Merge "authors/changelog for 2.20.0 release"

This commit is contained in:
Zuul 2018-12-15 05:10:56 +00:00 committed by Gerrit Code Review
commit 184fdf17ef
4 changed files with 234 additions and 2 deletions

View File

@ -125,3 +125,4 @@ Bryan Keller <kellerbr@us.ibm.com>
Doug Hellmann <doug@doughellmann.com> <doug.hellmann@dreamhost.com>
zhangdebo1987 <zhangdebo@inspur.com> zhangdebo
Thomas Goirand <thomas@goirand.fr> <zigo@debian.org>
Thiago da Silva <thiagodasilva@gmail.com> <thiago@redhat.com>

13
AUTHORS
View File

@ -88,6 +88,7 @@ chenaidong1 (chen.aidong@zte.com.cn)
cheng (li.chenga@h3c.com)
Cheng Li (shcli@cn.ibm.com)
chengebj5238 (chengebj@inspur.com)
chenxiangui (chenxiangui@inspur.com)
Chmouel Boudjnah (chmouel@enovance.com)
Chris Wedgwood (cw@f00f.org)
Christian Berendt (berendt@b1-systems.de)
@ -106,6 +107,7 @@ Constantine Peresypkin (constantine.peresypk@rackspace.com)
Corey Bryant (corey.bryant@canonical.com)
Cory Wright (cory.wright@rackspace.com)
Cristian A Sanchez (cristian.a.sanchez@intel.com)
Cyril Roelandt (cyril@redhat.com)
Dae S. Kim (dae@velatum.com)
Daisuke Morita (morita.daisuke@ntti3.com)
Dan Dillinger (dan.dillinger@sonian.net)
@ -152,6 +154,7 @@ Eugene Kirpichov (ekirpichov@gmail.com)
Ewan Mellor (ewan.mellor@citrix.com)
Fabien Boucher (fabien.boucher@enovance.com)
Falk Reimann (falk.reimann@sap.com)
FatemaKhalid (fatemakhalid96@gmail.com)
Felipe Reyes (freyes@tty.cl)
Ferenc Horváth (hferenc@inf.u-szeged.hu)
Filippo Giunchedi (fgiunchedi@wikimedia.org)
@ -329,10 +332,12 @@ Ricardo Ferreira (ricardo.sff@gmail.com)
Richard Hawkins (richard.hawkins@rackspace.com)
Robert Francis (robefran@ca.ibm.com)
Robin Naundorf (r.naundorf@fh-muenster.de)
Romain de Joux (romain.de-joux@corp.ovh.com)
Romain Le Disez (romain.ledisez@ovh.net)
Russ Nelson (russ@crynwr.com)
Russell Bryant (rbryant@redhat.com)
Sachin Patil (psachin@redhat.com)
Sam Morrison (sorrison@gmail.com)
Samuel Merritt (sam@swiftstack.com)
Sarafraj Singh (Sarafraj.Singh@intel.com)
Sarvesh Ranjan (saranjan@cisco.com)
@ -359,7 +364,7 @@ Sushil Kumar (sushil.kumar2@globallogic.com)
Takashi Kajinami (kajinamit@nttdata.co.jp)
Takashi Natsume (natsume.takashi@lab.ntt.co.jp)
TheSriram (sriram@klusterkloud.com)
Thiago da Silva (thiago@redhat.com)
Thiago da Silva (thiagodasilva@gmail.com)
Thierry Carrez (thierry@openstack.org)
Thomas Goirand (thomas@goirand.fr)
Thomas Herve (therve@redhat.com)
@ -392,11 +397,13 @@ wangdequn (wangdequn@inspur.com)
wanghongtaozz (wanghongtaozz@inspur.com)
wanghui (wang_hui@inspur.com)
wangqi (wang.qi@99cloud.net)
whoami-rajat (rajatdhasmana@gmail.com)
Wu Wenxiang (wu.wenxiang@99cloud.net)
Wyllys Ingersoll (wyllys.ingersoll@evault.com)
xhancar (pavel.hancar@gmail.com)
XieYingYun (smokony@sina.com)
Yaguang Wang (yaguang.wang@intel.com)
yanghuichan (yanghc@fiberhome.com)
Yatin Kumbhare (yatinkumbhare@gmail.com)
Ye Jia Xu (xyj.asmy@gmail.com)
Yee (mail.zhang.yee@gmail.com)
@ -406,6 +413,7 @@ yuhui_inspur (yuhui@inspur.com)
Yummy Bian (yummy.bian@gmail.com)
Yuriy Taraday (yorik.sar@gmail.com)
Yushiro FURUKAWA (y.furukawa_2@jp.fujitsu.com)
Yuxin Wang (wang.yuxin@ostorage.com.cn)
Zack M. Davis (zdavis@swiftstack.com)
Zap Chang (zapchang@gmail.com)
Zhang Guoqing (zhang.guoqing@99cloud.net)
@ -418,7 +426,8 @@ Zheng Yao (zheng.yao1@zte.com.cn)
zheng yin (yin.zheng@easystack.cn)
Zhenguo Niu (zhenguo@unitedstack.com)
zhengwei6082 (zhengwei6082@fiberhome.com)
ZhijunWei (wzj334965317@outlook.com)
ZhiQiang Fan (aji.zqfan@gmail.com)
Zhongyue Luo (zhongyue.nah@intel.com)
zhufl (zhu.fanglei@zte.com.cn)
Виль Суркин (vills@vills-pro.local)
zhulingjie (easyzlj@gmail.com)

