commit haproxy for openSUSE:Factory

From 1c9ed41d4cdfdb31381e89f1a8b93df01220fe07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristoffer=20Gr=C3=B6nlund?= <krig@koru.se> Date: Fri, 22 Nov 2013 11:06:34 +0100 Subject: [PATCH 06/15] MEDIUM: haproxy-systemd-wrapper: Use haproxy in same

Hello community, here is the log from the commit of package haproxy for openSUSE:Factory checked in at 2014-05-06 17:38:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/haproxy (Old) and /work/SRC/openSUSE:Factory/.haproxy.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "haproxy" Changes: -------- --- /work/SRC/openSUSE:Factory/haproxy/haproxy.changes 2013-12-18 16:53:40.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.haproxy.new/haproxy.changes 2014-05-06 17:38:18.000000000 +0200 @@ -1,0 +2,51 @@ +Tue May 6 06:12:08 UTC 2014 - kgronlund@suse.com + +- update to 1.4.25 (bnc#876438) + - DOC: typo: nosepoll self reference in config guide + - BUG/MINOR: deinit: free fdinfo while doing cleanup + - BUG/MEDIUM: server: set the macro for server's max weight SRV_UWGHT_MAX to SRV_UWGHT_RANGE + - BUG/MINOR: use the same check condition for server as other algorithms + - BUG/MINOR: stream-int: also consider ENOTCONN in addition to EAGAIN for recv() + - BUG/MINOR: fix forcing fastinter in "on-error" + - BUG/MEDIUM: http/auth: Sometimes the authentication credentials can be mix between two requests + - BUG/MAJOR: http: don't emit the send-name-header when no server is available + - BUG/MEDIUM: http: "option checkcache" fails with the no-cache header + - MEDIUM: session: disable lingering on the server when the client aborts + - MINOR: config: warn when a server with no specific port uses rdp-cookie + - MEDIUM: increase chunk-size limit to 2GB-1 + - DOC: add a mention about the limited chunk size + - MEDIUM: http: add "redirect scheme" to ease HTTP to HTTPS redirection + - BUILD: proto_tcp: remove a harmless warning + - BUG/MINOR: acl: remove patterns from the tree before freeing them + - BUG/MEDIUM: checks: fix slow start regression after fix attempt + - BUG/MAJOR: server: weight calculation fails for map-based algorithms + - BUG/MINOR: backend: fix target address retrieval in transparent mode + - BUG/MEDIUM: stick: completely remove the unused flag from the store entries + - BUG/MEDIUM: stick-tables: complete the latest fix about store-responses + - BUG/MEDIUM: checks: tracking servers must not inherit the MAINT flag + - BUG/MINOR: stats: report correct throttling percentage for servers in slowstart + - BUG/MINOR: stats: correctly report throttle rate of low weight servers + - BUG/MINOR: checks: successful check completion must not re-enable MAINT servers + - BUG/MEDIUM: stats: the web interface must check the tracked servers before enabling + - BUG/MINOR: channel: initialize xfer_small/xfer_large on new buffers + - BUG/MINOR: stream-int: also consider ENOTCONN in addition to EAGAIN + - BUG/MEDIUM: http: don't start to forward request data before the connect + - DOC: fix misleading information about SIGQUIT + - BUILD: simplify the date and version retrieval in the makefile + - BUILD: prepare the makefile to skip format lines in SUBVERS and VERDATE + - BUILD: use format tags in VERDATE and SUBVERS files + +- Reorganized patches and backported fixes for systemd wrapper: + - Renamed 0006-haproxy-1.2.16_config_haproxy_user.patch to 0009-openSUSE-Configure-haproxy-user.patch + - Renamed 0007-haproxy-makefile_lib.patch to 0010-openSUSE-Fix-path-to-PCRE-library.patch + - Removed 0008-MEDIUM-haproxy-systemd-wrapper-Revised-implementatio.patch + - Added 0006-MEDIUM-haproxy-systemd-wrapper-Use-haproxy-in-same-d.patch + - Added 0007-MEDIUM-systemd-wrapper-Kill-child-processes-when-int.patch + - Added 0008-LOW-systemd-wrapper-Write-debug-information-to-stdou.patch + - Added 0011-BUILD-MINOR-systemd-fix-compiler-warning-about-unuse.patch + - Added 0012-BUG-MEDIUM-systemd-wrapper-fix-locating-of-haproxy-b.patch + - Added 0013-MINOR-systemd-wrapper-re-execute-on-SIGUSR2.patch + - Added 0014-MINOR-systemd-wrapper-improve-logging.patch + - Added 0015-MINOR-systemd-wrapper-propagate-exit-status.patch + +------------------------------------------------------------------- Old: ---- 0006-haproxy-1.2.16_config_haproxy_user.patch 0007-haproxy-makefile_lib.patch 0008-MEDIUM-haproxy-systemd-wrapper-Revised-implementatio.patch haproxy-1.4.24.tar.gz New: ---- 0006-MEDIUM-haproxy-systemd-wrapper-Use-haproxy-in-same-d.patch 0007-MEDIUM-systemd-wrapper-Kill-child-processes-when-int.patch 0008-LOW-systemd-wrapper-Write-debug-information-to-stdou.patch 0009-openSUSE-Configure-haproxy-user.patch 0010-openSUSE-Fix-path-to-PCRE-library.patch 0011-BUILD-MINOR-systemd-fix-compiler-warning-about-unuse.patch 0012-BUG-MEDIUM-systemd-wrapper-fix-locating-of-haproxy-b.patch 0013-MINOR-systemd-wrapper-re-execute-on-SIGUSR2.patch 0014-MINOR-systemd-wrapper-improve-logging.patch 0015-MINOR-systemd-wrapper-propagate-exit-status.patch haproxy-1.4.25.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ haproxy.spec ++++++ --- /var/tmp/diff_new_pack.gMZcgk/_old 2014-05-06 17:38:19.000000000 +0200 +++ /var/tmp/diff_new_pack.gMZcgk/_new 2014-05-06 17:38:19.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package haproxy # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: haproxy -Version: 1.4.24 +Version: 1.4.25 Release: 0 # # @@ -35,14 +35,37 @@ Source: http://haproxy.1wt.eu/download/1.4/src/haproxy-%{version}.tar.gz Source1: %{pkg_name}.init Source2: http://haproxy.1wt.eu/download/contrib/haproxy.vim +# PATCH-FEATURE-UPSTREAM Patch1: 0001-MEDIUM-add-systemd-service.patch +# PATCH-FEATURE-UPSTREAM Patch2: 0002-MEDIUM-add-haproxy-systemd-wrapper.patch +# PATCH-FIX-UPSTREAM Patch3: 0003-MEDIUM-New-cli-option-Ds-for-systemd-compatibility.patch +# PATCH-FIX-UPSTREAM Patch4: 0004-BUG-MEDIUM-systemd-wrapper-don-t-leak-zombie-process.patch +# PATCH-FIX-UPSTREAM Patch5: 0005-BUILD-stdbool-is-not-portable-again.patch -Patch6: 0006-haproxy-1.2.16_config_haproxy_user.patch -Patch7: 0007-haproxy-makefile_lib.patch -Patch8: 0008-MEDIUM-haproxy-systemd-wrapper-Revised-implementatio.patch +# PATCH-FIX-UPSTREAM +Patch6: 0006-MEDIUM-haproxy-systemd-wrapper-Use-haproxy-in-same-d.patch +# PATCH-FIX-UPSTREAM +Patch7: 0007-MEDIUM-systemd-wrapper-Kill-child-processes-when-int.patch +# PATCH-FIX-UPSTREAM +Patch8: 0008-LOW-systemd-wrapper-Write-debug-information-to-stdou.patch +# PATCH-FIX-OPENSUSE +Patch9: 0009-openSUSE-Configure-haproxy-user.patch +# PATCH-FIX-OPENSUSE +Patch10: 0010-openSUSE-Fix-path-to-PCRE-library.patch +# PATCH-FIX-UPSTREAM +Patch11: 0011-BUILD-MINOR-systemd-fix-compiler-warning-about-unuse.patch +# PATCH-FIX-UPSTREAM +Patch12: 0012-BUG-MEDIUM-systemd-wrapper-fix-locating-of-haproxy-b.patch +# PATCH-FIX-UPSTREAM +Patch13: 0013-MINOR-systemd-wrapper-re-execute-on-SIGUSR2.patch +# PATCH-FIX-UPSTREAM +Patch14: 0014-MINOR-systemd-wrapper-improve-logging.patch +# PATCH-FIX-UPSTREAM +Patch15: 0015-MINOR-systemd-wrapper-propagate-exit-status.patch + Source99: haproxy-rpmlintrc # Summary: The Reliable, High Performance TCP/HTTP Load Balancer @@ -73,9 +96,16 @@ %patch3 -p1 %patch4 -p1 %patch5 -p1 -%patch6 -p0 -%patch7 -p0 +%patch6 -p1 +%patch7 -p1 %patch8 -p1 +%patch9 -p1 +%patch10 -p1 +%patch11 -p1 +%patch12 -p1 +%patch13 -p1 +%patch14 -p1 +%patch15 -p1 %build %{__make} \ ++++++ 0001-MEDIUM-add-systemd-service.patch ++++++ --- /var/tmp/diff_new_pack.gMZcgk/_old 2014-05-06 17:38:19.000000000 +0200 +++ /var/tmp/diff_new_pack.gMZcgk/_new 2014-05-06 17:38:19.000000000 +0200 @@ -1,7 +1,7 @@ -From 4a190f7d08857fec82fa0c07e29e8754d0ba9794 Mon Sep 17 00:00:00 2001 +From 88c70beb5a24cf200a32c70a8a95865c8e97efb6 Mon Sep 17 00:00:00 2001 From: Marc-Antoine Perennou <Marc-Antoine@Perennou.com> Date: Fri, 22 Nov 2013 08:28:03 +0100 -Subject: [PATCH 1/5] MEDIUM: add systemd service +Subject: [PATCH 01/15] MEDIUM: add systemd service --- .gitignore | 1 + @@ -52,5 +52,5 @@ +[Install] +WantedBy=multi-user.target -- -1.8.4 +1.8.4.5 ++++++ 0002-MEDIUM-add-haproxy-systemd-wrapper.patch ++++++ --- /var/tmp/diff_new_pack.gMZcgk/_old 2014-05-06 17:38:19.000000000 +0200 +++ /var/tmp/diff_new_pack.gMZcgk/_new 2014-05-06 17:38:19.000000000 +0200 @@ -1,7 +1,7 @@ -From 2e52a44546db246b89817711efec6b046c06d453 Mon Sep 17 00:00:00 2001 +From 3fe5ee78e8ff11fc477a979df79c678720e042ea Mon Sep 17 00:00:00 2001 From: Marc-Antoine Perennou <Marc-Antoine@Perennou.com> Date: Fri, 22 Nov 2013 08:29:29 +0100 -Subject: [PATCH 2/5] MEDIUM: add haproxy-systemd-wrapper +Subject: [PATCH 02/15] MEDIUM: add haproxy-systemd-wrapper Currently, to reload haproxy configuration, you have to use "-sf". @@ -40,7 +40,7 @@ dlmalloc.c 00*.patch diff --git a/Makefile b/Makefile -index 57692fe51ba6..6bb231a0213a 100644 +index 60267e2e2b1a..658716a60a80 100644 --- a/Makefile +++ b/Makefile @@ -519,7 +519,7 @@ all: @@ -97,7 +97,7 @@ @@ -586,6 +597,7 @@ clean: for dir in . src include/* doc ebtree; do rm -f $$dir/*~ $$dir/*.rej $$dir/core; done rm -f haproxy-$(VERSION).tar.gz haproxy-$(VERSION)$(SUBVERS).tar.gz - rm -f haproxy-$(VERSION) nohup.out gmon.out + rm -f haproxy-$(VERSION) haproxy-$(VERSION)$(SUBVERS) nohup.out gmon.out + rm -f haproxy-systemd-wrapper tags: @@ -223,5 +223,5 @@ + return EXIT_SUCCESS; +} -- -1.8.4 +1.8.4.5 ++++++ 0003-MEDIUM-New-cli-option-Ds-for-systemd-compatibility.patch ++++++ --- /var/tmp/diff_new_pack.gMZcgk/_old 2014-05-06 17:38:19.000000000 +0200 +++ /var/tmp/diff_new_pack.gMZcgk/_new 2014-05-06 17:38:19.000000000 +0200 @@ -1,7 +1,7 @@ -From 8b79e7c45c86ef57317cbdbf451e49896a8ac239 Mon Sep 17 00:00:00 2001 +From 44c4c476fac6efccb07c419873bb6c8d12d565a7 Mon Sep 17 00:00:00 2001 From: Marc-Antoine Perennou <Marc-Antoine@Perennou.com> Date: Fri, 22 Nov 2013 08:34:52 +0100 -Subject: [PATCH 3/5] MEDIUM: New cli option -Ds for systemd compatibility +Subject: [PATCH 03/15] MEDIUM: New cli option -Ds for systemd compatibility This patch adds a new option "-Ds" which is exactly like "-D", but instead of forking n times to get n jobs running and then exiting, prefers to wait for all the @@ -16,7 +16,7 @@ 3 files changed, 28 insertions(+), 12 deletions(-) diff --git a/doc/haproxy.1 b/doc/haproxy.1 -index 001de15a2ff9..48717adefab4 100644 +index 0150aa753475..26e35a21f0e2 100644 --- a/doc/haproxy.1 +++ b/doc/haproxy.1 @@ -57,6 +57,10 @@ starting up. @@ -43,7 +43,7 @@ /* list of last checks to perform, depending on config options */ #define LSTCHK_CAP_BIND 0x00000001 /* check that we can bind to any port */ diff --git a/src/haproxy.c b/src/haproxy.c -index 7a09e3fbfd72..494de5c85c29 100644 +index 748c5535b37d..67e29b8bc8cc 100644 --- a/src/haproxy.c +++ b/src/haproxy.c @@ -42,6 +42,7 @@ @@ -108,7 +108,7 @@ if (!(global.mode & (MODE_FOREGROUND | MODE_DEBUG))) Warning("<nbproc> is only meaningful in daemon mode. Setting limit to 1 process.\n"); global.nbproc = 1; -@@ -1132,7 +1136,7 @@ int main(int argc, char **argv) +@@ -1133,7 +1137,7 @@ int main(int argc, char **argv) } /* open log & pid files before the chroot */ @@ -117,7 +117,7 @@ int pidfd; unlink(global.pidfile); pidfd = open(global.pidfile, O_CREAT | O_WRONLY | O_TRUNC, 0644); -@@ -1222,9 +1226,10 @@ int main(int argc, char **argv) +@@ -1223,9 +1227,10 @@ int main(int argc, char **argv) argv[0], (int)limit.rlim_cur, global.maxconn, global.maxsock, global.maxsock); } @@ -129,7 +129,7 @@ int proc; /* the father launches the required number of processes */ -@@ -1237,6 +1242,7 @@ int main(int argc, char **argv) +@@ -1238,6 +1243,7 @@ int main(int argc, char **argv) } else if (ret == 0) /* child breaks here */ break; @@ -137,7 +137,7 @@ if (pidfile != NULL) { fprintf(pidfile, "%d\n", ret); fflush(pidfile); -@@ -1262,8 +1268,13 @@ int main(int argc, char **argv) +@@ -1263,8 +1269,13 @@ int main(int argc, char **argv) px = px->next; } @@ -153,5 +153,5 @@ /* if we're NOT in QUIET mode, we should now close the 3 first FDs to ensure * that we can detach from the TTY. We MUST NOT do it in other cases since -- -1.8.4 +1.8.4.5 ++++++ 0004-BUG-MEDIUM-systemd-wrapper-don-t-leak-zombie-process.patch ++++++ --- /var/tmp/diff_new_pack.gMZcgk/_old 2014-05-06 17:38:19.000000000 +0200 +++ /var/tmp/diff_new_pack.gMZcgk/_new 2014-05-06 17:38:19.000000000 +0200 @@ -1,7 +1,8 @@ -From f0b6dab91180d0f719ff486b4bdf4ba518436174 Mon Sep 17 00:00:00 2001 +From f0eb767ac292c24ed37e5cec2a9a86d773df75d0 Mon Sep 17 00:00:00 2001 From: Marc-Antoine Perennou <Marc-Antoine@Perennou.com> Date: Fri, 22 Nov 2013 08:36:01 +0100 -Subject: [PATCH 4/5] BUG/MEDIUM: systemd-wrapper: don't leak zombie processes +Subject: [PATCH 04/15] BUG/MEDIUM: systemd-wrapper: don't leak zombie + processes Formerly, if A was replaced by B, and then B by C before A finished exiting, we didn't wait for B to finish so it @@ -60,5 +61,5 @@ return EXIT_SUCCESS; } -- -1.8.4 +1.8.4.5 ++++++ 0005-BUILD-stdbool-is-not-portable-again.patch ++++++ --- /var/tmp/diff_new_pack.gMZcgk/_old 2014-05-06 17:38:19.000000000 +0200 +++ /var/tmp/diff_new_pack.gMZcgk/_new 2014-05-06 17:38:19.000000000 +0200 @@ -1,7 +1,7 @@ -From 18d4a296b1a3bcdf6de904582d4766c1345a1b2f Mon Sep 17 00:00:00 2001 +From b369ce63274ae800b76d45aed2d451557ac33499 Mon Sep 17 00:00:00 2001 From: Willy Tarreau <w@1wt.eu> Date: Fri, 22 Nov 2013 08:37:33 +0100 -Subject: [PATCH 5/5] BUILD: stdbool is not portable (again) +Subject: [PATCH 05/15] BUILD: stdbool is not portable (again) Another build issue on Solaris without c99. Please don't use stdbool. --- @@ -21,5 +21,5 @@ #include <stdlib.h> #include <string.h> -- -1.8.4 +1.8.4.5 ++++++ 0006-MEDIUM-haproxy-systemd-wrapper-Use-haproxy-in-same-d.patch ++++++ directory Locate the wrapper and use a haproxy executable found in the same directory. This patch lets the wrapper work in openSUSE. --- src/haproxy-systemd-wrapper.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/src/haproxy-systemd-wrapper.c b/src/haproxy-systemd-wrapper.c index fb1a7fd92724..6546616b79ee 100644 --- a/src/haproxy-systemd-wrapper.c +++ b/src/haproxy-systemd-wrapper.c @@ -22,15 +22,30 @@ static char *pid_file = "/run/haproxy.pid"; static int main_argc; static char **main_argv; +static void locate_haproxy(char *buffer, size_t buffer_size) +{ + char* end; + readlink("/proc/self/exe", buffer, buffer_size); + end = strrchr(buffer, '/'); + if (end == NULL) + strncpy(buffer, "/usr/sbin/haproxy", buffer_size); + end[1] = '\0'; + strncat(buffer, "haproxy", buffer_size); +} + static void spawn_haproxy(char **pid_strv, int nb_pid) { - pid_t pid = fork(); + char haproxy_bin[512]; + pid_t pid; + + pid = fork(); if (!pid) { /* 3 for "haproxy -Ds -sf" */ char **argv = calloc(4 + main_argc + nb_pid + 1, sizeof(char *)); int i; int argno = 0; - argv[argno++] = SBINDIR"/haproxy"; + locate_haproxy(haproxy_bin, 512); + argv[argno++] = haproxy_bin; for (i = 0; i < main_argc; ++i) argv[argno++] = main_argv[i]; argv[argno++] = "-Ds"; -- 1.8.4.5 ++++++ 0007-MEDIUM-systemd-wrapper-Kill-child-processes-when-int.patch ++++++

