1 [DEFAULT] |
1 [DEFAULT] |
2 # bind_ip = 0.0.0.0 |
2 # bind_ip = 0.0.0.0 |
3 # bind_port = 80 |
3 bind_port = 8080 |
4 # bind_timeout = 30 |
4 # bind_timeout = 30 |
5 # backlog = 4096 |
5 # backlog = 4096 |
6 # swift_dir = /etc/swift |
6 # swift_dir = /etc/swift |
7 # user = swift |
7 # user = swift |
8 # |
8 |
|
9 # Enables exposing configuration settings via HTTP GET /info. |
|
10 # expose_info = true |
|
11 |
|
12 # Key to use for admin calls that are HMAC signed. Default is empty, |
|
13 # which will disable admin calls to /info. |
|
14 # admin_key = secret_admin_key |
|
15 # |
|
16 # Allows the ability to withhold sections from showing up in the public calls |
|
17 # to /info. You can withhold subsections by separating the dict level with a |
|
18 # ".". The following would cause the sections 'container_quotas' and 'tempurl' |
|
19 # to not be listed, and the key max_failed_deletes would be removed from |
|
20 # bulk_delete. Default is empty, allowing all registered fetures to be listed |
|
21 # via HTTP GET /info. |
|
22 # disallowed_sections = container_quotas, tempurl, bulk_delete.max_failed_deletes |
|
23 |
9 # Use an integer to override the number of pre-forked processes that will |
24 # Use an integer to override the number of pre-forked processes that will |
10 # accept connections. Should default to the number of effective cpu |
25 # accept connections. Should default to the number of effective cpu |
11 # cores in the system. It's worth noting that individual workers will |
26 # cores in the system. It's worth noting that individual workers will |
12 # use many eventlet co-routines to service multiple concurrent requests. |
27 # use many eventlet co-routines to service multiple concurrent requests. |
13 # workers = auto |
28 # workers = auto |
18 # Set the following two lines to enable SSL. This is for testing only. |
33 # Set the following two lines to enable SSL. This is for testing only. |
19 # cert_file = /etc/swift/proxy.crt |
34 # cert_file = /etc/swift/proxy.crt |
20 # key_file = /etc/swift/proxy.key |
35 # key_file = /etc/swift/proxy.key |
21 # |
36 # |
22 # expiring_objects_container_divisor = 86400 |
37 # expiring_objects_container_divisor = 86400 |
|
38 # expiring_objects_account_name = expiring_objects |
23 # |
39 # |
24 # You can specify default log routing here if you want: |
40 # You can specify default log routing here if you want: |
25 # log_name = swift |
41 # log_name = swift |
26 # log_facility = LOG_LOCAL0 |
42 # log_facility = LOG_LOCAL0 |
27 # log_level = INFO |
43 # log_level = INFO |
28 # log_headers = false |
44 # log_headers = false |
29 # log_address = /dev/log |
45 # log_address = /dev/log |
|
46 # The following caps the length of log lines to the value given; no limit if |
|
47 # set to 0, the default. |
|
48 # log_max_line_length = 0 |
30 # |
49 # |
31 # This optional suffix (default is empty) that would be appended to the swift transaction |
50 # This optional suffix (default is empty) that would be appended to the swift transaction |
32 # id allows one to easily figure out from which cluster that X-Trans-Id belongs to. |
51 # id allows one to easily figure out from which cluster that X-Trans-Id belongs to. |
33 # This is very useful when one is managing more than one swift cluster. |
52 # This is very useful when one is managing more than one swift cluster. |
34 # trans_id_suffix = |
53 # trans_id_suffix = |
67 # set log_address = /dev/log |
87 # set log_address = /dev/log |
68 # |
88 # |
69 # log_handoffs = true |
89 # log_handoffs = true |
70 # recheck_account_existence = 60 |
90 # recheck_account_existence = 60 |
71 # recheck_container_existence = 60 |
91 # recheck_container_existence = 60 |
72 # object_chunk_size = 8192 |
92 # object_chunk_size = 65536 |
73 # client_chunk_size = 8192 |
93 # client_chunk_size = 65536 |
