Lifecycle policy specification includes:
Cluster setting
Policy header on domain objects (optional)
Policy headers on bucket objects
Cluster Setting Values
The Swarm cluster setting policy.lifecycle
supports two values:
disabled – By default, the evaluation of all lifecycle policies is disabled in the cluster to provide legacy behavior.
enabled – Lifecycle policies may be enabled or disabled at the domain level for domains where such policies are applied.
The policy.lifecycle
setting can be set via Management API.
SNMP Name | Default | Desciption |
bidding.relocationThreshold | 5 | Percentage, 0-100. How much difference between volume utilizations will cause a lower bid on another node to relocate or rebalance a replica to the other node. Lower values improve load balancing and throughput. Higher values minimize data movement at the expense of lower maximum throughput. |
SNMP: relocationThreshold | ||
cip.group | 224.0.10.100 | The multicast IP address for the cluster, as a Class D IP address in the 224.0.0.0 - 239.255.255.255 range. This address must be unique for each cluster. When configuring multiple, distinct clusters, take care that the multicast groups do not overlap, as any node with the same multicast group will become part of a single cluster. |
SNMP: group | Examples: 224.5.5.7, 239.255.255.253 | |
cip.queryRetryMultiplier | 1 | What multiple of time to wait on each successive UDP multicast read retry. |
SNMP: queryRetryMultiplier | ||
cip.ttl | 1 | Controls configuration of multicast network traffic TTL (time to live). When set to 1, the multicast traffic should remain on the subnet. |
cluster.enforceTenancy | FALSE | Setting to True (recommended) ensures that all content is written into a domain named in the request or else into the default domain. Setting to False (default) allows backward compatibility for applications in use before Swarm 5.0 that access data outside of domains and is required when using Gateway in legacy only mode to access this kind of content. Set to True for new deployments. |
SNMP: enforceTenancy | ||
The name of the cluster. Use an IANA-compatible domain name, such as cluster.example.com, and create one domain with the same name as the cluster, which sets up a default cluster domain that holds all unnamed objects. Do not use spaces in the name. To prevent confusion, configure all nodes in the cluster with the same cluster name. | ||
SNMP: cluster | Example: swarm1.yourcompany.com | |
cluster.proxyIPAddress | [deprecated] The reverse proxy IP address for the cluster. Use cluster.proxyIPList instead. | |
Example: 129.3.7.14 | ||
cluster.proxyIPList | For use with bidirectional GET replication only, to configure proxies on the source side for the target nodes to connect to. A comma-separated list of reverse proxy IP addresses or names, including ports in name:port format. | |
SNMP: clusterProxyIpList | Example: 129.3.7.14:80, 129.3.7.15:80 | |
cluster.proxyPort | 80 | [deprecated] The reverse proxy access port for the cluster. Use cluster.proxyIPList instead. |
console.expiryErrInterval | 10 | Number of days before the cluster license expires to generate an error as a log message and a console indicator. |
console.expiryWarnInterval | 30 | Number of days before the cluster license expires to generate a warning as a log message and a console indicator. |
console.indexErrorLevel | 90 | Percentage, 0-100. How much index utilization will generate an error as a log message and a console indicator. |
console.indexWarningLevel | 80 | Percentage, 0-100. How much index utilization will generate a warning as a log message and a console indicator. |
console.messageExpirationSeconds | 1209600 | In seconds; defaults to 2 weeks. How long until an error expires out of the error table. |
SNMP: messageExpirationSeconds | ||
console.port | 90 | Which port Swarm uses to listen for requests. All nodes in the same cluster must be set to the same port. When deploying Swarm into untrusted network environments, firewall this port so that only administrators can access it. |
console.reportStyleUrl | The URL for the path to the stylesheet and image files for configuring Swarm console. | |
console.spaceErrorLevel | 10 | Percentage, 0-100. How much cluster capacity remaining will generate an error as a log message and a console indicator. |
console.spaceWarnLevel | 25 | Percentage, 0-100. How much cluster capacity remaining will generate a warning as a log message and a console indicator. |
console.styleUrl | The URL for the path to the stylesheet and image files for configuring the Swarm console. | |
Example: http://10.10.15.32/css/swarm.css | ||
disk.atimeEnabled | FALSE | Whether to track the time of last access on GET requests, stored in the Castor-System-Accessed header and indexed as the search field 'accessed'. Increases load on the cluster and Elasticsearch. |
SNMP: accessedTimeEnabled | ||
disk.atimeGranularity | 86400 | In seconds; defaults to 1 day. The window during which accessed time will not be updated. Lowering the value affects GET performance. |
SNMP: accessedTimeGranularity | ||
disk.contextDeleteMarkerLifespan | 31536000 | In seconds; defaults to 1 year. How long a delete marker lives for a context (domain or bucket) object. |
