Chapter 6. Object Storage

accounts_per_second = 200

Maximum accounts audited per second. Should be tuned according to individual system specs. 0 is unlimited.

interval = 1800

Minimum time for a pass to take

log_address = /dev/log

Location where syslog sends the logs to

log_facility = LOG_LOCAL0

Syslog log facility

log_level = INFO

Logging level

log_name = account-auditor

Label used when logging

recon_cache_path = /var/cache/swift

Directory where stats for a few items will be stored

concurrency = 25

Number of replication workers to spawn

conn_timeout = 0.5

Connection timeout to external services

delay_reaping = 0

Normally, the reaper begins deleting account information for deleted accounts immediately; you can set this to delay its work however. The value is in seconds, 2592000 = 30 days, for example. bind to giving up worker can process simultaneously (it will actually accept(2) N + 1). Setting this to one (1) will only handle one request at a time, without accepting another request concurrently. By increasing the number of workers to a much higher value, one can reduce the impact of slow file system operations in one request from negatively impacting other requests.

interval = 3600

Minimum time for a pass to take

log_address = /dev/log

Location where syslog sends the logs to

log_facility = LOG_LOCAL0

Syslog log facility

log_level = INFO

Logging level

log_name = account-reaper

Label used when logging

node_timeout = 10

Request timeout to external services

reap_warn_after = 2592000

If the account fails to be reaped due to a persistent error, the account reaper will log a message such as:

Account <name> has not been reaped since <date>

You can search logs for this message if space is not being reclaimed after you delete account(s). This is in addition to any time requested by delay_reaping.

concurrency = 8

Number of replication workers to spawn

conn_timeout = 0.5

Connection timeout to external services

interval = 30

Minimum time for a pass to take

log_address = /dev/log

Location where syslog sends the logs to

log_facility = LOG_LOCAL0

Syslog log facility

log_level = INFO

Logging level

log_name = account-replicator

Label used when logging

max_diffs = 100

Caps how long the replicator spends trying to sync a database per pass

node_timeout = 10

Request timeout to external services

per_diff = 1000

Limit number of items to get per diff

reclaim_age = 604800

Time elapsed in seconds before an object can be reclaimed

recon_cache_path = /var/cache/swift

Directory where stats for a few items will be stored

rsync_compress = no

Allow rsync to compress data which is transmitted to destination node during sync. However, this is applicable only when destination node is in a different region than the local one.

rsync_module = {replication_ip}::account

Format of the rsync module where the replicator will send data. The configuration value can include some variables that will be extracted from the ring. Variables must follow the format {NAME} where NAME is one of: ip, port, replication_ip, replication_port, region, zone, device, meta. See etc/rsyncd.conf-sample for some examples. uses what's set here, or what's set in the DEFAULT section, or 10 (though other sections use 3 as the final default).

run_pause = 30

Time in seconds to wait between replication passes

auto_create_account_prefix = .

Prefix to use when automatically creating accounts

replication_server = false

If defined, tells server how to handle replication verbs in requests. When set to True (or 1), only replication verbs will be accepted. When set to False, replication verbs will be rejected. When undefined, server will accept any verb in the request.

set log_address = /dev/log

Location where syslog sends the logs to

set log_facility = LOG_LOCAL0

Syslog log facility

set log_level = INFO

Log level

set log_name = account-server

Label to use when logging

set log_requests = true

Whether or not to log requests

use = egg:swift#account

Entry point of paste.deploy in the server

backlog = 4096

Maximum number of allowed pending TCP connections

bind_ip = 0.0.0.0

IP Address for server to bind to

bind_port = 6002

Port for server to bind to

bind_timeout = 30

Seconds to attempt bind before giving up

db_preallocation = off

If you don't mind the extra disk space usage in overhead, you can turn this on to preallocate disk space with SQLite databases to decrease fragmentation. underlying filesystem does not support it. to setup custom log handlers. bytes you'd like fallocate to reserve, whether there is space for the given file size or not. This is useful for systems that behave badly when they completely run out of space; you can make the services pretend they're out of space early. server. For most cases, this should be

devices = /srv/node

Parent directory of where devices are mounted

disable_fallocate = false

Disable "fast fail" fallocate checks if the underlying filesystem does not support it.

eventlet_debug = false

If true, turn on debug logging for eventlet

fallocate_reserve = 0

You can set fallocate_reserve to the number of bytes you'd like fallocate to reserve, whether there is space for the given file size or not. This is useful for systems that behave badly when they completely run out of space; you can make the services pretend they're out of space early. server. For most cases, this should be

log_address = /dev/log

Location where syslog sends the logs to

log_custom_handlers =

Comma-separated list of functions to call to setup custom log handlers.

log_facility = LOG_LOCAL0

Syslog log facility

log_level = INFO

Logging level

log_max_line_length = 0

Caps the length of log lines to the value given; no limit if set to 0, the default.

log_name = swift

Label used when logging

log_statsd_default_sample_rate = 1.0

Defines the probability of sending a sample for any given event or timing measurement.

log_statsd_host = localhost

If not set, the StatsD feature is disabled.

log_statsd_metric_prefix =

Value will be prepended to every metric sent to the StatsD server.

log_statsd_port = 8125

Port value for the StatsD server.

log_statsd_sample_rate_factor = 1.0

Not recommended to set this to a value less than 1.0, if frequency of logging is too high, tune the log_statsd_default_sample_rate instead.

log_udp_host =

If not set, the UDP receiver for syslog is disabled.

log_udp_port = 514

Port value for UDP receiver, if enabled.

max_clients = 1024

Maximum number of clients one worker can process simultaneously Lowering the number of clients handled per worker, and raising the number of workers can lessen the impact that a CPU intensive, or blocking, request can have on other requests served by the same worker. If the maximum number of clients is set to one, then a given worker will not perform another call while processing, allowing other workers a chance to process it.

mount_check = true

Whether or not check if the devices are mounted to prevent accidentally writing to the root device

swift_dir = /etc/swift

Swift configuration directory

user = swift

User to run as

workers = auto

a much higher value, one can reduce the impact of slow file system operations in one request from negatively impacting other requests.

disable_path =

An optional filesystem path, which if present, will cause the healthcheck URL to return "503 Service Unavailable" with a body of "DISABLED BY FILE"

use = egg:swift#healthcheck

Entry point of paste.deploy in the server

recon_cache_path = /var/cache/swift

Directory where stats for a few items will be stored

use = egg:swift#recon

Entry point of paste.deploy in the server

dump_interval = 5.0

the profile data will be dumped to local disk based on above naming rule in this interval (seconds).

dump_timestamp = false

Be careful, this option will enable the profiler to dump data into the file with a time stamp which means that there will be lots of files piled up in the directory.

flush_at_shutdown = false

Clears the data when the wsgi server shutdowns.

log_filename_prefix = /tmp/log/swift/profile/default.profile

This prefix is used to combine the process ID and timestamp to name the profile data file. Make sure the executing user has permission to write into this path. Any missing path segments will be created, if necessary. When you enable profiling in more than one type of daemon, you must override it with a unique value like: /var/log/swift/profile/accoutn.profile

path = /__profile__

This is the path of the URL to access the mini web UI.

profile_module = eventlet.green.profile

This option enables you to switch profilers which inherit from the Python standard profiler. Currently, the supported value can be ‘cProfile’, ‘eventlet.green.profile’, etc.

unwind = false

unwind the iterator of applications

use = egg:swift#xprofile

Entry point of paste.deploy in the server

pipeline = healthcheck recon account-server

Pipeline to use for processing operations.

use = egg:swift#proxy

Entry point of paste.deploy in the server

interval = 30

Minimum time for a pass to take

reclaim_age = 604800

Time elapsed in seconds before an object can be reclaimed

request_tries = 3

Server errors from requests will be retried by default

log_address = /dev/log

Location where syslog sends the logs to

log_custom_handlers =

Comma-separated list of functions to call to setup custom log handlers.

log_facility = LOG_LOCAL0

Syslog log facility

log_level = INFO

Logging level

log_name = swift

Label used when logging

log_statsd_default_sample_rate = 1.0

Defines the probability of sending a sample for any given event or timing measurement.

log_statsd_host = localhost

If not set, the StatsD feature is disabled.

log_statsd_metric_prefix =

Value will be prepended to every metric sent to the StatsD server.

log_statsd_port = 8125

Port value for the StatsD server.

log_statsd_sample_rate_factor = 1.0

Not recommended to set this to a value less than 1.0, if frequency of logging is too high, tune the log_statsd_default_sample_rate instead.

log_udp_host =

If not set, the UDP receiver for syslog is disabled.

log_udp_port = 514

Port value for UDP receiver, if enabled.

swift_dir = /etc/swift

Swift configuration directory

user = swift

User to run as

use = egg:swift#memcache

Entry point of paste.deploy in the server

use = egg:swift#catch_errors

Entry point of paste.deploy in the server

use = egg:swift#proxy_logging

Entry point of paste.deploy in the server

pipeline = catch_errors proxy-logging cache proxy-server

Pipeline to use for processing operations.

allow_versions = false

Enable/Disable object versioning feature

auto_create_account_prefix = .

