, "storage_service", "The storage service API", [&ss, &group0_client] (http_context& ctx, routes& r) {
+    return ctx.http_server.set_routes([&ctx, &ss, &group0_client] (routes& r) {
             set_storage_service(ctx, r, ss, group0_client);
         });
 }
@@ -118,6 +127,22 @@ future<> unset_server_storage_service(http_context& ctx) {
     return ctx.http_server.set_routes([&ctx] (routes& r) { unset_storage_service(ctx, r); });
 }
 
+future<> set_load_meter(http_context& ctx, service::load_meter& lm) {
+    return ctx.http_server.set_routes([&ctx, &lm] (routes& r) { set_load_meter(ctx, r, lm); });
+}
+
+future<> unset_load_meter(http_context& ctx) {
+    return ctx.http_server.set_routes([&ctx] (routes& r) { unset_load_meter(ctx, r); });
+}
+
+future<> set_format_selector(http_context& ctx, db::sstables_format_selector& sel) {
+    return ctx.http_server.set_routes([&ctx, &sel] (routes& r) { set_format_selector(ctx, r, sel); });
+}
+
+future<> unset_format_selector(http_context& ctx) {
+    return ctx.http_server.set_routes([&ctx] (routes& r) { unset_format_selector(ctx, r); });
+}
+
 future<> set_server_sstables_loader(http_context& ctx, sharded<sstables_loader>& sst_loader) {
     return ctx.http_server.set_routes([&ctx, &sst_loader] (routes& r) { set_sstables_loader(ctx, r, sst_loader); });
 }
@@ -180,10 +205,21 @@ future<> unset_server_snitch(http_context& ctx) {
 }
 
 future<> set_server_gossip(http_context& ctx, sharded<gms::gossiper>& g) {
-    return register_api(ctx, "gossiper",
+    co_await register_api(ctx, "gossiper",
                 "The gossiper API", [&g] (http_context& ctx, routes& r) {
                     set_gossiper(ctx, r, g.local());
                 });
+    co_await register_api(ctx, "failure_detector",
+                "The failure detector API", [&g] (http_context& ctx, routes& r) {
+                    set_failure_detector(ctx, r, g.local());
+                });
+}
+
+future<> unset_server_gossip(http_context& ctx) {
+    return ctx.http_server.set_routes([&ctx] (routes& r) {
+        unset_gossiper(ctx, r);
+        unset_failure_detector(ctx, r);
+    });
 }
 
 future<> set_server_column_family(http_context& ctx, sharded<db::system_keyspace>& sys_ks) {
@@ -208,10 +244,7 @@ future<> unset_server_messaging_service(http_context& ctx) {
 }
 
 future<> set_server_storage_proxy(http_context& ctx, sharded<service::storage_proxy>& proxy) {
-    return register_api(ctx, "storage_proxy",
-                "The storage proxy API", [&proxy] (http_context& ctx, routes& r) {
-                    set_storage_proxy(ctx, r, proxy);
-                });
+    return ctx.http_server.set_routes([&ctx, &proxy] (routes& r) { set_storage_proxy(ctx, r, proxy); });
 }
 
 future<> unset_server_storage_proxy(http_context& ctx) {
@@ -234,6 +267,10 @@ future<> set_server_cache(http_context& ctx) {
             "The cache service API", set_cache_service);
 }
 
+future<> unset_server_cache(http_context& ctx) {
+    return ctx.http_server.set_routes([&ctx] (routes& r) { unset_cache_service(ctx, r); });
+}
+
 future<> set_hinted_handoff(http_context& ctx, sharded<service::storage_proxy>& proxy) {
     return register_api(ctx, "hinted_handoff",
                 "The hinted handoff API", [&proxy] (http_context& ctx, routes& r) {
@@ -245,24 +282,14 @@ future<> unset_hinted_handoff(http_context& ctx) {
     return ctx.http_server.set_routes([&ctx] (routes& r) { unset_hinted_handoff(ctx, r); });
 }
 
-future<> set_server_gossip_settle(http_context& ctx, sharded<gms::gossiper>& g) {
-    auto rb = std::make_shared < api_registry_builder > (ctx.api_doc);
-
-    return ctx.http_server.set_routes([rb, &ctx, &g](routes& r) {
-        rb->register_function(r, "failure_detector",
-                "The failure detector API");
-        set_failure_detector(ctx, r, g.local());
+future<> set_server_compaction_manager(http_context& ctx, sharded<compaction_manager>& cm) {
+    return register_api(ctx, "compaction_manager", "The Compaction manager API", [&cm] (http_context& ctx, routes& r) {
+        set_compaction_manager(ctx, r, cm);
     });
 }
 
-future<> set_server_compaction_manager(http_context& ctx) {
-    auto rb = std::make_shared < api_registry_builder > (ctx.api_doc);
-
-    return ctx.http_server.set_routes([rb, &ctx](routes& r) {
-        rb->register_function(r, "compaction_manager",
-                "The Compaction manager API");
-        set_compaction_manager(ctx, r);
-    });
+future<> unset_server_compaction_manager(http_context& ctx) {
+    return ctx.http_server.set_routes([&ctx] (routes& r) { unset_compaction_manager(ctx, r); });
 }
 
 future<> set_server_done(http_context& ctx) {
@@ -272,15 +299,22 @@ future<> set_server_done(http_context& ctx) {
         rb->register_function(r, "lsa", "Log-structured allocator API");
         set_lsa(ctx, r);
 
-        rb->register_function(r, "commitlog",
-                "The commit log API");
-        set_commitlog(ctx,r);
         rb->register_function(r, "collectd",
                 "The collectd API");
         set_collectd(ctx, r);
     });
 }
 
+future<> set_server_commitlog(http_context& ctx, sharded<replica::database>& db) {
+    return register_api(ctx, "commitlog", "The commit log API", [&db] (http_context& ctx, routes& r) {
+        set_commitlog(ctx, r, db);
+    });
+}
+
+future<> unset_server_commitlog(http_context& ctx) {
+    return ctx.http_server.set_routes([&ctx] (routes& r) { unset_commitlog(ctx, r); });
+}
+
 future<> set_server_task_manager(http_context& ctx, sharded<tasks::task_manager>& tm, lw_shared_ptr<db::config> cfg) {
     auto rb = std::make_shared < api_registry_builder > (ctx.api_doc);
 
@@ -311,6 +345,16 @@ future<> unset_server_task_manager_test(http_context& ctx) {
     return ctx.http_server.set_routes([&ctx] (routes& r) { unset_task_manager_test(ctx, r); });
 }
 
+future<> set_server_cql_server_test(http_context& ctx, cql_transport::controller& ctl) {
+    return register_api(ctx, "cql_server_test", "The CQL server test API", [&ctl] (http_context& ctx, routes& r) {
+        set_cql_server_test(ctx, r, ctl);
+    });
+}
+
+future<> unset_server_cql_server_test(http_context& ctx) {
+    return ctx.http_server.set_routes([&ctx] (routes& r) { unset_cql_server_test(ctx, r); });
+}
+
 #endif
 
 future<> set_server_tasks_compaction_module(http_context& ctx, sharded<service::storage_service>& ss, sharded<db::snapshot_ctl>& snap_ctl) {

api/api.hh

@@ -246,7 +246,7 @@ public:
                 value = T{boost::lexical_cast<Base>(param)};
             }
         } catch (boost::bad_lexical_cast&) {
-            throw httpd::bad_param_exception(format("{} ({}): type error - should be {}", name, param, boost::units::detail::demangle(typeid(Base).name())));
+            throw httpd::bad_param_exception(fmt::format("{} ({}): type error - should be {}", name, param, boost::units::detail::demangle(typeid(Base).name())));
         }
     }
 

api/api_init.hh

@@ -17,6 +17,8 @@
 using request = http::request;
 using reply = http::reply;
 
+class compaction_manager;
+
 namespace service {
 
 class load_meter;
@@ -46,10 +48,10 @@ class snitch_ptr;
 } // namespace locator
 
 namespace cql_transport { class controller; }
-class thrift_controller;
 namespace db {
 class snapshot_ctl;
 class config;
+class sstables_format_selector;
 namespace view {
 class view_builder;
 }
@@ -77,17 +79,16 @@ struct http_context {
     sstring api_doc;
     httpd::http_server_control http_server;
     distributed<replica::database>& db;
-    service::load_meter& lmeter;
 
-    http_context(distributed<replica::database>& _db,
-            service::load_meter& _lm)
-            : db(_db), lmeter(_lm)
+    http_context(distributed<replica::database>& _db)
+            : db(_db)
     {
     }
 };
 
 future<> set_server_init(http_context& ctx);
 future<> set_server_config(http_context& ctx, const db::config& cfg);
+future<> unset_server_config(http_context& ctx);
 future<> set_server_snitch(http_context& ctx, sharded<locator::snitch_ptr>& snitch);
 future<> unset_server_snitch(http_context& ctx);
 future<> set_server_storage_service(http_context& ctx, sharded<service::storage_service>& ss, service::raft_group0_client&);
@@ -100,8 +101,8 @@ future<> set_server_repair(http_context& ctx, sharded<repair_service>& repair);
 future<> unset_server_repair(http_context& ctx);
 future<> set_transport_controller(http_context& ctx, cql_transport::controller& ctl);
 future<> unset_transport_controller(http_context& ctx);
-future<> set_rpc_controller(http_context& ctx, thrift_controller& ctl);
-future<> unset_rpc_controller(http_context& ctx);
+future<> set_thrift_controller(http_context& ctx);
+future<> unset_thrift_controller(http_context& ctx);
 future<> set_server_authorization_cache(http_context& ctx, sharded<auth::service> &auth_service);
 future<> unset_server_authorization_cache(http_context& ctx);
 future<> set_server_snapshot(http_context& ctx, sharded<db::snapshot_ctl>& snap_ctl);
@@ -109,6 +110,7 @@ future<> unset_server_snapshot(http_context& ctx);
 future<> set_server_token_metadata(http_context& ctx, sharded<locator::shared_token_metadata>& tm);
 future<> unset_server_token_metadata(http_context& ctx);
 future<> set_server_gossip(http_context& ctx, sharded<gms::gossiper>& g);
+future<> unset_server_gossip(http_context& ctx);
 future<> set_server_column_family(http_context& ctx, sharded<db::system_keyspace>& sys_ks);
 future<> unset_server_column_family(http_context& ctx);
 future<> set_server_messaging_service(http_context& ctx, sharded<netw::messaging_service>& ms);
@@ -119,9 +121,10 @@ future<> set_server_stream_manager(http_context& ctx, sharded<streaming::stream_
 future<> unset_server_stream_manager(http_context& ctx);
 future<> set_hinted_handoff(http_context& ctx, sharded<service::storage_proxy>& p);
 future<> unset_hinted_handoff(http_context& ctx);
-future<> set_server_gossip_settle(http_context& ctx, sharded<gms::gossiper>& g);
 future<> set_server_cache(http_context& ctx);
-future<> set_server_compaction_manager(http_context& ctx);
+future<> unset_server_cache(http_context& ctx);
+future<> set_server_compaction_manager(http_context& ctx, sharded<compaction_manager>& cm);
+future<> unset_server_compaction_manager(http_context& ctx);
 future<> set_server_done(http_context& ctx);
 future<> set_server_task_manager(http_context& ctx, sharded<tasks::task_manager>& tm, lw_shared_ptr<db::config> cfg);
 future<> unset_server_task_manager(http_context& ctx);
@@ -131,5 +134,13 @@ future<> set_server_tasks_compaction_module(http_context& ctx, sharded<service::
 future<> unset_server_tasks_compaction_module(http_context& ctx);
 future<> set_server_raft(http_context&, sharded<service::raft_group_registry>&);
 future<> unset_server_raft(http_context&);
+future<> set_load_meter(http_context& ctx, service::load_meter& lm);
+future<> unset_load_meter(http_context& ctx);
+future<> set_format_selector(http_context& ctx, db::sstables_format_selector& sel);
+future<> unset_format_selector(http_context& ctx);
+future<> set_server_cql_server_test(http_context& ctx, cql_transport::controller& ctl);
+future<> unset_server_cql_server_test(http_context& ctx);
+future<> set_server_commitlog(http_context& ctx, sharded<replica::database>&);
+future<> unset_server_commitlog(http_context& ctx);
 
 }

api/authorization_cache.hh

@@ -8,11 +8,20 @@
 
 #pragma once
 
-#include "api.hh"
+#include <seastar/core/sharded.hh>
+
+namespace seastar::httpd {
+class routes;
+}
+
+namespace auth {
+class service;
+}
 
 namespace api {
 
-void set_authorization_cache(http_context& ctx, httpd::routes& r, sharded<auth::service> &auth_service);
-void unset_authorization_cache(http_context& ctx, httpd::routes& r);
+struct http_context;
+void set_authorization_cache(http_context& ctx, seastar::httpd::routes& r, seastar::sharded<auth::service> &auth_service);
+void unset_authorization_cache(http_context& ctx, seastar::httpd::routes& r);
 
 }

api/cache_service.cc

@@ -7,6 +7,7 @@
  */
 
 #include "cache_service.hh"
+#include "api/api.hh"
 #include "api/api-doc/cache_service.json.hh"
 #include "column_family.hh"
 
@@ -195,9 +196,9 @@ void set_cache_service(http_context& ctx, routes& r) {
         return make_ready_future<json::json_return_type>(0);
     });
 
-    cs::get_row_capacity.set(r, [&ctx] (std::unique_ptr<http::request> req) {
-        return ctx.db.map_reduce0([](replica::database& db) -> uint64_t {
-            return memory::stats().total_memory();
+    cs::get_row_capacity.set(r, [] (std::unique_ptr<http::request> req) {
+        return seastar::map_reduce(smp::all_cpus(), [] (int cpu) {
+            return make_ready_future<uint64_t>(memory::stats().total_memory());
         }, uint64_t(0), std::plus<uint64_t>()).then([](const int64_t& res) {
             return make_ready_future<json::json_return_type>(res);
         });
@@ -319,5 +320,50 @@ void set_cache_service(http_context& ctx, routes& r) {
     });
 }
 
+void unset_cache_service(http_context& ctx, routes& r) {
+    cs::get_row_cache_save_period_in_seconds.unset(r);
+    cs::set_row_cache_save_period_in_seconds.unset(r);
+    cs::get_key_cache_save_period_in_seconds.unset(r);
+    cs::set_key_cache_save_period_in_seconds.unset(r);
+    cs::get_counter_cache_save_period_in_seconds.unset(r);
+    cs::set_counter_cache_save_period_in_seconds.unset(r);
+    cs::get_row_cache_keys_to_save.unset(r);
+    cs::set_row_cache_keys_to_save.unset(r);
+    cs::get_key_cache_keys_to_save.unset(r);
+    cs::set_key_cache_keys_to_save.unset(r);
+    cs::get_counter_cache_keys_to_save.unset(r);
+    cs::set_counter_cache_keys_to_save.unset(r);
+    cs::invalidate_key_cache.unset(r);
+    cs::invalidate_counter_cache.unset(r);
+    cs::set_row_cache_capacity_in_mb.unset(r);
+    cs::set_key_cache_capacity_in_mb.unset(r);
+    cs::set_counter_cache_capacity_in_mb.unset(r);
+    cs::save_caches.unset(r);
+    cs::get_key_capacity.unset(r);
+    cs::get_key_hits.unset(r);
+    cs::get_key_requests.unset(r);
+    cs::get_key_hit_rate.unset(r);
+    cs::get_key_hits_moving_avrage.unset(r);
+    cs::get_key_requests_moving_avrage.unset(r);
+    cs::get_key_size.unset(r);
+    cs::get_key_entries.unset(r);
+    cs::get_row_capacity.unset(r);
+    cs::get_row_hits.unset(r);
+    cs::get_row_requests.unset(r);
+    cs::get_row_hit_rate.unset(r);
+    cs::get_row_hits_moving_avrage.unset(r);
+    cs::get_row_requests_moving_avrage.unset(r);
+    cs::get_row_size.unset(r);
+    cs::get_row_entries.unset(r);
+    cs::get_counter_capacity.unset(r);
+    cs::get_counter_hits.unset(r);
+    cs::get_counter_requests.unset(r);
+    cs::get_counter_hit_rate.unset(r);
+    cs::get_counter_hits_moving_avrage.unset(r);
+    cs::get_counter_requests_moving_avrage.unset(r);
+    cs::get_counter_size.unset(r);
+    cs::get_counter_entries.unset(r);
+}
+
 }
 

api/cache_service.hh

@@ -8,10 +8,14 @@
 
 #pragma once
 
-#include "api.hh"
+namespace seastar::httpd {
+class routes;
+}
 
 namespace api {
 
-void set_cache_service(http_context& ctx, httpd::routes& r);
+struct http_context;
+void set_cache_service(http_context& ctx, seastar::httpd::routes& r);
+void unset_cache_service(http_context& ctx, seastar::httpd::routes& r);
 
