Bug #1715177 “Container cache management is racy” : Bugs : OpenStack Object Storage (swift)

clayg (clay-gerrard) on 2017-09-05

Changed in swift:
status:	New → Opinion
status:	Opinion → New

Revision history for this message

clayg (clay-gerrard) wrote on 2017-09-05:

#1

So, first of all, yes container existence is subject to cache race [1] - but it should work out most of the time generally because of the way we do an optimistic cache invalidation [2] and will always be correct eventually by design.

Honestly the provided script did not work for me, but even trying to modify it [3] I couldn't get it to reproduce any error in a single vm test environment - which makes me think the issue you're experiencing is related to a misconfiguration of the memcache ring for a multi-node environment [4].

I know first hand it can be a big jump to move from single node development/test environments into multi-node pre-production lab and staging environments, and readily admit there's probably lots of ways that we could improve the code and documentation. Perhaps jump in #openstack-swift on Freenode or shoot something out to the mailing list [5] and we can look more closely at what's going on!

1. see recheck_container_existence https://docs.openstack.org/swift/latest/deployment_guide.html#proxy-server &
2. https://github.com/openstack/swift/blob/6da17e992375cba37035527e69ef17aa6a5d6f28/swift/proxy/controllers/container.py#L180
3. https://gist.github.com/clayg/f5e03819315a886c3c35bae6df59734d
4. see memcache_servers https://docs.openstack.org/swift/latest/deployment_guide.html#proxy-server & https://github.com/openstack/swift/blob/master/etc/memcache.conf-sample
5. https://wiki.openstack.org/wiki/Mailing_Lists#Operators

Changed in swift:
status:	New → Opinion

Revision history for this message

Thomas Herve (therve) wrote on 2017-09-05:

#2

Thanks for your response. My script had an error indeed, but it was just missing an "import os". Using your script and removing the time import reproduced it almost immediatel.

My environment is a single VM as well, latest devstack. The environment where I see the related issue is single node as well, so it's not a multi node environment. I looked into the container existence header, but AFAICT it doesn't fix the issue.

Revision history for this message

clayg (clay-gerrard) wrote on 2017-09-05:

#3

might be dependent on how long the requests take compared to each other, we might audit where in the request cycle we're performing the cache invalidation:

https://gist.github.com/clayg/ecaa44089599cfb7ace34ee758f467a5

Changed in swift:
status:	Opinion → Confirmed
importance:	Undecided → Medium

Revision history for this message

Thomas Herve (therve) wrote on 2017-09-05:

#4

Moving the cache clear call as suggested seems to fix the issue for me: http://paste.openstack.org/show/620440/

Revision history for this message

Christian Schwede (cschwede) wrote on 2017-09-06:

#5

Thanks Thomas for the extensive debugging!

I can confirm this on another deployment with TripleO - same behaviour.

And moving the cache clear call as Thomas suggests fixes that issue.

Revision history for this message

clayg (clay-gerrard) wrote on 2017-09-06:

#6

Fix is here:

https://review.openstack.org/#/c/500978/

... currently waiting on some tests

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-09-20: Related fix proposed to swift (master)

#7

Related fix proposed to branch: master
Review: https://review.openstack.org/505557

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-09-20: Fix merged to swift (master)

#8

Reviewed: https://review.openstack.org/500978
Committed: https://git.openstack.org/cgit/openstack/swift/commit/?id=244d7de388e7a62f488e9272efcb9adba8021274
Submitter: Jenkins
Branch: master

commit 244d7de388e7a62f488e9272efcb9adba8021274
Author: Thomas Herve <email address hidden>
Date: Tue Sep 5 22:42:32 2017 +0200

Delay cache invalidation during container creation

    Having the cache being cleared before the PUT request creates a
    fairly big window where the cache can be inconsistent, if a concurrent
    GET happens. Let's move the cache clear after the requests to reduce it.

Change-Id: I45130cc32ba3a23272c2a67c86b4063000379426
Closes-Bug: #1715177

Changed in swift:
status:	Confirmed → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-09-20: Fix proposed to swift (stable/pike)

#9

Fix proposed to branch: stable/pike
Review: https://review.openstack.org/505700

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-09-20: Related fix merged to swift (master)

#10

Reviewed: https://review.openstack.org/505557
Committed: https://git.openstack.org/cgit/openstack/swift/commit/?id=8556b06bf75e46369088f1cc6e2aa5d6cc00251b
Submitter: Jenkins
Branch: master

commit 8556b06bf75e46369088f1cc6e2aa5d6cc00251b
Author: Christian Schwede <email address hidden>
Date: Wed Sep 20 10:56:41 2017 +0200

Add test to ensure cache cleared after container PUT

    The parent commit fixes a race condition. Let's make sure there won't be
    a regression in the future, thus testing the order to ensure the cache
    is cleared after the request is executed.