disk.deleteMarkerLifespan | 1209600 | In seconds; defaults to 2 weeks. How long the cluster remembers a deleted named object. Lower this value if your applications create and delete objects so rapidly that they cause available memory to decrease. To view the current amount of available memory on a node, expand Node Info to see the value of Index Utilization. If this value is high for a long period of time, you may have stored a large number of objects and may benefit from lowering this value. |
disk.obsoleteTimeout | 1209600 | In seconds; defaults to 2 weeks. The amount of time after which an unused volume is considered "stale" and will not recover, except with use of the 'k' modifier. |
ec.conversionPercentage | 0 | Percentage, 1-100; 0 stops all conversion. Adjusts the rate at which the Health Processor consolidates multi-set erasure-coded objects each HP cycle. Lower to reduce cluster load; increase to convert a large number of eligible objects faster, at the cost of load on the cluster. Requires policy.eCEncoding to be specified. |
SNMP: ecConversionPercentage | ||
ec.convertToPolicy | FALSE | When true, convert existing EC objects to the EC encoding specified by policy. |
SNMP: ecConvertToPolicy | ||
ec.convertVersionedObjects | FALSE | When true, Swarm performs lifepoint conversions and consolidations of multi-set erasure-coded versioned objects. |
SNMP: ecConvertVersionedObjects | ||
ec.maxManifests | 6 | Range, 3-36. The maximum number of manifests written for an EC object. Usually p+1 are written for a k:p encoding. Do not set above 6 unless directed by Support. |
SNMP: ecMaxManifests | ||
ec.minParity | -1 | Range -1 or 1-4; default of -1 is max(policyminreps - 1, 1), where policyminreps is the min value in policy.replicas. The minimum number of parity segments the cluster requires. This is the lower limit on p for EC content protection, regardless of the parity value expressed on individual objects through query arguments or lifepoints. |
SNMP: ecMinParity | ||
ec.protectionLevel | node | Either 'node', 'subcluster', or 'volume'. At what level segments must be distributed for an EC write to succeed; note that multiple segments are allowed per level, if needed. 'node' (default) distributes segments across the cluster's physical/virtual machines. 'subcluster' requires node.subcluster to be defined across sets of nodes. You must have (k+p)/p nodes/subclusters for those levels; at minimum, you must have k+p volumes. |
SNMP: ecProtectionLevel | ||
ec.segmentConsolidationFrequency | 10 | Percentage, 1-100, 0 to disable. How quickly the health processor consolidates object segments after ingest. Increase this value (such as to 25, to consolidate over 4 HP cycles) to make new content readable sooner by clients. For multipart uploads via S3 clients, 10 is recommended; for SwarmFS, 100 is recommended, with extra space allowances for trapped space. Consolidation changes the ETag (which affects If-Match requests) and Castor-System-Version headers, but Content-MD5 and Castor-System-CompositeMD5 headers are unchanged. Therefore, have clients use hash and last-modified date, rather than ETag, to find if an object has changed. |
SNMP: ecSegmentConsolidationFrequency | ||
ec.segmentSize | -1 | In bytes; default of -1 implies 200 MB, with recommended minimum of 100 MB. The maximum size allowed for an EC segment before triggering another level of erasure coding. For mostly large (1+ GB) objects, increase to minimize the number of EC sets, which reduces index memory usage. Alternatively, increase the size as needed per write request using the 'segmentsize' query arg. |
SNMP: ecSegmentSize | ||
feeds.retry | [30, 300, 1200] | In seconds. The progressive number of retry attempts by the plug-in, when blocked. |
SNMP: feedsRetryDelays | Example: [60, 60, 60, 3600] | |
feeds.statsReportInterval | 300 | In seconds. How frequently to report statistics. |
health.defragInterval | 3600 | In seconds; defaults to 1 hour. How long to wait between attempts to defrag a volume during an HP cycle. |
SNMP: healthDefragInterval | ||
health.ecrSegmentDelay | 0 | In seconds; defaults to 0.0. Tunes ECRs by defining the length of the forced delay after each segment is relocated. Change from default only as directed. |
SNMP: healthFVRPushDelay | ||
health.examDelay | 0.18 | In seconds; defaults to 0.18. Tunes the health processor by defining the length of the forced delay until the next HP exam, or removes the delay altogether (-1). Change from default only as directed. |
SNMP: healthExamDelay | ||
health.fvrPushDelay | 0.3 | In seconds; defaults to 0.3. Tunes FVRs by defining the length of the forced delay after each replica/bundle is pushed to another node. Change from default only as directed. |
SNMP: healthFVRPushDelay | ||
health.neonatalROWProtection | TRUE | If the exam queue for newly written objects is close to overflow, enables Swarm to override the data protection scheme of transitioning to ROW (scsp.replicateOnWrite). All subsequent replicas are processed out of this queue. |
health.offloadPauseInterval | 600 | The delay between attempts to bulk offload to the cluster, in seconds. |
SNMP: healthOffloadPauseInterval | ||
health.parallelWriteTimeout | 2592000 | In seconds; defaults to 1 month. When to time out an uncompleted multipart upload so that Swarm can clean up the unused parts. 0 disables; do not disable if using SwarmFS. |
SNMP: healthParallelWriteTimeout | ||
