]>
Commit | Line | Data |
---|---|---|
20effc67 TL |
1 | # -*- mode: YAML -*- |
2 | --- | |
3 | ||
4 | options: | |
5 | # According to AWS S3(http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html), | |
6 | # An ACL can have up to 100 grants. | |
7 | - name: rgw_acl_grants_max_num | |
8 | type: int | |
9 | level: advanced | |
10 | desc: Max number of ACL grants in a single request | |
11 | default: 100 | |
12 | services: | |
13 | - rgw | |
14 | with_legacy: true | |
15 | # According to AWS S3(http://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html), | |
16 | # An cors can have up to 100 rules. | |
17 | - name: rgw_cors_rules_max_num | |
18 | type: int | |
19 | level: advanced | |
20 | desc: Max number of cors rules in a single request | |
21 | default: 100 | |
22 | services: | |
23 | - rgw | |
24 | with_legacy: true | |
25 | # According to AWS S3(https://docs.aws.amazon.com/AmazonS3/latest/dev/DeletingObjects.html), | |
26 | # Amazon S3 also provides the Multi-Object Delete API that you can use to delete up to 1000 | |
27 | # objects in a single HTTP request. | |
28 | - name: rgw_delete_multi_obj_max_num | |
29 | type: int | |
30 | level: advanced | |
31 | desc: Max number of objects in a single multi-object delete request | |
32 | default: 1000 | |
33 | services: | |
34 | - rgw | |
35 | with_legacy: true | |
36 | # According to AWS S3, An website routing config can have up to 50 rules. | |
37 | - name: rgw_website_routing_rules_max_num | |
38 | type: int | |
39 | level: advanced | |
40 | desc: Max number of website routing rules in a single request | |
41 | default: 50 | |
42 | services: | |
43 | - rgw | |
44 | with_legacy: true | |
45 | - name: rgw_rados_tracing | |
46 | type: bool | |
47 | level: advanced | |
48 | desc: true if LTTng-UST tracepoints should be enabled | |
49 | default: false | |
50 | services: | |
51 | - rgw | |
52 | - name: rgw_op_tracing | |
53 | type: bool | |
54 | level: advanced | |
55 | desc: true if LTTng-UST tracepoints should be enabled | |
56 | default: false | |
57 | services: | |
58 | - rgw | |
59 | - name: rgw_max_chunk_size | |
60 | type: size | |
61 | level: advanced | |
62 | desc: Set RGW max chunk size | |
63 | long_desc: The chunk size is the size of RADOS I/O requests that RGW sends when | |
64 | accessing data objects. RGW read and write operations will never request more than | |
65 | this amount in a single request. This also defines the RGW head object size, as | |
66 | head operations need to be atomic, and anything larger than this would require | |
67 | more than a single operation. When RGW objects are written to the default | |
68 | storage class, up to this amount of payload data will be stored alongside | |
69 | metadata in the head object. | |
70 | default: 4_M | |
71 | services: | |
72 | - rgw | |
73 | with_legacy: true | |
74 | - name: rgw_put_obj_min_window_size | |
75 | type: size | |
76 | level: advanced | |
77 | desc: The minimum RADOS write window size (in bytes). | |
78 | long_desc: The window size determines the total concurrent RADOS writes of a single | |
79 | RGW object. When writing an object RGW will send multiple chunks to RADOS. The | |
80 | total size of the writes does not exceed the window size. The window size may | |
81 | be adjusted dynamically in order to better utilize the pipe. | |
82 | default: 16_M | |
83 | services: | |
84 | - rgw | |
85 | see_also: | |
86 | - rgw_put_obj_max_window_size | |
87 | - rgw_max_chunk_size | |
88 | with_legacy: true | |
89 | - name: rgw_put_obj_max_window_size | |
90 | type: size | |
91 | level: advanced | |
92 | desc: The maximum RADOS write window size (in bytes). | |
93 | long_desc: The window size may be dynamically adjusted, but will not surpass this | |
94 | value. | |
95 | default: 64_M | |
96 | services: | |
97 | - rgw | |
98 | see_also: | |
99 | - rgw_put_obj_min_window_size | |
100 | - rgw_max_chunk_size | |
101 | with_legacy: true | |
102 | - name: rgw_max_put_size | |
103 | type: size | |
104 | level: advanced | |
105 | desc: Max size (in bytes) of regular (non multi-part) object upload. | |
106 | long_desc: Plain object upload is capped at this amount of data. In order to upload | |
107 | larger objects, a special upload mechanism is required. The S3 API provides the | |
108 | multi-part upload, and Swift provides DLO and SLO. | |
109 | default: 5_G | |
110 | services: | |
111 | - rgw | |
112 | with_legacy: true | |
113 | - name: rgw_max_put_param_size | |
114 | type: size | |
115 | level: advanced | |
116 | desc: The maximum size (in bytes) of data input of certain RESTful requests. | |
117 | default: 1_M | |
118 | services: | |
119 | - rgw | |
120 | with_legacy: true | |
121 | - name: rgw_max_attr_size | |
122 | type: size | |
123 | level: advanced | |
124 | desc: The maximum length of metadata value. 0 skips the check | |
125 | default: 0 | |
126 | services: | |
127 | - rgw | |
128 | with_legacy: true | |
129 | - name: rgw_max_attr_name_len | |
130 | type: size | |
131 | level: advanced | |
132 | desc: The maximum length of metadata name. 0 skips the check | |
133 | default: 0 | |
134 | services: | |
135 | - rgw | |
136 | with_legacy: true | |
137 | - name: rgw_max_attrs_num_in_req | |
138 | type: uint | |
139 | level: advanced | |
140 | desc: The maximum number of metadata items that can be put via single request | |
141 | default: 0 | |
142 | services: | |
143 | - rgw | |
144 | with_legacy: true | |
145 | # override max bucket index shards in zone configuration (if not zero) | |
146 | # | |
147 | # Represents the number of shards for the bucket index object, a value of zero | |
148 | # indicates there is no sharding. By default (no sharding, the name of the object | |
149 | # is '.dir.{marker}', with sharding, the name is '.dir.{markder}.{sharding_id}', | |
150 | # sharding_id is zero-based value. It is not recommended to set a too large value | |
151 | # (e.g. thousand) as it increases the cost for bucket listing. | |
152 | - name: rgw_override_bucket_index_max_shards | |
153 | type: uint | |
154 | level: dev | |
155 | desc: The default number of bucket index shards for newly-created buckets. This | |
156 | value overrides bucket_index_max_shards stored in the zone. Setting this value | |
157 | in the zone is preferred, because it applies globally to all radosgw daemons running | |
158 | in the zone. | |
159 | fmt_desc: Represents the number of shards for the bucket index object, | |
160 | a value of zero indicates there is no sharding. It is not | |
161 | recommended to set a value too large (e.g. thousand) as it | |
162 | increases the cost for bucket listing. | |
163 | This variable should be set in the client or global sections | |
164 | so that it is automatically applied to radosgw-admin commands. | |
165 | default: 0 | |
166 | services: | |
167 | - rgw | |
168 | with_legacy: true | |
169 | # Represents the maximum AIO pending requests for the bucket index object shards. | |
170 | - name: rgw_bucket_index_max_aio | |
171 | type: uint | |
172 | level: advanced | |
173 | desc: Max number of concurrent RADOS requests when handling bucket shards. | |
174 | default: 128 | |
175 | services: | |
176 | - rgw | |
177 | with_legacy: true | |
178 | # whether or not the quota/gc threads should be started | |
179 | - name: rgw_enable_quota_threads | |
180 | type: bool | |
181 | level: advanced | |
182 | desc: Enables the quota maintenance thread. | |
183 | long_desc: The quota maintenance thread is responsible for quota related maintenance | |
184 | work. The thread itself can be disabled, but in order for quota to work correctly, | |
185 | at least one RGW in each zone needs to have this thread running. Having the thread | |
186 | enabled on multiple RGW processes within the same zone can spread some of the | |
187 | maintenance work between them. | |
188 | default: true | |
189 | services: | |
190 | - rgw | |
191 | see_also: | |
192 | - rgw_enable_gc_threads | |
193 | - rgw_enable_lc_threads | |
194 | with_legacy: true | |
195 | - name: rgw_enable_gc_threads | |
196 | type: bool | |
197 | level: advanced | |
198 | desc: Enables the garbage collection maintenance thread. | |
199 | long_desc: The garbage collection maintenance thread is responsible for garbage | |
200 | collector maintenance work. The thread itself can be disabled, but in order for | |
201 | garbage collection to work correctly, at least one RGW in each zone needs to have | |
202 | this thread running. Having the thread enabled on multiple RGW processes within | |
203 | the same zone can spread some of the maintenance work between them. | |
204 | default: true | |
205 | services: | |
206 | - rgw | |
207 | see_also: | |
208 | - rgw_enable_quota_threads | |
209 | - rgw_enable_lc_threads | |
210 | with_legacy: true | |
211 | - name: rgw_enable_lc_threads | |
212 | type: bool | |
213 | level: advanced | |
214 | desc: Enables the lifecycle maintenance thread. This is required on at least one | |
215 | rgw for each zone. | |
216 | long_desc: The lifecycle maintenance thread is responsible for lifecycle related | |
217 | maintenance work. The thread itself can be disabled, but in order for lifecycle | |
218 | to work correctly, at least one RGW in each zone needs to have this thread running. | |
219 | Havingthe thread enabled on multiple RGW processes within the same zone can spread | |
220 | some of the maintenance work between them. | |
221 | default: true | |
222 | services: | |
223 | - rgw | |
224 | see_also: | |
225 | - rgw_enable_gc_threads | |
226 | - rgw_enable_quota_threads | |
227 | with_legacy: true | |
228 | - name: rgw_data | |
229 | type: str | |
230 | level: advanced | |
231 | desc: Alternative location for RGW configuration. | |
232 | long_desc: If this is set, the different Ceph system configurables (such as the keyring file will be located in the path that is specified here. | |
233 | fmt_desc: Sets the location of the data files for Ceph RADOS Gateway. | |
234 | default: /var/lib/ceph/radosgw/$cluster-$id | |
235 | services: | |
236 | - rgw | |
237 | flags: | |
238 | - no_mon_update | |
239 | with_legacy: true | |
240 | - name: rgw_enable_apis | |
241 | type: str | |
242 | level: advanced | |
243 | desc: A list of set of RESTful APIs that rgw handles. | |
244 | fmt_desc: | | |
245 | Enables the specified APIs. | |
246 | ||
247 | .. note:: Enabling the ``s3`` API is a requirement for | |
248 | any ``radosgw`` instance that is meant to | |
249 | participate in a `multi-site <../multisite>`_ | |
250 | configuration. | |
251 | default: s3, s3website, swift, swift_auth, admin, sts, iam, notifications | |
252 | services: | |
253 | - rgw | |
254 | with_legacy: true | |
255 | - name: rgw_cache_enabled | |
256 | type: bool | |
257 | level: advanced | |
258 | desc: Enable RGW metadata cache. | |
259 | long_desc: The metadata cache holds metadata entries that RGW requires for processing | |
260 | requests. Metadata entries can be user info, bucket info, and bucket instance | |
261 | info. If not found in the cache, entries will be fetched from the backing RADOS | |
262 | store. | |
263 | fmt_desc: Whether the Ceph Object Gateway cache is enabled. | |
264 | default: true | |
265 | services: | |
266 | - rgw | |
267 | see_also: | |
268 | - rgw_cache_lru_size | |
269 | with_legacy: true | |
270 | - name: rgw_cache_lru_size | |
271 | type: int | |
272 | level: advanced | |
273 | desc: Max number of items in RGW metadata cache. | |
274 | long_desc: When full, the RGW metadata cache evicts least recently used entries. | |
275 | fmt_desc: The number of entries in the Ceph Object Gateway cache. | |
276 | default: 10000 | |
277 | services: | |
278 | - rgw | |
279 | see_also: | |
280 | - rgw_cache_enabled | |
281 | with_legacy: true | |
282 | - name: rgw_dns_name | |
283 | type: str | |
284 | level: advanced | |
285 | desc: The host name that RGW uses. | |
286 | long_desc: This is Needed for virtual hosting of buckets to work properly, unless | |
287 | configured via zonegroup configuration. | |
288 | fmt_desc: The DNS name of the served domain. See also the ``hostnames`` setting within regions. | |
289 | services: | |
290 | - rgw | |
291 | with_legacy: true | |
292 | - name: rgw_dns_s3website_name | |
293 | type: str | |
294 | level: advanced | |
295 | desc: The host name that RGW uses for static websites (S3) | |
296 | long_desc: This is needed for virtual hosting of buckets, unless configured via | |
297 | zonegroup configuration. | |
298 | services: | |
299 | - rgw | |
300 | with_legacy: true | |
301 | - name: rgw_numa_node | |
302 | type: int | |
303 | level: advanced | |
304 | desc: set rgw's cpu affinity to a numa node (-1 for none) | |
305 | default: -1 | |
306 | services: | |
307 | - rgw | |
308 | flags: | |
309 | - startup | |
310 | - name: rgw_service_provider_name | |
311 | type: str | |
312 | level: advanced | |
313 | desc: Service provider name which is contained in http response headers | |
314 | long_desc: As S3 or other cloud storage providers do, http response headers should | |
315 | contain the name of the provider. This name will be placed in http header 'Server'. | |
316 | services: | |
317 | - rgw | |
318 | with_legacy: true | |
319 | - name: rgw_content_length_compat | |
320 | type: bool | |
321 | level: advanced | |
322 | desc: Multiple content length headers compatibility | |
323 | long_desc: Try to handle requests with abiguous multiple content length headers | |
324 | (Content-Length, Http-Content-Length). | |
325 | fmt_desc: Enable compatibility handling of FCGI requests with both ``CONTENT_LENGTH`` | |
326 | and ``HTTP_CONTENT_LENGTH`` set. | |
327 | default: false | |
328 | services: | |
329 | - rgw | |
330 | with_legacy: true | |
331 | - name: rgw_relaxed_region_enforcement | |
332 | type: bool | |
333 | level: advanced | |
334 | desc: Disable region constraint enforcement | |
335 | long_desc: Enable requests such as bucket creation to succeed irrespective of region | |
336 | restrictions (Jewel compat). | |
337 | default: false | |
338 | services: | |
339 | - rgw | |
340 | - name: rgw_lifecycle_work_time | |
341 | type: str | |
342 | level: advanced | |
343 | desc: Lifecycle allowed work time | |
344 | long_desc: Local time window in which the lifecycle maintenance thread can work. | |
345 | default: 00:00-06:00 | |
346 | services: | |
347 | - rgw | |
348 | with_legacy: true | |
349 | - name: rgw_lc_lock_max_time | |
350 | type: int | |
351 | level: dev | |
352 | default: 90 | |
353 | services: | |
354 | - rgw | |
355 | with_legacy: true | |
356 | - name: rgw_lc_thread_delay | |
357 | type: int | |
358 | level: advanced | |
359 | desc: Delay after processing of bucket listing chunks (i.e., per 1000 entries) in | |
360 | milliseconds | |
361 | default: 0 | |
362 | services: | |
363 | - rgw | |
364 | - name: rgw_lc_max_worker | |
365 | type: int | |
366 | level: advanced | |
367 | desc: Number of LCWorker tasks that will be run in parallel | |
368 | long_desc: Number of LCWorker tasks that will run in parallel--used to permit >1 | |
369 | bucket/index shards to be processed simultaneously | |
370 | fmt_desc: This option specifies the number of lifecycle worker threads | |
371 | to run in parallel, thereby processing bucket and index | |
372 | shards simultaneously. | |
373 | default: 3 | |
374 | services: | |
375 | - rgw | |
376 | with_legacy: true | |
377 | - name: rgw_lc_max_wp_worker | |
378 | type: int | |
379 | level: advanced | |
380 | desc: Number of workpool threads per LCWorker | |
381 | long_desc: Number of threads in per-LCWorker workpools--used to accelerate per-bucket | |
382 | processing | |
383 | fmt_desc: This option specifies the number of threads in each lifecycle | |
384 | workers work pool. This option can help accelerate processing each bucket. | |
385 | default: 3 | |
386 | services: | |
387 | - rgw | |
388 | with_legacy: true | |
389 | - name: rgw_lc_max_objs | |
390 | type: int | |
391 | level: advanced | |
392 | desc: Number of lifecycle data shards | |
393 | long_desc: Number of RADOS objects to use for storing lifecycle index. This affects | |
394 | concurrency of lifecycle maintenance, as shards can be processed in parallel. | |
395 | default: 32 | |
396 | services: | |
397 | - rgw | |
398 | with_legacy: true | |
399 | - name: rgw_lc_max_rules | |
400 | type: uint | |
401 | level: advanced | |
