Storage-Users Service Configuration

Table of Contents

Introduction
Default Values
Deprecated Metadata Backend
Graceful Shutdown
CLI Commands
- Manage Unfinished Uploads
- Purge Expired Space Trash-Bin Items
Caching
Configuration
- Environment Variables
- YAML Example

Introduction

The Infinite Scale Storage-Users service

Default Values

Storage-Users listens on port 9157 by default.

Deprecated Metadata Backend

Starting with Infinite Scale version 3.0.0, the default backend for metadata switched to messagepack. If the setting STORAGE_USERS_OCIS_METADATA_BACKEND has not been defined manually, the backend will be migrated to messagepack automatically. Although it is still possible to manually configure xattrs, this setting should not be used anymore as it will be removed in a later version.

Graceful Shutdown

Starting with Infinite Scale version 4.0.0, you can define a graceful shutdown period for the storage-users service.

The graceful shutdown period is only applicable if the storage-users service runs as standalone service. It does not apply if the storage-users service runs as part of the single binary or as single Docker environment. To build an environment where the storage-users service runs as a standalone service, you must start two instances, one without the storage-users service and one only with the the storage-users service. Note that both instances must be able to communicate on the same network.

When hard-stopping Infinite Scale, for example with the kill <pid> command (SIGKILL), it is possible and likely that not all data from the decomposedfs (metadata) has been written to the storage which may result in an inconsistent decomposedfs. When gracefully shutting down Infinite Scale, using a command like SIGTERM, the process will no longer accept any write requests from other services and will try to write the internal open requests which can take an undefined duration based on many factors. To mitigate that situation, the following things have been implemented:

With the value of the environment variable STORAGE_USERS_GRACEFUL_SHUTDOWN_TIMEOUT, the storage-users service will delay its shutdown giving it time to finalize writing necessary data. This delay can be necessary if there is a lot of data to be saved and/or if storage access/thruput is slow. In such a case you would receive an error log entry informing you that not all data could be saved in time. To prevent such occurrences, you must increase the default value.
If a shutdown error has been logged, the command-line maintenance tool Inspect and Manipulate Node Metadata can help to fix the issue. Please contact support for details.

CLI Commands

Manage Unfinished Uploads

When using Infinite Scale as user storage, a directory named storage/users/uploads can be found in the Infinite Scale data folder. This is an intermediate directory based on TUS which is an open protocol for resumable uploads. Each upload consists of a blob and a blob.info file. Note that the term blob is just a placeholder.

If an upload succeeds, the blob file will be moved to the target and the blob.info file will be deleted.
In case of incomplete uploads, the blob and blob.info files will continue to recieve data until either the upload succeeds in time or the upload expires based on the STORAGE_USERS_UPLOAD_EXPIRATION variable, see the table below for details.
In case of expired uploads, the blob and blob.info files will not be removed automatically. Thus a lot of data can pile up over time wasting storage space.
In the rare case of a failure, after the upload succeeded but the file was not moved to its target location, which can happen when postprocessing fails, the situation is the same as with expired uploads.

Example cases for expired uploads

When a user uploads a big file but the file exceeds the user-quota, the upload can’t be moved to the target after it has finished. The file stays at the upload location until it is manually cleared.
If the bandwith is limited and the file to transfer can’t be transferred completely before the upload expiration time is reached, the file expires and can’t be processed.

There are two commands available to manage unfinished uploads

ocis storage-users uploads <command>

COMMANDS:
   list     Print a list of all incomplete uploads
   clean    Clean up leftovers from expired uploads

Command Examples

Command to identify incomplete uploads

ocis storage-users uploads list

Incomplete uploads:
 - 455bd640-cd08-46e8-a5a0-9304908bd40a (file_example_PPT_1MB.ppt, Size: 1028608, Expires: 2022-08-17T12:35:34+02:00)

Command to clear expired uploads

ocis storage-users uploads clean

Cleaned uploads:
- 455bd640-cd08-46e8-a5a0-9304908bd40a (Filename: file_example_PPT_1MB.ppt, Size: 1028608, Expires: 2022-08-17T12:35:34+02:00)

Purge Expired Space Trash-Bin Items

This command is about purging old trash-bin items of project spaces (spaces that have been created manually) and personal spaces.

ocis storage-users trash-bin <command>

COMMANDS:
   purge-expired     Purge all expired items from the trashbin

The configuration for the purge-expired command is done by using the following environment variables.

STORAGE_USERS_PURGE_TRASH_BIN_USER_ID is used to obtain space trash-bin information and takes the system admin user as the default which is the OCIS_ADMIN_USER_ID but can be set individually. It should be noted, that the OCIS_ADMIN_USER_ID is only assigned automatically when using the single binary deployment and must be manually assigned in all other deployments. The command only considers spaces to which the assigned user has access and delete permission.
STORAGE_USERS_PURGE_TRASH_BIN_PERSONAL_DELETE_BEFORE has a default value of 30 days, which means the command will delete all files older than 30 days. The value is human-readable, valid values are 24h, 60m, 60s etc. 0 is equivalent to disable and prevents the deletion of personal space trash-bin files.
STORAGE_USERS_PURGE_TRASH_BIN_PROJECT_DELETE_BEFORE has a default value of 30 days, which means the command will delete all files older than 30 days. The value is human-readable, valid values are 24h, 60m, 60s etc. 0 is equivalent to disable and prevents the deletion of project space trash-bin files.

Caching

The storage-users service caches stat, metadata and uuids of files and folders via the configured store in STORAGE_USERS_STAT_CACHE_STORE, STORAGE_USERS_FILEMETADATA_CACHE_STORE and STORAGE_USERS_ID_CACHE_STORE. Possible stores are:

Store Type Description

Store Type	Description
`memory`	Basic in-memory store and the default.
`ocmem`	Advanced in-memory store allowing max size.
`redis`	Stores data in a configured Redis cluster.
`redis-sentinel`	Stores data in a configured Redis Sentinel cluster.
`etcd`	Stores data in a configured etcd cluster.
`nats-js`	Stores data using the key-value-store feature of NATS JetStream.
`noop`	Stores nothing. Useful for testing. Not recommended in production environments.

memory

Basic in-memory store and the default.

ocmem

Advanced in-memory store allowing max size.

redis

Stores data in a configured Redis cluster.

redis-sentinel

Stores data in a configured Redis Sentinel cluster.

etcd

Stores data in a configured etcd cluster.

nats-js

Stores data using the key-value-store feature of NATS JetStream.

noop

Stores nothing. Useful for testing. Not recommended in production environments.

Note that in-memory stores are by nature not reboot-persistent.
Though usually not necessary, a database name and a database table can be configured for event stores if the event store supports this. Generally not applicable for stores of type in-memory. These settings are blank by default which means that the standard settings of the configured store apply.
The storage-users service can be scaled if not using in-memory stores and the stores are configured identically over all instances.
When using redis-sentinel, the Redis master to use is configured via STORAGE_USERS_STAT_CACHE_STORE_NODES, STORAGE_USERS_FILEMETADATA_CACHE_STORE_NODES and STORAGE_USERS_ID_CACHE_STORE_NODES in the form of <sentinel-host>:<sentinel-port>/<redis-master> like 10.10.0.200:26379/mymaster.

Configuration

Environment Variables

The storage-users service is configured via the following environment variables:

latest
4.0.1
3.0.0

Deprecation notes for the storage-users service
Deprecation Info	Deprecation Version	Removal Version	Deprecation Replacement

