]> git.proxmox.com Git - ceph.git/blame - ceph/src/common/options/rgw.yaml.in
projects / ceph.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
update ceph source to reef 18.1.2
[ceph.git] / ceph / src / common / options / rgw.yaml.in
CommitLineData
20effc67
TL		 1# -*- mode: YAML -*-
2---
3
4options:
5# According to AWS S3(http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html),
1e59de90 6# An ACL may have up to 100 grants.
20effc67
TL		 7- name: rgw_acl_grants_max_num
8 type: int
9 level: advanced
1e59de90 10 desc: The maximum number of ACL grants in a single request.
20effc67
TL		 11 default: 100
12 services:
13 - rgw
14 with_legacy: true
1e59de90
TL		 15# A user may have up to 100 IAM user policies.
16- name: rgw_user_policies_max_num
17 type: int
18 level: advanced
19 desc: The maximum number of IAM user policies for a single user.
20 default: 100
21 services:
22 - rgw
23 with_legacy: true
24# According to AWS S3 (http://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html),
25# A CORS request may have up to 100 rules.
20effc67
TL		 26- name: rgw_cors_rules_max_num
27 type: int
28 level: advanced
1e59de90 29 desc: The maximum number of CORS rules in a single request.
20effc67
TL		 30 default: 100
31 services:
32 - rgw
33 with_legacy: true
1e59de90 34# According to AWS S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/DeletingObjects.html),
20effc67
TL		 35# Amazon S3 also provides the Multi-Object Delete API that you can use to delete up to 1000
36# objects in a single HTTP request.
37- name: rgw_delete_multi_obj_max_num
38 type: int
39 level: advanced
1e59de90 40 desc: The maximum number of objects in a single multi-object delete request.
20effc67
TL		 41 default: 1000
42 services:
43 - rgw
44 with_legacy: true
45# According to AWS S3, An website routing config can have up to 50 rules.
46- name: rgw_website_routing_rules_max_num
47 type: int
48 level: advanced
1e59de90 49 desc: The maximum number of website routing rules in a single request.
20effc67
TL		 50 default: 50
51 services:
52 - rgw
53 with_legacy: true
54- name: rgw_rados_tracing
55 type: bool
56 level: advanced
1e59de90 57 desc: Enables LTTng-UST tracepoints.
20effc67
TL		 58 default: false
59 services:
60 - rgw
61- name: rgw_op_tracing
62 type: bool
63 level: advanced
1e59de90 64 desc: Enables LTTng-UST operator tracepoints.
20effc67
TL		 65 default: false
66 services:
67 - rgw
68- name: rgw_max_chunk_size
69 type: size
70 level: advanced
1e59de90 71 desc: The maximum RGW chunk size.
20effc67
TL		 72 long_desc: The chunk size is the size of RADOS I/O requests that RGW sends when
73 accessing data objects. RGW read and write operations will never request more than
74 this amount in a single request. This also defines the RGW head object size, as
75 head operations need to be atomic, and anything larger than this would require
76 more than a single operation. When RGW objects are written to the default
77 storage class, up to this amount of payload data will be stored alongside
78 metadata in the head object.
79 default: 4_M
80 services:
81 - rgw
82 with_legacy: true
83- name: rgw_put_obj_min_window_size
84 type: size
85 level: advanced
86 desc: The minimum RADOS write window size (in bytes).
87 long_desc: The window size determines the total concurrent RADOS writes of a single
88 RGW object. When writing an object RGW will send multiple chunks to RADOS. The
89 total size of the writes does not exceed the window size. The window size may
90 be adjusted dynamically in order to better utilize the pipe.
91 default: 16_M
92 services:
93 - rgw
94 see_also:
95 - rgw_put_obj_max_window_size
96 - rgw_max_chunk_size
97 with_legacy: true
98- name: rgw_put_obj_max_window_size
99 type: size
100 level: advanced
101 desc: The maximum RADOS write window size (in bytes).
102 long_desc: The window size may be dynamically adjusted, but will not surpass this
103 value.
104 default: 64_M
105 services:
106 - rgw
107 see_also:
108 - rgw_put_obj_min_window_size
109 - rgw_max_chunk_size
110 with_legacy: true
111- name: rgw_max_put_size
112 type: size
113 level: advanced
1e59de90 114 desc: The maximum size (in bytes) of regular (non multi-part) object upload.
20effc67
TL		 115 long_desc: Plain object upload is capped at this amount of data. In order to upload
116 larger objects, a special upload mechanism is required. The S3 API provides the
117 multi-part upload, and Swift provides DLO and SLO.
118 default: 5_G
119 services:
120 - rgw
121 with_legacy: true
122- name: rgw_max_put_param_size
123 type: size
124 level: advanced
125 desc: The maximum size (in bytes) of data input of certain RESTful requests.
126 default: 1_M
127 services:
128 - rgw
129 with_legacy: true
130- name: rgw_max_attr_size
131 type: size
132 level: advanced
133 desc: The maximum length of metadata value. 0 skips the check
134 default: 0
135 services:
136 - rgw
137 with_legacy: true
138- name: rgw_max_attr_name_len
139 type: size
140 level: advanced
141 desc: The maximum length of metadata name. 0 skips the check
142 default: 0
143 services:
144 - rgw
145 with_legacy: true
146- name: rgw_max_attrs_num_in_req
147 type: uint
148 level: advanced
149 desc: The maximum number of metadata items that can be put via single request
150 default: 0
151 services:
152 - rgw
153 with_legacy: true
154# override max bucket index shards in zone configuration (if not zero)
155#
156# Represents the number of shards for the bucket index object, a value of zero
157# indicates there is no sharding. By default (no sharding, the name of the object
158# is '.dir.{marker}', with sharding, the name is '.dir.{markder}.{sharding_id}',
159# sharding_id is zero-based value. It is not recommended to set a too large value
160# (e.g. thousand) as it increases the cost for bucket listing.
161- name: rgw_override_bucket_index_max_shards
162 type: uint
163 level: dev
164 desc: The default number of bucket index shards for newly-created buckets. This
165 value overrides bucket_index_max_shards stored in the zone. Setting this value
166 in the zone is preferred, because it applies globally to all radosgw daemons running
167 in the zone.
168 fmt_desc: Represents the number of shards for the bucket index object,
169 a value of zero indicates there is no sharding. It is not
170 recommended to set a value too large (e.g. thousand) as it
171 increases the cost for bucket listing.
172 This variable should be set in the client or global sections
173 so that it is automatically applied to radosgw-admin commands.
174 default: 0
175 services:
176 - rgw
177 with_legacy: true
178# Represents the maximum AIO pending requests for the bucket index object shards.
179- name: rgw_bucket_index_max_aio
180 type: uint
181 level: advanced
182 desc: Max number of concurrent RADOS requests when handling bucket shards.
183 default: 128
184 services:
185 - rgw
186 with_legacy: true
1e59de90
TL		 187- name: rgw_multi_obj_del_max_aio
188 type: uint
189 level: advanced
190 desc: Max number of concurrent RADOS requests per multi-object delete request.
191 default: 16
192 services:
193 - rgw
194 with_legacy: true
20effc67
TL		 195# whether or not the quota/gc threads should be started
196- name: rgw_enable_quota_threads
197 type: bool
198 level: advanced
199 desc: Enables the quota maintenance thread.
200 long_desc: The quota maintenance thread is responsible for quota related maintenance
201 work. The thread itself can be disabled, but in order for quota to work correctly,
202 at least one RGW in each zone needs to have this thread running. Having the thread
203 enabled on multiple RGW processes within the same zone can spread some of the
204 maintenance work between them.
205 default: true
206 services:
207 - rgw
208 see_also:
209 - rgw_enable_gc_threads
210 - rgw_enable_lc_threads
211 with_legacy: true
212- name: rgw_enable_gc_threads
213 type: bool
214 level: advanced
215 desc: Enables the garbage collection maintenance thread.
216 long_desc: The garbage collection maintenance thread is responsible for garbage
217 collector maintenance work. The thread itself can be disabled, but in order for
218 garbage collection to work correctly, at least one RGW in each zone needs to have
219 this thread running. Having the thread enabled on multiple RGW processes within
220 the same zone can spread some of the maintenance work between them.
221 default: true
222 services:
223 - rgw
224 see_also:
225 - rgw_enable_quota_threads
226 - rgw_enable_lc_threads
227 with_legacy: true
228- name: rgw_enable_lc_threads
229 type: bool
230 level: advanced
231 desc: Enables the lifecycle maintenance thread. This is required on at least one
232 rgw for each zone.
233 long_desc: The lifecycle maintenance thread is responsible for lifecycle related
234 maintenance work. The thread itself can be disabled, but in order for lifecycle
235 to work correctly, at least one RGW in each zone needs to have this thread running.
236 Havingthe thread enabled on multiple RGW processes within the same zone can spread
237 some of the maintenance work between them.
238 default: true
239 services:
240 - rgw
241 see_also:
242 - rgw_enable_gc_threads
243 - rgw_enable_quota_threads
244 with_legacy: true
245- name: rgw_data
246 type: str
247 level: advanced
248 desc: Alternative location for RGW configuration.
249 long_desc: If this is set, the different Ceph system configurables (such as the keyring file will be located in the path that is specified here.
250 fmt_desc: Sets the location of the data files for Ceph RADOS Gateway.
251 default: /var/lib/ceph/radosgw/$cluster-$id
252 services:
253 - rgw
254 flags:
255 - no_mon_update
256 with_legacy: true
257- name: rgw_enable_apis
258 type: str
259 level: advanced
260 desc: A list of set of RESTful APIs that rgw handles.
261 fmt_desc: |
262 Enables the specified APIs.
263
264 .. note:: Enabling the ``s3`` API is a requirement for
265 any ``radosgw`` instance that is meant to
266 participate in a `multi-site <../multisite>`_
267 configuration.
268 default: s3, s3website, swift, swift_auth, admin, sts, iam, notifications
269 services:
270 - rgw
271 with_legacy: true
272- name: rgw_cache_enabled
273 type: bool
274 level: advanced
275 desc: Enable RGW metadata cache.
276 long_desc: The metadata cache holds metadata entries that RGW requires for processing
277 requests. Metadata entries can be user info, bucket info, and bucket instance
278 info. If not found in the cache, entries will be fetched from the backing RADOS
279 store.
280 fmt_desc: Whether the Ceph Object Gateway cache is enabled.
281 default: true
282 services:
283 - rgw
284 see_also:
285 - rgw_cache_lru_size
286 with_legacy: true
287- name: rgw_cache_lru_size
288 type: int
289 level: advanced
290 desc: Max number of items in RGW metadata cache.
291 long_desc: When full, the RGW metadata cache evicts least recently used entries.
292 fmt_desc: The number of entries in the Ceph Object Gateway cache.
293 default: 10000
294 services:
295 - rgw
296 see_also:
297 - rgw_cache_enabled
298 with_legacy: true
299- name: rgw_dns_name
300 type: str
301 level: advanced
1e59de90
TL		 302 desc: The host names that RGW uses.
303 long_desc: A comma separated list of DNS names.
304 This is Needed for virtual hosting of buckets to work properly, unless
20effc67 305 configured via zonegroup configuration.
1e59de90 306 fmt_desc: The DNS names of the served domains. See also the ``hostnames`` setting within zonegroups.
20effc67
TL		 307 services:
308 - rgw
309 with_legacy: true
310- name: rgw_dns_s3website_name
311 type: str
312 level: advanced
313 desc: The host name that RGW uses for static websites (S3)
314 long_desc: This is needed for virtual hosting of buckets, unless configured via
315 zonegroup configuration.
316 services:
317 - rgw
318 with_legacy: true
319- name: rgw_numa_node
320 type: int
321 level: advanced
322 desc: set rgw's cpu affinity to a numa node (-1 for none)
323 default: -1
324 services:
325 - rgw
326 flags:
327 - startup
328- name: rgw_service_provider_name
329 type: str
330 level: advanced
331 desc: Service provider name which is contained in http response headers
332 long_desc: As S3 or other cloud storage providers do, http response headers should
333 contain the name of the provider. This name will be placed in http header 'Server'.
334 services:
335 - rgw
336 with_legacy: true
337- name: rgw_content_length_compat
338 type: bool
339 level: advanced
340 desc: Multiple content length headers compatibility
341 long_desc: Try to handle requests with abiguous multiple content length headers
342 (Content-Length, Http-Content-Length).
343 fmt_desc: Enable compatibility handling of FCGI requests with both ``CONTENT_LENGTH``
344 and ``HTTP_CONTENT_LENGTH`` set.
345 default: false
346 services:
347 - rgw
348 with_legacy: true
349- name: rgw_relaxed_region_enforcement
350 type: bool
351 level: advanced
352 desc: Disable region constraint enforcement
353 long_desc: Enable requests such as bucket creation to succeed irrespective of region
354 restrictions (Jewel compat).
355 default: false
356 services:
357 - rgw
358- name: rgw_lifecycle_work_time
359 type: str
360 level: advanced
361 desc: Lifecycle allowed work time
362 long_desc: Local time window in which the lifecycle maintenance thread can work.
363 default: 00:00-06:00
364 services:
365 - rgw
366 with_legacy: true
367- name: rgw_lc_lock_max_time
368 type: int
369 level: dev
370 default: 90
371 services:
372 - rgw
373 with_legacy: true
374- name: rgw_lc_thread_delay
375 type: int
376 level: advanced
377 desc: Delay after processing of bucket listing chunks (i.e., per 1000 entries) in
378 milliseconds
379 default: 0
380 services:
381 - rgw
382- name: rgw_lc_max_worker
383 type: int
384 level: advanced
385 desc: Number of LCWorker tasks that will be run in parallel
386 long_desc: Number of LCWorker tasks that will run in parallel--used to permit >1
387 bucket/index shards to be processed simultaneously
388 fmt_desc: This option specifies the number of lifecycle worker threads
389 to run in parallel, thereby processing bucket and index
390 shards simultaneously.
391 default: 3
392 services:
393 - rgw
394 with_legacy: true
395- name: rgw_lc_max_wp_worker
396 type: int
397 level: advanced
398 desc: Number of workpool threads per LCWorker
399 long_desc: Number of threads in per-LCWorker workpools--used to accelerate per-bucket
400 processing
401 fmt_desc: This option specifies the number of threads in each lifecycle
402 workers work pool. This option can help accelerate processing each bucket.
403 default: 3
404 services:
405 - rgw
406 with_legacy: true
407- name: rgw_lc_max_objs
408 type: int
409 level: advanced
410 desc: Number of lifecycle data shards
411 long_desc: Number of RADOS objects to use for storing lifecycle index. This affects
412 concurrency of lifecycle maintenance, as shards can be processed in parallel.
413 default: 32
414 services:
415 - rgw
416 with_legacy: true
417- name: rgw_lc_max_rules
418 type: uint
419 level: advanced
420 desc: Max number of lifecycle rules set on one bucket
421 long_desc: Number of lifecycle rules set on one bucket should be limited.
422 default: 1000
423 services:
424 - rgw
425 with_legacy: true
426- name: rgw_lc_debug_interval
427 type: int
428 level: dev
429 desc: The number of seconds that simulate one "day" in order to debug RGW LifeCycle.
430 Do *not* modify for a production cluster.
431 long_desc: For debugging RGW LifeCycle, the number of seconds that are equivalent to
432 one simulated "day". Values less than 1 are ignored and do not change LifeCycle behavior.
433 For example, during debugging if one wanted every 10 minutes to be equivalent to one day,
434 then this would be set to 600, the number of seconds in 10 minutes.
435 default: -1
436 services:
437 - rgw
438 with_legacy: true
439- name: rgw_mp_lock_max_time
440 type: int
441 level: advanced
442 desc: Multipart upload max completion time
443 long_desc: Time length to allow completion of a multipart upload operation. This
444 is done to prevent concurrent completions on the same object with the same upload
445 id.
446 default: 10_min
447 services:
448 - rgw
449- name: rgw_script_uri
450 type: str
451 level: dev
452 fmt_desc: The alternative value for the ``SCRIPT_URI`` if not set
453 in the request.