106
CHANGELOG
View File

@ -1,3 +1,109 @@
swift (2.20.0)
* S3 API compatibility updates
* Swift can now cache the S3 secret from Keystone to use for
subsequent requests. This functionality is disabled by default but
can be enabled by setting the `secret_cache_duration` in the s3token
section of the proxy server config to a number greater than 0.
* s3api now mimics the AWS S3 behavior of periodically sending
whitespace characters on a Complete Multipart Upload request to keep
the connection from timing out. Note that since a request could fail
after the initial 200 OK response has been sent, it is important to
check the response body to determine if the request succeeded.
* s3api now properly handles x-amz-metadata-directive headers on
COPY operations.
* s3api now uses concurrency (default 2) to handle multi-delete
requests. This allows multi-delete requests to be processed much
more quickly.
* s3api now mimics some forms of AWS server-side encryption
based on whether Swift's at-rest encryption functionality is enabled.
Note that S3 API users are now able to know more about how the
cluster is configured than they were previously, ie knowledge of
encryption at-rest functionality being enabled or not.
* s3api responses now include a '-' in multipart ETags.
For new multipart-uploads via the S3 API, the ETag that is
stored will be calculated in the same way that AWS uses. This
ETag will be used in GET/HEAD responses, bucket listings, and
conditional requests via the S3 API. Accessing the same object
via the Swift API will use the SLO Etag; however, in JSON
container listings the multipart upload etag will be exposed
in a new "s3_etag" key. Previously, some S3 clients would complain
about download corruption when the ETag did not have a '-'.
* S3 ETag for SLOs now include a '-'.
Ordinary objects in S3 use the MD5 of the object as the ETag,
just like Swift. Multipart Uploads follow a different format, notably
including a dash followed by the number of segments. To that end
(and for S3 API requests *only*), SLO responses via the S3 API have a
literal '-N' added on the end of the ETag.
* The default location is now set to "us-east-1". This is more likely
to be the default region that a client will try when using v4
signatures.
Deployers with clusters that relied on the old implicit default
location of "US" should explicitly set `location = US` in the
`[filter:s3api]` section of proxy-server.conf before upgrading.
* Add basic support for ?versions bucket listings. We still do not
have support for toggling S3 bucket versioning, but we can at least
support getting the latest versions of all objects.
* Fixed an issue with SSYNC requests to ensure that only one request
can be running on a partition at a time.
* Data encryption updates
* The kmip_keymaster middleware can now be configured directly in the
proxy-server config file. The existing behavior of using an external
config file is still supported.
* Multiple keymaster middlewares are now supported. This allows
migration from one key provider to another.
Note that secret_id values must remain unique across all keymasters
in a given pipeline. If they are not unique, the right-most keymaster
will take precedence.
When looking for the active root secret, only the right-most
keymaster is used.
* Prevent PyKMIP's kmip_protocol logger from logging at DEBUG.
Previously, some versions of PyKMIP would include all wire
data when the root logger was configured to log at DEBUG; this
could expose key material in logs. Only the kmip_keymaster was
affected.
* Fixed an issue where a failed drive could prevent the container sharder
from making progress.
* Storage policy definitions in swift.conf can now define the diskfile
to use to access objects. See the included swift.conf-sample file for
a description of usage.
* The EC reconstructor will now attempt to remove empty directories
immediately, while the inodes are still cached, rather than waiting
until the next run.
* Added a keep_idle config option to configure KEEPIDLE time for TCP
sockets. The default value is the old constant of 600.
* Add databases_per_second to the account-replicator,
container-replicator, and container-sharder. This prevents them from
using a full CPU core when they are not IO limited.
* Allow direct_client users to overwrite the X-Timestamp header.
* Various other minor bug fixes and improvements.
swift (2.19.0, OpenStack Rocky)
* TempURLs now support IP range restrictions. Please see

