]> git.proxmox.com Git - ceph.git/blame - ceph/src/common/options/rgw.yaml.in
projects / ceph.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
import ceph quincy 17.2.4
[ceph.git] / ceph / src / common / options / rgw.yaml.in
CommitLineData
20effc67
TL		 1# -*- mode: YAML -*-
2---
3
4options:
5# According to AWS S3(http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html),
6# An ACL can have up to 100 grants.
7- name: rgw_acl_grants_max_num
8 type: int
9 level: advanced
10 desc: Max number of ACL grants in a single request
11 default: 100
12 services:
13 - rgw
14 with_legacy: true
15# According to AWS S3(http://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html),
16# An cors can have up to 100 rules.
17- name: rgw_cors_rules_max_num
18 type: int
19 level: advanced
20 desc: Max number of cors rules in a single request
21 default: 100
22 services:
23 - rgw
24 with_legacy: true
25# According to AWS S3(https://docs.aws.amazon.com/AmazonS3/latest/dev/DeletingObjects.html),
26# Amazon S3 also provides the Multi-Object Delete API that you can use to delete up to 1000
27# objects in a single HTTP request.
28- name: rgw_delete_multi_obj_max_num
29 type: int
30 level: advanced
31 desc: Max number of objects in a single multi-object delete request
32 default: 1000
33 services:
34 - rgw
35 with_legacy: true
36# According to AWS S3, An website routing config can have up to 50 rules.
37- name: rgw_website_routing_rules_max_num
38 type: int
39 level: advanced
40 desc: Max number of website routing rules in a single request
41 default: 50
42 services:
43 - rgw
44 with_legacy: true
45- name: rgw_rados_tracing
46 type: bool
47 level: advanced
48 desc: true if LTTng-UST tracepoints should be enabled
49 default: false
50 services:
51 - rgw
52- name: rgw_op_tracing
53 type: bool
54 level: advanced
55 desc: true if LTTng-UST tracepoints should be enabled
56 default: false
57 services:
58 - rgw
59- name: rgw_max_chunk_size
60 type: size
61 level: advanced
62 desc: Set RGW max chunk size
63 long_desc: The chunk size is the size of RADOS I/O requests that RGW sends when
64 accessing data objects. RGW read and write operations will never request more than
65 this amount in a single request. This also defines the RGW head object size, as
66 head operations need to be atomic, and anything larger than this would require
67 more than a single operation. When RGW objects are written to the default
68 storage class, up to this amount of payload data will be stored alongside
69 metadata in the head object.
70 default: 4_M
71 services:
72 - rgw
73 with_legacy: true
74- name: rgw_put_obj_min_window_size
75 type: size
76 level: advanced
77 desc: The minimum RADOS write window size (in bytes).
78 long_desc: The window size determines the total concurrent RADOS writes of a single
79 RGW object. When writing an object RGW will send multiple chunks to RADOS. The
80 total size of the writes does not exceed the window size. The window size may
81 be adjusted dynamically in order to better utilize the pipe.
82 default: 16_M
83 services:
84 - rgw
85 see_also:
86 - rgw_put_obj_max_window_size
87 - rgw_max_chunk_size
88 with_legacy: true
89- name: rgw_put_obj_max_window_size
90 type: size
91 level: advanced
92 desc: The maximum RADOS write window size (in bytes).
93 long_desc: The window size may be dynamically adjusted, but will not surpass this
94 value.
95 default: 64_M
96 services:
97 - rgw
98 see_also:
99 - rgw_put_obj_min_window_size
100 - rgw_max_chunk_size
101 with_legacy: true
102- name: rgw_max_put_size
103 type: size
104 level: advanced
105 desc: Max size (in bytes) of regular (non multi-part) object upload.
106 long_desc: Plain object upload is capped at this amount of data. In order to upload
107 larger objects, a special upload mechanism is required. The S3 API provides the
108 multi-part upload, and Swift provides DLO and SLO.
109 default: 5_G
110 services:
111 - rgw
112 with_legacy: true
113- name: rgw_max_put_param_size
114 type: size
115 level: advanced
116 desc: The maximum size (in bytes) of data input of certain RESTful requests.
117 default: 1_M
118 services:
119 - rgw
120 with_legacy: true
121- name: rgw_max_attr_size
122 type: size
123 level: advanced
124 desc: The maximum length of metadata value. 0 skips the check
125 default: 0
126 services:
127 - rgw
128 with_legacy: true
129- name: rgw_max_attr_name_len
130 type: size
131 level: advanced
132 desc: The maximum length of metadata name. 0 skips the check
133 default: 0
134 services:
135 - rgw
136 with_legacy: true
137- name: rgw_max_attrs_num_in_req
138 type: uint
139 level: advanced
140 desc: The maximum number of metadata items that can be put via single request
141 default: 0
142 services:
143 - rgw
144 with_legacy: true
145# override max bucket index shards in zone configuration (if not zero)
146#
147# Represents the number of shards for the bucket index object, a value of zero
148# indicates there is no sharding. By default (no sharding, the name of the object
149# is '.dir.{marker}', with sharding, the name is '.dir.{markder}.{sharding_id}',
150# sharding_id is zero-based value. It is not recommended to set a too large value
151# (e.g. thousand) as it increases the cost for bucket listing.
152- name: rgw_override_bucket_index_max_shards
153 type: uint
154 level: dev
155 desc: The default number of bucket index shards for newly-created buckets. This
156 value overrides bucket_index_max_shards stored in the zone. Setting this value
157 in the zone is preferred, because it applies globally to all radosgw daemons running
158 in the zone.
159 fmt_desc: Represents the number of shards for the bucket index object,
160 a value of zero indicates there is no sharding. It is not
161 recommended to set a value too large (e.g. thousand) as it
162 increases the cost for bucket listing.
163 This variable should be set in the client or global sections
164 so that it is automatically applied to radosgw-admin commands.
165 default: 0
166 services:
167 - rgw
168 with_legacy: true
169# Represents the maximum AIO pending requests for the bucket index object shards.
170- name: rgw_bucket_index_max_aio
171 type: uint
172 level: advanced
173 desc: Max number of concurrent RADOS requests when handling bucket shards.
174 default: 128
175 services:
176 - rgw
177 with_legacy: true
178# whether or not the quota/gc threads should be started
179- name: rgw_enable_quota_threads
180 type: bool
181 level: advanced
182 desc: Enables the quota maintenance thread.
183 long_desc: The quota maintenance thread is responsible for quota related maintenance
184 work. The thread itself can be disabled, but in order for quota to work correctly,
185 at least one RGW in each zone needs to have this thread running. Having the thread
186 enabled on multiple RGW processes within the same zone can spread some of the
187 maintenance work between them.
188 default: true
189 services:
190 - rgw
191 see_also:
192 - rgw_enable_gc_threads
193 - rgw_enable_lc_threads
194 with_legacy: true
195- name: rgw_enable_gc_threads
196 type: bool
197 level: advanced
198 desc: Enables the garbage collection maintenance thread.
199 long_desc: The garbage collection maintenance thread is responsible for garbage
200 collector maintenance work. The thread itself can be disabled, but in order for
201 garbage collection to work correctly, at least one RGW in each zone needs to have
202 this thread running. Having the thread enabled on multiple RGW processes within
203 the same zone can spread some of the maintenance work between them.
204 default: true
205 services:
206 - rgw
207 see_also:
208 - rgw_enable_quota_threads
209 - rgw_enable_lc_threads
210 with_legacy: true
211- name: rgw_enable_lc_threads
212 type: bool
213 level: advanced
214 desc: Enables the lifecycle maintenance thread. This is required on at least one
215 rgw for each zone.
216 long_desc: The lifecycle maintenance thread is responsible for lifecycle related
217 maintenance work. The thread itself can be disabled, but in order for lifecycle
218 to work correctly, at least one RGW in each zone needs to have this thread running.
219 Havingthe thread enabled on multiple RGW processes within the same zone can spread
220 some of the maintenance work between them.
221 default: true
222 services:
223 - rgw
224 see_also:
225 - rgw_enable_gc_threads
226 - rgw_enable_quota_threads
227 with_legacy: true
228- name: rgw_data
229 type: str
230 level: advanced
231 desc: Alternative location for RGW configuration.
232 long_desc: If this is set, the different Ceph system configurables (such as the keyring file will be located in the path that is specified here.
233 fmt_desc: Sets the location of the data files for Ceph RADOS Gateway.
234 default: /var/lib/ceph/radosgw/$cluster-$id
235 services:
236 - rgw
237 flags:
238 - no_mon_update
239 with_legacy: true
240- name: rgw_enable_apis
241 type: str
242 level: advanced
243 desc: A list of set of RESTful APIs that rgw handles.
244 fmt_desc: |
245 Enables the specified APIs.
246
247 .. note:: Enabling the ``s3`` API is a requirement for
248 any ``radosgw`` instance that is meant to
249 participate in a `multi-site <../multisite>`_
250 configuration.
251 default: s3, s3website, swift, swift_auth, admin, sts, iam, notifications
252 services:
253 - rgw
254 with_legacy: true
255- name: rgw_cache_enabled
256 type: bool
257 level: advanced
258 desc: Enable RGW metadata cache.
259 long_desc: The metadata cache holds metadata entries that RGW requires for processing
260 requests. Metadata entries can be user info, bucket info, and bucket instance
261 info. If not found in the cache, entries will be fetched from the backing RADOS
262 store.
263 fmt_desc: Whether the Ceph Object Gateway cache is enabled.
264 default: true
265 services:
266 - rgw
267 see_also:
268 - rgw_cache_lru_size
269 with_legacy: true
270- name: rgw_cache_lru_size
271 type: int
272 level: advanced
273 desc: Max number of items in RGW metadata cache.
274 long_desc: When full, the RGW metadata cache evicts least recently used entries.
275 fmt_desc: The number of entries in the Ceph Object Gateway cache.
276 default: 10000
277 services:
278 - rgw
279 see_also:
280 - rgw_cache_enabled
281 with_legacy: true
282- name: rgw_dns_name
283 type: str
284 level: advanced
285 desc: The host name that RGW uses.
286 long_desc: This is Needed for virtual hosting of buckets to work properly, unless
287 configured via zonegroup configuration.
288 fmt_desc: The DNS name of the served domain. See also the ``hostnames`` setting within regions.
289 services:
290 - rgw
291 with_legacy: true
292- name: rgw_dns_s3website_name
293 type: str
294 level: advanced
295 desc: The host name that RGW uses for static websites (S3)
296 long_desc: This is needed for virtual hosting of buckets, unless configured via
297 zonegroup configuration.
298 services:
299 - rgw
300 with_legacy: true
301- name: rgw_numa_node
302 type: int
303 level: advanced
304 desc: set rgw's cpu affinity to a numa node (-1 for none)
305 default: -1
306 services:
307 - rgw
308 flags:
309 - startup
310- name: rgw_service_provider_name
311 type: str
312 level: advanced
313 desc: Service provider name which is contained in http response headers
314 long_desc: As S3 or other cloud storage providers do, http response headers should
315 contain the name of the provider. This name will be placed in http header 'Server'.
316 services:
317 - rgw
318 with_legacy: true
319- name: rgw_content_length_compat
320 type: bool
321 level: advanced
322 desc: Multiple content length headers compatibility
323 long_desc: Try to handle requests with abiguous multiple content length headers
324 (Content-Length, Http-Content-Length).
325 fmt_desc: Enable compatibility handling of FCGI requests with both ``CONTENT_LENGTH``
326 and ``HTTP_CONTENT_LENGTH`` set.
327 default: false
328 services:
329 - rgw
330 with_legacy: true
331- name: rgw_relaxed_region_enforcement
332 type: bool
333 level: advanced
334 desc: Disable region constraint enforcement
335 long_desc: Enable requests such as bucket creation to succeed irrespective of region
336 restrictions (Jewel compat).
337 default: false
338 services:
339 - rgw
340- name: rgw_lifecycle_work_time
341 type: str
342 level: advanced
343 desc: Lifecycle allowed work time
344 long_desc: Local time window in which the lifecycle maintenance thread can work.
345 default: 00:00-06:00
346 services:
347 - rgw
348 with_legacy: true
349- name: rgw_lc_lock_max_time
350 type: int
351 level: dev
352 default: 90
353 services:
354 - rgw
355 with_legacy: true
356- name: rgw_lc_thread_delay
357 type: int
358 level: advanced
359 desc: Delay after processing of bucket listing chunks (i.e., per 1000 entries) in
360 milliseconds
361 default: 0
362 services:
363 - rgw
364- name: rgw_lc_max_worker
365 type: int
366 level: advanced
367 desc: Number of LCWorker tasks that will be run in parallel
368 long_desc: Number of LCWorker tasks that will run in parallel--used to permit >1
369 bucket/index shards to be processed simultaneously
370 fmt_desc: This option specifies the number of lifecycle worker threads
371 to run in parallel, thereby processing bucket and index
372 shards simultaneously.
373 default: 3
374 services:
375 - rgw
376 with_legacy: true
377- name: rgw_lc_max_wp_worker
378 type: int
379 level: advanced
380 desc: Number of workpool threads per LCWorker
381 long_desc: Number of threads in per-LCWorker workpools--used to accelerate per-bucket
382 processing
383 fmt_desc: This option specifies the number of threads in each lifecycle
384 workers work pool. This option can help accelerate processing each bucket.
385 default: 3
386 services:
387 - rgw
388 with_legacy: true
389- name: rgw_lc_max_objs
390 type: int
391 level: advanced
392 desc: Number of lifecycle data shards
393 long_desc: Number of RADOS objects to use for storing lifecycle index. This affects
394 concurrency of lifecycle maintenance, as shards can be processed in parallel.
395 default: 32
396 services:
397 - rgw
398 with_legacy: true
399- name: rgw_lc_max_rules
400 type: uint
401 level: advanced
402 desc: Max number of lifecycle rules set on one bucket
403 long_desc: Number of lifecycle rules set on one bucket should be limited.
404 default: 1000
405 services:
406 - rgw
407 with_legacy: true
408- name: rgw_lc_debug_interval
409 type: int
410 level: dev
411 desc: The number of seconds that simulate one "day" in order to debug RGW LifeCycle.
412 Do *not* modify for a production cluster.
413 long_desc: For debugging RGW LifeCycle, the number of seconds that are equivalent to
414 one simulated "day". Values less than 1 are ignored and do not change LifeCycle behavior.
415 For example, during debugging if one wanted every 10 minutes to be equivalent to one day,
416 then this would be set to 600, the number of seconds in 10 minutes.
