5 # According to AWS S3(http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html),
6 # An ACL may have up to 100 grants.
7 - name: rgw_acl_grants_max_num
10 desc: The maximum number of ACL grants in a single request.
15 # A user may have up to 100 IAM user policies.
16 - name: rgw_user_policies_max_num
19 desc: The maximum number of IAM user policies for a single user.
24 # According to AWS S3 (http://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html),
25 # A CORS request may have up to 100 rules.
26 - name: rgw_cors_rules_max_num
29 desc: The maximum number of CORS rules in a single request.
34 # According to AWS S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/DeletingObjects.html),
35 # Amazon S3 also provides the Multi-Object Delete API that you can use to delete up to 1000
36 # objects in a single HTTP request.
37 - name: rgw_delete_multi_obj_max_num
40 desc: The maximum number of objects in a single multi-object delete request.
45 # According to AWS S3, An website routing config can have up to 50 rules.
46 - name: rgw_website_routing_rules_max_num
49 desc: The maximum number of website routing rules in a single request.
54 - name: rgw_rados_tracing
57 desc: Enables LTTng-UST tracepoints.
61 - name: rgw_op_tracing
64 desc: Enables LTTng-UST operator tracepoints.
68 - name: rgw_max_chunk_size
71 desc: The maximum RGW chunk size.
72 long_desc: The chunk size is the size of RADOS I/O requests that RGW sends when
73 accessing data objects. RGW read and write operations will never request more than
74 this amount in a single request. This also defines the RGW head object size, as
75 head operations need to be atomic, and anything larger than this would require
76 more than a single operation. When RGW objects are written to the default
77 storage class, up to this amount of payload data will be stored alongside
78 metadata in the head object.
83 - name: rgw_put_obj_min_window_size
86 desc: The minimum RADOS write window size (in bytes).
87 long_desc: The window size determines the total concurrent RADOS writes of a single
88 RGW object. When writing an object RGW will send multiple chunks to RADOS. The
89 total size of the writes does not exceed the window size. The window size may
90 be adjusted dynamically in order to better utilize the pipe.
95 - rgw_put_obj_max_window_size
98 - name: rgw_put_obj_max_window_size
101 desc: The maximum RADOS write window size (in bytes).
102 long_desc: The window size may be dynamically adjusted, but will not surpass this
108 - rgw_put_obj_min_window_size
111 - name: rgw_max_put_size
114 desc: The maximum size (in bytes) of regular (non multi-part) object upload.
115 long_desc: Plain object upload is capped at this amount of data. In order to upload
116 larger objects, a special upload mechanism is required. The S3 API provides the
117 multi-part upload, and Swift provides DLO and SLO.
122 - name: rgw_max_put_param_size
125 desc: The maximum size (in bytes) of data input of certain RESTful requests.
130 - name: rgw_max_attr_size
133 desc: The maximum length of metadata value. 0 skips the check
138 - name: rgw_max_attr_name_len
141 desc: The maximum length of metadata name. 0 skips the check
146 - name: rgw_max_attrs_num_in_req
149 desc: The maximum number of metadata items that can be put via single request
154 # override max bucket index shards in zone configuration (if not zero)
156 # Represents the number of shards for the bucket index object, a value of zero
157 # indicates there is no sharding. By default (no sharding, the name of the object
158 # is '.dir.{marker}', with sharding, the name is '.dir.{markder}.{sharding_id}',
159 # sharding_id is zero-based value. It is not recommended to set a too large value
160 # (e.g. thousand) as it increases the cost for bucket listing.
161 - name: rgw_override_bucket_index_max_shards
164 desc: The default number of bucket index shards for newly-created buckets. This
165 value overrides bucket_index_max_shards stored in the zone. Setting this value
166 in the zone is preferred, because it applies globally to all radosgw daemons running
168 fmt_desc: Represents the number of shards for the bucket index object,
169 a value of zero indicates there is no sharding. It is not
170 recommended to set a value too large (e.g. thousand) as it
171 increases the cost for bucket listing.
172 This variable should be set in the client or global sections
173 so that it is automatically applied to radosgw-admin commands.
178 # Represents the maximum AIO pending requests for the bucket index object shards.
179 - name: rgw_bucket_index_max_aio
182 desc: Max number of concurrent RADOS requests when handling bucket shards.
187 - name: rgw_multi_obj_del_max_aio
190 desc: Max number of concurrent RADOS requests per multi-object delete request.
195 # whether or not the quota/gc threads should be started
196 - name: rgw_enable_quota_threads
199 desc: Enables the quota maintenance thread.
200 long_desc: The quota maintenance thread is responsible for quota related maintenance
201 work. The thread itself can be disabled, but in order for quota to work correctly,
202 at least one RGW in each zone needs to have this thread running. Having the thread
203 enabled on multiple RGW processes within the same zone can spread some of the
204 maintenance work between them.
209 - rgw_enable_gc_threads
210 - rgw_enable_lc_threads
212 - name: rgw_enable_gc_threads
215 desc: Enables the garbage collection maintenance thread.
216 long_desc: The garbage collection maintenance thread is responsible for garbage
217 collector maintenance work. The thread itself can be disabled, but in order for
218 garbage collection to work correctly, at least one RGW in each zone needs to have
219 this thread running. Having the thread enabled on multiple RGW processes within
220 the same zone can spread some of the maintenance work between them.
225 - rgw_enable_quota_threads
226 - rgw_enable_lc_threads
228 - name: rgw_enable_lc_threads
231 desc: Enables the lifecycle maintenance thread. This is required on at least one
233 long_desc: The lifecycle maintenance thread is responsible for lifecycle related
234 maintenance work. The thread itself can be disabled, but in order for lifecycle
235 to work correctly, at least one RGW in each zone needs to have this thread running.
236 Havingthe thread enabled on multiple RGW processes within the same zone can spread
237 some of the maintenance work between them.
242 - rgw_enable_gc_threads
243 - rgw_enable_quota_threads
248 desc: Alternative location for RGW configuration.
249 long_desc: If this is set, the different Ceph system configurables (such as the keyring file will be located in the path that is specified here.
250 fmt_desc: Sets the location of the data files for Ceph RADOS Gateway.
251 default: /var/lib/ceph/radosgw/$cluster-$id
257 - name: rgw_enable_apis
260 desc: A list of set of RESTful APIs that rgw handles.
262 Enables the specified APIs.
264 .. note:: Enabling the ``s3`` API is a requirement for
265 any ``radosgw`` instance that is meant to
266 participate in a `multi-site <../multisite>`_
268 default: s3, s3website, swift, swift_auth, admin, sts, iam, notifications
272 - name: rgw_cache_enabled
275 desc: Enable RGW metadata cache.
276 long_desc: The metadata cache holds metadata entries that RGW requires for processing
277 requests. Metadata entries can be user info, bucket info, and bucket instance
278 info. If not found in the cache, entries will be fetched from the backing RADOS
280 fmt_desc: Whether the Ceph Object Gateway cache is enabled.
287 - name: rgw_cache_lru_size
290 desc: Max number of items in RGW metadata cache.
291 long_desc: When full, the RGW metadata cache evicts least recently used entries.
292 fmt_desc: The number of entries in the Ceph Object Gateway cache.
302 desc: The host names that RGW uses.
303 long_desc: A comma separated list of DNS names.
304 This is Needed for virtual hosting of buckets to work properly, unless
305 configured via zonegroup configuration.
306 fmt_desc: The DNS names of the served domains. See also the ``hostnames`` setting within zonegroups.
310 - name: rgw_dns_s3website_name
313 desc: The host name that RGW uses for static websites (S3)
314 long_desc: This is needed for virtual hosting of buckets, unless configured via
315 zonegroup configuration.
319 - name: rgw_numa_node
322 desc: set rgw's cpu affinity to a numa node (-1 for none)
328 - name: rgw_service_provider_name
331 desc: Service provider name which is contained in http response headers
332 long_desc: As S3 or other cloud storage providers do, http response headers should
333 contain the name of the provider. This name will be placed in http header 'Server'.
337 - name: rgw_content_length_compat
340 desc: Multiple content length headers compatibility
341 long_desc: Try to handle requests with abiguous multiple content length headers
342 (Content-Length, Http-Content-Length).
343 fmt_desc: Enable compatibility handling of FCGI requests with both ``CONTENT_LENGTH``
344 and ``HTTP_CONTENT_LENGTH`` set.
349 - name: rgw_relaxed_region_enforcement
352 desc: Disable region constraint enforcement
353 long_desc: Enable requests such as bucket creation to succeed irrespective of region
354 restrictions (Jewel compat).
358 - name: rgw_lifecycle_work_time
361 desc: Lifecycle allowed work time
362 long_desc: Local time window in which the lifecycle maintenance thread can work.
367 - name: rgw_lc_lock_max_time
374 - name: rgw_lc_thread_delay
377 desc: Delay after processing of bucket listing chunks (i.e., per 1000 entries) in
382 - name: rgw_lc_max_worker
385 desc: Number of LCWorker tasks that will be run in parallel
386 long_desc: Number of LCWorker tasks that will run in parallel--used to permit >1
387 bucket/index shards to be processed simultaneously
388 fmt_desc: This option specifies the number of lifecycle worker threads
389 to run in parallel, thereby processing bucket and index
390 shards simultaneously.
395 - name: rgw_lc_max_wp_worker
398 desc: Number of workpool threads per LCWorker
399 long_desc: Number of threads in per-LCWorker workpools--used to accelerate per-bucket
401 fmt_desc: This option specifies the number of threads in each lifecycle
402 workers work pool. This option can help accelerate processing each bucket.
407 - name: rgw_lc_max_objs
410 desc: Number of lifecycle data shards
411 long_desc: Number of RADOS objects to use for storing lifecycle index. This affects
412 concurrency of lifecycle maintenance, as shards can be processed in parallel.
417 - name: rgw_lc_max_rules
420 desc: Max number of lifecycle rules set on one bucket
421 long_desc: Number of lifecycle rules set on one bucket should be limited.
426 - name: rgw_lc_debug_interval
429 desc: The number of seconds that simulate one "day" in order to debug RGW LifeCycle.
430 Do *not* modify for a production cluster.
431 long_desc: For debugging RGW LifeCycle, the number of seconds that are equivalent to
432 one simulated "day". Values less than 1 are ignored and do not change LifeCycle behavior.
433 For example, during debugging if one wanted every 10 minutes to be equivalent to one day,
434 then this would be set to 600, the number of seconds in 10 minutes.