View File

@ -0,0 +1,116 @@
---
features:
- |
S3 API compatibility updates
- Swift can now cache the S3 secret from Keystone to use for
subsequent requests. This functionality is disabled by default but
can be enabled by setting the ``secret_cache_duration`` in the
``[filter:s3token]`` section of the proxy server config to a number
greater than 0.
- s3api now mimics the AWS S3 behavior of periodically sending
whitespace characters on a Complete Multipart Upload request to keep
the connection from timing out. Note that since a request could fail
after the initial 200 OK response has been sent, it is important to
check the response body to determine if the request succeeded.
- s3api now properly handles ``x-amz-metadata-directive`` headers on
COPY operations.
- s3api now uses concurrency (default 2) to handle multi-delete
requests. This allows multi-delete requests to be processed much
more quickly.
- s3api now mimics some forms of AWS server-side encryption
based on whether Swift's at-rest encryption functionality is enabled.
Note that S3 API users are now able to know more about how the
cluster is configured than they were previously, ie knowledge of
encryption at-rest functionality being enabled or not.
- s3api responses now include a '-' in multipart ETags.
For new multipart-uploads via the S3 API, the ETag that is
stored will be calculated in the same way that AWS uses. This
ETag will be used in GET/HEAD responses, bucket listings, and
conditional requests via the S3 API. Accessing the same object
via the Swift API will use the SLO Etag; however, in JSON
container listings the multipart upload etag will be exposed
in a new "s3_etag" key. Previously, some S3 clients would complain
about download corruption when the ETag did not have a '-'.
- S3 ETag for SLOs now include a '-'.
Ordinary objects in S3 use the MD5 of the object as the ETag,
just like Swift. Multipart Uploads follow a different format, notably
including a dash followed by the number of segments. To that end
(and for S3 API requests *only*), SLO responses via the S3 API have a
literal '-N' added on the end of the ETag.
- The default location is now set to "us-east-1". This is more likely
to be the default region that a client will try when using v4
signatures.
Deployers with clusters that relied on the old implicit default
location of "US" should explicitly set ``location = US`` in the
``[filter:s3api]`` section of proxy-server.conf before upgrading.
- Add basic support for ?versions bucket listings. We still do not
have support for toggling S3 bucket versioning, but we can at least
support getting the latest versions of all objects.
- |
Fixed an issue with SSYNC requests to ensure that only one request
can be running on a partition at a time.
- |
Data encryption updates
- The ``kmip_keymaster`` middleware can now be configured directly in the
proxy-server config file. The existing behavior of using an external
config file is still supported.
- Multiple keymaster middlewares are now supported. This allows
migration from one key provider to another.
Note that ``secret_id`` values must remain unique across all keymasters
in a given pipeline. If they are not unique, the right-most keymaster
will take precedence.
When looking for the active root secret, only the right-most
keymaster is used.
- Prevent PyKMIP's kmip_protocol logger from logging at DEBUG.
Previously, some versions of PyKMIP would include all wire
data when the root logger was configured to log at DEBUG; this
could expose key material in logs. Only the ``kmip_keymaster`` was
affected.
- |
Fixed an issue where a failed drive could prevent the container sharder
from making progress.
- |
Storage policy definitions in swift.conf can now define the diskfile
to use to access objects. See the included swift.conf-sample file for
a description of usage.
- |
The EC reconstructor will now attempt to remove empty directories
immediately, while the inodes are still cached, rather than waiting
until the next run.
- |
Added a ``keep_idle`` config option to configure KEEPIDLE time for TCP
sockets. The default value is the old constant of 600.
- |
Add ``databases_per_second`` to the account-replicator,
container-replicator, and container-sharder. This prevents them from
using a full CPU core when they are not IO limited.
- |
Allow direct_client users to overwrite the ``X-Timestamp`` header.
- |
Various other minor bug fixes and improvements.