Juno - Juno - Juno - Juno - Juno - Juno - Juno - Juno -
Find an example proxy server configuration at
etc/proxy-server.conf-sample in
the source code repository.
The available configuration options are:
| Configuration option = Default value | Description |
|---|---|
| admin_key = secret_admin_key | to use for admin calls that are HMAC signed. Default is empty, which will disable admin calls to /info. the proxy server. For most cases, this should be `egg:swift#proxy`. request whenever it has to failover to a handoff node |
| backlog = 4096 | Maximum number of allowed pending TCP connections |
| bind_ip = 0.0.0.0 | IP Address for server to bind to |
| bind_port = 8080 | Port for server to bind to |
| bind_timeout = 30 | Seconds to attempt bind before giving up |
| cert_file = /etc/swift/proxy.crt | to the ssl .crt. This should be enabled for testing purposes only. |
| client_timeout = 60 | Timeout to read one chunk from a client external services |
| cors_allow_origin = | is a list of hosts that are included with any CORS request by default and returned with the Access-Control-Allow-Origin header in addition to what the container has set. to call to setup custom log handlers. for eventlet the proxy server. For most cases, this should be `egg:swift#proxy`. request whenever it has to failover to a handoff node |
| disallowed_sections = container_quotas, tempurl, bulk_delete.max_failed_deletes | No help text available for this option. |
| eventlet_debug = false | If true, turn on debug logging for eventlet |
| expiring_objects_account_name = expiring_objects | No help text available for this option. |
| expiring_objects_container_divisor = 86400 | No help text available for this option. |
| expose_info = true | Enables exposing configuration settings via HTTP GET /info. |
| key_file = /etc/swift/proxy.key | to the ssl .key. This should be enabled for testing purposes only. |
| log_address = /dev/log | Location where syslog sends the logs to |
| log_custom_handlers = | Comma-separated list of functions to call to setup custom log handlers. |
| log_facility = LOG_LOCAL0 | Syslog log facility |
| log_headers = false | No help text available for this option. |
| log_level = INFO | Logging level |
| log_max_line_length = 0 | Caps the length of log lines to the value given; no limit if set to 0, the default. |
| log_name = swift | Label used when logging |
| log_statsd_default_sample_rate = 1.0 | Defines the probability of sending a sample for any given event or timing measurement. |
| log_statsd_host = localhost | If not set, the StatsD feature is disabled. |
| log_statsd_metric_prefix = | Value will be prepended to every metric sent to the StatsD server. |
| log_statsd_port = 8125 | Port value for the StatsD server. |
| log_statsd_sample_rate_factor = 1.0 | Not recommended to set this to a value less than 1.0, if frequency of logging is too high, tune the log_statsd_default_sample_rate instead. |
| log_udp_host = | If not set, the UDP receiver for syslog is disabled. |
| log_udp_port = 514 | Port value for UDP receiver, if enabled. |
| max_clients = 1024 | Maximum number of clients one worker can process simultaneously Lowering the number of clients handled per worker, and raising the number of workers can lessen the impact that a CPU intensive, or blocking, request can have on other requests served by the same worker. If the maximum number of clients is set to one, then a given worker will not perform another call while processing, allowing other workers a chance to process it. |
| strict_cors_mode = True | No help text available for this option. |
| swift_dir = /etc/swift | Swift configuration directory |
| trans_id_suffix = | No help text available for this option. |
| user = swift | User to run as |
| workers = auto | a much higher value, one can reduce the impact of slow file system operations in one request from negatively impacting other requests. |
| Configuration option = Default value | Description |
|---|---|
| account_autocreate = false | If set to 'true' authorized accounts that do not yet exist within the Swift cluster will be automatically created. |
| allow_account_management = false | Whether account PUTs and DELETEs are even callable |
| auto_create_account_prefix = . | Prefix to use when automatically creating accounts |
| client_chunk_size = 65536 | Chunk size to read from clients |
| conn_timeout = 0.5 | Connection timeout to external services |
| deny_host_headers = | No help text available for this option. |
| error_suppression_interval = 60 | Time in seconds that must elapse since the last error for a node to be considered no longer error limited |
| error_suppression_limit = 10 | Error count to consider a node error limited |
| log_handoffs = true | No help text available for this option. |
| max_containers_per_account = 0 | If set to a positive value, trying to create a container when the account already has at least this maximum containers will result in a 403 Forbidden. Note: This is a soft limit, meaning a user might exceed the cap for recheck_account_existence before the 403s kick in. |
| max_containers_whitelist = | is a comma separated list of account names that ignore the max_containers_per_account cap. |
| max_large_object_get_time = 86400 | No help text available for this option. |
| node_timeout = 10 | Request timeout to external services |
| object_chunk_size = 65536 | Chunk size to read from object servers |
