diff --git a/.mailmap b/.mailmap index 046a19d8fb..08ae9e4b97 100644 --- a/.mailmap +++ b/.mailmap @@ -125,3 +125,4 @@ Bryan Keller Doug Hellmann zhangdebo1987 zhangdebo Thomas Goirand +Thiago da Silva diff --git a/AUTHORS b/AUTHORS index a41bed0925..c4f4fc0faf 100644 --- a/AUTHORS +++ b/AUTHORS @@ -88,6 +88,7 @@ chenaidong1 (chen.aidong@zte.com.cn) cheng (li.chenga@h3c.com) Cheng Li (shcli@cn.ibm.com) chengebj5238 (chengebj@inspur.com) +chenxiangui (chenxiangui@inspur.com) Chmouel Boudjnah (chmouel@enovance.com) Chris Wedgwood (cw@f00f.org) Christian Berendt (berendt@b1-systems.de) @@ -106,6 +107,7 @@ Constantine Peresypkin (constantine.peresypk@rackspace.com) Corey Bryant (corey.bryant@canonical.com) Cory Wright (cory.wright@rackspace.com) Cristian A Sanchez (cristian.a.sanchez@intel.com) +Cyril Roelandt (cyril@redhat.com) Dae S. Kim (dae@velatum.com) Daisuke Morita (morita.daisuke@ntti3.com) Dan Dillinger (dan.dillinger@sonian.net) @@ -152,6 +154,7 @@ Eugene Kirpichov (ekirpichov@gmail.com) Ewan Mellor (ewan.mellor@citrix.com) Fabien Boucher (fabien.boucher@enovance.com) Falk Reimann (falk.reimann@sap.com) +FatemaKhalid (fatemakhalid96@gmail.com) Felipe Reyes (freyes@tty.cl) Ferenc Horváth (hferenc@inf.u-szeged.hu) Filippo Giunchedi (fgiunchedi@wikimedia.org) @@ -329,10 +332,12 @@ Ricardo Ferreira (ricardo.sff@gmail.com) Richard Hawkins (richard.hawkins@rackspace.com) Robert Francis (robefran@ca.ibm.com) Robin Naundorf (r.naundorf@fh-muenster.de) +Romain de Joux (romain.de-joux@corp.ovh.com) Romain Le Disez (romain.ledisez@ovh.net) Russ Nelson (russ@crynwr.com) Russell Bryant (rbryant@redhat.com) Sachin Patil (psachin@redhat.com) +Sam Morrison (sorrison@gmail.com) Samuel Merritt (sam@swiftstack.com) Sarafraj Singh (Sarafraj.Singh@intel.com) Sarvesh Ranjan (saranjan@cisco.com) @@ -359,7 +364,7 @@ Sushil Kumar (sushil.kumar2@globallogic.com) Takashi Kajinami (kajinamit@nttdata.co.jp) Takashi Natsume (natsume.takashi@lab.ntt.co.jp) TheSriram (sriram@klusterkloud.com) -Thiago da Silva (thiago@redhat.com) +Thiago da Silva (thiagodasilva@gmail.com) Thierry Carrez (thierry@openstack.org) Thomas Goirand (thomas@goirand.fr) Thomas Herve (therve@redhat.com) @@ -392,11 +397,13 @@ wangdequn (wangdequn@inspur.com) wanghongtaozz (wanghongtaozz@inspur.com) wanghui (wang_hui@inspur.com) wangqi (wang.qi@99cloud.net) +whoami-rajat (rajatdhasmana@gmail.com) Wu Wenxiang (wu.wenxiang@99cloud.net) Wyllys Ingersoll (wyllys.ingersoll@evault.com) xhancar (pavel.hancar@gmail.com) XieYingYun (smokony@sina.com) Yaguang Wang (yaguang.wang@intel.com) +yanghuichan (yanghc@fiberhome.com) Yatin Kumbhare (yatinkumbhare@gmail.com) Ye Jia Xu (xyj.asmy@gmail.com) Yee (mail.zhang.yee@gmail.com) @@ -406,6 +413,7 @@ yuhui_inspur (yuhui@inspur.com) Yummy Bian (yummy.bian@gmail.com) Yuriy Taraday (yorik.sar@gmail.com) Yushiro FURUKAWA (y.furukawa_2@jp.fujitsu.com) +Yuxin Wang (wang.yuxin@ostorage.com.cn) Zack M. Davis (zdavis@swiftstack.com) Zap Chang (zapchang@gmail.com) Zhang Guoqing (zhang.guoqing@99cloud.net) @@ -418,7 +426,8 @@ Zheng Yao (zheng.yao1@zte.com.cn) zheng yin (yin.zheng@easystack.cn) Zhenguo Niu (zhenguo@unitedstack.com) zhengwei6082 (zhengwei6082@fiberhome.com) +ZhijunWei (wzj334965317@outlook.com) ZhiQiang Fan (aji.zqfan@gmail.com) Zhongyue Luo (zhongyue.nah@intel.com) zhufl (zhu.fanglei@zte.com.cn) -Виль Суркин (vills@vills-pro.local) +zhulingjie (easyzlj@gmail.com) diff --git a/CHANGELOG b/CHANGELOG index d4add2e0fd..b26d3eb22d 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,109 @@ +swift (2.20.0) + + * S3 API compatibility updates + + * Swift can now cache the S3 secret from Keystone to use for + subsequent requests. This functionality is disabled by default but + can be enabled by setting the `secret_cache_duration` in the s3token + section of the proxy server config to a number greater than 0. + + * s3api now mimics the AWS S3 behavior of periodically sending + whitespace characters on a Complete Multipart Upload request to keep + the connection from timing out. Note that since a request could fail + after the initial 200 OK response has been sent, it is important to + check the response body to determine if the request succeeded. + + * s3api now properly handles x-amz-metadata-directive headers on + COPY operations. + + * s3api now uses concurrency (default 2) to handle multi-delete + requests. This allows multi-delete requests to be processed much + more quickly. + + * s3api now mimics some forms of AWS server-side encryption + based on whether Swift's at-rest encryption functionality is enabled. + Note that S3 API users are now able to know more about how the + cluster is configured than they were previously, ie knowledge of + encryption at-rest functionality being enabled or not. + + * s3api responses now include a '-' in multipart ETags. + + For new multipart-uploads via the S3 API, the ETag that is + stored will be calculated in the same way that AWS uses. This + ETag will be used in GET/HEAD responses, bucket listings, and + conditional requests via the S3 API. Accessing the same object + via the Swift API will use the SLO Etag; however, in JSON + container listings the multipart upload etag will be exposed + in a new "s3_etag" key. Previously, some S3 clients would complain + about download corruption when the ETag did not have a '-'. + + * S3 ETag for SLOs now include a '-'. + + Ordinary objects in S3 use the MD5 of the object as the ETag, + just like Swift. Multipart Uploads follow a different format, notably + including a dash followed by the number of segments. To that end + (and for S3 API requests *only*), SLO responses via the S3 API have a + literal '-N' added on the end of the ETag. + + * The default location is now set to "us-east-1". This is more likely + to be the default region that a client will try when using v4 + signatures. + + Deployers with clusters that relied on the old implicit default + location of "US" should explicitly set `location = US` in the + `[filter:s3api]` section of proxy-server.conf before upgrading. + + * Add basic support for ?versions bucket listings. We still do not + have support for toggling S3 bucket versioning, but we can at least + support getting the latest versions of all objects. + + * Fixed an issue with SSYNC requests to ensure that only one request + can be running on a partition at a time. + + * Data encryption updates + + * The kmip_keymaster middleware can now be configured directly in the + proxy-server config file. The existing behavior of using an external + config file is still supported. + + * Multiple keymaster middlewares are now supported. This allows + migration from one key provider to another. + + Note that secret_id values must remain unique across all keymasters + in a given pipeline. If they are not unique, the right-most keymaster + will take precedence. + + When looking for the active root secret, only the right-most + keymaster is used. + + * Prevent PyKMIP's kmip_protocol logger from logging at DEBUG. + Previously, some versions of PyKMIP would include all wire + data when the root logger was configured to log at DEBUG; this + could expose key material in logs. Only the kmip_keymaster was + affected. + + * Fixed an issue where a failed drive could prevent the container sharder + from making progress. + + * Storage policy definitions in swift.conf can now define the diskfile + to use to access objects. See the included swift.conf-sample file for + a description of usage. + + * The EC reconstructor will now attempt to remove empty directories + immediately, while the inodes are still cached, rather than waiting + until the next run. + + * Added a keep_idle config option to configure KEEPIDLE time for TCP + sockets. The default value is the old constant of 600. + + * Add databases_per_second to the account-replicator, + container-replicator, and container-sharder. This prevents them from + using a full CPU core when they are not IO limited. + + * Allow direct_client users to overwrite the X-Timestamp header. + + * Various other minor bug fixes and improvements. + swift (2.19.0, OpenStack Rocky) * TempURLs now support IP range restrictions. Please see diff --git a/releasenotes/notes/2_20_0_release-7b090a5f4bd916e4.yaml b/releasenotes/notes/2_20_0_release-7b090a5f4bd916e4.yaml new file mode 100644 index 0000000000..7d15183f30 --- /dev/null +++ b/releasenotes/notes/2_20_0_release-7b090a5f4bd916e4.yaml @@ -0,0 +1,116 @@ +--- +features: + - | + S3 API compatibility updates + + - Swift can now cache the S3 secret from Keystone to use for + subsequent requests. This functionality is disabled by default but + can be enabled by setting the ``secret_cache_duration`` in the + ``[filter:s3token]`` section