EliChin
/
frostfs-s3-gw
forked from TrueCloudLab/frostfs-s3-gw
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[#742] Update docs 

Signed-off-by: Denis Kirillov <denis@nspcc.ru>
KirillovDenis/bugfix/681-frostfs-fix_acl_parsing
Denis Kirillov 2022-11-09 14:53:26 +03:00 committed by Alex Vanin
parent dd4f66712c
commit 5265afe213
3 changed files with 34 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
CHANGELOG.md
View File

@ -13,6 +13,9 @@ This document outlines major changes between releases.
- Timeout for individual operations in streaming RPC (#740)
- Reload policies on SIGHUP (#747)
### Added
- Multiple server listeners (#742)
### Changed
- Placement policy configuration (#568)
@ -27,9 +30,15 @@ placement_policy:
Make sure you update the config accordingly:
If you configure application using environment variables change:
* `S3_GW_DEFAULT_POLICY` -> `S3_GW_PLACEMENT_POLICY_DEFAULT_POLICY`
* `S3_GW_LISTEN_ADDRESS` -> `S3_GW_SERVER_0_ADDRESS`
* `S3_GW_TLS_CERT_FILE` -> `S3_GW_SERVER_0_TLS_CERT_FILE` (and set `S3_GW_SERVER_0_TLS_ENABLED=true`)
* `S3_GW_TLS_KEY_FILE` -> `S3_GW_SERVER_0_TLS_KEY_FILE` (and set `S3_GW_SERVER_0_TLS_ENABLED=true`)
If you configure application using `.yaml` file change:
* `defaul_policy` -> `placement_policy.default`
* `listen_address` -> `server.0.address`
* `tls.cert_file` -> `server.0.tls.cert_file` (and set `server.0.tls.enabled: true`)
* `tls.key_file` -> `server.0.tls.key_file` (and set `server.0.tls.enabled: true`)
## [0.25.0] - 2022-10-31

2
cmd/s3-gw/app_settings.go
View File

@ -223,7 +223,7 @@ func newSettings() *viper.Viper {
flags.Int(cfgMaxClientsCount, defaultMaxClientsCount, "set max-clients count")
flags.Duration(cfgMaxClientsDeadline, defaultMaxClientsDeadline, "set max-clients deadline")
flags.String(cmdListenAddress, "0.0.0.0:8080", "set address to listen")
flags.String(cmdListenAddress, "0.0.0.0:8080", "set the main address to listen")
flags.String(cfgTLSCertFile, "", "TLS certificate file to use")
flags.String(cfgTLSKeyFile, "", "TLS key file to use")

37
docs/configuration.md
View File

@ -62,6 +62,8 @@ $ neofs-s3-gw --listen_address 192.168.130.130:443 \
--tls.key_file=key.pem --tls.cert_file=cert.pem
```
Using these flag you can configure only one address. To set multiple addresses use yaml config.
### RPC endpoint and resolving of bucket names
To set RPC endpoint specify a value of parameter `-r` or `--rpc_endpoint`. The parameter is **required if** another
@ -95,7 +97,7 @@ $ neofs-s3-gw --healthcheck_timeout 15s --connect_timeout 1m --rebalance_interva
### Monitoring and metrics
Pprof and Prometheus are integrated into the gateway. To enable them, use `--pprof` and `--metrics` flags or
`S3_GW_PPROF`/`S3_GW_METRICS` environment variables.
`S3_GW_PPROF_ENABLED`/`S3_GW_PROMETHEUS_ENABLED` environment variables.
## YAML file and environment variables
@ -155,7 +157,7 @@ There are some custom types used for brevity:
| `wallet` | [Wallet configuration](#wallet-section) |
| `peers` | [Nodes configuration](#peers-section) |
| `placement_policy` | [Placement policy configuration](#placement_policy-section) |
| `tls` | [TLS configuration](#tls-section) |
| `server` | [Server configuration](#server-section) |
| `logger` | [Logger configuration](#logger-section) |
| `tree` | [Tree configuration](#tree-section) |
| `cache` | [Cache configuration](#cache-section) |
@ -168,8 +170,6 @@ There are some custom types used for brevity:
### General section
```yaml
listen_address: 0.0.0.0:8084
listen_domains:
- s3dev.neofs.devenv
- s3dev2.neofs.devenv
@ -195,7 +195,6 @@ allowed_access_key_id_prefixes:
| Parameter | Type | SIGHUP reload | Default value | Description |
|----------------------------------|------------|---------------|----------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `listen_address` | `string` | | `0.0.0.0:8080` | The address that the gateway is listening on. |
| `listen_domains` | `[]string` | | | Domains to be able to use virtual-hosted-style access to bucket. |
| `rpc_endpoint` | `string` | yes | | The address of the RPC host to which the gateway connects to resolve bucket names (required to use the `nns` resolver). |
| `resolve_order` | `[]string` | yes | `[dns]` | Order of bucket name resolvers to use. Available resolvers: `dns`, `nns`. | |
@ -281,18 +280,30 @@ File for `region_mapping` must contain something like this:
**Note:** on SIGHUP reload policies will be updated only if both parameters are valid.
So if you change `default` to some valid value and set invalid path in `region_mapping` the `default` value won't be changed.
### `tls` section
### `server` section
You can specify several listeners for server. For example, for `http` and `https`.
```yaml
tls:
cert_file: /path/to/cert
key_file: /path/to/key
server:
- address: 0.0.0.0:8080
tls:
enabled: false
cert_file: /path/to/cert
key_file: /path/to/key
- address: 0.0.0.0:8081
tls:
enabled: true
cert_file: /path/to/another/cert
key_file: /path/to/another/key
```
| Parameter | Type | SIGHUP reload | Default value | Description |
|-------------|----------|---------------|---------------|------------------------------|
| `cert_file` | `string` | yes | | Path to the TLS certificate. |
| `key_file` | `string` | yes | | Path to the key. |
| Parameter | Type | SIGHUP reload | Default value | Description |
|-----------------|----------|---------------|----------------|-----------------------------------------------|
| `address` | `string` | | `0.0.0.0:8080` | The address that the gateway is listening on. |
| `tls.enabled` | `bool` | | false | Enable TLS or not. |
| `tls.cert_file` | `string` | yes | | Path to the TLS certificate. |
| `tls.key_file` | `string` | yes | | Path to the key. |
### `logger` section