402 | desc: Max number of lifecycle rules set on one bucket | |
403 | long_desc: Number of lifecycle rules set on one bucket should be limited. | |
404 | default: 1000 | |
405 | services: | |
406 | - rgw | |
407 | with_legacy: true | |
408 | - name: rgw_lc_debug_interval | |
409 | type: int | |
410 | level: dev | |
411 | desc: The number of seconds that simulate one "day" in order to debug RGW LifeCycle. | |
412 | Do *not* modify for a production cluster. | |
413 | long_desc: For debugging RGW LifeCycle, the number of seconds that are equivalent to | |
414 | one simulated "day". Values less than 1 are ignored and do not change LifeCycle behavior. | |
415 | For example, during debugging if one wanted every 10 minutes to be equivalent to one day, | |
416 | then this would be set to 600, the number of seconds in 10 minutes. | |
417 | default: -1 | |
418 | services: | |
419 | - rgw | |
420 | with_legacy: true | |
421 | - name: rgw_mp_lock_max_time | |
422 | type: int | |
423 | level: advanced | |
424 | desc: Multipart upload max completion time | |
425 | long_desc: Time length to allow completion of a multipart upload operation. This | |
426 | is done to prevent concurrent completions on the same object with the same upload | |
427 | id. | |
428 | default: 10_min | |
429 | services: | |
430 | - rgw | |
431 | - name: rgw_script_uri | |
432 | type: str | |
433 | level: dev | |
434 | fmt_desc: The alternative value for the ``SCRIPT_URI`` if not set | |
435 | in the request. | |
436 | services: | |
437 | - rgw | |
438 | with_legacy: true | |
439 | - name: rgw_request_uri | |
440 | type: str | |
441 | level: dev | |
442 | fmt_desc: The alternative value for the ``REQUEST_URI`` if not set | |
443 | in the request. | |
444 | services: | |
445 | - rgw | |
446 | with_legacy: true | |
447 | - name: rgw_ignore_get_invalid_range | |
448 | type: bool | |
449 | level: advanced | |
450 | desc: Treat invalid (e.g., negative) range request as full | |
451 | long_desc: Treat invalid (e.g., negative) range request as request for the full | |
452 | object (AWS compatibility) | |
453 | default: false | |
454 | services: | |
455 | - rgw | |
456 | with_legacy: true | |
457 | - name: rgw_swift_url | |
458 | type: str | |
459 | level: advanced | |
460 | desc: Swift-auth storage URL | |
461 | long_desc: Used in conjunction with rgw internal swift authentication. This affects | |
462 | the X-Storage-Url response header value. | |
463 | fmt_desc: The URL for the Ceph Object Gateway Swift API. | |
464 | services: | |
465 | - rgw | |
466 | see_also: | |
467 | - rgw_swift_auth_entry | |
468 | with_legacy: true | |
469 | - name: rgw_swift_url_prefix | |
470 | type: str | |
471 | level: advanced | |
472 | desc: Swift URL prefix | |
473 | long_desc: The URL path prefix for swift requests. | |
474 | fmt_desc: | | |
475 | The URL prefix for the Swift API, to distinguish it from | |
476 | the S3 API endpoint. The default is ``swift``, which | |
477 | makes the Swift API available at the URL | |
478 | ``http://host:port/swift/v1`` (or | |
479 | ``http://host:port/swift/v1/AUTH_%(tenant_id)s`` if | |
480 | ``rgw swift account in url`` is enabled). | |
481 | ||
482 | For compatibility, setting this configuration variable | |
483 | to the empty string causes the default ``swift`` to be | |
484 | used; if you do want an empty prefix, set this option to | |
485 | ``/``. | |
486 | ||
487 | .. warning:: If you set this option to ``/``, you must | |
488 | disable the S3 API by modifying ``rgw | |
489 | enable apis`` to exclude ``s3``. It is not | |
490 | possible to operate radosgw with ``rgw | |
491 | swift url prefix = /`` and simultaneously | |
492 | support both the S3 and Swift APIs. If you | |
493 | do need to support both APIs without | |
494 | prefixes, deploy multiple radosgw instances | |
495 | to listen on different hosts (or ports) | |
496 | instead, enabling some for S3 and some for | |
497 | Swift. | |
498 | example: /swift-testing | |
499 | default: swift | |
500 | services: | |
501 | - rgw | |
502 | with_legacy: true | |
503 | - name: rgw_swift_auth_url | |
504 | type: str | |
505 | level: advanced | |
506 | desc: Swift auth URL | |
507 | long_desc: Default url to which RGW connects and verifies tokens for v1 auth (if | |
508 | not using internal swift auth). | |
509 | services: | |
510 | - rgw | |
511 | with_legacy: true | |
512 | - name: rgw_swift_auth_entry | |
513 | type: str | |
514 | level: advanced | |
515 | desc: Swift auth URL prefix | |
516 | long_desc: URL path prefix for internal swift auth requests. | |
517 | fmt_desc: The entry point for a Swift auth URL. | |
518 | default: auth | |
519 | services: | |
520 | - rgw | |
521 | see_also: | |
522 | - rgw_swift_url | |
523 | with_legacy: true | |
524 | - name: rgw_swift_tenant_name | |
525 | type: str | |
526 | level: advanced | |
527 | desc: Swift tenant name | |
528 | long_desc: Tenant name that is used when constructing the swift path. | |
529 | services: | |
530 | - rgw | |
531 | see_also: | |
532 | - rgw_swift_account_in_url | |
533 | with_legacy: true | |
534 | - name: rgw_swift_account_in_url | |
535 | type: bool | |
536 | level: advanced | |
537 | desc: Swift account encoded in URL | |
538 | long_desc: Whether the swift account is encoded in the uri path (AUTH_<account>). | |
539 | fmt_desc: | | |
540 | Whether or not the Swift account name should be included | |
541 | in the Swift API URL. | |
542 | If set to ``false`` (the default), then the Swift API | |
543 | will listen on a URL formed like | |
544 | ``http://host:port/<rgw_swift_url_prefix>/v1``, and the | |
545 | account name (commonly a Keystone project UUID if | |
546 | radosgw is configured with `Keystone integration | |
547 | <../keystone>`_) will be inferred from request | |
548 | headers. | |
549 | If set to ``true``, the Swift API URL will be | |
550 | ``http://host:port/<rgw_swift_url_prefix>/v1/AUTH_<account_name>`` | |
551 | (or | |
552 | ``http://host:port/<rgw_swift_url_prefix>/v1/AUTH_<keystone_project_id>``) | |
553 | instead, and the Keystone ``object-store`` endpoint must | |
554 | accordingly be configured to include the | |
555 | ``AUTH_%(tenant_id)s`` suffix. | |
556 | You **must** set this option to ``true`` (and update the | |
557 | Keystone service catalog) if you want radosgw to support | |
558 | publicly-readable containers and `temporary URLs | |
559 | <../swift/tempurl>`_. | |
560 | default: false | |
561 | services: | |
562 | - rgw | |
563 | see_also: | |
564 | - rgw_swift_tenant_name | |
565 | with_legacy: true | |
566 | - name: rgw_swift_enforce_content_length | |
567 | type: bool | |
568 | level: advanced | |
569 | desc: Send content length when listing containers (Swift) | |
570 | long_desc: Whether content length header is needed when listing containers. When | |
571 | this is set to false, RGW will send extra info for each entry in the response. | |
572 | default: false | |
573 | services: | |
574 | - rgw | |
575 | with_legacy: true | |
576 | - name: rgw_keystone_url | |
577 | type: str | |
578 | level: basic | |
579 | desc: The URL to the Keystone server. | |
580 | services: | |
581 | - rgw | |
582 | with_legacy: true | |
583 | - name: rgw_keystone_admin_token | |
584 | type: str | |
585 | level: advanced | |
586 | desc: 'DEPRECATED: The admin token (shared secret) that is used for the Keystone | |
587 | requests.' | |
588 | fmt_desc: The Keystone admin token (shared secret). In Ceph RGW | |
589 | authentication with the admin token has priority over | |
590 | authentication with the admin credentials | |
591 | (``rgw_keystone_admin_user``, ``rgw_keystone_admin_password``, | |
592 | ``rgw_keystone_admin_tenant``, ``rgw_keystone_admin_project``, | |
593 | ``rgw_keystone_admin_domain``). The Keystone admin token | |
594 | has been deprecated, but can be used to integrate with | |
595 | older environments. It is preferred to instead configure | |
596 | ``rgw_keystone_admin_token_path`` to avoid exposing the token. | |
597 | services: | |
598 | - rgw | |
599 | with_legacy: true | |
600 | - name: rgw_keystone_admin_token_path | |
601 | type: str | |
602 | level: advanced | |
603 | desc: Path to a file containing the admin token (shared secret) that is used for | |
604 | the Keystone requests. | |
605 | fmt_desc: Path to a file containing the Keystone admin token | |
606 | (shared secret). In Ceph RadosGW authentication with | |
607 | the admin token has priority over authentication with | |
608 | the admin credentials | |
609 | (``rgw_keystone_admin_user``, ``rgw_keystone_admin_password``, | |
610 | ``rgw_keystone_admin_tenant``, ``rgw_keystone_admin_project``, | |
611 | ``rgw_keystone_admin_domain``). | |
612 | The Keystone admin token has been deprecated, but can be | |
613 | used to integrate with older environments. | |
614 | services: | |
615 | - rgw | |
616 | with_legacy: true | |
617 | - name: rgw_keystone_admin_user | |
618 | type: str | |
619 | level: advanced | |
620 | desc: Keystone admin user. | |
621 | fmt_desc: The name of OpenStack user with admin privilege for Keystone | |
622 | authentication (Service User) when using OpenStack Identity API v2 | |
623 | services: | |
624 | - rgw | |
625 | with_legacy: true | |
626 | - name: rgw_keystone_admin_password | |
627 | type: str | |
628 | level: advanced | |
629 | desc: 'DEPRECATED: Keystone admin password.' | |
630 | fmt_desc: The password for OpenStack admin user when using OpenStack | |
631 | Identity API v2. It is preferred to instead configure | |
632 | ``rgw_keystone_admin_password_path`` to avoid exposing the token. | |
633 | services: | |
634 | - rgw | |
635 | with_legacy: true | |
636 | - name: rgw_keystone_admin_password_path | |
637 | type: str | |
638 | level: advanced | |
639 | desc: Path to a file containing the Keystone admin password. | |
640 | fmt_desc: Path to a file containing the password for OpenStack | |
641 | admin user when using OpenStack Identity API v2. | |
642 | services: | |
643 | - rgw | |
644 | with_legacy: true | |
645 | - name: rgw_keystone_admin_tenant | |
646 | type: str | |
647 | level: advanced | |
648 | desc: Keystone admin user tenant. | |
649 | fmt_desc: The name of OpenStack tenant with admin privilege (Service Tenant) when | |
650 | using OpenStack Identity API v2 | |
651 | services: | |
652 | - rgw | |
653 | with_legacy: true | |
654 | - name: rgw_keystone_admin_project | |
655 | type: str | |
656 | level: advanced | |
657 | desc: Keystone admin user project (for Keystone v3). | |
658 | fmt_desc: The name of OpenStack project with admin privilege when using | |
659 | OpenStack Identity API v3. If left unspecified, value of | |
660 | ``rgw keystone admin tenant`` will be used instead. | |
661 | services: | |
662 | - rgw | |
663 | with_legacy: true | |
664 | - name: rgw_keystone_admin_domain | |
665 | type: str | |
666 | level: advanced | |
667 | desc: Keystone admin user domain (for Keystone v3). | |
668 | fmt_desc: The name of OpenStack domain with admin privilege when using | |
669 | OpenStack Identity API v3. | |
670 | services: | |
671 | - rgw | |
672 | with_legacy: true | |
673 | - name: rgw_keystone_barbican_user | |
674 | type: str | |
675 | level: advanced | |
676 | desc: Keystone user to access barbican secrets. | |
677 | fmt_desc: The name of the OpenStack user with access to the `Barbican`_ | |
678 | secrets used for `Encryption`_. | |
679 | services: | |
680 | - rgw | |
681 | with_legacy: true | |
682 | - name: rgw_keystone_barbican_password | |
683 | type: str | |
684 | level: advanced | |
685 | desc: Keystone password for barbican user. | |
686 | fmt_desc: The password associated with the `Barbican`_ user. | |
687 | services: | |
688 | - rgw | |
689 | with_legacy: true | |
690 | - name: rgw_keystone_barbican_tenant | |
691 | type: str | |
692 | level: advanced | |
693 | desc: Keystone barbican user tenant (Keystone v2.0). | |
694 | fmt_desc: The name of the OpenStack tenant associated with the `Barbican`_ | |
695 | user when using OpenStack Identity API v2. | |
696 | services: | |
697 | - rgw | |
698 | with_legacy: true | |
699 | - name: rgw_keystone_barbican_project | |
700 | type: str | |
701 | level: advanced | |
702 | desc: Keystone barbican user project (Keystone v3). | |
703 | fmt_desc: The name of the OpenStack project associated with the `Barbican`_ | |
704 | user when using OpenStack Identity API v3. | |
705 | services: | |
706 | - rgw | |
707 | with_legacy: true | |
708 | - name: rgw_keystone_barbican_domain | |
709 | type: str | |
710 | level: advanced | |
711 | desc: Keystone barbican user domain. | |
712 | fmt_desc: The name of the OpenStack domain associated with the `Barbican`_ | |
713 | user when using OpenStack Identity API v3. | |
714 | services: | |
715 | - rgw | |
716 | with_legacy: true | |
717 | - name: rgw_keystone_api_version | |
718 | type: int | |
719 | level: advanced | |
720 | desc: Version of Keystone API to use (2 or 3). | |
721 | fmt_desc: The version (2 or 3) of OpenStack Identity API that should be | |
722 | used for communication with the Keystone server. | |
723 | default: 2 | |
724 | services: | |
725 | - rgw | |
726 | with_legacy: true | |
727 | - name: rgw_keystone_accepted_roles | |
728 | type: str | |
729 | level: advanced | |
730 | desc: Only users with one of these roles will be served when doing Keystone authentication. | |
731 | fmt_desc: The roles required to serve requests. | |
732 | default: Member, admin | |
733 | services: | |
734 | - rgw | |
735 | with_legacy: true | |
736 | - name: rgw_keystone_accepted_admin_roles | |
737 | type: str | |
738 | level: advanced | |
739 | desc: List of roles allowing user to gain admin privileges (Keystone). | |
740 | services: | |
741 | - rgw | |
742 | with_legacy: true | |
743 | - name: rgw_keystone_token_cache_size | |
744 | type: int | |
745 | level: advanced | |
746 | desc: Keystone token cache size | |
747 | long_desc: Max number of Keystone tokens that will be cached. Token that is not | |
748 | cached requires RGW to access the Keystone server when authenticating. | |
749 | fmt_desc: The maximum number of entries in each Keystone token cache. | |
750 | default: 10000 | |
751 | services: | |
752 | - rgw | |
753 | with_legacy: true | |
754 | - name: rgw_keystone_verify_ssl | |
755 | type: bool | |
756 | level: advanced | |
757 | desc: Should RGW verify the Keystone server SSL certificate. | |
758 | fmt_desc: Verify SSL certificates while making token requests to keystone. | |
759 | default: true | |
760 | services: | |
761 | - rgw | |
762 | with_legacy: true | |
763 | - name: rgw_keystone_implicit_tenants | |
764 | type: str | |
765 | level: advanced | |
766 | desc: RGW Keystone implicit tenants creation | |
767 | long_desc: Implicitly create new users in their own tenant with the same name when | |
768 | authenticating via Keystone. Can be limited to s3 or swift only. | |
769 | default: 'false' | |
770 | services: | |
771 | - rgw | |
772 | enum_values: | |
773 | - 'false' | |
774 | - 'true' | |
775 | - swift | |
776 | - s3 | |
777 | - both | |
778 | - '0' | |
779 | - '1' | |
780 | - none | |
781 | with_legacy: true | |
782 | - name: rgw_cross_domain_policy | |
783 | type: str | |
784 | level: advanced | |
785 | desc: RGW handle cross domain policy | |
786 | long_desc: Returned cross domain policy when accessing the crossdomain.xml resource | |
787 | (Swift compatiility). | |
788 | default: <allow-access-from domain="*" secure="false" /> | |
789 | services: | |
790 | - rgw | |
791 | with_legacy: true | |
792 | - name: rgw_healthcheck_disabling_path | |
793 | type: str | |
794 | level: dev | |
795 | desc: Swift health check api can be disabled if a file can be accessed in this path. | |
796 | services: | |
797 | - rgw | |
798 | with_legacy: true | |
799 | - name: rgw_s3_auth_use_rados | |
800 | type: bool | |
801 | level: advanced | |
802 | desc: Should S3 authentication use credentials stored in RADOS backend. | |
803 | default: true | |
804 | services: | |
805 | - rgw | |
806 | with_legacy: true | |
807 | - name: rgw_s3_auth_use_keystone | |
808 | type: bool | |
809 | level: advanced | |
810 | desc: Should S3 authentication use Keystone. | |
811 | default: false | |
812 | services: | |
813 | - rgw | |
814 | with_legacy: true | |
815 | - name: rgw_s3_auth_order | |
816 | type: str | |
817 | level: advanced | |
