225 lines
9 KiB
Bash
225 lines
9 KiB
Bash
# Wallet
|
|
# Path to wallet
|
|
S3_GW_WALLET_PATH=/path/to/wallet.json
|
|
# Account address. If omitted default one will be used.
|
|
S3_GW_WALLET_ADDRESS=NfgHwwTi3wHAS8aFAN243C5vGbkYDpqLHP
|
|
# Passphrase to decrypt wallet.
|
|
S3_GW_WALLET_PASSPHRASE=s3
|
|
|
|
# Nodes
|
|
# This configuration makes the gateway use the first node (grpc://s01.frostfs.devenv:8080)
|
|
# while it's healthy. Otherwise, gateway uses the second node (grpc://s01.frostfs.devenv:8080)
|
|
# for 10% of requests and the third node (grpc://s03.frostfs.devenv:8080) for 90% of requests.
|
|
# Until nodes with the same priority level are healthy
|
|
# nodes with other priority are not used.
|
|
# The lower the value, the higher the priority.
|
|
S3_GW_PEERS_0_ADDRESS=grpc://s01.frostfs.devenv:8080
|
|
S3_GW_PEERS_0_PRIORITY=1
|
|
S3_GW_PEERS_0_WEIGHT=1
|
|
S3_GW_PEERS_1_ADDRESS=grpc://s02.frostfs.devenv:8080
|
|
S3_GW_PEERS_1_PRIORITY=2
|
|
S3_GW_PEERS_1_WEIGHT=0.1
|
|
S3_GW_PEERS_2_ADDRESS=grpc://s03.frostfs.devenv:8080
|
|
S3_GW_PEERS_2_PRIORITY=2
|
|
S3_GW_PEERS_2_WEIGHT=0.9
|
|
|
|
# Address to listen and TLS
|
|
S3_GW_SERVER_0_ADDRESS=0.0.0.0:8080
|
|
S3_GW_SERVER_0_TLS_ENABLED=false
|
|
S3_GW_SERVER_0_TLS_CERT_FILE=/path/to/tls/cert
|
|
S3_GW_SERVER_0_TLS_KEY_FILE=/path/to/tls/key
|
|
S3_GW_SERVER_1_ADDRESS=0.0.0.0:8081
|
|
S3_GW_SERVER_1_TLS_ENABLED=true
|
|
S3_GW_SERVER_1_TLS_CERT_FILE=/path/to/tls/cert
|
|
S3_GW_SERVER_1_TLS_KEY_FILE=/path/to/tls/key
|
|
|
|
# How often to reconnect to the servers
|
|
S3_GW_RECONNECT_INTERVAL: 1m
|
|
|
|
# Control API
|
|
# List of hex-encoded public keys that have rights to use the Control Service
|
|
S3_GW_CONTROL_AUTHORIZED_KEYS=035839e45d472a3b7769a2a1bd7d54c4ccd4943c3b40f547870e83a8fcbfb3ce11 028f42cfcb74499d7b15b35d9bff260a1c8d27de4f446a627406a382d8961486d6
|
|
# Endpoint that is listened by the Control Service
|
|
S3_GW_CONTROL_GRPC_ENDPOINT=localhost:8083
|
|
|
|
# Domains to be able to use virtual-hosted-style access to bucket.
|
|
S3_GW_LISTEN_DOMAINS=s3dev.frostfs.devenv
|
|
|
|
# Config file
|
|
S3_GW_CONFIG=/path/to/config/yaml
|
|
|
|
# Logger
|
|
S3_GW_LOGGER_LEVEL=debug
|
|
|
|
# RPC endpoint and order of resolving of bucket names
|
|
S3_GW_RPC_ENDPOINT=http://morph-chain.frostfs.devenv:30333/
|
|
S3_GW_RESOLVE_ORDER="nns dns"
