HAProxy 2.2-dev5 was released on 2020/03/23. It added 99 new commits
after version 2.2-dev4.

During these last two weeks a lot of time was spent cleaning up code,
doc and reg-tests. Fortunately in addition there are still some more
visible features:

  - a unique ID may now be sent and received in the PROXY protocol
    for connection tracing purposes along a chain. This is mostly useful
    for TCP-based protocols since in HTTP it may already be done with
    HTTP headers.

  - the default maxconn used to appear as lower than before for a number
    of users, because before 2.0 it used to be hard-coded to 2000 (even
    if FD limits were too low) and now we used to rely on the soft limit
    instead of the hard limit. This made haproxy use the least possible
    FDs as the upper bound. Now instead we rely on the hard limit, which
    makes more sense since the goal is to allow what's permitted. This
    will increase the default maxconn for users who don't set it and who
    don't touch their FD limit using "ulimit -n" on the command line.

  - it's possible to dump the crt-lists from the command line using
    "show crt-list" or "dump crt-list".

  - there's now the possibility to create an SSL certificate directly
    from the command line ("new ssl cert") though the commit message
    suggests some parts are still missing for it to be completely usable
    with crt-lists, which also hints why it doesn't appear yet in the
    doc so I don't know if I ought to speak about it or not :-)

  - idle server connections may now be reused between threads. This
    should significantly reduce the number of file descriptors for
    setups using a large number of threads, and significantly increase
    the reuse rate. Please not that this applies to *idle* connections
    (i.e. not used at all). Multiplexed connections like H2 or FCGI
    may still be used by a single thread at once, eventhough any thread
    can pick them first (but there are theorical plans to try to share
    them in 2.3).

We're approaching the end of unplanned changes, so the goal will now be
to mostly focus on finishing what's already started. Regarding the
pending stuff I currently have in mind, I think there are still changes
coming on the SSL side regarding runtime certificate management, there
are pending changes on health checks to clean the horrible mess we have
accumulated since 1.1, and I made one quick attempt at implementing TCP
logs but I figured that it required one hour of work and probably one
week of code refactoring bringing no value except avoiding code
duplication, and I must confess I lost my motivation. We need to find
the sweet spot between reworking the logs at the last minute and making
sure we do something quick but forward-compatible from a configuration
perspective. A few more improvements on FD management and idle connections
are expected as well. If you have pending stuff on your side that you'd
like to see merged in 2.2, please at least speak about it now, because
code review takes a huge amount of time and those currently finishing
their work cannot always be available to review some late changes.

Please find the usual URLs below :
   Site index       : http://www.haproxy.org/
   Discourse        : http://discourse.haproxy.org/
   Slack channel    : https://slack.haproxy.org/
   Issue tracker    : https://github.com/haproxy/haproxy/issues
   Sources          : http://www.haproxy.org/download/2.2/src/
   Git repository   : http://git.haproxy.org/git/haproxy.git/
   Git Web browsing : http://git.haproxy.org/?p=haproxy.git
   Changelog        : http://www.haproxy.org/download/2.2/src/CHANGELOG
   Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/

Complete changelog :
Balvinder Singh Rawat (1):
      DOC: correct typo in alert message about rspirep

David Carlier (1):
      BUILD: on ARM, must be linked to libatomic.

Emeric Brun (1):
      BUG/MEDIUM: peers: resync ended with RESYNC_PARTIAL in wrong cases.

Ilya Shipitsin (7):
      CLEANUP: assorted typo fixes in the code and comments
      CI: add spellcheck github action
      CI: travis: switch linux builds to clang-9
      CI: travis: proper group output redirection together with travis_wait
      DOC: assorted typo fixes in the documentation
      CI: run travis-ci builds on push only, skip pull requests
      CI: temporarily disable unstable travis arm64 builds

Kevin Zhu (1):
      BUG/MEDIUM: spoe: dup agent's engine_id string from trash.area

Lukas Tribus (1):
      DOC: ssl: clarify security implications of TLS tickets

Olivier Houchard (33):
      BUG/MINOR: buffers: MT_LIST_DEL_SAFE() expects the temporary pointer.
      BUG/MEDIUM: mt_lists: Make sure we set the deleted element to NULL;
      MINOR: mt_lists: Appease gcc.
      MINOR: lists: Implement function to convert list => mt_list and mt_list 
=> list
      MINOR: servers: Kill priv_conns.
      MINOR: lists: fix indentation.
      BUG/MEDIUM: connections: Don't assume the connection has a valid session.
      BUG/MEDIUM: pools: Always update free_list in pool_gc().
      MINOR: fd: Use a separate lock for logs instead of abusing the fd lock.
      MINOR: mux_pt: Don't try to remove the connection from the idle list.
      MEDIUM: fd: Introduce a running mask, and use it instead of the spinlock.
      MINOR: tasks: Provide the tasklet to the callback.
      MINOR: wdt: Move the definitions of WDTSIG and DEBUGSIG into 
      BUG/MEDIUM: wdt: Don't ignore WDTSIG and DEBUGSIG in 
      MINOR: memory: Change the flush_lock to a spinlock, and don't get it in 
      MEDIUM: sessions: Don't be responsible for connections anymore.
      MEDIUM: servers: Split the connections into idle, safe, and available.
      MINOR: fd: Implement fd_takeover().
      MINOR: connections: Add a new mux method, "takeover".
      MINOR: connections: Make the "list" element a struct mt_list instead of 
      MINOR: connections: Add a flag to know if we're in the safe or idle list.
      MEDIUM: connections: Attempt to get idle connections from other threads.
      MEDIUM: mux_h1: Implement the takeover() method.
      MEDIUM: mux_h2: Implement the takeover() method.
      MEDIUM: mux_fcgi: Implement the takeover() method.
      MEDIUM: connections: Kill connections even if we are reusing one.
      BUG/MEDIUM: connections: Don't forget to decrement idle connection 
      BUG/MEDIUM: build: Fix compilation by spelling decl correctly.
      BUILD/MEDIUM: fd: Declare fd_mig_lock as extern.
      BUG/MINOR: connections: Make sure we free the connection on failure.
      BUG/MEDIUM: h1: Make sure we subscribe before going into idle list.
      BUG/MINOR: connections: Set idle_time before adding to idle list.
      MINOR: muxes: Note that we can't usee a connection when added to the srv 

