Hi, HAProxy 1.8.13 was released on 2018/07/30. It added 28 new commits after version 1.8.12.
Nothing critical this time, however we finally got rid of the annoying CLOSE_WAIT on H2 thanks to the continued help from Milan Petruzelka, Janusz Dziemidowicz and Olivier Doucet. Just for this it was worth emitting a release. During all these tests we also met a case where sending a POST to the stats applet over a slow link using H2 could sometimes result in haproxy busy waiting for data, causing 100% CPU being seen. It was fixed, along with another bug affecting applets like stats, possibly causing occasional CPU spikes. While developing on 1.9 we found a few interesting corner cases with threads, one of which causes performance to significantly drop when reaching a server maxconn *if* there are more threads than available CPUs. It turned out to be caused by the synchronization point not leaving enough CPU to sleeping threads to be scheduled and join. You should never ever use less threads than CPUs, but config errors definitely happen and we'd rather limit their impact. Speaking about config errors, another case existed where a "process" directive on a "bind" line could reference non-existing threads. If only non-existing threads were referenced, it didn't trigger an error and would silently start, but with nobody to accept the traffic. It easily happens when reducing the number of threads in a config. This was addressed similarly to the process case, where the threads are automatically remapped and a warning is emitted in this case. An issue was addressed with the proxy protocol header sent to servers. If a "http-request set-src" directive is used, it is possible to end up with a mix of IPv4 and IPv6, which cannot be transported by the protocol (since it makes no sense from a network perspective). Till now a server would only receive "PROXY UNKNOWN" and would not even be able to get the client's address. Tim Duesterhus addressed this by converting the IPv4 address to IPv6 if exactly one of the addresses is IPv6. It is the only way not to lose information Christopher addressed a rare issue which could trigger during soft reloads with threads enabled : if a thread quits at the exact moment a thread sync is requested, the remaining threads could wait for it forever. Vincent Bernat updated the systemd unit file so that when quitting, if the master reports 143 (SIGTERM+128) as the exit status due to the fact that it reports the last killed worker's status, systemd doesn't consider this as a failure. The remaining changes are pretty minor. Some H2 debugging code developed to fix the CLOSE_WAIT issues was backported in orther to simplify the retrieval of internal states when such issue shappen. A small update happened to the download directory, the sha256 of the tar.gz files are now present in addition to the (quite old) md5 ones. We may start to think about phasing md5 signatures out, for example after 1.9 is released. As usual, it's worth updating if you're on 1.8, especially if you're using H2 and/or threads. If you think you've found a bug that is not addressed in the changelog below, please update and try again before reporting it. There are so many possible side effects from H2 issues and thread issues that it is possible that your issue is a different manifestation of one of these. Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse : http://discourse.haproxy.org/ Sources : http://www.haproxy.org/download/1.8/src/ Git repository : http://git.haproxy.org/git/haproxy-1.8.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy-1.8.git Changelog : http://www.haproxy.org/download/1.8/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ Willy --- Complete changelog : Christopher Faulet (4): BUG/MINOR: http: Set brackets for the unlikely macro at the right place MINOR: debug: Add check for CO_FL_WILL_UPDATE MINOR: debug: Add checks for conn_stream flags BUG/MEDIUM: threads: Fix the exit condition of the thread barrier Olivier Houchard (2): BUG/MINOR: servers: Don't make "server" in a frontend fatal. BUG/MINOR: threads: Handle nbthread == MAX_THREADS. Tim Duesterhus (2): BUILD: Generate sha256 checksums in publish-release MEDIUM: proxy_protocol: Convert IPs to v6 when protocols are mixed Vincent Bernat (1): MINOR: systemd: consider exit status 143 as successful Willy Tarreau (19): BUG/MINOR: ssl: properly ref-count the tls_keys entries MINOR: mux: add a "show_fd" function to dump debugging information for "show fd" MINOR: h2: implement a basic "show_fd" function BUG/MINOR: h2: remove accidental debug code introduced with show_fd function MINOR: h2: keep a count of the number of conn_streams attached to the mux MINOR: h2: add the mux and demux buffer lengths on "show fd" BUG/MEDIUM: h2: don't accept new streams if conn_streams are still in excess BUG/MEDIUM: h2: never leave pending data in the output buffer on close BUG/MEDIUM: h2: make sure the last stream closes the connection after a timeout MINOR: h2: add the error code and the max/last stream IDs to "show fd" BUG/MEDIUM: stream-int: don't immediately enable reading when the buffer was reportedly full BUG/MEDIUM: stats: don't ask for more data as long as we're responding BUG/MEDIUM: threads/sync: use sched_yield when available BUG/MEDIUM: h2: prevent orphaned streams from blocking a connection forever BUG/MINOR: config: stick-table is not supported in defaults section BUG/MEDIUM: threads: properly fix nbthreads == MAX_THREADS MINOR: threads: move "nbthread" parsing to hathreads.c BUG/MEDIUM: threads: unbreak "bind" referencing an incorrect thread number SCRIPTS: git-show-backports: add missing quotes to "echo" ---