openstack/swift
Code Issues Proposed changes

Merge branch 'master' into 'feature/hummingbird'

Browse Source 
Change-Id: I7cfe7d6a20966e71c7fd3620ef772d5d3f01a27f
This commit is contained in:
John Dickinson 2016-11-22 14:13:36 -08:00
commit 0c3f8f8710
196 changed files with 14983 additions and 4465 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
.alltests
View File

@ -1,33 +1,22 @@
#!/bin/bash
set -e
TOP_DIR=$(python -c "import os; print os.path.dirname(os.path.realpath('$0'))")
echo "==== Unit tests ===="
resetswift
$TOP_DIR/.unittests $@
rvalue=$?
if [ $rvalue != 0 ] ; then
exit $rvalue
fi
echo "==== Func tests ===="
resetswift
startmain
$TOP_DIR/.functests $@
rvalue=$?
if [ $rvalue != 0 ] ; then
exit $rvalue
fi
echo "==== Probe tests ===="
resetswift
$TOP_DIR/.probetests $@
rvalue=$?
if [ $rvalue != 0 ] ; then
exit $rvalue
fi
echo "All tests runs fine"
exit 0

1
.functests
View File

@ -4,7 +4,6 @@
# SWIFT_TEST_IN_PROCESS=1 tox -e func -- --pdb test.functional.tests.TestFile.testCopy
SRC_DIR=$(python -c "import os; print os.path.dirname(os.path.realpath('$0'))")
set -e
cd ${SRC_DIR}
export TESTS_DIR=${SRC_DIR}/test/functional

3
.mailmap
View File

@ -109,3 +109,6 @@ Kato Tomoyuki <kato.tomoyuki@jp.fujitsu.com>
Liang Jingtao <liang.jingtao@zte.com.cn>
Yu Yafei <yu.yafei@zte.com.cn>
Zheng Yao <zheng.yao1@zte.com.cn>
Paul Dardeau <paul.dardeau@intel.com> <pauldardeau@gmail.com>
Cheng Li <shcli@cn.ibm.com>
Nandini Tata <nandini.tata@intel.com> <nandini.tata.15@gmail.com>

573
AUTHORS
View File

@ -26,290 +26,317 @@ Chuck Thier (cthier@gmail.com)
Contributors
------------
Mehdi Abaakouk (sileht@redhat.com)
Nelson Almeida (nelsonmarcos@gmail.com)
Timur Alperovich (timur.alperovich@gmail.com)
Jesse Andrews (anotherjesse@gmail.com)
Joe Arnold (joe@swiftstack.com)
Ionuț Arțăriși (iartarisi@suse.cz)
Minwoo Bae (minwoob@us.ibm.com)
Bob Ball (bob.ball@citrix.com)
Christopher Bartz (bartz@dkrz.de)
Christian Berendt (berendt@b1-systems.de)
Luis de Bethencourt (luis@debethencourt.com)
Keshava Bharadwaj (kb.sankethi@gmail.com)
Yummy Bian (yummy.bian@gmail.com)
Darrell Bishop (darrell@swiftstack.com)
James E. Blair (jeblair@openstack.org)
Fabien Boucher (fabien.boucher@enovance.com)
Clark Boylan (clark.boylan@gmail.com)
Pádraig Brady (pbrady@redhat.com)
Lorcan Browne (lorcan.browne@hpe.com)
Russell Bryant (rbryant@redhat.com)
Jay S. Bryant (jsbryant@us.ibm.com)
Tim Burke (tim.burke@gmail.com)
Brian D. Burns (iosctr@gmail.com)
Félix Cantournet (felix.cantournet@cloudwatt.com)
Devin Carlen (devin.carlen@gmail.com)
Thierry Carrez (thierry@openstack.org)
Carlos Cavanna (ccavanna@ca.ibm.com)
Emmanuel Cazenave (contact@emcaz.fr)
Mahati Chamarthy (mahati.chamarthy@gmail.com)
Zap Chang (zapchang@gmail.com)
François Charlier (francois.charlier@enovance.com)
Chaozhe Chen (chaozhe.chen@easystack.cn)
Ray Chen (oldsharp@163.com)
Harshit Chitalia (harshit@acelio.com)
Brian Cline (bcline@softlayer.com)
Alistair Coles (alistair.coles@hpe.com)
Clément Contini (ccontini@cloudops.com)
Brian Curtin (brian.curtin@rackspace.com)
Thiago da Silva (thiago@redhat.com)
dangming (dangming@unitedstack.com)
Julien Danjou (julien@danjou.info)
Paul Dardeau (paul.dardeau@intel.com)
Zack M. Davis (zdavis@swiftstack.com)
Ksenia Demina (kdemina@mirantis.com)
Dan Dillinger (dan.dillinger@sonian.net)
Cedric Dos Santos (cedric.dos.sant@gmail.com)
Gerry Drudy (gerry.drudy@hpe.com)
Morgan Fainberg (morgan.fainberg@gmail.com)
ZhiQiang Fan (aji.zqfan@gmail.com)
Oshrit Feder (oshritf@il.ibm.com)
Mike Fedosin (mfedosin@mirantis.com)
Ricardo Ferreira (ricardo.sff@gmail.com)
Flaper Fesp (flaper87@gmail.com)
Tom Fifield (tom@openstack.org)
Florent Flament (florent.flament-ext@cloudwatt.com)
Gaurav B. Gangalwar (gaurav@gluster.com)
Jiangmiao Gao (tolbkni@gmail.com)
Alex Gaynor (alex.gaynor@gmail.com)
Martin Geisler (martin@geisler.net)
Anne Gentle (anne@openstack.org)
Clay Gerrard (clay.gerrard@gmail.com)
Filippo Giunchedi (fgiunchedi@wikimedia.org)
Mark Gius (launchpad@markgius.com)
David Goetz (david.goetz@rackspace.com)
Tushar Gohad (tushar.gohad@intel.com)
Thomas Goirand (thomas@goirand.fr)
Jonathan Gonzalez V (jonathan.abdiel@gmail.com)
Joe Gordon (jogo@cloudscaling.com)
Shashirekha Gundur (shashirekha.j.gundur@intel.com)
ChangBo Guo(gcb) (eric.guo@easystack.cn)
Zhang Guoqing (zhang.guoqing@99cloud.net)
Ankur Gupta (ankur.gupta@intel.com)
David Hadas (davidh@il.ibm.com)
Andrew Hale (andy@wwwdata.eu)
Soren Hansen (soren@linux2go.dk)
Richard Hawkins (richard.hawkins@rackspace.com)
Gregory Haynes (greg@greghaynes.net)
Doug Hellmann (doug.hellmann@dreamhost.com)
Dan Hersam (dan.hersam@hp.com)
hgangwx (hgangwx@cn.ibm.com)
Derek Higgins (derekh@redhat.com)
Jonathan Hinson (jlhinson@us.ibm.com)
Alex Holden (alex@alexjonasholden.com)
Edward Hope-Morley (opentastic@gmail.com)
Ferenc Horváth (hferenc@inf.u-szeged.hu)
Charles Hsu (charles0126@gmail.com)
Joanna H. Huang (joanna.huitzu.huang@gmail.com)
Kun Huang (gareth@unitedstack.com)
Bill Huber (wbhuber@us.ibm.com)
Gage Hugo (gh159m@att.com)
Matthieu Huin (mhu@enovance.com)
Hodong Hwang (hodong.hwang@kt.com)
Motonobu Ichimura (motonobu@gmail.com)
Andreas Jaeger (aj@suse.de)
Shri Javadekar (shrinand@maginatics.com)
Iryoung Jeong (iryoung@gmail.com)
Paul Jimenez (pj@place.org)
Liang Jingtao (liang.jingtao@zte.com.cn)
Zhang Jinnan (ben.os@99cloud.net)
Jason Johnson (jajohnson@softlayer.com)
Brian K. Jones (bkjones@gmail.com)
Arnaud JOST (arnaud.jost@ovh.net)
Kiyoung Jung (kiyoung.jung@kt.com)
Harshada Mangesh Kakad (harshadak@metsi.co.uk)
Takashi Kajinami (kajinamit@nttdata.co.jp)
Matt Kassawara (mkassawara@gmail.com)
Morita Kazutaka (morita.kazutaka@gmail.com)
Josh Kearney (josh@jk0.org)
Ben Keller (bjkeller@us.ibm.com)
Bryan Keller (kellerbr@us.ibm.com)
Ilya Kharin (ikharin@mirantis.com)
Dae S. Kim (dae@velatum.com)
Nathan Kinder (nkinder@redhat.com)
Eugene Kirpichov (ekirpichov@gmail.com)
Leah Klearman (lklrmn@gmail.com)
Martin Kletzander (mkletzan@redhat.com)
Jaivish Kothari (jaivish.kothari@nectechnologies.in)
Petr Kovar (pkovar@redhat.com)
Steve Kowalik (steven@wedontsleep.org)
Sergey Kraynev (skraynev@mirantis.com)
Sushil Kumar (sushil.kumar2@globallogic.com)
Madhuri Kumari (madhuri.rai07@gmail.com)
Yatin Kumbhare (yatinkumbhare@gmail.com)
Dharmendra Kushwaha (dharmendra.kushwaha@nectechnologies.in)
Hugo Kuo (tonytkdk@gmail.com)
Tin Lam (tl3438@att.com)
Steven Lang (Steven.Lang@hgst.com)
Gonéri Le Bouder (goneri.lebouder@enovance.com)
Romain Le Disez (romain.ledisez@ovh.net)
John Leach (john@johnleach.co.uk)
Ed Leafe (ed.leafe@rackspace.com)
Thomas Leaman (thomas.leaman@hp.com)
Eohyung Lee (liquidnuker@gmail.com)
Zhao Lei (zhaolei@cn.fujitsu.com)
Jamie Lennox (jlennox@redhat.com)
Cheng Li (shcli@cn.ibm.com)
Mingyu Li (li.mingyu@99cloud.net)
Tong Li (litong01@us.ibm.com)
Ke Liang (ke.liang@easystack.cn)
Peter Lisak (peter.lisak@firma.seznam.cz)
David Liu (david.liu@cn.ibm.com)
Changbin Liu (changbin.liu@gmail.com)
Jing Liuqing (jing.liuqing@99cloud.net)
Victor Lowther (victor.lowther@gmail.com)
Sergey Lukjanov (slukjanov@mirantis.com)
Zhongyue Luo (zhongyue.nah@intel.com)
Paul Luse (paul.e.luse@intel.com)
Christopher MacGown (chris@pistoncloud.com)
Ganesh Maharaj Mahalingam (ganesh.mahalingam@intel.com)
Maria Malyarova (savoreux69@gmail.com)
Dragos Manolescu (dragosm@hp.com)
Ben Martin (blmartin@us.ibm.com)
Steve Martinelli (stevemar@ca.ibm.com)
Juan J. Martinez (juan@memset.com)
Marcelo Martins (btorch@gmail.com)
Nakagawa Masaaki (nakagawamsa@nttdata.co.jp)
Dolph Mathews (dolph.mathews@gmail.com)
Tomas Matlocha (tomas.matlocha@firma.seznam.cz)
Kenichiro Matsuda (matsuda_kenichi@jp.fujitsu.com)
Michael Matur (michael.matur@gmail.com)
Donagh McCabe (donagh.mccabe@hpe.com)
Andy McCrae (andy.mccrae@gmail.com)
Paul McMillan (paul.mcmillan@nebula.com)
Ewan Mellor (ewan.mellor@citrix.com)
Denis V. Meltsaykin (dmeltsaykin@mirantis.com)
Samuel Merritt (sam@swiftstack.com)
Stephen Milton (milton@isomedia.com)
Jola Mirecka (jola.mirecka@hp.com)
Kazuhiro Miyahara (miyahara.kazuhiro@lab.ntt.co.jp)
Alfredo Moralejo (amoralej@redhat.com)
Daisuke Morita (morita.daisuke@ntti3.com)
Mohit Motiani (mohit.motiani@intel.com)
Dirk Mueller (dirk@dmllr.de)
Takashi Natsume (natsume.takashi@lab.ntt.co.jp)
Russ Nelson (russ@crynwr.com)
Maru Newby (mnewby@internap.com)
Newptone (xingchao@unitedstack.com)
Colin Nicholson (colin.nicholson@iomart.com)
Zhenguo Niu (zhenguo@unitedstack.com)
Catherine Northcott (catherine@northcott.nz)
Ondrej Novy (ondrej.novy@firma.seznam.cz)
Brian Ober (bober@us.ibm.com)
Timothy Okwii (tokwii@cisco.com)
Matthew Oliver (matt@oliver.net.au)
Hisashi Osanai (osanai.hisashi@jp.fujitsu.com)
Eamonn O'Toole (eamonn.otoole@hpe.com)
Or Ozeri (oro@il.ibm.com)
James Page (james.page@ubuntu.com)
Prashanth Pai (ppai@redhat.com)
Venkateswarlu Pallamala (p.venkatesh551@gmail.com)
Pawel Palucki (pawel.palucki@gmail.com)
Alex Pecoraro (alex.pecoraro@emc.com)
Sascha Peilicke (saschpe@gmx.de)
Constantine Peresypkin (constantine.peresypk@rackspace.com)
Nguyen Hung Phuong (phuongnh@vn.fujitsu.com)
Dieter Plaetinck (dieter@vimeo.com)
Dan Prince (dprince@redhat.com)
Saverio Proto (saverio.proto@switch.ch)
Sivasathurappan Radhakrishnan (siva.radhakrishnan@intel.com)
Sarvesh Ranjan (saranjan@cisco.com)
Falk Reimann (falk.reimann@sap.com)
Brian Reitz (brian.reitz@oracle.com)
Qiaowei Ren (qiaowei.ren@intel.com)
Felipe Reyes (freyes@tty.cl)
Janie Richling (jrichli@us.ibm.com)
Matt Riedemann (mriedem@us.ibm.com)
Li Riqiang (lrqrun@gmail.com)
Rafael Rivero (rafael@cloudscaling.com)
Larry Rensing (lr699s@att.com)
Victor Rodionov (victor.rodionov@nexenta.com)
Eran Rom (eranr@il.ibm.com)
Aaron Rosen (arosen@nicira.com)
Brent Roskos (broskos@internap.com)
Hamdi Roumani (roumani@ca.ibm.com)
Shilla Saebi (shilla.saebi@gmail.com)
Atsushi Sakai (sakaia@jp.fujitsu.com)
Cristian A Sanchez (cristian.a.sanchez@intel.com)
Olga Saprycheva (osapryc@us.ibm.com)
Christian Schwede (cschwede@redhat.com)
Mark Seger (mark.seger@hpe.com)
Azhagu Selvan SP (tamizhgeek@gmail.com)
Alexandra Settle (alexandra.settle@rackspace.com)
Andrew Clay Shafer (acs@parvuscaptus.com)
Mitsuhiro SHIGEMATSU (shigematsu.mitsuhiro@lab.ntt.co.jp)
Dhriti Shikhar (dhrish20@gmail.com)
Chuck Short (chuck.short@canonical.com)
Michael Shuler (mshuler@gmail.com)
David Moreau Simard (dmsimard@iweb.com)
Scott Simpson (sasimpson@gmail.com)
Pradeep Kumar Singh (pradeep.singh@nectechnologies.in)
Sarafraj Singh (Sarafraj.Singh@intel.com)
Liu Siqi (meizu647@gmail.com)
Adrian Smith (adrian_f_smith@dell.com)
Jon Snitow (otherjon@swiftstack.com)
Emile Snyder (emile.snyder@gmail.com)
Emett Speer (speer.emett@gmail.com)
TheSriram (sriram@klusterkloud.com)
Jeremy Stanley (fungi@yuggoth.org)
Mauro Stettler (mauro.stettler@gmail.com)
Tobias Stevenson (tstevenson@vbridges.com)
Victor Stinner (vstinner@redhat.com)
Akihito Takai (takaiak@nttdata.co.jp)
Pearl Yajing Tan (pearl.y.tan@seagate.com)
Nandini Tata (nandini.tata.15@gmail.com)
Yuriy Taraday (yorik.sar@gmail.com)
Monty Taylor (mordred@inaugust.com)
Caleb Tennis (caleb.tennis@gmail.com)
Rainer Toebbicke (Rainer.Toebbicke@cern.ch)
Fujita Tomonori (fujita.tomonori@lab.ntt.co.jp)
Kato Tomoyuki (kato.tomoyuki@jp.fujitsu.com)
Nirmal Thacker (nirmalthacker@gmail.com)
Kapil Thangavelu (kapil.foss@gmail.com)
Alex Gaynor (alex.gaynor@gmail.com)
Alex Holden (alex@alexjonasholden.com)
Alex Pecoraro (alex.pecoraro@emc.com)
Alex Yang (alex890714@gmail.com)
Alexandra Settle (alexandra.settle@rackspace.com)
Alfredo Moralejo (amoralej@redhat.com)
Alistair Coles (alistair.coles@hpe.com)
Andreas Jaeger (aj@suse.de)
Andrew Clay Shafer (acs@parvuscaptus.com)
Andrew Hale (andy@wwwdata.eu)
Andrew Welleck (awellec@us.ibm.com)
Andy McCrae (andy.mccrae@gmail.com)
Anh Tran (anhtt@vn.fujitsu.com)
Nicolas Trangez (ikke@nicolast.be)
Ankur Gupta (ankur.gupta@intel.com)
Anne Gentle (anne@openstack.org)
Arnaud JOST (arnaud.jost@ovh.net)
Atsushi Sakai (sakaia@jp.fujitsu.com)
Azhagu Selvan SP (tamizhgeek@gmail.com)
Ben Keller (bjkeller@us.ibm.com)
Ben Martin (blmartin@us.ibm.com)
Bill Huber (wbhuber@us.ibm.com)
Bob Ball (bob.ball@citrix.com)
Brent Roskos (broskos@internap.com)
Brian Cline (bcline@softlayer.com)
Brian Curtin (brian.curtin@rackspace.com)
Brian D. Burns (iosctr@gmail.com)
Brian K. Jones (bkjones@gmail.com)
Brian Ober (bober@us.ibm.com)
Brian Reitz (brian.reitz@oracle.com)
Bryan Keller (kellerbr@us.ibm.com)
Béla Vancsics (vancsics@inf.u-szeged.hu)
Caleb Tennis (caleb.tennis@gmail.com)
Carlos Cavanna (ccavanna@ca.ibm.com)
Catherine Northcott (catherine@northcott.nz)
Cedric Dos Santos (cedric.dos.sant@gmail.com)
Changbin Liu (changbin.liu@gmail.com)
ChangBo Guo(gcb) (eric.guo@easystack.cn)
Chaozhe Chen (chaozhe.chen@easystack.cn)
Charles Hsu (charles0126@gmail.com)
Cheng Li (shcli@cn.ibm.com)
Chris Wedgwood (cw@f00f.org)
Christian Berendt (berendt@b1-systems.de)
Christian Hugo (hugo.christian@web.de)
Christian Schwede (cschwede@redhat.com)
Christopher Bartz (bartz@dkrz.de)
Christopher MacGown (chris@pistoncloud.com)
Chuck Short (chuck.short@canonical.com)
Clark Boylan (clark.boylan@gmail.com)
Clay Gerrard (clay.gerrard@gmail.com)
Clément Contini (ccontini@cloudops.com)
Colin Nicholson (colin.nicholson@iomart.com)
Conrad Weidenkeller (conrad.weidenkeller@rackspace.com)
Constantine Peresypkin (constantine.peresypk@rackspace.com)
Cory Wright (cory.wright@rackspace.com)
Cristian A Sanchez (cristian.a.sanchez@intel.com)
Dae S. Kim (dae@velatum.com)
Daisuke Morita (morita.daisuke@ntti3.com)
Dan Dillinger (dan.dillinger@sonian.net)
Dan Hersam (dan.hersam@hp.com)
Dan Prince (dprince@redhat.com)
dangming (dangming@unitedstack.com)
Daniele Valeriani (daniele@dvaleriani.net)
Darrell Bishop (darrell@swiftstack.com)
David Goetz (david.goetz@rackspace.com)
David Hadas (davidh@il.ibm.com)
David Liu (david.liu@cn.ibm.com)
David Moreau Simard (dmsimard@iweb.com)
Dean Troyer (dtroyer@gmail.com)
Kota Tsuyuzaki (tsuyuzaki.kota@lab.ntt.co.jp)
Denis V. Meltsaykin (dmeltsaykin@mirantis.com)
Derek Higgins (derekh@redhat.com)
Devin Carlen (devin.carlen@gmail.com)
Dharmendra Kushwaha (dharmendra.kushwaha@nectechnologies.in)
Dhriti Shikhar (dhrish20@gmail.com)
Dieter Plaetinck (dieter@vimeo.com)
Dirk Mueller (dirk@dmllr.de)
Dmitriy Ukhlov (dukhlov@mirantis.com)
Dmitry Ukov (dukov@mirantis.com)
Vincent Untz (vuntz@suse.com)
Daniele Valeriani (daniele@dvaleriani.net)
Koert van der Veer (koert@cloudvps.com)
Béla Vancsics (vancsics@inf.u-szeged.hu)
Vladimir Vechkanov (vvechkanov@mirantis.com)
venkatamahesh (venkatamaheshkotha@gmail.com)
Gil Vernik (gilv@il.ibm.com)
Hou Ming Wang (houming.wang@easystack.cn)
Shane Wang (shane.wang@intel.com)
Yaguang Wang (yaguang.wang@intel.com)
Chris Wedgwood (cw@f00f.org)
Conrad Weidenkeller (conrad.weidenkeller@rackspace.com)
Dolph Mathews (dolph.mathews@gmail.com)
Donagh McCabe (donagh.mccabe@hpe.com)
Doron Chen (cdoron@il.ibm.com)
Doug Hellmann (doug.hellmann@dreamhost.com)
Doug Weimer (dweimer@gmail.com)
Andrew Welleck (awellec@us.ibm.com)
Wu Wenxiang (wu.wenxiang@99cloud.net)
Cory Wright (cory.wright@rackspace.com)
Ye Jia Xu (xyj.asmy@gmail.com)
Yu Yafei (yu.yafei@zte.com.cn)
Zheng Yao (zheng.yao1@zte.com.cn)
Alex Yang (alex890714@gmail.com)
Lin Yang (lin.a.yang@intel.com)
Yee (mail.zhang.yee@gmail.com)
Dragos Manolescu (dragosm@hp.com)
Eamonn O'Toole (eamonn.otoole@hpe.com)
Ed Leafe (ed.leafe@rackspace.com)
Edward Hope-Morley (opentastic@gmail.com)
Ellen Leahy (ellen.mar.leahy@hpe.com)
Emett Speer (speer.emett@gmail.com)
Emile Snyder (emile.snyder@gmail.com)
Emmanuel Cazenave (contact@emcaz.fr)
Eohyung Lee (liquidnuker@gmail.com)
Eran Rom (eranr@il.ibm.com)
Eugene Kirpichov (ekirpichov@gmail.com)
Ewan Mellor (ewan.mellor@citrix.com)
Fabien Boucher (fabien.boucher@enovance.com)
Falk Reimann (falk.reimann@sap.com)
Felipe Reyes (freyes@tty.cl)
Ferenc Horváth (hferenc@inf.u-szeged.hu)
Filippo Giunchedi (fgiunchedi@wikimedia.org)
Flaper Fesp (flaper87@gmail.com)
Florent Flament (florent.flament-ext@cloudwatt.com)
François Charlier (francois.charlier@enovance.com)
Fujita Tomonori (fujita.tomonori@lab.ntt.co.jp)
Félix Cantournet (felix.cantournet@cloudwatt.com)
Gage Hugo (gh159m@att.com)
Ganesh Maharaj Mahalingam (ganesh.mahalingam@intel.com)
Gaurav B. Gangalwar (gaurav@gluster.com)
gecong1973 (ge.cong@zte.com.cn)
gengchc2 (geng.changcai2@zte.com.cn)
Gerry Drudy (gerry.drudy@hpe.com)
Gil Vernik (gilv@il.ibm.com)
Gonéri Le Bouder (goneri.lebouder@enovance.com)
Graham Hayes (graham.hayes@hpe.com)
Gregory Haynes (greg@greghaynes.net)
Guang Yee (guang.yee@hpe.com)
Pete Zaitcev (zaitcev@kotori.zaitcev.us)
Gábor Antal (antal@inf.u-szeged.hu)
Ha Van Tu (tuhv@vn.fujitsu.com)
Hamdi Roumani (roumani@ca.ibm.com)
Hanxi Liu (hanxi.liu@easystack.cn)
Harshada Mangesh Kakad (harshadak@metsi.co.uk)
Harshit Chitalia (harshit@acelio.com)
hgangwx (hgangwx@cn.ibm.com)
Hisashi Osanai (osanai.hisashi@jp.fujitsu.com)
Hodong Hwang (hodong.hwang@kt.com)
Hou Ming Wang (houming.wang@easystack.cn)
houweichao (houwch@gohighsec.com)
Hua Zhang (zhuadl@cn.ibm.com)
Hugo Kuo (tonytkdk@gmail.com)
Ilya Kharin (ikharin@mirantis.com)
Ionuț Arțăriși (iartarisi@suse.cz)
Iryoung Jeong (iryoung@gmail.com)
Jaivish Kothari (jaivish.kothari@nectechnologies.in)
James E. Blair (jeblair@openstack.org)
James Page (james.page@ubuntu.com)
Jamie Lennox (jlennox@redhat.com)
Janie Richling (jrichli@us.ibm.com)
Jason Johnson (jajohnson@softlayer.com)
Jay S. Bryant (jsbryant@us.ibm.com)
Jeremy Stanley (fungi@yuggoth.org)
Jesse Andrews (anotherjesse@gmail.com)
Jian Zhang (jian.zhang@intel.com)
Jiangmiao Gao (tolbkni@gmail.com)
Jing Liuqing (jing.liuqing@99cloud.net)
Joanna H. Huang (joanna.huitzu.huang@gmail.com)
Joe Arnold (joe@swiftstack.com)
Joe Gordon (jogo@cloudscaling.com)
John Leach (john@johnleach.co.uk)
Jola Mirecka (jola.mirecka@hp.com)
Jon Snitow (otherjon@swiftstack.com)
Jonathan Gonzalez V (jonathan.abdiel@gmail.com)
Jonathan Hinson (jlhinson@us.ibm.com)
Josh Kearney (josh@jk0.org)
Juan J. Martinez (juan@memset.com)
Julien Danjou (julien@danjou.info)
Kai Zhang (zakir.exe@gmail.com)
Kapil Thangavelu (kapil.foss@gmail.com)
karen chan (karen@karen-chan.com)
Kato Tomoyuki (kato.tomoyuki@jp.fujitsu.com)
Kazuhiro Miyahara (miyahara.kazuhiro@lab.ntt.co.jp)
Ke Liang (ke.liang@easystack.cn)
Kenichiro Matsuda (matsuda_kenichi@jp.fujitsu.com)
Keshava Bharadwaj (kb.sankethi@gmail.com)
Kiyoung Jung (kiyoung.jung@kt.com)
Koert van der Veer (koert@cloudvps.com)
Kota Tsuyuzaki (tsuyuzaki.kota@lab.ntt.co.jp)
Ksenia Demina (kdemina@mirantis.com)
Kun Huang (gareth@unitedstack.com)
Larry Rensing (lr699s@att.com)
Leah Klearman (lklrmn@gmail.com)
Li Riqiang (lrqrun@gmail.com)
Liang Jingtao (liang.jingtao@zte.com.cn)
Lin Yang (lin.a.yang@intel.com)
Liu Siqi (meizu647@gmail.com)
liujiong (liujiong@gohighsec.com)
Lokesh S (lokesh.s@hp.com)
Lorcan Browne (lorcan.browne@hpe.com)
Luis de Bethencourt (luis@debethencourt.com)
Luong Anh Tuan (tuanla@vn.fujitsu.com)
Madhuri Kumari (madhuri.rai07@gmail.com)
Mahati Chamarthy (mahati.chamarthy@gmail.com)
maoshuai (fwsakura@163.com)
Marcelo Martins (btorch@gmail.com)
Maria Malyarova (savoreux69@gmail.com)
Mark Gius (launchpad@markgius.com)
Mark Seger (mark.seger@hpe.com)
Martin Geisler (martin@geisler.net)
Martin Kletzander (mkletzan@redhat.com)
Maru Newby (mnewby@internap.com)
Matt Kassawara (mkassawara@gmail.com)
Matt Riedemann (mriedem@us.ibm.com)
Matthew Oliver (matt@oliver.net.au)
Matthieu Huin (mhu@enovance.com)
Mauro Stettler (mauro.stettler@gmail.com)
Mehdi Abaakouk (sileht@redhat.com)
Michael Matur (michael.matur@gmail.com)
Michael Shuler (mshuler@gmail.com)
Mike Fedosin (mfedosin@mirantis.com)
Mingyu Li (li.mingyu@99cloud.net)
Minwoo Bae (minwoob@us.ibm.com)
Mitsuhiro SHIGEMATSU (shigematsu.mitsuhiro@lab.ntt.co.jp)
Mohit Motiani (mohit.motiani@intel.com)
Monty Taylor (mordred@inaugust.com)
Morgan Fainberg (morgan.fainberg@gmail.com)
Morita Kazutaka (morita.kazutaka@gmail.com)
Motonobu Ichimura (motonobu@gmail.com)
Nakagawa Masaaki (nakagawamsa@nttdata.co.jp)
Nakul Dahiwade (nakul.dahiwade@intel.com)
Nam Nguyen Hoai (namnh@vn.fujitsu.com)
Nandini Tata (nandini.tata@intel.com)
Nathan Kinder (nkinder@redhat.com)
Nelson Almeida (nelsonmarcos@gmail.com)
Newptone (xingchao@unitedstack.com)
Nguyen Hung Phuong (phuongnh@vn.fujitsu.com)
Nguyen Phuong An (AnNP@vn.fujitsu.com)
Nicolas Helgeson (nh202b@att.com)
Nicolas Trangez (ikke@nicolast.be)
Ning Zhang (ning@zmanda.com)
Nirmal Thacker (nirmalthacker@gmail.com)
npraveen35 (npraveen35@gmail.com)
Olga Saprycheva (osapryc@us.ibm.com)
Ondrej Novy (ondrej.novy@firma.seznam.cz)
Or Ozeri (oro@il.ibm.com)
Oshrit Feder (oshritf@il.ibm.com)
Paul Dardeau (paul.dardeau@intel.com)
Paul Jimenez (pj@place.org)
Paul Luse (paul.e.luse@intel.com)
Paul McMillan (paul.mcmillan@nebula.com)
Pawel Palucki (pawel.palucki@gmail.com)
Pearl Yajing Tan (pearl.y.tan@seagate.com)
Pete Zaitcev (zaitcev@kotori.zaitcev.us)
Peter Lisak (peter.lisak@firma.seznam.cz)
Petr Kovar (pkovar@redhat.com)
Pradeep Kumar Singh (pradeep.singh@nectechnologies.in)
Prashanth Pai (ppai@redhat.com)
Pádraig Brady (pbrady@redhat.com)
Qiaowei Ren (qiaowei.ren@intel.com)
Rafael Rivero (rafael@cloudscaling.com)
Rainer Toebbicke (Rainer.Toebbicke@cern.ch)
Ray Chen (oldsharp@163.com)
Rebecca Finn (rebeccax.finn@intel.com)
Ricardo Ferreira (ricardo.sff@gmail.com)
Richard Hawkins (richard.hawkins@rackspace.com)
Romain Le Disez (romain.ledisez@ovh.net)
Russ Nelson (russ@crynwr.com)
Russell Bryant (rbryant@redhat.com)
Samuel Merritt (sam@swiftstack.com)
Sarafraj Singh (Sarafraj.Singh@intel.com)
Sarvesh Ranjan (saranjan@cisco.com)
Sascha Peilicke (saschpe@gmx.de)
Saverio Proto (saverio.proto@switch.ch)
Scott Simpson (sasimpson@gmail.com)
Sergey Kraynev (skraynev@mirantis.com)
Sergey Lukjanov (slukjanov@mirantis.com)
Shane Wang (shane.wang@intel.com)
Shashank Kumar Shankar (shashank.kumar.shankar@intel.com)
Shashirekha Gundur (shashirekha.j.gundur@intel.com)
Shilla Saebi (shilla.saebi@gmail.com)
Shri Javadekar (shrinand@maginatics.com)
Sivasathurappan Radhakrishnan (siva.radhakrishnan@intel.com)
Soren Hansen (soren@linux2go.dk)
Stephen Milton (milton@isomedia.com)
Steve Kowalik (steven@wedontsleep.org)
Steve Martinelli (stevemar@ca.ibm.com)
Steven Lang (Steven.Lang@hgst.com)
Sushil Kumar (sushil.kumar2@globallogic.com)
Takashi Kajinami (kajinamit@nttdata.co.jp)
Takashi Natsume (natsume.takashi@lab.ntt.co.jp)
TheSriram (sriram@klusterkloud.com)
Thiago da Silva (thiago@redhat.com)
Thierry Carrez (thierry@openstack.org)
Thomas Goirand (thomas@goirand.fr)
Thomas Leaman (thomas.leaman@hp.com)
Tim Burke (tim.burke@gmail.com)
Timothy Okwii (tokwii@cisco.com)
Timur Alperovich (timur.alperovich@gmail.com)
Tin Lam (tl3438@att.com)
Tobias Stevenson (tstevenson@vbridges.com)
Tom Fifield (tom@openstack.org)
Tomas Matlocha (tomas.matlocha@firma.seznam.cz)
Tong Li (litong01@us.ibm.com)
Travis McPeak (tmcpeak@us.ibm.com)
Tushar Gohad (tushar.gohad@intel.com)
venkatamahesh (venkatamaheshkotha@gmail.com)
Venkateswarlu Pallamala (p.venkatesh551@gmail.com)
Victor Lowther (victor.lowther@gmail.com)
Victor Rodionov (victor.rodionov@nexenta.com)
Victor Stinner (vstinner@redhat.com)
Vincent Untz (vuntz@suse.com)
Vladimir Vechkanov (vvechkanov@mirantis.com)
Wu Wenxiang (wu.wenxiang@99cloud.net)
Yaguang Wang (yaguang.wang@intel.com)
Yatin Kumbhare (yatinkumbhare@gmail.com)
Ye Jia Xu (xyj.asmy@gmail.com)
Yee (mail.zhang.yee@gmail.com)
Yu Yafei (yu.yafei@zte.com.cn)
Yuan Zhou (yuan.zhou@intel.com)
Yummy Bian (yummy.bian@gmail.com)
Yuriy Taraday (yorik.sar@gmail.com)
Yushiro FURUKAWA (y.furukawa_2@jp.fujitsu.com)
Zack M. Davis (zdavis@swiftstack.com)
Zap Chang (zapchang@gmail.com)
Zhang Guoqing (zhang.guoqing@99cloud.net)
Zhang Jinnan (ben.os@99cloud.net)
zhangyanxian (zhangyanxianmail@163.com)
Zhao Lei (zhaolei@cn.fujitsu.com)
Zheng Yao (zheng.yao1@zte.com.cn)
zheng yin (yin.zheng@easystack.cn)
Zhenguo Niu (zhenguo@unitedstack.com)
ZhiQiang Fan (aji.zqfan@gmail.com)
Zhongyue Luo (zhongyue.nah@intel.com)
zhufl (zhu.fanglei@zte.com.cn)