From e2f3c212072dcf1e9b809fc2cb774946eaba665f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristoffer=20Gr=C3=B6nlund?= <krig@koru.se> Date: Fri, 22 Nov 2013 11:09:39 +0100 Subject: [PATCH 07/15] MEDIUM: systemd-wrapper: Kill child processes when interrupted

Send SIGINT to child processes when killed. This ensures that the haproxy process managed by the systemd-wrapper is stopped when "systemctl stop haproxy.service" is called. --- src/haproxy-systemd-wrapper.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/src/haproxy-systemd-wrapper.c b/src/haproxy-systemd-wrapper.c index 6546616b79ee..d337f4c0d44e 100644 --- a/src/haproxy-systemd-wrapper.c +++ b/src/haproxy-systemd-wrapper.c @@ -83,7 +83,7 @@ static int read_pids(char ***pid_strv) return read; } -static void signal_handler(int signum __attribute__((unused))) +static void sigusr2_handler(int signum __attribute__((unused))) { int i; char **pid_strv = NULL; @@ -96,6 +96,21 @@ static void signal_handler(int signum __attribute__((unused))) free(pid_strv); } +static void sigint_handler(int signum __attribute__((unused))) +{ + int i, pid; + char **pid_strv = NULL; + int nb_pid = read_pids(&pid_strv); + for (i = 0; i < nb_pid; ++i) { + pid = atoi(pid_strv[i]); + if (pid > 0) { + kill(pid, SIGINT); + free(pid_strv[i]); + } + } + free(pid_strv); +} + static void init(int argc, char **argv) { while (argc > 1) { @@ -117,7 +132,8 @@ int main(int argc, char **argv) init(argc, argv); - signal(SIGUSR2, &signal_handler); + signal(SIGINT, &sigint_handler); + signal(SIGUSR2, &sigusr2_handler); spawn_haproxy(NULL, 0); while (-1 != wait(NULL) || errno == EINTR); -- 1.8.4.5 ++++++ 0008-LOW-systemd-wrapper-Write-debug-information-to-stdou.patch ++++++

From d581d9a037bfffe7900a1e5a1ec740e67002f974 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristoffer=20Gr=C3=B6nlund?= <krig@koru.se> Date: Fri, 22 Nov 2013 11:11:54 +0100 Subject: [PATCH 08/15] LOW: systemd-wrapper: Write debug information to stdout

