1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
|
---
features:
- |
``swift-manage-shard-ranges`` improvements:
* Exit codes are now applied more consistently:
- 0 for success
- 1 for an unexpected outcome
- 2 for invalid options
- 3 for user exit
As a result, some errors that previously resulted in exit code 2
will now exit with code 1.
* Added a new 'repair' command to automatically identify and
optionally resolve overlapping shard ranges.
* Added a new 'analyze' command to automatically identify overlapping
shard ranges and recommend a resolution based on a JSON listing
of shard ranges such as produced by the 'show' command.
* Added a ``--includes`` option for the 'show' command to only output
shard ranges that may include a given object name.
* Added a ``--dry-run`` option for the 'compact' command.
* The 'compact' command now outputs the total number of compactible
sequences.
- |
Partition power increase improvements:
* The relinker now spawns multiple subprocesses to process disks
in parallel. By default, one worker is spawned per disk; use the
new ``--workers`` option to control how many subprocesses are used.
Use ``--workers=0`` to maintain the previous behavior.
* The relinker can now target specific storage policies or
partitions by using the new ``--policy`` and ``--partition``
options.
- |
More daemons now support systemd notify sockets.
- |
The container-reconciler now scales out better with new ``processes``,
``process``, and ``concurrency`` options, similar to the object-expirer.
deprecations:
- |
Container sharding deprecations:
* Added a new config option, ``shrink_threshold``, to specify the
absolute size below which a shard will be considered for shrinking.
This overrides the ``shard_shrink_point`` configuration option, which
expressed this as a percentage of ``shard_container_threshold``.
``shard_shrink_point`` is now deprecated.
* Similar to above, ``expansion_limit`` was added as an absolute-size
replacement for the now-deprecated ``shard_shrink_merge_point``
configuration option.
fixes:
- |
Sharding improvements:
* When building a listing from shards, any failure to retrieve
listings will result in a 503 response. Previously, failures
fetching a partiucular shard would result in a gap in listings.
* Container-server logs now include the shard path in the referer
field when receiving stat updates.
* Added a new config option, ``rows_per_shard``, to specify how many
objects should be in each shard when scanning for ranges. The default
is ``shard_container_threshold / 2``, preserving existing behavior.
* Added a new config option, ``minimum_shard_size``. When scanning
for shard ranges, if the final shard would otherwise contain
fewer than this many objects, the previous shard will instead
be expanded to the end of the namespace (and so may contain up
to ``rows_per_shard + minimum_shard_size`` objects). This reduces
the number of small shards generated. The default value is
``rows_per_shard / 5``.
* The sharder now correctly identifies and fails audits for shard
ranges that overlap exactly.
* The sharder and swift-manage-shard-ranges now consider total row
count (instead of just object count) when deciding whether a shard
is a candidate for shrinking.
* If the sharder encounters shard range gaps while cleaving, it will
now log an error and halt sharding progress. Previously, rows may
not have been moved properly, leading to data loss.
* Sharding cycle time and last-completion time are now available via
swift-recon.
* Fixed an issue where resolving overlapping shard ranges via shrinking
could prematurely mark created or cleaved shards as active.
- |
S3 API improvements:
* Added an option, ``ratelimit_as_client_error``, to return 429s for
rate-limited responses. Several clients/SDKs have seem to support
retries with backoffs on 429, and having it as a client error
cleans up logging and metrics. By default, Swift will respond 503,
matching AWS documentation.
* Fixed a server error in bucket listings when ``s3_acl`` is enabled
and staticweb is configured for the container.
* Fixed a server error when a client exceeds ``client_timeout`` during an
upload. Now, a ``RequestTimeout`` error is correctly returned.
* Fixed a server error when downloading multipart uploads/static large
objects that have missing or inaccessible segments. This is a state
that cannot arise in AWS, so a new ``BrokenMPU`` error is returned,
indicating that retrying the request is unlikely to succeed.
* Fixed several issues with the prefix, marker, and delimiter
parameters that would be mirrored back to clients when listing
buckets.
- |
Partition power increase fixes:
* The relinker now performs eventlet-hub selection the same way as
other daemons. In particular, ``epolls`` will no longer be selected,
as it seemed to cause occassional hangs.
* Partitions that encountered errors during relinking are no longer
marked as completed in the relinker state file. This ensures that
a subsequent relink will retry the failed partitions.
* Partition cleanup is more robust, decreasing the likelihood of
leaving behind mostly-empty partitions from the old partition
power.
* Improved relinker progress logging, and started collecting
progress information for swift-recon.
* Cleanup is more robust to files and directories being deleted by
another process.
* The relinker better handles data found from earlier partition power
increases.
* The relinker better handles tombstones found for the same object
but with different inodes.
* The reconciler now defers working on policies that have a partition
power increase in progress to avoid issues with concurrent writes.
- |
Erasure coding fixes:
* Added the ability to quarantine EC fragments that have no (or few)
other fragments in the cluster. A new configuration option,
``quarantine_threshold``, in the reconstructor controls the point at
the fragment will be quarantined; the default (0) will never
quarantine. Only fragments older than ``quarantine_age`` (default:
``reclaim_age``) may be quarantined. Before quarantining, the
reconstructor will attempt to fetch fragments from handoff nodes
in addition to the usual primary nodes; a new ``request_node_count``
option (default ``2 * replicas``) limits the total number of nodes to
contact.
* Added a delay before deleting non-durable data. A new configuration
option, ``commit_window`` in the ``[DEFAULT]`` section of
object-server.conf, adjusts this delay; the default is 60 seconds. This
improves the durability of both back-dated PUTs (from the reconciler or
container-sync, for example) and fresh writes to handoffs by preventing
the reconstructor from deleting data that the object-server was still
writing.
* Improved proxy-server and object-reconstructor logging when data
cannot be reconstructed.
* Fixed an issue where some but not all fragments having metadata
applied could prevent reconstruction of missing fragments.
* Server-side copying of erasure-coded data to a replicated policy no
longer copies EC sysmeta. The previous behavior had no material
effect, but could confuse operators examining data on disk.
- |
Python 3 fixes:
* Fixed a server error when performing a PUT authorized via
tempurl with some proxy pipelines.
* Fixed a server error during GET of a symlink with some proxy
pipelines.
* Fixed an issue with logging setup when /dev/log doesn't exist
or is not a UNIX socket.
- |
The dark-data audit watcher now skips objects younger than a new
configurable ``grace_age`` period. This avoids issues where data
could be flagged, quarantined, or deleted because of listing
consistency issues. The default is one week.
- |
The dark-data audit watcher now requires that all primary locations
for an object's container agree that the data does not appear in
listings to consider data "dark". Previously, a network partition
that left an object node isolated could cause it to quarantine or
delete all of its data.
- |
``EPIPE`` errors no longer log tracebacks.
- |
The account and container auditors now log and update recon before
going to sleep.
- |
The object-expirer logs fewer client disconnects.
- |
``swift-recon-cron`` now includes the last time it was run in the recon
information.
- |
``EIO`` errors during read now cause object diskfiles to be quarantined.
- |
The formpost middleware now properly supports uploading multiple files
with different content-types.
- |
Various other minor bug fixes and improvements.
|