|
|
|
|
# Metrics
|
|
S3_GW_PPROF_ENABLED=true
|
|
S3_GW_PPROF_ADDRESS=localhost:8085
|
|
|
|
S3_GW_PROMETHEUS_ENABLED=true
|
|
S3_GW_PROMETHEUS_ADDRESS=localhost:8086
|
|
|
|
# Timeout to connect to a node
|
|
S3_GW_CONNECT_TIMEOUT=10s
|
|
# Timeout for individual operations in streaming RPC.
|
|
S3_GW_STREAM_TIMEOUT=10s
|
|
# Timeout to check node health during rebalance.
|
|
S3_GW_HEALTHCHECK_TIMEOUT=15s
|
|
# Interval to check node health
|
|
S3_GW_REBALANCE_INTERVAL=60s
|
|
# The number of errors on connection after which node is considered as unhealthy
|
|
S3_GW_POOL_ERROR_THRESHOLD=100
|
|
|
|
# Limits for processing of clients' requests
|
|
S3_GW_MAX_CLIENTS_COUNT=100
|
|
# Deadline after which the gate sends error `RequestTimeout` to a client
|
|
S3_GW_MAX_CLIENTS_DEADLINE=30s
|
|
|
|
# Caching
|
|
# Cache for objects
|
|
S3_GW_CACHE_OBJECTS_LIFETIME=5m
|
|
S3_GW_CACHE_OBJECTS_SIZE=1000000
|
|
# Cache which keeps lists of objects in buckets
|
|
S3_GW_CACHE_LIST_LIFETIME=1m
|
|
S3_GW_CACHE_LIST_SIZE=100000
|
|
# Cache which keeps listing session
|
|
S3_GW_CACHE_LIST_SESSION_LIFETIME=1m
|
|
S3_GW_CACHE_LIST_SESSION_SIZE=100
|
|
# Cache which contains mapping of bucket name to bucket info
|
|
S3_GW_CACHE_BUCKETS_LIFETIME=1m
|
|
S3_GW_CACHE_BUCKETS_SIZE=1000
|
|
# Cache which contains mapping of nice name to object addresses
|
|
S3_GW_CACHE_NAMES_LIFETIME=1m
|
|
S3_GW_CACHE_NAMES_SIZE=10000
|
|
# Cache for system objects in a bucket: bucket settings, notification configuration etc
|
|
S3_GW_CACHE_SYSTEM_LIFETIME=5m
|
|
S3_GW_CACHE_SYSTEM_SIZE=100000
|
|
# Cache which stores access box with tokens by its address
|
|
S3_GW_CACHE_ACCESSBOX_REMOVING_CHECK_INTERVAL=5m
|
|
S3_GW_CACHE_ACCESSBOX_LIFETIME=10m
|
|
S3_GW_CACHE_ACCESSBOX_SIZE=100
|
|
# Cache which stores owner to cache operation mapping
|
|
S3_GW_CACHE_ACCESSCONTROL_LIFETIME=1m
|
|
S3_GW_CACHE_ACCESSCONTROL_SIZE=100000
|
|
# Cache which stores list of policy chains
|
|
S3_GW_CACHE_MORPH_POLICY_LIFETIME=1m
|
|
S3_GW_CACHE_MORPH_POLICY_SIZE=10000
|
|
# Cache which stores frostfsid subject info
|
|
S3_GW_CACHE_FROSTFSID_LIFETIME=1m
|
|
S3_GW_CACHE_FROSTFSID_SIZE=10000
|
|
|
|
# NATS
|
|
S3_GW_NATS_ENABLED=true
|
|
S3_GW_NATS_ENDPOINT=nats://nats.frostfs.devenv:4222
|
|
S3_GW_NATS_TIMEOUT=30s
|
|
S3_GW_NATS_CERT_FILE=/path/to/cert
|
|
S3_GW_NATS_KEY_FILE=/path/to/key
|
|
S3_GW_NATS_ROOT_CA=/path/to/ca
|
|
|
|
# Default policy of placing containers in FrostFS
|
|
# If a user sends a request `CreateBucket` and doesn't define policy for placing of a container in FrostFS, the S3 Gateway
|
|
# will put the container with default policy. It can be specified via environment variable, e.g.:
|
|
S3_GW_PLACEMENT_POLICY_DEFAULT_POLICY="REP 3"
|
|
# Region to placement policy mapping json file.
|
|
# Path to container policy mapping. The same as '--container-policy' flag for authmate
|
|
S3_GW_PLACEMENT_POLICY_REGION_MAPPING=/path/to/container/policy.json
|
|
|
|
# Name of location constraint
|
|
S3_GW_PLACEMENT_POLICY_COPIES_NUMBERS_0_LOCATION_CONSTRAINT=sample-01
|
|
# Array of copies numbers for corresponding location constraint
|
|
S3_GW_PLACEMENT_POLICY_COPIES_NUMBERS_0_VECTOR=1 2 3
|
|
# Second set of location constraint and its copies numbers
|
|
S3_GW_PLACEMENT_POLICY_COPIES_NUMBERS_1_LOCATION_CONSTRAINT=sample-02
|
|
S3_GW_PLACEMENT_POLICY_COPIES_NUMBERS_1_VECTOR=2 3 4
|
|
|
|
# CORS
|
|
# value of Access-Control-Max-Age header if this value is not set in a rule. Has an int type.
|
|
S3_GW_CORS_DEFAULT_MAX_AGE=600
|
|
|
|
# Parameters of requests to FrostFS
|
|
# Numbers of the object copies (for each replica, syntax the same as for `S3_GW_PLACEMENT_POLICY_COPIES_NUMBERS_0_VECTOR` above)
