5 # According to AWS S3(http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html),
6 # An ACL can have up to 100 grants.
7 - name: rgw_acl_grants_max_num
10 desc: Max number of ACL grants in a single request
15 # According to AWS S3(http://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html),
16 # An cors can have up to 100 rules.
17 - name: rgw_cors_rules_max_num
20 desc: Max number of cors rules in a single request
25 # According to AWS S3(https://docs.aws.amazon.com/AmazonS3/latest/dev/DeletingObjects.html),
26 # Amazon S3 also provides the Multi-Object Delete API that you can use to delete up to 1000
27 # objects in a single HTTP request.
28 - name: rgw_delete_multi_obj_max_num
31 desc: Max number of objects in a single multi-object delete request
36 # According to AWS S3, An website routing config can have up to 50 rules.
37 - name: rgw_website_routing_rules_max_num
40 desc: Max number of website routing rules in a single request
45 - name: rgw_rados_tracing
48 desc: true if LTTng-UST tracepoints should be enabled
52 - name: rgw_op_tracing
55 desc: true if LTTng-UST tracepoints should be enabled
59 - name: rgw_max_chunk_size
62 desc: Set RGW max chunk size
63 long_desc: The chunk size is the size of RADOS I/O requests that RGW sends when
64 accessing data objects. RGW read and write operations will never request more than
65 this amount in a single request. This also defines the RGW head object size, as
66 head operations need to be atomic, and anything larger than this would require
67 more than a single operation. When RGW objects are written to the default
68 storage class, up to this amount of payload data will be stored alongside
69 metadata in the head object.
74 - name: rgw_put_obj_min_window_size
77 desc: The minimum RADOS write window size (in bytes).
78 long_desc: The window size determines the total concurrent RADOS writes of a single
79 RGW object. When writing an object RGW will send multiple chunks to RADOS. The
80 total size of the writes does not exceed the window size. The window size may
81 be adjusted dynamically in order to better utilize the pipe.
86 - rgw_put_obj_max_window_size
89 - name: rgw_put_obj_max_window_size
92 desc: The maximum RADOS write window size (in bytes).
93 long_desc: The window size may be dynamically adjusted, but will not surpass this
99 - rgw_put_obj_min_window_size
102 - name: rgw_max_put_size
105 desc: Max size (in bytes) of regular (non multi-part) object upload.
106 long_desc: Plain object upload is capped at this amount of data. In order to upload
107 larger objects, a special upload mechanism is required. The S3 API provides the
108 multi-part upload, and Swift provides DLO and SLO.
113 - name: rgw_max_put_param_size
116 desc: The maximum size (in bytes) of data input of certain RESTful requests.
121 - name: rgw_max_attr_size
124 desc: The maximum length of metadata value. 0 skips the check
129 - name: rgw_max_attr_name_len
132 desc: The maximum length of metadata name. 0 skips the check
137 - name: rgw_max_attrs_num_in_req
140 desc: The maximum number of metadata items that can be put via single request
145 # override max bucket index shards in zone configuration (if not zero)
147 # Represents the number of shards for the bucket index object, a value of zero
148 # indicates there is no sharding. By default (no sharding, the name of the object
149 # is '.dir.{marker}', with sharding, the name is '.dir.{markder}.{sharding_id}',
150 # sharding_id is zero-based value. It is not recommended to set a too large value
151 # (e.g. thousand) as it increases the cost for bucket listing.
152 - name: rgw_override_bucket_index_max_shards
155 desc: The default number of bucket index shards for newly-created buckets. This
156 value overrides bucket_index_max_shards stored in the zone. Setting this value
157 in the zone is preferred, because it applies globally to all radosgw daemons running
159 fmt_desc: Represents the number of shards for the bucket index object,
160 a value of zero indicates there is no sharding. It is not
161 recommended to set a value too large (e.g. thousand) as it
162 increases the cost for bucket listing.
163 This variable should be set in the client or global sections
164 so that it is automatically applied to radosgw-admin commands.
169 # Represents the maximum AIO pending requests for the bucket index object shards.
170 - name: rgw_bucket_index_max_aio
173 desc: Max number of concurrent RADOS requests when handling bucket shards.
178 # whether or not the quota/gc threads should be started
179 - name: rgw_enable_quota_threads
182 desc: Enables the quota maintenance thread.
183 long_desc: The quota maintenance thread is responsible for quota related maintenance
184 work. The thread itself can be disabled, but in order for quota to work correctly,
185 at least one RGW in each zone needs to have this thread running. Having the thread
186 enabled on multiple RGW processes within the same zone can spread some of the
187 maintenance work between them.
192 - rgw_enable_gc_threads
193 - rgw_enable_lc_threads
195 - name: rgw_enable_gc_threads
198 desc: Enables the garbage collection maintenance thread.
199 long_desc: The garbage collection maintenance thread is responsible for garbage
200 collector maintenance work. The thread itself can be disabled, but in order for
201 garbage collection to work correctly, at least one RGW in each zone needs to have
202 this thread running. Having the thread enabled on multiple RGW processes within
203 the same zone can spread some of the maintenance work between them.
208 - rgw_enable_quota_threads
209 - rgw_enable_lc_threads
211 - name: rgw_enable_lc_threads
214 desc: Enables the lifecycle maintenance thread. This is required on at least one
216 long_desc: The lifecycle maintenance thread is responsible for lifecycle related
217 maintenance work. The thread itself can be disabled, but in order for lifecycle
218 to work correctly, at least one RGW in each zone needs to have this thread running.
219 Havingthe thread enabled on multiple RGW processes within the same zone can spread
220 some of the maintenance work between them.
225 - rgw_enable_gc_threads
226 - rgw_enable_quota_threads
231 desc: Alternative location for RGW configuration.
232 long_desc: If this is set, the different Ceph system configurables (such as the keyring file will be located in the path that is specified here.
233 fmt_desc: Sets the location of the data files for Ceph RADOS Gateway.
234 default: /var/lib/ceph/radosgw/$cluster-$id
240 - name: rgw_enable_apis
243 desc: A list of set of RESTful APIs that rgw handles.
245 Enables the specified APIs.
247 .. note:: Enabling the ``s3`` API is a requirement for
248 any ``radosgw`` instance that is meant to
249 participate in a `multi-site <../multisite>`_
251 default: s3, s3website, swift, swift_auth, admin, sts, iam, notifications
255 - name: rgw_cache_enabled
258 desc: Enable RGW metadata cache.
259 long_desc: The metadata cache holds metadata entries that RGW requires for processing
260 requests. Metadata entries can be user info, bucket info, and bucket instance
261 info. If not found in the cache, entries will be fetched from the backing RADOS
263 fmt_desc: Whether the Ceph Object Gateway cache is enabled.
270 - name: rgw_cache_lru_size
273 desc: Max number of items in RGW metadata cache.
274 long_desc: When full, the RGW metadata cache evicts least recently used entries.
275 fmt_desc: The number of entries in the Ceph Object Gateway cache.
285 desc: The host name that RGW uses.
286 long_desc: This is Needed for virtual hosting of buckets to work properly, unless
287 configured via zonegroup configuration.
288 fmt_desc: The DNS name of the served domain. See also the ``hostnames`` setting within regions.
292 - name: rgw_dns_s3website_name
295 desc: The host name that RGW uses for static websites (S3)
296 long_desc: This is needed for virtual hosting of buckets, unless configured via
297 zonegroup configuration.
301 - name: rgw_numa_node
304 desc: set rgw's cpu affinity to a numa node (-1 for none)
310 - name: rgw_service_provider_name
313 desc: Service provider name which is contained in http response headers
314 long_desc: As S3 or other cloud storage providers do, http response headers should
315 contain the name of the provider. This name will be placed in http header 'Server'.
319 - name: rgw_content_length_compat
322 desc: Multiple content length headers compatibility
323 long_desc: Try to handle requests with abiguous multiple content length headers
324 (Content-Length, Http-Content-Length).
325 fmt_desc: Enable compatibility handling of FCGI requests with both ``CONTENT_LENGTH``
326 and ``HTTP_CONTENT_LENGTH`` set.
331 - name: rgw_relaxed_region_enforcement
334 desc: Disable region constraint enforcement
335 long_desc: Enable requests such as bucket creation to succeed irrespective of region
336 restrictions (Jewel compat).
340 - name: rgw_lifecycle_work_time
343 desc: Lifecycle allowed work time
344 long_desc: Local time window in which the lifecycle maintenance thread can work.
349 - name: rgw_lc_lock_max_time
356 - name: rgw_lc_thread_delay
359 desc: Delay after processing of bucket listing chunks (i.e., per 1000 entries) in
364 - name: rgw_lc_max_worker
367 desc: Number of LCWorker tasks that will be run in parallel
368 long_desc: Number of LCWorker tasks that will run in parallel--used to permit >1
369 bucket/index shards to be processed simultaneously
370 fmt_desc: This option specifies the number of lifecycle worker threads
371 to run in parallel, thereby processing bucket and index
372 shards simultaneously.
377 - name: rgw_lc_max_wp_worker
380 desc: Number of workpool threads per LCWorker
381 long_desc: Number of threads in per-LCWorker workpools--used to accelerate per-bucket
383 fmt_desc: This option specifies the number of threads in each lifecycle
384 workers work pool. This option can help accelerate processing each bucket.
