Hi,
HAProxy 2.4-dev6 was released on 2021/01/22. It added 88 new commits
after version 2.4-dev5.
These last two weeks have been pretty annoying with a number of regressions
popping up into 2.4-dev and slipping into older versions. Most of them are
not serious but still, they did affect some people and required to go back
to the white board to design better (or incremental) fixes.
What's annoying when this situation happens is that it's a spiral loop and
it's hard to get away from it: users start to rightfully complain, each
problem is urgent and this leaves less time to produce good and durable
fixes, so chances are that bugs will pop up again.
Given the time spent doing nothing but chasing issues, and the fact that
patches are starting to flow from a growing number of contributors (which
is great), I'm thinking about extending the feature freeze point to
somewhere between mid and end of February. But please be gentle: patch
reviews consume a lot of time and prevent progress from being made on
features that are initially expected before the freeze point. As I've
said, I want the time after that point to be used for tests, bug fixes,
cleanups and documentation. This means that if your patches are
essentially cleanups with no real impact on the code paths, it's better to
send them a bit later so that the dangerous stuff can be completed and
doesn't get merged too late. This is particularly true for the HTX+tunnel
rework that Christopher is still trying hard to finish and that's been
blocking the merging of WebSocket/H2 for about a month now.
As a special case, I'll continue to take QUIC development patches after
the freeze point as long as they can't break existing code, since it's not
used yet and will be marked experimental once released.
Thus to whoever still has important stuff to get merged for 2.4, please
understand that you still have more than a week but less than a month, and
that it may require some prioritizing in your work if you want the important
stuff to get there, otherwise it will be for 2.5. And with the current
situation everywhere in the world, be realistic, time flies very fast, lucky
are those who manage to get some work done by the end of the day.
This version addresses a few issues that popped up recently, including one
that managed to crash the process once yesterday on haproxy.org using H2, one
causing high CPU usage and CLOSE_WAITs on partial H2 frames, a fix for the
checks which can cause a crash, and a better version of the DNS fix that
previously caused some regressions. The rest should be mostly harmless or
rare enough to encounter. I'm aware of a possible (though unlikely) risk of
deadlock on "show peers" that Fred discovered, but it has always been there
and people use the command all the time so it's not that critical, so it will
likely be for next one.
Bugs aside, some progress was made in these areas:
- the prometheus exporter is getting some rework from William Dauchy
to homogenize the way metrics are handled and try to make them easier
to add in the future, and to permit requesting certain metrics only.
This is an ongoing work, but it's nice if some prometheus users test
the changes from time to time and report any unexpected change early.
- debugging: "show fd" will now report even more info, including suspicious
entries, and BUG_ON() will emit a backtrace in addition to the faulty
condition
- the cache was slightly simplified by not storing responses with an unknown
content-encoding anymore.
- William Dauchy's url_enc() converter was finally merged, it performs
URL-encoding for use in the query string.
- HTTP 501-no-implemented was added to the known response messages, this
will be used to reject certain situations that are not handled and make
no sense (e.g. an HTTP upgrade request based on a message with a body).
- "server" statements in frontends used to only emit warnings, now they
are real errors, as they've been the cause of several reports lately,
each time in completely absurd situations resulting from copy-paste
mistakes, but where the user got confused by the consequences.
- more traces in the peers
- more regtests.
That's about all. With a bit of luck we can merge Christopher's HTX updates
and Amaury's Websocket work and idle connection rework next week. This would
already be quite a relief given the sensitivity of those areas!
I think we'll issue another round of 2.3 and 2.2 later next week to flush
the pipe of pending fixes. In the mean time, let's just play with it and
report any breakage.
Please find the usual URLs below :
Site index : http://www.haproxy.org/
Discourse : http://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Wiki : https://github.com/haproxy/wiki/wiki
Sources : http://www.haproxy.org/download/2.4/src/
Git repository : http://git.haproxy.org/git/haproxy.git/
Git Web browsing : http://git.haproxy.org/?p=haproxy.git
Changelog : http://www.haproxy.org/download/2.4/src/CHANGELOG
Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/
Willy
---
Complete changelog :
Adis Nezirovic (1):
BUG/MEDIUM: stats: add missing INF_BUILD_INFO definition
Baptiste Assmann (1):
BUG/MINOR: dns: SRV records ignores duplicated AR records (v2)
Bertrand Jacquin (4):
MINOR: build: discard echoing in help target
BUG/MINOR: mworker: define _GNU_SOURCE for strsignal()
MINOR: lua: remove unused variable
BUILD/MINOR: lua: define _GNU_SOURCE for LLONG_MAX
Christopher Faulet (17):
DOC: Add maintainers for the Prometheus exporter
Revert "BUG/MINOR: dns: SRV records ignores duplicated AR records"
BUG/MINOR: check: Don't perform any check on servers defined in a frontend
BUG/MINOR: init: Use a dynamic buffer to set HAPROXY_CFGFILES env variable
MINOR: config: Add failifnotcap() to emit an alert on proxy capabilities
MINOR: server: Forbid server definitions in frontend sections
BUG/MEDIUM: tcpcheck: Don't destroy connection in the wake callback
context
BUG/MEDIUM: mux-h2: Xfer rxbuf to the upper layer when creating a front
stream
MINOR: http: Add HTTP 501-not-implemented error message
MINOR: muxes: Add exit status for errors about not implemented features
MINOR: mux-h1: Be prepared to return 501-not-implemented error during
parsing
MEDIUM: mux-h1: Return a 501-not-implemented for upgrade requests with a
body
MINOR: contrib/prometheus-exporter: Don't needlessly set empty label for
metrics
MINOR: contrib/prometheus-exporter: Split the PROMEX_FL_STATS_METRIC flag
MINOR: contrib/prometheus-exporter: Add promex_metric struct defining a
metric
MEDIUM: contrib/prometheus-exporter: Rework matrices defining Promex
metrics
BUG/MINOR: stream: Don't update counters when TCP to H2 upgrades are
performed
David CARLIER (1):
BUG/MINOR: threads: Fixes the number of possible cpus report for Mac.
