Software-update: CockroachDB 23.1.4 / 22.2.11

Het team achter CockroachDB heeft twee nieuwe versies uitgebracht met 23.1.4 en 22.2.11 als de versienummers. Dit is een opensourcedatabase die uitermate geschikt is voor cloudomgevingen en die verschillende opties voor het opvangen van problemen in de bijbehorende verspreide data biedt. Voor meer informatie verwijzen we naar deze pagina, waar de meest gestelde vragen worden beantwoord. De lijst met aanpassingen van deze uitgaves ziet er als volgt uit:

What's New in v23.1.4

Security updates

• The new sql.auth.createrole_allows_grant_role_membership.enabled cluster setting allows a user with the CREATEROLE role option to grant and revoke non-admin roles. This cluster setting defaults to false, but is expected to become the default behavior in the future. #104445

Enterprise edition changes

• Fixed an initialization race condition in changefeed schema feeds that could cause a node to crash with a null pointer exception. #104934

SQL language changes

• Users with MODIFYSQLCLUSTERSETTING can now view only sql.defaults cluster settings instead of all cluster settings. #104542

Operational changes

• The debug.zip archive now contains the files formerly located at nodes/*/ranges/*.json in one file per node, nodes/*/ranges.json. #104248
• The http-defaults and http-servers sections of the log config will now accept a headers field containing a map of key-value string pairs which will comprise custom HTTP headers appended to every request. Additionally, a compression value can now be set to gzip or none to select a compression method for the HTTP request body. By default, gzip is selected. Previous functionality did not compress by default. #104814

Command-line changes

• The new log config option buffering allows you to format buffer output as JSON arrays. This is useful for APIs that consume JSON arrays, such as the Datadog logs API. #104790

DB Console changes

• The tenant selection field is now visible only when a user is logged in to more than one non-system tenant. #104819
• The DB Console overview page now displays a warning when all nodes are running on a new version but the cluster upgrade has not been finalized. #104874
• The histogram window merge calculation now interpolates quantile values more accurately, and Metrics charts in the DB Console are smoother and more accurate. #104815

Bug fixes

• Fixed a bug where a transaction retry could miss job rows during the backfill of the Jobs table. #104757
• Fixed a bug where admin or root user privileges were erroneously required to use SHOW SYSTEM GRANTS. #104732
• Fixed a bug that prevented display of the column selector on the Jobs page. #104738
• Fixed a bug where an invalid split could crash and prevent restarts of nodes that hold a replica for the right-hand side. #104850
• Fixed the debug recover make-plan command to ignore partial range metadata when the metadata can't be fully read, and instead rely solely on replica info from storage to produce the recovery plan. #104774
• Fixed a metric bug that could cause volumes such as RAID logical volumes to be counted twice.#104806
• Fixed a bug in upstream etcd-io/raft which could cause an unlimited amount of log to be loaded into memory. This could cause a node to crash with an out-of-memory (OOM) exception. The log scan now has a limited memory footprint. #104968

What's New in v22.2.11

Security updates

• There is a new server.client_cert_expiration_cache.capacity cluster setting which, when set to a non-zero number, makes it so that the minimum time-until-expiration of the set of client certificates seen is stored (for every user). This setting can be used to ensure client cert expirations are exported as a metric (if set to zero, the metric security.certificate.expiration.client will have a value of zero). #104209

SQL language changes

• Added a new session variable allow_role_memberships_to_change_during_transaction which can be used to make the granting and revoking of role memberships faster at the cost of some isolation claims. By default, when granting or revoking a role from another role, CockroachDB waits for all transactions that are consulting the current set of role memberships to complete. This means that by the time the transaction which performed the grant or revoke operation returns successfully, the user has a proof that no ongoing transaction is relying on the state that existed prior to the change. The downside of this waiting is that it means that GRANT and REVOKE will take longer than the longest currently executing transaction. In some cases, users do not care about whether concurrent transactions will immediately see the side-effects of the operation, and would instead prefer that the grant or revoke finish rapidly. In order to aid in those cases, the session variable allow_role_memberships_to_change_during_transaction has been added. Now, the grant or revoke will only need to wait for the completion of statements in sessions which do not have this option set. One can set the option as enabled by default in all sessions in order to accelerate and grant and revoke role operations. #103847
• SHOW GRANTS now lists not just privileges explicitly granted to each role, but also roles which inherit from those. SHOW GRANTS ON ROLE statements no longer require any privileges, and also list implicit grantees. #104589
• Users with the MODIFYCLUSTERSETTING system-level privilege will no longer be able to view non sql.defaults.* settings if the cluster setting sql.full_modify_cluster_setting.enabled is set to false. #104231

Operational changes

• Added a new debug tool to allow for decrypting files in a store using encryption-at-rest. This tool is intended for use while debugging, or for providing debug artifacts to Cockroach Labs to aid with support investigations. It is intended to be run "in-situ" (i.e., on site), as it prevents having to move sensitive key material. #104091
• Added a new command that can be used by an operator to list the files present in the encryption-at-rest file registry. #104091
• Added a new metric leases.liveness that shows the number of liveness range leases per node (generally 1 or 0) to track the liveness range leaseholder. #104077
• The new a gauge metric sql.conns_waiting_to_hash counts the number of connection attempts that are being limited due to the number of concurrent password hashing operations. This behavior has been present since v21.2 to prevent password hashing from increasing CPU load. The metric is expected to be 0, or close to 0, in a healthy setup. If the metric is consistently high and connection latencies are high, then an operator should do one or more of the following:
  • Ensure applications using the cluster have properly configured connection pools.
  • Add more vCPU or more nodes to the cluster.
  • Increase the password hashing concurrency using the COCKROACH_MAX_PW_HASH_COMPUTE_CONCURRENCY environment variable. #104441
• CockroachDB now uses response data rather than just the request span in the load-based splitter to pass more accurate data about the keys iterated over to the load splitter to find a suitable split key, enabling the load splitter to find a split key under heavy range query workloads. #104563
• Added observability for when load-based splitting cannot find a key to indicate the reasons why the load splitter could not find a split key, enabling us to have more observability and insight to debug why a range is not splitting more easily. #104563

