Volt Active Data
12.2.2
VoltDB Operator 2.0.2 |
VoltDB Helm Chart 2.0.2 |
April 24, 2022
This document provides information about known issues and limitations to the current release of VoltDB. If you encounter any problems not listed below, please be sure to report them to support@voltactivedata.com. Thank you.
The process for upgrading from the recent versions of VoltDB is as follows:
Shutdown the database, creating a final snapshot (using voltadmin shutdown --save).
Upgrade the VoltDB software.
Restart the database (using voltdb start).
For Kubernetes, see the section on "Upgrading the VoltDB Software and Helm Charts" in the VoltDB Kubernetes Administrator's Guide. For DR clusters, see the section on "Upgrading VoltDB Software" in the VoltDB Administrator's Guide for special considerations related to DR upgrades. If you are upgrading from versions before V6.8, see the section on "Upgrading Older Versions of VoltDB Manually" in the same manual.
Finally, for all customers upgrading from earlier versions of VoltDB, please be sure to read the upgrade notes for your current and subsequent releases, including V6, V7, V8, V10, and V11.
In addition to the major enhancements listed above, users of previous versions of VoltDB should take note of the following changes that might impact their existing applications. See the VoltDB Operator Release Notes for changes specific to the use of VoltDB on the Kubernetes platform.
1. Release V12.2.2 (April 24, 2023) | ||||||||||
1.1. | Security updates | |||||||||
All known high and critical CVEs were resolved as of the date of this release, including:
| ||||||||||
1.2. | Additional improvements | |||||||||
In addition, the following limitations in previous versions have been resolved:
| ||||||||||
2. Release V12.2.1 (April 13, 2023) | ||||||||||
2.1. | Security update | |||||||||
Packages within Volt Active Data have been updated to eliminate the following known security vulnerability: CVE-2023-0464. | ||||||||||
3. Release V12.2 (March 29, 2023) | ||||||||||
3.1. | Important! New Volt Operator for Kubernetes | |||||||||
The Volt Operator for Kubernetes has been updated to improve stability, extensibility, and to support Kubernetes V1.23 through V1.25. The new version of the Operator, V2.0, is required for both Volt V12.2 and Kubernetes V1.25. The transition from V1.x to V2.0 of the Operator is the same as any other update, with one exception: when upgrading to V2.0 you must use the kubectl replace command to update the CRD instead of the kubectl apply command, as was documented in previous releases. On the other hand, use of replace instead of apply works when updating any version of the Volt software. So the documentation has been revised to recommend the use of replace for all software upgrades. Because Volt Operator and Helm chart V2.0 are required for Kubernetes 1.25, customers upgrading to 1.25 must upgrade the components in the following order:
| ||||||||||
3.2. | Changes to Kubernetes pod security | |||||||||
In previous releases, the Volt Operator established permissions for the Kubernetes pods to provide Volt with the rights needed to function properly. This was done using Kubernetes pod security policies (PSP). Starting with the Volt Operator and charts V2.0, pod security policies are no longer enabled by default. This means the Volt pods have no specific limitations set for them. For Kubernetes V1.23 and V1.24, you can enable PSP constraints by setting the Helm property
$ kubectl label --override namespace mydatacenter pod-security.kuberneted.io/enforce=baseline | ||||||||||
3.3. | Cloud native placement groups maximize high availability by distributing partitions across availability zones in Kubernetes | |||||||||
Volt Active Data now supports cloud native placement groups. K-Safety guarantees the database cluster can survive a certain number of node failures. Placement groups allow you to define groups of nodes that are logically connected so that Volt can avoid losing the database if an entire group goes offline. In Kubernetes, if you enable the new cloud native placement capability, Volt maximizes its availability, using knowledge of the Kubernetes regions and zones to intelligently distribute copies of the database partitions so that even if an availability zone is lost, the database can remain operational. See the section on "Configuring High Availability" in the Volt Kubernetes Administrator's Guide for more information. | ||||||||||
3.4. | TLS/SSL support for subject alternative names (SAN) | |||||||||
One feature of TLS/SSL is that the client can verify that the certificate is assigned to the same host name or address they connect to. In fact, it can allow for multiple names and even wildcards using Subject Alternative Names (SAN). By default, Volt does not utilize this feature. However, starting with Volt V12.2 the Volt Java client can enable alternative name support and verify that the certificate matches the requested address. See the note on using TLS alternative name support later in this document for details. | ||||||||||
3.5. | Required version of Python updated to V3.9 or later | |||||||||
Because version 3.6 is no longer supported, the minimal version of Python required by Volt Active Data has been updated to V3.9. | ||||||||||
3.6. | Kakfa security update requires new property for Volt topic producers | |||||||||
To resolve certain security vulnerabilities the Kafka client library has been upgraded. However, the newer
library requires Kafka producers to explicitly disable idempotency when sending messages to Volt topics, which was
not required before. Important: if you are using a Kafka producer to send data to
Volt topics and do not explicitly disable idempotency, you will need to update the client to add the property
| ||||||||||
3.7. | Masking passwords when configuring security on Kubernetes | |||||||||