454 services:
455 - rgw
456 with_legacy: true
457- name: rgw_request_uri
458 type: str
459 level: dev
460 fmt_desc: The alternative value for the ``REQUEST_URI`` if not set
461 in the request.
462 services:
463 - rgw
464 with_legacy: true
465- name: rgw_ignore_get_invalid_range
466 type: bool
467 level: advanced
468 desc: Treat invalid (e.g., negative) range request as full
469 long_desc: Treat invalid (e.g., negative) range request as request for the full
470 object (AWS compatibility)
471 default: false
472 services:
473 - rgw
474 with_legacy: true
475- name: rgw_swift_url
476 type: str
477 level: advanced
478 desc: Swift-auth storage URL
479 long_desc: Used in conjunction with rgw internal swift authentication. This affects
480 the X-Storage-Url response header value.
481 fmt_desc: The URL for the Ceph Object Gateway Swift API.
482 services:
483 - rgw
484 see_also:
485 - rgw_swift_auth_entry
486 with_legacy: true
487- name: rgw_swift_url_prefix
488 type: str
489 level: advanced
490 desc: Swift URL prefix
491 long_desc: The URL path prefix for swift requests.
492 fmt_desc: |
493 The URL prefix for the Swift API, to distinguish it from
494 the S3 API endpoint. The default is ``swift``, which
495 makes the Swift API available at the URL
496 ``http://host:port/swift/v1`` (or
497 ``http://host:port/swift/v1/AUTH_%(tenant_id)s`` if
498 ``rgw swift account in url`` is enabled).
499
500 For compatibility, setting this configuration variable
501 to the empty string causes the default ``swift`` to be
502 used; if you do want an empty prefix, set this option to
503 ``/``.
504
505 .. warning:: If you set this option to ``/``, you must
506 disable the S3 API by modifying ``rgw
507 enable apis`` to exclude ``s3``. It is not
508 possible to operate radosgw with ``rgw
509 swift url prefix = /`` and simultaneously
510 support both the S3 and Swift APIs. If you
511 do need to support both APIs without
512 prefixes, deploy multiple radosgw instances
513 to listen on different hosts (or ports)
514 instead, enabling some for S3 and some for
515 Swift.
516 example: /swift-testing
517 default: swift
518 services:
519 - rgw
520 with_legacy: true
521- name: rgw_swift_auth_url
522 type: str
523 level: advanced
524 desc: Swift auth URL
525 long_desc: Default url to which RGW connects and verifies tokens for v1 auth (if
526 not using internal swift auth).
527 services:
528 - rgw
529 with_legacy: true
530- name: rgw_swift_auth_entry
531 type: str
532 level: advanced
533 desc: Swift auth URL prefix
534 long_desc: URL path prefix for internal swift auth requests.
535 fmt_desc: The entry point for a Swift auth URL.
536 default: auth
537 services:
538 - rgw
539 see_also:
540 - rgw_swift_url
541 with_legacy: true
542- name: rgw_swift_tenant_name
543 type: str
544 level: advanced
545 desc: Swift tenant name
546 long_desc: Tenant name that is used when constructing the swift path.
547 services:
548 - rgw
549 see_also:
550 - rgw_swift_account_in_url
551 with_legacy: true
552- name: rgw_swift_account_in_url
553 type: bool
554 level: advanced
555 desc: Swift account encoded in URL
556 long_desc: Whether the swift account is encoded in the uri path (AUTH_<account>).
557 fmt_desc: |
558 Whether or not the Swift account name should be included
559 in the Swift API URL.
560 If set to ``false`` (the default), then the Swift API
561 will listen on a URL formed like
562 ``http://host:port/<rgw_swift_url_prefix>/v1``, and the
563 account name (commonly a Keystone project UUID if
564 radosgw is configured with `Keystone integration
565 <../keystone>`_) will be inferred from request
566 headers.
567 If set to ``true``, the Swift API URL will be
568 ``http://host:port/<rgw_swift_url_prefix>/v1/AUTH_<account_name>``
569 (or
570 ``http://host:port/<rgw_swift_url_prefix>/v1/AUTH_<keystone_project_id>``)
571 instead, and the Keystone ``object-store`` endpoint must
572 accordingly be configured to include the
573 ``AUTH_%(tenant_id)s`` suffix.
574 You **must** set this option to ``true`` (and update the
575 Keystone service catalog) if you want radosgw to support
576 publicly-readable containers and `temporary URLs
577 <../swift/tempurl>`_.
578 default: false
579 services:
580 - rgw
581 see_also:
582 - rgw_swift_tenant_name
583 with_legacy: true
584- name: rgw_swift_enforce_content_length
585 type: bool
586 level: advanced
587 desc: Send content length when listing containers (Swift)
588 long_desc: Whether content length header is needed when listing containers. When
589 this is set to false, RGW will send extra info for each entry in the response.
590 default: false
591 services:
592 - rgw
593 with_legacy: true
594- name: rgw_keystone_url
595 type: str
596 level: basic
597 desc: The URL to the Keystone server.
598 services:
599 - rgw
600 with_legacy: true
601- name: rgw_keystone_admin_token
602 type: str
603 level: advanced
604 desc: 'DEPRECATED: The admin token (shared secret) that is used for the Keystone
605 requests.'
606 fmt_desc: The Keystone admin token (shared secret). In Ceph RGW
607 authentication with the admin token has priority over
608 authentication with the admin credentials
609 (``rgw_keystone_admin_user``, ``rgw_keystone_admin_password``,
610 ``rgw_keystone_admin_tenant``, ``rgw_keystone_admin_project``,
611 ``rgw_keystone_admin_domain``). The Keystone admin token
612 has been deprecated, but can be used to integrate with
613 older environments. It is preferred to instead configure
614 ``rgw_keystone_admin_token_path`` to avoid exposing the token.
615 services:
616 - rgw
617 with_legacy: true
618- name: rgw_keystone_admin_token_path
619 type: str
620 level: advanced
621 desc: Path to a file containing the admin token (shared secret) that is used for
622 the Keystone requests.
623 fmt_desc: Path to a file containing the Keystone admin token
624 (shared secret). In Ceph RadosGW authentication with
625 the admin token has priority over authentication with
626 the admin credentials
627 (``rgw_keystone_admin_user``, ``rgw_keystone_admin_password``,
628 ``rgw_keystone_admin_tenant``, ``rgw_keystone_admin_project``,
629 ``rgw_keystone_admin_domain``).
630 The Keystone admin token has been deprecated, but can be
631 used to integrate with older environments.
632 services:
633 - rgw
634 with_legacy: true
635- name: rgw_keystone_admin_user
636 type: str
637 level: advanced
638 desc: Keystone admin user.
639 fmt_desc: The name of OpenStack user with admin privilege for Keystone
640 authentication (Service User) when using OpenStack Identity API v2
641 services:
642 - rgw
643 with_legacy: true
644- name: rgw_keystone_admin_password
645 type: str
646 level: advanced
647 desc: 'DEPRECATED: Keystone admin password.'
648 fmt_desc: The password for OpenStack admin user when using OpenStack
649 Identity API v2. It is preferred to instead configure
650 ``rgw_keystone_admin_password_path`` to avoid exposing the token.
651 services:
652 - rgw
653 with_legacy: true
654- name: rgw_keystone_admin_password_path
655 type: str
656 level: advanced
657 desc: Path to a file containing the Keystone admin password.
658 fmt_desc: Path to a file containing the password for OpenStack
659 admin user when using OpenStack Identity API v2.
660 services:
661 - rgw
662 with_legacy: true
663- name: rgw_keystone_admin_tenant
664 type: str
665 level: advanced
666 desc: Keystone admin user tenant.
667 fmt_desc: The name of OpenStack tenant with admin privilege (Service Tenant) when
668 using OpenStack Identity API v2
669 services:
670 - rgw
671 with_legacy: true
672- name: rgw_keystone_admin_project
673 type: str
674 level: advanced
675 desc: Keystone admin user project (for Keystone v3).
676 fmt_desc: The name of OpenStack project with admin privilege when using
677 OpenStack Identity API v3. If left unspecified, value of
678 ``rgw keystone admin tenant`` will be used instead.
679 services:
680 - rgw
681 with_legacy: true
682- name: rgw_keystone_admin_domain
683 type: str
684 level: advanced
685 desc: Keystone admin user domain (for Keystone v3).
686 fmt_desc: The name of OpenStack domain with admin privilege when using
687 OpenStack Identity API v3.
688 services:
689 - rgw
690 with_legacy: true
1e59de90
TL		 691- name: rgw_keystone_service_token_enabled
692 type: bool
693 level: advanced
694 desc: Service tokens allowing the usage of expired Keystone auth tokens
695 fmt_desc: The service token support allows the incoming request to contain
696 a X-Service-Token header with a Keystone token that if it has acceptable
697 roles allows using an expired token in the X-Auth-Token header.
698 default: false
699 see_also:
700 - rgw_keystone_service_token_accepted_roles
701 - rgw_keystone_expired_token_cache_expiration
702 services:
703 - rgw
704 with_legacy: true
705- name: rgw_keystone_service_token_accepted_roles
706 type: str
707 level: advanced
708 desc: Only users with one of these roles will be valid for service users.
709 fmt_desc: The users that created the service token given must have one of
710 these roles to be considered a valid service user.
711 default: admin
712 see_also:
713 - rgw_keystone_service_token_enabled
714 services:
715 - rgw
716 with_legacy: true
717- name: rgw_keystone_expired_token_cache_expiration
718 type: int
719 level: advanced
720 desc: The number of seconds to add to current time for expired token expiration
721 fmt_desc: The expired token that is allowed when a valid service token is given
722 need a new expiration date for the caching. This is the seconds to add to the
723 current time and then set on an expired token that is verified with a service token.
724 default: 3600
725 services:
726 - rgw
727 see_also:
728 - rgw_keystone_service_token_enabled
729 with_legacy: true
20effc67
TL		 730- name: rgw_keystone_barbican_user
731 type: str
732 level: advanced
733 desc: Keystone user to access barbican secrets.
734 fmt_desc: The name of the OpenStack user with access to the `Barbican`_
735 secrets used for `Encryption`_.
736 services:
737 - rgw
738 with_legacy: true
739- name: rgw_keystone_barbican_password
740 type: str
741 level: advanced
742 desc: Keystone password for barbican user.
743 fmt_desc: The password associated with the `Barbican`_ user.
744 services:
745 - rgw
746 with_legacy: true
747- name: rgw_keystone_barbican_tenant
748 type: str
749 level: advanced
750 desc: Keystone barbican user tenant (Keystone v2.0).
751 fmt_desc: The name of the OpenStack tenant associated with the `Barbican`_
752 user when using OpenStack Identity API v2.
753 services:
754 - rgw
755 with_legacy: true
756- name: rgw_keystone_barbican_project
757 type: str
758 level: advanced
759 desc: Keystone barbican user project (Keystone v3).
760 fmt_desc: The name of the OpenStack project associated with the `Barbican`_
761 user when using OpenStack Identity API v3.
762 services:
763 - rgw
764 with_legacy: true
765- name: rgw_keystone_barbican_domain
766 type: str
767 level: advanced
768 desc: Keystone barbican user domain.
769 fmt_desc: The name of the OpenStack domain associated with the `Barbican`_
770 user when using OpenStack Identity API v3.
771 services:
772 - rgw
773 with_legacy: true
774- name: rgw_keystone_api_version
775 type: int
776 level: advanced
777 desc: Version of Keystone API to use (2 or 3).
778 fmt_desc: The version (2 or 3) of OpenStack Identity API that should be
779 used for communication with the Keystone server.
780 default: 2
781 services:
782 - rgw
783 with_legacy: true
784- name: rgw_keystone_accepted_roles
785 type: str
786 level: advanced
787 desc: Only users with one of these roles will be served when doing Keystone authentication.
788 fmt_desc: The roles required to serve requests.
789 default: Member, admin
790 services:
791 - rgw
792 with_legacy: true
793- name: rgw_keystone_accepted_admin_roles
794 type: str
795 level: advanced
796 desc: List of roles allowing user to gain admin privileges (Keystone).
797 services:
798 - rgw
799 with_legacy: true
800- name: rgw_keystone_token_cache_size
801 type: int
802 level: advanced
803 desc: Keystone token cache size
804 long_desc: Max number of Keystone tokens that will be cached. Token that is not
805 cached requires RGW to access the Keystone server when authenticating.
806 fmt_desc: The maximum number of entries in each Keystone token cache.
807 default: 10000
808 services:
809 - rgw
810 with_legacy: true
811- name: rgw_keystone_verify_ssl
812 type: bool
813 level: advanced
814 desc: Should RGW verify the Keystone server SSL certificate.
815 fmt_desc: Verify SSL certificates while making token requests to keystone.
816 default: true
817 services:
818 - rgw
819 with_legacy: true
820- name: rgw_keystone_implicit_tenants
821 type: str
822 level: advanced
823 desc: RGW Keystone implicit tenants creation
824 long_desc: Implicitly create new users in their own tenant with the same name when
825 authenticating via Keystone. Can be limited to s3 or swift only.
826 default: 'false'
827 services:
828 - rgw
829 enum_values:
830 - 'false'
831 - 'true'
832 - swift
833 - s3
834 - both
835 - '0'
836 - '1'
837 - none
838 with_legacy: true
839- name: rgw_cross_domain_policy
840 type: str
841 level: advanced
842 desc: RGW handle cross domain policy
843 long_desc: Returned cross domain policy when accessing the crossdomain.xml resource
844 (Swift compatiility).
845 default: <allow-access-from domain="*" secure="false" />
846 services:
847 - rgw
848 with_legacy: true
849- name: rgw_healthcheck_disabling_path
850 type: str
851 level: dev
852 desc: Swift health check api can be disabled if a file can be accessed in this path.
853 services:
854 - rgw
855 with_legacy: true
856- name: rgw_s3_auth_use_rados
857 type: bool
858 level: advanced
859 desc: Should S3 authentication use credentials stored in RADOS backend.
860 default: true
861 services:
862 - rgw
863 with_legacy: true
864- name: rgw_s3_auth_use_keystone
865 type: bool
866 level: advanced
867 desc: Should S3 authentication use Keystone.
868 default: false
869 services:
870 - rgw
871 with_legacy: true
872- name: rgw_s3_auth_order
873 type: str
874 level: advanced
875 desc: Authentication strategy order to use for s3 authentication
876 long_desc: Order of authentication strategies to try for s3 authentication, the
877 allowed options are a comma separated list of engines external, local. The default
878 order is to try all the externally configured engines before attempting local
879 rados based authentication
880 default: sts, external, local
881 services:
882 - rgw
883 with_legacy: true
884- name: rgw_barbican_url
885 type: str
886 level: advanced
887 desc: URL to barbican server.
888 fmt_desc: The URL for the Barbican server.
889 services:
890 - rgw
891 with_legacy: true
892# OpenLDAP-style LDAP parameter strings
893- name: rgw_ldap_uri
894 type: str
895 level: advanced
896 desc: Space-separated list of LDAP servers in URI format.
897 default: ldaps://<ldap.your.domain>
898 services:
899 - rgw
900 with_legacy: true
901- name: rgw_ldap_binddn
902 type: str
903 level: advanced
904 desc: LDAP entry RGW will bind with (user match).
905 default: uid=admin,cn=users,dc=example,dc=com
906 services:
907 - rgw
908 with_legacy: true
909- name: rgw_ldap_searchdn
910 type: str
911 level: advanced
912 desc: LDAP search base (basedn).
913 default: cn=users,cn=accounts,dc=example,dc=com
914 services:
915 - rgw
916 with_legacy: true
917- name: rgw_ldap_dnattr
918 type: str
919 level: advanced
920 desc: LDAP attribute containing RGW user names (to form binddns).
921 default: uid
922 services:
923 - rgw
924 with_legacy: true
925- name: rgw_ldap_secret
926 type: str
927 level: advanced
928 desc: Path to file containing credentials for rgw_ldap_binddn.
929 default: /etc/openldap/secret
930 services:
931 - rgw
932 with_legacy: true
933- name: rgw_s3_auth_use_ldap
934 type: bool
935 level: advanced
936 desc: Should S3 authentication use LDAP.