389 - name: rgw_lc_max_objs
392 desc: Number of lifecycle data shards
393 long_desc: Number of RADOS objects to use for storing lifecycle index. This affects
394 concurrency of lifecycle maintenance, as shards can be processed in parallel.
399 - name: rgw_lc_max_rules
402 desc: Max number of lifecycle rules set on one bucket
403 long_desc: Number of lifecycle rules set on one bucket should be limited.
408 - name: rgw_lc_debug_interval
411 desc: The number of seconds that simulate one "day" in order to debug RGW LifeCycle.
412 Do *not* modify for a production cluster.
413 long_desc: For debugging RGW LifeCycle, the number of seconds that are equivalent to
414 one simulated "day". Values less than 1 are ignored and do not change LifeCycle behavior.
415 For example, during debugging if one wanted every 10 minutes to be equivalent to one day,
416 then this would be set to 600, the number of seconds in 10 minutes.
421 - name: rgw_mp_lock_max_time
424 desc: Multipart upload max completion time
425 long_desc: Time length to allow completion of a multipart upload operation. This
426 is done to prevent concurrent completions on the same object with the same upload
431 - name: rgw_script_uri
434 fmt_desc: The alternative value for the ``SCRIPT_URI`` if not set
439 - name: rgw_request_uri
442 fmt_desc: The alternative value for the ``REQUEST_URI`` if not set
447 - name: rgw_ignore_get_invalid_range
450 desc: Treat invalid (e.g., negative) range request as full
451 long_desc: Treat invalid (e.g., negative) range request as request for the full
452 object (AWS compatibility)
457 - name: rgw_swift_url
460 desc: Swift-auth storage URL
461 long_desc: Used in conjunction with rgw internal swift authentication. This affects
462 the X-Storage-Url response header value.
463 fmt_desc: The URL for the Ceph Object Gateway Swift API.
467 - rgw_swift_auth_entry
469 - name: rgw_swift_url_prefix
472 desc: Swift URL prefix
473 long_desc: The URL path prefix for swift requests.
475 The URL prefix for the Swift API, to distinguish it from
476 the S3 API endpoint. The default is ``swift``, which
477 makes the Swift API available at the URL
478 ``http://host:port/swift/v1`` (or
479 ``http://host:port/swift/v1/AUTH_%(tenant_id)s`` if
480 ``rgw swift account in url`` is enabled).
482 For compatibility, setting this configuration variable
483 to the empty string causes the default ``swift`` to be
484 used; if you do want an empty prefix, set this option to
487 .. warning:: If you set this option to ``/``, you must
488 disable the S3 API by modifying ``rgw
489 enable apis`` to exclude ``s3``. It is not
490 possible to operate radosgw with ``rgw
491 swift url prefix = /`` and simultaneously
492 support both the S3 and Swift APIs. If you
493 do need to support both APIs without
494 prefixes, deploy multiple radosgw instances
495 to listen on different hosts (or ports)
496 instead, enabling some for S3 and some for
498 example: /swift-testing
503 - name: rgw_swift_auth_url
507 long_desc: Default url to which RGW connects and verifies tokens for v1 auth (if
508 not using internal swift auth).
512 - name: rgw_swift_auth_entry
515 desc: Swift auth URL prefix
516 long_desc: URL path prefix for internal swift auth requests.
517 fmt_desc: The entry point for a Swift auth URL.
524 - name: rgw_swift_tenant_name
527 desc: Swift tenant name
528 long_desc: Tenant name that is used when constructing the swift path.
532 - rgw_swift_account_in_url
534 - name: rgw_swift_account_in_url
537 desc: Swift account encoded in URL
538 long_desc: Whether the swift account is encoded in the uri path (AUTH_<account>).
540 Whether or not the Swift account name should be included
541 in the Swift API URL.
542 If set to ``false`` (the default), then the Swift API
543 will listen on a URL formed like
544 ``http://host:port/<rgw_swift_url_prefix>/v1``, and the
545 account name (commonly a Keystone project UUID if
546 radosgw is configured with `Keystone integration
547 <../keystone>`_) will be inferred from request
549 If set to ``true``, the Swift API URL will be
550 ``http://host:port/<rgw_swift_url_prefix>/v1/AUTH_<account_name>``
552 ``http://host:port/<rgw_swift_url_prefix>/v1/AUTH_<keystone_project_id>``)
553 instead, and the Keystone ``object-store`` endpoint must
554 accordingly be configured to include the
555 ``AUTH_%(tenant_id)s`` suffix.
556 You **must** set this option to ``true`` (and update the
557 Keystone service catalog) if you want radosgw to support
558 publicly-readable containers and `temporary URLs
559 <../swift/tempurl>`_.
564 - rgw_swift_tenant_name
566 - name: rgw_swift_enforce_content_length
569 desc: Send content length when listing containers (Swift)
570 long_desc: Whether content length header is needed when listing containers. When
571 this is set to false, RGW will send extra info for each entry in the response.
576 - name: rgw_keystone_url
579 desc: The URL to the Keystone server.
583 - name: rgw_keystone_admin_token
586 desc: 'DEPRECATED: The admin token (shared secret) that is used for the Keystone
588 fmt_desc: The Keystone admin token (shared secret). In Ceph RGW
589 authentication with the admin token has priority over
590 authentication with the admin credentials
591 (``rgw_keystone_admin_user``, ``rgw_keystone_admin_password``,
592 ``rgw_keystone_admin_tenant``, ``rgw_keystone_admin_project``,
593 ``rgw_keystone_admin_domain``). The Keystone admin token
594 has been deprecated, but can be used to integrate with
595 older environments. It is preferred to instead configure
596 ``rgw_keystone_admin_token_path`` to avoid exposing the token.
600 - name: rgw_keystone_admin_token_path
603 desc: Path to a file containing the admin token (shared secret) that is used for
604 the Keystone requests.
605 fmt_desc: Path to a file containing the Keystone admin token
606 (shared secret). In Ceph RadosGW authentication with
607 the admin token has priority over authentication with
608 the admin credentials
609 (``rgw_keystone_admin_user``, ``rgw_keystone_admin_password``,
610 ``rgw_keystone_admin_tenant``, ``rgw_keystone_admin_project``,
611 ``rgw_keystone_admin_domain``).
612 The Keystone admin token has been deprecated, but can be
613 used to integrate with older environments.
617 - name: rgw_keystone_admin_user
620 desc: Keystone admin user.
621 fmt_desc: The name of OpenStack user with admin privilege for Keystone
622 authentication (Service User) when using OpenStack Identity API v2
626 - name: rgw_keystone_admin_password
629 desc: 'DEPRECATED: Keystone admin password.'
630 fmt_desc: The password for OpenStack admin user when using OpenStack
631 Identity API v2. It is preferred to instead configure
632 ``rgw_keystone_admin_password_path`` to avoid exposing the token.
636 - name: rgw_keystone_admin_password_path
639 desc: Path to a file containing the Keystone admin password.
640 fmt_desc: Path to a file containing the password for OpenStack
641 admin user when using OpenStack Identity API v2.
645 - name: rgw_keystone_admin_tenant
648 desc: Keystone admin user tenant.
649 fmt_desc: The name of OpenStack tenant with admin privilege (Service Tenant) when
650 using OpenStack Identity API v2
654 - name: rgw_keystone_admin_project
657 desc: Keystone admin user project (for Keystone v3).
658 fmt_desc: The name of OpenStack project with admin privilege when using
659 OpenStack Identity API v3. If left unspecified, value of
660 ``rgw keystone admin tenant`` will be used instead.
664 - name: rgw_keystone_admin_domain
667 desc: Keystone admin user domain (for Keystone v3).
668 fmt_desc: The name of OpenStack domain with admin privilege when using
669 OpenStack Identity API v3.
673 - name: rgw_keystone_barbican_user
676 desc: Keystone user to access barbican secrets.
677 fmt_desc: The name of the OpenStack user with access to the `Barbican`_
678 secrets used for `Encryption`_.
682 - name: rgw_keystone_barbican_password
685 desc: Keystone password for barbican user.
686 fmt_desc: The password associated with the `Barbican`_ user.
690 - name: rgw_keystone_barbican_tenant
693 desc: Keystone barbican user tenant (Keystone v2.0).
694 fmt_desc: The name of the OpenStack tenant associated with the `Barbican`_
695 user when using OpenStack Identity API v2.
699 - name: rgw_keystone_barbican_project
702 desc: Keystone barbican user project (Keystone v3).
703 fmt_desc: The name of the OpenStack project associated with the `Barbican`_
704 user when using OpenStack Identity API v3.
708 - name: rgw_keystone_barbican_domain
711 desc: Keystone barbican user domain.
712 fmt_desc: The name of the OpenStack domain associated with the `Barbican`_
713 user when using OpenStack Identity API v3.
717 - name: rgw_keystone_api_version
720 desc: Version of Keystone API to use (2 or 3).
721 fmt_desc: The version (2 or 3) of OpenStack Identity API that should be
722 used for communication with the Keystone server.
727 - name: rgw_keystone_accepted_roles
730 desc: Only users with one of these roles will be served when doing Keystone authentication.
731 fmt_desc: The roles required to serve requests.