When configuring security in VoltDB, you must specify usernames and passwords, which previously appeared in plain text in the YAML configuration file. You can now use the Helm voltadmin plugin to mask those passwords, so they are not readily viewable in the YAML. See the description of the Helm plugin mask command in the Volt Kubernetes Administrator's Guide for details. | ||||||||||
3.8. | Support for JDBC getMaxConnection method | |||||||||
The Volt JDBC API now supports the getMaxConnection method, which returns the integer value of zero (0) indicating the maximum is unspecified. | ||||||||||
3.9. | Ability to use separate TLS/SSL credentials for each XDCR cluster | |||||||||
Previously, when enabling TLS/SSL encryption for XDCR clusters in Kubernetes, all of the clusters needed to
use the same certificate. Although the property It is now possible to specify separate TSL/SSL credentials for each XDCR cluster. When specifying the
credentials of the remote XDCR cluster, use the new properties
When upgrading an existing cluster to operator 2.0 and using the new XDCR TLS/SSL properties, be sure to
remove any existing definition of the $ helm upgrade mydb voltdb/voltdb --reuse-values \
--set cluster.config.deployment.dr.connection.ssl={} | ||||||||||
3.10. | Additional improvements | |||||||||
In addition to the new features and capabilities described above, the following limitations in previous versions have been resolved:
| ||||||||||
4. Release V12.1.1 (March 17, 2023) | ||||||||||
4.1. | Security updates | |||||||||
All known high and critical CVEs were resolved as of the date of this release, including:
| ||||||||||
5. Release V12.1 (December 21, 2022, updated December 29, 2022) | ||||||||||
5.1. | Simplified updating of TLS/SSL certificates in Kubernetes eliminates need for cluster restart | |||||||||
The latest Operator release simplifies the process for updating TLS/SSL certificates and eliminates the need to stop and restart the cluster to apply the new certificate. In Kubernetes,if you store the TLS/SSL credentials using Kubernetes secrets, either created manually or through the cert-manager, the Operator now automatically updates the configuration on the running cluster once the secret changes. So, if you created the secret manually, you simply need to delete and recreate the secret with the new credentials. If you use cert-manager, cert-manager itself updates the credentials when the expiration date approaches. In either case, the Operator recognizes the change and updates the running cluster without any further operator intervention. | ||||||||||
5.2. | New @Statistics selector for information about the cluster nodes and the partitions they host | |||||||||
The @Statistics system procedure has a new selector, HOST, that returns information about the nodes of the cluster, including what partitions it hosts and whether it is safe to stop the node in a K-safe cluster. See the description of the @Statistics system procedure in the Using VoltDB manual for details. | ||||||||||
5.3. | New @SystemInformation selector for listing environment variables | |||||||||
Support for a new selector, ENV, has been added to the @SystemInformation system procedure. The ENV selector returns information about the environment variables defined for the database server process, one row for each variable on each host. See the description of the @SystemInformation system procedure in the Using VoltDB manual for details. | ||||||||||
5.4. | TLS/SSL protocols 1.0 and 1.1 are no longer supported | |||||||||
The TLS/SSL protocol versions 1.0 and 1.1 were deprecated and removed from most industry applications and browsers in 2020. Going forward, these obsolete protocol versions are no longer available in VoltDB either. | ||||||||||
5.5. | Additional improvements | |||||||||
The following limitations in previous versions have been resolved:
| ||||||||||
6. Release V12.0 (October 18, 2022) | ||||||||||
6.1. | Memory management improvements | |||||||||
Memory management for the database table data has been rewritten and optimized to reduce certain impediments in the previous implementation. Although this change is primarily internal and transparent to you as a customer, it does have two direct benefits in terms of eliminating development and operational roadblocks:
| ||||||||||
6.2. | Support for Ubuntu 22.04 and the Rocky OS | |||||||||
Volt Active Data has added Ubuntu 22.04 and Rocky OS as supported platforms for VoltDB. | ||||||||||
6.3. | Support for storing TLS/SSL credentials in Kubernetes secrets | |||||||||
When enabling TLS/SSL in Kubernetes, you can now store your TLS/SSL credentials (including the keystore, truststore, and passwords) in a Kubernetes secret. This avoids having to specify passwords on the Helm command line and simplifies the commands needed to start and update database instances. See the section on configuring TLS/SSL in the Volt Kubernetes Administrator's Guide for details. | ||||||||||
6.4. | Expiration dates for user accounts | |||||||||
You can now specify an expiration date for user accounts in the database configuration file. Once the specified date is past, the associated account can no longer access the database, until the configuration for the user account is updated. The expiration date is optional. See the section on defining users and roles in the Using VoltDB manual for details. | ||||||||||
6.5. | New LAG() windowing function | |||||||||
The LAG() function accesses previous rows from the window results using an offset. See the section on windowing functions in the SELECT reference page for more information. | ||||||||||
6.6. | Dedicated pod for VMC and HTTP API in Kubernetes | |||||||||
By default, Volt in Kubernetes now creates a separate pod for the Volt Management Center (VMC) and HTTP API.
