OpenAFS 1.6.9
All server platforms
* Fix for OPENAFS-SA-2014-002
OpenAFS 1.6.8
All platforms
* Documentation improvements (10751 10875 10931 10897 10883 10954 10955)
* Improved diagnostics and error messages (10756 10814 10949)
* Fixed a bug in RX that could make errors during packet reception go
unnoticed. (10733)
* Fixed a bug that made "vos size -dump" display the wrong size for
large volumes. (10933) (RT #131819)
All server platforms
* Change the default fileserver sync behavior from "delayed" to "onclose".
This means that explicit syncing only happens when a volume is detached.
(10809)
* Added the -offline-timeout and -offline-shutdown-timeout options to the
fileserver, to implement interrupting clients accessing volumes we are
trying to take offline. (6266 10799)
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
libntfs: added use of hd library to get the legacy BIOS geometry
libntfs: switched to /proc/mounts for checking existing mounts
libntfs: fixed usa checking by ntfsck on 4K sector disks
libntfs: fixed processing compressed data beyond file size (Windows 8 compliance)
libntfs: fixed expanding a resident attribute without inserting holes
libntfs: allow DACLs to not have any ACE
libntfs: ignore unmapped regions when checking whether sparse
libntfs: upgraded the Win32 interface for use with ntfsprogs
ntfsresize: enabled relocating the MFT when shrinking a volume
ntfsresize: fixed trying to update the MFT and Bitmap on a test run
ntfsresize: fixed updating all the MFT runs in a relocated MFT
ntfsresize: set the backup boot sector when the size is reliable
ntfsresize: reserved a single sector for the backup boot sector
ntfsundelete: output the modification time when scanning files
ntfsundelete: ported to Windows
ntfsclone: fixed wiping fragmented metadata when creating a metadata image
ntfsclone: allowed cloning a file system despite allocation errors
ntfsclone: fixed bad copying of the backup boot sector
ntfsclone: ported to Windows
ntfsdecrypt: made compatible with libgrypt-1.6
- Looks like in some rare circumstances, Cwd::abs_path() can croak,
so now we wrap that in eval { } and deal accordingly.
0.12 2014-02-19
- We now fully resolve symlinks in @INC paths. The previous 'fix'
for Debian broke the tests on FreeBSD.
Thanks to G茅raud Continsouzas, and Daniel Lintott for help testing.
0.11_03 2014-02-18
- Another place where we need to worry about getting undef.
0.11_02 2014-02-18
- Wasn't handling the case where abs_path() returns undef,
which it does if a symlink "goes nowhere".
0.11_01 2014-02-18
- The testsuite fix in 0.11 caused a breakage on FreeBSD,
where a directory path contains a symlink that wasn't
the final directory. So now module_path() fully resolves
all symlinks in the path, using Cwd::abs_path().
0.11 2014-02-17
- Testsuite now uses Cwd::abs_path() on paths from %INC,
to cope with synlinks in @INC directories.
This was causing test failures on Debian(-based) systems.
Thanks to Daniel Lintott and Erez Schatz for reporting
and testing proposed fix.
0.10_01 2014-02-16
- Developer release with the change that made it into
0.11, above.
0.10 2014-02-04
- mpath can display paths for multiple modules (Ahmad Syaltut)
- specified min perl version 5.6.0
0.09_01 2013-08-21
- If a directory in @INC is a symlink, return the linked-to directory
in the path. Problem report and patch from Sharl Morlaroll
https://github.com/neilbowers/Module-Path/issues/4
Remove unused options bos-new-config, fast-restart, & largefile.
Remove patches fixed upstream.
OpenAFS 1.6.6
All platforms
* As of this release, OpenAFS no longer ships uncompressed source tarballs.
Tarballs are still shipped with both compression formats, gzip and bzip2.
