Compare commits
No commits in common. "main" and "v0.4.0" have entirely different histories.
428
.drone.yml
|
@ -2,43 +2,83 @@
|
||||||
kind: pipeline
|
kind: pipeline
|
||||||
name: default
|
name: default
|
||||||
|
|
||||||
node:
|
workspace:
|
||||||
nix-daemon: 1
|
base: /drone/garage
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
host:
|
||||||
|
path: /var/lib/drone/nix
|
||||||
|
- name: nix_config
|
||||||
|
temp: {}
|
||||||
|
|
||||||
|
environment:
|
||||||
|
HOME: /drone/garage
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: check formatting
|
- name: setup nix
|
||||||
image: nixpkgs/nix:nixos-22.05
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
commands:
|
commands:
|
||||||
- nix-shell --attr rust --run "cargo fmt -- --check"
|
- cp nix/nix.conf /etc/nix/nix.conf
|
||||||
|
- nix-build --no-build-output --no-out-link shell.nix --arg release false -A inputDerivation
|
||||||
|
|
||||||
|
- name: code quality
|
||||||
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
|
commands:
|
||||||
|
- nix-shell --arg release false --run "cargo fmt -- --check"
|
||||||
|
- nix-shell --arg release false --run "cargo clippy -- --deny warnings"
|
||||||
|
|
||||||
- name: build
|
- name: build
|
||||||
image: nixpkgs/nix:nixos-22.05
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
commands:
|
commands:
|
||||||
- nix-build --no-build-output --attr clippy.amd64 --argstr git_version ${DRONE_TAG:-$DRONE_COMMIT}
|
- nix-build --no-build-output --argstr target x86_64-unknown-linux-musl --arg release false --argstr git_version $DRONE_COMMIT
|
||||||
|
|
||||||
- name: unit + func tests
|
- name: unit tests
|
||||||
image: nixpkgs/nix:nixos-22.05
|
image: nixpkgs/nix:nixos-21.05
|
||||||
environment:
|
volumes:
|
||||||
GARAGE_TEST_INTEGRATION_EXE: result-bin/bin/garage
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
commands:
|
commands:
|
||||||
- nix-build --no-build-output --attr clippy.amd64 --argstr git_version ${DRONE_TAG:-$DRONE_COMMIT}
|
- |
|
||||||
- nix-build --no-build-output --attr test.amd64
|
nix-build \
|
||||||
- ./result/bin/garage_db-*
|
--no-build-output \
|
||||||
- ./result/bin/garage_api-*
|
--argstr target x86_64-unknown-linux-musl \
|
||||||
- ./result/bin/garage_model-*
|
--argstr compileMode test
|
||||||
- ./result/bin/garage_rpc-*
|
- ./result*/bin/garage_api*
|
||||||
- ./result/bin/garage_table-*
|
- ./result*/bin/garage_model*
|
||||||
- ./result/bin/garage_util-*
|
- ./result*/bin/garage_rpc*
|
||||||
- ./result/bin/garage_web-*
|
- ./result*/bin/garage_table*
|
||||||
- ./result/bin/garage-*
|
- ./result*/bin/garage_util*
|
||||||
- ./result/bin/integration-*
|
- ./result*/bin/garage_web*
|
||||||
- rm result
|
- ./result*/bin/garage*
|
||||||
|
|
||||||
- name: integration tests
|
- name: smoke-test
|
||||||
image: nixpkgs/nix:nixos-22.05
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
commands:
|
commands:
|
||||||
- nix-build --no-build-output --attr clippy.amd64 --argstr git_version ${DRONE_TAG:-$DRONE_COMMIT}
|
- nix-build --no-build-output --argstr target x86_64-unknown-linux-musl --arg release false --argstr git_version $DRONE_COMMIT
|
||||||
- nix-shell --attr integration --run ./script/test-smoke.sh || (cat /tmp/garage.log; false)
|
- nix-shell --arg release false --run ./script/test-smoke.sh || (cat /tmp/garage.log; false)
|
||||||
|
|
||||||
trigger:
|
trigger:
|
||||||
event:
|
event:
|
||||||
|
@ -48,39 +88,120 @@ trigger:
|
||||||
- tag
|
- tag
|
||||||
- cron
|
- cron
|
||||||
|
|
||||||
|
node:
|
||||||
|
nix: 1
|
||||||
|
|
||||||
---
|
---
|
||||||
kind: pipeline
|
kind: pipeline
|
||||||
type: docker
|
name: website
|
||||||
name: release-linux-amd64
|
|
||||||
|
|
||||||
node:
|
|
||||||
nix-daemon: 1
|
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: build
|
- name: build
|
||||||
image: nixpkgs/nix:nixos-22.05
|
image: hrektts/mdbook
|
||||||
commands:
|
commands:
|
||||||
- nix-build --no-build-output --attr pkgs.amd64.release --argstr git_version ${DRONE_TAG:-$DRONE_COMMIT}
|
- cd doc/book
|
||||||
- nix-shell --attr rust --run "./script/not-dynamic.sh result-bin/bin/garage"
|
- mdbook build
|
||||||
|
|
||||||
|
- name: upload
|
||||||
|
image: plugins/s3
|
||||||
|
settings:
|
||||||
|
bucket: garagehq.deuxfleurs.fr
|
||||||
|
access_key:
|
||||||
|
from_secret: garagehq_aws_access_key_id
|
||||||
|
secret_key:
|
||||||
|
from_secret: garagehq_aws_secret_access_key
|
||||||
|
source: doc/book/book/**/*
|
||||||
|
strip_prefix: doc/book/book/
|
||||||
|
target: /
|
||||||
|
path_style: true
|
||||||
|
endpoint: https://garage.deuxfleurs.fr
|
||||||
|
region: garage
|
||||||
|
when:
|
||||||
|
event:
|
||||||
|
- push
|
||||||
|
branch:
|
||||||
|
- main
|
||||||
|
repo:
|
||||||
|
- Deuxfleurs/garage
|
||||||
|
|
||||||
|
trigger:
|
||||||
|
event:
|
||||||
|
- custom
|
||||||
|
- push
|
||||||
|
- pull_request
|
||||||
|
|
||||||
|
node:
|
||||||
|
nix: 1
|
||||||
|
|
||||||
|
---
|
||||||
|
kind: pipeline
|
||||||
|
type: docker
|
||||||
|
name: release-linux-x86_64
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
host:
|
||||||
|
path: /var/lib/drone/nix
|
||||||
|
- name: nix_config
|
||||||
|
temp: {}
|
||||||
|
|
||||||
|
environment:
|
||||||
|
TARGET: x86_64-unknown-linux-musl
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: setup nix
|
||||||
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
|
commands:
|
||||||
|
- cp nix/nix.conf /etc/nix/nix.conf
|
||||||
|
- nix-build --no-build-output --no-out-link shell.nix -A inputDerivation
|
||||||
|
|
||||||
|
- name: build
|
||||||
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
|
commands:
|
||||||
|
- nix-build --no-build-output --argstr target $TARGET --arg release true --argstr git_version $DRONE_COMMIT
|
||||||
|
|
||||||
- name: integration
|
- name: integration
|
||||||
image: nixpkgs/nix:nixos-22.05
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
commands:
|
commands:
|
||||||
- nix-shell --attr integration --run ./script/test-smoke.sh || (cat /tmp/garage.log; false)
|
- nix-shell --run ./script/test-smoke.sh || (cat /tmp/garage.log; false)
|
||||||
|
|
||||||
- name: push static binary
|
- name: push static binary
|
||||||
image: nixpkgs/nix:nixos-22.05
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
environment:
|
environment:
|
||||||
AWS_ACCESS_KEY_ID:
|
AWS_ACCESS_KEY_ID:
|
||||||
from_secret: garagehq_aws_access_key_id
|
from_secret: garagehq_aws_access_key_id
|
||||||
AWS_SECRET_ACCESS_KEY:
|
AWS_SECRET_ACCESS_KEY:
|
||||||
from_secret: garagehq_aws_secret_access_key
|
from_secret: garagehq_aws_secret_access_key
|
||||||
TARGET: "x86_64-unknown-linux-musl"
|
|
||||||
commands:
|
commands:
|
||||||
- nix-shell --attr release --run "to_s3"
|
- nix-shell --arg rust false --arg integration false --run "to_s3"
|
||||||
|
|
||||||
- name: docker build and publish
|
- name: docker build and publish
|
||||||
image: nixpkgs/nix:nixos-22.05
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
environment:
|
environment:
|
||||||
DOCKER_AUTH:
|
DOCKER_AUTH:
|
||||||
from_secret: docker_auth
|
from_secret: docker_auth
|
||||||
|
@ -91,7 +212,7 @@ steps:
|
||||||
- mkdir -p /kaniko/.docker
|
- mkdir -p /kaniko/.docker
|
||||||
- echo $DOCKER_AUTH > /kaniko/.docker/config.json
|
- echo $DOCKER_AUTH > /kaniko/.docker/config.json
|
||||||
- export CONTAINER_TAG=${DRONE_TAG:-$DRONE_COMMIT}
|
- export CONTAINER_TAG=${DRONE_TAG:-$DRONE_COMMIT}
|
||||||
- nix-shell --attr release --run "to_docker"
|
- nix-shell --arg rust false --arg integration false --run "to_docker"
|
||||||
|
|
||||||
|
|
||||||
trigger:
|
trigger:
|
||||||
|
@ -99,39 +220,78 @@ trigger:
|
||||||
- promote
|
- promote
|
||||||
- cron
|
- cron
|
||||||
|
|
||||||
|
node:
|
||||||
|
nix: 1
|
||||||
|
|
||||||
---
|
---
|
||||||
kind: pipeline
|
kind: pipeline
|
||||||
type: docker
|
type: docker
|
||||||
name: release-linux-i386
|
name: release-linux-i686
|
||||||
|
|
||||||
node:
|
volumes:
|
||||||
nix-daemon: 1
|
- name: nix_store
|
||||||
|
host:
|
||||||
|
path: /var/lib/drone/nix
|
||||||
|
- name: nix_config
|
||||||
|
temp: {}
|
||||||
|
|
||||||
|
environment:
|
||||||
|
TARGET: i686-unknown-linux-musl
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: build
|
- name: setup nix
|
||||||
image: nixpkgs/nix:nixos-22.05
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
commands:
|
commands:
|
||||||
- nix-build --no-build-output --attr pkgs.i386.release --argstr git_version ${DRONE_TAG:-$DRONE_COMMIT}
|
- cp nix/nix.conf /etc/nix/nix.conf
|
||||||
- nix-shell --attr rust --run "./script/not-dynamic.sh result-bin/bin/garage"
|
- nix-build --no-build-output --no-out-link shell.nix -A inputDerivation
|
||||||
|
|
||||||
|
- name: build
|
||||||
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
|
commands:
|
||||||
|
- nix-build --no-build-output --argstr target $TARGET --arg release true --argstr git_version $DRONE_COMMIT
|
||||||
|
|
||||||
- name: integration
|
- name: integration
|
||||||
image: nixpkgs/nix:nixos-22.05
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
commands:
|
commands:
|
||||||
- nix-shell --attr integration --run ./script/test-smoke.sh || (cat /tmp/garage.log; false)
|
- nix-shell --run ./script/test-smoke.sh || (cat /tmp/garage.log; false)
|
||||||
|
|
||||||
- name: push static binary
|
- name: push static binary
|
||||||
image: nixpkgs/nix:nixos-22.05
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
environment:
|
environment:
|
||||||
AWS_ACCESS_KEY_ID:
|
AWS_ACCESS_KEY_ID:
|
||||||
from_secret: garagehq_aws_access_key_id
|
from_secret: garagehq_aws_access_key_id
|
||||||
AWS_SECRET_ACCESS_KEY:
|
AWS_SECRET_ACCESS_KEY:
|
||||||
from_secret: garagehq_aws_secret_access_key
|
from_secret: garagehq_aws_secret_access_key
|
||||||
TARGET: "i686-unknown-linux-musl"
|
|
||||||
commands:
|
commands:
|
||||||
- nix-shell --attr release --run "to_s3"
|
- nix-shell --arg rust false --arg integration false --run "to_s3"
|
||||||
|
|
||||||
- name: docker build and publish
|
- name: docker build and publish
|
||||||
image: nixpkgs/nix:nixos-22.05
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
environment:
|
environment:
|
||||||
DOCKER_AUTH:
|
DOCKER_AUTH:
|
||||||
from_secret: docker_auth
|
from_secret: docker_auth
|
||||||
|
@ -142,41 +302,75 @@ steps:
|
||||||
- mkdir -p /kaniko/.docker
|
- mkdir -p /kaniko/.docker
|
||||||
- echo $DOCKER_AUTH > /kaniko/.docker/config.json
|
- echo $DOCKER_AUTH > /kaniko/.docker/config.json
|
||||||
- export CONTAINER_TAG=${DRONE_TAG:-$DRONE_COMMIT}
|
- export CONTAINER_TAG=${DRONE_TAG:-$DRONE_COMMIT}
|
||||||
- nix-shell --attr release --run "to_docker"
|
- nix-shell --arg rust false --arg integration false --run "to_docker"
|
||||||
|
|
||||||
trigger:
|
trigger:
|
||||||
event:
|
event:
|
||||||
- promote
|
- promote
|
||||||
- cron
|
- cron
|
||||||
|
|
||||||
|
node:
|
||||||
|
nix: 1
|
||||||
|
|
||||||
---
|
---
|
||||||
kind: pipeline
|
kind: pipeline
|
||||||
type: docker
|
type: docker
|
||||||
name: release-linux-arm64
|
name: release-linux-aarch64
|
||||||
|
|
||||||
node:
|
volumes:
|
||||||
nix-daemon: 1
|
- name: nix_store
|
||||||
|
host:
|
||||||
|
path: /var/lib/drone/nix
|
||||||
|
- name: nix_config
|
||||||
|
temp: {}
|
||||||
|
|
||||||
|
environment:
|
||||||
|
TARGET: aarch64-unknown-linux-musl
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: build
|
- name: setup nix
|
||||||
image: nixpkgs/nix:nixos-22.05
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
commands:
|
commands:
|
||||||
- nix-build --no-build-output --attr pkgs.arm64.release --argstr git_version ${DRONE_TAG:-$DRONE_COMMIT}
|
- cp nix/nix.conf /etc/nix/nix.conf
|
||||||
- nix-shell --attr rust --run "./script/not-dynamic.sh result-bin/bin/garage"
|
- nix-build --no-build-output --no-out-link ./shell.nix --arg rust false --arg integration false -A inputDerivation
|
||||||
|
|
||||||
|
- name: build
|
||||||
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
|
commands:
|
||||||
|
- nix-build --no-build-output --argstr target $TARGET --arg release true --argstr git_version $DRONE_COMMIT
|
||||||
|
|
||||||
- name: push static binary
|
- name: push static binary
|
||||||
image: nixpkgs/nix:nixos-22.05
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
environment:
|
environment:
|
||||||
AWS_ACCESS_KEY_ID:
|
AWS_ACCESS_KEY_ID:
|
||||||
from_secret: garagehq_aws_access_key_id
|
from_secret: garagehq_aws_access_key_id
|
||||||
AWS_SECRET_ACCESS_KEY:
|
AWS_SECRET_ACCESS_KEY:
|
||||||
from_secret: garagehq_aws_secret_access_key
|
from_secret: garagehq_aws_secret_access_key
|
||||||
TARGET: "aarch64-unknown-linux-musl"
|
|
||||||
commands:
|
commands:
|
||||||
- nix-shell --attr release --run "to_s3"
|
- nix-shell --arg rust false --arg integration false --run "to_s3"
|
||||||
|
|
||||||
- name: docker build and publish
|
- name: docker build and publish
|
||||||
image: nixpkgs/nix:nixos-22.05
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
environment:
|
environment:
|
||||||
DOCKER_AUTH:
|
DOCKER_AUTH:
|
||||||
from_secret: docker_auth
|
from_secret: docker_auth
|
||||||
|
@ -187,41 +381,75 @@ steps:
|
||||||
- mkdir -p /kaniko/.docker
|
- mkdir -p /kaniko/.docker
|
||||||
- echo $DOCKER_AUTH > /kaniko/.docker/config.json
|
- echo $DOCKER_AUTH > /kaniko/.docker/config.json
|
||||||
- export CONTAINER_TAG=${DRONE_TAG:-$DRONE_COMMIT}
|
- export CONTAINER_TAG=${DRONE_TAG:-$DRONE_COMMIT}
|
||||||
- nix-shell --attr release --run "to_docker"
|
- nix-shell --arg rust false --arg integration false --run "to_docker"
|
||||||
|
|
||||||
trigger:
|
trigger:
|
||||||
event:
|
event:
|
||||||
- promote
|
- promote
|
||||||
- cron
|
- cron
|
||||||
|
|
||||||
|
node:
|
||||||
|
nix: 1
|
||||||
|
|
||||||
---
|
---
|
||||||
kind: pipeline
|
kind: pipeline
|
||||||
type: docker
|
type: docker
|
||||||
name: release-linux-arm
|
name: release-linux-armv6l
|
||||||
|
|
||||||
node:
|
volumes:
|
||||||
nix-daemon: 1
|
- name: nix_store
|
||||||
|
host:
|
||||||
|
path: /var/lib/drone/nix
|
||||||
|
- name: nix_config
|
||||||
|
temp: {}
|
||||||
|
|
||||||
|
environment:
|
||||||
|
TARGET: armv6l-unknown-linux-musleabihf
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: build
|
- name: setup nix
|
||||||
image: nixpkgs/nix:nixos-22.05
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
commands:
|
commands:
|
||||||
- nix-build --no-build-output --attr pkgs.arm.release --argstr git_version ${DRONE_TAG:-$DRONE_COMMIT}
|
- cp nix/nix.conf /etc/nix/nix.conf
|
||||||
- nix-shell --attr rust --run "./script/not-dynamic.sh result-bin/bin/garage"
|
- nix-build --no-build-output --no-out-link --arg rust false --arg integration false -A inputDerivation
|
||||||
|
|
||||||
|
- name: build
|
||||||
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
|
commands:
|
||||||
|
- nix-build --no-build-output --argstr target $TARGET --arg release true --argstr git_version $DRONE_COMMIT
|
||||||
|
|
||||||
- name: push static binary
|
- name: push static binary
|
||||||
image: nixpkgs/nix:nixos-22.05
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
environment:
|
environment:
|
||||||
AWS_ACCESS_KEY_ID:
|
AWS_ACCESS_KEY_ID:
|
||||||
from_secret: garagehq_aws_access_key_id
|
from_secret: garagehq_aws_access_key_id
|
||||||
AWS_SECRET_ACCESS_KEY:
|
AWS_SECRET_ACCESS_KEY:
|
||||||
from_secret: garagehq_aws_secret_access_key
|
from_secret: garagehq_aws_secret_access_key
|
||||||
TARGET: "armv6l-unknown-linux-musleabihf"
|
|
||||||
commands:
|
commands:
|
||||||
- nix-shell --attr release --run "to_s3"
|
- nix-shell --arg integration false --arg rust false --run "to_s3"
|
||||||
|
|
||||||
- name: docker build and publish
|
- name: docker build and publish
|
||||||
image: nixpkgs/nix:nixos-22.05
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
environment:
|
environment:
|
||||||
DOCKER_AUTH:
|
DOCKER_AUTH:
|
||||||
from_secret: docker_auth
|
from_secret: docker_auth
|
||||||
|
@ -232,35 +460,32 @@ steps:
|
||||||
- mkdir -p /kaniko/.docker
|
- mkdir -p /kaniko/.docker
|
||||||
- echo $DOCKER_AUTH > /kaniko/.docker/config.json
|
- echo $DOCKER_AUTH > /kaniko/.docker/config.json
|
||||||
- export CONTAINER_TAG=${DRONE_TAG:-$DRONE_COMMIT}
|
- export CONTAINER_TAG=${DRONE_TAG:-$DRONE_COMMIT}
|
||||||
- nix-shell --attr release --run "to_docker"
|
- nix-shell --arg rust false --arg integration false --run "to_docker"
|
||||||
|
|
||||||
trigger:
|
trigger:
|
||||||
event:
|
event:
|
||||||
- promote
|
- promote
|
||||||
- cron
|
- cron
|
||||||
|
|
||||||
|
node:
|
||||||
|
nix: 1
|
||||||
|
|
||||||
---
|
---
|
||||||
kind: pipeline
|
kind: pipeline
|
||||||
type: docker
|
type: docker
|
||||||
name: refresh-release-page
|
name: refresh-release-page
|
||||||
|
|
||||||
node:
|
volumes:
|
||||||
nix-daemon: 1
|
- name: nix_store
|
||||||
|
host:
|
||||||
|
path: /var/lib/drone/nix
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: multiarch-docker
|
|
||||||
image: nixpkgs/nix:nixos-22.05
|
|
||||||
environment:
|
|
||||||
DOCKER_AUTH:
|
|
||||||
from_secret: docker_auth
|
|
||||||
HOME: "/root"
|
|
||||||
commands:
|
|
||||||
- mkdir -p /root/.docker
|
|
||||||
- echo $DOCKER_AUTH > /root/.docker/config.json
|
|
||||||
- export CONTAINER_TAG=${DRONE_TAG:-$DRONE_COMMIT}
|
|
||||||
- nix-shell --attr release --run "multiarch_docker"
|
|
||||||
- name: refresh-index
|
- name: refresh-index
|
||||||
image: nixpkgs/nix:nixos-22.05
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
environment:
|
environment:
|
||||||
AWS_ACCESS_KEY_ID:
|
AWS_ACCESS_KEY_ID:
|
||||||
from_secret: garagehq_aws_access_key_id
|
from_secret: garagehq_aws_access_key_id
|
||||||
|
@ -268,21 +493,24 @@ steps:
|
||||||
from_secret: garagehq_aws_secret_access_key
|
from_secret: garagehq_aws_secret_access_key
|
||||||
commands:
|
commands:
|
||||||
- mkdir -p /etc/nix && cp nix/nix.conf /etc/nix/nix.conf
|
- mkdir -p /etc/nix && cp nix/nix.conf /etc/nix/nix.conf
|
||||||
- nix-shell --attr release --run "refresh_index"
|
- nix-shell --arg integration false --arg rust false --run "refresh_index"
|
||||||
|
|
||||||
depends_on:
|
depends_on:
|
||||||
- release-linux-amd64
|
- release-linux-x86_64
|
||||||
- release-linux-i386
|
- release-linux-i686
|
||||||
- release-linux-arm64
|
- release-linux-aarch64
|
||||||
- release-linux-arm
|
- release-linux-armv6l
|
||||||
|
|
||||||
trigger:
|
trigger:
|
||||||
event:
|
event:
|
||||||
- promote
|
- promote
|
||||||
- cron
|
- cron
|
||||||
|
|
||||||
|
node:
|
||||||
|
nix: 1
|
||||||
|
|
||||||
---
|
---
|
||||||
kind: signature
|
kind: signature
|
||||||
hmac: ac09a5a8c82502f67271f93afa1e1e21ce66383b8e24a6deb26b285cc1c378ba
|
hmac: 1c33490cc2902564c4250a409c156683d0d549b8c9d5aee4e46d1bde4e0ccf2c
|
||||||
|
|
||||||
...
|
...
|
||||||
|
|
3258
Cargo.lock
generated
|
@ -1,20 +1,14 @@
|
||||||
[workspace]
|
[workspace]
|
||||||
resolver = "2"
|
|
||||||
members = [
|
members = [
|
||||||
"src/db",
|
|
||||||
"src/util",
|
"src/util",
|
||||||
"src/rpc",
|
"src/rpc",
|
||||||
"src/table",
|
"src/table",
|
||||||
"src/block",
|
|
||||||
"src/model",
|
"src/model",
|
||||||
"src/api",
|
"src/api",
|
||||||
"src/web",
|
"src/web",
|
||||||
"src/garage",
|
"src/garage",
|
||||||
"src/k2v-client",
|
|
||||||
]
|
]
|
||||||
|
|
||||||
default-members = ["src/garage"]
|
|
||||||
|
|
||||||
[profile.dev]
|
[profile.dev]
|
||||||
lto = "off"
|
lto = "off"
|
||||||
|
|
||||||
|
|
|
@ -3,5 +3,5 @@ FROM scratch
|
||||||
ENV RUST_BACKTRACE=1
|
ENV RUST_BACKTRACE=1
|
||||||
ENV RUST_LOG=garage=info
|
ENV RUST_LOG=garage=info
|
||||||
|
|
||||||
COPY result-bin/bin/garage /
|
COPY result/bin/garage /
|
||||||
CMD [ "/garage", "server"]
|
CMD [ "/garage", "server"]
|
||||||
|
|
22
Makefile
|
@ -1,27 +1,13 @@
|
||||||
.PHONY: doc all release shell run1 run2 run3
|
.PHONY: doc all release shell
|
||||||
|
|
||||||
all:
|
all:
|
||||||
clear; cargo build
|
clear; cargo build
|
||||||
|
|
||||||
|
doc:
|
||||||
|
cd doc/book; mdbook build
|
||||||
|
|
||||||
release:
|
release:
|
||||||
nix-build --arg release true
|
nix-build --arg release true
|
||||||
|
|
||||||
shell:
|
shell:
|
||||||
nix-shell
|
nix-shell
|
||||||
|
|
||||||
# ----
|
|
||||||
|
|
||||||
run1:
|
|
||||||
RUST_LOG=garage=debug ./target/debug/garage -c tmp/config1.toml server
|
|
||||||
run1rel:
|
|
||||||
RUST_LOG=garage=debug ./target/release/garage -c tmp/config1.toml server
|
|
||||||
|
|
||||||
run2:
|
|
||||||
RUST_LOG=garage=debug ./target/debug/garage -c tmp/config2.toml server
|
|
||||||
run2rel:
|
|
||||||
RUST_LOG=garage=debug ./target/release/garage -c tmp/config2.toml server
|
|
||||||
|
|
||||||
run3:
|
|
||||||
RUST_LOG=garage=debug ./target/debug/garage -c tmp/config3.toml server
|
|
||||||
run3rel:
|
|
||||||
RUST_LOG=garage=debug ./target/release/garage -c tmp/config3.toml server
|
|
||||||
|
|
38
README.md
|
@ -3,36 +3,24 @@ Garage [![Build Status](https://drone.deuxfleurs.fr/api/badges/Deuxfleurs/garage
|
||||||
|
|
||||||
<p align="center" style="text-align:center;">
|
<p align="center" style="text-align:center;">
|
||||||
<a href="https://garagehq.deuxfleurs.fr">
|
<a href="https://garagehq.deuxfleurs.fr">
|
||||||
<img alt="Garage logo" src="https://garagehq.deuxfleurs.fr/img/logo.svg" height="200" />
|
<img alt="Garage logo" src="doc/logo/garage.png" height="200" />
|
||||||
</a>
|
</a>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<p align="center" style="text-align:center;">
|
Garage is a lightweight S3-compatible distributed object store, with the following goals:
|
||||||
[ <strong><a href="https://garagehq.deuxfleurs.fr/">Website and documentation</a></strong>
|
|
||||||
| <a href="https://garagehq.deuxfleurs.fr/_releases.html">Binary releases</a>
|
|
||||||
| <a href="https://git.deuxfleurs.fr/Deuxfleurs/garage">Git repository</a>
|
|
||||||
| <a href="https://matrix.to/#/%23garage:deuxfleurs.fr">Matrix channel</a>
|
|
||||||
]
|
|
||||||
</p>
|
|
||||||
|
|
||||||
Garage is an S3-compatible distributed object storage service
|
- As self-contained as possible
|
||||||
designed for self-hosting at a small-to-medium scale.
|
- Easy to set up
|
||||||
|
- Highly resilient to network failures, network latency, disk failures, sysadmin failures
|
||||||
|
- Relatively simple
|
||||||
|
- Made for multi-datacenter deployments
|
||||||
|
|
||||||
Garage is designed for storage clusters composed of nodes running
|
Non-goals include:
|
||||||
at different physical locations,
|
|
||||||
in order to easily provide a storage service that replicates data at these different
|
|
||||||
locations and stays available even when some servers are unreachable.
|
|
||||||
Garage also focuses on being lightweight, easy to operate, and highly resilient to
|
|
||||||
machine failures.
|
|
||||||
|
|
||||||
Garage is built by [Deuxfleurs](https://deuxfleurs.fr),
|
- Extremely high performance
|
||||||
an experimental small-scale self hosted service provider,
|
- Complete implementation of the S3 API
|
||||||
which has been using it in production since its first release in 2020.
|
- Erasure coding (our replication model is simply to copy the data as is on several nodes, in different datacenters if possible)
|
||||||
|
|
||||||
Learn more on our dedicated documentation pages:
|
Our main use case is to provide a distributed storage layer for small-scale self hosted services such as [Deuxfleurs](https://deuxfleurs.fr).
|
||||||
|
|
||||||
- [Goals and use cases](https://garagehq.deuxfleurs.fr/documentation/design/goals/)
|
**[Go to the documentation](https://garagehq.deuxfleurs.fr)**
|
||||||
- [Features](https://garagehq.deuxfleurs.fr/documentation/reference-manual/features/)
|
|
||||||
- [Quick start](https://garagehq.deuxfleurs.fr/documentation/quick-start/)
|
|
||||||
|
|
||||||
Garage is entirely free software released under the terms of the AGPLv3.
|
|
||||||
|
|
27
TODO
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
Testing
|
||||||
|
-------
|
||||||
|
|
||||||
|
How are we going to test that our replication method works correctly?
|
||||||
|
We will have to introduce lots of dummy data and then add/remove nodes many times.
|
||||||
|
|
||||||
|
|
||||||
|
Attaining S3 compatibility
|
||||||
|
--------------------------
|
||||||
|
|
||||||
|
- test multipart uploads
|
||||||
|
- get ranges
|
||||||
|
|
||||||
|
- fix sync not working in some cases ? (when starting from empty?)
|
||||||
|
|
||||||
|
- api_server following the S3 semantics for head/get/put/list/delete: verify more that it works as intended
|
||||||
|
- PUT requests: verify content-md5 if provided
|
||||||
|
- possibly other necessary endpoints ?
|
||||||
|
|
||||||
|
|
||||||
|
Lower priority
|
||||||
|
--------------
|
||||||
|
|
||||||
|
- less a priority: hinted handoff
|
||||||
|
- repair: re-propagate block ref table to rc
|
||||||
|
- FIXME in rpc_server when garage shuts down and futures can be interrupted
|
||||||
|
(tokio::spawn should be replaced by a new function background::spawn_joinable)
|
104
default.nix
|
@ -1,62 +1,66 @@
|
||||||
{
|
{
|
||||||
system ? builtins.currentSystem,
|
system ? builtins.currentSystem,
|
||||||
|
release ? false,
|
||||||
|
target ? "x86_64-unknown-linux-musl",
|
||||||
|
compileMode ? null,
|
||||||
git_version ? null,
|
git_version ? null,
|
||||||
}:
|
}:
|
||||||
|
|
||||||
with import ./nix/common.nix;
|
with import ./nix/common.nix;
|
||||||
|
|
||||||
let
|
let
|
||||||
pkgs = import pkgsSrc { };
|
crossSystem = { config = target; };
|
||||||
compile = import ./nix/compile.nix;
|
in let
|
||||||
|
pkgs = import pkgsSrc {
|
||||||
|
inherit system crossSystem;
|
||||||
|
overlays = [ cargo2nixOverlay ];
|
||||||
|
};
|
||||||
|
|
||||||
build_debug_and_release = (target: {
|
/*
|
||||||
debug = (compile {
|
The following complexity should be abstracted by makePackageSet' (note the final quote).
|
||||||
inherit system target git_version pkgsSrc cargo2nixOverlay;
|
However its code uses deprecated features of rust-overlay that can lead to bug.
|
||||||
release = false;
|
Instead, we build our own rustChannel object with the recommended API of rust-overlay.
|
||||||
}).workspace.garage {
|
*/
|
||||||
compileMode = "build";
|
rustChannel = pkgs.rustPlatform.rust;
|
||||||
|
|
||||||
|
overrides = pkgs.buildPackages.rustBuilder.overrides.all ++ [
|
||||||
|
(pkgs.rustBuilder.rustLib.makeOverride {
|
||||||
|
name = "garage";
|
||||||
|
overrideAttrs = drv: if git_version != null then {
|
||||||
|
preConfigure = ''
|
||||||
|
${drv.preConfigure or ""}
|
||||||
|
export GIT_VERSION="${git_version}"
|
||||||
|
'';
|
||||||
|
} else {};
|
||||||
|
})
|
||||||
|
];
|
||||||
|
|
||||||
|
packageFun = import ./Cargo.nix;
|
||||||
|
|
||||||
|
rustPkgs = pkgs.rustBuilder.makePackageSet {
|
||||||
|
inherit packageFun rustChannel release;
|
||||||
|
packageOverrides = overrides;
|
||||||
|
|
||||||
|
buildRustPackages = pkgs.buildPackages.rustBuilder.makePackageSet {
|
||||||
|
inherit rustChannel packageFun;
|
||||||
|
packageOverrides = overrides;
|
||||||
};
|
};
|
||||||
|
|
||||||
release = (compile {
|
localPatterns = [
|
||||||
inherit system target git_version pkgsSrc cargo2nixOverlay;
|
/*
|
||||||
release = true;
|
The way the default rules are written make think we match recursively, on full path, but the rules are misleading.
|
||||||
}).workspace.garage {
|
In fact, the regex is only called on root elements of the crate (and not recursively).
|
||||||
compileMode = "build";
|
This behavior does not work well with our nested modules.
|
||||||
};
|
We tried to build a "deny list" but negative lookup ahead are not supported on Nix.
|
||||||
});
|
As a workaround, we have to register all our submodules in this allow list...
|
||||||
|
*/
|
||||||
|
''^(src|tests)'' # fixed default
|
||||||
|
''.*\.(rs|toml)$'' # fixed default
|
||||||
|
''^(crdt|replication|cli)'' # our crate submodules
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
test = (rustPkgs: pkgs.symlinkJoin {
|
in
|
||||||
name ="garage-tests";
|
if compileMode == "test"
|
||||||
paths = builtins.map (key: rustPkgs.workspace.${key} { compileMode = "test"; }) (builtins.attrNames rustPkgs.workspace);
|
then builtins.mapAttrs (name: value: rustPkgs.workspace.${name} { inherit compileMode; }) rustPkgs.workspace
|
||||||
});
|
else rustPkgs.workspace.garage { inherit compileMode; }
|
||||||
|
|
||||||
in {
|
|
||||||
pkgs = {
|
|
||||||
amd64 = build_debug_and_release "x86_64-unknown-linux-musl";
|
|
||||||
i386 = build_debug_and_release "i686-unknown-linux-musl";
|
|
||||||
arm64 = build_debug_and_release "aarch64-unknown-linux-musl";
|
|
||||||
arm = build_debug_and_release "armv6l-unknown-linux-musleabihf";
|
|
||||||
};
|
|
||||||
test = {
|
|
||||||
amd64 = test (compile {
|
|
||||||
inherit system git_version pkgsSrc cargo2nixOverlay;
|
|
||||||
target = "x86_64-unknown-linux-musl";
|
|
||||||
features = [
|
|
||||||
"garage/bundled-libs"
|
|
||||||
"garage/k2v"
|
|
||||||
"garage/sled"
|
|
||||||
"garage/lmdb"
|
|
||||||
"garage/sqlite"
|
|
||||||
];
|
|
||||||
});
|
|
||||||
};
|
|
||||||
clippy = {
|
|
||||||
amd64 = (compile {
|
|
||||||
inherit system git_version pkgsSrc cargo2nixOverlay;
|
|
||||||
target = "x86_64-unknown-linux-musl";
|
|
||||||
compiler = "clippy";
|
|
||||||
}).workspace.garage {
|
|
||||||
compileMode = "build";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,17 +0,0 @@
|
||||||
# Browse doc
|
|
||||||
|
|
||||||
Run in this directory:
|
|
||||||
|
|
||||||
```
|
|
||||||
python3 -m http.server
|
|
||||||
```
|
|
||||||
|
|
||||||
And open in your browser:
|
|
||||||
- http://localhost:8000/garage-admin-v0.html
|
|
||||||
|
|
||||||
# Validate doc
|
|
||||||
|
|
||||||
```
|
|
||||||
wget https://repo1.maven.org/maven2/org/openapitools/openapi-generator-cli/6.1.0/openapi-generator-cli-6.1.0.jar -O openapi-generator-cli.jar
|
|
||||||
java -jar openapi-generator-cli.jar validate -i garage-admin-v0.yml
|
|
||||||
```
|
|
|
@ -1,59 +0,0 @@
|
||||||
/* montserrat-300 - latin */
|
|
||||||
@font-face {
|
|
||||||
font-family: 'Montserrat';
|
|
||||||
font-style: normal;
|
|
||||||
font-weight: 300;
|
|
||||||
src: local(''),
|
|
||||||
url('../fonts/montserrat-v25-latin-300.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */
|
|
||||||
url('../fonts/montserrat-v25-latin-300.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */
|
|
||||||
}
|
|
||||||
|
|
||||||
/* montserrat-regular - latin */
|
|
||||||
@font-face {
|
|
||||||
font-family: 'Montserrat';
|
|
||||||
font-style: normal;
|
|
||||||
font-weight: 400;
|
|
||||||
src: local(''),
|
|
||||||
url('../fonts/montserrat-v25-latin-regular.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */
|
|
||||||
url('../fonts/montserrat-v25-latin-regular.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */
|
|
||||||
}
|
|
||||||
|
|
||||||
/* montserrat-700 - latin */
|
|
||||||
@font-face {
|
|
||||||
font-family: 'Montserrat';
|
|
||||||
font-style: normal;
|
|
||||||
font-weight: 700;
|
|
||||||
src: local(''),
|
|
||||||
url('../fonts/montserrat-v25-latin-700.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */
|
|
||||||
url('../fonts/montserrat-v25-latin-700.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */
|
|
||||||
}
|
|
||||||
/* roboto-300 - latin */
|
|
||||||
@font-face {
|
|
||||||
font-family: 'Roboto';
|
|
||||||
font-style: normal;
|
|
||||||
font-weight: 300;
|
|
||||||
src: local(''),
|
|
||||||
url('../fonts/roboto-v30-latin-300.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */
|
|
||||||
url('../fonts/roboto-v30-latin-300.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */
|
|
||||||
}
|
|
||||||
|
|
||||||
/* roboto-regular - latin */
|
|
||||||
@font-face {
|
|
||||||
font-family: 'Roboto';
|
|
||||||
font-style: normal;
|
|
||||||
font-weight: 400;
|
|
||||||
src: local(''),
|
|
||||||
url('../fonts/roboto-v30-latin-regular.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */
|
|
||||||
url('../fonts/roboto-v30-latin-regular.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */
|
|
||||||
}
|
|
||||||
|
|
||||||
/* roboto-700 - latin */
|
|
||||||
@font-face {
|
|
||||||
font-family: 'Roboto';
|
|
||||||
font-style: normal;
|
|
||||||
font-weight: 700;
|
|
||||||
src: local(''),
|
|
||||||
url('../fonts/roboto-v30-latin-700.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */
|
|
||||||
url('../fonts/roboto-v30-latin-700.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,24 +0,0 @@
|
||||||
<!DOCTYPE html>
|
|
||||||
<html>
|
|
||||||
<head>
|
|
||||||
<title>Garage Adminstration API v0</title>
|
|
||||||
<!-- needed for adaptive design -->
|
|
||||||
<meta charset="utf-8"/>
|
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
|
||||||
<link href="./css/redoc.css" rel="stylesheet">
|
|
||||||
|
|
||||||
<!--
|
|
||||||
Redoc doesn't change outer page styles
|
|
||||||
-->
|
|
||||||
<style>
|
|
||||||
body {
|
|
||||||
margin: 0;
|
|
||||||
padding: 0;
|
|
||||||
}
|
|
||||||
</style>
|
|
||||||
</head>
|
|
||||||
<body>
|
|
||||||
<redoc spec-url='./garage-admin-v0.yml'></redoc>
|
|
||||||
<script src="./redoc.standalone.js"> </script>
|
|
||||||
</body>
|
|
||||||
</html>
|
|
|
@ -1,3 +0,0 @@
|
||||||
These are the sources for the documentation but not the whole website.
|
|
||||||
The website templates and other things are in garage_website, which
|
|
||||||
uses this as a submodule.
|
|
|
@ -1,5 +0,0 @@
|
||||||
+++
|
|
||||||
template = "documentation.html"
|
|
||||||
page_template = "documentation.html"
|
|
||||||
redirect_to = "documentation/quick-start/"
|
|
||||||
+++
|
|
6
doc/book/book.toml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
[book]
|
||||||
|
authors = ["Quentin Dufour"]
|
||||||
|
language = "en"
|
||||||
|
multilingual = false
|
||||||
|
src = "src"
|
||||||
|
title = "Garage Documentation"
|
|
@ -1,54 +0,0 @@
|
||||||
+++
|
|
||||||
title = "Build your own app"
|
|
||||||
weight = 4
|
|
||||||
sort_by = "weight"
|
|
||||||
template = "documentation.html"
|
|
||||||
+++
|
|
||||||
|
|
||||||
Garage has many API that you can rely on to build complex applications.
|
|
||||||
In this section, we reference the existing SDKs and give some code examples.
|
|
||||||
|
|
||||||
|
|
||||||
## ⚠️ DISCLAIMER
|
|
||||||
|
|
||||||
**K2V AND ADMIN SDK ARE TECHNICAL PREVIEWS**. The following limitations apply:
|
|
||||||
- The API is not complete, some actions are possible only through the `garage` binary
|
|
||||||
- The underlying admin API is not yet stable nor complete, it can breaks at any time
|
|
||||||
- The generator configuration is currently tweaked, the library might break at any time due to a generator change
|
|
||||||
- Because the API and the library are not stable, none of them are published in a package manager (npm, pypi, etc.)
|
|
||||||
- This code has not been extensively tested, some things might not work (please report!)
|
|
||||||
|
|
||||||
To have the best experience possible, please consider:
|
|
||||||
- Make sure that the version of the library you are using is pinned (`go.sum`, `package-lock.json`, `requirements.txt`).
|
|
||||||
- Before upgrading your Garage cluster, make sure that you can find a version of this SDK that works with your targeted version and that you are able to update your own code to work with this new version of the library.
|
|
||||||
- Join our Matrix channel at `#garage:deuxfleurs.fr`, say that you are interested by this SDK, and report any friction.
|
|
||||||
- If stability is critical, mirror this repository on your own infrastructure, regenerate the SDKs and upgrade them at your own pace.
|
|
||||||
|
|
||||||
|
|
||||||
## About the APIs
|
|
||||||
|
|
||||||
Code can interact with Garage through 3 different APIs: S3, K2V, and Admin.
|
|
||||||
Each of them has a specific scope.
|
|
||||||
|
|
||||||
### S3
|
|
||||||
|
|
||||||
De-facto standard, introduced by Amazon, designed to store blobs of data.
|
|
||||||
|
|
||||||
### K2V
|
|
||||||
|
|
||||||
A simple database API similar to RiakKV or DynamoDB.
|
|
||||||
Think a key value store with some additional operations.
|
|
||||||
Its design is inspired by Distributed Hash Tables (DHT).
|
|
||||||
|
|
||||||
More information:
|
|
||||||
- [In the reference manual](@/documentation/reference-manual/k2v.md)
|
|
||||||
|
|
||||||
|
|
||||||
### Administration
|
|
||||||
|
|
||||||
Garage operations can also be automated through a REST API.
|
|
||||||
We are currently building this SDK for [Python](@/documentation/build/python.md#admin-api), [Javascript](@/documentation/build/javascript.md#administration) and [Golang](@/documentation/build/golang.md#administration).
|
|
||||||
|
|
||||||
More information:
|
|
||||||
- [In the reference manual](@/documentation/reference-manual/admin-api.md)
|
|
||||||
- [Full specifiction](https://garagehq.deuxfleurs.fr/api/garage-admin-v0.html)
|
|
|
@ -1,69 +0,0 @@
|
||||||
+++
|
|
||||||
title = "Golang"
|
|
||||||
weight = 30
|
|
||||||
+++
|
|
||||||
|
|
||||||
## S3
|
|
||||||
|
|
||||||
*Coming soon*
|
|
||||||
|
|
||||||
Some refs:
|
|
||||||
- Minio minio-go-sdk
|
|
||||||
- [Reference](https://docs.min.io/docs/golang-client-api-reference.html)
|
|
||||||
|
|
||||||
- Amazon aws-sdk-go-v2
|
|
||||||
- [Installation](https://aws.github.io/aws-sdk-go-v2/docs/getting-started/)
|
|
||||||
- [Reference](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/s3)
|
|
||||||
- [Example](https://aws.github.io/aws-sdk-go-v2/docs/code-examples/s3/putobject/)
|
|
||||||
|
|
||||||
## K2V
|
|
||||||
|
|
||||||
*Coming soon*
|
|
||||||
|
|
||||||
## Administration
|
|
||||||
|
|
||||||
Install the SDK with:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
go get git.deuxfleurs.fr/garage-sdk/garage-admin-sdk-golang
|
|
||||||
```
|
|
||||||
|
|
||||||
A short example:
|
|
||||||
|
|
||||||
```go
|
|
||||||
package main
|
|
||||||
|
|
||||||
import (
|
|
||||||
"context"
|
|
||||||
"fmt"
|
|
||||||
"os"
|
|
||||||
garage "git.deuxfleurs.fr/garage-sdk/garage-admin-sdk-golang"
|
|
||||||
)
|
|
||||||
|
|
||||||
func main() {
|
|
||||||
// Set Host and other parameters
|
|
||||||
configuration := garage.NewConfiguration()
|
|
||||||
configuration.Host = "127.0.0.1:3903"
|
|
||||||
|
|
||||||
|
|
||||||
// We can now generate a client
|
|
||||||
client := garage.NewAPIClient(configuration)
|
|
||||||
|
|
||||||
// Authentication is handled through the context pattern
|
|
||||||
ctx := context.WithValue(context.Background(), garage.ContextAccessToken, "s3cr3t")
|
|
||||||
|
|
||||||
// Send a request
|
|
||||||
resp, r, err := client.NodesApi.GetNodes(ctx).Execute()
|
|
||||||
if err != nil {
|
|
||||||
fmt.Fprintf(os.Stderr, "Error when calling `NodesApi.GetNodes``: %v\n", err)
|
|
||||||
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Process the response
|
|
||||||
fmt.Fprintf(os.Stdout, "Target hostname: %v\n", resp.KnownNodes[resp.Node].Hostname)
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
See also:
|
|
||||||
- [generated doc](https://git.deuxfleurs.fr/garage-sdk/garage-admin-sdk-golang)
|
|
||||||
- [examples](https://git.deuxfleurs.fr/garage-sdk/garage-admin-sdk-generator/src/branch/main/example/golang)
|
|
|
@ -1,55 +0,0 @@
|
||||||
+++
|
|
||||||
title = "Javascript"
|
|
||||||
weight = 10
|
|
||||||
+++
|
|
||||||
|
|
||||||
## S3
|
|
||||||
|
|
||||||
*Coming soon*.
|
|
||||||
|
|
||||||
Some refs:
|
|
||||||
- Minio SDK
|
|
||||||
- [Reference](https://docs.min.io/docs/javascript-client-api-reference.html)
|
|
||||||
|
|
||||||
- Amazon aws-sdk-js
|
|
||||||
- [Installation](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/getting-started.html)
|
|
||||||
- [Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html)
|
|
||||||
- [Example](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/s3-example-creating-buckets.html)
|
|
||||||
|
|
||||||
## K2V
|
|
||||||
|
|
||||||
*Coming soon*
|
|
||||||
|
|
||||||
## Administration
|
|
||||||
|
|
||||||
Install the SDK with:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
npm install --save git+https://git.deuxfleurs.fr/garage-sdk/garage-admin-sdk-js.git
|
|
||||||
```
|
|
||||||
|
|
||||||
A short example:
|
|
||||||
|
|
||||||
```javascript
|
|
||||||
const garage = require('garage_administration_api_v0garage_v0_8_0');
|
|
||||||
|
|
||||||
const api = new garage.ApiClient("http://127.0.0.1:3903/v0");
|
|
||||||
api.authentications['bearerAuth'].accessToken = "s3cr3t";
|
|
||||||
|
|
||||||
const [node, layout, key, bucket] = [
|
|
||||||
new garage.NodesApi(api),
|
|
||||||
new garage.LayoutApi(api),
|
|
||||||
new garage.KeyApi(api),
|
|
||||||
new garage.BucketApi(api),
|
|
||||||
];
|
|
||||||
|
|
||||||
node.getNodes().then((data) => {
|
|
||||||
console.log(`nodes: ${Object.values(data.knownNodes).map(n => n.hostname)}`)
|
|
||||||
}, (error) => {
|
|
||||||
console.error(error);
|
|
||||||
});
|
|
||||||
```
|
|
||||||
|
|
||||||
See also:
|
|
||||||
- [sdk repository](https://git.deuxfleurs.fr/garage-sdk/garage-admin-sdk-js)
|
|
||||||
- [examples](https://git.deuxfleurs.fr/garage-sdk/garage-admin-sdk-generator/src/branch/main/example/javascript)
|
|
|
@ -1,49 +0,0 @@
|
||||||
+++
|
|
||||||
title = "Others"
|
|
||||||
weight = 99
|
|
||||||
+++
|
|
||||||
|
|
||||||
## S3
|
|
||||||
|
|
||||||
If you are developping a new application, you may want to use Garage to store your user's media.
|
|
||||||
|
|
||||||
The S3 API that Garage uses is a standard REST API, so as long as you can make HTTP requests,
|
|
||||||
you can query it. You can check the [S3 REST API Reference](https://docs.aws.amazon.com/AmazonS3/latest/API/API_Operations_Amazon_Simple_Storage_Service.html) from Amazon to learn more.
|
|
||||||
|
|
||||||
Developping your own wrapper around the REST API is time consuming and complicated.
|
|
||||||
Instead, there are some libraries already avalaible.
