AUTHORS/CHANGELOG for 2.29.0

Change-Id: If218fe19eb75c42f56d25bf9c61adceeec025b6e
This commit is contained in:
Tim Burke 2022-01-28 17:16:52 -08:00
parent a846225c39
commit 975d3dbcfe
3 changed files with 316 additions and 1 deletions

View File

@ -63,6 +63,7 @@ aolivo (aolivo@blizzard.com)
Arnaud JOST (arnaud.jost@ovh.net)
arzhna (arzhna@gmail.com)
Atsushi Sakai (sakaia@jp.fujitsu.com)
Aymeric Ducroquetz (aymeric.ducroquetz@ovhcloud.com)
Azhagu Selvan SP (tamizhgeek@gmail.com)
baiwenteng (baiwenteng@inspur.com)
Ben Keller (bjkeller@us.ibm.com)
@ -144,6 +145,7 @@ Donagh McCabe (donagh.mccabe@gmail.com)
Doron Chen (cdoron@il.ibm.com)
Doug Hellmann (doug@doughellmann.com)
Doug Weimer (dweimer@gmail.com)
Dr. Jens Harbott (harbott@osism.tech)
Dragos Manolescu (dragosm@hp.com)
Drew Balfour (andrew.balfour@oracle.com)
Eamonn O'Toole (eamonn.otoole@hpe.com)
@ -166,6 +168,7 @@ Ferenc Horváth (hferenc@inf.u-szeged.hu)
Filippo Giunchedi (fgiunchedi@wikimedia.org)
Flavio Percoco (flaper87@gmail.com)
Florent Flament (florent.flament-ext@cloudwatt.com)
Florent Vennetier (florent.vennetier@ovhcloud.com)
Florian Hines (syn@ronin.io)
François Charlier (francois.charlier@enovance.com)
Fujita Tomonori (fujita.tomonori@lab.ntt.co.jp)
@ -224,6 +227,7 @@ Ji-Wei (ji.wei3@zte.com.cn)
Jian Zhang (jian.zhang@intel.com)
Jiangmiao Gao (tolbkni@gmail.com)
Jing Liuqing (jing.liuqing@99cloud.net)
jinyuanliu (liujinyuan@inspur.com)
Joanna H. Huang (joanna.huitzu.huang@gmail.com)
Joe Arnold (joe@swiftstack.com)
Joe Gordon (jogo@cloudscaling.com)
@ -267,6 +271,7 @@ liujiong (liujiong@gohighsec.com)
liuyamin (liuyamin@fiberhome.com)
Lokesh S (lokesh.s@hp.com)
Lorcan Browne (lorcan.browne@hpe.com)
Luciano Lo Giudice (luciano.logiudice@canonical.com)
Luis de Bethencourt (luis@debethencourt.com)
Luong Anh Tuan (tuanla@vn.fujitsu.com)
lvxianguo (lvxianguo@inspur.com)
@ -288,6 +293,7 @@ Mathias Bjoerkqvist (mbj@zurich.ibm.com)
Matt Kassawara (mkassawara@gmail.com)
Matt Riedemann (mriedem@us.ibm.com)
Matthew Oliver (matt@oliver.net.au)
Matthew Vernon (mvernon@wikimedia.org)
Matthieu Huin (mhu@enovance.com)
Mauro Stettler (mauro.stettler@gmail.com)
Mehdi Abaakouk (sileht@redhat.com)
@ -320,6 +326,7 @@ Nguyen Hai (nguyentrihai93@gmail.com)
Nguyen Hung Phuong (phuongnh@vn.fujitsu.com)
Nguyen Phuong An (AnNP@vn.fujitsu.com)
Nguyen Quoc Viet (nguyenqviet98@gmail.com)
Nicholas Njihia (nicholas.njihia@canonical.com)
Nicolas Helgeson (nh202b@att.com)
Nicolas Trangez (ikke@nicolast.be)
Ning Zhang (ning@zmanda.com)