937 default: false
938 services:
939 - rgw
940 with_legacy: true
941- name: rgw_ldap_searchfilter
942 type: str
943 level: advanced
944 desc: LDAP search filter.
945 services:
946 - rgw
947 with_legacy: true
948- name: rgw_opa_url
949 type: str
950 level: advanced
951 desc: URL to OPA server.
952 services:
953 - rgw
954 with_legacy: true
955- name: rgw_opa_token
956 type: str
957 level: advanced
958 desc: The Bearer token OPA uses to authenticate client requests.
959 services:
960 - rgw
961 with_legacy: true
962- name: rgw_opa_verify_ssl
963 type: bool
964 level: advanced
965 desc: Should RGW verify the OPA server SSL certificate.
966 default: true
967 services:
968 - rgw
969 with_legacy: true
970- name: rgw_use_opa_authz
971 type: bool
972 level: advanced
973 desc: Should OPA be used to authorize client requests.
974 default: false
975 services:
976 - rgw
977 with_legacy: true
978- name: rgw_admin_entry
979 type: str
980 level: advanced
981 desc: Path prefix to be used for accessing RGW RESTful admin API.
982 fmt_desc: The entry point for an admin request URL.
983 default: admin
984 services:
985 - rgw
986 with_legacy: true
987- name: rgw_enforce_swift_acls
988 type: bool
989 level: advanced
990 desc: RGW enforce swift acls
991 long_desc: Should RGW enforce special Swift-only ACLs. Swift has a special ACL that
992 gives permission to access all objects in a container.
993 fmt_desc: Enforces the Swift Access Control List (ACL) settings.
994 default: true
995 services:
996 - rgw
997 with_legacy: true
998- name: rgw_swift_token_expiration
999 type: int
1000 level: advanced
1001 desc: Expiration time (in seconds) for token generated through RGW Swift auth.
1002 fmt_desc: The time in seconds for expiring a Swift token.
1003 default: 1_day
1004 services:
1005 - rgw
1006 with_legacy: true
1007- name: rgw_print_continue
1008 type: bool
1009 level: advanced
1010 desc: RGW support of 100-continue
1011 long_desc: Should RGW explicitly send 100 (continue) responses. This is mainly relevant
1012 when using FastCGI, as some FastCGI modules do not fully support this feature.
1013 fmt_desc: Enable ``100-continue`` if it is operational.
1014 default: true
1015 services:
1016 - rgw
1017 with_legacy: true
1018- name: rgw_print_prohibited_content_length
1019 type: bool
1020 level: advanced
1021 desc: RGW RFC-7230 compatibility
1022 long_desc: Specifies whether RGW violates RFC 7230 and sends Content-Length with
1023 204 or 304 statuses.
1024 default: false
1025 services:
1026 - rgw
1027 with_legacy: true
1028- name: rgw_remote_addr_param
1029 type: str
1030 level: advanced
1031 desc: HTTP header that holds the remote address in incoming requests.
1032 long_desc: RGW will use this header to extract requests origin. When RGW runs behind
1033 a reverse proxy, the remote address header will point at the proxy's address and
1034 not at the originator's address. Therefore it is sometimes possible to have the
1035 proxy add the originator's address in a separate HTTP header, which will allow
1036 RGW to log it correctly.
1037 fmt_desc: The remote address parameter. For example, the HTTP field
1038 containing the remote address, or the ``X-Forwarded-For``
1039 address if a reverse proxy is operational.
1040 default: REMOTE_ADDR
1041 services:
1042 - rgw
1043 see_also:
1044 - rgw_enable_ops_log
1045 with_legacy: true
1046- name: rgw_op_thread_timeout
1047 type: int
1048 level: dev
1049 desc: Timeout for async rados coroutine operations.
1050 fmt_desc: The timeout in seconds for open threads.
1051 default: 10_min
1052 services:
1053 - rgw
1054 with_legacy: true
1055- name: rgw_op_thread_suicide_timeout
1056 type: int
1057 level: dev
1058 default: 0
1059 fmt_desc: The time ``timeout`` in seconds before a Ceph Object Gateway
1060 process dies. Disabled if set to ``0``.
1061 services:
1062 - rgw
1063 with_legacy: true
1064- name: rgw_thread_pool_size
1065 type: int
1066 level: basic
1067 desc: RGW requests handling thread pool size.
1068 long_desc: This parameter determines the number of concurrent requests RGW can process
1069 when using either the civetweb, or the fastcgi frontends. The higher this number
1070 is, RGW will be able to deal with more concurrent requests at the cost of more
1071 resource utilization.
1072 fmt_desc: The size of the thread pool.
1073 default: 512
1074 services:
1075 - rgw
1076 with_legacy: true
1077- name: rgw_num_control_oids
1078 type: int
1079 level: advanced
1080 desc: Number of control objects used for cross-RGW communication.
1081 long_desc: RGW uses certain control objects to send messages between different RGW
1082 processes running on the same zone. These messages include metadata cache invalidation
1083 info that is being sent when metadata is modified (such as user or bucket information).
1084 A higher number of control objects allows better concurrency of these messages,
1085 at the cost of more resource utilization.
1086 fmt_desc: The number of notification objects used for cache synchronization
1087 between different ``rgw`` instances.
1088 default: 8
1089 services:
1090 - rgw
1091 with_legacy: true
1092- name: rgw_verify_ssl
1093 type: bool
1094 level: advanced
1095 desc: Should RGW verify SSL when connecing to a remote HTTP server
1096 long_desc: RGW can send requests to other RGW servers (e.g., in multi-site sync
1097 work). This configurable selects whether RGW should verify the certificate for
1098 the remote peer and host.
1099 fmt_desc: Verify SSL certificates while making requests.
1100 default: true
1101 services:
1102 - rgw
1103 see_also:
1104 - rgw_keystone_verify_ssl
1105 with_legacy: true
1106# The following are tunables for caches of RGW NFS (and other file
1107# client) objects.
1108#
1109# The file handle cache is a partitioned hash table
1110# (fhcache_partitions), each with a closed hash part and backing
1111# b-tree mapping. The number of partions is expected to be a small
1112# prime, the cache size something larger but less than 5K, the total
1113# size of the cache is n_part * cache_size.
1114- name: rgw_nfs_lru_lanes
1115 type: int
1116 level: advanced
1117 default: 5
1118 services:
1119 - rgw
1120 with_legacy: true
1121- name: rgw_nfs_lru_lane_hiwat
1122 type: int
1123 level: advanced
1124 default: 911
1125 services:
1126 - rgw
1127 with_legacy: true
1128- name: rgw_nfs_fhcache_partitions
1129 type: int
1130 level: advanced
1131 default: 3
1132 services:
1133 - rgw
1134 with_legacy: true
1135- name: rgw_nfs_fhcache_size
1136 type: int
1137 level: advanced
1138 default: 2017
1139 services:
1140 - rgw
1141 with_legacy: true
1142- name: rgw_nfs_namespace_expire_secs
1143 type: int
1144 level: advanced
1145 default: 5_min
1146 services:
1147 - rgw
1148 min: 1
1149 with_legacy: true
1150- name: rgw_nfs_max_gc
1151 type: int
1152 level: advanced
1153 default: 5_min
1154 services:
1155 - rgw
1156 min: 1
1157 with_legacy: true
1158- name: rgw_nfs_write_completion_interval_s
1159 type: int
1160 level: advanced
1161 default: 10
1162 services:
1163 - rgw
1164 with_legacy: true
1165# use fast S3 attrs from bucket index--currently assumes NFS mounts are immutable
1166- name: rgw_nfs_s3_fast_attrs
1167 type: bool
1168 level: advanced
1169 desc: use fast S3 attrs from bucket index (immutable only)
1170 long_desc: use fast S3 attrs from bucket index (assumes NFS mounts are immutable)
1171 default: false
1172 services:
1173 - rgw
1174 with_legacy: true
1175# overrides for librgw/nfs
1176- name: rgw_nfs_run_gc_threads
1177 type: bool
1178 level: advanced
1179 desc: run GC threads in librgw (default off)
1180 default: false
1181 services:
1182 - rgw
1183 with_legacy: true
1184- name: rgw_nfs_run_lc_threads
1185 type: bool
1186 level: advanced
1187 desc: run lifecycle threads in librgw (default off)
1188 default: false
1189 services:
1190 - rgw
1191 with_legacy: true
1192- name: rgw_nfs_run_quota_threads
1193 type: bool
1194 level: advanced
1195 desc: run quota threads in librgw (default off)
1196 default: false
1197 services:
1198 - rgw
1199 with_legacy: true
1200- name: rgw_nfs_run_sync_thread
1201 type: bool
1202 level: advanced
1203 desc: run sync thread in librgw (default off)
1204 default: false
1205 services:
1206 - rgw
1207 with_legacy: true
1e59de90
TL		 1208- name: rgw_nfs_frontends
1209 type: str
1210 level: basic
1211 desc: RGW frontends configuration when running as librgw/nfs
1212 long_desc: A comma-delimited list of frontends configuration. Each configuration
1213 contains the type of the frontend followed by an optional space delimited set
1214 of key=value config parameters.
1215 fmt_desc: Configures the HTTP frontend(s). The configuration for multiple
1216 frontends can be provided in a comma-delimited list. Each frontend
1217 configuration may include a list of options separated by spaces,
1218 where each option is in the form "key=value" or "key". See
1219 `HTTP Frontends`_ for more on supported options.
1220 default: rgw-nfs
1221 services:
1222 - rgw
1223 with_legacy: true
1224 see_also:
1225 - rgw_frontends
20effc67
TL		 1226- name: rgw_rados_pool_autoscale_bias
1227 type: float
1228 level: advanced
1229 desc: pg_autoscale_bias value for RGW metadata (omap-heavy) pools
1230 default: 4
1231 services:
1232 - rgw
1233 min: 0.01
1234 max: 100000
20effc67
TL		 1235- name: rgw_rados_pool_recovery_priority
1236 type: uint
1237 level: advanced
1238 desc: recovery_priority value for RGW metadata (omap-heavy) pools
1239 default: 5
1240 services:
1241 - rgw
1242 min: -10
1243 max: 10
1244- name: rgw_zone
1245 type: str
1246 level: advanced
1247 desc: Zone name
1248 fmt_desc: The name of the zone for the gateway instance. If no zone is
1249 set, a cluster-wide default can be configured with the command
1250 ``radosgw-admin zone default``.
1251 services:
1252 - rgw
1253 see_also:
1254 - rgw_zonegroup
1255 - rgw_realm
1256 with_legacy: true
1257- name: rgw_zone_id
1258 type: str
1259 level: advanced
1260 desc: Zone ID
1261 services:
1262 - rgw
1263 see_also:
1264 - rgw_zone
1265 - rgw_zonegroup
1266 - rgw_realm
1267- name: rgw_zone_root_pool
1268 type: str
1269 level: advanced
1270 desc: Zone root pool name
1271 long_desc: The zone root pool, is the pool where the RGW zone configuration located.
1272 default: .rgw.root
1273 services:
1274 - rgw
1275 see_also:
1276 - rgw_zonegroup_root_pool
1277 - rgw_realm_root_pool
1278 - rgw_period_root_pool
1279 with_legacy: true
1280- name: rgw_default_zone_info_oid
1281 type: str
1282 level: advanced
1283 desc: Default zone info object id
1284 long_desc: Name of the RADOS object that holds the default zone information.
1285 default: default.zone
1286 services:
1287 - rgw
1288 with_legacy: true
1289- name: rgw_region
1290 type: str
1291 level: advanced
1292 desc: Region name
1293 long_desc: Obsolete config option. The rgw_zonegroup option should be used instead.
1294 services:
1295 - rgw
1296 see_also:
1297 - rgw_zonegroup
1298 with_legacy: true
1299- name: rgw_region_root_pool
1300 type: str
1301 level: advanced
1302 desc: Region root pool
1303 long_desc: Obsolete config option. The rgw_zonegroup_root_pool should be used instead.
1304 default: .rgw.root
1305 services:
1306 - rgw
1307 see_also:
1308 - rgw_zonegroup_root_pool
1309 with_legacy: true
1310- name: rgw_default_region_info_oid
1311 type: str
1312 level: advanced
1313 desc: Default region info object id
1314 long_desc: Obsolete config option. The rgw_default_zonegroup_info_oid should be
1315 used instead.
1316 default: default.region
1317 services:
1318 - rgw
1319 see_also:
1320 - rgw_default_zonegroup_info_oid
1321 with_legacy: true
1322- name: rgw_zonegroup
1323 type: str
1324 level: advanced
1325 desc: Zonegroup name
1326 fmt_desc: The name of the zonegroup for the gateway instance. If no
1327 zonegroup is set, a cluster-wide default can be configured with
1328 the command ``radosgw-admin zonegroup default``.
1329 services:
1330 - rgw
1331 see_also:
1332 - rgw_zone
1333 - rgw_realm
1334 with_legacy: true
1335- name: rgw_zonegroup_id
1336 type: str
1337 level: advanced
1338 desc: Zonegroup ID
1339 services:
1340 - rgw
1341 see_also:
1342 - rgw_zone
1343 - rgw_zonegroup
1344 - rgw_realm
1345- name: rgw_zonegroup_root_pool
1346 type: str
1347 level: advanced
1348 desc: Zonegroup root pool
1349 long_desc: The zonegroup root pool, is the pool where the RGW zonegroup configuration
1350 located.
1351 default: .rgw.root
1352 services:
1353 - rgw
1354 see_also:
1355 - rgw_zone_root_pool
1356 - rgw_realm_root_pool
1357 - rgw_period_root_pool
1358 with_legacy: true
1359- name: rgw_default_zonegroup_info_oid
1360 type: str
1361 level: advanced
1362 default: default.zonegroup
1363 services:
1364 - rgw
1365 with_legacy: true
1366- name: rgw_realm
1367 type: str
1368 level: advanced
1369 fmt_desc: The name of the realm for the gateway instance. If no realm is
1370 set, a cluster-wide default can be configured with the command
1371 ``radosgw-admin realm default``.
1372 services:
1373 - rgw
1374 with_legacy: true
1375- name: rgw_realm_id
1376 type: str
1377 level: advanced
1378 services:
1379 - rgw
1380- name: rgw_realm_root_pool
1381 type: str
1382 level: advanced
1383 desc: Realm root pool
1384 long_desc: The realm root pool, is the pool where the RGW realm configuration located.
1385 default: .rgw.root
1386 services:
1387 - rgw
1388 see_also:
1389 - rgw_zonegroup_root_pool
1390 - rgw_zone_root_pool
1391 - rgw_period_root_pool
1392 with_legacy: true
1393- name: rgw_default_realm_info_oid
1394 type: str
1395 level: advanced
1396 default: default.realm
1397 services:
1398 - rgw
1399 with_legacy: true
1400- name: rgw_period_root_pool
1401 type: str
1402 level: advanced
1403 desc: Period root pool
1404 long_desc: The period root pool, is the pool where the RGW period configuration
1405 located.
1406 default: .rgw.root
1407 services:
1408 - rgw
1409 see_also:
1410 - rgw_zonegroup_root_pool
1411 - rgw_zone_root_pool
1412 - rgw_realm_root_pool
1413 with_legacy: true
1414- name: rgw_period_latest_epoch_info_oid
1415 type: str
1416 level: dev
1417 default: .latest_epoch
1418 services:
1419 - rgw
1420 with_legacy: true
1421- name: rgw_log_nonexistent_bucket
1422 type: bool
1423 level: advanced
1424 desc: Should RGW log operations on bucket that does not exist
1425 long_desc: This config option applies to the ops log. When this option is set, the
1426 ops log will log operations that are sent to non existing buckets. These operations
1427 inherently fail, and do not correspond to a specific user.
1428 fmt_desc: Enables Ceph Object Gateway to log a request for a non-existent
1429 bucket.
1430 default: false
1431 services:
1432 - rgw
1433 see_also:
1434 - rgw_enable_ops_log
1435 with_legacy: true
1436# man date to see codes (a subset are supported)
1437- name: rgw_log_object_name
1438 type: str
1439 level: advanced
1440 desc: Ops log object name format
1441 long_desc: Defines the format of the RADOS objects names that ops log uses to store
1442 ops log data
1443 fmt_desc: The logging format for an object name. See ma npage
1444 :manpage:`date` for details about format specifiers.