|
|
# to consider PUT to FrostFS successful.
|
|
# `0` or empty list means that object will be processed according to the container's placement policy
|
|
S3_GW_FROSTFS_SET_COPIES_NUMBER=0
|
|
# This flag enables client side object preparing.
|
|
S3_GW_FROSTFS_CLIENT_CUT=false
|
|
# Sets max buffer size for read payload in put operations.
|
|
S3_GW_FROSTFS_BUFFER_MAX_SIZE_FOR_PUT=1048576
|
|
# max attempt to make successful tree request.
|
|
# default value is 0 that means the number of attempts equals to number of nodes in pool.
|
|
S3_GW_FROSTFS_TREE_POOL_MAX_ATTEMPTS=0
|
|
|
|
# List of allowed AccessKeyID prefixes
|
|
# If not set, S3 GW will accept all AccessKeyIDs
|
|
S3_GW_ALLOWED_ACCESS_KEY_ID_PREFIXES=Ck9BHsgKcnwfCTUSFm6pxhoNS4cBqgN2NQ8zVgPjqZDX 3stjWenX15YwYzczMr88gy3CQr4NYFBQ8P7keGzH5QFn
|
|
|
|
# Header to determine zone to resolve bucket name
|
|
S3_GW_RESOLVE_NAMESPACE_HEADER=X-Frostfs-Namespace
|
|
# List of container NNS zones which are allowed or restricted to resolve with HEAD request
|
|
S3_GW_RESOLVE_BUCKET_ALLOW=container
|
|
# S3_GW_RESOLVE_BUCKET_DENY=
|
|
|
|
# Enable using default xml namespace `http://s3.amazonaws.com/doc/2006-03-01/` when parse xml bodies.
|
|
S3_GW_KLUDGE_USE_DEFAULT_XMLNS=false
|
|
# Use this flag to be able to use chunked upload approach without having `aws-chunked` value in `Content-Encoding` header.
|
|
S3_GW_KLUDGE_BYPASS_CONTENT_ENCODING_CHECK_IN_CHUNKS=false
|
|
# Namespaces that should be handled as default
|
|
S3_GW_KLUDGE_DEFAULT_NAMESPACES="" "root"
|
|
# Enable bucket/object ACL support for newly created buckets.
|
|
S3_GW_KLUDGE_ACL_ENABLED=false
|
|
|
|
S3_GW_TRACING_ENABLED=false
|
|
S3_GW_TRACING_ENDPOINT="localhost:4318"
|
|
S3_GW_TRACING_EXPORTER="otlp_grpc"
|
|
|
|
S3_GW_RUNTIME_SOFT_MEMORY_LIMIT=1073741824
|
|
|
|
S3_GW_FEATURES_MD5_ENABLED=false
|
|
# Enable denying access for request that doesn't match any policy chain rules.
|
|
S3_GW_FEATURES_POLICY_DENY_BY_DEFAULT=false
|
|
|
|
# ReadTimeout is the maximum duration for reading the entire
|
|
# request, including the body. A zero or negative value means
|
|
# there will be no timeout.
|
|
S3_GW_WEB_READ_TIMEOUT=0
|
|
# ReadHeaderTimeout is the amount of time allowed to read
|
|
# request headers. The connection's read deadline is reset
|
|
# after reading the headers and the Handler can decide what
|
|
# is considered too slow for the body. If ReadHeaderTimeout
|
|
# is zero, the value of ReadTimeout is used. If both are
|
|
# zero, there is no timeout.
|
|
S3_GW_WEB_READ_HEADER_TIMEOUT=30s
|
|
# WriteTimeout is the maximum duration before timing out
|
|
# writes of the response. It is reset whenever a new
|
|
# request's header is read. Like ReadTimeout, it does not
|
|
# let Handlers make decisions on a per-request basis.
|
|
# A zero or negative value means there will be no timeout.
|
|
S3_GW_WEB_WRITE_TIMEOUT=0
|
|
# IdleTimeout is the maximum amount of time to wait for the
|
|
# next request when keep-alives are enabled. If IdleTimeout
|
|
# is zero, the value of ReadTimeout is used. If both are
|
|
# zero, there is no timeout.
|
|
S3_GW_WEB_IDLE_TIMEOUT=30s
|
|
|
|
# FrostfsID contract configuration. To enable this functionality the `rpc_endpoint` param must be also set.
|
|
# FrostfsID contract hash (LE) or name in NNS.
|
|
S3_GW_FROSTFSID_CONTRACT=frostfsid.frostfs
|
|
# Enables a check to only allow requests to users registered in the FrostfsID contract.
|
|
S3_GW_FROSTFSID_VALIDATION_ENABLED=true
|
|
|
|
# Policy contract configuration. To enable this functionality the `rpc_endpoint` param must be also set.
|
|
# Policy contract hash (LE) or name in NNS.
|
|
S3_GW_POLICY_CONTRACT=policy.frostfs
|
|
|
|
# Proxy contract configuration. To enable this functionality the `rpc_endpoint` param must be also set.
|
|
# Proxy contract hash (LE) or name in NNS.
|
|
S3_GW_PROXY_CONTRACT=proxy.frostfs
|
|
|
|
# Namespaces configuration
|
|
S3_GW_NAMESPACES_CONFIG=namespaces.json
|
|
|
|
# Custom header to retrieve Source IP
|
|
S3_GW_SOURCE_IP_HEADER=Source-Ip
|