openstack-swift
/
CHANGELOG
4647 строк · 181.7 Кб
1swift (2.32.0, OpenStack Bobcat)
2
3* Python 3 fixes:
4
5* Python 3 object servers can now read unencrypted non-ASCII metadata
6that was written under Python 2.
7
8* Ssync no longer corrupts unencrypted non-ASCII metadata during
9transfers.
10
11* Fixed an encoding issue when writing non-ASCII object names to sharded
12containers and shard range caching is not enabled.
13
14* Fixed an encoding issue when handling non-ASCII account names.
15
16* Fixed a `generator already executing` error on client disconnect.
17
18* Suppressed `RemoteDisconnected` tracebacks.
19
20* Metrics improvements:
21
22* Metrics are now emitted for a variety of S3 error responses, in the
23form `s3api.<status_int>.<error_class>[.<reason>]`
24
25* Fixed an issue that prevented proxy servers from emitting metrics and
26logs for backend requests made when getting account or container info.
27
28* Account and container info metrics now include the response status code
29when backend requests are made.
30
31* Added timing metrics to the container sharder for various operations.
32
33* Python 3.11 is now supported.
34
35* Added the ability for reseller admins to set per-policy account quotas by
36posting metadata of the form `X-Account-Quota-Bytes-Policy-<policy name>`.
37
38* Added a `keepalive_timeout` option to the proxy server to limit how long
39to wait for a client to initiate a request, separate from the general
40`client_timeout` option. Note that this requires eventlet 0.33.4
41(currently unreleased) or later.
42
43* Added a `keep_cache_slo_manifest` option to the object server to better
44control whether SLO manifests are dropped from the page cache.
45
46* WSGI servers now accept a `--test-config` option that may be used to
47validate configuration changes before reloading/restarting the server.
48
49* The structure of cached shard ranges has changed, improving performance
50when listing or writing to sharded containers. Note that immediately
51after upgrade, the new structures will all be cache misses, which may
52lead to a thundering herd problem. To avoid this, upgrade just a few
53nodes first, let them service some fraction of traffic to populate the
54cache, then upgrade the rest of the cluster.
55
56* A variety of performance improvements have been made for sharded
57container databases.
58
59* Various logging and metrics improvements when talking to memcache.
60
61* Fixed ssync's handling of timestamp offsets. Previously, this could cause
62ssync to fail with a 409 Conflict, causing the transfer to fail and
63preventing handoffs from clearing.
64
65* Fixed an issue where an erasure-coded PUT could prevent other requests
66from being processed when network calls rarely or never blocked.
67
68* Fixed an issue when downloading an SLO manifest would hit a recoverable
69error and attempt to resume from another node. This would manifest as
70either a pyeclib decode error or an unexpected empty response.
71
72* The proxy server now applies error-limiting to the correct node when
73handling a recoverable node error.
74
75* Account, container, and object log fields are now correctly identified
76when returning `BadDigest` responses to S3 requests.
77
78* Previously, under some circumstances, a non-standard config option such
79as `RECLAIM_AGE` might get parsed as `reclaim_age` for some processes
80but ignored by others. Now, all config parsing is case-sensitive;
81non-standard names will always be ignored.
82
83* Reduced the backend load of making `?versions` requests to a container
84that has never had object versioning enabled.
85
86* Improved formatting of meta and sysmeta for `swift-account-info` and
87`swift-container-info`.
88
89* The standard-library `logging` module is no longer monkey-patched when
90importing `swift.common.utils`, making it easier to re-use swift code
91in other contexts.
92
93* Removed the hard dependency on netifaces; it may still be used if the
94`getifaddrs` C function is not available. This fallback support may be
95removed in a future release.
96
97* Various other minor bug fixes and improvements.
98
99
100swift (2.31.1, OpenStack Antelope)
101
102* Sharding fixes
103
104* Shards no longer report stats to the root database when they are in
105the CREATED state.
106
107* Sharding metadata is no longer cleared when databases are deleted.
108This could previously cause deleted shards that still had rows to
109become stuck and never move them to the correct database.
110
111* Fixed a performance regression in the handling of misplaced objects.
112
113* Swift path and on-disk path are now included with all sharder logging.
114
115* `s3token` no longer mangles request paths that include the Access Key ID.
116
117* User metadata is now exposed via CORS when encryption is enabled,
118matching the behavior when encryption is not enabled.
119
120* Fewer backend requests are now required when account or container
121information is missing from memcache.
122
123* Fixed logging of IP and port in the proxy-server; in particular,
124internal clients now correctly log about the replication IP/port.
125
126* Fixed a bug in the object replicator that would cause an under-reporting
127of failures.
128
129* Various other minor bug fixes.
130
131
132swift (2.31.0)
133
134* S3 API improvements
135
136* Fixed a security issue in how `s3api` handles XML parsing that allowed
137authenticated S3 clients to read arbitrary files from proxy servers.
138Refer to CVE-2022-47950 for more information.
139
140* Fixed a server error when handling malformed CompleteMultipartUpload
141requests.
142
143* Improved error reporting when attempting to set invalid `X-Delete-At`
144or `X-Delete-After` values via the S3 API.
145
146* Sharding improvements
147
148* Sync more shard ranges from the root database to the shards. This
149helps ensure shard range repairs effected at the root make their way
150to shards that would otherwise be stuck trying to further divide
151into sub-shards.
152
153* Added a `merge` subcommand to `swift-manage-shard-ranges` to merge
154arbitrary shard ranges into a container DB. Minimal safety checks
155are performed; it should only be used for emergency shard range
156manipulation by expert users.
157
158* Improved performance of `delimiter` listings for sharded containers.
159
160* Added more safety checks to the `repair` subcommand of
161`swift-manage-shard-ranges`.
162
163* Better handle `EOFError` and `KeyboardInterrupt` when prompting for
164input in `swift-manage-shard-ranges`.
165
166* Warnings are now emitted when sharding appears to have become stuck.
167Use the new `container_sharding_timeout` option to configure the
168"stuck" threshold; the default is 48 hours.
169
170* Stop warning about transient overlaps when auditing shard ranges.
171
172* Metrics improvements
173
174* Added timing stats for memcached operations.
175
176* Renamed and improved the granularity of shard range cache and
177backend stats. Metrics dashboards may need to be updated.
178
179* Emit stats when backend nodes are error-limited.
180
181* Added support for Python 3.10.
182
183* Added an optional `backend_ratelimit` middleware for backend servers.
184See the backend server sample configuration files for more information.
185
186* Added the ability to configure a chance to skip checking memcache when
187querying account and container information. This allows some fraction
188of traffic to go to disk and refresh memcache before the key ages out.
189Recommended values for the new `account_existence_skip_cache_pct` and
190`container_existence_skip_cache_pct` options are in the range of
1910.0 to 0.01.
192
193* Static large object segments may now be deleted asynchronously by
194default. Operators may return to the old behavior by disabling the
195`allow_async_delete` option in the `[filter:slo]` section
196in their proxy-server.conf.
197
198* Absolute-form request targets are now accepted. This enables access for
199certain clients and SDKs (including some older versions of rclone that
200were using an old version of aws-sdk-go).
201
202* Fixed a path-rewriting bug introduced in Python 3.7.14, 3.8.14, 3.9.14,
203and 3.10.6 that could cause some `domain_remap` requests to be routed to
204the wrong object.
205
206* Fixed a server error when attempting to access data in a deleted
207container that had an erasure-coded storage policy.
208
209* Improved error messages to clients that encounter errors using the
210`formpost` middleware.
211
212* Removed some inappropriate error-suppression when locking account and
213container databases.
214
215* Improved server start-up time when using multiple workers.
216
217* Removed some unnecessary locking when logging.
218
219* Added some basic object-metadata validation; invalid diskfiles will be
220quarantined via the auditor or reconstructor.
221
222* Enhanced logging when error-limiting a backend node.
223
224* Various other minor bug fixes and improvements.
225
226
227swift (2.30.1, zed stable backports)
228
229* Fixed a security issue in how `s3api` handles XML parsing that allowed
230authenticated S3 clients to read arbitrary files from proxy servers.
231Refer to CVE-2022-47950 for more information.
232
233* Fixed a path-rewriting bug introduced in Python 3.7.14, 3.8.14, 3.9.14,
234and 3.10.6 that could cause some `domain_remap` requests to be routed to
235the wrong object.
236
237
238swift (2.30.0, OpenStack Zed)
239
240* Sharding improvements
241
242* The `swift-manage-shard-ranges` tool has a new mode to repair gaps
243in the namespace.
244
245* Misplaced tombstone records are now properly cleaved.
246
247* Fixed a bug where the sharder could fail to find a device to use for
248cleaving.
249
250* Databases marked deleted are now processed by the sharder.
251
252* More information is now synced to the fresh database when sharding.
253Previously, a database could lose the fact that it had been marked
254as deleted.
255
256* Shard ranges with no rows to cleave could previously be left in the
257CREATED state after cleaving. Now, they are advanced to CLEAVED.
258
259* Metrics are now emitted for whether databases used for cleaving
260were created or already existed, allowing a better understanding
261of the reason for handoffs in the cluster.
262
263* Misplaced-record stats are now also emitted to statsd. Previously,
264these were only available in logs.
265
266* S3 API improvements
267
268* Constant-time string comparisons are now used when checking signatures.
269
270* Fixed cross-policy object copies. Previously, copied data would
271always be written using the source container's policy. Now, the
272destination container's policy will be used, avoiding availability
273issues and unnecessary container-reconciler work.
274
275* More headers are now copied from multi-part upload markers to their
276completed objects, including `Content-Encoding`.
277
278* When running with `s3_acl` disabled, `bucket-owner-full-control` and
279`bucket-owner-read` canned ACLs will be translated to the same Swift
280ACLs as `private`.
281
282* The S3 ACL and Delete Multiple APIs are now less case-sensitive.
283
284* Improved the error message when deleting a bucket that's ever had
285versioning enabled and still has versions in it.
286
287* `LastModified` timestamps in listings are now rounded up to whole
288seconds, like they are in responses from AWS.
289
290* Proxy logging for Complete Multipart Upload requests is now more
291consistent when requests have been retried.
292
293* Logging improvements
294
295* Signal handling is more consistently logged at notice level.
296Previously, signal handling would sometimes be logged at info
297or error levels.
298
299* The message template for proxy logging may now include a
300`{domain}` field for the client-provided `Host` header.
301
302* The object-replicator now logs successful rsync transfers at debug
303instead of info.
304
305* Added a `log_rsync_transfers` option to the object-replicator.
306Set it to false to disable logging rsync "send" lines; during
307large rebalances, such logging can overwhelm log aggregation
308while providing little useful information.
309
310* Transaction IDs are now only included in daemon log lines
311in a request/response context.
312
313* Fixed a socket leak when clients try to delete a non-SLO as though
314it were a Static Large Object.
315
316* The formpost digest algorithm is now configurable via the new
317`allowed_digests` option, and support is added for both SHA-256
318and SHA-512. Supported formpost digests are exposed to clients in
319`/info`. Additionally, formpost signatures can now be base64 encoded.
320
321* Added metrics to the formpost and tempurl middlewares to monitor
322digest usage in signatures.
323
324* SHA-1 signatures are now deprecated for the formpost and tempurl
325middlewares. At some point in the future, SHA-1 will no longer be
326enabled by default; eventually, support for it will be removed
327entirely.
328
329* Improved compatibility with certain FIPS-mode-enabled systems.
330
331* Added a `ring_ip` option for various object services. This may be
332used to find own devices in the ring in a containerized environment
333where the `bind_ip` may not appear in the ring at all.
334
335* Account and container replicators can now be configured with a
336`handoff_delete` option, similar to object replicators and
337reconstructors. See the sample config for more information.
338
339* Developers using Swift's memcache client may now opt in to having
340a `MemcacheConnectionError` be raised when no connection succeeded
341using a new `raise_on_error` keyword argument to `get`/`set`.
342
343* The tempurl middleware has been updated to return a 503 if storing a
344token in memcache fails. Third party authentication middlewares are
345encouraged to also use the new `raise_on_error` keyword argument
346when storing ephemeral tokens in memcache.
347
348* Pickle support has been removed from Swift's memcache client. Support
349had been deprecated since Swift 1.7.0.
350
351* Device names are now included in new database IDs. This provides more
352context when examining incoming/outgoing sync tables or sharding
353CleaveContexts.
354
355* Database replication connections are now closed following an error
356or timeout. This prevents a traceback in some cases when the replicator
357tries to reuse the connection.
358
359* `ENOENT` and `ENODATA` errors are better handled in the object
360replicator and auditor.
361
362* Improved object update throughput by shifting some shard range
363filtering from Python to SQL.
364
365* Include `Vary: Origin` header when CORS responses vary by origin.
366
367* The staticweb middleware now allows empty listings at the root of
368a container. Previously, this would result in a 404 response.
369
370* Ring builder output tables better display weights over 1000.
371
372* Various other minor bug fixes and improvements.
373
374
375swift (2.29.2, yoga stable backports)
376
377* Fixed a security issue in how `s3api` handles XML parsing that allowed
378authenticated S3 clients to read arbitrary files from proxy servers.
379Refer to CVE-2022-47950 for more information.
380
381* Constant-time string comparisons are now used when checking S3 API
382signatures.
383
384* Fixed a path-rewriting bug introduced in Python 3.7.14, 3.8.14, 3.9.14,
385and 3.10.6 that could cause some `domain_remap` requests to be routed to
386the wrong object.
387
388* Improved compatibility with certain FIPS-mode-enabled systems.
389
390
391swift (2.29.1, OpenStack Yoga)
392
393* This is the final stable branch that will support Python 2.7.
394
395* Fixed s3v4 signature calculation when the client sends an un-encoded
396path in the request.
397
398* Fixed multiple issues in s3api involving Multipart Uploads with
399non-ASCII names.
400
401* The object-updater now defers rate-limited updates to the end of its
402cycle; these deferred updates will be processed (at the limited rate)
403until the configured `interval` elapses. A new `max_deferred_updates`
404option may be used to bound the deferral queue.
405
406* Empty account and container partition directories are now cleaned up
407immediately after replication, rather than needing to wait for an
408additional replication cycle.
409
410* The object-expirer now only cleans up empty containers. Previously, it
411would attempt to delete all processed containers, regardless of whether
412there were entries which were skipped or had errors.
413
414* A new `item_size_warning_threshold` option may be used to monitor for
415values that are approaching the limit of what can be stored in memcache.
416See the memcache sample config for more information.
417
418* Internal clients now correctly use their configured User-Agent in
419backend requests, rather than only using it for logging.
420
421* Various other minor bug fixes and improvements.
422
423
424swift (2.29.0)
425
426* S3 API improvements
427
428* CORS preflights are now allowed for pre-signed URLs.
429
430* The `storage_domain` option now accepts a comma-separated list of
431storage domains. This allows multiple storage domains to configured
432for use with virtual-host style addressing.
433
434* Fixed the types of configured values in /info response.
435
436* Fixed a server error when trying to copy objects with non-ASCII names.
437
438* Fixed a server error when uploading objects with very long names.
439A KeyTooLongError is now returned.
440
441* Fixed an error when multi-deleting MPUs when SLO async-deletes
442are enabled.
443
444* Fixed an error that allowed list-uploads and list-parts requests to
445return incomplete or out-of-order results.
446
447* Fixed several bugs when dealing with non-ASCII object names and
448multipart uploads.
449
450* Reduced the overhead of retrieving bucket and object ACLs.
451
452* Replication, reconstruction, and diskfile improvements
453
454* The reconstructor now uses the replication network to fetch fragments
455for reconstruction.
456
457* Added the ability to limit how many objects per handoff partition
458will be reverted in a reconstructor cycle using the new
459`max_objects_per_revert` option. This may be useful to reduce
460ssync timeouts and lock contention, ensuring that progress is made
461during rebalances.
462
463* Ensure that non-durable data and .meta files are purged from handoffs
464after syncing.
465
466* Fixed tracebacks when there's a race to mark a file durable or delete it.
467
468* Improved cooperative multitasking during ssync.
469
470* Upon detecting a ring change, the reconstructor now only aborts the
471jobs for that ring and continues processing jobs for other rings.
472
473* Fixed a traceback when logging about a lock timeout in the replicator.
474
475* Object updater improvements
476
477* Added the ability to ratelimit updates (approximately) per-container
478using the new `max_objects_per_container_per_second` option. This may
479be used to limit requests to already-overloaded containers while still
480making progress on updates to other containers.
481
482* Added timing stats by response code.
483
484* Updates are now sent over the replication network.
485
486* Fixed a race condition where swift would attempt to quarantine
487recently-deleted updates.
488
489* Memcache improvements
490
491* Added the ability to configure a chance to skip checking memcache when
492querying shard ranges. This allows some fraction of traffic to go to
493disk and refresh memcache before the key ages out. Recommended values
494for the new `container_updating_shard_ranges_skip_cache_pct` and
495`container_listing_shard_ranges_skip_cache_pct` options are in the
496range of 0.0 to 0.1.
497
498* Added stats for shard range cache hits, misses, and skips.
499
500* Improved handling of timeouts and other errors when obtaining a
501connection to memcached.
502
503* Recon improvements
504
505* Added object-reconstructor stats to recon.
506
507* Each object-server IP is now queried only once when reporting disk
508usage. Previously, each port in the ring would be queried; when using
509servers-per-port, this could dramatically overstate the disk capacity
510in the cluster.
511
512* Fixed a security issue where tempurl and s3api signatures were logged in
513full. This allowed an attacker with access to log data to perform replay
514attacks, potentially accessing or overwriting cluster data. Now, such
515signatures are redacted in a manner similar to auth tokens; see the
516`reveal_sensitive_prefix` option in `proxy-server.conf`.
517
518See CVE-2017-8761 for more information.
519
520* Added a new `swift.common.registry` module. This includes helper
521functions `register_sensitive_header` and `register_sensitive_param`
522which third party middleware authors may use to flag headers and query
523parameters for redaction when logging. For more information, see
524https://docs.openstack.org/swift/latest/misc.html#module-swift.common.registry
525
526* Added the ability to configure project-scope read-only roles for
527keystoneauth using the new `project_reader_roles` option.
528
529* The cname_lookup middleware now works with dnspython 2.0 and later.
530
531* The internal clients used by the container-reconciler, container-sharder,
532container-sync, and object-expirer daemons now use a more-descriptive
533`<daemon>-ic` log name, rather than `swift`. If you previously
534configured the `log_name` option in `internal-client.conf`, you must
535now use the `set log_name = <value>` syntax to configure it, even if
536no value is set in the `[DEFAULT]` section. This may be done prior to
537upgrading.
538
539* Fixed a bug that allowed some statsd metrics to be annotated with the
540wrong backend layer.
541
542* The `StatsdClient.set_prefix` method is now deprecated and
543may be removed in a future release; by extension, so is the
544`LogAdapter.set_statsd_prefix` method. Middleware developers should
545use the `statsd_tail_prefix` argument to `get_logger` instead.
546
547* Fixed a traceback in the account-server when there's no account
548database on disk to receive a container update. The account-server
549now correctly 404s.
550
551* The container-updater will quarantine container databases if all
552replicas for the account respond 404.
553
554* Fixed a proxy-server error when the read-only middleware tried to
555handle non-Swift paths (such as may be used by third-party middleware).
556
557* Some client behaviors that the proxy previously logged at warning have
558been lowered to info.
559
560* Removed translations from most logging.
561
562* Various other minor bug fixes and improvements.
563
564
565swift (2.28.1, xena stable backports)
566
567* Fixed a security issue in how `s3api` handles XML parsing that allowed
568authenticated S3 clients to read arbitrary files from proxy servers.
569Refer to CVE-2022-47950 for more information.
570
571* Constant-time string comparisons are now used when checking S3 API
572signatures.
573
574* Fixed a path-rewriting bug introduced in Python 3.7.14, 3.8.14, 3.9.14,
575and 3.10.6 that could cause some `domain_remap` requests to be routed to
576the wrong object.
577
578* Improved compatibility with certain FIPS-mode-enabled systems.
579
580* Ensure that non-durable data and .meta files are purged from handoffs
581after syncing.
582
583
584swift (2.28.0, OpenStack Xena)
585
586* Sharding improvements:
587
588* When building a listing from shards, any failure to retrieve
589listings will result in a 503 response. Previously, failures
590fetching a partiucular shard would result in a gap in listings.
