github.com/NVIDIA/aistore@v1.3.23-0.20240517131212-7df6609be51d/docs/environment-vars.md (about) 1 --- 2 layout: post 3 title: Environment Variables 4 permalink: /docs/environment-vars 5 redirect_from: 6 - /environment-vars.md/ 7 - /docs/environment-vars.md/ 8 --- 9 10 ## Introduction 11 12 Generally, aistore configuration comprises several sources: 13 14 1. cluster (a.k.a. global) and node (or, local) configurations, the latter further "splitting" into local config per se and local overrides of the inherited cluster config; 15 2. `aisnode` [command line](/docs/command_line.md); 16 3. environment variables (this document); 17 4. finally, assorted low-level constants (also referred to as "hardcoded defaults") that almost never have to change. 18 19 This enumeration does _not_ include buckets (and their respective configurations). In aistore, buckets inherit a part of the cluster config that can be further changed on a per-bucket basis - either at creation time or at any later time, etc. 20 21 > In effect, cluster configuration contains cluster-wide defaults for all AIS buckets, current and future. 22 23 For additional references, please see the [last section](#references) in this document. The rest of it, though, describes only and exclusively **environment variables** - item `3` above. 24 25 ## Rules 26 27 First though, two common rules that, in fact, apply across the board: 28 29 * in aistore, all environment settings are **optional** 30 * if specified, environment variable will always **override**: 31 - the corresponding default *constant* (if exists), and/or 32 - persistent *configuration* (again, if the latter exists). 33 34 For example: 35 36 * in aistore cluster, each node has an `ID`, which is persistent, replicated and unique; at node startup its `ID` can be overridden via `AIS_DAEMON_ID` environment (see below); 37 * environment `AIS_READ_HEADER_TIMEOUT`, if specified, will be used instead of the `apc.ReadHeaderTimeout` [constant](https://github.com/NVIDIA/aistore/blob/main/api/apc/const.go) in the code; 38 * `AIS_USE_HTTPS` takes precedence over `net.http.use_https` value from the [cluster configuration](/docs/configuration.md), 39 40 and so on. 41 42 ### Table of Contents 43 44 The remainder of this text groups aistore environment variables by their respective usages, and is structured as follows: 45 46 - [Primary](#primary) 47 - [Network](#network) 48 - [Node](#node) 49 - [HTTPS](#https) 50 - [Local Playground](#local-playground) 51 - [Kubernetes](#kubernetes) 52 - [Package: backend](#package-backend) 53 - [AIS as S3 storage](#ais-as-s3-storage) 54 - [Package: stats](#package-stats) 55 - [Package: memsys](#package-memsys) 56 - [Package: transport](#package-transport) 57 58 separately, there's authenication server config: 59 - [AuthN](#authn) 60 61 and finally: 62 - [References](#references) 63 64 ## Primary 65 66 Background: in a running aistore cluster, at any point in time there's a single _primary_ gateway that may also be administratively selected, elected, reelected. Hence, two related variables: 67 68 | name | comment | 69 | ---- | ------- | 70 | `AIS_PRIMARY_EP` | at startup, tells _one_ of the starting-up proxies to assume the _primary_ role iff `AIS_PRIMARY_EP` specifies one of the proxy's listening endpoints; e.g. usage: | 71 72 ```bash 73 $ AIS_PRIMARY_EP=https://ais-proxy-0.svc.cluster.local:51082 74 # or (same): 75 $ AIS_PRIMARY_EP=ais-proxy-0.svc.cluster.local:51082 76 ``` 77 78 ## Network 79 80 | name | comment | 81 | ---- | ------- | 82 | `AIS_ENDPOINT` | http or https address of an arbitrary AIS gateway (proxy) in a given cluster | 83 | `AIS_CLUSTER_CIDR` | ais cluster [CIDR](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing); often can be understood/approximated as the cluster's subnet; when specified will be used to differentiate between clients within the same subnet vs outside | 84 | `AIS_READ_HEADER_TIMEOUT` | maximum time to receive request headers; e.g. usage: 'export AIS_READ_HEADER_TIMEOUT=10s', and note that '0s' (zero) is also permitted | 85 86 ## Node 87 88 | name | comment | 89 | ---- | ------- | 90 | `AIS_DAEMON_ID` | ais node ID | 91 | `AIS_HOST_IP` | node's public IPv4 | 92 | `AIS_HOST_PORT` | node's public TCP port (and note the corresponding local config: "host_net.port") | 93 94 See also: 95 * [three logical networks](/docs/performance.md#network) 96 97 ## HTTPS 98 99 | name | comment | 100 | ---- | ------- | 101 | `AIS_USE_HTTPS` | tells aistore to run HTTPS transport (both public and