diff --git a/.mailmap b/.mailmap index c56451f19a..aca9442b65 100644 --- a/.mailmap +++ b/.mailmap @@ -132,3 +132,5 @@ Takashi Kajinami Yuxin Wang Wang Yuxin Gilles Biannic gillesbiannic melissaml +Ashwin Nair indianwhocodes +Romain de Joux diff --git a/AUTHORS b/AUTHORS index 8de650ce7e..f28613ad8f 100644 --- a/AUTHORS +++ b/AUTHORS @@ -62,7 +62,7 @@ Anne Gentle (anne@openstack.org) aolivo (aolivo@blizzard.com) Arnaud JOST (arnaud.jost@ovh.net) arzhna (arzhna@gmail.com) -Ashwin Nair (nairashwin952013@hmail.com) +Ashwin Nair (nairashwin952013@gmail.com) Atsushi Sakai (sakaia@jp.fujitsu.com) Aymeric Ducroquetz (aymeric.ducroquetz@ovhcloud.com) Azhagu Selvan SP (tamizhgeek@gmail.com) @@ -228,6 +228,7 @@ Ji-Wei (ji.wei3@zte.com.cn) Jian Zhang (jian.zhang@intel.com) Jiangmiao Gao (tolbkni@gmail.com) Jianjian Huo (jhuo@nvidia.com) +jiaqi07 (wangjiaqi07@inspur.com) Jing Liuqing (jing.liuqing@99cloud.net) jinyuanliu (liujinyuan@inspur.com) Joanna H. Huang (joanna.huitzu.huang@gmail.com) @@ -333,6 +334,7 @@ Nicolas Helgeson (nh202b@att.com) Nicolas Trangez (ikke@nicolast.be) Ning Zhang (ning@zmanda.com) Nirmal Thacker (nirmalthacker@gmail.com) +niuke (niuke19970315@163.com) npraveen35 (npraveen35@gmail.com) Olga Saprycheva (osapryc@us.ibm.com) Ondrej Novy (ondrej.novy@firma.seznam.cz) @@ -365,7 +367,7 @@ Richard Hawkins (richard.hawkins@rackspace.com) ricolin (ricolin@ricolky.com) Robert Francis (robefran@ca.ibm.com) Robin Naundorf (r.naundorf@fh-muenster.de) -Romain de Joux (romain.de-joux@corp.ovh.com) +Romain de Joux (romain.de-joux@ovhcloud.com) Russ Nelson (russ@crynwr.com) Russell Bryant (rbryant@redhat.com) Sachin Patil (psachin@redhat.com) @@ -400,6 +402,7 @@ Takashi Kajinami (tkajinam@redhat.com) Takashi Natsume (natsume.takashi@lab.ntt.co.jp) TheSriram (sriram@klusterkloud.com) Thiago da Silva (thiagodasilva@gmail.com) +Thibault Person (thibault.person@ovhcloud.com) Thierry Carrez (thierry@openstack.org) Thomas Goirand (thomas@goirand.fr) Thomas Herve (therve@redhat.com) diff --git a/CHANGELOG b/CHANGELOG index 6aa4084daf..08bed3d357 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,140 @@ +swift (2.30.0) + + * Sharding improvements + + * The `swift-manage-shard-ranges` tool has a new mode to repair gaps + in the namespace. + + * Misplaced tombstone records are now properly cleaved. + + * Fixed a bug where the sharder could fail to find a device to use for + cleaving. + + * Databases marked deleted are now processed by the sharder. + + * More information is now synced to the fresh database when sharding. + Previously, a database could lose the fact that it had been marked + as deleted. + + * Shard ranges with no rows to cleave could previously be left in the + CREATED state after cleaving. Now, they are advanced to CLEAVED. + + * Metrics are now emitted for whether databases used for cleaving + were created or already existed, allowing a better understanding + of the reason for handoffs in the cluster. + + * Misplaced-record stats are now also emitted to statsd. Previously, + these were only available in logs. + + * S3 API improvements + + * Constant-time string comparisons are now used when checking signatures. + + * Fixed cross-policy object copies. Previously, copied data would + always be written using the source container's policy. Now, the + destination container's policy will be used, avoiding availability + issues and unnecessary container-reconciler work. + + * More headers are now copied from multi-part upload markers to their + completed objects, including `Content-Encoding`. + + * When running with `s3_acl` disabled, `bucket-owner-full-control` and + `bucket-owner-read` canned ACLs will be translated to the same Swift + ACLs as `private`. + + * The S3 ACL and Delete Multiple APIs are now less case-sensitive. + + * Improved the error message when deleting a bucket that's ever had + versioning enabled and still has versions in it. + + * `LastModified` timestamps in listings are now rounded up to whole + seconds, like they are in responses from AWS. + + * Proxy logging for Complete Multipart Upload requests is now more + consistent when requests have been retried. + + * Logging improvements + + * Signal handling is more consistently logged at notice level. + Previously, signal handling would sometimes be logged at info + or error levels. + + * The message template for proxy logging may now include a + `{domain}` field for the client-provided `Host` header. + + * The object-replicator now logs successful rsync transfers at debug + instead of info. + + * Added a `log_rsync_transfers` option to the object-replicator. + Set it to false to disable