121
CHANGELOG
View File

@ -1,3 +1,124 @@
swift (2.11.0)
* We have made significant improvements and changes to the erasure
code implementation.
- Instead of using a separate .durable file to indicate the
durable status of an EC fragment archive, we rename the .data
to include a durable marker in the filename. This saves one
inode for every EC .data file. Existing .durable files will not
be removed, and they will continue to work just fine.
Note that after writing EC data with Swift 2.11.0 or later, that
data will not be accessible to earlier versions of Swift.
- Closed a bug where ssync may have written bad fragment data in
some circumstances. A check was added to ensure the correct number
of bytes is written for a fragment before finalizing the write.
Also, erasure coded fragment metadata will now be validated on read
requests and, if bad data is found, the fragment will be quarantined.
- The improvements to EC reads made in Swift 2.10.0 have also been
applied to the reconstructor. This allows fragments to be rebuilt
in more circumstances, resulting in faster recovery from failures.
- WARNING: If you are using the ISA-L library for erasure codes,
please upgrade to liberasurecode 1.3.1 (or later) as soon as
possible. If you are using isa_l_rs_vand with more than 4 parity,
please read https://bugs.launchpad.net/swift/+bug/1639691 and take
necessary action.
- Updated the PyECLib dependency to 1.3.1.
* Added a configurable URL base to staticweb.
* Support multi-range GETs for static large objects.
* TempURLs using the "inline" parameter can now also set the
"filename" parameter. Both are used in the Content-Disposition
response header.
* Mirror X-Trans-Id to X-Openstack-Request-Id.
* SLO will now concurrently HEAD segments, resulting in much faster
manifest validation and object creation. By default, two HEAD requests
will be done at a time, but this can be changed by the operator via
the new `concurrency` setting in the "[filter:slo]" section of
the proxy server config.
* Suppressed the KeyError message when auditor finds an expired object.
* Daemons using InternalClient can now be properly killed with SIGTERM.
* Added a "user" option to the drive-audit config file. Its value is
used to set the owner of the drive-audit recon cache.
* Throttle update_auditor_status calls so it updates no more than once
per minute.
* Suppress unexpected-file warnings for rsync temp files.
* Various other minor bug fixes and improvements.
swift (2.10.0, OpenStack Newton)
* Object versioning now supports a "history" mode in addition to
the older "stack" mode. The difference is in how DELETE requests
are handled. For full details, please read
http://docs.openstack.org/developer/swift/overview_object_versioning.html.
* New config variables to change the schedule priority and I/O
scheduling class. Servers and daemons now understand
`nice_priority`, `ionice_class`, and `ionice_priority` to
schedule their relative importance. Please read
http://docs.openstack.org/developer/swift/deployment_guide.html
for full config details.
* On newer kernels (3.15+ when using xfs), Swift will use the O_TMPFILE
flag when opening a file instead of creating a temporary file
and renaming it on commit. This makes the data path simpler and
allows the filesystem to more efficiently optimize the files on
disk, resulting in better performance.
* Erasure code GET performance has been significantly
improved in clusters that are not completely healthy.
* Significant improvements to the api-ref doc available at
http://developer.openstack.org/api-ref/object-storage/.
* A PUT or POST to a container will now update the container's
Last-Modified time, and that value will be included in a
GET/HEAD response.
* Include object sysmeta in POST responses. Sysmeta is still
stripped from the response before being sent to the client, but
this allows middleware to make use of the information.
* Fixed a bug where a container listing delimiter wouldn't work
with encryption.
* Fixed a bug where some headers weren't being copied correctly
in a COPY request.
* Container sync can now copy SLOs more efficiently by allowing
the manifest to be synced before all of the referenced segments.
This fixes a bug where container sync would not copy SLO manifests.
* Fixed a bug where some tombstone files might never be reclaimed.
* Update dnspython dependency to 1.14, removing the need to have
separate dnspython dependencies for Py2 and Py3.
* Deprecate swift-temp-url and call python-swiftclient's
implementation instead. This adds python-swiftclient as an
optional dependency of Swift.
* Moved other-requirements.txt to bindep.txt. bindep.txt lists
non-python dependencies of Swift.
* Various other minor bug fixes and improvements.
swift (2.9.0)
* Swift now supports at-rest encryption. This feature encrypts all

2
REVIEW_GUIDELINES.rst
View File

@ -109,7 +109,7 @@ to be cleaned up at some point - but it absolutely should merge
because: CRITICAL. BUG. FIX.
You should comment inline to praise code that is "obvious". You should
comment inline to highlight code that that you found to be "obfuscated".
comment inline to highlight code that you found to be "obfuscated".
Unfortunately "readability" is often subjective. We should remember
that it's probably just our own personal preference. Rather than a

44
api-ref/source/conf.py
View File

@ -29,35 +29,17 @@ import subprocess
import sys
import warnings
# TODO(Graham Hayes): Remove the following block of code when os-api-ref is
# using openstackdocstheme
import openstackdocstheme
import os_api_ref
html_theme = 'openstackdocs'
html_theme_path = [openstackdocstheme.get_html_theme_path()]
html_theme_options = {
"sidebar_mode": "toc",
}
if getattr(os_api_ref, 'THEME', 'olsosphinx') == 'openstackdocstheme':
# We are on the new version with openstackdocstheme support
extensions = [
'os_api_ref',
]
import openstackdocstheme # noqa
html_theme = 'openstackdocs'
html_theme_path = [openstackdocstheme.get_html_theme_path()]
html_theme_options = {
"sidebar_mode": "toc",
}
else:
# We are on the old version without openstackdocstheme support
extensions = [
'os_api_ref',
'oslosphinx',
]
# End temporary block
extensions = [
'os_api_ref',
]
# If extensions (or modules to document with autodoc) are in another directory,
# add these directories to sys.path here. If the directory is relative to the
@ -94,6 +76,14 @@ version = __version__.rsplit('.', 1)[0]
# The full version, including alpha/beta/rc tags.
release = __version__
# Config logABug feature
giturl = u'http://git.openstack.org/cgit/openstack/swift/tree/api-ref/source'
# source tree
# html_context allows us to pass arbitrary values into the html template
html_context = {'bug_tag': 'api-ref',
'giturl': giturl,
'bug_project': 'swift'}
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
#

10
api-ref/source/index.rst
View File

@ -6,8 +6,10 @@
.. rest_expand_all::
.. include:: storage-account-services.inc
.. include:: storage_endpoints.inc
.. include:: storage-object-services.inc
.. include:: storage-container-services.inc
.. include:: storage_info.inc
.. include:: storage-account-services.inc
.. include:: storage-container-services.inc
.. include:: storage-object-services.inc
.. include:: storage_endpoints.inc

6
api-ref/source/metadata_header_encoding.inc Normal file
View File

@ -0,0 +1,6 @@
.. note::
The metadata value must be UTF-8-encoded and then
URL-encoded before you include it in the header.
This is a direct violation of the HTTP/1.1 `basic rules
<http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2>`_.

7
api-ref/source/metadata_header_syntax.inc Normal file
View File

@ -0,0 +1,7 @@
.. note::
Metadata keys (the name of the metadata) must be treated as case-insensitive
at all times. These keys can contain ASCII 7-bit characters that are not
control (0-31) characters, DEL, or a separator character, according to
`HTTP/1.1 <http://www.w3.org/Protocols/rfc2616/rfc2616.html>`_ .
The underscore character is silently converted to a hyphen.

603
api-ref/source/parameters.yaml
View File

@ -22,9 +22,9 @@ Content-Disposition:
in: header
required: false
type: string
Content-Disposition_1:
Content-Disposition_resp:
description: |
If set, specifies the override behavior for the
If present, specifies the override behavior for the
browser. For example, this header might specify that the browser
use a download program to save this file rather than show the
file, which is the default. If not set, this header is not
@ -39,37 +39,36 @@ Content-Encoding:
in: header
required: false
type: string
Content-Encoding_1:
Content-Encoding_resp:
description: |
If set, the value of the ``Content-Encoding``
If present, the value of the ``Content-Encoding``
metadata. If not set, the operation does not return this header.
in: header
required: false
type: string
Content-Length:
Content-Length_cud_resp:
description: |
If the operation succeeds, this value is zero
(0). If the operation fails, this value is the length of the error
(0) or the length of informational or error
text in the response body.
in: header
required: true
type: string
Content-Length_1:
Content-Length_get_resp:
description: |
Set to the length of the object content. Do not
set if chunked transfer encoding is being used.
in: header
required: false
type: integer
Content-Length_2:
description: |
The length of the response body that contains the
list of names. If the operation fails, this value is the length of
the error text in the response body.
The length of the object content in the response
body, in bytes.
in: header
required: true
type: string
Content-Length_3:
Content-Length_listing_resp:
description: |
If the operation succeeds, the length of the response body
in bytes. On error, this is the length of the error text.
in: header
required: true
type: string
Content-Length_obj_head_resp:
description: |
HEAD operations do not return content. The
``Content-Length`` header value is not the size of the response
@ -77,57 +76,52 @@ Content-Length_3:
in: header
required: true
type: string
Content-Length_4:
Content-Length_put_req:
description: |
The length of the object content in the response
body, in bytes.
Set to the length of the object content (i.e. the length in bytes
of the request body). Do not
set if chunked transfer encoding is being used.
in: header
required: true
type: string
Content-Type:
required: false
type: integer
Content-Type_cud_resp:
description: |
Changes the MIME type for the object.
If present, this value is the MIME
type of the informational or error text in the response body.
in: header
required: false
type: string
Content-Type_1:
Content-Type_listing_resp:
description: |
If the operation fails, this value is the MIME
type of the error text in the response body.
If the operation succeeds, this value is the MIME type of the list
response. The MIME type is determined by the listing format specified by
the request and will be one of ``text/plain``, ``application/json``,
``application/xml``, or ``text/xml``. If the operation fails, this value is
the MIME type of the error text in the response body.
in: header
required: true
type: string
Content-Type_2:
Content-Type_obj_cu_req:
description: |
The MIME type of the object.
Sets the MIME type for the object.
in: header
required: true
required: false
type: string
Content-Type_3:
Content-Type_obj_resp:
description: |
The MIME type of the list of names. If the
operation fails, this value is the MIME type of the error text in
the response body.
If the operation succeeds, this value is the MIME type of the object. If
the operation fails, this value is the MIME type of the error text in the
response body.
in: header
required: true
type: string
Date:
description: |
The transaction date and time.
The date and time stamp format is `ISO 8601
<https://en.wikipedia.org/wiki/ISO_8601>`_:
::
CCYY-MM-DDThh:mm:ss±hh:mm
For example, ``2015-08-27T09:49:58-05:00``.
The ``±hh:mm`` value, if included, is the time zone as an offset
from UTC. In the previous example, the offset value is ``-05:00``.
A ``null`` value indicates that the token never expires.
The date and time the system responded to the request,
using the preferred format of
`RFC 7231 <https://tools.ietf.org/html/rfc7231#section-7.1.1.1>`_ as
shown in this example ``Thu, 16 Jun 2016 15:10:38 GMT``. The time is
always in UTC.
in: header
required: true
type: string
@ -140,14 +134,29 @@ Destination:
in: header
required: true
type: string
ETag:
Destination-Account:
description: |
Specifies the account name where the object is copied to. If not
specified, the object is copied to the account which owns the object
(i.e., the account in the path).
in: header
required: false
type: string
ETag_obj_copied:
description: |
The MD5 checksum of the copied object content.
The value is not quoted.
in: header
required: true
type: string
ETag_1:
ETag_obj_received:
description: |
The MD5 checksum of the uploaded object content.
The value is not quoted.
in: header
required: true
type: string
ETag_obj_req:
description: |
The MD5 checksum value of the request body. For
example, the MD5 checksum value of the object content. You are
@ -158,7 +167,7 @@ ETag_1:
in: header
required: false
type: string
ETag_2:
ETag_obj_resp:
description: |
For objects smaller than 5 GB, this value is the
MD5 checksum of the object content. The value is not quoted. For
@ -190,7 +199,7 @@ If-Modified-Since:
If-None-Match:
description: |
In combination with ``Expect: 100-Continue``,
specify an ``"If- None-Match: *"`` header to query whether the
specify an ``"If-None-Match: *"`` header to query whether the
server already has a copy of the object before any data is sent.
in: header
required: false
@ -205,19 +214,10 @@ If-Unmodified-Since:
Last-Modified:
description: |
The date and time when the object was created or its metadata was
changed.
changed. The date and time is formaatted as shown in this
example: ``Fri, 12 Aug 2016 14:24:16 GMT``
The date and time stamp format is `ISO 8601
<https://en.wikipedia.org/wiki/ISO_8601>`_:
::
CCYY-MM-DDThh:mm:ss±hh:mm
For example, ``2015-08-27T09:49:58-05:00``.
The ``±hh:mm`` value, if included, is the time zone as an offset
from UTC. In the previous example, the offset value is ``-05:00``.
The time is always in UTC.
in: header
required: true
type: string
@ -233,18 +233,21 @@ Range:
do, the value defaults to the offset of the last byte of data.
- **Suffix byte range specification**. Use LENGTH bytes to specify
the length of the data range. The following forms of the header
specify the following ranges of data: - ``Range: bytes=-5``. The
last five bytes. - ``Range: bytes=10-15``. The five bytes of data
after a 10-byte offset. - ``Range: bytes=10-15,-5``. A multi-
part response that contains the last five bytes and the five
bytes of data after a 10-byte offset. The ``Content-Type``
response header contains ``multipart/byteranges``. - ``Range:
bytes=4-6``. Bytes 4 to 6 inclusive. - ``Range: bytes=2-2``. Byte
2, the third byte of the data. - ``Range: bytes=6-``. Byte 6 and
after. - ``Range: bytes=1-3,2-5``. A multi-part response that
contains bytes 1 to 3 inclusive, and bytes 2 to 5 inclusive. The
``Content-Type`` response header contains
``multipart/byteranges``.
specify the following ranges of data:
- ``Range: bytes=-5``. The last five bytes.
- ``Range: bytes=10-15``. The six bytes of data after a 10-byte offset.
- ``Range: bytes=10-15,-5``. A multi-part response that contains the
last five bytes and the six
bytes of data after a 10-byte offset. The ``Content-Type``
response header contains ``multipart/byteranges``.
- ``Range: bytes=4-6``. Bytes 4 to 6 inclusive.
- ``Range: bytes=2-2``. Byte 2, the third byte of the data.
- ``Range: bytes=6-``. Byte 6 and after.
- ``Range: bytes=1-3,2-5``. A multi-part response that
contains bytes 1 to 3 inclusive, and bytes 2 to 5 inclusive. The
``Content-Type`` response header contains
``multipart/byteranges``.
in: header
required: false
type: string
@ -272,45 +275,87 @@ X-Account-Container-Count:
X-Account-Meta-name:
description: |
The custom account metadata item, where
``{name}`` is the name of the metadata item. One ``X-Account-
Meta- {name}`` response header appears for each metadata item (for
each ``{name}``).
``name`` is the name of the metadata item. One ``X-Account-Meta-name``
response header appears for each metadata item (for
each ``name``).
in: header
required: false
type: string
X-Account-Meta-name_1:
X-Account-Meta-name_req:
description: |
The account metadata. The ``{name}`` is the name
The account metadata. The ``name`` is the name
of metadata item that you want to add, update, or delete. To
delete this item, send an empty value in this header. You must
specify an ``X-Account-Meta- {name}`` header for each metadata
item (for each ``{name}``) that you want to add, update, or
specify an ``X-Account-Meta-name`` header for each metadata
item (for each ``name``) that you want to add, update, or
delete.
in: header
required: false
type: string
X-Account-Meta-Temp-URL-Key:
X-Account-Meta-Quota-Bytes_resp:
description: |
If present, this is the limit on the total size in bytes of objects stored
in the account.
Typically this value is set by an administrator.
in: header
required: false
type: string
X-Account-Meta-Temp-URL-Key-2_req:
description: |
A second secret key value for temporary URLs.
The second key enables you to rotate keys by having
two active keys at the same time.
in: header
required: false
type: string
X-Account-Meta-Temp-URL-Key-2_resp:
description: |
The second secret key value for temporary URLs. If
not set, this header is not returned in the response.
in: header
required: false
type: string
X-Account-Meta-Temp-URL-Key_req:
description: |
The secret key value for temporary URLs.
in: header
required: false
type: string
X-Account-Meta-Temp-URL-Key_resp:
description: |
The secret key value for temporary URLs. If not
set, this header is not returned in the response.
in: header
required: false
type: string
X-Account-Meta-Temp-URL-Key-2:
description: |
A second secret key value for temporary URLs. If
not set, this header is not returned in the response.
The second key enables you to rotate keys by having
two active keys at the same time.
in: header
required: false
type: string
X-Account-Object-Count:
description: |
The number of objects in the account.
in: header
required: true
type: integer
X-Account-Storage-Policy-name-Bytes-Used:
description: |
The total number of bytes that are stored in
in a given storage policy, where ``name`` is the
name of the storage policy.
in: header
required: true
type: integer
X-Account-Storage-Policy-name-Container-Count:
description: |
The number of containers in the account that use the given
storage policy where ``name`` is the name of the storage policy.
in: header
required: true
type: integer
X-Account-Storage-Policy-name-Object-Count:
description: |
The number of objects in given storage policy where ``name`` is
the name of the storage policy.
in: header
required: true
type: integer
X-Auth-Token:
description: |
Authentication token. If you omit this header,
@ -319,12 +364,6 @@ X-Auth-Token:
in: header
required: false
type: string
X-Auth-Token_1:
description: |
Authentication token.
in: header
required: true
type: string
X-Container-Bytes-Used:
description: |
The total number of bytes used.
@ -354,14 +393,16 @@ X-Container-Meta-Access-Control-Expose-Headers:
Headers the Object Storage service exposes to the
browser (technically, through the ``user-agent`` setting), in the
request response, separated by spaces. By default the Object
Storage service returns the following values for this header: -
All “simple response headers” as listed on
`http://www.w3.org/TR/cors/#simple-response-header
<http://www.w3.org/TR/cors/#simple-response-header>`_. - The
headers ``etag``, ``x-timestamp``, ``x-trans-id``. - All metadata
headers (``X-Container-Meta-*`` for containers and ``X-Object-
Meta-*`` for objects) headers listed in ``X-Container- Meta-
Access-Control-Expose-Headers``.
Storage service returns the following headers:
- All “simple response headers” as listed on
`http://www.w3.org/TR/cors/#simple-response-header
<http://www.w3.org/TR/cors/#simple-response-header>`_.
- The headers ``etag``, ``x-timestamp``, ``x-trans-id``,
``x-openstack-request-id``.
- All metadata headers (``X-Container-Meta-*`` for containers and
``X-Object-Meta-*`` for objects).
- headers listed in ``X-Container-Meta-Access-Control-Expose-Headers``.
in: header
required: false
type: string
@ -376,28 +417,39 @@ X-Container-Meta-Access-Control-Max-Age:
type: string
X-Container-Meta-name:
description: |
The container metadata, where ``{name}`` is the
name of metadata item. You must specify an ``X-Container-Meta-
{name}`` header for each metadata item (for each ``{name}``) that
The custom container metadata item, where
``name`` is the name of the metadata item. One ``X-Container-Meta-name``
response header appears for each metadata item (for
each ``name``).
in: header
required: true
type: string
X-Container-Meta-name_req:
description: |
The container metadata, where ``name`` is the
name of metadata item. You must specify an ``X-Container-Meta-name``
header for each metadata item (for each ``name``) that
you want to add or update.
in: header
required: false
type: string
X-Container-Meta-name_1:
description: |
The custom container metadata item, where
``{name}`` is the name of the metadata item. One ``X-Container-
Meta- {name}`` response header appears for each metadata item (for
each ``{name}``).
in: header
required: true
type: string
X-Container-Meta-Quota-Bytes:
description: |
Sets maximum size of the container, in bytes.
Typically these values are set by an administrator. Returns a 413
response (request entity too large) when an object PUT operation
exceeds this quota value.
This value does not take effect immediately. see
`Container Quotas
<http://docs.openstack.org/developer/swift/api/container_quotas.html>`_
for more information.
in: header
required: false
type: string
X-Container-Meta-Quota-Bytes_resp:
description: |
The maximum size of the container, in bytes. If not set, this header is not
returned by this operation.
in: header
required: false
type: string
@ -407,20 +459,45 @@ X-Container-Meta-Quota-Count:
Typically these values are set by an administrator. Returns a 413
response (request entity too large) when an object PUT operation
exceeds this quota value.
This value does not take effect immediately. see
`Container Quotas
<http://docs.openstack.org/developer/swift/api/container_quotas.html>`_
for more information.
in: header
required: false
type: string
X-Container-Meta-Temp-URL-Key:
X-Container-Meta-Quota-Count_resp:
description: |
The maximum object count of the container. If not set, this header is not
returned by this operation.
in: header
required: false
type: string
X-Container-Meta-Temp-URL-Key-2_req:
description: |
A second secret key value for temporary URLs.
The second key enables you to rotate keys by having
two active keys at the same time.
in: header
required: false
type: string
X-Container-Meta-Temp-URL-Key-2_resp:
description: |
The second secret key value for temporary URLs. If
not set, this header is not returned in the response.
in: header
required: false
type: string
X-Container-Meta-Temp-URL-Key_req:
description: |
The secret key value for temporary URLs.
in: header
required: false
type: string
X-Container-Meta-Temp-URL-Key-2:
X-Container-Meta-Temp-URL-Key_resp:
description: |
A second secret key value for temporary URLs. The
second key enables you to rotate keys by having two active keys at
the same time.
The secret key value for temporary URLs. If not
set, this header is not returned in the response.
in: header
required: false
type: string
@ -431,7 +508,7 @@ X-Container-Meta-Web-Directory-Type:
``application/directory``. Directory marker objects are 0-byte
objects that represent directories to create a simulated
hierarchical structure. For example, if you set ``"X-Container-
Meta-Web-Directory- Type: text/directory"``, Object Storage treats
Meta-Web-Directory-Type: text/directory"``, Object Storage treats
0-byte objects with a content-type of ``text/directory`` as
directories rather than objects.
in: header
@ -446,47 +523,18 @@ X-Container-Object-Count:
X-Container-Read:
description: |
Sets a container access control list (ACL) that grants read access.
Container ACLs are available on any Object Storage cluster, and are
enabled by container rather than by cluster.
The scope of the access is specific to the container. The ACL grants
the ability to perform GET or HEAD operations on objects in the container
or to perform a GET or HEAD operation on the container itself.
To set the container read ACL:
.. code-block:: bash
$ curl -X {PUT|POST} -i -H "X-Auth-Token: TOKEN" -H \
"X-Container-Read: ACL" STORAGE_URL/CONTAINER
For example:
.. code-block:: bash
$ curl -X PUT -i \
-H "X-Auth-Token: 0101010101" \
-H "X-Container-Read: .r:*" \
http://swift.example.com/v1/AUTH_bob/read_container
In the command, specify the ACL in the ``X-Container-Read`` header,
as follows:
- ``.r:*`` All referrers.
- ``.r:example.com,swift.example.com`` Comma-separated list of
referrers.
- ``.rlistings`` Container listing access.
- ``AUTH_username`` Access to a user who authenticates through a
legacy or non-OpenStack-Identity-based authentication system.
- ``LDAP_`` Access to all users who authenticate through an LDAP-
based legacy or non-OpenStack-Identity-based authentication
system.
The format and scope of the ACL is dependent on the authorization system
used by the Object Storage service.
in: header
required: false
type: string
X-Container-Read_1:
X-Container-Read_resp:
description: |
The ACL that grants read access. If not set, this
The ACL that grants read access. If there is no ACL, this
header is not returned by this operation.
in: header
required: false
@ -496,10 +544,13 @@ X-Container-Sync-Key:
Sets the secret key for container
synchronization. If you remove the secret key, synchronization is
halted.
For more information, see `Container to Container Synchronization
<http://docs.openstack.org/developer/swift/overview_
container_sync.html>`_
in: header
required: false
type: string
X-Container-Sync-Key_1:
X-Container-Sync-Key_resp:
description: |
The secret key for container synchronization. If
not set, this header is not returned by this operation.
@ -516,7 +567,7 @@ X-Container-Sync-To:
in: header
required: false
type: string
X-Container-Sync-To_1:
X-Container-Sync-To_resp:
description: |
The destination for container synchronization. If
not set, this header is not returned by this operation.
@ -525,13 +576,21 @@ X-Container-Sync-To_1:
type: string
X-Container-Write:
description: |
Sets an ACL that grants write access.
Sets a container access control list (ACL) that grants write access.
The scope of the access is specific to the container. The ACL grants
the ability to perform PUT, POST and DELETE operations on
objects in the container. It does not grant write access to the container
metadata.
The format of the ACL is dependent on the authorization system
used by the Object Storage service.
in: header
required: false
type: string
X-Container-Write_1:
description: |
The ACL that grants write access. If not set,
X-Container-Write_resp:
description:
The ACL that grants write access. If there is no ACL,
this header is not returned by this operation.
in: header
required: false
@ -544,6 +603,13 @@ X-Copied-From:
in: header
required: false
type: string
X-Copied-From-Account:
description: |
For a copied object, shows the account
from which the new object was copied.
in: header
required: false
type: string
X-Copied-From-Last-Modified:
description: |
For a copied object, the date and time in `UNIX
@ -572,7 +638,7 @@ X-Delete-After:
description: |
The number of seconds after which the system
removes the object. Internally, the Object Storage system stores
this value in the ``X -Delete-At`` metadata item.
this value in the ``X-Delete-At`` metadata item.
in: header
required: false
type: integer
@ -585,21 +651,11 @@ X-Delete-At:
in: header
required: false
type: integer
X-Delete-At_1:
description: |
If set, the date and time in `UNIX Epoch time
stamp format <https://en.wikipedia.org/wiki/Unix_time>`_ when the
system deletes the object. For example, ``1440619048`` is
equivalent to ``Mon, Wed, 26 Aug 2015 19:57:28 GMT``. If not set,
this operation does not return this header.
in: header
required: false
type: integer
X-Detect-Content-Type:
description: |
If set to ``true``, Object Storage guesses the
content type based on the file extension and ignores the value
sent in the ``Content- Type`` header, if present.
sent in the ``Content-Type`` header, if present.
in: header
required: false
type: boolean
@ -611,6 +667,27 @@ X-Fresh-Metadata:
in: header
required: false
type: boolean
X-History-Location:
description: |
The URL-encoded UTF-8 representation of the container that stores
previous versions of objects. If neither this nor ``X-Versions-Location``
is set, versioning is disabled for this container. ``X-History-Location``
and ``X-Versions-Location`` cannot both be set at the same time. For more
information about object versioning, see `Object versioning
<http://docs.openstack.org/ developer/swift/api/object_versioning.html>`_.
in: header
required: false
type: string
X-History-Location_resp:
description: |
If present, this container has versioning enabled and the value
is the UTF-8 encoded name of another container.
For more information about object versioning,
see `Object versioning <http://docs.openstack.org/developer/
swift/api/object_versioning.html>`_.
in: header
required: false
type: string
X-Newest:
description: |
If set to true , Object Storage queries all
@ -631,9 +708,9 @@ X-Object-Manifest:
in: header
required: false
type: string
X-Object-Manifest_1:
X-Object-Manifest_resp:
description: |
If set, to this is a dynamic large object
If present, this is a dynamic large object
manifest object. The value is the container and object name prefix
of the segment objects in the form ``container/prefix``.
in: header
@ -641,32 +718,65 @@ X-Object-Manifest_1:
type: string
X-Object-Meta-name:
description: |
The object metadata, where ``{name}`` is the name
of the metadata item. You must specify an ``X-Object-Meta-
{name}`` header for each metadata ``{name}`` item that you want to
add or update.
The object metadata, where ``name`` is the name
of the metadata item. You must specify an
``X-Object-Meta-name`` header for each metadata ``name`` item that
you want to add or update.
in: header
required: false
type: string
X-Object-Meta-name_1:
X-Object-Meta-name_resp:
description: |
The custom object metadata item, where ``{name}``
is the name of the metadata item. One ``X-Object-Meta- {name}``
response header appears for each metadata ``{name}`` item.
If present, the custom object metadata item, where ``name``
is the name of the metadata item. One``X-Object-Meta-name``
response header appears for each metadata ``name`` item.
in: header
required: false
type: string
X-Openstack-Request-Id:
description: |
A unique transaction ID for this request. Your
service provider might need this value if you report a problem.
(same as ``X-Trans-Id``)
in: header
required: true
type: string
X-Remove-Account-name:
description: |
Removes the metadata item named ``name``.
For example, ``X-Remove-Account-Meta-Blue`` removes
custom metadata.
in: header
required: false
type: string
X-Remove-Container-name:
description: |
Removes the metadata item named ``{name}``. For
example, ``X -Remove-Container-Read`` removes the ``X-Container-
Read`` metadata item.
Removes the metadata item named ``name``. For
example, ``X-Remove-Container-Read`` removes the
``X-Container-Read`` metadata item and ``X-Remove-Container-Meta-Blue``
removes custom metadata.
in: header
required: false
type: string
X-Remove-History-Location:
description: |
Set to any value to disable versioning. Note that this disables version
that was set via ``X-Versions-Location`` as well.
in: header
required: false
type: string
X-Remove-Versions-Location:
description: |
Set to any value to disable versioning.
Set to any value to disable versioning. Note that this disables version
that was set via ``X-History-Location`` as well.
in: header
required: false
type: string
X-Service-Token:
description: |
A service token. See `OpenStack Service Using Composite Tokens
<http://docs.openstack.org/developer/swift/overview_auth.html#openstack-
service-using-composite-tokens>`_ for more information.
in: header
required: false
type: string
@ -677,6 +787,14 @@ X-Static-Large-Object:
in: header
required: true
type: boolean
X-Storage-Policy:
description: |
In requests, specifies the name of the storage policy to use for
the container. In responses, is the storage policy name.
The storage policy of the container cannot be changed.
in: header
required: false
type: string
X-Timestamp:
description: |
The date and time in `UNIX Epoch time stamp
@ -696,23 +814,23 @@ X-Trans-Id:
type: string
X-Trans-Id-Extra:
description: |
Extra transaction information. Use the ``X-Trans-
Id-Extra`` request header to include extra information to help you
Extra transaction information. Use the ``X-Trans-Id-Extra``
request header to include extra information to help you
debug any errors that might occur with large object upload and
other Object Storage transactions. Object Storage appends the
first 32 characters of the ``X-Trans-Id- Extra`` request header
other Object Storage transactions. The server appends the
first 32 characters of the ``X-Trans-Id-Extra`` request header
value to the transaction ID value in the generated ``X-Trans-Id``
response header. You must UTF-8-encode and then URL-encode the
extra transaction information before you include it in the ``X
-Trans-Id-Extra`` request header. For example, you can include
extra transaction information before you include it in the
``X-Trans-Id-Extra`` request header. For example, you can include
extra transaction information when you upload `large objects
<http://docs.openstack.org/user-
guide/cli_swift_large_object_creation.html>`_ such as images. When
<http://docs.openstack.org/developer/swift/api/large_objects.html>`_
such as images. When
you upload each segment and the manifest, include the same value
in the ``X-Trans-Id-Extra`` request header. If an error occurs,
you can find all requests that are related to the large object
upload in the Object Storage logs. You can also use ``X-Trans-Id-
Extra`` strings to help operators debug requests that fail to
upload in the Object Storage logs. You can also use ``X-Trans-Id-Extra``
strings to help operators debug requests that fail to
receive responses. The operator can search for the extra
information in the logs.
in: header
@ -721,19 +839,19 @@ X-Trans-Id-Extra:
X-Versions-Location:
description: |
The URL-encoded UTF-8 representation of the container that stores
previous versions of objects. If not set, versioning is disabled
for this container. For more information about object versioning,
see `Object versioning <http://docs.openstack.org/developer/
swift/api/object_versioning.html>`_.
previous versions of objects. If neither this nor ``X-History-Location``
is set, versioning is disabled for this container. ``X-Versions-Location``
and ``X-History-Location`` cannot both be set at the same time. For more
information about object versioning, see `Object versioning
<http://docs.openstack.org/ developer/swift/api/object_versioning.html>`_.
in: header
required: false
type: string
X-Versions-Mode:
X-Versions-Location_resp:
description: |
The versioning mode for this container. The value must be either
``stack`` or ``history``. If not set, ``stack`` mode will be used.
This setting has no impact unless ``X-Versions-Location`` is set
for the container. For more information about object versioning,
If present, this container has versioning enabled and the value
is the UTF-8 encoded name of another container.
For more information about object versioning,
see `Object versioning <http://docs.openstack.org/developer/
swift/api/object_versioning.html>`_.
in: header
@ -750,12 +868,13 @@ account:
type: string
container:
description: |
The unique name for the container. The container
The unique (within an account) name for the container. The container
name must be from 1 to 256 characters long and can start with any
character and contain any pattern. Character set must be UTF-8.
The container name cannot contain a slash (``/``) character
because this character delimits the container and object name. For
example, ``/account/container/object``.
example, the path ``/v1/account/www/pages`` specifies the ``www``
container, not the ``www/pages`` container.
in: path
required: false
type: string
@ -767,6 +886,16 @@ object:
type: string
# variables in query
bulk-delete:
description: |
When the ``bulk-delete`` query parameter is present in the POST
request, multiple objects or containers can be deleted
with a single request. See `Bulk Delete
<http://docs.openstack.org/developer/swift/middleware.html?highlight=
bulk#bulk-delete>`_ for how this feature is used.
in: query
required: false
type: string
delimiter:
description: |
Delimiter value, which returns the object names
@ -784,6 +913,16 @@ end_marker:
in: query
required: false
type: string
extract-archive:
description: |
When the ``extract-archive`` query parameter is present in the POST
request, an archive (tar file) is uploaded and extracted to
create multiple objects. See `Extract Archive
<http://docs.openstack.org/developer/swift/middleware.html?highlight=
bulk#extract-archive>`_ for how this feature is used.
in: query
required: false
type: string
filename:
description: |
Overrides the default file name. Object Storage
@ -823,23 +962,24 @@ marker:
in: query
required: false
type: string
multipart-manifest:
multipart-manifest_copy:
description: |
If ``?multipart-manifest=put``, the object is a
static large object manifest and the body contains the manifest.
If you include the ``multipart-manifest=get``
query parameter and the object is a large object, the object
contents are not copied. Instead, the manifest is copied to
the new object.
in: query
required: false
type: string
multipart-manifest_1:
multipart-manifest_delete:
description: |
If you include the ``multipart-manifest=delete``
query parameter and the object is a static large object, the
segment objects and manifest object are deleted. If you omit the
``multipart- manifest=delete`` query parameter and the object is a
``multipart-manifest=delete`` query parameter and the object is a
static large object, the manifest object is deleted but the
segment objects are not deleted. For a bulk delete, the response
body looks the same as it does for a normal bulk delete. In
contrast, a plain object DELETE response has an empty body.
segment objects are not deleted. The response body will contain
the status of the deletion of every processed segment object.
in: query
required: false
type: string
@ -862,6 +1002,13 @@ multipart-manifest_head:
in: query
required: false
type: string
multipart-manifest_put:
description: |
If you include the ``multipart-manifest=put`` query parameter, the object
is a static large object manifest and the body contains the manifest.
in: query
required: false
type: string
path:
description: |
For a string value, returns the object names that
@ -878,11 +1025,9 @@ prefix:
type: string
swiftinfo_expires:
description: |
Filters the response by the expiration date and
time in `UNIX Epoch time stamp format
<https://en.wikipedia.org/wiki/Unix_time>`_. For example,
``1440619048`` is equivalent to ``Mon, Wed, 26 Aug 2015 19:57:28
GMT``.
The time at which ``swiftinfo_sig`` expires. The time is in
`UNIX Epoch time stamp format
<https://en.wikipedia.org/wiki/Unix_time>`_.
in: query
required: false
type: integer