Command-line changes

• Failures during descriptor validity checks during cluster upgrades are now more detailed in redacted logs. #104048

DB Console changes

• The database details page now supports a large number of tables for a single database. Sorting will be disabled if more than 40 tables are present in a database. #103860
• Added metrics for merge queue failures and merge queue processing time to the Queue Processing Failures and Queue Processing Times charts on the Queues Dashboard. #104033
• Added more search criteria options to the SQL Activity page.
  • For Top: 1000, 5000, and 10000.
  • For By on the Statements tab: Last Execution Time, Max Memory, Network, Retries, Rows Processed.
  • For By on the Transactions tab: Max Memory, Network, Retries, Rows Processed. #104056
• Added a Created SQL Connections chart to the Metrics page and the SQL Dashboard. #104070
• Added a new link on the Range Status page that opens the Enqueue Ranges page with the node ID already filled in. #104099
• On the Active Executions table of the Transactions page, transaction status will be 'Idle' if the executing transaction is not currently executing a statement. Previously, it would have had a status of 'Executing'. #104333
• Added a warning to the DB Console overview page when all nodes are running on a new version of CockroachDB, but the cluster upgrade is not finalized. #104878

Bug fixes

• DROP ROLE now correctly returns the error code 2BP01 when the given role has been granted privileges on a schema. #103545
• Fixed a bug whereby disk space used by deleted and garbage collected data would not be reclaimed in a timely manner by the storage engine, especially when a store had low write workload. #103867
• Fixed a problem that could lead to erroneously refused lease transfers with the error message: "refusing to transfer lease to [...] because target may need a Raft snapshot: replica in StateProbe". #103877
• Fixed a bug where cockroach node status could incorrectly report nodes as is_live = false in v22.1/v22.2 mixed-version clusters. The bug still exists between v22.2 patch versions before and after v22.2.3. #103788
• Fixed a bug whereby running a debug command that manipulates a store (e.g., cockroach debug compact) without first terminating the node using the store could result in corruption of the node's store if encryption-at-rest was enabled. #103959
• Fixed a bug where SHOW DEFAULT PRIVILEGES did not work correctly if the database name or schema name being inspected had upper-case or special characters. #103951
• Fixed a bug that could cause queries with joins or subqueries to omit rows where column values are NULL in very rare cases. This bug was present since v20.2. #104073
• Fixed a bug that could cause goroutines to hang during SCRAM authentication. #104196
• Fixed a bug which could cause nodes in a CockroachDB cluster to terminate with the following message: server startup failed: cockroach server exited with error: <migration-job-find-already-completed›: key range id:X is unavailable: <failed to send RPC: no replica node information available via gossip for rX›. #104250
• Fixed a rare bug where stale multi-column table statistics could cause table statistics forecasts to be inaccurate, leading to non-optimal query plans. #104241
• Fixed a bug that caused incorrect results to return in cases where predicates on computed columns are derived when an ORed predicate on a column in the computed column expression is present. This bug only affects CockroachDB when the session setting optimizer_use_improved_computed_column_filters_derivation is true. This setting defaults to false in releases v22.1.10 and v23.1.2. This bug does not affect releases prior to v22.1.10 and v23.1.2. #104289
• Fixed a rare race condition that could allow large RESTOREs to fail with the error message unable to find store. #100957
• Fixed a bug which would cause CREATE FUNCTION (which uses the setval builtin function) to panic. #104408
• Fixed a Postgres wire protocol (pgwire) bug where CockroachDB would not ignore the messages that it should if there was an error while in the pgwire extended protocol. #104505
• The sys.cpu.combined.percent-normalized metric now uses GOMAXPROCS when calculating CPU utilization (if lower than the number of CPU shares). #104498
• Fixed an issue where admin or root user privileges were required to use SHOW SYSTEM GRANTS. #104735
• Fixed a bug where the column selector on the Jobs page was getting cut. #104737
• Fixed a bug that could prevent RESTORE from working if the backup had a refresh materialized view mutation in it. #103231
• Fixed a bug where CockroachDB was double-counting disk read/write bytes in disk metrics in volumes that were likely to be duplicated in reported disk counters, such as RAID logical vs physical volumes. #104807
• Fixed a bug where transient failures could occur during upgrades if a table/view were dropped while the internal upgrade step "upgrade sequences to be referenced by ID" was executing. #104903
• Fixed a bug in upstream etcd/raft which could result in pulling unlimited amounts of log into memory and lead to out-of-memory (OOM) situations. With the fix, the log scan has a limited memory footprint. #104956
• Fixed a bug where SQL queries could return unexpected errors when a SQL row was split across two ranges. This bug is resolved, as we now inspect the real keys, rather than just request keys to determine load-based split points. #104563
• Updated the DB Console to show more precision in small percentage values on the percentage bars. #105077
• Fixed a bug where SHOW BACKUP would fail to show a locality-aware backup that contained incremental backups. #103830

Performance improvements

• If the session setting transaction_rows_read_err is set to a non-zero value, we now ensure that any single scan never reads more than transaction_rows_read_err+1 rows. This prevents transactions that would error due to the transaction_rows_read_err setting from causing a large performance overhead due to large scans. For some queries in rare cases this change may end up disabling cross-range parallelism of the scan operation which can result in increased query latency. #104368