Re: [ANNOUNCE] haproxy-1.9-dev5

[Aleksandar Lazic]

Hi.

Am 28.10.2018 um 21:01 schrieb Willy Tarreau:
> Hi,
> 
> HAProxy 1.9-dev5 was released on 2018/10/28. It added 58 new commits
> after version 1.9-dev4.

Image is updated.

https://hub.docker.com/r/me2digital/haproxy19/

##
HA-Proxy version 1.9-dev5 2018/10/28
Copyright 2000-2018 Willy Tarreau 

Build options :
  TARGET  = linux2628
  CPU = generic
  CC  = gcc
  CFLAGS  = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv
-Wno-unused-label -Wno-sign-compare -Wno-unused-parameter
-Wno-old-style-declaration -Wno-ignored-qualifiers -Wno-clobbered
-Wno-missing-field-initializers -Wtype-limits
  OPTIONS = USE_LINUX_SPLICE=1 USE_GETADDRINFO=1 USE_ZLIB=1 USE_REGPARM=1
USE_OPENSSL=1 USE_LUA=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_TFO=1

Default settings :
  maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Built with OpenSSL version : OpenSSL 1.1.1  11 Sep 2018
Running on OpenSSL version : OpenSSL 1.1.1  11 Sep 2018
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3
Built with Lua version : Lua 5.3.5
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT
IP_FREEBIND
Encrypted password support via crypt(3): yes
Built with multi-threading support.
Built with PCRE version : 8.32 2012-11-30
Running on PCRE version : 8.32 2012-11-30
PCRE library supports JIT : yes
Built with zlib version : 1.2.7
Running on zlib version : 1.2.7
Compression algorithms supported : identity("identity"), deflate("deflate"),
raw-deflate("deflate"), gzip("gzip")
Built with network namespace support.

Available polling systems :
  epoll : pref=300,  test result OK
   poll : pref=200,  test result OK
 select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

Available multiplexer protocols :
(protocols markes as  cannot be specified using 'proto' keyword)
  h2 : mode=HTTP   side=FE
: mode=TCP|HTTP   side=FE|BE

Available filters :
[SPOE] spoe
[COMP] compression
[TRACE] trace
##

Regards
Aleks

> This version continues to merge new features and addresses some issues
> that came in -dev4 regarding stream processing. For now it's working
> rather well given the complexity of the changes, eventhough we still
> expect to resurrect some deeply burried issues due to the significant
> change of I/O scheduling.
> 
> Among the new features merged, I can list these ones :
>   - when running in master/worker mode, the master can now have its own
> CLI socket, and implements a proxy able to connect to all worker
> processes. It will even be able to reach older processes soon, so
> that we can kill an old cnonection preventing an old process from
> quitting, or simply figure why an old process doesn't quit. Some
> more updates are coming on this part (prompt will be disabled by
> default, older processes not joinable now, some doc etc).
> 
>   - the HTTP small object cache can now cache objects larger than a
> buffer. The new size limit defaults to 1/256 of the cache size but
> can be changed with "max-object-size".
> 
>   - the cache now implements the Age HTTP header field.
> 
> The rest is mostly infrastructure updates for the upcoming code, and
> fixes for various issues. It's worth noting that Lukas has addressed
> an interesting issue with HTTP authentication where the private
> connection mistakenly had precedence over the load balancing algorithm
> in order to cover NTLM/Negotiate. This one will be backported to 1.8.
> 
> Developers might like the addition of the ERR variable to the makefile
> to automatically add -Werror.
> 
> For now what I'm seeing overall looks pretty good. We've again put the
> finger on some old stuff around the stream interface flag SI_FL_WAIT_ROOM,
> which we expected could easily replace channel_may_recv(), until the old
> dirty zombies in the code decided to fight back :-)  It's the first time
> I've seen a 3-hours 3-person meeting dedicated to a single flag! But I
> think we've found how to address this old crap so that we can rebase the
> changes related to the internal native HTTP representation (codenamed HTX).
> 
> I'll try to issue -dev6 next week-end, eventhough this week will be short
> for some of us. Ideally if we could merge the HTX code next week-end, we
> could then switch to testing and debugging to stabilize all this stuff.
> 
> Please find the usual URLs below :
>Site index   : http://www.haproxy.org/
>Discourse: http://discourse.haproxy.org/
>Sources  : http://www.haproxy.org/download/1.9/src/
>Git repository   : http://git.haproxy.org/git/haproxy.git/
>Git Web browsing : http://git.haproxy.org/?p=haproxy.git
>Changelog: http://www.haproxy.org/download/1.9/src/CHANGELOG
>Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/
> 
> Willy
> ---
> Complete changelog :
> Christopher Faulet (3):
>

[ANNOUNCE] haproxy-1.9-dev5

[Willy Tarreau]

Hi,

HAProxy 1.9-dev5 was released on 2018/10/28. It added 58 new commits
after version 1.9-dev4.

