2013-10-15 10:42:00 +02:00
|
|
|
#
|
|
|
|
|
# spec file for package haproxy
|
|
|
|
|
#
|
2019-09-19 13:49:19 +02:00
|
|
|
# Copyright (c) 2019 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
2013-10-15 10:42:00 +02:00
|
|
|
#
|
|
|
|
|
# All modifications and additions to the file contributed by third parties
|
|
|
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
|
|
|
# upon. The license for this file, and modifications and additions to the
|
|
|
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
|
|
|
# license for the pristine package is not an Open Source License, in which
|
|
|
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
|
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
|
|
|
# published by the Open Source Initiative.
|
|
|
|
|
|
|
|
|
|
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
2014-06-25 15:24:23 +02:00
|
|
|
%if 0%{?suse_version} >= 1230
|
|
|
|
|
%bcond_without tcp_fast_open
|
2018-09-20 14:51:25 +02:00
|
|
|
%bcond_without network_namespace
|
2014-06-25 15:24:23 +02:00
|
|
|
%else
|
|
|
|
|
%bcond_with tcp_fast_open
|
2018-09-20 14:51:25 +02:00
|
|
|
%bcond_with network_namespace
|
2014-06-25 15:24:23 +02:00
|
|
|
%endif
|
2013-12-18 16:53:39 +01:00
|
|
|
|
2015-10-15 11:38:17 +02:00
|
|
|
%if 0%{?suse_version} > 1320
|
|
|
|
|
%bcond_without lua
|
|
|
|
|
%else
|
2017-11-27 16:03:06 +01:00
|
|
|
%bcond_with lua
|
2015-10-15 11:38:17 +02:00
|
|
|
%endif
|
|
|
|
|
|
2014-06-25 15:24:23 +02:00
|
|
|
%if 0%{?suse_version} >= 1310
|
|
|
|
|
%bcond_without systemd
|
|
|
|
|
%else
|
|
|
|
|
%bcond_with systemd
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
%if 0%{?suse_version} > 1140
|
|
|
|
|
%bcond_without pcre_jit
|
|
|
|
|
%else
|
|
|
|
|
%bcond_with pcre_jit
|
|
|
|
|
%endif
|
2018-09-20 14:51:25 +02:00
|
|
|
|
2014-06-25 15:24:23 +02:00
|
|
|
%bcond_without apparmor
|
2018-09-20 14:51:25 +02:00
|
|
|
%if 0%{?suse_version} > 1320
|
|
|
|
|
%bcond_without apparmor_reload
|
|
|
|
|
%else
|
|
|
|
|
%bcond_with apparmor_reload
|
|
|
|
|
%endif
|
2013-10-15 10:42:00 +02:00
|
|
|
|
2020-02-16 09:10:04 +01:00
|
|
|
%if 0%{?suse_version} >= 1500
|
|
|
|
|
%bcond_without sysusers
|
|
|
|
|
%else
|
|
|
|
|
%bcond_with sysusers
|
|
|
|
|
%endif
|
|
|
|
|
|
2013-10-15 10:42:00 +02:00
|
|
|
Name: haproxy
|
2021-04-23 22:36:22 +02:00
|
|
|
Version: 2.3.10+git0.4764f0e4e
|
2013-10-15 10:42:00 +02:00
|
|
|
Release: 0
|
|
|
|
|
#
|
|
|
|
|
#
|
2013-12-18 16:53:39 +01:00
|
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
2015-11-21 02:15:34 +01:00
|
|
|
%if %{with apparmor}
|
2018-08-22 05:07:29 +02:00
|
|
|
%if 0%{?suse_version} <= 1315
|
2015-11-21 02:15:34 +01:00
|
|
|
BuildRequires: apparmor-profiles
|
2019-09-19 13:49:19 +02:00
|
|
|
Recommends: apparmor-profiles
|
2018-08-22 05:07:29 +02:00
|
|
|
%else
|
|
|
|
|
BuildRequires: apparmor-abstractions
|
2019-09-19 13:49:19 +02:00
|
|
|
Recommends: apparmor-abstractions
|
2018-08-22 05:07:29 +02:00
|
|
|
%endif
|
2018-09-20 14:51:25 +02:00
|
|
|
%if %{with apparmor_reload}
|
2017-11-27 16:03:06 +01:00
|
|
|
BuildRequires: apparmor-rpm-macros
|
|
|
|
|
%endif
|
2015-11-21 02:15:34 +01:00
|
|
|
%endif
|
2013-10-29 09:25:21 +01:00
|
|
|
BuildRequires: libgcrypt-devel
