268 lines
8.6 KiB
YAML
268 lines
8.6 KiB
YAML
# daemon alive time, when sets 0s, daemon will not auto exit
|
|
# it is useful for longtime running
|
|
aliveTime: 0s
|
|
|
|
# daemon gc task running interval
|
|
gcInterval: 1m0s
|
|
|
|
# daemon work directory, daemon will change current working directory to this
|
|
# in linux, default value is /usr/local/dragonfly
|
|
# in macos(just for testing), default value is /Users/$USER/.dragonfly
|
|
workHome: ""
|
|
|
|
# cacheDir is dynconfig cache storage directory
|
|
# in linux, default value is /var/cache/dragonfly
|
|
# in macos(just for testing), default value is /Users/$USER/.dragonfly/cache
|
|
cacheDir: ""
|
|
|
|
# logDir is the log storage directory
|
|
# in linux, default value is /var/log/dragonfly
|
|
# in macos(just for testing), default value is /Users/$USER/.dragonfly/logs
|
|
logDir: ""
|
|
|
|
# dataDir is the download data storage directory
|
|
# in linux, default value is /var/lib/dragonfly
|
|
# in macos(just for testing), default value is /Users/$USER/.dragonfly/data
|
|
dataDir: ""
|
|
|
|
# when daemon exit, keep peer task data or not
|
|
# it is usefully when upgrade daemon service, all local cache will be saved
|
|
# default is false
|
|
keepStorage: true
|
|
|
|
# console shows log on console
|
|
console: false
|
|
|
|
# whether to enable debug level logger and enable pprof
|
|
verbose: false
|
|
|
|
# listen port for pprof, only valid when the verbose option is true
|
|
# default is -1. If it is 0, pprof will use a random port.
|
|
pprof-port: -1
|
|
|
|
# jaeger endpoint url, like: http://jaeger.dragonfly.svc:14268/api/traces
|
|
jaeger: ""
|
|
|
|
# all addresses of all schedulers
|
|
# the schedulers of all daemons should be same in one region or zone.
|
|
# daemon will send tasks to a fixed scheduler by hashing the task url and meta data
|
|
# caution: only tcp is supported
|
|
scheduler:
|
|
manager:
|
|
# get scheduler list dynamically from manager
|
|
enable: false
|
|
# manager service addresses
|
|
netAddrs:
|
|
- type: tcp
|
|
addr: 127.0.0.1:65003
|
|
# scheduler list refresh interval
|
|
refreshInterval: 5m
|
|
# schedule timeout
|
|
scheduleTimeout: 30s
|
|
# when true, only scheduler says back source, daemon can back source
|
|
disableAutoBackSource: false
|
|
# below example is a stand address
|
|
netAddrs:
|
|
- type: tcp
|
|
addr: 127.0.0.1:8002
|
|
|
|
# current host info used for scheduler
|
|
host:
|
|
# tcp service listen address
|
|
# port should be set by other options
|
|
listenIP: 0.0.0.0
|
|
# access ip for other peers
|
|
# when local ip is different with access ip, advertiseIP should be set
|
|
advertiseIP: 0.0.0.0
|
|
# geographical location, separated by "|" characters
|
|
location: ""
|
|
# idc deployed by daemon
|
|
idc: ""
|
|
# security domain deployed by daemon, network isolation between different security domains
|
|
securityDomain: ""
|
|
# network topology, separated by "|" characters
|
|
netTopology: ""
|
|
# daemon hostname
|
|
# hostname: ""
|
|
|
|
# download service option
|
|
download:
|
|
# calculate digest when transfer files, set false to save memory
|
|
calculateDigest: true
|
|
# total download limit per second
|
|
totalRateLimit: 200Mi
|
|
# per peer task download limit per second
|
|
perPeerRateLimit: 100Mi
|
|
# download piece timeout
|
|
pieceDownloadTimeout: 30s
|
|
# golang transport option
|
|
transportOption:
|
|
# dial timeout
|
|
dialTimeout: 2s
|
|
# keep alive
|
|
keepAlive: 30s
|
|
# same with http.Transport.MaxIdleConns
|
|
maxIdleConns: 100
|
|
# same with http.Transport.IdleConnTimeout
|
|
idleConnTimeout: 90s
|
|
# same with http.Transport.ResponseHeaderTimeout
|
|
responseHeaderTimeout: 2s
|
|
# same with http.Transport.TLSHandshakeTimeout
|
|
tlsHandshakeTimeout: 1s
|
|
# same with http.Transport.ExpectContinueTimeout
|
|
expectContinueTimeout: 2s
|
|
# download grpc option
|
|
downloadGRPC:
|
|
# security option
|
|
security:
|
|
insecure: true
|
|
cacert: ""
|
|
cert: ""
|
|
key: ""
|
|
tlsConfig: null
|
|
# download service listen address
|
|
# current, only support unix domain socket
|
|
unixListen:
|
|
# in linux, default value is /var/run/dfdaemon.sock
|
|
# in macos(just for testing), default value is /tmp/dfdaemon.sock
|
|
socket: /var/run/dfdaemon.sock
|
|
# peer grpc option
|
|
# peer grpc service send pieces info to other peers
|
|
peerGRPC:
|
|
security:
|
|
insecure: true
|
|
cacert: ""
|
|
cert: ""
|
|
key: ""
|
|
tcpListen:
|
|
# listen address
|
|
listen: 0.0.0.0
|
|
# listen port, daemon will try to listen
|
|
# when this port is not available, daemon will try next port
|
|
port: 65000
|
|
# if want to limit upper port, please use blow format
|
|
# port:
|
|
# start: 65000
|
|
# end: 65009
|
|
|
|
# upload service option
|
|
upload:
|
|
# upload limit per second
|
|
rateLimit: 100Mi
|
|
security:
|
|
insecure: true
|
|
cacert: ""
|
|
cert: ""
|
|
key: ""
|
|
tcpListen:
|
|
# listen address
|
|
listen: 0.0.0.0
|
|
# listen port, daemon will try to listen
|
|
# when this port is not available, daemon will try next port
|
|
port: 65002
|
|
# if want to limit upper port, please use blow format
|
|
# port:
|
|
# start: 65020
|
|
# end: 65029
|
|
|
|
# peer task storage option
|
|
storage:
