Compare commits
397 commits
6a3dcf3974
...
5768bf3622
Author | SHA1 | Date | |
---|---|---|---|
5768bf3622 | |||
def78c5e6f | |||
277a20ec44 | |||
c9ef3e461b | |||
c93008d333 | |||
e5341ca47b | |||
a4f9f19ac3 | |||
|
47e57518ec | ||
dffcd9f4b1 | |||
5d404dcd54 | |||
62f0715abe | |||
7e1ac51b58 | |||
94f1e48fff | |||
cb5836d53c | |||
8e3ee82c3e | |||
a122a8cb46 | |||
9fd8ec1dee | |||
0091002ef2 | |||
8f9cf3a5d1 | |||
913f7754bb | |||
42dde54126 | |||
dca2ffdf91 | |||
0cf4efac89 | |||
9d0ed78887 | |||
509d256c58 | |||
2814d41842 | |||
7e0e2ffda2 | |||
413ab0eaed | |||
43945234ae | |||
3dc9214172 | |||
077dd1cde9 | |||
2d13f0aa13 | |||
e480aaf338 | |||
8fd6745745 | |||
c3982a90b6 | |||
c1d9854d2c | |||
8565f7dc31 | |||
8db6b84559 | |||
1eb7fdb08f | |||
e934934f14 | |||
98545a16dd | |||
822128e3c8 | |||
|
aea8b41728 | ||
|
71e6645e09 | ||
15da2156f6 | |||
0529f3c34d | |||
db46cdef79 | |||
ba6b56ae68 | |||
0af314b295 | |||
d78bf379fb | |||
f7e6f4616f | |||
dc5ec4ecf9 | |||
fe62d01b7e | |||
bfb4353df5 | |||
9b2b531f4d | |||
a19341b188 | |||
2377a92f6b | |||
203e8d2c34 | |||
f869ca625d | |||
0cc31ee169 | |||
dc8d0496cc | |||
d9a35359bf | |||
2a5609b292 | |||
818daa5c78 | |||
f0d0cd9a20 | |||
55d4471599 | |||
bb04d94fa9 | |||
8c2fb0c066 | |||
b6561f6e1b | |||
2cab84b1fe | |||
1e2cf26373 | |||
|
e349af13a7 | ||
9d44127245 | |||
c00b2c9948 | |||
8df1e186de | |||
2ef60b8417 | |||
1e639ec67c | |||
cfea1e0315 | |||
05eb79929e | |||
0f4e0e8bb9 | |||
2a3afcaf65 | |||
8a5bbc3b0b | |||
97f245f218 | |||
8129a98291 | |||
54e02b4c3b | |||
f6f8b7f1ad | |||
e312ba977e | |||
2465163e39 | |||
84613e66a2 | |||
c8b30ebc79 | |||
d7decda3f4 | |||
cd13ea461b | |||
5d19f3d2d7 | |||
084dcdbd3a | |||
3baa841d6f | |||
dd407e7041 | |||
af261e1789 | |||
4ae03aa774 | |||
3e1373fafc | |||
7d68b7060e | |||
99ed67503c | |||
5a1fb7cce7 | |||
1c0ba930b8 | |||
45d6d377d2 | |||
6f7ef11537 | |||
241db1e1f5 | |||
ecd76977ea | |||
935670690f | |||
ae2f32baf1 | |||
f67029ce2a | |||
2760f1cb17 | |||
26849ed066 | |||
c99f55c420 | |||
acdf893362 | |||
338b1b83ee | |||
6dab836f3a | |||
513a6b15f9 | |||
ea7fb901eb | |||
820924534a | |||
94f0e7c135 | |||
440374524b | |||
fe003d6fbc | |||
e55fa38c99 | |||
178e35f868 | |||
7c049f1c94 | |||
fdcddbe168 | |||
b45dcc1925 | |||
60c0033c8b | |||
d4dd2e2640 | |||
9eb211948e | |||
3ea8ca1b9e | |||
f7349f4005 | |||
1ee8f596ee | |||
6617a72220 | |||
3770a34e3d | |||
b4592a00fe | |||
9cb2e9e57c | |||
3586c7257c | |||
17ea28a438 | |||
8f39360f22 | |||
7ee11f0eb6 | |||
168a90dfb5 | |||
fb1e31add0 | |||
135858d067 | |||
8395030e48 | |||
9431090b1e | |||
677ab60cc1 | |||
df35feba18 | |||
1bcd6fabbd | |||
ba7f268b99 | |||
de37658b94 | |||
e59c23a69d | |||
2140cd7205 | |||
beeef4758e | |||
d8ab5bdc3e | |||
c7d5c73244 | |||
b76d0580a0 | |||
87121dce9d | |||
b1cfd16913 | |||
5db600e231 | |||
4d30e62db4 | |||
0bbb6673e7 | |||
53f71b3a57 | |||
5b1117e582 | |||
8f6026de5e | |||
945b75dbf1 | |||
ca7b438f3f | |||
1eb972b1ac | |||
60d4459926 | |||
3b3a1f275f | |||
dba9af2968 | |||
e9358054ac | |||
f9e5520ffb | |||
4b369347c0 | |||
224c89ad6e | |||
7c2037ba87 | |||
c4ac8835d3 | |||
ccce75bc25 | |||
7f26ed55cd | |||
8811bb08e6 | |||
85b2e4ca29 | |||
c94406f428 | |||
53888995bd | |||
f0893b904d | |||
396fe4c702 | |||
02158ee666 | |||
57df9c6e2d | |||
9c58ec28d3 | |||
cdeb5b4dbb | |||
100aad8bf4 | |||
80a87929b0 | |||
76d21be1b9 | |||
1928f59d54 | |||
323514be15 | |||
ad8d5139cf | |||
08b1e8a7ea | |||
ad7ab31411 | |||
74a7a550eb | |||
cc255d46cd | |||
8e25a37f0e | |||
e342db19aa | |||
f3405b6378 | |||
860ccf2811 | |||
9df7559446 | |||
a97467075d | |||
9d7535c3f5 | |||
da6efb4b23 | |||
e8811f7c9d | |||
2090a6187f | |||
6f13d083ab | |||
8c4f418fe8 | |||
bef6d627b0 | |||
e93d7fb228 | |||
eaf54efb25 | |||
93f8d59e4c | |||
cc1caa87fb | |||
69b89fb46d | |||
6b47c294f5 | |||
28c015d9ff | |||
4e8af1d956 | |||
3e7f766d95 | |||
43e13a501d | |||
ada7899b24 | |||
b2c51844a1 | |||
f6ebcbc7a7 | |||
df8a4068d9 | |||
de4276202a | |||
1b450c4b49 | |||
4067797d01 | |||
dc017a0cab | |||
1acf7e4c66 | |||
f6060b92aa | |||
0f9d9df83b | |||
f3a097abdf | |||
1aed317818 | |||
c5574c8409 | |||
78f0c9ed38 | |||
|
de0228ca2a | ||
df345e37db | |||
740b863750 | |||
fa394dcd27 | |||
30a7dee920 | |||
b568765c75 | |||
e9c265e9dc | |||
42f692b1e0 | |||
14fd3df654 | |||
56ac9fd460 | |||
d76a8576f4 | |||
289521886b | |||
ebd21b325e | |||
b9127dd6f8 | |||
ddb2b29bfd | |||
b490ebc7f6 | |||
c8aa1eb481 | |||
5fdabf3e75 | |||
6ccffc3162 | |||
e4b9e4e24d | |||
6644df6b96 | |||
f8ae8fc4be | |||
84856e84e5 | |||
4a1e079e8f | |||
f5a0cf0414 | |||
f05bb111c2 | |||
88925ebe22 | |||
631c36b3ff | |||
ee2a3d363b | |||
575726358c | |||
339c611789 | |||
ef4d6e782a | |||
a981244f11 | |||
b1f60579a1 | |||
|
be3b1d8f91 | ||
dcfc32cf85 | |||
368eb35484 | |||
642186c530 | |||
e01f74e763 | |||
119217f9f6 | |||
2812a027ea | |||
74373aebcf | |||
16300bbd89 | |||
f2e1fca658 | |||
640e3921d8 | |||
7f1a50dbd9 | |||
1273802994 | |||
4af39ab47a | |||
1c97b82c45 | |||
5c4b2cec3c | |||
1e3df189d0 | |||
a2e1617d84 | |||
67585a4ffa | |||
b437610812 | |||
f871689571 | |||
8e0524ae15 | |||
f9bd2d8fb7 | |||
bf36f1f16a | |||
f7c09daa46 | |||
6b2b400292 | |||
8c33d565d6 | |||
948e44a3f6 | |||
3e2e38c830 | |||
2e53e31cdd | |||
64b91c2645 | |||
e16077f40a | |||
15ae74b080 | |||
379af242ae | |||
9ced9f78dc | |||
3a449badb1 | |||
9996dcf13e | |||
7bc708d71d | |||
d86abb98f0 | |||
9589d10165 | |||
f9d77b6cd9 | |||
|
ee00ac59b7 | ||
8501d2679a | |||
c9943aab1f | |||
|
d0692b75b0 | ||
4a6ed223dc | |||
c409ee89f6 | |||
c1d64333c5 | |||
c4cb9120fe | |||
c5e24de159 | |||
4e94b2b704 | |||
44ff627e7d | |||
f859d15062 | |||
fd8f4caa81 | |||
4c26a0b9c1 | |||
a1014224d3 | |||
e19e267b7e | |||
f17cb6c969 | |||
c8a7ce5cdf | |||
81e9db783f | |||
ae3b7029a9 | |||
6edbc65847 | |||
bfa0ff8f82 | |||
dead945c8f | |||
4348bde180 | |||
4eb16e8863 | |||
8e317e2783 | |||
ec26acb161 | |||
b4c903371c | |||
5b659b28ce | |||
ea21c54434 | |||
1a5af9d1fc | |||
b82a61fba2 | |||
44d0815ff9 | |||
468e45ed7f | |||
60f994a118 | |||
002538f92c | |||
c50113acf3 | |||
0afc701a69 | |||
797cda1c33 | |||
46c7226fe4 | |||
390ab02f41 | |||
7b10245dfb | |||
08bcd51956 | |||
1bfe9c129e | |||
3fadc5cbbd | |||
f4346cc5f4 | |||
2a41b82384 | |||
0aad2f2e06 | |||
515029d026 | |||
1d9961e411 | |||
6a8439fd13 | |||
0cd5b2ae19 | |||
4d4117f2b4 | |||
667e4e72a8 | |||
642bed601f | |||
5ee1d956b6 | |||
537f652fec | |||
0290afe1f8 | |||
3bf2df622a | |||
097c339d98 | |||
bdcbdd1cd8 | |||
9b118160a8 | |||
831eb35763 | |||
c475471e7a | |||
f4aad8fe6e | |||
5ab33fddac | |||
a1442f072a | |||
cbe7e1a66a | |||
8860aa19b8 | |||
1fea257291 | |||
7fdaf7aef0 | |||
1ec49980ec | |||
3f7a496355 | |||
f7c2cd1cd7 | |||
fae5104a2c | |||
db7a9d4948 | |||
046b649bcc | |||
94f3d28774 | |||
8d63738cb0 | |||
3214dd52dd | |||
af7600f989 | |||
445912dc6a | |||
0fd7df8fa0 | |||
2afd2c81ba | |||
f319a7d374 |
537
.drone.yml
|
@ -1,95 +1,478 @@
|
||||||
|
---
|
||||||
kind: pipeline
|
kind: pipeline
|
||||||
name: default
|
name: default
|
||||||
|
|
||||||
workspace:
|
workspace:
|
||||||
base: /drone
|
base: /drone/garage
|
||||||
|
|
||||||
clone:
|
volumes:
|
||||||
disable: true
|
- name: nix_store
|
||||||
|
host:
|
||||||
|
path: /var/lib/drone/nix
|
||||||
|
- name: nix_config
|
||||||
|
temp: {}
|
||||||
|
|
||||||
|
environment:
|
||||||
|
HOME: /drone/garage
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: clone
|
- name: setup nix
|
||||||
image: alpine/git
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
commands:
|
commands:
|
||||||
- mkdir -p cargo
|
- cp nix/nix.conf /etc/nix/nix.conf
|
||||||
- git clone https://git.deuxfleurs.fr/Deuxfleurs/garage.git
|
- nix-build --no-build-output --no-out-link shell.nix --arg release false -A inputDerivation
|
||||||
- cd garage
|
|
||||||
- git checkout $DRONE_COMMIT
|
|
||||||
|
|
||||||
- name: restore-cache
|
- name: code quality
|
||||||
image: meltwater/drone-cache:dev
|
image: nixpkgs/nix:nixos-21.05
|
||||||
environment:
|
volumes:
|
||||||
AWS_ACCESS_KEY_ID:
|
- name: nix_store
|
||||||
from_secret: cache_aws_access_key_id
|
path: /nix
|
||||||
AWS_SECRET_ACCESS_KEY:
|
- name: nix_config
|
||||||
from_secret: cache_aws_secret_access_key
|
path: /etc/nix
|
||||||
pull: true
|
commands:
|
||||||
settings:
|
- nix-shell --arg release false --run "cargo fmt -- --check"
|
||||||
restore: true
|
- nix-shell --arg release false --run "cargo clippy -- --deny warnings"
|
||||||
archive_format: "gzip"
|
|
||||||
bucket: drone-cache
|
|
||||||
cache_key: '{{ .Repo.Name }}_{{ checksum "garage/Cargo.lock" }}_{{ arch }}_{{ os }}_gzip'
|
|
||||||
region: garage
|
|
||||||
mount:
|
|
||||||
- 'garage/target'
|
|
||||||
- 'cargo/registry/index'
|
|
||||||
- 'cargo/registry/cache'
|
|
||||||
- 'cargo/git/db'
|
|
||||||
- 'cargo/bin'
|
|
||||||
path_style: true
|
|
||||||
endpoint: https://garage.deuxfleurs.fr
|
|
||||||
|
|
||||||
- name: build
|
- name: build
|
||||||
image: rust:buster
|
image: nixpkgs/nix:nixos-21.05
|
||||||
environment:
|
volumes:
|
||||||
CARGO_HOME: /drone/cargo
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
commands:
|
commands:
|
||||||
- apt-get update
|
- nix-build --no-build-output --option log-lines 100 --argstr target x86_64-unknown-linux-musl --arg release false --argstr git_version $DRONE_COMMIT
|
||||||
- apt-get install --yes libsodium-dev
|
|
||||||
- pwd
|
|
||||||
- cd garage
|
|
||||||
- cargo build
|
|
||||||
|
|
||||||
- name: cargo-test
|
- name: unit + func tests
|
||||||
image: rust:buster
|
image: nixpkgs/nix:nixos-21.05
|
||||||
environment:
|
environment:
|
||||||
CARGO_HOME: /drone/cargo
|
GARAGE_TEST_INTEGRATION_EXE: result/bin/garage
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
commands:
|
commands:
|
||||||
- apt-get update
|
- |
|
||||||
- apt-get install --yes libsodium-dev
|
nix-build \
|
||||||
- cd garage
|
--no-build-output \
|
||||||
- cargo test
|
--option log-lines 100 \
|
||||||
|
--argstr target x86_64-unknown-linux-musl \
|
||||||
- name: rebuild-cache
|
--argstr compileMode test
|
||||||
image: meltwater/drone-cache:dev
|
- ./result/bin/garage_api-*
|
||||||
environment:
|
- ./result/bin/garage_model-*
|
||||||
AWS_ACCESS_KEY_ID:
|
- ./result/bin/garage_rpc-*
|
||||||
from_secret: cache_aws_access_key_id
|
- ./result/bin/garage_table-*
|
||||||
AWS_SECRET_ACCESS_KEY:
|
- ./result/bin/garage_util-*
|
||||||
from_secret: cache_aws_secret_access_key
|
- ./result/bin/garage_web-*
|
||||||
pull: true
|
- ./result/bin/garage-*
|
||||||
settings:
|
- ./result/bin/integration-*
|
||||||
rebuild: true
|
|
||||||
archive_format: "gzip"
|
|
||||||
bucket: drone-cache
|
|
||||||
cache_key: '{{ .Repo.Name }}_{{ checksum "garage/Cargo.lock" }}_{{ arch }}_{{ os }}_gzip'
|
|
||||||
region: garage
|
|
||||||
mount:
|
|
||||||
- 'garage/target'
|
|
||||||
- 'cargo/registry/index'
|
|
||||||
- 'cargo/registry/cache'
|
|
||||||
- 'cargo/git/db'
|
|
||||||
- 'cargo/bin'
|
|
||||||
path_style: true
|
|
||||||
endpoint: https://garage.deuxfleurs.fr
|
|
||||||
|
|
||||||
- name: smoke-test
|
- name: smoke-test
|
||||||
image: rust:buster
|
image: nixpkgs/nix:nixos-21.05
|
||||||
environment:
|
volumes:
|
||||||
CARGO_HOME: /drone/cargo
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
commands:
|
commands:
|
||||||
- apt-get update
|
- nix-build --no-build-output --argstr target x86_64-unknown-linux-musl --arg release false --argstr git_version $DRONE_COMMIT
|
||||||
- apt-get install --yes libsodium-dev awscli python-pip
|
- nix-shell --arg release false --run ./script/test-smoke.sh || (cat /tmp/garage.log; false)
|
||||||
- pip install s3cmd
|
|
||||||
- cd garage
|
trigger:
|
||||||
- ./script/test-smoke.sh || (cat /tmp/garage.log; false)
|
event:
|
||||||
|
- custom
|
||||||
|
- push
|
||||||
|
- pull_request
|
||||||
|
- tag
|
||||||
|
- cron
|
||||||
|
|
||||||
|
node:
|
||||||
|
nix: 1
|
||||||
|
|
||||||
|
---
|
||||||
|
kind: pipeline
|
||||||
|
type: docker
|
||||||
|
name: release-linux-x86_64
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
host:
|
||||||
|
path: /var/lib/drone/nix
|
||||||
|
- name: nix_config
|
||||||
|
temp: {}
|
||||||
|
|
||||||
|
environment:
|
||||||
|
TARGET: x86_64-unknown-linux-musl
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: setup nix
|
||||||
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
|
commands:
|
||||||
|
- cp nix/nix.conf /etc/nix/nix.conf
|
||||||
|
- nix-build --no-build-output --no-out-link shell.nix -A inputDerivation
|
||||||
|
|
||||||
|
- name: build
|
||||||
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
|
commands:
|
||||||
|
- nix-build --no-build-output --argstr target $TARGET --arg release true --argstr git_version $DRONE_COMMIT
|
||||||
|
|
||||||
|
- name: integration
|
||||||
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
|
commands:
|
||||||
|
- nix-shell --run ./script/test-smoke.sh || (cat /tmp/garage.log; false)
|
||||||
|
|
||||||
|
- name: push static binary
|
||||||
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
|
environment:
|
||||||
|
AWS_ACCESS_KEY_ID:
|
||||||
|
from_secret: garagehq_aws_access_key_id
|
||||||
|
AWS_SECRET_ACCESS_KEY:
|
||||||
|
from_secret: garagehq_aws_secret_access_key
|
||||||
|
commands:
|
||||||
|
- nix-shell --arg rust false --arg integration false --run "to_s3"
|
||||||
|
|
||||||
|
- name: docker build and publish
|
||||||
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
|
environment:
|
||||||
|
DOCKER_AUTH:
|
||||||
|
from_secret: docker_auth
|
||||||
|
DOCKER_PLATFORM: "linux/amd64"
|
||||||
|
CONTAINER_NAME: "dxflrs/amd64_garage"
|
||||||
|
HOME: "/kaniko"
|
||||||
|
commands:
|
||||||
|
- mkdir -p /kaniko/.docker
|
||||||
|
- echo $DOCKER_AUTH > /kaniko/.docker/config.json
|
||||||
|
- export CONTAINER_TAG=${DRONE_TAG:-$DRONE_COMMIT}
|
||||||
|
- nix-shell --arg rust false --arg integration false --run "to_docker"
|
||||||
|
|
||||||
|
|
||||||
|
trigger:
|
||||||
|
event:
|
||||||
|
- promote
|
||||||
|
- cron
|
||||||
|
|
||||||
|
node:
|
||||||
|
nix: 1
|
||||||
|
|
||||||
|
---
|
||||||
|
kind: pipeline
|
||||||
|
type: docker
|
||||||
|
name: release-linux-i686
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
host:
|
||||||
|
path: /var/lib/drone/nix
|
||||||
|
- name: nix_config
|
||||||
|
temp: {}
|
||||||
|
|
||||||
|
environment:
|
||||||
|
TARGET: i686-unknown-linux-musl
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: setup nix
|
||||||
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
|
commands:
|
||||||
|
- cp nix/nix.conf /etc/nix/nix.conf
|
||||||
|
- nix-build --no-build-output --no-out-link shell.nix -A inputDerivation
|
||||||
|
|
||||||
|
- name: build
|
||||||
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
|
commands:
|
||||||
|
- nix-build --no-build-output --argstr target $TARGET --arg release true --argstr git_version $DRONE_COMMIT
|
||||||
|
|
||||||
|
- name: integration
|
||||||
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
|
commands:
|
||||||
|
- nix-shell --run ./script/test-smoke.sh || (cat /tmp/garage.log; false)
|
||||||
|
|
||||||
|
- name: push static binary
|
||||||
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
|
environment:
|
||||||
|
AWS_ACCESS_KEY_ID:
|
||||||
|
from_secret: garagehq_aws_access_key_id
|
||||||
|
AWS_SECRET_ACCESS_KEY:
|
||||||
|
from_secret: garagehq_aws_secret_access_key
|
||||||
|
commands:
|
||||||
|
- nix-shell --arg rust false --arg integration false --run "to_s3"
|
||||||
|
|
||||||
|
- name: docker build and publish
|
||||||
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
|
environment:
|
||||||
|
DOCKER_AUTH:
|
||||||
|
from_secret: docker_auth
|
||||||
|
DOCKER_PLATFORM: "linux/386"
|
||||||
|
CONTAINER_NAME: "dxflrs/386_garage"
|
||||||
|
HOME: "/kaniko"
|
||||||
|
commands:
|
||||||
|
- mkdir -p /kaniko/.docker
|
||||||
|
- echo $DOCKER_AUTH > /kaniko/.docker/config.json
|
||||||
|
- export CONTAINER_TAG=${DRONE_TAG:-$DRONE_COMMIT}
|
||||||
|
- nix-shell --arg rust false --arg integration false --run "to_docker"
|
||||||
|
|
||||||
|
trigger:
|
||||||
|
event:
|
||||||
|
- promote
|
||||||
|
- cron
|
||||||
|
|
||||||
|
node:
|
||||||
|
nix: 1
|
||||||
|
|
||||||
|
---
|
||||||
|
kind: pipeline
|
||||||
|
type: docker
|
||||||
|
name: release-linux-aarch64
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
host:
|
||||||
|
path: /var/lib/drone/nix
|
||||||
|
- name: nix_config
|
||||||
|
temp: {}
|
||||||
|
|
||||||
|
environment:
|
||||||
|
TARGET: aarch64-unknown-linux-musl
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: setup nix
|
||||||
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
|
commands:
|
||||||
|
- cp nix/nix.conf /etc/nix/nix.conf
|
||||||
|
- nix-build --no-build-output --no-out-link ./shell.nix --arg rust false --arg integration false -A inputDerivation
|
||||||
|
|
||||||
|
- name: build
|
||||||
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
|
commands:
|
||||||
|
- nix-build --no-build-output --argstr target $TARGET --arg release true --argstr git_version $DRONE_COMMIT
|
||||||
|
|
||||||
|
- name: push static binary
|
||||||
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
|
environment:
|
||||||
|
AWS_ACCESS_KEY_ID:
|
||||||
|
from_secret: garagehq_aws_access_key_id
|
||||||
|
AWS_SECRET_ACCESS_KEY:
|
||||||
|
from_secret: garagehq_aws_secret_access_key
|
||||||
|
commands:
|
||||||
|
- nix-shell --arg rust false --arg integration false --run "to_s3"
|
||||||
|
|
||||||
|
- name: docker build and publish
|
||||||
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
|
environment:
|
||||||
|
DOCKER_AUTH:
|
||||||
|
from_secret: docker_auth
|
||||||
|
DOCKER_PLATFORM: "linux/arm64"
|
||||||
|
CONTAINER_NAME: "dxflrs/arm64_garage"
|
||||||
|
HOME: "/kaniko"
|
||||||
|
commands:
|
||||||
|
- mkdir -p /kaniko/.docker
|
||||||
|
- echo $DOCKER_AUTH > /kaniko/.docker/config.json
|
||||||
|
- export CONTAINER_TAG=${DRONE_TAG:-$DRONE_COMMIT}
|
||||||
|
- nix-shell --arg rust false --arg integration false --run "to_docker"
|
||||||
|
|
||||||
|
trigger:
|
||||||
|
event:
|
||||||
|
- promote
|
||||||
|
- cron
|
||||||
|
|
||||||
|
node:
|
||||||
|
nix: 1
|
||||||
|
|
||||||
|
---
|
||||||
|
kind: pipeline
|
||||||
|
type: docker
|
||||||
|
name: release-linux-armv6l
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
host:
|
||||||
|
path: /var/lib/drone/nix
|
||||||
|
- name: nix_config
|
||||||
|
temp: {}
|
||||||
|
|
||||||
|
environment:
|
||||||
|
TARGET: armv6l-unknown-linux-musleabihf
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: setup nix
|
||||||
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
|
commands:
|
||||||
|
- cp nix/nix.conf /etc/nix/nix.conf
|
||||||
|
- nix-build --no-build-output --no-out-link --arg rust false --arg integration false -A inputDerivation
|
||||||
|
|
||||||
|
- name: build
|
||||||
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
|
commands:
|
||||||
|
- nix-build --no-build-output --argstr target $TARGET --arg release true --argstr git_version $DRONE_COMMIT
|
||||||
|
|
||||||
|
- name: push static binary
|
||||||
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
|
environment:
|
||||||
|
AWS_ACCESS_KEY_ID:
|
||||||
|
from_secret: garagehq_aws_access_key_id
|
||||||
|
AWS_SECRET_ACCESS_KEY:
|
||||||
|
from_secret: garagehq_aws_secret_access_key
|
||||||
|
commands:
|
||||||
|
- nix-shell --arg integration false --arg rust false --run "to_s3"
|
||||||
|
|
||||||
|
- name: docker build and publish
|
||||||
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
- name: nix_config
|
||||||
|
path: /etc/nix
|
||||||
|
environment:
|
||||||
|
DOCKER_AUTH:
|
||||||
|
from_secret: docker_auth
|
||||||
|
DOCKER_PLATFORM: "linux/arm"
|
||||||
|
CONTAINER_NAME: "dxflrs/arm_garage"
|
||||||
|
HOME: "/kaniko"
|
||||||
|
commands:
|
||||||
|
- mkdir -p /kaniko/.docker
|
||||||
|
- echo $DOCKER_AUTH > /kaniko/.docker/config.json
|
||||||
|
- export CONTAINER_TAG=${DRONE_TAG:-$DRONE_COMMIT}
|
||||||
|
- nix-shell --arg rust false --arg integration false --run "to_docker"
|
||||||
|
|
||||||
|
trigger:
|
||||||
|
event:
|
||||||
|
- promote
|
||||||
|
- cron
|
||||||
|
|
||||||
|
node:
|
||||||
|
nix: 1
|
||||||
|
|
||||||
|
---
|
||||||
|
kind: pipeline
|
||||||
|
type: docker
|
||||||
|
name: refresh-release-page
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
host:
|
||||||
|
path: /var/lib/drone/nix
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: refresh-index
|
||||||
|
image: nixpkgs/nix:nixos-21.05
|
||||||
|
volumes:
|
||||||
|
- name: nix_store
|
||||||
|
path: /nix
|
||||||
|
environment:
|
||||||
|
AWS_ACCESS_KEY_ID:
|
||||||
|
from_secret: garagehq_aws_access_key_id
|
||||||
|
AWS_SECRET_ACCESS_KEY:
|
||||||
|
from_secret: garagehq_aws_secret_access_key
|
||||||
|
commands:
|
||||||
|
- mkdir -p /etc/nix && cp nix/nix.conf /etc/nix/nix.conf
|
||||||
|
- nix-shell --arg integration false --arg rust false --run "refresh_index"
|
||||||
|
|
||||||
|
depends_on:
|
||||||
|
- release-linux-x86_64
|
||||||
|
- release-linux-i686
|
||||||
|
- release-linux-aarch64
|
||||||
|
- release-linux-armv6l
|
||||||
|
|
||||||
|
trigger:
|
||||||
|
event:
|
||||||
|
- promote
|
||||||
|
- cron
|
||||||
|
|
||||||
|
node:
|
||||||
|
nix: 1
|
||||||
|
|
||||||
|
---
|
||||||
|
kind: signature
|
||||||
|
hmac: 3fc19d6f9a3555519c8405e3281b2e74289bb802f644740d5481d53df3a01fa4
|
||||||
|
|
||||||
|
...