1445 default: '%Y-%m-%d-%H-%i-%n'
1446 services:
1447 - rgw
1448 see_also:
1449 - rgw_enable_ops_log
1450 with_legacy: true
1451- name: rgw_log_object_name_utc
1452 type: bool
1453 level: advanced
1454 desc: Should ops log object name based on UTC
1455 long_desc: If set, the names of the RADOS objects that hold the ops log data will
1456 be based on UTC time zone. If not set, it will use the local time zone.
1457 fmt_desc: Whether a logged object name includes a UTC time.
1458 If ``false``, it uses the local time.
1459 default: false
1460 services:
1461 - rgw
1462 see_also:
1463 - rgw_enable_ops_log
1464 - rgw_log_object_name
1465 with_legacy: true
1466- name: rgw_usage_max_shards
1467 type: int
1468 level: advanced
1469 desc: Number of shards for usage log.
1470 long_desc: The number of RADOS objects that RGW will use in order to store the usage
1471 log data.
1472 fmt_desc: The maximum number of shards for usage logging.
1473 default: 32
1474 services:
1475 - rgw
1476 see_also:
1477 - rgw_enable_usage_log
1478 with_legacy: true
1479- name: rgw_usage_max_user_shards
1480 type: int
1481 level: advanced
1482 desc: Number of shards for single user in usage log
1483 long_desc: The number of shards that a single user will span over in the usage log.
1484 fmt_desc: The maximum number of shards used for a single user's
1485 usage logging.
1486 default: 1
1487 services:
1488 - rgw
1489 see_also:
1490 - rgw_enable_usage_log
1491 min: 1
1492 with_legacy: true
1493# enable logging every rgw operation
1494- name: rgw_enable_ops_log
1495 type: bool
1496 level: advanced
1497 desc: Enable ops log
1498 fmt_desc: Enable logging for each successful Ceph Object Gateway operation.
1499 default: false
1500 services:
1501 - rgw
1502 see_also:
1503 - rgw_log_nonexistent_bucket
1504 - rgw_log_object_name
1505 - rgw_ops_log_rados
1506 - rgw_ops_log_socket_path
1507 - rgw_ops_log_file_path
1508 with_legacy: true
1509# enable logging bandwidth usage
1510- name: rgw_enable_usage_log
1511 type: bool
1512 level: advanced
1513 desc: Enable the usage log
1514 default: false
1515 services:
1516 - rgw
1517 see_also:
1518 - rgw_usage_max_shards
1519 with_legacy: true
1520# whether ops log should go to rados
1521- name: rgw_ops_log_rados
1522 type: bool
1523 level: advanced
1524 desc: Use RADOS for ops log
1e59de90
TL		 1525 long_desc: If set, RGW will store ops log information in RADOS. WARNING,
1526 there is no automation to clean up these log entries, so by default they
1527 will pile up without bound. This MUST NOT be enabled unless the admin has
1528 a strategy to manage and trim these log entries with `radosgw-admin log rm`.
20effc67
TL		 1529 fmt_desc: Whether the operations log should be written to the
1530 Ceph Storage Cluster backend.
1e59de90 1531 default: false
20effc67
TL		 1532 services:
1533 - rgw
1534 see_also:
1535 - rgw_enable_ops_log
1e59de90
TL		 1536 - rgw_log_object_name_utc
1537 - rgw_log_object_name
20effc67
TL		 1538 with_legacy: true
1539# path to unix domain socket where ops log can go
1540- name: rgw_ops_log_socket_path
1541 type: str
1542 level: advanced
1543 desc: Unix domain socket path for ops log.
1544 long_desc: Path to unix domain socket that RGW will listen for connection on. When
1545 connected, RGW will send ops log data through it.
1546 fmt_desc: The Unix domain socket for writing operations logs.
1547 services:
1548 - rgw
1549 see_also:
1550 - rgw_enable_ops_log
1551 - rgw_ops_log_data_backlog
1552 with_legacy: true
1553# path to file where ops log can go
1554- name: rgw_ops_log_file_path
1555 type: str
1556 level: advanced
1557 desc: File-system path for ops log.
1e59de90
TL		 1558 long_desc: Path to file that RGW will log ops logs to. A cephadm deployment will automatically
1559 rotate these logs under /var/log/ceph/. Other deployments should arrange for similar log rotation.
20effc67 1560 fmt_desc: The file-system path for writing operations logs.
1e59de90 1561 daemon_default: /var/log/ceph/ops-log-$cluster-$name.log
20effc67
TL		 1562 services:
1563 - rgw
1564 see_also:
1565 - rgw_enable_ops_log
1566 with_legacy: true
1567# max data backlog for ops log
1568- name: rgw_ops_log_data_backlog
1569 type: size
1570 level: advanced
1571 desc: Ops log socket backlog
1572 long_desc: Maximum amount of data backlog that RGW can keep when ops log is configured
1573 to send info through unix domain socket. When data backlog is higher than this,
1574 ops log entries will be lost. In order to avoid ops log information loss, the
1575 listener needs to clear data (by reading it) quickly enough.
1576 fmt_desc: The maximum data backlog data size for operations logs written
1577 to a Unix domain socket.
1578 default: 5_M
1579 services:
1580 - rgw
1581 see_also:
1582 - rgw_enable_ops_log
1583 - rgw_ops_log_socket_path
1584 with_legacy: true
1585- name: rgw_usage_log_flush_threshold
1586 type: int
1587 level: advanced
1588 desc: Number of entries in usage log before flushing
1589 long_desc: This is the max number of entries that will be held in the usage log,
1590 before it will be flushed to the backend. Note that the usage log is periodically
1591 flushed, even if number of entries does not reach this threshold. A usage log
1592 entry corresponds to one or more operations on a single bucket.i
1593 fmt_desc: The number of dirty merged entries in the usage log before
1594 flushing synchronously.
1595 default: 1024
1596 services:
1597 - rgw
1598 see_also:
1599 - rgw_enable_usage_log
1600 - rgw_usage_log_tick_interval
1601 with_legacy: true
1602- name: rgw_usage_log_tick_interval
1603 type: int
1604 level: advanced
1605 desc: Number of seconds between usage log flush cycles
1606 long_desc: The number of seconds between consecutive usage log flushes. The usage
1607 log will also flush itself to the backend if the number of pending entries reaches
1608 a certain threshold.
1609 fmt_desc: Flush pending usage log data every ``n`` seconds.
1610 default: 30
1611 services:
1612 - rgw
1613 see_also:
1614 - rgw_enable_usage_log
1615 - rgw_usage_log_flush_threshold
1616 with_legacy: true
1617- name: rgw_init_timeout
1618 type: int
1619 level: basic
1620 desc: Initialization timeout
1621 long_desc: The time length (in seconds) that RGW will allow for its initialization.
1622 RGW process will give up and quit if initialization is not complete after this
1623 amount of time.
1624 fmt_desc: The number of seconds before Ceph Object Gateway gives up on
1625 initialization.
1626 default: 5_min
1627 services:
1628 - rgw
1629 with_legacy: true
1630- name: rgw_mime_types_file
1631 type: str
1632 level: basic
1633 desc: Path to local mime types file
1634 long_desc: The mime types file is needed in Swift when uploading an object. If object's
1635 content type is not specified, RGW will use data from this file to assign a content
1636 type to the object.
1637 fmt_desc: The path and location of the MIME-types file. Used for Swift
1638 auto-detection of object types.
1639 default: /etc/mime.types
1640 services:
1641 - rgw
1642 with_legacy: true
1643- name: rgw_gc_max_objs
1644 type: int
1645 level: advanced
1646 desc: Number of shards for garbage collector data
1647 long_desc: The number of garbage collector data shards, is the number of RADOS objects
1648 that RGW will use to store the garbage collection information on.
1649 fmt_desc: The maximum number of objects that may be handled by
1650 garbage collection in one garbage collection processing cycle.
1651 Please do not change this value after the first deployment.
1652 default: 32
1653 services:
1654 - rgw
1655 see_also:
1656 - rgw_gc_obj_min_wait
1657 - rgw_gc_processor_max_time
1658 - rgw_gc_processor_period
1659 - rgw_gc_max_concurrent_io
1660 with_legacy: true
1661# wait time before object may be handled by gc, recommended lower limit is 30 mins
1662- name: rgw_gc_obj_min_wait
1663 type: int
1664 level: advanced
1665 desc: Garbage collection object expiration time
1666 long_desc: The length of time (in seconds) that the RGW collector will wait before
1667 purging a deleted object's data. RGW will not remove object immediately, as object
1668 could still have readers. A mechanism exists to increase the object's expiration
1669 time when it's being read. The recommended value of its lower limit is 30 minutes
1670 fmt_desc: The minimum wait time before a deleted object may be removed
1671 and handled by garbage collection processing.
1672 default: 2_hr
1673 services:
1674 - rgw
1675 see_also:
1676 - rgw_gc_max_objs
1677 - rgw_gc_processor_max_time
1678 - rgw_gc_processor_period
1679 - rgw_gc_max_concurrent_io
1680 with_legacy: true
1681- name: rgw_gc_processor_max_time
1682 type: int
1683 level: advanced
1684 desc: Length of time GC processor can lease shard
1685 long_desc: Garbage collection thread in RGW process holds a lease on its data shards.
1686 These objects contain the information about the objects that need to be removed.
1687 RGW takes a lease in order to prevent multiple RGW processes from handling the
1688 same objects concurrently. This time signifies that maximum amount of time (in
1689 seconds) that RGW is allowed to hold that lease. In the case where RGW goes down
1690 uncleanly, this is the amount of time where processing of that data shard will
1691 be blocked.
1692 fmt_desc: The maximum time between the beginning of two consecutive garbage
1693 collection processing cycles.
1694 default: 1_hr
1695 services:
1696 - rgw
1697 see_also:
1698 - rgw_gc_max_objs
1699 - rgw_gc_obj_min_wait
1700 - rgw_gc_processor_period
1701 - rgw_gc_max_concurrent_io
1702 with_legacy: true
1703- name: rgw_gc_processor_period
1704 type: int
1705 level: advanced
1706 desc: Garbage collector cycle run time
1707 long_desc: The amount of time between the start of consecutive runs of the garbage
1708 collector threads. If garbage collector runs takes more than this period, it will
1709 not wait before running again.
1710 fmt_desc: The cycle time for garbage collection processing.
1711 default: 1_hr
1712 services:
1713 - rgw
1714 see_also:
1715 - rgw_gc_max_objs
1716 - rgw_gc_obj_min_wait
1717 - rgw_gc_processor_max_time
1718 - rgw_gc_max_concurrent_io
1719 - rgw_gc_max_trim_chunk
1720 with_legacy: true
1721- name: rgw_gc_max_concurrent_io
1722 type: int
1723 level: advanced
1724 desc: Max concurrent RADOS IO operations for garbage collection
1725 long_desc: The maximum number of concurrent IO operations that the RGW garbage collection
1726 thread will use when purging old data.
1727 default: 10
1728 services:
1729 - rgw
1730 see_also:
1731 - rgw_gc_max_objs
1732 - rgw_gc_obj_min_wait
1733 - rgw_gc_processor_max_time
1734 - rgw_gc_max_trim_chunk
1735 with_legacy: true
1736- name: rgw_gc_max_trim_chunk
1737 type: int
1738 level: advanced
1739 desc: Max number of keys to remove from garbage collector log in a single operation
1740 default: 16
1741 services:
1742 - rgw
1743 see_also:
1744 - rgw_gc_max_objs
1745 - rgw_gc_obj_min_wait
1746 - rgw_gc_processor_max_time
1747 - rgw_gc_max_concurrent_io
1748 with_legacy: true
1749- name: rgw_gc_max_deferred_entries_size
1750 type: uint
1751 level: advanced
1752 desc: maximum allowed size of deferred entries in queue head for gc
1753 default: 3_K
1754 services:
1755 - rgw
1756 with_legacy: true
1757- name: rgw_gc_max_queue_size
1758 type: uint
1759 level: advanced
1760 desc: Maximum allowed queue size for gc
1761 long_desc: The maximum allowed size of each gc queue, and its value should not be
1762 greater than (osd_max_object_size - rgw_gc_max_deferred_entries_size - 1K).
1763 default: 131068_K
1764 services:
1765 - rgw
1766 see_also:
1767 - osd_max_object_size
1768 - rgw_gc_max_deferred_entries_size
1769 with_legacy: true
1770- name: rgw_gc_max_deferred
1771 type: uint
1772 level: advanced
1773 desc: Number of maximum deferred data entries to be stored in queue for gc
1774 default: 50
1775 services:
1776 - rgw
1777 with_legacy: true
1778- name: rgw_s3_success_create_obj_status
1779 type: int
1780 level: advanced
1781 desc: HTTP return code override for object creation
1782 long_desc: If not zero, this is the HTTP return code that will be returned on a
1783 successful S3 object creation.
1784 fmt_desc: The alternate success status response for ``create-obj``.
1785 default: 0
1786 services:
1787 - rgw
1788 with_legacy: true
1789- name: rgw_s3_client_max_sig_ver
1790 type: int
1791 level: advanced
1792 desc: Max S3 authentication signature version
1793 long_desc: If greater than zero, would force max signature version to use
1794 default: -1
1795 services:
1796 - rgw
1797- name: rgw_resolve_cname
1798 type: bool
1799 level: advanced
1800 desc: Support vanity domain names via CNAME
1801 long_desc: If true, RGW will query DNS when detecting that it's serving a request
1802 that was sent to a host in another domain. If a CNAME record is configured for
1803 that domain it will use it instead. This gives user to have the ability of creating
1804 a unique domain of their own to point at data in their bucket.
1805 fmt_desc: Whether ``rgw`` should use DNS CNAME record of the request
1806 hostname field (if hostname is not equal to ``rgw dns name``).
1807 default: false
1808 services:
1809 - rgw
1810 with_legacy: true
1811- name: rgw_obj_stripe_size
1812 type: size
1813 level: advanced
1814 desc: RGW object stripe size
1815 long_desc: The size of an object stripe for RGW objects. This is the maximum size
1816 a backing RADOS object will have. RGW objects that are larger than this will span
1817 over multiple objects.
1818 fmt_desc: The size of an object stripe for Ceph Object Gateway objects.
1819 See `Architecture`_ for details on striping.
1820 default: 4_M
1821 services:
1822 - rgw
1823 with_legacy: true
1824# list of extended attrs that can be set on objects (beyond the default)
1825- name: rgw_extended_http_attrs
1826 type: str
1827 level: advanced
1828 desc: RGW support extended HTTP attrs
1829 long_desc: Add new set of attributes that could be set on an object. These extra
1830 attributes can be set through HTTP header fields when putting the objects. If
1831 set, these attributes will return as HTTP fields when doing GET/HEAD on the object.
1832 fmt_desc: Add new set of attributes that could be set on an entity
1833 (user, bucket or object). These extra attributes can be set
1834 through HTTP header fields when putting the entity or modifying
1835 it using POST method. If set, these attributes will return as
1836 HTTP fields when doing GET/HEAD on the entity.
1837 services:
1838 - rgw
1839 example: content_foo, content_bar, x-foo-bar
1840 with_legacy: true
1841- name: rgw_exit_timeout_secs
1842 type: int
1843 level: advanced
1844 desc: RGW shutdown timeout
1845 long_desc: Number of seconds to wait for a process before exiting unconditionally.
1846 default: 2_min
1847 services:
1848 - rgw
1849 with_legacy: true
1850- name: rgw_get_obj_window_size
1851 type: size
1852 level: advanced
1853 desc: RGW object read window size
1854 long_desc: The window size in bytes for a single object read request
1855 default: 16_M
1856 services:
1857 - rgw
1858 with_legacy: true
1859- name: rgw_get_obj_max_req_size
1860 type: size
1861 level: advanced
1862 desc: RGW object read chunk size
1863 long_desc: The maximum request size of a single object read operation sent to RADOS
1864 fmt_desc: The maximum request size of a single get operation sent to the
1865 Ceph Storage Cluster.
1866 default: 4_M
1867 services:
1868 - rgw
1869 with_legacy: true
1870- name: rgw_relaxed_s3_bucket_names
1871 type: bool
1872 level: advanced
1873 desc: RGW enable relaxed S3 bucket names
1874 long_desc: RGW enable relaxed S3 bucket name rules for US region buckets.