732 default: Member, admin
736 - name: rgw_keystone_accepted_admin_roles
739 desc: List of roles allowing user to gain admin privileges (Keystone).
743 - name: rgw_keystone_token_cache_size
746 desc: Keystone token cache size
747 long_desc: Max number of Keystone tokens that will be cached. Token that is not
748 cached requires RGW to access the Keystone server when authenticating.
749 fmt_desc: The maximum number of entries in each Keystone token cache.
754 - name: rgw_keystone_verify_ssl
757 desc: Should RGW verify the Keystone server SSL certificate.
758 fmt_desc: Verify SSL certificates while making token requests to keystone.
763 - name: rgw_keystone_implicit_tenants
766 desc: RGW Keystone implicit tenants creation
767 long_desc: Implicitly create new users in their own tenant with the same name when
768 authenticating via Keystone. Can be limited to s3 or swift only.
782 - name: rgw_cross_domain_policy
785 desc: RGW handle cross domain policy
786 long_desc: Returned cross domain policy when accessing the crossdomain.xml resource
787 (Swift compatiility).
788 default: <allow-access-from domain="*" secure="false" />
792 - name: rgw_healthcheck_disabling_path
795 desc: Swift health check api can be disabled if a file can be accessed in this path.
799 - name: rgw_s3_auth_use_rados
802 desc: Should S3 authentication use credentials stored in RADOS backend.
807 - name: rgw_s3_auth_use_keystone
810 desc: Should S3 authentication use Keystone.
815 - name: rgw_s3_auth_order
818 desc: Authentication strategy order to use for s3 authentication
819 long_desc: Order of authentication strategies to try for s3 authentication, the
820 allowed options are a comma separated list of engines external, local. The default
821 order is to try all the externally configured engines before attempting local
822 rados based authentication
823 default: sts, external, local
827 - name: rgw_barbican_url
830 desc: URL to barbican server.
831 fmt_desc: The URL for the Barbican server.
835 # OpenLDAP-style LDAP parameter strings
839 desc: Space-separated list of LDAP servers in URI format.
840 default: ldaps://<ldap.your.domain>
844 - name: rgw_ldap_binddn
847 desc: LDAP entry RGW will bind with (user match).
848 default: uid=admin,cn=users,dc=example,dc=com
852 - name: rgw_ldap_searchdn
855 desc: LDAP search base (basedn).
856 default: cn=users,cn=accounts,dc=example,dc=com
860 - name: rgw_ldap_dnattr
863 desc: LDAP attribute containing RGW user names (to form binddns).
868 - name: rgw_ldap_secret
871 desc: Path to file containing credentials for rgw_ldap_binddn.
872 default: /etc/openldap/secret
876 - name: rgw_s3_auth_use_ldap
879 desc: Should S3 authentication use LDAP.
884 - name: rgw_ldap_searchfilter
887 desc: LDAP search filter.
894 desc: URL to OPA server.
898 - name: rgw_opa_token
901 desc: The Bearer token OPA uses to authenticate client requests.
905 - name: rgw_opa_verify_ssl
908 desc: Should RGW verify the OPA server SSL certificate.
913 - name: rgw_use_opa_authz
916 desc: Should OPA be used to authorize client requests.
921 - name: rgw_admin_entry
924 desc: Path prefix to be used for accessing RGW RESTful admin API.
925 fmt_desc: The entry point for an admin request URL.
930 - name: rgw_enforce_swift_acls
933 desc: RGW enforce swift acls
934 long_desc: Should RGW enforce special Swift-only ACLs. Swift has a special ACL that
935 gives permission to access all objects in a container.
936 fmt_desc: Enforces the Swift Access Control List (ACL) settings.
941 - name: rgw_swift_token_expiration
944 desc: Expiration time (in seconds) for token generated through RGW Swift auth.
945 fmt_desc: The time in seconds for expiring a Swift token.
950 - name: rgw_print_continue
953 desc: RGW support of 100-continue
954 long_desc: Should RGW explicitly send 100 (continue) responses. This is mainly relevant
955 when using FastCGI, as some FastCGI modules do not fully support this feature.
956 fmt_desc: Enable ``100-continue`` if it is operational.
961 - name: rgw_print_prohibited_content_length
964 desc: RGW RFC-7230 compatibility
965 long_desc: Specifies whether RGW violates RFC 7230 and sends Content-Length with
971 - name: rgw_remote_addr_param
974 desc: HTTP header that holds the remote address in incoming requests.
975 long_desc: RGW will use this header to extract requests origin. When RGW runs behind
976 a reverse proxy, the remote address header will point at the proxy's address and
977 not at the originator's address. Therefore it is sometimes possible to have the
978 proxy add the originator's address in a separate HTTP header, which will allow
979 RGW to log it correctly.
980 fmt_desc: The remote address parameter. For example, the HTTP field
981 containing the remote address, or the ``X-Forwarded-For``
982 address if a reverse proxy is operational.
989 - name: rgw_op_thread_timeout
992 desc: Timeout for async rados coroutine operations.
993 fmt_desc: The timeout in seconds for open threads.
998 - name: rgw_op_thread_suicide_timeout
1002 fmt_desc: The time ``timeout`` in seconds before a Ceph Object Gateway
1003 process dies. Disabled if set to ``0``.
1007 - name: rgw_thread_pool_size
1010 desc: RGW requests handling thread pool size.
1011 long_desc: This parameter determines the number of concurrent requests RGW can process
1012 when using either the civetweb, or the fastcgi frontends. The higher this number
1013 is, RGW will be able to deal with more concurrent requests at the cost of more
1014 resource utilization.
1015 fmt_desc: The size of the thread pool.
1020 - name: rgw_num_control_oids
1023 desc: Number of control objects used for cross-RGW communication.
1024 long_desc: RGW uses certain control objects to send messages between different RGW
1025 processes running on the same zone. These messages include metadata cache invalidation
1026 info that is being sent when metadata is modified (such as user or bucket information).
1027 A higher number of control objects allows better concurrency of these messages,
1028 at the cost of more resource utilization.
1029 fmt_desc: The number of notification objects used for cache synchronization
1030 between different ``rgw`` instances.
1035 - name: rgw_verify_ssl
1038 desc: Should RGW verify SSL when connecing to a remote HTTP server
1039 long_desc: RGW can send requests to other RGW servers (e.g., in multi-site sync
1040 work). This configurable selects whether RGW should verify the certificate for
1041 the remote peer and host.
1042 fmt_desc: Verify SSL certificates while making requests.
1047 - rgw_keystone_verify_ssl
1049 # The following are tunables for caches of RGW NFS (and other file
1052 # The file handle cache is a partitioned hash table
1053 # (fhcache_partitions), each with a closed hash part and backing
1054 # b-tree mapping. The number of partions is expected to be a small
1055 # prime, the cache size something larger but less than 5K, the total
1056 # size of the cache is n_part * cache_size.
1057 - name: rgw_nfs_lru_lanes
1064 - name: rgw_nfs_lru_lane_hiwat
1071 - name: rgw_nfs_fhcache_partitions
1078 - name: rgw_nfs_fhcache_size
1085 - name: rgw_nfs_namespace_expire_secs
1093 - name: rgw_nfs_max_gc
1101 - name: rgw_nfs_write_completion_interval_s
1108 # use fast S3 attrs from bucket index--currently assumes NFS mounts are immutable
1109 - name: rgw_nfs_s3_fast_attrs
1112 desc: use fast S3 attrs from bucket index (immutable only)
1113 long_desc: use fast S3 attrs from bucket index (assumes NFS mounts are immutable)
1118 # overrides for librgw/nfs
1119 - name: rgw_nfs_run_gc_threads
1122 desc: run GC threads in librgw (default off)
1127 - name: rgw_nfs_run_lc_threads
1130 desc: run lifecycle threads in librgw (default off)
1135 - name: rgw_nfs_run_quota_threads
1138 desc: run quota threads in librgw (default off)
1143 - name: rgw_nfs_run_sync_thread
1146 desc: run sync thread in librgw (default off)
1151 - name: rgw_rados_pool_autoscale_bias
1154 desc: pg_autoscale_bias value for RGW metadata (omap-heavy) pools
1160 - name: rgw_rados_pool_pg_num_min
1163 desc: pg_num_min value for RGW metadata (omap-heavy) pools
1169 - name: rgw_rados_pool_recovery_priority
1172 desc: recovery_priority value for RGW metadata (omap-heavy) pools
1182 fmt_desc: The name of the zone for the gateway instance. If no zone is
1183 set, a cluster-wide default can be configured with the command
1184 ``radosgw-admin zone default``.
1201 - name: rgw_zone_root_pool
1204 desc: Zone root pool name
1205 long_desc: The zone root pool, is the pool where the RGW zone configuration located.
1210 - rgw_zonegroup_root_pool
1211 - rgw_realm_root_pool
1212 - rgw_period_root_pool
1214 - name: rgw_default_zone_info_oid
1217 desc: Default zone info object id
1218 long_desc: Name of the RADOS object that holds the default zone information.
1219 default: default.zone
1227 long_desc: Obsolete config option. The rgw_zonegroup option should be used instead.
1233 - name: rgw_region_root_pool
1236 desc: Region root pool
1237 long_desc: Obsolete config option. The rgw_zonegroup_root_pool should be used instead.