|
|
||||||
|
|
||||||
Some of them are maintained by Amazon, some by Minio, others by the community.
|
|
||||||
|
|
||||||
### PHP
|
|
||||||
|
|
||||||
- Amazon aws-sdk-php
|
|
||||||
- [Installation](https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/getting-started_installation.html)
|
|
||||||
- [Reference](https://docs.aws.amazon.com/aws-sdk-php/v3/api/api-s3-2006-03-01.html)
|
|
||||||
- [Example](https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/s3-examples-creating-buckets.html)
|
|
||||||
|
|
||||||
### Java
|
|
||||||
|
|
||||||
- Minio SDK
|
|
||||||
- [Reference](https://docs.min.io/docs/java-client-api-reference.html)
|
|
||||||
|
|
||||||
- Amazon aws-sdk-java
|
|
||||||
- [Installation](https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html)
|
|
||||||
- [Reference](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/s3/S3Client.html)
|
|
||||||
- [Example](https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/examples-s3-objects.html)
|
|
||||||
|
|
||||||
### .NET
|
|
||||||
|
|
||||||
- Minio SDK
|
|
||||||
- [Reference](https://docs.min.io/docs/dotnet-client-api-reference.html)
|
|
||||||
|
|
||||||
- Amazon aws-dotnet-sdk
|
|
||||||
|
|
||||||
### C++
|
|
||||||
|
|
||||||
- Amazon aws-cpp-sdk
|
|
||||||
|
|
||||||
### Haskell
|
|
||||||
|
|
||||||
- Minio SDK
|
|
||||||
- [Reference](https://docs.min.io/docs/haskell-client-api-reference.html)
|
|
|
@ -1,138 +0,0 @@
|
||||||
+++
|
|
||||||
title = "Python"
|
|
||||||
weight = 20
|
|
||||||
+++
|
|
||||||
|
|
||||||
## S3
|
|
||||||
|
|
||||||
### Using Minio SDK
|
|
||||||
|
|
||||||
First install the SDK:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
pip3 install minio
|
|
||||||
```
|
|
||||||
|
|
||||||
Then instantiate a client object using garage root domain, api key and secret:
|
|
||||||
|
|
||||||
```python
|
|
||||||
import minio
|
|
||||||
|
|
||||||
client = minio.Minio(
|
|
||||||
"your.domain.tld",
|
|
||||||
"GKyourapikey",
|
|
||||||
"abcd[...]1234",
|
|
||||||
# Force the region, this is specific to garage
|
|
||||||
region="region",
|
|
||||||
)
|
|
||||||
```
|
|
||||||
|
|
||||||
Then use all the standard S3 endpoints as implemented by the Minio SDK:
|
|
||||||
|
|
||||||
```
|
|
||||||
# List buckets
|
|
||||||
print(client.list_buckets())
|
|
||||||
|
|
||||||
# Put an object containing 'content' to /path in bucket named 'bucket':
|
|
||||||
content = b"content"
|
|
||||||
client.put_object(
|
|
||||||
"bucket",
|
|
||||||
"path",
|
|
||||||
io.BytesIO(content),
|
|
||||||
len(content),
|
|
||||||
)
|
|
||||||
|
|
||||||
# Read the object back and check contents
|
|
||||||
data = client.get_object("bucket", "path").read()
|
|
||||||
assert data == content
|
|
||||||
```
|
|
||||||
|
|
||||||
For further documentation, see the Minio SDK
|
|
||||||
[Reference](https://docs.min.io/docs/python-client-api-reference.html)
|
|
||||||
|
|
||||||
### Using Amazon boto3
|
|
||||||
|
|
||||||
*Coming soon*
|
|
||||||
|
|
||||||
See the official documentation:
|
|
||||||
- [Installation](https://boto3.amazonaws.com/v1/documentation/api/latest/guide/quickstart.html)
|
|
||||||
- [Reference](https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/s3.html)
|
|
||||||
- [Example](https://boto3.amazonaws.com/v1/documentation/api/latest/guide/s3-uploading-files.html)
|
|
||||||
|
|
||||||
## K2V
|
|
||||||
|
|
||||||
*Coming soon*
|
|
||||||
|
|
||||||
## Admin API
|
|
||||||
|
|
||||||
You need at least Python 3.6, pip, and setuptools.
|
|
||||||
Because the python package is in a subfolder, the command is a bit more complicated than usual:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
pip3 install --user 'git+https://git.deuxfleurs.fr/garage-sdk/garage-admin-sdk-python'
|
|
||||||
```
|
|
||||||
|
|
||||||
Now, let imagine you have a fresh Garage instance running on localhost, with the admin API configured on port 3903 with the bearer `s3cr3t`:
|
|
||||||
|
|
||||||
```python
|
|
||||||
import garage_admin_sdk
|
|
||||||
from garage_admin_sdk.apis import *
|
|
||||||
from garage_admin_sdk.models import *
|
|
||||||
|
|
||||||
configuration = garage_admin_sdk.Configuration(
|
|
||||||
host = "http://localhost:3903/v0",
|
|
||||||
access_token = "s3cr3t"
|
|
||||||
)
|
|
||||||
|
|
||||||
# Init APIs
|
|
||||||
api = garage_admin_sdk.ApiClient(configuration)
|
|
||||||
nodes, layout, keys, buckets = NodesApi(api), LayoutApi(api), KeyApi(api), BucketApi(api)
|
|
||||||
|
|
||||||
# Display some info on the node
|
|
||||||
status = nodes.get_nodes()
|
|
||||||
print(f"running garage {status.garage_version}, node_id {status.node}")
|
|
||||||
|
|
||||||
# Change layout of this node
|
|
||||||
current = layout.get_layout()
|
|
||||||
layout.add_layout({
|
|
||||||
status.node: NodeClusterInfo(
|
|
||||||
zone = "dc1",
|
|
||||||
capacity = 1,
|
|
||||||
tags = [ "dev" ],
|
|
||||||
)
|
|
||||||
})
|
|
||||||
layout.apply_layout(LayoutVersion(
|
|
||||||
version = current.version + 1
|
|
||||||
))
|
|
||||||
|
|
||||||
# Create key, allow it to create buckets
|
|
||||||
kinfo = keys.add_key(AddKeyRequest(name="openapi"))
|
|
||||||
|
|
||||||
allow_create = UpdateKeyRequestAllow(create_bucket=True)
|
|
||||||
keys.update_key(kinfo.access_key_id, UpdateKeyRequest(allow=allow_create))
|
|
||||||
|
|
||||||
# Create a bucket, allow key, set quotas
|
|
||||||
binfo = buckets.create_bucket(CreateBucketRequest(global_alias="documentation"))
|
|
||||||
binfo = buckets.allow_bucket_key(AllowBucketKeyRequest(
|
|
||||||
bucket_id=binfo.id,
|
|
||||||
access_key_id=kinfo.access_key_id,
|
|
||||||
permissions=AllowBucketKeyRequestPermissions(read=True, write=True, owner=True),
|
|
||||||
))
|
|
||||||
binfo = buckets.update_bucket(binfo.id, UpdateBucketRequest(
|
|
||||||
quotas=UpdateBucketRequestQuotas(max_size=19029801,max_objects=1500)))
|
|
||||||
|
|
||||||
# Display key
|
|
||||||
print(f"""
|
|
||||||
cluster ready
|
|
||||||
key id is {kinfo.access_key_id}
|
|
||||||
secret key is {kinfo.secret_access_key}
|
|
||||||
bucket {binfo.global_aliases[0]} contains {binfo.objects}/{binfo.quotas.max_objects} objects
|
|
||||||
""")
|
|
||||||
```
|
|
||||||
|
|
||||||
*This example is named `short.py` in the example folder. Other python examples are also available.*
|
|
||||||
|
|
||||||
See also:
|
|
||||||
- [sdk repo](https://git.deuxfleurs.fr/garage-sdk/garage-admin-sdk-python)
|
|
||||||
- [examples](https://git.deuxfleurs.fr/garage-sdk/garage-admin-sdk-generator/src/branch/main/example/python)
|
|
||||||
|
|
|
@ -1,47 +0,0 @@
|
||||||
+++
|
|
||||||
title = "Rust"
|
|
||||||
weight = 40
|
|
||||||
+++
|
|
||||||
|
|
||||||
## S3
|
|
||||||
|
|
||||||
*Coming soon*
|
|
||||||
|
|
||||||
Some refs:
|
|
||||||
- Amazon aws-rust-sdk
|
|
||||||
- [Github](https://github.com/awslabs/aws-sdk-rust)
|
|
||||||
|
|
||||||
## K2V
|
|
||||||
|
|
||||||
*Coming soon*
|
|
||||||
|
|
||||||
Some refs: https://git.deuxfleurs.fr/Deuxfleurs/garage/src/branch/main/src/k2v-client
|
|
||||||
|
|
||||||
```bash
|
|
||||||
# all these values can be provided on the cli instead
|
|
||||||
export AWS_ACCESS_KEY_ID=GK123456
|
|
||||||
export AWS_SECRET_ACCESS_KEY=0123..789
|
|
||||||
export AWS_REGION=garage
|
|
||||||
export K2V_ENDPOINT=http://172.30.2.1:3903
|
|
||||||
export K2V_BUCKET=my-bucket
|
|
||||||
|
|
||||||
cargo run --features=cli -- read-range my-partition-key --all
|
|
||||||
|
|
||||||
cargo run --features=cli -- insert my-partition-key my-sort-key --text "my string1"
|
|
||||||
cargo run --features=cli -- insert my-partition-key my-sort-key --text "my string2"
|
|
||||||
cargo run --features=cli -- insert my-partition-key my-sort-key2 --text "my string"
|
|
||||||
|
|
||||||
cargo run --features=cli -- read-range my-partition-key --all
|
|
||||||
|
|
||||||
causality=$(cargo run --features=cli -- read my-partition-key my-sort-key2 -b | head -n1)
|
|
||||||
cargo run --features=cli -- delete my-partition-key my-sort-key2 -c $causality
|
|
||||||
|
|
||||||
causality=$(cargo run --features=cli -- read my-partition-key my-sort-key -b | head -n1)
|
|
||||||
cargo run --features=cli -- insert my-partition-key my-sort-key --text "my string3" -c $causality
|
|
||||||
|
|
||||||
cargo run --features=cli -- read-range my-partition-key --all
|
|
||||||
```
|
|
||||||
|
|
||||||
## Admin API
|
|
||||||
|
|
||||||
*Coming soon*
|
|
|
@ -1,128 +0,0 @@
|
||||||
+++
|
|
||||||
title = "Backups (restic, duplicity...)"
|
|
||||||
weight = 25
|
|
||||||
+++
|
|
||||||
|
|
||||||
|
|
||||||
Backups are essential for disaster recovery but they are not trivial to manage.
|
|
||||||
Using Garage as your backup target will enable you to scale your storage as needed while ensuring high availability.
|
|
||||||
|
|
||||||
## Borg Backup
|
|
||||||
|
|
||||||
Borg Backup is very popular among the backup tools but it is not yet compatible with the S3 API.
|
|
||||||
We recommend using any other tool listed in this guide because they are all compatible with the S3 API.
|
|
||||||
If you still want to use Borg, you can use it with `rclone mount`.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## Restic
|
|
||||||
|
|
||||||
Create your key and bucket:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
garage key new my-key
|
|
||||||
garage bucket create backup
|
|
||||||
garage bucket allow backup --read --write --key my-key
|
|
||||||
```
|
|
||||||
|
|
||||||
Then register your Key ID and Secret key in your environment:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
export AWS_ACCESS_KEY_ID=GKxxx
|
|
||||||
export AWS_SECRET_ACCESS_KEY=xxxx
|
|
||||||
```
|
|
||||||
|
|
||||||
Configure restic from environment too:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
export RESTIC_REPOSITORY="s3:http://localhost:3900/backups"
|
|
||||||
|
|
||||||
echo "Generated password (save it safely): $(openssl rand -base64 32)"
|
|
||||||
export RESTIC_PASSWORD=xxx # copy paste your generated password here
|
|
||||||
```
|
|
||||||
|
|
||||||
Do not forget to save your password safely (in your password manager or print it). It will be needed to decrypt your backups.
|
|
||||||
|
|
||||||
Now you can use restic:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
# Initialize the bucket, must be run once
|
|
||||||
restic init
|
|
||||||
|
|
||||||
# Backup your PostgreSQL database
|
|
||||||
# (We suppose your PostgreSQL daemon is stopped for all commands)
|
|
||||||
restic backup /var/lib/postgresql
|
|
||||||
|
|
||||||
# Show backup history
|
|
||||||
restic snapshots
|
|
||||||
|
|
||||||
# Backup again your PostgreSQL database, it will be faster as only changes will be uploaded
|
|
||||||
restic backup /var/lib/postgresql
|
|
||||||
|
|
||||||
# Show backup history (again)
|
|
||||||
restic snapshots
|
|
||||||
|
|
||||||
# Restore a backup
|
|
||||||
# (79766175 is the ID of the snapshot you want to restore)
|
|
||||||
mv /var/lib/postgresql /var/lib/postgresql.broken
|
|
||||||
restic restore 79766175 --target /var/lib/postgresql
|
|
||||||
```
|
|
||||||
|
|
||||||
Restic has way more features than the ones presented here.
|
|
||||||
You can discover all of them by accessing its documentation from the link below.
|
|
||||||
|
|
||||||
|
|
||||||
*External links:* [Restic Documentation > Amazon S3](https://restic.readthedocs.io/en/stable/030_preparing_a_new_repo.html#amazon-s3)
|
|
||||||
|
|
||||||
## Duplicity
|
|
||||||
|
|
||||||
*External links:* [Duplicity > man](https://duplicity.gitlab.io/duplicity-web/vers8/duplicity.1.html) (scroll to "URL Format" and "A note on Amazon S3")
|
|
||||||
|
|
||||||
## Duplicati
|
|
||||||
|
|
||||||
*External links:* [Duplicati Documentation > Storage Providers](https://duplicati.readthedocs.io/en/latest/05-storage-providers/#s3-compatible)
|
|
||||||
|
|
||||||
The following fields need to be specified:
|
|
||||||
```
|
|
||||||
Storage Type: S3 Compatible
|
|
||||||
Use SSL: [ ] # Only if you have SSL
|
|
||||||
Server: Custom server url (s3.garage.localhost:3900)
|
|
||||||
Bucket name: bucket-name
|
|
||||||
Bucket create region: Custom region value (garage) # Or as you've specified in garage.toml
|
|
||||||
AWS Access ID: Key ID from "garage key info key-name"
|
|
||||||
AWS Access Key: Secret key from "garage key info key-name"
|
|
||||||
Client Library to use: Minio SDK
|
|
||||||
```
|
|
||||||
|
|
||||||
Click `Test connection` and then no when asked `The bucket name should start with your username, prepend automatically?`. Then it should say `Connection worked!`.
|
|
||||||
|
|
||||||
|
|
||||||
## knoxite
|
|
||||||
|
|
||||||
*External links:* [Knoxite Documentation > Storage Backends](https://knoxite.com/docs/storage-backends/#amazon-s3)
|
|
||||||
|
|
||||||
## kopia
|
|
||||||
|
|
||||||
*External links:* [Kopia Documentation > Repositories](https://kopia.io/docs/repositories/#amazon-s3)
|
|
||||||
|
|
||||||
To create the Kopia repository, you need to specify the region, the HTTP(S) endpoint, the bucket name and the access keys.
|
|
||||||
For instance, if you have an instance of garage running on `https://garage.example.com`:
|
|
||||||
|
|
||||||
```
|
|
||||||
kopia repository create s3 --region=garage --bucket=mybackups --access-key=KEY_ID --secret-access-key=SECRET_KEY --endpoint=garage.example.com
|
|
||||||
```
|
|
||||||
|
|
||||||
Or if you have an instance running on localhost, without TLS:
|
|
||||||
|
|
||||||
```
|
|
||||||
kopia repository create s3 --region=garage --bucket=mybackups --access-key=KEY_ID --secret-access-key=SECRET_KEY --endpoint=localhost:3900 --disable-tls
|
|
||||||
```
|
|
||||||
|
|
||||||
After the repository has been created, check that everything works as expected:
|
|
||||||
|
|
||||||
```
|
|
||||||
kopia repository validate-provider
|
|
||||||
```
|
|
||||||
|
|
||||||
You can then run all the standard kopia commands: `kopia snapshot create`, `kopia mount`...
|
|
||||||
Everything should work out-of-the-box.
|
|
|
@ -1,340 +0,0 @@
|
||||||
+++
|
|
||||||
title = "Browsing tools"
|
|
||||||
weight = 20
|
|
||||||
+++
|
|
||||||
|
|
||||||
Browsing tools allow you to query the S3 API without too many abstractions.
|
|
||||||
These tools are particularly suitable for debug, backups, website deployments or any scripted task that need to handle data.
|
|
||||||
|
|
||||||
| Name | Status | Note |
|
|
||||||
|------|--------|------|
|
|
||||||
| [Minio client](#minio-client) | ✅ | Recommended |
|
|
||||||
| [AWS CLI](#aws-cli) | ✅ | Recommended |
|
|
||||||
| [rclone](#rclone) | ✅ | |
|
|
||||||
| [s3cmd](#s3cmd) | ✅ | |
|
|
||||||
| [(Cyber)duck](#cyberduck) | ✅ | |
|
|
||||||
| [WinSCP (libs3)](#winscp) | ✅ | CLI instructions only |
|
|
||||||
| [sftpgo](#sftpgo) | ✅ | |
|
|
||||||
|
|
||||||
|
|
||||||
## Minio client
|
|
||||||
|
|
||||||
Use the following command to set an "alias", i.e. define a new S3 server to be
|
|
||||||
used by the Minio client:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
mc alias set \
|
|
||||||
garage \
|
|
||||||
<endpoint> \
|
|
||||||
<access key> \
|
|
||||||
<secret key> \
|
|
||||||
--api S3v4
|
|
||||||
```
|
|
||||||
|
|
||||||
Remember that `mc` is sometimes called `mcli` (such as on Arch Linux), to avoid conflicts
|
|
||||||
with Midnight Commander.
|
|
||||||
|
|
||||||
Some commands:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
# list buckets
|
|
||||||
mc ls garage/
|
|
||||||
|
|
||||||
# list objets in a bucket
|
|
||||||
mc ls garage/my_files
|
|
||||||
|
|
||||||
# copy from your filesystem to garage
|
|
||||||
mc cp /proc/cpuinfo garage/my_files/cpuinfo.txt
|
|
||||||
|
|
||||||
# copy from garage to your filesystem
|
|
||||||
mc cp garage/my_files/cpuinfo.txt /tmp/cpuinfo.txt
|
|
||||||
|
|
||||||
# mirror a folder from your filesystem to garage
|
|
||||||
mc mirror --overwrite ./book garage/garagehq.deuxfleurs.fr
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
||||||
## AWS CLI
|
|
||||||
|
|
||||||
Create a file named `~/.aws/credentials` and put:
|
|
||||||
|
|
||||||
```toml
|
|
||||||
[default]
|
|
||||||
aws_access_key_id=xxxx
|
|
||||||
aws_secret_access_key=xxxx
|
|
||||||
```
|
|
||||||
|
|
||||||
Then a file named `~/.aws/config` and put:
|
|
||||||
|
|
||||||
```toml
|
|
||||||
[default]
|
|
||||||
region=garage
|
|
||||||
```
|
|
||||||
|
|
||||||
Now, supposing Garage is listening on `http://127.0.0.1:3900`, you can list your buckets with:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
aws --endpoint-url http://127.0.0.1:3900 s3 ls
|
|
||||||
```
|
|
||||||
|
|
||||||
Passing the `--endpoint-url` parameter to each command is annoying but AWS developers do not provide a corresponding configuration entry.
|
|
||||||
As a workaround, you can redefine the aws command by editing the file `~/.bashrc`:
|
|
||||||
|
|
||||||
```
|
|
||||||
function aws { command aws --endpoint-url http://127.0.0.1:3900 $@ ; }
|
|
||||||
```
|
|
||||||
|
|
||||||
*Do not forget to run `source ~/.bashrc` or to start a new terminal before running the next commands.*
|
|
||||||
|
|
||||||
Now you can simply run:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
# list buckets
|
|
||||||
aws s3 ls
|
|
||||||
|
|
||||||
# list objects of a bucket
|
|
||||||
aws s3 ls s3://my_files
|
|
||||||
|
|
||||||
# copy from your filesystem to garage
|
|
||||||
aws s3 cp /proc/cpuinfo s3://my_files/cpuinfo.txt
|
|
||||||
|
|
||||||
# copy from garage to your filesystem
|
|
||||||
aws s3 cp s3/my_files/cpuinfo.txt /tmp/cpuinfo.txt
|
|
||||||
```
|
|
||||||
|
|
||||||
## `rclone`
|
|
||||||
|
|
||||||
`rclone` can be configured using the interactive assistant invoked using `rclone config`.
|
|
||||||
|
|
||||||
You can also configure `rclone` by writing directly its configuration file.
|
|
||||||
Here is a template `rclone.ini` configuration file (mine is located at `~/.config/rclone/rclone.conf`):
|
|
||||||
|
|
||||||
```ini
|
|
||||||
[garage]
|
|
||||||
type = s3
|
|
||||||
provider = Other
|
|
||||||
env_auth = false
|
|
||||||
access_key_id = <access key>
|
|
||||||
secret_access_key = <secret key>
|
|
||||||
region = <region>
|
|
||||||
endpoint = <endpoint>
|
|
||||||
force_path_style = true
|
|
||||||
acl = private
|
|
||||||
bucket_acl = private
|
|
||||||
```
|
|
||||||
|
|
||||||
Now you can run:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
# list buckets
|
|
||||||
rclone lsd garage:
|
|
||||||
|
|
||||||
# list objects of a bucket aggregated in directories
|
|
||||||
rclone lsd garage:my-bucket
|
|
||||||
|
|
||||||
# copy from your filesystem to garage
|
|
||||||
echo hello world > /tmp/hello.txt
|
|
||||||
rclone copy /tmp/hello.txt garage:my-bucket/
|
|
||||||
|
|
||||||
# copy from garage to your filesystem
|
|
||||||
rclone copy garage:quentin.divers/hello.txt .
|
|
||||||
|
|
||||||
# see all available subcommands
|
|
||||||
rclone help
|
|
||||||
```
|
|
||||||
|
|
||||||
**Advice with rclone:** use the `--fast-list` option when accessing buckets with large amounts of objects.
|
|
||||||
This will tremendously accelerate operations such as `rclone sync` or `rclone ncdu` by reducing the number
|
|
||||||
of ListObjects calls that are made.
|
|
||||||
|
|
||||||
|
|
||||||
## `s3cmd`
|
|
||||||
|
|
||||||
Here is a template for the `s3cmd.cfg` file to talk with Garage:
|
|
||||||
|
|
||||||
```ini
|
|
||||||
[default]
|
|
||||||
access_key = <access key>
|
|
||||||
secret_key = <secret key>
|
|
||||||
host_base = <endpoint without http(s)://>
|
|
||||||
host_bucket = <same as host_base>
|
|
||||||
use_https = <False or True>
|
|
||||||
```
|
|
||||||
|
|
||||||
And use it as follow:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
# List buckets
|
|
||||||
s3cmd ls
|
|
||||||
|
|
||||||
# s3cmd objects inside a bucket
|
|
||||||
s3cmd ls s3://my-bucket
|
|
||||||
|
|
||||||
# copy from your filesystem to garage
|
|
||||||
echo hello world > /tmp/hello.txt
|
|
||||||
s3cmd put /tmp/hello.txt s3://my-bucket/
|
|
||||||
|
|
||||||
# copy from garage to your filesystem
|
|
||||||
s3cmd get s3://my-bucket/hello.txt hello.txt
|
|
||||||
```
|
|
||||||
|
|
||||||
## Cyberduck & duck {#cyberduck}
|
|
||||||
|
|
||||||
Both Cyberduck (the GUI) and duck (the CLI) have a concept of "Connection Profiles" that contain some presets for a specific provider.
|
|
||||||
We wrote the following connection profile for Garage:
|
|
||||||
|
|
||||||
```xml
|
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
|
||||||
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
|
||||||
<plist version="1.0">
|
|
||||||
<dict>
|
|
||||||
<key>Protocol</key>
|
|
||||||
<string>s3</string>
|
|
||||||
<key>Vendor</key>
|
|
||||||
<string>garage</string>
|
|
||||||
<key>Scheme</key>
|
|
||||||
<string>https</string>
|
|
||||||
<key>Description</key>
|
|
||||||
<string>GarageS3</string>
|
|
||||||
<key>Default Hostname</key>
|
|
||||||
<string>127.0.0.1</string>
|
|
||||||
<key>Default Port</key>
|
|
||||||
<string>4443</string>
|
|
||||||
<key>Hostname Configurable</key>
|
|
||||||
<false/>
|
|
||||||
<key>Port Configurable</key>
|
|
||||||
<false/>
|
|
||||||
<key>Username Configurable</key>
|
|
||||||
<true/>
|
|
||||||
<key>Username Placeholder</key>
|
|
||||||
<string>Access Key ID (GK...)</string>
|
|
||||||
<key>Password Placeholder</key>
|
|
||||||
<string>Secret Key</string>
|
|
||||||
<key>Properties</key>
|
|
||||||
<array>
|
|
||||||
<string>s3service.disable-dns-buckets=true</string>
|
|
||||||
</array>
|
|
||||||
<key>Region</key>
|
|
||||||
<string>garage</string>
|
|
||||||
<key>Regions</key>
|
|
||||||
<array>
|
|
||||||
<string>garage</string>
|
|
||||||
</array>
|
|
||||||
</dict>
|
|
||||||
</plist>
|
|
||||||
```
|
|
||||||
|
|
||||||
*Note: If your garage instance is configured with vhost access style, you can remove `s3service.disable-dns-buckets=true`.*
|
|
||||||
|
|
||||||
### Instructions for the GUI
|
|
||||||
|
|
||||||
Copy the connection profile, and save it anywhere as `garage.cyberduckprofile`.
|
|
||||||
Then find this file with your file explorer and double click on it: Cyberduck will open a connection wizard for this profile.
|
|
||||||
Simply follow the wizard and you should be done!
|
|
||||||
|
|
||||||
### Instuctions for the CLI
|
|
||||||
|
|
||||||
To configure duck (Cyberduck's CLI tool), start by creating its folder hierarchy:
|
|
||||||
|
|
||||||
```
|
|
||||||
mkdir -p ~/.duck/profiles/
|
|
||||||
```
|
|
||||||
|
|
||||||
Then, save the connection profile for Garage in `~/.duck/profiles/garage.cyberduckprofile`.
|
|
||||||
To set your credentials in `~/.duck/credentials`, use the following commands to generate the appropriate string:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
export AWS_ACCESS_KEY_ID="GK..."
|
|
||||||
export AWS_SECRET_ACCESS_KEY="..."
|
|
||||||
export HOST="s3.garage.localhost"
|
|
||||||
export PORT="4443"
|
|
||||||
export PROTOCOL="https"
|
|
||||||
|
|
||||||
cat > ~/.duck/credentials <<EOF
|
|
||||||
$PROTOCOL\://$AWS_ACCESS_KEY_ID@$HOST\:$PORT=$AWS_SECRET_ACCESS_KEY
|
|
||||||
EOF
|
|
||||||
```
|
|
||||||
|
|
||||||
And finally, I recommend appending a small wrapper to your `~/.bashrc` to avoid setting the username on each command (do not forget to replace `GK...` by your access key):
|
|
||||||
|
|
||||||
```bash
|
|
||||||
function duck { command duck --username GK... $@ ; }
|
|
||||||
```
|
|
||||||
|
|
||||||
Finally, you can then use `duck` as follow:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
# List buckets
|
|
||||||
duck --list garage:/
|
|
||||||
|
|
||||||
# List objects in a bucket
|
|
||||||
duck --list garage:/my-files/
|
|
||||||
|
|
||||||
# Download an object
|
|
||||||
duck --download garage:/my-files/an-object.txt /tmp/object.txt
|
|
||||||
|
|
||||||
# Upload an object
|
|
||||||
duck --upload /tmp/object.txt garage:/my-files/another-object.txt
|
|
||||||
|
|
||||||
# Delete an object
|
|
||||||
duck --delete garage:/my-files/an-object.txt
|
|
||||||
```
|
|
||||||
|
|
||||||
## WinSCP (libs3) {#winscp}
|
|
||||||
|
|
||||||
*You can find instructions on how to use the GUI in french [in our wiki](https://wiki.deuxfleurs.fr/fr/Guide/Garage/WinSCP).*
|
|
||||||
|
|
||||||
How to use `winscp.com`, the CLI interface of WinSCP:
|
|
||||||
|
|
||||||
```
|
|
||||||
open s3://GKxxxxx:yyyyyyy@127.0.0.1:4443 -certificate=* -rawsettings S3DefaultRegion=garage S3UrlStyle=1
|
|
||||||
ls
|
|
||||||
ls my-files/
|
|
||||||
get my-files/an-object.txt Z:\tmp\object.txt
|
|
||||||
put Z:\tmp\object.txt my-files/another-object.txt
|
|
||||||
rm my-files/an-object
|
|
||||||
exit
|
|
||||||
```
|
|
||||||
|
|
||||||
Notes:
|
|
||||||
- It seems WinSCP supports only TLS connections for S3
|
|
||||||
- `-certificate=*` allows self-signed certificates, remove it if you have valid certificates
|
|
||||||
|
|
||||||
|
|
||||||
## sftpgo {#sftpgo}
|
|
||||||
|
|
||||||
sftpgo needs a database to work, by default it uses sqlite and does not require additional configuration.
|
|
||||||
You can then directly init it:
|
|
||||||
|
|
||||||
```
|
|
||||||
sftpgo initprovider
|
|
||||||
```
|
|
||||||
|
|
||||||
Then you can directly launch the daemon that will listen by default on `:8080 (http)` and `:2022 (ssh)`:
|
|
||||||
|
|
||||||
```
|
|
||||||
sftpgo serve
|
|
||||||
```
|
|
||||||
|
|
||||||
Go to the admin web interface (http://[::1]:8080/web/admin/), create the required admin account, then create a user account.
|
|
||||||
Choose a username (eg: `ada`) and a password.
|
|
||||||
|
|
||||||
In the filesystem section, choose:
|
|
||||||
- Storage: AWS S3 (Compatible)
|
|
||||||
- Bucket: *your bucket name*
|
|
||||||
- Region: `garage` (or the one you defined in `config.toml`)
|
|
||||||
- Access key: *your access key*
|
|
||||||
- Access secret: *your secret key*
|
|
||||||
- Endpoint: *your endpoint*, eg. `https://garage.example.tld`, note that the protocol (`https` here) must be specified. Non standard ports and `http` have not been tested yet.
|
|
||||||
- Keep the default values for other fields
|
|
||||||
- Tick "Use path-style addressing". It should work without ticking it if you have correctly configured your instance to use URL vhost-style.
|
|
||||||
|
|
||||||
Now you can access your bucket through SFTP:
|
|
||||||
|
|
||||||
```
|
|
||||||
sftp -P2022 ada@[::1]
|
|
||||||
ls
|
|
||||||
```
|
|
||||||
|
|
||||||
And through the web interface at http://[::1]:8080/web/client
|
|
||||||
|
|
|
@ -1,71 +0,0 @@
|
||||||
+++
|
|
||||||
title = "FUSE (s3fs, goofys, s3backer...)"
|
|
||||||
weight = 25
|
|
||||||
+++
|
|
||||||
|
|
||||||
**WARNING! Garage is not POSIX compatible.
|
|
||||||
Mounting S3 buckets as filesystems will not provide POSIX compatibility.
|
|
||||||
If you are not careful, you will lose or corrupt your data.**
|
|
||||||
|
|
||||||
Do not use these FUSE filesystems to store any database files (eg. MySQL, Postgresql, Mongo or sqlite),
|
|
||||||
any daemon cache (dovecot, openldap, gitea, etc.),
|
|
||||||
and more generally any software that use locking, advanced filesystems features or make any synchronisation assumption.
|
|
||||||
Ideally, avoid these solutions at all for any serious or production use.
|
|
||||||
|
|
||||||
## rclone mount
|
|
||||||
|
|
||||||
rclone uses the same configuration when used [in CLI](@/documentation/connect/cli.md) and mount mode.
|
|
||||||
We suppose you have the following entry in your `rclone.ini` (mine is located in `~/.config/rclone/rclone.conf`):
|
|
||||||
|
|
||||||
```toml
|
|
||||||
[garage]
|
|
||||||
type = s3
|
|
||||||
provider = Other
|
|
||||||
env_auth = false
|
|
||||||
access_key_id = <access key>
|
|
||||||
secret_access_key = <secret key>
|
|
||||||
region = <region>
|
|
||||||
endpoint = <endpoint>
|
|
||||||
force_path_style = true
|
|
||||||
acl = private
|
|
||||||
bucket_acl = private
|
|
||||||
```
|
|
||||||
|
|
||||||
Then you can mount and access any bucket as follow:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
# mount the bucket
|
|
||||||
mkdir /tmp/my-bucket
|
|
||||||
rclone mount --daemon garage:my-bucket /tmp/my-bucket
|
|
||||||
|
|
||||||
# set your working directory to the bucket
|
|
||||||
cd /tmp/my-bucket
|
|
||||||
|
|
||||||
# create a file
|
|
||||||
echo hello world > hello.txt
|
|
||||||
|
|
||||||
# access the file
|
|
||||||
cat hello.txt
|
|
||||||
|
|
||||||
# unmount the bucket
|
|
||||||
cd
|
|
||||||
fusermount -u /tmp/my-bucket
|
|
||||||
```
|
|
||||||
|
|
||||||
*External link:* [rclone documentation > rclone mount](https://rclone.org/commands/rclone_mount/)
|
|
||||||
|
|
||||||
## s3fs
|
|
||||||
|
|
||||||
*External link:* [s3fs github > README.md](https://github.com/s3fs-fuse/s3fs-fuse#user-content-examples)
|
|
||||||
|
|
||||||
## goofys
|
|
||||||
|
|
||||||
*External link:* [goofys github > README.md](https://github.com/kahing/goofys#user-content-usage)
|
|
||||||
|
|
||||||
## s3backer
|
|
||||||
|
|
||||||
*External link:* [s3backer github > manpage](https://github.com/archiecobbs/s3backer/wiki/ManPage)
|
|
||||||
|
|
||||||
## csi-s3
|
|
||||||
|
|
||||||
*External link:* [csi-s3 Github > README.md](https://github.com/ctrox/csi-s3)
|
|
|
@ -1,211 +0,0 @@
|
||||||
+++
|
|
||||||
title = "Repositories (Docker, Nix, Git...)"
|
|
||||||
weight = 15
|
|
||||||
+++
|
|
||||||
|
|
||||||
Whether you need to store and serve binary packages or source code, you may want to deploy a tool referred as a repository or registry.
|
|
||||||
Garage can also help you serve this content.
|
|
||||||
|
|
||||||
| Name | Status | Note |
|
|
||||||
|------|--------|------|
|
|
||||||
| [Gitea](#gitea) | ✅ | |
|
|
||||||
| [Docker](#docker) | ✅ | Requires garage >= v0.6.0 |
|
|
||||||
| [Nix](#nix) | ✅ | |
|
|
||||||
| [Gitlab](#gitlab) | ❓ | Not yet tested |
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## Gitea
|
|
||||||
|
|
||||||
You can use Garage with Gitea to store your [git LFS](https://git-lfs.github.com/) data, your users' avatar, and their attachements.
|
|
||||||
You can configure a different target for each data type (check `[lfs]` and `[attachment]` sections of the Gitea documentation) and you can provide a default one through the `[storage]` section.
|
|
||||||
|
|
||||||
Let's start by creating a key and a bucket (your key id and secret will be needed later, keep them somewhere):
|
|
||||||
|
|
||||||
```bash
|
|
||||||
garage key new --name gitea-key
|
|
||||||
garage bucket create gitea
|
|
||||||
garage bucket allow gitea --read --write --key gitea-key
|
|
||||||
```
|
|
||||||
|
|
||||||
Then you can edit your configuration (by default `/etc/gitea/conf/app.ini`):
|
|
||||||
|
|
||||||
```ini
|
|
||||||
[storage]
|
|
||||||
STORAGE_TYPE=minio
|
|
||||||
MINIO_ENDPOINT=localhost:3900
|
|
||||||
MINIO_ACCESS_KEY_ID=GKxxx
|
|
||||||
MINIO_SECRET_ACCESS_KEY=xxxx
|
|
||||||
MINIO_BUCKET=gitea
|
|
||||||
MINIO_LOCATION=garage
|
|
||||||
MINIO_USE_SSL=false
|
|
||||||
```
|
|
||||||
|
|
||||||
You can also pass this configuration through environment variables:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
GITEA__storage__STORAGE_TYPE=minio
|
|
||||||
GITEA__storage__MINIO_ENDPOINT=localhost:3900
|
|
||||||
GITEA__storage__MINIO_ACCESS_KEY_ID=GKxxx
|
|
||||||
GITEA__storage__MINIO_SECRET_ACCESS_KEY=xxxx
|
|
||||||
GITEA__storage__MINIO_BUCKET=gitea
|
|
||||||
GITEA__storage__MINIO_LOCATION=garage
|
|
||||||
GITEA__storage__MINIO_USE_SSL=false
|
|
||||||
```
|
|
||||||
|
|
||||||
Then restart your gitea instance and try to upload a custom avatar.
|
|
||||||
If it worked, you should see some content in your gitea bucket (you must configure your `aws` command before):
|
|
||||||
|
|
||||||
```
|
|
||||||
$ aws s3 ls s3://gitea/avatars/
|
|
||||||
2021-11-10 12:35:47 190034 616ba79ae2b84f565c33d72c2ec50861
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
||||||
*External link:* [Gitea Documentation > Configuration Cheat Sheet](https://docs.gitea.io/en-us/config-cheat-sheet/)
|
|
||||||
|
|
||||||
## Docker
|
|
||||||
|
|
||||||
Create a bucket and a key for your docker registry, then create `config.yml` with the following content:
|
|
||||||
|
|
||||||
```yml
|
|
||||||
version: 0.1
|
|
||||||
http:
|
|
||||||
addr: 0.0.0.0:5000
|
|
||||||
secret: asecretforlocaldevelopment
|
|
||||||
debug:
|
|
||||||
addr: localhost:5001
|
|
||||||
storage:
|
|
||||||
s3:
|
|
||||||
accesskey: GKxxxx
|
|
||||||
secretkey: yyyyy
|
|
||||||
region: garage
|
|
||||||
regionendpoint: http://localhost:3900
|
|
||||||
bucket: docker
|
|
||||||
secure: false
|
|
||||||
v4auth: true
|
|
||||||
rootdirectory: /
|
|
||||||
```
|
|
||||||
|
|
||||||
Replace the `accesskey`, `secretkey`, `bucket`, `regionendpoint` and `secure` values by the one fitting your deployment.
|
|
||||||
|
|
||||||
Then simply run the docker registry:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
docker run \
|
|
||||||
--net=host \
|
|
||||||
-v `pwd`/config.yml:/etc/docker/registry/config.yml \
|
|
||||||
registry:2
|
|
||||||
```
|
|
||||||
|
|
||||||
*We started a plain text registry but docker clients require encrypted registries. You must either [setup TLS](https://docs.docker.com/registry/deploying/#run-an-externally-accessible-registry) on your registry or add `--insecure-registry=localhost:5000` to your docker daemon parameters.*
|
|
||||||
|
|
||||||
|
|
||||||
*External link:* [Docker Documentation > Registry storage drivers > S3 storage driver](https://docs.docker.com/registry/storage-drivers/s3/)
|
|
||||||
|
|
||||||
## Nix
|
|
||||||
|
|
||||||
Nix has no repository in its terminology: instead, it breaks down this concept in 2 parts: binary cache and channel.
|
|
||||||
|
|
||||||
**A channel** is a set of `.nix` definitions that generate definitions for all the software you want to serve.
|
|
||||||
|
|
||||||
Because we do not want all our clients to compile all these derivations by themselves,
|
|
||||||
we can compile them once and then serve them as part of our **binary cache**.
|
|
||||||
|
|
||||||
It is possible to use a **binary cache** without a channel, you only need to serve your nix definitions
|
|
||||||
through another support, like a git repository.
|
|
||||||
|
|
||||||
As a first step, we will need to create a bucket on Garage and enabling website access on it:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
garage key new --name nix-key
|
|
||||||
garage bucket create nix.example.com
|
|
||||||
garage bucket allow nix.example.com --read --write --key nix-key
|
|
||||||
garage bucket website nix.example.com --allow
|
|
||||||
```
|
|
||||||
|
|
||||||
If you need more information about exposing buckets as websites on Garage,
|
|
||||||
check [Exposing buckets as websites](@/documentation/cookbook/exposing-websites.md)
|
|
||||||
and [Configuring a reverse proxy](@/documentation/cookbook/reverse-proxy.md).
|
|
||||||
|
|
||||||
Next, we want to check that our bucket works:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
echo nix repo > /tmp/index.html
|
|
||||||
mc cp /tmp/index.html garage/nix/
|
|
||||||
rm /tmp/index.html
|
|
||||||
|
|
||||||
curl https://nix.example.com
|
|
||||||
# output: nix repo
|
|
||||||
```
|
|
||||||
|
|
||||||
### Binary cache
|
|
||||||
|
|
||||||
To serve binaries as part of your cache, you need to sign them with a key specific to nix.
|
|
||||||
You can generate the keypair as follow:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
nix-store --generate-binary-cache-key <name> cache-priv-key.pem cache-pub-key.pem
|
|
||||||
```
|
|
||||||
|
|
||||||
You can then manually sign the packages of your store with the following command:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
nix sign-paths --all -k cache-priv-key.pem
|
|
||||||
```
|
|
||||||
|
|
||||||
Setting a key in `nix.conf` will do the signature at build time automatically without additional commands.
|
|
||||||
Edit the `nix.conf` of your builder:
|
|
||||||
|
|
||||||
```toml
|
|
||||||
secret-key-files = /etc/nix/cache-priv-key.pem
|
|
||||||
```
|
|
||||||
|
|
||||||
Now that your content is signed, you can copy a derivation to your cache.
|
|
||||||
For example, if you want to copy a specific derivation of your store:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
nix copy /nix/store/wadmyilr414n7bimxysbny876i2vlm5r-bash-5.1-p8 --to 's3://nix?endpoint=garage.example.com®ion=garage'
|
|
||||||
```
|
|
||||||
|
|
||||||
*Note that if you have not signed your packages, you can append to the end of your S3 URL `&secret-key=/etc/nix/cache-priv-key.pem`.*
|
|
||||||
|
|
||||||
Sometimes you don't want to hardcode this store path in your script.
|
|
||||||
Let suppose that you are working on a codebase that you build with `nix-build`, you can then run:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
nix copy $(nix-build) --to 's3://nix?endpoint=garage.example.com®ion=garage'
|
|
||||||
```
|
|
||||||
|
|
||||||
*This command works because the only thing that `nix-build` outputs on stdout is the paths of the built derivations in your nix store.*
|
|
||||||
|
|
||||||
You can include your derivation dependencies:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
nix copy $(nix-store -qR $(nix-build)) --to 's3://nix?endpoint=garage.example.com®ion=garage'
|
|
||||||
```
|
|
||||||
|
|
||||||
Now, your binary cache stores your derivation and all its dependencies.
|
|
||||||
Just inform your users that they must update their `nix.conf` file with the following lines:
|
|
||||||
|
|
||||||
```toml
|
|
||||||
substituters = https://cache.nixos.org https://nix.example.com
|
|
||||||
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix.example.com:eTGL6kvaQn6cDR/F9lDYUIP9nCVR/kkshYfLDJf1yKs=
|
|
||||||
```
|
|
||||||
|
|
||||||
*You must re-add cache.nixorg.org because redeclaring these keys override the previous configuration instead of extending it.*
|
|
||||||
|
|
||||||
Now, when your clients will run `nix-build` or any command that generates a derivation for which a hash is already present
|
|
||||||
on the binary cache, the client will download the result from the cache instead of compiling it, saving lot of time and CPU!
|
|
||||||
|
|
||||||
|
|
||||||
### Channels
|
|
||||||
|
|
||||||
Channels additionnaly serve Nix definitions, ie. a `.nix` file referencing
|
|
||||||
all the derivations you want to serve.
|
|
||||||
|
|
||||||
## Gitlab
|
|
||||||
|
|
||||||
*External link:* [Gitlab Documentation > Object storage](https://docs.gitlab.com/ee/administration/object_storage.html)
|
|
||||||
|
|
||||||
|
|
|
@ -1,86 +0,0 @@
|
||||||
+++
|
|
||||||
title = "Websites (Hugo, Jekyll, Publii...)"
|
|
||||||
weight = 10
|
|
||||||
+++
|
|
||||||
|
|
||||||
Garage is also suitable [to host static websites](@/documentation/cookbook/exposing-websites.md).
|
|
||||||
While they can be deployed with traditional CLI tools, some static website generators have integrated options to ease your workflow.
|
|
||||||
|
|
||||||
| Name | Status | Note |
|
|
||||||
|------|--------|------|
|
|
||||||
| [Hugo](#hugo) | ✅ | Publishing logic is integrated in the tool |
|
|
||||||
| [Publii](#publii) | ✅ | Require a correctly configured s3 vhost endpoint |
|
|
||||||
| [Generic Static Site Generator](#generic-static-site-generator) | ✅ | Works for Jekyll, Zola, Gatsby, Pelican, etc. |
|
|
||||||
|
|
||||||
## Hugo
|
|
||||||
|
|
||||||
Add to your `config.toml` the following section:
|
|
||||||
|
|
||||||
```toml
|
|
||||||
[[deployment.targets]]
|
|
||||||
URL = "s3://<bucket>?endpoint=<endpoint>&disableSSL=<bool>&s3ForcePathStyle=true®ion=garage"
|
|
||||||
```
|
|
||||||
|
|
||||||
For example:
|
|
||||||
|
|
||||||
```toml
|
|
||||||
[[deployment.targets]]
|
|
||||||
URL = "s3://my-blog?endpoint=localhost:9000&disableSSL=true&s3ForcePathStyle=true®ion=garage"
|
|
||||||
```
|
|
||||||
|
|
||||||
Then inform hugo of your credentials:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
export AWS_ACCESS_KEY_ID=GKxxx
|
|
||||||
export AWS_SECRET_ACCESS_KEY=xxx
|
|
||||||
```
|
|
||||||
|
|
||||||
And finally build and deploy your website:
|
|
||||||
|
|
||||||
```bsh
|
|
||||||
hugo
|
|
||||||
hugo deploy
|
|
||||||
```
|
|
||||||
|
|
||||||
*External links:*
|
|
||||||
- [gocloud.dev > aws > Supported URL parameters](https://pkg.go.dev/gocloud.dev/aws?utm_source=godoc#ConfigFromURLParams)
|
|
||||||
- [Hugo Documentation > hugo deploy](https://gohugo.io/hosting-and-deployment/hugo-deploy/)
|
|
||||||
|
|
||||||
## Publii
|
|
||||||
|
|
||||||
[![A screenshot of Publii's GUI](./publii.png)](./publii.png)
|
|
||||||
|
|
||||||
Deploying a website to Garage from Publii is natively supported.
|
|
||||||
First, make sure that your Garage administrator allowed and configured Garage to support vhost access style.
|
|
||||||
We also suppose that your bucket ("my-bucket") and key is already created and configured.
|
|
||||||
|
|
||||||
Then, from the left menu, click on server. Choose "S3" as the protocol.
|
|
||||||
In the configuration window, enter:
|
|
||||||
- Your finale website URL (eg. "http://my-bucket.web.garage.localhost:3902")
|
|
||||||
- Tick "Use a custom S3 provider"
|
|
||||||
- Set the S3 endpoint, (eg. "http://s3.garage.localhost:3900")
|
|
||||||
- Then put your access key (eg. "GK..."), your secret key, and your bucket (eg. "my-bucket")
|
|
||||||
- And hit the button "Save settings"
|
|
||||||
|
|
||||||
Now, each time you want to publish your website from Publii, just hit the bottom left button "Sync your website"!