health.persistentUnderreplicationAlertPercent | 2 | Percentage, 0-100; set 0 to disable. Creates an alert when this percentage (or more) of objects are persistently under-replicated. |
SNMP: healthPersistentUnderreplicationAlertPercent | ||
health.recursiveDeleteDelay | 604800 | In seconds; defaults to 1 week. The length of the grace period before the health processor begins reclaiming the space for a deleted domain or bucket. During this grace period, you can restore the domain or bucket without losing any of its content. No grace period is granted if you use recursive=now. |
health.relocationVolumeFillRate | 10 | Percentage, 0-100. How much available space on new volumes may be filled for object relocation during one cluster health processor (HP) cycle, to prevent the HP on existing nodes from overwhelming a new, empty node. |
SNMP: hpRelocationVolumeFillRate | ||
health.replicationMulticastFrequency | 1 | Percentage, 0-100. The frequency, as an approximate percentage, that UUIDs are multicast to verify replicas. Set this parameter to the same value for all nodes in the cluster. |
SNMP: repMulticastFrequency | ||
health.replicationUnicastFrequency | 100 | Percentage, 0-100. The frequency, as an approximate percentage, that a unit is forced to verify hints. |
SNMP: repUnicastFrequency | ||
health.underreplicationAlertPercent | 10 | Percentage, 0-100; set 0 to disable. Generates an under-replication alert when the percentage of under-replicated objects exceeds this value. |
SNMP: healthUnderreplicationAlertPercent | ||
health.underreplicationTolerance | 100 | Count. The number of under-replicated objects below which to suppress the alerts triggered by health.underreplicationAlertPercent. |
SNMP: healthUnderreplicationTolerance | ||
index.optimize404 | TRUE | Enables the Optimize 404 feature in the overlay index, which returns 404 without multicast where possible. |
SNMP: overlayOptimize404 | ||
index.ovMinNodes | 3 | Count. The minimum number of cluster nodes needed to activate use of the overlay index. |
SNMP: overlayMinNodes | ||
index.overlayEnabled | TRUE | Enables the overlay index. |
SNMP: overlayIndexEnabled | ||
log.host | The IP address of the remote Syslog server. Logging must be used for production environments. Set to '' to stop logging in test environments. | |
SNMP: logHost | Example: 10.10.33.12 | |
log.level | 40 | The log level, from most to least verbose, each including everything below it: 10, 20, 30, 40, 50, 0. 10 Debug (all information plus stack traces), 15 Audit (replication and object movement), 20 Info (informational, including non-errors), 30 Warn (user and application errors, plus SCSP 4xx/5xx codes), 40 Error (server hardware and software errors, plus abnormal conditions), 50 Critical (errors that can result in data loss, such as disk I/O errors), 0 Disable logging. |
SNMP: logLevel | ||
log.obscureUUIDs | FALSE | Whether to obscure UUIDs from displaying in INFO and higher level logs (does not affect AUDIT and lower levels). Set to True to abbreviate the UUID, if indicated by your security requirements. |
SNMP: logObscureUUIDs | ||
log.port | 514 | The port for the remote syslog host to use. |
SNMP: logPort | ||
metrics.diskUtilizationCheckInterval | 600 | [deprecated] In seconds, from 15 seconds to 1 day; defaults to 10 minutes. How frequently to check disk utilization on the Elasticsearch cluster. |
metrics.diskUtilizationThreshold | 5 | [deprecated] Percentage, 0-100. The minimum space available Elasticsearch disk space that, when reached, will stop metrics from being indexed. |
metrics.enableNodeExporter | TRUE | Enabled by default. Set to FALSE to to disable the node_exporter service, for the export of both node system metrics and Swarm metrics. |
metrics.nodeExporterFrequency | 0 | In seconds, from 1 minute to 1 hour; How frequently to refresh Swarm-specific metrics via the node exporter. 0 disables export of this data. |
SNMP: metricsExporterFrequency | ||
metrics.period | 900 | [deprecated] In seconds, from 15 seconds to 1 day; defaults to 15 minutes. How frequently to capture metrics-related statistics. |
SNMP: metricsPeriod | ||
metrics.port | 9200 | [deprecated] The port on the Elasticsearch server where metrics-related statistics are captured. |
SNMP: metricsTargetPort | ||
metrics.target | [deprecated] One or more servers in the Elasticsearch cluster (fully qualified domain names or IP addresses) where metrics-related statistics are captured. Use spaces or commas to separate multiple values. To disable statistics collection, leave blank. | |
SNMP: metricsTargetHost | Examples: es1.yourcompany.com, es2.yourcompany.com, 10.12.14.14 | |
network.dnsDomain | Optional. The domain name(s) that will be searched for host name resolution when using static IP assignment. Ignored unless network.ipAddress is set. Use in conjunction with network.dnsServers. | |
Examples: http://example.com, hq.example.com, dr.example.com | ||
network.dnsServers | Optional. The servers that will be used for host name resolution when using static IP assignment. Ignored unless network.ipAddress is set. Use in conjunction with network.dnsDomain. | |
Examples: 8.8.8.8, 1.1.1.1, 8.8.4.4 | ||
network.icmpAcceptRedirects | TRUE | Determines if the node accepts routing information from ICMP redirect responses. |
network.igmpTimeout | 0 | In seconds; defaults to 0 (disabled). The IGMP querier timeout, which is the frequency that IGMP queries will be sent on the network. |
