Documentation, including a list of metrics reported and their semantics,
is in the Admin Guide in a new section, "Reporting Metrics to StatsD".
An optional "metric prefix" may be configured which will be prepended to
every metric name sent to StatsD.
Here is the rationale for doing a deep integration like this versus only
sending metrics to StatsD in middleware. It's the only way to report
some internal activities of Swift in a real-time manner. So to have one
way of reporting to StatsD and one place/style of configuration, even
some things (like, say, timing of PUT requests into the proxy-server)
which could be logged via middleware are consistently logged the same
way (deep integration via the logger delegate methods).
When log_statsd_host is configured, get_logger() injects a
swift.common.utils.StatsdClient object into the logger as
logger.statsd_client. Then a set of delegate methods on LogAdapter
either pass through to the StatsdClient object or become no-ops. This
allows StatsD logging to look like:
self.logger.increment('some.metric.here')
and do the right thing in all cases and with no messy conditional logic.
I wanted to use the pystatsd module for the StatsD client, but the
version on PyPi is lagging the git repo (and is missing both the prefix
functionality and timing_since() method). So I wrote my
swift.common.utils.StatsdClient. The interface is the same as
pystatsd.Client, but the code was written from scratch. It's pretty
simple, and the tests I added cover it. This also frees Swift from an
optional dependency on the pystatsd module, making this feature easier
to enable.
There's test coverage for the new code and all existing tests continue
to pass.
Refactored out _one_audit_pass() method in swift/account/auditor.py and
swift/container/auditor.py.
Fixed some misc. PEP8 violations.
Misc test cleanups and refactorings (particularly the way "fake logging"
is handled).
Change-Id: Ie968a9ae8771f59ee7591e2ae11999c44bfe33b2
This commit introduces a new algorithm for assigning partition
replicas to devices. Basically, the ring builder organizes the devices
into tiers (first zone, then IP/port, then device ID). When placing a
replica, the ring builder looks for the emptiest device (biggest
parts_wanted) in the furthest-away tier.
In the case where zone-count >= replica-count, the new algorithm will
give the same results as the one it replaces. Thus, no migration is
needed.
In the case where zone-count < replica-count, the new algorithm
behaves differently from the old algorithm. The new algorithm will
distribute things evenly at each tier so that the replication is as
high-quality as possible, given the circumstances. The old algorithm
would just crash, so again, no migration is needed.
Handoffs have also been updated to use the new algorithm. When
generating handoff nodes, first the ring looks for nodes in other
zones, then other ips/ports, then any other drive. The first handoff
nodes (the ones in other zones) will be the same as before; this
commit just extends the list of handoff nodes.
The proxy server and replicators have been altered to avoid looking at
the ring's replica count directly. Previously, with a replica count of
C, RingData.get_nodes() and RingData.get_part_nodes() would return
lists of length C, so some other code used the replica count when it
needed the number of nodes. If two of a partition's replicas are on
the same device (e.g. with 3 replicas, 2 devices), then that
assumption is no longer true. Fortunately, all the proxy server and
replicators really needed was the number of nodes returned, which they
already had. (Bonus: now the only code that mentions replica_count
directly is in the ring and the ring builder.)
Change-Id: Iba2929edfc6ece89791890d0635d4763d821a3aa
The code has moved to https://github.com/notmyname/swift-cnamelookup.
For current users of cname lookup, this will require installing the new
package and changing the "use" line of the cname lookup conf section's
to:
[filter:cname_lookup]
use = egg:swift_cnamelookup#swift_cnamelookup
And then 'swift-init proxy reload'.
Change-Id: If622486ddb04a53251244c9840aa3cfe72168fc5
Rate Limit middleware is now at
http://dpgoetz.github.com/swift-ratelimit/
For current users of Rate Limit, this will require installing the new
package and changing the "use" line of the ratelimit conf section to:
[filter:ratelimit]
use = egg:swiftratelimit#middleware
And then 'swift-init proxy reload'.
Change-Id: I2ab774e9cee9fba4103c1be4bea6d52d1adb29f7
The code has moved to https://github.com/notmyname/swift-domainremap.
For current users of domain remap, this will require installing the new
package and changing the "use" line of the domain remap conf section's
to:
[filter:domain_remap]
use = egg:swift_domainremap#swift_domainremap
And then 'swift-init proxy reload'.
Change-Id: I710caf9b991f9d37df36b826ae4338086d0ec36d
TempURL/FormPOST is now at http://gholt.github.com/swift-tempurl/
For current users of TempURL/FormPOST, this will require installing the new
package and changing the "use" line of the tempurl and formpost conf section's
to:
[filter:tempurl]
use = egg:swifttempurl#tempurl
[filter:formpost]
use = egg:swifttempurl#formpost
And then 'swift-init proxy reload'.