439 - name: rgw_mp_lock_max_time
442 desc: Multipart upload max completion time
443 long_desc: Time length to allow completion of a multipart upload operation. This
444 is done to prevent concurrent completions on the same object with the same upload
449 - name: rgw_script_uri
452 fmt_desc: The alternative value for the ``SCRIPT_URI`` if not set
457 - name: rgw_request_uri
460 fmt_desc: The alternative value for the ``REQUEST_URI`` if not set
465 - name: rgw_ignore_get_invalid_range
468 desc: Treat invalid (e.g., negative) range request as full
469 long_desc: Treat invalid (e.g., negative) range request as request for the full
470 object (AWS compatibility)
475 - name: rgw_swift_url
478 desc: Swift-auth storage URL
479 long_desc: Used in conjunction with rgw internal swift authentication. This affects
480 the X-Storage-Url response header value.
481 fmt_desc: The URL for the Ceph Object Gateway Swift API.
485 - rgw_swift_auth_entry
487 - name: rgw_swift_url_prefix
490 desc: Swift URL prefix
491 long_desc: The URL path prefix for swift requests.
493 The URL prefix for the Swift API, to distinguish it from
494 the S3 API endpoint. The default is ``swift``, which
495 makes the Swift API available at the URL
496 ``http://host:port/swift/v1`` (or
497 ``http://host:port/swift/v1/AUTH_%(tenant_id)s`` if
498 ``rgw swift account in url`` is enabled).
500 For compatibility, setting this configuration variable
501 to the empty string causes the default ``swift`` to be
502 used; if you do want an empty prefix, set this option to
505 .. warning:: If you set this option to ``/``, you must
506 disable the S3 API by modifying ``rgw
507 enable apis`` to exclude ``s3``. It is not
508 possible to operate radosgw with ``rgw
509 swift url prefix = /`` and simultaneously
510 support both the S3 and Swift APIs. If you
511 do need to support both APIs without
512 prefixes, deploy multiple radosgw instances
513 to listen on different hosts (or ports)
514 instead, enabling some for S3 and some for
516 example: /swift-testing
521 - name: rgw_swift_auth_url
525 long_desc: Default url to which RGW connects and verifies tokens for v1 auth (if
526 not using internal swift auth).
530 - name: rgw_swift_auth_entry
533 desc: Swift auth URL prefix
534 long_desc: URL path prefix for internal swift auth requests.
535 fmt_desc: The entry point for a Swift auth URL.
542 - name: rgw_swift_tenant_name
545 desc: Swift tenant name
546 long_desc: Tenant name that is used when constructing the swift path.
550 - rgw_swift_account_in_url
552 - name: rgw_swift_account_in_url
555 desc: Swift account encoded in URL
556 long_desc: Whether the swift account is encoded in the uri path (AUTH_<account>).
558 Whether or not the Swift account name should be included
559 in the Swift API URL.
560 If set to ``false`` (the default), then the Swift API
561 will listen on a URL formed like
562 ``http://host:port/<rgw_swift_url_prefix>/v1``, and the
563 account name (commonly a Keystone project UUID if
564 radosgw is configured with `Keystone integration
565 <../keystone>`_) will be inferred from request
567 If set to ``true``, the Swift API URL will be
568 ``http://host:port/<rgw_swift_url_prefix>/v1/AUTH_<account_name>``
570 ``http://host:port/<rgw_swift_url_prefix>/v1/AUTH_<keystone_project_id>``)
571 instead, and the Keystone ``object-store`` endpoint must
572 accordingly be configured to include the
573 ``AUTH_%(tenant_id)s`` suffix.
574 You **must** set this option to ``true`` (and update the
575 Keystone service catalog) if you want radosgw to support
576 publicly-readable containers and `temporary URLs
577 <../swift/tempurl>`_.
582 - rgw_swift_tenant_name
584 - name: rgw_swift_enforce_content_length
587 desc: Send content length when listing containers (Swift)
588 long_desc: Whether content length header is needed when listing containers. When
589 this is set to false, RGW will send extra info for each entry in the response.
594 - name: rgw_keystone_url
597 desc: The URL to the Keystone server.
601 - name: rgw_keystone_admin_token
604 desc: 'DEPRECATED: The admin token (shared secret) that is used for the Keystone
606 fmt_desc: The Keystone admin token (shared secret). In Ceph RGW
607 authentication with the admin token has priority over
608 authentication with the admin credentials
609 (``rgw_keystone_admin_user``, ``rgw_keystone_admin_password``,
610 ``rgw_keystone_admin_tenant``, ``rgw_keystone_admin_project``,
611 ``rgw_keystone_admin_domain``). The Keystone admin token
612 has been deprecated, but can be used to integrate with
613 older environments. It is preferred to instead configure
614 ``rgw_keystone_admin_token_path`` to avoid exposing the token.
618 - name: rgw_keystone_admin_token_path
621 desc: Path to a file containing the admin token (shared secret) that is used for
622 the Keystone requests.
623 fmt_desc: Path to a file containing the Keystone admin token
624 (shared secret). In Ceph RadosGW authentication with
625 the admin token has priority over authentication with
626 the admin credentials
627 (``rgw_keystone_admin_user``, ``rgw_keystone_admin_password``,
628 ``rgw_keystone_admin_tenant``, ``rgw_keystone_admin_project``,
629 ``rgw_keystone_admin_domain``).
630 The Keystone admin token has been deprecated, but can be
631 used to integrate with older environments.
635 - name: rgw_keystone_admin_user
638 desc: Keystone admin user.
639 fmt_desc: The name of OpenStack user with admin privilege for Keystone
640 authentication (Service User) when using OpenStack Identity API v2
644 - name: rgw_keystone_admin_password
647 desc: 'DEPRECATED: Keystone admin password.'
648 fmt_desc: The password for OpenStack admin user when using OpenStack
649 Identity API v2. It is preferred to instead configure
650 ``rgw_keystone_admin_password_path`` to avoid exposing the token.
654 - name: rgw_keystone_admin_password_path
657 desc: Path to a file containing the Keystone admin password.
658 fmt_desc: Path to a file containing the password for OpenStack
659 admin user when using OpenStack Identity API v2.
663 - name: rgw_keystone_admin_tenant
666 desc: Keystone admin user tenant.
667 fmt_desc: The name of OpenStack tenant with admin privilege (Service Tenant) when
668 using OpenStack Identity API v2
672 - name: rgw_keystone_admin_project
675 desc: Keystone admin user project (for Keystone v3).
676 fmt_desc: The name of OpenStack project with admin privilege when using
677 OpenStack Identity API v3. If left unspecified, value of
678 ``rgw keystone admin tenant`` will be used instead.
682 - name: rgw_keystone_admin_domain
685 desc: Keystone admin user domain (for Keystone v3).
686 fmt_desc: The name of OpenStack domain with admin privilege when using
687 OpenStack Identity API v3.
691 - name: rgw_keystone_service_token_enabled
694 desc: Service tokens allowing the usage of expired Keystone auth tokens
695 fmt_desc: The service token support allows the incoming request to contain
696 a X-Service-Token header with a Keystone token that if it has acceptable
697 roles allows using an expired token in the X-Auth-Token header.
700 - rgw_keystone_service_token_accepted_roles
701 - rgw_keystone_expired_token_cache_expiration
705 - name: rgw_keystone_service_token_accepted_roles
708 desc: Only users with one of these roles will be valid for service users.
709 fmt_desc: The users that created the service token given must have one of
710 these roles to be considered a valid service user.
713 - rgw_keystone_service_token_enabled
717 - name: rgw_keystone_expired_token_cache_expiration
720 desc: The number of seconds to add to current time for expired token expiration
721 fmt_desc: The expired token that is allowed when a valid service token is given
722 need a new expiration date for the caching. This is the seconds to add to the
723 current time and then set on an expired token that is verified with a service token.
728 - rgw_keystone_service_token_enabled
730 - name: rgw_keystone_barbican_user
733 desc: Keystone user to access barbican secrets.
734 fmt_desc: The name of the OpenStack user with access to the `Barbican`_
735 secrets used for `Encryption`_.
739 - name: rgw_keystone_barbican_password
742 desc: Keystone password for barbican user.
743 fmt_desc: The password associated with the `Barbican`_ user.
747 - name: rgw_keystone_barbican_tenant
750 desc: Keystone barbican user tenant (Keystone v2.0).
751 fmt_desc: The name of the OpenStack tenant associated with the `Barbican`_
752 user when using OpenStack Identity API v2.
756 - name: rgw_keystone_barbican_project
759 desc: Keystone barbican user project (Keystone v3).
760 fmt_desc: The name of the OpenStack project associated with the `Barbican`_
761 user when using OpenStack Identity API v3.
765 - name: rgw_keystone_barbican_domain
768 desc: Keystone barbican user domain.
769 fmt_desc: The name of the OpenStack domain associated with the `Barbican`_
770 user when using OpenStack Identity API v3.
774 - name: rgw_keystone_api_version
777 desc: Version of Keystone API to use (2 or 3).
778 fmt_desc: The version (2 or 3) of OpenStack Identity API that should be
779 used for communication with the Keystone server.
784 - name: rgw_keystone_accepted_roles
787 desc: Only users with one of these roles will be served when doing Keystone authentication.
788 fmt_desc: The roles required to serve requests.
789 default: Member, admin
793 - name: rgw_keystone_accepted_admin_roles
796 desc: List of roles allowing user to gain admin privileges (Keystone).
800 - name: rgw_keystone_token_cache_size
803 desc: Keystone token cache size
804 long_desc: Max number of Keystone tokens that will be cached. Token that is not
805 cached requires RGW to access the Keystone server when authenticating.
806 fmt_desc: The maximum number of entries in each Keystone token cache.
811 - name: rgw_keystone_verify_ssl
814 desc: Should RGW verify the Keystone server SSL certificate.
815 fmt_desc: Verify SSL certificates while making token requests to keystone.
820 - name: rgw_keystone_implicit_tenants
823 desc: RGW Keystone implicit tenants creation
824 long_desc: Implicitly create new users in their own tenant with the same name when
825 authenticating via Keystone. Can be limited to s3 or swift only.
839 - name: rgw_cross_domain_policy
842 desc: RGW handle cross domain policy
843 long_desc: Returned cross domain policy when accessing the crossdomain.xml resource
844 (Swift compatiility).
845 default: <allow-access-from domain="*" secure="false" />
849 - name: rgw_healthcheck_disabling_path
852 desc: Swift health check api can be disabled if a file can be accessed in this path.
856 - name: rgw_s3_auth_use_rados
859 desc: Should S3 authentication use credentials stored in RADOS backend.
864 - name: rgw_s3_auth_use_keystone
867 desc: Should S3 authentication use Keystone.
872 - name: rgw_s3_auth_order
875 desc: Authentication strategy order to use for s3 authentication
876 long_desc: Order of authentication strategies to try for s3 authentication, the
877 allowed options are a comma separated list of engines external, local. The default
878 order is to try all the externally configured engines before attempting local
879 rados based authentication
880 default: sts, external, local
884 - name: rgw_barbican_url
887 desc: URL to barbican server.
888 fmt_desc: The URL for the Barbican server.
892 # OpenLDAP-style LDAP parameter strings
896 desc: Space-separated list of LDAP servers in URI format.