818 | desc: Authentication strategy order to use for s3 authentication | |
819 | long_desc: Order of authentication strategies to try for s3 authentication, the | |
820 | allowed options are a comma separated list of engines external, local. The default | |
821 | order is to try all the externally configured engines before attempting local | |
822 | rados based authentication | |
823 | default: sts, external, local | |
824 | services: | |
825 | - rgw | |
826 | with_legacy: true | |
827 | - name: rgw_barbican_url | |
828 | type: str | |
829 | level: advanced | |
830 | desc: URL to barbican server. | |
831 | fmt_desc: The URL for the Barbican server. | |
832 | services: | |
833 | - rgw | |
834 | with_legacy: true | |
835 | # OpenLDAP-style LDAP parameter strings | |
836 | - name: rgw_ldap_uri | |
837 | type: str | |
838 | level: advanced | |
839 | desc: Space-separated list of LDAP servers in URI format. | |
840 | default: ldaps://<ldap.your.domain> | |
841 | services: | |
842 | - rgw | |
843 | with_legacy: true | |
844 | - name: rgw_ldap_binddn | |
845 | type: str | |
846 | level: advanced | |
847 | desc: LDAP entry RGW will bind with (user match). | |
848 | default: uid=admin,cn=users,dc=example,dc=com | |
849 | services: | |
850 | - rgw | |
851 | with_legacy: true | |
852 | - name: rgw_ldap_searchdn | |
853 | type: str | |
854 | level: advanced | |
855 | desc: LDAP search base (basedn). | |
856 | default: cn=users,cn=accounts,dc=example,dc=com | |
857 | services: | |
858 | - rgw | |
859 | with_legacy: true | |
860 | - name: rgw_ldap_dnattr | |
861 | type: str | |
862 | level: advanced | |
863 | desc: LDAP attribute containing RGW user names (to form binddns). | |
864 | default: uid | |
865 | services: | |
866 | - rgw | |
867 | with_legacy: true | |
868 | - name: rgw_ldap_secret | |
869 | type: str | |
870 | level: advanced | |
871 | desc: Path to file containing credentials for rgw_ldap_binddn. | |
872 | default: /etc/openldap/secret | |
873 | services: | |
874 | - rgw | |
875 | with_legacy: true | |
876 | - name: rgw_s3_auth_use_ldap | |
877 | type: bool | |
878 | level: advanced | |
879 | desc: Should S3 authentication use LDAP. | |
880 | default: false | |
881 | services: | |
882 | - rgw | |
883 | with_legacy: true | |
884 | - name: rgw_ldap_searchfilter | |
885 | type: str | |
886 | level: advanced | |
887 | desc: LDAP search filter. | |
888 | services: | |
889 | - rgw | |
890 | with_legacy: true | |
891 | - name: rgw_opa_url | |
892 | type: str | |
893 | level: advanced | |
894 | desc: URL to OPA server. | |
895 | services: | |
896 | - rgw | |
897 | with_legacy: true | |
898 | - name: rgw_opa_token | |
899 | type: str | |
900 | level: advanced | |
901 | desc: The Bearer token OPA uses to authenticate client requests. | |
902 | services: | |
903 | - rgw | |
904 | with_legacy: true | |
905 | - name: rgw_opa_verify_ssl | |
906 | type: bool | |
907 | level: advanced | |
908 | desc: Should RGW verify the OPA server SSL certificate. | |
909 | default: true | |
910 | services: | |
911 | - rgw | |
912 | with_legacy: true | |
913 | - name: rgw_use_opa_authz | |
914 | type: bool | |
915 | level: advanced | |
916 | desc: Should OPA be used to authorize client requests. | |
917 | default: false | |
918 | services: | |
919 | - rgw | |
920 | with_legacy: true | |
921 | - name: rgw_admin_entry | |
922 | type: str | |
923 | level: advanced | |
924 | desc: Path prefix to be used for accessing RGW RESTful admin API. | |
925 | fmt_desc: The entry point for an admin request URL. | |
926 | default: admin | |
927 | services: | |
928 | - rgw | |
929 | with_legacy: true | |
930 | - name: rgw_enforce_swift_acls | |
931 | type: bool | |
932 | level: advanced | |
933 | desc: RGW enforce swift acls | |
934 | long_desc: Should RGW enforce special Swift-only ACLs. Swift has a special ACL that | |
935 | gives permission to access all objects in a container. | |
936 | fmt_desc: Enforces the Swift Access Control List (ACL) settings. | |
937 | default: true | |
938 | services: | |
939 | - rgw | |
940 | with_legacy: true | |
941 | - name: rgw_swift_token_expiration | |
942 | type: int | |
943 | level: advanced | |
944 | desc: Expiration time (in seconds) for token generated through RGW Swift auth. | |
945 | fmt_desc: The time in seconds for expiring a Swift token. | |
946 | default: 1_day | |
947 | services: | |
948 | - rgw | |
949 | with_legacy: true | |
950 | - name: rgw_print_continue | |
951 | type: bool | |
952 | level: advanced | |
953 | desc: RGW support of 100-continue | |
954 | long_desc: Should RGW explicitly send 100 (continue) responses. This is mainly relevant | |
955 | when using FastCGI, as some FastCGI modules do not fully support this feature. | |
956 | fmt_desc: Enable ``100-continue`` if it is operational. | |
957 | default: true | |
958 | services: | |
959 | - rgw | |
960 | with_legacy: true | |
961 | - name: rgw_print_prohibited_content_length | |
962 | type: bool | |
963 | level: advanced | |
964 | desc: RGW RFC-7230 compatibility | |
965 | long_desc: Specifies whether RGW violates RFC 7230 and sends Content-Length with | |
966 | 204 or 304 statuses. | |
967 | default: false | |
968 | services: | |
969 | - rgw | |
970 | with_legacy: true | |
971 | - name: rgw_remote_addr_param | |
972 | type: str | |
973 | level: advanced | |
974 | desc: HTTP header that holds the remote address in incoming requests. | |
975 | long_desc: RGW will use this header to extract requests origin. When RGW runs behind | |
976 | a reverse proxy, the remote address header will point at the proxy's address and | |
977 | not at the originator's address. Therefore it is sometimes possible to have the | |
978 | proxy add the originator's address in a separate HTTP header, which will allow | |
979 | RGW to log it correctly. | |
980 | fmt_desc: The remote address parameter. For example, the HTTP field | |
981 | containing the remote address, or the ``X-Forwarded-For`` | |
982 | address if a reverse proxy is operational. | |
983 | default: REMOTE_ADDR | |
984 | services: | |
985 | - rgw | |
986 | see_also: | |
987 | - rgw_enable_ops_log | |
988 | with_legacy: true | |
989 | - name: rgw_op_thread_timeout | |
990 | type: int | |
991 | level: dev | |
992 | desc: Timeout for async rados coroutine operations. | |
993 | fmt_desc: The timeout in seconds for open threads. | |
994 | default: 10_min | |
995 | services: | |
996 | - rgw | |
997 | with_legacy: true | |
998 | - name: rgw_op_thread_suicide_timeout | |
999 | type: int | |
1000 | level: dev | |
1001 | default: 0 | |
1002 | fmt_desc: The time ``timeout`` in seconds before a Ceph Object Gateway | |
1003 | process dies. Disabled if set to ``0``. | |
1004 | services: | |
1005 | - rgw | |
1006 | with_legacy: true | |
1007 | - name: rgw_thread_pool_size | |
1008 | type: int | |
1009 | level: basic | |
1010 | desc: RGW requests handling thread pool size. | |
1011 | long_desc: This parameter determines the number of concurrent requests RGW can process | |
1012 | when using either the civetweb, or the fastcgi frontends. The higher this number | |
1013 | is, RGW will be able to deal with more concurrent requests at the cost of more | |
1014 | resource utilization. | |
1015 | fmt_desc: The size of the thread pool. | |
1016 | default: 512 | |
1017 | services: | |
1018 | - rgw | |
1019 | with_legacy: true | |
1020 | - name: rgw_num_control_oids | |
1021 | type: int | |
1022 | level: advanced | |
1023 | desc: Number of control objects used for cross-RGW communication. | |
1024 | long_desc: RGW uses certain control objects to send messages between different RGW | |
1025 | processes running on the same zone. These messages include metadata cache invalidation | |
1026 | info that is being sent when metadata is modified (such as user or bucket information). | |
1027 | A higher number of control objects allows better concurrency of these messages, | |
1028 | at the cost of more resource utilization. | |
1029 | fmt_desc: The number of notification objects used for cache synchronization | |
1030 | between different ``rgw`` instances. | |
1031 | default: 8 | |
1032 | services: | |
1033 | - rgw | |
1034 | with_legacy: true | |
1035 | - name: rgw_verify_ssl | |
1036 | type: bool | |
1037 | level: advanced | |
1038 | desc: Should RGW verify SSL when connecing to a remote HTTP server | |
1039 | long_desc: RGW can send requests to other RGW servers (e.g., in multi-site sync | |
1040 | work). This configurable selects whether RGW should verify the certificate for | |
1041 | the remote peer and host. | |
1042 | fmt_desc: Verify SSL certificates while making requests. | |
1043 | default: true | |
1044 | services: | |
1045 | - rgw | |
1046 | see_also: | |
1047 | - rgw_keystone_verify_ssl | |
1048 | with_legacy: true | |
1049 | # The following are tunables for caches of RGW NFS (and other file | |
1050 | # client) objects. | |
1051 | # | |
1052 | # The file handle cache is a partitioned hash table | |
1053 | # (fhcache_partitions), each with a closed hash part and backing | |
1054 | # b-tree mapping. The number of partions is expected to be a small | |
1055 | # prime, the cache size something larger but less than 5K, the total | |
1056 | # size of the cache is n_part * cache_size. | |
1057 | - name: rgw_nfs_lru_lanes | |
1058 | type: int | |
1059 | level: advanced | |
1060 | default: 5 | |
1061 | services: | |
1062 | - rgw | |
1063 | with_legacy: true | |
1064 | - name: rgw_nfs_lru_lane_hiwat | |
1065 | type: int | |
1066 | level: advanced | |
1067 | default: 911 | |
1068 | services: | |
1069 | - rgw | |
1070 | with_legacy: true | |
1071 | - name: rgw_nfs_fhcache_partitions | |
1072 | type: int | |
1073 | level: advanced | |
1074 | default: 3 | |
1075 | services: | |
1076 | - rgw | |
1077 | with_legacy: true | |
1078 | - name: rgw_nfs_fhcache_size | |
1079 | type: int | |
1080 | level: advanced | |
1081 | default: 2017 | |
1082 | services: | |
1083 | - rgw | |
1084 | with_legacy: true | |
1085 | - name: rgw_nfs_namespace_expire_secs | |
1086 | type: int | |
1087 | level: advanced | |
1088 | default: 5_min | |
1089 | services: | |
1090 | - rgw | |
1091 | min: 1 | |
1092 | with_legacy: true | |
1093 | - name: rgw_nfs_max_gc | |
1094 | type: int | |
1095 | level: advanced | |
1096 | default: 5_min | |
1097 | services: | |
1098 | - rgw | |
1099 | min: 1 | |
1100 | with_legacy: true | |
1101 | - name: rgw_nfs_write_completion_interval_s | |
1102 | type: int | |
1103 | level: advanced | |
1104 | default: 10 | |
1105 | services: | |
1106 | - rgw | |
1107 | with_legacy: true | |
1108 | # use fast S3 attrs from bucket index--currently assumes NFS mounts are immutable | |
1109 | - name: rgw_nfs_s3_fast_attrs | |
1110 | type: bool | |
1111 | level: advanced | |
1112 | desc: use fast S3 attrs from bucket index (immutable only) | |
1113 | long_desc: use fast S3 attrs from bucket index (assumes NFS mounts are immutable) | |
1114 | default: false | |
1115 | services: | |
1116 | - rgw | |
1117 | with_legacy: true | |
1118 | # overrides for librgw/nfs | |
1119 | - name: rgw_nfs_run_gc_threads | |
1120 | type: bool | |
1121 | level: advanced | |
1122 | desc: run GC threads in librgw (default off) | |
1123 | default: false | |
1124 | services: | |
1125 | - rgw | |
1126 | with_legacy: true | |
1127 | - name: rgw_nfs_run_lc_threads | |
1128 | type: bool | |
1129 | level: advanced | |
1130 | desc: run lifecycle threads in librgw (default off) | |
1131 | default: false | |
1132 | services: | |
1133 | - rgw | |
1134 | with_legacy: true | |
1135 | - name: rgw_nfs_run_quota_threads | |
1136 | type: bool | |
1137 | level: advanced | |
1138 | desc: run quota threads in librgw (default off) | |
1139 | default: false | |
1140 | services: | |
1141 | - rgw | |
1142 | with_legacy: true | |
1143 | - name: rgw_nfs_run_sync_thread | |
1144 | type: bool | |
1145 | level: advanced | |
1146 | desc: run sync thread in librgw (default off) | |
1147 | default: false | |
1148 | services: | |
1149 | - rgw | |
1150 | with_legacy: true | |
1151 | - name: rgw_rados_pool_autoscale_bias | |
1152 | type: float | |
1153 | level: advanced | |
1154 | desc: pg_autoscale_bias value for RGW metadata (omap-heavy) pools | |
1155 | default: 4 | |
1156 | services: | |
1157 | - rgw | |
1158 | min: 0.01 | |
1159 | max: 100000 | |
20effc67 TL |
1160 | - name: rgw_rados_pool_recovery_priority |
1161 | type: uint | |
1162 | level: advanced | |
1163 | desc: recovery_priority value for RGW metadata (omap-heavy) pools | |
1164 | default: 5 | |
1165 | services: | |
1166 | - rgw | |
1167 | min: -10 | |
1168 | max: 10 | |
1169 | - name: rgw_zone | |
1170 | type: str | |
1171 | level: advanced | |
1172 | desc: Zone name | |
1173 | fmt_desc: The name of the zone for the gateway instance. If no zone is | |
1174 | set, a cluster-wide default can be configured with the command | |
1175 | ``radosgw-admin zone default``. | |
1176 | services: | |
1177 | - rgw | |
1178 | see_also: | |
1179 | - rgw_zonegroup | |
1180 | - rgw_realm | |
1181 | with_legacy: true | |
1182 | - name: rgw_zone_id | |
1183 | type: str | |
1184 | level: advanced | |
1185 | desc: Zone ID | |
1186 | services: | |
1187 | - rgw | |
1188 | see_also: | |
1189 | - rgw_zone | |
1190 | - rgw_zonegroup | |
1191 | - rgw_realm | |
1192 | - name: rgw_zone_root_pool | |
1193 | type: str | |
1194 | level: advanced | |
1195 | desc: Zone root pool name | |
1196 | long_desc: The zone root pool, is the pool where the RGW zone configuration located. | |
1197 | default: .rgw.root | |
1198 | services: | |
1199 | - rgw | |
1200 | see_also: | |
1201 | - rgw_zonegroup_root_pool | |
1202 | - rgw_realm_root_pool | |
1203 | - rgw_period_root_pool | |
1204 | with_legacy: true | |
1205 | - name: rgw_default_zone_info_oid | |
1206 | type: str | |
1207 | level: advanced | |
1208 | desc: Default zone info object id | |
1209 | long_desc: Name of the RADOS object that holds the default zone information. | |
1210 | default: default.zone | |
1211 | services: | |
1212 | - rgw | |
1213 | with_legacy: true | |
1214 | - name: rgw_region | |
1215 | type: str | |
1216 | level: advanced | |
1217 | desc: Region name | |
1218 | long_desc: Obsolete config option. The rgw_zonegroup option should be used instead. | |
1219 | services: | |
1220 | - rgw | |
1221 | see_also: | |
1222 | - rgw_zonegroup | |
1223 | with_legacy: true | |
1224 | - name: rgw_region_root_pool | |
1225 | type: str | |
1226 | level: advanced | |
1227 | desc: Region root pool | |
1228 | long_desc: Obsolete config option. The rgw_zonegroup_root_pool should be used instead. | |
1229 | default: .rgw.root | |
1230 | services: | |
1231 | - rgw | |
1232 | see_also: | |
1233 | - rgw_zonegroup_root_pool | |
1234 | with_legacy: true | |
1235 | - name: rgw_default_region_info_oid | |
1236 | type: str | |
1237 | level: advanced | |
1238 | desc: Default region info object id | |
1239 | long_desc: Obsolete config option. The rgw_default_zonegroup_info_oid should be | |
1240 | used instead. | |
1241 | default: default.region | |
1242 | services: | |
1243 | - rgw | |
1244 | see_also: | |
1245 | - rgw_default_zonegroup_info_oid | |
1246 | with_legacy: true | |
1247 | - name: rgw_zonegroup | |
1248 | type: str | |
1249 | level: advanced | |
1250 | desc: Zonegroup name | |
1251 | fmt_desc: The name of the zonegroup for the gateway instance. If no | |
1252 | zonegroup is set, a cluster-wide default can be configured with | |
1253 | the command ``radosgw-admin zonegroup default``. | |
1254 | services: | |
1255 | - rgw | |
1256 | see_also: | |
1257 | - rgw_zone | |
1258 | - rgw_realm | |
1259 | with_legacy: true | |
1260 | - name: rgw_zonegroup_id | |
1261 | type: str | |
1262 | level: advanced | |
1263 | desc: Zonegroup ID | |
1264 | services: | |
1265 | - rgw | |
1266 | see_also: | |
1267 | - rgw_zone | |
1268 | - rgw_zonegroup | |
1269 | - rgw_realm | |
1270 | - name: rgw_zonegroup_root_pool | |
1271 | type: str | |
1272 | level: advanced | |
1273 | desc: Zonegroup root pool | |
1274 | long_desc: The zonegroup root pool, is the pool where the RGW zonegroup configuration | |
1275 | located. | |
1276 | default: .rgw.root | |
1277 | services: | |
1278 | - rgw | |
1279 | see_also: | |
1280 | - rgw_zone_root_pool | |
1281 | - rgw_realm_root_pool | |
1282 | - rgw_period_root_pool | |
1283 | with_legacy: true | |
1284 | - name: rgw_default_zonegroup_info_oid | |
1285 | type: str | |
1286 | level: advanced | |