 }

api/collectd.cc

@@ -11,6 +11,7 @@
 #include <seastar/core/scollectd.hh>
 #include <seastar/core/scollectd_api.hh>
 #include <boost/range/irange.hpp>
+#include <ranges>
 #include <regex>
 #include "api/api_init.hh"
 
@@ -61,7 +62,7 @@ void set_collectd(http_context& ctx, routes& r) {
 
         return do_with(std::vector<cd::collectd_value>(), [id] (auto& vec) {
             vec.resize(smp::count);
-            return parallel_for_each(boost::irange(0u, smp::count), [&vec, id] (auto cpu) {
+            return parallel_for_each(std::views::iota(0u, smp::count), [&vec, id] (auto cpu) {
                 return smp::submit_to(cpu, [id = *id] {
                     return scollectd::get_collectd_value(id);
                 }).then([&vec, cpu] (auto res) {

api/column_family.cc

@@ -15,6 +15,7 @@
 #include <seastar/http/exception.hh>
 #include "sstables/sstables.hh"
 #include "sstables/metadata_collector.hh"
+#include "utils/assert.hh"
 #include "utils/estimated_histogram.hh"
 #include <algorithm>
 #include "db/system_keyspace.hh"
@@ -23,6 +24,8 @@
 #include "compaction/compaction_manager.hh"
 #include "unimplemented.hh"
 
+#include <boost/range/algorithm/copy.hpp>
+
 extern logging::logger apilog;
 
 namespace api {
@@ -60,14 +63,6 @@ table_id get_uuid(const sstring& name, const replica::database& db) {
     return get_uuid(ks, cf, db);
 }
 
-future<> foreach_column_family(http_context& ctx, const sstring& name, std::function<void(replica::column_family&)> f) {
-    auto uuid = get_uuid(name, ctx.db.local());
-
-    return ctx.db.invoke_on_all([f, uuid](replica::database& db) {
-        f(db.find_column_family(uuid));
-    });
-}
-
 future<json::json_return_type>  get_cf_stats(http_context& ctx, const sstring& name,
         int64_t replica::column_family_stats::*f) {
     return map_reduce_cf(ctx, name, int64_t(0), [f](const replica::column_family& cf) {
@@ -82,7 +77,7 @@ future<json::json_return_type>  get_cf_stats(http_context& ctx,
     }, std::plus<int64_t>());
 }
 
-static future<json::json_return_type> set_tables(http_context& ctx, const sstring& keyspace, std::vector<sstring> tables, std::function<future<>(replica::table&)> set) {
+static future<json::json_return_type> for_tables_on_all_shards(http_context& ctx, const sstring& keyspace, std::vector<sstring> tables, std::function<future<>(replica::table&)> set) {
     if (tables.empty()) {
         tables = map_keys(ctx.db.local().find_keyspace(keyspace).metadata().get()->cf_meta_data());
     }
@@ -103,7 +98,7 @@ class autocompaction_toggle_guard {
     replica::database& _db;
 public:
     autocompaction_toggle_guard(replica::database& db) : _db(db) {
-        assert(this_shard_id() == 0);
+        SCYLLA_ASSERT(this_shard_id() == 0);
         if (!_db._enable_autocompaction_toggle) {
             throw std::runtime_error("Autocompaction toggle is busy");
         }
@@ -112,7 +107,7 @@ public:
     autocompaction_toggle_guard(const autocompaction_toggle_guard&) = delete;
     autocompaction_toggle_guard(autocompaction_toggle_guard&&) = default;
     ~autocompaction_toggle_guard() {
-        assert(this_shard_id() == 0);
+        SCYLLA_ASSERT(this_shard_id() == 0);
         _db._enable_autocompaction_toggle = true;
     }
 };
@@ -122,7 +117,7 @@ static future<json::json_return_type> set_tables_autocompaction(http_context& ct
 
     return ctx.db.invoke_on(0, [&ctx, keyspace, tables = std::move(tables), enabled] (replica::database& db) {
         auto g = autocompaction_toggle_guard(db);
-        return set_tables(ctx, keyspace, tables, [enabled] (replica::table& cf) {
+        return for_tables_on_all_shards(ctx, keyspace, tables, [enabled] (replica::table& cf) {
             if (enabled) {
                 cf.enable_auto_compaction();
             } else {
@@ -135,7 +130,7 @@ static future<json::json_return_type> set_tables_autocompaction(http_context& ct
 
 static future<json::json_return_type> set_tables_tombstone_gc(http_context& ctx, const sstring &keyspace, std::vector<sstring> tables, bool enabled) {
     apilog.info("set_tables_tombstone_gc: enabled={} keyspace={} tables={}", enabled, keyspace, tables);
-    return set_tables(ctx, keyspace, std::move(tables), [enabled] (replica::table& t) {
+    return for_tables_on_all_shards(ctx, keyspace, std::move(tables), [enabled] (replica::table& t) {
         t.set_tombstone_gc_enabled(enabled);
         return make_ready_future<>();
     });
@@ -366,6 +361,14 @@ ratio_holder filter_recent_false_positive_as_ratio_holder(const sstables::shared
     return ratio_holder(f + sst->filter_get_recent_true_positive(), f);
 }
 
+uint64_t accumulate_on_active_memtables(replica::table& t, noncopyable_function<uint64_t(replica::memtable& mt)> action) {
+    uint64_t ret = 0;
+    t.for_each_active_memtable([&] (replica::memtable& mt) {
+        ret += action(mt);
+    });
+    return ret;
+}
+
 void set_column_family(http_context& ctx, routes& r, sharded<db::system_keyspace>& sys_ks) {
     cf::get_column_family_name.set(r, [&ctx] (const_req req){
         std::vector<sstring> res;
@@ -401,13 +404,13 @@ void set_column_family(http_context& ctx, routes& r, sharded<db::system_keyspace
 
     cf::get_memtable_columns_count.set(r, [&ctx] (std::unique_ptr<http::request> req) {
         return map_reduce_cf(ctx, req->get_path_param("name"), uint64_t{0}, [](replica::column_family& cf) {
-            return boost::accumulate(cf.active_memtables() | boost::adaptors::transformed(std::mem_fn(&replica::memtable::partition_count)), uint64_t(0));
+            return accumulate_on_active_memtables(cf, std::mem_fn(&replica::memtable::partition_count));
         }, std::plus<>());
     });
 
     cf::get_all_memtable_columns_count.set(r, [&ctx] (std::unique_ptr<http::request> req) {
         return map_reduce_cf(ctx, uint64_t{0}, [](replica::column_family& cf) {
-            return boost::accumulate(cf.active_memtables() | boost::adaptors::transformed(std::mem_fn(&replica::memtable::partition_count)), uint64_t(0));
+            return accumulate_on_active_memtables(cf, std::mem_fn(&replica::memtable::partition_count));
         }, std::plus<>());
     });
 
@@ -421,33 +424,33 @@ void set_column_family(http_context& ctx, routes& r, sharded<db::system_keyspace
 
     cf::get_memtable_off_heap_size.set(r, [&ctx] (std::unique_ptr<http::request> req) {
         return map_reduce_cf(ctx, req->get_path_param("name"), int64_t(0), [](replica::column_family& cf) {
-            return boost::accumulate(cf.active_memtables() | boost::adaptors::transformed([] (replica::memtable* active_memtable) {
-                return active_memtable->region().occupancy().total_space();
-            }), uint64_t(0));
+            return accumulate_on_active_memtables(cf, [] (replica::memtable& active_memtable) {
+                return active_memtable.region().occupancy().total_space();
+            });
         }, std::plus<int64_t>());
     });
 
     cf::get_all_memtable_off_heap_size.set(r, [&ctx] (std::unique_ptr<http::request> req) {
         return map_reduce_cf(ctx, int64_t(0), [](replica::column_family& cf) {
-            return boost::accumulate(cf.active_memtables() | boost::adaptors::transformed([] (replica::memtable* active_memtable) {
-                return active_memtable->region().occupancy().total_space();
-            }), uint64_t(0));
+            return accumulate_on_active_memtables(cf, [] (replica::memtable& active_memtable) {
+                return active_memtable.region().occupancy().total_space();
+            });
         }, std::plus<int64_t>());
     });
 
     cf::get_memtable_live_data_size.set(r, [&ctx] (std::unique_ptr<http::request> req) {
         return map_reduce_cf(ctx, req->get_path_param("name"), int64_t(0), [](replica::column_family& cf) {
-            return boost::accumulate(cf.active_memtables() | boost::adaptors::transformed([] (replica::memtable* active_memtable) {
-                return active_memtable->region().occupancy().used_space();
-            }), uint64_t(0));
+            return accumulate_on_active_memtables(cf, [] (replica::memtable& active_memtable) {
+                return active_memtable.region().occupancy().used_space();
+            });
         }, std::plus<int64_t>());
     });
 
     cf::get_all_memtable_live_data_size.set(r, [&ctx] (std::unique_ptr<http::request> req) {
         return map_reduce_cf(ctx, int64_t(0), [](replica::column_family& cf) {
-            return boost::accumulate(cf.active_memtables() | boost::adaptors::transformed([] (replica::memtable* active_memtable) {
-                return active_memtable->region().occupancy().used_space();
-            }), uint64_t(0));
+            return accumulate_on_active_memtables(cf, [] (replica::memtable& active_memtable) {
+                return active_memtable.region().occupancy().used_space();
+            });
         }, std::plus<int64_t>());
     });
 
@@ -485,9 +488,9 @@ void set_column_family(http_context& ctx, routes& r, sharded<db::system_keyspace
     cf::get_all_cf_all_memtables_live_data_size.set(r, [&ctx] (std::unique_ptr<http::request> req) {
         warn(unimplemented::cause::INDEXES);
         return map_reduce_cf(ctx, int64_t(0), [](replica::column_family& cf) {
-            return boost::accumulate(cf.active_memtables() | boost::adaptors::transformed([] (replica::memtable* active_memtable) {
-                return active_memtable->region().occupancy().used_space();
-            }), uint64_t(0));
+            return accumulate_on_active_memtables(cf, [] (replica::memtable& active_memtable) {
+                return active_memtable.region().occupancy().used_space();
+            });
         }, std::plus<int64_t>());
     });
 
@@ -1047,12 +1050,12 @@ void set_column_family(http_context& ctx, routes& r, sharded<db::system_keyspace
     });
 
     cf::set_compaction_strategy_class.set(r, [&ctx](std::unique_ptr<http::request> req) {
+        auto [ks, cf] = parse_fully_qualified_cf_name(req->get_path_param("name"));
         sstring strategy = req->get_query_param("class_name");
         apilog.info("column_family/set_compaction_strategy_class: name={} strategy={}", req->get_path_param("name"), strategy);
-        return foreach_column_family(ctx, req->get_path_param("name"), [strategy](replica::column_family& cf) {
+        return for_tables_on_all_shards(ctx, ks, {std::move(cf)}, [strategy] (replica::table& cf) {
             cf.set_compaction_strategy(sstables::compaction_strategy::type(strategy));
-        }).then([] {
-                return make_ready_future<json::json_return_type>(json_void());
+            return make_ready_future<>();
         });
     });
 
@@ -1117,6 +1120,7 @@ void set_column_family(http_context& ctx, routes& r, sharded<db::system_keyspace
         auto params = req_params({
             std::pair("name", mandatory::yes),
             std::pair("flush_memtables", mandatory::no),
+            std::pair("consider_only_existing_data", mandatory::no),
             std::pair("split_output", mandatory::no),
         });
         params.process(*req);
@@ -1125,7 +1129,8 @@ void set_column_family(http_context& ctx, routes& r, sharded<db::system_keyspace
         }
         auto [ks, cf] = parse_fully_qualified_cf_name(*params.get("name"));
         auto flush = params.get_as<bool>("flush_memtables").value_or(true);
-        apilog.info("column_family/force_major_compaction: name={} flush={}", req->get_path_param("name"), flush);
+        auto consider_only_existing_data = params.get_as<bool>("consider_only_existing_data").value_or(false);
+        apilog.info("column_family/force_major_compaction: name={} flush={} consider_only_existing_data={}", req->get_path_param("name"), flush, consider_only_existing_data);
 
         auto keyspace = validate_keyspace(ctx, ks);
         std::vector<table_info> table_infos = {table_info{
@@ -1135,10 +1140,10 @@ void set_column_family(http_context& ctx, routes& r, sharded<db::system_keyspace
 
         auto& compaction_module = ctx.db.local().get_compaction_manager().get_task_manager_module();
         std::optional<flush_mode> fmopt;
-        if (!flush) {
+        if (!flush && !consider_only_existing_data) {
             fmopt = flush_mode::skip;
         }
-        auto task = co_await compaction_module.make_and_start_task<major_keyspace_compaction_task_impl>({}, std::move(keyspace), tasks::task_id::create_null_id(), ctx.db, std::move(table_infos), fmopt);
+        auto task = co_await compaction_module.make_and_start_task<major_keyspace_compaction_task_impl>({}, std::move(keyspace), tasks::task_id::create_null_id(), ctx.db, std::move(table_infos), fmopt, consider_only_existing_data);
         co_await task->done();
         co_return json_void();
     });

api/column_family.hh

@@ -9,7 +9,6 @@
 #pragma once
 
 #include "replica/database.hh"
-#include <seastar/core/future-util.hh>
 #include <seastar/json/json_elements.hh>
 #include <any>
 #include "api/api_init.hh"
@@ -24,8 +23,6 @@ void set_column_family(http_context& ctx, httpd::routes& r, sharded<db::system_k
 void unset_column_family(http_context& ctx, httpd::routes& r);
 
 table_id get_uuid(const sstring& name, const replica::database& db);
-future<> foreach_column_family(http_context& ctx, const sstring& name, std::function<void(replica::column_family&)> f);
-
 
 template<class Mapper, class I, class Reducer>
 future<I> map_reduce_cf_raw(http_context& ctx, const sstring& name, I init,

api/commitlog.cc

@@ -9,18 +9,20 @@
 #include "commitlog.hh"
 #include "db/commitlog/commitlog.hh"
 #include "api/api-doc/commitlog.json.hh"
+#include "api/api-doc/storage_service.json.hh"
 #include "api/api_init.hh"
 #include "replica/database.hh"
 #include <vector>
 
 namespace api {
 using namespace seastar::httpd;
+namespace ss = httpd::storage_service_json;
 
 template<typename T>
-static auto acquire_cl_metric(http_context& ctx, std::function<T (const db::commitlog*)> func) {
+static auto acquire_cl_metric(sharded<replica::database>& db, std::function<T (const db::commitlog*)> func) {
     typedef T ret_type;
 
-    return ctx.db.map_reduce0([func = std::move(func)](replica::database& db) {
+    return db.map_reduce0([func = std::move(func)](replica::database& db) {
         if (db.commitlog() == nullptr) {
             return make_ready_future<ret_type>();
         }
@@ -30,11 +32,11 @@ static auto acquire_cl_metric(http_context& ctx, std::function<T (const db::comm
     });
 }
 
