database: Add vitess + mysql 8.0 to our development environment

Author: beautifulentropy

.github/workflows/boulder-ci.yml

@@ -54,12 +54,19 @@ jobs:
           - "./t.sh --unit --enable-race-detection"
           - "./tn.sh --unit --enable-race-detection"
           - "./t.sh --start-py"
+          # Same cases but backed by Vitess + MySQL 8 instead of ProxySQL + MariaDB
+          - "./t.sh --use-vitess --integration"
+          - "./tn.sh --use-vitess --integration"
+          - "./t.sh --use-vitess --unit --enable-race-detection"
+          - "./tn.sh --use-vitess --unit --enable-race-detection"
+          - "./t.sh --use-vitess --start-py"
 
     env:
       # This sets the docker image tag for the boulder-tools repository to
       # use in tests. It will be set appropriately for each tag in the list
       # defined in the matrix.
       BOULDER_TOOLS_TAG: ${{ matrix.BOULDER_TOOLS_TAG }}
+      BOULDER_VTCOMBOSERVER_TAG: vitessv22.0.0_2025-11-03
 
     # Sequence of tasks that will be executed as part of the job.
     steps:

.gitignore

@@ -43,3 +43,16 @@ test/proxysql/*.log*
 
 # Coverage files
 test/coverage
+
+# Database config symlinks
+sa/db/dbconfig.yml
+test/secrets/backfiller_dburl
+test/secrets/badkeyrevoker_dburl
+test/secrets/cert_checker_dburl
+test/secrets/expiration_mailer_dburl
+test/secrets/incidents_dburl
+test/secrets/mailer_dburl
+test/secrets/ocsp_responder_dburl
+test/secrets/revoker_dburl
+test/secrets/sa_dburl
+test/secrets/sa_ro_dburl

docker-compose.yml

@@ -52,6 +52,7 @@ services:
     depends_on:
       - bmysql
       - bproxysql
+      - bvitess
       - bredis_1
       - bredis_2
       - bconsul
@@ -79,7 +80,7 @@ services:
     networks:
       bouldernet:
         aliases:
-          - boulder-mysql
+          - boulder-mariadb
     environment:
       MYSQL_ALLOW_EMPTY_PASSWORD: "yes"
     # Send slow queries to a table so we can check for them in the
@@ -144,6 +145,21 @@ services:
     networks:
       - bouldernet
 
+  bvitess:
+    # The `letsencrypt/boulder-vtcomboserver:latest` tag is automatically built
+    # in local dev environments. In CI a specific BOULDER_VTCOMBOSERVER_TAG is
+    # passed, and it is pulled with `docker compose pull`.
+    image: letsencrypt/boulder-vtcomboserver:${BOULDER_VTCOMBOSERVER_TAG:-latest}
+    environment:
+      # By specifying KEYSPACES vttestserver will create the corresponding
+      # databases on startup.
+      KEYSPACES: boulder_sa_test,boulder_sa_integration,incidents_sa_test,incidents_sa_integration
+      NUM_SHARDS: 1,1,1,1
+    networks:
+      bouldernet:
+        aliases:
+          - boulder-vitess
+
 networks:
   # This network represents the data-center internal network. It is used for
   # boulder services and their infrastructure, such as consul, mariadb, and

sa/database.go

@@ -201,13 +201,6 @@ func adjustMySQLConfig(conf *mysql.Config) error {
 		}
 	}
 
-	// If a given parameter has the value "0", delete it from conf.Params.
-	omitZero := func(name string) {
-		if conf.Params[name] == "0" {
-			delete(conf.Params, name)
-		}
-	}
-
 	// Ensures that MySQL/MariaDB warnings are treated as errors. This
 	// avoids a number of nasty edge conditions we could wander into.
 	// Common things this discovers includes places where data being sent
@@ -216,26 +209,6 @@ func adjustMySQLConfig(conf *mysql.Config) error {
 	// <https://dev.mysql.com/doc/refman/5.0/en/sql-mode.html#sql-mode-strict>.
 	setDefault("sql_mode", "'STRICT_ALL_TABLES'")
 
