authors/changelog for 2.20.0 release

Change-Id: I149cb14cbfef456b6368564dae8529faf430333d

.mailmap

@@ -125,3 +125,4 @@ Bryan Keller <kellerbr@us.ibm.com>
 Doug Hellmann <doug@doughellmann.com> <doug.hellmann@dreamhost.com>
 zhangdebo1987 <zhangdebo@inspur.com> zhangdebo
 Thomas Goirand <thomas@goirand.fr> <zigo@debian.org>
+Thiago da Silva <thiagodasilva@gmail.com> <thiago@redhat.com>

AUTHORS

@@ -88,6 +88,7 @@ chenaidong1 (chen.aidong@zte.com.cn)
 cheng (li.chenga@h3c.com)
 Cheng Li (shcli@cn.ibm.com)
 chengebj5238 (chengebj@inspur.com)
+chenxiangui (chenxiangui@inspur.com)
 Chmouel Boudjnah (chmouel@enovance.com)
 Chris Wedgwood (cw@f00f.org)
 Christian Berendt (berendt@b1-systems.de)
@@ -106,6 +107,7 @@ Constantine Peresypkin (constantine.peresypk@rackspace.com)
 Corey Bryant (corey.bryant@canonical.com)
 Cory Wright (cory.wright@rackspace.com)
 Cristian A Sanchez (cristian.a.sanchez@intel.com)
+Cyril Roelandt (cyril@redhat.com)
 Dae S. Kim (dae@velatum.com)
 Daisuke Morita (morita.daisuke@ntti3.com)
 Dan Dillinger (dan.dillinger@sonian.net)
@@ -152,6 +154,7 @@ Eugene Kirpichov (ekirpichov@gmail.com)
 Ewan Mellor (ewan.mellor@citrix.com)
 Fabien Boucher (fabien.boucher@enovance.com)
 Falk Reimann (falk.reimann@sap.com)
+FatemaKhalid (fatemakhalid96@gmail.com)
 Felipe Reyes (freyes@tty.cl)
 Ferenc Horváth (hferenc@inf.u-szeged.hu)
 Filippo Giunchedi (fgiunchedi@wikimedia.org)
@@ -329,10 +332,12 @@ Ricardo Ferreira (ricardo.sff@gmail.com)
 Richard Hawkins (richard.hawkins@rackspace.com)
 Robert Francis (robefran@ca.ibm.com)
 Robin Naundorf (r.naundorf@fh-muenster.de)
+Romain de Joux (romain.de-joux@corp.ovh.com)
 Romain Le Disez (romain.ledisez@ovh.net)
 Russ Nelson (russ@crynwr.com)
 Russell Bryant (rbryant@redhat.com)
 Sachin Patil (psachin@redhat.com)
+Sam Morrison (sorrison@gmail.com)
 Samuel Merritt (sam@swiftstack.com)
 Sarafraj Singh (Sarafraj.Singh@intel.com)
 Sarvesh Ranjan (saranjan@cisco.com)
@@ -359,7 +364,7 @@ Sushil Kumar (sushil.kumar2@globallogic.com)
 Takashi Kajinami (kajinamit@nttdata.co.jp)
 Takashi Natsume (natsume.takashi@lab.ntt.co.jp)
 TheSriram (sriram@klusterkloud.com)
-Thiago da Silva (thiago@redhat.com)
+Thiago da Silva (thiagodasilva@gmail.com)
 Thierry Carrez (thierry@openstack.org)
 Thomas Goirand (thomas@goirand.fr)
 Thomas Herve (therve@redhat.com)
@@ -392,11 +397,13 @@ wangdequn (wangdequn@inspur.com)
 wanghongtaozz (wanghongtaozz@inspur.com)
 wanghui (wang_hui@inspur.com)
 wangqi (wang.qi@99cloud.net)
+whoami-rajat (rajatdhasmana@gmail.com)
 Wu Wenxiang (wu.wenxiang@99cloud.net)
 Wyllys Ingersoll (wyllys.ingersoll@evault.com)
 xhancar (pavel.hancar@gmail.com)
 XieYingYun (smokony@sina.com)
 Yaguang Wang (yaguang.wang@intel.com)
+yanghuichan (yanghc@fiberhome.com)
 Yatin Kumbhare (yatinkumbhare@gmail.com)
 Ye Jia Xu (xyj.asmy@gmail.com)
 Yee (mail.zhang.yee@gmail.com)
@@ -406,6 +413,7 @@ yuhui_inspur (yuhui@inspur.com)
 Yummy Bian (yummy.bian@gmail.com)
 Yuriy Taraday (yorik.sar@gmail.com)
 Yushiro FURUKAWA (y.furukawa_2@jp.fujitsu.com)
+Yuxin Wang (wang.yuxin@ostorage.com.cn)
 Zack M. Davis (zdavis@swiftstack.com)
 Zap Chang (zapchang@gmail.com)
 Zhang Guoqing (zhang.guoqing@99cloud.net)
@@ -418,7 +426,8 @@ Zheng Yao (zheng.yao1@zte.com.cn)
 zheng yin (yin.zheng@easystack.cn)
 Zhenguo Niu (zhenguo@unitedstack.com)
 zhengwei6082 (zhengwei6082@fiberhome.com)
+ZhijunWei (wzj334965317@outlook.com)
 ZhiQiang Fan (aji.zqfan@gmail.com)
 Zhongyue Luo (zhongyue.nah@intel.com)
 zhufl (zhu.fanglei@zte.com.cn)
-Виль Суркин (vills@vills-pro.local)
+zhulingjie (easyzlj@gmail.com)