(10131)
* Documentation improvements (10136 10314 10601)
* Improved diagnostics and error messages (9412 10085 10274)
* Avoid redefining "assert" in our public header files, which could
cause failures when building some applications using them. (10096)
* Fixes for parallel builds (10005 10309 10337)
* Added a -s switch to afscp (not installed by default) to help simulate
a slow client. (9416 9417)
* Added a -probe switch to vlclient test program (not installed by default)
to ping all vlservers in a cell in parallel. (9570)
All server platforms
* The fileserver now ignores any vice partitions with a NeverAttach flag
file present in the root directory. (RT #130561) (9470 9471)
* Restrict forcing CPS ("Current Protection Subdomain") recalculation in
the fileserver to administrators. Also fixed a bug that could cause this
operation to be incomplete. (9485 9487)
* Allow non-DAFS fileservers to attach unusable volumes, restoring pre-1.6
behaviour. (RT #131505) (9499)
* Restored the pre-1.6 behaviour when running vos examine for a volume
currently in a transaction, showing the volume as busy again rather than
offline. (9685 9915 9916)
* Reduced the minimum time a bos salvage takes from 5 seconds to 1. (9476)
* Fixed buserver to not segfault when started with the -servers option.
(RT #131706) (10166)
* Salvager fixes, addressing a wide variety of possible problems from
unnecessary salvaging to aborts (9282 9283 9457 9458 9459 9461 9462 9480
9481 10165 10167)
* Fixed a bug that could cause saved state information to be discarded
when restarting a large or busy fileserver, which negatively impacted
performance. (9683)
* Fixed a bug that could have caused undefined behaviour in the vlserver
in rare cases when a fileserver registered its addresses in the VLDB.
(9429)
* Added the -preserve-vol-stats switch to volserver, allowing it to keep
the access statistics across volume restore and reclone operations
instead of resetting them. (9477)
* Inserted an exponential delay between retries when bosserver attempts to
restart a server process. (9571 10199)
* Improved vldb_check (not installed by default) to cope with broken
vlentry names and volids, and provide more output to aid debugging.
(10268)
* Releasing a volume after adding a new RO site no longer touches any of
the existing RO sites, if the RW data hasn't changed since the last
release. (10174)
* Make the copyDate field for RO clones have the same meaning as for
remote RO volumes. Previously, the copyDate field for clones was updated
every time we released. (9451)
* Fixed potentially undefined behaviour in ptserver when too many pts
ids are allocated. (10124)
* Note that the server side NAT pings feature present in the prereleases
was removed before the final release, since no positive feedback
was provided during prerelease testing. (9420 10135)
Linux servers
* Start bosserver with -nofork in the systemd unit file, to allow systemd
to track its state (10093)
All client platforms
* No longer track file locks on read-only volumes. Write locks can't
succeed, read locks always will. Avoids log messages about this kind
of lock. (8910)
* Added the "fs flushall" subcommand, which makes the client discard all
cached data. This was previously available on Windows only. (9065 9388
9389 9390)
* Fixed a bug that could make the client incorrectly believe its cache
is up to date. This change could negatively impact AFS <-> DFS
translators, should those still be running anywhere. (8898)
* Several changes to avoid panicing in certain error conditions.
(9131 9287 10354 10355 10356 10357) (partially addressing RT #131747)
* Added the -rxmaxfrags switch to afsd, allowing to limit the number
of UDP fragments sent or received per RX packet. (9430)
* Build fixes for aklog on several platforms (RT #131716) (9917 10107 10275)
* Require that the AFS mountpoint specified in the cacheinfo file is
an absolute path. Relative paths result in a client that basically
works but is not fully functional. (10253)
* Fixed a bug that could cause one of the afsd threads to enter an infinite
loop (10431 .. 10436)
Linux clients
* Support Linux kernels up to 3.13 (10241)
* Fixed a bug that made readv/writev calls in AFS space fail with Linux
kernels where generic_file_aio_read exists but those operations have
not been switched to using aio_read/aio_write. This was a regression
introduced with release 1.6.3 and affected at least RHEL 5.9 kernels.
(10248)
* Fixed a similar bug making core dumps fail in AFS space, affecting
a much wider range of kernels including the most recent ones.