|
||||||
|
|
1
.gitattributes
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
*.pdf filter=lfs diff=lfs merge=lfs -text
|
2950
Cargo.lock
generated
|
@ -3,10 +3,12 @@ members = [
|
||||||
"src/util",
|
"src/util",
|
||||||
"src/rpc",
|
"src/rpc",
|
||||||
"src/table",
|
"src/table",
|
||||||
|
"src/block",
|
||||||
"src/model",
|
"src/model",
|
||||||
|
"src/admin",
|
||||||
"src/api",
|
"src/api",
|
||||||
"src/web",
|
"src/web",
|
||||||
"src/garage",
|
"src/garage"
|
||||||
]
|
]
|
||||||
|
|
||||||
[profile.dev]
|
[profile.dev]
|
||||||
|
|
|
@ -1,10 +1,7 @@
|
||||||
FROM archlinux:latest
|
FROM scratch
|
||||||
|
|
||||||
RUN mkdir -p /garage/meta
|
|
||||||
RUN mkdir -p /garage/data
|
|
||||||
ENV RUST_BACKTRACE=1
|
ENV RUST_BACKTRACE=1
|
||||||
ENV RUST_LOG=garage=info
|
ENV RUST_LOG=garage=info
|
||||||
|
|
||||||
COPY target/release/garage.stripped /garage/garage
|
COPY result/bin/garage /
|
||||||
|
CMD [ "/garage", "server"]
|
||||||
CMD /garage/garage server -c /garage/config.toml
|
|
||||||
|
|
142
LICENSE
|
@ -1,5 +1,5 @@
|
||||||
GNU GENERAL PUBLIC LICENSE
|
GNU AFFERO GENERAL PUBLIC LICENSE
|
||||||
Version 3, 29 June 2007
|
Version 3, 19 November 2007
|
||||||
|
|
||||||
Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
|
Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
|
||||||
Everyone is permitted to copy and distribute verbatim copies
|
Everyone is permitted to copy and distribute verbatim copies
|
||||||
|
@ -7,17 +7,15 @@
|
||||||
|
|
||||||
Preamble
|
Preamble
|
||||||
|
|
||||||
The GNU General Public License is a free, copyleft license for
|
The GNU Affero General Public License is a free, copyleft license for
|
||||||
software and other kinds of works.
|
software and other kinds of works, specifically designed to ensure
|
||||||
|
cooperation with the community in the case of network server software.
|
||||||
|
|
||||||
The licenses for most software and other practical works are designed
|
The licenses for most software and other practical works are designed
|
||||||
to take away your freedom to share and change the works. By contrast,
|
to take away your freedom to share and change the works. By contrast,
|
||||||
the GNU General Public License is intended to guarantee your freedom to
|
our General Public Licenses are intended to guarantee your freedom to
|
||||||
share and change all versions of a program--to make sure it remains free
|
share and change all versions of a program--to make sure it remains free
|
||||||
software for all its users. We, the Free Software Foundation, use the
|
software for all its users.
|
||||||
GNU General Public License for most of our software; it applies also to
|
|
||||||
any other work released this way by its authors. You can apply it to
|
|
||||||
your programs, too.
|
|
||||||
|
|
||||||
When we speak of free software, we are referring to freedom, not
|
When we speak of free software, we are referring to freedom, not
|
||||||
price. Our General Public Licenses are designed to make sure that you
|
price. Our General Public Licenses are designed to make sure that you
|
||||||
|
@ -26,44 +24,34 @@ them if you wish), that you receive source code or can get it if you
|
||||||
want it, that you can change the software or use pieces of it in new
|
want it, that you can change the software or use pieces of it in new
|
||||||
free programs, and that you know you can do these things.
|
free programs, and that you know you can do these things.
|
||||||
|
|
||||||
To protect your rights, we need to prevent others from denying you
|
Developers that use our General Public Licenses protect your rights
|
||||||
these rights or asking you to surrender the rights. Therefore, you have
|
with two steps: (1) assert copyright on the software, and (2) offer
|
||||||
certain responsibilities if you distribute copies of the software, or if
|
you this License which gives you legal permission to copy, distribute
|
||||||
you modify it: responsibilities to respect the freedom of others.
|
and/or modify the software.
|
||||||
|
|
||||||
For example, if you distribute copies of such a program, whether
|
A secondary benefit of defending all users' freedom is that
|
||||||
gratis or for a fee, you must pass on to the recipients the same
|
improvements made in alternate versions of the program, if they
|
||||||
freedoms that you received. You must make sure that they, too, receive
|
receive widespread use, become available for other developers to
|
||||||
or can get the source code. And you must show them these terms so they
|
incorporate. Many developers of free software are heartened and
|
||||||
know their rights.
|
encouraged by the resulting cooperation. However, in the case of
|
||||||
|
software used on network servers, this result may fail to come about.
|
||||||
|
The GNU General Public License permits making a modified version and
|
||||||
|
letting the public access it on a server without ever releasing its
|
||||||
|
source code to the public.
|
||||||
|
|
||||||
Developers that use the GNU GPL protect your rights with two steps:
|
The GNU Affero General Public License is designed specifically to
|
||||||
(1) assert copyright on the software, and (2) offer you this License
|
ensure that, in such cases, the modified source code becomes available
|
||||||
giving you legal permission to copy, distribute and/or modify it.
|
to the community. It requires the operator of a network server to
|
||||||
|
provide the source code of the modified version running there to the
|
||||||
|
users of that server. Therefore, public use of a modified version, on
|
||||||
|
a publicly accessible server, gives the public access to the source
|
||||||
|
code of the modified version.
|
||||||
|
|
||||||
For the developers' and authors' protection, the GPL clearly explains
|
An older license, called the Affero General Public License and
|
||||||
that there is no warranty for this free software. For both users' and
|
published by Affero, was designed to accomplish similar goals. This is
|
||||||
authors' sake, the GPL requires that modified versions be marked as
|
a different license, not a version of the Affero GPL, but Affero has
|
||||||
changed, so that their problems will not be attributed erroneously to
|
released a new version of the Affero GPL which permits relicensing under
|
||||||
authors of previous versions.
|
this license.
|
||||||
|
|
||||||
Some devices are designed to deny users access to install or run
|
|
||||||
modified versions of the software inside them, although the manufacturer
|
|
||||||
can do so. This is fundamentally incompatible with the aim of
|
|
||||||
protecting users' freedom to change the software. The systematic
|
|
||||||
pattern of such abuse occurs in the area of products for individuals to
|
|
||||||
use, which is precisely where it is most unacceptable. Therefore, we
|
|
||||||
have designed this version of the GPL to prohibit the practice for those
|
|
||||||
products. If such problems arise substantially in other domains, we
|
|
||||||
stand ready to extend this provision to those domains in future versions
|
|
||||||
of the GPL, as needed to protect the freedom of users.
|
|
||||||
|
|
||||||
Finally, every program is threatened constantly by software patents.
|
|
||||||
States should not allow patents to restrict development and use of
|
|
||||||
software on general-purpose computers, but in those that do, we wish to
|
|
||||||
avoid the special danger that patents applied to a free program could
|
|
||||||
make it effectively proprietary. To prevent this, the GPL assures that
|
|
||||||
patents cannot be used to render the program non-free.
|
|
||||||
|
|
||||||
The precise terms and conditions for copying, distribution and
|
The precise terms and conditions for copying, distribution and
|
||||||
modification follow.
|
modification follow.
|
||||||
|
@ -72,7 +60,7 @@ modification follow.
|
||||||
|
|
||||||
0. Definitions.
|
0. Definitions.
|
||||||
|
|
||||||
"This License" refers to version 3 of the GNU General Public License.
|
"This License" refers to version 3 of the GNU Affero General Public License.
|
||||||
|
|
||||||
"Copyright" also means copyright-like laws that apply to other kinds of
|
"Copyright" also means copyright-like laws that apply to other kinds of
|
||||||
works, such as semiconductor masks.
|
works, such as semiconductor masks.
|
||||||
|
@ -549,35 +537,45 @@ to collect a royalty for further conveying from those to whom you convey
|
||||||
the Program, the only way you could satisfy both those terms and this
|
the Program, the only way you could satisfy both those terms and this
|
||||||
License would be to refrain entirely from conveying the Program.
|
License would be to refrain entirely from conveying the Program.
|
||||||
|
|
||||||
13. Use with the GNU Affero General Public License.
|
13. Remote Network Interaction; Use with the GNU General Public License.
|
||||||
|
|
||||||
|
Notwithstanding any other provision of this License, if you modify the
|
||||||
|
Program, your modified version must prominently offer all users
|
||||||
|
interacting with it remotely through a computer network (if your version
|
||||||
|
supports such interaction) an opportunity to receive the Corresponding
|
||||||
|
Source of your version by providing access to the Corresponding Source
|
||||||
|
from a network server at no charge, through some standard or customary
|
||||||
|
means of facilitating copying of software. This Corresponding Source
|
||||||
|
shall include the Corresponding Source for any work covered by version 3
|
||||||
|
of the GNU General Public License that is incorporated pursuant to the
|
||||||
|
following paragraph.
|
||||||
|
|
||||||
Notwithstanding any other provision of this License, you have
|
Notwithstanding any other provision of this License, you have
|
||||||
permission to link or combine any covered work with a work licensed
|
permission to link or combine any covered work with a work licensed
|
||||||
under version 3 of the GNU Affero General Public License into a single
|
under version 3 of the GNU General Public License into a single
|
||||||
combined work, and to convey the resulting work. The terms of this
|
combined work, and to convey the resulting work. The terms of this
|
||||||
License will continue to apply to the part which is the covered work,
|
License will continue to apply to the part which is the covered work,
|
||||||
but the special requirements of the GNU Affero General Public License,
|
but the work with which it is combined will remain governed by version
|
||||||
section 13, concerning interaction through a network will apply to the
|
3 of the GNU General Public License.
|
||||||
combination as such.
|
|
||||||
|
|
||||||
14. Revised Versions of this License.
|
14. Revised Versions of this License.
|
||||||
|
|
||||||
The Free Software Foundation may publish revised and/or new versions of
|
The Free Software Foundation may publish revised and/or new versions of
|
||||||
the GNU General Public License from time to time. Such new versions will
|
the GNU Affero General Public License from time to time. Such new versions
|
||||||
be similar in spirit to the present version, but may differ in detail to
|
will be similar in spirit to the present version, but may differ in detail to
|
||||||
address new problems or concerns.
|
address new problems or concerns.
|
||||||
|
|
||||||
Each version is given a distinguishing version number. If the
|
Each version is given a distinguishing version number. If the
|
||||||
Program specifies that a certain numbered version of the GNU General
|
Program specifies that a certain numbered version of the GNU Affero General
|
||||||
Public License "or any later version" applies to it, you have the
|
Public License "or any later version" applies to it, you have the
|
||||||
option of following the terms and conditions either of that numbered
|
option of following the terms and conditions either of that numbered
|
||||||
version or of any later version published by the Free Software
|
version or of any later version published by the Free Software
|
||||||
Foundation. If the Program does not specify a version number of the
|
Foundation. If the Program does not specify a version number of the
|
||||||
GNU General Public License, you may choose any version ever published
|
GNU Affero General Public License, you may choose any version ever published
|
||||||
by the Free Software Foundation.
|
by the Free Software Foundation.
|
||||||
|
|
||||||
If the Program specifies that a proxy can decide which future
|
If the Program specifies that a proxy can decide which future
|
||||||
versions of the GNU General Public License can be used, that proxy's
|
versions of the GNU Affero General Public License can be used, that proxy's
|
||||||
public statement of acceptance of a version permanently authorizes you
|
public statement of acceptance of a version permanently authorizes you
|
||||||
to choose that version for the Program.
|
to choose that version for the Program.
|
||||||
|
|
||||||
|
@ -635,41 +633,29 @@ the "copyright" line and a pointer to where the full notice is found.
|
||||||
Copyright (C) <year> <name of author>
|
Copyright (C) <year> <name of author>
|
||||||
|
|
||||||
This program is free software: you can redistribute it and/or modify
|
This program is free software: you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU Affero General Public License as published by
|
||||||
the Free Software Foundation, either version 3 of the License, or
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
(at your option) any later version.
|
(at your option) any later version.
|
||||||
|
|
||||||
This program is distributed in the hope that it will be useful,
|
This program is distributed in the hope that it will be useful,
|
||||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
GNU General Public License for more details.
|
GNU Affero General Public License for more details.
|
||||||
|
|
||||||
You should have received a copy of the GNU General Public License
|
You should have received a copy of the GNU Affero General Public License
|
||||||
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
Also add information on how to contact you by electronic and paper mail.
|
Also add information on how to contact you by electronic and paper mail.
|
||||||
|
|
||||||
If the program does terminal interaction, make it output a short
|
If your software can interact with users remotely through a computer
|
||||||
notice like this when it starts in an interactive mode:
|
network, you should also make sure that it provides a way for users to
|
||||||
|
get its source. For example, if your program is a web application, its
|
||||||
<program> Copyright (C) <year> <name of author>
|
interface could display a "Source" link that leads users to an archive
|
||||||
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
|
of the code. There are many ways you could offer source, and different
|
||||||
This is free software, and you are welcome to redistribute it
|
solutions will be better for different programs; see section 13 for the
|
||||||
under certain conditions; type `show c' for details.
|
specific requirements.
|
||||||
|
|
||||||
The hypothetical commands `show w' and `show c' should show the appropriate
|
|
||||||
parts of the General Public License. Of course, your program's commands
|
|
||||||
might be different; for a GUI interface, you would use an "about box".
|
|
||||||
|
|
||||||
You should also get your employer (if you work as a programmer) or school,
|
You should also get your employer (if you work as a programmer) or school,
|
||||||
if any, to sign a "copyright disclaimer" for the program, if necessary.
|
if any, to sign a "copyright disclaimer" for the program, if necessary.
|
||||||
For more information on this, and how to apply and follow the GNU GPL, see
|
For more information on this, and how to apply and follow the GNU AGPL, see
|
||||||
<https://www.gnu.org/licenses/>.
|
<https://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
The GNU General Public License does not permit incorporating your program
|
|
||||||
into proprietary programs. If your program is a subroutine library, you
|
|
||||||
may consider it more useful to permit linking proprietary applications with
|
|
||||||
the library. If this is what you want to do, use the GNU Lesser General
|
|
||||||
Public License instead of this License. But first, please read
|
|
||||||
<https://www.gnu.org/licenses/why-not-lgpl.html>.
|
|
||||||
|
|
||||||
|
|
25
Makefile
|
@ -1,22 +1,13 @@
|
||||||
BIN=target/release/garage
|
.PHONY: doc all release shell
|
||||||
DOCKER=lxpz/garage_amd64
|
|
||||||
|
|
||||||
all:
|
all:
|
||||||
#cargo fmt || true
|
clear; cargo build --features k2v
|
||||||
#RUSTFLAGS="-C link-arg=-fuse-ld=lld" cargo build
|
|
||||||
cargo build
|
|
||||||
|
|
||||||
$(BIN):
|
doc:
|
||||||
#RUSTFLAGS="-C link-arg=-fuse-ld=lld" cargo build --release
|
cd doc/book; mdbook build
|
||||||
cargo build --release
|
|
||||||
|
|
||||||
$(BIN).stripped: $(BIN)
|
release:
|
||||||
cp $^ $@
|
nix-build --arg release true
|
||||||
strip $@
|
|
||||||
|
|
||||||
docker: $(BIN).stripped
|
shell:
|
||||||
docker build -t $(DOCKER):$(TAG) .
|
nix-shell
|
||||||
docker push $(DOCKER):$(TAG)
|
|
||||||
docker tag $(DOCKER):$(TAG) $(DOCKER):latest
|
|
||||||
docker push $(DOCKER):latest
|
|
||||||
|
|
||||||
|
|
134
README.md
|
@ -1,6 +1,19 @@
|
||||||
# Garage
|
Garage [![Build Status](https://drone.deuxfleurs.fr/api/badges/Deuxfleurs/garage/status.svg?ref=refs/heads/main)](https://drone.deuxfleurs.fr/Deuxfleurs/garage)
|
||||||
|
===
|
||||||
|
|
||||||
[![Build Status](https://drone.deuxfleurs.fr/api/badges/Deuxfleurs/garage/status.svg)](https://drone.deuxfleurs.fr/Deuxfleurs/garage)
|
<p align="center" style="text-align:center;">
|
||||||
|
<a href="https://garagehq.deuxfleurs.fr">
|
||||||
|
<img alt="Garage logo" src="https://garagehq.deuxfleurs.fr/img/logo.svg" height="200" />
|
||||||
|
</a>
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p align="center" style="text-align:center;">
|
||||||
|
[ <strong><a href="https://garagehq.deuxfleurs.fr/">Website and documentation</a></strong>
|
||||||
|
| <a href="https://garagehq.deuxfleurs.fr/_releases.html">Binary releases</a>
|
||||||
|
| <a href="https://git.deuxfleurs.fr/Deuxfleurs/garage">Git repository</a>
|
||||||
|
| <a href="https://matrix.to/#/%23garage:deuxfleurs.fr">Matrix channel</a>
|
||||||
|
]
|
||||||
|
</p>
|
||||||
|
|
||||||
Garage is a lightweight S3-compatible distributed object store, with the following goals:
|
Garage is a lightweight S3-compatible distributed object store, with the following goals:
|
||||||
|
|
||||||
|
@ -17,120 +30,3 @@ Non-goals include:
|
||||||
- Erasure coding (our replication model is simply to copy the data as is on several nodes, in different datacenters if possible)
|
- Erasure coding (our replication model is simply to copy the data as is on several nodes, in different datacenters if possible)
|
||||||
|
|
||||||
Our main use case is to provide a distributed storage layer for small-scale self hosted services such as [Deuxfleurs](https://deuxfleurs.fr).
|
Our main use case is to provide a distributed storage layer for small-scale self hosted services such as [Deuxfleurs](https://deuxfleurs.fr).
|
||||||
|
|
||||||
Check our [compatibility page](doc/Compatibility.md) to view details of the S3 API compatibility.
|
|
||||||
|
|
||||||
## Development
|
|
||||||
|
|
||||||
We propose the following quickstart to setup a full dev. environment as quickly as possible:
|
|
||||||
|
|
||||||
1. Setup a rust/cargo environment. eg. `dnf install rust cargo`
|
|
||||||
2. Install awscli v2 by following the guide [here](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html).
|
|
||||||
3. Run `cargo build` to build the project
|
|
||||||
4. Run `./script/dev-cluster.sh` to launch a test cluster (feel free to read the script)
|
|
||||||
5. Run `./script/dev-configure.sh` to configure your test cluster with default values (same datacenter, 100 tokens)
|
|
||||||
6. Run `./script/dev-bucket.sh` to create a bucket named `eprouvette` and an API key that will be stored in `/tmp/garage.s3`
|
|
||||||
7. Run `source ./script/dev-env-aws.sh` to configure your CLI environment
|
|
||||||
8. You can use `garage` to manage the cluster. Try `garage --help`.
|
|
||||||
9. You can use the `awsgrg` alias to add, remove, and delete files. Try `awsgrg help`, `awsgrg cp /proc/cpuinfo s3://eprouvette/cpuinfo.txt`, or `awsgrg ls s3://eprouvette`. `awsgrg` is a wrapper on the `aws s3` command pre-configured with the previously generated API key (the one in `/tmp/garage.s3`) and localhost as the endpoint.
|
|
||||||
|
|
||||||
Now you should be ready to start hacking on garage!
|
|
||||||
|
|
||||||
## S3 compatibility
|
|
||||||
|
|
||||||
Only a subset of S3 is supported: adding, listing, getting and deleting files in a bucket.
|
|
||||||
Bucket management, ACL and other advanced features are not (yet?) handled through the S3 API but through the `garage` CLI.
|
|
||||||
We primarily test `garage` against the `awscli` tool and `nextcloud`.
|
|
||||||
|
|
||||||
## Setting up Garage
|
|
||||||
|
|
||||||
Use the `genkeys.sh` script to generate TLS keys for encrypting communications between Garage nodes.
|
|
||||||
The script takes no arguments and will generate keys in `pki/`.
|
|
||||||
This script creates a certificate authority `garage-ca` which signs certificates for individual Garage nodes.
|
|
||||||
Garage nodes from a same cluster authenticate themselves by verifying that they have certificates signed by the same certificate authority.
|
|
||||||
|
|
||||||
Garage requires two locations to store its data: a metadata directory, and a data directory.
|
|
||||||
The metadata directory is used to store metadata such as object lists, and should ideally be located on an SSD drive.
|
|
||||||
The data directory is used to store the chunks of data of the objects stored in Garage.
|
|
||||||
In a typical deployment the data directory is stored on a standard HDD.
|
|
||||||
|
|
||||||
Garage does not handle TLS for its S3 API endpoint. This should be handled by adding a reverse proxy.
|
|
||||||
|
|
||||||
Create a configuration file with the following structure:
|
|
||||||
|
|
||||||
```
|
|
||||||
block_size = 1048576 # objects are split in blocks of maximum this number of bytes
|
|
||||||
|
|
||||||
metadata_dir = "/path/to/ssd/metadata/directory"
|
|
||||||
data_dir = "/path/to/hdd/data/directory"
|
|
||||||
|
|
||||||
rpc_bind_addr = "[::]:3901" # the port other Garage nodes will use to talk to this node
|
|
||||||
|
|
||||||
bootstrap_peers = [
|
|
||||||
# Ideally this list should contain the IP addresses of all other Garage nodes of the cluster.
|
|
||||||
# Use Ansible or any kind of configuration templating to generate this automatically.
|
|
||||||
"10.0.0.1:3901",
|
|
||||||
"10.0.0.2:3901",
|
|
||||||
"10.0.0.3:3901",
|
|
||||||
]
|
|
||||||
|
|
||||||
# optionnal: garage can find cluster nodes automatically using a Consul server
|
|
||||||
# garage only does lookup but does not register itself, registration should be handled externally by e.g. Nomad
|
|
||||||
consul_host = "localhost:8500" # optionnal: host name of a Consul server for automatic peer discovery
|
|
||||||
consul_service_name = "garage" # optionnal: service name to look up on Consul
|
|
||||||
|
|
||||||
max_concurrent_rpc_requests = 12
|
|
||||||
data_replication_factor = 3
|
|
||||||
meta_replication_factor = 3
|
|
||||||
meta_epidemic_fanout = 3
|
|
||||||
|
|
||||||
[rpc_tls]
|
|
||||||
# NOT RECOMMENDED: you can skip this section if you don't want to encrypt intra-cluster traffic
|
|
||||||
# Thanks to genkeys.sh, generating the keys and certificates is easy, so there is NO REASON NOT TO DO IT.
|
|
||||||
ca_cert = "/path/to/garage/pki/garage-ca.crt"
|
|
||||||
node_cert = "/path/to/garage/pki/garage.crt"
|
|
||||||
node_key = "/path/to/garage/pki/garage.key"
|
|
||||||
|
|
||||||
[s3_api]
|
|
||||||
api_bind_addr = "[::1]:3900" # the S3 API port, HTTP without TLS. Add a reverse proxy for the TLS part.
|
|
||||||
s3_region = "garage" # set this to anything. S3 API calls will fail if they are not made against the region set here.
|
|
||||||
|
|
||||||
[s3_web]
|
|
||||||
bind_addr = "[::1]:3902"
|
|
||||||
root_domain = ".garage.tld"
|
|
||||||
index = "index.html"
|
|
||||||
```
|
|
||||||
|
|
||||||
Build Garage using `cargo build --release`.
|
|
||||||
Then, run it using either `./target/release/garage server -c path/to/config_file.toml` or `cargo run --release -- server -c path/to/config_file.toml`.
|
|
||||||
|
|
||||||
Set the `RUST_LOG` environment to `garage=debug` to dump some debug information.
|
|
||||||
Set it to `garage=trace` to dump even more debug information.
|
|
||||||
Set it to `garage=warn` to show nothing except warnings and errors.
|
|
||||||
|
|
||||||
## Setting up cluster nodes
|
|
||||||
|
|
||||||
Once all your `garage` nodes are running, you will need to:
|
|
||||||
|
|
||||||
1. check that they are correctly talking to one another;
|
|
||||||
2. configure them with their physical location (in the case of a multi-dc deployment) and a number of "ring tokens" proportionnal to the storage space available on each node;
|
|
||||||
3. create some S3 API keys and buckets;
|
|
||||||
4. ???;
|
|
||||||
5. profit!
|
|
||||||
|
|
||||||
To run these administrative tasks, you will need to use the `garage` command line tool and it to connect to any of the cluster's nodes on the RPC port.
|
|
||||||
The `garage` CLI also needs TLS keys and certificates of its own to authenticate and be authenticated in the cluster.
|
|
||||||
A typicall invocation will be as follows:
|
|
||||||
|
|
||||||
```
|
|
||||||
./target/release/garage --ca-cert=pki/garage-ca.crt --client-cert=pki/garage-client.crt --client-key=pki/garage-client.key <...>
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
||||||
## Notes to self
|
|
||||||
|
|
||||||
### What to repair
|
|
||||||
|
|
||||||
- `tables`: to do a full sync of metadata, should not be necessary because it is done every hour by the system
|
|
||||||
- `versions` and `block_refs`: very time consuming, usefull if deletions have not been propagated, improves garbage collection
|
|
||||||
- `blocks`: very usefull to resync/rebalance blocks betweeen nodes
|
|
||||||
|
|
27
TODO
|
@ -1,27 +0,0 @@
|
||||||
Testing
|
|
||||||
-------
|
|
||||||
|
|
||||||
How are we going to test that our replication method works correctly?
|
|
||||||
We will have to introduce lots of dummy data and then add/remove nodes many times.
|
|
||||||
|
|
||||||
|
|
||||||
Attaining S3 compatibility
|
|
||||||
--------------------------
|
|
||||||
|
|
||||||
- test multipart uploads
|
|
||||||
- get ranges
|
|
||||||
|
|
||||||
- fix sync not working in some cases ? (when starting from empty?)
|
|
||||||
|
|
||||||
- api_server following the S3 semantics for head/get/put/list/delete: verify more that it works as intended
|
|
||||||
- PUT requests: verify content-md5 if provided
|
|
||||||
- possibly other necessary endpoints ?
|
|
||||||
|
|
||||||
|
|
||||||
Lower priority
|
|
||||||
--------------
|
|
||||||
|
|
||||||
- less a priority: hinted handoff
|
|
||||||
- repair: re-propagate block ref table to rc
|
|
||||||
- FIXME in rpc_server when garage shuts down and futures can be interrupted
|
|
||||||
(tokio::spawn should be replaced by a new function background::spawn_joinable)
|
|
|
@ -1,22 +0,0 @@
|
||||||
block_size = 1048576 # objects are split in blocks of maximum this number of bytes
|
|
||||||
|
|
||||||
metadata_dir = "/tmp/garage-meta"
|
|
||||||
data_dir = "/tmp/garage-data"
|
|
||||||
|
|
||||||
rpc_bind_addr = "[::]:3901" # the port other Garage nodes will use to talk to this node
|
|
||||||
|
|
||||||
bootstrap_peers = []
|
|
||||||
|
|
||||||
max_concurrent_rpc_requests = 12
|
|
||||||
data_replication_factor = 3
|
|
||||||
meta_replication_factor = 3
|
|
||||||
meta_epidemic_fanout = 3
|
|
||||||
|
|
||||||
[s3_api]
|
|
||||||
api_bind_addr = "[::1]:3900" # the S3 API port, HTTP without TLS. Add a reverse proxy for the TLS part.
|
|
||||||
s3_region = "garage" # set this to anything. S3 API calls will fail if they are not made against the region set here.
|
|
||||||
|
|
||||||
[s3_web]
|
|
||||||
bind_addr = "[::1]:3902"
|
|
||||||
root_domain = ".garage.tld"
|
|
||||||
index = "index.html"
|
|
147
default.nix
Normal file
|
@ -0,0 +1,147 @@
|
||||||
|
{
|
||||||
|
system ? builtins.currentSystem,
|
||||||
|
release ? false,
|
||||||
|
target ? "x86_64-unknown-linux-musl",
|
||||||
|
compileMode ? null,
|
||||||
|
git_version ? null,
|
||||||
|
}:
|
||||||
|
|
||||||
|
with import ./nix/common.nix;
|
||||||
|
|
||||||
|
let
|
||||||
|
crossSystem = { config = target; };
|
||||||
|
in let
|
||||||
|
log = v: builtins.trace v v;
|
||||||
|
|
||||||
|
pkgs = import pkgsSrc {
|
||||||
|
inherit system crossSystem;
|
||||||
|
overlays = [ cargo2nixOverlay ];
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
/*
|
||||||
|
Rust and Nix triples are not the same. Cargo2nix has a dedicated library
|
||||||
|
to convert Nix triples to Rust ones. We need this conversion as we want to
|
||||||
|
set later options linked to our (rust) target in a generic way. Not only
|
||||||
|
the triple terminology is different, but also the "roles" are named differently.
|
||||||
|
Nix uses a build/host/target terminology where Nix's "host" maps to Cargo's "target".
|
||||||
|
*/
|
||||||
|
rustTarget = log (pkgs.rustBuilder.rustLib.rustTriple pkgs.stdenv.hostPlatform);
|
||||||
|
|
||||||
|
/*
|
||||||
|
Cargo2nix is built for rustOverlay which installs Rust from Mozilla releases.
|
||||||
|
We want our own Rust to avoid incompatibilities, like we had with musl 1.2.0.
|
||||||
|
rustc was built with musl < 1.2.0 and nix shipped musl >= 1.2.0 which lead to compilation breakage.
|
||||||
|
So we want a Rust release that is bound to our Nix repository to avoid these problems.
|
||||||
|
See here for more info: https://musl.libc.org/time64.html
|
||||||
|
Because Cargo2nix does not support the Rust environment shipped by NixOS,
|
||||||
|
we emulate the structure of the Rust object created by rustOverlay.
|
||||||
|
In practise, rustOverlay ships rustc+cargo in a single derivation while
|
||||||
|
NixOS ships them in separate ones. We reunite them with symlinkJoin.
|
||||||
|
*/
|
||||||
|
rustChannel = pkgs.symlinkJoin {
|
||||||
|
name ="rust-channel";
|
||||||
|
paths = [
|
||||||
|
pkgs.rustPlatform.rust.rustc
|
||||||
|
pkgs.rustPlatform.rust.cargo
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
/*
|
||||||
|
Cargo2nix provides many overrides by default, you can take inspiration from them:
|
||||||
|
https://github.com/cargo2nix/cargo2nix/blob/master/overlay/overrides.nix
|
||||||
|
|
||||||
|
You can have a complete list of the available options by looking at the overriden object, mkcrate:
|
||||||
|
https://github.com/cargo2nix/cargo2nix/blob/master/overlay/mkcrate.nix
|
||||||
|
*/
|
||||||
|
overrides = pkgs.rustBuilder.overrides.all ++ [
|
||||||
|
/*
|
||||||
|
[1] We need to alter Nix hardening to be able to statically compile: PIE,
|
||||||
|
Position Independent Executables seems to be supported only on amd64. Having
|
||||||
|
this flags set either make our executables crash or compile as dynamic on many platforms.