|
94 # |
|
95 # How long the proxy server will wait on responses from the a/c/o servers. |
74 # node_timeout = 10 |
96 # node_timeout = 10 |
|
97 # |
|
98 # How long the proxy server will wait for an initial response and to read a |
|
99 # chunk of data from the object servers while serving GET / HEAD requests. |
|
100 # Timeouts from these requests can be recovered from so setting this to |
|
101 # something lower than node_timeout would provide quicker error recovery |
|
102 # while allowing for a longer timeout for non-recoverable requests (PUTs). |
|
103 # Defaults to node_timeout, should be overriden if node_timeout is set to a |
|
104 # high number to prevent client timeouts from firing before the proxy server |
|
105 # has a chance to retry. |
|
106 # recoverable_node_timeout = node_timeout |
|
107 # |
75 # conn_timeout = 0.5 |
108 # conn_timeout = 0.5 |
|
109 # |
|
110 # How long to wait for requests to finish after a quorum has been established. |
|
111 # post_quorum_timeout = 0.5 |
76 # |
112 # |
77 # How long without an error before a node's error count is reset. This will |
113 # How long without an error before a node's error count is reset. This will |
78 # also be how long before a node is reenabled after suppression is triggered. |
114 # also be how long before a node is reenabled after suppression is triggered. |
79 # error_suppression_interval = 60 |
115 # error_suppression_interval = 60 |
80 # |
116 # |
111 # Prefix used when automatically creating accounts. |
147 # Prefix used when automatically creating accounts. |
112 # auto_create_account_prefix = . |
148 # auto_create_account_prefix = . |
113 # |
149 # |
114 # Depth of the proxy put queue. |
150 # Depth of the proxy put queue. |
115 # put_queue_depth = 10 |
151 # put_queue_depth = 10 |
116 # |
|
117 # Start rate-limiting object segment serving after the Nth segment of a |
|
118 # segmented object. |
|
119 # rate_limit_after_segment = 10 |
|
120 # |
|
121 # Once segment rate-limiting kicks in for an object, limit segments served |
|
122 # to N per second. |
|
123 # rate_limit_segments_per_sec = 1 |
|
124 # |
152 # |
125 # Storage nodes can be chosen at random (shuffle), by using timing |
153 # Storage nodes can be chosen at random (shuffle), by using timing |
126 # measurements (timing), or by using an explicit match (affinity). |
154 # measurements (timing), or by using an explicit match (affinity). |
127 # Using timing measurements may allow for lower overall latency, while |
155 # Using timing measurements may allow for lower overall latency, while |
128 # using affinity allows for finer control. In both the timing and |
156 # using affinity allows for finer control. In both the timing and |
133 # |
161 # |
134 # If the "timing" sorting_method is used, the timings will only be valid for |
162 # If the "timing" sorting_method is used, the timings will only be valid for |
135 # the number of seconds configured by timing_expiry. |
163 # the number of seconds configured by timing_expiry. |
136 # timing_expiry = 300 |
164 # timing_expiry = 300 |
137 # |
165 # |
138 # If set to false will treat objects with X-Static-Large-Object header set |
|
139 # as a regular object on GETs, i.e. will return that object's contents. Should |
|
140 # be set to false if slo is not used in pipeline. |
|
141 # allow_static_large_object = true |
|
142 # |
|
143 # The maximum time (seconds) that a large object connection is allowed to last. |
166 # The maximum time (seconds) that a large object connection is allowed to last. |
144 # max_large_object_get_time = 86400 |
167 # max_large_object_get_time = 86400 |
145 # |
168 # |
146 # Set to the number of nodes to contact for a normal request. You can use |
169 # Set to the number of nodes to contact for a normal request. You can use |