SNMP: networkIGMPTimeout | ||
network.igmpVersion | 2 | Range, 1-3. The IGMP (Internet Group Management Protocol) version that the Linux kernel will use for host membership queries. |
network.mtu | 0 | In bytes. Sets the maximum transmission unit (MTU) that Swarm accepts. Set to a higher value to use jumbo frames. Before you change the default value, verify that the node's network interfaces and all other network hardware support the selected MTU; otherwise, the nodes might not be able to replicate objects or communicate. Set to 0 to use value from DHCP or else 1500. |
policy.eCEncoding | unspecified anchored | The cluster-wide setting for the EC (erasure coding) encoding policy. Valid values: unspecified, disabled, k:p (a tuple such as 5:2 that specifies the data (k) and parity (p) encoding to use). Add 'anchored' to set this cluster-wide; remove it to allow domains and buckets to have custom encodings. |
SNMP: policyECEncoding | Examples: 05:02, 6:3 anchored | |
policy.eCMinStreamSize | 1Mb anchored | In integer units of megabytes (MB) or gigabytes (GB); must be 1MB or greater. The size that triggers an object to be erasure-coded, if specified (by eCEncoding, lifepoint, query arg) and allowed by policy. Below this threshold, objects are replicated unless they are multipart or chunked writes. Add 'anchored' to set this cluster-wide; remove it to allow domains and buckets to have custom values. |
SNMP: policyECMinStreamSize | Examples: 100Mb, 1GB anchored | |
policy.lifecycle | disabled | The cluster-wide setting for bucket lifecycle policies. If enabled, bucket lifecycle policies will be evaluated. |
SNMP: policyLifecycle | Examples: disabled, enabled | |
policy.replicas | min:2 max:16 default:2 anchored | The minimum, maximum, and default number of replicas allowed for objects in this cluster. Can differ from the policy in a replicated target cluster. |
SNMP: policyReplicas | Examples: min:2 max:16 default:3, min:3 max:10 default:3 | |
policy.versioning | disallowed | Specifies whether versioning is allowed to be enabled on contexts (domains and buckets) within the cluster. Valid states: disallowed, suspended, allowed. This policy overrides context-level policies. Disallowed removes historical versions, if any. Suspended stops creation of new versions but retains version history. |
SNMP: policyVersioning | Examples: allowed, disallowed, suspended | |
power.savingMode | TRUE | Enables Power Saving mode, which allows the system to go to sleep or power cap. Set to False to disable Power Saving mode. |
SNMP: powerSavingMode | ||
power.sleepAfter | 7200 | In seconds, 60 or greater; defaults to 2 hours. In Power Saving mode, how long a node is inactive before it becomes idle. |
SNMP: sleepAfter | ||
power.wakeAfter | 28800 | In seconds; defaults to 8 hours. In Power Saving mode, how long a node is idle before it becomes active again. |
SNMP: wakeAfter | ||
recovery.completedRecoveryExpiration | 2592000 | In seconds; defaults to 30 days. How long to remember completed recoveries. |
SNMP: completedRecoveryExpiration | ||
recovery.suspend | FALSE | Defaults to False, which allows normal volume recovery and recovery behavior. Set to True to disable all recovery behavior. All nodes in the cluster must be set to the same value. |
SNMP: volumeRecoverySuspend | ||
recovery.suspendedVolumes | [] | The comma-separated list of 32-character volume IDs of the volumes for which recovery is suspended. |
SNMP: castorAddVolumeRecoverySuspend, castorRemoveVolumeRecoverySuspend | Example: ['d315ca82bae4b4a0d24fd90904216554', '2195a057c205bd58e05f5835d4b9f21e'] | |
recovery.volMaintenanceInterval | 10800 | In seconds; defaults to 3 hours. How long the cluster waits after a node has been rebooted or shut down before considering the node and its volumes missing for recovery and replication purposes. This time does not include the time to mount the volumes. This maintenance window allows administrators to perform regular, scheduled tasks on a node without creating over-replication in the cluster. Node shutdowns or failures that are not initiated by an administrator are considered immediately missing. |
SNMP: volMaintenanceInterval | ||
scsp.allowPutCreate | FALSE | When true, PUTs can be used to create new named objects. Conditional headers still apply. With this option enabled, you do not need to add the putcreate query argument. |
SNMP: allowPutCreate | ||
scsp.autoContentMD5Computation | FALSE | When true, Swarm computes and stores the Content-MD5 value on every applicable write. |
SNMP: autoContentMD5Computation | ||
scsp.autoRecursiveDelete | TRUE | When true, all context deletes (deletes of domains and buckets) are treated as recursive, which prevents orphaned content. With this option enabled, you do not need to add the recursive query argument. To force immediate reclamation of space, use the recursive=now argument. |
SNMP: autoRecursiveDelete | ||
scsp.clientPoolTimeout | 120 | In seconds. How long until pooled SCSP connections expire. |
SNMP: scspClientPoolTimeout | ||
scsp.defaultContextReplicas | -1 | Defaults to -1, which uses the value of scsp.maxContextReplicas. Sets the default number of replicas for a POST/PUT on a context (domain or bucket) object if the number is not specified by the current lifepoint or the request. |
SNMP: scspDefaultContextReplicas | ||
