summaryrefslogtreecommitdiffstats
path: root/gluster
Commit message (Collapse)AuthorAgeFilesLines
* Use scandir if availablePrashanth Pai2016-11-181-13/+103
| | | | | | | | | | | | | | | | | scandir[1] is a directory iteration function like os.listdir(), which can optimize os.walk() by avoiding unnecessary calls to os.stat() Using scandir to avoid stat() calls requires GlusterFS to correctly set d_type field of entries in readdir() responses[2]. [1] https://github.com/benhoyt/scandir [2] http://review.gluster.org/#/c/14095/ Change-Id: Ibdb9a07d25708b5cd8fd663ac99669e7f1f7ba75 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/14460 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* s3: Make s3 support configurablePrashanth Pai2016-09-181-0/+18
| | | | | | | | | | | | | | | Amazon S3 compatibility: This change makes S3 support tunable using a config option and is turned off by default. This is a manual backport of this upstream swauth change: https://review.openstack.org/#/c/326336/ Change-Id: I106e3274c6d68f4575c1bf1a9013f066e969cb17 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/15098 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* Don't include salt in HMAC computationPrashanth Pai2016-09-131-1/+5
| | | | | | | | | | | | | | | Currently, the input to HMAC function is the entire stored credential in the format '<salt>$<hash>` but it should rather be only the hashed key/password. This is a minimal manual backport of this upstream swauth change: https://review.openstack.org/#/c/292529/ Change-Id: Ib119522d36359f87579ff8e4ada7331643695634 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/15097 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* Fix validation of marker dir objectsPrashanth Pai2016-09-122-15/+13
| | | | | | | | | | | | | | | | | | For marker directory objects, validate_object() always returned False. This was because st_size from stat was being compared to Content-Length stored in metadata. Unlike files, for directories st_size is always 4096. Hence the comparison would always be '4096 == 0' which would fail. This patch makes the following changes: * Do size comparison of st_size and Content-Length only for files. * Get rid of _is_dir everywhere. This will simplify things. Change-Id: Ib75e06c4e3bce36bab11ce7d029ff327f33c3146 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/14423 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* Don't attempt unlink on a non-existing objectPrashanth Pai2016-08-101-1/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Problem: getxattr() and unlink() were being called on an object path which was already determined to be non-existent. This resulted in both these syscalls always failing with ENOENT when client issues DELETE request on an object that does not exist. A request to DELETE an object will incur the following DiskFile API calls in sequence: disk_file.read_metadata() disk_file.delete() The above mentioned problem manifests because Swift code invokes disk_file.delete() even when disk_file.read_metadata() has raised DiskFileNotExist. Fix: During disk_file.read_metadata(), make a note that the file does not exist. When disk_file.delete() is called, do not proceed with object deletion. Change-Id: Iaf6915197a8fced7564db8fab80e696dea080c25 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/14501 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* Share gluster package namespacePrashanth Pai2016-08-101-0/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Problem: If both gluster-swift and libgfapi-python are installed on the same system, only one could be imported at a time. >>> from gluster import swift >>> from gluster import gfapi Traceback (most recent call last): File "<stdin>", line 1, in <module> ImportError: cannot import name gfapi Fix: Allow sharing of 'gluster' namespace among Python packages that use them. This was discussed and implemented for libgfapi-python project (http://review.gluster.org/#/c/9668/) but hadn't been done so far for other Python projects that use 'gluster' namespace. This change does it for gluster-swift. Refer: https://docs.python.org/2.7/library/pkgutil.html#pkgutil.extend_path https://stackoverflow.com/questions/1675734 Change-Id: Ic6de294325a065d606604179a7ab84721dd401e0 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/14855 Reviewed-by: Niels de Vos <ndevos@redhat.com> Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* Don't (f)chown when it has no effectPrashanth Pai2016-05-041-2/+12
