Search

Chapter 6. Object Storage

download PDF

6.1. Object Storage Configuration Options

OpenStack Object Storage uses multiple configuration files for multiple services and background daemons, and paste.deploy to manage server configurations. Default configuration options appear in the [DEFAULT] section. You can override the default values by setting values in the other sections.

6.1.1. Description of Configuration Options

The following tables provide a comprehensive list of the Object Storage configuration options.
Table 6.1. Description of configuration options for [account-auditor] in account-server.conf
Configuration option = Default value
Description
accounts_per_second = 200
Maximum accounts audited per second. Should be tuned according to individual system specs. 0 is unlimited.
interval = 1800
Minimum time for a pass to take
log_address = /dev/log
Location where syslog sends the logs to
log_facility = LOG_LOCAL0
Syslog log facility
log_level = INFO
Logging level
log_name = account-auditor
Label used when logging
recon_cache_path = /var/cache/swift
Directory where stats for a few items will be stored
Table 6.2. Description of configuration options for [account-reaper] in account-server.conf
Configuration option = Default value
Description
concurrency = 25
Number of replication workers to spawn
conn_timeout = 0.5
Connection timeout to external services
delay_reaping = 0
Normally, the reaper begins deleting account information for deleted accounts immediately; you can set this to delay its work however. The value is in seconds, 2592000 = 30 days, for example. bind to giving up worker can process simultaneously (it will actually accept(2) N + 1). Setting this to one (1) will only handle one request at a time, without accepting another request concurrently. By increasing the number of workers to a much higher value, one can reduce the impact of slow file system operations in one request from negatively impacting other requests.
interval = 3600
Minimum time for a pass to take
log_address = /dev/log
Location where syslog sends the logs to
log_facility = LOG_LOCAL0
Syslog log facility
log_level = INFO
Logging level
log_name = account-reaper
Label used when logging
node_timeout = 10
Request timeout to external services
reap_warn_after = 2592000
If the account fails to be reaped due to a persistent error, the account reaper will log a message such as:
Account <name> has not been reaped since <date>
You can search logs for this message if space is not being reclaimed after you delete account(s). This is in addition to any time requested by delay_reaping.
Table 6.3. Description of configuration options for [account-replicator] in account-server.conf
Configuration option = Default value
Description
concurrency = 8
Number of replication workers to spawn
conn_timeout = 0.5
Connection timeout to external services
interval = 30
Minimum time for a pass to take
log_address = /dev/log
Location where syslog sends the logs to
log_facility = LOG_LOCAL0
Syslog log facility
log_level = INFO
Logging level
log_name = account-replicator
Label used when logging
max_diffs = 100
Caps how long the replicator spends trying to sync a database per pass
node_timeout = 10
Request timeout to external services
per_diff = 1000
Limit number of items to get per diff
reclaim_age = 604800
Time elapsed in seconds before an object can be reclaimed
recon_cache_path = /var/cache/swift
Directory where stats for a few items will be stored
rsync_compress = no
Allow rsync to compress data which is transmitted to destination node during sync. However, this is applicable only when destination node is in a different region than the local one.
rsync_module = {replication_ip}::account
Format of the rsync module where the replicator will send data. The configuration value can include some variables that will be extracted from the ring. Variables must follow the format {NAME} where NAME is one of: ip, port, replication_ip, replication_port, region, zone, device, meta. See etc/rsyncd.conf-sample for some examples. uses what's set here, or what's set in the DEFAULT section, or 10 (though other sections use 3 as the final default).
run_pause = 30
Time in seconds to wait between replication passes
Table 6.4. Description of configuration options for [app-account-server] in account-server.conf
Configuration option = Default value
Description
auto_create_account_prefix = .
Prefix to use when automatically creating accounts
replication_server = false
If defined, tells server how to handle replication verbs in requests. When set to True (or 1), only replication verbs will be accepted. When set to False, replication verbs will be rejected. When undefined, server will accept any verb in the request.
set log_address = /dev/log
Location where syslog sends the logs to
set log_facility = LOG_LOCAL0
Syslog log facility
set log_level = INFO
Log level
set log_name = account-server
Label to use when logging
set log_requests = true
Whether or not to log requests
use = egg:swift#account
Entry point of paste.deploy in the server
Table 6.5. Description of configuration options for [DEFAULT] in account-server.conf
Configuration option = Default value
Description
backlog = 4096
Maximum number of allowed pending TCP connections
bind_ip = 0.0.0.0
IP Address for server to bind to
bind_port = 6002
Port for server to bind to
bind_timeout = 30
Seconds to attempt bind before giving up
db_preallocation = off
If you don't mind the extra disk space usage in overhead, you can turn this on to preallocate disk space with SQLite databases to decrease fragmentation. underlying filesystem does not support it. to setup custom log handlers. bytes you'd like fallocate to reserve, whether there is space for the given file size or not. This is useful for systems that behave badly when they completely run out of space; you can make the services pretend they're out of space early. server. For most cases, this should be
devices = /srv/node
Parent directory of where devices are mounted
disable_fallocate = false
Disable "fast fail" fallocate checks if the underlying filesystem does not support it.
eventlet_debug = false
If true, turn on debug logging for eventlet
fallocate_reserve = 0
You can set fallocate_reserve to the number of bytes you'd like fallocate to reserve, whether there is space for the given file size or not. This is useful for systems that behave badly when they completely run out of space; you can make the services pretend they're out of space early. server. For most cases, this should be
log_address = /dev/log
Location where syslog sends the logs to
log_custom_handlers =
Comma-separated list of functions to call to setup custom log handlers.
log_facility = LOG_LOCAL0
Syslog log facility
log_level = INFO
Logging level
log_max_line_length = 0
Caps the length of log lines to the value given; no limit if set to 0, the default.
log_name = swift
Label used when logging
log_statsd_default_sample_rate = 1.0
Defines the probability of sending a sample for any given event or timing measurement.
log_statsd_host = localhost
If not set, the StatsD feature is disabled.
log_statsd_metric_prefix =
Value will be prepended to every metric sent to the StatsD server.
log_statsd_port = 8125
Port value for the StatsD server.
log_statsd_sample_rate_factor = 1.0
Not recommended to set this to a value less than 1.0, if frequency of logging is too high, tune the log_statsd_default_sample_rate instead.
log_udp_host =
If not set, the UDP receiver for syslog is disabled.
log_udp_port = 514
Port value for UDP receiver, if enabled.
max_clients = 1024
Maximum number of clients one worker can process simultaneously Lowering the number of clients handled per worker, and raising the number of workers can lessen the impact that a CPU intensive, or blocking, request can have on other requests served by the same worker. If the maximum number of clients is set to one, then a given worker will not perform another call while processing, allowing other workers a chance to process it.
mount_check = true
Whether or not check if the devices are mounted to prevent accidentally writing to the root device
swift_dir = /etc/swift
Swift configuration directory
user = swift
User to run as
workers = auto
a much higher value, one can reduce the impact of slow file system operations in one request from negatively impacting other requests.
Table 6.6. Description of configuration options for [filter-healthcheck] in account-server.conf
Configuration option = Default value
Description
disable_path =
An optional filesystem path, which if present, will cause the healthcheck URL to return "503 Service Unavailable" with a body of "DISABLED BY FILE"
use = egg:swift#healthcheck
Entry point of paste.deploy in the server
Table 6.7. Description of configuration options for [filter-recon] in account-server.conf
Configuration option = Default value
Description
recon_cache_path = /var/cache/swift
Directory where stats for a few items will be stored
use = egg:swift#recon
Entry point of paste.deploy in the server
Table 6.8. Description of configuration options for [filter-xprofile] in account-server.conf
Configuration option = Default value
Description
dump_interval = 5.0
the profile data will be dumped to local disk based on above naming rule in this interval (seconds).
dump_timestamp = false
Be careful, this option will enable the profiler to dump data into the file with a time stamp which means that there will be lots of files piled up in the directory.
flush_at_shutdown = false
Clears the data when the wsgi server shutdowns.
log_filename_prefix = /tmp/log/swift/profile/default.profile
This prefix is used to combine the process ID and timestamp to name the profile data file. Make sure the executing user has permission to write into this path. Any missing path segments will be created, if necessary. When you enable profiling in more than one type of daemon, you must override it with a unique value like: /var/log/swift/profile/accoutn.profile
path = /__profile__
This is the path of the URL to access the mini web UI.
profile_module = eventlet.green.profile
This option enables you to switch profilers which inherit from the Python standard profiler. Currently, the supported value can be ‘cProfile’, ‘eventlet.green.profile’, etc.
unwind = false
unwind the iterator of applications
use = egg:swift#xprofile
Entry point of paste.deploy in the server
Table 6.9. Description of configuration options for [pipeline-main] in account-server.conf
Configuration option = Default value
Description
pipeline = healthcheck recon account-server
Pipeline to use for processing operations.
Table 6.10. Description of configuration options for [app-proxy-server] in container-reconciler.conf
Configuration option = Default value
Description
use = egg:swift#proxy
Entry point of paste.deploy in the server
Table 6.11. Description of configuration options for [container-reconciler] in container-reconciler.conf
Configuration option = Default value
Description
interval = 30
Minimum time for a pass to take
reclaim_age = 604800
Time elapsed in seconds before an object can be reclaimed
request_tries = 3
Server errors from requests will be retried by default
Table 6.12. Description of configuration options for [DEFAULT] in container-reconciler.conf
Configuration option = Default value
Description
log_address = /dev/log
Location where syslog sends the logs to
log_custom_handlers =
Comma-separated list of functions to call to setup custom log handlers.
log_facility = LOG_LOCAL0
Syslog log facility
log_level = INFO
Logging level
log_name = swift
Label used when logging
log_statsd_default_sample_rate = 1.0
Defines the probability of sending a sample for any given event or timing measurement.
log_statsd_host = localhost
If not set, the StatsD feature is disabled.
log_statsd_metric_prefix =
Value will be prepended to every metric sent to the StatsD server.
log_statsd_port = 8125
Port value for the StatsD server.
log_statsd_sample_rate_factor = 1.0
Not recommended to set this to a value less than 1.0, if frequency of logging is too high, tune the log_statsd_default_sample_rate instead.
log_udp_host =
If not set, the UDP receiver for syslog is disabled.
log_udp_port = 514
Port value for UDP receiver, if enabled.
swift_dir = /etc/swift
Swift configuration directory
user = swift
User to run as
Table 6.13. Description of configuration options for [filter-cache] in container-reconciler.conf
Configuration option = Default value
Description
use = egg:swift#memcache
Entry point of paste.deploy in the server
Table 6.14. Description of configuration options for [filter-catch_errors] in container-reconciler.conf
Configuration option = Default value
Description
use = egg:swift#catch_errors
Entry point of paste.deploy in the server
Table 6.15. Description of configuration options for [filter-proxy-logging] in container-reconciler.conf
Configuration option = Default value
Description
use = egg:swift#proxy_logging
Entry point of paste.deploy in the server
Table 6.16. Description of configuration options for [pipeline-main] in container-reconciler.conf
Configuration option = Default value
Description
pipeline = catch_errors proxy-logging cache proxy-server
Pipeline to use for processing operations.
