Bug #1508424 “BaseIdentityPlugin.get_access hang” : Bugs : python-keystoneclient

Mehdi Abaakouk (sileht) on 2015-10-21

Changed in python-keystoneclient:
assignee:	nobody → Mehdi Abaakouk (sileht)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-10-21: Fix proposed to python-keystoneclient (master)

#1

Fix proposed to branch: master
Review: https://review.openstack.org/238001

Changed in python-keystoneclient:
status:	New → In Progress

Revision history for this message

Dolph Mathews (dolph) wrote on 2015-10-21:

#2

If others are running into this with different usage patterns, let's upgrade this to critical. Either way, this deserves a minor release immediately.

Changed in python-keystoneclient:
importance:	Undecided → High

Revision history for this message

Brant Knudson (blk-u) wrote on 2015-10-21:

#3

Can you post a backtrace?

Revision history for this message

David Stanek (dstanek) wrote on 2015-10-21:

#4

I've tried writing a test to show the bad behavior, but ran into a wall. We seem to always be passing authenticated=False when calling session.post(). This would prevent reentry into the protected block. Are you using a custom auth plugin?

1. http://git.openstack.org/cgit/openstack/python-keystoneclient/tree/keystoneclient/auth/identity/v3/base.py#n190
2. http://git.openstack.org/cgit/openstack/python-keystoneclient/tree/keystoneclient/auth/identity/v2.py#n88

Changed in python-keystoneclient:
status:	In Progress → Incomplete

Revision history for this message

Jamie Lennox (jamielennox) wrote on 2015-10-21:

#5

Without the lock if you don't pass authenticated=False when making an auth call you will end up in an infinite loop of the session trying to authenticate the request from the plugin with the plugin, so the lock is preventing a stacktrace there but shouldn't be affecting regular traffic.

There is really no reason that the same thread should trigger that lock twice (infinite loop) it's foreseeable if the token fetch is taking a long time then other threads will be blocked waiting on it - but this should take the same amount of time as if they all did their own fetch.

Have you got a backtrace or something of what's happening?

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-10-22: Change abandoned on python-keystoneclient (master)

#6

Change abandoned by Mehdi Abaakouk (sileht) (<email address hidden>) on branch: master
Review: https://review.openstack.org/238001

Revision history for this message

Mehdi Abaakouk (sileht) wrote on 2015-10-22:

#7

I have checked the backtrace and everything looks good authenticated=False and the loop doesn't occurs.

I have found something new, the issue occurs with swift, when at least two concurrents requests are done.

It seems Swift doesn't monkeypatch the threading module. Only socket is monkey patched.
https://github.com/openstack/swift/blob/master/swift/common/wsgi.py#L410

If that true:
* First request, get the lock and do socket IO to retrieve a token -> greenlet switch occurs
* Second request, try to get the lock and hang instead of generate a greenlet switch, because this is not a greenlock.

I wonder how we are supposed to fix this ? Swift should patch threading I guess.

Mehdi Abaakouk (sileht) on 2015-10-22

Changed in python-keystoneclient:
assignee:	Mehdi Abaakouk (sileht) → nobody

Mehdi Abaakouk (sileht) on 2015-10-22

Changed in swift:
status:	New → Incomplete
status:	Incomplete → Confirmed

Revision history for this message

Mehdi Abaakouk (sileht) wrote on 2015-10-23:

#8

Swift patch for monkeypatching thread modules https://review.openstack.org/#/c/238580/

Changed in swift:
assignee:	nobody → Mehdi Abaakouk (sileht)

OpenStack Infra (hudson-openstack) on 2015-10-28

Changed in swift:
status:	Confirmed → In Progress

Revision history for this message

Jamie Lennox (jamielennox) wrote on 2015-10-29:

#9

Based on the linked patches it appears this requires monkey-patching thread when using eventlet - which is good policy.

This is a problem in swift because they mix real threads and green threads in the same process. This is insanity and absolutely not something that we can fix/support from keystoneclient

Changed in python-keystoneclient:
status:	Incomplete → Invalid
assignee:	nobody → Jamie Lennox (jamielennox)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-11-11: Fix merged to swift (master)

#10

Reviewed: https://review.openstack.org/238580
Committed: https://git.openstack.org/cgit/openstack/swift/commit/?id=bf8689474a9b3930cceed4c5f855a73ce89b1d4e
Submitter: Jenkins
Branch: master

commit bf8689474a9b3930cceed4c5f855a73ce89b1d4e
Author: Mehdi Abaakouk <email address hidden>
Date: Thu Oct 22 17:33:09 2015 +0200

monkeypatch thread for keystoneclient

    keystoneclient uses threading.Lock(), but swift doesn't
    monkeypatch threading, this result in lockup when two
    greenthreads try to acquire a non green lock.

This change fixes that.

Change-Id: I9b44284a5eb598a6978364819f253e031f4eaeef
Closes-bug: #1508424

Changed in swift:
status:	In Progress → Fix Committed

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-11-25: Fix proposed to swift (feature/crypto)

#11

Fix proposed to branch: feature/crypto
Review: https://review.openstack.org/249975

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-11-25: Fix merged to swift (feature/crypto)

#12

Download full text (11.9 KiB)

Reviewed: https://review.openstack.org/249975
Committed: https://git.openstack.org/cgit/openstack/swift/commit/?id=458d5ebb9ac8f2ea4662de86f3a2c5551b4961f6
Submitter: Jenkins
Branch: feature/crypto

commit 41897d96a7dc3ddceccf4eed71345439b83eb243
Author: Tim Burke <email address hidden>
Date: Mon Nov 23 13:53:27 2015 -0800

Reverse-listings follow-up

     * With the end_prefix changes in the original commit, we no longer need
       the `or not name.startswith(prefix)` check.
     * Improve test coverage of reverse path listings.

Change-Id: Iaa7d4b83647c3c150be95f88cb3cc9e4f0e33979

commit 7c1e6cd583debe43aca266643cd65f5103159dbf
Author: Matthew Oliver <email address hidden>
Date: Thu Sep 11 16:51:51 2014 +1000

Add container and account reverse listings

This change adds the ability to tell the container or account server to
reverse their listings. This is done by sending a reverse=TRUE_VALUE,

Where TRUE_VALUE is one of the values true can be in common/utils:

TRUE_VALUES = set(('true', '1', 'yes', 'on', 't', 'y'))

For example:

curl -i -X GET -H "X-Auth-Token: $TOKEN" $STORAGE_URL/c/?reverse=on

I borrowed the swapping of the markers code from Kevin's old change,
thanks Kevin. And Tim Burke added some real nuggets of awesomeness.