417 default: -1
418 services:
419 - rgw
420 with_legacy: true
421- name: rgw_mp_lock_max_time
422 type: int
423 level: advanced
424 desc: Multipart upload max completion time
425 long_desc: Time length to allow completion of a multipart upload operation. This
426 is done to prevent concurrent completions on the same object with the same upload
427 id.
428 default: 10_min
429 services:
430 - rgw
431- name: rgw_script_uri
432 type: str
433 level: dev
434 fmt_desc: The alternative value for the ``SCRIPT_URI`` if not set
435 in the request.
436 services:
437 - rgw
438 with_legacy: true
439- name: rgw_request_uri
440 type: str
441 level: dev
442 fmt_desc: The alternative value for the ``REQUEST_URI`` if not set
443 in the request.
444 services:
445 - rgw
446 with_legacy: true
447- name: rgw_ignore_get_invalid_range
448 type: bool
449 level: advanced
450 desc: Treat invalid (e.g., negative) range request as full
451 long_desc: Treat invalid (e.g., negative) range request as request for the full
452 object (AWS compatibility)
453 default: false
454 services:
455 - rgw
456 with_legacy: true
457- name: rgw_swift_url
458 type: str
459 level: advanced
460 desc: Swift-auth storage URL
461 long_desc: Used in conjunction with rgw internal swift authentication. This affects
462 the X-Storage-Url response header value.
463 fmt_desc: The URL for the Ceph Object Gateway Swift API.
464 services:
465 - rgw
466 see_also:
467 - rgw_swift_auth_entry
468 with_legacy: true
469- name: rgw_swift_url_prefix
470 type: str
471 level: advanced
472 desc: Swift URL prefix
473 long_desc: The URL path prefix for swift requests.
474 fmt_desc: |
475 The URL prefix for the Swift API, to distinguish it from
476 the S3 API endpoint. The default is ``swift``, which
477 makes the Swift API available at the URL
478 ``http://host:port/swift/v1`` (or
479 ``http://host:port/swift/v1/AUTH_%(tenant_id)s`` if
480 ``rgw swift account in url`` is enabled).
481
482 For compatibility, setting this configuration variable
483 to the empty string causes the default ``swift`` to be
484 used; if you do want an empty prefix, set this option to
485 ``/``.
486
487 .. warning:: If you set this option to ``/``, you must
488 disable the S3 API by modifying ``rgw
489 enable apis`` to exclude ``s3``. It is not
490 possible to operate radosgw with ``rgw
491 swift url prefix = /`` and simultaneously
492 support both the S3 and Swift APIs. If you
493 do need to support both APIs without
494 prefixes, deploy multiple radosgw instances
495 to listen on different hosts (or ports)
496 instead, enabling some for S3 and some for
497 Swift.
498 example: /swift-testing
499 default: swift
500 services:
501 - rgw
502 with_legacy: true
503- name: rgw_swift_auth_url
504 type: str
505 level: advanced
506 desc: Swift auth URL
507 long_desc: Default url to which RGW connects and verifies tokens for v1 auth (if
508 not using internal swift auth).
509 services:
510 - rgw
511 with_legacy: true
512- name: rgw_swift_auth_entry
513 type: str
514 level: advanced
515 desc: Swift auth URL prefix
516 long_desc: URL path prefix for internal swift auth requests.
517 fmt_desc: The entry point for a Swift auth URL.
518 default: auth
519 services:
520 - rgw
521 see_also:
522 - rgw_swift_url
523 with_legacy: true
524- name: rgw_swift_tenant_name
525 type: str
526 level: advanced
527 desc: Swift tenant name
528 long_desc: Tenant name that is used when constructing the swift path.
529 services:
530 - rgw
531 see_also:
532 - rgw_swift_account_in_url
533 with_legacy: true
534- name: rgw_swift_account_in_url
535 type: bool
536 level: advanced
537 desc: Swift account encoded in URL
538 long_desc: Whether the swift account is encoded in the uri path (AUTH_<account>).
539 fmt_desc: |
540 Whether or not the Swift account name should be included
541 in the Swift API URL.
542 If set to ``false`` (the default), then the Swift API
543 will listen on a URL formed like
544 ``http://host:port/<rgw_swift_url_prefix>/v1``, and the
545 account name (commonly a Keystone project UUID if
546 radosgw is configured with `Keystone integration
547 <../keystone>`_) will be inferred from request
548 headers.
549 If set to ``true``, the Swift API URL will be
550 ``http://host:port/<rgw_swift_url_prefix>/v1/AUTH_<account_name>``
551 (or
552 ``http://host:port/<rgw_swift_url_prefix>/v1/AUTH_<keystone_project_id>``)
553 instead, and the Keystone ``object-store`` endpoint must
554 accordingly be configured to include the
555 ``AUTH_%(tenant_id)s`` suffix.
556 You **must** set this option to ``true`` (and update the
557 Keystone service catalog) if you want radosgw to support
558 publicly-readable containers and `temporary URLs
559 <../swift/tempurl>`_.
560 default: false
561 services:
562 - rgw
563 see_also:
564 - rgw_swift_tenant_name
565 with_legacy: true
566- name: rgw_swift_enforce_content_length
567 type: bool
568 level: advanced
569 desc: Send content length when listing containers (Swift)
570 long_desc: Whether content length header is needed when listing containers. When
571 this is set to false, RGW will send extra info for each entry in the response.
572 default: false
573 services:
574 - rgw
575 with_legacy: true
576- name: rgw_keystone_url
577 type: str
578 level: basic
579 desc: The URL to the Keystone server.
580 services:
581 - rgw
582 with_legacy: true
583- name: rgw_keystone_admin_token
584 type: str
585 level: advanced
586 desc: 'DEPRECATED: The admin token (shared secret) that is used for the Keystone
587 requests.'
588 fmt_desc: The Keystone admin token (shared secret). In Ceph RGW
589 authentication with the admin token has priority over
590 authentication with the admin credentials
591 (``rgw_keystone_admin_user``, ``rgw_keystone_admin_password``,
592 ``rgw_keystone_admin_tenant``, ``rgw_keystone_admin_project``,
593 ``rgw_keystone_admin_domain``). The Keystone admin token
594 has been deprecated, but can be used to integrate with
595 older environments. It is preferred to instead configure
596 ``rgw_keystone_admin_token_path`` to avoid exposing the token.
597 services:
598 - rgw
599 with_legacy: true
600- name: rgw_keystone_admin_token_path
601 type: str
602 level: advanced
603 desc: Path to a file containing the admin token (shared secret) that is used for
604 the Keystone requests.
605 fmt_desc: Path to a file containing the Keystone admin token
606 (shared secret). In Ceph RadosGW authentication with
607 the admin token has priority over authentication with
608 the admin credentials
609 (``rgw_keystone_admin_user``, ``rgw_keystone_admin_password``,
610 ``rgw_keystone_admin_tenant``, ``rgw_keystone_admin_project``,
611 ``rgw_keystone_admin_domain``).
612 The Keystone admin token has been deprecated, but can be
613 used to integrate with older environments.
614 services:
615 - rgw
616 with_legacy: true
617- name: rgw_keystone_admin_user
618 type: str
619 level: advanced
620 desc: Keystone admin user.
621 fmt_desc: The name of OpenStack user with admin privilege for Keystone
622 authentication (Service User) when using OpenStack Identity API v2
623 services:
624 - rgw
625 with_legacy: true
626- name: rgw_keystone_admin_password
627 type: str
628 level: advanced
629 desc: 'DEPRECATED: Keystone admin password.'
630 fmt_desc: The password for OpenStack admin user when using OpenStack
631 Identity API v2. It is preferred to instead configure
632 ``rgw_keystone_admin_password_path`` to avoid exposing the token.
633 services:
634 - rgw
635 with_legacy: true
636- name: rgw_keystone_admin_password_path
637 type: str
638 level: advanced
639 desc: Path to a file containing the Keystone admin password.
640 fmt_desc: Path to a file containing the password for OpenStack
641 admin user when using OpenStack Identity API v2.
642 services:
643 - rgw
644 with_legacy: true
645- name: rgw_keystone_admin_tenant
646 type: str
647 level: advanced
648 desc: Keystone admin user tenant.
649 fmt_desc: The name of OpenStack tenant with admin privilege (Service Tenant) when
650 using OpenStack Identity API v2
651 services:
652 - rgw
653 with_legacy: true
654- name: rgw_keystone_admin_project
655 type: str
656 level: advanced
657 desc: Keystone admin user project (for Keystone v3).
658 fmt_desc: The name of OpenStack project with admin privilege when using
659 OpenStack Identity API v3. If left unspecified, value of
660 ``rgw keystone admin tenant`` will be used instead.
661 services:
662 - rgw
663 with_legacy: true
664- name: rgw_keystone_admin_domain
665 type: str
666 level: advanced
667 desc: Keystone admin user domain (for Keystone v3).
668 fmt_desc: The name of OpenStack domain with admin privilege when using
669 OpenStack Identity API v3.
670 services:
671 - rgw
672 with_legacy: true
673- name: rgw_keystone_barbican_user
674 type: str
675 level: advanced
676 desc: Keystone user to access barbican secrets.
677 fmt_desc: The name of the OpenStack user with access to the `Barbican`_
678 secrets used for `Encryption`_.
679 services:
680 - rgw
681 with_legacy: true
682- name: rgw_keystone_barbican_password
683 type: str
684 level: advanced
685 desc: Keystone password for barbican user.
686 fmt_desc: The password associated with the `Barbican`_ user.
687 services:
688 - rgw
689 with_legacy: true
690- name: rgw_keystone_barbican_tenant
691 type: str
692 level: advanced
693 desc: Keystone barbican user tenant (Keystone v2.0).
694 fmt_desc: The name of the OpenStack tenant associated with the `Barbican`_
695 user when using OpenStack Identity API v2.
696 services:
697 - rgw
698 with_legacy: true
699- name: rgw_keystone_barbican_project
700 type: str
701 level: advanced
702 desc: Keystone barbican user project (Keystone v3).
703 fmt_desc: The name of the OpenStack project associated with the `Barbican`_
704 user when using OpenStack Identity API v3.
705 services:
706 - rgw
707 with_legacy: true
708- name: rgw_keystone_barbican_domain
709 type: str
710 level: advanced
711 desc: Keystone barbican user domain.
712 fmt_desc: The name of the OpenStack domain associated with the `Barbican`_
713 user when using OpenStack Identity API v3.
714 services:
715 - rgw
716 with_legacy: true
717- name: rgw_keystone_api_version
718 type: int
719 level: advanced
720 desc: Version of Keystone API to use (2 or 3).
721 fmt_desc: The version (2 or 3) of OpenStack Identity API that should be
722 used for communication with the Keystone server.
723 default: 2
724 services:
725 - rgw
726 with_legacy: true
727- name: rgw_keystone_accepted_roles
728 type: str
729 level: advanced
730 desc: Only users with one of these roles will be served when doing Keystone authentication.
731 fmt_desc: The roles required to serve requests.
732 default: Member, admin
733 services:
734 - rgw
735 with_legacy: true
736- name: rgw_keystone_accepted_admin_roles
737 type: str
738 level: advanced
739 desc: List of roles allowing user to gain admin privileges (Keystone).
740 services:
741 - rgw
742 with_legacy: true
743- name: rgw_keystone_token_cache_size
744 type: int
745 level: advanced
746 desc: Keystone token cache size
747 long_desc: Max number of Keystone tokens that will be cached. Token that is not
748 cached requires RGW to access the Keystone server when authenticating.
749 fmt_desc: The maximum number of entries in each Keystone token cache.
750 default: 10000
751 services:
752 - rgw
753 with_legacy: true
754- name: rgw_keystone_verify_ssl
755 type: bool
756 level: advanced
757 desc: Should RGW verify the Keystone server SSL certificate.
758 fmt_desc: Verify SSL certificates while making token requests to keystone.
759 default: true
760 services:
761 - rgw
762 with_legacy: true
763- name: rgw_keystone_implicit_tenants
764 type: str
765 level: advanced
766 desc: RGW Keystone implicit tenants creation
767 long_desc: Implicitly create new users in their own tenant with the same name when
768 authenticating via Keystone. Can be limited to s3 or swift only.
769 default: 'false'
770 services:
771 - rgw
772 enum_values:
773 - 'false'
774 - 'true'
775 - swift
776 - s3
777 - both
778 - '0'
779 - '1'
780 - none
781 with_legacy: true
782- name: rgw_cross_domain_policy
783 type: str
784 level: advanced
785 desc: RGW handle cross domain policy
786 long_desc: Returned cross domain policy when accessing the crossdomain.xml resource
787 (Swift compatiility).
788 default: <allow-access-from domain="*" secure="false" />
789 services:
790 - rgw
791 with_legacy: true
792- name: rgw_healthcheck_disabling_path
793 type: str
794 level: dev
795 desc: Swift health check api can be disabled if a file can be accessed in this path.
796 services:
797 - rgw
798 with_legacy: true
799- name: rgw_s3_auth_use_rados
800 type: bool
801 level: advanced
802 desc: Should S3 authentication use credentials stored in RADOS backend.
803 default: true
804 services:
805 - rgw
806 with_legacy: true
807- name: rgw_s3_auth_use_keystone
808 type: bool
809 level: advanced
810 desc: Should S3 authentication use Keystone.
811 default: false
812 services:
813 - rgw
814 with_legacy: true
815- name: rgw_s3_auth_order
816 type: str
817 level: advanced
818 desc: Authentication strategy order to use for s3 authentication
819 long_desc: Order of authentication strategies to try for s3 authentication, the
820 allowed options are a comma separated list of engines external, local. The default
821 order is to try all the externally configured engines before attempting local
822 rados based authentication
823 default: sts, external, local
824 services:
825 - rgw
826 with_legacy: true
827- name: rgw_barbican_url
828 type: str
829 level: advanced
830 desc: URL to barbican server.
831 fmt_desc: The URL for the Barbican server.
832 services:
833 - rgw
834 with_legacy: true
835# OpenLDAP-style LDAP parameter strings
836- name: rgw_ldap_uri
837 type: str
838 level: advanced
839 desc: Space-separated list of LDAP servers in URI format.
840 default: ldaps://<ldap.your.domain>
841 services:
842 - rgw
843 with_legacy: true
844- name: rgw_ldap_binddn
845 type: str
846 level: advanced
847 desc: LDAP entry RGW will bind with (user match).