Table 6.17. Description of configuration options for [app-container-server] in container-server.conf
Configuration option = Default value
Description
allow_versions = false
Enable/Disable object versioning feature
auto_create_account_prefix = .
Prefix to use when automatically creating accounts
conn_timeout = 0.5
Connection timeout to external services
node_timeout = 3
Request timeout to external services
replication_server = false
If defined, tells server how to handle replication verbs in requests. When set to True (or 1), only replication verbs will be accepted. When set to False, replication verbs will be rejected. When undefined, server will accept any verb in the request.
set log_address = /dev/log
Location where syslog sends the logs to
set log_facility = LOG_LOCAL0
Syslog log facility
set log_level = INFO
Log level
set log_name = container-server
Label to use when logging
set log_requests = true
Whether or not to log requests
use = egg:swift#container
Entry point of paste.deploy in the server
Table 6.18. Description of configuration options for [container-auditor] in container-server.conf
Configuration option = Default value
Description
containers_per_second = 200
Maximum containers audited per second. Should be tuned according to individual system specs. 0 is unlimited. mounted to prevent accidentally writing to the root device process simultaneously (it will actually accept(2) N + 1). Setting this to one (1) will only handle one request at a time, without accepting another request concurrently. By increasing the number of workers to a much higher value, one can reduce the impact of slow file system operations in one request from negatively impacting other requests.
interval = 1800
Minimum time for a pass to take
log_address = /dev/log
Location where syslog sends the logs to
log_facility = LOG_LOCAL0
Syslog log facility
log_level = INFO
Logging level
log_name = container-auditor
Label used when logging
recon_cache_path = /var/cache/swift
Directory where stats for a few items will be stored
Table 6.19. Description of configuration options for [container-replicator] in container-server.conf
Configuration option = Default value
Description
concurrency = 8
Number of replication workers to spawn
conn_timeout = 0.5
Connection timeout to external services
interval = 30
Minimum time for a pass to take
log_address = /dev/log
Location where syslog sends the logs to
log_facility = LOG_LOCAL0
Syslog log facility
log_level = INFO
Logging level
log_name = container-replicator
Label used when logging
max_diffs = 100
Caps how long the replicator spends trying to sync a database per pass
node_timeout = 10
Request timeout to external services
per_diff = 1000
Limit number of items to get per diff
reclaim_age = 604800
Time elapsed in seconds before an object can be reclaimed
recon_cache_path = /var/cache/swift
Directory where stats for a few items will be stored
rsync_compress = no
Allow rsync to compress data which is transmitted to destination node during sync. However, this is applicable only when destination node is in a different region than the local one.
rsync_module = {replication_ip}::container
Format of the rsync module where the replicator will send data. The configuration value can include some variables that will be extracted from the ring. Variables must follow the format {NAME} where NAME is one of: ip, port, replication_ip, replication_port, region, zone, device, meta. See etc/rsyncd.conf-sample for some examples. uses what's set here, or what's set in the DEFAULT section, or 10 (though other sections use 3 as the final default).
run_pause = 30
Time in seconds to wait between replication passes
Table 6.20. Description of configuration options for [container-sync] in container-server.conf
Configuration option = Default value
Description
conn_timeout = 5
Connection timeout to external services
container_time = 60
Maximum amount of time to spend syncing each container
internal_client_conf_path = /etc/swift/internal-client.conf
Internal client config file path
interval = 300
Minimum time for a pass to take
log_address = /dev/log
Location where syslog sends the logs to
log_facility = LOG_LOCAL0
Syslog log facility
log_level = INFO
Logging level
log_name = container-sync
Label used when logging
request_tries = 3
Server errors from requests will be retried by default
sync_proxy = http://10.1.1.1:8888,http://10.1.1.2:8888
If you need to use an HTTP proxy, set it here. Defaults to no proxy.
Table 6.21. Description of configuration options for [container-updater] in container-server.conf
Configuration option = Default value
Description
account_suppression_time = 60
Seconds to suppress updating an account that has generated an error (timeout, not yet found, etc.)
concurrency = 4
Number of replication workers to spawn
conn_timeout = 0.5
Connection timeout to external services
interval = 300
Minimum time for a pass to take
log_address = /dev/log
Location where syslog sends the logs to
log_facility = LOG_LOCAL0
Syslog log facility
log_level = INFO
Logging level
log_name = container-updater
Label used when logging
node_timeout = 3
Request timeout to external services
recon_cache_path = /var/cache/swift
Directory where stats for a few items will be stored
slowdown = 0.01
Time in seconds to wait between objects
Table 6.22. Description of configuration options for [DEFAULT] in container-server.conf
Configuration option = Default value
Description
allowed_sync_hosts = 127.0.0.1
The list of hosts that are allowed to send syncs to.
backlog = 4096
Maximum number of allowed pending TCP connections
bind_ip = 0.0.0.0
IP Address for server to bind to
bind_port = 6001
Port for server to bind to
bind_timeout = 30
Seconds to attempt bind before giving up
db_preallocation = off
If you don't mind the extra disk space usage in overhead, you can turn this on to preallocate disk space with SQLite databases to decrease fragmentation. underlying filesystem does not support it. to setup custom log handlers. bytes you'd like fallocate to reserve, whether there is space for the given file size or not. This is useful for systems that behave badly when they completely run out of space; you can make the services pretend they're out of space early. server. For most cases, this should be
devices = /srv/node
Parent directory of where devices are mounted
disable_fallocate = false
Disable "fast fail" fallocate checks if the underlying filesystem does not support it.
eventlet_debug = false
If true, turn on debug logging for eventlet
fallocate_reserve = 0
You can set fallocate_reserve to the number of bytes you'd like fallocate to reserve, whether there is space for the given file size or not. This is useful for systems that behave badly when they completely run out of space; you can make the services pretend they're out of space early. server. For most cases, this should be
log_address = /dev/log
Location where syslog sends the logs to
log_custom_handlers =
Comma-separated list of functions to call to setup custom log handlers.
log_facility = LOG_LOCAL0
Syslog log facility
log_level = INFO
Logging level
log_max_line_length = 0
Caps the length of log lines to the value given; no limit if set to 0, the default.
log_name = swift
Label used when logging
log_statsd_default_sample_rate = 1.0
Defines the probability of sending a sample for any given event or timing measurement.
log_statsd_host = localhost
If not set, the StatsD feature is disabled.
log_statsd_metric_prefix =
Value will be prepended to every metric sent to the StatsD server.
log_statsd_port = 8125
Port value for the StatsD server.
log_statsd_sample_rate_factor = 1.0
Not recommended to set this to a value less than 1.0, if frequency of logging is too high, tune the log_statsd_default_sample_rate instead.
log_udp_host =
If not set, the UDP receiver for syslog is disabled.
log_udp_port = 514
Port value for UDP receiver, if enabled.
max_clients = 1024
Maximum number of clients one worker can process simultaneously Lowering the number of clients handled per worker, and raising the number of workers can lessen the impact that a CPU intensive, or blocking, request can have on other requests served by the same worker. If the maximum number of clients is set to one, then a given worker will not perform another call while processing, allowing other workers a chance to process it.
mount_check = true
Whether or not check if the devices are mounted to prevent accidentally writing to the root device
swift_dir = /etc/swift
Swift configuration directory
user = swift
User to run as
workers = auto
a much higher value, one can reduce the impact of slow file system operations in one request from negatively impacting other requests.
Table 6.23. Description of configuration options for [filter-healthcheck] in container-server.conf
Configuration option = Default value
Description
disable_path =
An optional filesystem path, which if present, will cause the healthcheck URL to return "503 Service Unavailable" with a body of "DISABLED BY FILE"
use = egg:swift#healthcheck
Entry point of paste.deploy in the server
Table 6.24. Description of configuration options for [filter-recon] in container-server.conf
Configuration option = Default value
Description
recon_cache_path = /var/cache/swift
Directory where stats for a few items will be stored
use = egg:swift#recon
Entry point of paste.deploy in the server
Table 6.25. Description of configuration options for [filter-xprofile] in container-server.conf
Configuration option = Default value
Description
dump_interval = 5.0
the profile data will be dumped to local disk based on above naming rule in this interval (seconds).
dump_timestamp = false
Be careful, this option will enable the profiler to dump data into the file with a time stamp which means that there will be lots of files piled up in the directory.
flush_at_shutdown = false
Clears the data when the wsgi server shutdowns.
log_filename_prefix = /tmp/log/swift/profile/default.profile
This prefix is used to combine the process ID and timestamp to name the profile data file. Make sure the executing user has permission to write into this path. Any missing path segments will be created, if necessary. When you enable profiling in more than one type of daemon, you must override it with a unique value like: /var/log/swift/profile/object.profile
path = /__profile__
This is the path of the URL to access the mini web UI.
profile_module = eventlet.green.profile
This option enables you to switch profilers which inherit from the Python standard profiler. Currently, the supported value can be 'cProfile', 'eventlet.green.profile', etc.
unwind = false
unwind the iterator of applications
use = egg:swift#xprofile
Entry point of paste.deploy in the server
Table 6.26. Description of configuration options for [pipeline-main] in container-server.conf
Configuration option = Default value
Description
pipeline = healthcheck recon container-server
Pipeline to use for processing operations.