Related-Bug: #1715177
Change-Id: I4f6750b7c556b498da0a2b56aa6c8cee5e42a90c

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-09-20: Related fix proposed to swift (feature/deep)

#11

Related fix proposed to branch: feature/deep
Review: https://review.openstack.org/505844

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-09-21: Related fix merged to swift (feature/deep)

#12

Download full text (8.5 KiB)

Reviewed: https://review.openstack.org/505844
Committed: https://git.openstack.org/cgit/openstack/swift/commit/?id=67b3a747869ad1727d88cb77fa65858a3c98f8a5
Submitter: Jenkins
Branch: feature/deep

commit 8556b06bf75e46369088f1cc6e2aa5d6cc00251b
Author: Christian Schwede <email address hidden>
Date: Wed Sep 20 10:56:41 2017 +0200

Add test to ensure cache cleared after container PUT

    The parent commit fixes a race condition. Let's make sure there won't be
    a regression in the future, thus testing the order to ensure the cache
    is cleared after the request is executed.

Related-Bug: #1715177
Change-Id: I4f6750b7c556b498da0a2b56aa6c8cee5e42a90c

commit 6b19ca7a7d5833f5648976d8d30c776975e361db
Author: Tim Burke <email address hidden>
Date: Fri Sep 15 22:52:26 2017 +0000

proxy: Use the right ranges when going to multiple object servers

    When the proxy times out talking to a backend server (say, because it
    was under heavy load and having trouble servicing the request), we catch
    the ChunkReadTimeout and try to get the rest from another server. The
    client by and large doesn't care; there may be a brief pause in the
    download while the proxy get the new connection, but all the bytes
    arrive and in the right order:

GET from node1, serve bytes 0 through N, timeout
GET from node2, serve bytes N through end

    When we calculate the range for the new request, we check to see if we
    already have one from the previous request -- if one exists, we adjust
    it based on the bytes sent to the client thus far. This works fine for
    single failures, but if we need to go back *again* we double up the
    offset and send the client incomplete, bad data:

        GET from node1, serve bytes 0 through N, timeout
        GET from node2, serve bytes N through M, timeout
        GET from node3, serve bytes N + M through end

Leaving the client missing bytes M through N + M.

    We should adjust the range based on the number of bytes pulled from the
    *backend* rather than delivered to the *frontend*. This just requires
    that we reset our book-keeping after adjusting the Range header.

Change-Id: Ie153d01479c4242c01f48bf0ada78c2f9b6c8ff0
Closes-Bug: 1717401

commit d6fcf7459435077b525123e8b78e553070d5c070
Author: Kota Tsuyuzaki <email address hidden>
Date: Sat Sep 16 04:58:31 2017 +0900

Make gate keeper to save relative location header path

    Why we need this:
      Some middlewares want to keep HTTP Location header as relative path
      (e.g. using Load balancer in front of proxy).

    What is the problem in current Swift:
      Current Swift already has the flag to keep it as relative when returning
      the reponse using swift.common.swob.Response. However, auth_token middleware,
      that is from keystonemiddleware, unfortunately can change the relative path
      to absolute because of using webob instead of swob.

    What this patch is doing:
      Make gate_keeper able to re-transform the location header from absolute path
      to relative path if 'swift.leave_relative_location' is explicitely set...

Reviewed:  https://review.openstack.org/505844
Committed: https://git.openstack.org/cgit/openstack/swift/commit/?id=67b3a747869ad1727d88cb77fa65858a3c98f8a5
Submitter: Jenkins
Branch:    feature/deep

commit 8556b06bf75e46369088f1cc6e2aa5d6cc00251b
Author: Christian Schwede <cschwede@redhat.com>
Date:   Wed Sep 20 10:56:41 2017 +0200

Add test to ensure cache cleared after container PUT
    
    The parent commit fixes a race condition. Let's make sure there won't be
    a regression in the future, thus testing the order to ensure the cache
    is cleared after the request is executed.
    
