758 lines
30 KiB
YAML
758 lines
30 KiB
YAML
- version: '2013.2.1'
|
|
checkpoint: true
|
|
added:
|
|
|
|
- name: bind_ip
|
|
type: string
|
|
default: '0.0.0.0'
|
|
comment: 'New param'
|
|
|
|
- name: bind_port
|
|
type: string
|
|
default: '80'
|
|
comment: 'New param'
|
|
|
|
- name: bind_timeout
|
|
type: string
|
|
default: '30'
|
|
comment: 'New param'
|
|
|
|
- name: backlog
|
|
type: string
|
|
default: '4096'
|
|
comment: 'New param'
|
|
|
|
- name: swift_dir
|
|
type: string
|
|
default: '/etc/swift'
|
|
comment: 'New param'
|
|
|
|
- name: user
|
|
type: string
|
|
default: 'swift'
|
|
comment: 'New param'
|
|
|
|
- name: workers
|
|
type: string
|
|
default: 'auto'
|
|
help: "Use an integer to override the number of pre-forked processes that will accept connections. Should default to the number of effective cpu cores in the system. It's worth noting that individual workers will use many eventlet co-routines to service multiple concurrent requests."
|
|
comment: 'New param'
|
|
|
|
- name: max_clients
|
|
type: string
|
|
default: '1024'
|
|
help: 'Maximum concurrent requests per worker'
|
|
comment: 'New param'
|
|
|
|
- name: cert_file
|
|
type: string
|
|
default: '/etc/swift/proxy.crt'
|
|
help: 'Set the following two lines to enable SSL. This is for testing only.'
|
|
comment: 'New param'
|
|
|
|
- name: key_file
|
|
type: string
|
|
default: '/etc/swift/proxy.key'
|
|
help: 'Set the following two lines to enable SSL. This is for testing only.'
|
|
comment: 'New param'
|
|
|
|
- name: log_name
|
|
type: string
|
|
default: 'swift'
|
|
help: 'You can specify default log routing here if you want:'
|
|
comment: 'New param'
|
|
|
|
- name: log_facility
|
|
type: string
|
|
default: 'LOG_LOCAL0'
|
|
help: 'You can specify default log routing here if you want:'
|
|
comment: 'New param'
|
|
|
|
- name: log_level
|
|
type: string
|
|
default: 'INFO'
|
|
help: 'You can specify default log routing here if you want:'
|
|
comment: 'New param'
|
|
|
|
- name: log_headers
|
|
type: string
|
|
default: 'false'
|
|
help: 'You can specify default log routing here if you want:'
|
|
comment: 'New param'
|
|
|
|
- name: log_address
|
|
type: string
|
|
default: '/dev/log'
|
|
help: 'You can specify default log routing here if you want:'
|
|
comment: 'New param'
|
|
|
|
- name: trans_id_suffix
|
|
type: string
|
|
default: ''
|
|
help: 'This optional suffix (default is empty) that would be appended to the swift transaction id allows one to easily figure out from which cluster that X-Trans-Id belongs to. This is very useful when one is managing more than one swift cluster.'