Prefix to use when automatically creating accounts

conn_timeout = 0.5

Connection timeout to external services

node_timeout = 3

Request timeout to external services

replication_server = false

If defined, tells server how to handle replication verbs in requests. When set to True (or 1), only replication verbs will be accepted. When set to False, replication verbs will be rejected. When undefined, server will accept any verb in the request.

set log_address = /dev/log

Location where syslog sends the logs to

set log_facility = LOG_LOCAL0

Syslog log facility

set log_level = INFO

Log level

set log_name = container-server

Label to use when logging

set log_requests = true

Whether or not to log requests

use = egg:swift#container

Entry point of paste.deploy in the server

containers_per_second = 200

Maximum containers audited per second. Should be tuned according to individual system specs. 0 is unlimited. mounted to prevent accidentally writing to the root device process simultaneously (it will actually accept(2) N + 1). Setting this to one (1) will only handle one request at a time, without accepting another request concurrently. By increasing the number of workers to a much higher value, one can reduce the impact of slow file system operations in one request from negatively impacting other requests.

interval = 1800

Minimum time for a pass to take

log_address = /dev/log

Location where syslog sends the logs to

log_facility = LOG_LOCAL0

Syslog log facility

log_level = INFO

Logging level

log_name = container-auditor

Label used when logging

recon_cache_path = /var/cache/swift

Directory where stats for a few items will be stored

concurrency = 8

Number of replication workers to spawn

conn_timeout = 0.5

Connection timeout to external services

interval = 30

Minimum time for a pass to take

log_address = /dev/log

Location where syslog sends the logs to

log_facility = LOG_LOCAL0

Syslog log facility

log_level = INFO

Logging level

log_name = container-replicator

Label used when logging

max_diffs = 100

Caps how long the replicator spends trying to sync a database per pass

node_timeout = 10

Request timeout to external services

per_diff = 1000

Limit number of items to get per diff

reclaim_age = 604800

Time elapsed in seconds before an object can be reclaimed

recon_cache_path = /var/cache/swift

Directory where stats for a few items will be stored

rsync_compress = no

Allow rsync to compress data which is transmitted to destination node during sync. However, this is applicable only when destination node is in a different region than the local one.

rsync_module = {replication_ip}::container

Format of the rsync module where the replicator will send data. The configuration value can include some variables that will be extracted from the ring. Variables must follow the format {NAME} where NAME is one of: ip, port, replication_ip, replication_port, region, zone, device, meta. See etc/rsyncd.conf-sample for some examples. uses what's set here, or what's set in the DEFAULT section, or 10 (though other sections use 3 as the final default).

run_pause = 30

Time in seconds to wait between replication passes

conn_timeout = 5

Connection timeout to external services

container_time = 60

Maximum amount of time to spend syncing each container

internal_client_conf_path = /etc/swift/internal-client.conf

Internal client config file path

interval = 300

Minimum time for a pass to take

log_address = /dev/log

Location where syslog sends the logs to

log_facility = LOG_LOCAL0

Syslog log facility

log_level = INFO

Logging level

log_name = container-sync

Label used when logging

request_tries = 3

Server errors from requests will be retried by default

sync_proxy = http://10.1.1.1:8888,http://10.1.1.2:8888

If you need to use an HTTP proxy, set it here. Defaults to no proxy.

account_suppression_time = 60

Seconds to suppress updating an account that has generated an error (timeout, not yet found, etc.)

concurrency = 4

Number of replication workers to spawn

conn_timeout = 0.5

Connection timeout to external services

interval = 300

Minimum time for a pass to take

log_address = /dev/log

Location where syslog sends the logs to

log_facility = LOG_LOCAL0

Syslog log facility

log_level = INFO

Logging level

log_name = container-updater

Label used when logging

node_timeout = 3

Request timeout to external services

recon_cache_path = /var/cache/swift

Directory where stats for a few items will be stored

slowdown = 0.01

Time in seconds to wait between objects

allowed_sync_hosts = 127.0.0.1

The list of hosts that are allowed to send syncs to.

backlog = 4096

Maximum number of allowed pending TCP connections

bind_ip = 0.0.0.0

IP Address for server to bind to

bind_port = 6001

Port for server to bind to

bind_timeout = 30

Seconds to attempt bind before giving up

db_preallocation = off

If you don't mind the extra disk space usage in overhead, you can turn this on to preallocate disk space with SQLite databases to decrease fragmentation. underlying filesystem does not support it. to setup custom log handlers. bytes you'd like fallocate to reserve, whether there is space for the given file size or not. This is useful for systems that behave badly when they completely run out of space; you can make the services pretend they're out of space early. server. For most cases, this should be

devices = /srv/node

Parent directory of where devices are mounted

disable_fallocate = false

Disable "fast fail" fallocate checks if the underlying filesystem does not support it.

eventlet_debug = false

If true, turn on debug logging for eventlet

fallocate_reserve = 0

You can set fallocate_reserve to the number of bytes you'd like fallocate to reserve, whether there is space for the given file size or not. This is useful for systems that behave badly when they completely run out of space; you can make the services pretend they're out of space early. server. For most cases, this should be

log_address = /dev/log

Location where syslog sends the logs to

log_custom_handlers =

Comma-separated list of functions to call to setup custom log handlers.

log_facility = LOG_LOCAL0

Syslog log facility

log_level = INFO

Logging level

log_max_line_length = 0

Caps the length of log lines to the value given; no limit if set to 0, the default.

log_name = swift

Label used when logging

log_statsd_default_sample_rate = 1.0

Defines the probability of sending a sample for any given event or timing measurement.

log_statsd_host = localhost

If not set, the StatsD feature is disabled.

log_statsd_metric_prefix =

Value will be prepended to every metric sent to the StatsD server.

log_statsd_port = 8125

Port value for the StatsD server.

log_statsd_sample_rate_factor = 1.0

Not recommended to set this to a value less than 1.0, if frequency of logging is too high, tune the log_statsd_default_sample_rate instead.

log_udp_host =

If not set, the UDP receiver for syslog is disabled.

log_udp_port = 514

Port value for UDP receiver, if enabled.

max_clients = 1024

Maximum number of clients one worker can process simultaneously Lowering the number of clients handled per worker, and raising the number of workers can lessen the impact that a CPU intensive, or blocking, request can have on other requests served by the same worker. If the maximum number of clients is set to one, then a given worker will not perform another call while processing, allowing other workers a chance to process it.

mount_check = true

Whether or not check if the devices are mounted to prevent accidentally writing to the root device

swift_dir = /etc/swift

Swift configuration directory

user = swift

User to run as

workers = auto

a much higher value, one can reduce the impact of slow file system operations in one request from negatively impacting other requests.

disable_path =

An optional filesystem path, which if present, will cause the healthcheck URL to return "503 Service Unavailable" with a body of "DISABLED BY FILE"

use = egg:swift#healthcheck

Entry point of paste.deploy in the server

recon_cache_path = /var/cache/swift

Directory where stats for a few items will be stored

use = egg:swift#recon

Entry point of paste.deploy in the server

dump_interval = 5.0

the profile data will be dumped to local disk based on above naming rule in this interval (seconds).

dump_timestamp = false

Be careful, this option will enable the profiler to dump data into the file with a time stamp which means that there will be lots of files piled up in the directory.

flush_at_shutdown = false

Clears the data when the wsgi server shutdowns.

log_filename_prefix = /tmp/log/swift/profile/default.profile

This prefix is used to combine the process ID and timestamp to name the profile data file. Make sure the executing user has permission to write into this path. Any missing path segments will be created, if necessary. When you enable profiling in more than one type of daemon, you must override it with a unique value like: /var/log/swift/profile/object.profile

path = /__profile__

This is the path of the URL to access the mini web UI.

profile_module = eventlet.green.profile

This option enables you to switch profilers which inherit from the Python standard profiler. Currently, the supported value can be 'cProfile', 'eventlet.green.profile', etc.

unwind = false

unwind the iterator of applications

use = egg:swift#xprofile

Entry point of paste.deploy in the server

pipeline = healthcheck recon container-server

Pipeline to use for processing operations.

mtime_check_interval = 300

The number of seconds between checking the modified time of this config file for changes and therefore reloading it.

