Hi,
HAProxy 2.2-dev7 was released on 2020/05/05. It added 205 new commits
after version 2.2-dev6.
The most visible changes in this version is the rework of the health checks
that was started by Gaƫtan and completed by Christopher. I'll certainly say
a number of stupidities about all this so I won't enter into details, but the
main points to be aware of is that the health checks which for 18 years have
been the ugliest part of the internals have now become smart. They are now
all internally implemented on top of tcp-check rules, and that these ones
were improved to satisfy the new requirements. For now all this new stuff is
not yet fully exploited beyond what is needed for the checks but we can hope
a lot of new cool stuff in a near future.
In addition, HTTP checks now run over HTX and employ the muxes so they can
now run over HTTP/1 and HTTP/2, and can separately set headers and body.
All the elements may be extracted and processed for advanced checks. You
should refer to the documentation to figure all the details. Please beware
that the check configuration rules are subject to change a little bit before
the release but the main principle is already here.
Just before releasing I noticed one minor regtest failure on openssl 1.0.2
only, that I bisected to commit df38f88 ("MINOR: checks: Improve log message
of tcp-checks on success") (which sadly, doesn't have any commit message).
This failure is only about the logged message on check failure. I don't see
any obvious reason why this commit would only affect openssl 1.0.2 so I
guess the issue is somewhere else, and likely not much important.
Aside this there were a number of code cleanups, regtest additions and doc
updates. Among the other pending things I'm aware of is the support for
syslog over TCP and that should be all.
My personal feeling is that the rate of changes is still a bit high this
late in the cycle and that the level of issues remains high as well, and
I would appreciate it when it starts to calm down. I wouldn't be surprized
if we'd release in early June rather than end of May. But there's no rush
and that doesn't make a huge difference, provided it allows us to have an
excellent 2.2.
If you have painful checks in your configs, or some unusual ones, your
feedback will be welcome. If you're facing limitations with your HTTP
checks, it might be the right moment to give this one a try.
Please find the usual URLs below :
Site index : http://www.haproxy.org/
Discourse : http://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Sources : http://www.haproxy.org/download/2.2/src/
Git repository : http://git.haproxy.org/git/haproxy.git/
Git Web browsing : http://git.haproxy.org/?p=haproxy.git
Changelog : http://www.haproxy.org/download/2.2/src/CHANGELOG
Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/
Willy
---
Complete changelog :
Baptiste Assmann (3):
MINOR: ist: add istadv() function
MINOR: ist: add istissame() function
MINOR: istbuf: add ist2buf() function
Christopher Faulet (136):
BUG/MINOR: http-ana: Throw a 500 error if after-response ruleset fails on
errors
BUG/MINOR: check: Update server address and port to execute an external
check
MINOR: mini-clist: Add functions to iterate backward on a list
MINOR: checks: Add a way to send custom headers and payload during http
chekcs
BUG/MINOR: checks: Respect the no-check-ssl option
BUG/MEDIUM: server/checks: Init server check during config validity check
CLEANUP: checks: Don't export anymore init_check and
srv_check_healthcheck_port
BUG/MINOR: checks: Forbid tcp-check lines in default section as documented
MINOR: checks: Stop xform buffers to null-terminated string for tcp-check
rules
MINOR: checks: Simplify functions to get step id and comment
MEDIUM: proxy/checks: Register a keyword to parse tcp-check rules
MEDIUM: checks: Add implicit tcp-check connect rule
MAJOR: checks: Refactor and simplify the tcp-check loop
MINOR: checks: Add the sni option for tcp-check connect rules
MINOR: checks: Add the via-socks4 option for tcp-check connect rules