| | | | | | | | | | | | | | | | | | For (f)chown calls which can change both UID and GID at once, -1 is reserved as a sentinel value to indicate "omitted argument" or "do not change". This makes sense when one of the args to (f)chown is -1. When both uid and gid args are -1, it doesn't make sense to call (f)chown as neither is going to be changed. Further, as of today, diskfile doesn't get the information (uid and gid) of the authenticated user from auth middleware. Retained the calls in code for future when such functionality might be added. Change-Id: If8463ae78a32c379d698260879810ed3c207af02 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13778 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* Open object only if it's going to be readPrashanth Pai2016-05-031-6/+38
| | | | | | | | | | | | | | | | | | | Open()ing an object is necessarry only in two cases: * Serving a GET request * Recalculating etag when metadata is stale (can be triggered by any type of request) This change ensures that for requests other than GET, a file is not opened if the metadata is valid (size and etag accurate). Note that if metadata is stale, the file is still opened and read to compute etag. This patch does not change the behaviour of triggering metadata validation and regeneration for non-GET requests. Change-Id: Icefa4dec7d715ec9e6dd68ae7fe89a0d90fe71b3 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13684 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* Handle non-blocking renames during object PUTsPrashanth Pai2016-05-032-10/+42
| | | | | | | | | | | | | | | | | | | | DiskFile._finalize_put() will now retry renames if it fails with EBUSY or ESTALE. This is required because for a brief period of time, rename operation in glusterfs was non-blocking. Reference: http://review.gluster.org/#/c/13366/ This change also does the following: * Updates comments to add clarity for operations done and exceptions caught in DiskFile.create() * Handles race between container existance check (memcache) and object creation a little more gracefully by logging what really happened. Change-Id: I89777be19eef73826b5f84deec0777173b62935f Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/14118 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* Make swift's expirer compatible with gluster-swiftPrashanth Pai2016-04-203-45/+149
| | | | | | | | | | | | | | | | | | | | | | | | Swift's object expirer in kilo series was incompatible with gluster-swift. This change does the following: * Optimizes crawl in account and container server for listing requests for containers and tracker objects in gsexpiring volume. * Enables container server to delete tracker objects from gsexpiring volume. Swift's expirer sends request directly to container server to remove tracker object entry. * delete_tracker_object() is now a common utility function that is invoked from container server and gluster-swift's object expirer. * Run functional test to be run against both swift's object expirer and gluster-swift's object expirer Change-Id: Ib5b7f7f08fe7dda574f6dd80be2f38bdfaee32bc Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/14038 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* Enhance object expirationPrashanth Pai2016-04-154-25/+242
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change re-introduces object expiration feature with some internal differences from earlier implementation such as: * Creation of zero-byte tracker object is performed directly on the mount point. Earlier HTTP request was sent to object server for the same. This incurred overhead of metadata creation for these zero-byte files which isn't necessarry as all required information is encoded in the path itself. * Crawling of zero-byte tracker objects is done by the object expirer daemon itself and not container server. * Deletion of tracker object is performed by the object expiration daemon directly on mount point. Deletion of actual data object is not carried out by object expiration daemon directly. The object expirer sends a DELETE request to object server which deletes the actual object. This behaviour is not changed. There is no change in behaviour in comparison with older implementation. This is asserted by re-enabling existing functional tests without any changes. Change-Id: I01dc77cc4db3be3147d54e3aa2a19ed182498900 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13913 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* Don't fetch metadata for plain object listingPrashanth Pai2016-04-052-2/+66
