[Bug 263276] net/krill: Update to version 0.95
Date: Thu, 14 Apr 2022 11:47:11 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263276 Bug ID: 263276 Summary: net/krill: Update to version 0.95 Product: Ports & Packages Version: Latest Hardware: Any URL: https://github.com/NLnetLabs/krill/releases OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: jaap@NLnetLabs.nl Attachment #233212 maintainer-approval+ Flags: Created attachment 233212 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=233212&action=edit patch to upgrade his release is primarily intended to improve support for migrations of pre-0.9.0 installations. The upgrade code has been separated more cleanly into a step where the new 0.9.0 data structures are prepared in a new directory first, and a second step where this new data is made active and the old data is archived. Earlier versions of krill were performing data migrations in-place. If you simply upgrade krill and restart it, then it will automatically execute both steps. If the preparation step should fail, then the original data remains unchanged. You can then downgrade back to your previous krill version. This is in itself is an improvement over 0.9.4 and earlier, because for those versions you would have to make a back-up of your data first, and restore it in order to revert your upgrade. Furthermore, we have now added a new command line tool called 'krillup', which can be installed and upgraded separately to krill itself. This new tool can be used to execute the krill migration preparation step only. Meaning, you can install this tool on your server and do all the preparations, and only then upgrade krill. This has the following advantages: - The downtime for data migrations is reduced for servers with lots of data - If the preparation fails, there is no need to revert a krill update In addition to this we have also made some changes to the CA parent refresh logic. Krill CAs were checking their entitlements with their parents every 10 minutes, and this causes too much load on parent CAs with many children. There should be no need to check this often. CAs will now check every 24 to 36 hours, using a random spread. This will decrease the load on parent CAs significantly. Note that you can always force a 'parent refresh' sooner through the UI or command line (krillc bulk refresh). You may want to use this if your parent informs you through other channels that your resources have changed - e.g. you were allocated a new prefix. Secondly, because the next synchronisation time is now difficult to predict in the code that reports the parent status - it is now no longer shown in the UI/API. We may add this back in a future release. See issue #807. You can read more about this upgrade process [here](https://krill.docs.nlnetlabs.nl/en/latest/upgrade.html). In addition to this we added a few other quick fixes in this release: - Make RRDP session reset manual option #793 - Improve http connection error reporting #776 - Fix deserialization bug for CAs with children #774 - Connect to local parent directly #791 - Do not sign/validate RFC6492 messages to/from local parent #797 - Use per CA locking for CA statuses #795 - Decrease CA update frequency and use jitter to spread load #802 - Accept missing tag in RFC8181 #809 - Improve efficiency of connection status tracking #811 - Do not resync CAs with repo on startup if there are too many #818 The full list of changes can be found [here](https://github.com/NLnetLabs/krill/releases/tag/v0.9.5) -- You are receiving this mail because: You are the assignee for the bug.