Re: Changes in HAProxy 3.0's Makefile and build options

чт, 11 апр. 2024 г. в 21:05, Willy Tarreau : > Hi Ilya, > > On Thu, Apr 11, 2024 at 08:27:39PM +0200, ??? wrote: > > do you know maybe how this was supposed to work ? > > haproxy/Makefile at master · haproxy/haproxy (github.com) > >

Re: Update for https://github.com/haproxy/wiki/wiki/SPOE:-Stream-Processing-Offloading-Engine

On Mon, Apr 15, 2024 at 10:18:19AM +0200, Aleksandar Lazic wrote: > Hi. > > The "https://github.com/criteo/haproxy-spoe-go; is archived since Nov 7, > 2023 and there is a fork from that repo https://github.com/go-spop/spoe > Can we add this info to the wiki page? > > There is also a rust

Re: [PATCH 0/3] Add support for UUIDv7

Hi Tim! On Fri, Apr 19, 2024 at 09:01:24PM +0200, Tim Duesterhus wrote: > Willy, > > as requested in the thread "[ANNOUNCE] haproxy-3.0-dev7": > > > Regarding UUIDs, though, I've recently come across UUIDv7 which I found > > particularly interesting, and that I think would be nice to implement

Re: [PATCH 0/1] CI: switch to more recent macos version(s)

On Fri, Apr 19, 2024 at 07:16:44AM +0200, Ilya Shipitsin wrote: > let's modernize macos CI build matrix since macos-14 is available Merged, thank you Ilya! willy

Re: [PATCH 1/2] CI: reduce ASAN log redirection umbrella size

on my experiments, asan log was grouped under "show vtest results". on provided branch indeed there are no grouping. I'll play a bit, maybe we'll end with dropping that log redirection ср, 17 апр. 2024 г. в 21:17, William Lallemand : > On Sun, Apr 14, 2024 at 09:23:51AM +0200, Ilya Shipitsin

Re: [PATCH 1/2] CI: reduce ASAN log redirection umbrella size

On Sun, Apr 14, 2024 at 09:23:51AM +0200, Ilya Shipitsin wrote: > previously ASAN_OPTIONS=log_path=asan.log was intended for VTest > execution only, it should not affect "haproxy -vv" and hsproxy > config smoke testing > --- > .github/workflows/vtest.yml | 5 +++-- > 1 file changed, 3

Re: [PATCH 0/2] CI cleanup, spell fixes

On Sun, Apr 14, 2024 at 09:23:50AM +0200, Ilya Shipitsin wrote: > the main part is reducing ASAN_OPTIONS scope, it was supposed > only to capture output of vtests, accidently it covered "config smoke tests" > as well (...) Both merged, thank you Ilya! willy

Re: [PATCH] MINOR: cli: add option to modify close-spread-time

Hi Abhijeet, On Mon, Apr 15, 2024 at 09:48:25PM -0700, Abhijeet Rastogi wrote: > Hi Willy, > > Thank you for your patience with my questions. You're welcome! > > It happens that the global struct is only changed during startup > > I used cli_parse_set_maxconn_global as a reference for my

Re: [PATCH] MINOR: cli: add option to modify close-spread-time

Hi Willy, Thank you for your patience with my questions. > It happens that the global struct is only changed during startup I used cli_parse_set_maxconn_global as a reference for my patch and my understanding is, it does have a race as I do not see thread_isolate().

Re: [PATCH] MINOR: cli: add option to modify close-spread-time

Hi Abhijeet, On Mon, Apr 08, 2024 at 08:11:28PM -0700, Abhijeet Rastogi wrote: > Hi HAproxy community, > > Let's assume that HAproxy starts with non-zero values for close-spread-time > and hard-stop-after, and soft-stop is used to initiate the shutdown during > deployments. > There are times

Re: Changes in HAProxy 3.0's Makefile and build options

d user). They can be justified for ultra-complex > projects but quite frankly, having to imagine not being able to flip > an option without rebuilding everything, not having something as simple > as "V=1" to re-run the failed file and see exactly what was tried, > having to f

Re: Changes in HAProxy 3.0's Makefile and build options

re really really a pain to deal with, at every stage (development and user). They can be justified for ultra-complex projects but quite frankly, having to imagine not being able to flip an option without rebuilding everything, not having something as simple as "V=1" to re-run the failed fil

Re: [PATCH 0/1] CI: revert entropy hack

On Sat, Apr 13, 2024 at 09:50:33AM +0200, ??? wrote: > It has been resolved on image generation side > https://github.com/actions/runner-images/issues/9491 > > It is no harm to keep it on our side as well, but we can drop it Perfect, now merged, thank you Ilya! Willy