| | | | | | | | | | | | | | Fetch metadata (xattr) for objects in a container ONLY when the client asks for it (using content-type indicating JSON or XML response). This avoids a lot of unnecessarry stat() and getxattr() calls whose results would anyways be unused. The performance gain is obvious in this case. Change-Id: I4c8b0516dedd04553a5ed450bc855cafbfabada9 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13573 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* Remove redundant syscalls in POST pathPrashanth Pai2016-04-041-5/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | During process of POST requests which updates object metadata (xattrs), the following (ordered) sequence of syscalls were being made twice: open(), fstat(), fgetxattr(), close() Intuitively, one may assume that a getxattr() and setxattr() is enough to fulfil the POST request as it is only supposed to update metadata. But this isn't the case. The above series of syscalls is made first during disk_file.open(). This will trigger an update of all stale metadata (outdated size/etag) and the result is retained in a diskfile class attribute named 'self._metadata' Instead of using this pre-fetched metadata, the POST path was internally invoking disk_file.open() again in disk_file.write_metadata(). This is redundant and serves no purpose. self._metadata was being erased during the context manager cleanup of disk_file.open() This change is simple and does the following: * Don't erase fetched metadata during context manager exit of open() * Use a different internal variable to detect and raise DiskFileNotOpen * Re-use self._metadata if available in disk_file.write_metadata() Here's comparing syscalls made (POST path) with and without this fix: https://bugzilla.redhat.com/show_bug.cgi?id=1314171#c4 Change-Id: Ib64c103e5904428df20ec6e8f10140f4f68e7f79 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13668 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* Don't fetch metadata for plain container listingPrashanth Pai2016-04-044-4/+94
| | | | | | | | | | | | | | | | | Fetch metadata (xattr) for containers in an account ONLY when the client asks for it (using content-type indicating JSON or XML response). This avoids a lot of unnecessarry stat() and getxattr() calls whose results would anyways be unused. The performance gain is obvious in this case. This change is restricted to container listing. The same can be extended to object listing as well (will be sent as a separate change) Change-Id: Ibff1c5a90519f11053c0b651d8ea3385dda43a2f Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13497 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* Fix changing of auth_type in existing deploymentsPrashanth Pai2016-03-182-7/+83
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This changes does two things: * Adds Sha512 as a supported auth_type. * Fixes breakage when auth_type is changed in existing deployments. If an existing gswauth deployment changes `auth_type` in conf file to a different one (for example: sha1 to sha512), all attempts to authorize existing/old users will fail because of change in encoder type. With this change, the credentials match is done using an encoder with which the password was initially encoded. This allows gswauth deployments to change auth_type and old users will still be able to authorize. A note on auth_type_salt: There's still a distinction between how salt is managed in gswauth and swauth: swauth will use a random salt if a salt is not set in conf file where as gswauth will default to 'gswauthsalt' if a salt is not set in conf file. This distinction is to ensure backward compatibility. This change is derived from following upstream changes in swauth repo: e14a7b3df86969d478090b314d9660b6d835afa7 https://review.openstack.org/#/c/285195/ https://review.openstack.org/#/c/285292/ Change-Id: I9a43adc4964d8e9f9f1faf73063a6dc1cd8ff354 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13654 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* Bump gluster-swift version to 2.3.0 (kilo)Prashanth Pai2016-03-151-1/+1
| | | | | | | | Change-Id: Iaec0c1577e99d06195d3ea86588f6089a3fe60db Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13737 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* Don't pass unicode to hmac.new()Prashanth Pai2016-03-151-0/+7
| | | | | | | | | | | | | This issue can be hit when swift3 middleware is in the pipeline. This change is a backport of the following swauth change: https://review.openstack.org/#/c/282191/ Change-Id: I323d3eeaf39e2019f8f8910bc53904ac94208ed2 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13641 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* Remove 60 secs subtraction from item_expiresPrashanth Pai2016-03-111-1/+1
