Compare commits
1 commit
master
...
test-96577
Author | SHA1 | Date | |
---|---|---|---|
41fcd5070f |
5 changed files with 10 additions and 167 deletions
|
@ -1,157 +0,0 @@
|
||||||
# Wallet address, path to the wallet must be set as cli parameter or environment variable
|
|
||||||
wallet:
|
|
||||||
path: /path/to/wallet.json # Path to wallet
|
|
||||||
passphrase: "" # Passphrase to decrypt wallet. If you're using a wallet without a password, place '' here.
|
|
||||||
address: NfgHwwTi3wHAS8aFAN243C5vGbkYDpqLHP # Account address. If omitted default one will be used.
|
|
||||||
|
|
||||||
# Nodes configuration
|
|
||||||
# This configuration makes the gateway use the first node (grpc://s01.frostfs.devenv:8080)
|
|
||||||
# while it's healthy. Otherwise, gateway uses the second node (grpc://s01.frostfs.devenv:8080)
|
|
||||||
# for 10% of requests and the third node (grpc://s03.frostfs.devenv:8080) for 90% of requests.
|
|
||||||
# Until nodes with the same priority level are healthy
|
|
||||||
# nodes with other priority are not used.
|
|
||||||
# The lower the value, the higher the priority.
|
|
||||||
peers:
|
|
||||||
0:
|
|
||||||
address: node1.frostfs:8080
|
|
||||||
priority: 1
|
|
||||||
weight: 1
|
|
||||||
1:
|
|
||||||
address: node2.frostfs:8080
|
|
||||||
priority: 2
|
|
||||||
weight: 0.1
|
|
||||||
2:
|
|
||||||
address: node3.frostfs:8080
|
|
||||||
priority: 2
|
|
||||||
weight: 0.9
|
|
||||||
|
|
||||||
server:
|
|
||||||
- address: 0.0.0.0:8080
|
|
||||||
tls:
|
|
||||||
enabled: false
|
|
||||||
cert_file: /path/to/cert
|
|
||||||
key_file: /path/to/key
|
|
||||||
- address: 0.0.0.0:8081
|
|
||||||
tls:
|
|
||||||
enabled: true
|
|
||||||
cert_file: /path/to/cert
|
|
||||||
key_file: /path/to/key
|
|
||||||
|
|
||||||
# Domains to be able to use virtual-hosted-style access to bucket.
|
|
||||||
listen_domains:
|
|
||||||
- s3dev.frostfs.devenv
|
|
||||||
|
|
||||||
logger:
|
|
||||||
level: debug
|
|
||||||
|
|
||||||
# Endpoint of the tree service. Must be provided. Can be one of the node address (from the `peers` section).
|
|
||||||
tree:
|
|
||||||
service: node1.frostfs:8080
|
|
||||||
|
|
||||||
# RPC endpoint and order of resolving of bucket names
|
|
||||||
rpc_endpoint: http://morph-chain.frostfs.devenv:30333
|
|
||||||
resolve_order:
|
|
||||||
- nns
|
|
||||||
|
|
||||||
# Metrics
|
|
||||||
pprof:
|
|
||||||
enabled: false
|
|
||||||
address: localhost:8085
|
|
||||||
|
|
||||||
prometheus:
|
|
||||||
enabled: false
|
|
||||||
address: localhost:8086
|
|
||||||
|
|
||||||
# Timeout to connect to a node
|
|
||||||
connect_timeout: 10s
|
|
||||||
# Timeout for individual operations in streaming RPC.
|
|
||||||
stream_timeout: 10s
|
|
||||||
# Timeout to check node health during rebalance
|
|
||||||
healthcheck_timeout: 15s
|
|
||||||
# Interval to check node health
|
|
||||||
rebalance_interval: 60s
|
|
||||||
# The number of errors on connection after which node is considered as unhealthy
|
|
||||||
pool_error_threshold: 100
|
|
||||||
|
|
||||||
|
|
||||||
# Limits for processing of clients' requests
|
|
||||||
max_clients_count: 100
|
|
||||||
# Deadline after which the gate sends error `RequestTimeout` to a client
|
|
||||||
max_clients_deadline: 30s
|
|
||||||
|
|
||||||
# Caching
|
|
||||||
cache:
|
|
||||||
# Cache for objects
|
|
||||||
objects:
|
|
||||||
lifetime: 300s
|
|
||||||
size: 150
|
|
||||||
# Cache which keeps lists of objects in buckets
|
|
||||||
list:
|
|
||||||
lifetime: 1m
|
|
||||||
size: 100
|
|
||||||
# Cache which contains mapping of nice name to object addresses
|
|
||||||
names:
|
|
||||||
lifetime: 1m
|
|
||||||
size: 1000
|
|
||||||
# Cache which contains mapping of bucket name to bucket info
|
|
||||||
buckets:
|
|
||||||
lifetime: 1m
|
|
||||||
size: 500
|
|
||||||
# Cache for system objects in a bucket: bucket settings, notification configuration etc
|
|
||||||
system:
|
|
||||||
lifetime: 2m
|
|
||||||
size: 1000
|
|
||||||
# Cache which stores access box with tokens by its address
|
|
||||||
accessbox:
|
|
||||||
lifetime: 5m
|
|
||||||
size: 10
|
|
||||||
# Cache which stores owner to cache operation mapping
|
|
||||||
accesscontrol:
|
|
||||||
lifetime: 1m
|
|
||||||
size: 100000
|
|
||||||
|
|
||||||
nats:
|
|
||||||
enabled: true
|
|
||||||
endpoint: nats://localhost:4222
|
|
||||||
timeout: 30s
|
|
||||||
cert_file: /path/to/cert
|
|
||||||
key_file: /path/to/key
|
|
||||||
root_ca: /path/to/ca
|
|
||||||
|
|
||||||
# Parameters of FrostFS container placement policy
|
|
||||||
placement_policy:
|
|
||||||
# Default policy of placing containers in FrostFS
|
|
||||||
# If a user sends a request `CreateBucket` and doesn't define policy for placing of a container in FrostFS, the S3 Gateway
|
|
||||||
# will put the container with default policy.
|
|
||||||
default: REP 3
|
|
||||||
# Region to placement policy mapping json file.
|
|
||||||
# Path to container policy mapping. The same as '--container-policy' flag for authmate
|
|
||||||
region_mapping: /path/to/container/policy.json
|
|
||||||
|
|
||||||
# CORS
|
|
||||||
# value of Access-Control-Max-Age header if this value is not set in a rule. Has an int type.
|
|
||||||
cors:
|
|
||||||
default_max_age: 600
|
|
||||||
|
|
||||||
# Parameters of requests to FrostFS
|
|
||||||
frostfs:
|
|
||||||
# Number of the object copies to consider PUT to FrostFS successful.
|
|
||||||
# `0` means that object will be processed according to the container's placement policy
|
|
||||||
set_copies_number: 0
|
|
||||||
|
|
||||||
# List of allowed AccessKeyID prefixes
|
|
||||||
# If the parameter is omitted, S3 GW will accept all AccessKeyIDs
|
|
||||||
allowed_access_key_id_prefixes:
|
|
||||||
- Ck9BHsgKcnwfCTUSFm6pxhoNS4cBqgN2NQ8zVgPjqZDX
|
|
||||||
- 3stjWenX15YwYzczMr88gy3CQr4NYFBQ8P7keGzH5QFn
|
|
||||||
|
|
||||||
resolve_bucket:
|
|
||||||
allow:
|
|
||||||
- container
|
|
||||||
deny:
|
|
||||||
|
|
||||||
kludge:
|
|
||||||
# Enable using default xml namespace `http://s3.amazonaws.com/doc/2006-03-01/` when parse`CompleteMultipartUpload` xml body.
|
|
||||||
use_default_xmlns_for_complete_multipart: false
|
|
||||||
# Set timeout between whitespace transmissions during CompleteMultipartUpload processing.
|
|
||||||
complete_multipart_keepalive: 10s
|
|
2
debian/frostfs-s3-gw.install
vendored
2
debian/frostfs-s3-gw.install
vendored
|
@ -1,4 +1,4 @@
|
||||||
config/config.yaml etc/frostfs/s3
|
config/config.yml etc/frostfs/s3
|
||||||
config/rules.json var/lib/frostfs/s3
|
config/rules.json var/lib/frostfs/s3
|
||||||
bin/frostfs-s3-gw usr/bin
|
bin/frostfs-s3-gw usr/bin
|
||||||
bin/frostfs-s3-authmate usr/bin
|
bin/frostfs-s3-authmate usr/bin
|
||||||
|
|
4
debian/frostfs-s3-gw.postinst
vendored
4
debian/frostfs-s3-gw.postinst
vendored
|
@ -24,9 +24,9 @@ case "$1" in
|
||||||
id -u frostfs-$USERNAME >/dev/null 2>&1 || useradd -s /usr/sbin/nologin -d /var/lib/frostfs/s3 --system -M -U -c "FrostFS S3 gateway" frostfs-$USERNAME