591
592* Container-server logs now include the shard path in the referer
593field when receiving stat updates.
594
595* Added a new config option, `rows_per_shard`, to specify how many
596objects should be in each shard when scanning for ranges. The default
597is `shard_container_threshold / 2`, preserving existing behavior.
598
599* Added a new config option, `minimum_shard_size`. When scanning
600for shard ranges, if the final shard would otherwise contain
601fewer than this many objects, the previous shard will instead
602be expanded to the end of the namespace (and so may contain up
603to `rows_per_shard + minimum_shard_size` objects). This reduces
604the number of small shards generated. The default value is
605`rows_per_shard / 5`.
606
607* Added a new config option, `shrink_threshold`, to specify the
608absolute size below which a shard will be considered for shrinking.
609This overrides the `shard_shrink_point` configuration option, which
610expressed this as a percentage of `shard_container_threshold`.
611`shard_shrink_point` is now deprecated.
612
613* Similar to above, `expansion_limit` was added as an absolute-size
614replacement for the now-deprecated `shard_shrink_merge_point`
615configuration option.
616
617* The sharder now correctly identifies and fails audits for shard
618ranges that overlap exactly.
619
620* The sharder and swift-manage-shard-ranges now consider total row
621count (instead of just object count) when deciding whether a shard
622is a candidate for shrinking.
623
624* If the sharder encounters shard range gaps while cleaving, it will
625now log an error and halt sharding progress. Previously, rows may
626not have been moved properly, leading to data loss.
627
628* Sharding cycle time and last-completion time are now available via
629swift-recon.
630
631* Fixed an issue where resolving overlapping shard ranges via shrinking
632could prematurely mark created or cleaved shards as active.
633
634* `swift-manage-shard-ranges` improvements:
635
636* Exit codes are now applied more consistently:
637
638- 0 for success
639- 1 for an unexpected outcome
640- 2 for invalid options
641- 3 for user exit
642
643As a result, some errors that previously resulted in exit code 2
644will now exit with code 1.
645
646* Added a new 'repair' command to automatically identify and
647optionally resolve overlapping shard ranges.
648
649* Added a new 'analyze' command to automatically identify overlapping
650shard ranges and recommend a resolution based on a JSON listing
651of shard ranges such as produced by the 'show' command.
652
653* Added a `--includes` option for the 'show' command to only output
654shard ranges that may include a given object name.
655
656* Added a `--dry-run` option for the 'compact' command.
657
658* The 'compact' command now outputs the total number of compactible
659sequences.
660
661* S3 API improvements:
662
663* Added an option, `ratelimit_as_client_error`, to return 429s for
664rate-limited responses. Several clients/SDKs have seem to support
665retries with backoffs on 429, and having it as a client error
666cleans up logging and metrics. By default, Swift will respond 503,
667matching AWS documentation.
668
669* Fixed a server error in bucket listings when `s3_acl` is enabled
670and staticweb is configured for the container.
671
672* Fixed a server error when a client exceeds `client_timeout` during an
673upload. Now, a `RequestTimeout` error is correctly returned.
674
675* Fixed a server error when downloading multipart uploads/static large
676objects that have missing or inaccessible segments. This is a state
677that cannot arise in AWS, so a new `BrokenMPU` error is returned,
678indicating that retrying the request is unlikely to succeed.
679
680* Fixed several issues with the prefix, marker, and delimiter
681parameters that would be mirrored back to clients when listing
682buckets.
683
684* Partition power increase improvements:
685
686* The relinker now spawns multiple subprocesses to process disks
687in parallel. By default, one worker is spawned per disk; use the
688new `--workers` option to control how many subprocesses are used.
689Use `--workers=0` to maintain the previous behavior.
690
691* The relinker now performs eventlet-hub selection the same way as
692other daemons. In particular, `epolls` will no longer be selected,
693as it seemed to cause occassional hangs.
694
695* The relinker can now target specific storage policies or
696partitions by using the new `--policy` and `--partition`
697options.
698
699* Partitions that encountered errors during relinking are no longer
700marked as completed in the relinker state file. This ensures that
701a subsequent relink will retry the failed partitions.
702
703* Partition cleanup is more robust, decreasing the likelihood of
704leaving behind mostly-empty partitions from the old partition
705power.
706
707* Improved relinker progress logging, and started collecting
708progress information for swift-recon.
709
710* Cleanup is more robust to files and directories being deleted by
711another process.
712
713* The relinker better handles data found from earlier partition power
714increases.
715
716* The relinker better handles tombstones found for the same object
717but with different inodes.
718
719* The reconciler now defers working on policies that have a partition
720power increase in progress to avoid issues with concurrent writes.
721
722* Erasure coding fixes:
723
724* Added the ability to quarantine EC fragments that have no (or few)
725other fragments in the cluster. A new configuration option,
726`quarantine_threshold`, in the reconstructor controls the point at
727the fragment will be quarantined; the default (0) will never
728quarantine. Only fragments older than `quarantine_age` (default:
729`reclaim_age`) may be quarantined. Before quarantining, the
730reconstructor will attempt to fetch fragments from handoff nodes
731in addition to the usual primary nodes; a new `request_node_count`
732option (default `2 * replicas`) limits the total number of nodes to
733contact.
734
735* Added a delay before deleting non-durable data. A new configuration
736option, `commit_window` in the `[DEFAULT]` section of
737object-server.conf, adjusts this delay; the default is 60 seconds. This
738improves the durability of both back-dated PUTs (from the reconciler or
739container-sync, for example) and fresh writes to handoffs by preventing
740the reconstructor from deleting data that the object-server was still
741writing.
742
743* Improved proxy-server and object-reconstructor logging when data
744cannot be reconstructed.
745
746* Fixed an issue where some but not all fragments having metadata
747applied could prevent reconstruction of missing fragments.
748
749* Server-side copying of erasure-coded data to a replicated policy no
750longer copies EC sysmeta. The previous behavior had no material
751effect, but could confuse operators examining data on disk.
752
753* Python 3 fixes:
754
755* Fixed a server error when performing a PUT authorized via
756tempurl with some proxy pipelines.
757
758* Fixed a server error during GET of a symlink with some proxy
759pipelines.
760
761* Fixed an issue with logging setup when /dev/log doesn't exist
762or is not a UNIX socket.
763
764* The container-reconciler now scales out better with new `processes`,
765`process`, and `concurrency` options, similar to the object-expirer.
766
767* The dark-data audit watcher now skips objects younger than a new
768configurable `grace_age` period. This avoids issues where data
769could be flagged, quarantined, or deleted because of listing
770consistency issues. The default is one week.
771
772* The dark-data audit watcher now requires that all primary locations
773for an object's container agree that the data does not appear in
774listings to consider data "dark". Previously, a network partition
775that left an object node isolated could cause it to quarantine or
776delete all of its data.
777
778* More daemons now support systemd notify sockets.
779
780* `EPIPE` errors no longer log tracebacks.
781
782* The account and container auditors now log and update recon before
783going to sleep.
784
785* The object-expirer logs fewer client disconnects.
786
787* `swift-recon-cron` now includes the last time it was run in the recon
788information.
789
790* `EIO` errors during read now cause object diskfiles to be quarantined.
791
792* The formpost middleware now properly supports uploading multiple files
793with different content-types.
794
795* Various other minor bug fixes and improvements.
796
797
798swift (2.27.0, OpenStack Wallaby)
799
800* Added "audit watcher" hooks to allow operators to run arbitrary code
801against every diskfile in a cluster. For more information, see
802https://docs.openstack.org/swift/latest/development_watchers.html
803
804* Added support for system-scoped "reader" roles when authenticating using
805Keystone. Operators may configure this using the `system_reader_roles`
806option in the `[filter:keystoneauth]` section of their proxy-server.conf.
807
808A comparable group, `.reseller_reader`, is now available for development
809purposes when authenticating using tempauth.
810
811* Allow static large object segments to be deleted asynchronously.
812Operators may opt into this new behavior by enabling the new
813`allow_async_delete` option in the `[filter:slo]` section
814in their proxy-server.conf. For more information, see
815https://docs.openstack.org/swift/latest/overview_large_objects.html#deleting-a-large-object
816
817* Added the ability to connect to memcached over TLS. See the
818`tls_*` options in etc/memcache.conf-sample
819
820* The proxy-server now caches 'listing' shards, improving listing
821performance for sharded containers. A new config option,
822`recheck_listing_shard_ranges`, controls the cache time and defaults to
82310 minutes; set it to 0 to disable caching (the previous behavior).
824
825* Added a new optional proxy-logging field `{wire_status_int}` for the
826status code returned to the client. For more information, see
827https://docs.openstack.org/swift/latest/logs.html#proxy-logs
828
829* Errors downloading a Static Large Object that cause a shorter-than-expected
830response are now logged as 500s.
831
832* Memcache client error-limiting is now configurable. See the
833`error_suppression_*` options in etc/memcache.conf-sample
834
835* Added `tasks_per_second` option to rate-limit the object-expirer.
836
837* Added `usedforsecurity` annotations for use on FIPS-compliant systems.
838
839* Added an option to write EC fragments with legacy CRC to ensure a smooth
840upgrade from liberasurecode<=1.5.0 to >=1.6.2. For more information, see
841https://bugs.launchpad.net/liberasurecode/+bug/1886088
842
843* **Known Issue**: Operators should verify that encryption is not enabled
844in their reconciler pipelines; having it enabled there may harm data
845durability. For more information, see https://launchpad.net/bugs/1910804
846
847* S3 API improvements:
848
849* Fixed a bug that prevented the s3api pipeline validation described in
850proxy-server.conf-sample from being performed. As documented, operators
851can disable this via the `auth_pipeline_check` option if proxy startup
852fails with validation errors.
853
854* Make allowable clock skew configurable, with a default value of
85515 minutes to match AWS. Note that this was previously hardcoded at
8565 minutes; operators may want to preserve the prior behavior by setting
857`allowable_clock_skew = 300` in the `[filter:s3api]` section of their
858proxy-server.conf.
859
860* Fixed an issue where SHA mismatches in client XML payloads would cause
861a server error. Swift now correctly responds with a client error about
862the bad digest.
863
864* Fixed an issue where non-base64 signatures would cause a server error.
865Swift now correctly responds with a client error about the invalid
866digest.
867
868* Container ACLs are now cloned to the `+segments` container when it is
869created.
870
871* The correct storage policy is now logged for S3 requests.
872
873* Added the ability to configure auth region in s3token middleware.
874
875* CORS-related headers are now passed through appropriately when using
876the S3 API. Note that allowed origins and other container metadata
877must still be configured through the Swift API as documented at
878https://docs.openstack.org/swift/latest/cors.html
879
880Preflight requests do not contain enough information to map a
881bucket to an account/container pair; a new cluster-wide option
882`cors_preflight_allow_origin` may be configured for such OPTIONS
883requests. The default (blank) rejects all S3 preflight requests.
884
885* Sharding improvements:
886
887* Prevent shard databases from losing track of their root database when
888deleted.
889
890* Prevent sharded root databases from being reclaimed to ensure that
891shards can detect that they have been deleted.
892
893* A `--no-auto-shard` option has been added to `swift-container-sharder`.
894
895* The sharder daemon has been enhanced to better support the shrinking
896of shards that are no longer required. Shard containers will now
897discover from their root container if they should be shrinking. They
898will also discover the shards into which they should shrink, which may
899include the root container itself.
900
901* A 'compact' command has been added to `swift-manage-shard-ranges` that
902enables sequences of contiguous shards with low object counts to be
903compacted into another existing shard, or into the root container.
904
905* `swift-manage-shard-ranges` can now accept a config file; this
906may be used to ensure consistency of threshold values with the
907container-sharder config.
908
909* Overlapping shrinking shards no longer generate audit warnings; these
910are expected to sometimes overlap.
911
912* The sharding progress reports in recon cache now continue to be included
913for a period of time after sharding has completed. The time period
914may be configured using the `recon_sharded_timeout` option in the
915`[container-sharder]` section of container-server.conf, and defaults
916to 12 hours.
917
918* Add root containers with compactible ranges to recon cache.
919
920* Expose sharding statistics in the backend recon middleware.
921
922* Replication improvements:
923
924* Fixed a race condition in ssync that could lead to a loss of data
925durability (or even loss of data, for two-replica policies) when some
926object servers have outdated rings. Replication via rsync is likely
927still affected by a similar bug.
928
929* Non-durable fragments can now be reverted from handoffs.
930
931* The post-rsync REPLICATE call no longer recalculates hashes immediately.
932
933* Hashes are no longer invalidated after a successful ssync; they were
934already invalidated during the data transfer.
935
936* Reduced log noise for common ssync errors.
937
938* Python 3 fixes:
939
940* Added support for Python 3.9.
941
942* Staticweb correctly handles listings when paths include non-ASCII
943characters.
944
945* S3 API now allows multipart uploads with non-ASCII characters in the
946object name.
947
948* Fixed an import-ordering issue in `swift-dispersion-populate`.
949
950* Partition power increase improvements:
951
952* Fixed a bug where stale state files would cause misplaced data during
953multiple partition power increases.
954
955* Removed a race condition that could cause newly-written data to not be
956linked into the new partition for the new partition power.
957
958* Improved safety during cleanup to ensure files have been relinked
959appropriately before unlinking.
960
961* Added an option to drop privileges when running the relinker as root.
962
963* Added an option to rate-limit how quickly data files are relinked or
964cleaned up. This may be used to reduce I/O load during partition power
965increases, improving end-user performance.
966
967* Rehash partitions during the partition power increase. Previously, we
968relied on the replication engine to perform the rehash, which could
969cause an unexpected I/O spike after a partition power increase.
970
971* Warn when relinking/cleaning up and any disks are unmounted.
972
973* Log progress per partition when relinking/cleaning up.
974
975* During clean-up, stop warning about tombstones that got reaped from
976the new location but not the old.
977
978* Added the ability to read options from object-server.conf, similar to
979background daemons.
980
981* Turned off thread-logging when monkey-patching with eventlet. This
982addresses a potential hang in the proxy-server while logging client
983disconnects.
984
985* Fixed a bug that could cause EC GET responses to return a server error.
986
987* Fixed an issue with `swift-drive-audit` when run around New Year's.
988
989* Server errors encountered when validating the first segment of a Static or
990Dynamic Large Object now return a 503 to the client, rather than a 409.
991
992* Errors when setting keys in memcached are now logged. This helps
993operators detect when shard ranges for caching have gotten too large to
994be stored, for example.
995
996* Various other minor bug fixes and improvements.
997
998
999swift (2.26.0, OpenStack Victoria)
1000
1001* Extend concurrent reads to erasure coded policies. Previously, the
1002options `concurrent_gets` and `concurrency_timeout` only applied to
1003replicated policies.
1004
1005* Add a new `concurrent_ec_extra_requests` option to allow the proxy to
1006make some extra backend requests immediately. The proxy will respond as
1007soon as there are enough responses available to reconstruct.
1008
1009* The concurrent read options (`concurrent_gets`, `concurrency_timeout`,
1010and `concurrent_ec_extra_requests`) may now be configured per
1011storage-policy.
1012
1013* Replication servers can now handle all request methods. This allows
1014ssync to work with a separate replication network.
1015
1016* All background daemons now use the replication network. This allows
1017better isolation between external, client-facing traffic and internal,
1018background traffic. Note that during a rolling upgrade, replication
1019servers may respond with `405 Method Not Allowed`. To avoid this,
1020operators should remove the config option `replication_server = true`
1021from their replication servers; this will allow them to handle all
1022request methods before upgrading.
1023
1024* S3 API improvements:
1025
1026* Fixed some SignatureDoesNotMatch errors when using the AWS .NET SDK.
1027
1028* Add basic read support for object tagging. This improves
1029compatibility with AWS CLI version 2. Write support is not
1030yet implemented, so the tag set will always be empty.
1031
1032* CompleteMultipartUpload requests may now be safely retried.
1033
1034* Improved quota-exceeded error messages.
1035
1036* Improved logging and statsd metrics. Be aware that this will cause
1037an increase in the proxy-logging statsd metrics emited for S3
1038responses. However, this should more accurately reflect the state
1039of the system.
1040
1041* S3 requests are now less demanding on the container layer.
1042
1043* Python 3 bug fixes:
1044
1045* Fixed an error when reading encrypted data that was written while
1046running Python 2 for a path that includes non-ASCII characters. This
1047was caused by a difference in string types that resulted in
1048ambiguity when decrypting. To prevent the ambiguity for new data, set
1049`meta_version_to_write = 3` in your keymaster configuration after
1050upgrading all proxy servers.
1051
1052If upgrading from Swift 2.20.0 or Swift 2.19.1 or earlier, set
1053`meta_version_to_write = 1` in your keymaster configuration prior
1054to upgrading.
1055
1056* Object expiration respects the `expiring_objects_container_divisor`
1057config option.
1058
1059* `fallocate_reserve` may be specified as a percentage in more places.
1060
1061* The ETag-quoting middleware no longer raises TypeErrors.
1062
1063* Sharding improvements:
1064
1065* Prevent object updates from auto-creating shard containers. This
1066ensures more consistent listings for sharded containers during
1067rebalances.
1068
1069* Deleted shard containers are no longer considered root containers.
1070This prevents unnecessary sharding audit failures and allows the
1071deleted shard database to actually be unlinked.
1072
1073* `swift-container-info` now summarizes shard range information.
1074Pass `-v`/`--verbose` if you want to see all of them.
1075
1076* Improved container-sharder stat reporting to reduce load on root
1077container databases.
1078
1079* Don't inject shard ranges when user quits.
1080
1081* Servers now open one listen socket per worker, ensuring each worker
1082serves roughly the same number of concurrent connections.
1083
1084* Server workers may now be gracefully terminated via `SIGHUP` or
1085`SIGUSR1`. The parent process will then spawn a fresh worker.
1086
1087* During rebalances, clients should no longer get 404s for data that
1088exists but whose replicas are overloaded.
1089
1090* Improved cache management for account and container responses.
1091
1092* Allow proxy-logging middlewares to be configured more independently.
1093
1094* Allow operators to pass either raw or URL-quoted paths to
1095swift-get-nodes. Notably, this allows swift-get-nodes to work with
1096the reserved namespace used for object versioning.
1097
1098* Container read ACLs now work with object versioning. This only
1099allows access to the most-recent version via an unversioned URL.
1100
1101* Improved how containers reclaim deleted rows to reduce locking and object
1102update throughput.
1103
1104* Large object reads log fewer client disconnects.
1105
1106* Allow ratelimit to be placed multiple times in a proxy pipeline,
1107such as both before s3api and auth (to handle swift requests without
1108needing to make an auth decision) and after (to limit S3 requests).
1109
1110* Shuffle object-updater work. This somewhat reduces the impact a
1111single overloaded database has on other containers' listings.
1112
1113* Fix a proxy-server error when retrieving erasure coded data when
1114there are durable fragments but not enough to reconstruct.
1115
1116* Fix an error in the proxy server when finalizing data.
1117
1118* Improve performance when increasing partition power.
1119
1120* Various other minor bug fixes and improvements.
1121
1122
1123swift (2.25.1, ussuri stable backports)
1124
1125* Python 3 bug fixes:
1126
1127* Fixed an error when reading encrypted data that was written while
1128running Python 2 for a path that includes non-ASCII characters. This
1129was caused by a difference in string types that resulted in
1130ambiguity when decrypting. To prevent the ambiguity for new data, set
1131`meta_version_to_write = 3` in your keymaster configuration after
1132upgrading all proxy servers.
1133
1134If upgrading from Swift 2.20.0 or Swift 2.19.1 or earlier, set
1135`meta_version_to_write = 1` in your keymaster configuration prior
1136to upgrading.
1137
1138* Object expiration respects the `expiring_objects_container_divisor`
1139config option.
1140
1141* `fallocate_reserve` may be specified as a percentage in more places.
1142
1143* The ETag-quoting middleware no longer raises TypeErrors.
1144
1145* Improved how containers reclaim deleted rows to reduce locking and object
1146update throughput.
1147
1148* Fix a proxy-server error when retrieving erasure coded data when
1149there are durable fragments but not enough to reconstruct.
1150
1151* Fixed some SignatureDoesNotMatch errors when using the AWS .NET SDK.
1152
1153* Region name config option is now respected when configuring S3 credential
1154caching.
1155
1156
1157swift (2.25.0, OpenStack Ussuri)
1158
1159* WSGI server processes can now notify systemd when they are ready.