|
|
# task data expire time
|
|
# when there is no access to a task data, this task will be gc.
|
|
taskExpireTime: 6h
|
|
# storage strategy when process task data
|
|
# io.d7y.storage.v2.simple : download file to data directory first, then copy to output path, this is default action
|
|
# the download file in date directory will be the peer data for uploading to other peers
|
|
# io.d7y.storage.v2.advance: download file directly to output path with postfix, hard link to final output,
|
|
# avoid copy to output path, fast than simple strategy, but:
|
|
# the output file with postfix will be the peer data for uploading to other peers
|
|
# when user delete or change this file, this peer data will be corrupted
|
|
# default is io.d7y.storage.v2.advance
|
|
strategy: io.d7y.storage.v2.advance
|
|
# disk quota gc threshold, when the quota of all tasks exceeds the gc threshold, the oldest tasks will be reclaimed.
|
|
diskGCThreshold: 50Gi
|
|
# disk used percent gc threshold, when the disk used percent exceeds, the oldest tasks will be reclaimed.
|
|
# eg, diskGCThresholdPercent=80, when the disk usage is above 80%, start to gc the oldest tasks
|
|
diskGCThresholdPercent: 80
|
|
# set to ture for reusing underlying storage for same task id
|
|
multiplex: true
|
|
|
|
# proxy service config file location or detail config
|
|
# proxy: ""
|
|
|
|
# proxy service detail option
|
|
proxy:
|
|
# filter for hash url
|
|
# when defaultFilter: "Expires&Signature", for example:
|
|
# http://localhost/xyz?Expires=111&Signature=222 and http://localhost/xyz?Expires=333&Signature=999
|
|
# is same task
|
|
defaultFilter: "Expires&Signature"
|
|
security:
|
|
insecure: true
|
|
cacert: ""
|
|
cert: ""
|
|
key: ""
|
|
tcpListen:
|
|
# namespace stands the linux net namespace, like /proc/1/ns/net
|
|
# it's useful for running daemon in pod with ip allocated and listening the special port in host net namespace
|
|
# Linux only
|
|
namespace: ""
|
|
# listen address
|
|
listen: 0.0.0.0
|
|
# listen port, daemon will try to listen
|
|
# when this port is not available, daemon will try next port
|
|
port: 65001
|
|
# if want to limit upper port, please use blow format
|
|
# port:
|
|
# start: 65020
|
|
# end: 65029
|
|
registryMirror:
|
|
# when enable, using header "X-Dragonfly-Registry" for remote instead of url
|
|
dynamic: true
|
|
# url for the registry mirror
|
|
url: https://index.docker.io
|
|
# whether to ignore https certificate errors
|
|
insecure: true
|
|
# optional certificates if the remote server uses self-signed certificates
|
|
certs: []
|
|
# whether to request the remote registry directly
|
|
direct: false
|
|
# whether to use proxies to decide if dragonfly should be used
|
|
useProxies: false
|
|
|
|
proxies:
|
|
# proxy all http image layer download requests with dfget
|
|
- regx: blobs/sha256.*
|
|
# change http requests to some-registry to https and proxy them with dfget
|
|
- regx: some-registry/
|
|
useHTTPS: true
|
|
# proxy requests directly, without dfget
|
|
- regx: no-proxy-reg
|
|
direct: true
|
|
# proxy requests with redirect
|
|
- regx: some-registry
|
|
redirect: another-registry
|
|
# the same with url rewrite like apache ProxyPass directive
|
|
- regx: ^http://some-registry/(.*)
|
|
redirect: http://another-registry/$1
|
|
|
|
hijackHTTPS:
|
|
# key pair used to hijack https requests
|
|
cert: ""
|
|
key: ""
|
|
hosts:
|
|
- regx: mirror.aliyuncs.com:443 # regexp to match request hosts
|
|
# whether to ignore https certificate errors
|
|
insecure: true
|
|
# optional certificates if the host uses self-signed certificates
|
|
certs: []
|
|
# max tasks to download same time, 0 is no limit
|
|
maxConcurrency: 0
|
|
whiteList:
|
|
# the host of the whitelist
|
|
- host: ""
|
|
# match whitelist hosts
|
|
regx:
|
|
# port that need to be added to the whitelist
|
|
ports:
|