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## Generic Static Site Generator
|
|
||||||
|
|
||||||
Some tools do not support sending to a S3 backend but output a compiled folder on your system.
|
|
||||||
We can then use any CLI tool to upload this content to our S3 target.
|
|
||||||
|
|
||||||
First, start by [configuring minio client](@/documentation/connect/cli.md#minio-client).
|
|
||||||
|
|
||||||
Then build your website (example for jekyll):
|
|
||||||
|
|
||||||
```bash
|
|
||||||
jekyll build
|
|
||||||
```
|
|
||||||
|
|
||||||
And copy its output folder (`_site` for Jekyll) on S3:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
mc mirror --overwrite _site garage/my-site
|
|
||||||
```
|
|
|
@ -1,31 +0,0 @@
|
||||||
+++
|
|
||||||
title="Cookbook"
|
|
||||||
template = "documentation.html"
|
|
||||||
weight = 2
|
|
||||||
sort_by = "weight"
|
|
||||||
+++
|
|
||||||
|
|
||||||
A cookbook, when you cook, is a collection of recipes.
|
|
||||||
Similarly, Garage's cookbook contains a collection of recipes that are known to works well!
|
|
||||||
This chapter could also be referred as "Tutorials" or "Best practices".
|
|
||||||
|
|
||||||
- **[Multi-node deployment](@/documentation/cookbook/real-world.md):** This page will walk you through all of the necessary
|
|
||||||
steps to deploy Garage in a real-world setting.
|
|
||||||
|
|
||||||
- **[Building from source](@/documentation/cookbook/from-source.md):** This page explains how to build Garage from
|
|
||||||
source in case a binary is not provided for your architecture, or if you want to
|
|
||||||
hack with us!
|
|
||||||
|
|
||||||
- **[Integration with Systemd](@/documentation/cookbook/systemd.md):** This page explains how to run Garage
|
|
||||||
as a Systemd service (instead of as a Docker container).
|
|
||||||
|
|
||||||
- **[Configuring a gateway node](@/documentation/cookbook/gateways.md):** This page explains how to run a gateway node in a Garage cluster, i.e. a Garage node that doesn't store data but accelerates access to data present on the other nodes.
|
|
||||||
|
|
||||||
- **[Hosting a website](@/documentation/cookbook/exposing-websites.md):** This page explains how to use Garage
|
|
||||||
to host a static website.
|
|
||||||
|
|
||||||
- **[Configuring a reverse-proxy](@/documentation/cookbook/reverse-proxy.md):** This page explains how to configure a reverse-proxy to add TLS support to your S3 api endpoint.
|
|
||||||
|
|
||||||
- **[Recovering from failures](@/documentation/cookbook/recovering.md):** Garage's first selling point is resilience
|
|
||||||
to hardware failures. This section explains how to recover from such a failure in the
|
|
||||||
best possible way.
|
|
|
@ -1,71 +0,0 @@
|
||||||
+++
|
|
||||||
title = "Exposing buckets as websites"
|
|
||||||
weight = 25
|
|
||||||
+++
|
|
||||||
|
|
||||||
## Configuring a bucket for website access
|
|
||||||
|
|
||||||
There are three methods to expose buckets as website:
|
|
||||||
|
|
||||||
1. using the PutBucketWebsite S3 API call, which is allowed for access keys that have the owner permission bit set
|
|
||||||
|
|
||||||
2. from the Garage CLI, by an adminstrator of the cluster
|
|
||||||
|
|
||||||
3. using the Garage administration API
|
|
||||||
|
|
||||||
The `PutBucketWebsite` API endpoint [is documented](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketWebsite.html) in the official AWS docs.
|
|
||||||
This endpoint can also be called [using `aws s3api`](https://docs.aws.amazon.com/cli/latest/reference/s3api/put-bucket-website.html) on the command line.
|
|
||||||
The website configuration supported by Garage is only a subset of the possibilities on Amazon S3: redirections are not supported, only the index document and error document can be specified.
|
|
||||||
|
|
||||||
If you want to expose your bucket as a website from the CLI, use this simple command:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
garage bucket website --allow my-website
|
|
||||||
```
|
|
||||||
|
|
||||||
Now it will be **publicly** exposed on the web endpoint (by default listening on port 3902).
|
|
||||||
|
|
||||||
## How exposed websites work
|
|
||||||
|
|
||||||
Our website serving logic is as follow:
|
|
||||||
|
|
||||||
- Supports only static websites (no support for PHP or other languages)
|
|
||||||
- Does not support directory listing
|
|
||||||
- The index file is defined per-bucket and can be specified in the `PutBucketWebsite` call
|
|
||||||
or on the CLI using the `--index-document` parameter (default: `index.html`)
|
|
||||||
- A custom error document for 404 errors can be specified in the `PutBucketWebsite` call
|
|
||||||
or on the CLI using the `--error-document` parameter
|
|
||||||
|
|
||||||
Now we need to infer the URL of your website through your bucket name.
|
|
||||||
Let assume:
|
|
||||||
- we set `root_domain = ".web.example.com"` in `garage.toml` ([ref](@/documentation/reference-manual/configuration.md#root_domain))
|
|
||||||
- our bucket name is `garagehq.deuxfleurs.fr`.
|
|
||||||
|
|
||||||
Our bucket will be served if the Host field matches one of these 2 values (the port is ignored):
|
|
||||||
|
|
||||||
- `garagehq.deuxfleurs.fr.web.example.com`: you can dedicate a subdomain to your users (here `web.example.com`).
|
|
||||||
|
|
||||||
- `garagehq.deuxfleurs.fr`: your users can bring their own domain name, they just need to point them to your Garage cluster.
|
|
||||||
|
|
||||||
You can try this logic locally, without configuring any DNS, thanks to `curl`:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
# prepare your test
|
|
||||||
echo hello world > /tmp/index.html
|
|
||||||
mc cp /tmp/index.html garage/garagehq.deuxfleurs.fr
|
|
||||||
|
|
||||||
curl -H 'Host: garagehq.deuxfleurs.fr' http://localhost:3902
|
|
||||||
# should print "hello world"
|
|
||||||
|
|
||||||
curl -H 'Host: garagehq.deuxfleurs.fr.web.example.com' http://localhost:3902
|
|
||||||
# should also print "hello world"
|
|
||||||
```
|
|
||||||
|
|
||||||
Now that you understand how website logic works on Garage, you can:
|
|
||||||
|
|
||||||
- make the website endpoint listens on port 80 (instead of 3902)
|
|
||||||
- use iptables to redirect the port 80 to the port 3902:
|
|
||||||
`iptables -t nat -A PREROUTING -p tcp -dport 80 -j REDIRECT -to-port 3902`
|
|
||||||
- or configure a [reverse proxy](@/documentation/cookbook/reverse-proxy.md) in front of Garage to add TLS (HTTPS), CORS support, etc.
|
|
||||||
|
|
||||||
You can also take a look at [Website Integration](@/documentation/connect/websites.md) to see how you can add Garage to your workflow.
|
|
|
@ -1,95 +0,0 @@
|
||||||
+++
|
|
||||||
title = "Compiling Garage from source"
|
|
||||||
weight = 10
|
|
||||||
+++
|
|
||||||
|
|
||||||
|
|
||||||
Garage is a standard Rust project. First, you need `rust` and `cargo`. For instance on Debian:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
sudo apt-get update
|
|
||||||
sudo apt-get install -y rustc cargo
|
|
||||||
```
|
|
||||||
|
|
||||||
You can also use [Rustup](https://rustup.rs/) to setup a Rust toolchain easily.
|
|
||||||
|
|
||||||
In addition, you will need a full C toolchain. On Debian-based distributions, it can be installed as follows:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
sudo apt-get update
|
|
||||||
sudo apt-get install build-essential
|
|
||||||
```
|
|
||||||
|
|
||||||
## Building from source from the Gitea repository
|
|
||||||
|
|
||||||
The primary location for Garage's source code is the
|
|
||||||
[Gitea repository](https://git.deuxfleurs.fr/Deuxfleurs/garage),
|
|
||||||
which contains all of the released versions as well as the code
|
|
||||||
for the developpement of the next version.
|
|
||||||
|
|
||||||
Clone the repository and enter it as follows:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
git clone https://git.deuxfleurs.fr/Deuxfleurs/garage.git
|
|
||||||
cd garage
|
|
||||||
```
|
|
||||||
|
|
||||||
If you wish to build a specific version of Garage, check out the corresponding tag. For instance:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
git tag # List available tags
|
|
||||||
git checkout v0.8.0 # Change v0.8.0 with the version you wish to build
|
|
||||||
```
|
|
||||||
|
|
||||||
Otherwise you will be building a developpement build from the `main` branch
|
|
||||||
that includes all of the changes to be released in the next version.
|
|
||||||
Be careful that such a build might be unstable or contain bugs,
|
|
||||||
and could be incompatible with nodes that run stable versions of Garage.
|
|
||||||
|
|
||||||
Finally, build Garage with the following command:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
cargo build --release
|
|
||||||
```
|
|
||||||
|
|
||||||
The binary built this way can now be found in `target/release/garage`.
|
|
||||||
You may simply copy this binary to somewhere in your `$PATH` in order to
|
|
||||||
have the `garage` command available in your shell, for instance:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
sudo cp target/release/garage /usr/local/bin/garage
|
|
||||||
```
|
|
||||||
|
|
||||||
If you are planning to develop Garage,
|
|
||||||
you might be interested in producing debug builds, which compile faster but run slower:
|
|
||||||
this can be done by removing the `--release` flag, and the resulting build can then
|
|
||||||
be found in `target/debug/garage`.
|
|
||||||
|
|
||||||
## List of available Cargo feature flags
|
|
||||||
|
|
||||||
Garage supports a number of compilation options in the form of Cargo feature flags,
|
|
||||||
which can be used to provide builds adapted to your system and your use case.
|
|
||||||
To produce a build with a given set of features, invoke the `cargo build` command
|
|
||||||
as follows:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
# This will build the default feature set plus feature1, feature2 and feature3
|
|
||||||
cargo build --release --features feature1,feature2,feature3
|
|
||||||
# This will build ONLY feature1, feature2 and feature3
|
|
||||||
cargo build --release --no-default-features \
|
|
||||||
--features feature1,feature2,feature3
|
|
||||||
```
|
|
||||||
|
|
||||||
The following feature flags are available in v0.8.0:
|
|
||||||
|
|
||||||
| Feature flag | Enabled | Description |
|
|
||||||
| ------------ | ------- | ----------- |
|
|
||||||
| `bundled-libs` | *by default* | Use bundled version of sqlite3, zstd, lmdb and libsodium |
|
|
||||||
| `system-libs` | optional | Use system version of sqlite3, zstd, lmdb and libsodium<br>if available (exclusive with `bundled-libs`, build using<br>`cargo build --no-default-features --features system-libs`) |
|
|
||||||
| `k2v` | optional | Enable the experimental K2V API (if used, all nodes on your<br>Garage cluster must have it enabled as well) |
|
|
||||||
| `kubernetes-discovery` | optional | Enable automatic registration and discovery<br>of cluster nodes through the Kubernetes API |
|
|
||||||
| `metrics` | *by default* | Enable collection of metrics in Prometheus format on the admin API |
|
|
||||||
| `telemetry-otlp` | optional | Enable collection of execution traces using OpenTelemetry |
|
|
||||||
| `sled` | *by default* | Enable using Sled to store Garage's metadata |
|
|
||||||
| `lmdb` | optional | Enable using LMDB to store Garage's metadata |
|
|
||||||
| `sqlite` | optional | Enable using Sqlite3 to store Garage's metadata |
|
|
|
@ -1,39 +0,0 @@
|
||||||
+++
|
|
||||||
title = "Configuring a gateway node"
|
|
||||||
weight = 20
|
|
||||||
+++
|
|
||||||
|
|
||||||
Gateways allow you to expose Garage endpoints (S3 API and websites) without storing data on the node.
|
|
||||||
|
|
||||||
## Benefits
|
|
||||||
|
|
||||||
You can configure Garage as a gateway on all nodes that will consume your S3 API, it will provide you the following benefits:
|
|
||||||
|
|
||||||
- **It removes 1 or 2 network RTT.** Instead of (querying your reverse proxy then) querying a random node of the cluster that will forward your request to the nodes effectively storing the data, your local gateway will directly knows which node to query.
|
|
||||||
|
|
||||||
- **It eases server management.** Instead of tracking in your reverse proxy and DNS what are the current Garage nodes, your gateway being part of the cluster keeps this information for you. In your software, you will always specify `http://localhost:3900`.
|
|
||||||
|
|
||||||
- **It simplifies security.** Instead of having to maintain and renew a TLS certificate, you leverage the Secret Handshake protocol we use for our cluster. The S3 API protocol will be in plain text but limited to your local machine.
|
|
||||||
|
|
||||||
|
|
||||||
## Spawn a Gateway
|
|
||||||
|
|
||||||
The instructions are similar to a regular node, the only option that is different is while configuring the node, you must set the `--gateway` parameter:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
garage layout assign --gateway --tag gw1 <node_id>
|
|
||||||
garage layout show # review the changes you are making
|
|
||||||
garage layout apply # once satisfied, apply the changes
|
|
||||||
```
|
|
||||||
|
|
||||||
Then use `http://localhost:3900` when a S3 endpoint is required:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
aws --endpoint-url http://127.0.0.1:3900 s3 ls
|
|
||||||
```
|
|
||||||
|
|
||||||
If a newly added gateway node seems to not be working, do a full table resync to ensure that bucket and key list are correctly propagated:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
garage repair -a --yes tables
|
|
||||||
```
|
|
|
@ -1,87 +0,0 @@
|
||||||
+++
|
|
||||||
title = "Deploying on Kubernetes"
|
|
||||||
weight = 32
|
|
||||||
+++
|
|
||||||
|
|
||||||
Garage can also be deployed on a kubernetes cluster via helm chart.
|
|
||||||
|
|
||||||
## Deploying
|
|
||||||
|
|
||||||
Firstly clone the repository:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
git clone https://git.deuxfleurs.fr/Deuxfleurs/garage
|
|
||||||
cd garage/scripts/helm
|
|
||||||
```
|
|
||||||
|
|
||||||
Deploy with default options:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
helm install --create-namespace --namespace garage garage ./garage
|
|
||||||
```
|
|
||||||
|
|
||||||
Or deploy with custom values:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
helm install --create-namespace --namespace garage garage ./garage -f values.override.yaml
|
|
||||||
```
|
|
||||||
|
|
||||||
After deploying, cluster layout must be configured manually as described in [Creating a cluster layout](@/documentation/quick-start/_index.md#creating-a-cluster-layout). Use the following command to access garage CLI:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
kubectl exec --stdin --tty -n garage garage-0 -- ./garage status
|
|
||||||
```
|
|
||||||
|
|
||||||
## Overriding default values
|
|
||||||
|
|
||||||
All possible configuration values can be found with:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
helm show values ./garage
|
|
||||||
```
|
|
||||||
|
|
||||||
This is an example `values.overrride.yaml` for deploying in a microk8s cluster with a https s3 api ingress route:
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
garage:
|
|
||||||
# Use only 2 replicas per object
|
|
||||||
replicationMode: "2"
|
|
||||||
|
|
||||||
# Start 4 instances (StatefulSets) of garage
|
|
||||||
replicaCount: 4
|
|
||||||
|
|
||||||
# Override default storage class and size
|
|
||||||
persistence:
|
|
||||||
meta:
|
|
||||||
storageClass: "openebs-hostpath"
|
|
||||||
size: 100Mi
|
|
||||||
data:
|
|
||||||
storageClass: "openebs-hostpath"
|
|
||||||
size: 1Gi
|
|
||||||
|
|
||||||
ingress:
|
|
||||||
s3:
|
|
||||||
api:
|
|
||||||
enabled: true
|
|
||||||
className: "public"
|
|
||||||
annotations:
|
|
||||||
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
|
||||||
nginx.ingress.kubernetes.io/proxy-body-size: 500m
|
|
||||||
hosts:
|
|
||||||
- host: s3-api.my-domain.com
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
pathType: Prefix
|
|
||||||
tls:
|
|
||||||
- secretName: garage-ingress-cert
|
|
||||||
hosts:
|
|
||||||
- s3-api.my-domain.com
|
|
||||||
```
|
|
||||||
|
|
||||||
## Removing
|
|
||||||
|
|
||||||
```bash
|
|
||||||
helm delete --namespace garage garage
|
|
||||||
```
|
|
||||||
|
|
||||||
Note that this will leave behind custom CRD `garagenodes.deuxfleurs.fr`, which must be removed manually if desired.
|
|
|
@ -1,306 +0,0 @@
|
||||||
+++
|
|
||||||
title = "Monitoring Garage"
|
|
||||||
weight = 40
|
|
||||||
+++
|
|
||||||
|
|
||||||
Garage exposes some internal metrics in the Prometheus data format.
|
|
||||||
This page explains how to exploit these metrics.
|
|
||||||
|
|
||||||
## Setting up monitoring
|
|
||||||
|
|
||||||
### Enabling the Admin API endpoint
|
|
||||||
|
|
||||||
If you have not already enabled the [administration API endpoint](@/documentation/reference-manual/admin-api.md), do so by adding the following lines to your configuration file:
|
|
||||||
|
|
||||||
```toml
|
|
||||||
[admin]
|
|
||||||
api_bind_addr = "0.0.0.0:3903"
|
|
||||||
```
|
|
||||||
|
|
||||||
This will allow anyone to scrape Prometheus metrics by fetching
|
|
||||||
`http://localhost:3093/metrics`. If you want to restrict access
|
|
||||||
to the exported metrics, set the `metrics_token` configuration value
|
|
||||||
to a bearer token to be used when fetching the metrics endpoint.
|
|
||||||
|
|
||||||
### Setting up Prometheus and Grafana
|
|
||||||
|
|
||||||
Add a scrape config to your Prometheus daemon to scrape metrics from
|
|
||||||
all of your nodes:
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
scrape_configs:
|
|
||||||
- job_name: 'garage'
|
|
||||||
static_configs:
|
|
||||||
- targets:
|
|
||||||
- 'node1.mycluster:3903'
|
|
||||||
- 'node2.mycluster:3903'
|
|
||||||
- 'node3.mycluster:3903'
|
|
||||||
```
|
|
||||||
|
|
||||||
If you have set a metrics token in your Garage configuration file,
|
|
||||||
add the following lines in your Prometheus scrape config:
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
authorization:
|
|
||||||
type: Bearer
|
|
||||||
credentials: 'your metrics token'
|
|
||||||
```
|
|
||||||
|
|
||||||
To visualize the scraped data in Grafana,
|
|
||||||
you can either import our [Grafana dashboard for Garage](https://git.deuxfleurs.fr/Deuxfleurs/garage/raw/branch/main/script/telemetry/grafana-garage-dashboard-prometheus.json)
|
|
||||||
or make your own.
|
|
||||||
We detail below the list of exposed metrics and their meaning.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## List of exported metrics
|
|
||||||
|
|
||||||
|
|
||||||
### Metrics of the API endpoints
|
|
||||||
|
|
||||||
#### `api_admin_request_counter` (counter)
|
|
||||||
|
|
||||||
Counts the number of requests to a given endpoint of the administration API. Example:
|
|
||||||
|
|
||||||
```
|
|
||||||
api_admin_request_counter{api_endpoint="Metrics"} 127041
|
|
||||||
```
|
|
||||||
|
|
||||||
#### `api_admin_request_duration` (histogram)
|
|
||||||
|
|
||||||
Evaluates the duration of API calls to the various administration API endpoint. Example:
|
|
||||||
|
|
||||||
```
|
|
||||||
api_admin_request_duration_bucket{api_endpoint="Metrics",le="0.5"} 127041
|
|
||||||
api_admin_request_duration_sum{api_endpoint="Metrics"} 605.250344830999
|
|
||||||
api_admin_request_duration_count{api_endpoint="Metrics"} 127041
|
|
||||||
```
|
|
||||||
|
|
||||||
#### `api_s3_request_counter` (counter)
|
|
||||||
|
|
||||||
Counts the number of requests to a given endpoint of the S3 API. Example:
|
|
||||||
|
|
||||||
```
|
|
||||||
api_s3_request_counter{api_endpoint="CreateMultipartUpload"} 1
|
|
||||||
```
|
|
||||||
|
|
||||||
#### `api_s3_error_counter` (counter)
|
|
||||||
|
|
||||||
Counts the number of requests to a given endpoint of the S3 API that returned an error. Example:
|
|
||||||
|
|
||||||
```
|
|
||||||
api_s3_error_counter{api_endpoint="GetObject",status_code="404"} 39
|
|
||||||
```
|
|
||||||
|
|
||||||
#### `api_s3_request_duration` (histogram)
|
|
||||||
|
|
||||||
Evaluates the duration of API calls to the various S3 API endpoints. Example:
|
|
||||||
|
|
||||||
```
|
|
||||||
api_s3_request_duration_bucket{api_endpoint="CreateMultipartUpload",le="0.5"} 1
|
|
||||||
api_s3_request_duration_sum{api_endpoint="CreateMultipartUpload"} 0.046340762
|
|
||||||
api_s3_request_duration_count{api_endpoint="CreateMultipartUpload"} 1
|
|
||||||
```
|
|
||||||
|
|
||||||
#### `api_k2v_request_counter` (counter), `api_k2v_error_counter` (counter), `api_k2v_error_duration` (histogram)
|
|
||||||
|
|
||||||
Same as for S3, for the K2V API.
|
|
||||||
|
|
||||||
|
|
||||||
### Metrics of the Web endpoint
|
|
||||||
|
|
||||||
|
|
||||||
#### `web_request_counter` (counter)
|
|
||||||
|
|
||||||
Number of requests to the web endpoint
|
|
||||||
|
|
||||||
```
|
|
||||||
web_request_counter{method="GET"} 80
|
|
||||||
```
|
|
||||||
|
|
||||||
#### `web_request_duration` (histogram)
|
|
||||||
|
|
||||||
Duration of requests to the web endpoint
|
|
||||||
|
|
||||||
```
|
|
||||||
web_request_duration_bucket{method="GET",le="0.5"} 80
|
|
||||||
web_request_duration_sum{method="GET"} 1.0528433229999998
|
|
||||||
web_request_duration_count{method="GET"} 80
|
|
||||||
```
|
|
||||||
|
|
||||||
#### `web_error_counter` (counter)
|
|
||||||
|
|
||||||
Number of requests to the web endpoint resulting in errors
|
|
||||||
|
|
||||||
```
|
|
||||||
web_error_counter{method="GET",status_code="404 Not Found"} 64
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
||||||
### Metrics of the data block manager
|
|
||||||
|
|
||||||
#### `block_bytes_read`, `block_bytes_written` (counter)
|
|
||||||
|
|
||||||
Number of bytes read/written to/from disk in the data storage directory.
|
|
||||||
|
|
||||||
```
|
|
||||||
block_bytes_read 120586322022
|
|
||||||
block_bytes_written 3386618077
|
|
||||||
```
|
|
||||||
|
|
||||||
#### `block_read_duration`, `block_write_duration` (histograms)
|
|
||||||
|
|
||||||
Evaluates the duration of the reading/writing of individual data blocks in the data storage directory.
|
|
||||||
|
|
||||||
```
|
|
||||||
block_read_duration_bucket{le="0.5"} 169229
|
|
||||||
block_read_duration_sum 2761.6902550310056
|
|
||||||
block_read_duration_count 169240
|
|
||||||
block_write_duration_bucket{le="0.5"} 3559
|
|
||||||
block_write_duration_sum 195.59170078500006
|
|
||||||
block_write_duration_count 3571
|
|
||||||
```
|
|
||||||
|
|
||||||
#### `block_delete_counter` (counter)
|
|
||||||
|
|
||||||
Counts the number of data blocks that have been deleted from storage.
|
|
||||||
|
|
||||||
```
|
|
||||||
block_delete_counter 122
|
|
||||||
```
|
|
||||||
|
|
||||||
#### `block_resync_counter` (counter), `block_resync_duration` (histogram)
|
|
||||||
|
|
||||||
Counts the number of resync operations the node has executed, and evaluates their duration.
|
|
||||||
|
|
||||||
```
|
|
||||||
block_resync_counter 308897
|
|
||||||
block_resync_duration_bucket{le="0.5"} 308892
|
|
||||||
block_resync_duration_sum 139.64204196100016
|
|
||||||
block_resync_duration_count 308897
|
|
||||||
```
|
|
||||||
|
|
||||||
#### `block_resync_queue_length` (gauge)
|
|
||||||
|
|
||||||
The number of block hashes currently queued for a resync.
|
|
||||||
This is normal to be nonzero for long periods of time.
|
|
||||||
|
|
||||||
```
|
|
||||||
block_resync_queue_length 0
|
|
||||||
```
|
|
||||||
|
|
||||||
#### `block_resync_errored_blocks` (gauge)
|
|
||||||
|
|
||||||
The number of block hashes that we were unable to resync last time we tried.
|
|
||||||
**THIS SHOULD BE ZERO, OR FALL BACK TO ZERO RAPIDLY, IN A HEALTHY CLUSTER.**
|
|
||||||
Persistent nonzero values indicate that some data is likely to be lost.
|
|
||||||
|
|
||||||
```
|
|
||||||
block_resync_errored_blocks 0
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
||||||
### Metrics related to RPCs (remote procedure calls) between nodes
|
|
||||||
|
|
||||||
#### `rpc_netapp_request_counter` (counter)
|
|
||||||
|
|
||||||
Number of RPC requests emitted
|
|
||||||
|
|
||||||
```
|
|
||||||
rpc_request_counter{from="<this node>",rpc_endpoint="garage_block/manager.rs/Rpc",to="<remote node>"} 176
|
|
||||||
```
|
|
||||||
|
|
||||||
#### `rpc_netapp_error_counter` (counter)
|
|
||||||
|
|
||||||
Number of communication errors (errors in the Netapp library, generally due to disconnected nodes)
|
|
||||||
|
|
||||||
```
|
|
||||||
rpc_netapp_error_counter{from="<this node>",rpc_endpoint="garage_block/manager.rs/Rpc",to="<remote node>"} 354
|
|
||||||
```
|
|
||||||
|
|
||||||
#### `rpc_timeout_counter` (counter)
|
|
||||||
|
|
||||||
Number of RPC timeouts, should be close to zero in a healthy cluster.
|
|
||||||
|
|
||||||
```
|
|
||||||
rpc_timeout_counter{from="<this node>",rpc_endpoint="garage_rpc/membership.rs/SystemRpc",to="<remote node>"} 1
|
|
||||||
```
|
|
||||||
|
|
||||||
#### `rpc_duration` (histogram)
|
|
||||||
|
|
||||||
The duration of internal RPC calls between Garage nodes.
|
|
||||||
|
|
||||||
```
|
|
||||||
rpc_duration_bucket{from="<this node>",rpc_endpoint="garage_block/manager.rs/Rpc",to="<remote node>",le="0.5"} 166
|
|
||||||
rpc_duration_sum{from="<this node>",rpc_endpoint="garage_block/manager.rs/Rpc",to="<remote node>"} 35.172253716
|
|
||||||
rpc_duration_count{from="<this node>",rpc_endpoint="garage_block/manager.rs/Rpc",to="<remote node>"} 174
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
||||||
### Metrics of the metadata table manager
|
|
||||||
|
|
||||||
#### `table_gc_todo_queue_length` (gauge)
|
|
||||||
|
|
||||||
Table garbage collector TODO queue length
|
|
||||||
|
|
||||||
```
|
|
||||||
table_gc_todo_queue_length{table_name="block_ref"} 0
|
|
||||||
```
|
|
||||||
|
|
||||||
#### `table_get_request_counter` (counter), `table_get_request_duration` (histogram)
|
|
||||||
|
|
||||||
Number of get/get_range requests internally made on each table, and their duration.
|
|
||||||
|
|
||||||
```
|
|
||||||
table_get_request_counter{table_name="bucket_alias"} 315
|
|
||||||
table_get_request_duration_bucket{table_name="bucket_alias",le="0.5"} 315
|
|
||||||
table_get_request_duration_sum{table_name="bucket_alias"} 0.048509778000000024
|
|
||||||
table_get_request_duration_count{table_name="bucket_alias"} 315
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
||||||
#### `table_put_request_counter` (counter), `table_put_request_duration` (histogram)
|
|
||||||
|
|
||||||
Number of insert/insert_many requests internally made on this table, and their duration
|
|
||||||
|
|
||||||
```
|
|
||||||
table_put_request_counter{table_name="block_ref"} 677
|
|
||||||
table_put_request_duration_bucket{table_name="block_ref",le="0.5"} 677
|
|
||||||
table_put_request_duration_sum{table_name="block_ref"} 61.617528636
|
|
||||||
table_put_request_duration_count{table_name="block_ref"} 677
|
|
||||||
```
|
|
||||||
|
|
||||||
#### `table_internal_delete_counter` (counter)
|
|
||||||
|
|
||||||
Number of value deletions in the tree (due to GC or repartitioning)
|
|
||||||
|
|
||||||
```
|
|
||||||
table_internal_delete_counter{table_name="block_ref"} 2296
|
|
||||||
```
|
|
||||||
|
|
||||||
#### `table_internal_update_counter` (counter)
|
|
||||||
|
|
||||||
Number of value updates where the value actually changes (includes creation of new key and update of existing key)
|
|
||||||
|
|
||||||
```
|
|
||||||
table_internal_update_counter{table_name="block_ref"} 5996
|
|
||||||
```
|
|
||||||
|
|
||||||
#### `table_merkle_updater_todo_queue_length` (gauge)
|
|
||||||
|
|
||||||
Merkle tree updater TODO queue length (should fall to zero rapidly)
|
|
||||||
|
|
||||||
```
|
|
||||||
table_merkle_updater_todo_queue_length{table_name="block_ref"} 0
|
|
||||||
```
|
|
||||||
|
|
||||||
#### `table_sync_items_received`, `table_sync_items_sent` (counters)
|
|
||||||
|
|
||||||
Number of data items sent to/recieved from other nodes during resync procedures
|
|
||||||
|
|
||||||
```
|
|
||||||
table_sync_items_received{from="<remote node>",table_name="bucket_v2"} 3
|
|
||||||
table_sync_items_sent{table_name="block_ref",to="<remote node>"} 2
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
|
@ -1,308 +0,0 @@
|
||||||
+++
|
|
||||||
title = "Configuring a reverse proxy"
|
|
||||||
weight = 30
|
|
||||||
+++
|
|
||||||
|
|
||||||
The main reason to add a reverse proxy in front of Garage is to provide TLS to your users and serve multiple web services on port 443.
|
|
||||||
|
|
||||||
In production you will likely need your certificates signed by a certificate authority.
|
|
||||||
The most automated way is to use a provider supporting the [ACME protocol](https://datatracker.ietf.org/doc/html/rfc8555)
|
|
||||||
such as [Let's Encrypt](https://letsencrypt.org/), [ZeroSSL](https://zerossl.com/) or [Buypass Go SSL](https://www.buypass.com/ssl/products/acme).
|
|
||||||
|
|
||||||
If you are only testing Garage, you can generate a self-signed certificate to follow the documentation:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
openssl req \
|
|
||||||
-new \
|
|
||||||
-x509 \
|
|
||||||
-keyout /tmp/garage.key \
|
|
||||||
-out /tmp/garage.crt \
|
|
||||||
-nodes \
|
|
||||||
-subj "/C=XX/ST=XX/L=XX/O=XX/OU=XX/CN=localhost/emailAddress=X@X.XX" \
|
|
||||||
-addext "subjectAltName = DNS:localhost, IP:127.0.0.1"
|
|
||||||
|
|
||||||
cat /tmp/garage.key /tmp/garage.crt > /tmp/garage.pem
|
|
||||||
```
|
|
||||||
|
|
||||||
Be careful as you will need to allow self signed certificates in your client.
|
|
||||||
For example, with minio, you must add the `--insecure` flag.
|
|
||||||
An example:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
mc ls --insecure garage/
|
|
||||||
```
|
|
||||||
|
|
||||||
## socat (only for testing purposes)
|
|
||||||
|
|
||||||
If you want to test Garage with a TLS frontend, socat can do it for you in a single command:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
socat \
|
|
||||||
"openssl-listen:443,\
|
|
||||||
reuseaddr,\
|
|
||||||
fork,\
|
|
||||||
verify=0,\
|
|
||||||
cert=/tmp/garage.pem" \
|
|
||||||
tcp4-connect:localhost:3900
|
|
||||||
```
|
|
||||||
|
|
||||||
## Nginx
|
|
||||||
|
|
||||||
Nginx is a well-known reverse proxy suitable for production.
|
|
||||||
We do the configuration in 3 steps: first we define the upstream blocks ("the backends")
|
|
||||||
then we define the server blocks ("the frontends") for the S3 endpoint and finally for the web endpoint.
|
|
||||||
|
|
||||||
The following configuration blocks can be all put in the same `/etc/nginx/sites-available/garage.conf`.
|
|
||||||
To make your configuration active, run `ln -s /etc/nginx/sites-available/garage.conf /etc/nginx/sites-enabled/`.
|
|
||||||
If you directly put the instructions in the root `nginx.conf`, keep in mind that these configurations must be enclosed inside a `http { }` block.
|
|
||||||
|
|
||||||
And do not forget to reload nginx with `systemctl reload nginx` or `nginx -s reload`.
|
|
||||||
|
|
||||||
### Exposing the S3 endpoints
|
|
||||||
|
|
||||||
First, we need to tell to nginx how to access our Garage cluster.
|
|
||||||
Because we have multiple nodes, we want to leverage all of them by spreading the load.
|
|
||||||
In nginx, we can do that with the `upstream` directive.
|
|
||||||
|
|
||||||
Then in a `server` directive, we define the vhosts, the TLS certificates and the proxy rule.
|
|
||||||
|
|
||||||
A possible configuration:
|
|
||||||
|
|
||||||
```nginx
|
|
||||||
upstream s3_backend {
|
|
||||||
# If you have a garage instance locally.
|
|
||||||
server 127.0.0.1:3900;
|
|
||||||
# You can also put your other instances.
|
|
||||||
server 192.168.1.3:3900;
|
|
||||||
# Domain names also work.
|
|
||||||
server garage1.example.com:3900;
|
|
||||||
# A "backup" server is only used if all others have failed.
|
|
||||||
server garage-remote.example.com:3900 backup;
|
|
||||||
# You can assign weights if you have some servers
|
|
||||||
# that can serve more requests than others.
|
|
||||||
server garage2.example.com:3900 weight=2;
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen [::]:443 http2 ssl;
|
|
||||||
|
|
||||||
ssl_certificate /tmp/garage.crt;
|
|
||||||
ssl_certificate_key /tmp/garage.key;
|
|
||||||
|
|
||||||
# You need multiple server names here:
|
|
||||||
# - s3.garage.tld is used for path-based s3 requests
|
|
||||||
# - *.s3.garage.tld is used for vhost-based s3 requests
|
|
||||||
server_name s3.garage.tld *.s3.garage.tld;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_pass http://s3_backend;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
# Disable buffering to a temporary file.
|
|
||||||
proxy_max_temp_file_size 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
### Exposing the web endpoint
|
|
||||||
|
|
||||||
To better understand the logic involved, you can refer to the [Exposing buckets as websites](/cookbook/exposing_websites.html) section.
|
|
||||||
Otherwise, the configuration is very similar to the S3 endpoint.
|
|
||||||
You must only adapt `upstream` with the web port instead of the s3 port and change the `server_name` and `proxy_pass` entry
|
|
||||||
|
|
||||||
A possible configuration:
|
|
||||||
|
|
||||||
|
|
||||||
```nginx
|
|
||||||
upstream web_backend {
|
|
||||||
server 127.0.0.1:3902;
|
|
||||||
server 192.168.1.3:3902;
|
|
||||||
server garage1.example.com:3902;
|
|
||||||
server garage2.example.com:3902 weight=2;
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen [::]:443 http2 ssl;
|
|
||||||
|
|
||||||
ssl_certificate /tmp/garage.crt;
|
|
||||||
ssl_certificate_key /tmp/garage.key;
|
|
||||||
|
|
||||||
# You need multiple server names here:
|
|
||||||
# - *.web.garage.tld is used for your users wanting a website without reserving a domain name
|
|
||||||
# - example.com, my-site.tld, etc. are reserved domain name by your users that chose to host their website as a garage's bucket
|
|
||||||
server_name *.web.garage.tld example.com my-site.tld;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_pass http://web_backend;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
## Apache httpd
|
|
||||||
|
|
||||||
@TODO
|
|
||||||
|
|
||||||
## Traefik v2
|
|
||||||
|
|
||||||
We will see in this part how to set up a reverse proxy with [Traefik](https://docs.traefik.io/).
|
|
||||||
|
|
||||||
Here is [a basic configuration file](https://doc.traefik.io/traefik/https/acme/#configuration-examples):
|
|
||||||
|
|
||||||
```toml
|
|
||||||
[entryPoints]
|
|
||||||
[entryPoints.web]
|
|
||||||
address = ":80"
|
|
||||||
|
|
||||||
[entryPoints.websecure]
|
|
||||||
address = ":443"
|
|
||||||
|
|
||||||
[certificatesResolvers.myresolver.acme]
|
|
||||||
email = "your-email@example.com"
|
|
||||||
storage = "acme.json"
|
|
||||||
[certificatesResolvers.myresolver.acme.httpChallenge]
|
|
||||||
# used during the challenge
|
|
||||||
entryPoint = "web"
|
|
||||||
```
|
|
||||||
|
|
||||||
### Add Garage service
|
|
||||||
|
|
||||||
To add Garage on Traefik you should declare a new service using its IP address (or hostname) and port:
|
|
||||||
|
|
||||||
```toml
|
|
||||||
[http.services]
|
|
||||||
[http.services.my_garage_service.loadBalancer]
|
|
||||||
[[http.services.my_garage_service.loadBalancer.servers]]
|
|
||||||
url = "http://xxx.xxx.xxx.xxx"
|
|
||||||
port = 3900
|
|
||||||
```
|
|
||||||
|
|
||||||
It's possible to declare multiple Garage servers as back-ends:
|
|
||||||
|
|
||||||
```toml
|
|
||||||
[http.services]
|
|
||||||
[[http.services.my_garage_service.loadBalancer.servers]]
|
|
||||||
url = "http://xxx.xxx.xxx.xxx"
|
|
||||||
port = 3900
|
|
||||||
[[http.services.my_garage_service.loadBalancer.servers]]
|
|
||||||
url = "http://yyy.yyy.yyy.yyy"
|
|
||||||
port = 3900
|
|
||||||
[[http.services.my_garage_service.loadBalancer.servers]]
|
|
||||||
url = "http://zzz.zzz.zzz.zzz"
|
|
||||||
port = 3900
|
|
||||||
```
|
|
||||||
|
|
||||||
Traefik can remove unhealthy servers automatically with [a health check configuration](https://doc.traefik.io/traefik/routing/services/#health-check):
|
|
||||||
|
|
||||||
```
|
|
||||||
[http.services]
|
|
||||||
[http.services.my_garage_service.loadBalancer]
|
|
||||||
[http.services.my_garage_service.loadBalancer.healthCheck]
|
|
||||||
path = "/"
|
|
||||||
interval = "60s"
|
|
||||||
timeout = "5s"
|
|
||||||
```
|
|
||||||
|
|
||||||
### Adding a website
|
|
||||||
|
|
||||||
To add a new website, add the following declaration to your Traefik configuration file:
|
|
||||||
|
|
||||||
```toml
|
|
||||||
[http.routers]
|
|
||||||
[http.routers.my_website]
|
|
||||||
rule = "Host(`yoururl.example.org`)"
|
|
||||||
service = "my_garage_service"
|
|
||||||
entryPoints = ["web"]
|
|
||||||
```
|
|
||||||
|
|
||||||
Enable HTTPS access to your website with the following configuration section ([documentation](https://doc.traefik.io/traefik/https/overview/)):
|
|
||||||
|
|
||||||
```toml
|
|
||||||
...
|
|
||||||
entryPoints = ["websecure"]
|
|
||||||
[http.routers.my_website.tls]
|
|
||||||
certResolver = "myresolver"
|
|
||||||
...
|
|
||||||
```
|
|
||||||
|
|
||||||
### Adding gzip compression
|
|
||||||
|
|
||||||
Add the following configuration section [to compress response](https://doc.traefik.io/traefik/middlewares/http/compress/) using [gzip](https://developer.mozilla.org/en-US/docs/Glossary/GZip_compression) before sending them to the client:
|
|
||||||
|
|
||||||
```toml
|
|
||||||
[http.routers]
|
|
||||||
[http.routers.my_website]
|
|
||||||
...
|
|
||||||
middlewares = ["gzip_compress"]
|
|
||||||
...
|
|
||||||
[http.middlewares]
|
|
||||||
[http.middlewares.gzip_compress.compress]
|
|
||||||
```
|
|
||||||
|
|
||||||
### Add caching response
|
|
||||||
|
|
||||||
Traefik's caching middleware is only available on [entreprise version](https://doc.traefik.io/traefik-enterprise/middlewares/http-cache/), however the freely-available [Souin plugin](https://github.com/darkweak/souin#tr%C3%A6fik-container) can also do the job. (section to be completed)
|
|
||||||
|
|
||||||
### Complete example
|
|
||||||
|
|
||||||
```toml
|
|
||||||
[entryPoints]
|
|
||||||
[entryPoints.web]
|
|
||||||
address = ":80"
|
|
||||||
|
|
||||||
[entryPoints.websecure]
|
|
||||||
address = ":443"
|
|
||||||
|
|
||||||
[certificatesResolvers.myresolver.acme]
|
|
||||||
email = "your-email@example.com"
|
|
||||||
storage = "acme.json"
|
|
||||||
[certificatesResolvers.myresolver.acme.httpChallenge]
|
|
||||||
# used during the challenge
|
|
||||||
entryPoint = "web"
|
|
||||||
|
|
||||||
[http.routers]
|
|
||||||
[http.routers.my_website]
|
|
||||||
rule = "Host(`yoururl.example.org`)"
|
|
||||||
service = "my_garage_service"
|
|
||||||
middlewares = ["gzip_compress"]
|
|
||||||
entryPoints = ["websecure"]
|
|
||||||
|
|
||||||
[http.services]
|
|
||||||
[http.services.my_garage_service.loadBalancer]
|
|
||||||
[http.services.my_garage_service.loadBalancer.healthCheck]
|
|
||||||
path = "/"
|
|
||||||
interval = "60s"
|
|
||||||
timeout = "5s"
|
|
||||||
[[http.services.my_garage_service.loadBalancer.servers]]
|
|
||||||
url = "http://xxx.xxx.xxx.xxx"
|
|
||||||
[[http.services.my_garage_service.loadBalancer.servers]]
|
|
||||||
url = "http://yyy.yyy.yyy.yyy"
|
|
||||||
[[http.services.my_garage_service.loadBalancer.servers]]
|
|
||||||
url = "http://zzz.zzz.zzz.zzz"
|
|
||||||
|
|
||||||
[http.middlewares]
|
|
||||||
[http.middlewares.gzip_compress.compress]
|
|
||||||
```
|
|
||||||
|
|
||||||
## Caddy
|
|
||||||
|
|
||||||
Your Caddy configuration can be as simple as:
|
|
||||||
|
|
||||||
```caddy
|
|
||||||
s3.garage.tld, *.s3.garage.tld {
|
|
||||||
reverse_proxy localhost:3900 192.168.1.2:3900 example.tld:3900
|
|
||||||
}
|
|
||||||
|
|
||||||
*.web.garage.tld {
|
|
||||||
reverse_proxy localhost:3902 192.168.1.2:3900 example.tld:3900
|
|
||||||
}
|
|
||||||
|
|
||||||
admin.garage.tld {
|
|
||||||
reverse_proxy localhost:3903
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
But at the same time, the `reverse_proxy` is very flexible.
|
|
||||||
For a production deployment, you should [read its documentation](https://caddyserver.com/docs/caddyfile/directives/reverse_proxy) as it supports features like DNS discovery of upstreams, load balancing with checks, streaming parameters, etc.
|
|
||||||
|
|
|
@ -1,50 +0,0 @@
|
||||||
+++
|
|
||||||
title = "Upgrading Garage"
|
|
||||||
weight = 60
|
|
||||||
+++
|
|
||||||
|
|
||||||
Garage is a stateful clustered application, where all nodes are communicating together and share data structures.
|
|
||||||
It makes upgrade more difficult than stateless applications so you must be more careful when upgrading.
|
|
||||||
On a new version release, there is 2 possibilities:
|
|
||||||
- protocols and data structures remained the same ➡️ this is a **straightforward upgrade**
|
|
||||||
- protocols or data structures changed ➡️ this is an **advanced upgrade**
|
|
||||||
|
|
||||||
You can quickly now what type of update you will have to operate by looking at the version identifier.
|
|
||||||
Following the [SemVer ](https://semver.org/) terminology, if only the *patch* number changed, it will only need a straightforward upgrade.
|
|
||||||
Example: an upgrade from v0.6.0 from v0.6.1 is a straightforward upgrade.
|
|
||||||
If the *minor* or *major* number changed however, you will have to do an advanced upgrade. Example: from v0.6.1 to v0.7.0.
|
|
||||||
|
|
||||||
Migrations are designed to be run only between contiguous versions (from a *major*.*minor* perspective, *patches* can be skipped).
|
|
||||||
Example: migrations from v0.6.1 to v0.7.0 and from v0.6.0 to v0.7.0 are supported but migrations from v0.5.0 to v0.7.0 are not supported.
|
|
||||||
|
|
||||||
## Straightforward upgrades
|
|
||||||
|
|
||||||
Straightforward upgrades do not imply cluster downtime.
|
|
||||||
Before upgrading, you should still read [the changelog](https://git.deuxfleurs.fr/Deuxfleurs/garage/releases) and ideally test your deployment on a staging cluster before.
|
|
||||||
|
|
||||||
When you are ready, start by checking the health of your cluster.
|
|
||||||
You can force some checks with `garage repair`, we recommend at least running `garage repair --all-nodes --yes` that is very quick to run (less than a minute).
|
|
||||||
You will see that the command correctly terminated in the logs of your daemon.
|
|
||||||
|
|
||||||
Finally, you can simply upgrades nodes one by one.
|
|
||||||
For each node: stop it, install the new binary, edit the configuration if needed, restart it.
|
|
||||||
|
|
||||||
## Advanced upgrades
|
|
||||||
|
|
||||||
Advanced upgrades will imply cluster downtime.
|
|
||||||
Before upgrading, you must read [the changelog](https://git.deuxfleurs.fr/Deuxfleurs/garage/releases) and you must test your deployment on a staging cluster before.
|
|
||||||
|
|
||||||
From a high level perspective, an advanced upgrade looks like this:
|
|
||||||
1. Make sure the health of your cluster is good (see `garage repair`)
|
|
||||||
2. Disable API access (comment the configuration in your reverse proxy)
|
|
||||||
3. Check that your cluster is idle
|
|
||||||
4. Stop the whole cluster
|
|
||||||
5. Backup the metadata folder of all your nodes, so that you will be able to restore it quickly if the upgrade fails (blocks being immutable, they should not be impacted)
|
|
||||||
6. Install the new binary, update the configuration
|
|
||||||
7. Start the whole cluster
|
|
||||||
8. If needed, run the corresponding migration from `garage migrate`
|
|
||||||
9. Make sure the health of your cluster is good
|
|
||||||
10. Enable API access (uncomment the configuration in your reverse proxy)
|
|
||||||
11. Monitor your cluster while load comes back, check that all your applications are happy with this new version
|
|
||||||
|
|
||||||
We write guides for each advanced upgrade, they are stored under the "Working Documents" section of this documentation.
|
|
|
@ -1,31 +0,0 @@
|
||||||
+++
|
|
||||||
title = "Design"
|
|
||||||
weight = 6
|
|
||||||
sort_by = "weight"
|
|
||||||
template = "documentation.html"
|
|
||||||
+++
|
|
||||||
|
|
||||||
The design section helps you to see Garage from a "big picture"
|
|
||||||
perspective. It will allow you to understand if Garage is a good fit for
|
|
||||||
you, how to better use it, how to contribute to it, what can Garage could
|
|
||||||
and could not do, etc.
|
|
||||||
|
|
||||||
- **[Goals and use cases](@/documentation/design/goals.md):** This page explains why Garage was concieved and what practical use cases it targets.
|
|
||||||
|
|
||||||
- **[Related work](@/documentation/design/related-work.md):** This pages presents the theoretical background on which Garage is built, and describes other software storage solutions and why they didn't work for us.
|
|
||||||
|
|
||||||
- **[Internals](@/documentation/design/internals.md):** This page enters into more details on how Garage manages data internally.
|
|
||||||
|
|
||||||
## Talks
|
|
||||||
|
|
||||||
We love to talk and hear about Garage, that's why we keep a log here:
|
|
||||||
|
|
||||||
- [(fr, 2021-11-13, video) Garage : Mille et une façons de stocker vos données](https://video.tedomum.net/w/moYKcv198dyMrT8hCS5jz9) and [slides (html)](https://rfid.deuxfleurs.fr/presentations/2021-11-13/garage/) - during [RFID#1](https://rfid.deuxfleurs.fr/programme/2021-11-13/) event
|
|
||||||
|
|
||||||
- [(en, 2021-04-28) Distributed object storage is centralised](https://git.deuxfleurs.fr/Deuxfleurs/garage/raw/commit/b1f60579a13d3c5eba7f74b1775c84639ea9b51a/doc/talks/2021-04-28_spirals-team/talk.pdf)
|
|
||||||
|
|
||||||
- [(fr, 2020-12-02) Garage : jouer dans la cour des grands quand on est un hébergeur associatif](https://git.deuxfleurs.fr/Deuxfleurs/garage/raw/commit/b1f60579a13d3c5eba7f74b1775c84639ea9b51a/doc/talks/2020-12-02_wide-team/talk.pdf)
|
|
||||||
|
|
||||||
*Did you write or talk about Garage? [Open a pull request](https://git.deuxfleurs.fr/Deuxfleurs/garage/) to add a link here!*
|
|
||||||
|
|
||||||
|
|
Before Width: | Height: | Size: 129 KiB |
Before Width: | Height: | Size: 124 KiB |
|
@ -1,84 +0,0 @@
|
||||||
+++
|
|
||||||
title = "Benchmarks"
|
|
||||||
weight = 40
|
|
||||||
+++
|
|
||||||
|
|
||||||
With Garage, we wanted to build a software defined storage service that follow the [KISS principle](https://en.wikipedia.org/wiki/KISS_principle),
|
|
||||||
that is suitable for geo-distributed deployments and more generally that would work well for community hosting (like a Mastodon instance).
|
|
||||||
|
|
||||||
In our benchmarks, we aim to quantify how Garage performs on these goals compared to the other available solutions.
|
|
||||||
|
|
||||||
## Geo-distribution
|
|
||||||
|
|
||||||
The main challenge in a geo-distributed setup is latency between nodes of the cluster.
|
|
||||||
The more a user request will require intra-cluster requests to complete, the more its latency will increase.
|
|
||||||
This is especially true for sequential requests: requests that must wait the result of another request to be sent.
|
|
||||||
We designed Garage without consensus algorithms (eg. Paxos or Raft) to minimize the number of sequential and parallel requests.
|
|
||||||
|
|
||||||
This serie of benchmarks quantifies the impact of this design choice.
|
|
||||||
|
|
||||||
### On a simple simulated network
|
|
||||||
|
|
||||||
We start with a controlled environment, all the instances are running on the same (powerful enough) machine.
|
|
||||||
|
|
||||||
To control the network latency, we simulate the network with [mknet](https://git.deuxfleurs.fr/trinity-1686a/mknet) (a tool we developped, based on `tc` and the linux network stack).
|
|
||||||
To mesure S3 endpoints latency, we use our own tool [s3lat](https://git.deuxfleurs.fr/quentin/s3lat/) to observe only the intra-cluster latency and not some contention on the nodes (CPU, RAM, disk I/O, network bandwidth, etc.).