2
api-ref/source/samples/account-containers-list-http-request-json.txt
View File

@ -1 +1 @@
curl -i https://23.253.72.207/v1/$account?format=json -X GET -H "X-Auth-Token: $token"
curl -i $publicURL?format=json -X GET -H "X-Auth-Token: $token"

3
api-ref/source/samples/account-containers-list-http-request-xml.txt
View File

@ -1,2 +1 @@
curl -i https://23.253.72.207/v1/$account?format=xml \
-X GET -H "X-Auth-Token: $token"
curl -i $publicURL?format=xml -X GET -H "X-Auth-Token: $token"

3
api-ref/source/samples/account-containers-list-http-response-json.txt
View File

@ -8,4 +8,5 @@ X-Account-Container-Count: 2
Content-Type: application/json; charset=utf-8
Accept-Ranges: bytes
X-Trans-Id: tx274a77a8975c4a66aeb24-0052d95365
Date: Fri, 17 Jan 2014 15:59:33 GMT
X-Openstack-Request-Id: tx274a77a8975c4a66aeb24-0052d95365
Date: Fri, 17 Jan 2014 15:59:33 GMT

3
api-ref/source/samples/account-containers-list-http-response-xml.txt
View File

@ -8,4 +8,5 @@ X-Account-Container-Count: 2
Content-Type: application/xml; charset=utf-8
Accept-Ranges: bytes
X-Trans-Id: tx69f60bc9f7634a01988e6-0052d9544b
Date: Fri, 17 Jan 2014 16:03:23 GMT
X-Openstack-Request-Id: tx69f60bc9f7634a01988e6-0052d9544b
Date: Fri, 17 Jan 2014 16:03:23 GMT

5
api-ref/source/samples/capabilities-list-response.json
View File

@ -2,6 +2,11 @@
"swift": {
"version": "1.11.0"
},
"slo": {
"max_manifest_segments": 1000,
"max_manifest_size": 2097152,
"min_segment_size": 1
},
"staticweb": {},
"tempurl": {}
}

3
api-ref/source/samples/objects-list-http-response-json.txt
View File

@ -7,4 +7,5 @@ X-Timestamp: 1389727543.65372
X-Container-Bytes-Used: 26
Content-Type: application/json; charset=utf-8
X-Trans-Id: tx26377fe5fab74869825d1-0052d6bdff
Date: Wed, 15 Jan 2014 16:57:35 GMT
X-Openstack-Request-Id: tx26377fe5fab74869825d1-0052d6bdff
Date: Wed, 15 Jan 2014 16:57:35 GMT

3
api-ref/source/samples/objects-list-http-response-xml.txt
View File

@ -7,4 +7,5 @@ X-Timestamp: 1389727543.65372
X-Container-Bytes-Used: 26
Content-Type: application/xml; charset=utf-8
X-Trans-Id: txc75ea9a6e66f47d79e0c5-0052d6be76
Date: Wed, 15 Jan 2014 16:59:35 GMT
X-Openstack-Request-Id: txc75ea9a6e66f47d79e0c5-0052d6be76
Date: Wed, 15 Jan 2014 16:59:35 GMT

201
api-ref/source/storage-account-services.inc
View File

@ -5,60 +5,10 @@ Accounts
========
Lists containers for an account. Creates, updates, shows, and
deletes account metadata.
deletes account metadata. For more information and concepts about
accounts see `Object Storage API overview
<http://docs.openstack.org/developer/swift/api/object_api_v1_overview.html>`_.
Account metadata operations work differently than container and
object metadata operations work. Depending on the contents of your
POST account metadata request, the Object Storage API updates the
metadata in one of these ways:
**Account metadata operations**
+----------------------------------------------------------+---------------------------------------------------------------+
| POST request body contains | Description |
+----------------------------------------------------------+---------------------------------------------------------------+
| A metadata key without a value. | The API removes the metadata item from the account. |
| | |
| The metadata key already exists for the account. | |
+----------------------------------------------------------+---------------------------------------------------------------+
| A metadata key without a value. | The API ignores the metadata key. |
| | |
| The metadata key does not already exist for the account. | |
+----------------------------------------------------------+---------------------------------------------------------------+
| A metadata key value. | The API updates the metadata key value for the account. |
| | |
| The metadata key already exists for the account. | |
+----------------------------------------------------------+---------------------------------------------------------------+
| A metadata key value. | The API adds the metadata key and value pair, or item, to the |
| | account. |
| The metadata key does not already exist for the account. | |
+----------------------------------------------------------+---------------------------------------------------------------+
| One or more account metadata items are omitted. | The API does not change the existing metadata items. |
| | |
| The metadata items already exist for the account. | |
+----------------------------------------------------------+---------------------------------------------------------------+
For these requests, specifying the ``X-Remove-Account-Meta-*``
request header for the key with any value is equivalent to
specifying the ``X-Account-Meta-*`` request header with an empty
value.
Metadata keys must be treated as case-insensitive at all times.
These keys can contain ASCII 7-bit characters that are not control
(0-31) characters, DEL, or a separator character, according to
`HTTP/1.1 <http://www.w3.org/Protocols/rfc2616/rfc2616.html>`_ .
Also, Object Storage does not support the underscore character,
which it silently converts to a hyphen.
The metadata values in Object Storage do not follow HTTP/1.1 rules
for character encodings. You must use a UTF-8 encoding to get a
byte array for any string that contains characters that are not in
the 7-bit ASCII 0-127 range. Otherwise, Object Storage returns the
404 response code for ISO-8859-1 characters in the 128-255 range,
which is a direct violation of the HTTP/1.1 `basic rules
<http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2>`_.
Show account details and list containers
@ -74,23 +24,6 @@ using the SQLite memcmp() function, regardless of text encoding.
See `Collating Sequences
<http://www.sqlite.org/datatype3.html#collation>`_.
Example requests and responses:
- Show account details and list containers and ask for a JSON
response:
::
curl -i $publicURL?format=json -X GET -H "X-Auth-Token: $token"
- List containers and ask for an XML response:
::
curl -i $publicURL?format=xml -X GET -H "X-Auth-Token: $token"
The response body returns a list of containers. The default
response (``text/plain``) returns one container per line.
@ -106,6 +39,21 @@ is text, JSON, or XML. For a text response, you get a 204 , because
there is no content. However, for a JSON or XML response, you get a
200 with content indicating an empty array.
Example requests and responses:
- Show account details and list containers and ask for a JSON
response:
.. literalinclude:: samples/account-containers-list-http-request-json.txt
.. literalinclude:: samples/account-containers-list-http-response-json.txt
.. literalinclude:: samples/account-containers-list-response.json
- Show account details and list containers and ask for an XML response:
.. literalinclude:: samples/account-containers-list-http-request-xml.txt
.. literalinclude:: samples/account-containers-list-http-response-xml.txt
.. literalinclude:: samples/account-containers-list-response.xml
If the request succeeds, the operation returns one of these status
codes:
@ -135,6 +83,7 @@ Request
- prefix: prefix
- delimiter: delimiter
- X-Auth-Token: X-Auth-Token
- X-Service-Token: X-Service-Token
- X-Newest: X-Newest
- Accept: Accept
- X-Trans-Id-Extra: X-Trans-Id-Extra
@ -145,33 +94,27 @@ Response Parameters
.. rest_parameters:: parameters.yaml
- Content-Length: Content-Length
- Content-Length: Content-Length_listing_resp
- X-Account-Meta-name: X-Account-Meta-name
- X-Account-Object-Count: X-Account-Object-Count
- X-Account-Meta-Temp-URL-Key-2: X-Account-Meta-Temp-URL-Key-2
- X-Account-Meta-Temp-URL-Key: X-Account-Meta-Temp-URL-Key_resp
- X-Account-Meta-Temp-URL-Key-2: X-Account-Meta-Temp-URL-Key-2_resp
- X-Timestamp: X-Timestamp
- X-Account-Meta-Temp-URL-Key: X-Account-Meta-Temp-URL-Key
- X-Trans-Id: X-Trans-Id
- X-Openstack-Request-Id: X-Openstack-Request-Id
- Date: Date
- X-Account-Bytes-Used: X-Account-Bytes-Used
- X-Account-Container-Count: X-Account-Container-Count
- Content-Type: Content-Type
- X-Account-Object-Count: X-Account-Object-Count
- X-Account-Storage-Policy-name-Bytes-Used: X-Account-Storage-Policy-name-Bytes-Used
- X-Account-Storage-Policy-name-Container-Count: X-Account-Storage-Policy-name-Container-Count
- X-Account-Storage-Policy-name-Object-Count: X-Account-Storage-Policy-name-Object-Count
- X-Account-Meta-Quota-Bytes: X-Account-Meta-Quota-Bytes_resp
- Content-Type: Content-Type_listing_resp
- count: count
- bytes: bytes
- name: name
Response Example
----------------
.. literalinclude:: samples/account-containers-list-http-response-xml.txt
:language: javascript
Create, update, or delete account metadata
==========================================
@ -179,21 +122,57 @@ Create, update, or delete account metadata
Creates, updates, or deletes account metadata.
To create, update, or delete metadata, use the ``X-Account-
Meta-{name}`` request header, where ``{name}`` is the name of the
To create, update, or delete custom metadata, use the
``X-Account-Meta-{name}`` request header, where ``{name}`` is the name of the
metadata item.
Subsequent requests for the same key and value pair overwrite the
existing value.
Account metadata operations work differently than how
object metadata operations work. Depending on the contents of your
POST account metadata request, the Object Storage API updates the
metadata as shown in the following table:
**Account metadata operations**
+----------------------------------------------------------+---------------------------------------------------------------+
| POST request header contains | Result |
+----------------------------------------------------------+---------------------------------------------------------------+
| A metadata key without a value. | The API removes the metadata item from the account. |
| | |
| The metadata key already exists for the account. | |
+----------------------------------------------------------+---------------------------------------------------------------+
| A metadata key without a value. | The API ignores the metadata key. |
| | |
| The metadata key does not already exist for the account. | |
+----------------------------------------------------------+---------------------------------------------------------------+
| A metadata key value. | The API updates the metadata key value for the account. |
| | |
| The metadata key already exists for the account. | |
+----------------------------------------------------------+---------------------------------------------------------------+
| A metadata key value. | The API adds the metadata key and value pair, or item, to the |
| | account. |
| The metadata key does not already exist for the account. | |
+----------------------------------------------------------+---------------------------------------------------------------+
| One or more account metadata items are omitted. | The API does not change the existing metadata items. |
| | |
| The metadata items already exist for the account. | |
+----------------------------------------------------------+---------------------------------------------------------------+
To delete a metadata header, send an empty value for that header,
such as for the ``X-Account-Meta-Book`` header. If the tool you use
to communicate with Object Storage, such as an older version of
cURL, does not support empty headers, send the ``X-Remove-Account-
Meta-{name}`` header with an arbitrary value. For example, ``X
-Remove-Account-Meta-Book: x``. The operation ignores the arbitrary
Meta-{name}`` header with an arbitrary value. For example,
``X-Remove-Account-Meta-Book: x``. The operation ignores the arbitrary
value.
.. include:: metadata_header_syntax.inc
.. include:: metadata_header_encoding.inc
Subsequent requests for the same key and value pair overwrite the
existing value.
If the container already has other custom metadata items, a request
to create, update, or delete metadata does not affect those items.
@ -216,6 +195,7 @@ Example requests and responses:
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Trans-Id: tx8c2dd6aee35442a4a5646-0052d954fb
X-Openstack-Request-Id: tx8c2dd6aee35442a4a5646-0052d954fb
Date: Fri, 17 Jan 2014 16:06:19 GMT
@ -234,6 +214,7 @@ Example requests and responses:
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Trans-Id: tx1439b96137364ab581156-0052d95532
X-Openstack-Request-Id: tx1439b96137364ab581156-0052d95532
Date: Fri, 17 Jan 2014 16:07:14 GMT
@ -252,6 +233,7 @@ Example requests and responses:
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Trans-Id: tx411cf57701424da99948a-0052d9556f
X-Openstack-Request-Id: tx411cf57701424da99948a-0052d9556f
Date: Fri, 17 Jan 2014 16:08:15 GMT
@ -270,11 +252,11 @@ Request
- account: account
- X-Auth-Token: X-Auth-Token
- X-Account-Meta-Temp-URL-Key: X-Account-Meta-Temp-URL-Key
- X-Account-Meta-Temp-URL-Key-2: X-Account-Meta-Temp-URL-Key-2
- X-Account-Meta-name: X-Account-Meta-name
- Content-Type: Content-Type
- X-Detect-Content-Type: X-Detect-Content-Type
- X-Service-Token: X-Service-Token
- X-Account-Meta-Temp-URL-Key: X-Account-Meta-Temp-URL-Key_req
- X-Account-Meta-Temp-URL-Key-2: X-Account-Meta-Temp-URL-Key-2_req
- X-Account-Meta-name: X-Account-Meta-name_req
- X-Remove-Account-name: X-Remove-Account-name
- X-Trans-Id-Extra: X-Trans-Id-Extra
@ -285,12 +267,10 @@ Response Parameters
- Date: Date
- X-Timestamp: X-Timestamp
- Content-Length: Content-Length
- Content-Type: Content-Type
- Content-Length: Content-Length_cud_resp
- Content-Type: Content-Type_cud_resp
- X-Trans-Id: X-Trans-Id
- X-Openstack-Request-Id: X-Openstack-Request-Id
Show account metadata
@ -337,6 +317,7 @@ Show account metadata request:
Content-Type: text/plain; charset=utf-8
Accept-Ranges: bytes
X-Trans-Id: txafb3504870144b8ca40f7-0052d955d4
X-Openstack-Request-Id: txafb3504870144b8ca40f7-0052d955d4
Date: Fri, 17 Jan 2014 16:09:56 GMT
@ -353,6 +334,7 @@ Request
- account: account
- X-Auth-Token: X-Auth-Token
- X-Service-Token: X-Service-Token
- X-Newest: X-Newest
- X-Trans-Id-Extra: X-Trans-Id-Extra
@ -362,17 +344,22 @@ Response Parameters
.. rest_parameters:: parameters.yaml
- Content-Length: Content-Length
- Content-Length: Content-Length_cud_resp
- X-Account-Meta-name: X-Account-Meta-name
- X-Account-Object-Count: X-Account-Object-Count
- X-Account-Meta-Temp-URL-Key-2: X-Account-Meta-Temp-URL-Key-2
- X-Account-Meta-Temp-URL-Key: X-Account-Meta-Temp-URL-Key_resp
- X-Account-Meta-Temp-URL-Key-2: X-Account-Meta-Temp-URL-Key-2_resp
- X-Timestamp: X-Timestamp
- X-Account-Meta-Temp-URL-Key: X-Account-Meta-Temp-URL-Key
- X-Trans-Id: X-Trans-Id
- X-Openstack-Request-Id: X-Openstack-Request-Id
- Date: Date
- X-Account-Bytes-Used: X-Account-Bytes-Used
- X-Account-Object-Count: X-Account-Object-Count
- X-Account-Container-Count: X-Account-Container-Count
- Content-Type: Content-Type
- X-Account-Storage-Policy-name-Bytes-Used: X-Account-Storage-Policy-name-Bytes-Used
- X-Account-Storage-Policy-name-Container-Count: X-Account-Storage-Policy-name-Container-Count
- X-Account-Storage-Policy-name-Object-Count: X-Account-Storage-Policy-name-Object-Count
- X-Account-Meta-Quota-Bytes: X-Account-Meta-Quota-Bytes_resp
- Content-Type: Content-Type_cud_resp

