forked from Deuxfleurs/garage
Alex Auvolat
4c5be79b80
This minor release includes the following improvements and fixes: New features: - Configuration: make LMDB's `map_size` configurable and make `block_size` and `sled_cache_capacity` expressable as strings (such as `10M`) (#628, #630) - Add support for binding to Unix sockets for the S3, K2V, Admin and Web API servers (#640) - Move the `convert_db` command into the main Garage binary (#645) - Add support for specifying RPC secret and admin tokens as environment variables (#643) - Add `allow_world_readable_secrets` option to config file (#663, #685) Bug fixes: - Use `statvfs` instead of mount list to determine free space in metadata/data directories (#611, #631) - Add missing casts to fix 32-bit build (#632) - Fix error when none of the HTTP servers (S3/K2V/Admin/Web) is started and fix shutdown hang (#613, #633) - Add missing CORS headers to PostObject response (#609, #656) - Monitoring: finer histogram boundaries in Prometheus exported metrics (#531, #686) Other: - Documentation improvements (#641) -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEwhSWp0+ubv79TiqUDkltFQljdr4FAmWmWvsACgkQDkltFQlj dr59rRAAiMGQpDUK0QqiCgrp1rcUhvtj3DsQEpT7F14Jo3I7bFDmONZolPbO8YAs VE4S4CBQogNH0lMQ6EvJYiBCxDWkxdVibKqDWOYJmUw3bZ6Ypn1eZIF0+Uf1TDI+ C6CxYbyDQtqvm330K2Du2uOoGiIgm83b6jktK/0FtbAE2GWhtYmQwoelprAGH20i baaSfkZbBl8toUscakyhPVVSQ86BcVQ2jqL6Ofu4eQknjMRqCeAIQhMB2ikpiwBz hbTZ3x0EfJJqiHocfkTE3B3cPnDKuHDzxPRhLMB/olEpzoxaLJ2+tc0ziQdl06/F 1c8nHM57L1IaDGKAkpcANnj3yVf3jfPqq9SEUNi+xSIWbvln91RvXU4RIB8hiZqa rqAHjDuys++3DoAUr/L4X233MWufVAEYT4B+jaPAv6ys35xhQwPAMJrA0OZEr+hE HQMPIG9uMDVjZ2QCgFYgC02kEqvxbsRSVnb0wjI7eoNOk0LKo154eJh1cOGd4Ibs yBTiIi1+Y7RCXNxcIHKlj5vMUHPBr2D8DVFj21kfZKUtMQ/8yScoiRC14ZR4J2xF IYe3aDm80l3tYgnPRVj4fOGiIPsqnZd4iazYKwj2cifB8tzYfyh5/9fv2aio8K5y 0GAw4AoTtgg1hLMadbc3om7wy64IRaZzXjv59eYPEotZYdreVpM= =RVm8 -----END PGP SIGNATURE----- gpgsig -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEwhSWp0+ubv79TiqUDkltFQljdr4FAmWmZKIACgkQDkltFQlj dr6wZRAA1XuOBax/7YsIix3ag0kjnwnGAx8wYaA+Jiojw2yv/+ePL6yGHcKA93lI SL8l5G06fTDgpbpfdVbgyRzGT2tmjrXvkygRWf2WMDZ9I+8WxUA2q8aWaEMiNmvd 0cfzYi14TgX+O0wEbKeeqrXG0473/yThk5U1FNbdJd7rkJ4JzaOTthdk0LJLiEUG zQ/YIYx3FVFoVI0rdORb3HKzqYHjMAvpzNhEIeqkrpDEzplQ3jKvY+rYWQL3S9zE bHbkZPoT62OpJGMr04/1FUkB+ctsvUrM0CskruaSKWyD2M1xTo/Ug4jh5muVIcdJ hJis1/k5rV8JDTIkb6eAxKqfVzI+56yDxofT8rVF4JhvlzvXDLOa0uyDVyA8/6un ylWRzs2Mlj6/TbscmPjrdH8v2Lb0zjWxvXe2iYnHHfldWUlYuBtI6FZiG3uNjBCs 7ns3xr4VOw13RM5auVkEQksIO6lru0kvH18GB3h6Msx67w2JUzl+PaNv8PdRtnmV 0SfLUl1Nh8yT2h9qG6/3cDE9E1G/mjg8SgljoEe6ahs/BUZmLuTHTyBjf+P22ZbO DCITM3CwrV+y/aKnRdLvd6LOWFinUqMS8YvVSVqJh9vo9R+dt33LdBMdWjP4IYHF MbACe4FzeG3AXUcHB/mDCm7a2H2BFwzAovFy0SE639PfWBxNue0= =gzWq -----END PGP SIGNATURE----- Merge tag 'v0.8.5' into sync-08-09 Garage v0.8.5 This minor release includes the following improvements and fixes: New features: - Configuration: make LMDB's `map_size` configurable and make `block_size` and `sled_cache_capacity` expressable as strings (such as `10M`) (#628, #630) - Add support for binding to Unix sockets for the S3, K2V, Admin and Web API servers (#640) - Move the `convert_db` command into the main Garage binary (#645) - Add support for specifying RPC secret and admin tokens as environment variables (#643) - Add `allow_world_readable_secrets` option to config file (#663, #685) Bug fixes: - Use `statvfs` instead of mount list to determine free space in metadata/data directories (#611, #631) - Add missing casts to fix 32-bit build (#632) - Fix error when none of the HTTP servers (S3/K2V/Admin/Web) is started and fix shutdown hang (#613, #633) - Add missing CORS headers to PostObject response (#609, #656) - Monitoring: finer histogram boundaries in Prometheus exported metrics (#531, #686) Other: - Documentation improvements (#641)
376 lines
9.8 KiB
Rust
376 lines
9.8 KiB
Rust
//! Contains type and functions related to Garage configuration file
|
|
use std::convert::TryFrom;
|
|
use std::net::SocketAddr;
|
|
use std::path::PathBuf;
|
|
|
|
use serde::{de, Deserialize};
|
|
|
|
use crate::error::Error;
|
|
use crate::socket_address::UnixOrTCPSocketAddress;
|
|
|
|
/// Represent the whole configuration
|
|
#[derive(Deserialize, Debug, Clone)]
|
|
pub struct Config {
|
|
/// Path where to store metadata. Should be fast, but low volume
|
|
pub metadata_dir: PathBuf,
|
|
/// Path where to store data. Can be slower, but need higher volume
|
|
pub data_dir: DataDirEnum,
|
|
|
|
/// Whether to fsync after all metadata transactions (disabled by default)
|
|
#[serde(default)]
|
|
pub metadata_fsync: bool,
|
|
/// Whether to fsync after all data block writes (disabled by default)
|
|
#[serde(default)]
|
|
pub data_fsync: bool,
|
|
|
|
/// Size of data blocks to save to disk
|
|
#[serde(
|
|
deserialize_with = "deserialize_capacity",
|
|
default = "default_block_size"
|
|
)]
|
|
pub block_size: usize,
|
|
|
|
/// Replication mode. Supported values:
|
|
/// - none, 1 -> no replication
|
|
/// - 2 -> 2-way replication
|
|
/// - 3 -> 3-way replication
|
|
// (we can add more aliases for this later)
|
|
pub replication_mode: String,
|
|
|
|
/// Zstd compression level used on data blocks
|
|
#[serde(
|
|
deserialize_with = "deserialize_compression",
|
|
default = "default_compression"
|
|
)]
|
|
pub compression_level: Option<i32>,
|
|
|
|
/// Skip the permission check of secret files. Useful when
|
|
/// POSIX ACLs (or more complex chmods) are used.
