]>
Commit | Line | Data |
---|---|---|
7c673cae FG |
1 | ====================================== |
2 | Ceph Object Gateway Config Reference | |
3 | ====================================== | |
4 | ||
5 | The following settings may added to the Ceph configuration file (i.e., usually | |
6 | ``ceph.conf``) under the ``[client.radosgw.{instance-name}]`` section. The | |
7 | settings may contain default values. If you do not specify each setting in the | |
8 | Ceph configuration file, the default value will be set automatically. | |
9 | ||
31f18b77 FG |
10 | Configuration variables set under the ``[client.radosgw.{instance-name}]`` |
11 | section will not apply to rgw or radosgw-admin commands without an instance-name | |
12 | specified in the command. Thus variables meant to be applied to all RGW | |
13 | instances or all radosgw-admin commands can be put into the ``[global]`` or the | |
14 | ``[client]`` section to avoid specifying instance-name. | |
7c673cae | 15 | |
94b18763 FG |
16 | ``rgw frontends`` |
17 | ||
18 | :Description: Configures the HTTP frontend(s). The configuration for multiple | |
19 | frontends can be provided in a comma-delimited list. Each frontend | |
20 | configuration may include a list of options separated by spaces, | |
21 | where each option is in the form "key=value" or "key". See | |
22 | `HTTP Frontends`_ for more on supported options. | |
23 | ||
24 | :Type: String | |
11fdf7f2 | 25 | :Default: ``beast port=7480`` |
94b18763 | 26 | |
7c673cae FG |
27 | ``rgw data`` |
28 | ||
29 | :Description: Sets the location of the data files for Ceph Object Gateway. | |
30 | :Type: String | |
31 | :Default: ``/var/lib/ceph/radosgw/$cluster-$id`` | |
32 | ||
33 | ||
34 | ``rgw enable apis`` | |
35 | ||
36 | :Description: Enables the specified APIs. | |
11fdf7f2 TL |
37 | |
38 | .. note:: Enabling the ``s3`` API is a requirement for | |
39 | any radosgw instance that is meant to | |
40 | participate in a `multi-site <../multisite>`_ | |
41 | configuration. | |
7c673cae FG |
42 | :Type: String |
43 | :Default: ``s3, swift, swift_auth, admin`` All APIs. | |
44 | ||
45 | ||
46 | ``rgw cache enabled`` | |
47 | ||
48 | :Description: Whether the Ceph Object Gateway cache is enabled. | |
49 | :Type: Boolean | |
50 | :Default: ``true`` | |
51 | ||
52 | ||
53 | ``rgw cache lru size`` | |
54 | ||
55 | :Description: The number of entries in the Ceph Object Gateway cache. | |
56 | :Type: Integer | |
57 | :Default: ``10000`` | |
9f95a23c | 58 | |
7c673cae FG |
59 | |
60 | ``rgw socket path`` | |
61 | ||
9f95a23c TL |
62 | :Description: The socket path for the domain socket. ``FastCgiExternalServer`` |
63 | uses this socket. If you do not specify a socket path, Ceph | |
64 | Object Gateway will not run as an external server. The path you | |
65 | specify here must be the same as the path specified in the | |
7c673cae FG |
66 | ``rgw.conf`` file. |
67 | ||
68 | :Type: String | |
69 | :Default: N/A | |
70 | ||
71 | ``rgw fcgi socket backlog`` | |
72 | ||
73 | :Description: The socket backlog for fcgi. | |
74 | :Type: Integer | |
75 | :Default: ``1024`` | |
76 | ||
77 | ``rgw host`` | |
78 | ||
9f95a23c | 79 | :Description: The host for the Ceph Object Gateway instance. Can be an IP |
7c673cae FG |
80 | address or a hostname. |
81 | ||
82 | :Type: String | |
83 | :Default: ``0.0.0.0`` | |
84 | ||
85 | ||
86 | ``rgw port`` | |
87 | ||
9f95a23c | 88 | :Description: Port the instance listens for requests. If not specified, |
7c673cae | 89 | Ceph Object Gateway runs external FastCGI. |
9f95a23c | 90 | |
7c673cae FG |
91 | :Type: String |
92 | :Default: None | |
93 | ||
94 | ||
95 | ``rgw dns name`` | |
96 | ||
97 | :Description: The DNS name of the served domain. See also the ``hostnames`` setting within regions. | |
9f95a23c | 98 | :Type: String |
7c673cae | 99 | :Default: None |
9f95a23c | 100 | |
7c673cae FG |
101 | |
102 | ``rgw script uri`` | |
103 | ||
104 | :Description: The alternative value for the ``SCRIPT_URI`` if not set | |
105 | in the request. | |
106 | ||
107 | :Type: String | |
108 | :Default: None | |
109 | ||
110 | ||
111 | ``rgw request uri`` | |
112 | ||
113 | :Description: The alternative value for the ``REQUEST_URI`` if not set | |
114 | in the request. | |
115 | ||
116 | :Type: String | |
117 | :Default: None | |
118 | ||
119 | ||
120 | ``rgw print continue`` | |
121 | ||
122 | :Description: Enable ``100-continue`` if it is operational. | |
123 | :Type: Boolean | |
124 | :Default: ``true`` | |
125 | ||
126 | ||
127 | ``rgw remote addr param`` | |
128 | ||
9f95a23c TL |
129 | :Description: The remote address parameter. For example, the HTTP field |
130 | containing the remote address, or the ``X-Forwarded-For`` | |
7c673cae FG |
131 | address if a reverse proxy is operational. |
132 | ||
133 | :Type: String | |
134 | :Default: ``REMOTE_ADDR`` | |
135 | ||
136 | ||
137 | ``rgw op thread timeout`` | |
9f95a23c | 138 | |
7c673cae FG |
