diff --git a/AUTHORS b/AUTHORS index b86b6dcc1c..21c181c771 100644 --- a/AUTHORS +++ b/AUTHORS @@ -36,6 +36,7 @@ Samuel Merritt (sam@swiftstack.com) Contributors ------------ Aaron Rosen (arosen@nicira.com) +Ade Lee (alee@redhat.com) Adrian Smith (adrian_f_smith@dell.com) Adrien Pensart (adrien.pensart@corp.ovh.com) Akihiro Motoki (amotoki@gmail.com) @@ -57,6 +58,7 @@ Andy McCrae (andy.mccrae@gmail.com) Anh Tran (anhtt@vn.fujitsu.com) Ankur Gupta (ankur.gupta@intel.com) Anne Gentle (anne@openstack.org) +aolivo (aolivo@blizzard.com) Arnaud JOST (arnaud.jost@ovh.net) arzhna (arzhna@gmail.com) Atsushi Sakai (sakaia@jp.fujitsu.com) @@ -183,6 +185,7 @@ Gleb Samsonov (sams-gleb@yandex.ru) Gonéri Le Bouder (goneri.lebouder@enovance.com) Graham Hayes (graham.hayes@hpe.com) Gregory Haynes (greg@greghaynes.net) +Grzegorz Grasza (xek@redhat.com) Guang Yee (guang.yee@hpe.com) guotao (guotao.bj@inspur.com) Gábor Antal (antal@inf.u-szeged.hu) @@ -204,6 +207,7 @@ Hugo Kuo (tonytkdk@gmail.com) Ilya Kharin (ikharin@mirantis.com) Ionuț Arțăriși (iartarisi@suse.cz) Iryoung Jeong (iryoung@gmail.com) +its-not-a-bug-its-a-feature (david.cole@sohonet.com) Jaivish Kothari (jaivish.kothari@nectechnologies.in) James E. Blair (jeblair@openstack.org) James Page (james.page@ubuntu.com) @@ -252,6 +256,7 @@ Leah Klearman (lklrmn@gmail.com) Li Riqiang (lrqrun@gmail.com) Liang Jingtao (liang.jingtao@zte.com.cn) lijunbo (lijunbo@fiberhome.com) +likui (likui@yovole.com) Lin Yang (lin.a.yang@intel.com) Lingxian Kong (anlin.kong@gmail.com) lingyongxu (lyxu@fiberhome.com) @@ -344,6 +349,7 @@ Rainer Toebbicke (Rainer.Toebbicke@cern.ch) rajat29 (rajat.sharma@nectechnologies.in) Ray Chen (oldsharp@163.com) Rebecca Finn (rebeccax.finn@intel.com) +Renich Bon Ćirić (renich@cloudsigma.com) Ricardo Ferreira (ricardo.sff@gmail.com) Richard Hawkins (richard.hawkins@rackspace.com) Robert Francis (robefran@ca.ibm.com) @@ -417,6 +423,7 @@ wanghongtaozz (wanghongtaozz@inspur.com) wanghui (wang_hui@inspur.com) wangqi (wang.qi@99cloud.net) whoami-rajat (rajatdhasmana@gmail.com) +wu.shiming (wushiming@yovole.com) Wu Wenxiang (wu.wenxiang@99cloud.net) Wyllys Ingersoll (wyllys.ingersoll@evault.com) xhancar (pavel.hancar@gmail.com) diff --git a/CHANGELOG b/CHANGELOG index 4874aaa56d..437ffdeddc 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,204 @@ +swift (2.27.0, OpenStack Wallaby) + + * Added "audit watcher" hooks to allow operators to run arbitrary code + against every diskfile in a cluster. For more information, see + https://docs.openstack.org/swift/latest/development_watchers.html + + * Added support for system-scoped "reader" roles when authenticating using + Keystone. Operators may configure this using the `system_reader_roles` + option in the `[filter:keystoneauth]` section of their proxy-server.conf. + + A comparable group, `.reseller_reader`, is now available for development + purposes when authenticating using tempauth. + + * Allow static large object segments to be deleted asynchronously. + Operators may opt into this new behavior by enabling the new + `allow_async_delete` option in the `[filter:slo]` section + in their proxy-server.conf. For more information, see + https://docs.openstack.org/swift/latest/overview_large_objects.html#deleting-a-large-object + + * Added the ability to connect to memcached over TLS. See the + `tls_*` options in etc/memcache.conf-sample + + * The proxy-server now caches 'listing' shards, improving listing + performance for sharded containers. A new config option, + `recheck_listing_shard_ranges`, controls the cache time and defaults to + 10 minutes; set it to 0 to disable caching (the previous behavior). + + * Added a new optional proxy-logging field `{wire_status_int}` for the + status code returned to the client. For more information, see + https://docs.openstack.org/swift/latest/logs.html#proxy-logs + + * Errors downloading a Static Large Object that cause a shorter-than-expected + response are now logged as 500s. + + * Memcache client error-limiting is now configurable. See the + `error_suppression_*` options in etc/memcache.conf-sample + + * Added `tasks_per_second` option to rate-limit the object-expirer. + + * Added `usedforsecurity` annotations for use on FIPS-compliant systems. + + * Added an option to write EC fragments with legacy CRC to ensure a smooth + upgrade from liberasurecode<=1.5.0 to >=1.6.2. For more information, see + https://bugs.launchpad.net/liberasurecode/+bug/1886088 + + * **Known Issue**: Operators should verify that encryption is not enabled + in their reconciler pipelines; having it enabled there may harm data + durability. For more information, see https://launchpad.net/bugs/1910804 + + * S3 API improvements: + + * Fixed a bug that prevented the s3api pipeline validation described in + proxy-server.conf-sample from being performed. As documented, operators + can disable this via the `auth_pipeline_check` option if proxy startup + fails