Bug #1318375 “DELETE operation not write affinity aware” : Bugs : OpenStack Object Storage (swift)

Revision history for this message

Samuel Merritt (torgomatic) wrote on 2014-06-09:

#1

One fix might be for a 404 on object DELETE to be treated as successful the same way 2xx is. After all, the object server will write out a tombstone, and replication will eventually ensure that the object is deleted everywhere.

This would increase the chances of DELETE then GET still being able to read the object, but that can happen on master already (DELETE hits primaries, GET finds it on a handoff), so it's probably not a big deal.

Revision history for this message

John Dickinson (notmyname) wrote on 2014-06-16:

#2

Sam, I think that sounds like a reasonable solution.

John Dickinson (notmyname) on 2014-08-01

Changed in swift:
importance:	Undecided → High

Matthew Oliver (matt-0) on 2014-08-05

Changed in swift:
assignee:	nobody → Matthew Oliver (matt-0)

Revision history for this message

Matthew Oliver (matt-0) wrote on 2014-08-14:

#3

So I have 2 directions I can take this in.

1. Proxy change::
    - Modify the _make_request method in Controller base class to check for DELETE method and change a 404 into a 200, there by changing all DELETES for account, container and objs but making it work correctly in calculating the have_quorum and best_response methods.
    - This will allow logging on each (obj, cont and account) servers to log correctly sending a 404 when the file wasn't found (for whatever reason.
   - But it will change ALL 404's raised by servers.. which might be ok.

2. Obj server change.
  - Modify the object server to return HTTPOk objects instead of HTTPNotFound.
  - This will only effect object servers,
  - We can send 200's back on 404's we think are OK. (ie, only if deleted already).
  - but this will log 200's when really the file wasn't found in the obj server logs
  - this will fix deleted objects but not cont and acct servers.

I guess the real question is what is important, do we want to fix all acct, cont and container servers in one place, or more finely tune what 404's should be 200s?

Revision history for this message

Matthew Oliver (matt-0) wrote on 2014-08-14:

#4

Based on Sam's suggestion, I guess 1 is closest to what he suggested.

I guess the other approach could be to do it in the obj controller class in the proxy, but that would mean overriding the method in question, giving us 2 methods to maintain.

OR

Changing the _make_requests method to pass in an optional override map, and then pass it in from the obj controller in the proxy.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-08-14: Fix proposed to swift (master)

#5

Fix proposed to branch: master
Review: https://review.openstack.org/114120

Changed in swift:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-09-16: Fix merged to swift (master)

#6

Reviewed: https://review.openstack.org/114120
Committed: https://git.openstack.org/cgit/openstack/swift/commit/?id=f4d3facdf4b6ec8ee0dcacc7be8999731c68a8ec
Submitter: Jenkins
Branch: master

commit f4d3facdf4b6ec8ee0dcacc7be8999731c68a8ec
Author: Matthew Oliver <email address hidden>
Date: Thu Aug 14 14:39:18 2014 +1000

Treat 404s as 204 on object delete in proxy

This change adds an optional overrides map to _make_request method
in the base Controller class.

def make_requests(self, req, ring, part, method, path, headers,
query_string='', overrides=None)

    Which will be passed on the the best_response method. If set and
    no quorum it reached, the override map is used to attempt to find
    quorum.

The overrides map is in the form:

{ <response>: <override response>, .. }

The ObjectController, in the DELETE method now passes an override map
to make_requests method in the base Controller class in the form of:

{ 404: 204 }

Statuses/responses that have been overridden are used in calculation
of the quorum but never returned to the user. They are replaced by:

(STATUS, '', '', '')

And left out of the search for best response.

