Re: haproxy 2.0 docker images
Hi Aleks, On Mon, May 06, 2019 at 08:17:23AM +0200, Aleksandar Lazic wrote: > > The outputs below raises some questions to me. > > > > * Should in the OPTIONS output also be the EXTRA_OBJS ? That's a good question. I was hesitating but given that the goal is to be able to easily rebuild a similar executable, maybe we should add it indeed. > > * Should PCRE2 be used instead of PCRE ? No opinion :-) > > * Should PRIVATE_CACHE be used in the default build? No, because this one disables inter-process sharing of SSL sessions. > > * Should SLZ be used in the default build? It's just a matter of choice. I personally always build with it for prod servers because it saves a huge amount of memory and some CPU, but it also adds one extra dependency. I'd say that if it doesn't require extra efforts it's worth it. If it adds some packaging burden you can simply drop it and fall back to zlib. > > * Make NS sense in a container image? I don't think so indeed, though it doesn't cost much to keep it, at least so that you use the same build options everywhere. > > * Can DEVICEATLAS 51DEGREES WURFL be used together? > > - From technically point of view >From a technical point of view I don't see any obvious incompatibility. However doing automated builds from all 3 of these might not always be trivial as it will require that you can include these respective libraries, some of which may only be downloaded after registering on their site. Please don't ship an executable built with the dummy libs since it will be useless and misleading (it's only useful for full- featured builds). > > - From license point of view You have to carefully check. I believe at least one of them mentions patents so this can even make the resulting executable look dangerous for some users and make them stay away from your images. Anyway as usual with anything related to licensing, the best advice I could give you is to ask a lawyer :-/ This alone might be a valid reason for not wasting too much time down this road. Cheers, Willy
Re: haproxy 2.0 docker images
Hi. Any answer to the questions below? Regards Aleks Sat Apr 27 12:47:17 GMT+02:00 2019 Aleksandar Lazic : > Hi. > > > I have now created some HAProxy 2.0 images ;-). > > The outputs below raises some questions to me. > > * Should in the OPTIONS output also be the EXTRA_OBJS ? > * Should PCRE2 be used instead of PCRE ? > * Should PRIVATE_CACHE be used in the default build? > * Should SLZ be used in the default build? > * Make NS sense in a container image? > * Can DEVICEATLAS 51DEGREES WURFL be used together? > - From technically point of view > - From license point of view > > Images: > https://hub.docker.com/r/me2digital/haproxy20-centos > https://hub.docker.com/r/me2digital/haproxy20-boringssl > > Build logs: > https://gitlab.com/aleks001/haproxy20-centos/-/jobs/203092688 > https://gitlab.com/aleks001/haproxy20-boringssl/-/jobs/203110753 > > haproxy -vv outputs: > > ``` > HA-Proxy version 2.0-dev2-5e6a5b-228 2019/04/25 - https://haproxy.org/ > Build options : > TARGET = linux2628 > CPU = generic > CC = gcc > CFLAGS = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv > -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter > -Wno-old-style-declaration -Wno-ignored-qualifiers -Wno-clobbered > -Wno-missing-field-initializers -Wtype-limits > OPTIONS = USE_PCRE=1 USE_PCRE_JIT=1 USE_THREAD=1 USE_PTHREAD_PSHARED=1 > USE_REGPARM=1 USE_LINUX_SPLICE=1 USE_GETADDRINFO=1 USE_OPENSSL=1 USE_LUA=1 > USE_ZLIB=1 USE_TFO=1 > > Feature list : +EPOLL -KQUEUE -MY_EPOLL -MY_SPLICE +NETFILTER +PCRE +PCRE_JIT > -PCRE2 -PCRE2_JIT +POLL -PRIVATE_CACHE +THREAD +PTHREAD_PSHARED +REGPARM > -STATIC_PCRE -STATIC_PCRE2 +TPROXY +LINUX_TPROXY +LINUX_SPLICE +LIBCRYPT > +CRYPT_H -VSYSCALL +GETADDRINFO +OPENSSL +LUA +FUTEX +ACCEPT4 -MY_ACCEPT4 > +ZLIB > -SLZ +CPU_AFFINITY +TFO -NS +DL +RT -DEVICEATLAS -51DEGREES -WURFL -SYSTEMD > -OBSOLETE_LINKER +PRCTL > > Default settings : > bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 > > Built with multi-threading support (MAX_THREADS=64, default=1). > Built with OpenSSL version : OpenSSL 1.1.1b 26 Feb 2019 > Running on OpenSSL version : OpenSSL 1.1.1b 26 Feb 2019 > OpenSSL library supports TLS extensions : yes > OpenSSL library supports SNI : yes > OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3 > Built with Lua version : Lua 5.3.5 > Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT > IP_FREEBIND > Built with zlib version : 1.2.7 > Running on zlib version : 1.2.7 > Compression algorithms supported : identity("identity"), deflate("deflate"), > raw-deflate("deflate"), gzip("gzip") > Built with PCRE version : 8.32 2012-11-30 > Running on PCRE version : 8.32 2012-11-30 > PCRE library supports JIT : yes > Encrypted password support via crypt(3): yes > Built with the Prometheus exporter as a service > > Available polling systems : > epoll : pref=300, test result OK > poll : pref=200, test result OK > select : pref=150, test result OK > Total: 3 (3 usable), will use epoll. > > Available multiplexer protocols : > (protocols marked as cannot be specified using 'proto' keyword) > h2 : mode=HTX side=FE|BE > h2 : mode=HTTP side=FE >: mode=HTX side=FE|BE >: mode=TCP|HTTP side=FE|BE > > Available services : > prometheus-exporter > > Available filters : > [SPOE] spoe > [COMP] compression > [CACHE] cache > [TRACE] trace > ``` > > ``` > $ docker run --rm --entrypoint /usr/local/sbin/haproxy > [MASKED]/haproxy20-boringssl -vv > HA-Proxy version 2.0-dev2-5e6a5b-228 2019/04/25 - https://haproxy.org/ > Build options : > TARGET = linux2628 > CPU = generic > CC = gcc > CFLAGS = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv > -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter > -Wno-old-style-declaration -Wno-ignored-qualifiers -Wno-clobbered > -Wno-missing-field-initializers -Wtype-limits -Wshift-negative-value > -Wshift-overflow=2 -Wduplicated-cond -Wnull-dereference > OPTIONS = USE_PCRE2=1 USE_PCRE2_JIT=1 USE_THREAD=1 USE_PTHREAD_PSHARED=1 > USE_REGPARM=1 USE_LINUX_SPLICE=1 USE_GETADDRINFO=1 USE_OPENSSL=1 USE_LUA=1 > USE_ZLIB=1 USE_TFO=1 > > Feature list : +EPOLL -KQUEUE -MY_EPOLL -MY_SPLICE +NETFILTER -PCRE -PCRE_JIT > +PCRE2 +PCRE2_JIT +POLL -PRIVATE_CACHE +THREAD +PTHREAD_PSHARED +REGPARM > -STATIC_PCRE -STATIC_PCRE2 +TPROXY +LINUX_TPROXY +LINUX_SPLICE +LIBCRYPT > +CRYPT_H -VSYSCALL +GETADDRINFO +OPENSSL +LUA +FUTEX +ACCEPT4 -MY_ACCEPT4 > +ZLIB > -SLZ +CPU_AFFINITY +TFO -NS +DL +RT -DEVICEATLAS -51DEGREES -WURFL -SYSTEMD > -OBSOLETE_LINKER +PRCTL > > Default settings : > bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 > > Built with multi-threading support (MAX_THREADS=64, default=1). > Built with OpenSSL version : BoringSSL > OpenSSL library supports TLS extensions : yes > OpenSSL library supports SNI : yes > OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3 > Built with Lua version : Lua 5.3.5 > Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPA
haproxy 2.0 docker images
