first commit
This commit is contained in:
25
roles/seaweed/templates/filer.toml.j2
Normal file
25
roles/seaweed/templates/filer.toml.j2
Normal file
@ -0,0 +1,25 @@
|
||||
# A sample TOML config file for SeaweedFS filer store
|
||||
# Used with "weed filer" or "weed server -filer"
|
||||
# Put this file to one of the location, with descending priority
|
||||
# ./filer.toml
|
||||
# $HOME/.seaweedfs/filer.toml
|
||||
# /etc/seaweedfs/filer.toml
|
||||
|
||||
####################################################
|
||||
# Customizable filer server options
|
||||
####################################################
|
||||
[filer.options]
|
||||
# with http DELETE, by default the filer would check whether a folder is empty.
|
||||
# recursive_delete will delete all sub folders and files, similar to "rm -Rf"
|
||||
recursive_delete = false
|
||||
#max_file_name_length = 255
|
||||
|
||||
####################################################
|
||||
# The following are filer store options
|
||||
####################################################
|
||||
|
||||
[leveldb2]
|
||||
# local on disk, mostly for simple single-machine setup, fairly scalable
|
||||
# faster than previous leveldb, recommended.
|
||||
enabled = true
|
||||
dir = "{{ seaweed_data_dir }}/filer/ldb2" # directory to store level db files
|
||||
1
roles/seaweed/templates/s3.json.j2
Normal file
1
roles/seaweed/templates/s3.json.j2
Normal file
@ -0,0 +1 @@
|
||||
{{ seaweedfs_s3_config | default({}) | to_nice_json }}
|
||||
12
roles/seaweed/templates/seaweed.service.j2
Normal file
12
roles/seaweed/templates/seaweed.service.j2
Normal file
@ -0,0 +1,12 @@
|
||||
[Unit]
|
||||
Description=SeaweedFS - {{ seaweed_service }} Server
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
ExecStart={{ seaweed_binary_path }} -logdir={{ seaweed_log_dir }} {{ seaweed_command }} {% for arg in seaweed_args %}{{ arg }} {% endfor +%}
|
||||
User={{ seaweed_user }}
|
||||
Restart=on-failure
|
||||
LimitNOFILE=1048576
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
132
roles/seaweed/templates/security.toml.j2
Normal file
132
roles/seaweed/templates/security.toml.j2
Normal file
@ -0,0 +1,132 @@
|
||||
# Put this file to one of the location, with descending priority
|
||||
# ./security.toml
|
||||
# $HOME/.seaweedfs/security.toml
|
||||
# /etc/seaweedfs/security.toml
|
||||
# this file is read by master, volume server, and filer
|
||||
|
||||
# comma separated origins allowed to make requests to the filer and s3 gateway.
|
||||
# enter in this format: https://domain.com, or http://localhost:port
|
||||
[cors.allowed_origins]
|
||||
values = "*"
|
||||
|
||||
# this jwt signing key is read by master and volume server, and it is used for write operations:
|
||||
# - the Master server generates the JWT, which can be used to write a certain file on a volume server
|
||||
# - the Volume server validates the JWT on writing
|
||||
# the jwt defaults to expire after 10 seconds.
|
||||
[jwt.signing]
|
||||
key = "{{ seaweed_jwt_signing }}"
|
||||
expires_after_seconds = 10 # seconds
|
||||
|
||||
# by default, if the signing key above is set, the Volume UI over HTTP is disabled.
|
||||
# by setting ui.access to true, you can re-enable the Volume UI. Despite
|
||||
# some information leakage (as the UI is not authenticated), this should not
|
||||
# pose a security risk.
|
||||
[access]
|
||||
ui = false
|
||||
|
||||
# by default the filer UI is enabled. This can be a security risk if the filer is exposed to the public
|
||||
# and the JWT for reads is not set. If you don't want the public to have access to the objects in your
|
||||
# storage, and you haven't set the JWT for reads it is wise to disable access to directory metadata.
|
||||
# This disables access to the Filer UI, and will no longer return directory metadata in GET requests.
|
||||
[filer.expose_directory_metadata]
