diff options
author | John Dickinson <me@not.mn> | 2018-12-12 10:21:07 -0800 |
---|---|---|
committer | Tim Burke <tim@swiftstack.com> | 2018-12-15 00:21:47 +0000 |
commit | fbad538d21688c6e76f2196bd599ff1b22f12582 (patch) | |
tree | b1b8f9038210421bc7ce35b7ed635d6f1ea50847 /releasenotes | |
parent | b9d2c08e8d37fd1507ef27c1d641aec6b23ca312 (diff) | |
download | swift-fbad538d21688c6e76f2196bd599ff1b22f12582.tar.gz |
authors/changelog for 2.20.0 release
Change-Id: I149cb14cbfef456b6368564dae8529faf430333d
Diffstat (limited to 'releasenotes')
-rw-r--r-- | releasenotes/notes/2_20_0_release-7b090a5f4bd916e4.yaml | 116 |
1 files changed, 116 insertions, 0 deletions
diff --git a/releasenotes/notes/2_20_0_release-7b090a5f4bd916e4.yaml b/releasenotes/notes/2_20_0_release-7b090a5f4bd916e4.yaml new file mode 100644 index 000000000..7d15183f3 --- /dev/null +++ b/releasenotes/notes/2_20_0_release-7b090a5f4bd916e4.yaml @@ -0,0 +1,116 @@ +--- +features: + - | + S3 API compatibility updates + + - Swift can now cache the S3 secret from Keystone to use for + subsequent requests. This functionality is disabled by default but + can be enabled by setting the ``secret_cache_duration`` in the + ``[filter:s3token]`` section of the proxy server config to a number + greater than 0. + + - s3api now mimics the AWS S3 behavior of periodically sending + whitespace characters on a Complete Multipart Upload request to keep + the connection from timing out. Note that since a request could fail + after the initial 200 OK response has been sent, it is important to + check the response body to determine if the request succeeded. + + - s3api now properly handles ``x-amz-metadata-directive`` headers on + COPY operations. + + - s3api now uses concurrency (default 2) to handle multi-delete + requests. This allows multi-delete requests to be processed much + more quickly. + + - s3api now mimics some forms of AWS server-side encryption + based on whether Swift's at-rest encryption functionality is enabled. + Note that S3 API users are now able to know more about how the + cluster is configured than they were previously, ie knowledge of + encryption at-rest functionality being enabled or not. + + - s3api responses now include a '-' in multipart ETags. + + For new multipart-uploads via the S3 API, the ETag that is + stored will be calculated in the same way that AWS uses. This + ETag will be used in GET/HEAD responses, bucket listings, and + conditional requests via the S3 API. Accessing the same object + via the Swift API will use the SLO Etag; however, in JSON + container listings the multipart upload etag will be exposed + in a new "s3_etag" key. Previously, some S3 clients would complain + about download corruption when the ETag did not have a '-'. + + - S3 ETag for SLOs now include a '-'. + + Ordinary objects in S3 use the MD5 of the object as the ETag, + just like Swift. Multipart Uploads follow a different format, notably + including a dash followed by the number of segments. To that end + (and for S3 API requests *only*), SLO responses via the S3 API have a + literal '-N' added on the end of the ETag. + + - The default location is now set to "us-east-1". This is more likely + to be the default region that a client will try when using v4 + signatures. + + Deployers with clusters that relied on the old implicit default + location of "US" should explicitly set ``location = US`` in the + ``[filter:s3api]`` section of proxy-server.conf before upgrading. + + - Add basic support for ?versions bucket listings. We still do not + have support for toggling S3 bucket versioning, but we can at least + support getting the latest versions of all objects. + + - | + Fixed an issue with SSYNC requests to ensure that only one request + can be running on a partition at a time. + + - | + Data encryption updates + + - The ``kmip_keymaster`` middleware can now be configured directly in the + proxy-server config file. The existing behavior of using an external + config file is still supported. + + - Multiple keymaster middlewares are now supported. This allows + migration from one key provider to another. + + Note that ``secret_id`` values must remain unique across all keymasters + in a given pipeline. If they are not unique, the right-most keymaster + will take precedence. + + When looking for the active root secret, only the right-most + keymaster is used. + + - Prevent PyKMIP's kmip_protocol logger from logging at DEBUG. + Previously, some versions of PyKMIP would include all wire + data when the root logger was configured to log at DEBUG; this + could expose key material in logs. Only the ``kmip_keymaster`` was + affected. + + - | + Fixed an issue where a failed drive could prevent the container sharder + from making progress. + + - | + Storage policy definitions in swift.conf can now define the diskfile + to use to access objects. See the included swift.conf-sample file for + a description of usage. + + - | + The EC reconstructor will now attempt to remove empty directories + immediately, while the inodes are still cached, rather than waiting + until the next run. + + - | + Added a ``keep_idle`` config option to configure KEEPIDLE time for TCP + sockets. The default value is the old constant of 600. + + - | + Add ``databases_per_second`` to the account-replicator, + container-replicator, and container-sharder. This prevents them from + using a full CPU core when they are not IO limited. + + - | + Allow direct_client users to overwrite the ``X-Timestamp`` header. + + - | + Various other minor bug fixes and improvements. |