| | | | | | | | | | | | | | According to https://github.com/gholt/swauth/issues/73 nobody knows why is this here. Let's try to remove it :). This is ported from following commit in swauth repo: 79c153f7b198ffaf0c3fd781587a0133bab43d7f Change-Id: I8e64b53ed59dab1f554b7c08f1342c2b5dd4675a Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13522 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* Use correct content type on JSON responsesPrashanth Pai2016-03-111-6/+13
| | | | | | | | | | | | | | | | | Currently, in cases where swauth returns a JSON document as its body, it does not specify a content type, and swob defaults it to text/html. This change uses a standard content type of 'application/json' in each of these instances, and adjusts the tests accordingly. This is ported from following commit in swauth repo: 556aa156979741292bde78425f413f9dee639b4f Change-Id: Ib61370ba10b5e0364c2aed6321388715a6710355 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13521 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* Remove old auth token from memcachePrashanth Pai2016-03-101-0/+5
| | | | | | | | | | | This is ported from following commit in swauth repo: 17faf4e54f9faa031755aa583b67ef68e5ec2b08 Change-Id: I816b04328d02f4b8641571c337ba993a94145615 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13520 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* Fix dup fd leakPrashanth Pai2016-03-081-4/+11
| | | | | | | | | | | | A fd was not being closed after it was duplicated. This code path can be easily hit when doing a GET on a file that needs Etag (md5sum) to be recalculated. Change-Id: Ib2e10d990b9b2e1fa85d0079767892de8c8d4eec Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13593 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* Fix pep8 and functestsPrashanth Pai2016-03-079-12/+12
| | | | | | | | | | Functests used to fail with higher version of python-eventlet (from EPEL repo) package on rhel6. This change addresses that and also some pep8 issues. BUG: 1302546 Change-Id: I5a1a1deb94ee712a387af3d6f65afbcb8557ab6f Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13636
* Remove redundant syscalls in GET pathPrashanth Pai2016-03-072-18/+21
| | | | | | | | | | | | | | | This change removes redundant fstat() and fgetxattr() performed in the GET path when object added from file interface is being accessed for the first time via the object interface. This is a manual backport of this change: https://review.openstack.org/#/c/246365/ Change-Id: I29f56cef80c94779145e2948ba14f35817d46e0c Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13624 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* Rebase to stable/kiloPrashanth Pai2016-03-077-235/+193
| | | | | | | | | | | | | | | | This change ports most of swiftonfile object server fixes and changes into gluster-swift. Storage policy as a feature is not usable here (it doesn't make sense). The hacky way of creating zero byte tracker objects for object expiration has not been ported to this release due to scalability issues and the need to have a separate volume. Change-Id: I17ba27dacea9ac000bdb8934700996e4d17f4251 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13269 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* Do not use pickle: Use jsonPrashanth Pai2016-01-112-7/+71
| | | | | | | | Change-Id: Iffdd56704330897fbde21f101c9b2ed03c2ae296 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-by: Thiago da Silva <tdasilva@redhat.com> Tested-by: Thiago da Silva <tdasilva@redhat.com> Reviewed-on: http://review.gluster.org/13221
* Refactor read_metadata() methodPrashanth Pai2016-01-111-43/+48
| | | | | | | | | | | | | | | This change: * Simplifies read_metadata() method. * Validates pickle header before attempting to unpickle. This change does NOT fix the security vulnerability itself. That would be sent as a separate change. Change-Id: Id95bd584f3ad00fb075456544495f17f7038f991 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-by: Thiago da Silva <tdasilva@redhat.com> Tested-by: Thiago da Silva <tdasilva@redhat.com> Reviewed-on: http://review.gluster.org/13220
* Update repoThiago da Silva2016-01-0617-5442/+156
