2022-04-12 22:29:51 +00:00
|
|
|
# Wallet address, path to the wallet must be set as cli parameter or environment variable
|
|
|
|
wallet:
|
2022-07-28 13:26:42 +00:00
|
|
|
path: /path/to/wallet.json # Path to wallet
|
|
|
|
passphrase: "" # Passphrase to decrypt wallet. If you're using a wallet without a password, place '' here.
|
|
|
|
address: NfgHwwTi3wHAS8aFAN243C5vGbkYDpqLHP # Account address. If omitted default one will be used.
|
2022-04-12 22:29:51 +00:00
|
|
|
|
|
|
|
# Nodes configuration
|
2022-12-20 08:38:58 +00:00
|
|
|
# This configuration makes the gateway use the first node (grpc://s01.frostfs.devenv:8080)
|
|
|
|
# while it's healthy. Otherwise, gateway uses the second node (grpc://s01.frostfs.devenv:8080)
|
|
|
|
# for 10% of requests and the third node (grpc://s03.frostfs.devenv:8080) for 90% of requests.
|
2022-04-12 22:29:51 +00:00
|
|
|
# Until nodes with the same priority level are healthy
|
|
|
|
# nodes with other priority are not used.
|
|
|
|
# The lower the value, the higher the priority.
|
|
|
|
peers:
|
|
|
|
0:
|
2022-12-20 08:38:58 +00:00
|
|
|
address: node1.frostfs:8080
|
2022-04-12 22:29:51 +00:00
|
|
|
priority: 1
|
|
|
|
weight: 1
|
|
|
|
1:
|
2022-12-20 08:38:58 +00:00
|
|
|
address: node2.frostfs:8080
|
2022-04-12 22:29:51 +00:00
|
|
|
priority: 2
|
|
|
|
weight: 0.1
|
|
|
|
2:
|
2022-12-20 08:38:58 +00:00
|
|
|
address: node3.frostfs:8080
|
2022-04-12 22:29:51 +00:00
|
|
|
priority: 2
|
|
|
|
weight: 0.9
|
|
|
|
|
2024-02-11 18:00:56 +00:00
|
|
|
reconnect_interval: 1m
|
|
|
|
|
2022-11-09 10:07:18 +00:00
|
|
|
server:
|
|
|
|
- address: 0.0.0.0:8080
|
|
|
|
tls:
|
|
|
|
enabled: false
|
|
|
|
cert_file: /path/to/cert
|
|
|
|
key_file: /path/to/key
|
|
|
|
- address: 0.0.0.0:8081
|
|
|
|
tls:
|
|
|
|
enabled: true
|
|
|
|
cert_file: /path/to/cert
|
|
|
|
key_file: /path/to/key
|
2022-04-12 22:29:51 +00:00
|
|
|
|
2022-08-30 10:52:37 +00:00
|
|
|
# Domains to be able to use virtual-hosted-style access to bucket.
|
|
|
|
listen_domains:
|
2022-12-20 08:38:58 +00:00
|
|
|
- s3dev.frostfs.devenv
|
2024-07-31 06:45:46 +00:00
|
|
|
- s3dev.<wildcard>.frostfs.devenv
|
|
|
|
|
|
|
|
vhs:
|
|
|
|
enabled: false
|
2024-08-01 13:24:47 +00:00
|
|
|
vhs_header: X-Frostfs-S3-VHS
|
|
|
|
servername_header: X-Frostfs-Servername
|
2024-07-31 06:45:46 +00:00
|
|
|
namespaces:
|
|
|
|
"ns1": false
|
|
|
|
"ns2": true
|
2022-08-30 10:52:37 +00:00
|
|
|
|
2022-04-12 22:29:51 +00:00
|
|
|
logger:
|
|
|
|
level: debug
|
2023-11-09 06:07:11 +00:00
|
|
|
destination: stdout
|
2024-09-20 11:34:05 +00:00
|
|
|
sampling:
|
|
|
|
enabled: false
|
|
|
|
initial: 100
|
|
|
|
thereafter: 100
|
|
|
|
interval: 1s
|
2022-04-12 22:29:51 +00:00
|
|
|
|
2024-07-12 12:31:43 +00:00