This provides a single service name for accessing these resources, as well as a single instance for the entire
cluster (rather than separate instances for each host). The new pod is available from the service name
| ||||||||||
6.7. | License is required on the voltdb init command | |||||||||
Starting with V12, the voltdb init command must find and load a license file or the
initialization of the database root directory will fail. The license file can either be specified explicitly using
the | ||||||||||
6.8. | Kafkaloader10 is now deprecated | |||||||||
To support different versions of the Kafka API, two versions of the kafkaloader utility were provided in the past: kafkaloader and kafkaloader10. Now that support for older versions of Kafka has been dropped, the legacy loader, kafkaloader10, has been deprecated and will be removed in a future release. | ||||||||||
6.9. | Old deprecated methods removed from the Java client API | |||||||||
Several obsolete methods in the Java client API that were previously deprecated have now been removed. Those
methods were | ||||||||||
6.10. | The voltadmin plan_upgrade command has been removed | |||||||||
The procedure for upgrading the VoltDB software using limited hardware is no longer supported. The associated command, plan_upgrade, has been removed from the voltadmin utility. | ||||||||||
6.11. | @Statistics DRCONSUMER column renamed | |||||||||
The results of the @Statistics system procedure DRCONSUMER selector have been altered slightly. Specifically, the last column of the third results table has been renamed to be more descriptive from LAST_FAILURE to LAST_FAILURE_CODE. | ||||||||||
6.12. | Additional information in @SystemInformation output | |||||||||
The @SystemInformation system procedure now includes additional information regarding the number of processors, both existing and available for use. This is important because in certain situations (most notably, Kubernetes) not all processors are available to the application. The new results field is called JAVAAVAILABLEPROCESSORS. | ||||||||||
6.13. | Additional improvements | |||||||||
The following limitations in previous versions have been resolved:
|
The following are known limitations to the current release of VoltDB. Workarounds are suggested where applicable. However, it is important to note that these limitations are considered temporary and are likely to be corrected in future releases of the product.
The following notes provide details concerning how certain VoltDB features operate. The behavior is not considered incorrect. However, this information can be important when using specific components of the VoltDB product.
1. IPv6 | |
1.1. | Support for IPv6 addresses |
VoltDB works in IPv4, IPv6, and mixed network environments. Although the examples in the documentation use IPv4 addresses, you can use IPv6 when configuring your database, making connections through applications, or using the VoltDB command line utilities, such as voltdb and voltadmin. When specifying IPv6 addresses on the command line or in the configuration file, be sure to enclose the address in square brackets. If you are specifying both an IPv6 address and port number, put the colon and port number after the square brackets. For example: voltadmin status --host=[2001:db8:85a3::8a2e:370:7334]:21211 | |
2. VoltDB Management Center | |
2.1. | Schema updates clear the stored procedure data table in the Management Center Monitor section |
Any time the database schema or stored procedures are changed, the data table showing stored procedure statistics at the bottom of the Monitor section of the VoltDB Management Center get reset. As soon as new invocations of the stored procedures occur, the statistics table will show new values based on performance after the schema update. Until invocations occur, the procedure table is blank. | |
3. SQL | |
3.1. | You cannot partition a table on a column defined as ASSUMEUNIQUE. |
The ASSUMEUNIQUE attribute is designed for identifying columns in partitioned tables where the column values are known to be unique but the table is not partitioned on that column, so VoltDB cannot verify complete uniqueness across the database. Using interactive DDL, you can create a table with a column marked as ASSUMEUNIQUE, but if you try to partition the table on the ASSUMEUNIQUE column, you receive an error. The solution is to drop and add the column using the UNIQUE attribute instead of ASSUMEUNIQUE. | |
3.2. | Adding or dropping column constraints (UNIQUE or ASSUMEUNIQUE) is not supported by the ALTER TABLE ALTER COLUMN statement. |
You cannot add or remove a column constraint such as UNIQUE or ASSUMEUNIQUE using the ALTER TABLE ALTER COLUMN statement. Instead to add or remove such constraints, you must first drop then add the modified column. For example: ALTER TABLE employee DROP COLUMN empID; ALTER TABLE employee ADD COLUMN empID INTEGER UNIQUE; | |
