Ce contenu n'est pas disponible dans la langue sélectionnée.
Appendix A. Configuration reference
As a storage administrator, you can set various options for the Ceph Object Gateway. These options contain default values. If you do not specify each option, then the default value is set automatically.
To set specific values for these options, update the configuration database by using the ceph config set client.rgw OPTION VALUE
command.
A.1. General settings
Name | Description | Type | Default |
---|---|---|---|
| Sets the location of the data files for Ceph Object Gateway. | String |
|
| Enables the specified APIs. | String |
|
| Whether the Ceph Object Gateway cache is enabled. | Boolean |
|
| The number of entries in the Ceph Object Gateway cache. | Integer |
|
|
The socket path for the domain socket. | String | N/A |
| The host for the Ceph Object Gateway instance. Can be an IP address or a hostname. | String |
|
| Port the instance listens for requests. If not specified, Ceph Object Gateway runs external FastCGI. | String | None |
|
The DNS name of the served domain. See also the | String | None |
|
The alternative value for the | String | None |
|
The alternative value for the | String | None |
|
Enable | Boolean |
|
|
The remote address parameter. For example, the HTTP field containing the remote address, or the | String |
|
| The timeout in seconds for open threads. | Integer | 600 |
|
The | Integer |
|
| The size of the thread pool. | Integer | 512 threads. |
|
The number of notification objects used for cache synchronization between different | Integer |
|
| The number of seconds before Ceph Object Gateway gives up on initialization. | Integer |
|
| The path and location of the MIME types. Used for Swift auto-detection of object types. | String |
|
| The maximum number of objects that may be handled by garbage collection in one garbage collection processing cycle. | Integer |
|
| The minimum wait time before the object may be removed and handled by garbage collection processing. | Integer |
|
| The maximum time between the beginning of two consecutive garbage collection processing cycles. | Integer |
|
| The cycle time for garbage collection processing. | Integer |
|
|
The alternate success status response for | Integer |
|
|
Whether | Boolean |
|
| The size of an object stripe for Ceph Object Gateway objects. | Integer |
|
| Add a new set of attributes that could be set on an object. These extra attributes can be set through HTTP header fields when putting the objects. If set, these attributes will return as HTTP fields when doing GET/HEAD on the object. | String | None. For example: "content_foo, content_bar" |
| Number of seconds to wait for a process before exiting unconditionally. | Integer |
|
| The window size in bytes for a single object request. | Integer |
|
| The maximum request size of a single get operation sent to the Ceph Storage Cluster. | Integer |
|
| Enables relaxed S3 bucket names rules for zone group buckets. | Boolean |
|
| The maximum number of buckets to retrieve in a single operation when listing user buckets. | Integer |
|
|
The number of shards for the bucket index object. A value of
This variable should be set in the | Integer |
|
|
The timeout in milliseconds for certain | Integer |
|
| Enables output of object progress during long copy operations. | Boolean |
|
| The minimum bytes between copy progress output. | Integer |
|
| The entry point for an admin request URL. | String |
|
| Enable compatibility handling of FCGI requests with both CONTENT_LENGTH AND HTTP_CONTENT_LENGTH set. | Boolean |
|
| The default maximum number of objects per bucket. This value is set on new users if no other quota is specified. It has no effect on existing users.
This variable should be set in the | Integer |
|
| The amount of time in seconds cached quota information is trusted. After this timeout, the quota information will be re-fetched from the cluster. | Integer | 600 |
| The amount of time in seconds bucket quota information is accumulated before syncing to the cluster. During this time, other RGW instances will not see the changes in bucket quota stats from operations on this instance. | Integer | 180 |
| The amount of time in seconds user quota information is accumulated before syncing to the cluster. During this time, other RGW instances will not see the changes in user quota stats from operations on this instance. | Integer | 3600 * 24 |
| A zone parameter to determine whether or not the gateway logs the metadata operations. | Boolean |
|
| A zone parameter to determine whether or not the gateway logs the data operations. | Boolean |
|
|
A | Boolean |
|
A.2. About pools
Ceph zones map to a series of Ceph Storage Cluster pools.
Manually Created Pools vs. Generated Pools
If the user key for the Ceph Object Gateway contains write capabilities, the gateway has the ability to create pools automatically. This is convenient for getting started. However, the Ceph Object Storage Cluster uses the placement group default values unless they were set in the Ceph configuration file. Additionally, Ceph will use the default CRUSH hierarchy. These settings are NOT ideal for production systems.
The default pools for the Ceph Object Gateway’s default zone include:
-
.rgw.root
-
.default.rgw.control
-
.default.rgw.meta
-
.default.rgw.log
-
.default.rgw.buckets.index
-
.default.rgw.buckets.data
-
.default.rgw.buckets.non-ec
The Ceph Object Gateway creates pools on a per zone basis. If you create the pools manually, prepend the zone name. The system pools store objects related to, for example, system control, logging, and user information. By convention, these pool names have the zone name prepended to the pool name.
