openstack/swift
Code Issues Proposed changes

AUTHORS/CHANGELOG for 2.30.0

Browse Source 
Change-Id: If7c9e13fc62f8104ccb70a12b9c839f78e7e6e3e
This commit is contained in:
Tim Burke 2022-08-15 21:57:10 -07:00
parent 6fd523947a
commit f6196b0a22
5 changed files with 312 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.mailmap
View File

@ -132,3 +132,5 @@ Takashi Kajinami <tkajinam@redhat.com> <kajinamit@nttdata.co.jp>
Yuxin Wang <wang.yuxin@ostorage.com.cn> Wang Yuxin
Gilles Biannic <gilles.biannic@corp.ovh.com> gillesbiannic
melissaml <ma.lei@99cloud.net> <malei@maleideMacBook-Pro.local>
Ashwin Nair <nairashwin952013@gmail.com> indianwhocodes
Romain de Joux <romain.de-joux@ovhcloud.com> <romain.de-joux@corp.ovh.com>

7
AUTHORS
View File

@ -62,7 +62,7 @@ Anne Gentle (anne@openstack.org)
aolivo (aolivo@blizzard.com)
Arnaud JOST (arnaud.jost@ovh.net)
arzhna (arzhna@gmail.com)
Ashwin Nair (nairashwin952013@hmail.com)
Ashwin Nair (nairashwin952013@gmail.com)
Atsushi Sakai (sakaia@jp.fujitsu.com)
Aymeric Ducroquetz (aymeric.ducroquetz@ovhcloud.com)
Azhagu Selvan SP (tamizhgeek@gmail.com)
@ -228,6 +228,7 @@ Ji-Wei (ji.wei3@zte.com.cn)
Jian Zhang (jian.zhang@intel.com)
Jiangmiao Gao (tolbkni@gmail.com)
Jianjian Huo (jhuo@nvidia.com)
jiaqi07 (wangjiaqi07@inspur.com)
Jing Liuqing (jing.liuqing@99cloud.net)
jinyuanliu (liujinyuan@inspur.com)
Joanna H. Huang (joanna.huitzu.huang@gmail.com)
@ -333,6 +334,7 @@ Nicolas Helgeson (nh202b@att.com)
Nicolas Trangez (ikke@nicolast.be)
Ning Zhang (ning@zmanda.com)
Nirmal Thacker (nirmalthacker@gmail.com)
niuke (niuke19970315@163.com)
npraveen35 (npraveen35@gmail.com)
Olga Saprycheva (osapryc@us.ibm.com)
Ondrej Novy (ondrej.novy@firma.seznam.cz)
@ -365,7 +367,7 @@ Richard Hawkins (richard.hawkins@rackspace.com)
ricolin (ricolin@ricolky.com)
Robert Francis (robefran@ca.ibm.com)
Robin Naundorf (r.naundorf@fh-muenster.de)
Romain de Joux (romain.de-joux@corp.ovh.com)
Romain de Joux (romain.de-joux@ovhcloud.com)
Russ Nelson (russ@crynwr.com)
Russell Bryant (rbryant@redhat.com)
Sachin Patil (psachin@redhat.com)
@ -400,6 +402,7 @@ Takashi Kajinami (tkajinam@redhat.com)
Takashi Natsume (natsume.takashi@lab.ntt.co.jp)
TheSriram (sriram@klusterkloud.com)
Thiago da Silva (thiagodasilva@gmail.com)
Thibault Person (thibault.person@ovhcloud.com)
Thierry Carrez (thierry@openstack.org)
Thomas Goirand (thomas@goirand.fr)
Thomas Herve (therve@redhat.com)