|
|
comment: 'New param'
|
|
|
|
- name: log_custom_handlers
|
|
type: string
|
|
default: ''
|
|
help: 'comma separated list of functions to call to setup custom log handlers. functions get passed: conf, name, log_to_console, log_route, fmt, logger, adapted_logger'
|
|
comment: 'New param'
|
|
|
|
- name: log_udp_host
|
|
type: string
|
|
default: ''
|
|
help: 'If set, log_udp_host will override log_address'
|
|
comment: 'New param'
|
|
|
|
- name: log_udp_port
|
|
type: string
|
|
default: '514'
|
|
help: 'If set, log_udp_host will override log_address'
|
|
comment: 'New param'
|
|
|
|
- name: log_statsd_host
|
|
type: host
|
|
default: 'localhost'
|
|
help: 'You can enable StatsD logging here:'
|
|
comment: 'New param'
|
|
|
|
- name: log_statsd_port
|
|
type: string
|
|
default: '8125'
|
|
help: 'You can enable StatsD logging here:'
|
|
comment: 'New param'
|
|
|
|
- name: log_statsd_default_sample_rate
|
|
type: string
|
|
default: '1.0'
|
|
help: 'You can enable StatsD logging here:'
|
|
comment: 'New param'
|
|
|
|
- name: log_statsd_sample_rate_factor
|
|
type: string
|
|
default: '1.0'
|
|
help: 'You can enable StatsD logging here:'
|
|
comment: 'New param'
|
|
|
|
- name: log_statsd_metric_prefix
|
|
type: string
|
|
default: ''
|
|
help: 'You can enable StatsD logging here:'
|
|
comment: 'New param'
|
|
|
|
- name: cors_allow_origin
|
|
type: string
|
|
default: ''
|
|
help: 'Use a comma separated list of full url (http://foo.bar:1234,https://foo.bar)'
|
|
comment: 'New param'
|
|
|
|
- name: client_timeout
|
|
type: string
|
|
default: '60'
|
|
comment: 'New param'
|
|
|
|
- name: eventlet_debug
|
|
type: string
|
|
default: 'false'
|
|
comment: 'New param'
|
|
|
|
- name: 'pipeline:main.pipeline'
|
|
type: string
|
|
default: 'catch_errors healthcheck proxy-logging cache bulk slo ratelimit tempauth container-quotas account-quotas proxy-logging proxy-server'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:account-quotas.use'
|
|
type: string
|
|
default: 'egg:swift#account_quotas'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:cname_lookup.set log_name'
|
|
type: string
|
|
default: 'cname_lookup'
|
|
help: 'Note: this middleware requires python-dnspython You can override the default log routing for this filter here:'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:cname_lookup.set log_facility'
|
|
type: string
|
|
default: 'LOG_LOCAL0'
|
|
help: 'Note: this middleware requires python-dnspython You can override the default log routing for this filter here:'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:cname_lookup.set log_level'
|
|
type: string
|
|
default: 'INFO'
|
|
help: 'Note: this middleware requires python-dnspython You can override the default log routing for this filter here:'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:cname_lookup.set log_address'
|
|
type: string
|
|
default: '/dev/log'
|
|
help: 'Note: this middleware requires python-dnspython You can override the default log routing for this filter here:'
|
|
comment: 'New param'
|
|
|
|
- name: 'app:proxy-server.log_handoffs'
|
|
type: string
|
|
default: 'true'
|
|
comment: 'New param'
|
|
|
|
- name: 'app:proxy-server.recheck_account_existence'
|
|
type: string
|
|
default: '60'
|
|
comment: 'New param'
|
|
|
|
- name: 'app:proxy-server.recheck_container_existence'
|
|
type: string
|
|
default: '60'
|
|
comment: 'New param'
|
|
|
|
- name: 'app:proxy-server.object_chunk_size'
|
|
type: string
|
|
default: '8192'
|
|
comment: 'New param'
|
|
|
|
- name: 'app:proxy-server.client_chunk_size'
|
|
type: string
|
|
default: '8192'
|
|
comment: 'New param'
|
|
|
|
- name: 'app:proxy-server.node_timeout'
|
|
type: string
|
|
default: '10'
|
|
comment: 'New param'
|
|
|
|
- name: 'app:proxy-server.conn_timeout'
|
|
type: string
|
|
default: '0.5'
|
|
comment: 'New param'
|
|
|
|
- name: 'app:proxy-server.error_suppression_interval'
|
|
type: string
|
|
default: '60'
|
|
help: "How long without an error before a node's error count is reset. This will also be how long before a node is reenabled after suppression is triggered."
|
|
comment: 'New param'
|
|
|
|
- name: 'app:proxy-server.error_suppression_limit'
|
|
type: string
|
|
default: '10'
|
|
help: 'How many errors can accumulate before a node is temporarily ignored.'
|
|
comment: 'New param'
|
|
|
|
- name: 'app:proxy-server.allow_account_management'
|
|
type: string
|
|
default: 'false'
|
|
help: "If set to 'true' any authorized user may create and delete accounts; if 'false' no one, even authorized, can."
|
|
comment: 'New param'
|
|
|
|
- name: 'app:proxy-server.object_post_as_copy'
|
|
type: string
|
|
default: 'true'
|
|
help: "Set object_post_as_copy = false to turn on fast posts where only the metadata changes are stored anew and the original data file is kept in place. This makes for quicker posts; but since the container metadata isn't updated in this mode, features like container sync won't be able to sync posts."