-	// If a read timeout is set, we set max_statement_time to 95% of that, and
-	// long_query_time to 80% of that. That way we get logs of queries that are
-	// close to timing out but not yet doing so, and our queries get stopped by
-	// max_statement_time before timing out the read. This generates clearer
-	// errors, and avoids unnecessary reconnects.
-	// To override these values, set them in the DSN, e.g.
-	// `?max_statement_time=2`. A zero value in the DSN means these won't be
-	// sent on new connections.
-	if conf.ReadTimeout != 0 {
-		// In MariaDB, max_statement_time and long_query_time are both seconds,
-		// but can have up to microsecond granularity.
-		// Note: in MySQL (which we don't use), max_statement_time is millis.
-		readTimeout := conf.ReadTimeout.Seconds()
-		setDefault("max_statement_time", fmt.Sprintf("%.6f", readTimeout*0.95))
-		setDefault("long_query_time", fmt.Sprintf("%.6f", readTimeout*0.80))
-	}
-
-	omitZero("max_statement_time")
-	omitZero("long_query_time")
-
 	// Finally, perform validation over all variables set by the DSN and via Boulder.
 	for k, v := range conf.Params {
 		err := checkMariaDBSystemVariables(k, v)

sa/database_test.go

@@ -4,36 +4,38 @@ import (
 	"context"
 	"database/sql"
 	"errors"
+	"fmt"
 	"os"
 	"path"
 	"strings"
 	"testing"
 	"time"
 
-	"github.com/go-sql-driver/mysql"
 	"github.com/letsencrypt/boulder/cmd"
 	"github.com/letsencrypt/boulder/config"
 	"github.com/letsencrypt/boulder/test"
 	"github.com/letsencrypt/boulder/test/vars"
 )
 
+var dbHost = os.Getenv("MYSQL_ADDR")
+
 func TestInvalidDSN(t *testing.T) {
 	_, err := DBMapForTest("invalid")
 	test.AssertError(t, err, "DB connect string missing the slash separating the database name")
 
-	DSN := "policy:password@tcp(boulder-proxysql:6033)/boulder_policy_integration?readTimeout=800ms&writeTimeout=800ms&stringVarThatDoesntExist=%27whoopsidaisies"
+	DSN := fmt.Sprintf("policy:password@tcp(%s)/boulder_policy_integration?readTimeout=800ms&writeTimeout=800ms&stringVarThatDoesntExist=%%27whoopsidaisies", dbHost)
 	_, err = DBMapForTest(DSN)
 	test.AssertError(t, err, "Variable does not exist in curated system var list, but didn't return an error and should have")
 
-	DSN = "policy:password@tcp(boulder-proxysql:6033)/boulder_policy_integration?readTimeout=800ms&writeTimeout=800ms&concurrent_insert=2"
+	DSN = fmt.Sprintf("policy:password@tcp(%s)/boulder_policy_integration?readTimeout=800ms&writeTimeout=800ms&concurrent_insert=2", dbHost)
 	_, err = DBMapForTest(DSN)
 	test.AssertError(t, err, "Variable is unable to be set in the SESSION scope, but was declared")
 
-	DSN = "policy:password@tcp(boulder-proxysql:6033)/boulder_policy_integration?readTimeout=800ms&writeTimeout=800ms&optimizer_switch=incorrect-quoted-string"
+	DSN = fmt.Sprintf("policy:password@tcp(%s)/boulder_policy_integration?readTimeout=800ms&writeTimeout=800ms&optimizer_switch=incorrect-quoted-string", dbHost)
 	_, err = DBMapForTest(DSN)
 	test.AssertError(t, err, "Variable declared with incorrect quoting")
 