Environment variables for the storage-users service
Name	Type	Default Value	Description
`OCIS_TRACING_ENABLED` `STORAGE_USERS_TRACING_ENABLED`	bool	false	Activates tracing.
`OCIS_TRACING_TYPE` `STORAGE_USERS_TRACING_TYPE`	string		The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.
`OCIS_TRACING_ENDPOINT` `STORAGE_USERS_TRACING_ENDPOINT`	string		The endpoint of the tracing agent.
`OCIS_TRACING_COLLECTOR` `STORAGE_USERS_TRACING_COLLECTOR`	string		The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.
`OCIS_LOG_LEVEL` `STORAGE_USERS_LOG_LEVEL`	string		The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.
`OCIS_LOG_PRETTY` `STORAGE_USERS_LOG_PRETTY`	bool	false	Activates pretty log output.
`OCIS_LOG_COLOR` `STORAGE_USERS_LOG_COLOR`	bool	false	Activates colorized log output.
`OCIS_LOG_FILE` `STORAGE_USERS_LOG_FILE`	string		The path to the log file. Activates logging to this file if set.
`STORAGE_USERS_DEBUG_ADDR`	string	127.0.0.1:9159	Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.
`STORAGE_USERS_DEBUG_TOKEN`	string		Token to secure the metrics endpoint.
`STORAGE_USERS_DEBUG_PPROF`	bool	false	Enables pprof, which can be used for profiling.
`STORAGE_USERS_DEBUG_ZPAGES`	bool	false	Enables zpages, which can be used for collecting and viewing in-memory traces.
`STORAGE_USERS_GRPC_ADDR`	string	127.0.0.1:9157	The bind address of the GRPC service.
`STORAGE_USERS_GRPC_PROTOCOL`	string	tcp	The transport protocol of the GPRC service.
`STORAGE_USERS_HTTP_ADDR`	string	127.0.0.1:9158	The bind address of the HTTP service.
`STORAGE_USERS_HTTP_PROTOCOL`	string	tcp	The transport protocol of the HTTP service.
`OCIS_JWT_SECRET` `STORAGE_USERS_JWT_SECRET`	string		The secret to mint and validate jwt tokens.
`OCIS_REVA_GATEWAY`	string	com.owncloud.api.gateway	The CS3 gateway endpoint.
`OCIS_GRPC_CLIENT_TLS_MODE`	string		TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.
`OCIS_GRPC_CLIENT_TLS_CACERT`	string		Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.
`STORAGE_USERS_SKIP_USER_GROUPS_IN_TOKEN`	bool	false	Disables the loading of user’s group memberships from the reva access token.
`STORAGE_USERS_GRACEFUL_SHUTDOWN_TIMEOUT`	int	30	The number of seconds to wait for the 'storage-users' service to shutdown cleanly before exiting with an error that gets logged. Note: This setting is only applicable when running the 'storage-users' service as a standalone service. See the text description for more details.
`STORAGE_USERS_DRIVER`	string	ocis	The storage driver which should be used by the service. Defaults to 'ocis', Supported values are: 'ocis', 's3ng' and 'owncloudsql'. The 'ocis' driver stores all data (blob and meta data) in an POSIX compliant volume. The 's3ng' driver stores metadata in a POSIX compliant volume and uploads blobs to the s3 bucket.
`OCIS_DECOMPOSEDFS_METADATA_BACKEND` `STORAGE_USERS_OCIS_METADATA_BACKEND`	string	messagepack	The backend to use for storing metadata. Supported values are 'messagepack' and 'xattrs'. The setting 'messagepack' uses a dedicated file to store file metadata while 'xattrs' uses extended attributes to store file metadata. Defaults to 'messagepack'.
`OCIS_DECOMPOSEDFS_PROPAGATOR` `STORAGE_USERS_OCIS_PROPAGATOR`	string	sync	The propagator used for decomposedfs. At the moment, only 'sync' is fully supported, 'async' is available as an experimental option.
`STORAGE_USERS_ASYNC_PROPAGATOR_PROPAGATION_DELAY`	Duration	0s	The delay in seconds between a change made to a tree and the propagation start on treesize and treetime. Multiple propagations are computed to a single one.
`STORAGE_USERS_OCIS_ROOT`	string	~/.ocis/storage/users	The directory where the filesystem storage will store blobs and metadata. If not defined, the root directory derives from $OCIS_BASE_DATA_PATH:/storage/users.
`STORAGE_USERS_OCIS_USER_LAYOUT`	string	{{.Id.OpaqueId}}	Template string for the user storage layout in the user directory.
`STORAGE_USERS_PERMISSION_ENDPOINT` `STORAGE_USERS_OCIS_PERMISSIONS_ENDPOINT`	string	com.owncloud.api.settings	Endpoint of the permissions service. The endpoints can differ for 'ocis' and 's3ng'.
`STORAGE_USERS_OCIS_PERSONAL_SPACE_ALIAS_TEMPLATE`	string	{{.SpaceType}}/{{.User.Username \| lower}}	Template string to construct personal space aliases.
`STORAGE_USERS_OCIS_GENERAL_SPACE_ALIAS_TEMPLATE`	string	{{.SpaceType}}/{{.SpaceName \| replace " " "-" \| lower}}	Template string to construct general space aliases.
`STORAGE_USERS_OCIS_SHARE_FOLDER`	string	/Shares	Name of the folder jailing all shares.
`STORAGE_USERS_OCIS_MAX_ACQUIRE_LOCK_CYCLES`	int	20	When trying to lock files, ocis will try this amount of times to acquire the lock before failing. After each try it will wait for an increasing amount of time. Values of 0 or below will be ignored and the default value of 20 will be used.
`STORAGE_USERS_OCIS_LOCK_CYCLE_DURATION_FACTOR`	int	30	When trying to lock files, ocis will multiply the cycle with this factor and use it as a millisecond timeout. Values of 0 or below will be ignored and the default value of 30 will be used.
`STORAGE_USERS_OCIS_MAX_CONCURRENCY`	int	0	Maximum number of concurrent go-routines. Higher values can potentially get work done faster but will also cause more load on the system. Values of 0 or below will be ignored and the default value of 100 will be used.
`OCIS_ASYNC_UPLOADS` ``	bool	false	Enable asynchronous file uploads.
`OCIS_SPACES_MAX_QUOTA` `STORAGE_USERS_OCIS_MAX_QUOTA`	uint64	0	Set a global max quota for spaces in bytes. A value of 0 equals unlimited. If not using the global OCIS_SPACES_MAX_QUOTA, you must define the FRONTEND_MAX_QUOTA in the frontend service.
`STORAGE_USERS_S3NG_METADATA_BACKEND`	string	messagepack	The backend to use for storing metadata. Supported values are 'xattrs' and 'messagepack'. The setting 'xattrs' uses extended attributes to store file metadata while 'messagepack' uses a dedicated file to store file metadata. Defaults to 'xattrs'.
`OCIS_DECOMPOSEDFS_PROPAGATOR` `STORAGE_USERS_S3NG_PROPAGATOR`	string	sync	The propagator used for decomposedfs. At the moment, only 'sync' is fully supported, 'async' is available as an experimental option.
`STORAGE_USERS_ASYNC_PROPAGATOR_PROPAGATION_DELAY`	Duration	0s	The delay in seconds between a change made to a tree and the propagation start on treesize and treetime. Multiple propagations are computed to a single one.
`STORAGE_USERS_S3NG_ROOT`	string	~/.ocis/storage/users	The directory where the filesystem storage will store metadata for blobs. If not defined, the root directory derives from $OCIS_BASE_DATA_PATH:/storage/users.
`STORAGE_USERS_S3NG_USER_LAYOUT`	string	{{.Id.OpaqueId}}	Template string for the user storage layout in the user directory.
`STORAGE_USERS_PERMISSION_ENDPOINT` `STORAGE_USERS_S3NG_PERMISSIONS_ENDPOINT`	string	com.owncloud.api.settings	Endpoint of the permissions service. The endpoints can differ for 'ocis' and 's3ng'.
`STORAGE_USERS_S3NG_REGION`	string	default	Region of the S3 bucket.
`STORAGE_USERS_S3NG_ACCESS_KEY`	string		Access key for the S3 bucket.
`STORAGE_USERS_S3NG_SECRET_KEY`	string		Secret key for the S3 bucket.
`STORAGE_USERS_S3NG_ENDPOINT`	string		Endpoint for the S3 bucket.
`STORAGE_USERS_S3NG_BUCKET`	string		Name of the S3 bucket.
`STORAGE_USERS_S3NG_PERSONAL_SPACE_ALIAS_TEMPLATE`	string	{{.SpaceType}}/{{.User.Username \| lower}}	Template string to construct personal space aliases.
`STORAGE_USERS_S3NG_GENERAL_SPACE_ALIAS_TEMPLATE`	string	{{.SpaceType}}/{{.SpaceName \| replace " " "-" \| lower}}	Template string to construct general space aliases.
`STORAGE_USERS_S3NG_SHARE_FOLDER`	string	/Shares	Name of the folder jailing all shares.
`STORAGE_USERS_S3NG_MAX_ACQUIRE_LOCK_CYCLES`	int	20	When trying to lock files, ocis will try this amount of times to acquire the lock before failing. After each try it will wait for an increasing amount of time. Values of 0 or below will be ignored and the default value of 20 will be used.
`STORAGE_USERS_S3NG_LOCK_CYCLE_DURATION_FACTOR`	int	30	When trying to lock files, ocis will multiply the cycle with this factor and use it as a millisecond timeout. Values of 0 or below will be ignored and the default value of 30 will be used.