Table 6.27. Description of configuration options for [DEFAULT] in container-sync-realms.conf
Configuration option = Default value
Description
mtime_check_interval = 300
The number of seconds between checking the modified time of this config file for changes and therefore reloading it.
Table 6.28. Description of configuration options for [realm1] in container-sync-realms.conf
Configuration option = Default value
Description
cluster_clustername1 = https://host1/v1/
Any values in the realm section whose names begin with cluster_ will indicate the name and endpoint of a cluster and will be used by external users in their containers' X-Container-Sync-To metadata header values with the format "realm_name/cluster_name/container_name". Realm and cluster names are considered case insensitive.
cluster_clustername2 = https://host2/v1/
Any values in the realm section whose names begin with cluster_ will indicate the name and endpoint of a cluster and will be used by external users in their containers' X-Container-Sync-To metadata header values with the format "realm_name/cluster_name/container_name". Realm and cluster names are considered case insensitive.
key = realm1key
The key is the overall cluster-to-cluster key used in combination with the external users' key that they set on their containers' X-Container-Sync-Key metadata header values. These keys will be used to sign each request the container sync daemon makes and used to validate each incoming container sync request.
key2 = realm1key2
The key2 is optional and is an additional key incoming requests will be checked against. This is so you can rotate keys if you wish; you move the existing key to key2 and make a new key value.
Table 6.29. Description of configuration options for [realm2] in container-sync-realms.conf
Configuration option = Default value
Description
cluster_clustername3 = https://host3/v1/
Any values in the realm section whose names begin with cluster_ will indicate the name and endpoint of a cluster and will be used by external users in their containers' X-Container-Sync-To metadata header values with the format "realm_name/cluster_name/container_name". Realm and cluster names are considered case insensitive.
cluster_clustername4 = https://host4/v1/
Any values in the realm section whose names begin with cluster_ will indicate the name and endpoint of a cluster and will be used by external users in their containers' X-Container-Sync-To metadata header values with the format "realm_name/cluster_name/container_name". Realm and cluster names are considered case insensitive.
key = realm2key
The key is the overall cluster-to-cluster key used in combination with the external users' key that they set on their containers' X-Container-Sync-Key metadata header values. These keys will be used to sign each request the container sync daemon makes and used to validate each incoming container sync request.
key2 = realm2key2
The key2 is optional and is an additional key incoming requests will be checked against. This is so you can rotate keys if you wish; you move the existing key to key2 and make a new key value.
Table 6.30. Description of configuration options for [dispersion] in dispersion.conf
Configuration option = Default value
Description
auth_key = testing
No help text available for this option.
auth_url = http://localhost:8080/auth/v1.0
Endpoint for auth server, such as keystone
auth_user = test:tester
Default user for dispersion in this context
auth_version = 1.0
Indicates which version of auth
concurrency = 25
Number of replication workers to spawn
container_populate = yes
No help text available for this option.
container_report = yes
No help text available for this option.
dispersion_coverage = 1.0
No help text available for this option.
dump_json = no
No help text available for this option.
endpoint_type = publicURL
Indicates whether endpoint for auth is public or internal
keystone_api_insecure = no
Allow accessing insecure keystone server. The keystone's certificate will not be verified.
object_populate = yes
No help text available for this option.
object_report = yes
No help text available for this option.
project_domain_name = project_domain
No help text available for this option.
project_name = project
No help text available for this option.
retries = 5
No help text available for this option.
swift_dir = /etc/swift
Swift configuration directory
user_domain_name = user_domain
No help text available for this option.
Table 6.31. Description of configuration options for [drive-audit] in drive-audit.conf
Configuration option = Default value
Description
device_dir = /srv/node
Directory devices are mounted under
error_limit = 1
Number of errors to find before a device is unmounted
log_address = /dev/log
Location where syslog sends the logs to
log_facility = LOG_LOCAL0
Syslog log facility
log_file_pattern = /var/log/kern.*[!.][!g][!z]
Location of the log file with globbing pattern to check against device errors locate device blocks with errors in the log file
log_level = INFO
Logging level
log_max_line_length = 0
Caps the length of log lines to the value given; no limit if set to 0, the default.
log_name = drive-audit
Label used when logging
log_to_console = False
No help text available for this option.
minutes = 60
Number of minutes to look back in
recon_cache_path = /var/cache/swift
Directory where stats for a few items will be stored
regex_pattern_1 = \berror\b.*\b(dm-[0-9]{1,2}\d?)\b
No help text available for this option.
unmount_failed_device = True
No help text available for this option.
Table 6.32. Description of configuration options for [app-proxy-server] in internal-client.conf
Configuration option = Default value
Description
use = egg:swift#proxy
Entry point of paste.deploy in the server
Table 6.33. Description of configuration options for [DEFAULT] in internal-client.conf
Configuration option = Default value
Description
log_address = /dev/log
Location where syslog sends the logs to
log_custom_handlers = `` ``
Comma-separated list of functions to call to setup custom log handlers.
log_facility = LOG_LOCAL0
Syslog log facility
log_level = INFO
Logging level
log_name = swift
Label used when logging
log_statsd_default_sample_rate = 1.0
Defines the probability of sending a sample for any given event or timing measurement.
log_statsd_host = localhost
If not set, the StatsD feature is disabled.
log_statsd_metric_prefix = `` ``
Value will be prepended to every metric sent to the StatsD server.
log_statsd_port = 8125
Port value for the StatsD server.
log_statsd_sample_rate_factor = 1.0
Not recommended to set this to a value less than 1.0, if frequency of logging is too high, tune the log_statsd_default_sample_rate instead.
log_udp_host = `` ``
If not set, the UDP receiver for syslog is disabled.
log_udp_port = 514
Port value for UDP receiver, if enabled.
swift_dir = /etc/swift
Swift configuration directory
user = swift
User to run as
Table 6.34. Description of configuration options for [filter-cache] in internal-client.conf
Configuration option = Default value
Description
use = egg:swift#memcache
Entry point of paste.deploy in the server
Table 6.35. Description of configuration options for [filter-catch_errors] in internal-client.conf
Configuration option = Default value
Description
use = egg:swift#catch_errors
Entry point of paste.deploy in the server
Table 6.36. Description of configuration options for [filter-proxy-logging] in internal-client.conf
Configuration option = Default value
Description
use = egg:swift#proxy_logging
Entry point of paste.deploy in the server
Table 6.37. Description of configuration options for [pipeline-main] in internal-client.conf
Configuration option = Default value
Description
pipeline = catch_errors proxy-logging cache proxy-server
No help text available for this option.
Table 6.38. Description of configuration options for [memcache] in memcache.conf
Configuration option = Default value
Description
connect_timeout = 0.3
Timeout in seconds (float) for connection.
io_timeout = 2.0
Timeout in seconds (float) for read and write.
memcache_max_connections = 2
Max number of connections to each memcached server per worker services.
memcache_serialization_support = 2
Sets how memcache values are serialized and deserialized.
memcache_servers = 127.0.0.1:11211
Comma-separated list of memcached servers ip:port services.
pool_timeout = 1.0
Timeout in seconds (float) for pooled connection.
tries = 3
Number of servers to retry on failures getting a pooled connection.
Table 6.39. Description of configuration options for [app-proxy-server] in object-expirer.conf
Configuration option = Default value
Description
use = egg:swift#proxy
Entry point of paste.deploy in the server
Table 6.40. Description of configuration options for [DEFAULT] in object-expirer.conf
Configuration option = Default value
Description
log_address = /dev/log
Location where syslog sends the logs to
log_custom_handlers =
Comma-separated list of functions to call to setup custom log handlers.
log_facility = LOG_LOCAL0
Syslog log facility
log_level = INFO
Logging level
log_max_line_length = 0
Caps the length of log lines to the value given; no limit if set to 0, the default.
log_name = swift
Label used when logging
log_statsd_default_sample_rate = 1.0
Defines the probability of sending a sample for any given event or timing measurement.
log_statsd_host = localhost
If not set, the StatsD feature is disabled.
log_statsd_metric_prefix =
Value will be prepended to every metric sent to the StatsD server.
log_statsd_port = 8125
Port value for the StatsD server.
log_statsd_sample_rate_factor = 1.0
Not recommended to set this to a value less than 1.0, if frequency of logging is too high, tune the log_statsd_default_sample_rate instead.
log_udp_host =
If not set, the UDP receiver for syslog is disabled.
log_udp_port = 514
Port value for UDP receiver, if enabled.
swift_dir = /etc/swift
Swift configuration directory
user = swift
User to run as
Table 6.41. Description of configuration options for [filter-cache] in object-expirer.conf
Configuration option = Default value
Description
use = egg:swift#memcache
Entry point of paste.deploy in the server
Table 6.42. Description of configuration options for [filter-catch_errors] in object-expirer.conf
Configuration option = Default value
Description
use = egg:swift#catch_errors
Entry point of paste.deploy in the server
Table 6.43. Description of configuration options for [filter-proxy-logging] in object-expirer.conf
Configuration option = Default value
Description
access_log_address = /dev/log
Location where syslog sends the logs to. If not set, logging directives from [DEFAULT] without "access_" will be used.
access_log_facility = LOG_LOCAL0
Syslog facility to receive log lines. If not set, logging directives from [DEFAULT] without "access_" will be used.
access_log_headers = false
Header to receive log lines. If not set, logging directives from [DEFAULT] without "access_" will be used.
access_log_headers_only =
If access_log_headers is True and access_log_headers_only is set only these headers are logged. Multiple headers can be defined as comma separated list like this: access_log_headers_only = Host, X-Object-Meta-Mtime
access_log_level = INFO
Syslog logging level to receive log lines. If not set, logging directives from [DEFAULT] without "access_" will be used.
access_log_name = swift
Label used when logging. If not set, logging directives from [DEFAULT] without "access_" will be used.