848 default: uid=admin,cn=users,dc=example,dc=com
849 services:
850 - rgw
851 with_legacy: true
852- name: rgw_ldap_searchdn
853 type: str
854 level: advanced
855 desc: LDAP search base (basedn).
856 default: cn=users,cn=accounts,dc=example,dc=com
857 services:
858 - rgw
859 with_legacy: true
860- name: rgw_ldap_dnattr
861 type: str
862 level: advanced
863 desc: LDAP attribute containing RGW user names (to form binddns).
864 default: uid
865 services:
866 - rgw
867 with_legacy: true
868- name: rgw_ldap_secret
869 type: str
870 level: advanced
871 desc: Path to file containing credentials for rgw_ldap_binddn.
872 default: /etc/openldap/secret
873 services:
874 - rgw
875 with_legacy: true
876- name: rgw_s3_auth_use_ldap
877 type: bool
878 level: advanced
879 desc: Should S3 authentication use LDAP.
880 default: false
881 services:
882 - rgw
883 with_legacy: true
884- name: rgw_ldap_searchfilter
885 type: str
886 level: advanced
887 desc: LDAP search filter.
888 services:
889 - rgw
890 with_legacy: true
891- name: rgw_opa_url
892 type: str
893 level: advanced
894 desc: URL to OPA server.
895 services:
896 - rgw
897 with_legacy: true
898- name: rgw_opa_token
899 type: str
900 level: advanced
901 desc: The Bearer token OPA uses to authenticate client requests.
902 services:
903 - rgw
904 with_legacy: true
905- name: rgw_opa_verify_ssl
906 type: bool
907 level: advanced
908 desc: Should RGW verify the OPA server SSL certificate.
909 default: true
910 services:
911 - rgw
912 with_legacy: true
913- name: rgw_use_opa_authz
914 type: bool
915 level: advanced
916 desc: Should OPA be used to authorize client requests.
917 default: false
918 services:
919 - rgw
920 with_legacy: true
921- name: rgw_admin_entry
922 type: str
923 level: advanced
924 desc: Path prefix to be used for accessing RGW RESTful admin API.
925 fmt_desc: The entry point for an admin request URL.
926 default: admin
927 services:
928 - rgw
929 with_legacy: true
930- name: rgw_enforce_swift_acls
931 type: bool
932 level: advanced
933 desc: RGW enforce swift acls
934 long_desc: Should RGW enforce special Swift-only ACLs. Swift has a special ACL that
935 gives permission to access all objects in a container.
936 fmt_desc: Enforces the Swift Access Control List (ACL) settings.
937 default: true
938 services:
939 - rgw
940 with_legacy: true
941- name: rgw_swift_token_expiration
942 type: int
943 level: advanced
944 desc: Expiration time (in seconds) for token generated through RGW Swift auth.
945 fmt_desc: The time in seconds for expiring a Swift token.
946 default: 1_day
947 services:
948 - rgw
949 with_legacy: true
950- name: rgw_print_continue
951 type: bool
952 level: advanced
953 desc: RGW support of 100-continue
954 long_desc: Should RGW explicitly send 100 (continue) responses. This is mainly relevant
955 when using FastCGI, as some FastCGI modules do not fully support this feature.
956 fmt_desc: Enable ``100-continue`` if it is operational.
957 default: true
958 services:
959 - rgw
960 with_legacy: true
961- name: rgw_print_prohibited_content_length
962 type: bool
963 level: advanced
964 desc: RGW RFC-7230 compatibility
965 long_desc: Specifies whether RGW violates RFC 7230 and sends Content-Length with
966 204 or 304 statuses.
967 default: false
968 services:
969 - rgw
970 with_legacy: true
971- name: rgw_remote_addr_param
972 type: str
973 level: advanced
974 desc: HTTP header that holds the remote address in incoming requests.
975 long_desc: RGW will use this header to extract requests origin. When RGW runs behind
976 a reverse proxy, the remote address header will point at the proxy's address and
977 not at the originator's address. Therefore it is sometimes possible to have the
978 proxy add the originator's address in a separate HTTP header, which will allow
979 RGW to log it correctly.
980 fmt_desc: The remote address parameter. For example, the HTTP field
981 containing the remote address, or the ``X-Forwarded-For``
982 address if a reverse proxy is operational.
983 default: REMOTE_ADDR
984 services:
985 - rgw
986 see_also:
987 - rgw_enable_ops_log
988 with_legacy: true
989- name: rgw_op_thread_timeout
990 type: int
991 level: dev
992 desc: Timeout for async rados coroutine operations.
993 fmt_desc: The timeout in seconds for open threads.
994 default: 10_min
995 services:
996 - rgw
997 with_legacy: true
998- name: rgw_op_thread_suicide_timeout
999 type: int
1000 level: dev
1001 default: 0
1002 fmt_desc: The time ``timeout`` in seconds before a Ceph Object Gateway
1003 process dies. Disabled if set to ``0``.
1004 services:
1005 - rgw
1006 with_legacy: true
1007- name: rgw_thread_pool_size
1008 type: int
1009 level: basic
1010 desc: RGW requests handling thread pool size.
1011 long_desc: This parameter determines the number of concurrent requests RGW can process
1012 when using either the civetweb, or the fastcgi frontends. The higher this number
1013 is, RGW will be able to deal with more concurrent requests at the cost of more
1014 resource utilization.
1015 fmt_desc: The size of the thread pool.
1016 default: 512
1017 services:
1018 - rgw
1019 with_legacy: true
1020- name: rgw_num_control_oids
1021 type: int
1022 level: advanced
1023 desc: Number of control objects used for cross-RGW communication.
1024 long_desc: RGW uses certain control objects to send messages between different RGW
1025 processes running on the same zone. These messages include metadata cache invalidation
1026 info that is being sent when metadata is modified (such as user or bucket information).
1027 A higher number of control objects allows better concurrency of these messages,
1028 at the cost of more resource utilization.
1029 fmt_desc: The number of notification objects used for cache synchronization
1030 between different ``rgw`` instances.
1031 default: 8
1032 services:
1033 - rgw
1034 with_legacy: true
1035- name: rgw_verify_ssl
1036 type: bool
1037 level: advanced
1038 desc: Should RGW verify SSL when connecing to a remote HTTP server
1039 long_desc: RGW can send requests to other RGW servers (e.g., in multi-site sync
1040 work). This configurable selects whether RGW should verify the certificate for
1041 the remote peer and host.
1042 fmt_desc: Verify SSL certificates while making requests.
1043 default: true
1044 services:
1045 - rgw
1046 see_also:
1047 - rgw_keystone_verify_ssl
1048 with_legacy: true
1049# The following are tunables for caches of RGW NFS (and other file
1050# client) objects.
1051#
1052# The file handle cache is a partitioned hash table
1053# (fhcache_partitions), each with a closed hash part and backing
1054# b-tree mapping. The number of partions is expected to be a small
1055# prime, the cache size something larger but less than 5K, the total
1056# size of the cache is n_part * cache_size.
1057- name: rgw_nfs_lru_lanes
1058 type: int
1059 level: advanced
1060 default: 5
1061 services:
1062 - rgw
1063 with_legacy: true
1064- name: rgw_nfs_lru_lane_hiwat
1065 type: int
1066 level: advanced
1067 default: 911
1068 services:
1069 - rgw
1070 with_legacy: true
1071- name: rgw_nfs_fhcache_partitions
1072 type: int
1073 level: advanced
1074 default: 3
1075 services:
1076 - rgw
1077 with_legacy: true
1078- name: rgw_nfs_fhcache_size
1079 type: int
1080 level: advanced
1081 default: 2017
1082 services:
1083 - rgw
1084 with_legacy: true
1085- name: rgw_nfs_namespace_expire_secs
1086 type: int
1087 level: advanced
1088 default: 5_min
1089 services:
1090 - rgw
1091 min: 1
1092 with_legacy: true
1093- name: rgw_nfs_max_gc
1094 type: int
1095 level: advanced
1096 default: 5_min
1097 services:
1098 - rgw
1099 min: 1
1100 with_legacy: true
1101- name: rgw_nfs_write_completion_interval_s
1102 type: int
1103 level: advanced
1104 default: 10
1105 services:
1106 - rgw
1107 with_legacy: true
1108# use fast S3 attrs from bucket index--currently assumes NFS mounts are immutable
1109- name: rgw_nfs_s3_fast_attrs
1110 type: bool
1111 level: advanced
1112 desc: use fast S3 attrs from bucket index (immutable only)
1113 long_desc: use fast S3 attrs from bucket index (assumes NFS mounts are immutable)
1114 default: false
1115 services:
1116 - rgw
1117 with_legacy: true
1118# overrides for librgw/nfs
1119- name: rgw_nfs_run_gc_threads
1120 type: bool
1121 level: advanced
1122 desc: run GC threads in librgw (default off)
1123 default: false
1124 services:
1125 - rgw
1126 with_legacy: true
1127- name: rgw_nfs_run_lc_threads
1128 type: bool
1129 level: advanced
1130 desc: run lifecycle threads in librgw (default off)
1131 default: false
1132 services:
1133 - rgw
1134 with_legacy: true
1135- name: rgw_nfs_run_quota_threads
1136 type: bool
1137 level: advanced
1138 desc: run quota threads in librgw (default off)
1139 default: false
1140 services:
1141 - rgw
1142 with_legacy: true
1143- name: rgw_nfs_run_sync_thread
1144 type: bool
1145 level: advanced
1146 desc: run sync thread in librgw (default off)
1147 default: false
1148 services:
1149 - rgw
1150 with_legacy: true
1151- name: rgw_rados_pool_autoscale_bias
1152 type: float
1153 level: advanced
1154 desc: pg_autoscale_bias value for RGW metadata (omap-heavy) pools
1155 default: 4
1156 services:
1157 - rgw
1158 min: 0.01
1159 max: 100000
20effc67
TL		 1160- name: rgw_rados_pool_recovery_priority
1161 type: uint
1162 level: advanced
1163 desc: recovery_priority value for RGW metadata (omap-heavy) pools
1164 default: 5
1165 services:
1166 - rgw
1167 min: -10
1168 max: 10
1169- name: rgw_zone
1170 type: str
1171 level: advanced
1172 desc: Zone name
1173 fmt_desc: The name of the zone for the gateway instance. If no zone is
1174 set, a cluster-wide default can be configured with the command
1175 ``radosgw-admin zone default``.
1176 services:
1177 - rgw
1178 see_also:
1179 - rgw_zonegroup
1180 - rgw_realm
1181 with_legacy: true
1182- name: rgw_zone_id
1183 type: str
1184 level: advanced
1185 desc: Zone ID
1186 services:
1187 - rgw
1188 see_also:
1189 - rgw_zone
1190 - rgw_zonegroup
1191 - rgw_realm
1192- name: rgw_zone_root_pool
1193 type: str
1194 level: advanced
1195 desc: Zone root pool name
1196 long_desc: The zone root pool, is the pool where the RGW zone configuration located.
1197 default: .rgw.root
1198 services:
1199 - rgw
1200 see_also:
1201 - rgw_zonegroup_root_pool
1202 - rgw_realm_root_pool
1203 - rgw_period_root_pool
1204 with_legacy: true
1205- name: rgw_default_zone_info_oid
1206 type: str
1207 level: advanced
1208 desc: Default zone info object id
1209 long_desc: Name of the RADOS object that holds the default zone information.
1210 default: default.zone
1211 services:
1212 - rgw
1213 with_legacy: true
1214- name: rgw_region
1215 type: str
1216 level: advanced
1217 desc: Region name
1218 long_desc: Obsolete config option. The rgw_zonegroup option should be used instead.
1219 services:
1220 - rgw
1221 see_also:
1222 - rgw_zonegroup
1223 with_legacy: true
1224- name: rgw_region_root_pool
1225 type: str
1226 level: advanced
1227 desc: Region root pool
1228 long_desc: Obsolete config option. The rgw_zonegroup_root_pool should be used instead.
1229 default: .rgw.root
1230 services:
1231 - rgw
1232 see_also:
1233 - rgw_zonegroup_root_pool
1234 with_legacy: true
1235- name: rgw_default_region_info_oid
1236 type: str
1237 level: advanced
1238 desc: Default region info object id
1239 long_desc: Obsolete config option. The rgw_default_zonegroup_info_oid should be
1240 used instead.
1241 default: default.region
1242 services:
1243 - rgw
1244 see_also:
1245 - rgw_default_zonegroup_info_oid
1246 with_legacy: true
1247- name: rgw_zonegroup
1248 type: str
1249 level: advanced
1250 desc: Zonegroup name
1251 fmt_desc: The name of the zonegroup for the gateway instance. If no
1252 zonegroup is set, a cluster-wide default can be configured with
1253 the command ``radosgw-admin zonegroup default``.
1254 services:
1255 - rgw
1256 see_also:
1257 - rgw_zone
1258 - rgw_realm
1259 with_legacy: true
1260- name: rgw_zonegroup_id
1261 type: str
1262 level: advanced
1263 desc: Zonegroup ID
1264 services:
1265 - rgw
1266 see_also:
1267 - rgw_zone
1268 - rgw_zonegroup
1269 - rgw_realm
1270- name: rgw_zonegroup_root_pool
1271 type: str
1272 level: advanced
1273 desc: Zonegroup root pool
1274 long_desc: The zonegroup root pool, is the pool where the RGW zonegroup configuration
1275 located.
1276 default: .rgw.root
1277 services:
1278 - rgw
1279 see_also:
1280 - rgw_zone_root_pool
1281 - rgw_realm_root_pool
1282 - rgw_period_root_pool
1283 with_legacy: true
1284- name: rgw_default_zonegroup_info_oid
1285 type: str
1286 level: advanced
1287 default: default.zonegroup
1288 services:
1289 - rgw
1290 with_legacy: true
1291- name: rgw_realm
1292 type: str
1293 level: advanced
1294 fmt_desc: The name of the realm for the gateway instance. If no realm is
1295 set, a cluster-wide default can be configured with the command
1296 ``radosgw-admin realm default``.
1297 services:
1298 - rgw
1299 with_legacy: true
1300- name: rgw_realm_id
1301 type: str
1302 level: advanced
1303 services:
1304 - rgw
1305- name: rgw_realm_root_pool
1306 type: str
1307 level: advanced
1308 desc: Realm root pool
1309 long_desc: The realm root pool, is the pool where the RGW realm configuration located.