1875 fmt_desc: Enables relaxed S3 bucket names rules for US region buckets.
1876 default: false
1877 services:
1878 - rgw
1879 with_legacy: true
1880- name: rgw_defer_to_bucket_acls
1881 type: str
1882 level: advanced
1883 desc: Bucket ACLs override object ACLs
1884 long_desc: If not empty, a string that selects that mode of operation. 'recurse'
1e59de90 1885 will use bucket's ACL for the authorization. 'full-control' will allow users that
20effc67
TL		 1886 users that have full control permission on the bucket have access to the object.
1887 services:
1888 - rgw
1889 with_legacy: true
1890- name: rgw_list_buckets_max_chunk
1891 type: int
1892 level: advanced
1893 desc: Max number of buckets to retrieve in a single listing operation
1894 long_desc: When RGW fetches lists of user's buckets from the backend, this is the
1895 max number of entries it will try to retrieve in a single operation. Note that
1896 the backend may choose to return a smaller number of entries.
1897 fmt_desc: The maximum number of buckets to retrieve in a single operation
1898 when listing user buckets.
1899 default: 1000
1900 services:
1901 - rgw
1902 with_legacy: true
1903- name: rgw_md_log_max_shards
1904 type: int
1905 level: advanced
1906 desc: RGW number of metadata log shards
1907 long_desc: The number of shards the RGW metadata log entries will reside in. This
1908 affects the metadata sync parallelism as a shard can only be processed by a single
1909 RGW at a time
1910 fmt_desc: The maximum number of shards for the metadata log.
1911 default: 64
1912 services:
1913 - rgw
1914 with_legacy: true
1915- name: rgw_curl_buffersize
1916 type: int
1917 level: dev
1918 long_desc: 'Pass a long specifying your preferred size (in bytes) for the receivebuffer
1919 in libcurl. See: https://curl.se/libcurl/c/CURLOPT_BUFFERSIZE.html'
1920 default: 524288
1921 services:
1922 - rgw
1923 min: 1024
1924 max: 524288
1925 with_legacy: true
1926- name: rgw_curl_wait_timeout_ms
1927 type: int
1928 level: dev
1929 default: 1000
1930 fmt_desc: The timeout in milliseconds for certain ``curl`` calls.
1931 services:
1932 - rgw
1933 with_legacy: true
1934- name: rgw_curl_low_speed_limit
1935 type: int
1936 level: advanced
1937 long_desc: It contains the average transfer speed in bytes per second that the transfer
1938 should be below during rgw_curl_low_speed_time seconds for libcurl to consider
1939 it to be too slow and abort. Set it zero to disable this.
1940 default: 1024
1941 services:
1942 - rgw
1943 with_legacy: true
1944- name: rgw_curl_low_speed_time
1945 type: int
1946 level: advanced
1947 long_desc: It contains the time in number seconds that the transfer speed should
1948 be below the rgw_curl_low_speed_limit for the library to consider it too slow
1949 and abort. Set it zero to disable this.
1950 default: 5_min
1951 services:
1952 - rgw
1953 with_legacy: true
1e59de90
TL		 1954- name: rgw_curl_tcp_keepalive
1955 type: int
1956 level: advanced
1957 long_desc: Enable TCP keepalive on the HTTP client sockets managed by libcurl. This does not apply to connections received by the HTTP frontend, but only to HTTP requests sent by radosgw. Examples include requests to Keystone for authentication, sync requests from multisite, and requests to key management servers for SSE.
1958 enum_values:
1959 - 0
1960 - 1
1961 default: 0
1962 services:
1963 - rgw
1964 with_legacy: true
20effc67
TL		 1965- name: rgw_copy_obj_progress
1966 type: bool
1967 level: advanced
1968 desc: Send progress report through copy operation
1969 long_desc: If true, RGW will send progress information when copy operation is executed.
1970 fmt_desc: Enables output of object progress during long copy operations.
1971 default: true
1972 services:
1973 - rgw
1974 with_legacy: true
1975- name: rgw_copy_obj_progress_every_bytes
1976 type: size
1977 level: advanced
1978 desc: Send copy-object progress info after these many bytes
1979 fmt_desc: The minimum bytes between copy progress output.
1980 default: 1_M
1981 services:
1982 - rgw
1983 with_legacy: true
1e59de90
TL		 1984- name: rgw_max_copy_obj_concurrent_io
1985 type: int
1986 level: advanced
1987 desc: Number of refcount operations to process concurrently when executing copy_obj
1988 default: 10
1989 services:
1990 - rgw
1991 with_legacy: true
20effc67
TL		 1992- name: rgw_sync_obj_etag_verify
1993 type: bool
1994 level: advanced
1995 desc: Verify if the object copied from remote is identical to its source
1996 long_desc: If true, this option computes the MD5 checksum of the data which is written
1997 at the destination and checks if it is identical to the ETAG stored in the source.
1998 It ensures integrity of the objects fetched from a remote server over HTTP including
1999 multisite sync.
2000 default: false
2001 services:
2002 - rgw
2003 with_legacy: true
2004- name: rgw_obj_tombstone_cache_size
2005 type: int
2006 level: advanced
2007 desc: Max number of entries to keep in tombstone cache
2008 long_desc: The tombstone cache is used when doing a multi-zone data sync. RGW keeps
2009 there information about removed objects which is needed in order to prevent re-syncing
2010 of objects that were already removed.
2011 default: 1000
2012 services:
2013 - rgw
2014 with_legacy: true
2015- name: rgw_data_log_window
2016 type: int
2017 level: advanced
2018 desc: Data log time window
2019 long_desc: The data log keeps information about buckets that have objectst that
2020 were modified within a specific timeframe. The sync process then knows which buckets
2021 are needed to be scanned for data sync.
2022 fmt_desc: The data log entries window in seconds.
2023 default: 30
2024 services:
2025 - rgw
2026 with_legacy: true
2027- name: rgw_data_log_changes_size
2028 type: int
2029 level: dev
2030 desc: Max size of pending changes in data log
2031 long_desc: RGW will trigger update to the data log if the number of pending entries
2032 reached this number.
2033 fmt_dsec: The number of in-memory entries to hold for the data changes log.
2034 default: 1000
2035 services:
2036 - rgw
2037 with_legacy: true
2038- name: rgw_data_log_num_shards
2039 type: int
2040 level: advanced
2041 desc: Number of data log shards
2042 long_desc: The number of shards the RGW data log entries will reside in. This affects
2043 the data sync parallelism as a shard can only be processed by a single RGW at
2044 a time.
2045 fmt_desc: The number of shards (objects) on which to keep the
2046 data changes log.
2047 default: 128
2048 services:
2049 - rgw
2050 with_legacy: true
2051- name: rgw_data_log_obj_prefix
2052 type: str
2053 level: dev
2054 default: data_log
2055 fmt_desc: The object name prefix for the data log.
2056 services:
2057 - rgw
2058 with_legacy: true
1e59de90
TL		 2059- name: rgw_data_sync_poll_interval
2060 type: int
2061 level: dev
2062 default: 20
2063 fmt_desc: Once multisite's incremental sync of a datalog shard is caught up
2064 with its source, it will wait this long (in seconds) before polling for
2065 more changes.
2066 services:
2067 - rgw
2068 see_also:
2069 - rgw_meta_sync_poll_interval
2070 with_legacy: true
2071- name: rgw_meta_sync_poll_interval
2072 type: int
2073 level: dev
2074 default: 20
2075 fmt_desc: Once multisite's incremental sync of a mdlog shard is caught up
2076 with its source, it will wait this long (in seconds) before polling for
2077 more changes.
2078 services:
2079 - rgw
2080 see_also:
2081 - rgw_data_sync_poll_interval
2082 with_legacy: true
2083- name: rgw_bucket_sync_spawn_window
2084 type: int
2085 level: dev
2086 default: 20
2087 fmt_desc: The maximum number of items that bucket sync is willing to
2088 process in parallel (per remote bilog shard).
2089 services:
2090 - rgw
2091 see_also:
2092 - rgw_data_sync_spawn_window
2093 - rgw_meta_sync_spawn_window
2094 with_legacy: true
2095- name: rgw_data_sync_spawn_window
2096 type: int
2097 level: dev
2098 default: 20
2099 fmt_desc: The maximum number of items that data sync is willing to
2100 process in parallel (per remote datalog shard).
2101 services:
2102 - rgw
2103 see_also:
2104 - rgw_bucket_sync_spawn_window
2105 - rgw_meta_sync_spawn_window
2106 with_legacy: true
2107- name: rgw_meta_sync_spawn_window
2108 type: int
2109 level: dev
2110 default: 20
2111 fmt_desc: The maximum number of items that metadata sync is willing to
2112 process in parallel (per remote mdlog shard).
2113 services:
2114 - rgw
2115 see_also:
2116 - rgw_bucket_sync_spawn_window
2117 - rgw_data_sync_spawn_window
2118 with_legacy: true
20effc67
TL		 2119- name: rgw_bucket_quota_ttl
2120 type: int
2121 level: advanced
2122 desc: Bucket quota stats cache TTL
2123 long_desc: Length of time for bucket stats to be cached within RGW instance.
2124 fmt_desc: The amount of time in seconds cached quota information is
2125 trusted. After this timeout, the quota information will be
2126 re-fetched from the cluster.
2127 default: 10_min
2128 services:
2129 - rgw
2130 with_legacy: true
2131- name: rgw_bucket_quota_cache_size
2132 type: int
2133 level: advanced
2134 desc: RGW quota stats cache size
2135 long_desc: Maximum number of entries in the quota stats cache.
2136 default: 10000
2137 services:
2138 - rgw
2139 with_legacy: true
2140- name: rgw_bucket_default_quota_max_objects
2141 type: int
2142 level: basic
2143 desc: Default quota for max objects in a bucket
2144 long_desc: The default quota configuration for max number of objects in a bucket.
2145 A negative number means 'unlimited'.
2146 fmt_desc: Default max number of objects per bucket. Set on new users,
2147 if no other quota is specified. Has no effect on existing users.
2148 This variable should be set in the client or global sections
2149 so that it is automatically applied to radosgw-admin commands.
2150 default: -1
2151 services:
2152 - rgw
2153 with_legacy: true
2154- name: rgw_bucket_default_quota_max_size
2155 type: int
2156 level: advanced
2157 desc: Default quota for total size in a bucket
2158 long_desc: The default quota configuration for total size of objects in a bucket.
2159 A negative number means 'unlimited'.
2160 fmt_desc: Default max capacity per bucket, in bytes. Set on new users,
2161 if no other quota is specified. Has no effect on existing users.
2162 default: -1
2163 services:
2164 - rgw
2165 with_legacy: true
2166- name: rgw_expose_bucket
2167 type: bool
2168 level: advanced
2169 desc: Send Bucket HTTP header with the response
2170 long_desc: If true, RGW will send a Bucket HTTP header with the responses. The header
2171 will contain the name of the bucket the operation happened on.
2172 default: false
2173 services:
2174 - rgw
2175 with_legacy: true
2176- name: rgw_frontends
2177 type: str
2178 level: basic
2179 desc: RGW frontends configuration
2180 long_desc: A comma delimited list of frontends configuration. Each configuration
2181 contains the type of the frontend followed by an optional space delimited set
2182 of key=value config parameters.
2183 fmt_desc: Configures the HTTP frontend(s). The configuration for multiple
2184 frontends can be provided in a comma-delimited list. Each frontend
2185 configuration may include a list of options separated by spaces,
2186 where each option is in the form "key=value" or "key". See
2187 `HTTP Frontends`_ for more on supported options.
2188 default: beast port=7480
2189 services:
2190 - rgw
2191 with_legacy: true
2192- name: rgw_frontend_defaults
2193 type: str
2194 level: advanced
2195 desc: RGW frontends default configuration
2196 long_desc: A comma delimited list of default frontends configuration.
2197 default: beast ssl_certificate=config://rgw/cert/$realm/$zone.crt ssl_private_key=config://rgw/cert/$realm/$zone.key
2198 services:
2199 - rgw
2200- name: rgw_beast_enable_async
2201 type: bool
2202 level: dev
2203 desc: Enable async request processing under beast using coroutines
2204 long_desc: When enabled, the beast frontend will process requests using
2205 coroutines, allowing the concurrent processing of several requests on the
2206 same thread. When disabled, the number of concurrent requests will be
2207 limited by the thread count, but debugging and tracing the synchronous
2208 calls can be easier.
2209 default: true
2210 services:
2211 - rgw
2212 with_legacy: true
2213- name: rgw_user_quota_bucket_sync_interval
2214 type: int
2215 level: advanced
2216 desc: User quota bucket sync interval
2217 long_desc: Time period for accumulating modified buckets before syncing these stats.
2218 fmt_desc: The amount of time in seconds bucket quota information is
2219 accumulated before syncing to the cluster. During this time,
2220 other RGW instances will not see the changes in bucket quota
2221 stats from operations on this instance.
2222 default: 3_min
2223 services:
2224 - rgw
2225 with_legacy: true
2226- name: rgw_user_quota_sync_interval
2227 type: int
2228 level: advanced
2229 desc: User quota sync interval
2230 long_desc: Time period for accumulating modified buckets before syncing entire user
2231 stats.
2232 fmt_desc: The amount of time in seconds user quota information is
2233 accumulated before syncing to the cluster. During this time,
2234 other RGW instances will not see the changes in user quota stats
2235 from operations on this instance.
2236 default: 1_day
2237 services:
2238 - rgw
2239 with_legacy: true
2240- name: rgw_user_quota_sync_idle_users
2241 type: bool
2242 level: advanced
2243 desc: Should sync idle users quota
2244 long_desc: Whether stats for idle users be fully synced.
2245 default: false
2246 services:
2247 - rgw
2248 with_legacy: true
2249- name: rgw_user_quota_sync_wait_time
2250 type: int
2251 level: advanced
2252 desc: User quota full-sync wait time
2253 long_desc: Minimum time between two full stats sync for non-idle users.
2254 default: 1_day
2255 services:
2256 - rgw
2257 with_legacy: true
2258- name: rgw_user_default_quota_max_objects
2259 type: int
2260 level: basic
2261 desc: User quota max objects
2262 long_desc: The default quota configuration for total number of objects for a single
2263 user. A negative number means 'unlimited'.
2264 fmt_desc: Default max number of objects for a user. This includes all
2265 objects in all buckets owned by the user. Set on new users,
2266 if no other quota is specified. Has no effect on existing users.
2267 default: -1
2268 services:
2269 - rgw
2270 with_legacy: true
2271- name: rgw_user_default_quota_max_size
2272 type: int
2273 level: basic
2274 desc: User quota max size
2275 long_desc: The default quota configuration for total size of objects for a single
2276 user. A negative number means 'unlimited'.
2277 fmt_desc: The value for user max size quota in bytes set on new users,
2278 if no other quota is specified. Has no effect on existing users.
2279 default: -1
2280 services:
2281 - rgw
2282 with_legacy: true
2283- name: rgw_multipart_min_part_size
2284 type: size
2285 level: advanced
2286 desc: Minimum S3 multipart-upload part size
2287 long_desc: When doing a multipart upload, each part (other than the last part) must
2288 be at least this size.
2289 default: 5_M
2290 services:
2291 - rgw
2292 with_legacy: true
2293- name: rgw_multipart_part_upload_limit
2294 type: int
2295 level: advanced
2296 desc: Max number of parts in multipart upload
2297 default: 10000
2298 services:
2299 - rgw
2300 with_legacy: true
2301- name: rgw_max_slo_entries
2302 type: int
2303 level: advanced
2304 desc: Max number of entries in Swift Static Large Object manifest
2305 default: 1000
2306 services:
2307 - rgw
2308 with_legacy: true
2309- name: rgw_olh_pending_timeout_sec
2310 type: int
2311 level: dev
2312 desc: Max time for pending OLH change to complete
2313 long_desc: OLH is a versioned object's logical head. Operations on it are journaled
2314 and as pending before completion. If an operation doesn't complete with this amount
2315 of seconds, we remove the operation from the journal.
