[openstack-dev] [Neutron][LBaaS] and [Octavia] haproxy-1.5.0 is out

Phillip Toohill phillip.toohill at RACKSPACE.COM
Fri Jun 20 13:45:19 UTC 2014


Alright!!! I'll get to reworking the TLS support bp that didn't get too much attention. This is fantastic news, thanks for sharing!
________________________________________
From: Stephen Balukoff [sbalukoff at bluebox.net]
Sent: Friday, June 20, 2014 8:01 AM
To: OpenStack Development Mailing List (not for usage questions)
Subject: [openstack-dev] [Neutron][LBaaS] and [Octavia] haproxy-1.5.0 is out

The wait is over on this one!

---------- Forwarded message ----------
From: Willy Tarreau <w at 1wt.eu<mailto:w at 1wt.eu>>
Date: Thu, Jun 19, 2014 at 12:54 PM
Subject: [ANNOUNCE] haproxy-1.5.0
To: haproxy at formilux.org<mailto:haproxy at formilux.org>


Hi everyone,

The list has been unusually silent today, just as if everyone was waiting
for something to happen :-)

Today is a great day, the reward of 4 years of hard work. I'm announcing the
release of HAProxy 1.5.0.

For people who don't follow the development versions, here are the most
noticeable features that 1.5 brings over 1.4 :
  - native SSL support on both sides with SNI/NPN/ALPN and OCSP stapling.
  - IPv6 and UNIX sockets are supported everywhere
  - end-to-end HTTP keep-alive for better support of NTLM and improved
    efficiency in static farms
  - HTTP/1.1 response compression (deflate, gzip) to save bandwidth
  - PROXY protocol versions 1 and 2 on both sides
  - data sampling on everything in request or response, including payload
  - ACLs can use any matching method with any input sample
  - maps and dynamic ACLs updatable from the CLI
  - stick-tables support counters to track activity on any input sample
  - custom format for logs, unique-id, header rewriting, and redirects
  - improved health checks (SSL, scripted TCP, check agent, ...)
  - much more scalable configuration supports hundreds of thousands of backends
    and certificates without sweating

Since dev26, a few bugs were fixed, and some low-importance things were
integrated. Basic OCSP stapling support from Dirkjan and Emeric was
finally merged. Sasha's header replace actions were merged as well. I've
added a few more info in the stats page (avg response times) and CSV
output (health check status), added support for PROXY v2 on the accept
side, and added the "capture" action on tcp-request in order to log
contents such as SNI or payload. Rémi's dh-param was finally integrated.

People love numbers, so here are a few :

>From 1.4.0 to 1.5.0, we had :
  - 1574 calendar days (4 yr 3 mon)
  - 26 development versions (one every 2 months on average)
  - 540 bugs fixed (387 added during 1.5, 153 affecting 1.4 as well)
  - 2549 commits
  - 683 unique commit dates (at least this many days worked)
  - up to 24 commits per day
  - 69712 lines removed, 122279 lines added
  - many extremely useful bug reports (too many to list)
  - 73 code/doc contributors :

  Adrian Bridgett, Alex Davies, Aman Gupta, Andreas Kohn,
  Apollon Oikonomopoulos, Arnaud Cornet, Baptiste Assmann, Bertrand Jacquin,
  Bhaskar Maddala, Conrad Hoffmann, Cyril Bonté, Daniel Schultze,
  David BERARD, David Cournapeau, David S, David du Colombier, Delta Yeh,
  Dirkjan Bussink, Dmitry Sivachenko, Emeric Brun, Emmanuel Hocdet,
  Evan Broder, Finn Arne Gangstad, Gabor Lekeny, Geoff Bucar, Wei Zhao,
  Guillaume Castagnino, Guillaume de Lafond, Hervé COMMOWICK,
  Hiroaki Nakamura, James Voth, Jamie Gloudon, Jarno Huuskonen,
  Joe Williams, Joshua M. Clulow, Julien Vehent, Justin Karneges,
  Kevin Hester, Kevin Musker, Kristoffer Grönlund, Krzysztof Piotr Oledzki,
  Lukas Tribus, Marc-Antoine Perennou, Mark Lamourine, Mathieu Trudel,
  Michael Scherer, Neil Prockter, Nenad Merdanovic, Nick Chalk,
  Olivier Burgard, Oskar Stolc, Patrick Mézard, Pieter Baauw,
  Prach Pongpanich, Rauf Kuliyev, Remi Gacogne, Sagi Bashari, Sasha Pachev,
  Sean Carey, Sergiy Prykhodko, Simon Horman, Simone Gotti,
  Stathis Voukelatos, Tait Clarridge, Thierry Fournier, Todd Lyons,
  Vincent Bernat, William Lallemand, William Turner, Willy Tarreau,
  Yuxans Yao, Yves Lafon.

Additionally, we are very thankful to a few organisations who have sponsored
the development of certain advanced features which required to dedicate a
person or a team for a significant amount of time (I hope I have not missed
any) :
  - HAProxy Technologies (formerly Exceliance)
  - Loadbalancer.org
  - StackOverflow
  - SmartFile
  - SmugMug
  - ImageShack

Don't forget to offer a beer to your distro packagers who make your life
easier. It's hard to list them all, but if you don't build from sources,
you're likely running a package made and maintained by one of these people :
  - debian: Vincent Bernat, Apollon Oikonomopoulos, Prach Pongpanich
  - Fedora: Ryan O'hara
  - OpenSuSE: Marcus Rückert
  - other? just report yourself!

