Skip to content

Fluxheim 1.5.15

Choose a tag to compare

View all tags
@eldryoth eldryoth released this 10 Jun 20:53
· 293 commits to main since this release
Immutable release. Only release title and notes can be modified.
v1.5.15-release
This tag was signed with the committer’s verified signature.
eldryoth
SSH Key Fingerprint: EoLRQ5k4J5pYz3UMFmkrV798gYFNkToGS2xEPvebqB4
Verified
Learn about vigilant mode.
3bc7f50
This commit was signed with the committer’s verified signature.
eldryoth
SSH Key Fingerprint: EoLRQ5k4J5pYz3UMFmkrV798gYFNkToGS2xEPvebqB4
Verified
Learn about vigilant mode.

Fluxheim 1.5.15 Release Notes

Fluxheim 1.5.15 starts the database/protocol-aware health-check line.

This release adds bounded Redis PING, MySQL/MariaDB handshake, and
PostgreSQL SSLRequest active health checks for load-balancer pools where TCP
connect is not enough and an HTTP/gRPC endpoint is not available.

Publishing note: the signed git tag v1.5.15 remains the canonical code tag
for this release. The GitHub Release page is published under
v1.5.15-release because the original immutable GitHub Release object for
v1.5.15 was accidentally deleted; GitHub reserves immutable release tag names
and does not allow the original release page to be restored through the normal
release UI/API.

What Changed

  • Added protocol = "redis" for proxy.load_balance.health_check.
  • Redis checks open a bounded TCP connection to the selected backend, send one
    fixed RESP PING frame, and require a simple-string +PONG response.
  • Redis checks now read until CRLF within the existing 64-byte response cap, so
    fragmented +PONG\r\n responses do not falsely mark healthy Redis backends
    down.
  • Added protocol = "mysql" for proxy.load_balance.health_check.
  • MySQL checks open a bounded TCP connection to the selected backend, read one
    MySQL server greeting packet, and require a protocol-10 handshake without
    sending a login packet or SQL query.
  • Added protocol = "postgres" for proxy.load_balance.health_check.
  • PostgreSQL checks open a bounded TCP connection to the selected backend, send
    the PostgreSQL SSLRequest pre-auth handshake, and require a one-byte S or
    N response without sending a StartupMessage or SQL query.
  • Redis, MySQL, and PostgreSQL checks use connect_timeout_secs and
    read_timeout_secs, inherit the normal consecutive success/failure
    thresholds, and report their protocol in runtime status.
  • Redis, MySQL, and PostgreSQL checks reject HTTP/gRPC matchers, request
    headers, port overrides, connection reuse, host overrides, and parallel
    checking.
  • Added examples/load-balancer-redis-health.toml as a validated Redis health
    probe example.
  • Added examples/load-balancer-mysql-health.toml as a validated
    MySQL/MariaDB health probe example.
  • Added examples/load-balancer-postgres-health.toml as a validated
    PostgreSQL health probe example.
  • Added scripts/smoke_redis_health_check.sh, an optional Podman smoke that
    starts Valkey, verifies Fluxheim increments Valkey's Redis PING command
    counter, then stops Valkey and checks that Fluxheim marks the backend
    unhealthy.
  • Added scripts/smoke_mysql_health_check.sh, an optional Podman smoke that
    starts MariaDB, verifies Fluxheim increments MariaDB's unauthenticated
    handshake counter, then stops MariaDB and checks that Fluxheim marks the
    backend unhealthy.
  • Added scripts/smoke_postgres_health_check.sh, an optional Podman smoke that
    starts PostgreSQL, verifies Fluxheim creates a pre-auth connection observed
    by PostgreSQL connection logging, then stops PostgreSQL and checks that
    Fluxheim marks the backend unhealthy.