cluster_clustername1 = https://host1/v1/

Any values in the realm section whose names begin with cluster_ will indicate the name and endpoint of a cluster and will be used by external users in their containers' X-Container-Sync-To metadata header values with the format "realm_name/cluster_name/container_name". Realm and cluster names are considered case insensitive.

cluster_clustername2 = https://host2/v1/

Any values in the realm section whose names begin with cluster_ will indicate the name and endpoint of a cluster and will be used by external users in their containers' X-Container-Sync-To metadata header values with the format "realm_name/cluster_name/container_name". Realm and cluster names are considered case insensitive.

key = realm1key

The key is the overall cluster-to-cluster key used in combination with the external users' key that they set on their containers' X-Container-Sync-Key metadata header values. These keys will be used to sign each request the container sync daemon makes and used to validate each incoming container sync request.

key2 = realm1key2

The key2 is optional and is an additional key incoming requests will be checked against. This is so you can rotate keys if you wish; you move the existing key to key2 and make a new key value.

cluster_clustername3 = https://host3/v1/

Any values in the realm section whose names begin with cluster_ will indicate the name and endpoint of a cluster and will be used by external users in their containers' X-Container-Sync-To metadata header values with the format "realm_name/cluster_name/container_name". Realm and cluster names are considered case insensitive.

cluster_clustername4 = https://host4/v1/

Any values in the realm section whose names begin with cluster_ will indicate the name and endpoint of a cluster and will be used by external users in their containers' X-Container-Sync-To metadata header values with the format "realm_name/cluster_name/container_name". Realm and cluster names are considered case insensitive.

key = realm2key

The key is the overall cluster-to-cluster key used in combination with the external users' key that they set on their containers' X-Container-Sync-Key metadata header values. These keys will be used to sign each request the container sync daemon makes and used to validate each incoming container sync request.

key2 = realm2key2

The key2 is optional and is an additional key incoming requests will be checked against. This is so you can rotate keys if you wish; you move the existing key to key2 and make a new key value.

auth_key = testing

No help text available for this option.

auth_url = http://localhost:8080/auth/v1.0

Endpoint for auth server, such as keystone

auth_user = test:tester

Default user for dispersion in this context

auth_version = 1.0

Indicates which version of auth

concurrency = 25

Number of replication workers to spawn

container_populate = yes

No help text available for this option.

container_report = yes

No help text available for this option.

dispersion_coverage = 1.0

No help text available for this option.

dump_json = no

No help text available for this option.

endpoint_type = publicURL

Indicates whether endpoint for auth is public or internal

keystone_api_insecure = no

Allow accessing insecure keystone server. The keystone's certificate will not be verified.

object_populate = yes

No help text available for this option.

object_report = yes

No help text available for this option.

project_domain_name = project_domain

No help text available for this option.

project_name = project

No help text available for this option.

retries = 5

No help text available for this option.

swift_dir = /etc/swift

Swift configuration directory

user_domain_name = user_domain

No help text available for this option.

device_dir = /srv/node

Directory devices are mounted under

error_limit = 1

Number of errors to find before a device is unmounted

log_address = /dev/log

Location where syslog sends the logs to

log_facility = LOG_LOCAL0

Syslog log facility

log_file_pattern = /var/log/kern.*[!.][!g][!z]

Location of the log file with globbing pattern to check against device errors locate device blocks with errors in the log file

log_level = INFO

Logging level

log_max_line_length = 0

Caps the length of log lines to the value given; no limit if set to 0, the default.

log_name = drive-audit

Label used when logging

log_to_console = False

No help text available for this option.

minutes = 60

Number of minutes to look back in

recon_cache_path = /var/cache/swift

Directory where stats for a few items will be stored

regex_pattern_1 = \berror\b.*\b(dm-[0-9]{1,2}\d?)\b

No help text available for this option.

unmount_failed_device = True

No help text available for this option.

use = egg:swift#proxy

Entry point of paste.deploy in the server

log_address = /dev/log

Location where syslog sends the logs to

log_custom_handlers = `` ``

Comma-separated list of functions to call to setup custom log handlers.

log_facility = LOG_LOCAL0

Syslog log facility

log_level = INFO

Logging level

log_name = swift

Label used when logging

log_statsd_default_sample_rate = 1.0

Defines the probability of sending a sample for any given event or timing measurement.

log_statsd_host = localhost

If not set, the StatsD feature is disabled.

log_statsd_metric_prefix = `` ``

Value will be prepended to every metric sent to the StatsD server.

log_statsd_port = 8125

Port value for the StatsD server.

log_statsd_sample_rate_factor = 1.0

Not recommended to set this to a value less than 1.0, if frequency of logging is too high, tune the log_statsd_default_sample_rate instead.

log_udp_host = `` ``

If not set, the UDP receiver for syslog is disabled.

log_udp_port = 514

Port value for UDP receiver, if enabled.

swift_dir = /etc/swift

Swift configuration directory

user = swift

User to run as

use = egg:swift#memcache

Entry point of paste.deploy in the server

use = egg:swift#catch_errors

Entry point of paste.deploy in the server

use = egg:swift#proxy_logging

Entry point of paste.deploy in the server

pipeline = catch_errors proxy-logging cache proxy-server

No help text available for this option.

connect_timeout = 0.3

Timeout in seconds (float) for connection.

io_timeout = 2.0

Timeout in seconds (float) for read and write.

memcache_max_connections = 2

Max number of connections to each memcached server per worker services.

memcache_serialization_support = 2

Sets how memcache values are serialized and deserialized.

memcache_servers = 127.0.0.1:11211

Comma-separated list of memcached servers ip:port services.

pool_timeout = 1.0

Timeout in seconds (float) for pooled connection.

tries = 3

Number of servers to retry on failures getting a pooled connection.

use = egg:swift#proxy

Entry point of paste.deploy in the server

log_address = /dev/log

Location where syslog sends the logs to

log_custom_handlers =

Comma-separated list of functions to call to setup custom log handlers.

log_facility = LOG_LOCAL0

Syslog log facility

log_level = INFO

Logging level

log_max_line_length = 0

Caps the length of log lines to the value given; no limit if set to 0, the default.

log_name = swift

Label used when logging

log_statsd_default_sample_rate = 1.0

Defines the probability of sending a sample for any given event or timing measurement.

log_statsd_host = localhost

If not set, the StatsD feature is disabled.

log_statsd_metric_prefix =

Value will be prepended to every metric sent to the StatsD server.

log_statsd_port = 8125

Port value for the StatsD server.

log_statsd_sample_rate_factor = 1.0

Not recommended to set this to a value less than 1.0, if frequency of logging is too high, tune the log_statsd_default_sample_rate instead.

log_udp_host =

If not set, the UDP receiver for syslog is disabled.

log_udp_port = 514

Port value for UDP receiver, if enabled.

swift_dir = /etc/swift

Swift configuration directory

user = swift

User to run as

use = egg:swift#memcache

Entry point of paste.deploy in the server

use = egg:swift#catch_errors

Entry point of paste.deploy in the server

access_log_address = /dev/log

Location where syslog sends the logs to. If not set, logging directives from [DEFAULT] without "access_" will be used.

access_log_facility = LOG_LOCAL0

Syslog facility to receive log lines. If not set, logging directives from [DEFAULT] without "access_" will be used.

access_log_headers = false

Header to receive log lines. If not set, logging directives from [DEFAULT] without "access_" will be used.

access_log_headers_only =

If access_log_headers is True and access_log_headers_only is set only these headers are logged. Multiple headers can be defined as comma separated list like this: access_log_headers_only = Host, X-Object-Meta-Mtime

access_log_level = INFO

Syslog logging level to receive log lines. If not set, logging directives from [DEFAULT] without "access_" will be used.

access_log_name = swift

Label used when logging. If not set, logging directives from [DEFAULT] without "access_" will be used.

access_log_statsd_default_sample_rate = 1.0

Defines the probability of sending a sample for any given event or timing measurement. If not set, logging directives from [DEFAULT] without "access_" will be used.

access_log_statsd_host = localhost

You can use log_statsd_* from [DEFAULT], or override them here. StatsD server. IPv4/IPv6 addresses and hostnames are supported. If a hostname resolves to an IPv4 and IPv6 address, the IPv4 address will be used.

access_log_statsd_metric_prefix =

Value will be prepended to every metric sent to the StatsD server. If not set, logging directives from [DEFAULT] without "access_" will be used.

access_log_statsd_port = 8125

Port value for the StatsD server. If not set, logging directives from [DEFAULT] without "access_" will be used.

access_log_statsd_sample_rate_factor = 1.0

Not recommended to set this to a value less than 1.0, if frequency of logging is too high, tune the log_statsd_default_sample_rate instead. If not set, logging directives from [DEFAULT] without "access_" will be used.

access_log_udp_host =

If not set, the UDP receiver for syslog is disabled. If not set, logging directives from [DEFAULT] without "access_" will be used.

access_log_udp_port = 514

Port value for UDP receiver, if enabled. If not set, logging directives from [DEFAULT] without "access_" will be used.

log_statsd_valid_http_methods = GET,HEAD,POST,PUT,DELETE,COPY,OPTIONS

What HTTP methods are allowed for StatsD logging (comma-sep). request methods not in this list will have "BAD_METHOD" for the <verb> portion of the metric.

reveal_sensitive_prefix = 16

By default, the X-Auth-Token is logged. To obscure the value, set reveal_sensitive_prefix to the number of characters to log. For example, if set to 12, only the first 12 characters of the token appear in the log. An unauthorized access of the log file won't allow unauthorized usage of the token. However, the first 12 or so characters is unique enough that you can trace/debug token usage. Set to 0 to suppress the token completely (replaced by '...' in the log).

use = egg:swift#proxy_logging

Entry point of paste.deploy in the server

auto_create_account_prefix = .

