Feature flags

Feature flags are represented as a 64-bit bitmask field in aistore cluster configuration denoting assorted (named) capabilities that can be individually enabled at runtime.

The features themselves are enumerated below. Not all feature flags - henceforth, “features” - are cluster-global.

Assorted features, denoted by (*) below, can also be changed on a per-bucket basis.

By default, all features are disabled, and the corresponding 64-bit field is set to zero.

Table of Contents

Tagging system

Feature flags are now organized with descriptive tags to help users understand their purpose and impact. The CLI displays features in a 3-column format: FEATURE | TAGS | DESCRIPTION.

Tag categories

Domain-specific: s3, lz4, etl, mpu, telemetry
Performance impact: perf, overhead
Network/operations: net, ops, security
Compatibility: compat, promote
Deployment: deploy

Integrity impact indicators

Feature flags that affect data integrity are marked with directional indicators:

integrity+ - Enhances data integrity (safer, more conservative)
integrity- - Potentially compromises data integrity (trading safety for performance)
integrity? - Complex integrity implications (depends on deployment and runtime context)

This helps operators quickly identify flags that involve safety trade-offs.

Validation and conflicts

Feature flags now include validation logic to prevent conflicting configurations:

Disable-Cold-GET and Streaming-Cold-GET are mutually exclusive
Additional validation rules may be added for other conflicting combinations

The validation occurs both at the cluster level and when setting bucket properties.

Names and comments

name	tags	comment
`Enforce-IntraCluster-Access`	`security`	when enabled, aistore targets will make sure not to execute direct (ie., not redirected) API calls
`Skip-Loading-VersionChecksum-MD(*)`	`perf,integrity-`	skip loading existing object’s metadata, Version and Checksum (VC) in particular
`Do-not-Auto-Detect-FileShare`	`promote,ops`	do not auto-detect file share (NFS, SMB) when promoting shared files to AIS
`S3-API-via-Root`	`s3,compat,ops`	handle S3 requests via `aistore-hostname/` (whereby the default: `aistore-hostname/s3`)
`Fsync-PUT(*)`	`integrity+,overhead`	PUT and cold-GET: commit (or sync) the object payload to stable storage
`LZ4-Block-1MB`	`lz4`	.tar.lz4 format, lz4 compression: maximum uncompressed block size=1MB (default: 256K)
`LZ4-Frame-Checksum`	`lz4`	checksum lz4 frames
`Do-not-Allow-Passing-FQN-to-ETL`	`etl,security`	do not allow passing fully-qualified name of a locally stored object to (local) ETL containers
`Ignore-LimitedCoexistence-Conflicts`	`ops,integrity-`	run in presence of “limited coexistence” type conflicts
`S3-Presigned-Request(*)`	`s3,security,compat`	pass-through client-signed (presigned) S3 requests for subsequent authentication by S3
`Do-not-Optimize-Listing-Virtual-Dirs`	`overhead`	when prefix doesn’t end with ’/’ and is a subdirectory: don’t assume there are no prefixed object names
`Disable-Cold-GET`	`perf,integrity-`	do not perform cold GET request when using remote bucket
`Streaming-Cold-GET`	`perf,integrity-`	write and transmit cold-GET content back to user in parallel, without finalizing in-cluster object
`S3-Reverse-Proxy`	`s3,net,ops`	use reverse proxy calls instead of HTTP-redirect for S3 API
`S3-Use-Path-Style`	`s3,compat`	use older path-style addressing (as opposed to virtual-hosted style), e.g., https://s3.amazonaws.com/BUCKET/KEY
`Do-not-Delete-When-Rebalancing`	`integrity?,ops`	disable lazy deletion during global rebalance: do not delete misplaced sources of the migrated objects
`Do-not-Set-Control-Plane-ToS`	`net,ops`	intra-cluster control plane: use default network priority (do not set IPv4 ToS to low-latency)
`Trust-Crypto-Safe-Checksums`	`integrity+,overhead`	when checking whether objects are identical trust only cryptographically secure checksums
`S3-ListObjectVersions`	`s3,overhead`	when versioning info is requested, use ListObjectVersions API (beware: extremely slow, versioned S3 buckets only)
`Enable-Detailed-Prom-Metrics`	`telemetry,overhead`	include (bucket, xaction) Prometheus variable labels with every GET and PUT transaction
`Force-Container-CPU-Mem`	`deploy`	force container-based CPU and memory metrics when automated environment detection fails; unlike all other feature flags, takes effect only at startup (not at runtime)
`Resume-Interrupted-MPU`	`mpu,ops`	resume interrupted multipart uploads from persisted partial manifests
`Keep-Unknown-FQN`	`integrity?,ops`	do not delete unrecognized/invalid FQNs during space cleanup (‘ais space-cleanup’)
`Load-Balance-GET`	`perf`	when bucket is n-way mirrored read object replica from the least-utilized mountpath