1310 default: .rgw.root
1311 services:
1312 - rgw
1313 see_also:
1314 - rgw_zonegroup_root_pool
1315 - rgw_zone_root_pool
1316 - rgw_period_root_pool
1317 with_legacy: true
1318- name: rgw_default_realm_info_oid
1319 type: str
1320 level: advanced
1321 default: default.realm
1322 services:
1323 - rgw
1324 with_legacy: true
1325- name: rgw_period_root_pool
1326 type: str
1327 level: advanced
1328 desc: Period root pool
1329 long_desc: The period root pool, is the pool where the RGW period configuration
1330 located.
1331 default: .rgw.root
1332 services:
1333 - rgw
1334 see_also:
1335 - rgw_zonegroup_root_pool
1336 - rgw_zone_root_pool
1337 - rgw_realm_root_pool
1338 with_legacy: true
1339- name: rgw_period_latest_epoch_info_oid
1340 type: str
1341 level: dev
1342 default: .latest_epoch
1343 services:
1344 - rgw
1345 with_legacy: true
1346- name: rgw_log_nonexistent_bucket
1347 type: bool
1348 level: advanced
1349 desc: Should RGW log operations on bucket that does not exist
1350 long_desc: This config option applies to the ops log. When this option is set, the
1351 ops log will log operations that are sent to non existing buckets. These operations
1352 inherently fail, and do not correspond to a specific user.
1353 fmt_desc: Enables Ceph Object Gateway to log a request for a non-existent
1354 bucket.
1355 default: false
1356 services:
1357 - rgw
1358 see_also:
1359 - rgw_enable_ops_log
1360 with_legacy: true
1361# man date to see codes (a subset are supported)
1362- name: rgw_log_object_name
1363 type: str
1364 level: advanced
1365 desc: Ops log object name format
1366 long_desc: Defines the format of the RADOS objects names that ops log uses to store
1367 ops log data
1368 fmt_desc: The logging format for an object name. See ma npage
1369 :manpage:`date` for details about format specifiers.
1370 default: '%Y-%m-%d-%H-%i-%n'
1371 services:
1372 - rgw
1373 see_also:
1374 - rgw_enable_ops_log
1375 with_legacy: true
1376- name: rgw_log_object_name_utc
1377 type: bool
1378 level: advanced
1379 desc: Should ops log object name based on UTC
1380 long_desc: If set, the names of the RADOS objects that hold the ops log data will
1381 be based on UTC time zone. If not set, it will use the local time zone.
1382 fmt_desc: Whether a logged object name includes a UTC time.
1383 If ``false``, it uses the local time.
1384 default: false
1385 services:
1386 - rgw
1387 see_also:
1388 - rgw_enable_ops_log
1389 - rgw_log_object_name
1390 with_legacy: true
1391- name: rgw_usage_max_shards
1392 type: int
1393 level: advanced
1394 desc: Number of shards for usage log.
1395 long_desc: The number of RADOS objects that RGW will use in order to store the usage
1396 log data.
1397 fmt_desc: The maximum number of shards for usage logging.
1398 default: 32
1399 services:
1400 - rgw
1401 see_also:
1402 - rgw_enable_usage_log
1403 with_legacy: true
1404- name: rgw_usage_max_user_shards
1405 type: int
1406 level: advanced
1407 desc: Number of shards for single user in usage log
1408 long_desc: The number of shards that a single user will span over in the usage log.
1409 fmt_desc: The maximum number of shards used for a single user's
1410 usage logging.
1411 default: 1
1412 services:
1413 - rgw
1414 see_also:
1415 - rgw_enable_usage_log
1416 min: 1
1417 with_legacy: true
1418# enable logging every rgw operation
1419- name: rgw_enable_ops_log
1420 type: bool
1421 level: advanced
1422 desc: Enable ops log
1423 fmt_desc: Enable logging for each successful Ceph Object Gateway operation.
1424 default: false
1425 services:
1426 - rgw
1427 see_also:
1428 - rgw_log_nonexistent_bucket
1429 - rgw_log_object_name
1430 - rgw_ops_log_rados
1431 - rgw_ops_log_socket_path
1432 - rgw_ops_log_file_path
1433 with_legacy: true
1434# enable logging bandwidth usage
1435- name: rgw_enable_usage_log
1436 type: bool
1437 level: advanced
1438 desc: Enable the usage log
1439 default: false
1440 services:
1441 - rgw
1442 see_also:
1443 - rgw_usage_max_shards
1444 with_legacy: true
1445# whether ops log should go to rados
1446- name: rgw_ops_log_rados
1447 type: bool
1448 level: advanced
1449 desc: Use RADOS for ops log
1450 long_desc: If set, RGW will store ops log information in RADOS.
1451 fmt_desc: Whether the operations log should be written to the
1452 Ceph Storage Cluster backend.
1453 default: true
1454 services:
1455 - rgw
1456 see_also:
1457 - rgw_enable_ops_log
1458 with_legacy: true
1459# path to unix domain socket where ops log can go
1460- name: rgw_ops_log_socket_path
1461 type: str
1462 level: advanced
1463 desc: Unix domain socket path for ops log.
1464 long_desc: Path to unix domain socket that RGW will listen for connection on. When
1465 connected, RGW will send ops log data through it.
1466 fmt_desc: The Unix domain socket for writing operations logs.
1467 services:
1468 - rgw
1469 see_also:
1470 - rgw_enable_ops_log
1471 - rgw_ops_log_data_backlog
1472 with_legacy: true
1473# path to file where ops log can go
1474- name: rgw_ops_log_file_path
1475 type: str
1476 level: advanced
1477 desc: File-system path for ops log.
1478 long_desc: Path to file that RGW will log ops logs to.
1479 fmt_desc: The file-system path for writing operations logs.
1480 services:
1481 - rgw
1482 see_also:
1483 - rgw_enable_ops_log
1484 with_legacy: true
1485# max data backlog for ops log
1486- name: rgw_ops_log_data_backlog
1487 type: size
1488 level: advanced
1489 desc: Ops log socket backlog
1490 long_desc: Maximum amount of data backlog that RGW can keep when ops log is configured
1491 to send info through unix domain socket. When data backlog is higher than this,
1492 ops log entries will be lost. In order to avoid ops log information loss, the
1493 listener needs to clear data (by reading it) quickly enough.
1494 fmt_desc: The maximum data backlog data size for operations logs written
1495 to a Unix domain socket.
1496 default: 5_M
1497 services:
1498 - rgw
1499 see_also:
1500 - rgw_enable_ops_log
1501 - rgw_ops_log_socket_path
1502 with_legacy: true
1503- name: rgw_usage_log_flush_threshold
1504 type: int
1505 level: advanced
1506 desc: Number of entries in usage log before flushing
1507 long_desc: This is the max number of entries that will be held in the usage log,
1508 before it will be flushed to the backend. Note that the usage log is periodically
1509 flushed, even if number of entries does not reach this threshold. A usage log
1510 entry corresponds to one or more operations on a single bucket.i
1511 fmt_desc: The number of dirty merged entries in the usage log before
1512 flushing synchronously.
1513 default: 1024
1514 services:
1515 - rgw
1516 see_also:
1517 - rgw_enable_usage_log
1518 - rgw_usage_log_tick_interval
1519 with_legacy: true
1520- name: rgw_usage_log_tick_interval
1521 type: int
1522 level: advanced
1523 desc: Number of seconds between usage log flush cycles
1524 long_desc: The number of seconds between consecutive usage log flushes. The usage
1525 log will also flush itself to the backend if the number of pending entries reaches
1526 a certain threshold.
1527 fmt_desc: Flush pending usage log data every ``n`` seconds.
1528 default: 30
1529 services:
1530 - rgw
1531 see_also:
1532 - rgw_enable_usage_log
1533 - rgw_usage_log_flush_threshold
1534 with_legacy: true
1535- name: rgw_init_timeout
1536 type: int
1537 level: basic
1538 desc: Initialization timeout
1539 long_desc: The time length (in seconds) that RGW will allow for its initialization.
1540 RGW process will give up and quit if initialization is not complete after this
1541 amount of time.
1542 fmt_desc: The number of seconds before Ceph Object Gateway gives up on
1543 initialization.
1544 default: 5_min
1545 services:
1546 - rgw
1547 with_legacy: true
1548- name: rgw_mime_types_file
1549 type: str
1550 level: basic
1551 desc: Path to local mime types file
1552 long_desc: The mime types file is needed in Swift when uploading an object. If object's
1553 content type is not specified, RGW will use data from this file to assign a content
1554 type to the object.
1555 fmt_desc: The path and location of the MIME-types file. Used for Swift
1556 auto-detection of object types.
1557 default: /etc/mime.types
1558 services:
1559 - rgw
1560 with_legacy: true
1561- name: rgw_gc_max_objs
1562 type: int
1563 level: advanced
1564 desc: Number of shards for garbage collector data
1565 long_desc: The number of garbage collector data shards, is the number of RADOS objects
1566 that RGW will use to store the garbage collection information on.
1567 fmt_desc: The maximum number of objects that may be handled by
1568 garbage collection in one garbage collection processing cycle.
1569 Please do not change this value after the first deployment.
1570 default: 32
1571 services:
1572 - rgw
1573 see_also:
1574 - rgw_gc_obj_min_wait
1575 - rgw_gc_processor_max_time
1576 - rgw_gc_processor_period
1577 - rgw_gc_max_concurrent_io
1578 with_legacy: true
1579# wait time before object may be handled by gc, recommended lower limit is 30 mins
1580- name: rgw_gc_obj_min_wait
1581 type: int
1582 level: advanced
1583 desc: Garbage collection object expiration time
1584 long_desc: The length of time (in seconds) that the RGW collector will wait before
1585 purging a deleted object's data. RGW will not remove object immediately, as object
1586 could still have readers. A mechanism exists to increase the object's expiration
1587 time when it's being read. The recommended value of its lower limit is 30 minutes
1588 fmt_desc: The minimum wait time before a deleted object may be removed
1589 and handled by garbage collection processing.
1590 default: 2_hr
1591 services:
1592 - rgw
1593 see_also:
1594 - rgw_gc_max_objs
1595 - rgw_gc_processor_max_time
1596 - rgw_gc_processor_period
1597 - rgw_gc_max_concurrent_io
1598 with_legacy: true
1599- name: rgw_gc_processor_max_time
1600 type: int
1601 level: advanced
1602 desc: Length of time GC processor can lease shard
1603 long_desc: Garbage collection thread in RGW process holds a lease on its data shards.
1604 These objects contain the information about the objects that need to be removed.
1605 RGW takes a lease in order to prevent multiple RGW processes from handling the
1606 same objects concurrently. This time signifies that maximum amount of time (in
1607 seconds) that RGW is allowed to hold that lease. In the case where RGW goes down
1608 uncleanly, this is the amount of time where processing of that data shard will
1609 be blocked.
1610 fmt_desc: The maximum time between the beginning of two consecutive garbage
1611 collection processing cycles.
1612 default: 1_hr
1613 services:
1614 - rgw
1615 see_also:
1616 - rgw_gc_max_objs
1617 - rgw_gc_obj_min_wait
1618 - rgw_gc_processor_period
1619 - rgw_gc_max_concurrent_io
1620 with_legacy: true
1621- name: rgw_gc_processor_period
1622 type: int
1623 level: advanced
1624 desc: Garbage collector cycle run time
1625 long_desc: The amount of time between the start of consecutive runs of the garbage
1626 collector threads. If garbage collector runs takes more than this period, it will
1627 not wait before running again.
1628 fmt_desc: The cycle time for garbage collection processing.
1629 default: 1_hr
1630 services:
1631 - rgw
1632 see_also:
1633 - rgw_gc_max_objs
1634 - rgw_gc_obj_min_wait
1635 - rgw_gc_processor_max_time
1636 - rgw_gc_max_concurrent_io
1637 - rgw_gc_max_trim_chunk
1638 with_legacy: true
1639- name: rgw_gc_max_concurrent_io
1640 type: int
1641 level: advanced
1642 desc: Max concurrent RADOS IO operations for garbage collection
1643 long_desc: The maximum number of concurrent IO operations that the RGW garbage collection
1644 thread will use when purging old data.
1645 default: 10
1646 services:
1647 - rgw
1648 see_also:
1649 - rgw_gc_max_objs
1650 - rgw_gc_obj_min_wait
1651 - rgw_gc_processor_max_time
1652 - rgw_gc_max_trim_chunk
1653 with_legacy: true
1654- name: rgw_gc_max_trim_chunk
1655 type: int
1656 level: advanced
1657 desc: Max number of keys to remove from garbage collector log in a single operation
1658 default: 16
1659 services:
1660 - rgw
1661 see_also:
1662 - rgw_gc_max_objs
1663 - rgw_gc_obj_min_wait
1664 - rgw_gc_processor_max_time
1665 - rgw_gc_max_concurrent_io
1666 with_legacy: true
1667- name: rgw_gc_max_deferred_entries_size
1668 type: uint
1669 level: advanced
1670 desc: maximum allowed size of deferred entries in queue head for gc
1671 default: 3_K
1672 services:
1673 - rgw
1674 with_legacy: true
1675- name: rgw_gc_max_queue_size
1676 type: uint
1677 level: advanced
1678 desc: Maximum allowed queue size for gc
1679 long_desc: The maximum allowed size of each gc queue, and its value should not be
1680 greater than (osd_max_object_size - rgw_gc_max_deferred_entries_size - 1K).
1681 default: 131068_K
1682 services:
1683 - rgw
1684 see_also:
1685 - osd_max_object_size
1686 - rgw_gc_max_deferred_entries_size
1687 with_legacy: true
1688- name: rgw_gc_max_deferred
1689 type: uint
1690 level: advanced
1691 desc: Number of maximum deferred data entries to be stored in queue for gc
1692 default: 50
1693 services:
1694 - rgw
1695 with_legacy: true
1696- name: rgw_s3_success_create_obj_status
1697 type: int
1698 level: advanced
1699 desc: HTTP return code override for object creation
1700 long_desc: If not zero, this is the HTTP return code that will be returned on a
1701 successful S3 object creation.
1702 fmt_desc: The alternate success status response for ``create-obj``.
1703 default: 0
1704 services:
1705 - rgw
1706 with_legacy: true
1707- name: rgw_s3_client_max_sig_ver
1708 type: int
1709 level: advanced
1710 desc: Max S3 authentication signature version
1711 long_desc: If greater than zero, would force max signature version to use
1712 default: -1
1713 services:
1714 - rgw
1715- name: rgw_resolve_cname
1716 type: bool
1717 level: advanced
1718 desc: Support vanity domain names via CNAME
1719 long_desc: If true, RGW will query DNS when detecting that it's serving a request
1720 that was sent to a host in another domain. If a CNAME record is configured for
1721 that domain it will use it instead. This gives user to have the ability of creating
1722 a unique domain of their own to point at data in their bucket.