of the proxy server config to a number + greater than 0. + + - s3api now mimics the AWS S3 behavior of periodically sending + whitespace characters on a Complete Multipart Upload request to keep + the connection from timing out. Note that since a request could fail + after the initial 200 OK response has been sent, it is important to + check the response body to determine if the request succeeded. + + - s3api now properly handles ``x-amz-metadata-directive`` headers on + COPY operations. + + - s3api now uses concurrency (default 2) to handle multi-delete + requests. This allows multi-delete requests to be processed much + more quickly. + + - s3api now mimics some forms of AWS server-side encryption + based on whether Swift's at-rest encryption functionality is enabled. + Note that S3 API users are now able to know more about how the + cluster is configured than they were previously, ie knowledge of + encryption at-rest functionality being enabled or not. + + - s3api responses now include a '-' in multipart ETags. + + For new multipart-uploads via the S3 API, the ETag that is + stored will be calculated in the same way that AWS uses. This + ETag will be used in GET/HEAD responses, bucket listings, and + conditional requests via the S3 API. Accessing the same object + via the Swift API will use the SLO Etag; however, in JSON + container listings the multipart upload etag will be exposed + in a new "s3_etag" key. Previously, some S3 clients would complain + about download corruption when the ETag did not have a '-'. + + - S3 ETag for SLOs now include a '-'. + + Ordinary objects in S3 use the MD5 of the object as the ETag, + just like Swift. Multipart Uploads follow a different format, notably + including a dash followed by the number of segments. To that end + (and for S3 API requests *only*), SLO responses via the S3 API have a + literal '-N' added on the end of the ETag. + + - The default location is now set to "us-east-1". This is more likely + to be the default region that a client will try when using v4 + signatures. + + Deployers with clusters that relied on the old implicit default + location of "US" should explicitly set ``location = US`` in the + ``[filter:s3api]`` section of proxy-server.conf before upgrading. + + - Add basic support for ?versions bucket listings. We still do not + have support for toggling S3 bucket versioning, but we can at least + support getting the latest versions of all objects. + + - | + Fixed an issue with SSYNC requests to ensure that only one request + can be running on a partition at a time. + + - | + Data encryption updates + + - The ``kmip_keymaster`` middleware can now be configured directly in the + proxy-server config file. The existing behavior of using an external + config file is still supported. + + - Multiple keymaster middlewares are now supported. This allows + migration from one key provider to another. + + Note that ``secret_id`` values must remain unique across all keymasters + in a given pipeline. If they are not unique, the right-most keymaster + will take precedence. + + When looking for the active root secret, only the right-most + keymaster is used. + + - Prevent PyKMIP's kmip_protocol logger from logging at DEBUG. + Previously, some versions of PyKMIP would include all wire + data when the root logger was configured to log at DEBUG; this + could expose key material in logs. Only the ``kmip_keymaster`` was + affected. + + - | + Fixed an issue where a failed drive could prevent the container sharder + from making progress. + + - | + Storage policy definitions in swift.conf can now define the diskfile + to use to access objects. See the included swift.conf-sample file for + a description of usage. + + - | + The EC reconstructor will now attempt to remove empty directories + immediately, while the inodes are still cached, rather than waiting + until the next run. + + - | + Added a ``keep_idle`` config option to configure KEEPIDLE time for TCP + sockets. The default value is the old constant of 600. + + - | + Add ``databases_per_second`` to the account-replicator, + container-replicator, and container-sharder. This prevents them from + using a full CPU core when they are not IO limited. + + - | + Allow direct_client users to overwrite the ``X-Timestamp`` header. + + - | + Various other minor bug fixes and improvements.