137
CHANGELOG
View File

@ -1,3 +1,140 @@
swift (2.30.0)
* Sharding improvements
* The `swift-manage-shard-ranges` tool has a new mode to repair gaps
in the namespace.
* Misplaced tombstone records are now properly cleaved.
* Fixed a bug where the sharder could fail to find a device to use for
cleaving.
* Databases marked deleted are now processed by the sharder.
* More information is now synced to the fresh database when sharding.
Previously, a database could lose the fact that it had been marked
as deleted.
* Shard ranges with no rows to cleave could previously be left in the
CREATED state after cleaving. Now, they are advanced to CLEAVED.
* Metrics are now emitted for whether databases used for cleaving
were created or already existed, allowing a better understanding
of the reason for handoffs in the cluster.
* Misplaced-record stats are now also emitted to statsd. Previously,
these were only available in logs.
* S3 API improvements
* Constant-time string comparisons are now used when checking signatures.
* Fixed cross-policy object copies. Previously, copied data would
always be written using the source container's policy. Now, the
destination container's policy will be used, avoiding availability
issues and unnecessary container-reconciler work.
* More headers are now copied from multi-part upload markers to their
completed objects, including `Content-Encoding`.
* When running with `s3_acl` disabled, `bucket-owner-full-control` and
`bucket-owner-read` canned ACLs will be translated to the same Swift
ACLs as `private`.
* The S3 ACL and Delete Multiple APIs are now less case-sensitive.
* Improved the error message when deleting a bucket that's ever had
versioning enabled and still has versions in it.
* `LastModified` timestamps in listings are now rounded up to whole
seconds, like they are in responses from AWS.
* Proxy logging for Complete Multipart Upload requests is now more
consistent when requests have been retried.
* Logging improvements
* Signal handling is more consistently logged at notice level.
Previously, signal handling would sometimes be logged at info
or error levels.
* The message template for proxy logging may now include a
`{domain}` field for the client-provided `Host` header.
* The object-replicator now logs successful rsync transfers at debug
instead of info.
* Added a `log_rsync_transfers` option to the object-replicator.
Set it to false to disable logging rsync "send" lines; during
large rebalances, such logging can overwhelm log aggregation
while providing little useful information.
* Transaction IDs are now only included in daemon log lines
in a request/response context.
* Fixed a socket leak when clients try to delete a non-SLO as though
it were a Static Large Object.
* The formpost digest algorithm is now configurable via the new
`allowed_digests` option, and support is added for both SHA-256
and SHA-512. Supported formpost digests are exposed to clients in
`/info`. Additionally, formpost signatures can now be base64 encoded.
* Added metrics to the formpost and tempurl middlewares to monitor
digest usage in signatures.
* SHA-1 signatures are now deprecated for the formpost and tempurl
middlewares. At some point in the future, SHA-1 will no longer be
enabled by default; eventually, support for it will be removed
entirely.
* Improved compatibility with certain FIPS-mode-enabled systems.
* Added a `ring_ip` option for various object services. This may be
used to find own devices in the ring in a containerized environment
where the `bind_ip` may not appear in the ring at all.
* Account and container replicators can now be configured with a
`handoff_delete` option, similar to object replicators and
reconstructors. See the sample config for more information.
* Developers using Swift's memcache client may now opt in to having
a `MemcacheConnectionError` be raised when no connection succeeded
using a new `raise_on_error` keyword argument to `get`/`set`.
* The tempurl middleware has been updated to return a 503 if storing a
token in memcache fails. Third party authentication middlewares are
encouraged to also use the new `raise_on_error` keyword argument
when storing ephemeral tokens in memcache.
* Pickle support has been removed from Swift's memcache client. Support
had been deprecated since Swift 1.7.0.
* Device names are now included in new database IDs. This provides more
context when examining incoming/outgoing sync tables or sharding
CleaveContexts.
* Database replication connections are now closed following an error
or timeout. This prevents a traceback in some cases when the replicator
tries to reuse the connection.
* `ENOENT` and `ENODATA` errors are better handled in the object
replicator and auditor.
* Improved object update throughput by shifting some shard range
filtering from Python to SQL.
* Include `Vary: Origin` header when CORS responses vary by origin.
* The staticweb middleware now allows empty listings at the root of
a container. Previously, this would result in a 404 response.
* Ring builder output tables better display weights over 1000.
* Various other minor bug fixes and improvements.
swift (2.29.1, OpenStack Yoga)
* This is the final stable branch that will support Python 2.7.

2
etc/proxy-server.conf-sample
View File

@ -932,7 +932,7 @@ use = egg:swift#tempurl
#
# The digest algorithm(s) supported for generating signatures;
# whitespace-delimited.
# allowed_digests = sha256 sha512
# allowed_digests = sha1 sha256 sha512
# Note: Put formpost just before your auth filter(s) in the pipeline
[filter:formpost]

167
releasenotes/notes/2_30_0_release-642778c3010848db.yaml Normal file
View File

