summaryrefslogtreecommitdiff
path: root/etc
diff options
context:
space:
mode:
Diffstat (limited to 'etc')
-rw-r--r--etc/internal-client.conf-sample4
-rw-r--r--etc/memcache.conf-sample6
-rw-r--r--etc/proxy-server.conf-sample37
3 files changed, 34 insertions, 13 deletions
diff --git a/etc/internal-client.conf-sample b/etc/internal-client.conf-sample
index a3be2eaa4..7ded5fd8a 100644
--- a/etc/internal-client.conf-sample
+++ b/etc/internal-client.conf-sample
@@ -2,7 +2,9 @@
# swift_dir = /etc/swift
# user = swift
# You can specify default log routing here if you want:
-# log_name = swift
+# Note: the 'set' syntax is necessary to override the log_name that some
+# daemons specify when instantiating an internal client.
+# set log_name = swift
# log_facility = LOG_LOCAL0
# log_level = INFO
# log_address = /dev/log
diff --git a/etc/memcache.conf-sample b/etc/memcache.conf-sample
index 18faa668e..b375eb402 100644
--- a/etc/memcache.conf-sample
+++ b/etc/memcache.conf-sample
@@ -56,3 +56,9 @@
# specified in tls_certfile. If tls_enabled is False, this option
# is ignored.
# tls_keyfile =
+#
+# If an item size ever gets above item_size_warning_threshold then a warning will be
+# logged. This can be used to alert when memcache item sizes are getting to their limit.
+# It's an absolute size in bytes. Setting the value to 0 will warn on every memcache set.
+# A value of -1 disables the warning.
+# item_size_warning_threshold = -1
diff --git a/etc/proxy-server.conf-sample b/etc/proxy-server.conf-sample
index de51c7bcc..ef49c430f 100644
--- a/etc/proxy-server.conf-sample
+++ b/etc/proxy-server.conf-sample
@@ -86,6 +86,9 @@ bind_port = 8080
# cors_expose_headers =
#
# client_timeout = 60.0
+#
+# Note: enabling evenlet_debug might reveal sensitive information, for example
+# signatures for temp urls
# eventlet_debug = false
#
# You can set scheduling priority of processes. Niceness values range from -20
@@ -144,6 +147,15 @@ use = egg:swift#proxy
# so this value should be set less than recheck_updating_shard_ranges.
# recheck_listing_shard_ranges = 600
#
+# For particularly active containers, having information age out of cache can
+# be quite painful: suddenly thousands of requests per second all miss and
+# have to go to disk. By (rarely) going direct to disk regardless of whether
+# data is present in memcache, we can periodically refresh the data in memcache
+# without causing a thundering herd. Values around 0.0 - 0.1 (i.e., one in
+# every thousand requests skips cache, or fewer) are recommended.
+# container_updating_shard_ranges_skip_cache_pct = 0.0
+# container_listing_shard_ranges_skip_cache_pct = 0.0
+#
# object_chunk_size = 65536
# client_chunk_size = 65536
#
@@ -583,8 +595,8 @@ use = egg:swift#s3api
# you don't expect.
# s3_acl = false
#
-# Specify a host name of your Swift cluster. This enables virtual-hosted style
-# requests.
+# Specify a (comma-separated) list of host names for your Swift cluster.
+# This enables virtual-hosted style requests.
# storage_domain =
#
# Enable pipeline order check for SLO, s3token, authtoken, keystoneauth
@@ -989,16 +1001,17 @@ use = egg:swift#proxy_logging
# list like this: access_log_headers_only = Host, X-Object-Meta-Mtime
# access_log_headers_only =
#
-# By default, the X-Auth-Token is logged. To obscure the value,
-# set reveal_sensitive_prefix to the number of characters to log.
-# For example, if set to 12, only the first 12 characters of the
-# token appear in the log. An unauthorized access of the log file
-# won't allow unauthorized usage of the token. However, the first
-# 12 or so characters is unique enough that you can trace/debug
-# token usage. Set to 0 to suppress the token completely (replaced
-# by '...' in the log).
-# Note: reveal_sensitive_prefix will not affect the value
-# logged with access_log_headers=True.
+# The default log format includes several sensitive values in logs:
+# * X-Auth-Token header
+# * temp_url_sig query parameter
+# * Authorization header
+# * X-Amz-Signature query parameter
+# To prevent an unauthorized access of the log file leading to an unauthorized
+# access of cluster data, only a portion of these values are written, with the
+# remainder replaced by '...' in the log. Set reveal_sensitive_prefix to the
+# number of characters to log. Set to 0 to suppress the values entirely; set
+# to something large (1000, say) to write full values. Note that some values
+# may start appearing in full at values as low as 33.
# reveal_sensitive_prefix = 16
#
# What HTTP methods are allowed for StatsD logging (comma-sep); request methods
View Lorry Controller Status