Signed-off-by: Elizaveta Chichindaeva <elizaveta@nspcc.ru>
4.8 KiB
Configuration
There are three ways to configure the S3 GW:
- CLI parameters
- YAML file
- Environment variables
Everything available as a CLI parameter can also be specified via environment variables and almost everything can be
specified via .yaml
configuration file.
But not vice versa, some parameters can be configured only with environment variables/configuration file. Most of these parameters have default values, therefore, these ways to configure the gateway are optional and basic configuration can be completed with CLI parameters only.
- [CLI parameters](#CLI parameters)
- [Nodes and weights](#Nodes and weights)
- Wallet
- [Binding and TLS](#Listening on address and TLS)
- [RPC endpoint and resolving of bucket names](#RPC endpoint and resolving of bucket names)
- [Processing of requests](#Processing of requests)
- [Connection to NeoFS](#Connection to NeoFS)
- [Monitoring and metrics](#Monitoring and metrics)
- [YAML file and environment variables](#YAML file and environment variables)
CLI parameters
Nodes and weights
You can specify multiple -p
options to add more NeoFS nodes; this will make
a gateway spread requests equally among them (using weight 1 for every node):
$ neofs-s3-gw -p 192.168.130.72:8080 -p 192.168.130.71:8080
If you want some specific load distribution proportions, use weights and priorities, they can only be specified via environment variables or a configuration file.
Wallet
Wallet (--wallet
) is a mandatory parameter. It is a path to a wallet file. You can provide a passphrase to decrypt
a wallet via env variable or conf file, or you will be asked to enter a password interactively.
You can also specify an account address to use from a wallet using the --address
parameter.
Listening on address and TLS
Gateway listens on 0.0.0.0:8080
by default, and you can change that with the --listen_address
option.
It can also provide TLS interface for its users, just specify paths to the key and
certificate files via --tls.key_file
and --tls.cert_file
parameters. Note
that using these options makes gateway TLS-only. If you need to serve both TLS
and plain text, you either have to run two gateway instances or use some
external redirecting solution.
Example to bind to 192.168.130.130:443
and serve TLS there (keys and nodes are
omitted):
$ neofs-s3-gw --listen_address 192.168.130.130:443 \
--tls.key_file=key.pem --tls.cert_file=cert.pem
RPC endpoint and resolving of bucket names
To set RPC endpoint specify a value of parameter -r
or --rpc_endpoint
. The parameter is required if another
parameter's --resolve_order
value contains nns
.
$ neofs-s3-gw --rpc_endpoint http://morph-chain.neofs.devenv:30333/ --resolve_order nns,dns
Processing of requests
Maximum number of clients whose requests can be handled by the gateway can be specified by the value of
--max_clients_count
parameter, the default value is 100.
--max_clients_deadline
defines deadline after which the gate sends error RequestTimeout
to a client, default value
is 30 seconds.
$ neofs-s3-gw --max_clients_count 150 --max_clients_deadline 1m
Connection to NeoFS
Timeout to connect to NeoFS nodes can be set with --connect_timeout
(default 30s)
and timeout to check node health during rebalance--healthcheck_timeout
(default 15s).
Also, interval to check node health can be specified by --rebalance_interval
value, default value is 15s.
$ neofs-s3-gw --healthcheck_timeout 15s --connect_timeout 1m --rebalance_interval 1h
Monitoring and metrics
Pprof and Prometheus are integrated into the gateway, but not enabled by
default. To enable them, use --pprof
and --metrics
flags or
S3_GW_PPROF
/S3_GW_METRICS
environment variables.
YAML file and environment variables
Example of a YAML configuration file: .yaml-example Examples of environment variables: .env-example.
A path to a configuration file can be specified with --config
parameter:
$ neofs-s3-gw --config your-config.yaml
Parameters of the following groups can be configured via a .yaml
file or environment variables only:
- logging -- logging level
- caching -- lifetime and size for each cache
- notifications
- CORS
- default policy of placing containers in NeoFS
Notifications
You can turn on notifications about successful completions of basic operations, and the gateway will send notifications via NATS JetStream.
To enable notifications you need:
- to configure the NATS server with JetStream
- to specify NATS parameters for the S3 GW. It's necessary to define a values of
nats.enable
orS3_GW_NATS_ENABLED
asTrue
- to configure notifications in a bucket