Allow filtering by region in swift-recon
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openstack-manuals |
Invalid
|
Undecided
|
Unassigned |
Bug Description
https:/
commit fc5cee5f05692f7
Author: Christian Schwede <email address hidden>
Date: Mon Sep 15 17:22:54 2014 +0000
Allow filtering by region in swift-recon
The option "-r" is already used, thus only "--region" is used to specify
filter by region.
Change-Id: If769f2f3191c20
Closes-Bug: 1369583
commit 423ac74e888dcd6
Author: Christian Schwede <email address hidden>
Date: Sun Sep 14 23:41:19 2014 +0200
Fix internal link to keystoneauth in documentation
This patch fixes a broken link at the end of the table in
http://
Change-Id: I989173ac93e0f8
commit 64548420c87f316
Author: Andreas Jaeger <email address hidden>
Date: Sat Sep 13 09:48:14 2014 +0200
Stop using intersphinx
Remove intersphinx from the docs build as it triggers network calls that
occasionally fail, and we don't really use intersphinx (links other
sphinx documents out on the internet)
This also removes the requirement for internet access during docs build.
This can cause docs jobs to fail if the project errors out on
warnings.
Change-Id: I71e941e2a63964
Related-Bug: #1368910
commit 5c9835125802c51
Author: Christian Schwede <email address hidden>
Date: Fri Sep 12 14:37:04 2014 +0000
Fix RingBuilder.
The current docstring doesn't include zones, and the order of the
entries is not up to date with the current code. Let's fix this.
Change-Id: Ibabd79427b83d9
commit a03732e142540e5
Author: Alistair Coles <email address hidden>
Date: Fri Sep 12 10:20:19 2014 +0100
Add comments to clarify change to www-authenticate test
Trivial patch to tidy-up change to the functional test for
www-
that multiple header values might be returned.
Change-Id: If62cb3fd9e1145
Related-bug: 1368048
commit ab96796dc8d1da9
Author: Alistair Coles <email address hidden>
Date: Thu Sep 11 10:23:32 2014 +0100
Fix broken www-authenticate functional test
testQuotedW
due to a change to keystonemiddlew
its own www-authenticate header in addition to the one that swift
keystoneauth adds.
This patch changes the functional test to check expected
swift generated header value is in the concatenation of
www-
Verified that functional tests still pass using tempauth.
Closes-Bug: 1368048
Change-Id: I913af077df800a
commit f4d3facdf4b6ec8
Author: Matthew Oliver <email address hidden>
Date: Thu Aug 14 14:39:18 2014 +1000
Treat 404s as 204 on object delete in proxy
This change adds an optional overrides map to _make_request method
in the base Controller class.
def make_requests(self, req, ring, part, method, path, headers,
Which will be passed on the the best_response method. If set and
no quorum it reached, the override map is used to attempt to find
quorum.
The overrides map is in the form:
{ <response>: <override response>, .. }
The ObjectController, in the DELETE method now passes an override map
to make_requests method in the base Controller class in the form of:
{ 404: 204 }
Statuses/
of the quorum but never returned to the user. They are replaced by:
(STATUS, '', '', '')
And left out of the search for best response.
Change-Id: Ibf969eac3a09d6
Closes-Bug: 1318375
commit eff9ab74a4b8810
Author: David Goetz <email address hidden>
Date: Fri Aug 15 15:54:05 2014 -0700
Delete expired objects in slightly smarter way.
When the expirer tries to delete customer objects, if it just walks through the
containers in order the deamon will tend to send DELETEs to the same container
highly concurrently. This will in turn create a lot of asyncs because of all
the concurrent deletes. If the deletes were spread out to multiple containers
it would improve performance and decrease the number of asyncs made.
Change-Id: I3d08118c197b7f
commit efdc27caaca96a4
Author: Matt Riedemann <email address hidden>
Date: Mon Sep 8 21:00:49 2014 -0700
Fix directory value for compile_catalog
Commit 7a192987c0a5edb
up swift for translation but the compile_catalog
directory option is pointing at the wrong location
to scan for po files.
Change-Id: Id4dd24ddfde735
Closes-Bug: #1367086
commit d2a94bd43c383ad
Author: Richard (Rick) Hawkins <email address hidden>
Date: Mon Sep 8 13:51:07 2014 -0500
Fix FormPOST max_file_size exceeded bug.