scsp.defaultFeedSendTimeout | 30 | The timeout on a feed SEND request, if the timeout=true query argument is provided. |
scsp.defaultROWAction | immediate | The default Replicate On Write (ROW) action when scsp.replicateOnWrite is enabled. Valid options are 'immediate', 'full', or an integer between 2 and 5 (inclusive). |
SNMP: scspDefaultROWAction | ||
scsp.domainHeaders | ['X-Forwarded-Host', 'Host'] | A comma-separated list of headers that specifies the search order in which to find the host of an SCSP request. RFC 7230 5.4 requires a Host header with every SCSP request to support web servers or server farms that host multiple domains. Your client might use an HTTP proxy that modifies the Host header, but the Swarm domain name matches the original Host header. In that case, an HTTP proxy copies the original Host header into another header, typically X-Forwarded-Host. |
Examples: ['X-Forwarded-Host', 'Host', 'X-ProxyForward-Host'], ['Host'] | ||
scsp.enableVolumeRedirects | FALSE | Whether to allow redirects to SCSP heads on volume processes, for faster GET requests. For use with Gateway only, and best for sites with smaller objects. |
SNMP: enableVolumeRedirects | ||
scsp.falseStartTimeout | 240 | In seconds, 0 to disable; defaults to 4 minutes. How long to wait to receive the first byte before timing out and disconnecting. |
scsp.filterResponseBlacklist | [] | Which headers to remove from HTTP responses. List is comma-separated and case-insensitive. For example: ['Castor-System-Path', 'Castor-System-Owner'] |
SNMP: filterResponseBlacklist | ||
scsp.filterResponseHeaders | none | Swarm will filter response headers according to the given method. Allowed values: 'none', 'blacklist', 'whitelist'. |
SNMP: filterResponseHeaders | ||
scsp.filterResponseWhitelist | [] | Which headers to retain in HTTP responses, removing all others. List is comma-separated and case-insensitive. For example: ['Etag', 'Last-Modified'] |
SNMP: filterResponseWhitelist | ||
scsp.idleDisconnectTimeout | 14400 | In seconds, 0 to disable; defaults to 4 hours. How long to wait after receiving the last byte before timing out and disconnecting. |
scsp.keepAliveInterval | 15 | How many seconds to wait before sending successive chunked keep-alive bytes after a 202 Accepted response. |
SNMP: keepAliveInterval | ||
scsp.maxContextReplicas | 16 | Count. Sets the maximum number of replicas in this cluster for a context (domain or bucket) object. |
SNMP: maxcontextreplicas | ||
scsp.maxReadTime | 10800 | SCSP read time limit in seconds; defaults to 3 hours. SCSP GET requests running longer than this value will be prematurely closed. |
scsp.maxWriteTime | 10800 | SCSP write time limit in seconds; defaults to 3 hours. SCSP write requests running longer than this value will be prematurely closed. |
SNMP: scspMaxWriteTime | ||
scsp.port | 80 | Port number; defaults to 80. The port used by client applications to access cluster nodes with HTTP requests. This setting must be the same on all nodes in the same cluster. |
SNMP: scspport | ||
scsp.replicateOnWrite | TRUE | Enabled by default. Improves content integrity by requiring a replica to be written in order for the POST, PUT, COPY, or APPEND request to succeed. Set to False to have the health processor manage creation of replicas after the write. |
SNMP: autoRepOnWrite | ||
scsp.requireExplicitContextCreate | FALSE | When true, Swarm requires creation of a context (domain or bucket) to include the 'Content-type: application/castorcontext' header. Enable the option to protect against content being erroneously written as context objects, which hurts performance. |
SNMP: requireExplicitContextCreate | ||
scsp.validateOnRead | FALSE | Disabled by default. Enable to force Swarm to validate the object's contents before returning successful read responses to client requests. Although validation can be specified on a per-read basis, this setting forces all reads to use validation. During the read from the disk, the content hash is computed. If the hash is wrong, indicating logical disk corruption, the socket will be closed before the last block is transmitted, forcing an error to the client. Note that using this option creates additional CPU load on the node. |
SNMP: scspValidateOnRead | ||
search.caseInsensitive | FALSE | Whether metadata fields should support case-insensitive searching. If true, then all custom metadata will be indexed to support only case-insensitive searching. |
search.enableCustomMetadataTyping | TRUE | Whether to publish custom metadata typing information to Elasticsearch. |
SNMP: enableCustomMetadataTyping | ||
search.enableDelimiterPaths | FALSE | Whether to publish name delimiter path information to Elasticsearch. |
SNMP: enableDelimiterPaths | ||
search.numberOfShards | 5 | The number of shards to use when creating new Elasticsearch search indexes. |
SNMP: searchNumberOfShards | ||
search.pathDelimiter | / | Which character to use for parsing directory paths from object names, such as '2018/Q4/snapshot.pdf'. Defaults to forward slash: / |
security.administrators | {'admin': 'ourpwdofchoicehere'} | One or more username:password pairs. Sets credentials for who can administer the cluster via the Swarm UI. If the value includes the snmp username, remove it from here and update snmp.rwCommunity with its password. |
SNMP: addModifyAdministrator, removeAdministrator | Example: | |