147 # '* replicas' at the end to have it use the number given times the number of |
170 # '* replicas' at the end to have it use the number given times the number of |
178 # write_affinity_node_count = 2 * replicas |
201 # write_affinity_node_count = 2 * replicas |
179 # |
202 # |
180 # These are the headers whose values will only be shown to swift_owners. The |
203 # These are the headers whose values will only be shown to swift_owners. The |
181 # exact definition of a swift_owner is up to the auth system in use, but |
204 # exact definition of a swift_owner is up to the auth system in use, but |
182 # usually indicates administrative responsibilities. |
205 # usually indicates administrative responsibilities. |
183 # swift_owner_headers = x-container-read, x-container-write, x-container-sync-key, x-container-sync-to, x-account-meta-temp-url-key, x-account-meta-temp-url-key-2 |
206 # swift_owner_headers = x-container-read, x-container-write, x-container-sync-key, x-container-sync-to, x-account-meta-temp-url-key, x-account-meta-temp-url-key-2, x-account-access-control |
184 |
|
185 |
207 |
186 [filter:tempauth] |
208 [filter:tempauth] |
187 use = egg:swift#tempauth |
209 use = egg:swift#tempauth |
188 # You can override the default log routing for this filter here: |
210 # You can override the default log routing for this filter here: |
189 # set log_name = tempauth |
211 # set log_name = tempauth |
242 # You'll need to have as well the keystoneauth middleware enabled |
264 # You'll need to have as well the keystoneauth middleware enabled |
243 # and have it in your main pipeline so instead of having tempauth in |
265 # and have it in your main pipeline so instead of having tempauth in |
244 # there you can change it to: authtoken keystoneauth |
266 # there you can change it to: authtoken keystoneauth |
245 # |
267 # |
246 [filter:authtoken] |
268 [filter:authtoken] |
247 paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory |
269 paste.filter_factory = keystonemiddleware.auth_token:filter_factory |
248 auth_uri = http://127.0.0.1:5000/ |
270 auth_uri = http://127.0.0.1:5000/ |
249 identity_uri = http://127.0.0.1:35357 |
271 identity_uri = http://127.0.0.1:35357/ |
250 admin_tenant_name = %SERVICE_TENANT_NAME% |
272 admin_tenant_name = %SERVICE_TENANT_NAME% |
251 admin_user = %SERVICE_USER% |
273 admin_user = %SERVICE_USER% |
252 admin_password = %SERVICE_PASSWORD% |
274 admin_password = %SERVICE_PASSWORD% |
253 delay_auth_decision = 1 |
275 delay_auth_decision = 1 |
254 cache = swift.cache |
276 cache = swift.cache |
260 # Operator roles is the role which user would be allowed to manage a |
282 # Operator roles is the role which user would be allowed to manage a |
261 # tenant and be able to create container or give ACL to others. |
283 # tenant and be able to create container or give ACL to others. |
262 # operator_roles = admin, swiftoperator |
284 # operator_roles = admin, swiftoperator |
263 # The reseller admin role has the ability to create and delete accounts |
285 # The reseller admin role has the ability to create and delete accounts |
264 # reseller_admin_role = ResellerAdmin |
286 # reseller_admin_role = ResellerAdmin |
|
287 # For backwards compatibility, keystoneauth will match names in cross-tenant |
|
288 # access control lists (ACLs) when both the requesting user and the tenant |
|
289 # are in the default domain i.e the domain to which existing tenants are |
|
290 # migrated. The default_domain_id value configured here should be the same as |
|
291 # the value used during migration of tenants to keystone domains. |
|
292 # default_domain_id = default |
|
293 # For a new installation, or an installation in which keystone projects may |
|
294 # move between domains, you should disable backwards compatible name matching |
|
295 # in ACLs by setting allow_names_in_acls to false: |