Write the command line used to call haproxy to stdout, as well as the return code returned by the haproxy process. --- src/haproxy-systemd-wrapper.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/src/haproxy-systemd-wrapper.c b/src/haproxy-systemd-wrapper.c index d337f4c0d44e..4ca86dd3b8c0 100644 --- a/src/haproxy-systemd-wrapper.c +++ b/src/haproxy-systemd-wrapper.c @@ -55,6 +55,12 @@ static void spawn_haproxy(char **pid_strv, int nb_pid) argv[argno++] = pid_strv[i]; } argv[argno] = NULL; + + printf("%s", "haproxy-systemd-wrapper: executing "); + for (i = 0; argv[i]; ++i) + printf("%s ", argv[i]); + puts(""); + execv(argv[0], argv); exit(0); } @@ -104,6 +110,7 @@ static void sigint_handler(int signum __attribute__((unused))) for (i = 0; i < nb_pid; ++i) { pid = atoi(pid_strv[i]); if (pid > 0) { + printf("haproxy-systemd-wrapper: SIGINT -> %d\n", pid); kill(pid, SIGINT); free(pid_strv[i]); } @@ -126,9 +133,11 @@ static void init(int argc, char **argv) int main(int argc, char **argv) { + int status; + --argc; ++argv; - main_argc = argc; - main_argv = argv; + main_argc = argc; + main_argv = argv; init(argc, argv); @@ -136,7 +145,10 @@ int main(int argc, char **argv) signal(SIGUSR2, &sigusr2_handler); spawn_haproxy(NULL, 0); - while (-1 != wait(NULL) || errno == EINTR); + status = -1; + while (-1 != wait(&status) || errno == EINTR) + ; + printf("haproxy-systemd-wrapper: exit, haproxy RC=%d\n", status); return EXIT_SUCCESS; } -- 1.8.4.5 ++++++ 0009-openSUSE-Configure-haproxy-user.patch ++++++

From cb214d574a4d0474427fca9c05ac1a72d075c45e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristoffer=20Gr=C3=B6nlund?= <krig@koru.se> Date: Tue, 6 May 2014 08:43:11 +0200 Subject: [PATCH 09/15] openSUSE: Configure haproxy user

--- examples/examples.cfg | 4 ++-- examples/haproxy.cfg | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/examples/examples.cfg b/examples/examples.cfg index 3499e7bd76b0..ed75c758952f 100644 --- a/examples/examples.cfg +++ b/examples/examples.cfg @@ -3,8 +3,8 @@ global # log 127.0.0.1 local1 maxconn 4000 ulimit-n 8000 - uid 0 - gid 0 + user haproxy + group haproxy # chroot /tmp # nbproc 2 # daemon diff --git a/examples/haproxy.cfg b/examples/haproxy.cfg index 1c71d617716e..6f8a4ac51d0b 100644 --- a/examples/haproxy.cfg +++ b/examples/haproxy.cfg @@ -5,9 +5,9 @@ global log 127.0.0.1 local1 notice #log loghost local0 info maxconn 4096 - chroot /usr/share/haproxy - uid 99 - gid 99 + chroot /var/lib/haproxy + user haproxy + group haproxy daemon #debug #quiet -- 1.8.4.5 ++++++ 0010-openSUSE-Fix-path-to-PCRE-library.patch ++++++

From 9f7b45fa88460a20da5d6c907694f2d07eb1a90c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristoffer=20Gr=C3=B6nlund?= <krig@koru.se> Date: Tue, 6 May 2014 08:44:24 +0200 Subject: [PATCH 10/15] openSUSE: Fix path to PCRE library

--- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 658716a60a80..99516a819e28 100644 --- a/Makefile +++ b/Makefile @@ -460,7 +460,7 @@ ifneq ($(USE_PCRE)$(USE_STATIC_PCRE),) PCREDIR := $(shell pcre-config --prefix 2>/dev/null || echo /usr/local) ifneq ($(PCREDIR),) PCRE_INC := $(PCREDIR)/include -PCRE_LIB := $(PCREDIR)/lib +PCRE_LIB := $(PCREDIR)/$(LIB) endif ifeq ($(USE_STATIC_PCRE),) -- 1.8.4.5 ++++++ 0011-BUILD-MINOR-systemd-fix-compiler-warning-about-unuse.patch ++++++

From 6bc058f3417b98d3c4c8766d50db4dc22a23e550 Mon Sep 17 00:00:00 2001 From: Lukas Tribus <luky-37@hotmail.com> Date: Tue, 10 Dec 2013 07:32:56 +0100 Subject: [PATCH 11/15] BUILD/MINOR: systemd: fix compiler warning about unused result MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit

BUILD/MINOR: systemd: fix compiler warning about unused result There is a compiler warning after commit 1b6e75fa84 ("MEDIUM: haproxy- systemd-wrapper: Use haproxy in same directory"): src/haproxy-systemd-wrapper.c: In function ‘locate_haproxy’: src/haproxy-systemd-wrapper.c:28:10: warning: ignoring return value of ‘readlink’, declared with attribute warn_unused_result [-Wunused-result] Fix the compiler warning by checking the return value of readlink(). --- src/haproxy-systemd-wrapper.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/haproxy-systemd-wrapper.c b/src/haproxy-systemd-wrapper.c index 4ca86dd3b8c0..c63f41ff7df6 100644 --- a/src/haproxy-systemd-wrapper.c +++ b/src/haproxy-systemd-wrapper.c @@ -24,9 +24,9 @@ static char **main_argv; static void locate_haproxy(char *buffer, size_t buffer_size) { - char* end; - readlink("/proc/self/exe", buffer, buffer_size); - end = strrchr(buffer, '/'); + char* end = NULL; + if (readlink("/proc/self/exe", buffer, buffer_size) > 0) + end = strrchr(buffer, '/'); if (end == NULL) strncpy(buffer, "/usr/sbin/haproxy", buffer_size); end[1] = '\0'; -- 1.8.4.5 ++++++ 0012-BUG-MEDIUM-systemd-wrapper-fix-locating-of-haproxy-b.patch ++++++

From e8dcf678f2b3fafd18c09eb957e4d4a83e792d54 Mon Sep 17 00:00:00 2001 From: Willy Tarreau <w@1wt.eu> Date: Mon, 14 Apr 2014 13:34:34 +0200 Subject: [PATCH 12/15] BUG/MEDIUM: systemd-wrapper: fix locating of haproxy binary

BUG/MEDIUM: systemd-wrapper: fix locating of haproxy binary OpenBSD complains this way due to strncat() : src/haproxy-systemd-wrapper.o(.text+0xd5): In function `spawn_haproxy': src/haproxy-systemd-wrapper.c:33: warning: strcat() is almost always misused, please use strlcat() In fact, the code before strncat() here is wrong, because it may dereference a NULL if /proc/self/exe is not readable. So fix it and get rid of strncat() at the same time. No backport is needed. --- src/haproxy-systemd-wrapper.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/haproxy-systemd-wrapper.c b/src/haproxy-systemd-wrapper.c index c63f41ff7df6..8485dcd11da8 100644 --- a/src/haproxy-systemd-wrapper.c +++ b/src/haproxy-systemd-wrapper.c @@ -24,13 +24,18 @@ static char **main_argv; static void locate_haproxy(char *buffer, size_t buffer_size) { - char* end = NULL; + char *end = NULL; + if (readlink("/proc/self/exe", buffer, buffer_size) > 0) end = strrchr(buffer, '/'); - if (end == NULL) + + if (end == NULL) { strncpy(buffer, "/usr/sbin/haproxy", buffer_size); + return; + } end[1] = '\0'; - strncat(buffer, "haproxy", buffer_size); + strncpy(end + 1, "haproxy", buffer + buffer_size - (end + 1)); + buffer[buffer_size - 1] = '\0'; } static void spawn_haproxy(char **pid_strv, int nb_pid) -- 1.8.4.5 ++++++ 0013-MINOR-systemd-wrapper-re-execute-on-SIGUSR2.patch ++++++

From 07d130730feffcf64ab0709273f09c5374588b85 Mon Sep 17 00:00:00 2001 From: Apollon Oikonomopoulos <apoikos@debian.org> Date: Thu, 17 Apr 2014 13:39:28 +0300 Subject: [PATCH 13/15] MINOR: systemd wrapper: re-execute on SIGUSR2

MINOR: systemd wrapper: re-execute on SIGUSR2 Re-execute the systemd wrapper on SIGUSR2 and before reloading HAProxy, making it possible to load a completely new version of HAProxy (including a new version of the systemd wrapper) gracefully. Since the wrapper accepts no command-line arguments of its own, re-execution is signaled using the HAPROXY_SYSTEMD_REEXEC environment variable. This is primarily intended to help seamless upgrades of distribution packages. --- src/haproxy-systemd-wrapper.c | 54 ++++++++++++++++++++++++++++++++----------- 1 file changed, 40 insertions(+), 14 deletions(-) diff --git a/src/haproxy-systemd-wrapper.c b/src/haproxy-systemd-wrapper.c index 8485dcd11da8..e373483d5085 100644 --- a/src/haproxy-systemd-wrapper.c +++ b/src/haproxy-systemd-wrapper.c @@ -18,9 +18,11 @@ #include <unistd.h> #include <sys/wait.h> +#define REEXEC_FLAG "HAPROXY_SYSTEMD_REEXEC" + static char *pid_file = "/run/haproxy.pid"; -static int main_argc; -static char **main_argv; +static int wrapper_argc; +static char **wrapper_argv; static void locate_haproxy(char *buffer, size_t buffer_size) { @@ -42,6 +44,11 @@ static void spawn_haproxy(char **pid_strv, int nb_pid) { char haproxy_bin[512]; pid_t pid; + int main_argc; + char **main_argv; + + main_argc = wrapper_argc - 1; + main_argv = wrapper_argv + 1; pid = fork(); if (!pid) { @@ -96,15 +103,10 @@ static int read_pids(char ***pid_strv) static void sigusr2_handler(int signum __attribute__((unused))) { - int i; - char **pid_strv = NULL; - int nb_pid = read_pids(&pid_strv); + setenv(REEXEC_FLAG, "1", 1); + printf("haproxy-systemd-wrapper: re-executing\n"); - spawn_haproxy(pid_strv, nb_pid); - - for (i = 0; i < nb_pid; ++i) - free(pid_strv[i]); - free(pid_strv); + execv(wrapper_argv[0], wrapper_argv); } static void sigint_handler(int signum __attribute__((unused))) @@ -140,16 +142,40 @@ int main(int argc, char **argv) { int status; + wrapper_argc = argc; + wrapper_argv = argv; + --argc; ++argv; - main_argc = argc; - main_argv = argv; - init(argc, argv); signal(SIGINT, &sigint_handler); signal(SIGUSR2, &sigusr2_handler); - spawn_haproxy(NULL, 0); + if (getenv(REEXEC_FLAG) != NULL) { + /* We are being re-executed: restart HAProxy gracefully */ + int i; + char **pid_strv = NULL; + int nb_pid = read_pids(&pid_strv); + sigset_t sigs; + + unsetenv(REEXEC_FLAG); + spawn_haproxy(pid_strv, nb_pid); + + /* Unblock SIGUSR2 which was blocked by the signal handler + * before re-exec */ + sigprocmask(SIG_BLOCK, NULL, &sigs); + sigdelset(&sigs, SIGUSR2); + sigprocmask(SIG_SETMASK, &sigs, NULL); + + for (i = 0; i < nb_pid; ++i) + free(pid_strv[i]); + free(pid_strv); + } + else { + /* Start a fresh copy of HAProxy */ + spawn_haproxy(NULL, 0); + } + status = -1; while (-1 != wait(&status) || errno == EINTR) ; -- 1.8.4.5 ++++++ 0014-MINOR-systemd-wrapper-improve-logging.patch ++++++

From 21fef94beeba672fff22406d863a5423a27bed23 Mon Sep 17 00:00:00 2001 From: Apollon Oikonomopoulos <apoikos@debian.org> Date: Thu, 17 Apr 2014 13:39:29 +0300 Subject: [PATCH 14/15] MINOR: systemd wrapper: improve logging

