2021-05-28 16:00:59 +00:00
|
|
|
# Configuring a real-world Garage deployment
|
|
|
|
|
|
|
|
To run Garage in cluster mode, we recommend having at least 3 nodes.
|
|
|
|
This will allow you to setup Garage for three-way replication of your data,
|
|
|
|
the safest and most available mode avaialble.
|
|
|
|
|
|
|
|
## Generating a TLS Certificate
|
|
|
|
|
|
|
|
You first need to generate TLS certificates to encrypt traffic between Garage nodes
|
|
|
|
(reffered to as RPC traffic).
|
|
|
|
|
|
|
|
To generate your TLS certificates, run on your machine:
|
|
|
|
|
|
|
|
```
|
2021-05-29 19:22:15 +00:00
|
|
|
wget https://git.deuxfleurs.fr/Deuxfleurs/garage/raw/branch/main/genkeys.sh
|
2021-05-28 16:00:59 +00:00
|
|
|
chmod +x genkeys.sh
|
|
|
|
./genkeys.sh
|
|
|
|
```
|
|
|
|
|
|
|
|
It will creates a folder named `pki/` containing the keys that you will used for the cluster.
|
|
|
|
|
|
|
|
## Real-world deployment
|
|
|
|
|
|
|
|
To run a real-world deployment, make sure you the following conditions are met:
|
|
|
|
|
|
|
|
- You have at least three machines with sufficient storage space available
|
|
|
|
|
|
|
|
- Each machine has a public IP address which is reachable by other machines.
|
|
|
|
Running behind a NAT is possible, but having several Garage nodes behind a single NAT
|
|
|
|
is slightly more involved as each will have to have a different RPC port number
|
|
|
|
(the local port number of a node must be the same as the port number exposed publicly
|
|
|
|
by the NAT).
|
|
|
|
|
|
|
|
- Ideally, each machine should have a SSD available in addition to the HDD you are dedicating
|
|
|
|
to Garage. This will allow for faster access to metadata and has the potential
|
|
|
|
to drastically reduce Garage's response times.
|
|
|
|
|
|
|
|
Before deploying garage on your infrastructure, you must inventory your machines.
|
|
|
|
For our example, we will suppose the following infrastructure with IPv6 connectivity:
|
|
|
|
|
|
|
|
| Location | Name | IP Address | Disk Space |
|
|
|
|
|----------|---------|------------|------------|
|
|
|
|
| Paris | Mercury | fc00:1::1 | 1 To |
|
|
|
|
| Paris | Venus | fc00:1::2 | 2 To |
|
|
|
|
| London | Earth | fc00:B::1 | 2 To |
|
|
|
|
| Brussels | Mars | fc00:F::1 | 1.5 To |
|
|
|
|
|
|
|
|
|
|
|
|
On each machine, we will have a similar setup,
|
|
|
|
especially you must consider the following folders/files:
|
|
|
|
|
2021-05-29 19:22:15 +00:00
|
|
|
- `/etc/garage/garage.toml`: Garage daemon's configuration (see below)
|
2021-05-28 16:00:59 +00:00
|
|
|
- `/etc/garage/pki/`: Folder containing Garage certificates, must be generated on your computer and copied on the servers
|
|
|
|
- `/var/lib/garage/meta/`: Folder containing Garage's metadata, put this folder on a SSD if possible
|
|
|
|
- `/var/lib/garage/data/`: Folder containing Garage's data, this folder will grows and must be on a large storage, possibly big HDDs.