1723 fmt_desc: Whether ``rgw`` should use DNS CNAME record of the request
1724 hostname field (if hostname is not equal to ``rgw dns name``).
1725 default: false
1726 services:
1727 - rgw
1728 with_legacy: true
1729- name: rgw_obj_stripe_size
1730 type: size
1731 level: advanced
1732 desc: RGW object stripe size
1733 long_desc: The size of an object stripe for RGW objects. This is the maximum size
1734 a backing RADOS object will have. RGW objects that are larger than this will span
1735 over multiple objects.
1736 fmt_desc: The size of an object stripe for Ceph Object Gateway objects.
1737 See `Architecture`_ for details on striping.
1738 default: 4_M
1739 services:
1740 - rgw
1741 with_legacy: true
1742# list of extended attrs that can be set on objects (beyond the default)
1743- name: rgw_extended_http_attrs
1744 type: str
1745 level: advanced
1746 desc: RGW support extended HTTP attrs
1747 long_desc: Add new set of attributes that could be set on an object. These extra
1748 attributes can be set through HTTP header fields when putting the objects. If
1749 set, these attributes will return as HTTP fields when doing GET/HEAD on the object.
1750 fmt_desc: Add new set of attributes that could be set on an entity
1751 (user, bucket or object). These extra attributes can be set
1752 through HTTP header fields when putting the entity or modifying
1753 it using POST method. If set, these attributes will return as
1754 HTTP fields when doing GET/HEAD on the entity.
1755 services:
1756 - rgw
1757 example: content_foo, content_bar, x-foo-bar
1758 with_legacy: true
1759- name: rgw_exit_timeout_secs
1760 type: int
1761 level: advanced
1762 desc: RGW shutdown timeout
1763 long_desc: Number of seconds to wait for a process before exiting unconditionally.
1764 default: 2_min
1765 services:
1766 - rgw
1767 with_legacy: true
1768- name: rgw_get_obj_window_size
1769 type: size
1770 level: advanced
1771 desc: RGW object read window size
1772 long_desc: The window size in bytes for a single object read request
1773 default: 16_M
1774 services:
1775 - rgw
1776 with_legacy: true
1777- name: rgw_get_obj_max_req_size
1778 type: size
1779 level: advanced
1780 desc: RGW object read chunk size
1781 long_desc: The maximum request size of a single object read operation sent to RADOS
1782 fmt_desc: The maximum request size of a single get operation sent to the
1783 Ceph Storage Cluster.
1784 default: 4_M
1785 services:
1786 - rgw
1787 with_legacy: true
1788- name: rgw_relaxed_s3_bucket_names
1789 type: bool
1790 level: advanced
1791 desc: RGW enable relaxed S3 bucket names
1792 long_desc: RGW enable relaxed S3 bucket name rules for US region buckets.
1793 fmt_desc: Enables relaxed S3 bucket names rules for US region buckets.
1794 default: false
1795 services:
1796 - rgw
1797 with_legacy: true
1798- name: rgw_defer_to_bucket_acls
1799 type: str
1800 level: advanced
1801 desc: Bucket ACLs override object ACLs
1802 long_desc: If not empty, a string that selects that mode of operation. 'recurse'
1803 will use bucket's ACL for the authorizaton. 'full-control' will allow users that
1804 users that have full control permission on the bucket have access to the object.
1805 services:
1806 - rgw
1807 with_legacy: true
1808- name: rgw_list_buckets_max_chunk
1809 type: int
1810 level: advanced
1811 desc: Max number of buckets to retrieve in a single listing operation
1812 long_desc: When RGW fetches lists of user's buckets from the backend, this is the
1813 max number of entries it will try to retrieve in a single operation. Note that
1814 the backend may choose to return a smaller number of entries.
1815 fmt_desc: The maximum number of buckets to retrieve in a single operation
1816 when listing user buckets.
1817 default: 1000
1818 services:
1819 - rgw
1820 with_legacy: true
1821- name: rgw_md_log_max_shards
1822 type: int
1823 level: advanced
1824 desc: RGW number of metadata log shards
1825 long_desc: The number of shards the RGW metadata log entries will reside in. This
1826 affects the metadata sync parallelism as a shard can only be processed by a single
1827 RGW at a time
1828 fmt_desc: The maximum number of shards for the metadata log.
1829 default: 64
1830 services:
1831 - rgw
1832 with_legacy: true
1833- name: rgw_curl_buffersize
1834 type: int
1835 level: dev
1836 long_desc: 'Pass a long specifying your preferred size (in bytes) for the receivebuffer
1837 in libcurl. See: https://curl.se/libcurl/c/CURLOPT_BUFFERSIZE.html'
1838 default: 524288
1839 services:
1840 - rgw
1841 min: 1024
1842 max: 524288
1843 with_legacy: true
1844- name: rgw_curl_wait_timeout_ms
1845 type: int
1846 level: dev
1847 default: 1000
1848 fmt_desc: The timeout in milliseconds for certain ``curl`` calls.
1849 services:
1850 - rgw
1851 with_legacy: true
1852- name: rgw_curl_low_speed_limit
1853 type: int
1854 level: advanced
1855 long_desc: It contains the average transfer speed in bytes per second that the transfer
1856 should be below during rgw_curl_low_speed_time seconds for libcurl to consider
1857 it to be too slow and abort. Set it zero to disable this.
1858 default: 1024
1859 services:
1860 - rgw
1861 with_legacy: true
1862- name: rgw_curl_low_speed_time
1863 type: int
1864 level: advanced
1865 long_desc: It contains the time in number seconds that the transfer speed should
1866 be below the rgw_curl_low_speed_limit for the library to consider it too slow
1867 and abort. Set it zero to disable this.
1868 default: 5_min
1869 services:
1870 - rgw
1871 with_legacy: true
1872- name: rgw_copy_obj_progress
1873 type: bool
1874 level: advanced
1875 desc: Send progress report through copy operation
1876 long_desc: If true, RGW will send progress information when copy operation is executed.
1877 fmt_desc: Enables output of object progress during long copy operations.
1878 default: true
1879 services:
1880 - rgw
1881 with_legacy: true
1882- name: rgw_copy_obj_progress_every_bytes
1883 type: size
1884 level: advanced
1885 desc: Send copy-object progress info after these many bytes
1886 fmt_desc: The minimum bytes between copy progress output.
1887 default: 1_M
1888 services:
1889 - rgw
1890 with_legacy: true
1891- name: rgw_sync_obj_etag_verify
1892 type: bool
1893 level: advanced
1894 desc: Verify if the object copied from remote is identical to its source
1895 long_desc: If true, this option computes the MD5 checksum of the data which is written
1896 at the destination and checks if it is identical to the ETAG stored in the source.
1897 It ensures integrity of the objects fetched from a remote server over HTTP including
1898 multisite sync.
1899 default: false
1900 services:
1901 - rgw
1902 with_legacy: true
1903- name: rgw_obj_tombstone_cache_size
1904 type: int
1905 level: advanced
1906 desc: Max number of entries to keep in tombstone cache
1907 long_desc: The tombstone cache is used when doing a multi-zone data sync. RGW keeps
1908 there information about removed objects which is needed in order to prevent re-syncing
1909 of objects that were already removed.
1910 default: 1000
1911 services:
1912 - rgw
1913 with_legacy: true
1914- name: rgw_data_log_window
1915 type: int
1916 level: advanced
1917 desc: Data log time window
1918 long_desc: The data log keeps information about buckets that have objectst that
1919 were modified within a specific timeframe. The sync process then knows which buckets
1920 are needed to be scanned for data sync.
1921 fmt_desc: The data log entries window in seconds.
1922 default: 30
1923 services:
1924 - rgw
1925 with_legacy: true
1926- name: rgw_data_log_changes_size
1927 type: int
1928 level: dev
1929 desc: Max size of pending changes in data log
1930 long_desc: RGW will trigger update to the data log if the number of pending entries
1931 reached this number.
1932 fmt_dsec: The number of in-memory entries to hold for the data changes log.
1933 default: 1000
1934 services:
1935 - rgw
1936 with_legacy: true
1937- name: rgw_data_log_num_shards
1938 type: int
1939 level: advanced
1940 desc: Number of data log shards
1941 long_desc: The number of shards the RGW data log entries will reside in. This affects
1942 the data sync parallelism as a shard can only be processed by a single RGW at
1943 a time.
1944 fmt_desc: The number of shards (objects) on which to keep the
1945 data changes log.
1946 default: 128
1947 services:
1948 - rgw
1949 with_legacy: true
1950- name: rgw_data_log_obj_prefix
1951 type: str
1952 level: dev
1953 default: data_log
1954 fmt_desc: The object name prefix for the data log.
1955 services:
1956 - rgw
1957 with_legacy: true
1958- name: rgw_bucket_quota_ttl
1959 type: int
1960 level: advanced
1961 desc: Bucket quota stats cache TTL
1962 long_desc: Length of time for bucket stats to be cached within RGW instance.
1963 fmt_desc: The amount of time in seconds cached quota information is
1964 trusted. After this timeout, the quota information will be
1965 re-fetched from the cluster.
1966 default: 10_min
1967 services:
1968 - rgw
1969 with_legacy: true
1970- name: rgw_bucket_quota_cache_size
1971 type: int
1972 level: advanced
1973 desc: RGW quota stats cache size
1974 long_desc: Maximum number of entries in the quota stats cache.
1975 default: 10000
1976 services:
1977 - rgw
1978 with_legacy: true
1979- name: rgw_bucket_default_quota_max_objects
1980 type: int
1981 level: basic
1982 desc: Default quota for max objects in a bucket
1983 long_desc: The default quota configuration for max number of objects in a bucket.
1984 A negative number means 'unlimited'.
1985 fmt_desc: Default max number of objects per bucket. Set on new users,
1986 if no other quota is specified. Has no effect on existing users.
1987 This variable should be set in the client or global sections
1988 so that it is automatically applied to radosgw-admin commands.
1989 default: -1
1990 services:
1991 - rgw
1992 with_legacy: true
1993- name: rgw_bucket_default_quota_max_size
1994 type: int
1995 level: advanced
1996 desc: Default quota for total size in a bucket
1997 long_desc: The default quota configuration for total size of objects in a bucket.
1998 A negative number means 'unlimited'.
1999 fmt_desc: Default max capacity per bucket, in bytes. Set on new users,
2000 if no other quota is specified. Has no effect on existing users.
2001 default: -1
2002 services:
2003 - rgw
2004 with_legacy: true
2005- name: rgw_expose_bucket
2006 type: bool
2007 level: advanced
2008 desc: Send Bucket HTTP header with the response
2009 long_desc: If true, RGW will send a Bucket HTTP header with the responses. The header
2010 will contain the name of the bucket the operation happened on.
2011 default: false
2012 services:
2013 - rgw
2014 with_legacy: true
2015- name: rgw_frontends
2016 type: str
2017 level: basic
2018 desc: RGW frontends configuration
2019 long_desc: A comma delimited list of frontends configuration. Each configuration
2020 contains the type of the frontend followed by an optional space delimited set
2021 of key=value config parameters.
2022 fmt_desc: Configures the HTTP frontend(s). The configuration for multiple
2023 frontends can be provided in a comma-delimited list. Each frontend
2024 configuration may include a list of options separated by spaces,
2025 where each option is in the form "key=value" or "key". See
2026 `HTTP Frontends`_ for more on supported options.
2027 default: beast port=7480
2028 services:
2029 - rgw
2030 with_legacy: true
2031- name: rgw_frontend_defaults
2032 type: str
2033 level: advanced
2034 desc: RGW frontends default configuration
2035 long_desc: A comma delimited list of default frontends configuration.
2036 default: beast ssl_certificate=config://rgw/cert/$realm/$zone.crt ssl_private_key=config://rgw/cert/$realm/$zone.key
2037 services:
2038 - rgw
2039- name: rgw_beast_enable_async
2040 type: bool
2041 level: dev
2042 desc: Enable async request processing under beast using coroutines
2043 long_desc: When enabled, the beast frontend will process requests using
2044 coroutines, allowing the concurrent processing of several requests on the
2045 same thread. When disabled, the number of concurrent requests will be
2046 limited by the thread count, but debugging and tracing the synchronous
2047 calls can be easier.
2048 default: true
2049 services:
2050 - rgw
2051 with_legacy: true
2052- name: rgw_user_quota_bucket_sync_interval
2053 type: int
2054 level: advanced
2055 desc: User quota bucket sync interval
2056 long_desc: Time period for accumulating modified buckets before syncing these stats.
2057 fmt_desc: The amount of time in seconds bucket quota information is
2058 accumulated before syncing to the cluster. During this time,
2059 other RGW instances will not see the changes in bucket quota
2060 stats from operations on this instance.
2061 default: 3_min
2062 services:
2063 - rgw
2064 with_legacy: true
2065- name: rgw_user_quota_sync_interval
2066 type: int
2067 level: advanced
2068 desc: User quota sync interval
2069 long_desc: Time period for accumulating modified buckets before syncing entire user
2070 stats.
2071 fmt_desc: The amount of time in seconds user quota information is
2072 accumulated before syncing to the cluster. During this time,
2073 other RGW instances will not see the changes in user quota stats
2074 from operations on this instance.
2075 default: 1_day
2076 services:
2077 - rgw
2078 with_legacy: true
2079- name: rgw_user_quota_sync_idle_users
2080 type: bool
2081 level: advanced
2082 desc: Should sync idle users quota
2083 long_desc: Whether stats for idle users be fully synced.
2084 default: false
2085 services:
2086 - rgw
2087 with_legacy: true
2088- name: rgw_user_quota_sync_wait_time
2089 type: int
2090 level: advanced
2091 desc: User quota full-sync wait time
2092 long_desc: Minimum time between two full stats sync for non-idle users.
2093 default: 1_day
2094 services:
2095 - rgw
2096 with_legacy: true
2097- name: rgw_user_default_quota_max_objects
2098 type: int
2099 level: basic
2100 desc: User quota max objects
2101 long_desc: The default quota configuration for total number of objects for a single
2102 user. A negative number means 'unlimited'.
2103 fmt_desc: Default max number of objects for a user. This includes all
2104 objects in all buckets owned by the user. Set on new users,
2105 if no other quota is specified. Has no effect on existing users.