Tim Duesterhus (8):
      DOC: proxy_protocol: Reserve TLV type 0x05 as PP2_TYPE_UNIQUE_ID
      MINOR: proxy_protocol: Ingest PP2_TYPE_UNIQUE_ID on incoming connections
      MEDIUM: proxy_protocol: Support sending unique IDs using PPv2
      CLEANUP: connection: Add blank line after declarations in PP handling
      CLEANUP: connection: Stop directly setting an ist's .ptr
      BUG/MINOR: pattern: Do not pass len = 0 to calloc()
      BUG/MINOR: ssl: Do not free garbage pointers on memory allocation failure
      BUG/MINOR: ssl: Correctly add the 1 for the sentinel to the number of 

William Lallemand (17):
      CLEANUP: ssl: is_default is a bit in ckch_inst
      BUG/MINOR: ssl/cli: sni_ctx' mustn't always be used as filters
      CLEANUP: ssl: separate the directory loading in a new function
      REORG: ssl: move ssl_sock_load_cert()
      MINOR: ssl: pass ckch_inst to ssl_sock_load_ckchs()
      MEDIUM: ssl: allow crt-list caching
      MINOR: ssl: directories are loaded like crt-list
      BUG/MINOR: ssl: can't open directories anymore
      MINOR: ssl/cli: show/dump ssl crt-list
      BUG/MINOR: ssl/cli: free the trash chunk in dump_crtlist
      BUG/MINOR: ssl: memory leak in crtlist_parse_file()
      BUG/MINOR: ssl: memleak of struct crtlist_entry
      MINOR: ssl/cli: 'new ssl cert' command
      MINOR: ssl/cli: show certificate status in 'show ssl cert'
      BUG/MINOR: ssl: crtlist_dup_filters() must return NULL with fcount == 0
      BUG/MINOR: ssl/cli: free BIO upon error in 'show ssl cert'
      BUG/MINOR: ssl/cli: fix a potential NULL dereference

Willy Tarreau (29):
      CLEANUP: remove support for Linux i686 vsyscalls
      CLEANUP: drop support for USE_MY_ACCEPT4
      CLEANUP: remove support for USE_MY_EPOLL
      CLEANUP: remove support for USE_MY_SPLICE
      CLEANUP: remove the now unused common/syscall.h
      BUILD: make dladdr1 depend on glibc version and not __USE_GNU
      BUILD: wdt: only test for SI_TKILL when compiled with thread support
      BUILD: Makefile: the compiler-specific flags should all be in SPEC_CFLAGS
      MINOR: init: move the maxsock calculation code to compute_ideal_maxsock()
      MEDIUM: init: always try to push the FD limit when maxconn is set from -m
      BUG/MAJOR: list: fix invalid element address calculation
      BUILD: stream-int: fix a few includes dependencies
      BUG/MEDIUM: random: align the state on 2*64 bits for ARM64
      BUG/MINOR: haproxy: always initialize sleeping_thread_mask
      BUG/MINOR: listener/mq: do not dispatch connections to remote threads 
when stopping
      BUG/MINOR: haproxy/threads: try to make all threads leave together
      Revert "BUILD: travis-ci: enable s390x builds"
      BUILD: travis-ci: enable regular s390x builds
      MINOR: debug: add a new DISGUISE() macro to pass a value as identity
      MINOR: debug: consume the write() result in BUG_ON() to silence a warning
      MINOR: use DISGUISE() everywhere we deliberately want to ignore a result
      BUILD: pools: silence build warnings with DEBUG_MEMORY_POOLS and DEBUG_UAF
      CI: travis: revert to clang-7 for BoringSSL tests
      BUILD: makefile: fix regex syntax in ARM platform detection
      BUILD: makefile: fix expression again to detect ARM platform
      CI: travis: re-enable ASAN on clang
      REGTEST: increase timeouts on the seamless-reload test
      BUG/MINOR: haproxy/threads: close a possible race in soft-stop detection
      CLEANUP: haproxy/threads: don't check global_tasks_mask twice


Reply via email to