| HAProxy branches and life cycle |
| =============================== |
| |
| The HAProxy project evolves quickly to stay up to date with modern features |
| found in web environments but also takes a great care of addressing bugs which |
| may affect deployed versions without forcing such users to upgrade when not |
| needed. For this reason the project is developed in branches. |
| |
| A branch is designated as two numbers separated by a dot, for example "1.8". |
| This numbering is historical. Each new development cycle increases the second |
| digit by one, and after it reaches '9' it goes back to zero and the first digit |
| increases by one. It effectively grows as a decimal number increased by 0.1 per |
| version. |
| |
| The complete version is made of the branch suffixed with "-dev" followed by a |
| sequence number during development, then by "." followed by a number when the |
| development of that branch is finished and the branch enters a maintenance |
| phase. The first release of a branch starts at ".0". Immediately after ".0" is |
| issued, the next branch is created as "-dev0" as an exact copy of the previous |
| branch's ".0" version. Thus we observe the following development sequence: |
| |
| ... 1.9-dev10 -> 1.9-dev11 -> 1.9.0 -> 2.0-dev0 -> 2.0-dev1 ... 2.0 -> ... |
| |
| Occasionally a series of "-rc" versions may be emitted between the latest -dev |
| and the release to mark the end of development and start of stabilizing, though |
| it's mostly a signal send to users that the release is approaching rather than |
| a change in the cycle as it is always hard to categorize patches. |
| |
| Very often the terms "branch" and "version" will be used interchangeably with |
| only the first two digits to designate "the latest version of that branch". So |
| when someone asks you "Could you please try the same on 1.8", it means "1.8.X" |
| with X as high as possible, thus for example 1.8.20 if this one is available at |
| this moment. |
| |
| During the maintenance phase, a maintenance branch is created for the just |
| released version. The development version remains in the development branch |
| called "master", or sometimes "-dev". If branches are represented vertically |
| and time horizontally, this will look like this: |
| |
| versions branch |
| 1.9-dev10 1.9-dev11 1.9.0 2.0-dev0 2.0-dev1 2.0-dev2 |
| ----+--------+---------+-------+---------+---------+----------> master |
| \ |
| \ 1.9.1 1.9.2 |
| `-----------+-------------+---------> 1.9 |
| |
| Each released version (e.g. 1.9.0 above) appears once in the master branch so |
| that it is easy to list history of changes between versions. |
| |
| Before version 1.4, development and maintenance were inter-mixed in the same |
| branch, which resulted in latest maintenance branches becoming unstable after |
| some point. This is why versions 1.3.14 and 1.3.15 became maintenance branches |
| on their own while the development pursued on 1.3 to stabilize again in the |
| latest versions. |
| |
| Starting with version 1.4.0, a rule has been set not to create new features |
| into a maintenance branch. It was not well respected and still created trouble |
| with certain 1.4 versions causing regressions and confusing users. |
| |
| Since 1.5.0 this "no new feature" rule has become strict and maintenance |
| versions only contain bug fixes that are necessary in this branch. This means |
| that any version X.Y.Z is necessarily more stable than X.Y.W with W<Z. |
| |
| For this reason there is absolutely no excuse for not updating a version within |
| your branch, as your version necessarily contains bugs that are fixed in any |
| later version in that same branch. Obviously when a branch is just released, |
| there will be some occasional bugs. And once in a while a fix for a recently |
| discovered bug may have an undesired side effect called a regression. This must |
| never happen but this will happen from time to time, especially on recently |
| released versions. This is often presented as an excuse by some users for not |
| updating but this is wrong, as the risk staying with an older version is much |
| higher than the risk of updating. If you fear there could be an issue with an |
| update because you don't completely trust the version in your branch, it simply |
| means you're using the wrong branch and need an older one. |
| |
| When a bug is reported in a branch, developers will systematically ask if the |
| bug is present in the latest version of this branch (since developers don't |
| like to work on bugs that were already fixed). It's a good practice to perform |
| the update yourself and to test again before reporting the bug. Note, as long |