1242 - rgw_zonegroup_root_pool
1244 - name: rgw_default_region_info_oid
1247 desc: Default region info object id
1248 long_desc: Obsolete config option. The rgw_default_zonegroup_info_oid should be
1250 default: default.region
1254 - rgw_default_zonegroup_info_oid
1256 - name: rgw_zonegroup
1259 desc: Zonegroup name
1260 fmt_desc: The name of the zonegroup for the gateway instance. If no
1261 zonegroup is set, a cluster-wide default can be configured with
1262 the command ``radosgw-admin zonegroup default``.
1269 - name: rgw_zonegroup_id
1279 - name: rgw_zonegroup_root_pool
1282 desc: Zonegroup root pool
1283 long_desc: The zonegroup root pool, is the pool where the RGW zonegroup configuration
1289 - rgw_zone_root_pool
1290 - rgw_realm_root_pool
1291 - rgw_period_root_pool
1293 - name: rgw_default_zonegroup_info_oid
1296 default: default.zonegroup
1303 fmt_desc: The name of the realm for the gateway instance. If no realm is
1304 set, a cluster-wide default can be configured with the command
1305 ``radosgw-admin realm default``.
1309 - name: rgw_realm_id
1314 - name: rgw_realm_root_pool
1317 desc: Realm root pool
1318 long_desc: The realm root pool, is the pool where the RGW realm configuration located.
1323 - rgw_zonegroup_root_pool
1324 - rgw_zone_root_pool
1325 - rgw_period_root_pool
1327 - name: rgw_default_realm_info_oid
1330 default: default.realm
1334 - name: rgw_period_root_pool
1337 desc: Period root pool
1338 long_desc: The period root pool, is the pool where the RGW period configuration
1344 - rgw_zonegroup_root_pool
1345 - rgw_zone_root_pool
1346 - rgw_realm_root_pool
1348 - name: rgw_period_latest_epoch_info_oid
1351 default: .latest_epoch
1355 - name: rgw_log_nonexistent_bucket
1358 desc: Should RGW log operations on bucket that does not exist
1359 long_desc: This config option applies to the ops log. When this option is set, the
1360 ops log will log operations that are sent to non existing buckets. These operations
1361 inherently fail, and do not correspond to a specific user.
1362 fmt_desc: Enables Ceph Object Gateway to log a request for a non-existent
1368 - rgw_enable_ops_log
1370 # man date to see codes (a subset are supported)
1371 - name: rgw_log_object_name
1374 desc: Ops log object name format
1375 long_desc: Defines the format of the RADOS objects names that ops log uses to store
1377 fmt_desc: The logging format for an object name. See ma npage
1378 :manpage:`date` for details about format specifiers.
1379 default: '%Y-%m-%d-%H-%i-%n'
1383 - rgw_enable_ops_log
1385 - name: rgw_log_object_name_utc
1388 desc: Should ops log object name based on UTC
1389 long_desc: If set, the names of the RADOS objects that hold the ops log data will
1390 be based on UTC time zone. If not set, it will use the local time zone.
1391 fmt_desc: Whether a logged object name includes a UTC time.
1392 If ``false``, it uses the local time.
1397 - rgw_enable_ops_log
1398 - rgw_log_object_name
1400 - name: rgw_usage_max_shards
1403 desc: Number of shards for usage log.
1404 long_desc: The number of RADOS objects that RGW will use in order to store the usage
1406 fmt_desc: The maximum number of shards for usage logging.
1411 - rgw_enable_usage_log
1413 - name: rgw_usage_max_user_shards
1416 desc: Number of shards for single user in usage log
1417 long_desc: The number of shards that a single user will span over in the usage log.
1418 fmt_desc: The maximum number of shards used for a single user's
1424 - rgw_enable_usage_log
1427 # enable logging every rgw operation
1428 - name: rgw_enable_ops_log
1431 desc: Enable ops log
1432 fmt_desc: Enable logging for each successful Ceph Object Gateway operation.
1437 - rgw_log_nonexistent_bucket
1438 - rgw_log_object_name
1440 - rgw_ops_log_socket_path
1441 - rgw_ops_log_file_path
1443 # enable logging bandwidth usage
1444 - name: rgw_enable_usage_log
1447 desc: Enable the usage log
1452 - rgw_usage_max_shards
1454 # whether ops log should go to rados
1455 - name: rgw_ops_log_rados
1458 desc: Use RADOS for ops log
1459 long_desc: If set, RGW will store ops log information in RADOS.
1460 fmt_desc: Whether the operations log should be written to the
1461 Ceph Storage Cluster backend.
1466 - rgw_enable_ops_log
1468 # path to unix domain socket where ops log can go
1469 - name: rgw_ops_log_socket_path
1472 desc: Unix domain socket path for ops log.
1473 long_desc: Path to unix domain socket that RGW will listen for connection on. When
1474 connected, RGW will send ops log data through it.
1475 fmt_desc: The Unix domain socket for writing operations logs.
1479 - rgw_enable_ops_log
1480 - rgw_ops_log_data_backlog
1482 # path to file where ops log can go
1483 - name: rgw_ops_log_file_path
1486 desc: File-system path for ops log.
1487 long_desc: Path to file that RGW will log ops logs to.
1488 fmt_desc: The file-system path for writing operations logs.
1492 - rgw_enable_ops_log
1494 # max data backlog for ops log
1495 - name: rgw_ops_log_data_backlog
1498 desc: Ops log socket backlog
1499 long_desc: Maximum amount of data backlog that RGW can keep when ops log is configured
1500 to send info through unix domain socket. When data backlog is higher than this,
1501 ops log entries will be lost. In order to avoid ops log information loss, the
1502 listener needs to clear data (by reading it) quickly enough.
1503 fmt_desc: The maximum data backlog data size for operations logs written
1504 to a Unix domain socket.
1509 - rgw_enable_ops_log
1510 - rgw_ops_log_socket_path
1512 - name: rgw_usage_log_flush_threshold
1515 desc: Number of entries in usage log before flushing
1516 long_desc: This is the max number of entries that will be held in the usage log,
1517 before it will be flushed to the backend. Note that the usage log is periodically
1518 flushed, even if number of entries does not reach this threshold. A usage log
1519 entry corresponds to one or more operations on a single bucket.i
1520 fmt_desc: The number of dirty merged entries in the usage log before
1521 flushing synchronously.
1526 - rgw_enable_usage_log
1527 - rgw_usage_log_tick_interval
1529 - name: rgw_usage_log_tick_interval
1532 desc: Number of seconds between usage log flush cycles
1533 long_desc: The number of seconds between consecutive usage log flushes. The usage
1534 log will also flush itself to the backend if the number of pending entries reaches
1535 a certain threshold.
1536 fmt_desc: Flush pending usage log data every ``n`` seconds.
1541 - rgw_enable_usage_log
1542 - rgw_usage_log_flush_threshold
1544 - name: rgw_init_timeout
1547 desc: Initialization timeout
1548 long_desc: The time length (in seconds) that RGW will allow for its initialization.
1549 RGW process will give up and quit if initialization is not complete after this
1551 fmt_desc: The number of seconds before Ceph Object Gateway gives up on
1557 - name: rgw_mime_types_file
1560 desc: Path to local mime types file
1561 long_desc: The mime types file is needed in Swift when uploading an object. If object's
1562 content type is not specified, RGW will use data from this file to assign a content
1564 fmt_desc: The path and location of the MIME-types file. Used for Swift
1565 auto-detection of object types.
1566 default: /etc/mime.types
1570 - name: rgw_gc_max_objs
1573 desc: Number of shards for garbage collector data
1574 long_desc: The number of garbage collector data shards, is the number of RADOS objects
1575 that RGW will use to store the garbage collection information on.
1576 fmt_desc: The maximum number of objects that may be handled by
1577 garbage collection in one garbage collection processing cycle.
1578 Please do not change this value after the first deployment.
1583 - rgw_gc_obj_min_wait
1584 - rgw_gc_processor_max_time
1585 - rgw_gc_processor_period
1586 - rgw_gc_max_concurrent_io
1588 # wait time before object may be handled by gc, recommended lower limit is 30 mins
1589 - name: rgw_gc_obj_min_wait
1592 desc: Garbage collection object expiration time
1593 long_desc: The length of time (in seconds) that the RGW collector will wait before
1594 purging a deleted object's data. RGW will not remove object immediately, as object
1595 could still have readers. A mechanism exists to increase the object's expiration
1596 time when it's being read. The recommended value of its lower limit is 30 minutes
1597 fmt_desc: The minimum wait time before a deleted object may be removed
1598 and handled by garbage collection processing.
1604 - rgw_gc_processor_max_time
1605 - rgw_gc_processor_period
1606 - rgw_gc_max_concurrent_io
1608 - name: rgw_gc_processor_max_time
1611 desc: Length of time GC processor can lease shard
1612 long_desc: Garbage collection thread in RGW process holds a lease on its data shards.
1613 These objects contain the information about the objects that need to be removed.
1614 RGW takes a lease in order to prevent multiple RGW processes from handling the
1615 same objects concurrently. This time signifies that maximum amount of time (in
1616 seconds) that RGW is allowed to hold that lease. In the case where RGW goes down
1617 uncleanly, this is the amount of time where processing of that data shard will
1619 fmt_desc: The maximum time between the beginning of two consecutive garbage
1620 collection processing cycles.