139 | :Description: The timeout in seconds for open threads. |
140 | :Type: Integer | |
141 | :Default: 600 | |
9f95a23c | 142 | |
7c673cae FG |
143 | |
144 | ``rgw op thread suicide timeout`` | |
9f95a23c TL |
145 | |
146 | :Description: The time ``timeout`` in seconds before a Ceph Object Gateway | |
7c673cae FG |
147 | process dies. Disabled if set to ``0``. |
148 | ||
9f95a23c | 149 | :Type: Integer |
7c673cae FG |
150 | :Default: ``0`` |
151 | ||
152 | ||
153 | ``rgw thread pool size`` | |
154 | ||
155 | :Description: The size of the thread pool. | |
9f95a23c | 156 | :Type: Integer |
7c673cae FG |
157 | :Default: 100 threads. |
158 | ||
159 | ||
7c673cae FG |
160 | ``rgw num control oids`` |
161 | ||
162 | :Description: The number of notification objects used for cache synchronization | |
163 | between different ``rgw`` instances. | |
164 | ||
165 | :Type: Integer | |
166 | :Default: ``8`` | |
167 | ||
168 | ||
169 | ``rgw init timeout`` | |
170 | ||
9f95a23c | 171 | :Description: The number of seconds before Ceph Object Gateway gives up on |
7c673cae FG |
172 | initialization. |
173 | ||
174 | :Type: Integer | |
175 | :Default: ``30`` | |
176 | ||
177 | ||
178 | ``rgw mime types file`` | |
179 | ||
9f95a23c | 180 | :Description: The path and location of the MIME types. Used for Swift |
7c673cae FG |
181 | auto-detection of object types. |
182 | ||
183 | :Type: String | |
184 | :Default: ``/etc/mime.types`` | |
185 | ||
186 | ||
7c673cae FG |
187 | ``rgw s3 success create obj status`` |
188 | ||
189 | :Description: The alternate success status response for ``create-obj``. | |
190 | :Type: Integer | |
191 | :Default: ``0`` | |
192 | ||
193 | ||
194 | ``rgw resolve cname`` | |
195 | ||
9f95a23c | 196 | :Description: Whether ``rgw`` should use DNS CNAME record of the request |
7c673cae FG |
197 | hostname field (if hostname is not equal to ``rgw dns name``). |
198 | ||
199 | :Type: Boolean | |
200 | :Default: ``false`` | |
201 | ||
202 | ||
203 | ``rgw obj stripe size`` | |
204 | ||
205 | :Description: The size of an object stripe for Ceph Object Gateway objects. | |
206 | See `Architecture`_ for details on striping. | |
207 | ||
208 | :Type: Integer | |
209 | :Default: ``4 << 20`` | |
210 | ||
211 | ||
212 | ``rgw extended http attrs`` | |
213 | ||
214 | :Description: Add new set of attributes that could be set on an entity | |
215 | (user, bucket or object). These extra attributes can be set | |
216 | through HTTP header fields when putting the entity or modifying | |
217 | it using POST method. If set, these attributes will return as | |
218 | HTTP fields when doing GET/HEAD on the entity. | |
219 | ||
220 | :Type: String | |
221 | :Default: None | |
222 | :Example: "content_foo, content_bar, x-foo-bar" | |
223 | ||
224 | ||
225 | ``rgw exit timeout secs`` | |
226 | ||
9f95a23c | 227 | :Description: Number of seconds to wait for a process before exiting |
7c673cae FG |
228 | unconditionally. |
229 | ||
230 | :Type: Integer | |
231 | :Default: ``120`` | |
232 | ||
233 | ||
234 | ``rgw get obj window size`` | |
235 | ||
236 | :Description: The window size in bytes for a single object request. | |
237 | :Type: Integer | |
238 | :Default: ``16 << 20`` | |
239 | ||
240 | ||
241 | ``rgw get obj max req size`` | |
242 | ||
243 | :Description: The maximum request size of a single get operation sent to the | |
244 | Ceph Storage Cluster. | |
245 | ||
246 | :Type: Integer | |
247 | :Default: ``4 << 20`` | |
248 | ||
9f95a23c | 249 | |
7c673cae FG |
250 | ``rgw relaxed s3 bucket names`` |
251 | ||
252 | :Description: Enables relaxed S3 bucket names rules for US region buckets. | |
253 | :Type: Boolean | |
254 | :Default: ``false`` | |
255 | ||
256 | ||
257 | ``rgw list buckets max chunk`` | |
258 | ||
259 | :Description: The maximum number of buckets to retrieve in a single operation | |
260 | when listing user buckets. | |
261 | ||
262 | :Type: Integer | |
263 | :Default: ``1000`` | |
264 | ||
265 | ||
266 | ``rgw override bucket index max shards`` | |
267 | ||
268 | :Description: Represents the number of shards for the bucket index object, | |
269 | a value of zero indicates there is no sharding. It is not | |
270 | recommended to set a value too large (e.g. thousand) as it | |
271 | increases the cost for bucket listing. | |
31f18b77 FG |
272 | This variable should be set in the client or global sections |
273 | so that it is automatically applied to radosgw-admin commands. | |
7c673cae FG |
274 | |
275 | :Type: Integer | |
276 | :Default: ``0`` | |
277 | ||
278 | ||
7c673cae FG |
279 | ``rgw curl wait timeout ms`` |
280 | ||
9f95a23c | 281 | :Description: The timeout in milliseconds for certain ``curl`` calls. |
7c673cae FG |
282 | :Type: Integer |
283 | :Default: ``1000`` | |
284 | ||
285 | ||
286 | ``rgw copy obj progress`` | |
287 | ||
288 | :Description: Enables output of object progress during long copy operations. | |
289 | :Type: Boolean | |
290 | :Default: ``true`` | |