CHANGELOG

@@ -1,3 +1,109 @@
+swift (2.20.0)
+
+    * S3 API compatibility updates
+
+      * Swift can now cache the S3 secret from Keystone to use for
+        subsequent requests. This functionality is disabled by default but
+        can be enabled by setting the `secret_cache_duration` in the s3token
+        section of the proxy server config to a number greater than 0.
+
+      * s3api now mimics the AWS S3 behavior of periodically sending
+        whitespace characters on a Complete Multipart Upload request to keep
+        the connection from timing out. Note that since a request could fail
+        after the initial 200 OK response has been sent, it is important to
+        check the response body to determine if the request succeeded.
+
+      * s3api now properly handles x-amz-metadata-directive headers on
+        COPY operations.
+
+      * s3api now uses concurrency (default 2) to handle multi-delete
+        requests. This allows multi-delete requests to be processed much
+        more quickly.
+
+      * s3api now mimics some forms of AWS server-side encryption
+        based on whether Swift's at-rest encryption functionality is enabled.
+        Note that S3 API users are now able to know more about how the
+        cluster is configured than they were previously, ie knowledge of
+        encryption at-rest functionality being enabled or not.
+
+      * s3api responses now include a '-' in multipart ETags.
+
+        For new multipart-uploads via the S3 API, the ETag that is
+        stored will be calculated in the same way that AWS uses. This
+        ETag will be used in GET/HEAD responses, bucket listings, and
+        conditional requests via the S3 API. Accessing the same object
+        via the Swift API will use the SLO Etag; however, in JSON
+        container listings the multipart upload etag will be exposed
+        in a new "s3_etag" key. Previously, some S3 clients would complain
+        about download corruption when the ETag did not have a '-'.
+
+      * S3 ETag for SLOs now include a '-'.
+
+        Ordinary objects in S3 use the MD5 of the object as the ETag,
+        just like Swift. Multipart Uploads follow a different format, notably
+        including a dash followed by the number of segments. To that end
+        (and for S3 API requests *only*), SLO responses via the S3 API have a
+        literal '-N' added on the end of the ETag.
+
+      * The default location is now set to "us-east-1". This is more likely
+        to be the default region that a client will try when using v4
+        signatures.
+
+        Deployers with clusters that relied on the old implicit default
+        location of "US" should explicitly set `location = US` in the
+        `[filter:s3api]` section of proxy-server.conf before upgrading.
+
+      * Add basic support for ?versions bucket listings. We still do not
+        have support for toggling S3 bucket versioning, but we can at least
+        support getting the latest versions of all objects.
+
+    * Fixed an issue with SSYNC requests to ensure that only one request
+      can be running on a partition at a time.
+
+    * Data encryption updates
+
+      * The kmip_keymaster middleware can now be configured directly in the
+        proxy-server config file. The existing behavior of using an external
+        config file is still supported.
+
+      * Multiple keymaster middlewares are now supported. This allows
+        migration from one key provider to another.
+
+        Note that secret_id values must remain unique across all keymasters
+        in a given pipeline. If they are not unique, the right-most keymaster
+        will take precedence.
+
+        When looking for the active root secret, only the right-most
+        keymaster is used.
+
+      * Prevent PyKMIP's kmip_protocol logger from logging at DEBUG.
+        Previously, some versions of PyKMIP would include all wire
+        data when the root logger was configured to log at DEBUG; this
+        could expose key material in logs. Only the kmip_keymaster was
+        affected.
+
+    * Fixed an issue where a failed drive could prevent the container sharder
+      from making progress.
+
+    * Storage policy definitions in swift.conf can now define the diskfile
+      to use to access objects. See the included swift.conf-sample file for
+      a description of usage.
+
+    * The EC reconstructor will now attempt to remove empty directories
+      immediately, while the inodes are still cached, rather than waiting
+      until the next run.
+
+    * Added a keep_idle config option to configure KEEPIDLE time for TCP
+      sockets. The default value is the old constant of 600.
+
+    * Add databases_per_second to the account-replicator,
+      container-replicator, and container-sharder. This prevents them from
+      using a full CPU core when they are not IO limited.
+
+    * Allow direct_client users to overwrite the X-Timestamp header.
+
+    * Various other minor bug fixes and improvements.
+
 swift (2.19.0, OpenStack Rocky)
 