When using FormPOST, if the size of the file being posted exceeds
max_file_size, a HTTP 499 was being returned rather than HTTP 400.
Change-Id: I48c781735c66ec
commit fa23202b30c5a1c
Author: Timothy Okwii <email address hidden>
Date: Mon Sep 8 17:43:19 2014 -0700
Fixed Typo - dictonary to dictionary
Change-Id: Ia2a07bf1d1a77f
commit cb55e89bf1892c6
Author: Clay Gerrard <email address hidden>
Date: Mon Sep 8 12:25:54 2014 -0700
test tempurl header sanitization priority
Change-Id: I0bb3004a717da2
commit 88d1d53d98c5e24
Author: YummyBian <email address hidden>
Date: Mon Sep 8 22:43:53 2014 +0800
Too many if clauses in the _clean_
_clean_
Too many if clauses make code complicated. For more pythonic, you'd
better to use the for ... else clause instead of them.
Fix Bug #1363125
Change-Id: I837235ecb08dd9
commit b7281cf2c584cde
Author: John Dickinson <email address hidden>
Date: Mon Sep 1 11:22:53 2014 -0700
make the bind_port config setting required
In a long-term effort to change the recommended ports for Swift,
the first step is to require the bind_port in config files. Later,
we can change the recommended setting.
Anyone currently explicitly setting the ports will not be affected.
Anyone not setting the ports will need to specify them to match their
rings.
DocImpact
Change-Id: Icca83a263acdd0
commit 4dc718e8c3bd2a8
Author: Alistair Coles <email address hidden>
Date: Mon Sep 8 14:06:00 2014 +0100
Extra unit tests for check_delete_
A few extra tests to verify check_delete_
constraints.py. A little duplication of coverage of existing
proxy/
but these tests call the recently refactored function directly,
and also add tests for X-Delete-After taking precedence over
X-Delete-At.
Change-Id: I129cef15a6feac
commit 12268677589907e
Author: Prashanth Pai <email address hidden>
Date: Mon Sep 8 15:35:48 2014 +0530
Mention storage backends in Associated Projects
Change-Id: I6d88cfe668a557
Signed-off-by: Prashanth Pai <email address hidden>
commit 9dcf15f8b50188c
Author: Thiago da Silva <email address hidden>
Date: Thu Aug 21 10:33:30 2014 -0400
moving object validation checks to top of PUT method
This adds a sanity check on x-delete headers as
part of check_object_
Change-Id: If5069469e43318
Signed-off-by: Thiago da Silva <email address hidden>
commit 0221f1f8478fda5
Author: Samuel Merritt <email address hidden>
Date: Fri Sep 5 14:08:03 2014 -0700
Pay attention to all punctual nodes
The proxy sends requests to all storage nodes, but it only needs a
quorum of them to respond before the proxy can, in turn, respond to
the client. Thus, it gets quorum, and then briefly waits to see if the
remainder of the storage nodes respond before giving up on them.
However, the proxy was not paying any attention to the responses from
the non-quorum storage nodes. This would lead to some odd behavior,
like a container PUT where the backends returned (201, 201, 202) would
become a 201 to the client, but the permutation (201, 202, 201) would
become 202. Further, on object PUT, if the last node responded with an
error code, that error wouldn't count towards error-limiting.
The fix is quite simple: after getting quorum, the make_requests()
method was calling a method that returns responses from the remainder
of the nodes, but it was ignoring that return value and making up
responses with dummy values instead. Now, prior to making up dummy
responses, the proxy first uses the responses it already has, and only
fills in dummy responses for nodes that really didn't respond in time.
Change-Id: I0206b6b2272b0e
commit 315af1737be9a01
Author: Samuel Merritt <email address hidden>
Date: Fri Sep 5 11:39:36 2014 -0700
Error limit the right node on object PUT
If any node had an error on object PUT, the proxy would count the
error against the last-connected-to node instead of the one with the
error. Now it counts the error against the right node.
Change-Id: I884eb73cebe0c7
commit 72385a6981b38c8
Author: Lin Yang <email address hidden>
Date: Fri Sep 5 15:51:07 2014 +0800
Change method _sort_key_for to static
This method does not reference to any attribute of this class, so it's better
to change it to classstatic.