    Related-Bug: #1715177
    Change-Id: I4f6750b7c556b498da0a2b56aa6c8cee5e42a90c

commit 6b19ca7a7d5833f5648976d8d30c776975e361db
Author: Tim Burke <tim.burke@gmail.com>
Date:   Fri Sep 15 22:52:26 2017 +0000

proxy: Use the right ranges when going to multiple object servers
    
    When the proxy times out talking to a backend server (say, because it
    was under heavy load and having trouble servicing the request), we catch
    the ChunkReadTimeout and try to get the rest from another server. The
    client by and large doesn't care; there may be a brief pause in the
    download while the proxy get the new connection, but all the bytes
    arrive and in the right order:
    
        GET from node1, serve bytes 0 through N, timeout
        GET from node2, serve bytes N through end
    
    When we calculate the range for the new request, we check to see if we
    already have one from the previous request -- if one exists, we adjust
    it based on the bytes sent to the client thus far. This works fine for
    single failures, but if we need to go back *again* we double up the
    offset and send the client incomplete, bad data:
    
        GET from node1, serve bytes 0 through N, timeout
        GET from node2, serve bytes N through M, timeout
        GET from node3, serve bytes N + M through end
    
    Leaving the client missing bytes M through N + M.
    
    We should adjust the range based on the number of bytes pulled from the
    *backend* rather than delivered to the *frontend*. This just requires
    that we reset our book-keeping after adjusting the Range header.
    
    Change-Id: Ie153d01479c4242c01f48bf0ada78c2f9b6c8ff0
    Closes-Bug: 1717401

commit d6fcf7459435077b525123e8b78e553070d5c070
Author: Kota Tsuyuzaki <tsuyuzaki.kota@lab.ntt.co.jp>
Date:   Sat Sep 16 04:58:31 2017 +0900

Make gate keeper to save relative location header path
    
    Why we need this:
      Some middlewares want to keep HTTP Location header as relative path
      (e.g. using Load balancer in front of proxy).
    
    What is the problem in current Swift:
      Current Swift already has the flag to keep it as relative when returning
      the reponse using swift.common.swob.Response. However, auth_token middleware,
      that is from keystonemiddleware, unfortunately can change the relative path
      to absolute because of using webob instead of swob.
    
    What this patch is doing:
      Make gate_keeper able to re-transform the location header from absolute path
      to relative path if 'swift.leave_relative_location' is explicitely set because
      gate_keeper should be the most left side middleware except catch_errors middleware
      in the pipeline.
    
    Change-Id: Ic634c3f1b1e26635206d5a54df8b15354e8df163

commit 1e79f828ad10918bd76ae8df6fe4c4dbf7bbf3c5
Author: Kota Tsuyuzaki <tsuyuzaki.kota@lab.ntt.co.jp>
Date:   Thu Sep 14 20:57:46 2017 +0900

Remove all post_as_copy related code and configes
    
    It was deprecated and we discussed on this topic in Denver PTG
    for Queen cycle. Main motivation for this work is that deprecated
    post_as_copy option and its gate blocks future symlink work.
    
    Change-Id: I411893db1565864ed5beb6ae75c38b982a574476

commit 4806434cb0e857ce624c62df2a262e3c3bb9f4d1
Author: Tim Burke <tim.burke@gmail.com>
Date:   Thu Mar 23 18:26:21 2017 -0700

Move listing formatting out to proxy middleware
    
    Make some json -> (text, xml) stuff in a common module, reference that in
    account/container servers so we don't break existing clients (including
    out-of-date proxies), but have the proxy controllers always force a json
    listing.
    
    This simplifies operations on listings (such as the ones already happening in
    decrypter, or the ones planned for symlink and sharding) by only needing to
    consider a single response type.
    
    There is a downside of larger backend requests for text/plain listings, but
    it seems like a net win?
    
    Change-Id: Id3ce37aa0402e2d8dd5784ce329d7cb4fbaf700d

commit df00122e74c31ea6d5dec523c7d59a6ad2fedc26
Author: junboli <junbo85.li@gmail.com>
Date:   Tue Sep 5 19:01:48 2017 +0800

doc migration: update the doc link address[2/3]
    
    Update the doc link brought by the doc migration.
    Although we had some effort to fix these, it still left lots of bad
    doc link, I separate these changes into 3 patches aim to fix all of
    these, this is the 2st patch for doc/manpages.
    
    Change-Id: Id426c5dd45a812ef801042834c93701bb6e63a05

commit 5622c1f959fac44e325768b6b3d9a1961c366dd2
Author: Clay Gerrard <clay.gerrard@gmail.com>
Date:   Wed Sep 13 09:58:10 2017 -0600

Test placeholder for dispersion_report module
    
    This module was recently moved from bin/ and the execute bit stuck
    around and wasn't imported by our test suite - which throws off
    accountability in coverage reporting.
    
    Remove the execute bit and add a placeholder unittest module.
    
    Related-Change-Id: Ie0d52a1a54fc152bb72cbb3f84dcc36a8dad972a
    Change-Id: Id9e678c2460cc889f682c5566a4418160db7878f

commit 6305993317934de8724a81afe7e21fb06c7d44d0
Author: junboli <junbo85.li@gmail.com>
Date:   Tue Sep 5 19:16:30 2017 +0800

Correct the unused doc link address
    
    Update the doc link brought by the doc migration.
    Although we had some effort to fix these, it still left lots of bad
    doc link, I separate these changes into 3 patches aim to fix all of
    these, this is the 3rd patch for doc/source/install.
    
