Python-swiftclient

* Fixed error where a container drive error resulted in double space
usage on rest drives. When drive with container or account database
is unmounted, the bug would create handoff replicas on all remaining
drives, increasing the drive space used and filling the cluster.

* Fixed UnicodeDecodeError in the object reconstructor that would
prevent objects with non-ascii names from being reconstructed and
caused the reconstructor process to hang.

* EC Fragment Duplication - Foundational Global EC Cluster Support.

* Fixed encoding issue in ssync where a mix of ascii and non-ascii
metadata values would cause an error.

* `name_check` and `cname_lookup` keys have been added to `/info`.

* Add Vary: headers for CORS responses.

* Always set Swift processes to use UTC.

* Prevent logged traceback in object-server on client disconnect for
chunked transfers to replicated policies.

* Removed per-device reconstruction stats. Now that the reconstructor
is shuffling parts before going through them, those stats no longer
make sense.

* Log correct status code for conditional requests.

* Drop support for auth-server from common/manager.py and `swift-init`.

* Include received fragment index in reconstructor log warnings.

* Fixed a race condition in updating hashes.pkl where a partition
suffix invalidation may have been skipped.

* `domain_remap` now accepts a list of domains in "storage_domain".

* Do not follow CNAME when host is in storage_domain.

* Enable cluster-wide CORS Expose-Headers setting via
"cors_expose_headers".

* Cache all answers from nameservers in cname_lookup.

* Log the correct request type of a subrequest downstream of copy.

* Various other minor bug fixes and improvements.

swift (2.13.0, OpenStack Ocata)

* Improvements in key parts of the consistency engine

- Improved performance by eliminating an unneeded directory
structure hash.

- Optimized the common case for hashing filesystem trees, thus
eliminating a lot of extraneous disk I/O.

- Updated the `hashes.pkl` file format to include timestamp information
for race detection. Also simplified hashing logic to prevent race
conditions and optimize for the common case.

- The erasure code reconstructor will now shuffle work jobs across all
disks instead of going disk-by-disk. This eliminates single-disk I/O
contention and allows continued scaling as concurrency is increased.

- Erasure code reconstruction handles moving data from handoff nodes
better. Instead of moving the data to another handoff, it waits
until it can be moved to a primary node.

Upgrade Impact: If you upgrade and roll back, you must delete all
`hashes.pkl` files.

* If using erasure coding with ISA-L in rs_vand mode and 5 or more parity
fragments, Swift will emit a warning. This is a configuration that is
known to harm data durability. In a future release, this warning will be
upgraded to an error unless the policy is marked as deprecated. All data
in an erasure code storage policy using isa_l_rs_vand with 5 or more
parity should be migrated as soon as possible. Please see
https://bugs.launchpad.net/swift/+bug/1639691 for more information.

* The erasure code reconstructor `handoffs_first` option has been
deprecated in favor of `handoffs_only`. `handoffs_only` is far more
useful, and just like `handoffs_first` mode in the replicator, it gives
the operator the option of forcing the consistency engine to focus
solely on revert (handoff) jobs, thus improving the speed of
rebalances. The `handoffs_only` behavior is somewhat consistent with
the replicator's `handoffs_first` option (any error on any handoff in
the replicator will make it essentially handoff only forever) but the
`handoff_only` option does what you want and is named correctly in the
reconstructor.

* The default for `object_post_as_copy` has been changed to False. The
option is now deprecated and will be removed in a future release. If
your cluster is still running with post-as-copy enabled, please update
it to use the "fast-post" method. Future versions of Swift will not
support post-as-copy, and future features will not be supported under
post-as-copy. ("Fast-post" is where `object_post_as_copy` is false).

* Temporary URLs now support one common form of ISO 8601 timestamps in
addition to Unix seconds-since-epoch timestamps. The ISO 8601 format
accepted is '%Y-%m-%dT%H:%M:%SZ'. This makes TempURLs more
user-friendly to produce and consume.

* Listing containers in accounts with json or xml now includes a
`last_modified` time. This does not change any on-disk data, but simply
exposes the value to offer consistency with the object listings on
containers.