|
|
||||||
Compared to other benchmark tools, S3Lat sends only one (small) request at the same time and measures its latency.
|
|
||||||
We selected 5 standard endpoints that are often in the critical path: ListBuckets, ListObjects, GetObject, PutObject and RemoveObject.
|
|
||||||
|
|
||||||
In this first benchmark, we consider 5 instances that are located in a different place each. To simulate the distance, we configure mknet with a RTT between each node of 100 ms +/- 20 ms of jitter. We get the following graph, where the colored bars represent the mean latency while the error bars the minimum and maximum one:
|
|
||||||
|
|
||||||
![Comparison of endpoints latency for minio and garage](./endpoint-latency.png)
|
|
||||||
|
|
||||||
Compared to garage, minio latency drastically increases on 3 endpoints: GetObject, PutObject, RemoveObject.
|
|
||||||
|
|
||||||
We suppose that these requests on minio make transactions over Raft, involving 4 sequential requests: 1) sending the message to the leader, 2) having the leader dispatch it to the other nodes, 3) waiting for the confirmation of followers and finally 4) commiting it. With our current configuration, one Raft transaction will take around 400 ms. GetObject seems to correlate to 1 transaction while PutObject and RemoveObject seems to correlate to 2 or 3. Reviewing minio code would be required to confirm this hypothesis.
|
|
||||||
|
|
||||||
Conversely, garage uses an architecture similar to DynamoDB and never require global cluster coordination to answer a request.
|
|
||||||
Instead, garage can always contact the right node in charge of the requested data, and can answer in as low as one request in the case of GetObject and PutObject. We also observed that Garage latency, while often lower to minio, is more dispersed: garage is still in beta and has not received any performance optimization yet.
|
|
||||||
|
|
||||||
As a conclusion, Garage performs well in such setup while minio will be hard to use, especially for interactive use cases.
|
|
||||||
|
|
||||||
### On a complex simulated network
|
|
||||||
|
|
||||||
This time we consider a more heterogeneous network with 6 servers spread in 3 datacenter, giving us 2 servers per datacenters.
|
|
||||||
We consider that intra-DC communications are now very cheap with a latency of 0.5ms and without any jitter.
|
|
||||||
The inter-DC remains costly with the same value as before (100ms +/- 20ms of jitter).
|
|
||||||
We plot a similar graph as before:
|
|
||||||
|
|
||||||
![Comparison of endpoints latency for minio and garage with 6 nodes in 3 DC](./endpoint-latency-dc.png)
|
|
||||||
|
|
||||||
This new graph is very similar to the one before, neither minio or garage seems to benefit from this new topology, but they also do not suffer from it.
|
|
||||||
|
|
||||||
Considering garage, this is expected: nodes in the same DC are put in the same zone, and then data are spread on different zones for data resiliency and availaibility.
|
|
||||||
Then, in the default mode, requesting data requires to query at least 2 zones to be sure that we have the most up to date information.
|
|
||||||
These requests will involve at least one inter-DC communication.
|
|
||||||
In other words, we prioritize data availability and synchronization over raw performances.
|
|
||||||
|
|
||||||
Minio's case is a bit different as by default a minio cluster is not location aware, so we can't explain its performances through location awareness.
|
|
||||||
*We know that minio has a multi site mode but it is definitely not a first class citizen: data are asynchronously replicated from one minio cluster to another.*
|
|
||||||
We suppose that, due to the consensus, for many of its requests minio will wait for a response of the majority of the server, also involving inter-DC communications.
|
|
||||||
|
|
||||||
As a conclusion, our new topology did not influence garage or minio performances, confirming that in presence of latency, garage is the best fit.
|
|
||||||
|
|
||||||
### On a real world deployment
|
|
||||||
|
|
||||||
*TODO*
|
|
||||||
|
|
||||||
|
|
||||||
## Performance stability
|
|
||||||
|
|
||||||
A storage cluster will encounter different scenario over its life, many of them will not be predictable.
|
|
||||||
In this context, we argue that, more than peak performances, we should seek predictable and stable performances to ensure data availability.
|
|
||||||
|
|
||||||
### Reference
|
|
||||||
|
|
||||||
*TODO*
|
|
||||||
|
|
||||||
### On a degraded cluster
|
|
||||||
|
|
||||||
*TODO*
|
|
||||||
|
|
||||||
### At scale
|
|
||||||
|
|
||||||
*TODO*
|
|
|
@ -1,56 +0,0 @@
|
||||||
+++
|
|
||||||
title = "Goals and use cases"
|
|
||||||
weight = 10
|
|
||||||
+++
|
|
||||||
|
|
||||||
## Goals and non-goals
|
|
||||||
|
|
||||||
Garage is a lightweight geo-distributed data store that implements the
|
|
||||||
[Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/API/Welcome.html)
|
|
||||||
object storage protocol. It enables applications to store large blobs such
|
|
||||||
as pictures, video, images, documents, etc., in a redundant multi-node
|
|
||||||
setting. S3 is versatile enough to also be used to publish a static
|
|
||||||
website.
|
|
||||||
|
|
||||||
Garage is an opinionated object storage solution, we focus on the following **desirable properties**:
|
|
||||||
|
|
||||||
- **Internet enabled**: made for multi-sites (eg. datacenters, offices, households, etc.) interconnected through regular Internet connections.
|
|
||||||
- **Self-contained & lightweight**: works everywhere and integrates well in existing environments to target [hyperconverged infrastructures](https://en.wikipedia.org/wiki/Hyper-converged_infrastructure).
|
|
||||||
- **Highly resilient**: highly resilient to network failures, network latency, disk failures, sysadmin failures.
|
|
||||||
- **Simple**: simple to understand, simple to operate, simple to debug.
|
|
||||||
|
|
||||||
We also noted that the pursuit of some other goals are detrimental to our initial goals.
|
|
||||||
The following has been identified as **non-goals** (if these points matter to you, you should not use Garage):
|
|
||||||
|
|
||||||
- **Extreme performances**: high performances constrain a lot the design and the infrastructure; we seek performances through minimalism only.
|
|
||||||
- **Feature extensiveness**: we do not plan to add additional features compared to the ones provided by the S3 API.
|
|
||||||
- **Storage optimizations**: erasure coding or any other coding technique both increase the difficulty of placing data and synchronizing; we limit ourselves to duplication.
|
|
||||||
- **POSIX/Filesystem compatibility**: we do not aim at being POSIX compatible or to emulate any kind of filesystem. Indeed, in a distributed environment, such synchronizations are translated in network messages that impose severe constraints on the deployment.
|
|
||||||
|
|
||||||
## Use-cases
|
|
||||||
|
|
||||||
*Are you also using Garage in your organization? [Open a PR](https://git.deuxfleurs.fr/Deuxfleurs/garage) to add your use case here!*
|
|
||||||
|
|
||||||
### Deuxfleurs
|
|
||||||
|
|
||||||
[Deuxfleurs](https://deuxfleurs.fr) is an experimental non-profit hosting
|
|
||||||
organization that develops Garage. Deuxfleurs is focused on building highly
|
|
||||||
available infrastructure through redundancy in multiple geographical
|
|
||||||
locations. They use Garage themselves for the following tasks:
|
|
||||||
|
|
||||||
- Hosting of [main website](https://deuxfleurs.fr), [this website](https://garagehq.deuxfleurs.fr), as well as the personal website of many of the members of the organization
|
|
||||||
|
|
||||||
- As a [Matrix media backend](https://github.com/matrix-org/synapse-s3-storage-provider)
|
|
||||||
|
|
||||||
- To store personal data and shared documents through [Bagage](https://git.deuxfleurs.fr/Deuxfleurs/bagage), a homegrown WebDav-to-S3 proxy
|
|
||||||
|
|
||||||
- In the Drone continuous integration platform to store task logs
|
|
||||||
|
|
||||||
- As a Nix binary cache
|
|
||||||
|
|
||||||
- As a backup target using `rclone`
|
|
||||||
|
|
||||||
The Deuxfleurs Garage cluster is a multi-site cluster currently composed of
|
|
||||||
4 nodes in 2 physical locations. In the future it will be expanded to at
|
|
||||||
least 3 physical locations to fully exploit Garage's potential for high
|
|
||||||
availability.
|
|
|
@ -1,19 +0,0 @@
|
||||||
+++
|
|
||||||
title = "Development"
|
|
||||||
weight = 7
|
|
||||||
sort_by = "weight"
|
|
||||||
template = "documentation.html"
|
|
||||||
+++
|
|
||||||
|
|
||||||
Now that you are a Garage expert, you want to enhance it, you are in the right place!
|
|
||||||
We discuss here how to hack on Garage, how we manage its development, etc.
|
|
||||||
|
|
||||||
## Rust API (docs.rs)
|
|
||||||
If you encounter a specific bug in Garage or plan to patch it, you may jump directly to the source code's documentation!
|
|
||||||
|
|
||||||
- [garage\_api](https://docs.rs/garage_api/latest/garage_api/) - contains the S3 standard API endpoint
|
|
||||||
- [garage\_model](https://docs.rs/garage_model/latest/garage_model/) - contains Garage's model built on the table abstraction
|
|
||||||
- [garage\_rpc](https://docs.rs/garage_rpc/latest/garage_rpc/) - contains Garage's federation protocol
|
|
||||||
- [garage\_table](https://docs.rs/garage_table/latest/garage_table/) - contains core Garage's CRDT datatypes
|
|
||||||
- [garage\_util](https://docs.rs/garage_util/latest/garage_util/) - contains garage helpers
|
|
||||||
- [garage\_web](https://docs.rs/garage_web/latest/garage_web/) - contains the S3 website endpoint
|
|
|
@ -1,59 +0,0 @@
|
||||||
+++
|
|
||||||
title = "Administration API"
|
|
||||||
weight = 60
|
|
||||||
+++
|
|
||||||
|
|
||||||
The Garage administration API is accessible through a dedicated server whose
|
|
||||||
listen address is specified in the `[admin]` section of the configuration
|
|
||||||
file (see [configuration file
|
|
||||||
reference](@/documentation/reference-manual/configuration.md))
|
|
||||||
|
|
||||||
**WARNING.** At this point, there is no comittement to stability of the APIs described in this document.
|
|
||||||
We will bump the version numbers prefixed to each API endpoint at each time the syntax
|
|
||||||
or semantics change, meaning that code that relies on these endpoint will break
|
|
||||||
when changes are introduced.
|
|
||||||
|
|
||||||
The Garage administration API was introduced in version 0.7.2, this document
|
|
||||||
does not apply to older versions of Garage.
|
|
||||||
|
|
||||||
|
|
||||||
## Access control
|
|
||||||
|
|
||||||
The admin API uses two different tokens for acces control, that are specified in the config file's `[admin]` section:
|
|
||||||
|
|
||||||
- `metrics_token`: the token for accessing the Metrics endpoint (if this token
|
|
||||||
is not set in the config file, the Metrics endpoint can be accessed without
|
|
||||||
access control);
|
|
||||||
|
|
||||||
- `admin_token`: the token for accessing all of the other administration
|
|
||||||
endpoints (if this token is not set in the config file, access to these
|
|
||||||
endpoints is disabled entirely).
|
|
||||||
|
|
||||||
These tokens are used as simple HTTP bearer tokens. In other words, to
|
|
||||||
authenticate access to an admin API endpoint, add the following HTTP header
|
|
||||||
to your request:
|
|
||||||
|
|
||||||
```
|
|
||||||
Authorization: Bearer <token>
|
|
||||||
```
|
|
||||||
|
|
||||||
## Administration API endpoints
|
|
||||||
|
|
||||||
### Metrics-related endpoints
|
|
||||||
|
|
||||||
#### Metrics `GET /metrics`
|
|
||||||
|
|
||||||
Returns internal Garage metrics in Prometheus format.
|
|
||||||
|
|
||||||
### Cluster operations
|
|
||||||
|
|
||||||
These endpoints are defined on a dedicated [Redocly page](https://garagehq.deuxfleurs.fr/api/garage-admin-v0.html). You can also download its [OpenAPI specification](https://garagehq.deuxfleurs.fr/api/garage-admin-v0.yml).
|
|
||||||
|
|
||||||
Requesting the API from the command line can be as simple as running:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
curl -H 'Authorization: Bearer s3cr3t' http://localhost:3903/v0/status | jq
|
|
||||||
```
|
|
||||||
|
|
||||||
For more advanced use cases, we recommend using a SDK.
|
|
||||||
[Go to the "Build your own app" section to know how to use our SDKs](@/documentation/build/_index.md)
|
|
|
@ -1,430 +0,0 @@
|
||||||
+++
|
|
||||||
title = "Configuration file format"
|
|
||||||
weight = 20
|
|
||||||
+++
|
|
||||||
|
|
||||||
Here is an example `garage.toml` configuration file that illustrates all of the possible options:
|
|
||||||
|
|
||||||
```toml
|
|
||||||
metadata_dir = "/var/lib/garage/meta"
|
|
||||||
data_dir = "/var/lib/garage/data"
|
|
||||||
|
|
||||||
db_engine = "lmdb"
|
|
||||||
|
|
||||||
block_size = 1048576
|
|
||||||
|
|
||||||
sled_cache_capacity = 134217728
|
|
||||||
sled_flush_every_ms = 2000
|
|
||||||
|
|
||||||
replication_mode = "3"
|
|
||||||
|
|
||||||
compression_level = 1
|
|
||||||
|
|
||||||
rpc_secret = "4425f5c26c5e11581d3223904324dcb5b5d5dfb14e5e7f35e38c595424f5f1e6"
|
|
||||||
rpc_bind_addr = "[::]:3901"
|
|
||||||
rpc_public_addr = "[fc00:1::1]:3901"
|
|
||||||
|
|
||||||
bootstrap_peers = [
|
|
||||||
"563e1ac825ee3323aa441e72c26d1030d6d4414aeb3dd25287c531e7fc2bc95d@[fc00:1::1]:3901",
|
|
||||||
"86f0f26ae4afbd59aaf9cfb059eefac844951efd5b8caeec0d53f4ed6c85f332[fc00:1::2]:3901",
|
|
||||||
"681456ab91350f92242e80a531a3ec9392cb7c974f72640112f90a600d7921a4@[fc00:B::1]:3901",
|
|
||||||
"212fd62eeaca72c122b45a7f4fa0f55e012aa5e24ac384a72a3016413fa724ff@[fc00:F::1]:3901",
|
|
||||||
]
|
|
||||||
|
|
||||||
|
|
||||||
[consul_discovery]
|
|
||||||
consul_http_addr = "http://127.0.0.1:8500"
|
|
||||||
service_name = "garage-daemon"
|
|
||||||
ca_cert = "/etc/consul/consul-ca.crt"
|
|
||||||
client_cert = "/etc/consul/consul-client.crt"
|
|
||||||
client_key = "/etc/consul/consul-key.crt"
|
|
||||||
tls_skip_verify = false
|
|
||||||
|
|
||||||
[kubernetes_discovery]
|
|
||||||
namespace = "garage"
|
|
||||||
service_name = "garage-daemon"
|
|
||||||
skip_crd = false
|
|
||||||
|
|
||||||
|
|
||||||
[s3_api]
|
|
||||||
api_bind_addr = "[::]:3900"
|
|
||||||
s3_region = "garage"
|
|
||||||
root_domain = ".s3.garage"
|
|
||||||
|
|
||||||
[s3_web]
|
|
||||||
bind_addr = "[::]:3902"
|
|
||||||
root_domain = ".web.garage"
|
|
||||||
|
|
||||||
[admin]
|
|
||||||
api_bind_addr = "0.0.0.0:3903"
|
|
||||||
metrics_token = "cacce0b2de4bc2d9f5b5fdff551e01ac1496055aed248202d415398987e35f81"
|
|
||||||
admin_token = "ae8cb40ea7368bbdbb6430af11cca7da833d3458a5f52086f4e805a570fb5c2a"
|
|
||||||
trace_sink = "http://localhost:4317"
|
|
||||||
```
|
|
||||||
|
|
||||||
The following gives details about each available configuration option.
|
|
||||||
|
|
||||||
## Available configuration options
|
|
||||||
|
|
||||||
### `metadata_dir`
|
|
||||||
|
|
||||||
The directory in which Garage will store its metadata. This contains the node identifier,
|
|
||||||
the network configuration and the peer list, the list of buckets and keys as well
|
|
||||||
as the index of all objects, object version and object blocks.
|
|
||||||
|
|
||||||
Store this folder on a fast SSD drive if possible to maximize Garage's performance.
|
|
||||||
|
|
||||||
### `data_dir`
|
|
||||||
|
|
||||||
The directory in which Garage will store the data blocks of objects.
|
|
||||||
This folder can be placed on an HDD. The space available for `data_dir`
|
|
||||||
should be counted to determine a node's capacity
|
|
||||||
when [adding it to the cluster layout](@/documentation/cookbook/real-world.md).
|
|
||||||
|
|
||||||
### `db_engine` (since `v0.8.0`)
|
|
||||||
|
|
||||||
By default, Garage uses the Sled embedded database library
|
|
||||||
to store its metadata on-disk. Since `v0.8.0`, Garage can use alternative storage backends as follows:
|
|
||||||
|
|
||||||
| DB engine | `db_engine` value | Database path |
|
|
||||||
| --------- | ----------------- | ------------- |
|
|
||||||
| [Sled](https://sled.rs) | `"sled"` | `<metadata_dir>/db/` |
|
|
||||||
| [LMDB](https://www.lmdb.tech) | `"lmdb"` | `<metadata_dir>/db.lmdb/` |
|
|
||||||
| [Sqlite](https://sqlite.org) | `"sqlite"` | `<metadata_dir>/db.sqlite` |
|
|
||||||
|
|
||||||
Performance characteristics of the different DB engines are as follows:
|
|
||||||
|
|
||||||
- Sled: the default database engine, which tends to produce
|
|
||||||
large data files and also has performance issues, especially when the metadata folder
|
|
||||||
is on a traditionnal HDD and not on SSD.
|
|
||||||
- LMDB: the recommended alternative on 64-bit systems,
|
|
||||||
much more space-efficiant and slightly faster. Note that the data format of LMDB is not portable
|
|
||||||
between architectures, so for instance the Garage database of an x86-64
|
|
||||||
node cannot be moved to an ARM64 node. Also note that, while LMDB can technically be used on 32-bit systems,
|
|
||||||
this will limit your node to very small database sizes due to how LMDB works; it is therefore not recommended.
|
|
||||||
- Sqlite: Garage supports Sqlite as a storage backend for metadata,
|
|
||||||
however it may have issues and is also very slow in its current implementation,
|
|
||||||
so it is not recommended to be used for now.
|
|
||||||
|
|
||||||
It is possible to convert Garage's metadata directory from one format to another with a small utility named `convert_db`,
|
|
||||||
which can be downloaded at the following locations:
|
|
||||||
[for amd64](https://garagehq.deuxfleurs.fr/_releases/convert_db/amd64/convert_db),
|
|
||||||
[for i386](https://garagehq.deuxfleurs.fr/_releases/convert_db/i386/convert_db),
|
|
||||||
[for arm64](https://garagehq.deuxfleurs.fr/_releases/convert_db/arm64/convert_db),
|
|
||||||
[for arm](https://garagehq.deuxfleurs.fr/_releases/convert_db/arm/convert_db).
|
|
||||||
The `convert_db` utility is used as folows:
|
|
||||||
|
|
||||||
```
|
|
||||||
convert-db -a <input db engine> -i <input db path> \
|
|
||||||
-b <output db engine> -o <output db path>
|
|
||||||
```
|
|
||||||
|
|
||||||
Make sure to specify the full database path as presented in the table above,
|
|
||||||
and not just the path to the metadata directory.
|
|
||||||
|
|
||||||
### `block_size`
|
|
||||||
|
|
||||||
Garage splits stored objects in consecutive chunks of size `block_size`
|
|
||||||
(except the last one which might be smaller). The default size is 1MB and
|
|
||||||
should work in most cases. We recommend increasing it to e.g. 10MB if
|
|
||||||
you are using Garage to store large files and have fast network connections
|
|
||||||
between all nodes (e.g. 1gbps).
|
|
||||||
|
|
||||||
If you are interested in tuning this, feel free to do so (and remember to
|
|
||||||
report your findings to us!). When this value is changed for a running Garage
|
|
||||||
installation, only files newly uploaded will be affected. Previously uploaded
|
|
||||||
files will remain available. This however means that chunks from existing files
|
|
||||||
will not be deduplicated with chunks from newly uploaded files, meaning you
|
|
||||||
might use more storage space that is optimally possible.
|
|
||||||
|
|
||||||
### `sled_cache_capacity`
|
|
||||||
|
|
||||||
This parameter can be used to tune the capacity of the cache used by
|
|
||||||
[sled](https://sled.rs), the database Garage uses internally to store metadata.
|
|
||||||
Tune this to fit the RAM you wish to make available to your Garage instance.
|
|
||||||
This value has a conservative default (128MB) so that Garage doesn't use too much
|
|
||||||
RAM by default, but feel free to increase this for higher performance.
|
|
||||||
|
|
||||||
### `sled_flush_every_ms`
|
|
||||||
|
|
||||||
This parameters can be used to tune the flushing interval of sled.
|
|
||||||
Increase this if sled is thrashing your SSD, at the risk of losing more data in case
|
|
||||||
of a power outage (though this should not matter much as data is replicated on other
|
|
||||||
nodes). The default value, 2000ms, should be appropriate for most use cases.
|
|
||||||
|
|
||||||
### `replication_mode`
|
|
||||||
|
|
||||||
Garage supports the following replication modes:
|
|
||||||
|
|
||||||
- `none` or `1`: data stored on Garage is stored on a single node. There is no
|
|
||||||
redundancy, and data will be unavailable as soon as one node fails or its
|
|
||||||
network is disconnected. Do not use this for anything else than test
|
|
||||||
deployments.
|
|
||||||
|
|
||||||
- `2`: data stored on Garage will be stored on two different nodes, if possible
|
|
||||||
in different zones. Garage tolerates one node failure, or several nodes
|
|
||||||
failing but all in a single zone (in a deployment with at least two zones),
|
|
||||||
before losing data. Data remains available in read-only mode when one node is
|
|
||||||
down, but write operations will fail.
|
|
||||||
|
|
||||||
- `2-dangerous`: a variant of mode `2`, where written objects are written to
|
|
||||||
the second replica asynchronously. This means that Garage will return `200
|
|
||||||
OK` to a PutObject request before the second copy is fully written (or even
|
|
||||||
before it even starts being written). This means that data can more easily
|
|
||||||
be lost if the node crashes before a second copy can be completed. This
|
|
||||||
also means that written objects might not be visible immediately in read
|
|
||||||
operations. In other words, this mode severely breaks the consistency and
|
|
||||||
durability guarantees of standard Garage cluster operation. Benefits of
|
|
||||||
this mode: you can still write to your cluster when one node is
|
|
||||||
unavailable.
|
|
||||||
|
|
||||||
- `3`: data stored on Garage will be stored on three different nodes, if
|
|
||||||
possible each in a different zones. Garage tolerates two node failure, or
|
|
||||||
several node failures but in no more than two zones (in a deployment with at
|
|
||||||
least three zones), before losing data. As long as only a single node fails,
|
|
||||||
or node failures are only in a single zone, reading and writing data to
|
|
||||||
Garage can continue normally.
|
|
||||||
|
|
||||||
- `3-degraded`: a variant of replication mode `3`, that lowers the read
|
|
||||||
quorum to `1`, to allow you to read data from your cluster when several
|
|
||||||
nodes (or nodes in several zones) are unavailable. In this mode, Garage
|
|
||||||
does not provide read-after-write consistency anymore. The write quorum is
|
|
||||||
still 2, ensuring that data successfully written to Garage is stored on at
|
|
||||||
least two nodes.
|
|
||||||
|
|
||||||
- `3-dangerous`: a variant of replication mode `3` that lowers both the read
|
|
||||||
and write quorums to `1`, to allow you to both read and write to your
|
|
||||||
cluster when several nodes (or nodes in several zones) are unavailable. It
|
|
||||||
is the least consistent mode of operation proposed by Garage, and also one
|
|
||||||
that should probably never be used.
|
|
||||||
|
|
||||||
Note that in modes `2` and `3`,
|
|
||||||
if at least the same number of zones are available, an arbitrary number of failures in
|
|
||||||
any given zone is tolerated as copies of data will be spread over several zones.
|
|
||||||
|
|
||||||
**Make sure `replication_mode` is the same in the configuration files of all nodes.
|
|
||||||
Never run a Garage cluster where that is not the case.**
|
|
||||||
|
|
||||||
The quorums associated with each replication mode are described below:
|
|
||||||
|
|
||||||
| `replication_mode` | Number of replicas | Write quorum | Read quorum | Read-after-write consistency? |
|
|
||||||
| ------------------ | ------------------ | ------------ | ----------- | ----------------------------- |
|
|
||||||
| `none` or `1` | 1 | 1 | 1 | yes |
|
|
||||||
| `2` | 2 | 2 | 1 | yes |
|
|
||||||
| `2-dangerous` | 2 | 1 | 1 | NO |
|
|
||||||
| `3` | 3 | 2 | 2 | yes |
|
|
||||||
| `3-degraded` | 3 | 2 | 1 | NO |
|
|
||||||
| `3-dangerous` | 3 | 1 | 1 | NO |
|
|
||||||
|
|
||||||
Changing the `replication_mode` between modes with the same number of replicas
|
|
||||||
(e.g. from `3` to `3-degraded`, or from `2-dangerous` to `2`), can be done easily by
|
|
||||||
just changing the `replication_mode` parameter in your config files and restarting all your
|
|
||||||
Garage nodes.
|
|
||||||
|
|
||||||
It is also technically possible to change the replication mode to a mode with a
|
|
||||||
different numbers of replicas, although it's a dangerous operation that is not
|
|
||||||
officially supported. This requires you to delete the existing cluster layout
|
|
||||||
and create a new layout from scratch, meaning that a full rebalancing of your
|
|
||||||
cluster's data will be needed. To do it, shut down your cluster entirely,
|
|
||||||
delete the `custer_layout` files in the meta directories of all your nodes,
|
|
||||||
update all your configuration files with the new `replication_mode` parameter,
|
|
||||||
restart your cluster, and then create a new layout with all the nodes you want
|
|
||||||
to keep. Rebalancing data will take some time, and data might temporarily
|
|
||||||
appear unavailable to your users. It is recommended to shut down public access
|
|
||||||
to the cluster while rebalancing is in progress. In theory, no data should be
|
|
||||||
lost as rebalancing is a routine operation for Garage, although we cannot
|
|
||||||
guarantee you that everything will go right in such an extreme scenario.
|
|
||||||
|
|
||||||
### `compression_level`
|
|
||||||
|
|
||||||
Zstd compression level to use for storing blocks.
|
|
||||||
|
|
||||||
Values between `1` (faster compression) and `19` (smaller file) are standard compression
|
|
||||||
levels for zstd. From `20` to `22`, compression levels are referred as "ultra" and must be
|
|
||||||
used with extra care as it will use lot of memory. A value of `0` will let zstd choose a
|
|
||||||
default value (currently `3`). Finally, zstd has also compression designed to be faster
|
|
||||||
than default compression levels, they range from `-1` (smaller file) to `-99` (faster
|
|
||||||
compression).
|
|
||||||
|
|
||||||
If you do not specify a `compression_level` entry, Garage will set it to `1` for you. With
|
|
||||||
this parameters, zstd consumes low amount of cpu and should work faster than line speed in
|
|
||||||
most situations, while saving some space and intra-cluster
|
|
||||||
bandwidth.
|
|
||||||
|
|
||||||
If you want to totally deactivate zstd in Garage, you can pass the special value `'none'`. No
|
|
||||||
zstd related code will be called, your chunks will be stored on disk without any processing.
|
|
||||||
|
|
||||||
Compression is done synchronously, setting a value too high will add latency to write queries.
|
|
||||||
|
|
||||||
This value can be different between nodes, compression is done by the node which receive the
|
|
||||||
API call.
|
|
||||||
|
|
||||||
### `rpc_secret`
|
|
||||||
|
|
||||||
Garage uses a secret key that is shared between all nodes of the cluster
|
|
||||||
in order to identify these nodes and allow them to communicate together.
|
|
||||||
This key should be specified here in the form of a 32-byte hex-encoded
|
|
||||||
random string. Such a string can be generated with a command
|
|
||||||
such as `openssl rand -hex 32`.
|
|
||||||
|
|
||||||
### `rpc_bind_addr`
|
|
||||||
|
|
||||||
The address and port on which to bind for inter-cluster communcations
|
|
||||||
(reffered to as RPC for remote procedure calls).
|
|
||||||
The port specified here should be the same one that other nodes will used to contact
|
|
||||||
the node, even in the case of a NAT: the NAT should be configured to forward the external
|
|
||||||
port number to the same internal port nubmer. This means that if you have several nodes running
|
|
||||||
behind a NAT, they should each use a different RPC port number.
|
|
||||||
|
|
||||||
### `rpc_public_addr`
|
|
||||||
|
|
||||||
The address and port that other nodes need to use to contact this node for
|
|
||||||
RPC calls. **This parameter is optional but recommended.** In case you have
|
|
||||||
a NAT that binds the RPC port to a port that is different on your public IP,
|
|
||||||
this field might help making it work.
|
|
||||||
|
|
||||||
### `bootstrap_peers`
|
|
||||||
|
|
||||||
A list of peer identifiers on which to contact other Garage peers of this cluster.
|
|
||||||
These peer identifiers have the following syntax:
|
|
||||||
|
|
||||||
```
|
|
||||||
<node public key>@<node public IP or hostname>:<port>
|
|
||||||
```
|
|
||||||
|
|
||||||
In the case where `rpc_public_addr` is correctly specified in the
|
|
||||||
configuration file, the full identifier of a node including IP and port can
|
|
||||||
be obtained by running `garage node id` and then included directly in the
|
|
||||||
`bootstrap_peers` list of other nodes. Otherwise, only the node's public
|
|
||||||
key will be returned by `garage node id` and you will have to add the IP
|
|
||||||
yourself.
|
|
||||||
|
|
||||||
|
|
||||||
## The `[consul_discovery]` section
|
|
||||||
|
|
||||||
Garage supports discovering other nodes of the cluster using Consul. For this
|
|
||||||
to work correctly, nodes need to know their IP address by which they can be
|
|
||||||
reached by other nodes of the cluster, which should be set in `rpc_public_addr`.
|
|
||||||
|
|
||||||
### `consul_http_addr` and `service_name`
|
|
||||||
|
|
||||||
The `consul_http_addr` parameter should be set to the full HTTP(S) address of the Consul server.
|
|
||||||
|
|
||||||
### `service_name`
|
|
||||||
|
|
||||||
`service_name` should be set to the service name under which Garage's
|
|
||||||
RPC ports are announced.
|
|
||||||
|
|
||||||
### `client_cert`, `client_key`
|
|
||||||
|
|
||||||
TLS client certificate and client key to use when communicating with Consul over TLS. Both are mandatory when doing so.
|
|
||||||
|
|
||||||
### `ca_cert`
|
|
||||||
|
|
||||||
TLS CA certificate to use when communicating with Consul over TLS.
|
|
||||||
|
|
||||||
### `tls_skip_verify`
|
|
||||||
|
|
||||||
Skip server hostname verification in TLS handshake.
|
|
||||||
`ca_cert` is ignored when this is set.
|
|
||||||
|
|
||||||
|
|
||||||
## The `[kubernetes_discovery]` section
|
|
||||||
|
|
||||||
Garage supports discovering other nodes of the cluster using kubernetes custom
|
|
||||||
resources. For this to work, a `[kubernetes_discovery]` section must be present
|
|
||||||
with at least the `namespace` and `service_name` parameters.
|
|
||||||
|
|
||||||
### `namespace`
|
|
||||||
|
|
||||||
`namespace` sets the namespace in which the custom resources are
|
|
||||||
configured.
|
|
||||||
|
|
||||||
### `service_name`
|
|
||||||
|
|
||||||
`service_name` is added as a label to the advertised resources to
|
|
||||||
filter them, to allow for multiple deployments in a single namespace.
|
|
||||||
|
|
||||||
### `skip_crd`
|
|
||||||
|
|
||||||
`skip_crd` can be set to true to disable the automatic creation and
|
|
||||||
patching of the `garagenodes.deuxfleurs.fr` CRD. You will need to create the CRD
|
|
||||||
manually.
|
|
||||||
|
|
||||||
|
|
||||||
## The `[s3_api]` section
|
|
||||||
|
|
||||||
### `api_bind_addr`
|
|
||||||
|
|
||||||
The IP and port on which to bind for accepting S3 API calls.
|
|
||||||
This endpoint does not suport TLS: a reverse proxy should be used to provide it.
|
|
||||||
|
|
||||||
### `s3_region`
|
|
||||||
|
|
||||||
Garage will accept S3 API calls that are targetted to the S3 region defined here.
|
|
||||||
API calls targetted to other regions will fail with a AuthorizationHeaderMalformed error
|
|
||||||
message that redirects the client to the correct region.
|
|
||||||
|
|
||||||
### `root_domain` {#root_domain}
|
|
||||||
|
|
||||||
The optionnal suffix to access bucket using vhost-style in addition to path-style request.
|
|
||||||
Note path-style requests are always enabled, whether or not vhost-style is configured.
|
|
||||||
Configuring vhost-style S3 required a wildcard DNS entry, and possibly a wildcard TLS certificate,
|
|
||||||
but might be required by softwares not supporting path-style requests.
|
|
||||||
|
|
||||||
If `root_domain` is `s3.garage.eu`, a bucket called `my-bucket` can be interacted with
|
|
||||||
using the hostname `my-bucket.s3.garage.eu`.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## The `[s3_web]` section
|
|
||||||
|
|
||||||
Garage allows to publish content of buckets as websites. This section configures the
|
|
||||||
behaviour of this module.
|
|
||||||
|
|
||||||
### `bind_addr`
|
|
||||||
|
|
||||||
The IP and port on which to bind for accepting HTTP requests to buckets configured
|
|
||||||
for website access.
|
|
||||||
This endpoint does not suport TLS: a reverse proxy should be used to provide it.
|
|
||||||
|
|
||||||
### `root_domain`
|
|
||||||
|
|
||||||
The optionnal suffix appended to bucket names for the corresponding HTTP Host.
|
|
||||||
|
|
||||||
For instance, if `root_domain` is `web.garage.eu`, a bucket called `deuxfleurs.fr`
|
|
||||||
will be accessible either with hostname `deuxfleurs.fr.web.garage.eu`
|
|
||||||
or with hostname `deuxfleurs.fr`.
|
|
||||||
|
|
||||||
|
|
||||||
## The `[admin]` section
|
|
||||||
|
|
||||||
Garage has a few administration capabilities, in particular to allow remote monitoring. These features are detailed below.
|
|
||||||
|
|
||||||
### `api_bind_addr`
|
|
||||||
|
|
||||||
If specified, Garage will bind an HTTP server to this port and address, on
|
|
||||||
which it will listen to requests for administration features.
|
|
||||||
See [administration API reference](@/documentation/reference-manual/admin-api.md) to learn more about these features.
|
|
||||||
|
|
||||||
### `metrics_token` (since version 0.7.2)
|
|
||||||
|
|
||||||
The token for accessing the Metrics endpoint. If this token is not set in
|
|
||||||
the config file, the Metrics endpoint can be accessed without access
|
|
||||||
control.
|
|
||||||
|
|
||||||
You can use any random string for this value. We recommend generating a random token with `openssl rand -hex 32`.
|
|
||||||
|
|
||||||
### `admin_token` (since version 0.7.2)
|
|
||||||
|
|
||||||
The token for accessing all of the other administration endpoints. If this
|
|
||||||
token is not set in the config file, access to these endpoints is disabled
|
|
||||||
entirely.
|
|
||||||
|
|
||||||
You can use any random string for this value. We recommend generating a random token with `openssl rand -hex 32`.
|
|
||||||
|
|
||||||
### `trace_sink`
|
|
||||||
|
|
||||||
Optionnally, the address of an Opentelemetry collector. If specified,
|
|
||||||
Garage will send traces in the Opentelemetry format to this endpoint. These
|
|
||||||
trace allow to inspect Garage's operation when it handles S3 API requests.
|
|
|
@ -1,125 +0,0 @@
|
||||||
+++
|
|
||||||
title = "List of Garage features"
|
|
||||||
weight = 10
|
|
||||||
+++
|
|
||||||
|
|
||||||
|
|
||||||
### S3 API
|
|
||||||
|
|
||||||
The main goal of Garage is to provide an object storage service that is compatible with the
|
|
||||||
[S3 API](https://docs.aws.amazon.com/AmazonS3/latest/API/Welcome.html) from Amazon Web Services.
|
|
||||||
We try to adhere as strictly as possible to the semantics of the API as implemented by Amazon
|
|
||||||
and other vendors such as Minio or CEPH.
|
|
||||||
|
|
||||||
Of course Garage does not implement the full span of API endpoints that AWS S3 does;
|
|
||||||
the exact list of S3 features implemented by Garage can be found [on our S3 compatibility page](@/documentation/reference-manual/s3-compatibility.md).
|
|
||||||
|
|
||||||
### Geo-distribution
|
|
||||||
|
|
||||||
Garage allows you to store copies of your data in multiple geographical locations in order to maximize resilience
|
|
||||||
to adverse events, such as network/power outages or hardware failures.
|
|
||||||
This allows Garage to run very well even at home, using consumer-grade Internet connectivity
|
|
||||||
(such as FTTH) and power, as long as cluster nodes can be spawned at several physical locations.
|
|
||||||
Garage exploits knowledge of the capacity and physical location of each storage node to design
|
|
||||||
a storage plan that best exploits the available storage capacity while satisfying the geo-distributed replication constraint.
|
|
||||||
|
|
||||||
To learn more about geo-distributed Garage clusters,
|
|
||||||
read our documentation on [setting up a real-world deployment](@/documentation/cookbook/real-world.md).
|
|
||||||
|
|
||||||
### Standalone/self-contained
|
|
||||||
|
|
||||||
Garage is extremely simple to deploy, and does not depend on any external service to run.
|
|
||||||
This makes setting up and administering storage clusters, we hope, as easy as it could be.
|
|
||||||
|
|
||||||
### Flexible topology
|
|
||||||
|
|
||||||
A Garage cluster can very easily evolve over time, as storage nodes are added or removed.
|
|
||||||
Garage will automatically rebalance data between nodes as needed to ensure the desired number of copies.
|
|
||||||
Read about cluster layout management [here](@/documentation/reference-manual/layout.md).
|
|
||||||
|
|
||||||
### No RAFT slowing you down
|
|
||||||
|
|
||||||
It might seem strange to tout the absence of something as a desirable feature,
|
|
||||||
but this is in fact a very important point! Garage does not use RAFT or another
|
|
||||||
consensus algorithm internally to order incoming requests: this means that all requests
|
|
||||||
directed to a Garage cluster can be handled independently of one another instead
|
|
||||||
of going through a central bottleneck (the leader node).
|
|
||||||
As a consequence, requests can be handled much faster, even in cases where latency
|
|
||||||
between cluster nodes is important (see our [benchmarks](@/documentation/design/benchmarks/index.md) for data on this).
|
|
||||||
This is particularly usefull when nodes are far from one another and talk to one other through standard Internet connections.
|
|
||||||
|
|
||||||
### Several replication modes
|
|
||||||
|
|
||||||
Garage supports a variety of replication modes, with 1 copy, 2 copies or 3 copies of your data,
|
|
||||||
and with various levels of consistency, in order to adapt to a variety of usage scenarios.
|
|
||||||
Read our reference page on [supported replication modes](@/documentation/reference-manual/configuration.md#replication-mode)
|
|
||||||
to select the replication mode best suited to your use case (hint: in most cases, `replication_mode = "3"` is what you want).
|
|
||||||
|
|
||||||
### Web server for static websites
|
|
||||||
|
|
||||||
A storage bucket can easily be configured to be served directly by Garage as a static web site.
|
|
||||||
Domain names for multiple websites directly map to bucket names, making it easy to build
|
|
||||||
a platform for your users to autonomously build and host their websites over Garage.
|
|
||||||
Surprisingly, none of the other alternative S3 implementations we surveyed (such as Minio
|
|
||||||
or CEPH) support publishing static websites from S3 buckets, a feature that is however
|
|
||||||
directly inherited from S3 on AWS.
|
|
||||||
Read more on our [dedicated documentation page](@/documentation/cookbook/exposing-websites.md).
|
|
||||||
|
|
||||||
### Bucket names as aliases
|
|
||||||
|
|
||||||
In Garage, a bucket may have several names, known as aliases.
|
|
||||||
Aliases can easily be added and removed on demand:
|
|
||||||
this allows to easily rename buckets if needed
|
|
||||||
without having to copy all of their content, something that cannot be done on AWS.
|
|
||||||
For buckets served as static websites, having multiple aliases for a bucket can allow
|
|
||||||
exposing the same content under different domain names.
|
|
||||||
|
|
||||||
Garage also supports bucket aliases which are local to a single user:
|
|
||||||
this allows different users to have different buckets with the same name, thus avoiding naming collisions.
|
|
||||||
This can be helpfull for instance if you want to write an application that creates per-user buckets with always the same name.
|
|
||||||
|
|
||||||
This feature is totally invisible to S3 clients and does not break compatibility with AWS.
|
|
||||||
|
|
||||||
### Cluster administration API
|
|
||||||
|
|
||||||
Garage provides a fully-fledged REST API to administer your cluster programatically.
|
|
||||||
Functionality included in the admin API include: setting up and monitoring
|
|
||||||
cluster nodes, managing access credentials, and managing storage buckets and bucket aliases.
|
|
||||||
A full reference of the administration API is available [here](@/documentation/reference-manual/admin-api.md).
|
|
||||||
|
|
||||||
### Metrics and traces
|
|
||||||
|
|
||||||
Garage makes some internal metrics available in the Prometheus data format,
|
|
||||||
which allows you to build interactive dashboards to visualize the load and internal state of your storage cluster.
|
|
||||||
|
|
||||||
For developpers and performance-savvy administrators,
|
|
||||||
Garage also supports exporting traces of what it does internally in OpenTelemetry format.
|
|
||||||
This allows to monitor the time spent at various steps of the processing of requests,
|
|
||||||
in order to detect potential performance bottlenecks.
|
|
||||||
|
|
||||||
### Kubernetes and Nomad integrations
|
|
||||||
|
|
||||||
Garage can automatically discover other nodes in the cluster thanks to integration
|
|
||||||
with orchestrators such as Kubernetes and Nomad (when used with Consul).
|
|
||||||
This eases the configuration of your cluster as it removes one step where nodes need
|
|
||||||
to be manually connected to one another.
|
|
||||||
|
|
||||||
### Support for changing IP addresses
|
|
||||||
|
|
||||||
As long as all of your nodes don't change their IP address at the same time,
|
|
||||||
Garage should be able to tolerate nodes with changing/dynamic IP addresses,
|
|
||||||
as nodes will regularly exchange the IP addresses of their peers and try to
|
|
||||||
reconnect using newer addresses when existing connections are broken.
|
|
||||||
|
|
||||||
### K2V API (experimental)
|
|
||||||
|
|
||||||
As part of an ongoing research project, Garage can expose an experimental key/value storage API called K2V.
|
|
||||||
K2V is made for the storage and retrieval of many small key/value pairs that need to be processed in bulk.
|
|
||||||
This completes the S3 API with an alternative that can be used to easily store and access metadata
|
|
||||||
related to objects stored in an S3 bucket.
|
|
||||||
|
|
||||||
In the context of our research project, [Aérogramme](https://aerogramme.deuxfleurs.fr),
|
|
||||||
K2V is used to provide metadata and log storage for operations on encrypted e-mail storage.
|
|
||||||
|
|
||||||
Learn more on the specification of K2V [here](https://git.deuxfleurs.fr/Deuxfleurs/garage/src/branch/k2v/doc/drafts/k2v-spec.md)
|
|
||||||
and on how to enable it in Garage [here](@/documentation/reference-manual/k2v.md).
|
|
|
@ -1,58 +0,0 @@
|
||||||
+++
|
|
||||||
title = "K2V"
|
|
||||||
weight = 70
|
|
||||||
+++
|
|
||||||
|
|
||||||
Starting with version 0.7.2, Garage introduces an optionnal feature, K2V,
|
|
||||||
which is an alternative storage API designed to help efficiently store
|
|
||||||
many small values in buckets (in opposition to S3 which is more designed
|
|
||||||
to store large blobs).
|
|
||||||
|
|
||||||
K2V is currently disabled at compile time in all builds, as the
|
|
||||||
specification is still subject to changes. To build a Garage version with
|
|
||||||
K2V, the Cargo feature flag `k2v` must be activated. Special builds with
|
|
||||||
the `k2v` feature flag enabled can be obtained from our download page under
|
|
||||||
"Extra builds": such builds can be identified easily as their tag name ends
|
|
||||||
with `-k2v` (example: `v0.7.2-k2v`).
|
|
||||||
|
|
||||||
The specification of the K2V API can be found
|
|
||||||
[here](https://git.deuxfleurs.fr/Deuxfleurs/garage/src/branch/k2v/doc/drafts/k2v-spec.md).
|
|
||||||
This document also includes a high-level overview of K2V's design.
|
|
||||||
|
|
||||||
The K2V API uses AWSv4 signatures for authentification, same as the S3 API.
|
|
||||||
The AWS region used for signature calculation is always the same as the one
|
|
||||||
defined for the S3 API in the config file.
|
|
||||||
|
|
||||||
## Enabling and using K2V
|
|
||||||
|
|
||||||
To enable K2V, download and run a build that has the `k2v` feature flag
|
|
||||||
enabled, or produce one yourself. Then, add the following section to your
|
|
||||||
configuration file:
|
|
||||||
|
|
||||||
```toml
|
|
||||||
[k2v_api]
|
|
||||||
api_bind_addr = "<ip>:<port>"
|
|
||||||
```
|
|
||||||
|
|
||||||
Please select a port number that is not already in use by another API
|
|
||||||
endpoint (S3 api, admin API) or by the RPC server.
|
|
||||||
|
|
||||||
We provide an early-stage K2V client library for Rust which can be imported by adding the following to your `Cargo.toml` file:
|
|
||||||
|
|
||||||
```toml
|
|
||||||
k2v-client = { git = "https://git.deuxfleurs.fr/Deuxfleurs/garage.git" }
|
|
||||||
```
|
|
||||||
|
|
||||||
There is also a simple CLI utility which can be built from source in the
|
|
||||||
following way:
|
|
||||||
|
|
||||||
```sh
|
|
||||||
git clone https://git.deuxfleurs.fr/Deuxfleurs/garage.git
|
|
||||||
cd garage/src/k2v-client
|
|
||||||
cargo build --features cli --bin k2v-cli
|
|
||||||
```
|
|
||||||
|
|
||||||
The CLI utility is self-documented, run `k2v-cli --help` to learn how to use
|
|
||||||
it. There is also a short README.md in the `src/k2v-client` folder with some
|
|
||||||
instructions.
|
|
||||||
|
|
|
@ -1,77 +0,0 @@
|
||||||
+++
|
|
||||||
title = "Cluster layout management"
|
|
||||||
weight = 50
|
|
||||||
+++
|
|
||||||
|
|
||||||
The cluster layout in Garage is a table that assigns to each node a role in
|
|
||||||
the cluster. The role of a node in Garage can either be a storage node with
|
|
||||||
a certain capacity, or a gateway node that does not store data and is only
|
|
||||||
used as an API entry point for faster cluster access.
|
|
||||||
An introduction to building cluster layouts can be found in the [production deployment](@/documentation/cookbook/real-world.md) page.
|
|
||||||
|
|
||||||
## How cluster layouts work in Garage
|
|
||||||
|
|
||||||
In Garage, a cluster layout is composed of the following components:
|
|
||||||
|
|
||||||
- a table of roles assigned to nodes
|
|
||||||
- a version number
|
|
||||||
|
|
||||||
Garage nodes will always use the cluster layout with the highest version number.
|
|
||||||
|
|
||||||
Garage nodes also maintain and synchronize between them a set of proposed role
|
|
||||||
changes that haven't yet been applied. These changes will be applied (or
|
|
||||||
canceled) in the next version of the layout
|
|
||||||
|
|
||||||
The following commands insert modifications to the set of proposed role changes
|
|
||||||
for the next layout version (but they do not create the new layout immediately):
|
|
||||||
|
|
||||||
```bash
|
|
||||||
garage layout assign [...]
|
|
||||||
garage layout remove [...]
|
|
||||||
```
|
|
||||||
|
|
||||||
The following command can be used to inspect the layout that is currently set in the cluster
|
|
||||||
and the changes proposed for the next layout version, if any:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
garage layout show
|
|
||||||
```
|
|
||||||
|
|
||||||
The following commands create a new layout with the specified version number,
|
|
||||||
that either takes into account the proposed changes or cancels them:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
garage layout apply --version <new_version_number>
|
|
||||||
garage layout revert --version <new_version_number>
|
|
||||||
```
|
|
||||||
|
|
||||||
The version number of the new layout to create must be 1 + the version number
|
|
||||||
of the previous layout that existed in the cluster. The `apply` and `revert`
|
|
||||||
commands will fail otherwise.
|
|
||||||
|
|
||||||
## Warnings about Garage cluster layout management
|
|
||||||
|
|
||||||
**Warning: never make several calls to `garage layout apply` or `garage layout
|
|
||||||
revert` with the same value of the `--version` flag. Doing so can lead to the
|
|
||||||
creation of several different layouts with the same version number, in which
|
|
||||||
case your Garage cluster will become inconsistent until fixed.** If a call to
|
|
||||||
`garage layout apply` or `garage layout revert` has failed and `garage layout
|
|
||||||
show` indicates that a new layout with the given version number has not been
|
|
||||||
set in the cluster, then it is fine to call the command again with the same
|
|
||||||
version number.
|
|
||||||
|
|
||||||
If you are using the `garage` CLI by typing individual commands in your
|
|
||||||
shell, you shouldn't have much issues as long as you run commands one after
|
|
||||||
the other and take care of checking the output of `garage layout show`
|
|
||||||
before applying any changes.