-void set_commitlog(http_context& ctx, routes& r) {
+void set_commitlog(http_context& ctx, routes& r, sharded<replica::database>& db) {
     httpd::commitlog_json::get_active_segment_names.set(r,
-            [&ctx](std::unique_ptr<request> req) {
+            [&db](std::unique_ptr<request> req) {
         auto res = make_shared<std::vector<sstring>>();
-        return ctx.db.map_reduce([res](std::vector<sstring> names) {
+        return db.map_reduce([res](std::vector<sstring> names) {
             res->insert(res->end(), names.begin(), names.end());
         }, [](replica::database& db) {
             if (db.commitlog() == nullptr) {
@@ -52,20 +54,35 @@ void set_commitlog(http_context& ctx, routes& r) {
         return res;
     });
 
-    httpd::commitlog_json::get_completed_tasks.set(r, [&ctx](std::unique_ptr<request> req) {
-        return acquire_cl_metric<uint64_t>(ctx, std::bind(&db::commitlog::get_completed_tasks, std::placeholders::_1));
+    httpd::commitlog_json::get_completed_tasks.set(r, [&db](std::unique_ptr<request> req) {
+        return acquire_cl_metric<uint64_t>(db, std::bind(&db::commitlog::get_completed_tasks, std::placeholders::_1));
     });
 
-    httpd::commitlog_json::get_pending_tasks.set(r, [&ctx](std::unique_ptr<request> req) {
-        return acquire_cl_metric<uint64_t>(ctx, std::bind(&db::commitlog::get_pending_tasks, std::placeholders::_1));
+    httpd::commitlog_json::get_pending_tasks.set(r, [&db](std::unique_ptr<request> req) {
+        return acquire_cl_metric<uint64_t>(db, std::bind(&db::commitlog::get_pending_tasks, std::placeholders::_1));
     });
 
-    httpd::commitlog_json::get_total_commit_log_size.set(r, [&ctx](std::unique_ptr<request> req) {
-        return acquire_cl_metric<uint64_t>(ctx, std::bind(&db::commitlog::get_total_size, std::placeholders::_1));
+    httpd::commitlog_json::get_total_commit_log_size.set(r, [&db](std::unique_ptr<request> req) {
+        return acquire_cl_metric<uint64_t>(db, std::bind(&db::commitlog::get_total_size, std::placeholders::_1));
     });
-    httpd::commitlog_json::get_max_disk_size.set(r, [&ctx](std::unique_ptr<request> req) {
-        return acquire_cl_metric<uint64_t>(ctx, std::bind(&db::commitlog::disk_limit, std::placeholders::_1));
+    httpd::commitlog_json::get_max_disk_size.set(r, [&db](std::unique_ptr<request> req) {
+        return acquire_cl_metric<uint64_t>(db, std::bind(&db::commitlog::disk_limit, std::placeholders::_1));
     });
+
+    ss::get_commitlog.set(r, [&db](const_req req) {
+        return db.local().commitlog()->active_config().commit_log_location;
+    });
+
+}
+
+void unset_commitlog(http_context& ctx, routes& r) {
+    httpd::commitlog_json::get_active_segment_names.unset(r);
+    httpd::commitlog_json::get_archiving_segment_names.unset(r);
+    httpd::commitlog_json::get_completed_tasks.unset(r);
+    httpd::commitlog_json::get_pending_tasks.unset(r);
+    httpd::commitlog_json::get_total_commit_log_size.unset(r);
+    httpd::commitlog_json::get_max_disk_size.unset(r);
+    ss::get_commitlog.unset(r);
 }
 
 }

api/commitlog.hh

@@ -8,12 +8,17 @@
 
 #pragma once
 
+#include <seastar/core/sharded.hh>
+
 namespace seastar::httpd {
 class routes;
 }
 
+namespace replica { class database; }
+
 namespace api {
 struct http_context;
-void set_commitlog(http_context& ctx, seastar::httpd::routes& r);
+void set_commitlog(http_context& ctx, seastar::httpd::routes& r, seastar::sharded<replica::database>&);
+void unset_commitlog(http_context& ctx, seastar::httpd::routes& r);
 
 }

api/compaction_manager.cc

@@ -7,11 +7,13 @@
  */
 
 #include <seastar/core/coroutine.hh>
+#include <seastar/coroutine/exception.hh>
 
 #include "compaction_manager.hh"
 #include "compaction/compaction_manager.hh"
 #include "api/api.hh"
 #include "api/api-doc/compaction_manager.json.hh"
+#include "api/api-doc/storage_service.json.hh"
 #include "db/system_keyspace.hh"
 #include "column_family.hh"
 #include "unimplemented.hh"
@@ -22,13 +24,14 @@
 namespace api {
 
 namespace cm = httpd::compaction_manager_json;
+namespace ss = httpd::storage_service_json;
 using namespace json;
 using namespace seastar::httpd;
 
-static future<json::json_return_type> get_cm_stats(http_context& ctx,
+static future<json::json_return_type> get_cm_stats(sharded<compaction_manager>& cm,
         int64_t compaction_manager::stats::*f) {
-    return ctx.db.map_reduce0([f](replica::database& db) {
-        return db.get_compaction_manager().get_stats().*f;
+    return cm.map_reduce0([f](compaction_manager& cm) {
+        return cm.get_stats().*f;
     }, int64_t(0), std::plus<int64_t>()).then([](const int64_t& res) {
         return make_ready_future<json::json_return_type>(res);
     });
@@ -43,11 +46,10 @@ static std::unordered_map<std::pair<sstring, sstring>, uint64_t, utils::tuple_ha
     return std::move(a);
 }
 
-void set_compaction_manager(http_context& ctx, routes& r) {
-    cm::get_compactions.set(r, [&ctx] (std::unique_ptr<http::request> req) {
-        return ctx.db.map_reduce0([](replica::database& db) {
+void set_compaction_manager(http_context& ctx, routes& r, sharded<compaction_manager>& cm) {
+    cm::get_compactions.set(r, [&cm] (std::unique_ptr<http::request> req) {
+        return cm.map_reduce0([](compaction_manager& cm) {
             std::vector<cm::summary> summaries;
-            const compaction_manager& cm = db.get_compaction_manager();
 
             for (const auto& c : cm.get_compactions()) {
                 cm::summary s;
@@ -99,10 +101,9 @@ void set_compaction_manager(http_context& ctx, routes& r) {
         return make_ready_future<json::json_return_type>(json_void());
     });
 
-    cm::stop_compaction.set(r, [&ctx] (std::unique_ptr<http::request> req) {
+    cm::stop_compaction.set(r, [&cm] (std::unique_ptr<http::request> req) {
         auto type = req->get_query_param("type");
-        return ctx.db.invoke_on_all([type] (replica::database& db) {
-            auto& cm = db.get_compaction_manager();
+        return cm.invoke_on_all([type] (compaction_manager& cm) {
             return cm.stop_compaction(type);
         }).then([] {
             return make_ready_future<json::json_return_type>(json_void());
@@ -134,8 +135,8 @@ void set_compaction_manager(http_context& ctx, routes& r) {
         }, std::plus<int64_t>());
     });
 
-    cm::get_completed_tasks.set(r, [&ctx] (std::unique_ptr<http::request> req) {
-        return get_cm_stats(ctx, &compaction_manager::stats::completed_tasks);
+    cm::get_completed_tasks.set(r, [&cm] (std::unique_ptr<http::request> req) {
+        return get_cm_stats(cm, &compaction_manager::stats::completed_tasks);
     });
 
     cm::get_total_compactions_completed.set(r, [] (std::unique_ptr<http::request> req) {
@@ -152,11 +153,14 @@ void set_compaction_manager(http_context& ctx, routes& r) {
         return make_ready_future<json::json_return_type>(0);
     });
 
-    cm::get_compaction_history.set(r, [&ctx] (std::unique_ptr<http::request> req) {
-        std::function<future<>(output_stream<char>&&)> f = [&ctx](output_stream<char>&& s) {
-            return do_with(output_stream<char>(std::move(s)), true, [&ctx] (output_stream<char>& s, bool& first){
-                return s.write("[").then([&ctx, &s, &first] {
-                    return ctx.db.local().get_compaction_manager().get_compaction_history([&s, &first](const db::compaction_history_entry& entry) mutable {
+    cm::get_compaction_history.set(r, [&cm] (std::unique_ptr<http::request> req) {
+        std::function<future<>(output_stream<char>&&)> f = [&cm] (output_stream<char>&& out) -> future<> {
+            auto s = std::move(out);
+            bool first = true;
+            std::exception_ptr ex;
+            try {
+                co_await s.write("[");
+                co_await cm.local().get_compaction_history([&s, &first](const db::compaction_history_entry& entry) mutable -> future<> {
                         cm::history h;
                         h.id = fmt::to_string(entry.id);
                         h.ks = std::move(entry.ks);
@@ -164,24 +168,29 @@ void set_compaction_manager(http_context& ctx, routes& r) {
                         h.compacted_at = entry.compacted_at;
                         h.bytes_in = entry.bytes_in;
                         h.bytes_out =  entry.bytes_out;
-                        for (auto it : entry.rows_merged) {
+
+                        std::map<int32_t, int64_t> items(entry.rows_merged.begin(), entry.rows_merged.end());
+                        for (auto it : items) {
                             httpd::compaction_manager_json::row_merged e;
                             e.key = it.first;
                             e.value = it.second;
                             h.rows_merged.push(std::move(e));
                         }
-                        auto fut = first ? make_ready_future<>() : s.write(", ");
+                        if (!first) {
+                            co_await s.write(", ");
+                        }
                         first = false;
-                        return fut.then([&s, h = std::move(h)] {
-                            return formatter::write(s, h);
-                        });
-                    }).then([&s] {
-                        return s.write("]").then([&s] {
-                            return s.close();
-                        });
+                        co_await formatter::write(s, h);
                     });
-                });
-            });
+                co_await s.write("]");
+                co_await s.flush();
+            } catch (...) {
+                ex = std::current_exception();
+            }
+            co_await s.close();
+            if (ex) {
+                co_await coroutine::return_exception_ptr(std::move(ex));
+            }
         };
         return make_ready_future<json::json_return_type>(std::move(f));
     });
@@ -194,6 +203,34 @@ void set_compaction_manager(http_context& ctx, routes& r) {
         return make_ready_future<json::json_return_type>(res);
     });
 
+    ss::get_compaction_throughput_mb_per_sec.set(r, [&cm](std::unique_ptr<http::request> req) {
+        int value = cm.local().throughput_mbs();
+        return make_ready_future<json::json_return_type>(value);
+    });
+
+    ss::set_compaction_throughput_mb_per_sec.set(r, [](std::unique_ptr<http::request> req) {
+        //TBD
+        unimplemented();
+        auto value = req->get_query_param("value");
+        return make_ready_future<json::json_return_type>(json_void());
+    });
+
+}
+
+void unset_compaction_manager(http_context& ctx, routes& r) {
+    cm::get_compactions.unset(r);
+    cm::get_pending_tasks_by_table.unset(r);
+    cm::force_user_defined_compaction.unset(r);
+    cm::stop_compaction.unset(r);
+    cm::stop_keyspace_compaction.unset(r);
+    cm::get_pending_tasks.unset(r);
+    cm::get_completed_tasks.unset(r);
+    cm::get_total_compactions_completed.unset(r);
+    cm::get_bytes_compacted.unset(r);
+    cm::get_compaction_history.unset(r);
+    cm::get_compaction_info.unset(r);
+    ss::get_compaction_throughput_mb_per_sec.unset(r);
+    ss::set_compaction_throughput_mb_per_sec.unset(r);
 }
 
 }

api/compaction_manager.hh

@@ -7,13 +7,17 @@
  */
 
 #pragma once
+#include <seastar/core/sharded.hh>
 
 namespace seastar::httpd {
 class routes;
 }
 
+class compaction_manager;
+
 namespace api {
 struct http_context;
-void set_compaction_manager(http_context& ctx, seastar::httpd::routes& r);
+void set_compaction_manager(http_context& ctx, seastar::httpd::routes& r, seastar::sharded<compaction_manager>& cm);
+void unset_compaction_manager(http_context& ctx, seastar::httpd::routes& r);
 
 }

api/config.cc

@@ -6,8 +6,12 @@
  * SPDX-License-Identifier: AGPL-3.0-or-later
  */
 
+#include "api/api.hh"
 #include "api/config.hh"
 #include "api/api-doc/config.json.hh"
+#include "api/api-doc/storage_proxy.json.hh"
+#include "api/api-doc/storage_service.json.hh"
+#include "replica/database.hh"
 #include "db/config.hh"
 #include <sstream>
 #include <boost/algorithm/string/replace.hpp>
@@ -15,6 +19,8 @@
 
 namespace api {
 using namespace seastar::httpd;
+namespace sp = httpd::storage_proxy_json;
+namespace ss = httpd::storage_service_json;
 
 template<class T>
 json::json_return_type get_json_return_type(const T& val) {
@@ -101,6 +107,112 @@ void set_config(std::shared_ptr < api_registry_builder20 > rb, http_context& ctx
         }
         throw bad_param_exception(sstring("No such config entry: ") + id);
     });
+
+    sp::get_rpc_timeout.set(r, [&cfg](const_req req)  {
+        return cfg.request_timeout_in_ms()/1000.0;
+    });
+
+    sp::set_rpc_timeout.set(r, [](std::unique_ptr<http::request> req)  {
+        //TBD
+        unimplemented();
+        auto enable = req->get_query_param("timeout");
+        return make_ready_future<json::json_return_type>(seastar::json::json_void());
+    });
+
+    sp::get_read_rpc_timeout.set(r, [&cfg](const_req req)  {
+        return cfg.read_request_timeout_in_ms()/1000.0;
+    });
+
+    sp::set_read_rpc_timeout.set(r, [](std::unique_ptr<http::request> req)  {
+        //TBD
+        unimplemented();
+        auto enable = req->get_query_param("timeout");
+        return make_ready_future<json::json_return_type>(seastar::json::json_void());
+    });
+
+    sp::get_write_rpc_timeout.set(r, [&cfg](const_req req)  {
+        return cfg.write_request_timeout_in_ms()/1000.0;
+    });
+
+    sp::set_write_rpc_timeout.set(r, [](std::unique_ptr<http::request> req)  {
+        //TBD
+        unimplemented();
+        auto enable = req->get_query_param("timeout");
+        return make_ready_future<json::json_return_type>(seastar::json::json_void());
+    });
+
+    sp::get_counter_write_rpc_timeout.set(r, [&cfg](const_req req)  {
+        return cfg.counter_write_request_timeout_in_ms()/1000.0;
+    });
+
+    sp::set_counter_write_rpc_timeout.set(r, [](std::unique_ptr<http::request> req)  {
+        //TBD
+        unimplemented();
+        auto enable = req->get_query_param("timeout");
+        return make_ready_future<json::json_return_type>(seastar::json::json_void());
+    });
+
+    sp::get_cas_contention_timeout.set(r, [&cfg](const_req req)  {
+        return cfg.cas_contention_timeout_in_ms()/1000.0;
+    });
+
+    sp::set_cas_contention_timeout.set(r, [](std::unique_ptr<http::request> req)  {
+        //TBD
+        unimplemented();
+        auto enable = req->get_query_param("timeout");
+        return make_ready_future<json::json_return_type>(seastar::json::json_void());
+    });
+
+    sp::get_range_rpc_timeout.set(r, [&cfg](const_req req)  {
+        return cfg.range_request_timeout_in_ms()/1000.0;
+    });
+
+    sp::set_range_rpc_timeout.set(r, [](std::unique_ptr<http::request> req)  {
+        //TBD
+        unimplemented();
+        auto enable = req->get_query_param("timeout");
+        return make_ready_future<json::json_return_type>(seastar::json::json_void());
+    });
+
+    sp::get_truncate_rpc_timeout.set(r, [&cfg](const_req req)  {
+        return cfg.truncate_request_timeout_in_ms()/1000.0;
+    });
+
+    sp::set_truncate_rpc_timeout.set(r, [](std::unique_ptr<http::request> req)  {
+        //TBD
+        unimplemented();
+        auto enable = req->get_query_param("timeout");
+        return make_ready_future<json::json_return_type>(seastar::json::json_void());
+    });
+
+    ss::get_all_data_file_locations.set(r, [&cfg](const_req req) {
+        return container_to_vec(cfg.data_file_directories());
+    });
+
+    ss::get_saved_caches_location.set(r, [&cfg](const_req req) {
+        return cfg.saved_caches_directory();
+    });
+
+}
+
+void unset_config(http_context& ctx, routes& r) {
+    cs::find_config_id.unset(r);
+    sp::get_rpc_timeout.unset(r);
+    sp::set_rpc_timeout.unset(r);
+    sp::get_read_rpc_timeout.unset(r);
+    sp::set_read_rpc_timeout.unset(r);
+    sp::get_write_rpc_timeout.unset(r);
+    sp::set_write_rpc_timeout.unset(r);
+    sp::get_counter_write_rpc_timeout.unset(r);
+    sp::set_counter_write_rpc_timeout.unset(r);
+    sp::get_cas_contention_timeout.unset(r);
+    sp::set_cas_contention_timeout.unset(r);
+    sp::get_range_rpc_timeout.unset(r);
+    sp::set_range_rpc_timeout.unset(r);
+    sp::get_truncate_rpc_timeout.unset(r);
+    sp::set_truncate_rpc_timeout.unset(r);
+    ss::get_all_data_file_locations.unset(r);
+    ss::get_saved_caches_location.unset(r);
 }
 