897 default: ldaps://<ldap.your.domain>
901 - name: rgw_ldap_binddn
904 desc: LDAP entry RGW will bind with (user match).
905 default: uid=admin,cn=users,dc=example,dc=com
909 - name: rgw_ldap_searchdn
912 desc: LDAP search base (basedn).
913 default: cn=users,cn=accounts,dc=example,dc=com
917 - name: rgw_ldap_dnattr
920 desc: LDAP attribute containing RGW user names (to form binddns).
925 - name: rgw_ldap_secret
928 desc: Path to file containing credentials for rgw_ldap_binddn.
929 default: /etc/openldap/secret
933 - name: rgw_s3_auth_use_ldap
936 desc: Should S3 authentication use LDAP.
941 - name: rgw_ldap_searchfilter
944 desc: LDAP search filter.
951 desc: URL to OPA server.
955 - name: rgw_opa_token
958 desc: The Bearer token OPA uses to authenticate client requests.
962 - name: rgw_opa_verify_ssl
965 desc: Should RGW verify the OPA server SSL certificate.
970 - name: rgw_use_opa_authz
973 desc: Should OPA be used to authorize client requests.
978 - name: rgw_admin_entry
981 desc: Path prefix to be used for accessing RGW RESTful admin API.
982 fmt_desc: The entry point for an admin request URL.
987 - name: rgw_enforce_swift_acls
990 desc: RGW enforce swift acls
991 long_desc: Should RGW enforce special Swift-only ACLs. Swift has a special ACL that
992 gives permission to access all objects in a container.
993 fmt_desc: Enforces the Swift Access Control List (ACL) settings.
998 - name: rgw_swift_token_expiration
1001 desc: Expiration time (in seconds) for token generated through RGW Swift auth.
1002 fmt_desc: The time in seconds for expiring a Swift token.
1007 - name: rgw_print_continue
1010 desc: RGW support of 100-continue
1011 long_desc: Should RGW explicitly send 100 (continue) responses. This is mainly relevant
1012 when using FastCGI, as some FastCGI modules do not fully support this feature.
1013 fmt_desc: Enable ``100-continue`` if it is operational.
1018 - name: rgw_print_prohibited_content_length
1021 desc: RGW RFC-7230 compatibility
1022 long_desc: Specifies whether RGW violates RFC 7230 and sends Content-Length with
1023 204 or 304 statuses.
1028 - name: rgw_remote_addr_param
1031 desc: HTTP header that holds the remote address in incoming requests.
1032 long_desc: RGW will use this header to extract requests origin. When RGW runs behind
1033 a reverse proxy, the remote address header will point at the proxy's address and
1034 not at the originator's address. Therefore it is sometimes possible to have the
1035 proxy add the originator's address in a separate HTTP header, which will allow
1036 RGW to log it correctly.
1037 fmt_desc: The remote address parameter. For example, the HTTP field
1038 containing the remote address, or the ``X-Forwarded-For``
1039 address if a reverse proxy is operational.
1040 default: REMOTE_ADDR
1044 - rgw_enable_ops_log
1046 - name: rgw_op_thread_timeout
1049 desc: Timeout for async rados coroutine operations.
1050 fmt_desc: The timeout in seconds for open threads.
1055 - name: rgw_op_thread_suicide_timeout
1059 fmt_desc: The time ``timeout`` in seconds before a Ceph Object Gateway
1060 process dies. Disabled if set to ``0``.
1064 - name: rgw_thread_pool_size
1067 desc: RGW requests handling thread pool size.
1068 long_desc: This parameter determines the number of concurrent requests RGW can process
1069 when using either the civetweb, or the fastcgi frontends. The higher this number
1070 is, RGW will be able to deal with more concurrent requests at the cost of more
1071 resource utilization.
1072 fmt_desc: The size of the thread pool.
1077 - name: rgw_num_control_oids
1080 desc: Number of control objects used for cross-RGW communication.
1081 long_desc: RGW uses certain control objects to send messages between different RGW
1082 processes running on the same zone. These messages include metadata cache invalidation
1083 info that is being sent when metadata is modified (such as user or bucket information).
1084 A higher number of control objects allows better concurrency of these messages,
1085 at the cost of more resource utilization.
1086 fmt_desc: The number of notification objects used for cache synchronization
1087 between different ``rgw`` instances.
1092 - name: rgw_verify_ssl
1095 desc: Should RGW verify SSL when connecing to a remote HTTP server
1096 long_desc: RGW can send requests to other RGW servers (e.g., in multi-site sync
1097 work). This configurable selects whether RGW should verify the certificate for
1098 the remote peer and host.
1099 fmt_desc: Verify SSL certificates while making requests.
1104 - rgw_keystone_verify_ssl
1106 # The following are tunables for caches of RGW NFS (and other file
1109 # The file handle cache is a partitioned hash table
1110 # (fhcache_partitions), each with a closed hash part and backing
1111 # b-tree mapping. The number of partions is expected to be a small
1112 # prime, the cache size something larger but less than 5K, the total
1113 # size of the cache is n_part * cache_size.
1114 - name: rgw_nfs_lru_lanes
1121 - name: rgw_nfs_lru_lane_hiwat
1128 - name: rgw_nfs_fhcache_partitions
1135 - name: rgw_nfs_fhcache_size
1142 - name: rgw_nfs_namespace_expire_secs
1150 - name: rgw_nfs_max_gc
1158 - name: rgw_nfs_write_completion_interval_s
1165 # use fast S3 attrs from bucket index--currently assumes NFS mounts are immutable
1166 - name: rgw_nfs_s3_fast_attrs
1169 desc: use fast S3 attrs from bucket index (immutable only)
1170 long_desc: use fast S3 attrs from bucket index (assumes NFS mounts are immutable)
1175 # overrides for librgw/nfs
1176 - name: rgw_nfs_run_gc_threads
1179 desc: run GC threads in librgw (default off)
1184 - name: rgw_nfs_run_lc_threads
1187 desc: run lifecycle threads in librgw (default off)
1192 - name: rgw_nfs_run_quota_threads
1195 desc: run quota threads in librgw (default off)
1200 - name: rgw_nfs_run_sync_thread
1203 desc: run sync thread in librgw (default off)
1208 - name: rgw_nfs_frontends
1211 desc: RGW frontends configuration when running as librgw/nfs
1212 long_desc: A comma-delimited list of frontends configuration. Each configuration
1213 contains the type of the frontend followed by an optional space delimited set
1214 of key=value config parameters.
1215 fmt_desc: Configures the HTTP frontend(s). The configuration for multiple
1216 frontends can be provided in a comma-delimited list. Each frontend
1217 configuration may include a list of options separated by spaces,
1218 where each option is in the form "key=value" or "key". See
1219 `HTTP Frontends`_ for more on supported options.
1226 - name: rgw_rados_pool_autoscale_bias
1229 desc: pg_autoscale_bias value for RGW metadata (omap-heavy) pools
1235 - name: rgw_rados_pool_recovery_priority
1238 desc: recovery_priority value for RGW metadata (omap-heavy) pools
1248 fmt_desc: The name of the zone for the gateway instance. If no zone is
1249 set, a cluster-wide default can be configured with the command
1250 ``radosgw-admin zone default``.
1267 - name: rgw_zone_root_pool
1270 desc: Zone root pool name
1271 long_desc: The zone root pool, is the pool where the RGW zone configuration located.
1276 - rgw_zonegroup_root_pool
1277 - rgw_realm_root_pool
1278 - rgw_period_root_pool
1280 - name: rgw_default_zone_info_oid
1283 desc: Default zone info object id
1284 long_desc: Name of the RADOS object that holds the default zone information.
1285 default: default.zone
1293 long_desc: Obsolete config option. The rgw_zonegroup option should be used instead.
1299 - name: rgw_region_root_pool
1302 desc: Region root pool
1303 long_desc: Obsolete config option. The rgw_zonegroup_root_pool should be used instead.
1308 - rgw_zonegroup_root_pool
1310 - name: rgw_default_region_info_oid
1313 desc: Default region info object id
1314 long_desc: Obsolete config option. The rgw_default_zonegroup_info_oid should be
1316 default: default.region
1320 - rgw_default_zonegroup_info_oid
1322 - name: rgw_zonegroup
1325 desc: Zonegroup name
1326 fmt_desc: The name of the zonegroup for the gateway instance. If no
1327 zonegroup is set, a cluster-wide default can be configured with
1328 the command ``radosgw-admin zonegroup default``.
1335 - name: rgw_zonegroup_id
1345 - name: rgw_zonegroup_root_pool
1348 desc: Zonegroup root pool
1349 long_desc: The zonegroup root pool, is the pool where the RGW zonegroup configuration
1355 - rgw_zone_root_pool
1356 - rgw_realm_root_pool
1357 - rgw_period_root_pool
1359 - name: rgw_default_zonegroup_info_oid
1362 default: default.zonegroup
1369 fmt_desc: The name of the realm for the gateway instance. If no realm is
1370 set, a cluster-wide default can be configured with the command
1371 ``radosgw-admin realm default``.
1375 - name: rgw_realm_id
1380 - name: rgw_realm_root_pool
1383 desc: Realm root pool
1384 long_desc: The realm root pool, is the pool where the RGW realm configuration located.
1389 - rgw_zonegroup_root_pool
1390 - rgw_zone_root_pool
1391 - rgw_period_root_pool
1393 - name: rgw_default_realm_info_oid
1396 default: default.realm
1400 - name: rgw_period_root_pool
1403 desc: Period root pool
1404 long_desc: The period root pool, is the pool where the RGW period configuration
1410 - rgw_zonegroup_root_pool
1411 - rgw_zone_root_pool
1412 - rgw_realm_root_pool
1414 - name: rgw_period_latest_epoch_info_oid
1417 default: .latest_epoch
1421 - name: rgw_log_nonexistent_bucket
1424 desc: Should RGW log operations on bucket that does not exist
1425 long_desc: This config option applies to the ops log. When this option is set, the
1426 ops log will log operations that are sent to non existing buckets. These operations
1427 inherently fail, and do not correspond to a specific user.
1428 fmt_desc: Enables Ceph Object Gateway to log a request for a non-existent
1434 - rgw_enable_ops_log
1436 # man date to see codes (a subset are supported)
1437 - name: rgw_log_object_name
1440 desc: Ops log object name format
1441 long_desc: Defines the format of the RADOS objects names that ops log uses to store
1443 fmt_desc: The logging format for an object name. See ma npage
1444 :manpage:`date` for details about format specifiers.
1445 default: '%Y-%m-%d-%H-%i-%n'
1449 - rgw_enable_ops_log
1451 - name: rgw_log_object_name_utc
1454 desc: Should ops log object name based on UTC
1455 long_desc: If set, the names of the RADOS objects that hold the ops log data will
1456 be based on UTC time zone. If not set, it will use the local time zone.
