Re: [ANNOUNCE] haproxy-2.2-dev7

2020-05-05 Thread Willy Tarreau 
Hi William,

On Tue, May 05, 2020 at 11:57:47PM +0200, William Dauchy wrote:
> > Christopher Faulet (136):
> >   MAJOR: checks: Implement HTTP check using tcp-check rules
> 
> What is funny after this commit is that we wrongly relied on a config
> which was written that way:
>   http-check expect status 200 string passing
> instead of:
>   http-check expect status 200
>   http-check expect string passing
> 
> I first thought about a bad regression even though the documentation
> does not allow it, but `string passing` was never evaluated, and so
> silently ignored; now things are enforced which is better for us to
> see those long standing mistakes ;)

Ah interesting. We have many checks for unused extraneous parameters,
but it's possible that a few still managed to pass through. It might
be good if we can adjust this one to at least emit a warning in older
branches.

Thanks for the feedback!
Willy

Re: [ANNOUNCE] haproxy-2.2-dev7

2020-05-05 Thread William Dauchy 
Hello,

Thank you for this release update!

On Tue, May 5, 2020 at 11:46 PM Willy Tarreau  wrote:
> HAProxy 2.2-dev7 was released on 2020/05/05. It added 205 new commits
> after version 2.2-dev6.
>
> The most visible changes in this version is the rework of the health checks
> that was started by Gaėtan and completed by Christopher. I'll certainly say
> a number of stupidities about all this so I won't enter into details, but the
> main points to be aware of is that the health checks which for 18 years have
> been the ugliest part of the internals have now become smart. They are now
> all internally implemented on top of tcp-check rules, and that these ones
> were improved to satisfy the new requirements. For now all this new stuff is
> not yet fully exploited beyond what is needed for the checks but we can hope
> a lot of new cool stuff in a near future.
>
> In addition, HTTP checks now run over HTX and employ the muxes so they can
> now run over HTTP/1 and HTTP/2, and can separately set headers and body.
> All the elements may be extracted and processed for advanced checks. You
> should refer to the documentation to figure all the details. Please beware
> that the check configuration rules are subject to change a little bit before
> the release but the main principle is already here.

> Christopher Faulet (136):
>   MAJOR: checks: Implement HTTP check using tcp-check rules

What is funny after this commit is that we wrongly relied on a config
which was written that way:
  http-check expect status 200 string passing
instead of:
  http-check expect status 200
  http-check expect string passing

I first thought about a bad regression even though the documentation
does not allow it, but `string passing` was never evaluated, and so
silently ignored; now things are enforced which is better for us to
see those long standing mistakes ;)
Thanks Christopher!

-- 
William

[ANNOUNCE] haproxy-2.2-dev7

2020-05-05 Thread Willy Tarreau 
Hi,

HAProxy 2.2-dev7 was released on 2020/05/05. It added 205 new commits
after version 2.2-dev6.

The most visible changes in this version is the rework of the health checks
that was started by Gaëtan and completed by Christopher. I'll certainly say
a number of stupidities about all this so I won't enter into details, but the
main points to be aware of is that the health checks which for 18 years have
been the ugliest part of the internals have now become smart. They are now
all internally implemented on top of tcp-check rules, and that these ones
were improved to satisfy the new requirements. For now all this new stuff is
not yet fully exploited beyond what is needed for the checks but we can hope
a lot of new cool stuff in a near future.

In addition, HTTP checks now run over HTX and employ the muxes so they can
now run over HTTP/1 and HTTP/2, and can separately set headers and body.
All the elements may be extracted and processed for advanced checks. You
should refer to the documentation to figure all the details. Please beware
that the check configuration rules are subject to change a little bit before
the release but the main principle is already here.

Just before releasing I noticed one minor regtest failure on openssl 1.0.2
only, that I bisected to commit df38f88 ("MINOR: checks: Improve log message
of tcp-checks on success") (which sadly, doesn't have any commit message).
This failure is only about the logged message on check failure. I don't see
any obvious reason why this commit would only affect openssl 1.0.2 so I
guess the issue is somewhere else, and likely not much important.

Aside this there were a number of code cleanups, regtest additions and doc
updates. Among the other pending things I'm aware of is the support for
syslog over TCP and that should be all.

My personal feeling is that the rate of changes is still a bit high this
late in the cycle and that the level of issues remains high as well, and
I would appreciate it when it starts to calm down. I wouldn't be surprized
if we'd release in early June rather than end of May. But there's no rush
and that doesn't make a huge difference, provided it allows us to have an
excellent 2.2.

If you have painful checks in your configs, or some unusual ones, your
feedback will be welcome. If you're facing limitations with your HTTP
checks, it might be the right moment to give this one a try.

Please find the usual URLs below :
   Site index   : http://www.haproxy.org/
   Discourse: http://discourse.haproxy.org/
   Slack channel: https://slack.haproxy.org/
   Issue tracker: https://github.com/haproxy/haproxy/issues
   Sources  : http://www.haproxy.org/download/2.2/src/
   Git repository   : http://git.haproxy.org/git/haproxy.git/
   Git Web browsing : http://git.haproxy.org/?p=haproxy.git
   Changelog: http://www.haproxy.org/download/2.2/src/CHANGELOG
   Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/

Willy
---
Complete changelog :
Baptiste Assmann (3):
  MINOR: ist: add istadv() function
  MINOR: ist: add istissame() function
  MINOR: istbuf: add ist2buf() function

Christopher Faulet (136):
  BUG/MINOR: http-ana: Throw a 500 error if after-response ruleset fails on 
errors
  BUG/MINOR: check: Update server address and port to execute an external 
check
  MINOR: mini-clist: Add functions to iterate backward on a list
  MINOR: checks: Add a way to send custom headers and payload during http 
chekcs
  BUG/MINOR: checks: Respect the no-check-ssl option
  BUG/MEDIUM: server/checks: Init server check during config validity check
  CLEANUP: checks: Don't export anymore init_check and 
srv_check_healthcheck_port
  BUG/MINOR: checks: Forbid tcp-check lines in default section as documented
  MINOR: checks: Stop xform buffers to null-terminated string for tcp-check 
rules
  MINOR: checks: Simplify functions to get step id and comment
  MEDIUM: proxy/checks: Register a keyword to parse tcp-check rules
  MEDIUM: checks: Add implicit tcp-check connect rule
  MAJOR: checks: Refactor and simplify the tcp-check loop
  MINOR: checks: Add the sni option for tcp-check connect rules
  MINOR: checks: Add the via-socks4 option for tcp-check connect rules
  MINOR: checks: Add the alpn option for tcp-check connect rules
  MINOR: ssl: Export a generic function to parse an alpn string
  MINOR: checks: Add the default option for tcp-check connect rules
  MINOR: checks: Add the addr option for tcp-check connect rule
  MEDIUM: checks: Support expression to set the port
  MEDIUM: checks: Support log-format strings for tcp-check send rules
  MINOR: log: Don't depends on a stream to process samples in log-format 
string
  MINOR: log: Don't systematically set LW_REQ when a sample expr is added
  MEDIUM: checks: Add a shared list of tcp-check rules
  MINOR: sample: add htonl converter
  MINOR: sample: add cut_crlf con