)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":1131,"name":"Brian Haley","email":"haleyb.dev@gmail.com","username":"brian-haley"},"change_message_id":"7743a9ae733f86010d8110df42fc7f5bef787eea","unresolved":true,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Fix pool ALPN compatibility with older amphora"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"The ALPN for pools patch introduced a bug that causes amphroa to"},{"line_number":10,"context_line":"fail if the HAProxy version running inside the amphroa does not"},{"line_number":11,"context_line":"support ALPN on backend members (bionic iamges for example)."},{"line_number":12,"context_line":"This patch adds compatibility support for those older HAProxy versions"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"20a571d0_b7bbb4a2","line":9,"range":{"start_line":9,"start_character":54,"end_line":9,"end_character":61},"updated":"2021-03-29 13:43:44.000000000","message":"Need more coffee?","commit_id":"70ea8b2dc3236327393b8dcfa8f90d265642eb84"},{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"2bfe8067b43f8f9040d36aa9bb469bda1b0afe65","unresolved":true,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Fix pool ALPN compatibility with older amphora"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"The ALPN for pools patch introduced a bug that causes amphroa to"},{"line_number":10,"context_line":"fail if the HAProxy version running inside the amphroa does not"},{"line_number":11,"context_line":"support ALPN on backend members (bionic iamges for example)."},{"line_number":12,"context_line":"This patch adds compatibility support for those older HAProxy versions"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"2ab304a8_83310313","line":9,"range":{"start_line":9,"start_character":54,"end_line":9,"end_character":61},"in_reply_to":"20a571d0_b7bbb4a2","updated":"2021-03-29 15:13:12.000000000","message":"Hey, you get what you get when I write a patch on the weekend.","commit_id":"70ea8b2dc3236327393b8dcfa8f90d265642eb84"},{"author":{"_account_id":29244,"name":"Gregory Thiemonge","email":"gthiemon@redhat.com","username":"gthiemonge"},"change_message_id":"9f9ac1eb870900075eea49b67d3a535a6c5d3a40","unresolved":true,"context_lines":[{"line_number":7,"context_line":"Fix pool ALPN compatibility with older amphora"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"The ALPN for pools patch introduced a bug that causes amphroa to"},{"line_number":10,"context_line":"fail if the HAProxy version running inside the amphroa does not"},{"line_number":11,"context_line":"support ALPN on backend members (bionic iamges for example)."},{"line_number":12,"context_line":"This patch adds compatibility support for those older HAProxy versions"},{"line_number":13,"context_line":"by removing the ALPN configuration settings if the HAProxy version"},{"line_number":14,"context_line":"is too old to support the functionality."}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"e926f6a4_20736933","line":11,"range":{"start_line":10,"start_character":47,"end_line":11,"end_character":31},"updated":"2021-03-29 08:18:28.000000000","message":"just to be sure: does the frontend support ALPN in bionic images?","commit_id":"70ea8b2dc3236327393b8dcfa8f90d265642eb84"},{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"2bfe8067b43f8f9040d36aa9bb469bda1b0afe65","unresolved":true,"context_lines":[{"line_number":7,"context_line":"Fix pool ALPN compatibility with older amphora"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"The ALPN for pools patch introduced a bug that causes amphroa to"},{"line_number":10,"context_line":"fail if the HAProxy version running inside the amphroa does not"},{"line_number":11,"context_line":"support ALPN on backend members (bionic iamges for example)."},{"line_number":12,"context_line":"This patch adds compatibility support for those older HAProxy versions"},{"line_number":13,"context_line":"by removing the ALPN configuration settings if the HAProxy version"},{"line_number":14,"context_line":"is too old to support the functionality."