access_log_statsd_default_sample_rate = 1.0
Defines the probability of sending a sample for any given event or timing measurement. If not set, logging directives from [DEFAULT] without "access_" will be used.
access_log_statsd_host = localhost
You can use log_statsd_* from [DEFAULT], or override them here. StatsD server. IPv4/IPv6 addresses and hostnames are supported. If a hostname resolves to an IPv4 and IPv6 address, the IPv4 address will be used.
access_log_statsd_metric_prefix =
Value will be prepended to every metric sent to the StatsD server. If not set, logging directives from [DEFAULT] without "access_" will be used.
access_log_statsd_port = 8125
Port value for the StatsD server. If not set, logging directives from [DEFAULT] without "access_" will be used.
access_log_statsd_sample_rate_factor = 1.0
Not recommended to set this to a value less than 1.0, if frequency of logging is too high, tune the log_statsd_default_sample_rate instead. If not set, logging directives from [DEFAULT] without "access_" will be used.
access_log_udp_host =
If not set, the UDP receiver for syslog is disabled. If not set, logging directives from [DEFAULT] without "access_" will be used.
access_log_udp_port = 514
Port value for UDP receiver, if enabled. If not set, logging directives from [DEFAULT] without "access_" will be used.
log_statsd_valid_http_methods = GET,HEAD,POST,PUT,DELETE,COPY,OPTIONS
What HTTP methods are allowed for StatsD logging (comma-sep). request methods not in this list will have "BAD_METHOD" for the <verb> portion of the metric.
reveal_sensitive_prefix = 16
By default, the X-Auth-Token is logged. To obscure the value, set reveal_sensitive_prefix to the number of characters to log. For example, if set to 12, only the first 12 characters of the token appear in the log. An unauthorized access of the log file won't allow unauthorized usage of the token. However, the first 12 or so characters is unique enough that you can trace/debug token usage. Set to 0 to suppress the token completely (replaced by '...' in the log).
Note
reveal_sensitive_prefix will not affect the value logged with access_log_headers=True.
use = egg:swift#proxy_logging
Entry point of paste.deploy in the server
Table 6.44. Description of configuration options for [object-expirer] in object-expirer.conf
Configuration option = Default value
Description
auto_create_account_prefix = .
Prefix to use when automatically creating accounts
concurrency = 1
Number of replication workers to spawn
expiring_objects_account_name = expiring_objects
Account name for expiring objects.
interval = 300
Minimum time for a pass to take
process = 0
(it will actually accept(2) N + 1). Setting this to one (1) will only handle one request at a time, without accepting another request concurrently.
processes = 0
for each port (disk) in the ring. If you have 24 disks per server, and this setting is 4, then each storage node will have 1 + (24 * 4) = 97 total object-server processes running. This gives complete I/O isolation, drastically reducing the impact of slow disks on storage node performance. The object-replicator and object-reconstructor need to see this setting too, so it must be in the [DEFAULT] section.
reclaim_age = 604800
Time elapsed in seconds before an object can be reclaimed
recon_cache_path = /var/cache/swift
Directory where stats for a few items will be stored
report_interval = 300
Interval in seconds between reports.
Table 6.45. Description of configuration options for [pipeline-main] in object-expirer.conf
Configuration option = Default value
Description
pipeline = catch_errors proxy-logging cache proxy-server
Pipeline to use for processing operations.
Table 6.46. Description of configuration options for [app-object-server] in object-server.conf
Configuration option = Default value
Description
allowed_headers = Content-Disposition, Content-Encoding, X-Delete-At, X-Object-Manifest, X-Static-Large-Object
Comma-separated list of headers that can be set in metadata of an object
auto_create_account_prefix = .
Prefix to use when automatically creating accounts
keep_cache_private = false
Allow non-public objects to stay in kernel's buffer cache
keep_cache_size = 5242880
Largest object size to keep in buffer cache
max_upload_time = 86400
Maximum time allowed to upload an object
mb_per_sync = 512
On PUT requests, sync file every n MB
replication_concurrency = 4
Set to restrict the number of concurrent incoming REPLICATION requests; set to 0 for unlimited
replication_failure_ratio = 1.0
If the value of failures / successes of REPLICATION subrequests exceeds this ratio, the overall REPLICATION request will be aborted
replication_failure_threshold = 100
The number of subrequest failures before the replication_failure_ratio is checked
replication_lock_timeout = 15
Number of seconds to wait for an existing replication device lock before giving up.
replication_one_per_device = True
Restricts incoming REPLICATION requests to one per device, replication_currency above allowing. This can help control I/O to each device, but you may wish to set this to False to allow multiple REPLICATION requests (up to the above replication_concurrency setting) per device.
replication_server = false
If defined, tells server how to handle replication verbs in requests. When set to True (or 1), only replication verbs will be accepted. When set to False, replication verbs will be rejected. When undefined, server will accept any verb in the request.
set log_address = /dev/log
Location where syslog sends the logs to
set log_facility = LOG_LOCAL0
Syslog log facility
set log_level = INFO
Log level
set log_name = object-server
Label to use when logging
set log_requests = true
Whether or not to log requests
slow = 0
If > 0, Minimum time in seconds for a PUT or DELETE request to complete
splice = no
Use splice() for zero-copy object GETs. This requires Linux kernel version 3.0 or greater. When you set "splice = yes" but the kernel does not support it, error messages will appear in the object server logs at startup, but your object servers should continue to function.
threads_per_disk = 0
Size of the per-disk thread pool used for performing disk I/O. The default of 0 means to not use a per-disk thread pool. It is recommended to keep this value small, as large values can result in high read latencies due to large queue depths. A good starting point is 4 threads per disk.
use = egg:swift#object
Entry point of paste.deploy in the server
Table 6.47. Description of configuration options for [DEFAULT] in object-server.conf
Configuration option = Default value
Description
backlog = 4096
Maximum number of allowed pending TCP connections
bind_ip = 0.0.0.0
IP Address for server to bind to
bind_port = 6000
Port for server to bind to
bind_timeout = 30
Seconds to attempt bind before giving up
client_timeout = 60
Time to wait while receiving each chunk of data from a client or another backend node
conn_timeout = 0.5
Connection timeout to external services
container_update_timeout = 1.0
Time to wait while sending a container update on object update. object server. For most cases, this should be
devices = /srv/node
Parent directory of where devices are mounted
disable_fallocate = false
Disable "fast fail" fallocate checks if the underlying filesystem does not support it.
disk_chunk_size = 65536
Size of chunks to read/write to disk
eventlet_debug = false
If true, turn on debug logging for eventlet
expiring_objects_account_name = expiring_objects
Account name for the expiring objects
expiring_objects_container_divisor = 86400
Divisor for the expiring objects container
fallocate_reserve = 0
You can set fallocate_reserve to the number of bytes you'd like fallocate to reserve, whether there is space for the given file size or not. This is useful for systems that behave badly when they completely run out of space; you can make the services pretend they're out of space early. server. For most cases, this should be
log_address = /dev/log
Location where syslog sends the logs to
log_custom_handlers = `` ``
Comma-separated list of functions to call to setup custom log handlers.
log_facility = LOG_LOCAL0
Syslog log facility
log_level = INFO
Logging level
log_max_line_length = 0
Caps the length of log lines to the value given; no limit if set to 0, the default.
log_name = swift
Label used when logging
log_statsd_default_sample_rate = 1.0
Defines the probability of sending a sample for any given event or timing measurement.
log_statsd_host = localhost
If not set, the StatsD feature is disabled.
log_statsd_metric_prefix = `` ``
Value will be prepended to every metric sent to the StatsD server.
log_statsd_port = 8125
Port value for the StatsD server.
log_statsd_sample_rate_factor = 1.0
Not recommended to set this to a value less than 1.0, if frequency of logging is too high, tune the log_statsd_default_sample_rate instead.
log_udp_host = `` ``
If not set, the UDP receiver for syslog is disabled.
log_udp_port = 514
Port value for UDP receiver, if enabled.
max_clients = 1024
Maximum number of clients one worker can process simultaneously Lowering the number of clients handled per worker, and raising the number of workers can lessen the impact that a CPU intensive, or blocking, request can have on other requests served by the same worker. If the maximum number of clients is set to one, then a given worker will not perform another call while processing, allowing other workers a chance to process it.
mount_check = true
Whether or not check if the devices are mounted to prevent accidentally writing to the root device
network_chunk_size = 65536
Size of chunks to read/write over the network
node_timeout = 3
Request timeout to external services
servers_per_port = 0
If each disk in each storage policy ring has unique port numbers for its "ip" value, you can use this setting to have each object-server worker only service requests for the single disk matching the port in the ring. The value of this setting determines how many worker processes run for each port (disk) in the
swift_dir = /etc/swift
Swift configuration directory
user = swift
User to run as
workers = auto
a much higher value, one can reduce the impact of slow file system operations in one request from negatively impacting other requests.