Re: [PATCH 0/1] CI: revert entropy hack

It has been resolved on image generation side https://github.com/actions/runner-images/issues/9491 It is no harm to keep it on our side as well, but we can drop it On Fri, Apr 12, 2024, 18:55 Willy Tarreau wrote: > On Fri, Apr 12, 2024 at 12:42:51PM +0200, ??? wrote: > > ping :) > >

Re: [PR] DOC: management: fix typos

On Fri, Apr 12, 2024 at 10:23:02AM +, PR Bot wrote: > Dear list! > > Author: Andrey Lebedev > Number of patches: 1 > > This is an automated relay of the Github pull request: >DOC: management: fix typos (...) Now merged, thank you Andrey! Willy

Re: [PATCH 0/1] CI: revert entropy hack

On Fri, Apr 12, 2024 at 12:42:51PM +0200, ??? wrote: > ping :) Ah thanks for the reminder. I noticed it a few days ago and I wanted to ask you to please include a commit message explaining why it's no longer necessary. We don't need much, just to understand the rationale for the removal.

Re: [PATCH] MINOR: config: rhttp: Downgrade error on attach-srv name parsing

On Fri, Apr 12, 2024, at 4:01 PM, Amaury Denoyelle wrote: > I have a doubt though, will this kind of configuration really works ? I > though that for the moment if name parameter is specified, it is > mandatory to use a server with SSL+SNI. It may be mandatory according to the RFC, but I'm not

Re: [PATCH] MINOR: config: rhttp: Downgrade error on attach-srv name parsing

On Fri, Apr 12, 2024 at 05:01:07PM +0200, Amaury Denoyelle wrote: > On Fri, Apr 12, 2024 at 03:37:56PM +0200, Willy Tarreau wrote: > > Hi! > > On Fri, Apr 12, 2024 at 02:29:30PM +0100, William Manley wrote: > > > An attach-srv config line usually looks like this: > > > > tcp-request session

Re: [PATCH] MINOR: config: rhttp: Downgrade error on attach-srv name parsing

On Fri, Apr 12, 2024, at 2:37 PM, Willy Tarreau wrote: > Well, I consider that any valid (and useful) configuration must be > writable without a warning. So if you have a valid use case with a > different expression, here you still have no way to express it without > the warning. In this case I'd

Re: [PATCH] MINOR: config: rhttp: Downgrade error on attach-srv name parsing

On Fri, Apr 12, 2024 at 03:37:56PM +0200, Willy Tarreau wrote: > Hi! > On Fri, Apr 12, 2024 at 02:29:30PM +0100, William Manley wrote: > > An attach-srv config line usually looks like this: > > > tcp-request session attach-srv be/srv name ssl_c_s_dn(CN) > > > The name is a key that is used

Re: [PATCH] MINOR: config: rhttp: Downgrade error on attach-srv name parsing

Hi! On Fri, Apr 12, 2024 at 02:29:30PM +0100, William Manley wrote: > An attach-srv config line usually looks like this: > > tcp-request session attach-srv be/srv name ssl_c_s_dn(CN) > > The name is a key that is used when looking up connections in the > connection pool. Without this patch

Re: [PATCH 0/1] CI: revert entropy hack

ping :) сб, 6 апр. 2024 г. в 15:38, Ilya Shipitsin : > hack introduced in 3a0fc8641b1549b00cd3125107545b6879677801 might be > reverted > > Ilya Shipitsin (1): > CI: revert kernel entropy introduced in > 3a0fc8641b1549b00cd3125107545b6879677801 > > .github/workflows/vtest.yml | 11

Re: Changes in HAProxy 3.0's Makefile and build options

Hi Willy, > On 11 Apr 2024, at 18:18, Willy Tarreau wrote: > > Some distros simply found that stuffing their regular CFLAGS into > DEBUG_CFLAGS or CPU_CFLAGS does the trick most of the time. Others use > other combinations depending on the tricks they figured. Good to know I wasn’t alone

Re: Changes in HAProxy 3.0's Makefile and build options

On Thu, Apr 11, 2024 at 11:43:14PM +0200, Dinko Korunic wrote: > Subject: Re: Changes in HAProxy 3.0's Makefile and build options > > > On 11.04.2024., at 21:32, William Lallemand wrote: > > > > If I remember correctly github actions VMs only had 2 vCPU in the past, &

Re: Changes in HAProxy 3.0's Makefile and build options

> On 11.04.2024., at 21:32, William Lallemand wrote: > > If I remember correctly github actions VMs only had 2 vCPU in the past, > I think they upgraded to 4 vCPU last year but I can't find anything in > their documentation. Hi William, GitHub runners Instance sizes for public repositories