1160
1161* Added `ttfb` (Time to First Byte) and `pid` (Process ID) to the set
1162of available proxy-server log fields. For more information, see
1163https://docs.openstack.org/swift/latest/logs.html
1164
1165* Improved proxy-server performance by reducing unnecessary locking,
1166memory copies, and eventlet scheduling.
1167
1168* Reduced object-replicator and object-reconstructor CPU usage by only
1169checking that the device list is current when rings change.
1170
1171* Improved performance of sharded container listings when performing
1172prefix listings.
1173
1174* Improved container-sync performance when data has already been
1175deleted or overwritten.
1176
1177* Account quotas are now enforced even on empty accounts.
1178
1179* Getting an SLO manifest with `?format=raw` now responds with an ETag
1180that matches the MD5 of the generated body rather than the MD5 of
1181the manifest stored on disk.
1182
1183* Provide useful status codes in logs for some versioning and symlink
1184subrequests that were previously logged as 499.
1185
1186* Fixed 500 from cname_lookup middleware. Previously, if the looked-up
1187domain was used by domain_remap to update the request path, the
1188server would respond Internal Error.
1189
1190* On Python 3, fixed an issue when reading or writing objects with a
1191content-type like `message/*`. Previously, Swift would fail to respond.
1192
1193* On Python 3, fixed a RecursionError in swift-dispersion-report when
1194using TLS.
1195
1196* Fixed a bug in the new object versioning API that would cause more
1197than `limit` results to be returned when listing.
1198
1199* Various other minor bug fixes and improvements.
1200
1201
1202swift (2.24.0)
1203
1204* Added a new object versioning mode, with APIs for querying and
1205accessing old versions. For more information, see the documentation
1206at https://docs.openstack.org/swift/latest/middleware.html#module-swift.common.middleware.versioned_writes.object_versioning
1207
1208* Added support for S3 versioning using the above new mode.
1209
1210* Added a new middleware to allow accounts and containers to opt-in to
1211RFC-compliant ETags. This may be useful when using Swift as an origin
1212for some content delivery networks. For more information, see the
1213documentation at https://docs.openstack.org/swift/latest/middleware.html#module-swift.common.middleware.etag_quoter
1214Clients should be aware of the fact that ETags may be quoted for RFC
1215compliance; this may become the default behavior in some future release.
1216
1217* Proxy, account, container, and object servers now support "seamless
1218reloads" via `SIGUSR1`. This is similar to the existing graceful
1219restarts but keeps the server socket open the whole time, reducing
1220service downtime.
1221
1222* New buckets created via the S3 API will now store multi-part upload
1223data in the same storage policy as other data rather than the
1224cluster's default storage policy.
1225
1226* Device region and zone can now be changed via `swift-ring-builder`.
1227Note that this may cause a lot of data movement on the next rebalance
1228as the builder tries to reach full dispersion.
1229
1230* Added support for Python 3.8.
1231
1232* The container sharder can now handle containers with special
1233characters in their names.
1234
1235* Internal client no longer logs object DELETEs as status 499.
1236
1237* Objects with an `X-Delete-At` value in the far future no longer cause
1238backend server errors.
1239
1240* The bulk extract middleware once again allows clients to specify metadata
1241(including expiration timestamps) for all objects in the archive.
1242
1243* Container sync now synchronizes static symlinks in a way similar to
1244static large objects.
1245
1246* `swift_source` is set for more sub-requests in the proxy-server. See
1247https://docs.openstack.org/swift/latest/logs.html#swift-source
1248
1249* Errors encountered while validating static symlink targets no longer
1250cause BadResponseLength errors in the proxy-server.
1251
1252* On Python 3, the KMS keymaster now works with secrets stored
1253in Barbican with a text/plain payload-content-type.
1254
1255* On Python 3, the formpost middleware now works with unicode file names.
1256
1257* Several utility scripts now work better on Python 3:
1258
1259* swift-account-audit
1260
1261* swift-dispersion-populate
1262
1263* swift-drive-recon
1264
1265* swift-recon
1266
1267* On Python 3, certain S3 API headers are now lower case as they
1268would be coming from AWS.
1269
1270* Per-service `auto_create_account_prefix` settings are now deprecated
1271and may be ignored in a future release; if you need to use this, please
1272set it in the `[swift-constraints]` section of /etc/swift/swift.conf.
1273
1274* Various other minor bug fixes and improvements.
1275
1276
1277swift (2.23.3, train stable backports)
1278
1279* Sharding improvements:
1280
1281* Prevent object updates from auto-creating shard containers. This
1282ensures more consistent listings for sharded containers during
1283rebalances.
1284
1285* Deleted shard containers are no longer considered root containers.
1286This prevents unnecessary sharding audit failures and allows the
1287deleted shard database to actually be unlinked.
1288
1289* The sharder daemon has been enhanced to better support the shrinking
1290of shards that are no longer required. Shard containers will now
1291discover from their root container if they should be shrinking. They
1292will also discover the shards into which they should shrink, which may
1293include the root container itself.
1294
1295* Improved performance of sharded container listings when performing
1296prefix listings.
1297
1298* Improved container-sharder stat reporting to reduce load on root
1299container databases.
1300
1301* The container sharder can now handle containers with special
1302characters in their names.
1303
1304* `swift-container-info` now summarizes shard range information.
1305Pass `-v`/`--verbose` if you want to see all of them.
1306
1307* Don't inject shard ranges when user quits.
1308
1309* Various other minor bug fixes and improvements.
1310
1311* Python 3 bug fixes:
1312
1313* Fixed a potential server error when uploading data via a tempurl.
1314
1315* Fixed a potential server error when getting symlink details.
1316
1317* Added the ability to connect to memcached over TLS. See the
1318`tls_*` options in etc/memcache.conf-sample
1319
1320
1321swift (2.23.2, train stable backports)
1322
1323* Python 3 bug fixes:
1324
1325* Fixed an error when reading encrypted data that was written while
1326running Python 2 for a path that includes non-ASCII characters. This
1327was caused by a difference in string types that resulted in
1328ambiguity when decrypting. To prevent the ambiguity for new data, set
1329`meta_version_to_write = 3` in your keymaster configuration after
1330upgrading all proxy servers.
1331
1332If upgrading from Swift 2.20.0 or Swift 2.19.1 or earlier, set
1333`meta_version_to_write = 1` in your keymaster configuration prior
1334to upgrading.
1335
1336* Fixed an issue when reading or writing objects with a content-type
1337like `message/*`. Previously, Swift would fail to respond.
1338
1339* Object expiration respects the `expiring_objects_container_divisor`
1340config option.
1341
1342* `fallocate_reserve` may be specified as a percentage in more places.
1343
1344* The formpost middleware now works with unicode file names.
1345
1346* Certain S3 API headers are now lower case as they would be coming
1347from AWS.
1348
1349* Improved how containers reclaim deleted rows to reduce locking and object
1350update throughput.
1351
1352* Fix a proxy-server error when retrieving erasure coded data when
1353there are durable fragments but not enough to reconstruct.
1354
1355* Fixed 500 from cname_lookup middleware. Previously, if the looked-up
1356domain was used by domain_remap to update the request path, the
1357server would respond Internal Error.
1358
1359* The bulk extract middleware once again allows clients to specify metadata
1360(including expiration timestamps) for all objects in the archive.
1361
1362* Errors encountered while validating static symlink targets no longer
1363cause BadResponseLength errors in the proxy-server.
1364
1365* Fixed some SignatureDoesNotMatch errors when using the AWS .NET SDK.
1366
1367* Various other minor bug fixes and improvements.
1368
1369
1370swift (2.23.1, train stable backports)
1371
1372* On Python 3, the KMS keymaster now works with secrets stored
1373in Barbican with a text/plain payload-content-type.
1374
1375* Several utility scripts now work better on Python 3:
1376
1377* swift-account-audit
1378
1379* swift-dispersion-populate
1380
1381* swift-drive-recon
1382
1383* swift-recon
1384
1385
1386swift (2.23.0, OpenStack Train)
1387
1388* Python 3.6 and 3.7 are now fully supported. Several py3-related
1389fixes are included:
1390
1391* Removed a request-smuggling vector when running a mixed
1392py2/py3 cluster.
1393
1394* Allow fallocate_reserve to be specified as a percentage.
1395
1396* Fixed listings for sharded containers.
1397
1398* Fixed non-ASCII account metadata handling.
1399
1400* Fixed rsync output parsing.
1401
1402* Fixed some title-casing of headers.
1403
1404If you've been testing Swift on Python 3, upgrade at your earliest
1405convenience.
1406
1407* Added "static symlinks", which perform some validation as they
1408follow redirects and include more information about their target
1409in container listings.
1410
1411* Multi-character strings may now be used as delimiters in account
1412and container listings.
1413
1414* Sharding improvements
1415
1416* Container metadata related to sharding are now removed when no
1417longer needed.
1418
1419* Empty container databases (such as might be created on handoffs)
1420now shard much more quickly.
1421
1422* The proxy-server now ignores 404 responses from handoffs that have
1423no data when deciding on the correct response for object requests,
1424similar to what it already does for account and container requests.
1425
1426* Static Large Object sizes in listings for versioned containers are
1427now more accurate.
1428
1429* When refetching Static Large Object manifests, non-manifest responses
1430are now handled better.
1431
1432* S3 API now translates 503 Service Unavailable responses to a more
1433S3-like response instead of raising an error.
1434
1435* Improved proxy-to-backend requests to be more RFC-compliant.
1436
1437* Dependency update: eventlet must be at least 0.25.0. This also
1438dragged forward minimum-supported versions of dnspython (1.15.0),
1439greenlet (0.3.2), and six (1.10.0).
1440
1441* Various other minor bug fixes and improvements.
1442
1443
1444swift (2.22.0)
1445
1446* Experimental support for Python 3.6 and 3.7 is now available.
1447Note that this requires eventlet>=0.25.0. All unit tests pass,
1448and running functional tests under Python 2 will pass against
1449services running under Python 3. Expect full support in the
1450next minor release.
1451
1452* Log formats are now more configurable and include support for
1453anonymization. See the log_msg_template option in proxy-server.conf
1454and https://docs.openstack.org/swift/latest/logs.html#proxy-logs
1455for more information.
1456
1457* Added an operator tool, swift-container-deleter, to asynchronously
1458delete some or all objects in a container using the object expirers.
1459
1460* Swift-all-in-one Docker images are now built and published to
1461https://hub.docker.com/r/openstackswift/saio. These are intended
1462for use as development targets, but will hopefully be useful as a
1463starting point for other work involving containerizing Swift.
1464
1465* The object-expirer may now be configured in object-server.conf.
1466This is in anticipation of a future change to allow the
1467object-expirer to be deployed on all nodes that run object-servers.
1468
1469* Correctness improvements
1470
1471* The proxy-server now ignores 404 responses from handoffs without
1472databases when deciding on the correct response for account and
1473container requests.
1474
1475* Object writes to a container whose existence cannot be verified
1476now 503 instead of 404.
1477
1478* Sharding improvements
1479
1480* The container-replicator now only attempts to fetch shard ranges if
1481the remote indicates that it has shard ranges. Further, it does so
1482with a timeout to prevent the process from hanging in certain cases.
1483
1484* The proxy-server now caches 'updating' shards, improving write
1485performance for sharded containers. A new config option,
1486`recheck_updating_shard_ranges`, controls the cache time; set it to
14870 to disable caching.
1488
1489* The container-replicator now correctly enqueues container-reconciler
1490work for sharded containers.
1491
1492* S3 API improvements
1493
1494* Unsigned payloads work with v4 signatures once more.
1495
1496* Multipart upload parts may now be copied from other multipart uploads.
1497
1498* CompleteMultipartUpload requests with a Content-MD5 now work.
1499
1500* Content-Type can now be updated when copying an object.
1501
1502* Fixed v1 listings that end with a non-ASCII object name.
1503
1504* Background corruption-detection improvements
1505
1506* Detect and remove invalid entries from hashes.pkl
1507
1508* When object path is not a directory, just quarantine it,
1509rather than the whole suffix.
1510
1511* Dependency updates: we've increased our minimum supported version
1512of cryptography to 2.0.2 and netifaces to 0.8. This is largely due
1513to the difficulty of continuing to test with the old versions.
1514
1515If running Swift under Python 3, eventlet must be at least 0.25.0.
1516
1517* Various other minor bug fixes and improvements.
1518
1519
1520swift (2.21.1, stein stable backports)
1521
1522* Sharding improvements
1523
1524* The container-replicator now only attempts to fetch shard ranges if
1525the remote indicates that it has shard ranges. Further, it does so
1526with a timeout to prevent the process from hanging in certain cases.
1527
1528* The container-replicator now correctly enqueues container-reconciler
1529work for sharded containers.
1530
1531* Container metadata related to sharding are now removed when no
1532longer needed.
1533
1534* S3 API improvements
1535
1536* Unsigned payloads work with v4 signatures once more.
1537
1538* Multipart upload parts may now be copied from other multipart uploads.
1539
1540* CompleteMultipartUpload requests with a Content-MD5 now work.
1541
1542* Content-Type can now be updated when copying an object.
1543
1544* Fixed v1 listings that end with a non-ASCII object name.
1545
1546* Background corruption-detection improvements
1547
1548* Detect and remove invalid entries from hashes.pkl
1549
1550* When object path is not a directory, just quarantine it,
1551rather than the whole suffix.
1552
1553* Static Large Object sizes in listings for versioned containers are
1554now more accurate.
1555
1556* When refetching Static Large Object manifests, non-manifest responses
1557are now handled better.
1558
1559* Cross-account symlinks now store correct account information in
1560container listings. This was previously fixed in 2.22.0.
1561
1562* Requesting multiple ranges from a Dynamic Large Object now returns the
1563entire object instead of incorrect data. This was previously fixed in
15642.23.0.
1565
1566* When making backend requests, the proxy-server now ensures query
1567parameters are always properly quoted. Previously, the proxy would
1568encounter an error on Python 2.7.17 if the client included non-ASCII
1569query parameters in object requests. This was previously fixed in
15702.23.0.
1571
1572
1573swift (2.21.0, OpenStack Stein)
1574
1575* Change the behavior of the EC reconstructor to perform a
1576fragment rebuild to a handoff node when a primary peer responds
1577with 507 to the REPLICATE request. This changes EC to match the
1578existing behavior of replication when drives fail. After a
1579rebalance of EC rings (potentially removing unmounted/failed
1580devices), it's most IO efficient to run in handoffs_only mode to
1581avoid unnecessary rebuilds.
1582
1583* O_TMPFILE support is now detected by attempting to use it
1584instead of looking at the kernel version. This allows older
1585kernels with backported patches to take advantage of the
1586O_TMPFILE functionality.
1587
1588* Add slo_manifest_hook callback to allow other middlewares to
1589impose additional constraints on or make edits to SLO manifests
1590before being written. For example, a middleware could enforce
1591minimum segment size or insert data segments.
1592
1593* Fixed an issue with multi-region EC policies that caused the EC
1594reconstructor to constantly attempt cross-region rebuild
1595traffic.
1596
1597* Fixed an issue where S3 API v4 signatures would not be validated
1598against the body of the request, allowing a replay attack if
1599request headers were captured by a malicious third party.
1600
1601* Display crypto data/metadata details in swift-object-info.
1602
1603* formpost can now accept a content-encoding parameter.
1604
1605* Fixed an issue where multipart uploads with the S3 API would
1606sometimes report an error despite all segments being upload
1607successfully.
1608
1609* Multipart object segments are now actually deleted when the
1610multipart object is deleted via the S3 API.
1611
1612* Swift now returns a 503 (instead of a 500) when an account
1613auto-create fails.
1614
1615* Fixed a bug where encryption would store the incorrect key
1616metadata if the object name starts with a slash.
1617
1618* Fixed an issue where an object server failure during a client
1619download could leave an open socket between the proxy and
1620client.
1621
1622* Fixed an issue where deleted EC objects didn't have their
1623on-disk directories cleaned up. This would cause extra resource
1624usage on the object servers.
1625
1626* Fixed issue where bulk requests using xml and expect
1627100-continue would return a malformed HTTP response.
1628
1629* Various other minor bug fixes and improvements.
1630
1631
1632swift (2.20.0)
1633
1634* S3 API compatibility updates
1635
1636* Swift can now cache the S3 secret from Keystone to use for
1637subsequent requests. This functionality is disabled by default but
1638can be enabled by setting the `secret_cache_duration` in the s3token
1639section of the proxy server config to a number greater than 0.
1640
1641* s3api now mimics the AWS S3 behavior of periodically sending
1642whitespace characters on a Complete Multipart Upload request to keep
1643the connection from timing out. Note that since a request could fail
1644after the initial 200 OK response has been sent, it is important to
1645check the response body to determine if the request succeeded.
1646
1647* s3api now properly handles x-amz-metadata-directive headers on
1648COPY operations.
1649
1650* s3api now uses concurrency (default 2) to handle multi-delete
1651requests. This allows multi-delete requests to be processed much
1652more quickly.
1653
1654* s3api now mimics some forms of AWS server-side encryption
1655based on whether Swift's at-rest encryption functionality is enabled.
1656Note that S3 API users are now able to know more about how the
1657cluster is configured than they were previously, ie knowledge of
1658encryption at-rest functionality being enabled or not.
1659
1660* s3api responses now include a '-' in multipart ETags.
1661
1662For new multipart-uploads via the S3 API, the ETag that is
1663stored will be calculated in the same way that AWS uses. This
1664ETag will be used in GET/HEAD responses, bucket listings, and
1665conditional requests via the S3 API. Accessing the same object
1666via the Swift API will use the SLO Etag; however, in JSON
1667container listings the multipart upload etag will be exposed
1668in a new "s3_etag" key. Previously, some S3 clients would complain
1669about download corruption when the ETag did not have a '-'.
1670
1671* S3 ETag for SLOs now include a '-'.
1672
1673Ordinary objects in S3 use the MD5 of the object as the ETag,
1674just like Swift. Multipart Uploads follow a different format, notably
1675including a dash followed by the number of segments. To that end
1676(and for S3 API requests *only*), SLO responses via the S3 API have a
1677literal '-N' added on the end of the ETag.
1678
1679* The default location is now set to "us-east-1". This is more likely
1680to be the default region that a client will try when using v4
1681signatures.
1682
1683Deployers with clusters that relied on the old implicit default
1684location of "US" should explicitly set `location = US` in the
1685`[filter:s3api]` section of proxy-server.conf before upgrading.
1686
1687* Add basic support for ?versions bucket listings. We still do not
1688have support for toggling S3 bucket versioning, but we can at least
1689support getting the latest versions of all objects.
1690
1691* Fixed an issue with SSYNC requests to ensure that only one request
1692can be running on a partition at a time.
1693
1694* Data encryption updates
1695
1696* The kmip_keymaster middleware can now be configured directly in the
1697proxy-server config file. The existing behavior of using an external
1698config file is still supported.
1699
1700* Multiple keymaster middlewares are now supported. This allows
1701migration from one key provider to another.
1702
1703Note that secret_id values must remain unique across all keymasters
1704in a given pipeline. If they are not unique, the right-most keymaster
1705will take precedence.
1706
1707When looking for the active root secret, only the right-most
1708keymaster is used.
1709
1710* Prevent PyKMIP's kmip_protocol logger from logging at DEBUG.
1711Previously, some versions of PyKMIP would include all wire
1712data when the root logger was configured to log at DEBUG; this
1713could expose key material in logs. Only the kmip_keymaster was
1714affected.
1715
1716* Fixed an issue where a failed drive could prevent the container sharder
1717from making progress.
1718
1719* Storage policy definitions in swift.conf can now define the diskfile
1720to use to access objects. See the included swift.conf-sample file for
1721a description of usage.
1722
1723* The EC reconstructor will now attempt to remove empty directories
1724immediately, while the inodes are still cached, rather than waiting
1725until the next run.
1726
1727* Added a keep_idle config option to configure KEEPIDLE time for TCP
1728sockets. The default value is the old constant of 600.
1729
1730* Add databases_per_second to the account-replicator,
1731container-replicator, and container-sharder. This prevents them from
1732using a full CPU core when they are not IO limited.
1733
1734* Allow direct_client users to overwrite the X-Timestamp header.
1735
1736* Various other minor bug fixes and improvements.
1737
1738
1739swift (2.19.2, rocky stable backports)
1740
1741* Sharding improvements
1742
1743* The container-replicator now only attempts to fetch shard ranges if
1744the remote indicates that it has shard ranges. Further, it does so
1745with a timeout to prevent the process from hanging in certain cases.