{'admin': 'adminpassword', 'admin2': 'adminpassword2'} | ||
security.noauth | TRUE | [deprecated] To enable native Swarm authorization, set to False. |
security.operators | {} | One or more username:password pairs. Sets credentials for who can view the Swarm UI. If the value includes an snmp username, it is ignored; remove it from here and update snmp.roCommunity with its password. |
Example: {'operator': 'operatorpassword', 'operator2': 'operatorpassword2'} | ||
security.secureLogging | FALSE | Enable to prevent logging of the details of a client request. This option results in short, secure log messages. |
SNMP: secureLogging | ||
snmp.getnextskips | ['35', '36.20', '36.21', '36.22', '36.23', '36.25', '37.11.8', '38', '41', '55', '57', '58', '61', '63', '64', '65', '66', '68', '69'] | List of OIDs to be skipped on output. To protect cluster performance, this setting causes the snmpwalk of the entire CASTOR MIB to skip several large, detailed tables in SNMP groups. The default list of OIDs causes a top-level snmpwalk to skip the groups or tables under clusterConfig, responseHistogramTable, hp, clusterdata, indexer, configVariableTable, castorFeeds, feedVolTable, performance, and recoveryTable. You can add or remove OIDs to control which sections of the MIB are returned by an snmpwalk. Enter values as strings in numeric form, relative to the Castor OID, .1.3.6.1.4.1.24659.1. |
Example: ['35', '37.11.8', '38', '41', '55', '57', '58', '61', '63', '64', '65', '66', '68', '69'] | ||
snmp.roCommunity | public | Password for the SNMP read-only community. If security.operators includes the snmp username, remove it and update the password here. |
snmp.rwCommunity | ourpwdofchoicehere | Password for the SNMP read-write community. If security.administrators includes the snmp username, remove it and update the password here. |
snmp.timeout | 5 | In seconds, 1-60. The snmpget, snmpset, and snmpwalk timeout for Swarm and Watchdog. |
SNMP: snmpTimeout | ||
startup.certificates | Public certificates to add to cert bundle. |
Chassis (Node) Settings
SNMP Name | Default | Description |
cache.expirationTime | 600 | In seconds; defaults to 10 minutes. Set 0 to disable. How long to hold an object after its last access. |
cache.maxCacheableSize | 1E+06 | In bytes, defaulting to 1 MB. The largest object that can be stored in the content cache. If increased to greater than 5 MB, then scsp.readBufferAllowance must be increased to the same value. |
cache.percentage | 10 | Percentage, 0-100; set 0 to disable. How much I/O buffer memory to reserve for the content cache, which improves access to active content by storing it in geographically proximate locations. The reserve is reported when the node starts up: 'MAIN ANNOUNCE: Memory allocation at startup.' For best performance, especially with writing named objects, do not disable the content cache unless directed by Support. |
cache.realmStaleTimeout | 600 | In seconds, 60 or higher. How long before the security user list cache for domains is cleared. Lower this value if user lists update frequently. |
The user-defined chassis name. | ||
cip.histogramInterval | 0.01 | In seconds. The histogram bucket bin size. |
cip.queryMinimumTimeout | 0 | In seconds. The minimum CIP query session time. |
cip.queryTimeout | 0.03 | In seconds. How long after booting that the cluster will initially wait for node replication bids. Once the cluster is running, bid wait times are calculated dynamically based on response times. For clusters with network latency, the initial wait time may need to be increased until the cluster can correctly calibrate. |
cip.readBufferSize | 1E+06 | In bytes. The size of the multicast UDP socket read buffer. This value is capped the Linux /proc/sys/net/core/rmem_max value, which may be set via sysctl.coreRMemMax. |
disk.defragBufferBytes | 0 | Size in bytes of the per-disk buffer allocated for bulk defragmentation operations. Disable bulk mode by setting to 0. |
disk.defragUntilPercentage | 0.8 | Ratio, 0.0-1.0. The portion of known unused space that, when untrapped, will stop the disk defrag process. |
disk.enableMultipath | FALSE | [deprecated] Whether to enable support for Device Mapper Multipathing (DM-Multipath). Multipath support was dropped in Swarm 10.0. |
disk.encryptNewVolumes | FALSE | Whether to encrypt new Swarm volumes. Enabling encryptNewVolumes means that any newly-formatted Swarm volume will be encrypted |
disk.encryptionCipher | aes-xts-plain64 | The encryption cipher to be used when setting encryption for new Swarm volumes. Supported values are aes-xts-plain64 and aes-cbc-essiv |
disk.encryptionHash | sha512 | The encryption hash algorithm to be used when setting encryption for new Swarm volumes. Supported values are sha256 and sha512. |
disk.encryptionIterationTime | 5000 | In seconds. The maximum amount of time to be spent while iterating to generate an internal LUKS key from a Swarm encryption key, which will be used when setting encryption for new Swarm volumes. |
disk.encryptionKeyPrimary | The mnemonic name of the encryption key to use for encrypting new Swarm volumes. Do not use quotes. For this key to be used, disk.encryptNewVolumes must be set to True. | |
Example: cluster_key_5_15_2016 | ||
disk.encryptionKeySize | 512 | The size of the internal LUKS key to be used when setting encryption for new Swarm volumes. Supported values are 128, 256, and 512. |