MINOR: systemd wrapper: improve logging Use standard error for logging messages, as it seems that this gets messages to the systemd journal more reliably. Also use systemd's support for specifying log levels via stderr to apply different levels to messages. --- src/haproxy-systemd-wrapper.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/src/haproxy-systemd-wrapper.c b/src/haproxy-systemd-wrapper.c index e373483d5085..d4baa90c266e 100644 --- a/src/haproxy-systemd-wrapper.c +++ b/src/haproxy-systemd-wrapper.c @@ -19,6 +19,8 @@ #include <sys/wait.h> #define REEXEC_FLAG "HAPROXY_SYSTEMD_REEXEC" +#define SD_DEBUG "<7>" +#define SD_NOTICE "<5>" static char *pid_file = "/run/haproxy.pid"; static int wrapper_argc; @@ -68,10 +70,10 @@ static void spawn_haproxy(char **pid_strv, int nb_pid) } argv[argno] = NULL; - printf("%s", "haproxy-systemd-wrapper: executing "); + fprintf(stderr, SD_DEBUG "haproxy-systemd-wrapper: executing "); for (i = 0; argv[i]; ++i) - printf("%s ", argv[i]); - puts(""); + fprintf(stderr, "%s ", argv[i]); + fprintf(stderr, "\n"); execv(argv[0], argv); exit(0); @@ -104,7 +106,7 @@ static int read_pids(char ***pid_strv) static void sigusr2_handler(int signum __attribute__((unused))) { setenv(REEXEC_FLAG, "1", 1); - printf("haproxy-systemd-wrapper: re-executing\n"); + fprintf(stderr, SD_NOTICE "haproxy-systemd-wrapper: re-executing\n"); execv(wrapper_argv[0], wrapper_argv); } @@ -117,7 +119,7 @@ static void sigint_handler(int signum __attribute__((unused))) for (i = 0; i < nb_pid; ++i) { pid = atoi(pid_strv[i]); if (pid > 0) { - printf("haproxy-systemd-wrapper: SIGINT -> %d\n", pid); + fprintf(stderr, SD_DEBUG "haproxy-systemd-wrapper: SIGINT -> %d\n", pid); kill(pid, SIGINT); free(pid_strv[i]); } @@ -180,6 +182,7 @@ int main(int argc, char **argv) while (-1 != wait(&status) || errno == EINTR) ; - printf("haproxy-systemd-wrapper: exit, haproxy RC=%d\n", status); + fprintf(stderr, SD_NOTICE "haproxy-systemd-wrapper: exit, haproxy RC=%d\n", + status); return EXIT_SUCCESS; } -- 1.8.4.5 ++++++ 0015-MINOR-systemd-wrapper-propagate-exit-status.patch ++++++

From 27b806b87289b403728d373020c4aeb5f79eb4bc Mon Sep 17 00:00:00 2001 From: Apollon Oikonomopoulos <apoikos@debian.org> Date: Thu, 17 Apr 2014 13:39:30 +0300 Subject: [PATCH 15/15] MINOR: systemd wrapper: propagate exit status