@ -0,0 +1,167 @@
---
features:
- |
Sharding improvements
* The ``swift-manage-shard-ranges`` tool has a new mode to repair gaps
in the namespace.
* Metrics are now emitted for whether databases used for cleaving
were created or already existed, allowing a better understanding
of the reason for handoffs in the cluster.
* Misplaced-record stats are now also emitted to statsd. Previously,
these were only available in logs.
- |
Logging improvements
* The message template for proxy logging may now include a
``{domain}`` field for the client-provided ``Host`` header.
* Added a ``log_rsync_transfers`` option to the object-replicator.
Set it to false to disable logging rsync "send" lines; during
large rebalances, such logging can overwhelm log aggregation
while providing little useful information.
- |
The formpost digest algorithm is now configurable via the new
``allowed_digests`` option, and support is added for both SHA-256
and SHA-512. Supported formpost digests are exposed to clients in
``/info``. Additionally, formpost signatures can now be base64 encoded.
- |
Added metrics to the formpost and tempurl middlewares to monitor
digest usage in signatures.
- |
Improved compatibility with certain FIPS-mode-enabled systems.
- |
Added a ``ring_ip`` option for various object services. This may be
used to find own devices in the ring in a containerized environment
where the ``bind_ip`` may not appear in the ring at all.
- |
Account and container replicators can now be configured with a
``handoff_delete`` option, similar to object replicators and
reconstructors. See the sample config for more information.
- |
Developers using Swift's memcache client may now opt in to having
a ``MemcacheConnectionError`` be raised when no connection succeeded
using a new ``raise_on_error`` keyword argument to ``get``/``set``.
- |
Device names are now included in new database IDs. This provides more
context when examining incoming/outgoing sync tables or sharding
CleaveContexts.
deprecations:
- |
SHA-1 signatures are now deprecated for the formpost and tempurl
middlewares. At some point in the future, SHA-1 will no longer be
enabled by default; eventually, support for it will be removed
entirely.
security:
- |
Constant-time string comparisons are now used when checking S3 API signatures.
- |
Fixed a socket leak when clients try to delete a non-SLO as though
it were a Static Large Object.
fixes:
- |
Sharding improvements
* Misplaced tombstone records are now properly cleaved.
* Fixed a bug where the sharder could fail to find a device to use for
cleaving.
* Databases marked deleted are now processed by the sharder.
* More information is now synced to the fresh database when sharding.
Previously, a database could lose the fact that it had been marked
as deleted.
* Shard ranges with no rows to cleave could previously be left in the
CREATED state after cleaving. Now, they are advanced to CLEAVED.
- |
S3 API improvements
* Fixed cross-policy object copies. Previously, copied data would
always be written using the source container's policy. Now, the
destination container's policy will be used, avoiding availability
issues and unnecessary container-reconciler work.
* More headers are now copied from multi-part upload markers to their
completed objects, including ``Content-Encoding``.
* When running with ``s3_acl`` disabled, ``bucket-owner-full-control`` and
``bucket-owner-read`` canned ACLs will be translated to the same Swift
ACLs as ``private``.
* The S3 ACL and Delete Multiple APIs are now less case-sensitive.
* Improved the error message when deleting a bucket that's ever had
versioning enabled and still has versions in it.
* ``LastModified`` timestamps in listings are now rounded up to whole
seconds, like they are in responses from AWS.
* Proxy logging for Complete Multipart Upload requests is now more
consistent when requests have been retried.
- |
Logging improvements
* Signal handling is more consistently logged at notice level.
Previously, signal handling would sometimes be logged at info
or error levels.
* The object-replicator now logs successful rsync transfers at debug
instead of info.
* Transaction IDs are now only included in daemon log lines
in a request/response context.
- |
The tempurl middleware has been updated to return a 503 if storing a
token in memcache fails. Third party authentication middlewares are
encouraged to also use the new ``raise_on_error`` keyword argument
when storing ephemeral tokens in memcache.
- |
Database replication connections are now closed following an error
or timeout. This prevents a traceback in some cases when the replicator
tries to reuse the connection.
- |
``ENOENT`` and ``ENODATA`` errors are better handled in the object
replicator and auditor.
- |
Improved object update throughput by shifting some shard range
filtering from Python to SQL.
- |
Include ``Vary: Origin`` header when CORS responses vary by origin.
- |
The staticweb middleware now allows empty listings at the root of
a container. Previously, this would result in a 404 response.
- |
Ring builder output tables better display weights over 1000.
- |
Various other minor bug fixes and improvements.
other:
- |
Pickle support has been removed from Swift's memcache client. Support
had been deprecated since Swift 1.7.0.