| as you're using a supported branch, as indicated on the haproxy.org web site, |
| you don't need to upgrade to another branch to report a bug. However from time |
| to time it may happen that a developer will ask you if you can try it in order |
| to help narrow the problem down. But this will never be a requirement, just a |
| question. |
| |
| Once a bug is understood, it is tested on the development branch and fixed |
| there. Then the fix will be applied in turn to older branches, jumping from |
| one to the other in descending order. For example: |
| |
| FIX |
| 2.0-dev4 HERE 2.0-dev5 2.0-dev6 |
| -----+-------V-------------+-----------+--------------> master |
| 1.9.4 \ 1.9.5 1.9.6 1.9.7 |
| --+------------o-------+---------+-------------+------> 1.9 |
| 1.8.18 \ 1.8.19 1.8.20 |
| -----+-----------o------------+-------------+---------> 1.8 |
| |
| This principle ensures that you will always have a safe upgrade path from an |
| older branch to a newer: under no circumstances a bug that was already fixed |
| in an older branch will still be present in a newer one. In the diagram above, |
| a bug reported for 1.8.18 would be fixed between 2.0-dev4 and 2.0-dev5. The |
| fix will be backported into 1.9 and from there into 1.8. 1.9.5 will be issued |
| with the fix before 1.8.19 will be issued. This guarantees that for any version |
| 1.8 having the fix, there always exists a version 1.9 with it as well. So if |
| you would upgrade to 1.8.19 to benefit from the fix and the next day decide |
| that for whatever new feature you need to upgrade to 1.9, you'll have 1.9.5 |
| available with the same set of fixes so you will not reintroduce a previously |
| fixed problem. |
| |
| In practice, it takes longer to release older versions than newer ones. There |
| are two reasons to this. One is technical: the fixes often require some |
| adaptations to be done for older versions. The other reason is stability: in |
| spite of the great care and the tests, there is always a faint risk that a fix |
| introduces a regression. By leaving fixes exposed in more recent versions |
| before appearing in older ones, there is a much smaller probability that such a |
| regression remains undetected when the next version of the older branch is |
| issued. |
| |
| So the rule for the best stability is very simple: |
| |
| STICK TO THE BRANCH THAT SUITS YOUR NEEDS AND APPLY ALL UPDATES. |
| |
| With other projects, some people developed a culture of backporting only a |
| selection of fixes into their own maintenance branch. Usually they consider |
| these fixes are critical, or security-related only. THIS IS TERRIBLY WRONG. |
| It is already very difficult for the developers who made the initial patch to |
| figure if and how it must be backported to an older branch, what extra patches |
| it depends on to be safe, as you can imagine it is impossible for anyone else |
| to make a safe guess about what to pick. |
| |
| A VERSION WHICH ONLY CONTAINS A SELECTION OF FIXES IS WAY MORE |
| DANGEROUS AND LESS STABLE THAN ONE WITHOUT ANY OF THESE FIXES. |
| |
| Branches up to 1.8 are all designated as "long-term supported" ("LTS" for |
| short), which means that they are maintained for several years after the |
| release. These branches were emitted at a pace of one per year since 1.5 in |
| 2014. As of 2019, 1.5 is still supported and widely used, even though it very |
| rarely receives updates. After a few years these LTS branches enter a |
| "critical fixes only" status, which means that they will rarely receive a fix |
| but if that a critital issue affects them, a release will be made, with or |
| without any other fix. Once a version is not supported anymore, it will not |
| receive any fix at all and it will really be time for you to upgrade to a more |
| recent branch. Please note that even when an upgrade is needed, a great care is |
| given to backwards compatibility so that most configs written for version 1.1 |
| still work with little to no modification 16 years later on version 2.0. |
| |
| Since 1.9, the release pacing has increased to match faster moving feature sets |
| and a faster stabilization of the technical foundations. The principle is now |
| the following: |
| - one release is emitted between October and December, with an odd version |
| number (such as "1.9"). This version heavily focuses on risky changes that |
| are considered necessary to develop new features. It can for example bring |
| nice performance improvements as well as invisible changes that will serve |
| later ; these versions will only be emitted for developers and highly |
| skilled users. They will not be maintained for a long time, they will |
| receive updates for 12 to 18 months only after which they will be marked |