Re: Changes in HAProxy 3.0's Makefile and build options

On Thu, Apr 11, 2024 at 09:04:51PM +0200, Willy Tarreau wrote: > Subject: Re: Changes in HAProxy 3.0's Makefile and build options > Hi Ilya, > > On Thu, Apr 11, 2024 at 08:27:39PM +0200, ??? wrote: > > do you know maybe how this was supposed to work ? > > ha

Re: Changes in HAProxy 3.0's Makefile and build options

Hi Ilya, On Thu, Apr 11, 2024 at 08:27:39PM +0200, ??? wrote: > do you know maybe how this was supposed to work ? > haproxy/Makefile at master · haproxy/haproxy (github.com) > That's this: ifneq ($(shell $(CC) $(CFLAGS)

Re: Changes in HAProxy 3.0's Makefile and build options

чт, 11 апр. 2024 г. в 19:18, Willy Tarreau : > Hi all, > > after all the time where we've all been complaining about the difficulty > to adjust CFLAGS during the build, I could tackle the problem for a first > step in the right direction. > > First, let's start with a bit of history to explain

Re: [PATCH] BUG/MINOR: server: fix slowstart behavior

Hi Damien, On Tue, Apr 09, 2024 at 03:37:07PM +, Damien Claisse wrote: > We observed that a dynamic server which health check is down for longer > than slowstart delay at startup doesn't trigger the warmup phase, it > receives full traffic immediately. This has been confirmed by checking >

Re: [PR] Add destination ip as source ip

On Wed, Apr 10, 2024 at 03:28:06PM +0200, Christopher Faulet wrote: > Hi, > > Thanks. I have few comments. > > First, your commit message must follow rules of CONTRIBUTING file. The > commit subject must mention a level (here MINOR) and a scope (here > connection). Then a commit message must be

Re: [PR] Add destination ip as source ip

Hi, Thanks. I have few comments. First, your commit message must follow rules of CONTRIBUTING file. The commit subject must mention a level (here MINOR) and a scope (here connection). Then a commit message must be provided with details on the patch. You should describe what you want to

Re: haproxy backend server template service discovery questions

rsistent "records pollution" due to operations made directly with control socket. I am not sure is there anything to do about this. Maybe, if haproxy could cache the state not only of se_id but also associated re

Re: haproxy backend server template service discovery questions

icted from srv replies and out of discovery of haproxy. >>> >>> 3. Instance of application goes up and gets registered by consul and >>> discovered by haproxy, but haproxy allocates different se_id for it. >>> Haproxy healthchecks will control the traffic to i

Re: haproxy backend server template service discovery questions

th this pattern we basically have persistent "records pollution" due to operations made directly with control socket. I am not sure is there anything to do about this. Maybe, if haproxy could cache the state not only of se_id bu

Re: haproxy backend server template service discovery questions

l have se_id 1 with MAINT flag and application instance >> dns record placed into different se_id. >> >> The problem comes that any new discovered record which get placed into >> se_id 1 will never be active until either command: >> >> ``` >> echo "se

Re: haproxy backend server template service discovery questions

m not sure is there anything to do about this. Maybe, if haproxy could cache the state not only of se_id but also associated record with that and then if that gets changed - re-schedule healtchecks. Or instead of integer ids use some hashed ids based on dns/ip-addresses of

Re: [ANNOUNCE] haproxy-3.0-dev7

Hi Ilya, On Sun, Apr 07, 2024 at 08:34:18PM +0200, ??? wrote: > ??, 6 ???. 2024 ?. ? 17:53, Willy Tarreau : > > - a new "guid" keyword was added for servers, listeners and proxies. > > The purpose will be to make it possible for external APIs to assign > > a globally unique

Re: haproxy backend server template service discovery questions

On Sat, 6 Apr 2024 at 20:17, Илья Шипицин wrote: > > Consul template is something done by consul itself, after that haproxy.conf > is rendered > > Do you mean "how haproxy deals with rendered template"? > He doesn't use that method of discovery, he uses DNS resolvers so haproxy gets the SRV

Re: haproxy backend server template service discovery questions

ot; due to operations made > directly with control socket. > This situation could lead to minor incidents where most newly registered servers are assigned to se_ids that were previously in maintenance mode. So, you end up with a backend that has, let's say, 75% of servers in maintenance

Re: [ANNOUNCE] haproxy-3.0-dev7

сб, 6 апр. 2024 г. в 17:53, Willy Tarreau : > Hi, > > HAProxy 3.0-dev7 was released on 2024/04/06. It added 73 new commits > after version 3.0-dev6. > > Among the changes that stand out in this version, here's what I'm seeing: > > - improvements to the CLI internal API so that the various