Hi. I have now created some HAProxy 2.0 images ;-). The outputs below raises some questions to me. * Should in the OPTIONS output also be the EXTRA_OBJS ? * Should PCRE2 be used instead of PCRE ? * Should PRIVATE_CACHE be used in the default build? * Should SLZ be used in the default build? * Make NS sense in a container image? * Can DEVICEATLAS 51DEGREES WURFL be used together? - From technically point of view - From license point of view Images: https://hub.docker.com/r/me2digital/haproxy20-centos https://hub.docker.com/r/me2digital/haproxy20-boringssl Build logs: https://gitlab.com/aleks001/haproxy20-centos/-/jobs/203092688 https://gitlab.com/aleks001/haproxy20-boringssl/-/jobs/203110753 haproxy -vv outputs: ``` HA-Proxy version 2.0-dev2-5e6a5b-228 2019/04/25 - https://haproxy.org/ Build options : TARGET = linux2628 CPU = generic CC = gcc CFLAGS = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-old-style-declaration -Wno-ignored-qualifiers -Wno-clobbered -Wno-missing-field-initializers -Wtype-limits OPTIONS = USE_PCRE=1 USE_PCRE_JIT=1 USE_THREAD=1 USE_PTHREAD_PSHARED=1 USE_REGPARM=1 USE_LINUX_SPLICE=1 USE_GETADDRINFO=1 USE_OPENSSL=1 USE_LUA=1 USE_ZLIB=1 USE_TFO=1 Feature list : +EPOLL -KQUEUE -MY_EPOLL -MY_SPLICE +NETFILTER +PCRE +PCRE_JIT -PCRE2 -PCRE2_JIT +POLL -PRIVATE_CACHE +THREAD +PTHREAD_PSHARED +REGPARM -STATIC_PCRE -STATIC_PCRE2 +TPROXY +LINUX_TPROXY +LINUX_SPLICE +LIBCRYPT +CRYPT_H -VSYSCALL +GETADDRINFO +OPENSSL +LUA +FUTEX +ACCEPT4 -MY_ACCEPT4 +ZLIB -SLZ +CPU_AFFINITY +TFO -NS +DL +RT -DEVICEATLAS -51DEGREES -WURFL -SYSTEMD -OBSOLETE_LINKER +PRCTL Default settings : bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 Built with multi-threading support (MAX_THREADS=64, default=1). Built with OpenSSL version : OpenSSL 1.1.1b 26 Feb 2019 Running on OpenSSL version : OpenSSL 1.1.1b 26 Feb 2019 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3 Built with Lua version : Lua 5.3.5 Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Built with zlib version : 1.2.7 Running on zlib version : 1.2.7 Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip") Built with PCRE version : 8.32 2012-11-30 Running on PCRE version : 8.32 2012-11-30 PCRE library supports JIT : yes Encrypted password support via crypt(3): yes Built with the Prometheus exporter as a service Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. Available multiplexer protocols : (protocols marked as cannot be specified using 'proto' keyword) h2 : mode=HTXside=FE|BE h2 : mode=HTTP side=FE : mode=HTXside=FE|BE : mode=TCP|HTTP side=FE|BE Available services : prometheus-exporter Available filters : [SPOE] spoe [COMP] compression [CACHE] cache [TRACE] trace ``` ``` $ docker run --rm --entrypoint /usr/local/sbin/haproxy [MASKED]/haproxy20-boringssl -vv HA-Proxy version 2.0-dev2-5e6a5b-228 2019/04/25 - https://haproxy.org/ Build options : TARGET = linux2628 CPU = generic CC = gcc CFLAGS = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-old-style-declaration -Wno-ignored-qualifiers -Wno-clobbered -Wno-missing-field-initializers -Wtype-limits -Wshift-negative-value -Wshift-overflow=2 -Wduplicated-cond -Wnull-dereference OPTIONS = USE_PCRE2=1 USE_PCRE2_JIT=1 USE_THREAD=1 USE_PTHREAD_PSHARED=1 USE_REGPARM=1 USE_LINUX_SPLICE=1 USE_GETADDRINFO=1 USE_OPENSSL=1 USE_LUA=1 USE_ZLIB=1 USE_TFO=1 Feature list : +EPOLL -KQUEUE -MY_EPOLL -MY_SPLICE +NETFILTER -PCRE -PCRE_JIT +PCRE2 +PCRE2_JIT +POLL -PRIVATE_CACHE +THREAD +PTHREAD_PSHARED +REGPARM -STATIC_PCRE -STATIC_PCRE2 +TPROXY +LINUX_TPROXY +LINUX_SPLICE +LIBCRYPT +CRYPT_H -VSYSCALL +GETADDRINFO +OPENSSL +LUA +FUTEX +ACCEPT4 -MY_ACCEPT4 +ZLIB -SLZ +CPU_AFFINITY +TFO -NS +DL +RT -DEVICEATLAS -51DEGREES -WURFL -SYSTEMD -OBSOLETE_LINKER +PRCTL Default settings : bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 Built with multi-threading support (MAX_THREADS=64, default=1). Built with OpenSSL version : BoringSSL OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3 Built with Lua version : Lua 5.3.5 Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Built with zlib version : 1.2.8 Running on zlib version : 1.2.8 Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip") Built wit