Change-Id: Ibf969eac3a09d67668d5275e808ed626152dd7eb
Closes-Bug: 1318375

Changed in swift:
status:	In Progress → Fix Committed

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-09-18: Fix proposed to swift (feature/ec)

#7

Fix proposed to branch: feature/ec
Review: https://review.openstack.org/122541

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-09-19: Fix merged to swift (feature/ec)

#8

Download full text (21.0 KiB)

Reviewed: https://review.openstack.org/122541
Committed: https://git.openstack.org/cgit/openstack/swift/commit/?id=18901494e9b4b47fb181a5ead8ed82738db8563f
Submitter: Jenkins
Branch: feature/ec

commit fc5cee5f05692f7e6dd5ad5a6d0ae682dd4bf3e0
Author: Christian Schwede <email address hidden>
Date: Mon Sep 15 17:22:54 2014 +0000

Allow filtering by region in swift-recon

The option "-r" is already used, thus only "--region" is used to specify
filter by region.

Change-Id: If769f2f3191c202933b03b48fe0f22b7c94a4dd6
Closes-Bug: 1369583

commit 423ac74e888dcd693129100e0b37a51428bb62e1
Author: Christian Schwede <email address hidden>
Date: Sun Sep 14 23:41:19 2014 +0200

Fix internal link to keystoneauth in documentation

This patch fixes a broken link at the end of the table in
http://docs.openstack.org/developer/swift/logs.html#swift-source

Change-Id: I989173ac93e0f840997333be0d5cec07eb77b304

commit 64548420c87f3163ed543c9e9a02a4f1abec69e0
Author: Andreas Jaeger <email address hidden>
Date: Sat Sep 13 09:48:14 2014 +0200

Stop using intersphinx

    Remove intersphinx from the docs build as it triggers network calls that
    occasionally fail, and we don't really use intersphinx (links other
    sphinx documents out on the internet)

This also removes the requirement for internet access during docs build.

This can cause docs jobs to fail if the project errors out on
warnings.

Change-Id: I71e941e2a639641a662a163c682eb86d51de42fb
Related-Bug: #1368910

commit 5c9835125802c51e2eb2823f5208d53c358a5e84
Author: Christian Schwede <email address hidden>
Date: Fri Sep 12 14:37:04 2014 +0000

Fix RingBuilder._build_max_replicas_by_tier docstring

The current docstring doesn't include zones, and the order of the
entries is not up to date with the current code. Let's fix this.

Change-Id: Ibabd79427b83d9e8c86b2caeb93dee219c8274c0

commit a03732e142540e5a7d6cb11de5232f0642beb20d
Author: Alistair Coles <email address hidden>
Date: Fri Sep 12 10:20:19 2014 +0100

Add comments to clarify change to www-authenticate test

    Trivial patch to tidy-up change to the functional test for
    www-authenticate header and add a comment to explain
    that multiple header values might be returned.

Change-Id: If62cb3fd9e11450a2be0cec71e80ecb74a959d04
Related-bug: 1368048

commit ab96796dc8d1da9037330da0822c8b8d2264d192
Author: Alistair Coles <email address hidden>
Date: Thu Sep 11 10:23:32 2014 +0100

Fix broken www-authenticate functional test

    testQuotedWWWAuthenticateHeader functional test started failing
    due to a change to keystonemiddleware.auth_token, which now adds
    its own www-authenticate header in addition to the one that swift
    keystoneauth adds.

    This patch changes the functional test to check expected
    swift generated header value is in the concatenation of
    www-authenticate values.

Verified that functional tests still pass using tempauth.

Closes-Bug: 1368048
Change-Id: I913af077df800a559d259c1622f286ad10eae9df

commit f4d3facdf...

Reviewed:  https://review.openstack.org/122541
Committed: https://git.openstack.org/cgit/openstack/swift/commit/?id=18901494e9b4b47fb181a5ead8ed82738db8563f
Submitter: Jenkins
Branch:    feature/ec

commit fc5cee5f05692f7e6dd5ad5a6d0ae682dd4bf3e0
Author: Christian Schwede <christian.schwede@enovance.com>
Date:   Mon Sep 15 17:22:54 2014 +0000

Allow filtering by region in swift-recon
    
    The option "-r" is already used, thus only "--region" is used to specify
    filter by region.
    