MINOR: checks: Add the alpn option for tcp-check connect rules
MINOR: ssl: Export a generic function to parse an alpn string
MINOR: checks: Add the default option for tcp-check connect rules
MINOR: checks: Add the addr option for tcp-check connect rule
MEDIUM: checks: Support expression to set the port
MEDIUM: checks: Support log-format strings for tcp-check send rules
MINOR: log: Don't depends on a stream to process samples in log-format
string
MINOR: log: Don't systematically set LW_REQ when a sample expr is added
MEDIUM: checks: Add a shared list of tcp-check rules
MINOR: sample: add htonl converter
MINOR: sample: add cut_crlf converter
MINOR: sample: add ltrim converter
MINOR: sample: add rtrim converter
MINOR: checks: Use a name for the healthcheck status enum
MINOR: checks: Add option to tcp-check expect rules to customize error
status
MINOR: checks: Merge tcp-check comment rules with the others at config
parsing
MINOR: checks: Add a sample fetch to extract a block from the input check
buffer
MEDIUM: checks: Add on-error/on-success option on tcp-check expect rules
MEDIUM: checks: Add status-code sample expression on tcp-check expect
rules
MINOR: checks: Relax the default option for tcp-check connect rules
MEDIUM: checks: Add a list of vars to set before executing a tpc-check
ruleset
MINOR: checks: Export the tcpcheck_eval_ret enum
MINOR: checks: Use dedicated function to handle onsuccess/onerror messages
MINOR: checks: Support custom functions to eval a tcp-check expect rules
MEDIUM: checks: Implement redis check using tcp-check rules
MEDIUM: checks: Implement ssl-hello check using tcp-check rules
MEDIUM: checks: Implement smtp check using tcp-check rules
MEDIUM: checks: Implement postgres check using tcp-check rules
MEDIUM: checks: Implement MySQL check using tcp-check rules
MEDIUM: checks: Implement LDAP check using tcp-check rules
MEDIUM: checks: Implement SPOP check using tcp-check rules
MINOR: server/checks: Move parsing of agent keywords in checks.c
MINOR: server/checks: Move parsing of server check keywords in checks.c
MEDIUM: checks: Implement agent check using tcp-check rules
REGTEST: Adapt regtests about checks to recent changes
MINOR: Produce tcp-check info message for pure tcp-check rules only
MINOR: checks: Add an option to set success status of tcp-check expect
rules
MINOR: checks: Improve log message of tcp-checks on success
MINOR: proxy/checks: Move parsing of httpchk option in checks.c
MINOR: proxy/checks: Move parsing of tcp-check option in checks.c
MINOR: proxy/checks: Register a keyword to parse http-check rules
MINOR: proxy/checks: Move parsing of external-check option in checks.c
MINOR: proxy/checks: Register a keyword to parse external-check rules
MEDIUM: checks: Use a shared ruleset to store tcp-check rules
MINOR: checks: Use an indirect string to represent the expect matching
string
MINOR: checks: Introduce flags to configure in tcp-check expect rules
MINOR: standard: Add my_memspn and my_memcspn
MINOR: checks: Add a reverse non-comment rule iterator to get last rule
MAJOR: checks: Implement HTTP check using tcp-check rules
MINOR: checks: Make resume conditions more explicit in tcpcheck_main()
MINOR: connection: Add macros to know if a conn or a cs uses an HTX mux
MEDIUM: checks: Refactor how data are received in tcpcheck_main()
MINOR: checks/obj_type: Add a new object type for checks
BUG/MINOR: obj_type: Handle stream object in obj_base_ptr() function
MINOR: checks: Use the check as origin when a session is created
MINOR: checks: Add a mux proto to health-check and tcp-check connect rule
MINOR: connection: Add a function to install a mux for a health-check
MAJOR: checks: Use the best mux depending on the protocol for health
checks
MEDIUM: checks: Implement default TCP check using tcp-check rules
MINOR: checks: Remove unused code about pure TCP checks
CLEANUP: checks: Reorg checks.c file to be more readable
REGTEST: Fix reg-tests about health-checks to adapt them to recent changes
MINOR: ist: Add a function to retrieve the ist pointer
MINOR: checks: Use ist API as far as possible