|
|
#[serde(default)]
|
|
pub allow_world_readable_secrets: bool,
|
|
|
|
/// RPC secret key: 32 bytes hex encoded
|
|
pub rpc_secret: Option<String>,
|
|
/// Optional file where RPC secret key is read from
|
|
pub rpc_secret_file: Option<String>,
|
|
/// Address to bind for RPC
|
|
pub rpc_bind_addr: SocketAddr,
|
|
/// Public IP address of this node
|
|
pub rpc_public_addr: Option<String>,
|
|
|
|
/// Timeout for Netapp's ping messagess
|
|
pub rpc_ping_timeout_msec: Option<u64>,
|
|
/// Timeout for Netapp RPC calls
|
|
pub rpc_timeout_msec: Option<u64>,
|
|
|
|
// -- Bootstraping and discovery
|
|
/// Bootstrap peers RPC address
|
|
#[serde(default)]
|
|
pub bootstrap_peers: Vec<String>,
|
|
|
|
/// Configuration for automatic node discovery through Consul
|
|
#[serde(default)]
|
|
pub consul_discovery: Option<ConsulDiscoveryConfig>,
|
|
/// Configuration for automatic node discovery through Kubernetes
|
|
#[serde(default)]
|
|
pub kubernetes_discovery: Option<KubernetesDiscoveryConfig>,
|
|
|
|
// -- DB
|
|
/// Database engine to use for metadata (options: sled, sqlite, lmdb)
|
|
#[serde(default = "default_db_engine")]
|
|
pub db_engine: String,
|
|
|
|
/// Sled cache size, in bytes
|
|
#[serde(
|
|
deserialize_with = "deserialize_capacity",
|
|
default = "default_sled_cache_capacity"
|
|
)]
|
|
pub sled_cache_capacity: usize,
|
|
/// Sled flush interval in milliseconds
|
|
#[serde(default = "default_sled_flush_every_ms")]
|
|
pub sled_flush_every_ms: u64,
|
|
|
|
/// LMDB map size
|
|
#[serde(deserialize_with = "deserialize_capacity", default)]
|
|
pub lmdb_map_size: usize,
|
|
|
|
// -- APIs
|
|
/// Configuration for S3 api
|
|
pub s3_api: S3ApiConfig,
|
|
|
|
/// Configuration for K2V api
|
|
pub k2v_api: Option<K2VApiConfig>,
|
|
|
|
/// Configuration for serving files as normal web server
|
|
pub s3_web: Option<WebConfig>,
|
|
|
|
/// Configuration for the admin API endpoint
|
|
#[serde(default = "Default::default")]
|
|
pub admin: AdminConfig,
|
|
}
|
|
|
|
/// Value for data_dir: either a single directory or a list of dirs with attributes
|
|
#[derive(Deserialize, Debug, Clone)]
|
|
#[serde(untagged)]
|
|
pub enum DataDirEnum {
|
|
Single(PathBuf),
|
|
Multiple(Vec<DataDir>),
|
|
}
|
|
|
|
#[derive(Deserialize, Debug, Clone)]
|
|
pub struct DataDir {
|
|
/// Path to the data directory
|
|
pub path: PathBuf,
|
|
/// Capacity of the drive (required if read_only is false)
|
|
#[serde(default)]
|
|
pub capacity: Option<String>,
|
|
/// Whether this is a legacy read-only path (capacity should be None)
|
|
#[serde(default)]
|
|
pub read_only: bool,
|
|
}
|
|
|
|
/// Configuration for S3 api
|
|
#[derive(Deserialize, Debug, Clone)]
|
|
pub struct S3ApiConfig {
|
|
/// Address and port to bind for api serving
|
|
pub api_bind_addr: Option<UnixOrTCPSocketAddress>,
|
|
/// S3 region to use
|
|
pub s3_region: String,
|
|
/// Suffix to remove from domain name to find bucket. If None,
|
|
/// vhost-style S3 request are disabled
|
|
pub root_domain: Option<String>,
|
|
}
|
|
|
|
/// Configuration for K2V api