2316 default: 1_hr
2317 services:
2318 - rgw
2319 with_legacy: true
2320- name: rgw_user_max_buckets
2321 type: int
2322 level: basic
2323 desc: Max number of buckets per user
2324 long_desc: A user can create at most this number of buckets. Zero means no limit;
2325 a negative value means users cannot create any new buckets, although users will
2326 retain buckets already created.
2327 default: 1000
2328 services:
2329 - rgw
2330 with_legacy: true
2331- name: rgw_objexp_gc_interval
2332 type: uint
2333 level: advanced
2334 desc: Swift objects expirer garbage collector interval
2335 default: 600
2336 services:
2337 - rgw
2338 with_legacy: true
2339- name: rgw_objexp_hints_num_shards
2340 type: uint
2341 level: advanced
2342 desc: Number of object expirer data shards
2343 long_desc: The number of shards the (Swift) object expirer will store its data on.
2344 default: 127
2345 services:
2346 - rgw
2347 with_legacy: true
2348# maximum number of entries in a single operation when processing objexp data
2349- name: rgw_objexp_chunk_size
2350 type: uint
2351 level: dev
2352 default: 100
2353 services:
2354 - rgw
2355 with_legacy: true
2356- name: rgw_enable_static_website
2357 type: bool
2358 level: basic
2359 desc: Enable static website APIs
2360 long_desc: This configurable controls whether RGW handles the website control APIs.
2361 RGW can server static websites if s3website hostnames are configured, and unrelated
2362 to this configurable.
2363 default: false
2364 services:
2365 - rgw
2366 with_legacy: true
2367- name: rgw_user_unique_email
2368 type: bool
2369 level: basic
2370 desc: Require local RGW users to have unique email addresses
2371 long_desc: Enforce builtin user accounts to have unique email addresses. This setting
2372 is historical. In future, non-enforcement of email address uniqueness is likely
2373 to become the default.
2374 default: true
2375 services:
2376 - rgw
2377- name: rgw_log_http_headers
2378 type: str
2379 level: basic
2380 desc: List of HTTP headers to log
2381 long_desc: A comma delimited list of HTTP headers to log when seen, ignores case
2382 (e.g., http_x_forwarded_for).
2383 fmt_desc: Comma-delimited list of HTTP headers to include with ops
2384 log entries. Header names are case insensitive, and use
2385 the full header name with words separated by underscores.
2386 example: http_x_forwarded_for, http_x_special_k
2387 services:
2388 - rgw
2389 with_legacy: true
2390- name: rgw_num_async_rados_threads
2391 type: int
2392 level: advanced
2393 desc: Number of concurrent RADOS operations in multisite sync
2394 long_desc: The number of concurrent RADOS IO operations that will be triggered for
2395 handling multisite sync operations. This includes control related work, and not
2396 the actual sync operations.
2397 default: 32
2398 services:
2399 - rgw
2400 with_legacy: true
2401- name: rgw_md_notify_interval_msec
2402 type: int
2403 level: advanced
2404 desc: Length of time to aggregate metadata changes
2405 long_desc: Length of time (in milliseconds) in which the master zone aggregates
2406 all the metadata changes that occurred, before sending notifications to all the
2407 other zones.
2408 default: 200
2409 services:
2410 - rgw
2411 with_legacy: true
2412- name: rgw_run_sync_thread
2413 type: bool
2414 level: advanced
2415 desc: Should run sync thread
2416 fmt_desc: If there are other zones in the realm to sync from, spawn threads
2417 to handle the sync of data and metadata.
2418 default: true
2419 services:
2420 - rgw
2421 with_legacy: true
2422- name: rgw_sync_lease_period
2423 type: int
2424 level: dev
2425 default: 2_min
2426 services:
2427 - rgw
2428 with_legacy: true
2429- name: rgw_sync_log_trim_interval
2430 type: int
2431 level: advanced
2432 desc: Sync log trim interval
2433 long_desc: Time in seconds between attempts to trim sync logs.
2434 default: 20_min
2435 services:
2436 - rgw
2437 with_legacy: true
2438- name: rgw_sync_log_trim_max_buckets
2439 type: int
2440 level: advanced
2441 desc: Maximum number of buckets to trim per interval
2442 long_desc: The maximum number of buckets to consider for bucket index log trimming
2443 each trim interval, regardless of the number of bucket index shards. Priority
2444 is given to buckets with the most sync activity over the last trim interval.
2445 default: 16
2446 services:
2447 - rgw
2448 see_also:
2449 - rgw_sync_log_trim_interval
2450 - rgw_sync_log_trim_min_cold_buckets
2451 - rgw_sync_log_trim_concurrent_buckets
2452- name: rgw_sync_log_trim_min_cold_buckets
2453 type: int
2454 level: advanced
2455 desc: Minimum number of cold buckets to trim per interval
2456 long_desc: Of the `rgw_sync_log_trim_max_buckets` selected for bucket index log
2457 trimming each trim interval, at least this many of them must be 'cold' buckets.
2458 These buckets are selected in order from the list of all bucket instances, to
2459 guarantee that all buckets will be visited eventually.
2460 default: 4
2461 services:
2462 - rgw
2463 see_also:
2464 - rgw_sync_log_trim_interval
2465 - rgw_sync_log_trim_max_buckets
2466 - rgw_sync_log_trim_concurrent_buckets
2467- name: rgw_sync_log_trim_concurrent_buckets
2468 type: int
2469 level: advanced
2470 desc: Maximum number of buckets to trim in parallel
2471 default: 4
2472 services:
2473 - rgw
2474 see_also:
2475 - rgw_sync_log_trim_interval
2476 - rgw_sync_log_trim_max_buckets
2477 - rgw_sync_log_trim_min_cold_buckets
2478- name: rgw_sync_data_inject_err_probability
2479 type: float
2480 level: dev
2481 default: 0
2482 services:
2483 - rgw
2484 with_legacy: true
2485- name: rgw_sync_meta_inject_err_probability
2486 type: float
2487 level: dev
2488 default: 0
2489 services:
2490 - rgw
2491 with_legacy: true
1e59de90
TL		 2492- name: rgw_sync_data_full_inject_err_probability
2493 type: float
2494 level: dev
2495 default: 0
2496 services:
2497 - rgw
2498 with_legacy: true
20effc67
TL		 2499- name: rgw_sync_trace_history_size
2500 type: size
2501 level: advanced
2502 desc: Sync trace history size
2503 long_desc: Maximum number of complete sync trace entries to keep.
2504 default: 4_K
2505 services:
2506 - rgw
2507 with_legacy: true
2508- name: rgw_sync_trace_per_node_log_size
2509 type: int
2510 level: advanced
2511 desc: Sync trace per-node log size
2512 long_desc: The number of log entries to keep per sync-trace node.
2513 default: 32
2514 services:
2515 - rgw
2516 with_legacy: true
2517- name: rgw_sync_trace_servicemap_update_interval
2518 type: int
2519 level: advanced
2520 desc: Sync-trace service-map update interval
2521 long_desc: Number of seconds between service-map updates of sync-trace events.
2522 default: 10
2523 services:
2524 - rgw
2525 with_legacy: true
2526- name: rgw_period_push_interval
2527 type: float
2528 level: advanced
2529 desc: Period push interval
2530 long_desc: Number of seconds to wait before retrying 'period push' operation.
2531 default: 2
2532 services:
2533 - rgw
2534 with_legacy: true
2535- name: rgw_period_push_interval_max
2536 type: float
2537 level: advanced
2538 desc: Period push maximum interval
2539 long_desc: The max number of seconds to wait before retrying 'period push' after
2540 exponential backoff.
2541 default: 30
2542 services:
2543 - rgw
2544 with_legacy: true
2545- name: rgw_safe_max_objects_per_shard
2546 type: int
2547 level: advanced
2548 desc: Safe number of objects per shard
2549 long_desc: This is the max number of objects per bucket index shard that RGW considers
2550 safe. RGW will warn if it identifies a bucket where its per-shard count is higher
2551 than a percentage of this number.
2552 default: 102400
2553 services:
2554 - rgw
2555 see_also:
2556 - rgw_shard_warning_threshold
2557 with_legacy: true
2558# pct of safe max at which to warn
2559- name: rgw_shard_warning_threshold
2560 type: float
2561 level: advanced
2562 desc: Warn about max objects per shard
2563 long_desc: Warn if number of objects per shard in a specific bucket passed this
2564 percentage of the safe number.
2565 default: 90
2566 services:
2567 - rgw
2568 see_also:
2569 - rgw_safe_max_objects_per_shard
2570 with_legacy: true
2571- name: rgw_swift_versioning_enabled
2572 type: bool
2573 level: advanced
2574 desc: Enable Swift versioning
2575 fmt_desc: |
2576 Enables the Object Versioning of OpenStack Object Storage API.
2577 This allows clients to put the ``X-Versions-Location`` attribute
2578 on containers that should be versioned. The attribute specifies
2579 the name of container storing archived versions. It must be owned
2580 by the same user that the versioned container due to access
2581 control verification - ACLs are NOT taken into consideration.
2582 Those containers cannot be versioned by the S3 object versioning
2583 mechanism.
2584
2585 A slightly different attribute, ``X-History-Location``, which is also understood by
2586 `OpenStack Swift <https://docs.openstack.org/swift/latest/api/object_versioning.html>`_
2587 for handling ``DELETE`` operations, is currently not supported.
2588 default: false
2589 services:
2590 - rgw
2591 with_legacy: true
2592- name: rgw_swift_custom_header
2593 type: str
2594 level: advanced
2595 desc: Enable swift custom header
2596 long_desc: If not empty, specifies a name of HTTP header that can include custom
2597 data. When uploading an object, if this header is passed RGW will store this header
2598 info and it will be available when listing the bucket.
2599 services:
2600 - rgw
2601 with_legacy: true
2602- name: rgw_swift_need_stats
2603 type: bool
2604 level: advanced
2605 desc: Enable stats on bucket listing in Swift
2606 default: true
2607 services:
2608 - rgw
2609 with_legacy: true
2610- name: rgw_reshard_num_logs
2611 type: uint
2612 level: advanced
2613 default: 16
2614 services:
2615 - rgw
2616 - rgw
2617 min: 1
2618- name: rgw_reshard_bucket_lock_duration
2619 type: uint
2620 level: advanced
2621 desc: Number of seconds the timeout on the reshard locks (bucket reshard lock and
2622 reshard log lock) are set to. As a reshard proceeds these locks can be renewed/extended.
2623 If too short, reshards cannot complete and will fail, causing a future reshard
2624 attempt. If too long a hung or crashed reshard attempt will keep the bucket locked
2625 for an extended period, not allowing RGW to detect the failed reshard attempt
2626 and recover.
2627 default: 360
2628 tags:
2629 - performance
2630 services:
2631 - rgw
2632 - rgw
2633 min: 30
2634- name: rgw_reshard_batch_size
2635 type: uint
2636 level: advanced
2637 desc: Number of reshard entries to batch together before sending the operations
2638 to the CLS back-end
2639 default: 64
2640 tags:
2641 - performance
2642 services:
2643 - rgw
2644 - rgw
2645 min: 8
2646- name: rgw_reshard_max_aio
2647 type: uint
2648 level: advanced
2649 desc: Maximum number of outstanding asynchronous I/O operations to allow at a time
2650 during resharding
2651 default: 128
2652 tags:
2653 - performance
2654 services:
2655 - rgw
2656 - rgw
2657 min: 16
2658- name: rgw_trust_forwarded_https
2659 type: bool
2660 level: advanced
2661 desc: Trust Forwarded and X-Forwarded-Proto headers
2662 long_desc: When a proxy in front of radosgw is used for ssl termination, radosgw
2663 does not know whether incoming http connections are secure. Enable this option
2664 to trust the Forwarded and X-Forwarded-Proto headers sent by the proxy when determining
2665 whether the connection is secure. This is required for some features, such as
2666 server side encryption. (Never enable this setting if you do not have a trusted
2667 proxy in front of radosgw, or else malicious users will be able to set these headers
2668 in any request.)
2669 fmt_desc: When a proxy in front of radosgw is used for ssl termination, radosgw
2670 does not know whether incoming http connections are secure. Enable
2671 this option to trust the ``Forwarded`` and ``X-Forwarded-Proto`` headers
2672 sent by the proxy when determining whether the connection is secure.
2673 This is required for some features, such as server side encryption.
2674 (Never enable this setting if you do not have a trusted proxy in front of
2675 radosgw, or else malicious users will be able to set these headers in
2676 any request.)
2677 default: false
2678 services:
2679 - rgw
2680 see_also:
2681 - rgw_crypt_require_ssl
2682 with_legacy: true
2683- name: rgw_crypt_require_ssl
2684 type: bool
2685 level: advanced
2686 desc: Requests including encryption key headers must be sent over ssl
2687 default: true
2688 services:
2689 - rgw
2690 with_legacy: true
2691# base64 encoded key for encryption of rgw objects
2692- name: rgw_crypt_default_encryption_key
2693 type: str
2694 level: dev
2695 services:
2696 - rgw
2697 with_legacy: true
2698- name: rgw_crypt_s3_kms_backend
2699 type: str
2700 level: advanced
2701 desc: Where the SSE-KMS encryption keys are stored. Supported KMS systems are OpenStack
2702 Barbican ('barbican', the default) and HashiCorp Vault ('vault').
2703 fmt_desc: Where the SSE-KMS encryption keys are stored. Supported KMS
2704 systems are OpenStack Barbican (``barbican``, the default) and
2705 HashiCorp Vault (``vault``).
2706 default: barbican
2707 services:
2708 - rgw
2709 enum_values:
2710 - barbican
2711 - vault
2712 - testing
2713 - kmip
2714 with_legacy: true
2715# extra keys that may be used for aws:kms
2716# defined as map "key1=YmluCmJvb3N0CmJvb3N0LQ== key2=b3V0CnNyYwpUZXN0aW5nCg=="
2717- name: rgw_crypt_s3_kms_encryption_keys
2718 type: str
2719 level: dev
2720 services:
2721 - rgw
2722 with_legacy: true
2723- name: rgw_crypt_vault_auth
2724 type: str
2725 level: advanced
2726 desc: Type of authentication method to be used with Vault.
2727 fmt_desc: Type of authentication method to be used. The only method
2728 currently supported is ``token``.
2729 default: token
2730 services:
2731 - rgw
2732 see_also:
2733 - rgw_crypt_s3_kms_backend
2734 - rgw_crypt_vault_addr
2735 - rgw_crypt_vault_token_file
2736 enum_values:
2737 - token
2738 - agent
2739 with_legacy: true
2740- name: rgw_crypt_vault_token_file
2741 type: str
2742 level: advanced
2743 desc: If authentication method is 'token', provide a path to the token file, which
2744 for security reasons should readable only by Rados Gateway.
2745 services:
2746 - rgw
2747 see_also:
2748 - rgw_crypt_s3_kms_backend
2749 - rgw_crypt_vault_auth
2750 - rgw_crypt_vault_addr
2751 with_legacy: true
2752- name: rgw_crypt_vault_addr
2753 type: str
2754 level: advanced
2755 desc: Vault server base address.
2756 fmt_desc: Vault server base address, e.g. ``http://vaultserver:8200``.
2757 services:
2758 - rgw
2759 see_also:
2760 - rgw_crypt_s3_kms_backend
2761 - rgw_crypt_vault_auth
2762 - rgw_crypt_vault_prefix
2763 with_legacy: true
2764# Optional URL prefix to Vault secret path
2765- name: rgw_crypt_vault_prefix
2766 type: str
2767 level: advanced
2768 desc: Vault secret URL prefix, which can be used to restrict access to a particular
2769 subset of the Vault secret space.
2770 fmt_desc: The Vault secret URL prefix, which can be used to restrict access
2771 to a particular subset of the secret space, e.g. ``/v1/secret/data``.
