Skip to content

vitess: add vschemas with vindexes #8634

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
beautifulentropy merged 17 commits into from
Mar 13, 2026
Merged

vitess: add vschemas with vindexes #8634

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
4672219
vitess: add vschemas with vindexes
jsha Feb 18, 2026
3c1f1de
Update BOULDER_VTCOMBOSERVER_TAG
jsha Feb 19, 2026
a263b10
Fix SQL schemas
jsha Feb 19, 2026
e55465a
Install trigger for both DBs
jsha Feb 27, 2026
f5869e3
Revert diff between schemas
jsha Feb 27, 2026
bf9d76b
Reduce duplication of schemas
jsha Feb 27, 2026
95a5619
Automatically create Vitess SQL
jsha Feb 27, 2026
b65f903
Merge remote-tracking branch 'origin/main' into vschemas-and-vindexes
jsha Feb 27, 2026
db3edd6
Bump vtcomboserver tag
jsha Feb 27, 2026
0baaad5
Rename ql->sql
jsha Feb 27, 2026
e2c0210
02-26a
jsha Feb 27, 2026
6a2fa1e
Change limitEnum_bucketKey to a PRIMARY KEY
jsha Feb 27, 2026
60063b3
Review feedback
jsha Mar 3, 2026
02d7180
invert-match
jsha Mar 5, 2026
71c4a99
bump tag
jsha Mar 6, 2026
5ce8741
integration: make TestRevocation less parallel
jsha Mar 6, 2026
36b9eb3
Review feedback
jsha Mar 11, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/boulder-ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ jobs:
# use in tests. It will be set appropriately for each tag in the list
# defined in the matrix.
BOULDER_TOOLS_TAG: ${{ matrix.BOULDER_TOOLS_TAG }}
BOULDER_VTCOMBOSERVER_TAG: vitessv23.0.0_2026-01-28
BOULDER_VTCOMBOSERVER_TAG: vitessv23.0.0_2026-03-05

# Sequence of tasks that will be executed as part of the job.
steps:
Expand Down
8 changes: 6 additions & 2 deletions docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,8 @@ services:

bmariadb:
image: mariadb:10.11.13
volumes:
- ./sa/db:/docker-entrypoint-initdb.d
networks:
bouldernet:
aliases:
Expand Down Expand Up @@ -145,11 +147,13 @@ services:
image: letsencrypt/boulder-vtcomboserver:${BOULDER_VTCOMBOSERVER_TAG:-latest}
build:
context: test/vtcomboserver/
volumes:
- ./:/boulder/
environment:
# By specifying KEYSPACES vttestserver will create the corresponding
# databases on startup.
KEYSPACES: boulder_sa,incidents_sa
NUM_SHARDS: 1,1
KEYSPACES: boulder_sa,incidents_sa,boulder_sa_next,incidents_sa_next
NUM_SHARDS: 1,1,1,1
networks:
bouldernet:
aliases:
Expand Down
1 change: 0 additions & 1 deletion sa/db-next/boulder_sa/20230419000000_CombinedSchema.sql
View file
Open in desktop

This file was deleted.

10 changes: 0 additions & 10 deletions sa/db-next/boulder_sa/20230419000001_DropCertStatusSubscriberApproved.sql
View file
Open in desktop

This file was deleted.

10 changes: 0 additions & 10 deletions sa/db-next/boulder_sa/20230419000002_DropCertStatusLockCol.sql
View file
Open in desktop

This file was deleted.

9 changes: 0 additions & 9 deletions sa/db-next/boulder_sa/20250708000000_DropRegistrationsLockCol.sql
View file
Open in desktop

This file was deleted.

9 changes: 0 additions & 9 deletions sa/db-next/boulder_sa/20251002000000_AddRevokedSerialsIndex.sql
View file
Open in desktop

This file was deleted.

1 change: 0 additions & 1 deletion sa/db-next/dbconfig.mysql8.yml
View file
Open in desktop

This file was deleted.

1 change: 0 additions & 1 deletion sa/db-next/incidents_sa/20220328100000_Incidents.sql
View file
Open in desktop

This file was deleted.

12 changes: 0 additions & 12 deletions sa/db-users/incidents_sa.sql
View file
Open in desktop

This file was deleted.

