diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/internal-client.conf-sample | 4 | ||||
-rw-r--r-- | etc/memcache.conf-sample | 6 | ||||
-rw-r--r-- | etc/proxy-server.conf-sample | 37 |
3 files changed, 34 insertions, 13 deletions
diff --git a/etc/internal-client.conf-sample b/etc/internal-client.conf-sample index a3be2eaa4..7ded5fd8a 100644 --- a/etc/internal-client.conf-sample +++ b/etc/internal-client.conf-sample @@ -2,7 +2,9 @@ # swift_dir = /etc/swift # user = swift # You can specify default log routing here if you want: -# log_name = swift +# Note: the 'set' syntax is necessary to override the log_name that some +# daemons specify when instantiating an internal client. +# set log_name = swift # log_facility = LOG_LOCAL0 # log_level = INFO # log_address = /dev/log diff --git a/etc/memcache.conf-sample b/etc/memcache.conf-sample index 18faa668e..b375eb402 100644 --- a/etc/memcache.conf-sample +++ b/etc/memcache.conf-sample @@ -56,3 +56,9 @@ # specified in tls_certfile. If tls_enabled is False, this option # is ignored. # tls_keyfile = +# +# If an item size ever gets above item_size_warning_threshold then a warning will be +# logged. This can be used to alert when memcache item sizes are getting to their limit. +# It's an absolute size in bytes. Setting the value to 0 will warn on every memcache set. +# A value of -1 disables the warning. +# item_size_warning_threshold = -1 diff --git a/etc/proxy-server.conf-sample b/etc/proxy-server.conf-sample index de51c7bcc..ef49c430f 100644 --- a/etc/proxy-server.conf-sample +++ b/etc/proxy-server.conf-sample @@ -86,6 +86,9 @@ bind_port = 8080 # cors_expose_headers = # # client_timeout = 60.0 +# +# Note: enabling evenlet_debug might reveal sensitive information, for example +# signatures for temp urls # eventlet_debug = false # # You can set scheduling priority of processes. Niceness values range from -20 @@ -144,6 +147,15 @@ use = egg:swift#proxy # so this value should be set less than recheck_updating_shard_ranges. # recheck_listing_shard_ranges = 600 # +# For particularly active containers, having information age out of cache can +# be quite painful: suddenly thousands of requests per second all miss and +# have to go to disk. By (rarely) going direct to disk regardless of whether +# data is present in memcache, we can periodically refresh the data in memcache +# without causing a thundering herd. Values around 0.0 - 0.1 (i.e., one in +# every thousand requests skips cache, or fewer) are recommended. +# container_updating_shard_ranges_skip_cache_pct = 0.0 +# container_listing_shard_ranges_skip_cache_pct = 0.0 +# # object_chunk_size = 65536 # client_chunk_size = 65536 # @@ -583,8 +595,8 @@ use = egg:swift#s3api # you don't expect. # s3_acl = false # -# Specify a host name of your Swift cluster. This enables virtual-hosted style -# requests. +# Specify a (comma-separated) list of host names for your Swift cluster. +# This enables virtual-hosted style requests. # storage_domain = # # Enable pipeline order check for SLO, s3token, authtoken, keystoneauth @@ -989,16 +1001,17 @@ use = egg:swift#proxy_logging # list like this: access_log_headers_only = Host, X-Object-Meta-Mtime # access_log_headers_only = # -# By default, the X-Auth-Token is logged. To obscure the value, -# set reveal_sensitive_prefix to the number of characters to log. -# For example, if set to 12, only the first 12 characters of the -# token appear in the log. An unauthorized access of the log file -# won't allow unauthorized usage of the token. However, the first -# 12 or so characters is unique enough that you can trace/debug -# token usage. Set to 0 to suppress the token completely (replaced -# by '...' in the log). -# Note: reveal_sensitive_prefix will not affect the value -# logged with access_log_headers=True. +# The default log format includes several sensitive values in logs: +# * X-Auth-Token header +# * temp_url_sig query parameter +# * Authorization header +# * X-Amz-Signature query parameter +# To prevent an unauthorized access of the log file leading to an unauthorized +# access of cluster data, only a portion of these values are written, with the +# remainder replaced by '...' in the log. Set reveal_sensitive_prefix to the +# number of characters to log. Set to 0 to suppress the values entirely; set +# to something large (1000, say) to write full values. Note that some values +# may start appearing in full at values as low as 33. # reveal_sensitive_prefix = 16 # # What HTTP methods are allowed for StatsD logging (comma-sep); request methods |