|
|
|
# log http request data (URI, headers, query, etc)
|
|
|
|
http_logging:
|
|
|
|
enabled: false
|
|
|
|
# max body size to log
|
|
|
|
max_body: 1024
|
|
|
|
# max log size in Mb
|
|
|
|
max_log_size: 20
|
|
|
|
# use log compression
|
|
|
|
gzip: true
|
|
|
|
# possible output values: filesystem path, url, "stdout", "stderr"
|
|
|
|
destination: stdout
|
|
|
|
|
2022-04-12 22:29:51 +00:00
|
|
|
# RPC endpoint and order of resolving of bucket names
|
2022-12-20 08:38:58 +00:00
|
|
|
rpc_endpoint: http://morph-chain.frostfs.devenv:30333
|
2022-04-14 18:10:57 +00:00
|
|
|
resolve_order:
|
2022-04-12 22:29:51 +00:00
|
|
|
- nns
|
|
|
|
|
|
|
|
# Metrics
|
2022-07-26 13:29:07 +00:00
|
|
|
pprof:
|
2023-02-03 10:00:18 +00:00
|
|
|
enabled: false
|
2022-07-26 13:29:07 +00:00
|
|
|
address: localhost:8085
|
|
|
|
|
|
|
|
prometheus:
|
2023-02-03 10:00:18 +00:00
|
|
|
enabled: false
|
2022-07-26 13:29:07 +00:00
|
|
|
address: localhost:8086
|
2022-04-12 22:29:51 +00:00
|
|
|
|
2023-05-31 16:35:20 +00:00
|
|
|
tracing:
|
|
|
|
enabled: false
|
|
|
|
exporter: "otlp_grpc"
|
|
|
|
endpoint: "localhost:4318"
|
2024-09-10 07:31:01 +00:00
|
|
|
trusted_ca: ""
|
2024-11-14 14:16:49 +00:00
|
|
|
attributes:
|
|
|
|
- key: key0
|
|
|
|
value: value
|
|
|
|
- key: key1
|
|
|
|
value: value
|
2023-05-31 16:35:20 +00:00
|
|
|
|
2022-04-12 22:29:51 +00:00
|
|
|
# Timeout to connect to a node
|
2022-07-18 13:11:25 +00:00
|
|
|
connect_timeout: 10s
|
2022-11-15 14:19:21 +00:00
|
|
|
# Timeout for individual operations in streaming RPC.
|
|
|
|
stream_timeout: 10s
|
2022-04-14 15:09:57 +00:00
|
|
|
# Timeout to check node health during rebalance
|
|
|
|
healthcheck_timeout: 15s
|
2022-04-12 22:29:51 +00:00
|
|
|
# Interval to check node health
|
2022-07-18 13:11:25 +00:00
|
|
|
rebalance_interval: 60s
|
2022-07-29 06:26:11 +00:00
|
|
|
# The number of errors on connection after which node is considered as unhealthy
|
|
|
|
pool_error_threshold: 100
|
|
|
|
|
2022-04-12 22:29:51 +00:00
|
|
|
|
|
|
|
# Limits for processing of clients' requests
|
|
|
|
max_clients_count: 100
|
|
|
|
# Deadline after which the gate sends error `RequestTimeout` to a client
|
|
|
|
max_clients_deadline: 30s
|
|
|
|
|
|
|
|
# Caching
|
|
|
|
cache:
|
|
|
|
# Cache for objects
|
|
|
|
objects:
|
|
|
|
lifetime: 300s
|
|
|
|
size: 150
|
|
|
|
# Cache which keeps lists of objects in buckets
|
|
|
|
list:
|
|
|
|
lifetime: 1m
|
|
|
|
size: 100
|
2023-10-16 06:27:21 +00:00
|
|
|
# Cache which keeps listing sessions
|
|
|
|
list_session:
|
|
|
|
lifetime: 1m
|
|
|
|
size: 100
|
2022-04-12 22:29:51 +00:00
|
|
|
# Cache which contains mapping of nice name to object addresses
|
|
|
|
names:
|
|
|
|
lifetime: 1m
|
|
|
|
size: 1000
|
|
|