    Change-Id: If769f2f3191c202933b03b48fe0f22b7c94a4dd6
    Closes-Bug: 1369583

commit 423ac74e888dcd693129100e0b37a51428bb62e1
Author: Christian Schwede <christian.schwede@enovance.com>
Date:   Sun Sep 14 23:41:19 2014 +0200

Fix internal link to keystoneauth in documentation
    
    This patch fixes a broken link at the end of the table in
    http://docs.openstack.org/developer/swift/logs.html#swift-source
    
    Change-Id: I989173ac93e0f840997333be0d5cec07eb77b304

commit 64548420c87f3163ed543c9e9a02a4f1abec69e0
Author: Andreas Jaeger <aj@suse.de>
Date:   Sat Sep 13 09:48:14 2014 +0200

Stop using intersphinx
    
    Remove intersphinx from the docs build as it triggers network calls that
    occasionally fail, and we don't really use intersphinx (links other
    sphinx documents out on the internet)
    
    This also removes the requirement for internet access during docs build.
    
    This can cause docs jobs to fail if the project errors out on
    warnings.
    
    Change-Id: I71e941e2a639641a662a163c682eb86d51de42fb
    Related-Bug: #1368910

commit 5c9835125802c51e2eb2823f5208d53c358a5e84
Author: Christian Schwede <christian.schwede@enovance.com>
Date:   Fri Sep 12 14:37:04 2014 +0000

Fix RingBuilder._build_max_replicas_by_tier docstring
    
    The current docstring doesn't include zones, and the order of the
    entries is not up to date with the current code. Let's fix this.
    
    Change-Id: Ibabd79427b83d9e8c86b2caeb93dee219c8274c0

commit a03732e142540e5a7d6cb11de5232f0642beb20d
Author: Alistair Coles <alistair.coles@hp.com>
Date:   Fri Sep 12 10:20:19 2014 +0100

Add comments to clarify change to www-authenticate test
    
    Trivial patch to tidy-up change to the functional test for
    www-authenticate header and add a comment to explain
    that multiple header values might be returned.
    
    Change-Id: If62cb3fd9e11450a2be0cec71e80ecb74a959d04
    Related-bug: 1368048

commit ab96796dc8d1da9037330da0822c8b8d2264d192
Author: Alistair Coles <alistair.coles@hp.com>
Date:   Thu Sep 11 10:23:32 2014 +0100

Fix broken www-authenticate functional test
    
    testQuotedWWWAuthenticateHeader functional test started failing
    due to a change to keystonemiddleware.auth_token, which now adds
    its own www-authenticate header in addition to the one that swift
    keystoneauth adds.
    
    This patch changes the functional test to check expected
    swift generated header value is in the concatenation of
    www-authenticate values.
    
    Verified that functional tests still pass using tempauth.
    
    Closes-Bug: 1368048
    Change-Id: I913af077df800a559d259c1622f286ad10eae9df

commit f4d3facdf4b6ec8ee0dcacc7be8999731c68a8ec
Author: Matthew Oliver <matt@oliver.net.au>
Date:   Thu Aug 14 14:39:18 2014 +1000

Treat 404s as 204 on object delete in proxy
    
    This change adds an optional overrides map to _make_request method
    in the base Controller class.
    
      def make_requests(self, req, ring, part, method, path, headers,
                        query_string='', overrides=None)
    
    Which will be passed on the the best_response method. If set and
    no quorum it reached, the override map is used to attempt to find
    quorum.
    
    The overrides map is in the form:
    
        { <response>: <override response>, .. }
    
    The ObjectController, in the DELETE method now passes an override map
    to make_requests method in the base Controller class in the form of:
    
        { 404: 204 }
    
    Statuses/responses that have been overridden are used in calculation
    of the quorum but never returned to the user. They are replaced by:
    
        (STATUS, '', '', '')
    
    And left out of the search for best response.
    
