Hi,
HAProxy 2.4.0 was released on 2021/05/14. It added 34 new commits
after version 2.4-dev19. This completes 6 months of improvements and
cleanups split into 1687 commits from 36 participants. I'm pleased to
welcome these 7 new contributors who got their first commit merged
into 2.4, hoping they'll want to continue:
Florian Apolloner, Jan Wagner, Maciej Zdeb, Maximilian Mader,
Phil Scherer, Thayne McCombs, Evgeny Varnavskiy
And these 29 other ones who are not new as they already contributed
before 2.4:
Adis Nezirovic, Aleksandar Lazic, Amaury Denoyelle, Baptiste Assmann
Bertrand Jacquin, Christian Ruppert, Christopher Faulet,
Daniel Corbett, David Carlier, Dragan Dosen, Emeric Brun, Eric Salama,
Frédéric Lécaille, Gilchrist Dadaglo, Ilya Shipitsin, Jerome Magnin,
Joao Morais, Julien Pivotto, Matthieu Guegan, Miroslav Zagorac,
Moemen MHEDHBI, Olivier Houchard, Remi Tricot-Le Breton,
Thierry Fournier, Tim Duesterhus, William Dauchy, William Lallemand,
Willy Tarreau, Yves Lafon
It's really great to see more and more participation in multiple areas,
turning good ideas into usable features, and with increasing quality
overall. Let's continue like this, it's going into the right direction.
Speaking of quality, for the first time we really managed to enforce the
feature freeze, leading to most only harmless stuff getting merged past
that point. It allowed us to focus much better than before on regressions
and eliminate the usual last-minute bugs. This, combined with the work
done by Ilya and Tim on the CI, and with the continuously growing set of
regression tests, has significantly shortened the average lifetime of the
bugs (many of which not leaving the developer's computer anymore). And
this pays off: each and every -dev version among the 20 ones produced
was deployed on haproxy.org, and no single failure was observed since,
not even a crash, hang, leak, slow down or rendering issue. This makes
me think that 2.4 out of the box is probably more reliable than the
excellent 2.2 after 14 revisions. That's also why we release slightly
before the initially expected deadline, it almost seems there's nothing
left to be fixed! This proves that with some shared efforts it's possible
to improve, and I hope that we'll continue on this trend so that 2.5 gets
even better (yes, it's always possible).
This version brings a few fixes for bugs and build issues on top of -dev19,
very minor changes (addition of some ARM CPU targets in the Makefile to ease
portable builds, a few extra normalizers, a few example files, and a sorting
key for "show profiling"). Please see at the end of this message for the
details.
What's new in 2.4 compared to 2.3 ? Lots of cool stuff! The work was spread
on several fronts:
- performance and latency: a lot of work was done on locking reduction,
bringing 2.4 a much lower latency than 2.3 had, and a higher scalability.
2.4 is NUMA-aware on Linux and will avoid binding to cross-socket cores
by default. Idle server-side connections are now reusable even when SNI,
proxy protocol or transparent proxy are used, saving costly round trips.
Lua now supports lock-free multi-threading. Idle frontend connections
will now be closed as soon as possible during reloads.
- reliability: "strict-limits" is on by default, experimental features
are protected against accidental use from a copy-paste, a diagnostic
mode was added to report suspicious or uncommon constructs that could
be mistakes, new live debugging tools were added for better in-field
debugging. Backend idle connections will be closed before quitting
so that they don't consume source ports in TIME_WAIT.
- management and integration: maps and ACLs now support atomic updates,
server-side SSL certificates can also be updated without reloading,
servers can be added/removed without reloading (still experimental),
more server settings can be edited at run time, global variables can
be listed/edited at run time, "defaults" section can now be named,
reused an inherited, line numbers and file names can be included in
any command, file paths can now be relative to the config file, some
new ".if/.elif/.else/.endif" config directives permit a smoother
transition between versions using a same config file (particularly
useful for automated rollbacks),
- interoperability / protocol support: WebSocket over HTTP/2 (RFC8441)
is now supported on both sides, regardless of the version on the other
side. The cache now supports the "Vary" header with a few commonly
used headers, including "Accept-encoding" which gets normalized for
optimal cache hit ratio. The Prometheus exporter got a significant
liftup, requires less tricks on the Prometheus side, and supports
listing only certain metrics for faster retrieval. Optional native
support for Opentracing was also integrated (via USE_OT=1). The DNS
resolvers now support talking to servers over TCP. Basic support for
extracting information from MQTT and FIX protocol was added. Timeouts
can now be adjusted on the fly and per-request in order to adapt to
particuarly slow servers or special protocols.
- user-friendliness: TCP loggers now do not require a ring section
declaration anymore, it's transparently done now. Header deletion
using a pattern matching on the name is now supported instead of
having to list many names. Checking for real server-side errors got
easier than before with http_fail_cnt/http_fail_rate. The config
parser and CLI will now provide suggestions when some keywords are
misspelled. The CLI's help output can now be filtered to subsets of
commands and will be sorted for easier finding.
