Atom feed of this document
  
Icehouse -  Icehouse -  Icehouse -  Icehouse -  Icehouse -  Icehouse -  Icehouse -  Icehouse - 

 Proxy server configuration

Find an example proxy server configuration at etc/proxy-server.conf-sample in the source code repository.

The available configuration options are:

Table 8.33. Description of configuration options for [DEFAULT] in proxy-server.conf-sample
Configuration option = Default value Description
bind_ip = 0.0.0.0IP Address for server to bind to
bind_port = 80Port for server to bind to
bind_timeout = 30Seconds to attempt bind before giving up
backlog = 4096Maximum number of allowed pending TCP connections
swift_dir = /etc/swiftSwift configuration directory
user = swiftUser to run as
expose_info = trueEnables exposing configuration settings via HTTP GET /info.
admin_key = secret_admin_keyto use for admin calls that are HMAC signed. Default is empty, which will disable admin calls to /info. the proxy server. For most cases, this should be `egg:swift#proxy`. request whenever it has to failover to a handoff node
disallowed_sections = container_quotas, tempurlNo help text available for this option.
workers = autoa much higher value, one can reduce the impact of slow file system operations in one request from negatively impacting other requests.
max_clients = 1024Maximum number of clients one worker can process simultaneously Lowering the number of clients handled per worker, and raising the number of workers can lessen the impact that a CPU intensive, or blocking, request can have on other requests served by the same worker. If the maximum number of clients is set to one, then a given worker will not perform another call while processing, allowing other workers a chance to process it.
cert_file = /etc/swift/proxy.crtto the ssl .crt. This should be enabled for testing purposes only.
key_file = /etc/swift/proxy.keyto the ssl .key. This should be enabled for testing purposes only.
expiring_objects_container_divisor = 86400No help text available for this option.
expiring_objects_account_name = expiring_objectsNo help text available for this option.
log_name = swiftLabel used when logging
log_facility = LOG_LOCAL0Syslog log facility
log_level = INFOLogging level
log_headers = falseNo help text available for this option.
log_address = /dev/logLocation where syslog sends the logs to
trans_id_suffix = No help text available for this option.
log_custom_handlers = Comma-separated list of functions to call to setup custom log handlers.
log_udp_host = If not set, the UDB receiver for syslog is disabled.
log_udp_port = 514Port value for UDB receiver, if enabled.
log_statsd_host = localhostIf not set, the StatsD feature is disabled.
log_statsd_port = 8125Port value for the StatsD server.
log_statsd_default_sample_rate = 1.0Defines the probability of sending a sample for any given event or timing measurement.
log_statsd_sample_rate_factor = 1.0Not recommended to set this to a value less than 1.0, if frequency of logging is too high, tune the log_statsd_default_sample_rate instead.
log_statsd_metric_prefix = Value will be prepended to every metric sent to the StatsD server.
cors_allow_origin = is a list of hosts that are included with any CORS request by default and returned with the Access-Control-Allow-Origin header in addition to what the container has set. to call to setup custom log handlers. for eventlet the proxy server. For most cases, this should be `egg:swift#proxy`. request whenever it has to failover to a handoff node
client_timeout = 60Timeout to read one chunk from a client external services
eventlet_debug = falseIf true, turn on debug logging for eventlet