179
api-ref/source/storage-container-services.inc
View File

@ -6,7 +6,9 @@ Containers
Lists objects in a container. Creates, shows details for, and
deletes containers. Creates, updates, shows, and deletes container
metadata.
metadata. For more information and concepts about
containers see `Object Storage API overview
<http://docs.openstack.org/developer/swift/api/object_api_v1_overview.html>`_.
Show container details and list objects
@ -17,8 +19,8 @@ Show container details and list objects
Shows details for a container and lists objects, sorted by name, in the container.
Specify query parameters in the request to filter the list and
return a subset of object names. Omit query parameters to return
the complete list of object names that are stored in the container,
return a subset of objects. Omit query parameters to return
a list of objects that are stored in the container,
up to 10,000 names. The 10,000 maximum value is configurable. To
view the value for the cluster, issue a GET ``/info`` request.
@ -28,23 +30,13 @@ Example requests and responses:
- ``No Content (204)``. Success. The response body shows no objects.
Either the container has no objects or you are paging through a
long list of names by using the ``marker``, ``limit``, or
long list of objects by using the ``marker``, ``limit``, or
``end_marker`` query parameter and you have reached the end of
the list.
If the container does not exist, the call returns the ``Not Found
(404)`` response code.
The operation returns the ``Range Not Satisfiable (416)`` response
code for any ranged GET requests that specify more than:
- Fifty ranges.
- Three overlapping ranges.
- Eight non-increasing ranges.
Normal response codes: 200
Error response codes:416,404,204,
@ -64,11 +56,13 @@ Request
- delimiter: delimiter
- path: path
- X-Auth-Token: X-Auth-Token
- X-Service-Token: X-Service-Token
- X-Newest: X-Newest
- Accept: Accept
- X-Container-Meta-Temp-URL-Key: X-Container-Meta-Temp-URL-Key
- X-Container-Meta-Temp-URL-Key-2: X-Container-Meta-Temp-URL-Key-2
- X-Container-Meta-Temp-URL-Key: X-Container-Meta-Temp-URL-Key_req
- X-Container-Meta-Temp-URL-Key-2: X-Container-Meta-Temp-URL-Key-2_req
- X-Trans-Id-Extra: X-Trans-Id-Extra
- X-Storage-Policy: X-Storage-Policy
Response Parameters
@ -77,35 +71,45 @@ Response Parameters
.. rest_parameters:: parameters.yaml
- X-Container-Meta-name: X-Container-Meta-name
- Content-Length: Content-Length
- Content-Length: Content-Length_listing_resp
- X-Container-Object-Count: X-Container-Object-Count
- Accept-Ranges: Accept-Ranges
- X-Container-Meta-Temp-URL-Key: X-Container-Meta-Temp-URL-Key
- X-Container-Bytes-Used: X-Container-Bytes-Used
- X-Container-Meta-Temp-URL-Key-2: X-Container-Meta-Temp-URL-Key-2
- Accept-Ranges: Accept-Ranges
- X-Container-Meta-Temp-URL-Key: X-Container-Meta-Temp-URL-Key_resp
- X-Container-Meta-Temp-URL-Key-2: X-Container-Meta-Temp-URL-Key-2_resp
- X-Container-Meta-Quota-Count: X-Container-Meta-Quota-Count_resp
- X-Container-Meta-Quota-Bytes: X-Container-Meta-Quota-Bytes_resp
- X-Storage-Policy: X-Storage-Policy
- X-Container-Read: X-Container-Read_resp
- X-Container-Write: X-Container-Write_resp
- X-Container-Sync-Key: X-Container-Sync-Key_resp
- X-Container-Sync-To: X-Container-Sync-To_resp
- X-Versions-Location: X-Versions-Location_resp
- X-History-Location: X-History-Location_resp
- X-Timestamp: X-Timestamp
- X-Trans-Id: X-Trans-Id
- X-Openstack-Request-Id: X-Openstack-Request-Id
- Content_Type: Content-Type_listing_resp
- Date: Date
- Content-Type: Content-Type
- hash: hash
- last_modified: last_modified
- content_type: content_type
- bytes: bytes
- name: name
- content_type: content_type
Response Example format=json
----------------------------
Response Example
----------------
.. literalinclude:: samples/objects-list-http-response-json.txt
.. literalinclude:: samples/objects-list-response.json
Response Example format=xml
---------------------------
.. literalinclude:: samples/objects-list-http-response-xml.txt
:language: javascript
.. literalinclude:: samples/objects-list-response.xml
Create container
================
@ -119,6 +123,13 @@ issuing a PUT operation because the operation is idempotent: It
creates a container or updates an existing container, as
appropriate.
To create, update, or delete a custom metadata item, use the ``X
-Container-Meta-{name}`` header, where ``{name}`` is the name of
the metadata item.
.. include:: metadata_header_syntax.inc
.. include:: metadata_header_encoding.inc
Example requests and responses:
- Create a container with no metadata:
@ -136,6 +147,7 @@ Example requests and responses:
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Trans-Id: tx7f6b7fa09bc2443a94df0-0052d58b56
X-Openstack-Request-Id: tx7f6b7fa09bc2443a94df0-0052d58b56
Date: Tue, 14 Jan 2014 19:09:10 GMT
@ -154,6 +166,24 @@ Example requests and responses:
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Trans-Id: tx06021f10fc8642b2901e7-0052d58f37
X-Openstack-Request-Id: tx06021f10fc8642b2901e7-0052d58f37
Date: Tue, 14 Jan 2014 19:25:43 GMT
- Create a container with an ACL to allow anybody to get an object in the
marktwain container:
::
curl -i $publicURL/marktwain -X PUT -H "X-Auth-Token: $token" -H "X-Container-Read: .r:*"
::
HTTP/1.1 201 Created
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Trans-Id: tx06021f10fc8642b2901e7-0052d58f37
X-Openstack-Request-Id: tx06021f10fc8642b2901e7-0052d58f37
Date: Tue, 14 Jan 2014 19:25:43 GMT
Error response codes:201,204,
@ -167,21 +197,23 @@ Request
- account: account
- container: container
- X-Auth-Token: X-Auth-Token
- X-Service-Token: X-Service-Token
- X-Container-Read: X-Container-Read
- X-Container-Write: X-Container-Write
- X-Container-Sync-To: X-Container-Sync-To
- X-Container-Sync-Key: X-Container-Sync-Key
- X-Versions-Location: X-Versions-Location
- X-Versions-Mode: X-Versions-Mode
- X-Container-Meta-name: X-Container-Meta-name
- X-History-Location: X-History-Location
- X-Container-Meta-name: X-Container-Meta-name_req
- X-Container-Meta-Access-Control-Allow-Origin: X-Container-Meta-Access-Control-Allow-Origin
- X-Container-Meta-Access-Control-Max-Age: X-Container-Meta-Access-Control-Max-Age
- X-Container-Meta-Access-Control-Expose-Headers: X-Container-Meta-Access-Control-Expose-Headers
- Content-Type: Content-Type
- X-Detect-Content-Type: X-Detect-Content-Type
- X-Container-Meta-Temp-URL-Key: X-Container-Meta-Temp-URL-Key
- X-Container-Meta-Temp-URL-Key-2: X-Container-Meta-Temp-URL-Key-2
- X-Container-Meta-Quota-Bytes: X-Container-Meta-Quota-Bytes
- X-Container-Meta-Quota-Count: X-Container-Meta-Quota-Count
- X-Container-Meta-Temp-URL-Key: X-Container-Meta-Temp-URL-Key_req
- X-Container-Meta-Temp-URL-Key-2: X-Container-Meta-Temp-URL-Key-2_req
- X-Trans-Id-Extra: X-Trans-Id-Extra
- X-Storage-Policy: X-Storage-Policy
Response Parameters
@ -191,9 +223,10 @@ Response Parameters
- Date: Date
- X-Timestamp: X-Timestamp
- Content-Length: Content-Length
- Content-Type: Content-Type
- Content-Length: Content-Length_cud_resp
- Content-Type: Content-Type_cud_resp
- X-Trans-Id: X-Trans-Id
- X-Openstack-Request-Id: X-Openstack-Request-Id
@ -211,6 +244,9 @@ To create, update, or delete a custom metadata item, use the ``X
-Container-Meta-{name}`` header, where ``{name}`` is the name of
the metadata item.
.. include:: metadata_header_syntax.inc
.. include:: metadata_header_encoding.inc
Subsequent requests for the same key and value pair overwrite the
previous value.
@ -242,6 +278,7 @@ Example requests and responses:
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Trans-Id: tx05dbd434c651429193139-0052d82635
X-Openstack-Request-Id: tx05dbd434c651429193139-0052d82635
Date: Thu, 16 Jan 2014 18:34:29 GMT
@ -260,6 +297,7 @@ Example requests and responses:
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Trans-Id: txe60c7314bf614bb39dfe4-0052d82653
X-Openstack-Request-Id: txe60c7314bf614bb39dfe4-0052d82653
Date: Thu, 16 Jan 2014 18:34:59 GMT
@ -278,6 +316,7 @@ Example requests and responses:
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Trans-Id: tx7997e18da2a34a9e84ceb-0052d826d0
X-Openstack-Request-Id: tx7997e18da2a34a9e84ceb-0052d826d0
Date: Thu, 16 Jan 2014 18:37:04 GMT
@ -297,25 +336,25 @@ Request
- account: account
- container: container
- X-Auth-Token: X-Auth-Token
- X-Service-Token: X-Service-Token
- X-Container-Read: X-Container-Read
- X-Remove-Container-name: X-Remove-Container-name
- X-Container-Write: X-Container-Write
- X-Container-Sync-To: X-Container-Sync-To
- X-Container-Sync-Key: X-Container-Sync-Key
- X-Versions-Location: X-Versions-Location
- X-Versions-Mode: X-Versions-Mode
- X-History-Location: X-History-Location
- X-Remove-Versions-Location: X-Remove-Versions-Location
- X-Container-Meta-name: X-Container-Meta-name
- X-Remove-History-Location: X-Remove-History-Location
- X-Container-Meta-name: X-Container-Meta-name_req
- X-Container-Meta-Access-Control-Allow-Origin: X-Container-Meta-Access-Control-Allow-Origin
- X-Container-Meta-Access-Control-Max-Age: X-Container-Meta-Access-Control-Max-Age
- X-Container-Meta-Access-Control-Expose-Headers: X-Container-Meta-Access-Control-Expose-Headers
- X-Container-Meta-Quota-Bytes: X-Container-Meta-Quota-Bytes
- X-Container-Meta-Quota-Count: X-Container-Meta-Quota-Count
- X-Container-Meta-Web-Directory-Type: X-Container-Meta-Web-Directory-Type
- Content-Type: Content-Type
- X-Detect-Content-Type: X-Detect-Content-Type
- X-Container-Meta-Temp-URL-Key: X-Container-Meta-Temp-URL-Key
- X-Container-Meta-Temp-URL-Key-2: X-Container-Meta-Temp-URL-Key-2
- X-Container-Meta-Temp-URL-Key: X-Container-Meta-Temp-URL-Key_req
- X-Container-Meta-Temp-URL-Key-2: X-Container-Meta-Temp-URL-Key-2_req
- X-Trans-Id-Extra: X-Trans-Id-Extra
@ -326,9 +365,10 @@ Response Parameters
- Date: Date
- X-Timestamp: X-Timestamp
- Content-Length: Content-Length
- Content-Type: Content-Type
- Content-Length: Content-Length_cud_resp
- Content-Type: Content-Type_cud_resp
- X-Trans-Id: X-Trans-Id
- X-Openstack-Request-Id: X-Openstack-Request-Id
@ -362,6 +402,7 @@ Show container metadata request:
X-Container-Bytes-Used: 14
Content-Type: text/plain; charset=utf-8
X-Trans-Id: tx0287b982a268461b9ec14-0052d826e2
X-Openstack-Request-Id: tx0287b982a268461b9ec14-0052d826e2
Date: Thu, 16 Jan 2014 18:37:22 GMT
@ -379,9 +420,8 @@ Request
- account: account
- container: container
- X-Auth-Token: X-Auth-Token
- X-Service-Token: X-Service-Token
- X-Newest: X-Newest
- X-Container-Meta-Temp-URL-Key: X-Container-Meta-Temp-URL-Key
- X-Container-Meta-Temp-URL-Key-2: X-Container-Meta-Temp-URL-Key-2
- X-Trans-Id-Extra: X-Trans-Id-Extra
@ -390,28 +430,30 @@ Response Parameters
.. rest_parameters:: parameters.yaml
- X-Container-Sync-Key: X-Container-Sync-Key
- X-Container-Meta-name: X-Container-Meta-name
- Content-Length: Content-Length
- Content-Length: Content-Length_cud_resp
- X-Container-Object-Count: X-Container-Object-Count
- X-Container-Write: X-Container-Write
- X-Container-Meta-Quota-Count: X-Container-Meta-Quota-Count
- Accept-Ranges: Accept-Ranges
- X-Container-Read: X-Container-Read
- X-Container-Meta-Access-Control-Expose-Headers: X-Container-Meta-Access-Control-Expose-Headers
- X-Container-Meta-Temp-URL-Key: X-Container-Meta-Temp-URL-Key
- X-Container-Bytes-Used: X-Container-Bytes-Used
- X-Container-Meta-Temp-URL-Key-2: X-Container-Meta-Temp-URL-Key-2
- X-Container-Write: X-Container-Write_resp
- X-Container-Meta-Quota-Bytes: X-Container-Meta-Quota-Bytes_resp
- X-Container-Meta-Quota-Count: X-Container-Meta-Quota-Count_resp
- Accept-Ranges: Accept-Ranges
- X-Container-Read: X-Container-Read_resp
- X-Container-Meta-Access-Control-Expose-Headers: X-Container-Meta-Access-Control-Expose-Headers
- X-Container-Meta-Temp-URL-Key: X-Container-Meta-Temp-URL-Key_resp
- X-Container-Meta-Temp-URL-Key-2: X-Container-Meta-Temp-URL-Key-2_resp
- X-Timestamp: X-Timestamp
- X-Container-Meta-Access-Control-Allow-Origin: X-Container-Meta-Access-Control-Allow-Origin
- X-Container-Meta-Access-Control-Max-Age: X-Container-Meta-Access-Control-Max-Age
- X-Container-Sync-Key: X-Container-Sync-Key_resp
- X-Container-Sync-To: X-Container-Sync-To_resp
- Date: Date
- X-Trans-Id: X-Trans-Id
- X-Container-Sync-To: X-Container-Sync-To
- Content-Type: Content-Type
- X-Container-Meta-Quota-Bytes: X-Container-Meta-Quota-Bytes
- X-Versions-Location: X-Versions-Location
- X-Versions-Mode: X-Versions-Mode
- X-Openstack-Request-Id: X-Openstack-Request-Id
- Content-Type: Content-Type_cud_resp
- X-Versions-Location: X-Versions-Location_resp
- X-History-Location: X-History-Location_resp
- X-Storage-Policy: X-Storage-Policy
@ -442,6 +484,7 @@ If the container does not exist, the response is:
Content-Length: 70
Content-Type: text/html; charset=UTF-8
X-Trans-Id: tx4d728126b17b43b598bf7-0052d81e34
X-Openstack-Request-Id: tx4d728126b17b43b598bf7-0052d81e34
Date: Thu, 16 Jan 2014 18:00:20 GMT
@ -453,6 +496,7 @@ If the container exists and the deletion succeeds, the response is:
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Trans-Id: txf76c375ebece4df19c84c-0052d81f14
X-Openstack-Request-Id: txf76c375ebece4df19c84c-0052d81f14
Date: Thu, 16 Jan 2014 18:04:04 GMT
@ -464,6 +508,7 @@ If the container exists but is not empty, the response is:
Content-Length: 95
Content-Type: text/html; charset=UTF-8
X-Trans-Id: tx7782dc6a97b94a46956b5-0052d81f6b
X-Openstack-Request-Id: tx7782dc6a97b94a46956b5-0052d81f6b
Date: Thu, 16 Jan 2014 18:05:31 GMT
<html>
<h1>Conflict
@ -483,8 +528,7 @@ Request
- account: account
- container: container
- X-Auth-Token: X-Auth-Token
- X-Container-Meta-Temp-URL-Key: X-Container-Meta-Temp-URL-Key
- X-Container-Meta-Temp-URL-Key-2: X-Container-Meta-Temp-URL-Key-2
- X-Service-Token: X-Service-Token
- X-Trans-Id-Extra: X-Trans-Id-Extra
@ -495,9 +539,10 @@ Response Parameters
- Date: Date
- X-Timestamp: X-Timestamp
- Content-Length: Content-Length
- Content-Type: Content-Type
- Content-Length: Content-Length_cud_resp
- Content-Type: Content-Type_cud_resp
- X-Trans-Id: X-Trans-Id
- X-Openstack-Request-Id: X-Openstack-Request-Id

201
api-ref/source/storage-object-services.inc
View File

@ -6,7 +6,11 @@ Objects
Creates, replaces, shows details for, and deletes objects. Copies
objects from another object with a new or different name. Updates
object metadata.
object metadata. For more information and concepts about
objects see `Object Storage API overview
<http://docs.openstack.org/developer/swift/api/object_api_v1_overview.html>`_
and `Large Objects
<http://docs.openstack.org/developer/swift/api/large_objects.html>`_.
Get object content and metadata
@ -47,6 +51,7 @@ Example requests and responses:
X-Object-Meta-Orig-Filename: goodbyeworld.txt
Content-Type: application/octet-stream
X-Trans-Id: tx8145a190241f4cf6b05f5-0052d82a34
X-Openstack-Request-Id: tx8145a190241f4cf6b05f5-0052d82a34
Date: Thu, 16 Jan 2014 18:51:32 GMT
Goodbye World!
@ -67,6 +72,7 @@ Example requests and responses:
Content-Length: 70
Content-Type: text/html; charset=UTF-8
X-Trans-Id: tx073f7cbb850c4c99934b9-0052d82b04
X-Openstack-Request-Id: tx073f7cbb850c4c99934b9-0052d82b04
Date: Thu, 16 Jan 2014 18:55:00 GMT
<html>
<h1>Not Found
@ -96,9 +102,10 @@ Request
.. rest_parameters:: parameters.yaml
- account: account
- object: object
- container: container
- object: object
- X-Auth-Token: X-Auth-Token
- X-Service-Token: X-Service-Token
- X-Newest: X-Newest
- temp_url_sig: temp_url_sig
- temp_url_expires: temp_url_expires
@ -117,20 +124,21 @@ Response Parameters
.. rest_parameters:: parameters.yaml
- Content-Length: Content-Length
- X-Object-Meta-name: X-Object-Meta-name
- Content-Disposition: Content-Disposition
- Content-Encoding: Content-Encoding
- Content-Length: Content-Length_get_resp
- Content-Type: Content-Type_obj_resp
- X-Object-Meta-name: X-Object-Meta-name_resp
- Content-Disposition: Content-Disposition_resp
- Content-Encoding: Content-Encoding_resp
- X-Delete-At: X-Delete-At
- Accept-Ranges: Accept-Ranges
- X-Object-Manifest: X-Object-Manifest
- X-Object-Manifest: X-Object-Manifest_resp
- Last-Modified: Last-Modified
- ETag: ETag
- ETag: ETag_obj_resp
- X-Timestamp: X-Timestamp
- X-Trans-Id: X-Trans-Id
- X-Openstack-Request-Id: X-Openstack-Request-Id
- Date: Date
- X-Static-Large-Object: X-Static-Large-Object
- Content-Type: Content-Type
@ -157,13 +165,19 @@ is a normal object and not a copy of the manifest. Instead it is a
concatenation of all the segment objects. This means that you
cannot copy objects larger than 5 GB.
To create custom metadata, use the
``X-Object-Meta-name`` header, where ``name`` is the name of the metadata
item.
.. include:: metadata_header_syntax.inc
Example requests and responses:
- Create object:
::
curl -i $publicURL/janeausten/helloworld.txt -X PUT -H "Content-Length: 1" -H "Content-Type: text/html; charset=UTF-8" -H "X-Auth-Token: $token"
curl -i $publicURL/janeausten/helloworld.txt -X PUT -d "Hello" -H "Content-Type: text/html; charset=UTF-8" -H "X-Auth-Token: $token"
@ -172,10 +186,11 @@ Example requests and responses:
HTTP/1.1 201 Created
Last-Modified: Fri, 17 Jan 2014 17:28:35 GMT
Content-Length: 116
Etag: d41d8cd98f00b204e9800998ecf8427e
Content-Length: 0
Etag: 8b1a9953c4611296a827abf8c47804d7
Content-Type: text/html; charset=UTF-8
X-Trans-Id: tx4d5e4f06d357462bb732f-0052d96843
X-Openstack-Request-Id: tx4d5e4f06d357462bb732f-0052d96843
Date: Fri, 17 Jan 2014 17:28:35 GMT
@ -183,7 +198,7 @@ Example requests and responses:
::
curl -i $publicURL/janeausten/helloworld -X PUT -H "Content-Length: 0" -H "X-Auth-Token: $token"
curl -i $publicURL/janeausten/helloworld.txt -X PUT -d "Hola" -H "X-Auth-Token: $token"
@ -192,10 +207,11 @@ Example requests and responses:
HTTP/1.1 201 Created
Last-Modified: Fri, 17 Jan 2014 17:28:35 GMT
Content-Length: 116
Etag: d41d8cd98f00b204e9800998ecf8427e
Content-Length: 0
Etag: f688ae26e9cfa3ba6235477831d5122e
Content-Type: text/html; charset=UTF-8
X-Trans-Id: tx4d5e4f06d357462bb732f-0052d96843
X-Openstack-Request-Id: tx4d5e4f06d357462bb732f-0052d96843
Date: Fri, 17 Jan 2014 17:28:35 GMT
@ -220,20 +236,20 @@ Request
.. rest_parameters:: parameters.yaml
- account: account
- object: object
- container: container
- multipart-manifest: multipart-manifest
- object: object
- multipart-manifest: multipart-manifest_put
- temp_url_sig: temp_url_sig
- temp_url_expires: temp_url_expires
- filename: filename
- X-Object-Manifest: X-Object-Manifest
- X-Auth-Token: X-Auth-Token
- Content-Length: Content-Length
- X-Service-Token: X-Service-Token
- Content-Length: Content-Length_put_req
- Transfer-Encoding: Transfer-Encoding
- Content-Type: Content-Type
- Content-Type: Content-Type_obj_cu_req
- X-Detect-Content-Type: X-Detect-Content-Type
- X-Copy-From: X-Copy-From
- ETag: ETag
- ETag: ETag_obj_req
- Content-Disposition: Content-Disposition
- Content-Encoding: Content-Encoding
- X-Delete-At: X-Delete-At
@ -248,12 +264,13 @@ Response Parameters
.. rest_parameters:: parameters.yaml
- Content-Length: Content-Length
- ETag: ETag
- Content-Length: Content-Length_cud_resp
- ETag: ETag_obj_received
- X-Timestamp: X-Timestamp
- X-Trans-Id: X-Trans-Id
- X-Openstack-Request-Id: X-Openstack-Request-Id
- Date: Date
- Content-Type: Content-Type
- Content-Type: Content-Type_obj_resp
- last_modified: last_modified
@ -272,25 +289,33 @@ Copies an object to another object in the object store.
You can copy an object to a new object with the same name. Copying
to the same name is an alternative to using POST to add metadata to
an object. With POST , you must specify all the metadata. With COPY
, you can add additional metadata to the object.
an object. With POST, you must specify all the metadata. With COPY,
you can add additional metadata to the object.
With COPY , you can set the ``X-Fresh-Metadata`` header to ``true``
With COPY, you can set the ``X-Fresh-Metadata`` header to ``true``
to copy the object without any existing metadata.
Alternatively, you can use PUT with the ``X-Copy-From`` request
header to accomplish the same operation as the COPY object
operation.
The PUT operation always creates an object. If you use this
The COPY operation always creates an object. If you use this
operation on an existing object, you replace the existing object
and metadata rather than modifying the object. Consequently, this
operation returns the ``Created (201)`` response code.
If you use this operation to copy a manifest object, the new object
Normally, if you use this operation to copy a manifest object, the new object
is a normal object and not a copy of the manifest. Instead it is a
concatenation of all the segment objects. This means that you
cannot copy objects larger than 5 GB in size. All metadata is
cannot copy objects larger than 5 GB in size.
To copy the manifest object, you include the
``multipart-manifest=get`` query string in the COPY request.
The new object contains the same manifest as the original.
The segment objects are not copied. Instead, both the original
and new manifest objects share the same set of segment objects.
All metadata is
preserved during the object copy. If you specify metadata on the
request to copy the object, either PUT or COPY , the metadata
overwrites any conflicting keys on the target (new) object.
@ -318,6 +343,7 @@ Example requests and responses:
Content-Type: text/html; charset=UTF-8
X-Object-Meta-Movie: AmericanPie
X-Trans-Id: txdcb481ad49d24e9a81107-0052d97501
X-Openstack-Request-Id: txdcb481ad49d24e9a81107-0052d97501
Date: Fri, 17 Jan 2014 18:22:57 GMT
@ -344,6 +370,7 @@ Example requests and responses:
Content-Type: text/html; charset=UTF-8
X-Object-Meta-Movie: AmericanPie
X-Trans-Id: txdcb481ad49d24e9a81107-0052d97501
X-Openstack-Request-Id: txdcb481ad49d24e9a81107-0052d97501
Date: Fri, 17 Jan 2014 18:22:57 GMT
@ -360,11 +387,14 @@ Request
.. rest_parameters:: parameters.yaml
- account: account
- object: object
- container: container
- object: object
- multipart-manifest: multipart-manifest_copy
- X-Auth-Token: X-Auth-Token
- X-Service-Token: X-Service-Token
- Destination: Destination
- Content-Type: Content-Type
- Destination-Account: Destination-Account
- Content-Type: Content-Type_obj_cu_req
- Content-Encoding: Content-Encoding
- Content-Disposition: Content-Disposition
- X-Object-Meta-name: X-Object-Meta-name
@ -377,16 +407,17 @@ Response Parameters
.. rest_parameters:: parameters.yaml
- Content-Length: Content-Length
- X-Object-Meta-name: X-Object-Meta-name
- Content-Length: Content-Length_cud_resp
- X-Copied-From-Last-Modified: X-Copied-From-Last-Modified
- X-Copied-From: X-Copied-From
- X-Copied-From-Account: X-Copied-From-Account
- Last-Modified: Last-Modified
- ETag: ETag
- ETag: ETag_obj_copied
- X-Timestamp: X-Timestamp
- X-Trans-Id: X-Trans-Id
- X-Openstack-Request-Id: X-Openstack-Request-Id
- Date: Date
- Content-Type: Content-Type
- Content-Type: Content-Type_obj_resp
@ -399,18 +430,18 @@ Delete object
Permanently deletes an object from the object store.
You can use the COPY method to copy the object to a new location.
Then, use the DELETE method to delete the original object.
Object deletion occurs immediately at request time. Any subsequent
GET , HEAD , POST , or DELETE operations return a ``404 Not Found``
GET, HEAD, POST, or DELETE operations will return a ``404 Not Found``
error code.
For static large object manifests, you can add the ``?multipart-
manifest=delete`` query parameter. This operation deletes the
segment objects and if all deletions succeed, this operation
segment objects and, if all deletions succeed, this operation
deletes the manifest object.
An alternative to using the DELETE operation is to use
the POST operation with the ``bulk-delete`` query parameter.
Example request and response:
- Delete the ``helloworld`` object from the ``marktwain`` container:
@ -428,6 +459,7 @@ Example request and response:
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Trans-Id: tx36c7606fcd1843f59167c-0052d6fdac
X-Openstack-Request-Id: tx36c7606fcd1843f59167c-0052d6fdac
Date: Wed, 15 Jan 2014 21:29:16 GMT
@ -445,10 +477,11 @@ Request
.. rest_parameters:: parameters.yaml
- account: account
- object: object
- container: container
- multipart-manifest: multipart-manifest
- object: object
- multipart-manifest: multipart-manifest_delete
- X-Auth-Token: X-Auth-Token
- X-Service-Token: X-Service-Token
- X-Trans-Id-Extra: X-Trans-Id-Extra
@ -459,9 +492,10 @@ Response Parameters
- Date: Date
- X-Timestamp: X-Timestamp
- Content-Length: Content-Length
- Content-Type: Content-Type
- Content-Length: Content-Length_cud_resp
- Content-Type: Content-Type_cud_resp
- X-Trans-Id: X-Trans-Id
- X-Openstack-Request-Id: X-Openstack-Request-Id
@ -474,10 +508,7 @@ Show object metadata
Shows object metadata.
If the ``Content-Length`` response header is non-zero, the example
cURL command stalls after it prints the response headers because it
is waiting for a response body. However, the Object Storage system
does not return a response body for the HEAD operation.
Example requests and responses:
@ -485,7 +516,7 @@ Example requests and responses:
::
curl -i $publicURL/marktwain/goodbye -X HEAD -H "X-Auth-Token: $token"
curl $publicURL/marktwain/goodbye --head -H "X-Auth-Token: $token"
@ -501,8 +532,15 @@ Example requests and responses:
X-Object-Meta-Book: GoodbyeColumbus
Content-Type: application/octet-stream
X-Trans-Id: tx37ea34dcd1ed48ca9bc7d-0052d84b6f
X-Openstack-Request-Id: tx37ea34dcd1ed48ca9bc7d-0052d84b6f
Date: Thu, 16 Jan 2014 21:13:19 GMT
Note: The ``--head`` option was used in the above example. If we had
used ``-i -X HEAD`` and the ``Content-Length`` response header is non-zero,
the cURL command stalls after it prints the response headers because it
is waiting for a response body. However, the Object Storage system
does not return a response body for the HEAD operation.
If the request succeeds, the operation returns the ``200`` response
code.
@ -518,9 +556,10 @@ Request
.. rest_parameters:: parameters.yaml
- account: account
- object: object
- container: container
- object: object
- X-Auth-Token: X-Auth-Token
- X-Service-Token: X-Service-Token
- temp_url_sig: temp_url_sig
- temp_url_expires: temp_url_expires
- filename: filename
@ -534,20 +573,20 @@ Response Parameters
.. rest_parameters:: parameters.yaml
- Last-Modified: Last-Modified
- Content-Length: Content-Length
- Content-Length: Content-Length_obj_head_resp
- X-Object-Meta-name: X-Object-Meta-name
- Content-Disposition: Content-Disposition
- Content-Encoding: Content-Encoding
- Content-Disposition: Content-Disposition_resp
- Content-Encoding: Content-Encoding_resp
- X-Delete-At: X-Delete-At
- X-Object-Manifest: X-Object-Manifest
- X-Object-Manifest: X-Object-Manifest_resp
- Last-Modified: Last-Modified
- ETag: ETag
- ETag: ETag_obj_resp
- X-Timestamp: X-Timestamp
- X-Trans-Id: X-Trans-Id
- X-Openstack-Request-Id: X-Openstack-Request-Id
- Date: Date
- X-Static-Large-Object: X-Static-Large-Object
- Content-Type: Content-Type
- Content-Type: Content-Type_obj_resp
@ -565,20 +604,21 @@ Create or update object metadata
Creates or updates object metadata.
To create or update custom metadata, use the ``X-Object-
Meta-{name}`` header, where ``{name}`` is the name of the metadata
To create or update custom metadata, use the
``X-Object-Meta-name`` header, where ``name`` is the name of the metadata
item.
In addition to the custom metadata, you can update the ``Content-
Type``, ``Content-Encoding``, ``Content-Disposition``, and ``X
-Delete-At`` system metadata items. However you cannot update other
.. include:: metadata_header_syntax.inc
In addition to the custom metadata, you can update the
``Content-Type``, ``Content-Encoding``, ``Content-Disposition``, and
``X-Delete-At`` system metadata items. However you cannot update other
system metadata, such as ``Content-Length`` or ``Last-Modified``.
You can use COPY as an alternate to the POST operation by copying
to the same object. With the POST operation you must specify all
metadata items, whereas with the COPY operation, you need to
specify only changed or additional items.
All metadata is preserved during the object copy. If you specify
metadata on the request to copy the object, either PUT or COPY ,
the metadata overwrites any conflicting keys on the target (new)
@ -595,11 +635,19 @@ to define when to expire the object.
When used as described in this section, the POST operation creates
or replaces metadata. This form of the operation has no request
body.
body. There are alternate uses of the POST operation as follows:
You can also use the `form POST feature
<http://docs.openstack.org/liberty/config-reference/content/object-
storage-form-post.html>`_ to upload objects.
- You can also use the `form POST feature
<http://docs.openstack.org/liberty/config-reference/content/object-
storage-form-post.html>`_ to upload objects.
- The POST operation when used with the ``bulk-delete`` query parameter
can be used to delete multiple objects and containers in a single
operation.
- The POST operation when used with the ``extract-archive`` query parameter
can be used to upload an archive (tar file). The archive is then extracted
to create objects.
Example requests and responses:
@ -618,6 +666,7 @@ Example requests and responses:
Content-Length: 76
Content-Type: text/html; charset=UTF-8
X-Trans-Id: txb5fb5c91ba1f4f37bb648-0052d84b3f
X-Openstack-Request-Id: txb5fb5c91ba1f4f37bb648-0052d84b3f
Date: Thu, 16 Jan 2014 21:12:31 GMT
<html>
<h1>Accepted
@ -631,7 +680,7 @@ Example requests and responses:
::
curl -i $publicURL/marktwain/goodbye -X POST -H "X-Auth-Token: $token" H "X-Object-Meta-Book: GoodbyeOldFriend"
curl -i $publicURL/marktwain/goodbye -X POST -H "X-Auth-Token: $token" -H "X-Object-Meta-Book: GoodbyeOldFriend"
@ -642,6 +691,7 @@ Example requests and responses:
Content-Length: 76
Content-Type: text/html; charset=UTF-8
X-Trans-Id: tx5ec7ab81cdb34ced887c8-0052d84ca4
X-Openstack-Request-Id: tx5ec7ab81cdb34ced887c8-0052d84ca4
Date: Thu, 16 Jan 2014 21:18:28 GMT
<html>
<h1>Accepted
@ -659,16 +709,18 @@ Request
.. rest_parameters:: parameters.yaml
- account: account
- object: object
- container: container
- object: object
- bulk-delete: bulk-delete
- extract-archive: extract-archive
- X-Auth-Token: X-Auth-Token
- X-Service-Token: X-Service-Token
- X-Object-Meta-name: X-Object-Meta-name
- X-Delete-At: X-Delete-At
- Content-Disposition: Content-Disposition
- Content-Encoding: Content-Encoding
- X-Delete-After: X-Delete-After
- Content-Type: Content-Type
- X-Detect-Content-Type: X-Detect-Content-Type
- Content-Type: Content-Type_obj_cu_req
- X-Trans-Id-Extra: X-Trans-Id-Extra
@ -679,9 +731,10 @@ Response Parameters
- Date: Date
- X-Timestamp: X-Timestamp
- Content-Length: Content-Length
- Content-Type: Content-Type
- Content-Length: Content-Length_cud_resp
- Content-Type: Content-Type_cud_resp
- X-Trans-Id: X-Trans-Id
- X-Openstack-Request-Id: X-Openstack-Request-Id