    Change-Id: Ibf969eac3a09d67668d5275e808ed626152dd7eb
    Closes-Bug: 1318375

commit eff9ab74a4b88102e8938c52cb01b311f932949e
Author: David Goetz <dpgoetz@gmail.com>
Date:   Fri Aug 15 15:54:05 2014 -0700

Delete expired objects in slightly smarter way.
    
    When the expirer tries to delete customer objects, if it just walks through the
    containers in order the deamon will tend to send DELETEs to the same container
    highly concurrently. This will in turn create a lot of asyncs because of all
    the concurrent deletes. If the deletes were spread out to multiple containers
    it would improve performance and decrease the number of asyncs made.
    
    Change-Id: I3d08118c197b7f18dd7e880bd5664508934ffd24

commit efdc27caaca96a42c5466131a2c672f92cfac63a
Author: Matt Riedemann <mriedem@us.ibm.com>
Date:   Mon Sep 8 21:00:49 2014 -0700

Fix directory value for compile_catalog
    
    Commit 7a192987c0a5edb9e239ffb4aba3b1dac083b41e sets
    up swift for translation but the compile_catalog
    directory option is pointing at the wrong location
    to scan for po files.
    
    Change-Id: Id4dd24ddfde735ef8ef064882bea045361b5db90
    Closes-Bug: #1367086

commit d2a94bd43c383add237966c9f885be6b890a8141
Author: Richard (Rick) Hawkins <richard.hawkins@rackspace.com>
Date:   Mon Sep 8 13:51:07 2014 -0500

Fix FormPOST max_file_size exceeded bug.
    
    When using FormPOST, if the size of the file being posted exceeds
    max_file_size, a HTTP 499 was being returned rather than HTTP 400.
    
    Change-Id: I48c781735c66eccde3deb6f9c3c184aee964a4a5

commit fa23202b30c5a1ca89802749ccefd1363fac1d72
Author: Timothy Okwii <tokwii@cisco.com>
Date:   Mon Sep 8 17:43:19 2014 -0700

Fixed Typo - dictonary to dictionary
    
    Change-Id: Ia2a07bf1d1a77f6d6af0c8d9f53c2d47c2ba6d75

commit cb55e89bf1892c62a981df6b205d41ebfdee65ef
Author: Clay Gerrard <clay.gerrard@gmail.com>
Date:   Mon Sep 8 12:25:54 2014 -0700

test tempurl header sanitization priority
    
    Change-Id: I0bb3004a717da2f65196bc56b0f7baef49e649e8

commit 88d1d53d98c5e24896710dfeb829de01a85b2d2f
Author: YummyBian <yummy.bian@gmail.com>
Date:   Mon Sep 8 22:43:53 2014 +0800

Too many if clauses in the _clean_incoming_headers and the
    _clean_outgoing_headers routines of the tempurl module
    
    Too many if clauses make code complicated. For more pythonic, you'd
    better to use the for ... else clause instead of them.
    
    Fix Bug #1363125
    
    Change-Id: I837235ecb08dd912e56cdfb363c4b4a6cc053e7d

commit b7281cf2c584cde8f516ba206d90024af03236dd
Author: John Dickinson <me@not.mn>
Date:   Mon Sep 1 11:22:53 2014 -0700

make the bind_port config setting required
    
    In a long-term effort to change the recommended ports for Swift,
    the first step is to require the bind_port in config files. Later,
    we can change the recommended setting.
    
    Anyone currently explicitly setting the ports will not be affected.
    Anyone not setting the ports will need to specify them to match their
    rings.
    
    DocImpact
    
    Change-Id: Icca83a263acdd0afc9016424a3e9f8c15e944789

commit 4dc718e8c3bd2a8bbe1f2d7a98ad03421a70217f
Author: Alistair Coles <alistair.coles@hp.com>
Date:   Mon Sep 8 14:06:00 2014 +0100

Extra unit tests for check_delete_headers
    
    A few extra tests to verify check_delete_headers in
    constraints.py. A little duplication of coverage of existing
    proxy/controllers/test_obj.py:TestObjController.test_POST_delete_at
    but these tests call the recently refactored function directly,
    and also add tests for X-Delete-After taking precedence over
    X-Delete-At.
    