291 | ||
292 | ||
293 | ``rgw copy obj progress every bytes`` | |
294 | ||
295 | :Description: The minimum bytes between copy progress output. | |
9f95a23c | 296 | :Type: Integer |
7c673cae FG |
297 | :Default: ``1024 * 1024`` |
298 | ||
299 | ||
300 | ``rgw admin entry`` | |
301 | ||
302 | :Description: The entry point for an admin request URL. | |
303 | :Type: String | |
304 | :Default: ``admin`` | |
305 | ||
306 | ||
307 | ``rgw content length compat`` | |
308 | ||
11fdf7f2 | 309 | :Description: Enable compatibility handling of FCGI requests with both CONTENT_LENGTH AND HTTP_CONTENT_LENGTH set. |
7c673cae FG |
310 | :Type: Boolean |
311 | :Default: ``false`` | |
312 | ||
313 | ||
31f18b77 FG |
314 | ``rgw bucket quota ttl`` |
315 | ||
316 | :Description: The amount of time in seconds cached quota information is | |
317 | trusted. After this timeout, the quota information will be | |
318 | re-fetched from the cluster. | |
319 | :Type: Integer | |
320 | :Default: ``600`` | |
321 | ||
322 | ||
323 | ``rgw user quota bucket sync interval`` | |
324 | ||
325 | :Description: The amount of time in seconds bucket quota information is | |
326 | accumulated before syncing to the cluster. During this time, | |
327 | other RGW instances will not see the changes in bucket quota | |
328 | stats from operations on this instance. | |
329 | :Type: Integer | |
330 | :Default: ``180`` | |
331 | ||
332 | ||
333 | ``rgw user quota sync interval`` | |
334 | ||
335 | :Description: The amount of time in seconds user quota information is | |
336 | accumulated before syncing to the cluster. During this time, | |
337 | other RGW instances will not see the changes in user quota stats | |
338 | from operations on this instance. | |
339 | :Type: Integer | |
340 | :Default: ``180`` | |
341 | ||
342 | ||
7c673cae FG |
343 | ``rgw bucket default quota max objects`` |
344 | ||
345 | :Description: Default max number of objects per bucket. Set on new users, | |
346 | if no other quota is specified. Has no effect on existing users. | |
31f18b77 FG |
347 | This variable should be set in the client or global sections |
348 | so that it is automatically applied to radosgw-admin commands. | |
7c673cae FG |
349 | :Type: Integer |
350 | :Default: ``-1`` | |
351 | ||
352 | ||
353 | ``rgw bucket default quota max size`` | |
354 | ||
355 | :Description: Default max capacity per bucket, in bytes. Set on new users, | |
356 | if no other quota is specified. Has no effect on existing users. | |
357 | :Type: Integer | |
358 | :Default: ``-1`` | |
359 | ||
360 | ||
361 | ``rgw user default quota max objects`` | |
362 | ||
363 | :Description: Default max number of objects for a user. This includes all | |
364 | objects in all buckets owned by the user. Set on new users, | |
365 | if no other quota is specified. Has no effect on existing users. | |
366 | :Type: Integer | |
367 | :Default: ``-1`` | |
368 | ||
369 | ||
370 | ``rgw user default quota max size`` | |
371 | ||
372 | :Description: The value for user max size quota in bytes set on new users, | |
373 | if no other quota is specified. Has no effect on existing users. | |
374 | :Type: Integer | |
375 | :Default: ``-1`` | |
376 | ||
377 | ||
31f18b77 | 378 | ``rgw verify ssl`` |
7c673cae | 379 | |
31f18b77 FG |
380 | :Description: Verify SSL certificates while making requests. |
381 | :Type: Boolean | |
382 | :Default: ``true`` | |
7c673cae | 383 | |
7c673cae | 384 | |
9f95a23c TL |
385 | Garbage Collection Settings |
386 | =========================== | |
387 | ||
388 | The Ceph Object Gateway allocates storage for new objects immediately. | |
389 | ||
390 | The Ceph Object Gateway purges the storage space used for deleted and overwritten | |
391 | objects in the Ceph Storage cluster some time after the gateway deletes the | |
392 | objects from the bucket index. The process of purging the deleted object data | |
393 | from the Ceph Storage cluster is known as Garbage Collection or GC. | |
394 | ||
395 | To view the queue of objects awaiting garbage collection, execute the following:: | |
396 | ||
397 | $ radosgw-admin gc list | |
398 | ||
399 | Note: specify --include-all to list all entries, including unexpired | |
400 | ||
401 | Garbage collection is a background activity that may | |
402 | execute continuously or during times of low loads, depending upon how the | |
403 | administrator configures the Ceph Object Gateway. By default, the Ceph Object | |
404 | Gateway conducts GC operations continuously. Since GC operations are a normal | |
405 | part of Ceph Object Gateway operations, especially with object delete | |
406 | operations, objects eligible for garbage collection exist most of the time. | |
407 | ||
408 | Some workloads may temporarily or permanently outpace the rate of garbage | |
409 | collection activity. This is especially true of delete-heavy workloads, where | |
410 | many objects get stored for a short period of time and then deleted. For these | |