     * TempURLs now support IP range restrictions. Please see

releasenotes/notes/2_20_0_release-7b090a5f4bd916e4.yaml

@@ -0,0 +1,116 @@
+---
+features:
+  - |
+    S3 API compatibility updates
+
+    - Swift can now cache the S3 secret from Keystone to use for
+      subsequent requests. This functionality is disabled by default but
+      can be enabled by setting the ``secret_cache_duration`` in the
+      ``[filter:s3token]`` section of the proxy server config to a number
+      greater than 0.
+
+    - s3api now mimics the AWS S3 behavior of periodically sending
+      whitespace characters on a Complete Multipart Upload request to keep
+      the connection from timing out. Note that since a request could fail
+      after the initial 200 OK response has been sent, it is important to
+      check the response body to determine if the request succeeded.
+
+    - s3api now properly handles ``x-amz-metadata-directive`` headers on
+      COPY operations.
+
+    - s3api now uses concurrency (default 2) to handle multi-delete
+      requests. This allows multi-delete requests to be processed much
+      more quickly.
+
+    - s3api now mimics some forms of AWS server-side encryption
+      based on whether Swift's at-rest encryption functionality is enabled.
+      Note that S3 API users are now able to know more about how the
+      cluster is configured than they were previously, ie knowledge of
+      encryption at-rest functionality being enabled or not.
+
+    - s3api responses now include a '-' in multipart ETags.
+
+      For new multipart-uploads via the S3 API, the ETag that is
+      stored will be calculated in the same way that AWS uses. This
+      ETag will be used in GET/HEAD responses, bucket listings, and
+      conditional requests via the S3 API. Accessing the same object
+      via the Swift API will use the SLO Etag; however, in JSON
+      container listings the multipart upload etag will be exposed
+      in a new "s3_etag" key. Previously, some S3 clients would complain
+      about download corruption when the ETag did not have a '-'.
+
+    - S3 ETag for SLOs now include a '-'.
+
+      Ordinary objects in S3 use the MD5 of the object as the ETag,
+      just like Swift. Multipart Uploads follow a different format, notably
+      including a dash followed by the number of segments. To that end
+      (and for S3 API requests *only*), SLO responses via the S3 API have a
+      literal '-N' added on the end of the ETag.
+
+    - The default location is now set to "us-east-1". This is more likely
+      to be the default region that a client will try when using v4
+      signatures.
+
+      Deployers with clusters that relied on the old implicit default
+      location of "US" should explicitly set ``location = US`` in the
+      ``[filter:s3api]`` section of proxy-server.conf before upgrading.
+
+    - Add basic support for ?versions bucket listings. We still do not
+      have support for toggling S3 bucket versioning, but we can at least
+      support getting the latest versions of all objects.
+
+  - |
+    Fixed an issue with SSYNC requests to ensure that only one request
+    can be running on a partition at a time.
+
+  - |
+    Data encryption updates
+
+    - The ``kmip_keymaster`` middleware can now be configured directly in the
+      proxy-server config file. The existing behavior of using an external
+      config file is still supported.
+
+    - Multiple keymaster middlewares are now supported. This allows
+      migration from one key provider to another.
+
+      Note that ``secret_id`` values must remain unique across all keymasters
+      in a given pipeline. If they are not unique, the right-most keymaster
+      will take precedence.
+
+      When looking for the active root secret, only the right-most
+      keymaster is used.
+
+    - Prevent PyKMIP's kmip_protocol logger from logging at DEBUG.
+      Previously, some versions of PyKMIP would include all wire
+      data when the root logger was configured to log at DEBUG; this
+      could expose key material in logs. Only the ``kmip_keymaster`` was
+      affected.
+
+  - |
+    Fixed an issue where a failed drive could prevent the container sharder
+    from making progress.
+
+  - |
+    Storage policy definitions in swift.conf can now define the diskfile
+    to use to access objects. See the included swift.conf-sample file for
+    a description of usage.
+
+  - |
+    The EC reconstructor will now attempt to remove empty directories
+    immediately, while the inodes are still cached, rather than waiting
+    until the next run.
+
+  - |
+    Added a ``keep_idle`` config option to configure KEEPIDLE time for TCP
+    sockets. The default value is the old constant of 600.
+
+  - |
+    Add ``databases_per_second`` to the account-replicator,
+    container-replicator, and container-sharder. This prevents them from
+    using a full CPU core when they are not IO limited.
+
+  - |
+    Allow direct_client users to overwrite the ``X-Timestamp`` header.
+
+  - |
+    Various other minor bug fixes and improvements.