 }

api/config.hh

@@ -14,4 +14,5 @@
 namespace api {
 
 void set_config(std::shared_ptr<httpd::api_registry_builder20> rb, http_context& ctx, httpd::routes& r, const db::config& cfg, bool first = false);
+void unset_config(http_context& ctx, httpd::routes& r);
 }

api/cql_server_test.cc

@@ -0,0 +1,69 @@
+/*
+ * Copyright (C) 2024-present ScyllaDB
+ */
+
+/*
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+#ifndef SCYLLA_BUILD_MODE_RELEASE
+
+#include <seastar/core/coroutine.hh>
+
+#include "api/api-doc/cql_server_test.json.hh"
+#include "cql_server_test.hh"
+#include "transport/controller.hh"
+#include "transport/server.hh"
+#include "service/qos/qos_common.hh"
+
+namespace api {
+
+namespace cst = httpd::cql_server_test_json;
+using namespace json;
+using namespace seastar::httpd;
+
+struct connection_sl_params : public json::json_base {
+    json::json_element<sstring> _role_name;
+    json::json_element<sstring> _workload_type;
+    json::json_element<sstring> _timeout;
+
+    connection_sl_params(const sstring& role_name, const sstring& workload_type, const sstring& timeout) {
+        _role_name = role_name;
+        _workload_type = workload_type;
+        _timeout = timeout;
+        register_params();
+    }
+
+    connection_sl_params(const connection_sl_params& params)
+        : connection_sl_params(params._role_name(), params._workload_type(), params._timeout()) {}
+
+    void register_params() {
+        add(&_role_name, "role_name");
+        add(&_workload_type, "workload_type");
+        add(&_timeout, "timeout");
+    }    
+};
+
+void set_cql_server_test(http_context& ctx, seastar::httpd::routes& r, cql_transport::controller& ctl) {
+    cst::connections_params.set(r, [&ctl] (std::unique_ptr<http::request> req) -> future<json::json_return_type> {
+        auto sl_params = co_await ctl.get_connections_service_level_params();
+
+        std::vector<connection_sl_params> result;
+        std::ranges::transform(std::move(sl_params), std::back_inserter(result), [] (const cql_transport::connection_service_level_params& params) {
+            auto nanos = std::chrono::duration_cast<std::chrono::nanoseconds>(params.timeout_config.read_timeout).count();
+            return connection_sl_params(
+                    std::move(params.role_name), 
+                    sstring(qos::service_level_options::to_string(params.workload_type)), 
+                    to_string(cql_duration(months_counter{0}, days_counter{0}, nanoseconds_counter{nanos})));
+        });
+        co_return result;
+    });
+}
+
+void unset_cql_server_test(http_context& ctx, seastar::httpd::routes& r) {
+    cst::connections_params.unset(r);
+}
+
+}
+
+#endif

api/cql_server_test.hh

@@ -0,0 +1,29 @@
+/*
+ * Copyright (C) 2024-present ScyllaDB
+ */
+
+/*
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+#ifndef SCYLLA_BUILD_MODE_RELEASE
+
+#pragma once
+
+namespace cql_transport {
+class controller;
+}
+
+namespace seastar::httpd {
+class routes;
+}
+
+namespace api {
+struct http_context;
+
+void set_cql_server_test(http_context& ctx, seastar::httpd::routes& r, cql_transport::controller& ctl);
+void unset_cql_server_test(http_context& ctx, seastar::httpd::routes& r);
+
+}
+
+#endif

api/error_injection.cc

@@ -7,10 +7,8 @@
  */
 
 #include "api/api-doc/error_injection.json.hh"
-#include "api/api.hh"
-
+#include "api/api_init.hh"
 #include <seastar/http/exception.hh>
-#include "log.hh"
 #include "utils/error_injection.hh"
 #include "utils/rjson.hh"
 #include <seastar/core/future-util.hh>
@@ -64,6 +62,32 @@ void set_error_injection(http_context& ctx, routes& r) {
         });
     });
 
+    hf::read_injection.set(r, [](std::unique_ptr<request> req) -> future<json::json_return_type> {
+        const sstring injection = req->get_path_param("injection");
+
+        std::vector<error_injection_json::error_injection_info> error_injection_infos(smp::count, error_injection_json::error_injection_info{});
+
+        co_await smp::invoke_on_all([&] {
+            auto& info = error_injection_infos[this_shard_id()];
+            auto& errinj = utils::get_local_injector();
+            const auto enabled = errinj.is_enabled(injection);
+            info.enabled = enabled;
+            if (!enabled) {
+                return;
+            }
+            std::vector<error_injection_json::mapper> parameters;
+            for (const auto& p : errinj.get_injection_parameters(injection)) {
+                error_injection_json::mapper param;
+                param.key = p.first;
+                param.value = p.second;
+                parameters.push_back(std::move(param));
+            }
+            info.parameters = std::move(parameters);
+        });
+
+        co_return json::json_return_type(error_injection_infos);
+    });
+
     hf::disable_on_all.set(r, [](std::unique_ptr<request> req) {
         auto& errinj = utils::get_local_injector();
         return errinj.disable_on_all().then([] {

api/failure_detector.cc

@@ -99,5 +99,16 @@ void set_failure_detector(http_context& ctx, routes& r, gms::gossiper& g) {
     });
 }
 
+void unset_failure_detector(http_context& ctx, routes& r) {
+    fd::get_all_endpoint_states.unset(r);
+    fd::get_up_endpoint_count.unset(r);
+    fd::get_down_endpoint_count.unset(r);
+    fd::get_phi_convict_threshold.unset(r);
+    fd::get_simple_states.unset(r);
+    fd::set_phi_convict_threshold.unset(r);
+    fd::get_endpoint_state.unset(r);
+    fd::get_endpoint_phi_values.unset(r);
+}
+
 }
 

api/failure_detector.hh

@@ -19,5 +19,6 @@ class gossiper;
 namespace api {
 
 void set_failure_detector(http_context& ctx, httpd::routes& r, gms::gossiper& g);
+void unset_failure_detector(http_context& ctx, httpd::routes& r);
 
 }

api/gossiper.cc

@@ -71,4 +71,14 @@ void set_gossiper(http_context& ctx, routes& r, gms::gossiper& g) {
     });
 }
 
+void unset_gossiper(http_context& ctx, routes& r) {
+    httpd::gossiper_json::get_down_endpoint.unset(r);
+    httpd::gossiper_json::get_live_endpoint.unset(r);
+    httpd::gossiper_json::get_endpoint_downtime.unset(r);
+    httpd::gossiper_json::get_current_generation_number.unset(r);
+    httpd::gossiper_json::get_current_heart_beat_version.unset(r);
+    httpd::gossiper_json::assassinate_endpoint.unset(r);
+    httpd::gossiper_json::force_remove_endpoint.unset(r);
+}
+
 }

api/gossiper.hh

@@ -19,5 +19,6 @@ class gossiper;
 namespace api {
 
 void set_gossiper(http_context& ctx, httpd::routes& r, gms::gossiper& g);
+void unset_gossiper(http_context& ctx, httpd::routes& r);
 
 }

api/lsa.cc

@@ -11,7 +11,7 @@
 
 #include <seastar/http/exception.hh>
 #include "utils/logalloc.hh"
-#include "log.hh"
+#include "utils/log.hh"
 
 namespace api {
 using namespace seastar::httpd;

api/raft.cc

@@ -8,10 +8,11 @@
 
 #include <seastar/core/coroutine.hh>
 
-#include "api/api.hh"
 #include "api/api-doc/raft.json.hh"
 
 #include "service/raft/raft_group_registry.hh"
+#include "service/raft/raft_address_map.hh"
+#include "utils/log.hh"
 
 using namespace seastar::httpd;
 
@@ -19,23 +20,128 @@ extern logging::logger apilog;
 
 namespace api {
 
+struct http_context;
 namespace r = httpd::raft_json;
 using namespace json;
 
+
+namespace {
+
+::service::raft_timeout get_request_timeout(const http::request& req) {
+    return std::invoke([timeout_str = req.get_query_param("timeout")] {
+        if (timeout_str.empty()) {
+            return ::service::raft_timeout{};
+        }
+        auto dur = std::stoll(timeout_str);
+        if (dur <= 0) {
+            throw bad_param_exception{"Timeout must be a positive number."};
+        }
+        return ::service::raft_timeout{.value = lowres_clock::now() + std::chrono::seconds{dur}};
+    });
+}
+
+}  // namespace
+
+
 void set_raft(http_context&, httpd::routes& r, sharded<service::raft_group_registry>& raft_gr) {
     r::trigger_snapshot.set(r, [&raft_gr] (std::unique_ptr<http::request> req) -> future<json_return_type> {
         raft::group_id gid{utils::UUID{req->get_path_param("group_id")}};
-        auto timeout_dur = std::invoke([timeout_str = req->get_query_param("timeout")] {
-            if (timeout_str.empty()) {
-                return std::chrono::seconds{60};
+        auto timeout = get_request_timeout(*req);
+
+        std::atomic<bool> found_srv{false};
+        co_await raft_gr.invoke_on_all([gid, timeout, &found_srv] (service::raft_group_registry& raft_gr) -> future<> {
+            if (!raft_gr.find_server(gid)) {
+                co_return;
             }
-            auto dur = std::stoll(timeout_str);
-            if (dur <= 0) {
-                throw std::runtime_error{"Timeout must be a positive number."};
+
+            found_srv = true;
+            apilog.info("Triggering Raft group {} snapshot", gid);
+            auto srv = raft_gr.get_server_with_timeouts(gid);
+            auto result = co_await srv.trigger_snapshot(nullptr, timeout);
+            if (result) {
+                apilog.info("New snapshot for Raft group {} created", gid);
+            } else {
+                apilog.info("Could not create new snapshot for Raft group {}, no new entries applied", gid);
             }
-            return std::chrono::seconds{dur};
         });
 
+        if (!found_srv) {
+            throw bad_param_exception{fmt::format("Server for group ID {} not found", gid)};
+        }
+
+        co_return json_void{};
+    });
+    r::get_leader_host.set(r, [&raft_gr] (std::unique_ptr<http::request> req) -> future<json_return_type> {
+        if (!req->query_parameters.contains("group_id")) {
+            const auto leader_id = co_await raft_gr.invoke_on(0, [] (service::raft_group_registry& raft_gr) {
+                auto& srv = raft_gr.group0();
+                return srv.current_leader();
+            });
+            co_return json_return_type{leader_id.to_sstring()};
+        }
+
+        const raft::group_id gid{utils::UUID{req->get_query_param("group_id")}};
+
+        std::atomic<bool> found_srv{false};
+        std::atomic<raft::server_id> leader_id = raft::server_id::create_null_id();
+        co_await raft_gr.invoke_on_all([gid, &found_srv, &leader_id] (service::raft_group_registry& raft_gr) {
+            if (raft_gr.find_server(gid)) {
+                found_srv = true;
+                leader_id = raft_gr.get_server(gid).current_leader();
+            }
+            return make_ready_future<>();
+        });
+
+        if (!found_srv) {
+            throw bad_param_exception{fmt::format("Server for group ID {} not found", gid)};
+        }
+
+        co_return json_return_type(leader_id.load().to_sstring());
+    });
+    r::read_barrier.set(r, [&raft_gr] (std::unique_ptr<http::request> req) -> future<json_return_type> {
+        auto timeout = get_request_timeout(*req);
+
+        if (!req->query_parameters.contains("group_id")) {
+            // Read barrier on group 0 by default
+            co_await raft_gr.invoke_on(0, [timeout] (service::raft_group_registry& raft_gr) -> future<> {
+                co_await raft_gr.group0_with_timeouts().read_barrier(nullptr, timeout);
+            });
+            co_return json_void{};
+        }
+
+        raft::group_id gid{utils::UUID{req->get_query_param("group_id")}};
+
+        std::atomic<bool> found_srv{false};
+        co_await raft_gr.invoke_on_all([gid, timeout, &found_srv] (service::raft_group_registry& raft_gr) -> future<> {
+            if (!raft_gr.find_server(gid)) {
+                co_return;
+            }
+            found_srv = true;
+            co_await raft_gr.get_server_with_timeouts(gid).read_barrier(nullptr, timeout);
+        });
+
+        if (!found_srv) {
+            throw bad_param_exception{fmt::format("Server for group ID {} not found", gid)};
+        }
+
+        co_return json_void{};
+    });
+    r::trigger_stepdown.set(r, [&raft_gr] (std::unique_ptr<http::request> req) -> future<json_return_type> {
+        auto timeout = get_request_timeout(*req);
+        auto dur = timeout.value ? *timeout.value - lowres_clock::now() : std::chrono::seconds(60);
+        const auto stepdown_timeout_ticks = dur / service::raft_tick_interval;
+        auto timeout_dur = raft::logical_clock::duration(stepdown_timeout_ticks);
+
+        if (!req->query_parameters.contains("group_id")) {
+            // Stepdown on group 0 by default
+            co_await raft_gr.invoke_on(0, [timeout_dur] (service::raft_group_registry& raft_gr) {
+                apilog.info("Triggering stepdown for group0");
+                return raft_gr.group0().stepdown(timeout_dur);
+            });
+            co_return json_void{};
+        }
+        raft::group_id gid{utils::UUID{req->get_path_param("group_id")}};
+
         std::atomic<bool> found_srv{false};
         co_await raft_gr.invoke_on_all([gid, timeout_dur, &found_srv] (service::raft_group_registry& raft_gr) -> future<> {
             auto* srv = raft_gr.find_server(gid);
@@ -44,14 +150,8 @@ void set_raft(http_context&, httpd::routes& r, sharded<service::raft_group_regis
             }
 
             found_srv = true;
-            abort_on_expiry aoe(lowres_clock::now() + timeout_dur);
-            apilog.info("Triggering Raft group {} snapshot", gid);
-            auto result = co_await srv->trigger_snapshot(&aoe.abort_source());
-            if (result) {
-                apilog.info("New snapshot for Raft group {} created", gid);
-            } else {
-                apilog.info("Could not create new snapshot for Raft group {}, no new entries applied", gid);
-            }
+            apilog.info("Triggering stepdown for group {}", gid);
+            co_await srv->stepdown(timeout_dur);
         });
 
         if (!found_srv) {
@@ -60,25 +160,13 @@ void set_raft(http_context&, httpd::routes& r, sharded<service::raft_group_regis
 
         co_return json_void{};
     });
-    r::get_leader_host.set(r, [&raft_gr] (std::unique_ptr<http::request> req) -> future<json_return_type> {
-        return smp::submit_to(0, [&] {
-            auto& srv = std::invoke([&] () -> raft::server& {
-                if (req->query_parameters.contains("group_id")) {
-                    raft::group_id id{utils::UUID{req->get_query_param("group_id")}};
-                    return raft_gr.local().get_server(id);
-                } else {
-                    return raft_gr.local().group0();
-                }
-            });
-            return json_return_type(srv.current_leader().to_sstring());
-        });
-    });
 }
 
 void unset_raft(http_context&, httpd::routes& r) {
     r::trigger_snapshot.unset(r);
     r::get_leader_host.unset(r);
+    r::read_barrier.unset(r);
+    r::trigger_stepdown.unset(r);
 }
 