1746
1747* The container-replicator now correctly enqueues container-reconciler
1748work for sharded containers.
1749
1750* S3 API improvements
1751
1752* Fixed an issue where v4 signatures would not be validated against
1753the body of the request, allowing a replay attack if request headers
1754were captured by a malicious third party. Note that unsigned payloads
1755still function normally.
1756
1757* CompleteMultipartUpload requests with a Content-MD5 now work.
1758
1759* Fixed v1 listings that end with a non-ASCII object name.
1760
1761* Multipart object segments are now actually deleted when the
1762multipart object is deleted via the S3 API.
1763
1764* Fixed an issue that caused Delete Multiple Objects requests with
1765large bodies to 400. This was previously fixed in 2.20.0.
1766
1767* Fixed an issue where non-ASCII Keystone EC2 credentials would not get
1768mapped to the correct account. This was previously fixed in 2.20.0.
1769
1770* Background corruption-detection improvements
1771
1772* Detect and remove invalid entries from hashes.pkl
1773
1774* When object path is not a directory, just quarantine it,
1775rather than the whole suffix.
1776
1777
1778* Fixed a bug where encryption would store the incorrect key
1779metadata if the object name starts with a slash.
1780
1781* Fixed an issue where an object server failure during a client
1782download could leave an open socket between the proxy and
1783client.
1784
1785* Static Large Object sizes in listings for versioned containers are
1786now more accurate.
1787
1788* When refetching Static Large Object manifests, non-manifest responses
1789are now handled better.
1790
1791* Cross-account symlinks now store correct account information in
1792container listings. This was previously fixed in 2.22.0.
1793
1794* Requesting multiple ranges from a Dynamic Large Object now returns the
1795entire object instead of incorrect data. This was previously fixed in
17962.23.0.
1797
1798* When making backend requests, the proxy-server now ensures query
1799parameters are always properly quoted. Previously, the proxy would
1800encounter an error on Python 2.7.17 if the client included non-ASCII
1801query parameters in object requests. This was previously fixed in
18022.23.0.
1803
1804
1805swift (2.19.1, rocky stable backports)
1806
1807* Prevent PyKMIP's kmip_protocol logger from logging at DEBUG.
1808Previously, some versions of PyKMIP would include all wire
1809data when the root logger was configured to log at DEBUG; this
1810could expose key material in logs. Only the kmip_keymaster was
1811affected.
1812
1813* Fixed an issue where a failed drive could prevent the container sharder
1814from making progress.
1815
1816* Fixed a bug in how Swift uses eventlet that was exposed under high
1817concurrency.
1818
1819
1820swift (2.19.0, OpenStack Rocky)
1821
1822* TempURLs now support IP range restrictions. Please see
1823https://docs.openstack.org/swift/latest/middleware.html#client-usage
1824for more information on how to use this additional restriction.
1825
1826* Add support for multiple root encryption secrets for the trivial
1827and KMIP keymasters. This allows operators to rotate encryption
1828keys over time without needing to re-encrypt all existing data
1829in the cluster. Please see the included sample config files for
1830instructions on how to multiple encryption keys.
1831
1832* The object updater now supports two configuration settings:
1833"concurrency" and "updater_workers". The latter controls how many
1834worker processes are spawned, while the former controls how many
1835concurrent container updates are performed by each worker
1836process. This should speed the processing of async_pendings.
1837
1838On upgrade, a node configured with concurrency=N will still handle
1839async updates N-at-a-time, but will do so using only one process
1840instead of N.
1841
1842If you have a config file like this:
1843
1844[object-updater]
1845concurrency = <N>
1846
1847and you want to take advantage of faster updates, then do this:
1848
1849[object-updater]
1850concurrency = 8 # the default; you can omit this line
1851updater_workers = <N>
1852
1853If you want updates to be processed exactly as before, do this:
1854
1855[object-updater]
1856concurrency = 1
1857updater_workers = <N>
1858
1859* When listing objects in a container in json format, static large
1860objects (SLOs) will now include an additional new "slo_etag" key
1861that matches the etag returned when requesting the SLO. The
1862existing "hash" key remains unchanged as the MD5 of the SLO
1863manifest. Text and XML listings are unaffected by this change.
1864
1865* Log deprecation warnings for `run_pause`. This setting was
1866deprecated in Swift 2.4.0 and is replaced by `interval`.
1867It may be removed in a future release.
1868
1869* Object reconstructor logs are now prefixed with information
1870about the specific worker process logging the message. This
1871makes reading the logs and understanding the messages much simpler.
1872
1873* Lower bounds of dependencies have been updated to reflect what
1874is actually tested.
1875
1876* SSYNC replication mode now removes as much of the directory
1877structure as possible as soon at it observes that the directory
1878is empty. This reduces the work needed for subsequent replication
1879passes.
1880
1881* The container-updater now reports zero objects and bytes used for
1882child DBs in sharded containers. This prevents double-counting in
1883utilization reports.
1884
1885* Add fallocate_reserve to account and container servers. This
1886allows disks shared between account/container and object rings to
1887avoid getting 100% full. The default value of 1% matches the
1888existing default on object servers.
1889
1890* Added an experimental `swift-ring-composer` CLI tool to build
1891composite rings.
1892
1893* Added an optional `read_only` middleware to make an entire cluster
1894or individual accounts read only.
1895
1896* Fixed a bug where zero-byte PUTs would not work properly
1897with "If-None-Match: *" conditional requests.
1898
1899* ACLs now work with unicode in user/account names.
1900
1901* COPY now works with unicode account names.
1902
1903* Improved S3 API compatibility.
1904
1905* Lock timeouts in the container updater are now logged at INFO
1906level, not ERROR.
1907
1908* Various other minor bug fixes and improvements.
1909
1910
1911swift (2.18.0)
1912
1913* Added container sharding, an operator controlled feature that
1914may be used to shard very large container databases into a
1915number of smaller shard containers. This mitigates the issues
1916with one large DB by distributing the data across multiple
1917smaller databases throughout the cluster. Please read the full
1918overview at
1919https://docs.openstack.org/swift/latest/overview_container_sharding.html
1920
1921* Provide an S3 API compatibility layer. The external "swift3"
1922project has been imported into Swift's codebase as the "s3api"
1923middleware.
1924
1925* Added "emergency mode" hooks in the account and container replicators.
1926These options may be used to prioritize moving handoff
1927partitions to primary locations more quickly. This helps when
1928adding capacity to a ring.
1929
1930- Added `-d <devs>` and `-p <partitions>` command line options.
1931
1932- Added a handoffs-only mode.
1933
1934* Add a multiprocess mode to the object replicator. Setting the
1935"replicator_workers" setting to a positive value N will result
1936in the replicator using up to N worker processes to perform
1937replication tasks. At most one worker per disk will be spawned.
1938
1939Worker process logs will have a bit of information prepended so
1940operators can tell which messages came from which worker. The
1941prefix is "[worker M/N pid=P] ", where M is the worker's index,
1942N is the total number of workers, and P is the process ID. Every
1943message from the replicator's logger will have the prefix
1944
1945* The object reconstructor will now fork all available worker
1946processes when operating on a subset of local devices.
1947
1948* Add support for PROXY protocol v1 to the proxy server. This
1949allows the Swift proxy server to log accurate client IP
1950addresses when there is a proxy or SSL-terminator between the
1951client and the Swift proxy server. Example servers supporting
1952this PROXY protocol include stunnel, haproxy, hitch, and
1953varnish. See the sample proxy server config file for the
1954appropriate config setting to enable or disable this
1955functionality.
1956
1957* In the ratelimit middleware, account whitelist and blacklist
1958settings have been deprecated and may be removed in a future
1959release. When found, a deprecation message will be logged.
1960Instead of these config file values, set X-Account-Sysmeta-
1961Global-Write-Ratelimit:WHITELIST and X-Account-Sysmeta-Global-
1962Write-Ratelimit:BLACKLIST on the particular accounts that need
1963to be whitelisted or blacklisted. System metadata cannot be added
1964or modified by standard clients. Use the internal client to set sysmeta.
1965
1966* Add a --drop-prefixes flag to swift-account-info,
1967swift-container-info, and swift-object-info. This makes the
1968output between the three more consistent.
1969
1970* statsd error messages correspond to 5xx responses only. This
1971makes monitoring more useful because actual errors (5xx) will
1972not be hidden by common user requests (4xx). Previously, some 4xx
1973responses would be included in timing information in the statsd
1974error messages.
1975
1976* Truncate error logs to prevent log handler from running out of buffer.
1977
1978* Updated requirements.txt to match global exclusions and formatting.
1979
1980* tempauth user names now support unicode characters.
1981
1982* Various other minor bug fixes and improvements.
1983
1984
1985swift (2.17.1, queens stable backports)
1986
1987* Fix SLO delete for accounts with non-ASCII names.
1988
1989* Fixed an issue in COPY where concurrent requests may have copied the
1990wrong data.
1991
1992* Fixed a bug in how Swift uses eventlet that was exposed under high
1993concurrency.
1994
1995
1996swift (2.17.0, OpenStack Queens)
1997
1998* Added symlink objects support.
1999
2000Symlink objects reference one other object. They are created by
2001creating an empty object with an X-Symlink-Target header. The value of
2002the header is of the format <container>/<object>, and the target does
2003not need to exist at the time of symlink creation. Cross-account
2004symlinks can be created by including the
2005X-Symlink-Target-Account header.
2006
2007GET and HEAD requests to a symlink will operate on the
2008referenced object and require appropriate permission in the
2009target container. DELETE and PUT requests will operate on the
2010symlink object itself. POST requests are not forwarded to the
2011referenced object. POST requests sent to a symlink will result
2012in a 307 Temporary Redirect response.
2013
2014* Added support for inline data segments in SLO manifests.
2015
2016Upgrade impact: during a rolling upgrade, an updated proxy server
2017may write a manifest that an out-of-date proxy server will not be
2018able to read. This will resolve itself once the upgrade completes
2019on all nodes.
2020
2021* The tempurl digest algorithm is now configurable, and Swift added
2022support for both SHA-256 and SHA-512. Supported tempurl digests
2023are exposed to clients in `/info`. Additionally, tempurl signatures
2024can now be base64 encoded.
2025
2026* Object expiry improvements
2027
2028- Disallow X-Delete-At header values equal to the X-Timestamp header.
2029
2030- X-Delete-At computation now uses X-Timestamp instead of
2031system time. This prevents clock skew causing inconsistent
2032expiry data.
2033
2034- Deleting an expiring object will now cause less work in the system.
2035The number of async pending files written has been reduced for all
2036objects and greatly reduced for erasure-coded objects. This
2037dramatically reduces the burden on container servers.
2038
2039- Stopped logging tracebacks when receiving an unexpected response.
2040
2041- Allow the expirer to gracefully move past updating stale work items.
2042
2043* When the object auditor examines an object, it will now add any
2044missing metadata checksums.
2045
2046* `swift-ring-builder` improvements
2047
2048- Save the ring when dispersion improves, even if balance
2049doesn't improve.
2050
2051- Improved the granularity of the ring dispersion metric so that
2052small improvements after a rebalance can show changes in the
2053dispersion number. Dispersion in existing and new rings can be
2054recalculated using the new '--recalculate' option to
2055`swift-ring-builder`.
2056
2057- Display more info on empty rings.
2058
2059* Fixed rare socket leak on range requests to erasure-coded objects.
2060
2061* The number of container updates on object PUTs (ie to update listings)
2062has been recomputed to be far more efficient while maintaining
2063durability guarantees. Specifically, object PUTs to erasure-coded
2064policies will now normally result in far fewer container updates.
2065
2066* Moved Zuul v3 tox jobs into the Swift code repo.
2067
2068* Changed where liberasurecode-devel for CentOS 7 is referenced and
2069installed as a dependency.
2070
2071* Added container/object listing with prefix to InternalClient.
2072
2073* Added '--swift-versions' to `swift-recon` CLI to compare installed
2074versions in the cluster.
2075
2076* Stop logging tracebacks in the `object-replicator` when it runs
2077out of handoff locations.
2078
2079* Send ETag header in 206 Partial Content responses to SLO reads.
2080
2081* Now `swift-recon-cron` works with conf.d configs.
2082
2083* Improved `object-updater` stats logging. It now tells you all of
2084its stats (successes, failures, quarantines due to bad pickles,
2085unlinks, and errors), and it tells you incremental progress every
2086five minutes. The logging at the end of a pass remains and has
2087been expanded to also include all stats.
2088
2089* If a proxy server is configured to autocreate accounts and the
2090account create fails, it will now return a server error (500)
2091instead of Not Found (404).
2092
2093* Fractional replicas are no longer allowed for erasure code policies.
2094
2095* Various other minor bug fixes and improvements.
2096
2097
2098swift (2.16.0)
2099
2100* Add checksum to object extended attributes.
2101
2102* Let clients request heartbeats during SLO PUTs by including
2103the query parameter `heartbeat=on`.
2104
2105With heartbeating turned on, the proxy will start its response
2106immediately with 202 Accepted then send a single whitespace
2107character periodically until the request completes. At that
2108point, a final summary chunk will be sent which includes a
2109"Response Status" key indicating success or failure and (if
2110successful) an "Etag" key indicating the Etag of the resulting
2111SLO.
2112
2113* Added support for retrieving the encryption root secret from an
2114external key management system. In practice, this is currently limited
2115to Barbican.
2116
2117* Move listing formatting out to a new proxy middleware named
2118`listing_formats`. `listing_formats` should be just right of the
2119first proxy-logging middleware, and left of most other
2120middlewares. If it is not already present, it will be
2121automatically inserted for you.
2122
2123Note: if you have a custom middleware that makes account or
2124container listings, it will only receive listings in JSON format.
2125
2126* Log deprecation warning for `allow_versions` in the container
2127server config. Configure the `versioned_writes` middleware in
2128the proxy server instead. This option will be ignored in a
2129future release.
2130
2131* Replaced `replication_one_per_device` by custom count defined by
2132`replication_concurrency_per_device`. The original config value
2133is deprecated, but continues to function for now. If both values
2134are defined, the old `replication_one_per_device` is ignored.
2135
2136* Fixed a rare issue where multiple backend timeouts could result
2137in bad data being returned to the client.
2138
2139* Cleaned up logged tracebacks when talking to memcached servers.
2140
2141* Account and container replication stats logs now include
2142`remote_merges`, the number of times a whole database was sent
2143to another node.
2144
2145* Respond 400 Bad Request when Accept headers fail to parse
2146instead of returning 406 Not Acceptable.
2147
2148* The `domain_remap` middleware now supports the
2149`mangle_client_paths` option. Its default "false" value changes
2150`domain_remap` parsing to stop stripping the `path_root` value
2151from URL paths. If users depend on this path mangling, operators
2152should set `mangle_client_paths` to "True" before upgrading.
2153
2154* Remove `swift-temp-url` script. The functionality has been in
2155swiftclient for a long time and this script has been deprecated
2156since 2.10.0.
2157
2158* Removed all `post_as_copy` related code and configs. The option
2159has been deprecated since 2.13.0.
2160
2161* Fixed XML responses (eg on bulk extractions and SLO upload
2162failures) to be more correct. The enclosing "delete" tag was
2163removed where it doesn't make sense and replaced with "extract"
2164or "upload" depending on the context.
2165
2166* Static Large Object (SLO) manifest may now (again) have zero-byte
2167last segments.
2168
2169* Fixed an issue where background consistency daemon child
2170processes would deadlock waiting on the same file descriptor.
2171
2172* Removed a race condition where a POST to an SLO could modify the
2173X-Static-Large-Object metadata.
2174
2175* Accept a trade off of dispersion for balance in the ring builder
2176that will result in getting to balanced rings much more quickly
2177in some cases.
2178
2179* Fixed using `swift-ring-builder set_weight` with more than one
2180device.
2181
2182* When requesting objects, return 404 if a tombstone is found and
2183is newer than any data found. Previous behavior was to return
2184stale data.
2185
2186* Various other minor bug fixes and improvements.
2187
2188
2189swift (2.15.2, pike stable backports)
2190
2191* Fixed a cache invalidation issue related to GET and PUT requests to
2192containers that would occasionally cause object PUTs to a container to
2193404 after the container had been successfully created.
2194
2195* Removed a race condition where a POST to an SLO could modify the
2196X-Static-Large-Object metadata.
2197
2198* Fixed rare socket leak on range requests to erasure-coded objects.
2199
2200* Fix SLO delete for accounts with non-ASCII names.
2201
2202* Fixed an issue in COPY where concurrent requests may have copied the
2203wrong data.
2204
2205* Fixed time skew when using X-Delete-After.
2206
2207* Send ETag header in 206 Partial Content responses to SLO reads.
2208
2209
2210swift (2.15.1, OpenStack Pike)
2211
2212* Fixed a bug introduced in 2.15.0 where the object reconstructor
2213would exit with a traceback if no EC policy was configured.
2214
2215* Fixed deadlock when logging from a tpool thread.
2216
2217The object server runs certain IO-intensive methods outside the
2218main pthread for performance. Previously, if one of those methods
2219tried to log, this can cause a crash that eventually leads to an
2220object server with hundreds or thousands of greenthreads, all
2221deadlocked. The fix is to use a mutex that works across different
2222greenlets and different pthreads.
2223
2224* The object reconstructor can now rebuild an EC fragment for an
2225expired object.
2226
2227* Various other minor bug fixes and improvements.
2228
2229
2230swift (2.15.0)
2231
2232* Add Composite Ring Functionality
2233
2234A composite ring comprises two or more component rings that are
2235combined to form a single ring with a replica count equal to the
2236sum of the component rings. The component rings are built
2237independently, using distinct devices in distinct regions, which
2238means that the dispersion of replicas between the components can
2239be guaranteed.
2240
2241Composite rings can be used for explicit replica placement and
2242"replicated EC" for global erasure codes policies.
2243
2244Composite rings support 'cooperative' rebalance which means that
2245during rebalance all component rings will be consulted before a
2246partition is moved in any component ring. This avoids the same
2247partition being simultaneously moved in multiple components.
2248
2249We do not yet have CLI tools for creating composite rings, but
2250the functionality has been enabled in the ring modules to
2251support this advanced functionality. CLI tools will be delivered
2252in a subsequent release.
2253
2254For further information see the docs at
2255<https://docs.openstack.org/swift/latest/overview_ring.html#module-swift.common.ring.composite_builder>
2256
2257* The EC reconstructor process has been dramatically improved by
2258adding support for multiple concurrent workers. Multiple
2259processes are required to get high concurrency, and this change
2260results in much faster rebalance times on servers with many
2261drives.
2262
2263Currently the default is still only one process, and no workers.
2264Set `reconstructor_workers` in the `[object-reconstructor]`
2265section to some whole number <= the number of devices on a node
2266to get that many reconstructor workers.
2267
2268* Add support to increase object ring partition power transparently
2269to end users and with no cluster downtime. Increasing the ring
2270partition power allows for incremental adjustment to the upper bound
2271of the cluster size. Please review the full docs at
2272<https://docs.openstack.org/swift/latest/ring_partpower.html>.
2273
2274* Added support for per-policy proxy config options. This allows
2275per-policy affinity options to be set for use with duplicated EC
2276policies and composite rings. Certain options found in per-policy
2277conf sections will override their equivalents that may be set
2278in the [app:proxy-server] section. Currently the options handled that
2279way are sorting_method, read_affinity, write_affinity,
2280write_affinity_node_count, and write_affinity_handoff_delete_count.
2281
2282* Enabled versioned writes on Dynamic Large Objects (DLOs).
2283
2284* Write-affinity aware object deletion
2285
2286Previously, when deleting objects in multi-region swift
2287deployment with write affinity configured, users always get 404
2288when deleting object before it's replicated to appropriate nodes.
2289
2290Now Swift will use `write_affinity_handoff_delete_count` to
2291define how many local handoff nodes should swift send request to
2292get more candidates for the final response. The default value
2293"auto" means Swift will calculate the number automatically based
2294on the number of replicas and current cluster topology.
2295
2296* Require that known-bad EC schemes be deprecated
2297
2298Erasure-coded storage policies using isa_l_rs_vand and nparity
2299>= 5 must be configured as deprecated, preventing any new
2300containers from being created with such a policy. This
2301configuration is known to harm data durability. Any data in such
2302policies should be migrated to a new policy. See
2303https://bugs.launchpad.net/swift/+bug/1639691 for more
2304information
2305
2306* Optimize the Erasure Code reconstructor protocol to reduce IO
2307load on servers.