|
|
comment: 'New param'
|
|
|
|
- name: 'app:proxy-server.account_autocreate'
|
|
type: string
|
|
default: 'false'
|
|
help: "If set to 'true' authorized accounts that do not yet exist within the Swift cluster will be automatically created."
|
|
comment: 'New param'
|
|
|
|
- name: 'app:proxy-server.max_containers_per_account'
|
|
type: string
|
|
default: '0'
|
|
help: 'If set to a positive value, trying to create a container when the account already has at least this maximum containers will result in a 403 Forbidden. Note: This is a soft limit, meaning a user might exceed the cap for recheck_account_existence before the 403s kick in.'
|
|
comment: 'New param'
|
|
|
|
- name: 'app:proxy-server.max_containers_whitelist'
|
|
type: string
|
|
default: ''
|
|
help: 'This is a comma separated list of account hashes that ignore the max_containers_per_account cap.'
|
|
comment: 'New param'
|
|
|
|
- name: 'app:proxy-server.deny_host_headers'
|
|
type: string
|
|
default: ''
|
|
help: 'Comma separated list of Host headers to which the proxy will deny requests.'
|
|
comment: 'New param'
|
|
|
|
- name: 'app:proxy-server.auto_create_account_prefix'
|
|
type: string
|
|
default: '.'
|
|
help: 'Prefix used when automatically creating accounts.'
|
|
comment: 'New param'
|
|
|
|
- name: 'app:proxy-server.put_queue_depth'
|
|
type: string
|
|
default: '10'
|
|
help: 'Depth of the proxy put queue.'
|
|
comment: 'New param'
|
|
|
|
- name: 'app:proxy-server.rate_limit_after_segment'
|
|
type: string
|
|
default: '10'
|
|
help: 'Start rate-limiting object segment serving after the Nth segment of a segmented object.'
|
|
comment: 'New param'
|
|
|
|
- name: 'app:proxy-server.rate_limit_segments_per_sec'
|
|
type: string
|
|
default: '1'
|
|
help: 'Once segment rate-limiting kicks in for an object, limit segments served to N per second.'
|
|
comment: 'New param'
|
|
|
|
- name: 'app:proxy-server.sorting_method'
|
|
type: string
|
|
default: 'shuffle'
|
|
help: "Storage nodes can be chosen at random (shuffle), by using timing measurements (timing), or by using an explicit match (affinity). Using timing measurements may allow for lower overall latency, while using affinity allows for finer control. In both the timing and affinity cases, equally-sorting nodes are still randomly chosen to spread load. The valid values for sorting_method are 'affinity', 'shuffle', and 'timing'."
|
|
comment: 'New param'
|
|
|
|
- name: 'app:proxy-server.timing_expiry'
|
|
type: string
|
|
default: '300'
|
|
help: "If the 'timing' sorting_method is used, the timings will only be valid for the number of seconds configured by timing_expiry."
|
|
comment: 'New param'
|
|
|
|
- name: 'app:proxy-server.allow_static_large_object'
|
|
type: string
|
|
default: 'true'
|
|
help: "If set to false will treat objects with X-Static-Large-Object header set as a regular object on GETs, i.e. will return that object's contents. Should be set to false if slo is not used in pipeline."
|
|
comment: 'New param'
|
|
|
|
- name: 'app:proxy-server.max_large_object_get_time'
|
|
type: string
|
|
default: '86400'
|
|
help: 'The maximum time (seconds) that a large object connection is allowed to last.'
|
|
comment: 'New param'
|
|
|
|
- name: 'app:proxy-server.request_node_count'
|
|
type: string
|
|
default: '2 * replicas'
|
|
help: "Set to the number of nodes to contact for a normal request. You can use '* replicas' at the end to have it use the number given times the number of replicas for the ring being used for the request."
|
|
comment: 'New param'
|
|
|
|
- name: 'app:proxy-server.read_affinity'
|
|
type: string
|
|
default: ''
|
|
help: 'Example: first read from region 1 zone 1, then region 1 zone 2, then anything in region 2, then everything else: read_affinity = r1z1=100, r1z2=200, r2=300 Default is empty, meaning no preference.'