1287 | default: default.zonegroup | |
1288 | services: | |
1289 | - rgw | |
1290 | with_legacy: true | |
1291 | - name: rgw_realm | |
1292 | type: str | |
1293 | level: advanced | |
1294 | fmt_desc: The name of the realm for the gateway instance. If no realm is | |
1295 | set, a cluster-wide default can be configured with the command | |
1296 | ``radosgw-admin realm default``. | |
1297 | services: | |
1298 | - rgw | |
1299 | with_legacy: true | |
1300 | - name: rgw_realm_id | |
1301 | type: str | |
1302 | level: advanced | |
1303 | services: | |
1304 | - rgw | |
1305 | - name: rgw_realm_root_pool | |
1306 | type: str | |
1307 | level: advanced | |
1308 | desc: Realm root pool | |
1309 | long_desc: The realm root pool, is the pool where the RGW realm configuration located. | |
1310 | default: .rgw.root | |
1311 | services: | |
1312 | - rgw | |
1313 | see_also: | |
1314 | - rgw_zonegroup_root_pool | |
1315 | - rgw_zone_root_pool | |
1316 | - rgw_period_root_pool | |
1317 | with_legacy: true | |
1318 | - name: rgw_default_realm_info_oid | |
1319 | type: str | |
1320 | level: advanced | |
1321 | default: default.realm | |
1322 | services: | |
1323 | - rgw | |
1324 | with_legacy: true | |
1325 | - name: rgw_period_root_pool | |
1326 | type: str | |
1327 | level: advanced | |
1328 | desc: Period root pool | |
1329 | long_desc: The period root pool, is the pool where the RGW period configuration | |
1330 | located. | |
1331 | default: .rgw.root | |
1332 | services: | |
1333 | - rgw | |
1334 | see_also: | |
1335 | - rgw_zonegroup_root_pool | |
1336 | - rgw_zone_root_pool | |
1337 | - rgw_realm_root_pool | |
1338 | with_legacy: true | |
1339 | - name: rgw_period_latest_epoch_info_oid | |
1340 | type: str | |
1341 | level: dev | |
1342 | default: .latest_epoch | |
1343 | services: | |
1344 | - rgw | |
1345 | with_legacy: true | |
1346 | - name: rgw_log_nonexistent_bucket | |
1347 | type: bool | |
1348 | level: advanced | |
1349 | desc: Should RGW log operations on bucket that does not exist | |
1350 | long_desc: This config option applies to the ops log. When this option is set, the | |
1351 | ops log will log operations that are sent to non existing buckets. These operations | |
1352 | inherently fail, and do not correspond to a specific user. | |
1353 | fmt_desc: Enables Ceph Object Gateway to log a request for a non-existent | |
1354 | bucket. | |
1355 | default: false | |
1356 | services: | |
1357 | - rgw | |
1358 | see_also: | |
1359 | - rgw_enable_ops_log | |
1360 | with_legacy: true | |
1361 | # man date to see codes (a subset are supported) | |
1362 | - name: rgw_log_object_name | |
1363 | type: str | |
1364 | level: advanced | |
1365 | desc: Ops log object name format | |
1366 | long_desc: Defines the format of the RADOS objects names that ops log uses to store | |
1367 | ops log data | |
1368 | fmt_desc: The logging format for an object name. See ma npage | |
1369 | :manpage:`date` for details about format specifiers. | |
1370 | default: '%Y-%m-%d-%H-%i-%n' | |
1371 | services: | |
1372 | - rgw | |
1373 | see_also: | |
1374 | - rgw_enable_ops_log | |
1375 | with_legacy: true | |
1376 | - name: rgw_log_object_name_utc | |
1377 | type: bool | |
1378 | level: advanced | |
1379 | desc: Should ops log object name based on UTC | |
1380 | long_desc: If set, the names of the RADOS objects that hold the ops log data will | |
1381 | be based on UTC time zone. If not set, it will use the local time zone. | |
1382 | fmt_desc: Whether a logged object name includes a UTC time. | |
1383 | If ``false``, it uses the local time. | |
1384 | default: false | |
1385 | services: | |
1386 | - rgw | |
1387 | see_also: | |
1388 | - rgw_enable_ops_log | |
1389 | - rgw_log_object_name | |
1390 | with_legacy: true | |
1391 | - name: rgw_usage_max_shards | |
1392 | type: int | |
1393 | level: advanced | |
1394 | desc: Number of shards for usage log. | |
1395 | long_desc: The number of RADOS objects that RGW will use in order to store the usage | |
1396 | log data. | |
1397 | fmt_desc: The maximum number of shards for usage logging. | |
1398 | default: 32 | |
1399 | services: | |
1400 | - rgw | |
1401 | see_also: | |
1402 | - rgw_enable_usage_log | |
1403 | with_legacy: true | |
1404 | - name: rgw_usage_max_user_shards | |
1405 | type: int | |
1406 | level: advanced | |
1407 | desc: Number of shards for single user in usage log | |
1408 | long_desc: The number of shards that a single user will span over in the usage log. | |
1409 | fmt_desc: The maximum number of shards used for a single user's | |
1410 | usage logging. | |
1411 | default: 1 | |
1412 | services: | |
1413 | - rgw | |
1414 | see_also: | |
1415 | - rgw_enable_usage_log | |
1416 | min: 1 | |
1417 | with_legacy: true | |
1418 | # enable logging every rgw operation | |
1419 | - name: rgw_enable_ops_log | |
1420 | type: bool | |
1421 | level: advanced | |
1422 | desc: Enable ops log | |
1423 | fmt_desc: Enable logging for each successful Ceph Object Gateway operation. | |
1424 | default: false | |
1425 | services: | |
1426 | - rgw | |
1427 | see_also: | |
1428 | - rgw_log_nonexistent_bucket | |
1429 | - rgw_log_object_name | |
1430 | - rgw_ops_log_rados | |
1431 | - rgw_ops_log_socket_path | |
1432 | - rgw_ops_log_file_path | |
1433 | with_legacy: true | |
1434 | # enable logging bandwidth usage | |
1435 | - name: rgw_enable_usage_log | |
1436 | type: bool | |
1437 | level: advanced | |
1438 | desc: Enable the usage log | |
1439 | default: false | |
1440 | services: | |
1441 | - rgw | |
1442 | see_also: | |
1443 | - rgw_usage_max_shards | |
1444 | with_legacy: true | |
1445 | # whether ops log should go to rados | |
1446 | - name: rgw_ops_log_rados | |
1447 | type: bool | |
1448 | level: advanced | |
1449 | desc: Use RADOS for ops log | |
1450 | long_desc: If set, RGW will store ops log information in RADOS. | |
1451 | fmt_desc: Whether the operations log should be written to the | |
1452 | Ceph Storage Cluster backend. | |
1453 | default: true | |
1454 | services: | |
1455 | - rgw | |
1456 | see_also: | |
1457 | - rgw_enable_ops_log | |
1458 | with_legacy: true | |
1459 | # path to unix domain socket where ops log can go | |
1460 | - name: rgw_ops_log_socket_path | |
1461 | type: str | |
1462 | level: advanced | |
1463 | desc: Unix domain socket path for ops log. | |
1464 | long_desc: Path to unix domain socket that RGW will listen for connection on. When | |
1465 | connected, RGW will send ops log data through it. | |
1466 | fmt_desc: The Unix domain socket for writing operations logs. | |
1467 | services: | |
1468 | - rgw | |
1469 | see_also: | |
1470 | - rgw_enable_ops_log | |
1471 | - rgw_ops_log_data_backlog | |
1472 | with_legacy: true | |
1473 | # path to file where ops log can go | |
1474 | - name: rgw_ops_log_file_path | |
1475 | type: str | |
1476 | level: advanced | |
1477 | desc: File-system path for ops log. | |
1478 | long_desc: Path to file that RGW will log ops logs to. | |
1479 | fmt_desc: The file-system path for writing operations logs. | |
1480 | services: | |
1481 | - rgw | |
1482 | see_also: | |
1483 | - rgw_enable_ops_log | |
1484 | with_legacy: true | |
1485 | # max data backlog for ops log | |
1486 | - name: rgw_ops_log_data_backlog | |
1487 | type: size | |
1488 | level: advanced | |
1489 | desc: Ops log socket backlog | |
1490 | long_desc: Maximum amount of data backlog that RGW can keep when ops log is configured | |
1491 | to send info through unix domain socket. When data backlog is higher than this, | |
1492 | ops log entries will be lost. In order to avoid ops log information loss, the | |
1493 | listener needs to clear data (by reading it) quickly enough. | |
1494 | fmt_desc: The maximum data backlog data size for operations logs written | |
1495 | to a Unix domain socket. | |
1496 | default: 5_M | |
1497 | services: | |
1498 | - rgw | |
1499 | see_also: | |
1500 | - rgw_enable_ops_log | |
1501 | - rgw_ops_log_socket_path | |
1502 | with_legacy: true | |
1503 | - name: rgw_usage_log_flush_threshold | |
1504 | type: int | |
1505 | level: advanced | |
1506 | desc: Number of entries in usage log before flushing | |
1507 | long_desc: This is the max number of entries that will be held in the usage log, | |
1508 | before it will be flushed to the backend. Note that the usage log is periodically | |
1509 | flushed, even if number of entries does not reach this threshold. A usage log | |
1510 | entry corresponds to one or more operations on a single bucket.i | |
1511 | fmt_desc: The number of dirty merged entries in the usage log before | |
1512 | flushing synchronously. | |
1513 | default: 1024 | |
1514 | services: | |
1515 | - rgw | |
1516 | see_also: | |
1517 | - rgw_enable_usage_log | |
1518 | - rgw_usage_log_tick_interval | |
1519 | with_legacy: true | |
1520 | - name: rgw_usage_log_tick_interval | |
1521 | type: int | |
1522 | level: advanced | |
1523 | desc: Number of seconds between usage log flush cycles | |
1524 | long_desc: The number of seconds between consecutive usage log flushes. The usage | |
1525 | log will also flush itself to the backend if the number of pending entries reaches | |
1526 | a certain threshold. | |
1527 | fmt_desc: Flush pending usage log data every ``n`` seconds. | |
1528 | default: 30 | |
1529 | services: | |
1530 | - rgw | |
1531 | see_also: | |
1532 | - rgw_enable_usage_log | |
1533 | - rgw_usage_log_flush_threshold | |
1534 | with_legacy: true | |
1535 | - name: rgw_init_timeout | |
1536 | type: int | |
1537 | level: basic | |
1538 | desc: Initialization timeout | |
1539 | long_desc: The time length (in seconds) that RGW will allow for its initialization. | |
1540 | RGW process will give up and quit if initialization is not complete after this | |
1541 | amount of time. | |
1542 | fmt_desc: The number of seconds before Ceph Object Gateway gives up on | |
1543 | initialization. | |
1544 | default: 5_min | |
1545 | services: | |
1546 | - rgw | |
1547 | with_legacy: true | |
1548 | - name: rgw_mime_types_file | |
1549 | type: str | |
1550 | level: basic | |
1551 | desc: Path to local mime types file | |
1552 | long_desc: The mime types file is needed in Swift when uploading an object. If object's | |
1553 | content type is not specified, RGW will use data from this file to assign a content | |
1554 | type to the object. | |
1555 | fmt_desc: The path and location of the MIME-types file. Used for Swift | |
1556 | auto-detection of object types. | |
1557 | default: /etc/mime.types | |
1558 | services: | |
1559 | - rgw | |
1560 | with_legacy: true | |
1561 | - name: rgw_gc_max_objs | |
1562 | type: int | |
1563 | level: advanced | |
1564 | desc: Number of shards for garbage collector data | |
1565 | long_desc: The number of garbage collector data shards, is the number of RADOS objects | |
1566 | that RGW will use to store the garbage collection information on. | |
1567 | fmt_desc: The maximum number of objects that may be handled by | |
1568 | garbage collection in one garbage collection processing cycle. | |
1569 | Please do not change this value after the first deployment. | |
1570 | default: 32 | |
1571 | services: | |
1572 | - rgw | |
1573 | see_also: | |
1574 | - rgw_gc_obj_min_wait | |
1575 | - rgw_gc_processor_max_time | |
1576 | - rgw_gc_processor_period | |
1577 | - rgw_gc_max_concurrent_io | |
1578 | with_legacy: true | |
1579 | # wait time before object may be handled by gc, recommended lower limit is 30 mins | |
1580 | - name: rgw_gc_obj_min_wait | |
1581 | type: int | |
1582 | level: advanced | |
1583 | desc: Garbage collection object expiration time | |
1584 | long_desc: The length of time (in seconds) that the RGW collector will wait before | |
1585 | purging a deleted object's data. RGW will not remove object immediately, as object | |
1586 | could still have readers. A mechanism exists to increase the object's expiration | |
1587 | time when it's being read. The recommended value of its lower limit is 30 minutes | |
1588 | fmt_desc: The minimum wait time before a deleted object may be removed | |
1589 | and handled by garbage collection processing. | |
1590 | default: 2_hr | |
1591 | services: | |
1592 | - rgw | |
1593 | see_also: | |
1594 | - rgw_gc_max_objs | |
1595 | - rgw_gc_processor_max_time | |
1596 | - rgw_gc_processor_period | |
1597 | - rgw_gc_max_concurrent_io | |
1598 | with_legacy: true | |
1599 | - name: rgw_gc_processor_max_time | |
1600 | type: int | |
1601 | level: advanced | |
1602 | desc: Length of time GC processor can lease shard | |
1603 | long_desc: Garbage collection thread in RGW process holds a lease on its data shards. | |
1604 | These objects contain the information about the objects that need to be removed. | |
1605 | RGW takes a lease in order to prevent multiple RGW processes from handling the | |
1606 | same objects concurrently. This time signifies that maximum amount of time (in | |
1607 | seconds) that RGW is allowed to hold that lease. In the case where RGW goes down | |
1608 | uncleanly, this is the amount of time where processing of that data shard will | |
1609 | be blocked. | |
1610 | fmt_desc: The maximum time between the beginning of two consecutive garbage | |
1611 | collection processing cycles. | |
1612 | default: 1_hr | |
1613 | services: | |
1614 | - rgw | |
1615 | see_also: | |
1616 | - rgw_gc_max_objs | |
1617 | - rgw_gc_obj_min_wait | |
1618 | - rgw_gc_processor_period | |
1619 | - rgw_gc_max_concurrent_io | |
1620 | with_legacy: true | |
1621 | - name: rgw_gc_processor_period | |
1622 | type: int | |
1623 | level: advanced | |
1624 | desc: Garbage collector cycle run time | |
1625 | long_desc: The amount of time between the start of consecutive runs of the garbage | |
1626 | collector threads. If garbage collector runs takes more than this period, it will | |
1627 | not wait before running again. | |
1628 | fmt_desc: The cycle time for garbage collection processing. | |
1629 | default: 1_hr | |
1630 | services: | |
1631 | - rgw | |
1632 | see_also: | |
1633 | - rgw_gc_max_objs | |
1634 | - rgw_gc_obj_min_wait | |
1635 | - rgw_gc_processor_max_time | |
1636 | - rgw_gc_max_concurrent_io | |
1637 | - rgw_gc_max_trim_chunk | |
1638 | with_legacy: true | |
1639 | - name: rgw_gc_max_concurrent_io | |
1640 | type: int | |
1641 | level: advanced | |
1642 | desc: Max concurrent RADOS IO operations for garbage collection | |
1643 | long_desc: The maximum number of concurrent IO operations that the RGW garbage collection | |
1644 | thread will use when purging old data. | |
1645 | default: 10 | |
1646 | services: | |
1647 | - rgw | |
1648 | see_also: | |
1649 | - rgw_gc_max_objs | |
1650 | - rgw_gc_obj_min_wait | |
1651 | - rgw_gc_processor_max_time | |
1652 | - rgw_gc_max_trim_chunk | |
1653 | with_legacy: true | |
1654 | - name: rgw_gc_max_trim_chunk | |
1655 | type: int | |
1656 | level: advanced | |
1657 | desc: Max number of keys to remove from garbage collector log in a single operation | |
1658 | default: 16 | |
1659 | services: | |
1660 | - rgw | |
1661 | see_also: | |
1662 | - rgw_gc_max_objs | |
1663 | - rgw_gc_obj_min_wait | |
1664 | - rgw_gc_processor_max_time | |
1665 | - rgw_gc_max_concurrent_io | |
1666 | with_legacy: true | |
1667 | - name: rgw_gc_max_deferred_entries_size | |
1668 | type: uint | |
1669 | level: advanced | |
1670 | desc: maximum allowed size of deferred entries in queue head for gc | |
1671 | default: 3_K | |
1672 | services: | |
1673 | - rgw | |
1674 | with_legacy: true | |
1675 | - name: rgw_gc_max_queue_size | |
1676 | type: uint | |
1677 | level: advanced | |
1678 | desc: Maximum allowed queue size for gc | |
1679 | long_desc: The maximum allowed size of each gc queue, and its value should not be | |
1680 | greater than (osd_max_object_size - rgw_gc_max_deferred_entries_size - 1K). | |
1681 | default: 131068_K | |
1682 | services: | |
1683 | - rgw | |
1684 | see_also: | |
1685 | - osd_max_object_size | |
1686 | - rgw_gc_max_deferred_entries_size | |
1687 | with_legacy: true | |
1688 | - name: rgw_gc_max_deferred | |
1689 | type: uint | |
1690 | level: advanced | |
1691 | desc: Number of maximum deferred data entries to be stored in queue for gc | |
1692 | default: 50 | |
1693 | services: | |
1694 | - rgw | |
1695 | with_legacy: true | |
1696 | - name: rgw_s3_success_create_obj_status | |
1697 | type: int | |
1698 | level: advanced | |
1699 | desc: HTTP return code override for object creation | |
