9eb81f6e69
Previously, the replication_server setting could take one of three states: * If unspecified, the server would handle all available methods. * If "true", "yes", "on", etc. it would only handle replication methods (REPLICATE, SSYNC). * If any other value (including blank), it would only handle non-replication methods. However, because SSYNC tunnels PUTs, POSTs, and DELETEs through the same object-server app that's responding to SSYNC, setting `replication_server = true` would break the protocol. This has been the case ever since ssync was introduced. Now, get rid of that second state -- operators can still set `replication_server = false` as a principle-of-least-privilege guard to ensure proxy-servers can't make replication requests, but replication servers will be able to serve all traffic. This will allow replication servers to be used as general internal-to-the-cluster endpoints, leaving non-replication servers to handle client-driven traffic. Closes-Bug: #1446873 Change-Id: Ica2b41a52d11cb10c94fa8ad780a201318c4fc87
308 lines
12 KiB
Plaintext
308 lines
12 KiB
Plaintext
[DEFAULT]
|
|
# bind_ip = 0.0.0.0
|
|
bind_port = 6202
|
|
# keep_idle = 600
|
|
# bind_timeout = 30
|
|
# backlog = 4096
|
|
# user = swift
|
|
# swift_dir = /etc/swift
|
|
# devices = /srv/node
|
|
# mount_check = true
|
|
# disable_fallocate = false
|
|
#
|
|
# Use an integer to override the number of pre-forked processes that will
|
|
# accept connections.
|
|
# workers = auto
|
|
#
|
|
# Maximum concurrent requests per worker
|
|
# max_clients = 1024
|
|
#
|
|
# You can specify default log routing here if you want:
|
|
# log_name = swift
|
|
# log_facility = LOG_LOCAL0
|
|
# log_level = INFO
|
|
# log_address = /dev/log
|
|
# The following caps the length of log lines to the value given; no limit if
|
|
# set to 0, the default.
|
|
# log_max_line_length = 0
|
|
#
|
|
# Hashing algorithm for log anonymization. Must be one of algorithms supported
|
|
# by Python's hashlib.
|
|
# log_anonymization_method = MD5
|
|
#
|
|
# Salt added during log anonymization
|
|
# log_anonymization_salt =
|
|
#
|
|
# Template used to format logs. All words surrounded by curly brackets
|
|
# will be substituted with the appropriate values
|
|
# log_format = {remote_addr} - - [{time.d}/{time.b}/{time.Y}:{time.H}:{time.M}:{time.S} +0000] "{method} {path}" {status} {content_length} "{referer}" "{txn_id}" "{user_agent}" {trans_time:.4f} "{additional_info}" {pid} {policy_index}
|
|
#
|
|
# comma separated list of functions to call to setup custom log handlers.
|
|
# functions get passed: conf, name, log_to_console, log_route, fmt, logger,
|
|
# adapted_logger
|
|
# log_custom_handlers =
|
|
#
|
|
# If set, log_udp_host will override log_address
|
|
# log_udp_host =
|
|
# log_udp_port = 514
|
|
#
|
|
# You can enable StatsD logging here:
|
|
# log_statsd_host =
|
|
# log_statsd_port = 8125
|
|
# log_statsd_default_sample_rate = 1.0
|
|
# log_statsd_sample_rate_factor = 1.0
|
|
# log_statsd_metric_prefix =
|
|
#
|
|
# If you don't mind the extra disk space usage in overhead, you can turn this
|
|
# on to preallocate disk space with SQLite databases to decrease fragmentation.
|
|
# db_preallocation = off
|
|
#
|
|
# Enable this option to log all sqlite3 queries (requires python >=3.3)
|
|
# db_query_logging = off
|
|
#
|
|
# eventlet_debug = false
|
|
#
|
|
# You can set fallocate_reserve to the number of bytes or percentage of disk
|
|
# space you'd like fallocate to reserve, whether there is space for the given
|
|
# file size or not. Percentage will be used if the value ends with a '%'.
|
|
# fallocate_reserve = 1%
|
|
#
|
|
# You can set scheduling priority of processes. Niceness values range from -20
|
|
# (most favorable to the process) to 19 (least favorable to the process).
|
|
# nice_priority =
|
|
#
|
|
# You can set I/O scheduling class and priority of processes. I/O niceness
|
|
# class values are IOPRIO_CLASS_RT (realtime), IOPRIO_CLASS_BE (best-effort) and
|
|
# IOPRIO_CLASS_IDLE (idle). I/O niceness priority is a number which goes from
|
|
# 0 to 7. The higher the value, the lower the I/O priority of the process.
|
|
# Work only with ionice_class.
|
|
# ionice_class =
|
|
# ionice_priority =
|
|
|
|
[pipeline:main]
|
|
pipeline = healthcheck recon account-server
|
|
|
|
[app:account-server]