5
api-ref/source/storage_info.inc
View File

@ -15,6 +15,11 @@ List activated capabilities
Lists the activated capabilities for this version of the OpenStack Object Storage API.
Most of the information is "public" i.e. visible to all callers. However, some
configuration and capability items are reserved for the administrators of the
system. To access this data, the ``swiftinfo_sig`` and ``swiftinfo_expires``
query parameters must be added to the request.
Normal response codes: 200
Error response codes:

294
bandit.yaml
View File

@ -1,149 +1,157 @@
# optional: after how many files to update progress
#show_progress_every: 100
# optional: plugins directory name
#plugins_dir: 'plugins'
### This config may optionally select a subset of tests to run or skip by
### filling out the 'tests' and 'skips' lists given below. If no tests are
### specified for inclusion then it is assumed all tests are desired. The skips
### set will remove specific tests from the include set. This can be controlled
### using the -t/-s CLI options. Note that the same test ID should not appear
### in both 'tests' and 'skips', this would be nonsensical and is detected by
### Bandit at runtime.
# optional: plugins discovery name pattern
plugin_name_pattern: '*.py'
# Available tests:
# B101 : assert_used
# B102 : exec_used
# B103 : set_bad_file_permissions
# B104 : hardcoded_bind_all_interfaces
# B105 : hardcoded_password_string
# B106 : hardcoded_password_funcarg
# B107 : hardcoded_password_default
# B108 : hardcoded_tmp_directory
# B109 : password_config_option_not_marked_secret
# B110 : try_except_pass
# B111 : execute_with_run_as_root_equals_true
# B112 : try_except_continue
# B201 : flask_debug_true
# B301 : pickle
# B302 : marshal
# B303 : md5
# B304 : ciphers
# B305 : cipher_modes
# B306 : mktemp_q
# B307 : eval
# B308 : mark_safe
# B309 : httpsconnection
# B310 : urllib_urlopen
# B311 : random
# B312 : telnetlib
# B313 : xml_bad_cElementTree
# B314 : xml_bad_ElementTree
# B315 : xml_bad_expatreader
# B316 : xml_bad_expatbuilder
# B317 : xml_bad_sax
# B318 : xml_bad_minidom
# B319 : xml_bad_pulldom
# B320 : xml_bad_etree
# B321 : ftplib
# B401 : import_telnetlib
# B402 : import_ftplib
# B403 : import_pickle
# B404 : import_subprocess
# B405 : import_xml_etree
# B406 : import_xml_sax
# B407 : import_xml_expat
# B408 : import_xml_minidom
# B409 : import_xml_pulldom
# B410 : import_lxml
# B411 : import_xmlrpclib
# B412 : import_httpoxy
# B501 : request_with_no_cert_validation
# B502 : ssl_with_bad_version
# B503 : ssl_with_bad_defaults
# B504 : ssl_with_no_version
# B505 : weak_cryptographic_key
# B506 : yaml_load
# B601 : paramiko_calls
# B602 : subprocess_popen_with_shell_equals_true
# B603 : subprocess_without_shell_equals_true
# B604 : any_other_function_with_shell_equals_true
# B605 : start_process_with_a_shell
# B606 : start_process_with_no_shell
# B607 : start_process_with_partial_path
# B608 : hardcoded_sql_expressions
# B609 : linux_commands_wildcard_injection
# B701 : jinja2_autoescape_false
# B702 : use_of_mako_templates
# optional: terminal escape sequences to display colors
#output_colors:
# DEFAULT: '\033[0m'
# HEADER: '\033[95m'
# LOW: '\033[94m'
# MEDIUM: '\033[93m'
# HIGH: '\033[91m'
# (optional) list included test IDs here, eg '[B101, B406]':
tests: [B102, B103, B109, B302, B306, B308, B309, B310, B401, B501, B502, B506, B601, B602, B609]
# optional: log format string
#log_format: "[%(module)s]\t%(levelname)s\t%(message)s"
# (optional) list skipped test IDs here, eg '[B101, B406]':
skips:
# globs of files which should be analyzed
include:
- '*.py'
### (optional) plugin settings - some test plugins require configuration data
### that may be given here, per-plugin. All bandit test plugins have a built in
### set of sensible defaults and these will be used if no configuration is
### provided. It is not necessary to provide settings for every (or any) plugin
### if the defaults are acceptable.
# a list of strings, which if found in the path will cause files to be
# excluded
# for example /tests/ - to remove all all files in tests directory
#exclude_dirs:
# - '/tests/'
#configured for swift
profiles:
gate:
include:
- blacklist_calls
- blacklist_imports
- exec_used
- linux_commands_wildcard_injection
- request_with_no_cert_validation
- set_bad_file_permissions
- subprocess_popen_with_shell_equals_true
- ssl_with_bad_version
- password_config_option_not_marked_secret
# - any_other_function_with_shell_equals_true
# - ssl_with_bad_defaults
# - jinja2_autoescape_false
# - use_of_mako_templates
# - subprocess_without_shell_equals_true
# - any_other_function_with_shell_equals_true
# - start_process_with_a_shell
# - start_process_with_no_shell
# - hardcoded_sql_expressions
# - hardcoded_tmp_director
# - linux_commands_wildcard_injection
#For now some items are commented which could be included as per use later.
blacklist_calls:
bad_name_sets:
# - pickle:
# qualnames: [pickle.loads, pickle.load, pickle.Unpickler,
# cPickle.loads, cPickle.load, cPickle.Unpickler]
# level: LOW
# message: "Pickle library appears to be in use, possible security
#issue."
- marshal:
qualnames: [marshal.load, marshal.loads]
message: "Deserialization with the marshal module is possibly
dangerous."
# - md5:
# qualnames: [hashlib.md5]
# level: LOW
# message: "Use of insecure MD5 hash function."
- mktemp_q:
qualnames: [tempfile.mktemp]
message: "Use of insecure and deprecated function (mktemp)."
# - eval:
# qualnames: [eval]
# level: LOW
# message: "Use of possibly insecure function - consider using safer
#ast.literal_eval."
- mark_safe:
names: [mark_safe]
message: "Use of mark_safe() may expose cross-site scripting
vulnerabilities and should be reviewed."
- httpsconnection:
qualnames: [httplib.HTTPSConnection]
message: "Use of HTTPSConnection does not provide security, see
https://wiki.openstack.org/wiki/OSSN/OSSN-0033"
- yaml_load:
qualnames: [yaml.load]
message: "Use of unsafe yaml load. Allows instantiation of
arbitrary objects. Consider yaml.safe_load()."
- urllib_urlopen:
qualnames: [urllib.urlopen, urllib.urlretrieve, urllib.URLopener,
urllib.FancyURLopener, urllib2.urlopen, urllib2.Request]
message: "Audit url open for permitted schemes. Allowing use of
file:/ or custom schemes is often unexpected."
- paramiko_injection:
qualnames: [paramiko.exec_command, paramiko.invoke_shell]
message: "Paramiko exec_command() and invoke_shell() usage may
expose command injection vulnerabilities and should be reviewed."
shell_injection:
# Start a process using the subprocess module, or one of its wrappers.
subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call,
subprocess.check_output, utils.execute,
utils.execute_with_timeout]
# Start a process with a function vulnerable to shell injection.
shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4,
popen2.popen2, popen2.popen3, popen2.popen4, popen2.Popen3,
popen2.Popen4, commands.getoutput, commands.getstatusoutput]
# Start a process with a function that is not vulnerable to shell
# injection.
no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv,os.execve,
os.execvp, os.execvpe, os.spawnl, os.spawnle, os.spawnlp,
os.spawnlpe, os.spawnv, os.spawnve, os.spawnvp, os.spawnvpe,
os.startfile]
blacklist_imports:
bad_import_sets:
- telnet:
imports: [telnetlib]
level: HIGH
message: "Telnet is considered insecure. Use SSH or some other
encrypted protocol."
- info_libs:
imports: [Crypto]
level: LOW
message: "Consider possible security implications associated with
#{module} module."
hardcoded_password:
word_list: "wordlist/default-passwords"
ssl_with_bad_version:
bad_protocol_versions:
- 'PROTOCOL_SSLv2'
- 'SSLv2_METHOD'
- 'SSLv23_METHOD'
- 'PROTOCOL_SSLv3' # strict option
- 'PROTOCOL_TLSv1' # strict option
- 'SSLv3_METHOD' # strict option
- 'TLSv1_METHOD' # strict option
password_config_option_not_marked_secret:
function_names:
- oslo.config.cfg.StrOpt
- oslo_config.cfg.StrOpt
#any_other_function_with_shell_equals_true:
# no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,
# os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,
# os.spawnvp, os.spawnvpe, os.startfile]
# shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,
# popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]
# subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,
# utils.execute, utils.execute_with_timeout]
#execute_with_run_as_root_equals_true:
# function_names: [ceilometer.utils.execute, cinder.utils.execute, neutron.agent.linux.utils.execute,
# nova.utils.execute, nova.utils.trycmd]
#hardcoded_tmp_directory:
# tmp_dirs: [/tmp, /var/tmp, /dev/shm]
#linux_commands_wildcard_injection:
# no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,
# os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,
# os.spawnvp, os.spawnvpe, os.startfile]
# shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,
# popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]
# subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,
# utils.execute, utils.execute_with_timeout]
#password_config_option_not_marked_secret:
# function_names: [oslo.config.cfg.StrOpt, oslo_config.cfg.StrOpt]
#ssl_with_bad_defaults:
# bad_protocol_versions: [PROTOCOL_SSLv2, SSLv2_METHOD, SSLv23_METHOD, PROTOCOL_SSLv3,
# PROTOCOL_TLSv1, SSLv3_METHOD, TLSv1_METHOD]
#ssl_with_bad_version:
# bad_protocol_versions: [PROTOCOL_SSLv2, SSLv2_METHOD, SSLv23_METHOD, PROTOCOL_SSLv3,
# PROTOCOL_TLSv1, SSLv3_METHOD, TLSv1_METHOD]
#start_process_with_a_shell:
# no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,
# os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,
# os.spawnvp, os.spawnvpe, os.startfile]
# shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,
# popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]
# subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,
# utils.execute, utils.execute_with_timeout]
#start_process_with_no_shell:
# no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,
# os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,
# os.spawnvp, os.spawnvpe, os.startfile]
# shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,
# popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]
# subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,
# utils.execute, utils.execute_with_timeout]
#start_process_with_partial_path:
# no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,
# os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,
# os.spawnvp, os.spawnvpe, os.startfile]
# shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,
# popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]
# subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,
# utils.execute, utils.execute_with_timeout]
#subprocess_popen_with_shell_equals_true:
# no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,
# os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,
# os.spawnvp, os.spawnvpe, os.startfile]
# shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,
# popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]
# subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,
# utils.execute, utils.execute_with_timeout]
#subprocess_without_shell_equals_true:
# no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp,
# os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve,
# os.spawnvp, os.spawnvpe, os.startfile]
# shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3,
# popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput]
# subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output,
# utils.execute, utils.execute_with_timeout]
#try_except_continue: {check_typed_exception: false}
#try_except_pass: {check_typed_exception: false}

2
bin/swift-account-audit
View File

@ -266,7 +266,7 @@ class Auditor(object):
responses[node_id][1].extend(results)
if results:
marker = results[-1]['name']
headers = [resp[0] for resp in responses.values()]
headers = [r[0] for r in responses.values()]
cont_counts = [int(header['x-account-container-count'])
for header in headers]
if len(set(cont_counts)) != 1:

3
bin/swift-drive-audit
View File

@ -208,7 +208,8 @@ if __name__ == '__main__':
total_errors += count
recon_file = recon_cache_path + "/drive.recon"
dump_recon_cache(recon_errors, recon_file, logger)
dump_recon_cache({'drive_audit_errors': total_errors}, recon_file, logger)
dump_recon_cache({'drive_audit_errors': total_errors}, recon_file, logger,
set_owner=conf.get("user", "swift"))
if unmounts == 0:
logger.info("No drives were unmounted")

65
bin/swift-temp-url
View File

@ -13,64 +13,19 @@
# limitations under the License.
from __future__ import print_function
import hmac
from hashlib import sha1
from os.path import basename
from gettext import gettext as _
from sys import argv, exit, stderr
from time import time
from six.moves import urllib
if __name__ == '__main__':
if len(argv) < 5:
prog = basename(argv[0])
print('Syntax: %s <method> <seconds> <path> <key>' % prog)
print()
print('Where:')
print(' <method> The method to allow; GET for example.')
print(' <seconds> The number of seconds from now to allow requests.')
print(' <path> The full path to the resource.')
print(' Example: /v1/AUTH_account/c/o')
print(' <key> The X-Account-Meta-Temp-URL-Key for the account.')
print()
print('Example output:')
print(' /v1/AUTH_account/c/o?temp_url_sig=34d49efc32fe6e3082e411e'
'eeb85bd8a&temp_url_expires=1323482948')
print()
print('This can be used to form a URL to give out for the access ')
print('allowed. For example:')
print(' echo \\"https://swift-cluster.example.com`%s GET 60 '
'/v1/AUTH_account/c/o mykey`\\"' % prog)
print()
print('Might output:')
print(' "https://swift-cluster.example.com/v1/AUTH_account/c/o?'
'temp_url_sig=34d49efc32fe6e3082e411eeeb85bd8a&'
'temp_url_expires=1323482948"')
exit(1)
method, seconds, path, key = argv[1:5]
argv[0:1] = ['swift', 'tempurl']
print("", file=stderr)
print(_("NOTE: This command is deprecated and will be removed "
"in the future. Please use 'swift tempurl' instead."), file=stderr)
print("", file=stderr)
try:
expires = int(time() + int(seconds))
except ValueError:
expires = 0
if expires < 1:
print('Please use a positive <seconds> value.')
from swiftclient.shell import main
except ImportError:
print(_("ERROR: python-swiftclient not installed."), file=stderr)
exit(1)
parts = path.split('/', 4)
# Must be five parts, ['', 'v1', 'a', 'c', 'o'], must be a v1 request, have
# account, container, and object values, and the object value can't just
# have '/'s.
if len(parts) != 5 or parts[0] or parts[1] != 'v1' or not parts[2] or \
not parts[3] or not parts[4].strip('/'):
stderr.write(
'WARNING: "%s" does not refer to an object '
'(e.g. /v1/account/container/object).\n' % path)
stderr.write(
'WARNING: Non-object paths will be rejected by tempurl.\n')
if '--quoted' in argv[5:]:
real_path = urllib.parse.unquote(path)
else:
real_path = path
sig = hmac.new(key, '%s\n%s\n%s' % (method, expires, real_path),
sha1).hexdigest()
print('%s?temp_url_sig=%s&temp_url_expires=%s' % (path, sig, expires))
exit(main(argv))

2
doc/manpages/account-server.conf.5
View File

@ -305,7 +305,7 @@ Allow rsync to compress data which is transmitted to destination node
during sync. However, this is applicable only when destination node is in
a different region than the local one. The default is false.
.IP \fBrsync_module\fR
Format of the rysnc module where the replicator will send data. See
Format of the rsync module where the replicator will send data. See
etc/rsyncd.conf-sample for some usage examples.
.IP \fBrecon_cache_path\fR
Path to recon cache directory. The default is /var/cache/swift.

2
doc/manpages/container-server.conf.5
View File

@ -317,7 +317,7 @@ Allow rsync to compress data which is transmitted to destination node
during sync. However, this is applicable only when destination node is in
a different region than the local one. The default is false.
.IP \fBrsync_module\fR
Format of the rysnc module where the replicator will send data. See
Format of the rsync module where the replicator will send data. See
etc/rsyncd.conf-sample for some usage examples.
.IP \fBrecon_cache_path\fR
Path to recon cache directory. The default is /var/cache/swift.

2
doc/manpages/object-server.conf.5
View File

@ -379,7 +379,7 @@ a different region than the local one.
NOTE: Objects that are already compressed (for example: .tar.gz, .mp3) might
slow down the syncing process. The default is false.
.IP \fBrsync_module\fR
Format of the rysnc module where the replicator will send data. See
Format of the rsync module where the replicator will send data. See
etc/rsyncd.conf-sample for some usage examples. The default is empty.
.IP \fBnode_timeout\fR
Request timeout to external services. The default is 10 seconds.

14
doc/manpages/proxy-server.conf.5
View File

@ -140,7 +140,7 @@ This optional suffix (default is empty) that would be appended to the swift tran
id allows one to easily figure out from which cluster that X-Trans-Id belongs to.
This is very useful when one is managing more than one swift cluster.
.IP \fBcors_allow_origin\fR
Use a comma separated list of full url (http://foo.bar:1234,https://foo.bar)
Use a comma separated list of full URL (http://foo.bar:1234,https://foo.bar)
.IP \fBstrict_cors_mode\fR
The default is true.
.IP \fBnice_priority\fR
@ -254,7 +254,7 @@ and also \fI.admin\fR who can do anything within the account.
If neither of these groups are specified, the user can only access containers that
have been explicitly allowed for them by a \fI.admin\fR or \fI.reseller_admin\fR.
The trailing optional storage_url allows you to specify an alternate url to hand
The trailing optional storage_url allows you to specify an alternate URL to hand
back to the user upon authentication. If not specified, this defaults to
\fIhttp[s]://<ip>:<port>/v1/<reseller_prefix>_<account>\fR where http or https depends
on whether cert_file is specified in the [DEFAULT] section, <ip> and <port> are based
@ -286,6 +286,14 @@ You'll need to have as well the keystoneauth middleware enabled
and have it in your main pipeline so instead of having tempauth in
there you can change it to: authtoken keystoneauth
The auth credentials ("project_domain_name", "user_domain_name", "username",
"project_name", "password") must match the Keystone credentials for the Swift
service. The example values shown here assume a user named "swift" with admin
role on a project named "service", both being in the Keystone domain with id
"default". Refer to the KeystoneMiddleware documentation at
.BI http://docs.openstack.org/developer/keystonemiddleware/middlewarearchitecture.html#configuration
for other examples.
.PD 0
.RS 10
.IP "paste.filter_factory = keystonemiddleware.auth_token:filter_factory"
@ -865,7 +873,7 @@ Note: this middleware requires python-dnspython
Entry point for paste.deploy for the container_sync middleware. This is the reference to the installed python egg.
This is normally \fBegg:swift#container_sync\fR.
.IP \fBallow_full_urls\fR
Set this to false if you want to disallow any full url values to be set for
Set this to false if you want to disallow any full URL values to be set for
any new X-Container-Sync-To headers. This will keep any new full urls from
coming in, but won't change any existing values already in the cluster.
Updating those will have to be done manually, as knowing what the true realm

63
doc/manpages/swift-account-audit.1 Normal file
View File

@ -0,0 +1,63 @@
.\"
.\" Copyright (c) 2016 OpenStack Foundation.
.\"
.\" Licensed under the Apache License, Version 2.0 (the "License");
.\" you may not use this file except in compliance with the License.
.\" You may obtain a copy of the License at
.\"
.\" http://www.apache.org/licenses/LICENSE-2.0
.\"
.\" Unless required by applicable law or agreed to in writing, software
.\" distributed under the License is distributed on an "AS IS" BASIS,
.\" WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
.\" implied.
.\" See the License for the specific language governing permissions and
.\" limitations under the License.
.\"
.TH SWIFT-ACCOUNT-AUDIT "1" "August 2016" "OpenStack Swift"
.SH NAME
swift\-account\-audit \- manually audit OpenStack Swift accounts
.SH SYNOPSIS
.PP
.B swift\-account\-audit\/
\fI[options]\fR \fI[url 1]\fR \fI[url 2]\fR \fI...\fR
.SH DESCRIPTION
.PP
The swift-account-audit cli tool can be used to audit the data for an account.
It crawls the account, checking that all containers and objects can be found.
You can also feed a list of urls to the script through stdin.
.SH OPTIONS
.TP
\fB\-c\fR \fIconcurrency\fR
Set the concurrency, default 50
.TP
\fB\-r\fR \fIring dir\fR
Ring locations, default \fI/etc/swift\fR
.TP
\fB\-e\fR \fIfilename\fR
File for writing a list of inconsistent urls
.TP
\fB\-d\fR
Also download files and verify md5
.SH EXAMPLES
.nf
/usr/bin/swift\-account\-audit\/ SOSO_88ad0b83\-b2c5\-4fa1\-b2d6\-60c597202076
/usr/bin/swift\-account\-audit\/ SOSO_88ad0b83\-b2c5\-4fa1\-b2d6\-60c597202076/container/object
/usr/bin/swift\-account\-audit\/ \fB\-e\fR errors.txt SOSO_88ad0b83\-b2c5\-4fa1\-b2d6\-60c597202076/container
/usr/bin/swift\-account\-audit\/ < errors.txt
/usr/bin/swift\-account\-audit\/ \fB\-c\fR 25 \fB\-d\fR < errors.txt
.fi
.SH DOCUMENTATION
.LP
More in depth documentation in regards to
.BI swift\-account\-audit
and also about OpenStack Swift as a whole can be found at
.BI http://swift.openstack.org/index.html
and
.BI http://docs.openstack.org

13
doc/manpages/swift-account-info.1
View File

@ -14,7 +14,7 @@
.\" See the License for the specific language governing permissions and
.\" limitations under the License.
.\"
.TH swift-account-info 1 "3/22/2014" "Linux" "OpenStack Swift"
.TH swift-account-info 1 "10/25/2016" "Linux" "OpenStack Swift"
.SH NAME
.LP
@ -24,7 +24,7 @@
.SH SYNOPSIS
.LP
.B swift-account-info
[ACCOUNT_DB_FILE] [SWIFT_DIR]
<account_db_file> [options]
.SH DESCRIPTION
.PP
@ -48,6 +48,15 @@ It will then return several information about that account such as;
.IP "- Ring Location"
.PD
.SH OPTIONS
.TP
\fB\-h, --help \fR
Shows the help message and exit
.TP
\fB\-d SWIFT_DIR, --swift-dir=SWIFT_DIR\fR
Pass location of swift configuration file if different from the default
location /etc/swift
.SH DOCUMENTATION
.LP
More documentation about OpenStack Swift can be found at

51
doc/manpages/swift-config.1 Normal file
View File

@ -0,0 +1,51 @@
.\"
.\" Copyright (c) 2016 OpenStack Foundation.
.\"
.\" Licensed under the Apache License, Version 2.0 (the "License");
.\" you may not use this file except in compliance with the License.
.\" You may obtain a copy of the License at
.\"
.\" http://www.apache.org/licenses/LICENSE-2.0
.\"
.\" Unless required by applicable law or agreed to in writing, software
.\" distributed under the License is distributed on an "AS IS" BASIS,
.\" WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
.\" implied.
.\" See the License for the specific language governing permissions and
.\" limitations under the License.
.\"
.TH SWIFT-CONFIG "1" "August 2016" "OpenStack Swift"
.SH NAME
swift\-config \- OpenStack Swift config parser
.SH SYNOPSIS
.B swift\-config
[\fIoptions\fR] \fISERVER\fR
.SH DESCRIPTION
.PP
Combine Swift configuration files and print result.
.SH OPTIONS
.TP
\fB\-h\fR, \fB\-\-help\fR
Show this help message and exit
.TP
\fB\-c\fR \fIN\fR, \fB\-\-config\-num\fR=\fIN\fR
Parse config for the \fIN\fRth server only
.TP
\fB\-s\fR \fISECTION\fR, \fB\-\-section\fR=\fISECTION\fR
Only display matching sections
.TP
\fB\-w\fR, \fB\-\-wsgi\fR
Use wsgi/paste parser instead of readconf
.SH DOCUMENTATION
.LP
More in depth documentation in regards to
.BI swift\-config
and also about OpenStack Swift as a whole can be found at
.BI http://swift.openstack.org/index.html
and
.BI http://docs.openstack.org

13
doc/manpages/swift-container-info.1
View File

@ -15,7 +15,7 @@
.\" See the License for the specific language governing permissions and
.\" limitations under the License.
.\"
.TH swift-container-info 1 "3/20/2013" "Linux" "OpenStack Swift"
.TH swift-container-info 1 "10/25/2016" "Linux" "OpenStack Swift"
.SH NAME
.LP
@ -25,7 +25,7 @@
.SH SYNOPSIS
.LP
.B swift-container-info
[CONTAINER_DB_FILE] [SWIFT_DIR]
<container_db_file> [options]
.SH DESCRIPTION
.PP
@ -55,6 +55,15 @@ It will then return several information about that container such as;
.IP "- Location on the ring "
.PD
.SH OPTIONS
.TP
\fB\-h, --help \fR
Shows the help message and exit
.TP
\fB\-d SWIFT_DIR, --swift-dir=SWIFT_DIR\fR
Pass location of swift configuration file if different from the default
location /etc/swift
.SH DOCUMENTATION
.LP
More documentation about OpenStack Swift can be found at

58
doc/manpages/swift-container-reconciler.1 Normal file
View File

@ -0,0 +1,58 @@
.\"
.\" Copyright (c) 2016 OpenStack Foundation.
.\"
.\" Licensed under the Apache License, Version 2.0 (the "License");
.\" you may not use this file except in compliance with the License.
.\" You may obtain a copy of the License at
.\"
.\" http://www.apache.org/licenses/LICENSE-2.0
.\"
.\" Unless required by applicable law or agreed to in writing, software
.\" distributed under the License is distributed on an "AS IS" BASIS,
.\" WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
.\" implied.
.\" See the License for the specific language governing permissions and
.\" limitations under the License.
.\"
.TH SWIFT-CONTAINER-RECONCILER "1" "August 2016" "OpenStack Swift"
.SH NAME
swift\-container\-reconciler \- OpenStack Swift container reconciler
.SH SYNOPSIS
.B swift\-container\-reconciler
\fICONFIG \fR[\fIoptions\fR]
.SH DESCRIPTION
.PP
This daemon will take objects that are in the wrong storage policy and
move them to the right ones, or delete requests that went to the wrong
storage policy and apply them to the right ones. It operates on a
queue similar to the object-expirer's queue.
Discovering that the object is in the wrong policy is done in the container
replicator; the container reconciler is the daemon that handles them once they
happen.
Like the object expirer, you only need to run one of these per cluster
.SH OPTIONS
.TP
\fB\-h\fR, \fB\-\-help\fR
Show this help message and exit
.TP
\fB\-v\fR, \fB\-\-verbose\fR
Log to console
.TP
\fB\-o\fR, \fB\-\-once\fR
Only run one pass of daemon
.PP
.SH DOCUMENTATION
.LP
More in depth documentation in regards to
.BI swift\-container\-reconciler
and also about OpenStack Swift as a whole can be found at
.BI http://swift.openstack.org/index.html
and
.BI http://docs.openstack.org