|
# Cache which contains mapping of bucket name to bucket info
|
|
|
|
buckets:
|
|
|
|
lifetime: 1m
|
|
|
|
size: 500
|
2024-06-25 12:24:29 +00:00
|
|
|
# Cache for system objects in a bucket: bucket settings etc
|
2022-04-12 22:29:51 +00:00
|
|
|
system:
|
|
|
|
lifetime: 2m
|
|
|
|
size: 1000
|
2022-10-03 14:36:09 +00:00
|
|
|
# Cache which stores access box with tokens by its address
|
2022-04-12 22:29:51 +00:00
|
|
|
accessbox:
|
2024-02-06 13:44:49 +00:00
|
|
|
removing_check_interval: 5m
|
|
|
|
lifetime: 10m
|
|
|
|
size: 100
|
2022-10-03 14:36:09 +00:00
|
|
|
# Cache which stores owner to cache operation mapping
|
|
|
|
accesscontrol:
|
|
|
|
lifetime: 1m
|
|
|
|
size: 100000
|
2023-12-05 09:12:35 +00:00
|
|
|
# Cache which stores list of policy chains
|
|
|
|
morph_policy:
|
|
|
|
lifetime: 1m
|
|
|
|
size: 10000
|
2024-03-12 08:28:24 +00:00
|
|
|
# Cache which stores frostfsid subject info
|
|
|
|
frostfsid:
|
|
|
|
lifetime: 1m
|
|
|
|
size: 10000
|
2024-12-12 10:20:26 +00:00
|
|
|
# Cache which stores network-related values
|
|
|
|
network:
|
2024-09-05 12:36:40 +00:00
|
|
|
lifetime: 1m
|
2022-04-12 22:29:51 +00:00
|
|
|
|
2022-12-20 08:38:58 +00:00
|
|
|
# Parameters of FrostFS container placement policy
|
2022-11-03 06:49:06 +00:00
|
|
|
placement_policy:
|
2022-12-20 08:38:58 +00:00
|
|
|
# Default policy of placing containers in FrostFS
|
|
|
|
# If a user sends a request `CreateBucket` and doesn't define policy for placing of a container in FrostFS, the S3 Gateway
|
2022-11-03 06:49:06 +00:00
|
|
|
# will put the container with default policy.
|
|
|
|
default: REP 3
|
|
|
|
# Region to placement policy mapping json file.
|
|
|
|
# Path to container policy mapping. The same as '--container-policy' flag for authmate
|
|
|
|
region_mapping: /path/to/container/policy.json
|
2023-04-24 23:49:12 +00:00
|
|
|
# Array of locations constraints and their vectors of copies numbers
|
|
|
|
copies_numbers:
|
|
|
|
- location_constraint: sample-01
|
|
|
|
vector:
|
|
|
|
- 1
|
|
|
|
- 2
|
|
|
|
- location_constraint: sample-02
|
|
|
|
vector:
|
|
|
|
- 1
|
|
|
|
- 2
|
|
|
|
- 3
|
2022-04-12 22:29:51 +00:00
|
|
|
|
|
|
|
# CORS
|
|
|
|
# value of Access-Control-Max-Age header if this value is not set in a rule. Has an int type.
|
|
|
|
cors:
|
|
|
|
default_max_age: 600
|
2022-08-11 23:13:02 +00:00
|
|
|
|
2022-12-20 08:38:58 +00:00
|
|
|
# Parameters of requests to FrostFS
|
|
|
|
frostfs:
|
2023-05-24 06:40:45 +00:00
|
|
|
# Numbers of the object copies (for each replica) to consider PUT to FrostFS successful.
|
|
|
|
# `[0]` or empty list means that object will be processed according to the container's placement policy
|
2023-12-13 14:44:18 +00:00
|
|
|
set_copies_number: [ 0 ]