with validation errors. + + * Make allowable clock skew configurable, with a default value of + 15 minutes to match AWS. Note that this was previously hardcoded at + 5 minutes; operators may want to preserve the prior behavior by setting + `allowable_clock_skew = 300` in the `[filter:s3api]` section of their + proxy-server.conf. + + * Fixed an issue where SHA mismatches in client XML payloads would cause + a server error. Swift now correctly responds with a client error about + the bad digest. + + * Fixed an issue where non-base64 signatures would cause a server error. + Swift now correctly responds with a client error about the invalid + digest. + + * Container ACLs are now cloned to the `+segments` container when it is + created. + + * The correct storage policy is now logged for S3 requests. + + * Added the ability to configure auth region in s3token middleware. + + * CORS-related headers are now passed through appropriately when using + the S3 API. Note that allowed origins and other container metadata + must still be configured through the Swift API as documented at + https://docs.openstack.org/swift/latest/cors.html + + Preflight requests do not contain enough information to map a + bucket to an account/container pair; a new cluster-wide option + `cors_preflight_allow_origin` may be configured for such OPTIONS + requests. The default (blank) rejects all S3 preflight requests. + + * Sharding improvements: + + * Prevent shard databases from losing track of their root database when + deleted. + + * Prevent sharded root databases from being reclaimed to ensure that + shards can detect that they have been deleted. + + * A `--no-auto-shard` option has been added to `swift-container-sharder`. + + * The sharder daemon has been enhanced to better support the shrinking + of shards that are no longer required. Shard containers will now + discover from their root container if they should be shrinking. They + will also discover the shards into which they should shrink, which may + include the root container itself. + + * A 'compact' command has been added to `swift-manage-shard-ranges` that + enables sequences of contiguous shards with low object counts to be + compacted into another existing shard, or into the root container. + + * `swift-manage-shard-ranges` can now accept a config file; this + may be used to ensure consistency of threshold values with the + container-sharder config. + + * Overlapping shrinking shards no longer generate audit warnings; these + are expected to sometimes overlap. + + * The sharding progress reports in recon cache now continue to be included + for a period of time after sharding has completed. The time period + may be configured using the `recon_sharded_timeout` option in the + `[container-sharder]` section of container-server.conf, and defaults + to 12 hours. + + * Add root containers with compactible ranges to recon cache. + + * Expose sharding statistics in the backend recon middleware. + + * Replication improvements: + + * Fixed a race condition in ssync that could lead to a loss of data + durability (or even loss of data, for two-replica policies) when some + object servers have outdated rings. Replication via rsync is likely + still affected by a similar bug. + + * Non-durable fragments can now be reverted from handoffs. + + * The post-rsync REPLICATE call no longer recalculates hashes immediately. + + * Hashes are no longer invalidated after a successful ssync; they were + already invalidated during the data transfer. + + * Reduced log noise for common ssync errors. + + * Python 3 fixes: + + * Added support for Python 3.9. + + * Staticweb correctly handles listings when paths include non-ASCII + characters. + + * S3 API now allows multipart uploads with non-ASCII characters in the + object name. + + * Fixed an import-ordering issue in `swift-dispersion-populate`. + + * Partition power increase improvements: + + * Fixed a bug where stale state files would cause misplaced data during + multiple partition power increases. + + * Removed a race condition that could cause newly-written data to not be + linked into the new partition for the new partition power. + + * Improved safety during cleanup to ensure files have been relinked + appropriately before unlinking. + + * Added an option to drop privileges when running the relinker as root. + + * Added an option to rate-limit how quickly data files are relinked or + cleaned up. This may be used to reduce I/O load during partition power + increases, improving end-user performance. + + * Rehash partitions during the partition power increase. Previously, we + relied on the replication engine to perform the rehash, which could + cause an unexpected I/O spike after a partition power increase. + + * Warn when relinking/cleaning up and any disks are unmounted. + + * Log progress per partition when relinking/cleaning up. + + * During clean-up, stop warning about tombstones that got reaped from + the new location but not the old. + + * Added the ability to read options from object-server.conf, similar to + background daemons. + + * Turned off thread-logging when monkey-patching with eventlet. This + addresses a potential hang in the proxy-server while logging client + disconnects. + + * Fixed a bug that could cause EC GET responses to return a server error. + + * Fixed an issue with `swift-drive-audit` when run around New Year's. + + * Server errors encountered when validating the first segment of a Static or + Dynamic Large Object now return a 503 to the client, rather than a 409. + + * Errors when setting keys in memcached are now logged. This helps + operators detect when shard ranges for caching have gotten too large to + be stored, for example. + + * Various other minor bug fixes and improvements. + + swift (2.26.0, OpenStack Victoria) * Extend concurrent reads to erasure coded policies. Previously, the @@ -1142,7 +1343,7 @@ swift (2.15.0) * Add support to increase object ring partition power transparently to end users and with no cluster downtime. Increasing the ring - part power allows for incremental adjustment to the upper bound + partition power allows for incremental adjustment to the upper bound of the cluster size. Please review the full docs at . diff --git a/releasenotes/notes/2_27_0_release-a9ae967d6d271342.yaml b/releasenotes/notes/2_27_0_release-a9ae967d6d271342.yaml new file mode 100644 index 0000000000..2a2231a59d --- /dev/null +++ b/releasenotes/notes/2_27_0_release-a9ae967d6d271342.yaml @@ -0,0 +1,235 @@ +--- +features: + - | + Added "audit watcher" hooks to allow operators to run arbitrary code + against every diskfile in a cluster. For more information, see `the documentation + `__. + + - | + Added support for system-scoped "reader" roles when authenticating using + Keystone. Operators may configure this using the ``system_reader_roles`` + option in the ``[filter:keystoneauth]`` section of their proxy-server.conf. + + A comparable group, ``.reseller_reader``, is now available for development + purposes when authenticating using tempauth. + + - | + Allow static large object segments to be deleted asynchronously. + Operators may opt into this new behavior by enabling the new + ``allow_async_delete`` option in the ``[filter:slo]`` section + in their proxy-server.conf. For more information, see `the documentation + `__. + + - | + Added the ability to connect to memcached over TLS. See the + ``tls_*`` options in etc/memcache.conf-sample + + - | + The proxy-server now caches 'listing' shards, improving listing + performance for sharded containers. A new config option, + ``recheck_listing_shard_ranges``, controls the cache time and defaults to + 10 minutes; set it to 0 to disable caching (the previous behavior). + + - | + Added a new optional proxy-logging field ``{wire_status_int}`` for the + status code returned to the client. For more information, see `the documentation + `__. + + - | + Memcache client error-limiting is now configurable. See the + ``error_suppression_*`` options in etc/memcache.conf-sample + + - | + Added ``tasks_per_second`` option to rate-limit the object-expirer. + + - | + Added ``usedforsecurity`` annotations for use on FIPS-compliant systems. + + - | + S3 API improvements: + + * Make allowable clock skew configurable, with a default value of + 15 minutes to match AWS. Note that this was previously hardcoded at + 5 minutes; operators may want to preserve the prior behavior by setting + ``allowable_clock_skew = 300`` in the ``[filter:s3api]`` section of their + proxy-server.conf. + + * Container ACLs are now cloned to the ``+segments`` container when it is + created. + + * Added the ability to configure auth region in s3token middleware. + + * CORS-related headers are now passed through appropriately when using + the S3 API. Note that allowed origins and other container metadata + must still be `configured through the Swift API + `__. + + Preflight requests do not contain enough information to map a + bucket to an account/container pair; a new cluster-wide option + ``cors_preflight_allow_origin`` may be configured for such OPTIONS + requests. The default (blank) rejects all S3 preflight requests. + + - | + Sharding improvements: + + * A ``--no-auto-shard`` option has been added to ``swift-container-sharder``. + + * The sharder daemon has been enhanced to better support the shrinking + of shards that are no longer required. Shard containers will now + discover from their root container if they should be shrinking. They + will also discover the shards into which they should shrink, which may + include the root container itself. + + * A 'compact' command has been added to ``swift-manage-shard-ranges`` that + enables sequences of contiguous shards with low object counts to be + compacted into another existing shard, or into the root container. + + * ``swift-manage-shard-ranges`` can now accept a config file; this + may be used to ensure consistency of threshold values with the + container-sharder config. + + * The sharding progress reports in recon cache now continue to be included + for a period of time after sharding has completed. The time period + may be configured using the ``recon_sharded_timeout`` option in the + ``[container-sharder]`` section of container-server.conf, and defaults + to 12 hours. + + * Add root containers with compactible ranges to recon cache. + + * Expose sharding statistics in the backend recon middleware. + + - | + Replication improvements: + + * The post-rsync REPLICATE call no longer recalculates hashes immediately. + + * Hashes are no longer invalidated after a successful ssync; they were + already invalidated during the data transfer. + + - | + Added support for Python 3.9. + + - | + Partition power increase improvements: + + * Fixed a bug where stale state files would cause misplaced data during + multiple partition power increases. + + * Removed a race condition that could cause newly-written data to not be + linked into the new partition for the new partition power. + + * Improved safety during cleanup to ensure files have been relinked + appropriately before unlinking. + + * Added an option to drop privileges when running the relinker as root. + + * Added an option to rate-limit how quickly data files are relinked or + cleaned up. This may be used to reduce I/O load during partition power + increases, improving end-user performance. + + * Rehash partitions during the partition power increase. Previously, we + relied on the replication engine to perform the rehash, which could + cause an unexpected I/O spike after a partition power increase. + + * Warn when relinking/cleaning up and any disks are unmounted. + + * Log progress per partition when relinking/cleaning up. + + * During clean-up, stop warning about tombstones that got reaped from + the new location but not the old. + + * Added the ability to read options from object-server.conf, similar to + background daemons. + +issues: + - | + Operators should verify that encryption is not enabled in their reconciler + pipelines; having it enabled there may harm data durability. For more + information, see `bug 1910804 `__. + +upgrade: + - | + Added an option to write EC fragments with legacy CRC to ensure a smooth + upgrade from liberasurecode<=1.5.0 to >=1.6.2. For more information, see + `bug 1886088 `__. + +fixes: + - | + Errors downloading a Static Large Object that cause a shorter-than-expected + response are now logged as 500s. + + - | + S3 API fixes: + + * Fixed a bug that prevented the s3api pipeline validation described in + proxy-server.conf-sample from being performed. As documented, operators + can disable this via the ``auth_pipeline_check`` option if proxy startup + fails with validation errors. + + * Fixed an issue where SHA mismatches in client XML payloads would cause + a server error. Swift now correctly responds with a client error about + the bad digest. + + * Fixed an issue where non-base64 signatures would cause a server error. + Swift now correctly responds with a client error about the invalid + digest. + + * The correct storage policy is now logged for S3 requests. + + - | + Sharding fixes: + + * Prevent shard databases from losing track of their root database when + deleted. + + * Prevent sharded root databases from being reclaimed to ensure that + shards can detect that they have been deleted. + + * Overlapping shrinking shards no longer generate audit warnings; these + are expected to sometimes overlap. + + - | + Replication fixes: + + * Fixed a race condition in ssync that could lead to a loss of data + durability (or even loss of data, for two-replica policies) when some + object servers have outdated rings. Replication via rsync is likely + still affected by a similar bug. + + * Non-durable fragments can now be reverted from handoffs. + + * Reduced log noise for common ssync errors. + + - | + Python 3 fixes: + + * Staticweb correctly handles listings when paths include non-ASCII + characters. + + * S3 API now allows multipart uploads with non-ASCII characters in the + object name. + + * Fixed an import-ordering issue in ``swift-dispersion-populate``. + + - | + Turned off thread-logging when monkey-patching with eventlet. This + addresses a potential hang in the proxy-server while logging client + disconnects. + + - | + Fixed a bug that could cause EC GET responses to return a server error. + + - | + Fixed an issue with ``swift-drive-audit`` when run around New Year's. + + - | + Server errors encountered when validating the first segment of a Static or + Dynamic Large Object now return a 503 to the client, rather than a 409. + + - | + Errors when setting keys in memcached are now logged. This helps + operators detect when shard ranges for caching have gotten too large to + be stored, for example. + + - | + Various other minor bug fixes and improvements.