diff options
author | Quentin <quentin@dufour.io> | 2021-01-18 08:18:21 +0100 |
---|---|---|
committer | Quentin <quentin@dufour.io> | 2021-01-18 08:18:21 +0100 |
commit | ad6017eea058f7cb6fdf078783f992a4f45a3e15 (patch) | |
tree | 6620bcc9e1ea61a5689b763b9ad8280275e35e76 /app/garage | |
parent | 79b7273ff2a487d6721d393682c8ad3927467a75 (diff) | |
parent | c642370def01f09d966b3b9c643cfe416ea115cf (diff) | |
download | infrastructure-ad6017eea058f7cb6fdf078783f992a4f45a3e15.tar.gz infrastructure-ad6017eea058f7cb6fdf078783f992a4f45a3e15.zip |
Merge pull request 'Reorganize app/ and add script for secret management' (#29) from test_reorganize into master
Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/infrastructure/pulls/29
Diffstat (limited to 'app/garage')
-rw-r--r-- | app/garage/config/garage.toml | 30 | ||||
-rw-r--r-- | app/garage/deploy/garage.hcl | 102 |
2 files changed, 132 insertions, 0 deletions
diff --git a/app/garage/config/garage.toml b/app/garage/config/garage.toml new file mode 100644 index 0000000..4d08cf2 --- /dev/null +++ b/app/garage/config/garage.toml @@ -0,0 +1,30 @@ +block_size = 1048576 + +metadata_dir = "/garage/meta" +data_dir = "/garage/data" + +rpc_bind_addr = "[::]:3901" + +consul_host = "consul.service.2.cluster.deuxfleurs.fr:8500" +consul_service_name = "garage-rpc" + +bootstrap_peers = [] + +max_concurrent_rpc_requests = 12 +data_replication_factor = 3 +meta_replication_factor = 3 +meta_epidemic_fanout = 3 + +[rpc_tls] +ca_cert = "/garage/garage-ca.crt" +node_cert = "/garage/garage.crt" +node_key = "/garage/garage.key" + +[s3_api] +s3_region = "garage" +api_bind_addr = "[::]:3900" + +[s3_web] +bind_addr = "[::]:3902" +root_domain = ".web.deuxfleurs.fr" +index = "index.html" diff --git a/app/garage/deploy/garage.hcl b/app/garage/deploy/garage.hcl new file mode 100644 index 0000000..1be68aa --- /dev/null +++ b/app/garage/deploy/garage.hcl @@ -0,0 +1,102 @@ +job "garage" { + datacenters = ["dc1", "belair", "saturne"] + type = "system" + priority = 40 + + constraint { + attribute = "${attr.cpu.arch}" + value = "amd64" + } + + group "garage" { + network { + port "s3" { static = 3900 } + port "rpc" { static = 3901 } + port "web" { static = 3902 } + } + + task "server" { + driver = "docker" + config { + advertise_ipv6_address = true + image = "lxpz/garage_amd64:v0.1.1b" + network_mode = "host" + volumes = [ + "/mnt/storage/garage/data:/garage/data", + "/mnt/ssd/garage/meta:/garage/meta", + "secrets/garage.toml:/garage/config.toml", + "secrets/garage-ca.crt:/garage/garage-ca.crt", + "secrets/garage.crt:/garage/garage.crt", + "secrets/garage.key:/garage/garage.key", + ] + } + + template { + data = file("../config/garage.toml") + destination = "secrets/garage.toml" + } + + # --- secrets --- + template { + data = "{{ key \"secrets/garage/garage-ca.crt\" }}" + destination = "secrets/garage-ca.crt" + } + template { + data = "{{ key \"secrets/garage/garage.crt\" }}" + destination = "secrets/garage.crt" + } + template { + data = "{{ key \"secrets/garage/garage.key\" }}" + destination = "secrets/garage.key" + } + + resources { + memory = 500 + cpu = 1000 + } + + service { + tags = [ + "garage_api", + "traefik.enable=true", + "traefik.frontend.entryPoints=https,http", + "traefik.frontend.rule=Host:garage.deuxfleurs.fr" + ] + port = 3900 + address_mode = "driver" + name = "garage-api" + check { + type = "tcp" + port = 3900 + address_mode = "driver" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + + service { + tags = ["garage-rpc"] + port = 3901 + address_mode = "driver" + name = "garage-rpc" + check { + type = "tcp" + port = 3901 + address_mode = "driver" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + } + } +} |