4 changes: 4 additions & 0 deletions sa/db/00-create-databases.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
CREATE DATABASE boulder_sa;
CREATE DATABASE incidents_sa;
CREATE DATABASE boulder_sa_next;
CREATE DATABASE incidents_sa_next;
240 changes: 240 additions & 0 deletions sa/db/01-boulder_sa.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,240 @@
USE boulder_sa;

CREATE TABLE `authz2` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`identifierType` tinyint(4) NOT NULL,
`identifierValue` varchar(255) NOT NULL,
`registrationID` bigint(20) NOT NULL,
`status` tinyint(4) NOT NULL,
`expires` datetime NOT NULL,
`challenges` tinyint(4) NOT NULL,
`attempted` tinyint(4) DEFAULT NULL,
`attemptedAt` datetime DEFAULT NULL,
`token` binary(32) NOT NULL,
`validationError` mediumblob DEFAULT NULL,
`validationRecord` mediumblob DEFAULT NULL,
`certificateProfileName` varchar(32) DEFAULT NULL,
`created` datetime DEFAULT current_timestamp(),
PRIMARY KEY (`id`),
KEY `regID_expires_idx` (`registrationID`,`status`,`expires`),
KEY `regID_identifier_status_expires_idx` (`registrationID`,`identifierType`,`identifierValue`,`status`,`expires`),
KEY `expires_idx` (`expires`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci;

CREATE TABLE `blockedKeys` (
`id` bigint(20) NOT NULL AUTO_INCREMENT,
`keyHash` binary(32) NOT NULL,
`added` datetime NOT NULL,
`source` tinyint(4) NOT NULL,
`comment` varchar(255) DEFAULT NULL,
`revokedBy` bigint(20) DEFAULT 0,
`extantCertificatesChecked` tinyint(1) DEFAULT 0,
PRIMARY KEY (`id`),
UNIQUE KEY `keyHash` (`keyHash`),
KEY `extantCertificatesChecked_idx` (`extantCertificatesChecked`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci;

CREATE TABLE `certificateStatus` (
`id` bigint(20) NOT NULL AUTO_INCREMENT,
`serial` varchar(255) NOT NULL,
`subscriberApproved` tinyint(1) DEFAULT 0,
`status` varchar(255) NOT NULL,
`ocspLastUpdated` datetime NOT NULL,
`revokedDate` datetime NOT NULL,
`revokedReason` int(11) NOT NULL,
`lastExpirationNagSent` datetime NOT NULL,
`LockCol` bigint(20) DEFAULT 0,
`ocspResponse` blob DEFAULT NULL,
`notAfter` datetime DEFAULT NULL,
`isExpired` tinyint(1) DEFAULT 0,
`issuerID` bigint(20) DEFAULT NULL,
PRIMARY KEY (`id`),
KEY `isExpired_ocspLastUpdated_idx` (`isExpired`,`ocspLastUpdated`),
KEY `notAfter_idx` (`notAfter`),
KEY `serial` (`serial`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci;

CREATE TABLE `certificates` (
`id` bigint(20) NOT NULL AUTO_INCREMENT,
`registrationID` bigint(20) NOT NULL,
`serial` varchar(255) NOT NULL,
`digest` varchar(255) NOT NULL,
`der` mediumblob NOT NULL,
`issued` datetime NOT NULL,
`expires` datetime NOT NULL,
PRIMARY KEY (`id`),
KEY `regId_certificates_idx` (`registrationID`) COMMENT 'Common lookup',
KEY `issued_idx` (`issued`),
KEY `serial` (`serial`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci;

CREATE TABLE `crlShards` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`issuerID` bigint(20) NOT NULL,
`idx` int(10) unsigned NOT NULL,
`thisUpdate` datetime DEFAULT NULL,
`nextUpdate` datetime DEFAULT NULL,
`leasedUntil` datetime NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `shardID` (`issuerID`,`idx`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;

CREATE TABLE `crls` (
`serial` varchar(255) NOT NULL,
`createdAt` datetime NOT NULL,
`crl` varchar(255) NOT NULL,
PRIMARY KEY (`serial`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci;

CREATE TABLE `fqdnSets` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`setHash` binary(32) NOT NULL,
`serial` varchar(255) NOT NULL,
`issued` datetime NOT NULL,
`expires` datetime NOT NULL,
PRIMARY KEY (`id`),
KEY `setHash_issued_idx` (`setHash`,`issued`),
KEY `serial` (`serial`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci;