Table 6.48. Description of configuration options for [filter-healthcheck] in object-server.conf
Configuration option = Default value
Description
disable_path =
An optional filesystem path, which if present, will cause the healthcheck URL to return "503 Service Unavailable" with a body of "DISABLED BY FILE"
use = egg:swift#healthcheck
Entry point of paste.deploy in the server
Table 6.49. Description of configuration options for [filter-recon] in object-server.conf
Configuration option = Default value
Description
recon_cache_path = /var/cache/swift
Directory where stats for a few items will be stored
recon_lock_path = /var/lock
Directory where lock files will be stored
use = egg:swift#recon
Entry point of paste.deploy in the server
Table 6.50. Description of configuration options for [filter-xprofile] in object-server.conf
Configuration option = Default value
Description
dump_interval = 5.0
the profile data will be dumped to local disk based on above naming rule in this interval (seconds).
dump_timestamp = false
Be careful, this option will enable the profiler to dump data into the file with a time stamp which means that there will be lots of files piled up in the directory.
flush_at_shutdown = false
Clears the data when the wsgi server shutdowns.
log_filename_prefix = /tmp/log/swift/profile/default.profile
This prefix is used to combine the process ID and timestamp to name the profile data file. Make sure the executing user has permission to write into this path. Any missing path segments will be created, if necessary. When you enable profiling in more than one type of daemon, you must override it with a unique value like: /var/log/swift/profile/object.profile
path = /__profile__
This is the path of the URL to access the mini web UI.
profile_module = eventlet.green.profile
This option enables you to switch profilers which inherit from the Python standard profiler. Currently, the supported value can be 'cProfile', 'eventlet.green.profile', etc.
unwind = false
unwind the iterator of applications
use = egg:swift#xprofile
Entry point of paste.deploy in the server
Table 6.51. Description of configuration options for [object-auditor] in object-server.conf
Configuration option = Default value
Description
bytes_per_second = 10000000
Maximum bytes audited per second. Should be tuned according to individual system specs. 0 is unlimited. mounted to prevent accidentally writing to the root device process simultaneously (it will actually accept(2) N + 1). Setting this to one (1) will only handle one request at a time, without accepting another request concurrently. By increasing the number of workers to a much higher value, one can reduce the impact of slow file system operations in one request from negatively impacting other requests. underlying filesystem does not support it. to setup custom log handlers. bytes you'd like fallocate to reserve, whether there is space for the given file size or not. This is useful for systems that behave badly when they completely run out of space; you can make the services pretend they're out of space early. container server. For most cases, this should be
concurrency = 1
Number of replication workers to spawn
disk_chunk_size = 65536
Size of chunks to read/write to disk
files_per_second = 20
Maximum files audited per second. Should be tuned according to individual system specs. 0 is unlimited.
log_address = /dev/log
Location where syslog sends the logs to
log_facility = LOG_LOCAL0
Syslog log facility
log_level = INFO
Logging level
log_name = object-auditor
Label used when logging
log_time = 3600
Frequency of status logs in seconds.
object_size_stats =
Takes a comma-separated list of ints. When set, the object auditor will increment a counter for every object whose size is greater or equal to the given breaking points and reports the result after a full scan.
recon_cache_path = /var/cache/swift
Directory where stats for a few items will be stored
zero_byte_files_per_second = 50
Maximum zero byte files audited per second.
Table 6.52. Description of configuration options for [object-reconstructor] in object-server.conf
Configuration option = Default value
Description
concurrency = 1
Number of replication workers to spawn
daemonize = on
Whether or not to run replication as a daemon
handoffs_first = False
If set to True, partitions that are not supposed to be on the node will be replicated first. The default setting should not be changed, except for extreme situations.
http_timeout = 60
Maximum duration for an HTTP request
interval = 30
Minimum time for a pass to take
lockup_timeout = 1800
Attempts to kill all workers if nothing replications for lockup_timeout seconds
log_address = /dev/log
Location where syslog sends the logs to
log_facility = LOG_LOCAL0
Syslog log facility
log_level = INFO
Logging level
log_name = object-reconstructor
Label used when logging
node_timeout = 10
Request timeout to external services
reclaim_age = 604800
Time elapsed in seconds before an object can be reclaimed
recon_cache_path = /var/cache/swift
Directory where stats for a few items will be stored
ring_check_interval = 15
How often (in seconds) to check the ring
run_pause = 30
Time in seconds to wait between replication passes
stats_interval = 300
Interval in seconds between logging replication statistics
Table 6.53. Description of configuration options for [object-replicator] in object-server.conf
Configuration option = Default value
Description
concurrency = 1
Number of replication workers to spawn
daemonize = on
Whether or not to run replication as a daemon
handoff_delete = auto
By default handoff partitions will be removed when it has successfully replicated to all the canonical nodes. If set to an integer n, it will remove the partition if it is successfully replicated to n nodes. The default setting should not be changed, except for extremem situations. This uses what's set here, or what's set in the DEFAULT section, or 10 (though other sections use 3 as the final default).
handoffs_first = False
If set to True, partitions that are not supposed to be on the node will be replicated first. The default setting should not be changed, except for extreme situations.
http_timeout = 60
Maximum duration for an HTTP request
interval = 30
Minimum time for a pass to take
lockup_timeout = 1800
Attempts to kill all workers if nothing replications for lockup_timeout seconds
log_address = /dev/log
Location where syslog sends the logs to
log_facility = LOG_LOCAL0
Syslog log facility
log_level = INFO
Logging level
log_name = object-replicator
Label used when logging
node_timeout = <whatever's in the DEFAULT section or 10>
Request timeout to external services
reclaim_age = 604800
Time elapsed in seconds before an object can be reclaimed
recon_cache_path = /var/cache/swift
Directory where stats for a few items will be stored
ring_check_interval = 15
How often (in seconds) to check the ring
rsync_bwlimit = 0
bandwidth limit for rsync in kB/s. 0 means unlimited
rsync_compress = no
Allows rsync to compress data which is transmitted to the destination node during sync. However, this applies only when the destination node is in a different region than the local one.
Note
Objects that are already compressed (for example: .tar.gz, .mp3) might slow down the syncing process.
rsync_error_log_line_length = 0
Limits the length of the rsync error log lines. 0 will log the entire line.
rsync_io_timeout = 30
Passed to rsync for a max duration (seconds) of an I/O op
rsync_module = {replication_ip}::object
Format of the rsync module where the replicator will send data. The configuration value can include some variables that will be extracted from the ring. Variables must follow the format {NAME} where NAME is one of: ip, port, replication_ip, replication_port, region, zone, device, meta. See etc/rsyncd.conf-sample for some examples. uses what's set here, or what's set in the DEFAULT section, or 10 (though other sections use 3 as the final default).
rsync_timeout = 900
Max duration (seconds) of a partition rsync
run_pause = 30
Time in seconds to wait between replication passes
stats_interval = 300
Interval in seconds between logging replication statistics
sync_method = rsync
default is rsync, alternative is ssync
Table 6.54. Description of configuration options for [object-updater] in object-server.conf
Configuration option = Default value
Description
concurrency = 1
Number of replication workers to spawn
interval = 300
Minimum time for a pass to take
log_address = /dev/log
Location where syslog sends the logs to
log_facility = LOG_LOCAL0
Syslog log facility
log_level = INFO
Logging level
log_name = object-updater
Label used when logging
node_timeout = <whatever's in the DEFAULT section or 10>
Request timeout to external services
recon_cache_path = /var/cache/swift
Directory where stats for a few items will be stored
slowdown = 0.01
Time in seconds to wait between objects
Table 6.55. Description of configuration options for [pipeline-main] in object-server.conf
Configuration option = Default value
Description
pipeline = healthcheck recon object-server
Pipeline to use for processing operations.
Table 6.56. Description of configuration options for [app-proxy-server] in proxy-server.conf
Configuration option = Default value
Description
account_autocreate = false
If set to 'true' authorized accounts that do not yet exist within the Swift cluster will be automatically created.
allow_account_management = false
Whether account PUTs and DELETEs are even callable.
auto_create_account_prefix = .
Prefix to use when automatically creating accounts.
client_chunk_size = 65536
Chunk size to read from clients.
conn_timeout = 0.5
Connection timeout to external services.
deny_host_headers =
Comma separated list of Host headers to which the proxy will deny requests.
error_suppression_interval = 60
Time in seconds that must elapse since the last error for a node to be considered no longer error limited.
error_suppression_limit = 10
Error count to consider a node error limited.
log_handoffs = true
Log handoff requests if handoff logging is enabled and the handoff was not expected.
We only log handoffs when we've pushed the handoff count further than we would normally have expected under normal circumstances, that is (request_node_count - num_primaries), when handoffs goes higher than that it means one of the primaries must have been skipped because of error limiting before we consumed all of our nodes_left.
max_containers_per_account = 0
If set to a positive value, trying to create a container when the account already has at least this maximum containers will result in a 403 Forbidden. Note: This is a soft limit, meaning a user might exceed the cap for recheck_account_existence before the 403s kick in.
max_containers_whitelist =
is a comma separated list of account names that ignore the max_containers_per_account cap.
node_timeout = 10
Request timeout to external services.
object_chunk_size = 65536
Chunk size to read from object servers.
object_post_as_copy = true
Set object_post_as_copy = false to turn on fast posts where only the metadata changes are stored anew and the original data file is kept in place. This makes for quicker posts; but since the container metadata isn't updated in this mode, features like container sync won't be able to sync posts.
post_quorum_timeout = 0.5
How long to wait for requests to finish after a quorum has been established.
put_queue_depth = 10
Depth of the proxy put queue.
read_affinity = r1z1=100, r1z2=200, r2=300
Which backend servers to prefer on reads. Format is r<N> for region N or r<N>z<M> for region N, zone M. The value after the equals is the priority; lower numbers are higher priority.
Example: first read from region 1 zone 1, then region 1 zone 2, then anything in region 2, then everything else: read_affinity = r1z1=100, r1z2=200, r2=300
Default is empty, meaning no preference.
recheck_account_existence = 60
Cache timeout in seconds to send memcached for account existence.
recheck_container_existence = 60
Cache timeout in seconds to send memcached for container existence.
recoverable_node_timeout = node_timeout
Request timeout to external services for requests that, on failure, can be recovered from. For example, object GET. from a client external services.
request_node_count = 2 * replicas
replicas Set to the number of nodes to contact for a normal request. You can use '* replicas' at the end to have it use the number given times the number of replicas for the ring being used for the request. conf file for values will only be shown to the list of swift_owners. The exact default definition of a swift_owner is headers> up to the auth system in use, but usually indicates administrative responsibilities. paste.deploy to use for auth. To use tempauth set to:
set log_address = /dev/log
Location where syslog sends the logs to.
set log_facility = LOG_LOCAL0
Syslog log facility.
set log_level = INFO
Log level.
set log_name = proxy-server
Label to use when logging.
sorting_method = shuffle
Storage nodes can be chosen at random (shuffle), by using timing measurements (timing), or by using an explicit match (affinity). Using timing measurements may allow for lower overall latency, while using affinity allows for finer control. In both the timing and affinity cases, equally-sorting nodes are still randomly chosen to spread load.