|
|
use = egg:swift#account
|
|
# You can override the default log routing for this app here:
|
|
# set log_name = account-server
|
|
# set log_facility = LOG_LOCAL0
|
|
# set log_level = INFO
|
|
# set log_requests = true
|
|
# set log_address = /dev/log
|
|
#
|
|
# You can disable REPLICATE handling (default is to allow it). When deploying
|
|
# a cluster with a separate replication network, you'll want multiple
|
|
# account-server processes running: one for client-driven traffic and another
|
|
# for replication traffic. The server handling client-driven traffic may set
|
|
# this to false. If there is only one account-server process, leave this as
|
|
# true.
|
|
# replication_server = true
|
|
#
|
|
# You can set scheduling priority of processes. Niceness values range from -20
|
|
# (most favorable to the process) to 19 (least favorable to the process).
|
|
# nice_priority =
|
|
#
|
|
# You can set I/O scheduling class and priority of processes. I/O niceness
|
|
# class values are IOPRIO_CLASS_RT (realtime), IOPRIO_CLASS_BE (best-effort) and
|
|
# IOPRIO_CLASS_IDLE (idle). I/O niceness priority is a number which goes from
|
|
# 0 to 7. The higher the value, the lower the I/O priority of the process.
|
|
# Work only with ionice_class.
|
|
# ionice_class =
|
|
# ionice_priority =
|
|
#
|
|
# You can set fallocate_reserve to the number of bytes or percentage
|
|
# of disk space you'd like kept free at all times. If the disk's free
|
|
# space falls below this value, then PUT, POST, and REPLICATE requests
|
|
# will be denied until the disk ha s more space available. Percentage
|
|
# will be used if the value ends with a '%'.
|
|
# fallocate_reserve = 1%
|
|
|
|
[filter:healthcheck]
|
|
use = egg:swift#healthcheck
|
|
# An optional filesystem path, which if present, will cause the healthcheck
|
|
# URL to return "503 Service Unavailable" with a body of "DISABLED BY FILE"
|
|
# disable_path =
|
|
|
|
[filter:recon]
|
|
use = egg:swift#recon
|
|
# recon_cache_path = /var/cache/swift
|
|
|
|
[account-replicator]