-
.<zone-name>.rgw.control
: The control pool. -
.<zone-name>.log
: The log pool contains logs of all bucket/container and object actions, such as create, read, update, and delete. -
.<zone-name>.rgw.buckets.index
: This pool stores the index of the buckets. -
.<zone-name>.rgw.buckets.data
: This pool stores the data of the buckets. -
.<zone-name>.rgw.meta
: The metadata pool storesuser_keys
and other critical metadata. -
.<zone-name>.meta:users.uid
: The user ID pool contains a map of unique user IDs. -
.<zone-name>.meta:users.keys
: The keys pool contains access keys and secret keys for each user ID. -
.<zone-name>.meta:users.email
: The email pool contains email addresses associated with a user ID. -
.<zone-name>.meta:users.swift
: The Swift pool contains the Swift subuser information for a user ID.
Ceph Object Gateways store data for the bucket index (index_pool
) and bucket data (data_pool
) in placement pools. These may overlap; that is, you may use the same pool for the index and the data. The index pool for default placement is {zone-name}.rgw.buckets.index
and for the data pool for default placement is {zone-name}.rgw.buckets
.
Name | Description | Type | Default |
---|---|---|---|
| The pool for storing all zone group-specific information. | String |
|
| The pool for storing zone-specific information. | String |
|
A.3. Lifecycle settings
As a storage administrator, you can set various bucket lifecycle options for a Ceph Object Gateway. These options contain default values. If you do not specify each option, then the default value is set automatically.
To set specific values for these options, update the configuration database by using the ceph config set client.rgw OPTION VALUE
command.
Name | Description | Type | Default |
---|---|---|---|
| For developer use only to debug lifecycle rules by scaling expiration rules from days into an interval in seconds. Red Hat recommends that this option not be used in a production cluster. | Integer |
|
| The timeout value used internally by the Ceph Object Gateway. | Integer |
|
| Controls the sharding of the RADOS Gateway internal lifecycle work queues, and should only be set as part of a deliberate resharding workflow. Red Hat recommends not changing this setting after the setup of your cluster, without first contacting Red Hat support. | Integer |
|
| The number of lifecycle rules to include in one, per bucket, lifecycle configuration document. The Amazon Web Service (AWS) limit is 1000 rules. | Integer |
|
| The number of lifecycle worker threads to run in parallel, processing bucket and index shards simultaneously. Red Hat does not recommend setting a value larger than 10 without contacting Red Hat support. | Integer |
|
| The number of buckets that each lifecycle worker thread can process in parallel. Red Hat does not recommend setting a value larger than 10 without contacting Red Hat Support. | Integer |
|
| A delay, in milliseconds, that can be injected into shard processing at several points. The default value is 0. Setting a value from 10 to 100 ms would reduce CPU utilization on RADOS Gateway instances and reduce the proportion of workload capacity of lifecycle threads relative to ingest if saturation is being observed. | Integer |
|
A.4. Swift settings
Name | Description | Type | Default |
---|---|---|---|
| Enforces the Swift Access Control List (ACL) settings. | Boolean |
|
| The time in seconds for expiring a Swift token. | Integer |
|
| The URL for the Ceph Object Gateway Swift API. | String | None |
|
The URL prefix for the Swift API, for example, |
| N/A |
| Default URL for verifying v1 auth tokens (if not using internal Swift auth). | String | None |
| The entry point for a Swift auth URL. | String |
|
A.5. Logging settings
Name | Description | Type | Default |
---|---|---|---|
|
Low level D3N logs can be enabled by the | Integer |
|
| Enables Ceph Object Gateway to log a request for a non-existent bucket. | Boolean |
|
| The logging format for an object name. See manpage date for details about format specifiers. | Date |
|
|
Whether a logged object name includes a UTC time. If | Boolean |
|
| The maximum number of shards for usage logging. | Integer |
|
| The maximum number of shards used for a single user’s usage logging. | Integer |
|
| Enable logging for each successful Ceph Object Gateway operation. | Boolean |
|
| Enable the usage log. | Boolean |
|
| Whether the operations log should be written to the Ceph Storage Cluster backend. | Boolean |
|
| The Unix domain socket for writing operations logs. | String | None |
| The maximum data backlog data size for operations logs written to a Unix domain socket. | Integer |
|
| The number of dirty merged entries in the usage log before flushing synchronously. | Integer | 1024 |
|
Flush pending usage log data every | Integer |
|
| The logging format for the intent log object name. See manpage date for details about format specifiers. | Date |
|
|
Whether the intent log object name includes a UTC time. If | Boolean |
|
| The data log entries window in seconds. | Integer |
|
| The number of in-memory entries to hold for the data changes log. | Integer |
|
| The number of shards (objects) on which to keep the data changes log. NOTE: Changing the value is not supported. | Integer |
|
| The object name prefix for the data log. | String |
|
| The object name prefix for the replica log. | String |
|
| The maximum number of shards for the metadata log. | Integer |
|
| Comma-delimited list of HTTP headers to include with ops log entries. Header names are case insensitive, and use the full header name with words separated by underscores. | String | None |
A.6. Keystone settings
Name | Description | Type | Default |
---|---|---|---|
| The URL for the Keystone server. | String | None |
| The Keystone admin token (shared secret). | String | None |
| The roles required to serve requests. | String |
|
| The maximum number of entries in each Keystone token cache. | Integer |
|
A.7. Keystone integration configuration options
You can integrate your configuration options into Keystone. See below for a detailed description of the available Keystone integration configuration options:
After updating the Ceph configuration file, you must copy the new Ceph configuration file to all Ceph nodes in the storage cluster.