Table 8.34. Description of configuration options for [app:proxy-server] in proxy-server.conf-sample
Configuration option = Default value Description
use = egg:swift#proxyEntry point of paste.deploy in the server
set log_name = proxy-serverLabel to use when logging
set log_facility = LOG_LOCAL0Syslog log facility
set log_level = INFOLog level
set log_address = /dev/logLocation where syslog sends the logs to
log_handoffs = trueNo help text available for this option.
recheck_account_existence = 60Cache timeout in seconds to send memcached for account existence
recheck_container_existence = 60Cache timeout in seconds to send memcached for container existence
object_chunk_size = 8192Chunk size to read from object servers
client_chunk_size = 8192Chunk size to read from clients
node_timeout = 10Request timeout to external services
recoverable_node_timeout = node_timeoutRequest timeout to external services for requests that, on failure, can be recovered from. For example, object GET. from a client external services
conn_timeout = 0.5Connection timeout to external services
post_quorum_timeout = 0.5No help text available for this option.
error_suppression_interval = 60Time in seconds that must elapse since the last error for a node to be considered no longer error limited
error_suppression_limit = 10Error count to consider a node error limited
allow_account_management = falseWhether account PUTs and DELETEs are even callable
object_post_as_copy = trueSet object_post_as_copy = false to turn on fast posts where only the metadata changes are stored anew and the original data file is kept in place. This makes for quicker posts; but since the container metadata isn't updated in this mode, features like container sync won't be able to sync posts.
account_autocreate = falseIf set to 'true' authorized accounts that do not yet exist within the Swift cluster will be automatically created.
max_containers_per_account = 0If set to a positive value, trying to create a container when the account already has at least this maximum containers will result in a 403 Forbidden. Note: This is a soft limit, meaning a user might exceed the cap for recheck_account_existence before the 403s kick in.
max_containers_whitelist = is a comma separated list of account names that ignore the max_containers_per_account cap.
deny_host_headers = No help text available for this option.
auto_create_account_prefix = .Prefix to use when automatically creating accounts
put_queue_depth = 10No help text available for this option.
sorting_method = shuffleNo help text available for this option.
timing_expiry = 300No help text available for this option.
max_large_object_get_time = 86400No help text available for this option.
request_node_count = 2 * replicas* replicas Set to the number of nodes to contact for a normal request. You can use '* replicas' at the end to have it use the number given times the number of replicas for the ring being used for the request. conf file for values will only be shown to the list of swift_owners. The exact default definition of a swift_owner is headers> up to the auth system in use, but usually indicates administrative responsibilities. paste.deploy to use for auth. To use tempauth set to: `egg:swift#tempauth` each request
read_affinity = r1z1=100, r1z2=200, r2=300No help text available for this option.
read_affinity = No help text available for this option.
write_affinity = r1, r2No help text available for this option.
write_affinity = No help text available for this option.
write_affinity_node_count = 2 * replicasNo help text available for this option.
swift_owner_headers = x-container-read, x-container-write, x-container-sync-key, x-container-sync-to, x-account-meta-temp-url-key, x-account-meta-temp-url-key-2, x-account-access-controlthe sample These are the headers whose conf file for values will only be shown to the list of swift_owners. The exact default definition of a swift_owner is headers> up to the auth system in use, but usually indicates administrative responsibilities. paste.deploy to use for auth. To use tempauth set to: `egg:swift#tempauth` each request

Table 8.35. Description of configuration options for [pipeline:main] in proxy-server.conf-sample
Configuration option = Default value Description
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk tempurl slo dlo ratelimit tempauth container-quotas account-quotas proxy-logging proxy-serverNo help text available for this option.

Table 8.36. Description of configuration options for [filter:account-quotas] in proxy-server.conf-sample
Configuration option = Default value Description
use = egg:swift#account_quotasEntry point of paste.deploy in the server

Table 8.37. Description of configuration options for [filter:authtoken] in proxy-server.conf-sample
Configuration option = Default value Description
auth_host = keystonehostNo help text available for this option.
auth_port = 35357No help text available for this option.
auth_protocol = httpNo help text available for this option.
auth_uri = http://keystonehost:5000/No help text available for this option.
admin_tenant_name = serviceNo help text available for this option.
admin_user = swiftNo help text available for this option.
admin_password = passwordNo help text available for this option.
delay_auth_decision = 1No help text available for this option.
cache = swift.cacheNo help text available for this option.
include_service_catalog = FalseNo help text available for this option.

Table 8.38. Description of configuration options for [filter:cache] in proxy-server.conf-sample
Configuration option = Default value Description
use = egg:swift#memcacheEntry point of paste.deploy in the server
set log_name = cacheLabel to use when logging
set log_facility = LOG_LOCAL0Syslog log facility
set log_level = INFOLog level
set log_headers = falseIf True, log headers in each request
set log_address = /dev/logLocation where syslog sends the logs to
memcache_servers = 127.0.0.1:11211Comma separated list of memcached servers ip:port services
memcache_serialization_support = 2No help text available for this option.
memcache_max_connections = 2Max number of connections to each memcached server per worker services

Table 8.39. Description of configuration options for [filter:catch_errors] in proxy-server.conf-sample
Configuration option = Default value Description
use = egg:swift#catch_errorsEntry point of paste.deploy in the server
set log_name = catch_errorsLabel to use when logging
set log_facility = LOG_LOCAL0Syslog log facility
set log_level = INFOLog level
set log_headers = falseIf True, log headers in each request
set log_address = /dev/logLocation where syslog sends the logs to

Table 8.40. Description of configuration options for [filter:dlo] in proxy-server.conf-sample
Configuration option = Default value Description
use = egg:swift#dloEntry point of paste.deploy in the server
rate_limit_after_segment = 10Rate limit the download of large object segments after this segment is downloaded.
rate_limit_segments_per_sec = 1Rate limit large object downloads at this rate. contact for a normal request. You can use '* replicas' at the end to have it use the number given times the number of replicas for the ring being used for the request. paste.deploy to use for auth. To use tempauth set to: `egg:swift#tempauth` each request
max_get_time = 86400No help text available for this option.