| object_post_as_copy = true | Set object_post_as_copy = false to turn on fast posts where only the metadata changes are stored anew and the original data file is kept in place. This makes for quicker posts; but since the container metadata isn't updated in this mode, features like container sync won't be able to sync posts. |
| post_quorum_timeout = 0.5 | No help text available for this option. |
| put_queue_depth = 10 | No help text available for this option. |
| read_affinity = r1z1=100, r1z2=200, r2=300 | No help text available for this option. |
| recheck_account_existence = 60 | Cache timeout in seconds to send memcached for account existence |
| recheck_container_existence = 60 | Cache timeout in seconds to send memcached for container existence |
| recoverable_node_timeout = node_timeout | Request timeout to external services for requests that, on failure, can be recovered from. For example, object GET. from a client external services |
| request_node_count = 2 * replicas | * replicas Set to the number of nodes to contact for a normal request. You can use '* replicas' at the end to have it use the number given times the number of replicas for the ring being used for the request. conf file for values will only be shown to the list of swift_owners. The exact default definition of a swift_owner is headers> up to the auth system in use, but usually indicates administrative responsibilities. paste.deploy to use for auth. To use tempauth set to: `egg:swift#tempauth` each request |
| set log_address = /dev/log | Location where syslog sends the logs to |
| set log_facility = LOG_LOCAL0 | Syslog log facility |
| set log_level = INFO | Log level |
| set log_name = proxy-server | Label to use when logging |
| sorting_method = shuffle | No help text available for this option. |
| swift_owner_headers = x-container-read, x-container-write, x-container-sync-key, x-container-sync-to, x-account-meta-temp-url-key, x-account-meta-temp-url-key-2, x-account-access-control | the sample These are the headers whose conf file for values will only be shown to the list of swift_owners. The exact default definition of a swift_owner is headers> up to the auth system in use, but usually indicates administrative responsibilities. paste.deploy to use for auth. To use tempauth set to: `egg:swift#tempauth` each request |
| timing_expiry = 300 | No help text available for this option. |
| use = egg:swift#proxy | Entry point of paste.deploy in the server |
| write_affinity = r1, r2 | No help text available for this option. |
| write_affinity_node_count = 2 * replicas | No help text available for this option. |
| Configuration option = Default value | Description |
|---|---|
| pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk tempurl ratelimit tempauth container-quotas account-quotas slo dlo proxy-logging proxy-server | No help text available for this option. |
| Configuration option = Default value | Description |
|---|---|
| use = egg:swift#account_quotas | Entry point of paste.deploy in the server |
| Configuration option = Default value | Description |
|---|---|
| admin_password = password | No help text available for this option. |
| admin_tenant_name = service | No help text available for this option. |
| admin_user = swift | No help text available for this option. |
| auth_host = keystonehost | No help text available for this option. |
| auth_port = 35357 | No help text available for this option. |
| auth_protocol = http | No help text available for this option. |
| auth_uri = http://keystonehost:5000/ | No help text available for this option. |
| cache = swift.cache | No help text available for this option. |
| delay_auth_decision = 1 | No help text available for this option. |
| include_service_catalog = False | No help text available for this option. |
| Configuration option = Default value | Description |
|---|---|
| memcache_max_connections = 2 | Max number of connections to each memcached server per worker services |
| memcache_serialization_support = 2 | No help text available for this option. |
| memcache_servers = 127.0.0.1:11211 | Comma separated list of memcached servers ip:port services |
| set log_address = /dev/log | Location where syslog sends the logs to |
| set log_facility = LOG_LOCAL0 | Syslog log facility |
| set log_headers = false | If True, log headers in each request |
| set log_level = INFO | Log level |
| set log_name = cache | Label to use when logging |
| use = egg:swift#memcache | Entry point of paste.deploy in the server |
| Configuration option = Default value | Description |
|---|---|
| set log_address = /dev/log | Location where syslog sends the logs to |
| set log_facility = LOG_LOCAL0 | Syslog log facility |
| set log_headers = false | If True, log headers in each request |
| set log_level = INFO | Log level |
| set log_name = catch_errors | Label to use when logging |
| use = egg:swift#catch_errors | Entry point of paste.deploy in the server |
| Configuration option = Default value | Description |
|---|---|
| allow_full_urls = true | No help text available for this option. |
| current = //REALM/CLUSTER | No help text available for this option. |
| use = egg:swift#container_sync | Entry point of paste.deploy in the server |
| Configuration option = Default value | Description |
|---|---|
| max_get_time = 86400 | No help text available for this option. |
| rate_limit_after_segment = 10 | Rate limit the download of large object segments after this segment is downloaded. |
