Bug 1124068 - haproxy update to 1.5 in F20 is not safe
Summary: haproxy update to 1.5 in F20 is not safe
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: haproxy
Version: 20
Hardware: All
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Ryan O'Hara
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-07-28 22:32 UTC by David Strauss
Modified: 2014-08-04 15:10 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-08-04 15:10:51 UTC


Attachments (Terms of Use)

Description David Strauss 2014-07-28 22:32:10 UTC
Syntax changes to haproxy 1.5 render valid 1.4 configurations unusable. This sort of package update should not happen in stable Fedora releases.

Comment 1 Ryan O'Hara 2014-08-01 15:57:00 UTC
Just curious, what exactly makes the configuration unusable?

If you want to stay on haproxy 1.4, could you use 'yum downgrade' and yum-versionlock to avoid updates to 1.5?

Comment 2 David Strauss 2014-08-01 17:43:10 UTC
> Just curious, what exactly makes the configuration unusable?

There were two issues we noticed:
 * Two frontend/listen blocks with the same name but on different interfaces breaks 1.5. This is probably understandable as a bug fix, but it does make configuration stricter.
 * acl too_many avg_queue(<backend>) gt (and other options) used to have the backend as an optional argument, but it's now required in 1.5, even for listen blockss with a single backend.

> If you want to stay on haproxy 1.4, could you use 'yum downgrade' and yum-versionlock to avoid updates to 1.5?

We've already updated our configuration to be 1.5-compatible. Even if we didn't, "yum downgrade" would only be a stopgap, as we wouldn't be able to get security updates.

Comment 3 David Strauss 2014-08-01 17:45:41 UTC
As a side note, 1.5 has been a major release *four years* in the making. Don't you think it would be reasonable to wait for that to go into the next Fedora release and not spring it on current users?


Note You need to log in before you can comment on or make changes to this bug.