aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorQuentin Dufour <quentin@deuxfleurs.fr>2020-01-24 16:53:05 +0100
committerQuentin Dufour <quentin@deuxfleurs.fr>2020-01-24 16:53:05 +0100
commit0c4419b6a4550e5afe866a3caf505e1a19e91fa2 (patch)
treea8c5d154f0ff07e50a0d8a3b9c0385aaff1b7897
parent541d42e460dc0bea2fc8d593b1654e4126194703 (diff)
downloadinfrastructure-0c4419b6a4550e5afe866a3caf505e1a19e91fa2.tar.gz
infrastructure-0c4419b6a4550e5afe866a3caf505e1a19e91fa2.zip
WIP object storage
-rw-r--r--nomad/object_storage.hcl159
1 files changed, 159 insertions, 0 deletions
diff --git a/nomad/object_storage.hcl b/nomad/object_storage.hcl
new file mode 100644
index 0000000..fa40c4b
--- /dev/null
+++ b/nomad/object_storage.hcl
@@ -0,0 +1,159 @@
+job "not_safe_object_storage" {
+ datacenters = ["dc1"]
+ type = "service"
+
+ constraint {
+ attribute = "${attr.cpu.arch}"
+ value = "amd64"
+ }
+
+ group "not_safe_pithos" {
+ count = 2
+ task "not_safe_server" {
+ driver = "docker"
+ config {
+ image = "superboum/amd64_pithos:v1"
+ readonly_rootfs = true
+ port_map {
+ s3_port = 8080
+ }
+ volumes = [
+ "secrets/pithos.yaml:/etc/pithos/pithos.yaml"
+ ]
+ }
+
+ resources {
+ memory = 500
+ network {
+ port "s3_port" {
+ static = "8080"
+ }
+ }
+ }
+
+ template {
+ data = <<EOH
+service:
+ host: '0.0.0.0'
+ port: 8080
+
+
+## logging configuration
+## ---------------------
+logging:
+ level: info
+ console: true
+ files: []
+
+# overrides:
+# io.exo.pithos: debug
+
+
+## global options
+## --------------
+options:
+ service-uri: 's3.esir.deuxfleurs.fr'
+ reporting: true
+ server-side-encryption: true
+ multipart-upload: true
+ masterkey-provisioning: true
+ masterkey-access: true
+ default-region: 'FR-RN1'
+
+
+## keystore configuration
+## ----------------------
+#
+# Keystores associate an access key with
+# an organization and secret key.
+#
+# They may offer provisioning capacities with the
+# masterkey. The default provider relies on keys
+# being defined inline.
+# generate access key: openssl rand -base64 24
+# generate secret key: openssl rand -base64 39
+# (size is arbitrary)
+keystore:
+ keys:
+ NHu3glGc0lj5FL5AZPTvgjB20tb9w4Eo:
+ master: true
+ tenant: 'pyr@spootnik.org'
+ secret: 'fpyehmZsimMHeYScjwTUREzvIOICeRZiO01Dck0JIKEifKdwOT3T'
+ rXNoqKXY45RcxpBOKy8i4H8fqGzlHIZu:
+ tenant: 'exoscale'
+ secret: 'qtQlWujN70Ukh9IvIbqIM3Zqos/5aU72hOhLCXblQ0PmfYsGO8lU'
+
+
+## bucketstore configuration
+## -------------------------
+#
+# The bucketstore is ring global and contains information
+# on bucket location and global parameters.
+#
+# Its primary aim is to hold bucket location and ownership
+# information.
+#
+# The default provider relies on cassandra.
+bucketstore:
+ default-region: 'FR-RN1'
+ cluster:
+ - 148.60.11.181
+ - 148.60.11.183
+ - 148.60.11.237
+ keyspace: 'storage'
+
+
+## regions
+## -------
+#
+# Regions are composed of a metastore and an arbitrary number
+# of named storage classes which depend on a blobstore.
+#
+# The metastore holds metadata for the full region, as well as
+# object storage-class placement information.
+#
+# The default implementation of both metastore and blobstore
+# rely on cassandra.
+#
+regions:
+ FR-RN1:
+ metastore:
+ cluster:
+ - 148.60.11.181
+ - 148.60.11.183
+ - 148.60.11.237
+ keyspace: 'storage'
+ storage-classes:
+ standard:
+ cluster:
+ - 148.60.11.181
+ - 148.60.11.183
+ - 148.60.11.237
+ keyspace: 'storage'
+ max-chunk: '128k'
+ max-block-chunks: 1024
+EOH
+ destination = "secrets/pithos.yaml"
+ }
+
+ service {
+ tags = ["pithos"]
+ port = "s3_port"
+ address_mode = "host"
+ name = "pithos"
+ check {
+ type = "tcp"
+ port = "s3_port"
+ interval = "60s"
+ timeout = "5s"
+ check_restart {
+ limit = 3
+ grace = "300s"
+ ignore_warnings = false
+ }
+ }
+ }
+ }
+ }
+}
+