|
|
||||||
|
|
||||||
If you are using the `garage` CLI to script layout changes, follow the following recommendations:
|
|
||||||
|
|
||||||
- Make all of your `garage` CLI calls to the same RPC host. Do not use the
|
|
||||||
`garage` CLI to connect to individual nodes to send them each a piece of the
|
|
||||||
layout changes you are making, as the changes propagate asynchronously
|
|
||||||
between nodes and might not all be taken into account at the time when the
|
|
||||||
new layout is applied.
|
|
||||||
|
|
||||||
- **Only call `garage layout apply` once**, and call it **strictly after** all
|
|
||||||
of the `layout assign` and `layout remove` commands have returned.
|
|
|
@ -1,232 +0,0 @@
|
||||||
+++
|
|
||||||
title = "S3 Compatibility status"
|
|
||||||
weight = 40
|
|
||||||
+++
|
|
||||||
|
|
||||||
## DISCLAIMER
|
|
||||||
|
|
||||||
**The compatibility list for other platforms is given only for informational
|
|
||||||
purposes and based on available documentation.** They are sometimes completed,
|
|
||||||
in a best effort approach, with the source code and inputs from maintainers
|
|
||||||
when documentation is lacking. We are not proactively monitoring new versions
|
|
||||||
of each software: check the modification history to know when the page has been
|
|
||||||
updated for the last time. Some entries will be inexact or outdated. For any
|
|
||||||
serious decision, you must make your own tests.
|
|
||||||
**The official documentation of each project can be accessed by clicking on the
|
|
||||||
project name in the column header.**
|
|
||||||
|
|
||||||
Feel free to open a PR to suggest fixes this table. Minio is missing because they do not provide a public S3 compatibility list.
|
|
||||||
|
|
||||||
## Update history
|
|
||||||
|
|
||||||
- 2022-02-07 - First version of this page
|
|
||||||
- 2022-05-25 - Many Ceph S3 endpoints are not documented but implemented. Following a notification from the Ceph community, we added them.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## High-level features
|
|
||||||
|
|
||||||
| Feature | Garage | [Openstack Swift](https://docs.openstack.org/swift/latest/s3_compat.html) | [Ceph Object Gateway](https://docs.ceph.com/en/latest/radosgw/s3/) | [Riak CS](https://docs.riak.com/riak/cs/2.1.1/references/apis/storage/s3/index.html) | [OpenIO](https://docs.openio.io/latest/source/arch-design/s3_compliancy.html) |
|
|
||||||
|------------------------------|----------------------------------|-----------------|---------------|---------|-----|
|
|
||||||
| [signature v2](https://docs.aws.amazon.com/general/latest/gr/signature-version-2.html) (deprecated) | ❌ Missing | ✅ | ✅ | ✅ | ✅ |
|
|
||||||
| [signature v4](https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html) | ✅ Implemented | ✅ | ✅ | ❌ | ✅ |
|
|
||||||
| [URL path-style](https://docs.aws.amazon.com/AmazonS3/latest/userguide/VirtualHosting.html#path-style-access) (eg. `host.tld/bucket/key`) | ✅ Implemented | ✅ | ✅ | ❓| ✅ |
|
|
||||||
| [URL vhost-style](https://docs.aws.amazon.com/AmazonS3/latest/userguide/VirtualHosting.html#virtual-hosted-style-access) URL (eg. `bucket.host.tld/key`) | ✅ Implemented | ❌| ✅| ✅ | ✅ |
|
|
||||||
| [Presigned URLs](https://docs.aws.amazon.com/AmazonS3/latest/userguide/ShareObjectPreSignedURL.html) | ✅ Implemented | ❌| ✅ | ✅ | ✅(❓) |
|
|
||||||
|
|
||||||
*Note:* OpenIO does not says if it supports presigned URLs. Because it is part
|
|
||||||
of signature v4 and they claim they support it without additional precisions,
|
|
||||||
we suppose that OpenIO supports presigned URLs.
|
|
||||||
|
|
||||||
|
|
||||||
## Endpoint implementation
|
|
||||||
|
|
||||||
All endpoints that are missing on Garage will return a 501 Not Implemented.
|
|
||||||
Some `x-amz-` headers are not implemented.
|
|
||||||
|
|
||||||
### Core endoints
|
|
||||||
|
|
||||||
| Endpoint | Garage | [Openstack Swift](https://docs.openstack.org/swift/latest/s3_compat.html) | [Ceph Object Gateway](https://docs.ceph.com/en/latest/radosgw/s3/) | [Riak CS](https://docs.riak.com/riak/cs/2.1.1/references/apis/storage/s3/index.html) | [OpenIO](https://docs.openio.io/latest/source/arch-design/s3_compliancy.html) |
|
|
||||||
|------------------------------|----------------------------------|-----------------|---------------|---------|-----|
|
|
||||||
| [CreateBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) | ✅ Implemented | ✅ | ✅ | ✅ | ✅ |
|
|
||||||
| [DeleteBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html) | ✅ Implemented | ✅ | ✅ | ✅ | ✅ |
|
|
||||||
| [GetBucketLocation](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLocation.html) | ✅ Implemented | ✅ | ✅ | ❌ | ✅ |
|
|
||||||
| [HeadBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html) | ✅ Implemented | ✅ | ✅ | ✅ | ✅ |
|
|
||||||
| [ListBuckets](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html) | ✅ Implemented | ❌| ✅ | ✅ | ✅ |
|
|
||||||
| [HeadObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadObject.html) | ✅ Implemented | ✅ | ✅ | ✅ | ✅ |
|
|
||||||
| [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) | ✅ Implemented | ✅ | ✅ | ✅ | ✅ |
|
|
||||||
| [DeleteObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html) | ✅ Implemented | ✅ | ✅ | ✅ | ✅ |
|
|
||||||
| [DeleteObjects](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObjects.html) | ✅ Implemented | ✅ | ✅ | ✅ | ✅ |
|
|
||||||
| [GetObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) | ✅ Implemented | ✅ | ✅ | ✅ | ✅ |
|
|
||||||
| [ListObjects](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html) | ✅ Implemented (see details below) | ✅ | ✅ | ✅ | ❌|
|
|
||||||
| [ListObjectsV2](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html) | ✅ Implemented | ❌| ✅ | ❌| ✅ |
|
|
||||||
| [PostObject](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectPOST.html) | ✅ Implemented | ❌| ✅ | ❌| ❌|
|
|
||||||
| [PutObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) | ✅ Implemented | ✅ | ✅ | ✅ | ✅ |
|
|
||||||
|
|
||||||
**ListObjects:** Implemented, but there isn't a very good specification of what
|
|
||||||
`encoding-type=url` covers so there might be some encoding bugs. In our
|
|
||||||
implementation the url-encoded fields are in the same in ListObjects as they
|
|
||||||
are in ListObjectsV2.
|
|
||||||
|
|
||||||
*Note: Ceph API documentation is incomplete and lacks at least HeadBucket and UploadPartCopy,
|
|
||||||
but these endpoints are documented in [Red Hat Ceph Storage - Chapter 2. Ceph Object Gateway and the S3 API](https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/4/html/developer_guide/ceph-object-gateway-and-the-s3-api)*
|
|
||||||
|
|
||||||
### Multipart Upload endpoints
|
|
||||||
|
|
||||||
| Endpoint | Garage | [Openstack Swift](https://docs.openstack.org/swift/latest/s3_compat.html) | [Ceph Object Gateway](https://docs.ceph.com/en/latest/radosgw/s3/) | [Riak CS](https://docs.riak.com/riak/cs/2.1.1/references/apis/storage/s3/index.html) | [OpenIO](https://docs.openio.io/latest/source/arch-design/s3_compliancy.html) |
|
|
||||||
|------------------------------|----------------------------------|-----------------|---------------|---------|-----|
|
|
||||||
| [AbortMultipartUpload](https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html) | ✅ Implemented | ✅ | ✅ | ✅ | ✅ |
|
|
||||||
| [CompleteMultipartUpload](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html) | ✅ Implemented (see details below) | ✅ | ✅ | ✅ | ✅ |
|
|
||||||
| [CreateMultipartUpload](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) | ✅ Implemented | ✅| ✅ | ✅ | ✅ |
|
|
||||||
| [ListMultipartUpload](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUpload.html) | ✅ Implemented | ✅ | ✅ | ✅ | ✅ |
|
|
||||||
| [ListParts](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html) | ✅ Implemented | ✅ | ✅ | ✅ | ✅ |
|
|
||||||
| [UploadPart](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) | ✅ Implemented (see details below) | ✅ | ✅| ✅ | ✅ |
|
|
||||||
| [UploadPartCopy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html) | ✅ Implemented | ✅ | ✅ | ✅ | ✅ |
|
|
||||||
|
|
||||||
Our implementation of Multipart Upload is currently a bit more restrictive than Amazon's one in some edge cases.
|
|
||||||
For more information, please refer to our [issue tracker](https://git.deuxfleurs.fr/Deuxfleurs/garage/issues/204).
|
|
||||||
|
|
||||||
### Website endpoints
|
|
||||||
|
|
||||||
| Endpoint | Garage | [Openstack Swift](https://docs.openstack.org/swift/latest/s3_compat.html) | [Ceph Object Gateway](https://docs.ceph.com/en/latest/radosgw/s3/) | [Riak CS](https://docs.riak.com/riak/cs/2.1.1/references/apis/storage/s3/index.html) | [OpenIO](https://docs.openio.io/latest/source/arch-design/s3_compliancy.html) |
|
|
||||||
|------------------------------|----------------------------------|-----------------|---------------|---------|-----|
|
|
||||||
| [DeleteBucketWebsite](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketWebsite.html) | ✅ Implemented | ❌| ❌| ❌| ❌|
|
|
||||||
| [GetBucketWebsite](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketWebsite.html) | ✅ Implemented | ❌ | ❌| ❌| ❌|
|
|
||||||
| [PutBucketWebsite](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketWebsite.html) | ⚠ Partially implemented (see below)| ❌| ❌| ❌| ❌|
|
|
||||||
| [DeleteBucketCors](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketCors.html) | ✅ Implemented | ❌| ✅ | ❌| ✅ |
|
|
||||||
| [GetBucketCors](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketCors.html) | ✅ Implemented | ❌ | ✅ | ❌| ✅ |
|
|
||||||
| [PutBucketCors](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketCors.html) | ✅ Implemented | ❌| ✅ | ❌| ✅ |
|
|
||||||
|
|
||||||
**PutBucketWebsite:** Implemented, but only stores the index document suffix and the error document path. Redirects are not supported.
|
|
||||||
|
|
||||||
*Note: Ceph radosgw has some support for static websites but it is different from the Amazon one. It also does not implement its configuration endpoints.*
|
|
||||||
|
|
||||||
### ACL, Policies endpoints
|
|
||||||
|
|
||||||
Amazon has 2 access control mechanisms in S3: ACL (legacy) and policies (new one).
|
|
||||||
Garage implements none of them, and has its own system instead, built around a per-access-key-per-bucket logic.
|
|
||||||
See Garage CLI reference manual to learn how to use Garage's permission system.
|
|
||||||
|
|
||||||
| Endpoint | Garage | [Openstack Swift](https://docs.openstack.org/swift/latest/s3_compat.html) | [Ceph Object Gateway](https://docs.ceph.com/en/latest/radosgw/s3/) | [Riak CS](https://docs.riak.com/riak/cs/2.1.1/references/apis/storage/s3/index.html) | [OpenIO](https://docs.openio.io/latest/source/arch-design/s3_compliancy.html) |
|
|
||||||
|------------------------------|----------------------------------|-----------------|---------------|---------|-----|
|
|
||||||
| [DeleteBucketPolicy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketPolicy.html) | ❌ Missing | ❌| ✅ | ✅ | ❌|
|
|
||||||
| [GetBucketPolicy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketPolicy.html) | ❌ Missing | ❌| ✅ | ⚠ | ❌|
|
|
||||||
| [GetBucketPolicyStatus](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketPolicyStatus.html) | ❌ Missing | ❌| ✅ | ❌| ❌|
|
|
||||||
| [PutBucketPolicy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketPolicy.html) | ❌ Missing | ❌| ✅ | ⚠ | ❌|
|
|
||||||
| [GetBucketAcl](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAcl.html) | ❌ Missing | ✅ | ✅ | ✅ | ✅ |
|
|
||||||
| [PutBucketAcl](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAcl.html) | ❌ Missing | ✅ | ✅ | ✅ | ✅ |
|
|
||||||
| [GetObjectAcl](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html) | ❌ Missing | ✅ | ✅ | ✅ | ✅ |
|
|
||||||
| [PutObjectAcl](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectAcl.html) | ❌ Missing | ✅ | ✅ | ✅ | ✅ |
|
|
||||||
|
|
||||||
*Notes:* Riak CS only supports a subset of the policy configuration.
|
|
||||||
|
|
||||||
### Versioning, Lifecycle endpoints
|
|
||||||
|
|
||||||
Garage does not (yet) support object versioning.
|
|
||||||
If you need this feature, please [share your use case in our dedicated issue](https://git.deuxfleurs.fr/Deuxfleurs/garage/issues/166).
|
|
||||||
|
|
||||||
| Endpoint | Garage | [Openstack Swift](https://docs.openstack.org/swift/latest/s3_compat.html) | [Ceph Object Gateway](https://docs.ceph.com/en/latest/radosgw/s3/) | [Riak CS](https://docs.riak.com/riak/cs/2.1.1/references/apis/storage/s3/index.html) | [OpenIO](https://docs.openio.io/latest/source/arch-design/s3_compliancy.html) |
|
|
||||||
|------------------------------|----------------------------------|-----------------|---------------|---------|-----|
|
|
||||||
| [DeleteBucketLifecycle](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketLifecycle.html) | ❌ Missing | ❌| ✅| ❌| ✅|
|
|
||||||
| [GetBucketLifecycleConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html) | ❌ Missing | ❌| ✅ | ❌| ✅|
|
|
||||||
| [PutBucketLifecycleConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html) | ❌ Missing | ❌| ✅ | ❌| ✅|
|
|
||||||
| [GetBucketVersioning](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html) | ❌ Stub (see below) | ✅| ✅ | ❌| ✅|
|
|
||||||
| [ListObjectVersions](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectVersions.html) | ❌ Missing | ❌| ✅ | ❌| ✅|
|
|
||||||
| [PutBucketVersioning](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketVersioning.html) | ❌ Missing | ❌| ✅| ❌| ✅|
|
|
||||||
|
|
||||||
|
|
||||||
**GetBucketVersioning:** Stub implementation (Garage does not yet support versionning so this always returns "versionning not enabled").
|
|
||||||
|
|
||||||
### Replication endpoints
|
|
||||||
|
|
||||||
Please open an issue if you have a use case for replication.
|
|
||||||
|
|
||||||
| Endpoint | Garage | [Openstack Swift](https://docs.openstack.org/swift/latest/s3_compat.html) | [Ceph Object Gateway](https://docs.ceph.com/en/latest/radosgw/s3/) | [Riak CS](https://docs.riak.com/riak/cs/2.1.1/references/apis/storage/s3/index.html) | [OpenIO](https://docs.openio.io/latest/source/arch-design/s3_compliancy.html) |
|
|
||||||
|------------------------------|----------------------------------|-----------------|---------------|---------|-----|
|
|
||||||
| [DeleteBucketReplication](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketReplication.html) | ❌ Missing | ❌| ✅ | ❌| ❌|
|
|
||||||
| [GetBucketReplication](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketReplication.html) | ❌ Missing | ❌| ✅ | ❌| ❌|
|
|
||||||
| [PutBucketReplication](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketReplication.html) | ❌ Missing | ❌| ⚠ | ❌| ❌|
|
|
||||||
|
|
||||||
*Note: Ceph documentation briefly says that Ceph supports
|
|
||||||
[replication through the S3 API](https://docs.ceph.com/en/latest/radosgw/multisite-sync-policy/#s3-replication-api)
|
|
||||||
but with some limitations.
|
|
||||||
Additionaly, replication endpoints are not documented in the S3 compatibility page so I don't know what kind of support we can expect.*
|
|
||||||
|
|
||||||
### Locking objects
|
|
||||||
|
|
||||||
Amazon defines a concept of [object locking](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html) that can be achieved either through a Retention period or a Legal hold.
|
|
||||||
|
|
||||||
| Endpoint | Garage | [Openstack Swift](https://docs.openstack.org/swift/latest/s3_compat.html) | [Ceph Object Gateway](https://docs.ceph.com/en/latest/radosgw/s3/) | [Riak CS](https://docs.riak.com/riak/cs/2.1.1/references/apis/storage/s3/index.html) | [OpenIO](https://docs.openio.io/latest/source/arch-design/s3_compliancy.html) |
|
|
||||||
|------------------------------|----------------------------------|-----------------|---------------|---------|-----|
|
|
||||||
| [GetObjectLegalHold](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectLegalHold.html) | ❌ Missing | ❌| ✅ | ❌| ❌|
|
|
||||||
| [PutObjectLegalHold](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectLegalHold.html) | ❌ Missing | ❌| ✅ | ❌| ❌|
|
|
||||||
| [GetObjectRetention](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectRetention.html) | ❌ Missing | ❌| ✅ | ❌| ❌|
|
|
||||||
| [PutObjectRetention](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectRetention.html) | ❌ Missing | ❌| ✅ | ❌| ❌|
|
|
||||||
| [GetObjectLockConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectLockConfiguration.html) | ❌ Missing | ❌| ✅ | ❌| ❌|
|
|
||||||
| [PutObjectLockConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectLockConfiguration.html) | ❌ Missing | ❌| ✅ | ❌| ❌|
|
|
||||||
|
|
||||||
### (Server-side) encryption
|
|
||||||
|
|
||||||
We think that you can either encrypt your server partition or do client-side encryption, so we did not implement server-side encryption for Garage.
|
|
||||||
Please open an issue if you have a use case.
|
|
||||||
|
|
||||||
| Endpoint | Garage | [Openstack Swift](https://docs.openstack.org/swift/latest/s3_compat.html) | [Ceph Object Gateway](https://docs.ceph.com/en/latest/radosgw/s3/) | [Riak CS](https://docs.riak.com/riak/cs/2.1.1/references/apis/storage/s3/index.html) | [OpenIO](https://docs.openio.io/latest/source/arch-design/s3_compliancy.html) |
|
|
||||||
|------------------------------|----------------------------------|-----------------|---------------|---------|-----|
|
|
||||||
| [DeleteBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketEncryption.html) | ❌ Missing | ❌| ✅ | ❌| ❌|
|
|
||||||
| [GetBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html) | ❌ Missing | ❌| ✅ | ❌| ❌|
|
|
||||||
| [PutBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html) | ❌ Missing | ❌| ✅ | ❌| ❌|
|
|
||||||
|
|
||||||
### Misc endpoints
|
|
||||||
|
|
||||||
| Endpoint | Garage | [Openstack Swift](https://docs.openstack.org/swift/latest/s3_compat.html) | [Ceph Object Gateway](https://docs.ceph.com/en/latest/radosgw/s3/) | [Riak CS](https://docs.riak.com/riak/cs/2.1.1/references/apis/storage/s3/index.html) | [OpenIO](https://docs.openio.io/latest/source/arch-design/s3_compliancy.html) |
|
|
||||||
|------------------------------|----------------------------------|-----------------|---------------|---------|-----|
|
|
||||||
| [GetBucketNotificationConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketNotificationConfiguration.html) | ❌ Missing | ❌| ✅ | ❌| ❌|
|
|
||||||
| [PutBucketNotificationConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketNotificationConfiguration.html) | ❌ Missing | ❌| ✅ | ❌| ❌|
|
|
||||||
| [DeleteBucketTagging](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketTagging.html) | ❌ Missing | ❌| ✅ | ❌| ✅ |
|
|
||||||
| [GetBucketTagging](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketTagging.html) | ❌ Missing | ❌| ✅ | ❌| ✅ |
|
|
||||||
| [PutBucketTagging](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketTagging.html) | ❌ Missing | ❌| ✅ | ❌| ✅ |
|
|
||||||
| [DeleteObjectTagging](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObjectTagging.html) | ❌ Missing | ❌| ✅ | ❌| ✅ |
|
|
||||||
| [GetObjectTagging](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html) | ❌ Missing | ❌| ✅ | ❌| ✅ |
|
|
||||||
| [PutObjectTagging](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectTagging.html) | ❌ Missing | ❌| ✅ | ❌| ✅ |
|
|
||||||
| [GetObjectTorrent](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTorrent.html) | ❌ Missing | ❌| ✅ | ❌| ❌|
|
|
||||||
|
|
||||||
### Vendor specific endpoints
|
|
||||||
|
|
||||||
<details><summary>Display Amazon specifc endpoints</summary>
|
|
||||||
|
|
||||||
|
|
||||||
| Endpoint | Garage | [Openstack Swift](https://docs.openstack.org/swift/latest/s3_compat.html) | [Ceph Object Gateway](https://docs.ceph.com/en/latest/radosgw/s3/) | [Riak CS](https://docs.riak.com/riak/cs/2.1.1/references/apis/storage/s3/index.html) | [OpenIO](https://docs.openio.io/latest/source/arch-design/s3_compliancy.html) |
|
|
||||||
|------------------------------|----------------------------------|-----------------|---------------|---------|-----|
|
|
||||||
| [DeleteBucketAnalyticsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketAnalyticsConfiguration.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
|
||||||
| [DeleteBucketIntelligentTieringConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketIntelligentTieringConfiguration.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
|
||||||
| [DeleteBucketInventoryConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketInventoryConfiguration.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
|
||||||
| [DeleteBucketMetricsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetricsConfiguration.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
|
||||||
| [DeleteBucketOwnershipControls](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketOwnershipControls.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
|
||||||
| [DeletePublicAccessBlock](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
|
||||||
| [GetBucketAccelerateConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAccelerateConfiguration.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
|
||||||
| [GetBucketAnalyticsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAnalyticsConfiguration.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
|
||||||
| [GetBucketIntelligentTieringConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketIntelligentTieringConfiguration.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
|
||||||
| [GetBucketInventoryConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketInventoryConfiguration.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
|
||||||
| [GetBucketLogging](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLogging.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
|
||||||
| [GetBucketMetricsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetricsConfiguration.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
|
||||||
| [GetBucketOwnershipControls](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketOwnershipControls.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
|
||||||
| [GetBucketRequestPayment](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketRequestPayment.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
|
||||||
| [GetPublicAccessBlock](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
|
||||||
| [ListBucketAnalyticsConfigurations](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketAnalyticsConfigurations.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
|
||||||
| [ListBucketIntelligentTieringConfigurations](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketIntelligentTieringConfigurations.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
|
||||||
| [ListBucketInventoryConfigurations](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketInventoryConfigurations.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
|
||||||
| [ListBucketMetricsConfigurations](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketMetricsConfigurations.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
|
||||||
| [PutBucketAccelerateConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAccelerateConfiguration.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
|
||||||
| [PutBucketAnalyticsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAnalyticsConfiguration.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
|
||||||
| [PutBucketIntelligentTieringConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketIntelligentTieringConfiguration.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
|
||||||
| [PutBucketInventoryConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketInventoryConfiguration.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
|
||||||
| [PutBucketLogging](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLogging.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
|
||||||
| [PutBucketMetricsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
|
||||||
| [PutBucketOwnershipControls](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketOwnershipControls.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
|
||||||
| [PutBucketRequestPayment](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketRequestPayment.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
|
||||||
| [PutPublicAccessBlock](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutPublicAccessBlock.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
|
||||||
| [RestoreObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
|
||||||
| [SelectObjectContent](https://docs.aws.amazon.com/AmazonS3/latest/API/API_SelectObjectContent.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
|
||||||
|
|
||||||
</details>
|
|
||||||
|
|
41
doc/book/src/SUMMARY.md
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
# Summary
|
||||||
|
|
||||||
|
[The Garage Data Store](./intro.md)
|
||||||
|
|
||||||
|
- [Quick start](./quick_start/index.md)
|
||||||
|
|
||||||
|
- [Cookbook](./cookbook/index.md)
|
||||||
|
- [Building from source](./cookbook/from_source.md)
|
||||||
|
- [Integration with systemd](./cookbook/systemd.md)
|
||||||
|
- [Gateways](./cookbook/gateways.md)
|
||||||
|
- [Exposing buckets as websites](./cookbook/exposing_websites.md)
|
||||||
|
- [Configuring a reverse proxy](./cookbook/reverse_proxy.md)
|
||||||
|
- [Production Deployment](./cookbook/real_world.md)
|
||||||
|
- [Recovering from failures](./cookbook/recovering.md)
|
||||||
|
|
||||||
|
- [Integrations](./connect/index.md)
|
||||||
|
- [Apps (Nextcloud, Peertube...)](./connect/apps.md)
|
||||||
|
- [Websites (Hugo, Jekyll, Publii...)](./connect/websites.md)
|
||||||
|
- [Repositories (Docker, Nix...)](./connect/repositories.md)
|
||||||
|
- [CLI tools (rclone, awscli, mc...)](./connect/cli.md)
|
||||||
|
- [Your code (PHP, JS, Go...)](./connect/code.md)
|
||||||
|
|
||||||
|
|
||||||
|
- [Reference Manual](./reference_manual/index.md)
|
||||||
|
- [Garage configuration file](./reference_manual/configuration.md)
|
||||||
|
- [Garage CLI](./reference_manual/cli.md)
|
||||||
|
- [S3 compatibility status](./reference_manual/s3_compatibility.md)
|
||||||
|
|
||||||
|
- [Design](./design/index.md)
|
||||||
|
- [Related Work](./design/related_work.md)
|
||||||
|
- [Internals](./design/internals.md)
|
||||||
|
- [Design draft](./design/design_draft.md)
|
||||||
|
|
||||||
|
- [Development](./development/index.md)
|
||||||
|
- [Setup your environment](./development/devenv.md)
|
||||||
|
- [Development scripts](./development/scripts.md)
|
||||||
|
- [Release process](./development/release_process.md)
|
||||||
|
|
||||||
|
- [Working Documents](./working_documents/index.md)
|
||||||
|
- [Load Balancing Data](./working_documents/load_balancing.md)
|
||||||
|
- [Migrating from 0.3 to 0.4](./working_documents/migration_04.md)
|
|
@ -1,23 +1,6 @@
|
||||||
+++
|
# Apps (Nextcloud, Peertube...)
|
||||||
title = "Apps (Nextcloud, Peertube...)"
|
|
||||||
weight = 5
|
|
||||||
+++
|
|
||||||
|
|
||||||
In this section, we cover the following web applications:
|
In this section, we cover the following software: [Nextcloud](#nextcloud), [Peertube](#peertube), [Mastodon](#mastodon), [Matrix](#matrix)
|
||||||
|
|
||||||
| Name | Status | Note |
|
|
||||||
|------|--------|------|
|
|
||||||
| [Nextcloud](#nextcloud) | ✅ | Both Primary Storage and External Storage are supported |
|
|
||||||
| [Peertube](#peertube) | ✅ | Supported with the website endpoint, proxifying private videos unsupported |
|
|
||||||
| [Mastodon](#mastodon) | ✅ | Natively supported |
|
|
||||||
| [Matrix](#matrix) | ✅ | Tested with `synapse-s3-storage-provider` |
|
|
||||||
| [Pixelfed](#pixelfed) | ❓ | Not yet tested |
|
|
||||||
| [Pleroma](#pleroma) | ❓ | Not yet tested |
|
|
||||||
| [Lemmy](#lemmy) | ❓ | Not yet tested |
|
|
||||||
| [Funkwhale](#funkwhale) | ❓ | Not yet tested |
|
|
||||||
| [Misskey](#misskey) | ❓ | Not yet tested |
|
|
||||||
| [Prismo](#prismo) | ❓ | Not yet tested |
|
|
||||||
| [Owncloud OCIS](#owncloud-infinite-scale-ocis) | ❓| Not yet tested |
|
|
||||||
|
|
||||||
## Nextcloud
|
## Nextcloud
|
||||||
|
|
||||||
|
@ -83,7 +66,7 @@ To test your new configuration, just reload your Nextcloud webpage and start sen
|
||||||
|
|
||||||
**From the GUI.** Activate the "External storage support" app from the "Applications" page (click on your account icon on the top right corner of your screen to display the menu). Go to your parameters page (also located below your account icon). Click on external storage (or the corresponding translation in your language).
|
**From the GUI.** Activate the "External storage support" app from the "Applications" page (click on your account icon on the top right corner of your screen to display the menu). Go to your parameters page (also located below your account icon). Click on external storage (or the corresponding translation in your language).
|
||||||
|
|
||||||
[![Screenshot of the External Storage form](cli-nextcloud-gui.png)](cli-nextcloud-gui.png)
|
[![Screenshot of the External Storage form](./cli-nextcloud-gui.png)](./cli-nextcloud-gui.png)
|
||||||
*Click on the picture to zoom*
|
*Click on the picture to zoom*
|
||||||
|
|
||||||
Add a new external storage. Put what you want in "folder name" (eg. "shared"). Select "Amazon S3". Keep "Access Key" for the Authentication field.
|
Add a new external storage. Put what you want in "folder name" (eg. "shared"). Select "Amazon S3". Keep "Access Key" for the Authentication field.
|
||||||
|
@ -125,13 +108,110 @@ Do not change the `use_path_style` and `legacy_auth` entries, other configuratio
|
||||||
|
|
||||||
Peertube proposes a clever integration of S3 by directly exposing its endpoint instead of proxifying requests through the application.
|
Peertube proposes a clever integration of S3 by directly exposing its endpoint instead of proxifying requests through the application.
|
||||||
In other words, Peertube is only responsible of the "control plane" and offload the "data plane" to Garage.
|
In other words, Peertube is only responsible of the "control plane" and offload the "data plane" to Garage.
|
||||||
In return, this system is a bit harder to configure.
|
In return, this system is a bit harder to configure, especially with Garage that supports less feature than other older S3 backends.
|
||||||
We show how it is still possible to configure Garage with Peertube, allowing you to spread the load and the bandwidth usage on the Garage cluster.
|
We show that it is still possible to configure Garage with Peertube, allowing you to spread the load and the bandiwdth usage on the Garage cluster.
|
||||||
|
|
||||||
|
### Enable path-style access by patching Peertube
|
||||||
|
|
||||||
|
First, you will need to apply a small patch on Peertube ([#4510](https://github.com/Chocobozzz/PeerTube/pull/4510)):
|
||||||
|
|
||||||
|
```diff
|
||||||
|
From e3b4c641bdf67e07d406a1d49d6aa6b1fbce2ab4 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Martin Honermeyer <maze@strahlungsfrei.de>
|
||||||
|
Date: Sun, 31 Oct 2021 12:34:04 +0100
|
||||||
|
Subject: [PATCH] Allow setting path-style access for object storage
|
||||||
|
|
||||||
|
---
|
||||||
|
config/default.yaml | 4 ++++
|
||||||
|
config/production.yaml.example | 4 ++++
|
||||||
|
server/initializers/config.ts | 1 +
|
||||||
|
server/lib/object-storage/shared/client.ts | 3 ++-
|
||||||
|
.../production/config/custom-environment-variables.yaml | 2 ++
|
||||||
|
5 files changed, 13 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/config/default.yaml b/config/default.yaml
|
||||||
|
index cf9d69a6211..4efd56fb804 100644
|
||||||
|
--- a/config/default.yaml
|
||||||
|
+++ b/config/default.yaml
|
||||||
|
@@ -123,6 +123,10 @@ object_storage:
|
||||||
|
# You can also use AWS_SECRET_ACCESS_KEY env variable
|
||||||
|
secret_access_key: ''
|
||||||
|
|
||||||
|
+ # Reference buckets via path rather than subdomain
|
||||||
|
+ # (i.e. "my-endpoint.com/bucket" instead of "bucket.my-endpoint.com")
|
||||||
|
+ force_path_style: false
|
||||||
|
+
|
||||||
|
# Maximum amount to upload in one request to object storage
|
||||||
|
max_upload_part: 2GB
|
||||||
|
|
||||||
|
diff --git a/config/production.yaml.example b/config/production.yaml.example
|
||||||
|
index 70993bf57a3..9ca2de5f4c9 100644
|
||||||
|
--- a/config/production.yaml.example
|
||||||
|
+++ b/config/production.yaml.example
|
||||||
|
@@ -121,6 +121,10 @@ object_storage:
|
||||||
|
# You can also use AWS_SECRET_ACCESS_KEY env variable
|
||||||
|
secret_access_key: ''
|
||||||
|
|
||||||
|
+ # Reference buckets via path rather than subdomain
|
||||||
|
+ # (i.e. "my-endpoint.com/bucket" instead of "bucket.my-endpoint.com")
|
||||||
|
+ force_path_style: false
|
||||||
|
+
|
||||||
|
# Maximum amount to upload in one request to object storage
|
||||||
|
max_upload_part: 2GB
|
||||||
|
|
||||||
|
diff --git a/server/initializers/config.ts b/server/initializers/config.ts
|
||||||
|
index 8375bf4304c..d726c59a4b6 100644
|
||||||
|
--- a/server/initializers/config.ts
|
||||||
|
+++ b/server/initializers/config.ts
|
||||||
|
@@ -91,6 +91,7 @@ const CONFIG = {
|
||||||
|
ACCESS_KEY_ID: config.get<string>('object_storage.credentials.access_key_id'),
|
||||||
|
SECRET_ACCESS_KEY: config.get<string>('object_storage.credentials.secret_access_key')
|
||||||
|
},
|
||||||
|
+ FORCE_PATH_STYLE: config.get<boolean>('object_storage.force_path_style'),
|
||||||
|
VIDEOS: {
|
||||||
|
BUCKET_NAME: config.get<string>('object_storage.videos.bucket_name'),
|
||||||
|
PREFIX: config.get<string>('object_storage.videos.prefix'),
|
||||||
|
diff --git a/server/lib/object-storage/shared/client.ts b/server/lib/object-storage/shared/client.ts
|
||||||
|
index c9a61459336..eadad02f93f 100644
|
||||||
|
--- a/server/lib/object-storage/shared/client.ts
|
||||||
|
+++ b/server/lib/object-storage/shared/client.ts
|
||||||
|
@@ -26,7 +26,8 @@ function getClient () {
|
||||||
|
accessKeyId: OBJECT_STORAGE.CREDENTIALS.ACCESS_KEY_ID,
|
||||||
|
secretAccessKey: OBJECT_STORAGE.CREDENTIALS.SECRET_ACCESS_KEY
|
||||||
|
}
|
||||||
|
- : undefined
|
||||||
|
+ : undefined,
|
||||||
|
+ forcePathStyle: CONFIG.OBJECT_STORAGE.FORCE_PATH_STYLE
|
||||||
|
})
|
||||||
|
|
||||||
|
logger.info('Initialized S3 client %s with region %s.', getEndpoint(), OBJECT_STORAGE.REGION, lTags())
|
||||||
|
diff --git a/support/docker/production/config/custom-environment-variables.yaml b/support/docker/production/config/custom-environment-variables.yaml
|
||||||
|
index c7cd28e6521..a960bab0bc9 100644
|
||||||
|
--- a/support/docker/production/config/custom-environment-variables.yaml
|
||||||
|
+++ b/support/docker/production/config/custom-environment-variables.yaml
|
||||||
|
@@ -54,6 +54,8 @@ object_storage:
|
||||||
|
|
||||||
|
region: "PEERTUBE_OBJECT_STORAGE_REGION"
|
||||||
|
|
||||||
|
+ force_path_style: "PEERTUBE_OBJECT_STORAGE_FORCE_PATH_STYLE"
|
||||||
|
+
|
||||||
|
max_upload_part:
|
||||||
|
__name: "PEERTUBE_OBJECT_STORAGE_MAX_UPLOAD_PART"
|
||||||
|
__format: "json"
|
||||||
|
```
|
||||||
|
|
||||||
|
You can then recompile it with:
|
||||||
|
|
||||||
|
```
|
||||||
|
npm run build
|
||||||
|
```
|
||||||
|
|
||||||
|
And it can be started with:
|
||||||
|
|
||||||
|
```
|
||||||
|
NODE_ENV=production NODE_CONFIG_DIR=/srv/peertube/config node dist/server.js
|
||||||
|
```
|
||||||
|
|
||||||
Starting from version 5.0, Peertube also supports improving the security for private videos by not exposing them directly
|
|
||||||
but relying on a single control point in the Peertube instance. This is based on S3 per-object and prefix ACL, which are not currently supported
|
|
||||||
in Garage, so this feature is unsupported. While this technically impedes security for private videos, it is not a blocking issue and could be
|
|
||||||
a reasonable trade-off for some instances.
|
|
||||||
|
|
||||||
### Create resources in Garage
|
### Create resources in Garage
|
||||||
|
|
||||||
|
@ -152,32 +232,30 @@ garage bucket create peertube-playlist
|
||||||
Now we allow our key to read and write on these buckets:
|
Now we allow our key to read and write on these buckets:
|
||||||
|
|
||||||
```
|
```
|
||||||
garage bucket allow peertube-playlists --read --write --owner --key peertube-key
|
garage bucket allow peertube-playlist --read --write --key peertube-key
|
||||||
garage bucket allow peertube-videos --read --write --owner --key peertube-key
|
garage bucket allow peertube-video --read --write --key peertube-key
|
||||||
```
|
```
|
||||||
|
|
||||||
We also need to expose these buckets publicly to serve their content to users:
|
Finally, we need to expose these buckets publicly to serve their content to users:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
garage bucket website --allow peertube-playlists
|
garage bucket website --allow peertube-playlist
|
||||||
garage bucket website --allow peertube-videos
|
garage bucket website --allow peertube-video
|
||||||
```
|
|
||||||
|
|
||||||
Finally, we must allow Cross-Origin Resource Sharing (CORS).
|
|
||||||
CORS are required by your browser to allow requests triggered from the peertube website (eg. peertube.tld) to your bucket's domain (eg. peertube-videos.web.garage.tld)
|
|
||||||
|
|
||||||
```bash
|
|
||||||
export CORS='{"CORSRules":[{"AllowedHeaders":["*"],"AllowedMethods":["GET"],"AllowedOrigins":["*"]}]}'
|
|
||||||
aws --endpoint http://s3.garage.localhost s3api put-bucket-cors --bucket peertube-playlists --cors-configuration $CORS
|
|
||||||
aws --endpoint http://s3.garage.localhost s3api put-bucket-cors --bucket peertube-videos --cors-configuration $CORS
|
|
||||||
```
|
```
|
||||||
|
|
||||||
These buckets are now accessible on the web port (by default 3902) with the following URL: `http://<bucket><root_domain>:<web_port>` where the root domain is defined in your configuration file (by default `.web.garage`). So we have currently the following URLs:
|
These buckets are now accessible on the web port (by default 3902) with the following URL: `http://<bucket><root_domain>:<web_port>` where the root domain is defined in your configuration file (by default `.web.garage`). So we have currently the following URLs:
|
||||||
* http://peertube-playlists.web.garage:3902
|
* http://peertube-playlist.web.garage:3902
|
||||||
* http://peertube-videos.web.garage:3902
|
* http://peertube-video.web.garage:3902
|
||||||
|
|
||||||
Make sure you (will) have a corresponding DNS entry for them.
|
Make sure you (will) have a corresponding DNS entry for them.
|
||||||
|
|
||||||
|
### Configure a Reverse Proxy to serve CORS
|
||||||
|
|
||||||
|
Now we will configure a reverse proxy in front of Garage.
|
||||||
|
This is required as we have no other way to serve CORS headers yet.
|
||||||
|
Check the [Configuring a reverse proxy](/cookbook/reverse_proxy.html) section to know how.
|
||||||
|
|
||||||
|
Now make sure that your 2 dns entries are pointing to your reverse proxy.
|
||||||
|
|
||||||
### Configure Peertube
|
### Configure Peertube
|
||||||
|
|
||||||
|
@ -190,6 +268,9 @@ object_storage:
|
||||||
# Put localhost only if you have a garage instance running on that node
|
# Put localhost only if you have a garage instance running on that node
|
||||||
endpoint: 'http://localhost:3900' # or "garage.example.com" if you have TLS on port 443
|
endpoint: 'http://localhost:3900' # or "garage.example.com" if you have TLS on port 443
|
||||||
|
|
||||||
|
# This entry has been added by our patch, must be set to true
|
||||||
|
force_path_style: true
|
||||||
|
|
||||||
# Garage supports only one region for now, named garage
|
# Garage supports only one region for now, named garage
|
||||||
region: 'garage'
|
region: 'garage'
|
||||||
|
|
||||||
|
@ -199,11 +280,6 @@ object_storage:
|
||||||
|
|
||||||
max_upload_part: 2GB
|
max_upload_part: 2GB
|
||||||
|
|
||||||
proxy:
|
|
||||||
# You may enable this feature, yet it will not provide any security benefit, so
|
|
||||||
# you should rather benefit from Garage public endpoint for all videos
|
|
||||||
proxify_private_files: false
|
|
||||||
|
|
||||||
streaming_playlists:
|
streaming_playlists:
|
||||||
bucket_name: 'peertube-playlist'
|
bucket_name: 'peertube-playlist'
|
||||||
|
|
||||||
|
@ -211,157 +287,34 @@ object_storage:
|
||||||
prefix: ''
|
prefix: ''
|
||||||
|
|
||||||
# You must fill this field to make Peertube use our reverse proxy/website logic
|
# You must fill this field to make Peertube use our reverse proxy/website logic
|
||||||
base_url: 'http://peertube-playlists.web.garage.localhost' # Example: 'https://mirror.example.com'
|
base_url: 'http://peertube-playlist.web.garage' # Example: 'https://mirror.example.com'
|
||||||
|
|
||||||
# Same settings but for webtorrent videos
|
# Same settings but for webtorrent videos
|
||||||
videos:
|
videos:
|
||||||
bucket_name: 'peertube-video'
|
bucket_name: 'peertube-video'
|
||||||
prefix: ''
|
prefix: ''
|
||||||
# You must fill this field to make Peertube use our reverse proxy/website logic
|
# You must fill this field to make Peertube use our reverse proxy/website logic
|
||||||
base_url: 'http://peertube-videos.web.garage.localhost'
|
base_url: 'http://peertube-video.web.garage'
|
||||||
```
|
```
|
||||||
|
|
||||||
### That's all
|
### That's all
|
||||||
|
|
||||||
Everything must be configured now, simply restart Peertube and try to upload a video.
|
Everything must be configured now, simply restart Peertube and try to upload a video.
|
||||||
|
You must see in your browser console that data are fetched directly from our bucket (through the reverse proxy).
|
||||||
|
|
||||||
Peertube will start by serving the video from its own domain while it is encoding.
|
### Miscellaneous
|
||||||
Once the encoding is done, the video is uploaded to Garage.
|
|
||||||
You can now reload the page and see in your browser console that data are fetched directly from your bucket.
|
*Known bug:* The playback does not start and some 400 Bad Request Errors appear in your browser console and on Garage.
|
||||||
|
If the description of the error contains HTTP Invalid Range: InvalidRange, the error is due to a buggy ffmpeg version.
|
||||||
|
You must avoid the 4.4.0 and use either a newer or older version.
|
||||||
|
|
||||||
|
*Associated issues:* [#137](https://git.deuxfleurs.fr/Deuxfleurs/garage/issues/137), [#138](https://git.deuxfleurs.fr/Deuxfleurs/garage/issues/138), [#140](https://git.deuxfleurs.fr/Deuxfleurs/garage/issues/140). These issues are non blocking.
|
||||||
|
|
||||||
*External link:* [Peertube Documentation > Remote Storage](https://docs.joinpeertube.org/admin-remote-storage)
|
*External link:* [Peertube Documentation > Remote Storage](https://docs.joinpeertube.org/admin-remote-storage)
|
||||||
|
|
||||||
## Mastodon
|
## Mastodon
|
||||||
|
|
||||||
Mastodon natively supports the S3 protocol to store media files, and it works out-of-the-box with Garage.
|
https://docs.joinmastodon.org/admin/config/#cdn
|
||||||
You will need to expose your Garage bucket as a website: that way, media files will be served directly from Garage.
|
|
||||||
|
|
||||||
### Performance considerations
|
|
||||||
|
|
||||||
Mastodon tends to store many small objects over time: expect hundreds of thousands of objects,
|
|
||||||
with average object size ranging from 50 KB to 150 KB.
|
|
||||||
|
|
||||||
As such, your Garage cluster should be configured appropriately for good performance:
|
|
||||||
|
|
||||||
- use Garage v0.8.0 or higher with the [LMDB database engine](@documentation/reference-manual/configuration.md#db-engine-since-v0-8-0).
|
|
||||||
With the default Sled database engine, your database could quickly end up taking tens of GB of disk space.
|
|
||||||
- the Garage database should be stored on a SSD
|
|
||||||
|
|
||||||
### Creating your bucket
|
|
||||||
|
|
||||||
This is the usual Garage setup:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
garage key new --name mastodon-key
|
|
||||||
garage bucket create mastodon-data
|
|
||||||
garage bucket allow mastodon-data --read --write --key mastodon-key
|
|
||||||
```
|
|
||||||
|
|
||||||
Note the Key ID and Secret Key.
|
|
||||||
|
|
||||||
### Exposing your bucket as a website
|
|
||||||
|
|
||||||
Create a DNS name to serve your media files, such as `my-social-media.mydomain.tld`.
|
|
||||||
This name will be publicly exposed to the users of your Mastodon instance: they
|
|
||||||
will load images directly from this DNS name.
|
|
||||||
|
|
||||||
As [documented here](@/documentation/cookbook/exposing-websites.md),
|
|
||||||
add this DNS name as alias to your bucket, and expose it as a website:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
garage bucket alias mastodon-data my-social-media.mydomain.tld
|
|
||||||
garage bucket website --allow mastodon-data
|
|
||||||
```
|
|
||||||
|
|
||||||
Then you will likely need to [setup a reverse proxy](@/documentation/cookbook/reverse-proxy.md)
|
|
||||||
in front of it to serve your media files over HTTPS.
|
|
||||||
|
|
||||||
### Cleaning up old media files before migration
|
|
||||||
|
|
||||||
Mastodon instance quickly accumulate a lot of media files from the federation.
|
|
||||||
Most of them are not strictly necessary because they can be fetched again from
|
|
||||||
other servers. As such, it is highly recommended to clean them up before
|
|
||||||
migration, this will greatly reduce the migration time.
|
|
||||||
|
|
||||||
From the [official Mastodon documentation](https://docs.joinmastodon.org/admin/tootctl/#media):
|
|
||||||
|
|
||||||
```bash
|
|
||||||
$ RAILS_ENV=production bin/tootctl media remove --days 3
|
|
||||||
$ RAILS_ENV=production bin/tootctl media remove-orphans
|
|
||||||
$ RAILS_ENV=production bin/tootctl preview_cards remove --days 15
|
|
||||||
```
|
|
||||||
|
|
||||||
Here is a typical disk usage for a small but multi-year instance after cleanup:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
$ RAILS_ENV=production bin/tootctl media usage
|
|
||||||
Attachments: 5.67 GB (1.14 GB local)
|
|
||||||
Custom emoji: 295 MB (0 Bytes local)
|
|
||||||
Preview cards: 154 MB
|
|
||||||
Avatars: 3.77 GB (127 KB local)
|
|
||||||
Headers: 8.72 GB (242 KB local)
|
|
||||||
Backups: 0 Bytes
|
|
||||||
Imports: 1.7 KB
|
|
||||||
Settings: 0 Bytes
|
|
||||||
```
|
|
||||||
|
|
||||||
Unfortunately, [old avatars and headers cannot currently be cleaned up](https://github.com/mastodon/mastodon/issues/9567).
|
|
||||||
|
|
||||||
### Migrating your data
|
|
||||||
|
|
||||||
Data migration should be done with an efficient S3 client.
|
|
||||||
The [minio client](@documentation/connect/cli.md#minio-client) is a good choice
|
|
||||||
thanks to its mirror mode:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
mc mirror ./public/system/ garage/mastodon-data
|
|
||||||
```
|
|
||||||
|
|
||||||
Here is a typical bucket usage after all data has been migrated:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
$ garage bucket info mastodon-data
|
|
||||||
|
|
||||||
Size: 20.3 GiB (21.8 GB)
|
|
||||||
Objects: 175968
|
|
||||||
```
|
|
||||||
|
|
||||||
### Configuring Mastodon
|
|
||||||
|
|
||||||
In your `.env.production` configuration file:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
S3_ENABLED=true
|
|
||||||
# Internal access to Garage
|
|
||||||
S3_ENDPOINT=http://my-garage-instance.mydomain.tld:3900
|
|
||||||
S3_REGION=garage
|
|
||||||
S3_BUCKET=mastodon-data
|
|
||||||
# Change this (Key ID and Secret Key of your Garage key)
|
|
||||||
AWS_ACCESS_KEY_ID=GKe88df__CHANGETHIS__c5145
|
|
||||||
AWS_SECRET_ACCESS_KEY=a2f7__CHANGETHIS__77fcfcf7a58f47a4aa4431f2e675c56da37821a1070000
|
|
||||||
# What name gets exposed to users (HTTPS is implicit)
|
|
||||||
S3_ALIAS_HOST=my-social-media.mydomain.tld
|
|
||||||
```
|
|
||||||
|
|
||||||
For more details, see the [reference Mastodon documentation](https://docs.joinmastodon.org/admin/config/#cdn).
|
|
||||||
|
|
||||||
Restart all Mastodon services and everything should now be using Garage!
|
|
||||||
You can check the URLs of images in the Mastodon web client, they should start
|
|
||||||
with `https://my-social-media.mydomain.tld`.