`STORAGE_USERS_S3NG_MAX_CONCURRENCY`	int	0	Maximum number of concurrent go-routines. Higher values can potentially get work done faster but will also cause more load on the system. Values of 0 or below will be ignored and the default value of 100 will be used.
`STORAGE_USERS_OWNCLOUDSQL_DATADIR`	string	~/.ocis/storage/owncloud	The directory where the filesystem storage will store SQL migration data. If not defined, the root directory derives from $OCIS_BASE_DATA_PATH:/storage/owncloud.
`STORAGE_USERS_OWNCLOUDSQL_SHARE_FOLDER`	string	/Shares	Name of the folder jailing all shares.
`STORAGE_USERS_OWNCLOUDSQL_LAYOUT`	string	{{.Username}}	Path layout to use to navigate into a users folder in an owncloud data directory
`STORAGE_USERS_OWNCLOUDSQL_UPLOADINFO_DIR`	string	~/.ocis/storage/uploadinfo	The directory where the filesystem will store uploads temporarily. If not defined, the root directory derives from $OCIS_BASE_DATA_PATH:/storage/uploadinfo.
`STORAGE_USERS_OWNCLOUDSQL_DB_USERNAME`	string	owncloud	Username for the database.
`STORAGE_USERS_OWNCLOUDSQL_DB_PASSWORD`	string	owncloud	Password for the database.
`STORAGE_USERS_OWNCLOUDSQL_DB_HOST`	string		Hostname or IP of the database server.
`STORAGE_USERS_OWNCLOUDSQL_DB_PORT`	int	3306	Port that the database server is listening on.
`STORAGE_USERS_OWNCLOUDSQL_DB_NAME`	string	owncloud	Name of the database to be used.
`STORAGE_USERS_OWNCLOUDSQL_USERS_PROVIDER_ENDPOINT`	string	com.owncloud.api.users	Endpoint of the users provider.
`STORAGE_USERS_DATA_SERVER_URL`	string	http://localhost:9158/data	URL of the data server, needs to be reachable by the data gateway provided by the frontend service or the user if directly exposed.
`STORAGE_USERS_DATA_GATEWAY_URL`	string	https://localhost:9200/data	URL of the data gateway server
`STORAGE_USERS_TRANSFER_EXPIRES`	int64	86400	the time after which the token for upload postprocessing expires
`OCIS_EVENTS_ENDPOINT` `STORAGE_USERS_EVENTS_ENDPOINT`	string	127.0.0.1:9233	The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.
`OCIS_EVENTS_CLUSTER` `STORAGE_USERS_EVENTS_CLUSTER`	string	ocis-cluster	The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.
`OCIS_INSECURE` `STORAGE_USERS_EVENTS_TLS_INSECURE`	bool	false	Whether to verify the server TLS certificates.
`OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE` `STORAGE_USERS_EVENTS_TLS_ROOT_CA_CERTIFICATE`	string		The root CA certificate used to validate the server’s TLS certificate. If provided STORAGE_USERS_EVENTS_TLS_INSECURE will be seen as false.
`OCIS_EVENTS_ENABLE_TLS` `STORAGE_USERS_EVENTS_ENABLE_TLS`	bool	false	Enable TLS for the connection to the events broker. The events broker is the ocis service which receives and delivers events between the services..
`STORAGE_USERS_EVENTS_NUM_CONSUMERS`	int	0	The amount of concurrent event consumers to start. Event consumers are used for post-processing files. Multiple consumers increase parallelisation, but will also increase CPU and memory demands. The setting has no effect when the OCIS_ASYNC_UPLOADS is set to false. The default and minimum value is 1.
`OCIS_CACHE_STORE` `STORAGE_USERS_STAT_CACHE_STORE`	string	noop	The type of the cache store. Supported values are: 'memory', 'ocmem', 'etcd', 'redis', 'redis-sentinel', 'nats-js', 'noop'. See the text description for details.
`OCIS_CACHE_STORE_NODES` `STORAGE_USERS_STAT_CACHE_STORE_NODES`	[]string	[]	A comma separated list of nodes to access the configured store. This has no effect when 'memory' or 'ocmem' stores are configured. Note that the behaviour how nodes are used is dependent on the library of the configured store.
`OCIS_CACHE_DATABASE`	string	ocis	The database name the configured store should use.
`OCIS_CACHE_TTL` `STORAGE_USERS_STAT_CACHE_TTL`	Duration	5m0s	Default time to live for user info in the user info cache. Only applied when access tokens has no expiration. The duration can be set as number followed by a unit identifier like s, m or h. Defaults to '300s' (300 seconds).
`OCIS_CACHE_SIZE` `STORAGE_USERS_STAT_CACHE_SIZE`	int	0	The maximum quantity of items in the user info cache. Only applies when store type 'ocmem' is configured. Defaults to 512.
`OCIS_CACHE_STORE` `STORAGE_USERS_FILEMETADATA_CACHE_STORE`	string	memory	The type of the cache store. Supported values are: 'memory', 'ocmem', 'etcd', 'redis', 'redis-sentinel', 'nats-js', 'noop'. See the text description for details.
`OCIS_CACHE_STORE_NODES` `STORAGE_USERS_FILEMETADATA_CACHE_STORE_NODES`	[]string	[]	A comma separated list of nodes to access the configured store. This has no effect when 'memory' or 'ocmem' stores are configured. Note that the behaviour how nodes are used is dependent on the library of the configured store.
`OCIS_CACHE_DATABASE`	string	ocis	The database name the configured store should use.
`OCIS_CACHE_TTL` `STORAGE_USERS_FILEMETADATA_CACHE_TTL`	Duration	24m0s	Default time to live for user info in the user info cache. Only applied when access tokens has no expiration. The duration can be set as number followed by a unit identifier like s, m or h. Defaults to '24h' (24 hours).
`OCIS_CACHE_SIZE` `STORAGE_USERS_FILEMETADATA_CACHE_SIZE`	int	0	The maximum quantity of items in the user info cache. Only applies when store type 'ocmem' is configured. Defaults to 512.
`OCIS_CACHE_STORE` `STORAGE_USERS_ID_CACHE_STORE`	string		The type of the cache store. Supported values are: 'memory', 'ocmem', 'etcd', 'redis', 'redis-sentinel', 'nats-js', 'noop'. See the text description for details.
`OCIS_CACHE_STORE_NODES` `STORAGE_USERS_ID_CACHE_STORE_NODES`	[]string	[]	A comma separated list of nodes to access the configured store. This has no effect when 'memory' or 'ocmem' stores are configured. Note that the behaviour how nodes are used is dependent on the library of the configured store.
`OCIS_CACHE_DATABASE`	string		The database name the configured store should use.
`OCIS_CACHE_TTL` `STORAGE_USERS_ID_CACHE_TTL`	Duration	0s	Default time to live for user info in the user info cache. Only applied when access tokens has no expiration. The duration can be set as number followed by a unit identifier like s, m or h. Defaults to '300s' (300 seconds).
`OCIS_CACHE_SIZE` `STORAGE_USERS_ID_CACHE_SIZE`	int	0	The maximum quantity of items in the user info cache. Only applies when store type 'ocmem' is configured. Defaults to 512.
`STORAGE_USERS_MOUNT_ID`	string		Mount ID of this storage.
`STORAGE_USERS_EXPOSE_DATA_SERVER`	bool	false	Exposes the data server directly to users and bypasses the data gateway. Ensure that the data server address is reachable by users.
`STORAGE_USERS_READ_ONLY`	bool	false	Set this storage to be read-only.
`STORAGE_USERS_UPLOAD_EXPIRATION`	int64	86400	Duration in seconds after which uploads will expire. Note that when setting this to a low number, uploads could be cancelled before they are finished and return a 403 to the user.
`OCIS_ADMIN_USER_ID` `STORAGE_USERS_PURGE_TRASH_BIN_USER_ID`	string		ID of the user who collects all necessary information for deletion. Consider that the UUID can be encoded in some LDAP deployment configurations like in .ldif files. These need to be decoded beforehand.
`STORAGE_USERS_PURGE_TRASH_BIN_PERSONAL_DELETE_BEFORE`	Duration	720h0m0s	Specifies the period of time in which items that have been in the personal trash-bin for longer than this value should be deleted. A value of 0 means no automatic deletion. The value is human-readable, valid values are '24h', '60m', '60s' etc.
`STORAGE_USERS_PURGE_TRASH_BIN_PROJECT_DELETE_BEFORE`	Duration	720h0m0s	Specifies the period of time in which items that have been in the project trash-bin for longer than this value should be deleted. A value of 0 means no automatic deletion. The value is human-readable, valid values are '24h', '60m', '60s' etc.
`OCIS_SERVICE_ACCOUNT_ID` `STORAGE_USERS_SERVICE_ACCOUNT_ID`	string		The ID of the service account the service should use. See the 'auth-service' service description for more details.
`OCIS_SERVICE_ACCOUNT_SECRET` `STORAGE_USERS_SERVICE_ACCOUNT_SECRET`	string		The service account secret.