411 | types of workloads, administrators can increase the priority of garbage | |
412 | collection operations relative to other operations with the following | |
413 | configuration parameters. | |
414 | ||
415 | ||
416 | ``rgw gc max objs`` | |
417 | ||
418 | :Description: The maximum number of objects that may be handled by | |
419 | garbage collection in one garbage collection processing cycle. | |
420 | Please do not change this value after the first deployment. | |
421 | ||
422 | :Type: Integer | |
423 | :Default: ``32`` | |
424 | ||
425 | ||
426 | ``rgw gc obj min wait`` | |
427 | ||
428 | :Description: The minimum wait time before a deleted object may be removed | |
429 | and handled by garbage collection processing. | |
430 | ||
431 | :Type: Integer | |
432 | :Default: ``2 * 3600`` | |
433 | ||
434 | ||
435 | ``rgw gc processor max time`` | |
436 | ||
437 | :Description: The maximum time between the beginning of two consecutive garbage | |
438 | collection processing cycles. | |
439 | ||
440 | :Type: Integer | |
441 | :Default: ``3600`` | |
442 | ||
443 | ||
444 | ``rgw gc processor period`` | |
445 | ||
446 | :Description: The cycle time for garbage collection processing. | |
447 | :Type: Integer | |
448 | :Default: ``3600`` | |
449 | ||
e306af50 TL |
450 | |
451 | ``rgw gc max concurrent io`` | |
452 | ||
453 | :Description: The maximum number of concurrent IO operations that the RGW garbage | |
454 | collection thread will use when purging old data. | |
455 | :Type: Integer | |
456 | :Default: ``10`` | |
457 | ||
458 | ||
31f18b77 FG |
459 | Multisite Settings |
460 | ================== | |
7c673cae | 461 | |
31f18b77 | 462 | .. versionadded:: Jewel |
7c673cae FG |
463 | |
464 | You may include the following settings in your Ceph configuration | |
465 | file under each ``[client.radosgw.{instance-name}]`` instance. | |
466 | ||
467 | ||
7c673cae FG |
468 | ``rgw zone`` |
469 | ||
31f18b77 FG |
470 | :Description: The name of the zone for the gateway instance. If no zone is |
471 | set, a cluster-wide default can be configured with the command | |
472 | ``radosgw-admin zone default``. | |
7c673cae FG |
473 | :Type: String |
474 | :Default: None | |
475 | ||
476 | ||
31f18b77 FG |
477 | ``rgw zonegroup`` |
478 | ||
479 | :Description: The name of the zonegroup for the gateway instance. If no | |
480 | zonegroup is set, a cluster-wide default can be configured with | |
481 | the command ``radosgw-admin zonegroup default``. | |
482 | :Type: String | |
483 | :Default: None | |
484 | ||
7c673cae | 485 | |
31f18b77 | 486 | ``rgw realm`` |
7c673cae | 487 | |
31f18b77 FG |
488 | :Description: The name of the realm for the gateway instance. If no realm is |
489 | set, a cluster-wide default can be configured with the command | |
490 | ``radosgw-admin realm default``. | |
7c673cae FG |
491 | :Type: String |
492 | :Default: None | |
493 | ||
494 | ||
31f18b77 | 495 | ``rgw run sync thread`` |
7c673cae | 496 | |
31f18b77 FG |
497 | :Description: If there are other zones in the realm to sync from, spawn threads |
498 | to handle the sync of data and metadata. | |
499 | :Type: Boolean | |
500 | :Default: ``true`` | |
7c673cae | 501 | |
7c673cae | 502 | |
31f18b77 | 503 | ``rgw data log window`` |
7c673cae | 504 | |
31f18b77 FG |
505 | :Description: The data log entries window in seconds. |
506 | :Type: Integer | |
507 | :Default: ``30`` | |
7c673cae | 508 | |
7c673cae | 509 | |
31f18b77 | 510 | ``rgw data log changes size`` |
7c673cae | 511 | |
31f18b77 FG |
512 | :Description: The number of in-memory entries to hold for the data changes log. |
513 | :Type: Integer | |
514 | :Default: ``1000`` | |
7c673cae | 515 | |
7c673cae | 516 | |
31f18b77 | 517 | ``rgw data log obj prefix`` |
7c673cae | 518 | |
31f18b77 | 519 | :Description: The object name prefix for the data log. |
7c673cae | 520 | :Type: String |
31f18b77 | 521 | :Default: ``data_log`` |
7c673cae FG |
522 | |
523 | ||
31f18b77 | 524 | ``rgw data log num shards`` |
7c673cae | 525 | |
31f18b77 FG |
526 | :Description: The number of shards (objects) on which to keep the |
527 | data changes log. | |
7c673cae | 528 | |
31f18b77 FG |
529 | :Type: Integer |
530 | :Default: ``128`` | |
531 | ||
532 | ||
533 | ``rgw md log max shards`` | |
534 | ||
535 | :Description: The maximum number of shards for the metadata log. | |
536 | :Type: Integer | |
537 | :Default: ``64`` | |
538 | ||
539 | .. important:: The values of ``rgw data log num shards`` and | |
540 | ``rgw md log max shards`` should not be changed after sync has | |
541 | started. | |
7c673cae | 542 | |
9f95a23c TL |
543 | S3 Settings |
544 | =========== | |
545 | ||
546 | ``rgw s3 auth use ldap`` | |
547 | ||
548 | :Description: Should S3 authentication use LDAP. | |
549 | :Type: Boolean | |
550 | :Default: ``false`` | |
551 | ||
7c673cae FG |
552 | |
553 | Swift Settings | |
554 | ============== | |
555 | ||
