10.2. Object Storage general service configuration
Most Object Storage services fall into two categories: Object Storage WSGI servers and background daemons.
Object Storage uses paste.deploy to manage server configurations. Read more at http://pythonpaste.org/deploy/.
Default configuration options are set in the `[DEFAULT]` section, and any options specified there can be overridden in any of the other sections when the syntax
set option_name = value
is in place.
Configuration for servers and daemons can be expressed together in the same file for each type of server, or separately. If a required section for the service trying to start is missing, there will be an error. Sections not used by the service are ignored.
Consider the example of an Object Storage node. By convention configuration for the
object-server
, object-updater
, object-replicator
, and object-auditor
exist in a single file /etc/swift/object-server.conf
:
[DEFAULT] [pipeline:main] pipeline = object-server [app:object-server] use = egg:swift#object [object-replicator] reclaim_age = 259200 [object-updater] [object-auditor]
Object Storage services expect a configuration path as the first argument:
$
swift-object-auditor
Usage: swift-object-auditor CONFIG [options] Error: missing config path argument
If you omit the object-auditor section, this file cannot be used as the configuration path when starting the swift-object-auditor daemon:
$
swift-object-auditor /etc/swift/object-server.conf
Unable to find object-auditor config section in /etc/swift/object-server.conf
If the configuration path is a directory instead of a file, all of the files in the directory with the file extension ".conf" will be combined to generate the configuration object which is delivered to the Object Storage service. This is referred to generally as "directory-based configuration".
Directory-based configuration leverages ConfigParser's native multi-file support. Files ending in ".conf" in the given directory are parsed in lexicographical order. File names starting with '.' are ignored. A mixture of file and directory configuration paths is not supported - if the configuration path is a file, only that file will be parsed.
The Object Storage service management tool
swift-init
has adopted the convention of looking for /etc/swift/{type}-server.conf.d/
if the file /etc/swift/{type}-server.conf
file does not exist.
When using directory-based configuration, if the same option under the same section appears more than once in different files, the last value parsed is said to override previous occurrences. You can ensure proper override precedence by prefixing the files in the configuration directory with numerical values, as in the following example file layout:
/etc/swift/ default.base object-server.conf.d/ 000_default.conf -> ../default.base 001_default-override.conf 010_server.conf 020_replicator.conf 030_updater.conf 040_auditor.conf
You can inspect the resulting combined configuration object using the swift-config command-line tool.
All the services of an Object Store deployment share a common configuration in the
[swift-hash]
section of the /etc/swift/swift.conf
file. The swift_hash_path_suffix
and swift_hash_path_prefix
values must be identical on all the nodes.
Configuration option = Default value | Description |
---|---|
swift_hash_path_prefix = changeme
|
A prefix used by hash_path to offer a bit more security when generating hashes for paths. It simply appends this value to all paths; if someone knows this suffix, it's easier for them to guess the hash a path will end up with. New installations are advised to set this parameter to a random secret, which would not be disclosed ouside the organization. The same secret needs to be used by all swift servers of the same cluster. Existing installations should set this parameter to an empty string. |
swift_hash_path_suffix = changeme
|
A suffix used by hash_path to offer a bit more security when generating hashes for paths. It simply appends this value to all paths; if someone knows this suffix, it's easier for them to guess the hash a path will end up with. New installations are advised to set this parameter to a random secret, which would not be disclosed ouside the organization. The same secret needs to be used by all swift servers of the same cluster. Existing installations should set this parameter to an empty string. |