1457 fmt_desc: Whether a logged object name includes a UTC time.
1458 If ``false``, it uses the local time.
1463 - rgw_enable_ops_log
1464 - rgw_log_object_name
1466 - name: rgw_usage_max_shards
1469 desc: Number of shards for usage log.
1470 long_desc: The number of RADOS objects that RGW will use in order to store the usage
1472 fmt_desc: The maximum number of shards for usage logging.
1477 - rgw_enable_usage_log
1479 - name: rgw_usage_max_user_shards
1482 desc: Number of shards for single user in usage log
1483 long_desc: The number of shards that a single user will span over in the usage log.
1484 fmt_desc: The maximum number of shards used for a single user's
1490 - rgw_enable_usage_log
1493 # enable logging every rgw operation
1494 - name: rgw_enable_ops_log
1497 desc: Enable ops log
1498 fmt_desc: Enable logging for each successful Ceph Object Gateway operation.
1503 - rgw_log_nonexistent_bucket
1504 - rgw_log_object_name
1506 - rgw_ops_log_socket_path
1507 - rgw_ops_log_file_path
1509 # enable logging bandwidth usage
1510 - name: rgw_enable_usage_log
1513 desc: Enable the usage log
1518 - rgw_usage_max_shards
1520 # whether ops log should go to rados
1521 - name: rgw_ops_log_rados
1524 desc: Use RADOS for ops log
1525 long_desc: If set, RGW will store ops log information in RADOS. WARNING,
1526 there is no automation to clean up these log entries, so by default they
1527 will pile up without bound. This MUST NOT be enabled unless the admin has
1528 a strategy to manage and trim these log entries with `radosgw-admin log rm`.
1529 fmt_desc: Whether the operations log should be written to the
1530 Ceph Storage Cluster backend.
1535 - rgw_enable_ops_log
1536 - rgw_log_object_name_utc
1537 - rgw_log_object_name
1539 # path to unix domain socket where ops log can go
1540 - name: rgw_ops_log_socket_path
1543 desc: Unix domain socket path for ops log.
1544 long_desc: Path to unix domain socket that RGW will listen for connection on. When
1545 connected, RGW will send ops log data through it.
1546 fmt_desc: The Unix domain socket for writing operations logs.
1550 - rgw_enable_ops_log
1551 - rgw_ops_log_data_backlog
1553 # path to file where ops log can go
1554 - name: rgw_ops_log_file_path
1557 desc: File-system path for ops log.
1558 long_desc: Path to file that RGW will log ops logs to. A cephadm deployment will automatically
1559 rotate these logs under /var/log/ceph/. Other deployments should arrange for similar log rotation.
1560 fmt_desc: The file-system path for writing operations logs.
1561 daemon_default: /var/log/ceph/ops-log-$cluster-$name.log
1565 - rgw_enable_ops_log
1567 # max data backlog for ops log
1568 - name: rgw_ops_log_data_backlog
1571 desc: Ops log socket backlog
1572 long_desc: Maximum amount of data backlog that RGW can keep when ops log is configured
1573 to send info through unix domain socket. When data backlog is higher than this,
1574 ops log entries will be lost. In order to avoid ops log information loss, the
1575 listener needs to clear data (by reading it) quickly enough.
1576 fmt_desc: The maximum data backlog data size for operations logs written
1577 to a Unix domain socket.
1582 - rgw_enable_ops_log
1583 - rgw_ops_log_socket_path
1585 - name: rgw_usage_log_flush_threshold
1588 desc: Number of entries in usage log before flushing
1589 long_desc: This is the max number of entries that will be held in the usage log,
1590 before it will be flushed to the backend. Note that the usage log is periodically
1591 flushed, even if number of entries does not reach this threshold. A usage log
1592 entry corresponds to one or more operations on a single bucket.i
1593 fmt_desc: The number of dirty merged entries in the usage log before
1594 flushing synchronously.
1599 - rgw_enable_usage_log
1600 - rgw_usage_log_tick_interval
1602 - name: rgw_usage_log_tick_interval
1605 desc: Number of seconds between usage log flush cycles
1606 long_desc: The number of seconds between consecutive usage log flushes. The usage
1607 log will also flush itself to the backend if the number of pending entries reaches
1608 a certain threshold.
1609 fmt_desc: Flush pending usage log data every ``n`` seconds.
1614 - rgw_enable_usage_log
1615 - rgw_usage_log_flush_threshold
1617 - name: rgw_init_timeout
1620 desc: Initialization timeout
1621 long_desc: The time length (in seconds) that RGW will allow for its initialization.
1622 RGW process will give up and quit if initialization is not complete after this
1624 fmt_desc: The number of seconds before Ceph Object Gateway gives up on
1630 - name: rgw_mime_types_file
1633 desc: Path to local mime types file
1634 long_desc: The mime types file is needed in Swift when uploading an object. If object's
1635 content type is not specified, RGW will use data from this file to assign a content
1637 fmt_desc: The path and location of the MIME-types file. Used for Swift
1638 auto-detection of object types.
1639 default: /etc/mime.types
1643 - name: rgw_gc_max_objs
1646 desc: Number of shards for garbage collector data
1647 long_desc: The number of garbage collector data shards, is the number of RADOS objects
1648 that RGW will use to store the garbage collection information on.
1649 fmt_desc: The maximum number of objects that may be handled by
1650 garbage collection in one garbage collection processing cycle.
1651 Please do not change this value after the first deployment.
1656 - rgw_gc_obj_min_wait
1657 - rgw_gc_processor_max_time
1658 - rgw_gc_processor_period
1659 - rgw_gc_max_concurrent_io
1661 # wait time before object may be handled by gc, recommended lower limit is 30 mins
1662 - name: rgw_gc_obj_min_wait
1665 desc: Garbage collection object expiration time
1666 long_desc: The length of time (in seconds) that the RGW collector will wait before
1667 purging a deleted object's data. RGW will not remove object immediately, as object
1668 could still have readers. A mechanism exists to increase the object's expiration
1669 time when it's being read. The recommended value of its lower limit is 30 minutes
1670 fmt_desc: The minimum wait time before a deleted object may be removed
1671 and handled by garbage collection processing.
1677 - rgw_gc_processor_max_time
1678 - rgw_gc_processor_period
1679 - rgw_gc_max_concurrent_io
1681 - name: rgw_gc_processor_max_time
1684 desc: Length of time GC processor can lease shard
1685 long_desc: Garbage collection thread in RGW process holds a lease on its data shards.
1686 These objects contain the information about the objects that need to be removed.
1687 RGW takes a lease in order to prevent multiple RGW processes from handling the
1688 same objects concurrently. This time signifies that maximum amount of time (in
1689 seconds) that RGW is allowed to hold that lease. In the case where RGW goes down
1690 uncleanly, this is the amount of time where processing of that data shard will
1692 fmt_desc: The maximum time between the beginning of two consecutive garbage
1693 collection processing cycles.
1699 - rgw_gc_obj_min_wait
1700 - rgw_gc_processor_period
1701 - rgw_gc_max_concurrent_io
1703 - name: rgw_gc_processor_period
1706 desc: Garbage collector cycle run time
1707 long_desc: The amount of time between the start of consecutive runs of the garbage
1708 collector threads. If garbage collector runs takes more than this period, it will
1709 not wait before running again.
1710 fmt_desc: The cycle time for garbage collection processing.
1716 - rgw_gc_obj_min_wait
1717 - rgw_gc_processor_max_time
1718 - rgw_gc_max_concurrent_io
1719 - rgw_gc_max_trim_chunk
1721 - name: rgw_gc_max_concurrent_io
1724 desc: Max concurrent RADOS IO operations for garbage collection
1725 long_desc: The maximum number of concurrent IO operations that the RGW garbage collection
1726 thread will use when purging old data.
1732 - rgw_gc_obj_min_wait
1733 - rgw_gc_processor_max_time
1734 - rgw_gc_max_trim_chunk
1736 - name: rgw_gc_max_trim_chunk
1739 desc: Max number of keys to remove from garbage collector log in a single operation
1745 - rgw_gc_obj_min_wait
1746 - rgw_gc_processor_max_time
1747 - rgw_gc_max_concurrent_io
1749 - name: rgw_gc_max_deferred_entries_size
1752 desc: maximum allowed size of deferred entries in queue head for gc
1757 - name: rgw_gc_max_queue_size
1760 desc: Maximum allowed queue size for gc
1761 long_desc: The maximum allowed size of each gc queue, and its value should not be
1762 greater than (osd_max_object_size - rgw_gc_max_deferred_entries_size - 1K).
1767 - osd_max_object_size
1768 - rgw_gc_max_deferred_entries_size
1770 - name: rgw_gc_max_deferred
1773 desc: Number of maximum deferred data entries to be stored in queue for gc
1778 - name: rgw_s3_success_create_obj_status
1781 desc: HTTP return code override for object creation
1782 long_desc: If not zero, this is the HTTP return code that will be returned on a
1783 successful S3 object creation.
1784 fmt_desc: The alternate success status response for ``create-obj``.
1789 - name: rgw_s3_client_max_sig_ver
1792 desc: Max S3 authentication signature version
1793 long_desc: If greater than zero, would force max signature version to use
1797 - name: rgw_resolve_cname
1800 desc: Support vanity domain names via CNAME
1801 long_desc: If true, RGW will query DNS when detecting that it's serving a request
1802 that was sent to a host in another domain. If a CNAME record is configured for
1803 that domain it will use it instead. This gives user to have the ability of creating
1804 a unique domain of their own to point at data in their bucket.
1805 fmt_desc: Whether ``rgw`` should use DNS CNAME record of the request
1806 hostname field (if hostname is not equal to ``rgw dns name``).
1811 - name: rgw_obj_stripe_size
1814 desc: RGW object stripe size
1815 long_desc: The size of an object stripe for RGW objects. This is the maximum size
1816 a backing RADOS object will have. RGW objects that are larger than this will span
1817 over multiple objects.
1818 fmt_desc: The size of an object stripe for Ceph Object Gateway objects.
1819 See `Architecture`_ for details on striping.
1824 # list of extended attrs that can be set on objects (beyond the default)
1825 - name: rgw_extended_http_attrs
1828 desc: RGW support extended HTTP attrs
1829 long_desc: Add new set of attributes that could be set on an object. These extra
1830 attributes can be set through HTTP header fields when putting the objects. If
1831 set, these attributes will return as HTTP fields when doing GET/HEAD on the object.
1832 fmt_desc: Add new set of attributes that could be set on an entity
1833 (user, bucket or object). These extra attributes can be set
1834 through HTTP header fields when putting the entity or modifying
1835 it using POST method. If set, these attributes will return as
1836 HTTP fields when doing GET/HEAD on the entity.
1839 example: content_foo, content_bar, x-foo-bar
1841 - name: rgw_exit_timeout_secs
1844 desc: RGW shutdown timeout
1845 long_desc: Number of seconds to wait for a process before exiting unconditionally.