The valid values for sorting_method are "affinity", "shuffle", or "timing".
swift_owner_headers = x-container-read, x-container-write, x-container-sync-key, x-container-sync-to, x-account-meta-temp-url-key, x-account-meta-temp-url-key-2, x-container-meta-temp-url-key, x-container-meta-temp-url-key-2, x-account-access-control
These are the headers whose conf file for values will only be shown to the list of swift_owners. The exact default definition of a swift_owner is headers> up to the auth system in use, but usually indicates administrative responsibilities. paste.deploy to use for auth. To use tempauth set to:
timing_expiry = 300
If the "timing" sorting_method is used, the timings will only be valid for the number of seconds configured by timing_expiry.
use = egg:swift#proxy
Entry point of paste.deploy in the server.
write_affinity = r1, r2
This setting lets you trade data distribution for throughput. It makes the proxy server prefer local back-end servers for object PUT requests over non-local ones. Note that only object PUT requests are affected by the write_affinity setting; POST, GET, HEAD, DELETE, OPTIONS, and account/container PUT requests are not affected. The format is r<N> for region N or r<N>z<M> for region N, zone M. If this is set, then when handling an object PUT request, some number (see the write_affinity_node_count setting) of local backend servers will be tried before any nonlocal ones. Example: try to write to regions 1 and 2 before writing to any other nodes: write_affinity = r1, r2
write_affinity_node_count = 2 * replicas
This setting is only useful in conjunction with write_affinity; it governs how many local object servers will be tried before falling back to non-local ones. You can use '* replicas' at the end to have it use the number given times the number of replicas for the ring being used for the request: write_affinity_node_count = 2 * replicas
Table 6.57. Description of configuration options for [DEFAULT] in proxy-server.conf
Configuration option = Default value
Description
admin_key = secret_admin_key
To use for admin calls that are HMAC signed. Default is empty, which will disable admin calls to /info.
backlog = 4096
Maximum number of allowed pending TCP connections.
bind_ip = 0.0.0.0
IP Address for server to bind to.
bind_port = 8080
Port for server to bind to.
bind_timeout = 30
Seconds to attempt bind before giving up.
cert_file = /etc/swift/proxy.crt
To the ssl .crt. This should be enabled for testing purposes only.
client_timeout = 60
Time to wait while receiving each chunk of data from a client or another backend node.
cors_allow_origin =
is a list of hosts that are included with any CORS request by default and returned with the Access-Control-Allow-Origin header in addition to what the container has set. to call to setup custom log handlers. for eventlet the proxy server. For most cases, this should be.
disallowed_sections = swift.valid_api_versions, container_quotas, tempurl
Allows the ability to withhold sections from showing up in the public calls to /info. You can withhold subsections by separating the dict level with a ".". The following would cause the sections 'container_quotas' and 'tempurl' to not be listed, and the key max_failed_deletes would be removed from bulk_delete.
Default value is 'swift.valid_api_versions' which allows all registered features to be listed via HTTP GET /info except swift.valid_api_versions information.
eventlet_debug = false
If true, turn on debug logging for eventlet.
expiring_objects_account_name = expiring_objects
Account name for the expiring objects.
expiring_objects_container_divisor = 86400
Divisor for the expiring objects container.
expose_info = true
Enables exposing configuration settings via HTTP GET /info.
key_file = /etc/swift/proxy.key
to the ssl .key. This should be enabled for testing purposes only.
log_address = /dev/log
Location where syslog sends the logs to.
log_custom_handlers =
Comma-separated list of functions to call to setup custom log handlers.
log_facility = LOG_LOCAL0
Syslog log facility.
log_headers = false
Enables the ability to log request headers.
log_level = INFO
Logging level.
log_max_line_length = 0
Caps the length of log lines to the value given; no limit if set to 0, the default.
log_name = swift
Label used when logging.
log_statsd_default_sample_rate = 1.0
Defines the probability of sending a sample for any given event or timing measurement.
log_statsd_host = localhost
If not set, the StatsD feature is disabled.
log_statsd_metric_prefix =
Value will be prepended to every metric sent to the StatsD server.
log_statsd_port = 8125
Port value for the StatsD server.
log_statsd_sample_rate_factor = 1.0
Not recommended to set this to a value less than 1.0, if frequency of logging is too high, tune the log_statsd_default_sample_rate instead.
log_udp_host =
If not set, the UDP receiver for syslog is disabled.
log_udp_port = 514
Port value for UDP receiver, if enabled.
max_clients = 1024
Maximum number of clients one worker can process simultaneously Lowering the number of clients handled per worker, and raising the number of workers can lessen the impact that a CPU intensive, or blocking, request can have on other requests served by the same worker. If the maximum number of clients is set to one, then a given worker will not perform another call while processing, allowing other workers a chance to process it.
strict_cors_mode = True
Enforce CORS.
swift_dir = /etc/swift
Swift configuration directory.
trans_id_suffix =
This optional suffix (default is empty) that would be appended to the swift transaction id allows one to easily figure out from which cluster that X-Trans-Id belongs to. This is very useful when one is managing more than one swift cluster.
user = swift
User to run as.
workers = auto
a much higher value, one can reduce the impact of slow file system operations in one request from negatively impacting other requests.
Table 6.58. Description of configuration options for [filter-account-quotas] in proxy-server.conf
Configuration option = Default value
Description
use = egg:swift#account_quotas
Entry point of paste.deploy in the server
Table 6.59. Description of configuration options for [filter-authtoken] in proxy-server.conf
Configuration option = Default value
Description
auth_plugin = password
Authentication module to use.
auth_uri = http://keystonehost:5000
auth_uri should point to a Keystone service from which users may retrieve tokens. This value is used in the WWW-Authenticate header that auth_token sends with any denial response.
auth_url = http://keystonehost:35357
auth_url points to the Keystone Admin service. This information is used by the middleware to actually query Keystone about the validity of the authentication tokens. It is not necessary to append any Keystone API version number to this URI.
cache = swift.cache
cache is set to swift.cache. This means that the middleware will get the Swift memcache from the request environment.
delay_auth_decision = False
delay_auth_decision defaults to False, but leaving it as false will prevent other auth systems, staticweb, tempurl, formpost, and ACLs from working. This value must be explicitly set to True.
include_service_catalog = False
include_service_catalog defaults to True if not set. This means that when validating a token, the service catalog is retrieved and stored in the X-Service-Catalog header. Since Swift does not use the X-Service-Catalog header, there is no point in getting the service catalog. We recommend you set include_service_catalog to False.
password = password
Password for service user.
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
Entry point of paste.filter_factory in the server.
project_domain_id = default
Service project domain.
project_name = service
Service project name.
user_domain_id = default
Service user domain.
username = swift
Service user name.
Table 6.60. Description of configuration options for [filter-bulk] in proxy-server.conf
Configuration option = Default value
Description
delete_container_retry_count = 0
The parameter is used during a bulk delete of objects and their container. This would frequently fail because it is very likely that all replicated objects have not been deleted by the time the middleware got a successful response. It can be configured the number of retries. And the number of seconds to wait between each retry will be 1.5**retry.
max_containers_per_extraction = 10000
The maximum numbers of containers per extraction.
max_deletes_per_request = 10000
The maximum numbers of deletion per request.
max_failed_deletes = 1000
The maximum number of tries to delete before failure.
max_failed_extractions = 1000
The maximum number of tries to extract before failure.
use = egg:swift#bulk
Entry point of paste.deploy in the server.
yield_frequency = 10
In order to keep a connection active during a potentially long bulk request, Swift may return whitespace prepended to the actual response body. This whitespace will be yielded no more than every yield_frequency seconds.
Table 6.61. Description of configuration options for [filter-cache] in proxy-server.conf
Configuration option = Default value
Description
memcache_max_connections = 2
Max number of connections to each memcached server per worker services
memcache_serialization_support = 2
Sets how memcache values are serialized and deserialized
memcache_servers = 127.0.0.1:11211
Comma-separated list of memcached servers ip:port services
set log_address = /dev/log
Location where syslog sends the logs to
set log_facility = LOG_LOCAL0
Syslog log facility
set log_headers = false
If True, log headers in each request
set log_level = INFO
Log level
set log_name = cache
Label to use when logging
use = egg:swift#memcache
Entry point of paste.deploy in the server
Table 6.62. Description of configuration options for [filter-catch_errors] in proxy-server.conf
Configuration option = Default value
Description
set log_address = /dev/log
Location where syslog sends the logs to
set log_facility = LOG_LOCAL0
Syslog log facility
set log_headers = false
If True, log headers in each request
set log_level = INFO
Log level
set log_name = catch_errors
Label to use when logging
use = egg:swift#catch_errors
Entry point of paste.deploy in the server
Table 6.63. Description of configuration options for [filter-cname_lookup] in proxy-server.conf
Configuration option = Default value
Description
lookup_depth = 1
Because CNAMES can be recursive, specifies the number of levels through which to search.
set log_address = /dev/log
Location where syslog sends the logs to
set log_facility = LOG_LOCAL0
Syslog log facility
set log_headers = false
If True, log headers in each request
set log_level = INFO
Log level
set log_name = cname_lookup
Label to use when logging
storage_domain = example.com
Domain that matches your cloud. Multiple domains can be specified using a comma-separated list.
use = egg:swift#cname_lookup
Entry point of paste.deploy in the server
Table 6.64. Description of configuration options for [filter-container-quotas] in proxy-server.conf
Configuration option = Default value
Description
use = egg:swift#container_quotas
Entry point of paste.deploy in the server
Table 6.65. Description of configuration options for [filter-container_sync] in proxy-server.conf
Configuration option = Default value
Description
allow_full_urls = true
Set this to false if you want to disallow any full URL values to be set for any new X-Container-Sync-To headers. This will keep any new full URLs from coming in, but won't change any existing values already in the cluster. Updating those will have to be done manually, as knowing what the true realm endpoint should be cannot always be guessed.
current = //REALM/CLUSTER
Set this to specify this cluster //realm/cluster as "current" in /info.
use = egg:swift#container_sync
Entry point of paste.deploy in the server.