|
id -u frostfs-$USERNAME >/dev/null 2>&1 || useradd -s /usr/sbin/nologin -d /var/lib/frostfs/s3 --system -M -U -c "FrostFS S3 gateway" frostfs-$USERNAME
|
||||||
if ! dpkg-statoverride --list /etc/frostfs/$USERNAME >/dev/null; then
|
if ! dpkg-statoverride --list /etc/frostfs/$USERNAME >/dev/null; then
|
||||||
chown -f -R root:frostfs-$USERNAME /etc/frostfs/$USERNAME
|
chown -f -R root:frostfs-$USERNAME /etc/frostfs/$USERNAME
|
||||||
chown -f root:frostfs-$USERNAME /etc/frostfs/$USERNAME/config.yaml || true
|
chown -f root:frostfs-$USERNAME /etc/frostfs/$USERNAME/config.yml || true
|
||||||
chmod -f 0750 /etc/frostfs/$USERNAME
|
chmod -f 0750 /etc/frostfs/$USERNAME
|
||||||
chmod -f 0640 /etc/frostfs/$USERNAME/config.yaml || true
|
chmod -f 0640 /etc/frostfs/$USERNAME/config.yml || true
|
||||||
fi
|
fi
|
||||||
USERDIR=$(getent passwd "frostfs-$USERNAME" | cut -d: -f6)
|
USERDIR=$(getent passwd "frostfs-$USERNAME" | cut -d: -f6)
|
||||||
if ! dpkg-statoverride --list frostfs-"$USERDIR" >/dev/null; then
|
if ! dpkg-statoverride --list frostfs-"$USERDIR" >/dev/null; then
|
||||||
|
|
2
debian/frostfs-s3-gw.service
vendored
2
debian/frostfs-s3-gw.service
vendored
|
@ -4,7 +4,7 @@ Requires=network.target
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStart=/usr/bin/frostfs-s3-gw --config /etc/frostfs/s3/config.yaml
|
ExecStart=/usr/bin/frostfs-s3-gw --config /etc/frostfs/s3/config.yml
|
||||||
User=frostfs-s3
|
User=frostfs-s3
|
||||||
Group=frostfs-s3
|
Group=frostfs-s3
|
||||||
WorkingDirectory=/var/lib/frostfs/s3
|
WorkingDirectory=/var/lib/frostfs/s3
|
||||||
|
|
|
@ -101,13 +101,13 @@ Pprof and Prometheus are integrated into the gateway. To enable them, use `--ppr
|
||||||
|
|
||||||
## YAML file and environment variables
|
## YAML file and environment variables
|
||||||
|
|
||||||
Example of a YAML configuration file: [yaml-example](/config/config.yaml)
|
Example of a YAML configuration file: [yaml-example](/config/config.yml)
|
||||||
Examples of environment variables: [env-example](/config/config.env).
|
Examples of environment variables: [env-example](/config/config.env).
|
||||||
|
|
||||||
A path to a configuration file can be specified with `--config` parameter:
|
A path to a configuration file can be specified with `--config` parameter:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
$ frostfs-s3-gw --config your-config.yaml
|
$ frostfs-s3-gw --config your-config.yml
|
||||||
```
|
```
|
||||||
|
|
||||||
### Multiple configs
|
### Multiple configs
|
||||||
|
@ -118,13 +118,13 @@ You can either provide several files with repeating `--config` flag or provide p
|
||||||
Also, you can combine these flags:
|
Also, you can combine these flags:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
$ frostfs-s3-gw --config ./config/config.yaml --config /your/partial/config.yaml --config-dir ./config/dir
|
$ frostfs-s3-gw --config ./config/config.yml --config /your/partial/config.yml --config-dir ./config/dir
|
||||||
```
|
```
|
||||||
|
|
||||||
**Note:** next file in `--config` flag overwrites values from the previous one.
|
**Note:** next file in `--config` flag overwrites values from the previous one.
|
||||||
Files from `--config-dir` directory overwrite values from `--config` files.
|
Files from `--config-dir` directory overwrite values from `--config` files.
|
||||||
So the command above run `frostfs-s3-gw` to listen on `0.0.0.0:8080` address (value from `./config/config.yaml`),
|
So the command above run `frostfs-s3-gw` to listen on `0.0.0.0:8080` address (value from `./config/config.yml`),
|
||||||
applies parameters from `/your/partial/config.yaml`,
|
applies parameters from `/your/partial/config.yml`,
|
||||||
enable pprof (value from `./config/dir/pprof.yaml`) and prometheus (value from `./config/dir/prometheus.yaml`).
|
enable pprof (value from `./config/dir/pprof.yaml`) and prometheus (value from `./config/dir/prometheus.yaml`).
|
||||||
|
|
||||||
### Reload on SIGHUP
|
### Reload on SIGHUP
|
||||||
|
@ -141,7 +141,7 @@ $ kill -s SIGHUP <app_pid>
|
||||||
Example:
|
Example:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
$ ./bin/frostfs-s3-gw --config config.yaml &> s3.log &
|
$ ./bin/frostfs-s3-gw --config config.yml &> s3.log &
|
||||||
[1] 998346
|
[1] 998346
|
||||||
|
|
||||||
$ cat s3.log
|
$ cat s3.log
|
||||||
|
|
Loading…
Reference in a new issue