|
2015-10-15 11:38:17 +02:00
|
|
|
%if %{with lua}
|
|
|
|
|
BuildRequires: lua-devel >= 5.3
|
|
|
|
|
%endif
|
2013-12-18 16:53:39 +01:00
|
|
|
BuildRequires: pcre-devel
|
2014-06-25 15:24:23 +02:00
|
|
|
BuildRequires: zlib-devel
|
|
|
|
|
BuildRequires: openssl-devel
|
|
|
|
|
BuildRequires: pkg-config
|
|
|
|
|
%if %{with systemd}
|
|
|
|
|
BuildRequires: pkgconfig(systemd)
|
2017-11-27 16:03:06 +01:00
|
|
|
BuildRequires: pkgconfig(libsystemd)
|
2020-02-16 09:10:04 +01:00
|
|
|
%if %{with sysusers}
|
|
|
|
|
BuildRequires: sysuser-shadow
|
|
|
|
|
BuildRequires: sysuser-tools
|
|
|
|
|
%endif
|
2014-06-25 15:24:23 +02:00
|
|
|
%endif
|
|
|
|
|
BuildRequires: vim
|
2013-10-15 10:42:00 +02:00
|
|
|
%define pkg_name haproxy
|
|
|
|
|
%define pkg_home /var/lib/%{pkg_name}
|
|
|
|
|
#
|
2014-07-21 21:40:10 +02:00
|
|
|
Url: http://www.haproxy.org/
|
2018-02-08 14:29:47 +01:00
|
|
|
# source URL in _service file
|
|
|
|
|
Source: haproxy-%{version}.tar.gz
|
2013-12-18 16:53:39 +01:00
|
|
|
Source1: %{pkg_name}.init
|
2015-10-15 11:38:17 +02:00
|
|
|
Source2: usr.sbin.haproxy.apparmor
|
|
|
|
|
Source3: local.usr.sbin.haproxy.apparmor
|
|
|
|
|
Source4: haproxy.cfg
|
2020-02-16 09:10:04 +01:00
|
|
|
Source5: haproxy-user.conf
|
2015-10-15 11:38:17 +02:00
|
|
|
Patch1: haproxy-1.6.0_config_haproxy_user.patch
|
|
|
|
|
Patch2: haproxy-1.6.0-makefile_lib.patch
|
|
|
|
|
Patch3: haproxy-1.6.0-sec-options.patch
|
2021-02-03 16:00:09 +01:00
|
|
|
Patch4: lua54.patch
|
2015-01-08 23:02:32 +01:00
|
|
|
#
|
2020-07-07 17:27:17 +02:00
|
|
|
Source98: series
|
2013-10-15 10:42:00 +02:00
|
|
|
Source99: haproxy-rpmlintrc
|
|
|
|
|
#
|
|
|
|
|
Summary: The Reliable, High Performance TCP/HTTP Load Balancer
|
2017-11-28 14:55:11 +01:00
|
|
|
License: GPL-3.0+ and LGPL-2.1+
|
2013-12-18 16:53:39 +01:00
|
|
|
Group: Productivity/Networking/Web/Proxy
|
2013-10-15 10:42:00 +02:00
|
|
|
Provides: %{name}-doc = %{version}
|
|
|
|
|
Obsoletes: %{name}-doc < %{version}
|
2014-06-25 15:24:23 +02:00
|
|
|
Provides: haproxy-1.5 = %{version}
|
|
|
|
|
Obsoletes: haproxy-1.5 < %{version}
|
|
|
|
|
%if %{with systemd}
|
2020-02-16 09:10:04 +01:00
|
|
|
%{?systemd_ordering}
|
|
|
|
|
%if %{with sysusers}
|
|
|
|
|
%sysusers_requires
|
|
|
|
|
%endif
|
2013-12-18 16:53:39 +01:00
|
|
|
%endif
|
2014-06-25 15:24:23 +02:00
|
|
|
%{!?vim_data_dir:%global vim_data_dir /usr/share/vim/%(readlink /usr/share/vim/current)}
|
2013-10-15 10:42:00 +02:00
|
|
|
|
|
|
|
|
%description
|
|
|
|
|
HAProxy implements an event-driven, mono-process model which enables support
|
|
|
|
|
for very high number of simultaneous connections at very high speeds.
|
|
|
|
|
Multi-process or multi-threaded models can rarely cope with thousands of
|
|
|
|
|
connections because of memory limits, system scheduler limits, and lock
|
|
|
|
|
contention everywhere. Event-driven models do not have these problems because
|
|
|
|
|
implementing all the tasks in user-space allows a finer resource and time
|
|
|
|
|
management. The down side is that those programs generally don't scale well on
|
|
|
|
|
multi-processor systems. That's the reason why they must be optimized to get
|
|
|
|
|
the most work done from every CPU cycle.