| End-Of-Life ("EOL" for short). They may receive delicate fixes during their |
| maintenance cycle so users have to be prepared to see some breakage once in |
| a while as fixes are stabilizing. THESE VERSIONS MUST ABSOLUTELY NOT BE |
| PACKAGED BY OPERATING SYSTEM VENDORS. |
| |
| - one release is emitted between May and June, with an even version number |
| (such as "2.0"). This version mostly relies on the technical foundations |
| brought by the previous release and tries hard not to apply risky changes. |
| Instead it will bring new user-visible features. Such versions will be |
| long-term supported and may be packaged by operating system vendors. |
| |
| This development model provides better stability for end users and better |
| feedback for developers: |
| - regular users stick to LTS versions which rely on the same foundations |
| as the previous releases that had 6 months to stabilize. In terms of |
| stability it really means that the point zero version already accumulated |
| 6 months of fixes and that it is much safer to use even just after it is |
| released. |
| |
| - for developers, given that the odd versions are solely used by highly |
| skilled users, it's easier to get advanced traces and captures, and there |
| is less pressure during bug reports because there is no doubt the user is |
| autonomous and knows how to work around the issue or roll back to the last |
| working version. |
| |
| Thus the release cycle from 1.8 to 2.2 should look like this: |
| |
| 1.8.0 1.9.0 2.0.0 2.1.0 2.2.0 |
| --+---------------+---------------+--------------+--------------+----> master |
| \ \ \ \ \ |
| \ \ \ \ `--> 2.2 LTS |
| \ \ \ `--+--+--+---+---> 2.1 |
| \ \ `----+-----+------+-------+----> 2.0 LTS |
| \ `--+-+-+--+---+------+--------+-----| EOL 1.9 |
| `---+---+---+-----+-------+-----------+---------------+------> 1.8 LTS |
| |
| In short the non-LTS odd releases can be seen as technological previews of the |
| next feature release, and will be terminated much earlier. The plan is to barely |
| let them overlap with the next non-LTS release, allowing advanced users to |
| always have the choice between the last two major releases. |
| |
| With all this in mind, what version should you use ? It's quite simple: |
| - if you're a first-time HAProxy user, just use the version provided by your |
| operating system. Just take a look at the "known bugs" section on the |
| haproxy.org web site to verify that it's not affected by bugs that could |
| have an impact for you. |
| |
| - if you don't want or cannot use the version shipped with your operating |
| system, it is possible that other people (including the package maintainer) |
| provide alternate versions. This is the case for Debian and Ubuntu for |
| example, where you can choose your distribution and pick the branch you |
| need here: https://haproxy.debian.net/ |
| |
| - if you want to build with specific options, apply some patches, you'll |
| have to build from sources. If you have little experience or are not |
| certain to devote regular time to perform this task, take an "old" branch |
| (i.e. 1-2 years old max, for example 1.8 when 2.0 is emitted). You'll avoid |
| most bugs and will not have to work too often to update your local version. |
| |
| - if you need a fresh version for application development, or to benefit from |
| latest improvements, take the most recent version of the most recent branch |
| and keep it up to date. You may even want to use the Git version or nightly |
| snapshots. |
| |
| - if you want to develop on HAProxy, use the master from the Git tree. |
| |
| - if you want to follow HAProxy's development by doing some tests without |
| the burden of entering too much into the development process, just use the |
| -dev versions of the master branch. At some point you'll feel the urge to |
| switch to the Git version anyway as it will ultimately simplify your work. |
| |
| - if you're installing it on unmanaged servers with little to no hostile |
| exposure, or your home router, you should pick the latest version in one |
| of the oldest supported branches. While it doesn't guarantee that you will |
| never have to upgrade it, at least as long as you don't use too complex a |
| setup, it's unlikely that you will need to update it often. |
| |
| And as a general rule, do not put a non-LTS version on a server unless you are |
| absolutely certain you are going to keep it up to date yourself and already |
| plan to replace it once the following LTS version is issued. If you are not |
| going to manage updates yourself, use pre-packaged versions exclusively and do |
| not expect someone else to have to deal with the burden of building from |
| sources. |