Hello everyone, Please find attached my very first patch to the documentation. Hope I did everything good! :)
Based on a comment from @bugre: https://github.com/haproxy/haproxy/issues/2251#issuecomment-1716594046 (and also because I've been bitten by this!) Best, ~Nicolas
>From 04844e6eee725ff8bfe4ec62578e24649f020ec9 Mon Sep 17 00:00:00 2001 From: Nicolas CARPi <nico-git@deltablot.email> Date: Mon, 12 Feb 2024 12:45:15 +0100 Subject: [PATCH] DOC/MINOR: userlists: mention performance penalty of musl This change adds a paragraph to the documentation regarding "userlists" and the use of hashed password value. It is necessary to mention how the Alpine/musl C library impacts performance of hashing functions, as this has already led to a few issues: https://github.com/haproxy/haproxy/issues/1298 https://github.com/haproxy/haproxy/issues/2008 https://github.com/haproxy/haproxy/issues/2251 This change indicates clearly the shortcomings of musl, and proposes workarounds such as reducing the number of rounds or the cost complexity, if the algorithm allows for it. --- doc/configuration.txt | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/doc/configuration.txt b/doc/configuration.txt index 937d2a4b7..9864a49a5 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -3994,6 +3994,12 @@ user <username> [password|insecure-password <password>] but thousands of times. This can quickly become a major factor in HAProxy's overall CPU consumption! + Furthermore, there is a significant performance penalty when using a musl + variant (for instance with the Alpine linux distribution), as the musl code for + these hashing functions is less performant/optimized than its GCC + counterpart. When using musl, reducing the number of rounds or the "cost" of + the algorithm used can help a lot with the CPU usage. + Example: userlist L1 group G1 users tiger,scott -- 2.43.0