|
|
#[derive(Deserialize, Debug, Clone)]
|
|
pub struct K2VApiConfig {
|
|
/// Address and port to bind for api serving
|
|
pub api_bind_addr: UnixOrTCPSocketAddress,
|
|
}
|
|
|
|
/// Configuration for serving files as normal web server
|
|
#[derive(Deserialize, Debug, Clone)]
|
|
pub struct WebConfig {
|
|
/// Address and port to bind for web serving
|
|
pub bind_addr: UnixOrTCPSocketAddress,
|
|
/// Suffix to remove from domain name to find bucket
|
|
pub root_domain: String,
|
|
}
|
|
|
|
/// Configuration for the admin and monitoring HTTP API
|
|
#[derive(Deserialize, Debug, Clone, Default)]
|
|
pub struct AdminConfig {
|
|
/// Address and port to bind for admin API serving
|
|
pub api_bind_addr: Option<UnixOrTCPSocketAddress>,
|
|
|
|
/// Bearer token to use to scrape metrics
|
|
pub metrics_token: Option<String>,
|
|
/// File to read metrics token from
|
|
pub metrics_token_file: Option<String>,
|
|
|
|
/// Bearer token to use to access Admin API endpoints
|
|
pub admin_token: Option<String>,
|
|
/// File to read admin token from
|
|
pub admin_token_file: Option<String>,
|
|
|
|
/// OTLP server to where to export traces
|
|
pub trace_sink: Option<String>,
|
|
}
|
|
|
|
#[derive(Deserialize, Debug, Clone, Default)]
|
|
#[serde(rename_all = "lowercase")]
|
|
pub enum ConsulDiscoveryAPI {
|
|
#[default]
|
|
Catalog,
|
|
Agent,
|
|
}
|
|
|
|
#[derive(Deserialize, Debug, Clone)]
|
|
pub struct ConsulDiscoveryConfig {
|
|
/// The consul api to use when registering: either `catalog` (the default) or `agent`
|
|
#[serde(default)]
|
|
pub api: ConsulDiscoveryAPI,
|
|
/// Consul http or https address to connect to to discover more peers
|
|
pub consul_http_addr: String,
|
|
/// Consul service name to use
|
|
pub service_name: String,
|
|
/// CA TLS certificate to use when connecting to Consul
|
|
pub ca_cert: Option<String>,
|
|
/// Client TLS certificate to use when connecting to Consul
|
|
pub client_cert: Option<String>,
|
|
/// Client TLS key to use when connecting to Consul
|
|
pub client_key: Option<String>,
|
|
/// /// Token to use for connecting to consul
|
|
pub token: Option<String>,
|
|
/// Skip TLS hostname verification
|
|
#[serde(default)]
|
|
pub tls_skip_verify: bool,
|
|
/// Additional tags to add to the service
|
|
#[serde(default)]
|
|
pub tags: Vec<String>,
|
|
/// Additional service metadata to add
|
|
#[serde(default)]
|
|
pub meta: Option<std::collections::HashMap<String, String>>,
|
|
}
|
|
|
|
#[derive(Deserialize, Debug, Clone)]
|
|
pub struct KubernetesDiscoveryConfig {
|
|
/// Kubernetes namespace the service discovery resources are be created in
|
|
pub namespace: String,
|
|
/// Service name to filter for in k8s custom resources
|
|
pub service_name: String,
|
|
/// Skip creation of the garagenodes CRD
|
|
#[serde(default)]
|
|
pub skip_crd: bool,
|
|
}
|
|
|
|
/// Read and parse configuration
|
|
pub fn read_config(config_file: PathBuf) -> Result<Config, Error> {
|
|
let config = std::fs::read_to_string(config_file)?;
|
|
|
|
Ok(toml::from_str(&config)?)