|
296 # allow_names_in_acls = true |
265 |
297 |
266 [filter:healthcheck] |
298 [filter:healthcheck] |
267 use = egg:swift#healthcheck |
299 use = egg:swift#healthcheck |
268 # An optional filesystem path, which if present, will cause the healthcheck |
300 # An optional filesystem path, which if present, will cause the healthcheck |
269 # URL to return "503 Service Unavailable" with a body of "DISABLED BY FILE". |
301 # URL to return "503 Service Unavailable" with a body of "DISABLED BY FILE". |
296 # To avoid an instant full cache flush, existing installations should |
328 # To avoid an instant full cache flush, existing installations should |
297 # upgrade with 0, then set to 1 and reload, then after some time (24 hours) |
329 # upgrade with 0, then set to 1 and reload, then after some time (24 hours) |
298 # set to 2 and reload. |
330 # set to 2 and reload. |
299 # In the future, the ability to use pickle serialization will be removed. |
331 # In the future, the ability to use pickle serialization will be removed. |
300 # memcache_serialization_support = 2 |
332 # memcache_serialization_support = 2 |
|
333 # |
|
334 # Sets the maximum number of connections to each memcached server per worker |
|
335 # memcache_max_connections = 2 |
301 |
336 |
302 [filter:ratelimit] |
337 [filter:ratelimit] |
303 use = egg:swift#ratelimit |
338 use = egg:swift#ratelimit |
304 # You can override the default log routing for this filter here: |
339 # You can override the default log routing for this filter here: |
305 # set log_name = ratelimit |
340 # set log_name = ratelimit |
373 # set log_facility = LOG_LOCAL0 |
408 # set log_facility = LOG_LOCAL0 |
374 # set log_level = INFO |
409 # set log_level = INFO |
375 # set log_headers = false |
410 # set log_headers = false |
376 # set log_address = /dev/log |
411 # set log_address = /dev/log |
377 # |
412 # |
|
413 # Specify the storage_domain that match your cloud, multiple domains |
|
414 # can be specified separated by a comma |
378 # storage_domain = example.com |
415 # storage_domain = example.com |
|
416 # |
379 # lookup_depth = 1 |
417 # lookup_depth = 1 |
380 |
418 |
381 # Note: Put staticweb just after your auth filter(s) in the pipeline |
419 # Note: Put staticweb just after your auth filter(s) in the pipeline |
382 [filter:staticweb] |
420 [filter:staticweb] |
383 use = egg:swift#staticweb |
421 use = egg:swift#staticweb |
384 |
422 |
385 # Note: Put tempurl just before your auth filter(s) in the pipeline |
423 # Note: Put tempurl before dlo, slo and your auth filter(s) in the pipeline |
386 [filter:tempurl] |
424 [filter:tempurl] |
387 use = egg:swift#tempurl |
425 use = egg:swift#tempurl |
388 # The methods allowed with Temp URLs. |
426 # The methods allowed with Temp URLs. |
389 # methods = GET HEAD PUT |
427 # methods = GET HEAD PUT POST DELETE |
390 # |
428 # |
391 # The headers to remove from incoming requests. Simply a whitespace delimited |
429 # The headers to remove from incoming requests. Simply a whitespace delimited |
392 # list of header names and names can optionally end with '*' to indicate a |
430 # list of header names and names can optionally end with '*' to indicate a |
393 # prefix match. incoming_allow_headers is a list of exceptions to these |
431 # prefix match. incoming_allow_headers is a list of exceptions to these |
394 # removals. |
432 # removals. |
442 # access_log_statsd_port = 8125 |
480 # access_log_statsd_port = 8125 |
443 # access_log_statsd_default_sample_rate = 1.0 |
481 # access_log_statsd_default_sample_rate = 1.0 |
444 # access_log_statsd_sample_rate_factor = 1.0 |
482 # access_log_statsd_sample_rate_factor = 1.0 |
445 # access_log_statsd_metric_prefix = |
483 # access_log_statsd_metric_prefix = |
446 # access_log_headers = false |
484 # access_log_headers = false |
|