disk.encryptionKeys | {} | A comma-separated list of mnemonic name and encryption key pairs, used for accessing encrypted Swarm volumes. |
Example: {'cluster_key_5_15_2016': 'a24f8ec391ab3341', 'cluster_key_5_12_2015': 'de3498245ce8bf89'} | ||
disk.encryptionType | luks | The encrypted volume format type used when formatting new volumes. Supported values are: 'luks', 'luks1', 'luks2'. |
disk.ioErrorToRetire | 2 | Count. How many consecutive I/O errors (no more than disk.ioErrorWindow seconds between each error) that will force a volume to retire. |
disk.ioErrorTolerance | 200 | Count. How many I/O errors are tolerated, past which the volume is taken offline immediately. Swarm then marks the volume as Unavailable and initiates both the volume recovery process (FVR) and the erasure coding recovery process (ECR) to relocate all the volume's objects. |
disk.ioErrorWindow | 172800 | In seconds; defaults to 2 days. The length of time after which an I/O error is forgotten, if no other errors followed and the volume's state is OK. Works with disk.ioErrorToRetire to control when volumes are retired. The default values means that if more than one error occurs within 2 days, the volume is retired. |
disk.minGB | 64 | How many GB a device must have to be eligible for automatic storage volume assignment with volumes = all. Set to 0 to include all disk devices. |
disk.smudgesToRetire | 4 | How many soft errors (smudges) over the life of a volume will trigger Swarm to retire the volume. A soft error occurs when the health processor does not get the expected data when validating the object but the disk gave no explicit I/O (hard) error. Set to 0 to disable the automatic retire. |
disk.standbyTimeout | 360 | In seconds. How long until an idle disk spins down automatically. |
disk.trappedToTotalPercentage | 0.0001 | Ratio, 0.0-0.01. The portion, of trapped space to total space, below which, will stop the defrag process (0.0 for no limit). |
disk.volumes | Required. Specifies the volume storage devices for Swarm to use. Valid entries: all, or a space-separated list of Linux volume identifiers, such as /dev/sda, /dev/sdb. all (recommended) is required for hot plugging and lets Swarm to use all volumes larger than disk.minGB. If a node is shut down longer than disk.obsoleteTimeout, all of its volumes are stale and cannot be used unless you force a volume remount by adding the :k (keep) policy option modifier. To specify the size, add a modifier with units: vols1:100m vols2:250g. | |
SNMP: vols | Examples: all, /dev/sda /dev/sdb | |
ec.inProgressConsolidationTimeout | 86400 | Time in seconds, 0 to disable. An 'in progress' multipart PATCH complete cannot be consolidated before this timeout. |
feeds.maxMem | 100000 | In bytes. The maximum memory allowed per feed, for queue management. |
health.startDelay | 900 | In seconds; defaults to 900 seconds (15 minutes). How long after a node starts up to begin Health Processor checking and recovery processes. This option creates a grace period for the remaining nodes to stabilize in the cluster, which is useful in situations in which an entire cluster must be shut down and restarted. |
SNMP: hpStartDelay | ||
license.url | <Swarm default 2T license> | The location and name of the Swarm license file, caringo/license.txt. Can be a pathname or a URL. To use the default 2 TB license, you must keep the default location. |
mdns.readBufferSize | 1E+06 | In bytes. The size of the read buffer for the multicast UDP socket. |
network.gateway | Optional. The default gateway IP address in the subnet. Ignored unless network.ipAddress is set. | |
SNMP: gateway | Example: 10.10.12.253 | |
network.ipAddress | The single static IP address for a node to use, or blank to use DHCP. | |
SNMP: ipaddress | Example: 10.10.12.1 | |
network.iptablesFileUrl | Optional. Location (URL) of Linux firewall rules to apply. When specified, Swarm transmits the rules without validation to the 'iptables-restore' command before starting the storage node processes. | |
network.netmask | Optional. Sets the IP network mask for a node. Ignored unless network.ipAddress is set. | |
SNMP: netmask | Examples: 255.255.255.0, 255.255.0.0 | |
network.timeSource | Recommended. List of one or more NTP servers by IP address or by name if network.dnsServers is set. You must have at least one usable NTP server in order for the storage node to start. If you don't assign a value here, a list from *.pool.ntp.org will be generated. | |
SNMP: timeSource | Examples: 10.20.30.55, 10.20.30.65, http://0.be.pool.ntp.org, 1.be.pool.ntp.org | |
node.archiveMode | FALSE | Disabled by default, which is the normal operating state. Set to TRUE to change the node to archive mode, where it remains idle in low-power mode without participating in cluster activity until its capacity is needed. This setting is useful for proactively provisioning new nodes into the cluster before they are needed. |
SNMP: archiveMode | ||
node.subcluster | default | Specifies the name of the subcluster to which the chassis belongs. Names can have no more than 16 characters and no special characters, such as quotes and hyphens. |
SNMP: subcluster | Example: subcluster1 | |
shutdown.gracePeriod | 120 | In seconds; defaults to 2 minutes. How long to allow ongoing SCSP requests to complete during shutdown. |