    Change-Id: I1b0c12cd5f893f1a84d12782ddc39f6d06beb2aa

commit cbddec340e2eda81cb06dfdc455d3fb108a48f05
Author: Christian Schwede <cschwede@redhat.com>
Date:   Fri Jun 23 17:39:08 2017 +0200

Add bin/swift-dispersion-report
    
    Change-Id: I81736080fc478c2b69d5b71edd0cada39aad9400

commit b77de5393f540973685095cf087b3f839a55ba9f
Author: Christian Schwede <cschwede@redhat.com>
Date:   Fri Jun 23 16:34:10 2017 +0200

Make swift-dispersion-report importable
    
    This patch allows to import the dispersion report tool, and thus making
    it more easily usable within other Python tools. This can be also used
    in a follow up patch to add some tests for the report tool.
    
    It also fixes a bug when using the "--dump-json" option - until now it
    returned the policy name and made the JSON invalid.
    
    Change-Id: Ie0d52a1a54fc152bb72cbb3f84dcc36a8dad972a

commit 8f843381cd30c1c3cb556b5abe1203d1e76b889b
Author: Tim Burke <tim.burke@gmail.com>
Date:   Tue Sep 12 06:20:11 2017 +0000

Add assertion about last-modified to object post test
    
    Change-Id: I850bf44ab9c9388cb6434e33ae0b20ec361aca0e

commit 244d7de388e7a62f488e9272efcb9adba8021274
Author: Thomas Herve <therve@redhat.com>
Date:   Tue Sep 5 22:42:32 2017 +0200

Delay cache invalidation during container creation
    
    Having the cache being cleared before the PUT request creates a
    fairly big window where the cache can be inconsistent, if a concurrent
    GET happens. Let's move the cache clear after the requests to reduce it.
    
    Change-Id: I45130cc32ba3a23272c2a67c86b4063000379426
    Closes-Bug: #1715177

commit 163fb4d52a85e0467c8c6b616e2cd9faa1faa41b
Author: Pavel Kvasnička <pavel.kvasnicka@firma.seznam.cz>
Date:   Wed Apr 19 15:09:40 2017 +0200

Always require device dir for containers
    
    For test purposes (e.g. saio probetests) even if mount_check is False,
    still require check_dir for account/container server storage when real
    mount points are not used.
    
    This behavior is consistent with the object-server's checks in diskfile.
    
    Co-Author: Clay Gerrard <clay.gerrard@gmail.com>
    Related lp bug #1693005
    Related-Change-Id: I344f9daaa038c6946be11e1cf8c4ef104a09e68b
    Depends-On: I52c4ecb70b1ae47e613ba243da5a4d94e5adedf2
    Change-Id: I3362a6ebff423016bb367b4b6b322bb41ae08764

commit 8e59dfbee2a67f84a1fd1d5cc1679ec514255fdc
Author: Tim Burke <tim.burke@gmail.com>
Date:   Wed Apr 19 00:28:50 2017 +0000

Log remote_merges during DB replication
    
    Change-Id: I1850f09bab16401479b5a0cc521f67a32ea9c9f5

tags:

added: in-feature-deep

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-09-27: Fix merged to swift (stable/pike)

#13

Reviewed: https://review.openstack.org/505700
Committed: https://git.openstack.org/cgit/openstack/swift/commit/?id=69a7be65bee876507513d437e555d4de341fe076
Submitter: Jenkins
Branch: stable/pike

commit 69a7be65bee876507513d437e555d4de341fe076
Author: Thomas Herve <email address hidden>
Date: Tue Sep 5 22:42:32 2017 +0200

Delay cache invalidation during container creation

    Having the cache being cleared before the PUT request creates a
    fairly big window where the cache can be inconsistent, if a concurrent
    GET happens. Let's move the cache clear after the requests to reduce it.