2772 services:
2773 - rgw
2774 see_also:
2775 - rgw_crypt_s3_kms_backend
2776 - rgw_crypt_vault_addr
2777 - rgw_crypt_vault_auth
2778 with_legacy: true
2779# kv, transit or other supported secret engines
2780- name: rgw_crypt_vault_secret_engine
2781 type: str
2782 level: advanced
2783 desc: Vault Secret Engine to be used to retrieve encryption keys.
2784 fmt_desc: |
2785 Vault Secret Engine to be used to retrieve encryption keys: choose
2786 between kv-v2, transit.
2787 default: transit
2788 services:
2789 - rgw
2790 see_also:
2791 - rgw_crypt_s3_kms_backend
2792 - rgw_crypt_vault_auth
2793 - rgw_crypt_vault_addr
2794 with_legacy: true
2795# Vault Namespace (only availabe in Vault Enterprise Version)
2796- name: rgw_crypt_vault_namespace
2797 type: str
2798 level: advanced
2799 desc: Vault Namespace to be used to select your tenant
2800 fmt_desc: If set, Vault Namespace provides tenant isolation for teams and individuals
2801 on the same Vault Enterprise instance, e.g. ``acme/tenant1``
2802 services:
2803 - rgw
2804 see_also:
2805 - rgw_crypt_s3_kms_backend
2806 - rgw_crypt_vault_auth
2807 - rgw_crypt_vault_addr
2808 with_legacy: true
2809# Enable TLS authentication rgw and vault
2810- name: rgw_crypt_vault_verify_ssl
2811 type: bool
2812 level: advanced
2813 desc: Should RGW verify the vault server SSL certificate.
2814 default: true
2815 services:
2816 - rgw
2817 with_legacy: true
2818# TLS certs options
2819- name: rgw_crypt_vault_ssl_cacert
2820 type: str
2821 level: advanced
2822 desc: Path for custom ca certificate for accessing vault server
2823 services:
2824 - rgw
2825 with_legacy: true
2826- name: rgw_crypt_vault_ssl_clientcert
2827 type: str
2828 level: advanced
2829 desc: Path for custom client certificate for accessing vault server
2830 services:
2831 - rgw
2832 with_legacy: true
2833- name: rgw_crypt_vault_ssl_clientkey
2834 type: str
2835 level: advanced
2836 desc: Path for private key required for client cert
2837 services:
2838 - rgw
2839 with_legacy: true
2840- name: rgw_crypt_kmip_addr
2841 type: str
2842 level: advanced
2843 desc: kmip server address
2844 services:
2845 - rgw
2846 with_legacy: true
2847- name: rgw_crypt_kmip_ca_path
2848 type: str
2849 level: advanced
2850 desc: ca for kmip servers
2851 services:
2852 - rgw
2853 with_legacy: true
2854- name: rgw_crypt_kmip_username
2855 type: str
2856 level: advanced
2857 desc: when authenticating via username
2858 services:
2859 - rgw
2860 with_legacy: true
2861- name: rgw_crypt_kmip_password
2862 type: str
2863 level: advanced
2864 desc: optional w/ username
2865 services:
2866 - rgw
2867 with_legacy: true
2868- name: rgw_crypt_kmip_client_cert
2869 type: str
2870 level: advanced
2871 desc: connect using client certificate
2872 services:
2873 - rgw
2874 with_legacy: true
2875- name: rgw_crypt_kmip_client_key
2876 type: str
2877 level: advanced
2878 desc: connect using client certificate
2879 services:
2880 - rgw
2881 with_legacy: true
2882- name: rgw_crypt_kmip_kms_key_template
2883 type: str
2884 level: advanced
2885 desc: sse-kms; kmip key names
2886 services:
2887 - rgw
2888 with_legacy: true
2889- name: rgw_crypt_kmip_s3_key_template
2890 type: str
2891 level: advanced
2892 desc: sse-s3; kmip key template
2893 default: $keyid
2894 services:
2895 - rgw
2896 with_legacy: true
2897- name: rgw_crypt_suppress_logs
2898 type: bool
2899 level: advanced
2900 desc: Suppress logs that might print client key
2901 default: true
2902 services:
2903 - rgw
2904 with_legacy: true
2a845540
TL		 2905- name: rgw_crypt_sse_s3_backend
2906 type: str
2907 level: advanced
2908 desc: Where the SSE-S3 encryption keys are stored. The only valid choice here is
2909 HashiCorp Vault ('vault').
2910 fmt_desc: Where the SSE-S3 encryption keys are stored. The only valid
2911 choice is HashiCorp Vault (``vault``).
2912 default: vault
2913 services:
2914 - rgw
2915 enum_values:
2916 - vault
2917 with_legacy: true
2918
2919- name: rgw_crypt_sse_s3_vault_secret_engine
2920 type: str
2921 level: advanced
2922 desc: Vault Secret Engine to be used to retrieve encryption keys.
2923 fmt_desc: |
2924 Vault Secret Engine to be used to retrieve encryption keys. The
2925 only valid choice here is transit.
2926 default: transit
2927 services:
2928 - rgw
2929 see_also:
2930 - rgw_crypt_sse_s3_backend
2931 - rgw_crypt_sse_s3_vault_auth
2932 - rgw_crypt_sse_s3_vault_addr
2933 with_legacy: true
2934- name: rgw_crypt_sse_s3_key_template
2935 type: str
2936 level: advanced
2937 desc: template for per-bucket sse-s3 keys in vault.
2938 long_desc: This is the template for per-bucket sse-s3 keys.
2939 This string may include ``%bucket_id`` which will be expanded out to
2940 the bucket marker, a unique uuid assigned to that bucket.
2941 It could contain ``%owner_id``, which will expand out to the owner's id.
2942 Any other use of % is reserved and should not be used.
2943 If the template contains ``%bucket_id``, associated bucket keys
2944 will be automatically removed when the bucket is removed.
2945 services:
2946 - rgw
2947 default: "%bucket_id"
2948 see_also:
2949 - rgw_crypt_sse_s3_backend
2950 - rgw_crypt_sse_s3_vault_auth
2951 - rgw_crypt_sse_s3_vault_addr
2952 with_legacy: true
2953- name: rgw_crypt_sse_s3_vault_auth
2954 type: str
2955 level: advanced
2956 desc: Type of authentication method to be used with SSE-S3 and Vault.
2957 fmt_desc: Type of authentication method to be used. The only method
2958 currently supported is ``token``.
2959 default: token
2960 services:
2961 - rgw
2962 see_also:
2963 - rgw_crypt_sse_s3_backend
2964 - rgw_crypt_sse_s3_vault_addr
2965 - rgw_crypt_sse_s3_vault_token_file
2966 enum_values:
2967 - token
2968 - agent
2969 with_legacy: true
2970- name: rgw_crypt_sse_s3_vault_token_file
2971 type: str
2972 level: advanced
2973 desc: If authentication method is 'token', provide a path to the token file, which
2974 for security reasons should readable only by Rados Gateway.
2975 services:
2976 - rgw
2977 see_also:
2978 - rgw_crypt_sse_s3_backend
2979 - rgw_crypt_sse_s3_vault_auth
2980 - rgw_crypt_sse_s3_vault_addr
2981 with_legacy: true
2982- name: rgw_crypt_sse_s3_vault_addr
2983 type: str
2984 level: advanced
2985 desc: SSE-S3 Vault server base address.
2986 fmt_desc: Vault server base address, e.g. ``http://vaultserver:8200``.
2987 services:
2988 - rgw
2989 see_also:
2990 - rgw_crypt_sse_s3_backend
2991 - rgw_crypt_sse_s3_vault_auth
2992 - rgw_crypt_sse_s3_vault_prefix
2993 with_legacy: true
2994# Optional URL prefix to Vault secret path
2995- name: rgw_crypt_sse_s3_vault_prefix
2996 type: str
2997 level: advanced
2998 desc: SSE-S3 Vault secret URL prefix, which can be used to restrict access to a particular
2999 subset of the Vault secret space.
3000 fmt_desc: The Vault secret URL prefix, which can be used to restrict access
3001 to a particular subset of the secret space, e.g. ``/v1/secret/data``.
3002 services:
3003 - rgw
3004 see_also:
3005 - rgw_crypt_sse_s3_backend
3006 - rgw_crypt_sse_s3_vault_addr
3007 - rgw_crypt_sse_s3_vault_auth
3008 with_legacy: true
3009# Vault Namespace (only availabe in Vault Enterprise Version)
3010- name: rgw_crypt_sse_s3_vault_namespace
3011 type: str
3012 level: advanced
3013 desc: Vault Namespace to be used to select your tenant
3014 fmt_desc: If set, Vault Namespace provides tenant isolation for teams and individuals
3015 on the same Vault Enterprise instance, e.g. ``acme/tenant1``
3016 services:
3017 - rgw
3018 see_also:
3019 - rgw_crypt_sse_s3_backend
3020 - rgw_crypt_sse_s3_vault_auth
3021 - rgw_crypt_sse_s3_vault_addr
3022 with_legacy: true
3023# Enable TLS authentication rgw and vault
3024- name: rgw_crypt_sse_s3_vault_verify_ssl
3025 type: bool
3026 level: advanced
3027 desc: Should RGW verify the vault server SSL certificate.
3028 default: true
3029 services:
3030 - rgw
3031 with_legacy: true
3032# TLS certs options
3033- name: rgw_crypt_sse_s3_vault_ssl_cacert
3034 type: str
3035 level: advanced
3036 desc: Path for custom ca certificate for accessing vault server
3037 services:
3038 - rgw
3039 with_legacy: true
3040- name: rgw_crypt_sse_s3_vault_ssl_clientcert
3041 type: str
3042 level: advanced
3043 desc: Path for custom client certificate for accessing vault server
3044 services:
3045 - rgw
3046 with_legacy: true
3047- name: rgw_crypt_sse_s3_vault_ssl_clientkey
3048 type: str
3049 level: advanced
3050 desc: Path for private key required for client cert
3051 services:
3052 - rgw
3053 with_legacy: true
20effc67
TL		 3054- name: rgw_list_bucket_min_readahead
3055 type: int
3056 level: advanced
3057 desc: Minimum number of entries to request from rados for bucket listing
3058 default: 1000
3059 services:
3060 - rgw
3061 with_legacy: true
3062- name: rgw_rest_getusage_op_compat
3063 type: bool
3064 level: advanced
3065 desc: REST GetUsage request backward compatibility
3066 default: false
3067 services:
3068 - rgw
3069 with_legacy: true
3070# The following are tunables for torrent data
3071- name: rgw_torrent_flag
3072 type: bool
3073 level: advanced
3074 desc: When true, uploaded objects will calculate and store a SHA256 hash of object
3075 data so the object can be retrieved as a torrent file
3076 default: false
3077 services:
3078 - rgw
3079 with_legacy: true
3080- name: rgw_torrent_tracker
3081 type: str
3082 level: advanced
3083 desc: Torrent field announce and announce list
3084 services:
3085 - rgw
3086 with_legacy: true
3087- name: rgw_torrent_createby
3088 type: str
3089 level: advanced
3090 desc: torrent field created by
3091 services:
3092 - rgw
3093 with_legacy: true
3094- name: rgw_torrent_comment
3095 type: str
3096 level: advanced
3097 desc: Torrent field comment
3098 services:
3099 - rgw
3100 with_legacy: true
3101- name: rgw_torrent_encoding
3102 type: str
3103 level: advanced
3104 desc: torrent field encoding
3105 services:
3106 - rgw
3107 with_legacy: true
3108- name: rgw_data_notify_interval_msec
3109 type: int
3110 level: advanced
3111 desc: data changes notification interval to followers
3112 long_desc: In multisite, radosgw will occasionally broadcast new entries in its
3113 data changes log to peer zones, so they can prioritize sync of some
3114 of the most recent changes. Can be disabled with 0.
1e59de90 3115 default: 0
20effc67
TL		 3116 services:
3117 - rgw
3118 with_legacy: true
3119- name: rgw_torrent_origin
3120 type: str
3121 level: advanced
3122 desc: Torrent origin
3123 services:
3124 - rgw
3125 with_legacy: true
3126- name: rgw_torrent_sha_unit
3127 type: size
3128 level: advanced
3129 default: 512_K
3130 services:
3131 - rgw
3132 with_legacy: true
3133- name: rgw_dynamic_resharding
3134 type: bool
3135 level: basic
3136 desc: Enable dynamic resharding
3137 long_desc: If true, RGW will dynamically increase the number of shards in buckets
3138 that have a high number of objects per shard.
3139 default: true
3140 services:
3141 - rgw
3142 see_also:
3143 - rgw_max_objs_per_shard
3144 - rgw_max_dynamic_shards
3145- name: rgw_max_objs_per_shard
3146 type: uint
3147 level: basic
3148 desc: Max objects per shard for dynamic resharding
3149 long_desc: This is the max number of objects per bucket index shard that RGW will
3150 allow with dynamic resharding. RGW will trigger an automatic reshard operation
3151 on the bucket if it exceeds this number.
3152 default: 100000
3153 services:
3154 - rgw
3155 see_also:
3156 - rgw_dynamic_resharding
3157 - rgw_max_dynamic_shards
3158- name: rgw_max_dynamic_shards
3159 type: uint
3160 level: advanced
3161 desc: Max shards that dynamic resharding can create
3162 long_desc: This is the maximum number of bucket index shards that dynamic sharding
3163 is able to create on its own. This does not limit user requested resharding. Ideally
3164 this value is a prime number.
3165 default: 1999
3166 services:
3167 - rgw
3168 see_also:
3169 - rgw_dynamic_resharding
3170 - rgw_max_objs_per_shard
3171 min: 1
3172- name: rgw_reshard_thread_interval
3173 type: uint
3174 level: advanced
3175 desc: Number of seconds between processing of reshard log entries
3176 default: 600
3177 services:
3178 - rgw
3179 min: 10
3180- name: rgw_cache_expiry_interval
3181 type: uint
3182 level: advanced
3183 desc: Number of seconds before entries in the cache are assumed stale and re-fetched.
3184 Zero is never.
3185 long_desc: The Rados Gateway stores metadata and objects in an internal cache. This
3186 should be kept consistent by the OSD's relaying notify events between multiple
3187 watching RGW processes. In the event that this notification protocol fails, bounding
3188 the length of time that any data in the cache will be assumed valid will ensure
3189 that any RGW instance that falls out of sync will eventually recover. This seems
3190 to be an issue mostly for large numbers of RGW instances under heavy use. If you
3191 would like to turn off cache expiry, set this value to zero.
3192 default: 900
3193 tags:
3194 - performance
3195 services:
3196 - rgw
3197 - rgw
3198- name: rgw_inject_notify_timeout_probability
3199 type: float
3200 level: dev
3201 desc: Likelihood of ignoring a notify
3202 long_desc: This is the probability that the RGW cache will ignore a cache notify
3203 message. It exists to help with the development and testing of cache consistency
3204 and recovery improvements. Please do not set it in a production cluster, as it
3205 actively causes failures. Set this to a floating point value between 0 and 1.
3206 default: 0
3207 tags:
3208 - fault injection
3209 - testing
3210 services:
3211 - rgw
3212 - rgw
3213 min: 0
3214 max: 1
3215- name: rgw_max_notify_retries
3216 type: uint
3217 level: advanced
3218 desc: Number of attempts to notify peers before giving up.
3219 long_desc: The number of times we will attempt to update a peer's cache in the event
3220 of error before giving up. This is unlikely to be an issue unless your cluster
3221 is very heavily loaded. Beware that increasing this value may cause some operations
3222 to take longer in exceptional cases and thus may, rarely, cause clients to time
3223 out.
3224 default: 3
3225 tags:
3226 - error recovery
3227 services:
3228 - rgw
3229 - rgw
3230- name: rgw_sts_entry
3231 type: str
3232 level: advanced
3233 desc: STS URL prefix
3234 long_desc: URL path prefix for internal STS requests.
3235 default: sts
3236 services:
3237 - rgw
3238 with_legacy: true
3239- name: rgw_sts_key
3240 type: str
3241 level: advanced
3242 desc: STS Key
3243 long_desc: Key used for encrypting/ decrypting session token.
3244 default: sts
3245 services:
3246 - rgw
3247 with_legacy: true
3248# should we try to use sts for s3?
