Train Series Release Notes


Bug Fixes

  • On Python 3, the KMS keymaster now works with secrets stored in Barbican with a text/plain payload-content-type.

  • Several utility scripts now work better on Python 3:

    • swift-account-audit

    • swift-dispersion-populate

    • swift-drive-recon

    • swift-recon


New Features

  • Python 3.6 and 3.7 are now fully supported. If you’ve been testing Swift on Python 3, upgrade at your earliest convenience.

  • Added “static symlinks”, which perform some validation as they follow redirects and include more information about their target in container listings. For more information, see the symlink middleware section of the documentation.

  • Multi-character strings may now be used as delimiters in account and container listings.

Upgrade Notes

  • Dependency update: eventlet must be at least 0.25.0. This also dragged forward minimum-supported versions of dnspython (1.15.0), greenlet (0.3.2), and six (1.10.0).

Bug Fixes

  • Python 3 fixes:

    • Removed a request-smuggling vector when running a mixed py2/py3 cluster.

    • Allow fallocate_reserve to be specified as a percentage.

    • Fixed listings for sharded containers.

    • Fixed non-ASCII account metadata handling.

    • Fixed rsync output parsing.

    • Fixed some title-casing of headers.

    If you’ve been testing Swift on Python 3, upgrade at your earliest convenience.

  • Sharding improvements

    • Container metadata related to sharding are now removed when no longer needed.

    • Empty container databases (such as might be created on handoffs) now shard much more quickly.

  • The proxy-server now ignores 404 responses from handoffs that have no data when deciding on the correct response for object requests, similar to what it already does for account and container requests.

  • Static Large Object sizes in listings for versioned containers are now more accurate.

  • When refetching Static Large Object manifests, non-manifest responses are now handled better.

  • S3 API now translates 503 Service Unavailable responses to a more S3-like response instead of raising an error.

  • Improved proxy-to-backend requests to be more RFC-compliant.

  • Various other minor bug fixes and improvements.


New Features

  • Experimental support for Python 3.6 and 3.7 is now available. Note that this requires eventlet>=0.25.0. All unit tests pass, and running functional tests under Python 2 will pass against services running under Python 3. Expect full support in the next minor release.

  • Log formats are now more configurable and include support for anonymization. See the log_msg_template option in proxy-server.conf and the Swift documentation for more information.

  • Added an operator tool, swift-container-deleter, to asynchronously delete some or all objects in a container using the object expirers.

  • Swift-all-in-one Docker images are now built and published to These are intended for use as development targets, but will hopefully be useful as a starting point for other work involving containerizing Swift.

Upgrade Notes

  • The object-expirer may now be configured in object-server.conf. This is in anticipation of a future change to allow the object-expirer to be deployed on all nodes that run the object-server.

  • Dependency updates: we’ve increased our minimum supported version of cryptography to 2.0.2 and netifaces to 0.8. This is largely due to the difficulty of continuing to test with the old versions.

    If running Swift under Python 3, eventlet must be at least 0.25.0.

Bug Fixes

  • Correctness improvements

    • The proxy-server now ignores 404 responses from handoffs without databases when deciding on the correct response for account and container requests.

    • Object writes to a container whose existence cannot be verified now 503 instead of 404.

  • Sharding improvements

    • The container-replicator now only attempts to fetch shard ranges if the remote indicates that it has shard ranges. Further, it does so with a timeout to prevent the process from hanging in certain cases.

    • The proxy-server now caches ‘updating’ shards, improving write performance for sharded containers. A new config option, recheck_updating_shard_ranges, controls the cache time; set it to 0 to disable caching.

    • The container-replicator now correctly enqueues container-reconciler work for sharded containers.

  • S3 API improvements

    • Unsigned payloads work with v4 signatures once more.

    • Multipart upload parts may now be copied from other multipart uploads.

    • CompleteMultipartUpload requests with a Content-MD5 now work.

    • Content-Type can now be updated when copying an object.

    • Fixed v1 listings that end with a non-ASCII object name.

  • Background corruption-detection improvements

    • Detect and remove invalid entries from hashes.pkl

    • When object path is not a directory, just quarantine it, rather than the whole suffix.

  • Various other minor bug fixes and improvements.