2308
2309* Fixed a bug where SSYNC would fail to replicate unexpired object.
2310
2311* Fixed a bug in domain_remap when obj starts/ends with slash.
2312
2313* Fixed a socket leak in copy middleware when a large object was copied.
2314
2315* Fixed a few areas where the `swiftdir` option was not respected.
2316
2317* `swift-recon` now respects storage policy aliases.
2318
2319* cname_lookup middleware now accepts a `nameservers` config
2320variable that, if defined, will be used for DNS lookups instead of
2321the system default.
2322
2323* Make mount_check option usable in containerized environments by
2324adding a check for an ".ismount" file at the root directory of
2325a device.
2326
2327* Remove deprecated `vm_test_mode` option.
2328
2329* The object and container server config option `slowdown` has been
2330deprecated in favor of the new `objects_per_second` and
2331`containers_per_second` options.
2332
2333* The output of devices from `swift-ring-builder` has been reordered
2334by region, zone, ip, and device.
2335
2336* Imported docs content from openstack-manuals project.
2337
2338* Various other minor bug fixes and improvements.
2339
2340
2341swift (2.14.0)
2342
2343* Fixed error where a container drive error resulted in double space
2344usage on rest drives. When drive with container or account database
2345is unmounted, the bug would create handoff replicas on all remaining
2346drives, increasing the drive space used and filling the cluster.
2347
2348* Fixed UnicodeDecodeError in the object reconstructor that would
2349prevent objects with non-ascii names from being reconstructed and
2350caused the reconstructor process to hang.
2351
2352* EC Fragment Duplication - Foundational Global EC Cluster Support.
2353
2354* Fixed encoding issue in ssync where a mix of ascii and non-ascii
2355metadata values would cause an error.
2356
2357* `name_check` and `cname_lookup` keys have been added to `/info`.
2358
2359* Add Vary: headers for CORS responses.
2360
2361* Always set Swift processes to use UTC.
2362
2363* Prevent logged traceback in object-server on client disconnect for
2364chunked transfers to replicated policies.
2365
2366* Removed per-device reconstruction stats. Now that the reconstructor
2367is shuffling parts before going through them, those stats no longer
2368make sense.
2369
2370* Log correct status code for conditional requests.
2371
2372* Drop support for auth-server from common/manager.py and `swift-init`.
2373
2374* Include received fragment index in reconstructor log warnings.
2375
2376* Fixed a race condition in updating hashes.pkl where a partition
2377suffix invalidation may have been skipped.
2378
2379* `domain_remap` now accepts a list of domains in "storage_domain".
2380
2381* Do not follow CNAME when host is in storage_domain.
2382
2383* Enable cluster-wide CORS Expose-Headers setting via
2384"cors_expose_headers".
2385
2386* Cache all answers from nameservers in cname_lookup.
2387
2388* Log the correct request type of a subrequest downstream of copy.
2389
2390* Various other minor bug fixes and improvements.
2391
2392
2393swift (2.13.0, OpenStack Ocata)
2394
2395* Improvements in key parts of the consistency engine
2396
2397- Improved performance by eliminating an unneeded directory
2398structure hash.
2399
2400- Optimized the common case for hashing filesystem trees, thus
2401eliminating a lot of extraneous disk I/O.
2402
2403- Updated the `hashes.pkl` file format to include timestamp information
2404for race detection. Also simplified hashing logic to prevent race
2405conditions and optimize for the common case.
2406
2407- The erasure code reconstructor will now shuffle work jobs across all
2408disks instead of going disk-by-disk. This eliminates single-disk I/O
2409contention and allows continued scaling as concurrency is increased.
2410
2411- Erasure code reconstruction handles moving data from handoff nodes
2412better. Instead of moving the data to another handoff, it waits
2413until it can be moved to a primary node.
2414
2415Upgrade Impact: If you upgrade and roll back, you must delete all
2416`hashes.pkl` files.
2417
2418* If using erasure coding with ISA-L in rs_vand mode and 5 or more parity
2419fragments, Swift will emit a warning. This is a configuration that is
2420known to harm data durability. In a future release, this warning will be
2421upgraded to an error unless the policy is marked as deprecated. All data
2422in an erasure code storage policy using isa_l_rs_vand with 5 or more
2423parity should be migrated as soon as possible. Please see
2424https://bugs.launchpad.net/swift/+bug/1639691 for more information.
2425
2426* The erasure code reconstructor `handoffs_first` option has been
2427deprecated in favor of `handoffs_only`. `handoffs_only` is far more
2428useful, and just like `handoffs_first` mode in the replicator, it gives
2429the operator the option of forcing the consistency engine to focus
2430solely on revert (handoff) jobs, thus improving the speed of
2431rebalances. The `handoffs_only` behavior is somewhat consistent with
2432the replicator's `handoffs_first` option (any error on any handoff in
2433the replicator will make it essentially handoff only forever) but the
2434`handoff_only` option does what you want and is named correctly in the
2435reconstructor.
2436
2437* The default for `object_post_as_copy` has been changed to False. The
2438option is now deprecated and will be removed in a future release. If
2439your cluster is still running with post-as-copy enabled, please update
2440it to use the "fast-post" method. Future versions of Swift will not
2441support post-as-copy, and future features will not be supported under
2442post-as-copy. ("Fast-post" is where `object_post_as_copy` is false).
2443
2444* Temporary URLs now support one common form of ISO 8601 timestamps in
2445addition to Unix seconds-since-epoch timestamps. The ISO 8601 format
2446accepted is '%Y-%m-%dT%H:%M:%SZ'. This makes TempURLs more
2447user-friendly to produce and consume.
2448
2449* Listing containers in accounts with json or xml now includes a
2450`last_modified` time. This does not change any on-disk data, but simply
2451exposes the value to offer consistency with the object listings on
2452containers.
2453
2454* Fixed a bug where the ring builder would not allow removal of a device
2455when min_part_seconds_left was greater than zero.
2456
2457* PUT subrequests generated from a client-side COPY will now properly log
2458the SSC (server-side copy) Swift source field. See
2459https://docs.openstack.org/swift/latest/logs.html#swift-source for
2460more information.
2461
2462* Fixed a bug where an SLO download with a range request may have resulted
2463in a 5xx series response.
2464
2465* SLO manifest PUT requests can now be properly validated by sending an
2466ETag header of the md5 sum of the concatenated md5 sums of the
2467referenced segments.
2468
2469* Fixed the stats calculation in the erasure code reconstructor.
2470
2471* Rings with min_part_hours set to zero will now only move one partition
2472replica per rebalance, thus matching behavior when min_part_hours is
2473greater than zero.
2474
2475* I/O priority is now supported on AArch64 architecture.
2476
2477* Various other minor bug fixes and improvements.
2478
2479
2480swift (2.12.0)
2481
2482* Ring files now include byteorder information about the endian of
2483the machine used to generate the file, and the values are
2484appropriately byteswapped if deserialized on a machine with a
2485different endianness.
2486
2487Newly created ring files will be byteorder agnostic, but
2488previously generated ring files will still fail on different
2489endian architectures. Regenerating older ring files will cause
2490them to become byteorder agnostic. The regeneration of the ring
2491files will not cause any new data movement. Newer ring files
2492will still be usable by older versions of Swift (on machines
2493with the same endianness--this maintains existing behavior).
2494
2495* All 416 responses will now include a Content-Range header with
2496an unsatisfied-range value. This allows the caller to know the
2497valid range request value for an object.
2498
2499* TempURLs now support a validation against a common prefix. A
2500prefix-based signature grants access to all objects which share the
2501same prefix. This avoids the creation of a large amount of signatures,
2502when a whole container or pseudofolder is shared.
2503
2504* Correctly handle deleted files with if-none-match requests.
2505
2506* Correctly send 412 Precondition Failed if a user sends an
2507invalid copy destination. Previously Swift would send a 500
2508Internal Server Error.
2509
2510* In SLO manifests, the `etag` and `size_bytes` keys are now fully
2511optional and not required. Previously, the keys needed to exist
2512but the values were optional. The only required key is `path`.
2513
2514* Fixed a rare infinite loop in `swift-ring-builder` while placing parts.
2515
2516* Ensure update of the container by object-updater, removing a rare
2517possibility that objects would never be added to a container listing.
2518
2519* Fixed non-deterministic suffix updates in hashes.pkl where a partition
2520may be updated much less often than expected.
2521
2522* Fixed regression in consolidate_hashes that occurred when a new
2523file was stored to new suffix to a non-empty partition. This bug
2524was introduced in 2.7.0 and could cause an increase in rsync
2525replication stats during and after upgrade, due to inconsistent
2526hashing of partition suffixes.
2527
2528* Account and container databases will now be quarantined if the
2529database schema has been corrupted.
2530
2531* Removed "in-process-" from func env tox name to work with
2532upstream CI.
2533
2534* Respect server type for --md5 check in swift-recon.
2535
2536* Remove empty db hash and suffix directories if a db gets quarantined.
2537
2538* Various other minor bug fixes and improvements.
2539
2540
2541swift (2.11.0)
2542
2543* We have made significant improvements and changes to the erasure
2544code implementation.
2545
2546- Instead of using a separate .durable file to indicate the
2547durable status of an EC fragment archive, we rename the .data
2548to include a durable marker in the filename. This saves one
2549inode for every EC .data file. Existing .durable files will not
2550be removed, and they will continue to work just fine.
2551
2552Note that after writing EC data with Swift 2.11.0 or later, that
2553data will not be accessible to earlier versions of Swift.
2554
2555- Closed a bug where ssync may have written bad fragment data in
2556some circumstances. A check was added to ensure the correct number
2557of bytes is written for a fragment before finalizing the write.
2558Also, erasure coded fragment metadata will now be validated on read
2559requests and, if bad data is found, the fragment will be quarantined.
2560
2561- The improvements to EC reads made in Swift 2.10.0 have also been
2562applied to the reconstructor. This allows fragments to be rebuilt
2563in more circumstances, resulting in faster recovery from failures.
2564
2565- WARNING: If you are using the ISA-L library for erasure codes,
2566please upgrade to liberasurecode 1.3.1 (or later) as soon as
2567possible. If you are using isa_l_rs_vand with more than 4 parity,
2568please read https://bugs.launchpad.net/swift/+bug/1639691 and take
2569necessary action.
2570
2571- Updated the PyECLib dependency to 1.3.1.
2572
2573* Added a configurable URL base to staticweb.
2574
2575* Support multi-range GETs for static large objects.
2576
2577* TempURLs using the "inline" parameter can now also set the
2578"filename" parameter. Both are used in the Content-Disposition
2579response header.
2580
2581* Mirror X-Trans-Id to X-Openstack-Request-Id.
2582
2583* SLO will now concurrently HEAD segments, resulting in much faster
2584manifest validation and object creation. By default, two HEAD requests
2585will be done at a time, but this can be changed by the operator via
2586the new `concurrency` setting in the "[filter:slo]" section of
2587the proxy server config.
2588
2589* Suppressed the KeyError message when auditor finds an expired object.
2590
2591* Daemons using InternalClient can now be properly killed with SIGTERM.
2592
2593* Added a "user" option to the drive-audit config file. Its value is
2594used to set the owner of the drive-audit recon cache.
2595
2596* Throttle update_auditor_status calls so it updates no more than once
2597per minute.
2598
2599* Suppress unexpected-file warnings for rsync temp files.
2600
2601* Various other minor bug fixes and improvements.
2602
2603
2604swift (2.10.0, OpenStack Newton)
2605
2606* Object versioning now supports a "history" mode in addition to
2607the older "stack" mode. The difference is in how DELETE requests
2608are handled. For full details, please read
2609https://docs.openstack.org/swift/latest/overview_object_versioning.html.
2610
2611* New config variables to change the schedule priority and I/O
2612scheduling class. Servers and daemons now understand
2613`nice_priority`, `ionice_class`, and `ionice_priority` to
2614schedule their relative importance. Please read
2615https://docs.openstack.org/swift/latest/admin_guide.html
2616for full config details.
2617
2618* On newer kernels (3.15+ when using xfs), Swift will use the O_TMPFILE
2619flag when opening a file instead of creating a temporary file
2620and renaming it on commit. This makes the data path simpler and
2621allows the filesystem to more efficiently optimize the files on
2622disk, resulting in better performance.
2623
2624* Erasure code GET performance has been significantly
2625improved in clusters that are not completely healthy.
2626
2627* Significant improvements to the api-ref doc available at
2628https://docs.openstack.org/api-ref/object-store/.
2629
2630* A PUT or POST to a container will now update the container's
2631Last-Modified time, and that value will be included in a
2632GET/HEAD response.
2633
2634* Include object sysmeta in POST responses. Sysmeta is still
2635stripped from the response before being sent to the client, but
2636this allows middleware to make use of the information.
2637
2638* Fixed a bug where a container listing delimiter wouldn't work
2639with encryption.
2640
2641* Fixed a bug where some headers weren't being copied correctly
2642in a COPY request.
2643
2644* Container sync can now copy SLOs more efficiently by allowing
2645the manifest to be synced before all of the referenced segments.
2646This fixes a bug where container sync would not copy SLO manifests.
2647
2648* Fixed a bug where some tombstone files might never be reclaimed.
2649
2650* Update dnspython dependency to 1.14, removing the need to have
2651separate dnspython dependencies for Py2 and Py3.
2652
2653* Deprecate swift-temp-url and call python-swiftclient's
2654implementation instead. This adds python-swiftclient as an
2655optional dependency of Swift.
2656
2657* Moved other-requirements.txt to bindep.txt. bindep.txt lists
2658non-python dependencies of Swift.
2659
2660* Various other minor bug fixes and improvements.
2661
2662
2663swift (2.9.0)
2664
2665* Swift now supports at-rest encryption. This feature encrypts all
2666object data and user-set object metadata as it is sent to the cluster.
2667This feature is designed to prevent information leaks if a hard drive
2668leaves the cluster. The encryption is transparent to the end-user.
2669
2670At-rest encryption in Swift is enabled on the proxy server by
2671adding two middlewares to the pipeline. The `keymaster` middleware
2672is responsible for managing the encryption keys and the `encryption`
2673middleware does the actual encryption and decryption.
2674
2675Existing clusters will continue to work without enabling
2676encryption. Although enabling this feature on existing clusters
2677is supported, best practice is to enable this feature on new
2678clusters when the cluster is created.
2679
2680For more information on the details of the at-rest encryption
2681feature, please see the docs at
2682https://docs.openstack.org/swift/latest/overview_encryption.html.
2683
2684* `swift-recon` can now be called with more than one server type.
2685
2686* Fixed a bug where non-ascii names could cause an error in logging
2687and cause a 5xx response to the client.
2688
2689* The install guide and API reference have been moved into Swift's
2690source code repository.
2691
2692* Various other minor bug fixes and improvements.
2693
2694
2695swift (2.8.0)
2696
2697* Allow concurrent bulk deletes for server-side deletes of static
2698large objects. Previously this would be single-threaded and each
2699DELETE executed serially. The new `delete_concurrency` value
2700(default value is 2) in the `[filter:slo]` and `[filter:bulk]`
2701sections of the proxy server config controls the concurrency
2702used to perform the DELETE requests for referenced segments. The
2703default value is recommended, but setting the value to 1
2704restores previous behavior.
2705
2706* Refactor server-side copy as middleware
2707
2708The COPY verb is now implemented in the `copy` middleware instead
2709of in the proxy server code. If not explicitly added, the server
2710side copy middleware is auto-inserted to the left of `dlo`, `slo`
2711and `versioned_writes` middlewares in the proxy server pipeline.
2712As a result, dlo and slo `copy_hooks` are no longer required. SLO
2713manifests are now validated when copied so when copying a
2714manifest to another account the referenced segments must be
2715readable in that account for the manifest copy to succeed
2716(previously this validation was not made, meaning the manifest
2717was copied but could be unusable if the segments were not
2718readable).
2719
2720With this change, there should be no change in functionality or
2721existing behavior.
2722
2723* `fallocate_reserve` can now be a percentage (a value ending in "%"),
2724and the default has been adjusted to "1%".
2725
2726* Now properly require account/container metadata be valid UTF-8
2727
2728* TempURL responses now include an `Expires` header with the
2729expiration time embedded in the URL.
2730
2731* Non-Python dependencies are now listed in other-requirements.txt.
2732
2733* `swift-ring-builder` now supports a `--yes` option to assume a
2734yes response to all questions. This is useful for scripts.
2735
2736* Write requests to a replicated storage policy with an even number
2737of replicas now have a quorum size of half the replica count
2738instead of half-plus-one.
2739
2740* Container sync now logs per-container stat information so operators
2741can track progress. This is logged at INFO level.
2742
2743* `swift-dispersion-*` now allows region to be specified when there
2744are multiple Swift regions served by the same Keystone instance
2745
2746* Fix infinite recursion during logging when syslog is down.
2747
2748* Fixed a bug where a backend failure during a read could result in
2749a missing byte in the response body.
2750
2751* Stop `staticweb` revealing container existence to unauth'd requests.
2752
2753* Reclaim isolated .meta files if they are older than the `reclaim_age`.
2754
2755* Make `rsync` ignore its own temporary files instead of spreading
2756them around the cluster, wasting space.
2757
2758* The object auditor now ignores files in the devices directory when
2759auditing objects.
2760
2761* The deprecated `threads_per_disk` setting has been removed. Deployers
2762are encouraged to use `servers_per_port` instead.
2763
2764* Fixed an issue where a single-replica configuration for account or
2765container DBs could result in the DB being inadvertently deleted if
2766it was placed on a handoff node.
2767
2768* `disable_fallocate` now also correctly disables `fallocate_reserve`.
2769
2770* Fixed a bug where the account-reaper did not delete all containers
2771in a reaped account.
2772
2773* Correctly handle delimiter queries where results start with the
2774delimiter and no prefix is given.
2775
2776* Changed the recommended ports for Swift services from ports
27776000-6002 to unused ports 6200-6202 so they do not conflict with
2778X-Windows or other services. Since these config values must be
2779explicitly set in the config file, this doesn't impact existing
2780deployments.
2781
2782* Fixed an instance where REPLICATE requests would not use
2783`replication_ip`.
2784
2785* Various other minor bug fixes and improvements.
2786
2787
2788swift (2.7.0, OpenStack Mitaka)
2789
2790* Bump PyECLib requirement to >= 1.2.0
2791
2792* Update container on fast-POST
2793
2794"Fast-POST" is the mode where `object_post_as_copy` is set to
2795`False` in the proxy server config. This mode now allows for
2796fast, efficient updates of metadata without needing to fully
2797recopy the contents of the object. While the default still is
2798`object_post_as_copy` as True, the plan is to change the default
2799to False and then deprecate post-as-copy functionality in later
2800releases. Fast-POST now supports container-sync functionality.
2801
2802* Add concurrent reads option to proxy.
2803
2804This change adds 2 new parameters to enable and control concurrent
2805GETs in Swift, these are `concurrent_gets` and `concurrency_timeout`.
2806
2807`concurrent_gets` allows you to turn on or off concurrent
2808GETs; when on, it will set the GET/HEAD concurrency to the
2809replica count. And in the case of EC HEADs it will set it to
2810ndata. The proxy will then serve only the first valid source to
2811respond. This applies to all account, container, and replicated
2812object GETs and HEADs. For EC only HEAD requests are affected.
2813The default for `concurrent_gets` is off.
2814
2815`concurrency_timeout` is related to `concurrent_gets` and is
2816the amount of time to wait before firing the next thread. A
2817value of 0 will fire at the same time (fully concurrent), but
2818setting another value will stagger the firing allowing you the
2819ability to give a node a short chance to respond before firing
2820the next. This value is a float and should be somewhere between
28210 and `node_timeout`. The default is `conn_timeout`, meaning by
2822default it will stagger the firing.
2823
2824* Added an operational procedures guide to the docs. It can be
2825found at https://docs.openstack.org/swift/latest/ops_runbook/index.html and
2826includes information on detecting and handling day-to-day
2827operational issues in a Swift cluster.
2828
2829* Make `handoffs_first` a more useful mode for the object replicator.
2830
2831The `handoffs_first` replication mode is used during periods of
2832problematic cluster behavior (e.g. full disks) when replication
2833needs to quickly drain partitions from a handoff node and move
2834them to a primary node.