(RT #131729) (10254)
* Enhanced the keyring code to make PAGs work correctly on kernels with a
distribution specific change to the Linux keyring code. This affected at
least SLES 11 SP3 kernels. (10252)
* Fixed a bug that could make failures during PAG instantiation go
unnoticed. (10255)
* Fixed a bug that made compilation fail for Linux kernels without
keyring support. This affected at least the SLE 10 SDK and an
OEM version of SLES 11 SP1. (10325)
* Fixed build for kernels with user namespace support enabled. Likely
to be required for Ubuntu 14.04 and eventually other distributions.
(10456 10457 10458 10518 10472)
* Support RHEL 6.5 kernels, and possibly others with changes backported
from recent mainline kernels that touch getname/putname, by no longer
using those functions. Previously, the client could cause a kernel
panic when syscall auditing was enabled. (10578)
* Make tmpfs usable as the cache filesystem again. This had been broken
since kernel 3.1 (9950 10193)
* When starting the client fails, clean up the backing device information
created in sysfs, to avoid error messages during a subsequent start
and possible system instability later on (10454)
* Update Red Hat packaging to support Fedora >= 20, RHEL >= 7 and
ELrepo kernels (10597 10619 10622 10703 10704)
OS X Clients
* Support OS X 10.9 "Mavericks" (10519 10541 10542 10543 10548 10549)
AIX clients
* Fixed a bug that caused the 1.6 AIX client to never receive any RX
packets in the kernel. (RT #131725)
FUSE client
* Support Solaris 11 (9454 9455)
* Allow other users to access filesystems mounted by root. (9452)
FreeBSD
* Build tvolser and dvolser on this platform (10122)
* Several fixes to catch up with newer releases (10374 .. 10381)
NetBSD
* Build tsalvaged, tvolser and dvolser on this platform (10121)
* Fixed build on NetBSD 5 and newer. (10138)
NetBSD's FUSE implementation is part of the base system, and
filesytems/fuse is the user-space implementation for systems with the
/dev/fuse interface. It might be possible to use filesytems/fuse and
perfused, but that's much harder than librefuse.
Now orifs runs on NetBSD 6.
Ori is a distributed file system built for offline operation and
empowers the user with control over synchronization operations and
conflict resolution. It provides history through light weight
snapshots and allows users to verify the history has not been
tampered with. Through the use of replication, instances can be
resilient and recover damaged data from other nodes.
either because they themselves are not ready or because a
dependency isn't. This is annotated by
PYTHON_VERSIONS_INCOMPATIBLE= 33 # not yet ported as of x.y.z
or
PYTHON_VERSIONS_INCOMPATIBLE= 33 # py-foo, py-bar
respectively, please use the same style for other packages,
and check during updates.
Use versioned_dependencies.mk where applicable.
Use REPLACE_PYTHON instead of handcoded alternatives, where applicable.
Reorder Makefile sections into standard order, where applicable.
Remove PYTHON_VERSIONS_INCLUDE_3X lines since that will be default
with the next commit.
Whitespace cleanups and other nits corrected, where necessary.
Upstream changes:
0.051 2013-12-20 07:34:14 America/New_York
[FIXED]
- Fixed file order bug in the new test file
0.050 2013-12-20 07:27:20 America/New_York
[FIXED]
- Recursive iteration won't throw an exception if a directory is
removed or unreadable during iteration.
0.049 2013-12-12 00:48:01 America/New_York
[FIXED]
- Generates filename for atomic writes independent of thread-ID.
Fixes crashing bug on Win32 when fork() is called.
0.048 2013-12-11 21:56:23 America/New_York
[ADDED]
- Added 'subsumes' method
[CHANGED]
- The 'chomp' option for 'lines' will remove any end-of-line sequences
fully instead of just chomping the last character
- The 'flock' package will no longer indexed by PAUSE
[FIXED]
- Hides warnings and fixes possible fatal errors from pure-perl Cwd,
particularly on MSWin32
Upstream changes:
0.047 2013-11-26 15:11:13 America/New_York
[FIXED]
- Previous lock testing fixes broke on Windows (sigh); now fixed,
I hope.