Change-Id: I5bddf7f9e09ee07815530a41c46ff901fc21b447
StaticWeb is now at http://gholt.github.com/swift-staticweb/
For current users of StaticWeb, this will require installing the new
package and changing the "use" line of the staticweb filter conf
section to:
use = egg:swiftstaticweb#middleware
And then 'swift-init proxy reload'.
Change-Id: Iab32adb5927698a667c5c6d6a572c44ca23414eb
bug 701248
bug 819303
This change makes syslog optional, by providing a unit test
config with the ability to cause test/unit/__init__.py to
replace SysLogHandler with a fake logging class. The
default behavior is unchanged.
FakeLogger now inherits directly from Handler and mocks out
its API - this was a backward-compatibility issue.
Change-Id: I653dec148c4f6cf81759de03964c6a3290c1a290
The listing of containers was inclusive whereas the listing of
objects was exclusive. I searched and searched and only found
end_marker usage with listings of objects so I changed the listings
of containers to match that.
Change-Id: Ia8eb66a7ceaef28c698e2d4e19dd5dfd9197a911
The test was failing silently. To catch these errors the response
from controller.PUT() is now checked.
Fixes to the TestObjectController.test_PUT_auto_content_type():
* Check for the correct 'Content-Type' header in the fake connect() method
* Pass in the correct number of responses to fake_http_connect()
* Pass a 'transfer-encoding' header to PUT() so that
constraints.check_object_creation() passes
* Pass the correct number of elements in the 'expected' iter to the
test_content_type() method
Change-Id: I8dced7b2f3c7e1b1d292c6995b1faf46f5e863fe
Corrected its/it's mistakes, harmonized line wrapping within some docs
and clarified doc wording in several places.
Change-Id: Ib9ac6d5e859f770a702e1fad6de8d4abe0390b47
Update StaticWeb, FormPost, and TempURL to use common
make_pre_authed_env and make_pre_authed_req functions.
Change-Id: I32cc3cddff0d2aaeb6314578872707c1a37b4bce
Added option to disable SQLite db preallocation. This can be very
useful on pure ssd account/container servers where the extra space is
worth more than the lesser fragmentation.
Change-Id: I8fbb028a9b6143775b25b343e97896497a8b63a9
Object versioning in swift is implemented by setting a flag on the container
to tell swift to version all objects in the container. The flag is the
``X-Versions-Location`` header on the container, and its value is the
container where the versions are stored.
When data is ``PUT`` into a versioned container (a container with the
versioning flag turned on), the existing data in the file is redirected to a
new object and the data in the ``PUT`` request is saved as the data for the
versioned object. The new object name (for the previous version) is
``<versions_container>/<object_name>/<timestamp>``, where the timestamp is
generated by converting the ``Last-Modified`` header value of the current
version to a unix timestamp.
A ``GET`` to a versioned object will return the current version of the object
without having to do any request redirects or metadata lookups.
Change-Id: I4fcd723145e02bbb2ec1d3ad356713f5dea43b8b
The previous staticweb had the silly problem of global state for
concurrent requests. This fixes that.
Also, the WSGI spec indicates start_response might not be called
right away and is only guaranteed to be called just before the first
"chunk" of the output iterator returns. This fixes StaticWeb's
previously incorrect assumption.
A thorough review of this code would be much appreciated; I've
messed it up enough times to not be completely trusted with it.
Change-Id: Ie751c24e21db7a884a83a731fbf2f4309437302c
Normally, the reaper begins deleting account information for deleted
accounts immediately. With this patch you can set it to delay its
work. You set the delay_reaping value in the [account-reaper] section
of the account-server.conf. The value is in seconds; 2592000 = 30
days, for example.
Unfortunately, there are currently zero tests for the account-reaper.
This also needs fixing, but I thought I'd submit this delay patch
alone for consideration.
Change-Id: Ic077df9cdd95c5d3f8949dd3bbe9893cf24c6623
My first stab at unittests for the recon middleware.
Also, made some minor changes to the middleware to make testing
easier now and down the road.
Change-Id: I23ce853398ff035ffbfc2082e90e22038832b966
Added optional max_containers_per_account restriction. If set to a
positive value and if a client tries to perform a container PUT when
at or above the max_containers_per_acount cap, a 403 Forbidden will
be returned with an explanatory message.
This only restricts the proxy server, not any of the background
processes that might need to create containers (replication, for
instance). Also, the container count is cached for the proxy's
recheck_account_existence number of seconds. For these reasons, a
given account could exceed this cap before the 403 Forbidden
responses kick in and therefore this feature should be considered a
"soft" limit.
You may also add accounts to the proxy's max_containers_whitelist
setting to have accounts that ignore this cap.
Change-Id: I74e8fb152de5e78d070ed30006ad4e53f82c8376
- Add auth version 2 to swift.common.client.
- Remove ununsed imports.
- Fix bug where auth_version should be a string.