|
||||||
|
In the following section codegenOpts, we reactive it for the supported targets
|
||||||
|
(only amd64 curently) through the `-static-pie` flag. PIE is a feature used
|
||||||
|
by ASLR, which helps mitigate security issues.
|
||||||
|
Learn more about Nix Hardening: https://github.com/NixOS/nixpkgs/blob/master/pkgs/build-support/cc-wrapper/add-hardening.sh
|
||||||
|
|
||||||
|
[2] We want to inject the git version while keeping the build deterministic.
|
||||||
|
As we do not want to consider the .git folder as part of the input source,
|
||||||
|
we ask the user (the CI often) to pass the value to Nix.
|
||||||
|
*/
|
||||||
|
(pkgs.rustBuilder.rustLib.makeOverride {
|
||||||
|
name = "garage";
|
||||||
|
overrideAttrs = drv:
|
||||||
|
/* [1] */ { hardeningDisable = [ "pie" ]; }
|
||||||
|
//
|
||||||
|
/* [2] */ (if git_version != null then {
|
||||||
|
preConfigure = ''
|
||||||
|
${drv.preConfigure or ""}
|
||||||
|
export GIT_VERSION="${git_version}"
|
||||||
|
'';
|
||||||
|
} else {});
|
||||||
|
})
|
||||||
|
|
||||||
|
/*
|
||||||
|
We ship some parts of the code disabled by default by putting them behind a flag.
|
||||||
|
It speeds up the compilation (when the feature is not required) and released crates have less dependency by default (less attack surface, disk space, etc.).
|
||||||
|
But we want to ship these additional features when we release Garage.
|
||||||
|
In the end, we chose to exclude all features from debug builds while putting (all of) them in the release builds.
|
||||||
|
Currently, the only feature of Garage is kubernetes-discovery from the garage_rpc crate.
|
||||||
|
*/
|
||||||
|
(pkgs.rustBuilder.rustLib.makeOverride {
|
||||||
|
name = "garage_rpc";
|
||||||
|
overrideArgs = old:
|
||||||
|
{
|
||||||
|
features = if release then [ "kubernetes-discovery" ] else [];
|
||||||
|
};
|
||||||
|
})
|
||||||
|
];
|
||||||
|
|
||||||
|
packageFun = import ./Cargo.nix;
|
||||||
|
|
||||||
|
/*
|
||||||
|
We compile fully static binaries with musl to simplify deployment on most systems.
|
||||||
|
When possible, we reactivate PIE hardening (see above).
|
||||||
|
|
||||||
|
Also, if you set the RUSTFLAGS environment variable, the following parameters will
|
||||||
|
be ignored.
|
||||||
|
|
||||||
|
For more information on static builds, please refer to Rust's RFC 1721.
|
||||||
|
https://rust-lang.github.io/rfcs/1721-crt-static.html#specifying-dynamicstatic-c-runtime-linkage
|
||||||
|
*/
|
||||||
|
|
||||||
|
codegenOpts = {
|
||||||
|
"armv6l-unknown-linux-musleabihf" = [ "target-feature=+crt-static" "link-arg=-static" ]; /* compile as dynamic with static-pie */
|
||||||
|
"aarch64-unknown-linux-musl" = [ "target-feature=+crt-static" "link-arg=-static" ]; /* segfault with static-pie */
|
||||||
|
"i686-unknown-linux-musl" = [ "target-feature=+crt-static" "link-arg=-static" ]; /* segfault with static-pie */
|
||||||
|
"x86_64-unknown-linux-musl" = [ "target-feature=+crt-static" "link-arg=-static-pie" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
/*
|
||||||
|
The following definition is not elegant as we use a low level function of Cargo2nix
|
||||||
|
that enables us to pass our custom rustChannel object. We need this low level definition
|
||||||
|
to pass Nix's Rust toolchains instead of Mozilla's one.
|
||||||
|
|
||||||
|
target is mandatory but must be kept to null to allow cargo2nix to set it to the appropriate value
|
||||||
|
for each crate.
|
||||||
|
*/
|
||||||
|
rustPkgs = pkgs.rustBuilder.makePackageSet {
|
||||||
|
inherit packageFun rustChannel release codegenOpts;
|
||||||
|
packageOverrides = overrides;
|
||||||
|
target = null;
|
||||||
|
|
||||||
|
buildRustPackages = pkgs.buildPackages.rustBuilder.makePackageSet {
|
||||||
|
inherit rustChannel packageFun codegenOpts;
|
||||||
|
packageOverrides = overrides;
|
||||||
|
target = null;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
in
|
||||||
|
if compileMode == "test"
|
||||||
|
then pkgs.symlinkJoin {
|
||||||
|
name ="garage-tests";
|
||||||
|
paths = builtins.map (key: rustPkgs.workspace.${key} { inherit compileMode; }) (builtins.attrNames rustPkgs.workspace);
|
||||||
|
}
|
||||||
|
else rustPkgs.workspace.garage { inherit compileMode; }
|
|
@ -1,84 +0,0 @@
|
||||||
## S3 Compatibility status
|
|
||||||
|
|
||||||
### Global S3 features
|
|
||||||
|
|
||||||
Implemented:
|
|
||||||
|
|
||||||
- path-style URLs (`garage.tld/bucket/key`)
|
|
||||||
- putting and getting objects in buckets
|
|
||||||
- multipart uploads
|
|
||||||
- listing objects
|
|
||||||
- access control on a per-key-per-bucket basis
|
|
||||||
|
|
||||||
Not implemented:
|
|
||||||
|
|
||||||
- vhost-style URLs (`bucket.garage.tld/key`)
|
|
||||||
- object-level ACL
|
|
||||||
- encryption
|
|
||||||
- most `x-amz-` headers
|
|
||||||
|
|
||||||
|
|
||||||
### Endpoint implementation
|
|
||||||
|
|
||||||
All APIs that are not mentionned are not implemented and will return a 400 bad request.
|
|
||||||
|
|
||||||
#### AbortMultipartUpload
|
|
||||||
|
|
||||||
Implemented.
|
|
||||||
|
|
||||||
#### CompleteMultipartUpload
|
|
||||||
|
|
||||||
Implemented badly. Garage will not check that all the parts stored correspond to the list given by the client in the request body. This means that the multipart upload might be completed with an invalid size. This is a bug and will be fixed.
|
|
||||||
|
|
||||||
#### CopyObject
|
|
||||||
|
|
||||||
Implemented.
|
|
||||||
|
|
||||||
#### CreateBucket
|
|
||||||
|
|
||||||
Garage does not accept creating buckets or giving access using API calls, it has to be done using the CLI tools. CreateBucket will return a 200 if the bucket exists and user has write access, and a 403 Forbidden in all other cases.
|
|
||||||
|
|
||||||
#### CreateMultipartUpload
|
|
||||||
|
|
||||||
Implemented.
|
|
||||||
|
|
||||||
#### DeleteBucket
|
|
||||||
|
|
||||||
Garage does not accept deleting buckets using API calls, it has to be done using the CLI tools. This request will return a 403 Forbidden.
|
|
||||||
|
|
||||||
#### DeleteObject
|
|
||||||
|
|
||||||
Implemented.
|
|
||||||
|
|
||||||
#### DeleteObjects
|
|
||||||
|
|
||||||
Implemented.
|
|
||||||
|
|
||||||
#### GetObject
|
|
||||||
|
|
||||||
Implemented.
|
|
||||||
|
|
||||||
#### HeadBucket
|
|
||||||
|
|
||||||
Implemented.
|
|
||||||
|
|
||||||
#### HeadObject
|
|
||||||
|
|
||||||
Implemented.
|
|
||||||
|
|
||||||
#### ListObjects
|
|
||||||
|
|
||||||
Implemented, but there isn't a very good specification of what `encoding-type=url` covers so there might be some encoding bugs. In our implementation the url-encoded fields are in the same in ListObjects as they are in ListObjectsV2.
|
|
||||||
|
|
||||||
#### ListObjectsV2
|
|
||||||
|
|
||||||
Implemented.
|
|
||||||
|
|
||||||
#### PutObject
|
|
||||||
|
|
||||||
Implemented.
|
|
||||||
|
|
||||||
#### UploadPart
|
|
||||||
|
|
||||||
Implemented.
|
|
||||||
|
|
|
@ -1,140 +0,0 @@
|
||||||
# Quickstart on an existing deployment
|
|
||||||
|
|
||||||
First, chances are that your garage deployment is secured by TLS.
|
|
||||||
All your commands must be prefixed with their certificates.
|
|
||||||
I will define an alias once and for all to ease future commands.
|
|
||||||
Please adapt the path of the binary and certificates to your installation!
|
|
||||||
|
|
||||||
```
|
|
||||||
alias grg="/garage/garage --ca-cert /secrets/garage-ca.crt --client-cert /secrets/garage.crt --client-key /secrets/garage.key"
|
|
||||||
```
|
|
||||||
|
|
||||||
Now we can check that everything is going well by checking our cluster status:
|
|
||||||
|
|
||||||
```
|
|
||||||
grg status
|
|
||||||
```
|
|
||||||
|
|
||||||
Don't forget that `help` command and `--help` subcommands can help you anywhere, the CLI tool is self-documented! Two examples:
|
|
||||||
|
|
||||||
```
|
|
||||||
grg help
|
|
||||||
grg bucket allow --help
|
|
||||||
```
|
|
||||||
|
|
||||||
Fine, now let's create a bucket (we imagine that you want to deploy nextcloud):
|
|
||||||
|
|
||||||
```
|
|
||||||
grg bucket create nextcloud-bucket
|
|
||||||
```
|
|
||||||
|
|
||||||
Check that everything went well:
|
|
||||||
|
|
||||||
```
|
|
||||||
grg bucket list
|
|
||||||
grg bucket info nextcloud-bucket
|
|
||||||
```
|
|
||||||
|
|
||||||
Now we will generate an API key to access this bucket.
|
|
||||||
Note that API keys are independent of buckets: one key can access multiple buckets, multiple keys can access one bucket.
|
|
||||||
|
|
||||||
Now, let's start by creating a key only for our PHP application:
|
|
||||||
|
|
||||||
```
|
|
||||||
grg key new --name nextcloud-app-key
|
|
||||||
```
|
|
||||||
|
|
||||||
You will have the following output (this one is fake, `key_id` and `secret_key` were generated with the openssl CLI tool):
|
|
||||||
|
|
||||||
```
|
|
||||||
Key { key_id: "GK3515373e4c851ebaad366558", secret_key: "7d37d093435a41f2aab8f13c19ba067d9776c90215f56614adad6ece597dbb34", name: "nextcloud-app-key", name_timestamp: 1603280506694, deleted: false, authorized_buckets: [] }
|
|
||||||
```
|
|
||||||
|
|
||||||
Check that everything works as intended (be careful, info works only with your key identifier and not with its friendly name!):
|
|
||||||
|
|
||||||
```
|
|
||||||
grg key list
|
|
||||||
grg key info GK3515373e4c851ebaad366558
|
|
||||||
```
|
|
||||||
|
|
||||||
Now that we have a bucket and a key, we need to give permissions to the key on the bucket!
|
|
||||||
|
|
||||||
```
|
|
||||||
grg bucket allow --read --write nextcloud-bucket --key GK3515373e4c851ebaad366558
|
|
||||||
```
|
|
||||||
|
|
||||||
You can check at any times allowed keys on your bucket with:
|
|
||||||
|
|
||||||
```
|
|
||||||
grg bucket info nextcloud-bucket
|
|
||||||
```
|
|
||||||
|
|
||||||
Now, let's move to the S3 API!
|
|
||||||
We will use the `s3cmd` CLI tool.
|
|
||||||
You can install it via your favorite package manager.
|
|
||||||
Otherwise, check [their website](https://s3tools.org/s3cmd)
|
|
||||||
|
|
||||||
We will configure `s3cmd` with its interactive configuration tool, be careful not all endpoints are implemented!
|
|
||||||
Especially, the test run at the end does not work (yet).
|
|
||||||
|
|
||||||
```
|
|
||||||
$ s3cmd --configure
|
|
||||||
|
|
||||||
Enter new values or accept defaults in brackets with Enter.
|
|
||||||
Refer to user manual for detailed description of all options.
|
|
||||||
|
|
||||||
Access key and Secret key are your identifiers for Amazon S3. Leave them empty for using the env variables.
|
|
||||||
Access Key: GK3515373e4c851ebaad366558
|
|
||||||
Secret Key: 7d37d093435a41f2aab8f13c19ba067d9776c90215f56614adad6ece597dbb34
|
|
||||||
Default Region [US]: garage
|
|
||||||
|
|
||||||
Use "s3.amazonaws.com" for S3 Endpoint and not modify it to the target Amazon S3.
|
|
||||||
S3 Endpoint [s3.amazonaws.com]: garage.deuxfleurs.fr
|
|
||||||
|
|
||||||
Use "%(bucket)s.s3.amazonaws.com" to the target Amazon S3. "%(bucket)s" and "%(location)s" vars can be used
|
|
||||||
if the target S3 system supports dns based buckets.
|
|
||||||
DNS-style bucket+hostname:port template for accessing a bucket [%(bucket)s.s3.amazonaws.com]: garage.deuxfleurs.fr
|
|
||||||
|
|
||||||
Encryption password is used to protect your files from reading
|
|
||||||
by unauthorized persons while in transfer to S3
|
|
||||||
Encryption password:
|
|
||||||
Path to GPG program [/usr/bin/gpg]:
|
|
||||||
|
|
||||||
When using secure HTTPS protocol all communication with Amazon S3
|
|
||||||
servers is protected from 3rd party eavesdropping. This method is
|
|
||||||
slower than plain HTTP, and can only be proxied with Python 2.7 or newer
|
|
||||||
Use HTTPS protocol [Yes]:
|
|
||||||
|
|
||||||
On some networks all internet access must go through a HTTP proxy.
|
|
||||||
Try setting it here if you can't connect to S3 directly
|
|
||||||
HTTP Proxy server name:
|
|
||||||
|
|
||||||
New settings:
|
|
||||||
Access Key: GK3515373e4c851ebaad366558
|
|
||||||
Secret Key: 7d37d093435a41f2aab8f13c19ba067d9776c90215f56614adad6ece597dbb34
|
|
||||||
Default Region: garage
|
|
||||||
S3 Endpoint: garage.deuxfleurs.fr
|
|
||||||
DNS-style bucket+hostname:port template for accessing a bucket: garage.deuxfleurs.fr
|
|
||||||
Encryption password:
|
|
||||||
Path to GPG program: /usr/bin/gpg
|
|
||||||
Use HTTPS protocol: True
|
|
||||||
HTTP Proxy server name:
|
|
||||||
HTTP Proxy server port: 0
|
|
||||||
|
|
||||||
Test access with supplied credentials? [Y/n] n
|
|
||||||
|
|
||||||
Save settings? [y/N] y
|
|
||||||
Configuration saved to '/home/quentin/.s3cfg'
|
|
||||||
```
|
|
||||||
|
|
||||||
Now, if everything works, the following commands should work:
|
|
||||||
|
|
||||||
```
|
|
||||||
echo hello world > hello.txt
|
|
||||||
s3cmd put hello.txt s3://nextcloud-bucket
|
|
||||||
s3cmd ls s3://nextcloud-bucket
|
|
||||||
s3cmd rm s3://nextcloud-bucket/hello.txt
|
|
||||||
```
|
|
||||||
|
|
||||||
That's all for now!
|
|
||||||
|
|
1
doc/book/.gitignore
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
book
|
3
doc/book/README
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
These are the sources for the documentation but not the whole website.
|
||||||
|
The website templates and other things are in garage_website, which
|
||||||
|
uses this as a submodule.
|
5
doc/book/_index.md
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
+++
|
||||||
|
template = "documentation.html"
|
||||||
|
page_template = "documentation.html"
|
||||||
|
redirect_to = "documentation/quick-start/"
|
||||||
|
+++
|
48
doc/book/connect/_index.md
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
+++
|
||||||
|
title = "Integrations"
|
||||||
|
weight = 3
|
||||||
|
sort_by = "weight"
|
||||||
|
template = "documentation.html"
|
||||||
|
+++
|
||||||
|
|
||||||
|
|
||||||
|
Garage implements the Amazon S3 protocol, which makes it compatible with many existing software programs.
|
||||||
|
|
||||||
|
In particular, you will find here instructions to connect it with:
|
||||||
|
|
||||||
|
- [Browsing tools](@/documentation/connect/cli.md)
|
||||||
|
- [Applications](@/documentation/connect/apps/index.md)
|
||||||
|
- [Website hosting](@/documentation/connect/websites.md)
|
||||||
|
- [Software repositories](@/documentation/connect/repositories.md)
|
||||||
|
- [Your own code](@/documentation/connect/code.md)
|
||||||
|
- [FUSE](@/documentation/connect/fs.md)
|
||||||
|
|
||||||
|
### Generic instructions
|
||||||
|
|
||||||
|
To configure S3-compatible software to interact with Garage,
|
||||||
|
you will need the following parameters:
|
||||||
|
|
||||||
|
- An **API endpoint**: this corresponds to the HTTP or HTTPS address
|
||||||
|
used to contact the Garage server. When runing Garage locally this will usually
|
||||||
|
be `http://127.0.0.1:3900`. In a real-world setting, you would usually have a reverse-proxy
|
||||||
|
that adds TLS support and makes your Garage server available under a public hostname
|
||||||
|
such as `https://garage.example.com`.
|
||||||
|
|
||||||
|
- An **API access key** and its associated **secret key**. These usually look something
|
||||||
|
like this: `GK3515373e4c851ebaad366558` (access key),
|
||||||
|
`7d37d093435a41f2aab8f13c19ba067d9776c90215f56614adad6ece597dbb34` (secret key).
|
||||||
|
These keys are created and managed using the `garage` CLI, as explained in the
|
||||||
|
[quick start](@/documentation/quick-start/_index.md) guide.
|
||||||
|
|
||||||
|
Most S3 clients can be configured easily with these parameters,
|
||||||
|
provided that you follow the following guidelines:
|
||||||
|
|
||||||
|
- **Be careful to DNS-style/path-style access:** Garage supports both DNS-style buckets, which are now by default
|
||||||
|
on Amazon S3, and legacy path-style buckets. If you use a reverse proxy in front of Garage,
|
||||||
|
make sure that you configured it to support the access-style required by the software you want to use.
|
||||||
|
|
||||||
|
- **Configuring the S3 region:** Garage requires your client to talk to the correct "S3 region",
|
||||||
|
which is set in the configuration file. This is often set just to `garage`.
|
||||||
|
If this is not configured explicitly, clients usually try to talk to region `us-east-1`.
|
||||||
|
Garage should normally redirect your client to the correct region,
|
||||||
|
but in case your client does not support this you might have to configure it manually.
|
BIN
doc/book/connect/apps/cli-nextcloud-gui.png
Normal file
After Width: | Height: | Size: 197 KiB |
374
doc/book/connect/apps/index.md
Normal file
|
@ -0,0 +1,374 @@
|
||||||
|
+++
|
||||||
|
title = "Apps (Nextcloud, Peertube...)"
|
||||||
|
weight = 5
|
||||||
|
+++
|
||||||
|
|
||||||
|
In this section, we cover the following web applications:
|
||||||
|
|
||||||
|
| Name | Status | Note |
|
||||||
|
|------|--------|------|
|
||||||
|
| [Nextcloud](#nextcloud) | ✅ | Both Primary Storage and External Storage are supported |
|
||||||
|
| [Peertube](#peertube) | ✅ | Must be configured with the website endpoint |
|
||||||
|
| [Mastodon](#mastodon) | ❓ | Not yet tested |
|
||||||
|
| [Matrix](#matrix) | ✅ | Tested with `synapse-s3-storage-provider` |
|
||||||
|
| [Pixelfed](#pixelfed) | ❓ | Not yet tested |
|
||||||
|
| [Pleroma](#pleroma) | ❓ | Not yet tested |
|
||||||
|
| [Lemmy](#lemmy) | ❓ | Not yet tested |
|
||||||
|
| [Funkwhale](#funkwhale) | ❓ | Not yet tested |
|
||||||
|
| [Misskey](#misskey) | ❓ | Not yet tested |
|
||||||
|
| [Prismo](#prismo) | ❓ | Not yet tested |
|
||||||
|
| [Owncloud OCIS](#owncloud-infinite-scale-ocis) | ❓| Not yet tested |
|
||||||
|
|
||||||
|
## Nextcloud
|
||||||
|
|
||||||
|
Nextcloud is a popular file synchronisation and backup service.
|
||||||
|
By default, Nextcloud stores its data on the local filesystem.
|
||||||
|
If you want to expand your storage to aggregate multiple servers, Garage is the way to go.
|
||||||
|
|
||||||
|
A S3 backend can be configured in two ways on Nextcloud, either as Primary Storage or as an External Storage.
|
||||||
|
Primary storage will store all your data on S3, in an opaque manner, and will provide the best performances.
|
||||||
|
External storage enable you to select which data will be stored on S3, your file hierarchy will be preserved in S3, but it might be slower.
|
||||||
|
|
||||||
|
In the following, we cover both methods but before reading our guide, we suppose you have done some preliminary steps.
|
||||||
|
First, we expect you have an already installed and configured Nextcloud instance.
|
||||||
|
Second, we suppose you have created a key and a bucket.
|
||||||
|
|
||||||
|
As a reminder, you can create a key for your nextcloud instance as follow:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
garage key new --name nextcloud-key
|
||||||
|
```
|
||||||
|
|
||||||
|
Keep the Key ID and the Secret key in a pad, they will be needed later.
|
||||||
|
Then you can create a bucket and give read/write rights to your key on this bucket with:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
garage bucket create nextcloud
|
||||||
|
garage bucket allow nextcloud --read --write --key nextcloud-key
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
### Primary Storage
|
||||||
|
|
||||||
|
Now edit your Nextcloud configuration file to enable object storage.
|
||||||
|
On my installation, the config. file is located at the following path: `/var/www/nextcloud/config/config.php`.
|
||||||
|
We will add a new root key to the `$CONFIG` dictionnary named `objectstore`:
|
||||||
|
|
||||||
|
```php
|
||||||
|
<?php
|
||||||
|
$CONFIG = array(
|
||||||
|
/* your existing configuration */
|
||||||
|
'objectstore' => [
|
||||||
|
'class' => '\\OC\\Files\\ObjectStore\\S3',
|
||||||
|
'arguments' => [
|
||||||
|
'bucket' => 'nextcloud', // Your bucket name, must be created before
|
||||||
|
'autocreate' => false, // Garage does not support autocreate
|
||||||
|
'key' => 'xxxxxxxxx', // The Key ID generated previously
|
||||||
|
'secret' => 'xxxxxxxxx', // The Secret key generated previously
|
||||||
|
'hostname' => '127.0.0.1', // Can also be a domain name, eg. garage.example.com
|
||||||
|
'port' => 3900, // Put your reverse proxy port or your S3 API port
|
||||||
|
'use_ssl' => false, // Set it to true if you have a TLS enabled reverse proxy
|
||||||
|
'region' => 'garage', // Garage has only one region named "garage"
|
||||||
|
'use_path_style' => true // Garage supports only path style, must be set to true
|
||||||
|
],
|
||||||
|
],
|
||||||
|
```
|
||||||
|
|
||||||
|
That's all, your Nextcloud will store all your data to S3.
|
||||||
|
To test your new configuration, just reload your Nextcloud webpage and start sending data.
|
||||||
|
|
||||||
|
*External link:* [Nextcloud Documentation > Primary Storage](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/primary_storage.html)
|
||||||
|
|
||||||
|
### External Storage
|
||||||
|
|
||||||
|
**From the GUI.** Activate the "External storage support" app from the "Applications" page (click on your account icon on the top right corner of your screen to display the menu). Go to your parameters page (also located below your account icon). Click on external storage (or the corresponding translation in your language).
|
||||||
|
|
||||||
|
[![Screenshot of the External Storage form](cli-nextcloud-gui.png)](cli-nextcloud-gui.png)
|
||||||
|
*Click on the picture to zoom*
|
||||||
|
|
||||||
|
Add a new external storage. Put what you want in "folder name" (eg. "shared"). Select "Amazon S3". Keep "Access Key" for the Authentication field.
|
||||||
|
In Configuration, put your bucket name (eg. nextcloud), the host (eg. 127.0.0.1), the port (eg. 3900 or 443), the region (garage). Tick the SSL box if you have put an HTTPS proxy in front of garage. You must tick the "Path access" box and you must leave the "Legacy authentication (v2)" box empty. Put your Key ID (eg. GK...) and your Secret Key in the last two input boxes. Finally click on the tick symbol on the right of your screen.
|
||||||
|
|
||||||
|
Now go to your "Files" app and a new "linked folder" has appeared with the name you chose earlier (eg. "shared").
|
||||||
|
|
||||||
|
*External link:* [Nextcloud Documentation > External Storage Configuration GUI](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/external_storage_configuration_gui.html)
|
||||||
|
|
||||||
|
**From the CLI.** First install the external storage application:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
php occ app:install files_external
|
||||||
|
```
|
||||||
|
|
||||||
|
Then add a new mount point with:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
php occ files_external:create \
|
||||||
|
-c bucket=nextcloud \
|
||||||
|
-c hostname=127.0.0.1 \
|
||||||
|
-c port=3900 \
|
||||||
|
-c region=garage \
|
||||||
|
-c use_ssl=false \
|
||||||
|
-c use_path_style=true \
|
||||||
|
-c legacy_auth=false \
|
||||||
|
-c key=GKxxxx \
|
||||||
|
-c secret=xxxx \
|
||||||
|
shared amazons3 amazons3::accesskey
|
||||||
|
```
|
||||||
|
|
||||||
|
Adapt the `hostname`, `port`, `use_ssl`, `key`, and `secret` entries to your configuration.
|
||||||
|
Do not change the `use_path_style` and `legacy_auth` entries, other configurations are not supported.
|
||||||
|
|
||||||
|
*External link:* [Nextcloud Documentation > occ command > files external](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html#files-external-label)
|
||||||
|
|
||||||
|
|
||||||
|
## Peertube
|
||||||
|
|
||||||
|
Peertube proposes a clever integration of S3 by directly exposing its endpoint instead of proxifying requests through the application.
|
||||||
|
In other words, Peertube is only responsible of the "control plane" and offload the "data plane" to Garage.
|
||||||
|
In return, this system is a bit harder to configure.
|
||||||
|
We show how it is still possible to configure Garage with Peertube, allowing you to spread the load and the bandwidth usage on the Garage cluster.
|
||||||
|
|
||||||
|
|
||||||
|
### Create resources in Garage
|
||||||
|
|
||||||
|
Create a key for Peertube:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
garage key new --name peertube-key
|
||||||
|
```
|
||||||
|
|
||||||
|
Keep the Key ID and the Secret key in a pad, they will be needed later.
|
||||||
|
|
||||||
|
We need two buckets, one for normal videos (named peertube-video) and one for webtorrent videos (named peertube-playlist).
|
||||||
|
```bash
|
||||||
|
garage bucket create peertube-video
|
||||||
|
garage bucket create peertube-playlist
|
||||||
|
```
|
||||||
|
|
||||||
|
Now we allow our key to read and write on these buckets:
|
||||||
|
|
||||||
|
```
|
||||||
|
garage bucket allow peertube-playlists --read --write --owner --key peertube-key
|
||||||
|
garage bucket allow peertube-videos --read --write --owner --key peertube-key
|
||||||
|
```
|
||||||
|
|
||||||
|
We also need to expose these buckets publicly to serve their content to users:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
garage bucket website --allow peertube-playlists
|
||||||
|
garage bucket website --allow peertube-videos
|
||||||
|
```
|
||||||
|
|
||||||
|
Finally, we must allow Cross-Origin Resource Sharing (CORS).
|
||||||
|
CORS are required by your browser to allow requests triggered from the peertube website (eg. peertube.tld) to your bucket's domain (eg. peertube-videos.web.garage.tld)
|
||||||
|
|
||||||
|
```bash
|
||||||
|
export CORS='{"CORSRules":[{"AllowedHeaders":["*"],"AllowedMethods":["GET"],"AllowedOrigins":["*"]}]}'
|
||||||
|
aws --endpoint http://s3.garage.localhost s3api put-bucket-cors --bucket peertube-playlists --cors-configuration $CORS
|
||||||
|
aws --endpoint http://s3.garage.localhost s3api put-bucket-cors --bucket peertube-videos --cors-configuration $CORS
|
||||||
|
```
|
||||||
|
|
||||||
|
These buckets are now accessible on the web port (by default 3902) with the following URL: `http://<bucket><root_domain>:<web_port>` where the root domain is defined in your configuration file (by default `.web.garage`). So we have currently the following URLs:
|
||||||
|
* http://peertube-playlists.web.garage:3902
|
||||||
|
* http://peertube-videos.web.garage:3902
|
||||||
|
|
||||||
|
Make sure you (will) have a corresponding DNS entry for them.