|
|
|
|
|
|
|
|
|
|
%prep
|
|
|
|
|
%setup -q
|
2015-10-15 11:38:17 +02:00
|
|
|
%patch1 -p1
|
Accepting request 710358 from home:KGronlund:branches:server:http
- Update to version 2.0.0~git0.ba23630a:
- new internal native HTTP representation called HTX, was already in 1.9
and is now enabled by default in 2.0 ;
- end-to-end HTTP/2 support including trailers and continuation frames,
as needed for gRPC ; HTTP/2 may also be upgraded from HTTP/1.1 using
the H2 preface;
- server connection pooling and more advanced reuse, with ALPN protocol
negotiation (already in 1.9) ;
- layer 7 retries, allowing to use 0-RTT and TCP Fast Open to the servers
as well as on the frontend ;
- much more scalable multi-threading, which is even enabled by default on
platforms where it was successfully tested ; by default, as many threads
are started as the number of CPUs haproxy is allowed to run on. This
removes a lot of configuration burden in VMs and containers ;
- automatic maxconn setting for the process and the frontends, directly
based on the number of available FDs (easier configuration in containers
and with systemd) ;
- logging to stdout for use in containers and systemd (already in 1.9).
Logs can now provide micro-second resolution for some events ;
- peers now support SSL, declaration of multiple stick-tables directly in
the peers section, and synchronization of server names, not just IDs ;
- In master-worker mode, the master process now exposes its own CLI and
can communicate with all other processes (including the stopping ones),
even allowing to connect to their CLI and check their state. It is also
possible to start some sidecar programs and monitor them from the master,
and the master can automatically kill old processes that survived too
many reloads ;
- the incoming connections are load-balanced between all threads depending
on their load to minimize the processing time and maximize the capacity
(already in 1.9) ;
- the SPOE connection load-balancing was significantly improved in order
to reduce high percentiles of SPOA response time (already in 1.9) ;
- the "random" load balancing algorithm and a power-of-two-choices variant
were introduced ;
- statistics improvements with per-thread counters for certain things, and
a prometheus exporter for all our statistics;
- lots of debugging help, it's easier to produce a core dump, there are
new commands on the CLI to control various things, there is a watchdog
to fail cleanly when a thread deadlock or a spinning task are detected,
so overall it should provide a better experience in field and less
round trips between users and developers (hence less stress during an
incident).
- all 3 device detection engines are now compatible with multi-threading
and can be build-tested without any external dependencies ;
- "do-resolve" http-request action to perform a DNS resolution on any,
sample, and resolvers now support relying on /etc/resolv.conf to match
the local resolver ;
- log sampling and balancing : it's now possible to send 1 log every 10
to a server, or to spread the logging load over multiple log servers;
- a new SPOA agent (spoa_server) allows to interface haproxy with Python
and Lua programs ;
- support for Solaris' event ports (equivalent of kqueue or epoll) which
will significantly improve the performance there when dealing with
numerous connections ;
- some warnings are now reported for some deprecated options that will
be removed in 2.1. Since 2.0 is long term supported, there's no
emergency to convert them, however if you see these warnings, you
need to understand that you're among their extremely rare users and
just because of this you may be taking risks by keeping them ;
- A new SOCKS4 server-side layer was provided ; it allows outgoing
connections to be forwarded through a SOCKS4 proxy (such as ssh -D).
- priority- and latency- aware server queues : it is possible now to
assign priorities to certain requests and/or to give them a time
bonus or penalty to refine control of the traffic and be able to
engage on SLAs.
- internally the architecture was significantly redesigned to allow to
further improve performance and make it easier to implement protocols
that span over multiple layers (such as QUIC). This work started in
1.9 and will continue with 2.1.
- the I/O, applets and tasks now share the same multi-threaded scheduler,
giving a much better responsiveness and fairness between all tasks as
is visible with the CLI which always responds instantly even under
extreme loads (started in 1.9) ;
- the internal buffers were redesigned to ease zero-copy operations, so
that it is possible to sustain a high bandwidth even when forwarding
HTTP/1 to/from HTTP/2 (already in 1.9) ;
OBS-URL: https://build.opensuse.org/request/show/710358
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=182
2019-06-17 19:09:24 +02:00
|
|
|
%patch2 -p1
|
|
|
|
|
%patch3 -p1
|
2021-02-03 16:00:09 +01:00
|
|
|
%patch4 -p1
|
2013-10-15 10:42:00 +02:00
|
|
|
|
|
|
|
|
%build
|
2020-10-02 16:39:10 +02:00
|
|
|
make %{?_smp_mflags} \
|
Accepting request 710358 from home:KGronlund:branches:server:http
- Update to version 2.0.0~git0.ba23630a:
- new internal native HTTP representation called HTX, was already in 1.9
and is now enabled by default in 2.0 ;
- end-to-end HTTP/2 support including trailers and continuation frames,
as needed for gRPC ; HTTP/2 may also be upgraded from HTTP/1.1 using
the H2 preface;
- server connection pooling and more advanced reuse, with ALPN protocol
negotiation (already in 1.9) ;
- layer 7 retries, allowing to use 0-RTT and TCP Fast Open to the servers
as well as on the frontend ;
- much more scalable multi-threading, which is even enabled by default on
platforms where it was successfully tested ; by default, as many threads
are started as the number of CPUs haproxy is allowed to run on. This
removes a lot of configuration burden in VMs and containers ;
- automatic maxconn setting for the process and the frontends, directly
based on the number of available FDs (easier configuration in containers
and with systemd) ;
- logging to stdout for use in containers and systemd (already in 1.9).
