Hi, things are getting much better. We fixed a large number of remaining issues in the multi-threaded code (mostly unmatched locks), and various issues in the HTTP/2 code causing some streams either time out or some connections to be closed before the end of the response could be transmitted. There were also some issues in the HTTP/1 response parser used by the HTTP/2 gateway causing spinning loops on certain invalid responses such as status codes made of more than 3 digits, or on chunked responses filling the buffer. Also, the HTTP/1 parser now properly blocks "PRI" requests which are in fact caused by an HTTP/2 preface sent to a TCP frontend relaying to an HTTP backend.
There was an issue with the multi-threaded task scheduler converging in O(N) when long series of tasks were running on the same thread, as triggered with HTTP/2 benchmarks. This was addressed so that it now does O(log(N)) again. So if you have run some benchmarks of H/2 with multithreaded and were surprised with some low performance results, you'll have to run them again :-) It's suspected that the applets scheduler will need the same change by the way, because while it used to endure little stress, with the cache that may change quite a bit. The code is now expected to build fine again on Solaris since SPIN_LOCK macros were renamed to HA_SPIN_LOCK, and the server-side 0-rtt TLS-1.3 code should now work. In master-worker mode, the pid file now only reports the parent's pid, which is more consistent with what is done by most other deamons and is more friendly to many tools. Nothing changed for the legacy multi-process mode however. I've run a number of tests on this one and could not freeze it nor crash it anymore. It even survived 100 million stats requests over H/2 with threads enabled without any error, something which previously would cause a few timeouts or spinning loops. I'm going to deploy 1.8-rc3 with threads enabled on haproxy.org now and watch it a little bit. We still have some cleanups to do in the code, and we have more or less decided what to do to address the HTTP2/cache/filters incompatibilities so hopefully cache+HTTP/2 will work fine together in rc4. While I used to say "be extremely careful" till rc2, I'd now say that you may want to give it a try on a single server if you're able to quickly take it out or roll back in case of outage. Please at least try to collect a core file if you see it crash, as there's no more known case where this is expected to happen. And please keep in mind that the HTTP/2 and multi-thread features are still experimental, so in case of trouble, just disable H2 and/or threads and see if the issue persists. Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse : http://discourse.haproxy.org/ Sources : http://www.haproxy.org/download/1.8/src/ Git repository : http://git.haproxy.org/git/haproxy-1.8.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy-1.8.git Changelog : http://www.haproxy.org/download/1.8/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ PS: I messed up during the first upload and force-pushed it again after checking in the logs that nobody tried to pull it. In case you have an automated mirror that reports an error, it's my fault and you'll have to fix it by hand. The code doesn't differ at all, it's just that the last commit with the changelog used to happen twice. Willy --- Complete changelog : Christopher Faulet (4): BUILD: threads: Rename SPIN/RWLOCK macros using HA_ prefix BUILD: enable USE_THREAD for Solaris build. BUG/MEDIUM: stream-int: Don't loss write's notifs when a stream is woken up BUG/MINOR: pattern: Rely on the sample type to copy it in pattern_exec_match Daniel Schneller (1): DOC: Add note about encrypted password CPU usage Emeric Brun (2): BUG/MEDIUM: splice/threads: pipe reuse list was not protected. BUG/MINOR: comp: fix compilation warning compiling without compression. Olivier Houchard (7): BUILD: use MAXPATHLEN instead of NAME_MAX. BUG/MINOR: dns: Don't try to get the server lock if it's already held. BUG/MINOR: dns: Don't lock the server lock in snr_check_ip_callback(). BUG/MINOR; ssl: Don't assume we have a ssl_bind_conf because a SNI is matched. MINOR: ssl: Handle session resumption with TLS 1.3 MINOR: ssl: Spell 0x10101000L correctly. MINOR: ssl: Handle sending early data to server. William Lallemand (4): MINOR: add master-worker in the warning about nbproc MINOR: mworker: allow pidfile in mworker + foreground MINOR: mworker: write parent pid in the pidfile MINOR: mworker: do not store child pid anymore in the pidfile Willy Tarreau (56): BUG/MAJOR: threads/checks: add 4 missing spin_unlock() in various functions BUG/MAJOR: threads/server: missing unlock in CLI fqdn parser BUG/MINOR: cli: do not perform an invalid action on "set server check-port" BUG/MAJOR: threads/checks: wrong use of SPIN_LOCK instead of SPIN_UNLOCK CLEANUP: checks: remove return statements in locked functions BUG/MINOR: cli: add severity in "set server addr" parser CLEANUP: server: get rid of return statements in the CLI parser BUG/MAJOR: cli/streams: missing unlock on exit "show sess" BUG/MAJOR: threads/dns: add missing unlock on allocation failure path BUG/MAJOR: threads/lb: fix missing unlock on consistent hash LB BUG/MAJOR: threads/lb: fix missing unlock on map-based hash LB BUG/MEDIUM: threads/stick-tables: close a race condition on stktable_trash_expired() BUG/MAJOR: h2: set the connection's task to NULL when no client timeout is set BUG/MAJOR: thread/listeners: enable_listener must not call unbind_listener() BUG/MEDIUM: threads: don't try to free build option message on exit MINOR: applets: no need to check for runqueue's emptiness in appctx_res_wakeup() MINOR: ebtree: implement the scope-aware functions for eb32 MEDIUM: ebtree: specify the scope of every node inserted via eb32sc MINOR: ebtree: update the eb32sc parent node's scope on delete MEDIUM: ebtree: only consider the branches matching the scope in lookups MINOR: ebtree: implement eb32sc_lookup_ge_or_first() MAJOR: task: make use of the scope-aware ebtree functions MINOR: task: simplify wake_expired_tasks() to avoid unlocking in the loop MEDIUM: task: change the construction of the loop in process_runnable_tasks() MINOR: threads: use faster locks for the spin locks MINOR: tasks: only visit filled task slots after processing them MEDIUM: tasks: implement a lockless scheduler for single-thread usage BUG/MINOR: h2: set the "HEADERS_SENT" flag on stream, not connection BUG/MEDIUM: h2: properly send an RST_STREAM on mux stream error BUG/MEDIUM: h2: properly send the GOAWAY frame in the mux BUG/MEDIUM: h2: don't try (and fail) to send non-existing data in the mux MEDIUM: h2: remove the H2_SS_RESET intermediate state BUG/MEDIUM: h2: fix some wrong error codes on connections BUG/MEDIUM: h2: don't close the connection is there are data left MINOR: h2: don't re-enable the connection's task when we're closing BUG/MEDIUM: h2: properly set H2_SF_ES_SENT when sending the final frame BUG/MINOR: h2: correctly check for H2_SF_ES_SENT before closing MINOR: h2: add new stream flag H2_SF_OUTGOING_DATA BUG/MINOR: h2: don't send GOAWAY on failed response BUG/MINOR: stream-int: don't set MSG_MORE on closed request path BUG/MAJOR: threads/tasks: fix the scheduler again BUILD: ssl: fix build of backend without ssl BUILD: shctx: do not depend on openssl anymore BUG/MINOR: h1: the HTTP/1 make status code parser check for digits BUG/MEDIUM: h2: reject non-3-digit status codes BUG/MEDIUM: h2: split the function to send RST_STREAM BUG/MEDIUM: h1: ensure the chunk size parser can deal with full buffers MINOR: tools: don't use unlikely() in hex2i() BUG/MEDIUM: h2: support orphaned streams BUG/MEDIUM: threads/cli: fix "show sess" locking on release CLEANUP: mux: remove the unused "release()" function MINOR: cli: make "show fd" report the fd's thread mask BUG/MEDIUM: stream: don't ignore res.analyse_exp anymore CLEANUP: global: introduce variable pid_bit to avoid shifts with relative_pid MEDIUM: http: always reject the "PRI" method [RELEASE] Released version 1.8-rc3 ---