556 | ``rgw enforce swift acls`` | |
557 | ||
558 | :Description: Enforces the Swift Access Control List (ACL) settings. | |
559 | :Type: Boolean | |
560 | :Default: ``true`` | |
9f95a23c TL |
561 | |
562 | ||
7c673cae FG |
563 | ``rgw swift token expiration`` |
564 | ||
565 | :Description: The time in seconds for expiring a Swift token. | |
566 | :Type: Integer | |
567 | :Default: ``24 * 3600`` | |
568 | ||
569 | ||
570 | ``rgw swift url`` | |
571 | ||
572 | :Description: The URL for the Ceph Object Gateway Swift API. | |
573 | :Type: String | |
574 | :Default: None | |
9f95a23c | 575 | |
7c673cae FG |
576 | |
577 | ``rgw swift url prefix`` | |
578 | ||
11fdf7f2 TL |
579 | :Description: The URL prefix for the Swift API, to distinguish it from |
580 | the S3 API endpoint. The default is ``swift``, which | |
581 | makes the Swift API available at the URL | |
582 | ``http://host:port/swift/v1`` (or | |
583 | ``http://host:port/swift/v1/AUTH_%(tenant_id)s`` if | |
584 | ``rgw swift account in url`` is enabled). | |
585 | ||
586 | For compatibility, setting this configuration variable | |
587 | to the empty string causes the default ``swift`` to be | |
588 | used; if you do want an empty prefix, set this option to | |
589 | ``/``. | |
590 | ||
591 | .. warning:: If you set this option to ``/``, you must | |
592 | disable the S3 API by modifying ``rgw | |
593 | enable apis`` to exclude ``s3``. It is not | |
594 | possible to operate radosgw with ``rgw | |
595 | swift url prefix = /`` and simultaneously | |
596 | support both the S3 and Swift APIs. If you | |
597 | do need to support both APIs without | |
598 | prefixes, deploy multiple radosgw instances | |
599 | to listen on different hosts (or ports) | |
600 | instead, enabling some for S3 and some for | |
601 | Swift. | |
7c673cae FG |
602 | :Default: ``swift`` |
603 | :Example: "/swift-testing" | |
604 | ||
605 | ||
606 | ``rgw swift auth url`` | |
607 | ||
9f95a23c | 608 | :Description: Default URL for verifying v1 auth tokens (if not using internal |
7c673cae FG |
609 | Swift auth). |
610 | ||
611 | :Type: String | |
612 | :Default: None | |
613 | ||
614 | ||
615 | ``rgw swift auth entry`` | |
616 | ||
617 | :Description: The entry point for a Swift auth URL. | |
618 | :Type: String | |
619 | :Default: ``auth`` | |
620 | ||
621 | ||
11fdf7f2 TL |
622 | ``rgw swift account in url`` |
623 | ||
624 | :Description: Whether or not the Swift account name should be included | |
625 | in the Swift API URL. | |
626 | ||
627 | If set to ``false`` (the default), then the Swift API | |
628 | will listen on a URL formed like | |
629 | ``http://host:port/<rgw_swift_url_prefix>/v1``, and the | |
630 | account name (commonly a Keystone project UUID if | |
631 | radosgw is configured with `Keystone integration | |
632 | <../keystone>`_) will be inferred from request | |
633 | headers. | |
634 | ||
635 | If set to ``true``, the Swift API URL will be | |
636 | ``http://host:port/<rgw_swift_url_prefix>/v1/AUTH_<account_name>`` | |
637 | (or | |
638 | ``http://host:port/<rgw_swift_url_prefix>/v1/AUTH_<keystone_project_id>``) | |
639 | instead, and the Keystone ``object-store`` endpoint must | |
640 | accordingly be configured to include the | |
641 | ``AUTH_%(tenant_id)s`` suffix. | |
642 | ||
643 | You **must** set this option to ``true`` (and update the | |
644 | Keystone service catalog) if you want radosgw to support | |
645 | publicly-readable containers and `temporary URLs | |
646 | <../swift/tempurl>`_. | |
647 | :Type: Boolean | |
648 | :Default: ``false`` | |
649 | ||
650 | ||
7c673cae FG |
651 | ``rgw swift versioning enabled`` |
652 | ||
653 | :Description: Enables the Object Versioning of OpenStack Object Storage API. | |
654 | This allows clients to put the ``X-Versions-Location`` attribute | |
655 | on containers that should be versioned. The attribute specifies | |
656 | the name of container storing archived versions. It must be owned | |
657 | by the same user that the versioned container due to access | |
658 | control verification - ACLs are NOT taken into consideration. | |
659 | Those containers cannot be versioned by the S3 object versioning | |
660 | mechanism. | |
11fdf7f2 | 661 | |
9f95a23c TL |
662 | A slightly different attribute, ``X-History-Location``, which is also understood by |
663 | `OpenStack Swift <https://docs.openstack.org/swift/latest/api/object_versioning.html>`_ | |
664 | for handling ``DELETE`` operations, is currently not supported. | |
7c673cae FG |
665 | :Type: Boolean |
666 | :Default: ``false`` | |
667 | ||
668 | ||
f64942e4 AA |
669 | ``rgw trust forwarded https`` |
670 | ||
671 | :Description: When a proxy in front of radosgw is used for ssl termination, radosgw | |
672 | does not know whether incoming http connections are secure. Enable | |
673 | this option to trust the ``Forwarded`` and ``X-Forwarded-Proto`` headers | |
674 | sent by the proxy when determining whether the connection is secure. | |