* Fixed a bug where the ring builder would not allow removal of a device
when min_part_seconds_left was greater than zero.

* PUT subrequests generated from a client-side COPY will now properly log
the SSC (server-side copy) Swift source field. See
https://docs.openstack.org/developer/swift/logs.htmlswift-source for
more information.

* Fixed a bug where an SLO download with a range request may have resulted
in a 5xx series response.

* SLO manifest PUT requests can now be properly validated by sending an
ETag header of the md5 sum of the concatenated md5 sums of the
referenced segments.

* Fixed the stats calculation in the erasure code reconstructor.

* Rings with min_part_hours set to zero will now only move one partition
replica per rebalance, thus matching behavior when min_part_hours is
greater than zero.

* I/O priority is now supported on AArch64 architecture.

* Various other minor bug fixes and improvements.

* Ring files now include byteorder information about the endian of
the machine used to generate the file, and the values are
appropriately byteswapped if deserialized on a machine with a
different endianness.

Newly created ring files will be byteorder agnostic, but
previously generated ring files will still fail on different
endian architectures. Regenerating older ring files will cause
them to become byteorder agnostic. The regeneration of the ring
files will not cause any new data movement. Newer ring files
will still be usable by older versions of Swift (on machines
with the same endianness--this maintains existing behavior).

* All 416 responses will now include a Content-Range header with
an unsatisfied-range value. This allows the caller to know the
valid range request value for an object.

* TempURLs now support a validation against a common prefix. A
prefix-based signature grants access to all objects which share the
same prefix. This avoids the creation of a large amount of signatures,
when a whole container or pseudofolder is shared.

* Correctly handle deleted files with if-none-match requests.

* Correctly send 412 Precondition Failed if a user sends an
invalid copy destination. Previously Swift would send a 500
Internal Server Error.

* In SLO manifests, the `etag` and `size_bytes` keys are now fully
optional and not required. Previously, the keys needed to exist
but the values were optional. The only required key is `path`.

* Fixed a rare infinite loop in `swift-ring-builder` while placing parts.

* Ensure update of the container by object-updater, removing a rare
possibility that objects would never be added to a container listing.

* Fixed non-deterministic suffix updates in hashes.pkl where a partition
may be updated much less often than expected.

* Fixed regression in consolidate_hashes that occurred when a new
file was stored to new suffix to a non-empty partition. This bug
was introduced in 2.7.0 and could cause an increase in rsync
replication stats during and after upgrade, due to inconsistent
hashing of partition suffixes.

* Account and container databases will now be quarantined if the
database schema has been corrupted.

* Removed "in-process-" from func env tox name to work with
upstream CI.

* Respect server type for --md5 check in swift-recon.

* Remove empty db hash and suffix directories if a db gets quarantined.

* Various other minor bug fixes and improvements.

* We have made significant improvements and changes to the erasure
code implementation.

- Instead of using a separate .durable file to indicate the
durable status of an EC fragment archive, we rename the .data
to include a durable marker in the filename. This saves one
inode for every EC .data file. Existing .durable files will not
be removed, and they will continue to work just fine.

Note that after writing EC data with Swift 2.11.0 or later, that
data will not be accessible to earlier versions of Swift.

- Closed a bug where ssync may have written bad fragment data in
some circumstances. A check was added to ensure the correct number
of bytes is written for a fragment before finalizing the write.
Also, erasure coded fragment metadata will now be validated on read
requests and, if bad data is found, the fragment will be quarantined.

- The improvements to EC reads made in Swift 2.10.0 have also been
applied to the reconstructor. This allows fragments to be rebuilt
in more circumstances, resulting in faster recovery from failures.

- WARNING: If you are using the ISA-L library for erasure codes,
please upgrade to liberasurecode 1.3.1 (or later) as soon as
possible. If you are using isa_l_rs_vand with more than 4 parity,
please read https://bugs.launchpad.net/swift/+bug/1639691 and take
necessary action.

- Updated the PyECLib dependency to 1.3.1.

