blob: fa40c4be4880b3c23cedae6996969ade7152d40c (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
|
job "not_safe_object_storage" {
datacenters = ["dc1"]
type = "service"
constraint {
attribute = "${attr.cpu.arch}"
value = "amd64"
}
group "not_safe_pithos" {
count = 2
task "not_safe_server" {
driver = "docker"
config {
image = "superboum/amd64_pithos:v1"
readonly_rootfs = true
port_map {
s3_port = 8080
}
volumes = [
"secrets/pithos.yaml:/etc/pithos/pithos.yaml"
]
}
resources {
memory = 500
network {
port "s3_port" {
static = "8080"
}
}
}
template {
data = <<EOH
service:
host: '0.0.0.0'
port: 8080
## logging configuration
## ---------------------
logging:
level: info
console: true
files: []
# overrides:
# io.exo.pithos: debug
## global options
## --------------
options:
service-uri: 's3.esir.deuxfleurs.fr'
reporting: true
server-side-encryption: true
multipart-upload: true
masterkey-provisioning: true
masterkey-access: true
default-region: 'FR-RN1'
## keystore configuration
## ----------------------
#
# Keystores associate an access key with
# an organization and secret key.
#
# They may offer provisioning capacities with the
# masterkey. The default provider relies on keys
# being defined inline.
# generate access key: openssl rand -base64 24
# generate secret key: openssl rand -base64 39
# (size is arbitrary)
keystore:
keys:
NHu3glGc0lj5FL5AZPTvgjB20tb9w4Eo:
master: true
tenant: 'pyr@spootnik.org'
secret: 'fpyehmZsimMHeYScjwTUREzvIOICeRZiO01Dck0JIKEifKdwOT3T'
rXNoqKXY45RcxpBOKy8i4H8fqGzlHIZu:
tenant: 'exoscale'
secret: 'qtQlWujN70Ukh9IvIbqIM3Zqos/5aU72hOhLCXblQ0PmfYsGO8lU'
## bucketstore configuration
## -------------------------
#
# The bucketstore is ring global and contains information
# on bucket location and global parameters.
#
# Its primary aim is to hold bucket location and ownership
# information.
#
# The default provider relies on cassandra.
bucketstore:
default-region: 'FR-RN1'
cluster:
- 148.60.11.181
- 148.60.11.183
- 148.60.11.237
keyspace: 'storage'
## regions
## -------
#
# Regions are composed of a metastore and an arbitrary number
# of named storage classes which depend on a blobstore.
#
# The metastore holds metadata for the full region, as well as
# object storage-class placement information.
#
# The default implementation of both metastore and blobstore
# rely on cassandra.
#
regions:
FR-RN1:
metastore:
cluster:
- 148.60.11.181
- 148.60.11.183
- 148.60.11.237
keyspace: 'storage'
storage-classes:
standard:
cluster:
- 148.60.11.181
- 148.60.11.183
- 148.60.11.237
keyspace: 'storage'
max-chunk: '128k'
max-block-chunks: 1024
EOH
destination = "secrets/pithos.yaml"
}
service {
tags = ["pithos"]
port = "s3_port"
address_mode = "host"
name = "pithos"
check {
type = "tcp"
port = "s3_port"
interval = "60s"
timeout = "5s"
check_restart {
limit = 3
grace = "300s"
ignore_warnings = false
}
}
}
}
}
}
|