1700 | long_desc: If not zero, this is the HTTP return code that will be returned on a | |
1701 | successful S3 object creation. | |
1702 | fmt_desc: The alternate success status response for ``create-obj``. | |
1703 | default: 0 | |
1704 | services: | |
1705 | - rgw | |
1706 | with_legacy: true | |
1707 | - name: rgw_s3_client_max_sig_ver | |
1708 | type: int | |
1709 | level: advanced | |
1710 | desc: Max S3 authentication signature version | |
1711 | long_desc: If greater than zero, would force max signature version to use | |
1712 | default: -1 | |
1713 | services: | |
1714 | - rgw | |
1715 | - name: rgw_resolve_cname | |
1716 | type: bool | |
1717 | level: advanced | |
1718 | desc: Support vanity domain names via CNAME | |
1719 | long_desc: If true, RGW will query DNS when detecting that it's serving a request | |
1720 | that was sent to a host in another domain. If a CNAME record is configured for | |
1721 | that domain it will use it instead. This gives user to have the ability of creating | |
1722 | a unique domain of their own to point at data in their bucket. | |
1723 | fmt_desc: Whether ``rgw`` should use DNS CNAME record of the request | |
1724 | hostname field (if hostname is not equal to ``rgw dns name``). | |
1725 | default: false | |
1726 | services: | |
1727 | - rgw | |
1728 | with_legacy: true | |
1729 | - name: rgw_obj_stripe_size | |
1730 | type: size | |
1731 | level: advanced | |
1732 | desc: RGW object stripe size | |
1733 | long_desc: The size of an object stripe for RGW objects. This is the maximum size | |
1734 | a backing RADOS object will have. RGW objects that are larger than this will span | |
1735 | over multiple objects. | |
1736 | fmt_desc: The size of an object stripe for Ceph Object Gateway objects. | |
1737 | See `Architecture`_ for details on striping. | |
1738 | default: 4_M | |
1739 | services: | |
1740 | - rgw | |
1741 | with_legacy: true | |
1742 | # list of extended attrs that can be set on objects (beyond the default) | |
1743 | - name: rgw_extended_http_attrs | |
1744 | type: str | |
1745 | level: advanced | |
1746 | desc: RGW support extended HTTP attrs | |
1747 | long_desc: Add new set of attributes that could be set on an object. These extra | |
1748 | attributes can be set through HTTP header fields when putting the objects. If | |
1749 | set, these attributes will return as HTTP fields when doing GET/HEAD on the object. | |
1750 | fmt_desc: Add new set of attributes that could be set on an entity | |
1751 | (user, bucket or object). These extra attributes can be set | |
1752 | through HTTP header fields when putting the entity or modifying | |
1753 | it using POST method. If set, these attributes will return as | |
1754 | HTTP fields when doing GET/HEAD on the entity. | |
1755 | services: | |
1756 | - rgw | |
1757 | example: content_foo, content_bar, x-foo-bar | |
1758 | with_legacy: true | |
1759 | - name: rgw_exit_timeout_secs | |
1760 | type: int | |
1761 | level: advanced | |
1762 | desc: RGW shutdown timeout | |
1763 | long_desc: Number of seconds to wait for a process before exiting unconditionally. | |
1764 | default: 2_min | |
1765 | services: | |
1766 | - rgw | |
1767 | with_legacy: true | |
1768 | - name: rgw_get_obj_window_size | |
1769 | type: size | |
1770 | level: advanced | |
1771 | desc: RGW object read window size | |
1772 | long_desc: The window size in bytes for a single object read request | |
1773 | default: 16_M | |
1774 | services: | |
1775 | - rgw | |
1776 | with_legacy: true | |
1777 | - name: rgw_get_obj_max_req_size | |
1778 | type: size | |
1779 | level: advanced | |
1780 | desc: RGW object read chunk size | |
1781 | long_desc: The maximum request size of a single object read operation sent to RADOS | |
1782 | fmt_desc: The maximum request size of a single get operation sent to the | |
1783 | Ceph Storage Cluster. | |
1784 | default: 4_M | |
1785 | services: | |
1786 | - rgw | |
1787 | with_legacy: true | |
1788 | - name: rgw_relaxed_s3_bucket_names | |
1789 | type: bool | |
1790 | level: advanced | |
1791 | desc: RGW enable relaxed S3 bucket names | |
1792 | long_desc: RGW enable relaxed S3 bucket name rules for US region buckets. | |
1793 | fmt_desc: Enables relaxed S3 bucket names rules for US region buckets. | |
1794 | default: false | |
1795 | services: | |
1796 | - rgw | |
1797 | with_legacy: true | |
1798 | - name: rgw_defer_to_bucket_acls | |
1799 | type: str | |
1800 | level: advanced | |
1801 | desc: Bucket ACLs override object ACLs | |
1802 | long_desc: If not empty, a string that selects that mode of operation. 'recurse' | |
1803 | will use bucket's ACL for the authorizaton. 'full-control' will allow users that | |
1804 | users that have full control permission on the bucket have access to the object. | |
1805 | services: | |
1806 | - rgw | |
1807 | with_legacy: true | |
1808 | - name: rgw_list_buckets_max_chunk | |
1809 | type: int | |
1810 | level: advanced | |
1811 | desc: Max number of buckets to retrieve in a single listing operation | |
1812 | long_desc: When RGW fetches lists of user's buckets from the backend, this is the | |
1813 | max number of entries it will try to retrieve in a single operation. Note that | |
1814 | the backend may choose to return a smaller number of entries. | |
1815 | fmt_desc: The maximum number of buckets to retrieve in a single operation | |
1816 | when listing user buckets. | |
1817 | default: 1000 | |
1818 | services: | |
1819 | - rgw | |
1820 | with_legacy: true | |
1821 | - name: rgw_md_log_max_shards | |
1822 | type: int | |
1823 | level: advanced | |
1824 | desc: RGW number of metadata log shards | |
1825 | long_desc: The number of shards the RGW metadata log entries will reside in. This | |
1826 | affects the metadata sync parallelism as a shard can only be processed by a single | |
1827 | RGW at a time | |
1828 | fmt_desc: The maximum number of shards for the metadata log. | |
1829 | default: 64 | |
1830 | services: | |
1831 | - rgw | |
1832 | with_legacy: true | |
1833 | - name: rgw_curl_buffersize | |
1834 | type: int | |
1835 | level: dev | |
1836 | long_desc: 'Pass a long specifying your preferred size (in bytes) for the receivebuffer | |
1837 | in libcurl. See: https://curl.se/libcurl/c/CURLOPT_BUFFERSIZE.html' | |
1838 | default: 524288 | |
1839 | services: | |
1840 | - rgw | |
1841 | min: 1024 | |
1842 | max: 524288 | |
1843 | with_legacy: true | |
1844 | - name: rgw_curl_wait_timeout_ms | |
1845 | type: int | |
1846 | level: dev | |
1847 | default: 1000 | |
1848 | fmt_desc: The timeout in milliseconds for certain ``curl`` calls. | |
1849 | services: | |
1850 | - rgw | |
1851 | with_legacy: true | |
1852 | - name: rgw_curl_low_speed_limit | |
1853 | type: int | |
1854 | level: advanced | |
1855 | long_desc: It contains the average transfer speed in bytes per second that the transfer | |
1856 | should be below during rgw_curl_low_speed_time seconds for libcurl to consider | |
1857 | it to be too slow and abort. Set it zero to disable this. | |
1858 | default: 1024 | |
1859 | services: | |
1860 | - rgw | |
1861 | with_legacy: true | |
1862 | - name: rgw_curl_low_speed_time | |
1863 | type: int | |
1864 | level: advanced | |
1865 | long_desc: It contains the time in number seconds that the transfer speed should | |
1866 | be below the rgw_curl_low_speed_limit for the library to consider it too slow | |
1867 | and abort. Set it zero to disable this. | |
1868 | default: 5_min | |
1869 | services: | |
1870 | - rgw | |
1871 | with_legacy: true | |
1872 | - name: rgw_copy_obj_progress | |
1873 | type: bool | |
1874 | level: advanced | |
1875 | desc: Send progress report through copy operation | |
1876 | long_desc: If true, RGW will send progress information when copy operation is executed. | |
1877 | fmt_desc: Enables output of object progress during long copy operations. | |
1878 | default: true | |
1879 | services: | |
1880 | - rgw | |
1881 | with_legacy: true | |
1882 | - name: rgw_copy_obj_progress_every_bytes | |
1883 | type: size | |
1884 | level: advanced | |
1885 | desc: Send copy-object progress info after these many bytes | |
1886 | fmt_desc: The minimum bytes between copy progress output. | |
1887 | default: 1_M | |
1888 | services: | |
1889 | - rgw | |
1890 | with_legacy: true | |
1891 | - name: rgw_sync_obj_etag_verify | |
1892 | type: bool | |
1893 | level: advanced | |
1894 | desc: Verify if the object copied from remote is identical to its source | |
1895 | long_desc: If true, this option computes the MD5 checksum of the data which is written | |
1896 | at the destination and checks if it is identical to the ETAG stored in the source. | |
1897 | It ensures integrity of the objects fetched from a remote server over HTTP including | |
1898 | multisite sync. | |
1899 | default: false | |
1900 | services: | |
1901 | - rgw | |
1902 | with_legacy: true | |
1903 | - name: rgw_obj_tombstone_cache_size | |
1904 | type: int | |
1905 | level: advanced | |
1906 | desc: Max number of entries to keep in tombstone cache | |
1907 | long_desc: The tombstone cache is used when doing a multi-zone data sync. RGW keeps | |
1908 | there information about removed objects which is needed in order to prevent re-syncing | |
1909 | of objects that were already removed. | |
1910 | default: 1000 | |
1911 | services: | |
1912 | - rgw | |
1913 | with_legacy: true | |
1914 | - name: rgw_data_log_window | |
1915 | type: int | |
1916 | level: advanced | |
1917 | desc: Data log time window | |
1918 | long_desc: The data log keeps information about buckets that have objectst that | |
1919 | were modified within a specific timeframe. The sync process then knows which buckets | |
1920 | are needed to be scanned for data sync. | |
1921 | fmt_desc: The data log entries window in seconds. | |
1922 | default: 30 | |
1923 | services: | |
1924 | - rgw | |
1925 | with_legacy: true | |
1926 | - name: rgw_data_log_changes_size | |
1927 | type: int | |
1928 | level: dev | |
1929 | desc: Max size of pending changes in data log | |
1930 | long_desc: RGW will trigger update to the data log if the number of pending entries | |
1931 | reached this number. | |
1932 | fmt_dsec: The number of in-memory entries to hold for the data changes log. | |
1933 | default: 1000 | |
1934 | services: | |
1935 | - rgw | |
1936 | with_legacy: true | |
1937 | - name: rgw_data_log_num_shards | |
1938 | type: int | |
1939 | level: advanced | |
1940 | desc: Number of data log shards | |
1941 | long_desc: The number of shards the RGW data log entries will reside in. This affects | |
1942 | the data sync parallelism as a shard can only be processed by a single RGW at | |
1943 | a time. | |
1944 | fmt_desc: The number of shards (objects) on which to keep the | |
1945 | data changes log. | |
1946 | default: 128 | |
1947 | services: | |
1948 | - rgw | |
1949 | with_legacy: true | |
1950 | - name: rgw_data_log_obj_prefix | |
1951 | type: str | |
1952 | level: dev | |
1953 | default: data_log | |
1954 | fmt_desc: The object name prefix for the data log. | |
1955 | services: | |
1956 | - rgw | |
1957 | with_legacy: true | |
1958 | - name: rgw_bucket_quota_ttl | |
1959 | type: int | |
1960 | level: advanced | |
1961 | desc: Bucket quota stats cache TTL | |
1962 | long_desc: Length of time for bucket stats to be cached within RGW instance. | |
1963 | fmt_desc: The amount of time in seconds cached quota information is | |
1964 | trusted. After this timeout, the quota information will be | |
1965 | re-fetched from the cluster. | |
1966 | default: 10_min | |
1967 | services: | |
1968 | - rgw | |
1969 | with_legacy: true | |
1970 | - name: rgw_bucket_quota_cache_size | |
1971 | type: int | |
1972 | level: advanced | |
1973 | desc: RGW quota stats cache size | |
1974 | long_desc: Maximum number of entries in the quota stats cache. | |
1975 | default: 10000 | |
1976 | services: | |
1977 | - rgw | |
1978 | with_legacy: true | |
1979 | - name: rgw_bucket_default_quota_max_objects | |
1980 | type: int | |
1981 | level: basic | |
1982 | desc: Default quota for max objects in a bucket | |
1983 | long_desc: The default quota configuration for max number of objects in a bucket. | |
1984 | A negative number means 'unlimited'. | |
1985 | fmt_desc: Default max number of objects per bucket. Set on new users, | |
1986 | if no other quota is specified. Has no effect on existing users. | |
1987 | This variable should be set in the client or global sections | |
1988 | so that it is automatically applied to radosgw-admin commands. | |
1989 | default: -1 | |
1990 | services: | |
1991 | - rgw | |
1992 | with_legacy: true | |
1993 | - name: rgw_bucket_default_quota_max_size | |
1994 | type: int | |
1995 | level: advanced | |
1996 | desc: Default quota for total size in a bucket | |
1997 | long_desc: The default quota configuration for total size of objects in a bucket. | |
1998 | A negative number means 'unlimited'. | |
1999 | fmt_desc: Default max capacity per bucket, in bytes. Set on new users, | |
2000 | if no other quota is specified. Has no effect on existing users. | |
2001 | default: -1 | |
2002 | services: | |
2003 | - rgw | |
2004 | with_legacy: true | |
2005 | - name: rgw_expose_bucket | |
2006 | type: bool | |
2007 | level: advanced | |
2008 | desc: Send Bucket HTTP header with the response | |
2009 | long_desc: If true, RGW will send a Bucket HTTP header with the responses. The header | |
2010 | will contain the name of the bucket the operation happened on. | |
2011 | default: false | |
2012 | services: | |
2013 | - rgw | |
2014 | with_legacy: true | |
2015 | - name: rgw_frontends | |
2016 | type: str | |
2017 | level: basic | |
2018 | desc: RGW frontends configuration | |
2019 | long_desc: A comma delimited list of frontends configuration. Each configuration | |
2020 | contains the type of the frontend followed by an optional space delimited set | |
2021 | of key=value config parameters. | |
2022 | fmt_desc: Configures the HTTP frontend(s). The configuration for multiple | |
2023 | frontends can be provided in a comma-delimited list. Each frontend | |
2024 | configuration may include a list of options separated by spaces, | |
2025 | where each option is in the form "key=value" or "key". See | |
2026 | `HTTP Frontends`_ for more on supported options. | |
2027 | default: beast port=7480 | |
2028 | services: | |
2029 | - rgw | |
2030 | with_legacy: true | |
2031 | - name: rgw_frontend_defaults | |
2032 | type: str | |
2033 | level: advanced | |
2034 | desc: RGW frontends default configuration | |
2035 | long_desc: A comma delimited list of default frontends configuration. | |
2036 | default: beast ssl_certificate=config://rgw/cert/$realm/$zone.crt ssl_private_key=config://rgw/cert/$realm/$zone.key | |
2037 | services: | |
2038 | - rgw | |
2039 | - name: rgw_beast_enable_async | |
2040 | type: bool | |
2041 | level: dev | |
2042 | desc: Enable async request processing under beast using coroutines | |
2043 | long_desc: When enabled, the beast frontend will process requests using | |
2044 | coroutines, allowing the concurrent processing of several requests on the | |
2045 | same thread. When disabled, the number of concurrent requests will be | |
2046 | limited by the thread count, but debugging and tracing the synchronous | |
2047 | calls can be easier. | |
2048 | default: true | |
2049 | services: | |
2050 | - rgw | |
2051 | with_legacy: true | |
2052 | - name: rgw_user_quota_bucket_sync_interval | |
2053 | type: int | |
2054 | level: advanced | |
2055 | desc: User quota bucket sync interval | |
2056 | long_desc: Time period for accumulating modified buckets before syncing these stats. | |
2057 | fmt_desc: The amount of time in seconds bucket quota information is | |
2058 | accumulated before syncing to the cluster. During this time, | |
2059 | other RGW instances will not see the changes in bucket quota | |
2060 | stats from operations on this instance. | |
2061 | default: 3_min | |
2062 | services: | |
2063 | - rgw | |
2064 | with_legacy: true | |
2065 | - name: rgw_user_quota_sync_interval | |
2066 | type: int | |
2067 | level: advanced | |
2068 | desc: User quota sync interval | |
2069 | long_desc: Time period for accumulating modified buckets before syncing entire user | |
2070 | stats. | |
2071 | fmt_desc: The amount of time in seconds user quota information is | |