- processing: the new "wait-for-body" HTTP action allows to wait for
a request or response body up to a certain size or delay. This is
convenient to detect POST contents or to detect error patterns or
information leaks in responses. TCP frontends can now be manually
upgraded to HTTP, allowing HTTP rules to be used in a frontend in
a tcp->http scenario. JSON parameters can be decoded to extract some
fields values. A URL encoder is now available to pass some fields in
a way that is suitable for query string parameters. Base64 variants
are now supported (such as the URL-compatible one used by JWT).
- for distros: building optional addons will be easier thanks to the
removal of the contrib/ directory and the cleaner integration with
the regular build process and include files. Libslz was included by
default, simplifying the packaging work. A few example configs were
added into examples/ to serve as starters for users. A CPU entry was
added to produce executables that works well both on old and new
ARMv8 CPUs.
- observability: more stats were added (SSL, H2). "show info" can now
emit floating point values for rates and uptimes if requested.
And of course there's all the invisible stuff being done on the internals
to improve the code, make it more extensible, more reliable or faster. I
think that's about it. If you contributed something that I missed here,
sorry for this, that's already a lot to figure out. Don't feel upset, and
just respond here to point it :-)
For more details, my coworker Daniel went through all the announces and wrote
about these changes in more details here:
https://www.haproxy.com/blog/announcing-haproxy-2-4/
I'm pretty sure there are still a few other points that I already missed
in announces, and I remember that long ago we said about one of them that
I should not forget to mention it. Apparently I did :-)
Many thanks to all of those who participated with code, doc, support, bug
reports and discussions.
As usual, I've been careful when uploading the new release and I would
not be surprised to see a 404 or two, so do not hesitate to report any
issue. Please be gentle for the doc, as it also requires some manual
post-release adaptations and will take a bit more time.
Please find the usual URLs below :
Site index : http://www.haproxy.org/
Discourse : http://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Wiki : https://github.com/haproxy/wiki/wiki
Sources : http://www.haproxy.org/download/2.4/src/
Git repository : http://git.haproxy.org/git/haproxy-2.4.git/
Git Web browsing : http://git.haproxy.org/?p=haproxy-2.4.git
Changelog : http://www.haproxy.org/download/2.4/src/CHANGELOG
Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/
Willy
---
Complete changelog since 2.4-dev19:
Amaury Denoyelle (3):
BUG/MINOR: http_fetch: fix possible uninit sockaddr in fetch_url_ip/port
BUG/MEDIUM: stick_table: fix crash when using tcp smp_fetch_src
REGTESTS: stick-table: add src_conn_rate test
Daniel Corbett (2):
CLEANUP: cli/activity: Remove double spacing in set profiling command
DOC: config: Fix configuration example for mqtt
Ilya Shipitsin (2):
CI: extend spellchecker whitelist, add "ists" as well
CLEANUP: assorted typo fixes in the code and comments
Miroslav Zagorac (1):
BUILD/MINOR: opentracing: fixed compilation with filter enabled
Tim Duesterhus (5):
CI: Build VTest with clang
BUG/MINOR: http_act: Fix normalizer names in error messages
MINOR: uri_normalizer: Add `fragment-strip` normalizer
MINOR: uri_normalizer: Add `fragment-encode` normalizer
Revert "CI: Build VTest with clang"
Willy Tarreau (20):
BUG/MINOR: memprof: properly account for differences for realloc()
MINOR: memprof: also report the method used by each call
MINOR: memprof: also report the totals and delta alloc-free
CLEANUP: pattern: remove the unused and dangerous pat_ref_reload()
IMPORT: slz: use the generic function for the last bytes of the crc32
IMPORT: slz: do not produce the crc32_fast table when CRC is natively
supported
BUILD: makefile: add a few popular ARMv8 CPU targets
CLEANUP: stick-table: remove a leftover of an old keyword declaration
BUG/MINOR: stats: fix lastchk metric that got accidently lost
EXAMPLES: add a "basic-config-edge" example config
EXAMPLES: add a trivial config for quick testing
MINOR: activity/cli: optionally support sorting by address on "show
profiling"
DEBUG: ssl: export ssl_sock_close() to see its symbol resolved in
profiling
BUG/MINOR: lua/vars: prevent get_var() from allocating a new name
BUG/MAJOR: config: properly initialize cpu_map.thread[] up to MAX_THREADS
BUILD: config: avoid a build warning on numa_detect_topology() without
threads
DOC: update min requirements in INSTALL
IMPORT: slz: use inttypes.h instead of stdint.h
BUILD: sample: use strtoll() instead of atoll()
MINOR: version: mention that it's LTS now.
varnav (1):
DOC: management: Correct example reload command in the document
---