|
|
comment: 'New param'
|
|
|
|
- name: 'app:proxy-server.write_affinity'
|
|
type: string
|
|
default: ''
|
|
help: 'Example: try to write to regions 1 and 2 before writing to any other nodes: write_affinity = r1, r2 Default is empty, meaning no preference.'
|
|
comment: 'New param'
|
|
|
|
- name: 'app:proxy-server.write_affinity_node_count'
|
|
type: string
|
|
default: '2 * replicas'
|
|
help: "The number of local (as governed by the write_affinity setting) nodes to attempt to contact first, before any non-local ones. You can use '* replicas' at the end to have it use the number given times the number of replicas for the ring being used for the request."
|
|
comment: 'New param'
|
|
|
|
- name: 'app:proxy-server.swift_owner_headers'
|
|
type: string
|
|
default: 'x-container-read, x-container-write, x-container-sync-key, x-container-sync-to, x-account-meta-temp-url-key, x-account-meta-temp-url-key-2'
|
|
help: 'These are the headers whose values will only be shown to swift_owners. The exact definition of a swift_owner is up to the auth system in use, but usually indicates administrative responsibilities.'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:cname_lookup.set log_headers'
|
|
type: string
|
|
default: 'false'
|
|
help: 'Note: this middleware requires python-dnspython You can override the default log routing for this filter here:'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:tempauth.reseller_prefix'
|
|
type: string
|
|
default: 'AUTH'
|
|
help: 'The reseller prefix will verify a token begins with this prefix before even attempting to validate it. Also, with authorization, only Swift storage accounts with this prefix will be authorized by this middleware. Useful if multiple auth systems are in use for one Swift cluster.'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:tempauth.auth_prefix'
|
|
type: string
|
|
default: '/auth/'
|
|
help: 'The auth prefix will cause requests beginning with this prefix to be routed to the auth subsystem, for granting tokens, etc.'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:tempauth.token_life'
|
|
type: string
|
|
default: '86400'
|
|
help: 'The auth prefix will cause requests beginning with this prefix to be routed to the auth subsystem, for granting tokens, etc.'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:tempauth.allow_overrides'
|
|
type: string
|
|
default: 'true'
|
|
help: "This allows middleware higher in the WSGI pipeline to override auth processing, useful for middleware such as tempurl and formpost. If you know you're not going to use such middleware and you want a bit of extra security, you can set this to false."
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:tempauth.storage_url_scheme'
|
|
type: string
|
|
default: 'default'
|
|
help: 'This specifies what scheme to return with storage urls: http, https, or default (chooses based on what the server is running as) This can be useful with an SSL load balancer in front of a non-SSL server.'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:tempauth.user_admin_admin'
|
|
type: string
|
|
default: 'admin .admin .reseller_admin'
|
|
help: 'Lastly, you need to list all the accounts/users you want here. The format is: user_<account>_<user> = <key> [group] [group] [...] [storage_url] or if you want underscores in <account> or <user>, you can base64 encode them (with no equal signs) and use this format: user64_<account_b64>_<user_b64> = <key> [group] [group] [...] [storage_url] There are special groups of: .reseller_admin = can do anything to any account for this auth .admin = can do anything within the account If neither of these groups are specified, the user can only access containers that have been explicitly allowed for them by a .admin or .reseller_admin. The trailing optional storage_url allows you to specify an alternate url to hand back to the user upon authentication. If not specified, this defaults to $HOST/v1/<reseller_prefix>_<account> where $HOST will do its best to resolve to what the requester would need to use to reach this host. Here are example entries, required for running the tests:'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:tempauth.user_test_tester'
|
|
type: string
|
|
default: 'testing .admin'
|
|
help: 'Lastly, you need to list all the accounts/users you want here. The format is: user_<account>_<user> = <key> [group] [group] [...] [storage_url] or if you want underscores in <account> or <user>, you can base64 encode them (with no equal signs) and use this format: user64_<account_b64>_<user_b64> = <key> [group] [group] [...] [storage_url] There are special groups of: .reseller_admin = can do anything to any account for this auth .admin = can do anything within the account If neither of these groups are specified, the user can only access containers that have been explicitly allowed for them by a .admin or .reseller_admin. The trailing optional storage_url allows you to specify an alternate url to hand back to the user upon authentication. If not specified, this defaults to $HOST/v1/<reseller_prefix>_<account> where $HOST will do its best to resolve to what the requester would need to use to reach this host. Here are example entries, required for running the tests:'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:tempauth.user_test2_tester2'