MINOR: systemd wrapper: propagate exit status Use HAProxy's exit status as the systemd wrapper's exit status instead of always returning EXIT_SUCCESS, permitting the use of systemd's `Restart = on-failure' logic. --- src/haproxy-systemd-wrapper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/haproxy-systemd-wrapper.c b/src/haproxy-systemd-wrapper.c index d4baa90c266e..ba07ebe01ccc 100644 --- a/src/haproxy-systemd-wrapper.c +++ b/src/haproxy-systemd-wrapper.c @@ -184,5 +184,5 @@ int main(int argc, char **argv) fprintf(stderr, SD_NOTICE "haproxy-systemd-wrapper: exit, haproxy RC=%d\n", status); - return EXIT_SUCCESS; + return status; } -- 1.8.4.5 ++++++ haproxy-1.4.24.tar.gz -> haproxy-1.4.25.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.4.24/CHANGELOG new/haproxy-1.4.25/CHANGELOG --- old/haproxy-1.4.24/CHANGELOG 2013-06-17 15:28:14.000000000 +0200 +++ new/haproxy-1.4.25/CHANGELOG 2014-03-27 21:47:43.000000000 +0100 @@ -1,6 +1,41 @@ ChangeLog : =========== +2014/03/27 : 1.4.25 + - DOC: typo: nosepoll self reference in config guide + - BUG/MINOR: deinit: free fdinfo while doing cleanup + - BUG/MEDIUM: server: set the macro for server's max weight SRV_UWGHT_MAX to SRV_UWGHT_RANGE + - BUG/MINOR: use the same check condition for server as other algorithms + - BUG/MINOR: stream-int: also consider ENOTCONN in addition to EAGAIN for recv() + - BUG/MINOR: fix forcing fastinter in "on-error" + - BUG/MEDIUM: http/auth: Sometimes the authentication credentials can be mix between two requests + - BUG/MAJOR: http: don't emit the send-name-header when no server is available + - BUG/MEDIUM: http: "option checkcache" fails with the no-cache header + - MEDIUM: session: disable lingering on the server when the client aborts + - MINOR: config: warn when a server with no specific port uses rdp-cookie + - MEDIUM: increase chunk-size limit to 2GB-1 + - DOC: add a mention about the limited chunk size + - MEDIUM: http: add "redirect scheme" to ease HTTP to HTTPS redirection + - BUILD: proto_tcp: remove a harmless warning + - BUG/MINOR: acl: remove patterns from the tree before freeing them + - BUG/MEDIUM: checks: fix slow start regression after fix attempt + - BUG/MAJOR: server: weight calculation fails for map-based algorithms + - BUG/MINOR: backend: fix target address retrieval in transparent mode + - BUG/MEDIUM: stick: completely remove the unused flag from the store entries + - BUG/MEDIUM: stick-tables: complete the latest fix about store-responses + - BUG/MEDIUM: checks: tracking servers must not inherit the MAINT flag + - BUG/MINOR: stats: report correct throttling percentage for servers in slowstart + - BUG/MINOR: stats: correctly report throttle rate of low weight servers + - BUG/MINOR: checks: successful check completion must not re-enable MAINT servers + - BUG/MEDIUM: stats: the web interface must check the tracked servers before enabling + - BUG/MINOR: channel: initialize xfer_small/xfer_large on new buffers + - BUG/MINOR: stream-int: also consider ENOTCONN in addition to EAGAIN + - BUG/MEDIUM: http: don't start to forward request data before the connect + - DOC: fix misleading information about SIGQUIT + - BUILD: simplify the date and version retrieval in the makefile + - BUILD: prepare the makefile to skip format lines in SUBVERS and VERDATE + - BUILD: use format tags in VERDATE and SUBVERS files + 2013/06/17 : 1.4.24 - BUG/MAJOR: backend: consistent hash can loop forever in certain circumstances - BUG/MEDIUM: checks: disable TCP quickack when pure TCP checks are used diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.4.24/Makefile new/haproxy-1.4.25/Makefile --- old/haproxy-1.4.24/Makefile 2013-06-17 15:28:14.000000000 +0200 +++ new/haproxy-1.4.25/Makefile 2014-03-27 21:47:43.000000000 +0100 @@ -316,11 +316,11 @@ # holding the same names in the current directory. ifeq ($(IGNOREGIT),) -VERSION := $(shell [ -d .git/. ] && ref=`(git describe --tags) 2>/dev/null` && ref=$${ref%-g*} && echo "$${ref\#v}") +VERSION := $(shell [ -d .git/. ] && ref=`(git describe --tags --match 'v*' --abbrev=0) 2>/dev/null` && ref=$${ref%-g*} && echo "$${ref\#v}") ifneq ($(VERSION),) # OK git is there and works. -SUBVERS := $(shell comms=`git log --no-merges v$(VERSION).. 2>/dev/null |grep -c ^commit `; [ $$comms -gt 0 ] && echo "-$$comms" ) -VERDATE := $(shell date +%Y/%m/%d -d "`git log --pretty=fuller HEAD^.. 2>/dev/null | sed -ne '/^CommitDate:/{s/\(^[^ ]*:\)\|\( [-+].*\)//gp;q}'`" ) +SUBVERS := $(shell comms=`git log --format=oneline --no-merges v$(VERSION).. 2>/dev/null | wc -l`; [ $$comms -gt 0 ] && echo "-$$comms") +VERDATE := $(shell git log -1 --pretty=format:%ci | cut -f1 -d' ' | tr '-' '/') endif endif @@ -329,10 +329,10 @@ VERSION := $(shell cat VERSION 2>/dev/null || touch VERSION) endif ifeq ($(SUBVERS),) -SUBVERS := $(shell cat SUBVERS 2>/dev/null || touch SUBVERS) +SUBVERS := $(shell (grep -v '\$$Format' SUBVERS 2>/dev/null || touch SUBVERS) | head -n 1) endif ifeq ($(VERDATE),) -VERDATE := $(shell cat VERDATE 2>/dev/null || touch VERDATE) +VERDATE := $(shell (grep -v '\$$Format' VERDATE 2>/dev/null || touch VERDATE) | head -n 1 | cut -f1 -d' ' | tr '-' '/') endif #### Build options @@ -585,22 +585,22 @@ rm -f *.[oas] src/*.[oas] ebtree/*.[oas] haproxy test for dir in . src include/* doc ebtree; do rm -f $$dir/*~ $$dir/*.rej $$dir/core; done rm -f haproxy-$(VERSION).tar.gz haproxy-$(VERSION)$(SUBVERS).tar.gz - rm -f haproxy-$(VERSION) nohup.out gmon.out + rm -f haproxy-$(VERSION) haproxy-$(VERSION)$(SUBVERS) nohup.out gmon.out tags: find src include \( -name '*.c' -o -name '*.h' \) -print0 | \ xargs -0 etags --declarations --members tar: clean - ln -s . haproxy-$(VERSION) - tar --exclude=haproxy-$(VERSION)/.git \ - --exclude=haproxy-$(VERSION)/haproxy-$(VERSION) \ - --exclude=haproxy-$(VERSION)/haproxy-$(VERSION).tar.gz \ - -cf - haproxy-$(VERSION)/* | gzip -c9 >haproxy-$(VERSION).tar.gz - rm -f haproxy-$(VERSION) + ln -s . haproxy-$(VERSION)$(SUBVERS) + tar --exclude=haproxy-$(VERSION)$(SUBVERS)/.git \ + --exclude=haproxy-$(VERSION)$(SUBVERS)/haproxy-$(VERSION)$(SUBVERS) \ + --exclude=haproxy-$(VERSION)$(SUBVERS)/haproxy-$(VERSION)$(SUBVERS).tar.gz \ + -cf - haproxy-$(VERSION)$(SUBVERS)/* | gzip -c9 >haproxy-$(VERSION)$(SUBVERS).tar.gz + rm -f haproxy-$(VERSION)$(SUBVERS) git-tar: - git archive --format=tar --prefix="haproxy-$(VERSION)/" HEAD | gzip -9 > haproxy-$(VERSION)$(SUBVERS).tar.gz + git archive --format=tar --prefix="haproxy-$(VERSION)$(SUBVERS)/" HEAD | gzip -9 > haproxy-$(VERSION)$(SUBVERS).tar.gz version: @echo "VERSION: $(VERSION)" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.4.24/README new/haproxy-1.4.25/README --- old/haproxy-1.4.24/README 2013-06-17 15:28:14.000000000 +0200 +++ new/haproxy-1.4.25/README 2014-03-27 21:47:43.000000000 +0100 @@ -3,7 +3,7 @@ ---------------------- version 1.4 willy tarreau - 2013/06/17 + 2014/03/27 1) How to build it diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.4.24/SUBVERS new/haproxy-1.4.25/SUBVERS --- old/haproxy-1.4.24/SUBVERS 2013-06-17 15:28:14.000000000 +0200 +++ new/haproxy-1.4.25/SUBVERS 2014-03-27 21:47:43.000000000 +0100 @@ -1 +1,2 @@ +-$Format:%h$ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.4.24/VERDATE new/haproxy-1.4.25/VERDATE --- old/haproxy-1.4.24/VERDATE 2013-06-17 15:28:14.000000000 +0200 +++ new/haproxy-1.4.25/VERDATE 2014-03-27 21:47:43.000000000 +0100 @@ -1 +1,2 @@ -2013/06/17 +$Format:%ci$ +2014/03/27 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.4.24/VERSION new/haproxy-1.4.25/VERSION --- old/haproxy-1.4.24/VERSION 2013-06-17 15:28:14.000000000 +0200 +++ new/haproxy-1.4.25/VERSION 2014-03-27 21:47:43.000000000 +0100 @@ -1 +1 @@ -1.4.24 +1.4.25 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.4.24/doc/configuration.txt new/haproxy-1.4.25/doc/configuration.txt --- old/haproxy-1.4.24/doc/configuration.txt 2013-06-17 15:28:14.000000000 +0200 +++ new/haproxy-1.4.25/doc/configuration.txt 2014-03-27 21:47:43.000000000 +0100 @@ -2,9 +2,9 @@ HAProxy Configuration Manual ---------------------- - version 1.4.24 + version 1.4.25 willy tarreau - 2013/06/17 + 2014/03/27 This document covers the configuration language as implemented in the version @@ -659,7 +659,7 @@ nosepoll Disables the use of the "speculative epoll" event polling system on Linux. It is equivalent to the command-line argument "-ds". The next polling system - used will generally be "epoll". See also "nosepoll", and "nopoll". + used will generally be "epoll". See also "noepoll", and "nopoll". nosplice Disables the use of kernel tcp splicing between sockets on Linux. It is @@ -1141,7 +1141,7 @@ processing time remains equally distributed. This algorithm is dynamic, which means that server weights may be adjusted on the fly for slow starts for instance. It is limited by - design to 4128 active servers per backend. Note that in some + design to 4095 active servers per backend. Note that in some large farms, when a server becomes up after having been down for a very short time, it may sometimes take a few hundreds requests for it to be re-integrated into the farm and start @@ -4039,8 +4039,9 @@ See also : the "backlog" keyword and the "fe_sess_rate" ACL criterion. -redirect location <to> [code <code>] <option> [{if | unless} <condition>] -redirect prefix <to> [code <code>] <option> [{if | unless} <condition>] +redirect location <loc> [code <code>] <option> [{if | unless} <condition>] +redirect prefix <pfx> [code <code>] <option> [{if | unless} <condition>] +redirect scheme <sch> [code <code>] <option> [{if | unless} <condition>] Return an HTTP redirection if/unless a condition is matched May be used in sections : defaults | frontend | listen | backend no | yes | yes | yes @@ -4049,14 +4050,25 @@ response. If no condition is specified, the redirect applies unconditionally. Arguments : - <to> With "redirect location", the exact value in <to> is placed into - the HTTP "Location" header. In case of "redirect prefix", the - "Location" header is built from the concatenation of <to> and the - complete URI, including the query string, unless the "drop-query" - option is specified (see below). As a special case, if <to> - equals exactly "/" in prefix mode, then nothing is inserted - before the original URI. It allows one to redirect to the same - URL. + <loc> With "redirect location", the exact value in <loc> is placed into + the HTTP "Location" header. + + <pfx> With "redirect prefix", the "Location" header is built from the + concatenation of <pfx> and the complete URI path, including the + query string, unless the "drop-query" option is specified (see + below). As a special case, if <pfx> equals exactly "/", then + nothing is inserted before the original URI. It allows one to + redirect to the same URL (for instance, to insert a cookie). + + <sch> With "redirect scheme", then the "Location" header is built by + concatenating <sch> with "://" then the first occurrence of the + "Host" header, and then the URI path, including the query string + unless the "drop-query" option is specified (see below). If no + path is found or if the path is "*", then "/" is used instead. If + no "Host" header is found, then an empty host component will be + returned, which most recent browsers interprete as redirecting to + the same host. This directive is mostly used to redirect HTTP to + HTTPS. <code> The code is optional. It indicates which type of HTTP redirection is desired. Only codes 301, 302, 303, 307 and 308 are supported, @@ -4117,6 +4129,9 @@ acl missing_slash path_reg ^/article/[^/]*$ redirect code 301 prefix / drop-query append-slash if missing_slash + Example: redirect all HTTP traffic to HTTPS when SSL is handled by haproxy. + redirect scheme https if !