}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"94a22b59_9cf437da","line":11,"range":{"start_line":10,"start_character":47,"end_line":11,"end_character":31},"in_reply_to":"e926f6a4_20736933","updated":"2021-03-29 15:13:12.000000000","message":"Yes","commit_id":"70ea8b2dc3236327393b8dcfa8f90d265642eb84"},{"author":{"_account_id":1131,"name":"Brian Haley","email":"haleyb.dev@gmail.com","username":"brian-haley"},"change_message_id":"32e3a14c1e29511da0708997108ddfb901663c6f","unresolved":true,"context_lines":[{"line_number":7,"context_line":"Fix pool ALPN compatibility with older amphora"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"The ALPN for pools patch introduced a bug that causes amphora to"},{"line_number":10,"context_line":"fail if the HAProxy version running inside the amphroa does not"},{"line_number":11,"context_line":"support ALPN on backend members (bionic iamges for example)."},{"line_number":12,"context_line":"This patch adds compatibility support for those older HAProxy versions"},{"line_number":13,"context_line":"by removing the ALPN configuration settings if the HAProxy version"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":3,"id":"8c4f6bc0_75bdae22","line":10,"range":{"start_line":10,"start_character":47,"end_line":10,"end_character":54},"updated":"2021-03-29 18:42:43.000000000","message":"I guess I should have pointed out both typos, figured you\u0027d see it.","commit_id":"038e83d562f79765ce99ad59b0152674860484e4"},{"author":{"_account_id":29244,"name":"Gregory Thiemonge","email":"gthiemon@redhat.com","username":"gthiemonge"},"change_message_id":"5bc95bf7a365a500174179aa0482df07294c5d70","unresolved":true,"context_lines":[{"line_number":8,"context_line":""},{"line_number":9,"context_line":"The ALPN for pools patch introduced a bug that causes amphora to"},{"line_number":10,"context_line":"fail if the HAProxy version running inside the amphroa does not"},{"line_number":11,"context_line":"support ALPN on backend members (bionic iamges for example)."},{"line_number":12,"context_line":"This patch adds compatibility support for those older HAProxy versions"},{"line_number":13,"context_line":"by removing the ALPN configuration settings if the HAProxy version"},{"line_number":14,"context_line":"is too old to support the functionality."}],"source_content_type":"text/x-gerrit-commit-message","patch_set":3,"id":"9bc1251f_3f413e90","line":11,"range":{"start_line":11,"start_character":40,"end_line":11,"end_character":46},"updated":"2021-03-29 19:01:17.000000000","message":"typo","commit_id":"038e83d562f79765ce99ad59b0152674860484e4"},{"author":{"_account_id":29244,"name":"Gregory Thiemonge","email":"gthiemon@redhat.com","username":"gthiemonge"},"change_message_id":"57a749b1bb3a4d368fa0517991b600646a363ab2","unresolved":true,"context_lines":[{"line_number":7,"context_line":"Fix pool ALPN compatibility with older amphora"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"The ALPN for pools patch introduced a bug that causes amphora to"},{"line_number":10,"context_line":"fail if the HAProxy version running inside the amphroa does not"},{"line_number":11,"context_line":"support ALPN on backend members (bionic images for example)."},{"line_number":12,"context_line":"This patch adds compatibility support for those older HAProxy versions"},{"line_number":13,"context_line":"by removing the ALPN configuration settings if the HAProxy version"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":4,"id":"5f1f9b3c_377670f3","line":10,"range":{"start_line":10,"start_character":47,"end_line":10,"end_character":54},"updated":"2021-03-30 17:45:43.000000000","message":"amphroa :)","commit_id":"a8e3f4021e658134732d3e4819289df1f794a6cd"}],"octavia/common/jinja/haproxy/combined_listeners/jinja_cfg.py":[{"author":{"_account_id":29244,"name":"Gregory Thiemonge","email":"gthiemon@redhat.com","username":"gthiemonge"},"change_message_id":"9f9ac1eb870900075eea49b67d3a535a6c5d3a40","unresolved":true,"context_lines":[{"line_number":373,"context_line":"            if pool.tls_versions is not None:"},{"line_number":374,"context_line":"                ret_value[\u0027tls_versions\u0027] \u003d pool.tls_versions"},{"line_number":375,"context_line":"            if (pool.alpn_protocols is not None and"},{"line_number":376,"context_line":"                    