143
CHANGELOG
View File

@ -1,4 +1,145 @@
swift (2.28.0)
swift (2.29.0)
* S3 API improvements
* CORS preflights are now allowed for pre-signed URLs.
* The `storage_domain` option now accepts a comma-separated list of
storage domains. This allows multiple storage domains to configured
for use with virtual-host style addressing.
* Fixed the types of configured values in /info response.
* Fixed a server error when trying to copy objects with non-ASCII names.
* Fixed a server error when uploading objects with very long names.
A KeyTooLongError is now returned.
* Fixed an error when multi-deleting MPUs when SLO async-deletes
are enabled.
* Fixed an error that allowed list-uploads and list-parts requests to
return incomplete or out-of-order results.
* Fixed several bugs when dealing with non-ASCII object names and
multipart uploads.
* Reduced the overhead of retrieving bucket and object ACLs.
* Replication, reconstruction, and diskfile improvements
* The reconstructor now uses the replication network to fetch fragments
for reconstruction.
* Added the ability to limit how many objects per handoff partition
will be reverted in a reconstructor cycle using the new
`max_objects_per_revert` option. This may be useful to reduce
ssync timeouts and lock contention, ensuring that progress is made
during rebalances.
* Ensure that non-durable data and .meta files are purged from handoffs
after syncing.
* Fixed tracebacks when there's a race to mark a file durable or delete it.
* Improved cooperative multitasking during ssync.
* Upon detecting a ring change, the reconstructor now only aborts the
jobs for that ring and continues processing jobs for other rings.
* Fixed a traceback when logging about a lock timeout in the replicator.
* Object updater improvements
* Added the ability to ratelimit updates (approximately) per-container
using the new `max_objects_per_container_per_second` option. This may
be used to limit requests to already-overloaded containers while still
making progress on updates to other containers.
* Added timing stats by response code.
* Updates are now sent over the replication network.
* Fixed a race condition where swift would attempt to quarantine
recently-deleted updates.
* Memcache improvements
* Added the ability to configure a chance to skip checking memcache when
querying shard ranges. This allows some fraction of traffic to go to
disk and refresh memcache before the key ages out. Recommended values
for the new `container_updating_shard_ranges_skip_cache_pct` and
`container_listing_shard_ranges_skip_cache_pct` options are in the
range of 0.0 to 0.1.
* Added stats for shard range cache hits, misses, and skips.
* Improved handling of timeouts and other errors when obtaining a
connection to memcached.
* Recon improvements
* Added object-reconstructor stats to recon.
* Each object-server IP is now queried only once when reporting disk
usage. Previously, each port in the ring would be queried; when using
servers-per-port, this could dramatically overstate the disk capacity
in the cluster.
* Fixed a security issue where tempurl and s3api signatures were logged in
full. This allowed an attacker with access to log data to perform replay
attacks, potentially accessing or overwriting cluster data. Now, such
signatures are redacted in a manner similar to auth tokens; see the
`reveal_sensitive_prefix` option in `proxy-server.conf`.
See CVE-2017-8761 for more information.
* Added a new `swift.common.registry` module. This includes helper
functions `register_sensitive_header` and `register_sensitive_param`
which third party middleware authors may use to flag headers and query
parameters for redaction when logging. For more information, see
https://docs.openstack.org/swift/latest/misc.html#module-swift.common.registry
* Added the ability to configure project-scope read-only roles for
keystoneauth using the new `project_reader_roles` option.
* The cname_lookup middleware now works with dnspython 2.0 and later.
* The internal clients used by the container-reconciler, container-sharder,
container-sync, and object-expirer daemons now use a more-descriptive
`<daemon>-ic` log name, rather than `swift`. If you previously
configured the `log_name` option in `internal-client.conf`, you must
now use the `set log_name = <value>` syntax to configure it, even if
no value is set in the `[DEFAULT]` section. This may be done prior to
upgrading.
* Fixed a bug that allowed some statsd metrics to be annotated with the
wrong backend layer.
* The `StatsdClient.set_prefix` method is now deprecated and
may be removed in a future release; by extension, so is the
`LogAdapter.set_statsd_prefix` method. Middleware developers should
use the `statsd_tail_prefix` argument to `get_logger` instead.
* Fixed a traceback in the account-server when there's no account
database on disk to receive a container update. The account-server
now correctly 404s.
* The container-updater will quarantine container databases if all
replicas for the account respond 404.
* Fixed a proxy-server error when the read-only middleware tried to
handle non-Swift paths (such as may be used by third-party middleware).
* Some client behaviors that the proxy previously logged at warning have
been lowered to info.
* Removed translations from most logging.
* Various other minor bug fixes and improvements.
swift (2.28.0, OpenStack Victoria)
* Sharding improvements:

View File

@ -0,0 +1,167 @@
---
features:
- |
S3 API improvements
* CORS preflights are now allowed for pre-signed URLs.
* The ``storage_domain`` option now accepts a comma-separated list of
storage domains. This allows multiple storage domains to configured
for use with virtual-host style addressing.
* Reduced the overhead of retrieving bucket and object ACLs.
- |
Replication, reconstruction, and diskfile improvements
* The reconstructor now uses the replication network to fetch fragments
for reconstruction.
* Added the ability to limit how many objects per handoff partition
will be reverted in a reconstructor cycle using the new
``max_objects_per_revert`` option. This may be useful to reduce
ssync timeouts and lock contention, ensuring that progress is made
during rebalances.
- |
Object updater improvements
* Added the ability to ratelimit updates (approximately) per-container
using the new ``max_objects_per_container_per_second`` option. This may
be used to limit requests to already-overloaded containers while still
making progress on updates to other containers.
* Added timing stats by response code.
* Updates are now sent over the replication network.
- |
Memcache improvements
* Added the ability to configure a chance to skip checking memcache when
querying shard ranges. This allows some fraction of traffic to go to
disk and refresh memcache before the key ages out. Recommended values
for the new ``container_updating_shard_ranges_skip_cache_pct`` and
``container_listing_shard_ranges_skip_cache_pct`` options are in the
range of 0.0 to 0.1.
* Added stats for shard range cache hits, misses, and skips.
- |
Added object-reconstructor stats to recon.
- |
Added a new ``swift.common.registry`` module. This includes helper
functions ``register_sensitive_header`` and ``register_sensitive_param``
which third party middleware authors may use to flag headers and query
parameters for redaction when logging. For more information, see `the
documentation <https://docs.openstack.org/swift/latest/misc.html#
module-swift.common.registry>`__.
- |
Added the ability to configure project-scope read-only roles for
keystoneauth using the new ``project_reader_roles`` option.
- |
The ``cname_lookup`` middleware now works with dnspython 2.0 and later.
- |
The internal clients used by the container-reconciler, container-sharder,
container-sync, and object-expirer daemons now use a more-descriptive
``<daemon>-ic`` log name, rather than ``swift``. If you previously
configured the ``log_name`` option in ``internal-client.conf``, you must
now use the ``set log_name = <value>`` syntax to configure it, even if
no value is set in the ``[DEFAULT]`` section. This may be done prior to
upgrading.
- |
Removed translations from most logging.
deprecations:
- |
The ``StatsdClient.set_prefix`` method is now deprecated and
may be removed in a future release; by extension, so is the
``LogAdapter.set_statsd_prefix`` method. Middleware developers should
use the ``statsd_tail_prefix`` argument to ``get_logger`` instead.
fixes:
- |
S3 API fixes
* Fixed the types of configured values in ``/info`` response.
* Fixed a server error when trying to copy objects with non-ASCII names.
* Fixed a server error when uploading objects with very long names.
A ``KeyTooLongError`` is now returned.
* Fixed an error when multi-deleting MPUs when SLO async-deletes
are enabled.
* Fixed an error that allowed list-uploads and list-parts requests to
return incomplete or out-of-order results.
* Fixed several bugs when dealing with non-ASCII object names and
multipart uploads.
- |
Replication, reconstruction, and diskfile fixes
* Ensure that non-durable data and .meta files are purged from handoffs
after syncing.
* Fixed tracebacks when there's a race to mark a file durable or delete it.
* Improved cooperative multitasking during ssync.
* Upon detecting a ring change, the reconstructor now only aborts the
jobs for that ring and continues processing jobs for other rings.
* Fixed a traceback when logging about a lock timeout in the replicator.
- |
Fixed a security issue where tempurl and s3api signatures were logged in
full. This allowed an attacker with access to log data to perform replay
attacks, potentially accessing or overwriting cluster data. Now, such
signatures are redacted in a manner similar to auth tokens; see the
``reveal_sensitive_prefix`` option in ``proxy-server.conf``.
See CVE-2017-8761 for more information.
- |
Fixed a race condition where swift would attempt to quarantine
recently-deleted object updates.
- |
Improved handling of timeouts and other errors when obtaining a
connection to memcached.
- |
The ``swift-recon`` tool now queries each object-server IP only once
when reporting disk usage. Previously, each port in the ring would be
queried; when using servers-per-port, this could dramatically overstate
the disk capacity in the cluster.
- |
Fixed a bug that allowed some statsd metrics to be annotated with the
wrong backend layer.
- |
Fixed a traceback in the account-server when there's no account
database on disk to receive a container update. The account-server
now correctly 404s.
- |
The container-updater will quarantine container databases if all
replicas for the account respond 404.
- |
Fixed a proxy-server error when the read-only middleware tried to
handle non-Swift paths (such as may be used by third-party middleware).
- |
Some client behaviors that the proxy previously logged at warning have
been lowered to info.
- |
Various other minor bug fixes and improvements.