171 lines
6.4 KiB
Plaintext
171 lines
6.4 KiB
Plaintext
[DEFAULT]
|
|
|
|
[pipeline:main]
|
|
# This is the minimum pipeline for Swift3. See swift manual if you want to add
|
|
# more middleware.
|
|
#
|
|
# Keystone pipeline
|
|
# Note that s3token and authtoken require the keystonemiddleware package.
|
|
pipeline = proxy-logging cache swift3 s3token authtoken keystoneauth bulk slo proxy-logging proxy-server
|
|
|
|
# Tempauth pipeline
|
|
# pipeline = proxy-logging cache swift3 tempauth bulk slo proxy-logging proxy-server
|
|
|
|
[app:proxy-server]
|
|
use = egg:swift#proxy
|
|
|
|
[filter:tempauth]
|
|
# See swift manual for more details.
|
|
use = egg:swift#tempauth
|
|
user_admin_admin = admin .admin .reseller_admin
|
|
user_test_tester = testing .admin
|
|
user_test2_tester2 = testing2 .admin
|
|
user_test_tester3 = testing3
|
|
|
|
[filter:swift3]
|
|
use = egg:swift3#swift3
|
|
|
|
# Swift has no concept of the S3's resource owner; the resources
|
|
# (i.e. containers and objects) created via the Swift API have no owner
|
|
# information. This option specifies how the swift3 middleware handles them
|
|
# with the S3 API. If this option is 'false', such kinds of resources will be
|
|
# invisible and no users can access them with the S3 API. If set to 'true',
|
|
# the resource without owner is belong to everyone and everyone can access it
|
|
# with the S3 API. If you care about S3 compatibility, set 'false' here. This
|
|
# option makes sense only when the s3_acl option is set to 'true' and your
|
|
# Swift cluster has the resources created via the Swift API.
|
|
# allow_no_owner = false
|
|
#
|
|
# Set a region name of your Swift cluster. Note that Swift3 doesn't choose a
|
|
# region of the newly created bucket actually. This value is used for the
|
|
# GET Bucket location API and v4 signatures calculation.
|
|
# location = US
|
|
#
|
|
# Set whether to enforce DNS-compliant bucket names. Note that S3 enforces
|
|
# these conventions in all regions except the US Standard region.
|
|
# dns_compliant_bucket_names = True
|
|
#
|
|
# Set the default maximum number of objects returned in the GET Bucket
|
|
# response.
|
|
# max_bucket_listing = 1000
|
|
#
|
|
# Set the maximum number of parts returned in the List Parts operation.
|
|
# (default: 1000)
|
|
# When setting it to be larger than 10000, set to be larger
|
|
# container_listing_limit in swift.conf.(specification of S3: 1000)
|
|
# max_parts_listing = 1000
|
|
#
|
|
# Set the maximum number of objects we can delete with the Multi-Object Delete
|
|
# operation.
|
|
# max_multi_delete_objects = 1000
|
|
#
|
|
# If set to 'true', Swift3 uses its own metadata for ACL
|
|
# (e.g. X-Container-Sysmeta-Swift3-Acl) to achieve the best S3 compatibility.
|
|
# If set to 'false', Swift3 tries to use Swift ACL (e.g. X-Container-Read)
|
|
# instead of S3 ACL as far as possible. If you want to keep backward
|
|
# compatibility with Swift3 1.7 or earlier, set false here
|
|
# If set to 'false' after set to 'true' and put some container/object,
|
|
# all users will be able to access container/object.
|
|
# Note that s3_acl doesn't keep the acl consistency between S3 API and Swift
|
|
# API. (e.g. when set s3acl to true and PUT acl, we won't get the acl
|
|
# information via Swift API at all and the acl won't be applied against to
|
|
# Swift API even if it is for a bucket currently supported.)
|
|
# Note that s3_acl currently supports only keystone and tempauth.
|
|
# DON'T USE THIS for production before enough testing for your use cases.
|
|
# This stuff is still under development and it might cause something
|