BUG/MEDIUM: checks: Be sure to subscribe for sends if outgoing data
remains
MINOR: checks: Use a tree instead of a list to store tcp-check rulesets
BUG/MINOR: checks: Send the right amount of outgoing data for HTTP checks
REGTEST: Add scripts to test based tcp-check health-checks
Revert "MEDIUM: checks: capture groups in expect regexes"
DOC: Add documentation about comments for tcp-check and http-check
directives
DOC: Fix the tcp-check and http-check directives layout
BUG/MEDIUM: checks: Use the mux protocol specified on the server line
MINOR: checks: Support mux protocol definition for tcp and http health
checks
BUG/MINOR: mux-fcgi: Be sure to have a connection as session's origin to
use it
MINOR: checks: Support list of status codes on http-check expect rules
BUG/MEDIUM: checks: Unsubscribe to mux events when a conn-stream is
destroyed
REGTEST: Add a script to validate agent checks
BUG/MINOR: server: Fix server_finalize_init() to avoid unused variable
BUG/MEDIUM: checks: unsubscribe for events on the old conn-stream on
connect
BUG/MINOR: checks: Only use ssl_sock_is_ssl() if compiled with SSL support
BUG/MINOR: checks/server: use_ssl member must be signed
BUG/MEDIUM: sessions: Always pass the mux context as argument to destroy
a mux
BUG/MEDIUM: checks: Destroy the conn-stream before the session
BUG/MINOR: checks: Fix PostgreSQL regex on the authentication packet
MINOR: checks: Support HTTP/2 version (without '.0') for http-check send
rules
MINOR: checks: Use ver keyword to specify the HTTP version for http checks
BUG/MINOR: checks: Remove wrong variable redeclaration
BUG/MINOR: checks: Properly handle truncated mysql server messages
CLEANUP: checks: Remove unused code when ldap server message is parsed
MINOR: checks: Make the use of the check's server more explicit on connect
BUG/MINOR: checks: Avoid incompatible cast when a binary string is parsed
BUG/MINOR: checks: Remove bad call to free() when an expect rule is parsed
BUG/MINOR: checks: Don't lose warning on proxy capability
BUG/MINOR: checks: Set the output buffer length before calling
parse_binary()
MINOR: http-htx: Export functions to update message authority and host
MINOR: checks: Don't support multiple host header for http-check send rule
MINOR: checks: Skip some headers for http-check send rules
MINOR: checks: Keep the Host header and the request uri synchronized
CLEANUP: checks: Fix checks includes
DOC: Fix send rules in the http-check connect example
DOC: Add more info about request formatting in http-check send description
REGTEST: http-rules: Require PCRE or PCRE2 option to run map_redirect
script
BUG/MEDIUM: mux-fcgi: Return from detach if server don't keep the
connection
BUG/MEDIUM: mux_fcgi: Free the FCGI connection at the end of
fcgi_release()
BUG/MEDIUM: mux-fcgi: Fix wrong test on FCGI_CF_KEEP_CONN in fcgi_detach()
BUG/MEDIUM: h1: Don't compare host and authority if only h1 headers are
parsed
BUG/MINOR: sample: Set the correct type when a binary is converted to a
string
MEDIUM: checks/http-fetch: Support htx prefetch from a check for HTTP
samples
DOC: Document the log-format parameter for tcp-check send/send-binary
rules
MINOR: checks: Add support of payload-based sample fetches
MINOR: checks: Add support of be_id, be_name, srv_id and srv_name sample
fetches
MINOR: checks: Add support of server side ssl sample fetches
MINOR: checks: Add support of HTTP response sample fetches
MINOR: http-htx: Support different methods to look for header names
MINOR: checks: Set by default expect rule status to UNKNOWN during parsing
BUG/MINOR: checks: Support multiple HTTP expect rules
REGTEST: checks: Fix sync condition for agent-check
MEDIUM: checks: Support matching on headers for http-check expect rules
BUG/MINOR: da: Fix HTX message prefetch
BUG/MINOR: wurfl: Fix HTX message prefetch
BUG/MINOR: 51d: Fix HTX message prefetch
Damien Claisse (1):
MINOR: log: Add "Tu" timer
Dragan Dosen (1):
BUG/MEDIUM: ssl: fix the id length check within
smp_fetch_ssl_fc_session_id()
Emmanuel Hocdet (1):