Re: haproxy backend server template service discovery questions

The problem comes that any new discovered record which get placed into > se_id 1 will never be active until either command: > > ``` > echo "set server example/application1 state ready" | nc -U > /var/lib/haproxy/stats > ``` > > executed or haproxy gets reloaded without state fi

Re: git clone git.haproxy.git with curl-8.7.1 failing writing received data

On 2024-04-05 20:24, Bertrand Jacquin wrote: Just let us know if you're interested. We can also first wait for Stefan and/or Daniel's analysis of a possible cause for the commit you bisected above before hacking too much stuff, though :-) Let's see! Latest digging seems to lead to some

Re: git clone git.haproxy.git with curl-8.7.1 failing writing received data

Hey Willy, On 2024-04-05 19:44, Willy Tarreau wrote: Thanks a lot for these details. One thing to have in mind that could explain that you have not observed this on other servers is that we're using plain HTTP, we haven't deployed the git-server stuff, so maybe it triggers a different object

Re: git clone git.haproxy.git with curl-8.7.1 failing writing received data

Hi Bertrand! On Fri, Apr 05, 2024 at 07:27:28PM +0100, Bertrand Jacquin wrote: > Hi, > > For the last few days, I've been unable to git clone > https://git.haproxy.org/git/haproxy.git with curl-8.7.1, where I'm getting > the following error: > > $ GIT_TRACE=1 git fetch

Re: [PATCH] DOC: configuration: grammar fixes for strict-sni

Hi Nicolas, On Wed, Apr 03, 2024 at 01:52:22PM +0200, Nicolas CARPi wrote: > Hello, > > Please find attached a little patch for the "strict-sni" configuration > documentation, which had incorrect grammar. Now merged, thank you! Willy

Re: [PATCH] MINOR: systemd: Include MONOTONIC_USEC field in RELOADING=1 message

On Thu, 4 Apr 2024 at 16:00, Tim Düsterhus wrote: > > Hi > > On 4/4/24 14:35, William Lallemand wrote: > > I'm not against merging this, but I don't see any change comparing to the > > current model? > > > > I mainly stumbled upon this new mode in the documentation while looking > into replacing

Re: [PATCH] MINOR: systemd: Include MONOTONIC_USEC field in RELOADING=1 message

On Thu, Apr 04, 2024 at 04:00:16PM +0200, Tim Düsterhus wrote: > Hi > > On 4/4/24 14:35, William Lallemand wrote: > > I'm not against merging this, but I don't see any change comparing to the > > current model? > > > > I mainly stumbled upon this new mode in the documentation while looking into

Re: [PATCH] MINOR: systemd: Include MONOTONIC_USEC field in RELOADING=1 message

Hi On 4/4/24 14:35, William Lallemand wrote: I'm not against merging this, but I don't see any change comparing to the current model? I mainly stumbled upon this new mode in the documentation while looking into replacing libsystemd, where you beat me to it :-) My understanding is that it

Re: [PATCH] MINOR: systemd: Include MONOTONIC_USEC field in RELOADING=1 message

On Wed, Apr 03, 2024 at 10:39:16PM +0200, Tim Duesterhus wrote: > As per the `sd_notify` manual: > > > A field carrying the monotonic timestamp (as per CLOCK_MONOTONIC) formatted > > in decimal in μs, when the notification message was generated by the client. > > This is typically used in

Re: [PATCH 0/1] CI: extend Fedora Rawhide to run x86 bit as well

On Wed, Apr 03, 2024 at 08:56:21PM +0200, Ilya Shipitsin wrote: > it seems to be the easiest to build "m32" on Fedora comparing to Ubuntu, let's > stick on that for a while OK, now merged, we'll see. Thank you! Willy

Re: How to check if a domain is known to HAProxy

On 4/3/24 06:02, Froehlich, Dominik wrote: I fear that strict-sni won’t get us far. The issue is that the SNI is just fine (it is in the crt-list), however we also need to check if the host-header is part of the crt-list. E.g. William's answer should work. The strict-sni setting makes sure

Re: How to check if a domain is known to HAProxy

lemand Date: Wednesday, 3. April 2024 at 11:31 To: Froehlich, Dominik Cc: haproxy@formilux.org Subject: Re: How to check if a domain is known to HAProxy On Wed, Apr 03, 2024 at 07:47:44AM +, Froehlich, Dominik wrote: > Subject: How to check if a domain is known to HAProxy > He

Re: How to check if a domain is known to HAProxy

On Wed, Apr 03, 2024 at 07:47:44AM +, Froehlich, Dominik wrote: > Subject: How to check if a domain is known to HAProxy > Hello everyone, > > This may be kind of a peculiar request. > > We have the need to block requests that are not in the crt-list of our > frontend. > > So, the

