Added healthcheck middleware to account, container, object servers
Added the s3api, keymaster, encryption config to the proxy config
file to make it easy to enable it.
Change-Id: I96f120c5bc416e9aba388cbfa6c30b648d6ade2f
CentOS 7 distributes 1.0.16, and there is no real reason to avoid it.
Plus, in our probetests we apparently cannot avoid the system package.
Change-Id: I108ec2438dbc02f3e85f8da43e11ff4cdcfd1e4b
The object server can be configured to leave a certain amount of disk
space free; default is 1%. This is useful in avoiding 100%-full
filesystems, as those can get Swift in a state where the filesystem is
too full to write tombstones, so you can't delete objects to free up
space.
When a cluster has accounts/containers and objects on the same disks,
then you can wind up with a 100%-full disk since account and container
servers don't respect fallocate_reserve. This commit makes account and
container servers respect fallocate_reserve so that disks shared
between account/container and object rings won't get 100% full.
When a disk's free space falls below the configured reserve, account
and container PUT, POST, and REPLICATE requests will fail with a 507
status code. These are the operations that can significantly increase
the disk space used by a given database.
I called the parameter "fallocate_reserve" for consistency with the
object server. No actual fallocate() call happens under Swift's
control in the account or container servers (sqlite3 might make such a
call, but it's out of our hands).
Change-Id: I083442eef14bf83c0ea717b1decb3e6b56dbf1d0
Container servers will store an etag like
<MD5 of manifest on disk>; slo_etag=<MD5 on concatenated ETags>
which the SLO middleware will break out into separate
"hash": "<MD5 of manifest on disk",
"slo_etag": "\"<MD5 of concatenated ETags\"",
keys for JSON listings. Text and XML listings are unaffected.
If a middleware left of SLO already specified a container update
override, the slo_etag parameter will be appended. If the base header
value was blank, the MD5 of the manifest will be inserted.
SLOs that were created on previous versions of Swift will continue to
just have the MD5 of the manifest in container listings.
Closes-Bug: 1618573
Change-Id: I67478923619b00ec1a37d56b6fec6a218453dafc
If swift-ring-builder is erroneously given a composite builder
file, which it will fail to load, it will now print a hint
that the file is a composite builder file.
Co-Authored-By: Clay Gerrard <clay.gerrard@gmail.com>
Change-Id: If4517f3b61977a7f6ca3e08ed5deb182aa87a366
We already link to Swift's docs in particular (as opposed to OpenStack's
in general) later in the README, may as well do it earlier, too.
Change-Id: Ib11bfb551e44ccc6bbbad9d78e1e20d6486a3103
This patch adds an additional optional parameter to tempurl
which restricts the ip's from which a temp url can be used from.
Change-Id: I23fe998a980960d4a32df042b3f6a21f096c36af
Add a new middleware that can be used to fetch an encryption root
secret from a KMIP service. The middleware uses a PyKMIP client
to interact with a KMIP endpoint. The middleware is configured with
a unique identifier for the key to be fetched and options required
for the PyKMIP client.
Co-Authored-By: Tim Burke <tim.burke@gmail.com>
Change-Id: Ib0943fb934b347060fc66c091673a33bcfac0a6d
In test_obj.py there are PUT tests that are specific to the Putter
type and others that apply to any Putter type. This patch refactors
them into separate classes to provide greater clarity and to allow
common tests to be applied to each Putter type.
Taking this infrastracture out and ahead of PUT+POST itself allows
it to be reviewed much easier, especially when you look at the diff.
Related-Change-Id: I64b0d8fdb2ffce786f56665a74ed7eb2603abfda
Change-Id: Ibb09b5a28098fb51e25ab5a7134b518cc68eaf89
Yes, this means you can now start a proxy-server process on py3! And it
will give you something useful on /info!
Apparently you can even get auth tokens from tempauth, although the
tempauth unit tests don't pass yet.
Change-Id: I86ead2989b5934a7584cdd75719ce239826e01ec
Instead, require that callers provide an encoding.
Related-Change: I31408f525ba9836f634a35581d4aee6fa2c9428f
Change-Id: I3e5ed9e4401eea76c375bb43ad4afc58b1d8006a