diff --git a/Cargo.lock b/Cargo.lock index 137b0e7358587..c33ce6fb5111f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -5859,8 +5859,9 @@ checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" [[package]] name = "openssl-src" -version = "300.1.3+3.1.2" -source = "git+https://github.com/alexcrichton/openssl-src-rs#26dc3c81d8ebee5f7ec40835e29bf9f37e648ab2" +version = "300.1.5+3.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "559068e4c12950d7dcaa1857a61725c0d38d4fc03ff8e070ab31a75d6e316491" dependencies = [ "cc", ] diff --git a/Cargo.toml b/Cargo.toml index dba2b86f724b2..b4475d963b6e3 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -385,8 +385,6 @@ nix = { git = "https://github.com/vectordotdev/nix.git", branch = "memfd/gnu/mus # The `heim` crates depend on `ntapi` 0.3.7 on Windows, but that version has an # unaligned access bug fixed in the following revision. ntapi = { git = "https://github.com/MSxDOS/ntapi.git", rev = "24fc1e47677fc9f6e38e5f154e6011dc9b270da6" } -# 300.1.3+3.1.2 + a commit that re-adds force-engine flag. Can be removed after next release of openssl-src. -openssl-src = { git = "https://github.com/alexcrichton/openssl-src-rs", ref = "26dc3c81d8ebee5f7ec40835e29bf9f37e648ab2" } [features] # Default features for *-unknown-linux-gnu and *-apple-darwin diff --git a/docs/DEPRECATIONS.md b/docs/DEPRECATIONS.md index 26cbf79cf4036..10e4e15dc554a 100644 --- a/docs/DEPRECATIONS.md +++ b/docs/DEPRECATIONS.md @@ -4,6 +4,6 @@ See [DEPRECATION.md](docs/DEPRECATION.md#process) for the process for updating t ## To be migrated -* legacy_openssl_provider v0.33.0 OpenSSL legacy provider flag should default to false - ## To be removed + +* legacy_openssl_provider v0.34.0 OpenSSL legacy provider flag should be removed diff --git a/src/cli.rs b/src/cli.rs index 2aeb05975fbc5..ff7f35a3116c7 100644 --- a/src/cli.rs +++ b/src/cli.rs @@ -202,8 +202,8 @@ pub struct RootOpts { #[arg( long, env = "VECTOR_OPENSSL_LEGACY_PROVIDER", - default_value = "true", - default_missing_value = "true", + default_value = "false", + default_missing_value = "false", num_args = 0..=1, require_equals = true, action = ArgAction::Set diff --git a/website/content/en/highlights/2023-09-06-0-33-0-upgrade-guide.md b/website/content/en/highlights/2023-09-06-0-33-0-upgrade-guide.md deleted file mode 100644 index e1b7009209440..0000000000000 --- a/website/content/en/highlights/2023-09-06-0-33-0-upgrade-guide.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -date: "2023-09-06" -title: "0.33 Upgrade Guide" -description: "An upgrade guide that addresses breaking changes in 0.33.0" -authors: ["pront"] -release: "0.33.0" -hide_on_release_notes: false -badges: - type: breaking change ---- - -Vector's 0.33.0 release includes **deprecations**: - -1. [Default config location change](#default-config-location-change) - -We cover them below to help you upgrade quickly: - -## Upgrade guide - -### Deprecations - -#### Default config location change {#default-config-location-change} - -The default config location `/etc/vector/vector.toml` which is used by Vector `0.32.0` is now deprecated. This location will still be used in `0.33.0`. The new default path is `/etc/vector/vector.yaml`, please migrate to this new default path or specify the config path explicitly. - -Vector `0.33.0` will attempt to load `/etc/vector/vector.toml` first, and if it is not present, it will fallback to `/etc/vector/vector.yaml`. However, Vector release `0.34.0` will automatically load `/etc/vector/vector.yaml` only. diff --git a/website/content/en/highlights/2023-09-26-0-33-0-upgrade-guide.md b/website/content/en/highlights/2023-09-26-0-33-0-upgrade-guide.md index 2611d7a6f2f98..1de314122f012 100644 --- a/website/content/en/highlights/2023-09-26-0-33-0-upgrade-guide.md +++ b/website/content/en/highlights/2023-09-26-0-33-0-upgrade-guide.md @@ -2,7 +2,7 @@ date: "2023-09-26" title: "0.33 Upgrade Guide" description: "An upgrade guide that addresses breaking changes in 0.33.0" -authors: ["spencergilbert", "neuronull"] +authors: ["spencergilbert", "neuronull", "pront", "dsmith3197"] release: "0.33.0" hide_on_release_notes: false badges: @@ -12,12 +12,18 @@ badges: Vector's 0.33.0 release includes **breaking changes**: 1. [Behavior of the `datadog_logs` sink's `endpoint` setting](#datadog-logs-endpoint) +1. [Disable OpenSSL legacy provider by default](#openssl-legacy-provider) -Vector's 0.33.0 release includes **deprecations**: +and **deprecations**: +1. [Default config location change](#default-config-location-change) 1. [Renaming the `armv7` rpm package](#armv7-rename) 2. [Metadata field in the Vector protobuf definition](#vector-proto-metadata) +and **potentially impactful changes**: + +1. [Async runtime default number of worker threads](#runtime-worker-threads) + We cover them below to help you upgrade quickly: ## Upgrade guide @@ -35,9 +41,23 @@ with the other Datadog sinks, which use the `endpoint` as a base URL that the AP