2106 default: -1
2107 services:
2108 - rgw
2109 with_legacy: true
2110- name: rgw_user_default_quota_max_size
2111 type: int
2112 level: basic
2113 desc: User quota max size
2114 long_desc: The default quota configuration for total size of objects for a single
2115 user. A negative number means 'unlimited'.
2116 fmt_desc: The value for user max size quota in bytes set on new users,
2117 if no other quota is specified. Has no effect on existing users.
2118 default: -1
2119 services:
2120 - rgw
2121 with_legacy: true
2122- name: rgw_multipart_min_part_size
2123 type: size
2124 level: advanced
2125 desc: Minimum S3 multipart-upload part size
2126 long_desc: When doing a multipart upload, each part (other than the last part) must
2127 be at least this size.
2128 default: 5_M
2129 services:
2130 - rgw
2131 with_legacy: true
2132- name: rgw_multipart_part_upload_limit
2133 type: int
2134 level: advanced
2135 desc: Max number of parts in multipart upload
2136 default: 10000
2137 services:
2138 - rgw
2139 with_legacy: true
2140- name: rgw_max_slo_entries
2141 type: int
2142 level: advanced
2143 desc: Max number of entries in Swift Static Large Object manifest
2144 default: 1000
2145 services:
2146 - rgw
2147 with_legacy: true
2148- name: rgw_olh_pending_timeout_sec
2149 type: int
2150 level: dev
2151 desc: Max time for pending OLH change to complete
2152 long_desc: OLH is a versioned object's logical head. Operations on it are journaled
2153 and as pending before completion. If an operation doesn't complete with this amount
2154 of seconds, we remove the operation from the journal.
2155 default: 1_hr
2156 services:
2157 - rgw
2158 with_legacy: true
2159- name: rgw_user_max_buckets
2160 type: int
2161 level: basic
2162 desc: Max number of buckets per user
2163 long_desc: A user can create at most this number of buckets. Zero means no limit;
2164 a negative value means users cannot create any new buckets, although users will
2165 retain buckets already created.
2166 default: 1000
2167 services:
2168 - rgw
2169 with_legacy: true
2170- name: rgw_objexp_gc_interval
2171 type: uint
2172 level: advanced
2173 desc: Swift objects expirer garbage collector interval
2174 default: 600
2175 services:
2176 - rgw
2177 with_legacy: true
2178- name: rgw_objexp_hints_num_shards
2179 type: uint
2180 level: advanced
2181 desc: Number of object expirer data shards
2182 long_desc: The number of shards the (Swift) object expirer will store its data on.
2183 default: 127
2184 services:
2185 - rgw
2186 with_legacy: true
2187# maximum number of entries in a single operation when processing objexp data
2188- name: rgw_objexp_chunk_size
2189 type: uint
2190 level: dev
2191 default: 100
2192 services:
2193 - rgw
2194 with_legacy: true
2195- name: rgw_enable_static_website
2196 type: bool
2197 level: basic
2198 desc: Enable static website APIs
2199 long_desc: This configurable controls whether RGW handles the website control APIs.
2200 RGW can server static websites if s3website hostnames are configured, and unrelated
2201 to this configurable.
2202 default: false
2203 services:
2204 - rgw
2205 with_legacy: true
2206- name: rgw_user_unique_email
2207 type: bool
2208 level: basic
2209 desc: Require local RGW users to have unique email addresses
2210 long_desc: Enforce builtin user accounts to have unique email addresses. This setting
2211 is historical. In future, non-enforcement of email address uniqueness is likely
2212 to become the default.
2213 default: true
2214 services:
2215 - rgw
2216- name: rgw_log_http_headers
2217 type: str
2218 level: basic
2219 desc: List of HTTP headers to log
2220 long_desc: A comma delimited list of HTTP headers to log when seen, ignores case
2221 (e.g., http_x_forwarded_for).
2222 fmt_desc: Comma-delimited list of HTTP headers to include with ops
2223 log entries. Header names are case insensitive, and use
2224 the full header name with words separated by underscores.
2225 example: http_x_forwarded_for, http_x_special_k
2226 services:
2227 - rgw
2228 with_legacy: true
2229- name: rgw_num_async_rados_threads
2230 type: int
2231 level: advanced
2232 desc: Number of concurrent RADOS operations in multisite sync
2233 long_desc: The number of concurrent RADOS IO operations that will be triggered for
2234 handling multisite sync operations. This includes control related work, and not
2235 the actual sync operations.
2236 default: 32
2237 services:
2238 - rgw
2239 with_legacy: true
2240- name: rgw_md_notify_interval_msec
2241 type: int
2242 level: advanced
2243 desc: Length of time to aggregate metadata changes
2244 long_desc: Length of time (in milliseconds) in which the master zone aggregates
2245 all the metadata changes that occurred, before sending notifications to all the
2246 other zones.
2247 default: 200
2248 services:
2249 - rgw
2250 with_legacy: true
2251- name: rgw_run_sync_thread
2252 type: bool
2253 level: advanced
2254 desc: Should run sync thread
2255 fmt_desc: If there are other zones in the realm to sync from, spawn threads
2256 to handle the sync of data and metadata.
2257 default: true
2258 services:
2259 - rgw
2260 with_legacy: true
2261- name: rgw_sync_lease_period
2262 type: int
2263 level: dev
2264 default: 2_min
2265 services:
2266 - rgw
2267 with_legacy: true
2268- name: rgw_sync_log_trim_interval
2269 type: int
2270 level: advanced
2271 desc: Sync log trim interval
2272 long_desc: Time in seconds between attempts to trim sync logs.
2273 default: 20_min
2274 services:
2275 - rgw
2276 with_legacy: true
2277- name: rgw_sync_log_trim_max_buckets
2278 type: int
2279 level: advanced
2280 desc: Maximum number of buckets to trim per interval
2281 long_desc: The maximum number of buckets to consider for bucket index log trimming
2282 each trim interval, regardless of the number of bucket index shards. Priority
2283 is given to buckets with the most sync activity over the last trim interval.
2284 default: 16
2285 services:
2286 - rgw
2287 see_also:
2288 - rgw_sync_log_trim_interval
2289 - rgw_sync_log_trim_min_cold_buckets
2290 - rgw_sync_log_trim_concurrent_buckets
2291- name: rgw_sync_log_trim_min_cold_buckets
2292 type: int
2293 level: advanced
2294 desc: Minimum number of cold buckets to trim per interval
2295 long_desc: Of the `rgw_sync_log_trim_max_buckets` selected for bucket index log
2296 trimming each trim interval, at least this many of them must be 'cold' buckets.
2297 These buckets are selected in order from the list of all bucket instances, to
2298 guarantee that all buckets will be visited eventually.
2299 default: 4
2300 services:
2301 - rgw
2302 see_also:
2303 - rgw_sync_log_trim_interval
2304 - rgw_sync_log_trim_max_buckets
2305 - rgw_sync_log_trim_concurrent_buckets
2306- name: rgw_sync_log_trim_concurrent_buckets
2307 type: int
2308 level: advanced
2309 desc: Maximum number of buckets to trim in parallel
2310 default: 4
2311 services:
2312 - rgw
2313 see_also:
2314 - rgw_sync_log_trim_interval
2315 - rgw_sync_log_trim_max_buckets
2316 - rgw_sync_log_trim_min_cold_buckets
2317- name: rgw_sync_data_inject_err_probability
2318 type: float
2319 level: dev
2320 default: 0
2321 services:
2322 - rgw
2323 with_legacy: true
2324- name: rgw_sync_meta_inject_err_probability
2325 type: float
2326 level: dev
2327 default: 0
2328 services:
2329 - rgw
2330 with_legacy: true
2331- name: rgw_sync_trace_history_size
2332 type: size
2333 level: advanced
2334 desc: Sync trace history size
2335 long_desc: Maximum number of complete sync trace entries to keep.
2336 default: 4_K
2337 services:
2338 - rgw
2339 with_legacy: true
2340- name: rgw_sync_trace_per_node_log_size
2341 type: int
2342 level: advanced
2343 desc: Sync trace per-node log size
2344 long_desc: The number of log entries to keep per sync-trace node.
2345 default: 32
2346 services:
2347 - rgw
2348 with_legacy: true
2349- name: rgw_sync_trace_servicemap_update_interval
2350 type: int
2351 level: advanced
2352 desc: Sync-trace service-map update interval
2353 long_desc: Number of seconds between service-map updates of sync-trace events.
2354 default: 10
2355 services:
2356 - rgw
2357 with_legacy: true
2358- name: rgw_period_push_interval
2359 type: float
2360 level: advanced
2361 desc: Period push interval
2362 long_desc: Number of seconds to wait before retrying 'period push' operation.
2363 default: 2
2364 services:
2365 - rgw
2366 with_legacy: true
2367- name: rgw_period_push_interval_max
2368 type: float
2369 level: advanced
2370 desc: Period push maximum interval
2371 long_desc: The max number of seconds to wait before retrying 'period push' after
2372 exponential backoff.
2373 default: 30
2374 services:
2375 - rgw
2376 with_legacy: true
2377- name: rgw_safe_max_objects_per_shard
2378 type: int
2379 level: advanced
2380 desc: Safe number of objects per shard
2381 long_desc: This is the max number of objects per bucket index shard that RGW considers
2382 safe. RGW will warn if it identifies a bucket where its per-shard count is higher
2383 than a percentage of this number.
2384 default: 102400
2385 services:
2386 - rgw
2387 see_also:
2388 - rgw_shard_warning_threshold
2389 with_legacy: true
2390# pct of safe max at which to warn
2391- name: rgw_shard_warning_threshold
2392 type: float
2393 level: advanced
2394 desc: Warn about max objects per shard
2395 long_desc: Warn if number of objects per shard in a specific bucket passed this
2396 percentage of the safe number.
2397 default: 90
2398 services:
2399 - rgw
2400 see_also:
2401 - rgw_safe_max_objects_per_shard
2402 with_legacy: true
2403- name: rgw_swift_versioning_enabled
2404 type: bool
2405 level: advanced
2406 desc: Enable Swift versioning
2407 fmt_desc: |
2408 Enables the Object Versioning of OpenStack Object Storage API.
2409 This allows clients to put the ``X-Versions-Location`` attribute
2410 on containers that should be versioned. The attribute specifies
2411 the name of container storing archived versions. It must be owned
2412 by the same user that the versioned container due to access
2413 control verification - ACLs are NOT taken into consideration.
2414 Those containers cannot be versioned by the S3 object versioning
2415 mechanism.
2416
2417 A slightly different attribute, ``X-History-Location``, which is also understood by
2418 `OpenStack Swift <https://docs.openstack.org/swift/latest/api/object_versioning.html>`_
2419 for handling ``DELETE`` operations, is currently not supported.
2420 default: false
2421 services:
2422 - rgw
2423 with_legacy: true
2424- name: rgw_swift_custom_header
2425 type: str
2426 level: advanced
2427 desc: Enable swift custom header
2428 long_desc: If not empty, specifies a name of HTTP header that can include custom
2429 data. When uploading an object, if this header is passed RGW will store this header
2430 info and it will be available when listing the bucket.
2431 services:
2432 - rgw
2433 with_legacy: true
2434- name: rgw_swift_need_stats
2435 type: bool
2436 level: advanced
2437 desc: Enable stats on bucket listing in Swift
2438 default: true
2439 services:
2440 - rgw
2441 with_legacy: true
2442- name: rgw_reshard_num_logs
2443 type: uint
2444 level: advanced
2445 default: 16
2446 services:
2447 - rgw
2448 - rgw
2449 min: 1
2450- name: rgw_reshard_bucket_lock_duration
2451 type: uint
2452 level: advanced
2453 desc: Number of seconds the timeout on the reshard locks (bucket reshard lock and
2454 reshard log lock) are set to. As a reshard proceeds these locks can be renewed/extended.
2455 If too short, reshards cannot complete and will fail, causing a future reshard
2456 attempt. If too long a hung or crashed reshard attempt will keep the bucket locked
2457 for an extended period, not allowing RGW to detect the failed reshard attempt
2458 and recover.
2459 default: 360
2460 tags:
2461 - performance
2462 services:
2463 - rgw
2464 - rgw
2465 min: 30
2466- name: rgw_reshard_batch_size
2467 type: uint
2468 level: advanced
2469 desc: Number of reshard entries to batch together before sending the operations
2470 to the CLS back-end
2471 default: 64
2472 tags:
2473 - performance
2474 services:
2475 - rgw
2476 - rgw
2477 min: 8
2478- name: rgw_reshard_max_aio
2479 type: uint
2480 level: advanced
2481 desc: Maximum number of outstanding asynchronous I/O operations to allow at a time
2482 during resharding
2483 default: 128
2484 tags:
2485 - performance
2486 services:
2487 - rgw
2488 - rgw
2489 min: 16
2490- name: rgw_trust_forwarded_https
2491 type: bool
2492 level: advanced
2493 desc: Trust Forwarded and X-Forwarded-Proto headers
2494 long_desc: When a proxy in front of radosgw is used for ssl termination, radosgw
2495 does not know whether incoming http connections are secure. Enable this option
2496 to trust the Forwarded and X-Forwarded-Proto headers sent by the proxy when determining
2497 whether the connection is secure. This is required for some features, such as
2498 server side encryption. (Never enable this setting if you do not have a trusted
2499 proxy in front of radosgw, or else malicious users will be able to set these headers
2500 in any request.)
2501 fmt_desc: When a proxy in front of radosgw is used for ssl termination, radosgw
2502 does not know whether incoming http connections are secure. Enable
2503 this option to trust the ``Forwarded`` and ``X-Forwarded-Proto`` headers
2504 sent by the proxy when determining whether the connection is secure.
2505 This is required for some features, such as server side encryption.
2506 (Never enable this setting if you do not have a trusted proxy in front of
2507 radosgw, or else malicious users will be able to set these headers in
2508 any request.)
