Hi,
HAProxy 3.0-dev7 was released on 2024/04/06. It added 73 new commits
after version 3.0-dev6.
Among the changes that stand out in this version, here's what I'm seeing:
- improvements to the CLI internal API so that the various keyword
handlers now have their own buffers. This might possibly uncover
a few long-lasting bugs but over time will improve the reliability
and avoid the occasional bugs with connections never closing or
spinning loops.
- we no longer depend on libsystemd. Not only this will avoid pulling
in tons of questionable dependencies, this also allows to enable
USE_SYSTEMD by default (it's only done on linux-glibc though), thus
reducing config combinations.
- log load-balancing internals were simplified. The very first version
(never merged) didn't rely on backends, thus used to implement its
own servers and load-balancing. It was finally remapped to backends
and real servers, but the LB algorithms had remained specific, with
some exceptions at various places in the setup code to handle them.
Now the backends have switched to regular LB algorithms, which not
only helps for code maintenance, but also exposes all table-based
algorithms to the log backends with support for weights, and also
exposed the "sticky" algorithm to TCP and HTTP backends. It's one of
these changes which remove code while adding features :-)
- Linux capabilities are now properly checked so that haproxy won't
complain about permissions for example when used in transparent mode,
if capabilities are sufficient. In addition, file-system capabilities
set on the binary are also supported now.
- stick-tables are now sharded over multiple tree heads each with their
own locks. This significantly reduces locking contention on systems
with many threads (gains of ~6x measured on a 80-thread systems). In
addition, the locking could be reduced even with low thread counts,
particulary when using peers, where the performance could be doubled.
- cookies are now permitted for dynamically added servers. The only
reason they were not previously was that it required to audit the
whole cookie initialization/release code to figure whether it had
corner cases or not. With that audit now done, the cookies could
be allowed. In addition, dynamic cookies were supported a bit by
accident with a small defect (one had to set the address again to
index the server), and are now properly supported.
- the "enabled" keyword used to be silently ignored when adding a
dynamic server. Now it's properly rejected to avoid confusing
scripts. We don't know yet if it will be supported later or not,
so better stay safe.
- the key used by consistent hash to map to a server used to always
be the server's id (either explicit or implicit, position-based).
Now the "hash-key" directive will also allow to use the server's
address or address+port for this. The benefit is that multiple LBs
with servers in a different order will still send the same hashes
to the same servers.
- a new "guid" keyword was added for servers, listeners and proxies.
The purpose will be to make it possible for external APIs to assign
a globally unique object identifier to each of them in stats dumps
or CLI accesses, and to later reliably recognize a server upon
reloads. For now the identifier is not exploited.
- QUIC now supports the HyStart++ (RFC9406) alternative to slowstart
with the Cubic algorithm. It's supposed to show better recovery
patterns. More testing is needed before enabling it by default.
- a few bug fixes (truncated responses when splicing, QUIC crashes
on strict-alignment platforms, redispatch 0 didn't work, more OCSP
update fixes, proper reporting of too big CLI payload, etc).
- some build fixes, code cleanups, CI updates, doc updates, and
cleanups of regtests.
I think that's all. It's currently up and running on haproxy.org. I'd
suspect that with the many stable updates yesterday, we may see less
test reports on 3.0-dev7, but please don't forget to test it if you
can, that helps a lot ;-)
Please find the usual URLs below :
Site index : https://www.haproxy.org/
Documentation : https://docs.haproxy.org/
Wiki : https://github.com/haproxy/wiki/wiki
Discourse : https://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Sources : https://www.haproxy.org/download/3.0/src/
Git repository : https://git.haproxy.org/git/haproxy.git/
Git Web browsing : https://git.haproxy.org/?p=haproxy.git
Changelog : https://www.haproxy.org/download/3.0/src/CHANGELOG
Dataplane API :
https://github.com/haproxytech/dataplaneapi/releases/latest
Pending bugs : https://www.haproxy.org/l/pending-bugs
Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs
