On 30/07/2018 18:05, Willy Tarreau wrote:
Hi,
HAProxy 1.8.13 was released on 2018/07/30. It added 28 new commits
after version 1.8.12.
Nothing critical this time, however we finally got rid of the annoying
CLOSE_WAIT on H2 thanks to the continued help from Milan Petruzelka,
Janusz Dziemidowicz and Olivier Doucet. Just for this it was worth
emitting a release. During all these tests we also met a case where
sending a POST to the stats applet over a slow link using H2 could
sometimes result in haproxy busy waiting for data, causing 100% CPU
being seen. It was fixed, along with another bug affecting applets
like stats, possibly causing occasional CPU spikes.
While developing on 1.9 we found a few interesting corner cases with
threads, one of which causes performance to significantly drop when
reaching a server maxconn *if* there are more threads than available
CPUs. It turned out to be caused by the synchronization point not
leaving enough CPU to sleeping threads to be scheduled and join. You
should never ever use less threads than CPUs, but config errors
definitely happen and we'd rather limit their impact.
Speaking about config errors, another case existed where a "process"
directive on a "bind" line could reference non-existing threads. If
only non-existing threads were referenced, it didn't trigger an error
and would silently start, but with nobody to accept the traffic. It
easily happens when reducing the number of threads in a config. This
was addressed similarly to the process case, where the threads are
automatically remapped and a warning is emitted in this case.
An issue was addressed with the proxy protocol header sent to servers.
If a "http-request set-src" directive is used, it is possible to end up
with a mix of IPv4 and IPv6, which cannot be transported by the protocol
(since it makes no sense from a network perspective). Till now a server
would only receive "PROXY UNKNOWN" and would not even be able to get the
client's address. Tim Duesterhus addressed this by converting the IPv4
address to IPv6 if exactly one of the addresses is IPv6. It is the only
way not to lose information
Christopher addressed a rare issue which could trigger during soft
reloads with threads enabled : if a thread quits at the exact moment a
thread sync is requested, the remaining threads could wait for it
forever.
Vincent Bernat updated the systemd unit file so that when quitting, if
the master reports 143 (SIGTERM+128) as the exit status due to the fact
that it reports the last killed worker's status, systemd doesn't consider
this as a failure.
The remaining changes are pretty minor. Some H2 debugging code developed
to fix the CLOSE_WAIT issues was backported in orther to simplify the
retrieval of internal states when such issue shappen.
A small update happened to the download directory, the sha256 of the
tar.gz files are now present in addition to the (quite old) md5 ones.
We may start to think about phasing md5 signatures out, for example
after 1.9 is released.
As usual, it's worth updating if you're on 1.8, especially if you're
using H2 and/or threads. If you think you've found a bug that is not
addressed in the changelog below, please update and try again before
reporting it. There are so many possible side effects from H2 issues
and thread issues that it is possible that your issue is a different
manifestation of one of these.
Please find the usual URLs below :
Site index : http://www.haproxy.org/
Discourse : http://discourse.haproxy.org/
Sources : http://www.haproxy.org/download/1.8/src/
Git repository : http://git.haproxy.org/git/haproxy-1.8.git/
Git Web browsing : http://git.haproxy.org/?p=haproxy-1.8.git
Changelog : http://www.haproxy.org/download/1.8/src/CHANGELOG
Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/
As always the new Version is also on the docker hub.
https://hub.docker.com/r/me2digital/haproxy18/
Willy
Regards
Aleks
---
Complete changelog :
Christopher Faulet (4):
BUG/MINOR: http: Set brackets for the unlikely macro at the right place
MINOR: debug: Add check for CO_FL_WILL_UPDATE
MINOR: debug: Add checks for conn_stream flags
BUG/MEDIUM: threads: Fix the exit condition of the thread barrier
Olivier Houchard (2):
BUG/MINOR: servers: Don't make "server" in a frontend fatal.
BUG/MINOR: threads: Handle nbthread == MAX_THREADS.
Tim Duesterhus (2):
BUILD: Generate sha256 checksums in publish-release
MEDIUM: proxy_protocol: Convert IPs to v6 when protocols are mixed
Vincent Bernat (1):
MINOR: systemd: consider exit status 143 as successful
Willy Tarreau (19):
BUG/MINOR: ssl: properly ref-count the tls_keys entries
MINOR: mux: add a "show_fd" function to dump debugging information for "show
fd"
MINOR: h2: implement a basic "show_fd" function
BUG/MINOR: h2: remove accidental debug code introduced with show_fd
function
MINOR: h2: keep a count of the number of conn_streams attached to the mux
MINOR: h2: add the mux and demux buffer lengths on "show fd"
BUG/MEDIUM: h2: don't accept new streams if conn_streams are still in
excess
BUG/MEDIUM: h2: never leave pending data in the output buffer on close
BUG/MEDIUM: h2: make sure the last stream closes the connection after a
timeout
MINOR: h2: add the error code and the max/last stream IDs to "show fd"
BUG/MEDIUM: stream-int: don't immediately enable reading when the buffer
was reportedly full
BUG/MEDIUM: stats: don't ask for more data as long as we're responding
BUG/MEDIUM: threads/sync: use sched_yield when available
BUG/MEDIUM: h2: prevent orphaned streams from blocking a connection forever
BUG/MINOR: config: stick-table is not supported in defaults section
BUG/MEDIUM: threads: properly fix nbthreads == MAX_THREADS
MINOR: threads: move "nbthread" parsing to hathreads.c
BUG/MEDIUM: threads: unbreak "bind" referencing an incorrect thread number
SCRIPTS: git-show-backports: add missing quotes to "echo"
---