    Change-Id: I129cef15a6feac8a60fd4efbb3535d93f0eaab36

commit 12268677589907e8d10aec6d5aa09c2f72c0ab77
Author: Prashanth Pai <ppai@redhat.com>
Date:   Mon Sep 8 15:35:48 2014 +0530

Mention storage backends in Associated Projects
    
    Change-Id: I6d88cfe668a557c41e6e6958cd73412ca50c6ba8
    Signed-off-by: Prashanth Pai <ppai@redhat.com>

commit 9dcf15f8b50188c592acc4c34e333c738173d516
Author: Thiago da Silva <thiago@redhat.com>
Date:   Thu Aug 21 10:33:30 2014 -0400

moving object validation checks to top of PUT method
    
    This adds a sanity check on x-delete headers as
    part of check_object_creation method
    
    Change-Id: If5069469e433189235b1178ea203b5c8a926f553
    Signed-off-by: Thiago da Silva <thiago@redhat.com>

commit 0221f1f8478fda595e0f1d266f5d04c06cb4e76f
Author: Samuel Merritt <sam@swiftstack.com>
Date:   Fri Sep 5 14:08:03 2014 -0700

Pay attention to all punctual nodes
    
    The proxy sends requests to all storage nodes, but it only needs a
    quorum of them to respond before the proxy can, in turn, respond to
    the client. Thus, it gets quorum, and then briefly waits to see if the
    remainder of the storage nodes respond before giving up on them.
    
    However, the proxy was not paying any attention to the responses from
    the non-quorum storage nodes. This would lead to some odd behavior,
    like a container PUT where the backends returned (201, 201, 202) would
    become a 201 to the client, but the permutation (201, 202, 201) would
    become 202. Further, on object PUT, if the last node responded with an
    error code, that error wouldn't count towards error-limiting.
    
    The fix is quite simple: after getting quorum, the make_requests()
    method was calling a method that returns responses from the remainder
    of the nodes, but it was ignoring that return value and making up
    responses with dummy values instead. Now, prior to making up dummy
    responses, the proxy first uses the responses it already has, and only
    fills in dummy responses for nodes that really didn't respond in time.
    
    Change-Id: I0206b6b2272b0e7dcc80fb6c51840d8dae25cee2

commit 315af1737be9a017a06634ae5f5ab89352e89cb5
Author: Samuel Merritt <sam@swiftstack.com>
Date:   Fri Sep 5 11:39:36 2014 -0700

Error limit the right node on object PUT
    
    If any node had an error on object PUT, the proxy would count the
    error against the last-connected-to node instead of the one with the
    error. Now it counts the error against the right node.
    
    Change-Id: I884eb73cebe0c723473a6d5e390a148fcad0d3ed

commit 72385a6981b38c870dc3c46346fe7eff86f1bba3
Author: Lin Yang <lin.a.yang@intel.com>
Date:   Fri Sep 5 15:51:07 2014 +0800

Change method _sort_key_for to static
    
    This method does not reference to any attribute of this class, so it's better
    to change it to classstatic.
    
    Change-Id: I3ea0ca83cb29ceae9afb20da0c9817a9b044c084
    Signed-off-by: Lin Yang <lin.a.yang@intel.com>

commit 2a8b43e5e73c899cc476428c82c1831fdc546b29
Author: saranjan <saranjan@cisco.com>
Date:   Wed Sep 3 10:40:30 2014 -0700

Spelling mistakes corrected in comments.
    
