openstack/swift - swift - OpenDev: Free Software Needs Free Tools

Change-Id: I3327c915b3b868bb1829103adb718632e58b1b4a

Change-Id: I839c2af9e524f712e6fbeb8bf74d860af1d243e2

When the number of account/container or container/object replicas are
different, Swift had a few misbehaviors. This commit fixes them.
* On an object PUT/POST/DELETE, if there were 3 object replicas and
 only 2 container replicas, then only 2 requests would be made to
 object servers. Now, 3 requests will be made, but the third won't
 have any X-Container-* headers in it.
* On an object PUT/POST/DELETE, if there were 3 object replicas and 4
 container replicas, then only 3/4 container servers would receive
 immediate updates; the fourth would be ignored. Now one of the
 object servers will receive multiple (comma-separated) values in the
 X-Container-* headers and it will attempt to contact both of them.
 One side effect is that multiple async_pendings may be written for
 updates to the same object. They'll have differing timestamps,
 though, so all but the newest will be deleted unread. To trigger
 this behavior, you have to have more container replicas than object
 replicas, 2 or more of the container servers must be down, and the
 headers sent to one object server must reference 2 or more down
 container servers; it's unlikely enough and the consequences are so
 minor that it didn't seem worth fixing.
The situation with account/containers is analogous, only without the
async_pendings.
Change-Id: I98bc2de93fb6b2346d6de1d764213d7563653e8d

This commit makes that AuditorWorker gets a logger from ObjectAuditor class
(instead of creating new one) so the auditor uses minimum unix-sockets.
Fixes: bug #1089215
Change-Id: Ia47d862cbe7505db821784b01fcce6f22196e79f

If the object replicator couldn't create a device's object directory
(due to permissions or whatever) it wouldn't do any work at all. This
fixes that.
Change-Id: I6a30439d036b29c9cfdb660428d13668e0dc8632

Unfortunately, SQLite truncates strings with null characters.
Additionally, XML pretty much hates them too.
Change-Id: Id9a8eaa27b841db6350d6959c202d3e3d6462b35

I've been doing this with cluster-wide log searches for far too long.
This adds support for reporting the oldest replication pass
completion as well as the most recent. This is quite useful for
finding those odd replicators that have hung up for some reason and
need intervention.
Change-Id: I7fd7260eca162d6b085f3e82aaa3cf90670f2d53

If a middleware (swift3, I'm looking at you), doesn't pass a Request
object into the Response constructor, Response._response_iter cannot
know to send zero bytes in the body of the HEAD response.
This patch fixes this usage of swob by making Response.__call__
helpfully reify self.request from env if it wasn't already set by the
Response object's constructor.
This fixes a bug in swift3 + swob-enabled-Swift where HEAD requests to
swift3 resulted in a response with a body in violation of the relevant
RFC and confusing clients.
Thanks to kostecky for finding the bug and describing it accurately.
Change-Id: I2bdb098052b161e1cddf1e4e482ab4dfafeb18c0

This change allows other auth systems to test against the functests but not
require them to support x-storage-token (which was deprecated before swift
was even open-sourced). All other places in the code where x-storage-token is
used is only to populate x-auth-token if x-auth-token doesn't already exist.
Change-Id: Ie903d0f7135fc643353b74a61c14becf7dfc4d9d

Change-Id: If2bd1d4a850936b2e575a96073c116a8b9522602

This functionality was lost with the swob change, but is back now.
Change-Id: I13b3154080a7c601235711b274e4899efb6adc93

Change-Id: I3bad8c2995d4daf1e7798fae2c59b409608cbc45

Change-Id: I413d8bb9cbdea1f67ab2649ab0cc4a05a7a65883

Fixes bug 1089140.
Turns out that if an exception bails out of the pickle loading (eg.
zero-byte hahes_file), the if clause to determine whether or not to
write out a fresh hashes_file can evaluate to false, leading to an
infinite loop.
This patch fixes this infinite loop generally, by ensuring that if any
exception is thrown, a new hashes_file is written.
Change-Id: I344c5f8e261ce7c667bdafe1687263a4150b21dc

