aboutsummaryrefslogtreecommitdiff
path: root/cluster/prod/app/garage
diff options
context:
space:
mode:
Diffstat (limited to 'cluster/prod/app/garage')
-rw-r--r--cluster/prod/app/garage/config/garage.toml4
-rw-r--r--cluster/prod/app/garage/deploy/garage.hcl19
-rw-r--r--cluster/prod/app/garage/secrets/garage/admin_token1
-rw-r--r--cluster/prod/app/garage/secrets/garage/metrics_token1
4 files changed, 24 insertions, 1 deletions
diff --git a/cluster/prod/app/garage/config/garage.toml b/cluster/prod/app/garage/config/garage.toml
index a721886..224c755 100644
--- a/cluster/prod/app/garage/config/garage.toml
+++ b/cluster/prod/app/garage/config/garage.toml
@@ -21,4 +21,6 @@ bind_addr = "[::]:3902"
root_domain = ".web.deuxfleurs.fr"
[admin]
-api_bind_addr = "[::1]:3903"
+api_bind_addr = "[::]:3903"
+metrics_token = "{{ key "secrets/garage/metrics_token" | trimSpace }}"
+admin_token = "{{ key "secrets/garage/admin_token" | trimSpace }}"
diff --git a/cluster/prod/app/garage/deploy/garage.hcl b/cluster/prod/app/garage/deploy/garage.hcl
index bbaaec1..5a9c6b5 100644
--- a/cluster/prod/app/garage/deploy/garage.hcl
+++ b/cluster/prod/app/garage/deploy/garage.hcl
@@ -18,6 +18,7 @@ job "garage" {
port "s3" { static = 3900 }
port "rpc" { static = 3901 }
port "web" { static = 3902 }
+ port "admin" { static = 3903 }
}
update {
@@ -125,6 +126,24 @@ job "garage" {
}
}
+ service {
+ port = 3903
+ address_mode = "driver"
+ name = "garage-admin"
+ check {
+ type = "tcp"
+ port = 3903
+ address_mode = "driver"
+ interval = "60s"
+ timeout = "5s"
+ check_restart {
+ limit = 3
+ grace = "90s"
+ ignore_warnings = false
+ }
+ }
+ }
+
restart {
interval = "30m"
attempts = 10
diff --git a/cluster/prod/app/garage/secrets/garage/admin_token b/cluster/prod/app/garage/secrets/garage/admin_token
new file mode 100644
index 0000000..d831d53
--- /dev/null
+++ b/cluster/prod/app/garage/secrets/garage/admin_token
@@ -0,0 +1 @@
+CMD_ONCE openssl rand -hex 32
diff --git a/cluster/prod/app/garage/secrets/garage/metrics_token b/cluster/prod/app/garage/secrets/garage/metrics_token
new file mode 100644
index 0000000..d831d53
--- /dev/null
+++ b/cluster/prod/app/garage/secrets/garage/metrics_token
@@ -0,0 +1 @@
+CMD_ONCE openssl rand -hex 32