Python-swiftclient

* Several important pieces of information have been added to /info:

- Configured constraints are included and allow a client to discover
the limits on names and object sizes that the cluster supports.

- The supported tempurl methods are now included.

- Static large object constraints are now included.

* The Last-Modified header value returned will now be the object's
timestamp rounded up to the next second. This allows subsequent
requests with If-[un]modified-Since to use the Last-Modified
value as expected.

* Non-integer values for if-delete-at headers will now properly
report a 400 error instead of a 503.

* Fix object versioning with non-ASCII container names.

* Bulk delete with POST now works properly.

* Generic means for persisting system metadata

Swift now supports system-level metadata on accounts and
containers. System metadata provides a means to store internal
custom metadata with associated Swift resources in a safe and
secure fashion without actually having to plumb custom metadata
through the core swift servers. The new gatekeeper middleware
prevents this system metadata from leaking into the request or
being set by a client.

* catch_errors and gatekeeper middleware are now forced into the proxy
pipeline if not explicitly referenced.

* New container sync configuration option, separating the end user
from knowing the required end point and adding more secure
signed requests. See
http://docs.openstack.org/developer/swift/overview_container_sync.html for full
information.

* bulk middleware now can be configured to retry deleting containers.

* The default yield_frequency used to keep client connections alive
during slow bulk requests was reduced from 60 seconds to 10 seconds.
While this is a change to a default, it should not affect deployments
and there is no migration process needed.

* Swift processes will attempt to set RLIMIT_NPROC to 8192.

* Server processes will now exit with a non-zero error code on config
errors.

* Warn if read_affinity is configured but not enabled.

* Fix checkmount error parsing in swift-recon.

* Log at warn level when an object is quarantined.

* Fixed CVE-2014-0006 to avoid a potential timing attack with tempurl.

* Various other minor bug fixes and improvements.

* Added discoverable capabilities

A Swift proxy server now by default (although it can be turned off)
will respond to requests to /info. The response to these requests
include information about the cluster and can be used by clients to
determine which features are supported in the cluster.

* Object replication ssync (an rsync alternative)

A Swift storage node can now be configured to use Swift primitives
for replication transport instead of rsync. This is an experimental
feature that is not yet considered production ready.

* If a source times out on an object server read, try another one
of them with a modified range.

* The proxy now responds to many types of requests as soon as it
has a quorum. This can help speed up responses (without
changing the results), especially when one node is acting up.
There is a post_quorum_timeout config value that can tune how
long to wait for requests to finish after a quorum has been
established.

* Add accurate timestamps in proxy log lines for the start and
end of a request. These are added as new fields on the end of
the existing log lines, and therefore should not break
existing, well-behaved log processors.

* Add an "inline" query parameter to tempurl

By default, temporary URLs add a "Content-Disposition" header
that forces many clients to download the object. Now, temporary
URLs support an optional "inline" query parameter that will
force a "Content-Disposition: inline" header to be added to the
response, overriding the default.

* Use TCP_NODELAY for created sockets. This can dramatically
lower latency for small object workloads.

* DiskFile API, with reference implementation

The DiskFile abstraction for talking to data on disk has been
refactored to allow alternate implementations to be developed.
Included in the codebase is an in-memory reference
implementation. For full documentation, please see the developer
documentation. The DiskFile API is still a work in progress and
is not yet finalized.

* Removal of swift-bench

The included benchmarking tool swift-bench has been extracted
from the codebase and is now in its own repository at
https://github.com/openstack/swift-bench. New swift-bench
binaries and packages may be found on PyPI at
https://pypi.python.org/pypi/swift-bench

* Bulk delete now also supports the POST verb, in addition to DELETE

* Added functionality to the swift-ring-builder to support
limited recreation of ring builder files from the ring file itself.

* HEAD on account now returns 410 if account was deleted and
not yet reaped. The old behavior was to return a 404.

* Fixed a bug introduced since the 1.10.0 release that
prevented expired objects from being removed from the system.
This resulted in orphaned expired objects taking up space on
the system but inaccessible to the API. This regression and
fix are only important if you have deployed code since the

can be used to clean up orphaned objects, see
https://bugs.launchpad.net/swift/+bug/1257330

* Tie socket write buffer size to server chunk size parameter. This
pairs the underlying network buffer size with the size of data
that Swift attempts to read from the connection, thereby
improving efficiency and throughput on connections.