    Change-Id: Ibbd7511c3a2b08519feb4db18eca6e000603ea32

commit 1a561e67794f6813636377026d8de26f0fb7ad53
Author: Dolph Mathews <dolph.mathews@gmail.com>
Date:   Wed Sep 3 12:03:40 2014 -0500

warn against sorting requirements
    
    Change-Id: I64ae9191863564e278a35d42ec9cd743a233028e
    Closes-Bug: 1365061

commit 84a1e17f2039e6e5ef732c8931fe47f44f770738
Author: Yuan Zhou <yuan.zhou@intel.com>
Date:   Thu Apr 17 15:39:50 2014 +0800

Fix delete versioning objects when previous is expired
    
    When deleteing versioned objects proxy will try to restore the previous
    copy. The COPY request will fail if the previous version is expired but
    not handled by object-expirer.
    
    This patch checks COPY respones on the previous copy, if it's
    HTTP_NOT_FOUND(mostly because it's expired) proxy will try to restore
    with the version before previous.
    
    Closes-Bug #1308446
    Change-Id: I17f049ea3ef62723effae8086ec427f6e151cd9c

commit b9ae377eab9c7ceba4f5909cd1f4e804bf3a5b8f
Author: Alistair Coles <alistair.coles@hp.com>
Date:   Tue Sep 2 15:46:16 2014 +0100

Check for change before container replicator updates db
    
    As described in the related bug report, unnecessary updates
    to the container db during replication can impact object
    object GET performance in certain circumstances.
    
    This patch changes swift/container/replicator.py so that
    calls to merge_timestamps and update_reconciler_sync
    are conditional on values having actually changed.
    
    Related-Bug: 1332025
    Change-Id: If498251656500ed7a3d7ca4b109ea1079b8513c2

commit 8e9b16a9eaef90add74b71e846371ef61396e19a
Author: Andrew Hale <andy@wwwdata.eu>
Date:   Mon Sep 1 18:53:30 2014 +0100

Only bind SAIO daemons to localhost
    
    The SAIO configs have no default bind_ip setting configured
    which causes them to listen on all available IP addresses.
    This can be dangerous on a test machine with public interfaces,
    especially with the default passwords set. Its reasonable to
    choose a more restrictive setup, especially in SAIO which uses
    127.0.0.1 throughout ring-builder, example commands and the
    probe tests.
    
    Change-Id: I471c49705ce09e07ec7acc07ee42a1e220529b82

commit 33980c792d40803e8d4c68bd92d9fd869fb861fa
Author: Samuel Merritt <sam@swiftstack.com>
Date:   Fri Aug 29 15:48:38 2014 -0700

Fix last_modified_date_to_timestamp on non-UTC systems
    
    Before, we were calling datetime.datetime.strftime('%s.%f') to convert
    a datetime to epoch seconds + microseconds. However, the '%s' format
    isn't actually part of Python's library. Rather, Python passes that on
    to the system C library, which is typically glibc. Now, glibc takes
    the '%s' format and helpfully* applies the current timezone as an
    offset. This gives bogus results on machines where UTC is not the
    system timezone. (Yes, some people really do that.)
    
    For example:
    
        >>> import os
        >>> from swift.common import utils
        >>> os.environ['TZ'] = 'PST8PDT,M3.2.0,M11.1.0'
        >>> float(utils.last_modified_date_to_timestamp('1970-01-01T00:00:00.000000'))
        28800.0
        >>>
    
    That timestamp should obviously be 0.
    
    This patch replaces the strftime() call with datetime arithmetic,
    which is entirely in Python so the system timezone doesn't mess it up.
    
    * unhelpfully
    
    Change-Id: I56855acd79a5d8f2c98a771fa9fd2729e4f490b1

commit 849b21a4429e945e5499957b1b884eee9600281f
Author: David Goetz <dpgoetz@gmail.com>
Date:   Thu Aug 28 14:31:29 2014 -0700

Combine acc/cont put_* methods and fix their lock problem.
    
    The container backend is supposed to build a pending file and,
    when it gets to a certain size, flush it all at once into the
    sqlite db. Before this fix, many concurrent threads would ask
    what the pending file size is to see if they should flush
    instead of just appending to the pending file. The problem is
    that many would ask, find it's too big, and try to get a lock.
    The first one wins, flushes, but all the other waiting threads
    still think they have to flush- which is a much slower opertaion
    than just the append. This change gets the lock first and makes
    sure that merge_items is only called when the pending file is full.
    
