forked from TrueCloudLab/frostfs-s3-gw
parent
dd4f66712c
commit
5265afe213
3 changed files with 34 additions and 14 deletions
|
@ -13,6 +13,9 @@ This document outlines major changes between releases.
|
|||
- Timeout for individual operations in streaming RPC (#740)
|
||||
- Reload policies on SIGHUP (#747)
|
||||
|
||||
### Added
|
||||
- Multiple server listeners (#742)
|
||||
|
||||
### Changed
|
||||
- Placement policy configuration (#568)
|
||||
|
||||
|
@ -27,9 +30,15 @@ placement_policy:
|
|||
Make sure you update the config accordingly:
|
||||
If you configure application using environment variables change:
|
||||
* `S3_GW_DEFAULT_POLICY` -> `S3_GW_PLACEMENT_POLICY_DEFAULT_POLICY`
|
||||
* `S3_GW_LISTEN_ADDRESS` -> `S3_GW_SERVER_0_ADDRESS`
|
||||
* `S3_GW_TLS_CERT_FILE` -> `S3_GW_SERVER_0_TLS_CERT_FILE` (and set `S3_GW_SERVER_0_TLS_ENABLED=true`)
|
||||
* `S3_GW_TLS_KEY_FILE` -> `S3_GW_SERVER_0_TLS_KEY_FILE` (and set `S3_GW_SERVER_0_TLS_ENABLED=true`)
|
||||
|
||||
If you configure application using `.yaml` file change:
|
||||
* `defaul_policy` -> `placement_policy.default`
|
||||
* `listen_address` -> `server.0.address`
|
||||
* `tls.cert_file` -> `server.0.tls.cert_file` (and set `server.0.tls.enabled: true`)
|
||||
* `tls.key_file` -> `server.0.tls.key_file` (and set `server.0.tls.enabled: true`)
|
||||
|
||||
## [0.25.0] - 2022-10-31
|
||||
|
||||
|
|
|
@ -223,7 +223,7 @@ func newSettings() *viper.Viper {
|
|||
flags.Int(cfgMaxClientsCount, defaultMaxClientsCount, "set max-clients count")
|
||||
flags.Duration(cfgMaxClientsDeadline, defaultMaxClientsDeadline, "set max-clients deadline")
|
||||
|
||||
flags.String(cmdListenAddress, "0.0.0.0:8080", "set address to listen")
|
||||
flags.String(cmdListenAddress, "0.0.0.0:8080", "set the main address to listen")
|
||||
flags.String(cfgTLSCertFile, "", "TLS certificate file to use")
|
||||
flags.String(cfgTLSKeyFile, "", "TLS key file to use")
|
||||
|
||||
|
|
|
@ -62,6 +62,8 @@ $ neofs-s3-gw --listen_address 192.168.130.130:443 \
|
|||
--tls.key_file=key.pem --tls.cert_file=cert.pem
|
||||
```
|
||||
|
||||
Using these flag you can configure only one address. To set multiple addresses use yaml config.
|
||||
|
||||
### RPC endpoint and resolving of bucket names
|
||||
|
||||
To set RPC endpoint specify a value of parameter `-r` or `--rpc_endpoint`. The parameter is **required if** another
|
||||
|
@ -95,7 +97,7 @@ $ neofs-s3-gw --healthcheck_timeout 15s --connect_timeout 1m --rebalance_interva
|
|||
### Monitoring and metrics
|
||||
|
||||
Pprof and Prometheus are integrated into the gateway. To enable them, use `--pprof` and `--metrics` flags or
|
||||
`S3_GW_PPROF`/`S3_GW_METRICS` environment variables.
|
||||
`S3_GW_PPROF_ENABLED`/`S3_GW_PROMETHEUS_ENABLED` environment variables.
|
||||
|
||||
## YAML file and environment variables
|
||||
|
||||
|
@ -155,7 +157,7 @@ There are some custom types used for brevity:
|
|||
| `wallet` | [Wallet configuration](#wallet-section) |
|
||||
| `peers` | [Nodes configuration](#peers-section) |
|
||||
| `placement_policy` | [Placement policy configuration](#placement_policy-section) |
|
||||
| `tls` | [TLS configuration](#tls-section) |
|
||||
| `server` | [Server configuration](#server-section) |
|
||||
| `logger` | [Logger configuration](#logger-section) |
|
||||
| `tree` | [Tree configuration](#tree-section) |
|
||||
| `cache` | [Cache configuration](#cache-section) |
|
||||
|
@ -168,8 +170,6 @@ There are some custom types used for brevity:
|
|||
### General section
|
||||
|
||||
```yaml
|
||||
listen_address: 0.0.0.0:8084
|
||||
|
||||
listen_domains:
|
||||
- s3dev.neofs.devenv
|
||||
- s3dev2.neofs.devenv
|
||||
|
@ -195,7 +195,6 @@ allowed_access_key_id_prefixes:
|
|||
|
||||
| Parameter | Type | SIGHUP reload | Default value | Description |
|
||||
|----------------------------------|------------|---------------|----------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| `listen_address` | `string` | | `0.0.0.0:8080` | The address that the gateway is listening on. |
|
||||
| `listen_domains` | `[]string` | | | Domains to be able to use virtual-hosted-style access to bucket. |
|
||||
| `rpc_endpoint` | `string` | yes | | The address of the RPC host to which the gateway connects to resolve bucket names (required to use the `nns` resolver). |
|
||||
| `resolve_order` | `[]string` | yes | `[dns]` | Order of bucket name resolvers to use. Available resolvers: `dns`, `nns`. | |
|
||||
|
@ -281,18 +280,30 @@ File for `region_mapping` must contain something like this:
|
|||
**Note:** on SIGHUP reload policies will be updated only if both parameters are valid.
|
||||
So if you change `default` to some valid value and set invalid path in `region_mapping` the `default` value won't be changed.
|
||||
|
||||
### `tls` section
|
||||
### `server` section
|
||||
|
||||
You can specify several listeners for server. For example, for `http` and `https`.
|
||||
|
||||
```yaml
|
||||
tls:
|
||||
cert_file: /path/to/cert
|
||||
key_file: /path/to/key
|
||||
server:
|
||||
- address: 0.0.0.0:8080
|
||||
tls:
|
||||
enabled: false
|
||||
cert_file: /path/to/cert
|
||||
key_file: /path/to/key
|
||||
- address: 0.0.0.0:8081
|
||||
tls:
|
||||
enabled: true
|
||||
cert_file: /path/to/another/cert
|
||||
key_file: /path/to/another/key
|
||||
```
|
||||
|
||||
| Parameter | Type | SIGHUP reload | Default value | Description |
|
||||
|-------------|----------|---------------|---------------|------------------------------|
|
||||
| `cert_file` | `string` | yes | | Path to the TLS certificate. |
|
||||
| `key_file` | `string` | yes | | Path to the key. |
|
||||
| Parameter | Type | SIGHUP reload | Default value | Description |
|
||||
|-----------------|----------|---------------|----------------|-----------------------------------------------|
|
||||
| `address` | `string` | | `0.0.0.0:8080` | The address that the gateway is listening on. |
|
||||
| `tls.enabled` | `bool` | | false | Enable TLS or not. |
|
||||
| `tls.cert_file` | `string` | yes | | Path to the TLS certificate. |
|
||||
| `tls.key_file` | `string` | yes | | Path to the key. |
|
||||
|
||||
### `logger` section
|
||||
|
||||
|
|
Loading…
Reference in a new issue