|
2023-07-14 12:30:47 +00:00
|
|
|
# This flag enables client side object preparing.
|
|
|
|
client_cut: false
|
2023-08-25 10:07:59 +00:00
|
|
|
# Sets max buffer size for read payload in put operations.
|
|
|
|
buffer_max_size_for_put: 1048576
|
2024-08-26 10:04:24 +00:00
|
|
|
# Specifies the timeout after which unhealthy client be closed during rebalancing if it will become healthy back.
|
|
|
|
graceful_close_on_switch_timeout: 10s
|
2024-11-22 09:32:35 +00:00
|
|
|
tombstone:
|
|
|
|
# Tombstone's lifetime in epochs.
|
|
|
|
lifetime: 10
|
|
|
|
# Maximum number of object IDs in one tombstone.
|
|
|
|
members_size: 100
|
|
|
|
# Maximum worker count in layer's worker pool that create tombstones.
|
|
|
|
worker_pool_size: 100
|
2022-08-31 23:12:02 +00:00
|
|
|
|
|
|
|
# List of allowed AccessKeyID prefixes
|
|
|
|
# If the parameter is omitted, S3 GW will accept all AccessKeyIDs
|
|
|
|
allowed_access_key_id_prefixes:
|
|
|
|
- Ck9BHsgKcnwfCTUSFm6pxhoNS4cBqgN2NQ8zVgPjqZDX
|
|
|
|
- 3stjWenX15YwYzczMr88gy3CQr4NYFBQ8P7keGzH5QFn
|
2023-02-10 12:21:25 +00:00
|
|
|
|
|
|
|
resolve_bucket:
|
2023-11-16 12:10:51 +00:00
|
|
|
namespace_header: X-Frostfs-Namespace
|
2023-02-10 12:21:25 +00:00
|
|
|
allow:
|
|
|
|
- container
|
|
|
|
deny:
|
2023-03-02 14:54:33 +00:00
|
|
|
|
|
|
|
kludge:
|
2023-10-09 12:34:51 +00:00
|
|
|
# Enable using default xml namespace `http://s3.amazonaws.com/doc/2006-03-01/` when parse xml bodies.
|
|
|
|
use_default_xmlns: false
|
2023-07-10 09:17:44 +00:00
|
|
|
# Use this flag to be able to use chunked upload approach without having `aws-chunked` value in `Content-Encoding` header.
|
|
|
|
bypass_content_encoding_check_in_chunks: false
|
2023-11-16 12:10:51 +00:00
|
|
|
# Namespaces that should be handled as default
|
|
|
|
default_namespaces: [ "", "root" ]
|
2024-12-08 12:02:31 +00:00
|
|
|
# new profile section override defaults based on user agent
|
|
|
|
profile:
|
|
|
|
- user_agent: aws-cli
|
|
|
|
use_default_xmlns: false
|
|
|
|
- user_agent: aws-sdk-go
|
|
|
|
use_default_xmlns: true
|
|
|
|
bypass_content_encoding_check_in_chunks: false
|
2023-08-30 18:24:22 +00:00
|
|
|
|
|
|
|
runtime:
|
2023-10-09 12:34:51 +00:00
|
|
|
soft_memory_limit: 1gb
|
2023-10-02 08:52:07 +00:00
|
|
|
|
|
|
|
features:
|
2023-12-05 12:49:13 +00:00
|
|
|
policy:
|
|
|
|
# Enable denying access for request that doesn't match any policy chain rules.
|
|
|
|
deny_by_default: false
|
2023-10-02 08:52:07 +00:00
|
|
|
md5:
|
|
|
|
enabled: false
|
2024-12-12 10:20:26 +00:00
|
|
|
# Enable using new version of tree pool, which uses net map to select nodes, for requests to tree service
|
|
|
|
tree_pool_netmap_support: true
|
2023-10-26 13:44:40 +00:00
|
|
|
|
|
|
|
web:
|
|
|
|
# ReadTimeout is the maximum duration for reading the entire
|
|
|
|
# request, including the body. A zero or negative value means
|
|
|
|
# there will be no timeout.
|
|
|
|
read_timeout: 0
|
|
|
|
|
|
|
|
# ReadHeaderTimeout is the amount of time allowed to read
|
|
|
|
# request headers. The connection's read deadline is reset
|
|
|
|
# after reading the headers and the Handler can decide what
|
|
|
|
# is considered too slow for the body. If ReadHeaderTimeout
|
|
|
|
# is zero, the value of ReadTimeout is used. If both are
|
|
|
|
# zero, there is no timeout.
|
|
|
|
read_header_timeout: 30s
|
|
|
|
|
|
|
|
# WriteTimeout is the maximum duration before timing out
|
|
|
|
# writes of the response. It is reset whenever a new
|
|
|
|
# request's header is read. Like ReadTimeout, it does not
|
|
|
|
# let Handlers make decisions on a per-request basis.
|
|
|
|
# A zero or negative value means there will be no timeout.
|
|
|
|
write_timeout: 0
|
|
|
|
|
|
|
|
# IdleTimeout is the maximum amount of time to wait for the
|
|
|
|
# next request when keep-alives are enabled. If IdleTimeout
|
|
|
|
# is zero, the value of ReadTimeout is used. If both are
|
|
|
|
# zero, there is no timeout.
|
|
|
|
idle_timeout: 30s
|
2023-10-05 13:25:25 +00:00
|
|
|
|
|
|
|
# FrostfsID contract configuration. To enable this functionality the `rpc_endpoint` param must be also set.
|
|
|
|
frostfsid:
|
|
|
|
# FrostfsID contract hash (LE) or name in NNS.
|
|
|
|
contract: frostfsid.frostfs
|
2023-12-13 14:44:18 +00:00
|
|
|
validation:
|
|
|
|
# Enables a check to only allow requests to users registered in the FrostfsID contract.
|
|
|
|
enabled: true
|
2023-11-21 08:51:07 +00:00
|
|
|
|
2023-12-05 09:12:35 +00:00
|
|
|
# Policy contract configuration. To enable this functionality the `rpc_endpoint` param must be also set.
|
|
|
|
policy:
|
|
|
|
# Policy contract hash (LE) or name in NNS.
|
|
|
|
contract: policy.frostfs
|
|
|
|
|
2023-12-21 14:57:12 +00:00
|
|
|
# Proxy contract configuration. To enable this functionality the `rpc_endpoint` param must be also set.
|
|
|
|
proxy:
|
|
|
|
# Proxy contract hash (LE) or name in NNS.
|
|
|
|
contract: proxy.frostfs
|
|
|
|
|
2023-11-21 08:51:07 +00:00
|
|
|
namespaces:
|
|
|
|
config: namespaces.json
|
2024-04-17 14:08:55 +00:00
|
|
|
|
|
|
|
# Custom header to retrieve Source IP
|
|
|
|
source_ip_header: "Source-Ip"
|
2024-05-30 13:02:27 +00:00
|
|
|
|
|
|
|
# Retry strategy configuration.
|
|
|
|
retry:
|
|
|
|
# Max amount of request attempts. Currently only for updating bucket settings request.
|
|
|
|
max_attempts: 4
|
|
|
|
# Max delay before next attempt.
|
|
|
|
max_backoff: 30s
|
|
|
|
# Backoff strategy. `exponential` and `constant` are allowed.
|
|
|
|
strategy: exponential
|
2024-07-15 15:35:54 +00:00
|
|
|
|
|
|
|
# Containers properties
|
|
|
|
containers:
|
|
|
|
cors: AZjLTXfK4vs4ovxMic2xEJKSymMNLqdwq9JT64ASFCRj
|
2024-08-12 11:22:56 +00:00
|
|
|
lifecycle: AZjLTXfK4vs4ovxMic2xEJKSymMNLqdwq9JT64ASFCRj
|
2024-10-22 13:16:45 +00:00
|
|
|
|
|
|
|
# Multinet properties
|
|
|
|
multinet:
|
|
|
|
# Enable multinet support
|
|
|
|
enabled: false
|
|
|
|
# Strategy to pick source IP address
|
|
|
|
balancer: roundrobin
|
|
|
|
# Restrict requests with unknown destination subnet
|
|
|
|
restrict: false
|
|
|
|
# Delay between ipv6 to ipv4 fallback switch
|
|
|
|
fallback_delay: 300ms
|
|
|
|
# List of subnets and IP addresses to use as source for those subnets
|
|
|
|
subnets:
|
|
|
|
- mask: 1.2.3.4/24
|
|
|
|
source_ips:
|
|
|
|
- 1.2.3.4
|
|
|
|
- 1.2.3.5
|
2024-12-03 12:36:40 +00:00
|
|
|
|
2024-12-04 10:45:52 +00:00
|
|
|
encryption:
|
2024-12-03 12:36:40 +00:00
|
|
|
tls_termination_header: X-Frostfs-TLS-Termination
|