forked from TrueCloudLab/frostfs-s3-gw
bf38007692
Signed-off-by: Elizaveta Chichindaeva <elizaveta@nspcc.ru>
129 lines
4.8 KiB
Markdown
129 lines
4.8 KiB
Markdown
# Configuration
|
|
|
|
There are three ways to configure the S3 GW:
|
|
1. CLI parameters
|
|
2. YAML file
|
|
3. Environment variables
|
|
|
|
Everything available as a CLI parameter can also be specified via environment variables and almost everything can be
|
|
specified via `.yaml` configuration file.
|
|
|
|
But **not vice versa**, some parameters can be configured only with environment variables/configuration file.
|
|
Most of these parameters have default values, therefore, these ways to configure the gateway are optional and
|
|
basic configuration can be completed with CLI parameters only.
|
|
|
|
1. [CLI parameters](#CLI parameters)
|
|
1. [Nodes and weights](#Nodes and weights)
|
|
2. [Wallet](#Wallet)
|
|
3. [Binding and TLS](#Listening on address and TLS)
|
|
4. [RPC endpoint and resolving of bucket names](#RPC endpoint and resolving of bucket names)
|
|
5. [Processing of requests](#Processing of requests)
|
|
6. [Connection to NeoFS](#Connection to NeoFS)
|
|
7. [Monitoring and metrics](#Monitoring and metrics)
|
|
2. [YAML file and environment variables](#YAML file and environment variables)
|
|
1. [Notifications](#Notifications)
|
|
|
|
|
|
## CLI parameters
|
|
|
|
### Nodes and weights
|
|
|
|
You can specify multiple `-p` options to add more NeoFS nodes; this will make
|
|
a gateway spread requests equally among them (using weight 1 for every node):
|
|
|
|
```shell
|
|
$ neofs-s3-gw -p 192.168.130.72:8080 -p 192.168.130.71:8080
|
|
```
|
|
If you want some specific load distribution proportions, use weights and priorities, they
|
|
can only be specified via environment variables or a configuration file.
|
|
|
|
### Wallet
|
|
|
|
Wallet (`--wallet`) is a mandatory parameter. It is a path to a wallet file. You can provide a passphrase to decrypt
|
|
a wallet via env variable or conf file, or you will be asked to enter a password interactively.
|
|
You can also specify an account address to use from a wallet using the `--address` parameter.
|
|
|
|
### Listening on address and TLS
|
|
|
|
Gateway listens on `0.0.0.0:8080` by default, and you can change that with the `--listen_address` option.
|
|
|
|
It can also provide TLS interface for its users, just specify paths to the key and
|
|
certificate files via `--tls.key_file` and `--tls.cert_file` parameters. Note
|
|
that using these options makes gateway TLS-only. If you need to serve both TLS
|
|
and plain text, you either have to run two gateway instances or use some
|
|
external redirecting solution.
|
|
|
|
Example to bind to `192.168.130.130:443` and serve TLS there (keys and nodes are
|
|
omitted):
|
|
|
|
```shell
|
|
$ neofs-s3-gw --listen_address 192.168.130.130:443 \
|
|
--tls.key_file=key.pem --tls.cert_file=cert.pem
|
|
```
|
|
|
|
### RPC endpoint and resolving of bucket names
|
|
|
|
To set RPC endpoint specify a value of parameter `-r` or `--rpc_endpoint`. The parameter is **required if** another
|
|
parameter's `--resolve_order` value contains `nns`.
|
|
|
|
```shell
|
|
$ neofs-s3-gw --rpc_endpoint http://morph-chain.neofs.devenv:30333/ --resolve_order nns,dns
|
|
```
|
|
|
|
### Processing of requests
|
|
|
|
Maximum number of clients whose requests can be handled by the gateway can be specified by the value of
|
|
`--max_clients_count` parameter, the default value is 100.
|
|
`--max_clients_deadline` defines deadline after which the gate sends error `RequestTimeout` to a client, default value
|
|
is 30 seconds.
|
|
|
|
```shell
|
|
$ neofs-s3-gw --max_clients_count 150 --max_clients_deadline 1m
|
|
```
|
|
|
|
### Connection to NeoFS
|
|
|
|
Timeout to connect to NeoFS nodes can be set with `--connect_timeout` (default 30s)
|
|
and timeout to check node health during rebalance`--healthcheck_timeout` (default 15s).
|
|
|
|
Also, interval to check node health can be specified by `--rebalance_interval` value, default value is 15s.
|
|
|
|
```shell
|
|
$ neofs-s3-gw --healthcheck_timeout 15s --connect_timeout 1m --rebalance_interval 1h
|
|
```
|
|
|
|
### Monitoring and metrics
|
|
|
|
Pprof and Prometheus are integrated into the gateway, but not enabled by
|
|
default. To enable them, use `--pprof` and `--metrics` flags or
|
|
`S3_GW_PPROF`/`S3_GW_METRICS` environment variables.
|
|
|
|
## YAML file and environment variables
|
|
|
|
Example of a YAML configuration file: [.yaml-example](/config/config.yaml)
|
|
Examples of environment variables: [.env-example](/config/config.env).
|
|
|
|
A path to a configuration file can be specified with `--config` parameter:
|
|
|
|
```shell
|
|
$ neofs-s3-gw --config your-config.yaml
|
|
```
|
|
|
|
Parameters of the following groups can be configured via a `.yaml` file or environment variables only:
|
|
1. logging -- logging level
|
|
2. caching -- lifetime and size for each cache
|
|
3. notifications
|
|
4. CORS
|
|
5. default policy of placing containers in NeoFS
|
|
|
|
### Notifications
|
|
|
|
You can turn on notifications about successful completions of basic operations, and the gateway will send notifications
|
|
via NATS JetStream.
|
|
|
|
To enable notifications you need:
|
|
1. to configure the NATS server with JetStream
|
|
2. to specify NATS parameters for the S3 GW. It's ***necessary*** to define a values of `nats.enable` or
|
|
`S3_GW_NATS_ENABLED` as `True`
|
|
3. to configure notifications in a bucket
|
|
|