|
||||
enabled = true
|
||||
|
||||
# this jwt signing key is read by master and volume server, and it is used for read operations:
|
||||
# - the Master server generates the JWT, which can be used to read a certain file on a volume server
|
||||
# - the Volume server validates the JWT on reading
|
||||
# NOTE: jwt for read is only supported with master+volume setup. Filer does not support this mode.
|
||||
[jwt.signing.read]
|
||||
key = ""
|
||||
expires_after_seconds = 10 # seconds
|
||||
|
||||
|
||||
# If this JWT key is configured, Filer only accepts writes over HTTP if they are signed with this JWT:
|
||||
# - f.e. the S3 API Shim generates the JWT
|
||||
# - the Filer server validates the JWT on writing
|
||||
# the jwt defaults to expire after 10 seconds.
|
||||
[jwt.filer_signing]
|
||||
key = "{{ seaweed_jwt_filer_signing }}"
|
||||
expires_after_seconds = 10 # seconds
|
||||
|
||||
# If this JWT key is configured, Filer only accepts reads over HTTP if they are signed with this JWT:
|
||||
# - f.e. the S3 API Shim generates the JWT
|
||||
# - the Filer server validates the JWT on writing
|
||||
# the jwt defaults to expire after 10 seconds.
|
||||
[jwt.filer_signing.read]
|
||||
key = ""
|
||||
expires_after_seconds = 10 # seconds
|
||||
|
||||
# all grpc tls authentications are mutual
|
||||
# the values for the following ca, cert, and key are paths to the PERM files.
|
||||
# the host name is not checked, so the PERM files can be shared.
|
||||
[grpc]
|
||||
ca = "{{ seaweed_ca_cert }}"
|
||||
# Set wildcard domain for enable TLS authentication by common names
|
||||
allowed_wildcard_domain = "" # .mycompany.com
|
||||
|
||||
[grpc.volume]
|
||||
cert = "{{ seaweed_volume_cert }}"
|
||||
key = "{{ seaweed_volume_key }}"
|
||||
allowed_commonNames = "" # comma-separated SSL certificate common names
|
||||
|
||||
[grpc.master]
|
||||
cert = "{{ seaweed_master_cert }}"
|
||||
key = "{{ seaweed_master_key }}"
|
||||
allowed_commonNames = "" # comma-separated SSL certificate common names
|
||||
|
||||
[grpc.filer]
|
||||
cert = "{{ seaweed_filer_cert }}"
|
||||
key = "{{ seaweed_filer_key }}"
|
||||
allowed_commonNames = "" # comma-separated SSL certificate common names
|
||||
|
||||
[grpc.s3]
|
||||
cert = "{{ seaweed_client_cert }}"
|
||||
key = "{{ seaweed_client_key }}"
|
||||
allowed_commonNames = "" # comma-separated SSL certificate common names
|
||||
|
||||
[grpc.msg_broker]
|
||||
cert = ""
|
||||
key = ""
|
||||
allowed_commonNames = "" # comma-separated SSL certificate common names
|
||||
|
||||
[grpc.msg_agent]
|
||||
cert = ""
|
||||
key = ""
|
||||
allowed_commonNames = "" # comma-separated SSL certificate common names
|
||||
|
||||
# use this for any place needs a grpc client
|
||||
# i.e., "weed backup|benchmark|filer.copy|filer.replicate|mount|s3|upload"
|
||||
[grpc.client]
|
||||
cert = "{{ seaweed_client_cert }}"
|
||||
key = "{{ seaweed_client_key }}"
|
||||
|
||||
# https client for master|volume|filer|etc connection
|
||||
# It is necessary that the parameters [https.volume]|[https.master]|[https.filer] are set
|
||||
[https.client]
|
||||
enabled = false
|
||||
cert = ""
|
||||
key = ""
|
||||
ca = ""
|
||||
|
||||
# volume server https options
|
||||
[https.volume]
|
||||
cert = ""
|
||||
key = ""
|
||||
ca = ""
|
||||
|
||||
# master server https options
|
||||
[https.master]
|
||||
cert = ""
|
||||
key = ""
|
||||
ca = ""
|
||||
|
||||
# filer server https options
|
||||
[https.filer]
|
||||
cert = ""
|
||||
key = ""
|
||||
ca = ""
|
||||
# disable_tls_verify_client_cert = true|false (default: false)
|
||||
|
||||
# white list. It's checking request ip address.
|
||||
[guard]
|
||||
white_list = ""
|
||||
Reference in New Issue
Block a user