1850 - name: rgw_get_obj_window_size
1853 desc: RGW object read window size
1854 long_desc: The window size in bytes for a single object read request
1859 - name: rgw_get_obj_max_req_size
1862 desc: RGW object read chunk size
1863 long_desc: The maximum request size of a single object read operation sent to RADOS
1864 fmt_desc: The maximum request size of a single get operation sent to the
1865 Ceph Storage Cluster.
1870 - name: rgw_relaxed_s3_bucket_names
1873 desc: RGW enable relaxed S3 bucket names
1874 long_desc: RGW enable relaxed S3 bucket name rules for US region buckets.
1875 fmt_desc: Enables relaxed S3 bucket names rules for US region buckets.
1880 - name: rgw_defer_to_bucket_acls
1883 desc: Bucket ACLs override object ACLs
1884 long_desc: If not empty, a string that selects that mode of operation. 'recurse'
1885 will use bucket's ACL for the authorization. 'full-control' will allow users that
1886 users that have full control permission on the bucket have access to the object.
1890 - name: rgw_list_buckets_max_chunk
1893 desc: Max number of buckets to retrieve in a single listing operation
1894 long_desc: When RGW fetches lists of user's buckets from the backend, this is the
1895 max number of entries it will try to retrieve in a single operation. Note that
1896 the backend may choose to return a smaller number of entries.
1897 fmt_desc: The maximum number of buckets to retrieve in a single operation
1898 when listing user buckets.
1903 - name: rgw_md_log_max_shards
1906 desc: RGW number of metadata log shards
1907 long_desc: The number of shards the RGW metadata log entries will reside in. This
1908 affects the metadata sync parallelism as a shard can only be processed by a single
1910 fmt_desc: The maximum number of shards for the metadata log.
1915 - name: rgw_curl_buffersize
1918 long_desc: 'Pass a long specifying your preferred size (in bytes) for the receivebuffer
1919 in libcurl. See: https://curl.se/libcurl/c/CURLOPT_BUFFERSIZE.html'
1926 - name: rgw_curl_wait_timeout_ms
1930 fmt_desc: The timeout in milliseconds for certain ``curl`` calls.
1934 - name: rgw_curl_low_speed_limit
1937 long_desc: It contains the average transfer speed in bytes per second that the transfer
1938 should be below during rgw_curl_low_speed_time seconds for libcurl to consider
1939 it to be too slow and abort. Set it zero to disable this.
1944 - name: rgw_curl_low_speed_time
1947 long_desc: It contains the time in number seconds that the transfer speed should
1948 be below the rgw_curl_low_speed_limit for the library to consider it too slow
1949 and abort. Set it zero to disable this.
1954 - name: rgw_curl_tcp_keepalive
1957 long_desc: Enable TCP keepalive on the HTTP client sockets managed by libcurl. This does not apply to connections received by the HTTP frontend, but only to HTTP requests sent by radosgw. Examples include requests to Keystone for authentication, sync requests from multisite, and requests to key management servers for SSE.
1965 - name: rgw_copy_obj_progress
1968 desc: Send progress report through copy operation
1969 long_desc: If true, RGW will send progress information when copy operation is executed.
1970 fmt_desc: Enables output of object progress during long copy operations.
1975 - name: rgw_copy_obj_progress_every_bytes
1978 desc: Send copy-object progress info after these many bytes
1979 fmt_desc: The minimum bytes between copy progress output.
1984 - name: rgw_max_copy_obj_concurrent_io
1987 desc: Number of refcount operations to process concurrently when executing copy_obj
1992 - name: rgw_sync_obj_etag_verify
1995 desc: Verify if the object copied from remote is identical to its source
1996 long_desc: If true, this option computes the MD5 checksum of the data which is written
1997 at the destination and checks if it is identical to the ETAG stored in the source.
1998 It ensures integrity of the objects fetched from a remote server over HTTP including
2004 - name: rgw_obj_tombstone_cache_size
2007 desc: Max number of entries to keep in tombstone cache
2008 long_desc: The tombstone cache is used when doing a multi-zone data sync. RGW keeps
2009 there information about removed objects which is needed in order to prevent re-syncing
2010 of objects that were already removed.
2015 - name: rgw_data_log_window
2018 desc: Data log time window
2019 long_desc: The data log keeps information about buckets that have objectst that
2020 were modified within a specific timeframe. The sync process then knows which buckets
2021 are needed to be scanned for data sync.
2022 fmt_desc: The data log entries window in seconds.
2027 - name: rgw_data_log_changes_size
2030 desc: Max size of pending changes in data log
2031 long_desc: RGW will trigger update to the data log if the number of pending entries
2032 reached this number.
2033 fmt_dsec: The number of in-memory entries to hold for the data changes log.
2038 - name: rgw_data_log_num_shards
2041 desc: Number of data log shards
2042 long_desc: The number of shards the RGW data log entries will reside in. This affects
2043 the data sync parallelism as a shard can only be processed by a single RGW at
2045 fmt_desc: The number of shards (objects) on which to keep the
2051 - name: rgw_data_log_obj_prefix
2055 fmt_desc: The object name prefix for the data log.
2059 - name: rgw_data_sync_poll_interval
2063 fmt_desc: Once multisite's incremental sync of a datalog shard is caught up
2064 with its source, it will wait this long (in seconds) before polling for
2069 - rgw_meta_sync_poll_interval
2071 - name: rgw_meta_sync_poll_interval
2075 fmt_desc: Once multisite's incremental sync of a mdlog shard is caught up
2076 with its source, it will wait this long (in seconds) before polling for
2081 - rgw_data_sync_poll_interval
2083 - name: rgw_bucket_sync_spawn_window
2087 fmt_desc: The maximum number of items that bucket sync is willing to
2088 process in parallel (per remote bilog shard).
2092 - rgw_data_sync_spawn_window
2093 - rgw_meta_sync_spawn_window
2095 - name: rgw_data_sync_spawn_window
2099 fmt_desc: The maximum number of items that data sync is willing to
2100 process in parallel (per remote datalog shard).
2104 - rgw_bucket_sync_spawn_window
2105 - rgw_meta_sync_spawn_window
2107 - name: rgw_meta_sync_spawn_window
2111 fmt_desc: The maximum number of items that metadata sync is willing to
2112 process in parallel (per remote mdlog shard).
2116 - rgw_bucket_sync_spawn_window
2117 - rgw_data_sync_spawn_window
2119 - name: rgw_bucket_quota_ttl
2122 desc: Bucket quota stats cache TTL
2123 long_desc: Length of time for bucket stats to be cached within RGW instance.
2124 fmt_desc: The amount of time in seconds cached quota information is
2125 trusted. After this timeout, the quota information will be
2126 re-fetched from the cluster.
2131 - name: rgw_bucket_quota_cache_size
2134 desc: RGW quota stats cache size
2135 long_desc: Maximum number of entries in the quota stats cache.
2140 - name: rgw_bucket_default_quota_max_objects
2143 desc: Default quota for max objects in a bucket
2144 long_desc: The default quota configuration for max number of objects in a bucket.
2145 A negative number means 'unlimited'.
2146 fmt_desc: Default max number of objects per bucket. Set on new users,
2147 if no other quota is specified. Has no effect on existing users.
2148 This variable should be set in the client or global sections
2149 so that it is automatically applied to radosgw-admin commands.
2154 - name: rgw_bucket_default_quota_max_size
2157 desc: Default quota for total size in a bucket
2158 long_desc: The default quota configuration for total size of objects in a bucket.
2159 A negative number means 'unlimited'.
2160 fmt_desc: Default max capacity per bucket, in bytes. Set on new users,
2161 if no other quota is specified. Has no effect on existing users.
2166 - name: rgw_expose_bucket
2169 desc: Send Bucket HTTP header with the response
2170 long_desc: If true, RGW will send a Bucket HTTP header with the responses. The header
2171 will contain the name of the bucket the operation happened on.
2176 - name: rgw_frontends
2179 desc: RGW frontends configuration
2180 long_desc: A comma delimited list of frontends configuration. Each configuration
2181 contains the type of the frontend followed by an optional space delimited set
2182 of key=value config parameters.
2183 fmt_desc: Configures the HTTP frontend(s). The configuration for multiple
2184 frontends can be provided in a comma-delimited list. Each frontend
2185 configuration may include a list of options separated by spaces,
2186 where each option is in the form "key=value" or "key". See
2187 `HTTP Frontends`_ for more on supported options.
2188 default: beast port=7480
2192 - name: rgw_frontend_defaults
2195 desc: RGW frontends default configuration
2196 long_desc: A comma delimited list of default frontends configuration.
2197 default: beast ssl_certificate=config://rgw/cert/$realm/$zone.crt ssl_private_key=config://rgw/cert/$realm/$zone.key
2200 - name: rgw_beast_enable_async
2203 desc: Enable async request processing under beast using coroutines
2204 long_desc: When enabled, the beast frontend will process requests using
2205 coroutines, allowing the concurrent processing of several requests on the
2206 same thread. When disabled, the number of concurrent requests will be
2207 limited by the thread count, but debugging and tracing the synchronous
2208 calls can be easier.
2213 - name: rgw_user_quota_bucket_sync_interval
2216 desc: User quota bucket sync interval
2217 long_desc: Time period for accumulating modified buckets before syncing these stats.
2218 fmt_desc: The amount of time in seconds bucket quota information is
2219 accumulated before syncing to the cluster. During this time,
2220 other RGW instances will not see the changes in bucket quota
2221 stats from operations on this instance.
2226 - name: rgw_user_quota_sync_interval
2229 desc: User quota sync interval
2230 long_desc: Time period for accumulating modified buckets before syncing entire user
2232 fmt_desc: The amount of time in seconds user quota information is
2233 accumulated before syncing to the cluster. During this time,
2234 other RGW instances will not see the changes in user quota stats
2235 from operations on this instance.
2240 - name: rgw_user_quota_sync_idle_users
2243 desc: Should sync idle users quota
2244 long_desc: Whether stats for idle users be fully synced.
2249 - name: rgw_user_quota_sync_wait_time
2252 desc: User quota full-sync wait time
2253 long_desc: Minimum time between two full stats sync for non-idle users.
2258 - name: rgw_user_default_quota_max_objects
2261 desc: User quota max objects
2262 long_desc: The default quota configuration for total number of objects for a single
2263 user. A negative number means 'unlimited'.
2264 fmt_desc: Default max number of objects for a user. This includes all
2265 objects in all buckets owned by the user. Set on new users,
2266 if no other quota is specified. Has no effect on existing users.
2271 - name: rgw_user_default_quota_max_size
2274 desc: User quota max size
2275 long_desc: The default quota configuration for total size of objects for a single
2276 user. A negative number means 'unlimited'.
