diff options
author | Quentin Dufour <quentin@deuxfleurs.fr> | 2020-01-24 16:53:05 +0100 |
---|---|---|
committer | Quentin Dufour <quentin@deuxfleurs.fr> | 2020-01-24 16:53:05 +0100 |
commit | 0c4419b6a4550e5afe866a3caf505e1a19e91fa2 (patch) | |
tree | a8c5d154f0ff07e50a0d8a3b9c0385aaff1b7897 | |
parent | 541d42e460dc0bea2fc8d593b1654e4126194703 (diff) | |
download | infrastructure-0c4419b6a4550e5afe866a3caf505e1a19e91fa2.tar.gz infrastructure-0c4419b6a4550e5afe866a3caf505e1a19e91fa2.zip |
WIP object storage
-rw-r--r-- | nomad/object_storage.hcl | 159 |
1 files changed, 159 insertions, 0 deletions
diff --git a/nomad/object_storage.hcl b/nomad/object_storage.hcl new file mode 100644 index 0000000..fa40c4b --- /dev/null +++ b/nomad/object_storage.hcl @@ -0,0 +1,159 @@ +job "not_safe_object_storage" { + datacenters = ["dc1"] + type = "service" + + constraint { + attribute = "${attr.cpu.arch}" + value = "amd64" + } + + group "not_safe_pithos" { + count = 2 + task "not_safe_server" { + driver = "docker" + config { + image = "superboum/amd64_pithos:v1" + readonly_rootfs = true + port_map { + s3_port = 8080 + } + volumes = [ + "secrets/pithos.yaml:/etc/pithos/pithos.yaml" + ] + } + + resources { + memory = 500 + network { + port "s3_port" { + static = "8080" + } + } + } + + template { + data = <<EOH +service: + host: '0.0.0.0' + port: 8080 + + +## logging configuration +## --------------------- +logging: + level: info + console: true + files: [] + +# overrides: +# io.exo.pithos: debug + + +## global options +## -------------- +options: + service-uri: 's3.esir.deuxfleurs.fr' + reporting: true + server-side-encryption: true + multipart-upload: true + masterkey-provisioning: true + masterkey-access: true + default-region: 'FR-RN1' + + +## keystore configuration +## ---------------------- +# +# Keystores associate an access key with +# an organization and secret key. +# +# They may offer provisioning capacities with the +# masterkey. The default provider relies on keys +# being defined inline. +# generate access key: openssl rand -base64 24 +# generate secret key: openssl rand -base64 39 +# (size is arbitrary) +keystore: + keys: + NHu3glGc0lj5FL5AZPTvgjB20tb9w4Eo: + master: true + tenant: 'pyr@spootnik.org' + secret: 'fpyehmZsimMHeYScjwTUREzvIOICeRZiO01Dck0JIKEifKdwOT3T' + rXNoqKXY45RcxpBOKy8i4H8fqGzlHIZu: + tenant: 'exoscale' + secret: 'qtQlWujN70Ukh9IvIbqIM3Zqos/5aU72hOhLCXblQ0PmfYsGO8lU' + + +## bucketstore configuration +## ------------------------- +# +# The bucketstore is ring global and contains information +# on bucket location and global parameters. +# +# Its primary aim is to hold bucket location and ownership +# information. +# +# The default provider relies on cassandra. +bucketstore: + default-region: 'FR-RN1' + cluster: + - 148.60.11.181 + - 148.60.11.183 + - 148.60.11.237 + keyspace: 'storage' + + +## regions +## ------- +# +# Regions are composed of a metastore and an arbitrary number +# of named storage classes which depend on a blobstore. +# +# The metastore holds metadata for the full region, as well as +# object storage-class placement information. +# +# The default implementation of both metastore and blobstore +# rely on cassandra. +# +regions: + FR-RN1: + metastore: + cluster: + - 148.60.11.181 + - 148.60.11.183 + - 148.60.11.237 + keyspace: 'storage' + storage-classes: + standard: + cluster: + - 148.60.11.181 + - 148.60.11.183 + - 148.60.11.237 + keyspace: 'storage' + max-chunk: '128k' + max-block-chunks: 1024 +EOH + destination = "secrets/pithos.yaml" + } + + service { + tags = ["pithos"] + port = "s3_port" + address_mode = "host" + name = "pithos" + check { + type = "tcp" + port = "s3_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "300s" + ignore_warnings = false + } + } + } + } + } +} + |