1626 - rgw_gc_obj_min_wait
1627 - rgw_gc_processor_period
1628 - rgw_gc_max_concurrent_io
1630 - name: rgw_gc_processor_period
1633 desc: Garbage collector cycle run time
1634 long_desc: The amount of time between the start of consecutive runs of the garbage
1635 collector threads. If garbage collector runs takes more than this period, it will
1636 not wait before running again.
1637 fmt_desc: The cycle time for garbage collection processing.
1643 - rgw_gc_obj_min_wait
1644 - rgw_gc_processor_max_time
1645 - rgw_gc_max_concurrent_io
1646 - rgw_gc_max_trim_chunk
1648 - name: rgw_gc_max_concurrent_io
1651 desc: Max concurrent RADOS IO operations for garbage collection
1652 long_desc: The maximum number of concurrent IO operations that the RGW garbage collection
1653 thread will use when purging old data.
1659 - rgw_gc_obj_min_wait
1660 - rgw_gc_processor_max_time
1661 - rgw_gc_max_trim_chunk
1663 - name: rgw_gc_max_trim_chunk
1666 desc: Max number of keys to remove from garbage collector log in a single operation
1672 - rgw_gc_obj_min_wait
1673 - rgw_gc_processor_max_time
1674 - rgw_gc_max_concurrent_io
1676 - name: rgw_gc_max_deferred_entries_size
1679 desc: maximum allowed size of deferred entries in queue head for gc
1684 - name: rgw_gc_max_queue_size
1687 desc: Maximum allowed queue size for gc
1688 long_desc: The maximum allowed size of each gc queue, and its value should not be
1689 greater than (osd_max_object_size - rgw_gc_max_deferred_entries_size - 1K).
1694 - osd_max_object_size
1695 - rgw_gc_max_deferred_entries_size
1697 - name: rgw_gc_max_deferred
1700 desc: Number of maximum deferred data entries to be stored in queue for gc
1705 - name: rgw_s3_success_create_obj_status
1708 desc: HTTP return code override for object creation
1709 long_desc: If not zero, this is the HTTP return code that will be returned on a
1710 successful S3 object creation.
1711 fmt_desc: The alternate success status response for ``create-obj``.
1716 - name: rgw_s3_client_max_sig_ver
1719 desc: Max S3 authentication signature version
1720 long_desc: If greater than zero, would force max signature version to use
1724 - name: rgw_resolve_cname
1727 desc: Support vanity domain names via CNAME
1728 long_desc: If true, RGW will query DNS when detecting that it's serving a request
1729 that was sent to a host in another domain. If a CNAME record is configured for
1730 that domain it will use it instead. This gives user to have the ability of creating
1731 a unique domain of their own to point at data in their bucket.
1732 fmt_desc: Whether ``rgw`` should use DNS CNAME record of the request
1733 hostname field (if hostname is not equal to ``rgw dns name``).
1738 - name: rgw_obj_stripe_size
1741 desc: RGW object stripe size
1742 long_desc: The size of an object stripe for RGW objects. This is the maximum size
1743 a backing RADOS object will have. RGW objects that are larger than this will span
1744 over multiple objects.
1745 fmt_desc: The size of an object stripe for Ceph Object Gateway objects.
1746 See `Architecture`_ for details on striping.
1751 # list of extended attrs that can be set on objects (beyond the default)
1752 - name: rgw_extended_http_attrs
1755 desc: RGW support extended HTTP attrs
1756 long_desc: Add new set of attributes that could be set on an object. These extra
1757 attributes can be set through HTTP header fields when putting the objects. If
1758 set, these attributes will return as HTTP fields when doing GET/HEAD on the object.
1759 fmt_desc: Add new set of attributes that could be set on an entity
1760 (user, bucket or object). These extra attributes can be set
1761 through HTTP header fields when putting the entity or modifying
1762 it using POST method. If set, these attributes will return as
1763 HTTP fields when doing GET/HEAD on the entity.
1766 example: content_foo, content_bar, x-foo-bar
1768 - name: rgw_exit_timeout_secs
1771 desc: RGW shutdown timeout
1772 long_desc: Number of seconds to wait for a process before exiting unconditionally.
1777 - name: rgw_get_obj_window_size
1780 desc: RGW object read window size
1781 long_desc: The window size in bytes for a single object read request
1786 - name: rgw_get_obj_max_req_size
1789 desc: RGW object read chunk size
1790 long_desc: The maximum request size of a single object read operation sent to RADOS
1791 fmt_desc: The maximum request size of a single get operation sent to the
1792 Ceph Storage Cluster.
1797 - name: rgw_relaxed_s3_bucket_names
1800 desc: RGW enable relaxed S3 bucket names
1801 long_desc: RGW enable relaxed S3 bucket name rules for US region buckets.
1802 fmt_desc: Enables relaxed S3 bucket names rules for US region buckets.
1807 - name: rgw_defer_to_bucket_acls
1810 desc: Bucket ACLs override object ACLs
1811 long_desc: If not empty, a string that selects that mode of operation. 'recurse'
1812 will use bucket's ACL for the authorizaton. 'full-control' will allow users that
1813 users that have full control permission on the bucket have access to the object.
1817 - name: rgw_list_buckets_max_chunk
1820 desc: Max number of buckets to retrieve in a single listing operation
1821 long_desc: When RGW fetches lists of user's buckets from the backend, this is the
1822 max number of entries it will try to retrieve in a single operation. Note that
1823 the backend may choose to return a smaller number of entries.
1824 fmt_desc: The maximum number of buckets to retrieve in a single operation
1825 when listing user buckets.
1830 - name: rgw_md_log_max_shards
1833 desc: RGW number of metadata log shards
1834 long_desc: The number of shards the RGW metadata log entries will reside in. This
1835 affects the metadata sync parallelism as a shard can only be processed by a single
1837 fmt_desc: The maximum number of shards for the metadata log.
1842 - name: rgw_curl_buffersize
1845 long_desc: 'Pass a long specifying your preferred size (in bytes) for the receivebuffer
1846 in libcurl. See: https://curl.se/libcurl/c/CURLOPT_BUFFERSIZE.html'
1853 - name: rgw_curl_wait_timeout_ms
1857 fmt_desc: The timeout in milliseconds for certain ``curl`` calls.
1861 - name: rgw_curl_low_speed_limit
1864 long_desc: It contains the average transfer speed in bytes per second that the transfer
1865 should be below during rgw_curl_low_speed_time seconds for libcurl to consider
1866 it to be too slow and abort. Set it zero to disable this.
1871 - name: rgw_curl_low_speed_time
1874 long_desc: It contains the time in number seconds that the transfer speed should
1875 be below the rgw_curl_low_speed_limit for the library to consider it too slow
1876 and abort. Set it zero to disable this.
1881 - name: rgw_copy_obj_progress
1884 desc: Send progress report through copy operation
1885 long_desc: If true, RGW will send progress information when copy operation is executed.
1886 fmt_desc: Enables output of object progress during long copy operations.
1891 - name: rgw_copy_obj_progress_every_bytes
1894 desc: Send copy-object progress info after these many bytes
1895 fmt_desc: The minimum bytes between copy progress output.
1900 - name: rgw_sync_obj_etag_verify
1903 desc: Verify if the object copied from remote is identical to its source
1904 long_desc: If true, this option computes the MD5 checksum of the data which is written
1905 at the destination and checks if it is identical to the ETAG stored in the source.
1906 It ensures integrity of the objects fetched from a remote server over HTTP including
1912 - name: rgw_obj_tombstone_cache_size
1915 desc: Max number of entries to keep in tombstone cache
1916 long_desc: The tombstone cache is used when doing a multi-zone data sync. RGW keeps
1917 there information about removed objects which is needed in order to prevent re-syncing
1918 of objects that were already removed.
1923 - name: rgw_data_log_window
1926 desc: Data log time window
1927 long_desc: The data log keeps information about buckets that have objectst that
1928 were modified within a specific timeframe. The sync process then knows which buckets
1929 are needed to be scanned for data sync.
1930 fmt_desc: The data log entries window in seconds.
1935 - name: rgw_data_log_changes_size
1938 desc: Max size of pending changes in data log
1939 long_desc: RGW will trigger update to the data log if the number of pending entries
1940 reached this number.
1941 fmt_dsec: The number of in-memory entries to hold for the data changes log.
1946 - name: rgw_data_log_num_shards
1949 desc: Number of data log shards
1950 long_desc: The number of shards the RGW data log entries will reside in. This affects
1951 the data sync parallelism as a shard can only be processed by a single RGW at
1953 fmt_desc: The number of shards (objects) on which to keep the
1959 - name: rgw_data_log_obj_prefix
1963 fmt_desc: The object name prefix for the data log.
1967 - name: rgw_bucket_quota_ttl
1970 desc: Bucket quota stats cache TTL
1971 long_desc: Length of time for bucket stats to be cached within RGW instance.
1972 fmt_desc: The amount of time in seconds cached quota information is
1973 trusted. After this timeout, the quota information will be
1974 re-fetched from the cluster.
1979 - name: rgw_bucket_quota_cache_size
1982 desc: RGW quota stats cache size
1983 long_desc: Maximum number of entries in the quota stats cache.