|
|
type: string
|
|
default: 'testing2 .admin'
|
|
help: 'Lastly, you need to list all the accounts/users you want here. The format is: user_<account>_<user> = <key> [group] [group] [...] [storage_url] or if you want underscores in <account> or <user>, you can base64 encode them (with no equal signs) and use this format: user64_<account_b64>_<user_b64> = <key> [group] [group] [...] [storage_url] There are special groups of: .reseller_admin = can do anything to any account for this auth .admin = can do anything within the account If neither of these groups are specified, the user can only access containers that have been explicitly allowed for them by a .admin or .reseller_admin. The trailing optional storage_url allows you to specify an alternate url to hand back to the user upon authentication. If not specified, this defaults to $HOST/v1/<reseller_prefix>_<account> where $HOST will do its best to resolve to what the requester would need to use to reach this host. Here are example entries, required for running the tests:'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:tempauth.user_test_tester3'
|
|
type: string
|
|
default: 'testing3'
|
|
help: 'Lastly, you need to list all the accounts/users you want here. The format is: user_<account>_<user> = <key> [group] [group] [...] [storage_url] or if you want underscores in <account> or <user>, you can base64 encode them (with no equal signs) and use this format: user64_<account_b64>_<user_b64> = <key> [group] [group] [...] [storage_url] There are special groups of: .reseller_admin = can do anything to any account for this auth .admin = can do anything within the account If neither of these groups are specified, the user can only access containers that have been explicitly allowed for them by a .admin or .reseller_admin. The trailing optional storage_url allows you to specify an alternate url to hand back to the user upon authentication. If not specified, this defaults to $HOST/v1/<reseller_prefix>_<account> where $HOST will do its best to resolve to what the requester would need to use to reach this host. Here are example entries, required for running the tests:'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:tempauth.paste.filter_factory'
|
|
type: string
|
|
default: 'keystoneclient.middleware.auth_token:filter_factory'
|
|
help: '[filter:authtoken]'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:tempauth.auth_host'
|
|
type: string
|
|
default: 'keystonehost'
|
|
help: '[filter:authtoken]'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:tempauth.auth_port'
|
|
type: string
|
|
default: '35357'
|
|
help: '[filter:authtoken]'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:tempauth.auth_protocol'
|
|
type: string
|
|
default: 'http'
|
|
help: '[filter:authtoken]'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:tempauth.auth_uri'
|
|
type: string
|
|
default: 'http://keystonehost:5000/'
|
|
help: '[filter:authtoken]'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:tempauth.admin_tenant_name'
|
|
type: string
|
|
default: 'service'
|
|
help: '[filter:authtoken]'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:tempauth.admin_user'
|
|
type: string
|
|
default: 'swift'
|
|
help: '[filter:authtoken]'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:tempauth.admin_password'
|
|
type: string
|
|
default: 'password'
|
|
help: '[filter:authtoken]'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:tempauth.delay_auth_decision'
|
|
type: string
|
|
default: '1'
|
|
help: '[filter:authtoken]'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:tempauth.cache'
|
|
type: string
|
|
default: 'swift.cache'
|
|
help: '[filter:authtoken]'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:tempauth.operator_roles'
|
|
type: string
|
|
default: 'admin, swiftoperator'
|
|
help: '[filter:keystoneauth] Operator roles is the role which user would be allowed to manage a tenant and be able to create container or give ACL to others.'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:tempauth.reseller_admin_role'
|
|
type: string
|
|
default: 'ResellerAdmin'
|
|
help: '[filter:keystoneauth] Operator roles is the role which user would be allowed to manage a tenant and be able to create container or give ACL to others. The reseller admin role has the ability to create and delete accounts'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:healthcheck.disable_path'
|
|
type: string
|
|
default: ''
|
|
help: "An optional filesystem path, which if present, will cause the healthcheck URL to return '503 Service Unavailable' with a body of 'DISABLED BY FILE'. This facility may be used to temporarily remove a Swift node from a load balancer pool during maintenance or upgrade (remove the file to allow the node back into the load balancer pool)."
