Dfdaemon

Configure Dfdaemon YAML File

The default path for the dfdaemon yaml configuration file is /etc/dragonfly/dfget.yaml in linux, and the default path is $HOME/.dragonfly/config/dfget.yaml in darwin.

# daemon alive time, when sets 0s, daemon will not auto exit
# it is useful for longtime running
aliveTime: 0s

# daemon gc task running interval
gcInterval: 1m0s

# daemon work directory, daemon will change current working directory to this
# in linux, default value is /usr/local/dragonfly
# in macos(just for testing), default value is /Users/$USER/.dragonfly
workHome: ''

# cacheDir is dynconfig cache storage directory
# in linux, default value is /var/cache/dragonfly
# in macos(just for testing), default value is /Users/$USER/.dragonfly/cache
cacheDir: ''

# logDir is the log storage directory
# in linux, default value is /var/log/dragonfly
# in macos(just for testing), default value is /Users/$USER/.dragonfly/logs
logDir: ''

# dataDir is the download data storage directory
# in linux, default value is /var/lib/dragonfly
# in macos(just for testing), default value is /Users/$USER/.dragonfly/data
dataDir: ''

# when daemon exit, keep peer task data or not
# it is usefully when upgrade daemon service, all local cache will be saved
# default is false
keepStorage: false

# console shows log on console
console: false

# whether to enable debug level logger and enable pprof
verbose: false

# listen port for pprof, only valid when the verbose option is true
# default is -1. If it is 0, pprof will use a random port.
pprof-port: -1

# jaeger endpoint url, like: http://jaeger.dragonfly.svc:14268/api/traces
jaeger: ''

# all addresses of all schedulers
# the schedulers of all daemons should be same in one region or zone.
# daemon will send tasks to a fixed scheduler by hashing the task url and meta data
# caution: only tcp is supported
scheduler:
  manager:
    # get scheduler list dynamically from manager
    enable: false
    # manager service addresses
    netAddrs:
      - type: tcp
        addr: manager-service:65003
    # scheduler list refresh interval
    refreshInterval: 5m
    # seed peer configuration
    seedPeer:
      # dfdaemon enabled seed peer mode
      enable: false
      # seed peer type includes super, strong and weak
      type: super
      # seed peer cluster id
      clusterID: 1
      keepAlive:
        # keep alive internal
        internal: 5s
  # schedule timeout
  scheduleTimeout: 30s
  # when true, only scheduler says back source, daemon can back source
  disableAutoBackSource: false
  # below example is a stand address
  netAddrs:
    - type: tcp
      addr: scheduler-service:8002

# current host info used for scheduler
host:
  # tcp service listen address
  # port should be set by other options
  listenIP: 0.0.0.0
  # access ip for other peers
  # when local ip is different with access ip, advertiseIP should be set
  advertiseIP: 0.0.0.0
  # geographical location, separated by "|" characters
  location: ''
  # idc deployed by daemon
  idc: ''
  # security domain deployed by daemon, network isolation between different security domains
  securityDomain: ''
  # network topology, separated by "|" characters
  netTopology: ''
  # daemon hostname
  # hostname: ""

# download service option
download:
  # calculate digest when transfer files, set false to save memory
  calculateDigest: true
  # total download limit per second
  totalRateLimit: 200Mi
  # per peer task download limit per second
  perPeerRateLimit: 100Mi
  # download piece timeout
  pieceDownloadTimeout: 30s
  # golang transport option
  transportOption:
    # dial timeout
    dialTimeout: 2s
    # keep alive
    keepAlive: 30s
    # same with http.Transport.MaxIdleConns
    maxIdleConns: 100
    # same with http.Transport.IdleConnTimeout
    idleConnTimeout: 90s
    # same with http.Transport.ResponseHeaderTimeout
    responseHeaderTimeout: 2s
    # same with http.Transport.TLSHandshakeTimeout
    tlsHandshakeTimeout: 1s
    # same with http.Transport.ExpectContinueTimeout
    expectContinueTimeout: 2s
  # download grpc option
  downloadGRPC:
    # security option
    security:
      insecure: true
      cacert: ''
      cert: ''
      key: ''
      tlsVerify: true
      tlsConfig: null
    # download service listen address
    # current, only support unix domain socket
    unixListen:
      # in linux, default value is /var/run/dfdaemon.sock
      # in macos(just for testing), default value is /tmp/dfdaemon.sock
      socket: /var/run/dfdaemon.sock
  # peer grpc option
  # peer grpc service send pieces info to other peers
  peerGRPC:
    security:
      insecure: true
      cacert: ''
      cert: ''
      key: ''
      tlsVerify: true
    tcpListen:
      # listen address
      listen: 0.0.0.0
      # listen port, daemon will try to listen
      # when this port is not available, daemon will try next port
      port: 65000
      # if want to limit upper port, please use blow format
#     port:
#       start: 65000
#       end: 65009