2277 fmt_desc: The value for user max size quota in bytes set on new users,
2278 if no other quota is specified. Has no effect on existing users.
2283 - name: rgw_multipart_min_part_size
2286 desc: Minimum S3 multipart-upload part size
2287 long_desc: When doing a multipart upload, each part (other than the last part) must
2288 be at least this size.
2293 - name: rgw_multipart_part_upload_limit
2296 desc: Max number of parts in multipart upload
2301 - name: rgw_max_slo_entries
2304 desc: Max number of entries in Swift Static Large Object manifest
2309 - name: rgw_olh_pending_timeout_sec
2312 desc: Max time for pending OLH change to complete
2313 long_desc: OLH is a versioned object's logical head. Operations on it are journaled
2314 and as pending before completion. If an operation doesn't complete with this amount
2315 of seconds, we remove the operation from the journal.
2320 - name: rgw_user_max_buckets
2323 desc: Max number of buckets per user
2324 long_desc: A user can create at most this number of buckets. Zero means no limit;
2325 a negative value means users cannot create any new buckets, although users will
2326 retain buckets already created.
2331 - name: rgw_objexp_gc_interval
2334 desc: Swift objects expirer garbage collector interval
2339 - name: rgw_objexp_hints_num_shards
2342 desc: Number of object expirer data shards
2343 long_desc: The number of shards the (Swift) object expirer will store its data on.
2348 # maximum number of entries in a single operation when processing objexp data
2349 - name: rgw_objexp_chunk_size
2356 - name: rgw_enable_static_website
2359 desc: Enable static website APIs
2360 long_desc: This configurable controls whether RGW handles the website control APIs.
2361 RGW can server static websites if s3website hostnames are configured, and unrelated
2362 to this configurable.
2367 - name: rgw_user_unique_email
2370 desc: Require local RGW users to have unique email addresses
2371 long_desc: Enforce builtin user accounts to have unique email addresses. This setting
2372 is historical. In future, non-enforcement of email address uniqueness is likely
2373 to become the default.
2377 - name: rgw_log_http_headers
2380 desc: List of HTTP headers to log
2381 long_desc: A comma delimited list of HTTP headers to log when seen, ignores case
2382 (e.g., http_x_forwarded_for).
2383 fmt_desc: Comma-delimited list of HTTP headers to include with ops
2384 log entries. Header names are case insensitive, and use
2385 the full header name with words separated by underscores.
2386 example: http_x_forwarded_for, http_x_special_k
2390 - name: rgw_num_async_rados_threads
2393 desc: Number of concurrent RADOS operations in multisite sync
2394 long_desc: The number of concurrent RADOS IO operations that will be triggered for
2395 handling multisite sync operations. This includes control related work, and not
2396 the actual sync operations.
2401 - name: rgw_md_notify_interval_msec
2404 desc: Length of time to aggregate metadata changes
2405 long_desc: Length of time (in milliseconds) in which the master zone aggregates
2406 all the metadata changes that occurred, before sending notifications to all the
2412 - name: rgw_run_sync_thread
2415 desc: Should run sync thread
2416 fmt_desc: If there are other zones in the realm to sync from, spawn threads
2417 to handle the sync of data and metadata.
2422 - name: rgw_sync_lease_period
2429 - name: rgw_sync_log_trim_interval
2432 desc: Sync log trim interval
2433 long_desc: Time in seconds between attempts to trim sync logs.
2438 - name: rgw_sync_log_trim_max_buckets
2441 desc: Maximum number of buckets to trim per interval
2442 long_desc: The maximum number of buckets to consider for bucket index log trimming
2443 each trim interval, regardless of the number of bucket index shards. Priority
2444 is given to buckets with the most sync activity over the last trim interval.
2449 - rgw_sync_log_trim_interval
2450 - rgw_sync_log_trim_min_cold_buckets
2451 - rgw_sync_log_trim_concurrent_buckets
2452 - name: rgw_sync_log_trim_min_cold_buckets
2455 desc: Minimum number of cold buckets to trim per interval
2456 long_desc: Of the `rgw_sync_log_trim_max_buckets` selected for bucket index log
2457 trimming each trim interval, at least this many of them must be 'cold' buckets.
2458 These buckets are selected in order from the list of all bucket instances, to
2459 guarantee that all buckets will be visited eventually.
2464 - rgw_sync_log_trim_interval
2465 - rgw_sync_log_trim_max_buckets
2466 - rgw_sync_log_trim_concurrent_buckets
2467 - name: rgw_sync_log_trim_concurrent_buckets
2470 desc: Maximum number of buckets to trim in parallel
2475 - rgw_sync_log_trim_interval
2476 - rgw_sync_log_trim_max_buckets
2477 - rgw_sync_log_trim_min_cold_buckets
2478 - name: rgw_sync_data_inject_err_probability
2485 - name: rgw_sync_meta_inject_err_probability
2492 - name: rgw_sync_data_full_inject_err_probability
2499 - name: rgw_sync_trace_history_size
2502 desc: Sync trace history size
2503 long_desc: Maximum number of complete sync trace entries to keep.
2508 - name: rgw_sync_trace_per_node_log_size
2511 desc: Sync trace per-node log size
2512 long_desc: The number of log entries to keep per sync-trace node.
2517 - name: rgw_sync_trace_servicemap_update_interval
2520 desc: Sync-trace service-map update interval
2521 long_desc: Number of seconds between service-map updates of sync-trace events.
2526 - name: rgw_period_push_interval
2529 desc: Period push interval
2530 long_desc: Number of seconds to wait before retrying 'period push' operation.
2535 - name: rgw_period_push_interval_max
2538 desc: Period push maximum interval
2539 long_desc: The max number of seconds to wait before retrying 'period push' after
2540 exponential backoff.
2545 - name: rgw_safe_max_objects_per_shard
2548 desc: Safe number of objects per shard
2549 long_desc: This is the max number of objects per bucket index shard that RGW considers
2550 safe. RGW will warn if it identifies a bucket where its per-shard count is higher
2551 than a percentage of this number.
2556 - rgw_shard_warning_threshold
2558 # pct of safe max at which to warn
2559 - name: rgw_shard_warning_threshold
2562 desc: Warn about max objects per shard
2563 long_desc: Warn if number of objects per shard in a specific bucket passed this
2564 percentage of the safe number.
2569 - rgw_safe_max_objects_per_shard
2571 - name: rgw_swift_versioning_enabled
2574 desc: Enable Swift versioning
2576 Enables the Object Versioning of OpenStack Object Storage API.
2577 This allows clients to put the ``X-Versions-Location`` attribute
2578 on containers that should be versioned. The attribute specifies
2579 the name of container storing archived versions. It must be owned
2580 by the same user that the versioned container due to access
2581 control verification - ACLs are NOT taken into consideration.
2582 Those containers cannot be versioned by the S3 object versioning
2585 A slightly different attribute, ``X-History-Location``, which is also understood by
2586 `OpenStack Swift <https://docs.openstack.org/swift/latest/api/object_versioning.html>`_
2587 for handling ``DELETE`` operations, is currently not supported.
2592 - name: rgw_swift_custom_header
2595 desc: Enable swift custom header
2596 long_desc: If not empty, specifies a name of HTTP header that can include custom
2597 data. When uploading an object, if this header is passed RGW will store this header
2598 info and it will be available when listing the bucket.
2602 - name: rgw_swift_need_stats
2605 desc: Enable stats on bucket listing in Swift
2610 - name: rgw_reshard_num_logs
2618 - name: rgw_reshard_bucket_lock_duration
2621 desc: Number of seconds the timeout on the reshard locks (bucket reshard lock and
2622 reshard log lock) are set to. As a reshard proceeds these locks can be renewed/extended.
2623 If too short, reshards cannot complete and will fail, causing a future reshard
2624 attempt. If too long a hung or crashed reshard attempt will keep the bucket locked
2625 for an extended period, not allowing RGW to detect the failed reshard attempt
2634 - name: rgw_debug_inject_set_olh_err
2637 desc: Whether to inject errors between rados olh modification initialization and
2638 bucket index instance linking. The value determines the error code. This exists
2639 for development and testing purposes to help simulate cases where bucket index
2640 entries aren't cleaned up by the request thread after an error scenario.
2645 - name: rgw_debug_inject_olh_cancel_modification_err
2648 desc: Whether to inject an error to simulate a failure to cancel olh
2649 modification. This exists for development and testing purposes.
2654 - name: rgw_reshard_batch_size
2657 desc: Number of reshard entries to batch together before sending the operations
2666 - name: rgw_reshard_max_aio
2669 desc: Maximum number of outstanding asynchronous I/O operations to allow at a time
2678 - name: rgw_trust_forwarded_https
2681 desc: Trust Forwarded and X-Forwarded-Proto headers
2682 long_desc: When a proxy in front of radosgw is used for ssl termination, radosgw
2683 does not know whether incoming http connections are secure. Enable this option
2684 to trust the Forwarded and X-Forwarded-Proto headers sent by the proxy when determining
2685 whether the connection is secure. This is required for some features, such as
2686 server side encryption. (Never enable this setting if you do not have a trusted
2687 proxy in front of radosgw, or else malicious users will be able to set these headers
2689 fmt_desc: When a proxy in front of radosgw is used for ssl termination, radosgw
2690 does not know whether incoming http connections are secure. Enable
2691 this option to trust the ``Forwarded`` and ``X-Forwarded-Proto`` headers
2692 sent by the proxy when determining whether the connection is secure.
2693 This is required for some features, such as server side encryption.
2694 (Never enable this setting if you do not have a trusted proxy in front of
2695 radosgw, or else malicious users will be able to set these headers in
2701 - rgw_crypt_require_ssl
2703 - name: rgw_crypt_require_ssl
2706 desc: Requests including encryption key headers must be sent over ssl
2711 # base64 encoded key for encryption of rgw objects
2712 - name: rgw_crypt_default_encryption_key
2718 - name: rgw_crypt_s3_kms_backend
2721 desc: Where the SSE-KMS encryption keys are stored. Supported KMS systems are OpenStack
2722 Barbican ('barbican', the default) and HashiCorp Vault ('vault').
2723 fmt_desc: Where the SSE-KMS encryption keys are stored. Supported KMS
2724 systems are OpenStack Barbican (``barbican``, the default) and
2725 HashiCorp Vault (``vault``).
2735 # extra keys that may be used for aws:kms
2736 # defined as map "key1=YmluCmJvb3N0CmJvb3N0LQ== key2=b3V0CnNyYwpUZXN0aW5nCg=="
2737 - name: rgw_crypt_s3_kms_encryption_keys
2743 - name: rgw_crypt_vault_auth
2746 desc: Type of authentication method to be used with Vault.
2747 fmt_desc: Type of authentication method to be used. The only method
2748 currently supported is ``token``.