Change-Id: I3ea0ca83cb29ce
Signed-off-by: Lin Yang <email address hidden>
commit 2a8b43e5e73c899
Author: saranjan <email address hidden>
Date: Wed Sep 3 10:40:30 2014 -0700
Spelling mistakes corrected in comments.
Change-Id: Ibbd7511c3a2b08
commit 1a561e67794f681
Author: Dolph Mathews <email address hidden>
Date: Wed Sep 3 12:03:40 2014 -0500
warn against sorting requirements
Change-Id: I64ae9191863564
Closes-Bug: 1365061
commit 84a1e17f2039e6e
Author: Yuan Zhou <email address hidden>
Date: Thu Apr 17 15:39:50 2014 +0800
Fix delete versioning objects when previous is expired
When deleteing versioned objects proxy will try to restore the previous
copy. The COPY request will fail if the previous version is expired but
not handled by object-expirer.
This patch checks COPY respones on the previous copy, if it's
HTTP_
with the version before previous.
Closes-Bug #1308446
Change-Id: I17f049ea3ef627
commit b9ae377eab9c7ce
Author: Alistair Coles <email address hidden>
Date: Tue Sep 2 15:46:16 2014 +0100
Check for change before container replicator updates db
As described in the related bug report, unnecessary updates
to the container db during replication can impact object
object GET performance in certain circumstances.
This patch changes swift/container
calls to merge_timestamps and update_
are conditional on values having actually changed.
Related-Bug: 1332025
Change-Id: If498251656500e
commit 8e9b16a9eaef90a
Author: Andrew Hale <email address hidden>
Date: Mon Sep 1 18:53:30 2014 +0100
Only bind SAIO daemons to localhost
The SAIO configs have no default bind_ip setting configured
which causes them to listen on all available IP addresses.
This can be dangerous on a test machine with public interfaces,
especially with the default passwords set. Its reasonable to
choose a more restrictive setup, especially in SAIO which uses
127.0.0.1 throughout ring-builder, example commands and the
probe tests.
Change-Id: I471c49705ce09e
commit 33980c792d40803
Author: Samuel Merritt <email address hidden>
Date: Fri Aug 29 15:48:38 2014 -0700
Fix last_modified_
Before, we were calling datetime.
a datetime to epoch seconds + microseconds. However, the '%s' format
isn't actually part of Python's library. Rather, Python passes that on
to the system C library, which is typically glibc. Now, glibc takes
the '%s' format and helpfully* applies the current timezone as an
offset. This gives bogus results on machines where UTC is not the
system timezone. (Yes, some people really do that.)
For example:
>>> import os
>>> from swift.common import utils
>>> os.environ['TZ'] = 'PST8PDT,
>>> float(utils.
28800.0
>>>
That timestamp should obviously be 0.
This patch replaces the strftime() call with datetime arithmetic,
which is entirely in Python so the system timezone doesn't mess it up.
* unhelpfully
Change-Id: I56855acd79a5d8
commit 849b21a4429e945
Author: David Goetz <email address hidden>
Date: Thu Aug 28 14:31:29 2014 -0700
Combine acc/cont put_* methods and fix their lock problem.
The container backend is supposed to build a pending file and,
when it gets to a certain size, flush it all at once into the
sqlite db. Before this fix, many concurrent threads would ask
what the pending file size is to see if they should flush
instead of just appending to the pending file. The problem is
that many would ask, find it's too big, and try to get a lock.
The first one wins, flushes, but all the other waiting threads
still think they have to flush- which is a much slower opertaion
than just the append. This change gets the lock first and makes
sure that merge_items is only called when the pending file is full.
Change-Id: I29cfa13a48c8f7
commit 3a7f80aa4727949
Author: Kota Tsuyuzaki <email address hidden>
Date: Thu Aug 28 19:20:02 2014 -0700
Small Fix for FakeServerConne
Current FakeServerConne
in some unit tests because sent (put) data will be
overridden by new one every time.
e.g. When calling conn.queue.put() twice and more in
an object PUT sequence, we can use only a last chunk as
the body. This fixes it to merge all chunks as a body.