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a squashed commit imported from this repo: https://github.com/openstack/swiftonfile/tree/icehouse Contains the follwing commits from above mentioned repo: eb50236 Merge "Backport: Fix metadata overall limits bug" into icehouse 79ea52a Backport: Fix metadata overall limits bug bc43f0b Fix inconsistent data being returned on GET ad0bb79 Import HTTPBadRequest from swift's module 74d02e6 Exclude .trashcan dir from container listing b2dbc15 Catch ESTALE in addition to ENOENT 8d60b48 Properly handle read_metadata() exceptions 6762fc6 Fix object server leaking file descriptors 2842e82 Fix API incompatibility in update_metadata() 2beeef6 Merge "Remove swiftkerbauth code" into icehouse 93dbcb5 Update object-expirer.conf with explanations c9d2f09 Merge "Check if /etc/swift exists in ring builder" into icehouse d66c14c Remove swiftkerbauth code 3142ed2 Add object expiration functests 97153d1 Merge "Cleanup functest and undo old patch" into icehouse bc234d0 Remove old travis config file and fix typo 260c8ef Check if /etc/swift exists in ring builder 637dac9 Cleanup functest and undo old patch 051e068 Merge pull request #35 from prashanthpai/backport-1 be104a3 Merge pull request #36 from prashanthpai/backport-2 ff76f42 fix issue with GET on large object (icehouse-backport) 04d0a99 Fix unlink call after successful rename 4c6ca1d updating README file with project name change 10b2680 Merge pull request #18 from thiagol11/icehouse 5bcab8f Updating version on __init__ file 5c2cba2 Merge pull request #15 from thiagol11/update_spec 52b00a8 updating spec file to add dependency on swift icehouse ae7c93b Merge pull request #6 from prashanthpai/rebase 191e55b Revert: allow non-root user to run functests cb7e968 Modify unit tests and func tests d23fd1b Sync with OpenStack Swift v1.13.1 b6d1671 Merge pull request #12 from pushpesh/functionalnosetestremove 962622b Merge pull request #8 from thiagol11/update_readme 4560857 Merge pull request #9 from prashanthpai/spec-expirer be0ae7e Minor update 65000f1 Removing functionalnosetests 8ab1069 Fix object-expirer.conf-gluster RPM build error afee30f added new support filesystem section 527b01f updated README.md to Swift-On-File 9a240c7 Merge pull request #3 from thiagol11/add_jenkins_to_travis 34b5a8b removing blank lines 3568b64 fixing missing fi d8f5b0f adding support to run jenkins triggered by travis 6f4a88c Removing functionalnosetests 8041944 Update README.md c015148 Merge pull request #2 from thiagol11/master 3ddd952 fixing travis file to run correct unit test c582669 adding travis status badge to README 8093096 adding py26 unit testing to travis 37835fd trigger travis build cb6332a adding travis ci testing All tests have been run sucessfully against this. tox -e p2p8,py27,functest Change-Id: I096b611da852d3eb3913844034b443b8272c2ac4 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13188
* Updating code to call fs_utils instead of python's os moduleThiago da Silva2014-04-104-79/+123
| | | | | | | | | | | | | | | | This change is being done to prepare the code to always call fs_utils for all filesystem calls on the data being stored. By creating this interface (i.e., fs_utils), we can then make a seamless change to use the current method of 'os.' calls over FUSE _or_ libgfapi. This new method will be introduced in a new separate patch. Change-Id: Ic768fa7352d7672b1f060230bb4486f0ec228152 Signed-off-by: Thiago da Silva <thiago@redhat.com> Reviewed-on: http://review.gluster.org/7333 Reviewed-by: Prashanth Pai <ppai@redhat.com> Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
* removing exception handling in do_mkdirThiago da Silva2014-03-271-11/+1
| | | | | | | | | | | | | | | | | | | | | This change is being made to allow callers to handle any exception thrown by os.mkdir. This function is currently never called anywhere in the code. It was introduced as part of the first commit to this project but it was never used. This patch (http://review.gluster.org/#/c/5304/) removed the early version of this function, and this patch (http://review.gluster.org/#/c/5305/) added it back with new exception handling. Change-Id: I71325660cb47594b0804da3da21920e26d2055f2 Signed-off-by: Thiago da Silva <thiago@redhat.com> Reviewed-on: http://review.gluster.org/7350 Reviewed-by: Prashanth Pai <ppai@redhat.com> Reviewed-by: Chetan Risbud <crisbud@redhat.com> Tested-by: Chetan Risbud <crisbud@redhat.com>
* removing _make_directory_locked functionThiago da Silva2014-03-261-73/+4
| | | | | | | | | | | | | This function was added as a workaround for race condition bug found in earlier versions of Glusterfs. The bug has since been fixed in the latest version of Glusterfs, so there's no need to support this code any longer. Change-Id: I50ebb66bdf0553ae8bab98ed8f783e0389e83fa8 Signed-off-by: Thiago da Silva <thiago@redhat.com> Reviewed-on: http://review.gluster.org/7335 Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