2072 | accumulated before syncing to the cluster. During this time, | |
2073 | other RGW instances will not see the changes in user quota stats | |
2074 | from operations on this instance. | |
2075 | default: 1_day | |
2076 | services: | |
2077 | - rgw | |
2078 | with_legacy: true | |
2079 | - name: rgw_user_quota_sync_idle_users | |
2080 | type: bool | |
2081 | level: advanced | |
2082 | desc: Should sync idle users quota | |
2083 | long_desc: Whether stats for idle users be fully synced. | |
2084 | default: false | |
2085 | services: | |
2086 | - rgw | |
2087 | with_legacy: true | |
2088 | - name: rgw_user_quota_sync_wait_time | |
2089 | type: int | |
2090 | level: advanced | |
2091 | desc: User quota full-sync wait time | |
2092 | long_desc: Minimum time between two full stats sync for non-idle users. | |
2093 | default: 1_day | |
2094 | services: | |
2095 | - rgw | |
2096 | with_legacy: true | |
2097 | - name: rgw_user_default_quota_max_objects | |
2098 | type: int | |
2099 | level: basic | |
2100 | desc: User quota max objects | |
2101 | long_desc: The default quota configuration for total number of objects for a single | |
2102 | user. A negative number means 'unlimited'. | |
2103 | fmt_desc: Default max number of objects for a user. This includes all | |
2104 | objects in all buckets owned by the user. Set on new users, | |
2105 | if no other quota is specified. Has no effect on existing users. | |
2106 | default: -1 | |
2107 | services: | |
2108 | - rgw | |
2109 | with_legacy: true | |
2110 | - name: rgw_user_default_quota_max_size | |
2111 | type: int | |
2112 | level: basic | |
2113 | desc: User quota max size | |
2114 | long_desc: The default quota configuration for total size of objects for a single | |
2115 | user. A negative number means 'unlimited'. | |
2116 | fmt_desc: The value for user max size quota in bytes set on new users, | |
2117 | if no other quota is specified. Has no effect on existing users. | |
2118 | default: -1 | |
2119 | services: | |
2120 | - rgw | |
2121 | with_legacy: true | |
2122 | - name: rgw_multipart_min_part_size | |
2123 | type: size | |
2124 | level: advanced | |
2125 | desc: Minimum S3 multipart-upload part size | |
2126 | long_desc: When doing a multipart upload, each part (other than the last part) must | |
2127 | be at least this size. | |
2128 | default: 5_M | |
2129 | services: | |
2130 | - rgw | |
2131 | with_legacy: true | |
2132 | - name: rgw_multipart_part_upload_limit | |
2133 | type: int | |
2134 | level: advanced | |
2135 | desc: Max number of parts in multipart upload | |
2136 | default: 10000 | |
2137 | services: | |
2138 | - rgw | |
2139 | with_legacy: true | |
2140 | - name: rgw_max_slo_entries | |
2141 | type: int | |
2142 | level: advanced | |
2143 | desc: Max number of entries in Swift Static Large Object manifest | |
2144 | default: 1000 | |
2145 | services: | |
2146 | - rgw | |
2147 | with_legacy: true | |
2148 | - name: rgw_olh_pending_timeout_sec | |
2149 | type: int | |
2150 | level: dev | |
2151 | desc: Max time for pending OLH change to complete | |
2152 | long_desc: OLH is a versioned object's logical head. Operations on it are journaled | |
2153 | and as pending before completion. If an operation doesn't complete with this amount | |
2154 | of seconds, we remove the operation from the journal. | |
2155 | default: 1_hr | |
2156 | services: | |
2157 | - rgw | |
2158 | with_legacy: true | |
2159 | - name: rgw_user_max_buckets | |
2160 | type: int | |
2161 | level: basic | |
2162 | desc: Max number of buckets per user | |
2163 | long_desc: A user can create at most this number of buckets. Zero means no limit; | |
2164 | a negative value means users cannot create any new buckets, although users will | |
2165 | retain buckets already created. | |
2166 | default: 1000 | |
2167 | services: | |
2168 | - rgw | |
2169 | with_legacy: true | |
2170 | - name: rgw_objexp_gc_interval | |
2171 | type: uint | |
2172 | level: advanced | |
2173 | desc: Swift objects expirer garbage collector interval | |
2174 | default: 600 | |
2175 | services: | |
2176 | - rgw | |
2177 | with_legacy: true | |
2178 | - name: rgw_objexp_hints_num_shards | |
2179 | type: uint | |
2180 | level: advanced | |
2181 | desc: Number of object expirer data shards | |
2182 | long_desc: The number of shards the (Swift) object expirer will store its data on. | |
2183 | default: 127 | |
2184 | services: | |
2185 | - rgw | |
2186 | with_legacy: true | |
2187 | # maximum number of entries in a single operation when processing objexp data | |
2188 | - name: rgw_objexp_chunk_size | |
2189 | type: uint | |
2190 | level: dev | |
2191 | default: 100 | |
2192 | services: | |
2193 | - rgw | |
2194 | with_legacy: true | |
2195 | - name: rgw_enable_static_website | |
2196 | type: bool | |
2197 | level: basic | |
2198 | desc: Enable static website APIs | |
2199 | long_desc: This configurable controls whether RGW handles the website control APIs. | |
2200 | RGW can server static websites if s3website hostnames are configured, and unrelated | |
2201 | to this configurable. | |
2202 | default: false | |
2203 | services: | |
2204 | - rgw | |
2205 | with_legacy: true | |
2206 | - name: rgw_user_unique_email | |
2207 | type: bool | |
2208 | level: basic | |
2209 | desc: Require local RGW users to have unique email addresses | |
2210 | long_desc: Enforce builtin user accounts to have unique email addresses. This setting | |
2211 | is historical. In future, non-enforcement of email address uniqueness is likely | |
2212 | to become the default. | |
2213 | default: true | |
2214 | services: | |
2215 | - rgw | |
2216 | - name: rgw_log_http_headers | |
2217 | type: str | |
2218 | level: basic | |
2219 | desc: List of HTTP headers to log | |
2220 | long_desc: A comma delimited list of HTTP headers to log when seen, ignores case | |
2221 | (e.g., http_x_forwarded_for). | |
2222 | fmt_desc: Comma-delimited list of HTTP headers to include with ops | |
2223 | log entries. Header names are case insensitive, and use | |
2224 | the full header name with words separated by underscores. | |
2225 | example: http_x_forwarded_for, http_x_special_k | |
2226 | services: | |
2227 | - rgw | |
2228 | with_legacy: true | |
2229 | - name: rgw_num_async_rados_threads | |
2230 | type: int | |
2231 | level: advanced | |
2232 | desc: Number of concurrent RADOS operations in multisite sync | |
2233 | long_desc: The number of concurrent RADOS IO operations that will be triggered for | |
2234 | handling multisite sync operations. This includes control related work, and not | |
2235 | the actual sync operations. | |
2236 | default: 32 | |
2237 | services: | |
2238 | - rgw | |
2239 | with_legacy: true | |
2240 | - name: rgw_md_notify_interval_msec | |
2241 | type: int | |
2242 | level: advanced | |
2243 | desc: Length of time to aggregate metadata changes | |
2244 | long_desc: Length of time (in milliseconds) in which the master zone aggregates | |
2245 | all the metadata changes that occurred, before sending notifications to all the | |
2246 | other zones. | |
2247 | default: 200 | |
2248 | services: | |
2249 | - rgw | |
2250 | with_legacy: true | |
2251 | - name: rgw_run_sync_thread | |
2252 | type: bool | |
2253 | level: advanced | |
2254 | desc: Should run sync thread | |
2255 | fmt_desc: If there are other zones in the realm to sync from, spawn threads | |
2256 | to handle the sync of data and metadata. | |
2257 | default: true | |
2258 | services: | |
2259 | - rgw | |
2260 | with_legacy: true | |
2261 | - name: rgw_sync_lease_period | |
2262 | type: int | |
2263 | level: dev | |
2264 | default: 2_min | |
2265 | services: | |
2266 | - rgw | |
2267 | with_legacy: true | |
2268 | - name: rgw_sync_log_trim_interval | |
2269 | type: int | |
2270 | level: advanced | |
2271 | desc: Sync log trim interval | |
2272 | long_desc: Time in seconds between attempts to trim sync logs. | |
2273 | default: 20_min | |
2274 | services: | |
2275 | - rgw | |
2276 | with_legacy: true | |
2277 | - name: rgw_sync_log_trim_max_buckets | |
2278 | type: int | |
2279 | level: advanced | |
2280 | desc: Maximum number of buckets to trim per interval | |
2281 | long_desc: The maximum number of buckets to consider for bucket index log trimming | |
2282 | each trim interval, regardless of the number of bucket index shards. Priority | |
2283 | is given to buckets with the most sync activity over the last trim interval. | |
2284 | default: 16 | |
2285 | services: | |
2286 | - rgw | |
2287 | see_also: | |
2288 | - rgw_sync_log_trim_interval | |
2289 | - rgw_sync_log_trim_min_cold_buckets | |
2290 | - rgw_sync_log_trim_concurrent_buckets | |
2291 | - name: rgw_sync_log_trim_min_cold_buckets | |
2292 | type: int | |
2293 | level: advanced | |
2294 | desc: Minimum number of cold buckets to trim per interval | |
2295 | long_desc: Of the `rgw_sync_log_trim_max_buckets` selected for bucket index log | |
2296 | trimming each trim interval, at least this many of them must be 'cold' buckets. | |
2297 | These buckets are selected in order from the list of all bucket instances, to | |
2298 | guarantee that all buckets will be visited eventually. | |
2299 | default: 4 | |
2300 | services: | |
2301 | - rgw | |
2302 | see_also: | |
2303 | - rgw_sync_log_trim_interval | |
2304 | - rgw_sync_log_trim_max_buckets | |
2305 | - rgw_sync_log_trim_concurrent_buckets | |
2306 | - name: rgw_sync_log_trim_concurrent_buckets | |
2307 | type: int | |
2308 | level: advanced | |
2309 | desc: Maximum number of buckets to trim in parallel | |
2310 | default: 4 | |
2311 | services: | |
2312 | - rgw | |
2313 | see_also: | |
2314 | - rgw_sync_log_trim_interval | |
2315 | - rgw_sync_log_trim_max_buckets | |
2316 | - rgw_sync_log_trim_min_cold_buckets | |
2317 | - name: rgw_sync_data_inject_err_probability | |
2318 | type: float | |
2319 | level: dev | |
2320 | default: 0 | |
2321 | services: | |
2322 | - rgw | |
2323 | with_legacy: true | |
2324 | - name: rgw_sync_meta_inject_err_probability | |
2325 | type: float | |
2326 | level: dev | |
2327 | default: 0 | |
2328 | services: | |
2329 | - rgw | |
2330 | with_legacy: true | |
2331 | - name: rgw_sync_trace_history_size | |
2332 | type: size | |
2333 | level: advanced | |
2334 | desc: Sync trace history size | |
2335 | long_desc: Maximum number of complete sync trace entries to keep. | |
2336 | default: 4_K | |
2337 | services: | |
2338 | - rgw | |
2339 | with_legacy: true | |
2340 | - name: rgw_sync_trace_per_node_log_size | |
2341 | type: int | |
2342 | level: advanced | |
2343 | desc: Sync trace per-node log size | |
2344 | long_desc: The number of log entries to keep per sync-trace node. | |
2345 | default: 32 | |
2346 | services: | |
2347 | - rgw | |
2348 | with_legacy: true | |
2349 | - name: rgw_sync_trace_servicemap_update_interval | |
2350 | type: int | |
2351 | level: advanced | |
2352 | desc: Sync-trace service-map update interval | |
2353 | long_desc: Number of seconds between service-map updates of sync-trace events. | |
2354 | default: 10 | |
2355 | services: | |
2356 | - rgw | |
2357 | with_legacy: true | |
2358 | - name: rgw_period_push_interval | |
2359 | type: float | |
2360 | level: advanced | |
2361 | desc: Period push interval | |
2362 | long_desc: Number of seconds to wait before retrying 'period push' operation. | |
2363 | default: 2 | |
2364 | services: | |
2365 | - rgw | |
2366 | with_legacy: true | |
2367 | - name: rgw_period_push_interval_max | |
2368 | type: float | |
2369 | level: advanced | |
2370 | desc: Period push maximum interval | |
2371 | long_desc: The max number of seconds to wait before retrying 'period push' after | |
2372 | exponential backoff. | |
2373 | default: 30 | |
2374 | services: | |
2375 | - rgw | |
2376 | with_legacy: true | |
2377 | - name: rgw_safe_max_objects_per_shard | |
2378 | type: int | |
2379 | level: advanced | |
2380 | desc: Safe number of objects per shard | |
2381 | long_desc: This is the max number of objects per bucket index shard that RGW considers | |
2382 | safe. RGW will warn if it identifies a bucket where its per-shard count is higher | |
2383 | than a percentage of this number. | |
2384 | default: 102400 | |
2385 | services: | |
2386 | - rgw | |
2387 | see_also: | |
2388 | - rgw_shard_warning_threshold | |
2389 | with_legacy: true | |
2390 | # pct of safe max at which to warn | |
2391 | - name: rgw_shard_warning_threshold | |
2392 | type: float | |
2393 | level: advanced | |
2394 | desc: Warn about max objects per shard | |
2395 | long_desc: Warn if number of objects per shard in a specific bucket passed this | |
2396 | percentage of the safe number. | |
2397 | default: 90 | |
2398 | services: | |
2399 | - rgw | |
2400 | see_also: | |
2401 | - rgw_safe_max_objects_per_shard | |
2402 | with_legacy: true | |
2403 | - name: rgw_swift_versioning_enabled | |
2404 | type: bool | |
2405 | level: advanced | |
2406 | desc: Enable Swift versioning | |
2407 | fmt_desc: | | |
2408 | Enables the Object Versioning of OpenStack Object Storage API. | |
2409 | This allows clients to put the ``X-Versions-Location`` attribute | |
2410 | on containers that should be versioned. The attribute specifies | |
2411 | the name of container storing archived versions. It must be owned | |
2412 | by the same user that the versioned container due to access | |
2413 | control verification - ACLs are NOT taken into consideration. | |
2414 | Those containers cannot be versioned by the S3 object versioning | |
2415 | mechanism. | |
2416 | ||
2417 | A slightly different attribute, ``X-History-Location``, which is also understood by | |
2418 | `OpenStack Swift <https://docs.openstack.org/swift/latest/api/object_versioning.html>`_ | |
2419 | for handling ``DELETE`` operations, is currently not supported. | |
2420 | default: false | |
2421 | services: | |
2422 | - rgw | |
2423 | with_legacy: true | |
2424 | - name: rgw_swift_custom_header | |
2425 | type: str | |
2426 | level: advanced | |
2427 | desc: Enable swift custom header | |
2428 | long_desc: If not empty, specifies a name of HTTP header that can include custom | |
2429 | data. When uploading an object, if this header is passed RGW will store this header | |
2430 | info and it will be available when listing the bucket. | |
2431 | services: | |
2432 | - rgw | |
2433 | with_legacy: true | |
2434 | - name: rgw_swift_need_stats | |
2435 | type: bool | |
2436 | level: advanced | |
2437 | desc: Enable stats on bucket listing in Swift | |
2438 | default: true | |
2439 | services: | |
2440 | - rgw | |
2441 | with_legacy: true | |
2442 | - name: rgw_reshard_num_logs | |
2443 | type: uint | |
2444 | level: advanced | |
2445 | default: 16 | |
2446 | services: | |
2447 | - rgw | |
2448 | - rgw | |
2449 | min: 1 | |
2450 | - name: rgw_reshard_bucket_lock_duration | |
2451 | type: uint | |
2452 | level: advanced | |
2453 | desc: Number of seconds the timeout on the reshard locks (bucket reshard lock and | |
2454 | reshard log lock) are set to. As a reshard proceeds these locks can be renewed/extended. | |
2455 | If too short, reshards cannot complete and will fail, causing a future reshard | |
2456 | attempt. If too long a hung or crashed reshard attempt will keep the bucket locked | |
2457 | for an extended period, not allowing RGW to detect the failed reshard attempt | |
2458 | and recover. | |
2459 | default: 360 | |
2460 | tags: | |
2461 | - performance | |
2462 | services: | |
2463 | - rgw | |
2464 | - rgw | |
2465 | min: 30 | |
2466 | - name: rgw_reshard_batch_size | |
2467 | type: uint | |
2468 | level: advanced | |
2469 | desc: Number of reshard entries to batch together before sending the operations | |
2470 | to the CLS back-end | |
2471 | default: 64 | |
2472 | tags: | |
2473 | - performance | |
2474 | services: | |
2475 | - rgw | |
2476 | - rgw | |
2477 | min: 8 | |
2478 | - name: rgw_reshard_max_aio | |
2479 | type: uint | |
2480 | level: advanced | |
2481 | desc: Maximum number of outstanding asynchronous I/O operations to allow at a time | |
2482 | during resharding | |
2483 | default: 128 | |
2484 | tags: | |
2485 | - performance | |
2486 | services: | |
2487 | - rgw | |
2488 | - rgw | |
2489 | min: 16 | |
2490 | - name: rgw_trust_forwarded_https | |
2491 | type: bool | |
2492 | level: advanced | |
2493 | desc: Trust Forwarded and X-Forwarded-Proto headers | |
2494 | long_desc: When a proxy in front of radosgw is used for ssl termination, radosgw | |