| rate_limit_segments_per_sec = 1 | Rate limit large object downloads at this rate. contact for a normal request. You can use '* replicas' at the end to have it use the number given times the number of replicas for the ring being used for the request. paste.deploy to use for auth. To use tempauth set to: `egg:swift#tempauth` each request |
| use = egg:swift#dlo | Entry point of paste.deploy in the server |
| Configuration option = Default value | Description |
|---|---|
| set log_address = /dev/log | Location where syslog sends the logs to |
| set log_facility = LOG_LOCAL0 | Syslog log facility |
| set log_headers = false | If True, log headers in each request |
| set log_level = INFO | Log level |
| set log_name = gatekeeper | Label to use when logging |
| use = egg:swift#gatekeeper | Entry point of paste.deploy in the server |
| Configuration option = Default value | Description |
|---|---|
| disable_path = | No help text available for this option. |
| use = egg:swift#healthcheck | Entry point of paste.deploy in the server |
| Configuration option = Default value | Description |
|---|---|
| allow_names_in_acls = true | No help text available for this option. |
| default_domain_id = default | No help text available for this option. |
| operator_roles = admin, swiftoperator | No help text available for this option. |
| reseller_admin_role = ResellerAdmin | No help text available for this option. |
| use = egg:swift#keystoneauth | Entry point of paste.deploy in the server |
| Configuration option = Default value | Description |
|---|---|
| list_endpoints_path = /endpoints/ | No help text available for this option. |
| use = egg:swift#list_endpoints | Entry point of paste.deploy in the server |
| Configuration option = Default value | Description |
|---|---|
| access_log_address = /dev/log | No help text available for this option. |
| access_log_facility = LOG_LOCAL0 | No help text available for this option. |
| access_log_headers = false | No help text available for this option. |
| access_log_headers_only = | If access_log_headers is True and access_log_headers_only is set only these headers are logged. Multiple headers can be defined as comma separated list like this: access_log_headers_only = Host, X-Object-Meta-Mtime |
| access_log_level = INFO | No help text available for this option. |
| access_log_name = swift | No help text available for this option. |
| access_log_statsd_default_sample_rate = 1.0 | No help text available for this option. |
| access_log_statsd_host = localhost | No help text available for this option. |
| access_log_statsd_metric_prefix = | No help text available for this option. |
| access_log_statsd_port = 8125 | No help text available for this option. |
| access_log_statsd_sample_rate_factor = 1.0 | No help text available for this option. |
| access_log_udp_host = | No help text available for this option. |
| access_log_udp_port = 514 | No help text available for this option. |
| log_statsd_valid_http_methods = GET,HEAD,POST,PUT,DELETE,COPY,OPTIONS | No help text available for this option. |
| logged with access_log_headers = True. | No help text available for this option. |
| reveal_sensitive_prefix = 16 | The X-Auth-Token is sensitive data. If revealed to an unauthorised person, they can now make requests against an account until the token expires. Set reveal_sensitive_prefix to the number of characters of the token that are logged. For example reveal_sensitive_prefix = 12 so only first 12 characters of the token are logged. Or, set to 0 to completely remove the token. |
| use = egg:swift#proxy_logging | Entry point of paste.deploy in the server |
| Configuration option = Default value | Description |
|---|---|
| allow_overrides = true | No help text available for this option. |
| auth_prefix = /auth/ | The HTTP request path prefix for the auth service. Swift itself reserves anything beginning with the letter `v`. |
| reseller_prefix = AUTH | The naming scope for the auth service. Swift |
| set log_address = /dev/log | Location where syslog sends the logs to |
| set log_facility = LOG_LOCAL0 | Syslog log facility |
| set log_headers = false | If True, log headers in each request |
| set log_level = INFO | Log level |
| set log_name = tempauth | Label to use when logging |
| storage_url_scheme = default | Scheme to return with storage urls: http, https, or default (chooses based on what the server is running as) This can be useful with an SSL load balancer in front of a non-SSL server. |
| token_life = 86400 | The number of seconds a token is valid. |
| use = egg:swift#tempauth | Entry point of paste.deploy in the server |
| user_admin_admin = admin .admin .reseller_admin | No help text available for this option. |
| user_test2_tester2 = testing2 .admin | No help text available for this option. |
| user_test_tester = testing .admin | No help text available for this option. |
| user_test_tester3 = testing3 | No help text available for this option. |
| Configuration option = Default value | Description |
|---|---|
| dump_interval = 5.0 | No help text available for this option. |
| dump_timestamp = false | No help text available for this option. |
| flush_at_shutdown = false | No help text available for this option. |
| log_filename_prefix = /tmp/log/swift/profile/default.profile | No help text available for this option. |
| path = /__profile__ | No help text available for this option. |
| profile_module = eventlet.green.profile | No help text available for this option. |
| unwind = false | No help text available for this option. |
| use = egg:swift#xprofile | Entry point of paste.deploy in the server |