    Change-Id: I29cfa13a48c8f7d16dd414b2288d50461adbafd2

commit 3a7f80aa472794951461cf95fac4ec029167c17d
Author: Kota Tsuyuzaki <tsuyuzaki.kota@lab.ntt.co.jp>
Date:   Thu Aug 28 19:20:02 2014 -0700

Small Fix for FakeServerConnection
    
    Current FakeServerConnection might cause 499 error
    in some unit tests because sent (put) data will be
    overridden by new one every time.
    e.g. When calling conn.queue.put() twice and more in
    an object PUT sequence, we can use only a last chunk as
    the body. This fixes it to merge all chunks as a body.
    
    Change-Id: I463e9e2b454e3f3eb26950b3af4c8b8167a9a971

commit 5616d98cc32a5c11014d5e31571fac87d795d113
Author: zhang-hare <zhuadl@cn.ibm.com>
Date:   Wed Aug 27 11:42:06 2014 +0800

fix my name in AUTHORS
    
    My author name is my gmail account name, change it to my real name.
    
    Change-Id: Iafd94f694f7d007c54de086941309b119683f6cb

commit 21adf82cf11fa80479676225a8a61c0029387cb5
Author: Clay Gerrard <clay.gerrard@gmail.com>
Date:   Fri Aug 8 02:14:27 2014 -0700

code shuffle post expired headers refactor
    
    Change-Id: I62248d7d3d7e0a3696a30e3d567ac6c2bea3c8eb

commit 43ac76373a353fe74a520108a198b0b563c4f3a2
Author: Constantine Peresypkin <constantine.peresypk@rackspace.com>
Date:   Wed Apr 30 15:00:49 2014 +0300

account to account copy implementation
    
    Adds ability to copy objects between different accounts (on server side)
    
    Adds new header to `PUT` request:
    `X-Copy-From-Account: <account name>`
    Account name corresponds to the last part of storage URL.
    
    Adds new header to `COPY` request:
    `Destination-Account: <account name>`
    Account name corresponds to the last part of storage URL.
    
    If your storage URL is: http://server:8080/v1/AUTH_test
    Then the account name is `AUTH_test`
    
    These headers should be used alongside `X-Copy-From` and `Destination` headers
    The legacy headers should specify `<container name>/<object name>` path as usual.
    
    DocImpact
    
    Change-Id: I0285fe6a47df9e699ac20ae4a83b0bf23829e1e6

commit a4f634bd898603225d2218eec220b61a8fd9865c
Author: anc <alistair.coles@hp.com>
Date:   Fri Mar 28 02:46:08 2014 +0000

Restrict keystone cross-tenant ACLs to IDs
    
    The keystoneauth middleware supports cross-tenant access
    control using the syntax <tenant>:<user> in container ACLs,
    where <tenant> and <user> may currently be either a unique
    id or a name. As a result of the keystone v3 API introducing
    domains, names are no longer globally unique and are only
    unique within a domain. The use of unqualified tenant and
    user names in this ACL syntax is therefore not 'safe' in a
    keystone v3 environment.
    
    This patch modifies keystoneauth to restrict cross-tenant
    ACL matching to use only ids for accounts that are not in
    the default domain. For backwards compatibility,
    names will still be matched in ACLs when both the requesting
    user and tenant are known to be in the default domain AND the
    account's tenant is also in the default domain (the default
    domain being the domain to which existing tenants are
    migrated).
    
    Accounts existing prior to this patch are assumed to be for
    tenants in the default domain. New accounts created using a
    v2 token scoped on the tenant are also assumed to be in the
    default domain. New accounts created using a v3 token scoped
    on the tenant will learn their domain membership from the
    token info. New accounts created using any unscoped token,
    (i.e. with a reselleradmin role) will have unknown domain
    membership and therefore be assumed to NOT be in the default
    domain.
    