675 | This is required for some features, such as server side encryption. | |
676 | :Type: Boolean | |
677 | :Default: ``false`` | |
678 | ||
679 | ||
7c673cae FG |
680 | |
681 | Logging Settings | |
682 | ================ | |
683 | ||
684 | ||
685 | ``rgw log nonexistent bucket`` | |
686 | ||
9f95a23c | 687 | :Description: Enables Ceph Object Gateway to log a request for a non-existent |
7c673cae FG |
688 | bucket. |
689 | ||
690 | :Type: Boolean | |
691 | :Default: ``false`` | |
692 | ||
693 | ||
694 | ``rgw log object name`` | |
695 | ||
9f95a23c | 696 | :Description: The logging format for an object name. See manpage |
7c673cae FG |
697 | :manpage:`date` for details about format specifiers. |
698 | ||
699 | :Type: Date | |
700 | :Default: ``%Y-%m-%d-%H-%i-%n`` | |
701 | ||
702 | ||
703 | ``rgw log object name utc`` | |
704 | ||
9f95a23c | 705 | :Description: Whether a logged object name includes a UTC time. |
7c673cae FG |
706 | If ``false``, it uses the local time. |
707 | ||
708 | :Type: Boolean | |
709 | :Default: ``false`` | |
710 | ||
711 | ||
712 | ``rgw usage max shards`` | |
713 | ||
714 | :Description: The maximum number of shards for usage logging. | |
715 | :Type: Integer | |
716 | :Default: ``32`` | |
717 | ||
718 | ||
719 | ``rgw usage max user shards`` | |
720 | ||
9f95a23c | 721 | :Description: The maximum number of shards used for a single user's |
7c673cae FG |
722 | usage logging. |
723 | ||
724 | :Type: Integer | |
725 | :Default: ``1`` | |
726 | ||
727 | ||
728 | ``rgw enable ops log`` | |
729 | ||
730 | :Description: Enable logging for each successful Ceph Object Gateway operation. | |
731 | :Type: Boolean | |
732 | :Default: ``false`` | |
733 | ||
734 | ||
735 | ``rgw enable usage log`` | |
736 | ||
737 | :Description: Enable the usage log. | |
738 | :Type: Boolean | |
739 | :Default: ``false`` | |
740 | ||
741 | ||
742 | ``rgw ops log rados`` | |
743 | ||
9f95a23c | 744 | :Description: Whether the operations log should be written to the |
7c673cae FG |
745 | Ceph Storage Cluster backend. |
746 | ||
747 | :Type: Boolean | |
748 | :Default: ``true`` | |
749 | ||
750 | ||
751 | ``rgw ops log socket path`` | |
752 | ||
753 | :Description: The Unix domain socket for writing operations logs. | |
754 | :Type: String | |
755 | :Default: None | |
756 | ||
757 | ||
758 | ``rgw ops log data backlog`` | |
759 | ||
760 | :Description: The maximum data backlog data size for operations logs written | |
761 | to a Unix domain socket. | |
762 | ||
763 | :Type: Integer | |
764 | :Default: ``5 << 20`` | |
765 | ||
766 | ||
767 | ``rgw usage log flush threshold`` | |
768 | ||
9f95a23c | 769 | :Description: The number of dirty merged entries in the usage log before |
7c673cae FG |
770 | flushing synchronously. |
771 | ||
772 | :Type: Integer | |
773 | :Default: 1024 | |
774 | ||
775 | ||
776 | ``rgw usage log tick interval`` | |
777 | ||
778 | :Description: Flush pending usage log data every ``n`` seconds. | |
779 | :Type: Integer | |
780 | :Default: ``30`` | |
781 | ||
782 | ||
783 | ``rgw log http headers`` | |
784 | ||
785 | :Description: Comma-delimited list of HTTP headers to include with ops | |
786 | log entries. Header names are case insensitive, and use | |
787 | the full header name with words separated by underscores. | |
788 | ||
789 | :Type: String | |
790 | :Default: None | |
791 | :Example: "http_x_forwarded_for, http_x_special_k" | |
792 | ||
793 | ||
794 | ``rgw intent log object name`` | |
795 | ||
9f95a23c | 796 | :Description: The logging format for the intent log object name. See manpage |
7c673cae FG |
797 | :manpage:`date` for details about format specifiers. |
798 | ||
799 | :Type: Date | |
800 | :Default: ``%Y-%m-%d-%i-%n`` | |
801 | ||
802 | ||
803 | ``rgw intent log object name utc`` | |
804 | ||
9f95a23c | 805 | :Description: Whether the intent log object name includes a UTC time. |
7c673cae FG |
806 | If ``false``, it uses the local time. |
807 | ||
808 | :Type: Boolean | |
809 | :Default: ``false`` | |
810 | ||
811 | ||
7c673cae FG |
812 | |
813 | Keystone Settings | |
814 | ================= | |
815 | ||
816 | ||
817 | ``rgw keystone url`` | |
818 | ||
819 | :Description: The URL for the Keystone server. | |
820 | :Type: String | |
821 | :Default: None | |
822 | ||
823 | ||
824 | ``rgw keystone api version`` | |
825 | ||
826 | :Description: The version (2 or 3) of OpenStack Identity API that should be | |
827 | used for communication with the Keystone server. | |
828 | :Type: Integer | |
829 | :Default: ``2`` | |
830 | ||
831 | ||
832 | ``rgw keystone admin domain`` | |
833 | ||
834 | :Description: The name of OpenStack domain with admin privilege when using | |
835 | OpenStack Identity API v3. | |
836 | :Type: String | |
837 | :Default: None | |
838 | ||
839 | ||
840 | ``rgw keystone admin project`` | |
841 | ||
842 | :Description: The name of OpenStack project with admin privilege when using | |