2753 - rgw_crypt_s3_kms_backend
2754 - rgw_crypt_vault_addr
2755 - rgw_crypt_vault_token_file
2760 - name: rgw_crypt_vault_token_file
2763 desc: If authentication method is 'token', provide a path to the token file, which
2764 for security reasons should readable only by Rados Gateway.
2768 - rgw_crypt_s3_kms_backend
2769 - rgw_crypt_vault_auth
2770 - rgw_crypt_vault_addr
2772 - name: rgw_crypt_vault_addr
2775 desc: Vault server base address.
2776 fmt_desc: Vault server base address, e.g. ``http://vaultserver:8200``.
2780 - rgw_crypt_s3_kms_backend
2781 - rgw_crypt_vault_auth
2782 - rgw_crypt_vault_prefix
2784 # Optional URL prefix to Vault secret path
2785 - name: rgw_crypt_vault_prefix
2788 desc: Vault secret URL prefix, which can be used to restrict access to a particular
2789 subset of the Vault secret space.
2790 fmt_desc: The Vault secret URL prefix, which can be used to restrict access
2791 to a particular subset of the secret space, e.g. ``/v1/secret/data``.
2795 - rgw_crypt_s3_kms_backend
2796 - rgw_crypt_vault_addr
2797 - rgw_crypt_vault_auth
2799 # kv, transit or other supported secret engines
2800 - name: rgw_crypt_vault_secret_engine
2803 desc: Vault Secret Engine to be used to retrieve encryption keys.
2805 Vault Secret Engine to be used to retrieve encryption keys: choose
2806 between kv-v2, transit.
2811 - rgw_crypt_s3_kms_backend
2812 - rgw_crypt_vault_auth
2813 - rgw_crypt_vault_addr
2815 # Vault Namespace (only availabe in Vault Enterprise Version)
2816 - name: rgw_crypt_vault_namespace
2819 desc: Vault Namespace to be used to select your tenant
2820 fmt_desc: If set, Vault Namespace provides tenant isolation for teams and individuals
2821 on the same Vault Enterprise instance, e.g. ``acme/tenant1``
2825 - rgw_crypt_s3_kms_backend
2826 - rgw_crypt_vault_auth
2827 - rgw_crypt_vault_addr
2829 # Enable TLS authentication rgw and vault
2830 - name: rgw_crypt_vault_verify_ssl
2833 desc: Should RGW verify the vault server SSL certificate.
2839 - name: rgw_crypt_vault_ssl_cacert
2842 desc: Path for custom ca certificate for accessing vault server
2846 - name: rgw_crypt_vault_ssl_clientcert
2849 desc: Path for custom client certificate for accessing vault server
2853 - name: rgw_crypt_vault_ssl_clientkey
2856 desc: Path for private key required for client cert
2860 - name: rgw_crypt_kmip_addr
2863 desc: kmip server address
2867 - name: rgw_crypt_kmip_ca_path
2870 desc: ca for kmip servers
2874 - name: rgw_crypt_kmip_username
2877 desc: when authenticating via username
2881 - name: rgw_crypt_kmip_password
2884 desc: optional w/ username
2888 - name: rgw_crypt_kmip_client_cert
2891 desc: connect using client certificate
2895 - name: rgw_crypt_kmip_client_key
2898 desc: connect using client certificate
2902 - name: rgw_crypt_kmip_kms_key_template
2905 desc: sse-kms; kmip key names
2909 - name: rgw_crypt_kmip_s3_key_template
2912 desc: sse-s3; kmip key template
2917 - name: rgw_crypt_suppress_logs
2920 desc: Suppress logs that might print client key
2925 - name: rgw_crypt_sse_s3_backend
2928 desc: Where the SSE-S3 encryption keys are stored. The only valid choice here is
2929 HashiCorp Vault ('vault').
2930 fmt_desc: Where the SSE-S3 encryption keys are stored. The only valid
2931 choice is HashiCorp Vault (``vault``).
2939 - name: rgw_crypt_sse_s3_vault_secret_engine
2942 desc: Vault Secret Engine to be used to retrieve encryption keys.
2944 Vault Secret Engine to be used to retrieve encryption keys. The
2945 only valid choice here is transit.
2950 - rgw_crypt_sse_s3_backend
2951 - rgw_crypt_sse_s3_vault_auth
2952 - rgw_crypt_sse_s3_vault_addr
2954 - name: rgw_crypt_sse_s3_key_template
2957 desc: template for per-bucket sse-s3 keys in vault.
2958 long_desc: This is the template for per-bucket sse-s3 keys.
2959 This string may include ``%bucket_id`` which will be expanded out to
2960 the bucket marker, a unique uuid assigned to that bucket.
2961 It could contain ``%owner_id``, which will expand out to the owner's id.
2962 Any other use of % is reserved and should not be used.
2963 If the template contains ``%bucket_id``, associated bucket keys
2964 will be automatically removed when the bucket is removed.
2967 default: "%bucket_id"
2969 - rgw_crypt_sse_s3_backend
2970 - rgw_crypt_sse_s3_vault_auth
2971 - rgw_crypt_sse_s3_vault_addr
2973 - name: rgw_crypt_sse_s3_vault_auth
2976 desc: Type of authentication method to be used with SSE-S3 and Vault.
2977 fmt_desc: Type of authentication method to be used. The only method
2978 currently supported is ``token``.
2983 - rgw_crypt_sse_s3_backend
2984 - rgw_crypt_sse_s3_vault_addr
2985 - rgw_crypt_sse_s3_vault_token_file
2990 - name: rgw_crypt_sse_s3_vault_token_file
2993 desc: If authentication method is 'token', provide a path to the token file, which
2994 for security reasons should readable only by Rados Gateway.
2998 - rgw_crypt_sse_s3_backend
2999 - rgw_crypt_sse_s3_vault_auth
3000 - rgw_crypt_sse_s3_vault_addr
3002 - name: rgw_crypt_sse_s3_vault_addr
3005 desc: SSE-S3 Vault server base address.
3006 fmt_desc: Vault server base address, e.g. ``http://vaultserver:8200``.
3010 - rgw_crypt_sse_s3_backend
3011 - rgw_crypt_sse_s3_vault_auth
3012 - rgw_crypt_sse_s3_vault_prefix
3014 # Optional URL prefix to Vault secret path
3015 - name: rgw_crypt_sse_s3_vault_prefix
3018 desc: SSE-S3 Vault secret URL prefix, which can be used to restrict access to a particular
3019 subset of the Vault secret space.
3020 fmt_desc: The Vault secret URL prefix, which can be used to restrict access
3021 to a particular subset of the secret space, e.g. ``/v1/secret/data``.
3025 - rgw_crypt_sse_s3_backend
3026 - rgw_crypt_sse_s3_vault_addr
3027 - rgw_crypt_sse_s3_vault_auth
3029 # Vault Namespace (only availabe in Vault Enterprise Version)
3030 - name: rgw_crypt_sse_s3_vault_namespace
3033 desc: Vault Namespace to be used to select your tenant
3034 fmt_desc: If set, Vault Namespace provides tenant isolation for teams and individuals
3035 on the same Vault Enterprise instance, e.g. ``acme/tenant1``
3039 - rgw_crypt_sse_s3_backend
3040 - rgw_crypt_sse_s3_vault_auth
3041 - rgw_crypt_sse_s3_vault_addr
3043 # Enable TLS authentication rgw and vault
3044 - name: rgw_crypt_sse_s3_vault_verify_ssl
3047 desc: Should RGW verify the vault server SSL certificate.
3053 - name: rgw_crypt_sse_s3_vault_ssl_cacert
3056 desc: Path for custom ca certificate for accessing vault server
3060 - name: rgw_crypt_sse_s3_vault_ssl_clientcert
3063 desc: Path for custom client certificate for accessing vault server
3067 - name: rgw_crypt_sse_s3_vault_ssl_clientkey
3070 desc: Path for private key required for client cert
3074 - name: rgw_list_bucket_min_readahead
3077 desc: Minimum number of entries to request from rados for bucket listing
3082 - name: rgw_rest_getusage_op_compat
3085 desc: REST GetUsage request backward compatibility
3090 # The following are tunables for torrent data
3091 - name: rgw_torrent_flag
3094 desc: When true, uploaded objects will calculate and store a SHA256 hash of object
3095 data so the object can be retrieved as a torrent file
3100 - name: rgw_torrent_tracker
3103 desc: Torrent field announce and announce list
3107 - name: rgw_torrent_createby
3110 desc: torrent field created by
3114 - name: rgw_torrent_comment
3117 desc: Torrent field comment
3121 - name: rgw_torrent_encoding
3124 desc: torrent field encoding
3128 - name: rgw_data_notify_interval_msec
3131 desc: data changes notification interval to followers
3132 long_desc: In multisite, radosgw will occasionally broadcast new entries in its
3133 data changes log to peer zones, so they can prioritize sync of some
3134 of the most recent changes. Can be disabled with 0.
3139 - name: rgw_torrent_origin
3142 desc: Torrent origin
3146 - name: rgw_torrent_sha_unit
3153 - name: rgw_dynamic_resharding
3156 desc: Enable dynamic resharding
3157 long_desc: If true, RGW will dynamically increase the number of shards in buckets
3158 that have a high number of objects per shard.
3163 - rgw_max_objs_per_shard
3164 - rgw_max_dynamic_shards
3165 - name: rgw_max_objs_per_shard
3168 desc: Max objects per shard for dynamic resharding
3169 long_desc: This is the max number of objects per bucket index shard that RGW will
3170 allow with dynamic resharding. RGW will trigger an automatic reshard operation
3171 on the bucket if it exceeds this number.
3176 - rgw_dynamic_resharding
3177 - rgw_max_dynamic_shards
3178 - name: rgw_max_dynamic_shards
3181 desc: Max shards that dynamic resharding can create
3182 long_desc: This is the maximum number of bucket index shards that dynamic sharding
3183 is able to create on its own. This does not limit user requested resharding. Ideally
3184 this value is a prime number.
3189 - rgw_dynamic_resharding
3190 - rgw_max_objs_per_shard
3192 - name: rgw_reshard_thread_interval
3195 desc: Number of seconds between processing of reshard log entries
3200 - name: rgw_cache_expiry_interval
3203 desc: Number of seconds before entries in the cache are assumed stale and re-fetched.
3205 long_desc: The Rados Gateway stores metadata and objects in an internal cache. This
3206 should be kept consistent by the OSD's relaying notify events between multiple
3207 watching RGW processes. In the event that this notification protocol fails, bounding
3208 the length of time that any data in the cache will be assumed valid will ensure
3209 that any RGW instance that falls out of sync will eventually recover. This seems
3210 to be an issue mostly for large numbers of RGW instances under heavy use. If you
3211 would like to turn off cache expiry, set this value to zero.
