From d516fe5a3822e5114ae1ca4d45cbc6eb9fad4eec Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Wed, 21 Oct 2020 14:02:05 +0200 Subject: [PATCH] WIP Garage --- src/Technique/Développement/Garage.md | 75 +++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) diff --git a/src/Technique/Développement/Garage.md b/src/Technique/Développement/Garage.md index 49bd4c6..e352758 100644 --- a/src/Technique/Développement/Garage.md +++ b/src/Technique/Développement/Garage.md @@ -2,6 +2,81 @@ Store pile of bytes in your garage. +## Quickstart on an existing deployment + +First, chances are that your garage deployment is secured by TLS. +All your commands must be prefixed with their certificates. +I will define an alias once and for all to ease future commands. +Please adapt the path of the binary and certificates to your installation! + +``` +alias grg="/garage/garage --ca-cert /secrets/garage-ca.crt --client-cert /secrets/garage.crt --client-key /secrets/garage.key" +``` + +Now we can check that everything is going well by checking our cluster status: + +``` +grg status +``` + +Don't forget that `help` command and `--help` subcommands can help you anywhere, the CLI tool is self-documented! Two examples: + +``` +grg help +grg bucket allow --help +``` + +Fine, now let's create a bucket (we imagine that you want to deploy nextcloud): + +``` +grg bucket create nextcloud-bucket +``` + +Check that everything went well: + +``` +grg bucket list +grg bucket info nextcloud-bucket +``` + +Now we will generate an API key to access this bucket. +Note that API keys are independent of buckets: one key can access multiple buckets, multiple keys can access one bucket. + +Now, let's start by creating a key only for our PHP application: + +``` +grg key new --name nextcloud-app-key +``` + +You will have the following output (this one is fake, `key_id` and `secret_key` were generated with openssl CLI tool): + +``` +Key { key_id: "GK3515373e4c851ebaad366558", secret_key: "7d37d093435a41f2aab8f13c19ba067d9776c90215f56614adad6ece597dbb34", name: "nextcloud-app-key", name_timestamp: 1603280506694, deleted: false, authorized_buckets: [] } +``` + +Check that everything works as intended (be careful, info works only with your key identifier and not with its friendly name!): + +``` +grg key list +grg key info GK3515373e4c851ebaad366558 +``` + +Now that we have a bucket and a key, we need to give permissions to the key on the bucket! + +``` +grg bucket allow --read --write nextcloud-bucket --key GK3515373e4c851ebaad366558 +``` + +You can check at any times allowed keys on your bucket with: + +``` +grg bucket info nextcloud-bucket +``` + +Now, let's move to the S3 API! + + + ## Context Data storage is critical: it can lead to data loss if done badly and/or on hardware failure.