{ is_ssl } + See section 7 about ACL usage. @@ -5383,7 +5398,12 @@ request or the response, regardless of the number of rules. Only the 8 first ones which match will be kept. Using this, it is possible to feed multiple tables at once in the hope to increase the chance to recognize a user on - another protocol or access method. + another protocol or access method. Using multiple store-request rules with + the same table is possible and may be used to find the best criterion to rely + on, by arranging the rules by decreasing preference order. Only the first + extracted criterion for a given table will be stored. All subsequent store- + request rules referencing the same table will be skipped and their ACLs will + not be evaluated. The "store-request" rules are evaluated once the server connection has been established, so that the table will contain the real server that processed @@ -8044,7 +8064,8 @@ PD The proxy blocked an incorrectly formatted chunked encoded message in a request or a response, after the server has emitted its headers. In most cases, this will indicate an invalid message from the server to - the client. + the client. Haproxy supports chunk sizes of up to 2GB - 1 (2147483647 + bytes). Any larger size will be considered as an error. PH The proxy blocked the server's response, because it was invalid, incomplete, dangerous (cache control), or matched a security filter. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.4.24/doc/haproxy.1 new/haproxy-1.4.25/doc/haproxy.1 --- old/haproxy-1.4.24/doc/haproxy.1 2013-06-17 15:28:14.000000000 +0200 +++ new/haproxy-1.4.25/doc/haproxy.1 2014-03-27 21:47:43.000000000 +0100 @@ -157,7 +157,7 @@ Dumps the status of all proxies and servers into the logs. Mostly used for trouble-shooting purposes. .TP \- \fBSIGQUIT\fP -Dumps information about memory pools into the logs. Mostly used for debugging purposes. +Dumps information about memory pools on stderr. Mostly used for debugging purposes. .TP \- \fBSIGPIPE\fP This signal is intercepted and ignored on systems without \fBMSG_NOSIGNAL\fP. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.4.24/examples/haproxy.spec new/haproxy-1.4.25/examples/haproxy.spec --- old/haproxy-1.4.24/examples/haproxy.spec 2013-06-17 15:28:14.000000000 +0200 +++ new/haproxy-1.4.25/examples/haproxy.spec 2014-03-27 21:47:43.000000000 +0100 @@ -1,6 +1,6 @@ Summary: HA-Proxy is a TCP/HTTP reverse proxy for high availability environments Name: haproxy -Version: 1.4.24 +Version: 1.4.25 Release: 1 License: GPL Group: System Environment/Daemons @@ -76,6 +76,12 @@ %attr(0755,root,root) %config %{_sysconfdir}/rc.d/init.d/%{name} %changelog +* Thu Mar 27 2014 Willy Tarreau <w@1wt.eu> +- updated to 1.4.25 + +* Thu Mar 27 2014 Willy Tarreau <w@1wt.eu> +- updated to 1.4.25 + * Mon Jun 17 2013 Willy Tarreau <w@1wt.eu> - updated to 1.4.24 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.4.24/include/proto/buffers.h new/haproxy-1.4.25/include/proto/buffers.h --- old/haproxy-1.4.24/include/proto/buffers.h 2013-06-17 15:28:14.000000000 +0200 +++ new/haproxy-1.4.25/include/proto/buffers.h 2014-03-27 21:47:43.000000000 +0100 @@ -44,6 +44,7 @@ { buf->send_max = 0; buf->to_forward = 0; + buf->xfer_small = buf->xfer_large = 0; buf->l = buf->total = 0; buf->pipe = NULL; buf->analysers = 0; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.4.24/include/proto/server.h new/haproxy-1.4.25/include/proto/server.h --- old/haproxy-1.4.24/include/proto/server.h 2013-06-17 15:28:14.000000000 +0200 +++ new/haproxy-1.4.25/include/proto/server.h 2014-03-27 21:47:43.000000000 +0100 @@ -46,6 +46,26 @@ #endif /* _PROTO_SERVER_H */ +/* Recomputes the server's eweight based on its state, uweight, the current time, + * and the proxy's algorihtm. To be used after updating sv->uweight. The warmup + * state is automatically disabled if the time is elapsed. + */ +void server_recalc_eweight(struct server *sv); + +/* returns the current server throttle rate between 0 and 100% */ +static inline unsigned int server_throttle_rate(struct server *sv) +{ + struct proxy *px = sv->proxy; + + /* when uweight is 0, we're in soft-stop so that cannot be a slowstart, + * thus the throttle is 100%. + */ + if (!sv->uweight) + return 100; + + return (100U * px->lbprm.wmult * sv->eweight + px->lbprm.wdiv - 1) / (px->lbprm.wdiv * sv->uweight); +} + /* * Local variables: * c-indent-level: 8 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.4.24/include/types/backend.h new/haproxy-1.4.25/include/types/backend.h --- old/haproxy-1.4.24/include/types/backend.h 2013-06-17 15:28:14.000000000 +0200 +++ new/haproxy-1.4.25/include/types/backend.h 2014-03-27 21:47:43.000000000 +0100 @@ -102,8 +102,8 @@ * weight modulation even with small weights (eg: 1). It should not be too high * though because it limits the number of servers in FWRR mode in order to * prevent any integer overflow. The max number of servers per backend is - * limited to about 2^32/255^2/scale ~= 66051/scale. A scale of 16 looks like - * a good value, as it allows more than 4000 servers per backend while leaving + * limited to about (2^32-1)/256^2/scale ~= 65535.9999/scale. A scale of 16 + * looks like a good value, as it allows 4095 servers per backend while leaving * modulation steps of about 6% for servers with the lowest weight (1). */ #define BE_WEIGHT_SCALE 16 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.4.24/include/types/proto_http.h new/haproxy-1.4.25/include/types/proto_http.h --- old/haproxy-1.4.24/include/types/proto_http.h 2013-06-17 15:28:14.000000000 +0200 +++ new/haproxy-1.4.25/include/types/proto_http.h 2014-03-27 21:47:43.000000000 +0100 @@ -224,6 +224,7 @@ REDIRECT_TYPE_NONE = 0, /* no redirection */ REDIRECT_TYPE_LOCATION, /* location redirect */ REDIRECT_TYPE_PREFIX, /* prefix redirect */ + REDIRECT_TYPE_SCHEME, /* scheme redirect (eg: switch from http to https) */ }; /* Perist types (force-persist, ignore-persist) */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.4.24/include/types/server.h new/haproxy-1.4.25/include/types/server.h --- old/haproxy-1.4.24/include/types/server.h 2013-06-17 15:28:14.000000000 +0200 +++ new/haproxy-1.4.25/include/types/server.h 2014-03-27 21:47:43.000000000 +0100 @@ -69,7 +69,7 @@ /* various constants */ #define SRV_UWGHT_RANGE 256 -#define SRV_UWGHT_MAX (SRV_UWGHT_RANGE - 1) +#define SRV_UWGHT_MAX (SRV_UWGHT_RANGE) #define SRV_EWGHT_RANGE (SRV_UWGHT_RANGE * BE_WEIGHT_SCALE) #define SRV_EWGHT_MAX (SRV_UWGHT_MAX * BE_WEIGHT_SCALE) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.4.24/include/types/session.h new/haproxy-1.4.25/include/types/session.h --- old/haproxy-1.4.24/include/types/session.h 2013-06-17 15:28:14.000000000 +0200 +++ new/haproxy-1.4.25/include/types/session.h 2014-03-27 21:47:43.000000000 +0100 @@ -83,6 +83,8 @@ #define SN_IGNORE_PRST 0x00100000 /* ignore persistence */ +#define SN_WAIT_CONN 0x00200000 /* don't connect yet */ + /* WARNING: if new fields are added, they must be initialized in event_accept() * and freed in session_free() ! */ @@ -182,7 +184,6 @@ struct { struct stksess *ts; struct stktable *table; - int flags; } store[8]; /* tracked stickiness values to store */ int store_count; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.4.24/src/acl.c new/haproxy-1.4.25/src/acl.c --- old/haproxy-1.4.24/src/acl.c 2013-06-17 15:28:14.000000000 +0200 +++ new/haproxy-1.4.25/src/acl.c 2014-03-27 21:47:43.000000000 +0100 @@ -770,6 +770,7 @@ node = eb_first(root); while (node) { next = eb_next(node); + eb_delete(node); free(node); node = next; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.4.24/src/backend.c new/haproxy-1.4.25/src/backend.c --- old/haproxy-1.4.24/src/backend.c 2013-06-17 15:28:14.000000000 +0200 +++ new/haproxy-1.4.25/src/backend.c 2014-03-27 21:47:43.000000000 +0100 @@ -663,7 +663,7 @@ * the client asked, which is handy for remapping ports * locally on multiple addresses at once. */ - if (!(s->be->options & PR_O_TRANSP) && !(s->flags & SN_FRT_ADDR_SET)) + if (!(s->flags & SN_FRT_ADDR_SET)) get_frt_addr(s); s->srv_addr.sin_addr = ((struct sockaddr_in *)&s->frt_addr)->sin_addr; @@ -672,7 +672,7 @@ /* if this server remaps proxied ports, we'll use * the port the client connected to with an offset. */ if (s->srv->state & SRV_MAPPORTS) { - if (!(s->be->options & PR_O_TRANSP) && !(s->flags & SN_FRT_ADDR_SET)) + if (!(s->flags & SN_FRT_ADDR_SET)) get_frt_addr(s); if (s->frt_addr.ss_family == AF_INET) { s->srv_addr.sin_port = htons(ntohs(s->srv_addr.sin_port) + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.4.24/src/cfgparse.c new/haproxy-1.4.25/src/cfgparse.c --- old/haproxy-1.4.24/src/cfgparse.c 2013-06-17 15:28:14.000000000 +0200 +++ new/haproxy-1.4.25/src/cfgparse.c 2014-03-27 21:47:43.000000000 +0100 @@ -2182,6 +2182,18 @@ cur_arg++; destination = args[cur_arg]; } + else if (!strcmp(args[cur_arg], "scheme")) { + if (!*args[cur_arg + 1]) { + Alert("parsing [%s:%d] : '%s': missing argument for '%s'.\n", + file, linenum, args[0], args[cur_arg]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + type = REDIRECT_TYPE_SCHEME; + cur_arg++; + destination = args[cur_arg]; + } else if (!strcmp(args[cur_arg], "set-cookie")) { if (!*args[cur_arg + 1]) { Alert("parsing [%s:%d] : '%s': missing argument for '%s'.\n", @@ -2240,7 +2252,7 @@ break; } else { - Alert("parsing [%s:%d] : '%s' expects 'code', 'prefix', 'location', 'set-cookie', 'clear-cookie', 'drop-query' or 'append-slash' (was '%s').\n", + Alert("parsing [%s:%d] : '%s' expects 'code', 'prefix', 'location', 'scheme', 'set-cookie', 'clear-cookie', 'drop-query' or 'append-slash' (was '%s').\n", file, linenum, args[0], args[cur_arg]); err_code |= ERR_ALERT | ERR_FATAL; goto out; @@ -3639,9 +3651,9 @@ else if (!strcmp(args[cur_arg], "weight")) { int w; w = atol(args[cur_arg + 1]); - if (w < 0 || w > 256) { - Alert("parsing [%s:%d] : weight of server %s is not within 0 and 256 (%d).\n", - file, linenum, newsrv->id, w); + if (w < 0 || w > SRV_UWGHT_MAX) { + Alert("parsing [%s:%d] : weight of server %s is not within 0 and %d (%d).\n", + file, linenum, newsrv->id, SRV_UWGHT_MAX, w); err_code |= ERR_ALERT | ERR_FATAL; goto out; } @@ -5506,7 +5518,6 @@ /* if the other server is forced disabled, we have to do the same here */ if (srv->state & SRV_MAINTAIN) { - newsrv->state |= SRV_MAINTAIN; newsrv->state &= ~SRV_RUNNING; newsrv->health = 0; } @@ -5637,6 +5648,12 @@ proxy_type_str(curproxy), curproxy->id, newsrv->id); err_code |= ERR_WARN; } + + if ((newsrv->state & SRV_MAPPORTS) && (curproxy->options2 & PR_O2_RDPC_PRST)) { + Warning("config : %s '%s' : RDP cookie persistence will not work for server '%s' because it lacks an explicit port number.