|
|
|
|
- `/etc/systemd/system/garage.service`: Service file to start garage at boot automatically (defined below, not required if you use docker)
|
|
|
|
|
2021-05-29 19:22:15 +00:00
|
|
|
A valid `/etc/garage/garage.toml` for our cluster would be:
|
2021-05-28 16:00:59 +00:00
|
|
|
|
|
|
|
```toml
|
|
|
|
metadata_dir = "/var/lib/garage/meta"
|
|
|
|
data_dir = "/var/lib/garage/data"
|
|
|
|
|
|
|
|
replication_mode = "3"
|
|
|
|
|
|
|
|
rpc_bind_addr = "[::]:3901"
|
|
|
|
|
|
|
|
bootstrap_peers = [
|
|
|
|
"[fc00:1::1]:3901",
|
|
|
|
"[fc00:1::2]:3901",
|
|
|
|
"[fc00:B::1]:3901",
|
|
|
|
"[fc00:F::1]:3901",
|
|
|
|
]
|
|
|
|
|
|
|
|
[rpc_tls]
|
|
|
|
ca_cert = "/etc/garage/pki/garage-ca.crt"
|
|
|
|
node_cert = "/etc/garage/pki/garage.crt"
|
|
|
|
node_key = "/etc/garage/pki/garage.key"
|
|
|
|
|
|
|
|
[s3_api]
|
|
|
|
s3_region = "garage"
|
|
|
|
api_bind_addr = "[::]:3900"
|
|
|
|
|
|
|
|
[s3_web]
|
|
|
|
bind_addr = "[::]:3902"
|
|
|
|
root_domain = ".web.garage"
|
|
|
|
index = "index.html"
|
|
|
|
```
|
|
|
|
|
|
|
|
Please make sure to change `bootstrap_peers` to **your** IP addresses!
|
|
|
|
|
|
|
|
Check the [configuration file reference documentation](../reference_manual/configuration.md)
|
|
|
|
to learn more about all available configuration options.
|
|
|
|
|
|
|
|
### For docker users
|
|
|
|
|
|
|
|
On each machine, you can run the daemon with:
|
|
|
|
|
|
|
|
```bash
|
|
|
|
docker run \
|
|
|
|
-d \
|
|
|
|
--name garaged \
|
|
|
|
--restart always \
|
|
|
|
--network host \
|
|
|
|
-v /etc/garage/pki:/etc/garage/pki \
|
2021-05-29 19:22:15 +00:00
|
|
|
-v /etc/garage/garage.toml:/garage/garage.toml \
|
2021-05-28 16:00:59 +00:00
|
|
|
-v /var/lib/garage/meta:/var/lib/garage/meta \
|
|
|
|
-v /var/lib/garage/data:/var/lib/garage/data \
|
|
|
|
lxpz/garage_amd64:v0.3.0
|
|
|
|
```
|
|
|
|
|
|
|
|
It should be restart automatically at each reboot.
|
|
|
|
Please note that we use host networking as otherwise Docker containers
|
|
|
|
can not communicate with IPv6.
|
|
|
|
|
|
|
|
Upgrading between Garage versions should be supported transparently,
|
|
|
|
but please check the relase notes before doing so!
|
|
|
|
To upgrade, simply stop and remove this container and
|
|
|
|
start again the command with a new version of garage.
|
|
|
|
|
|
|
|
### For systemd/raw binary users
|
|
|
|
|
|
|
|
Create a file named `/etc/systemd/system/garage.service`:
|
|
|
|
|
|
|
|
```toml
|
|
|
|
[Unit]
|
|
|
|
Description=Garage Data Store
|
|
|
|
After=network-online.target
|
|
|
|
Wants=network-online.target
|
|
|
|
|
|
|
|
[Service]
|
|
|
|
Environment='RUST_LOG=garage=info' 'RUST_BACKTRACE=1'
|
2021-05-29 19:22:15 +00:00
|
|
|
ExecStart=/usr/local/bin/garage server -c /etc/garage/garage.toml
|
2021-05-28 16:00:59 +00:00
|
|
|
|
|
|
|
[Install]
|
|
|
|
WantedBy=multi-user.target
|
|
|
|
```
|
|
|
|
|
|
|
|
To start the service then automatically enable it at boot:
|
|
|
|
|
|
|
|
```bash
|
|
|
|
sudo systemctl start garage
|
|
|
|
sudo systemctl enable garage
|
|
|
|
```
|
|
|
|
|
|
|
|
To see if the service is running and to browse its logs:
|
|
|
|
|
|
|
|
```bash
|
|
|
|
sudo systemctl status garage
|
|
|
|
sudo journalctl -u garage
|
|
|
|
```
|
|
|
|
|
|
|
|
If you want to modify the service file, do not forget to run `systemctl daemon-reload`
|
|
|
|
to inform `systemd` of your modifications.
|