485 # |
|
486 # If access_log_headers is True and access_log_headers_only is set only |
|
487 # these headers are logged. Multiple headers can be defined as comma separated |
|
488 # list like this: access_log_headers_only = Host, X-Object-Meta-Mtime |
|
489 # access_log_headers_only = |
447 # |
490 # |
448 # By default, the X-Auth-Token is logged. To obscure the value, |
491 # By default, the X-Auth-Token is logged. To obscure the value, |
449 # set reveal_sensitive_prefix to the number of characters to log. |
492 # set reveal_sensitive_prefix to the number of characters to log. |
450 # For example, if set to 12, only the first 12 characters of the |
493 # For example, if set to 12, only the first 12 characters of the |
451 # token appear in the log. An unauthorized access of the log file |
494 # token appear in the log. An unauthorized access of the log file |
453 # 12 or so characters is unique enough that you can trace/debug |
496 # 12 or so characters is unique enough that you can trace/debug |
454 # token usage. Set to 0 to suppress the token completely (replaced |
497 # token usage. Set to 0 to suppress the token completely (replaced |
455 # by '...' in the log). |
498 # by '...' in the log). |
456 # Note: reveal_sensitive_prefix will not affect the value |
499 # Note: reveal_sensitive_prefix will not affect the value |
457 # logged with access_log_headers=True. |
500 # logged with access_log_headers=True. |
458 # reveal_sensitive_prefix = 8192 |
501 # reveal_sensitive_prefix = 16 |
459 # |
502 # |
460 # What HTTP methods are allowed for StatsD logging (comma-sep); request methods |
503 # What HTTP methods are allowed for StatsD logging (comma-sep); request methods |
461 # not in this list will have "BAD_METHOD" for the <verb> portion of the metric. |
504 # not in this list will have "BAD_METHOD" for the <verb> portion of the metric. |
462 # log_statsd_valid_http_methods = GET,HEAD,POST,PUT,DELETE,COPY,OPTIONS |
505 # log_statsd_valid_http_methods = GET,HEAD,POST,PUT,DELETE,COPY,OPTIONS |
463 # |
506 # |
471 [filter:bulk] |
514 [filter:bulk] |
472 use = egg:swift#bulk |
515 use = egg:swift#bulk |
473 # max_containers_per_extraction = 10000 |
516 # max_containers_per_extraction = 10000 |
474 # max_failed_extractions = 1000 |
517 # max_failed_extractions = 1000 |
475 # max_deletes_per_request = 10000 |
518 # max_deletes_per_request = 10000 |
476 # yield_frequency = 60 |
519 # max_failed_deletes = 1000 |
|
520 |
|
521 # In order to keep a connection active during a potentially long bulk request, |
|
522 # Swift may return whitespace prepended to the actual response body. This |
|
523 # whitespace will be yielded no more than every yield_frequency seconds. |
|
524 # yield_frequency = 10 |
|
525 |
|
526 # Note: The following parameter is used during a bulk delete of objects and |
|
527 # their container. This would frequently fail because it is very likely |
|
528 # that all replicated objects have not been deleted by the time the middleware got a |
|
529 # successful response. It can be configured the number of retries. And the |
|
530 # number of seconds to wait between each retry will be 1.5**retry |
|
531 |
|
532 # delete_container_retry_count = 0 |
477 |
533 |
478 # Note: Put after auth in the pipeline. |
534 # Note: Put after auth in the pipeline. |
479 [filter:container-quotas] |
535 [filter:container-quotas] |
480 use = egg:swift#container_quotas |
536 use = egg:swift#container_quotas |
481 |
537 |
482 # Note: Put before both ratelimit and auth in the pipeline. |
538 # Note: Put after auth and staticweb in the pipeline. |
483 [filter:slo] |
539 [filter:slo] |
484 use = egg:swift#slo |
540 use = egg:swift#slo |
485 # max_manifest_segments = 1000 |
541 # max_manifest_segments = 1000 |
486 # max_manifest_size = 2097152 |
542 # max_manifest_size = 2097152 |
