Created attachment 233212 [details]
patch to upgrade

his release is primarily intended to improve support for migrations
of pre-0.9.0 installations. The upgrade code has been separated
more cleanly into a step where the new 0.9.0 data structures are
prepared in a new directory first, and a second step where this new
data is made active and the old data is archived. Earlier versions
of krill were performing data migrations in-place.

If you simply upgrade krill and restart it, then it will automatically
execute both steps. If the preparation step should fail, then the
original data remains unchanged. You can then downgrade back to
your previous krill version. This is in itself is an improvement
over 0.9.4 and earlier, because for those versions you would have
to make a back-up of your data first, and restore it in order to
revert your upgrade.

Furthermore, we have now added a new command line tool called
'krillup', which can be installed and upgraded separately to krill
itself. This new tool can be used to execute the krill migration
preparation step only. Meaning, you can install this tool on your
server and do all the preparations, and only then upgrade krill.

This has the following advantages:

- The downtime for data migrations is reduced for servers with lots of data
- If the preparation fails, there is no need to revert a krill update

In addition to this we have also made some changes to the CA parent
refresh logic. Krill CAs were checking their entitlements with their
parents every 10 minutes, and this causes too much load on parent
CAs with many children. There should be no need to check this often.
CAs will now check every 24 to 36 hours, using a random spread.
This will decrease the load on parent CAs significantly.

Note that you can always force a 'parent refresh' sooner through
the UI or command line (krillc bulk refresh). You may want to use
this if your parent informs you through other channels that your
resources have changed - e.g. you were allocated a new prefix.

Secondly, because the next synchronisation time is now difficult
to predict in the code that reports the parent status - it is now
no longer shown in the UI/API. We may add this back in a future
release. See issue #807.

You can read more about this upgrade process
[here](https://krill.docs.nlnetlabs.nl/en/latest/upgrade.html).

In addition to this we added a few other quick fixes in this release:

- Make RRDP session reset manual option #793
- Improve http connection error reporting #776
- Fix deserialization bug for CAs with children #774
- Connect to local parent directly #791
- Do not sign/validate RFC6492 messages to/from local parent #797
- Use per CA locking for CA statuses #795
- Decrease CA update frequency and use jitter to spread load #802
- Accept missing tag in RFC8181 #809
- Improve efficiency of connection status tracking #811
- Do not resync CAs with repo on startup if there are too many #818

The full list of changes can be found [here](https://github.com/NLnetLabs/krill/releases/tag/v0.9.5)