0.046 2013-11-22 17:07:24 America/New_York
[FIXED]
- Revised locking tests for portability again: locks are now tested
from a separate process
0.045 2013-11-22 15:28:50 America/New_York
[FIXED]
- Fixed locking test on AIX
Upstream changes:
0.044 2013-10-17 17:00:41 America/New_York
[FIXED]
- Fixed child path construction against the root path.
- Fixed path construction when a relative volume is provided as the
first argument on Windows; e.g. path("C:", "lib") must be like
path("C:lib"), not path("C:/lib").
- On AIX, shared locking is replaced by exclusive locking on a R/W
filehandle, as locking read handles is not supported
0.043 2013-10-14 06:24:06 America/New_York
[CHANGED]
- Calling 'absolute' on Windows will add the volume if it is missing
(E.g. "/foo" will become "C:/foo"). This matches the behavior
of File::Spec->rel2abs.
[FIXED]
- Fixed t/00-report-prereqs.t for use with older versions of
CPAN::Meta::Requirements
0.042 2013-10-13 11:02:02 America/New_York
[FIXED]
- When 'realpath' can't be resolved (because intermediate directories
don't exist), the exception now explains the error clearly instead of
complaining about path() needing a defined, positive-length argument.
- On Windows, fixed resolution of relative paths with a volume.
E.g. "C:foo" is now correctly translated into getdcwd on "C:"
plus "foo".
0.041 2013-10-11 08:56:31 America/New_York
[FIXES]
- Removes duplicate test dependency on File::Spec that triggers
a CPAN.pm bug
0.040 2013-10-08 22:01:50 America/New_York
[FIXES]
- Fixed broken locking test on *bsd
- When using 'filehandle' to request a locked handle that truncates an
existing file and has a binmode starting with ":unix", this fixes a
bug where pseudo-layers weren't being cleared properly.
0.039 2013-10-08 16:39:23 America/New_York
[ADDITIONS]
- The 'filehandle' method now offers an option to return locked handles
based on the file mode. Input-output methods now rely on this
feature internally. Truncating file modes defer truncation until
after an exclusive lock is acquired.
[FIXES]
- The 'filehandle' method now respects default encoding set by
the caller's open pragma.
0.038 2013-10-01 18:20:05 America/New_York
[ADDITIONS]
- Added 'is_rootdir' method to simplify testing if a path is
the root directory
0.037 2013-09-25 13:00:25 America/New_York
[FIXES]
- Fixed for v5.8
0.036 2013-09-25 09:34:28 America/New_York
[PREREQS]
- No longer lists 'threads' as a prerequisite. If you have a threaded
perl, you have it and if you're not, Path::Tiny doesn't care.
0.035 2013-09-24 07:21:55 America/New_York
[FIXED]
- Fixed flock warning on BSD that was broken with the autodie
removal; now also applies to all BSD flavors
0.034 2013-09-23 16:16:36 America/New_York
[INCOMPATIBLE CHANGE]
- Exceptions are now Path::Tiny::Error objects, not autodie exceptions;
this removes the last dependency on autodie, which allows us to
support Perls as far back as v5.8.1
[FIXED]
- BSD/NFS flock fix was not backwards compatible before v5.14. This
fixes it harder.
[PREREQS]
- dropped autodie
- lowered ExtUtils::MakeMaker configure_requires version to 6.17
0.033 2013-09-12 08:54:30 America/New_York
[FIXED]
- Perl on BSD may not support locking on an NFS filesystem. If this is
detected, Path::Tiny warns and continues in an unsafe mode. The
'flock' warning category may be fatalized to die instead.