    Change-Id: I45130cc32ba3a23272c2a67c86b4063000379426
    Closes-Bug: #1715177
    (cherry picked from commit 244d7de388e7a62f488e9272efcb9adba8021274)

tags:

added: in-stable-pike

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-10-16: Related fix proposed to swift (feature/s3api)

#14

Related fix proposed to branch: feature/s3api
Review: https://review.openstack.org/512277

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-10-16:

#15

Related fix proposed to branch: feature/s3api
Review: https://review.openstack.org/512283

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-10-16: Change abandoned on swift (feature/s3api)

#16

Change abandoned by Alistair Coles (<email address hidden>) on branch: feature/s3api
Review: https://review.openstack.org/512283
Reason: I was just trying to get sensible topic

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-10-18: Related fix merged to swift (feature/s3api)

#17

Download full text (23.2 KiB)

Reviewed: https://review.openstack.org/512277
Committed: https://git.openstack.org/cgit/openstack/swift/commit/?id=f94d6567a7e2e8b3ca1168b4a41c42c1ee371af5
Submitter: Zuul
Branch: feature/s3api

commit 24188beb81d39790034fa0902246163a7bf54c91
Author: Samuel Merritt <email address hidden>
Date: Thu Oct 12 16:13:25 2017 -0700

Remove some leftover threadpool cruft.

Change-Id: I43a1a428bd96a2e18aac334c03743a9f94f7d3e1

commit 1d67485c0b935719e0c8999eb353dfd84713add6
Author: Samuel Merritt <email address hidden>
Date: Fri Apr 15 12:43:44 2016 -0700

Move all monkey patching to one function

Change-Id: I2db2e53c50bcfa17f08a136581cfd7ac4958ada2

commit 407f5394f0f5cb422c06b4e5b2f9fbfdb07782d1
Author: OpenStack Proposal Bot <email address hidden>
Date: Thu Oct 12 08:12:38 2017 +0000

Imported Translations from Zanata

For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I628cb09aa78d8e339b4762a3c9ed8aed43941261

commit 45ca39fc68cdb42b382c1638a92cc8d3cec5529a
Author: Clay Gerrard <email address hidden>
Date: Tue Oct 10 11:47:50 2017 -0700

add mangle_client_paths to example config

Change-Id: Ic1126fc95e8152025fccf25356c253facce3e3ec

commit 94bac4ab2fe65104d602378e8e49c37b8187a75d
Author: Tim Burke <email address hidden>
Date: Fri May 12 10:55:21 2017 -0400

domain_remap: stop mangling client-provided paths

    The root_path option for domain_remap seems to serve two purposes:
     - provide the first component (version) for the backend request
     - be an optional leading component for the client request, which
       should be stripped off

As a result, we have mappings like:

c.a.example.com/v1/o -> /v1/AUTH_a/c/o

instead of

c.a.example.com/v1/o -> /v1/AUTH_a/c/v1/o

which is rather bizarre. Why on earth did we *ever* start doing this?

Now, this second behavior is managed by a config option
(mangle_client_paths) with the default being to disable it.

Upgrade Consideration
=====================

If for some reason you *do* want to drop some parts of the
client-supplied path, add

mangle_client_paths = True

to the [filter:domain_remap] section of your proxy-server.conf. Do this
before upgrading to avoid any loss of availability.

UpgradeImpact
Change-Id: I87944bfbf8b767e1fc36dbc7910305fa1f11eeed

commit a4a5494fd2fe8a43a5d50a21a1951266cc7c4212
Author: Alistair Coles <email address hidden>
Date: Mon Oct 9 11:33:28 2017 +0100

test account autocreate listing format

Related-Change: Id3ce37aa0402e2d8dd5784ce329d7cb4fbaf700d
Change-Id: I50c22225bbebff71600bea9158bda1edd18b48b0

commit 8b7f15223cde4c19fd9cbbd97e8ad79a1b4afa8d
Author: Alistair Coles <email address hidden>
Date: Mon Oct 9 10:06:19 2017 +0100

Add example to container-sync-realms.conf.5 man page

Related-Change: I0760ce149e6d74f2b3f1badebac3e36da1ab7e77

Change-Id: I129de42f91d7924c7bcb9952f17fe8a1a10ae219

commit 816331155c624c444ed123bcab412...

Reviewed:  https://review.openstack.org/512277
Committed: https://git.openstack.org/cgit/openstack/swift/commit/?id=f94d6567a7e2e8b3ca1168b4a41c42c1ee371af5
Submitter: Zuul
Branch:    feature/s3api

commit 24188beb81d39790034fa0902246163a7bf54c91
Author: Samuel Merritt <sam@swiftstack.com>
Date:   Thu Oct 12 16:13:25 2017 -0700

Remove some leftover threadpool cruft.
    