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:cache.memcache_servers'
|
|
type: string
|
|
default: '127.0.0.1:11211'
|
|
help: 'If not set here, the value for memcache_servers will be read from memcache.conf (see memcache.conf-sample) or lacking that file, it will default to the value below. You can specify multiple servers separated with commas, as in: 10.1.2.3:11211,10.1.2.4:11211'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:cache.memcache_serialization_support'
|
|
type: string
|
|
default: '2'
|
|
help: 'Sets how memcache values are serialized and deserialized: 0 = older, insecure pickle serialization 1 = json serialization but pickles can still be read (still insecure) 2 = json serialization only (secure and the default) If not set here, the value for memcache_serialization_support will be read from /etc/swift/memcache.conf (see memcache.conf-sample). To avoid an instant full cache flush, existing installations should upgrade with 0, then set to 1 and reload, then after some time (24 hours) set to 2 and reload. In the future, the ability to use pickle serialization will be removed.'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:ratelimit.clock_accuracy'
|
|
type: string
|
|
default: '1000'
|
|
help: "clock_accuracy should represent how accurate the proxy servers' system clocks are with each other. 1000 means that all the proxies' clock are accurate to each other within 1 millisecond. No ratelimit should be higher than the clock accuracy."
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:ratelimit.max_sleep_time_seconds'
|
|
type: string
|
|
default: '60'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:ratelimit.log_sleep_time_seconds'
|
|
type: string
|
|
default: '0'
|
|
help: 'log_sleep_time_seconds of 0 means disabled'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:ratelimit.rate_buffer_seconds'
|
|
type: string
|
|
default: '5'
|
|
help: "allows for slow rates (e.g. running up to 5 sec's behind) to catch up."
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:ratelimit.account_ratelimit'
|
|
type: string
|
|
default: '0'
|
|
help: 'account_ratelimit of 0 means disabled'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:ratelimit.account_whitelist'
|
|
type: string
|
|
default: 'a,b'
|
|
help: 'these are comma separated lists of account names'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:ratelimit.account_blacklist'
|
|
type: string
|
|
default: 'c,d'
|
|
help: 'these are comma separated lists of account names'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:ratelimit.with container_limit_x'
|
|
type: string
|
|
default: 'r'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:ratelimit.container_ratelimit_0'
|
|
type: string
|
|
default: '100'
|
|
help: 'for containers of size x limit write requests per second to r. The container rate will be linearly interpolated from the values given. With the values below, a container of size 5 will get a rate of 75.'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:ratelimit.container_ratelimit_10'
|
|
type: string
|
|
default: '50'
|
|
help: 'for containers of size x limit write requests per second to r. The container rate will be linearly interpolated from the values given. With the values below, a container of size 5 will get a rate of 75.'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:ratelimit.container_ratelimit_50'
|
|
type: string
|
|
default: '20'
|
|
help: 'for containers of size x limit write requests per second to r. The container rate will be linearly interpolated from the values given. With the values below, a container of size 5 will get a rate of 75.'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:ratelimit.container_listing_ratelimit_0'
|
|
type: string
|
|
default: '100'
|
|
help: 'Similarly to the above container-level write limits, the following will limit container GET (listing) requests.'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:ratelimit.container_listing_ratelimit_10'
|
|
type: string
|
|
default: '50'
|
|
help: 'Similarly to the above container-level write limits, the following will limit container GET (listing) requests.'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:ratelimit.container_listing_ratelimit_50'
|
|
type: string
|
|
default: '20'
|
|
help: 'Similarly to the above container-level write limits, the following will limit container GET (listing) requests.'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:cname_lookup.storage_domain'
|
|
type: string
|
|
default: 'example.com'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:domain_remap.path_root'
|
|
type: string
|
|
default: 'v1'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:domain_remap.reseller_prefixes'
|
|
type: string
|
|
default: 'AUTH'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:cname_lookup.lookup_depth'
|
|
type: string
|
|
default: '1'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:tempurl.methods'
|
|
type: string
|
|
default: 'GET HEAD PUT'
|
|
help: 'The methods allowed with Temp URLs.'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:tempurl.incoming_remove_headers'
|
|
type: string
|
|
default: 'x-timestamp'
|
|
help: "The headers to remove from incoming requests. Simply a whitespace delimited list of header names and names can optionally end with '*' to indicate a prefix match. incoming_allow_headers is a list of exceptions to these removals."