Currently the timeout for a wsgi server successfully binding to a port
and for a probetest background service to finish starting are hard coded
to 30 seconds. While a reasonable default for most configurations, a
small virtualized environment may need a little more time in order for
probe tests to complete successfully.
This patch adds a 'bind_timeout' option to the DEFAULT section of the
main wsgi servers' config. Also a new [probe_test] section and
'check_server_timeout' option to test.conf
DocImpact
Change-Id: Ibcaff153c7633bbf32e460fd9dbf04932eddb56f

This change makes the dots prettier during probetests
When calling the resetswift script, the probetests will use subprocess
to redirect stderr to stdout and capture stdout into a buffer. We print
the captured buffer from resetswift's combined stdout/stderr and let
nosetests stdout capturing handle printing the output for debug only if a
test fails.
Change-Id: I022512f2ef5a4c43b0e49264bad1bca98c1f0299

A deployer may want to remove a Swift node from a load balancer for
maintenance or upgrade. This patch provides an optional mechanism for
this. The healthcheck filter config can specify "disable_path" which is
a filesystem path. If a file is present at that location, the
healthcheck middleware returns a 503 with a body of "DISABLED BY FILE".
So a deployer can configure "disable_path" and then touch that
filesystem path, wait for the proxy to be removed from the load balancer
pool, perform maintenance/upgrade, and then remove the "disable_path"
file.
Also cleaned up the conf file man pages a bit.
Change-Id: I1759c78c74910a54c720f298d4d8e6fa57a4dab4

E.g. if HOME is not set, swift-proxy will create the
keystone_signing file not in HOME but in /root.
This is because the swift user doesn't have a shell
in /etc/passwd and so it doesn't set environment variables
when impersonating.
Change-Id: I3013007e0dadf6ddccc176e142b7c78c5d63a351

The container and account servers should respond with 406 if the Accept header
isn't satisfiable. This behavior is defined in RFC 2616 section 14.1.
Change-Id: I8a67ccafe33dc70ef4f7794686a54fbc8581f4dc

Change-Id: I7cfe77b3f03172814814f2e2bae04a3ae184efb0

It was discovered that uploading items with ? in their names (encoded
with %3F of course) made Swob fail in that it trimmed off everything
after the ? as if it were a query string.
Change-Id: Ie686db9a2177aafad2e77c307ffc3f446646fbb5

path_info_pop didn't behave as the webob one did with single segment
paths like /one and with root-only paths /
Now it should.
Change-Id: Ib88344de386ab9e8975e7f48c1afc47731992ee2

Change-Id: I824ba5f231e252b923abc895f757137855a93d3a

Bug 1079439
Change-Id: I1985a7176f34931ecb0f24c0289f18df5e934598

The determination of the client IP looked at the X-Cluster-Client-Ip
and X-Forwarded-For headers in the incoming HTTP request. This is
trivially spoofable by a malicious client, so there's no security
gained by having the check there.
Worse, having the check there provides a false sense of security to
cluster operators. It sounds like it's based on the client IP, so an
attacker would have to do IP spoofing to defeat it. However, it's
really just a shared secret, and there's already a secret key set
up. Basically, it looks like 2-factor auth (IP+key), but it's really
1-factor (key).
Now, the one case where this might provide some security is where the
Swift cluster is behind an external load balancer that strips off the
X-Cluster-Client-Ip and X-Forwarded-For headers and substitutes its
own. I don't think it's worth the tradeoff, hence this commit.
Fixes bug 1068420 for very small values of "fixes".
DocImpact
Change-Id: I2bef64c2e1e4df8a612a5531a35721202deb6964