2509 default: false
2510 services:
2511 - rgw
2512 see_also:
2513 - rgw_crypt_require_ssl
2514 with_legacy: true
2515- name: rgw_crypt_require_ssl
2516 type: bool
2517 level: advanced
2518 desc: Requests including encryption key headers must be sent over ssl
2519 default: true
2520 services:
2521 - rgw
2522 with_legacy: true
2523# base64 encoded key for encryption of rgw objects
2524- name: rgw_crypt_default_encryption_key
2525 type: str
2526 level: dev
2527 services:
2528 - rgw
2529 with_legacy: true
2530- name: rgw_crypt_s3_kms_backend
2531 type: str
2532 level: advanced
2533 desc: Where the SSE-KMS encryption keys are stored. Supported KMS systems are OpenStack
2534 Barbican ('barbican', the default) and HashiCorp Vault ('vault').
2535 fmt_desc: Where the SSE-KMS encryption keys are stored. Supported KMS
2536 systems are OpenStack Barbican (``barbican``, the default) and
2537 HashiCorp Vault (``vault``).
2538 default: barbican
2539 services:
2540 - rgw
2541 enum_values:
2542 - barbican
2543 - vault
2544 - testing
2545 - kmip
2546 with_legacy: true
2547# extra keys that may be used for aws:kms
2548# defined as map "key1=YmluCmJvb3N0CmJvb3N0LQ== key2=b3V0CnNyYwpUZXN0aW5nCg=="
2549- name: rgw_crypt_s3_kms_encryption_keys
2550 type: str
2551 level: dev
2552 services:
2553 - rgw
2554 with_legacy: true
2555- name: rgw_crypt_vault_auth
2556 type: str
2557 level: advanced
2558 desc: Type of authentication method to be used with Vault.
2559 fmt_desc: Type of authentication method to be used. The only method
2560 currently supported is ``token``.
2561 default: token
2562 services:
2563 - rgw
2564 see_also:
2565 - rgw_crypt_s3_kms_backend
2566 - rgw_crypt_vault_addr
2567 - rgw_crypt_vault_token_file
2568 enum_values:
2569 - token
2570 - agent
2571 with_legacy: true
2572- name: rgw_crypt_vault_token_file
2573 type: str
2574 level: advanced
2575 desc: If authentication method is 'token', provide a path to the token file, which
2576 for security reasons should readable only by Rados Gateway.
2577 services:
2578 - rgw
2579 see_also:
2580 - rgw_crypt_s3_kms_backend
2581 - rgw_crypt_vault_auth
2582 - rgw_crypt_vault_addr
2583 with_legacy: true
2584- name: rgw_crypt_vault_addr
2585 type: str
2586 level: advanced
2587 desc: Vault server base address.
2588 fmt_desc: Vault server base address, e.g. ``http://vaultserver:8200``.
2589 services:
2590 - rgw
2591 see_also:
2592 - rgw_crypt_s3_kms_backend
2593 - rgw_crypt_vault_auth
2594 - rgw_crypt_vault_prefix
2595 with_legacy: true
2596# Optional URL prefix to Vault secret path
2597- name: rgw_crypt_vault_prefix
2598 type: str
2599 level: advanced
2600 desc: Vault secret URL prefix, which can be used to restrict access to a particular
2601 subset of the Vault secret space.
2602 fmt_desc: The Vault secret URL prefix, which can be used to restrict access
2603 to a particular subset of the secret space, e.g. ``/v1/secret/data``.
2604 services:
2605 - rgw
2606 see_also:
2607 - rgw_crypt_s3_kms_backend
2608 - rgw_crypt_vault_addr
2609 - rgw_crypt_vault_auth
2610 with_legacy: true
2611# kv, transit or other supported secret engines
2612- name: rgw_crypt_vault_secret_engine
2613 type: str
2614 level: advanced
2615 desc: Vault Secret Engine to be used to retrieve encryption keys.
2616 fmt_desc: |
2617 Vault Secret Engine to be used to retrieve encryption keys: choose
2618 between kv-v2, transit.
2619 default: transit
2620 services:
2621 - rgw
2622 see_also:
2623 - rgw_crypt_s3_kms_backend
2624 - rgw_crypt_vault_auth
2625 - rgw_crypt_vault_addr
2626 with_legacy: true
2627# Vault Namespace (only availabe in Vault Enterprise Version)
2628- name: rgw_crypt_vault_namespace
2629 type: str
2630 level: advanced
2631 desc: Vault Namespace to be used to select your tenant
2632 fmt_desc: If set, Vault Namespace provides tenant isolation for teams and individuals
2633 on the same Vault Enterprise instance, e.g. ``acme/tenant1``
2634 services:
2635 - rgw
2636 see_also:
2637 - rgw_crypt_s3_kms_backend
2638 - rgw_crypt_vault_auth
2639 - rgw_crypt_vault_addr
2640 with_legacy: true
2641# Enable TLS authentication rgw and vault
2642- name: rgw_crypt_vault_verify_ssl
2643 type: bool
2644 level: advanced
2645 desc: Should RGW verify the vault server SSL certificate.
2646 default: true
2647 services:
2648 - rgw
2649 with_legacy: true
2650# TLS certs options
2651- name: rgw_crypt_vault_ssl_cacert
2652 type: str
2653 level: advanced
2654 desc: Path for custom ca certificate for accessing vault server
2655 services:
2656 - rgw
2657 with_legacy: true
2658- name: rgw_crypt_vault_ssl_clientcert
2659 type: str
2660 level: advanced
2661 desc: Path for custom client certificate for accessing vault server
2662 services:
2663 - rgw
2664 with_legacy: true
2665- name: rgw_crypt_vault_ssl_clientkey
2666 type: str
2667 level: advanced
2668 desc: Path for private key required for client cert
2669 services:
2670 - rgw
2671 with_legacy: true
2672- name: rgw_crypt_kmip_addr
2673 type: str
2674 level: advanced
2675 desc: kmip server address
2676 services:
2677 - rgw
2678 with_legacy: true
2679- name: rgw_crypt_kmip_ca_path
2680 type: str
2681 level: advanced
2682 desc: ca for kmip servers
2683 services:
2684 - rgw
2685 with_legacy: true
2686- name: rgw_crypt_kmip_username
2687 type: str
2688 level: advanced
2689 desc: when authenticating via username
2690 services:
2691 - rgw
2692 with_legacy: true
2693- name: rgw_crypt_kmip_password
2694 type: str
2695 level: advanced
2696 desc: optional w/ username
2697 services:
2698 - rgw
2699 with_legacy: true
2700- name: rgw_crypt_kmip_client_cert
2701 type: str
2702 level: advanced
2703 desc: connect using client certificate
2704 services:
2705 - rgw
2706 with_legacy: true
2707- name: rgw_crypt_kmip_client_key
2708 type: str
2709 level: advanced
2710 desc: connect using client certificate
2711 services:
2712 - rgw
2713 with_legacy: true
2714- name: rgw_crypt_kmip_kms_key_template
2715 type: str
2716 level: advanced
2717 desc: sse-kms; kmip key names
2718 services:
2719 - rgw
2720 with_legacy: true
2721- name: rgw_crypt_kmip_s3_key_template
2722 type: str
2723 level: advanced
2724 desc: sse-s3; kmip key template
2725 default: $keyid
2726 services:
2727 - rgw
2728 with_legacy: true
2729- name: rgw_crypt_suppress_logs
2730 type: bool
2731 level: advanced
2732 desc: Suppress logs that might print client key
2733 default: true
2734 services:
2735 - rgw
2736 with_legacy: true
2a845540
TL		 2737- name: rgw_crypt_sse_s3_backend
2738 type: str
2739 level: advanced
2740 desc: Where the SSE-S3 encryption keys are stored. The only valid choice here is
2741 HashiCorp Vault ('vault').
2742 fmt_desc: Where the SSE-S3 encryption keys are stored. The only valid
2743 choice is HashiCorp Vault (``vault``).
2744 default: vault
2745 services:
2746 - rgw
2747 enum_values:
2748 - vault
2749 with_legacy: true
2750
2751- name: rgw_crypt_sse_s3_vault_secret_engine
2752 type: str
2753 level: advanced
2754 desc: Vault Secret Engine to be used to retrieve encryption keys.
2755 fmt_desc: |
2756 Vault Secret Engine to be used to retrieve encryption keys. The
2757 only valid choice here is transit.
2758 default: transit
2759 services:
2760 - rgw
2761 see_also:
2762 - rgw_crypt_sse_s3_backend
2763 - rgw_crypt_sse_s3_vault_auth
2764 - rgw_crypt_sse_s3_vault_addr
2765 with_legacy: true
2766- name: rgw_crypt_sse_s3_key_template
2767 type: str
2768 level: advanced
2769 desc: template for per-bucket sse-s3 keys in vault.
2770 long_desc: This is the template for per-bucket sse-s3 keys.
2771 This string may include ``%bucket_id`` which will be expanded out to
2772 the bucket marker, a unique uuid assigned to that bucket.
2773 It could contain ``%owner_id``, which will expand out to the owner's id.
2774 Any other use of % is reserved and should not be used.
2775 If the template contains ``%bucket_id``, associated bucket keys
2776 will be automatically removed when the bucket is removed.
2777 services:
2778 - rgw
2779 default: "%bucket_id"
2780 see_also:
2781 - rgw_crypt_sse_s3_backend
2782 - rgw_crypt_sse_s3_vault_auth
2783 - rgw_crypt_sse_s3_vault_addr
2784 with_legacy: true
2785- name: rgw_crypt_sse_s3_vault_auth
2786 type: str
2787 level: advanced
2788 desc: Type of authentication method to be used with SSE-S3 and Vault.
2789 fmt_desc: Type of authentication method to be used. The only method
2790 currently supported is ``token``.
2791 default: token
2792 services:
2793 - rgw
2794 see_also:
2795 - rgw_crypt_sse_s3_backend
2796 - rgw_crypt_sse_s3_vault_addr
2797 - rgw_crypt_sse_s3_vault_token_file
2798 enum_values:
2799 - token
2800 - agent
2801 with_legacy: true
2802- name: rgw_crypt_sse_s3_vault_token_file
2803 type: str
2804 level: advanced
2805 desc: If authentication method is 'token', provide a path to the token file, which
2806 for security reasons should readable only by Rados Gateway.
2807 services:
2808 - rgw
2809 see_also:
2810 - rgw_crypt_sse_s3_backend
2811 - rgw_crypt_sse_s3_vault_auth
2812 - rgw_crypt_sse_s3_vault_addr
2813 with_legacy: true
2814- name: rgw_crypt_sse_s3_vault_addr
2815 type: str
2816 level: advanced
2817 desc: SSE-S3 Vault server base address.
2818 fmt_desc: Vault server base address, e.g. ``http://vaultserver:8200``.
2819 services:
2820 - rgw
2821 see_also:
2822 - rgw_crypt_sse_s3_backend
2823 - rgw_crypt_sse_s3_vault_auth
2824 - rgw_crypt_sse_s3_vault_prefix
2825 with_legacy: true
2826# Optional URL prefix to Vault secret path
2827- name: rgw_crypt_sse_s3_vault_prefix
2828 type: str
2829 level: advanced
2830 desc: SSE-S3 Vault secret URL prefix, which can be used to restrict access to a particular
2831 subset of the Vault secret space.
2832 fmt_desc: The Vault secret URL prefix, which can be used to restrict access
2833 to a particular subset of the secret space, e.g. ``/v1/secret/data``.
2834 services:
2835 - rgw
2836 see_also:
2837 - rgw_crypt_sse_s3_backend
2838 - rgw_crypt_sse_s3_vault_addr
2839 - rgw_crypt_sse_s3_vault_auth
2840 with_legacy: true
2841# Vault Namespace (only availabe in Vault Enterprise Version)
2842- name: rgw_crypt_sse_s3_vault_namespace
2843 type: str
2844 level: advanced
2845 desc: Vault Namespace to be used to select your tenant
2846 fmt_desc: If set, Vault Namespace provides tenant isolation for teams and individuals
2847 on the same Vault Enterprise instance, e.g. ``acme/tenant1``
2848 services:
2849 - rgw
2850 see_also:
2851 - rgw_crypt_sse_s3_backend
2852 - rgw_crypt_sse_s3_vault_auth
2853 - rgw_crypt_sse_s3_vault_addr
2854 with_legacy: true
2855# Enable TLS authentication rgw and vault
2856- name: rgw_crypt_sse_s3_vault_verify_ssl
2857 type: bool
2858 level: advanced
2859 desc: Should RGW verify the vault server SSL certificate.
2860 default: true
2861 services:
2862 - rgw
2863 with_legacy: true
2864# TLS certs options
2865- name: rgw_crypt_sse_s3_vault_ssl_cacert
2866 type: str
2867 level: advanced
2868 desc: Path for custom ca certificate for accessing vault server
2869 services:
2870 - rgw
2871 with_legacy: true
2872- name: rgw_crypt_sse_s3_vault_ssl_clientcert
2873 type: str
2874 level: advanced
2875 desc: Path for custom client certificate for accessing vault server
2876 services:
2877 - rgw
2878 with_legacy: true
2879- name: rgw_crypt_sse_s3_vault_ssl_clientkey
2880 type: str
2881 level: advanced
2882 desc: Path for private key required for client cert
2883 services:
2884 - rgw
2885 with_legacy: true
20effc67
TL		 2886- name: rgw_list_bucket_min_readahead
2887 type: int
2888 level: advanced
2889 desc: Minimum number of entries to request from rados for bucket listing
2890 default: 1000
2891 services:
2892 - rgw
2893 with_legacy: true
2894- name: rgw_rest_getusage_op_compat
2895 type: bool
2896 level: advanced
2897 desc: REST GetUsage request backward compatibility
2898 default: false
2899 services:
2900 - rgw
2901 with_legacy: true
2902# The following are tunables for torrent data
2903- name: rgw_torrent_flag
2904 type: bool
2905 level: advanced
2906 desc: When true, uploaded objects will calculate and store a SHA256 hash of object
2907 data so the object can be retrieved as a torrent file
2908 default: false
2909 services:
2910 - rgw
2911 with_legacy: true
2912- name: rgw_torrent_tracker
2913 type: str
2914 level: advanced
2915 desc: Torrent field announce and announce list
2916 services:
2917 - rgw
2918 with_legacy: true
2919- name: rgw_torrent_createby
2920 type: str
2921 level: advanced
2922 desc: torrent field created by
2923 services:
2924 - rgw
2925 with_legacy: true
2926- name: rgw_torrent_comment
2927 type: str
2928 level: advanced
2929 desc: Torrent field comment
2930 services:
2931 - rgw
2932 with_legacy: true
2933- name: rgw_torrent_encoding
2934 type: str
2935 level: advanced
2936 desc: torrent field encoding
2937 services:
2938 - rgw
2939 with_legacy: true
2940- name: rgw_data_notify_interval_msec
2941 type: int
2942 level: advanced
2943 desc: data changes notification interval to followers
2944 long_desc: In multisite, radosgw will occasionally broadcast new entries in its
2945 data changes log to peer zones, so they can prioritize sync of some
2946 of the most recent changes. Can be disabled with 0.
