d1be5b5f9e
Support TLS >=1.2 only and strong cipher suites. Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
161 lines
6.7 KiB
YAML
161 lines
6.7 KiB
YAML
logger:
|
|
level: debug # logger level: one of "debug", "info" (default), "warn", "error", "dpanic", "panic", "fatal"
|
|
|
|
profiler:
|
|
address: 127.0.0.1:6060 # endpoint for Node profiling
|
|
shutdown_timeout: 15s # timeout for profiling HTTP server graceful shutdown
|
|
|
|
metrics:
|
|
address: 127.0.0.1:9090 # endpoint for Node metrics
|
|
shutdown_timeout: 15s # timeout for metrics HTTP server graceful shutdown
|
|
|
|
node:
|
|
key: ./wallet.key # path to a binary private key
|
|
wallet:
|
|
path: "./wallet.json" # path to a NEO wallet; ignored if key is presented
|
|
address: "NcpJzXcSDrh5CCizf4K9Ro6w4t59J5LKzz" # address of a NEO account in the wallet; ignored if key is presented
|
|
password: "password" # password for a NEO account in the wallet; ignored if key is presented
|
|
addresses: # list of addresses announced by Storage node in the Network map
|
|
- s01.neofs.devenv:8080
|
|
- /dns4/s02.neofs.devenv/tcp/8081
|
|
- grpc://127.0.0.1:8082
|
|
- grpcs://localhost:8083
|
|
attribute_0: "Price:11"
|
|
attribute_1: UN-LOCODE:RU MSK
|
|
relay: true # start Storage node in relay mode without bootstrapping into the Network map
|
|
persistent_state: # path to persistent state file of Storage node
|
|
path: /state
|
|
subnet:
|
|
exit_zero: true # toggle entrance to zero subnet (overrides corresponding attribute and occurrence in `entries`)
|
|
entries: # list of IDs of subnets to enter in a text format of NeoFS API protocol (overrides corresponding attributes)
|
|
- 123
|
|
- 456
|
|
- 789
|
|
|
|
grpc:
|
|
num: 2 # total number of listener endpoints
|
|
0:
|
|
endpoint: s01.neofs.devenv:8080 # endpoint for gRPC server
|
|
tls:
|
|
enabled: true # use TLS for a gRPC connection (min version is TLS 1.2)
|
|
certificate: /path/to/cert # path to TLS certificate
|
|
key: /path/to/key # path to TLS key
|
|
|
|
1:
|
|
endpoint: s02.neofs.devenv:8080 # endpoint for gRPC server
|
|
tls:
|
|
enabled: false # use TLS for a gRPC connection
|
|
2:
|
|
endpoint: s03.neofs.devenv:8080
|
|
tls:
|
|
enabled: true
|
|
use_insecure_crypto: true # allow using insecure ciphers with TLS 1.2
|
|
|
|
control:
|
|
authorized_keys: # list of hex-encoded public keys that have rights to use the Control Service
|
|
- 035839e45d472a3b7769a2a1bd7d54c4ccd4943c3b40f547870e83a8fcbfb3ce11
|
|
- 028f42cfcb74499d7b15b35d9bff260a1c8d27de4f446a627406a382d8961486d6
|
|
grpc:
|
|
endpoint: 127.0.0.1:8090 # endpoint that is listened by the Control Service
|
|
|
|
contracts: # side chain NEOFS contract script hashes; optional, override values retrieved from NNS contract
|
|
balance: 5263abba1abedbf79bb57f3e40b50b4425d2d6cd
|
|
container: 5d084790d7aa36cea7b53fe897380dab11d2cd3c
|
|
netmap: 0cce9e948dca43a6b592efe59ddb4ecb89bdd9ca
|
|
reputation: 441995f631c1da2b133462b71859494a5cd45e90
|
|
proxy: ad7c6b55b737b696e5c82c85445040964a03e97f
|
|
|
|
morph:
|
|
dial_timeout: 30s # timeout for side chain NEO RPC client connection
|
|
disable_cache: true # do not use TTL cache for side chain GET operations
|
|
rpc_endpoint: # side chain NEO RPC endpoints; are shuffled and used one by one until the first success
|
|
- https://rpc1.morph.fs.neo.org:40341
|
|
- https://rpc2.morph.fs.neo.org:40341
|
|
notification_endpoint: # side chain NEO RPC notification endpoints; are shuffled and used only the first non-error one
|
|
- wss://rpc1.morph.fs.neo.org:40341/ws