2835
2836Previously, `handoffs_first` would sort that handoff work before
2837"normal" replication jobs, but the normal replication work could
2838take quite some time and result in handoffs not being drained
2839quickly enough.
2840
2841In order to focus on getting handoff partitions off the node
2842`handoffs_first` mode will now abort the current replication
2843sweep before attempting any primary suffix syncing if any of the
2844handoff partitions were not removed for any reason - and start
2845over with replication of handoffs jobs as the highest priority.
2846
2847Note that `handoffs_first` being enabled will emit a warning on
2848start up, even if no handoff jobs fail, because of the negative
2849impact it can have during normal operations by dog-piling on a
2850node that was temporarily unavailable.
2851
2852* By default, inbound `X-Timestamp` headers are now disallowed
2853(except when in an authorized container-sync request). This
2854header is useful for allowing data migration from other storage
2855systems to Swift and keeping the original timestamp of the data.
2856If you have this migration use case (or any other requirement on
2857allowing the clients to set an object's timestamp), set the
2858`shunt_inbound_x_timestamp` config variable to False in the
2859gatekeeper middleware config section of the proxy server config.
2860
2861* Requesting a SLO manifest file with the query parameters
2862"?multipart-manifest=get&format=raw" will return the contents of
2863the manifest in the format as was originally sent by the client.
2864The "format=raw" is new.
2865
2866* Static web page listings can now be rendered with a custom
2867label. By default listings are rendered with a label of:
2868"Listing of /v1/<account>/<container>/<path>". This change adds
2869a new custom metadata key/value pair
2870`X-Container-Meta-Web-Listings-Label: My Label` that when set,
2871will cause the following: "Listing of My Label/<path>" to be
2872rendered instead.
2873
2874* Previously, static large objects (SLOs) had a minimum segment
2875size (default to 1MiB). This limit has been removed, but small
2876segments will be ratelimited. The config parameter
2877`rate_limit_under_size` controls the definition of "small"
2878segments (1MiB by default), and `rate_limit_segments_per_sec`
2879controls how many segments per second can be served (default is 1).
2880With the default values, the effective behavior is identical to the
2881previous behavior when serving SLOs.
2882
2883* Container sync has been improved to perform a HEAD on the remote
2884side of the sync for each object being synced. If the object
2885exists on the remote side, container-sync will no longer
2886transfer the object, thus significantly lowering the network
2887requirements to use the feature.
2888
2889* The object auditor will now clean up any old, stale rsync temp
2890files that it finds. These rsync temp files are left if the
2891rsync process fails without completing a full transfer of an
2892object. Since these files can be large, the temp files may end
2893up filling a disk. The new auditor functionality will reap these
2894rsync temp files if they are old. The new object-auditor config
2895variable `rsync_tempfile_timeout` is the number of seconds old a
2896tempfile must be before it is reaped. By default, this variable
2897is set to "auto" or the rsync_timeout plus 900 seconds (falling
2898back to a value of 1 day).
2899
2900* The Erasure Code reconstruction process has been made more
2901efficient by not syncing data files when only the durable commit
2902file is missing.
2903
2904* Fixed a bug where 304 and 416 response may not have the right
2905Etag and Accept-Ranges headers when the object is stored in an
2906Erasure Coded policy.
2907
2908* Versioned writes now correctly stores the date of previous versions
2909using GMT instead of local time.
2910
2911* The deprecated Keystone middleware option is_admin has been removed.
2912
2913* Fixed log format in object auditor.
2914
2915* The zero-byte mode (ZBF) of the object auditor will now properly
2916observe the `--once` option.
2917
2918* Swift keeps track, internally, of "dirty" parts of the partition
2919keyspace with a "hashes.pkl" file. Operations on this file no
2920longer require a read-modify-write cycle and use a new
2921"hashes.invalid" file to track dirty partitions. This change
2922will improve end-user performance for PUT and DELETE operations.
2923
2924* The object replicator's succeeded and failed counts are now logged.
2925
2926* `swift-recon` can now query hosts by storage policy.
2927
2928* The log_statsd_host value can now be an IPv6 address or a hostname
2929which only resolves to an IPv6 address.
2930
2931* Erasure coded fragments now properly call fallocate to reserve disk
2932space before being written.
2933
2934* Various other minor bug fixes and improvements.
2935
2936
2937swift (2.6.0)
2938
2939* Dependency changes
2940- Updated minimum version of eventlet to 0.17.4 to support IPv6.
2941
2942- Updated the minimum version of PyECLib to 1.0.7.
2943
2944* The ring rebalancing algorithm was updated to better handle edge cases
2945and to give better (more balanced) rings in the general case. New rings
2946will have better initial placement, capacity adjustments will move less
2947data for better balance, and existing rings that were imbalanced should
2948start to become better balanced as they go through rebalance cycles.
2949
2950* Added container and account reverse listings.
2951
2952A GET request to an account or container resource with a "reverse=true"
2953query parameter will return the listing in reverse order. When
2954iterating over pages of reverse listings, the relative order of marker
2955and end_marker are swapped.
2956
2957* Storage policies now support having more than one name.
2958
2959This allows operators to fix a typo without breaking existing clients,
2960or, alternatively, have "short names" for policies. This is implemented
2961with the "aliases" config key in the storage policy config in
2962swift.conf. The aliases value is a list of names that the storage
2963policy may also be identified by. The storage policy "name" is used to
2964report the policy to users (eg in container headers). The aliases have
2965the same naming restrictions as the policy's primary name.
2966
2967* The object auditor learned the "interval" config value to control the
2968time between each audit pass.
2969
2970* `swift-recon --all` now includes the config checksum check.
2971
2972* `swift-init` learned the --kill-after-timeout option to force a service
2973to quit (SIGKILL) after a designated time.
2974
2975* `swift-recon` now correctly shows timestamps in UTC instead of local
2976time.
2977
2978* Fixed bug where `swift-ring-builder` couldn't select device id 0.
2979
2980* Documented the previously undocumented
2981`swift-ring-builder pretend_min_part_hours_passed` command.
2982
2983* The "node_timeout" config value now accepts decimal values.
2984
2985* `swift-ring-builder` now properly removes devices with zero weight.
2986
2987* `swift-init` return codes are updated via "--strict" and "--non-strict"
2988options. Please see the usage string for more information.
2989
2990* `swift-ring-builder` now reports the min_part_hours lockout time
2991remaining
2992
2993* Container sync has been improved to more quickly find and iterate over
2994the containers to be synced. This reduced server load and lowers the
2995time required to see data propagate between two clusters. Please see
2996https://docs.openstack.org/swift/latest/overview_container_sync.html for more details
2997about the new on-disk structure for tracking synchronized containers.
2998
2999* A container POST will now update that container's put-timestamp value.
3000
3001* TempURL header restrictions are now exposed in /info.
3002
3003* Error messages on static large object manifest responses have been
3004greatly improved.
3005
3006* Closed a bug where an unfinished read of a large object would leak a
3007socket file descriptor and a small amount of memory. (CVE-2016-0738)
3008
3009* Fixed an issue where a zero-byte object PUT with an incorrect Etag
3010would return a 503.
3011
3012* Fixed an error when a static large object manifest references the same
3013object more than once.
3014
3015* Improved performance of finding handoff nodes if a zone is empty.
3016
3017* Fixed duplication of headers in Access-Control-Expose-Headers on CORS
3018requests.
3019
3020* Fixed handling of IPv6 connections to memcache pools.
3021
3022* Continued work towards python 3 compatibility.
3023
3024* Various other minor bug fixes and improvements.
3025
3026
3027swift (2.5.0, OpenStack Liberty)
3028
3029* Added the ability to specify ranges for Static Large Object (SLO)
3030segments.
3031
3032* Replicator configs now support an "rsync_module" value to allow
3033for per-device rsync modules. This setting gives operators the
3034ability to fine-tune replication traffic in a Swift cluster and
3035isolate replication disk IO to a particular device. Please see
3036the docs and sample config files for more information and
3037examples.
3038
3039* Significant work has gone in to testing, fixing, and validating
3040Swift's erasure code support at different scales.
3041
3042* Swift now emits StatsD metrics on a per-policy basis.
3043
3044* Fixed an issue with Keystone integration where a COPY request to a
3045service account may have succeeded even if a service token was not
3046included in the request.
3047
3048* Ring validation now warns if a placement partition gets assigned to the
3049same device multiple times. This happens when devices in the ring are
3050unbalanced (e.g. two servers where one server has significantly more
3051available capacity).
3052
3053* Various other minor bug fixes and improvements.
3054
3055
3056swift (2.4.0)
3057
3058* Dependency changes
3059
3060- Added six requirement. This is part of an ongoing effort to add
3061support for Python 3.
3062
3063- Dropped support for Python 2.6.
3064
3065* Config changes
3066
3067- Recent versions of Python restrict the number of headers allowed in a
3068request to 100. This number may be too low for custom middleware. The
3069new "extra_header_count" config value in swift.conf can be used to
3070increase the number of headers allowed.
3071
3072- Renamed "run_pause" setting to "interval" (current configs with
3073run_pause still work). Future versions of Swift may remove the
3074run_pause setting.
3075
3076* Versioned writes middleware
3077
3078The versioned writes feature has been refactored and reimplemented as
3079middleware. You should explicitly add the versioned_writes middleware to
3080your proxy pipeline, but do not remove or disable the existing container
3081server config setting ("allow_versions"), if it is currently enabled.
3082The existing container server config setting enables existing
3083containers to continue being versioned. Please see
3084https://docs.openstack.org/swift/latest/middleware.html#how-to-enable-object-versioning-in-a-swift-cluster
3085for further upgrade notes.
3086
3087* Allow 1+ object-servers-per-disk deployment
3088
3089Enabled by a new > 0 integer config value, "servers_per_port" in the
3090[DEFAULT] config section for object-server and/or replication server
3091configs. The setting's integer value determines how many different
3092object-server workers handle requests for any single unique local port
3093in the ring. In this mode, the parent swift-object-server process
3094continues to run as the original user (i.e. root if low-port binding
3095is required), binds to all ports as defined in the ring, and forks off
3096the specified number of workers per listen socket. The child, per-port
3097servers drop privileges and behave pretty much how object-server workers
3098always have, except that because the ring has unique ports per disk, the
3099object-servers will only be handling requests for a single disk. The
3100parent process detects dead servers and restarts them (with the correct
3101listen socket), starts missing servers when an updated ring file is
3102found with a device on the server with a new port, and kills extraneous
3103servers when their port is found to no longer be in the ring. The ring
3104files are stat'ed at most every "ring_check_interval" seconds, as
3105configured in the object-server config (same default of 15s).
3106
3107In testing, this deployment configuration (with a value of 3) lowers
3108request latency, improves requests per second, and isolates slow disk
3109IO as compared to the existing "workers" setting. To use this, each
3110device must be added to the ring using a different port.
3111
3112* Do container listing updates in another (green)thread
3113
3114The object server has learned the "container_update_timeout" setting
3115(with a default of 1 second). This value is the number of seconds that
3116the object server will wait for the container server to update the
3117listing before returning the status of the object PUT operation.
3118
3119Previously, the object server would wait up to 3 seconds for the
3120container server response. The new behavior dramatically lowers object
3121PUT latency when container servers in the cluster are busy (e.g. when
3122the container is very large). Setting the value too low may result in a
3123client PUT'ing an object and not being able to immediately find it in
3124listings. Setting it too high will increase latency for clients when
3125container servers are busy.
3126
3127* TempURL fixes (closes CVE-2015-5223)
3128
3129Do not allow PUT tempurls to create pointers to other data.
3130Specifically, disallow the creation of DLO object manifests via a PUT
3131tempurl. This prevents discoverability attacks which can use any PUT
3132tempurl to probe for private data by creating a DLO object manifest and
3133then using the PUT tempurl to head the object.
3134
3135* Ring changes
3136
3137- Partition placement no longer uses the port number to place
3138partitions. This improves dispersion in small clusters running one
3139object server per drive, and it does not affect dispersion in
3140clusters running one object server per server.
3141
3142- Added ring-builder-analyzer tool to more easily test and analyze a
3143series of ring management operations.
3144
3145- Stop moving partitions unnecessarily when overload is on.
3146
3147* Significant improvements and bug fixes have been made to erasure code
3148support. This feature is suitable for beta testing, but it is not yet
3149ready for broad production usage.
3150
3151* Bulk upload now treats user xattrs on files in the given archive as
3152object metadata on the resulting created objects.
3153
3154* Emit warning log in object replicator if "handoffs_first" or
3155"handoff_delete" is set.
3156
3157* Enable object replicator's failure count in swift-recon.
3158
3159* Added storage policy support to dispersion tools.
3160
3161* Support keystone v3 domains in swift-dispersion.
3162
3163* Added domain_remap information to the /info endpoint.
3164
3165* Added support for a "default_reseller_prefix" in domain_remap
3166middleware config.
3167
3168* Allow SLO PUTs to forgo per-segment integrity checks. Previously, each
3169segment referenced in the manifest also needed the correct etag and
3170bytes setting. These fields now allow the "null" value to skip those
3171particular checks on the given segment.
3172
3173* Allow rsync to use compression via a "rsync_compress" config. If set to
3174true, compression is only enabled for an rsync to a device in a
3175different region. In some cases, this can speed up cross-region
3176replication data transfer.
3177
3178* Added time synchronization check in swift-recon (the --time option).
3179
3180* The account reaper now runs faster on large accounts.
3181
3182* Various other minor bug fixes and improvements.
3183
3184
3185swift (2.3.0, OpenStack Kilo)
3186
3187* Erasure Code support (beta)
3188
3189Swift now supports an erasure-code (EC) storage policy type. This allows
3190deployers to achieve very high durability with less raw capacity as used
3191in replicated storage. However, EC requires more CPU and network
3192resources, so it is not good for every use case. EC is great for storing
3193large, infrequently accessed data in a single region.
3194
3195Swift's implementation of erasure codes is meant to be transparent to
3196end users. There is no API difference between replicated storage and
3197EC storage.
3198
3199To support erasure codes, Swift now depends on PyECLib and
3200liberasurecode. liberasurecode is a pluggable library that allows for
3201the actual EC algorithm to be implemented in a library of your choosing.
3202
3203As a beta release, EC support is nearly fully feature complete, but it
3204is lacking support for some features (like multi-range reads) and has
3205not had a full performance characterization. This feature relies on
3206ssync for durability. Deployers are urged to do extensive testing and
3207not deploy production data using an erasure code storage policy.
3208
3209Full docs are at https://docs.openstack.org/swift/latest/overview_erasure_code.html
3210
3211* Add support for container TempURL Keys.
3212
3213* Make more memcache options configurable. connection_timeout,
3214pool_timeout, tries, and io_timeout are all now configurable.
3215
3216* Swift now supports composite tokens. This allows another service to
3217act on behalf of a user, but only with that user's consent.
3218See https://docs.openstack.org/swift/latest/overview_auth.html for more details.
3219
3220* Multi-region replication was improved. When replicating data to a
3221different region, only one replica will be pushed per replication
3222cycle. This gives the remote region a chance to replicate the data
3223locally instead of pushing more data over the inter-region network.
3224
3225* Internal requests from the ratelimit middleware now properly log a
3226swift_source. See https://docs.openstack.org/swift/latest/logs.html for details.
3227
3228* Improved storage policy support for quarantine stats in swift-recon.
3229
3230* The proxy log line now includes the request's storage policy index.
3231
3232* Ring checker has been added to swift-recon to validate if rings are
3233built correctly. As part of this feature, storage servers have learned
3234the OPTIONS verb.
3235
3236* Add support of x-remove- headers for container-sync.
3237
3238* Rings now support hostnames instead of just IP addresses.
3239
3240* Swift now enforces that the API version on a request is valid. Valid
3241versions are configured via the valid_api_versions setting in swift.conf
3242
3243* Various other minor bug fixes and improvements.
3244
3245
3246swift (2.2.2)
3247
3248* Data placement changes
3249
3250This release has several major changes to data placement in Swift in
3251order to better handle different deployment patterns. First, with an
3252unbalance-able ring, less partitions will move if the movement doesn't
3253result in any better dispersion across failure domains. Also, empty
3254(partition weight of zero) devices will no longer keep partitions after
3255rebalancing when there is an unbalance-able ring.
3256
3257Second, the notion of "overload" has been added to Swift's rings. This
3258allows devices to take some extra partitions (more than would normally
3259be allowed by the device weight) so that smaller and unbalanced clusters
3260will have less data movement between servers, zones, or regions if there
3261is a failure in the cluster.
3262
3263Finally, rings have a new metric called "dispersion". This is the
3264percentage of partitions in the ring that have too many replicas in a
3265particular failure domain. For example, if you have three servers in a
3266cluster but two replicas for a partition get placed onto the same
3267server, that partition will count towards the dispersion metric. A
3268lower value is better, and the value can be used to find the proper
3269value for "overload".
3270
3271The overload and dispersion metrics have been exposed in the
3272swift-ring-build CLI tools.
3273
3274See https://docs.openstack.org/swift/latest/overview_ring.html
3275for more info on how data placement works now.
3276
3277* Improve replication of large out-of-sync, out-of-date containers.
3278
3279* Added console logging to swift-drive-audit with a new log_to_console
3280config option (default False).
3281
3282* Optimize replication when a device and/or partition is specified.
3283
3284* Fix dynamic large object manifests getting versioned. This was not
3285intended and did not work. Now it is properly prevented.
3286
3287* Fix the GET's response code when there is a missing segment in a
3288large object manifest.
3289
3290* Change black/white listing in ratelimit middleware to use sysmeta.
3291Instead of using the config option, operators can set
3292"X-Account-Sysmeta-Global-Write-Ratelimit: WHITELIST" or
3293"X-Account-Sysmeta-Global-Write-Ratelimit: BLACKLIST" on an account to
3294whitelist or blacklist it for ratelimiting. Note: the existing
3295config options continue to work.
3296
3297* Use TCP_NODELAY on outgoing connections.
3298
3299* Improve object-replicator startup time.
3300
3301* Implement OPTIONS verb for storage nodes.
3302
3303* Various other minor bug fixes and improvements.
3304
3305
3306swift (2.2.1)
3307
3308* Swift now rejects object names with Unicode surrogates.
3309
3310* Return 403 (instead of 413) on unauthorized upload when over account
3311quota.
3312
3313* Fix a rare condition when a rebalance could cause swift-ring-builder
3314to crash. This would only happen on old ring files when "rebalance"
3315was the first command run.
3316
3317* Storage node error limits now survive a ring reload.
3318
3319* Speed up reading and writing xattrs for object metadata by using larger
3320xattr value sizes. The change is moving from 254 byte values to 64KiB
3321values. There is no migration issue with this.
3322
3323* Deleted containers beyond the reclaim age are now properly reclaimed.
3324
3325* Full Simplified Chinese translation (zh_CN locale) for errors and logs.
3326
3327* Container quota is now properly enforced during cross-account COPY.
3328
3329* ssync replication now properly uses the configured replication_ip.
3330
3331* Fixed issue were ssync did not replicate custom object headers.
3332
3333* swift-drive-audit now has the 'unmount_failed_device' config option
3334(default to True) that controls if the process will unmount failed
3335drives or not.
3336
3337* swift-drive-audit will now dump drive error rates to a recon file.
3338The file location is controlled by the 'recon_cache_path' config value
3339and it includes each drive and its associated number of errors.
3340
3341* When a filesystem does't support xattr, the object server now returns
3342a 507 Insufficient Storage error to the proxy server.
3343
3344* Clean up empty account and container partitions directories if they
3345are empty. This keeps the system healthy and prevents a large number
3346of empty directories from slowing down the replication process.
3347
3348* Show the sum of every policy's amount of async pendings in swift-recon.
3349
3350* Various other minor bug fixes and improvements.
3351
3352
3353swift (2.2.0, OpenStack Juno)
3354
3355* Added support for Keystone v3 auth.
3356
3357Keystone v3 introduced the concept of "domains" and user names
3358are no longer unique across domains. Swift's Keystone integration
3359now requires that ACLs be set on IDs, which are unique across
3360domains, and further restricts setting new ACLs to only use IDs.
3361
3362Please see https://docs.openstack.org/swift/latest/overview_auth.html for
3363more information on configuring Swift and Keystone together.