1988 - name: rgw_bucket_default_quota_max_objects
1991 desc: Default quota for max objects in a bucket
1992 long_desc: The default quota configuration for max number of objects in a bucket.
1993 A negative number means 'unlimited'.
1994 fmt_desc: Default max number of objects per bucket. Set on new users,
1995 if no other quota is specified. Has no effect on existing users.
1996 This variable should be set in the client or global sections
1997 so that it is automatically applied to radosgw-admin commands.
2002 - name: rgw_bucket_default_quota_max_size
2005 desc: Default quota for total size in a bucket
2006 long_desc: The default quota configuration for total size of objects in a bucket.
2007 A negative number means 'unlimited'.
2008 fmt_desc: Default max capacity per bucket, in bytes. Set on new users,
2009 if no other quota is specified. Has no effect on existing users.
2014 - name: rgw_expose_bucket
2017 desc: Send Bucket HTTP header with the response
2018 long_desc: If true, RGW will send a Bucket HTTP header with the responses. The header
2019 will contain the name of the bucket the operation happened on.
2024 - name: rgw_frontends
2027 desc: RGW frontends configuration
2028 long_desc: A comma delimited list of frontends configuration. Each configuration
2029 contains the type of the frontend followed by an optional space delimited set
2030 of key=value config parameters.
2031 fmt_desc: Configures the HTTP frontend(s). The configuration for multiple
2032 frontends can be provided in a comma-delimited list. Each frontend
2033 configuration may include a list of options separated by spaces,
2034 where each option is in the form "key=value" or "key". See
2035 `HTTP Frontends`_ for more on supported options.
2036 default: beast port=7480
2040 - name: rgw_frontend_defaults
2043 desc: RGW frontends default configuration
2044 long_desc: A comma delimited list of default frontends configuration.
2045 default: beast ssl_certificate=config://rgw/cert/$realm/$zone.crt ssl_private_key=config://rgw/cert/$realm/$zone.key
2048 - name: rgw_beast_enable_async
2051 desc: Enable async request processing under beast using coroutines
2052 long_desc: When enabled, the beast frontend will process requests using
2053 coroutines, allowing the concurrent processing of several requests on the
2054 same thread. When disabled, the number of concurrent requests will be
2055 limited by the thread count, but debugging and tracing the synchronous
2056 calls can be easier.
2061 - name: rgw_user_quota_bucket_sync_interval
2064 desc: User quota bucket sync interval
2065 long_desc: Time period for accumulating modified buckets before syncing these stats.
2066 fmt_desc: The amount of time in seconds bucket quota information is
2067 accumulated before syncing to the cluster. During this time,
2068 other RGW instances will not see the changes in bucket quota
2069 stats from operations on this instance.
2074 - name: rgw_user_quota_sync_interval
2077 desc: User quota sync interval
2078 long_desc: Time period for accumulating modified buckets before syncing entire user
2080 fmt_desc: The amount of time in seconds user quota information is
2081 accumulated before syncing to the cluster. During this time,
2082 other RGW instances will not see the changes in user quota stats
2083 from operations on this instance.
2088 - name: rgw_user_quota_sync_idle_users
2091 desc: Should sync idle users quota
2092 long_desc: Whether stats for idle users be fully synced.
2097 - name: rgw_user_quota_sync_wait_time
2100 desc: User quota full-sync wait time
2101 long_desc: Minimum time between two full stats sync for non-idle users.
2106 - name: rgw_user_default_quota_max_objects
2109 desc: User quota max objects
2110 long_desc: The default quota configuration for total number of objects for a single
2111 user. A negative number means 'unlimited'.
2112 fmt_desc: Default max number of objects for a user. This includes all
2113 objects in all buckets owned by the user. Set on new users,
2114 if no other quota is specified. Has no effect on existing users.
2119 - name: rgw_user_default_quota_max_size
2122 desc: User quota max size
2123 long_desc: The default quota configuration for total size of objects for a single
2124 user. A negative number means 'unlimited'.
2125 fmt_desc: The value for user max size quota in bytes set on new users,
2126 if no other quota is specified. Has no effect on existing users.
2131 - name: rgw_multipart_min_part_size
2134 desc: Minimum S3 multipart-upload part size
2135 long_desc: When doing a multipart upload, each part (other than the last part) must
2136 be at least this size.
2141 - name: rgw_multipart_part_upload_limit
2144 desc: Max number of parts in multipart upload
2149 - name: rgw_max_slo_entries
2152 desc: Max number of entries in Swift Static Large Object manifest
2157 - name: rgw_olh_pending_timeout_sec
2160 desc: Max time for pending OLH change to complete
2161 long_desc: OLH is a versioned object's logical head. Operations on it are journaled
2162 and as pending before completion. If an operation doesn't complete with this amount
2163 of seconds, we remove the operation from the journal.
2168 - name: rgw_user_max_buckets
2171 desc: Max number of buckets per user
2172 long_desc: A user can create at most this number of buckets. Zero means no limit;
2173 a negative value means users cannot create any new buckets, although users will
2174 retain buckets already created.
2179 - name: rgw_objexp_gc_interval
2182 desc: Swift objects expirer garbage collector interval
2187 - name: rgw_objexp_hints_num_shards
2190 desc: Number of object expirer data shards
2191 long_desc: The number of shards the (Swift) object expirer will store its data on.
2196 # maximum number of entries in a single operation when processing objexp data
2197 - name: rgw_objexp_chunk_size
2204 - name: rgw_enable_static_website
2207 desc: Enable static website APIs
2208 long_desc: This configurable controls whether RGW handles the website control APIs.
2209 RGW can server static websites if s3website hostnames are configured, and unrelated
2210 to this configurable.
2215 - name: rgw_user_unique_email
2218 desc: Require local RGW users to have unique email addresses
2219 long_desc: Enforce builtin user accounts to have unique email addresses. This setting
2220 is historical. In future, non-enforcement of email address uniqueness is likely
2221 to become the default.
2225 - name: rgw_log_http_headers
2228 desc: List of HTTP headers to log
2229 long_desc: A comma delimited list of HTTP headers to log when seen, ignores case
2230 (e.g., http_x_forwarded_for).
2231 fmt_desc: Comma-delimited list of HTTP headers to include with ops
2232 log entries. Header names are case insensitive, and use
2233 the full header name with words separated by underscores.
2234 example: http_x_forwarded_for, http_x_special_k
2238 - name: rgw_num_async_rados_threads
2241 desc: Number of concurrent RADOS operations in multisite sync
2242 long_desc: The number of concurrent RADOS IO operations that will be triggered for
2243 handling multisite sync operations. This includes control related work, and not
2244 the actual sync operations.
2249 - name: rgw_md_notify_interval_msec
2252 desc: Length of time to aggregate metadata changes
2253 long_desc: Length of time (in milliseconds) in which the master zone aggregates
2254 all the metadata changes that occurred, before sending notifications to all the
2260 - name: rgw_run_sync_thread
2263 desc: Should run sync thread
2264 fmt_desc: If there are other zones in the realm to sync from, spawn threads
2265 to handle the sync of data and metadata.
2270 - name: rgw_sync_lease_period
2277 - name: rgw_sync_log_trim_interval
2280 desc: Sync log trim interval
2281 long_desc: Time in seconds between attempts to trim sync logs.
2286 - name: rgw_sync_log_trim_max_buckets
2289 desc: Maximum number of buckets to trim per interval
2290 long_desc: The maximum number of buckets to consider for bucket index log trimming
2291 each trim interval, regardless of the number of bucket index shards. Priority
2292 is given to buckets with the most sync activity over the last trim interval.
2297 - rgw_sync_log_trim_interval
2298 - rgw_sync_log_trim_min_cold_buckets
2299 - rgw_sync_log_trim_concurrent_buckets
2300 - name: rgw_sync_log_trim_min_cold_buckets
2303 desc: Minimum number of cold buckets to trim per interval
2304 long_desc: Of the `rgw_sync_log_trim_max_buckets` selected for bucket index log
2305 trimming each trim interval, at least this many of them must be 'cold' buckets.
2306 These buckets are selected in order from the list of all bucket instances, to
2307 guarantee that all buckets will be visited eventually.
2312 - rgw_sync_log_trim_interval
2313 - rgw_sync_log_trim_max_buckets
2314 - rgw_sync_log_trim_concurrent_buckets
2315 - name: rgw_sync_log_trim_concurrent_buckets
2318 desc: Maximum number of buckets to trim in parallel
2323 - rgw_sync_log_trim_interval
2324 - rgw_sync_log_trim_max_buckets
2325 - rgw_sync_log_trim_min_cold_buckets
2326 - name: rgw_sync_data_inject_err_probability
2333 - name: rgw_sync_meta_inject_err_probability
2340 - name: rgw_sync_trace_history_size
2343 desc: Sync trace history size
2344 long_desc: Maximum number of complete sync trace entries to keep.
2349 - name: rgw_sync_trace_per_node_log_size
2352 desc: Sync trace per-node log size
2353 long_desc: The number of log entries to keep per sync-trace node.
2358 - name: rgw_sync_trace_servicemap_update_interval
2361 desc: Sync-trace service-map update interval
2362 long_desc: Number of seconds between service-map updates of sync-trace events.