* Added a configurable URL base to staticweb.

* Support multi-range GETs for static large objects.

* TempURLs using the "inline" parameter can now also set the
"filename" parameter. Both are used in the Content-Disposition
response header.

* Mirror X-Trans-Id to X-Openstack-Request-Id.

* SLO will now concurrently HEAD segments, resulting in much faster
manifest validation and object creation. By default, two HEAD requests
will be done at a time, but this can be changed by the operator via
the new `concurrency` setting in the "[filter:slo]" section of
the proxy server config.

* Suppressed the KeyError message when auditor finds an expired object.

* Daemons using InternalClient can now be properly killed with SIGTERM.

* Added a "user" option to the drive-audit config file. Its value is
used to set the owner of the drive-audit recon cache.

* Throttle update_auditor_status calls so it updates no more than once
per minute.

* Suppress unexpected-file warnings for rsync temp files.

* Various other minor bug fixes and improvements.

swift (2.10.0, OpenStack Newton)

* Object versioning now supports a "history" mode in addition to
the older "stack" mode. The difference is in how DELETE requests
are handled. For full details, please read
http://docs.openstack.org/developer/swift/overview_object_versioning.html.

* New config variables to change the schedule priority and I/O
scheduling class. Servers and daemons now understand
`nice_priority`, `ionice_class`, and `ionice_priority` to
schedule their relative importance. Please read
http://docs.openstack.org/developer/swift/deployment_guide.html
for full config details.

* On newer kernels (3.15+ when using xfs), Swift will use the O_TMPFILE
flag when opening a file instead of creating a temporary file
and renaming it on commit. This makes the data path simpler and
allows the filesystem to more efficiently optimize the files on
disk, resulting in better performance.

* Erasure code GET performance has been significantly
improved in clusters that are not completely healthy.

* Significant improvements to the api-ref doc available at
http://developer.openstack.org/api-ref/object-storage/.

* A PUT or POST to a container will now update the container's
Last-Modified time, and that value will be included in a
GET/HEAD response.

* Include object sysmeta in POST responses. Sysmeta is still
stripped from the response before being sent to the client, but
this allows middleware to make use of the information.

* Fixed a bug where a container listing delimiter wouldn't work
with encryption.

* Fixed a bug where some headers weren't being copied correctly
in a COPY request.

* Container sync can now copy SLOs more efficiently by allowing
the manifest to be synced before all of the referenced segments.
This fixes a bug where container sync would not copy SLO manifests.

* Fixed a bug where some tombstone files might never be reclaimed.

* Update dnspython dependency to 1.14, removing the need to have
separate dnspython dependencies for Py2 and Py3.

* Deprecate swift-temp-url and call python-swiftclient's
implementation instead. This adds python-swiftclient as an
optional dependency of Swift.

* Moved other-requirements.txt to bindep.txt. bindep.txt lists
non-python dependencies of Swift.

* Various other minor bug fixes and improvements.

* Swift now supports at-rest encryption. This feature encrypts all
object data and user-set object metadata as it is sent to the cluster.
This feature is designed to prevent information leaks if a hard drive
leaves the cluster. The encryption is transparent to the end-user.

At-rest encryption in Swift is enabled on the proxy server by
adding two middlewares to the pipeline. The `keymaster` middleware
is responsible for managing the encryption keys and the `encryption`
middleware does the actual encryption and decryption.

Existing clusters will continue to work without enabling
encryption. Although enabling this feature on existing clusters
is supported, best practice is to enable this feature on new
clusters when the cluster is created.

For more information on the details of the at-rest encryption
feature, please see the docs at
http://docs.openstack.org/developer/swift/overview_encryption.html.

* `swift-recon` can now be called with more than one server type.

* Fixed a bug where non-ascii names could cause an error in logging
and cause a 5xx response to the client.

* The install guide and API reference have been moved into Swift's
source code repository.

* Various other minor bug fixes and improvements.