|
||||||
|
|
||||||
|
|
||||||
|
### Configure Peertube
|
||||||
|
|
||||||
|
You must edit the file named `config/production.yaml`, we are only modifying the root key named `object_storage`:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
object_storage:
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
# Put localhost only if you have a garage instance running on that node
|
||||||
|
endpoint: 'http://localhost:3900' # or "garage.example.com" if you have TLS on port 443
|
||||||
|
|
||||||
|
# Garage supports only one region for now, named garage
|
||||||
|
region: 'garage'
|
||||||
|
|
||||||
|
credentials:
|
||||||
|
access_key_id: 'GKxxxx'
|
||||||
|
secret_access_key: 'xxxx'
|
||||||
|
|
||||||
|
max_upload_part: 2GB
|
||||||
|
|
||||||
|
streaming_playlists:
|
||||||
|
bucket_name: 'peertube-playlist'
|
||||||
|
|
||||||
|
# Keep it empty for our example
|
||||||
|
prefix: ''
|
||||||
|
|
||||||
|
# You must fill this field to make Peertube use our reverse proxy/website logic
|
||||||
|
base_url: 'http://peertube-playlists.web.garage.localhost' # Example: 'https://mirror.example.com'
|
||||||
|
|
||||||
|
# Same settings but for webtorrent videos
|
||||||
|
videos:
|
||||||
|
bucket_name: 'peertube-video'
|
||||||
|
prefix: ''
|
||||||
|
# You must fill this field to make Peertube use our reverse proxy/website logic
|
||||||
|
base_url: 'http://peertube-videos.web.garage.localhost'
|
||||||
|
```
|
||||||
|
|
||||||
|
### That's all
|
||||||
|
|
||||||
|
Everything must be configured now, simply restart Peertube and try to upload a video.
|
||||||
|
|
||||||
|
Peertube will start by serving the video from its own domain while it is encoding.
|
||||||
|
Once the encoding is done, the video is uploaded to Garage.
|
||||||
|
You can now reload the page and see in your browser console that data are fetched directly from your bucket.
|
||||||
|
|
||||||
|
*External link:* [Peertube Documentation > Remote Storage](https://docs.joinpeertube.org/admin-remote-storage)
|
||||||
|
|
||||||
|
## Mastodon
|
||||||
|
|
||||||
|
https://docs.joinmastodon.org/admin/config/#cdn
|
||||||
|
|
||||||
|
## Matrix
|
||||||
|
|
||||||
|
Matrix is a chat communication protocol. Its main stable server implementation, [Synapse](https://matrix-org.github.io/synapse/latest/), provides a module to store media on a S3 backend. Additionally, a server independent media store supporting S3 has been developped by the community, it has been made possible thanks to how the matrix API has been designed and will work with implementations like Conduit, Dendrite, etc.
|
||||||
|
|
||||||
|
### synapse-s3-storage-provider (synapse only)
|
||||||
|
|
||||||
|
Supposing you have a working synapse installation, you can add the module with pip:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
pip3 install --user git+https://github.com/matrix-org/synapse-s3-storage-provider.git
|
||||||
|
```
|
||||||
|
|
||||||
|
Now create a bucket and a key for your matrix instance (note your Key ID and Secret Key somewhere, they will be needed later):
|
||||||
|
|
||||||
|
```bash
|
||||||
|
garage key new --name matrix-key
|
||||||
|
garage bucket create matrix
|
||||||
|
garage bucket allow matrix --read --write --key matrix-key
|
||||||
|
```
|
||||||
|
|
||||||
|
Then you must edit your server configuration (eg. `/etc/matrix-synapse/homeserver.yaml`) and add the `media_storage_providers` root key:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
media_storage_providers:
|
||||||
|
- module: s3_storage_provider.S3StorageProviderBackend
|
||||||
|
store_local: True # do we want to store on S3 media created by our users?
|
||||||
|
store_remote: True # do we want to store on S3 media created
|
||||||
|
# by users of others servers federated to ours?
|
||||||
|
store_synchronous: True # do we want to wait that the file has been written before returning?
|
||||||
|
config:
|
||||||
|
bucket: matrix # the name of our bucket, we chose matrix earlier
|
||||||
|
region_name: garage # only "garage" is supported for the region field
|
||||||
|
endpoint_url: http://localhost:3900 # the path to the S3 endpoint
|
||||||
|
access_key_id: "GKxxx" # your Key ID
|
||||||
|
secret_access_key: "xxxx" # your Secret Key
|
||||||
|
```
|
||||||
|
|
||||||
|
Note that uploaded media will also be stored locally and this behavior can not be deactivated, it is even required for
|
||||||
|
some operations like resizing images.
|
||||||
|
In fact, your local filesysem is considered as a cache but without any automated way to garbage collect it.
|
||||||
|
|
||||||
|
We can build our garbage collector with `s3_media_upload`, a tool provided with the module.
|
||||||
|
If you installed the module with the command provided before, you should be able to bring it in your path:
|
||||||
|
|
||||||
|
```
|
||||||
|
PATH=$HOME/.local/bin/:$PATH
|
||||||
|
command -v s3_media_upload
|
||||||
|
```
|
||||||
|
|
||||||
|
Now we can write a simple script (eg `~/.local/bin/matrix-cache-gc`):
|
||||||
|
|
||||||
|
```bash
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
## CONFIGURATION ##
|
||||||
|
AWS_ACCESS_KEY_ID=GKxxx
|
||||||
|
AWS_SECRET_ACCESS_KEY=xxxx
|
||||||
|
S3_ENDPOINT=http://localhost:3900
|
||||||
|
S3_BUCKET=matrix
|
||||||
|
MEDIA_STORE=/var/lib/matrix-synapse/media
|
||||||
|
PG_USER=matrix
|
||||||
|
PG_PASS=xxxx
|
||||||
|
PG_DB=synapse
|
||||||
|
PG_HOST=localhost
|
||||||
|
PG_PORT=5432
|
||||||
|
|
||||||
|
## CODE ##
|
||||||
|
PATH=$HOME/.local/bin/:$PATH
|
||||||
|
cat > database.yaml <<EOF
|
||||||
|
user: $PG_USER
|
||||||
|
password: $PG_PASS
|
||||||
|
database: $PG_DB
|
||||||
|
host: $PG_HOST
|
||||||
|
port: $PG_PORT
|
||||||
|
EOF
|
||||||
|
|
||||||
|
s3_media_upload update-db 1d
|
||||||
|
s3_media_upload --no-progress check-deleted $MEDIA_STORE
|
||||||
|
s3_media_upload --no-progress upload $MEDIA_STORE $S3_BUCKET --delete --endpoint-url $S3_ENDPOINT
|
||||||
|
```
|
||||||
|
|
||||||
|
This script will list all the medias that were not accessed in the 24 hours according to your database.
|
||||||
|
It will check if, in this list, the file still exists in the local media store.
|
||||||
|
For files that are still in the cache, it will upload them to S3 if they are not already present (in case of a crash or an initial synchronisation).
|
||||||
|
Finally, the script will delete these files from the cache.
|
||||||
|
|
||||||
|
Make this script executable and check that it works:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
chmod +x $HOME/.local/bin/matrix-cache-gc
|
||||||
|
matrix-cache-gc
|
||||||
|
```
|
||||||
|
|
||||||
|
Add it to your crontab. Open the editor with:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
crontab -e
|
||||||
|
```
|
||||||
|
|
||||||
|
And add a new line. For example, to run it every 10 minutes:
|
||||||
|
|
||||||
|
```cron
|
||||||
|
*/10 * * * * $HOME/.local/bin/matrix-cache-gc
|
||||||
|
```
|
||||||
|
|
||||||
|
*External link:* [Github > matrix-org/synapse-s3-storage-provider](https://github.com/matrix-org/synapse-s3-storage-provider)
|
||||||
|
|
||||||
|
### matrix-media-repo (server independent)
|
||||||
|
|
||||||
|
*External link:* [matrix-media-repo Documentation > S3](https://docs.t2bot.io/matrix-media-repo/configuration/s3-datastore.html)
|
||||||
|
|
||||||
|
## Pixelfed
|
||||||
|
|
||||||
|
[Pixelfed Technical Documentation > Configuration](https://docs.pixelfed.org/technical-documentation/env.html#filesystem)
|
||||||
|
|
||||||
|
## Pleroma
|
||||||
|
|
||||||
|
[Pleroma Documentation > Pleroma.Uploaders.S3](https://docs-develop.pleroma.social/backend/configuration/cheatsheet/#pleromauploaderss3)
|
||||||
|
|
||||||
|
## Lemmy
|
||||||
|
|
||||||
|
Lemmy uses pict-rs that [supports S3 backends](https://git.asonix.dog/asonix/pict-rs/commit/f9f4fc63d670f357c93f24147c2ee3e1278e2d97)
|
||||||
|
|
||||||
|
## Funkwhale
|
||||||
|
|
||||||
|
[Funkwhale Documentation > S3 Storage](https://docs.funkwhale.audio/admin/configuration.html#s3-storage)
|
||||||
|
|
||||||
|
## Misskey
|
||||||
|
|
||||||
|
[Misskey Github > commit 9d94424](https://github.com/misskey-dev/misskey/commit/9d944243a3a59e8880a360cbfe30fd5a3ec8d52d)
|
||||||
|
|
||||||
|
## Prismo
|
||||||
|
|
||||||
|
[Prismo Gitlab > .env.production.sample](https://gitlab.com/prismosuite/prismo/-/blob/dev/.env.production.sample#L26-33)
|
||||||
|
|
||||||
|
## Owncloud Infinite Scale (ocis)
|
||||||
|
|
||||||
|
OCIS could be compatible with S3:
|
||||||
|
- [Deploying OCIS with S3](https://owncloud.dev/ocis/deployment/ocis_s3/)
|
||||||
|
- [OCIS 1.7 release note](https://central.owncloud.org/t/owncloud-infinite-scale-tech-preview-1-7-enables-s3-storage/32514/3)
|
||||||
|
|
||||||
|
## Unsupported
|
||||||
|
|
||||||
|
- Mobilizon: No S3 integration
|
||||||
|
- WriteFreely: No S3 integration
|
||||||
|
- Plume: No S3 integration
|
73
doc/book/connect/backup.md
Normal file
|
@ -0,0 +1,73 @@
|
||||||
|
+++
|
||||||
|
title = "Backups (restic, duplicity...)"
|
||||||
|
weight = 25
|
||||||
|
+++
|
||||||
|
|
||||||
|
|
||||||
|
Backups are essential for disaster recovery but they are not trivial to manage.
|
||||||
|
Using Garage as your backup target will enable you to scale your storage as needed while ensuring high availability.
|
||||||
|
|
||||||
|
## Borg Backup
|
||||||
|
|
||||||
|
Borg Backup is very popular among the backup tools but it is not yet compatible with the S3 API.
|
||||||
|
We recommend using any other tool listed in this guide because they are all compatible with the S3 API.
|
||||||
|
If you still want to use Borg, you can use it with `rclone mount`.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## Restic
|
||||||
|
|
||||||
|
*External links:* [Restic Documentation > Amazon S3](https://restic.readthedocs.io/en/stable/030_preparing_a_new_repo.html#amazon-s3)
|
||||||
|
|
||||||
|
## Duplicity
|
||||||
|
|
||||||
|
*External links:* [Duplicity > man](https://duplicity.gitlab.io/duplicity-web/vers8/duplicity.1.html) (scroll to "URL Format" and "A note on Amazon S3")
|
||||||
|
|
||||||
|
## Duplicati
|
||||||
|
|
||||||
|
*External links:* [Duplicati Documentation > Storage Providers](https://duplicati.readthedocs.io/en/latest/05-storage-providers/#s3-compatible)
|
||||||
|
|
||||||
|
The following fields need to be specified:
|
||||||
|
```
|
||||||
|
Storage Type: S3 Compatible
|
||||||
|
Use SSL: [ ] # Only if you have SSL
|
||||||
|
Server: Custom server url (s3.garage.localhost:3900)
|
||||||
|
Bucket name: bucket-name
|
||||||
|
Bucket create region: Custom region value (garage) # Or as you've specified in garage.toml
|
||||||
|
AWS Access ID: Key ID from "garage key info key-name"
|
||||||
|
AWS Access Key: Secret key from "garage key info key-name"
|
||||||
|
Client Library to use: Minio SDK
|
||||||
|
```
|
||||||
|
|
||||||
|
Click `Test connection` and then no when asked `The bucket name should start with your username, prepend automatically?`. Then it should say `Connection worked!`.
|
||||||
|
|
||||||
|
|
||||||
|
## knoxite
|
||||||
|
|
||||||
|
*External links:* [Knoxite Documentation > Storage Backends](https://knoxite.com/docs/storage-backends/#amazon-s3)
|
||||||
|
|
||||||
|
## kopia
|
||||||
|
|
||||||
|
*External links:* [Kopia Documentation > Repositories](https://kopia.io/docs/repositories/#amazon-s3)
|
||||||
|
|
||||||
|
To create the Kopia repository, you need to specify the region, the HTTP(S) endpoint, the bucket name and the access keys.
|
||||||
|
For instance, if you have an instance of garage running on `https://garage.example.com`:
|
||||||
|
|
||||||
|
```
|
||||||
|
kopia repository create s3 --region=garage --bucket=mybackups --access-key=KEY_ID --secret-access-key=SECRET_KEY --endpoint=garage.example.com
|
||||||
|
```
|
||||||
|
|
||||||
|
Or if you have an instance running on localhost, without TLS:
|
||||||
|
|
||||||
|
```
|
||||||
|
kopia repository create s3 --region=garage --bucket=mybackups --access-key=KEY_ID --secret-access-key=SECRET_KEY --endpoint=localhost:3900 --disable-tls
|
||||||
|
```
|
||||||
|
|
||||||
|
After the repository has been created, check that everything works as expected:
|
||||||
|
|
||||||
|
```
|
||||||
|
kopia repository validate-provider
|
||||||
|
```
|
||||||
|
|
||||||
|
You can then run all the standard kopia commands: `kopia snapshot create`, `kopia mount`...
|
||||||
|
Everything should work out-of-the-box.
|
340
doc/book/connect/cli.md
Normal file
|
@ -0,0 +1,340 @@
|
||||||
|
+++
|
||||||
|
title = "Browsing tools"
|
||||||
|
weight = 20
|
||||||
|
+++
|
||||||
|
|
||||||
|
Browsing tools allow you to query the S3 API without too many abstractions.
|
||||||
|
These tools are particularly suitable for debug, backups, website deployments or any scripted task that need to handle data.
|
||||||
|
|
||||||
|
| Name | Status | Note |
|
||||||
|
|------|--------|------|
|
||||||
|
| [Minio client](#minio-client) | ✅ | Recommended |
|
||||||
|
| [AWS CLI](#aws-cli) | ✅ | Recommended |
|
||||||
|
| [rclone](#rclone) | ✅ | |
|
||||||
|
| [s3cmd](#s3cmd) | ✅ | |
|
||||||
|
| [(Cyber)duck](#cyberduck) | ✅ | |
|
||||||
|
| [WinSCP (libs3)](#winscp) | ✅ | CLI instructions only |
|
||||||
|
| [sftpgo](#sftpgo) | ✅ | |
|
||||||
|
|
||||||
|
|
||||||
|
## Minio client
|
||||||
|
|
||||||
|
Use the following command to set an "alias", i.e. define a new S3 server to be
|
||||||
|
used by the Minio client:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
mc alias set \
|
||||||
|
garage \
|
||||||
|
<endpoint> \
|
||||||
|
<access key> \
|
||||||
|
<secret key> \
|
||||||
|
--api S3v4
|
||||||
|
```
|
||||||
|
|
||||||
|
Remember that `mc` is sometimes called `mcli` (such as on Arch Linux), to avoid conflicts
|
||||||
|
with Midnight Commander.
|
||||||
|
|
||||||
|
Some commands:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# list buckets
|
||||||
|
mc ls garage/
|
||||||
|
|
||||||
|
# list objets in a bucket
|
||||||
|
mc ls garage/my_files
|
||||||
|
|
||||||
|
# copy from your filesystem to garage
|
||||||
|
mc cp /proc/cpuinfo garage/my_files/cpuinfo.txt
|
||||||
|
|
||||||
|
# copy from garage to your filesystem
|
||||||
|
mc cp garage/my_files/cpuinfo.txt /tmp/cpuinfo.txt
|
||||||
|
|
||||||
|
# mirror a folder from your filesystem to garage
|
||||||
|
mc mirror --overwrite ./book garage/garagehq.deuxfleurs.fr
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
## AWS CLI
|
||||||
|
|
||||||
|
Create a file named `~/.aws/credentials` and put:
|
||||||
|
|
||||||
|
```toml
|
||||||
|
[default]
|
||||||
|
aws_access_key_id=xxxx
|
||||||
|
aws_secret_access_key=xxxx
|
||||||
|
```
|
||||||
|
|
||||||
|
Then a file named `~/.aws/config` and put:
|
||||||
|
|
||||||
|
```toml
|
||||||
|
[default]
|
||||||
|
region=garage
|
||||||
|
```
|
||||||
|
|
||||||
|
Now, supposing Garage is listening on `http://127.0.0.1:3900`, you can list your buckets with:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
aws --endpoint-url http://127.0.0.1:3900 s3 ls
|
||||||
|
```
|
||||||
|
|
||||||
|
Passing the `--endpoint-url` parameter to each command is annoying but AWS developers do not provide a corresponding configuration entry.
|
||||||
|
As a workaround, you can redefine the aws command by editing the file `~/.bashrc`:
|
||||||
|
|
||||||
|
```
|
||||||
|
function aws { command aws --endpoint-url http://127.0.0.1:3900 $@ ; }
|
||||||
|
```
|
||||||
|
|
||||||
|
*Do not forget to run `source ~/.bashrc` or to start a new terminal before running the next commands.*
|
||||||
|
|
||||||
|
Now you can simply run:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# list buckets
|
||||||
|
aws s3 ls
|
||||||
|
|
||||||
|
# list objects of a bucket
|
||||||
|
aws s3 ls s3://my_files
|
||||||
|
|
||||||
|
# copy from your filesystem to garage
|
||||||
|
aws s3 cp /proc/cpuinfo s3://my_files/cpuinfo.txt
|
||||||
|
|
||||||
|
# copy from garage to your filesystem
|
||||||
|
aws s3 cp s3/my_files/cpuinfo.txt /tmp/cpuinfo.txt
|
||||||
|
```
|
||||||
|
|
||||||
|
## `rclone`
|
||||||
|
|
||||||
|
`rclone` can be configured using the interactive assistant invoked using `rclone config`.
|
||||||
|
|
||||||
|
You can also configure `rclone` by writing directly its configuration file.
|
||||||
|
Here is a template `rclone.ini` configuration file (mine is located at `~/.config/rclone/rclone.conf`):
|
||||||
|
|
||||||
|
```ini
|
||||||
|
[garage]
|
||||||
|
type = s3
|
||||||
|
provider = Other
|
||||||
|
env_auth = false
|
||||||
|
access_key_id = <access key>
|
||||||
|
secret_access_key = <secret key>
|
||||||
|
region = <region>
|
||||||
|
endpoint = <endpoint>
|
||||||
|
force_path_style = true
|
||||||
|
acl = private
|
||||||
|
bucket_acl = private
|
||||||
|
```
|
||||||
|
|
||||||
|
Now you can run:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# list buckets
|
||||||
|
rclone lsd garage:
|
||||||
|
|
||||||
|
# list objects of a bucket aggregated in directories
|
||||||
|
rclone lsd garage:my-bucket
|
||||||
|
|
||||||
|
# copy from your filesystem to garage
|
||||||
|
echo hello world > /tmp/hello.txt
|
||||||
|
rclone copy /tmp/hello.txt garage:my-bucket/
|
||||||
|
|
||||||
|
# copy from garage to your filesystem
|
||||||
|
rclone copy garage:quentin.divers/hello.txt .
|
||||||
|
|
||||||
|
# see all available subcommands
|
||||||
|
rclone help
|
||||||
|
```
|
||||||
|
|
||||||
|
**Advice with rclone:** use the `--fast-list` option when accessing buckets with large amounts of objects.
|
||||||
|
This will tremendously accelerate operations such as `rclone sync` or `rclone ncdu` by reducing the number
|
||||||
|
of ListObjects calls that are made.
|
||||||
|
|
||||||
|
|
||||||
|
## `s3cmd`
|
||||||
|
|
||||||
|
Here is a template for the `s3cmd.cfg` file to talk with Garage:
|
||||||
|
|
||||||
|
```ini
|
||||||
|
[default]
|
||||||
|
access_key = <access key>
|
||||||
|
secret_key = <secret key>
|
||||||
|
host_base = <endpoint without http(s)://>
|
||||||
|
host_bucket = <same as host_base>
|
||||||
|
use_https = <False or True>
|
||||||
|
```
|
||||||
|
|
||||||
|
And use it as follow:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# List buckets
|
||||||
|
s3cmd ls
|
||||||
|
|
||||||
|
# s3cmd objects inside a bucket
|
||||||
|
s3cmd ls s3://my-bucket
|
||||||
|
|
||||||
|
# copy from your filesystem to garage
|
||||||
|
echo hello world > /tmp/hello.txt
|
||||||
|
s3cmd put /tmp/hello.txt s3://my-bucket/
|
||||||
|
|
||||||
|
# copy from garage to your filesystem
|
||||||
|
s3cmd get s3://my-bucket/hello.txt hello.txt
|
||||||
|
```
|
||||||
|
|
||||||
|
## Cyberduck & duck {#cyberduck}
|
||||||
|
|
||||||
|
Both Cyberduck (the GUI) and duck (the CLI) have a concept of "Connection Profiles" that contain some presets for a specific provider.
|
||||||
|
We wrote the following connection profile for Garage:
|
||||||
|
|
||||||
|
```xml
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||||
|
<plist version="1.0">
|
||||||
|
<dict>
|
||||||
|
<key>Protocol</key>
|
||||||
|
<string>s3</string>
|
||||||
|
<key>Vendor</key>
|
||||||
|
<string>garage</string>
|
||||||
|
<key>Scheme</key>
|
||||||
|
<string>https</string>
|
||||||
|
<key>Description</key>
|
||||||
|
<string>GarageS3</string>
|
||||||
|
<key>Default Hostname</key>
|
||||||
|
<string>127.0.0.1</string>
|
||||||
|
<key>Default Port</key>
|
||||||
|
<string>4443</string>
|
||||||
|
<key>Hostname Configurable</key>
|
||||||
|
<false/>
|
||||||
|
<key>Port Configurable</key>
|
||||||
|
<false/>
|
||||||
|
<key>Username Configurable</key>
|
||||||
|
<true/>
|
||||||
|
<key>Username Placeholder</key>
|
||||||
|
<string>Access Key ID (GK...)</string>
|
||||||
|
<key>Password Placeholder</key>
|
||||||
|
<string>Secret Key</string>
|
||||||
|
<key>Properties</key>
|
||||||
|
<array>
|
||||||
|
<string>s3service.disable-dns-buckets=true</string>
|
||||||
|
</array>
|
||||||
|
<key>Region</key>
|
||||||
|
<string>garage</string>
|
||||||
|
<key>Regions</key>
|
||||||
|
<array>
|
||||||
|
<string>garage</string>
|
||||||
|
</array>
|
||||||
|
</dict>
|
||||||
|
</plist>
|
||||||
|
```
|
||||||
|
|
||||||
|
*Note: If your garage instance is configured with vhost access style, you can remove `s3service.disable-dns-buckets=true`.*
|
||||||
|
|
||||||
|
### Instructions for the GUI
|
||||||
|
|
||||||
|
Copy the connection profile, and save it anywhere as `garage.cyberduckprofile`.
|
||||||
|
Then find this file with your file explorer and double click on it: Cyberduck will open a connection wizard for this profile.
|
||||||
|
Simply follow the wizard and you should be done!
|
||||||
|
|
||||||
|
### Instuctions for the CLI
|
||||||
|
|
||||||
|
To configure duck (Cyberduck's CLI tool), start by creating its folder hierarchy:
|
||||||
|
|
||||||
|
```
|
||||||
|
mkdir -p ~/.duck/profiles/
|
||||||
|
```
|
||||||
|
|
||||||
|
Then, save the connection profile for Garage in `~/.duck/profiles/garage.cyberduckprofile`.
|
||||||
|
To set your credentials in `~/.duck/credentials`, use the following commands to generate the appropriate string:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
export AWS_ACCESS_KEY_ID="GK..."
|
||||||
|
export AWS_SECRET_ACCESS_KEY="..."
|
||||||
|
export HOST="s3.garage.localhost"
|
||||||
|
export PORT="4443"
|
||||||
|
export PROTOCOL="https"
|
||||||
|
|
||||||
|
cat > ~/.duck/credentials <<EOF
|
||||||
|
$PROTOCOL\://$AWS_ACCESS_KEY_ID@$HOST\:$PORT=$AWS_SECRET_ACCESS_KEY
|
||||||
|
EOF
|
||||||
|
```
|
||||||
|
|
||||||
|
And finally, I recommend appending a small wrapper to your `~/.bashrc` to avoid setting the username on each command (do not forget to replace `GK...` by your access key):
|
||||||
|
|
||||||
|
```bash
|
||||||
|
function duck { command duck --username GK... $@ ; }
|
||||||
|
```
|
||||||
|
|
||||||
|
Finally, you can then use `duck` as follow:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# List buckets
|
||||||
|
duck --list garage:/
|
||||||
|
|
||||||
|
# List objects in a bucket
|
||||||
|
duck --list garage:/my-files/
|
||||||
|
|
||||||
|
# Download an object
|
||||||
|
duck --download garage:/my-files/an-object.txt /tmp/object.txt
|
||||||
|
|
||||||
|
# Upload an object
|
||||||
|
duck --upload /tmp/object.txt garage:/my-files/another-object.txt
|
||||||
|
|
||||||
|
# Delete an object
|
||||||
|
duck --delete garage:/my-files/an-object.txt
|
||||||
|
```
|
||||||
|
|
||||||
|
## WinSCP (libs3) {#winscp}
|
||||||
|
|
||||||
|
*You can find instructions on how to use the GUI in french [in our wiki](https://wiki.deuxfleurs.fr/fr/Guide/Garage/WinSCP).*
|
||||||
|
|
||||||
|
How to use `winscp.com`, the CLI interface of WinSCP:
|
||||||
|
|
||||||
|
```
|
||||||
|
open s3://GKxxxxx:yyyyyyy@127.0.0.1:4443 -certificate=* -rawsettings S3DefaultRegion=garage S3UrlStyle=1
|
||||||
|
ls
|
||||||
|
ls my-files/
|
||||||
|
get my-files/an-object.txt Z:\tmp\object.txt
|
||||||
|
put Z:\tmp\object.txt my-files/another-object.txt
|
||||||
|
rm my-files/an-object
|
||||||
|
exit
|
||||||
|
```
|
||||||
|
|
||||||
|
Notes:
|
||||||
|
- It seems WinSCP supports only TLS connections for S3
|
||||||
|
- `-certificate=*` allows self-signed certificates, remove it if you have valid certificates
|
||||||
|
|
||||||
|
|
||||||
|
## sftpgo {#sftpgo}
|
||||||
|
|
||||||
|
sftpgo needs a database to work, by default it uses sqlite and does not require additional configuration.
|
||||||
|
You can then directly init it:
|
||||||
|
|
||||||
|
```
|
||||||
|
sftpgo initprovider
|
||||||
|
```
|
||||||
|
|
||||||
|
Then you can directly launch the daemon that will listen by default on `:8080 (http)` and `:2022 (ssh)`:
|
||||||
|
|
||||||
|
```
|
||||||
|
sftpgo serve
|
||||||
|
```
|
||||||
|
|
||||||
|
Go to the admin web interface (http://[::1]:8080/web/admin/), create the required admin account, then create a user account.
|
||||||
|
Choose a username (eg: `ada`) and a password.
|
||||||
|
|
||||||
|
In the filesystem section, choose:
|
||||||
|
- Storage: AWS S3 (Compatible)
|
||||||
|
- Bucket: *your bucket name*
|
||||||
|
- Region: `garage` (or the one you defined in `config.toml`)
|
||||||
|
- Access key: *your access key*
|
||||||
|
- Access secret: *your secret key*
|
||||||
|
- Endpoint: *your endpoint*, eg. `https://garage.example.tld`, note that the protocol (`https` here) must be specified. Non standard ports and `http` have not been tested yet.
|
||||||
|
- Keep the default values for other fields
|
||||||
|
- Tick "Use path-style addressing". It should work without ticking it if you have correctly configured your instance to use URL vhost-style.
|
||||||
|
|
||||||
|
Now you can access your bucket through SFTP:
|
||||||
|
|
||||||
|
```
|
||||||
|
sftp -P2022 ada@[::1]
|
||||||
|
ls
|
||||||
|
```
|
||||||
|
|
||||||
|
And through the web interface at http://[::1]:8080/web/client
|
||||||
|
|
82
doc/book/connect/code.md
Normal file
|
@ -0,0 +1,82 @@
|
||||||
|
+++
|
||||||
|
title = "Your code (PHP, JS, Go...)"
|
||||||
|
weight = 30
|
||||||
|
+++
|
||||||
|
|
||||||
|
If you are developping a new application, you may want to use Garage to store your user's media.
|
||||||
|
|
||||||
|
The S3 API that Garage uses is a standard REST API, so as long as you can make HTTP requests,
|
||||||
|
you can query it. You can check the [S3 REST API Reference](https://docs.aws.amazon.com/AmazonS3/latest/API/API_Operations_Amazon_Simple_Storage_Service.html) from Amazon to learn more.
|
||||||
|
|
||||||
|
Developping your own wrapper around the REST API is time consuming and complicated.
|
||||||
|
Instead, there are some libraries already avalaible.
|
||||||
|
|
||||||
|
Some of them are maintained by Amazon, some by Minio, others by the community.