* Fix 500 from account-quota middleware. If a user had set
X-Account-Meta-Quota-Bytes to something non-integer prior to
the installation of the account-quota middleware, then the
quota check would choke on it. Now a non-integer value is
treated as "no quota".

* Quarantine objects with busted metadata. Before, if you
encountered an object with corrupt or missing xattrs, the
object server would return a 500 on GET, and wouldn't quarantine
anything. Now the object server returns a 404 for that GET and
the corrupted file is quarantined, thus giving replication a
chance to fix it.

* Fix quarantine and error counts in audit logs

* Report transaction ID in failure exception logs

* Make pbr a build-time only dependency

* Worked around a bug in eventlet 0.9.16 where the size of the
memcache connection pools would grow unbounded.

* Tempurl keys are now properly stored as utf8

* Fixed an issue where concurrent PUT requests to accounts or
containers may result in errors due to locked databases.

* Handle copy requests in account and container quota middleware

* Now ensure that a WWW-Authenticate header is on all 401 responses

* Various other bug fixes and improvements

swift (1.10.0, OpenStack Havana)

* Added support for pooling memcache connections

* Added support to replicating handoff partitions first in object
replication. Can also configure how many remote nodes a storage node
must talk to before removing a local handoff partition.

* Fixed bug where memcache entries would not expire

* Much faster calculation for choosing handoff nodes

* Added container listing ratelimiting

* Fixed issue where the proxy would continue to read from a storage
server even after a client had disconnected

* Added support for headers that are only visible to the owner of a Swift
account

* Fixed ranged GET with If-None-Match

* Fixed an issue where rings may not be balanced after initial creation

* Fixed internationalization support

* Return the correct etag for a static large object on the PUT response

* Allow users to extract archives to containers with ACLs set

* Fix support for range requests against static large objects

* Now logs x-copy-from header in a useful place

* Reverted back to old XML output of account and container listings to
ensure older clients do not break

* Account quotas now appropriately handle copy requests

* Fix issue with UTF-8 handling in versioned writes

* Various other bug fixes and improvements, including support for running
Swift under Pypy and continuing work to support storage policies

* Disallow PUT, POST, and DELETE requests from creating older tombstone
files, preventing the possibility of filling up the disk and removing
unnecessary container updates.

* Set default wsgi workers to cpu_count

Change the default value of wsgi workers from 1 to auto. The new
default value for workers in the proxy, container, account & object
wsgi servers will spawn as many workers per process as you have cpu
cores. This will not be ideal for some configurations, but it's much
more likely to produce a successful out of the box deployment.

* Added reveal_sensitive_prefix config setting to filter the auth token
logged by the proxy server.

* Ensure Keystone's reseller prefix ends with an underscore. Previously
this was a recommendation--now it is enforced.

* Added log_file_pattern config to swift-drive-audit for drive errors

* Add support for telling Swift to detect a content type on a request.

* Additional object stats are now logged in the object auditor

* Moved the DiskFile interface into its own module

* Ensure the SQLite cursors are closed when creating functions

* Better support for valid Accept headers

* In Keystone, don't allow users to delete their own account

* Return a UTC timezone designator in container listings

* Ensure that users can't remove their account quotas

* Allow floating point value for dispersion coverage

* Fix incorrect error page handling in staticweb

* Add utf-8 charset to multipart-manifest=get response.

* Allow dispersion tools to use keystone server with insecure certificate

* Ensure that files are always closed in tests

* Use OpenStack's "Hacking" guidelines for code formatting

* Various other minor bug fixes and improvements

* Global clusters support

The "region" concept introduced in Swift 1.8.0 has been augmented with
support for using a separate replication network and configuring read
and write affinity. These features combine to offer support for a single
Swift cluster spanning wide geographic area.

* Disk performance

The object server now can be configured to use threadpools to increase
performance and smooth out latency throughout the system. Also, many
disk operations were reordered to increase reliability and improve
performance.

* Added config file conf.d support

Allow Swift daemons and servers to optionally accept a directory as the
configuration parameter. This allows different parts of the config file
to be managed separately, eg each middleware could use a separate file
for its particular config settings.