Global features

1 $ ais config cluster features <TAB-TAB>
2 
3 Enforce-IntraCluster-Access            S3-Presigned-Request                   S3-ListObjectVersions
4 Skip-Loading-VersionChecksum-MD        Do-not-Optimize-Listing-Virtual-Dirs   Enable-Detailed-Prom-Metrics
5 Do-not-Auto-Detect-FileShare           Disable-Cold-GET                       Force-Container-CPU-Mem
6 S3-API-via-Root                        Streaming-Cold-GET                     Resume-Interrupted-MPU
7 Fsync-PUT                              S3-Reverse-Proxy                       Keep-Unknown-FQN
8 LZ4-Block-1MB                          S3-Use-Path-Style                      Load-Balance-GET
9 LZ4-Frame-Checksum                     Do-not-Delete-When-Rebalancing         none
10 Do-not-Allow-Passing-FQN-to-ETL        Do-not-Set-Control-Plane-ToS
11 Ignore-LimitedCoexistence-Conflicts    Trust-Crypto-Safe-Checksums

For example:

1 $ ais config cluster features S3-API-via-Root  Skip-Loading-VersionChecksum-MD  Load-Balance-GET
2 
3 PROPERTY         VALUE
4 features         Skip-Loading-VersionChecksum-MD
5                  S3-API-via-Root
6                  Load-Balance-GET
7 
8 FEATURE                              TAGS                    DESCRIPTION
9 Enforce-IntraCluster-Access          security               enforce intra-cluster access
10 Skip-Loading-VersionChecksum-MD      perf,integrity-        (*) skip loading existing object's metadata, Version and Checksum (VC) in particular              <<< colored
11 Do-not-Auto-Detect-FileShare         promote,ops            do not auto-detect file share (NFS, SMB) when _promoting_ shared files to AIS
12 S3-API-via-Root                      s3,compat,ops          handle s3 requests via `aistore-hostname/` (default: `aistore-hostname/s3`)                       <<< colored
13 Fsync-PUT                            integrity+,overhead    (*) when finalizing PUT(object): fflush prior to (close, rename) sequence
14 LZ4-Block-1MB                        lz4                    .tar.lz4 format, lz4 compression: max uncompressed block size=1MB (default: 256K)
15 LZ4-Frame-Checksum                   lz4                    checksum lz4 frames (default: don't)
16 Do-not-Allow-Passing-FQN-to-ETL      etl,security           do not allow passing fully-qualified name of a locally stored object to (local) ETL containers
17 Ignore-LimitedCoexistence-Conflicts  ops,integrity-         run in presence of _limited coexistence_ type conflicts (same as e.g. CopyBckMsg.Force but globally)
18 S3-Presigned-Request                 s3,security,compat     (*) pass-through client-signed (presigned) S3 requests for subsequent authentication by S3
19 Do-not-Optimize-Listing-Virtual-Dirs overhead               when prefix doesn't end with '/' and is a subdirectory: don't assume there are no _prefixed_ obj names
20 Disable-Cold-GET                     perf,integrity-        disable cold-GET (from remote bucket)
21 Streaming-Cold-GET                   perf,integrity-        write and transmit cold-GET content back to user in parallel, without _finalizing_ in-cluster object
22 S3-Reverse-Proxy                     s3,net,ops             intra-cluster communications: instead of regular HTTP redirects reverse-proxy S3 API calls to designated targets
23 S3-Use-Path-Style                    s3,compat              use older path-style addressing (as opposed to virtual-hosted style), e.g., https://s3.amazonaws.com/BUCKET/KEY
24 Do-not-Delete-When-Rebalancing       integrity?,ops         disable lazy deletion during global rebalance: do not delete misplaced sources of the migrated objects
25 Do-not-Set-Control-Plane-ToS         net,ops                intra-cluster control plane: use default network priority (do not set IPv4 ToS to low-latency)
26 Trust-Crypto-Safe-Checksums          integrity+,overhead    when checking whether objects are identical trust only cryptographically secure checksums
27 S3-ListObjectVersions                s3,overhead            when versioning info is requested, use ListObjectVersions API (beware: extremely slow, versioned S3 buckets only)
28 Enable-Detailed-Prom-Metrics         telemetry,overhead     include (bucket, xaction) Prometheus variable labels with every GET and PUT transaction
29 Force-Container-CPU-Mem              deploy                 force container-based CPU and memory metrics when automated environment detection fails (startup only)
30 Resume-Interrupted-MPU               mpu,ops                resume interrupted multipart uploads from persisted partial manifests
31 Keep-Unknown-FQN                     integrity?,ops         do not delete unrecognized/invalid FQNs during space cleanup ('ais space-cleanup')
32 Load-Balance-GET                     perf                   when bucket is n-way mirrored read object replica from the least-utilized mountpath               <<< colored
33 
34 Cluster config updated