    DocImpact
    Co-Authored-By: Kevin McDonald <email address hidden>
    Co-Authored-By: Tim Burke <email address hidden>
    Implements: blueprint reverse-object-listing

Change-Id: I5eb655360ac95042877da26d18707aebc11c02f6

commit 898223398189f96628db7d9928f146c5bb11ba88
Author: Ganesh Maharaj Mahalingam <email address hidden>
Date: Fri Oct 30 21:30:51 2015 +0000

Unit tests for account/backend.py

Add test for database create request without account
Partial test for migrate call on database with storage_policy_index

Change-Id: I7cfbd6bc7e2b341f433d88f600b19e54826a0e22
Signed-off-by: Ganesh Maharaj Mahalingam <email address hidden>

commit f80c97a6e964123e766c1e53d797a3b80433ac77
Author: Alistair Coles <email address hidden>
Date: Fri Nov 20 17:51:33 2015 +0000

Update .mailmap entry

Fix/add entries for authors that are known to now have
@hpe.com email addresses.

Change-Id: I62c83b64e2378cb3d6ad33ac9e6ab111b8a8c86f

commit 848d7299a26988ea1bab3e576ba10762624dfff6
Author: Tim Burke <email address hidden>
Date: Fri Nov 20 09:04:28 2015 -0800

Ignore Content-Type from client on multipart-manifest=delete

Otherwise, if a client includes something like:

Content-Type: application/x-www-form-urlencoded

...we won't delete anything, and instead send back:

        Number Deleted: 0
        Number Not Found: 0
        Response Body:
        Response Status: 406 Not Acceptable
        Errors:

...despite the fact that we're managing the iterator, so we know it's
acceptable.

Change-Id: I791c7bda1d9df830d8dacd3783c2393db5a9ac09

commit c4eeea7820b7bbf6f5994c9878c8838c43e61b9b
Author: Sivasathurappan Radhakrishnan <email address hidden>
Date: Thu Oct 29 23:04:42 2015 +0000

A...

Reviewed:  https://review.openstack.org/249975
Committed: https://git.openstack.org/cgit/openstack/swift/commit/?id=458d5ebb9ac8f2ea4662de86f3a2c5551b4961f6
Submitter: Jenkins
Branch:    feature/crypto

commit 41897d96a7dc3ddceccf4eed71345439b83eb243
Author: Tim Burke <tim.burke@gmail.com>
Date:   Mon Nov 23 13:53:27 2015 -0800

Reverse-listings follow-up
    
     * With the end_prefix changes in the original commit, we no longer need
       the `or not name.startswith(prefix)` check.
     * Improve test coverage of reverse path listings.
    
    Change-Id: Iaa7d4b83647c3c150be95f88cb3cc9e4f0e33979

commit 7c1e6cd583debe43aca266643cd65f5103159dbf
Author: Matthew Oliver <matt@oliver.net.au>
Date:   Thu Sep 11 16:51:51 2014 +1000

Add container and account reverse listings
    
    This change adds the ability to tell the container or account server to
    reverse their listings. This is done by sending a reverse=TRUE_VALUE,
    
    Where TRUE_VALUE is one of the values true can be in common/utils:
    
      TRUE_VALUES = set(('true', '1', 'yes', 'on', 't', 'y'))
    
    For example:
    
      curl -i -X GET -H "X-Auth-Token: $TOKEN" $STORAGE_URL/c/?reverse=on
    
    I borrowed the swapping of the markers code from Kevin's old change,
    thanks Kevin. And Tim Burke added some real nuggets of awesomeness.
    
    DocImpact
    Co-Authored-By: Kevin McDonald <kmcdonald@softlayer.com>
    Co-Authored-By: Tim Burke <tim.burke@gmail.com>
    Implements: blueprint reverse-object-listing
    
    Change-Id: I5eb655360ac95042877da26d18707aebc11c02f6

commit 898223398189f96628db7d9928f146c5bb11ba88
Author: Ganesh Maharaj Mahalingam <ganesh.mahalingam@intel.com>
Date:   Fri Oct 30 21:30:51 2015 +0000

Unit tests for account/backend.py
    
    Add test for database create request without account
    Partial test for migrate call on database with storage_policy_index
    
    Change-Id: I7cfbd6bc7e2b341f433d88f600b19e54826a0e22
    Signed-off-by: Ganesh Maharaj Mahalingam <ganesh.mahalingam@intel.com>

commit f80c97a6e964123e766c1e53d797a3b80433ac77
Author: Alistair Coles <alistair.coles@hpe.com>
Date:   Fri Nov 20 17:51:33 2015 +0000

Update .mailmap entry
    
    Fix/add entries for authors that are known to now have
    @hpe.com email addresses.
    
    Change-Id: I62c83b64e2378cb3d6ad33ac9e6ab111b8a8c86f

commit 848d7299a26988ea1bab3e576ba10762624dfff6
Author: Tim Burke <tim.burke@gmail.com>
Date:   Fri Nov 20 09:04:28 2015 -0800

Ignore Content-Type from client on multipart-manifest=delete
    
    Otherwise, if a client includes something like:
    
        Content-Type: application/x-www-form-urlencoded
    
    ...we won't delete anything, and instead send back:
    
        Number Deleted: 0
        Number Not Found: 0
        Response Body:
        Response Status: 406 Not Acceptable
        Errors:
    
    ...despite the fact that we're managing the iterator, so we know it's
    acceptable.
    