2367 - name: rgw_period_push_interval
2370 desc: Period push interval
2371 long_desc: Number of seconds to wait before retrying 'period push' operation.
2376 - name: rgw_period_push_interval_max
2379 desc: Period push maximum interval
2380 long_desc: The max number of seconds to wait before retrying 'period push' after
2381 exponential backoff.
2386 - name: rgw_safe_max_objects_per_shard
2389 desc: Safe number of objects per shard
2390 long_desc: This is the max number of objects per bucket index shard that RGW considers
2391 safe. RGW will warn if it identifies a bucket where its per-shard count is higher
2392 than a percentage of this number.
2397 - rgw_shard_warning_threshold
2399 # pct of safe max at which to warn
2400 - name: rgw_shard_warning_threshold
2403 desc: Warn about max objects per shard
2404 long_desc: Warn if number of objects per shard in a specific bucket passed this
2405 percentage of the safe number.
2410 - rgw_safe_max_objects_per_shard
2412 - name: rgw_swift_versioning_enabled
2415 desc: Enable Swift versioning
2417 Enables the Object Versioning of OpenStack Object Storage API.
2418 This allows clients to put the ``X-Versions-Location`` attribute
2419 on containers that should be versioned. The attribute specifies
2420 the name of container storing archived versions. It must be owned
2421 by the same user that the versioned container due to access
2422 control verification - ACLs are NOT taken into consideration.
2423 Those containers cannot be versioned by the S3 object versioning
2426 A slightly different attribute, ``X-History-Location``, which is also understood by
2427 `OpenStack Swift <https://docs.openstack.org/swift/latest/api/object_versioning.html>`_
2428 for handling ``DELETE`` operations, is currently not supported.
2433 - name: rgw_swift_custom_header
2436 desc: Enable swift custom header
2437 long_desc: If not empty, specifies a name of HTTP header that can include custom
2438 data. When uploading an object, if this header is passed RGW will store this header
2439 info and it will be available when listing the bucket.
2443 - name: rgw_swift_need_stats
2446 desc: Enable stats on bucket listing in Swift
2451 - name: rgw_reshard_num_logs
2459 - name: rgw_reshard_bucket_lock_duration
2462 desc: Number of seconds the timeout on the reshard locks (bucket reshard lock and
2463 reshard log lock) are set to. As a reshard proceeds these locks can be renewed/extended.
2464 If too short, reshards cannot complete and will fail, causing a future reshard
2465 attempt. If too long a hung or crashed reshard attempt will keep the bucket locked
2466 for an extended period, not allowing RGW to detect the failed reshard attempt
2475 - name: rgw_reshard_batch_size
2478 desc: Number of reshard entries to batch together before sending the operations
2487 - name: rgw_reshard_max_aio
2490 desc: Maximum number of outstanding asynchronous I/O operations to allow at a time
2499 - name: rgw_trust_forwarded_https
2502 desc: Trust Forwarded and X-Forwarded-Proto headers
2503 long_desc: When a proxy in front of radosgw is used for ssl termination, radosgw
2504 does not know whether incoming http connections are secure. Enable this option
2505 to trust the Forwarded and X-Forwarded-Proto headers sent by the proxy when determining
2506 whether the connection is secure. This is required for some features, such as
2507 server side encryption. (Never enable this setting if you do not have a trusted
2508 proxy in front of radosgw, or else malicious users will be able to set these headers
2510 fmt_desc: When a proxy in front of radosgw is used for ssl termination, radosgw
2511 does not know whether incoming http connections are secure. Enable
2512 this option to trust the ``Forwarded`` and ``X-Forwarded-Proto`` headers
2513 sent by the proxy when determining whether the connection is secure.
2514 This is required for some features, such as server side encryption.
2515 (Never enable this setting if you do not have a trusted proxy in front of
2516 radosgw, or else malicious users will be able to set these headers in
2522 - rgw_crypt_require_ssl
2524 - name: rgw_crypt_require_ssl
2527 desc: Requests including encryption key headers must be sent over ssl
2532 # base64 encoded key for encryption of rgw objects
2533 - name: rgw_crypt_default_encryption_key
2539 - name: rgw_crypt_s3_kms_backend
2542 desc: Where the SSE-KMS encryption keys are stored. Supported KMS systems are OpenStack
2543 Barbican ('barbican', the default) and HashiCorp Vault ('vault').
2544 fmt_desc: Where the SSE-KMS encryption keys are stored. Supported KMS
2545 systems are OpenStack Barbican (``barbican``, the default) and
2546 HashiCorp Vault (``vault``).
2556 # extra keys that may be used for aws:kms
2557 # defined as map "key1=YmluCmJvb3N0CmJvb3N0LQ== key2=b3V0CnNyYwpUZXN0aW5nCg=="
2558 - name: rgw_crypt_s3_kms_encryption_keys
2564 - name: rgw_crypt_vault_auth
2567 desc: Type of authentication method to be used with Vault.
2568 fmt_desc: Type of authentication method to be used. The only method
2569 currently supported is ``token``.
2574 - rgw_crypt_s3_kms_backend
2575 - rgw_crypt_vault_addr
2576 - rgw_crypt_vault_token_file
2581 - name: rgw_crypt_vault_token_file
2584 desc: If authentication method is 'token', provide a path to the token file, which
2585 for security reasons should readable only by Rados Gateway.
2589 - rgw_crypt_s3_kms_backend
2590 - rgw_crypt_vault_auth
2591 - rgw_crypt_vault_addr
2593 - name: rgw_crypt_vault_addr
2596 desc: Vault server base address.
2597 fmt_desc: Vault server base address, e.g. ``http://vaultserver:8200``.
2601 - rgw_crypt_s3_kms_backend
2602 - rgw_crypt_vault_auth
2603 - rgw_crypt_vault_prefix
2605 # Optional URL prefix to Vault secret path
2606 - name: rgw_crypt_vault_prefix
2609 desc: Vault secret URL prefix, which can be used to restrict access to a particular
2610 subset of the Vault secret space.
2611 fmt_desc: The Vault secret URL prefix, which can be used to restrict access
2612 to a particular subset of the secret space, e.g. ``/v1/secret/data``.
2616 - rgw_crypt_s3_kms_backend
2617 - rgw_crypt_vault_addr
2618 - rgw_crypt_vault_auth
2620 # kv, transit or other supported secret engines
2621 - name: rgw_crypt_vault_secret_engine
2624 desc: Vault Secret Engine to be used to retrieve encryption keys.
2626 Vault Secret Engine to be used to retrieve encryption keys: choose
2627 between kv-v2, transit.
2632 - rgw_crypt_s3_kms_backend
2633 - rgw_crypt_vault_auth
2634 - rgw_crypt_vault_addr
2636 # Vault Namespace (only availabe in Vault Enterprise Version)
2637 - name: rgw_crypt_vault_namespace
2640 desc: Vault Namespace to be used to select your tenant
2641 fmt_desc: If set, Vault Namespace provides tenant isolation for teams and individuals
2642 on the same Vault Enterprise instance, e.g. ``acme/tenant1``
2646 - rgw_crypt_s3_kms_backend
2647 - rgw_crypt_vault_auth
2648 - rgw_crypt_vault_addr
2650 # Enable TLS authentication rgw and vault
2651 - name: rgw_crypt_vault_verify_ssl
2654 desc: Should RGW verify the vault server SSL certificate.
2660 - name: rgw_crypt_vault_ssl_cacert
2663 desc: Path for custom ca certificate for accessing vault server
2667 - name: rgw_crypt_vault_ssl_clientcert
2670 desc: Path for custom client certificate for accessing vault server
2674 - name: rgw_crypt_vault_ssl_clientkey
2677 desc: Path for private key required for client cert
2681 - name: rgw_crypt_kmip_addr
2684 desc: kmip server address
2688 - name: rgw_crypt_kmip_ca_path
2691 desc: ca for kmip servers
2695 - name: rgw_crypt_kmip_username
2698 desc: when authenticating via username
2702 - name: rgw_crypt_kmip_password
2705 desc: optional w/ username
2709 - name: rgw_crypt_kmip_client_cert
2712 desc: connect using client certificate
2716 - name: rgw_crypt_kmip_client_key
2719 desc: connect using client certificate
2723 - name: rgw_crypt_kmip_kms_key_template
2726 desc: sse-kms; kmip key names
2730 - name: rgw_crypt_kmip_s3_key_template
2733 desc: sse-s3; kmip key template
2738 - name: rgw_crypt_suppress_logs
2741 desc: Suppress logs that might print client key
2746 - name: rgw_list_bucket_min_readahead
2749 desc: Minimum number of entries to request from rados for bucket listing
2754 - name: rgw_rest_getusage_op_compat
2757 desc: REST GetUsage request backward compatibility
2762 # The following are tunables for torrent data
2763 - name: rgw_torrent_flag
2766 desc: When true, uploaded objects will calculate and store a SHA256 hash of object
2767 data so the object can be retrieved as a torrent file
2772 - name: rgw_torrent_tracker
2775 desc: Torrent field announce and announce list
2779 - name: rgw_torrent_createby
2782 desc: torrent field created by
2786 - name: rgw_torrent_comment
2789 desc: Torrent field comment
2793 - name: rgw_torrent_encoding
2796 desc: torrent field encoding
2800 - name: rgw_data_notify_interval_msec
2803 desc: data changes notification interval to followers
2804 long_desc: In multisite, radosgw will occasionally broadcast new entries in its
2805 data changes log to peer zones, so they can prioritize sync of some
2806 of the most recent changes. Can be disabled with 0.