Deprecation notes for the storage-users service
Deprecation Info	Deprecation Version	Removal Version	Deprecation Replacement

Environment variables for the storage-users service
Name	Type	Default Value	Description
`OCIS_TRACING_ENABLED` `STORAGE_USERS_TRACING_ENABLED`	bool	false	Activates tracing.
`OCIS_TRACING_TYPE` `STORAGE_USERS_TRACING_TYPE`	string		The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.
`OCIS_TRACING_ENDPOINT` `STORAGE_USERS_TRACING_ENDPOINT`	string		The endpoint of the tracing agent.
`OCIS_TRACING_COLLECTOR` `STORAGE_USERS_TRACING_COLLECTOR`	string		The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.
`OCIS_LOG_LEVEL` `STORAGE_USERS_LOG_LEVEL`	string		The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.
`OCIS_LOG_PRETTY` `STORAGE_USERS_LOG_PRETTY`	bool	false	Activates pretty log output.
`OCIS_LOG_COLOR` `STORAGE_USERS_LOG_COLOR`	bool	false	Activates colorized log output.
`OCIS_LOG_FILE` `STORAGE_USERS_LOG_FILE`	string		The path to the log file. Activates logging to this file if set.
`STORAGE_USERS_DEBUG_ADDR`	string	127.0.0.1:9159	Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.
`STORAGE_USERS_DEBUG_TOKEN`	string		Token to secure the metrics endpoint.
`STORAGE_USERS_DEBUG_PPROF`	bool	false	Enables pprof, which can be used for profiling.
`STORAGE_USERS_DEBUG_ZPAGES`	bool	false	Enables zpages, which can be used for collecting and viewing in-memory traces.
`STORAGE_USERS_GRPC_ADDR`	string	127.0.0.1:9157	The bind address of the GRPC service.
`STORAGE_USERS_GRPC_PROTOCOL`	string	tcp	The transport protocol of the GPRC service.
`STORAGE_USERS_HTTP_ADDR`	string	127.0.0.1:9158	The bind address of the HTTP service.
`STORAGE_USERS_HTTP_PROTOCOL`	string	tcp	The transport protocol of the HTTP service.
`OCIS_JWT_SECRET` `STORAGE_USERS_JWT_SECRET`	string		The secret to mint and validate jwt tokens.
`OCIS_REVA_GATEWAY`	string	com.owncloud.api.gateway	The CS3 gateway endpoint.
`OCIS_GRPC_CLIENT_TLS_MODE`	string		TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.
`OCIS_GRPC_CLIENT_TLS_CACERT`	string		Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.
`STORAGE_USERS_SKIP_USER_GROUPS_IN_TOKEN`	bool	false	Disables the loading of user’s group memberships from the reva access token.
`STORAGE_USERS_GRACEFUL_SHUTDOWN_TIMEOUT`	int	30	The number of seconds to wait for the 'storage-users' service to shutdown cleanly before exiting with an error that gets logged. Note: This setting is only applicable when running the 'storage-users' service as a standalone service. See the text description for more details.
`STORAGE_USERS_DRIVER`	string	ocis	The storage driver which should be used by the service. Defaults to 'ocis', Supported values are: 'ocis', 's3ng' and 'owncloudsql'. The 'ocis' driver stores all data (blob and meta data) in an POSIX compliant volume. The 's3ng' driver stores metadata in a POSIX compliant volume and uploads blobs to the s3 bucket.
`OCIS_DECOMPOSEDFS_METADATA_BACKEND` `STORAGE_USERS_OCIS_METADATA_BACKEND`	string	messagepack	The backend to use for storing metadata. Supported values are 'messagepack' and 'xattrs'. The setting 'messagepack' uses a dedicated file to store file metadata while 'xattrs' uses extended attributes to store file metadata. Defaults to 'messagepack'.
`OCIS_DECOMPOSEDFS_PROPAGATOR` `STORAGE_USERS_OCIS_PROPAGATOR`	string	sync	The propagator used for decomposedfs. At the moment, only 'sync' is fully supported, 'async' is available as an experimental option.
`STORAGE_USERS_ASYNC_PROPAGATOR_PROPAGATION_DELAY`	Duration	0s	The delay in seconds between a change made to a tree and the propagation start on treesize and treetime. Multiple propagations are computed to a single one.
`STORAGE_USERS_OCIS_ROOT`	string	~/.ocis/storage/users	The directory where the filesystem storage will store blobs and metadata. If not defined, the root directory derives from $OCIS_BASE_DATA_PATH:/storage/users.
`STORAGE_USERS_OCIS_USER_LAYOUT`	string	{{.Id.OpaqueId}}	Template string for the user storage layout in the user directory.
`STORAGE_USERS_PERMISSION_ENDPOINT` `STORAGE_USERS_OCIS_PERMISSIONS_ENDPOINT`	string	com.owncloud.api.settings	Endpoint of the permissions service. The endpoints can differ for 'ocis' and 's3ng'.
`STORAGE_USERS_OCIS_PERSONAL_SPACE_ALIAS_TEMPLATE`	string	{{.SpaceType}}/{{.User.Username \| lower}}	Template string to construct personal space aliases.
`STORAGE_USERS_OCIS_GENERAL_SPACE_ALIAS_TEMPLATE`	string	{{.SpaceType}}/{{.SpaceName \| replace " " "-" \| lower}}	Template string to construct general space aliases.
`STORAGE_USERS_OCIS_SHARE_FOLDER`	string	/Shares	Name of the folder jailing all shares.
`STORAGE_USERS_OCIS_MAX_ACQUIRE_LOCK_CYCLES`	int	20	When trying to lock files, ocis will try this amount of times to acquire the lock before failing. After each try it will wait for an increasing amount of time. Values of 0 or below will be ignored and the default value of 20 will be used.
`STORAGE_USERS_OCIS_LOCK_CYCLE_DURATION_FACTOR`	int	30	When trying to lock files, ocis will multiply the cycle with this factor and use it as a millisecond timeout. Values of 0 or below will be ignored and the default value of 30 will be used.
`STORAGE_USERS_OCIS_MAX_CONCURRENCY`	int	0	Maximum number of concurrent go-routines. Higher values can potentially get work done faster but will also cause more load on the system. Values of 0 or below will be ignored and the default value of 100 will be used.
`OCIS_ASYNC_UPLOADS` ``	bool	false	Enable asynchronous file uploads.
`OCIS_SPACES_MAX_QUOTA` `STORAGE_USERS_OCIS_MAX_QUOTA`	uint64	0	Set a global max quota for spaces in bytes. A value of 0 equals unlimited. If not using the global OCIS_SPACES_MAX_QUOTA, you must define the FRONTEND_MAX_QUOTA in the frontend service.
`STORAGE_USERS_S3NG_METADATA_BACKEND`	string	messagepack	The backend to use for storing metadata. Supported values are 'xattrs' and 'messagepack'. The setting 'xattrs' uses extended attributes to store file metadata while 'messagepack' uses a dedicated file to store file metadata. Defaults to 'xattrs'.
`OCIS_DECOMPOSEDFS_PROPAGATOR` `STORAGE_USERS_S3NG_PROPAGATOR`	string	sync	The propagator used for decomposedfs. At the moment, only 'sync' is fully supported, 'async' is available as an experimental option.
`STORAGE_USERS_ASYNC_PROPAGATOR_PROPAGATION_DELAY`	Duration	0s	The delay in seconds between a change made to a tree and the propagation start on treesize and treetime. Multiple propagations are computed to a single one.
`STORAGE_USERS_S3NG_ROOT`	string	~/.ocis/storage/users	The directory where the filesystem storage will store metadata for blobs. If not defined, the root directory derives from $OCIS_BASE_DATA_PATH:/storage/users.
`STORAGE_USERS_S3NG_USER_LAYOUT`	string	{{.Id.OpaqueId}}	Template string for the user storage layout in the user directory.
`STORAGE_USERS_PERMISSION_ENDPOINT` `STORAGE_USERS_S3NG_PERMISSIONS_ENDPOINT`	string	com.owncloud.api.settings	Endpoint of the permissions service. The endpoints can differ for 'ocis' and 's3ng'.
`STORAGE_USERS_S3NG_REGION`	string	default	Region of the S3 bucket.
`STORAGE_USERS_S3NG_ACCESS_KEY`	string		Access key for the S3 bucket.
`STORAGE_USERS_S3NG_SECRET_KEY`	string		Secret key for the S3 bucket.
`STORAGE_USERS_S3NG_ENDPOINT`	string		Endpoint for the S3 bucket.
`STORAGE_USERS_S3NG_BUCKET`	string		Name of the S3 bucket.
`STORAGE_USERS_S3NG_PERSONAL_SPACE_ALIAS_TEMPLATE`	string	{{.SpaceType}}/{{.User.Username \| lower}}	Template string to construct personal space aliases.
`STORAGE_USERS_S3NG_GENERAL_SPACE_ALIAS_TEMPLATE`	string	{{.SpaceType}}/{{.SpaceName \| replace " " "-" \| lower}}	Template string to construct general space aliases.
`STORAGE_USERS_S3NG_SHARE_FOLDER`	string	/Shares	Name of the folder jailing all shares.
`STORAGE_USERS_S3NG_MAX_ACQUIRE_LOCK_CYCLES`	int	20	When trying to lock files, ocis will try this amount of times to acquire the lock before failing. After each try it will wait for an increasing amount of time. Values of 0 or below will be ignored and the default value of 20 will be used.