Re: Error While deviceatlas 3.2.2 and haproxy 2.9.6 make from source

On Wed, Apr 03, 2024 at 06:21:22AM +0100, David CARLIER wrote: > Hi all, > > Thanks for your report. This is a known issue the 3.2.3 release is > scheduled within this month. Even better :-) Thanks David! Willy

Re: Error While deviceatlas 3.2.2 and haproxy 2.9.6 make from source

Hi all, Thanks for your report. This is a known issue the 3.2.3 release is scheduled within this month. Regards. On Wed, 3 Apr 2024 at 04:38, Willy Tarreau wrote: > Hello, > > On Wed, Apr 03, 2024 at 05:21:03AM +0530, Mahendra Patil wrote: > > /opt/deviceatlas/Src//dac.c: In function

Re: Error While deviceatlas 3.2.2 and haproxy 2.9.6 make from source

Hello, On Wed, Apr 03, 2024 at 05:21:03AM +0530, Mahendra Patil wrote: > /opt/deviceatlas/Src//dac.c: In function âtoverdecâ: > /opt/deviceatlas/Src//dac.c:714:13: warning: implicit declaration of > function â__builtin_sadd_overflowâ [-Wimplicit-function-declaration] > if

Re: Dataplane exits at haproxytech/haproxy-ubuntu:2.9 in Containers

Hi. On 2024-03-18 (Mo.) 12:19, William Lallemand wrote: On Sun, Mar 17, 2024 at 07:53:17PM +0100, Aleksandar Lazic wrote: Hi. Looks like there was a similar question in the forum https://discourse.haproxy.org/t/trouble-with-starting-the-data-plane-api/9200 Any idea how to fix this?

Re: [PATCH 0/1] CI improvement, display coredumps if any

On Wed, Mar 27, 2024 at 04:49:53PM +0100, Ilya Shipitsin wrote: > it is pretty rare case, however displaying "bt" may provide some ideas what > went wrong Applied, thanks Ilya! I think this will sometimes be quite helpful because till now it was only "grrr... sig11 and we don't know why". Willy

Re: [PATCH 1/2] REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+ (4)

Hi Tim! On Fri, Mar 29, 2024 at 05:12:47PM +0100, Tim Duesterhus wrote: > Introduced in: > > dfb1cea69 REGTESTS: promex: Adapt script to be less verbose > 36d936dd1 REGTESTS: write a full reverse regtest > b57f15158 REGTESTS: provide a reverse-server test with name argument > f0bff2947 REGTESTS:

Re: [PATCH] MEDIUM: lb-chash: Deterministic node hashes based on server address

Hi Anthony, On Mon, Apr 01, 2024 at 11:47:54AM -0400, Anthony Deschamps wrote: > Hi Willy, > > Those changes are easy enough to make, so I've attached the patch again > with those changes. I had to make a few small adjustments to the commit > message anyway (some things that changed as a result

Re: [PATCH] MEDIUM: lb-chash: Deterministic node hashes based on server address

Hi Willy, Those changes are easy enough to make, so I've attached the patch again with those changes. I had to make a few small adjustments to the commit message anyway (some things that changed as a result of reviewing this path). Let me know if there's anything else that I can help with. Thank

Re: Help tracking "connection refused" under pressure on v2.9

Hi Willy, On Fri, 29 Mar 2024 07:17:56 +0100 Willy Tarreau wrote: > > These "connection refused" is from our watchdog; but the effects are as > > perceptible from the outside. When our watchdog hits this situation, > > it will forcefully restart HAProxy (we have 2 instances) because there > >

Re: Help tracking "connection refused" under pressure on v2.9

Hi Ricardo, On Thu, Mar 28, 2024 at 06:21:16PM -0300, Ricardo Nabinger Sanchez wrote: > Hi Willy, > > On Thu, 28 Mar 2024 04:37:11 +0100 > Willy Tarreau wrote: > > > Thanks guys! So there seems to be an annoying bug. However I'm not sure > > how this is related to your "connection refused",

Re: RFC: PKCS#11 create private keys in worker process

"Did you identify why the fork was causing an issue? We should probably try to understand this before, it could be something stupid in haproxy's code or in the pkcs11 provider." - PKCS#11 drivers contain session objects and handles to private keys in the HSM; these session objects and handles

Re: Help tracking "connection refused" under pressure on v2.9

Hi Willy, On Thu, 28 Mar 2024 04:37:11 +0100 Willy Tarreau wrote: > Thanks guys! So there seems to be an annoying bug. However I'm not sure > how this is related to your "connection refused", except if you try to > connect at the moment the process crashes and restarts, of course. I'm > seeing