Prefix to use when automatically creating accounts

concurrency = 1

Number of replication workers to spawn

expiring_objects_account_name = expiring_objects

Account name for expiring objects.

interval = 300

Minimum time for a pass to take

process = 0

(it will actually accept(2) N + 1). Setting this to one (1) will only handle one request at a time, without accepting another request concurrently.

processes = 0

for each port (disk) in the ring. If you have 24 disks per server, and this setting is 4, then each storage node will have 1 + (24 * 4) = 97 total object-server processes running. This gives complete I/O isolation, drastically reducing the impact of slow disks on storage node performance. The object-replicator and object-reconstructor need to see this setting too, so it must be in the [DEFAULT] section.

reclaim_age = 604800

Time elapsed in seconds before an object can be reclaimed

recon_cache_path = /var/cache/swift

Directory where stats for a few items will be stored

report_interval = 300

Interval in seconds between reports.

pipeline = catch_errors proxy-logging cache proxy-server

Pipeline to use for processing operations.

allowed_headers = Content-Disposition, Content-Encoding, X-Delete-At, X-Object-Manifest, X-Static-Large-Object

Comma-separated list of headers that can be set in metadata of an object

auto_create_account_prefix = .

Prefix to use when automatically creating accounts

keep_cache_private = false

Allow non-public objects to stay in kernel's buffer cache

keep_cache_size = 5242880

Largest object size to keep in buffer cache

max_upload_time = 86400

Maximum time allowed to upload an object

mb_per_sync = 512

On PUT requests, sync file every n MB

replication_concurrency = 4

Set to restrict the number of concurrent incoming REPLICATION requests; set to 0 for unlimited

replication_failure_ratio = 1.0

If the value of failures / successes of REPLICATION subrequests exceeds this ratio, the overall REPLICATION request will be aborted

replication_failure_threshold = 100

The number of subrequest failures before the replication_failure_ratio is checked

replication_lock_timeout = 15

Number of seconds to wait for an existing replication device lock before giving up.

replication_one_per_device = True

Restricts incoming REPLICATION requests to one per device, replication_currency above allowing. This can help control I/O to each device, but you may wish to set this to False to allow multiple REPLICATION requests (up to the above replication_concurrency setting) per device.

replication_server = false

If defined, tells server how to handle replication verbs in requests. When set to True (or 1), only replication verbs will be accepted. When set to False, replication verbs will be rejected. When undefined, server will accept any verb in the request.

set log_address = /dev/log

Location where syslog sends the logs to

set log_facility = LOG_LOCAL0

Syslog log facility

set log_level = INFO

Log level

set log_name = object-server

Label to use when logging

set log_requests = true

Whether or not to log requests

slow = 0

If > 0, Minimum time in seconds for a PUT or DELETE request to complete

splice = no

Use splice() for zero-copy object GETs. This requires Linux kernel version 3.0 or greater. When you set "splice = yes" but the kernel does not support it, error messages will appear in the object server logs at startup, but your object servers should continue to function.

threads_per_disk = 0

Size of the per-disk thread pool used for performing disk I/O. The default of 0 means to not use a per-disk thread pool. It is recommended to keep this value small, as large values can result in high read latencies due to large queue depths. A good starting point is 4 threads per disk.

use = egg:swift#object

Entry point of paste.deploy in the server

backlog = 4096

Maximum number of allowed pending TCP connections

bind_ip = 0.0.0.0

IP Address for server to bind to

bind_port = 6000

Port for server to bind to

bind_timeout = 30

Seconds to attempt bind before giving up

client_timeout = 60

Time to wait while receiving each chunk of data from a client or another backend node

conn_timeout = 0.5

Connection timeout to external services

container_update_timeout = 1.0

Time to wait while sending a container update on object update. object server. For most cases, this should be

devices = /srv/node

Parent directory of where devices are mounted

disable_fallocate = false

Disable "fast fail" fallocate checks if the underlying filesystem does not support it.

disk_chunk_size = 65536

Size of chunks to read/write to disk

eventlet_debug = false

If true, turn on debug logging for eventlet

expiring_objects_account_name = expiring_objects

Account name for the expiring objects

expiring_objects_container_divisor = 86400

Divisor for the expiring objects container

fallocate_reserve = 0

You can set fallocate_reserve to the number of bytes you'd like fallocate to reserve, whether there is space for the given file size or not. This is useful for systems that behave badly when they completely run out of space; you can make the services pretend they're out of space early. server. For most cases, this should be

log_address = /dev/log

Location where syslog sends the logs to

log_custom_handlers = `` ``

Comma-separated list of functions to call to setup custom log handlers.

log_facility = LOG_LOCAL0

Syslog log facility

log_level = INFO

Logging level

log_max_line_length = 0

Caps the length of log lines to the value given; no limit if set to 0, the default.

log_name = swift

Label used when logging

log_statsd_default_sample_rate = 1.0

Defines the probability of sending a sample for any given event or timing measurement.

log_statsd_host = localhost

If not set, the StatsD feature is disabled.

log_statsd_metric_prefix = `` ``

Value will be prepended to every metric sent to the StatsD server.

log_statsd_port = 8125

Port value for the StatsD server.

log_statsd_sample_rate_factor = 1.0

Not recommended to set this to a value less than 1.0, if frequency of logging is too high, tune the log_statsd_default_sample_rate instead.

log_udp_host = `` ``

If not set, the UDP receiver for syslog is disabled.

log_udp_port = 514

Port value for UDP receiver, if enabled.

max_clients = 1024

Maximum number of clients one worker can process simultaneously Lowering the number of clients handled per worker, and raising the number of workers can lessen the impact that a CPU intensive, or blocking, request can have on other requests served by the same worker. If the maximum number of clients is set to one, then a given worker will not perform another call while processing, allowing other workers a chance to process it.

mount_check = true

Whether or not check if the devices are mounted to prevent accidentally writing to the root device

network_chunk_size = 65536

Size of chunks to read/write over the network

node_timeout = 3

Request timeout to external services

servers_per_port = 0

If each disk in each storage policy ring has unique port numbers for its "ip" value, you can use this setting to have each object-server worker only service requests for the single disk matching the port in the ring. The value of this setting determines how many worker processes run for each port (disk) in the

swift_dir = /etc/swift

Swift configuration directory

user = swift

User to run as

workers = auto

a much higher value, one can reduce the impact of slow file system operations in one request from negatively impacting other requests.

disable_path =

An optional filesystem path, which if present, will cause the healthcheck URL to return "503 Service Unavailable" with a body of "DISABLED BY FILE"

use = egg:swift#healthcheck

Entry point of paste.deploy in the server

recon_cache_path = /var/cache/swift

Directory where stats for a few items will be stored

recon_lock_path = /var/lock

Directory where lock files will be stored

use = egg:swift#recon

Entry point of paste.deploy in the server

dump_interval = 5.0

the profile data will be dumped to local disk based on above naming rule in this interval (seconds).

dump_timestamp = false

Be careful, this option will enable the profiler to dump data into the file with a time stamp which means that there will be lots of files piled up in the directory.

flush_at_shutdown = false

Clears the data when the wsgi server shutdowns.

log_filename_prefix = /tmp/log/swift/profile/default.profile

This prefix is used to combine the process ID and timestamp to name the profile data file. Make sure the executing user has permission to write into this path. Any missing path segments will be created, if necessary. When you enable profiling in more than one type of daemon, you must override it with a unique value like: /var/log/swift/profile/object.profile

path = /__profile__

This is the path of the URL to access the mini web UI.

profile_module = eventlet.green.profile

This option enables you to switch profilers which inherit from the Python standard profiler. Currently, the supported value can be 'cProfile', 'eventlet.green.profile', etc.