snmp.enabled | TRUE | Master switch to enable or disable the SNMP daemon |
snmp.sysContact | Unspecified | The value for the SNMP system contact, SNMPv2-MIB::sysContact. Must be a valid email address in 7-bit USASCII in one of these forms: Name <email@domain> First Last <email@domain> |
Example: admin@yourcompany.com | ||
snmp.sysLocation | Unspecified | The value for the SNMP system location, SNMPv2-MIB::sysLocation. |
Example: rack3 | ||
snmp.sysName | Unspecified | The value for the SNMP system name, SNMPv2-MIB::sysName. |
Example: Joe Administrator |
Policy Header Values
Domain objects support a Policy-Lifecycle
header that controls the behavior of lifecycle policies for buckets in the domain. The header supports either of the following values:
<unspecified> – The lack of a defined policy header means that lifecycle policies are only enabled for buckets in the domain when the
policy.lifecycle
setting is enabled. This means that setting the policy at the domain level is optional.enabled – The lifecycle policies are enabled for buckets in a domain when the
policy.lifecycle
cluster setting is enabled.disabled – The lifecycle policies are disabled for buckets in a domain regardless of
policy.lifecycle
setting.
Lifecycle policy does not apply to unnamed content within a domain. Only named objects within buckets will have lifecycle policy applied to them.
Bucket objects support a Policy-Lifecycle
header with multiple values.
Each header value encodes one lifecycle policy rule.
Each lifecycle rule is comprised of a number of optional attributes, expressed as <name>:<value> pairs separated by space. Extra spaces are allowed at the beginning, end, and before & after the colon.
Important
Duplicate names are not allowed across lifecycle rules for a bucket.
Unsupported names or values result in an 400 error on the bucket (or domain) write. The 400 response will indicate the source of the problem.
Supported Rule Attributes
Attribute | Value | Definition |
---|---|---|
RuleId | <unique rule id> | A required, user-defined id of the rule. The value must be contained within quotes. Values within the quotes must be URL-encoded. |
Enabled | <true|false> | An optional indication to confirm whether the rule is enabled or not. The absence of this attribute indicates the rule enabled. |
NamePrefix | <prefix> | An optional prefix to be matched against the relative name of the object in question.
|
ExpirationDays | <nonnegative integer> | The current version of an object is expired after the defined number of days. |
ExpirationDate | <ISO 8601 date> | The current version of an object is expired after the defined date (midnight UTC time). |
ObsoleteExpirationDays | <nonnegative integer> | A non-current version of an object is expired after the defined number of days when the object becomes non-current. This rule impacts nothing if the versioning is not enabled on the bucket. |
ObsoleteExpirationDate | <ISO 8601 date> | A non-current version of the object is expired after the defined date (midnight UTC time). This rule impacts nothing if the versioning is not enabled on the bucket. |
Rules with Attributes
Every rule:
Must have one or multiple expiration attributes.
ExpirationDays and ExpirationDate attributes are mutually-exclusive.
ObsoleteExpirationDays and ObsoleteExprirationDate attributes are mutually-exclusive.
Expiration Time Rule
For expiration days,
Expiration time = Creation time of the current version + Number of days indicated + Rounded up to the next midnight UTCFor obsolete expiration days,
Expiration time = Create time of the next newest object version + Number of days indicated + Rounded up to the next midnight UTCISO 8601 dates must unambiguously specify a calendar date. The (unspecified) expiration time is always midnight UTC of that date, so any timezone specification is not allowed.
Expiration of a current version of an object (i.e. non-delete marker in the versioning enabled bucket) means creating a delete marker, pushing the current version down the versioning stack.
In all other cases, the object or object version is permanently deleted.
The gateway supports SCSP reads & writes of domain and bucket headers with lifecycle policies specified. Gateway S3 interface is modified to support GET, PUT, DELETE, and related permissions for bucket lifecycle policies as specified in the S3 documentation. Gateway validates policies against the S3 specification. On PUT or DELETE permission, the gateway translates the client-supplied bucket policy specifications into the appropriate Swarm bucket headers. Bucket lifecycle policy features provided via S3 that Swarm does not support (such as storage class transitions) are dropped during this translation. On the bucket lifecycle policy GET reply, Gateway performs reverse translation for any Policy-Lifecycle headers on the bucket object into an S3-compatible format.
Swarm Content Portal provides a convenient method of managing policies. This information is provided for completeness.
Since lifecycle policies are part of the overall context-level policy framework, GET and HEAD requests on contexts and name objects (with the verbose query argument) return Policy-Lifecycle-Evaluated
and Policy-Lifecycle-Evaluated-Constrained
headers. They describe if the lifecycle policies are enforced at the various levels such as cluster, domain, and bucket.