This version continues to merge new features and addresses some issues
that came in -dev4 regarding stream processing. For now it's working
rather well given the complexity of the changes, eventhough we still
expect to resurrect some deeply burried issues due to the significant
change of I/O scheduling.

Among the new features merged, I can list these ones :
  - when running in master/worker mode, the master can now have its own
CLI socket, and implements a proxy able to connect to all worker
processes. It will even be able to reach older processes soon, so
that we can kill an old cnonection preventing an old process from
quitting, or simply figure why an old process doesn't quit. Some
more updates are coming on this part (prompt will be disabled by
default, older processes not joinable now, some doc etc).

  - the HTTP small object cache can now cache objects larger than a
buffer. The new size limit defaults to 1/256 of the cache size but
can be changed with "max-object-size".

  - the cache now implements the Age HTTP header field.

The rest is mostly infrastructure updates for the upcoming code, and
fixes for various issues. It's worth noting that Lukas has addressed
an interesting issue with HTTP authentication where the private
connection mistakenly had precedence over the load balancing algorithm
in order to cover NTLM/Negotiate. This one will be backported to 1.8.

Developers might like the addition of the ERR variable to the makefile
to automatically add -Werror.

For now what I'm seeing overall looks pretty good. We've again put the
finger on some old stuff around the stream interface flag SI_FL_WAIT_ROOM,
which we expected could easily replace channel_may_recv(), until the old
dirty zombies in the code decided to fight back :-)  It's the first time
I've seen a 3-hours 3-person meeting dedicated to a single flag! But I
think we've found how to address this old crap so that we can rebase the
changes related to the internal native HTTP representation (codenamed HTX).

I'll try to issue -dev6 next week-end, eventhough this week will be short
for some of us. Ideally if we could merge the HTX code next week-end, we
could then switch to testing and debugging to stabilize all this stuff.

Please find the usual URLs below :
   Site index   : http://www.haproxy.org/
   Discourse: http://discourse.haproxy.org/
   Sources  : http://www.haproxy.org/download/1.9/src/
   Git repository   : http://git.haproxy.org/git/haproxy.git/
   Git Web browsing : http://git.haproxy.org/?p=haproxy.git
   Changelog: http://www.haproxy.org/download/1.9/src/CHANGELOG
   Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/

Willy
---
Complete changelog :
Christopher Faulet (3):
  CLEANUP: http: Remove the unused function http_find_header
  MINOR: h1: Export some functions parsing the value of some HTTP headers
  BUG/MEDIUM: stream-int: don't set SI_FL_WAIT_ROOM on CF_READ_DONTWAIT

Frédéric Lécaille (12):
  MINOR: shctx: Shared objects block by block allocation.
  MINOR: cache: Larger HTTP objects caching.
  MINOR: shctx: Add a maximum object size parameter.
  MINOR: cache: Add "max-object-size" option.
  DOC: Update about the cache support for big objects.
  BUG/MINOR: cache: Crashes with "total-max-size" > 2047(MB).
  BUG/MINOR: cache: Wrong usage of shctx_init().
  BUG/MINOR: ssl: Wrong usage of shctx_init().
  MINOR: cache: Avoid usage of atoi() when parsing "max-object-size".
  MINOR: shctx: Change max. object size type to unsigned int.
  DOC: cache: Missing information about "total-max-size" and 
"max-object-size"
  MINOR: cache: Add "Age" header.

Ioannis Cherouvim (1):
  CLEANUP: tools: fix misleading comment above function LIM2A

Lukas Tribus (2):
  BUG/MINOR: only mark connections private if NTLM is detected
  BUG/MINOR: only auto-prefer last server if lb-alg is non-deterministic

Olivier Houchard (1):
  MINOR: stream_interface: Avoid calling si_cs_send/recv if not needed.

William Lallemand (20):
  MINOR: mworker: number of reload in the life of a worker
  MEDIUM: mworker: each worker socketpair is a CLI listener
  REORG: mworker: move struct mworker_proc to global.h
  MINOR: server: export new_server() function
  MEDIUM: mworker: move proc_list gen before proxies startup
  MEDIUM: mworker: add proc_list in global.h
  MEDIUM: mworker: proxy for the master CLI
  MEDIUM: mworker: create CLI listeners from argv[]
  MEDIUM: cli: disable some keywords in the master
  MEDIUM: mworker: find the server ptr using a CLI prefix
  MEDIUM: cli: 'show proc' displays processus
  MEDIUM: cli: implement 'mode cli' proxy analyzers
  MINOR: cli: displays sockpair@ in "show cli sockets"
  MEDIUM: cli: enable "show cli sockets" for the master