Hi Vincent, On Fri, May 19, 2017 at 07:38:20AM +0200, Vincent Bernat wrote: > ? 19 mai 2017 07:04 +0200, Willy Tarreau <[email protected]> : > > >> I saw many similar issues posted earlier by others, but could not > >> find a thread where this is resolved or fixed in a newer release. We > >> are using Ubuntu 16.04 with distro HAProxy (1.6.3), and see that > >> HAProxy spins at 100% with 1-10 TCP connections, sometimes just 1 - a > >> stale connection that does not seem to belong to any frontend > >> session. Strace with -T shows the folllowing: > > > > In fact a few bugs have caused this situation and all known ones were > > fixed, which doesn't mean there is none left of course. However your > > version is totally outdated and contains tons of known bugs which were > > later fixed (196 total, 22 major, 78 medium, 96 minor) : > > > > http://www.haproxy.org/bugs/bugs-1.6.3.html > > Those pages are quite useful!
I made them to help everyone know when they're using a bogus version and to encourage any user to upgrade (including by using your packages for those on debian/ubuntu). > That's the version in Ubuntu Xenial. It is possible to add some patches > and push a new release. However, we have to select the patches (all the > MAJOR ones?) and create this hybrid version. It could be useful for > people not allowed to use third party packages (like the ones on > haproxy.debian.net) or for those that just don't know they exist. While > I think this would be useful for many, the gap is so wide that it even > seems risky. If we are able to identify a couple of patches, I can walk > the process of pushing them. The problem is that it's what was being attempted during the days of 1.3, resulting in still highly bogus versions being deployed in field and users being very confident in them because they were recently updated. These days, every patch going into a stable release MUST be applied. What is considered major for some has no impact for others and what is minor for some is business critical for others. In all cases it ends up with reports here on the list. In fact if I were a bit itchy, I would suggest that another update to the package shipped by default would systematically cause haproxy to emit a warning on startup saying "this version is outdated and cannot be upgraded for internal backport policy reasons, please check haproxy.debian.net for well-maintained, up-to-date packages"). At the very least we could point the "updates" link on the stats page to haproxy.debian.net. > This version is in Ubuntu because this was the version in Debian > unstable a few months before the freeze. It's always a bit random as we > (in Debian) don't really care about that when choosing the version we > push in unstable (we care about our own release). I see. This is also what helps us push for better versions in future releases :-) > FYI, we are likely to release 1.7.5 (with USE_GETADDRINFO=1 enabled) in > our next release (to happen in July I hope). Do you think there's an opportunity to get 1.7.6 if I release it next week ? It provides -fwrapv which will likely avoid certain bugs with more recent compilers, and there's a fix for a segfault in Lua. Cheers, Willy