intra-cluster networks); overrides the corresponding config; e.g. usage: 'export AIS_USE_HTTPS=true' | 102 | `AIS_CRT` | X509 certificate pathname (this and the rest variables in the table are ignored when aistore is AIS_USE_HTTPS==false | 103 | `AIS_CRT_KEY` | pathname that contains X509 certificate private key | 104 | `AIS_CLIENT_CA` | certificate authority that authorized (signed) the certificate | 105 | `AIS_SKIP_VERIFY_CRT` | when true will skip X509 cert verification (usually enabled to circumvent limitations of self-signed certs) | 106 107 ## Local Playground 108 109 | name | comment | 110 | ---- | ------- | 111 | `NUM_TARGET` | usage is limited to development scripts and test automation | 112 | `NUM_PROXY` | (ditto) | 113 114 See also: 115 * [scripts/clean_deploy.sh](https://github.com/NVIDIA/aistore/blob/main/scripts/clean_deploy.sh) 116 * [wait-for-cluster](https://github.com/NVIDIA/aistore/blob/main/ais/test/main_test.go#L47-L56) 117 118 ## Kubernetes 119 120 | name | comment | 121 | ---- | ------- | 122 | `MY_POD` and `HOSTNAME` | Kubernetes POD name. `MY_POD` is used in [production](operator/pkg/resources/cmn/env.go); `HOSTNAME`, on the other hand, is usually considered a Kubernetes default | 123 | `MY_NODE` | Kubernetes node name | 124 | `K8S_NS` and `POD_NAMESPACE` | Kubernetes namespace. `K8S_NS` is used in [production](operator/pkg/resources/cmn/env.go), while `POD_NAMESPACE` - development | 125 126 Kubernetes POD name is also reported via `ais show cluster` CLI - when it is a Kubernetes deployment, e.g.: 127 128 ```console 129 $ ais show cluster t[fXbarEnn] 130 TARGET MEM USED(%) MEM AVAIL CAP USED(%) CAP AVAIL LOAD AVERAGE REBALANCE UPTIME K8s POD STATUS VERSION BUILD TIME 131 t[fXbarEnn] 3.08% 367.66GiB 51% 8.414TiB [0.9 1.1 1.3] - 1852h19m40s ais-target-26 online 3.20.92bc0c1 2023-09-18T19:12:52+0000 132 ``` 133 134 See related: 135 * [AIS K8s Operator: environment variables](https://github.com/NVIDIA/ais-k8s/blob/master/operator/pkg/resources/cmn/env.go) 136 137 ## AWS S3 138 139 **NOTE:** for the most recent updates, please refer to the [source](https://github.com/NVIDIA/aistore/blob/main/api/env/aws.go). 140 141 | name | comment | 142 | ---- | ------- | 143 | `S3_ENDPOINT` | global S3 endpoint to be used instead of `s3.amazonaws.com` | 144 | `AWS_REGION` | default bucket region; can be set to override the global default 'us-east-1' location | 145 | `AWS_PROFILE` | global AWS profile with alternative (as far as the [default]) credentials and/or AWS region | 146 147 ## Package: backend 148 149 AIS natively supports 3 (three) [Cloud storages](/docs/providers.md). 150 151 The corresponding environment "belongs" to the internal [backend](https://github.com/NVIDIA/aistore/tree/main/ais/backend) package and includes: 152 153 | name | comment | 154 | ---- | ------- | 155 | `S3_ENDPOINT`, `AWS_PROFILE`, and `AWS_REGION`| see previous section | 156 | `GOOGLE_CLOUD_PROJECT`, `GOOGLE_APPLICATION_CREDENTIALS` | GCP account with permissions to access Google Cloud Storage buckets | 157 | `AZURE_STORAGE_ACCOUNT`, `AZURE_STORAGE_KEY` | Azure account with permissions to access Blob Storage containers | 158 | `AIS_AZURE_URL` | Azure endpoint, e.g. `http://<account_name>.blob.core.windows.net` | 159 160 Notice in the table above that the variables `S3_ENDPOINT` and `AWS_PROFILE` are designated as _global_: cluster-wide. 161 162 The implication: it is possible to override one or both of them on a **per-bucket basis**: 163 164 * [configuring buckets with alternative S3 andpoint and/or credentials](/docs/cli/aws_profile_endpoint.md) 165 166 ### AIS as S3 storage 167 168 Environment `S3_ENDPOINT` is _important_, and may be also be a source of minor confusion. The reason: aistore itself provides S3 compatible interface. 169 170 For instance, on the aistore's client side you could say something like: 171 172 ```console 173 export S3_ENDPOINT=https://10.0.4.53:51080/s3 174 ``` 175 176 and then run existing S3 applications against an aistore cluster at `10.0.4.53` - with no changes (to the application). 