Logs can now provide micro-second resolution for some events ;
- peers now support SSL, declaration of multiple stick-tables directly in
the peers section, and synchronization of server names, not just IDs ;
- In master-worker mode, the master process now exposes its own CLI and
can communicate with all other processes (including the stopping ones),
even allowing to connect to their CLI and check their state. It is also
possible to start some sidecar programs and monitor them from the master,
and the master can automatically kill old processes that survived too
many reloads ;
- the incoming connections are load-balanced between all threads depending
on their load to minimize the processing time and maximize the capacity
(already in 1.9) ;
- the SPOE connection load-balancing was significantly improved in order
to reduce high percentiles of SPOA response time (already in 1.9) ;
- the "random" load balancing algorithm and a power-of-two-choices variant
were introduced ;
- statistics improvements with per-thread counters for certain things, and
a prometheus exporter for all our statistics;
- lots of debugging help, it's easier to produce a core dump, there are
new commands on the CLI to control various things, there is a watchdog
to fail cleanly when a thread deadlock or a spinning task are detected,
so overall it should provide a better experience in field and less
round trips between users and developers (hence less stress during an
incident).
- all 3 device detection engines are now compatible with multi-threading
and can be build-tested without any external dependencies ;
- "do-resolve" http-request action to perform a DNS resolution on any,
sample, and resolvers now support relying on /etc/resolv.conf to match
the local resolver ;
- log sampling and balancing : it's now possible to send 1 log every 10
to a server, or to spread the logging load over multiple log servers;
- a new SPOA agent (spoa_server) allows to interface haproxy with Python
and Lua programs ;
- support for Solaris' event ports (equivalent of kqueue or epoll) which
will significantly improve the performance there when dealing with
numerous connections ;
- some warnings are now reported for some deprecated options that will
be removed in 2.1. Since 2.0 is long term supported, there's no
emergency to convert them, however if you see these warnings, you
need to understand that you're among their extremely rare users and
just because of this you may be taking risks by keeping them ;
- A new SOCKS4 server-side layer was provided ; it allows outgoing
connections to be forwarded through a SOCKS4 proxy (such as ssh -D).
- priority- and latency- aware server queues : it is possible now to
assign priorities to certain requests and/or to give them a time
bonus or penalty to refine control of the traffic and be able to
engage on SLAs.
- internally the architecture was significantly redesigned to allow to
further improve performance and make it easier to implement protocols
that span over multiple layers (such as QUIC). This work started in
1.9 and will continue with 2.1.
- the I/O, applets and tasks now share the same multi-threaded scheduler,
giving a much better responsiveness and fairness between all tasks as
is visible with the CLI which always responds instantly even under
extreme loads (started in 1.9) ;
- the internal buffers were redesigned to ease zero-copy operations, so
that it is possible to sustain a high bandwidth even when forwarding
HTTP/1 to/from HTTP/2 (already in 1.9) ;
OBS-URL: https://build.opensuse.org/request/show/710358
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=182
2019-06-17 19:09:24 +02:00
|
|
|
TARGET=linux-glibc \
|
2013-10-15 10:42:00 +02:00
|
|
|
CPU="%{_target_cpu}" \
|
|
|
|
|
USE_PCRE=1 \
|
2014-06-25 15:24:23 +02:00
|
|
|
%if %{with pcre_jit}
|
|
|
|
|
USE_PCRE_JIT=1 \
|
|
|
|
|
%endif
|
2017-11-27 16:03:06 +01:00
|
|
|
USE_PTHREAD_PSHARED=1 \
|
2014-06-25 15:24:23 +02:00
|
|
|
%ifarch %ix86