|
|
# You can override the default log routing for this app here (don't use set!):
|
|
# log_name = account-replicator
|
|
# log_facility = LOG_LOCAL0
|
|
# log_level = INFO
|
|
# log_address = /dev/log
|
|
#
|
|
# Maximum number of database rows that will be sync'd in a single HTTP
|
|
# replication request. Databases with less than or equal to this number of
|
|
# differing rows will always be sync'd using an HTTP replication request rather
|
|
# than using rsync.
|
|
# per_diff = 1000
|
|
#
|
|
# Maximum number of HTTP replication requests attempted on each replication
|
|
# pass for any one container. This caps how long the replicator will spend
|
|
# trying to sync a given database per pass so the other databases don't get
|
|
# starved.
|
|
# max_diffs = 100
|
|
#
|
|
# Number of replication workers to spawn.
|
|
# concurrency = 8
|
|
#
|
|
# Time in seconds to wait between replication passes
|
|
# interval = 30
|
|
# run_pause is deprecated, use interval instead
|
|
# run_pause = 30
|
|
#
|
|
# Process at most this many databases per second
|
|
# databases_per_second = 50
|
|
#
|
|
# node_timeout = 10
|
|
# conn_timeout = 0.5
|
|
#
|
|
# The replicator also performs reclamation
|
|
# reclaim_age = 604800
|
|
#
|
|
# Allow rsync to compress data which is transmitted to destination node
|
|
# during sync. However, this is applicable only when destination node is in
|
|
# a different region than the local one.
|
|
# rsync_compress = no
|
|
#
|
|
# Format of the rsync module where the replicator will send data. See
|
|
# etc/rsyncd.conf-sample for some usage examples.
|
|
# rsync_module = {replication_ip}::account
|
|
#
|
|
# recon_cache_path = /var/cache/swift
|
|
#
|
|
# You can set scheduling priority of processes. Niceness values range from -20
|
|
# (most favorable to the process) to 19 (least favorable to the process).
|
|
# nice_priority =
|
|
#
|
|
# You can set I/O scheduling class and priority of processes. I/O niceness
|
|
# class values are IOPRIO_CLASS_RT (realtime), IOPRIO_CLASS_BE (best-effort) and
|
|
# IOPRIO_CLASS_IDLE (idle). I/O niceness priority is a number which goes from
|
|
# 0 to 7. The higher the value, the lower the I/O priority of the process.
|
|
# Work only with ionice_class.
|
|
# ionice_class =
|
|
# ionice_priority =
|
|
#
|
|
# The handoffs_only mode option is for special-case emergency
|
|
# situations such as full disks in the cluster. This option SHOULD NOT
|
|
# BE ENABLED except in emergencies. When handoffs_only mode is enabled
|
|
# the replicator will *only* replicate from handoff nodes to primary
|
|
# nodes and will not sync primary nodes with other primary nodes.
|
|
#
|
|
# This has two main effects: first, the replicator becomes much more
|
|
# effective at removing misplaced databases, thereby freeing up disk
|
|
# space at a much faster pace than normal. Second, the replicator does
|
|
# not sync data between primary nodes, so out-of-sync account and
|
|
# container listings will not resolve while handoffs_only is enabled.
|
|
#
|
|
# This mode is intended to allow operators to temporarily sacrifice
|
|
# consistency in order to gain faster rebalancing, such as during a
|
|
# capacity addition with nearly-full disks. It is not intended for
|
|
# long-term use.
|
|
#
|
|
# handoffs_only = no
|
|
|
|
[account-auditor]
|
|
# You can override the default log routing for this app here (don't use set!):
|
|
# log_name = account-auditor
|
|
# log_facility = LOG_LOCAL0
|
|
# log_level = INFO
|
|
# log_address = /dev/log
|
|
#
|
|
# Will audit each account at most once per interval
|
|
# interval = 1800
|
|
#
|
|
# accounts_per_second = 200
|
|
# recon_cache_path = /var/cache/swift
|
|
#
|
|
# You can set scheduling priority of processes. Niceness values range from -20
|
|
# (most favorable to the process) to 19 (least favorable to the process).
|
|
# nice_priority =
|
|
#
|
|
# You can set I/O scheduling class and priority of processes. I/O niceness
|
|
# class values are IOPRIO_CLASS_RT (realtime), IOPRIO_CLASS_BE (best-effort) and
|
|
# IOPRIO_CLASS_IDLE (idle). I/O niceness priority is a number which goes from
|
|
# 0 to 7. The higher the value, the lower the I/O priority of the process.
|
|
# Work only with ionice_class.
|
|
# ionice_class =
|
|
# ionice_priority =
|
|
|
|
[account-reaper]
|
|
# You can override the default log routing for this app here (don't use set!):
|
|
# log_name = account-reaper
|
|
# log_facility = LOG_LOCAL0
|
|
# log_level = INFO
|
|
# log_address = /dev/log
|
|
#
|
|
# concurrency = 25
|
|
# interval = 3600
|
|
# node_timeout = 10
|
|
# conn_timeout = 0.5
|
|
#
|
|
# Normally, the reaper begins deleting account information for deleted accounts
|
|
# immediately; you can set this to delay its work however. The value is in
|
|
# seconds; 2592000 = 30 days for example. The sum of this value and the
|
|
# container-updater interval should be less than the account-replicator
|
|
# reclaim_age. This ensures that once the account-reaper has deleted a
|
|
# container there is sufficient time for the container-updater to report to the
|
|
# account before the account DB is removed.
|
|
# delay_reaping = 0
|
|
#
|
|
# If the account fails to be reaped due to a persistent error, the
|
|
# account reaper will log a message such as:
|
|
# Account <name> has not been reaped since <date>
|
|
# You can search logs for this message if space is not being reclaimed
|
|
# after you delete account(s).
|
|
# Default is 2592000 seconds (30 days). This is in addition to any time
|
|
# requested by delay_reaping.
|
|
# reap_warn_after = 2592000
|
|
#
|
|
# You can set scheduling priority of processes. Niceness values range from -20
|
|
# (most favorable to the process) to 19 (least favorable to the process).
|
|
# nice_priority =
|
|
#
|
|
# You can set I/O scheduling class and priority of processes. I/O niceness
|
|
# class values are IOPRIO_CLASS_RT (realtime), IOPRIO_CLASS_BE (best-effort) and
|
|
# IOPRIO_CLASS_IDLE (idle). I/O niceness priority is a number which goes from
|
|
# 0 to 7. The higher the value, the lower the I/O priority of the process.
|
|
# Work only with ionice_class.
|
|
# ionice_class =
|
|
# ionice_priority =
|
|
|
|
# Note: Put it at the beginning of the pipeline to profile all middleware. But
|
|
# it is safer to put this after healthcheck.
|
|
[filter:xprofile]
|
|
use = egg:swift#xprofile
|
|
# This option enable you to switch profilers which should inherit from python
|
|
# standard profiler. Currently the supported value can be 'cProfile',
|
|
# 'eventlet.green.profile' etc.
|
|
# profile_module = eventlet.green.profile
|
|
#
|
|
# This prefix will be used to combine process ID and timestamp to name the
|
|
# profile data file. Make sure the executing user has permission to write
|
|
# into this path (missing path segments will be created, if necessary).
|
|
# If you enable profiling in more than one type of daemon, you must override
|
|
# it with an unique value like: /var/log/swift/profile/account.profile
|
|
# log_filename_prefix = /tmp/log/swift/profile/default.profile
|
|
#
|
|
# the profile data will be dumped to local disk based on above naming rule
|
|
# in this interval.
|
|
# dump_interval = 5.0
|
|
#
|
|
# Be careful, this option will enable profiler to dump data into the file with
|
|
# time stamp which means there will be lots of files piled up in the directory.
|
|
# dump_timestamp = false
|
|
#
|
|
# This is the path of the URL to access the mini web UI.
|
|
# path = /__profile__
|
|
#
|
|
# Clear the data when the wsgi server shutdown.
|
|
# flush_at_shutdown = false
|
|
#
|
|
# unwind the iterator of applications
|
|
# unwind = false
|