MINOR: ssl: add ssl-skip-self-issued-ca global option
Gaetan Rivet (21):
MINOR: server: respect warning and alert semantic
BUG/MINOR: checks: chained expect will not properly wait for enough data
MINOR: checks: Use an enum to describe the tcp-check rule type
MINOR: checks: Simplify connection flag parsing in tcp-check connect
MEDIUM: checks: rewind to the first inverse expect rule of a chain on new
data
MINOR: checks: simplify tcp expect config parser
MINOR: checks: add min-recv tcp-check expect option
MINOR: checks: add linger option to tcp connect
MINOR: checks: define a tcp expect type
MEDIUM: checks: rewrite tcp-check expect block
MINOR: checks: add rbinary expect match type
MEDIUM: checks: capture groups in expect regexes
MINOR: checks: Don't use a static tcp rule list head
MEDIUM: checks: Use a non-comment rule iterator to get next rule
MINOR: checks: Set the tcp-check rule index during parsing
MINOR: checks: define tcp-check send type
MINOR: checks: define a tcp-check connect type
MEDIUM: checks: Associate a session to each tcp-check healthcheck
MINOR: checks/vars: Add a check scope for variables
MEDIUM: checks: Parse custom action rules in tcp-checks
MINOR: checks: Add support to set-var and unset-var rules in tcp-checks
Ilya Shipitsin (3):
CI: run weekly OpenSSL "no-deprecated" builds
CLEANUP: log: fix comment of parse_logformat_string()
CI: cirrus-ci: remove reg-tests/checks/tcp-check-ssl.vtc on CentOS 6
Jerome Magnin (4):
BUG/MINOR: ssl: default settings for ssl server options are not used
MINOR: config: add a global directive to set default SSL curves
DOC: option logasap does not depend on mode
DOC: give a more accurate description of what check does
Joseph C. Sible (1):
MINOR: lua: allow changing port with set_addr
Olivier Doucet (1):
DOC: Improve documentation on http-request set-src
Olivier Houchard (1):
BUG/MEDIUM: http-ana: Handle NTLM messages correctly.
Tim Duesterhus (1):
MINOR: version: Show uname output in display_version()
William Dauchy (2):
BUG/MEDIUM: connections: force connections cleanup on server changes
CLEANUP: connections: align function declaration
William Lallemand (7):
MINOR: ssl/cli: disallow SSL options for directory in 'add ssl crt-list'
MINOR: ssl/cli: restrain certificate path when inserting into a directory
DOC: internals: update the SSL architecture schema
MINOR: contrib: make the peers wireshark dissector a plugin
REGTEST: ssl: test the client certificate authentication
REGTEST: ssl: remove curl from the "add ssl crt-list" test
REGTEST: ssl: improve the "set ssl cert" test
Willy Tarreau (22):
BUG/MINOR: tools: fix the i386 version of the div64_32 function
BUG/MINOR: mux-fcgi/trace: fix wrong set of trace flags in
fcgi_strm_add_eom()
BUG/MINOR: http: make url_decode() optionally convert '+' to SP
MEDIUM: memory: make pool_gc() run under thread isolation
BUG/MEDIUM: mux-h1: make sure we always have a timeout on front
connections
BUG/MEDIUM: capture: capture-req/capture-res converters crash without a
stream
BUG/MEDIUM: capture: capture.{req,res}.* crash without a stream
BUG/MEDIUM: http: the "http_first_req" sample fetch could crash without a
steeam
BUG/MEDIUM: http: the "unique-id" sample fetch could crash without a
steeam
CLEANUP: http: add a few comments on certain functions' assumptions about
streams
BUG/MEDIUM: sample: make the CPU and latency sample fetches check for a
stream
CLEANUP: ssl: silence a build warning when threads are disabled
BUG/MEDIUM: listener: mark the thread as not stuck inside the loop
MINOR: threads: export the POSIX thread ID in panic dumps
BUG/MINOR: debug: properly use long long instead of long for the thread ID
BUG/MEDIUM: shctx: really check the lock's value while waiting
BUG/MEDIUM: shctx: bound the number of loops that can happen around the
lock
MINOR: stream: report the list of active filters on stream crashes
BUG/MINOR: threads: fix multiple use of argument inside HA_ATOMIC_CAS()
BUG/MINOR: threads: fix multiple use of argument inside
HA_ATOMIC_UPDATE_{MIN,MAX}()
DOC: update intro.txt for 2.2
DOC: intro: add a contacts section
---