Compatibility

  • Existing TCP/TLS, HTTP, gRPC, JSON, weighted degraded, and exec health checks
    remain compatible.
  • Redis, MySQL, and PostgreSQL checks are health probes only. They do not
    authenticate, run Redis commands beyond PING, send MySQL login packets,
    send PostgreSQL StartupMessages, inspect keys or schemas, execute queries, or
    make Fluxheim a database proxy.
  • The MySQL/MariaDB probe intentionally disconnects before authentication. On
    non-loopback database connections, repeated idle probes can count toward the
    server host-cache error budget (max_connect_errors) and block the Fluxheim
    host until FLUSH HOSTS or equivalent cleanup. Use conservative intervals,
    raise max_connect_errors, or use an authenticated exec check such as
    mysqladmin ping for credentialed readiness.
  • ACME managed-certificate install recovery now logs cleanup and backup-restore
    failures instead of silently discarding those errors.
  • Delay-mode rate limiting and load-balancer persistence warning generation
    received small defensive hardening so local invariants are explicit at the
    panic-sensitive call sites.
  • Redis TLS, MySQL TLS/authenticated readiness, PostgreSQL TLS/authenticated
    readiness, SMTP/LDAP send-expect, and authenticated agent checks remain
    future work.

Checksums And Signatures

  • Commit: 3bc7f5010a97fee80efd00bde2fe912fbb45b3b0
  • Local gate: GitHub CI green before tag; local release metadata checks passed
  • CodeQL/code scanning: no open release-blocking alerts before tag
  • Source archive checksums:
    • a9cdec906b113e61b36a63c14609780f88d66728b79eebddf5b41d9dce25c2fc fluxheim-1.5.15-release.tar.gz
    • 4524d535a35d363a8cb2fdd6a2baa22fa688a9c149e4439239e59a46d8a39966 fluxheim-1.5.15-release.zip
  • Binary checksums:
    • x86_64:
      • 423ea3f48a1f977b4eb4ab79d39a6ec4a277021510c935c59174333b55312021 fluxheim-1.5.15-release-full-x86_64-linux.tar.gz
      • d50928d6a92a89d916396e5d5b25f7586f5719e71730652addb7d9d04c5adc54 fluxheim-1.5.15-release-cache-x86_64-linux.tar.gz
      • dc8f86cd4fd11a3ee3823cea6b0b6efa07a5bbdd4f82b90570f8eb62f44275bf fluxheim-1.5.15-release-proxy-x86_64-linux.tar.gz
      • 3ba946e6652a0ed5e0d69a54163748d0fceb9c28097432bb747a18a9b49dc0e1 fluxheim-1.5.15-release-php-x86_64-linux.tar.gz
      • 12eeeda33ed39ce651b316a043708766888f012fe09d8da117feaa9b6f6541ff fluxheim-1.5.15-release-load-balancer-x86_64-linux.tar.gz
      • d5b2366ffac9c3eb104c4f060a3aaba7a7ba750c468658f2a95eed19d285097b fluxheim-1.5.15-release-config-tester-x86_64-linux.tar.gz
    • aarch64:
      • 7599b124903122aae325ddffe4d250b1f32f236611f4bc67f746483be16aace9 fluxheim-1.5.15-release-full-aarch64-linux.tar.gz
      • 1564b9b28fc498c9aaf5ad3f7fdfc3f915f76975a99f8a4df88b3bfc7e43e7dd fluxheim-1.5.15-release-cache-aarch64-linux.tar.gz
      • c851fdada917ad09ba5f9e597fb0179b8f8a57b01012d03fed90ebb31712b009 fluxheim-1.5.15-release-proxy-aarch64-linux.tar.gz
      • 9418078f4b9bde10aeeeec0d0a76687aa32c8f2ef5743f401ea601fb051c9a63 fluxheim-1.5.15-release-php-aarch64-linux.tar.gz
      • c78688fc4a8677426157528fef70f616e92a4c26c1b0f924a7f608831c5fca65 fluxheim-1.5.15-release-load-balancer-aarch64-linux.tar.gz
      • 2d3c5781809598a08c0a07f6edcb6e6814fd540f160bf215f3d5948b0a26511a fluxheim-1.5.15-release-config-tester-aarch64-linux.tar.gz