\n", + proxy_type_str(curproxy), curproxy->id, newsrv->id); + err_code |= ERR_WARN; + } #if defined(CONFIG_HAP_CTTPROXY) || defined(CONFIG_HAP_LINUX_TPROXY) if (curproxy->mode != PR_MODE_HTTP && newsrv->bind_hdr_occ) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.4.24/src/checks.c new/haproxy-1.4.25/src/checks.c --- old/haproxy-1.4.24/src/checks.c 2013-06-17 15:28:14.000000000 +0200 +++ new/haproxy-1.4.25/src/checks.c 2014-03-27 21:47:43.000000000 +0100 @@ -451,18 +451,10 @@ if (s->slowstart > 0) { s->state |= SRV_WARMINGUP; - if (s->proxy->lbprm.algo & BE_LB_PROP_DYN) { - /* For dynamic algorithms, start at the first step of the weight, - * without multiplying by BE_WEIGHT_SCALE. - */ - s->eweight = s->uweight; - if (s->proxy->lbprm.update_server_eweight) - s->proxy->lbprm.update_server_eweight(s); - } task_schedule(s->warmup, tick_add(now_ms, MS_TO_TICKS(MAX(1000, s->slowstart / 20)))); } - if (s->proxy->lbprm.set_server_status_up) - s->proxy->lbprm.set_server_status_up(s); + + server_recalc_eweight(s); /* check if we can handle some connections queued at the proxy. We * will take as many as we can handle. @@ -657,8 +649,11 @@ if (s->fastinter) { expire = tick_add(now_ms, MS_TO_TICKS(s->fastinter)); - if (s->check->expire > expire) + if (s->check->expire > expire) { s->check->expire = expire; + /* requeue check task with new expire */ + task_queue(s->check); + } } } @@ -1202,23 +1197,7 @@ if ((s->state & (SRV_RUNNING|SRV_WARMINGUP|SRV_MAINTAIN)) != (SRV_RUNNING|SRV_WARMINGUP)) return t; - if (now.tv_sec < s->last_change || now.tv_sec >= s->last_change + s->slowstart) { - /* go to full throttle if the slowstart interval is reached */ - s->state &= ~SRV_WARMINGUP; - if (s->proxy->lbprm.algo & BE_LB_PROP_DYN) - s->eweight = s->uweight * BE_WEIGHT_SCALE; - if (s->proxy->lbprm.update_server_eweight) - s->proxy->lbprm.update_server_eweight(s); - } - else if (s->proxy->lbprm.algo & BE_LB_PROP_DYN) { - /* for dynamic algorithms, let's slowly update the weight */ - s->eweight = (BE_WEIGHT_SCALE * (now.tv_sec - s->last_change) + - s->slowstart - 1) / s->slowstart; - s->eweight *= s->uweight; - if (s->proxy->lbprm.update_server_eweight) - s->proxy->lbprm.update_server_eweight(s); - } - /* Note that static algorithms are already running at full throttle */ + server_recalc_eweight(s); /* probably that we can refill this server with a bit more connections */ check_for_pending(s); @@ -1498,9 +1477,8 @@ set_server_disabled(s); } - if (s->health < s->rise + s->fall - 1) { + if (!(s->state & SRV_MAINTAIN) && s->health < s->rise + s->fall - 1) { s->health++; /* was bad, stays for a while */ - set_server_up(s); } s->curfd = -1; /* no check running anymore */ @@ -1573,6 +1551,20 @@ */ for (px = proxy; px; px = px->next) { for (s = px->srv; s; s = s->next) { + if (s->slowstart) { + if ((t = task_new()) == NULL) { + Alert("Starting [%s:%s] check: out of memory.\n", px->id, s->id); + return -1; + } + /* We need a warmup task that will be called when the server + * state switches from down to up. + */ + s->warmup = t; + t->process = server_warmup; + t->context = s; + t->expire = TICK_ETERNITY; + } + if (!(s->state & SRV_CHECKED)) continue; @@ -1596,20 +1588,6 @@ */ for (px = proxy; px; px = px->next) { for (s = px->srv; s; s = s->next) { - if (s->slowstart) { - if ((t = task_new()) == NULL) { - Alert("Starting [%s:%s] check: out of memory.\n", px->id, s->id); - return -1; - } - /* We need a warmup task that will be called when the server - * state switches from down to up. - */ - s->warmup = t; - t->process = server_warmup; - t->context = s; - t->expire = TICK_ETERNITY; - } - if (!(s->state & SRV_CHECKED)) continue; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.4.24/src/dumpstats.c new/haproxy-1.4.25/src/dumpstats.c --- old/haproxy-1.4.24/src/dumpstats.c 2013-06-17 15:28:14.000000000 +0200 +++ new/haproxy-1.4.25/src/dumpstats.c 2014-03-27 21:47:43.000000000 +0100 @@ -513,30 +513,7 @@ } sv->uweight = w; - - if (px->lbprm.algo & BE_LB_PROP_DYN) { - /* we must take care of not pushing the server to full throttle during slow starts */ - if ((sv->state & SRV_WARMINGUP) && (px->lbprm.algo & BE_LB_PROP_DYN)) - sv->eweight = (BE_WEIGHT_SCALE * (now.tv_sec - sv->last_change) + sv->slowstart - 1) / sv->slowstart; - else - sv->eweight = BE_WEIGHT_SCALE; - sv->eweight *= sv->uweight; - } else { - sv->eweight = sv->uweight; - } - - /* static LB algorithms are a bit harder to update */ - if (px->lbprm.update_server_eweight) - px->lbprm.update_server_eweight(sv); - else if (sv->eweight) { - if (px->lbprm.set_server_status_up) - px->lbprm.set_server_status_up(sv); - } - else { - if (px->lbprm.set_server_status_down) - px->lbprm.set_server_status_down(sv); - } - + server_recalc_eweight(sv); return 1; } else if (strcmp(args[1], "timeout") == 0) { @@ -2120,17 +2097,10 @@ "<td colspan=3></td>"); /* throttle */ - if ((sv->state & SRV_WARMINGUP) && - now.tv_sec < sv->last_change + sv->slowstart && - now.tv_sec >= sv->last_change) { - unsigned int ratio; - ratio = MAX(1, 100 * (now.tv_sec - sv->last_change) / sv->slowstart); - chunk_printf(&msg, - "<td class=ac>%d %%</td></tr>\n", ratio); - } else { - chunk_printf(&msg, - "<td class=ac>-</td></tr>\n"); - } + if (sv->state & SRV_WARMINGUP) + chunk_printf(&msg, "<td class=ac>%d %%</td></tr>\n", server_throttle_rate(sv)); + else + chunk_printf(&msg, "<td class=ac>-</td></tr>\n"); } else { static char *srv_hlt_st[7] = { "DOWN,", "DOWN %d/%d,", "UP %d/%d,", "UP,", @@ -2200,13 +2170,8 @@ relative_pid, px->uuid, sv->puid); /* throttle */ - if ((sv->state & SRV_WARMINGUP) && - now.tv_sec < sv->last_change + sv->slowstart && - now.tv_sec >= sv->last_change) { - unsigned int ratio; - ratio = MAX(1, 100 * (now.tv_sec - sv->last_change) / sv->slowstart); - chunk_printf(&msg, "%d", ratio); - } + if (sv->state & SRV_WARMINGUP) + chunk_printf(&msg, "%d", server_throttle_rate(sv)); /* sessions: lbtot */ chunk_printf(&msg, ",%lld,", sv->counters.cum_lbconn); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.4.24/src/haproxy.c new/haproxy-1.4.25/src/haproxy.c --- old/haproxy-1.4.24/src/haproxy.c 2013-06-17 15:28:14.000000000 +0200 +++ new/haproxy-1.4.25/src/haproxy.c 2014-03-27 21:47:43.000000000 +0100 @@ -1,6 +1,6 @@ /* * HA-Proxy : High Availability-enabled HTTP/TCP proxy - * Copyright 2000-2013 Willy Tarreau <w@1wt.eu>. + * Copyright 2000-2014 Willy Tarreau <w@1wt.eu>. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -159,7 +159,7 @@ void display_version() { printf("HA-Proxy version " HAPROXY_VERSION " " HAPROXY_DATE"\n"); - printf("Copyright 2000-2013 Willy Tarreau <w@1wt.eu>\n\n"); + printf("Copyright 2000-2014 Willy Tarreau <w@1wt.eu>\n\n"); } void display_build_opts() @@ -941,6 +941,7 @@ free(global.pidfile); global.pidfile = NULL; free(global.node); global.node = NULL; free(global.desc); global.desc = NULL; + free(fdinfo); fdinfo = NULL; free(fdtab); fdtab = NULL; free(oldpids); oldpids = NULL; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.4.24/src/lb_chash.c new/haproxy-1.4.25/src/lb_chash.c --- old/haproxy-1.4.24/src/lb_chash.c 2013-06-17 15:28:14.000000000 +0200 +++ new/haproxy-1.4.25/src/lb_chash.c 2014-03-27 21:47:43.000000000 +0100 @@ -405,7 +405,8 @@ p->lbprm.wdiv = BE_WEIGHT_SCALE; for (srv = p->srv; srv; srv = srv->next) { - srv->prev_eweight = srv->eweight = srv->uweight * BE_WEIGHT_SCALE; + srv->eweight = (srv->uweight * p->lbprm.wdiv + p->lbprm.wmult - 1) / p->lbprm.wmult; + srv->prev_eweight = srv->eweight; srv->prev_state = srv->state; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.4.24/src/lb_fwlc.c new/haproxy-1.4.25/src/lb_fwlc.c --- old/haproxy-1.4.24/src/lb_fwlc.c 2013-06-17 15:28:14.000000000 +0200 +++ new/haproxy-1.4.25/src/lb_fwlc.c 2014-03-27 21:47:43.000000000 +0100 @@ -244,7 +244,8 @@ p->lbprm.wdiv = BE_WEIGHT_SCALE; for (srv = p->srv; srv; srv = srv->next) { - srv->prev_eweight = srv->eweight = srv->uweight * BE_WEIGHT_SCALE; + srv->eweight = (srv->uweight * p->lbprm.wdiv + p->lbprm.wmult - 1) / p->lbprm.wmult; + srv->prev_eweight = srv->eweight; srv->prev_state = srv->state; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.4.24/src/lb_fwrr.c new/haproxy-1.4.25/src/lb_fwrr.c --- old/haproxy-1.4.24/src/lb_fwrr.c 2013-06-17 15:28:14.000000000 +0200 +++ new/haproxy-1.4.25/src/lb_fwrr.c 2014-03-27 21:47:43.000000000 +0100 @@ -272,7 +272,8 @@ p->lbprm.wdiv = BE_WEIGHT_SCALE; for (srv = p->srv; srv; srv = srv->next) { - srv->prev_eweight = srv->eweight = srv->uweight * BE_WEIGHT_SCALE; + srv->eweight = (srv->uweight * p->lbprm.wdiv + p->lbprm.wmult - 1) / p->lbprm.wmult; + srv->prev_eweight = srv->eweight; srv->prev_state = srv->state; } @@ -343,7 +344,7 @@ * lower the scale, the rougher the weights modulation, and the * higher the scale, the lower the number of servers without * overflow. With this formula, the result is always positive, - * so we can use eb3�_insert(). + * so we can use eb32_insert(). */ s->lb_node.key = SRV_UWGHT_RANGE * s->npos + (unsigned)(SRV_EWGHT_MAX + s->rweight - s->eweight) / BE_WEIGHT_SCALE; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.4.24/src/lb_map.c new/haproxy-1.4.25/src/lb_map.c --- old/haproxy-1.4.24/src/lb_map.c 2013-06-17 15:28:14.000000000 +0200 +++ new/haproxy-1.4.25/src/lb_map.c 2014-03-27 21:47:43.000000000 +0100 @@ -180,7 +180,7 @@ act = bck = 0; for (srv = p->srv; srv; srv = srv->next) { - srv->eweight = srv->uweight / pgcd; + srv->eweight = (srv->uweight * p->lbprm.wdiv + p->lbprm.wmult - 1) / p->lbprm.wmult; srv->prev_eweight = srv->eweight; srv->prev_state = srv->state; if (srv->state & SRV_BACKUP) @@ -229,7 +229,7 @@ avoididx = 0; /* shut a gcc warning */ do { srv = px->lbprm.map.srv[newidx++]; - if (!srv->maxconn || srv->cur_sess < srv_dynamic_maxconn(srv)) { + if (!srv->maxconn || (!srv->nbpend && srv->served < srv_dynamic_maxconn(srv))) { /* make sure it is not the server we are try to exclude... */ if (srv != srvtoavoid) { px->lbprm.map.rr_idx = newidx; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.4.24/src/proto_http.c new/haproxy-1.4.25/src/proto_http.c --- old/haproxy-1.4.24/src/proto_http.c 2013-06-17 15:28:14.000000000 +0200 +++ new/haproxy-1.4.25/src/proto_http.c 2014-03-27 21:47:43.000000000 +0100 @@ -1529,7 +1529,9 @@ * Returns the data from Authorization header. Function may be called more * than once so data is stored in txn->auth_data. When no header is found * or auth method is unknown auth_method is set to HTTP_AUTH_WRONG to avoid - * searching again for something we are unable to find anyway. + * searching again for something we are unable to find anyway. However, if + * the result if valid, the cache is not reused because we would risk to + * have the credentials overwritten by another session in parallel. */ char get_http_auth_buff[BUFSIZE]; @@ -1551,9 +1553,6 @@ if (txn->auth.method == HTTP_AUTH_WRONG) return 0; - if (txn->auth.method) - return 1; - txn->auth.method = HTTP_AUTH_WRONG; ctx.idx = 0; @@ -2112,7 +2111,7 @@ break; if (++ptr >= end) ptr = buf->data; - if (chunk & 0xF000000) /* overflow will occur */ + if (chunk & 0xF8000000) /* integer overflow will occur if result >= 2GB */ goto error; chunk = (chunk << 4) + c; } @@ -3009,9 +3008,18 @@ break; case ST_ADM_ACTION_ENABLE: if ((px->state != PR_STSTOPPED) && (sv->state & SRV_MAINTAIN)) { - /* Already in maintenance, we can change the server state */ - set_server_up(sv); - sv->health = sv->rise; /* up, but will fall down at first failure */ + /* Already in maintenance, we can change the server state. + * If this server tracks the status of another one, + * we must restore the good status. + */ + if (!sv->tracked || (sv->tracked->state & SRV_RUNNING)) { + set_server_up(sv); + sv->health = sv->rise; /* up, but will fall down at first failure */ + } + else { + sv->state &= ~SRV_MAINTAIN; + set_server_down(sv); + } altered_servers++; total_servers++; } @@ -3023,28 +3031,8 @@ else