-	DSN = "policy:password@tcp(boulder-proxysql:6033)/boulder_policy_integration?readTimeout=800ms&writeTimeout=800ms&concurrent_insert=%272%27"
+	DSN = fmt.Sprintf("policy:password@tcp(%s)/boulder_policy_integration?readTimeout=800ms&writeTimeout=800ms&concurrent_insert=%%272%%27", dbHost)
 	_, err = DBMapForTest(DSN)
 	test.AssertError(t, err, "Integer enum declared, but should not have been quoted")
 }
@@ -76,7 +78,7 @@ func TestDbSettings(t *testing.T) {
 	}
 	dsnFile := path.Join(t.TempDir(), "dbconnect")
 	err := os.WriteFile(dsnFile,
-		[]byte("sa@tcp(boulder-proxysql:6033)/boulder_sa_integration"),
+		[]byte(fmt.Sprintf("sa@tcp(%s)/boulder_sa_integration", dbHost)),
 		os.ModeAppend)
 	test.AssertNotError(t, err, "writing dbconnect file")
 
@@ -107,8 +109,8 @@ func TestDbSettings(t *testing.T) {
 
 // TODO: Change this to test `newDbMapFromMySQLConfig` instead?
 func TestNewDbMap(t *testing.T) {
-	const mysqlConnectURL = "policy:password@tcp(boulder-proxysql:6033)/boulder_policy_integration?readTimeout=800ms&writeTimeout=800ms"
-	const expected = "policy:password@tcp(boulder-proxysql:6033)/boulder_policy_integration?clientFoundRows=true&parseTime=true&readTimeout=800ms&writeTimeout=800ms&long_query_time=0.640000&max_statement_time=0.760000&sql_mode=%27STRICT_ALL_TABLES%27"
+	mysqlConnectURL := fmt.Sprintf("policy:password@tcp(%s)/boulder_policy_integration?readTimeout=800ms&writeTimeout=800ms", dbHost)
+	expected := fmt.Sprintf("policy:password@tcp(%s)/boulder_policy_integration?clientFoundRows=true&parseTime=true&readTimeout=800ms&writeTimeout=800ms&sql_mode=%%27STRICT_ALL_TABLES%%27", dbHost)
 	oldSQLOpen := sqlOpen
 	defer func() {
 		sqlOpen = oldSQLOpen
@@ -146,27 +148,6 @@ func TestStrictness(t *testing.T) {
 	}
 }
 
-func TestTimeouts(t *testing.T) {
-	dbMap, err := DBMapForTest(vars.DBConnSA + "?max_statement_time=1")
-	if err != nil {
-		t.Fatal("Error setting up DB:", err)
-	}
-	// SLEEP is defined to return 1 if it was interrupted, but we want to actually
-	// get an error to simulate what would happen with a slow query. So we wrap
-	// the SLEEP in a subselect.
-	_, err = dbMap.ExecContext(ctx, `SELECT 1 FROM (SELECT SLEEP(5)) as subselect;`)
-	if err == nil {
-		t.Fatal("Expected error when running slow query, got none.")
-	}
-
-	// We expect to get:
-	// Error 1969: Query execution was interrupted (max_statement_time exceeded)
-	// https://mariadb.com/kb/en/mariadb/mariadb-error-codes/
-	if !strings.Contains(err.Error(), "Error 1969") {
-		t.Fatalf("Got wrong type of error: %s", err)
-	}
-}
-
 // TestAutoIncrementSchema tests that all of the tables in the boulder_*
 // databases that have auto_increment columns use BIGINT for the data type. Our
 // data is too big for INT.
@@ -185,45 +166,3 @@ func TestAutoIncrementSchema(t *testing.T) {
 	test.AssertNotError(t, err, "unexpected err querying columns")
 	test.AssertEquals(t, count, int64(0))
 }
-
-func TestAdjustMySQLConfig(t *testing.T) {
-	conf := &mysql.Config{}
-	err := adjustMySQLConfig(conf)
-	test.AssertNotError(t, err, "unexpected err setting server variables")
-	test.AssertDeepEquals(t, conf.Params, map[string]string{
-		"sql_mode": "'STRICT_ALL_TABLES'",
-	})
-
-	conf = &mysql.Config{ReadTimeout: 100 * time.Second}
-	err = adjustMySQLConfig(conf)
-	test.AssertNotError(t, err, "unexpected err setting server variables")
-	test.AssertDeepEquals(t, conf.Params, map[string]string{
-		"sql_mode":           "'STRICT_ALL_TABLES'",
-		"max_statement_time": "95.000000",
-		"long_query_time":    "80.000000",
-	})
-
-	conf = &mysql.Config{
-		ReadTimeout: 100 * time.Second,
-		Params: map[string]string{
-			"max_statement_time": "0",
-		},
-	}
-	err = adjustMySQLConfig(conf)
-	test.AssertNotError(t, err, "unexpected err setting server variables")
-	test.AssertDeepEquals(t, conf.Params, map[string]string{
-		"sql_mode":        "'STRICT_ALL_TABLES'",
-		"long_query_time": "80.000000",
-	})
-
-	conf = &mysql.Config{
-		Params: map[string]string{
-			"max_statement_time": "0",
-		},
-	}
-	err = adjustMySQLConfig(conf)
-	test.AssertNotError(t, err, "unexpected err setting server variables")
-	test.AssertDeepEquals(t, conf.Params, map[string]string{
-		"sql_mode": "'STRICT_ALL_TABLES'",
-	})
-}