38
doc/manpages/swift-drive-audit.1 Normal file
View File

@ -0,0 +1,38 @@
.\"
.\" Copyright (c) 2016 OpenStack Foundation.
.\"
.\" Licensed under the Apache License, Version 2.0 (the "License");
.\" you may not use this file except in compliance with the License.
.\" You may obtain a copy of the License at
.\"
.\" http://www.apache.org/licenses/LICENSE-2.0
.\"
.\" Unless required by applicable law or agreed to in writing, software
.\" distributed under the License is distributed on an "AS IS" BASIS,
.\" WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
.\" implied.
.\" See the License for the specific language governing permissions and
.\" limitations under the License.
.\"
.TH SWIFT-DRIVE-AUDIT "1" "August 2016" "OpenStack Swift"
.SH NAME
swift\-drive\-audit \- OpenStack Swift drive audit cron job
.SH SYNOPSIS
.B swift\-drive\-audit
\fICONFIG\fR
.SH DESCRIPTION
.PP
Tool that can be run by using cron to watch for bad drives. If errors are
detected, it unmounts the bad drive, so that Swift can work around it.
.SH DOCUMENTATION
.LP
More in depth documentation in regards to
.BI swift\-drive\-audit
and also about OpenStack Swift as a whole can be found at
.BI http://swift.openstack.org/index.html
and
.BI http://docs.openstack.org

67
doc/manpages/swift-form-signature.1 Normal file
View File

@ -0,0 +1,67 @@
.\"
.\" Copyright (c) 2016 OpenStack Foundation.
.\"
.\" Licensed under the Apache License, Version 2.0 (the "License");
.\" you may not use this file except in compliance with the License.
.\" You may obtain a copy of the License at
.\"
.\" http://www.apache.org/licenses/LICENSE-2.0
.\"
.\" Unless required by applicable law or agreed to in writing, software
.\" distributed under the License is distributed on an "AS IS" BASIS,
.\" WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
.\" implied.
.\" See the License for the specific language governing permissions and
.\" limitations under the License.
.\"
.TH SWIFT-FORM-SIGNATURE "1" "August 2016" "OpenStack Swift"
.SH NAME
swift\-form\-signature \- compute the expires and signature for OpenStack Swift Form POST middleware
.SH SYNOPSIS
.B swift\-form\-signature
\fIpath\fR \fIredirect\fR \fImax_file_size\fR \fImax_file_count\fR
\fIseconds\fR \fIkey\fR
.SH DESCRIPTION
.PP
Tool to compute expires and signature values which can be used to upload
objects directly to the Swift from a browser by using the form POST middleware.
.SH OPTIONS
.TP
.I path
The prefix to use for form uploaded
objects. For example:
\fI/v1/account/container/object_prefix_\fP would
ensure all form uploads have that path
prepended to the browser\-given file name.
.TP
.I redirect
The URL to redirect the browser to after
the uploads have completed.
.TP
.I max_file_size
The maximum file size per file uploaded.
.TP
.I max_file_count
The maximum number of uploaded files
allowed.
.TP
.I seconds
The number of seconds from now to allow
the form post to begin.
.TP
.I key
The X\-Account\-Meta\-Temp\-URL\-Key for the
account.
.SH DOCUMENTATION
.LP
More in depth documentation in regards to
.BI swift\-form\-signature
and also about OpenStack Swift as a whole can be found at
.BI http://swift.openstack.org/index.html
and
.BI http://docs.openstack.org

32
doc/manpages/swift-get-nodes.1
View File

@ -15,7 +15,7 @@
.\" See the License for the specific language governing permissions and
.\" limitations under the License.
.\"
.TH swift-get-nodes 1 "8/26/2011" "Linux" "OpenStack Swift"
.TH swift-get-nodes 1 "10/25/2016" "Linux" "OpenStack Swift"
.SH NAME
.LP
@ -25,7 +25,17 @@
.SH SYNOPSIS
.LP
.B swift-get-nodes
\ <ring.gz> <account> [<container> [<object>]]
\ [options] <ring.gz> <account> [<container> [<object>]]
Or
.B swift-get-nodes
[options] <ring.gz> -p <partition>
Or
.B swift-get-nodes
\ [options] -P policy_name <account> <container> <object>
.SH DESCRIPTION
.PP
@ -35,6 +45,24 @@ swift cluster nodes. For example, if you have the account hash and a container
name that belongs to that account, you can use swift-get-nodes to lookup
where the container resides by using the container ring.
.SH OPTIONS
.TP
\fB\-h --help \fR
Shows the help message and exit
.TP
\fB\-a, --all\fR
Show all handoff nodes
.TP
\fB\-p PARTITION, --partition=PARTITION\fR
Show nodes for a given partition
.TP
\fB\-P POLICY_NAME, --policy-name=POLICY_NAME \fR
Specify storage policy name
.TP
\fB\-d SWIFT_DIR, --swift-dir=SWIFT_DIR\fR
Pass location of swift configuration file if different from the default
location /etc/swift
.RS 0
.IP "\fIExample:\fR"
.RE

19
doc/manpages/swift-object-info.1
View File

@ -15,7 +15,7 @@
.\" See the License for the specific language governing permissions and
.\" limitations under the License.
.\"
.TH swift-object-info 1 "8/26/2011" "Linux" "OpenStack Swift"
.TH swift-object-info 1 "10/25/2016" "Linux" "OpenStack Swift"
.SH NAME
.LP
@ -25,7 +25,7 @@
.SH SYNOPSIS
.LP
.B swift-object-info
[OBJECT_FILE] [SWIFT_DIR]
<object_file> [options]
.SH DESCRIPTION
.PP
@ -46,6 +46,21 @@ It will then return several information about that object such as;
.IP "- Location on the ring "
.PD
.SH OPTIONS
.TP
\fB\-h --help \fR
Shows the help message and exit
.TP
\fB\-n, --no-check-etag\fR
Don't verify file contents against stored etag
.TP
\fB\-d SWIFT_DIR, --swift-dir=SWIFT_DIR\fR
Pass location of swift configuration file if different from the default
location /etc/swift
.TP
\fB\-P POLICY_NAME, --policy-name=POLICY_NAME \fR
Specify storage policy name
.SH DOCUMENTATION
.LP
More documentation about OpenStack Swift can be found at

60
doc/manpages/swift-object-reconstructor.1 Normal file
View File

@ -0,0 +1,60 @@
.\"
.\" Copyright (c) 2016 OpenStack Foundation.
.\"
.\" Licensed under the Apache License, Version 2.0 (the "License");
.\" you may not use this file except in compliance with the License.
.\" You may obtain a copy of the License at
.\"
.\" http://www.apache.org/licenses/LICENSE-2.0
.\"
.\" Unless required by applicable law or agreed to in writing, software
.\" distributed under the License is distributed on an "AS IS" BASIS,
.\" WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
.\" implied.
.\" See the License for the specific language governing permissions and
.\" limitations under the License.
.\"
.TH SWIFT-OBJECT-RECONSTRUCTOR "1" "August 2016" "OpenStack Swift"
.SH NAME
swift\-object\-reconstructor \- OpenStack Swift EC object reconstructor
.SH SYNOPSIS
.B swift\-object\-reconstructor
\fICONFIG \fR[\fIoptions\fR]
.SH DESCRIPTION
.PP
Daemon for reconstruction of EC objects. Once a pair of nodes has
determined the need to replace a missing object fragment, instead of
pushing over a copy like replication would do, the reconstructor has to
read in enough surviving fragments from other nodes and perform a local
reconstruction before it has the correct data to push to the other node.
.SH OPTIONS
.TP
\fB\-h\fR, \fB\-\-help\fR
Show this help message and exit
.TP
\fB\-d\fR \fIDEVICES\fR, \fB\-\-devices\fR=\fIDEVICES\fR
Reconstruct only given devices. Comma\-separated list
.TP
\fB\-p\fR \fIPARTITIONS\fR, \fB\-\-partitions\fR=\fIPARTITIONS\fR
Reconstruct only given partitions. Comma\-separated
list
.TP
\fB\-v\fR, \fB\-\-verbose\fR
Log to console
.TP
\fB\-o\fR, \fB\-\-once\fR
Only run one pass of daemon
.PP
.SH DOCUMENTATION
.LP
More in depth documentation in regards to
.BI swift\-object\-reconstructor
and also about OpenStack Swift as a whole can be found at
.BI http://swift.openstack.org/index.html
and
.BI http://docs.openstack.org

38
doc/manpages/swift-recon-cron.1 Normal file
View File

@ -0,0 +1,38 @@
.\"
.\" Copyright (c) 2016 OpenStack Foundation.
.\"
.\" Licensed under the Apache License, Version 2.0 (the "License");
.\" you may not use this file except in compliance with the License.
.\" You may obtain a copy of the License at
.\"
.\" http://www.apache.org/licenses/LICENSE-2.0
.\"
.\" Unless required by applicable law or agreed to in writing, software
.\" distributed under the License is distributed on an "AS IS" BASIS,
.\" WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
.\" implied.
.\" See the License for the specific language governing permissions and
.\" limitations under the License.
.\"
.TH SWIFT-RECON-CRON "1" "August 2016" "OpenStack Swift"
.SH NAME
swift\-recon\-cron \- OpenStack Swift recon cron job
.SH SYNOPSIS
.B swift\-recon\-cron
\fI<CONFIG>\fR
.SH DESCRIPTION
.PP
Tool that can be run by using cron to fill recon cache. Recon data
can be read by \fBswift-recon\fR tool.
.SH DOCUMENTATION
.LP
More in depth documentation in regards to
.BI swift\-recon\-cron
and also about OpenStack Swift as a whole can be found at
.BI http://swift.openstack.org/index.html
and
.BI http://docs.openstack.org

58
doc/manpages/swift-reconciler-enqueue.1 Normal file
View File

@ -0,0 +1,58 @@
.\"
.\" Copyright (c) 2016 OpenStack Foundation.
.\"
.\" Licensed under the Apache License, Version 2.0 (the "License");
.\" you may not use this file except in compliance with the License.
.\" You may obtain a copy of the License at
.\"
.\" http://www.apache.org/licenses/LICENSE-2.0
.\"
.\" Unless required by applicable law or agreed to in writing, software
.\" distributed under the License is distributed on an "AS IS" BASIS,
.\" WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
.\" implied.
.\" See the License for the specific language governing permissions and
.\" limitations under the License.
.\"
.TH SWIFT-RECONCILER-ENQUEUE "1" "August 2016" "OpenStack Swift"
.SH NAME
swift\-reconciler\-enqueue \- OpenStack Swift reconciler enqueue
.SH SYNOPSIS
.B swift\-reconciler\-enqueue
\fIpolicy_index\fR \fI/a/c/o\fR \fItimestamp\fR \fR[\fIoptions\fR]
.SH DESCRIPTION
.PP
This script enqueues an object to be evaluated by the reconciler.
.SH OPTIONS
.TP
\fIpolicy_index\fR
The policy the object is currently stored in.
.TP
\fI/a/c/o\fR
The full path of the object \- UTF\-8
.TP
\fItimestamp\fR
The timestamp of the datafile/tombstone.
.TP
\fB\-h\fR, \fB\-\-help\fR
Show this help message and exit
.TP
\fB\-X\fR \fIOP\fR, \fB\-\-op\fR=\fIOP\fR
The method of the misplaced operation
.TP
\fB\-f\fR, \fB\-\-force\fR
Force an object to be re\-enqueued
.PP
.SH DOCUMENTATION
.LP
More in depth documentation in regards to
.BI swift\-reconciler\-enqueue
and also about OpenStack Swift as a whole can be found at
.BI http://swift.openstack.org/index.html
and
.BI http://docs.openstack.org

52
doc/manpages/swift-ring-builder-analyzer.1 Normal file
View File

@ -0,0 +1,52 @@
.\"
.\" Copyright (c) 2016 OpenStack Foundation.
.\"
.\" Licensed under the Apache License, Version 2.0 (the "License");
.\" you may not use this file except in compliance with the License.
.\" You may obtain a copy of the License at
.\"
.\" http://www.apache.org/licenses/LICENSE-2.0
.\"
.\" Unless required by applicable law or agreed to in writing, software
.\" distributed under the License is distributed on an "AS IS" BASIS,
.\" WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
.\" implied.
.\" See the License for the specific language governing permissions and
.\" limitations under the License.
.\"
.TH SWIFT-RING-BUILDER-ANALYZER "1" "August 2016" "OpenStack Swift"
.SH NAME
swift\-ring\-builder\-analyzer \- put the OpenStack Swift ring builder through its paces
.SH SYNOPSIS
.B swift\-ring\-builder\-analyzer
[\fIoptions\fR] \fIscenario_path\fR
.SH DESCRIPTION
.PP
This is a tool to help developers quantify changes to the ring
builder. It takes a scenario (JSON file) describing the builder's
basic parameters (part_power, replicas, etc.) and a number of
"rounds", where each round is a set of operations to perform on the
builder. For each round, the operations are applied, and then the
builder is rebalanced until it reaches a steady state.
.SH OPTIONS
.TP
.I scenario_path
Path to the scenario file
.TP
\fB\-h\fR, \fB\-\-help\fR
Show this help message and exit
.TP
\fB\-\-check\fR, \fB\-c\fR
Just check the scenario, don't execute it.
.SH DOCUMENTATION
.LP
More in depth documentation in regards to
.BI swift\-ring\-builder\-analyzer
and also about OpenStack Swift as a whole can be found at
.BI http://swift.openstack.org/index.html
and
.BI http://docs.openstack.org

56
doc/manpages/swift-temp-url.1 Normal file
View File

@ -0,0 +1,56 @@
.\"
.\" Copyright (c) 2016 OpenStack Foundation.
.\"
.\" Licensed under the Apache License, Version 2.0 (the "License");
.\" you may not use this file except in compliance with the License.
.\" You may obtain a copy of the License at
.\"
.\" http://www.apache.org/licenses/LICENSE-2.0
.\"
.\" Unless required by applicable law or agreed to in writing, software
.\" distributed under the License is distributed on an "AS IS" BASIS,
.\" WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
.\" implied.
.\" See the License for the specific language governing permissions and
.\" limitations under the License.
.\"
.TH SWIFT-TEMP-URL "1" "August 2016" "OpenStack Swift"
.SH NAME
swift\-temp\-url \- generates the query parameters for OpenStack Swift Temporary URL middleware
.SH DESCRIPTION
.PP
Tool that generates the query parameters which can be used to access Swift
objects directly from a browser by using the Temporary URL middleware.
.B NOTE: This command is deprecated and will be removed
.B in the future. Please use 'swift tempurl' instead.
.SH SYNOPSIS
.B swift\-temp\-url
\fImethod\fR \fIseconds\fR \fIpath\fR \fIkey\fR
.SH OPTIONS
.TP
.I method
The method to allow; GET for example.
.TP
.I seconds
The number of seconds from now to allow requests.
.TP
.I path
The full path to the resource.
Example: \fI/v1/AUTH_account/c/o\fP
.TP
.I key
The X\-Account\-Meta\-Temp\-URL\-Key for the account.
.SH DOCUMENTATION
.LP
More in depth documentation in regards to
.BI swift\-temp\-url
and also about OpenStack Swift as a whole can be found at
.BI http://swift.openstack.org/index.html
and
.BI http://docs.openstack.org

213
doc/manpages/swift.conf.5 Normal file
View File

@ -0,0 +1,213 @@
.\"
.\" Author: Nandini Tata <nandini.tata@intel.com>
.\" Copyright (c) 2016 OpenStack Foundation.
.\"
.\" Licensed under the Apache License, Version 2.0 (the "License");
.\" you may not use this file except in compliance with the License.
.\" You may obtain a copy of the License at
.\"
.\" http://www.apache.org/licenses/LICENSE-2.0
.\"
.\" Unless required by applicable law or agreed to in writing, software
.\" distributed under the License is distributed on an "AS IS" BASIS,
.\" WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
.\" implied.
.\" See the License for the specific language governing permissions and
.\" limitations under the License.
.\"
.TH swift.conf 5 "8/8/2016" "Linux" "OpenStack Swift"
.SH NAME
.LP
.B swift.conf
\- common configuration file for the OpenStack object storage services
.SH SYNOPSIS
.LP
.B swift.conf
.SH DESCRIPTION
.PP
This is the common configuration file used by all services of OpenStack object
storage services.
The configuration file follows the python-pastedeploy syntax. The file is
divided into sections, which are enclosed by square brackets. Each section
will contain a certain number of key/value parameters which are described
later.
Any line that begins with a '#' symbol is ignored.
You can find more information about python-pastedeploy configuration format at
\fIhttp://pythonpaste.org/deploy/#config-format\fR
.SH SWIFT HASH SECTION
.PD 1
.RS 0
This is indicated by section named [swift-hash]. Below are the parameters that
are acceptable within this section:
.PD 0
.IP "\fBswift_hash_path_suffix\fR"
.IP "\fBswift_hash_path_prefix\fR"
.PD
swift_hash_path_suffix and swift_hash_path_prefix are used as part of the
hashing algorithm when determining data placement in the cluster.
These values should remain secret and MUST NOT change once a cluster has been
deployed.
Use only printable chars (python -c "import string; print(string.printable)").
.SH STORAGE POLICY SECTION
.PD 1
.RS 0
This is indicated by section name [storage-policy:#]
Storage policies are defined here and they determine various characteristics
about how objects are stored and treated. Policies are specified by name on
a per container basis. The policy index is specified in the section header
and is used internally. The policy with index 0 is always used for legacy
containers and can be given a name for use in metadata; however, the ring file
name will always be 'object.ring.gz' for backwards compatibility. If no
policies are defined, a policy with index 0 will be automatically created for
backwards compatibility and given the name Policy-0. A default policy is used
when creating new containers when no policy is specified in the request. If
no other policies are defined, the policy with index 0 will be declared the
default. If multiple policies are defined, you must define a policy with index
0 and you must specify a default. It is recommended you always define a
section for storage-policy:0. Aliases are not mandatory when defining a
storage policy.
.IP "\fB[storage-policy:index]\fR"
Each storage policy is defined in a separate section with an index specified
in the header. Below are the parameters that are acceptable within this
section:
.IP "\fBname\fR"
Name of the storage policy. Policy names are case insensitive.
.IP "\fBaliases\fR"
Multiple names can be assigned to one policy using aliases. All names must
follow the Swift naming rules.
.IP "\fBpolicy_type\fR"
Policy type can be replication or erasure_coding. Replication policy
replicates the objects to specified number of replicas. Erasure coding uses
PyECLib API library for encode/decode operations. Please refer to Swift
documentation for details on how erasure coding is implemented.
.IP "\fBec_type\fR"
This parameter must be chosen from the list of EC backends supported by
PyECLib.
.IP "\fBec_num_data_fragments\fR"
This parameter is specific to 'erasure coding' policy_type only. It defines
the number of fragments that will be comprised of data.
.IP "\fBec_num_parity_fragments\fR"
This parameter is specific to 'erasure coding' policy_type only. It defines
the number of fragments that will be comprised of parity.
.IP "\fBec_object_segment_size\fR"
This parameter is specific to 'erasure coding' policy_type only. It defines
the amount of data that will be buffered up before feeding a segment into the
encoder/decoder. The default value is 1048576.
.IP "\fIExamples:\fR"
.PD 0
.IP "[storage-policy:0]"
.IP "name = Policy-0"
.IP "default = yes"
.IP "policy_type = replication"
.IP "aliases = yellow, orange"
.IP "[storage-policy:1]"
.IP "name = silver"
.IP "policy_type = replication"
.IP "[storage-policy:2]"
.IP "name = deepfreeze10-4"
.IP "aliases = df10-4"
.IP "policy_type = erasure_coding"
.IP "ec_type = liberasurecode_rs_vand"
.IP "ec_num_data_fragments = 10"
.IP "ec_num_parity_fragments = 4"
.IP "ec_object_segment_size = 1048576"
.PD
.RE
.PD
.SH SWIFT CONSTRAINTS SECTION
.PD 1
.RS 0
This is indicated by section name [swift-constraints]. This section sets the
basic constraints on data saved in the swift cluster. These constraints are
automatically published by the proxy server in responses to /info requests.
Below are the parameters that are acceptable within this section:
.IP "\fBmax_file_size\fR"
max_file_size is the largest "normal" object that can be saved in the cluster.
This is also the limit on the size of each segment of a "large" object when
using the large object manifest support. This value is set in bytes. Setting
it to lower than 1MiB will cause some tests to fail. It is STRONGLY
recommended to leave this value at the default (5 * 2**30 + 2).
.IP "\fBmax_meta_name_length\fR"
max_meta_name_length is the max number of bytes in the utf8 encoding of the
name portion of a metadata header.
.IP "\fBmax_meta_value_length\fR"
max_meta_value_length is the max number of bytes in the utf8 encoding of a
metadata value.
.IP "\fBmax_meta_count\fR"
max_meta_count is the max number of metadata keys that can be stored on a
single account, container, or object.
.IP "\fBmax_meta_overall_size\fR"
max_meta_overall_size is the max number of bytes in the utf8 encoding of the
metadata (keys + values).
.IP "\fBmax_header_size\fR"
max_header_size is the max number of bytes in the utf8 encoding of each
header. Using 8192 as default because eventlet uses 8192 as max size of header
line. This value may need to be increased when using identity v3 API tokens
including more than 7 catalog entries.
.IP "\fBextra_header_count\fR"
By default the maximum number of allowed headers depends on the number of max
allowed metadata settings plus a default value of 36 for swift internally
generated headers and regular http headers. If for some reason this is not
enough (custom middleware for example) it can be increased with the
extra_header_count constraint.
.IP "\fBmax_object_name_length\fR"
max_object_name_length is the max number of bytes in the utf8 encoding of an
object name.
.IP "\fBcontainer_listing_limit\fR"
container_listing_limit is the default (and max) number of items returned for
a container listing request.
.IP "\fBaccount_listing_limit\fR"
account_listing_limit is the default (and max) number of items returned for an
account listing request.
.IP "\fBmax_account_name_length\fR"
max_account_name_length is the max number of bytes in the utf8 encoding of an
account name.
.IP "\fBmax_container_name_length\fR"
max_container_name_length is the max number of bytes in the utf8 encoding of a
container name.
.IP "\fBvalid_api_versions\fR"
By default, all REST API calls should use "v1" or "v1.0" as the version string,
for example "/v1/account". This can be manually overridden to make this
backward-compatible, in case a different version string has been used before.
Use a comma-separated list in case of multiple allowed versions, for example
valid_api_versions = v0,v1,v2.
This is only enforced for account, container and object requests. The allowed
api versions are by default excluded from /info.
.SH DOCUMENTATION
.LP
More in depth documentation about the swift.conf and also OpenStack-Swift as a
whole can be found at
.BI http://swift.openstack.org/admin_guide.html
and
.BI http://swift.openstack.org

2
doc/saio/bin/remakerings
View File

@ -1,5 +1,7 @@
#!/bin/bash
set -e
cd /etc/swift
rm -f *.builder *.ring.gz backups/*.builder backups/*.ring.gz

8
doc/saio/bin/resetswift
View File

@ -1,9 +1,13 @@
#!/bin/bash
swift-init all stop
set -e
swift-init all kill
# Remove the following line if you did not set up rsyslog for individual logging:
sudo find /var/log/swift -type f -exec rm -f {} \;
sudo umount /mnt/sdb1
if cut -d' ' -f2 /proc/mounts | grep -q /mnt/sdb1 ; then
sudo umount /mnt/sdb1
fi
# If you are using a loopback device set SAIO_BLOCK_DEVICE to "/srv/swift-disk"
sudo mkfs.xfs -f ${SAIO_BLOCK_DEVICE:-/dev/sdb1}
sudo mount /mnt/sdb1

4
doc/saio/bin/startmain
View File

@ -1,3 +1,5 @@
#!/bin/bash
swift-init main start
set -e
swift-init main start

4
doc/saio/bin/startrest
View File

@ -1,3 +1,5 @@
#!/bin/bash
swift-init rest start
set -e
swift-init rest start

6
doc/source/admin_guide.rst
View File

@ -141,7 +141,7 @@ The first line reports that there are 256 partitions with 3 copies in region 1;
and this is an expected output in this case (single region with 3 replicas) as
reported by the "Max" value.
However, there is some inbalance in the cluster, more precisely in zone 3. The
However, there is some imbalance in the cluster, more precisely in zone 3. The
"Max" reports a maximum of 1 copy in this zone; however 50.00% of the partitions
are storing 2 replicas in this zone (which is somewhat expected, because there
are more disks in this zone).
@ -264,6 +264,8 @@ settings:
================== ============== ===========================================
Option Default Description
------------------ -------------- -------------------------------------------
user swift Drop privileges to this user for non-root
tasks
log_facility LOG_LOCAL0 Syslog log facility
log_level INFO Log level
device_dir /srv/node Directory devices are mounted under
@ -483,7 +485,7 @@ You can also run the report for only containers or objects::
100.00% of object copies found (7857 of 7857)
Sample represents 1.00% of the object partition space
Alternatively, the dispersion report can also be output in json format. This
Alternatively, the dispersion report can also be output in JSON format. This
allows it to be more easily consumed by third party utilities::
$ swift-dispersion-report -j

8
doc/source/api/large_objects.rst
View File

@ -107,7 +107,7 @@ json content—not the length of the segment objects. However, after the
**PUT** operation completes, the ``Content-Length`` metadata is set to
the total length of all the object segments. A similar situation applies
to the ``ETag``. If used in the **PUT** operation, it must contain the
MD5 checksum of the json content. The ``ETag`` metadata value is then
MD5 checksum of the JSON content. The ``ETag`` metadata value is then
set to be the MD5 checksum of the concatenated ``ETag`` values of the
object segments. You can also set the ``Content-Type`` request header
and custom object metadata.
@ -168,6 +168,12 @@ of segments to a second location and update the manifest to point to
this new location. During the upload of the new segments, the original
manifest is still available to download the first set of segments.
.. note::
When updating a manifest object using a POST request, a
``X-Object-Manifest`` header must be included for the
object to continue to behave as a manifest object.
**Example Upload segment of large object request: HTTP**
.. code::

6
doc/source/api/object_api_v1_overview.rst
View File

@ -171,14 +171,14 @@ The API Reference describes the operations that you can perform with the
Object Storage API:
- `Storage
accounts <http://developer.openstack.org/api-ref-objectstorage-v1.html#storage_account_services>`__:
accounts <http://developer.openstack.org/api-ref/object-storage/index.html#accounts>`__:
Use to perform account-level tasks.
Lists containers for a specified account. Creates, updates, and
deletes account metadata. Shows account metadata.
- `Storage
containers <http://developer.openstack.org/api-ref-objectstorage-v1.html#storage_container_services>`__:
containers <http://developer.openstack.org/api-ref/object-storage/index.html#containers>`__:
Use to perform container-level tasks.
Lists objects in a specified container. Creates, shows details for,
@ -186,7 +186,7 @@ Object Storage API:
container metadata.
- `Storage
objects <http://developer.openstack.org/api-ref-objectstorage-v1.html#storage_object_services>`__:
objects <http://developer.openstack.org/api-ref/object-storage/index.html#objects>`__:
Use to perform object-level tasks.
Creates, replaces, shows details for, and deletes objects. Copies

