The fix to the bug where peer certificates were validated but not required
caused the default behavior to change. The default should've changed at
the same time the fix was made.
The password values are now masked with asterisks. This tells whether a
password is set or not but it does not expose any information about the
password itself.
Added new ssl_version value for TLSv1.3. This allows the list of accepted
protocol versions to be limited to all supported protocols. Previously
TLSv1.3 was only available with ssl_version=MAX.
Also fixed the enum value serialization to use a lowercase v. This causes
them to have the same value as the one used in the enum.
Previously when ssl_version was used with a value that is not supported on
the system, an unknown parameter error was returned. This could be
confusing and logging a proper error message should make it clear.
The hard limit of 10 seconds is too strict when taking into account the
fact that infinite refreshes was possible before the bug was fixed. This
also makes testing a lot easier where rapid reloads are necessary.
In MaxScale, a "deprecated" parameter is not in use and can be ignored.
Leaving the parameters out of serialized configuration files avoids warning
messages.
Reduced the default cache size from 40% to 15%. Most cases don't benefit
from that much memory and the defaults have caused problems in live
environments.
The new `force=yes` option closes all connections to the server that is
being put into maintenance mode. This will immediately close all open
connections to the server without allowing results to return.
The load_persisted_configs parameter now controls whether persisted
runtime changes are loaded on startup. The changes are still generated as
it persists the current state of MaxScale making problem analysis easier.
Always storing runtime configuration changes prevents problems when the
change causes another parameter to change. One example of this is
transaction_replay that implicitly enables other parameters.
The log message should now contain enough information to more easily debug
any configuration issues that result from updating the main config file
after runtime changes have been done.
Also fixed the theoretical race condition in detection of persisted
configuration files by only checking for their existence once.
All global parameters are now handled by the runtime configuration
modification code. The parameters that are trivial to update can now be
updated at runtime. All other global parameters cause a new error message
to be returned stating that the parameter in question cannot be modified
at runtime.
Also updated the list of modifiable parameters in MaxCtrl. This list
should not be stored in MaxCtrl and should be created by MaxScale at
runtime.
The old 'passwd' parameter is now converted to the 'password' parameter
and a warning about its deprecation is logged. This keeps the mandatory
parameter detection functional while still allowing old-style
configurations to be used.
This is currently disallowed for the server parameter, as the value could be
read/written concurrently. The monitor parameter can be changed since the
monitor is stopped during write.
This commit introduces the plumbing support for obtaining
classification information of a statement using the REST-API.
It introduces a URL like
/v1/maxscale/query_classifier/classify?sql=SELECT+1
that in the response will return a JSON object with the
information. Subsequent commits will provide the actual
information.
The cache size now refers to the total memory used by the cache instead of
the per thread limit. This makes it easier to use as well as more
predictable by removing the dependency on the number of worker threads.
The admin files are now created with 640 permissions and automatically
created directories now properly set the permissions for the group as
well. All files and directories created by avrorouter and binlogrouter
also now correctly limit the read and write permissions only to the owner
and the group.