177 178 Moreover, configure aistore to handle S3 requests at its "/" root: 179 180 ```console 181 $ ais config cluster features S3-API-via-Root 182 ``` 183 184 and re-specify `S3_ENDPOINT` environment to make it looking slightly more conventional: 185 186 ```console 187 export S3_ENDPOINT=https://10.0.4.53:51080 188 ``` 189 190 **To recap**: 191 192 * use `S3_ENDPOINT` to override the `s3.amazonaws.com` default; 193 * specify `AWS_PROFILE` to use a non-default (named) AWS profile 194 195 and separately: 196 197 * you could run existing S3 apps (with no changes) against aistore by using `S3_ENDPOINT` on the client side 198 199 See also: 200 * [AIS buckets](/docs/cli/bucket.md) 201 * [Bucket configuration: AWS profiles](/docs/cli/aws_profile_endpoint.md) 202 * [Using aistore as S3 endpoint](/docs/s3compat.md) 203 204 ## Package: stats 205 206 AIStore is a fully compliant [Prometheus exporter](https://prometheus.io/docs/instrumenting/writing_exporters/). 207 208 In addition and separately, AIStore supports [StatsD](https://github.com/etsy/statsd), and via StatsD - Graphite (collection) and Grafana (graphics). 209 210 The corresponding binary choice between StatsD and Prometheus is a **deployment-time** switch controlled by a single environment variable: **AIS_PROMETHEUS**. 211 212 Namely: 213 214 | name | comment | 215 | ---- | ------- | 216 | `AIS_PROMETHEUS` | e.g. usage: `export AIS_PROMETHEUS=true` | 217 | `AIS_STATSD_PORT` | use it to override the default `8125` (see https://github.com/etsy/stats) | 218 | `AIS_STATSD_PROBE` | a startup option that, when true, tells an ais node to _probe_ whether StatsD server exists (and responds); if the probe fails, the node will disable its StatsD functionality completely - i.e., will not be sending any metrics to the StatsD port (above) | 219 220 ## Package: memsys 221 222 | name | comment | 223 | ---- | ------- | 224 | `AIS_MINMEM_FREE` | for details, see [Memory Manager, Slab Allocator (MMSA)](https://github.com/NVIDIA/aistore/blob/main/memsys/README.md) | 225 | `AIS_MINMEM_PCT_TOTAL` | same as above and, specifically, te section "Minimum Available Memory" | 226 | `AIS_MINMEM_PCT_FREE` | (ditto) | 227 228 ## Package: transport 229 230 | name | comment | 231 | ---- | ------- | 232 | `AIS_STREAM_DRY_RUN` | read and immediately discard all read data (can be used to evaluate client-side throughput) | 233 | `AIS_STREAM_BURST_NUM` | overrides `transport.burst_buffer` knob from the [cluster configuration](/docs/configuration.md) | 234 235 See also: [streaming intra-cluster transport](https://github.com/NVIDIA/aistore/blob/main/transport/README.md). 236 237 ## AuthN 238 239 AIStore Authentication Server (**AuthN**) provides OAuth 2.0 compliant [JSON Web Tokens](https://datatracker.ietf.org/doc/html/rfc7519) based secure access to AIStore. 240 241 AuthN supports multiple AIS clusters; in fact, there's no limit on the number of clusters a given AuthN instance can provide authentication and access control service for. 242 243 | name | comment | 244 | ---- | ------- | 245 | `AIS_AUTHN_ENABLED` | aistore cluster itself must "know" whether it is being authenticated; see usage and references below | 246 | `AIS_AUTHN_CONF_DIR` | AuthN server configuration directory, e.g. `"$HOME/.config/ais/authn` | 247 | `AIS_AUTHN_LOG_DIR` | usage: deployment scripts and integration tests | 248 | `AIS_AUTHN_LOG_LEVEL` | ditto | 249 | `AIS_AUTHN_PORT` | can be used to override `52001` default | 250 | `AIS_AUTHN_TTL` | authentication token expiration time; 0 (zero) means "never expires" | 251 | `AIS_AUTHN_USE_HTTPS` | when true, tells a starting-up AuthN to use HTTPS | 252 253 Separately, there's also client-side AuthN environment that includes: 254 255 | name | comment | 256 | ---- | ------- | 257 | `AIS_AUTHN_URL` | used by [CLI](docs/cli/auth.md) to configure and query authenication server (AuthN) | 258 | `AIS_AUTHN_TOKEN_FILE` | token file pathname; can be used to override the default `$HOME/.config/ais/cli/<fname.Token>` | 259 260 When AuthN is disabled (i.e., not used), `ais config` CLI will show something like: 261 262 ```console 263 $ ais config cluster auth 264 PROPERTY VALUE 265 auth.secret ********** 266 auth.enabled false 267 ``` 268 269 Notice: this command is executed on the aistore cluster, not AuthN per se. 270 271 See also: 272 273 * [AIS AuthN server](/docs/authn.md) 274 * [AIS AuthN server: CLI management](/docs/cli/authn.md) 275 276 ## References 277 278 * `env` package [README](https://github.com/NVIDIA/aistore/blob/main/api/env/README.md) 279 * [system filenames](https://github.com/NVIDIA/aistore/blob/main/cmn/fname/fname.go) 280 * [cluster configuration](/docs/configuration.md) 281 * [local playground: cluster and node configuration](https://github.com/NVIDIA/aistore/blob/main/deploy/dev/local/aisnode_config.sh) 282 * [`ais config` command](/docs/cli/config.md) 283 * [performance tunables](/docs/performance.md) 284 * [feature flags](/docs/feature_flags.md)