3249- name: rgw_s3_auth_use_sts
3250 type: bool
3251 level: advanced
3252 desc: Should S3 authentication use STS.
3253 default: false
3254 services:
3255 - rgw
3256 with_legacy: true
3257- name: rgw_sts_max_session_duration
3258 type: uint
3259 level: advanced
3260 desc: Session token max duration
3261 long_desc: Max duration in seconds for which the session token is valid.
3262 default: 43200
3263 services:
3264 - rgw
3265 with_legacy: true
3266- name: rgw_sts_min_session_duration
3267 type: uint
3268 level: advanced
3269 desc: Minimum allowed duration of a session
3270 default: 900
3271 services:
3272 - rgw
3273 with_legacy: true
3274- name: rgw_max_listing_results
3275 type: uint
3276 level: advanced
3277 desc: Upper bound on results in listing operations, ListBucket max-keys
3278 long_desc: This caps the maximum permitted value for listing-like operations in
3279 RGW S3. Affects ListBucket(max-keys), ListBucketVersions(max-keys), ListBucketMultipartUploads(max-uploads),
3280 ListMultipartUploadParts(max-parts)
3281 default: 1000
3282 services:
3283 - rgw
3284 - rgw
3285 min: 1
3286 max: 100000
3287- name: rgw_sts_token_introspection_url
3288 type: str
3289 level: advanced
3290 desc: STS Web Token introspection URL
3291 long_desc: URL for introspecting an STS Web Token.
3292 services:
3293 - rgw
3294 with_legacy: true
3295- name: rgw_sts_client_id
3296 type: str
3297 level: advanced
3298 desc: Client Id
3299 long_desc: Client Id needed for introspecting a Web Token.
3300 services:
3301 - rgw
3302 with_legacy: true
3303- name: rgw_sts_client_secret
3304 type: str
3305 level: advanced
3306 desc: Client Secret
3307 long_desc: Client Secret needed for introspecting a Web Token.
3308 services:
3309 - rgw
3310 with_legacy: true
3311- name: rgw_max_concurrent_requests
3312 type: int
3313 level: basic
3314 desc: Maximum number of concurrent HTTP requests.
3315 long_desc: Maximum number of concurrent HTTP requests that the beast frontend will
3316 process. Tuning this can help to limit memory usage under heavy load.
3317 default: 1024
3318 tags:
3319 - performance
3320 services:
3321 - rgw
3322 see_also:
3323 - rgw_frontends
3324- name: rgw_scheduler_type
3325 type: str
3326 level: advanced
3327 desc: Set the type of dmclock scheduler, defaults to throttler Other valid values
3328 are dmclock which is experimental
3329 fmt_desc: |
3330 The RGW scheduler to use. Valid values are ``throttler` and
3331 ``dmclock``. Currently defaults to ``throttler`` which throttles Beast
3332 frontend requests. ``dmclock` is *experimental* and requires the
3333 ``dmclock`` to be included in the ``experimental_feature_enabled``
3334 configuration option.
3335
3336 The options below tune the experimental dmclock scheduler. For
3337 additional reading on dmclock, see :ref:`dmclock-qos`. `op_class` for the flags below is
3338 one of ``admin``, ``auth``, ``metadata``, or ``data``.
3339 default: throttler
3340 services:
3341 - rgw
3342- name: rgw_dmclock_admin_res
3343 type: float
3344 level: advanced
3345 desc: mclock reservation for admin requests
3346 default: 100
3347 services:
3348 - rgw
3349 see_also:
3350 - rgw_dmclock_admin_wgt
3351 - rgw_dmclock_admin_lim
3352- name: rgw_dmclock_admin_wgt
3353 type: float
3354 level: advanced
3355 desc: mclock weight for admin requests
3356 default: 100
3357 services:
3358 - rgw
3359 see_also:
3360 - rgw_dmclock_admin_res
3361 - rgw_dmclock_admin_lim
3362- name: rgw_dmclock_admin_lim
3363 type: float
3364 level: advanced
3365 desc: mclock limit for admin requests
3366 default: 0
3367 services:
3368 - rgw
3369 see_also:
3370 - rgw_dmclock_admin_res
3371 - rgw_dmclock_admin_wgt
3372- name: rgw_dmclock_auth_res
3373 type: float
3374 level: advanced
3375 desc: mclock reservation for object data requests
3376 default: 200
3377 services:
3378 - rgw
3379 see_also:
3380 - rgw_dmclock_auth_wgt
3381 - rgw_dmclock_auth_lim
3382- name: rgw_dmclock_auth_wgt
3383 type: float
3384 level: advanced
3385 desc: mclock weight for object data requests
3386 default: 100
3387 services:
3388 - rgw
3389 see_also:
3390 - rgw_dmclock_auth_res
3391 - rgw_dmclock_auth_lim
3392- name: rgw_dmclock_auth_lim
3393 type: float
3394 level: advanced
3395 desc: mclock limit for object data requests
3396 default: 0
3397 services:
3398 - rgw
3399 see_also:
3400 - rgw_dmclock_auth_res
3401 - rgw_dmclock_auth_wgt
3402- name: rgw_dmclock_data_res
3403 type: float
3404 level: advanced
3405 desc: mclock reservation for object data requests
3406 default: 500
3407 services:
3408 - rgw
3409 see_also:
3410 - rgw_dmclock_data_wgt
3411 - rgw_dmclock_data_lim
3412- name: rgw_dmclock_data_wgt
3413 type: float
3414 level: advanced
3415 desc: mclock weight for object data requests
3416 default: 500
3417 services:
3418 - rgw
3419 see_also:
3420 - rgw_dmclock_data_res
3421 - rgw_dmclock_data_lim
3422- name: rgw_dmclock_data_lim
3423 type: float
3424 level: advanced
3425 desc: mclock limit for object data requests
3426 default: 0
3427 services:
3428 - rgw
3429 see_also:
3430 - rgw_dmclock_data_res
3431 - rgw_dmclock_data_wgt
3432- name: rgw_dmclock_metadata_res
3433 type: float
3434 level: advanced
3435 desc: mclock reservation for metadata requests
3436 default: 500
3437 services:
3438 - rgw
3439 see_also:
3440 - rgw_dmclock_metadata_wgt
3441 - rgw_dmclock_metadata_lim
3442- name: rgw_dmclock_metadata_wgt
3443 type: float
3444 level: advanced
3445 desc: mclock weight for metadata requests
3446 default: 500
3447 services:
3448 - rgw
3449 see_also:
3450 - rgw_dmclock_metadata_res
3451 - rgw_dmclock_metadata_lim
3452- name: rgw_dmclock_metadata_lim
3453 type: float
3454 level: advanced
3455 desc: mclock limit for metadata requests
3456 default: 0
3457 services:
3458 - rgw
3459 see_also:
3460 - rgw_dmclock_metadata_res
3461 - rgw_dmclock_metadata_wgt
3462- name: rgw_default_data_log_backing
3463 type: str
3464 level: advanced
3465 desc: Default backing store for the RGW data sync log
3466 long_desc: Whether to use the older OMAP backing store or the high performance FIFO
3467 based backing store by default. This only covers the creation of the log on startup
3468 if none exists.
3469 default: fifo
3470 services:
3471 - rgw
3472 enum_values:
3473 - fifo
3474 - omap
3475- name: rgw_d3n_l1_local_datacache_enabled
3476 type: bool
3477 level: advanced
3478 desc: Enable datacenter-scale dataset delivery local cache
3479 default: false
3480 services:
3481 - rgw
3482 with_legacy: true
3483- name: rgw_d3n_l1_datacache_persistent_path
3484 type: str
3485 level: advanced
3486 desc: path for the directory for storing the local cache objects data
3487 default: /tmp/rgw_datacache/
3488 services:
3489 - rgw
3490 with_legacy: true
3491- name: rgw_d3n_l1_datacache_size
3492 type: size
3493 level: advanced
3494 desc: datacache maximum size on disk in bytes
3495 default: 1_G
3496 services:
3497 - rgw
3498 with_legacy: true
3499- name: rgw_d3n_l1_evict_cache_on_start
3500 type: bool
3501 level: advanced
3502 desc: clear the content of the persistent data cache directory on start
3503 default: true
3504 services:
3505 - rgw
3506 with_legacy: true
3507- name: rgw_d3n_l1_fadvise
3508 type: int
3509 level: advanced
3510 desc: posix_fadvise() flag for access pattern of cache files
3511 long_desc: for example to bypass the page-cache -
3512 POSIX_FADV_DONTNEED=4
3513 default: 4
3514 services:
3515 - rgw
3516 with_legacy: true
3517- name: rgw_d3n_l1_eviction_policy
3518 type: str
3519 level: advanced
3520 desc: select the d3n cache eviction policy
3521 default: lru
3522 services:
3523 - rgw
3524 enum_values:
3525 - lru
3526 - random
3527 with_legacy: true
3528- name: rgw_d3n_libaio_aio_threads
3529 type: int
3530 level: advanced
3531 desc: specifies the maximum number of worker threads that may be used by libaio
3532 default: 20
3533 services:
3534 - rgw
3535 see_also:
3536 - rgw_thread_pool_size
3537 with_legacy: true
3538- name: rgw_d3n_libaio_aio_num
3539 type: int
3540 level: advanced
3541 desc: specifies the maximum number of simultaneous I/O requests that libaio expects to enqueue
3542 default: 64
3543 services:
3544 - rgw
3545 see_also:
3546 - rgw_thread_pool_size
3547 with_legacy: true
3548- name: rgw_backend_store
3549 type: str
3550 level: advanced
3551 desc: experimental Option to set backend store type
1e59de90 3552 long_desc: defaults to rados. Other valid values are dbstore, motr, and daos (All experimental).
20effc67
TL		 3553 default: rados
3554 services:
3555 - rgw
3556 enum_values:
3557 - rados
3558 - dbstore
1e59de90
TL		 3559 - motr
3560 - daos
3561- name: rgw_config_store
3562 type: str
3563 level: advanced
3564 desc: Configuration storage backend
3565 default: rados
3566 services:
3567 - rgw
3568 enum_values:
3569 - rados
3570 - dbstore
3571 - json
3572- name: rgw_filter
3573 type: str
3574 level: advanced
3575 desc: experimental Option to set a filter
3576 long_desc: defaults to none. Other valid values are base and trace (both experimental).
3577 default: none
3578 services:
3579 - rgw
3580 enum_values:
3581 - none
3582 - base
3583 - trace
3584- name: dbstore_db_dir
3585 type: str
3586 level: advanced
3587 desc: path for the directory for storing the db backend store data
3588 default: /var/lib/ceph/radosgw
3589 services:
3590 - rgw
3591- name: dbstore_db_name_prefix
3592 type: str
3593 level: advanced
3594 desc: prefix to the file names created by db backend store
3595 default: dbstore
3596 services:
3597 - rgw
3598- name: dbstore_config_uri
3599 type: str
3600 level: advanced
3601 desc: 'Config database URI. URIs beginning with file: refer to local files opened with SQLite.'
3602 default: file:/var/lib/ceph/radosgw/dbstore-config.db
3603 see_also:
3604 - rgw_config_store
3605 services:
3606 - rgw
3607- name: rgw_json_config
3608 type: str
3609 level: advanced
3610 desc: Path to a json file that contains the static zone and zonegroup configuration. Requires rgw_config_store=json.
3611 default: /var/lib/ceph/radosgw/config.json
3612 see_also:
3613 - rgw_config_store
3614 services:
3615 - rgw
3616- name: motr_profile_fid
3617 type: str
3618 level: advanced
3619 desc: experimental Option to set Motr profile fid
3620 long_desc: example value 0x7000000000000001:0x4f
3621 default: 0x7000000000000001:0x0
3622 services:
3623 - rgw
3624- name: motr_my_fid
3625 type: str
3626 level: advanced
3627 desc: experimental Option to set my Motr fid
3628 long_desc: example value 0x7200000000000001:0x29
3629 default: 0x7200000000000001:0x0
3630 services:
3631 - rgw
3632- name: motr_admin_fid
3633 type: str
3634 level: advanced
3635 desc: Admin Tool Motr FID for admin-level access.
3636 long_desc: example value 0x7200000000000001:0x2c
3637 default: 0x7200000000000001:0x0
3638 services:
3639 - rgw
3640- name: motr_admin_endpoint
3641 type: str
3642 level: advanced
3643 desc: experimental Option to set Admin Motr endpoint address
3644 long_desc: example value 192.168.180.182@tcp:12345:4:1
3645 default: 192.168.180.182@tcp:12345:4:1
3646 services:
3647 - rgw
3648- name: motr_my_endpoint
3649 type: str
3650 level: advanced
3651 desc: experimental Option to set my Motr endpoint address
3652 long_desc: example value 192.168.180.182@tcp:12345:4:1
3653 default: 192.168.180.182@tcp:12345:4:1
3654 services:
3655 - rgw
3656- name: motr_ha_endpoint
3657 type: str
3658 level: advanced
3659 desc: experimental Option to set Motr HA agent endpoint address
3660 long_desc: example value 192.168.180.182@tcp:12345:1:1
3661 default: 192.168.180.182@tcp:12345:1:1
3662 services:
3663 - rgw
3664- name: motr_tracing_enabled
3665 type: bool
3666 level: advanced
3667 desc: Set to true when Motr client debugging is needed
3668 default: false
3669 services:
3670 - rgw
20effc67
TL		 3671- name: rgw_luarocks_location
3672 type: str
3673 level: advanced
3674 desc: Directory where luarocks install packages from allowlist
3675 default: @rgw_luarocks_location@
3676 services:
3677 - rgw
3678 flags:
3679 - startup
1e59de90
TL		 3680- name: rgwlc_auto_session_clear
3681 type: bool
3682 level: advanced
3683 desc: Automatically clear stale lifecycle sessions (i.e., after 2 idle processing cycles)
3684 default: true
3685 services:
3686 - rgw
3687 with_legacy: true
3688- name: rgwlc_skip_bucket_step
3689 type: bool
3690 level: advanced
3691 desc: Conditionally skip the processing (but not the scheduling) of bucket lifecycle
3692 default: false
3693 services:
3694 - rgw
3695 with_legacy: true
3696- name: rgw_pending_bucket_index_op_expiration
3697 type: uint
3698 level: advanced
3699 default: 120
3700 desc: Number of seconds a pending operation can remain in bucket index shard.
3701 long_desc: Number of seconds a pending operation can remain in bucket
3702 index shard before it expires. Used for transactional bucket index
3703 operations, and if the operation does not complete in this time
3704 period, the operation will be dropped.
3705 services:
3706 - rgw
3707 - osd
3708 with_legacy: true
3709- name: rgw_bucket_index_transaction_instrumentation
3710 type: bool
3711 level: dev
3712 default: false
3713 desc: Turns on extra instrumentation surrounding bucket index transactions.
3714 services:
3715 - rgw
3716 - osd
3717 with_legacy: true
3718- name: rgw_allow_notification_secrets_in_cleartext
3719 type: bool
3720 level: advanced
3721 desc: Allows sending secrets (e.g. passwords) over non encrypted HTTP messages.
3722 long_desc: When bucket notification endpoint require secrets (e.g. passwords),
3723 we allow the topic creation only over HTTPS messages.
3724 This parameter can be set to "true" to bypass this check.
3725 Use this only if radosgw is on a trusted private network, and the message
3726 broker cannot be configured without password authentication. Otherwise, this will
3727 leak the credentials of your message broker and compromise its security.
3728 default: false
3729 services:
3730 - rgw
3731 see_also:
3732 - rgw_trust_forwarded_https
3733- name: daos_pool
3734 type: str
3735 level: advanced
3736 desc: DAOS Pool to use
3737 default: tank
3738 services:
3739 - rgw
3740- name: rgw_policy_reject_invalid_principals
3741 type: bool
3742 level: basic
3743 desc: Whether to reject policies with invalid principals
3744 long_desc: If true, policies with invalid principals will be
3745 rejected. We don't support Canonical User identifiers or some
3746 other form of policies that Amazon does, so if you are mirroring
3747 policies between RGW and AWS, you may wish to set this to false.
3748 default: true
3749 services:
3750 - rgw
Ceph