unwind = false

unwind the iterator of applications

use = egg:swift#xprofile

Entry point of paste.deploy in the server

bytes_per_second = 10000000

Maximum bytes audited per second. Should be tuned according to individual system specs. 0 is unlimited. mounted to prevent accidentally writing to the root device process simultaneously (it will actually accept(2) N + 1). Setting this to one (1) will only handle one request at a time, without accepting another request concurrently. By increasing the number of workers to a much higher value, one can reduce the impact of slow file system operations in one request from negatively impacting other requests. underlying filesystem does not support it. to setup custom log handlers. bytes you'd like fallocate to reserve, whether there is space for the given file size or not. This is useful for systems that behave badly when they completely run out of space; you can make the services pretend they're out of space early. container server. For most cases, this should be

concurrency = 1

Number of replication workers to spawn

disk_chunk_size = 65536

Size of chunks to read/write to disk

files_per_second = 20

Maximum files audited per second. Should be tuned according to individual system specs. 0 is unlimited.

log_address = /dev/log

Location where syslog sends the logs to

log_facility = LOG_LOCAL0

Syslog log facility

log_level = INFO

Logging level

log_name = object-auditor

Label used when logging

log_time = 3600

Frequency of status logs in seconds.

object_size_stats =

Takes a comma-separated list of ints. When set, the object auditor will increment a counter for every object whose size is greater or equal to the given breaking points and reports the result after a full scan.

recon_cache_path = /var/cache/swift

Directory where stats for a few items will be stored

zero_byte_files_per_second = 50

Maximum zero byte files audited per second.

concurrency = 1

Number of replication workers to spawn

daemonize = on

Whether or not to run replication as a daemon

handoffs_first = False

If set to True, partitions that are not supposed to be on the node will be replicated first. The default setting should not be changed, except for extreme situations.

http_timeout = 60

Maximum duration for an HTTP request

interval = 30

Minimum time for a pass to take

lockup_timeout = 1800

Attempts to kill all workers if nothing replications for lockup_timeout seconds

log_address = /dev/log

Location where syslog sends the logs to

log_facility = LOG_LOCAL0

Syslog log facility

log_level = INFO

Logging level

log_name = object-reconstructor

Label used when logging

node_timeout = 10

Request timeout to external services

reclaim_age = 604800

Time elapsed in seconds before an object can be reclaimed

recon_cache_path = /var/cache/swift

Directory where stats for a few items will be stored

ring_check_interval = 15

How often (in seconds) to check the ring

run_pause = 30

Time in seconds to wait between replication passes

stats_interval = 300

Interval in seconds between logging replication statistics

concurrency = 1

Number of replication workers to spawn

daemonize = on

Whether or not to run replication as a daemon

handoff_delete = auto

By default handoff partitions will be removed when it has successfully replicated to all the canonical nodes. If set to an integer n, it will remove the partition if it is successfully replicated to n nodes. The default setting should not be changed, except for extremem situations. This uses what's set here, or what's set in the DEFAULT section, or 10 (though other sections use 3 as the final default).

handoffs_first = False

If set to True, partitions that are not supposed to be on the node will be replicated first. The default setting should not be changed, except for extreme situations.

http_timeout = 60

Maximum duration for an HTTP request

interval = 30

Minimum time for a pass to take

lockup_timeout = 1800

Attempts to kill all workers if nothing replications for lockup_timeout seconds

log_address = /dev/log

Location where syslog sends the logs to

log_facility = LOG_LOCAL0

Syslog log facility

log_level = INFO

Logging level

log_name = object-replicator

Label used when logging

node_timeout = <whatever's in the DEFAULT section or 10>

Request timeout to external services

reclaim_age = 604800

Time elapsed in seconds before an object can be reclaimed

recon_cache_path = /var/cache/swift

Directory where stats for a few items will be stored

ring_check_interval = 15

How often (in seconds) to check the ring

rsync_bwlimit = 0

bandwidth limit for rsync in kB/s. 0 means unlimited

rsync_compress = no

Allows rsync to compress data which is transmitted to the destination node during sync. However, this applies only when the destination node is in a different region than the local one.

rsync_error_log_line_length = 0

Limits the length of the rsync error log lines. 0 will log the entire line.

rsync_io_timeout = 30

Passed to rsync for a max duration (seconds) of an I/O op

rsync_module = {replication_ip}::object

Format of the rsync module where the replicator will send data. The configuration value can include some variables that will be extracted from the ring. Variables must follow the format {NAME} where NAME is one of: ip, port, replication_ip, replication_port, region, zone, device, meta. See etc/rsyncd.conf-sample for some examples. uses what's set here, or what's set in the DEFAULT section, or 10 (though other sections use 3 as the final default).

rsync_timeout = 900

Max duration (seconds) of a partition rsync

run_pause = 30

Time in seconds to wait between replication passes

stats_interval = 300

Interval in seconds between logging replication statistics

sync_method = rsync

default is rsync, alternative is ssync

concurrency = 1

Number of replication workers to spawn

interval = 300

Minimum time for a pass to take

log_address = /dev/log

Location where syslog sends the logs to

log_facility = LOG_LOCAL0

Syslog log facility

log_level = INFO

Logging level

log_name = object-updater

Label used when logging

node_timeout = <whatever's in the DEFAULT section or 10>

Request timeout to external services

recon_cache_path = /var/cache/swift

Directory where stats for a few items will be stored

slowdown = 0.01

Time in seconds to wait between objects

pipeline = healthcheck recon object-server

Pipeline to use for processing operations.

account_autocreate = false

If set to 'true' authorized accounts that do not yet exist within the Swift cluster will be automatically created.

allow_account_management = false

Whether account PUTs and DELETEs are even callable.

auto_create_account_prefix = .

Prefix to use when automatically creating accounts.

client_chunk_size = 65536

Chunk size to read from clients.

conn_timeout = 0.5

Connection timeout to external services.

deny_host_headers =

Comma separated list of Host headers to which the proxy will deny requests.

error_suppression_interval = 60

Time in seconds that must elapse since the last error for a node to be considered no longer error limited.

error_suppression_limit = 10

Error count to consider a node error limited.

log_handoffs = true

Log handoff requests if handoff logging is enabled and the handoff was not expected.

We only log handoffs when we've pushed the handoff count further than we would normally have expected under normal circumstances, that is (request_node_count - num_primaries), when handoffs goes higher than that it means one of the primaries must have been skipped because of error limiting before we consumed all of our nodes_left.

max_containers_per_account = 0

If set to a positive value, trying to create a container when the account already has at least this maximum containers will result in a 403 Forbidden. Note: This is a soft limit, meaning a user might exceed the cap for recheck_account_existence before the 403s kick in.

max_containers_whitelist =

is a comma separated list of account names that ignore the max_containers_per_account cap.

node_timeout = 10

Request timeout to external services.

object_chunk_size = 65536

Chunk size to read from object servers.

object_post_as_copy = true

Set object_post_as_copy = false to turn on fast posts where only the metadata changes are stored anew and the original data file is kept in place. This makes for quicker posts; but since the container metadata isn't updated in this mode, features like container sync won't be able to sync posts.

post_quorum_timeout = 0.5

How long to wait for requests to finish after a quorum has been established.

put_queue_depth = 10

Depth of the proxy put queue.

read_affinity = r1z1=100, r1z2=200, r2=300

Which backend servers to prefer on reads. Format is r<N> for region N or r<N>z<M> for region N, zone M. The value after the equals is the priority; lower numbers are higher priority.

Example: first read from region 1 zone 1, then region 1 zone 2, then anything in region 2, then everything else: read_affinity = r1z1=100, r1z2=200, r2=300

Default is empty, meaning no preference.

recheck_account_existence = 60

Cache timeout in seconds to send memcached for account existence.

recheck_container_existence = 60

Cache timeout in seconds to send memcached for container existence.

recoverable_node_timeout = node_timeout

Request timeout to external services for requests that, on failure, can be recovered from. For example, object GET. from a client external services.

request_node_count = 2 * replicas

replicas Set to the number of nodes to contact for a normal request. You can use '* replicas' at the end to have it use the number given times the number of replicas for the ring being used for the request. conf file for values will only be shown to the list of swift_owners. The exact default definition of a swift_owner is headers> up to the auth system in use, but usually indicates administrative responsibilities. paste.deploy to use for auth. To use tempauth set to:

set log_address = /dev/log

Location where syslog sends the logs to.

set log_facility = LOG_LOCAL0

Syslog log facility.

set log_level = INFO

Log level.

set log_name = proxy-server

Label to use when logging.

sorting_method = shuffle

Storage nodes can be chosen at random (shuffle), by using timing measurements (timing), or by using an explicit match (affinity). Using timing measurements may allow for lower overall latency, while using affinity allows for finer control. In both the timing and affinity cases, equally-sorting nodes are still randomly chosen to spread load.