3218 - name: rgw_inject_notify_timeout_probability
3221 desc: Likelihood of ignoring a notify
3222 long_desc: This is the probability that the RGW cache will ignore a cache notify
3223 message. It exists to help with the development and testing of cache consistency
3224 and recovery improvements. Please do not set it in a production cluster, as it
3225 actively causes failures. Set this to a floating point value between 0 and 1.
3235 - name: rgw_max_notify_retries
3238 desc: Number of attempts to notify peers before giving up.
3239 long_desc: The number of times we will attempt to update a peer's cache in the event
3240 of error before giving up. This is unlikely to be an issue unless your cluster
3241 is very heavily loaded. Beware that increasing this value may cause some operations
3242 to take longer in exceptional cases and thus may, rarely, cause clients to time
3250 - name: rgw_sts_entry
3253 desc: STS URL prefix
3254 long_desc: URL path prefix for internal STS requests.
3263 long_desc: Key used for encrypting/ decrypting session token.
3268 # should we try to use sts for s3?
3269 - name: rgw_s3_auth_use_sts
3272 desc: Should S3 authentication use STS.
3277 - name: rgw_sts_max_session_duration
3280 desc: Session token max duration
3281 long_desc: Max duration in seconds for which the session token is valid.
3286 - name: rgw_sts_min_session_duration
3289 desc: Minimum allowed duration of a session
3294 - name: rgw_max_listing_results
3297 desc: Upper bound on results in listing operations, ListBucket max-keys
3298 long_desc: This caps the maximum permitted value for listing-like operations in
3299 RGW S3. Affects ListBucket(max-keys), ListBucketVersions(max-keys), ListBucketMultipartUploads(max-uploads),
3300 ListMultipartUploadParts(max-parts)
3307 - name: rgw_sts_token_introspection_url
3310 desc: STS Web Token introspection URL
3311 long_desc: URL for introspecting an STS Web Token.
3315 - name: rgw_sts_client_id
3319 long_desc: Client Id needed for introspecting a Web Token.
3323 - name: rgw_sts_client_secret
3327 long_desc: Client Secret needed for introspecting a Web Token.
3331 - name: rgw_max_concurrent_requests
3334 desc: Maximum number of concurrent HTTP requests.
3335 long_desc: Maximum number of concurrent HTTP requests that the beast frontend will
3336 process. Tuning this can help to limit memory usage under heavy load.
3344 - name: rgw_scheduler_type
3347 desc: Set the type of dmclock scheduler, defaults to throttler Other valid values
3348 are dmclock which is experimental
3350 The RGW scheduler to use. Valid values are ``throttler` and
3351 ``dmclock``. Currently defaults to ``throttler`` which throttles Beast
3352 frontend requests. ``dmclock` is *experimental* and requires the
3353 ``dmclock`` to be included in the ``experimental_feature_enabled``
3354 configuration option.
3356 The options below tune the experimental dmclock scheduler. For
3357 additional reading on dmclock, see :ref:`dmclock-qos`. `op_class` for the flags below is
3358 one of ``admin``, ``auth``, ``metadata``, or ``data``.
3362 - name: rgw_dmclock_admin_res
3365 desc: mclock reservation for admin requests
3370 - rgw_dmclock_admin_wgt
3371 - rgw_dmclock_admin_lim
3372 - name: rgw_dmclock_admin_wgt
3375 desc: mclock weight for admin requests
3380 - rgw_dmclock_admin_res
3381 - rgw_dmclock_admin_lim
3382 - name: rgw_dmclock_admin_lim
3385 desc: mclock limit for admin requests
3390 - rgw_dmclock_admin_res
3391 - rgw_dmclock_admin_wgt
3392 - name: rgw_dmclock_auth_res
3395 desc: mclock reservation for object data requests
3400 - rgw_dmclock_auth_wgt
3401 - rgw_dmclock_auth_lim
3402 - name: rgw_dmclock_auth_wgt
3405 desc: mclock weight for object data requests
3410 - rgw_dmclock_auth_res
3411 - rgw_dmclock_auth_lim
3412 - name: rgw_dmclock_auth_lim
3415 desc: mclock limit for object data requests
3420 - rgw_dmclock_auth_res
3421 - rgw_dmclock_auth_wgt
3422 - name: rgw_dmclock_data_res
3425 desc: mclock reservation for object data requests
3430 - rgw_dmclock_data_wgt
3431 - rgw_dmclock_data_lim
3432 - name: rgw_dmclock_data_wgt
3435 desc: mclock weight for object data requests
3440 - rgw_dmclock_data_res
3441 - rgw_dmclock_data_lim
3442 - name: rgw_dmclock_data_lim
3445 desc: mclock limit for object data requests
3450 - rgw_dmclock_data_res
3451 - rgw_dmclock_data_wgt
3452 - name: rgw_dmclock_metadata_res
3455 desc: mclock reservation for metadata requests
3460 - rgw_dmclock_metadata_wgt
3461 - rgw_dmclock_metadata_lim
3462 - name: rgw_dmclock_metadata_wgt
3465 desc: mclock weight for metadata requests
3470 - rgw_dmclock_metadata_res
3471 - rgw_dmclock_metadata_lim
3472 - name: rgw_dmclock_metadata_lim
3475 desc: mclock limit for metadata requests
3480 - rgw_dmclock_metadata_res
3481 - rgw_dmclock_metadata_wgt
3482 - name: rgw_default_data_log_backing
3485 desc: Default backing store for the RGW data sync log
3486 long_desc: Whether to use the older OMAP backing store or the high performance FIFO
3487 based backing store by default. This only covers the creation of the log on startup
3495 - name: rgw_d3n_l1_local_datacache_enabled
3498 desc: Enable datacenter-scale dataset delivery local cache
3503 - name: rgw_d3n_l1_datacache_persistent_path
3506 desc: path for the directory for storing the local cache objects data
3507 default: /tmp/rgw_datacache/
3511 - name: rgw_d3n_l1_datacache_size
3514 desc: datacache maximum size on disk in bytes
3519 - name: rgw_d3n_l1_evict_cache_on_start
3522 desc: clear the content of the persistent data cache directory on start
3527 - name: rgw_d3n_l1_fadvise
3530 desc: posix_fadvise() flag for access pattern of cache files
3531 long_desc: for example to bypass the page-cache -
3532 POSIX_FADV_DONTNEED=4
3537 - name: rgw_d3n_l1_eviction_policy
3540 desc: select the d3n cache eviction policy
3548 - name: rgw_d3n_libaio_aio_threads
3551 desc: specifies the maximum number of worker threads that may be used by libaio
3556 - rgw_thread_pool_size
3558 - name: rgw_d3n_libaio_aio_num
3561 desc: specifies the maximum number of simultaneous I/O requests that libaio expects to enqueue
3566 - rgw_thread_pool_size
3568 - name: rgw_backend_store
3571 desc: experimental Option to set backend store type
3572 long_desc: defaults to rados. Other valid values are dbstore, motr, and daos (All experimental).
3581 - name: rgw_config_store
3584 desc: Configuration storage backend
3595 desc: experimental Option to set a filter
3596 long_desc: defaults to none. Other valid values are base and trace (both experimental).
3604 - name: dbstore_db_dir
3607 desc: path for the directory for storing the db backend store data
3608 default: /var/lib/ceph/radosgw
3611 - name: dbstore_db_name_prefix
3614 desc: prefix to the file names created by db backend store
3618 - name: dbstore_config_uri
3621 desc: 'Config database URI. URIs beginning with file: refer to local files opened with SQLite.'
3622 default: file:/var/lib/ceph/radosgw/dbstore-config.db
3627 - name: rgw_json_config
3630 desc: Path to a json file that contains the static zone and zonegroup configuration. Requires rgw_config_store=json.
3631 default: /var/lib/ceph/radosgw/config.json
3636 - name: motr_profile_fid
3639 desc: experimental Option to set Motr profile fid
3640 long_desc: example value 0x7000000000000001:0x4f
3641 default: 0x7000000000000001:0x0
3647 desc: experimental Option to set my Motr fid
3648 long_desc: example value 0x7200000000000001:0x29
3649 default: 0x7200000000000001:0x0
3652 - name: motr_admin_fid
3655 desc: Admin Tool Motr FID for admin-level access.
3656 long_desc: example value 0x7200000000000001:0x2c
3657 default: 0x7200000000000001:0x0
3660 - name: motr_admin_endpoint
3663 desc: experimental Option to set Admin Motr endpoint address
3664 long_desc: example value 192.168.180.182@tcp:12345:4:1
3665 default: 192.168.180.182@tcp:12345:4:1
3668 - name: motr_my_endpoint
3671 desc: experimental Option to set my Motr endpoint address
3672 long_desc: example value 192.168.180.182@tcp:12345:4:1
3673 default: 192.168.180.182@tcp:12345:4:1
3676 - name: motr_ha_endpoint
3679 desc: experimental Option to set Motr HA agent endpoint address
3680 long_desc: example value 192.168.180.182@tcp:12345:1:1
3681 default: 192.168.180.182@tcp:12345:1:1
3684 - name: motr_tracing_enabled
3687 desc: Set to true when Motr client debugging is needed
3691 - name: rgw_luarocks_location
3694 desc: Directory where luarocks install packages from allowlist
3695 default: @rgw_luarocks_location@
3700 - name: rgwlc_auto_session_clear
3703 desc: Automatically clear stale lifecycle sessions (i.e., after 2 idle processing cycles)
3708 - name: rgwlc_skip_bucket_step
3711 desc: Conditionally skip the processing (but not the scheduling) of bucket lifecycle
3716 - name: rgw_pending_bucket_index_op_expiration
3720 desc: Number of seconds a pending operation can remain in bucket index shard.
3721 long_desc: Number of seconds a pending operation can remain in bucket
3722 index shard before it expires. Used for transactional bucket index
3723 operations, and if the operation does not complete in this time
3724 period, the operation will be dropped.
3729 - name: rgw_bucket_index_transaction_instrumentation
3733 desc: Turns on extra instrumentation surrounding bucket index transactions.
3738 - name: rgw_allow_notification_secrets_in_cleartext
3741 desc: Allows sending secrets (e.g. passwords) over non encrypted HTTP messages.
3742 long_desc: When bucket notification endpoint require secrets (e.g. passwords),
3743 we allow the topic creation only over HTTPS messages.
3744 This parameter can be set to "true" to bypass this check.
3745 Use this only if radosgw is on a trusted private network, and the message
3746 broker cannot be configured without password authentication. Otherwise, this will
3747 leak the credentials of your message broker and compromise its security.
3752 - rgw_trust_forwarded_https
3756 desc: DAOS Pool to use
3760 - name: rgw_policy_reject_invalid_principals
3763 desc: Whether to reject policies with invalid principals
3764 long_desc: If true, policies with invalid principals will be
3765 rejected. We don't support Canonical User identifiers or some
3766 other form of policies that Amazon does, so if you are mirroring
3767 policies between RGW and AWS, you may wish to set this to false.