`STORAGE_USERS_S3NG_LOCK_CYCLE_DURATION_FACTOR`	int	30	When trying to lock files, ocis will multiply the cycle with this factor and use it as a millisecond timeout. Values of 0 or below will be ignored and the default value of 30 will be used.
`STORAGE_USERS_S3NG_MAX_CONCURRENCY`	int	0	Maximum number of concurrent go-routines. Higher values can potentially get work done faster but will also cause more load on the system. Values of 0 or below will be ignored and the default value of 100 will be used.
`STORAGE_USERS_OWNCLOUDSQL_DATADIR`	string	~/.ocis/storage/owncloud	The directory where the filesystem storage will store SQL migration data. If not defined, the root directory derives from $OCIS_BASE_DATA_PATH:/storage/owncloud.
`STORAGE_USERS_OWNCLOUDSQL_SHARE_FOLDER`	string	/Shares	Name of the folder jailing all shares.
`STORAGE_USERS_OWNCLOUDSQL_LAYOUT`	string	{{.Username}}	Path layout to use to navigate into a users folder in an owncloud data directory
`STORAGE_USERS_OWNCLOUDSQL_UPLOADINFO_DIR`	string	~/.ocis/storage/uploadinfo	The directory where the filesystem will store uploads temporarily. If not defined, the root directory derives from $OCIS_BASE_DATA_PATH:/storage/uploadinfo.
`STORAGE_USERS_OWNCLOUDSQL_DB_USERNAME`	string	owncloud	Username for the database.
`STORAGE_USERS_OWNCLOUDSQL_DB_PASSWORD`	string	owncloud	Password for the database.
`STORAGE_USERS_OWNCLOUDSQL_DB_HOST`	string		Hostname or IP of the database server.
`STORAGE_USERS_OWNCLOUDSQL_DB_PORT`	int	3306	Port that the database server is listening on.
`STORAGE_USERS_OWNCLOUDSQL_DB_NAME`	string	owncloud	Name of the database to be used.
`STORAGE_USERS_OWNCLOUDSQL_USERS_PROVIDER_ENDPOINT`	string	com.owncloud.api.users	Endpoint of the users provider.
`STORAGE_USERS_DATA_SERVER_URL`	string	http://localhost:9158/data	URL of the data server, needs to be reachable by the data gateway provided by the frontend service or the user if directly exposed.
`STORAGE_USERS_DATA_GATEWAY_URL`	string	https://localhost:9200/data	URL of the data gateway server
`STORAGE_USERS_TRANSFER_EXPIRES`	int64	86400	the time after which the token for upload postprocessing expires
`OCIS_EVENTS_ENDPOINT` `STORAGE_USERS_EVENTS_ENDPOINT`	string	127.0.0.1:9233	The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.
`OCIS_EVENTS_CLUSTER` `STORAGE_USERS_EVENTS_CLUSTER`	string	ocis-cluster	The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.
`OCIS_INSECURE` `STORAGE_USERS_EVENTS_TLS_INSECURE`	bool	false	Whether to verify the server TLS certificates.
`OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE` `STORAGE_USERS_EVENTS_TLS_ROOT_CA_CERTIFICATE`	string		The root CA certificate used to validate the server’s TLS certificate. If provided STORAGE_USERS_EVENTS_TLS_INSECURE will be seen as false.
`OCIS_EVENTS_ENABLE_TLS` `STORAGE_USERS_EVENTS_ENABLE_TLS`	bool	false	Enable TLS for the connection to the events broker. The events broker is the ocis service which receives and delivers events between the services..
`STORAGE_USERS_EVENTS_NUM_CONSUMERS`	int	0	The amount of concurrent event consumers to start. Event consumers are used for post-processing files. Multiple consumers increase parallelisation, but will also increase CPU and memory demands. The setting has no effect when the OCIS_ASYNC_UPLOADS is set to false. The default and minimum value is 1.
`OCIS_CACHE_STORE` `STORAGE_USERS_STAT_CACHE_STORE`	string	noop	The type of the cache store. Supported values are: 'memory', 'ocmem', 'etcd', 'redis', 'redis-sentinel', 'nats-js', 'noop'. See the text description for details.
`OCIS_CACHE_STORE_NODES` `STORAGE_USERS_STAT_CACHE_STORE_NODES`	[]string	[]	A comma separated list of nodes to access the configured store. This has no effect when 'memory' or 'ocmem' stores are configured. Note that the behaviour how nodes are used is dependent on the library of the configured store.
`OCIS_CACHE_DATABASE`	string	ocis	The database name the configured store should use.
`OCIS_CACHE_TTL` `STORAGE_USERS_STAT_CACHE_TTL`	Duration	5m0s	Default time to live for user info in the user info cache. Only applied when access tokens has no expiration. The duration can be set as number followed by a unit identifier like s, m or h. Defaults to '300s' (300 seconds).
`OCIS_CACHE_SIZE` `STORAGE_USERS_STAT_CACHE_SIZE`	int	0	The maximum quantity of items in the user info cache. Only applies when store type 'ocmem' is configured. Defaults to 512.
`OCIS_CACHE_STORE` `STORAGE_USERS_FILEMETADATA_CACHE_STORE`	string	memory	The type of the cache store. Supported values are: 'memory', 'ocmem', 'etcd', 'redis', 'redis-sentinel', 'nats-js', 'noop'. See the text description for details.
`OCIS_CACHE_STORE_NODES` `STORAGE_USERS_FILEMETADATA_CACHE_STORE_NODES`	[]string	[]	A comma separated list of nodes to access the configured store. This has no effect when 'memory' or 'ocmem' stores are configured. Note that the behaviour how nodes are used is dependent on the library of the configured store.
`OCIS_CACHE_DATABASE`	string	ocis	The database name the configured store should use.
`OCIS_CACHE_TTL` `STORAGE_USERS_FILEMETADATA_CACHE_TTL`	Duration	24m0s	Default time to live for user info in the user info cache. Only applied when access tokens has no expiration. The duration can be set as number followed by a unit identifier like s, m or h. Defaults to '24h' (24 hours).
`OCIS_CACHE_SIZE` `STORAGE_USERS_FILEMETADATA_CACHE_SIZE`	int	0	The maximum quantity of items in the user info cache. Only applies when store type 'ocmem' is configured. Defaults to 512.
`OCIS_CACHE_STORE` `STORAGE_USERS_ID_CACHE_STORE`	string		The type of the cache store. Supported values are: 'memory', 'ocmem', 'etcd', 'redis', 'redis-sentinel', 'nats-js', 'noop'. See the text description for details.
`OCIS_CACHE_STORE_NODES` `STORAGE_USERS_ID_CACHE_STORE_NODES`	[]string	[]	A comma separated list of nodes to access the configured store. This has no effect when 'memory' or 'ocmem' stores are configured. Note that the behaviour how nodes are used is dependent on the library of the configured store.
`OCIS_CACHE_DATABASE`	string		The database name the configured store should use.
`OCIS_CACHE_TTL` `STORAGE_USERS_ID_CACHE_TTL`	Duration	0s	Default time to live for user info in the user info cache. Only applied when access tokens has no expiration. The duration can be set as number followed by a unit identifier like s, m or h. Defaults to '300s' (300 seconds).
`OCIS_CACHE_SIZE` `STORAGE_USERS_ID_CACHE_SIZE`	int	0	The maximum quantity of items in the user info cache. Only applies when store type 'ocmem' is configured. Defaults to 512.
`STORAGE_USERS_MOUNT_ID`	string		Mount ID of this storage.
`STORAGE_USERS_EXPOSE_DATA_SERVER`	bool	false	Exposes the data server directly to users and bypasses the data gateway. Ensure that the data server address is reachable by users.
`STORAGE_USERS_READ_ONLY`	bool	false	Set this storage to be read-only.
`STORAGE_USERS_UPLOAD_EXPIRATION`	int64	86400	Duration in seconds after which uploads will expire. Note that when setting this to a low number, uploads could be cancelled before they are finished and return a 403 to the user.
`OCIS_ADMIN_USER_ID` `STORAGE_USERS_PURGE_TRASH_BIN_USER_ID`	string		ID of the user who collects all necessary information for deletion. Consider that the UUID can be encoded in some LDAP deployment configurations like in .ldif files. These need to be decoded beforehand.
`STORAGE_USERS_PURGE_TRASH_BIN_PERSONAL_DELETE_BEFORE`	Duration	720h0m0s	Specifies the period of time in which items that have been in the personal trash-bin for longer than this value should be deleted. A value of 0 means no automatic deletion. The value is human-readable, valid values are '24h', '60m', '60s' etc.
`STORAGE_USERS_PURGE_TRASH_BIN_PROJECT_DELETE_BEFORE`	Duration	720h0m0s	Specifies the period of time in which items that have been in the project trash-bin for longer than this value should be deleted. A value of 0 means no automatic deletion. The value is human-readable, valid values are '24h', '60m', '60s' etc.

