diff options
author | Alistair Coles <alistairncoles@gmail.com> | 2022-03-31 16:36:32 +0100 |
---|---|---|
committer | Alistair Coles <alistairncoles@gmail.com> | 2022-05-20 14:40:00 +0100 |
commit | ccaf49a00cea1990027eb699bff8f10c664b2c9a (patch) | |
tree | c99077694666d01d97513a0572e0a142d7404121 /etc | |
parent | 507cf18f961ff03f80b65590024560a9ce121ea2 (diff) | |
download | swift-ccaf49a00cea1990027eb699bff8f10c664b2c9a.tar.gz |
Add backend rate limiting middleware
This is a fairly blunt tool: ratelimiting is per device and
applied independently in each worker, but this at least provides
some limit to disk IO on backend servers.
GET, HEAD, PUT, POST, DELETE, UPDATE and REPLICATE methods may be
rate-limited.
Only requests with a path starting '<device>/<partition>', where
<partition> can be cast to an integer, will be rate-limited. Other
requests, including, for example, recon requests with paths such as
'recon/version', are unconditionally forwarded to the next app in the
pipeline.
OPTIONS and SSYNC methods are not rate-limited. Note that
SSYNC sub-requests are passed directly to the object server app
and will not pass though this middleware.
Change-Id: I78b59a081698a6bff0d74cbac7525e28f7b5d7c1
Diffstat (limited to 'etc')
-rw-r--r-- | etc/account-server.conf-sample | 14 | ||||
-rw-r--r-- | etc/container-server.conf-sample | 14 | ||||
-rw-r--r-- | etc/object-server.conf-sample | 14 |
3 files changed, 39 insertions, 3 deletions
diff --git a/etc/account-server.conf-sample b/etc/account-server.conf-sample index 89c1ea350..485fb45e2 100644 --- a/etc/account-server.conf-sample +++ b/etc/account-server.conf-sample @@ -80,7 +80,7 @@ bind_port = 6202 # ionice_priority = [pipeline:main] -pipeline = healthcheck recon account-server +pipeline = healthcheck recon backend_ratelimit account-server [app:account-server] use = egg:swift#account @@ -128,6 +128,18 @@ use = egg:swift#healthcheck use = egg:swift#recon # recon_cache_path = /var/cache/swift +[filter:backend_ratelimit] +use = egg:swift#backend_ratelimit +# Set the maximum rate of requests per second per device per worker. Beyond +# this rate the server will return 529 responses and emit a 'backend.ratelimit' +# statsd metric without logging. The default value of zero causes no +# rate-limiting to be applied. +# requests_per_device_per_second = 0.0 +# +# Set the number of seconds of unused rate-limiting allowance that can +# accumulate and be used to allow a subsequent burst of requests. +# requests_per_device_rate_buffer = 1.0 + [account-replicator] # You can override the default log routing for this app here (don't use set!): # log_name = account-replicator diff --git a/etc/container-server.conf-sample b/etc/container-server.conf-sample index e1f8482c6..5f949abc4 100644 --- a/etc/container-server.conf-sample +++ b/etc/container-server.conf-sample @@ -86,7 +86,7 @@ bind_port = 6201 # ionice_priority = [pipeline:main] -pipeline = healthcheck recon container-server +pipeline = healthcheck recon backend_ratelimit container-server [app:container-server] use = egg:swift#container @@ -138,6 +138,18 @@ use = egg:swift#healthcheck use = egg:swift#recon #recon_cache_path = /var/cache/swift +[filter:backend_ratelimit] +use = egg:swift#backend_ratelimit +# Set the maximum rate of requests per second per device per worker. Beyond +# this rate the server will return 529 responses and emit a 'backend.ratelimit' +# statsd metric without logging. The default value of zero causes no +# rate-limiting to be applied. +# requests_per_device_per_second = 0.0 +# +# Set the number of seconds of unused rate-limiting allowance that can +# accumulate and be used to allow a subsequent burst of requests. +# requests_per_device_rate_buffer = 1.0 + [container-replicator] # You can override the default log routing for this app here (don't use set!): # log_name = container-replicator diff --git a/etc/object-server.conf-sample b/etc/object-server.conf-sample index e7466bba8..c06f4365e 100644 --- a/etc/object-server.conf-sample +++ b/etc/object-server.conf-sample @@ -111,7 +111,7 @@ bind_port = 6200 # ionice_priority = [pipeline:main] -pipeline = healthcheck recon object-server +pipeline = healthcheck recon backend_ratelimit object-server [app:object-server] use = egg:swift#object @@ -231,6 +231,18 @@ use = egg:swift#recon #recon_cache_path = /var/cache/swift #recon_lock_path = /var/lock +[filter:backend_ratelimit] +use = egg:swift#backend_ratelimit +# Set the maximum rate of requests per second per device per worker. Beyond +# this rate the server will return 529 responses and emit a 'backend.ratelimit' +# statsd metric without logging. The default value of zero causes no +# rate-limiting to be applied. +# requests_per_device_per_second = 0.0 +# +# Set the number of seconds of unused rate-limiting allowance that can +# accumulate and be used to allow a subsequent burst of requests. +# requests_per_device_rate_buffer = 1.0 + [object-replicator] # You can override the default log routing for this app here (don't use set!): # log_name = object-replicator |