sa/db-next/boulder_sa/20230419000003_OrderToAuthzID.sql

@@ -9,9 +9,7 @@ CREATE TABLE `orderToAuthz2` (
   PRIMARY KEY (`id`),
   KEY `orderID_idx` (`orderID`),
   KEY `authzID_idx` (`authzID`)
-) ENGINE=InnoDB AUTO_INCREMENT=9 DEFAULT CHARSET=utf8mb4
- PARTITION BY RANGE (`id`)
-(PARTITION p_start VALUES LESS THAN (MAXVALUE));
+) ENGINE=InnoDB AUTO_INCREMENT=9 DEFAULT CHARSET=utf8mb4;
 
 -- +migrate Down
 -- SQL section 'Down' is executed when this migration is rolled back
@@ -22,6 +20,4 @@ CREATE TABLE `orderToAuthz2` (
   `authzID` bigint(20) NOT NULL,
   PRIMARY KEY (`orderID`,`authzID`),
   KEY `authzID` (`authzID`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4
- PARTITION BY RANGE COLUMNS(orderID, authzID)
-(PARTITION p_start VALUES LESS THAN (MAXVALUE, MAXVALUE));
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;

sa/db/boulder_sa/20230419000000_CombinedSchema.sql

@@ -18,9 +18,7 @@ CREATE TABLE `authz2` (
   KEY `regID_expires_idx` (`registrationID`,`status`,`expires`),
   KEY `regID_identifier_status_expires_idx` (`registrationID`,`identifierType`,`identifierValue`,`status`,`expires`),
   KEY `expires_idx` (`expires`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4
- PARTITION BY RANGE(id)
-(PARTITION p_start VALUES LESS THAN (MAXVALUE));
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
 
 CREATE TABLE `blockedKeys` (
   `id` bigint(20) UNSIGNED NOT NULL AUTO_INCREMENT,
@@ -53,9 +51,7 @@ CREATE TABLE `certificateStatus` (
   KEY `serial` (`serial`),
   KEY `isExpired_ocspLastUpdated_idx` (`isExpired`,`ocspLastUpdated`),
   KEY `notAfter_idx` (`notAfter`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4
- PARTITION BY RANGE(id)
-(PARTITION p_start VALUES LESS THAN (MAXVALUE));
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
 
 CREATE TABLE `certificates` (
   `id` bigint(20) NOT NULL AUTO_INCREMENT,
@@ -69,9 +65,7 @@ CREATE TABLE `certificates` (
   KEY `serial` (`serial`),
   KEY `regId_certificates_idx` (`registrationID`) COMMENT 'Common lookup',
   KEY `issued_idx` (`issued`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4
- PARTITION BY RANGE(id)
-(PARTITION p_start VALUES LESS THAN (MAXVALUE));
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
 