Notice the [FEATURE, TAGS, DESCRIPTION] table above that shows all supported feature flags along with their respective tags and descriptions. Currently selected features are shown in color. Tags help identify the purpose and impact of each feature at a glance.

Tip: Use the tags to quickly identify features by category. For example, look for integrity- tags to identify features that may trade data integrity for performance, or overhead tags for features that may impact performance.

To view the current (configured) setting, type the same command and hit Enter:

1 $ ais config cluster features
2 
3 PROPERTY         VALUE
4 features         Skip-Loading-VersionChecksum-MD
5                  S3-API-via-Root
6                  Load-Balance-GET
7 
8 FEATURE                              TAGS                    DESCRIPTION
9 Enforce-IntraCluster-Access          security               enforce intra-cluster access
10 Skip-Loading-VersionChecksum-MD      perf,integrity-        (*) skip loading existing object's metadata, Version and Checksum (VC) in particular               <<< colored
11 Do-not-Auto-Detect-FileShare         promote,ops            do not auto-detect file share (NFS, SMB) when _promoting_ shared files to AIS
12 S3-API-via-Root                      s3,compat,ops          handle s3 requests via `aistore-hostname/` (default: `aistore-hostname/s3`)                        <<< colored
13 Fsync-PUT                            integrity+,overhead    (*) when finalizing PUT(object): fflush prior to (close, rename) sequence
14 LZ4-Block-1MB                        lz4                    .tar.lz4 format, lz4 compression: max uncompressed block size=1MB (default: 256K)
15 LZ4-Frame-Checksum                   lz4                    checksum lz4 frames (default: don't)
16 Do-not-Allow-Passing-FQN-to-ETL      etl,security           do not allow passing fully-qualified name of a locally stored object to (local) ETL containers
17 Ignore-LimitedCoexistence-Conflicts  ops,integrity-         run in presence of _limited coexistence_ type conflicts (same as e.g. CopyBckMsg.Force but globally)
18 S3-Presigned-Request                 s3,security,compat     (*) pass-through client-signed (presigned) S3 requests for subsequent authentication by S3
19 Do-not-Optimize-Listing-Virtual-Dirs overhead               when prefix doesn't end with '/' and is a subdirectory: don't assume there are no _prefixed_ obj names
20 Disable-Cold-GET                     perf,integrity-        disable cold-GET (from remote bucket)
21 Streaming-Cold-GET                   perf,integrity-        write and transmit cold-GET content back to user in parallel, without _finalizing_ in-cluster object
22 S3-Reverse-Proxy                     s3,net,ops             intra-cluster communications: instead of regular HTTP redirects reverse-proxy S3 API calls to designated targets
23 S3-Use-Path-Style                    s3,compat              use older path-style addressing (as opposed to virtual-hosted style), e.g., https://s3.amazonaws.com/BUCKET/KEY
24 Do-not-Delete-When-Rebalancing       integrity?,ops         disable lazy deletion during global rebalance: do not delete misplaced sources of the migrated objects
25 Do-not-Set-Control-Plane-ToS         net,ops                intra-cluster control plane: use default network priority (do not set IPv4 ToS to low-latency)
26 Trust-Crypto-Safe-Checksums          integrity+,overhead    when checking whether objects are identical trust only cryptographically secure checksums
27 S3-ListObjectVersions                s3,overhead            when versioning info is requested, use ListObjectVersions API (beware: extremely slow, versioned S3 buckets only)
28 Enable-Detailed-Prom-Metrics         telemetry,overhead     include (bucket, xaction) Prometheus variable labels with every GET and PUT transaction
29 Force-Container-CPU-Mem              deploy                 force container-based CPU and memory metrics when automated environment detection fails (startup only)
30 Resume-Interrupted-MPU               mpu,ops                resume interrupted multipart uploads from persisted partial manifests
31 Keep-Unknown-FQN                     integrity?,ops         do not delete unrecognized/invalid FQNs during space cleanup ('ais space-cleanup')
32 Load-Balance-GET                     perf                   when bucket is n-way mirrored read object replica from the least-utilized mountpath               <<< colored

