Changes in this Release

Where changes relate to a Zendesk issue, the associated Zendesk reference number is displayed. For example (10118).

This section includes fixes which change existing functionality. Fixes which don’t involve changes to functionality are documented in Resolved Issues.

Changes in NuoDB 4.2.1

NuoDB Loader duplicate request messages are now logged under the debug logging level

It was possible that NuoDB Loader duplicate request messages could be written excessively to the log file under the warn (warning) logging level. These messages are now logged under the debug logging level to improve log file readability.

TDE cipher creation messages are now logged under the network logging level (11927)

When TDE (Transparent Data Encryption) is enabled and the security log level is set, many cipher creation messages would unnecessarily get written to the log file. These messages are now written to the network logging level. As part of this change, other normal and default behaviors are no longer written to the log file when the the security logging level is set.

Improved the reliability of the result response sent to the client for Hotcopy job completion

Previously a timeout value (if requested) was passed to the NuoDB Admin Hotcopy request REST service. This procedure was not resilient to connectivity issues that could occur during that time. The client code has been changed, such that, if a timeout value is specified it will use the returned coordinator start ID and Hotcopy ID to wait for the Hotcopy operation to finish.

Changes in NuoDB 4.2

This section provides an overview of the changes included in NuoDB 4.2 compared to the original NuoDB 4.1 release. A subset of these changes may also be available in maintenance releases for prior versions.

The Vectorized Execution Engine (VEE) is now the default SQL execution engine

The Vectorized Execution Engine (VEE) which was introduced in NuoDB 4.1 is now the default and recommended SQL execution engine. The legacy Scalar Execution Engine (SEE) has been deprecated. For documentation about VEE and how to use VEE, see section Vectorized Execution Engine.
NOTE: Customers with existing applications that use NuoDB with SEE and have not yet validated their applications on VEE are encouraged to upgrade to NuoDB 4.2 and use SEE. Once applications are validated to work correctly on VEE in a test environment, customers are encouraged to restart their database using VEE to complete their migration to VEE.

Named generator sequences must be created before they are referenced as generators for identity columns.

Only anonymous generators are created implicitly. Error 42000 returned by the vectorized engine when named generator sequence does not exist prior to creating the generated column. See CREATE TABLE for details and usage of generated columns.

TLS can now be enabled/disabled via service control scripts

TLS can now be enabled/disabled as follows:

  • On Linux: $NUODB_HOME/etc/nuoadmin tls {enable|disable|status}

  • On Windows: $NUODB_HOME\etc\nuoadmin.bat tls {enable|disable|status}

Windows installations now require Python to be installed as a prerequisite

This change is required to enable the use of the NuoDB Admin nuocmd command line administration tool on Windows.

Log message format changed to match Engine format

The NuoDB Admin (nuoadmin) log message format has been changed to match the Engine log message format. This adds the database name, start id, and node id to the format, ensuring PIDs can be uniquely differentiated.

Removed execute permission from nuoadmin.service

Systemd files should not be executable. Execute permission has been removed from nuoadmin.service.

The NuoDB Docker base image OS has been upgraded to CentOS 8

The NuoDB Docker base image OS has been upgraded to CentOS 8 from CentOS 7. CentOS 8 offers many advantages over CentOS 7 including a stronger security model.

Java 11 now used in Docker image

Java 11 is now used in the NuoDB Docker image, replacing Java 8. In addition, superfluous warnings and stacktraces emitted when using Java 11 have been removed by specifying JDK internal dependency javax.activation explicitly. The version of Guice used has been updated and error messages related to its use of Java reflection have been suppressed.

IP addresses added to Admin logging

IP addresses have been added to the Admin logging. Name resolution is performed and IP addresses logged for all peers in the domain. The message is logged on a server during the NuoAdmin initialization phase. Remote peers' IP addresses are logged during connection state changes identified by the liveness service. This is useful, for example, in Kubernetes deployments where stale DNS SRV records may occasionally be returned.

Read committed isolation level optimizations

Several performance improvements have been implemented including the implementation of a bulk update algorithm to replace the sending of visibility update messages on every statement that sees new commits.

The Community Edition (CE) container image published to public repository sites includes VEE support only

To promote the use of the new Vectorized Execution Engine (VEE), starting in 4.1.1, the Community Edition (CE) will only included support for VEE which was introduced in 4.1.0. The VEE-only container image is available at: Dockerhub at nuodb/nuodb-ce, Red hat Ecosystem Catalog, and the Google Cloud Platform and AWS Marketplaces.

The Community Edition (CE) does not support rolling upgrade. To perform a rolling upgrade, customers must upgrade to NuoDB Enterprise Edition.

The NuoCA (NuoDB Collection Agent) has been moved to the NuoDB Client Package

The NuoCA (NuoDB Collection Agent) has been moved from the NuoDB server distribution package to the NuoDB Client Package, starting in version 20200930. If you are using or plan to use NuoCA to collect performance data, download and install the NuoDB Client Package version 20200930 or greater from either location:

  1. NuoDB Customer Download page

  2. NuoDB Client Package github page

Alternatively, follow the install instructions on the NuoDB Collection Agent (NuoCA) github page where more details and a usage sample can be found.