843 | OpenStack Identity API v3. If left unspecified, value of | |
844 | ``rgw keystone admin tenant`` will be used instead. | |
845 | :Type: String | |
846 | :Default: None | |
847 | ||
848 | ||
849 | ``rgw keystone admin token`` | |
850 | ||
851 | :Description: The Keystone admin token (shared secret). In Ceph RadosGW | |
852 | authentication with the admin token has priority over | |
853 | authentication with the admin credentials | |
854 | (``rgw keystone admin user``, ``rgw keystone admin password``, | |
855 | ``rgw keystone admin tenant``, ``rgw keystone admin project``, | |
11fdf7f2 TL |
856 | ``rgw keystone admin domain``). The Keystone admin token |
857 | has been deprecated, but can be used to integrate with | |
858 | older environments. Prefer ``rgw keystone admin token path`` | |
859 | to avoid exposing the token. | |
7c673cae FG |
860 | :Type: String |
861 | :Default: None | |
862 | ||
11fdf7f2 TL |
863 | ``rgw keystone admin token path`` |
864 | ||
865 | :Description: Path to a file containing the Keystone admin token | |
866 | (shared secret). In Ceph RadosGW authentication with | |
867 | the admin token has priority over authentication with | |
868 | the admin credentials | |
869 | (``rgw keystone admin user``, ``rgw keystone admin password``, | |
870 | ``rgw keystone admin tenant``, ``rgw keystone admin project``, | |
871 | ``rgw keystone admin domain``). | |
872 | The Keystone admin token has been deprecated, but can be | |
873 | used to integrate with older environments. | |
874 | :Type: String | |
875 | :Default: None | |
7c673cae FG |
876 | |
877 | ``rgw keystone admin tenant`` | |
878 | ||
879 | :Description: The name of OpenStack tenant with admin privilege (Service Tenant) when | |
880 | using OpenStack Identity API v2 | |
881 | :Type: String | |
882 | :Default: None | |
883 | ||
884 | ||
885 | ``rgw keystone admin user`` | |
886 | ||
887 | :Description: The name of OpenStack user with admin privilege for Keystone | |
888 | authentication (Service User) when OpenStack Identity API v2 | |
889 | :Type: String | |
890 | :Default: None | |
891 | ||
892 | ||
893 | ``rgw keystone admin password`` | |
894 | ||
895 | :Description: The password for OpenStack admin user when using OpenStack | |
11fdf7f2 TL |
896 | Identity API v2. Prefer ``rgw keystone admin password path`` |
897 | to avoid exposing the token. | |
898 | :Type: String | |
899 | :Default: None | |
900 | ||
901 | ``rgw keystone admin password path`` | |
902 | ||
903 | :Description: Path to a file containing the password for OpenStack | |
904 | admin user when using OpenStack Identity API v2. | |
7c673cae FG |
905 | :Type: String |
906 | :Default: None | |
907 | ||
908 | ||
909 | ``rgw keystone accepted roles`` | |
910 | ||
911 | :Description: The roles requires to serve requests. | |
912 | :Type: String | |
913 | :Default: ``Member, admin`` | |
914 | ||
915 | ||
916 | ``rgw keystone token cache size`` | |
917 | ||
918 | :Description: The maximum number of entries in each Keystone token cache. | |
919 | :Type: Integer | |
920 | :Default: ``10000`` | |
921 | ||
922 | ||
923 | ``rgw keystone revocation interval`` | |
924 | ||
925 | :Description: The number of seconds between token revocation checks. | |
926 | :Type: Integer | |
927 | :Default: ``15 * 60`` | |
928 | ||
929 | ||
930 | ``rgw keystone verify ssl`` | |
931 | ||
932 | :Description: Verify SSL certificates while making token requests to keystone. | |
933 | :Type: Boolean | |
934 | :Default: ``true`` | |
935 | ||
9f95a23c TL |
936 | |
937 | Server-side encryption Settings | |
938 | =============================== | |
939 | ||
940 | ``rgw crypt s3 kms backend`` | |
941 | ||
942 | :Description: Where the SSE-KMS encryption keys are stored. Supported KMS | |
943 | systems are OpenStack Barbican (``barbican``, the default) and | |
944 | HashiCorp Vault (``vault``). | |
945 | :Type: String | |
946 | :Default: None | |
947 | ||
948 | ||
7c673cae FG |
949 | Barbican Settings |
950 | ================= | |
951 | ||
952 | ``rgw barbican url`` | |
953 | ||
954 | :Description: The URL for the Barbican server. | |
955 | :Type: String | |
956 | :Default: None | |
957 | ||
958 | ``rgw keystone barbican user`` | |
959 | ||
960 | :Description: The name of the OpenStack user with access to the `Barbican`_ | |
961 | secrets used for `Encryption`_. | |
962 | :Type: String | |
963 | :Default: None | |
964 | ||
965 | ``rgw keystone barbican password`` | |
966 | ||
967 | :Description: The password associated with the `Barbican`_ user. | |
968 | :Type: String | |
969 | :Default: None | |
970 | ||
971 | ``rgw keystone barbican tenant`` | |
972 | ||
973 | :Description: The name of the OpenStack tenant associated with the `Barbican`_ | |
974 | user when using OpenStack Identity API v2. | |
975 | :Type: String | |
976 | :Default: None | |
977 | ||
978 | ``rgw keystone barbican project`` | |
979 | ||
980 | :Description: The name of the OpenStack project associated with the `Barbican`_ | |