|
|
|
|
|
USE_REGPARM=1 \
|
|
|
|
|
%endif
|
2017-11-27 16:03:06 +01:00
|
|
|
USE_GETADDRINFO=1 \
|
|
|
|
|
USE_OPENSSL=1 \
|
2015-10-15 11:38:17 +02:00
|
|
|
%if %{with lua}
|
|
|
|
|
USE_LUA=1 \
|
|
|
|
|
%endif
|
2017-11-27 16:03:06 +01:00
|
|
|
USE_ZLIB=1 \
|
2015-10-15 11:38:17 +02:00
|
|
|
%if %{with tcp_fast_open}
|
2014-06-25 15:24:23 +02:00
|
|
|
USE_TFO=1 \
|
2015-10-15 11:38:17 +02:00
|
|
|
%endif
|
2015-10-16 01:25:07 +02:00
|
|
|
%if %{with network_namespace}
|
2015-10-15 11:38:17 +02:00
|
|
|
USE_NS=1 \
|
2015-10-16 01:25:07 +02:00
|
|
|
%endif
|
2018-09-20 14:51:25 +02:00
|
|
|
%if %{with systemd}
|
2017-11-27 16:03:06 +01:00
|
|
|
USE_SYSTEMD=1 \
|
2018-09-20 14:51:25 +02:00
|
|
|
%endif
|
2017-11-27 16:03:06 +01:00
|
|
|
USE_PIE=1 \
|
|
|
|
|
USE_STACKPROTECTOR=1 \
|
|
|
|
|
USE_RELRO_NOW=1 \
|
2013-10-15 10:42:00 +02:00
|
|
|
LIB="%{_lib}" \
|
2014-06-25 15:24:23 +02:00
|
|
|
PREFIX="%{_prefix}" \
|
2019-08-20 17:07:03 +02:00
|
|
|
EXTRA_OBJS="contrib/prometheus-exporter/service-prometheus.o" \
|
2019-08-20 16:06:00 +02:00
|
|
|
DEBUG_CFLAGS="%{optflags}" V=1
|
2018-09-20 14:51:25 +02:00
|
|
|
%if %{with systemd}
|
2014-06-25 15:24:23 +02:00
|
|
|
make -C contrib/systemd PREFIX="%{_prefix}"
|
2020-02-16 09:10:04 +01:00
|
|
|
%if %{with sysusers}
|
|
|
|
|
%sysusers_generate_pre %{SOURCE5} haproxy
|
|
|
|
|
%endif
|
2018-09-20 14:51:25 +02:00
|
|
|
%endif
|
2014-06-25 15:24:23 +02:00
|
|
|
make -C contrib/halog PREFIX="%{_prefix}" \
|
|
|
|
|
DEFINE="%{optflags} -pie -fpie -fstack-protector -Wl,-z,relro,-z,now"
|
2013-12-18 16:53:39 +01:00
|
|
|
|
2013-10-15 10:42:00 +02:00
|
|
|
%install
|
2015-10-15 11:38:17 +02:00
|
|
|
install -D -m 0755 %{pkg_name} %{buildroot}%{_sbindir}/%{pkg_name}
|
|
|
|
|
install -d -m 0750 %{buildroot}%{_sysconfdir}/%{pkg_name}/
|
|
|
|
|
install -m 0640 %{S:4} %{buildroot}%{_sysconfdir}/%{pkg_name}/%{pkg_name}.cfg
|
|
|
|
|
|
|
|
|
|
install -D -m 0755 contrib/halog/halog %{buildroot}%{_sbindir}/haproxy-halog
|
2013-12-18 16:53:39 +01:00
|
|
|
|
2014-06-25 15:24:23 +02:00
|
|
|
%if %{with systemd}
|
2015-10-15 11:38:17 +02:00
|
|
|
install -D -m 0644 contrib/systemd/%{pkg_name}.service %{buildroot}%{_unitdir}/%{pkg_name}.service
|
2013-10-29 09:25:21 +01:00
|
|
|
ln -sf /sbin/service %{buildroot}%{_sbindir}/rc%{pkg_name}
|
2020-02-16 09:10:04 +01:00
|
|
|
%if %{with sysusers}
|
|
|
|
|
install -D -m 644 %{SOURCE5} %{buildroot}%{_sysusersdir}/haproxy-user.conf
|
|
|
|
|
%endif
|
2013-12-18 16:53:39 +01:00
|
|
|
%else
|
2015-10-15 11:38:17 +02:00
|
|
|
install -D -m 0755 %{S:1} %{buildroot}%{_sysconfdir}/init.d/%{pkg_name}
|
2018-03-07 06:58:33 +01:00
|
|
|
ln -fs %{_sysconfdir}/init.d/%{pkg_name} %{buildroot}%{_sbindir}/rc%{pkg_name}
|
2013-12-18 16:53:39 +01:00
|
|
|
%endif
|
|
|
|
|
|
2018-03-04 08:09:23 +01:00
|
|
|
install -d -m 0750 %{buildroot}%{pkg_home}
|
Accepting request 710358 from home:KGronlund:branches:server:http
- Update to version 2.0.0~git0.ba23630a:
- new internal native HTTP representation called HTX, was already in 1.9
and is now enabled by default in 2.0 ;
- end-to-end HTTP/2 support including trailers and continuation frames,
as needed for gRPC ; HTTP/2 may also be upgraded from HTTP/1.1 using
the H2 preface;
- server connection pooling and more advanced reuse, with ALPN protocol
negotiation (already in 1.9) ;
- layer 7 retries, allowing to use 0-RTT and TCP Fast Open to the servers
as well as on the frontend ;
- much more scalable multi-threading, which is even enabled by default on
platforms where it was successfully tested ; by default, as many threads
are started as the number of CPUs haproxy is allowed to run on. This
removes a lot of configuration burden in VMs and containers ;
- automatic maxconn setting for the process and the frontends, directly
based on the number of available FDs (easier configuration in containers
and with systemd) ;
- logging to stdout for use in containers and systemd (already in 1.9).