* Allow two TempURL keys per account

By adding a second key, a user can safely rotate keys and prevent URLs
already in use from becoming invalid. TempURL middlware has also been
updated to allow a configuable set of allowed methods and to prevent a
bugrelated to content-disposition names.

* Added crossdomain.xml middleware. See
http://docs.openstack.org/developer/swift/crossdomain.html for details

* Added rsync bandwidth limit setting for object replicator

* Transaction ID updated to include the time and an optional suffix

* Added x-remove-versions-location header to disable versioned writes

* Improvements to support for Keystone ACLs

* Added parallelism to object expirer daemon

* Added support for ring hash prefix in addition to the existing suffix

* Allow all headers requested for CORS

* Stop getting useless bytes on manifest Range requests

* Improved container-sync resiliency

* Added example Apache config files. See
http://docs.openstack.org/developer/swift/apache_deployment_guide.html
for more info

* If an account is marked as deleted but hasn't been reaped and is still
on disk, responses will include an "X-Account-Status" header

* Fix 503 on account/container HEAD with invalid format

* Added extra safety on account-level DELETE when using bulk deletes

* Made colons quote-safe in logs (mainly for IPv6)

* Fixed bug with bulk delete max items

* Fixed static large object manifest range requests

* Prevent static large objects from containing other static large objects

* Fixed issue with use of delimiter in container queries where some
objects would not be listed

* Various other minor bug fixes and improvements

swift (1.8.0, OpenStack Grizzly)

* Make rings' replica count adjustable

* Added a region tier to the ring above zones

* Added timing-based sorting of object servers on read requests

* Added support for auto-extract archive uploads

* Added support for bulk delete requests

* Added support for large objects with static manifests

* Added list_endpoints middleware to provide an API for determining where
the ring places data

* proxy-logging middleware can now handle logging for other middleware

proxy-logging should be used twice in the proxy pipeline. The first
handles middleware logs for requests that never made it all the way
to the server. The last handles requests that do make it to the server.

This is a change that may require an update to your proxy server
config file or custom middleware that you may be using. See the full
docs at http://docs.openstack.org/developer/swift/misc.htmlmodule-swift.common.middleware.proxy_logging.

* Changed the default sample rate for a few high-traffic requests.

Added log_statsd_sample_rate_factor to globally tune the StatsD
sample rate. This tunable can be used to reduce StatsD traffic
proportionally for all metrics and is intended to replace
log_statsd_default_sample_rate, which is left alone for
backward-compatibility, should anyone be using it.

* Added swift_hash_path_prefix option to swift.conf

New deployments are advised to set this value to a random secret
to protect against hash collisions

* Added user-managed container quotas

* Added support for account-level quotas managed by an auth reseller

* Added --run-dir option to swift-init

* Added more options to swift-bench

* Added support for CORS "actual requests"

* Added fallocate_reserve option to protect against full drives

* Allow ring rebalance to take a seed

* Ring serialization will now produce the same gzip file (Py2.7)

* Added support to swift-drive-audit for handling rotated logs

* Added first-byte latency timings for GET requests

* Added per disk PUT timing monitoring support

* Added speed limit options for DB auditor

* Force log entries to be one line

* Ensure that fsync is used and not just fdatasync

* Improved handoff node selection

* Deprecated keystone is_admin feature

* Fix large objects with unicode in the segment names

* Update Swift's MemcacheRing to provide API compatibility with
standard Python memcache libraries

* Various other minor bug fixes and improvements

* Better tempauth storage URL guessing

* Added --top option to swift-recon -d

* Allow optional, temporary healthcheck failure

* keystoneauth middleware now supports cross-tenant ACLs

* Add dispersion report flags to limit reports

* Add config option to turn eventlet debug on/off

* Added override option for swift-init's KILL_WAIT

* Added oldest and most recent replication pass to swift-recon

* Fixed 500 error response when GETing a many-segment manifest

* Memcached keys now use a delta timeout when possible

* Refactor DiskFile to hide temp file names and exts

* Remove IP-based container-sync ACLs from auth middlewares

* Fixed bug in deleting memcached account info data

* Fixed lazy-listing of object manifest segments

* Fixed bug where a ? in the object name caused an error

* Swift now returns 406 if it can't satisfy Accept

* Fix infinite recursion bug in object replicator

* Swift will now reject names with NULL characters

* Fixed object-auditor logging to use a minimum of unix sockets

* Various other minor bug fixes and improvements