|
|
||||||
|
|
||||||
### Last migration sync
|
|
||||||
|
|
||||||
After Mastodon is successfully using Garage, you can run a last sync from the local filesystem to Garage:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
mc mirror --newer-than "3h" ./public/system/ garage/mastodon-data
|
|
||||||
```
|
|
||||||
|
|
||||||
### References
|
|
||||||
|
|
||||||
[cybrespace's guide to migrate to S3](https://github.com/cybrespace/cybrespace-meta/blob/master/s3.md)
|
|
||||||
(the guide is for Amazon S3, so the configuration is a bit different, but the rest is similar)
|
|
||||||
|
|
||||||
|
|
||||||
## Matrix
|
## Matrix
|
||||||
|
|
||||||
|
@ -476,34 +429,31 @@ And add a new line. For example, to run it every 10 minutes:
|
||||||
|
|
||||||
## Pixelfed
|
## Pixelfed
|
||||||
|
|
||||||
[Pixelfed Technical Documentation > Configuration](https://docs.pixelfed.org/technical-documentation/env.html#filesystem)
|
https://docs.pixelfed.org/technical-documentation/env.html#filesystem
|
||||||
|
|
||||||
## Pleroma
|
## Pleroma
|
||||||
|
|
||||||
[Pleroma Documentation > Pleroma.Uploaders.S3](https://docs-develop.pleroma.social/backend/configuration/cheatsheet/#pleromauploaderss3)
|
https://docs-develop.pleroma.social/backend/configuration/cheatsheet/#pleromauploaderss3
|
||||||
|
|
||||||
## Lemmy
|
## Lemmy
|
||||||
|
|
||||||
Lemmy uses pict-rs that [supports S3 backends](https://git.asonix.dog/asonix/pict-rs/commit/f9f4fc63d670f357c93f24147c2ee3e1278e2d97)
|
via pict-rs
|
||||||
|
https://git.asonix.dog/asonix/pict-rs/commit/f9f4fc63d670f357c93f24147c2ee3e1278e2d97
|
||||||
|
|
||||||
## Funkwhale
|
## Funkwhale
|
||||||
|
|
||||||
[Funkwhale Documentation > S3 Storage](https://docs.funkwhale.audio/admin/configuration.html#s3-storage)
|
https://docs.funkwhale.audio/admin/configuration.html#s3-storage
|
||||||
|
|
||||||
## Misskey
|
## Misskey
|
||||||
|
|
||||||
[Misskey Github > commit 9d94424](https://github.com/misskey-dev/misskey/commit/9d944243a3a59e8880a360cbfe30fd5a3ec8d52d)
|
https://github.com/misskey-dev/misskey/commit/9d944243a3a59e8880a360cbfe30fd5a3ec8d52d
|
||||||
|
|
||||||
## Prismo
|
## Prismo
|
||||||
|
|
||||||
[Prismo Gitlab > .env.production.sample](https://gitlab.com/prismosuite/prismo/-/blob/dev/.env.production.sample#L26-33)
|
https://gitlab.com/prismosuite/prismo/-/blob/dev/.env.production.sample#L26-33
|
||||||
|
|
||||||
## Owncloud Infinite Scale (ocis)
|
## Owncloud Infinite Scale (ocis)
|
||||||
|
|
||||||
OCIS could be compatible with S3:
|
|
||||||
- [Deploying OCIS with S3](https://owncloud.dev/ocis/deployment/ocis_s3/)
|
|
||||||
- [OCIS 1.7 release note](https://central.owncloud.org/t/owncloud-infinite-scale-tech-preview-1-7-enables-s3-storage/32514/3)
|
|
||||||
|
|
||||||
## Unsupported
|
## Unsupported
|
||||||
|
|
||||||
- Mobilizon: No S3 integration
|
- Mobilizon: No S3 integration
|
Before Width: | Height: | Size: 197 KiB After Width: | Height: | Size: 197 KiB |
127
doc/book/src/connect/cli.md
Normal file
|
@ -0,0 +1,127 @@
|
||||||
|
# CLI tools
|
||||||
|
|
||||||
|
CLI tools allow you to query the S3 API without too many abstractions.
|
||||||
|
These tools are particularly suitable for debug, backups, website deployments or any scripted task that need to handle data.
|
||||||
|
|
||||||
|
## Minio client (recommended)
|
||||||
|
|
||||||
|
Use the following command to set an "alias", i.e. define a new S3 server to be
|
||||||
|
used by the Minio client:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
mc alias set \
|
||||||
|
garage \
|
||||||
|
<endpoint> \
|
||||||
|
<access key> \
|
||||||
|
<secret key> \
|
||||||
|
--api S3v4
|
||||||
|
```
|
||||||
|
|
||||||
|
Remember that `mc` is sometimes called `mcli` (such as on Arch Linux), to avoid conflicts
|
||||||
|
with Midnight Commander.
|
||||||
|
|
||||||
|
Some commands:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# list buckets
|
||||||
|
mc ls garage/
|
||||||
|
|
||||||
|
# list objets in a bucket
|
||||||
|
mc ls garage/my_files
|
||||||
|
|
||||||
|
# copy from your filesystem to garage
|
||||||
|
mc cp /proc/cpuinfo garage/my_files/cpuinfo.txt
|
||||||
|
|
||||||
|
# copy from garage to your filesystem
|
||||||
|
mc cp garage/my_files/cpuinfo.txt /tmp/cpuinfo.txt
|
||||||
|
|
||||||
|
# mirror a folder from your filesystem to garage
|
||||||
|
mc mirror --overwrite ./book garage/garagehq.deuxfleurs.fr
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
## AWS CLI
|
||||||
|
|
||||||
|
Create a file named `~/.aws/credentials` and put:
|
||||||
|
|
||||||
|
```toml
|
||||||
|
[default]
|
||||||
|
aws_access_key_id=xxxx
|
||||||
|
aws_secret_access_key=xxxx
|
||||||
|
```
|
||||||
|
|
||||||
|
Then a file named `~/.aws/config` and put:
|
||||||
|
|
||||||
|
```toml
|
||||||
|
[default]
|
||||||
|
region=garage
|
||||||
|
```
|
||||||
|
|
||||||
|
Now, supposing Garage is listening on `http://127.0.0.1:3900`, you can list your buckets with:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
aws --endpoint-url http://127.0.0.1:3900 s3 ls
|
||||||
|
```
|
||||||
|
|
||||||
|
Passing the `--endpoint-url` parameter to each command is annoying but AWS developers do not provide a corresponding configuration entry.
|
||||||
|
As a workaround, you can redefine the aws command by editing the file `~/.bashrc`:
|
||||||
|
|
||||||
|
```
|
||||||
|
function aws { command aws --endpoint-url http://127.0.0.1:3900 $@ ; }
|
||||||
|
```
|
||||||
|
|
||||||
|
*Do not forget to run `source ~/.bashrc` or to start a new terminal before running the next commands.*
|
||||||
|
|
||||||
|
Now you can simply run:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# list buckets
|
||||||
|
aws s3 ls
|
||||||
|
|
||||||
|
# list objects of a bucket
|
||||||
|
aws s3 ls s3://my_files
|
||||||
|
|
||||||
|
# copy from your filesystem to garage
|
||||||
|
aws s3 cp /proc/cpuinfo s3://my_files/cpuinfo.txt
|
||||||
|
|
||||||
|
# copy from garage to your filesystem
|
||||||
|
aws s3 cp s3/my_files/cpuinfo.txt /tmp/cpuinfo.txt
|
||||||
|
```
|
||||||
|
|
||||||
|
## `rclone`
|
||||||
|
|
||||||
|
`rclone` can be configured using the interactive assistant invoked using `rclone configure`.
|
||||||
|
|
||||||
|
You can also configure `rclone` by writing directly its configuration file.
|
||||||
|
Here is a template `rclone.ini` configuration file:
|
||||||
|
|
||||||
|
```ini
|
||||||
|
[garage]
|
||||||
|
type = s3
|
||||||
|
provider = Other
|
||||||
|
env_auth = false
|
||||||
|
access_key_id = <access key>
|
||||||
|
secret_access_key = <secret key>
|
||||||
|
region = <region>
|
||||||
|
endpoint = <endpoint>
|
||||||
|
force_path_style = true
|
||||||
|
acl = private
|
||||||
|
bucket_acl = private
|
||||||
|
```
|
||||||
|
|
||||||
|
## Cyberduck
|
||||||
|
|
||||||
|
TODO
|
||||||
|
|
||||||
|
## `s3cmd`
|
||||||
|
|
||||||
|
Here is a template for the `s3cmd.cfg` file to talk with Garage:
|
||||||
|
|
||||||
|
```ini
|
||||||
|
[default]
|
||||||
|
access_key = <access key>
|
||||||
|
secret_key = <secret key>
|
||||||
|
host_base = <endpoint without http(s)://>
|
||||||
|
host_bucket = <same as host_base>
|
||||||
|
use_https = False | True
|
||||||
|
```
|
1
doc/book/src/connect/code.md
Normal file
|
@ -0,0 +1 @@
|
||||||
|
# Your code (PHP, JS, Go...)
|
|
@ -1,25 +1,7 @@
|
||||||
+++
|
# Connect it to
|
||||||
title = "Existing integrations"
|
|
||||||
weight = 3
|
|
||||||
sort_by = "weight"
|
|
||||||
template = "documentation.html"
|
|
||||||
+++
|
|
||||||
|
|
||||||
|
To configure an S3 client to interact with Garage, you will need the following
|
||||||
Garage implements the Amazon S3 protocol, which makes it compatible with many existing software programs.
|
parameters:
|
||||||
|
|
||||||
In particular, you will find here instructions to connect it with:
|
|
||||||
|
|
||||||
- [Browsing tools](@/documentation/connect/cli.md)
|
|
||||||
- [Applications](@/documentation/connect/apps/index.md)
|
|
||||||
- [Website hosting](@/documentation/connect/websites.md)
|
|
||||||
- [Software repositories](@/documentation/connect/repositories.md)
|
|
||||||
- [FUSE](@/documentation/connect/fs.md)
|
|
||||||
|
|
||||||
### Generic instructions
|
|
||||||
|
|
||||||
To configure S3-compatible software to interact with Garage,
|
|
||||||
you will need the following parameters:
|
|
||||||
|
|
||||||
- An **API endpoint**: this corresponds to the HTTP or HTTPS address
|
- An **API endpoint**: this corresponds to the HTTP or HTTPS address
|
||||||
used to contact the Garage server. When runing Garage locally this will usually
|
used to contact the Garage server. When runing Garage locally this will usually
|
||||||
|
@ -31,17 +13,26 @@ you will need the following parameters:
|
||||||
like this: `GK3515373e4c851ebaad366558` (access key),
|
like this: `GK3515373e4c851ebaad366558` (access key),
|
||||||
`7d37d093435a41f2aab8f13c19ba067d9776c90215f56614adad6ece597dbb34` (secret key).
|
`7d37d093435a41f2aab8f13c19ba067d9776c90215f56614adad6ece597dbb34` (secret key).
|
||||||
These keys are created and managed using the `garage` CLI, as explained in the
|
These keys are created and managed using the `garage` CLI, as explained in the
|
||||||
[quick start](@/documentation/quick-start/_index.md) guide.
|
[quick start](../quick_start/index.md) guide.
|
||||||
|
|
||||||
Most S3 clients can be configured easily with these parameters,
|
Most S3 clients can be configured easily with these parameters,
|
||||||
provided that you follow the following guidelines:
|
provided that you follow the following guidelines:
|
||||||
|
|
||||||
- **Be careful to DNS-style/path-style access:** Garage supports both DNS-style buckets, which are now by default
|
- **Force path style:** Garage does not support DNS-style buckets, which are now by default
|
||||||
on Amazon S3, and legacy path-style buckets. If you use a reverse proxy in front of Garage,
|
on Amazon S3. Instead, Garage uses the legacy path-style bucket addressing.
|
||||||
make sure that you configured it to support the access-style required by the software you want to use.
|
Remember to configure your client to acknowledge this fact.
|
||||||
|
|
||||||
- **Configuring the S3 region:** Garage requires your client to talk to the correct "S3 region",
|
- **Configuring the S3 region:** Garage requires your client to talk to the correct "S3 region",
|
||||||
which is set in the configuration file. This is often set just to `garage`.
|
which is set in the configuration file. This is often set just to `garage`.
|
||||||
If this is not configured explicitly, clients usually try to talk to region `us-east-1`.
|
If this is not configured explicitly, clients usually try to talk to region `us-east-1`.
|
||||||
Garage should normally redirect your client to the correct region,
|
Garage should normally redirect your client to the correct region,
|
||||||
but in case your client does not support this you might have to configure it manually.
|
but in case your client does not support this you might have to configure it manually.
|
||||||
|
|
||||||
|
We will now provide example configurations for the most common clients per category:
|
||||||
|
|
||||||
|
- [Apps](./apps.md)
|
||||||
|
- [Websites](./websites.md)
|
||||||
|
- [Repositories](./repositories.md)
|
||||||
|
- [CLI tools](./cli.md)
|
||||||
|
- [Your code](./code.md)
|
||||||
|
|
1
doc/book/src/connect/repositories.md
Normal file
|
@ -0,0 +1 @@
|
||||||
|
# Repositories (Docker, Nix...)
|
77
doc/book/src/connect/websites.md
Normal file
|
@ -0,0 +1,77 @@
|
||||||
|
# Websites (Hugo, Jekyll, Publii...)
|
||||||
|
|
||||||
|
Garage is also suitable to host static websites.
|
||||||
|
While they can be deployed with traditional CLI tools, some static website generators have integrated options to ease your workflow.
|
||||||
|
|
||||||
|
## Hugo
|
||||||
|
|
||||||
|
Add to your `config.toml` the following section:
|
||||||
|
|
||||||
|
```toml
|
||||||
|
[[deployment.targets]]
|
||||||
|
URL = "s3://<bucket>?endpoint=<endpoint>&disableSSL=<bool>&s3ForcePathStyle=true®ion=garage"
|
||||||
|
```
|
||||||
|
|
||||||
|
For example:
|
||||||
|
|
||||||
|
```toml
|
||||||
|
[[deployment.targets]]
|
||||||
|
URL = "s3://my-blog?endpoint=localhost:9000&disableSSL=true&s3ForcePathStyle=true®ion=garage"
|
||||||
|
```
|
||||||
|
|
||||||
|
Then inform hugo of your credentials:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
export AWS_ACCESS_KEY_ID=GKxxx
|
||||||
|
export AWS_SECRET_ACCESS_KEY=xxx
|
||||||
|
```
|
||||||
|
|
||||||
|
And finally deploy your website:
|
||||||
|
|
||||||
|
```bsh
|
||||||
|
hugo deploy
|
||||||
|
```
|
||||||
|
|
||||||
|
*External links:*
|
||||||
|
- [gocloud.dev > aws > Supported URL parameters](https://pkg.go.dev/gocloud.dev/aws?utm_source=godoc#ConfigFromURLParams)
|
||||||
|
- [Hugo Documentation > hugo deploy](https://gohugo.io/hosting-and-deployment/hugo-deploy/)
|
||||||
|
|
||||||
|
## Publii
|
||||||
|
|
||||||
|
It would require a patch either on Garage or on Publii to make both systems work.
|
||||||
|
|
||||||
|
Currently, the proposed workaround is to deploy your website manually:
|
||||||
|
- On the left menu, click on Server, choose Manual Deployment (the logo looks like a compressed file)
|
||||||
|
- Set your website URL, keep Output type as "Non-compressed catalog"
|
||||||
|
- Click on Save changes
|
||||||
|
- Click on Sync your website (bottom left of the app)
|
||||||
|
- On the new page, click again on Sync your website
|
||||||
|
- Click on Get website files
|
||||||
|
- You need to synchronize the output folder you see in your file explorer, we will use minio client.
|
||||||
|
|
||||||
|
Be sure that you [configured minio client](cli.html#minio-client-recommended).
|
||||||
|
|
||||||
|
Then copy this output folder
|
||||||
|
|
||||||
|
```bash
|
||||||
|
mc mirror --overwrite output garage/my-site
|
||||||
|
```
|
||||||
|
|
||||||
|
## Generic (eg. Jekyll)
|
||||||
|
|
||||||
|
Some tools do not support sending to a S3 backend but output a compiled folder on your system.
|
||||||
|
We can then use any CLI tool to upload this content to our S3 target.
|
||||||
|
|
||||||
|
First, start by [configuring minio client](cli.html#minio-client-recommended).
|
||||||
|
|
||||||
|
Then build your website:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
jekyll build
|
||||||
|
```
|
||||||
|
|
||||||
|
And copy jekyll's output folder on S3:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
mc mirror --overwrite _site garage/my-site
|
||||||
|
```
|
48
doc/book/src/cookbook/exposing_websites.md
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
# Exposing buckets as websites
|
||||||
|
|
||||||
|
You can expose your bucket as a website with this simple command:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
garage bucket website --allow my-website
|
||||||
|
```
|
||||||
|
|
||||||
|
Now it will be **publicly** exposed on the web endpoint (by default listening on port 3902).
|
||||||
|
|
||||||
|
Our website serving logic is as follow:
|
||||||
|
- Supports only static websites (no support for PHP or other languages)
|
||||||
|
- Does not support directory listing
|
||||||
|
- The index is defined in your `garage.toml`. ([ref](/reference_manual/configuration.html#index))
|
||||||
|
|
||||||
|
Now we need to infer the URL of your website through your bucket name.
|
||||||
|
Let assume:
|
||||||
|
- we set `root_domain = ".web.example.com"` in `garage.toml` ([ref](/reference_manual/configuration.html#root_domain))
|
||||||
|
- our bucket name is `garagehq.deuxfleurs.fr`.
|
||||||
|
|
||||||
|
Our bucket will be served if the Host field matches one of these 2 values (the port is ignored):
|
||||||
|
|
||||||
|
- `garagehq.deuxfleurs.fr.web.example.com`: you can dedicate a subdomain to your users (here `web.example.com`).
|
||||||
|
|
||||||
|
- `garagehq.deuxfleurs.fr`: your users can bring their own domain name, they just need to point them to your Garage cluster.
|
||||||
|
|
||||||
|
You can try this logic locally, without configuring any DNS, thanks to `curl`:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# prepare your test
|
||||||
|
echo hello world > /tmp/index.html
|
||||||
|
mc cp /tmp/index.html garage/garagehq.deuxfleurs.fr
|
||||||
|
|
||||||
|
curl -H 'Host: garagehq.deuxfleurs.fr' http://localhost:3902
|
||||||
|
# should print "hello world"
|
||||||
|
|
||||||
|
curl -H 'Host: garagehq.deuxfleurs.fr.web.example.com' http://localhost:3902
|
||||||
|
# should also print "hello world"
|
||||||
|
```
|
||||||
|
|
||||||
|
Now that you understand how website logic works on Garage, you can:
|
||||||
|
|
||||||
|
- make the website endpoint listens on port 80 (instead of 3902)
|
||||||
|
- use iptables to redirect the port 80 to the port 3902:
|
||||||
|
`iptables -t nat -A PREROUTING -p tcp -dport 80 -j REDIRECT -to-port 3902`
|
||||||
|
- or configure a [reverse proxy](reverse_proxy.html) in front of Garage to add TLS (HTTPS), CORS support, etc.
|
||||||
|
|
||||||
|
You can also take a look at [Website Integration](/connect/websites.html) to see how you can add Garage to your workflow.
|
51
doc/book/src/cookbook/from_source.md
Normal file
|
@ -0,0 +1,51 @@
|
||||||
|
# Compiling Garage from source
|
||||||
|
|
||||||
|
|
||||||
|
Garage is a standard Rust project.
|
||||||
|
First, you need `rust` and `cargo`.
|
||||||
|
For instance on Debian:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo apt-get update
|
||||||
|
sudo apt-get install -y rustc cargo
|
||||||
|
```
|
||||||
|
|
||||||
|
You can also use [Rustup](https://rustup.rs/) to setup a Rust toolchain easily.
|
||||||
|
|
||||||
|
## Using source from `crates.io`
|
||||||
|
|
||||||
|
Garage's source code is published on `crates.io`, Rust's official package repository.
|
||||||
|
This means you can simply ask `cargo` to download and build this source code for you:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
cargo install garage
|
||||||
|
```
|
||||||
|
|
||||||
|
That's all, `garage` should be in `$HOME/.cargo/bin`.
|
||||||
|
|
||||||
|
You can add this folder to your `$PATH` or copy the binary somewhere else on your system.
|
||||||
|
For instance:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo cp $HOME/.cargo/bin/garage /usr/local/bin/garage
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
## Using source from the Gitea repository
|
||||||
|
|
||||||
|
The primary location for Garage's source code is the
|
||||||
|
[Gitea repository](https://git.deuxfleurs.fr/Deuxfleurs/garage).
|
||||||
|
|
||||||
|
Clone the repository and build Garage with the following commands:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
git clone https://git.deuxfleurs.fr/Deuxfleurs/garage.git
|
||||||
|
cd garage
|
||||||
|
cargo build
|
||||||
|
```
|
||||||
|
|
||||||
|
Be careful, as this will make a debug build of Garage, which will be extremely slow!
|
||||||
|
To make a release build, invoke `cargo build --release` (this takes much longer).
|
||||||
|
|
||||||
|
The binaries built this way are found in `target/{debug,release}/garage`.
|
||||||
|
|
31
doc/book/src/cookbook/gateways.md
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
# Gateways
|
||||||
|
|
||||||
|
Gateways allow you to expose Garage endpoints (S3 API and websites) without storing data on the node.
|
||||||
|
|
||||||
|
## Benefits
|
||||||
|
|
||||||
|
You can configure Garage as a gateway on all nodes that will consume your S3 API, it will provide you the following benefits:
|
||||||
|
|
||||||
|
- **It removes 1 or 2 network RTT** Instead of (querying your reverse proxy then) querying a random node of the cluster that will forward your request to the nodes effectively storing the data, your local gateway will directly knows which node to query.
|
||||||
|
|
||||||
|
- **It ease server management** Instead of tracking in your reverse proxy and DNS what are the current Garage nodes, your gateway being part of the cluster keeps this information for you. In your software, you will always specify `http://localhost:3900`.
|
||||||
|
|
||||||
|
- **It simplifies security** Instead of having to maintain and renew a TLS certificate, you leverage the Secret Handshake protocol we use for our cluster. The S3 API protocol will be in plain text but limited to your local machine.
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
|
||||||
|
Currently it will not work with minio client. Follow issue [#64](https://git.deuxfleurs.fr/Deuxfleurs/garage/issues/64) for more information.
|
||||||
|
|
||||||
|
## Spawn a Gateway
|
||||||
|
|
||||||
|
The instructions are similar to a regular node, the only option that is different is while configuring the node, you must set the `--gateway` parameter:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
garage node configure --gateway --tag gw1 xxxx
|
||||||
|
```
|
||||||
|
|
||||||
|
Then use `http://localhost:3900` when a S3 endpoint is required:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
aws --endpoint-url http://127.0.0.1:3900 s3 ls
|
||||||
|
```
|
25
doc/book/src/cookbook/index.md
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
# Cookbook
|
||||||
|
|
||||||
|
A cookbook, when you cook, is a collection of recipes.
|
||||||
|
Similarly, Garage's cookbook contains a collection of recipes that are known to works well!
|
||||||
|
This chapter could also be referred as "Tutorials" or "Best practices".
|
||||||
|
|
||||||
|
- **[Deploying Garage](real_world.md):** This page will walk you through all of the necessary
|
||||||
|
steps to deploy Garage in a real-world setting.
|
||||||
|
|
||||||
|
- **[Configuring S3 clients](clients.md):** This page will explain how to configure
|
||||||
|
popular S3 clients to interact with a Garage server.
|
||||||
|
|
||||||
|
- **[Hosting a website](website.md):** This page explains how to use Garage
|
||||||
|
to host a static website.
|
||||||
|
|
||||||
|
- **[Recovering from failures](recovering.md):** Garage's first selling point is resilience
|
||||||
|
to hardware failures. This section explains how to recover from such a failure in the
|
||||||
|
best possible way.
|
||||||
|
|
||||||
|
- **[Building from source](from_source.md):** This page explains how to build Garage from
|
||||||
|
source in case a binary is not provided for your architecture, or if you want to
|
||||||
|
hack with us!
|
||||||
|
|
||||||
|
- **[Starting with Systemd](from_source.md):** This page explains how to run Garage
|
||||||
|
as a Systemd service (instead of as a Docker container).
|
|
@ -1,19 +1,15 @@
|
||||||
+++
|
# Deploying Garage on a real-world cluster
|
||||||
title = "Deployment on a cluster"
|
|
||||||
weight = 5
|
|
||||||
+++
|
|
||||||
|
|
||||||
To run Garage in cluster mode, we recommend having at least 3 nodes.
|
To run Garage in cluster mode, we recommend having at least 3 nodes.
|
||||||
This will allow you to setup Garage for three-way replication of your data,
|
This will allow you to setup Garage for three-way replication of your data,
|
||||||
the safest and most available mode proposed by Garage.
|
the safest and most available mode proposed by Garage.
|
||||||
|
|
||||||
We recommend first following the [quick start guide](@/documentation/quick-start/_index.md) in order
|
We recommend first following the [quick start guide](../quick_start/index.md) in order
|
||||||
to get familiar with Garage's command line and usage patterns.
|
to get familiar with Garage's command line and usage patterns.
|
||||||
|
|
||||||
|
|
||||||
## Preparing your environment
|
|
||||||
|
|
||||||
### Prerequisites
|
## Prerequisites
|
||||||
|
|
||||||
To run a real-world deployment, make sure the following conditions are met:
|
To run a real-world deployment, make sure the following conditions are met:
|
||||||
|
|
||||||
|
@ -22,8 +18,12 @@ To run a real-world deployment, make sure the following conditions are met:
|
||||||
- Each machine has a public IP address which is reachable by other machines.
|
- Each machine has a public IP address which is reachable by other machines.
|
||||||
Running behind a NAT is likely to be possible but hasn't been tested for the latest version (TODO).
|
Running behind a NAT is likely to be possible but hasn't been tested for the latest version (TODO).
|
||||||
|
|
||||||
|
- Ideally, each machine should have a SSD available in addition to the HDD you are dedicating
|
||||||
|
to Garage. This will allow for faster access to metadata and has the potential
|
||||||
|
to drastically reduce Garage's response times.
|
||||||
|
|
||||||
- This guide will assume you are using Docker containers to deploy Garage on each node.
|
- This guide will assume you are using Docker containers to deploy Garage on each node.
|
||||||
Garage can also be run independently, for instance as a [Systemd service](@/documentation/cookbook/systemd.md).
|
Garage can also be run independently, for instance as a [Systemd service](systemd.md).
|
||||||
You can also use an orchestrator such as Nomad or Kubernetes to automatically manage
|
You can also use an orchestrator such as Nomad or Kubernetes to automatically manage
|
||||||
Docker containers on a fleet of nodes.
|
Docker containers on a fleet of nodes.
|
||||||
|
|
||||||
|
@ -32,67 +32,24 @@ For our example, we will suppose the following infrastructure with IPv6 connecti
|
||||||
|
|
||||||
| Location | Name | IP Address | Disk Space |
|
| Location | Name | IP Address | Disk Space |
|
||||||
|----------|---------|------------|------------|
|
|----------|---------|------------|------------|
|
||||||
| Paris | Mercury | fc00:1::1 | 1 TB |
|
| Paris | Mercury | fc00:1::1 | 1 To |
|
||||||
| Paris | Venus | fc00:1::2 | 2 TB |
|
| Paris | Venus | fc00:1::2 | 2 To |
|
||||||
| London | Earth | fc00:B::1 | 2 TB |
|
| London | Earth | fc00:B::1 | 2 To |
|
||||||
| Brussels | Mars | fc00:F::1 | 1.5 TB |
|
| Brussels | Mars | fc00:F::1 | 1.5 To |
|
||||||
|
|
||||||
Note that Garage will **always** store the three copies of your data on nodes at different
|
|
||||||
locations. This means that in the case of this small example, the available capacity
|
|
||||||
of the cluster is in fact only 1.5 TB, because nodes in Brussels can't store more than that.
|
|
||||||
This also means that nodes in Paris and London will be under-utilized.
|
|
||||||
To make better use of the available hardware, you should ensure that the capacity
|
|
||||||
available in the different locations of your cluster is roughly the same.
|
|
||||||
For instance, here, the Mercury node could be moved to Brussels; this would allow the cluster
|
|
||||||
to store 2 TB of data in total.
|
|
||||||
|
|
||||||
### Best practices
|
|
||||||
|
|
||||||
- If you have fast dedicated networking between all your nodes, and are planing to store
|
|
||||||
very large files, bump the `block_size` configuration parameter to 10 MB
|
|
||||||
(`block_size = 10485760`).
|
|
||||||
|
|
||||||
- Garage stores its files in two locations: it uses a metadata directory to store frequently-accessed
|
|
||||||
small metadata items, and a data directory to store data blocks of uploaded objects.
|
|
||||||
Ideally, the metadata directory would be stored on an SSD (smaller but faster),
|
|
||||||
and the data directory would be stored on an HDD (larger but slower).
|
|
||||||
|
|
||||||
- For the data directory, Garage already does checksumming and integrity verification,
|
|
||||||
so there is no need to use a filesystem such as BTRFS or ZFS that does it.
|
|
||||||
We recommend using XFS for the data partition, as it has the best performance.
|
|
||||||
EXT4 is not recommended as it has more strict limitations on the number of inodes,
|
|
||||||
which might cause issues with Garage when large numbers of objects are stored.
|
|
||||||
|
|
||||||
- If you only have an HDD and no SSD, it's fine to put your metadata alongside the data
|
|
||||||
on the same drive. Having lots of RAM for your kernel to cache the metadata will
|
|
||||||
help a lot with performance. Make sure to use the LMDB database engine,
|
|
||||||
instead of Sled, which suffers from quite bad performance degradation on HDDs.
|
|
||||||
Sled is still the default for legacy reasons, but is not recommended anymore.
|
|
||||||
|
|
||||||
- For the metadata storage, Garage does not do checksumming and integrity
|
|
||||||
verification on its own. If you are afraid of bitrot/data corruption,
|
|
||||||
put your metadata directory on a BTRFS partition. Otherwise, just use regular
|
|
||||||
EXT4 or XFS.
|
|
||||||
|
|
||||||
- Having a single server with several storage drives is currently not very well
|
|
||||||
supported in Garage ([#218](https://git.deuxfleurs.fr/Deuxfleurs/garage/issues/218)).
|
|
||||||
For an easy setup, just put all your drives in a RAID0 or a ZFS RAIDZ array.
|
|
||||||
If you're adventurous, you can try to format each of your disk as
|
|
||||||
a separate XFS partition, and then run one `garage` daemon per disk drive,
|
|
||||||
or use something like [`mergerfs`](https://github.com/trapexit/mergerfs) to merge
|
|
||||||
all your disks in a single union filesystem that spreads load over them.
|
|
||||||
|
|
||||||
## Get a Docker image
|
## Get a Docker image
|
||||||
|
|
||||||
Our docker image is currently named `dxflrs/garage` and is stored on the [Docker Hub](https://hub.docker.com/r/dxflrs/garage/tags?page=1&ordering=last_updated).
|
Our docker image is currently named `lxpz/garage_amd64` and is stored on the [Docker Hub](https://hub.docker.com/r/lxpz/garage_amd64/tags?page=1&ordering=last_updated).
|
||||||
We encourage you to use a fixed tag (eg. `v0.8.0`) and not the `latest` tag.
|
We encourage you to use a fixed tag (eg. `v0.4.0`) and not the `latest` tag.
|
||||||
For this example, we will use the latest published version at the time of the writing which is `v0.8.0` but it's up to you
|
For this example, we will use the latest published version at the time of the writing which is `v0.4.0` but it's up to you
|
||||||
to check [the most recent versions on the Docker Hub](https://hub.docker.com/r/dxflrs/garage/tags?page=1&ordering=last_updated).
|
to check [the most recent versions on the Docker Hub](https://hub.docker.com/r/lxpz/garage_amd64/tags?page=1&ordering=last_updated).
|
||||||
|
|
||||||
For example:
|
For example:
|
||||||
|
|
||||||
```
|
```
|
||||||
sudo docker pull dxflrs/garage:v0.8.0
|
sudo docker pull lxpz/garage_amd64:v0.4.0
|
||||||
```
|
```
|
||||||
|
|
||||||
## Deploying and configuring Garage
|
## Deploying and configuring Garage
|
||||||
|
@ -109,25 +66,23 @@ especially you must consider the following folders/files:
|
||||||
this folder will be your main data storage and must be on a large storage (e.g. large HDD)
|
this folder will be your main data storage and must be on a large storage (e.g. large HDD)
|
||||||
|
|
||||||
|
|
||||||
A valid `/etc/garage.toml` for our cluster would look as follows:
|
A valid `/etc/garage/garage.toml` for our cluster would look as follows:
|
||||||
|
|
||||||
```toml
|
```toml
|
||||||
metadata_dir = "/var/lib/garage/meta"
|
metadata_dir = "/var/lib/garage/meta"
|
||||||
data_dir = "/var/lib/garage/data"
|
data_dir = "/var/lib/garage/data"
|
||||||
db_engine = "lmdb"
|
|
||||||
|
|
||||||
replication_mode = "3"
|
replication_mode = "3"
|
||||||
|
|
||||||
compression_level = 2
|
|
||||||
|
|
||||||
rpc_bind_addr = "[::]:3901"
|
rpc_bind_addr = "[::]:3901"
|
||||||
rpc_public_addr = "<this node's public IP>:3901"
|
rpc_public_addr = "<this node's public IP>:3901"
|
||||||
rpc_secret = "<RPC secret>"
|
rpc_secret = "<RPC secret>"
|
||||||
|
|
||||||
|
bootstrap_peers = []
|
||||||
|
|
||||||
[s3_api]
|
[s3_api]
|
||||||
s3_region = "garage"
|
s3_region = "garage"
|
||||||
api_bind_addr = "[::]:3900"
|
api_bind_addr = "[::]:3900"
|
||||||
root_domain = ".s3.garage"
|
|
||||||
|
|
||||||
[s3_web]
|
[s3_web]
|
||||||
bind_addr = "[::]:3902"
|
bind_addr = "[::]:3902"
|
||||||
|
@ -157,28 +112,13 @@ docker run \
|
||||||
-v /etc/garage.toml:/etc/garage.toml \
|
-v /etc/garage.toml:/etc/garage.toml \
|
||||||
-v /var/lib/garage/meta:/var/lib/garage/meta \
|
-v /var/lib/garage/meta:/var/lib/garage/meta \
|
||||||
-v /var/lib/garage/data:/var/lib/garage/data \
|
-v /var/lib/garage/data:/var/lib/garage/data \
|
||||||
dxflrs/garage:v0.8.0
|
lxpz/garage_amd64:v0.4.0
|
||||||
```
|
```
|
||||||
|
|
||||||
It should be restarted automatically at each reboot.
|
It should be restarted automatically at each reboot.
|
||||||
Please note that we use host networking as otherwise Docker containers
|
Please note that we use host networking as otherwise Docker containers
|
||||||
can not communicate with IPv6.
|
can not communicate with IPv6.
|
||||||
|
|
||||||
If you want to use `docker-compose`, you may use the following `docker-compose.yml` file as a reference:
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
version: "3"
|
|
||||||
services:
|
|
||||||
garage:
|
|
||||||
image: dxflrs/garage:v0.8.0
|
|
||||||
network_mode: "host"
|
|
||||||
restart: unless-stopped
|
|
||||||
volumes:
|
|
||||||
- /etc/garage.toml:/etc/garage.toml
|
|
||||||
- /var/lib/garage/meta:/var/lib/garage/meta
|
|
||||||
- /var/lib/garage/data:/var/lib/garage/data
|
|
||||||
```
|
|
||||||
|
|
||||||
Upgrading between Garage versions should be supported transparently,
|
Upgrading between Garage versions should be supported transparently,
|
||||||
but please check the relase notes before doing so!
|
but please check the relase notes before doing so!
|
||||||
To upgrade, simply stop and remove this container and
|
To upgrade, simply stop and remove this container and
|
||||||
|
@ -203,7 +143,7 @@ At this point, nodes are not yet talking to one another.
|
||||||
Your output should therefore look like follows:
|
Your output should therefore look like follows:
|
||||||
|
|
||||||
```
|
```
|
||||||
Mercury$ garage status
|
Mercury$ garage node-id
|
||||||
==== HEALTHY NODES ====
|
==== HEALTHY NODES ====
|
||||||
ID Hostname Address Tag Zone Capacity
|
ID Hostname Address Tag Zone Capacity
|
||||||
563e1ac825ee3323… Mercury [fc00:1::1]:3901 NO ROLE ASSIGNED
|
563e1ac825ee3323… Mercury [fc00:1::1]:3901 NO ROLE ASSIGNED
|
||||||
|
@ -216,14 +156,14 @@ When your Garage nodes first start, they will generate a local node identifier
|
||||||
(based on a public/private key pair).
|
(based on a public/private key pair).
|
||||||
|
|
||||||
To obtain the node identifier of a node, once it is generated,
|
To obtain the node identifier of a node, once it is generated,
|
||||||
run `garage node id`.
|
run `garage node-id`.
|
||||||
This will print keys as follows:
|
This will print keys as follows:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
Mercury$ garage node id
|
Mercury$ garage node-id
|
||||||
563e1ac825ee3323aa441e72c26d1030d6d4414aeb3dd25287c531e7fc2bc95d@[fc00:1::1]:3901
|
563e1ac825ee3323aa441e72c26d1030d6d4414aeb3dd25287c531e7fc2bc95d@[fc00:1::1]:3901
|
||||||
|
|
||||||
Venus$ garage node id
|
Venus$ garage node-id
|
||||||
86f0f26ae4afbd59aaf9cfb059eefac844951efd5b8caeec0d53f4ed6c85f332@[fc00:1::2]:3901
|
86f0f26ae4afbd59aaf9cfb059eefac844951efd5b8caeec0d53f4ed6c85f332@[fc00:1::2]:3901
|
||||||
|
|
||||||
etc.
|
etc.
|
||||||
|
@ -250,22 +190,20 @@ ID Hostname Address Tag Zone Capa
|
||||||
212f7572f0c89da9… Mars [fc00:F::1]:3901 NO ROLE ASSIGNED
|
212f7572f0c89da9… Mars [fc00:F::1]:3901 NO ROLE ASSIGNED
|
||||||
```
|
```
|
||||||
|
|
||||||
## Creating a cluster layout
|
## Giving roles to nodes
|
||||||
|
|
||||||
We will now inform Garage of the disk space available on each node of the cluster
|
We will now inform Garage of the disk space available on each node of the cluster
|
||||||
as well as the zone (e.g. datacenter) in which each machine is located.
|
as well as the zone (e.g. datacenter) in which each machine is located.
|
||||||
This information is called the **cluster layout** and consists
|
|
||||||
of a role that is assigned to each active cluster node.
|
|
||||||
|
|
||||||
For our example, we will suppose we have the following infrastructure
|
For our example, we will suppose we have the following infrastructure
|
||||||
(Capacity, Identifier and Zone are specific values to Garage described in the following):
|
(Capacity, Identifier and Zone are specific values to Garage described in the following):
|
||||||
|
|
||||||
| Location | Name | Disk Space | `Capacity` | `Identifier` | `Zone` |
|
| Location | Name | Disk Space | `Capacity` | `Identifier` | `Zone` |
|
||||||
|----------|---------|------------|------------|--------------|--------------|
|
|----------|---------|------------|------------|--------------|--------------|
|
||||||
| Paris | Mercury | 1 TB | `10` | `563e` | `par1` |
|
| Paris | Mercury | 1 To | `2` | `563e` | `par1` |
|
||||||
| Paris | Venus | 2 TB | `20` | `86f0` | `par1` |
|
| Paris | Venus | 2 To | `4` | `86f0` | `par1` |
|
||||||
| London | Earth | 2 TB | `20` | `6814` | `lon1` |
|
| London | Earth | 2 To | `4` | `6814` | `lon1` |
|
||||||
| Brussels | Mars | 1.5 TB | `15` | `212f` | `bru1` |
|
| Brussels | Mars | 1.5 To | `3` | `212f` | `bru1` |
|
||||||
|
|
||||||
#### Node identifiers
|
#### Node identifiers
|
||||||
|
|
||||||
|
@ -300,9 +238,13 @@ in order to provide high availability despite failure of a zone.
|
||||||
|
|
||||||
Garage reasons on an abstract metric about disk storage that is named the *capacity* of a node.
|
Garage reasons on an abstract metric about disk storage that is named the *capacity* of a node.
|
||||||
The capacity configured in Garage must be proportional to the disk space dedicated to the node.
|
The capacity configured in Garage must be proportional to the disk space dedicated to the node.
|
||||||
|
Due to the way the Garage allocation algorithm works, capacity values must
|
||||||
|
be **integers**, and must be **as small as possible**, for instance with
|
||||||
|
1 representing the size of your smallest server.
|
||||||
|
|
||||||
Capacity values must be **integers** but can be given any signification.
|
Here we chose that 1 unit of capacity = 0.5 To, so that we can express servers of size
|
||||||
Here we chose that 1 unit of capacity = 100 GB.
|
1 To and 2 To, as wel as the intermediate size 1.5 To, with the integer values 2, 4 and
|
||||||
|
3 respectively (see table above).
|
||||||
|
|
||||||
Note that the amount of data stored by Garage on each server may not be strictly proportional to
|
Note that the amount of data stored by Garage on each server may not be strictly proportional to
|
||||||
its capacity value, as Garage will priorize having 3 copies of data in different zones,
|
its capacity value, as Garage will priorize having 3 copies of data in different zones,
|
||||||
|
@ -314,36 +256,20 @@ have 66% chance of being stored by Venus and 33% chance of being stored by Mercu
|
||||||
|
|
||||||
Given the information above, we will configure our cluster as follow:
|
Given the information above, we will configure our cluster as follow:
|
||||||
|
|
||||||
```bash
|
|
||||||
garage layout assign 563e -z par1 -c 10 -t mercury
|
|
||||||
garage layout assign 86f0 -z par1 -c 20 -t venus
|
|
||||||
garage layout assign 6814 -z lon1 -c 20 -t earth
|
|
||||||
garage layout assign 212f -z bru1 -c 15 -t mars
|
|
||||||
```
|
```
|
||||||
|
garage node configure -z par1 -c 2 -t mercury 563e
|
||||||
At this point, the changes in the cluster layout have not yet been applied.
|
garage node configure -z par1 -c 4 -t venus 86f0
|
||||||
To show the new layout that will be applied, call:
|
garage node configure -z lon1 -c 4 -t earth 6814
|
||||||
|
garage node configure -z bru1 -c 3 -t mars 212f
|
||||||
```bash
|
|
||||||
garage layout show
|
|
||||||
```
|
```
|
||||||
|
|
||||||
Once you are satisfied with your new layout, apply it with:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
garage layout apply
|
|
||||||
```
|
|
||||||
|
|
||||||
**WARNING:** if you want to use the layout modification commands in a script,
|
|
||||||
make sure to read [this page](@/documentation/reference-manual/layout.md) first.
|
|
||||||
|
|
||||||
|
|
||||||
## Using your Garage cluster
|
## Using your Garage cluster
|
||||||
|
|
||||||
Creating buckets and managing keys is done using the `garage` CLI,
|
Creating buckets and managing keys is done using the `garage` CLI,
|
||||||
and is covered in the [quick start guide](@/documentation/quick-start/_index.md).
|
and is covered in the [quick start guide](../quick_start/index.md).
|
||||||
Remember also that the CLI is self-documented thanks to the `--help` flag and
|
Remember also that the CLI is self-documented thanks to the `--help` flag and
|
||||||
the `help` subcommand (e.g. `garage help`, `garage key --help`).
|
the `help` subcommand (e.g. `garage help`, `garage key --help`).
|
||||||
|
|
||||||
Configuring S3-compatible applicatiosn to interact with Garage
|
Configuring an S3 client to interact with Garage is covered
|
||||||
is covered in the [Integrations](@/documentation/connect/_index.md) section.
|
[in the next section](clients.md).
|
|
@ -1,7 +1,4 @@
|
||||||
+++
|
# Recovering from failures
|
||||||
title = "Recovering from failures"
|
|
||||||
weight = 50
|
|
||||||
+++
|
|
||||||
|
|
||||||
Garage is meant to work on old, second-hand hardware.
|
Garage is meant to work on old, second-hand hardware.
|
||||||
In particular, this makes it likely that some of your drives will fail, and some manual intervention will be needed.
|
In particular, this makes it likely that some of your drives will fail, and some manual intervention will be needed.
|
||||||
|
@ -31,10 +28,8 @@ and you should instead use one of the methods detailed in the next sections.
|
||||||
|
|
||||||
Removing a node is done with the following command:
|
Removing a node is done with the following command:
|
||||||
|
|
||||||
```bash
|
```
|
||||||
garage layout remove <node_id>
|
garage node remove --yes <node_id>
|
||||||
garage layout show # review the changes you are making
|
|
||||||
garage layout apply # once satisfied, apply the changes
|
|
||||||
```
|
```
|
||||||
|
|
||||||
(you can get the `node_id` of the failed node by running `garage status`)
|
(you can get the `node_id` of the failed node by running `garage status`)
|
||||||
|
@ -55,7 +50,7 @@ We just need to tell Garage to get back all the data blocks and store them on th
|
||||||
First, set up a new HDD to store Garage's data directory on the failed node, and restart Garage using
|
First, set up a new HDD to store Garage's data directory on the failed node, and restart Garage using
|
||||||
the existing configuration. Then, run:
|
the existing configuration. Then, run:
|
||||||
|
|
||||||
```bash
|
```
|
||||||
garage repair -a --yes blocks
|
garage repair -a --yes blocks
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -63,7 +58,7 @@ This will re-synchronize blocks of data that are missing to the new HDD, reading
|
||||||
|
|
||||||
You can check on the advancement of this process by doing the following command:
|
You can check on the advancement of this process by doing the following command:
|
||||||
|
|
||||||
```bash
|
```
|
||||||
garage stats -a
|
garage stats -a
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -94,16 +89,14 @@ might be faster but most of the pieces will be deleted anyway from the disk and
|
||||||
|
|
||||||
First, set up a new drive to store the metadata directory for the replacement node (a SSD is recommended),
|
First, set up a new drive to store the metadata directory for the replacement node (a SSD is recommended),
|
||||||
and for the data directory if necessary. You can then start Garage on the new node.
|
and for the data directory if necessary. You can then start Garage on the new node.
|
||||||
The restarted node should generate a new node ID, and it should be shown with `NO ROLE ASSIGNED` in `garage status`.
|
The restarted node should generate a new node ID, and it should be shown as `NOT CONFIGURED` in `garage status`.
|
||||||
The ID of the lost node should be shown in `garage status` in the section for disconnected/unavailable nodes.
|
The ID of the lost node should be shown in `garage status` in the section for disconnected/unavailable nodes.
|
||||||
|
|
||||||
Then, replace the broken node by the new one, using:
|
Then, replace the broken node by the new one, using:
|
||||||
|
|
||||||
```bash
|
```
|
||||||
garage layout assign <new_node_id> --replace <old_node_id> \
|
garage node configure --replace <old_node_id> \
|
||||||
-c <capacity> -z <zone> -t <node_tag>
|
-c <capacity> -z <zone> -t <node_tag> <new_node_id>
|
||||||
garage layout show # review the changes you are making
|
|
||||||
garage layout apply # once satisfied, apply the changes
|
|
||||||
```
|
```
|
||||||
|
|
||||||
Garage will then start synchronizing all required data on the new node.
|
Garage will then start synchronizing all required data on the new node.
|
165
doc/book/src/cookbook/reverse_proxy.md
Normal file
|
@ -0,0 +1,165 @@
|
||||||
|
# Configuring a reverse proxy
|
||||||
|
|
||||||
|
The main reason to add a reverse proxy in front of Garage is to provide TLS to your users.
|
||||||
|
|
||||||
|
In production you will likely need your certificates signed by a certificate authority.
|
||||||
|
The most automated way is to use a provider supporting the [ACME protocol](https://datatracker.ietf.org/doc/html/rfc8555)
|
||||||
|
such as [Let's Encrypt](https://letsencrypt.org/), [ZeroSSL](https://zerossl.com/) or [Buypass Go SSL](https://www.buypass.com/ssl/products/acme).
|
||||||
|
|
||||||
|
If you are only testing Garage, you can generate a self-signed certificate to follow the documentation:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
openssl req \
|
||||||
|
-new \
|
||||||
|
-x509 \
|
||||||
|
-keyout /tmp/garage.key \
|
||||||
|
-out /tmp/garage.crt \
|
||||||
|
-nodes \
|
||||||
|
-subj "/C=XX/ST=XX/L=XX/O=XX/OU=XX/CN=localhost/emailAddress=X@X.XX" \
|
||||||
|
-addext "subjectAltName = DNS:localhost, IP:127.0.0.1"
|
||||||
|
|
||||||
|
cat /tmp/garage.key /tmp/garage.crt > /tmp/garage.pem
|
||||||
|
```
|
||||||
|
|
||||||
|
Be careful as you will need to allow self signed certificates in your client.
|
||||||
|
For example, with minio, you must add the `--insecure` flag.
|
||||||
|
An example:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
mc ls --insecure garage/
|
||||||
|
```
|
||||||
|
|
||||||
|
## socat (only for testing purposes)
|
||||||
|
|
||||||
|
If you want to test Garage with a TLS frontend, socat can do it for you in a single command:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
socat \
|
||||||
|
"openssl-listen:443,\
|
||||||
|
reuseaddr,\
|
||||||
|
fork,\
|
||||||
|
verify=0,\
|
||||||
|
cert=/tmp/garage.pem" \
|
||||||
|
tcp4-connect:localhost:3900
|
||||||
|
```
|
||||||
|
|
||||||
|
## Nginx
|
||||||
|
|
||||||
|
Nginx is a well-known reverse proxy suitable for production.
|
||||||
|
We do the configuration in 3 steps: first we define the upstream blocks ("the backends")
|
||||||
|
then we define the server blocks ("the frontends") for the S3 endpoint and finally for the web endpoint.
|
||||||
|
|
||||||
|
The following configuration blocks can be all put in the same `/etc/nginx/sites-available/garage.conf`.
|
||||||
|
To make your configuration active, run `ln -s /etc/nginx/sites-available/garage.conf /etc/nginx/sites-enabled/`.