Logs can now provide micro-second resolution for some events ;
- peers now support SSL, declaration of multiple stick-tables directly in
the peers section, and synchronization of server names, not just IDs ;
- In master-worker mode, the master process now exposes its own CLI and
can communicate with all other processes (including the stopping ones),
even allowing to connect to their CLI and check their state. It is also
possible to start some sidecar programs and monitor them from the master,
and the master can automatically kill old processes that survived too
many reloads ;
- the incoming connections are load-balanced between all threads depending
on their load to minimize the processing time and maximize the capacity
(already in 1.9) ;
- the SPOE connection load-balancing was significantly improved in order
to reduce high percentiles of SPOA response time (already in 1.9) ;
- the "random" load balancing algorithm and a power-of-two-choices variant
were introduced ;
- statistics improvements with per-thread counters for certain things, and
a prometheus exporter for all our statistics;
- lots of debugging help, it's easier to produce a core dump, there are
new commands on the CLI to control various things, there is a watchdog
to fail cleanly when a thread deadlock or a spinning task are detected,
so overall it should provide a better experience in field and less
round trips between users and developers (hence less stress during an
incident).
- all 3 device detection engines are now compatible with multi-threading
and can be build-tested without any external dependencies ;
- "do-resolve" http-request action to perform a DNS resolution on any,
sample, and resolvers now support relying on /etc/resolv.conf to match
the local resolver ;
- log sampling and balancing : it's now possible to send 1 log every 10
to a server, or to spread the logging load over multiple log servers;
- a new SPOA agent (spoa_server) allows to interface haproxy with Python
and Lua programs ;
- support for Solaris' event ports (equivalent of kqueue or epoll) which
will significantly improve the performance there when dealing with
numerous connections ;
- some warnings are now reported for some deprecated options that will
be removed in 2.1. Since 2.0 is long term supported, there's no
emergency to convert them, however if you see these warnings, you
need to understand that you're among their extremely rare users and
just because of this you may be taking risks by keeping them ;
- A new SOCKS4 server-side layer was provided ; it allows outgoing
connections to be forwarded through a SOCKS4 proxy (such as ssh -D).
- priority- and latency- aware server queues : it is possible now to
assign priorities to certain requests and/or to give them a time
bonus or penalty to refine control of the traffic and be able to
engage on SLAs.
- internally the architecture was significantly redesigned to allow to
further improve performance and make it easier to implement protocols
that span over multiple layers (such as QUIC). This work started in
1.9 and will continue with 2.1.
- the I/O, applets and tasks now share the same multi-threaded scheduler,
giving a much better responsiveness and fairness between all tasks as
is visible with the CLI which always responds instantly even under
extreme loads (started in 1.9) ;
- the internal buffers were redesigned to ease zero-copy operations, so
that it is possible to sustain a high bandwidth even when forwarding
HTTP/1 to/from HTTP/2 (already in 1.9) ;
OBS-URL: https://build.opensuse.org/request/show/710358
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=182
2019-06-17 19:09:24 +02:00
|
|
|
install -D -m 0644 contrib/syntax-highlight/haproxy.vim %{buildroot}%{vim_data_dir}/syntax/%{pkg_name}.vim
|
2015-10-15 11:38:17 +02:00
|
|
|
install -D -m 0644 doc/%{pkg_name}.1 %{buildroot}%{_mandir}/man1/%{pkg_name}.1
|
2014-06-25 15:24:23 +02:00
|
|
|
%if %{with apparmor}
|
2015-10-15 11:38:17 +02:00
|
|
|
install -D -m 0644 %{S:2} %{buildroot}/etc/apparmor.d/usr.sbin.haproxy
|
2020-10-24 03:23:11 +02:00
|
|
|
install -D -m 0644 %{S:3} %{buildroot}/etc/apparmor.d/local/haproxy
|
2015-10-15 11:38:17 +02:00
|
|
|
install -D -m 0644 %{S:3} %{buildroot}/etc/apparmor.d/local/usr.sbin.haproxy
|
2014-06-25 15:24:23 +02:00
|
|
|
%endif
|
|
|
|
|
|
Accepting request 710358 from home:KGronlund:branches:server:http
- Update to version 2.0.0~git0.ba23630a:
- new internal native HTTP representation called HTX, was already in 1.9
and is now enabled by default in 2.0 ;
- end-to-end HTTP/2 support including trailers and continuation frames,
as needed for gRPC ; HTTP/2 may also be upgraded from HTTP/1.1 using
the H2 preface;
- server connection pooling and more advanced reuse, with ALPN protocol
negotiation (already in 1.9) ;
- layer 7 retries, allowing to use 0-RTT and TCP Fast Open to the servers
as well as on the frontend ;
- much more scalable multi-threading, which is even enabled by default on
platforms where it was successfully tested ; by default, as many threads
are started as the number of CPUs haproxy is allowed to run on. This
removes a lot of configuration burden in VMs and containers ;
- automatic maxconn setting for the process and the frontends, directly
based on the number of available FDs (easier configuration in containers
and with systemd) ;
- logging to stdout for use in containers and systemd (already in 1.9).
