-
Notifications
You must be signed in to change notification settings - Fork 15
/
config.yaml
163 lines (143 loc) · 4.67 KB
/
config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
# Wallet address, path to the wallet must be set as cli parameter or environment variable
wallet:
path: /path/to/wallet.json # Path to wallet
passphrase: "" # Passphrase to decrypt wallet. If you're using a wallet without a password, place '' here.
address: NfgHwwTi3wHAS8aFAN243C5vGbkYDpqLHP # Account address. If omitted default one will be used.
# Nodes configuration
# This configuration makes the gateway use the first node (grpc://s01.neofs.devenv:8080)
# while it's healthy. Otherwise, gateway uses the second node (grpc://s01.neofs.devenv:8080)
# for 10% of requests and the third node (grpc://s03.neofs.devenv:8080) for 90% of requests.
# Until nodes with the same priority level are healthy
# nodes with other priority are not used.
# The lower the value, the higher the priority.
peers:
0:
address: node1.neofs:8080
priority: 1
weight: 1
1:
address: node2.neofs:8080
priority: 2
weight: 0.1
2:
address: node3.neofs:8080
priority: 2
weight: 0.9
server:
- address: 0.0.0.0:8080
tls:
enabled: false
cert_file: /path/to/cert
key_file: /path/to/key
- address: 0.0.0.0:8081
tls:
enabled: true
cert_file: /path/to/cert
key_file: /path/to/key
# Domains to be able to use virtual-hosted-style access to bucket.
listen_domains:
- s3dev.neofs.devenv
logger:
level: debug
# Endpoint of the tree service. Must be provided. Can be one of the node address (from the `peers` section).
tree:
service: node1.neofs:8080
# RPC endpoint and order of resolving of bucket names
fschain:
endpoints:
- http://morph-chain.neofs.devenv:30333
# Metrics
pprof:
enabled: true
address: localhost:8085
prometheus:
enabled: true
address: localhost:8086
# Timeout to connect to a node
connect_timeout: 10s
# Timeout for individual operations in streaming RPC.
stream_timeout: 60s
# Timeout to check node health during rebalance
healthcheck_timeout: 15s
# Interval to check node health
rebalance_interval: 60s
# The number of errors on connection after which node is considered as unhealthy
pool_error_threshold: 100
# Limits for processing of clients' requests
max_clients_count: 100
# Deadline after which the gate sends error `RequestTimeout` to a client
max_clients_deadline: 30s
# Caching
cache:
# Cache for objects
objects:
lifetime: 300s
size: 150
# Cache which keeps lists of objects in buckets
list:
lifetime: 1m
size: 100
# Cache which contains mapping of nice name to object addresses
names:
lifetime: 1m
size: 1000
# Cache which contains mapping of bucket name to bucket info
buckets:
lifetime: 1m
size: 500
# Cache for system objects in a bucket: bucket settings, notification configuration etc
system:
lifetime: 2m
size: 1000
# Cache which stores access box with tokens by its address
accessbox:
lifetime: 5m
size: 10
# Cache which stores owner to cache operation mapping
accesscontrol:
lifetime: 1m
size: 100000
nats:
enabled: true
endpoint: nats://localhost:4222
timeout: 30s
cert_file: /path/to/cert
key_file: /path/to/key
root_ca: /path/to/ca
# Parameters of NeoFS container placement policy
placement_policy:
# Default policy of placing containers in NeoFS
# If a user sends a request `CreateBucket` and doesn't define policy for placing of a container in NeoFS, the S3 Gateway
# will put the container with default policy.
default: REP 3
# Region to placement policy mapping json file.
# Path to container policy mapping. The same as '--container-policy' flag for authmate
region_mapping: /path/to/container/policy.json
locations:
REP-1: "REP 1"
REP-3: "REP 3"
complex: "REP 1 IN X CBF 1 SELECT 1 FROM * AS X"
# Contract name for resolving policies. Leave name empty for disabling the feature.
contract_name: ""
# CORS
# value of Access-Control-Max-Age header if this value is not set in a rule. Has an int type.
cors:
default_max_age: 600
# Parameters of requests to NeoFS
neofs:
# Number of the object copies to consider PUT to NeoFS successful.
# `0` means that object will be processed according to the container's placement policy
set_copies_number: 0
# Timeout between retrieving actual epoch from NeoFS. Actual only if slicer.enabled = true.
epoch_update_interval: 2m
# List of allowed AccessKeyID prefixes
# If the parameter is omitted, S3 GW will accept all AccessKeyIDs
allowed_access_key_id_prefixes:
- Ck9BHsgKcnwfCTUSFm6pxhoNS4cBqgN2NQ8zVgPjqZDX
- 3stjWenX15YwYzczMr88gy3CQr4NYFBQ8P7keGzH5QFn
# Allows to use slicer for Object uploading.
internal_slicer: false
# S3
s3:
# Maximum number of objects to be deleted per request limit by this value.
max_object_to_delete_per_request: 1000