* fix __exit__ function not closing file descriptorThiago da Silva2014-03-261-1/+1
| | | | | | | | | | | The file descriptor is not being closed because it is self._fd is None Change-Id: I7edc8a78b09bdd76d59ac8f3dbc809af652f9b0e Signed-off-by: Thiago da Silva <thiago@redhat.com> Reviewed-on: http://review.gluster.org/7315 Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
* removing check_user_xattr functionThiago da Silva2014-03-261-18/+0
| | | | | | | | | | | | This function is no longer used, the code that called this function was removed as part of this patch: http://review.gluster.com/#/c/3390/ Change-Id: I6e81e4b763ce302289e2be5467dc4776f0750c15 Signed-off-by: Thiago da Silva <thiago@redhat.com> Reviewed-on: http://review.gluster.org/7336 Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
* Add support for Object Expiration featurePrashanth Pai2014-03-243-13/+113
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Preventing access to expired objects ------------------------------------ Re-enabled accepting X-Delete-At and X-Delete-After headers. During a GET on an expired object, DiskFileExpired is raised by DiskFile class. This will result in object-server returning HTTPNotFound (404) to the client. Tracking objects to be deleted ------------------------------ Objects to be deleted are tracked using "tracker objects". These are PUT into a special account(a volume, for now). These zero size "tracker objects" have names that contain: * Expiration timestamp * Path of the actual object to be deleted Deleting actual objects from GlusterFS volume --------------------------------------------- The object-expirer daemon runs a pass once every X seconds. For every pass it makes, it queries the special account for "tracker objects". Based on (timestamp, path) present in name of "tracker objects", object-expirer then deletes the actual object and the corresponding tracker object. To run object-expirer forever: swift-init object-expirer start To run just once: swift-object-expirer -o -v /etc/swift/object-expirer.conf Caveat/Limitation: Object-expirer needs a separate account(volume) that is not used by other services like gswauth. By default, this volume is named "gsexpiring" and is configurable. More info about object expiration: http://docs.openstack.org/developer/swift/overview_expiring_objects.html Change-Id: I876995bf4f16ef4bfdff901561e0558ecf1dc38f Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/6891 Tested-by: Chetan Risbud <crisbud@redhat.com> Reviewed-by: pushpesh sharma <psharma@redhat.com> Tested-by: pushpesh sharma <psharma@redhat.com> Reviewed-by: Chetan Risbud <crisbud@redhat.com>
* Sync with OpenStack Swift v1.13.0Prashanth Pai2014-03-131-1/+1
| | | | | | | | | | | Also, bumped version of gluster-swift to v1.13.0 Change-Id: I797dc704c9523540cba847b1e8ff3da97b79630c Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/7229 Reviewed-by: Chetan Risbud <crisbud@redhat.com> Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
* PUT of a Directory failedChetan Risbud2014-03-122-11/+40
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | PUT of a directory fails with gluster-swift when there exists object of a same name. This is because the objects and directories are placed on the glusterfs. And hence the filesystem semantics are applicable there. Exceptions raised in such situation are needed to be handled and reported correctly back to proxy-server with HTTPConflict as a error code. Although swift still continues to choose 503 as the best respose in such cases. No tracebacks reported. Fix covers the case when there exists a directory and object of the same name is PUT. Code changes fixes both the failure cases mentioned in the bug. Examples of failing PUT requests: 1) curl -v -X PUT http://127.0.0.1:8080/v1/AUTH_test/c1/dir1/obj2/anotherobject -d'asdasdsadA' -- obj2 was already an object. 2)curl -v -H 'Content-Length: 0' -H 'Content-Type: application/directory' -X PUT http://127.0.0.1:8080/v1/AUTH_test/c1/obj1 -- obj1 was already and object Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1071021 Change-Id: Id3042d920e3f99e740d4042ef5907ac8c59e04db Signed-off-by: Chetan Risbud <crisbud@redhat.com> Reviewed-on: http://review.gluster.org/7181 Reviewed-by: Prashanth Pai <ppai@redhat.com> Tested-by: Prashanth Pai <ppai@redhat.com>
* Restart memcached after clean-up-token --purge-allChetan Risbud2014-03-111-2/+8
