diff --git a/ydb/core/mind/node_broker.cpp b/ydb/core/mind/node_broker.cpp index feb19c94e374..128c32152ce1 100644 --- a/ydb/core/mind/node_broker.cpp +++ b/ydb/core/mind/node_broker.cpp @@ -200,7 +200,7 @@ void TNodeBroker::AddNode(const TNodeInfo &info) FreeIds.Reset(info.NodeId); if (info.SlotIndex.has_value()) { SlotIndexesPools[info.ServicedSubDomain].Acquire(info.SlotIndex.value()); - } + } if (info.Expire > Epoch.Start) { LOG_DEBUG_S(TActorContext::AsActorContext(), NKikimrServices::NODE_BROKER, @@ -565,7 +565,8 @@ void TNodeBroker::DbAddNode(const TNodeInfo &node, << " lease=" << node.Lease << " expire=" << node.ExpirationString() << " servicedsubdomain=" << node.ServicedSubDomain - << " slotindex= " << node.SlotIndex); + << " slotindex=" << node.SlotIndex + << " authorizedbycertificate=" << (node.AuthorizedByCertificate ? "true" : "false")); NIceDb::TNiceDb db(txc.DB); using T = Schema::Nodes; @@ -577,7 +578,8 @@ void TNodeBroker::DbAddNode(const TNodeInfo &node, .Update(node.Lease) .Update(node.Expire.GetValue()) .Update(node.Location.GetSerializedLocation()) - .Update(node.ServicedSubDomain); + .Update(node.ServicedSubDomain) + .Update(node.AuthorizedByCertificate); if (node.SlotIndex.has_value()) { db.Table().Key(node.NodeId) @@ -730,7 +732,8 @@ bool TNodeBroker::DbLoadState(TTransactionContext &txc, info.ServicedSubDomain = TSubDomainKey(nodesRowset.GetValueOrDefault()); if (nodesRowset.HaveValue()) { info.SlotIndex = nodesRowset.GetValue(); - } + } + info.AuthorizedByCertificate = nodesRowset.GetValue(); AddNode(info); LOG_DEBUG_S(ctx, NKikimrServices::NODE_BROKER, @@ -844,9 +847,21 @@ void TNodeBroker::DbUpdateNodeLocation(const TNodeInfo &node, db.Table().Key(node.NodeId).Update(node.Location.GetSerializedLocation()); } +void TNodeBroker::DbUpdateNodeAuthorizedByCertificate(const TNodeInfo &node, + TTransactionContext &txc) +{ + LOG_DEBUG_S(TActorContext::AsActorContext(), NKikimrServices::NODE_BROKER, + "Update node " << node.IdString() << " authorizedbycertificate in database" + << " authorizedbycertificate=" << (node.AuthorizedByCertificate ? "true" : "false")); + + NIceDb::TNiceDb db(txc.DB); + using T = Schema::Nodes; + db.Table().Key(node.NodeId).Update(node.AuthorizedByCertificate); +} + void TNodeBroker::Handle(TEvConsole::TEvConfigNotificationRequest::TPtr &ev, const TActorContext &ctx) -{ +{ const auto& appConfig = ev->Get()->Record.GetConfig(); if (appConfig.HasFeatureFlags()) { EnableStableNodeNames = appConfig.GetFeatureFlags().GetEnableStableNodeNames(); diff --git a/ydb/core/mind/node_broker__register_node.cpp b/ydb/core/mind/node_broker__register_node.cpp index e10237f4e614..09c67eaf01f0 100644 --- a/ydb/core/mind/node_broker__register_node.cpp +++ b/ydb/core/mind/node_broker__register_node.cpp @@ -100,8 +100,11 @@ class TNodeBroker::TTxRegisterNode : public TTransactionBase { Self->DbUpdateNodeLease(node, txc); ExtendLease = true; } - node.AuthorizedByCertificate = rec.GetAuthorizedByCertificate(); - + if (node.AuthorizedByCertificate != rec.GetAuthorizedByCertificate()) { + node.AuthorizedByCertificate = rec.GetAuthorizedByCertificate(); + Self->DbUpdateNodeAuthorizedByCertificate(node, txc); + } + if (Self->EnableStableNodeNames) { if (ServicedSubDomain != node.ServicedSubDomain) { if (node.SlotIndex.has_value()) { @@ -110,12 +113,12 @@ class TNodeBroker::TTxRegisterNode : public TTransactionBase { node.ServicedSubDomain = ServicedSubDomain; node.SlotIndex = Self->SlotIndexesPools[node.ServicedSubDomain].AcquireLowestFreeIndex(); Self->DbAddNode(node, txc); - } else if (!node.SlotIndex.has_value()) { + } else if (!node.SlotIndex.has_value()) { node.SlotIndex = Self->SlotIndexesPools[node.ServicedSubDomain].AcquireLowestFreeIndex(); Self->DbAddNode(node, txc); } } - + Response->Record.MutableStatus()->SetCode(TStatus::OK); Self->FillNodeInfo(node, *Response->Record.MutableNode()); diff --git a/ydb/core/mind/node_broker__scheme.h b/ydb/core/mind/node_broker__scheme.h index ab988f97ae19..d18f8a913712 100644 --- a/ydb/core/mind/node_broker__scheme.h +++ b/ydb/core/mind/node_broker__scheme.h @@ -25,6 +25,7 @@ struct Schema : NIceDb::Schema { struct Location : Column<12, NScheme::NTypeIds::String> {}; struct ServicedSubDomain : Column<13, NScheme::NTypeIds::String> { using Type = NKikimrSubDomains::TDomainKey; }; struct SlotIndex : Column<14, NScheme::NTypeIds::Uint32> {}; + struct AuthorizedByCertificate : Column<15, NScheme::NTypeIds::Bool> {}; using TKey = TableKey; using TColumns = TableColumns< @@ -37,7 +38,8 @@ struct Schema : NIceDb::Schema { Expire, Location, ServicedSubDomain, - SlotIndex + SlotIndex, + AuthorizedByCertificate >; }; diff --git a/ydb/core/mind/node_broker_impl.h b/ydb/core/mind/node_broker_impl.h index 6e522e8b8792..8f60cb0ad859 100644 --- a/ydb/core/mind/node_broker_impl.h +++ b/ydb/core/mind/node_broker_impl.h @@ -288,6 +288,8 @@ class TNodeBroker : public TActor TTransactionContext &txc); void DbUpdateNodeLocation(const TNodeInfo &node, TTransactionContext &txc); + void DbUpdateNodeAuthorizedByCertificate(const TNodeInfo &node, + TTransactionContext &txc); void Handle(TEvConsole::TEvConfigNotificationRequest::TPtr &ev, const TActorContext &ctx);