The same in JSON:

1 $ ais config cluster features --json
2 {
3     "features": "1552"
4 }

Finally, to reset feature flags back to the system defaults, <TAB-TAB> to select none from the completion list, or simply run:

1 $ ais config cluster features none
2 
3 PROPERTY         VALUE
4 features         none
5 
6 Cluster config updated

Bucket features

By default, created and added (ie., discovered upon remote lookup) buckets inherit their properties from the cluster.

For background and details, see Bucket Properties.

It is possible, however, to change the defaults both at bucket creation time and/or at any later time.

Here’s a brief 1-2-3 demonstration in re specifically: feature flags.

1. show existing bucket-scope features

1 $ ais bucket props set ais://nnn features <TAB-TAB>
2 
3 Skip-Loading-VersionChecksum-MD   Disable-Cold-GET                  S3-ListObjectVersions
4 Fsync-PUT                         Streaming-Cold-GET                Resume-Interrupted-MPU
5 S3-Presigned-Request              S3-Use-Path-Style                 none

2. select and set

1 $ ais bucket props set ais://nnn features S3-Presigned-Request
2 
3 "features" set to: "S3-Presigned-Request" (was: "none")
4 
5 Bucket props successfully updated.
6 
7 FEATURE                          TAGS                    DESCRIPTION
8 Skip-Loading-VersionChecksum-MD  perf,integrity-        (*) skip loading existing object's metadata, Version and Checksum (VC) in particular
9 Fsync-PUT                        integrity+,overhead    (*) when finalizing PUT(object): fflush prior to (close, rename) sequence
10 S3-Presigned-Request             s3,security,compat     (*) pass-through client-signed (presigned) S3 requests for subsequent authentication by S3   <<<<<< colored
11 Disable-Cold-GET                 perf,integrity-        disable cold-GET (from remote bucket)
12 Streaming-Cold-GET               perf,integrity-        write and transmit cold-GET content back to user in parallel, without _finalizing_ in-cluster object
13 S3-Use-Path-Style                s3,compat              use older path-style addressing (as opposed to virtual-hosted style), e.g., https://s3.amazonaws.com/BUCKET/KEY

3. reset feature flags back to zero (or ‘none’)

1 $ ais bucket props set ais://nnn features none
2 "features" set to: "0" (was: "S3-Presigned-Request")
3 
4 Bucket props successfully updated.
5 
6 FEATURE                          TAGS                    DESCRIPTION
7 Skip-Loading-VersionChecksum-MD  perf,integrity-        (*) skip loading existing object's metadata, Version and Checksum (VC) in particular
8 Fsync-PUT                        integrity+,overhead    (*) when finalizing PUT(object): fflush prior to (close, rename) sequence
9 S3-Presigned-Request             s3,security,compat     (*) pass-through client-signed (presigned) S3 requests for subsequent authentication by S3
10 Disable-Cold-GET                 perf,integrity-        disable cold-GET (from remote bucket)
11 Streaming-Cold-GET               perf,integrity-        write and transmit cold-GET content back to user in parallel, without _finalizing_ in-cluster object
12 S3-Use-Path-Style                s3,compat              use older path-style addressing (as opposed to virtual-hosted style), e.g., https://s3.amazonaws.com/BUCKET/KEY
13 Resume-Interrupted-MPU           mpu,ops                resume interrupted multipart uploads from persisted partial manifests
14 S3-ListObjectVersions            s3,overhead            when versioning info is requested, use ListObjectVersions API (beware: extremely slow, versioned S3 buckets only)

Validation errors

When setting conflicting feature flags, the system will reject the configuration - e.g.:

1 $ ais config cluster features Disable-Cold-GET Streaming-Cold-GET
2 
3 Error: feature flags "Disable-Cold-GET" and "Streaming-Cold-GET" are mutually exclusive