The valid values for sorting_method are "affinity", "shuffle", or "timing".

swift_owner_headers = x-container-read, x-container-write, x-container-sync-key, x-container-sync-to, x-account-meta-temp-url-key, x-account-meta-temp-url-key-2, x-container-meta-temp-url-key, x-container-meta-temp-url-key-2, x-account-access-control

These are the headers whose conf file for values will only be shown to the list of swift_owners. The exact default definition of a swift_owner is headers> up to the auth system in use, but usually indicates administrative responsibilities. paste.deploy to use for auth. To use tempauth set to:

timing_expiry = 300

If the "timing" sorting_method is used, the timings will only be valid for the number of seconds configured by timing_expiry.

use = egg:swift#proxy

Entry point of paste.deploy in the server.

write_affinity = r1, r2

This setting lets you trade data distribution for throughput. It makes the proxy server prefer local back-end servers for object PUT requests over non-local ones. Note that only object PUT requests are affected by the write_affinity setting; POST, GET, HEAD, DELETE, OPTIONS, and account/container PUT requests are not affected. The format is r<N> for region N or r<N>z<M> for region N, zone M. If this is set, then when handling an object PUT request, some number (see the write_affinity_node_count setting) of local backend servers will be tried before any nonlocal ones. Example: try to write to regions 1 and 2 before writing to any other nodes: write_affinity = r1, r2

write_affinity_node_count = 2 * replicas

This setting is only useful in conjunction with write_affinity; it governs how many local object servers will be tried before falling back to non-local ones. You can use '* replicas' at the end to have it use the number given times the number of replicas for the ring being used for the request: write_affinity_node_count = 2 * replicas

admin_key = secret_admin_key

To use for admin calls that are HMAC signed. Default is empty, which will disable admin calls to /info.

backlog = 4096

Maximum number of allowed pending TCP connections.

bind_ip = 0.0.0.0

IP Address for server to bind to.

bind_port = 8080

Port for server to bind to.

bind_timeout = 30

Seconds to attempt bind before giving up.

cert_file = /etc/swift/proxy.crt

To the ssl .crt. This should be enabled for testing purposes only.

client_timeout = 60

Time to wait while receiving each chunk of data from a client or another backend node.

cors_allow_origin =

is a list of hosts that are included with any CORS request by default and returned with the Access-Control-Allow-Origin header in addition to what the container has set. to call to setup custom log handlers. for eventlet the proxy server. For most cases, this should be.

disallowed_sections = swift.valid_api_versions, container_quotas, tempurl

Allows the ability to withhold sections from showing up in the public calls to /info. You can withhold subsections by separating the dict level with a ".". The following would cause the sections 'container_quotas' and 'tempurl' to not be listed, and the key max_failed_deletes would be removed from bulk_delete.

Default value is 'swift.valid_api_versions' which allows all registered features to be listed via HTTP GET /info except swift.valid_api_versions information.

eventlet_debug = false

If true, turn on debug logging for eventlet.

expiring_objects_account_name = expiring_objects

Account name for the expiring objects.

expiring_objects_container_divisor = 86400

Divisor for the expiring objects container.

expose_info = true

Enables exposing configuration settings via HTTP GET /info.

key_file = /etc/swift/proxy.key

to the ssl .key. This should be enabled for testing purposes only.

log_address = /dev/log

Location where syslog sends the logs to.

log_custom_handlers =

Comma-separated list of functions to call to setup custom log handlers.

log_facility = LOG_LOCAL0

Syslog log facility.

log_headers = false

Enables the ability to log request headers.

log_level = INFO

Logging level.

log_max_line_length = 0

Caps the length of log lines to the value given; no limit if set to 0, the default.

log_name = swift

Label used when logging.

log_statsd_default_sample_rate = 1.0

Defines the probability of sending a sample for any given event or timing measurement.

log_statsd_host = localhost

If not set, the StatsD feature is disabled.

log_statsd_metric_prefix =

Value will be prepended to every metric sent to the StatsD server.

log_statsd_port = 8125

Port value for the StatsD server.

log_statsd_sample_rate_factor = 1.0

Not recommended to set this to a value less than 1.0, if frequency of logging is too high, tune the log_statsd_default_sample_rate instead.

log_udp_host =

If not set, the UDP receiver for syslog is disabled.

log_udp_port = 514

Port value for UDP receiver, if enabled.

max_clients = 1024

Maximum number of clients one worker can process simultaneously Lowering the number of clients handled per worker, and raising the number of workers can lessen the impact that a CPU intensive, or blocking, request can have on other requests served by the same worker. If the maximum number of clients is set to one, then a given worker will not perform another call while processing, allowing other workers a chance to process it.

strict_cors_mode = True

Enforce CORS.

swift_dir = /etc/swift

Swift configuration directory.

trans_id_suffix =

This optional suffix (default is empty) that would be appended to the swift transaction id allows one to easily figure out from which cluster that X-Trans-Id belongs to. This is very useful when one is managing more than one swift cluster.

user = swift

User to run as.

workers = auto

a much higher value, one can reduce the impact of slow file system operations in one request from negatively impacting other requests.

use = egg:swift#account_quotas

Entry point of paste.deploy in the server

auth_plugin = password

Authentication module to use.

auth_uri = http://keystonehost:5000

auth_uri should point to a Keystone service from which users may retrieve tokens. This value is used in the WWW-Authenticate header that auth_token sends with any denial response.

auth_url = http://keystonehost:35357

auth_url points to the Keystone Admin service. This information is used by the middleware to actually query Keystone about the validity of the authentication tokens. It is not necessary to append any Keystone API version number to this URI.

cache = swift.cache

cache is set to swift.cache. This means that the middleware will get the Swift memcache from the request environment.

delay_auth_decision = False

delay_auth_decision defaults to False, but leaving it as false will prevent other auth systems, staticweb, tempurl, formpost, and ACLs from working. This value must be explicitly set to True.

include_service_catalog = False

include_service_catalog defaults to True if not set. This means that when validating a token, the service catalog is retrieved and stored in the X-Service-Catalog header. Since Swift does not use the X-Service-Catalog header, there is no point in getting the service catalog. We recommend you set include_service_catalog to False.

password = password

Password for service user.

paste.filter_factory = keystonemiddleware.auth_token:filter_factory

Entry point of paste.filter_factory in the server.

project_domain_id = default

Service project domain.

project_name = service

Service project name.

user_domain_id = default

Service user domain.

username = swift

Service user name.

delete_container_retry_count = 0

The parameter is used during a bulk delete of objects and their container. This would frequently fail because it is very likely that all replicated objects have not been deleted by the time the middleware got a successful response. It can be configured the number of retries. And the number of seconds to wait between each retry will be 1.5**retry.

max_containers_per_extraction = 10000

The maximum numbers of containers per extraction.

max_deletes_per_request = 10000

The maximum numbers of deletion per request.

max_failed_deletes = 1000

The maximum number of tries to delete before failure.

max_failed_extractions = 1000

The maximum number of tries to extract before failure.

use = egg:swift#bulk

Entry point of paste.deploy in the server.

yield_frequency = 10

In order to keep a connection active during a potentially long bulk request, Swift may return whitespace prepended to the actual response body. This whitespace will be yielded no more than every yield_frequency seconds.

memcache_max_connections = 2

Max number of connections to each memcached server per worker services

memcache_serialization_support = 2

Sets how memcache values are serialized and deserialized

memcache_servers = 127.0.0.1:11211

Comma-separated list of memcached servers ip:port services

set log_address = /dev/log

Location where syslog sends the logs to

set log_facility = LOG_LOCAL0

Syslog log facility

set log_headers = false

If True, log headers in each request

set log_level = INFO

Log level

set log_name = cache

Label to use when logging

use = egg:swift#memcache

Entry point of paste.deploy in the server

set log_address = /dev/log

Location where syslog sends the logs to

set log_facility = LOG_LOCAL0

Syslog log facility

set log_headers = false

If True, log headers in each request

set log_level = INFO

Log level

set log_name = catch_errors

Label to use when logging

use = egg:swift#catch_errors

Entry point of paste.deploy in the server

lookup_depth = 1

Because CNAMES can be recursive, specifies the number of levels through which to search.

set log_address = /dev/log

Location where syslog sends the logs to

set log_facility = LOG_LOCAL0

Syslog log facility

set log_headers = false

If True, log headers in each request

set log_level = INFO

Log level

set log_name = cname_lookup

Label to use when logging

storage_domain = example.com

Domain that matches your cloud. Multiple domains can be specified using a comma-separated list.