Logs can now provide micro-second resolution for some events ;
- peers now support SSL, declaration of multiple stick-tables directly in
the peers section, and synchronization of server names, not just IDs ;
- In master-worker mode, the master process now exposes its own CLI and
can communicate with all other processes (including the stopping ones),
even allowing to connect to their CLI and check their state. It is also
possible to start some sidecar programs and monitor them from the master,
and the master can automatically kill old processes that survived too
many reloads ;
- the incoming connections are load-balanced between all threads depending
on their load to minimize the processing time and maximize the capacity
(already in 1.9) ;
- the SPOE connection load-balancing was significantly improved in order
to reduce high percentiles of SPOA response time (already in 1.9) ;
- the "random" load balancing algorithm and a power-of-two-choices variant
were introduced ;
- statistics improvements with per-thread counters for certain things, and
a prometheus exporter for all our statistics;
- lots of debugging help, it's easier to produce a core dump, there are
new commands on the CLI to control various things, there is a watchdog
to fail cleanly when a thread deadlock or a spinning task are detected,
so overall it should provide a better experience in field and less
round trips between users and developers (hence less stress during an
incident).
- all 3 device detection engines are now compatible with multi-threading
and can be build-tested without any external dependencies ;
- "do-resolve" http-request action to perform a DNS resolution on any,
sample, and resolvers now support relying on /etc/resolv.conf to match
the local resolver ;
- log sampling and balancing : it's now possible to send 1 log every 10
to a server, or to spread the logging load over multiple log servers;
- a new SPOA agent (spoa_server) allows to interface haproxy with Python
and Lua programs ;
- support for Solaris' event ports (equivalent of kqueue or epoll) which
will significantly improve the performance there when dealing with
numerous connections ;
- some warnings are now reported for some deprecated options that will
be removed in 2.1. Since 2.0 is long term supported, there's no
emergency to convert them, however if you see these warnings, you
need to understand that you're among their extremely rare users and
just because of this you may be taking risks by keeping them ;
- A new SOCKS4 server-side layer was provided ; it allows outgoing
connections to be forwarded through a SOCKS4 proxy (such as ssh -D).
- priority- and latency- aware server queues : it is possible now to
assign priorities to certain requests and/or to give them a time
bonus or penalty to refine control of the traffic and be able to
engage on SLAs.
- internally the architecture was significantly redesigned to allow to
further improve performance and make it easier to implement protocols
that span over multiple layers (such as QUIC). This work started in
1.9 and will continue with 2.1.
- the I/O, applets and tasks now share the same multi-threaded scheduler,
giving a much better responsiveness and fairness between all tasks as
is visible with the CLI which always responds instantly even under
extreme loads (started in 1.9) ;
- the internal buffers were redesigned to ease zero-copy operations, so
that it is possible to sustain a high bandwidth even when forwarding
HTTP/1 to/from HTTP/2 (already in 1.9) ;
OBS-URL: https://build.opensuse.org/request/show/710358
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=182