CREATE TABLE `incidents` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`serialTable` varchar(128) NOT NULL,
`url` varchar(1024) NOT NULL,
`renewBy` datetime NOT NULL,
`enabled` tinyint(1) DEFAULT 0,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;

CREATE TABLE `issuedNames` (
`id` bigint(20) NOT NULL AUTO_INCREMENT,
`reversedName` varchar(640) CHARACTER SET ascii COLLATE ascii_general_ci NOT NULL,
`notBefore` datetime NOT NULL,
`serial` varchar(255) NOT NULL,
`renewal` tinyint(1) NOT NULL DEFAULT 0,
PRIMARY KEY (`id`),
KEY `reversedName_notBefore_Idx` (`reversedName`,`notBefore`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci;

CREATE TABLE `keyHashToSerial` (
`id` bigint(20) NOT NULL AUTO_INCREMENT,
`keyHash` binary(32) NOT NULL,
`certNotAfter` datetime NOT NULL,
`certSerial` varchar(255) NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `unique_keyHash_certserial` (`keyHash`,`certSerial`),
KEY `keyHash_certNotAfter` (`keyHash`,`certNotAfter`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci;

CREATE TABLE `orderFqdnSets` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`setHash` binary(32) NOT NULL,
`orderID` bigint(20) NOT NULL,
`registrationID` bigint(20) NOT NULL,
`expires` datetime NOT NULL,
`created` datetime DEFAULT current_timestamp(),
PRIMARY KEY (`id`),
KEY `setHash_expires_idx` (`setHash`,`expires`),
KEY `orderID_idx` (`orderID`),
KEY `orderFqdnSets_registrationID_registrations` (`registrationID`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci;

CREATE TABLE `orders` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`registrationID` bigint(20) NOT NULL,
`expires` datetime NOT NULL,
`error` mediumblob DEFAULT NULL,
`certificateSerial` varchar(255) DEFAULT NULL,
`beganProcessing` tinyint(1) NOT NULL DEFAULT 0,
`created` datetime NOT NULL,
`certificateProfileName` varchar(32) DEFAULT NULL,
`replaces` varchar(255) DEFAULT NULL,
`authzs` blob DEFAULT NULL,
PRIMARY KEY (`id`),
KEY `reg_expires` (`registrationID`,`expires`),
KEY `regID_created_idx` (`registrationID`,`created`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci;

CREATE TABLE `overrides` (
`limitEnum` tinyint(4) unsigned NOT NULL,
`bucketKey` varchar(255) NOT NULL,
`comment` varchar(255) NOT NULL,
`periodNS` bigint(20) unsigned NOT NULL,
`count` int(10) unsigned NOT NULL,
`burst` int(10) unsigned NOT NULL,
`updatedAt` datetime NOT NULL,
`enabled` tinyint(1) NOT NULL DEFAULT 0,
PRIMARY KEY `limitEnum_bucketKey` (`limitEnum`,`bucketKey`),
KEY `idx_enabled` (`enabled`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;

CREATE TABLE `paused` (
`registrationID` bigint(20) unsigned NOT NULL,
`identifierType` tinyint(4) NOT NULL,
`identifierValue` varchar(255) NOT NULL,
`pausedAt` datetime NOT NULL,
`unpausedAt` datetime DEFAULT NULL,
PRIMARY KEY (`registrationID`,`identifierValue`,`identifierType`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci;

-- Note: This table's name is a historical artifact and it is now
-- used to store linting certificates, not precertificates.
-- See #6807.
CREATE TABLE `precertificates` (
`id` bigint(20) NOT NULL AUTO_INCREMENT,
`registrationID` bigint(20) NOT NULL,
`serial` varchar(255) NOT NULL,
`der` mediumblob NOT NULL,
`issued` datetime NOT NULL,
`expires` datetime NOT NULL,
PRIMARY KEY (`id`),
KEY `regId_precertificates_idx` (`registrationID`),
KEY `issued_precertificates_idx` (`issued`),
KEY `serial` (`serial`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci;

CREATE TABLE `registrations` (
`id` bigint(20) NOT NULL AUTO_INCREMENT,
`jwk` mediumblob NOT NULL,
`jwk_sha256` varchar(255) NOT NULL,
`agreement` varchar(255) NOT NULL,
`LockCol` bigint(20) NOT NULL DEFAULT 0,
`createdAt` datetime NOT NULL,
`status` varchar(255) NOT NULL DEFAULT 'valid',
PRIMARY KEY (`id`),
UNIQUE KEY `jwk_sha256` (`jwk_sha256`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci;