    • macos:
      • 75ef869c5a56d9fb59f29d2d02857bc40c9ec0ffb220a1cd113f88cc71be7876 fluxheim-1.5.15-release-dev-aarch64-macos.tar.gz
  • SBOM checksums:
    • 17d9af6d19ee2f4fa9ca1538013a3a585b5a18ef24ef70cb7c77e2a84e19506f fluxheim.spdx.json
    • 61b3c9bd0bf5f6de7b40d09859749af268a9686e4c322dd710157065f3ad9c36 fluxheim.cyclonedx.json
  • Reproducible build:
    • 96d9ab1b4d59fdeb0438ff2c2bcb296c5e78fac1ce0525c7a1aa4bbd5d3e96c0 x86_64
    • f35ce81a560f0a6b62cbe6cd2f3bb642bcb4748a459cbef814ba4403620e33c4 aarch64
    • 3c1710bc0d0f9c7bc4f50f12d07aba3ca1dc2ccce4a5c80b7167b954f00ef26e macos
  • Full Build Container digests:
    • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:1c5341434d0c2274148e2bba889d1caabd5c02e6b456ecbf3de9445d817d71fc
    • Alpine: ghcr.io/valkyoth/fluxheim@sha256:22498e680ef9d2dd2f7942f8a272a1c22f44eab99c38adeba6c8b6dc080e1198
    • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:549f461872692b648fc75bcae84df12cdec6d5bbd28b8487d1a0799acbd8c363
    • Debian: ghcr.io/valkyoth/fluxheim@sha256:a8de04da8dddb4776d301484cd6733e665a33efc827e1c1d826e92ee27afd926
  • Cache Build Container digests:
    • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:4430d1c1f32214db5960a7838350e32d9c738a9a7d287283ae4f8042bd7befdf
    • Alpine: ghcr.io/valkyoth/fluxheim@sha256:0cb825993e93d6885e5e80846becc1472a60f385a9e76f6191ca6f3d76e42add
    • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:7774613968d23a89a3add8354791366f16acfad8da8ad69b0f693cf60643a17f
    • Debian: ghcr.io/valkyoth/fluxheim@sha256:a0bd8f74323c9c6161188cba6ac5f05a94ae8e1c9dcc3b0bc3d1ed838e3c39b9
  • Proxy Build Container digests:
    • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:a842de5a233748fe1dc473d447519b095a4343d2fe5ce2f9dfa29800749e7b24
    • Alpine: ghcr.io/valkyoth/fluxheim@sha256:4718d0e3ea00dfc3bc09d360f2e12288c12aabbdd40960877c490b4985e110a0
    • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:60c4d55c88dc70175af81278c3279a360887bdd23ceae84b2a1fbaf6be7f611d
    • Debian: ghcr.io/valkyoth/fluxheim@sha256:5fad889700e9cecdb348d34d6938ca2c41b0ed505776ab213e3022b92c098f31
  • PHP Build Container digests:
    • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:2569e9dc65ee1684e31c757539c60829037045950efd51b4f50682cc5f41c198
    • Alpine: ghcr.io/valkyoth/fluxheim@sha256:08b9bd504f4d40518251ccfa98edd4737885a007cf7204b2bb568c7e8172290b
    • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:96457dbadbe32795ee841d8f7c3e866fa3bb71227b1f9d5f5f1e0149e8d0d645
    • Debian: ghcr.io/valkyoth/fluxheim@sha256:48702d67e990d4afa89866656d73501a3e59af718144402eaa226f0acc4b87eb
  • Load Balancer Build Container digests:
    • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:1e29a57985856923c0f4ca684e5aaf7bf6c34938978dafc4c19442953525c10a
    • Alpine: ghcr.io/valkyoth/fluxheim@sha256:c47776f68b4d2de241487333c6e4ca72ef7101db9fb338aa9d8a428ff9b89362
    • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:09eefafe60519ab3539df0ae6f167922655444da0b0fc4759017bbe5985d29e2
    • Debian: ghcr.io/valkyoth/fluxheim@sha256:5934523c90aa1409f6e2d202feb37410ba6e0201ee26c3135c17c2665f5675bc
  • Tag signature:
    • Good "git" signature for 1921261+eldryoth@users.noreply.github.com with ED25519 key SHA256:EoLRQ5k4J5pYz3UMFmkrV798gYFNkToGS2xEPvebqB4
Assets 16
Loading
0 Join discussion