62
doc/source/api/object_versioning.rst
View File

@ -20,30 +20,37 @@ To allow object versioning within a cluster, the cloud provider should add the
``allow_versioned_writes`` option to ``true`` in the
``[filter:versioned_writes]`` section of the proxy-server configuration file.
The ``X-Versions-Location`` header defines the
container that holds the non-current versions of your objects. You
must UTF-8-encode and then URL-encode the container name before you
include it in the ``X-Versions-Location`` header. This header enables
object versioning for all objects in the container. With a comparable
``archive`` container in place, changes to objects in the ``current``
container automatically create non-current versions in the ``archive``
container.
To enable object versioning for a container, you must specify an "archive
container" that will retain non-current versions via either the
``X-Versions-Location`` or ``X-History-Location`` header. These two headers
enable two distinct modes of operation. Either mode may be used within a
cluster, but only one mode may be active for any given container. You must
UTF-8-encode and then URL-encode the container name before you include it in
the header.
The ``X-Versions-Mode`` header defines the behavior of ``DELETE`` requests to
objects in the versioned container. In the default ``stack`` mode, deleting an
object will restore the most-recent version from the ``archive`` container,
overwriting the curent version. Alternatively you may specify ``history``
mode, where deleting an object will copy the current version to the
``archive`` then remove it from the ``current`` container.
For both modes, **PUT** requests will archive any pre-existing objects before
writing new data, and **GET** requests will serve the current version. **COPY**
requests behave like a **GET** followed by a **PUT**; that is, if the copy
*source* is in a versioned container then the current version will be copied,
and if the copy *destination* is in a versioned container then any pre-existing
object will be archived before writing new data.
Example Using ``stack`` Mode
----------------------------
If object versioning was enabled using ``X-History-Location``, then object
**DELETE** requests will copy the current version to the archive container then
remove it from the versioned container.
If object versioning was enabled using ``X-Versions-Location``, then object
**DELETE** requests will restore the most-recent version from the archive
container, overwriting the curent version.
Example Using ``X-Versions-Location``
-------------------------------------
#. Create the ``current`` container:
.. code::
# curl -i $publicURL/current -X PUT -H "Content-Length: 0" -H "X-Auth-Token: $token" -H "X-Versions-Location: archive" -H "X-Versions-Mode: stack"
# curl -i $publicURL/current -X PUT -H "Content-Length: 0" -H "X-Auth-Token: $token" -H "X-Versions-Location: archive"
.. code::
@ -51,6 +58,7 @@ Example Using ``stack`` Mode
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Trans-Id: txb91810fb717347d09eec8-0052e18997
X-Openstack-Request-Id: txb91810fb717347d09eec8-0052e18997
Date: Thu, 23 Jan 2014 21:28:55 GMT
#. Create the first version of an object in the ``current`` container:
@ -67,6 +75,7 @@ Example Using ``stack`` Mode
Etag: d41d8cd98f00b204e9800998ecf8427e
Content-Type: text/html; charset=UTF-8
X-Trans-Id: tx5992d536a4bd4fec973aa-0052e18a2a
X-Openstack-Request-Id: tx5992d536a4bd4fec973aa-0052e18a2a
Date: Thu, 23 Jan 2014 21:31:22 GMT
Nothing is written to the non-current version container when you
@ -99,6 +108,7 @@ Example Using ``stack`` Mode
Etag: d41d8cd98f00b204e9800998ecf8427e
Content-Type: text/html; charset=UTF-8
X-Trans-Id: tx468287ce4fc94eada96ec-0052e18c8c
X-Openstack-Request-Id: tx468287ce4fc94eada96ec-0052e18c8c
Date: Thu, 23 Jan 2014 21:41:32 GMT
#. Issue a **GET** request to a versioned object to get the current
@ -121,6 +131,7 @@ Example Using ``stack`` Mode
X-Container-Bytes-Used: 0
Content-Type: text/plain; charset=utf-8
X-Trans-Id: tx9a441884997542d3a5868-0052e18d8e
X-Openstack-Request-Id: tx9a441884997542d3a5868-0052e18d8e
Date: Thu, 23 Jan 2014 21:45:50 GMT
009my_object/1390512682.92052
@ -144,6 +155,7 @@ Example Using ``stack`` Mode
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Trans-Id: tx006d944e02494e229b8ee-0052e18edd
X-Openstack-Request-Id: tx006d944e02494e229b8ee-0052e18edd
Date: Thu, 23 Jan 2014 21:51:25 GMT
List objects in the ``archive`` container to show that the archived
@ -163,20 +175,21 @@ Example Using ``stack`` Mode
X-Container-Bytes-Used: 0
Content-Type: text/html; charset=UTF-8
X-Trans-Id: tx044f2a05f56f4997af737-0052e18eed
X-Openstack-Request-Id: tx044f2a05f56f4997af737-0052e18eed
Date: Thu, 23 Jan 2014 21:51:41 GMT
This next-most current version carries with it any metadata last set
on it. If want to completely remove an object and you have five
versions of it, you must **DELETE** it five times.
Example Using ``history`` Mode
----------------------------
Example Using ``X-History-Location``
------------------------------------
#. Create the ``current`` container:
.. code::
# curl -i $publicURL/current -X PUT -H "Content-Length: 0" -H "X-Auth-Token: $token" -H "X-Versions-Location: archive" -H "X-Versions-Mode: history"
# curl -i $publicURL/current -X PUT -H "Content-Length: 0" -H "X-Auth-Token: $token" -H "X-History-Location: archive"
.. code::
@ -184,6 +197,7 @@ Example Using ``history`` Mode
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Trans-Id: txb91810fb717347d09eec8-0052e18997
X-Openstack-Request-Id: txb91810fb717347d09eec8-0052e18997
Date: Thu, 23 Jan 2014 21:28:55 GMT
#. Create the first version of an object in the ``current`` container:
@ -200,6 +214,7 @@ Example Using ``history`` Mode
Etag: d41d8cd98f00b204e9800998ecf8427e
Content-Type: text/html; charset=UTF-8
X-Trans-Id: tx5992d536a4bd4fec973aa-0052e18a2a
X-Openstack-Request-Id: tx5992d536a4bd4fec973aa-0052e18a2a
Date: Thu, 23 Jan 2014 21:31:22 GMT
Nothing is written to the non-current version container when you
@ -232,6 +247,7 @@ Example Using ``history`` Mode
Etag: d41d8cd98f00b204e9800998ecf8427e
Content-Type: text/html; charset=UTF-8
X-Trans-Id: tx468287ce4fc94eada96ec-0052e18c8c
X-Openstack-Request-Id: tx468287ce4fc94eada96ec-0052e18c8c
Date: Thu, 23 Jan 2014 21:41:32 GMT
#. Issue a **GET** request to a versioned object to get the current
@ -254,6 +270,7 @@ Example Using ``history`` Mode
X-Container-Bytes-Used: 0
Content-Type: text/plain; charset=utf-8
X-Trans-Id: tx9a441884997542d3a5868-0052e18d8e
X-Openstack-Request-Id: tx9a441884997542d3a5868-0052e18d8e
Date: Thu, 23 Jan 2014 21:45:50 GMT
009my_object/1390512682.92052
@ -266,7 +283,7 @@ Example Using ``history`` Mode
#. Issue a **DELETE** request to a versioned object to copy the
current version of the object to the archive container then delete it from
the current container. Subsequent **GET** requests to the object in the
current container will return 404 Not Found.
current container will return ``404 Not Found``.
.. code::
@ -278,6 +295,7 @@ Example Using ``history`` Mode
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Trans-Id: tx006d944e02494e229b8ee-0052e18edd
X-Openstack-Request-Id: tx006d944e02494e229b8ee-0052e18edd
Date: Thu, 23 Jan 2014 21:51:25 GMT
List older versions of the object in the ``archive`` container::
@ -296,6 +314,7 @@ Example Using ``history`` Mode
X-Container-Bytes-Used: 0
Content-Type: text/html; charset=UTF-8
X-Trans-Id: tx044f2a05f56f4997af737-0052e18eed
X-Openstack-Request-Id: tx044f2a05f56f4997af737-0052e18eed
Date: Thu, 23 Jan 2014 21:51:41 GMT
009my_object/1390512682.92052
@ -325,6 +344,7 @@ value.
Content-Length: 76
Content-Type: text/html; charset=UTF-8
X-Trans-Id: txe2476de217134549996d0-0052e19038
X-Openstack-Request-Id: txe2476de217134549996d0-0052e19038
Date: Thu, 23 Jan 2014 21:57:12 GMT
<html><h1>Accepted</h1><p>The request is accepted for processing.</p></html>

1
doc/source/api/use_the_content-disposition_metadata.rst
View File

@ -24,6 +24,7 @@ as ``goodbye.txt``:
Content-Length: 76
Content-Type: text/html; charset=UTF-8
X-Trans-Id: txa9b5e57d7f354d7ea9f57-0052e17e13
X-Openstack-Request-Id: txa9b5e57d7f354d7ea9f57-0052e17e13
Date: Thu, 23 Jan 2014 20:39:47 GMT
<html><h1>Accepted</h1><p>The request is accepted for processing.</p></html>

2
doc/source/associated_projects.rst
View File

@ -93,6 +93,8 @@ Storage Backends (DiskFile API implementations)
Developer Tools
---------------
* `SAIO bash scripts <https://github.com/ntata/swift-setup-scripts.git>`_ -
Well commented simple bash scripts for Swift all in one setup.
* `vagrant-swift-all-in-one
<https://github.com/swiftstack/vagrant-swift-all-in-one>`_ - Quickly setup a
standard development environment using Vagrant and Chef cookbooks in an

3
doc/source/cors.rst
View File

@ -43,7 +43,8 @@ returns the following values for this header,
* "simple response headers" as listed on
http://www.w3.org/TR/cors/#simple-response-header
* the headers ``etag``, ``x-timestamp``, ``x-trans-id``
* the headers ``etag``, ``x-timestamp``, ``x-trans-id``,
``x-openstack-request-id``
* all metadata headers (``X-Container-Meta-*`` for containers and
``X-Object-Meta-*`` for objects)
* headers listed in ``X-Container-Meta-Access-Control-Expose-Headers``

2
doc/source/deployment_guide.rst
View File

@ -1846,7 +1846,7 @@ There are special groups of::
If neither of these groups are specified, the user can only access containers
that have been explicitly allowed for them by a .admin or .reseller_admin.
The trailing optional storage_url allows you to specify an alternate url to
The trailing optional storage_url allows you to specify an alternate URL to
hand back to the user upon authentication. If not specified, this defaults to::
$HOST/v1/<reseller_prefix>_<account>

8
doc/source/development_middleware.rst
View File

@ -81,7 +81,11 @@ presented below::
from swift.proxy.controllers.base import get_container_info
from eventlet import Timeout
from eventlet.green import urllib2
import six
if six.PY3:
from eventlet.green.urllib import request as urllib2
else:
from eventlet.green import urllib2
# x-container-sysmeta-webhook
SYSMETA_WEBHOOK = get_sys_meta_prefix('container') + 'webhook'
@ -141,7 +145,7 @@ presented below::
return WebhookMiddleware(app)
return webhook_filter
In practice this middleware will call the url stored on the container as
In practice this middleware will call the URL stored on the container as
X-Webhook on all successful object uploads.
If this example was at ``<swift-repo>/swift/common/middleware/webhook.py`` -

2
doc/source/index.rst
View File

@ -94,7 +94,7 @@ Administrator Documentation
Object Storage v1 REST API Documentation
========================================
See `Complete Reference for the Object Storage REST API <http://developer.openstack.org/api-ref-objectstorage-v1.html>`_
See `Complete Reference for the Object Storage REST API <http://developer.openstack.org/api-ref/object-storage/>`_
The following provides supporting information for the REST API:

2
doc/source/ops_runbook/troubleshooting.rst
View File

@ -236,7 +236,7 @@ If ``X-Static-Large-Object`` is set, you need to read the contents. Do this by:
- Using swift-get-nodes to get the details of the object's location.
- Change the ``-X HEAD`` to ``-X GET`` and run ``curl`` against one copy.
- This lists a json body listing containers and object names
- This lists a JSON body listing containers and object names
- Delete the objects as described above for DLO segments
Once the segments are deleted, you can delete the object using

12
doc/source/overview_architecture.rst
View File

@ -2,8 +2,6 @@
Swift Architectural Overview
============================
.. TODO - add links to more detailed overview in each section below.
------------
Proxy Server
------------
@ -73,7 +71,8 @@ the cluster), the ring ensures that a minimum number of partitions are moved
at a time, and only one replica of a partition is moved at a time.
The ring is used by the Proxy server and several background processes
(like replication).
(like replication). See :doc:`overview_ring` for complete information on the
ring.
----------------
Storage Policies
@ -103,6 +102,8 @@ with that policy.
The Storage Policies feature is implemented throughout the entire code base so
it is an important concept in understanding Swift architecture.
See :doc:`overview_policies` for complete information on storage policies.
-------------
Object Server
-------------
@ -160,6 +161,8 @@ item (object, container, or account) is deleted, a tombstone is set as the
latest version of the item. The replicator will see the tombstone and ensure
that the item is removed from the entire system.
See :doc:`overview_replication` for complete information on replication.
--------------
Reconstruction
--------------
@ -199,5 +202,4 @@ containers, and accounts. If corruption is found (in the case of bit rot,
for example), the file is quarantined, and replication will replace the bad
file from another replica. If other errors are found they are logged (for
example, an object's listing can't be found on any container server it
should be).
should be).

67
doc/source/overview_auth.rst
View File

@ -125,11 +125,13 @@ Keystone roles to Swift's ACLs.
.. _KeystoneMiddleware: http://docs.openstack.org/developer/keystonemiddleware/
.. _Keystone: http://docs.openstack.org/developer/keystone/
.. _configuring_keystone_auth:
Configuring Swift to use Keystone
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Configuring Swift to use Keystone_
is relatively straight forward. The first
is relatively straightforward. The first
step is to ensure that you have the ``auth_token`` middleware installed. It can
either be dropped in your python path or installed via the KeystoneMiddleware_
package.
@ -179,7 +181,13 @@ your situation, but in short:
* The auth credentials (``project_domain_id``, ``user_domain_id``,
``username``, ``project_name``, ``password``) will be used to retrieve an
admin token. That token will be used to authorize user tokens behind the
scenes.
scenes. These credentials must match the Keystone credentials for the Swift
service. The example values shown here assume a user named 'swift' with admin
role on a project named 'service', both being in the Keystone domain with id
'default'. Refer to the `KeystoneMiddleware documentation
<http://docs.openstack.org/developer/keystonemiddleware/middlewarearchitecture.html#configuration>`_
for other examples.
* ``cache`` is set to ``swift.cache``. This means that the middleware
will get the Swift memcache from the request environment.
* ``include_service_catalog`` defaults to ``True`` if not set. This means
@ -320,6 +328,61 @@ Users with the Keystone role defined in ``reseller_admin_role``
sets the request environ reseller_request to True if a request is coming
from a user with this role. This can be used by other middlewares.
Troubleshooting tips for keystoneauth deployment
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Some common mistakes can result in API requests failing when first deploying
keystone with Swift:
* Incorrect configuration of the Swift endpoint in the Keystone service.
By default, keystoneauth expects the account part of a URL to have the form
``AUTH_<keystone_project_id>``. Sometimes the ``AUTH_`` prefix is missed when
configuring Swift endpoints in Keystone, as described in the `Install Guide
<http://docs.openstack.org/>`_. This is easily diagnosed by inspecting the
proxy-server log file for a failed request URL and checking that the URL
includes the ``AUTH_`` prefix (or whatever reseller prefix may have been
configured for keystoneauth)::
GOOD:
proxy-server: 127.0.0.1 127.0.0.1 07/Sep/2016/16/06/58 HEAD /v1/AUTH_cfb8d9d45212408b90bc0776117aec9e HTTP/1.0 204 ...
BAD:
proxy-server: 127.0.0.1 127.0.0.1 07/Sep/2016/16/07/35 HEAD /v1/cfb8d9d45212408b90bc0776117aec9e HTTP/1.0 403 ...
* Incorrect configuration of the ``authtoken`` middleware options in the Swift
proxy server.
The ``authtoken`` middleware communicates with the Keystone service to
validate tokens that are presented with client requests. To do this
``authtoken`` must authenticate itself with Keystone using the credentials
configured in the ``[filter:authtoken]`` section of
``/etc/swift/proxy-server.conf``. Errors in these credentials can result in
``authtoken`` failing to validate tokens and may be revealed in the proxy
server logs by a message such as::
proxy-server: Identity server rejected authorization
.. note::
More detailed log messaging may be seen by setting the ``authtoken``
option ``log_level = debug``.
The ``authtoken`` configuration options may be checked by attempting to use
them to communicate directly with Keystone using an ``openstack`` command
line. For example, given the ``authtoken`` configuration sample shown in
:ref:`configuring_keystone_auth`, the following command should return a
service catalog::
openstack --os-identity-api-version=3 --os-auth-url=http://keystonehost:5000/ \
--os-username=swift --os-user-domain-id=default \
--os-project-name=service --os-project-domain-id=default \
--os-password=password catalog show object-store
If this ``openstack`` command fails then it is likely that there is a problem
with the ``authtoken`` configuration.
--------------
Extending Auth
--------------

25
doc/source/overview_container_sync.rst
View File

@ -14,13 +14,24 @@ synchronization key.
.. note::
If you are using the large objects feature and syncing to another cluster
then you will need to ensure that manifest files and segment files are
synced. If segment files are in a different container than their manifest
then both the manifest's container and the segments' container must be
synced. The target container for synced segment files must always have the
same name as their source container in order for them to be resolved by
synced manifests.
If you are using the :ref:`Large Objects <large-objects>` feature and
syncing to another cluster then you will need to ensure that manifest files
and segment files are synced. If segment files are in a different container
than their manifest then both the manifest's container and the segments'
container must be synced. The target container for synced segment files
must always have the same name as their source container in order for them
to be resolved by synced manifests.
Be aware that manifest files may be synced before segment files even if
they are in the same container and were created after the segment files.
In the case of :ref:`Static Large Objects <static-large-objects>`, a GET
request for a manifest whose segments have yet to be completely synced will
fail with none or only part of the large object content being returned.
In the case of :ref:`Dynamic Large Objects <dynamic-large-objects>`, a GET
request for a manifest whose segments have yet to be completely synced will
either fail or return unexpected (and most likely incorrect) content.
.. note::

166
doc/source/overview_erasure_code.rst
View File

@ -317,35 +317,44 @@ EC archives are stored on disk in their respective objects-N directory based on
their policy index. See :doc:`overview_policies` for details on per policy
directory information.
The actual names on disk of EC archives also have one additional piece of data
encoded in the filename, the fragment archive index.
In addition to the object timestamp, the filenames of EC archives encode other
information related to the archive:
Each storage policy now must include a transformation function that diskfile
will use to build the filename to store on disk. The functions are implemented
in the diskfile module as policy specific sub classes ``DiskFileManager``.
* The fragment archive index. This is required for a few reasons. For one, it
allows us to store fragment archives of different indexes on the same storage
node which is not typical however it is possible in many circumstances.
Without unique filenames for the different EC archive files in a set, we
would be at risk of overwriting one archive of index `n` with another of
index `m` in some scenarios.
This is required for a few reasons. For one, it allows us to store fragment
archives of different indexes on the same storage node which is not typical
however it is possible in many circumstances. Without unique filenames for the
different EC archive files in a set, we would be at risk of overwriting one
archive of index n with another of index m in some scenarios.
The transformation function for the replication policy is simply a NOP. For
reconstruction, the index is appended to the filename just before the .data
extension. An example filename for a fragment archive storing the 5th fragment
would like this this::
The index is appended to the filename just before the ``.data`` extension.
For example, the filename for a fragment archive storing the 5th fragment
would be::
1418673556.92690#5.data
An additional file is also included for Erasure Code policies called the
``.durable`` file. Its meaning will be covered in detail later, however, its on-
disk format does not require the name transformation function that was just
covered. The .durable for the example above would simply look like this::
* The durable state of the archive. The meaning of this will be described in
more detail later, but a fragment archive that is considered durable has an
additional ``#d`` string included in its filename immediately before the
``.data`` extension. For example::
1418673556.92690.durable
1418673556.92690#5#d.data
A policy-specific transformation function is therefore used to build the
archive filename. These functions are implemented in the diskfile module as
methods of policy specific sub classes of ``BaseDiskFileManager``.
The transformation function for the replication policy is simply a NOP.
.. note::
In older versions the durable state of an archive was represented by an
additional file called the ``.durable`` file instead of the ``#d``
substring in the ``.data`` filename. The ``.durable`` for the example above
would be::
1418673556.92690.durable
And it would be found alongside every fragment specific .data file following a
100% successful PUT operation.
Proxy Server
------------
@ -393,21 +402,31 @@ communicate back to the storage nodes once it has confirmation that a quorum of
fragment archives in the set have been written.
For the first phase of the conversation the proxy requires a quorum of
`ec_ndata + 1` fragment archives to be successfully put to storage nodes.
This ensures that the object could still be reconstructed even if one of the
fragment archives becomes unavailable. During the second phase of the
conversation the proxy communicates a confirmation to storage nodes that the
fragment archive quorum has been achieved. This causes the storage node to
create a `ts.durable` file at timestamp `ts` which acts as an indicator of
the last known durable set of fragment archives for a given object. The
presence of a `ts.durable` file means, to the object server, `there is a set
of ts.data files that are durable at timestamp ts`.
`ec_ndata + 1` fragment archives to be successfully put to storage nodes. This
ensures that the object could still be reconstructed even if one of the
fragment archives becomes unavailable. As described above, each fragment
archive file is named::
<ts>#<frag_index>.data
where ``ts`` is the timestamp and ``frag_index`` is the fragment archive index.
During the second phase of the conversation the proxy communicates a
confirmation to storage nodes that the fragment archive quorum has been
achieved. This causes each storage node to rename the fragment archive written
in the first phase of the conversation to include the substring ``#d`` in its
name::
<ts>#<frag_index>#d.data
This indicates to the object server that this fragment archive is `durable` and
that there is a set of data files that are durable at timestamp ``ts``.
For the second phase of the conversation the proxy requires a quorum of
`ec_ndata + 1` successful commits on storage nodes. This ensures that there are
sufficient committed fragment archives for the object to be reconstructed even
if one becomes unavailable. The reconstructor ensures that `.durable` files are
replicated on storage nodes where they may be missing.
if one becomes unavailable. The reconstructor ensures that the durable state is
replicated on storage nodes where it may be missing.
Note that the completion of the commit phase of the conversation
is also a signal for the object server to go ahead and immediately delete older
@ -423,9 +442,9 @@ The basic flow looks like this:
data/metadata write, send a 1st-phase response to proxy.
* Upon quorum of storage nodes responses, the proxy initiates 2nd-phase by
sending commit confirmations to object servers.
* Upon receipt of commit message, object servers store a 0-byte data file as
`<timestamp>.durable` indicating successful PUT, and send a final response to
the proxy server.
* Upon receipt of commit message, object servers rename ``.data`` files to
include the ``#d`` substring, indicating successful PUT, and send a final
response to the proxy server.
* The proxy waits for `ec_ndata + 1` object servers to respond with a
success (2xx) status before responding to the client with a successful
status.
@ -446,28 +465,25 @@ Here is a high level example of what the conversation looks like::
Content-MD5: <footer_meta_cksum>
<footer_meta>
--MIMEboundary
<object server writes data, metadata>
<object server writes data, metadata to <ts>#<frag_index>.data file>
obj: 100 Continue
<quorum>
proxy: X-Document: put commit
commit_confirmation
--MIMEboundary--
<object server writes ts.durable state>
<object server renames <ts>#<frag_index>.data to <ts>#<frag_index>#d.data>
obj: 20x
<proxy waits to receive >=2 2xx responses>
proxy: 2xx -> client
A few key points on the .durable file:
A few key points on the durable state of a fragment archive:
* The .durable file means \"the matching .data file for this has sufficient
fragment archives somewhere, committed, to reconstruct the object\".
* The Proxy Server will never have knowledge, either on GET or HEAD, of the
existence of a .data file on an object server if it does not have a matching
.durable file.
* The object server will never return a .data that does not have a matching
.durable.
* When a proxy does a GET, it will only receive fragment archives that have
enough present somewhere to be reconstructed.
* A durable fragment archive means that there exist sufficient other fragment
archives elsewhere in the cluster (durable and/or non-durable) to reconstruct
the object.
* When a proxy does a GET, it will require at least one object server to
respond with a fragment archive is durable before reconstructing and
returning the object to the client.
Partial PUT Failures
====================
@ -475,10 +491,9 @@ Partial PUT Failures
A partial PUT failure has a few different modes. In one scenario the Proxy
Server is alive through the entire PUT conversation. This is a very
straightforward case. The client will receive a good response if and only if a
quorum of fragment archives were successfully landed on their storage nodes. In
this case the Reconstructor will discover the missing fragment archives, perform
a reconstruction and deliver fragment archives and their matching .durable files
to the nodes.
quorum of fragment archives were successfully landed on their storage nodes.
In this case the Reconstructor will discover the missing fragment archives,
perform a reconstruction and deliver those fragment archives to their nodes.
The more interesting case is what happens if the proxy dies in the middle of a
conversation. If it turns out that a quorum had been met and the commit phase
@ -500,17 +515,39 @@ The GET for EC is different enough from replication that subclassing the
`BaseObjectController` to the `ECObjectController` enables an efficient way to
implement the high level steps described earlier:
#. The proxy server makes simultaneous requests to participating nodes.
#. As soon as the proxy has the fragments it needs, it calls on PyECLib to
decode the data.
#. The proxy server makes simultaneous requests to `ec_ndata` primary object
server nodes with goal of finding a set of `ec_ndata` distinct EC archives
at the same timestamp, and an indication from at least one object server
that a durable fragment archive exists for that timestamp. If this goal is
not achieved with the first `ec_ndata` requests then the proxy server
continues to issue requests to the remaining primary nodes and then handoff
nodes.
#. As soon as the proxy server has found a usable set of `ec_ndata` EC
archives, it starts to call PyECLib to decode fragments as they are returned
by the object server nodes.
#. The proxy server creates Etag and content length headers for the client
response since each EC archive's metadata is valid only for that archive.
#. The proxy streams the decoded data it has back to the client.
#. Repeat until the proxy is done sending data back to the client.
The GET path will attempt to contact all nodes participating in the EC scheme,
if not enough primaries respond then handoffs will be contacted just as with
replication. Etag and content length headers are updated for the client
response following reconstruction as the individual fragment archives metadata
is valid only for that fragment archive.
Note that the proxy does not require all objects servers to have a durable
fragment archive to return in response to a GET. The proxy will be satisfied if
just one object server has a durable fragment archive at the same timestamp as
EC archives returned from other object servers. This means that the proxy can
successfully GET an object that had missing durable state on some nodes when it
was PUT (i.e. a partial PUT failure occurred).
Note also that an object server may inform the proxy server that it has more
than one EC archive for different timestamps and/or fragment indexes, which may
cause the proxy server to issue multiple requests for distinct EC archives to
that object server. (This situation can temporarily occur after a ring
rebalance when a handoff node storing an archive has become a primary node and
received its primary archive but not yet moved the handoff archive to its
primary node.)
The proxy may receive EC archives having different timestamps, and may
receive several EC archives having the same index. The proxy therefore
ensures that it has sufficient EC archives with the same timestamp
and distinct fragment indexes before considering a GET to be successful.
Object Server
-------------
@ -523,12 +560,11 @@ which includes things like the entire object etag.
DiskFile
========
Erasure code uses subclassed ``ECDiskFile``, ``ECDiskFileWriter``,
Erasure code policies use subclassed ``ECDiskFile``, ``ECDiskFileWriter``,
``ECDiskFileReader`` and ``ECDiskFileManager`` to implement EC specific
handling of on disk files. This includes things like file name manipulation to
include the fragment index in the filename, determination of valid .data files
based on .durable presence, construction of EC specific hashes.pkl file to
include fragment index information, etc., etc.
include the fragment index and durable state in the filename, construction of
EC specific ``hashes.pkl`` file to include fragment index information, etc.
Metadata
--------

4
doc/source/overview_large_objects.rst
View File

@ -57,6 +57,10 @@ Additional Notes
<container>/<prefix>`` header will be returned with the concatenated object
so you can tell where it's getting its segments from.
* When updating a manifest object using a POST request, a
``X-Object-Manifest`` header must be included for the object to
continue to behave as a manifest object.
* The response's ``Content-Length`` for a ``GET`` or ``HEAD`` on the manifest
file will be the sum of all the segments in the ``<container>/<prefix>``
listing, dynamically. So, uploading additional segments after the manifest is

1
doc/source/policies_saio.rst
View File

@ -145,4 +145,5 @@ Storage Policies effect placement of data in Swift.
Content-Type: text/plain; charset=utf-8
Accept-Ranges: bytes
X-Trans-Id: tx96e7496b19bb44abb55a3-0053482c75
X-Openstack-Request-Id: tx96e7496b19bb44abb55a3-0053482c75
Date: Fri, 11 Apr 2014 17:55:01 GMT

2
etc/account-server.conf-sample
View File

@ -146,7 +146,7 @@ use = egg:swift#recon
# a different region than the local one.
# rsync_compress = no
#
# Format of the rysnc module where the replicator will send data. See
# Format of the rsync module where the replicator will send data. See
# etc/rsyncd.conf-sample for some usage examples.
# rsync_module = {replication_ip}::account
#

2
etc/container-server.conf-sample
View File

@ -155,7 +155,7 @@ use = egg:swift#recon
# a different region than the local one.
# rsync_compress = no
#
# Format of the rysnc module where the replicator will send data. See
# Format of the rsync module where the replicator will send data. See
# etc/rsyncd.conf-sample for some usage examples.
# rsync_module = {replication_ip}::container
#

3
etc/drive-audit.conf-sample
View File

@ -1,4 +1,7 @@
[drive-audit]
# Set owner of the drive-audit recon cache to this user:
# user = swift
#
# device_dir = /srv/node
#
# You can specify default log routing here if you want:

2
etc/object-server.conf-sample
View File

@ -217,7 +217,7 @@ use = egg:swift#recon
# slow down the syncing process.
# rsync_compress = no
#
# Format of the rysnc module where the replicator will send data. See
# Format of the rsync module where the replicator will send data. See
# etc/rsyncd.conf-sample for some usage examples.
# rsync_module = {replication_ip}::object
#

35
etc/proxy-server.conf-sample
View File

@ -120,7 +120,7 @@ use = egg:swift#proxy
# Timeouts from these requests can be recovered from so setting this to
# something lower than node_timeout would provide quicker error recovery
# while allowing for a longer timeout for non-recoverable requests (PUTs).
# Defaults to node_timeout, should be overriden if node_timeout is set to a
# Defaults to node_timeout, should be overridden if node_timeout is set to a
# high number to prevent client timeouts from firing before the proxy server
# has a chance to retry.
# recoverable_node_timeout = node_timeout
@ -327,6 +327,12 @@ user_test5_tester5 = testing5 service
# auth_uri = http://keystonehost:5000
# auth_url = http://keystonehost:35357
# auth_plugin = password
# The following credentials must match the Keystone credentials for the Swift
# service and may need to be changed to match your Keystone configuration. The
# example values shown here assume a user named 'swift' with admin role on a
# project named 'service', both being in the Keystone domain with id 'default'.
# Refer to the keystonemiddleware documentation link above [1] for other
# examples.
# project_domain_id = default
# user_domain_id = default
# project_name = service
@ -544,6 +550,18 @@ use = egg:swift#staticweb
# set log_level = INFO
# set log_headers = false
# set log_address = /dev/log
#
# At times when it's impossible for staticweb to guess the outside
# endpoint correctly, the url_base may be used to supply the URL
# scheme and/or the host name (and port number) in order to generate
# redirects.
# Example values:
# http://www.example.com - redirect to www.example.com
# https: - changes the schema only
# https:// - same, changes the schema only
# //www.example.com:8080 - redirect www.example.com on port 8080
# (schema unchanged)
# url_base =
# Note: Put tempurl before dlo, slo and your auth filter(s) in the pipeline
[filter:tempurl]
@ -680,10 +698,17 @@ use = egg:swift#slo
# Time limit on GET requests (seconds)
# max_get_time = 86400
#
# When deleting with ?multipart-manifest=delete, multiple deletes may be
# executed in parallel. Avoid setting this too high, as it gives clients a
# force multiplier which may be used in DoS attacks. The suggested range is
# between 2 and 10.
# When creating an SLO, multiple segment validations may be executed in
# parallel. Further, multiple deletes may be executed in parallel when deleting
# with ?multipart-manifest=delete. Use this setting to limit how many
# subrequests may be executed concurrently. Avoid setting it too high, as it
# gives clients a force multiplier which may be used in DoS attacks. The
# suggested range is between 2 and 10.
# concurrency = 2
#
# This may be used to separately tune validation and delete concurrency values.
# Default is to use the concurrency value from above; all of the same caveats
# apply regarding recommended ranges.
# delete_concurrency = 2
# Note: Put after auth and staticweb in the pipeline.