| | | | | | | | | | | | | | | | | | | | Bug: https://bugs.launchpad.net/gluster-swift/+bug/1269444 Recommended way is to flush the cached tokens from memcached after gswauth-clean-up-token. As currently there is no way to flush only those tokens from memcached. So a debug message recommending restart of the memcached. A quick fix. Bigger fix would come in later. Older cached tokens should be flushed/invalidated to let access path work correctly with valid and new tokens. Change-Id: Ic7a820eb3c60bac4829d5c5230cb3a5241b77957 Signed-off-by: Chetan Risbud <crisbud@redhat.com> Reviewed-on: http://review.gluster.org/7168 Reviewed-by: Prashanth Pai <ppai@redhat.com> Tested-by: Prashanth Pai <ppai@redhat.com> Reviewed-by: pushpesh sharma <psharma@redhat.com> Tested-by: pushpesh sharma <psharma@redhat.com>
* Sync with OpenStack Swift v1.12.0Luis Pabon2014-02-161-1/+1
| | | | | | | | | | | | * Bumped the version of gluster-swift to v1.12.0. * Added document on how to do a sync Change-Id: I676e110759b0bce3007a2a38f3b384b4ca9d710d Signed-off-by: Luis Pabon <lpabon@redhat.com> Reviewed-on: http://review.gluster.org/6977 Reviewed-by: Prashanth Pai <ppai@redhat.com> Reviewed-by: Chetan Risbud <crisbud@redhat.com> Tested-by: Chetan Risbud <crisbud@redhat.com>
* adding error handling to gswauth-cleanup-tokens toolThiago da Silva2014-02-051-4/+25
| | | | | | | | | | | | | | | added input validation for a couple of options and error handling in case a non-existing account name is provided Change-Id: I6d703d584552fc7b7574f34e79ed25a2982b6d5e Signed-off-by: Thiago da Silva <thiago@redhat.com> Reviewed-on: http://review.gluster.org/6767 Reviewed-by: Prashanth Pai <ppai@redhat.com> Tested-by: Prashanth Pai <ppai@redhat.com> Reviewed-by: pushpesh sharma <psharma@redhat.com> Tested-by: pushpesh sharma <psharma@redhat.com> Reviewed-by: Chetan Risbud <crisbud@redhat.com>
* Rebase swiftkerbauth imported code with upstreamChetan Risbud2014-01-273-16/+181
| | | | | | | | | | | | | | | | | Few changes have been merged to upstream swiftkerbauth repo. This commit brings it down to gluster-swift repo. Bringing below changes to gluster-swift repo in one go. http://review.gluster.org/#/c/6296/ http://review.gluster.org/#/c/6370/ http://review.gluster.org/#/c/6595/ http://review.gluster.org/#/c/6713/ http://review.gluster.org/#/c/6732/ Change-Id: I10dc12d75ec63fca313339fbc71e4f18071af552 Signed-off-by: Chetan Risbud <crisbud@redhat.com> Reviewed-on: http://review.gluster.org/6764 Reviewed-by: Prashanth Pai <ppai@redhat.com>
* Initial import of the swiftkerbauthChetan Risbud2014-01-215-0/+555
| | | | | | | | | | | | | | | Imported code till commit f64a3354185f32928e2568d9ece4a52fa4746c05 Changed a code bit to import correct definitions. kerbauth unit tests do run along with gluster-swift. Install script does install swiftkerbauth. import swiftkerbauth from http://review.gluster.org/swiftkrbauth.git Change-Id: Ia89f2b77cc68df10dee2f41ce074f3381ac3c408 Signed-off-by: Chetan Risbud <crisbud@redhat.com> Reviewed-on: http://review.gluster.org/6597 Reviewed-by: Prashanth Pai <ppai@redhat.com> Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
* Sync with OpenStack v1.11.0 Jan 10 2014v1.11.0Luis Pabon2014-01-151-1/+1
| | | | | | | | | | | | | Updated tox.ini, functional tests, and proxy unit tests. BUG: https://bugs.launchpad.net/bugs/1268017 Change-Id: I5ff8359b8abdb8fe5ae82492c12f57c395992735 Signed-off-by: Luis Pabon <lpabon@redhat.com> Reviewed-on: http://review.gluster.org/6682 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* fix error handing in swauth toolsThiago da Silva2014-01-148-40/+117
| | | | | | | | | | | | | The swauth tools did not handle an invalid admin_url, so it just failed printing the stacktrace, which is not useful to end users. This fix catches the exception and prints an error message that can help user solve the issue. Change-Id: I806c1cf191b5921e904b155f65cdbde5f2aac695 Signed-off-by: Thiago da Silva <thiago@redhat.com> Reviewed-on: http://review.gluster.org/6431 Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
* Fix bug where admin is able to delete reseller_adminThiago da Silva2014-01-101-21/+69
| | | | | | | | | | | | | | | | | Changed the code to only allow the super_admin to delete a reseller_admin. This follows the same logic of user creation, where only the super_admin can create a reseller_admin. Also, took the opportunity to refactor some code and implemented get_user_detail method to remove duplicated code Bug 1260239: https://bugs.launchpad.net/gluster-swift/+bug/1260239 Change-Id: I9e4866cd7ad08698f427846be566ab2364ad4850 Signed-off-by: Thiago da Silva <thiago@redhat.com> Reviewed-on: http://review.gluster.org/6516 Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