    Despite this provision for backwards compatibility, names
    must no longer be used when setting new ACLs in any account,
    including new accounts in the default domain.
    
    This change obviously impacts users accustomed to specifying
    cross-tenant ACLs in terms of names, and further work will be
    necessary to restore those use cases. Some ideas are
    discussed under the bug report. With that caveat, this patch
    removes the reported vulnerability when using
    swift/keystoneauth with a keystone v3 API.
    
    Note: to observe the new 'restricted' behaviour you will need
    to setup keystone user(s) and tenant(s) in a non-default domain
    and set auth_version = v3.0 in the auth_token middleware config
    section of proxy-server.conf. You may also benefit from the
    keystone v3 enabled swiftclient patch under review here:
    https://review.openstack.org/#/c/91788/
    
    DocImpact
    
    blueprint keystone-v3-support
    
    Closes-Bug:  #1299146
    
    Change-Id: Ib32df093f7450f704127da77ff06b595f57615cb

commit 6978275cdb04bb08aaf142d401b52a46527dac4c
Author: Nathan Kinder <nkinder@redhat.com>
Date:   Fri Jul 25 20:47:11 2014 -0700

Avoid usage of insecure mktemp() function
    
    This patch eliminates the use of the deprecated and insecure
    tempfile.mktemp() function.  It has been replaced with secure
    alternatives where temporary files are actually required.
    
    Change-Id: I0a13d6d44cd1abc4b66fa33f39eea407617a01d5
    SecurityImpact
    Closes-bug: #1348869

commit 7a192987c0a5edb9e239ffb4aba3b1dac083b41e
Author: Andreas Jaeger <aj@suse.de>
Date:   Sun Jun 1 11:51:29 2014 +0200

Setup localization properly
    
    To start translation of swift, we need to initially import the
    translation file - and place it at the proper place so that
    the usual CI scripts can handle it.
    
    The proper place is for all python projects
    $PROJECT/locale/$PROJECT.pot, so move locale/$PROJECT.pot to the new
    location and regenerate the file.
    
    Update setup.cfg with the new paths.
    
    Further imports will be done by the OpenStack Proposal bot.
    
    Change-Id: Ide4da91f2af71db529f4a06d6b1e30ba79883506
    Partial-Bug: #608725
    Closes-Bug: #1082805

Thierry Carrez (ttx) on 2014-10-06

Changed in swift:
milestone:	none → 2.2.0-rc1
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2014-10-16

Changed in swift:
milestone:	2.2.0-rc1 → 2.2.0

Revision history for this message

clayg (clay-gerrard) wrote on 2017-04-13:

#9

This can still cause problems.

When the return codes are [204, 404, 404] we currently return 404:

https://github.com/openstack/swift/blob/bcd0eb70afacae1483e9e53d5a4082536770aed8/test/unit/proxy/controllers/test_obj.py#L308

However, with a 2 region 3 replica geo cluster using write affinity - there's always some partitions where two out of three replicas are on handoffs.

That cluster topology isn't ideal for a number of reasons, but we *could* do better at the proxy later.

idea #1) use timestamps (or the lack thereof) to distinguish if the 204 response "missed" an earlier delete - i.g.

[204 ts2, 404 ts1, 404 ts1] => 404
[204 ts2, 404 ?, 404 ?] => 204

idea #2) if *any* response is 204, make additional DELETE requests to handoffs - i.e.

[404, 404, 404] = > 404
[404, 404, 204] => *second round to replica count handoffs*

The second idea could also help when have full disks with expired error limiting

[204, 507, 507] => *second round to throw tombstones on handoffs which has a fair chance to reap .data files and free up space.

/me shrugs

A combination of the both might be good - if we can find an elegant way to model it that isn't overly complicated and causes annoying additional requests in the common case.

OpenStack Object Storage (swift)

DELETE operation not write affinity aware

Bug Description

Other bug subscribers

Remote bug watches