 }
-

api/scrub_status.hh

@@ -6,6 +6,8 @@
  * SPDX-License-Identifier: AGPL-3.0-or-later
  */
 
+#pragma once
+
 namespace api {
 
 enum class scrub_status {

api/storage_proxy.cc

@@ -13,7 +13,6 @@
 #include "api/api-doc/utils.json.hh"
 #include "db/config.hh"
 #include "utils/histogram.hh"
-#include "replica/database.hh"
 #include <seastar/core/scheduling_specific.hh>
 
 namespace api {
@@ -259,83 +258,6 @@ void set_storage_proxy(http_context& ctx, routes& r, sharded<service::storage_pr
         return make_ready_future<json::json_return_type>(0);
     });
 
-    sp::get_rpc_timeout.set(r, [&ctx](const_req req)  {
-        return ctx.db.local().get_config().request_timeout_in_ms()/1000.0;
-    });
-
-    sp::set_rpc_timeout.set(r, [](std::unique_ptr<http::request> req)  {
-        //TBD
-        unimplemented();
-        auto enable = req->get_query_param("timeout");
-        return make_ready_future<json::json_return_type>(json_void());
-    });
-
-    sp::get_read_rpc_timeout.set(r, [&ctx](const_req req)  {
-        return ctx.db.local().get_config().read_request_timeout_in_ms()/1000.0;
-    });
-
-    sp::set_read_rpc_timeout.set(r, [](std::unique_ptr<http::request> req)  {
-        //TBD
-        unimplemented();
-        auto enable = req->get_query_param("timeout");
-        return make_ready_future<json::json_return_type>(json_void());
-    });
-
-    sp::get_write_rpc_timeout.set(r, [&ctx](const_req req)  {
-        return ctx.db.local().get_config().write_request_timeout_in_ms()/1000.0;
-    });
-
-    sp::set_write_rpc_timeout.set(r, [](std::unique_ptr<http::request> req)  {
-        //TBD
-        unimplemented();
-        auto enable = req->get_query_param("timeout");
-        return make_ready_future<json::json_return_type>(json_void());
-    });
-
-    sp::get_counter_write_rpc_timeout.set(r, [&ctx](const_req req)  {
-        return ctx.db.local().get_config().counter_write_request_timeout_in_ms()/1000.0;
-    });
-
-    sp::set_counter_write_rpc_timeout.set(r, [](std::unique_ptr<http::request> req)  {
-        //TBD
-        unimplemented();
-        auto enable = req->get_query_param("timeout");
-        return make_ready_future<json::json_return_type>(json_void());
-    });
-
-    sp::get_cas_contention_timeout.set(r, [&ctx](const_req req)  {
-        return ctx.db.local().get_config().cas_contention_timeout_in_ms()/1000.0;
-    });
-
-    sp::set_cas_contention_timeout.set(r, [](std::unique_ptr<http::request> req)  {
-        //TBD
-        unimplemented();
-        auto enable = req->get_query_param("timeout");
-        return make_ready_future<json::json_return_type>(json_void());
-    });
-
-    sp::get_range_rpc_timeout.set(r, [&ctx](const_req req)  {
-        return ctx.db.local().get_config().range_request_timeout_in_ms()/1000.0;
-    });
-
-    sp::set_range_rpc_timeout.set(r, [](std::unique_ptr<http::request> req)  {
-        //TBD
-        unimplemented();
-        auto enable = req->get_query_param("timeout");
-        return make_ready_future<json::json_return_type>(json_void());
-    });
-
-    sp::get_truncate_rpc_timeout.set(r, [&ctx](const_req req)  {
-        return ctx.db.local().get_config().truncate_request_timeout_in_ms()/1000.0;
-    });
-
-    sp::set_truncate_rpc_timeout.set(r, [](std::unique_ptr<http::request> req)  {
-        //TBD
-        unimplemented();
-        auto enable = req->get_query_param("timeout");
-        return make_ready_future<json::json_return_type>(json_void());
-    });
-
     sp::reload_trigger_classes.set(r, [](std::unique_ptr<http::request> req)  {
         //TBD
         unimplemented();
@@ -516,20 +438,6 @@ void unset_storage_proxy(http_context& ctx, routes& r) {
     sp::get_max_hints_in_progress.unset(r);
     sp::set_max_hints_in_progress.unset(r);
     sp::get_hints_in_progress.unset(r);
-    sp::get_rpc_timeout.unset(r);
-    sp::set_rpc_timeout.unset(r);
-    sp::get_read_rpc_timeout.unset(r);
-    sp::set_read_rpc_timeout.unset(r);
-    sp::get_write_rpc_timeout.unset(r);
-    sp::set_write_rpc_timeout.unset(r);
-    sp::get_counter_write_rpc_timeout.unset(r);
-    sp::set_counter_write_rpc_timeout.unset(r);
-    sp::get_cas_contention_timeout.unset(r);
-    sp::set_cas_contention_timeout.unset(r);
-    sp::get_range_rpc_timeout.unset(r);
-    sp::set_range_rpc_timeout.unset(r);
-    sp::get_truncate_rpc_timeout.unset(r);
-    sp::set_truncate_rpc_timeout.unset(r);
     sp::reload_trigger_classes.unset(r);
     sp::get_read_repair_attempted.unset(r);
     sp::get_read_repair_repaired_blocking.unset(r);

api/storage_service.cc

@@ -30,16 +30,16 @@
 #include "service/raft/raft_group0_client.hh"
 #include "service/storage_service.hh"
 #include "service/load_meter.hh"
-#include "db/commitlog/commitlog.hh"
 #include "gms/gossiper.hh"
 #include "db/system_keyspace.hh"
 #include <seastar/http/exception.hh>
 #include <seastar/core/coroutine.hh>
 #include <seastar/coroutine/parallel_for_each.hh>
+#include <seastar/coroutine/exception.hh>
 #include "repair/row_level.hh"
 #include "locator/snitch_base.hh"
 #include "column_family.hh"
-#include "log.hh"
+#include "utils/log.hh"
 #include "release.hh"
 #include "compaction/compaction_manager.hh"
 #include "compaction/task_manager_module.hh"
@@ -48,12 +48,13 @@
 #include "db/extensions.hh"
 #include "db/snapshot-ctl.hh"
 #include "transport/controller.hh"
-#include "thrift/controller.hh"
 #include "locator/token_metadata.hh"
 #include "cdc/generation_service.hh"
 #include "locator/abstract_replication_strategy.hh"
 #include "sstables_loader.hh"
 #include "db/view/view_builder.hh"
+#include "utils/rjson.hh"
+#include "utils/user_provided_param.hh"
 
 using namespace seastar::httpd;
 using namespace std::chrono_literals;
@@ -306,21 +307,17 @@ future<scrub_info> parse_scrub_options(const http_context& ctx, sharded<db::snap
 }
 
 void set_transport_controller(http_context& ctx, routes& r, cql_transport::controller& ctl) {
-    ss::start_native_transport.set(r, [&ctx, &ctl](std::unique_ptr<http::request> req) {
+    ss::start_native_transport.set(r, [&ctl](std::unique_ptr<http::request> req) {
         return smp::submit_to(0, [&] {
-            return with_scheduling_group(ctx.db.local().get_statement_scheduling_group(), [&ctl] {
-                return ctl.start_server();
-            });
+            return ctl.start_server();
         }).then([] {
             return make_ready_future<json::json_return_type>(json_void());
         });
     });
 
-    ss::stop_native_transport.set(r, [&ctx, &ctl](std::unique_ptr<http::request> req) {
+    ss::stop_native_transport.set(r, [&ctl](std::unique_ptr<http::request> req) {
         return smp::submit_to(0, [&] {
-            return with_scheduling_group(ctx.db.local().get_statement_scheduling_group(), [&ctl] {
-                return ctl.request_stop_server();
-            });
+            return ctl.request_stop_server();
         }).then([] {
             return make_ready_future<json::json_return_type>(json_void());
         });
@@ -341,40 +338,17 @@ void unset_transport_controller(http_context& ctx, routes& r) {
     ss::is_native_transport_running.unset(r);
 }
 
-void set_rpc_controller(http_context& ctx, routes& r, thrift_controller& ctl) {
-    ss::stop_rpc_server.set(r, [&ctx, &ctl](std::unique_ptr<http::request> req) {
-        return smp::submit_to(0, [&] {
-            return with_scheduling_group(ctx.db.local().get_statement_scheduling_group(), [&ctl] {
-                return ctl.request_stop_server();
-            });
-        }).then([] {
-            return make_ready_future<json::json_return_type>(json_void());
-        });
-    });
-
-    ss::start_rpc_server.set(r, [&ctx, &ctl](std::unique_ptr<http::request> req) {
-        return smp::submit_to(0, [&] {
-            return with_scheduling_group(ctx.db.local().get_statement_scheduling_group(), [&ctl] {
-                return ctl.start_server();
-            });
-        }).then([] {
-            return make_ready_future<json::json_return_type>(json_void());
-        });
-    });
-
-    ss::is_rpc_server_running.set(r, [&ctl] (std::unique_ptr<http::request> req) {
-        return smp::submit_to(0, [&] {
-            return !ctl.listen_addresses().empty();
-        }).then([] (bool running) {
-            return make_ready_future<json::json_return_type>(running);
+// NOTE: preserved only for backward compatibility
+void set_thrift_controller(http_context& ctx, routes& r) {
+    ss::is_thrift_server_running.set(r, [] (std::unique_ptr<http::request> req) {
+        return smp::submit_to(0, [] {
+            return make_ready_future<json::json_return_type>(false);
         });
     });
 }
 
-void unset_rpc_controller(http_context& ctx, routes& r) {
-    ss::stop_rpc_server.unset(r);
-    ss::start_rpc_server.unset(r);
-    ss::is_rpc_server_running.unset(r);
+void unset_thrift_controller(http_context& ctx, routes& r) {
+    ss::is_thrift_server_running.unset(r);
 }
 
 void set_repair(http_context& ctx, routes& r, sharded<repair_service>& repair) {
@@ -516,10 +490,32 @@ void set_sstables_loader(http_context& ctx, routes& r, sharded<sstables_loader>&
             return make_ready_future<json::json_return_type>(json_void());
         });
     });
+
+    ss::start_restore.set(r, [&sst_loader] (std::unique_ptr<http::request> req) -> future<json::json_return_type> {
+        auto endpoint = req->get_query_param("endpoint");
+        auto keyspace = req->get_query_param("keyspace");
+        auto table = req->get_query_param("table");
+        auto bucket = req->get_query_param("bucket");
+        auto prefix = req->get_query_param("prefix");
+
+        // TODO: the http_server backing the API does not use content streaming
+        // should use it for better performance
+        rjson::value parsed = rjson::parse(req->content);
+        if (!parsed.IsArray()) {
+            throw httpd::bad_param_exception("malformatted sstables in body");
+        }
+        auto sstables = parsed.GetArray() |
+            std::views::transform([] (const auto& s) { return sstring(rjson::to_string_view(s)); }) |
+            std::ranges::to<std::vector>();
+        auto task_id = co_await sst_loader.local().download_new_sstables(keyspace, table, prefix, std::move(sstables), endpoint, bucket);
+        co_return json::json_return_type(fmt::to_string(task_id));
+    });
+
 }
 
 void unset_sstables_loader(http_context& ctx, routes& r) {
     ss::load_new_ss_tables.unset(r);
+    ss::start_restore.unset(r);
 }
 
 void set_view_builder(http_context& ctx, routes& r, sharded<db::view::view_builder>& vb) {
@@ -547,10 +543,6 @@ static future<json::json_return_type> describe_ring_as_json_for_table(const shar
 }
 
 void set_storage_service(http_context& ctx, routes& r, sharded<service::storage_service>& ss, service::raft_group0_client& group0_client) {
-    ss::get_commitlog.set(r, [&ctx](const_req req) {
-        return ctx.db.local().commitlog()->active_config().commit_log_location;
-    });
-
     ss::get_token_endpoint.set(r, [&ctx, &ss] (std::unique_ptr<http::request> req) -> future<json::json_return_type> {
         const auto keyspace_name = req->get_query_param("keyspace");
         const auto table_name = req->get_query_param("cf");
@@ -637,14 +629,6 @@ void set_storage_service(http_context& ctx, routes& r, sharded<service::storage_
         return ss.local().get_schema_version();
     });
 
-    ss::get_all_data_file_locations.set(r, [&ctx](const_req req) {
-        return container_to_vec(ctx.db.local().get_config().data_file_directories());
-    });
-
-    ss::get_saved_caches_location.set(r, [&ctx](const_req req) {
-        return ctx.db.local().get_config().saved_caches_directory();
-    });
-
     ss::get_range_to_endpoint_map.set(r, [&ctx, &ss](std::unique_ptr<http::request> req) -> future<json::json_return_type> {
         auto keyspace = validate_keyspace(ctx, req);
         auto table = req->get_query_param("cf");
@@ -708,19 +692,6 @@ void set_storage_service(http_context& ctx, routes& r, sharded<service::storage_
         return get_cf_stats(ctx, &replica::column_family_stats::live_disk_space_used);
     });
 
-    ss::get_load_map.set(r, [&ctx] (std::unique_ptr<http::request> req) {
-        return ctx.lmeter.get_load_map().then([] (auto&& load_map) {
-            std::vector<ss::map_string_double> res;
-            for (auto i : load_map) {
-                ss::map_string_double val;
-                val.key = i.first;
-                val.value = i.second;
-                res.push_back(val);
-            }
-            return make_ready_future<json::json_return_type>(res);
-        });
-    });
-
     ss::get_current_generation_number.set(r, [&ss](std::unique_ptr<http::request> req) {
         auto ep = ss.local().get_token_metadata().get_topology().my_address();
         return ss.local().gossiper().get_current_generation_number(ep).then([](gms::generation_type res) {
@@ -746,17 +717,19 @@ void set_storage_service(http_context& ctx, routes& r, sharded<service::storage_
         auto& db = ctx.db;
         auto params = req_params({
             std::pair("flush_memtables", mandatory::no),
+            std::pair("consider_only_existing_data", mandatory::no),
         });
         params.process(*req);
         auto flush = params.get_as<bool>("flush_memtables").value_or(true);
-        apilog.info("force_compaction: flush={}", flush);
+        auto consider_only_existing_data = params.get_as<bool>("consider_only_existing_data").value_or(false);
+        apilog.info("force_compaction: flush={} consider_only_existing_data={}", flush, consider_only_existing_data);
 
         auto& compaction_module = db.local().get_compaction_manager().get_task_manager_module();
         std::optional<flush_mode> fmopt;
-        if (!flush) {
+        if (!flush && !consider_only_existing_data) {
             fmopt = flush_mode::skip;
         }
-        auto task = co_await compaction_module.make_and_start_task<global_major_compaction_task_impl>({}, db, fmopt);
+        auto task = co_await compaction_module.make_and_start_task<global_major_compaction_task_impl>({}, db, fmopt, consider_only_existing_data);
         try {
             co_await task->done();
         } catch (...) {
@@ -773,19 +746,21 @@ void set_storage_service(http_context& ctx, routes& r, sharded<service::storage_
             std::pair("keyspace", mandatory::yes),
             std::pair("cf", mandatory::no),
             std::pair("flush_memtables", mandatory::no),
+            std::pair("consider_only_existing_data", mandatory::no),
         });
         params.process(*req);
         auto keyspace = validate_keyspace(ctx, *params.get("keyspace"));
         auto table_infos = parse_table_infos(keyspace, ctx, params.get("cf").value_or(""));
         auto flush = params.get_as<bool>("flush_memtables").value_or(true);
-        apilog.debug("force_keyspace_compaction: keyspace={} tables={}, flush={}", keyspace, table_infos, flush);
+        auto consider_only_existing_data = params.get_as<bool>("consider_only_existing_data").value_or(false);
+        apilog.info("force_keyspace_compaction: keyspace={} tables={}, flush={} consider_only_existing_data={}", keyspace, table_infos, flush, consider_only_existing_data);
 