sv->uweight = 0; - if (px->lbprm.algo & BE_LB_PROP_DYN) { - /* we must take care of not pushing the server to full throttle during slow starts */ - if ((sv->state & SRV_WARMINGUP) && (px->lbprm.algo & BE_LB_PROP_DYN)) - sv->eweight = (BE_WEIGHT_SCALE * (now.tv_sec - sv->last_change) + sv->slowstart - 1) / sv->slowstart; - else - sv->eweight = BE_WEIGHT_SCALE; - sv->eweight *= sv->uweight; - } else { - sv->eweight = sv->uweight; - } + server_recalc_eweight(sv); - /* static LB algorithms are a bit harder to update */ - if (px->lbprm.update_server_eweight) - px->lbprm.update_server_eweight(sv); - else if (sv->eweight) { - if (px->lbprm.set_server_status_up) - px->lbprm.set_server_status_up(sv); - } - else { - if (px->lbprm.set_server_status_down) - px->lbprm.set_server_status_down(sv); - } altered_servers++; total_servers++; break; @@ -3390,6 +3378,71 @@ goto return_bad_req; switch(rule->type) { + case REDIRECT_TYPE_SCHEME: { + const char *path; + const char *host; + struct hdr_ctx ctx; + int pathlen; + int hostlen; + + host = ""; + hostlen = 0; + ctx.idx = 0; + if (http_find_header2("Host", 4, msg->sol, &txn->hdr_idx, &ctx)) { + host = ctx.line + ctx.val; + hostlen = ctx.vlen; + } + + path = http_get_path(txn); + /* build message using path */ + if (path) { + pathlen = txn->req.sl.rq.u_l + (txn->req.sol + txn->req.sl.rq.u) - path; + if (rule->flags & REDIRECT_FLAG_DROP_QS) { + int qs = 0; + while (qs < pathlen) { + if (path[qs] == '?') { + pathlen = qs; + break; + } + qs++; + } + } + } else { + path = "/"; + pathlen = 1; + } + + /* check if we can add scheme + "://" + host + path */ + if (rdr.len + rule->rdr_len + 3 + hostlen + pathlen > rdr.size - 4) + goto return_bad_req; + + /* add scheme */ + memcpy(rdr.str + rdr.len, rule->rdr_str, rule->rdr_len); + rdr.len += rule->rdr_len; + + /* add "://" */ + memcpy(rdr.str + rdr.len, "://", 3); + rdr.len += 3; + + /* add host */ + memcpy(rdr.str + rdr.len, host, hostlen); + rdr.len += hostlen; + + /* add path */ + memcpy(rdr.str + rdr.len, path, pathlen); + rdr.len += pathlen; + + /* append a slash at the end of the location is needed and missing */ + if (rdr.len && rdr.str[rdr.len - 1] != '/' && + (rule->flags & REDIRECT_FLAG_APPEND_SLASH)) { + if (rdr.len > rdr.size - 5) + goto return_bad_req; + rdr.str[rdr.len] = '/'; + rdr.len++; + } + + break; + } case REDIRECT_TYPE_PREFIX: { const char *path; int pathlen; @@ -4116,7 +4169,7 @@ s->req->flags &= ~(BF_SHUTW|BF_SHUTW_NOW|BF_AUTO_CONNECT|BF_WRITE_ERROR|BF_STREAMER|BF_STREAMER_FAST|BF_NEVER_WAIT); s->rep->flags &= ~(BF_SHUTR|BF_SHUTR_NOW|BF_READ_ATTACHED|BF_READ_ERROR|BF_READ_NOEXP|BF_STREAMER|BF_STREAMER_FAST|BF_WRITE_PARTIAL|BF_NEVER_WAIT); s->flags &= ~(SN_DIRECT|SN_ASSIGNED|SN_ADDR_SET|SN_BE_ASSIGNED|SN_FORCE_PRST|SN_IGNORE_PRST); - s->flags &= ~(SN_CURR_SESS|SN_REDIRECTABLE); + s->flags &= ~(SN_CURR_SESS|SN_REDIRECTABLE|SN_WAIT_CONN); s->txn.meth = 0; http_reset_txn(s); s->txn.flags |= TX_NOT_FIRST | TX_WAIT_NEXT_RQ; @@ -4523,6 +4576,18 @@ buffer_dont_close(req); + /* Some post-connect processing might want us to refrain from starting to + * forward data. Currently, the only reason for this is "balance url_param" + * whichs need to parse/process the request after we've enabled forwarding. + */ + if (unlikely(s->flags & SN_WAIT_CONN)) { + if (!(s->rep->flags & BF_READ_ATTACHED)) { + buffer_auto_connect(req); + goto missing_data; + } + s->flags &= ~SN_WAIT_CONN; + } + /* Note that we don't have to send 100-continue back because we don't * need the data to complete our job, and it's up to the server to * decide whether to return 100, 417 or anything else in return of @@ -7373,6 +7438,7 @@ /* OK, so we know that either p2 points to the end of string or to a comma */ if (((p2 - p1 == 7) && strncasecmp(p1, "private", 7) == 0) || + ((p2 - p1 == 8) && strncasecmp(p1, "no-cache", 8) == 0) || ((p2 - p1 == 8) && strncasecmp(p1, "no-store", 8) == 0) || ((p2 - p1 == 9) && strncasecmp(p1, "max-age=0", 9) == 0) || ((p2 - p1 == 10) && strncasecmp(p1, "s-maxage=0", 10) == 0)) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.4.24/src/proto_tcp.c new/haproxy-1.4.25/src/proto_tcp.c --- old/haproxy-1.4.24/src/proto_tcp.c 2013-06-17 15:28:14.000000000 +0200 +++ new/haproxy-1.4.25/src/proto_tcp.c 2014-03-27 21:47:43.000000000 +0100 @@ -870,7 +870,6 @@ if (!strcmp(args[1], "content")) { int action; int warn = 0; - int pol = ACL_COND_NONE; struct acl_cond *cond; struct tcp_rule *rule; @@ -891,7 +890,6 @@ return -1; } - pol = ACL_COND_NONE; cond = NULL; if (strcmp(args[3], "if") == 0 || strcmp(args[3], "unless") == 0) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.4.24/src/proxy.c new/haproxy-1.4.25/src/proxy.c --- old/haproxy-1.4.24/src/proxy.c 2013-06-17 15:28:14.000000000 +0200 +++ new/haproxy-1.4.25/src/proxy.c 2014-03-27 21:47:43.000000000 +0100 @@ -756,6 +756,15 @@ hdr_idx_init(&s->txn.hdr_idx); } + /* If an LB algorithm needs to access some pre-parsed body contents, + * we must not start to forward anything until the connection is + * confirmed otherwise we'll lose the pointer to these data and + * prevent the hash from being doable again after a redispatch. + */ + if (be->mode == PR_MODE_HTTP && + ((be->lbprm.algo & BE_LB_PARM) == BE_LB_HASH_PRM)) + s->flags |= SN_WAIT_CONN; + if (be->options2 & PR_O2_NODELAY) { s->req->flags |= BF_NEVER_WAIT; s->rep->flags |= BF_NEVER_WAIT; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.4.24/src/server.c new/haproxy-1.4.25/src/server.c --- old/haproxy-1.4.24/src/server.c 2013-06-17 15:28:14.000000000 +0200 +++ new/haproxy-1.4.25/src/server.c 2014-03-27 21:47:43.000000000 +0100 @@ -35,6 +35,42 @@ return (s->fastinter)?(s->fastinter):(s->inter); } +/* Recomputes the server's eweight based on its state, uweight, the current time, + * and the proxy's algorihtm. To be used after updating sv->uweight. The warmup + * state is automatically disabled if the time is elapsed. + */ +void server_recalc_eweight(struct server *sv) +{ + struct proxy *px = sv->proxy; + unsigned w; + + if (now.tv_sec < sv->last_change || now.tv_sec >= sv->last_change + sv->slowstart) { + /* go to full throttle if the slowstart interval is reached */ + sv->state &= ~SRV_WARMINGUP; + } + + /* We must take care of not pushing the server to full throttle during slow starts. + * It must also start immediately, at least at the minimal step when leaving maintenance. + */ + if ((sv->state & SRV_WARMINGUP) && (px->lbprm.algo & BE_LB_PROP_DYN)) + w = (px->lbprm.wdiv * (now.tv_sec - sv->last_change) + sv->slowstart) / sv->slowstart; + else + w = px->lbprm.wdiv; + + sv->eweight = (sv->uweight * w + px->lbprm.wmult - 1) / px->lbprm.wmult; + + /* now propagate the status change to any LB algorithms */ + if (px->lbprm.update_server_eweight) + px->lbprm.update_server_eweight(sv); + else if (sv->eweight) { + if (px->lbprm.set_server_status_up) + px->lbprm.set_server_status_up(sv); + } + else { + if (px->lbprm.set_server_status_down) + px->lbprm.set_server_status_down(sv); + } +} /* * Local variables: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.4.24/src/session.c new/haproxy-1.4.25/src/session.c --- old/haproxy-1.4.24/src/session.c 2013-06-17 15:28:14.000000000 +0200 +++ new/haproxy-1.4.25/src/session.c 2014-03-27 21:47:43.000000000 +0100 @@ -674,6 +674,13 @@ int ret = 1 ; int i; + /* Only the first stick store-request of each table is applied + * and other ones are ignored. The purpose is to allow complex + * configurations which look for multiple entries by decreasing + * order of precision and to stop at the first which matches. + * An example could be a store of the IP address from an HTTP + * header first, then from the source if not found. + */ for (i = 0; i < s->store_count; i++) { if (rule->table.t == s->store[i].table) break; @@ -748,6 +755,7 @@ struct proxy *px = s->be; struct sticking_rule *rule; int i; + int nbreq = s->store_count; DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bl=%d analysers=%02x\n", now_ms, __FUNCTION__, @@ -760,17 +768,26 @@ list_for_each_entry(rule, &px->storersp_rules, list) { int ret = 1 ; - int storereqidx = -1; - for (i = 0; i < s->store_count; i++) { - if (rule->table.t == s->store[i].table) { - if (!(s->store[i].flags)) - storereqidx = i; + /* Only the first stick store-response of each table is applied + * and other ones are ignored. The purpose is to allow complex + * configurations which look for multiple entries by decreasing + * order of precision and to stop at the first which matches. + * An example could be a store of a set-cookie value, with a + * fallback to a parameter found in a 302 redirect. + * + * The store-response rules are not allowed to override the + * store-request rules for the same table, but they may coexist. + * Thus we can have up to one store-request entry and one store- + * response entry for the same table at any time. + */ + for (i = nbreq; i < s->store_count; i++) { + if (rule->table.t == s->store[i].table) break; - } } - if ((i != s->store_count) && (storereqidx == -1)) + /* skip existing entries for this table */ + if (i < s->store_count) continue; if (rule->cond) { @@ -787,17 +804,12 @@ if (!key) continue; - if (storereqidx != -1) { - stksess_key(s->store[storereqidx].table, s->store[storereqidx].ts, key); - s->store[storereqidx].flags = 1; - } - else if (s->store_count < (sizeof(s->store) / sizeof(s->store[0]))) { + if (s->store_count < (sizeof(s->store) / sizeof(s->store[0]))) { struct stksess *ts; ts = stksess_new(rule->table.t, key); if (ts) { s->store[s->store_count].table = rule->table.t; - s->store[s->store_count].flags = 1; s->store[s->store_count++].ts = ts; } } @@ -1370,8 +1382,11 @@ buffer_shutw_now(s->req); /* shutdown(write) pending */ - if (unlikely((s->req->flags & (BF_SHUTW|BF_SHUTW_NOW|BF_OUT_EMPTY)) == (BF_SHUTW_NOW|BF_OUT_EMPTY))) + if (unlikely((s->req->flags & (BF_SHUTW|BF_SHUTW_NOW|BF_OUT_EMPTY)) == (BF_SHUTW_NOW|BF_OUT_EMPTY))) { + if (s->req->flags & BF_READ_ERROR) + s->req->cons->flags |= SI_FL_NOLINGER; s->req->cons->shutw(s->req->cons); + } /* shutdown(write) done on server side, we must stop the client too */ if (unlikely((s->req->flags & (BF_SHUTW|BF_SHUTR|BF_SHUTR_NOW)) == BF_SHUTW && @@ -1428,9 +1443,9 @@ /* Now we can add the server name to a header (if requested) */ /* check for HTTP mode and proxy server_name_hdr_name != NULL */ if ((s->flags & SN_BE_ASSIGNED) && - (s->be->mode == PR_MODE_HTTP) && - (s->be->server_id_hdr_name != NULL)) { - + (s->be->mode == PR_MODE_HTTP) && + (s->be->server_id_hdr_name != NULL) && + (s->srv)) { http_send_name_header(&s->txn, &s->txn.req, s->req, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.4.24/src/stream_sock.c new/haproxy-1.4.25/src/stream_sock.c --- old/haproxy-1.4.24/src/stream_sock.c 2013-06-17 15:28:14.000000000 +0200 +++ new/haproxy-1.4.25/src/stream_sock.c 2014-03-27 21:47:43.000000000 +0100 @@ -452,7 +452,7 @@ /* connection closed */ goto out_shutdown_r; } - else if (errno == EAGAIN) { + else if (errno == EAGAIN || errno == ENOTCONN) { /* Ignore EAGAIN but inform the poller that there is * nothing to read left if we did not read much, ie * less than what we were still expecting to read. @@ -669,7 +669,7 @@ if (--write_poll <= 0) break; } - else if (ret == 0 || errno == EAGAIN) { + else if (ret == 0 || errno == EAGAIN || errno == ENOTCONN) { /* nothing written, we need to poll for write first */ retval = 0; break; -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org