CREATE TABLE `replacementOrders` (
`id` bigint(20) NOT NULL AUTO_INCREMENT,
`serial` varchar(255) NOT NULL,
`orderID` bigint(20) NOT NULL,
`orderExpires` datetime NOT NULL,
`replaced` tinyint(1) DEFAULT 0,
PRIMARY KEY (`id`),
KEY `serial_idx` (`serial`),
KEY `orderID_idx` (`orderID`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;

CREATE TABLE `revokedCertificates` (
`id` bigint(20) NOT NULL AUTO_INCREMENT,
`issuerID` bigint(20) NOT NULL,
`serial` varchar(255) NOT NULL,
`notAfterHour` datetime NOT NULL,
`shardIdx` bigint(20) NOT NULL,
`revokedDate` datetime NOT NULL,
`revokedReason` int(11) NOT NULL,
PRIMARY KEY (`id`),
KEY `issuerID_shardIdx_notAfterHour_idx` (`issuerID`,`shardIdx`,`notAfterHour`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;

CREATE TABLE `serials` (
`id` bigint(20) NOT NULL AUTO_INCREMENT,
`registrationID` bigint(20) NOT NULL,
`serial` varchar(255) NOT NULL,
`created` datetime NOT NULL,
`expires` datetime NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `serial` (`serial`),
KEY `regId_serials_idx` (`registrationID`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci;
38 changes: 11 additions & 27 deletions ...lder_sa/20230419000000_CombinedSchema.sql → sa/db/01-boulder_sa_next.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
-- +migrate Up
-- SQL in section 'Up' is executed when this migration is applied
-- For easy diffability, the main part of this schema
Comment thread
aarongable marked this conversation as resolved.
-- should be identical with 01-boulder_sa.sql. Any differences
-- for the "next" schema should be expressed as ALTER TABLE
-- commands at the end of the file.
USE boulder_sa_next;

CREATE TABLE `authz2` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
Expand Down Expand Up @@ -165,7 +168,7 @@ CREATE TABLE `overrides` (
`burst` int(10) unsigned NOT NULL,
`updatedAt` datetime NOT NULL,
`enabled` tinyint(1) NOT NULL DEFAULT 0,
UNIQUE KEY `limitEnum_bucketKey` (`limitEnum`,`bucketKey`),
PRIMARY KEY `limitEnum_bucketKey` (`limitEnum`,`bucketKey`),
KEY `idx_enabled` (`enabled`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;

Expand Down Expand Up @@ -237,29 +240,10 @@ CREATE TABLE `serials` (
`expires` datetime NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `serial` (`serial`),
KEY `regId_serials_idx` (`registrationID`),
CONSTRAINT `regId_serials` FOREIGN KEY (`registrationID`) REFERENCES `registrations` (`id`) ON DELETE NO ACTION ON UPDATE NO ACTION
KEY `regId_serials_idx` (`registrationID`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci;

-- +migrate Down
-- SQL section 'Down' is executed when this migration is rolled back

-- First set of tables have foreign key constraints, so are dropped first.
DROP TABLE `serials`;

DROP TABLE `authz2`;
DROP TABLE `blockedKeys`;
DROP TABLE `certificateStatus`;
DROP TABLE `certificatesPerName`;
DROP TABLE `certificates`;
DROP TABLE `fqdnSets`;
DROP TABLE `incidents`;
DROP TABLE `issuedNames`;
DROP TABLE `keyHashToSerial`;
DROP TABLE `newOrdersRL`;
DROP TABLE `orderFqdnSets`;
DROP TABLE `orderToAuthz2`;
DROP TABLE `orders`;
DROP TABLE `precertificates`;
DROP TABLE `registrations`;
DROP TABLE `requestedNames`;
ALTER TABLE `certificateStatus` DROP COLUMN `subscriberApproved`;
ALTER TABLE `certificateStatus` DROP COLUMN `LockCol`;
ALTER TABLE `registrations` DROP COLUMN `LockCol`;
ALTER TABLE `revokedCertificates` ADD KEY `serial` (`serial`);
Loading
Loading