Re: RFC: PKCS#11 create private keys in worker process

On Thu, Mar 28, 2024 at 08:26:58AM +0800, Richard Chan wrote: > Hello, > > This is an RFC to recreate private keys in the worker process > for PKCS#11, so that HSM keys can be used in -W mode. > > - ssl_ckch.c: add map of ckch_data to PEM data > - ssl_sock.c: add map of SSL_CTX* to ckch_data > -

Re: About the SPOE

Thanks Lokesh, Abhijeet and Aleksandar for your feedback. This truly help us. Thanks too to Pierre and Mattia for their feedback on the request mirroring. Rest assured that we take this into account in our reflections. After some internal discussions and also regarding to feedback we had

Re: [PATCH] BUG/MINOR: server: fix persistence cookie for dynamic servers

On Wed, Mar 27, 2024 at 02:34:25PM +, Damien Claisse wrote: > When adding a server dynamically, we observe that when a backend has a > dynamic persistence cookie, the new server has no cookie as we receive > the following HTTP header: > set-cookie: test-cookie=; Expires=Thu, 01-Jan-1970

Re: Help tracking "connection refused" under pressure on v2.9

On Wed, Mar 27, 2024 at 02:26:47PM -0300, Ricardo Nabinger Sanchez wrote: > On Wed, 27 Mar 2024 11:06:39 -0300 > Felipe Wilhelms Damasio wrote: > > > kernel: traps: haproxy[2057993] trap invalid opcode ip:5b3e26 > > sp:7fd7c002f100 error:0 in haproxy[42c000+1f7000] > > We managed to get a core

Re: Help tracking "connection refused" under pressure on v2.9

On Wed, 27 Mar 2024 11:06:39 -0300 Felipe Wilhelms Damasio wrote: > kernel: traps: haproxy[2057993] trap invalid opcode ip:5b3e26 > sp:7fd7c002f100 error:0 in haproxy[42c000+1f7000] We managed to get a core file, and so created ticket #2508 (https://github.com/haproxy/haproxy/issues/2508) with

Re: Help tracking "connection refused" under pressure on v2.9

On Wed, 27 Mar 2024 11:06:39 -0300 Felipe Wilhelms Damasio wrote: > kernel: traps: haproxy[2057993] trap invalid opcode ip:5b3e26 sp:7fd7c002f100 > error:0 in haproxy[42c000+1f7000] In our build, this would be where instruction pointer was: (gdb) list *0x5b10e6 0x5b10e6 is in __task_queue

Re: Help tracking "connection refused" under pressure on v2.9

Hi, We've confirmed a few findings after we poured ~75-80Gbps of traffic on purpose on a single machine: - haproxy does indeed crashes; - hence, we have no stats socket to collect a few things; It seems that under pressure (not sure which conditions yet) the kernel seems to be killing it. dmesg

Re: [PATCH] MEDIUM: lb-chash: Deterministic node hashes based on server address

Hi again Anthony, I'm still having a few comments, but I think nothing that I cannot address while merging it: On Wed, Mar 13, 2024 at 12:33:54PM -0400, Anthony Deschamps wrote: > +static inline u32 chash_compute_server_key(struct server *s) > +{ > + u32 key = 0; > + struct

Re: [PATCH] BUG/MINOR: server: fix persistence cookie for dynamic servers

ortunity to revisit this. What we observed is > that, even with dynamic servers, calling “set server bkd1/srv1 addr a.b.c.d” > would re-add the dynamic cookie for this server, and calling “enable > dynamic-cookie backend bkd1” would re-compute cookie for all servers in the &g

Re: [PATCH] MEDIUM: lb-chash: Deterministic node hashes based on server address

Hi Anthony, On Sun, Mar 24, 2024 at 10:11:41PM -0400, Anthony Deschamps wrote: > Hi Willy, > > I'm just checking in to see if there's anything left I can help address here. Thanks for the ping and sorry for the delay. It just fell through the cracks in the middle of all other stuff I'm

Re: About the SPOE

Hi Lokesh, On Tue, Mar 26, 2024 at 12:10:53AM +, Lokesh Jindal wrote: > Hey Willy > > Resending this email in case you missed the last one. Let me know if you had > any follow up questions/comments. > I saw https://github.com/haproxy/haproxy/issues/2502 created by Christopher - > looking

Re: About the SPOE

, March 18, 2024 at 4:55 PM To: Willy Tarreau Cc: Abhijeet Rastogi , Christopher Faulet , haproxy@formilux.org , Aleksandar Lazic Subject: Re: About the SPOE Hey Willy Please see my response inline below. - Lokesh From: Willy Tarreau Date: Monday, March 18, 2024 at 4:08 AM To: Lokesh Jindal Cc

