infrastructure/app_deployment/object_storage.hcl
2020-09-12 10:03:48 +02:00

159 lines
3.3 KiB
HCL

job "not_safe_object_storage" {
datacenters = ["dc1"]
type = "service"
constraint {
attribute = "${attr.cpu.arch}"
value = "amd64"
}
group "not_safe_pithos" {
count = 2
task "not_safe_server" {
driver = "docker"
config {
image = "superboum/amd64_pithos:v1"
readonly_rootfs = true
port_map {
s3_port = 8080
}
volumes = [
"secrets/pithos.yaml:/etc/pithos/pithos.yaml"
]
}
resources {
memory = 500
network {
port "s3_port" {
static = "8080"
}
}
}
template {
data = <<EOH
service:
host: '0.0.0.0'
port: 8080
## logging configuration
## ---------------------
logging:
level: info
console: true
files: []
# overrides:
# io.exo.pithos: debug
## global options
## --------------
options:
service-uri: 's3.esir.deuxfleurs.fr'
reporting: true
server-side-encryption: true
multipart-upload: true
masterkey-provisioning: true
masterkey-access: true
default-region: 'FR-RN1'
## keystore configuration
## ----------------------
#
# Keystores associate an access key with
# an organization and secret key.
#
# They may offer provisioning capacities with the
# masterkey. The default provider relies on keys
# being defined inline.
# generate access key: openssl rand -base64 24
# generate secret key: openssl rand -base64 39
# (size is arbitrary)
keystore:
keys:
NHu3glGc0lj5FL5AZPTvgjB20tb9w4Eo:
master: true
tenant: 'pyr@spootnik.org'
secret: 'fpyehmZsimMHeYScjwTUREzvIOICeRZiO01Dck0JIKEifKdwOT3T'
rXNoqKXY45RcxpBOKy8i4H8fqGzlHIZu:
tenant: 'exoscale'
secret: 'qtQlWujN70Ukh9IvIbqIM3Zqos/5aU72hOhLCXblQ0PmfYsGO8lU'
## bucketstore configuration
## -------------------------
#
# The bucketstore is ring global and contains information
# on bucket location and global parameters.
#
# Its primary aim is to hold bucket location and ownership
# information.
#
# The default provider relies on cassandra.
bucketstore:
default-region: 'FR-RN1'
cluster:
- 148.60.11.181
- 148.60.11.183
- 148.60.11.237
keyspace: 'storage'
## regions
## -------
#
# Regions are composed of a metastore and an arbitrary number
# of named storage classes which depend on a blobstore.
#
# The metastore holds metadata for the full region, as well as
# object storage-class placement information.
#
# The default implementation of both metastore and blobstore
# rely on cassandra.
#
regions:
FR-RN1:
metastore:
cluster:
- 148.60.11.181
- 148.60.11.183
- 148.60.11.237
keyspace: 'storage'
storage-classes:
standard:
cluster:
- 148.60.11.181
- 148.60.11.183
- 148.60.11.237
keyspace: 'storage'
max-chunk: '128k'
max-block-chunks: 1024
EOH
destination = "secrets/pithos.yaml"
}
service {
tags = ["pithos"]
port = "s3_port"
address_mode = "host"
name = "pithos"
check {
type = "tcp"
port = "s3_port"
interval = "60s"
timeout = "5s"
check_restart {
limit = 3
grace = "300s"
ignore_warnings = false
}
}
}
}
}
}