HCD-63: Upgrade Netty to 4.1.117 and BoringSSL to 2.0.69 #1544
Conversation
Checklist before you submit for review
|
szymon-miezal
force-pushed
the
HCD-63
branch
2 times, most recently
from
acbda4f to
b683351
Compare
szymon-miezal
changed the title
szymon-miezal
changed the title
|
Approved. Perf tests reports show nothing out of the ordinary. The test failures Butler complains about are from previous SHA runs. The last remaining one fails in the same manner as al older run. I would be good to complete the checklist imo. |
szymon-miezal
force-pushed
the
HCD-63
branch
from
b683351 to
cc3553c
Compare
|
After giving it a bit more thought I think it doesn't make much sense to upgrade to non-latest. I am going to bump it to |
szymon-miezal
changed the title
|
Update: I am rerunning fallout tests after bumping to 4.1.117. |
|
The results seem comparable with the previous run on
Example chart: https://github.com/riptano/cndb/pull/12894 doesn't seem to expose any netty-specific test failures either. If there are no votes against it, I will merge it. |
|
Still LGTM +1 |
The primary motivation for this change is a bug that manifests in loading the cipher list for inter-node connections, which is slightly wider than the configured list. This bug appears to be a consequence of how OpenSSL handles cipher loading. Changing it doesn't seem feasible. Netty introduced changes to mitigate this misbehavior: - netty/netty#13810 - netty/netty#13840 To take advantage of these fixes, we need to upgrade Netty to at least version 4.1.108. Upgrading Netty also necessitates bumping BoringSSL.
szymon-miezal
force-pushed
the
HCD-63
branch
from
1c63053 to
f73aaa3
Compare
|
I force-pushed the branch to update the commit-description, and then I realized I didn't have to do it as in CC squash and merge is allowed and the message could be modified via GH. |
|
❌ Build ds-cassandra-pr-gate/PR-1544 rejected by Butler1 new test failure(s) in 7 builds Found 1 new test failures
Found 16 known test failures |
|
I don't see anything mentioned about checking the release notes, the bump is not really small and we should be very careful with updates of dependencies like netty in non-major update. |
The primary motivation for this change is a bug that manifests in loading
the cipher list for inter-node connections, which is slightly wider than the
configured list. This bug appears to be a consequence of how OpenSSL handles
cipher loading. Changing it doesn't seem feasible.
Netty introduced changes to mitigate this misbehavior:
To take advantage of these fixes, we need to upgrade Netty to at least
version 4.1.108. Upgrading Netty also necessitates bumping BoringSSL.
I have found some old CC tests in fallout that I decided to reuse to ensure the performance stays unchanged:
I have used the fallout perf tool to compare the results with
mainand they seem pretty comparable to me. Example chart:I am unsure whether there are other tests that exercise CC which could be reused.