Re: [PATCH] MEDIUM: lb-chash: Deterministic node hashes based on server address

case SRV_HASH_KEY_ADDR: > > switch (srv_addr.family) { > > case AF_INET: > > -u32 addr_key = full_hash(srv_addr.addr.v4.s_addr); > > -key ^= addr_key + 0x9e3779b9 + (key << 6) + (key >> 2); > > +key = full_hash(key + srv_addr.addr.v4.s_addr); > > break; > > case AF_INET6: > > key = XXH32(srv_addr.addr.v6.s6_addr, 16, key); > > Yeay I think it addresses everything. I'll re-test your updated patch > tomorrow hoping that this time I'll merge it :-) > > Thanks for your patience! > Willy

Re: [PATCH] BUG/MINOR: server: fix persistence cookie for dynamic servers

” would re-add the dynamic cookie for this server, and calling “enable dynamic-cookie backend bkd1” would re-compute cookie for all servers in the backend. It is expected as in these calls code path there is a call to srv_set_dyncookie(). So there currently is at least a partial support for dynamic

Re: [PATCH] BUG/MINOR: server: fix persistence cookie for dynamic servers

On Thu, Mar 21, 2024 at 02:37:06PM +, Damien Claisse wrote: > When adding a server dynamically, we observe that when a backend has a > dynamic persistence cookie, the new server has no cookie as we receive > the following HTTP header: > set-cookie: test-cookie=; Expires=Thu, 01-Jan-1970

Re: [PR] FEATURE: load private keys from PKCS#11 pkcs11-provider PEM files

On Thu, Mar 21, 2024 at 10:58:17AM +0100, William Lallemand wrote: > On Thu, Mar 21, 2024 at 05:34:12PM +0800, Richard Chan wrote: > > Yes I would be happy to include HAProxy with pkcs11-provider examples. > > > > Great, thank you! > > I made a `PKCS11 provider` >

Re: [PR] FEATURE: load private keys from PKCS#11 pkcs11-provider PEM files

On Thu, Mar 21, 2024 at 05:34:12PM +0800, Richard Chan wrote: > Yes I would be happy to include HAProxy with pkcs11-provider examples. > Great, thank you! I made a `PKCS11 provider` https://github.com/haproxy/wiki/wiki/OpenSSL-Providers-in-HAProxy#pkcs11-provider that you could edit once we

Re: [PR] FEATURE: load private keys from PKCS#11 pkcs11-provider PEM files

Yes I would be happy to include HAProxy with pkcs11-provider examples. On Thu, 21 Mar 2024, 16:43 William Lallemand, wrote: > On Thu, Mar 21, 2024 at 10:39:58AM +0800, Richard Chan wrote: > > Subject: Re: [PR] FEATURE: load private keys from PKCS#11 > pkcs11-provider PEM files &g

Re: [PR] FEATURE: load private keys from PKCS#11 pkcs11-provider PEM files

On Thu, Mar 21, 2024 at 10:39:58AM +0800, Richard Chan wrote: > Subject: Re: [PR] FEATURE: load private keys from PKCS#11 pkcs11-provider PEM > files > On Thu, 21 Mar 2024, 00:15 William Lallemand, wrote > > > > > We made test in the past with the TPM2 provid

Re: [PR] FEATURE: load private keys from PKCS#11 pkcs11-provider PEM files

On Thu, 21 Mar 2024, 00:15 William Lallemand, wrote > > We made test in the past with the TPM2 provider which also uses a URI in > the privatekey: > > https://github.com/haproxy/wiki/wiki/OpenSSL-Providers-in-HAProxy#tpm2-provider Further testing shows that this PR is not needed. Sorry for the

Re: [PR] FEATURE: load private keys from PKCS#11 pkcs11-provider PEM files

1-provider whether they can implement a store loader. Re current MWORKER problem (before any solution in 3.1!) - [RFC] Delayed private key loading - check if we are in MWORKER mode then skip EVP_PKEY loading in master for all PKCS#11 keys Hmmm - how to identify such keys? Maybe .crt file has a

Re: [PR] FEATURE: load private keys from PKCS#11 pkcs11-provider PEM files

On Wed, Mar 20, 2024 at 05:15:47PM +0100, William Lallemand wrote: > >TODO: This PR works > >without forking (i.e., not in master-worker mode) as PKCS#11 drivers > >are fragile after fork. > >To use PKCS#11 keys in master-worker mode, > >we need to defer key loading to the