2947 default: 200
2948 services:
2949 - rgw
2950 with_legacy: true
2951- name: rgw_torrent_origin
2952 type: str
2953 level: advanced
2954 desc: Torrent origin
2955 services:
2956 - rgw
2957 with_legacy: true
2958- name: rgw_torrent_sha_unit
2959 type: size
2960 level: advanced
2961 default: 512_K
2962 services:
2963 - rgw
2964 with_legacy: true
2965- name: rgw_dynamic_resharding
2966 type: bool
2967 level: basic
2968 desc: Enable dynamic resharding
2969 long_desc: If true, RGW will dynamically increase the number of shards in buckets
2970 that have a high number of objects per shard.
2971 default: true
2972 services:
2973 - rgw
2974 see_also:
2975 - rgw_max_objs_per_shard
2976 - rgw_max_dynamic_shards
2977- name: rgw_max_objs_per_shard
2978 type: uint
2979 level: basic
2980 desc: Max objects per shard for dynamic resharding
2981 long_desc: This is the max number of objects per bucket index shard that RGW will
2982 allow with dynamic resharding. RGW will trigger an automatic reshard operation
2983 on the bucket if it exceeds this number.
2984 default: 100000
2985 services:
2986 - rgw
2987 see_also:
2988 - rgw_dynamic_resharding
2989 - rgw_max_dynamic_shards
2990- name: rgw_max_dynamic_shards
2991 type: uint
2992 level: advanced
2993 desc: Max shards that dynamic resharding can create
2994 long_desc: This is the maximum number of bucket index shards that dynamic sharding
2995 is able to create on its own. This does not limit user requested resharding. Ideally
2996 this value is a prime number.
2997 default: 1999
2998 services:
2999 - rgw
3000 see_also:
3001 - rgw_dynamic_resharding
3002 - rgw_max_objs_per_shard
3003 min: 1
3004- name: rgw_reshard_thread_interval
3005 type: uint
3006 level: advanced
3007 desc: Number of seconds between processing of reshard log entries
3008 default: 600
3009 services:
3010 - rgw
3011 min: 10
3012- name: rgw_cache_expiry_interval
3013 type: uint
3014 level: advanced
3015 desc: Number of seconds before entries in the cache are assumed stale and re-fetched.
3016 Zero is never.
3017 long_desc: The Rados Gateway stores metadata and objects in an internal cache. This
3018 should be kept consistent by the OSD's relaying notify events between multiple
3019 watching RGW processes. In the event that this notification protocol fails, bounding
3020 the length of time that any data in the cache will be assumed valid will ensure
3021 that any RGW instance that falls out of sync will eventually recover. This seems
3022 to be an issue mostly for large numbers of RGW instances under heavy use. If you
3023 would like to turn off cache expiry, set this value to zero.
3024 default: 900
3025 tags:
3026 - performance
3027 services:
3028 - rgw
3029 - rgw
3030- name: rgw_inject_notify_timeout_probability
3031 type: float
3032 level: dev
3033 desc: Likelihood of ignoring a notify
3034 long_desc: This is the probability that the RGW cache will ignore a cache notify
3035 message. It exists to help with the development and testing of cache consistency
3036 and recovery improvements. Please do not set it in a production cluster, as it
3037 actively causes failures. Set this to a floating point value between 0 and 1.
3038 default: 0
3039 tags:
3040 - fault injection
3041 - testing
3042 services:
3043 - rgw
3044 - rgw
3045 min: 0
3046 max: 1
3047- name: rgw_max_notify_retries
3048 type: uint
3049 level: advanced
3050 desc: Number of attempts to notify peers before giving up.
3051 long_desc: The number of times we will attempt to update a peer's cache in the event
3052 of error before giving up. This is unlikely to be an issue unless your cluster
3053 is very heavily loaded. Beware that increasing this value may cause some operations
3054 to take longer in exceptional cases and thus may, rarely, cause clients to time
3055 out.
3056 default: 3
3057 tags:
3058 - error recovery
3059 services:
3060 - rgw
3061 - rgw
3062- name: rgw_sts_entry
3063 type: str
3064 level: advanced
3065 desc: STS URL prefix
3066 long_desc: URL path prefix for internal STS requests.
3067 default: sts
3068 services:
3069 - rgw
3070 with_legacy: true
3071- name: rgw_sts_key
3072 type: str
3073 level: advanced
3074 desc: STS Key
3075 long_desc: Key used for encrypting/ decrypting session token.
3076 default: sts
3077 services:
3078 - rgw
3079 with_legacy: true
3080# should we try to use sts for s3?
3081- name: rgw_s3_auth_use_sts
3082 type: bool
3083 level: advanced
3084 desc: Should S3 authentication use STS.
3085 default: false
3086 services:
3087 - rgw
3088 with_legacy: true
3089- name: rgw_sts_max_session_duration
3090 type: uint
3091 level: advanced
3092 desc: Session token max duration
3093 long_desc: Max duration in seconds for which the session token is valid.
3094 default: 43200
3095 services:
3096 - rgw
3097 with_legacy: true
3098- name: rgw_sts_min_session_duration
3099 type: uint
3100 level: advanced
3101 desc: Minimum allowed duration of a session
3102 default: 900
3103 services:
3104 - rgw
3105 with_legacy: true
3106- name: rgw_max_listing_results
3107 type: uint
3108 level: advanced
3109 desc: Upper bound on results in listing operations, ListBucket max-keys
3110 long_desc: This caps the maximum permitted value for listing-like operations in
3111 RGW S3. Affects ListBucket(max-keys), ListBucketVersions(max-keys), ListBucketMultipartUploads(max-uploads),
3112 ListMultipartUploadParts(max-parts)
3113 default: 1000
3114 services:
3115 - rgw
3116 - rgw
3117 min: 1
3118 max: 100000
3119- name: rgw_sts_token_introspection_url
3120 type: str
3121 level: advanced
3122 desc: STS Web Token introspection URL
3123 long_desc: URL for introspecting an STS Web Token.
3124 services:
3125 - rgw
3126 with_legacy: true
3127- name: rgw_sts_client_id
3128 type: str
3129 level: advanced
3130 desc: Client Id
3131 long_desc: Client Id needed for introspecting a Web Token.
3132 services:
3133 - rgw
3134 with_legacy: true
3135- name: rgw_sts_client_secret
3136 type: str
3137 level: advanced
3138 desc: Client Secret
3139 long_desc: Client Secret needed for introspecting a Web Token.
3140 services:
3141 - rgw
3142 with_legacy: true
3143- name: rgw_max_concurrent_requests
3144 type: int
3145 level: basic
3146 desc: Maximum number of concurrent HTTP requests.
3147 long_desc: Maximum number of concurrent HTTP requests that the beast frontend will
3148 process. Tuning this can help to limit memory usage under heavy load.
3149 default: 1024
3150 tags:
3151 - performance
3152 services:
3153 - rgw
3154 see_also:
3155 - rgw_frontends
3156- name: rgw_scheduler_type
3157 type: str
3158 level: advanced
3159 desc: Set the type of dmclock scheduler, defaults to throttler Other valid values
3160 are dmclock which is experimental
3161 fmt_desc: |
3162 The RGW scheduler to use. Valid values are ``throttler` and
3163 ``dmclock``. Currently defaults to ``throttler`` which throttles Beast
3164 frontend requests. ``dmclock` is *experimental* and requires the
3165 ``dmclock`` to be included in the ``experimental_feature_enabled``
3166 configuration option.
3167
3168 The options below tune the experimental dmclock scheduler. For
3169 additional reading on dmclock, see :ref:`dmclock-qos`. `op_class` for the flags below is
3170 one of ``admin``, ``auth``, ``metadata``, or ``data``.
3171 default: throttler
3172 services:
3173 - rgw
3174- name: rgw_dmclock_admin_res
3175 type: float
3176 level: advanced
3177 desc: mclock reservation for admin requests
3178 default: 100
3179 services:
3180 - rgw
3181 see_also:
3182 - rgw_dmclock_admin_wgt
3183 - rgw_dmclock_admin_lim
3184- name: rgw_dmclock_admin_wgt
3185 type: float
3186 level: advanced
3187 desc: mclock weight for admin requests
3188 default: 100
3189 services:
3190 - rgw
3191 see_also:
3192 - rgw_dmclock_admin_res
3193 - rgw_dmclock_admin_lim
3194- name: rgw_dmclock_admin_lim
3195 type: float
3196 level: advanced
3197 desc: mclock limit for admin requests
3198 default: 0
3199 services:
3200 - rgw
3201 see_also:
3202 - rgw_dmclock_admin_res
3203 - rgw_dmclock_admin_wgt
3204- name: rgw_dmclock_auth_res
3205 type: float
3206 level: advanced
3207 desc: mclock reservation for object data requests
3208 default: 200
3209 services:
3210 - rgw
3211 see_also:
3212 - rgw_dmclock_auth_wgt
3213 - rgw_dmclock_auth_lim
3214- name: rgw_dmclock_auth_wgt
3215 type: float
3216 level: advanced
3217 desc: mclock weight for object data requests
3218 default: 100
3219 services:
3220 - rgw
3221 see_also:
3222 - rgw_dmclock_auth_res
3223 - rgw_dmclock_auth_lim
3224- name: rgw_dmclock_auth_lim
3225 type: float
3226 level: advanced
3227 desc: mclock limit for object data requests
3228 default: 0
3229 services:
3230 - rgw
3231 see_also:
3232 - rgw_dmclock_auth_res
3233 - rgw_dmclock_auth_wgt
3234- name: rgw_dmclock_data_res
3235 type: float
3236 level: advanced
3237 desc: mclock reservation for object data requests
3238 default: 500
3239 services:
3240 - rgw
3241 see_also:
3242 - rgw_dmclock_data_wgt
3243 - rgw_dmclock_data_lim
3244- name: rgw_dmclock_data_wgt
3245 type: float
3246 level: advanced
3247 desc: mclock weight for object data requests
3248 default: 500
3249 services:
3250 - rgw
3251 see_also:
3252 - rgw_dmclock_data_res
3253 - rgw_dmclock_data_lim
3254- name: rgw_dmclock_data_lim
3255 type: float
3256 level: advanced
3257 desc: mclock limit for object data requests
3258 default: 0
3259 services:
3260 - rgw
3261 see_also:
3262 - rgw_dmclock_data_res
3263 - rgw_dmclock_data_wgt
3264- name: rgw_dmclock_metadata_res
3265 type: float
3266 level: advanced
3267 desc: mclock reservation for metadata requests
3268 default: 500
3269 services:
3270 - rgw
3271 see_also:
3272 - rgw_dmclock_metadata_wgt
3273 - rgw_dmclock_metadata_lim
3274- name: rgw_dmclock_metadata_wgt
3275 type: float
3276 level: advanced
3277 desc: mclock weight for metadata requests
3278 default: 500
3279 services:
3280 - rgw
3281 see_also:
3282 - rgw_dmclock_metadata_res
3283 - rgw_dmclock_metadata_lim
3284- name: rgw_dmclock_metadata_lim
3285 type: float
3286 level: advanced
3287 desc: mclock limit for metadata requests
3288 default: 0
3289 services:
3290 - rgw
3291 see_also:
3292 - rgw_dmclock_metadata_res
3293 - rgw_dmclock_metadata_wgt
3294- name: rgw_default_data_log_backing
3295 type: str
3296 level: advanced
3297 desc: Default backing store for the RGW data sync log
3298 long_desc: Whether to use the older OMAP backing store or the high performance FIFO
3299 based backing store by default. This only covers the creation of the log on startup
3300 if none exists.
3301 default: fifo
3302 services:
3303 - rgw
3304 enum_values:
3305 - fifo
3306 - omap
3307- name: rgw_d3n_l1_local_datacache_enabled
3308 type: bool
3309 level: advanced
3310 desc: Enable datacenter-scale dataset delivery local cache
3311 default: false
3312 services:
3313 - rgw
3314 with_legacy: true
3315- name: rgw_d3n_l1_datacache_persistent_path
3316 type: str
3317 level: advanced
3318 desc: path for the directory for storing the local cache objects data
3319 default: /tmp/rgw_datacache/
3320 services:
3321 - rgw
3322 with_legacy: true
3323- name: rgw_d3n_l1_datacache_size
3324 type: size
3325 level: advanced
3326 desc: datacache maximum size on disk in bytes
3327 default: 1_G
3328 services:
3329 - rgw
3330 with_legacy: true
3331- name: rgw_d3n_l1_evict_cache_on_start
3332 type: bool
3333 level: advanced
3334 desc: clear the content of the persistent data cache directory on start
3335 default: true
3336 services:
3337 - rgw
3338 with_legacy: true
3339- name: rgw_d3n_l1_fadvise
3340 type: int
3341 level: advanced
3342 desc: posix_fadvise() flag for access pattern of cache files
3343 long_desc: for example to bypass the page-cache -
3344 POSIX_FADV_DONTNEED=4
3345 default: 4
3346 services:
3347 - rgw
3348 with_legacy: true
3349- name: rgw_d3n_l1_eviction_policy
3350 type: str
3351 level: advanced
3352 desc: select the d3n cache eviction policy
3353 default: lru
3354 services:
3355 - rgw
3356 enum_values:
3357 - lru
3358 - random
3359 with_legacy: true
3360- name: rgw_d3n_libaio_aio_threads
3361 type: int
3362 level: advanced
3363 desc: specifies the maximum number of worker threads that may be used by libaio
3364 default: 20
3365 services:
3366 - rgw
3367 see_also:
3368 - rgw_thread_pool_size
3369 with_legacy: true
3370- name: rgw_d3n_libaio_aio_num
3371 type: int
3372 level: advanced
3373 desc: specifies the maximum number of simultaneous I/O requests that libaio expects to enqueue
3374 default: 64
3375 services:
3376 - rgw
3377 see_also:
3378 - rgw_thread_pool_size
3379 with_legacy: true
3380- name: rgw_backend_store
3381 type: str
3382 level: advanced
3383 desc: experimental Option to set backend store type
3384 long_desc: defaults to rados. Other valid values are dbstore(experimental).
3385 default: rados
3386 services:
3387 - rgw
3388 enum_values:
3389 - rados
3390 - dbstore
3391- name: rgw_luarocks_location
3392 type: str
3393 level: advanced
3394 desc: Directory where luarocks install packages from allowlist
3395 default: @rgw_luarocks_location@
3396 services:
3397 - rgw
3398 flags:
3399 - startup
Ceph