487 # min_segment_size = 1048576 |
543 # min_segment_size = 1048576 |
|
544 # Start rate-limiting SLO segment serving after the Nth segment of a |
|
545 # segmented object. |
|
546 # rate_limit_after_segment = 10 |
|
547 # |
|
548 # Once segment rate-limiting kicks in for an object, limit segments served |
|
549 # to N per second. 0 means no rate-limiting. |
|
550 # rate_limit_segments_per_sec = 0 |
|
551 # |
|
552 # Time limit on GET requests (seconds) |
|
553 # max_get_time = 86400 |
|
554 |
|
555 # Note: Put after auth and staticweb in the pipeline. |
|
556 # If you don't put it in the pipeline, it will be inserted for you. |
|
557 [filter:dlo] |
|
558 use = egg:swift#dlo |
|
559 # Start rate-limiting DLO segment serving after the Nth segment of a |
|
560 # segmented object. |
|
561 # rate_limit_after_segment = 10 |
|
562 # |
|
563 # Once segment rate-limiting kicks in for an object, limit segments served |
|
564 # to N per second. 0 means no rate-limiting. |
|
565 # rate_limit_segments_per_sec = 1 |
|
566 # |
|
567 # Time limit on GET requests (seconds) |
|
568 # max_get_time = 86400 |
488 |
569 |
489 [filter:account-quotas] |
570 [filter:account-quotas] |
490 use = egg:swift#account_quotas |
571 use = egg:swift#account_quotas |
|
572 |
|
573 [filter:gatekeeper] |
|
574 use = egg:swift#gatekeeper |
|
575 # You can override the default log routing for this filter here: |
|
576 # set log_name = gatekeeper |
|
577 # set log_facility = LOG_LOCAL0 |
|
578 # set log_level = INFO |
|
579 # set log_headers = false |
|
580 # set log_address = /dev/log |
|
581 |
|
582 [filter:container_sync] |
|
583 use = egg:swift#container_sync |
|
584 # Set this to false if you want to disallow any full url values to be set for |
|
585 # any new X-Container-Sync-To headers. This will keep any new full urls from |
|
586 # coming in, but won't change any existing values already in the cluster. |
|
587 # Updating those will have to be done manually, as knowing what the true realm |
|
588 # endpoint should be cannot always be guessed. |
|
589 # allow_full_urls = true |
|
590 # Set this to specify this clusters //realm/cluster as "current" in /info |
|
591 # current = //REALM/CLUSTER |
|
592 |
|
593 # Note: Put it at the beginning of the pipleline to profile all middleware. But |
|
594 # it is safer to put this after catch_errors, gatekeeper and healthcheck. |
|
595 [filter:xprofile] |
|
596 use = egg:swift#xprofile |
|
597 # This option enable you to switch profilers which should inherit from python |
|
598 # standard profiler. Currently the supported value can be 'cProfile', |
|
599 # 'eventlet.green.profile' etc. |
|
600 # profile_module = eventlet.green.profile |
|
601 # |
|
602 # This prefix will be used to combine process ID and timestamp to name the |
|
603 # profile data file. Make sure the executing user has permission to write |
|
604 # into this path (missing path segments will be created, if necessary). |
|
605 # If you enable profiling in more than one type of daemon, you must override |
|
606 # it with an unique value like: /var/log/swift/profile/proxy.profile |
|
607 # log_filename_prefix = /tmp/log/swift/profile/default.profile |
|
608 # |
|
609 # the profile data will be dumped to local disk based on above naming rule |
|
610 # in this interval. |
|
611 # dump_interval = 5.0 |
|
612 # |
|
613 # Be careful, this option will enable profiler to dump data into the file with |
|
614 # time stamp which means there will be lots of files piled up in the directory. |
|
615 # dump_timestamp = false |
|
616 # |
|
617 # This is the path of the URL to access the mini web UI. |
|
618 # path = /__profile__ |
|
619 # |
|
620 # Clear the data when the wsgi server shutdown. |
|
621 # flush_at_shutdown = false |
|
622 # |
|
623 # unwind the iterator of applications |
|
624 # unwind = false |