aboutsummaryrefslogtreecommitdiff
path: root/app/garage
diff options
context:
space:
mode:
authorQuentin <quentin@dufour.io>2021-01-18 08:18:21 +0100
committerQuentin <quentin@dufour.io>2021-01-18 08:18:21 +0100
commitad6017eea058f7cb6fdf078783f992a4f45a3e15 (patch)
tree6620bcc9e1ea61a5689b763b9ad8280275e35e76 /app/garage
parent79b7273ff2a487d6721d393682c8ad3927467a75 (diff)
parentc642370def01f09d966b3b9c643cfe416ea115cf (diff)
downloadinfrastructure-ad6017eea058f7cb6fdf078783f992a4f45a3e15.tar.gz
infrastructure-ad6017eea058f7cb6fdf078783f992a4f45a3e15.zip
Merge pull request 'Reorganize app/ and add script for secret management' (#29) from test_reorganize into master
Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/infrastructure/pulls/29
Diffstat (limited to 'app/garage')
-rw-r--r--app/garage/config/garage.toml30
-rw-r--r--app/garage/deploy/garage.hcl102
2 files changed, 132 insertions, 0 deletions
diff --git a/app/garage/config/garage.toml b/app/garage/config/garage.toml
new file mode 100644
index 0000000..4d08cf2
--- /dev/null
+++ b/app/garage/config/garage.toml
@@ -0,0 +1,30 @@
+block_size = 1048576
+
+metadata_dir = "/garage/meta"
+data_dir = "/garage/data"
+
+rpc_bind_addr = "[::]:3901"
+
+consul_host = "consul.service.2.cluster.deuxfleurs.fr:8500"
+consul_service_name = "garage-rpc"
+
+bootstrap_peers = []
+
+max_concurrent_rpc_requests = 12
+data_replication_factor = 3
+meta_replication_factor = 3
+meta_epidemic_fanout = 3
+
+[rpc_tls]
+ca_cert = "/garage/garage-ca.crt"
+node_cert = "/garage/garage.crt"
+node_key = "/garage/garage.key"
+
+[s3_api]
+s3_region = "garage"
+api_bind_addr = "[::]:3900"
+
+[s3_web]
+bind_addr = "[::]:3902"
+root_domain = ".web.deuxfleurs.fr"
+index = "index.html"
diff --git a/app/garage/deploy/garage.hcl b/app/garage/deploy/garage.hcl
new file mode 100644
index 0000000..1be68aa
--- /dev/null
+++ b/app/garage/deploy/garage.hcl
@@ -0,0 +1,102 @@
+job "garage" {
+ datacenters = ["dc1", "belair", "saturne"]
+ type = "system"
+ priority = 40
+
+ constraint {
+ attribute = "${attr.cpu.arch}"
+ value = "amd64"
+ }
+
+ group "garage" {
+ network {
+ port "s3" { static = 3900 }
+ port "rpc" { static = 3901 }
+ port "web" { static = 3902 }
+ }
+
+ task "server" {
+ driver = "docker"
+ config {
+ advertise_ipv6_address = true
+ image = "lxpz/garage_amd64:v0.1.1b"
+ network_mode = "host"
+ volumes = [
+ "/mnt/storage/garage/data:/garage/data",
+ "/mnt/ssd/garage/meta:/garage/meta",
+ "secrets/garage.toml:/garage/config.toml",
+ "secrets/garage-ca.crt:/garage/garage-ca.crt",
+ "secrets/garage.crt:/garage/garage.crt",
+ "secrets/garage.key:/garage/garage.key",
+ ]
+ }
+
+ template {
+ data = file("../config/garage.toml")
+ destination = "secrets/garage.toml"
+ }
+
+ # --- secrets ---
+ template {
+ data = "{{ key \"secrets/garage/garage-ca.crt\" }}"
+ destination = "secrets/garage-ca.crt"
+ }
+ template {
+ data = "{{ key \"secrets/garage/garage.crt\" }}"
+ destination = "secrets/garage.crt"
+ }
+ template {
+ data = "{{ key \"secrets/garage/garage.key\" }}"
+ destination = "secrets/garage.key"
+ }
+
+ resources {
+ memory = 500
+ cpu = 1000
+ }
+
+ service {
+ tags = [
+ "garage_api",
+ "traefik.enable=true",
+ "traefik.frontend.entryPoints=https,http",
+ "traefik.frontend.rule=Host:garage.deuxfleurs.fr"
+ ]
+ port = 3900
+ address_mode = "driver"
+ name = "garage-api"
+ check {
+ type = "tcp"
+ port = 3900
+ address_mode = "driver"
+ interval = "60s"
+ timeout = "5s"
+ check_restart {
+ limit = 3
+ grace = "90s"
+ ignore_warnings = false
+ }
+ }
+ }
+
+ service {
+ tags = ["garage-rpc"]
+ port = 3901
+ address_mode = "driver"
+ name = "garage-rpc"
+ check {
+ type = "tcp"
+ port = 3901
+ address_mode = "driver"
+ interval = "60s"
+ timeout = "5s"
+ check_restart {
+ limit = 3
+ grace = "90s"
+ ignore_warnings = false
+ }
+ }
+ }
+ }
+ }
+}