Deprecation notes for the storage-users service
Deprecation Info	Deprecation Version	Removal Version	Deprecation Replacement
REVA_GATEWAY changing name for consistency	3.0	4.0.0	OCIS_REVA_GATEWAY
STORAGE_USERS_OCIS_ASYNC_UPLOADS changing name for consistency	3.0	4.0.0	OCIS_ASYNC_UPLOADS
STORAGE_USERS_EVENTS_TLS_ROOT_CA_CERT changing name for consistency	3.0	4.0.0	STORAGE_USERS_EVENTS_TLS_ROOT_CA_CERTIFICATE

Environment variables for the storage-users service
Name	Type	Default Value	Description
`OCIS_TRACING_ENABLED` `STORAGE_USERS_TRACING_ENABLED`	bool	false	Activates tracing.
`OCIS_TRACING_TYPE` `STORAGE_USERS_TRACING_TYPE`	string		The type of tracing. Defaults to "", which is the same as "jaeger". Allowed tracing types are "jaeger" and "" as of now.
`OCIS_TRACING_ENDPOINT` `STORAGE_USERS_TRACING_ENDPOINT`	string		The endpoint of the tracing agent.
`OCIS_TRACING_COLLECTOR` `STORAGE_USERS_TRACING_COLLECTOR`	string		The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.
`OCIS_LOG_LEVEL` `STORAGE_USERS_LOG_LEVEL`	string		The log level. Valid values are: "panic", "fatal", "error", "warn", "info", "debug", "trace".
`OCIS_LOG_PRETTY` `STORAGE_USERS_LOG_PRETTY`	bool	false	Activates pretty log output.
`OCIS_LOG_COLOR` `STORAGE_USERS_LOG_COLOR`	bool	false	Activates colorized log output.
`OCIS_LOG_FILE` `STORAGE_USERS_LOG_FILE`	string		The path to the log file. Activates logging to this file if set.
`STORAGE_USERS_DEBUG_ADDR`	string	127.0.0.1:9159	Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.
`STORAGE_USERS_DEBUG_TOKEN`	string		Token to secure the metrics endpoint.
`STORAGE_USERS_DEBUG_PPROF`	bool	false	Enables pprof, which can be used for profiling.
`STORAGE_USERS_DEBUG_ZPAGES`	bool	false	Enables zpages, which can be used for collecting and viewing in-memory traces.
`STORAGE_USERS_GRPC_ADDR`	string	127.0.0.1:9157	The bind address of the GRPC service.
`STORAGE_USERS_GRPC_PROTOCOL`	string	tcp	The transport protocol of the GPRC service.
`STORAGE_USERS_HTTP_ADDR`	string	127.0.0.1:9158	The bind address of the HTTP service.
`STORAGE_USERS_HTTP_PROTOCOL`	string	tcp	The transport protocol of the HTTP service.
`OCIS_JWT_SECRET` `STORAGE_USERS_JWT_SECRET`	string		The secret to mint and validate jwt tokens.
`OCIS_REVA_GATEWAY` `REVA_GATEWAY` Deprecation Note	string	127.0.0.1:9142	The CS3 gateway endpoint.
`OCIS_GRPC_CLIENT_TLS_MODE`	string		TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.
`OCIS_GRPC_CLIENT_TLS_CACERT`	string		Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.
`STORAGE_USERS_SKIP_USER_GROUPS_IN_TOKEN`	bool	false	Disables the loading of user’s group memberships from the reva access token.
`STORAGE_USERS_DRIVER`	string	ocis	The storage driver which should be used by the service. Defaults to 'ocis', Supported values are: 'ocis', 's3ng' and 'owncloudsql'. The 'ocis' driver stores all data (blob and meta data) in an POSIX compliant volume. The 's3ng' driver stores metadata in a POSIX compliant volume and uploads blobs to the s3 bucket.
`OCIS_DECOMPOSEDFS_METADATA_BACKEND` `STORAGE_USERS_OCIS_METADATA_BACKEND`	string	messagepack	The backend to use for storing metadata. Supported values are 'messagepack' and 'xattrs'. The setting 'messagepack' uses a dedicated file to store file metadata while 'xattrs' uses extended attributes to store file metadata. Defaults to 'messagepack'.
`STORAGE_USERS_OCIS_ROOT`	string	~/.ocis/storage/users	The directory where the filesystem storage will store blobs and metadata. If not defined, the root directory derives from $OCIS_BASE_DATA_PATH:/storage/users.
`STORAGE_USERS_OCIS_USER_LAYOUT`	string	{{.Id.OpaqueId}}	Template string for the user storage layout in the user directory.
`STORAGE_USERS_PERMISSION_ENDPOINT` `STORAGE_USERS_OCIS_PERMISSIONS_ENDPOINT`	string	127.0.0.1:9191	Endpoint of the permissions service. The endpoints can differ for 'ocis' and 's3ng'.
`STORAGE_USERS_OCIS_PERSONAL_SPACE_ALIAS_TEMPLATE`	string	{{.SpaceType}}/{{.User.Username \| lower}}	Template string to construct personal space aliases.
`STORAGE_USERS_OCIS_GENERAL_SPACE_ALIAS_TEMPLATE`	string	{{.SpaceType}}/{{.SpaceName \| replace " " "-" \| lower}}	Template string to construct general space aliases.
`STORAGE_USERS_OCIS_SHARE_FOLDER`	string	/Shares	Name of the folder jailing all shares.
`STORAGE_USERS_OCIS_MAX_ACQUIRE_LOCK_CYCLES`	int	20	When trying to lock files, ocis will try this amount of times to acquire the lock before failing. After each try it will wait for an increasing amount of time. Values of 0 or below will be ignored and the default value of 20 will be used.
`STORAGE_USERS_OCIS_LOCK_CYCLE_DURATION_FACTOR`	int	30	When trying to lock files, ocis will multiply the cycle with this factor and use it as a millisecond timeout. Values of 0 or below will be ignored and the default value of 30 will be used.
`STORAGE_USERS_OCIS_MAX_CONCURRENCY`	int	0	Maximum number of concurrent go-routines. Higher values can potentially get work done faster but will also cause more load on the system. Values of 0 or below will be ignored and the default value of 100 will be used.
`OCIS_ASYNC_UPLOADS` `STORAGE_USERS_OCIS_ASYNC_UPLOADS` Deprecation Note	bool	false	Enable asynchronous file uploads.
`OCIS_SPACES_MAX_QUOTA` `STORAGE_USERS_OCIS_MAX_QUOTA`	uint64	0	Set a global max quota for spaces in bytes. A value of 0 equals unlimited. If not using the global OCIS_SPACES_MAX_QUOTA, you must define the FRONTEND_MAX_QUOTA in the frontend service.
`STORAGE_USERS_S3NG_METADATA_BACKEND`	string	messagepack	The backend to use for storing metadata. Supported values are 'xattrs' and 'messagepack'. The setting 'xattrs' uses extended attributes to store file metadata while 'messagepack' uses a dedicated file to store file metadata. Defaults to 'xattrs'.
`STORAGE_USERS_S3NG_ROOT`	string	~/.ocis/storage/users	The directory where the filesystem storage will store metadata for blobs. If not defined, the root directory derives from $OCIS_BASE_DATA_PATH:/storage/users.
`STORAGE_USERS_S3NG_USER_LAYOUT`	string	{{.Id.OpaqueId}}	Template string for the user storage layout in the user directory.
`STORAGE_USERS_PERMISSION_ENDPOINT` `STORAGE_USERS_S3NG_PERMISSIONS_ENDPOINT`	string	127.0.0.1:9191	Endpoint of the permissions service. The endpoints can differ for 'ocis' and 's3ng'.
`STORAGE_USERS_S3NG_REGION`	string	default	Region of the S3 bucket.
`STORAGE_USERS_S3NG_ACCESS_KEY`	string		Access key for the S3 bucket.
`STORAGE_USERS_S3NG_SECRET_KEY`	string		Secret key for the S3 bucket.
`STORAGE_USERS_S3NG_ENDPOINT`	string		Endpoint for the S3 bucket.
`STORAGE_USERS_S3NG_BUCKET`	string		Name of the S3 bucket.
`STORAGE_USERS_S3NG_PERSONAL_SPACE_ALIAS_TEMPLATE`	string	{{.SpaceType}}/{{.User.Username \| lower}}	Template string to construct personal space aliases.
`STORAGE_USERS_S3NG_GENERAL_SPACE_ALIAS_TEMPLATE`	string	{{.SpaceType}}/{{.SpaceName \| replace " " "-" \| lower}}	Template string to construct general space aliases.
`STORAGE_USERS_S3NG_SHARE_FOLDER`	string	/Shares	Name of the folder jailing all shares.
`STORAGE_USERS_S3NG_MAX_ACQUIRE_LOCK_CYCLES`	int	20	When trying to lock files, ocis will try this amount of times to acquire the lock before failing. After each try it will wait for an increasing amount of time. Values of 0 or below will be ignored and the default value of 20 will be used.
`STORAGE_USERS_S3NG_LOCK_CYCLE_DURATION_FACTOR`	int	30	When trying to lock files, ocis will multiply the cycle with this factor and use it as a millisecond timeout. Values of 0 or below will be ignored and the default value of 30 will be used.