logging rsync "send" lines; during + large rebalances, such logging can overwhelm log aggregation + while providing little useful information. + + * Transaction IDs are now only included in daemon log lines + in a request/response context. + + * Fixed a socket leak when clients try to delete a non-SLO as though + it were a Static Large Object. + + * The formpost digest algorithm is now configurable via the new + `allowed_digests` option, and support is added for both SHA-256 + and SHA-512. Supported formpost digests are exposed to clients in + `/info`. Additionally, formpost signatures can now be base64 encoded. + + * Added metrics to the formpost and tempurl middlewares to monitor + digest usage in signatures. + + * SHA-1 signatures are now deprecated for the formpost and tempurl + middlewares. At some point in the future, SHA-1 will no longer be + enabled by default; eventually, support for it will be removed + entirely. + + * Improved compatibility with certain FIPS-mode-enabled systems. + + * Added a `ring_ip` option for various object services. This may be + used to find own devices in the ring in a containerized environment + where the `bind_ip` may not appear in the ring at all. + + * Account and container replicators can now be configured with a + `handoff_delete` option, similar to object replicators and + reconstructors. See the sample config for more information. + + * Developers using Swift's memcache client may now opt in to having + a `MemcacheConnectionError` be raised when no connection succeeded + using a new `raise_on_error` keyword argument to `get`/`set`. + + * The tempurl middleware has been updated to return a 503 if storing a + token in memcache fails. Third party authentication middlewares are + encouraged to also use the new `raise_on_error` keyword argument + when storing ephemeral tokens in memcache. + + * Pickle support has been removed from Swift's memcache client. Support + had been deprecated since Swift 1.7.0. + + * Device names are now included in new database IDs. This provides more + context when examining incoming/outgoing sync tables or sharding + CleaveContexts. + + * Database replication connections are now closed following an error + or timeout. This prevents a traceback in some cases when the replicator + tries to reuse the connection. + + * `ENOENT` and `ENODATA` errors are better handled in the object + replicator and auditor. + + * Improved object update throughput by shifting some shard range + filtering from Python to SQL. + + * Include `Vary: Origin` header when CORS responses vary by origin. + + * The staticweb middleware now allows empty listings at the root of + a container. Previously, this would result in a 404 response. + + * Ring builder output tables better display weights over 1000. + + * Various other minor bug fixes and improvements. + + swift (2.29.1, OpenStack Yoga) * This is the final stable branch that will support Python 2.7. diff --git a/etc/proxy-server.conf-sample b/etc/proxy-server.conf-sample index d0ec52b013..44a456219e 100644 --- a/etc/proxy-server.conf-sample +++ b/etc/proxy-server.conf-sample @@ -932,7 +932,7 @@ use = egg:swift#tempurl # # The digest algorithm(s) supported for generating signatures; # whitespace-delimited. -# allowed_digests = sha256 sha512 +# allowed_digests = sha1 sha256 sha512 # Note: Put formpost just before your auth filter(s) in the pipeline [filter:formpost] diff --git a/releasenotes/notes/2_30_0_release-642778c3010848db.yaml b/releasenotes/notes/2_30_0_release-642778c3010848db.yaml new file mode 100644 index 0000000000..e918df16cf --- /dev/null +++ b/releasenotes/notes/2_30_0_release-642778c3010848db.yaml @@ -0,0 +1,167 @@ +--- +features: + - | + Sharding improvements + + * The ``swift-manage-shard-ranges`` tool has a new mode to repair gaps + in the namespace. + + * Metrics are now emitted for whether databases used for cleaving + were created or already existed, allowing a better understanding + of the reason for handoffs in the cluster. + + * Misplaced-record stats are now also emitted to statsd. Previously, + these were only available in logs. + + - | + Logging improvements + + * The message template for proxy logging may now include a + ``{domain}`` field for the client-provided ``Host`` header. + + * Added a ``log_rsync_transfers`` option to the object-replicator. + Set it to false to disable logging rsync "send" lines; during + large rebalances, such logging can overwhelm log aggregation + while providing little useful information. + + - | + The formpost digest algorithm is now configurable via the new + ``allowed_digests`` option, and support is added