When responding to a GET request for a manifest, it was intended that
the proxy server lazily fetch the pieces of the container
listing. That way, a single client request doesn't immediately turn
into a bunch of requests to backends. The additional requests should
only get made if the client is putting in the work of receiving the
object body.
However, commit 156f27c accidentally changed this so that all the
pieces of the container listing are eagerly fetched up-front. Better
yet, if an object has more than CONTAINER_LISTING_LIMIT (default
10,000) segments, the container listing is then fetched a second time,
albeit lazily, while streaming out the response.
This commit restores the laziness and adds tests for it.
Change-Id: I49840a7059e6f999ce19199ecb10cdb77358526b

We use a delta timeout value for timeouts under 30 days (in seconds)
since that is the limit which the memcached protocols will recognize a
timeout as a delta. Greater than 30 days and it interprets it as an
absolute time in seconds since the epoch.
This helps to address an often difficult-to-debug problem of time
drift between memcache clients and the memcache servers. Prior to this
change, if a client's time drifts behind the servers, short timeouts
run the danger of not being cached at all. If a client's time drifts
ahead of the servers, short timeouts run the danger of persisting too
long. Using delta's avoids this affect. For absolute timeouts 30 days
or more in the future small time drifts between clients and servers
are inconsequential.
See also bug 1076148 (https://bugs.launchpad.net/swift/+bug/1076148).
This also fixes incr and decr to handle timeout values in the same way
timeouts are handled for set operations.
Change-Id: Ie36dbcedfe9b4db9f77ed4ea9b70ff86c5773310
Signed-off-by: Peter Portante <peter.portante@redhat.com>

roundrobin_datadirs was returning any .db file at any depth in the
accounts/containers structure. Since xfs corruption can cause such
files to appear in odd places at times (only happened on one drive of
ours so far, but still...), I've refactored this function to only
return .db files at the proper depth.
Change-Id: Id06ef6584941f8a572e286f69dfa3d96fe451355

The current catch_errors (ie without this patch) relinquishes control
before the underlying middleware/app has been evaluated. This results
in not catching errors in the stack when they occur in either the
start_response or in generating the first chunk sent to the client of
the underlying stack.
Change-Id: Iecd21e4fc7e30fa20239d011f69216354b50baf1

This set of changes reworks the DiskFile class to remove the "extension"
parameter from the put() method, offering the new put_metadata() method with
an optional tombstone keyword boolean, and changes the mkstemp method to only
return the file descriptor.
Reviewing the code it was found that the temporary file name created as a
result of calling DiskFile.mkstemp() was never used by the caller, but the
caller was responsible for passing it back to the DiskFile.put() method. That
seems like too much information is exposed to the caller, when all the caller
requires is the file descriptor to write data into it.
Upon further review, the mkstemp() method was used in three places: PUT, POST
and DELETE method handling. Of those three cases, only PUT requires the file
descriptor, since it is responsible for writing the object contents. For POST
and DELETE, DiskFile only needs to associate metadata with the correct file
name. We abstract the pattern that those two use (once we also refactor the
code to move the fetch of the delete-at metadata, and subsequent
delete-at-update initiation, from under the mkstemp context) by adding the new
put_metadata() method.
As a result, the DiskFile class is then free to do whatever file system
operations it must to meet the API, without the caller having to know more
than just how to write data to a file descriptor. Note that DiskFile itself
key'd off of the '.ts' and '.meta' extensions for its operations, and for that
to work properly, the caller had to know to use those correctly. With this
change, the caller has no knowledge of how the file system is being used to
accomplish data and metadata storage.
See also Question 213796 at:
 https://answers.launchpad.net/swift/+question/213796
Change-Id: I267f68e64391ba627b2a13682393bec62600159d
Signed-off-by: Peter Portante <peter.portante@redhat.com>

Most of the test files set the HASH_PATH_SUFFIX so you can run the test
file stand alone. This change made it easier for me to run specific
proxy tests separately.
Change-Id: I87d70367dac7f240a2b6779649f8a02cf324ae0f