Code reports : https://www.haproxy.org/l/code-reports
Latest builds : https://www.haproxy.org/l/dev-packages
Willy
---
Complete changelog :
Amaury Denoyelle (8):
BUG/MINOR: server: reject enabled for dynamic server
MINOR: server: allow cookie for dynamic servers
BUG/BUILD: debug: fix unused variable error
MINOR: guid: introduce global UID module
MINOR: guid: restrict guid format
MINOR: proxy: implement GUID support
MINOR: server: implement GUID support
MINOR: listener: implement GUID support
Anthony Deschamps (1):
MEDIUM: lb-chash: Deterministic node hashes based on server address
Aurelien DARRAGON (14):
DOC: config: balance 'first' not usable in LOG mode
BUG/MINOR: log/balance: detect if user tries to use unsupported algo
MINOR: lbprm: implement true "sticky" balance algo
MEDIUM: log/balance: leverage lbprm api for log load-balancing
BUG/MEDIUM: server/lbprm: fix crash in _srv_set_inetaddr_port()
BUG/MINOR: proxy: fix logformat expression leak in use_backend rules
MEDIUM: log: rename logformat var to logformat tag
MINOR: log: expose logformat_tag struct
MEDIUM: log: carry tag context in logformat node
MEDIUM: tree-wide: add logformat expressions wrapper
MINOR: proxy: add PR_FL_CHECKED flag
MAJOR: log: implement proper postparsing for logformat expressions
MEDIUM: log: add compiling logic to logformat expressions
MEDIUM: proxy/log: leverage lf_expr API for logformat preparsing
Christopher Faulet (14):
REGTESTS: Fix script about OCSP update compatibility tests
BUG/MINOR: cli: Report an error to user if command or payload is too big
MINOR: sc_strm: Add generic version to perform sync receives and sends
MEDIUM: stream: Use generic version to perform sync receives and sends
MEDIUM: buf: Add b_getline() and b_getdelim() functions
MEDIUM: applet: Handle applets with their own buffers in put functions
MEDIUM: cli/applet: Stop to test opposite SC in I/O handler of CLI
commands
MINOR: applet: Always use applet API to set appctx flags
BUG/MEDIUM: applet: State appctx have more data if its EOI/EOS/ERROR flag
is set
MAJOR: cli: Update the CLI applet to handle its own buffers
MINOR: applet: Let's applets .snd_buf function deal with full input
buffers
MINOR: stconn: Add a connection flag to notify sending data are the last
ones
MAJOR: cli: Use a custom .snd_buf function to only copy the current
command
BUG/MEDIUM: stconn: Don't forward shutdown to SE if iobuf is not empty
Damien Claisse (1):
BUG/MINOR: server: fix persistence cookie for dynamic servers
Frederic Lecaille (3):
MINOR: quic: HyStart++ implementation (RFC 9406)
BUILD: quic: 32 bits compilation issue (QUIC_MIN() usage)
BUG/MINOR: stick-tables: Missing stick-table key nullity check
Ilya Shipitsin (2):
CI: vtest: show coredumps if any
CI: extend Fedora Rawhide, add m32 mode
Nicolas CARPi (1):
DOC: configuration: grammar fixes for strict-sni
Remi Tricot-Le Breton (5):
BUG/MINOR: ssl: Wrong ocsp-update "incompatibility" error message
BUG/MINOR: ssl: Detect more 'ocsp-update' incompatibilities
MEDIUM: ssl: Add 'tune.ssl.ocsp-update.mode' global option
REGTESTS: ssl: Add OCSP update compatibility tests
REGTESTS: ssl: Add functional test for global ocsp-update option
Tim Duesterhus (7):
REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+ (4)
REGTESTS: Remove REQUIRE_VERSION=1.9 from all tests (2)
CLEANUP: Reapply ist.cocci (3)
CLEANUP: Reapply strcmp.cocci (2)
CLEANUP: Reapply xalloc_cast.cocci
CLEANUP: Reapply ha_free.cocci
MINOR: systemd: Include MONOTONIC_USEC field in RELOADING=1 message
Valentine Krasnobaeva (3):
BUG/MINOR: init: relax LSTCHK_NETADM checks for non root
MEDIUM: capabilities: check process capabilities sets
CLEANUP: global: remove LSTCHK_CAP_BIND
William Lallemand (3):
REGTESTS: ssl: disable ssl/ocsp_auto_update.vtc
MEDIUM: mworker: get rid of libsystemd
BUILD: systemd: enable USE_SYSTEMD by default with TARGET=linux-glibc
Willy Tarreau (11):
BUG/MEDIUM: stick-tables: fix a small remaining race in expiration task
BUG/MINOR: backend: properly handle redispatch 0
BUG/MEDIUM: stick-table: use the update lock when reading tables from
peers
BUG/MAJOR: applet: fix a MIN vs MAX usage in appctx_raw_rcv_buf()
OPTIM: peers: avoid the locking dance around
peer_send_teach_process_msgs()
BUILD: systemd: fix build error on non-systemd systems with USE_SYSTEMD=1
BUG/MINOR: bwlim/config: fix missing '\n' after error messages
MINOR: stick-tables: mark the seen stksess with a flag "seen"
OPTIM: stick-tables: check the stksess without taking the read lock
MAJOR: stktable: split the keys across multiple shards to reduce
contention
BUG/MEDIUM: quic: don't blindly rely on unaligned accesses
---