[DOCUMENTED]
- Added 'iterator' example showing defaults
0.032 2013-09-06 17:52:48 America/New_York
[PREREQS]
- Removed several test dependencies. Path::Tiny now only needs
core modules, though some must be upgraded on old Perls
Changes since 1.6.2:
OpenAFS 1.6.5
commit 5f5b02a57102af1a85fb9bdaaec31b6094d0c9c4
Author: Michael Meffie <mmeffie@sinenomine.net>
Date: Wed Jul 17 23:10:42 2013 +0100
ubik: Fix encryption selection in ugen
Make sure that we encrypt when requested to by the application
Change-Id: If4c2ba2257bf060d3e9169ccdbcae54f54dfe5d7
commit 0e41558190a5190dee3037c08e8df31e61e5134e
Author: Simon Wilkinson <sxw@your-file-system.com>
Date: Tue Jul 16 19:37:00 2013 +0100
Make OpenAFS 1.6.5
Change-Id: I693297ef6e20358966930cb29116d45b9151811f
commit 9e1c24a583634e6102091388dedc47745efce78a
Author: Ben Kaduk <kaduk@mit.edu>
Date: Sat Jul 13 10:49:27 2013 +0100
Add support for deriving DES keys to klog.krb5
(cherry picked from commit e79102e7918ce5196e870a806879135743ec3abb)
Change-Id: Ia7ebfdd10dcfd6cd164b10275016147630748bac
commit 4b7553600a7659d117df0bde7b1c1dfde031deb8
Author: Andrew Deason <adeason@sinenomine.net>
Date: Wed Jul 10 12:52:28 2013 -0500
Reload rxkad.keytab on CellServDB modification
Make the reloading of rxkad.keytab keys occur in the same way that
KeyFile keys are reloaded. That is, we only try to reload them if the
CellServDB mtime has changed. This is intended to have exactly the
same reloading behavior as KeyFile reloads.
I would have triggered this from afsconf_Check, but that approach
has annoyances. (Calling ticket5_keytab functions directly from
cellconfig pulls in libkrb5 dependencies for everything that uses
cellconfig, and we'd have to trigger an afsconf_Check call by calling
some other cellconfig function.)
9102f49a3bdc67ed74e254349eb55b529472f45c
commit d2024c158e3a879305ff17cf726d3958f20677f4
Author: Andrew Deason <adeason@sinenomine.net>
Date: Mon Jun 10 17:49:12 2013 -0500
Avoid calling afsconf_GetLatestKey directly
Don't call afsconf_GetLatestKey to determine whether we can print our
own local tokens, since we may have keytab 'local' keys, but no DES
keys. Just try to construct them and see if it fails, using
afsconf_PickClientSecObj or afsconf_ClientAuth{,Secure} as
appropriate.
commit d4788f6e283b79a1b974dda1e8fae213efd34930
Author: Andrew Deason <adeason@sinenomine.net>
Date: Mon Jun 10 17:15:27 2013 -0500
auth: Do not always fallback to noauth
Make afsconf_PickClientSecObj error out if we can't construct
localauth tokens (unless the caller explicitly requested rxnull
fallback). afsconf_ClientAuth{,Secure} still falls back, as always.
commit 95d57c74476c5a02ce6d9ca913dcbf88ac5c1143
Author: Ben Kaduk <kaduk@mit.edu>
Date: Tue May 14 19:37:59 2013 -0400
Clean up akimpersonate and use for server-to-server
Since a6d7cacfd, aklog has been able to print a krb5 ticket to
itself for an arbitrary client principal, allowing a user with
access to the cell's krb5 key to get tokens as an arbitrary user.
Now that it is possible to use native krb5 tickets with non-DES
enctypes for authentication, and akimpersonate is available from libauth,
use printed native krb5 tickets for server-to-server communication (as well
as the -localauth versions of the client utilities).
Remove the early call to afsconf_GetLatestKey() in
afsconf_PickClientSecObj() so that we do not end up picking an old DES
key before we try to find a better key to use.
Before doing so, refactor the akimpersonate code to be more usable
and readable, and eliminate some dead code. For example, we always printed
addressless tickets, so that code could be removed. Other code had excessive
stack usage for a library routine, which is eliminated. Use a start time
of 0 instead of 300 so that the printed ticket will always be
detected as infinite-lifetime.
In order to ensure usability on all platforms (in particular Solaris),
provide a couple more compat shims to implement routines which are not
always available from the krb5 library, in particular encode_krb5_ticket
and encode_krb5_enc_tkt_part. Thanks to Andrew Deason for implementing
these compatability routines.