    Change-Id: I791c7bda1d9df830d8dacd3783c2393db5a9ac09

commit c4eeea7820b7bbf6f5994c9878c8838c43e61b9b
Author: Sivasathurappan Radhakrishnan <siva.radhakrishnan@intel.com>
Date:   Thu Oct 29 23:04:42 2015 +0000

Added unit test cases for container/auditor.py
    
    Added unit test cases to cover all code path in _one_audit_pass
    function in container/auditor.py
    
    Change-Id: I8b89e94f1492e4366af3ac4260587e988ba29408

commit bdb7bf40321bc36b45a25742b6e1aed73576fabc
Author: Victor Stinner <vstinner@redhat.com>
Date:   Thu Aug 27 01:09:41 2015 +0200

py3: Add py34 test environment to tox
    
    Add a py34 test environment to tox.ini using a whitelist
    of tests which pass on Python 3. Currently, only test_exceptions.py
    of test/unit/common/ is run on Python 3
    
    Change-Id: I5c8a9fe7b9635f1acab8f401908975fc6fc58c7a

commit 4dc4cbfc1ca50abc100d2302e928f9fc16f26195
Author: Samuel Merritt <sam@swiftstack.com>
Date:   Mon Nov 16 14:27:51 2015 -0800

Fix 503 on zero-byte replicated PUT with incorrect Etag
    
    Closes-Bug: 1516579
    Change-Id: Iac91ed61254d3ca232521191fec25c19acb66413

commit 1b8b08039a3647ffdb30225b0939055982942159
Author: Zack M. Davis <zdavis@swiftstack.com>
Date:   Fri Oct 30 11:02:54 2015 -0700

remove remaining simplejson uses, prefer standard library import
    
    a1c32702, 736cf54a, and 38787d0f remove uses of `simplejson` from
    various parts of Swift in favor of the standard libary `json`
    module (introduced in Python 2.6). This commit performs the remaining
    `simplejson` to `json` replacements, removes two comments highlighting
    quirks of simplejson with respect to Unicode, and removes the references
    to it in setup documentation and requirements.txt.
    
    There were a lot of places where we were importing json from
    swift.common.utils, which is less intuitive than a direct `import json`,
    so that replacement is made as well.
    
    (And in two more tiny drive-bys, we add some pretty-indenting to an XML
    fragment and use `super` rather than naming a base class explicitly.)
    
    Change-Id: I769e88dda7f76ce15cf7ce930dc1874d24f9498a

commit e534af645d4ff051e97e552e98271810b5588cfe
Author: Tim Burke <tim.burke@gmail.com>
Date:   Fri Nov 13 12:38:56 2015 -0800

Remove references to now-missing havana docs
    
    Change-Id: I3c708bacd468e923e574bdd5afc7acc58b072159

commit 7b7c6c5249ba598f10770308e05f3d2ad4e60871
Author: Lisak, Peter <peter.lisak@firma.seznam.cz>
Date:   Fri Oct 2 09:20:17 2015 +0200

swift-init return codes
    
    Currently, swift-init returns zero if can't locate config on start.
    Because of this problem, it is not possible to distinguish if managed
    to start server.
    
    Due to legacy two new complementary options are added. Default is context
    dependent.
    --strict returns non-zero if some config is missing (default mode
    if explicitly named server)
    --non-strict returns zero even if some config is missing (default mode
    if alias is used)
    
    As a side effect:
    If some of demanded servers already running it does not try to start
    unstarted and also returns non-zero (in strict mode). That is still sufficient
    for the goal of patch.
    
    For future improvements LSB status codes should be considered.
    
    DocImpact
    Change-Id: I7750abd4a94875b46f83f4aeee8509388d543c2b

commit 84891ba5a1a06013779c9be24f69b26fea0cb4f0
Author: Ondřej Nový <ondrej.novy@firma.seznam.cz>
Date:   Sun Nov 15 19:25:05 2015 +0100

New swauth URL
    
    Change-Id: I019f921417d2bd5325141e8a6873ee934fdf3f49

commit 001dc2531899a61480ab7819ebe8766dbf3d7d22
Author: Ondřej Nový <ondrej.novy@firma.seznam.cz>
Date:   Sat Nov 14 20:14:46 2015 +0100

Missing log_name option added
    
    Change-Id: If0224f346aa7372268115284c112e8f3a60a9be4

commit 376c20d1889ab764b4a501c59ba6539b051f04bb
Author: Zack M. Davis <zdavis@swiftstack.com>
Date:   Fri Nov 13 12:08:03 2015 -0800

remove Python 2.6-specific logging workaround
    
    0ff39c14 (December 2013) introduced this LoggingHandlerWeakRef to work
    around a problem in which file descriptors would be leaked under Python
    2.6. But we don't support 2.6 anymore.
    
    Change-Id: I1cd8249dfe17bce9cb301d13b761c11d2efd11d3

commit 6e95fb5d164e6fdc3bf036c40dd54a19fd67199a
Author: John Dickinson <me@not.mn>
Date:   Fri Nov 13 09:46:02 2015 -0800

remove pbr from requirements.txt. It's not a run-time dependency
    
    Change-Id: I46f498122fccb0830304acba7f99fee64badfe12

commit c03d53ab7737e208d9c436088e41f60fdab96b30
Author: Tim Burke <tim.burke@gmail.com>
Date:   Wed Nov 4 12:25:19 2015 -0800

Close EC fragment iterators in the GreenThread that's consuming them
    
    Otherwise, we might try to close them while they're already running.
    This should prevent conditional SLO requests from returning 500 when
    they should have returned 304 or 412.
    
    Change-Id: I075a892f901c18ab5c178c9c4a2f367b76ae78e2
    Related-Change: I156d873c72c19623bcfbf39bf120c98800b3cada

commit fd30df6e6572791e89a5360cecbf4800f1f08bb5
Author: Kota Tsuyuzaki <tsuyuzaki.kota@lab.ntt.co.jp>
Date:   Wed Nov 11 07:55:51 2015 -0800

Small cleanup for unit/proxy/controllers/test_obj
    
    Follow up for https://review.openstack.org/#/c/236007
    
    This fixes following minor items:
    
    - Fix a 'raise Exception class' syntax to 'raise Exception instance'
    - Use original eventlet.Timeout instead of swift.exceptions.Timeout
      imported from eventlet.Timeout
    - Change Timeout to initiate w/o args (1st arguments should be timeout
      second and we don't have to set None if we don't want to set the sec)
    - Add a message argument to some Exception instances
    
    Change-Id: Iab608cd8a1f4d3f5b4963c26b94ab0501837ffe1

commit 7f4139bc2669de07f55e8689956d87d9c78cc834
Author: Paul Dardeau <paul.dardeau@intel.com>
Date:   Wed Oct 28 22:25:24 2015 +0000

Added unit tests for ringbuilder command-line utility
    
    Added new unit tests:
    
    test_add_device_old_missing_region
    test_create_ring_number_of_arguments
    test_add_duplicate_devices
    test_rebalance_with_seed
    test_set_overload_number_of_arguments
    test_main_no_arguments
    test_main_single_argument
    test_main_with_safe
    
    Modified existing unit tests to create sample ring at start of test.
    This change was needed to have unit tests run correctly and demonstrate
    code coverage.
    
    test_unknown
    test_search_device_number_of_arguments
    test_list_parts_number_of_arguments
    test_set_weight_number_of_arguments
    test_set_info_number_of_arguments
    test_remove_device_number_of_arguments
    test_set_min_part_hours_number_of_arguments
    test_set_replicas_number_of_arguments
    test_set_replicas_invalid_value
    
    Updates to handled nested mocks.
    Updates to handle no exception case when SystemExit is expected.
    PEP8 corrections.
    