5
install-guide/source/conf.py
View File

@ -22,6 +22,7 @@
import os
# import sys
from swift import __version__
import openstackdocstheme
@ -64,9 +65,9 @@ copyright = u'2016, OpenStack contributors'
# built documents.
#
# The short X.Y version.
version = '0.1'
version = __version__.rsplit('.', 1)[0]
# The full version, including alpha/beta/rc tags.
release = '0.1'
release = __version__
# A few variables have to be set for the log-a-bug feature.
# giturl: The location of conf.py on Git. Must be set manually.

2
install-guide/source/controller-install-debian.rst
View File

@ -47,4 +47,4 @@ Install and configure components
.. code-block:: console
# curl -o /etc/swift/proxy-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/proxy-server.conf-sample?h=stable/mitaka
# curl -o /etc/swift/proxy-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/proxy-server.conf-sample?h=stable/newton

2
install-guide/source/controller-install-rdo.rst
View File

@ -45,6 +45,6 @@ Install and configure components
.. code-block:: console
# curl -o /etc/swift/proxy-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/proxy-server.conf-sample?h=stable/mitaka
# curl -o /etc/swift/proxy-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/proxy-server.conf-sample?h=stable/newton
3. .. include:: controller-include.txt

2
install-guide/source/controller-install-ubuntu.rst
View File

@ -47,6 +47,6 @@ Install and configure components
.. code-block:: console
# curl -o /etc/swift/proxy-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/proxy-server.conf-sample?h=stable/mitaka
# curl -o /etc/swift/proxy-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/proxy-server.conf-sample?h=stable/newton
4. .. include:: controller-include.txt

2
install-guide/source/finalize-installation-rdo.rst
View File

@ -19,7 +19,7 @@ This section applies to Red Hat Enterprise Linux 7 and CentOS 7.
.. code-block:: console
# curl -o /etc/swift/swift.conf \
https://git.openstack.org/cgit/openstack/swift/plain/etc/swift.conf-sample?h=stable/mitaka
https://git.openstack.org/cgit/openstack/swift/plain/etc/swift.conf-sample?h=stable/newton
#. Edit the ``/etc/swift/swift.conf`` file and complete the following
actions:

2
install-guide/source/finalize-installation-ubuntu-debian.rst
View File

@ -19,7 +19,7 @@ This section applies to Ubuntu 14.04 (LTS) and Debian.
.. code-block:: console
# curl -o /etc/swift/swift.conf \
https://git.openstack.org/cgit/openstack/swift/plain/etc/swift.conf-sample?h=stable/mitaka
https://git.openstack.org/cgit/openstack/swift/plain/etc/swift.conf-sample?h=stable/newton
#. Edit the ``/etc/swift/swift.conf`` file and complete the following
actions:

6
install-guide/source/storage-install-rdo.rst
View File

@ -133,9 +133,9 @@ Install and configure components
.. code-block:: console
# curl -o /etc/swift/account-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/account-server.conf-sample?h=stable/mitaka
# curl -o /etc/swift/container-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/container-server.conf-sample?h=stable/mitaka
# curl -o /etc/swift/object-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/object-server.conf-sample?h=stable/mitaka
# curl -o /etc/swift/account-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/account-server.conf-sample?h=stable/newton
# curl -o /etc/swift/container-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/container-server.conf-sample?h=stable/newton
# curl -o /etc/swift/object-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/object-server.conf-sample?h=stable/newton
3. .. include:: storage-include1.txt
4. .. include:: storage-include2.txt

6
install-guide/source/storage-install-ubuntu-debian.rst
View File

@ -137,9 +137,9 @@ Install and configure components
.. code-block:: console
# curl -o /etc/swift/account-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/account-server.conf-sample?h=stable/mitaka
# curl -o /etc/swift/container-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/container-server.conf-sample?h=stable/mitaka
# curl -o /etc/swift/object-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/object-server.conf-sample?h=stable/mitaka
# curl -o /etc/swift/account-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/account-server.conf-sample?h=stable/newton
# curl -o /etc/swift/container-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/container-server.conf-sample?h=stable/newton
# curl -o /etc/swift/object-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/object-server.conf-sample?h=stable/newton
3. .. include:: storage-include1.txt
4. .. include:: storage-include2.txt

4
install-guide/source/verify.rst
View File

@ -37,12 +37,10 @@ Verify operation of the Object Storage service.
Containers: 0
Objects: 0
Bytes: 0
Containers in policy "policy-0": 0
Objects in policy "policy-0": 0
Bytes in policy "policy-0": 0
X-Account-Project-Domain-Id: default
X-Timestamp: 1444143887.71539
X-Trans-Id: tx1396aeaf17254e94beb34-0056143bde
X-Openstack-Request-Id: tx1396aeaf17254e94beb34-0056143bde
Content-Type: text/plain; charset=utf-8
Accept-Ranges: bytes

59
releasenotes/notes/2_10_0_release-666a76f4975657a5.yaml Normal file
View File

@ -0,0 +1,59 @@
---
features:
- >
Object versioning now supports a "history" mode in addition to
the older "stack" mode. The difference is in how DELETE requests
are handled. For full details, please read
http://docs.openstack.org/developer/swift/overview_object_versioning.html.
- >
New config variables to change the schedule priority and I/O
scheduling class. Servers and daemons now understand
`nice_priority`, `ionice_class`, and `ionice_priority` to
schedule their relative importance. Please read
http://docs.openstack.org/developer/swift/deployment_guide.html
for full config details.
- >
On newer kernels (3.15+ when using xfs), Swift will use the O_TMPFILE
flag when opening a file instead of creating a temporary file
and renaming it on commit. This makes the data path simpler and
allows the filesystem to more efficiently optimize the files on
disk, resulting in better performance.
- >
Erasure code GET performance has been significantly
improved in clusters that are not completely healthy.
- >
Significant improvements to the api-ref doc available at
http://developer.openstack.org/api-ref/object-storage/.
- >
A PUT or POST to a container will now update the container's
Last-Modified time, and that value will be included in a
GET/HEAD response.
- >
Include object sysmeta in POST responses. Sysmeta is still
stripped from the response before being sent to the client, but
this allows middleware to make use of the information.
upgrade:
- >
Update dnspython dependency to 1.14, removing the need to have
separate dnspython dependencies for Py2 and Py3.
- >
Deprecate swift-temp-url and call python-swiftclient's
implementation instead. This adds python-swiftclient as an
optional dependency of Swift.
- >
Moved other-requirements.txt to bindep.txt. bindep.txt lists
non-python dependencies of Swift.
fixes:
- >
Fixed a bug where a container listing delimiter wouldn't work
with encryption.
- >
Fixed a bug where some headers weren't being copied correctly
in a COPY request.
- >
Container sync can now copy SLOs more efficiently by allowing
the manifest to be synced before all of the referenced segments.
This fixes a bug where container sync would not copy SLO manifests.
- Fixed a bug where some tombstone files might never be reclaimed.
other:
- Various other minor bug fixes and improvements.

54
releasenotes/notes/2_11_0_release-ac1d256e455d347e.yaml Normal file
View File

@ -0,0 +1,54 @@
---
features:
- >
The improvements to EC reads made in Swift 2.10.0 have also been
applied to the reconstructor. This allows fragments to be rebuilt
in more circumstances, resulting in faster recovery from failures.
- >
Instead of using a separate .durable file to indicate the
durable status of an EC fragment archive, we rename the .data
to include a durable marker in the filename. This saves one
inode for every EC .data file. Existing .durable files will not
be removed, and they will continue to work just fine.
- >
Closed a bug where ssync may have written bad fragment data in
some circumstances. A check was added to ensure the correct number
of bytes is written for a fragment before finalizing the write.
Also, erasure coded fragment metadata will now be validated on read
requests and, if bad data is found, the fragment will be quarantined.
- Added a configurable URL base to staticweb.
- Support multi-range GETs for static large objects.
- >
TempURLs using the "inline" parameter can now also set the
"filename" parameter. Both are used in the Content-Disposition
response header.
- Mirror X-Trans-Id to X-Openstack-Request-Id.
- >
SLO will now concurrently HEAD segments, resulting in much faster
manifest validation and object creation. By default, two HEAD requests
will be done at a time, but this can be changed by the operator via
the new `concurrency` setting in the "[filter:slo]" section of
the proxy server config.
- Suppressed the KeyError message when auditor finds an expired object.
- Daemons using InternalClient can now be properly killed with SIGTERM.
- >
Added a "user" option to the drive-audit config file. Its value is
used to set the owner of the drive-audit recon cache.
- >
Throttle update_auditor_status calls so it updates no more than once
per minute.
- Suppress unexpected-file warnings for rsync temp files.
upgrade:
- Updated the PyECLib dependency to 1.3.1.
- >
Note that after writing EC data with Swift 2.11.0 or later, that
data will not be accessible to earlier versions of Swift.
critical:
- >
WARNING: If you are using the ISA-L library for erasure codes,
please upgrade to liberasurecode 1.3.1 (or later) as soon as
possible. If you are using isa_l_rs_vand with more than 4 parity,
please read https://bugs.launchpad.net/swift/+bug/1639691 and take
necessary action.
other:
- Various other minor bug fixes and improvements.

345
releasenotes/source/conf.py Normal file
View File

@ -0,0 +1,345 @@
# -*- coding: utf-8 -*-
#
# swift documentation build configuration file, created by
# sphinx-quickstart on Mon Oct 3 17:01:55 2016.
#
# This file is execfile()d with the current directory set to its
# containing dir.
#
# Note that not all possible configuration values are present in this
# autogenerated file.
#
# All configuration values have a default; values that are commented out
# serve to show the default.
# If extensions (or modules to document with autodoc) are in another directory,
# add these directories to sys.path here. If the directory is relative to the
# documentation root, use os.path.abspath to make it absolute, like shown here.
#
# import os
# import sys
# sys.path.insert(0, os.path.abspath('.'))
import datetime
from swift import __version__
# -- General configuration ------------------------------------------------
# If your documentation needs a minimal Sphinx version, state it here.
#
# needs_sphinx = '1.0'
# Add any Sphinx extension module names here, as strings. They can be
# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
# ones.
extensions = [
'oslosphinx',
'reno.sphinxext',
]
# Add any paths that contain templates here, relative to this directory.
# templates_path = ['_templates']
# The suffix(es) of source filenames.
# You can specify multiple suffix as a list of string:
#
# source_suffix = ['.rst', '.md']
source_suffix = '.rst'
# The encoding of source files.
#
# source_encoding = 'utf-8-sig'
# The master toctree document.
master_doc = 'index'
# General information about the project.
project = u'Swift Release Notes'
copyright = u'%d, OpenStack Foundation' % datetime.datetime.now().year
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
# built documents.
#
# The short X.Y version.
version = __version__.rsplit('.', 1)[0]
# The full version, including alpha/beta/rc tags.
release = __version__
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
#
# This is also used if you do content translation via gettext catalogs.
# Usually you set "language" from the command line for these cases.
language = None
# There are two options for replacing |today|: either, you set today to some
# non-false value, then it is used:
#
# today = ''
#
# Else, today_fmt is used as the format for a strftime call.
#
# today_fmt = '%B %d, %Y'
# List of patterns, relative to source directory, that match files and
# directories to ignore when looking for source files.
# This patterns also effect to html_static_path and html_extra_path
exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store']
# The reST default role (used for this markup: `text`) to use for all
# documents.
#
# default_role = None
# If true, '()' will be appended to :func: etc. cross-reference text.
#
# add_function_parentheses = True
# If true, the current module name will be prepended to all description
# unit titles (such as .. function::).
#
# add_module_names = True
# If true, sectionauthor and moduleauthor directives will be shown in the
# output. They are ignored by default.
#
# show_authors = False
# The name of the Pygments (syntax highlighting) style to use.
pygments_style = 'sphinx'
# A list of ignored prefixes for module index sorting.
# modindex_common_prefix = []
# If true, keep warnings as "system message" paragraphs in the built documents.
# keep_warnings = False
# If true, `todo` and `todoList` produce output, else they produce nothing.
# todo_include_todos = False
# -- Options for HTML output ----------------------------------------------
# The theme to use for HTML and HTML Help pages. See the documentation for
# a list of builtin themes.
#
html_theme = 'default'
# Theme options are theme-specific and customize the look and feel of a theme
# further. For a list of options available for each theme, see the
# documentation.
#
# html_theme_options = {}
# Add any paths that contain custom themes here, relative to this directory.
# html_theme_path = []
# The name for this set of Sphinx documents.
# "<project> v<release> documentation" by default.
#
# html_title = u'swift v2.10.0'
# A shorter title for the navigation bar. Default is the same as html_title.
#
# html_short_title = None
# The name of an image file (relative to this directory) to place at the top
# of the sidebar.
#
# html_logo = None
# The name of an image file (relative to this directory) to use as a favicon of
# the docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32
# pixels large.
#
# html_favicon = None
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
# so a file named "default.css" will overwrite the builtin "default.css".
# html_static_path = ['_static']
# Add any extra paths that contain custom files (such as robots.txt or
# .htaccess) here, relative to this directory. These files are copied
# directly to the root of the documentation.
#
# html_extra_path = []
# If not None, a 'Last updated on:' timestamp is inserted at every page
# bottom, using the given strftime format.
# The empty string is equivalent to '%b %d, %Y'.
#
# html_last_updated_fmt = None
# If true, SmartyPants will be used to convert quotes and dashes to
# typographically correct entities.
#
# html_use_smartypants = True
# Custom sidebar templates, maps document names to template names.
#
# html_sidebars = {}
# Additional templates that should be rendered to pages, maps page names to
# template names.
#
# html_additional_pages = {}
# If false, no module index is generated.
#
# html_domain_indices = True
# If false, no index is generated.
#
# html_use_index = True
# If true, the index is split into individual pages for each letter.
#
# html_split_index = False
# If true, links to the reST sources are added to the pages.
#
# html_show_sourcelink = True
# If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
#
# html_show_sphinx = True
# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
#
# html_show_copyright = True
# If true, an OpenSearch description file will be output, and all pages will
# contain a <link> tag referring to it. The value of this option must be the
# base URL from which the finished HTML is served.
#
# html_use_opensearch = ''
# This is the file name suffix for HTML files (e.g. ".xhtml").
# html_file_suffix = None
# Language to be used for generating the HTML full-text search index.
# Sphinx supports the following languages:
# 'da', 'de', 'en', 'es', 'fi', 'fr', 'hu', 'it', 'ja'
# 'nl', 'no', 'pt', 'ro', 'ru', 'sv', 'tr', 'zh'
#
# html_search_language = 'en'
# A dictionary with options for the search language support, empty by default.
# 'ja' uses this config value.
# 'zh' user can custom change `jieba` dictionary path.
#
# html_search_options = {'type': 'default'}
# The name of a javascript file (relative to the configuration directory) that
# implements a search results scorer. If empty, the default will be used.
#
# html_search_scorer = 'scorer.js'
# Output file base name for HTML help builder.
htmlhelp_basename = 'SwiftReleaseNotesdoc'
# -- Options for LaTeX output ---------------------------------------------
# latex_elements = {
# # The paper size ('letterpaper' or 'a4paper').
# #
# # 'papersize': 'letterpaper',
# # The font size ('10pt', '11pt' or '12pt').
# #
# # 'pointsize': '10pt',
# # Additional stuff for the LaTeX preamble.
# #
# # 'preamble': '',
# # Latex figure (float) alignment
# #
# # 'figure_align': 'htbp',
# }
# Grouping the document tree into LaTeX files. List of tuples
# (source start file, target name, title,
# author, documentclass [howto, manual, or own class]).
# latex_documents = [
# (master_doc, 'swift.tex', u'swift Documentation',
# u'swift', 'manual'),
# ]
# The name of an image file (relative to this directory) to place at the top of
# the title page.
#
# latex_logo = None
# For "manual" documents, if this is true, then toplevel headings are parts,
# not chapters.
#
# latex_use_parts = False
# If true, show page references after internal links.
#
# latex_show_pagerefs = False
# If true, show URL addresses after external links.
#
# latex_show_urls = False
# Documents to append as an appendix to all manuals.
#
# latex_appendices = []
# It false, will not define \strong, \code, itleref, \crossref ... but only
# \sphinxstrong, ..., \sphinxtitleref, ... To help avoid clash with user added
# packages.
#
# latex_keep_old_macro_names = True
# If false, no module index is generated.
#
# latex_domain_indices = True
# -- Options for manual page output ---------------------------------------
# One entry per manual page. List of tuples
# (source start file, name, description, authors, manual section).
# man_pages = [
# (master_doc, 'swift', u'swift Documentation',
# [author], 1)
# ]
# If true, show URL addresses after external links.
#
# man_show_urls = False
# -- Options for Texinfo output -------------------------------------------
# Grouping the document tree into Texinfo files. List of tuples
# (source start file, target name, title, author,
# dir menu entry, description, category)
# texinfo_documents = [
# (master_doc, 'swift', u'swift Documentation',
# author, 'swift', 'One line description of project.',
# 'Miscellaneous'),
# ]
# Documents to append as an appendix to all manuals.
#
# texinfo_appendices = []
# If false, no module index is generated.
#
# texinfo_domain_indices = True
# How to display URL addresses: 'footnote', 'no', or 'inline'.
#
# texinfo_show_urls = 'footnote'
# If true, do not generate a @detailmenu in the "Top" node's menu.
#
# texinfo_no_detailmenu = False
locale_dirs = ['locale/']

5
releasenotes/source/current.rst Normal file
View File

@ -0,0 +1,5 @@
====================================
Current (Unreleased) Release Notes
====================================
.. release-notes::

10
releasenotes/source/index.rst Normal file
View File

@ -0,0 +1,10 @@
=====================
Swift Release Notes
=====================
.. toctree::
:maxdepth: 1
current
newton

6
releasenotes/source/newton.rst Normal file
View File

@ -0,0 +1,6 @@
=============================
Newton Series Release Notes
=============================
.. release-notes::
:branch: origin/stable/newton

2
requirements.txt
View File

@ -9,5 +9,5 @@ netifaces>=0.5,!=0.10.0,!=0.10.1
pastedeploy>=1.3.3
six>=1.9.0
xattr>=0.4
PyECLib>=1.2.0 # BSD
PyECLib>=1.3.1 # BSD
cryptography>=1.0,!=1.3.0 # BSD/Apache-2.0

10
swift/account/backend.py
View File

@ -254,7 +254,7 @@ class AccountBroker(DatabaseBroker):
:param bytes_used: number of bytes used by the container
:param storage_policy_index: the storage policy for this container
"""
if delete_timestamp > put_timestamp and \
if Timestamp(delete_timestamp) > Timestamp(put_timestamp) and \
object_count in (None, '', 0, '0'):
deleted = 1
else:
@ -501,12 +501,14 @@ class AccountBroker(DatabaseBroker):
for i in range(5):
if record[i] is None and row[i] is not None:
record[i] = row[i]
if row[1] > record[1]: # Keep newest put_timestamp
if Timestamp(row[1]) > \
Timestamp(record[1]): # Keep newest put_timestamp
record[1] = row[1]
if row[2] > record[2]: # Keep newest delete_timestamp
if Timestamp(row[2]) > \
Timestamp(record[2]): # Keep newest delete_timestamp
record[2] = row[2]
# If deleted, mark as such
if record[2] > record[1] and \
if Timestamp(record[2]) > Timestamp(record[1]) and \
record[3] in (None, '', 0, '0'):
record[5] = 1
else:

24
swift/cli/recon.py
View File

@ -17,7 +17,7 @@
from __future__ import print_function
from eventlet.green import urllib2, socket
from eventlet.green import socket
from six.moves.urllib.parse import urlparse
from swift.common.utils import SWIFT_CONF_FILE
from swift.common.ring import Ring
@ -28,8 +28,14 @@ import json
import optparse
import time
import sys
import six
import os
if six.PY3:
from eventlet.green.urllib import request as urllib2
else:
from eventlet.green import urllib2
def seconds2timeunit(seconds):
elapsed = seconds
@ -233,14 +239,14 @@ class SwiftRecon(object):
matches = 0
errors = 0
ring_names = set()
for server_type in ('account', 'container'):
ring_name = '%s.ring.gz' % server_type
if self.server_type == 'object':
for ring_name in os.listdir(swift_dir):
if ring_name.startswith('object') and \
ring_name.endswith('ring.gz'):
ring_names.add(ring_name)
else:
ring_name = '%s.ring.gz' % self.server_type
ring_names.add(ring_name)
# include any other object ring files
for ring_name in os.listdir(swift_dir):
if ring_name.startswith('object') and \
ring_name.endswith('ring.gz'):
ring_names.add(ring_name)
rings = {}
for ring_name in ring_names:
md5sum = md5()
@ -265,6 +271,8 @@ class SwiftRecon(object):
success = True
for remote_ring_file, remote_ring_sum in response.items():
remote_ring_name = os.path.basename(remote_ring_file)
if not remote_ring_name.startswith(self.server_type):
continue
ring_sum = rings.get(remote_ring_name, None)
if remote_ring_sum != ring_sum:
success = False

9
swift/cli/ringbuilder.py
View File

@ -459,9 +459,12 @@ swift-ring-builder <builder_file> create <part_power> <replicas>
def default():
"""
swift-ring-builder <builder_file>
Shows information about the ring and the devices within.
Flags:
DEL - marked for removal and will be removed next rebalance.
Shows information about the ring and the devices within. Output
includes a table that describes the report parameters (id, region,
port, flags, etc).
flags: possible values are 'DEL' and ''
DEL - indicates that the device is marked for removal from
ring and will be removed in next rebalance.
"""
print('%s, build version %d' % (builder_file, builder.version))
regions = 0

2
swift/common/constraints.py
View File

@ -67,7 +67,7 @@ EFFECTIVE_CONSTRAINTS = {} # populated by reload_constraints
def reload_constraints():
"""
Parse SWIFT_CONF_FILE and reset module level global contraint attrs,
Parse SWIFT_CONF_FILE and reset module level global constraint attrs,
populating OVERRIDE_CONSTRAINTS AND EFFECTIVE_CONSTRAINTS along the way.
"""
global SWIFT_CONSTRAINTS_LOADED, OVERRIDE_CONSTRAINTS

2
swift/common/container_sync_realms.py
View File

@ -63,7 +63,7 @@ class ContainerSyncRealms(object):
if mtime != self.conf_path_mtime:
self.conf_path_mtime = mtime
try:
conf = configparser.SafeConfigParser()
conf = configparser.ConfigParser()
conf.read(self.conf_path)
except configparser.ParsingError as err:
self.logger.error(

4
swift/common/daemon.py
View File

@ -14,7 +14,6 @@
# limitations under the License.
import os
import sys
import time
import signal
from re import sub
@ -46,9 +45,10 @@ class Daemon(object):
utils.capture_stdio(self.logger, **kwargs)
def kill_children(*args):
self.logger.info('SIGTERM received')
signal.signal(signal.SIGTERM, signal.SIG_IGN)
os.killpg(0, signal.SIGTERM)
sys.exit()
os._exit(0)
signal.signal(signal.SIGTERM, kill_children)
if once:

4
swift/common/header_key_dict.py
View File

@ -40,8 +40,10 @@ class HeaderKeyDict(dict):
def __setitem__(self, key, value):
if value is None:
self.pop(key.title(), None)
elif isinstance(value, six.text_type):
elif six.PY2 and isinstance(value, six.text_type):
return dict.__setitem__(self, key.title(), value.encode('utf-8'))
elif six.PY3 and isinstance(value, six.binary_type):
return dict.__setitem__(self, key.title(), value.decode('latin-1'))
else:
return dict.__setitem__(self, key.title(), str(value))

7
swift/common/internal_client.py
View File

@ -14,7 +14,7 @@
# limitations under the License.
from eventlet import sleep, Timeout
from eventlet.green import httplib, socket, urllib2
from eventlet.green import httplib, socket
import json
import six
from six.moves import range
@ -32,6 +32,11 @@ from swift.common.swob import Request
from swift.common.utils import quote
from swift.common.wsgi import loadapp, pipeline_property
if six.PY3:
from eventlet.green.urllib import request as urllib2
else:
from eventlet.green import urllib2
class UnexpectedResponse(Exception):
"""

76
swift/common/linkat.py Normal file
View File

@ -0,0 +1,76 @@
# Copyright (c) 2016 OpenStack Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import os
import ctypes
from ctypes.util import find_library
__all__ = ['linkat']
class Linkat(object):
# From include/uapi/linux/fcntl.h
AT_FDCWD = -100
AT_SYMLINK_FOLLOW = 0x400
__slots__ = '_c_linkat'
def __init__(self):
libc = ctypes.CDLL(find_library('c'), use_errno=True)
try:
c_linkat = libc.linkat
except AttributeError:
self._c_linkat = None
return
c_linkat.argtypes = [ctypes.c_int, ctypes.c_char_p,
ctypes.c_int, ctypes.c_char_p,
ctypes.c_int]
c_linkat.restype = ctypes.c_int
def errcheck(result, func, arguments):
if result == -1:
errno = ctypes.set_errno(0)
raise IOError(errno, 'linkat: %s' % os.strerror(errno))
else:
return result
c_linkat.errcheck = errcheck
self._c_linkat = c_linkat
@property
def available(self):
return self._c_linkat is not None
def __call__(self, olddirfd, oldpath, newdirfd, newpath, flags):
"""
linkat() creates a new link (also known as a hard link)
to an existing file.
See `man 2 linkat` for more info.
"""
if not self.available:
raise EnvironmentError('linkat not available')
if not isinstance(olddirfd, int) or not isinstance(newdirfd, int):
raise TypeError("fd must be an integer.")
return self._c_linkat(olddirfd, oldpath, newdirfd, newpath, flags)
linkat = Linkat()
del Linkat

2
swift/common/manager.py
View File

@ -571,7 +571,7 @@ class Server(object):
except InvalidPidFileException as e:
if kwargs.get('verbose'):
print(_('Removing pid file %(pid_file)s with wrong pid '
'%(pid)d'), {'pid_file': pid_file, 'pid': pid})
'%(pid)d') % {'pid_file': pid_file, 'pid': pid})
remove_file(pid_file)
except OSError as e:
if e.errno == errno.ESRCH:

2
swift/common/middleware/acl.py
View File

@ -142,7 +142,7 @@ def format_acl_v1(groups=None, referrers=None, header_name=None):
def format_acl_v2(acl_dict):
"""
r"""
Returns a version-2 Swift ACL JSON string.
HTTP headers for Version 2 ACLs have the following form:

2
swift/common/middleware/catch_errors.py
View File

@ -45,12 +45,14 @@ class CatchErrorsContext(WSGIContext):
body='An error occurred',
content_type='text/plain')
resp.headers['X-Trans-Id'] = trans_id
resp.headers['X-Openstack-Request-Id'] = trans_id
return resp(env, start_response)
# make sure the response has the trans_id
if self._response_headers is None:
self._response_headers = []
self._response_headers.append(('X-Trans-Id', trans_id))
self._response_headers.append(('X-Openstack-Request-Id', trans_id))
start_response(self._response_status, self._response_headers,
self._response_exc_info)
return resp

5
swift/common/middleware/container_sync.py
View File

@ -130,6 +130,11 @@ class ContainerSync(object):
raise exc
else:
req.environ['swift.authorize_override'] = True
# An SLO manifest will already be in the internal manifest
# syntax and might be synced before its segments, so stop SLO
# middleware from performing the usual manifest validation.
req.environ['swift.slo_override'] = True
if req.path == '/info':
# Ensure /info requests get the freshest results
self.register_info()

Some files were not shown because too many files have changed in this diff Show More