Current (Unreleased) Release Notes

2.34.0-119

New Features

  • Account listings now include storage policy information for the containers listed.

  • Added a new object-expirer configuration option, round_robin_task_cache_size, to adjust the number of tasks to cache before processing. This may be used to trade faster expirer start-up for more lumpy container-server load.

  • Added a stale_worker_timeout configuration option to the WSGI servers. Once this time elapses following a reload, the manager process will issue SIGKILLs to any remaining stale workers.

  • Object updater observability improvements:

    • Added last start time to recon dumps as object_updater_last.

    • Added information (including target account/container) from oldest failed updates to recon dumps, both per-device and aggregated for the node. Use the new async_tracker_max_entries and async_tracker_dump_count options to adjust how many records to collect.

  • Added the option to tune down ETag validation in the object-server during full-object reads. By default, every full read will continue to have its ETag validated as bytes are streamed to the proxy-server. The etag_validate_pct option may be used to configure approximately what percentage of full-object reads should be validated; reducing this can improve performance when object-servers are CPU-constrained.

    Partial reads continue to never have their ETag validated in the object-server. The object-auditor continues to periodically validate every object’s ETag.

Deprecation Notes

  • The object-expirer configuration options expiring_objects_container_divisor and expiring_objects_account_name are now deprecated.

    If a cluster was deployed with a non-standard account name, operators should remove the option from all configs so they are using a supported configuration going forward, but will need to deploy stand-alone expirer processes with legacy expirer config to clean-up old expiration tasks from the previously configured account name.

Bug Fixes

  • Removed the use of eval in the xprofile middleware. Note that this middleware is only intended for development purposes and is not intended for use in production systems.

  • The S3 API no longer requires a Content-MD5 header for DeleteObjects requests when using v4 signatures.

  • Uploads to containers with object versioning enabled now require a Content-Length or Transfer-Encoding: chunked header, similar to other containers.

  • Fixed a server error when deleting a specific version via the S3 API.

  • X-Open-Expired now works properly with ?part-number requests.

  • Fixed Content-Type and Content-Length headers in account and container HEAD responses (with eventlet>=0.38.0).

  • Object expiration fixes:

    • The object-expirer now better handles errors during listings.

    • The object-expirer now respects the internal_client_conf_path configuration option in legacy object-expirer.conf configs.

  • Improved the reliability of swift-reload.

  • Separated unlinks-due-to-outdated-updates from unlinks-due-to-fully-processed-updates in logged object-updater stats.

  • The cooperative_period option for the object-server now affects PUT requests in a way similar to GET responses.

  • Fixed an issue with the object-reconstructor that would prevent reconstruction of objects with non-ASCII header names.

  • Fixed an issue with the container-reconciler that could cause reconciler databases to have conflicting rows that could not be resolved.

  • Removed use of the deprecated cgi module.

  • Various other minor bug fixes and improvements.

2.34.0

New Features

  • Middleware features:

    • The static large object (SLO) middleware now supports including a ?part-number=<N> query parameter to request just part of a large object. This may be used to enable efficient parallel downloads. For more information, see the documentation.

    • The S3 API middleware now supports the ?partNumber=<N> query parameter, enabling parallel downloads.

    • The KMS keymaster now supports overriding the endpoint returned in the Keystone catalog via the barbican_endpoint configuration option. This may be useful in multi-region deployments which have multiple endpoints.

    • The backend ratelimiter now supports dynamic reloading of limits. The new configuration options backend_ratelimit_conf_path and config_reload_interval control which file is reloaded and how frequently, respectively.

    • The backend ratelimiter now supports per-method, per-device ratelimits. See etc/backend-ratelimit.conf-sample for more information.

    • The account quota middleware now supports object-count quotas in addition to byte-count quotas, similar to the container quota middleware. For more information, see the documentation.

  • Object expiration improvements:

    • Added per-account and per-container reaping delays. These may be used to offer some grace period in which to recover expired objects.

    • Added a proxy-server configuration option: allow_open_expired. This defaults to false; if true, clients may intereact with expired objects by including an X-Open-Expired: true header in GET, HEAD, or POST requests.

    • Expiring object queue entries now include the size of the object to be expired in the swift_expirer_bytes parameter of the queue entry’s content-type.

    • Added metrics to count skipped, delayed, and assigned tasks as they’re enumerated.

  • S3 API error response reasons are now logged as part of the log_info field. This can be especially useful when diagnosing HEAD failures, which necessarily have no response body.

  • Python 3.12 is now supported.

  • swift-account-info now supports the --sync option to display the contents of the incoming and outgoing sync tables, similar to swift-container-info.

  • The swift-drive-audit tool now works with ISO timestamps in kernel logs.

Upgrade Notes

  • Dependency update: lxml must be at least 4.2.3.

Deprecation Notes

  • Overall account byte quotas should now be set with the X-Account-Quota-Bytes header. The X-Account-Meta-Quota-Bytes header is now deprecated.

Bug Fixes

  • S3 API fixes:

    • Fixed a server error when using non-ASCII access key IDs.

    • Fixed several checksum-related error responses to be more AWS-like.

  • Using an X-Remove-Account-Quota-Bytes-Policy-<policy name> header now removes the per-policy quota, rather than reducing it to zero.

  • Proxy-server fixes:

    • Object POSTs now 503 rather than trusting the 404s that might be returned from handoffs when primaries are overloaded.

    • Client disconnects should always be logged within the context of the appropriate client request. Previously, there were some cases where logging would occur during general garbage collection, leading to incorrect or missing transaction IDs in logs.

    • The proxy-logging middleware now emits timing and transfer stats for more requests such as auth requests. These will be labeled UNKNOWN rather than account, container, etc.

    • Fixed a server error when the Swift request path has missing account or container components.

  • EUCLEAN errors are better handled on the object server.

  • The swift-recon-cron tool now better handles missing directories.

  • Various other minor bug fixes and improvements.