 CREATE TABLE `certificatesPerName` (
   `id` bigint(20) NOT NULL AUTO_INCREMENT,
@@ -93,9 +87,7 @@ CREATE TABLE `fqdnSets` (
   PRIMARY KEY (`id`),
   KEY `serial` (`serial`),
   KEY `setHash_issued_idx` (`setHash`,`issued`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4
- PARTITION BY RANGE(id)
-(PARTITION p_start VALUES LESS THAN (MAXVALUE));
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
 
 CREATE TABLE `incidents` (
   `id` bigint(20) UNSIGNED NOT NULL AUTO_INCREMENT,
@@ -104,7 +96,7 @@ CREATE TABLE `incidents` (
   `renewBy` datetime NOT NULL,
   `enabled` boolean DEFAULT false,
   PRIMARY KEY (`id`)
-) CHARSET=utf8mb4;
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
 
 CREATE TABLE `issuedNames` (
   `id` bigint(20) NOT NULL AUTO_INCREMENT,
@@ -114,9 +106,7 @@ CREATE TABLE `issuedNames` (
   `renewal` tinyint(1) NOT NULL DEFAULT 0,
   PRIMARY KEY (`id`),
   KEY `reversedName_notBefore_Idx` (`reversedName`,`notBefore`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4
- PARTITION BY RANGE(id)
-(PARTITION p_start VALUES LESS THAN (MAXVALUE));
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
 
 CREATE TABLE `keyHashToSerial` (
   `id` bigint(20) NOT NULL AUTO_INCREMENT,
@@ -147,18 +137,14 @@ CREATE TABLE `orderFqdnSets` (
   KEY `setHash_expires_idx` (`setHash`,`expires`),
   KEY `orderID_idx` (`orderID`),
   KEY `orderFqdnSets_registrationID_registrations` (`registrationID`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4
- PARTITION BY RANGE(id)
-(PARTITION p_start VALUES LESS THAN (MAXVALUE));
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
 
 CREATE TABLE `orderToAuthz2` (
   `orderID` bigint(20) NOT NULL,
   `authzID` bigint(20) NOT NULL,
   PRIMARY KEY (`orderID`,`authzID`),
   KEY `authzID` (`authzID`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4
- PARTITION BY RANGE COLUMNS(orderID, authzID)
-(PARTITION p_start VALUES LESS THAN (MAXVALUE, MAXVALUE));
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
 
 CREATE TABLE `orders` (
   `id` bigint(20) UNSIGNED NOT NULL AUTO_INCREMENT,
@@ -171,9 +157,7 @@ CREATE TABLE `orders` (
   PRIMARY KEY (`id`),
   KEY `reg_status_expires` (`registrationID`,`expires`),
   KEY `regID_created_idx` (`registrationID`,`created`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4
- PARTITION BY RANGE(id)
-(PARTITION p_start VALUES LESS THAN (MAXVALUE));
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
 
 -- Note: This table's name is a historical artifact and it is now
 -- used to store linting certificates, not precertificates.
@@ -189,9 +173,7 @@ CREATE TABLE `precertificates` (
   KEY `serial` (`serial`),
   KEY `regId_precertificates_idx` (`registrationID`),
   KEY `issued_precertificates_idx` (`issued`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4
- PARTITION BY RANGE(id)
-(PARTITION p_start VALUES LESS THAN (MAXVALUE));
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
 
 CREATE TABLE `registrations` (
   `id` bigint(20) NOT NULL AUTO_INCREMENT,
@@ -215,9 +197,7 @@ CREATE TABLE `requestedNames` (
   PRIMARY KEY (`id`),
   KEY `orderID_idx` (`orderID`),
   KEY `reversedName_idx` (`reversedName`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4
- PARTITION BY RANGE(id)
-(PARTITION p_start VALUES LESS THAN (MAXVALUE));
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
 
 -- Tables below have foreign key constraints, so are created after all other tables.
 
@@ -245,6 +225,7 @@ DROP TABLE `certificateStatus`;
 DROP TABLE `certificatesPerName`;
 DROP TABLE `certificates`;
 DROP TABLE `fqdnSets`;
+DROP TABLE `incidents`;
 DROP TABLE `issuedNames`;
 DROP TABLE `keyHashToSerial`;
 DROP TABLE `newOrdersRL`;