    Moved new tests from try blocks to use of assertRaises or call to
    run_srb using exp_results with specified exit codes.
    
    Updated run_srb to accept a dictionary of expected results. Specifically,
    look for 'valid_exit_codes' to test, default to (0,1).
    
    Change-Id: I4cf3f5f055a9babba140c68a9c7ff90b9c50ea62

commit ce173e9ed2e14692899a53da7eefe31f4a7c61d0
Author: Sivasathurappan Radhakrishnan <siva.radhakrishnan@intel.com>
Date:   Fri Nov 6 01:49:58 2015 +0000

Added unit test cases for server.py
    
    Added unit test cases to cover all code paths in REPLICATE and __call__
    functions in account/server.py and container/server.py
    
    Change-Id: Ia335e9a6668821d3e34b12fc3a133a707880e87f

commit 4d0d76eb2079885c55711238906ef4ddd252aa86
Author: Ganesh Maharaj Mahalingam <ganesh.mahalingam@intel.com>
Date:   Tue Nov 3 16:43:57 2015 +0000

Add unit tests for direct_client
    
    Add tests for direct_delete_account, direct_get_object, retry
    Tests to validate possible argument calls of direct_put_object
    Extend FakeConn to support chunks in response
    
    Change-Id: I00cbc6c535ed8b3fb29bc07fdc51fdbb1220ff10
    Signed-off-by: Ganesh Maharaj Mahalingam <ganesh.mahalingam@intel.com>

commit bf8689474a9b3930cceed4c5f855a73ce89b1d4e
Author: Mehdi Abaakouk <sileht@redhat.com>
Date:   Thu Oct 22 17:33:09 2015 +0200

monkeypatch thread for keystoneclient
    
    keystoneclient uses threading.Lock(), but swift doesn't
    monkeypatch threading, this result in lockup when two
    greenthreads try to acquire a non green lock.
    
    This change fixes that.
    
    Change-Id: I9b44284a5eb598a6978364819f253e031f4eaeef
    Closes-bug: #1508424

commit b96fd0d7d8e294731dc28352cd6e586919058f90
Author: Hisashi Osanai <osanai.hisashi@jp.fujitsu.com>
Date:   Tue Jul 21 21:00:01 2015 +0900

Remove _keystone_identity method
    
    _keystone_identity method has been maintained for backward
    compatibility. But there is no place to use it now so this patch
    replace _keystone_identity method to _integrated_keystone_identity
    method as _keystone_identity.
    
    Change-Id: I9464c047401f92ae31a5d3bb7aacaeb0624150e0

tags:

added: in-feature-crypto

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-01-07: Fix proposed to swift (feature/hummingbird)

#13

Fix proposed to branch: feature/hummingbird
Review: https://review.openstack.org/264517

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-01-08: Fix merged to swift (feature/hummingbird)

#14

Download full text (54.1 KiB)

Reviewed: https://review.openstack.org/264517
Committed: https://git.openstack.org/cgit/openstack/swift/commit/?id=93ddaffaebb620bc712d52d0267194562dce02be
Submitter: Jenkins
Branch: feature/hummingbird

commit f53cf1043d078451c4b9957027bf3af378aa0166
Author: Ondřej Nový <email address hidden>
Date: Tue Jan 5 20:20:15 2016 +0100

Fixed few misspellings in comments

Change-Id: I8479c85cb8821c48b5da197cac37c80e5c1c7f05

commit 79222e327f9df6335b58e17a6c8dd0dc44b86c17
Author: ChangBo Guo(gcb) <email address hidden>
Date: Sat Dec 26 13:13:37 2015 +0800

Fix AttributeError for LogAdapter

LogAdapter object has no attribute 'warn' but has attribute
'warning'.

Closes-Bug: #1529321
Change-Id: I0e0bd0a3dbc4bb5c1f0b343a8809e53491a1da5f

commit 684c4c04592278a280032002b5313b171ee7a4c0
Author: janonymous <email address hidden>
Date: Sun Aug 2 22:47:42 2015 +0530

Python 3 deprecated the logger.warn method in favor of warning

DeprecationWarning: The 'warn' method is deprecated, use 'warning'
instead

Change-Id: I35df44374c4521b1f06be7a96c0b873e8c3674d8

commit d0a026fcb8e8a9f5475699cc56e1998bdc4cd5ca
Author: Hisashi Osanai <email address hidden>
Date: Wed Dec 16 18:50:37 2015 +0900

Fix duplication for headers in Access-Control-Expose-Headers

There are following problems with Access-Control-Expose-Headers.

    * If headers in X-Container-Meta-Access-Control-Expose-Headers are
      configured, the headers are kept with case-sensitive string.
      Then a CORS request comes, the headers are merged into
      Access-Control-Expose-Headers as case-sensitive string even if
      there is a same header which is not case-sensitive string.

    * Access-Control-Expose-Headers is handled by a list.
      If X-Container/Object-Meta-XXX is configured in container/object
      and X-Container-Meta-Access-Control-Expose-Headers, same header
      is listed in Access-Control-Expose-Headers.

This patch provides a fix for the problems.

Change-Id: Ifc1c14eb3833ec6a851631cfc23008648463bd81

commit 0bcd7fd50ec0763dcb366dbf43a9696ca3806f15
Author: Bill Huber <email address hidden>
Date: Fri Nov 20 12:09:26 2015 -0600

Update Erasure Coding Overview doc to remove Beta version

    The major functionality of EC has been released for Liberty and
    the beta version of the code has been removed since it is now
    in production.

