Hi
First, all requests with presigned URLs should be restricted.
This is how the request is blocked with the nginx sidecar (it's just a
simple parameter in the URL that is forbidden):
if ($arg_Signature) { return 403 'Signature parameter forbidden';
}
Our bucket policies are created automat
on":{
"IpAddress":{
"aws:SourceIp":[
"redacted"
]
}
}
},
{
"Sid":"username%%%policy_control",
"Effect":"Deny",
Hi Ceph Users
I am encountering a problem with the RGW Admin Ops Socket.
I am setting up the socket as follows:
rgw_enable_ops_log = true
rgw_ops_log_socket_path = /tmp/ops/rgw-ops.socket
rgw_ops_log_data_backlog = 16Mi
Seems like the socket fills up over time and it doesn't seem to get
flush
j op status=0
-482> 2024-01-25T14:54:31.680+ 7f5185bc8b00 2 req
2568229052387020224 0.092001401s s3:put_obj http status=200
-481> 2024-01-25T14:54:31.680+ 7f5185bc8b00 1 == req done
req=0x7f517ffca720 op status=0 http_status=200 latency=0.092001401s ==
Thanks for your h
keep
reading from it. So it probably is getting backlogged. And while you
could arrange things to make that less likely, you likely can't make
it impossible, so there's a bug here.
Matt
On Thu, Jan 25, 2024 at 10:52 AM Marc Singer wrote:
Hi
I am using a unix socket client
, yes, create a tracker issue on tracker.ceph.com?
2. you might be able to get more throughput with (some number) of
additional threads; the first thing I would try is prioritization (nice)
regards,
Matt
On Fri, Jan 26, 2024 at 6:08 AM Marc Singer wrote:
Hi Matt
Thanks for your answer.
Should
Hello Ceph Users
Since we are running a big S3 cluster we would like to externalize the
RGW daemons that do async tasks, like:
* Garbage collection
* Lifecycle policies
* Calculating and updating quotas
Would this be possible to do in the configuration? Which config values
would I need to