2495 | does not know whether incoming http connections are secure. Enable this option | |
2496 | to trust the Forwarded and X-Forwarded-Proto headers sent by the proxy when determining | |
2497 | whether the connection is secure. This is required for some features, such as | |
2498 | server side encryption. (Never enable this setting if you do not have a trusted | |
2499 | proxy in front of radosgw, or else malicious users will be able to set these headers | |
2500 | in any request.) | |
2501 | fmt_desc: When a proxy in front of radosgw is used for ssl termination, radosgw | |
2502 | does not know whether incoming http connections are secure. Enable | |
2503 | this option to trust the ``Forwarded`` and ``X-Forwarded-Proto`` headers | |
2504 | sent by the proxy when determining whether the connection is secure. | |
2505 | This is required for some features, such as server side encryption. | |
2506 | (Never enable this setting if you do not have a trusted proxy in front of | |
2507 | radosgw, or else malicious users will be able to set these headers in | |
2508 | any request.) | |
2509 | default: false | |
2510 | services: | |
2511 | - rgw | |
2512 | see_also: | |
2513 | - rgw_crypt_require_ssl | |
2514 | with_legacy: true | |
2515 | - name: rgw_crypt_require_ssl | |
2516 | type: bool | |
2517 | level: advanced | |
2518 | desc: Requests including encryption key headers must be sent over ssl | |
2519 | default: true | |
2520 | services: | |
2521 | - rgw | |
2522 | with_legacy: true | |
2523 | # base64 encoded key for encryption of rgw objects | |
2524 | - name: rgw_crypt_default_encryption_key | |
2525 | type: str | |
2526 | level: dev | |
2527 | services: | |
2528 | - rgw | |
2529 | with_legacy: true | |
2530 | - name: rgw_crypt_s3_kms_backend | |
2531 | type: str | |
2532 | level: advanced | |
2533 | desc: Where the SSE-KMS encryption keys are stored. Supported KMS systems are OpenStack | |
2534 | Barbican ('barbican', the default) and HashiCorp Vault ('vault'). | |
2535 | fmt_desc: Where the SSE-KMS encryption keys are stored. Supported KMS | |
2536 | systems are OpenStack Barbican (``barbican``, the default) and | |
2537 | HashiCorp Vault (``vault``). | |
2538 | default: barbican | |
2539 | services: | |
2540 | - rgw | |
2541 | enum_values: | |
2542 | - barbican | |
2543 | - vault | |
2544 | - testing | |
2545 | - kmip | |
2546 | with_legacy: true | |
2547 | # extra keys that may be used for aws:kms | |
2548 | # defined as map "key1=YmluCmJvb3N0CmJvb3N0LQ== key2=b3V0CnNyYwpUZXN0aW5nCg==" | |
2549 | - name: rgw_crypt_s3_kms_encryption_keys | |
2550 | type: str | |
2551 | level: dev | |
2552 | services: | |
2553 | - rgw | |
2554 | with_legacy: true | |
2555 | - name: rgw_crypt_vault_auth | |
2556 | type: str | |
2557 | level: advanced | |
2558 | desc: Type of authentication method to be used with Vault. | |
2559 | fmt_desc: Type of authentication method to be used. The only method | |
2560 | currently supported is ``token``. | |
2561 | default: token | |
2562 | services: | |
2563 | - rgw | |
2564 | see_also: | |
2565 | - rgw_crypt_s3_kms_backend | |
2566 | - rgw_crypt_vault_addr | |
2567 | - rgw_crypt_vault_token_file | |
2568 | enum_values: | |
2569 | - token | |
2570 | - agent | |
2571 | with_legacy: true | |
2572 | - name: rgw_crypt_vault_token_file | |
2573 | type: str | |
2574 | level: advanced | |
2575 | desc: If authentication method is 'token', provide a path to the token file, which | |
2576 | for security reasons should readable only by Rados Gateway. | |
2577 | services: | |
2578 | - rgw | |
2579 | see_also: | |
2580 | - rgw_crypt_s3_kms_backend | |
2581 | - rgw_crypt_vault_auth | |
2582 | - rgw_crypt_vault_addr | |
2583 | with_legacy: true | |
2584 | - name: rgw_crypt_vault_addr | |
2585 | type: str | |
2586 | level: advanced | |
2587 | desc: Vault server base address. | |
2588 | fmt_desc: Vault server base address, e.g. ``http://vaultserver:8200``. | |
2589 | services: | |
2590 | - rgw | |
2591 | see_also: | |
2592 | - rgw_crypt_s3_kms_backend | |
2593 | - rgw_crypt_vault_auth | |
2594 | - rgw_crypt_vault_prefix | |
2595 | with_legacy: true | |
2596 | # Optional URL prefix to Vault secret path | |
2597 | - name: rgw_crypt_vault_prefix | |
2598 | type: str | |
2599 | level: advanced | |
2600 | desc: Vault secret URL prefix, which can be used to restrict access to a particular | |
2601 | subset of the Vault secret space. | |
2602 | fmt_desc: The Vault secret URL prefix, which can be used to restrict access | |
2603 | to a particular subset of the secret space, e.g. ``/v1/secret/data``. | |
2604 | services: | |
2605 | - rgw | |
2606 | see_also: | |
2607 | - rgw_crypt_s3_kms_backend | |
2608 | - rgw_crypt_vault_addr | |
2609 | - rgw_crypt_vault_auth | |
2610 | with_legacy: true | |
2611 | # kv, transit or other supported secret engines | |
2612 | - name: rgw_crypt_vault_secret_engine | |
2613 | type: str | |
2614 | level: advanced | |
2615 | desc: Vault Secret Engine to be used to retrieve encryption keys. | |
2616 | fmt_desc: | | |
2617 | Vault Secret Engine to be used to retrieve encryption keys: choose | |
2618 | between kv-v2, transit. | |
2619 | default: transit | |
2620 | services: | |
2621 | - rgw | |
2622 | see_also: | |
2623 | - rgw_crypt_s3_kms_backend | |
2624 | - rgw_crypt_vault_auth | |
2625 | - rgw_crypt_vault_addr | |
2626 | with_legacy: true | |
2627 | # Vault Namespace (only availabe in Vault Enterprise Version) | |
2628 | - name: rgw_crypt_vault_namespace | |
2629 | type: str | |
2630 | level: advanced | |
2631 | desc: Vault Namespace to be used to select your tenant | |
2632 | fmt_desc: If set, Vault Namespace provides tenant isolation for teams and individuals | |
2633 | on the same Vault Enterprise instance, e.g. ``acme/tenant1`` | |
2634 | services: | |
2635 | - rgw | |
2636 | see_also: | |
2637 | - rgw_crypt_s3_kms_backend | |
2638 | - rgw_crypt_vault_auth | |
2639 | - rgw_crypt_vault_addr | |
2640 | with_legacy: true | |
2641 | # Enable TLS authentication rgw and vault | |
2642 | - name: rgw_crypt_vault_verify_ssl | |
2643 | type: bool | |
2644 | level: advanced | |
2645 | desc: Should RGW verify the vault server SSL certificate. | |
2646 | default: true | |
2647 | services: | |
2648 | - rgw | |
2649 | with_legacy: true | |
2650 | # TLS certs options | |
2651 | - name: rgw_crypt_vault_ssl_cacert | |
2652 | type: str | |
2653 | level: advanced | |
2654 | desc: Path for custom ca certificate for accessing vault server | |
2655 | services: | |
2656 | - rgw | |
2657 | with_legacy: true | |
2658 | - name: rgw_crypt_vault_ssl_clientcert | |
2659 | type: str | |
2660 | level: advanced | |
2661 | desc: Path for custom client certificate for accessing vault server | |
2662 | services: | |
2663 | - rgw | |
2664 | with_legacy: true | |
2665 | - name: rgw_crypt_vault_ssl_clientkey | |
2666 | type: str | |
2667 | level: advanced | |
2668 | desc: Path for private key required for client cert | |
2669 | services: | |
2670 | - rgw | |
2671 | with_legacy: true | |
2672 | - name: rgw_crypt_kmip_addr | |
2673 | type: str | |
2674 | level: advanced | |
2675 | desc: kmip server address | |
2676 | services: | |
2677 | - rgw | |
2678 | with_legacy: true | |
2679 | - name: rgw_crypt_kmip_ca_path | |
2680 | type: str | |
2681 | level: advanced | |
2682 | desc: ca for kmip servers | |
2683 | services: | |
2684 | - rgw | |
2685 | with_legacy: true | |
2686 | - name: rgw_crypt_kmip_username | |
2687 | type: str | |
2688 | level: advanced | |
2689 | desc: when authenticating via username | |
2690 | services: | |
2691 | - rgw | |
2692 | with_legacy: true | |
2693 | - name: rgw_crypt_kmip_password | |
2694 | type: str | |
2695 | level: advanced | |
2696 | desc: optional w/ username | |
2697 | services: | |
2698 | - rgw | |
2699 | with_legacy: true | |
2700 | - name: rgw_crypt_kmip_client_cert | |
2701 | type: str | |
2702 | level: advanced | |
2703 | desc: connect using client certificate | |
2704 | services: | |
2705 | - rgw | |
2706 | with_legacy: true | |
2707 | - name: rgw_crypt_kmip_client_key | |
2708 | type: str | |
2709 | level: advanced | |
2710 | desc: connect using client certificate | |
2711 | services: | |
2712 | - rgw | |
2713 | with_legacy: true | |
2714 | - name: rgw_crypt_kmip_kms_key_template | |
2715 | type: str | |
2716 | level: advanced | |
2717 | desc: sse-kms; kmip key names | |
2718 | services: | |
2719 | - rgw | |
2720 | with_legacy: true | |
2721 | - name: rgw_crypt_kmip_s3_key_template | |
2722 | type: str | |
2723 | level: advanced | |
2724 | desc: sse-s3; kmip key template | |
2725 | default: $keyid | |
2726 | services: | |
2727 | - rgw | |
2728 | with_legacy: true | |
2729 | - name: rgw_crypt_suppress_logs | |
2730 | type: bool | |
2731 | level: advanced | |
2732 | desc: Suppress logs that might print client key | |
2733 | default: true | |
2734 | services: | |
2735 | - rgw | |
2736 | with_legacy: true | |
2a845540 TL |
2737 | - name: rgw_crypt_sse_s3_backend |
2738 | type: str | |
2739 | level: advanced | |
2740 | desc: Where the SSE-S3 encryption keys are stored. The only valid choice here is | |
2741 | HashiCorp Vault ('vault'). | |
2742 | fmt_desc: Where the SSE-S3 encryption keys are stored. The only valid | |
2743 | choice is HashiCorp Vault (``vault``). | |
2744 | default: vault | |
2745 | services: | |
2746 | - rgw | |
2747 | enum_values: | |
2748 | - vault | |
2749 | with_legacy: true | |
2750 | ||
2751 | - name: rgw_crypt_sse_s3_vault_secret_engine | |
2752 | type: str | |
2753 | level: advanced | |
2754 | desc: Vault Secret Engine to be used to retrieve encryption keys. | |
2755 | fmt_desc: | | |
2756 | Vault Secret Engine to be used to retrieve encryption keys. The | |
2757 | only valid choice here is transit. | |
2758 | default: transit | |
2759 | services: | |
2760 | - rgw | |
2761 | see_also: | |
2762 | - rgw_crypt_sse_s3_backend | |
2763 | - rgw_crypt_sse_s3_vault_auth | |
2764 | - rgw_crypt_sse_s3_vault_addr | |
2765 | with_legacy: true | |
2766 | - name: rgw_crypt_sse_s3_key_template | |
2767 | type: str | |
2768 | level: advanced | |
2769 | desc: template for per-bucket sse-s3 keys in vault. | |
2770 | long_desc: This is the template for per-bucket sse-s3 keys. | |
2771 | This string may include ``%bucket_id`` which will be expanded out to | |
2772 | the bucket marker, a unique uuid assigned to that bucket. | |
2773 | It could contain ``%owner_id``, which will expand out to the owner's id. | |
2774 | Any other use of % is reserved and should not be used. | |
2775 | If the template contains ``%bucket_id``, associated bucket keys | |
2776 | will be automatically removed when the bucket is removed. | |
2777 | services: | |
2778 | - rgw | |
2779 | default: "%bucket_id" | |
2780 | see_also: | |
2781 | - rgw_crypt_sse_s3_backend | |
2782 | - rgw_crypt_sse_s3_vault_auth | |
2783 | - rgw_crypt_sse_s3_vault_addr | |
2784 | with_legacy: true | |
2785 | - name: rgw_crypt_sse_s3_vault_auth | |
2786 | type: str | |
2787 | level: advanced | |
2788 | desc: Type of authentication method to be used with SSE-S3 and Vault. | |
2789 | fmt_desc: Type of authentication method to be used. The only method | |
2790 | currently supported is ``token``. | |
2791 | default: token | |
2792 | services: | |
2793 | - rgw | |
2794 | see_also: | |
2795 | - rgw_crypt_sse_s3_backend | |
2796 | - rgw_crypt_sse_s3_vault_addr | |
2797 | - rgw_crypt_sse_s3_vault_token_file | |
2798 | enum_values: | |
2799 | - token | |
2800 | - agent | |
2801 | with_legacy: true | |
2802 | - name: rgw_crypt_sse_s3_vault_token_file | |
2803 | type: str | |
2804 | level: advanced | |
2805 | desc: If authentication method is 'token', provide a path to the token file, which | |
2806 | for security reasons should readable only by Rados Gateway. | |
2807 | services: | |
2808 | - rgw | |
2809 | see_also: | |
2810 | - rgw_crypt_sse_s3_backend | |
2811 | - rgw_crypt_sse_s3_vault_auth | |
2812 | - rgw_crypt_sse_s3_vault_addr | |
2813 | with_legacy: true | |
2814 | - name: rgw_crypt_sse_s3_vault_addr | |
2815 | type: str | |
2816 | level: advanced | |
2817 | desc: SSE-S3 Vault server base address. | |
2818 | fmt_desc: Vault server base address, e.g. ``http://vaultserver:8200``. | |
2819 | services: | |
2820 | - rgw | |
2821 | see_also: | |
2822 | - rgw_crypt_sse_s3_backend | |
2823 | - rgw_crypt_sse_s3_vault_auth | |
2824 | - rgw_crypt_sse_s3_vault_prefix | |
2825 | with_legacy: true | |
2826 | # Optional URL prefix to Vault secret path | |
2827 | - name: rgw_crypt_sse_s3_vault_prefix | |
2828 | type: str | |
2829 | level: advanced | |
2830 | desc: SSE-S3 Vault secret URL prefix, which can be used to restrict access to a particular | |
2831 | subset of the Vault secret space. | |
2832 | fmt_desc: The Vault secret URL prefix, which can be used to restrict access | |
2833 | to a particular subset of the secret space, e.g. ``/v1/secret/data``. | |
2834 | services: | |
2835 | - rgw | |
2836 | see_also: | |
2837 | - rgw_crypt_sse_s3_backend | |
2838 | - rgw_crypt_sse_s3_vault_addr | |
2839 | - rgw_crypt_sse_s3_vault_auth | |
2840 | with_legacy: true | |
2841 | # Vault Namespace (only availabe in Vault Enterprise Version) | |
2842 | - name: rgw_crypt_sse_s3_vault_namespace | |
2843 | type: str | |
2844 | level: advanced | |
2845 | desc: Vault Namespace to be used to select your tenant | |
2846 | fmt_desc: If set, Vault Namespace provides tenant isolation for teams and individuals | |
2847 | on the same Vault Enterprise instance, e.g. ``acme/tenant1`` | |
2848 | services: | |
2849 | - rgw | |
2850 | see_also: | |
2851 | - rgw_crypt_sse_s3_backend | |
2852 | - rgw_crypt_sse_s3_vault_auth | |
2853 | - rgw_crypt_sse_s3_vault_addr | |
2854 | with_legacy: true | |
2855 | # Enable TLS authentication rgw and vault | |
2856 | - name: rgw_crypt_sse_s3_vault_verify_ssl | |
2857 | type: bool | |
2858 | level: advanced | |
2859 | desc: Should RGW verify the vault server SSL certificate. | |
2860 | default: true | |
2861 | services: | |
2862 | - rgw | |
2863 | with_legacy: true | |
2864 | # TLS certs options | |
2865 | - name: rgw_crypt_sse_s3_vault_ssl_cacert | |
2866 | type: str | |
2867 | level: advanced | |
2868 | desc: Path for custom ca certificate for accessing vault server | |
2869 | services: | |
2870 | - rgw | |
2871 | with_legacy: true | |
2872 | - name: rgw_crypt_sse_s3_vault_ssl_clientcert | |
2873 | type: str | |
2874 | level: advanced | |
2875 | desc: Path for custom client certificate for accessing vault server | |
2876 | services: | |
2877 | - rgw | |
2878 | with_legacy: true | |
2879 | - name: rgw_crypt_sse_s3_vault_ssl_clientkey | |
2880 | type: str | |
2881 | level: advanced | |
2882 | desc: Path for private key required for client cert | |
2883 | services: | |
2884 | - rgw | |
2885 | with_legacy: true | |
20effc67 TL |
2886 | - name: rgw_list_bucket_min_readahead |
2887 | type: int | |
2888 | level: advanced | |
2889 | desc: Minimum number of entries to request from rados for bucket listing | |
2890 | default: 1000 | |
2891 | services: | |
2892 | - rgw | |
2893 | with_legacy: true | |
2894 | - name: rgw_rest_getusage_op_compat | |
2895 | type: bool | |
2896 | level: advanced | |
2897 | desc: REST GetUsage request backward compatibility | |
2898 | default: false | |
2899 | services: | |
2900 | - rgw | |
2901 | with_legacy: true | |
2902 | # The following are tunables for torrent data | |
2903 | - name: rgw_torrent_flag | |
2904 | type: bool | |
2905 | level: advanced | |
2906 | desc: When true, uploaded objects will calculate and store a SHA256 hash of object | |
2907 | data so the object can be retrieved as a torrent file | |
2908 | default: false | |
2909 | services: | |
2910 | - rgw | |
2911 | with_legacy: true | |
2912 | - name: rgw_torrent_tracker | |
2913 | type: str | |
2914 | level: advanced | |
2915 | desc: Torrent field announce and announce list | |
2916 | services: | |
2917 | - rgw | |
2918 | with_legacy: true | |
2919 | - name: rgw_torrent_createby | |
2920 | type: str | |
2921 | level: advanced | |
2922 | desc: torrent field created by | |
2923 | services: | |
2924 | - rgw | |
2925 | with_legacy: true | |
2926 | - name: rgw_torrent_comment | |
2927 | type: str | |
2928 | level: advanced | |
2929 | desc: Torrent field comment | |
2930 | services: | |
2931 | - rgw | |
2932 | with_legacy: true | |
2933 | - name: rgw_torrent_encoding | |