`STORAGE_USERS_S3NG_MAX_CONCURRENCY`	int	0	Maximum number of concurrent go-routines. Higher values can potentially get work done faster but will also cause more load on the system. Values of 0 or below will be ignored and the default value of 100 will be used.
`STORAGE_USERS_OWNCLOUDSQL_DATADIR`	string	~/.ocis/storage/owncloud	The directory where the filesystem storage will store SQL migration data. If not defined, the root directory derives from $OCIS_BASE_DATA_PATH:/storage/owncloud.
`STORAGE_USERS_OWNCLOUDSQL_SHARE_FOLDER`	string	/Shares	Name of the folder jailing all shares.
`STORAGE_USERS_OWNCLOUDSQL_LAYOUT`	string	{{.Username}}	Path layout to use to navigate into a users folder in an owncloud data directory
`STORAGE_USERS_OWNCLOUDSQL_UPLOADINFO_DIR`	string	~/.ocis/storage/uploadinfo	The directory where the filesystem will store uploads temporarily. If not defined, the root directory derives from $OCIS_BASE_DATA_PATH:/storage/uploadinfo.
`STORAGE_USERS_OWNCLOUDSQL_DB_USERNAME`	string	owncloud	Username for the database.
`STORAGE_USERS_OWNCLOUDSQL_DB_PASSWORD`	string	owncloud	Password for the database.
`STORAGE_USERS_OWNCLOUDSQL_DB_HOST`	string		Hostname or IP of the database server.
`STORAGE_USERS_OWNCLOUDSQL_DB_PORT`	int	3306	Port that the database server is listening on.
`STORAGE_USERS_OWNCLOUDSQL_DB_NAME`	string	owncloud	Name of the database to be used.
`STORAGE_USERS_OWNCLOUDSQL_USERS_PROVIDER_ENDPOINT`	string	localhost:9144	Endpoint of the users provider.
`STORAGE_USERS_DATA_SERVER_URL`	string	http://localhost:9158/data	URL of the data server, needs to be reachable by the data gateway provided by the frontend service or the user if directly exposed.
`STORAGE_USERS_DATA_GATEWAY_URL`	string	https://localhost:9200/data	URL of the data gateway server
`STORAGE_USERS_TRANSFER_EXPIRES`	int64	86400	the time after which the token for upload postprocessing expires
`OCIS_EVENTS_ENDPOINT` `STORAGE_USERS_EVENTS_ENDPOINT`	string	127.0.0.1:9233	The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.
`OCIS_EVENTS_CLUSTER` `STORAGE_USERS_EVENTS_CLUSTER`	string	ocis-cluster	The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.
`OCIS_INSECURE` `STORAGE_USERS_EVENTS_TLS_INSECURE`	bool	false	Whether to verify the server TLS certificates.
`OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE` `STORAGE_USERS_EVENTS_TLS_ROOT_CA_CERTIFICATE` `STORAGE_USERS_EVENTS_TLS_ROOT_CA_CERT` Deprecation Note	string		The root CA certificate used to validate the server’s TLS certificate. If provided STORAGE_USERS_EVENTS_TLS_INSECURE will be seen as false.
`OCIS_EVENTS_ENABLE_TLS` `STORAGE_USERS_EVENTS_ENABLE_TLS`	bool	false	Enable TLS for the connection to the events broker. The events broker is the ocis service which receives and delivers events between the services..
`STORAGE_USERS_EVENTS_NUM_CONSUMERS`	int	0	The amount of concurrent event consumers to start. Event consumers are used for post-processing files. Multiple consumers increase parallelisation, but will also increase CPU and memory demands. The setting has no effect when the STORAGE_USERS_OCIS_ASYNC_UPLOADS is set to false. The default and minimum value is 1.
`OCIS_CACHE_STORE` `STORAGE_USERS_STAT_CACHE_STORE`	string	noop	The type of the cache store. Supported values are: 'memory', 'ocmem', 'etcd', 'redis', 'redis-sentinel', 'nats-js', 'noop'. See the text description for details.
`OCIS_CACHE_STORE_NODES` `STORAGE_USERS_STAT_CACHE_STORE_NODES`	[]string	[]	A comma separated list of nodes to access the configured store. This has no effect when 'memory' or 'ocmem' stores are configured. Note that the behaviour how nodes are used is dependent on the library of the configured store.
`OCIS_CACHE_DATABASE`	string	ocis	The database name the configured store should use.
`OCIS_CACHE_TTL` `STORAGE_USERS_STAT_CACHE_TTL`	Duration	5m0s	Default time to live for user info in the user info cache. Only applied when access tokens has no expiration. The duration can be set as number followed by a unit identifier like s, m or h. Defaults to '300s' (300 seconds).
`OCIS_CACHE_SIZE` `STORAGE_USERS_STAT_CACHE_SIZE`	int	0	The maximum quantity of items in the user info cache. Only applies when store type 'ocmem' is configured. Defaults to 512.
`OCIS_CACHE_STORE` `STORAGE_USERS_FILEMETADATA_CACHE_STORE`	string	memory	The type of the cache store. Supported values are: 'memory', 'ocmem', 'etcd', 'redis', 'redis-sentinel', 'nats-js', 'noop'. See the text description for details.
`OCIS_CACHE_STORE_NODES` `STORAGE_USERS_FILEMETADATA_CACHE_STORE_NODES`	[]string	[]	A comma separated list of nodes to access the configured store. This has no effect when 'memory' or 'ocmem' stores are configured. Note that the behaviour how nodes are used is dependent on the library of the configured store.
`OCIS_CACHE_DATABASE`	string	ocis	The database name the configured store should use.
`OCIS_CACHE_TTL` `STORAGE_USERS_FILEMETADATA_CACHE_TTL`	Duration	24m0s	Default time to live for user info in the user info cache. Only applied when access tokens has no expiration. The duration can be set as number followed by a unit identifier like s, m or h. Defaults to '24h' (24 hours).
`OCIS_CACHE_SIZE` `STORAGE_USERS_FILEMETADATA_CACHE_SIZE`	int	0	The maximum quantity of items in the user info cache. Only applies when store type 'ocmem' is configured. Defaults to 512.
`OCIS_CACHE_STORE` `STORAGE_USERS_ID_CACHE_STORE`	string		The type of the cache store. Supported values are: 'memory', 'ocmem', 'etcd', 'redis', 'redis-sentinel', 'nats-js', 'noop'. See the text description for details.
`OCIS_CACHE_STORE_NODES` `STORAGE_USERS_ID_CACHE_STORE_NODES`	[]string	[]	A comma separated list of nodes to access the configured store. This has no effect when 'memory' or 'ocmem' stores are configured. Note that the behaviour how nodes are used is dependent on the library of the configured store.
`OCIS_CACHE_DATABASE`	string		The database name the configured store should use.
`OCIS_CACHE_TTL` `STORAGE_USERS_ID_CACHE_TTL`	Duration	0s	Default time to live for user info in the user info cache. Only applied when access tokens has no expiration. The duration can be set as number followed by a unit identifier like s, m or h. Defaults to '300s' (300 seconds).
`OCIS_CACHE_SIZE` `STORAGE_USERS_ID_CACHE_SIZE`	int	0	The maximum quantity of items in the user info cache. Only applies when store type 'ocmem' is configured. Defaults to 512.
`STORAGE_USERS_MOUNT_ID`	string		Mount ID of this storage.
`STORAGE_USERS_EXPOSE_DATA_SERVER`	bool	false	Exposes the data server directly to users and bypasses the data gateway. Ensure that the data server address is reachable by users.
`STORAGE_USERS_READ_ONLY`	bool	false	Set this storage to be read-only.
`STORAGE_USERS_UPLOAD_EXPIRATION`	int64	86400	Duration in seconds after which uploads will expire. Note that when setting this to a low number, uploads could be cancelled before they are finished and return a 403 to the user.
`OCIS_ADMIN_USER_ID` `STORAGE_USERS_PURGE_TRASH_BIN_USER_ID`	string		ID of the user who collects all necessary information for deletion.
`STORAGE_USERS_PURGE_TRASH_BIN_PERSONAL_DELETE_BEFORE`	Duration	720h0m0s	Specifies the period of time in which items that have been in the personal trash-bin for longer than this value should be deleted. A value of 0 means no automatic deletion. The value is human-readable, valid values are '24h', '60m', '60s' etc.
`STORAGE_USERS_PURGE_TRASH_BIN_PROJECT_DELETE_BEFORE`	Duration	720h0m0s	Specifies the period of time in which items that have been in the project trash-bin for longer than this value should be deleted. A value of 0 means no automatic deletion. The value is human-readable, valid values are '24h', '60m', '60s' etc.

