Train Series Release Notes

18.0.0.0b1-62

New Features

  • If Horizon dashboard of OSA installation has a public FQDN, is it now possible to use LetsEncrypt certification service. Certificate will be generated within HAProxy installation and a cron entry to renew the certificate daily will be setup. Note that there is no certificate distribution implementation at this time, so this will only work for a single haproxy-server environment.

Security Issues

  • The default TLS version has been set to force-tlsv12. This only allows version 1.2 of the protocol to be used when terminating or creating TLS connections. You can change the value with the haproxy_ssl_bind_options variable.

17.0.0.0b3

New Features

  • HAProxy services that use backend nodes that are not in the Ansible inventory can now be specified manually by setting haproxy_backend_nodes to a list of name and ip_addr settings.

  • Deployers can set a refresh interval for haproxy’s stats page by setting the haproxy_stats_refresh_interval variable. The default value is 60, which causes haproxy to refresh the stats page every 60 seconds.

17.0.0.0b1

Upgrade Notes

  • The following variables have been removed from the haproxy_server role as they are no longer necessary or used. - haproxy_repo - haproxy_gpg_keys - haproxy_required_distro_packages

16.0.0.0b2

New Features

  • The new option haproxy_backend_arguments can be utilized to add arbitrary options to a HAProxy backend like tcp-check or http-check.

16.0.0.0b1

New Features

  • Haproxy-server role allows to set up tunable parameters. For doing that it is necessary to set up a dictionary of options in the config files, mentioning those which have to be changed (defaults for the remaining ones are programmed in the template). Also “maxconn” global option made to be tunable.

Upgrade Notes

  • The haproxy_bufsize variable has been removed and made a part of the haproxy_tuning_params dictionary.

15.0.0.0b1

Bug Fixes

  • SSLv3 is now disabled in the haproxy daemon configuration by default.

  • Setting the haproxy_bind list on a service is now used as an override to the other VIPs defined in the environment. Previously it was being treated as an append to the other VIPs so there was no path to override the VIP binds for a service. For example, haproxy_bind could be used to bind a service to the internal VIP only.

  • The haproxy daemon is now able to bind to any port on CentOS 7. The haproxy_connect_any SELinux boolean is now set to on.

14.0.0.0b3

Upgrade Notes

  • The variable haproxy_pre_packages has been renamed to haproxy_required_distro_packages.

  • The variable haproxy_packages has been renamed to haproxy_distro_packages.