    Change-Id: I43a1a428bd96a2e18aac334c03743a9f94f7d3e1

commit 1d67485c0b935719e0c8999eb353dfd84713add6
Author: Samuel Merritt <sam@swiftstack.com>
Date:   Fri Apr 15 12:43:44 2016 -0700

Move all monkey patching to one function
    
    Change-Id: I2db2e53c50bcfa17f08a136581cfd7ac4958ada2

commit 407f5394f0f5cb422c06b4e5b2f9fbfdb07782d1
Author: OpenStack Proposal Bot <openstack-infra@lists.openstack.org>
Date:   Thu Oct 12 08:12:38 2017 +0000

Imported Translations from Zanata
    
    For more information about this automatic import see:
    https://docs.openstack.org/i18n/latest/reviewing-translation-import.html
    
    Change-Id: I628cb09aa78d8e339b4762a3c9ed8aed43941261

commit 45ca39fc68cdb42b382c1638a92cc8d3cec5529a
Author: Clay Gerrard <clay.gerrard@gmail.com>
Date:   Tue Oct 10 11:47:50 2017 -0700

add mangle_client_paths to example config
    
    Change-Id: Ic1126fc95e8152025fccf25356c253facce3e3ec

commit 94bac4ab2fe65104d602378e8e49c37b8187a75d
Author: Tim Burke <tim.burke@gmail.com>
Date:   Fri May 12 10:55:21 2017 -0400

domain_remap: stop mangling client-provided paths
    
    The root_path option for domain_remap seems to serve two purposes:
     - provide the first component (version) for the backend request
     - be an optional leading component for the client request, which
       should be stripped off
    
    As a result, we have mappings like:
    
       c.a.example.com/v1/o -> /v1/AUTH_a/c/o
    
    instead of
    
       c.a.example.com/v1/o -> /v1/AUTH_a/c/v1/o
    
    which is rather bizarre. Why on earth did we *ever* start doing this?
    
    Now, this second behavior is managed by a config option
    (mangle_client_paths) with the default being to disable it.
    
    Upgrade Consideration
    =====================
    
    If for some reason you *do* want to drop some parts of the
    client-supplied path, add
    
       mangle_client_paths = True
    
    to the [filter:domain_remap] section of your proxy-server.conf. Do this
    before upgrading to avoid any loss of availability.
    
    UpgradeImpact
    Change-Id: I87944bfbf8b767e1fc36dbc7910305fa1f11eeed

commit a4a5494fd2fe8a43a5d50a21a1951266cc7c4212
Author: Alistair Coles <alistairncoles@gmail.com>
Date:   Mon Oct 9 11:33:28 2017 +0100

test account autocreate listing format
    
    Related-Change: Id3ce37aa0402e2d8dd5784ce329d7cb4fbaf700d
    Change-Id: I50c22225bbebff71600bea9158bda1edd18b48b0

commit 8b7f15223cde4c19fd9cbbd97e8ad79a1b4afa8d
Author: Alistair Coles <alistairncoles@gmail.com>
Date:   Mon Oct 9 10:06:19 2017 +0100

Add example to container-sync-realms.conf.5 man page
    
    Related-Change: I0760ce149e6d74f2b3f1badebac3e36da1ab7e77
    
    Change-Id: I129de42f91d7924c7bcb9952f17fe8a1a10ae219

commit 816331155c624c444ed123bcab412821bd7854fb
Author: HCLTech-SSW <hcl_ss_oss@hcl.com>
Date:   Fri Oct 6 01:37:34 2017 -0700

Added the man page for container-sync-realms.conf
    
    Updated the comments of reviewers.
    
    Change-Id: I0760ce149e6d74f2b3f1badebac3e36da1ab7e77
    Closes-Bug: #1607026

commit 747b9d928624a3f44f1f9f0269489597cddc5997
Author: Jan Zerebecki <jan.openstack@zerebecki.de>
Date:   Wed Oct 4 21:14:03 2017 +0200

Fix swift-ring-builder set_weight with >1 device
    
    When iterating over the (device, weight) tuples do not carry over the
    device from the previous iteration.
    
    Closes-Bug: 1454433
    Change-Id: Iba82519b0b2bc80e2c1abbed308b651c4da4b06a

commit 839c13003aea955c48e77269d4d40a567e07dd44
Author: Tim Burke <tim.burke@gmail.com>
Date:   Wed Oct 4 18:59:49 2017 +0000

Stop clearing params for account_autocreate responses
    
    Otherwise, we send back a 204 where middlewares should be expecting
    a 200 and an empty JSON array.
    
