Hi,
HAProxy 3.2-dev14 was released on 2025/05/02. It added 23 new commits
after version 3.2-dev13.
This version resolves a serious regression that affected the scheduler in
-dev13 and that would basically make any process crash seconds to minutes
after startup!
By this time, a few extra things were completed:
- acme: a basic scheduler is now automatically enabled when at least
one acme section was configured. It will periodically check all the
certs monitored by acme and trigger a renew if the cert is in its
last 1/12 of validity period, or 7 days if "notBefore" is not set.
The check will be run every 12 hours, which should be sufficient to
retain certs operational.
- stick-tables/peers: the huge locking cost that results from a
stick-table to be subscribed to a peers section is now addressed for a
great part. Instead of each thread trying to lock for a tree update,
now threads are pushing updates to lists that a single- threaded task
consumes to feed the tree. This way the contention on this lock was
eliminated and the performance under 128 threads with heavy updates
roughly increased from 500k-1M updates/s to 5-8M updates/s. After
this, the watchdog detected other contended areas in the peers code
and in the stick-table expiration code. These were addressed by
allowing to work in smaller batches. At the moment we cannot even
trigger a warning anymore, but we're well aware that this whole
architecture has lived its time and would deserve being rewritten
for a great part. Regardless, the limits we're seeing are well
beyond the needs of the vast majority of users!
- Lua: warn if "tune.lua.bool-sample-conversion" is set after a "lua-load"
(and ignore it) since it would otherwise be inconsistent (e.g. used as
false during init code then true later, makes no sense).
Thus please use this version, ignore the failed dev13, and have a nice
week-end. Thanks!
Please find the usual URLs below :
Site index : https://www.haproxy.org/
Documentation : https://docs.haproxy.org/
Wiki : https://github.com/haproxy/wiki/wiki
Discourse : https://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Sources : https://www.haproxy.org/download/3.2/src/
Git repository : https://git.haproxy.org/git/haproxy.git/
Git Web browsing : https://git.haproxy.org/?p=haproxy.git
Changelog : https://www.haproxy.org/download/3.2/src/CHANGELOG
Dataplane API :
https://github.com/haproxytech/dataplaneapi/releases/latest
Pending bugs : https://www.haproxy.org/l/pending-bugs
Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs
Code reports : https://www.haproxy.org/l/code-reports
Latest builds : https://www.haproxy.org/l/dev-packages
Willy
---
Complete changelog :
Aurelien DARRAGON (1):
MINOR: hlua: ignore "tune.lua.bool-sample-conversion" if set after
"lua-load"
Olivier Houchard (5):
BUG/MEDIUM: quic: Let it be known if the tasklet has been released.
MEDIUM: peers: Give up if we fail to take locks in hot path
MEDIUM: stick-tables: defer adding updates to a tasklet
MEDIUM: stick-tables: Limit the number of old entries we remove
MEDIUM: stick-tables: Limit the number of entries we expire
Valentine Krasnobaeva (1):
MINOR: cfgparse-global: add explicit error messages in
cfg_parse_global_env_opts
William Lallemand (14):
MINOR: acme: retry label always do a request
MINOR: acme: does not leave task for next request
BUG/MINOR: acme: reinit the retries only at next request
MINOR: acme: change the default max retries to 5
MINOR: acme: allow a delay after a valid response
MINOR: acme: wait 5s before checking the challenges results
MINOR: acme: emit a log when starting
MINOR: acme: delay of 5s after the finalize
DOC: acme: external account binding is not supported
MINOR: ssl: add function to extract X509 notBefore date in time_t
BUILD: acme: need HAVE_ASN1_TIME_TO_TM
MINOR: acme: move the acme task init in a dedicated function
MEDIUM: acme: add a basic scheduler
MINOR: acme: emit a log when the scheduler can't start the task
Willy Tarreau (2):
BUG/MAJOR: tasks: fix task accounting when killed
CLEANUP: tasks: use the local state, not t->state, to check for tasklets
---