|
||||||
|
|
||||||
|
## PHP
|
||||||
|
|
||||||
|
- Amazon aws-sdk-php
|
||||||
|
- [Installation](https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/getting-started_installation.html)
|
||||||
|
- [Reference](https://docs.aws.amazon.com/aws-sdk-php/v3/api/api-s3-2006-03-01.html)
|
||||||
|
- [Example](https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/s3-examples-creating-buckets.html)
|
||||||
|
|
||||||
|
## Javascript
|
||||||
|
|
||||||
|
- Minio SDK
|
||||||
|
- [Reference](https://docs.min.io/docs/javascript-client-api-reference.html)
|
||||||
|
|
||||||
|
- Amazon aws-sdk-js
|
||||||
|
- [Installation](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/getting-started.html)
|
||||||
|
- [Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html)
|
||||||
|
- [Example](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/s3-example-creating-buckets.html)
|
||||||
|
|
||||||
|
## Golang
|
||||||
|
|
||||||
|
- Minio minio-go-sdk
|
||||||
|
- [Reference](https://docs.min.io/docs/golang-client-api-reference.html)
|
||||||
|
|
||||||
|
- Amazon aws-sdk-go-v2
|
||||||
|
- [Installation](https://aws.github.io/aws-sdk-go-v2/docs/getting-started/)
|
||||||
|
- [Reference](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/s3)
|
||||||
|
- [Example](https://aws.github.io/aws-sdk-go-v2/docs/code-examples/s3/putobject/)
|
||||||
|
|
||||||
|
## Python
|
||||||
|
|
||||||
|
- Minio SDK
|
||||||
|
- [Reference](https://docs.min.io/docs/python-client-api-reference.html)
|
||||||
|
|
||||||
|
- Amazon boto3
|
||||||
|
- [Installation](https://boto3.amazonaws.com/v1/documentation/api/latest/guide/quickstart.html)
|
||||||
|
- [Reference](https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/s3.html)
|
||||||
|
- [Example](https://boto3.amazonaws.com/v1/documentation/api/latest/guide/s3-uploading-files.html)
|
||||||
|
|
||||||
|
## Java
|
||||||
|
|
||||||
|
- Minio SDK
|
||||||
|
- [Reference](https://docs.min.io/docs/java-client-api-reference.html)
|
||||||
|
|
||||||
|
- Amazon aws-sdk-java
|
||||||
|
- [Installation](https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html)
|
||||||
|
- [Reference](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/s3/S3Client.html)
|
||||||
|
- [Example](https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/examples-s3-objects.html)
|
||||||
|
|
||||||
|
## Rust
|
||||||
|
|
||||||
|
- Amazon aws-rust-sdk
|
||||||
|
- [Github](https://github.com/awslabs/aws-sdk-rust)
|
||||||
|
|
||||||
|
## .NET
|
||||||
|
|
||||||
|
- Minio SDK
|
||||||
|
- [Reference](https://docs.min.io/docs/dotnet-client-api-reference.html)
|
||||||
|
|
||||||
|
- Amazon aws-dotnet-sdk
|
||||||
|
|
||||||
|
## C++
|
||||||
|
|
||||||
|
- Amazon aws-cpp-sdk
|
||||||
|
|
||||||
|
## Haskell
|
||||||
|
|
||||||
|
- Minio SDK
|
||||||
|
- [Reference](https://docs.min.io/docs/haskell-client-api-reference.html)
|
71
doc/book/connect/fs.md
Normal file
|
@ -0,0 +1,71 @@
|
||||||
|
+++
|
||||||
|
title = "FUSE (s3fs, goofys, s3backer...)"
|
||||||
|
weight = 25
|
||||||
|
+++
|
||||||
|
|
||||||
|
**WARNING! Garage is not POSIX compatible.
|
||||||
|
Mounting S3 buckets as filesystems will not provide POSIX compatibility.
|
||||||
|
If you are not careful, you will lose or corrupt your data.**
|
||||||
|
|
||||||
|
Do not use these FUSE filesystems to store any database files (eg. MySQL, Postgresql, Mongo or sqlite),
|
||||||
|
any daemon cache (dovecot, openldap, gitea, etc.),
|
||||||
|
and more generally any software that use locking, advanced filesystems features or make any synchronisation assumption.
|
||||||
|
Ideally, avoid these solutions at all for any serious or production use.
|
||||||
|
|
||||||
|
## rclone mount
|
||||||
|
|
||||||
|
rclone uses the same configuration when used [in CLI](@/documentation/connect/cli.md) and mount mode.
|
||||||
|
We suppose you have the following entry in your `rclone.ini` (mine is located in `~/.config/rclone/rclone.conf`):
|
||||||
|
|
||||||
|
```toml
|
||||||
|
[garage]
|
||||||
|
type = s3
|
||||||
|
provider = Other
|
||||||
|
env_auth = false
|
||||||
|
access_key_id = <access key>
|
||||||
|
secret_access_key = <secret key>
|
||||||
|
region = <region>
|
||||||
|
endpoint = <endpoint>
|
||||||
|
force_path_style = true
|
||||||
|
acl = private
|
||||||
|
bucket_acl = private
|
||||||
|
```
|
||||||
|
|
||||||
|
Then you can mount and access any bucket as follow:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# mount the bucket
|
||||||
|
mkdir /tmp/my-bucket
|
||||||
|
rclone mount --daemon garage:my-bucket /tmp/my-bucket
|
||||||
|
|
||||||
|
# set your working directory to the bucket
|
||||||
|
cd /tmp/my-bucket
|
||||||
|
|
||||||
|
# create a file
|
||||||
|
echo hello world > hello.txt
|
||||||
|
|
||||||
|
# access the file
|
||||||
|
cat hello.txt
|
||||||
|
|
||||||
|
# unmount the bucket
|
||||||
|
cd
|
||||||
|
fusermount -u /tmp/my-bucket
|
||||||
|
```
|
||||||
|
|
||||||
|
*External link:* [rclone documentation > rclone mount](https://rclone.org/commands/rclone_mount/)
|
||||||
|
|
||||||
|
## s3fs
|
||||||
|
|
||||||
|
*External link:* [s3fs github > README.md](https://github.com/s3fs-fuse/s3fs-fuse#user-content-examples)
|
||||||
|
|
||||||
|
## goofys
|
||||||
|
|
||||||
|
*External link:* [goofys github > README.md](https://github.com/kahing/goofys#user-content-usage)
|
||||||
|
|
||||||
|
## s3backer
|
||||||
|
|
||||||
|
*External link:* [s3backer github > manpage](https://github.com/archiecobbs/s3backer/wiki/ManPage)
|
||||||
|
|
||||||
|
## csi-s3
|
||||||
|
|
||||||
|
*External link:* [csi-s3 Github > README.md](https://github.com/ctrox/csi-s3)
|
211
doc/book/connect/repositories.md
Normal file
|
@ -0,0 +1,211 @@
|
||||||
|
+++
|
||||||
|
title = "Repositories (Docker, Nix, Git...)"
|
||||||
|
weight = 15
|
||||||
|
+++
|
||||||
|
|
||||||
|
Whether you need to store and serve binary packages or source code, you may want to deploy a tool referred as a repository or registry.
|
||||||
|
Garage can also help you serve this content.
|
||||||
|
|
||||||
|
| Name | Status | Note |
|
||||||
|
|------|--------|------|
|
||||||
|
| [Gitea](#gitea) | ✅ | |
|
||||||
|
| [Docker](#docker) | ✅ | Requires garage >= v0.6.0 |
|
||||||
|
| [Nix](#nix) | ✅ | |
|
||||||
|
| [Gitlab](#gitlab) | ❓ | Not yet tested |
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## Gitea
|
||||||
|
|
||||||
|
You can use Garage with Gitea to store your [git LFS](https://git-lfs.github.com/) data, your users' avatar, and their attachements.
|
||||||
|
You can configure a different target for each data type (check `[lfs]` and `[attachment]` sections of the Gitea documentation) and you can provide a default one through the `[storage]` section.
|
||||||
|
|
||||||
|
Let's start by creating a key and a bucket (your key id and secret will be needed later, keep them somewhere):
|
||||||
|
|
||||||
|
```bash
|
||||||
|
garage key new --name gitea-key
|
||||||
|
garage bucket create gitea
|
||||||
|
garage bucket allow gitea --read --write --key gitea-key
|
||||||
|
```
|
||||||
|
|
||||||
|
Then you can edit your configuration (by default `/etc/gitea/conf/app.ini`):
|
||||||
|
|
||||||
|
```ini
|
||||||
|
[storage]
|
||||||
|
STORAGE_TYPE=minio
|
||||||
|
MINIO_ENDPOINT=localhost:3900
|
||||||
|
MINIO_ACCESS_KEY_ID=GKxxx
|
||||||
|
MINIO_SECRET_ACCESS_KEY=xxxx
|
||||||
|
MINIO_BUCKET=gitea
|
||||||
|
MINIO_LOCATION=garage
|
||||||
|
MINIO_USE_SSL=false
|
||||||
|
```
|
||||||
|
|
||||||
|
You can also pass this configuration through environment variables:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
GITEA__storage__STORAGE_TYPE=minio
|
||||||
|
GITEA__storage__MINIO_ENDPOINT=localhost:3900
|
||||||
|
GITEA__storage__MINIO_ACCESS_KEY_ID=GKxxx
|
||||||
|
GITEA__storage__MINIO_SECRET_ACCESS_KEY=xxxx
|
||||||
|
GITEA__storage__MINIO_BUCKET=gitea
|
||||||
|
GITEA__storage__MINIO_LOCATION=garage
|
||||||
|
GITEA__storage__MINIO_USE_SSL=false
|
||||||
|
```
|
||||||
|
|
||||||
|
Then restart your gitea instance and try to upload a custom avatar.
|
||||||
|
If it worked, you should see some content in your gitea bucket (you must configure your `aws` command before):
|
||||||
|
|
||||||
|
```
|
||||||
|
$ aws s3 ls s3://gitea/avatars/
|
||||||
|
2021-11-10 12:35:47 190034 616ba79ae2b84f565c33d72c2ec50861
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
*External link:* [Gitea Documentation > Configuration Cheat Sheet](https://docs.gitea.io/en-us/config-cheat-sheet/)
|
||||||
|
|
||||||
|
## Docker
|
||||||
|
|
||||||
|
Create a bucket and a key for your docker registry, then create `config.yml` with the following content:
|
||||||
|
|
||||||
|
```yml
|
||||||
|
version: 0.1
|
||||||
|
http:
|
||||||
|
addr: 0.0.0.0:5000
|
||||||
|
secret: asecretforlocaldevelopment
|
||||||
|
debug:
|
||||||
|
addr: localhost:5001
|
||||||
|
storage:
|
||||||
|
s3:
|
||||||
|
accesskey: GKxxxx
|
||||||
|
secretkey: yyyyy
|
||||||
|
region: garage
|
||||||
|
regionendpoint: http://localhost:3900
|
||||||
|
bucket: docker
|
||||||
|
secure: false
|
||||||
|
v4auth: true
|
||||||
|
rootdirectory: /
|
||||||
|
```
|
||||||
|
|
||||||
|
Replace the `accesskey`, `secretkey`, `bucket`, `regionendpoint` and `secure` values by the one fitting your deployment.
|
||||||
|
|
||||||
|
Then simply run the docker registry:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
docker run \
|
||||||
|
--net=host \
|
||||||
|
-v `pwd`/config.yml:/etc/docker/registry/config.yml \
|
||||||
|
registry:2
|
||||||
|
```
|
||||||
|
|
||||||
|
*We started a plain text registry but docker clients require encrypted registries. You must either [setup TLS](https://docs.docker.com/registry/deploying/#run-an-externally-accessible-registry) on your registry or add `--insecure-registry=localhost:5000` to your docker daemon parameters.*
|
||||||
|
|
||||||
|
|
||||||
|
*External link:* [Docker Documentation > Registry storage drivers > S3 storage driver](https://docs.docker.com/registry/storage-drivers/s3/)
|
||||||
|
|
||||||
|
## Nix
|
||||||
|
|
||||||
|
Nix has no repository in its terminology: instead, it breaks down this concept in 2 parts: binary cache and channel.
|
||||||
|
|
||||||
|
**A channel** is a set of `.nix` definitions that generate definitions for all the software you want to serve.
|
||||||
|
|
||||||
|
Because we do not want all our clients to compile all these derivations by themselves,
|
||||||
|
we can compile them once and then serve them as part of our **binary cache**.
|
||||||
|
|
||||||
|
It is possible to use a **binary cache** without a channel, you only need to serve your nix definitions
|
||||||
|
through another support, like a git repository.
|
||||||
|
|
||||||
|
As a first step, we will need to create a bucket on Garage and enabling website access on it:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
garage key new --name nix-key
|
||||||
|
garage bucket create nix.example.com
|
||||||
|
garage bucket allow nix.example.com --read --write --key nix-key
|
||||||
|
garage bucket website nix.example.com --allow
|
||||||
|
```
|
||||||
|
|
||||||
|
If you need more information about exposing buckets as websites on Garage,
|
||||||
|
check [Exposing buckets as websites](@/documentation/cookbook/exposing-websites.md)
|
||||||
|
and [Configuring a reverse proxy](@/documentation/cookbook/reverse-proxy.md).
|
||||||
|
|
||||||
|
Next, we want to check that our bucket works:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
echo nix repo > /tmp/index.html
|
||||||
|
mc cp /tmp/index.html garage/nix/
|
||||||
|
rm /tmp/index.html
|
||||||
|
|
||||||
|
curl https://nix.example.com
|
||||||
|
# output: nix repo
|
||||||
|
```
|
||||||
|
|
||||||
|
### Binary cache
|
||||||
|
|
||||||
|
To serve binaries as part of your cache, you need to sign them with a key specific to nix.
|
||||||
|
You can generate the keypair as follow:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
nix-store --generate-binary-cache-key <name> cache-priv-key.pem cache-pub-key.pem
|
||||||
|
```
|
||||||
|
|
||||||
|
You can then manually sign the packages of your store with the following command:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
nix sign-paths --all -k cache-priv-key.pem
|
||||||
|
```
|
||||||
|
|
||||||
|
Setting a key in `nix.conf` will do the signature at build time automatically without additional commands.
|
||||||
|
Edit the `nix.conf` of your builder:
|
||||||
|
|
||||||
|
```toml
|
||||||
|
secret-key-files = /etc/nix/cache-priv-key.pem
|
||||||
|
```
|
||||||
|
|
||||||
|
Now that your content is signed, you can copy a derivation to your cache.
|
||||||
|
For example, if you want to copy a specific derivation of your store:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
nix copy /nix/store/wadmyilr414n7bimxysbny876i2vlm5r-bash-5.1-p8 --to 's3://nix?endpoint=garage.example.com®ion=garage'
|
||||||
|
```
|
||||||
|
|
||||||
|
*Note that if you have not signed your packages, you can append to the end of your S3 URL `&secret-key=/etc/nix/cache-priv-key.pem`.*
|
||||||
|
|
||||||
|
Sometimes you don't want to hardcode this store path in your script.
|
||||||
|
Let suppose that you are working on a codebase that you build with `nix-build`, you can then run:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
nix copy $(nix-build) --to 's3://nix?endpoint=garage.example.com®ion=garage'
|
||||||
|
```
|
||||||
|
|
||||||
|
*This command works because the only thing that `nix-build` outputs on stdout is the paths of the built derivations in your nix store.*
|
||||||
|
|
||||||
|
You can include your derivation dependencies:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
nix copy $(nix-store -qR $(nix-build)) --to 's3://nix?endpoint=garage.example.com®ion=garage'
|
||||||
|
```
|
||||||
|
|
||||||
|
Now, your binary cache stores your derivation and all its dependencies.
|
||||||
|
Just inform your users that they must update their `nix.conf` file with the following lines:
|
||||||
|
|
||||||
|
```toml
|
||||||
|
substituters = https://cache.nixos.org https://nix.example.com
|
||||||
|
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix.example.com:eTGL6kvaQn6cDR/F9lDYUIP9nCVR/kkshYfLDJf1yKs=
|
||||||
|
```
|
||||||
|
|
||||||
|
*You must re-add cache.nixorg.org because redeclaring these keys override the previous configuration instead of extending it.*
|
||||||
|
|
||||||
|
Now, when your clients will run `nix-build` or any command that generates a derivation for which a hash is already present
|
||||||
|
on the binary cache, the client will download the result from the cache instead of compiling it, saving lot of time and CPU!
|
||||||
|
|
||||||
|
|
||||||
|
### Channels
|
||||||
|
|
||||||
|
Channels additionnaly serve Nix definitions, ie. a `.nix` file referencing
|
||||||
|
all the derivations you want to serve.
|
||||||
|
|
||||||
|
## Gitlab
|
||||||
|
|
||||||
|
*External link:* [Gitlab Documentation > Object storage](https://docs.gitlab.com/ee/administration/object_storage.html)
|
||||||
|
|
||||||
|
|
86
doc/book/connect/websites.md
Normal file
|
@ -0,0 +1,86 @@
|
||||||
|
+++
|
||||||
|
title = "Websites (Hugo, Jekyll, Publii...)"
|
||||||
|
weight = 10
|
||||||
|
+++
|
||||||
|
|
||||||
|
Garage is also suitable to host static websites.
|
||||||
|
While they can be deployed with traditional CLI tools, some static website generators have integrated options to ease your workflow.
|
||||||
|
|
||||||
|
| Name | Status | Note |
|
||||||
|
|------|--------|------|
|
||||||
|
| [Hugo](#hugo) | ✅ | Publishing logic is integrated in the tool |
|
||||||
|
| [Publii](#publii) | ✅ | Require a correctly configured s3 vhost endpoint |
|
||||||
|
| [Generic Static Site Generator](#generic-static-site-generator) | ✅ | Works for Jekyll, Zola, Gatsby, Pelican, etc. |
|
||||||
|
|
||||||
|
## Hugo
|
||||||
|
|
||||||
|
Add to your `config.toml` the following section:
|
||||||
|
|
||||||
|
```toml
|
||||||
|
[[deployment.targets]]
|
||||||
|
URL = "s3://<bucket>?endpoint=<endpoint>&disableSSL=<bool>&s3ForcePathStyle=true®ion=garage"
|
||||||
|
```
|
||||||
|
|
||||||
|
For example:
|
||||||
|
|
||||||
|
```toml
|
||||||
|
[[deployment.targets]]
|
||||||
|
URL = "s3://my-blog?endpoint=localhost:9000&disableSSL=true&s3ForcePathStyle=true®ion=garage"
|
||||||
|
```
|
||||||
|
|
||||||
|
Then inform hugo of your credentials:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
export AWS_ACCESS_KEY_ID=GKxxx
|
||||||
|
export AWS_SECRET_ACCESS_KEY=xxx
|
||||||
|
```
|
||||||
|
|
||||||
|
And finally build and deploy your website:
|
||||||
|
|
||||||
|
```bsh
|
||||||
|
hugo
|
||||||
|
hugo deploy
|
||||||
|
```
|
||||||
|
|
||||||
|
*External links:*
|
||||||
|
- [gocloud.dev > aws > Supported URL parameters](https://pkg.go.dev/gocloud.dev/aws?utm_source=godoc#ConfigFromURLParams)
|
||||||
|
- [Hugo Documentation > hugo deploy](https://gohugo.io/hosting-and-deployment/hugo-deploy/)
|
||||||
|
|
||||||
|
## Publii
|
||||||
|
|
||||||
|
[![A screenshot of Publii's GUI](./publii.png)](./publii.png)
|
||||||
|
|
||||||
|
Deploying a website to Garage from Publii is natively supported.
|
||||||
|
First, make sure that your Garage administrator allowed and configured Garage to support vhost access style.
|
||||||
|
We also suppose that your bucket ("my-bucket") and key is already created and configured.
|
||||||
|
|
||||||
|
Then, from the left menu, click on server. Choose "S3" as the protocol.
|
||||||
|
In the configuration window, enter:
|
||||||
|
- Your finale website URL (eg. "http://my-bucket.web.garage.localhost:3902")
|
||||||
|
- Tick "Use a custom S3 provider"
|
||||||
|
- Set the S3 endpoint, (eg. "http://s3.garage.localhost:3900")
|
||||||
|
- Then put your access key (eg. "GK..."), your secret key, and your bucket (eg. "my-bucket")
|
||||||
|
- And hit the button "Save settings"
|
||||||
|
|
||||||
|
Now, each time you want to publish your website from Publii, just hit the bottom left button "Sync your website"!
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## Generic Static Site Generator
|
||||||
|
|
||||||
|
Some tools do not support sending to a S3 backend but output a compiled folder on your system.
|
||||||
|
We can then use any CLI tool to upload this content to our S3 target.
|
||||||
|
|
||||||
|
First, start by [configuring minio client](@/documentation/connect/cli.md#minio-client).
|
||||||
|
|
||||||
|
Then build your website (example for jekyll):
|
||||||
|
|
||||||
|
```bash
|
||||||
|
jekyll build
|
||||||
|
```
|
||||||
|
|
||||||
|
And copy its output folder (`_site` for Jekyll) on S3:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
mc mirror --overwrite _site garage/my-site
|
||||||
|
```
|
31
doc/book/cookbook/_index.md
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
+++
|
||||||
|
title="Cookbook"
|
||||||
|
template = "documentation.html"
|
||||||
|
weight = 2
|
||||||
|
sort_by = "weight"
|
||||||
|
+++
|
||||||
|
|
||||||
|
A cookbook, when you cook, is a collection of recipes.
|
||||||
|
Similarly, Garage's cookbook contains a collection of recipes that are known to works well!
|
||||||
|
This chapter could also be referred as "Tutorials" or "Best practices".
|
||||||
|
|
||||||
|
- **[Multi-node deployment](@/documentation/cookbook/real-world.md):** This page will walk you through all of the necessary
|
||||||
|
steps to deploy Garage in a real-world setting.
|
||||||
|
|
||||||
|
- **[Building from source](@/documentation/cookbook/from-source.md):** This page explains how to build Garage from
|
||||||
|
source in case a binary is not provided for your architecture, or if you want to
|
||||||
|
hack with us!
|
||||||
|
|
||||||
|
- **[Integration with Systemd](@/documentation/cookbook/systemd.md):** This page explains how to run Garage
|
||||||
|
as a Systemd service (instead of as a Docker container).
|
||||||
|
|
||||||
|
- **[Configuring a gateway node](@/documentation/cookbook/gateways.md):** This page explains how to run a gateway node in a Garage cluster, i.e. a Garage node that doesn't store data but accelerates access to data present on the other nodes.
|
||||||
|
|
||||||
|
- **[Hosting a website](@/documentation/cookbook/exposing-websites.md):** This page explains how to use Garage
|
||||||
|
to host a static website.
|
||||||
|
|
||||||
|
- **[Configuring a reverse-proxy](@/documentation/cookbook/reverse-proxy.md):** This page explains how to configure a reverse-proxy to add TLS support to your S3 api endpoint.
|
||||||
|
|
||||||
|
- **[Recovering from failures](@/documentation/cookbook/recovering.md):** Garage's first selling point is resilience
|
||||||
|
to hardware failures. This section explains how to recover from such a failure in the
|
||||||
|
best possible way.
|
69
doc/book/cookbook/exposing-websites.md
Normal file
|
@ -0,0 +1,69 @@
|
||||||
|
+++
|
||||||
|
title = "Exposing buckets as websites"
|
||||||
|
weight = 25
|
||||||
|
+++
|
||||||
|
|
||||||
|
## Configuring a bucket for website access
|
||||||
|
|
||||||
|
There are two methods to expose buckets as website:
|
||||||
|
|
||||||
|
1. using the PutBucketWebsite S3 API call, which is allowed for access keys that have the owner permission bit set
|
||||||
|
|
||||||
|
2. from the Garage CLI, by an adminstrator of the cluster
|
||||||
|
|
||||||
|
The `PutBucketWebsite` API endpoint [is documented](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketWebsite.html) in the official AWS docs.
|
||||||
|
This endpoint can also be called [using `aws s3api`](https://docs.aws.amazon.com/cli/latest/reference/s3api/put-bucket-website.html) on the command line.
|
||||||
|
The website configuration supported by Garage is only a subset of the possibilities on Amazon S3: redirections are not supported, only the index document and error document can be specified.
|
||||||
|
|
||||||
|
If you want to expose your bucket as a website from the CLI, use this simple command:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
garage bucket website --allow my-website
|
||||||
|
```
|
||||||
|
|
||||||
|
Now it will be **publicly** exposed on the web endpoint (by default listening on port 3902).
|
||||||
|
|
||||||
|
## How exposed websites work
|
||||||
|
|
||||||
|
Our website serving logic is as follow:
|
||||||
|
|
||||||
|
- Supports only static websites (no support for PHP or other languages)
|
||||||
|
- Does not support directory listing
|
||||||
|
- The index file is defined per-bucket and can be specified in the `PutBucketWebsite` call
|
||||||
|
or on the CLI using the `--index-document` parameter (default: `index.html`)
|
||||||
|
- A custom error document for 404 errors can be specified in the `PutBucketWebsite` call
|
||||||
|
or on the CLI using the `--error-document` parameter
|
||||||
|
|
||||||
|
Now we need to infer the URL of your website through your bucket name.
|
||||||
|
Let assume:
|
||||||
|
- we set `root_domain = ".web.example.com"` in `garage.toml` ([ref](@/documentation/reference-manual/configuration.md#root_domain))
|
||||||
|
- our bucket name is `garagehq.deuxfleurs.fr`.
|
||||||
|
|
||||||
|
Our bucket will be served if the Host field matches one of these 2 values (the port is ignored):
|
||||||
|
|
||||||
|
- `garagehq.deuxfleurs.fr.web.example.com`: you can dedicate a subdomain to your users (here `web.example.com`).
|
||||||
|
|
||||||
|
- `garagehq.deuxfleurs.fr`: your users can bring their own domain name, they just need to point them to your Garage cluster.
|
||||||
|
|
||||||
|
You can try this logic locally, without configuring any DNS, thanks to `curl`:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# prepare your test
|
||||||
|
echo hello world > /tmp/index.html
|
||||||
|
mc cp /tmp/index.html garage/garagehq.deuxfleurs.fr
|
||||||
|
|
||||||
|
curl -H 'Host: garagehq.deuxfleurs.fr' http://localhost:3902
|
||||||
|
# should print "hello world"
|
||||||
|
|
||||||
|
curl -H 'Host: garagehq.deuxfleurs.fr.web.example.com' http://localhost:3902
|
||||||
|
# should also print "hello world"
|
||||||
|
```
|
||||||
|
|
||||||
|
Now that you understand how website logic works on Garage, you can:
|
||||||
|
|
||||||
|
- make the website endpoint listens on port 80 (instead of 3902)
|
||||||
|
- use iptables to redirect the port 80 to the port 3902:
|
||||||
|
`iptables -t nat -A PREROUTING -p tcp -dport 80 -j REDIRECT -to-port 3902`
|
||||||
|
- or configure a [reverse proxy](@/documentation/cookbook/reverse-proxy.md) in front of Garage to add TLS (HTTPS), CORS support, etc.
|
||||||
|
|
||||||
|
You can also take a look at [Website Integration](@/documentation/connect/websites.md) to see how you can add Garage to your workflow.
|
59
doc/book/cookbook/from-source.md
Normal file
|
@ -0,0 +1,59 @@
|
||||||
|
+++
|
||||||
|
title = "Compiling Garage from source"
|
||||||
|
weight = 10
|
||||||
|
+++
|
||||||
|
|
||||||
|
|
||||||
|
Garage is a standard Rust project. First, you need `rust` and `cargo`. For instance on Debian:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo apt-get update
|
||||||
|
sudo apt-get install -y rustc cargo
|
||||||
|
```
|
||||||
|
|
||||||
|
You can also use [Rustup](https://rustup.rs/) to setup a Rust toolchain easily.
|
||||||
|
|
||||||
|
In addition, you will need a full C toolchain. On Debian-based distributions, it can be installed as follows:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo apt-get update
|
||||||
|
sudo apt-get install build-essential
|
||||||
|
```
|
||||||
|
|
||||||
|
## Using source from `crates.io`
|
||||||
|
|
||||||
|
Garage's source code is published on `crates.io`, Rust's official package repository.
|
||||||
|
This means you can simply ask `cargo` to download and build this source code for you:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
cargo install garage
|
||||||
|
```
|
||||||
|
|
||||||
|
That's all, `garage` should be in `$HOME/.cargo/bin`.
|
||||||
|
|
||||||
|
You can add this folder to your `$PATH` or copy the binary somewhere else on your system.
|
||||||
|
For instance:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo cp $HOME/.cargo/bin/garage /usr/local/bin/garage
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
## Using source from the Gitea repository
|
||||||
|
|
||||||
|
The primary location for Garage's source code is the
|
||||||
|
[Gitea repository](https://git.deuxfleurs.fr/Deuxfleurs/garage).
|
||||||
|
|
||||||
|
Clone the repository and build Garage with the following commands:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
git clone https://git.deuxfleurs.fr/Deuxfleurs/garage.git
|
||||||
|
cd garage
|
||||||
|
cargo build
|
||||||
|
```
|
||||||
|
|
||||||
|
Be careful, as this will make a debug build of Garage, which will be extremely slow!
|
||||||
|
To make a release build, invoke `cargo build --release` (this takes much longer).
|
||||||
|
|
||||||
|
The binaries built this way are found in `target/{debug,release}/garage`.
|
||||||
|
|
39
doc/book/cookbook/gateways.md
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
+++
|
||||||
|
title = "Configuring a gateway node"
|
||||||
|
weight = 20
|
||||||
|
+++
|
||||||
|
|
||||||
|
Gateways allow you to expose Garage endpoints (S3 API and websites) without storing data on the node.
|
||||||
|
|
||||||
|
## Benefits
|
||||||
|
|
||||||
|
You can configure Garage as a gateway on all nodes that will consume your S3 API, it will provide you the following benefits:
|
||||||
|
|
||||||
|
- **It removes 1 or 2 network RTT.** Instead of (querying your reverse proxy then) querying a random node of the cluster that will forward your request to the nodes effectively storing the data, your local gateway will directly knows which node to query.
|
||||||
|
|
||||||
|
- **It eases server management.** Instead of tracking in your reverse proxy and DNS what are the current Garage nodes, your gateway being part of the cluster keeps this information for you. In your software, you will always specify `http://localhost:3900`.