2934 | type: str | |
2935 | level: advanced | |
2936 | desc: torrent field encoding | |
2937 | services: | |
2938 | - rgw | |
2939 | with_legacy: true | |
2940 | - name: rgw_data_notify_interval_msec | |
2941 | type: int | |
2942 | level: advanced | |
2943 | desc: data changes notification interval to followers | |
2944 | long_desc: In multisite, radosgw will occasionally broadcast new entries in its | |
2945 | data changes log to peer zones, so they can prioritize sync of some | |
2946 | of the most recent changes. Can be disabled with 0. | |
2947 | default: 200 | |
2948 | services: | |
2949 | - rgw | |
2950 | with_legacy: true | |
2951 | - name: rgw_torrent_origin | |
2952 | type: str | |
2953 | level: advanced | |
2954 | desc: Torrent origin | |
2955 | services: | |
2956 | - rgw | |
2957 | with_legacy: true | |
2958 | - name: rgw_torrent_sha_unit | |
2959 | type: size | |
2960 | level: advanced | |
2961 | default: 512_K | |
2962 | services: | |
2963 | - rgw | |
2964 | with_legacy: true | |
2965 | - name: rgw_dynamic_resharding | |
2966 | type: bool | |
2967 | level: basic | |
2968 | desc: Enable dynamic resharding | |
2969 | long_desc: If true, RGW will dynamically increase the number of shards in buckets | |
2970 | that have a high number of objects per shard. | |
2971 | default: true | |
2972 | services: | |
2973 | - rgw | |
2974 | see_also: | |
2975 | - rgw_max_objs_per_shard | |
2976 | - rgw_max_dynamic_shards | |
2977 | - name: rgw_max_objs_per_shard | |
2978 | type: uint | |
2979 | level: basic | |
2980 | desc: Max objects per shard for dynamic resharding | |
2981 | long_desc: This is the max number of objects per bucket index shard that RGW will | |
2982 | allow with dynamic resharding. RGW will trigger an automatic reshard operation | |
2983 | on the bucket if it exceeds this number. | |
2984 | default: 100000 | |
2985 | services: | |
2986 | - rgw | |
2987 | see_also: | |
2988 | - rgw_dynamic_resharding | |
2989 | - rgw_max_dynamic_shards | |
2990 | - name: rgw_max_dynamic_shards | |
2991 | type: uint | |
2992 | level: advanced | |
2993 | desc: Max shards that dynamic resharding can create | |
2994 | long_desc: This is the maximum number of bucket index shards that dynamic sharding | |
2995 | is able to create on its own. This does not limit user requested resharding. Ideally | |
2996 | this value is a prime number. | |
2997 | default: 1999 | |
2998 | services: | |
2999 | - rgw | |
3000 | see_also: | |
3001 | - rgw_dynamic_resharding | |
3002 | - rgw_max_objs_per_shard | |
3003 | min: 1 | |
3004 | - name: rgw_reshard_thread_interval | |
3005 | type: uint | |
3006 | level: advanced | |
3007 | desc: Number of seconds between processing of reshard log entries | |
3008 | default: 600 | |
3009 | services: | |
3010 | - rgw | |
3011 | min: 10 | |
3012 | - name: rgw_cache_expiry_interval | |
3013 | type: uint | |
3014 | level: advanced | |
3015 | desc: Number of seconds before entries in the cache are assumed stale and re-fetched. | |
3016 | Zero is never. | |
3017 | long_desc: The Rados Gateway stores metadata and objects in an internal cache. This | |
3018 | should be kept consistent by the OSD's relaying notify events between multiple | |
3019 | watching RGW processes. In the event that this notification protocol fails, bounding | |
3020 | the length of time that any data in the cache will be assumed valid will ensure | |
3021 | that any RGW instance that falls out of sync will eventually recover. This seems | |
3022 | to be an issue mostly for large numbers of RGW instances under heavy use. If you | |
3023 | would like to turn off cache expiry, set this value to zero. | |
3024 | default: 900 | |
3025 | tags: | |
3026 | - performance | |
3027 | services: | |
3028 | - rgw | |
3029 | - rgw | |
3030 | - name: rgw_inject_notify_timeout_probability | |
3031 | type: float | |
3032 | level: dev | |
3033 | desc: Likelihood of ignoring a notify | |
3034 | long_desc: This is the probability that the RGW cache will ignore a cache notify | |
3035 | message. It exists to help with the development and testing of cache consistency | |
3036 | and recovery improvements. Please do not set it in a production cluster, as it | |
3037 | actively causes failures. Set this to a floating point value between 0 and 1. | |
3038 | default: 0 | |
3039 | tags: | |
3040 | - fault injection | |
3041 | - testing | |
3042 | services: | |
3043 | - rgw | |
3044 | - rgw | |
3045 | min: 0 | |
3046 | max: 1 | |
3047 | - name: rgw_max_notify_retries | |
3048 | type: uint | |
3049 | level: advanced | |
3050 | desc: Number of attempts to notify peers before giving up. | |
3051 | long_desc: The number of times we will attempt to update a peer's cache in the event | |
3052 | of error before giving up. This is unlikely to be an issue unless your cluster | |
3053 | is very heavily loaded. Beware that increasing this value may cause some operations | |
3054 | to take longer in exceptional cases and thus may, rarely, cause clients to time | |
3055 | out. | |
3056 | default: 3 | |
3057 | tags: | |
3058 | - error recovery | |
3059 | services: | |
3060 | - rgw | |
3061 | - rgw | |
3062 | - name: rgw_sts_entry | |
3063 | type: str | |
3064 | level: advanced | |
3065 | desc: STS URL prefix | |
3066 | long_desc: URL path prefix for internal STS requests. | |
3067 | default: sts | |
3068 | services: | |
3069 | - rgw | |
3070 | with_legacy: true | |
3071 | - name: rgw_sts_key | |
3072 | type: str | |
3073 | level: advanced | |
3074 | desc: STS Key | |
3075 | long_desc: Key used for encrypting/ decrypting session token. | |
3076 | default: sts | |
3077 | services: | |
3078 | - rgw | |
3079 | with_legacy: true | |
3080 | # should we try to use sts for s3? | |
3081 | - name: rgw_s3_auth_use_sts | |
3082 | type: bool | |
3083 | level: advanced | |
3084 | desc: Should S3 authentication use STS. | |
3085 | default: false | |
3086 | services: | |
3087 | - rgw | |
3088 | with_legacy: true | |
3089 | - name: rgw_sts_max_session_duration | |
3090 | type: uint | |
3091 | level: advanced | |
3092 | desc: Session token max duration | |
3093 | long_desc: Max duration in seconds for which the session token is valid. | |
3094 | default: 43200 | |
3095 | services: | |
3096 | - rgw | |
3097 | with_legacy: true | |
3098 | - name: rgw_sts_min_session_duration | |
3099 | type: uint | |
3100 | level: advanced | |
3101 | desc: Minimum allowed duration of a session | |
3102 | default: 900 | |
3103 | services: | |
3104 | - rgw | |
3105 | with_legacy: true | |
3106 | - name: rgw_max_listing_results | |
3107 | type: uint | |
3108 | level: advanced | |
3109 | desc: Upper bound on results in listing operations, ListBucket max-keys | |
3110 | long_desc: This caps the maximum permitted value for listing-like operations in | |
3111 | RGW S3. Affects ListBucket(max-keys), ListBucketVersions(max-keys), ListBucketMultipartUploads(max-uploads), | |
3112 | ListMultipartUploadParts(max-parts) | |
3113 | default: 1000 | |
3114 | services: | |
3115 | - rgw | |
3116 | - rgw | |
3117 | min: 1 | |
3118 | max: 100000 | |
3119 | - name: rgw_sts_token_introspection_url | |
3120 | type: str | |
3121 | level: advanced | |
3122 | desc: STS Web Token introspection URL | |
3123 | long_desc: URL for introspecting an STS Web Token. | |
3124 | services: | |
3125 | - rgw | |
3126 | with_legacy: true | |
3127 | - name: rgw_sts_client_id | |
3128 | type: str | |
3129 | level: advanced | |
3130 | desc: Client Id | |
3131 | long_desc: Client Id needed for introspecting a Web Token. | |
3132 | services: | |
3133 | - rgw | |
3134 | with_legacy: true | |
3135 | - name: rgw_sts_client_secret | |
3136 | type: str | |
3137 | level: advanced | |
3138 | desc: Client Secret | |
3139 | long_desc: Client Secret needed for introspecting a Web Token. | |
3140 | services: | |
3141 | - rgw | |
3142 | with_legacy: true | |
3143 | - name: rgw_max_concurrent_requests | |
3144 | type: int | |
3145 | level: basic | |
3146 | desc: Maximum number of concurrent HTTP requests. | |
3147 | long_desc: Maximum number of concurrent HTTP requests that the beast frontend will | |
3148 | process. Tuning this can help to limit memory usage under heavy load. | |
3149 | default: 1024 | |
3150 | tags: | |
3151 | - performance | |
3152 | services: | |
3153 | - rgw | |
3154 | see_also: | |
3155 | - rgw_frontends | |
3156 | - name: rgw_scheduler_type | |
3157 | type: str | |
3158 | level: advanced | |
3159 | desc: Set the type of dmclock scheduler, defaults to throttler Other valid values | |
3160 | are dmclock which is experimental | |
3161 | fmt_desc: | | |
3162 | The RGW scheduler to use. Valid values are ``throttler` and | |
3163 | ``dmclock``. Currently defaults to ``throttler`` which throttles Beast | |
3164 | frontend requests. ``dmclock` is *experimental* and requires the | |
3165 | ``dmclock`` to be included in the ``experimental_feature_enabled`` | |
3166 | configuration option. | |
3167 | ||
3168 | The options below tune the experimental dmclock scheduler. For | |
3169 | additional reading on dmclock, see :ref:`dmclock-qos`. `op_class` for the flags below is | |
3170 | one of ``admin``, ``auth``, ``metadata``, or ``data``. | |
3171 | default: throttler | |
3172 | services: | |
3173 | - rgw | |
3174 | - name: rgw_dmclock_admin_res | |
3175 | type: float | |
3176 | level: advanced | |
3177 | desc: mclock reservation for admin requests | |
3178 | default: 100 | |
3179 | services: | |
3180 | - rgw | |
3181 | see_also: | |
3182 | - rgw_dmclock_admin_wgt | |
3183 | - rgw_dmclock_admin_lim | |
3184 | - name: rgw_dmclock_admin_wgt | |
3185 | type: float | |
3186 | level: advanced | |
3187 | desc: mclock weight for admin requests | |
3188 | default: 100 | |
3189 | services: | |
3190 | - rgw | |
3191 | see_also: | |
3192 | - rgw_dmclock_admin_res | |
3193 | - rgw_dmclock_admin_lim | |
3194 | - name: rgw_dmclock_admin_lim | |
3195 | type: float | |
3196 | level: advanced | |
3197 | desc: mclock limit for admin requests | |
3198 | default: 0 | |
3199 | services: | |
3200 | - rgw | |
3201 | see_also: | |
3202 | - rgw_dmclock_admin_res | |
3203 | - rgw_dmclock_admin_wgt | |
3204 | - name: rgw_dmclock_auth_res | |
3205 | type: float | |
3206 | level: advanced | |
3207 | desc: mclock reservation for object data requests | |
3208 | default: 200 | |
3209 | services: | |
3210 | - rgw | |
3211 | see_also: | |
3212 | - rgw_dmclock_auth_wgt | |
3213 | - rgw_dmclock_auth_lim | |
3214 | - name: rgw_dmclock_auth_wgt | |
3215 | type: float | |
3216 | level: advanced | |
3217 | desc: mclock weight for object data requests | |
3218 | default: 100 | |
3219 | services: | |
3220 | - rgw | |
3221 | see_also: | |
3222 | - rgw_dmclock_auth_res | |
3223 | - rgw_dmclock_auth_lim | |
3224 | - name: rgw_dmclock_auth_lim | |
3225 | type: float | |
3226 | level: advanced | |
3227 | desc: mclock limit for object data requests | |
3228 | default: 0 | |
3229 | services: | |
3230 | - rgw | |
3231 | see_also: | |
3232 | - rgw_dmclock_auth_res | |
3233 | - rgw_dmclock_auth_wgt | |
3234 | - name: rgw_dmclock_data_res | |
3235 | type: float | |
3236 | level: advanced | |
3237 | desc: mclock reservation for object data requests | |
3238 | default: 500 | |
3239 | services: | |
3240 | - rgw | |
3241 | see_also: | |
3242 | - rgw_dmclock_data_wgt | |
3243 | - rgw_dmclock_data_lim | |
3244 | - name: rgw_dmclock_data_wgt | |
3245 | type: float | |
3246 | level: advanced | |
3247 | desc: mclock weight for object data requests | |
3248 | default: 500 | |
3249 | services: | |
3250 | - rgw | |
3251 | see_also: | |
3252 | - rgw_dmclock_data_res | |
3253 | - rgw_dmclock_data_lim | |
3254 | - name: rgw_dmclock_data_lim | |
3255 | type: float | |
3256 | level: advanced | |
3257 | desc: mclock limit for object data requests | |
3258 | default: 0 | |
3259 | services: | |
3260 | - rgw | |
3261 | see_also: | |
3262 | - rgw_dmclock_data_res | |
3263 | - rgw_dmclock_data_wgt | |
3264 | - name: rgw_dmclock_metadata_res | |
3265 | type: float | |
3266 | level: advanced | |
3267 | desc: mclock reservation for metadata requests | |
3268 | default: 500 | |
3269 | services: | |
3270 | - rgw | |
3271 | see_also: | |
3272 | - rgw_dmclock_metadata_wgt | |
3273 | - rgw_dmclock_metadata_lim | |
3274 | - name: rgw_dmclock_metadata_wgt | |
3275 | type: float | |
3276 | level: advanced | |
3277 | desc: mclock weight for metadata requests | |
3278 | default: 500 | |
3279 | services: | |
3280 | - rgw | |
3281 | see_also: | |
3282 | - rgw_dmclock_metadata_res | |
3283 | - rgw_dmclock_metadata_lim | |
3284 | - name: rgw_dmclock_metadata_lim | |
3285 | type: float | |
3286 | level: advanced | |
3287 | desc: mclock limit for metadata requests | |
3288 | default: 0 | |
3289 | services: | |
3290 | - rgw | |
3291 | see_also: | |
3292 | - rgw_dmclock_metadata_res | |
3293 | - rgw_dmclock_metadata_wgt | |
3294 | - name: rgw_default_data_log_backing | |
3295 | type: str | |
3296 | level: advanced | |
3297 | desc: Default backing store for the RGW data sync log | |
3298 | long_desc: Whether to use the older OMAP backing store or the high performance FIFO | |
3299 | based backing store by default. This only covers the creation of the log on startup | |
3300 | if none exists. | |
3301 | default: fifo | |
3302 | services: | |
3303 | - rgw | |
3304 | enum_values: | |
3305 | - fifo | |
3306 | - omap | |
3307 | - name: rgw_d3n_l1_local_datacache_enabled | |
3308 | type: bool | |
3309 | level: advanced | |
3310 | desc: Enable datacenter-scale dataset delivery local cache | |
3311 | default: false | |
3312 | services: | |
3313 | - rgw | |
3314 | with_legacy: true | |
3315 | - name: rgw_d3n_l1_datacache_persistent_path | |
3316 | type: str | |
3317 | level: advanced | |
3318 | desc: path for the directory for storing the local cache objects data | |
3319 | default: /tmp/rgw_datacache/ | |
3320 | services: | |
3321 | - rgw | |
3322 | with_legacy: true | |
3323 | - name: rgw_d3n_l1_datacache_size | |
3324 | type: size | |
3325 | level: advanced | |
3326 | desc: datacache maximum size on disk in bytes | |
3327 | default: 1_G | |
3328 | services: | |
3329 | - rgw | |
3330 | with_legacy: true | |
3331 | - name: rgw_d3n_l1_evict_cache_on_start | |
3332 | type: bool | |
3333 | level: advanced | |
3334 | desc: clear the content of the persistent data cache directory on start | |
3335 | default: true | |
3336 | services: | |
3337 | - rgw | |
3338 | with_legacy: true | |
3339 | - name: rgw_d3n_l1_fadvise | |
3340 | type: int | |
3341 | level: advanced | |
3342 | desc: posix_fadvise() flag for access pattern of cache files | |
3343 | long_desc: for example to bypass the page-cache - | |
3344 | POSIX_FADV_DONTNEED=4 | |
3345 | default: 4 | |
3346 | services: | |
3347 | - rgw | |
3348 | with_legacy: true | |
3349 | - name: rgw_d3n_l1_eviction_policy | |
3350 | type: str | |
3351 | level: advanced | |
3352 | desc: select the d3n cache eviction policy | |
3353 | default: lru | |
3354 | services: | |
3355 | - rgw | |
3356 | enum_values: | |
3357 | - lru | |
3358 | - random | |
3359 | with_legacy: true | |
3360 | - name: rgw_d3n_libaio_aio_threads | |
3361 | type: int | |
3362 | level: advanced | |
3363 | desc: specifies the maximum number of worker threads that may be used by libaio | |
3364 | default: 20 | |
3365 | services: | |
3366 | - rgw | |
3367 | see_also: | |
3368 | - rgw_thread_pool_size | |
3369 | with_legacy: true | |
3370 | - name: rgw_d3n_libaio_aio_num | |
3371 | type: int | |
3372 | level: advanced | |
3373 | desc: specifies the maximum number of simultaneous I/O requests that libaio expects to enqueue | |
3374 | default: 64 | |
3375 | services: | |
3376 | - rgw | |
3377 | see_also: | |
3378 | - rgw_thread_pool_size | |
3379 | with_legacy: true | |
3380 | - name: rgw_backend_store | |
3381 | type: str | |
3382 | level: advanced | |
3383 | desc: experimental Option to set backend store type | |
3384 | long_desc: defaults to rados. Other valid values are dbstore(experimental). | |
3385 | default: rados | |
3386 | services: | |
3387 | - rgw | |
3388 | enum_values: | |
3389 | - rados | |
3390 | - dbstore | |
3391 | - name: rgw_luarocks_location | |
3392 | type: str | |
3393 | level: advanced | |
3394 | desc: Directory where luarocks install packages from allowlist | |
3395 | default: @rgw_luarocks_location@ | |
3396 | services: | |
3397 | - rgw | |
3398 | flags: | |
3399 | - startup |