rgw_s3_auth_use_keystone
- Description
-
If set to
true
, the Ceph Object Gateway will authenticate users using Keystone. - Type
- Boolean
- Default
-
false
nss_db_path
- Description
- The path to the NSS database.
- Type
- String
- Default
-
""
rgw_keystone_url
- Description
- The URL for the administrative RESTful API on the Keystone server.
- Type
- String
- Default
-
""
rgw_keystone_admin_token
- Description
- The token or shared secret that is configured internally in Keystone for administrative requests.
- Type
- String
- Default
-
""
rgw_keystone_admin_user
- Description
- The keystone admin user name.
- Type
- String
- Default
-
""
rgw_keystone_admin_password
- Description
- The keystone admin user password.
- Type
- String
- Default
-
""
rgw_keystone_admin_tenant
- Description
- The Keystone admin user tenant for keystone v2.0.
- Type
- String
- Default
-
""
rgw_keystone_admin_project
- Description
- the keystone admin user project for keystone v3.
- Type
- String
- Default
-
""
rgw_trust_forwarded_https
- Description
- When a proxy in front of the Ceph Object Gateway is used for SSL termination, it does not whether incoming http connections are secure. Enable this option to trust the forwarded and X-forwarded headers sent by the proxy when determining when the connection is secure. This is mainly required for server-side encryption.
- Type
- Boolean
- Default
-
false
rgw_swift_account_in_url
- Description
-
Whether the Swift account is encoded in the URL path. You must set this option to
true
and update the Keystone service catalog if you want the Ceph Object Gateway to support publicly-readable containers and temporary URLs. - Type
- Boolean
- Default
-
false
rgw_keystone_admin_domain
- Description
- The Keystone admin user domain.
- Type
- String
- Default
-
""
rgw_keystone_api_version
- Description
-
The version of the Keystone API to use. Valid options are
2
or3
. - Type
- Integer
- Default
-
2
rgw_keystone_accepted_roles
- Description
- The roles required to serve requests.
- Type
- String
- Default
-
member, Member, admin
,
rgw_keystone_accepted_admin_roles
- Description
- The list of roles allowing a user to gain administrative privileges.
- Type
- String
- Default
-
ResellerAdmin, swiftoperator
rgw_keystone_token_cache_size
- Description
- The maximum number of entries in the Keystone token cache.
- Type
- Integer
- Default
-
10000
rgw_keystone_verify_ssl
- Description
-
If
true
Ceph will try to verify Keystone’s SSL certificate. - Type
- Boolean
- Default
-
true
rgw_keystone_implicit_tenants
- Description
-
Create new users in their own tenants of the same name. Set this to
true
orfalse
under most circumstances. For compatibility with previous versions of Red Hat Ceph Storage, it is also possible to set this tos3
orswift
. This has the effect of splitting the identity space such that only the indicated protocol will use implicit tenants. Some older versions of Red Hat Ceph Storage only supported implicit tenants with Swift. - Type
- String
- Default
-
false
rgw_max_attr_name_len
- Description
- The maximum length of metadata name. 0 skips the check.
- Type
- Size
- Default
-
0
rgw_max_attrs_num_in_req
- Description
- The maximum number of metadata items that can be put with a single request.
- Type
- uint
- Default
-
0
rgw_max_attr_size
- Description
- The maximum length of metadata value. 0 skips the check
- Type
- Size
- Default
-
0
rgw_swift_versioning_enabled
- Description
- Enable Swift versioning.
- Type
- Boolean
- Default
-
0
or1
rgw_keystone_accepted_reader_roles
- Description
- List of roles that can only be used for reads.
- Type
- String
- Default
-
""
rgw_swift_enforce_content_length
- Description
- Send content length when listing containers
- Type
- String
- Default
-
false`
A.8. LDAP settings
Name | Description | Type | Example |
---|---|---|---|
| A space-separated list of LDAP servers in URI format. | String |
|
| The LDAP search domain name, also known as base domain. | String |
|
| The gateway will bind with this LDAP entry (user match). | String |
|
|
A file containing credentials for | String |
|
| LDAP attribute containing Ceph object gateway user names (to form binddns). | String |
|