|
||||||
|
|
||||||
|
- **It simplifies security.** Instead of having to maintain and renew a TLS certificate, you leverage the Secret Handshake protocol we use for our cluster. The S3 API protocol will be in plain text but limited to your local machine.
|
||||||
|
|
||||||
|
|
||||||
|
## Spawn a Gateway
|
||||||
|
|
||||||
|
The instructions are similar to a regular node, the only option that is different is while configuring the node, you must set the `--gateway` parameter:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
garage layout assign --gateway --tag gw1 <node_id>
|
||||||
|
garage layout show # review the changes you are making
|
||||||
|
garage layout apply # once satisfied, apply the changes
|
||||||
|
```
|
||||||
|
|
||||||
|
Then use `http://localhost:3900` when a S3 endpoint is required:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
aws --endpoint-url http://127.0.0.1:3900 s3 ls
|
||||||
|
```
|
||||||
|
|
||||||
|
If a newly added gateway node seems to not be working, do a full table resync to ensure that bucket and key list are correctly propagated:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
garage repair -a --yes tables
|
||||||
|
```
|
302
doc/book/cookbook/real-world.md
Normal file
|
@ -0,0 +1,302 @@
|
||||||
|
+++
|
||||||
|
title = "Deployment on a cluster"
|
||||||
|
weight = 5
|
||||||
|
+++
|
||||||
|
|
||||||
|
To run Garage in cluster mode, we recommend having at least 3 nodes.
|
||||||
|
This will allow you to setup Garage for three-way replication of your data,
|
||||||
|
the safest and most available mode proposed by Garage.
|
||||||
|
|
||||||
|
We recommend first following the [quick start guide](@/documentation/quick-start/_index.md) in order
|
||||||
|
to get familiar with Garage's command line and usage patterns.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## Prerequisites
|
||||||
|
|
||||||
|
To run a real-world deployment, make sure the following conditions are met:
|
||||||
|
|
||||||
|
- You have at least three machines with sufficient storage space available.
|
||||||
|
|
||||||
|
- Each machine has a public IP address which is reachable by other machines.
|
||||||
|
Running behind a NAT is likely to be possible but hasn't been tested for the latest version (TODO).
|
||||||
|
|
||||||
|
- Ideally, each machine should have a SSD available in addition to the HDD you are dedicating
|
||||||
|
to Garage. This will allow for faster access to metadata and has the potential
|
||||||
|
to significantly reduce Garage's response times.
|
||||||
|
|
||||||
|
- This guide will assume you are using Docker containers to deploy Garage on each node.
|
||||||
|
Garage can also be run independently, for instance as a [Systemd service](@/documentation/cookbook/systemd.md).
|
||||||
|
You can also use an orchestrator such as Nomad or Kubernetes to automatically manage
|
||||||
|
Docker containers on a fleet of nodes.
|
||||||
|
|
||||||
|
Before deploying Garage on your infrastructure, you must inventory your machines.
|
||||||
|
For our example, we will suppose the following infrastructure with IPv6 connectivity:
|
||||||
|
|
||||||
|
| Location | Name | IP Address | Disk Space |
|
||||||
|
|----------|---------|------------|------------|
|
||||||
|
| Paris | Mercury | fc00:1::1 | 1 TB |
|
||||||
|
| Paris | Venus | fc00:1::2 | 2 TB |
|
||||||
|
| London | Earth | fc00:B::1 | 2 TB |
|
||||||
|
| Brussels | Mars | fc00:F::1 | 1.5 TB |
|
||||||
|
|
||||||
|
Note that Garage will **always** store the three copies of your data on nodes at different
|
||||||
|
locations. This means that in the case of this small example, the available capacity
|
||||||
|
of the cluster is in fact only 1.5 TB, because nodes in Brussels can't store more than that.
|
||||||
|
This also means that nodes in Paris and London will be under-utilized.
|
||||||
|
To make better use of the available hardware, you should ensure that the capacity
|
||||||
|
available in the different locations of your cluster is roughly the same.
|
||||||
|
For instance, here, the Mercury node could be moved to Brussels; this would allow the cluster
|
||||||
|
to store 2 TB of data in total.
|
||||||
|
|
||||||
|
## Get a Docker image
|
||||||
|
|
||||||
|
Our docker image is currently named `dxflrs/amd64_garage` and is stored on the [Docker Hub](https://hub.docker.com/r/dxflrs/amd64_garage/tags?page=1&ordering=last_updated).
|
||||||
|
We encourage you to use a fixed tag (eg. `v0.4.0`) and not the `latest` tag.
|
||||||
|
For this example, we will use the latest published version at the time of the writing which is `v0.4.0` but it's up to you
|
||||||
|
to check [the most recent versions on the Docker Hub](https://hub.docker.com/r/dxflrs/amd64_garage/tags?page=1&ordering=last_updated).
|
||||||
|
|
||||||
|
For example:
|
||||||
|
|
||||||
|
```
|
||||||
|
sudo docker pull dxflrs/amd64_garage:v0.4.0
|
||||||
|
```
|
||||||
|
|
||||||
|
## Deploying and configuring Garage
|
||||||
|
|
||||||
|
On each machine, we will have a similar setup,
|
||||||
|
especially you must consider the following folders/files:
|
||||||
|
|
||||||
|
- `/etc/garage.toml`: Garage daemon's configuration (see below)
|
||||||
|
|
||||||
|
- `/var/lib/garage/meta/`: Folder containing Garage's metadata,
|
||||||
|
put this folder on a SSD if possible
|
||||||
|
|
||||||
|
- `/var/lib/garage/data/`: Folder containing Garage's data,
|
||||||
|
this folder will be your main data storage and must be on a large storage (e.g. large HDD)
|
||||||
|
|
||||||
|
|
||||||
|
A valid `/etc/garage/garage.toml` for our cluster would look as follows:
|
||||||
|
|
||||||
|
```toml
|
||||||
|
metadata_dir = "/var/lib/garage/meta"
|
||||||
|
data_dir = "/var/lib/garage/data"
|
||||||
|
|
||||||
|
replication_mode = "3"
|
||||||
|
|
||||||
|
compression_level = 2
|
||||||
|
|
||||||
|
rpc_bind_addr = "[::]:3901"
|
||||||
|
rpc_public_addr = "<this node's public IP>:3901"
|
||||||
|
rpc_secret = "<RPC secret>"
|
||||||
|
|
||||||
|
bootstrap_peers = []
|
||||||
|
|
||||||
|
[s3_api]
|
||||||
|
s3_region = "garage"
|
||||||
|
api_bind_addr = "[::]:3900"
|
||||||
|
root_domain = ".s3.garage"
|
||||||
|
|
||||||
|
[s3_web]
|
||||||
|
bind_addr = "[::]:3902"
|
||||||
|
root_domain = ".web.garage"
|
||||||
|
index = "index.html"
|
||||||
|
```
|
||||||
|
|
||||||
|
Check the following for your configuration files:
|
||||||
|
|
||||||
|
- Make sure `rpc_public_addr` contains the public IP address of the node you are configuring.
|
||||||
|
This parameter is optional but recommended: if your nodes have trouble communicating with
|
||||||
|
one another, consider adding it.
|
||||||
|
|
||||||
|
- Make sure `rpc_secret` is the same value on all nodes. It should be a 32-bytes hex-encoded secret key.
|
||||||
|
You can generate such a key with `openssl rand -hex 32`.
|
||||||
|
|
||||||
|
## Starting Garage using Docker
|
||||||
|
|
||||||
|
On each machine, you can run the daemon with:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
docker run \
|
||||||
|
-d \
|
||||||
|
--name garaged \
|
||||||
|
--restart always \
|
||||||
|
--network host \
|
||||||
|
-v /etc/garage.toml:/etc/garage.toml \
|
||||||
|
-v /var/lib/garage/meta:/var/lib/garage/meta \
|
||||||
|
-v /var/lib/garage/data:/var/lib/garage/data \
|
||||||
|
lxpz/garage_amd64:v0.4.0
|
||||||
|
```
|
||||||
|
|
||||||
|
It should be restarted automatically at each reboot.
|
||||||
|
Please note that we use host networking as otherwise Docker containers
|
||||||
|
can not communicate with IPv6.
|
||||||
|
|
||||||
|
Upgrading between Garage versions should be supported transparently,
|
||||||
|
but please check the relase notes before doing so!
|
||||||
|
To upgrade, simply stop and remove this container and
|
||||||
|
start again the command with a new version of Garage.
|
||||||
|
|
||||||
|
## Controling the daemon
|
||||||
|
|
||||||
|
The `garage` binary has two purposes:
|
||||||
|
- it acts as a daemon when launched with `garage server`
|
||||||
|
- it acts as a control tool for the daemon when launched with any other command
|
||||||
|
|
||||||
|
Ensure an appropriate `garage` binary (the same version as your Docker image) is available in your path.
|
||||||
|
If your configuration file is at `/etc/garage.toml`, the `garage` binary should work with no further change.
|
||||||
|
|
||||||
|
You can test your `garage` CLI utility by running a simple command such as:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
garage status
|
||||||
|
```
|
||||||
|
|
||||||
|
At this point, nodes are not yet talking to one another.
|
||||||
|
Your output should therefore look like follows:
|
||||||
|
|
||||||
|
```
|
||||||
|
Mercury$ garage status
|
||||||
|
==== HEALTHY NODES ====
|
||||||
|
ID Hostname Address Tag Zone Capacity
|
||||||
|
563e1ac825ee3323… Mercury [fc00:1::1]:3901 NO ROLE ASSIGNED
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
## Connecting nodes together
|
||||||
|
|
||||||
|
When your Garage nodes first start, they will generate a local node identifier
|
||||||
|
(based on a public/private key pair).
|
||||||
|
|
||||||
|
To obtain the node identifier of a node, once it is generated,
|
||||||
|
run `garage node id`.
|
||||||
|
This will print keys as follows:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
Mercury$ garage node id
|
||||||
|
563e1ac825ee3323aa441e72c26d1030d6d4414aeb3dd25287c531e7fc2bc95d@[fc00:1::1]:3901
|
||||||
|
|
||||||
|
Venus$ garage node id
|
||||||
|
86f0f26ae4afbd59aaf9cfb059eefac844951efd5b8caeec0d53f4ed6c85f332@[fc00:1::2]:3901
|
||||||
|
|
||||||
|
etc.
|
||||||
|
```
|
||||||
|
|
||||||
|
You can then instruct nodes to connect to one another as follows:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# Instruct Venus to connect to Mercury (this will establish communication both ways)
|
||||||
|
Venus$ garage node connect 563e1ac825ee3323aa441e72c26d1030d6d4414aeb3dd25287c531e7fc2bc95d@[fc00:1::1]:3901
|
||||||
|
```
|
||||||
|
|
||||||
|
You don't nead to instruct all node to connect to all other nodes:
|
||||||
|
nodes will discover one another transitively.
|
||||||
|
|
||||||
|
Now if your run `garage status` on any node, you should have an output that looks as follows:
|
||||||
|
|
||||||
|
```
|
||||||
|
==== HEALTHY NODES ====
|
||||||
|
ID Hostname Address Tag Zone Capacity
|
||||||
|
563e1ac825ee3323… Mercury [fc00:1::1]:3901 NO ROLE ASSIGNED
|
||||||
|
86f0f26ae4afbd59… Venus [fc00:1::2]:3901 NO ROLE ASSIGNED
|
||||||
|
68143d720f20c89d… Earth [fc00:B::1]:3901 NO ROLE ASSIGNED
|
||||||
|
212f7572f0c89da9… Mars [fc00:F::1]:3901 NO ROLE ASSIGNED
|
||||||
|
```
|
||||||
|
|
||||||
|
## Creating a cluster layout
|
||||||
|
|
||||||
|
We will now inform Garage of the disk space available on each node of the cluster
|
||||||
|
as well as the zone (e.g. datacenter) in which each machine is located.
|
||||||
|
This information is called the **cluster layout** and consists
|
||||||
|
of a role that is assigned to each active cluster node.
|
||||||
|
|
||||||
|
For our example, we will suppose we have the following infrastructure
|
||||||
|
(Capacity, Identifier and Zone are specific values to Garage described in the following):
|
||||||
|
|
||||||
|
| Location | Name | Disk Space | `Capacity` | `Identifier` | `Zone` |
|
||||||
|
|----------|---------|------------|------------|--------------|--------------|
|
||||||
|
| Paris | Mercury | 1 TB | `10` | `563e` | `par1` |
|
||||||
|
| Paris | Venus | 2 TB | `20` | `86f0` | `par1` |
|
||||||
|
| London | Earth | 2 TB | `20` | `6814` | `lon1` |
|
||||||
|
| Brussels | Mars | 1.5 TB | `15` | `212f` | `bru1` |
|
||||||
|
|
||||||
|
#### Node identifiers
|
||||||
|
|
||||||
|
After its first launch, Garage generates a random and unique identifier for each nodes, such as:
|
||||||
|
|
||||||
|
```
|
||||||
|
563e1ac825ee3323aa441e72c26d1030d6d4414aeb3dd25287c531e7fc2bc95d
|
||||||
|
```
|
||||||
|
|
||||||
|
Often a shorter form can be used, containing only the beginning of the identifier, like `563e`,
|
||||||
|
which identifies the server "Mercury" located in "Paris" according to our previous table.
|
||||||
|
|
||||||
|
The most simple way to match an identifier to a node is to run:
|
||||||
|
|
||||||
|
```
|
||||||
|
garage status
|
||||||
|
```
|
||||||
|
|
||||||
|
It will display the IP address associated with each node;
|
||||||
|
from the IP address you will be able to recognize the node.
|
||||||
|
|
||||||
|
#### Zones
|
||||||
|
|
||||||
|
Zones are simply a user-chosen identifier that identify a group of server that are grouped together logically.
|
||||||
|
It is up to the system administrator deploying Garage to identify what does "grouped together" means.
|
||||||
|
|
||||||
|
In most cases, a zone will correspond to a geographical location (i.e. a datacenter).
|
||||||
|
Behind the scene, Garage will use zone definition to try to store the same data on different zones,
|
||||||
|
in order to provide high availability despite failure of a zone.
|
||||||
|
|
||||||
|
#### Capacity
|
||||||
|
|
||||||
|
Garage reasons on an abstract metric about disk storage that is named the *capacity* of a node.
|
||||||
|
The capacity configured in Garage must be proportional to the disk space dedicated to the node.
|
||||||
|
|
||||||
|
Capacity values must be **integers** but can be given any signification.
|
||||||
|
Here we chose that 1 unit of capacity = 100 GB.
|
||||||
|
|
||||||
|
Note that the amount of data stored by Garage on each server may not be strictly proportional to
|
||||||
|
its capacity value, as Garage will priorize having 3 copies of data in different zones,
|
||||||
|
even if this means that capacities will not be strictly respected. For example in our above examples,
|
||||||
|
nodes Earth and Mars will always store a copy of everything each, and the third copy will
|
||||||
|
have 66% chance of being stored by Venus and 33% chance of being stored by Mercury.
|
||||||
|
|
||||||
|
#### Injecting the topology
|
||||||
|
|
||||||
|
Given the information above, we will configure our cluster as follow:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
garage layout assign 563e -z par1 -c 10 -t mercury
|
||||||
|
garage layout assign 86f0 -z par1 -c 20 -t venus
|
||||||
|
garage layout assign 6814 -z lon1 -c 20 -t earth
|
||||||
|
garage layout assign 212f -z bru1 -c 15 -t mars
|
||||||
|
```
|
||||||
|
|
||||||
|
At this point, the changes in the cluster layout have not yet been applied.
|
||||||
|
To show the new layout that will be applied, call:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
garage layout show
|
||||||
|
```
|
||||||
|
|
||||||
|
Once you are satisfied with your new layout, apply it with:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
garage layout apply
|
||||||
|
```
|
||||||
|
|
||||||
|
**WARNING:** if you want to use the layout modification commands in a script,
|
||||||
|
make sure to read [this page](@/documentation/reference-manual/layout.md) first.
|
||||||
|
|
||||||
|
|
||||||
|
## Using your Garage cluster
|
||||||
|
|
||||||
|
Creating buckets and managing keys is done using the `garage` CLI,
|
||||||
|
and is covered in the [quick start guide](@/documentation/quick-start/_index.md).
|
||||||
|
Remember also that the CLI is self-documented thanks to the `--help` flag and
|
||||||
|
the `help` subcommand (e.g. `garage help`, `garage key --help`).
|
||||||
|
|
||||||
|
Configuring S3-compatible applicatiosn to interact with Garage
|
||||||
|
is covered in the [Integrations](@/documentation/connect/_index.md) section.
|
110
doc/book/cookbook/recovering.md
Normal file
|
@ -0,0 +1,110 @@
|
||||||
|
+++
|
||||||
|
title = "Recovering from failures"
|
||||||
|
weight = 35
|
||||||
|
+++
|
||||||
|
|
||||||
|
Garage is meant to work on old, second-hand hardware.
|
||||||
|
In particular, this makes it likely that some of your drives will fail, and some manual intervention will be needed.
|
||||||
|
Fear not! For Garage is fully equipped to handle drive failures, in most common cases.
|
||||||
|
|
||||||
|
## A note on availability of Garage
|
||||||
|
|
||||||
|
With nodes dispersed in 3 zones or more, here are the guarantees Garage provides with the 3-way replication strategy (3 copies of all data, which is the recommended replication mode):
|
||||||
|
|
||||||
|
- The cluster remains fully functional as long as the machines that fail are in only one zone. This includes a whole zone going down due to power/Internet outage.
|
||||||
|
- No data is lost as long as the machines that fail are in at most two zones.
|
||||||
|
|
||||||
|
Of course this only works if your Garage nodes are correctly configured to be aware of the zone in which they are located.
|
||||||
|
Make sure this is the case using `garage status` to check on the state of your cluster's configuration.
|
||||||
|
|
||||||
|
In case of temporarily disconnected nodes, Garage should automatically re-synchronize
|
||||||
|
when the nodes come back up. This guide will deal with recovering from disk failures
|
||||||
|
that caused the loss of the data of a node.
|
||||||
|
|
||||||
|
|
||||||
|
## First option: removing a node
|
||||||
|
|
||||||
|
If you don't have spare parts (HDD, SDD) to replace the failed component, and if there are enough remaining nodes in your cluster
|
||||||
|
(at least 3), you can simply remove the failed node from Garage's configuration.
|
||||||
|
Note that if you **do** intend to replace the failed parts by new ones, using this method followed by adding back the node is **not recommended** (although it should work),
|
||||||
|
and you should instead use one of the methods detailed in the next sections.
|
||||||
|
|
||||||
|
Removing a node is done with the following command:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
garage layout remove <node_id>
|
||||||
|
garage layout show # review the changes you are making
|
||||||
|
garage layout apply # once satisfied, apply the changes
|
||||||
|
```
|
||||||
|
|
||||||
|
(you can get the `node_id` of the failed node by running `garage status`)
|
||||||
|
|
||||||
|
This will repartition the data and ensure that 3 copies of everything are present on the nodes that remain available.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## Replacement scenario 1: only data is lost, metadata is fine
|
||||||
|
|
||||||
|
The recommended deployment for Garage uses an SSD to store metadata, and an HDD to store blocks of data.
|
||||||
|
In the case where only a single HDD crashes, the blocks of data are lost but the metadata is still fine.
|
||||||
|
|
||||||
|
This is very easy to recover by setting up a new HDD to replace the failed one.
|
||||||
|
The node does not need to be fully replaced and the configuration doesn't need to change.
|
||||||
|
We just need to tell Garage to get back all the data blocks and store them on the new HDD.
|
||||||
|
|
||||||
|
First, set up a new HDD to store Garage's data directory on the failed node, and restart Garage using
|
||||||
|
the existing configuration. Then, run:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
garage repair -a --yes blocks
|
||||||
|
```
|
||||||
|
|
||||||
|
This will re-synchronize blocks of data that are missing to the new HDD, reading them from copies located on other nodes.
|
||||||
|
|
||||||
|
You can check on the advancement of this process by doing the following command:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
garage stats -a
|
||||||
|
```
|
||||||
|
|
||||||
|
Look out for the following output:
|
||||||
|
|
||||||
|
```
|
||||||
|
Block manager stats:
|
||||||
|
resync queue length: 26541
|
||||||
|
```
|
||||||
|
|
||||||
|
This indicates that one of the Garage node is in the process of retrieving missing data from other nodes.
|
||||||
|
This number decreases to zero when the node is fully synchronized.
|
||||||
|
|
||||||
|
|
||||||
|
## Replacement scenario 2: metadata (and possibly data) is lost
|
||||||
|
|
||||||
|
This scenario covers the case where a full node fails, i.e. both the metadata directory and
|
||||||
|
the data directory are lost, as well as the case where only the metadata directory is lost.
|
||||||
|
|
||||||
|
To replace the lost node, we will start from an empty metadata directory, which means
|
||||||
|
Garage will generate a new node ID for the replacement node.
|
||||||
|
We will thus need to remove the previous node ID from Garage's configuration and replace it by the ID of the new node.
|
||||||
|
|
||||||
|
If your data directory is stored on a separate drive and is still fine, you can keep it, but it is not necessary to do so.
|
||||||
|
In all cases, the data will be rebalanced and the replacement node will not store the same pieces of data
|
||||||
|
as were originally stored on the one that failed. So if you keep the data files, the rebalancing
|
||||||
|
might be faster but most of the pieces will be deleted anyway from the disk and replaced by other ones.
|
||||||
|
|
||||||
|
First, set up a new drive to store the metadata directory for the replacement node (a SSD is recommended),
|
||||||
|
and for the data directory if necessary. You can then start Garage on the new node.
|
||||||
|
The restarted node should generate a new node ID, and it should be shown with `NO ROLE ASSIGNED` in `garage status`.
|
||||||
|
The ID of the lost node should be shown in `garage status` in the section for disconnected/unavailable nodes.
|
||||||
|
|
||||||
|
Then, replace the broken node by the new one, using:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
garage layout assign <new_node_id> --replace <old_node_id> \
|
||||||
|
-c <capacity> -z <zone> -t <node_tag>
|
||||||
|
garage layout show # review the changes you are making
|
||||||
|
garage layout apply # once satisfied, apply the changes
|
||||||
|
```
|
||||||
|
|
||||||
|
Garage will then start synchronizing all required data on the new node.
|
||||||
|
This process can be monitored using the `garage stats -a` command.
|
145
doc/book/cookbook/reverse-proxy.md
Normal file
|
@ -0,0 +1,145 @@
|
||||||
|
+++
|
||||||
|
title = "Configuring a reverse proxy"
|
||||||
|
weight = 30
|
||||||
|
+++
|
||||||
|
|
||||||
|
The main reason to add a reverse proxy in front of Garage is to provide TLS to your users and serve multiple web services on port 443.
|
||||||
|
|
||||||
|
In production you will likely need your certificates signed by a certificate authority.
|
||||||
|
The most automated way is to use a provider supporting the [ACME protocol](https://datatracker.ietf.org/doc/html/rfc8555)
|
||||||
|
such as [Let's Encrypt](https://letsencrypt.org/), [ZeroSSL](https://zerossl.com/) or [Buypass Go SSL](https://www.buypass.com/ssl/products/acme).
|
||||||
|
|
||||||
|
If you are only testing Garage, you can generate a self-signed certificate to follow the documentation:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
openssl req \
|
||||||
|
-new \
|
||||||
|
-x509 \
|
||||||
|
-keyout /tmp/garage.key \
|
||||||
|
-out /tmp/garage.crt \
|
||||||
|
-nodes \
|
||||||
|
-subj "/C=XX/ST=XX/L=XX/O=XX/OU=XX/CN=localhost/emailAddress=X@X.XX" \
|
||||||
|
-addext "subjectAltName = DNS:localhost, IP:127.0.0.1"
|
||||||
|
|
||||||
|
cat /tmp/garage.key /tmp/garage.crt > /tmp/garage.pem
|
||||||
|
```
|
||||||
|
|
||||||
|
Be careful as you will need to allow self signed certificates in your client.
|
||||||
|
For example, with minio, you must add the `--insecure` flag.
|
||||||
|
An example:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
mc ls --insecure garage/
|
||||||
|
```
|
||||||
|
|
||||||
|
## socat (only for testing purposes)
|
||||||
|
|
||||||
|
If you want to test Garage with a TLS frontend, socat can do it for you in a single command:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
socat \
|
||||||
|
"openssl-listen:443,\
|
||||||
|
reuseaddr,\
|
||||||
|
fork,\
|
||||||
|
verify=0,\
|
||||||
|
cert=/tmp/garage.pem" \
|
||||||
|
tcp4-connect:localhost:3900
|
||||||
|
```
|
||||||
|
|
||||||
|
## Nginx
|
||||||
|
|
||||||
|
Nginx is a well-known reverse proxy suitable for production.
|
||||||
|
We do the configuration in 3 steps: first we define the upstream blocks ("the backends")
|
||||||
|
then we define the server blocks ("the frontends") for the S3 endpoint and finally for the web endpoint.
|
||||||
|
|
||||||
|
The following configuration blocks can be all put in the same `/etc/nginx/sites-available/garage.conf`.
|
||||||
|
To make your configuration active, run `ln -s /etc/nginx/sites-available/garage.conf /etc/nginx/sites-enabled/`.
|
||||||
|
If you directly put the instructions in the root `nginx.conf`, keep in mind that these configurations must be enclosed inside a `http { }` block.
|
||||||
|
|
||||||
|
And do not forget to reload nginx with `systemctl reload nginx` or `nginx -s reload`.
|
||||||
|
|
||||||
|
### Exposing the S3 endpoints
|
||||||
|
|
||||||
|
First, we need to tell to nginx how to access our Garage cluster.
|
||||||
|
Because we have multiple nodes, we want to leverage all of them by spreading the load.
|
||||||
|
In nginx, we can do that with the `upstream` directive.
|
||||||
|
|
||||||
|
Then in a `server` directive, we define the vhosts, the TLS certificates and the proxy rule.
|
||||||
|
|
||||||
|
A possible configuration:
|
||||||
|
|
||||||
|
```nginx
|
||||||
|
upstream s3_backend {
|
||||||
|
# if you have a garage instance locally
|
||||||
|
server 127.0.0.1:3900;
|
||||||
|
# you can also put your other instances
|
||||||
|
server 192.168.1.3:3900;
|
||||||
|
# domain names also work
|
||||||
|
server garage1.example.com:3900;
|
||||||
|
# you can assign weights if you have some servers
|
||||||
|
# that are more powerful than others
|
||||||
|
server garage2.example.com:3900 weight=2;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen [::]:443 http2 ssl;
|
||||||
|
|
||||||
|
ssl_certificate /tmp/garage.crt;
|
||||||
|
ssl_certificate_key /tmp/garage.key;
|
||||||
|
|
||||||
|
# You need multiple server names here:
|
||||||
|
# - s3.garage.tld is used for path-based s3 requests
|
||||||
|
# - *.s3.garage.tld is used for vhost-based s3 requests
|
||||||
|
server_name s3.garage.tld *.s3.garage.tld;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://s3_backend;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
## Exposing the web endpoint
|
||||||
|
|
||||||
|
To better understand the logic involved, you can refer to the [Exposing buckets as websites](/cookbook/exposing_websites.html) section.
|
||||||
|
Otherwise, the configuration is very similar to the S3 endpoint.
|
||||||
|
You must only adapt `upstream` with the web port instead of the s3 port and change the `server_name` and `proxy_pass` entry
|
||||||
|
|
||||||
|
A possible configuration:
|
||||||
|
|
||||||
|
|
||||||
|
```nginx
|
||||||
|
upstream web_backend {
|
||||||
|
server 127.0.0.1:3902;
|
||||||
|
server 192.168.1.3:3902;
|
||||||
|
server garage1.example.com:3902;
|
||||||
|
server garage2.example.com:3902 weight=2;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen [::]:443 http2 ssl;
|
||||||
|
|
||||||
|
ssl_certificate /tmp/garage.crt;
|
||||||
|
ssl_certificate_key /tmp/garage.key;
|
||||||
|
|
||||||
|
# You need multiple server names here:
|
||||||
|
# - *.web.garage.tld is used for your users wanting a website without reserving a domain name
|
||||||
|
# - example.com, my-site.tld, etc. are reserved domain name by your users that chose to host their website as a garage's bucket
|
||||||
|
server_name *.web.garage.tld example.com my-site.tld;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://web_backend;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
## Apache httpd
|
||||||
|
|
||||||
|
@TODO
|
||||||
|
|
||||||
|
## Traefik
|
||||||
|
|
||||||
|
@TODO
|
53
doc/book/cookbook/systemd.md
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
+++
|
||||||
|
title = "Starting Garage with systemd"
|
||||||
|
weight = 15
|
||||||
|
+++
|
||||||
|
|
||||||
|
We make some assumptions for this systemd deployment.
|
||||||
|
|
||||||
|
- Your garage binary is located at `/usr/local/bin/garage`.
|
||||||
|
|
||||||
|
- Your configuration file is located at `/etc/garage.toml`.