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:tempurl.incoming_allow_headers'
|
|
type: string
|
|
default: ''
|
|
help: "The headers allowed as exceptions to incoming_remove_headers. Simply a whitespace delimited list of header names and names can optionally end with '*' to indicate a prefix match."
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:tempurl.outgoing_remove_headers'
|
|
type: string
|
|
default: 'x-object-meta-*'
|
|
help: "The headers to remove from outgoing responses. Simply a whitespace delimited list of header names and names can optionally end with '*' to indicate a prefix match. outgoing_allow_headers is a list of exceptions to these removals."
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:name_check.forbidden_chars'
|
|
type: string
|
|
default: "\\'\"`<>"
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:name_check.maximum_length'
|
|
type: string
|
|
default: '255'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:name_check.forbidden_regexp'
|
|
type: string
|
|
default: '/\\./|/\\.\\./|/\\.$|/\\.\\.$'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:list-endpoints.list_endpoints_path'
|
|
type: string
|
|
default: '/endpoints/'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:proxy-logging.access_log_name'
|
|
type: string
|
|
default: 'swift'
|
|
help: "If not set, logging directives from [DEFAULT] without 'access_' will be used"
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:proxy-logging.access_log_facility'
|
|
type: string
|
|
default: 'LOG_LOCAL0'
|
|
help: "If not set, logging directives from [DEFAULT] without 'access_' will be used"
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:proxy-logging.access_log_level'
|
|
type: string
|
|
default: 'INFO'
|
|
help: "If not set, logging directives from [DEFAULT] without 'access_' will be used"
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:proxy-logging.access_log_address'
|
|
type: string
|
|
default: '/dev/log'
|
|
help: "If not set, logging directives from [DEFAULT] without 'access_' will be used"
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:proxy-logging.access_log_udp_host'
|
|
type: string
|
|
default: ''
|
|
help: 'If set, access_log_udp_host will override access_log_address'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:proxy-logging.access_log_udp_port'
|
|
type: string
|
|
default: '514'
|
|
help: 'If set, access_log_udp_host will override access_log_address'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:proxy-logging.access_log_statsd_host'
|
|
type: host
|
|
default: 'localhost'
|
|
help: 'You can use log_statsd_* from [DEFAULT] or override them here:'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:proxy-logging.access_log_statsd_port'
|
|
type: string
|
|
default: '8125'
|
|
help: 'You can use log_statsd_* from [DEFAULT] or override them here:'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:proxy-logging.access_log_statsd_default_sample_rate'
|
|
type: string
|
|
default: '1.0'
|
|
help: 'You can use log_statsd_* from [DEFAULT] or override them here:'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:proxy-logging.access_log_statsd_sample_rate_factor'
|
|
type: string
|
|
default: '1.0'
|
|
help: 'You can use log_statsd_* from [DEFAULT] or override them here:'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:proxy-logging.access_log_statsd_metric_prefix'
|
|
type: string
|
|
default: ''
|
|
help: 'You can use log_statsd_* from [DEFAULT] or override them here:'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:proxy-logging.access_log_headers'
|
|
type: string
|
|
default: 'false'
|
|
help: 'You can use log_statsd_* from [DEFAULT] or override them here:'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:bulk.max_containers_per_extraction'
|
|
type: string
|
|
default: '10000'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:bulk.max_failed_extractions'
|
|
type: string
|
|
default: '1000'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:bulk.max_deletes_per_request'
|
|
type: string
|
|
default: '10000'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:bulk.yield_frequency'
|
|
type: string
|
|
default: '60'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:slo.max_manifest_segments'
|
|
type: string
|
|
default: '1000'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:slo.max_manifest_size'
|
|
type: string
|
|
default: '2097152'
|
|
comment: 'New param'
|
|
|
|
- name: 'filter:slo.min_segment_size'
|
|
type: string
|
|
default: '1048576'
|
|
comment: 'New param'
|
|
|
|
# ====================================================
|