The contents of the $NUODB_HOME/drivers/pynuoadmin directory have been relocated or removed

  • To use nuocmd command line completion please change the location of the file sourced in ~/.bashrc from $NUODB_HOME/drivers/pynuoadmin/nuocmd-complete to $NUODB_HOME/etc/nuocmd-complete.

  • The NuoDB Quick Start Python script has been moved from $NUODB_HOME/drivers/pynuoadmin/quickstart.py to $NUODB_HOME/samples/quickstart.py.

  • The Python interface to the NuoDB Admin REST service has been removed from $NUODB_HOME/drivers/pynuoadmin. Customers who wish to use this interface directly in their own software should obtain pynuoadmin from PyPI or for more details, see section pynuoadmin Management Client Package Setup.

This release continues to provide the $NUODB_HOME/drivers/pynuoadmin/nuocmd-complete script file for backward-compatibility. Please take this opportunity to update your paths values to the new location as this file will be removed from the product in a future release.

The hosted version of NuoDB Insights monitoring has been removed from the product

The hosted version of NuoDB Insights (visual monitoring) and data repository that was hosted in the Amazon (AWS) Cloud has been shutdown and decommissioned. In addition, the related install and product files have been removed from the product distribution package. The hosted version of NuoDB Insights was an option available to customers to store their NuoDB performance data in a NuoDB managed AWS cloud instance. However, our customers have provided consistent feedback that storing Insights data locally on their systems is more desirable. Due to this, the hosted version of NuoDB Insights system will be removed from support and the service decommissioned in late September 2020.

NuoDB Insights visual monitoring deployed within customer managed environments will continue to remain available and supported.

Enhanced NuoDB Admin configuration property expansion

Previously only variables from JVM properties were resolved during Admin Process (AP) startup. Variables appearing in nuoadmin.conf with the syntax ${VARIABLE} can now be resolved from environment variables. The nuoadmin.conf.sample file included in the production distribution has also been updated to replace localhost with $(hostname).

NuoDB Admin nuoadmin.rest.yml and nuoadmin.logback.xml configuration files have been made internal only

NuoDB Admin nuoadmin.rest.yml and nuoadmin.logback.xml configuration files are no longer included in the product distribution. The files were used to configure third-party dependency libraries and it wasn’t recommended that users modify them directly. A high-level configuration such as NuoDB Admin REST API port and log levels is available in nuoadmin.conf file. For more details about configuring NuoDB Admin logging levels, see About NuoDB Admin tier logging.

NuoDB Admin password authentication caching

Password verification is performed for every REST API call with HTTP basic authentication against NuoDB Admin. Password hash caching has been added to avoid a performance penalty caused by strong password hashing algorithms on all REST API calls from a user. This optimization stores the user’s password salted hash in memory which is then used to verify the provided password for a user.

To guard against a potential DoS attack causing high CPU and memory usage in case malicious users send a high rate of REST API requests with a wrong password, an authentication and authorization failure threshold can be configured. For more details, see section Creating Users with Password-based Authentication.

Improve user configurability of TLS encryption key-pair type and size

The size of the RSA key generated for database processes is currently 1024 bits. This causes TLS configuration issues for certain hardened Linux systems which forbid keys smaller than 2048 bits, for example RHEL/CentOS 8. To resolve, NuoDB disables any security policy inherited from the system unless useSystemSecurityPolicy=true is specified in the NuoDB Admin nuoadmin.conf file. In addition, generatedKeyAlgorithm and generatedKeyStrength are now available in nuoadmin.conf. These variables provide users control of the key-pair type and size of the private key generated. For more information, see Host Properties (nuoadmin.conf).

Added support for Ubuntu 20.04 LTS

NuoDB now supports running the NuoDB database on Ubuntu version 20.04 LTS.
For a complete listing of supported platforms and OS versions, see section System Requirements.

Added CREATE INDEX syntax compatibility support for DESC and ASC index column qualifiers

When using either the Vectorized or Scalar execution engines, the ASC and DESC qualifiers are provided for syntax compatibility purposes only and do not affect the creation of the index. Indexes are always created as if ASC was specified. For more information, see CREATE INDEX.

Previously when using the command line tab completion feature for the database options switches --options and --default-options only a long list of options was displayed and no information about the purpose of each option. Command line tab completion will now suppress the options list display, and instead users should use the command help to obtain a URL to the Database Options documentation to learn more about each database option. For example, the below command’s output will include the new description text.

nuocmd start process --help
--options [OPTIONS [OPTIONS ...]]
          options for database process; see https://doc.nuodb.com/nuodb/latest
          /reference-information/database-options

Default TLS certificates and keystore files are no longer included in NuoDB container image

To improve security, customers are required to create their own certificates and keystore files before starting NuoDB either by generating self-signed certificates or by involving their security department. If no keystore files are found, then NuoDB 4.2 or greater will gracefully downgrade to non-SSL mode.

A rolling upgrade from a NuoDB domain that operates with previously included default TLS certificates to NuoDB 4.2 or greater in Kubernetes environments will fail if the TLS keystore files are not exposed to NuoDB containers.

For more information on how to enable TLS, please check Enabling TLS in Containerized Environments, and the Security Model of NuoDB in Kubernetes.