UKERNEL doesn't need this stuff.
commit 15b77552b22e3ff3e7478008673775a45047f600
Author: Alexander Chernyakhovsky <achernya@mit.edu>
Date: Tue May 14 18:12:08 2013 -0400
Move akimpersonate to libauth
Give it its own source file and header, install the header at
depinstall time, and have aklog get the akimpersonate functionality
from libauth.
Keep the linux box copyright from aklog_main.c (but strip the trailing
whitespace), as that block was added with the akimpersonate code.
Remove all calls to afs_com_err() as is fitting for library code,
to let it build. Do not bother removing curly braces which are
no longer needed; a future cleanup commit will catch that.
commit 1c7fa1405940a136a992d65023cc690b1111ab3e
Author: Chaskiel Grundman <cg2v@andrew.cmu.edu>
Date: Sun Mar 17 21:58:47 2013 -0400
Derive DES/fcrypt session key from other key types
If a kerberos 5 ticket has a session key with a non-DES enctype,
use the NIST SP800-108 KDF in counter mode with HMAC_MD5 as the PRF to
construct a DES key to be used by rxkad.
To satisfy the requirements of the KDF, DES3 keys are first compressed into a
168 bit form by reversing the RFC3961 random-to-key algorithm
Change-Id: I4dc8e83a641f9892b31c109fb9025251de3dcb27
commit 33eecea7db14d06c59e1081b970d4caf0af773ca
Author: Chaskiel Grundman <cg2v@andrew.cmu.edu>
Date: Sun Feb 10 13:27:03 2013 -0500
Integrate keytab-based decryption into afsconf_BuildServerSecurityObjects
Now all servers can have it.
authcon.o grows a krb5 dependency and needs to get KRB5_CPPFLAGS.
Change-Id: I95fecb3f88c19b3d5193ea8200fa20c86ec08ad7
commit 14db1a40e5be3b7325951d002885bbf288d570c1
Author: Chaskiel Grundman <cg2v@andrew.cmu.edu>
Date: Sat Feb 9 12:42:20 2013 -0500
New optional rxkad functionality for decypting krb5 tokens
An additional, optional mechanism for decrypting krb5-format tokens
is provided that uses the krb5 api with a key from a keytab
instead of using libdes and the AFS KeyFile.
The AIX compat stub for krb5_c_decrypt is contributed by Andrew Deason.
Change-Id: I97c08122c60482b84d602d6fa6482f1d5deef142
commit 5e0cbc930508a697331bad07cc201c1e1985ff84
Author: Chaskiel Grundman <cg2v@andrew.cmu.edu>
Date: Sat Feb 9 12:01:37 2013 -0500
Add rxkad server hook function to decrypt more types of tokens
Allow tokens to be encrypted with algorithms other than DES.
The security object owner must provide an implementation
by calling rxkad_SetAltDecryptProc.
Make sure plainsiz is initialized before calling the alternate decrypt
proc.
User-Visible OpenAFS Changes
OpenAFS 1.6.4
All platforms
* Obey the jumbo/nojumbo settings for ubik servers (the DB servers)
too. In previous releases, those servers may have used jumbograms
even if they were not configured to do so. This change corrects
the actual behaviour, and will improve performance and reliability
for sites where jumbograms are problematic. It could cause a decrease
in performance for sites where jumbograms work, but those can turn
them back on manually.
* Dozens of fixes for common coding problems like use after free,
use of possibly uninitialised memory, reading or writing past the
end of arrays and potential NULL pointer derefences. Spotted by
code analysis tools or human inspection.
* Documentation improvements.
* Fixes and improvements to the diagnostic or log messages printed by
vos, the fileserver and others.
* Build fixes, making parallel builds more reliable with certain
configuration options and helping various platforms including
recent releases of IRIX, Solaris and several flavours of Linux.
* Avoid sending a small amount of data over the wire unencrypted
under certain conditions, and emit the correct error message in
this case.
All server platforms
* Avoid generating duplicate IDs for readonly and backup volumes,
which could happen under certain conditions.
* Allow the fileserver to return volume data like quota or free space,
which is available publicly elsewhere, without the additional access
check for read permissions on a volume's root directory the fileserver
performed before.