feature_compatibility.get(constants.POOL_ALPN, False)):"},{"line_number":377,"context_line":"                ret_value[\u0027alpn_protocols\u0027] \u003d \",\".join(pool.alpn_protocols)"},{"line_number":378,"context_line":"        if (pool.ca_tls_certificate_id and pool_tls_certs and"},{"line_number":379,"context_line":"                pool_tls_certs.get(\u0027ca_cert\u0027)):"}],"source_content_type":"text/x-python","patch_set":2,"id":"de239742_b6f1115d","line":376,"range":{"start_line":376,"start_character":0,"end_line":376,"end_character":74},"updated":"2021-03-29 08:18:28.000000000","message":"Does it mean that pool.alpn_protocol parameters are silently ignored in case of old haproxy?","commit_id":"70ea8b2dc3236327393b8dcfa8f90d265642eb84"},{"author":{"_account_id":6469,"name":"Carlos Gonçalves","display_name":"Carlos Goncalves","email":"cgoncalves@redhat.com","username":"cgoncalves"},"change_message_id":"c5f79ab516a8d9887cd096acb7e71b01f697aecd","unresolved":true,"context_lines":[{"line_number":373,"context_line":"            if pool.tls_versions is not None:"},{"line_number":374,"context_line":"                ret_value[\u0027tls_versions\u0027] \u003d pool.tls_versions"},{"line_number":375,"context_line":"            if (pool.alpn_protocols is not None and"},{"line_number":376,"context_line":"                    feature_compatibility.get(constants.POOL_ALPN, False)):"},{"line_number":377,"context_line":"                ret_value[\u0027alpn_protocols\u0027] \u003d \",\".join(pool.alpn_protocols)"},{"line_number":378,"context_line":"        if (pool.ca_tls_certificate_id and pool_tls_certs and"},{"line_number":379,"context_line":"                pool_tls_certs.get(\u0027ca_cert\u0027)):"}],"source_content_type":"text/x-python","patch_set":2,"id":"8bcf56d2_c53f7c5c","line":376,"range":{"start_line":376,"start_character":0,"end_line":376,"end_character":74},"in_reply_to":"37f4c21e_be3849d5","updated":"2021-03-29 17:11:57.000000000","message":"I\u0027m not sure I agree with silently ignoring a user requested configuration. This could cause data plane traffic errors when end-users explicitly want to communicate over, say, HTTP/2. It would be challenging for the load balancer owner and cloud operator to notice this configuration nuance, which would require inspecting the amphora. How is this feature different from other features that also require a newer amphora image?\n\nFor example, UDP was introduced in Rocky. When a user requests creation of an UDP listener:\n1. the worker tries to create UDP listeners\n2. the worker fails to create UDP listeners on Queens or older amphora images\n3. the worker set ERROR provisioning status\n4. the health manager failovers amphora where one of two things can happen:\n4a. health manager boots up Rocky or newer amphora image, leading to successful recovery or...\n4b. health manager still boots a Queens or older amphora image, leading to failover error\n\nAre you proposing changing the way all new features requiring newer amphora images are dealt?","commit_id":"70ea8b2dc3236327393b8dcfa8f90d265642eb84"},{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"16c6f3532b8b864654295694484d4bc271ee268f","unresolved":true,"context_lines":[{"line_number":373,"context_line":"            if pool.tls_versions is not None:"},{"line_number":374,"context_line":"                ret_value[\u0027tls_versions\u0027] \u003d pool.tls_versions"},{"line_number":375,"context_line":"            if (pool.alpn_protocols is not None and"},{"line_number":376,"context_line":"                    feature_compatibility.get(constants.POOL_ALPN, False)):"},{"line_number":377,"context_line":"                ret_value[\u0027alpn_protocols\u0027] \u003d \",\".join(pool.alpn_protocols)"},{"line_number":378,"context_line":"        if (pool.ca_tls_certificate_id and pool_tls_certs and"},{"line_number":379,"context_line":"                pool_tls_certs.get(\u0027ca_cert\u0027)):"}],"source_content_type":"text/x-python","patch_set":2,"id":"7141a9f0_e4c2151d","line":376,"range":{"start_line":376,"start_character":0,"end_line":376,"end_character":74},"in_reply_to":"657cb7f1_6908ea05","updated":"2021-03-30 00:14:09.000000000","message":"The difference here is the implementation. The way the ALPN for pools was implemented is that it adds the \"alpn\" option to the haproxy configuration even if a user didn\u0027t not select the feature. It inserts the \"default\".