Change-Id: If60712045fb1af803093d6753fcd60434e637772

commit 84ba24a75640be4212e0f984c284faf4c894e7c6
Author: Alistair Coles <email address hidden>
Date: Fri Dec 18 11:24:34 2015 +0000

Fix rst errors so that html docs are complete

    rst table format errors don't break the gate job
    but do cause sections of the documents to go missing
    from the html output.

Change-Id: Ic8c9953c93d03dcdafd8f47b271d276c7b356dc3

commit 87f7e907ee412f5847f1f9ffca7a566fb148c6b1
Author: Matthew Oliver <email address hidden>
Date: Wed Dec 16 17:19:24 2015 +1100

Pass HTTP_REFERER down to subrequests

Currently a HTTP_REFERER (Referer) header isn't passed down to
subreq...

Reviewed:  https://review.openstack.org/264517
Committed: https://git.openstack.org/cgit/openstack/swift/commit/?id=93ddaffaebb620bc712d52d0267194562dce02be
Submitter: Jenkins
Branch:    feature/hummingbird

commit f53cf1043d078451c4b9957027bf3af378aa0166
Author: Ondřej Nový <ondrej.novy@firma.seznam.cz>
Date:   Tue Jan 5 20:20:15 2016 +0100

Fixed few misspellings in comments
    
    Change-Id: I8479c85cb8821c48b5da197cac37c80e5c1c7f05

commit 79222e327f9df6335b58e17a6c8dd0dc44b86c17
Author: ChangBo Guo(gcb) <eric.guo@easystack.cn>
Date:   Sat Dec 26 13:13:37 2015 +0800

Fix AttributeError for LogAdapter
    
    LogAdapter object has no attribute 'warn' but has attribute
    'warning'.
    
    Closes-Bug: #1529321
    Change-Id: I0e0bd0a3dbc4bb5c1f0b343a8809e53491a1da5f

commit 684c4c04592278a280032002b5313b171ee7a4c0
Author: janonymous <janonymous.codevulture@gmail.com>
Date:   Sun Aug 2 22:47:42 2015 +0530

Python 3 deprecated the logger.warn method in favor of warning
    
    DeprecationWarning: The 'warn' method is deprecated, use 'warning'
    instead
    
    Change-Id: I35df44374c4521b1f06be7a96c0b873e8c3674d8

commit d0a026fcb8e8a9f5475699cc56e1998bdc4cd5ca
Author: Hisashi Osanai <osanai.hisashi@jp.fujitsu.com>
Date:   Wed Dec 16 18:50:37 2015 +0900

Fix duplication for headers in Access-Control-Expose-Headers
    
    There are following problems with Access-Control-Expose-Headers.
    
    * If headers in X-Container-Meta-Access-Control-Expose-Headers are
      configured, the headers are kept with case-sensitive string.
      Then a CORS request comes, the headers are merged into
      Access-Control-Expose-Headers as case-sensitive string even if
      there is a same header which is not case-sensitive string.
    
    * Access-Control-Expose-Headers is handled by a list.
      If X-Container/Object-Meta-XXX is configured in container/object
      and X-Container-Meta-Access-Control-Expose-Headers, same header
      is listed in Access-Control-Expose-Headers.
    
    This patch provides a fix for the problems.
    
    Change-Id: Ifc1c14eb3833ec6a851631cfc23008648463bd81

commit 0bcd7fd50ec0763dcb366dbf43a9696ca3806f15
Author: Bill Huber <wbhuber@us.ibm.com>
Date:   Fri Nov 20 12:09:26 2015 -0600

Update Erasure Coding Overview doc to remove Beta version
    
    The major functionality of EC has been released for Liberty and
    the beta version of the code has been removed since it is now
    in production.
    
    Change-Id: If60712045fb1af803093d6753fcd60434e637772

commit 84ba24a75640be4212e0f984c284faf4c894e7c6
Author: Alistair Coles <alistair.coles@hpe.com>
Date:   Fri Dec 18 11:24:34 2015 +0000

Fix rst errors so that html docs are complete
    
    rst table format errors don't break the gate job
    but do cause sections of the documents to go missing
    from the html output.
    
    Change-Id: Ic8c9953c93d03dcdafd8f47b271d276c7b356dc3

commit 87f7e907ee412f5847f1f9ffca7a566fb148c6b1
Author: Matthew Oliver <matt@oliver.net.au>
Date:   Wed Dec 16 17:19:24 2015 +1100

Pass HTTP_REFERER down to subrequests
    
    Currently a HTTP_REFERER (Referer) header isn't passed down to
    subrequests. This means *LO subrequests to segment containers
    return a 403 on a *LO GET when accessed by requests using referer
    ACLs.
    Currently the only way around referer access to *LO's is to make the
    segments container world readable.
    
    This change makes sure the referer header is passed into subrequests
    allowing a segments container to only need to be locked down with
    the same referer as the *LO container.
    
    This is a 1 line change to code, but also adds a unit and 2 functional
    functional tests (one for DLO and one for SLO).
    
    Change-Id: I1fa5328979302d9c8133aa739787c8dae6084f54
    Closes-Bug: #1526575

commit e15960a5d86e00a7d420edc4af034b27da0af8fd
Author: Alistair Coles <alistair.coles@hpe.com>
Date:   Thu Dec 17 12:08:45 2015 +0000

Fix incorrect kwarg in auth middleware example
    
    When calling memcache_client.set(), timeout was deprecated
    and is now removed as a keyword arg, use time instead.
    
    Change-Id: Iedbd5b064853ef2b386963246f639fbcd3931cd3

commit 169a7c7f9e12ebc9933bd9ca4592e13b0de8b47b
Author: Alistair Coles <alistair.coles@hpe.com>
Date:   Wed Dec 16 15:28:25 2015 +0000

Fix func test --until-failure and --no-discover options
    
    This patch changes functional test classes to subclass
    unittest2.TestCase rather than unittest.TestCase.
    This fixes errors when attempting to use
    
    tox -e func -- -n <test_path_including_test_method>
    
    and
    
    tox -e func -- --until-failure
    
    Also migrate from using nose.SkipTest to unittest2.SkipTest
    
    Change-Id: I903033f5e01833550b2f2b945894edca4233c4a2
    Closes-Bug: 1526725
    Co-Authored-By: Ganesh Maharaj Mahalingam <ganesh.mahalingam@intel.com>

commit b68311db95860ac1cab585a5ab66bd3b3abb765e
Author: Kota Tsuyuzaki <tsuyuzaki.kota@lab.ntt.co.jp>
Date:   Tue Dec 15 18:55:41 2015 -0800

Fix reconciler test to calc lastmodified as UTC
    
    Swift reconciler calculates the last-modified date as UTC but
    current test calculates it as local time zone. It triggers unit
    test failure in non-UTC environment.
    