* Allow concurrent bulk deletes for server-side deletes of static
large objects. Previously this would be single-threaded and each
DELETE executed serially. The new `delete_concurrency` value
(default value is 2) in the `[filter:slo]` and `[filter:bulk]`
sections of the proxy server config controls the concurrency
used to perform the DELETE requests for referenced segments. The
default value is recommended, but setting the value to 1
restores previous behavior.

* Refactor server-side copy as middleware

The COPY verb is now implemented in the `copy` middleware instead
of in the proxy server code. If not explicitly added, the server
side copy middleware is auto-inserted to the left of `dlo`, `slo`
and `versioned_writes` middlewares in the proxy server pipeline.
As a result, dlo and slo `copy_hooks` are no longer required. SLO
manifests are now validated when copied so when copying a
manifest to another account the referenced segments must be
readable in that account for the manifest copy to succeed
(previously this validation was not made, meaning the manifest
was copied but could be unusable if the segments were not
readable).

With this change, there should be no change in functionality or
existing behavior.

* `fallocate_reserve` can now be a percentage (a value ending in "%"),
and the default has been adjusted to "1%".

* Now properly require account/container metadata be valid UTF-8

* TempURL responses now include an `Expires` header with the
expiration time embedded in the URL.

* Non-Python dependencies are now listed in other-requirements.txt.

* `swift-ring-builder` now supports a `--yes` option to assume a
yes response to all questions. This is useful for scripts.

* Write requests to a replicated storage policy with an even number
of replicas now have a quorum size of half the replica count
instead of half-plus-one.

* Container sync now logs per-container stat information so operators
can track progress. This is logged at INFO level.

* `swift-dispersion-*` now allows region to be specified when there
are multiple Swift regions served by the same Keystone instance

* Fix infinite recursion during logging when syslog is down.

* Fixed a bug where a backend failure during a read could result in
a missing byte in the response body.

* Stop `staticweb` revealing container existence to unauth'd requests.

* Reclaim isolated .meta files if they are older than the `reclaim_age`.

* Make `rsync` ignore its own temporary files instead of spreading
them around the cluster, wasting space.

* The object auditor now ignores files in the devices directory when
auditing objects.

* The deprecated `threads_per_disk` setting has been removed. Deployers
are encouraged to use `servers_per_port` instead.

* Fixed an issue where a single-replica configuration for account or
container DBs could result in the DB being inadvertently deleted if
it was placed on a handoff node.

* `disable_fallocate` now also correctly disables `fallocate_reserve`.

* Fixed a bug where the account-reaper did not delete all containers
in a reaped account.

* Correctly handle delimiter queries where results start with the
delimiter and no prefix is given.

* Changed the recommended ports for Swift services from ports
6000-6002 to unused ports 6200-6202 so they do not conflict with
X-Windows or other services. Since these config values must be
explicitly set in the config file, this doesn't impact existing
deployments.

* Fixed an instance where REPLICATE requests would not use
`replication_ip`.

* Various other minor bug fixes and improvements.


swift (2.7.0, OpenStack Mitaka)

* Bump PyECLib requirement to >= 1.2.0

* Update container on fast-POST

"Fast-POST" is the mode where `object_post_as_copy` is set to
`False` in the proxy server config. This mode now allows for
fast, efficient updates of metadata without needing to fully
recopy the contents of the object. While the default still is
`object_post_as_copy` as True, the plan is to change the default
to False and then deprecate post-as-copy functionality in later
releases. Fast-POST now supports container-sync functionality.

* Add concurrent reads option to proxy.

This change adds 2 new parameters to enable and control concurrent
GETs in Swift, these are `concurrent_gets` and `concurrency_timeout`.

`concurrent_gets` allows you to turn on or off concurrent
GETs; when on, it will set the GET/HEAD concurrency to the
replica count. And in the case of EC HEADs it will set it to
ndata. The proxy will then serve only the first valid source to
respond. This applies to all account, container, and replicated
object GETs and HEADs. For EC only HEAD requests are affected.
The default for `concurrent_gets` is off.