Frédéric Lécaille (4):
MINOR: peers: Add traces for peer control messages.
BUG/MINOR: peers: Possible appctx pointer dereference.
BUG/MINOR: peers: Wrong "new_conn" value for "show peers" CLI command.
MINOR: contrib: Make the wireshark peers dissector compile for more
distribs.
Ilya Shipitsin (4):
BUILD: SSL: guard TLS13 ciphersuites with HAVE_SSL_CTX_SET_CIPHERSUITES
BUILD: ssl: guard EVP_PKEY_get_default_digest_nid with
ASN1_PKEY_CTRL_DEFAULT_MD_NID
BUILD: ssl: guard openssl specific with SSL_READ_EARLY_DATA_SUCCESS
CLEANUP: cfgparse: replace "realloc" with "my_realloc2" to fix to memory
leak on error
Jerome Magnin (1):
BUG/MINOR: init: enforce strict-limits when using master-worker
Remi Tricot-Le Breton (2):
BUG/MINOR: sample: Memory leak of sample_expr structure in case of error
MINOR: cache: Do not store responses with an unknown encoding
Thayne McCombs (5):
DOC: fix some spelling issues over multiple files
CLEANUP: Fix spelling errors in comments
SCRIPTS: announce-release: fix typo in help message
CI: github: add a few more words to the codespell ignore list
BUG/MINOR: server: Memory leak of proxy.used_server_addr during deinit
Tim Duesterhus (7):
BUG/MINOR: hlua: Fix memory leak in hlua_alloc
MINOR: cache: Remove the `hash` part of the accept-encoding secondary key
CLEANUP: cache: Use proper data types in secondary_key_cmp()
CLEANUP: Rename accept_encoding_hash_cmp to accept_encoding_bitmap_cmp
CI: Pin VTest to a known good commit
DOC: Remove space after comma in converter signature
DOC: Rename '<var name>' to '<var>' in converter signature
William Dauchy (15):
MINOR: converter: adding support for url_enc
BUILD: Makefile: exclude broken tests by default
MINOR: contrib/prometheus-exporter: export build_info
CLEANUP: sample: remove uneeded check in json validation
MINOR: reg-tests: add a way to add service dependency
BUG/MINOR: sample: check alloc_trash_chunk return value in concat()
BUG/MINOR: reg-tests: fix service dependency script
MINOR: reg-tests: add base prometheus test
MINOR: contrib/prometheus-exporter: avoid connection close header
MINOR: contrib/prometheus-exporter: use fill_info for process dump
MINOR: stats: duplicate 3 fields in bytes in info
MINOR: stats: add new start time field
MINOR: contrib/prometheus-exporter: merge info description from stats
MEDIUM: stats: allow to select one field in `stats_fill_fe_stats`
MINOR: contrib/prometheus-exporter: use fill_fe_stats for frontend dump
Willy Tarreau (26):
BUG/MINOR: sample: fix concat() converter's corruption with non-string
variables
CLEANUP: pattern: rename pat_ref_commit() to pat_ref_commit_elt()
MINOR: pattern: add the missing generation ID manipulation functions
BUILD: peers: fix build warning about unused variable
BUG/MINOR: mux_h2: missing space between "st" and ".flg" in the "show fd"
helper
CLEANUP: tools: make resolve_sym_name() take a const pointer
CLEANUP: cli: make "show fd" use a const connection to access other fields
MINOR: cli: make "show fd" also report the xprt and xprt_ctx
MINOR: xprt: add a new show_fd() helper to complete some "show fd" dumps.
MINOR: ssl: provide a "show fd" helper to report important SSL information
MINOR: xprt/mux: export all *_io_cb functions so that "show fd" resolves
them
MINOR: mux-h2: make the "show fd" helper also decode the h2s subscriber
when known
MINOR: mux-h1: make the "show fd" helper also decode the h1s subscriber
when known
MINOR: mux-fcgi: make the "show fd" helper also decode the fstrm
subscriber when known
MINOR: cli: give the show_fd helpers the ability to report a suspicious
entry
MINOR: cli/show_fd: report some easily detectable suspicious states
MINOR: ssl/show_fd: report some FDs as suspicious when possible
MINOR: mux-h2/show_fd: report as suspicious an entry with too many calls
MINOR: mux-h1/show_fd: report as suspicious an entry with too many calls
BUG/MEDIUM: mux-h2: fix read0 handling on partial frames
MINOR: debug: always export the my_backtrace function
MINOR: debug: extract the backtrace dumping code to its own function
MINOR: debug: create ha_backtrace_to_stderr() to dump an instant backtrace
MEDIUM: debug: now always print a backtrace on CRASH_NOW() and friends
MINOR: debug: let ha_dump_backtrace() dump a bit further for some callers
BUILD: debug: fix build warning by consuming the write() result
---