\nThis default will cause all non-HAProxy 1.9 or newer amphora to fail, potentially into a failed failover if the only image available is the \u003c 1.9 version.\n\nThe impact of this is major. Basically after an operator upgrades the control plane, the first update (change a member for example) to a load balancer on older amps will cause them to fail. A completely unrelated setting change on a load balancer causes it to fail.\n\nThis was found because my backend re-encryption test patches started failing after the ALPN patch merged and the amphora image default was still bionic.\n\nWith this change, the only impact is to users the explicitly specify HTTP/2 for backend pool connections, when running \u003c 1.9 amphora, their connections will fall back to HTTP/1.1.\n\nIt also aligns exactly to the release note, \"Support for new features requires an image update\".","commit_id":"70ea8b2dc3236327393b8dcfa8f90d265642eb84"},{"author":{"_account_id":6469,"name":"Carlos Gonçalves","display_name":"Carlos Goncalves","email":"cgoncalves@redhat.com","username":"cgoncalves"},"change_message_id":"47211a6216d2308dc06c5717090a84355c2f4a0b","unresolved":true,"context_lines":[{"line_number":373,"context_line":"            if pool.tls_versions is not None:"},{"line_number":374,"context_line":"                ret_value[\u0027tls_versions\u0027] \u003d pool.tls_versions"},{"line_number":375,"context_line":"            if (pool.alpn_protocols is not None and"},{"line_number":376,"context_line":"                    feature_compatibility.get(constants.POOL_ALPN, False)):"},{"line_number":377,"context_line":"                ret_value[\u0027alpn_protocols\u0027] \u003d \",\".join(pool.alpn_protocols)"},{"line_number":378,"context_line":"        if (pool.ca_tls_certificate_id and pool_tls_certs and"},{"line_number":379,"context_line":"                pool_tls_certs.get(\u0027ca_cert\u0027)):"}],"source_content_type":"text/x-python","patch_set":2,"id":"657cb7f1_6908ea05","line":376,"range":{"start_line":376,"start_character":0,"end_line":376,"end_character":74},"in_reply_to":"8bcf56d2_c53f7c5c","updated":"2021-03-29 17:20:32.000000000","message":"I forgot to also mention another issue with this approach. The API will happily validate, store in the database and return to the user the desired ALPN protocols which, though, may not be applied in the HAProxy configuration.","commit_id":"70ea8b2dc3236327393b8dcfa8f90d265642eb84"},{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"2bfe8067b43f8f9040d36aa9bb469bda1b0afe65","unresolved":true,"context_lines":[{"line_number":373,"context_line":"            if pool.tls_versions is not None:"},{"line_number":374,"context_line":"                ret_value[\u0027tls_versions\u0027] \u003d pool.tls_versions"},{"line_number":375,"context_line":"            if (pool.alpn_protocols is not None and"},{"line_number":376,"context_line":"                    feature_compatibility.get(constants.POOL_ALPN, False)):"},{"line_number":377,"context_line":"                ret_value[\u0027alpn_protocols\u0027] \u003d \",\".join(pool.alpn_protocols)"},{"line_number":378,"context_line":"        if (pool.ca_tls_certificate_id and pool_tls_certs and"},{"line_number":379,"context_line":"                pool_tls_certs.get(\u0027ca_cert\u0027)):"}],"source_content_type":"text/x-python","patch_set":2,"id":"37f4c21e_be3849d5","line":376,"range":{"start_line":376,"start_character":0,"end_line":376,"end_character":74},"in_reply_to":"de239742_b6f1115d","updated":"2021-03-29 15:13:12.000000000","message":"Yes.\nThis is after the user has got a response (because we can\u0027t talk to an amphora until after that), so we either fail the amphora, or remove the offending setting.\nIn this case, worst case is it will fall back to only HTTP/1.1 connections.\nThe release note should call out that for the new feature, a new amphora image is required.","commit_id":"70ea8b2dc3236327393b8dcfa8f90d265642eb84"}]}