job "not_safe_object_storage" { datacenters = ["dc1"] type = "service" constraint { attribute = "${attr.cpu.arch}" value = "amd64" } group "not_safe_pithos" { count = 2 task "not_safe_server" { driver = "docker" config { image = "superboum/amd64_pithos:v1" readonly_rootfs = true port_map { s3_port = 8080 } volumes = [ "secrets/pithos.yaml:/etc/pithos/pithos.yaml" ] } resources { memory = 500 network { port "s3_port" { static = "8080" } } } template { data = <<EOH service: host: '0.0.0.0' port: 8080 ## logging configuration ## --------------------- logging: level: info console: true files: [] # overrides: # io.exo.pithos: debug ## global options ## -------------- options: service-uri: 's3.esir.deuxfleurs.fr' reporting: true server-side-encryption: true multipart-upload: true masterkey-provisioning: true masterkey-access: true default-region: 'FR-RN1' ## keystore configuration ## ---------------------- # # Keystores associate an access key with # an organization and secret key. # # They may offer provisioning capacities with the # masterkey. The default provider relies on keys # being defined inline. # generate access key: openssl rand -base64 24 # generate secret key: openssl rand -base64 39 # (size is arbitrary) keystore: keys: NHu3glGc0lj5FL5AZPTvgjB20tb9w4Eo: master: true tenant: 'pyr@spootnik.org' secret: 'fpyehmZsimMHeYScjwTUREzvIOICeRZiO01Dck0JIKEifKdwOT3T' rXNoqKXY45RcxpBOKy8i4H8fqGzlHIZu: tenant: 'exoscale' secret: 'qtQlWujN70Ukh9IvIbqIM3Zqos/5aU72hOhLCXblQ0PmfYsGO8lU' ## bucketstore configuration ## ------------------------- # # The bucketstore is ring global and contains information # on bucket location and global parameters. # # Its primary aim is to hold bucket location and ownership # information. # # The default provider relies on cassandra. bucketstore: default-region: 'FR-RN1' cluster: - 148.60.11.181 - 148.60.11.183 - 148.60.11.237 keyspace: 'storage' ## regions ## ------- # # Regions are composed of a metastore and an arbitrary number # of named storage classes which depend on a blobstore. # # The metastore holds metadata for the full region, as well as # object storage-class placement information. # # The default implementation of both metastore and blobstore # rely on cassandra. # regions: FR-RN1: metastore: cluster: - 148.60.11.181 - 148.60.11.183 - 148.60.11.237 keyspace: 'storage' storage-classes: standard: cluster: - 148.60.11.181 - 148.60.11.183 - 148.60.11.237 keyspace: 'storage' max-chunk: '128k' max-block-chunks: 1024 EOH destination = "secrets/pithos.yaml" } service { tags = ["pithos"] port = "s3_port" address_mode = "host" name = "pithos" check { type = "tcp" port = "s3_port" interval = "60s" timeout = "5s" check_restart { limit = 3 grace = "300s" ignore_warnings = false } } } } } }