|
||||||
|
If you directly put the instructions in the root `nginx.conf`, keep in mind that these configurations must be enclosed inside a `http { }` block.
|
||||||
|
|
||||||
|
And do not forget to reload nginx with `systemctl reload nginx` or `nginx -s reload`.
|
||||||
|
|
||||||
|
### Defining backends
|
||||||
|
|
||||||
|
First, we need to tell to nginx how to access our Garage cluster.
|
||||||
|
Because we have multiple nodes, we want to leverage all of them by spreading the load.
|
||||||
|
|
||||||
|
In nginx, we can do that with the upstream directive.
|
||||||
|
Because we have 2 endpoints: one for the S3 API and one to serve websites,
|
||||||
|
we create 2 backends named respectively `s3_backend` and `web_backend`.
|
||||||
|
|
||||||
|
A documented example for the `s3_backend` assuming you chose port 3900:
|
||||||
|
|
||||||
|
```nginx
|
||||||
|
upstream s3_backend {
|
||||||
|
# if you have a garage instance locally
|
||||||
|
server 127.0.0.1:3900;
|
||||||
|
# you can also put your other instances
|
||||||
|
server 192.168.1.3:3900;
|
||||||
|
# domain names also work
|
||||||
|
server garage1.example.com:3900;
|
||||||
|
# you can assign weights if you have some servers
|
||||||
|
# that are more powerful than others
|
||||||
|
server garage2.example.com:3900 weight=2;
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
A similar example for the `web_backend` assuming you chose port 3902:
|
||||||
|
|
||||||
|
```nginx
|
||||||
|
upstream web_backend {
|
||||||
|
server 127.0.0.1:3902;
|
||||||
|
server 192.168.1.3:3902;
|
||||||
|
server garage1.example.com:3902;
|
||||||
|
server garage2.example.com:3902 weight=2;
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
### Exposing the S3 API
|
||||||
|
|
||||||
|
The configuration section for the S3 API is simple as we only support path-access style yet.
|
||||||
|
We simply configure the TLS parameters and forward all the requests to the backend:
|
||||||
|
|
||||||
|
```nginx
|
||||||
|
server {
|
||||||
|
listen [::]:443 http2 ssl;
|
||||||
|
ssl_certificate /tmp/garage.crt;
|
||||||
|
ssl_certificate_key /tmp/garage.key;
|
||||||
|
|
||||||
|
# should be the endpoint you want
|
||||||
|
# aws uses s3.amazonaws.com for example
|
||||||
|
server_name garage.example.com;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://s3_backend;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
|
### Exposing the web endpoint
|
||||||
|
|
||||||
|
The web endpoint is a bit more complicated to configure as it listens on many different `Host` fields.
|
||||||
|
To better understand the logic involved, you can refer to the [Exposing buckets as websites](/cookbook/exposing_websites.html) section.
|
||||||
|
Also, for some applications, you may need to serve CORS headers: Garage can not serve them directly but we show how we can use nginx to serve them.
|
||||||
|
You can use the following example as your starting point:
|
||||||
|
|
||||||
|
```nginx
|
||||||
|
server {
|
||||||
|
listen [::]:443 http2 ssl;
|
||||||
|
ssl_certificate /tmp/garage.crt;
|
||||||
|
ssl_certificate_key /tmp/garage.key;
|
||||||
|
|
||||||
|
# We list all the Hosts fields that can access our buckets
|
||||||
|
server_name *.web.garage
|
||||||
|
example.com
|
||||||
|
my-site.tld
|
||||||
|
;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
# Add these headers only if you want to allow CORS requests
|
||||||
|
# For production use, more specific rules would be better for your security
|
||||||
|
add_header Access-Control-Allow-Origin *;
|
||||||
|
add_header Access-Control-Max-Age 3600;
|
||||||
|
add_header Access-Control-Expose-Headers Content-Length;
|
||||||
|
add_header Access-Control-Allow-Headers Range;
|
||||||
|
|
||||||
|
# We do not forward OPTIONS requests to Garage
|
||||||
|
# as it does not support them but they are needed for CORS.
|
||||||
|
if ($request_method = OPTIONS) {
|
||||||
|
return 200;
|
||||||
|
}
|
||||||
|
|
||||||
|
proxy_pass http://web_backend;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
## Apache httpd
|
||||||
|
|
||||||
|
@TODO
|
||||||
|
|
||||||
|
## Traefik
|
||||||
|
|
||||||
|
@TODO
|
|
@ -1,7 +1,4 @@
|
||||||
+++
|
# Starting Garage with systemd
|
||||||
title = "Starting Garage with systemd"
|
|
||||||
weight = 15
|
|
||||||
+++
|
|
||||||
|
|
||||||
We make some assumptions for this systemd deployment.
|
We make some assumptions for this systemd deployment.
|
||||||
|
|
3
doc/book/src/cookbook/website.md
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
# Hosting a website
|
||||||
|
|
||||||
|
TODO
|
|
@ -1,7 +1,4 @@
|
||||||
+++
|
# Design draft
|
||||||
title = "Design draft (obsolete)"
|
|
||||||
weight = 900
|
|
||||||
+++
|
|
||||||
|
|
||||||
**WARNING: this documentation is a design draft which was written before Garage's actual implementation.
|
**WARNING: this documentation is a design draft which was written before Garage's actual implementation.
|
||||||
The general principle are similar, but details have not been updated.**
|
The general principle are similar, but details have not been updated.**
|
||||||
|
@ -162,4 +159,4 @@ Number K of tokens per node: decided by the operator & stored in the operator's
|
||||||
- CDC: <https://www.usenix.org/system/files/conference/atc16/atc16-paper-xia.pdf>
|
- CDC: <https://www.usenix.org/system/files/conference/atc16/atc16-paper-xia.pdf>
|
||||||
- Erasure coding: <http://web.eecs.utk.edu/~jplank/plank/papers/CS-08-627.html>
|
- Erasure coding: <http://web.eecs.utk.edu/~jplank/plank/papers/CS-08-627.html>
|
||||||
- [Openstack Storage Concepts](https://docs.openstack.org/arch-design/design-storage/design-storage-concepts.html)
|
- [Openstack Storage Concepts](https://docs.openstack.org/arch-design/design-storage/design-storage-concepts.html)
|
||||||
- [RADOS](https://doi.org/10.1145/1374596.1374606) [[pdf](https://ceph.com/assets/pdfs/weil-rados-pdsw07.pdf)]
|
- [RADOS](https://ceph.com/wp-content/uploads/2016/08/weil-rados-pdsw07.pdf)
|
5
doc/book/src/design/index.md
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
# Design
|
||||||
|
|
||||||
|
The design section helps you to see Garage from a "big picture" perspective.
|
||||||
|
It will allow you to understand if Garage is a good fit for you,
|
||||||
|
how to better use it, how to contribute to it, what can Garage could and could not do, etc.
|
|
@ -1,67 +1,18 @@
|
||||||
+++
|
# Internals
|
||||||
title = "Internals"
|
|
||||||
weight = 20
|
|
||||||
+++
|
|
||||||
|
|
||||||
## Overview
|
## Overview
|
||||||
|
|
||||||
TODO: write this section
|
TODO: write this section
|
||||||
|
|
||||||
- The Dynamo ring (see [this paper](https://dl.acm.org/doi/abs/10.1145/1323293.1294281) and [that paper](https://www.usenix.org/conference/nsdi16/technical-sessions/presentation/eisenbud))
|
- The Dynamo ring
|
||||||
|
|
||||||
- CRDTs (see [this paper](https://link.springer.com/chapter/10.1007/978-3-642-24550-3_29))
|
- CRDTs
|
||||||
|
|
||||||
- Consistency model of Garage tables
|
- Consistency model of Garage tables
|
||||||
|
|
||||||
In the meantime, you can find some information at the following links:
|
See this presentation (in French) for some first information:
|
||||||
|
<https://git.deuxfleurs.fr/Deuxfleurs/garage/src/branch/main/doc/talks/2020-12-02_wide-team/talk.pdf>
|
||||||
|
|
||||||
- [this presentation (in French)](https://git.deuxfleurs.fr/Deuxfleurs/garage/src/branch/main/doc/talks/2020-12-02_wide-team/talk.pdf)
|
|
||||||
|
|
||||||
- [an old design draft](@/documentation/working-documents/design-draft.md)
|
|
||||||
|
|
||||||
|
|
||||||
## Request routing logic
|
|
||||||
|
|
||||||
Data retrieval requests to Garage endpoints (S3 API and websites) are resolved
|
|
||||||
to an individual object in a bucket. Since objects are replicated to multiple nodes
|
|
||||||
Garage must ensure consistency before answering the request.
|
|
||||||
|
|
||||||
### Using quorum to ensure consistency
|
|
||||||
|
|
||||||
Garage ensures consistency by attempting to establish a quorum with the
|
|
||||||
data nodes responsible for the object. When a majority of the data nodes
|
|
||||||
have provided metadata on a object Garage can then answer the request.
|
|
||||||
|
|
||||||
When a request arrives Garage will, assuming the recommended 3 replicas, perform the following actions:
|
|
||||||
|
|
||||||
- Make a request to the two preferred nodes for object metadata
|
|
||||||
- Try the third node if one of the two initial requests fail
|
|
||||||
- Check that the metadata from at least 2 nodes match
|
|
||||||
- Check that the object hasn't been marked deleted
|
|
||||||
- Answer the request with inline data from metadata if object is small enough
|
|
||||||
- Or get data blocks from the preferred nodes and answer using the assembled object
|
|
||||||
|
|
||||||
Garage dynamically determines which nodes to query based on health, preference, and
|
|
||||||
which nodes actually host a given data. Garage has no concept of "primary" so any
|
|
||||||
healthy node with the data can be used as long as a quorum is reached for the metadata.
|
|
||||||
|
|
||||||
### Node health
|
|
||||||
|
|
||||||
Garage keeps a TCP session open to each node in the cluster and periodically pings them. If a connection
|
|
||||||
cannot be established, or a node fails to answer a number of pings, the target node is marked as failed.
|
|
||||||
Failed nodes are not used for quorum or other internal requests.
|
|
||||||
|
|
||||||
### Node preference
|
|
||||||
|
|
||||||
Garage prioritizes which nodes to query according to a few criteria:
|
|
||||||
|
|
||||||
- A node always prefers itself if it can answer the request
|
|
||||||
- Then the node prioritizes nodes in the same zone
|
|
||||||
- Finally the nodes with the lowest latency are prioritized
|
|
||||||
|
|
||||||
|
|
||||||
For further reading on the cluster structure look at the [gateway](@/documentation/cookbook/gateways.md)
|
|
||||||
and [cluster layout management](@/documentation/reference-manual/layout.md) pages.
|
|
||||||
|
|
||||||
## Garbage collection
|
## Garbage collection
|
||||||
|
|
|
@ -1,7 +1,4 @@
|
||||||
+++
|
# Related Work
|
||||||
title = "Related work"
|
|
||||||
weight = 50
|
|
||||||
+++
|
|
||||||
|
|
||||||
## Context
|
## Context
|
||||||
|
|
||||||
|
@ -24,7 +21,7 @@ Openstack Cinder proxy previous solution to provide an uniform API.
|
||||||
File storage provides a higher abstraction, they are one filesystem among others, which means they don't necessarily have all the exotic features of every filesystem.
|
File storage provides a higher abstraction, they are one filesystem among others, which means they don't necessarily have all the exotic features of every filesystem.
|
||||||
Often, they relax some POSIX constraints while many applications will still be compatible without any modification.
|
Often, they relax some POSIX constraints while many applications will still be compatible without any modification.
|
||||||
As an example, we are able to run MariaDB (very slowly) over GlusterFS...
|
As an example, we are able to run MariaDB (very slowly) over GlusterFS...
|
||||||
We can also mention CephFS (read [RADOS](https://doi.org/10.1145/1374596.1374606) whitepaper [[pdf](https://ceph.com/assets/pdfs/weil-rados-pdsw07.pdf)]), Lustre, LizardFS, MooseFS, etc.
|
We can also mention CephFS (read [RADOS](https://ceph.com/wp-content/uploads/2016/08/weil-rados-pdsw07.pdf) whitepaper), Lustre, LizardFS, MooseFS, etc.
|
||||||
OpenStack Manila proxy previous solutions to provide an uniform API.
|
OpenStack Manila proxy previous solutions to provide an uniform API.
|
||||||
|
|
||||||
Finally object storages provide the highest level abstraction.
|
Finally object storages provide the highest level abstraction.
|
||||||
|
@ -44,35 +41,14 @@ There were many attempts in research too. I am only thinking to [LBFS](https://p
|
||||||
|
|
||||||
## Existing software
|
## Existing software
|
||||||
|
|
||||||
**[MinIO](https://min.io/):** MinIO shares our *Self-contained & lightweight* goal but selected two of our non-goals: *Storage optimizations* through erasure coding and *POSIX/Filesystem compatibility* through strong consistency.
|
**[Pithos](https://github.com/exoscale/pithos) :**
|
||||||
However, by pursuing these two non-goals, MinIO do not reach our desirable properties.
|
|
||||||
Firstly, it fails on the *Simple* property: due to the erasure coding, MinIO has severe limitations on how drives can be added or deleted from a cluster.
|
|
||||||
Secondly, it fails on the *Internet enabled* property: due to its strong consistency, MinIO is latency sensitive.
|
|
||||||
Furthermore, MinIO has no knowledge of "sites" and thus can not distribute data to minimize the failure of a given site.
|
|
||||||
|
|
||||||
**[Openstack Swift](https://docs.openstack.org/swift/latest/):**
|
|
||||||
OpenStack Swift at least fails on the *Self-contained & lightweight* goal.
|
|
||||||
Starting it requires around 8GB of RAM, which is too much especially in an hyperconverged infrastructure.
|
|
||||||
We also do not classify Swift as *Simple*.
|
|
||||||
|
|
||||||
**[Ceph](https://ceph.io/ceph-storage/object-storage/):**
|
|
||||||
This review holds for the whole Ceph stack, including the RADOS paper, Ceph Object Storage module, the RADOS Gateway, etc.
|
|
||||||
At its core, Ceph has been designed to provide *POSIX/Filesystem compatibility* which requires strong consistency, which in turn
|
|
||||||
makes Ceph latency-sensitive and fails our *Internet enabled* goal.
|
|
||||||
Due to its industry oriented design, Ceph is also far from being *Simple* to operate and from being *Self-contained & lightweight* which makes it hard to integrate it in an hyperconverged infrastructure.
|
|
||||||
In a certain way, Ceph and MinIO are closer together than they are from Garage or OpenStack Swift.
|
|
||||||
|
|
||||||
**[Pithos](https://github.com/exoscale/pithos):**
|
|
||||||
Pithos has been abandonned and should probably not used yet, in the following we explain why we did not pick their design.
|
Pithos has been abandonned and should probably not used yet, in the following we explain why we did not pick their design.
|
||||||
Pithos was relying as a S3 proxy in front of Cassandra (and was working with Scylla DB too).
|
Pithos was relying as a S3 proxy in front of Cassandra (and was working with Scylla DB too).
|
||||||
From its designers' mouth, storing data in Cassandra has shown its limitations justifying the project abandonment.
|
From its designers' mouth, storing data in Cassandra has shown its limitations justifying the project abandonment.
|
||||||
They built a closed-source version 2 that does not store blobs in the database (only metadata) but did not communicate further on it.
|
They built a closed-source version 2 that does not store blobs in the database (only metadata) but did not communicate further on it.
|
||||||
We considered there v2's design but concluded that it does not fit both our *Self-contained & lightweight* and *Simple* properties. It makes the development, the deployment and the operations more complicated while reducing the flexibility.
|
We considered there v2's design but concluded that it does not fit both our *Self-contained & lightweight* and *Simple* properties. It makes the development, the deployment and the operations more complicated while reducing the flexibility.
|
||||||
|
|
||||||
**[Riak CS](https://docs.riak.com/riak/cs/2.1.1/index.html):**
|
**[IPFS](https://ipfs.io/) :**
|
||||||
*Not written yet*
|
|
||||||
|
|
||||||
**[IPFS](https://ipfs.io/):**
|
|
||||||
*Not written yet*
|
*Not written yet*
|
||||||
|
|
||||||
## Specific research papers
|
## Specific research papers
|
|
@ -1,7 +1,4 @@
|
||||||
+++
|
# Setup your development environment
|
||||||
title = "Setup your environment"
|
|
||||||
weight = 5
|
|
||||||
+++
|
|
||||||
|
|
||||||
Depending on your tastes, you can bootstrap your development environment in a traditional Rust way or through Nix.
|
Depending on your tastes, you can bootstrap your development environment in a traditional Rust way or through Nix.
|
||||||
|
|
4
doc/book/src/development/index.md
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
# Development
|
||||||
|
|
||||||
|
Now that you are a Garage expert, you want to enhance it, you are in the right place!
|
||||||
|
We discuss here how to hack on Garage, how we manage its development, etc.
|
|
@ -1,7 +1,4 @@
|
||||||
+++
|
# Miscellaneous Notes
|
||||||
title = "Miscellaneous notes"
|
|
||||||
weight = 20
|
|
||||||
+++
|
|
||||||
|
|
||||||
## Quirks about cargo2nix/rust in Nix
|
## Quirks about cargo2nix/rust in Nix
|
||||||
|
|
||||||
|
@ -16,6 +13,42 @@ We have a simple [PR on cargo2nix](https://github.com/cargo2nix/cargo2nix/pull/2
|
||||||
|
|
||||||
Nix has no armv7 + musl toolchains but armv7l is backward compatible with armv6l.
|
Nix has no armv7 + musl toolchains but armv7l is backward compatible with armv6l.
|
||||||
|
|
||||||
|
Signing keys are generated with:
|
||||||
|
|
||||||
|
```
|
||||||
|
nix-store --generate-binary-cache-key nix.web.deuxfleurs.fr cache-priv-key.pem cache-pub-key.pem
|
||||||
|
```
|
||||||
|
|
||||||
|
We copy the secret key in our nix folder:
|
||||||
|
|
||||||
|
```
|
||||||
|
cp cache-priv-key.pem /etc/nix/signing-key.sec
|
||||||
|
```
|
||||||
|
|
||||||
|
Manually sign
|
||||||
|
|
||||||
|
We can sign the whole store with:
|
||||||
|
|
||||||
|
```
|
||||||
|
nix sign-paths --all -k /etc/nix/signing-key.sec
|
||||||
|
```
|
||||||
|
|
||||||
|
Or simply the current package and its dependencies with:
|
||||||
|
|
||||||
|
```
|
||||||
|
nix sign-paths --recursive -k /etc/nix/signing-key.sec
|
||||||
|
```
|
||||||
|
|
||||||
|
Setting a key in `nix.conf` will do the signature at build time automatically without additional commands, edit the `nix.conf` of your builder:
|
||||||
|
|
||||||
|
```toml
|
||||||
|
secret-key-files = /etc/nix/signing-key.sec
|
||||||
|
max-jobs = auto
|
||||||
|
cores = 8
|
||||||
|
```
|
||||||
|
|
||||||
|
Now you are ready to build your packages:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
cat > $HOME/.awsrc <<EOF
|
cat > $HOME/.awsrc <<EOF
|
||||||
export AWS_ACCESS_KEY_ID="xxx"
|
export AWS_ACCESS_KEY_ID="xxx"
|
|
@ -1,7 +1,4 @@
|
||||||
+++
|
# Release process
|
||||||
title = "Release process"
|
|
||||||
weight = 15
|
|
||||||
+++
|
|
||||||
|
|
||||||
Before releasing a new version of Garage, our code pass through a succession of checks and transformations.
|
Before releasing a new version of Garage, our code pass through a succession of checks and transformations.
|
||||||
We define them as our release process.
|
We define them as our release process.
|
||||||
|
@ -32,10 +29,9 @@ We generate the following binary artifacts for now:
|
||||||
- **os**: linux
|
- **os**: linux
|
||||||
- **format**: static binary, docker container
|
- **format**: static binary, docker container
|
||||||
|
|
||||||
Additionnaly we also build two web pages and one JSON document:
|
Additionnaly we also build two web pages:
|
||||||
- the documentation (this website)
|
- the documentation (this website)
|
||||||
- [the release page](https://garagehq.deuxfleurs.fr/_releases.html)
|
- [the release page](https://garagehq.deuxfleurs.fr/releases.html)
|
||||||
- [the release list in JSON format](https://garagehq.deuxfleurs.fr/_releases.json)
|
|
||||||
|
|
||||||
We publish the static binaries on our own garage cluster (you can access them through the releases page)
|
We publish the static binaries on our own garage cluster (you can access them through the releases page)
|
||||||
and the docker containers on Docker Hub.
|
and the docker containers on Docker Hub.
|
|
@ -1,7 +1,4 @@
|
||||||
+++
|
# Development scripts
|
||||||
title = "Development scripts"
|
|
||||||
weight = 10
|
|
||||||
+++
|
|
||||||
|
|
||||||
We maintain a `script/` folder that contains some useful script to ease testing on Garage.
|
We maintain a `script/` folder that contains some useful script to ease testing on Garage.
|
||||||
|
|
||||||
|
@ -34,7 +31,7 @@ You can inspect the detailed configuration, including ports, by inspecting `/tmp
|
||||||
This script also spawns a simple HTTPS reverse proxy through `socat` for the S3 endpoint that listens on port `4443`.
|
This script also spawns a simple HTTPS reverse proxy through `socat` for the S3 endpoint that listens on port `4443`.
|
||||||
Some libraries might require a TLS endpoint to work, refer to our issue [#64](https://git.deuxfleurs.fr/Deuxfleurs/garage/issues/64) for more detailed information on this subject.
|
Some libraries might require a TLS endpoint to work, refer to our issue [#64](https://git.deuxfleurs.fr/Deuxfleurs/garage/issues/64) for more detailed information on this subject.
|
||||||
|
|
||||||
This script covers the [Launching the garage server](@/documentation/quick-start/_index.md#launching-the-garage-server) section of our Quick start page.
|
This script covers the [Launching the garage server](/quick_start/index.html#launching-the-garage-server) section of our Quick start page.
|
||||||
|
|
||||||
### 2. Make them join the cluster
|
### 2. Make them join the cluster
|
||||||
|
|
||||||
|
@ -44,7 +41,7 @@ This script covers the [Launching the garage server](@/documentation/quick-start
|
||||||
|
|
||||||
This script will configure each instance by assigning them a zone (`dc1`) and a weight (`1`).
|
This script will configure each instance by assigning them a zone (`dc1`) and a weight (`1`).
|
||||||
|
|
||||||
This script covers the [Creating a cluster layout](@/documentation/quick-start/_index.md#creating-a-cluster-layout) section of our Quick start page.
|
This script covers the [Configuring your Garage node](/quick_start/index.html#configuring-your-garage-node) section of our Quick start page.
|
||||||
|
|
||||||
### 3. Create a key and a bucket
|
### 3. Create a key and a bucket
|
||||||
|
|
||||||
|
@ -55,7 +52,7 @@ This script covers the [Creating a cluster layout](@/documentation/quick-start/_
|
||||||
This script will create a bucket named `eprouvette` with a key having read and write rights on this bucket.
|
This script will create a bucket named `eprouvette` with a key having read and write rights on this bucket.
|
||||||
The key is stored in a filed named `/tmp/garage.s3` and can be used by the following tools to pre-configure them.
|
The key is stored in a filed named `/tmp/garage.s3` and can be used by the following tools to pre-configure them.
|
||||||
|
|
||||||
This script covers the [Creating buckets and keys](@/documentation/quick-start/_index.md#creating-buckets-and-keys) section of our Quick start page.
|
This script covers the [Creating buckets and keys](/quick_start/index.html#creating-buckets-and-keys) section of our Quick start page.
|
||||||
|
|
||||||
## Handlers for generic tools
|
## Handlers for generic tools
|
||||||
|
|
BIN
doc/book/src/img/eu-flag-logo.png
Normal file
After Width: | Height: | Size: 2.4 KiB |
44
doc/book/src/img/logo.svg
Normal file
|
@ -0,0 +1,44 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg" xmlns:cc="http://creativecommons.org/ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
|
||||||
|
<metadata>
|
||||||
|
<rdf:RDF>
|
||||||
|
<cc:Work rdf:about="">
|
||||||
|
<dc:format>image/svg+xml</dc:format>
|
||||||
|
<dc:type rdf:resource="http://purl.org/dc/dcmitype/StillImage"/>
|
||||||
|
<dc:title/>
|
||||||
|
</cc:Work>
|
||||||
|
</rdf:RDF>
|
||||||
|
</metadata>
|
||||||
|
<g stroke-width=".14689">
|
||||||
|
<path d="m20.613 10.981a2.2034 2.2034 0 0 1-0.73445-0.07638l-9.2042-2.4839a2.2342 2.2342 0 0 1-0.69332-0.32757z"/>
|
||||||
|
<g fill="#4e4e4e">
|
||||||
|
<path class="cls-1" d="m6.6028 26.612 1.3661-0.0088h0.01763q0.75796 0 0.75796 0.71389v2.3003a6.5748 6.5748 0 0 1-2.2886 0.37898q-1.2515 0-1.8861-0.8505t-0.63457-2.3179q0-1.4689 0.7888-2.2827a2.5823 2.5823 0 0 1 1.9301-0.81524 3.5371 3.5371 0 0 1 2.0667 0.64338 1.0385 1.0385 0 0 1-0.18068 0.46711 1.2603 1.2603 0 0 1-0.33932 0.35254 2.5926 2.5926 0 0 0-1.5027-0.51999 1.4175 1.4175 0 0 0-1.1854 0.54203q-0.42304 0.53909-0.42304 1.6966 0 2.1769 1.604 2.1769a4.4743 4.4743 0 0 0 0.97829-0.11457v-0.83728q0-0.3966 0.01763-0.58756h-0.64633a0.60519 0.60519 0 0 1-0.40101-0.11018 0.44067 0.44067 0 0 1-0.12779-0.35254 1.51 1.51 0 0 1 0.088134-0.47446z"/>
|
||||||
|
<path class="cls-1" d="m13.401 29.379a1.1413 1.1413 0 0 1-0.14689 0.31288 1.0664 1.0664 0 0 1-0.22474 0.25118 0.99592 0.99592 0 0 1-0.80937-0.51705 1.7847 1.7847 0 0 1-1.2603 0.56406q-0.67863 0-1.0282-0.3966a1.3573 1.3573 0 0 1-0.34372-0.9166q0-0.73445 0.48033-1.1149a1.9404 1.9404 0 0 1 1.2354-0.3687q0.40542 0 0.76677 0.03525v-0.2644q0-0.69626-0.66982-0.69626-0.47592 0-1.3485 0.31728a1.2368 1.2368 0 0 1-0.29378-0.78439 4.9164 4.9164 0 0 1 1.9096-0.3966 1.5526 1.5526 0 0 1 1.0752 0.37016q0.41423 0.37016 0.41423 1.1193v1.7979q-0.0029 0.48474 0.24384 0.68745zm-2.2122-0.22034a1.2471 1.2471 0 0 0 0.88134-0.42304v-0.77852a5.9182 5.9182 0 0 0-0.66982-0.03525 0.73445 0.73445 0 0 0-0.54643 0.18214 0.6331 0.6331 0 0 0-0.18508 0.46711 0.62282 0.62282 0 0 0 0.14689 0.44067 0.48768 0.48768 0 0 0 0.3731 0.14689z"/>
|
||||||
|
<path class="cls-1" d="m14.115 26.012a1.0547 1.0547 0 0 1 0.14689-0.32169 0.88134 0.88134 0 0 1 0.22474-0.25118 1.1017 1.1017 0 0 1 0.92982 0.78439q0.35254-0.78439 1.1369-0.78439a2.7028 2.7028 0 0 1 0.51118 0.06169 1.9786 1.9786 0 0 1-0.2644 1.0282 2.2357 2.2357 0 0 0-0.3966-0.05288q-0.53762 0-0.86372 0.57287v2.8174a3.0627 3.0627 0 0 1-0.53762 0.04407 3.3785 3.3785 0 0 1-0.55525-0.04407v-2.9525q-0.0059-0.6375-0.33197-0.90191z"/>
|
||||||
|
<path class="cls-1" d="m21.157 29.379a1.1413 1.1413 0 0 1-0.15423 0.31288 1.0664 1.0664 0 0 1-0.22474 0.25118 0.99592 0.99592 0 0 1-0.8079-0.51705 1.7847 1.7847 0 0 1-1.2603 0.56406q-0.67864 0-1.0282-0.3966a1.3573 1.3573 0 0 1-0.34372-0.9166q0-0.73445 0.48033-1.1149a1.9404 1.9404 0 0 1 1.2295-0.37457q0.40542 0 0.76677 0.03525v-0.2644q0-0.69626-0.66982-0.69626-0.47592 0-1.3485 0.31728a1.2368 1.2368 0 0 1-0.29378-0.7844 4.9164 4.9164 0 0 1 1.9096-0.3966 1.5526 1.5526 0 0 1 1.0752 0.37016q0.41423 0.37016 0.41423 1.1193v1.8038q0.0088 0.48474 0.25559 0.68745zm-2.2151-0.22034a1.2471 1.2471 0 0 0 0.88134-0.42304v-0.77852a5.9182 5.9182 0 0 0-0.66982-0.03525 0.73445 0.73445 0 0 0-0.54643 0.18508 0.6331 0.6331 0 0 0-0.18508 0.46711 0.62282 0.62282 0 0 0 0.14689 0.44067 0.48768 0.48768 0 0 0 0.3731 0.14395z"/>
|
||||||
|
<path class="cls-1" d="m22.241 29.344q-0.3966-0.60813-0.3966-1.679t0.50236-1.679a1.5188 1.5188 0 0 1 1.2074-0.60813 1.7039 1.7039 0 0 1 1.1898 0.44067 0.99739 0.99739 0 0 1 0.69626-0.37898 0.82552 0.82552 0 0 1 0.23356 0.24677 1.0282 1.0282 0 0 1 0.14689 0.30847q-0.24678 0.21152-0.24678 0.75796v2.4971q0 1.4013-0.4583 1.983-0.4583 0.58169-1.5071 0.58756a4.2598 4.2598 0 0 1-1.5776-0.29378 1.1854 1.1854 0 0 1 0.27322-0.80202 2.882 2.882 0 0 0 1.1854 0.27322q0.57728 0 0.79761-0.29378a1.322 1.322 0 0 0 0.22034-0.81084v-0.35254a1.6936 1.6936 0 0 1-1.1017 0.41423 1.3014 1.3014 0 0 1-1.1648-0.61106zm2.2651-0.71389v-2.0447a1.1355 1.1355 0 0 0-0.75796-0.36135 0.63604 0.63604 0 0 0-0.57728 0.37898 2.2988 2.2988 0 0 0-0.20712 1.0841q0 0.70508 0.18949 1.04a0.56406 0.56406 0 0 0 0.49796 0.33491 1.1193 1.1193 0 0 0 0.8549-0.43186z"/>
|
||||||
|
<path class="cls-1" d="m30.105 28.039h-2.4678a1.4924 1.4924 0 0 0 0.23356 0.80643q0.20712 0.28644 0.72711 0.28644a2.6778 2.6778 0 0 0 1.1546-0.30847 1.159 1.159 0 0 1 0.31728 0.66982 2.8467 2.8467 0 0 1-1.6966 0.50236q-0.99151 0-1.4234-0.64338-0.43186-0.64338-0.43186-1.6657 0-1.0282 0.47592-1.6657a1.5923 1.5923 0 0 1 1.3617-0.64338q0.88134 0 1.3617 0.53321a1.9434 1.9434 0 0 1 0.47593 1.344 3.4519 3.4519 0 0 1-0.08813 0.7844zm-1.701-1.8684q-0.7227 0-0.77558 1.0929h1.5335v-0.10576a1.25 1.25 0 0 0-0.18508-0.71389 0.64338 0.64338 0 0 0-0.567-0.27321z"/>
|
||||||
|
</g>
|
||||||
|
<path d="m17.034 3.0341a2.9114 2.9114 0 0 0-1.1462 0.24753l-11.697 5.1749a0.42304 0.42304 0 0 0-0.22169 0.56586 0.20418 0.20418 0 0 0 0.01757 0.04702l1.8769 3.7099h1.6288l-0.23151-1.2935c-0.0191-0.10429-0.18819-0.84337-0.3483-1.3751l5.4746 1.71c0.07196 0.34089 0.16746 0.65935 0.28112 0.9586h8.8765c0.0978-0.29932 0.17499-0.61834 0.22738-0.9586l5.4627-1.7053c-0.16011 0.53174-0.32713 1.2662-0.34623 1.3705l-0.23151 1.2935h1.6283l1.8593-3.6763 0.01757-0.03359 0.0181-0.04547a0.027909 0.027909 0 0 0 0-0.01188 0.39367 0.39367 0 0 0 0.01757-0.13643 0.41864 0.41864 0 0 0-0.26303-0.4191l-11.697-5.1749a2.9114 2.9114 0 0 0-1.2041-0.24753z" fill="#ffd952"/>
|
||||||
|
<path d="m17.034 5.4825a2.9114 2.9114 0 0 0-1.1462 0.24753l-11.697 5.1749a0.42304 0.42304 0 0 0-0.22169 0.56534 0.20418 0.20418 0 0 0 0.01757 0.04703l1.018 2.0118h2.1632c-0.068234-0.28802-0.15662-0.64282-0.25528-0.97049l3.1073 0.97048h14.121l3.0939-0.96583c-0.09841 0.32682-0.18541 0.67924-0.25321 0.96583h2.1627l1.0005-1.9782 0.01757-0.03359 0.0181-0.04547a0.027909 0.027909 0 0 0 0-0.01188 0.39367 0.39367 0 0 0 0.01757-0.13643 0.41864 0.41864 0 0 0-0.26303-0.41858l-11.697-5.1749a2.9114 2.9114 0 0 0-1.2041-0.24753z" fill="#49c8fa"/>
|
||||||
|
<path class="cls-2" d="m30.198 13.82a0.39367 0.39367 0 0 1-0.01762 0.13661 0.027909 0.027909 0 0 1 0 0.01175l-0.01762 0.04554-0.01762 0.03379-2.8306 5.5965c-0.39367 0.77705-1.1178 0.75355-0.99592-0.03232l0.56993-3.1817c0.0191-0.10429 0.18655-0.83874 0.34666-1.3705l-5.4629 1.7054c-0.85784 5.5716-8.1891 5.6641-9.3848 0l-5.4746-1.7098c0.16011 0.53174 0.32904 1.2706 0.34813 1.3749l0.56994 3.1816c0.12192 0.78586-0.60225 0.80937-0.99592 0.03232l-2.8482-5.6303a0.20418 0.20418 0 0 1-0.01763-0.04701 0.42304 0.42304 0 0 1 0.2218-0.56553l11.697-5.175a2.9114 2.9114 0 0 1 2.3502 0l11.697 5.175a0.41864 0.41864 0 0 1 0.26294 0.41864z" fill="#ffd952"/>
|
||||||
|
<path class="cls-3" d="m20.801 14.796 5.0574-2.0359a0.21446 0.21446 0 0 0 0-0.39807c-0.58756-0.24531-1.3132-0.52734-2.0242-0.82259-0.13073-0.05435-1.369 0.83434-1.4821 0.92541l-2.1799 1.7421c-0.52734 0.44214-0.07051 0.86959 0.62869 0.58903z" fill="#45c8ff"/>
|
||||||
|
<circle class="cls-3" cx="17.135" cy="16.785" r="2.6367" fill="#45c8ff"/>
|
||||||
|
<path d="m20.613 10.981a2.2034 2.2034 0 0 1-0.73445-0.07638l-9.2042-2.4839a2.2342 2.2342 0 0 1-0.69332-0.32757z"/>
|
||||||
|
<g fill="#4e4e4e">
|
||||||
|
<path class="cls-1" d="m6.6028 26.612 1.3661-0.0088h0.01763q0.75796 0 0.75796 0.71389v2.3003a6.5748 6.5748 0 0 1-2.2886 0.37898q-1.2515 0-1.8861-0.8505t-0.63457-2.3179q0-1.4689 0.7888-2.2827a2.5823 2.5823 0 0 1 1.9301-0.81524 3.5371 3.5371 0 0 1 2.0667 0.64338 1.0385 1.0385 0 0 1-0.18068 0.46711 1.2603 1.2603 0 0 1-0.33932 0.35254 2.5926 2.5926 0 0 0-1.5027-0.51999 1.4175 1.4175 0 0 0-1.1854 0.54203q-0.42304 0.53909-0.42304 1.6966 0 2.1769 1.604 2.1769a4.4743 4.4743 0 0 0 0.97829-0.11457v-0.83728q0-0.3966 0.01763-0.58756h-0.64633a0.60519 0.60519 0 0 1-0.40101-0.11018 0.44067 0.44067 0 0 1-0.12779-0.35254 1.51 1.51 0 0 1 0.088134-0.47446z"/>
|
||||||
|
<path class="cls-1" d="m13.401 29.379a1.1413 1.1413 0 0 1-0.14689 0.31288 1.0664 1.0664 0 0 1-0.22474 0.25118 0.99592 0.99592 0 0 1-0.80937-0.51705 1.7847 1.7847 0 0 1-1.2603 0.56406q-0.67863 0-1.0282-0.3966a1.3573 1.3573 0 0 1-0.34372-0.9166q0-0.73445 0.48033-1.1149a1.9404 1.9404 0 0 1 1.2354-0.3687q0.40542 0 0.76677 0.03525v-0.2644q0-0.69626-0.66982-0.69626-0.47592 0-1.3485 0.31728a1.2368 1.2368 0 0 1-0.29378-0.78439 4.9164 4.9164 0 0 1 1.9096-0.3966 1.5526 1.5526 0 0 1 1.0752 0.37016q0.41423 0.37016 0.41423 1.1193v1.7979q-0.0029 0.48474 0.24384 0.68745zm-2.2122-0.22034a1.2471 1.2471 0 0 0 0.88134-0.42304v-0.77852a5.9182 5.9182 0 0 0-0.66982-0.03525 0.73445 0.73445 0 0 0-0.54643 0.18214 0.6331 0.6331 0 0 0-0.18508 0.46711 0.62282 0.62282 0 0 0 0.14689 0.44067 0.48768 0.48768 0 0 0 0.3731 0.14689z"/>
|
||||||
|
<path class="cls-1" d="m14.115 26.012a1.0547 1.0547 0 0 1 0.14689-0.32169 0.88134 0.88134 0 0 1 0.22474-0.25118 1.1017 1.1017 0 0 1 0.92982 0.78439q0.35254-0.78439 1.1369-0.78439a2.7028 2.7028 0 0 1 0.51118 0.06169 1.9786 1.9786 0 0 1-0.2644 1.0282 2.2357 2.2357 0 0 0-0.3966-0.05288q-0.53762 0-0.86372 0.57287v2.8174a3.0627 3.0627 0 0 1-0.53762 0.04407 3.3785 3.3785 0 0 1-0.55525-0.04407v-2.9525q-0.0059-0.6375-0.33197-0.90191z"/>
|
||||||
|
<path class="cls-1" d="m21.157 29.379a1.1413 1.1413 0 0 1-0.15423 0.31288 1.0664 1.0664 0 0 1-0.22474 0.25118 0.99592 0.99592 0 0 1-0.8079-0.51705 1.7847 1.7847 0 0 1-1.2603 0.56406q-0.67864 0-1.0282-0.3966a1.3573 1.3573 0 0 1-0.34372-0.9166q0-0.73445 0.48033-1.1149a1.9404 1.9404 0 0 1 1.2295-0.37457q0.40542 0 0.76677 0.03525v-0.2644q0-0.69626-0.66982-0.69626-0.47592 0-1.3485 0.31728a1.2368 1.2368 0 0 1-0.29378-0.7844 4.9164 4.9164 0 0 1 1.9096-0.3966 1.5526 1.5526 0 0 1 1.0752 0.37016q0.41423 0.37016 0.41423 1.1193v1.8038q0.0088 0.48474 0.25559 0.68745zm-2.2151-0.22034a1.2471 1.2471 0 0 0 0.88134-0.42304v-0.77852a5.9182 5.9182 0 0 0-0.66982-0.03525 0.73445 0.73445 0 0 0-0.54643 0.18508 0.6331 0.6331 0 0 0-0.18508 0.46711 0.62282 0.62282 0 0 0 0.14689 0.44067 0.48768 0.48768 0 0 0 0.3731 0.14395z"/>
|
||||||
|
<path class="cls-1" d="m22.241 29.344q-0.3966-0.60813-0.3966-1.679t0.50236-1.679a1.5188 1.5188 0 0 1 1.2074-0.60813 1.7039 1.7039 0 0 1 1.1898 0.44067 0.99739 0.99739 0 0 1 0.69626-0.37898 0.82552 0.82552 0 0 1 0.23356 0.24677 1.0282 1.0282 0 0 1 0.14689 0.30847q-0.24678 0.21152-0.24678 0.75796v2.4971q0 1.4013-0.4583 1.983-0.4583 0.58169-1.5071 0.58756a4.2598 4.2598 0 0 1-1.5776-0.29378 1.1854 1.1854 0 0 1 0.27322-0.80202 2.882 2.882 0 0 0 1.1854 0.27322q0.57728 0 0.79761-0.29378a1.322 1.322 0 0 0 0.22034-0.81084v-0.35254a1.6936 1.6936 0 0 1-1.1017 0.41423 1.3014 1.3014 0 0 1-1.1648-0.61106zm2.2651-0.71389v-2.0447a1.1355 1.1355 0 0 0-0.75796-0.36135 0.63604 0.63604 0 0 0-0.57728 0.37898 2.2988 2.2988 0 0 0-0.20712 1.0841q0 0.70508 0.18949 1.04a0.56406 0.56406 0 0 0 0.49796 0.33491 1.1193 1.1193 0 0 0 0.8549-0.43186z"/>
|
||||||
|
<path class="cls-1" d="m30.105 28.039h-2.4678a1.4924 1.4924 0 0 0 0.23356 0.80643q0.20712 0.28644 0.72711 0.28644a2.6778 2.6778 0 0 0 1.1546-0.30847 1.159 1.159 0 0 1 0.31728 0.66982 2.8467 2.8467 0 0 1-1.6966 0.50236q-0.99151 0-1.4234-0.64338-0.43186-0.64338-0.43186-1.6657 0-1.0282 0.47592-1.6657a1.5923 1.5923 0 0 1 1.3617-0.64338q0.88134 0 1.3617 0.53321a1.9434 1.9434 0 0 1 0.47593 1.344 3.4519 3.4519 0 0 1-0.08813 0.7844zm-1.701-1.8684q-0.7227 0-0.77558 1.0929h1.5335v-0.10576a1.25 1.25 0 0 0-0.18508-0.71389 0.64338 0.64338 0 0 0-0.567-0.27321z"/>
|
||||||
|
</g>
|
||||||
|
<g>
|
||||||
|
<path d="m17.034 3.0341a2.9114 2.9114 0 0 0-1.1462 0.24753l-11.697 5.1749a0.42304 0.42304 0 0 0-0.22169 0.56586 0.20418 0.20418 0 0 0 0.01757 0.04702l1.8769 3.7099h1.6288l-0.23151-1.2935c-0.0191-0.10429-0.18819-0.84337-0.3483-1.3751l5.4746 1.71c0.07196 0.34089 0.16746 0.65935 0.28112 0.9586h8.8765c0.0978-0.29932 0.17499-0.61834 0.22738-0.9586l5.4627-1.7053c-0.16011 0.53174-0.32713 1.2662-0.34623 1.3705l-0.23151 1.2935h1.6283l1.8593-3.6763 0.01757-0.03359 0.0181-0.04547a0.027909 0.027909 0 0 0 0-0.01188 0.39367 0.39367 0 0 0 0.01757-0.13643 0.41864 0.41864 0 0 0-0.26303-0.4191l-11.697-5.1749a2.9114 2.9114 0 0 0-1.2041-0.24753z" fill="#ff9329"/>
|
||||||
|
<path d="m17.034 5.4825a2.9114 2.9114 0 0 0-1.1462 0.24753l-11.697 5.1749a0.42304 0.42304 0 0 0-0.22169 0.56534 0.20418 0.20418 0 0 0 0.01757 0.04703l1.018 2.0118h2.1632c-0.068234-0.28802-0.15662-0.64282-0.25528-0.97049l3.1073 0.97048h14.121l3.0939-0.96583c-0.09841 0.32682-0.18541 0.67924-0.25321 0.96583h2.1627l1.0005-1.9782 0.01757-0.03359 0.0181-0.04547a0.027909 0.027909 0 0 0 0-0.01188 0.39367 0.39367 0 0 0 0.01757-0.13643 0.41864 0.41864 0 0 0-0.26303-0.41858l-11.697-5.1749a2.9114 2.9114 0 0 0-1.2041-0.24753z" fill="#4e4e4e"/>
|
||||||
|
<path class="cls-2" d="m30.198 13.82a0.39367 0.39367 0 0 1-0.01762 0.13661 0.027909 0.027909 0 0 1 0 0.01175l-0.01762 0.04554-0.01762 0.03379-2.8306 5.5965c-0.39367 0.77705-1.1178 0.75355-0.99592-0.03232l0.56993-3.1817c0.0191-0.10429 0.18655-0.83874 0.34666-1.3705l-5.4629 1.7054c-0.85784 5.5716-8.1891 5.6641-9.3848 0l-5.4746-1.7098c0.16011 0.53174 0.32904 1.2706 0.34813 1.3749l0.56994 3.1816c0.12192 0.78586-0.60225 0.80937-0.99592 0.03232l-2.8482-5.6303a0.20418 0.20418 0 0 1-0.01763-0.04701 0.42304 0.42304 0 0 1 0.2218-0.56553l11.697-5.175a2.9114 2.9114 0 0 1 2.3502 0l11.697 5.175a0.41864 0.41864 0 0 1 0.26294 0.41864z" fill="#ff9329"/>
|
||||||
|
<path class="cls-3" d="m20.801 14.796 5.0574-2.0359a0.21446 0.21446 0 0 0 0-0.39807c-0.58756-0.24531-1.3132-0.52734-2.0242-0.82259-0.13073-0.05435-1.369 0.83434-1.4821 0.92541l-2.1799 1.7421c-0.52734 0.44214-0.07051 0.86959 0.62869 0.58903z" fill="#4e4e4e"/>
|
||||||
|
<circle class="cls-3" cx="17.135" cy="16.785" r="2.6367" fill="#4e4e4e"/>
|
||||||
|
</g>
|
||||||
|
</g>
|
||||||
|
</svg>
|
After Width: | Height: | Size: 13 KiB |
BIN
doc/book/src/img/ngi-logo.png
Normal file
After Width: | Height: | Size: 34 KiB |
129
doc/book/src/intro.md
Normal file
|
@ -0,0 +1,129 @@
|
||||||
|
<p align="center" style="text-align:center;">
|
||||||
|
<a href="https://garagehq.deuxfleurs.fr">
|
||||||
|
<img alt="Garage's Logo" src="img/logo.svg" height="200" />
|
||||||
|
</a>
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p align="center" style="text-align:center;">
|
||||||
|
[ <a href="https://garagehq.deuxfleurs.fr/_releases.html">Download</a>
|
||||||
|
| <a href="https://git.deuxfleurs.fr/Deuxfleurs/garage">Git repository</a>
|
||||||
|
| <a href="https://matrix.to/#/%23garage:deuxfleurs.fr">Matrix channel</a>
|
||||||
|
| <a href="https://drone.deuxfleurs.fr/Deuxfleurs/garage">Drone CI</a>
|
||||||
|
]
|
||||||
|
</p>
|
||||||
|
|
||||||
|
```
|
||||||
|
This very website is hosted using Garage. In other words: the doc is the PoC!
|
||||||
|
```
|
||||||
|
|
||||||
|
# The Garage Geo-Distributed Data Store
|
||||||
|
|
||||||
|
Garage is a lightweight geo-distributed data store.
|
||||||
|
It comes from the observation that despite numerous object stores
|
||||||
|
many people have broken data management policies (backup/replication on a single site or none at all).
|
||||||
|
To promote better data management policies, we focused on the following **desirable properties**:
|
||||||
|
|
||||||
|
- **Self-contained & lightweight**: works everywhere and integrates well in existing environments to target [hyperconverged infrastructures](https://en.wikipedia.org/wiki/Hyper-converged_infrastructure).
|
||||||
|
- **Highly resilient**: highly resilient to network failures, network latency, disk failures, sysadmin failures.
|
||||||
|
- **Simple**: simple to understand, simple to operate, simple to debug.
|
||||||
|
- **Internet enabled**: made for multi-sites (eg. datacenters, offices, households, etc.) interconnected through regular Internet connections.
|
||||||
|
|
||||||
|
We also noted that the pursuit of some other goals are detrimental to our initial goals.
|
||||||
|
The following has been identified as **non-goals** (if these points matter to you, you should not use Garage):
|
||||||
|
|
||||||
|
- **Extreme performances**: high performances constrain a lot the design and the infrastructure; we seek performances through minimalism only.
|
||||||
|
- **Feature extensiveness**: complete implementation of the S3 API or any other API to make garage a drop-in replacement is not targeted as it could lead to decisions impacting our desirable properties.
|
||||||
|
- **Storage optimizations**: erasure coding or any other coding technique both increase the difficulty of placing data and synchronizing; we limit ourselves to duplication.
|
||||||
|
- **POSIX/Filesystem compatibility**: we do not aim at being POSIX compatible or to emulate any kind of filesystem. Indeed, in a distributed environment, such synchronizations are translated in network messages that impose severe constraints on the deployment.
|
||||||
|
|
||||||
|
## Supported and planned protocols
|
||||||
|
|
||||||
|
Garage speaks (or will speak) the following protocols:
|
||||||
|
|
||||||
|
- [S3](https://docs.aws.amazon.com/AmazonS3/latest/API/Welcome.html) - *SUPPORTED* - Enable applications to store large blobs such as pictures, video, images, documents, etc. S3 is versatile enough to also be used to publish a static website.