|
# you don't expect.
|
|
# s3_acl = false
|
|
#
|
|
# Specify a host name of your Swift cluster. This enables virtual-hosted style
|
|
# requests.
|
|
# storage_domain =
|
|
#
|
|
# Enable pipeline order check for SLO, s3token, authtoken, keystoneauth according to
|
|
# standard swift3/Swift construction using either tempauth or keystoneauth.
|
|
# If the order is incorrect, it raises a except to stop proxy.
|
|
# Turn auth_pipeline_check off only when you want to bypass these authenticate
|
|
# middlewares in order to use other 3rd party (or your proprietary) authenticate middleware.
|
|
# auth_pipeline_check = True
|
|
#
|
|
# Enable multi-part uploads. (default: true)
|
|
# This is required to store files larger than Swift's max_file_size (by default, 5GiB).
|
|
# Note that has performance implications when deleting objects, as we now have to
|
|
# check for whether there are also segments to delete.
|
|
# allow_multipart_uploads = True
|
|
#
|
|
# Set the maximum number of parts for Upload Part operation.(default: 1000)
|
|
# When setting it to be larger than the default value in order to match the
|
|
# specification of S3, set to be larger max_manifest_segments for slo
|
|
# middleware.(specification of S3: 10000)
|
|
# max_upload_part_num = 1000
|
|
#
|
|
# Enable returning only buckets which owner are the user who requested
|
|
# GET Service operation. (default: false)
|
|
# If you want to enable the above feature, set this and s3_acl to true.
|
|
# That might cause significant performance degradation. So, only if your
|
|
# service absolutely need this feature, set this setting to true.
|
|
# If you set this to false, Swift3 returns all buckets.
|
|
# check_bucket_owner = false
|
|
#
|
|
# In default, Swift reports only S3 style access log.
|
|
# (e.g. PUT /bucket/object) If set force_swift_request_proxy_log
|
|
# to be 'true', Swift will become to output Swift style log
|
|
# (e.g. PUT /v1/account/container/object) in addition to S3 style log.
|
|
# Note that they will be reported twice (i.e. Swift3 doesn't care about
|
|
# the duplication) and Swift style log will includes also various subrequests
|
|
# to achieve S3 compatibilities when force_swift_request_proxy_log is set to
|
|
# 'true'
|
|
# force_swift_request_proxy_log = false
|
|
|
|
[filter:catch_errors]
|
|
use = egg:swift#catch_errors
|
|
|
|
[filter:proxy-logging]
|
|
use = egg:swift#proxy_logging
|
|
|
|
[filter:bulk]
|
|
use = egg:swift#bulk
|
|
|
|
[filter:slo]
|
|
use = egg:swift#slo
|
|
|
|
# AWS S3 document says that each part must be at least 5 MB in a multipart
|
|
# upload, except the last part.
|
|
min_segment_size = 5242880
|
|
|
|
[filter:dlo]
|
|
use = egg:swift#dlo
|
|
|
|
[filter:cache]
|
|
use = egg:swift#memcache
|
|
|
|
[filter:s3token]
|
|
# See swift manual for more details.
|
|
use = egg:swift3#s3token
|
|
|
|
# Prefix that will be prepended to the tenant to form the account
|
|
reseller_prefix = AUTH_
|
|
|
|
# Keystone server details
|
|
auth_uri = http://keystonehost:35357/
|
|
|
|
# SSL-related options
|
|
#insecure = False
|
|
#certfile =
|
|
#keyfile =
|
|
|
|
[filter:authtoken]
|
|
# See swift manual for more details.
|
|
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
|
|
identity_uri = http://keystonehost:35357/
|
|
auth_uri = http://keystonehost:5000/
|
|
admin_tenant_name = service
|
|
admin_user = swift
|
|
admin_password = password
|
|
cache = swift.cache
|
|
|
|
[filter:keystoneauth]
|
|
# See swift manual for more details.
|
|
use = egg:swift#keystoneauth
|
|
operator_roles = admin, swiftoperator
|