use = egg:swift#cname_lookup

Entry point of paste.deploy in the server

use = egg:swift#container_quotas

Entry point of paste.deploy in the server

allow_full_urls = true

Set this to false if you want to disallow any full URL values to be set for any new X-Container-Sync-To headers. This will keep any new full URLs from coming in, but won't change any existing values already in the cluster. Updating those will have to be done manually, as knowing what the true realm endpoint should be cannot always be guessed.

current = //REALM/CLUSTER

Set this to specify this cluster //realm/cluster as "current" in /info.

use = egg:swift#container_sync

Entry point of paste.deploy in the server.

max_get_time = 86400

Time limit on GET requests (seconds).

rate_limit_after_segment = 10

Rate limit the download of large object segments after this segment is downloaded.

rate_limit_segments_per_sec = 1

Rate limit large object downloads at this rate. contact for a normal request. You can use '* replicas' at the end to have it use the number given times the number of replicas for the ring being used for the request. paste.deploy to use for auth. To use tempauth set to:

use = egg:swift#dlo

Entry point of paste.deploy in the server.

default_reseller_prefix =

If the reseller prefixes do not match, the default reseller prefix is used. When no default reseller prefix is configured, any request with an account prefix not in that list will be ignored by this middleware.

path_root = v1

Root path.

reseller_prefixes = AUTH

Browsers can convert a host header to lowercase, so check that reseller prefix on the account is the correct case. This is done by comparing the items in the reseller_prefixes config option to the found prefix. If they match except for case, the item from reseller_prefixes will be used instead of the found reseller prefix.

set log_address = /dev/log

Location where syslog sends the logs to.

set log_facility = LOG_LOCAL0

Syslog log facility.

set log_headers = false

If True, log headers in each request.

set log_level = INFO

Log level.

set log_name = domain_remap

Label to use when logging.

storage_domain = example.com

Domain that matches your cloud. Multiple domains can be specified using a comma-separated list.

use = egg:swift#domain_remap

Entry point of paste.deploy in the server.

use = egg:swift#formpost

Entry point of paste.deploy in the server

set log_address = /dev/log

Location where syslog sends the logs to

set log_facility = LOG_LOCAL0

Syslog log facility

set log_headers = false

If True, log headers in each request

set log_level = INFO

Log level

set log_name = gatekeeper

Label to use when logging

use = egg:swift#gatekeeper

Entry point of paste.deploy in the server

disable_path =

An optional filesystem path, which if present, will cause the healthcheck URL to return "503 Service Unavailable" with a body of "DISABLED BY FILE".

use = egg:swift#healthcheck

Entry point of paste.deploy in the server.

allow_names_in_acls = true

The backwards compatible behavior can be disabled by setting this option to False.

allow_overrides = true

This option allows middleware higher in the WSGI pipeline to override auth processing, useful for middleware such as tempurl and formpost. If you know you are not going to use such middleware and you want a bit of extra security, you can set this to False.

default_domain_id = default

Name of the default domain. It is identified by its UUID, which by default has the value "default".

is_admin = false

If this option is set to True, it allows to give a user whose username is the same as the project name and who has any role in the project access rights elevated to be the same as if the user had one of the operator_roles. Note that the condition compares names rather than UUIDs. This option is deprecated. It is False by default.

operator_roles = admin, swiftoperator

Operator role defines the user which is allowed to manage a tenant and create containers or give ACL to others. This parameter may be prefixed with an appropriate prefix.

reseller_admin_role = ResellerAdmin

The reseller admin role gives the ability to create and delete accounts.

reseller_prefix = AUTH

The naming scope for the auth service.

service_roles =

When present, this option requires that the X-Service-Token header supplies a token from a user who has a role listed in service_roles. This parameter may be prefixed with an appropriate prefix.

use = egg:swift#keystoneauth

Entry point of paste.deploy in the server.

list_endpoints_path = /endpoints/

Path to list endpoints for an object, account or container.

use = egg:swift#list_endpoints

Entry point of paste.deploy in the server.

forbidden_chars = '"`<>

Characters that are not allowed in a name

forbidden_regexp = /\./|/\.\./|/\.$|/\.\.$

Substrings to forbid, using regular expression syntax

maximum_length = 255

Maximum length of a name

use = egg:swift#name_check

Entry point of paste.deploy in the server

access_log_address = /dev/log

Location where syslog sends the logs to. If not set, logging directives from [DEFAULT] without "access_" will be used.

access_log_facility = LOG_LOCAL0

Syslog facility to receive log lines. If not set, logging directives from [DEFAULT] without "access_" will be used.

access_log_headers = false

Header to receive log lines. If not set, logging directives from [DEFAULT] without "access_" will be used.

access_log_headers_only =

If access_log_headers is True and access_log_headers_only is set only these headers are logged. Multiple headers can be defined as comma separated list like this: access_log_headers_only = Host, X-Object-Meta-Mtime.

access_log_level = INFO

Syslog logging level to receive log lines. If not set, logging directives from [DEFAULT] without "access_" will be used.

access_log_name = swift

Label used when logging. If not set, logging directives from [DEFAULT] without "access_" will be used.

access_log_statsd_default_sample_rate = 1.0

Defines the probability of sending a sample for any given event or timing measurement. If not set, logging directives from [DEFAULT] without "access_" will be used.

access_log_statsd_host = localhost

You can use log_statsd_* from [DEFAULT], or override them here. StatsD server. IPv4/IPv6 addresses and hostnames are supported. If a hostname resolves to an IPv4 and IPv6 address, the IPv4 address will be used.

access_log_statsd_metric_prefix =

Value will be prepended to every metric sent to the StatsD server. If not set, logging directives from [DEFAULT] without "access_" will be used.

access_log_statsd_port = 8125

Port value for the StatsD server. If not set, logging directives from [DEFAULT] without "access_" will be used.

access_log_statsd_sample_rate_factor = 1.0

Not recommended to set this to a value less than 1.0, if frequency of logging is too high, tune the log_statsd_default_sample_rate instead. If not set, logging directives from [DEFAULT] without "access_" will be used.

access_log_udp_host =

If not set, the UDP receiver for syslog is disabled. If not set, logging directives from [DEFAULT] without "access_" will be used.

access_log_udp_port = 514

Port value for UDP receiver, if enabled. If not set, logging directives from [DEFAULT] without "access_" will be used.

log_statsd_valid_http_methods = GET,HEAD,POST,PUT,DELETE,COPY,OPTIONS

What HTTP methods are allowed for StatsD logging (comma-sep). request methods not in this list will have "BAD_METHOD" for the <verb> portion of the metric.

reveal_sensitive_prefix = 16

The X-Auth-Token is sensitive data. If revealed to an unauthorised person, they can now make requests against an account until the token expires. Set reveal_sensitive_prefix to the number of characters of the token that are logged. For example reveal_sensitive_prefix = 12 so only first 12 characters of the token are logged. Or, set to 0 to completely remove the token.

use = egg:swift#proxy_logging

Entry point of paste.deploy in the server.

account_blacklist = c,d

Comma separated lists of account names that will not be allowed. Returns a 497 response. r: for containers of size x, limit requests per second to r. Will limit PUT, DELETE, and POST requests to /a/c/o. container_listing_ratelimit_x = r: for containers of size x, limit listing requests per second to r. Will limit GET requests to /a/c.

account_ratelimit = 0

If set, will limit PUT and DELETE requests to /account_name/container_name. Number is in requests per second.

account_whitelist = a,b

Comma separated lists of account names that will not be rate limited.

clock_accuracy = 1000

Represents how accurate the proxy servers' system clocks are with each other. 1000 means that all the proxies' clock are accurate to each other within 1 millisecond. No ratelimit should be higher than the clock accuracy.

container_listing_ratelimit_0 = 100

with container_listing_ratelimit_x = r, for containers of size x, limit container GET (listing) requests per second to r. The container rate will be linearly interpolated from the values given. With the default values, a container of size 5 will get a rate of 75.

container_listing_ratelimit_10 = 50

with container_listing_ratelimit_x = r, for containers of size x, limit container GET (listing) requests per second to r. The container rate will be linearly interpolated from the values given. With the default values, a container of size 5 will get a rate of 75.

container_listing_ratelimit_50 = 20

with container_listing_ratelimit_x = r, for containers of size x, limit container GET (listing) requests per second to r. The container rate will be linearly interpolated from the values given. With the default values, a container of size 5 will get a rate of 75.

container_ratelimit_0 = 100

with container_ratelimit_x = r, for containers of size x, limit write requests per second to r. The container rate will be linearly interpolated from the values given. With the default values, a container of size 5 will get a rate of 75.

container_ratelimit_10 = 50

with container_ratelimit_x = r, for containers of size x, limit write requests per second to r. The container rate will be linearly interpolated from the values given. With the default values, a container of size 5 will get a rate of 75.