YAML Example

Note that the filename shown below has been chosen on purpose.
See the Configuration File Naming for details when setting up your own configuration.

latest
4.0.1
3.0.0

# Autogenerated
# Filename: storage-users-config-example.yaml

tracing:
  enabled: false
  type: ""
  endpoint: ""
  collector: ""
log:
  level: ""
  pretty: false
  color: false
  file: ""
debug:
  addr: 127.0.0.1:9159
  token: ""
  pprof: false
  zpages: false
grpc:
  addr: 127.0.0.1:9157
  tls: null
  protocol: tcp
http:
  addr: 127.0.0.1:9158
  protocol: tcp
  prefix: data
token_manager:
  jwt_secret: ""
reva:
  address: com.owncloud.api.gateway
  tls:
    mode: ""
    cacert: ""
skip_user_groups_in_token: false
graceful_shutdown_timeout: 30
driver: ocis
drivers:
  ocis:
    metadata_backend: messagepack
    propagator: sync
    async_propagator_options:
      propagation_delay: 0s
    root: ~/.ocis/storage/users
    user_layout: '{{.Id.OpaqueId}}'
    permissions_endpoint: com.owncloud.api.settings
    personalspacealias_template: '{{.SpaceType}}/{{.User.Username | lower}}'
    generalspacealias_template: '{{.SpaceType}}/{{.SpaceName | replace " " "-" | lower}}'
    share_folder: /Shares
    max_acquire_lock_cycles: 20
    lock_cycle_duration_factor: 30
    max_concurrency: 0
    async_uploads: false
    max_quota: 0
  s3ng:
    metadata_backend: messagepack
    propagator: sync
    async_propagator_options:
      propagation_delay: 0s
    root: ~/.ocis/storage/users
    user_layout: '{{.Id.OpaqueId}}'
    permissions_endpoint: com.owncloud.api.settings
    region: default
    access_key: ""
    secret_key: ""
    endpoint: ""
    bucket: ""
    personalspacealias_template: '{{.SpaceType}}/{{.User.Username | lower}}'
    generalspacealias_template: '{{.SpaceType}}/{{.SpaceName | replace " " "-" | lower}}'
    share_folder: /Shares
    max_acquire_lock_cycles: 20
    lock_cycle_duration_factor: 30
    max_concurrency: 0
  owncloudsql:
    root: ~/.ocis/storage/owncloud
    share_folder: /Shares
    user_layout: '{{.Username}}'
    upload_info_dir: ~/.ocis/storage/uploadinfo
    db_username: owncloud
    db_password: owncloud
    db_host: ""
    db_port: 3306
    db_name: owncloud
    users_provider_endpoint: com.owncloud.api.users
data_server_url: http://localhost:9158/data
data_gateway_url: https://localhost:9200/data
transfer_expires: 86400
events:
  endpoint: 127.0.0.1:9233
  cluster: ocis-cluster
  tls_insecure: false
  tls_root_ca_cert_path: ""
  enable_tls: false
  num_consumers: 0
stat_cache:
  store: noop
  nodes: []
  database: ocis
  ttl: 5m0s
  size: 0
filemetadata_cache:
  store: memory
  nodes: []
  database: ocis
  ttl: 24m0s
  size: 0
id_cache:
  store: ""
  nodes: []
  database: ""
  ttl: 0s
  size: 0
mount_id: ""
expose_data_server: false
readonly: false
upload_expiration: 86400
tasks:
  purge_trash_bin:
    user_id: ""
    personal_delete_before: 720h0m0s
    project_delete_before: 720h0m0s
service_account:
  service_account_id: ""
  service_account_secret: ""

# Autogenerated
# Filename: storage-users-config-example.yaml

tracing:
  enabled: false
  type: ""
  endpoint: ""
  collector: ""
log:
  level: ""
  pretty: false
  color: false
  file: ""
debug:
  addr: 127.0.0.1:9159
  token: ""
  pprof: false
  zpages: false
grpc:
  addr: 127.0.0.1:9157
  tls: null
  protocol: tcp
http:
  addr: 127.0.0.1:9158
  protocol: tcp
  prefix: data
token_manager:
  jwt_secret: ""
reva:
  address: com.owncloud.api.gateway
  tls:
    mode: ""
    cacert: ""
skip_user_groups_in_token: false
graceful_shutdown_timeout: 30
driver: ocis
drivers:
  ocis:
    metadata_backend: messagepack
    propagator: sync
    async_propagator_options:
      propagation_delay: 0s
    root: ~/.ocis/storage/users
    user_layout: '{{.Id.OpaqueId}}'
    permissions_endpoint: com.owncloud.api.settings
    personalspacealias_template: '{{.SpaceType}}/{{.User.Username | lower}}'
    generalspacealias_template: '{{.SpaceType}}/{{.SpaceName | replace " " "-" | lower}}'
    share_folder: /Shares
    max_acquire_lock_cycles: 20
    lock_cycle_duration_factor: 30
    max_concurrency: 0
    async_uploads: false
    max_quota: 0
  s3ng:
    metadata_backend: messagepack
    propagator: sync
    async_propagator_options:
      propagation_delay: 0s
    root: ~/.ocis/storage/users
    user_layout: '{{.Id.OpaqueId}}'
    permissions_endpoint: com.owncloud.api.settings
    region: default
    access_key: ""
    secret_key: ""
    endpoint: ""
    bucket: ""
    personalspacealias_template: '{{.SpaceType}}/{{.User.Username | lower}}'
    generalspacealias_template: '{{.SpaceType}}/{{.SpaceName | replace " " "-" | lower}}'
    share_folder: /Shares
    max_acquire_lock_cycles: 20
    lock_cycle_duration_factor: 30
    max_concurrency: 0
  owncloudsql:
    root: ~/.ocis/storage/owncloud
    share_folder: /Shares
    user_layout: '{{.Username}}'
    upload_info_dir: ~/.ocis/storage/uploadinfo
    db_username: owncloud
    db_password: owncloud
    db_host: ""
    db_port: 3306
    db_name: owncloud
    users_provider_endpoint: com.owncloud.api.users
data_server_url: http://localhost:9158/data
data_gateway_url: https://localhost:9200/data
transfer_expires: 86400
events:
  endpoint: 127.0.0.1:9233
  cluster: ocis-cluster
  tls_insecure: false
  tls_root_ca_cert_path: ""
  enable_tls: false
  num_consumers: 0
stat_cache:
  store: noop
  nodes: []
  database: ocis
  ttl: 5m0s
  size: 0
filemetadata_cache:
  store: memory
  nodes: []
  database: ocis
  ttl: 24m0s
  size: 0
id_cache:
  store: ""
  nodes: []
  database: ""
  ttl: 0s
  size: 0
mount_id: ""
expose_data_server: false
readonly: false
upload_expiration: 86400
tasks:
  purge_trash_bin:
    user_id: ""
    personal_delete_before: 720h0m0s
    project_delete_before: 720h0m0s

# Autogenerated
# Filename: storage-users-config-example.yaml

tracing:
  enabled: false
  type: ""
  endpoint: ""
  collector: ""
log:
  level: ""
  pretty: false
  color: false
  file: ""
debug:
  addr: 127.0.0.1:9159
  token: ""
  pprof: false
  zpages: false
grpc:
  addr: 127.0.0.1:9157
  tls: null
  protocol: tcp
http:
  addr: 127.0.0.1:9158
  protocol: tcp
  prefix: data
token_manager:
  jwt_secret: ""
reva:
  address: 127.0.0.1:9142
  tls:
    mode: ""
    cacert: ""
skip_user_groups_in_token: false
driver: ocis
drivers:
  ocis:
    metadata_backend: messagepack
    root: ~/.ocis/storage/users
    user_layout: '{{.Id.OpaqueId}}'
    permissions_endpoint: 127.0.0.1:9191
    personalspacealias_template: '{{.SpaceType}}/{{.User.Username | lower}}'
    generalspacealias_template: '{{.SpaceType}}/{{.SpaceName | replace " " "-" | lower}}'
    share_folder: /Shares
    max_acquire_lock_cycles: 20
    lock_cycle_duration_factor: 30
    max_concurrency: 0
    async_uploads: false
    max_quota: 0
  s3ng:
    metadata_backend: messagepack
    root: ~/.ocis/storage/users
    user_layout: '{{.Id.OpaqueId}}'
    permissions_endpoint: 127.0.0.1:9191
    region: default
    access_key: ""
    secret_key: ""
    endpoint: ""
    bucket: ""
    personalspacealias_template: '{{.SpaceType}}/{{.User.Username | lower}}'
    generalspacealias_template: '{{.SpaceType}}/{{.SpaceName | replace " " "-" | lower}}'
    share_folder: /Shares
    max_acquire_lock_cycles: 20
    lock_cycle_duration_factor: 30
    max_concurrency: 0
  owncloudsql:
    root: ~/.ocis/storage/owncloud
    share_folder: /Shares
    user_layout: '{{.Username}}'
    upload_info_dir: ~/.ocis/storage/uploadinfo
    db_username: owncloud
    db_password: owncloud
    db_host: ""
    db_port: 3306
    db_name: owncloud
    users_provider_endpoint: localhost:9144
data_server_url: http://localhost:9158/data
data_gateway_url: https://localhost:9200/data
transfer_expires: 86400
events:
  endpoint: 127.0.0.1:9233
  cluster: ocis-cluster
  tls_insecure: false
  tls_root_ca_cert_path: ""
  enable_tls: false
  num_consumers: 0
stat_cache:
  store: noop
  nodes: []
  database: ocis
  ttl: 5m0s
  size: 0
filemetadata_cache:
  store: memory
  nodes: []
  database: ocis
  ttl: 24m0s
  size: 0
id_cache:
  store: ""
  nodes: []
  database: ""
  ttl: 0s
  size: 0
mount_id: ""
expose_data_server: false
readonly: false
upload_expiration: 86400
tasks:
  purge_trash_bin:
    user_id: ""
    personal_delete_before: 720h0m0s
    project_delete_before: 720h0m0s