Table 6.66. Description of configuration options for [filter-dlo] in proxy-server.conf
Configuration option = Default value
Description
max_get_time = 86400
Time limit on GET requests (seconds).
rate_limit_after_segment = 10
Rate limit the download of large object segments after this segment is downloaded.
rate_limit_segments_per_sec = 1
Rate limit large object downloads at this rate. contact for a normal request. You can use '* replicas' at the end to have it use the number given times the number of replicas for the ring being used for the request. paste.deploy to use for auth. To use tempauth set to:
use = egg:swift#dlo
Entry point of paste.deploy in the server.
Table 6.67. Description of configuration options for [filter-domain_remap] in proxy-server.conf
Configuration option = Default value
Description
default_reseller_prefix =
If the reseller prefixes do not match, the default reseller prefix is used. When no default reseller prefix is configured, any request with an account prefix not in that list will be ignored by this middleware.
path_root = v1
Root path.
reseller_prefixes = AUTH
Browsers can convert a host header to lowercase, so check that reseller prefix on the account is the correct case. This is done by comparing the items in the reseller_prefixes config option to the found prefix. If they match except for case, the item from reseller_prefixes will be used instead of the found reseller prefix.
set log_address = /dev/log
Location where syslog sends the logs to.
set log_facility = LOG_LOCAL0
Syslog log facility.
set log_headers = false
If True, log headers in each request.
set log_level = INFO
Log level.
set log_name = domain_remap
Label to use when logging.
storage_domain = example.com
Domain that matches your cloud. Multiple domains can be specified using a comma-separated list.
use = egg:swift#domain_remap
Entry point of paste.deploy in the server.
Table 6.68. Description of configuration options for [filter-formpost] in proxy-server.conf
Configuration option = Default value
Description
use = egg:swift#formpost
Entry point of paste.deploy in the server
Table 6.69. Description of configuration options for [filter-gatekeeper] in proxy-server.conf
Configuration option = Default value
Description
set log_address = /dev/log
Location where syslog sends the logs to
set log_facility = LOG_LOCAL0
Syslog log facility
set log_headers = false
If True, log headers in each request
set log_level = INFO
Log level
set log_name = gatekeeper
Label to use when logging
use = egg:swift#gatekeeper
Entry point of paste.deploy in the server
Table 6.70. Description of configuration options for [filter-healthcheck] in proxy-server.conf
Configuration option = Default value
Description
disable_path =
An optional filesystem path, which if present, will cause the healthcheck URL to return "503 Service Unavailable" with a body of "DISABLED BY FILE".
use = egg:swift#healthcheck
Entry point of paste.deploy in the server.
Table 6.71. Description of configuration options for [filter-keystoneauth] in proxy-server.conf
Configuration option = Default value
Description
allow_names_in_acls = true
The backwards compatible behavior can be disabled by setting this option to False.
allow_overrides = true
This option allows middleware higher in the WSGI pipeline to override auth processing, useful for middleware such as tempurl and formpost. If you know you are not going to use such middleware and you want a bit of extra security, you can set this to False.
default_domain_id = default
Name of the default domain. It is identified by its UUID, which by default has the value "default".
is_admin = false
If this option is set to True, it allows to give a user whose username is the same as the project name and who has any role in the project access rights elevated to be the same as if the user had one of the operator_roles. Note that the condition compares names rather than UUIDs. This option is deprecated. It is False by default.
operator_roles = admin, swiftoperator
Operator role defines the user which is allowed to manage a tenant and create containers or give ACL to others. This parameter may be prefixed with an appropriate prefix.
reseller_admin_role = ResellerAdmin
The reseller admin role gives the ability to create and delete accounts.
reseller_prefix = AUTH
The naming scope for the auth service.
service_roles =
When present, this option requires that the X-Service-Token header supplies a token from a user who has a role listed in service_roles. This parameter may be prefixed with an appropriate prefix.
use = egg:swift#keystoneauth
Entry point of paste.deploy in the server.
Table 6.72. Description of configuration options for [filter-list-endpoints] in proxy-server.conf
Configuration option = Default value
Description
list_endpoints_path = /endpoints/
Path to list endpoints for an object, account or container.
use = egg:swift#list_endpoints
Entry point of paste.deploy in the server.
Table 6.73. Description of configuration options for [filter-name_check] in proxy-server.conf
Configuration option = Default value
Description
forbidden_chars = '"`<>
Characters that are not allowed in a name
forbidden_regexp = /\./|/\.\./|/\.$|/\.\.$
Substrings to forbid, using regular expression syntax
maximum_length = 255
Maximum length of a name
use = egg:swift#name_check
Entry point of paste.deploy in the server
Table 6.74. Description of configuration options for [filter-proxy-logging] in proxy-server.conf
Configuration option = Default value
Description
access_log_address = /dev/log
Location where syslog sends the logs to. If not set, logging directives from [DEFAULT] without "access_" will be used.
access_log_facility = LOG_LOCAL0
Syslog facility to receive log lines. If not set, logging directives from [DEFAULT] without "access_" will be used.
access_log_headers = false
Header to receive log lines. If not set, logging directives from [DEFAULT] without "access_" will be used.
access_log_headers_only =
If access_log_headers is True and access_log_headers_only is set only these headers are logged. Multiple headers can be defined as comma separated list like this: access_log_headers_only = Host, X-Object-Meta-Mtime.
access_log_level = INFO
Syslog logging level to receive log lines. If not set, logging directives from [DEFAULT] without "access_" will be used.
access_log_name = swift
Label used when logging. If not set, logging directives from [DEFAULT] without "access_" will be used.
access_log_statsd_default_sample_rate = 1.0
Defines the probability of sending a sample for any given event or timing measurement. If not set, logging directives from [DEFAULT] without "access_" will be used.
access_log_statsd_host = localhost
You can use log_statsd_* from [DEFAULT], or override them here. StatsD server. IPv4/IPv6 addresses and hostnames are supported. If a hostname resolves to an IPv4 and IPv6 address, the IPv4 address will be used.
access_log_statsd_metric_prefix =
Value will be prepended to every metric sent to the StatsD server. If not set, logging directives from [DEFAULT] without "access_" will be used.
access_log_statsd_port = 8125
Port value for the StatsD server. If not set, logging directives from [DEFAULT] without "access_" will be used.
access_log_statsd_sample_rate_factor = 1.0
Not recommended to set this to a value less than 1.0, if frequency of logging is too high, tune the log_statsd_default_sample_rate instead. If not set, logging directives from [DEFAULT] without "access_" will be used.
access_log_udp_host =
If not set, the UDP receiver for syslog is disabled. If not set, logging directives from [DEFAULT] without "access_" will be used.
access_log_udp_port = 514
Port value for UDP receiver, if enabled. If not set, logging directives from [DEFAULT] without "access_" will be used.
log_statsd_valid_http_methods = GET,HEAD,POST,PUT,DELETE,COPY,OPTIONS
What HTTP methods are allowed for StatsD logging (comma-sep). request methods not in this list will have "BAD_METHOD" for the <verb> portion of the metric.
reveal_sensitive_prefix = 16
The X-Auth-Token is sensitive data. If revealed to an unauthorised person, they can now make requests against an account until the token expires. Set reveal_sensitive_prefix to the number of characters of the token that are logged. For example reveal_sensitive_prefix = 12 so only first 12 characters of the token are logged. Or, set to 0 to completely remove the token.
Note
reveal_sensitive_prefix will not affect the value logged with access_log_headers=True.
use = egg:swift#proxy_logging
Entry point of paste.deploy in the server.
Table 6.75. Description of configuration options for [filter-ratelimit] in proxy-server.conf
Configuration option = Default value
Description
account_blacklist = c,d
Comma separated lists of account names that will not be allowed. Returns a 497 response. r: for containers of size x, limit requests per second to r. Will limit PUT, DELETE, and POST requests to /a/c/o. container_listing_ratelimit_x = r: for containers of size x, limit listing requests per second to r. Will limit GET requests to /a/c.
account_ratelimit = 0
If set, will limit PUT and DELETE requests to /account_name/container_name. Number is in requests per second.
account_whitelist = a,b
Comma separated lists of account names that will not be rate limited.
clock_accuracy = 1000
Represents how accurate the proxy servers' system clocks are with each other. 1000 means that all the proxies' clock are accurate to each other within 1 millisecond. No ratelimit should be higher than the clock accuracy.
container_listing_ratelimit_0 = 100
with container_listing_ratelimit_x = r, for containers of size x, limit container GET (listing) requests per second to r. The container rate will be linearly interpolated from the values given. With the default values, a container of size 5 will get a rate of 75.
container_listing_ratelimit_10 = 50
with container_listing_ratelimit_x = r, for containers of size x, limit container GET (listing) requests per second to r. The container rate will be linearly interpolated from the values given. With the default values, a container of size 5 will get a rate of 75.
container_listing_ratelimit_50 = 20
with container_listing_ratelimit_x = r, for containers of size x, limit container GET (listing) requests per second to r. The container rate will be linearly interpolated from the values given. With the default values, a container of size 5 will get a rate of 75.
container_ratelimit_0 = 100
with container_ratelimit_x = r, for containers of size x, limit write requests per second to r. The container rate will be linearly interpolated from the values given. With the default values, a container of size 5 will get a rate of 75.
container_ratelimit_10 = 50
with container_ratelimit_x = r, for containers of size x, limit write requests per second to r. The container rate will be linearly interpolated from the values given. With the default values, a container of size 5 will get a rate of 75.
container_ratelimit_50 = 20
with container_ratelimit_x = r, for containers of size x, limit write requests per second to r. The container rate will be linearly interpolated from the values given. With the default values, a container of size 5 will get a rate of 75.
log_sleep_time_seconds = 0
To allow visibility into rate limiting set this value > 0 and all sleeps greater than the number will be logged.
max_sleep_time_seconds = 60
App will immediately return a 498 response if the necessary sleep time ever exceeds the given max_sleep_time_seconds.
rate_buffer_seconds = 5
Number of seconds the rate counter can drop and be allowed to catch up (at a faster than listed rate). A larger number will result in larger spikes in rate but better average accuracy.
set log_address = /dev/log
Location where syslog sends the logs to.
set log_facility = LOG_LOCAL0
Syslog log facility.
set log_headers = false
If True, log headers in each request.
set log_level = INFO
Log level.
set log_name = ratelimit
Label to use when logging.
use = egg:swift#ratelimit
Entry point of paste.deploy in the server.