    This patch fixes the test to calculate the last-modified as UTC
    as well.
    
    Change-Id: Ia0053f350daf2cb8c61ac01a933924b6e4b0cb37
    Closes-Bug: #1526588

commit 1bb665331af92422290fb585de7cb6a2497236e6
Author: Venkateswarlu Pallamala <p.venkatesh551@gmail.com>
Date:   Mon Nov 9 19:22:38 2015 -0800

remove unused parameters in the method
    
    make the helper methods as private by using convention
    
    Change-Id: I73b9604f8d5a0e85d012aac42b7963b618f5ad97

commit 9d7f71d5754c8b45f8e7c6ab80202de09933afb8
Author: Richard Hawkins <hurricanerix@gmail.com>
Date:   Fri Aug 7 18:14:13 2015 -0500

Modify functional tests to use ostestr/testr
    
    Defcore uses Tempest, which uses Test Repository.
    This change makes it easier for Defcore to pull functional
    tests from Swift and run them.  Additionally, using testr
    allows tests to be run in parallel.
    
    Concurrency set to 1 for now, >1 causes failures for
    reasons that are still TBD.
    
    With switch to ostestr all the server logs are being sent to stdout
    which makes it completely unreadable. Suppressing the logs by default
    now with a flag to enable it if desired.
    
    Co-Authored-By: John Dickinson <me@not.mn>
    Co-Authored-By: Robert Collins <rbtcollins@hpe.com>
    Co-Authored-By: Matthew Oliver <matt@oliver.net.au>
    Co-Authored-By: Ganesh Maharaj Mahalingam <ganesh.mahalingam@intel.com>
    
    Change-Id: I53ef4a116996a772cf1f3abc2eb0ad60047322d5
    Related-Bug: 1177924

commit 2f4b79233e30d42140bbc07059417443bf7a0757
Author: Alistair Coles <alistair.coles@hpe.com>
Date:   Tue Dec 15 15:49:42 2015 +0000

Minor cleanup of repeated identical test assertions
    
    assertDictContainsSubset is being called multiple times with
    same arguments in a loop. Since assertDictContainsSubset is
    deprecated form python 3.2, replace it with checks on
    individual key, value pairs.
    
    Change-Id: I7089487710147021f26bd77c36accf5751855d68

commit 60b2e02905d57f55169e506f4874b2334a1a68a5
Author: Alistair Coles <alistair.coles@hp.com>
Date:   Mon Oct 5 16:15:29 2015 +0100

Make ECDiskFile report all fragments found on disk
    
    Refactor the disk file get_ondisk_files logic to enable
    ECDiskfile to gather *all* fragments found on disk (not just those
    with a matching .durable file) and make the fragments available
    via the DiskFile interface as a dict mapping:
    
        Timestamp --> list of fragment indexes
    
    Also, if a durable fragment has been found then the timestamp
    of the durable file is exposed via the diskfile interface.
    
    Co-Authored-By: Clay Gerrard <clay.gerrard@gmail.com>
    Change-Id: I55e20a999685b94023d47b231d51007045ac920e

commit 450737f886050e486f518cdce0c97596ccad848d
Author: Hisashi Osanai <osanai.hisashi@jp.fujitsu.com>
Date:   Tue Dec 15 11:33:56 2015 +0900

Fix a typo in development_auth.rst
    
    This patch uses correct name for "CORS".
    
    Change-Id: I5fee5c581a2b3adb7596a273baf05708bfa97f79

commit 40476ea0797690d3a90a9ed91906d26103dfa058
Author: John Dickinson <me@not.mn>
Date:   Mon Dec 14 10:52:22 2015 -0800

Document pretend_min_part_hours_passed
    
    Added a docstring for the swift-ring-builder CLI command
    "pretend_min_part_hours_passed". This is a dangerous operation, and
    that's why it hasn't been documented, but it can be useful at times.
    It should be made known to those who need it.
    
    Change-Id: I45bdbaacbbdda64c7510453e6d93e6d8563e3ecd

commit 6ade2908cca696ce1b48a7a19f4d460081fa5b0a
Author: Ondřej Nový <ondrej.novy@firma.seznam.cz>
Date:   Sun Dec 13 21:13:42 2015 +0100

Deprecated param timeout removed from memcached
    
    Change-Id: Idf042a79f0db148bf9f28a9e360cb2a3c18d385a

commit 52b534c9d13efde15841402dc86c99685334250f
Author: hgangwx <hgangwx@cn.ibm.com>
Date:   Fri Dec 11 17:31:36 2015 +0800

Fix some inconsistency in docstrings
    
    Added colon after ":returns" according to:
    http://docs.openstack.org/developer/hacking
    
     blank lines are added before the param lines
    
    Change-Id: I008bea270c6a4b7c80d1a84a2cb9fcc9b5a7264a

commit 88c9aed7c846402355a3c7831f34f3e833bbdf11
Author: Victor Stinner <vstinner@redhat.com>
Date:   Mon Oct 19 16:19:28 2015 +0200

Port swift.common.utils.StatsdClient to Python 3
    
    * StatsdClient._send(): on Python 3, encode parts to UTF-8 and
      replace '|' with b'|' to join parts.
    * timing_stats(): replace func.func_name with func.__name__. The
      func_name attribute of functions was removed on Python 3, whereas
      the __name__ attribute is available on Python 2 and Python 3.
    * Fix unit tests to use bytes
    
    Change-Id: Ic279c9b54e91aabcc52587eed7758e268ffb155e

commit ca2dcc371921aa1aded6161287cc03c0940bf198
Author: Ondřej Nový <ondrej.novy@firma.seznam.cz>
Date:   Fri Dec 11 18:21:28 2015 +0100