# upload service option
upload:
  # upload limit per second
  rateLimit: 100Mi
  security:
    insecure: true
    cacert: ''
    cert: ''
    key: ''
    tlsVerify: false
  tcpListen:
    # listen address
    listen: 0.0.0.0
    # listen port, daemon will try to listen
    # when this port is not available, daemon will try next port
    port: 65002
    # if want to limit upper port, please use blow format
#   port:
#     start: 65020
#     end: 65029

# peer task storage option
storage:
  # task data expire time
  # when there is no access to a task data, this task will be gc.
  taskExpireTime: 6h
  # storage strategy when process task data
  # io.d7y.storage.v2.simple : download file to data directory first, then copy to output path, this is default action
  #                           the download file in date directory will be the peer data for uploading to other peers
  # io.d7y.storage.v2.advance: download file directly to output path with postfix, hard link to final output,
  #                            avoid copy to output path, fast than simple strategy, but:
  #                            the output file with postfix will be the peer data for uploading to other peers
  #                            when user delete or change this file, this peer data will be corrupted
  # default is io.d7y.storage.v2.simple
  strategy: io.d7y.storage.v2.simple
  # disk quota gc threshold, when the quota of all tasks exceeds the gc threshold, the oldest tasks will be reclaimed.
  diskGCThreshold: 50Gi
  # disk used percent gc threshold, when the disk used percent exceeds, the oldest tasks will be reclaimed.
  # eg, diskGCThresholdPercent=80, when the disk usage is above 80%, start to gc the oldest tasks
  diskGCThresholdPercent: 80
  # set to ture for reusing underlying storage for same task id
  multiplex: true

# proxy service config file location or detail config
# proxy: ""

# proxy service detail option
proxy:
  # filter for hash url
  # when defaultFilter: "Expires&Signature&ns", for example:
  #  http://localhost/xyz?Expires=111&Signature=222&ns=docker.io and http://localhost/xyz?Expires=333&Signature=999&ns=docker.io
  # is same task
  defaultFilter: 'Expires&Signature&ns'
  security:
    insecure: true
    cacert: ''
    cert: ''
    key: ''
    tlsVerify: false
  tcpListen:
    # namespace stands the linux net namespace, like /proc/1/ns/net
    # it's useful for running daemon in pod with ip allocated and listening the special port in host net namespace
    # Linux only
    namespace: ''
    # listen address
    listen: 0.0.0.0
    # listen port, daemon will try to listen
    # when this port is not available, daemon will try next port
    port: 65001
    # if want to limit upper port, please use blow format
  #   port:
  #     start: 65020
  #     end: 65029
  registryMirror:
    # when enable, using header "X-Dragonfly-Registry" for remote instead of url
    dynamic: true
    # url for the registry mirror
    url: https://index.docker.io
    # whether to ignore https certificate errors
    insecure: true
    # optional certificates if the remote server uses self-signed certificates
    certs: []
    # whether to request the remote registry directly
    direct: false
    # whether to use proxies to decide if dragonfly should be used
    useProxies: false

  proxies:
    # proxy all http image layer download requests with dfget
    - regx: blobs/sha256.*
    # change http requests to some-registry to https and proxy them with dfget
    - regx: some-registry/
      useHTTPS: true
    # proxy requests directly, without dfget
    - regx: no-proxy-reg
      direct: true
    # proxy requests with redirect
    - regx: some-registry
      redirect: another-registry
    # the same with url rewrite like apache ProxyPass directive
    - regx: ^http://some-registry/(.*)
      redirect: http://another-registry/$1

  hijackHTTPS:
    # key pair used to hijack https requests
    cert: ''
    key: ''
    hosts:
      - regx: mirror.aliyuncs.com:443 # regexp to match request hosts
        # whether to ignore https certificate errors
        insecure: true
        # optional certificates if the host uses self-signed certificates
        certs: []
  # max tasks to download same time, 0 is no limit
  maxConcurrency: 0
  whiteList:
    # the host of the whitelist
    - host: ''
      # match whitelist hosts
      regx:
      # port that need to be added to the whitelist
      ports:
  # setup basic auth for proxy
  basicAuth:
    username: 'admin'
    password: 'password'
# prometheus metrics address
# metrics: ':8000'