2811 - name: rgw_torrent_origin
2814 desc: Torrent origin
2818 - name: rgw_torrent_sha_unit
2825 - name: rgw_dynamic_resharding
2828 desc: Enable dynamic resharding
2829 long_desc: If true, RGW will dynamically increase the number of shards in buckets
2830 that have a high number of objects per shard.
2835 - rgw_max_objs_per_shard
2836 - rgw_max_dynamic_shards
2837 - name: rgw_max_objs_per_shard
2840 desc: Max objects per shard for dynamic resharding
2841 long_desc: This is the max number of objects per bucket index shard that RGW will
2842 allow with dynamic resharding. RGW will trigger an automatic reshard operation
2843 on the bucket if it exceeds this number.
2848 - rgw_dynamic_resharding
2849 - rgw_max_dynamic_shards
2850 - name: rgw_max_dynamic_shards
2853 desc: Max shards that dynamic resharding can create
2854 long_desc: This is the maximum number of bucket index shards that dynamic sharding
2855 is able to create on its own. This does not limit user requested resharding. Ideally
2856 this value is a prime number.
2861 - rgw_dynamic_resharding
2862 - rgw_max_objs_per_shard
2864 - name: rgw_reshard_thread_interval
2867 desc: Number of seconds between processing of reshard log entries
2872 - name: rgw_cache_expiry_interval
2875 desc: Number of seconds before entries in the cache are assumed stale and re-fetched.
2877 long_desc: The Rados Gateway stores metadata and objects in an internal cache. This
2878 should be kept consistent by the OSD's relaying notify events between multiple
2879 watching RGW processes. In the event that this notification protocol fails, bounding
2880 the length of time that any data in the cache will be assumed valid will ensure
2881 that any RGW instance that falls out of sync will eventually recover. This seems
2882 to be an issue mostly for large numbers of RGW instances under heavy use. If you
2883 would like to turn off cache expiry, set this value to zero.
2890 - name: rgw_inject_notify_timeout_probability
2893 desc: Likelihood of ignoring a notify
2894 long_desc: This is the probability that the RGW cache will ignore a cache notify
2895 message. It exists to help with the development and testing of cache consistency
2896 and recovery improvements. Please do not set it in a production cluster, as it
2897 actively causes failures. Set this to a floating point value between 0 and 1.
2907 - name: rgw_max_notify_retries
2910 desc: Number of attempts to notify peers before giving up.
2911 long_desc: The number of times we will attempt to update a peer's cache in the event
2912 of error before giving up. This is unlikely to be an issue unless your cluster
2913 is very heavily loaded. Beware that increasing this value may cause some operations
2914 to take longer in exceptional cases and thus may, rarely, cause clients to time
2922 - name: rgw_sts_entry
2925 desc: STS URL prefix
2926 long_desc: URL path prefix for internal STS requests.
2935 long_desc: Key used for encrypting/ decrypting session token.
2940 # should we try to use sts for s3?
2941 - name: rgw_s3_auth_use_sts
2944 desc: Should S3 authentication use STS.
2949 - name: rgw_sts_max_session_duration
2952 desc: Session token max duration
2953 long_desc: Max duration in seconds for which the session token is valid.
2958 - name: rgw_sts_min_session_duration
2961 desc: Minimum allowed duration of a session
2966 - name: rgw_max_listing_results
2969 desc: Upper bound on results in listing operations, ListBucket max-keys
2970 long_desc: This caps the maximum permitted value for listing-like operations in
2971 RGW S3. Affects ListBucket(max-keys), ListBucketVersions(max-keys), ListBucketMultipartUploads(max-uploads),
2972 ListMultipartUploadParts(max-parts)
2979 - name: rgw_sts_token_introspection_url
2982 desc: STS Web Token introspection URL
2983 long_desc: URL for introspecting an STS Web Token.
2987 - name: rgw_sts_client_id
2991 long_desc: Client Id needed for introspecting a Web Token.
2995 - name: rgw_sts_client_secret
2999 long_desc: Client Secret needed for introspecting a Web Token.
3003 - name: rgw_max_concurrent_requests
3006 desc: Maximum number of concurrent HTTP requests.
3007 long_desc: Maximum number of concurrent HTTP requests that the beast frontend will
3008 process. Tuning this can help to limit memory usage under heavy load.
3016 - name: rgw_scheduler_type
3019 desc: Set the type of dmclock scheduler, defaults to throttler Other valid values
3020 are dmclock which is experimental
3022 The RGW scheduler to use. Valid values are ``throttler` and
3023 ``dmclock``. Currently defaults to ``throttler`` which throttles Beast
3024 frontend requests. ``dmclock` is *experimental* and requires the
3025 ``dmclock`` to be included in the ``experimental_feature_enabled``
3026 configuration option.
3028 The options below tune the experimental dmclock scheduler. For
3029 additional reading on dmclock, see :ref:`dmclock-qos`. `op_class` for the flags below is
3030 one of ``admin``, ``auth``, ``metadata``, or ``data``.
3034 - name: rgw_dmclock_admin_res
3037 desc: mclock reservation for admin requests
3042 - rgw_dmclock_admin_wgt
3043 - rgw_dmclock_admin_lim
3044 - name: rgw_dmclock_admin_wgt
3047 desc: mclock weight for admin requests
3052 - rgw_dmclock_admin_res
3053 - rgw_dmclock_admin_lim
3054 - name: rgw_dmclock_admin_lim
3057 desc: mclock limit for admin requests
3062 - rgw_dmclock_admin_res
3063 - rgw_dmclock_admin_wgt
3064 - name: rgw_dmclock_auth_res
3067 desc: mclock reservation for object data requests
3072 - rgw_dmclock_auth_wgt
3073 - rgw_dmclock_auth_lim
3074 - name: rgw_dmclock_auth_wgt
3077 desc: mclock weight for object data requests
3082 - rgw_dmclock_auth_res
3083 - rgw_dmclock_auth_lim
3084 - name: rgw_dmclock_auth_lim
3087 desc: mclock limit for object data requests
3092 - rgw_dmclock_auth_res
3093 - rgw_dmclock_auth_wgt
3094 - name: rgw_dmclock_data_res
3097 desc: mclock reservation for object data requests
3102 - rgw_dmclock_data_wgt
3103 - rgw_dmclock_data_lim
3104 - name: rgw_dmclock_data_wgt
3107 desc: mclock weight for object data requests
3112 - rgw_dmclock_data_res
3113 - rgw_dmclock_data_lim
3114 - name: rgw_dmclock_data_lim
3117 desc: mclock limit for object data requests
3122 - rgw_dmclock_data_res
3123 - rgw_dmclock_data_wgt
3124 - name: rgw_dmclock_metadata_res
3127 desc: mclock reservation for metadata requests
3132 - rgw_dmclock_metadata_wgt
3133 - rgw_dmclock_metadata_lim
3134 - name: rgw_dmclock_metadata_wgt
3137 desc: mclock weight for metadata requests
3142 - rgw_dmclock_metadata_res
3143 - rgw_dmclock_metadata_lim
3144 - name: rgw_dmclock_metadata_lim
3147 desc: mclock limit for metadata requests
3152 - rgw_dmclock_metadata_res
3153 - rgw_dmclock_metadata_wgt
3154 - name: rgw_default_data_log_backing
3157 desc: Default backing store for the RGW data sync log
3158 long_desc: Whether to use the older OMAP backing store or the high performance FIFO
3159 based backing store by default. This only covers the creation of the log on startup
3167 - name: rgw_d3n_l1_local_datacache_enabled
3170 desc: Enable datacenter-scale dataset delivery local cache
3175 - name: rgw_d3n_l1_datacache_persistent_path
3178 desc: path for the directory for storing the local cache objects data
3179 default: /tmp/rgw_datacache/
3183 - name: rgw_d3n_l1_datacache_size
3186 desc: datacache maximum size on disk in bytes
3191 - name: rgw_d3n_l1_evict_cache_on_start
3194 desc: clear the content of the persistent data cache directory on start
3199 - name: rgw_d3n_l1_fadvise
3202 desc: posix_fadvise() flag for access pattern of cache files
3203 long_desc: for example to bypass the page-cache -
3204 POSIX_FADV_DONTNEED=4
3209 - name: rgw_d3n_l1_eviction_policy
3212 desc: select the d3n cache eviction policy
3220 - name: rgw_d3n_libaio_aio_threads
3223 desc: specifies the maximum number of worker threads that may be used by libaio
3228 - rgw_thread_pool_size
3230 - name: rgw_d3n_libaio_aio_num
3233 desc: specifies the maximum number of simultaneous I/O requests that libaio expects to enqueue
3238 - rgw_thread_pool_size
3240 - name: rgw_backend_store
3243 desc: experimental Option to set backend store type
3244 long_desc: defaults to rados. Other valid values are dbstore(experimental).
3251 - name: rgw_luarocks_location
3254 desc: Directory where luarocks install packages from allowlist
3255 default: @rgw_luarocks_location@