Deprecated tox -downloadcache option removed
    
    Caching is enabled by default from pip version 6.0
    
    More info:
    https://testrun.org/tox/latest/config.html#confval-downloadcache=path
    https://pip.pypa.io/en/stable/reference/pip_install/#caching
    
    Change-Id: I9451a0f0dee5c5a3c0ca0a52f58bd353602661a2

commit 19c7dbc0ba49ff7e1f59190a7ead9ae9d3d80238
Author: Mahati Chamarthy <mahati.chamarthy@gmail.com>
Date:   Fri Dec 11 12:27:18 2015 +0530

Update versioned_writes doc
    
    Change-Id: Ibe53c79cf49330332112001c02a2a6b078764130

commit 211758f8cb02298fe16e59bf2954a146c6b24b83
Author: Catherine Northcott <catherine@northcott.nz>
Date:   Thu Nov 5 23:04:14 2015 +1300

Add support for storage policies to have more than one name
    
    This patch alters storage_policy.py to allow storage policies
    to have multiple names. Now users are able to add a number of
    human-readable aliases for storage policies. Policies now have
    a .name (the default name), .aliases (a string of comma
    seperated aliases), and .aliases_list (a list of all human
    readable names). Policies will always have an .aliases value
    if no aliases are set it will contain the default name.
    The policy docs and tests have been updated to reflect changes
    and policy.get_policy_info has been altered to display the
    name and aliases
    
    Change-Id: I02967ca8d7c790595e5ee551581196aa64552eea

commit 70bc3d1a3a240c35eba934010fdef99a775b8715
Author: John Dickinson <me@not.mn>
Date:   Tue Dec 8 16:08:04 2015 -0800

added a few ruby clients to associated projects
    
    Change-Id: I4764ba505646949ff694f8939947f83c6940128a

commit 73d0f1620a269f990dbd3d2796abf27e9a05e227
Author: Béla Vancsics <vancsics@inf.u-szeged.hu>
Date:   Tue Dec 8 10:17:08 2015 +0100

Not used parameter
    
    The account variable was not used in the method.
    
    Change-Id: I8e91d7616529f33b615bc52af76bfda01141d364

commit 7035639dfd239b52d4ed46aae50f78d16ec8cbfe
Author: Clay Gerrard <clay.gerrard@gmail.com>
Date:   Thu Oct 15 16:20:58 2015 -0700

Put part-replicas where they go
    
    It's harder than it sounds.  There was really three challenges.
    
    Challenge #1 Initial Assignment
    ===============================
    
    Before starting to assign parts on this new shiny ring you've
    constructed, maybe we'll pause for a moment up front and consider the
    lay of the land.  This process is called the replica_plan.
    
    The replica_plan approach is separating part assignment failures into
    two modes:
    
     1) we considered the cluster topology and it's weights and came up with
        the wrong plan
    
     2) we failed to execute on the plan
    
    I failed at both parts plenty of times before I got it this close.  I'm
    sure a counter example still exists, but when we find it the new helper
    methods will let us reason about where things went wrong.
    
    Challenge #2 Fixing Placement
    =============================
    
    With a sound plan in hand, it's much easier to fail to execute on it the
    less material you have to execute with - so we gather up as many parts
    as we can - as long as we think we can find them a better home.
    
    Picking the right parts for gather is a black art - when you notice a
    balance is slow it's because it's spending so much time iterating over
    replica2part2dev trying to decide just the right parts to gather.
    
    The replica plan can help at least in the gross dispersion collection to
    gather up the worst offenders first before considering balance.  I think
    trying to avoid picking up parts that are stuck to the tier before
    falling into a forced grab on anything over parts_wanted helps with
    stability generally - but depending on where the parts_wanted are in
    relation to the full devices it's pretty easy pick up something that'll
    end up really close to where it started.
    
    I tried to break the gather methods into smaller pieces so it looked
    like I knew what I was doing.
    
    Going with a MAXIMUM gather iteration instead of balance (which doesn't
    reflect the replica_plan) doesn't seem to be costing me anything - most
    of the time the exit condition is either solved or all the parts overly
    aggressively locked up on min_part_hours.  So far, it mostly seemds if
    the thing is going to balance this round it'll get it in the first
    couple of shakes.
    
    Challenge #3 Crazy replica2part2dev tables
    ==========================================
    
    I think there's lots of ways "scars" can build up a ring which can
    result in very particular replica2part2dev tables that are physically
    difficult to dig out of.  It's repairing these scars that will take
    multiple rebalances to resolve.
    
    ... but at this point ...
    
    ... lacking a counter example ...
    
    I've been able to close up all the edge cases I was able to find.  It
    may not be quick, but progress will be made.
    
    Basically my strategy just required a better understanding of how
    previous algorithms were able to *mostly* keep things moving by brute
    forcing the whole mess with a bunch of randomness.  Then when we detect
    our "elegant" careful part selection isn't making progress - we can fall
    back to same old tricks.
    
    Validation
    ==========
    
    We validate against duplicate part replica assignment after rebalance
    and raise an ERROR if we detect more than one replica of a part assigned
    to the same device.
    
    In order to meet that requirement we have to have as many devices as
    replicas, so attempting to rebalance with too few devices w/o changing
    your replica_count is also an ERROR not a warning.
    
    Random Thoughts
    ===============
    
    As usual with rings, the test diff can be hard to reason about -
    hopefully I've added enough comments to assure future me that these
    assertions make sense.
    
    Despite being a large rewrite of a lot of important code, the existing
    code is known to have failed us.  This change fixes a critical bug that's
    trivial to reproduce in a critical component of the system.
    
    There's probably a bunch of error messages and exit status stuff that's
    not as helpful as it could be considering the new behaviors.
    
    Change-Id: I1bbe7be38806fc1c8b9181a722933c18a6c76e05
    Closes-Bug: #1452431

commit 62b9a0eeeaeb3a5a0daff981cf6fa1cb50e78a50
Author: Clay Gerrard <clay.gerrard@gmail.com>
Date:   Mon Dec 7 10:19:51 2015 -0800

fix mock and assert in test_direct_client
    
    Change-Id: Ia6c14377e5dd768a5306a2448f0bf244ebc3634e

commit b63caf4521b0a4a32b9afdb6d247537848d0a8d6
Author: Tushar Gohad <tushar.gohad@intel.com>
Date:   Wed Nov 11 12:53:29 2015 -0700

Bump PyECLib requirement to >=1.0.7
    
    ... to match global-requirements.  This is an
    intermediate step in updating requirements to
    PyECLib>=1.1.1.
    