- Add test for auth version 2.
- Allow to override the returns of http_connection for tests.
- Sync the passing of headers in bin/swift as well from client.
- Fixes bug 885011
- Previously it was review 3680 but abandoned.
- Address: Maru newby review.
- TODO: properly test auth_v1.
Change-Id: I579d8154828e892596fae9ab75f69d353f15e12c
Prior to this patch, you removed header metadata (such as
x-account-meta-name or x-container-meta-name) by sending the header
with no value. However, many tools such as curl will not send headers
with empty values.
This patch adds an alternate method for header metadata removal: Send
an x-remove-account-meta-name (x-remove-container-meta-name) header
with any value and the proxy will translate it to the original header
name with no value, indicating removal.
For safety, if you specify both x-remove-account-meta-name and
x-account-meta-name headers in the same request, the -remove header
will be ignored.
Change-Id: Ic220bec05a0e266db85fc8fa50011146ee886d9c
The S3 layer should not filter out content-range response headers as they are part of the
protocol and expected on a partial response.
Change-Id: I2ae0775b5e039d1d505c44ec235ea32370dba1bc
Small change to staticweb with container requests. Before, a request
to a container that had no x-container-meta-web-index and no
x-container-meta-web-listings would pass the request on to the proxy
server, even if x-web-mode was set to true. Now, if x-web-mode is set
true, it will 404.
This mostly important to folks that are using staticweb with an
external service that uses authenticated requests and x-web-mode set
to true, in which case the above 404 previously would return the
container listing (you were authenticated after all). Unauthenticated
requests would have received 401s anyway.
Change-Id: Ifd321a8a076a79c1e119c5259a40bf08defdbe3c
The body of http responses is included in error messages from
swift.common.client and bin/swift if the body exists
Includes changes requested by Juan Martinez
Includes changes requested by David Goetz
Fixed pep8 warnings
Bug 949843
Change-Id: Ib998280762b084dd46f8c0f4524eed20513de82b
Bug 926048.
Filter checks path for user-defined forbidden characters, and for
user-defined maximum length.
Includes changes to reflect gholt's latest comments to Patch Set 4
Also includes a change to a unit-test, renames another unit-test,
and removes one superfluous unit-test.
Added section to the example proxy config
Fixed-up unit test pep8 warnings
Changed error response code to 400 (Bad Request)
Change-Id: Iace719d6a3d00fb3dda1b9d0bc185b8c4cbc00ca
RingBuilder._reassign_parts() is really moving one (partition,
replica) pair at a time. However, the way that _gather_reassign_parts
passes that data in was strange; it would update each replica's entry
in _replica2part2dev to 0xffff, then return a list of affected
partitions. Now it just returns the pairs to move.
This is helpful in the presence of bugs that affect partition
assignment (e.g. #943493), there's no chance of stray 0xffff values
hanging around and corrupting the partition map.
Also, update my email address.
Change-Id: Ifb3aeb4fac750f66e2ddbad88eb5846e72bac20c
RingBuilder._reassign_parts assumed that only replica for a given
partition would move. This isn't necessarily true in the case where a
bunch of devices have been removed. This would leave invalid entries
in _replica2part2dev and also cause validation to fail.
One easy way to reproduce this is to create a 3-replica, 3-zone,
6-device ring with 2 drives per zone (all of equal weight), rebalance,
and then remove one drive from each zone and rebalance again.
Bug: 943493
Change-Id: I0d399bed5d733448ad877fa2823b542777d385a4
Fix bug 942644.
Use constant time string comparisons when doing authentication to help
guard against timing attacks.
Change-Id: I88c4c5cd9edd9e5d60db07b6ae2638b74a2a2e17
Fixes bug 939267. Return the quoted web-listings-css value
if it starts with '/', 'http://', or 'https://.' All other values
are treated as relative paths.
Change-Id: I55ee4ec77cf8db99aa48c9a398e29767b200e1eb
Fixes bug 989569.
This patch ensures that the list of groups is completely reset when dropping
privileges.
Change-Id: I049f75e66e08a4a6361504b013bc68c4c38ef093
Fixes bug 798268.
Python datetime's isoformat() uses %Y-%m-%dT%H:%M:%S.%f format, but
the miliseconds part is not included when it's zero.
As consequence the compliant ISO 8601 format was not consistent
when performing a GET request over a container (listing objects info).
Change-Id: Ifed3f0adf3eaca47304c142615169bd3f1901631
gholt
Darrell Bishop
Samuel Merritt
John Dickinson
David Goetz
Greg Lange
Dan Dillinger
Ionuț Arțăriși
Adrian Smith
Paul McMillan
Scott Simpson
gholt
Chmouel Boudjnah
Florian Hines
Michael Barton
Rainer Toebbicke
Eamonn O'Toole
Samuel Merritt
Russell Bryant
Doug Weimer
Juan J. Martinez