* fixed gswauth cmd tools to require admin key argumentThiago da Silva2014-01-078-15/+35
| | | | | | | | | | | | | | | | All tools were changed to display the usage help text in case the admin key is not provided as an argument Bug 1261677: https://bugs.launchpad.net/gluster-swift/+bug/1261677 Change-Id: I37fa8518be970364b81955644931f6e416bcdc42 Signed-off-by: Thiago da Silva <thiago@redhat.com> Reviewed-on: http://review.gluster.org/6553 Reviewed-by: Prashanth Pai <ppai@redhat.com> Tested-by: Prashanth Pai <ppai@redhat.com> Reviewed-by: pushpesh sharma <psharma@redhat.com> Tested-by: pushpesh sharma <psharma@redhat.com> Reviewed-by: Luis Pabon <lpabon@redhat.com>
* Fix users not able to change their own password/keyPrashanth Pai2014-01-072-15/+66
| | | | | | | | | | | | | | | | | | | | | | | Users were not able to update their own password/key with the update operation resulting in 403 (HTTPForbidden). EXAMPLES: Command to update password/key of regular user: gswauth-add-user -U account1:user1 -K old_pass account1 user1 new_pass Command to update password/key of account admin: gswauth-add-user -U account1:admin -K old_pass -a account1 admin new_pass Command to update password/key of reseller_admin: gswauth-add-user -U account1:radmin -K old_pass -r account1 radmin new_pass BUG: https://bugs.launchpad.net/gluster-swift/+bug/1262227 Change-Id: I604da5aee67099b29541eb7e51a040a041f1961b Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/6650 Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
* Handle ENOSPC on os.close() operationPrashanth Pai2014-01-071-2/+8
| | | | | | | | | | | | | It is quite possible that errors on a previous write() operation are first reported at the final close(). For fruther info, refer to: http://review.gluster.org/#/c/6269/ Change-Id: If0fbe2f5109d28c82cb493f2526fd5057f86b556 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/6608 Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
* removing -s option from gswauth toolsThiago da Silva2014-01-062-16/+0
| | | | | | | | | | | | | | | | the --suffix option is not currently supported in this version of gswauth, so we are removing to not confuse users. Bug 1262230: https://bugs.launchpad.net/gluster-swift/+bug/1262230 Change-Id: I12da2aad5929f619f838c217330bef503b7e0ba2 Signed-off-by: Thiago da Silva <thiago@redhat.com> Reviewed-on: http://review.gluster.org/6542 Reviewed-by: pushpesh sharma <psharma@redhat.com> Tested-by: pushpesh sharma <psharma@redhat.com> Reviewed-by: Prashanth Pai <ppai@redhat.com> Tested-by: Prashanth Pai <ppai@redhat.com> Reviewed-by: Chetan Risbud <crisbud@redhat.com>
* gswauth: Fix 403 being returned instead of 401Prashanth Pai2013-12-189-18/+98
| | | | | | | | | | | | | | | | | | | | - 401(Unauthorized) is to be returned when user credentials are wrong where as 403(Forbidden) is to be returned when user credentials are correct but the user doesn't have the priveleges to carry out the operation. - Also error messages displayed when using swauth-* command line utilities have been updated. Change-Id: I485786896ad14d3263f4325d1857cacc93adab96 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/6336 Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com> Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/6447 Reviewed-by: Thiago Da Silva <thiago@redhat.com> Tested-by: Thiago Da Silva <thiago@redhat.com>
* Fix double close issue in diskfileLuis Pabon2013-12-131-12/+14
| | | | | | | | | | | | | | | The DiskWriter was closing the file descriptor when it finished writing but initializing it to None. Therefore, the DiskFile context manager would then try to close it also. Change-Id: I188ec814d025e28c7b89532f0502ebf1d4a20a09 Signed-off-by: Luis Pabon <lpabon@redhat.com> Reviewed-on: http://review.gluster.org/6317 Reviewed-by: Peter Portante <pportant@redhat.com> Reviewed-by: pushpesh sharma <psharma@redhat.com> Tested-by: pushpesh sharma <psharma@redhat.com> Signed-off-by: Luis Pabon <lpabon@redhat.com> Reviewed-on: http://review.gluster.org/6487
* renaming swauth tools to gswauthThiago da Silva2013-12-068-12/+12
| | | | | | | | | | | | | | | | cli tools for account and user mgmt have been renamed from swauth-* to gswauth-* Updated other configuration and test files accordingly Change-Id: Iced3bb27fbd09da45754ddb264f8fb4528ab423c Signed-off-by: Thiago da Silva <thiago@redhat.com> Reviewed-on: http://review.gluster.org/6417 Reviewed-by: pushpesh sharma <psharma@redhat.com> Tested-by: pushpesh sharma <psharma@redhat.com> Reviewed-by: Shilpa MJ <smanjara@redhat.com> Tested-by: Shilpa MJ <smanjara@redhat.com> Reviewed-by: Luis Pabon <lpabon@redhat.com>