3364
3365* Swift now supports server-side account-to-account copy. Server-
3366side copy in Swift requires the X-Copy-From header (on a PUT)
3367or the Destination header (on a COPY). To initiate an account-to-
3368account copy, the existing header value remains the same, but the
3369X-Copy-From-Account header (on a PUT) or the Destination-Account
3370(on a COPY) are used to indicate the proper account.
3371
3372* Limit partition movement when adding a new placement tier.
3373
3374When adding a new placement tier (server, zone, or region), Swift
3375previously attempted to move all placement partitions, regardless
3376of the space available on the new tier, to ensure the best possible
3377durability. Unfortunately, this could result in too many partitions
3378being moved all at once to a new tier. Swift's ring-builder now
3379ensures that only the correct number of placement partitions are
3380rebalanced, and thus makes adding capacity to the cluster more
3381efficient.
3382
3383* Per storage policy container counts are now reported in an
3384account response headers.
3385
3386* Swift will now reject, with a 4xx series response, GET requests
3387with more than 50 ranges, more than 3 overlapping ranges, or more
3388than 8 non-increasing ranges.
3389
3390* The bind_port config setting is now required to be explicitly set.
3391
3392* The object server can now use splice() for a zero-copy GET
3393response. This feature is enabled with the "splice" config variable
3394in the object server config and defaults to off. Also, this feature
3395only works on recent Linux kernels (AF_ALG sockets must be
3396supported). A zero-copy GET response can significantly reduce CPU
3397requirements for object servers.
3398
3399* Added "--no-overlap" option to swift-dispersion populate so that
3400multiple runs of the tool can add coverage without overlapping
3401existing monitored partitions.
3402
3403* swift-recon now supports filtering by region.
3404
3405* Various other minor bug fixes and improvements.
3406
3407
3408swift (2.1.0)
3409
3410* swift-ring-builder placement was improved to allow gradual addition
3411of new regions without causing a massive migration of data to the new
3412region. The change was to prefer device weight first, then look at
3413failure domains.
3414
3415* Logging updates
3416
3417- Eliminated "Handoff requested (N)" log spam.
3418
3419- Added process pid to the end of storage node log lines.
3420
3421- Container auditor now logs a warning if the devices path contains a
3422non-directory.
3423
3424- Object daemons now send a user-agent string with their full name.
3425
3426* 412 and 416 responses are no longer tracked as errors in the StatsD
3427messages from the backend servers.
3428
3429* Parallel object auditor
3430
3431The object auditor can now be controlled with a "concurrency" config
3432value that allows multiple auditor processes to run at once. Using
3433multiple parallel auditor processes can speed up the overall auditor
3434cycle time.
3435
3436* The object updater will now concurrently update each necessary node
3437in a new greenthread.
3438
3439* TempURL updates
3440
3441- The default allowed methods have changed to also allow POST and
3442DELETE. The new default list is "GET HEAD PUT POST DELETE".
3443
3444- TempURLs for POST now also allow HEAD, matching existing GET and PUT
3445functionality.
3446
3447- Added filename*= support to TempURL Content-Disposition response
3448header.
3449
3450* X-Delete-At/After can now be used with the FormPost middleware.
3451
3452* Make swift-form-signature output a sample form.
3453
3454* Add v2 API to list endpoints middleware
3455
3456The new API adds better support for storage policies and changes the
3457response from a list of backend urls to a dictionary with the keys
3458"endpoints" and "headers". The endpoints key contains a list of the
3459backend urls, and the headers key is a dictionary of headers to send
3460along with the backend request.
3461
3462* Added allow_account_management and account_autocreate values to /info
3463responses.
3464
3465* Enable object system metadata on PUTs (Note: POST support is ongoing).
3466
3467* Various other minor bug fixes and improvements.
3468
3469
3470swift (2.0.0)
3471
3472* Storage policies
3473
3474Storage policies allow deployers to configure multiple object rings
3475and expose them to end users on a per-container basis. Deployers
3476can create policies based on hardware performance, regions, or other
3477criteria and independently choose different replication factors on
3478them. A policy is set on a Swift container at container creation
3479time and cannot be changed.
3480
3481Full docs are at https://docs.openstack.org/swift/latest/overview_policies.html
3482
3483* Add profiling middleware in Swift
3484
3485The profile middleware provides a tool to profile Swift
3486code on the fly and collects statistical data for performance
3487analysis. A native simple Web UI is also provided to help
3488query and visualize the data.
3489
3490* Add --quoted option to swift-temp-url
3491
3492* swift-recon now supports checking the md5sum of swift.conf, which
3493helps deployers verify configurations are consistent across a cluster.
3494
3495* Users can now set the transaction id suffix by passing in
3496a value in the X-Trans-Id-Extra header.
3497
3498* New log_max_line_length option caps the maximum length of a log line.
3499
3500* Support If-[Un]Modified-Since for object HEAD
3501
3502* Added missing constraints and ratelimit parameters to /info
3503
3504* Add ability to remove subsections from /info
3505
3506* Unify logging for account, container, and object server processes
3507to provide a consistent message format. This change reorders the
3508fields logged for the account server.
3509
3510* Add targeted config loading to swift-init. This allows an easier
3511and more explicit way to tell swift-init to run specific server
3512process configurations.
3513
3514* Properly quote www-authenticate (CVE-2014-3497)
3515
3516* Fix logging issue when services stop on py26.
3517
3518* Change the default logged length of the auth token to 16.
3519
3520* Explicitly set permissions on generated ring files to 0644
3521
3522* Fix file uploads larger than 2GiB in the formpost feature
3523
3524* Fixed issue where large objects would fail to download if the
3525auth token expired partway through the download
3526
3527* Various other minor bug fixes and improvements
3528
3529
3530swift (1.13.1, OpenStack Icehouse)
3531
3532* Change the behavior of CORS responses to better match the spec
3533
3534A new proxy config variable (strict_cors_mode, default to True)
3535has been added. Setting it to False keeps the old behavior. For
3536an overview of old versus new behavior, please see
3537https://review.opendev.org/#/c/69419/
3538
3539* Invert the responsibility of the two instances of proxy-logging in
3540the proxy pipeline
3541
3542The first proxy_logging middleware instance to receive a request
3543in the pipeline marks that request as handling it. So now, the
3544left most proxy_logging middleware handles logging for all
3545client requests, and the right most proxy_logging middleware
3546handles all other requests initiated from within the pipeline to
3547its left. This fixes logging related to large object
3548requests not properly recording bandwidth.
3549
3550* Added swift-container-info and swift-account-info tools
3551
3552* Allow specification of object devices for audit
3553
3554* Dynamic large object COPY requests with ?multipart-manifest=get
3555now work as expected
3556
3557* When a client is downloading a large object and one of the segment
3558reads gets bad data, Swift will now immediately abort the request.
3559
3560* Fix ring-builder crash when a ring partition was assigned to a
3561deleted device, zero-weighted device, and normal device
3562
3563* Make probetests work with conf.d configs
3564
3565* Various other minor bug fixes and improvements.
3566
3567
3568swift (1.13.0)
3569
3570* Account-level ACLs and ACL format v2
3571
3572Accounts now have a new privileged header to represent ACLs or
3573any other form of account-level access control. The value of
3574the header is a JSON dictionary string to be interpreted by the
3575auth system. A reference implementation is given in TempAuth.
3576Please see the full docs at
3577https://docs.openstack.org/swift/latest/overview_auth.html
3578
3579* Added a WSGI environment flag to stop swob from always using
3580absolute location. This is useful if middleware needs to use
3581out-of-spec Location headers in a response.
3582
3583* Container sync proxies now support simple load balancing
3584
3585* Config option to lower the timeout for recoverable object GETs
3586
3587* Add a way to ratelimit all writes to an account
3588
3589* Allow multiple storage_domain values in cname_lookup middleware
3590
3591* Moved all DLO functionality into middleware
3592
3593The proxy will automatically insert the dlo middleware at an
3594appropriate place in the pipeline the same way it does with the
3595gatekeeper middleware. Clusters will still support DLOs after upgrade
3596even with an old config file that doesn't mention dlo at all.
3597
3598* Remove python-swiftclient dependency
3599
3600* Add secondary groups to process user during privilege escalation
3601
3602* When logging request headers, it is now possible to specify
3603specifically which headers should be logged
3604
3605* Added log_requests config parameter to account and container servers
3606to match the parameter in the object server. This allows a deployer
3607to turn off log messages for these processes.
3608
3609* Ensure swift.source is set for DLO/SLO requests
3610
3611* Fixed an issue where overwriting segments in a dynamic manifest
3612could cause issues on pipelined requests.
3613
3614* Properly handle COPY verb in container quota middleware
3615
3616* Improved StaticWeb 404 error message on web-listings and index
3617
3618* Various other minor bug fixes and improvements.
3619
3620
3621swift (1.12.0)
3622
3623* Several important pieces of information have been added to /info:
3624
3625- Configured constraints are included and allow a client to discover
3626the limits on names and object sizes that the cluster supports.
3627
3628- The supported tempurl methods are now included.
3629
3630- Static large object constraints are now included.
3631
3632* The Last-Modified header value returned will now be the object's
3633timestamp rounded up to the next second. This allows subsequent
3634requests with If-[un]modified-Since to use the Last-Modified
3635value as expected.
3636
3637* Non-integer values for if-delete-at headers will now properly
3638report a 400 error instead of a 503.
3639
3640* Fix object versioning with non-ASCII container names.
3641
3642* Bulk delete with POST now works properly.
3643
3644* Generic means for persisting system metadata
3645
3646Swift now supports system-level metadata on accounts and
3647containers. System metadata provides a means to store internal
3648custom metadata with associated Swift resources in a safe and
3649secure fashion without actually having to plumb custom metadata
3650through the core swift servers. The new gatekeeper middleware
3651prevents this system metadata from leaking into the request or
3652being set by a client.
3653
3654* catch_errors and gatekeeper middleware are now forced into the proxy
3655pipeline if not explicitly referenced.
3656
3657* New container sync configuration option, separating the end user
3658from knowing the required end point and adding more secure
3659signed requests. See
3660https://docs.openstack.org/swift/latest/overview_container_sync.html
3661for full information.
3662
3663* bulk middleware now can be configured to retry deleting containers.
3664
3665* The default yield_frequency used to keep client connections alive
3666during slow bulk requests was reduced from 60 seconds to 10 seconds.
3667While this is a change to a default, it should not affect deployments
3668and there is no migration process needed.
3669
3670* Swift processes will attempt to set RLIMIT_NPROC to 8192.
3671
3672* Server processes will now exit with a non-zero error code on config
3673errors.
3674
3675* Warn if read_affinity is configured but not enabled.
3676
3677* Fix checkmount error parsing in swift-recon.
3678
3679* Log at warn level when an object is quarantined.
3680
3681* Fixed CVE-2014-0006 to avoid a potential timing attack with tempurl.
3682
3683* Various other minor bug fixes and improvements.
3684
3685
3686swift (1.11.0)
3687
3688* Added discoverable capabilities
3689
3690A Swift proxy server now by default (although it can be turned off)
3691will respond to requests to /info. The response to these requests
3692include information about the cluster and can be used by clients to
3693determine which features are supported in the cluster.
3694
3695* Object replication ssync (an rsync alternative)
3696
3697A Swift storage node can now be configured to use Swift primitives
3698for replication transport instead of rsync. This is an experimental
3699feature that is not yet considered production ready.
3700
3701* If a source times out on an object server read, try another one
3702of them with a modified range.
3703
3704* The proxy now responds to many types of requests as soon as it
3705has a quorum. This can help speed up responses (without
3706changing the results), especially when one node is acting up.
3707There is a post_quorum_timeout config value that can tune how
3708long to wait for requests to finish after a quorum has been
3709established.
3710
3711* Add accurate timestamps in proxy log lines for the start and
3712end of a request. These are added as new fields on the end of
3713the existing log lines, and therefore should not break
3714existing, well-behaved log processors.
3715
3716* Add an "inline" query parameter to tempurl
3717
3718By default, temporary URLs add a "Content-Disposition" header
3719that forces many clients to download the object. Now, temporary
3720URLs support an optional "inline" query parameter that will
3721force a "Content-Disposition: inline" header to be added to the
3722response, overriding the default.
3723
3724* Use TCP_NODELAY for created sockets. This can dramatically
3725lower latency for small object workloads.
3726
3727* DiskFile API, with reference implementation
3728
3729The DiskFile abstraction for talking to data on disk has been
3730refactored to allow alternate implementations to be developed.
3731Included in the codebase is an in-memory reference
3732implementation. For full documentation, please see the developer
3733documentation. The DiskFile API is still a work in progress and
3734is not yet finalized.
3735
3736* Removal of swift-bench
3737
3738The included benchmarking tool swift-bench has been extracted
3739from the codebase and is now in its own repository at
3740https://github.com/openstack/swift-bench. New swift-bench
3741binaries and packages may be found on PyPI at
3742https://pypi.org/project/swift-bench
3743
3744* Bulk delete now also supports the POST verb, in addition to DELETE
3745
3746* Added functionality to the swift-ring-builder to support
3747limited recreation of ring builder files from the ring file itself.
3748
3749* HEAD on account now returns 410 if account was deleted and
3750not yet reaped. The old behavior was to return a 404.
3751
3752* Fixed a bug introduced since the 1.10.0 release that
3753prevented expired objects from being removed from the system.
3754This resulted in orphaned expired objects taking up space on
3755the system but inaccessible to the API. This regression and
3756fix are only important if you have deployed code since the
37571.10.0 release. For a full discussion, including a script that
3758can be used to clean up orphaned objects, see
3759https://bugs.launchpad.net/swift/+bug/1257330
3760
3761* Tie socket write buffer size to server chunk size parameter. This
3762pairs the underlying network buffer size with the size of data
3763that Swift attempts to read from the connection, thereby
3764improving efficiency and throughput on connections.
3765
3766* Fix 500 from account-quota middleware. If a user had set
3767X-Account-Meta-Quota-Bytes to something non-integer prior to
3768the installation of the account-quota middleware, then the
3769quota check would choke on it. Now a non-integer value is
3770treated as "no quota".
3771
3772* Quarantine objects with busted metadata. Before, if you
3773encountered an object with corrupt or missing xattrs, the
3774object server would return a 500 on GET, and wouldn't quarantine
3775anything. Now the object server returns a 404 for that GET and
3776the corrupted file is quarantined, thus giving replication a
3777chance to fix it.
3778
3779* Fix quarantine and error counts in audit logs
3780
3781* Report transaction ID in failure exception logs
3782
3783* Make pbr a build-time only dependency
3784
3785* Worked around a bug in eventlet 0.9.16 where the size of the
3786memcache connection pools would grow unbounded.
3787
3788* Tempurl keys are now properly stored as utf8
3789
3790* Fixed an issue where concurrent PUT requests to accounts or
3791containers may result in errors due to locked databases.
3792
3793* Handle copy requests in account and container quota middleware
3794
3795* Now ensure that a WWW-Authenticate header is on all 401 responses
3796
3797* Various other bug fixes and improvements
3798
3799
3800swift (1.10.0, OpenStack Havana)
3801
3802* Added support for pooling memcache connections
3803
3804* Added support to replicating handoff partitions first in object
3805replication. Can also configure how many remote nodes a storage node
3806must talk to before removing a local handoff partition.
3807
3808* Fixed bug where memcache entries would not expire
3809
3810* Much faster calculation for choosing handoff nodes
3811
3812* Added container listing ratelimiting
3813
3814* Fixed issue where the proxy would continue to read from a storage
3815server even after a client had disconnected
3816
3817* Added support for headers that are only visible to the owner of a Swift
3818account
3819
3820* Fixed ranged GET with If-None-Match
3821
3822* Fixed an issue where rings may not be balanced after initial creation
3823
3824* Fixed internationalization support
3825
3826* Return the correct etag for a static large object on the PUT response
3827
3828* Allow users to extract archives to containers with ACLs set
3829
3830* Fix support for range requests against static large objects
3831
3832* Now logs x-copy-from header in a useful place
3833
3834* Reverted back to old XML output of account and container listings to
3835ensure older clients do not break
3836
3837* Account quotas now appropriately handle copy requests
3838
3839* Fix issue with UTF-8 handling in versioned writes
3840
3841* Various other bug fixes and improvements, including support for running
3842Swift under Pypy and continuing work to support storage policies
3843
3844
3845swift (1.9.1)
3846
3847* Disallow PUT, POST, and DELETE requests from creating older tombstone
3848files, preventing the possibility of filling up the disk and removing
3849unnecessary container updates.
3850
3851* Set default wsgi workers to cpu_count
3852
3853Change the default value of wsgi workers from 1 to auto. The new
3854default value for workers in the proxy, container, account & object
3855wsgi servers will spawn as many workers per process as you have cpu
3856cores. This will not be ideal for some configurations, but it's much
3857more likely to produce a successful out of the box deployment.
3858
3859* Added reveal_sensitive_prefix config setting to filter the auth token
3860logged by the proxy server.
3861
3862* Ensure Keystone's reseller prefix ends with an underscore. Previously
3863this was a recommendation--now it is enforced.
3864
3865* Added log_file_pattern config to swift-drive-audit for drive errors
3866
3867* Add support for telling Swift to detect a content type on a request.
3868
3869* Additional object stats are now logged in the object auditor
3870
3871* Moved the DiskFile interface into its own module
3872
3873* Ensure the SQLite cursors are closed when creating functions
3874
3875* Better support for valid Accept headers
3876
3877* In Keystone, don't allow users to delete their own account
3878
3879* Return a UTC timezone designator in container listings
3880
3881* Ensure that users can't remove their account quotas
3882
3883* Allow floating point value for dispersion coverage
3884
3885* Fix incorrect error page handling in staticweb
3886
3887* Add utf-8 charset to multipart-manifest=get response.
3888
3889* Allow dispersion tools to use keystone server with insecure certificate
3890
3891* Ensure that files are always closed in tests
3892
3893* Use OpenStack's "Hacking" guidelines for code formatting
3894
3895* Various other minor bug fixes and improvements
3896
3897
3898swift (1.9.0)
3899
3900* Global clusters support
3901
3902The "region" concept introduced in Swift 1.8.0 has been augmented with
3903support for using a separate replication network and configuring read
3904and write affinity. These features combine to offer support for a single
3905Swift cluster spanning wide geographic area.
3906
3907* Disk performance
3908
3909The object server now can be configured to use threadpools to increase
3910performance and smooth out latency throughout the system. Also, many
3911disk operations were reordered to increase reliability and improve
3912performance.
3913
3914* Added config file conf.d support
3915
3916Allow Swift daemons and servers to optionally accept a directory as the
3917configuration parameter. This allows different parts of the config file
3918to be managed separately, eg each middleware could use a separate file
3919for its particular config settings.
3920
3921* Allow two TempURL keys per account
3922
3923By adding a second key, a user can safely rotate keys and prevent URLs
3924already in use from becoming invalid. TempURL middlware has also been
3925updated to allow a configuable set of allowed methods and to prevent a
3926bugrelated to content-disposition names.
3927
3928* Added crossdomain.xml middleware. See
3929https://docs.openstack.org/swift/latest/crossdomain.html for details
3930
3931* Added rsync bandwidth limit setting for object replicator
3932
3933* Transaction ID updated to include the time and an optional suffix
3934
3935* Added x-remove-versions-location header to disable versioned writes
3936
3937* Improvements to support for Keystone ACLs
3938
3939* Added parallelism to object expirer daemon
3940
3941* Added support for ring hash prefix in addition to the existing suffix
3942
3943* Allow all headers requested for CORS
3944
3945* Stop getting useless bytes on manifest Range requests
3946
3947* Improved container-sync resiliency
3948
3949* Added example Apache config files. See
3950https://docs.openstack.org/swift/latest/apache_deployment_guide.html
3951for more info
3952
3953* If an account is marked as deleted but hasn't been reaped and is still
3954on disk, responses will include an "X-Account-Status" header
3955
3956* Fix 503 on account/container HEAD with invalid format
3957
3958* Added extra safety on account-level DELETE when using bulk deletes
3959
3960* Made colons quote-safe in logs (mainly for IPv6)
3961
3962* Fixed bug with bulk delete max items
3963
3964* Fixed static large object manifest range requests
3965
3966* Prevent static large objects from containing other static large objects
3967
3968* Fixed issue with use of delimiter in container queries where some
3969objects would not be listed
3970
3971* Various other minor bug fixes and improvements
3972
3973
3974swift (1.8.0, OpenStack Grizzly)
3975
3976* Make rings' replica count adjustable
3977
3978* Added a region tier to the ring above zones
3979
3980* Added timing-based sorting of object servers on read requests
3981
3982* Added support for auto-extract archive uploads
3983
3984* Added support for bulk delete requests
3985
3986* Added support for large objects with static manifests
3987
3988* Added list_endpoints middleware to provide an API for determining where
3989the ring places data
3990
3991* proxy-logging middleware can now handle logging for other middleware
3992
3993proxy-logging should be used twice in the proxy pipeline. The first
3994handles middleware logs for requests that never made it all the way
3995to the server. The last handles requests that do make it to the server.