container_ratelimit_50 = 20

with container_ratelimit_x = r, for containers of size x, limit write requests per second to r. The container rate will be linearly interpolated from the values given. With the default values, a container of size 5 will get a rate of 75.

log_sleep_time_seconds = 0

To allow visibility into rate limiting set this value > 0 and all sleeps greater than the number will be logged.

max_sleep_time_seconds = 60

App will immediately return a 498 response if the necessary sleep time ever exceeds the given max_sleep_time_seconds.

rate_buffer_seconds = 5

Number of seconds the rate counter can drop and be allowed to catch up (at a faster than listed rate). A larger number will result in larger spikes in rate but better average accuracy.

set log_address = /dev/log

Location where syslog sends the logs to.

set log_facility = LOG_LOCAL0

Syslog log facility.

set log_headers = false

If True, log headers in each request.

set log_level = INFO

Log level.

set log_name = ratelimit

Label to use when logging.

use = egg:swift#ratelimit

Entry point of paste.deploy in the server.

max_get_time = 86400

Time limit on GET requests (seconds)

max_manifest_segments = 1000

Maximum number of segments.

max_manifest_size = 2097152

Maximum size of segments.

min_segment_size = 1048576

Minimum size of segments.

rate_limit_after_segment = 10

Rate limit the download of large object segments after this segment is downloaded.

rate_limit_segments_per_sec = 0

Rate limit large object downloads at this rate. contact for a normal request. You can use '* replicas' at the end to have it use the number given times the number of replicas for the ring being used for the request. paste.deploy to use for auth. To use tempauth set to:

use = egg:swift#slo

Entry point of paste.deploy in the server.

use = egg:swift#staticweb

Entry point of paste.deploy in the server

allow_overrides = true

This option allows middleware higher in the WSGI pipeline to override auth processing, useful for middleware such as tempurl and formpost. If you know you are not going to use such middleware and you want a bit of extra security, you can set this to False.

auth_prefix = /auth/

The HTTP request path prefix for the auth service. Swift itself reserves anything beginning with the letter.

require_group =

The require_group parameter names a group that must be presented by either X-Auth-Token or X-Service-Token. Usually this parameter is used only with multiple reseller prefixes (for example, SERVICE_require_group=blah). By default, no group is needed. Do not use .admin.

reseller_prefix = AUTH

The naming scope for the auth service.

set log_address = /dev/log

Location where syslog sends the logs to.

set log_facility = LOG_LOCAL0

Syslog log facility.

set log_headers = false

If True, log headers in each request.

set log_level = INFO

Log level.

set log_name = tempauth

Label to use when logging.

storage_url_scheme = default

Scheme to return with storage urls: http, https, or default (chooses based on what the server is running as) This can be useful with an SSL load balancer in front of a non-SSL server.

token_life = 86400

The number of seconds a token is valid.

use = egg:swift#tempauth

Entry point of paste.deploy in the server.

user_<account>_<user> = <key> [group] [group] [...] [storage_url]

List of all the accounts and user you want.

The following are example entries required for running the tests:

incoming_allow_headers =

Headers allowed as exceptions to incoming_remove_headers. Simply a whitespace delimited list of header names and names can optionally end with '*' to indicate a prefix match.

incoming_remove_headers = x-timestamp

Headers to remove from incoming requests. Simply a whitespace delimited list of header names and names can optionally end with '*' to indicate a prefix match.

methods = GET HEAD PUT POST DELETE

HTTP methods allowed with Temporary URLs.

outgoing_allow_headers = x-object-meta-public-*

Headers allowed as exceptions to outgoing_allow_headers. Simply a whitespace delimited list of header names and names can optionally end with '*' to indicate a prefix match.

outgoing_remove_headers = x-object-meta-*

Headers to remove from outgoing responses. Simply a whitespace delimited list of header names and names can optionally end with '*' to indicate a prefix match.

use = egg:swift#tempurl

Entry point of paste.deploy in the server.

allow_versioned_writes = false

Enables using versioned writes middleware and exposing configuration settings via HTTP GET /info.

use = egg:swift#versioned_writes

Entry point of paste.deploy in the server.

dump_interval = 5.0

The profile data will be dumped to local disk based on above naming rule in this interval (seconds).

dump_timestamp = false

Be careful, this option will enable the profiler to dump data into the file with a time stamp which means that there will be lots of files piled up in the directory.

flush_at_shutdown = false

Clears the data when the wsgi server shutdowns.

log_filename_prefix = /tmp/log/swift/profile/default.profile

This prefix is used to combine the process ID and timestamp to name the profile data file. Make sure the executing user has permission to write into this path. Any missing path segments will be created, if necessary. When you enable profiling in more than one type of daemon, you must override it with a unique value like: /var/log/swift/profile/accoutn.profile.

path = /__profile__

This is the path of the URL to access the mini web UI.

profile_module = eventlet.green.profile

This option enables you to switch profilers which inherit from the Python standard profiler. Currently, the supported value can be ‘cProfile’, ‘eventlet.green.profile’, etc.

unwind = false

Unwind the iterator of applications.

use = egg:swift#xprofile

Entry point of paste.deploy in the server.

pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk tempurl ratelimit tempauth container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server

Pipeline to use for processing operations.

lock file = /var/lock/account.lock

No help text available for this option.

max connections = 2

No help text available for this option.

path = /srv/node

No help text available for this option.

read only = false

No help text available for this option.

gid = swift

Group ID for rsyncd.

log file = /var/log/rsyncd.log

Log file for rsyncd.

pid file = /var/run/rsyncd.pid

PID file for rsyncd.

uid = swift

User ID for rsyncd.

max connections =

Maximum number of connections for rsyncd. This option should be set for each account, container, or object.

path = /srv/node

Working directory for rsyncd to use. This option should be set for each account, container, or object.

read only = false

Set read only. This option should be set for each account, container, or object.

lock file =

Lock file for rsyncd. This option should be set for each account, container, or object.

default = yes

If no policies are defined a policy with index 0 will be automatically created for backwards compatibility and given the name Policy-0. A default policy is used when creating new containers when no policy is specified in the request. If no other policies are defined the policy with index 0 will be declared the default. If multiple policies are defined you must define a policy with index 0 and you must specify a default. It is recommended you always define a section for storage-policy:0. Aliases are not required when defining a storage policy.

name = Policy-0

No help text available for this option.

policy_type = replication

No help text available for this option.

account_listing_limit = 10000

The default (and maximum) number of items returned for an account listing request.

container_listing_limit = 10000

The default (and maximum) number of items returned for a container listing request.

extra_header_count = 0

By default the maximum number of allowed headers depends on the number of max allowed metadata settings plus a default value of 32 for regular http headers. If for some reason this is not enough (custom middleware for example) it can be increased with the extra_header_count constraint.

max_account_name_length = 256

The maximum number of bytes in the utf8 encoding of an account name.

max_container_name_length = 256

The maximum number of bytes in the utf8 encoding of a container name.

max_file_size = 5368709122

The largest normal object that can be saved in the cluster. This is also the limit on the size of each segment of a large object when using the large object manifest support. This value is set in bytes. Setting it to lower than 1MiB will cause some tests to fail. It is STRONGLY recommended to leave this value at the default (5 * 2**30 + 2).

max_header_size = 8192

The max number of bytes in the utf8 encoding of each header. Using 8192 as default because eventlet use 8192 as maximum size of header line. You may need to increase this value when using identity v3 API tokens including more than 7 catalog entries. See also include_service_catalog in proxy-server.conf-sample (documented in overview_auth.rst).

max_meta_count = 90

The max number of metadata keys that can be stored on a single account, container, or object.

max_meta_name_length = 128

The max number of bytes in the utf8 encoding of the name portion of a metadata header.

max_meta_overall_size = 4096

The max number of bytes in the utf8 encoding of the metadata (keys + values).

max_meta_value_length = 256

The max number of bytes in the utf8 encoding of a metadata value.

max_object_name_length = 1024

The max number of bytes in the utf8 encoding of an object name.

valid_api_versions = v0,v1,v2

No help text available for this option.

swift_hash_path_prefix = changeme

A prefix used by hash_path to offer a bit more security when generating hashes for paths. It simply appends this value to all paths; if someone knows this suffix, it's easier for them to guess the hash a path will end up with. New installations are advised to set this parameter to a random secret, which would not be disclosed ouside the organization. The same secret needs to be used by all swift servers of the same cluster. Existing installations should set this parameter to an empty string.

swift_hash_path_suffix = changeme

A suffix used by hash_path to offer a bit more security when generating hashes for paths. It simply appends this value to all paths; if someone knows this suffix, it's easier for them to guess the hash a path will end up with. New installations are advised to set this parameter to a random secret, which would not be disclosed ouside the organization. The same secret needs to be used by all swift servers of the same cluster. Existing installations should set this parameter to an empty string.