|
|
- wss://rpc2.morph.fs.neo.org:40341/ws
|
|
|
|
mainchain: # DEPRECATED section, is not used and not read
|
|
dial_timeout: 30s # timeout for main chain NEO RPC client connection
|
|
rpc_endpoint: # main chain NEO RPC endpoints; are shuffled and used one by one until the first success
|
|
- https://rpc1.n3.nspcc.ru:30341
|
|
- https://rpc2.n3.nspcc.ru:30341
|
|
|
|
apiclient:
|
|
dial_timeout: 15s # timeout for NEOFS API client connection
|
|
|
|
policer:
|
|
head_timeout: 15s # timeout for the Policer HEAD remote operation
|
|
|
|
replicator:
|
|
put_timeout: 15s # timeout for the Replicator PUT remote operation
|
|
|
|
object:
|
|
put:
|
|
pool_size_remote: 100 # number of async workers for remote PUT operations
|
|
|
|
storage:
|
|
# note: shard configuration can be omitted for relay node (see `node.relay`)
|
|
shard_pool_size: 15 # size of per-shard worker pools used for PUT operations
|
|
shard_num: 2 # total number of shards
|
|
default: # section with the default shard parameters
|
|
resync_metabase: true # sync metabase with blobstore on start, expensive, leave false until complete understanding
|
|
|
|
use_write_cache: true # use write-cache
|
|
|
|
writecache:
|
|
memcache_capacity: 2147483648 # approximate RAM usage limit for "small" objects, bytes
|
|
small_object_size: 16384 # size threshold for "small" objects which are cached in key-value DB, not in FS, bytes
|
|
max_object_size: 134217728 # size threshold for "big" objects which bypass write-cache and go to the storage directly, bytes
|
|
workers_number: 30 # number of write-cache flusher threads
|
|
|
|
metabase:
|
|
perm: 0644 # permissions for metabase files(directories: +x for current user and group)
|
|
|
|
blobstor:
|
|
compress: false # turn on/off zstd(level 3) compression of stored objects
|
|
perm: 0644 # permissions for blobstor files(directories: +x for current user and group)
|
|
depth: 5 # max depth of object tree storage in FS
|
|
small_object_size: 102400 # size threshold for "small" objects which are cached in key-value DB, not in FS, bytes
|
|
|
|
blobovnicza:
|
|
size: 4194304 # approximate size limit of single blobovnicza instance, total size will be: size*width^(depth+1), bytes
|
|
depth: 1 # max depth of object tree storage in key-value DB
|
|
width: 4 # max width of object tree storage in key-value DB
|
|
opened_cache_capacity: 50 # maximum number of opened database files
|
|
|
|
gc:
|
|
remover_batch_size: 200 # number of objects to be removed by the garbage collector
|
|
remover_sleep_interval: 5m # frequency of the garbage collector invocation
|
|
|
|
shard:
|
|
0:
|
|
resync_metabase: false # sync metabase with blobstore on start, expensive, leave false until complete understanding
|
|
|
|
use_write_cache: false # use write-cache
|
|
|
|
writecache:
|
|
path: tmp/0/cache # write-cache root directory
|
|
capacity: 3221225472 # approximate write-cache total size, bytes
|
|
|
|
metabase:
|
|
path: tmp/0/meta # metabase path
|
|
|
|
blobstor:
|
|
path: tmp/0/blob # blobstor path
|
|
compress: true # turn on/off zstd(level 3) compression of stored objects
|
|
|
|
gc:
|
|
remover_batch_size: 150 # number of objects to be removed by the garbage collector
|
|
remover_sleep_interval: 2m # frequency of the garbage collector invocation
|
|
|
|
1:
|
|
writecache:
|
|
path: tmp/1/cache # write-cache root directory
|
|
capacity: 4294967296 # approximate write-cache total size, bytes
|
|
|
|
metabase:
|
|
path: tmp/1/meta # metabase path
|
|
|
|
blobstor:
|
|
path: tmp/1/blob # blobstor path
|