Change-Id: I463e9e2b454e3f
commit 5616d98cc32a5c1
Author: zhang-hare <email address hidden>
Date: Wed Aug 27 11:42:06 2014 +0800
fix my name in AUTHORS
My author name is my gmail account name, change it to my real name.
Change-Id: Iafd94f694f7d00
commit 21adf82cf11fa80
Author: Clay Gerrard <email address hidden>
Date: Fri Aug 8 02:14:27 2014 -0700
code shuffle post expired headers refactor
Change-Id: I62248d7d3d7e0a
commit 43ac76373a353fe
Author: Constantine Peresypkin <email address hidden>
Date: Wed Apr 30 15:00:49 2014 +0300
account to account copy implementation
Adds ability to copy objects between different accounts (on server side)
Adds new header to `PUT` request:
`X-
Account name corresponds to the last part of storage URL.
Adds new header to `COPY` request:
`Destinatio
Account name corresponds to the last part of storage URL.
If your storage URL is: http://
Then the account name is `AUTH_test`
These headers should be used alongside `X-Copy-From` and `Destination` headers
The legacy headers should specify `<container name>/<object name>` path as usual.
DocImpact
Change-Id: I0285fe6a47df9e
commit a4f634bd8986032
Author: anc <email address hidden>
Date: Fri Mar 28 02:46:08 2014 +0000
Restrict keystone cross-tenant ACLs to IDs
The keystoneauth middleware supports cross-tenant access
control using the syntax <tenant>:<user> in container ACLs,
where <tenant> and <user> may currently be either a unique
id or a name. As a result of the keystone v3 API introducing
domains, names are no longer globally unique and are only
unique within a domain. The use of unqualified tenant and
user names in this ACL syntax is therefore not 'safe' in a
keystone v3 environment.
This patch modifies keystoneauth to restrict cross-tenant
ACL matching to use only ids for accounts that are not in
the default domain. For backwards compatibility,
names will still be matched in ACLs when both the requesting
user and tenant are known to be in the default domain AND the
account's tenant is also in the default domain (the default
domain being the domain to which existing tenants are
migrated).
Accounts existing prior to this patch are assumed to be for
tenants in the default domain. New accounts created using a
v2 token scoped on the tenant are also assumed to be in the
default domain. New accounts created using a v3 token scoped
on the tenant will learn their domain membership from the
token info. New accounts created using any unscoped token,
(i.e. with a reselleradmin role) will have unknown domain
membership and therefore be assumed to NOT be in the default
domain.
Despite this provision for backwards compatibility, names
must no longer be used when setting new ACLs in any account,
including new accounts in the default domain.
This change obviously impacts users accustomed to specifying
cross-tenant ACLs in terms of names, and further work will be
necessary to restore those use cases. Some ideas are
discussed under the bug report. With that caveat, this patch
removes the reported vulnerability when using
swift/
Note: to observe the new 'restricted' behaviour you will need
to setup keystone user(s) and tenant(s) in a non-default domain
and set auth_version = v3.0 in the auth_token middleware config
section of proxy-server.conf. You may also benefit from the
keystone v3 enabled swiftclient patch under review here:
https:/
DocImpact
blueprint keystone-v3-support
Closes-Bug: #1299146
Change-Id: Ib32df093f7450f
commit 6978275cdb04bb0
Author: Nathan Kinder <email address hidden>
Date: Fri Jul 25 20:47:11 2014 -0700
Avoid usage of insecure mktemp() function
This patch eliminates the use of the deprecated and insecure
tempfile.
alternatives where temporary files are actually required.
Change-Id: I0a13d6d44cd1ab
SecurityImpact
Closes-bug: #1348869
commit 7a192987c0a5edb
Author: Andreas Jaeger <email address hidden>
Date: Sun Jun 1 11:51:29 2014 +0200
Setup localization properly
To start translation of swift, we need to initially import the
translation file - and place it at the proper place so that
the usual CI scripts can handle it.
The proper place is for all python projects
$PROJECT/
location and regenerate the file.
Update setup.cfg with the new paths.
Further imports will be done by the OpenStack Proposal bot.
Change-Id: Ide4da91f2af71d
Partial-Bug: #608725
Closes-Bug: #1082805
Changed in openstack-manuals: | |
status: | New → Invalid |