981 | user when using OpenStack Identity API v3. | |
982 | :Type: String | |
983 | :Default: None | |
984 | ||
985 | ``rgw keystone barbican domain`` | |
986 | ||
987 | :Description: The name of the OpenStack domain associated with the `Barbican`_ | |
988 | user when using OpenStack Identity API v3. | |
989 | :Type: String | |
990 | :Default: None | |
991 | ||
992 | ||
9f95a23c TL |
993 | HashiCorp Vault Settings |
994 | ======================== | |
995 | ||
996 | ``rgw crypt vault auth`` | |
997 | ||
998 | :Description: Type of authentication method to be used. The only method | |
999 | currently supported is ``token``. | |
1000 | :Type: String | |
1001 | :Default: ``token`` | |
1002 | ||
1003 | ``rgw crypt vault token file`` | |
1004 | ||
1005 | :Description: If authentication method is ``token``, provide a path to the token | |
1006 | file, which should be readable only by Rados Gateway. | |
1007 | :Type: String | |
1008 | :Default: None | |
1009 | ||
1010 | ``rgw crypt vault addr`` | |
1011 | ||
1012 | :Description: Vault server base address, e.g. ``http://vaultserver:8200``. | |
1013 | :Type: String | |
1014 | :Default: None | |
1015 | ||
1016 | ``rgw crypt vault prefix`` | |
1017 | ||
1018 | :Description: The Vault secret URL prefix, which can be used to restrict access | |
1019 | to a particular subset of the secret space, e.g. ``/v1/secret/data``. | |
1020 | :Type: String | |
1021 | :Default: None | |
1022 | ||
1023 | ``rgw crypt vault secret engine`` | |
1024 | ||
1025 | :Description: Vault Secret Engine to be used to retrieve encryption keys: choose | |
1026 | between kv-v2, transit. | |
1027 | :Type: String | |
1028 | :Default: None | |
1029 | ||
1030 | ``rgw crypt vault namespace`` | |
1031 | ||
1032 | :Description: If set, Vault Namespace provides tenant isolation for teams and individuals | |
1033 | on the same Vault Enterprise instance, e.g. ``acme/tenant1`` | |
1034 | :Type: String | |
1035 | :Default: None | |
1036 | ||
1037 | ||
1038 | QoS settings | |
1039 | ------------ | |
1040 | ||
1041 | .. versionadded:: Nautilus | |
1042 | ||
1043 | The ``civetweb`` frontend has a threading model that uses a thread per | |
1044 | connection and hence automatically throttled by ``rgw thread pool size`` | |
1045 | configurable when it comes to accepting connections. The ``beast`` frontend is | |
1046 | not restricted by the thread pool size when it comes to accepting new | |
1047 | connections, so a scheduler abstraction is introduced in Nautilus release which | |
1048 | for supporting ways for scheduling requests in the future. | |
1049 | ||
1050 | Currently the scheduler defaults to a throttler which throttles the active | |
1051 | connections to a configured limit. QoS based on mClock is currently in an | |
1052 | *experimental* phase and not recommended for production yet. Current | |
1053 | implementation of *dmclock_client* op queue divides RGW Ops on admin, auth | |
1054 | (swift auth, sts) metadata & data requests. | |
1055 | ||
1056 | ||
1057 | ``rgw max concurrent requests`` | |
1058 | ||
1059 | :Description: Maximum number of concurrent HTTP requests that the beast frontend | |
1060 | will process. Tuning this can help to limit memory usage under | |
1061 | heavy load. | |
1062 | :Type: Integer | |
1063 | :Default: 1024 | |
1064 | ||
1065 | ||
1066 | ``rgw scheduler type`` | |
1067 | ||
1068 | :Description: The type of RGW Scheduler to use. Valid values are throttler, | |
1069 | dmclock. Currently defaults to throttler which throttles beast | |
1070 | frontend requests. dmclock is *experimental* and will need the | |
1071 | experimental flag set | |
1072 | ||
1073 | ||
1074 | The options below are to tune the experimental dmclock scheduler. For some | |
1075 | further reading on dmclock, see :ref:`dmclock-qos`. `op_class` for the flags below is | |
1076 | one of admin, auth, metadata or data. | |
1077 | ||
1078 | ``rgw_dmclock_<op_class>_res`` | |
1079 | ||
1080 | :Description: The mclock reservation for `op_class` requests | |
1081 | :Type: float | |
1082 | :Default: 100.0 | |
1083 | ||
1084 | ``rgw_dmclock_<op_class>_wgt`` | |
1085 | ||
1086 | :Description: The mclock weight for `op_class` requests | |
1087 | :Type: float | |
1088 | :Default: 1.0 | |
1089 | ||
1090 | ``rgw_dmclock_<op_class>_lim`` | |
1091 | ||
1092 | :Description: The mclock limit for `op_class` requests | |
1093 | :Type: float | |
1094 | :Default: 0.0 | |
1095 | ||
1096 | ||
1097 | ||
7c673cae FG |
1098 | .. _Architecture: ../../architecture#data-striping |
1099 | .. _Pool Configuration: ../../rados/configuration/pool-pg-config-ref/ | |
1100 | .. _Cluster Pools: ../../rados/operations/pools | |
1101 | .. _Rados cluster handles: ../../rados/api/librados-intro/#step-2-configuring-a-cluster-handle | |
1102 | .. _Barbican: ../barbican | |
1103 | .. _Encryption: ../encryption | |
94b18763 | 1104 | .. _HTTP Frontends: ../frontends |