3996
3997This is a change that may require an update to your proxy server
3998config file or custom middleware that you may be using. See the full
3999docs at https://docs.openstack.org/swift/latest/misc.html.
4000
4001* Changed the default sample rate for a few high-traffic requests.
4002
4003Added log_statsd_sample_rate_factor to globally tune the StatsD
4004sample rate. This tunable can be used to reduce StatsD traffic
4005proportionally for all metrics and is intended to replace
4006log_statsd_default_sample_rate, which is left alone for
4007backward-compatibility, should anyone be using it.
4008
4009* Added swift_hash_path_prefix option to swift.conf
4010
4011New deployments are advised to set this value to a random secret
4012to protect against hash collisions
4013
4014* Added user-managed container quotas
4015
4016* Added support for account-level quotas managed by an auth reseller
4017
4018* Added --run-dir option to swift-init
4019
4020* Added more options to swift-bench
4021
4022* Added support for CORS "actual requests"
4023
4024* Added fallocate_reserve option to protect against full drives
4025
4026* Allow ring rebalance to take a seed
4027
4028* Ring serialization will now produce the same gzip file (Py2.7)
4029
4030* Added support to swift-drive-audit for handling rotated logs
4031
4032* Added first-byte latency timings for GET requests
4033
4034* Added per disk PUT timing monitoring support
4035
4036* Added speed limit options for DB auditor
4037
4038* Force log entries to be one line
4039
4040* Ensure that fsync is used and not just fdatasync
4041
4042* Improved handoff node selection
4043
4044* Deprecated keystone is_admin feature
4045
4046* Fix large objects with unicode in the segment names
4047
4048* Update Swift's MemcacheRing to provide API compatibility with
4049standard Python memcache libraries
4050
4051* Various other minor bug fixes and improvements
4052
4053
4054swift (1.7.6)
4055
4056* Better tempauth storage URL guessing
4057
4058* Added --top option to swift-recon -d
4059
4060* Allow optional, temporary healthcheck failure
4061
4062* keystoneauth middleware now supports cross-tenant ACLs
4063
4064* Add dispersion report flags to limit reports
4065
4066* Add config option to turn eventlet debug on/off
4067
4068* Added override option for swift-init's KILL_WAIT
4069
4070* Added oldest and most recent replication pass to swift-recon
4071
4072* Fixed 500 error response when GETing a many-segment manifest
4073
4074* Memcached keys now use a delta timeout when possible
4075
4076* Refactor DiskFile to hide temp file names and exts
4077
4078* Remove IP-based container-sync ACLs from auth middlewares
4079
4080* Fixed bug in deleting memcached account info data
4081
4082* Fixed lazy-listing of object manifest segments
4083
4084* Fixed bug where a ? in the object name caused an error
4085
4086* Swift now returns 406 if it can't satisfy Accept
4087
4088* Fix infinite recursion bug in object replicator
4089
4090* Swift will now reject names with NULL characters
4091
4092* Fixed object-auditor logging to use a minimum of unix sockets
4093
4094* Various other minor bug fixes and improvements
4095
4096
4097swift (1.7.5)
4098
4099* Support OPTIONS verb, including CORS preflight requests
4100
4101* Added support for custom log handlers
4102
4103* Range support is extended to support GET requests with multiple ranges.
4104Multi-range GETs are not yet supported against large-object manifests.
4105
4106* Cluster constraints are now settable by config
4107
4108* Replicators can now run against specific devices or partitions
4109
4110* swift-bench now supports running on multiple cores and multiple servers
4111
4112* Added partition option to swift-get-nodes
4113
4114* Allow underscores in account and user in tempauth via base64 encodings
4115
4116* New option to the dispersion report to output the missing partitions
4117
4118* Changed storage server StatsD metrics to report timings instead of
4119counts for errors. See the admin guide for the updated metric names.
4120
4121* Removed a dependency on WebOb and replaced it with an internal module
4122
4123* Fixed config parsing in swift-bench -x
4124
4125* Fixed sample_rate in StatsD logging
4126
4127* Track unlinks of async_pendings with StatsD
4128
4129* Remove double GET on range requests
4130
4131* Allow unsetting of X-Container-Sync-To and ACL headers
4132
4133* DB reclamation now removes empty suffix directories
4134
4135* Fix non-standard 100-continue behavior
4136
4137* Allow object-expirer to delete the last copy of a versioned object
4138
4139* Only set TCP_KEEPIDLE on systems where it is supported
4140
4141* Fix stdin flush and fdatasync issues on BSD platforms
4142
4143* Allow object-expirer to delete the last version of an object
4144
4145* Various other minor bug fixes and improvements
4146
4147
4148swift (1.7.4, OpenStack Folsom)
4149
4150* Fix issue where early client disconnects may have caused a memory leak
4151
4152
4153swift (1.7.2)
4154
4155* Fix issue where memcache serialization was not properly loading
4156the config value
4157
4158
4159swift (1.7.0)
4160
4161* Use custom encoding for ring data instead of pickle
4162
4163Serialize RingData in a versioned, custom format which is a combination
4164of a JSON-encoded header and .tostring() dumps of the
4165replica2part2dev_id arrays. This format deserializes hundreds of times
4166faster than rings serialized with Python 2.7's pickle (a significant
4167performance regression for ring loading between Python 2.6 and Python
41682.7). Fixes bug 1031954.
4169
4170The new implementation is backward-compatible; if a ring
4171does not begin with a new-style magic string, it is assumed to be an
4172old-style pickle-dumped ring and is handled as before. So new Swift
4173code can read old rings, but old Swift code will not be able to read
4174newly-serialized rings.
4175
4176* Do not use pickle for serialization in memcache, but JSON
4177
4178To avoid issues on upgrades (unability to read pickled values, and cache
4179poisoning for old servers not understanding JSON), we add a
4180memcache_serialization_support configuration option, with the following
4181values:
4182
41830 = older, insecure pickle serialization
41841 = json serialization but pickles can still be read (still insecure)
41852 = json serialization only (secure and the default)
4186
4187To avoid an instant full cache flush, existing installations should
4188upgrade with 0, then set to 1 and reload, then after some time (24
4189hours) set to 2 and reload. Support for 0 and 1 will be removed in
4190future versions.
4191
4192* Update proxy-server StatsD logging. This is a significant change to the
4193existing StatsD intigration. Docs for this feature can be found in
4194doc/source/admin_guide.rst.
4195
4196* Improved swift-bench to allow random object sizes and better usability
4197
4198* Updated probe tests
4199
4200* Replicator removal metrics are now generated on a per-device basis
4201
4202* Made object replicator locking more optimistic
4203
4204* Split proxy-server code into separate modules
4205
4206* Fixed bug where swift-recon would not report all unmounted drives
4207
4208* Fixed issue where a LockTimeout may have caused a file descriptor to
4209not be closed properly
4210
4211* Fixed a bug where an error may have caused the proxy to stop returning
4212data to a client
4213
4214* Fixed bug where expirer would get confused by odd deletion times
4215
4216* Fixed a bug where auto-creating accounts would return an error if they
4217were recreated after being deleted
4218
4219* Fix when rate_limit_after_segment kicks in
4220
4221* fallocate() failures properly return HTTPInsufficientStorage from
4222object-server before reading from wsgi.input, allowing the proxy
4223server to quickly error_limit that node
4224
4225* Fixed error with large object manifests and x-newest headers on GET
4226
4227* Various other minor bug fixes and improvements
4228
4229
4230swift (1.6.0)
4231
4232* Removed bin/swift and swift/common/client.py from the swift repo. These
4233tools are now managed in the python-swiftclient project. The
4234python-swiftclient project is a second deliverable of the openstack
4235swift project.
4236
4237* Moved swift_auth (openstack keystone) middleware from keystone project
4238into swift project
4239
4240* Made dispersion report work with any replica count other than 3. This
4241substantially affects the JSON output of the dispersion report, and any
4242tools written to consume this output will need to be updated.
4243
4244* Added Solaris (Illumos) compatibility
4245
4246* Added -a option to swift-get-nodes to show all handoffs
4247
4248* Add UDP protocol support for logger
4249
4250* Added config options for rate limiting of large object downloads.
4251
4252* Added config option `log_handoffs` (defaults to True) to proxy server
4253to log and update statsd with information about when a handoff node is
4254used. This is helpful to track the health of the cluster.
4255
4256* swift-bench can now use auth 2.0
4257
4258* Support forbidding substrings based on a regexp in name_filter
4259middleware
4260
4261* Hardened internal server processes so only authorized methods can be
4262called.
4263
4264* Made ranged requests on large objects work correctly when size of
4265manifest file is not 0 byte
4266
4267* Added option to dispersion report to print 404s to stdout
4268
4269* Fix object replication on older rsync versions when using ipv4
4270
4271* Fixed bug with container reclaim/report race
4272
4273* Make object server's caching more configurable.
4274
4275* Check disk failure before syncing for each partition
4276
4277* Allow special characters to be referenced by manifest objects
4278
4279* Validate devices and partitions to avoid directory traversals
4280
4281* Support WebOb 1.2
4282
4283* Ensure that accessing the ring devs reloads the ring if necessary.
4284Specifically, this allows replication to work when it has been started
4285with an empty ring.
4286
4287* Various other minor bug fixes and improvements
4288
4289
4290swift (1.5.0)
4291
4292* New option to toggle SQLite database preallocation with account
4293and container servers.
4294
4295IMPORTANT:
4296The default for database preallocation is now off when before
4297it was always on. This will affect performance on clusters that
4298use standard drives with shared account, container, object
4299servers. Such deployments will need to update their
4300configurations to turn database preallocation back on (see
4301account-server.conf-sample and container-server.conf.sample
4302files).
4303
4304If you are using dedicated account and container servers with
4305SSDs, you should defragment your file systems after upgrade and
4306should notice dramatically less disk usage.
4307
4308* swift3 middleware removed and moved to http://github.com/fujita/swift3.
4309This will require a config change in the proxy server and adds a new
4310dependency for deployers using this middleware.
4311
4312* Moved proxy server logging to middleware. This requires a config change
4313in the proxy server.
4314
4315* Added object versioning feature. (See docs for full description)
4316
4317* Add statsd logging throughout the system (beta, some event names may
4318change)
4319
4320* Expanded swift-recon middleware support
4321
4322* The ring builder now supports as-unique-as-possible partition
4323placement, unified balancing methods, and can work on more than one
4324device at a time.
4325
4326* Numerous bug fixes to StaticWeb (previously unusable at scale).
4327
4328* Bug fixes to all middleware to allow passthrough requests under various
4329conditions and to share pre-authed request code (which previously had
4330differing behaviors and interaction bugs).
4331
4332* Bug fix to object expirer that could cause infinite looping.
4333
4334* Added optional delay to account reaping.
4335
4336* Async-pending write optimization.
4337
4338* Dispersion tools now support multiple auth versions
4339
4340* Updated man pages
4341
4342* Proxy server can now deny requests to particular hostnames
4343
4344* Updated docs for domain remap middleware
4345
4346* Updated docs for cname lookup middleware
4347
4348* Made swift CLI binary easier to wrap
4349
4350* Proxy will now also return X-Timestamp header
4351
4352* Added associated projects doc as a place to track ecosystem projects
4353
4354* end_marker made consistent across both object and container listings
4355
4356* Various other minor bug fixes and improvements
4357
4358
4359swift (1.4.8, OpenStack Essex)
4360
4361* Added optional max_containers_per_account restriction
4362
4363* Added alternate metadata header removal method
4364
4365* Added optional name_check middleware filter
4366
4367* Added support for venv-based test runs with tox
4368
4369* StaticWeb behavior change with X-Web-Mode: true and
4370non-StaticWeb-enabled containers (immediately 404s instead of passing
4371the request on down the WSGI pipeline).
4372
4373* Fixed typo in swift-dispersion-report JSON output.
4374
4375* Swift-Recon-related fix to create temporary files on the same disk as
4376their final destinations.
4377
4378* Updated return codes in swift3 middleware
4379
4380* Fixed swift3 middleware to allow Content-Range header in response
4381
4382* Updated swift.common.client and swift CLI tool with auth 2.0 changes
4383
4384* Swift CLI tool now supports common openstack auth args
4385
4386* Body of HTTP responses now included in error messages of swift CLI tool
4387
4388* Refactored some ring building functions for clarity and simplicity
4389
4390
4391swift (1.4.7)
4392
4393* Improvements to account and container replication.
4394
4395* Fix for account servers allowing .pending to exist before .db.
4396
4397* Fixed possible key-guessing exploit in formpost.
4398
4399* Fixed bug in ring builder when removing a large percentage of devices.
4400
4401* Swift CLI tool now supports openstack-standard CLI flags.
4402
4403* New JSON output option for swift-dispersion-report.
4404
4405* Removed old stats tools.
4406
4407* Other bug fixes and documentation updates.
4408
4409
4410swift (1.4.6)
4411
4412* TempURL and FormPost middleware added
4413
4414* Added memcache.conf option
4415
4416* Dropped eval-based json parser fallback
4417
4418* Properly lose all groups when dropping privileges
4419
4420* Fix permissions when creating files
4421
4422* Fixed bug regarding negative Content-Length in requests
4423
4424* Consistent formatting on Last-Modified response header
4425
4426* Added timeout option to swift-recon
4427
4428* Allow arguments to be passed to nosetest
4429
4430* Removed tools/rfc.sh
4431
4432* Other minor bug fixes
4433
4434
4435swift (1.4.5)
4436
4437* New swift-orphans and swift-oldies command line tools to detect
4438orphaned Swift processes and long running processes.
4439
4440* Command line tool "swift" now supports marker queries.
4441
4442* StaticWeb middleware improved to save an extra request when
4443possible.
4444
4445* Updated swift-init to support swift-object-expirer.
4446
4447* Fixed object replicator timeout handling [bug 814263].
4448
4449* Fixed accept header 503 vs. 400 [bug 891247].
4450
4451* More exception handling for auditors.
4452
4453* Doc updates for PPA [bug 905608].
4454
4455* Doc updates to explain replication more clearly [bug 906976].
4456
4457* Updated SAIO instructions to no longer mention ~/swift/trunk.
4458
4459* Fixed docstrings in the ring code.
4460
4461* PEP8 Updates.
4462
4463
4464swift (1.4.4)
4465
4466* Fixes to prevent socket hoarding (memory leak)
4467
4468* Add sockstat info to recon.
4469
4470* Fixed leak from SegmentedIterable.
4471
4472* Fixed bufferedhttp to deref socks and fps.
4473
4474* Add support for OS Auth API version 2.
4475
4476* Make Eventlet's WSGI server log differently.
4477
4478* Updated TimeoutError and except Exception refs.
4479
4480* Fixed time-sensitive tests.
4481
4482* Fixed object manifest etags.
4483
4484* Fixes for swift-recon disk usage distribution graph.
4485
4486* Adding new manpages for configuration files.
4487
4488* Change bzr to swift in getting_started doc.
4489
4490* Fixes the HTTPConflict import.
4491
4492* Expiring Objects Support.
4493
4494* Fixing bug with x-trans-id.
4495
4496* Requote the source when doing a COPY.
4497
4498* Add documentation for Swift Recon.
4499
4500* Make drive audit regexes detect 4-letter drives.
4501
4502* Adding what acc/cont/obj into the ratelimit error messages.
4503
4504* Query only specific zone via swift-recon.
4505
4506
4507swift (1.4.3, OpenStack Diablo)
4508
4509* Additional quarantine catching code.
4510
4511* Added client_ip to all proxy log lines not otherwise containing it.
4512
4513* Content-Type is now application/xml for "GET services/bucket" swift3
4514middleware requests.
4515
4516* Alpha release of the Swift Recon Experiment
4517
4518* Fix last modified date for swift3 middleware.
4519
4520* Fix to clear account/container metadata on account/container deletion.
4521
4522* Fix for corner case regarding X-Newest.
4523
4524* Fix for object auditor running out of file descriptors.
4525
4526* Fix to return all proper headers for manifest objects.
4527
4528* Fix to the swift tool to strip any leading slashes on file names when
4529uploading.
4530
4531
4532swift (1.4.2)
4533
4534* Removed stats/logging code from Swift [now in separate slogging project].
4535
4536* Container Synchronization Feature - First Edition
4537
4538* Fix swift3 authentication bug about the Date and X-Amz-Date handling.
4539
4540* Changing ratelimiting so that it only limits PUTs/DELETEs.
4541
4542* Object POSTs are implemented as COPYs now by default (you can revert to
4543previous implementation with conf object_post_as_copy = false)
4544
4545* You can specify X-Newest: true on GETs and HEADs to indicate you want
4546Swift to query all backend copies and return the newest version
4547retrieved.
4548
4549* Object COPY requests now always copy the newest object they can find.
4550
4551* Account and container GETs and HEADs now shuffle the nodes they use to
4552balance load.
4553
4554* Fixed the infinite charset: utf-8 bug
4555
4556* This fixes the bug that drop_buffer_cache() doesn't work on systems where
4557off_t isn't 64 bits.
4558
4559
4560swift (1.4.1)
4561
4562* st renamed to swift
4563
4564* swauth was separated froms swift. It is now its own project and can be
4565found at https://github.com/gholt/swauth.
4566
4567* tempauth middleware added as an extremely limited auth system for dev
4568work.
4569
4570* Account and container listings now properly labeled UTF-8 (previously the
4571label was "utf8").
4572
4573* Accounts are auto-created if an auth token is valid when the
4574account_autocreate proxy config parameter is set to true.
4575
4576
4577swift (1.4.0)
4578
4579* swift-bench now cleans up containers it creates.
4580
4581* WSGI servers now load WSGI filters and applications after forking for
4582better plugin support.
4583
4584* swauth-cleanup-tokens now handles 404s on token containers and tokens
4585better.
4586
4587* Proxy logs the remote IP address as the client IP in the absence of
4588X-Forwarded-For and X-Cluster-Client-IP headers instead of - like it did
4589before.
4590
4591* Swift3 WSGI middleware added support for param-signed URLs.
4592
4593* swauth- scripts now exit with proper exit codes.
4594
4595* Fixed a bug where allowed_headers weren't honored for HEAD requests.
4596
4597* Double quarantining of corrupted sqlite3 databases now works.
4598
4599* Fix for Object replicator breaking when running object replicator with no
4600objects on the server.
4601
4602* Added the Accept-Ranges header to GET and HEAD requests.
4603
4604* When a single object has multiple async pending updates on a single
4605device, only latest async pending is now sent.
4606
4607* Fixed issue of Swift3 WSGI middleware not working correctly with '/' in
4608object names.
4609
4610* Renamed swift-stats-* to swift-dispersion-* to avoid confusion with log
4611stats stuff.
4612
4613* Added X-Trans-Id transaction id header to every response.
4614
4615* Fixed a Python 2.7 compatibility problem.
4616
4617* Now using bracketed notation for ip literals in rsync calls, so
4618compressed ipv6 literals work.
4619
4620* Added a container stats collector and refactoring some of the stats code.
4621
4622* Changed subdir nodes in XML formatted object listings to align with
4623object nodes. Now: <subdir name="foo"><name>foo</name></subdir> Before:
4624<subdir name="foo" />.
4625
4626* Fixed bug in Swauth to support for multiple swauth instances.
4627
4628* swift-ring-builder: Added list_parts command which shows common
4629partitions for a given list of devices.
4630
4631* Object auditor now shows better statistics updates in the logs.
4632
4633* Stats uploaders now allow overrides for source_filename_pattern and
4634new_log_cutoff values.
4635
4636
4637----
4638
4639Changelog entries for previous versions are incomplete
4640
4641swift (1.3.0, OpenStack Cactus)
4642
4643swift (1.2.0, OpenStack Bexar)
4644
4645swift (1.1.0, OpenStack Austin)
4646
4647swift (1.0.0, Initial Release)
4648