         auto& compaction_module = db.local().get_compaction_manager().get_task_manager_module();
         std::optional<flush_mode> fmopt;
-        if (!flush) {
+        if (!flush && !consider_only_existing_data) {
             fmopt = flush_mode::skip;
         }
-        auto task = co_await compaction_module.make_and_start_task<major_keyspace_compaction_task_impl>({}, std::move(keyspace), tasks::task_id::create_null_id(), db, table_infos, fmopt);
+        auto task = co_await compaction_module.make_and_start_task<major_keyspace_compaction_task_impl>({}, std::move(keyspace), tasks::task_id::create_null_id(), db, table_infos, fmopt, consider_only_existing_data);
         try {
             co_await task->done();
         } catch (...) {
@@ -924,7 +899,8 @@ void set_storage_service(http_context& ctx, routes& r, sharded<service::storage_
         auto host_id = validate_host_id(req->get_query_param("host_id"));
         std::vector<sstring> ignore_nodes_strs = utils::split_comma_separated_list(req->get_query_param("ignore_nodes"));
         apilog.info("remove_node: host_id={} ignore_nodes={}", host_id, ignore_nodes_strs);
-        auto ignore_nodes = std::list<locator::host_id_or_endpoint>();
+        locator::host_id_or_endpoint_list ignore_nodes;
+        ignore_nodes.reserve(ignore_nodes_strs.size());
         for (const sstring& n : ignore_nodes_strs) {
             try {
                 auto hoep = locator::host_id_or_endpoint(n);
@@ -933,7 +909,7 @@ void set_storage_service(http_context& ctx, routes& r, sharded<service::storage_
                 }
                 ignore_nodes.push_back(std::move(hoep));
             } catch (...) {
-                throw std::runtime_error(format("Failed to parse ignore_nodes parameter: ignore_nodes={}, node={}: {}", ignore_nodes_strs, n, std::current_exception()));
+                throw std::runtime_error(fmt::format("Failed to parse ignore_nodes parameter: ignore_nodes={}, node={}: {}", ignore_nodes_strs, n, std::current_exception()));
             }
         }
         return ss.local().removenode(host_id, std::move(ignore_nodes)).then([] {
@@ -1087,18 +1063,6 @@ void set_storage_service(http_context& ctx, routes& r, sharded<service::storage_
         return make_ready_future<json::json_return_type>(0);
     });
 
-    ss::get_compaction_throughput_mb_per_sec.set(r, [&ctx](std::unique_ptr<http::request> req) {
-        int value = ctx.db.local().get_config().compaction_throughput_mb_per_sec();
-        return make_ready_future<json::json_return_type>(value);
-    });
-
-    ss::set_compaction_throughput_mb_per_sec.set(r, [](std::unique_ptr<http::request> req) {
-        //TBD
-        unimplemented();
-        auto value = req->get_query_param("value");
-        return make_ready_future<json::json_return_type>(json_void());
-    });
-
     ss::is_incremental_backups_enabled.set(r, [&ctx](std::unique_ptr<http::request> req) {
         // If this is issued in parallel with an ongoing change, we may see values not agreeing.
         // Reissuing is asking for trouble, so we will just return true upon seeing any true value.
@@ -1136,7 +1100,16 @@ void set_storage_service(http_context& ctx, routes& r, sharded<service::storage_
     });
 
     ss::rebuild.set(r, [&ss](std::unique_ptr<http::request> req) {
-        auto source_dc = req->get_query_param("source_dc");
+        utils::optional_param source_dc;
+        if (auto source_dc_str = req->get_query_param("source_dc"); !source_dc_str.empty()) {
+            source_dc.emplace(std::move(source_dc_str)).set_user_provided();
+        }
+        if (auto force_str = req->get_query_param("force"); !force_str.empty() && service::loosen_constraints(validate_bool(force_str))) {
+            if (!source_dc) {
+                throw bad_param_exception("The `source_dc` option must be provided for using the `force` option");
+            }
+            source_dc.set_force();
+        }
         apilog.info("rebuild: source_dc={}", source_dc);
         return ss.local().rebuild(std::move(source_dc)).then([] {
             return make_ready_future<json::json_return_type>(json_void());
@@ -1479,12 +1452,7 @@ void set_storage_service(http_context& ctx, routes& r, sharded<service::storage_
     ss::reload_raft_topology_state.set(r,
             [&ss, &group0_client] (std::unique_ptr<http::request> req) -> future<json::json_return_type> {
         co_await ss.invoke_on(0, [&group0_client] (service::storage_service& ss) -> future<> {
-            apilog.info("Waiting for group 0 read/apply mutex before reloading Raft topology state...");
-            auto holder = co_await group0_client.hold_read_apply_mutex();
-            apilog.info("Reloading Raft topology state");
-            // Using topology_transition() instead of topology_state_load(), because the former notifies listeners
-            co_await ss.topology_transition();
-            apilog.info("Reloaded Raft topology state");
+            return ss.reload_raft_topology_state(group0_client);
         });
         co_return json_void();
     });
@@ -1593,19 +1561,15 @@ void set_storage_service(http_context& ctx, routes& r, sharded<service::storage_
 }
 
 void unset_storage_service(http_context& ctx, routes& r) {
-    ss::get_commitlog.unset(r);
     ss::get_token_endpoint.unset(r);
     ss::toppartitions_generic.unset(r);
     ss::get_release_version.unset(r);
     ss::get_scylla_release_version.unset(r);
     ss::get_schema_version.unset(r);
-    ss::get_all_data_file_locations.unset(r);
-    ss::get_saved_caches_location.unset(r);
     ss::get_range_to_endpoint_map.unset(r);
     ss::get_pending_range_to_endpoint_map.unset(r);
     ss::describe_ring.unset(r);
     ss::get_load.unset(r);
-    ss::get_load_map.unset(r);
     ss::get_current_generation_number.unset(r);
     ss::get_natural_endpoints.unset(r);
     ss::cdc_streams_check_and_repair.unset(r);
@@ -1639,8 +1603,6 @@ void unset_storage_service(http_context& ctx, routes& r) {
     ss::is_joined.unset(r);
     ss::set_stream_throughput_mb_per_sec.unset(r);
     ss::get_stream_throughput_mb_per_sec.unset(r);
-    ss::get_compaction_throughput_mb_per_sec.unset(r);
-    ss::set_compaction_throughput_mb_per_sec.unset(r);
     ss::is_incremental_backups_enabled.unset(r);
     ss::set_incremental_backups_enabled.unset(r);
     ss::rebuild.unset(r);
@@ -1681,36 +1643,63 @@ void unset_storage_service(http_context& ctx, routes& r) {
     sp::get_schema_versions.unset(r);
 }
 
+void set_load_meter(http_context& ctx, routes& r, service::load_meter& lm) {
+    ss::get_load_map.set(r, [&lm] (std::unique_ptr<http::request> req) -> future<json::json_return_type> {
+        auto load_map = co_await lm.get_load_map();
+        std::vector<ss::map_string_double> res;
+        for (auto i : load_map) {
+            ss::map_string_double val;
+            val.key = i.first;
+            val.value = i.second;
+            res.push_back(val);
+        }
+        co_return res;
+    });
+}
+
+void unset_load_meter(http_context& ctx, routes& r) {
+    ss::get_load_map.unset(r);
+}
+
 void set_snapshot(http_context& ctx, routes& r, sharded<db::snapshot_ctl>& snap_ctl) {
     ss::get_snapshot_details.set(r, [&snap_ctl](std::unique_ptr<http::request> req) -> future<json::json_return_type> {
         auto result = co_await snap_ctl.local().get_snapshot_details();
         co_return std::function([res = std::move(result)] (output_stream<char>&& o) -> future<> {
-            auto result = std::move(res);
+            std::exception_ptr ex;
             output_stream<char> out = std::move(o);
-            bool first = true;
+            try {
+                auto result = std::move(res);
+                bool first = true;
 
-            co_await out.write("[");
-            for (auto& [name, details] : result) {
-                if (!first) {
-                    co_await out.write(", ");
+                co_await out.write("[");
+                for (auto& [name, details] : result) {
+                    if (!first) {
+                        co_await out.write(", ");
+                    }
+                    std::vector<ss::snapshot> snapshot;
+                    for (auto& cf : details) {
+                        ss::snapshot snp;
+                        snp.ks = cf.ks;
+                        snp.cf = cf.cf;
+                        snp.live = cf.details.live;
+                        snp.total = cf.details.total;
+                        snapshot.push_back(std::move(snp));
+                    }
+                    ss::snapshots all_snapshots;
+                    all_snapshots.key = name;
+                    all_snapshots.value = std::move(snapshot);
+                    co_await all_snapshots.write(out);
+                    first = false;
                 }
-                std::vector<ss::snapshot> snapshot;
-                for (auto& cf : details) {
-                    ss::snapshot snp;
-                    snp.ks = cf.ks;
-                    snp.cf = cf.cf;
-                    snp.live = cf.details.live;
-                    snp.total = cf.details.total;
-                    snapshot.push_back(std::move(snp));
-                }
-                ss::snapshots all_snapshots;
-                all_snapshots.key = name;
-                all_snapshots.value = std::move(snapshot);
-                co_await all_snapshots.write(out);
-                first = false;
+                co_await out.write("]");
+                co_await out.flush();
+            } catch (...) {
+              ex = std::current_exception();
             }
-            co_await out.write("]");
             co_await out.close();
+            if (ex) {
+                co_await coroutine::return_exception_ptr(std::move(ex));
+            }
         });
     });
 
@@ -1790,6 +1779,23 @@ void set_snapshot(http_context& ctx, routes& r, sharded<db::snapshot_ctl>& snap_
         co_return json::json_return_type(static_cast<int>(scrub_status::successful));
     });
 
+    ss::start_backup.set(r, [&snap_ctl] (std::unique_ptr<http::request> req) -> future<json::json_return_type> {
+        auto endpoint = req->get_query_param("endpoint");
+        auto keyspace = req->get_query_param("keyspace");
+        auto table = req->get_query_param("table");
+        auto bucket = req->get_query_param("bucket");
+        auto prefix = req->get_query_param("prefix");
+        auto snapshot_name = req->get_query_param("snapshot");
+        if (snapshot_name.empty()) {
+            // TODO: If missing, snapshot should be taken by scylla, then removed
+            throw httpd::bad_param_exception("The snapshot name must be specified");
+        }
+
+        auto& ctl = snap_ctl.local();
+        auto task_id = co_await ctl.start_backup(std::move(endpoint), std::move(bucket), std::move(prefix), std::move(keyspace), std::move(table), std::move(snapshot_name));
+        co_return json::json_return_type(fmt::to_string(task_id));
+    });
+
     cf::get_true_snapshots_size.set(r, [&snap_ctl] (std::unique_ptr<http::request> req) {
         auto [ks, cf] = parse_fully_qualified_cf_name(req->get_path_param("name"));
         return snap_ctl.local().true_snapshots_size(std::move(ks), std::move(cf)).then([] (int64_t res) {
@@ -1811,6 +1817,7 @@ void unset_snapshot(http_context& ctx, routes& r) {
     ss::del_snapshot.unset(r);
     ss::true_snapshots_size.unset(r);
     ss::scrub.unset(r);
+    ss::start_backup.unset(r);
     cf::get_true_snapshots_size.unset(r);
     cf::get_all_true_snapshots_size.unset(r);
 }

api/storage_service.hh

@@ -12,9 +12,9 @@
 #include <seastar/json/json_elements.hh>
 #include "api/api_init.hh"
 #include "db/data_listeners.hh"
+#include "compaction/compaction_descriptor.hh"
 
 namespace cql_transport { class controller; }
-class thrift_controller;
 namespace db {
 class snapshot_ctl;
 namespace view {
@@ -80,10 +80,12 @@ void set_repair(http_context& ctx, httpd::routes& r, sharded<repair_service>& re
 void unset_repair(http_context& ctx, httpd::routes& r);
 void set_transport_controller(http_context& ctx, httpd::routes& r, cql_transport::controller& ctl);
 void unset_transport_controller(http_context& ctx, httpd::routes& r);
-void set_rpc_controller(http_context& ctx, httpd::routes& r, thrift_controller& ctl);
-void unset_rpc_controller(http_context& ctx, httpd::routes& r);
+void set_thrift_controller(http_context& ctx, httpd::routes& r);
+void unset_thrift_controller(http_context& ctx, httpd::routes& r);
 void set_snapshot(http_context& ctx, httpd::routes& r, sharded<db::snapshot_ctl>& snap_ctl);
 void unset_snapshot(http_context& ctx, httpd::routes& r);
+void set_load_meter(http_context& ctx, httpd::routes& r, service::load_meter& lm);
+void unset_load_meter(http_context& ctx, httpd::routes& r);
 seastar::future<json::json_return_type> run_toppartitions_query(db::toppartitions_query& q, http_context &ctx, bool legacy_request = false);
 
 } // namespace api

api/system.cc

@@ -10,6 +10,7 @@
 #include "api/api-doc/system.json.hh"
 #include "api/api-doc/metrics.json.hh"
 #include "replica/database.hh"
+#include "db/sstables-format-selector.hh"
 
 #include <rapidjson/document.h>
 #include <seastar/core/reactor.hh>
@@ -19,7 +20,7 @@
 #include <seastar/util/short_streams.hh>
 #include <seastar/http/short_streams.hh>
 
-#include "log.hh"
+#include "utils/log.hh"
 
 extern logging::logger apilog;
 
@@ -184,4 +185,16 @@ void set_system(http_context& ctx, routes& r) {
     }) ;
 }
 
+void set_format_selector(http_context& ctx, routes& r, db::sstables_format_selector& sel) {
+    hs::get_highest_supported_sstable_version.set(r, [&sel] (std::unique_ptr<request> req) {
+        return smp::submit_to(0, [&sel] {
+            return make_ready_future<json::json_return_type>(seastar::to_sstring(sel.selected_format()));
+        });
+    });
+}
+
+void unset_format_selector(http_context& ctx, routes& r) {
+    hs::get_highest_supported_sstable_version.unset(r);
+}
+
 }

api/system.hh

@@ -8,10 +8,18 @@
 
 #pragma once
 
-#include "api.hh"
+namespace seastar::httpd {
+class routes;
+}
+
+namespace db { class sstables_format_selector; }
 
 namespace api {
 
-void set_system(http_context& ctx, httpd::routes& r);
+struct http_context;
+void set_system(http_context& ctx, seastar::httpd::routes& r);
+
+void set_format_selector(http_context& ctx, seastar::httpd::routes& r, db::sstables_format_selector& sel);
+void unset_format_selector(http_context& ctx, seastar::httpd::routes& r);
 
 }

api/task_manager.cc

@@ -7,15 +7,17 @@
  */
 
 #include <seastar/core/coroutine.hh>
+#include <seastar/coroutine/exception.hh>
 #include <seastar/http/exception.hh>
 
 #include "task_manager.hh"
 #include "api/api.hh"
 #include "api/api-doc/task_manager.json.hh"
 #include "db/system_keyspace.hh"
+#include "tasks/task_handler.hh"
+#include "utils/overloaded_functor.hh"
 
 #include <utility>
-#include <boost/range/adaptors.hpp>
 
 namespace api {
 
@@ -23,233 +25,182 @@ namespace tm = httpd::task_manager_json;
 using namespace json;
 using namespace seastar::httpd;
 