2019-06-17 19:09:24 +02:00
|
|
|
rm examples/*init*
|
2013-10-15 10:42:00 +02:00
|
|
|
|
|
|
|
|
|
2014-06-25 15:24:23 +02:00
|
|
|
%if %{with systemd}
|
2020-02-16 09:10:04 +01:00
|
|
|
%if %{with sysusers}
|
|
|
|
|
%pre -f haproxy.pre
|
|
|
|
|
%else
|
|
|
|
|
%pre
|
|
|
|
|
%endif
|
2014-06-25 15:24:23 +02:00
|
|
|
%service_add_pre %{pkg_name}.service
|
2013-12-18 16:53:39 +01:00
|
|
|
|
2013-10-15 10:42:00 +02:00
|
|
|
%post
|
2018-09-20 15:06:28 +02:00
|
|
|
%if %{with apparmor} && %{with apparmor_reload}
|
2017-11-27 16:03:06 +01:00
|
|
|
%apparmor_reload /etc/apparmor.d/usr.sbin.haproxy
|
|
|
|
|
%endif
|
2013-10-29 09:25:21 +01:00
|
|
|
%service_add_post %{pkg_name}.service
|
2013-10-15 10:42:00 +02:00
|
|
|
|
|
|
|
|
%preun
|
2013-10-29 09:25:21 +01:00
|
|
|
%service_del_preun %{pkg_name}.service
|
2013-10-15 10:42:00 +02:00
|
|
|
|
|
|
|
|
%postun
|
2013-10-29 09:25:21 +01:00
|
|
|
%service_del_postun %{pkg_name}.service
|
2013-10-15 10:42:00 +02:00
|
|
|
|
2013-12-18 16:53:39 +01:00
|
|
|
%else
|
|
|
|
|
|
2020-02-16 09:10:04 +01:00
|
|
|
%pre
|
|
|
|
|
getent group %{pkg_name} >/dev/null || /usr/sbin/groupadd -r %{pkg_name}
|
|
|
|
|
getent passwd %{pkg_name} >/dev/null || \
|
|
|
|
|
/usr/sbin/useradd -g %{pkg_name} -s /bin/false -r \
|
|
|
|
|
-c "user for %{pkg_name}" -d %{pkg_home} %{pkg_name}
|
|
|
|
|
|
2013-12-18 16:53:39 +01:00
|
|
|
%post
|
|
|
|
|
%fillup_and_insserv %{pkg_name}
|
2018-09-20 14:51:25 +02:00
|
|
|
%if %{with apparmor} && %{with apparmor_reload}
|
2017-11-27 16:03:06 +01:00
|
|
|
%apparmor_reload /etc/apparmor.d/usr.sbin.haproxy
|
|
|
|
|
%endif
|
2013-12-18 16:53:39 +01:00
|
|
|
|
|
|
|
|
%preun
|
|
|
|
|
%stop_on_removal %{pkg_name}
|
|
|
|
|
|
|
|
|
|
%postun
|
|
|
|
|
%restart_on_update %{pkg_name}
|
|
|
|
|
%{insserv_cleanup}
|
|
|
|
|
|
|
|
|
|
%endif
|
|
|
|
|
|
2013-10-15 10:42:00 +02:00
|
|
|
%files
|
|
|
|
|
%defattr(-,root,root,-)
|
2019-09-19 13:49:19 +02:00
|
|
|
%license LICENSE
|
|
|
|
|
%doc CHANGELOG README
|
2014-06-25 15:24:23 +02:00
|
|
|
%doc ROADMAP doc/* examples/
|
|
|
|
|
%doc contrib/netsnmp-perl/ contrib/selinux/
|
2015-10-15 11:38:17 +02:00
|
|
|
%dir %attr(-,root,haproxy) %{_sysconfdir}/%{pkg_name}
|
|
|
|
|
%config(noreplace) %attr(-,root,haproxy) %{_sysconfdir}/%{pkg_name}/*
|
2014-06-25 15:24:23 +02:00
|
|
|
%if %{with systemd}
|
2013-10-29 09:25:21 +01:00
|
|
|
%{_unitdir}/%{pkg_name}.service
|
2020-02-16 09:10:04 +01:00
|
|
|
%if %{with sysusers}
|
|
|
|
|
%{_sysusersdir}/haproxy-user.conf
|
|
|
|
|
%endif
|
2013-12-18 16:53:39 +01:00
|
|
|
%else
|
|
|
|
|
%config(noreplace) %{_sysconfdir}/init.d/%{pkg_name}
|
|
|
|
|
%endif
|
2013-10-15 10:42:00 +02:00
|
|
|
%{_sbindir}/haproxy
|
2014-06-25 15:24:23 +02:00
|
|
|
%{_sbindir}/haproxy-halog
|
2013-10-15 10:42:00 +02:00
|
|
|
%{_sbindir}/rchaproxy
|
2018-03-08 20:19:41 +01:00
|
|
|
%dir %attr(-,root,haproxy) %{pkg_home}
|
2014-06-25 15:24:23 +02:00
|
|
|
%{_mandir}/man1/%{pkg_name}.1.gz
|
2020-02-16 09:10:04 +01:00
|
|
|
%dir %{_datadir}/vim
|
|
|
|
|
%dir %{vim_data_dir}
|
|
|
|
|
%dir %{vim_data_dir}/syntax
|
2014-06-25 15:24:23 +02:00
|
|
|
%{vim_data_dir}/syntax/%{pkg_name}.vim
|
|
|
|
|
%if %{with apparmor}
|
2015-11-21 02:36:28 +01:00
|
|
|
%if 0%{?suse_version} == 1110
|
|
|
|
|
%dir /etc/apparmor.d/local/
|
|
|
|
|
%endif
|
2020-10-24 03:23:11 +02:00
|
|
|
%config(noreplace) /etc/apparmor.d/usr.sbin.haproxy
|
|
|
|
|
%config(noreplace) %ghost /etc/apparmor.d/local/haproxy
|
|
|
|
|
%config(noreplace) %ghost /etc/apparmor.d/local/usr.sbin.haproxy
|
2014-06-25 15:24:23 +02:00
|
|
|
%endif
|
2013-10-15 10:42:00 +02:00
|
|
|
|
|
|
|
|
%changelog
|