* The fileserver now emits a log message when it ran out of memory for
callbacks.
* Avoid several potential fileserver problems, including memory
corruption and segmentation faults, due to client bookkeeping.
* Avoid known cases of silent data corruption due to background syncs
on the fileserver, especially during Copy on Write.
* Make the fileserver sync behaviour runtime configurable. Up to 1.4.5,
we had synchronous syncs which were safe but really slow. Since 1.4.5,
we've had asynchronous syncs which are much faster but believed to
be the cause of rare data corruption issues, and while all known cases
of these happening are believed to be fixed in the 1.6.3 release, doubts
remain. This change allows choosing between those, and in addition allows
to turn syncs by the fileserver off altogether, thus relying on the vice
partition's backend filesystem and the operating system, or to just
execute them when a volume is detached. The default behaviour is
unchanged from releases since 1.4.5, but it's highly recommended to
consider the additional options this change provides. Future OpenAFS
releases will default to "-sync=none".
* For dbservers, avoid a situation where misinterpreting transient
network errors causes long-term issues with achieving ubik quorum.
All UNIX client platforms
* Improvements to the detection of an aklog-specific krb5 configuration
file, for the purposes of turning on "weak crypto" for aklog.
* Fixed a regression introduced in release 1.6.2 which caused the
supposedly persistent disk cache to be discarded upon client start.
(RT #131655)
Linux clients
* Support Linux kernels up to 3.10
* Fixed two bugs making it impossible to unmount a disk cache filesystem
after it has been used by the client. (RT #131613)
* Fixed a bug that could cause an oops with kernels 3.6 and later
OpenBSD
* Improved support for OpenBSD 4.9 to 5.3
OpenAFS 1.6.3
This release number had to be skipped for technical reasons.
* Improvements for Virtual Machine Image Storage
A number of improvements have been performed to let Gluster volumes provide
storage for Virtual Machine Images. Some of them include:
- qemu / libgfapi integration.
- Causal ordering in write-behind translator.
- Tunables for a gluster volume in group-virt.example.
The above results in significant improvements in performance for VM image
hosting.
* Synchronous Replication Improvements
GlusterFS 3.4 features significant improvements in performance for
the replication (AFR) translator. This is in addition to bug fixes
for volumes that used replica 3.
* Open Cluster Framework compliant Resource Agents
Resource Agents (RA) plug glusterd into Open Cluster Framework
(OCF) compliant cluster resource managers, like Pacemaker.
The glusterd RA manages the glusterd daemon like any upstart or
systemd job would, except that Pacemaker can do it in a cluster-aware
fashion.
The volume RA starts a volume and monitors individual brick?s
daemons in a cluster aware fashion, recovering bricks when their
processes fail.
* POSIX ACL support over NFSv3
setfacl and getfacl commands now can be used on a nfs mount that
exports a gluster volume to set or read posix ACLs.
* 3.3.x compatibility
The new op-version infrastructure provides compatibility with 3.3.x
release of GlusterFS. 3.3.x clients can talk to 3.4.x servers and
the vice-versa is also possible.
If a volume option that corresponds to 3.4 is enabled, then 3.3
clients cannot mount the volume.
* Packaging changes
New RPMs for libgfapi and OCF RA are present with 3.4.0.
* Experimental Features
- RDMA-connection manager (RDMA-CM)
- New Block Device translator
- Support for NUFA
As experimental features, we don?t expect them to work perfectly
for this release, but you can expect them to improve dramatically
as we make successive 3.4.x releases.
* Minor Improvements:
- The Ext4 file system change which affected readdir workloads for
Gluster volumes has been addressed.
- More options for selecting read-child with afr available now.
- Custom layouts possible with distribute translator.
- No 32-aux-gid limit
- SSL support for socket connections.
- Known issues with replica count greater than 2 addressed.
- quick-read and md-cache translators have been refactored.
- open-behind translator introduced.
- Ability to avoid glusterfs bind to reserved ports.
- statedumps are now created in /var/run/gluster instead of /tmp by default.