-inline bool filter_tasks(tasks::task_manager::task_ptr task, std::unordered_map<sstring, sstring>& query_params) {
-    return (!query_params.contains("keyspace") || query_params["keyspace"] == task->get_status().keyspace) &&
-        (!query_params.contains("table") || query_params["table"] == task->get_status().table);
-}
-
-struct full_task_status {
-    tasks::task_manager::task::status task_status;
-    std::string type;
-    tasks::task_manager::task::progress progress;
-    std::string module;
-    tasks::task_id parent_id;
-    tasks::is_abortable abortable;
-    std::vector<std::string> children_ids;
-};
-
-struct task_stats {
-    task_stats(tasks::task_manager::task_ptr task)
-        : task_id(task->id().to_sstring())
-        , state(task->get_status().state)
-        , type(task->type())
-        , scope(task->get_status().scope)
-        , keyspace(task->get_status().keyspace)
-        , table(task->get_status().table)
-        , entity(task->get_status().entity)
-        , sequence_number(task->get_status().sequence_number)
-    { }
-
-    sstring task_id;
-    tasks::task_manager::task_state state;
-    std::string type;
-    std::string scope;
-    std::string keyspace;
-    std::string table;
-    std::string entity;
-    uint64_t sequence_number;
-};
-
-tm::task_status make_status(full_task_status status) {
-    auto start_time = db_clock::to_time_t(status.task_status.start_time);
-    auto end_time = db_clock::to_time_t(status.task_status.end_time);
+tm::task_status make_status(tasks::task_status status) {
+    auto start_time = db_clock::to_time_t(status.start_time);
+    auto end_time = db_clock::to_time_t(status.end_time);
     ::tm st, et;
     ::gmtime_r(&end_time, &et);
     ::gmtime_r(&start_time, &st);
 
+    std::vector<tm::task_identity> tis{status.children.size()};
+    std::ranges::transform(status.children, tis.begin(), [] (const auto& child) {
+        tm::task_identity ident;
+        ident.task_id = child.task_id.to_sstring();
+        ident.node = fmt::format("{}", child.node);
+        return ident;
+    });
+
     tm::task_status res{};
-    res.id = status.task_status.id.to_sstring();
+    res.id = status.task_id.to_sstring();
     res.type = status.type;
-    res.scope = status.task_status.scope;
-    res.state = status.task_status.state;
-    res.is_abortable = bool(status.abortable);
+    res.kind = status.kind;
+    res.scope = status.scope;
+    res.state = status.state;
+    res.is_abortable = bool(status.is_abortable);
     res.start_time = st;
     res.end_time = et;
-    res.error = status.task_status.error;
-    res.parent_id = status.parent_id.to_sstring();
-    res.sequence_number = status.task_status.sequence_number;
-    res.shard = status.task_status.shard;
-    res.keyspace = status.task_status.keyspace;
-    res.table = status.task_status.table;
-    res.entity = status.task_status.entity;
-    res.progress_units = status.task_status.progress_units;
+    res.error = status.error;
+    res.parent_id = status.parent_id ? status.parent_id.to_sstring() : "none";
+    res.sequence_number = status.sequence_number;
+    res.shard = status.shard;
+    res.keyspace = status.keyspace;
+    res.table = status.table;
+    res.entity = status.entity;
+    res.progress_units = status.progress_units;
     res.progress_total = status.progress.total;
     res.progress_completed = status.progress.completed;
-    res.children_ids = std::move(status.children_ids);
+    res.children_ids = std::move(tis);
     return res;
 }
 
-future<full_task_status> retrieve_status(const tasks::task_manager::foreign_task_ptr& task) {
-    if (task.get() == nullptr) {
-        co_return coroutine::return_exception(httpd::bad_param_exception("Task not found"));
-    }
-    auto progress = co_await task->get_progress();
-    full_task_status s;
-    s.task_status = task->get_status();
-    s.type = task->type();
-    s.parent_id = task->get_parent_id();
-    s.abortable = task->is_abortable();
-    s.module = task->get_module_name();
-    s.progress.completed = progress.completed;
-    s.progress.total = progress.total;
-    std::vector<std::string> ct{task->get_children().size()};
-    boost::transform(task->get_children(), ct.begin(), [] (const auto& child) {
-        return child->id().to_sstring();
-    });
-    s.children_ids = std::move(ct);
-    co_return s;
+tm::task_stats make_stats(tasks::task_stats stats) {
+    tm::task_stats res{};
+    res.task_id = stats.task_id.to_sstring();
+    res.type = stats.type;
+    res.kind = stats.kind;
+    res.scope = stats.scope;
+    res.state = stats.state;
+    res.sequence_number = stats.sequence_number;
+    res.keyspace = stats.keyspace;
+    res.table = stats.table;
+    res.entity = stats.entity;
+    return res;
 }
 
 void set_task_manager(http_context& ctx, routes& r, sharded<tasks::task_manager>& tm, db::config& cfg) {
     tm::get_modules.set(r, [&tm] (std::unique_ptr<http::request> req) -> future<json::json_return_type> {
-        std::vector<std::string> v = boost::copy_range<std::vector<std::string>>(tm.local().get_modules() | boost::adaptors::map_keys);
+        std::vector<std::string> v = tm.local().get_modules() | std::views::keys | std::ranges::to<std::vector>();
         co_return v;
     });
 
     tm::get_tasks.set(r, [&tm] (std::unique_ptr<http::request> req) -> future<json::json_return_type> {
-        using chunked_stats = utils::chunked_vector<task_stats>;
+        using chunked_stats = utils::chunked_vector<tasks::task_stats>;
         auto internal = tasks::is_internal{req_param<bool>(*req, "internal", false)};
         std::vector<chunked_stats> res = co_await tm.map([&req, internal] (tasks::task_manager& tm) {
-            chunked_stats local_res;
             tasks::task_manager::module_ptr module;
+            std::optional<std::string> keyspace = std::nullopt;
+            std::optional<std::string> table = std::nullopt;
             try {
                 module = tm.find_module(req->get_path_param("module"));
             } catch (...) {
                 throw bad_param_exception(fmt::format("{}", std::current_exception()));
             }
-            const auto& filtered_tasks = module->get_tasks() | boost::adaptors::filtered([&params = req->query_parameters, internal] (const auto& task) {
-                return (internal || !task.second->is_internal()) && filter_tasks(task.second, params);
-            });
-            for (auto& [task_id, task] : filtered_tasks) {
-                local_res.push_back(task_stats{task});
+
+            if (auto it = req->query_parameters.find("keyspace"); it != req->query_parameters.end()) {
+                keyspace = it->second;
             }
-            return local_res;
+            if (auto it = req->query_parameters.find("table"); it != req->query_parameters.end()) {
+                table = it->second;
+            }
+
+            return module->get_stats(internal, [keyspace = std::move(keyspace), table = std::move(table)] (std::string& ks, std::string& t) {
+                return (!keyspace || keyspace == ks) && (!table || table == t);
+            });
         });
 
         std::function<future<>(output_stream<char>&&)> f = [r = std::move(res)] (output_stream<char>&& os) -> future<> {
             auto s = std::move(os);
-            auto res = std::move(r);
-            co_await s.write("[");
-            std::string delim = "";
-            for (auto& v: res) {
-                for (auto& stats: v) {
-                    co_await s.write(std::exchange(delim, ", "));
-                    tm::task_stats ts;
-                    ts = stats;
-                    co_await formatter::write(s, ts);
+            std::exception_ptr ex;
+            try {
+                auto res = std::move(r);
+                co_await s.write("[");
+                std::string delim = "";
+                for (auto& v: res) {
+                    for (auto& stats: v) {
+                        co_await s.write(std::exchange(delim, ", "));
+                        tm::task_stats ts = make_stats(stats);
+                        co_await formatter::write(s, ts);
+                    }
                 }
+                co_await s.write("]");
+                co_await s.flush();
+            } catch (...) {
+                ex = std::current_exception();
             }
-            co_await s.write("]");
             co_await s.close();
+            if (ex) {
+                co_await coroutine::return_exception_ptr(std::move(ex));
+            }
         };
         co_return std::move(f);
     });
 
     tm::get_task_status.set(r, [&tm] (std::unique_ptr<http::request> req) -> future<json::json_return_type> {
         auto id = tasks::task_id{utils::UUID{req->get_path_param("task_id")}};
-        tasks::task_manager::foreign_task_ptr task;
+        tasks::task_status status;
         try {
-            task = co_await tasks::task_manager::invoke_on_task(tm, id, std::function([] (tasks::task_manager::task_ptr task) -> future<tasks::task_manager::foreign_task_ptr> {
-                if (task->is_complete()) {
-                    task->unregister_task();
-                }
-                co_return std::move(task);
-            }));
+            auto task = tasks::task_handler{tm.local(), id};
+            status = co_await task.get_status();
         } catch (tasks::task_manager::task_not_found& e) {
             throw bad_param_exception(e.what());
         }
-        auto s = co_await retrieve_status(task);
-        co_return make_status(s);
+        co_return make_status(status);
     });
 
     tm::abort_task.set(r, [&tm] (std::unique_ptr<http::request> req) -> future<json::json_return_type> {
         auto id = tasks::task_id{utils::UUID{req->get_path_param("task_id")}};
         try {
-            co_await tasks::task_manager::invoke_on_task(tm, id, [] (tasks::task_manager::task_ptr task) -> future<> {
-                if (!task->is_abortable()) {
-                    co_await coroutine::return_exception(std::runtime_error("Requested task cannot be aborted"));
-                }
-                co_await task->abort();
-            });
+            auto task = tasks::task_handler{tm.local(), id};
+            co_await task.abort();
         } catch (tasks::task_manager::task_not_found& e) {
             throw bad_param_exception(e.what());
+        } catch (tasks::task_not_abortable& e) {
+            throw httpd::base_exception{e.what(), http::reply::status_type::forbidden};
         }
         co_return json_void();
     });
 
     tm::wait_task.set(r, [&tm] (std::unique_ptr<http::request> req) -> future<json::json_return_type> {
         auto id = tasks::task_id{utils::UUID{req->get_path_param("task_id")}};
-        tasks::task_manager::foreign_task_ptr task;
+        tasks::task_status status;
+        std::optional<std::chrono::seconds> timeout = std::nullopt;
+        if (auto it = req->query_parameters.find("timeout"); it != req->query_parameters.end()) {
+            timeout = std::chrono::seconds(boost::lexical_cast<uint32_t>(it->second));
+        }
         try {
-            task = co_await tasks::task_manager::invoke_on_task(tm, id, std::function([] (tasks::task_manager::task_ptr task) {
-                return task->done().then_wrapped([task] (auto f) {
-                    task->unregister_task();
-                    // done() is called only because we want the task to be complete before getting its status.
-                    // The future should be ignored here as the result does not matter.
-                    f.ignore_ready_future();
-                    return make_foreign(task);
-                });
-            }));
+            auto task = tasks::task_handler{tm.local(), id};
+            status = co_await task.wait_for_task(timeout);
         } catch (tasks::task_manager::task_not_found& e) {
             throw bad_param_exception(e.what());
+        } catch (timed_out_error& e) {
+            throw httpd::base_exception{e.what(), http::reply::status_type::request_timeout};
         }
-        auto s = co_await retrieve_status(task);
-        co_return make_status(s);
+        co_return make_status(status);
     });
 
     tm::get_task_status_recursively.set(r, [&_tm = tm] (std::unique_ptr<http::request> req) -> future<json::json_return_type> {
         auto& tm = _tm;
         auto id = tasks::task_id{utils::UUID{req->get_path_param("task_id")}};
-        std::queue<tasks::task_manager::foreign_task_ptr> q;
-        utils::chunked_vector<full_task_status> res;
-
-        tasks::task_manager::foreign_task_ptr task;
         try {
-            // Get requested task.
-            task = co_await tasks::task_manager::invoke_on_task(tm, id, std::function([] (tasks::task_manager::task_ptr task) -> future<tasks::task_manager::foreign_task_ptr> {
-                if (task->is_complete()) {
-                    task->unregister_task();
+            auto task = tasks::task_handler{tm.local(), id};
+            auto res = co_await task.get_status_recursively(true);
+
+            std::function<future<>(output_stream<char>&&)> f = [r = std::move(res)] (output_stream<char>&& os) -> future<> {
+                auto s = std::move(os);
+                auto res = std::move(r);
+                co_await s.write("[");
+                std::string delim = "";
+                for (auto& status: res) {
+                    co_await s.write(std::exchange(delim, ", "));
+                    co_await formatter::write(s, make_status(status));
                 }
-                co_return task;
-            }));
+                co_await s.write("]");
+                co_await s.close();
+            };
+            co_return f;
         } catch (tasks::task_manager::task_not_found& e) {
             throw bad_param_exception(e.what());
         }
-
-        // Push children's statuses in BFS order.
-        q.push(co_await task.copy());   // Task cannot be moved since we need it to be alive during whole loop execution.
-        while (!q.empty()) {
-            auto& current = q.front();
-            res.push_back(co_await retrieve_status(current));
-            for (auto& child: current->get_children()) {
-                q.push(co_await child.copy());
-            }
-            q.pop();
-        }
-
-        std::function<future<>(output_stream<char>&&)> f = [r = std::move(res)] (output_stream<char>&& os) -> future<> {
-            auto s = std::move(os);
-            auto res = std::move(r);
-            co_await s.write("[");
-            std::string delim = "";
-            for (auto& status: res) {
-                co_await s.write(std::exchange(delim, ", "));
-                co_await formatter::write(s, make_status(status));
-            }
-            co_await s.write("]");
-            co_await s.close();
-        };
-        co_return f;
     });
 
     tm::get_and_update_ttl.set(r, [&cfg] (std::unique_ptr<http::request> req) -> future<json::json_return_type> {
@@ -261,6 +212,11 @@ void set_task_manager(http_context& ctx, routes& r, sharded<tasks::task_manager>
         }
         co_return json::json_return_type(ttl);
     });
+
+    tm::get_ttl.set(r, [&cfg] (std::unique_ptr<http::request> req) -> future<json::json_return_type> {
+        uint32_t ttl = cfg.task_ttl_seconds();
+        co_return json::json_return_type(ttl);
+    });
 }
 
 void unset_task_manager(http_context& ctx, routes& r) {
@@ -271,6 +227,7 @@ void unset_task_manager(http_context& ctx, routes& r) {
     tm::wait_task.unset(r);
     tm::get_task_status_recursively.unset(r);
     tm::get_and_update_ttl.unset(r);
+    tm::get_ttl.unset(r);
 }
 