|
||||||
|
- [IMAP](https://github.com/go-pluto/pluto) - *PLANNED* - email storage is quite complex to get good performances.
|
||||||
|
To keep performances optimal, most IMAP servers only support on-disk storage.
|
||||||
|
We plan to add logic to Garage to make it a viable solution for email storage.
|
||||||
|
- *More to come*
|
||||||
|
|
||||||
|
## Use Cases
|
||||||
|
|
||||||
|
**[Deuxfleurs](https://deuxfleurs.fr):** Garage is used by Deuxfleurs which is a non-profit hosting organization.
|
||||||
|
Especially, it is used to host their main website, this documentation and some of its members' blogs.
|
||||||
|
Additionally, Garage is used as a [backend for Nextcloud](https://docs.nextcloud.com/server/20/admin_manual/configuration_files/primary_storage.html).
|
||||||
|
Deuxfleurs also plans to use Garage as their [Matrix's media backend](https://github.com/matrix-org/synapse-s3-storage-provider) and as the backend of [OCIS](https://github.com/owncloud/ocis).
|
||||||
|
|
||||||
|
*Are you using Garage? [Open a pull request](https://git.deuxfleurs.fr/Deuxfleurs/garage/) to add your organization here!*
|
||||||
|
|
||||||
|
## Comparison to existing software
|
||||||
|
|
||||||
|
**[MinIO](https://min.io/):** MinIO shares our *Self-contained & lightweight* goal but selected two of our non-goals: *Storage optimizations* through erasure coding and *POSIX/Filesystem compatibility* through strong consistency.
|
||||||
|
However, by pursuing these two non-goals, MinIO do not reach our desirable properties.
|
||||||
|
Firstly, it fails on the *Simple* property: due to the erasure coding, MinIO has severe limitations on how drives can be added or deleted from a cluster.
|
||||||
|
Secondly, it fails on the *Internet enabled* property: due to its strong consistency, MinIO is latency sensitive.
|
||||||
|
Furthermore, MinIO has no knowledge of "sites" and thus can not distribute data to minimize the failure of a given site.
|
||||||
|
|
||||||
|
**[Openstack Swift](https://docs.openstack.org/swift/latest/):**
|
||||||
|
OpenStack Swift at least fails on the *Self-contained & lightweight* goal.
|
||||||
|
Starting it requires around 8GB of RAM, which is too much especially in an hyperconverged infrastructure.
|
||||||
|
We also do not classify Swift as *Simple*.
|
||||||
|
|
||||||
|
**[Ceph](https://ceph.io/ceph-storage/object-storage/):**
|
||||||
|
This review holds for the whole Ceph stack, including the RADOS paper, Ceph Object Storage module, the RADOS Gateway, etc.
|
||||||
|
At its core, Ceph has been designed to provide *POSIX/Filesystem compatibility* which requires strong consistency, which in turn
|
||||||
|
makes Ceph latency-sensitive and fails our *Internet enabled* goal.
|
||||||
|
Due to its industry oriented design, Ceph is also far from being *Simple* to operate and from being *Self-contained & lightweight* which makes it hard to integrate it in an hyperconverged infrastructure.
|
||||||
|
In a certain way, Ceph and MinIO are closer together than they are from Garage or OpenStack Swift.
|
||||||
|
|
||||||
|
*More comparisons are available in our [Related Work](design/related_work.md) chapter.*
|
||||||
|
|
||||||
|
## Other Resources
|
||||||
|
|
||||||
|
This website is not the only source of information about Garage!
|
||||||
|
We reference here other places on the Internet where you can learn more about Garage.
|
||||||
|
|
||||||
|
### Rust API (docs.rs)
|
||||||
|
|
||||||
|
If you encounter a specific bug in Garage or plan to patch it, you may jump directly to the source code's documentation!
|
||||||
|
|
||||||
|
- [garage\_api](https://docs.rs/garage_api/latest/garage_api/) - contains the S3 standard API endpoint
|
||||||
|
- [garage\_model](https://docs.rs/garage_model/latest/garage_model/) - contains Garage's model built on the table abstraction
|
||||||
|
- [garage\_rpc](https://docs.rs/garage_rpc/latest/garage_rpc/) - contains Garage's federation protocol
|
||||||
|
- [garage\_table](https://docs.rs/garage_table/latest/garage_table/) - contains core Garage's CRDT datatypes
|
||||||
|
- [garage\_util](https://docs.rs/garage_util/latest/garage_util/) - contains garage helpers
|
||||||
|
- [garage\_web](https://docs.rs/garage_web/latest/garage_web/) - contains the S3 website endpoint
|
||||||
|
|
||||||
|
### Talks
|
||||||
|
|
||||||
|
We love to talk and hear about Garage, that's why we keep a log here:
|
||||||
|
|
||||||
|
- [(en, 2021-04-28) Distributed object storage is centralised](https://git.deuxfleurs.fr/Deuxfleurs/garage/raw/commit/b1f60579a13d3c5eba7f74b1775c84639ea9b51a/doc/talks/2021-04-28_spirals-team/talk.pdf)
|
||||||
|
|
||||||
|
- [(fr, 2020-12-02) Garage : jouer dans la cour des grands quand on est un hébergeur associatif](https://git.deuxfleurs.fr/Deuxfleurs/garage/raw/commit/b1f60579a13d3c5eba7f74b1775c84639ea9b51a/doc/talks/2020-12-02_wide-team/talk.pdf)
|
||||||
|
|
||||||
|
*Did you write or talk about Garage? [Open a pull request](https://git.deuxfleurs.fr/Deuxfleurs/garage/) to add a link here!*
|
||||||
|
|
||||||
|
## Community
|
||||||
|
|
||||||
|
If you want to discuss with us, you can join our Matrix channel at [#garage:deuxfleurs.fr](https://matrix.to/#/#garage:deuxfleurs.fr).
|
||||||
|
Our code repository and issue tracker, which is the place where you should report bugs, is managed on [Deuxfleurs' Gitea](https://git.deuxfleurs.fr/Deuxfleurs/garage).
|
||||||
|
|
||||||
|
## License
|
||||||
|
|
||||||
|
Garage's source code, is released under the [AGPL v3 License](https://www.gnu.org/licenses/agpl-3.0.en.html).
|
||||||
|
Please note that if you patch Garage and then use it to provide any service over a network, you must share your code!
|
||||||
|
|
||||||
|
# Funding
|
||||||
|
|
||||||
|
The Deuxfleurs association has received a grant from [NGI POINTER](https://pointer.ngi.eu/), to fund 3 people working on Garage full-time for a year: from October 2021 to September 2022.
|
||||||
|
|
||||||
|
<div style="display: flex; justify-content: space-around">
|
||||||
|
<a href="https://pointer.ngi.eu/">
|
||||||
|
<img style="height:100px" src="img/ngi-logo.png" alt="NGI Pointer logo">
|
||||||
|
</a>
|
||||||
|
<a href="https://ec.europa.eu/programmes/horizon2020/what-horizon-2020">
|
||||||
|
<img style="height:100px" src="img/eu-flag-logo.png" alt="EU flag logo">
|
||||||
|
</a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
_This project has received funding from the European Union’s Horizon 2020 research and innovation programme within the framework of the NGI-POINTER Project funded under grant agreement N° 871528._
|
|
@ -1,96 +1,64 @@
|
||||||
+++
|
# Quick Start
|
||||||
title = "Quick Start"
|
|
||||||
weight = 0
|
|
||||||
sort_by = "weight"
|
|
||||||
template = "documentation.html"
|
|
||||||
+++
|
|
||||||
|
|
||||||
Let's start your Garage journey!
|
Let's start your Garage journey!
|
||||||
In this chapter, we explain how to deploy Garage as a single-node server
|
In this chapter, we explain how to deploy Garage as a single-node server
|
||||||
and how to interact with it.
|
and how to interact with it.
|
||||||
|
|
||||||
## What is Garage?
|
|
||||||
|
|
||||||
Before jumping in, you might be interested in reading the following pages:
|
|
||||||
|
|
||||||
- [Goals and use cases](@/documentation/design/goals.md)
|
|
||||||
- [List of features](@/documentation/reference-manual/features.md)
|
|
||||||
|
|
||||||
## Scope of this tutorial
|
|
||||||
|
|
||||||
Our goal is to introduce you to Garage's workflows.
|
Our goal is to introduce you to Garage's workflows.
|
||||||
Following this guide is recommended before moving on to
|
Following this guide is recommended before moving on to
|
||||||
[configuring a multi-node cluster](@/documentation/cookbook/real-world.md).
|
[configuring a real-world deployment](../cookbook/real_world.md).
|
||||||
|
|
||||||
Note that this kind of deployment should not be used in production,
|
Note that this kind of deployment should not be used in production, as it provides
|
||||||
as it provides no redundancy for your data!
|
no redundancy for your data!
|
||||||
|
|
||||||
## Get a binary
|
## Get a binary
|
||||||
|
|
||||||
Download the latest Garage binary from the release pages on our repository:
|
Download the latest Garage binary from the release pages on our repository:
|
||||||
|
|
||||||
<https://garagehq.deuxfleurs.fr/download/>
|
<https://git.deuxfleurs.fr/Deuxfleurs/garage/releases>
|
||||||
|
|
||||||
Place this binary somewhere in your `$PATH` so that you can invoke the `garage`
|
Place this binary somewhere in your `$PATH` so that you can invoke the `garage`
|
||||||
command directly (for instance you can copy the binary in `/usr/local/bin`
|
command directly (for instance you can copy the binary in `/usr/local/bin`
|
||||||
or in `~/.local/bin`).
|
or in `~/.local/bin`).
|
||||||
|
|
||||||
If a binary of the last version is not available for your architecture,
|
If a binary of the last version is not available for your architecture,
|
||||||
or if you want a build customized for your system,
|
you can [build Garage from source](../cookbook/from_source.md).
|
||||||
you can [build Garage from source](@/documentation/cookbook/from-source.md).
|
|
||||||
|
|
||||||
|
|
||||||
## Configuring and starting Garage
|
## Writing a first configuration file
|
||||||
|
|
||||||
### Generating a first configuration file
|
|
||||||
|
|
||||||
This first configuration file should allow you to get started easily with the simplest
|
This first configuration file should allow you to get started easily with the simplest
|
||||||
possible Garage deployment.
|
possible Garage deployment.
|
||||||
|
**Save it as `/etc/garage.toml`.**
|
||||||
|
You can also store it somewhere else, but you will have to specify `-c path/to/garage.toml`
|
||||||
|
at each invocation of the `garage` binary (for example: `garage -c ./garage.toml server`, `garage -c ./garage.toml status`).
|
||||||
|
|
||||||
We will create it with the following command line
|
```toml
|
||||||
to generate unique and private secrets for security reasons:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
cat > garage.toml <<EOF
|
|
||||||
metadata_dir = "/tmp/meta"
|
metadata_dir = "/tmp/meta"
|
||||||
data_dir = "/tmp/data"
|
data_dir = "/tmp/data"
|
||||||
db_engine = "lmdb"
|
|
||||||
|
|
||||||
replication_mode = "none"
|
replication_mode = "none"
|
||||||
|
|
||||||
rpc_bind_addr = "[::]:3901"
|
rpc_bind_addr = "[::]:3901"
|
||||||
rpc_public_addr = "127.0.0.1:3901"
|
rpc_public_addr = "127.0.0.1:3901"
|
||||||
rpc_secret = "$(openssl rand -hex 32)"
|
rpc_secret = "1799bccfd7411eddcf9ebd316bc1f5287ad12a68094e1c6ac6abde7e6feae1ec"
|
||||||
|
|
||||||
|
bootstrap_peers = []
|
||||||
|
|
||||||
[s3_api]
|
[s3_api]
|
||||||
s3_region = "garage"
|
s3_region = "garage"
|
||||||
api_bind_addr = "[::]:3900"
|
api_bind_addr = "[::]:3900"
|
||||||
root_domain = ".s3.garage.localhost"
|
|
||||||
|
|
||||||
[s3_web]
|
[s3_web]
|
||||||
bind_addr = "[::]:3902"
|
bind_addr = "[::]:3902"
|
||||||
root_domain = ".web.garage.localhost"
|
root_domain = ".web.garage"
|
||||||
index = "index.html"
|
index = "index.html"
|
||||||
|
|
||||||
[k2v_api]
|
|
||||||
api_bind_addr = "[::]:3904"
|
|
||||||
|
|
||||||
[admin]
|
|
||||||
api_bind_addr = "0.0.0.0:3903"
|
|
||||||
admin_token = "$(openssl rand -base64 32)"
|
|
||||||
EOF
|
|
||||||
```
|
```
|
||||||
|
|
||||||
Now that your configuration file has been created, you can put
|
The `rpc_secret` value provided above is just an example. It will work, but in
|
||||||
it in the right place. By default, garage looks at **`/etc/garage.toml`.**
|
order to secure your cluster you will need to use another one. You can generate
|
||||||
|
such a value with `openssl rand -hex 32`.
|
||||||
|
|
||||||
You can also store it somewhere else, but you will have to specify `-c path/to/garage.toml`
|
|
||||||
at each invocation of the `garage` binary (for example: `garage -c ./garage.toml server`, `garage -c ./garage.toml status`).
|
|
||||||
|
|
||||||
As you can see, the `rpc_secret` is a 32 bytes hexadecimal string.
|
|
||||||
You can regenerate it with `openssl rand -hex 32`.
|
|
||||||
If you target a cluster deployment with multiple nodes, make sure that
|
|
||||||
you use the same value for all nodes.
|
|
||||||
|
|
||||||
As you can see in the `metadata_dir` and `data_dir` parameters, we are saving Garage's data
|
As you can see in the `metadata_dir` and `data_dir` parameters, we are saving Garage's data
|
||||||
in `/tmp` which gets erased when your system reboots. This means that data stored on this
|
in `/tmp` which gets erased when your system reboots. This means that data stored on this
|
||||||
|
@ -98,12 +66,12 @@ Garage server will not be persistent. Change these to locations on your local di
|
||||||
your data to be persisted properly.
|
your data to be persisted properly.
|
||||||
|
|
||||||
|
|
||||||
### Launching the Garage server
|
## Launching the Garage server
|
||||||
|
|
||||||
Use the following command to launch the Garage server with our configuration file:
|
Use the following command to launch the Garage server with our configuration file:
|
||||||
|
|
||||||
```
|
```
|
||||||
garage server
|
RUST_LOG=garage=info garage server
|
||||||
```
|
```
|
||||||
|
|
||||||
You can tune Garage's verbosity as follows (from less verbose to more verbose):
|
You can tune Garage's verbosity as follows (from less verbose to more verbose):
|
||||||
|
@ -114,11 +82,11 @@ RUST_LOG=garage=debug garage server
|
||||||
RUST_LOG=garage=trace garage server
|
RUST_LOG=garage=trace garage server
|
||||||
```
|
```
|
||||||
|
|
||||||
Log level `info` is the default value and is recommended for most use cases.
|
Log level `info` is recommended for most use cases.
|
||||||
Log level `debug` can help you check why your S3 API calls are not working.
|
Log level `debug` can help you check why your S3 API calls are not working.
|
||||||
|
|
||||||
|
|
||||||
### Checking that Garage runs correctly
|
## Checking that Garage runs correctly
|
||||||
|
|
||||||
The `garage` utility is also used as a CLI tool to configure your Garage deployment.
|
The `garage` utility is also used as a CLI tool to configure your Garage deployment.
|
||||||
It uses values from the TOML configuration file to find the Garage daemon running on the
|
It uses values from the TOML configuration file to find the Garage daemon running on the
|
||||||
|
@ -140,9 +108,9 @@ ID Hostname Address Tag Zone Capacit
|
||||||
563e1ac825ee3323… linuxbox 127.0.0.1:3901 NO ROLE ASSIGNED
|
563e1ac825ee3323… linuxbox 127.0.0.1:3901 NO ROLE ASSIGNED
|
||||||
```
|
```
|
||||||
|
|
||||||
## Creating a cluster layout
|
## Configuring your Garage node
|
||||||
|
|
||||||
Creating a cluster layout for a Garage deployment means informing Garage
|
Configuring the nodes in a Garage deployment means informing Garage
|
||||||
of the disk space available on each node of the cluster
|
of the disk space available on each node of the cluster
|
||||||
as well as the zone (e.g. datacenter) each machine is located in.
|
as well as the zone (e.g. datacenter) each machine is located in.
|
||||||
|
|
||||||
|
@ -150,18 +118,14 @@ For our test deployment, we are using only one node. The way in which we configu
|
||||||
it does not matter, you can simply write:
|
it does not matter, you can simply write:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
garage layout assign -z dc1 -c 1 <node_id>
|
garage node configure -z dc1 -c 1 <node_id>
|
||||||
```
|
```
|
||||||
|
|
||||||
where `<node_id>` corresponds to the identifier of the node shown by `garage status` (first column).
|
where `<node_id>` corresponds to the identifier of the node shown by `garage status` (first column).
|
||||||
You can enter simply a prefix of that identifier.
|
You can enter simply a prefix of that identifier.
|
||||||
For instance here you could write just `garage layout assign -z dc1 -c 1 563e`.
|
For instance here you could write just `garage node configure -z dc1 -c 1 563e`.
|
||||||
|
|
||||||
The layout then has to be applied to the cluster, using:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
garage layout apply
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
||||||
## Creating buckets and keys
|
## Creating buckets and keys
|
||||||
|
@ -177,7 +141,7 @@ garage help
|
||||||
garage bucket allow --help
|
garage bucket allow --help
|
||||||
```
|
```
|
||||||
|
|
||||||
### Create a bucket
|
#### Create a bucket
|
||||||
|
|
||||||
Let's take an example where we want to deploy NextCloud using Garage as the
|
Let's take an example where we want to deploy NextCloud using Garage as the
|
||||||
main data storage.
|
main data storage.
|
||||||
|
@ -195,7 +159,7 @@ garage bucket list
|
||||||
garage bucket info nextcloud-bucket
|
garage bucket info nextcloud-bucket
|
||||||
```
|
```
|
||||||
|
|
||||||
### Create an API key
|
#### Create an API key
|
||||||
|
|
||||||
The `nextcloud-bucket` bucket now exists on the Garage server,
|
The `nextcloud-bucket` bucket now exists on the Garage server,
|
||||||
however it cannot be accessed until we add an API key with the proper access rights.
|
however it cannot be accessed until we add an API key with the proper access rights.
|
||||||
|
@ -225,15 +189,14 @@ garage key list
|
||||||
garage key info nextcloud-app-key
|
garage key info nextcloud-app-key
|
||||||
```
|
```
|
||||||
|
|
||||||
### Allow a key to access a bucket
|
#### Allow a key to access a bucket
|
||||||
|
|
||||||
Now that we have a bucket and a key, we need to give permissions to the key on the bucket:
|
Now that we have a bucket and a key, we need to give permissions to the key on the bucket:
|
||||||
|
|
||||||
```
|
```
|
||||||
garage bucket allow \
|
garage bucket allow \
|
||||||
--read \
|
--read \
|
||||||
--write \
|
--write
|
||||||
--owner \
|
|
||||||
nextcloud-bucket \
|
nextcloud-bucket \
|
||||||
--key nextcloud-app-key
|
--key nextcloud-app-key
|
||||||
```
|
```
|
||||||
|
@ -247,73 +210,64 @@ garage bucket info nextcloud-bucket
|
||||||
|
|
||||||
## Uploading and downlading from Garage
|
## Uploading and downlading from Garage
|
||||||
|
|
||||||
To download and upload files on garage, we can use a third-party tool named `awscli`.
|
We recommend the use of MinIO Client to interact with Garage files (`mc`).
|
||||||
|
Instructions to install it and use it are provided on the
|
||||||
|
[MinIO website](https://docs.min.io/docs/minio-client-quickstart-guide.html).
|
||||||
|
Before reading the following, you need a working `mc` command on your path.
|
||||||
|
|
||||||
|
Note that on certain Linux distributions such as Arch Linux, the Minio client binary
|
||||||
|
is called `mcli` instead of `mc` (to avoid name clashes with the Midnight Commander).
|
||||||
|
|
||||||
### Install and configure `awscli`
|
#### Configure `mc`
|
||||||
|
|
||||||
If you have python on your system, you can install it with:
|
You need your access key and secret key created above.
|
||||||
|
We will assume you are invoking `mc` on the same machine as the Garage server,
|
||||||
|
your S3 API endpoint is therefore `http://127.0.0.1:3900`.
|
||||||
|
For this whole configuration, you must set an alias name: we chose `my-garage`, that you will used for all commands.
|
||||||
|
|
||||||
|
Adapt the following command accordingly and run it:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
python -m pip install --user awscli
|
mc alias set \
|
||||||
|
my-garage \
|
||||||
|
http://127.0.0.1:3900 \
|
||||||
|
<access key> \
|
||||||
|
<secret key> \
|
||||||
|
--api S3v4
|
||||||
```
|
```
|
||||||
|
|
||||||
Now that `awscli` is installed, you must configure it to talk to your Garage instance,
|
You must also add an environment variable to your configuration to
|
||||||
with your key. There are multiple ways to do that, the simplest one is to create a file
|
inform MinIO of our region (`garage` by default, corresponding to the `s3_region` parameter
|
||||||
named `~/.awsrc` with this content:
|
in the configuration file).
|
||||||
|
The best way is to add the following snippet to your `$HOME/.bash_profile`
|
||||||
|
or `$HOME/.bashrc` file:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
export AWS_ACCESS_KEY_ID=xxxx # put your Key ID here
|
export MC_REGION=garage
|
||||||
export AWS_SECRET_ACCESS_KEY=xxxx # put your Secret key here
|
|
||||||
export AWS_DEFAULT_REGION='garage'
|
|
||||||
export AWS_ENDPOINT='http://localhost:3900'
|
|
||||||
|
|
||||||
function aws { command aws --endpoint-url $AWS_ENDPOINT $@ ; }
|
|
||||||
aws --version
|
|
||||||
```
|
```
|
||||||
|
|
||||||
Now, each time you want to use `awscli` on this target, run:
|
#### Use `mc`
|
||||||
|
|
||||||
|
You can not list buckets from `mc` currently.
|
||||||
|
|
||||||
|
But the following commands and many more should work:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
source ~/.awsrc
|
mc cp image.png my-garage/nextcloud-bucket
|
||||||
|
mc cp my-garage/nextcloud-bucket/image.png .
|
||||||
|
mc ls my-garage/nextcloud-bucket
|
||||||
|
mc mirror localdir/ my-garage/another-bucket
|
||||||
```
|
```
|
||||||
|
|
||||||
*You can create multiple files with different names if you
|
|
||||||
have multiple Garage clusters or different keys.
|
|
||||||
Switching from one cluster to another is as simple as
|
|
||||||
sourcing the right file.*
|
|
||||||
|
|
||||||
### Example usage of `awscli`
|
#### Other tools for interacting with Garage
|
||||||
|
|
||||||
```bash
|
|
||||||
# list buckets
|
|
||||||
aws s3 ls
|
|
||||||
|
|
||||||
# list objects of a bucket
|
|
||||||
aws s3 ls s3://my_files
|
|
||||||
|
|
||||||
# copy from your filesystem to garage
|
|
||||||
aws s3 cp /proc/cpuinfo s3://my_files/cpuinfo.txt
|
|
||||||
|
|
||||||
# copy from garage to your filesystem
|
|
||||||
aws s3 cp s3/my_files/cpuinfo.txt /tmp/cpuinfo.txt
|
|
||||||
```
|
|
||||||
|
|
||||||
Note that you can use `awscli` for more advanced operations like
|
|
||||||
creating a bucket, pre-signing a request or managing your website.
|
|
||||||
[Read the full documentation to know more](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/s3/index.html).
|
|
||||||
|
|
||||||
Some features are however not implemented like ACL or policy.
|
|
||||||
Check [our s3 compatibility list](@/documentation/reference-manual/s3-compatibility.md).
|
|
||||||
|
|
||||||
### Other tools for interacting with Garage
|
|
||||||
|
|
||||||
The following tools can also be used to send and recieve files from/to Garage:
|
The following tools can also be used to send and recieve files from/to Garage:
|
||||||
|
|
||||||
- [minio-client](@/documentation/connect/cli.md#minio-client)
|
- the [AWS CLI](https://aws.amazon.com/cli/)
|
||||||
- [s3cmd](@/documentation/connect/cli.md#s3cmd)
|
- [`rclone`](https://rclone.org/)
|
||||||
- [rclone](@/documentation/connect/cli.md#rclone)
|
- [Cyberduck](https://cyberduck.io/)
|
||||||
- [Cyberduck](@/documentation/connect/cli.md#cyberduck)
|
- [`s3cmd`](https://s3tools.org/s3cmd)
|
||||||
- [WinSCP](@/documentation/connect/cli.md#winscp)
|
|
||||||
|
|
||||||
An exhaustive list is maintained in the ["Integrations" > "Browsing tools" section](@/documentation/connect/_index.md).
|
Refer to the ["configuring clients"](../cookbook/clients.md) page to learn how to configure
|
||||||
|
these clients to interact with a Garage server.
|
|
@ -1,7 +1,4 @@
|
||||||
+++
|
# Garage CLI
|
||||||
title = "Garage CLI"
|
|
||||||
weight = 30
|
|
||||||
+++
|
|
||||||
|
|
||||||
The Garage CLI is mostly self-documented. Make use of the `help` subcommand
|
The Garage CLI is mostly self-documented. Make use of the `help` subcommand
|
||||||
and the `--help` flag to discover all available options.
|
and the `--help` flag to discover all available options.
|
201
doc/book/src/reference_manual/configuration.md
Normal file
|
@ -0,0 +1,201 @@
|
||||||
|
# Garage configuration file format reference
|
||||||
|
|
||||||
|
Here is an example `garage.toml` configuration file that illustrates all of the possible options:
|
||||||
|
|
||||||
|
```toml
|
||||||
|
metadata_dir = "/var/lib/garage/meta"
|
||||||
|
data_dir = "/var/lib/garage/data"
|
||||||
|
|
||||||
|
block_size = 1048576
|
||||||
|
|
||||||
|
replication_mode = "3"
|
||||||
|
|
||||||
|
rpc_secret = "4425f5c26c5e11581d3223904324dcb5b5d5dfb14e5e7f35e38c595424f5f1e6"
|
||||||
|
rpc_bind_addr = "[::]:3901"
|
||||||
|
rpc_public_addr = "[fc00:1::1]:3901"
|
||||||
|
|
||||||
|
bootstrap_peers = [
|
||||||
|
"563e1ac825ee3323aa441e72c26d1030d6d4414aeb3dd25287c531e7fc2bc95d@[fc00:1::1]:3901",
|
||||||
|
"86f0f26ae4afbd59aaf9cfb059eefac844951efd5b8caeec0d53f4ed6c85f332[fc00:1::2]:3901",
|
||||||
|
"681456ab91350f92242e80a531a3ec9392cb7c974f72640112f90a600d7921a4@[fc00:B::1]:3901",
|
||||||
|
"212fd62eeaca72c122b45a7f4fa0f55e012aa5e24ac384a72a3016413fa724ff@[fc00:F::1]:3901",
|
||||||
|
]
|
||||||
|
|
||||||
|
consul_host = "consul.service"
|
||||||
|
consul_service_name = "garage-daemon"
|
||||||
|
|
||||||
|
sled_cache_capacity = 134217728
|
||||||
|
sled_flush_every_ms = 2000
|
||||||
|
|
||||||
|
[s3_api]
|
||||||
|
api_bind_addr = "[::]:3900"
|
||||||
|
s3_region = "garage"
|
||||||
|
|
||||||
|
[s3_web]
|
||||||
|
bind_addr = "[::]:3902"
|
||||||
|
root_domain = ".web.garage"
|
||||||
|
index = "index.html"
|
||||||
|
```
|
||||||
|
|
||||||
|
The following gives details about each available configuration option.
|
||||||
|
|
||||||
|
## Available configuration options
|
||||||
|
|
||||||
|
#### `metadata_dir`
|
||||||
|
|
||||||
|
The directory in which Garage will store its metadata. This contains the node identifier,
|
||||||
|
the network configuration and the peer list, the list of buckets and keys as well
|
||||||
|
as the index of all objects, object version and object blocks.
|
||||||
|
|
||||||
|
Store this folder on a fast SSD drive if possible to maximize Garage's performance.
|
||||||
|
|
||||||
|
#### `data_dir`
|
||||||
|
|
||||||
|
The directory in which Garage will store the data blocks of objects.
|
||||||
|
This folder can be placed on an HDD. The space available for `data_dir`
|
||||||
|
should be counted to determine a node's capacity
|
||||||
|
when [configuring it](../getting_started/05_cluster.md).
|
||||||
|
|
||||||
|
#### `block_size`
|
||||||
|
|
||||||
|
Garage splits stored objects in consecutive chunks of size `block_size`
|
||||||
|
(except the last one which might be smaller). The default size is 1MB and
|
||||||
|
should work in most cases. If you are interested in tuning this, feel free
|
||||||
|
to do so (and remember to report your findings to us!). If this value is
|
||||||
|
changed for a running Garage installation, only files newly uploaded will be
|
||||||
|
affected. Previously uploaded files will remain available. This however
|
||||||
|
means that chunks from existing files will not be deduplicated with chunks
|
||||||
|
from newly uploaded files, meaning you might use more storage space that is
|
||||||
|
optimally possible.
|
||||||
|
|
||||||
|
#### `replication_mode`
|
||||||
|
|
||||||
|
Garage supports the following replication modes:
|
||||||
|
|
||||||
|
- `none` or `1`: data stored on Garage is stored on a single node. There is no redundancy,
|
||||||
|
and data will be unavailable as soon as one node fails or its network is disconnected.
|
||||||
|
Do not use this for anything else than test deployments.
|
||||||
|
|
||||||
|
- `2`: data stored on Garage will be stored on two different nodes, if possible in different
|
||||||
|
zones. Garage tolerates one node failure before losing data. Data should be available
|
||||||
|
read-only when one node is down, but write operations will fail.
|
||||||
|
Use this only if you really have to.
|
||||||
|
|
||||||
|
- `3`: data stored on Garage will be stored on three different nodes, if possible each in
|
||||||
|
a different zones.
|
||||||
|
Garage tolerates two node failure before losing data. Data should be available
|
||||||
|
read-only when two nodes are down, and writes should be possible if only a single node
|
||||||
|
is down.
|
||||||
|
|
||||||
|
Note that in modes `2` and `3`,
|
||||||
|
if at least the same number of zones are available, an arbitrary number of failures in
|
||||||
|
any given zone is tolerated as copies of data will be spread over several zones.
|
||||||
|
|
||||||
|
**Make sure `replication_mode` is the same in the configuration files of all nodes.
|
||||||
|
Never run a Garage cluster where that is not the case.**
|
||||||
|
|
||||||
|
Changing the `replication_mode` of a cluster might work (make sure to shut down all nodes
|
||||||
|
and changing it everywhere at the time), but is not officially supported.
|
||||||
|
|
||||||
|
#### `rpc_secret`
|
||||||
|
|
||||||
|
Garage uses a secret key that is shared between all nodes of the cluster
|
||||||
|
in order to identify these nodes and allow them to communicate together.
|
||||||
|
This key should be specified here in the form of a 32-byte hex-encoded
|
||||||
|
random string. Such a string can be generated with a command
|
||||||
|
such as `openssl rand -hex 32`.
|
||||||
|
|
||||||
|
#### `rpc_bind_addr`
|
||||||
|
|
||||||
|
The address and port on which to bind for inter-cluster communcations
|
||||||
|
(reffered to as RPC for remote procedure calls).
|
||||||
|
The port specified here should be the same one that other nodes will used to contact
|
||||||
|
the node, even in the case of a NAT: the NAT should be configured to forward the external
|
||||||
|
port number to the same internal port nubmer. This means that if you have several nodes running
|
||||||
|
behind a NAT, they should each use a different RPC port number.
|
||||||
|
|
||||||
|
#### `rpc_public_addr`
|
||||||
|
|
||||||
|
The address and port that other nodes need to use to contact this node for
|
||||||
|
RPC calls. **This parameter is optional but recommended.** In case you have
|
||||||
|
a NAT that binds the RPC port to a port that is different on your public IP,
|
||||||
|
this field might help making it work.
|
||||||
|
|
||||||
|
#### `bootstrap_peers`
|
||||||
|
|
||||||
|
A list of peer identifiers on which to contact other Garage peers of this cluster.
|
||||||
|
These peer identifiers have the following syntax:
|
||||||
|
|
||||||
|
```
|
||||||
|
<node public key>@<node public IP or hostname>:<port>
|
||||||
|
```
|
||||||
|
|
||||||
|
In the case where `rpc_public_addr` is correctly specified in the
|
||||||
|
configuration file, the full identifier of a node including IP and port can
|
||||||
|
be obtained by running `garage node-id` and then included directly in the
|
||||||
|
`bootstrap_peers` list of other nodes. Otherwise, only the node's public
|
||||||
|
key will be returned by `garage node-id` and you will have to add the IP
|
||||||
|
yourself.
|
||||||
|
|
||||||
|
#### `consul_host` and `consul_service_name`
|
||||||
|
|
||||||
|
Garage supports discovering other nodes of the cluster using Consul.
|
||||||
|
This works only when nodes are announced in Consul by an orchestrator such as Nomad,
|
||||||
|
as Garage is not able to announce itself.
|
||||||
|
|
||||||
|
The `consul_host` parameter should be set to the hostname of the Consul server,
|
||||||
|
and `consul_service_name` should be set to the service name under which Garage's
|
||||||
|
RPC ports are announced.
|
||||||
|
|
||||||
|
#### `sled_cache_capacity`
|
||||||
|
|
||||||
|
This parameter can be used to tune the capacity of the cache used by
|
||||||
|
[sled](https://sled.rs), the database Garage uses internally to store metadata.
|
||||||
|
Tune this to fit the RAM you wish to make available to your Garage instance.
|
||||||
|
More cache means faster Garage, but the default value (128MB) should be plenty
|
||||||
|
for most use cases.
|
||||||
|
|
||||||
|
#### `sled_flush_every_ms`
|
||||||
|
|
||||||
|
This parameters can be used to tune the flushing interval of sled.
|
||||||
|
Increase this if sled is thrashing your SSD, at the risk of losing more data in case
|
||||||
|
of a power outage (though this should not matter much as data is replicated on other
|
||||||
|
nodes). The default value, 2000ms, should be appropriate for most use cases.
|
||||||
|
|
||||||
|
|
||||||
|
## The `[s3_api]` section
|
||||||
|
|
||||||
|
#### `api_bind_addr`
|
||||||
|
|
||||||
|
The IP and port on which to bind for accepting S3 API calls.
|
||||||
|
This endpoint does not suport TLS: a reverse proxy should be used to provide it.
|
||||||
|
|
||||||
|
#### `s3_region`
|
||||||
|
|
||||||
|
Garage will accept S3 API calls that are targetted to the S3 region defined here.
|
||||||
|
API calls targetted to other regions will fail with a AuthorizationHeaderMalformed error
|
||||||
|
message that redirects the client to the correct region.
|
||||||
|
|
||||||
|
|
||||||
|
## The `[s3_web]` section
|
||||||
|
|
||||||
|
Garage allows to publish content of buckets as websites. This section configures the
|
||||||
|
behaviour of this module.
|
||||||
|
|
||||||
|
#### `bind_addr`
|
||||||
|
|
||||||
|
The IP and port on which to bind for accepting HTTP requests to buckets configured
|
||||||
|
for website access.
|
||||||
|
This endpoint does not suport TLS: a reverse proxy should be used to provide it.
|
||||||
|
|
||||||
|
#### `root_domain`
|
||||||
|
|
||||||
|
The optionnal suffix appended to bucket names for the corresponding HTTP Host.
|
||||||
|
|
||||||
|
For instance, if `root_domain` is `web.garage.eu`, a bucket called `deuxfleurs.fr`
|
||||||
|
will be accessible either with hostname `deuxfleurs.fr.web.garage.eu`
|
||||||
|
or with hostname `deuxfleurs.fr`.
|
||||||
|
|
||||||
|
#### `index`
|
||||||
|
|
||||||
|
The name of the index file to return for requests ending with `/` (usually `index.html`).
|
|
@ -1,9 +1,4 @@
|
||||||
+++
|
# Reference Manual
|
||||||
title = "Reference Manual"
|
|
||||||
weight = 5
|
|
||||||
sort_by = "weight"
|
|
||||||
template = "documentation.html"
|
|
||||||
+++
|
|
||||||
|
|
||||||
A reference manual contains some extensive descriptions about the features and the behaviour of the software.
|
A reference manual contains some extensive descriptions about the features and the behaviour of the software.
|
||||||
Reading of this chapter is recommended once you have a good knowledge/understanding of Garage.
|
Reading of this chapter is recommended once you have a good knowledge/understanding of Garage.
|
57
doc/book/src/reference_manual/s3_compatibility.md
Normal file
|
@ -0,0 +1,57 @@
|
||||||
|
# S3 Compatibility status
|
||||||
|
|
||||||
|
## Global S3 features
|
||||||
|
|
||||||
|
Implemented:
|
||||||
|
|
||||||
|
- path-style URLs (`garage.tld/bucket/key`)
|
||||||
|
- putting and getting objects in buckets
|
||||||
|
- multipart uploads
|
||||||
|
- listing objects
|
||||||
|
- access control on a per-key-per-bucket basis
|
||||||
|
|
||||||
|
Not implemented:
|
||||||
|
|
||||||
|
- vhost-style URLs (`bucket.garage.tld/key`)
|
||||||
|
- object-level ACL
|
||||||
|
- object versioning
|
||||||
|
- encryption
|
||||||
|
- most `x-amz-` headers
|
||||||
|
|
||||||
|
|
||||||
|
## Endpoint implementation
|
||||||
|
|
||||||
|
All APIs that are not mentionned are not implemented and will return a 400 bad request.
|
||||||
|
|
||||||
|
| Endpoint | Status |
|
||||||
|
|------------------------------|----------------------------------|
|
||||||
|
| AbortMultipartUpload | Implemented |
|
||||||
|
| CompleteMultipartUpload | Implemented |
|
||||||
|
| CopyObject | Implemented |
|
||||||
|
| CreateBucket | Unsupported, stub (see below) |
|
||||||
|
| CreateMultipartUpload | Implemented |
|
||||||
|
| DeleteBucket | Unsupported (see below) |
|
||||||
|
| DeleteObject | Implemented |
|
||||||
|
| DeleteObjects | Implemented |
|
||||||
|
| GetBucketLocation | Implemented |
|
||||||
|
| GetBucketVersioning | Stub (see below) |
|
||||||
|
| GetObject | Implemented |
|
||||||
|
| HeadBucket | Implemented |
|
||||||
|
| HeadObject | Implemented |
|
||||||
|
| ListBuckets | Implemented |
|
||||||
|
| ListObjects | Implemented, bugs? (see below) |
|
||||||
|
| ListObjectsV2 | Implemented |
|
||||||
|
| PutObject | Implemented |
|
||||||
|
| UploadPart | Implemented |
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- **CreateBucket:** Garage does not yet accept creating buckets or giving access using API calls, it has to be done using the CLI tools. CreateBucket will return a 200 if the bucket exists and user has write access, and a 403 Forbidden in all other cases.
|
||||||
|
|
||||||
|
- **DeleteBucket:** Garage does not yet accept deleting buckets using API calls, it has to be done using the CLI tools. This request will return a 403 Forbidden.
|
||||||
|
|
||||||
|
- **GetBucketVersioning:** Stub implementation (Garage does not yet support versionning so this always returns
|
||||||
|
"versionning not enabled").
|
||||||
|
|
||||||
|
- **ListObjects:** Implemented, but there isn't a very good specification of what `encoding-type=url` covers so there might be some encoding bugs. In our implementation the url-encoded fields are in the same in ListObjects as they are in ListObjectsV2.
|
||||||
|
|
|
@ -1,9 +1,4 @@
|
||||||
+++
|
# Working Documents
|
||||||
title = "Working Documents"
|
|
||||||
weight = 8
|
|
||||||
sort_by = "weight"
|
|
||||||
template = "documentation.html"
|
|
||||||
+++
|
|
||||||
|
|
||||||
Working documents are documents that reflect the fact that Garage is a software that evolves quickly.
|
Working documents are documents that reflect the fact that Garage is a software that evolves quickly.
|
||||||
They are a way to communicate our ideas, our changes, and so on before or while we are implementing them in Garage.
|
They are a way to communicate our ideas, our changes, and so on before or while we are implementing them in Garage.
|
|
@ -1,9 +1,4 @@
|
||||||
+++
|
# Load Balancing Data (planned for version 0.2)
|
||||||
title = "Load balancing data (obsolete)"
|
|
||||||
weight = 910
|
|
||||||
+++
|
|
||||||
|
|
||||||
**This is being yet improved in release 0.5. The working document has not been updated yet, it still only applies to Garage 0.2 through 0.4.**
|
|
||||||
|
|
||||||
I have conducted a quick study of different methods to load-balance data over different Garage nodes using consistent hashing.
|
I have conducted a quick study of different methods to load-balance data over different Garage nodes using consistent hashing.
|
||||||
|
|
|
@ -1,7 +1,4 @@
|
||||||
+++
|
# Migrating from 0.3 to 0.4
|
||||||
title = "Migrating from 0.3 to 0.4"
|
|
||||||
weight = 20
|
|
||||||
+++
|
|
||||||
|
|
||||||
**Migrating from 0.3 to 0.4 is unsupported. This document is only intended to
|
**Migrating from 0.3 to 0.4 is unsupported. This document is only intended to
|
||||||
document the process internally for the Deuxfleurs cluster where we have to do
|
document the process internally for the Deuxfleurs cluster where we have to do
|
|
@ -1,109 +0,0 @@
|
||||||
+++
|
|
||||||
title = "S3 compatibility target"
|
|
||||||
weight = 5
|
|
||||||
+++
|
|
||||||
|
|
||||||
If there is a specific S3 functionnality you have a need for, feel free to open
|
|
||||||
a PR to put the corresponding endpoints higher in the list. Please explain
|
|
||||||
your motivations for doing so in the PR message.
|
|
||||||
|
|
||||||
| Priority | Endpoints |
|
|
||||||
| -------------------------- | --------- |
|
|
||||||
| **S-tier** (high priority) | |
|
|
||||||
| | HeadBucket |
|
|
||||||
| | GetBucketLocation |
|
|
||||||
| | CreateBucket |
|
|
||||||
| | DeleteBucket |
|
|
||||||
| | ListBuckets |
|
|
||||||
| | ListObjects |
|
|
||||||
| | ListObjectsV2 |
|
|
||||||
| | HeadObject |
|
|
||||||
| | GetObject |
|
|
||||||
| | PutObject |
|
|
||||||
| | CopyObject |
|
|
||||||
| | DeleteObject |
|
|
||||||
| | DeleteObjects |
|
|
||||||
| | CreateMultipartUpload |
|
|
||||||
| | CompleteMultipartUpload |
|
|
||||||
| | AbortMultipartUpload |
|
|
||||||
| | UploadPart |
|
|
||||||
| | ListMultipartUploads |
|
|
||||||
| | ListParts |
|
|
||||||
| **A-tier** | |
|
|
||||||
| | GetBucketCors |
|
|
||||||
| | PutBucketCors |
|
|
||||||
| | DeleteBucketCors |
|
|
||||||
| | UploadPartCopy |
|
|
||||||
| | GetBucketWebsite |
|
|
||||||
| | PutBucketWebsite |
|
|
||||||
| | DeleteBucketWebsite |
|
|
||||||
| | [PostObject](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectPOST.html) |
|
|
||||||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~ | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
|
||||||
| **B-tier** | |
|
|
||||||
| | GetBucketAcl |
|
|
||||||
| | PutBucketAcl |
|
|
||||||
| | GetObjectLockConfiguration |
|
|
||||||
| | PutObjectLockConfiguration |
|
|
||||||
| | GetObjectRetention |
|
|
||||||
| | PutObjectRetention |
|
|
||||||
| | GetObjectLegalHold |
|
|
||||||
| | PutObjectLegalHold |
|
|
||||||
| **C-tier** | |
|
|
||||||
| | GetBucketVersioning |
|
|
||||||
| | PutBucketVersioning |
|
|
||||||
| | ListObjectVersions |
|
|
||||||
| | GetObjectAcl |
|
|
||||||
| | PutObjectAcl |
|
|
||||||
| | GetBucketLifecycleConfiguration |
|
|
||||||
| | PutBucketLifecycleConfiguration |
|
|
||||||
| | DeleteBucketLifecycle |
|
|
||||||
| **garbage-tier** | |
|
|
||||||
| | DeleteBucketEncryption |
|
|
||||||
| | DeleteBucketAnalyticsConfiguration |
|
|
||||||
| | DeleteBucketIntelligentTieringConfiguration |
|
|
||||||
| | DeleteBucketInventoryConfiguration |
|
|
||||||
| | DeleteBucketMetricsConfiguration |
|
|
||||||
| | DeleteBucketOwnershipControls |
|
|
||||||
| | DeleteBucketPolicy |
|
|
||||||
| | DeleteBucketReplication |
|
|
||||||
| | DeleteBucketTagging |
|
|
||||||
| | DeleteObjectTagging |
|
|
||||||
| | DeletePublicAccessBlock |
|
|
||||||
| | GetBucketAccelerateConfiguration |
|
|
||||||
| | GetBucketAnalyticsConfiguration |
|
|
||||||
| | GetBucketEncryption |
|
|
||||||
| | GetBucketIntelligentTieringConfiguration |
|
|
||||||
| | GetBucketInventoryConfiguration |
|
|
||||||
| | GetBucketLogging |
|
|
||||||
| | GetBucketMetricsConfiguration |
|
|
||||||
| | GetBucketNotificationConfiguration |
|
|
||||||
| | GetBucketOwnershipControls |
|
|
||||||
| | GetBucketPolicy |
|
|
||||||
| | GetBucketPolicyStatus |
|
|
||||||
| | GetBucketReplication |
|
|
||||||
| | GetBucketRequestPayment |
|
|
||||||
| | GetBucketTagging |
|
|
||||||
| | GetObjectTagging |
|
|
||||||
| | GetObjectTorrent |
|
|
||||||
| | GetPublicAccessBlock |
|
|
||||||
| | ListBucketAnalyticsConfigurations |
|
|
||||||
| | ListBucketIntelligentTieringConfigurations |
|
|
||||||
| | ListBucketInventoryConfigurations |
|
|
||||||
| | ListBucketMetricsConfigurations |
|
|
||||||
| | PutBucketAccelerateConfiguration |
|
|
||||||
| | PutBucketAnalyticsConfiguration |
|
|
||||||
| | PutBucketEncryption |
|
|
||||||
| | PutBucketIntelligentTieringConfiguration |
|
|
||||||
| | PutBucketInventoryConfiguration |
|
|
||||||
| | PutBucketLogging |
|
|
||||||
| | PutBucketMetricsConfiguration |
|
|
||||||
| | PutBucketNotificationConfiguration |
|
|
||||||
| | PutBucketOwnershipControls |
|
|
||||||
| | PutBucketPolicy |
|
|
||||||
| | PutBucketReplication |
|
|
||||||
| | PutBucketRequestPayment |
|
|
||||||
| | PutBucketTagging |
|
|
||||||
| | PutObjectTagging |
|
|
||||||
| | PutPublicAccessBlock |
|
|
||||||
| | RestoreObject |
|
|
||||||
| | SelectObjectContent |
|
|
|
@ -1,53 +0,0 @@
|
||||||
+++
|
|
||||||
title = "Migrating from 0.5 to 0.6"
|
|
||||||
weight = 15
|
|
||||||
+++
|
|
||||||
|
|
||||||
**This guide explains how to migrate to 0.6 if you have an existing 0.5 cluster.
|
|
||||||
We don't recommend trying to migrate to 0.6 directly from 0.4 or older.**
|
|
||||||
|
|
||||||
**We make no guarantee that this migration will work perfectly:
|
|
||||||
back up all your data before attempting it!**
|
|
||||||
|
|
||||||
Garage v0.6 introduces a new data model for buckets,
|
|
||||||
that allows buckets to have many names (aliases).
|
|
||||||
Buckets can also have "private" aliases (called local aliases),
|
|
||||||
which are only visible when using a certain access key.
|
|
||||||
|
|
||||||
This new data model means that the metadata tables have changed quite a bit in structure,
|
|
||||||
and a manual migration step is required.
|
|
||||||
|
|
||||||
The migration steps are as follows:
|
|
||||||
|
|
||||||
1. Disable api and web access for some time (Garage does not support disabling
|
|
||||||
these endpoints but you can change the port number or stop your reverse
|
|
||||||
proxy for instance).
|
|
||||||
|
|
||||||
2. Do `garage repair -a --yes tables` and `garage repair -a --yes blocks`,
|
|
||||||
check the logs and check that all data seems to be synced correctly between
|
|
||||||
nodes.
|
|
||||||
|
|
||||||
4. Turn off Garage 0.5
|
|
||||||
|
|
||||||
5. **Backup your metadata folders!!**
|
|
||||||
|
|
||||||
6. Turn on Garage 0.6
|
|
||||||
|
|
||||||
7. At this point, `garage bucket list` should indicate that no buckets are present
|
|
||||||
in the cluster. `garage key list` should show all of the previously existing
|
|
||||||
access key, however these keys should not have any permissions to access buckets.
|
|
||||||
|
|
||||||
8. Run `garage migrate buckets050`: this will populate the new bucket table with
|
|
||||||
the buckets that existed previously. This will also give access to API keys
|
|
||||||
as it was before.
|
|
||||||
|
|
||||||
9. Do `garage repair -a --yes tables` and `garage repair -a --yes blocks`,
|
|
||||||
check the logs and check that all data seems to be synced correctly between
|
|
||||||
nodes.
|
|
||||||
|
|
||||||
10. Check that all your buckets indeed appear in `garage bucket list`, and that
|
|
||||||
keys have the proper access flags set. If that is not the case, revert
|
|
||||||
everything and file a bug!
|
|
||||||
|
|
||||||
11. Your upgraded cluster should be in a working state. Re-enable API and Web
|
|
||||||
access and check that everything went well.
|
|