    Change-Id: I05549342327108f71b60a316f734c55bc9589915
    Related-Change: Id3ce37aa0402e2d8dd5784ce329d7cb4fbaf700d

commit 4665c175be7f5299b577925e922a59dfa33ada8c
Author: Tim Burke <tim.burke@gmail.com>
Date:   Mon Oct 2 22:56:42 2017 +0000

Clean up SLO tests and docs
    
    Change-Id: If7087cb674d6c575c4073ba09b5ef056d908655b

commit 79905ae794db2da82c8834dc24177b1820b8c53a
Author: Tim Burke <tim.burke@gmail.com>
Date:   Wed Sep 27 22:10:42 2017 +0000

Replace SOSO auth prefix in examples with more-standard AUTH
    
    Change-Id: I98643d6acf248840a8360f31e446bc8ecb834898

commit 4716d3da1188eb2f2971004461554b05d0061ec6
Author: Tim Burke <tim.burke@gmail.com>
Date:   Wed Sep 27 22:05:40 2017 +0000

swift-account-audit: compare each etag to the hash from container
    
    ...rather than only comparing the ETag from the last response over and
    over again.
    
    NB: This tool *does not* like EC data :-(
    
    Change-Id: Idd37f94b07f607ab8a404dd986760361c39af029
    Closes-Bug: 1266636

commit 93fc9d2de86f37f62b1d6768600d0551e1b72fb6
Author: Alistair Coles <alistairncoles@gmail.com>
Date:   Wed Sep 27 16:35:27 2017 +0100

Add cautionary note re delay_reaping in account-server.conf-sample
    
    Change-Id: I2c3eea783321338316eecf467d30ba0b3217256c
    Related-Bug: #1514528

commit c6aea4b3730c937c41815831a7b4d60ff2899fcb
Author: Tim Burke <tim.burke@gmail.com>
Date:   Wed Sep 27 19:19:53 2017 +0000

Fix intermittent failure in test_x_delete_after
    
    X-Delete-After: 1 is known to be flakey; use 2 instead.
    
    When the proxy receives an X-Delete-After header, it automatically
    converts it to an X-Delete-At header based on the current time. So far,
    so good. But in normalize_delete_at_timestamp we convert our
    
        time.time() + int(req.headers['X-Delete-After'])
    
    to a string representation of an integer and in the process always round
    *down*. As a result, we lose up to a second worth of object validity,
    meaning the object server can (rarely) respond 400, complaining that the
    X-Delete-At is in the past.
    
    Change-Id: Ib5e5a48f5cbed0eade8ba3bca96b26c82a9f9d84
    Related-Change: I643be9af8f054f33897dd74071027a739eaa2c5c
    Related-Change: I10d3b9fcbefff3c415a92fa284a1ea1eda458581
    Related-Change: Ifdb1920e5266aaa278baa0759fc0bfaa1aff2d0d
    Related-Bug: #1597520
    Closes-Bug: #1699114

commit 5c76b9e691166acc1f7b8483aaa3980ebc70bd3a
Author: Alistair Coles <alistairncoles@gmail.com>
Date:   Wed Sep 27 14:11:14 2017 +0100

Add concurrent_gets to proxy.conf man page
    
    Change-Id: Iab1beff4899d096936c0e5915f3ec32364b3e517
    Closes-Bug: #1559347

commit b4f08b6090057897ac647ba6331a4ec867b8e3b8
Author: Jens Harbott <j.harbott@x-ion.de>
Date:   Wed Sep 27 09:10:54 2017 +0000

Fix functest for IPv6 endpoints
    
    Currently the functional tests fail if the storage_url contains a quoted
    IPv6 address because we try to split on ':'.
    
    But actually we don't need to split hostname and port only in order to
    combine it back together lateron. Use the standard urlparse() function
    instead and work with the 'netloc' part of the URL which keeps hostname
    and port together.
    
    Change-Id: I64589e5f2d6fb3cebc6768dc9e4de6264c09cbeb
    Partial-Bug: 1656329

commit 36a843be73e2d58c3fe49a049d514b421124bd06
Author: Clay Gerrard <clay.gerrard@gmail.com>
Date:   Mon Jun 27 17:31:12 2016 -0700

Preserve X-Static-Large-Object from .data file after POST
    
    You can't modify the X-Static-Large-Object metadata with a POST, an
    object being a SLO is a property of the .data file.  Revert the change
    from 4500ff which attempts to correctly handle X-Static-Large-Object
    metadata on a POST, but is subject to a race if the most recent SLO
    .data isn't available during the POST.  Instead this change adjusts the
    reading of metadata such that the X-Static-Large-Object metadata is
    always preserved from the metadata on the datafile and bleeds through
    a .meta if any.
    
    Closes-bug: #1453807
    Closes-bug: #1634723
    
    Co-Authored-By: Kota Tsuyuzaki <tsuyuzaki.kota@lab.ntt.co.jp>
    Change-Id: Ie48a38442559229a2993443ab0a04dc84717ca59

commit 53ab6f2907eff2bb90528010d881f2f87ee02505
Author: Alistair Coles <alistairncoles@gmail.com>
Date:   Tue Sep 26 11:43:53 2017 +0100

Assert memcached connection error is logged
    
    Follow up to [1] - change logger mocking so that we can
    assert the memcached connection error is logged.
    