Table 6.76. Description of configuration options for [filter-slo] in proxy-server.conf
Configuration option = Default value
Description
max_get_time = 86400
Time limit on GET requests (seconds)
max_manifest_segments = 1000
Maximum number of segments.
max_manifest_size = 2097152
Maximum size of segments.
min_segment_size = 1048576
Minimum size of segments.
rate_limit_after_segment = 10
Rate limit the download of large object segments after this segment is downloaded.
rate_limit_segments_per_sec = 0
Rate limit large object downloads at this rate. contact for a normal request. You can use '* replicas' at the end to have it use the number given times the number of replicas for the ring being used for the request. paste.deploy to use for auth. To use tempauth set to:
use = egg:swift#slo
Entry point of paste.deploy in the server.
Table 6.77. Description of configuration options for [filter-staticweb] in proxy-server.conf
Configuration option = Default value
Description
use = egg:swift#staticweb
Entry point of paste.deploy in the server
Table 6.78. Description of configuration options for [filter-tempauth] in proxy-server.conf
Configuration option = Default value
Description
allow_overrides = true
This option allows middleware higher in the WSGI pipeline to override auth processing, useful for middleware such as tempurl and formpost. If you know you are not going to use such middleware and you want a bit of extra security, you can set this to False.
auth_prefix = /auth/
The HTTP request path prefix for the auth service. Swift itself reserves anything beginning with the letter.
require_group =
The require_group parameter names a group that must be presented by either X-Auth-Token or X-Service-Token. Usually this parameter is used only with multiple reseller prefixes (for example, SERVICE_require_group=blah). By default, no group is needed. Do not use .admin.
reseller_prefix = AUTH
The naming scope for the auth service.
set log_address = /dev/log
Location where syslog sends the logs to.
set log_facility = LOG_LOCAL0
Syslog log facility.
set log_headers = false
If True, log headers in each request.
set log_level = INFO
Log level.
set log_name = tempauth
Label to use when logging.
storage_url_scheme = default
Scheme to return with storage urls: http, https, or default (chooses based on what the server is running as) This can be useful with an SSL load balancer in front of a non-SSL server.
token_life = 86400
The number of seconds a token is valid.
use = egg:swift#tempauth
Entry point of paste.deploy in the server.
user_<account>_<user> = <key> [group] [group] [...] [storage_url]
List of all the accounts and user you want.
The following are example entries required for running the tests:
  • user_admin_admin = admin .admin .reseller_admin
  • user_test2_tester2 = testing2 .admin
  • user_test5_tester5 = testing5 service
  • user_test_tester = testing .admin
  • user_test_tester3 = testing3
Table 6.79. Description of configuration options for [filter-tempurl] in proxy-server.conf
Configuration option = Default value
Description
incoming_allow_headers =
Headers allowed as exceptions to incoming_remove_headers. Simply a whitespace delimited list of header names and names can optionally end with '*' to indicate a prefix match.
incoming_remove_headers = x-timestamp
Headers to remove from incoming requests. Simply a whitespace delimited list of header names and names can optionally end with '*' to indicate a prefix match.
methods = GET HEAD PUT POST DELETE
HTTP methods allowed with Temporary URLs.
outgoing_allow_headers = x-object-meta-public-*
Headers allowed as exceptions to outgoing_allow_headers. Simply a whitespace delimited list of header names and names can optionally end with '*' to indicate a prefix match.
outgoing_remove_headers = x-object-meta-*
Headers to remove from outgoing responses. Simply a whitespace delimited list of header names and names can optionally end with '*' to indicate a prefix match.
use = egg:swift#tempurl
Entry point of paste.deploy in the server.
Table 6.80. Description of configuration options for [filter-versioned_writes] in proxy-server.conf
Configuration option = Default value
Description
allow_versioned_writes = false
Enables using versioned writes middleware and exposing configuration settings via HTTP GET /info.
Warning
Setting this option bypasses the allow_versions option in the container configuration file, which will be eventually deprecated. For more details, see Object Versioning.
use = egg:swift#versioned_writes
Entry point of paste.deploy in the server.
Table 6.81. Description of configuration options for [filter-xprofile] in proxy-server.conf
Configuration option = Default value
Description
dump_interval = 5.0
The profile data will be dumped to local disk based on above naming rule in this interval (seconds).
dump_timestamp = false
Be careful, this option will enable the profiler to dump data into the file with a time stamp which means that there will be lots of files piled up in the directory.
flush_at_shutdown = false
Clears the data when the wsgi server shutdowns.
log_filename_prefix = /tmp/log/swift/profile/default.profile
This prefix is used to combine the process ID and timestamp to name the profile data file. Make sure the executing user has permission to write into this path. Any missing path segments will be created, if necessary. When you enable profiling in more than one type of daemon, you must override it with a unique value like: /var/log/swift/profile/accoutn.profile.
path = /__profile__
This is the path of the URL to access the mini web UI.
profile_module = eventlet.green.profile
This option enables you to switch profilers which inherit from the Python standard profiler. Currently, the supported value can be ‘cProfile’, ‘eventlet.green.profile’, etc.
unwind = false
Unwind the iterator of applications.
use = egg:swift#xprofile
Entry point of paste.deploy in the server.
Table 6.82. Description of configuration options for [pipeline-main] in proxy-server.conf
Configuration option = Default value
Description
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk tempurl ratelimit tempauth container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server
Pipeline to use for processing operations.
Table 6.83. Description of configuration options for [account] in rsyncd.conf
Configuration option = Default value
Description
lock file = /var/lock/account.lock
No help text available for this option.
max connections = 2
No help text available for this option.
path = /srv/node
No help text available for this option.
read only = false
No help text available for this option.
Table 6.84. Description of configuration options in rsyncd.conf
Configuration option = Default value
Description
gid = swift
Group ID for rsyncd.
log file = /var/log/rsyncd.log
Log file for rsyncd.
pid file = /var/run/rsyncd.pid
PID file for rsyncd.
uid = swift
User ID for rsyncd.
max connections =
Maximum number of connections for rsyncd. This option should be set for each account, container, or object.
path = /srv/node
Working directory for rsyncd to use. This option should be set for each account, container, or object.
read only = false
Set read only. This option should be set for each account, container, or object.
lock file =
Lock file for rsyncd. This option should be set for each account, container, or object.
Table 6.85. Description of configuration options for [storage-policy-0] in swift.conf
Configuration option = Default value
Description
default = yes
If no policies are defined a policy with index 0 will be automatically created for backwards compatibility and given the name Policy-0. A default policy is used when creating new containers when no policy is specified in the request. If no other policies are defined the policy with index 0 will be declared the default. If multiple policies are defined you must define a policy with index 0 and you must specify a default. It is recommended you always define a section for storage-policy:0. Aliases are not required when defining a storage policy.
name = Policy-0
No help text available for this option.
policy_type = replication
No help text available for this option.
Table 6.86. Description of configuration options for [swift-constraints] in swift.conf
Configuration option = Default value
Description
account_listing_limit = 10000
The default (and maximum) number of items returned for an account listing request.
container_listing_limit = 10000
The default (and maximum) number of items returned for a container listing request.
extra_header_count = 0
By default the maximum number of allowed headers depends on the number of max allowed metadata settings plus a default value of 32 for regular http headers. If for some reason this is not enough (custom middleware for example) it can be increased with the extra_header_count constraint.
max_account_name_length = 256
The maximum number of bytes in the utf8 encoding of an account name.
max_container_name_length = 256
The maximum number of bytes in the utf8 encoding of a container name.
max_file_size = 5368709122
The largest normal object that can be saved in the cluster. This is also the limit on the size of each segment of a large object when using the large object manifest support. This value is set in bytes. Setting it to lower than 1MiB will cause some tests to fail. It is STRONGLY recommended to leave this value at the default (5 * 2**30 + 2).
max_header_size = 8192
The max number of bytes in the utf8 encoding of each header. Using 8192 as default because eventlet use 8192 as maximum size of header line. You may need to increase this value when using identity v3 API tokens including more than 7 catalog entries. See also include_service_catalog in proxy-server.conf-sample (documented in overview_auth.rst).
max_meta_count = 90
The max number of metadata keys that can be stored on a single account, container, or object.
max_meta_name_length = 128
The max number of bytes in the utf8 encoding of the name portion of a metadata header.
max_meta_overall_size = 4096
The max number of bytes in the utf8 encoding of the metadata (keys + values).
max_meta_value_length = 256
The max number of bytes in the utf8 encoding of a metadata value.
max_object_name_length = 1024
The max number of bytes in the utf8 encoding of an object name.
valid_api_versions = v0,v1,v2
No help text available for this option.
Table 6.87. Description of configuration options for [swift-hash] in swift.conf
Configuration option = Default value
Description
swift_hash_path_prefix = changeme
A prefix used by hash_path to offer a bit more security when generating hashes for paths. It simply appends this value to all paths; if someone knows this suffix, it's easier for them to guess the hash a path will end up with. New installations are advised to set this parameter to a random secret, which would not be disclosed ouside the organization. The same secret needs to be used by all swift servers of the same cluster. Existing installations should set this parameter to an empty string.
swift_hash_path_suffix = changeme
A suffix used by hash_path to offer a bit more security when generating hashes for paths. It simply appends this value to all paths; if someone knows this suffix, it's easier for them to guess the hash a path will end up with. New installations are advised to set this parameter to a random secret, which would not be disclosed ouside the organization. The same secret needs to be used by all swift servers of the same cluster. Existing installations should set this parameter to an empty string.

6.1.2. New, Updated, and Deprecated Options in Newton for OpenStack Object Storage

There are no new, updated, and deprecated options in Newton for OpenStack Object Storage.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.