`concurrency_timeout` is related to `concurrent_gets` and is
the amount of time to wait before firing the next thread. A
value of 0 will fire at the same time (fully concurrent), but
setting another value will stagger the firing allowing you the
ability to give a node a short chance to respond before firing
the next. This value is a float and should be somewhere between
0 and `node_timeout`. The default is `conn_timeout`, meaning by
default it will stagger the firing.

* Added an operational procedures guide to the docs. It can be
found at http://docs.openstack.org/developer/swift/ops_runbook/index.html and
includes information on detecting and handling day-to-day
operational issues in a Swift cluster.

* Make `handoffs_first` a more useful mode for the object replicator.

The `handoffs_first` replication mode is used during periods of
problematic cluster behavior (e.g. full disks) when replication
needs to quickly drain partitions from a handoff node and move
them to a primary node.

Previously, `handoffs_first` would sort that handoff work before
"normal" replication jobs, but the normal replication work could
take quite some time and result in handoffs not being drained
quickly enough.

In order to focus on getting handoff partitions off the node
`handoffs_first` mode will now abort the current replication
sweep before attempting any primary suffix syncing if any of the
handoff partitions were not removed for any reason - and start
over with replication of handoffs jobs as the highest priority.

Note that `handoffs_first` being enabled will emit a warning on
start up, even if no handoff jobs fail, because of the negative
impact it can have during normal operations by dog-piling on a
node that was temporarily unavailable.

* By default, inbound `X-Timestamp` headers are now disallowed
(except when in an authorized container-sync request). This
header is useful for allowing data migration from other storage
systems to Swift and keeping the original timestamp of the data.
If you have this migration use case (or any other requirement on
allowing the clients to set an object's timestamp), set the
`shunt_inbound_x_timestamp` config variable to False in the
gatekeeper middleware config section of the proxy server config.

* Requesting a SLO manifest file with the query parameters
"?multipart-manifest=get&format=raw" will return the contents of
the manifest in the format as was originally sent by the client.
The "format=raw" is new.

* Static web page listings can now be rendered with a custom
label. By default listings are rendered with a label of:
"Listing of /v1/<account>/<container>/<path>". This change adds
a new custom metadata key/value pair
`X-Container-Meta-Web-Listings-Label: My Label` that when set,
will cause the following: "Listing of My Label/<path>" to be
rendered instead.

* Previously, static large objects (SLOs) had a minimum segment
size (default to 1MiB). This limit has been removed, but small
segments will be ratelimited. The config parameter
`rate_limit_under_size` controls the definition of "small"
segments (1MiB by default), and `rate_limit_segments_per_sec`
controls how many segments per second can be served (default is 1).
With the default values, the effective behavior is identical to the
previous behavior when serving SLOs.

* Container sync has been improved to perform a HEAD on the remote
side of the sync for each object being synced. If the object
exists on the remote side, container-sync will no longer
transfer the object, thus significantly lowering the network
requirements to use the feature.

* The object auditor will now clean up any old, stale rsync temp
files that it finds. These rsync temp files are left if the
rsync process fails without completing a full transfer of an
object. Since these files can be large, the temp files may end
up filling a disk. The new auditor functionality will reap these
rsync temp files if they are old. The new object-auditor config
variable `rsync_tempfile_timeout` is the number of seconds old a
tempfile must be before it is reaped. By default, this variable
is set to "auto" or the rsync_timeout plus 900 seconds (falling
back to a value of 1 day).

* The Erasure Code reconstruction process has been made more
efficient by not syncing data files when only the durable commit
file is missing.

* Fixed a bug where 304 and 416 response may not have the right
Etag and Accept-Ranges headers when the object is stored in an
Erasure Coded policy.

* Versioned writes now correctly stores the date of previous versions
using GMT instead of local time.

* The deprecated Keystone middleware option is_admin has been removed.

* Fixed log format in object auditor.

* The zero-byte mode (ZBF) of the object auditor will now properly
observe the `--once` option.

* Swift keeps track, internally, of "dirty" parts of the partition
keyspace with a "hashes.pkl" file. Operations on this file no
longer require a read-modify-write cycle and use a new
"hashes.invalid" file to track dirty partitions. This change
will improve end-user performance for PUT and DELETE operations.