And last, I'd like to assign a special mention to our most active mailing
list supporters during that period who make the project a reality by off-
loading the support task from developers, and kindly help our 800 permanent
subscribers on a daily basis, BIG THANKS to you guys :
  - Baptiste Assmann
  - Lukas Tribus
  - Cyril Bonté
  - Jonathan Matthews
  - Thomas Heil

For the HAProxy development team here in France, it will be time to do
some errands and buy some Champagne to celebrate the event :-)

Now the practical things. 1.5 now enters in maintenance status and the
development continues with 1.6-dev0 which is the exact equivalent of
1.5.0. The links have been updated below. Note the removal of /devel/
for the sources and the introduction of haproxy-1.5.git since this is
not the development tree anymore :

      Site index       : http://www.haproxy.org/
      Sources          : http://www.haproxy.org/download/1.5/src/
      Git repository   : http://git.haproxy.org/git/haproxy-1.5.git/
      Git Web browsing : http://git.haproxy.org/?p=haproxy-1.5.git
      Changelog        : http://www.haproxy.org/download/1.5/src/CHANGELOG
      Cyril's HTML doc : http://cbonte.github.com/haproxy-dconv/configuration-1.5.html

I'm figuring that tomorrow is Friday. Guys, be reasonable, don't forget the
good old principle of not upgrading on Fridays, try to hold on till monday
if you can :-)

BTW, since I've got this question off-list a number of times now, yes we're
going to release updated HAPEE packages very soon, please keep an eye on it :

        https://www.haproxy.com/products/haproxy-enterprise-edition/

And finally the changelog since 1.5-dev26.

Have fun an as usual, please report anything abnormal you'd face up, but
after checking the doc.

Willy

--------
2014/06/19 : 1.5.0
    - MEDIUM: ssl: ignored file names ending as '.issuer' or '.ocsp'.
    - MEDIUM: ssl: basic OCSP stapling support.
    - MINOR: ssl/cli: Fix unapropriate comment in code on 'set ssl ocsp-response'
    - MEDIUM: ssl: add 300s supported time skew on OCSP response update.
    - MINOR: checks: mysql-check: Add support for v4.1+ authentication
    - MEDIUM: ssl: Add the option to use standardized DH parameters >= 1024 bits
    - MEDIUM: ssl: fix detection of ephemeral diffie-hellman key exchange by using the cipher description.
    - MEDIUM: http: add actions "replace-header" and "replace-values" in http-req/resp
    - MEDIUM: Break out check establishment into connect_chk()
    - MEDIUM: Add port_to_str helper
    - BUG/MEDIUM: fix ignored values for half-closed timeouts (client-fin and server-fin) in defaults section.
    - BUG/MEDIUM: Fix unhandled connections problem with systemd daemon mode and SO_REUSEPORT.
    - MINOR: regex: fix a little configuration memory leak.
    - MINOR: regex: Create JIT compatible function that return match strings
    - MEDIUM: regex: replace all standard regex function by own functions
    - MEDIUM: regex: Remove null terminated strings.
    - MINOR: regex: Use native PCRE API.
    - MINOR: missing regex.h include
    - DOC: Add Exim as Proxy Protocol implementer.
    - BUILD: don't use type "uint" which is not portable
    - BUILD: stats: workaround stupid and bogus -Werror=format-security behaviour
    - BUG/MEDIUM: http: clear CF_READ_NOEXP when preparing a new transaction
    - CLEANUP: http: don't clear CF_READ_NOEXP twice
    - DOC: fix proxy protocol v2 decoder example
    - DOC: fix remaining occurrences of "pattern extraction"
    - MINOR: log: allow the HTTP status code to be logged even in TCP frontends
    - MINOR: logs: don't limit HTTP header captures to HTTP frontends
    - MINOR: sample: improve sample_fetch_string() to report partial contents
    - MINOR: capture: extend the captures to support non-header keys
    - MINOR: tcp: prepare support for the "capture" action
    - MEDIUM: tcp: add a new tcp-request capture directive
    - MEDIUM: session: allow shorter retry delay if timeout connect is small
    - MEDIUM: session: don't apply the retry delay when redispatching
    - MEDIUM: session: redispatch earlier when possible
    - MINOR: config: warn when tcp-check rules are used without option tcp-check
    - BUG/MINOR: connection: make proxy protocol v1 support the UNKNOWN protocol
    - DOC: proxy protocol example parser was still wrong
    - DOC: minor updates to the proxy protocol doc
    - CLEANUP: connection: merge proxy proto v2 header and address block
    - MEDIUM: connection: add support for proxy protocol v2 in accept-proxy
    - MINOR: tools: add new functions to quote-encode strings
    - DOC: clarify the CSV format
    - MEDIUM: stats: report the last check and last agent's output on the CSV status
    - MINOR: freq_ctr: introduce a new averaging method
    - MEDIUM: session: maintain per-backend and per-server time statistics
    - MEDIUM: stats: report per-backend and per-server time stats in HTML and CSV outputs
    - BUG/MINOR: http: fix typos in previous patch
    - DOC: remove the ultra-obsolete TODO file
    - DOC: update roadmap
    - DOC: minor updates to the README
    - DOC: mention the maxconn limitations with the select poller
    - DOC: commit a few old design thoughts files
----





--
Stephen Balukoff
Blue Box Group, LLC
(800)613-4305 x807



More information about the OpenStack-dev mailing list