    [1] Related-Change: I97c5420b4b4ecc127e9e94e9d0f91fbe92a5f623
    
    Change-Id: I87cf4245082c5e0f0705c2c14ddfc0b5d5d89c06

commit c662e5fc8e7800ca516468aaab582c146063c3d6
Author: Alistair Coles <alistairncoles@gmail.com>
Date:   Tue Sep 26 10:15:59 2017 +0100

Add account_autocreate=true to internal-client.conf-sample
    
    Closes-Bug: #1698426
    Change-Id: I8a29a685bb12e60f4da4a0dc8270b408241ec415

commit e501ac7d2be5c11b2ed0005885c84023054ec041
Author: Matthew Oliver <matt@oliver.net.au>
Date:   Thu Sep 3 12:19:05 2015 +1000

Fix memcached exception out of range stacktrace
    
    When a memecached server goes offline in the middle of a
    MemcahceRing (swift memcache client) session then a request
    to memcached returns nothing and the client inside swift
    leaves an "IndexError: list index out of range" stacktrace.
    
    This change corrects that in all the places of MemcacheRing
    that is susceptible to it, and added some tests to stop
    regression.
    
    Clay added a diff to the bug that pretty much did the same
    thing I did, so I'll co-author him.
    
    Change-Id: I97c5420b4b4ecc127e9e94e9d0f91fbe92a5f623
    Co-Authored-By: Clay Gerrard <clay.gerrard@gmail.com>
    Closes-Bug: #897451

commit 23219664564d1b5a7ba02bbf8309ec699ab7a4cb
Author: Kota Tsuyuzaki <tsuyuzaki.kota@lab.ntt.co.jp>
Date:   Fri Jun 30 02:03:48 2017 -0700

Accept a trade off of dispersion for balance
    
    ... but only if we *have* to!
    
    During the initial gather for balance we prefer to avoid replicas on
    over-weight devices that are already under-represented in any of it's
    tiers (i.e. if a zone has to have at least one, but may have as many of
    two, don't take the only replica).  Instead we hope by going for
    replicas on over-weight devices that are at the limits of their
    dispersion we might have a better than even chance we find a better
    place for them during placement!
    
    This normally works on out - and especially so for rings which can
    disperse and balance.  But for existing rings where we'd have to
    sacrifice dispersion to improve balance the existing optimistic gather
    will end up refusing to trade dispersion for balance - and instead get
    stuck without solving either!
    
    You should always be able to solve for *either* dispersion or balance.
    But if you can't solve *both* - we bail out on our optimistic gather
    much more quickly and instead just focus on improving balance.  With
    this change, the ring can get into balanced (and un-dispersed) states
    much more quickly!
    
    Change-Id: I17ac627f94f64211afaccad15596a9fcab2fada2
    Related-Change-Id: Ie6e2d116b65938edac29efa6171e2470bb3e8e12
    Closes-Bug: 1699636
    Closes-Bug: 1701472

commit 69a90dcd7511756ff72d89bb0b6f744e1a135456
Author: Thiago da Silva <thiago@redhat.com>
Date:   Mon Sep 25 13:27:50 2017 -0400

Remove reference to EC being in beta
    
    Closes-Bug: #1719095
    
    Change-Id: I8051895987bf72c8095e72b5a521042a13993174
    Signed-off-by: Thiago da Silva <thiago@redhat.com>

commit 64d24076842559fcfc5d654eaf3a303b3112ea38
Author: Clay Gerrard <clay.gerrard@gmail.com>
Date:   Tue Sep 19 18:11:09 2017 -0700

Follow-up test fixup
    
    Use more literals to make test more obvious/readable - DAMP not DRY.
    
    Change-Id: I2562085c829dbc2c812d8e624d6b71a7ccee91ed
    Related-Change-Id: Ie153d01479c4242c01f48bf0ada78c2f9b6c8ff0

commit cc17c99e73e9ddb1768f2979074c3ec043e0a3b4
Author: Tim Burke <tim.burke@gmail.com>
Date:   Thu Sep 21 22:25:57 2017 +0000

Stop reloading swift.common.utils in test_daemon
    
    This was causing some headaches over on feature/deep where a __eq__
    wasn't working as expected because neither self nor other was an
    instance of the class we thought we were using. Apparently, this
    also fixes some issues when using fake_syslog = True?
    
    There are two other places that we use reload_module, in
    test_db_replicator and test_manager, but the monkey patching isn't
    nearly as straight-forward.
    
    Change-Id: I94d6578e275219e9687fee2f0c7cc4f99454b77f
    Related-Bug: 1704192