|
||||||
|
|
||||||
|
- Your `garage.toml` must be set with `metadata_dir=/var/lib/garage/meta` and `data_dir=/var/lib/garage/data`. This is mandatory to use `systemd` hardening feature [Dynamic User](https://0pointer.net/blog/dynamic-users-with-systemd.html). Note that in your host filesystem, Garage data will be held in `/var/lib/private/garage`.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Create a file named `/etc/systemd/system/garage.service`:
|
||||||
|
|
||||||
|
```toml
|
||||||
|
[Unit]
|
||||||
|
Description=Garage Data Store
|
||||||
|
After=network-online.target
|
||||||
|
Wants=network-online.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Environment='RUST_LOG=garage=info' 'RUST_BACKTRACE=1'
|
||||||
|
ExecStart=/usr/local/bin/garage server
|
||||||
|
StateDirectory=garage
|
||||||
|
DynamicUser=true
|
||||||
|
ProtectHome=true
|
||||||
|
NoNewPrivileges=true
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
```
|
||||||
|
|
||||||
|
*A note on hardening: garage will be run as a non privileged user, its user id is dynamically allocated by systemd. It cannot access (read or write) home folders (/home, /root and /run/user), the rest of the filesystem can only be read but not written, only the path seen as /var/lib/garage is writable as seen by the service (mapped to /var/lib/private/garage on your host). Additionnaly, the process can not gain new privileges over time.*
|
||||||
|
|
||||||
|
To start the service then automatically enable it at boot:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo systemctl start garage
|
||||||
|
sudo systemctl enable garage
|
||||||
|
```
|
||||||
|
|
||||||
|
To see if the service is running and to browse its logs:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo systemctl status garage
|
||||||
|
sudo journalctl -u garage
|
||||||
|
```
|
||||||
|
|
||||||
|
If you want to modify the service file, do not forget to run `systemctl daemon-reload`
|
||||||
|
to inform `systemd` of your modifications.
|
50
doc/book/cookbook/upgrading.md
Normal file
|
@ -0,0 +1,50 @@
|
||||||
|
+++
|
||||||
|
title = "Upgrading Garage"
|
||||||
|
weight = 40
|
||||||
|
+++
|
||||||
|
|
||||||
|
Garage is a stateful clustered application, where all nodes are communicating together and share data structures.
|
||||||
|
It makes upgrade more difficult than stateless applications so you must be more careful when upgrading.
|
||||||
|
On a new version release, there is 2 possibilities:
|
||||||
|
- protocols and data structures remained the same ➡️ this is a **straightforward upgrade**
|
||||||
|
- protocols or data structures changed ➡️ this is an **advanced upgrade**
|
||||||
|
|
||||||
|
You can quickly now what type of update you will have to operate by looking at the version identifier.
|
||||||
|
Following the [SemVer ](https://semver.org/) terminology, if only the *patch* number changed, it will only need a straightforward upgrade.
|
||||||
|
Example: an upgrade from v0.6.0 from v0.6.1 is a straightforward upgrade.
|
||||||
|
If the *minor* or *major* number changed however, you will have to do an advanced upgrade. Example: from v0.6.1 to v0.7.0.
|
||||||
|
|
||||||
|
Migrations are designed to be run only between contiguous versions (from a *major*.*minor* perspective, *patches* can be skipped).
|
||||||
|
Example: migrations from v0.6.1 to v0.7.0 and from v0.6.0 to v0.7.0 are supported but migrations from v0.5.0 to v0.7.0 are not supported.
|
||||||
|
|
||||||
|
## Straightforward upgrades
|
||||||
|
|
||||||
|
Straightforward upgrades do not imply cluster downtime.
|
||||||
|
Before upgrading, you should still read [the changelog](https://git.deuxfleurs.fr/Deuxfleurs/garage/releases) and ideally test your deployment on a staging cluster before.
|
||||||
|
|
||||||
|
When you are ready, start by checking the health of your cluster.
|
||||||
|
You can force some checks with `garage repair`, we recommend at least running `garage repair --all-nodes --yes` that is very quick to run (less than a minute).
|
||||||
|
You will see that the command correctly terminated in the logs of your daemon.
|
||||||
|
|
||||||
|
Finally, you can simply upgrades nodes one by one.
|
||||||
|
For each node: stop it, install the new binary, edit the configuration if needed, restart it.
|
||||||
|
|
||||||
|
## Advanced upgrades
|
||||||
|
|
||||||
|
Advanced upgrades will imply cluster downtime.
|
||||||
|
Before upgrading, you must read [the changelog](https://git.deuxfleurs.fr/Deuxfleurs/garage/releases) and you must test your deployment on a staging cluster before.
|
||||||
|
|
||||||
|
From a high level perspective, an advanced upgrade looks like this:
|
||||||
|
1. Make sure the health of your cluster is good (see `garage repair`)
|
||||||
|
2. Disable API access (comment the configuration in your reverse proxy)
|
||||||
|
3. Check that your cluster is idle
|
||||||
|
4. Stop the whole cluster
|
||||||
|
5. Backup the metadata folder of all your nodes, so that you will be able to restore it quickly if the upgrade fails (blocks being immutable, they should not be impacted)
|
||||||
|
6. Install the new binary, update the configuration
|
||||||
|
7. Start the whole cluster
|
||||||
|
8. If needed, run the corresponding migration from `garage migrate`
|
||||||
|
9. Make sure the health of your cluster is good
|
||||||
|
10. Enable API access (uncomment the configuration in your reverse proxy)
|
||||||
|
11. Monitor your cluster while load comes back, check that all your applications are happy with this new version
|
||||||
|
|
||||||
|
We write guides for each advanced upgrade, they are stored under the "Working Documents" section of this documentation.
|
31
doc/book/design/_index.md
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
+++
|
||||||
|
title = "Design"
|
||||||
|
weight = 5
|
||||||
|
sort_by = "weight"
|
||||||
|
template = "documentation.html"
|
||||||
|
+++
|
||||||
|
|
||||||
|
The design section helps you to see Garage from a "big picture"
|
||||||
|
perspective. It will allow you to understand if Garage is a good fit for
|
||||||
|
you, how to better use it, how to contribute to it, what can Garage could
|
||||||
|
and could not do, etc.
|
||||||
|
|
||||||
|
- **[Goals and use cases](@/documentation/design/goals.md):** This page explains why Garage was concieved and what practical use cases it targets.
|
||||||
|
|
||||||
|
- **[Related work](@/documentation/design/related-work.md):** This pages presents the theoretical background on which Garage is built, and describes other software storage solutions and why they didn't work for us.
|
||||||
|
|
||||||
|
- **[Internals](@/documentation/design/internals.md):** This page enters into more details on how Garage manages data internally.
|
||||||
|
|
||||||
|
## Talks
|
||||||
|
|
||||||
|
We love to talk and hear about Garage, that's why we keep a log here:
|
||||||
|
|
||||||
|
- [(fr, 2021-11-13, video) Garage : Mille et une façons de stocker vos données](https://video.tedomum.net/w/moYKcv198dyMrT8hCS5jz9) and [slides (html)](https://rfid.deuxfleurs.fr/presentations/2021-11-13/garage/) - during [RFID#1](https://rfid.deuxfleurs.fr/programme/2021-11-13/) event
|
||||||
|
|
||||||
|
- [(en, 2021-04-28) Distributed object storage is centralised](https://git.deuxfleurs.fr/Deuxfleurs/garage/raw/commit/b1f60579a13d3c5eba7f74b1775c84639ea9b51a/doc/talks/2021-04-28_spirals-team/talk.pdf)
|
||||||
|
|
||||||
|
- [(fr, 2020-12-02) Garage : jouer dans la cour des grands quand on est un hébergeur associatif](https://git.deuxfleurs.fr/Deuxfleurs/garage/raw/commit/b1f60579a13d3c5eba7f74b1775c84639ea9b51a/doc/talks/2020-12-02_wide-team/talk.pdf)
|
||||||
|
|
||||||
|
*Did you write or talk about Garage? [Open a pull request](https://git.deuxfleurs.fr/Deuxfleurs/garage/) to add a link here!*
|
||||||
|
|
||||||
|
|
BIN
doc/book/design/benchmarks/endpoint-latency-dc.png
Normal file
After Width: | Height: | Size: 129 KiB |
BIN
doc/book/design/benchmarks/endpoint-latency.png
Normal file
After Width: | Height: | Size: 124 KiB |
84
doc/book/design/benchmarks/index.md
Normal file
|
@ -0,0 +1,84 @@
|
||||||
|
+++
|
||||||
|
title = "Benchmarks"
|
||||||
|
weight = 10
|
||||||
|
+++
|
||||||
|
|
||||||
|
With Garage, we wanted to build a software defined storage service that follow the [KISS principle](https://en.wikipedia.org/wiki/KISS_principle),
|
||||||
|
that is suitable for geo-distributed deployments and more generally that would work well for community hosting (like a Mastodon instance).
|
||||||
|
|
||||||
|
In our benchmarks, we aim to quantify how Garage performs on these goals compared to the other available solutions.
|
||||||
|
|
||||||
|
## Geo-distribution
|
||||||
|
|
||||||
|
The main challenge in a geo-distributed setup is latency between nodes of the cluster.
|
||||||
|
The more a user request will require intra-cluster requests to complete, the more its latency will increase.
|
||||||
|
This is especially true for sequential requests: requests that must wait the result of another request to be sent.
|
||||||
|
We designed Garage without consensus algorithms (eg. Paxos or Raft) to minimize the number of sequential and parallel requests.
|
||||||
|
|
||||||
|
This serie of benchmarks quantifies the impact of this design choice.
|
||||||
|
|
||||||
|
### On a simple simulated network
|
||||||
|
|
||||||
|
We start with a controlled environment, all the instances are running on the same (powerful enough) machine.
|
||||||
|
|
||||||
|
To control the network latency, we simulate the network with [mknet](https://git.deuxfleurs.fr/trinity-1686a/mknet) (a tool we developped, based on `tc` and the linux network stack).
|
||||||
|
To mesure S3 endpoints latency, we use our own tool [s3lat](https://git.deuxfleurs.fr/quentin/s3lat/) to observe only the intra-cluster latency and not some contention on the nodes (CPU, RAM, disk I/O, network bandwidth, etc.).
|
||||||
|
Compared to other benchmark tools, S3Lat sends only one (small) request at the same time and measures its latency.
|
||||||
|
We selected 5 standard endpoints that are often in the critical path: ListBuckets, ListObjects, GetObject, PutObject and RemoveObject.
|
||||||
|
|
||||||
|
In this first benchmark, we consider 5 instances that are located in a different place each. To simulate the distance, we configure mknet with a RTT between each node of 100 ms +/- 20 ms of jitter. We get the following graph, where the colored bars represent the mean latency while the error bars the minimum and maximum one:
|
||||||
|
|
||||||
|
![Comparison of endpoints latency for minio and garage](./endpoint-latency.png)
|
||||||
|
|
||||||
|
Compared to garage, minio latency drastically increases on 3 endpoints: GetObject, PutObject, RemoveObject.
|
||||||
|
|
||||||
|
We suppose that these requests on minio make transactions over Raft, involving 4 sequential requests: 1) sending the message to the leader, 2) having the leader dispatch it to the other nodes, 3) waiting for the confirmation of followers and finally 4) commiting it. With our current configuration, one Raft transaction will take around 400 ms. GetObject seems to correlate to 1 transaction while PutObject and RemoveObject seems to correlate to 2 or 3. Reviewing minio code would be required to confirm this hypothesis.
|
||||||
|
|
||||||
|
Conversely, garage uses an architecture similar to DynamoDB and never require global cluster coordination to answer a request.
|
||||||
|
Instead, garage can always contact the right node in charge of the requested data, and can answer in as low as one request in the case of GetObject and PutObject. We also observed that Garage latency, while often lower to minio, is more dispersed: garage is still in beta and has not received any performance optimization yet.
|
||||||
|
|
||||||
|
As a conclusion, Garage performs well in such setup while minio will be hard to use, especially for interactive use cases.
|
||||||
|
|
||||||
|
### On a complex simulated network
|
||||||
|
|
||||||
|
This time we consider a more heterogeneous network with 6 servers spread in 3 datacenter, giving us 2 servers per datacenters.
|
||||||
|
We consider that intra-DC communications are now very cheap with a latency of 0.5ms and without any jitter.
|
||||||
|
The inter-DC remains costly with the same value as before (100ms +/- 20ms of jitter).
|
||||||
|
We plot a similar graph as before:
|
||||||
|
|
||||||
|
![Comparison of endpoints latency for minio and garage with 6 nodes in 3 DC](./endpoint-latency-dc.png)
|
||||||
|
|
||||||
|
This new graph is very similar to the one before, neither minio or garage seems to benefit from this new topology, but they also do not suffer from it.
|
||||||
|
|
||||||
|
Considering garage, this is expected: nodes in the same DC are put in the same zone, and then data are spread on different zones for data resiliency and availaibility.
|
||||||
|
Then, in the default mode, requesting data requires to query at least 2 zones to be sure that we have the most up to date information.
|
||||||
|
These requests will involve at least one inter-DC communication.
|
||||||
|
In other words, we prioritize data availability and synchronization over raw performances.
|
||||||
|
|
||||||
|
Minio's case is a bit different as by default a minio cluster is not location aware, so we can't explain its performances through location awareness.
|
||||||
|
*We know that minio has a multi site mode but it is definitely not a first class citizen: data are asynchronously replicated from one minio cluster to another.*
|
||||||
|
We suppose that, due to the consensus, for many of its requests minio will wait for a response of the majority of the server, also involving inter-DC communications.
|
||||||
|
|
||||||
|
As a conclusion, our new topology did not influence garage or minio performances, confirming that in presence of latency, garage is the best fit.
|
||||||
|
|
||||||
|
### On a real world deployment
|
||||||
|
|
||||||
|
*TODO*
|
||||||
|
|
||||||
|
|
||||||
|
## Performance stability
|
||||||
|
|
||||||
|
A storage cluster will encounter different scenario over its life, many of them will not be predictable.
|
||||||
|
In this context, we argue that, more than peak performances, we should seek predictable and stable performances to ensure data availability.
|
||||||
|
|
||||||
|
### Reference
|
||||||
|
|
||||||
|
*TODO*
|
||||||
|
|
||||||
|
### On a degraded cluster
|
||||||
|
|
||||||
|
*TODO*
|
||||||
|
|
||||||
|
### At scale
|
||||||
|
|
||||||
|
*TODO*
|
56
doc/book/design/goals.md
Normal file
|
@ -0,0 +1,56 @@
|
||||||
|
+++
|
||||||
|
title = "Goals and use cases"
|
||||||
|
weight = 5
|
||||||
|
+++
|
||||||
|
|
||||||
|
## Goals and non-goals
|
||||||
|
|
||||||
|
Garage is a lightweight geo-distributed data store that implements the
|
||||||
|
[Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/API/Welcome.html)
|
||||||
|
object storage protocole. It enables applications to store large blobs such
|
||||||
|
as pictures, video, images, documents, etc., in a redundant multi-node
|
||||||
|
setting. S3 is versatile enough to also be used to publish a static
|
||||||
|
website.
|
||||||
|
|
||||||
|
Garage is an opinionated object storage solutoin, we focus on the following **desirable properties**:
|
||||||
|
|
||||||
|
- **Self-contained & lightweight**: works everywhere and integrates well in existing environments to target [hyperconverged infrastructures](https://en.wikipedia.org/wiki/Hyper-converged_infrastructure).
|
||||||
|
- **Highly resilient**: highly resilient to network failures, network latency, disk failures, sysadmin failures.
|
||||||
|
- **Simple**: simple to understand, simple to operate, simple to debug.
|
||||||
|
- **Internet enabled**: made for multi-sites (eg. datacenters, offices, households, etc.) interconnected through regular Internet connections.
|
||||||
|
|
||||||
|
We also noted that the pursuit of some other goals are detrimental to our initial goals.
|
||||||
|
The following has been identified as **non-goals** (if these points matter to you, you should not use Garage):
|
||||||
|
|
||||||
|
- **Extreme performances**: high performances constrain a lot the design and the infrastructure; we seek performances through minimalism only.
|
||||||
|
- **Feature extensiveness**: we do not plan to add additional features compared to the ones provided by the S3 API.
|
||||||
|
- **Storage optimizations**: erasure coding or any other coding technique both increase the difficulty of placing data and synchronizing; we limit ourselves to duplication.
|
||||||
|
- **POSIX/Filesystem compatibility**: we do not aim at being POSIX compatible or to emulate any kind of filesystem. Indeed, in a distributed environment, such synchronizations are translated in network messages that impose severe constraints on the deployment.
|
||||||
|
|
||||||
|
## Use-cases
|
||||||
|
|
||||||
|
*Are you also using Garage in your organization? [Open a PR](https://git.deuxfleurs.fr/Deuxfleurs/garage) to add your use case here!*
|
||||||
|
|
||||||
|
### Deuxfleurs
|
||||||
|
|
||||||
|
[Deuxfleurs](https://deuxfleurs.fr) is an experimental non-profit hosting
|
||||||
|
organization that develops Garage. Deuxfleurs is focused on building highly
|
||||||
|
available infrastructure through redundancy in multiple geographical
|
||||||
|
locations. They use Garage themselves for the following tasks:
|
||||||
|
|
||||||
|
- Hosting of [main website](https://deuxfleurs.fr), [this website](https://garagehq.deuxfleurs.fr), as well as the personal website of many of the members of the organization
|
||||||
|
|
||||||
|
- As a [Matrix media backend](https://github.com/matrix-org/synapse-s3-storage-provider)
|
||||||
|
|
||||||
|
- To store personal data and shared documents through [Bagage](https://git.deuxfleurs.fr/Deuxfleurs/bagage), a homegrown WebDav-to-S3 proxy
|
||||||
|
|
||||||
|
- In the Drone continuous integration platform to store task logs
|
||||||
|
|
||||||
|
- As a Nix binary cache
|
||||||
|
|
||||||
|
- As a backup target using `rclone`
|
||||||
|
|
||||||
|
The Deuxfleurs Garage cluster is a multi-site cluster currently composed of
|
||||||
|
4 nodes in 2 physical locations. In the future it will be expanded to at
|
||||||
|
least 3 physical locations to fully exploit Garage's potential for high
|
||||||
|
availability.
|
101
doc/book/design/internals.md
Normal file
|
@ -0,0 +1,101 @@
|
||||||
|
+++
|
||||||
|
title = "Internals"
|
||||||
|
weight = 20
|
||||||
|
+++
|
||||||
|
|
||||||
|
## Overview
|
||||||
|
|
||||||
|
TODO: write this section
|
||||||
|
|
||||||
|
- The Dynamo ring (see [this paper](https://dl.acm.org/doi/abs/10.1145/1323293.1294281) and [that paper](https://www.usenix.org/conference/nsdi16/technical-sessions/presentation/eisenbud))
|
||||||
|
|
||||||
|
- CRDTs (see [this paper](https://link.springer.com/chapter/10.1007/978-3-642-24550-3_29))
|
||||||
|
|
||||||
|
- Consistency model of Garage tables
|
||||||
|
|
||||||
|
In the meantime, you can find some information at the following links:
|
||||||
|
|
||||||
|
- [this presentation (in French)](https://git.deuxfleurs.fr/Deuxfleurs/garage/src/branch/main/doc/talks/2020-12-02_wide-team/talk.pdf)
|
||||||
|
|
||||||
|
- [an old design draft](@/documentation/working-documents/design-draft.md)
|
||||||
|
|
||||||
|
|
||||||
|
## Garbage collection
|
||||||
|
|
||||||
|
A faulty garbage collection procedure has been the cause of
|
||||||
|
[critical bug #39](https://git.deuxfleurs.fr/Deuxfleurs/garage/issues/39).
|
||||||
|
This precise bug was fixed in the code, however there are potentially more
|
||||||
|
general issues with the garbage collector being too eager and deleting things
|
||||||
|
too early. This has been the subject of
|
||||||
|
[PR #135](https://git.deuxfleurs.fr/Deuxfleurs/garage/pulls/135).
|
||||||
|
This section summarizes the discussions on this topic.
|
||||||
|
|
||||||
|
Rationale: we want to ensure Garage's safety by making sure things don't get
|
||||||
|
deleted from disk if they are still needed. Two aspects are involved in this.
|
||||||
|
|
||||||
|
### 1. Garbage collection of table entries (in `meta/` directory)
|
||||||
|
|
||||||
|
The `Entry` trait used for table entries (defined in `tables/schema.rs`)
|
||||||
|
defines a function `is_tombstone()` that returns `true` if that entry
|
||||||
|
represents an entry that is deleted in the table. CRDT semantics by default
|
||||||
|
keep all tombstones, because they are necessary for reconciliation: if node A
|
||||||
|
has a tombstone that supersedes a value `x`, and node B has value `x`, A has to
|
||||||
|
keep the tombstone in memory so that the value `x` can be properly deleted at
|
||||||
|
node `B`. Otherwise, due to the CRDT reconciliation rule, the value `x` from B
|
||||||
|
would flow back to A and a deleted item would reappear in the system.
|
||||||
|
|
||||||
|
Here, we have some control on the nodes involved in storing Garage data.
|
||||||
|
Therefore we have a garbage collector that is able to delete tombstones UNDER
|
||||||
|
CERTAIN CONDITIONS. This garbage collector is implemented in `table/gc.rs`. To
|
||||||
|
delete a tombstone, the following condition has to be met:
|
||||||
|
|
||||||
|
- All nodes responsible for storing this entry are aware of the existence of
|
||||||
|
the tombstone, i.e. they cannot hold another version of the entry that is
|
||||||
|
superseeded by the tombstone. This ensures that deleting the tombstone is
|
||||||
|
safe and that no deleted value will come back in the system.
|
||||||
|
|
||||||
|
Garage makes use of Sled's atomic operations (such as compare-and-swap and
|
||||||
|
transactions) to ensure that only tombstones that have been correctly
|
||||||
|
propagated to other nodes are ever deleted from the local entry tree.
|
||||||
|
|
||||||
|
This GC is safe in the following sense: no non-tombstone data is ever deleted
|
||||||
|
from Garage tables.
|
||||||
|
|
||||||
|
**However**, there is an issue with the way this interacts with data
|
||||||
|
rebalancing in the case when a partition is moving between nodes. If a node has
|
||||||
|
some data of a partition for which it is not responsible, it has to offload it.
|
||||||
|
However that offload process takes some time. In that interval, the GC does not
|
||||||
|
check with that node if it has the tombstone before deleting the tombstone, so
|
||||||
|
perhaps it doesn't have it and when the offload finally happens, old data comes
|
||||||
|
back in the system.
|
||||||
|
|
||||||
|
**PR 135 mostly fixes this** by implementing a 24-hour delay before anything is
|
||||||
|
garbage collected in a table. This works under the assumption that rebalances
|
||||||
|
that follow data shuffling terminate in less than 24 hours.
|
||||||
|
|
||||||
|
**However**, in distributed systems, it is generally considered a bad practice
|
||||||
|
to make assumptions that information propagates in a certain time interval:
|
||||||
|
this consists in making a synchrony assumption, meaning that we are basically
|
||||||
|
assuming a computing model that has much stronger properties than otherwise. To
|
||||||
|
maximize the applicability of Garage, we would like to remove this assumption,
|
||||||
|
and implement a system where time does not play a role. To do this, we would
|
||||||
|
need to find a way to safely disable the GC when data is being shuffled around,
|
||||||
|
and safely detect that the shuffling has terminated and thus the GC can be
|
||||||
|
resumed. This introduces some complexity to the protocol and hasn't been
|
||||||
|
tackled yet.
|
||||||
|
|
||||||
|
### 2. Garbage collection of data blocks (in `data/` directory)
|
||||||
|
|
||||||
|
Blocks in the data directory are reference-counted. In Garage versions before
|
||||||
|
PR #135, blocks could get deleted from local disk as soon as their reference
|
||||||
|
counter reached zero. We had a mechanism to not trigger this immediately at the
|
||||||
|
rc-reaches-zero event, but the cleanup could be triggered by other means (for
|
||||||
|
example by a block repair operation...). PR #135 added a safety measure so that
|
||||||
|
blocks never get deleted in a 10 minute interval following the time when the RC
|
||||||
|
reaches zero. This is a measure to make impossible race conditions such as #39.
|
||||||
|
We would have liked to use a larger delay (e.g. 24 hours), but in the case of a
|
||||||
|
rebalance of data, this would have led to the disk utilization to explode
|
||||||
|
during the rebalancing, only to shrink again after 24 hours. The 10-minute
|
||||||
|
delay is a compromise that gives good security while not having this problem of
|
||||||
|
disk space explosion on rebalance.
|
||||||
|
|
|
@ -1,3 +1,8 @@
|
||||||
|
+++
|
||||||
|
title = "Related work"
|
||||||
|
weight = 15
|
||||||
|
+++
|
||||||
|
|
||||||
## Context
|
## Context
|
||||||
|
|
||||||
Data storage is critical: it can lead to data loss if done badly and/or on hardware failure.
|
Data storage is critical: it can lead to data loss if done badly and/or on hardware failure.
|
||||||
|
@ -8,7 +13,7 @@ But here we consider non specialized off the shelf machines that can be as low p
|
||||||
Distributed storage may help to solve both availability and scalability problems on these machines.
|
Distributed storage may help to solve both availability and scalability problems on these machines.
|
||||||
Many solutions were proposed, they can be categorized as block storage, file storage and object storage depending on the abstraction they provide.
|
Many solutions were proposed, they can be categorized as block storage, file storage and object storage depending on the abstraction they provide.
|
||||||
|
|
||||||
## Related work
|
## Overview
|
||||||
|
|
||||||
Block storage is the most low level one, it's like exposing your raw hard drive over the network.
|
Block storage is the most low level one, it's like exposing your raw hard drive over the network.
|
||||||
It requires very low latencies and stable network, that are often dedicated.
|
It requires very low latencies and stable network, that are often dedicated.
|
||||||
|
@ -19,7 +24,7 @@ Openstack Cinder proxy previous solution to provide an uniform API.
|
||||||
File storage provides a higher abstraction, they are one filesystem among others, which means they don't necessarily have all the exotic features of every filesystem.
|
File storage provides a higher abstraction, they are one filesystem among others, which means they don't necessarily have all the exotic features of every filesystem.
|
||||||
Often, they relax some POSIX constraints while many applications will still be compatible without any modification.
|
Often, they relax some POSIX constraints while many applications will still be compatible without any modification.
|
||||||
As an example, we are able to run MariaDB (very slowly) over GlusterFS...
|
As an example, we are able to run MariaDB (very slowly) over GlusterFS...
|
||||||
We can also mention CephFS (read [RADOS](https://ceph.com/wp-content/uploads/2016/08/weil-rados-pdsw07.pdf) whitepaper), Lustre, LizardFS, MooseFS, etc.
|
We can also mention CephFS (read [RADOS](https://doi.org/10.1145/1374596.1374606) whitepaper [[pdf](https://ceph.com/assets/pdfs/weil-rados-pdsw07.pdf)]), Lustre, LizardFS, MooseFS, etc.
|
||||||
OpenStack Manila proxy previous solutions to provide an uniform API.
|
OpenStack Manila proxy previous solutions to provide an uniform API.
|
||||||
|
|
||||||
Finally object storages provide the highest level abstraction.
|
Finally object storages provide the highest level abstraction.
|
||||||
|
@ -36,3 +41,40 @@ However Pithos is not maintained anymore. More precisely the company that publis
|
||||||
Some tests conducted by the [ACIDES project](https://acides.org/) have shown that Openstack Swift consumes way more resources (CPU+RAM) that we can afford. Furthermore, people developing Swift have not designed their software for geo-distribution.
|
Some tests conducted by the [ACIDES project](https://acides.org/) have shown that Openstack Swift consumes way more resources (CPU+RAM) that we can afford. Furthermore, people developing Swift have not designed their software for geo-distribution.
|
||||||
|
|
||||||
There were many attempts in research too. I am only thinking to [LBFS](https://pdos.csail.mit.edu/papers/lbfs:sosp01/lbfs.pdf) that was used as a basis for Seafile. But none of them have been effectively implemented yet.
|
There were many attempts in research too. I am only thinking to [LBFS](https://pdos.csail.mit.edu/papers/lbfs:sosp01/lbfs.pdf) that was used as a basis for Seafile. But none of them have been effectively implemented yet.
|
||||||
|
|
||||||
|
## Existing software
|
||||||
|
|
||||||
|
**[MinIO](https://min.io/):** MinIO shares our *Self-contained & lightweight* goal but selected two of our non-goals: *Storage optimizations* through erasure coding and *POSIX/Filesystem compatibility* through strong consistency.
|
||||||
|
However, by pursuing these two non-goals, MinIO do not reach our desirable properties.
|
||||||
|
Firstly, it fails on the *Simple* property: due to the erasure coding, MinIO has severe limitations on how drives can be added or deleted from a cluster.
|
||||||
|
Secondly, it fails on the *Internet enabled* property: due to its strong consistency, MinIO is latency sensitive.
|
||||||
|
Furthermore, MinIO has no knowledge of "sites" and thus can not distribute data to minimize the failure of a given site.
|
||||||
|
|
||||||
|
**[Openstack Swift](https://docs.openstack.org/swift/latest/):**
|
||||||
|
OpenStack Swift at least fails on the *Self-contained & lightweight* goal.
|
||||||
|
Starting it requires around 8GB of RAM, which is too much especially in an hyperconverged infrastructure.
|
||||||
|
We also do not classify Swift as *Simple*.
|
||||||
|
|
||||||
|
**[Ceph](https://ceph.io/ceph-storage/object-storage/):**
|
||||||
|
This review holds for the whole Ceph stack, including the RADOS paper, Ceph Object Storage module, the RADOS Gateway, etc.
|
||||||
|
At its core, Ceph has been designed to provide *POSIX/Filesystem compatibility* which requires strong consistency, which in turn
|
||||||
|
makes Ceph latency-sensitive and fails our *Internet enabled* goal.
|
||||||
|
Due to its industry oriented design, Ceph is also far from being *Simple* to operate and from being *Self-contained & lightweight* which makes it hard to integrate it in an hyperconverged infrastructure.
|
||||||
|
In a certain way, Ceph and MinIO are closer together than they are from Garage or OpenStack Swift.
|
||||||
|
|
||||||
|
**[Pithos](https://github.com/exoscale/pithos):**
|
||||||
|
Pithos has been abandonned and should probably not used yet, in the following we explain why we did not pick their design.
|
||||||
|
Pithos was relying as a S3 proxy in front of Cassandra (and was working with Scylla DB too).
|
||||||
|
From its designers' mouth, storing data in Cassandra has shown its limitations justifying the project abandonment.
|
||||||
|
They built a closed-source version 2 that does not store blobs in the database (only metadata) but did not communicate further on it.