Re: [PR] FEATURE: load private keys from PKCS#11 pkcs11-provider PEM files

On Wed, Mar 20, 2024 at 06:23:03AM +, PR Bot wrote: > Subject: [PR] FEATURE: load private keys from PKCS#11 pkcs11-provider PEM > files > Dear list! > > Author: S-P Chan > Number of patches: 1 > > This is an automated relay of the Github pull request: >FEATURE: load private keys from

RE: RE: RSA Conference Attendees Data List 2024

� � Hi, Hope you’re doing well. Do you have any updates for me!? Please let me know if you require any further information. With Regards Alice Sol � From: Alice Sol � [mailto:alice.best...@gmail.com] Sent: Monday, March 18, 2024 8:42 AM To: 'haproxy@formilux.org' Subject: RE: RSA

RE: RE: RSA Conference Attendees Emails List 2024

: RE: RSA Conference Attendees Emails List 2024 Importance: High 䑵 Hi, 摵 Hope you’re doing well. 䑷 Would you be interested in acquiring RSA Conference Attendees Emails List 2024? 摵 List Includes:- Company/Org-Name, First Name, Last Name, Contact Job Title, Verified Email Address, Website

Re: About the SPOE

Hey Willy Please see my response inline below. - Lokesh From: Willy Tarreau Date: Monday, March 18, 2024 at 4:08 AM To: Lokesh Jindal Cc: Abhijeet Rastogi , Christopher Faulet , haproxy@formilux.org , Aleksandar Lazic Subject: Re: About the SPOE Hi Lokesh, Abhijeet, Alex, First, thanks

RE: Attendee List - RSA Conference 2024

Hi, May I go ahead and send you the contacts and pricing details for your review? Looking forward to your response... Best Regards, Marla Dicandia _ From: Marla Dicandia Sent: Wednesday, March 6, 2024 9:33 AM To: haproxy@formilux.org Subject: RE

Re: [PATCH 0/2] CI entropy adjust (clang asan fix) and spell fixes

On Sun, Mar 17, 2024 at 05:01:37PM +0100, Ilia Shipitsin wrote: > couple of patches > 1) spell fixes > 2) CI sysctl to make new ubuntu kernels and asan friends again Now merged, thanks for dealing with this Ilya. I understood from the GH issue that we can hope to remove it by the end of this

RE: RSA Conference Attendees Data List 2024

Hi, ꓣ ꓣWould you be interested in acquiring RSA Conference Attendees Data List 2024 ꓣ ꓣNumber of Contacts :-30,852 ꓣCost :- $1,752 ꓣ ꓣInterested? Let me know your thoughts and advice on the next steps.  ꓣKind Regards, Alice Sol

Re: Dataplane exits at haproxytech/haproxy-ubuntu:2.9 in Containers

On Sun, Mar 17, 2024 at 07:53:17PM +0100, Aleksandar Lazic wrote: > Hi. > > Looks like there was a similar question in the forum > https://discourse.haproxy.org/t/trouble-with-starting-the-data-plane-api/9200 > > Any idea how to fix this? > Honestly no idea, you should try an issue there:

Re: About the SPOE

Hi Lokesh, Abhijeet, Alex, First, thanks for jumping into this thread, the purpose of the deprecation is in a big part to try to collect the requirements of possibly existing users. Mind you that the rare times we hear about SPOE is only because of problems, so it's difficult to figure what to

Re: Dataplane exits at haproxytech/haproxy-ubuntu:2.9 in Containers

Hi. Looks like there was a similar question in the forum https://discourse.haproxy.org/t/trouble-with-starting-the-data-plane-api/9200 Any idea how to fix this? Regards Alex On 2024-03-13 (Mi.) 00:11, Aleksandar Lazic wrote: Hi. I try to run dataplane as "random" user inside haproxy.cfg.

Re: About the SPOE

Hi. On 2024-03-15 (Fr.) 15:09, Christopher Faulet wrote: Hi all, It was evoked on the ML by Willy and mentioned in few issues on GH. It is now official. The SPOE was marked as deprecated for the 3.0. It is not a pleasant announce because it is always an admission of failure to remove a

[Calendly] Re: Fastest Way to Elevate Your Online Presence

##- Please type your reply above this line -## Your request (2655816) has been updated. To add additional comments, reply to this email. -- Hi Maryam, Thanks again for reaching outt earlier! Since you are new to Calendly, I want to be sure you have

Re: About the SPOE

isolation (as much as possible) and observability, we will be happy to help develop/maintain it. - Lokesh From: Abhijeet Rastogi Date: Friday, March 15, 2024 at 8:23 AM To: Christopher Faulet Cc: haproxy@formilux.org Subject: Re: About the SPOE Hi Christopher, Thank you for starting

<    1   2   3   4   5   6   7   8   9   10   >