From nobody Thu Apr 14 11:47:11 2022 X-Original-To: ports-bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id C3CF51B32E9E for ; Thu, 14 Apr 2022 11:47:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KfHkR2yRLz4QtK for ; Thu, 14 Apr 2022 11:47:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 458501FAF9 for ; Thu, 14 Apr 2022 11:47:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 23EBlBvf071037 for ; Thu, 14 Apr 2022 11:47:11 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 23EBlB8v071036 for ports-bugs@FreeBSD.org; Thu, 14 Apr 2022 11:47:11 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 263276] net/krill: Update to version 0.95 Date: Thu, 14 Apr 2022 11:47:11 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: jaap@NLnetLabs.nl X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ports-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform bug_file_loc op_sys bug_status bug_severity priority component assigned_to reporter flagtypes.name attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Ports bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-ports-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports-bugs@freebsd.org X-BeenThere: freebsd-ports-bugs@freebsd.org MIME-Version: 1.0 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1649936831; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=FmMQON+2RSVrHASo2smcGX0lQfDBqrNeMi5KMAoUEgc=; b=eNNq4xqWdODQ0fD8G4IfjVOxedKeGylfOBCBgY8LYG8M99sjtC39yneDOChjByWhkd4Gwy ewXNyb01h0VogzohIU4DHmCe8GooFtrIjkJdNhVC/6IpVvi1+JHoJhEEaLL+0nRZiLT221 7Q5qaK8sBNj+PjK7G5OvWPXA9IWsBYwUCYAZ1lEXB23fzYGbW5Etqovm8IKEfBcblTJe4/ ZC0bevfM1sR5SxuG7bUoX0Rl7KzEGrBJELKHuiD6nNTZrNQsTQMnM+jyW7f6fGezerSdQ1 k6o69EI6I9Q8URbG/lyshUyVlG4t5N7TOUZ3xTo+8cyD03rMb04CRso/1cU+HQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1649936831; a=rsa-sha256; cv=none; b=Esy3/aSj1DX687VqCXH9ABvQ4HGzEYB21gBKOO/MZRiDZwEO8MZeL0dnRgPcg20K1hBe4R 2AROXRUj2J5tonMnDBE9uXlmf/N7x+OQdxLKOQp6sfBAi/3J0ORIBjr1fjP+7qD6YnL8ca fe3Fx2bKCkUTquYUz95Ts76fR5oZCZzsCE3ZqPry9vn4e+dj+5ngF8z4TrO633kKkAcZru oFAa8fj5l7XuywacPuDZINIYeNM3OwhLFBZcygeac9GopDnLZdvRI/gIkXGdY4kymJGhG4 WCrOGqYvFTqgaX6Gd9foe1rb0XUCX7eSwFQBUu7nC8El1s+ak2Z9Kl32YBlnQg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D263276 Bug ID: 263276 Summary: net/krill: Update to version 0.95 Product: Ports & Packages Version: Latest Hardware: Any URL: https://github.com/NLnetLabs/krill/releases OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: jaap@NLnetLabs.nl Attachment #233212 maintainer-approval+ Flags: Created attachment 233212 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D233212&action= =3Dedit patch to upgrade his release is primarily intended to improve support for migrations of pre-0.9.0 installations. The upgrade code has been separated more cleanly into a step where the new 0.9.0 data structures are prepared in a new directory first, and a second step where this new data is made active and the old data is archived. Earlier versions of krill were performing data migrations in-place. If you simply upgrade krill and restart it, then it will automatically execute both steps. If the preparation step should fail, then the original data remains unchanged. You can then downgrade back to your previous krill version. This is in itself is an improvement over 0.9.4 and earlier, because for those versions you would have to make a back-up of your data first, and restore it in order to revert your upgrade. Furthermore, we have now added a new command line tool called 'krillup', which can be installed and upgraded separately to krill itself. This new tool can be used to execute the krill migration preparation step only. Meaning, you can install this tool on your server and do all the preparations, and only then upgrade krill. This has the following advantages: - The downtime for data migrations is reduced for servers with lots of data - If the preparation fails, there is no need to revert a krill update In addition to this we have also made some changes to the CA parent refresh logic. Krill CAs were checking their entitlements with their parents every 10 minutes, and this causes too much load on parent CAs with many children. There should be no need to check this often. CAs will now check every 24 to 36 hours, using a random spread. This will decrease the load on parent CAs significantly. Note that you can always force a 'parent refresh' sooner through the UI or command line (krillc bulk refresh). You may want to use this if your parent informs you through other channels that your resources have changed - e.g. you were allocated a new prefix. Secondly, because the next synchronisation time is now difficult to predict in the code that reports the parent status - it is now no longer shown in the UI/API. We may add this back in a future release. See issue #807. You can read more about this upgrade process [here](https://krill.docs.nlnetlabs.nl/en/latest/upgrade.html). In addition to this we added a few other quick fixes in this release: - Make RRDP session reset manual option #793 - Improve http connection error reporting #776 - Fix deserialization bug for CAs with children #774 - Connect to local parent directly #791 - Do not sign/validate RFC6492 messages to/from local parent #797 - Use per CA locking for CA statuses #795 - Decrease CA update frequency and use jitter to spread load #802 - Accept missing tag in RFC8181 #809 - Improve efficiency of connection status tracking #811 - Do not resync CAs with repo on startup if there are too many #818 The full list of changes can be found [here](https://github.com/NLnetLabs/krill/releases/tag/v0.9.5) --=20 You are receiving this mail because: You are the assignee for the bug.=