* The object replicator's succeeded and failed counts are now logged.

* `swift-recon` can now query hosts by storage policy.

* The log_statsd_host value can now be an IPv6 address or a hostname
which only resolves to an IPv6 address.

* Erasure coded fragments now properly call fallocate to reserve disk
space before being written.

* Various other minor bug fixes and improvements.

* Dependency changes
- Updated minimum version of eventlet to 0.17.4 to support IPv6.

- Updated the minimum version of PyECLib to 1.0.7.

* The ring rebalancing algorithm was updated to better handle edge cases
and to give better (more balanced) rings in the general case. New rings
will have better initial placement, capacity adjustments will move less
data for better balance, and existing rings that were imbalanced should
start to become better balanced as they go through rebalance cycles.

* Added container and account reverse listings.

A GET request to an account or container resource with a "reverse=true"
query parameter will return the listing in reverse order. When
iterating over pages of reverse listings, the relative order of marker
and end_marker are swapped.

* Storage policies now support having more than one name.

This allows operators to fix a typo without breaking existing clients,
or, alternatively, have "short names" for policies. This is implemented
with the "aliases" config key in the storage policy config in
swift.conf. The aliases value is a list of names that the storage
policy may also be identified by. The storage policy "name" is used to
report the policy to users (eg in container headers). The aliases have
the same naming restrictions as the policy's primary name.

* The object auditor learned the "interval" config value to control the
time between each audit pass.

* `swift-recon --all` now includes the config checksum check.

* `swift-init` learned the --kill-after-timeout option to force a service
to quit (SIGKILL) after a designated time.

* `swift-recon` now correctly shows timestamps in UTC instead of local
time.

* Fixed bug where `swift-ring-builder` couldn't select device id 0.

* Documented the previously undocumented
`swift-ring-builder pretend_min_part_hours_passed` command.

* The "node_timeout" config value now accepts decimal values.

* `swift-ring-builder` now properly removes devices with zero weight.

* `swift-init` return codes are updated via "--strict" and "--non-strict"
options. Please see the usage string for more information.

* `swift-ring-builder` now reports the min_part_hours lockout time
remaining

* Container sync has been improved to more quickly find and iterate over
the containers to be synced. This reduced server load and lowers the
time required to see data propagate between two clusters. Please see
http://docs.openstack.org/developer/swift/overview_container_sync.html for more details
about the new on-disk structure for tracking synchronized containers.

* A container POST will now update that container's put-timestamp value.

* TempURL header restrictions are now exposed in /info.

* Error messages on static large object manifest responses have been
greatly improved.

* Closed a bug where an unfinished read of a large object would leak a
socket file descriptor and a small amount of memory. (CVE-2016-0738)

* Fixed an issue where a zero-byte object PUT with an incorrect Etag
would return a 503.

* Fixed an error when a static large object manifest references the same
object more than once.

* Improved performance of finding handoff nodes if a zone is empty.

* Fixed duplication of headers in Access-Control-Expose-Headers on CORS
requests.

* Fixed handling of IPv6 connections to memcache pools.

* Continued work towards python 3 compatibility.

* Various other minor bug fixes and improvements.

swift (2.5.0, OpenStack Liberty)

* Added the ability to specify ranges for Static Large Object (SLO)
segments.

* Replicator configs now support an "rsync_module" value to allow
for per-device rsync modules. This setting gives operators the
ability to fine-tune replication traffic in a Swift cluster and
isolate replication disk IO to a particular device. Please see
the docs and sample config files for more information and
examples.

* Significant work has gone in to testing, fixing, and validating
Swift's erasure code support at different scales.

* Swift now emits StatsD metrics on a per-policy basis.

* Fixed an issue with Keystone integration where a COPY request to a
service account may have succeeded even if a service token was not
included in the request.

* Ring validation now warns if a placement partition gets assigned to the
same device multiple times. This happens when devices in the ring are
unbalanced (e.g. two servers where one server has significantly more
available capacity).

* Various other minor bug fixes and improvements.