3.3. | Do not use UPDATE to change the value of a partitioning column |
For partitioned tables, the value of the column used to partition the table determines what partition the row belongs to. If you use UPDATE to change this value and the new value belongs in a different partition, the UPDATE request will fail and the stored procedure will be rolled back. Updating the partition column value may or may not cause the record to be repartitioned (depending on the old and new values). However, since you cannot determine if the update will succeed or fail, you should not use UPDATE to change the value of partitioning columns. The workaround, if you must change the value of the partitioning column, is to use both a DELETE and an INSERT statement to explicitly remove and then re-insert the desired rows. | |
3.4. | Ambiguous column references no longer allowed. |
Starting with VoltDB 6.0, ambiguous column references are no longer allowed. For example, if both the Customer and Placedorder tables have a column named Address, the reference to Address in the following SELECT statement is ambiguous: SELECT OrderNumber, Address FROM Customer, Placedorder . . . Previously, VoltDB would select the column from the leftmost table (Customer, in this case). Ambiguous column references are no longer allowed and you must use table prefixes to disambiguate identical column names. For example, specifying the column in the preceding statement as Customer.Address. A corollary to this change is that a column declared in a USING clause can now be referenced using a prefix. For example, the following statement uses the prefix Customer.Address to disambiguate the column selection from a possibly similarly named column belonging to the Supplier table: SELECT OrderNumber, Vendor, Customer.Address FROM Customer, Placedorder Using (Address), Supplier . . . | |
4. Runtime | |
4.1. | File Descriptor Limits |
VoltDB opens a file descriptor for every client connection to the database. In normal operation, this use of file descriptors is transparent to the user. However, if there are an inordinate number of concurrent client connections, or clients open and close many connections in rapid succession, it is possible for VoltDB to exceed the process limit on file descriptors. When this happens, new connections may be rejected or other disk-based activities (such as snapshotting) may be disrupted. In environments where there are likely to be an extremely large number of connections, you should consider increasing the operating system's per-process limit on file descriptors. | |
4.2. | Use of Resources in JAR Files |
There are two ways to access additional resources in a VoltDB database. You can place the resources in the
LOAD CLASSES is used primarily to load classes associated with stored procedures and user-defined functions. However, it will also load any additional resource files included in subfolders of the JAR file. You can remove classes that are no longer needed using the REMOVE CLASSES directive. However, there is no explicit command for removing other resources. Consequently, if you rename resources or move them to a different location and reload the JAR file, the database will end up having multiple copies. Over time, this could result in more and more unnecessary memory being used by the database. To remove obsolete resources, you must first reinitialize the database root directory, start a fresh database, reload the schema (including the new JAR files with only the needed resources) and then restore the data from a snapshot. | |
4.3. | Servers with Multiple Network Interfaces |
If a server has multiple network interfaces (and therefore multiple IP addresses) VoltDB will, by default, open ports on all available interfaces. You can limit the ports to an single interface in two ways:
Also, when using an IP address to reference a server with multiple interfaces in command line utilities (such as voltadmin stop node), use the @SystemInformation system procedure to determine which IP address VoltDB has selected to identify the server. Otherwise, if you choose the wrong IP address, the command might fail. | |
5. Platforms | |
5.1. | OpenShift and Transparent Huge Pages (THP) |
For production, VoltDB requires that Transparent Huge Pages (THP) are disabled because they interfere with memory-intensive applications. However, THP may be enabled on OpenShift containers and the containers themselves not have permission to disable them. To overcome this situation, you must run the Helm chart for disabling THP from a privileged container: $ helm -n kube-system install thp voltdb/transparent-hugepages \ --set thp.securityContext.privileged=true | |
5.2. | Kubernetes Compatibility |
See the Volt Kubernetes Compatibility Chart for information on which versions of the Volt Operator and Helm charts support which version of VoltDB. See the VoltDB Operator Release Notes for additional information about individual releases of the VoltDB Operator. |