 }

api/task_manager_test.cc

@@ -13,6 +13,7 @@
 #include "task_manager_test.hh"
 #include "api/api-doc/task_manager_test.json.hh"
 #include "tasks/test_module.hh"
+#include "utils/overloaded_functor.hh"
 
 namespace api {
 
@@ -61,8 +62,8 @@ void set_task_manager_test(http_context& ctx, routes& r, sharded<tasks::task_man
         auto module = tms.local().find_module("test");
         id = co_await module->make_task<tasks::test_task_impl>(shard, id, keyspace, table, entity, data);
         co_await tms.invoke_on(shard, [id] (tasks::task_manager& tm) {
-            auto it = tm.get_all_tasks().find(id);
-            if (it != tm.get_all_tasks().end()) {
+            auto it = tm.get_local_tasks().find(id);
+            if (it != tm.get_local_tasks().end()) {
                 it->second->start();
             }
         });
@@ -72,9 +73,16 @@ void set_task_manager_test(http_context& ctx, routes& r, sharded<tasks::task_man
     tmt::unregister_test_task.set(r, [&tm] (std::unique_ptr<http::request> req) -> future<json::json_return_type> {
         auto id = tasks::task_id{utils::UUID{req->query_parameters["task_id"]}};
         try {
-            co_await tasks::task_manager::invoke_on_task(tm, id, [] (tasks::task_manager::task_ptr task) -> future<> {
-                tasks::test_task test_task{task};
-                co_await test_task.unregister_task();
+            co_await tasks::task_manager::invoke_on_task(tm, id, [] (tasks::task_manager::task_variant task_v) -> future<> {
+                return std::visit(overloaded_functor{
+                    [] (tasks::task_manager::task_ptr task) -> future<> {
+                        tasks::test_task test_task{task};
+                        co_await test_task.unregister_task();
+                    },
+                    [] (tasks::task_manager::virtual_task_ptr task) {
+                        return make_ready_future();
+                    }
+                }, task_v);
             });
         } catch (tasks::task_manager::task_not_found& e) {
             throw bad_param_exception(e.what());
@@ -89,14 +97,20 @@ void set_task_manager_test(http_context& ctx, routes& r, sharded<tasks::task_man
         std::string error = fail ? it->second : "";
 
         try {
-            co_await tasks::task_manager::invoke_on_task(tm, id, [fail, error = std::move(error)] (tasks::task_manager::task_ptr task) {
-                tasks::test_task test_task{task};
-                if (fail) {
-                    test_task.finish_failed(std::make_exception_ptr(std::runtime_error(error)));
-                } else {
-                    test_task.finish();
-                }
-                return make_ready_future<>();
+            co_await tasks::task_manager::invoke_on_task(tm, id, [fail, error = std::move(error)] (tasks::task_manager::task_variant task_v) -> future<> {
+                return std::visit(overloaded_functor{
+                    [fail, error = std::move(error)] (tasks::task_manager::task_ptr task) -> future<> {
+                        tasks::test_task test_task{task};
+                        if (fail) {
+                            co_await test_task.finish_failed(std::make_exception_ptr(std::runtime_error(error)));
+                        } else {
+                            co_await test_task.finish();
+                        }
+                    },
+                    [] (tasks::task_manager::virtual_task_ptr task) {
+                        return make_ready_future();
+                    }
+                }, task_v);
             });
         } catch (tasks::task_manager::task_not_found& e) {
             throw bad_param_exception(e.what());

api/task_manager_test.hh

@@ -11,16 +11,19 @@
 #pragma once
 
 #include <seastar/core/sharded.hh>
-#include "api.hh"
 
 namespace tasks {
 class task_manager;
 }
 
-namespace api {
+namespace seastar::httpd {
+class routes;
+}
 
-void set_task_manager_test(http_context& ctx, httpd::routes& r, sharded<tasks::task_manager>& tm);
-void unset_task_manager_test(http_context& ctx, httpd::routes& r);
+namespace api {
+struct http_context;
+void set_task_manager_test(http_context& ctx, seastar::httpd::routes& r, seastar::sharded<tasks::task_manager>& tm);
+void unset_task_manager_test(http_context& ctx, seastar::httpd::routes& r);
 
 }
 

api/tasks.cc

@@ -16,6 +16,7 @@
 #include "compaction/task_manager_module.hh"
 #include "service/storage_service.hh"
 #include "tasks/task_manager.hh"
+#include "replica/database.hh"
 
 using namespace seastar::httpd;
 

api/tasks.hh

@@ -8,11 +8,20 @@
 
 #pragma once
 
-#include "api.hh"
-#include "db/config.hh"
+#include <seastar/core/sharded.hh>
+#include "db/snapshot-ctl.hh"
+
+namespace seastar::httpd {
+class routes;
+}
+
+namespace service {
+class storage_service;
+}
 
 namespace api {
 
+struct http_context;
 void set_tasks_compaction_module(http_context& ctx, httpd::routes& r, sharded<service::storage_service>& ss, sharded<db::snapshot_ctl>& snap_ctl);
 void unset_tasks_compaction_module(http_context& ctx, httpd::routes& r);
 

api/token_metadata.cc

@@ -21,6 +21,9 @@ using namespace json;
 void set_token_metadata(http_context& ctx, routes& r, sharded<locator::shared_token_metadata>& tm) {
     ss::local_hostid.set(r, [&tm](std::unique_ptr<http::request> req) {
         auto id = tm.local().get()->get_my_id();
+        if (!bool(id)) {
+            throw not_found_exception("local host ID is not yet set");
+        }
         return make_ready_future<json::json_return_type>(id.to_sstring());
     });
 
@@ -68,7 +71,7 @@ void set_token_metadata(http_context& ctx, routes& r, sharded<locator::shared_to
 
     ss::get_host_id_map.set(r, [&tm](const_req req) {
         std::vector<ss::mapper> res;
-        return map_to_key_value(tm.local().get()->get_endpoint_to_host_id_map_for_reading(), res);
+        return map_to_key_value(tm.local().get()->get_endpoint_to_host_id_map(), res);
     });
 
     static auto host_or_broadcast = [&tm](const_req req) {

api/token_metadata.hh

@@ -9,13 +9,16 @@
 #pragma once
 
 #include <seastar/core/sharded.hh>
-#include "api/api_init.hh"
+
+namespace seastar::httpd {
+class routes;
+}
 
 namespace locator { class shared_token_metadata; }
 
 namespace api {
-
-void set_token_metadata(http_context& ctx, httpd::routes& r, sharded<locator::shared_token_metadata>& tm);
-void unset_token_metadata(http_context& ctx, httpd::routes& r);
+struct http_context;
+void set_token_metadata(http_context& ctx, seastar::httpd::routes& r, seastar::sharded<locator::shared_token_metadata>& tm);
+void unset_token_metadata(http_context& ctx, seastar::httpd::routes& r);
 
 }

auth/allow_all_authenticator.hh

@@ -59,15 +59,15 @@ public:
         return make_ready_future<authenticated_user>(anonymous_user());
     }
 
-    virtual future<> create(std::string_view, const authentication_options& options) override {
+    virtual future<> create(std::string_view, const authentication_options& options, ::service::group0_batch&) override {
         return make_ready_future();
     }
 
-    virtual future<> alter(std::string_view, const authentication_options& options) override {
+    virtual future<> alter(std::string_view, const authentication_options& options, ::service::group0_batch&) override {
         return make_ready_future();
     }
 
-    virtual future<> drop(std::string_view) override {
+    virtual future<> drop(std::string_view, ::service::group0_batch&) override {
         return make_ready_future();
     }
 

auth/allow_all_authorizer.hh

@@ -9,6 +9,7 @@
 #pragma once
 
 #include "auth/authorizer.hh"
+#include <seastar/core/future.hh>
 
 namespace cql3 {
 class query_processor;
@@ -44,12 +45,12 @@ public:
         return make_ready_future<permission_set>(permissions::ALL);
     }
 
-    virtual future<> grant(std::string_view, permission_set, const resource&) override {
+    virtual future<> grant(std::string_view, permission_set, const resource&, ::service::group0_batch&) override {
         return make_exception_future<>(
                 unsupported_authorization_operation("GRANT operation is not supported by AllowAllAuthorizer"));
     }
 
-    virtual future<> revoke(std::string_view, permission_set, const resource&) override {
+    virtual future<> revoke(std::string_view, permission_set, const resource&, ::service::group0_batch&) override {
         return make_exception_future<>(
                 unsupported_authorization_operation("REVOKE operation is not supported by AllowAllAuthorizer"));
     }
@@ -60,14 +61,12 @@ public:
                         "LIST PERMISSIONS operation is not supported by AllowAllAuthorizer"));
     }
 
-    virtual future<> revoke_all(std::string_view) override {
-        return make_exception_future(
-                unsupported_authorization_operation("REVOKE operation is not supported by AllowAllAuthorizer"));
+    virtual future<> revoke_all(std::string_view, ::service::group0_batch&) override {
+        return make_ready_future();
     }
 
-    virtual future<> revoke_all(const resource&) override {
-        return make_exception_future(
-                unsupported_authorization_operation("REVOKE operation is not supported by AllowAllAuthorizer"));
+    virtual future<> revoke_all(const resource&, ::service::group0_batch&) override {
+        return make_ready_future();
     }
 
     virtual const resource_set& protected_resources() const override {

auth/authentication_options.hh

@@ -12,6 +12,7 @@
 #include <stdexcept>
 #include <unordered_map>
 #include <unordered_set>
+#include <variant>
 
 #include <seastar/core/print.hh>
 #include <seastar/core/sstring.hh>
@@ -22,29 +23,10 @@ namespace auth {
 
 enum class authentication_option {
     password,
+    hashed_password,
     options
 };
 
-using authentication_option_set = std::unordered_set<authentication_option>;
-
-using custom_options = std::unordered_map<sstring, sstring>;
-
-struct authentication_options final {
-    std::optional<sstring> password;
-    std::optional<custom_options> options;
-};
-
-inline bool any_authentication_options(const authentication_options& aos) noexcept {
-    return aos.password || aos.options;
-}
-
-class unsupported_authentication_option : public std::invalid_argument {
-public:
-    explicit unsupported_authentication_option(authentication_option k)
-            : std::invalid_argument(format("The {} option is not supported.", k)) {
-    }
-};
-
 }
 
 template <>
@@ -55,9 +37,44 @@ struct fmt::formatter<auth::authentication_option> : fmt::formatter<string_view>
         switch (a) {
         case password:
             return formatter<string_view>::format("PASSWORD", ctx);
+        case hashed_password:
+            return formatter<string_view>::format("HASHED PASSWORD", ctx);
         case options:
             return formatter<string_view>::format("OPTIONS", ctx);
         }
         std::abort();
     }
 };
+
+namespace auth {
+
+using authentication_option_set = std::unordered_set<authentication_option>;
+
+using custom_options = std::unordered_map<sstring, sstring>;
+
+struct password_option {
+    sstring password;
+};
+
+/// Used exclusively for restoring roles.
+struct hashed_password_option {
+    sstring hashed_password;
+};
+
+struct authentication_options final {
+    std::optional<std::variant<password_option, hashed_password_option>> credentials;
+    std::optional<custom_options> options;
+};
+
+inline bool any_authentication_options(const authentication_options& aos) noexcept {
+    return aos.options || aos.credentials;
+}
+
+class unsupported_authentication_option : public std::invalid_argument {
+public:
+    explicit unsupported_authentication_option(authentication_option k)
+            : std::invalid_argument(format("The {} option is not supported.", k)) {
+    }
+};
+
+}

auth/authenticator.hh

@@ -16,15 +16,15 @@
 #include <optional>
 #include <functional>
 
-#include <seastar/core/enum.hh>
 #include <seastar/core/future.hh>
 #include <seastar/core/sstring.hh>
-#include <seastar/core/shared_ptr.hh>
 
 #include "auth/authentication_options.hh"
 #include "auth/resource.hh"
 #include "auth/sasl_challenge.hh"
 
+#include "service/raft/raft_group0_client.hh"
+
 namespace db {
     class config;
 }
@@ -43,6 +43,11 @@ struct certificate_info {
 
 using session_dn_func = std::function<future<std::optional<certificate_info>>()>;
 
+class unsupported_authentication_operation : public std::invalid_argument {
+public:
+    using std::invalid_argument::invalid_argument;
+};
+
 ///
 /// Abstract client for authenticating role identity.
 ///
@@ -106,7 +111,7 @@ public:
     ///
     /// The options provided must be a subset of `supported_options()`.
     ///
-    virtual future<> create(std::string_view role_name, const authentication_options& options) = 0;
+    virtual future<> create(std::string_view role_name, const authentication_options& options, ::service::group0_batch& mc) = 0;
 
     ///
     /// Alter the authentication record of an existing user.
@@ -115,12 +120,12 @@ public:
     ///
     /// Callers must ensure that the specification of `alterable_options()` is adhered to.
     ///
-    virtual future<> alter(std::string_view role_name, const authentication_options& options) = 0;
+    virtual future<> alter(std::string_view role_name, const authentication_options& options, ::service::group0_batch& mc) = 0;
 
     ///
     /// Delete the authentication record for a user. This will disallow the user from logging in.
     ///
-    virtual future<> drop(std::string_view role_name) = 0;
+    virtual future<> drop(std::string_view role_name, ::service::group0_batch&) = 0;
 
     ///
     /// Query for custom options (those corresponding to \ref authentication_options::options).
@@ -129,6 +134,19 @@ public:
     ///
     virtual future<custom_options> query_custom_options(std::string_view role_name) const = 0;
 
+    virtual bool uses_password_hashes() const {
+        return false;
+    }
+
+    ///
+    /// Query the password hash corresponding to a given role.
+    ///
+    /// If the authenticator doesn't use password hashes, throws an `unsupported_authentication_operation` exception.
+    ///
+    virtual future<std::optional<sstring>> get_password_hash(std::string_view role_name) const {
+        return make_exception_future<std::optional<sstring>>(unsupported_authentication_operation("get_password_hash is not implemented"));
+    }
+
     ///
     /// System resources used internally as part of the implementation. These are made inaccessible to users.
     ///

auth/authorizer.hh

@@ -16,10 +16,10 @@
 #include <vector>
 
 #include <seastar/core/future.hh>
-#include <seastar/core/shared_ptr.hh>
 
 #include "auth/permission.hh"
 #include "auth/resource.hh"
+#include "service/raft/raft_group0_client.hh"
 #include "seastarx.hh"
 
 namespace auth {
@@ -81,14 +81,14 @@ public:
     ///
     /// \throws \ref unsupported_authorization_operation if granting permissions is not supported.
     ///
-    virtual future<> grant(std::string_view role_name, permission_set, const resource&) = 0;
+    virtual future<> grant(std::string_view role_name, permission_set, const resource&, ::service::group0_batch&) = 0;
 
     ///
     /// Revoke a set of permissions from a role for a particular \ref resource.
     ///
     /// \throws \ref unsupported_authorization_operation if revoking permissions is not supported.
     ///
-    virtual future<> revoke(std::string_view role_name, permission_set, const resource&) = 0;
+    virtual future<> revoke(std::string_view role_name, permission_set, const resource&, ::service::group0_batch&) = 0;
 
     ///
     /// Query for all directly granted permissions.
@@ -102,14 +102,14 @@ public:
     ///
     /// \throws \ref unsupported_authorization_operation if revoking permissions is not supported.
     ///
-    virtual future<> revoke_all(std::string_view role_name) = 0;
+    virtual future<> revoke_all(std::string_view role_name, ::service::group0_batch&) = 0;
 
     ///
     /// Revoke all permissions granted to any role for a particular resource.
     ///
     /// \throws \ref unsupported_authorization_operation if revoking permissions is not supported.
     ///
-    virtual future<> revoke_all(const resource&) = 0;
+    virtual future<> revoke_all(const resource&, ::service::group0_batch&) = 0;
 
     ///
     /// System resources used internally as part of the implementation. These are made inaccessible to users.

auth/certificate_authenticator.cc

@@ -9,7 +9,7 @@
 
 #include "auth/certificate_authenticator.hh"
 
-#include <regex>
+#include <boost/regex.hpp>
 #include <fmt/ranges.h>
 
 #include "utils/class_registrator.hh"
@@ -76,7 +76,7 @@ auth::certificate_authenticator::certificate_authenticator(cql3::query_processor
                     continue;
                 } catch (std::out_of_range&) {
                     // just fallthrough
-                } catch (std::regex_error&) {
+                } catch (boost::regex_error&) {
                     std::throw_with_nested(std::invalid_argument(fmt::format("Invalid query expression: {}", map.at(cfg_query_attr))));
                 }
             }
@@ -149,7 +149,7 @@ future<std::optional<auth::authenticated_user>> auth::certificate_authenticator:
             co_return username;
         }
     }
-    throw exceptions::authentication_exception(format("Subject '{}'/'{}' does not match any query expression", subject, altname));
+    throw exceptions::authentication_exception(seastar::format("Subject '{}'/'{}' does not match any query expression", subject, altname));
 }
 
 
@@ -157,16 +157,16 @@ future<auth::authenticated_user> auth::certificate_authenticator::authenticate(c
     throw exceptions::authentication_exception("Cannot authenticate using attribute map");
 }
 
-future<> auth::certificate_authenticator::create(std::string_view role_name, const authentication_options& options) {
+future<> auth::certificate_authenticator::create(std::string_view role_name, const authentication_options& options, ::service::group0_batch& mc) {
     // TODO: should we keep track of roles/enforce existence? Role manager should deal with this...
     co_return;
 }
 
-future<> auth::certificate_authenticator::alter(std::string_view role_name, const authentication_options& options) {
+future<> auth::certificate_authenticator::alter(std::string_view role_name, const authentication_options& options, ::service::group0_batch& mc) {
     co_return;
 }
 
-future<> auth::certificate_authenticator::drop(std::string_view role_name) {
+future<> auth::certificate_authenticator::drop(std::string_view role_name, ::service::group0_batch&) {
     co_return;
 }