With this release, the `datadog_logs` sink's behavior is now consistent with the other Datadog sinks for the `endpoint` setting. +#### Disable OpenSSL legacy provider by default {#openssl-legacy-provider} + +Vector upgraded the version of OpenSSL that it statically compiles in to v3.1.x in the 0.32.0 release. +Following our deprecation policy, v0.33.0 now disables the legacy OpenSSL provider by default. It can be +enabled via an [OpenSSL configuration file](https://www.openssl.org/docs/man3.1/man5/config.html). The file +location defaults to `/usr/local/ssl/openssl.cnf` or can be specified with the `OPENSSL_CONF` environment variable. + ### Deprecations +#### Default config location change {#default-config-location-change} + +The default config location `/etc/vector/vector.toml` which is used by Vector `0.32.0` is now deprecated. This location will still be used in `0.33.0`. The new default path is `/etc/vector/vector.yaml`, please migrate to this new default path or specify the config path explicitly. + +Vector `0.33.0` will attempt to load `/etc/vector/vector.toml` first, and if it is not present, it will fallback to `/etc/vector/vector.yaml`. However, Vector release `0.34.0` will automatically load `/etc/vector/vector.yaml` only. + + #### Renaming the `armv7` rpm package {#armv7-rename} The `armv7` rpm package, `vector--1.armv7.rpm`, is now published as diff --git a/website/cue/reference/cli.cue b/website/cue/reference/cli.cue index c8b37f629fff0..df5f1d8c8b98a 100644 --- a/website/cue/reference/cli.cue +++ b/website/cue/reference/cli.cue @@ -634,7 +634,7 @@ cli: { } VECTOR_OPENSSL_LEGACY_PROVIDER: { description: "Load the OpenSSL legacy provider." - type: bool: default: true + type: bool: default: false } VECTOR_OPENSSL_NO_PROBE: { description: """ diff --git a/website/cue/reference/components/sinks.cue b/website/cue/reference/components/sinks.cue index 2b313dd14a2e4..32bcd0821e670 100644 --- a/website/cue/reference/components/sinks.cue +++ b/website/cue/reference/components/sinks.cue @@ -644,7 +644,9 @@ components: sinks: [Name=string]: { title: "Transport Layer Security (TLS)" body: """ Vector uses [OpenSSL](\(urls.openssl)) for TLS protocols due to OpenSSL's maturity. You can - enable and adjust TLS behavior using the [`tls.*`](#tls) options. + enable and adjust TLS behavior via the [`tls.*`](#tls) options and/or via an + [OpenSSL configuration file](\(urls.openssl_conf)). The file location defaults to + `/usr/local/ssl/openssl.cnf` or can be specified with the `OPENSSL_CONF` environment variable. """ } } diff --git a/website/cue/reference/components/sources.cue b/website/cue/reference/components/sources.cue index 87053f76a4d3d..976b79c46a72a 100644 --- a/website/cue/reference/components/sources.cue +++ b/website/cue/reference/components/sources.cue @@ -356,9 +356,11 @@ components: sources: [Name=string]: { _tls: { title: "Transport Layer Security (TLS)" body: """ - Vector uses [OpenSSL](\(urls.openssl)) for TLS protocols. You can - adjust TLS behavior via the `tls.*` options. - """ + Vector uses [OpenSSL](\(urls.openssl)) for TLS protocols due to OpenSSL's maturity. You can + enable and adjust TLS behavior via the `tls.*` options and/or via an + [OpenSSL configuration file](\(urls.openssl_conf)). The file location defaults to + `/usr/local/ssl/openssl.cnf` or can be specified with the `OPENSSL_CONF` environment variable. + """ } if features.collect != _|_ { diff --git a/website/cue/reference/components/sources/opentelemetry.cue b/website/cue/reference/components/sources/opentelemetry.cue index 7a9e3b9511b4f..d86d43faf5ad2 100644 --- a/website/cue/reference/components/sources/opentelemetry.cue +++ b/website/cue/reference/components/sources/opentelemetry.cue @@ -198,9 +198,11 @@ components: sources: opentelemetry: { tls: { title: "Transport Layer Security (TLS)" body: """ - Vector uses [OpenSSL](\(urls.openssl)) for TLS protocols. You can - adjust TLS behavior via the `grpc.tls.*` and `http.tls.*` options. - """ + Vector uses [OpenSSL](\(urls.openssl)) for TLS protocols due to OpenSSL's maturity. You can + enable and adjust TLS behavior via the `grpc.tls.*` and `http.tls.*` options and/or via an + [OpenSSL configuration file](\(urls.openssl_conf)). The file location defaults to + `/usr/local/ssl/openssl.cnf` or can be specified with the `OPENSSL_CONF` environment variable. + """ } } } diff --git a/website/cue/reference/urls.cue b/website/cue/reference/urls.cue index 6528af723cfd3..485352e891fd5 100644 --- a/website/cue/reference/urls.cue +++ b/website/cue/reference/urls.cue @@ -383,6 +383,7 @@ urls: { nixos: "https://nixos.org/" nixpkgs_9682: "\(github)/NixOS/nixpkgs/issues/9682" openssl: "https://www.openssl.org/" + openssl_conf: "https://www.openssl.org/docs/man3.1/man5/config.html" opentelemetry: "https://opentelemetry.io" opentelemetry_protocol: "\(opentelemetry)/docs/reference/specification/protocol/otlp/" order_of_ops: "\(wikipedia)/wiki/Order_of_operations"