for both SHA-256 + and SHA-512. Supported formpost digests are exposed to clients in + ``/info``. Additionally, formpost signatures can now be base64 encoded. + + - | + Added metrics to the formpost and tempurl middlewares to monitor + digest usage in signatures. + + - | + Improved compatibility with certain FIPS-mode-enabled systems. + + - | + Added a ``ring_ip`` option for various object services. This may be + used to find own devices in the ring in a containerized environment + where the ``bind_ip`` may not appear in the ring at all. + + - | + Account and container replicators can now be configured with a + ``handoff_delete`` option, similar to object replicators and + reconstructors. See the sample config for more information. + + - | + Developers using Swift's memcache client may now opt in to having + a ``MemcacheConnectionError`` be raised when no connection succeeded + using a new ``raise_on_error`` keyword argument to ``get``/``set``. + + - | + Device names are now included in new database IDs. This provides more + context when examining incoming/outgoing sync tables or sharding + CleaveContexts. + +deprecations: + - | + SHA-1 signatures are now deprecated for the formpost and tempurl + middlewares. At some point in the future, SHA-1 will no longer be + enabled by default; eventually, support for it will be removed + entirely. + +security: + - | + Constant-time string comparisons are now used when checking S3 API signatures. + + - | + Fixed a socket leak when clients try to delete a non-SLO as though + it were a Static Large Object. + +fixes: + - | + Sharding improvements + + * Misplaced tombstone records are now properly cleaved. + + * Fixed a bug where the sharder could fail to find a device to use for + cleaving. + + * Databases marked deleted are now processed by the sharder. + + * More information is now synced to the fresh database when sharding. + Previously, a database could lose the fact that it had been marked + as deleted. + + * Shard ranges with no rows to cleave could previously be left in the + CREATED state after cleaving. Now, they are advanced to CLEAVED. + + - | + S3 API improvements + + * Fixed cross-policy object copies. Previously, copied data would + always be written using the source container's policy. Now, the + destination container's policy will be used, avoiding availability + issues and unnecessary container-reconciler work. + + * More headers are now copied from multi-part upload markers to their + completed objects, including ``Content-Encoding``. + + * When running with ``s3_acl`` disabled, ``bucket-owner-full-control`` and + ``bucket-owner-read`` canned ACLs will be translated to the same Swift + ACLs as ``private``. + + * The S3 ACL and Delete Multiple APIs are now less case-sensitive. + + * Improved the error message when deleting a bucket that's ever had + versioning enabled and still has versions in it. + + * ``LastModified`` timestamps in listings are now rounded up to whole + seconds, like they are in responses from AWS. + + * Proxy logging for Complete Multipart Upload requests is now more + consistent when requests have been retried. + + - | + Logging improvements + + * Signal handling is more consistently logged at notice level. + Previously, signal handling would sometimes be logged at info + or error levels. + + * The object-replicator now logs successful rsync transfers at debug + instead of info. + + * Transaction IDs are now only included in daemon log lines + in a request/response context. + + - | + The tempurl middleware has been updated to return a 503 if storing a + token in memcache fails. Third party authentication middlewares are + encouraged to also use the new ``raise_on_error`` keyword argument + when storing ephemeral tokens in memcache. + + - | + Database replication connections are now closed following an error + or timeout. This prevents a traceback in some cases when the replicator + tries to reuse the connection. + + - | + ``ENOENT`` and ``ENODATA`` errors are better handled in the object + replicator and auditor. + + - | + Improved object update throughput by shifting some shard range + filtering from Python to SQL. + + - | + Include ``Vary: Origin`` header when CORS responses vary by origin. + + - | + The staticweb middleware now allows empty listings at the root of + a container. Previously, this would result in a 404 response. + + - | + Ring builder output tables better display weights over 1000. + + - | + Various other minor bug fixes and improvements. + +other: + - | + Pickle support has been removed from Swift's memcache client. Support + had been deprecated since Swift 1.7.0.