Table 8.41. Description of configuration options for [filter:gatekeeper] in proxy-server.conf-sample
Configuration option = Default value Description
use = egg:swift#gatekeeperEntry point of paste.deploy in the server
set log_name = gatekeeperLabel to use when logging
set log_facility = LOG_LOCAL0Syslog log facility
set log_level = INFOLog level
set log_headers = falseIf True, log headers in each request
set log_address = /dev/logLocation where syslog sends the logs to

Table 8.42. Description of configuration options for [filter:healthcheck] in proxy-server.conf-sample
Configuration option = Default value Description
use = egg:swift#healthcheckEntry point of paste.deploy in the server
disable_path = No help text available for this option.

Table 8.43. Description of configuration options for [filter:keystoneauth] in proxy-server.conf-sample
Configuration option = Default value Description
use = egg:swift#keystoneauthEntry point of paste.deploy in the server
operator_roles = admin, swiftoperatorNo help text available for this option.
reseller_admin_role = ResellerAdminNo help text available for this option.

Table 8.44. Description of configuration options for [filter:list-endpoints] in proxy-server.conf-sample
Configuration option = Default value Description
use = egg:swift#list_endpointsEntry point of paste.deploy in the server
list_endpoints_path = /endpoints/No help text available for this option.

Table 8.45. Description of configuration options for [filter:proxy-logging] in proxy-server.conf-sample
Configuration option = Default value Description
use = egg:swift#proxy_loggingEntry point of paste.deploy in the server
access_log_name = swiftNo help text available for this option.
access_log_facility = LOG_LOCAL0No help text available for this option.
access_log_level = INFONo help text available for this option.
access_log_address = /dev/logNo help text available for this option.
access_log_udp_host = No help text available for this option.
access_log_udp_port = 514No help text available for this option.
access_log_statsd_host = localhostNo help text available for this option.
access_log_statsd_port = 8125No help text available for this option.
access_log_statsd_default_sample_rate = 1.0No help text available for this option.
access_log_statsd_sample_rate_factor = 1.0No help text available for this option.
access_log_statsd_metric_prefix = No help text available for this option.
access_log_headers = falseNo help text available for this option.
access_log_headers_only = No help text available for this option.
logged with access_log_headers = True.No help text available for this option.
reveal_sensitive_prefix = 8192 The X-Auth-Token is sensitive data. If revealed to an unauthorised person, they can now make requests against an account until the token expires. Set reveal_sensitive_prefix to the number of characters of the token that are logged. For example reveal_sensitive_prefix = 12 so only first 12 characters of the token are logged. Or, set to 0 to completely remove the token.
log_statsd_valid_http_methods = GET,HEAD,POST,PUT,DELETE,COPY,OPTIONSNo help text available for this option.

Table 8.46. Description of configuration options for [filter:tempauth] in proxy-server.conf-sample
Configuration option = Default value Description
use = egg:swift#tempauthEntry point of paste.deploy in the server
set log_name = tempauthLabel to use when logging
set log_facility = LOG_LOCAL0Syslog log facility
set log_level = INFOLog level
set log_headers = falseIf True, log headers in each request
set log_address = /dev/logLocation where syslog sends the logs to
reseller_prefix = AUTHThe naming scope for the auth service. Swift
auth_prefix = /auth/The HTTP request path prefix for the auth service. Swift itself reserves anything beginning with the letter `v`.
token_life = 86400The number of seconds a token is valid.
allow_overrides = trueNo help text available for this option.
storage_url_scheme = defaultScheme to return with storage urls: http, https, or default (chooses based on what the server is running as) This can be useful with an SSL load balancer in front of a non-SSL server.
user_admin_admin = admin .admin .reseller_adminNo help text available for this option.
user_test_tester = testing .adminNo help text available for this option.
user_test2_tester2 = testing2 .adminNo help text available for this option.
user_test_tester3 = testing3No help text available for this option.

Questions? Discuss on ask.openstack.org
Found an error? Report a bug against this page

loading table of contents...