|
|
}
|
|
|
|
fn default_db_engine() -> String {
|
|
"lmdb".into()
|
|
}
|
|
|
|
fn default_sled_cache_capacity() -> usize {
|
|
128 * 1024 * 1024
|
|
}
|
|
fn default_sled_flush_every_ms() -> u64 {
|
|
2000
|
|
}
|
|
fn default_block_size() -> usize {
|
|
1048576
|
|
}
|
|
|
|
fn default_compression() -> Option<i32> {
|
|
Some(1)
|
|
}
|
|
|
|
fn deserialize_compression<'de, D>(deserializer: D) -> Result<Option<i32>, D::Error>
|
|
where
|
|
D: de::Deserializer<'de>,
|
|
{
|
|
struct OptionVisitor;
|
|
|
|
impl<'de> serde::de::Visitor<'de> for OptionVisitor {
|
|
type Value = Option<i32>;
|
|
fn expecting(&self, formatter: &mut std::fmt::Formatter) -> std::fmt::Result {
|
|
formatter.write_str("int or 'none'")
|
|
}
|
|
|
|
fn visit_str<E>(self, value: &str) -> Result<Self::Value, E>
|
|
where
|
|
E: de::Error,
|
|
{
|
|
if value.eq_ignore_ascii_case("none") {
|
|
Ok(None)
|
|
} else {
|
|
Err(E::custom(format!(
|
|
"Invalid compression level: '{}', should be a number, or 'none'",
|
|
value
|
|
)))
|
|
}
|
|
}
|
|
|
|
fn visit_i64<E>(self, v: i64) -> Result<Self::Value, E>
|
|
where
|
|
E: de::Error,
|
|
{
|
|
i32::try_from(v)
|
|
.map(Some)
|
|
.map_err(|_| E::custom("Compression level out of bound".to_owned()))
|
|
}
|
|
|
|
fn visit_u64<E>(self, v: u64) -> Result<Self::Value, E>
|
|
where
|
|
E: de::Error,
|
|
{
|
|
i32::try_from(v)
|
|
.map(Some)
|
|
.map_err(|_| E::custom("Compression level out of bound".to_owned()))
|
|
}
|
|
}
|
|
|
|
deserializer.deserialize_any(OptionVisitor)
|
|
}
|
|
|
|
fn deserialize_capacity<'de, D>(deserializer: D) -> Result<usize, D::Error>
|
|
where
|
|
D: de::Deserializer<'de>,
|
|
{
|
|
struct CapacityVisitor;
|
|
|
|
impl<'de> serde::de::Visitor<'de> for CapacityVisitor {
|
|
type Value = usize;
|
|
fn expecting(&self, formatter: &mut std::fmt::Formatter) -> std::fmt::Result {
|
|
formatter.write_str("int or '<capacity>'")
|
|
}
|
|
|
|
fn visit_str<E>(self, value: &str) -> Result<Self::Value, E>
|
|
where
|
|
E: de::Error,
|
|
{
|
|
value
|
|
.parse::<bytesize::ByteSize>()
|
|
.map(|x| x.as_u64())
|
|
.map_err(|e| E::custom(format!("invalid capacity value: {}", e)))
|
|
.and_then(|v| {
|
|
usize::try_from(v)
|
|
.map_err(|_| E::custom("capacity value out of bound".to_owned()))
|
|
})
|
|
}
|
|
|
|
fn visit_i64<E>(self, v: i64) -> Result<Self::Value, E>
|
|
where
|
|
E: de::Error,
|
|
{
|
|
usize::try_from(v).map_err(|_| E::custom("capacity value out of bound".to_owned()))
|
|
}
|
|
|
|
fn visit_u64<E>(self, v: u64) -> Result<Self::Value, E>
|
|
where
|
|
E: de::Error,
|
|
{
|
|
usize::try_from(v).map_err(|_| E::custom("capacity value out of bound".to_owned()))
|
|
}
|
|
}
|
|
|
|
deserializer.deserialize_any(CapacityVisitor)
|
|
}
|
|
|
|
#[cfg(test)]
|
|
mod tests {
|
|
use crate::error::Error;
|
|
use std::fs::File;
|
|
use std::io::Write;
|
|
|
|
#[test]
|
|
fn test_rpc_secret() -> Result<(), Error> {
|
|
let path2 = mktemp::Temp::new_file()?;
|
|
let mut file2 = File::create(path2.as_path())?;
|
|
writeln!(
|
|
file2,
|
|
r#"
|
|
metadata_dir = "/tmp/garage/meta"
|
|
data_dir = "/tmp/garage/data"
|
|
replication_mode = "3"
|
|
rpc_bind_addr = "[::]:3901"
|
|
rpc_secret = "foo"
|
|
|
|
[s3_api]
|
|
s3_region = "garage"
|
|
api_bind_addr = "[::]:3900"
|
|
"#
|
|
)?;
|
|
|
|
let config = super::read_config(path2.to_path_buf())?;
|
|
assert_eq!("foo", config.rpc_secret.unwrap());
|
|
drop(path2);
|
|
drop(file2);
|
|
|
|
Ok(())
|
|
}
|
|
}
|