Object Storage general service configuration

Object Storage general service configuration

Object Storage service uses multiple configuration files for multiple services and background daemons, and paste.deploy to manage server configurations. For more information about paste.deploy, see: http://pythonpaste.org/deploy/.

Default configuration options are set in the [DEFAULT] section, and any options specified there can be overridden in any of the other sections when the syntax set option_name = value is in place.

Configuration for servers and daemons can be expressed together in the same file for each type of server, or separately. If a required section for the service trying to start is missing, there will be an error. Sections not used by the service are ignored.

Consider the example of an Object Storage node. By convention configuration for the object-server, object-updater, object-replicator, and object-auditor exist in a single file /etc/swift/object-server.conf:

[DEFAULT]

[pipeline:main]
pipeline = object-server

[app:object-server]
use = egg:swift#object

[object-replicator]
reclaim_age = 259200

[object-updater]

[object-auditor]

Note

Default constraints can be overridden in swift.conf. For example, you can change the maximum object size and other variables.

Object Storage services expect a configuration path as the first argument:

$ swift-object-auditor
Usage: swift-object-auditor CONFIG [options]

Error: missing config path argument

If you omit the object-auditor section, this file cannot be used as the configuration path when starting the swift-object-auditor daemon:

$ swift-object-auditor /etc/swift/object-server.conf
Unable to find object-auditor config section in /etc/swift/object-server.conf

If the configuration path is a directory instead of a file, all of the files in the directory with the file extension .conf will be combined to generate the configuration object which is delivered to the Object Storage service. This is referred to generally as directory-based configuration.

Directory-based configuration leverages ConfigParser‘s native multi-file support. Files ending in .conf in the given directory are parsed in lexicographical order. File names starting with . are ignored. A mixture of file and directory configuration paths is not supported. If the configuration path is a file, only that file will be parsed.

The Object Storage service management tool swift-init has adopted the convention of looking for /etc/swift/{type}-server.conf.d/ if the file /etc/swift/{type}-server.conf file does not exist.

When using directory-based configuration, if the same option under the same section appears more than once in different files, the last value parsed is said to override previous occurrences. You can ensure proper override precedence by prefixing the files in the configuration directory with numerical values, as in the following example file layout:

/etc/swift/
    default.base
    object-server.conf.d/
        000_default.conf -> ../default.base
        001_default-override.conf
        010_server.conf
        020_replicator.conf
        030_updater.conf
        040_auditor.conf

You can inspect the resulting combined configuration object using the swift-config command-line tool.

All the services of an Object Store deployment share a common configuration in the [swift-hash] section of the /etc/swift/swift.conf file. The swift_hash_path_suffix and swift_hash_path_prefix values must be identical on all the nodes.

Description of configuration options for [swift-hash] in swift.conf
Configuration option = Default value Description
swift_hash_path_prefix = changeme A prefix used by hash_path to offer a bit more security when generating hashes for paths. It simply appends this value to all paths; if someone knows this suffix, it’s easier for them to guess the hash a path will end up with. New installations are advised to set this parameter to a random secret, which would not be disclosed ouside the organization. The same secret needs to be used by all swift servers of the same cluster. Existing installations should set this parameter to an empty string.
swift_hash_path_suffix = changeme A suffix used by hash_path to offer a bit more security when generating hashes for paths. It simply appends this value to all paths; if someone knows this suffix, it’s easier for them to guess the hash a path will end up with. New installations are advised to set this parameter to a random secret, which would not be disclosed ouside the organization. The same secret needs to be used by all swift servers of the same cluster. Existing installations should set this parameter to an empty string.
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.