    Change-Id: I79f47fff6ec1adff214ca435f0d95aaf1ffd68f9

commit 73ded056aff0f25605fee2a633f3d13e0369606a
Author: Christian Schwede <cschwede@redhat.com>
Date:   Tue Dec 1 14:59:35 2015 +0000

Add functional test for repeated SLO segments
    
    Currently fails on master, passes with change
    If13af444ed301ebd8fd34a0d96a330ded648f0c4 applied.
    
    Change-Id: I05b231cc232d5b4117bccee40eebc7093114c61c

commit 679e6d5251c804cab8fd41d7a13e6bdd43967842
Author: John Dickinson <me@not.mn>
Date:   Mon Nov 30 11:58:40 2015 -0800

Add config sample reference to KeystoneAuth docs
    
    Change-Id: I38a7bd7b85de9d674386d75220b31cc467746da8

commit 5eaa5543c766536e48127d60e03cebe9c2824abb
Author: John Dickinson <me@not.mn>
Date:   Mon Nov 30 10:33:23 2015 -0800

add sample proxy pipeline for keystone integration
    
    Change-Id: I4b4fd9179d0234f001940e215c97d40a2a6204cd

commit 28c4b7310fead32f7ce073ee4bb503a450e521f1
Author: Peter Lisák <peter.lisak@firma.seznam.cz>
Date:   Tue Nov 24 16:33:35 2015 +0100

Unification of manpages and conf-samples (default values, etc)
    
    Change-Id: I47a3127ef698b4bd1537b1562901ee9c2b5924d4

commit 8e5b38b1ddb71d631c12368e6d917beb25d3a160
Author: Tim Burke <tim.burke@gmail.com>
Date:   Wed Oct 7 16:47:11 2015 -0700

Expose tempurl's header restrictions via /info
    
    Also, clean up the module documentation a bit.
    
    Change-Id: Iaeb5eb264b118b78738187db9242540275e77444

commit 635bc7fa8f9a442b39af4955e98fcd2e2acf1e0a
Author: Ferenc Horváth <hferenc@inf.u-szeged.hu>
Date:   Wed Oct 7 11:10:28 2015 +0200

Replace string slicing with proper string methods
    
    Updated string prefix and suffix checker slicing to startswith()
    and endswith() methods.
    
    Using startswith() and endswith() improves readability, error-proneness
    and enhances maintainability.
    
    Change-Id: I1d5fbf116a61763346c6f92fd8023dbbe9bb37cf

commit 6c43bdc82bc27f1f60bd32c43fac6e8be562e136
Author: Alistair Coles <alistair.coles@hpe.com>
Date:   Thu Nov 26 14:46:01 2015 +0000

Test for content-type params in multi-range response
    
    Updates the functional test to verify the fix applied by
    change Iff7274aa631a92cd7332212ed8b4378c27da4a1f
    
    Change-Id: Iae63ac027e4f4acfe46a36dc1325888b1f834ea4

commit b339e529c3464278b7ddd5670acd903070d1da1a
Author: Samuel Merritt <sam@swiftstack.com>
Date:   Wed Mar 25 14:59:43 2015 -0700

Add functional test for multi-range GET requests.
    
    Change-Id: I9d417faede707e4f3570074e410344cc8955007b

commit c28709f8f264f4426364b67a2a2755311111c1e4
Author: Samuel Merritt <sam@swiftstack.com>
Date:   Wed Nov 25 17:09:34 2015 -0800

Fix crash when a SLO repeats a segment.
    
    If a SLO manifest specified the same segment twice with no range on
    the latter, we would crash while trying to coalesce the segment
    specifications into a single request (for efficiency). Now we handle
    that missing range and do the right thing.
    
    Change-Id: If13af444ed301ebd8fd34a0d96a330ded648f0c4

commit ad722b3ed3ff1b92ebee829db3c289040960b24d
Author: Alistair Coles <alistair.coles@hpe.com>
Date:   Wed Nov 25 18:49:39 2015 +0000

Include params in multipart message part content-type
    
    The content-type header inserted into a multipart message part
    is missing any params such as charset because its value is being
    fetched via the swob.Response content_type property, which conforms
    to webob spec and strips off all params.
    
    This was noticed in work on feature/crypto branch because the crypto
    meta param was being stripped off content-type in multipart messages,
    preventing the content-type being decrypted. But in general there is
    no suggestion in the multipart message spec [1] that params should
    not be included. In fact examples in [1] show the charset param
    included in the content-type value.
    
    To ensure that the multipart message part content-type includes the
    original content-type params, fetch it directly from the response
    headers.
    
    [1] http://www.w3.org/Protocols/rfc1341/7_2_Multipart.html
    
    Change-Id: Iff7274aa631a92cd7332212ed8b4378c27da4a1f

commit e06c8743941a27c1a3f50396385268b9e812c32e
Author: Alistair Coles <alistair.coles@hpe.com>
Date:   Wed Nov 25 14:10:27 2015 +0000

Improve swift-init usage statement
    
    Clarify the behavior of strict and non-strict options.
    
    Define what <server> and <config> specify on the command line.
    
    Drive-by fix for missing param in search_tree docstring.
    
    Change-Id: I89fff88a088bc73001464b1fa8240e14a61a117d

commit 0e5cc89da56f550468512af6f3479382a1894815
Author: Tim Burke <tim.burke@gmail.com>
Date:   Tue Oct 13 11:45:20 2015 -0700

Have versioned_writes use reverse listings
    
    This will reduce the overhead required for versioned containers in terms
    of memory, back-end requests, and wall time.
    
    Change-Id: I156216a14141db547de3cae1dcd5315ae31eaac2

commit aeccbc2074224c6688be6ef5aa8ba477c9631ba1
Author: Alistair Coles <alistair.coles@hpe.com>
Date:   Tue Nov 24 14:47:30 2015 +0000

Add more functional tests for reverse listings
    
    Also fix typo in the api doc.
    
    Follow-on to change I5eb655360ac95042877da26d18707aebc11c02f6
    
    Change-Id: Ic1ea63c74a0a3b90a505865fba8fcfac584d0825