сб, 6 апр. 2024 г. в 17:53, Willy Tarreau <w...@1wt.eu>: > Hi, > > HAProxy 3.0-dev7 was released on 2024/04/06. It added 73 new commits > after version 3.0-dev6. > > Among the changes that stand out in this version, here's what I'm seeing: > > - improvements to the CLI internal API so that the various keyword > handlers now have their own buffers. This might possibly uncover > a few long-lasting bugs but over time will improve the reliability > and avoid the occasional bugs with connections never closing or > spinning loops. > > - we no longer depend on libsystemd. Not only this will avoid pulling > in tons of questionable dependencies, this also allows to enable > USE_SYSTEMD by default (it's only done on linux-glibc though), thus > reducing config combinations. > > - log load-balancing internals were simplified. The very first version > (never merged) didn't rely on backends, thus used to implement its > own servers and load-balancing. It was finally remapped to backends > and real servers, but the LB algorithms had remained specific, with > some exceptions at various places in the setup code to handle them. > Now the backends have switched to regular LB algorithms, which not > only helps for code maintenance, but also exposes all table-based > algorithms to the log backends with support for weights, and also > exposed the "sticky" algorithm to TCP and HTTP backends. It's one of > these changes which remove code while adding features :-) > > - Linux capabilities are now properly checked so that haproxy won't > complain about permissions for example when used in transparent mode, > if capabilities are sufficient. In addition, file-system capabilities > set on the binary are also supported now. > > - stick-tables are now sharded over multiple tree heads each with their > own locks. This significantly reduces locking contention on systems > with many threads (gains of ~6x measured on a 80-thread systems). In > addition, the locking could be reduced even with low thread counts, > particulary when using peers, where the performance could be doubled. > > - cookies are now permitted for dynamically added servers. The only > reason they were not previously was that it required to audit the > whole cookie initialization/release code to figure whether it had > corner cases or not. With that audit now done, the cookies could > be allowed. In addition, dynamic cookies were supported a bit by > accident with a small defect (one had to set the address again to > index the server), and are now properly supported. > > - the "enabled" keyword used to be silently ignored when adding a > dynamic server. Now it's properly rejected to avoid confusing > scripts. We don't know yet if it will be supported later or not, > so better stay safe. > > - the key used by consistent hash to map to a server used to always > be the server's id (either explicit or implicit, position-based). > Now the "hash-key" directive will also allow to use the server's > address or address+port for this. The benefit is that multiple LBs > with servers in a different order will still send the same hashes > to the same servers. > > - a new "guid" keyword was added for servers, listeners and proxies. > The purpose will be to make it possible for external APIs to assign > a globally unique object identifier to each of them in stats dumps > or CLI accesses, and to later reliably recognize a server upon > reloads. For now the identifier is not exploited. >
I have a question about the UUID version. it is not specified. Is it UUID version 6 ? > > - QUIC now supports the HyStart++ (RFC9406) alternative to slowstart > with the Cubic algorithm. It's supposed to show better recovery > patterns. More testing is needed before enabling it by default. > > - a few bug fixes (truncated responses when splicing, QUIC crashes > on strict-alignment platforms, redispatch 0 didn't work, more OCSP > update fixes, proper reporting of too big CLI payload, etc). > > - some build fixes, code cleanups, CI updates, doc updates, and > cleanups of regtests. > > I think that's all. It's currently up and running on haproxy.org. I'd > suspect that with the many stable updates yesterday, we may see less > test reports on 3.0-dev7, but please don't forget to test it if you > can, that helps a lot ;-) > > Please find the usual URLs below : > Site index : https://www.haproxy.org/ > Documentation : https://docs.haproxy.org/ > Wiki : https://github.com/haproxy/wiki/wiki > Discourse : https://discourse.haproxy.org/ > Slack channel : https://slack.haproxy.org/ > Issue tracker : https://github.com/haproxy/haproxy/issues > Sources : https://www.haproxy.org/download/3.0/src/ > Git repository : https://git.haproxy.org/git/haproxy.git/ > Git Web browsing : https://git.haproxy.org/?p=haproxy.git > Changelog : https://www.haproxy.org/download/3.0/src/CHANGELOG > Dataplane API : > https://github.com/haproxytech/dataplaneapi/releases/latest > Pending bugs : https://www.haproxy.org/l/pending-bugs > Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs > Code reports : https://www.haproxy.org/l/code-reports > Latest builds : https://www.haproxy.org/l/dev-packages > > Willy > --- > Complete changelog : > Amaury Denoyelle (8): > BUG/MINOR: server: reject enabled for dynamic server > MINOR: server: allow cookie for dynamic servers > BUG/BUILD: debug: fix unused variable error > MINOR: guid: introduce global UID module > MINOR: guid: restrict guid format > MINOR: proxy: implement GUID support > MINOR: server: implement GUID support > MINOR: listener: implement GUID support > > Anthony Deschamps (1): > MEDIUM: lb-chash: Deterministic node hashes based on server address > > Aurelien DARRAGON (14): > DOC: config: balance 'first' not usable in LOG mode > BUG/MINOR: log/balance: detect if user tries to use unsupported algo > MINOR: lbprm: implement true "sticky" balance algo > MEDIUM: log/balance: leverage lbprm api for log load-balancing > BUG/MEDIUM: server/lbprm: fix crash in _srv_set_inetaddr_port() > BUG/MINOR: proxy: fix logformat expression leak in use_backend rules > MEDIUM: log: rename logformat var to logformat tag > MINOR: log: expose logformat_tag struct > MEDIUM: log: carry tag context in logformat node > MEDIUM: tree-wide: add logformat expressions wrapper > MINOR: proxy: add PR_FL_CHECKED flag > MAJOR: log: implement proper postparsing for logformat expressions > MEDIUM: log: add compiling logic to logformat expressions > MEDIUM: proxy/log: leverage lf_expr API for logformat preparsing > > Christopher Faulet (14): > REGTESTS: Fix script about OCSP update compatibility tests > BUG/MINOR: cli: Report an error to user if command or payload is too > big > MINOR: sc_strm: Add generic version to perform sync receives and > sends > MEDIUM: stream: Use generic version to perform sync receives and > sends > MEDIUM: buf: Add b_getline() and b_getdelim() functions > MEDIUM: applet: Handle applets with their own buffers in put > functions > MEDIUM: cli/applet: Stop to test opposite SC in I/O handler of CLI > commands > MINOR: applet: Always use applet API to set appctx flags > BUG/MEDIUM: applet: State appctx have more data if its EOI/EOS/ERROR > flag is set > MAJOR: cli: Update the CLI applet to handle its own buffers > MINOR: applet: Let's applets .snd_buf function deal with full input > buffers > MINOR: stconn: Add a connection flag to notify sending data are the > last ones > MAJOR: cli: Use a custom .snd_buf function to only copy the current > command > BUG/MEDIUM: stconn: Don't forward shutdown to SE if iobuf is not > empty > > Damien Claisse (1): > BUG/MINOR: server: fix persistence cookie for dynamic servers > > Frederic Lecaille (3): > MINOR: quic: HyStart++ implementation (RFC 9406) > BUILD: quic: 32 bits compilation issue (QUIC_MIN() usage) > BUG/MINOR: stick-tables: Missing stick-table key nullity check > > Ilya Shipitsin (2): > CI: vtest: show coredumps if any > CI: extend Fedora Rawhide, add m32 mode > > Nicolas CARPi (1): > DOC: configuration: grammar fixes for strict-sni > > Remi Tricot-Le Breton (5): > BUG/MINOR: ssl: Wrong ocsp-update "incompatibility" error message > BUG/MINOR: ssl: Detect more 'ocsp-update' incompatibilities > MEDIUM: ssl: Add 'tune.ssl.ocsp-update.mode' global option > REGTESTS: ssl: Add OCSP update compatibility tests > REGTESTS: ssl: Add functional test for global ocsp-update option > > Tim Duesterhus (7): > REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+ (4) > REGTESTS: Remove REQUIRE_VERSION=1.9 from all tests (2) > CLEANUP: Reapply ist.cocci (3) > CLEANUP: Reapply strcmp.cocci (2) > CLEANUP: Reapply xalloc_cast.cocci > CLEANUP: Reapply ha_free.cocci > MINOR: systemd: Include MONOTONIC_USEC field in RELOADING=1 message > > Valentine Krasnobaeva (3): > BUG/MINOR: init: relax LSTCHK_NETADM checks for non root > MEDIUM: capabilities: check process capabilities sets > CLEANUP: global: remove LSTCHK_CAP_BIND > > William Lallemand (3): > REGTESTS: ssl: disable ssl/ocsp_auto_update.vtc > MEDIUM: mworker: get rid of libsystemd > BUILD: systemd: enable USE_SYSTEMD by default with TARGET=linux-glibc > > Willy Tarreau (11): > BUG/MEDIUM: stick-tables: fix a small remaining race in expiration > task > BUG/MINOR: backend: properly handle redispatch 0 > BUG/MEDIUM: stick-table: use the update lock when reading tables > from peers > BUG/MAJOR: applet: fix a MIN vs MAX usage in appctx_raw_rcv_buf() > OPTIM: peers: avoid the locking dance around > peer_send_teach_process_msgs() > BUILD: systemd: fix build error on non-systemd systems with > USE_SYSTEMD=1 > BUG/MINOR: bwlim/config: fix missing '\n' after error messages > MINOR: stick-tables: mark the seen stksess with a flag "seen" > OPTIM: stick-tables: check the stksess without taking the read lock > MAJOR: stktable: split the keys across multiple shards to reduce > contention > BUG/MEDIUM: quic: don't blindly rely on unaligned accesses > > --- > >