|
||||||
|
We considered there v2's design but concluded that it does not fit both our *Self-contained & lightweight* and *Simple* properties. It makes the development, the deployment and the operations more complicated while reducing the flexibility.
|
||||||
|
|
||||||
|
**[Riak CS](https://docs.riak.com/riak/cs/2.1.1/index.html):**
|
||||||
|
*Not written yet*
|
||||||
|
|
||||||
|
**[IPFS](https://ipfs.io/):**
|
||||||
|
*Not written yet*
|
||||||
|
|
||||||
|
## Specific research papers
|
||||||
|
|
||||||
|
*Not yet written*
|
19
doc/book/development/_index.md
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
+++
|
||||||
|
title = "Development"
|
||||||
|
weight = 6
|
||||||
|
sort_by = "weight"
|
||||||
|
template = "documentation.html"
|
||||||
|
+++
|
||||||
|
|
||||||
|
Now that you are a Garage expert, you want to enhance it, you are in the right place!
|
||||||
|
We discuss here how to hack on Garage, how we manage its development, etc.
|
||||||
|
|
||||||
|
## Rust API (docs.rs)
|
||||||
|
If you encounter a specific bug in Garage or plan to patch it, you may jump directly to the source code's documentation!
|
||||||
|
|
||||||
|
- [garage\_api](https://docs.rs/garage_api/latest/garage_api/) - contains the S3 standard API endpoint
|
||||||
|
- [garage\_model](https://docs.rs/garage_model/latest/garage_model/) - contains Garage's model built on the table abstraction
|
||||||
|
- [garage\_rpc](https://docs.rs/garage_rpc/latest/garage_rpc/) - contains Garage's federation protocol
|
||||||
|
- [garage\_table](https://docs.rs/garage_table/latest/garage_table/) - contains core Garage's CRDT datatypes
|
||||||
|
- [garage\_util](https://docs.rs/garage_util/latest/garage_util/) - contains garage helpers
|
||||||
|
- [garage\_web](https://docs.rs/garage_web/latest/garage_web/) - contains the S3 website endpoint
|
148
doc/book/development/devenv.md
Normal file
|
@ -0,0 +1,148 @@
|
||||||
|
+++
|
||||||
|
title = "Setup your environment"
|
||||||
|
weight = 5
|
||||||
|
+++
|
||||||
|
|
||||||
|
Depending on your tastes, you can bootstrap your development environment in a traditional Rust way or through Nix.
|
||||||
|
|
||||||
|
## The Nix way
|
||||||
|
|
||||||
|
Nix is a generic package manager we use to precisely define our development environment.
|
||||||
|
Instructions on how to install it are given on their [Download page](https://nixos.org/download.html).
|
||||||
|
|
||||||
|
Check that your installation is working by running the following commands:
|
||||||
|
|
||||||
|
```
|
||||||
|
nix-shell --version
|
||||||
|
nix-build --version
|
||||||
|
nix-env --version
|
||||||
|
```
|
||||||
|
|
||||||
|
Now, you can clone our git repository (run `nix-env -iA git` if you do not have git yet):
|
||||||
|
|
||||||
|
```bash
|
||||||
|
git clone https://git.deuxfleurs.fr/Deuxfleurs/garage
|
||||||
|
cd garage
|
||||||
|
```
|
||||||
|
|
||||||
|
*Optionnaly, you can use our nix.conf file to speed up compilations:*
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo mkdir -p /etc/nix
|
||||||
|
sudo cp nix/nix.conf /etc/nix/nix.conf
|
||||||
|
sudo killall nix-daemon
|
||||||
|
```
|
||||||
|
|
||||||
|
Now you can enter our nix-shell, all the required packages will be downloaded but they will not pollute your environment outside of the shell:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
nix-shell
|
||||||
|
```
|
||||||
|
|
||||||
|
You can use the traditionnal Rust development workflow:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
cargo build # compile the project
|
||||||
|
cargo run # execute the project
|
||||||
|
cargo test # run the tests
|
||||||
|
cargo fmt # format the project, run it before any commit!
|
||||||
|
cargo clippy # run the linter, run it before any commit!
|
||||||
|
```
|
||||||
|
|
||||||
|
You can build the project with Nix by running:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
nix-build
|
||||||
|
```
|
||||||
|
|
||||||
|
You can parallelize the build (if you use our nix.conf file, it is already automatically done).
|
||||||
|
To use all your cores when building a derivation use `-j`, and to build multiple derivations at once use `--max-jobs`.
|
||||||
|
The special value `auto` will be replaced by the number of cores of your computer.
|
||||||
|
An example:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
nix-build -j $(nproc) --max-jobs auto
|
||||||
|
```
|
||||||
|
|
||||||
|
Our build has multiple parameters you might want to set:
|
||||||
|
- `release` build with release optimisations instead of debug
|
||||||
|
- `target allows` for cross compilation
|
||||||
|
- `compileMode` can be set to test or bench to build a unit test runner
|
||||||
|
- `git_version` to inject the hash to display when running `garage stats`
|
||||||
|
|
||||||
|
An example:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
nix-build \
|
||||||
|
--arg release true \
|
||||||
|
--argstr target x86_64-unknown-linux-musl \
|
||||||
|
--argstr compileMode build \
|
||||||
|
--git_version $(git rev-parse HEAD)
|
||||||
|
```
|
||||||
|
|
||||||
|
*The result is located in `result/bin`. You can pass arguments to cross compile: check `.drone.yml` for examples.*
|
||||||
|
|
||||||
|
If you modify a `Cargo.toml` or regenerate any `Cargo.lock`, you must run `cargo2nix`:
|
||||||
|
|
||||||
|
```
|
||||||
|
cargo2nix -f
|
||||||
|
```
|
||||||
|
|
||||||
|
Many tools like rclone, `mc` (minio-client), or `aws` (awscliv2) will be available in your environment and will be useful to test Garage.
|
||||||
|
|
||||||
|
**This is the recommended method.**
|
||||||
|
|
||||||
|
## The Rust way
|
||||||
|
|
||||||
|
You need a Rust distribution installed on your computer.
|
||||||
|
The most simple way is to install it from [rustup](https://rustup.rs).
|
||||||
|
Please avoid using your package manager to install Rust as some tools might be outdated or missing.
|
||||||
|
|
||||||
|
Now, check your Rust distribution works by running the following commands:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
rustc --version
|
||||||
|
cargo --version
|
||||||
|
rustfmt --version
|
||||||
|
clippy-driver --version
|
||||||
|
```
|
||||||
|
|
||||||
|
Now, you need to clone our git repository ([how to install git](https://git-scm.com/downloads)):
|
||||||
|
|
||||||
|
```bash
|
||||||
|
git clone https://git.deuxfleurs.fr/Deuxfleurs/garage
|
||||||
|
cd garage
|
||||||
|
```
|
||||||
|
|
||||||
|
You can now use the following commands:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
cargo build # compile the project
|
||||||
|
cargo run # execute the project
|
||||||
|
cargo test # run the tests
|
||||||
|
cargo fmt # format the project, run it before any commit!
|
||||||
|
cargo clippy # run the linter, run it before any commit!
|
||||||
|
```
|
||||||
|
|
||||||
|
This is specific to our project, but you will need one last tool, `cargo2nix`.
|
||||||
|
To install it, run:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
cargo install --git https://github.com/superboum/cargo2nix --branch main cargo2nix
|
||||||
|
```
|
||||||
|
|
||||||
|
You must use it every time you modify a `Cargo.toml` or regenerate a `Cargo.lock` file as follow:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
cargo build # Rebuild Cargo.lock if needed
|
||||||
|
cargo2nix -f
|
||||||
|
```
|
||||||
|
|
||||||
|
It will output a `Cargo.nix` file which is a specific `Cargo.lock` file dedicated to Nix that is required by our CI
|
||||||
|
which means you must include it in your commits.
|
||||||
|
|
||||||
|
Later, to use our scripts and integration tests, you might need additional tools.
|
||||||
|
These tools are listed at the end of the `shell.nix` package in the `nativeBuildInputs` part.
|
||||||
|
It is up to you to find a way to install the ones you need on your computer.
|
||||||
|
|
||||||
|
**A global drawback of this method is that it is up to you to adapt your environment to the one defined in the Nix files.**
|
101
doc/book/development/miscellaneous-notes.md
Normal file
|
@ -0,0 +1,101 @@
|
||||||
|
+++
|
||||||
|
title = "Miscellaneous notes"
|
||||||
|
weight = 20
|
||||||
|
+++
|
||||||
|
|
||||||
|
## Quirks about cargo2nix/rust in Nix
|
||||||
|
|
||||||
|
If you use submodules in your crate (like `crdt` and `replication` in `garage_table`), you must list them in `default.nix`
|
||||||
|
|
||||||
|
The Windows target does not work. it might be solvable through [overrides](https://github.com/cargo2nix/cargo2nix/blob/master/overlay/overrides.nix). Indeed, we pass `x86_64-pc-windows-gnu` but mingw need `x86_64-w64-mingw32`
|
||||||
|
|
||||||
|
We have a simple [PR on cargo2nix](https://github.com/cargo2nix/cargo2nix/pull/201) that fixes critical bugs but the project does not seem very active currently. We must use [my patched version of cargo2nix](https://github.com/superboum/cargo2nix) to enable i686 and armv6l compilation. We might need to contribute to cargo2nix in the future.
|
||||||
|
|
||||||
|
|
||||||
|
## Nix
|
||||||
|
|
||||||
|
Nix has no armv7 + musl toolchains but armv7l is backward compatible with armv6l.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
cat > $HOME/.awsrc <<EOF
|
||||||
|
export AWS_ACCESS_KEY_ID="xxx"
|
||||||
|
export AWS_SECRET_ACCESS_KEY="xxx"
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# source each time you want to send on the cache
|
||||||
|
source ~/.awsrc
|
||||||
|
|
||||||
|
# copy garage build dependencies (and not only the output)
|
||||||
|
nix-build
|
||||||
|
nix-store -qR --include-outputs $(nix-instantiate default.nix)
|
||||||
|
| xargs nix copy --to 's3://nix?endpoint=garage.deuxfleurs.fr®ion=garage'
|
||||||
|
|
||||||
|
# copy shell dependencies
|
||||||
|
nix-build shell.nix -A inputDerivation
|
||||||
|
nix copy $(nix-store -qR result/) --to 's3://nix?endpoint=garage.deuxfleurs.fr®ion=garage'
|
||||||
|
```
|
||||||
|
|
||||||
|
More example of nix-copy
|
||||||
|
|
||||||
|
```
|
||||||
|
# nix-build produces a result/ symlink
|
||||||
|
nix copy result/ --to 's3://nix?endpoint=garage.deuxfleurs.fr®ion=garage'
|
||||||
|
|
||||||
|
# alternative ways to use nix copy
|
||||||
|
nix copy nixpkgs.garage --to ...
|
||||||
|
nix copy /nix/store/3rbb9qsc2w6xl5xccz5ncfhy33nzv3dp-crate-garage-0.3.0 --to ...
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
Clear the cache:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
mc rm --recursive --force garage/nix/
|
||||||
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
A desirable `nix.conf` for a consumer:
|
||||||
|
|
||||||
|
```toml
|
||||||
|
substituters = https://cache.nixos.org https://nix.web.deuxfleurs.fr
|
||||||
|
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix.web.deuxfleurs.fr:eTGL6kvaQn6cDR/F9lDYUIP9nCVR/kkshYfLDJf1yKs=
|
||||||
|
```
|
||||||
|
|
||||||
|
And now, whenever you run a command like:
|
||||||
|
|
||||||
|
```
|
||||||
|
nix-shell
|
||||||
|
nix-build
|
||||||
|
```
|
||||||
|
|
||||||
|
Our cache will be checked.
|
||||||
|
|
||||||
|
### Some references about Nix
|
||||||
|
|
||||||
|
|
||||||
|
- https://doc.rust-lang.org/nightly/rustc/platform-support.html
|
||||||
|
- https://nix.dev/tutorials/cross-compilation
|
||||||
|
- https://nixos.org/manual/nix/unstable/package-management/s3-substituter.html
|
||||||
|
- https://fzakaria.com/2020/09/28/nix-copy-closure-your-nix-shell.html
|
||||||
|
- http://www.lpenz.org/articles/nixchannel/index.html
|
||||||
|
|
||||||
|
|
||||||
|
## Drone
|
||||||
|
|
||||||
|
Do not try to set a build as trusted from the interface or the CLI tool,
|
||||||
|
your request would be ignored. Instead, directly edit the database (table `repos`, column `repo_trusted`).
|
||||||
|
|
||||||
|
Drone can do parallelism both at the step and the pipeline level. At the step level, parallelism is restricted to the same runner.
|
||||||
|
|
||||||
|
## Building Docker containers
|
||||||
|
|
||||||
|
We were:
|
||||||
|
- Unable to use the official Docker plugin because
|
||||||
|
- it requires to mount docker socket in the container but it is not recommended
|
||||||
|
- you cant set the platform when building
|
||||||
|
- Unable to use buildah because it needs `CLONE_USERNS` capability
|
||||||
|
- Unable to use the kaniko plugin for Drone as we can't set the target platform
|
||||||
|
- Unable to use the kaniko container provided by Google as we can't run arbitrary logic: we need to put our secret in .docker/config.json.
|
||||||
|
|
||||||
|
Finally we chose to build kaniko through nix and use it in a `nix-shell`.
|
199
doc/book/development/release-process.md
Normal file
|
@ -0,0 +1,199 @@
|
||||||
|
+++
|
||||||
|
title = "Release process"
|
||||||
|
weight = 15
|
||||||
|
+++
|
||||||
|
|
||||||
|
Before releasing a new version of Garage, our code pass through a succession of checks and transformations.
|
||||||
|
We define them as our release process.
|
||||||
|
|
||||||
|
## Trigger and classify a release
|
||||||
|
|
||||||
|
While we run some tests on every commits, we do not make a release for all of them.
|
||||||
|
|
||||||
|
A release can be triggered manually by "promoting" a successful build.
|
||||||
|
Otherwise, every weeks, a release build is triggered on the `main` branch.
|
||||||
|
|
||||||
|
If the build is from a tag following the regex: `v[0-9]+\.[0-9]+\.[0-9]+`, it will be listed as stable.
|
||||||
|
If it is a tag but with a different format, it will be listed as Extra.
|
||||||
|
Otherwise, if it is a commit, it will be listed as development.
|
||||||
|
This logic is defined in `nix/build_index.nix`.
|
||||||
|
|
||||||
|
## Testing
|
||||||
|
|
||||||
|
For each commit, we first pass the code to a formatter (rustfmt) and a linter (clippy).
|
||||||
|
Then we try to build it in debug mode and run both unit tests and our integration tests.
|
||||||
|
|
||||||
|
Additionnaly, when releasing, our integration tests are run on the release build for amd64 and i686.
|
||||||
|
|
||||||
|
## Generated Artifacts
|
||||||
|
|
||||||
|
We generate the following binary artifacts for now:
|
||||||
|
- **architecture**: amd64, i686, aarch64, armv6
|
||||||
|
- **os**: linux
|
||||||
|
- **format**: static binary, docker container
|
||||||
|
|
||||||
|
Additionnaly we also build two web pages and one JSON document:
|
||||||
|
- the documentation (this website)
|
||||||
|
- [the release page](https://garagehq.deuxfleurs.fr/_releases.html)
|
||||||
|
- [the release list in JSON format](https://garagehq.deuxfleurs.fr/_releases.json)
|
||||||
|
|
||||||
|
We publish the static binaries on our own garage cluster (you can access them through the releases page)
|
||||||
|
and the docker containers on Docker Hub.
|
||||||
|
|
||||||
|
## Automation
|
||||||
|
|
||||||
|
We automated our release process with Nix and Drone to make it more reliable.
|
||||||
|
Here we describe how we have done in case you want to debug or improve it.
|
||||||
|
|
||||||
|
### Caching build steps
|
||||||
|
|
||||||
|
To speed up the CI, we use the caching feature provided by Nix.
|
||||||
|
|
||||||
|
You can benefit from it by using our provided `nix.conf` as recommended or by simply adding the following lines to your file:
|
||||||
|
|
||||||
|
```toml
|
||||||
|
substituters = https://cache.nixos.org https://nix.web.deuxfleurs.fr
|
||||||
|
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix.web.deuxfleurs.fr:eTGL6kvaQn6cDR/F9lDYUIP9nCVR/kkshYfLDJf1yKs=
|
||||||
|
```
|
||||||
|
|
||||||
|
Sending to the cache is done through `nix copy`, for example:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
nix copy --to 's3://nix?endpoint=garage.deuxfleurs.fr®ion=garage&secret-key=/etc/nix/signing-key.sec' result
|
||||||
|
```
|
||||||
|
|
||||||
|
*Note that you need the signing key. In our case, it is stored as a secret in Drone.*
|
||||||
|
|
||||||
|
The previous command will only send the built packet and not its dependencies.
|
||||||
|
To send its dependency, a tool named `nix-copy-closure` has been created but it is not compatible with the S3 protocol.
|
||||||
|
|
||||||
|
Instead, you can use the following commands to list all the runtime dependencies:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
nix copy \
|
||||||
|
--to 's3://nix?endpoint=garage.deuxfleurs.fr®ion=garage&secret-key=/etc/nix/signing-key.sec' \
|
||||||
|
$(nix-store -qR result/)
|
||||||
|
```
|
||||||
|
|
||||||
|
*We could also write this expression with xargs but this tool is not available in our container.*
|
||||||
|
|
||||||
|
But in certain cases, we want to cache compile time dependencies also.
|
||||||
|
For example, the Nix project does not provide binaries for cross compiling to i686 and thus we need to compile gcc on our own.
|
||||||
|
We do not want to compile gcc each time, so even if it is a compile time dependency, we want to cache it.
|
||||||
|
|
||||||
|
This time, the command is a bit more involved:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
nix copy --to \
|
||||||
|
's3://nix?endpoint=garage.deuxfleurs.fr®ion=garage&secret-key=/etc/nix/signing-key.sec' \
|
||||||
|
$(nix-store -qR --include-outputs \
|
||||||
|
$(nix-instantiate))
|
||||||
|
```
|
||||||
|
|
||||||
|
This is the command we use in our CI as we expect the final binary to change, so we mainly focus on
|
||||||
|
caching our development dependencies.
|
||||||
|
|
||||||
|
*Currently there is no automatic garbage collection of the cache: we should monitor its growth.
|
||||||
|
Hopefully, we can erase it totally without breaking any build, the next build will only be slower.*
|
||||||
|
|
||||||
|
In practise, we concluded that we do not want to cache all the compilation dependencies.
|
||||||
|
Instead, we want to cache the toolchain we use to build Garage each time we change it.
|
||||||
|
So we removed from Drone any automatic update of the cache and instead handle them manually with:
|
||||||
|
|
||||||
|
```
|
||||||
|
source ~/.awsrc
|
||||||
|
nix-shell --run 'refresh_toolchain'
|
||||||
|
```
|
||||||
|
|
||||||
|
Internally, it will run `nix-build` on `nix/toolchain.nix` and send the output plus its depedencies to the cache.
|
||||||
|
|
||||||
|
To erase the cache:
|
||||||
|
|
||||||
|
```
|
||||||
|
mc rm --recursive --force 'garage/nix/'
|
||||||
|
```
|
||||||
|
|
||||||
|
### Publishing Garage
|
||||||
|
|
||||||
|
We defined our publishing logic in Nix, mostly as shell hooks.
|
||||||
|
You can inspect them in `shell.nix` to see exactly how.
|
||||||
|
Here, we will give a quick explanation on how to use them to manually publish a release.
|
||||||
|
|
||||||
|
Supposing you just have built garage as follow:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
nix-build --arg release true
|
||||||
|
```
|
||||||
|
|
||||||
|
To publish a static binary in `result/bin` on garagehq, run:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
export AWS_ACCESS_KEY_ID=xxx
|
||||||
|
export AWS_SECRET_ACCESS_KEY=xxx
|
||||||
|
export DRONE_TAG=handcrafted-1.0.0 # or DRONE_COMMIT
|
||||||
|
export TARGET=x86_64-unknown-linux-musl
|
||||||
|
|
||||||
|
nix-shell --run to_s3
|
||||||
|
```
|
||||||
|
|
||||||
|
To create and publish a docker container, run:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
export DOCKER_AUTH='{ "auths": { "https://index.docker.io/v1/": { "auth": "xxxx" }}}'
|
||||||
|
export DOCKER_PLATFORM='linux/amd64' # check GOARCH and GOOS from golang.org
|
||||||
|
export CONTAINER_NAME='me/amd64_garage'
|
||||||
|
export CONTAINER_TAG='handcrafted-1.0.0'
|
||||||
|
|
||||||
|
nix-shell --run to_docker
|
||||||
|
```
|
||||||
|
|
||||||
|
To rebuild the release page, run:
|
||||||
|
```bash
|
||||||
|
export AWS_ACCESS_KEY_ID=xxx
|
||||||
|
export AWS_SECRET_ACCESS_KEY=xxx
|
||||||
|
|
||||||
|
nix-shell --run refresh_index
|
||||||
|
```
|
||||||
|
|
||||||
|
If you want to compile for different architectures, you will need to repeat all these commands for each architecture.
|
||||||
|
|
||||||
|
**In practise, and except for debugging, you will never directly run these commands. Release is handled by drone**
|
||||||
|
|
||||||
|
### Drone
|
||||||
|
|
||||||
|
Our instance is available at [https://drone.deuxfleurs.fr](https://drone.deuxfleurs.fr).
|
||||||
|
You need an account on [https://git.deuxfleurs.fr](https://git.deuxfleurs.fr) to use it.
|
||||||
|
|
||||||
|
**Drone CLI** - Drone has a CLI tool to interact with.
|
||||||
|
It can be downloaded from its Github [release page](https://github.com/drone/drone-cli/releases).
|
||||||
|
|
||||||
|
To communicate with our instance, you must setup some environment variables.
|
||||||
|
You can get them from your [Account Settings](https://drone.deuxfleurs.fr/account).
|
||||||
|
|
||||||
|
To make drone easier to use, you could create a `~/.dronerc` that you could source each time you want to use it.
|
||||||
|
|
||||||
|
```
|
||||||
|
export DRONE_SERVER=https://drone.deuxfleurs.fr
|
||||||
|
export DRONE_TOKEN=xxx
|
||||||
|
drone info
|
||||||
|
```
|
||||||
|
|
||||||
|
The CLI tool is very self-discoverable, just append `--help` to each subcommands.
|
||||||
|
Start with:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
drone --help
|
||||||
|
```
|
||||||
|
|
||||||
|
**.drone.yml** - The builds steps are defined in `.drone.yml`.
|
||||||
|
You can not edit this file without resigning it.
|
||||||
|
|
||||||
|
To sign it, you must be a maintainer and then run:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
drone sign --save Deuxfleurs/garage
|
||||||
|
```
|
||||||
|
|
||||||
|
Looking at the file, you will see that most of the commands are `nix-shell` and `nix-build` commands with various parameters.
|
||||||
|
|
||||||
|
|
116
doc/book/development/scripts.md
Normal file
|
@ -0,0 +1,116 @@
|
||||||
|
+++
|
||||||
|
title = "Development scripts"
|
||||||
|
weight = 10
|
||||||
|
+++
|
||||||
|
|
||||||
|
We maintain a `script/` folder that contains some useful script to ease testing on Garage.
|
||||||
|
|
||||||
|
A fully integrated script, `test-smoke.sh`, runs some basic tests on various tools such as minio client, awscli and rclone.
|
||||||
|
To run it, enter a `nix-shell` (or install all required tools) and simply run:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
nix-build # or cargo build
|
||||||
|
./script/test-smoke.sh
|
||||||
|
```
|
||||||
|
|
||||||
|
If something fails, you can find useful logs in `/tmp/garage.log`.
|
||||||
|
You can inspect the generated configuration and local data created by inspecting your `/tmp` directory:
|
||||||
|
the script creates files and folder prefixed with the name "garage".
|
||||||
|
|
||||||
|
## Bootstrapping a test cluster
|
||||||
|
|
||||||
|
Under the hood `test-smoke.sh` uses multiple helpers scripts you can also run in case you want to manually test Garage.
|
||||||
|
In this section, we introduce 3 scripts to quickly bootstrap a full test cluster with 3 instances.
|
||||||
|
|
||||||
|
### 1. Start each daemon
|
||||||
|
|
||||||
|
```bash
|
||||||
|
./script/dev-cluster.sh
|
||||||
|
```
|
||||||
|
|
||||||
|
This script spawns 3 Garage instances with 3 configuration files.
|
||||||
|
You can inspect the detailed configuration, including ports, by inspecting `/tmp/config.1` (change 1 by the instance number you want).
|
||||||
|
|
||||||
|
This script also spawns a simple HTTPS reverse proxy through `socat` for the S3 endpoint that listens on port `4443`.
|
||||||
|
Some libraries might require a TLS endpoint to work, refer to our issue [#64](https://git.deuxfleurs.fr/Deuxfleurs/garage/issues/64) for more detailed information on this subject.
|
||||||
|
|
||||||
|
This script covers the [Launching the garage server](@/documentation/quick-start/_index.md#launching-the-garage-server) section of our Quick start page.
|
||||||
|
|
||||||
|
### 2. Make them join the cluster
|
||||||
|
|
||||||
|
```bash
|
||||||
|
./script/dev-configure.sh
|
||||||
|
```
|
||||||
|
|
||||||
|
This script will configure each instance by assigning them a zone (`dc1`) and a weight (`1`).
|
||||||
|
|
||||||
|
This script covers the [Creating a cluster layout](@/documentation/quick-start/_index.md#creating-a-cluster-layout) section of our Quick start page.
|
||||||
|
|
||||||
|
### 3. Create a key and a bucket
|
||||||
|
|
||||||
|
```bash
|
||||||
|
./script/dev-bucket.sh
|
||||||
|
```
|
||||||
|
|
||||||
|
This script will create a bucket named `eprouvette` with a key having read and write rights on this bucket.
|
||||||
|
The key is stored in a filed named `/tmp/garage.s3` and can be used by the following tools to pre-configure them.
|
||||||
|
|
||||||
|
This script covers the [Creating buckets and keys](@/documentation/quick-start/_index.md#creating-buckets-and-keys) section of our Quick start page.
|
||||||
|
|
||||||
|
## Handlers for generic tools
|
||||||
|
|
||||||
|
We provide wrappers for some CLI tools that configure themselves for your development cluster.
|
||||||
|
They are meant to save you some configuration time as to use them, you are only required to source the right file.
|
||||||
|
|
||||||
|
### awscli
|
||||||
|
|
||||||
|
```bash
|
||||||
|
source ./script/dev-env-aws.sh
|
||||||
|
|
||||||
|
# some examples
|
||||||
|
aws s3 ls s3://eprouvette
|
||||||
|
aws s3 cp /proc/cpuinfo s3://eprouvette/cpuinfo.txt
|
||||||
|
```
|
||||||
|
|
||||||
|
### minio-client
|
||||||
|
|
||||||
|
|
||||||
|
```bash
|
||||||
|
source ./script/dev-env-mc.sh
|
||||||
|
|
||||||
|
# some examples
|
||||||
|
mc ls garage/
|
||||||
|
mc cp /proc/cpuinfo garage/eprouvette/cpuinfo.txt
|
||||||
|
```
|
||||||
|
|
||||||
|
### rclone
|
||||||
|
|
||||||
|
```bash
|
||||||
|
source ./script/dev-env-rclone.sh
|
||||||
|
|
||||||
|
# some examples
|
||||||
|
rclone lsd garage:
|
||||||
|
rclone copy /proc/cpuinfo garage:eprouvette/cpuinfo.txt
|
||||||
|
```
|
||||||
|
|
||||||
|
### s3cmd
|
||||||
|
|
||||||
|
```bash
|
||||||
|
source ./script/dev-env-s3cmd.sh
|
||||||
|
|
||||||
|
# some examples
|
||||||
|
s3cmd ls
|
||||||
|
s3cmd put /proc/cpuinfo s3://eprouvette/cpuinfo.txt
|
||||||
|
```
|
||||||
|
|
||||||
|
### duck
|
||||||
|
|
||||||
|
*Warning! Duck is not yet provided by nix-shell.*
|
||||||
|
|
||||||
|
```bash
|
||||||
|
source ./script/dev-env-duck.sh
|
||||||
|
|
||||||
|
# some examples
|
||||||
|
duck --list garage:/
|
||||||
|
duck --upload garage:/eprouvette/ /proc/cpuinfo
|
||||||
|
```
|
286
doc/book/quick-start/_index.md
Normal file
|
@ -0,0 +1,286 @@
|
||||||
|
+++
|
||||||
|
title = "Quick Start"
|
||||||
|
weight = 0
|
||||||
|
sort_by = "weight"
|
||||||
|
template = "documentation.html"
|
||||||
|
+++
|
||||||
|
|
||||||
|
Let's start your Garage journey!
|
||||||
|
In this chapter, we explain how to deploy Garage as a single-node server
|
||||||
|
and how to interact with it.
|
||||||
|
|
||||||
|
Our goal is to introduce you to Garage's workflows.
|
||||||
|
Following this guide is recommended before moving on to
|
||||||
|
[configuring a multi-node cluster](@/documentation/cookbook/real-world.md).
|
||||||
|
|
||||||
|
Note that this kind of deployment should not be used in production,
|
||||||
|
as it provides no redundancy for your data!
|
||||||
|
|
||||||
|
## Get a binary
|
||||||
|
|
||||||
|
Download the latest Garage binary from the release pages on our repository:
|
||||||
|
|
||||||
|
<https://garagehq.deuxfleurs.fr/download/>
|
||||||
|
|
||||||
|
Place this binary somewhere in your `$PATH` so that you can invoke the `garage`
|
||||||
|
command directly (for instance you can copy the binary in `/usr/local/bin`
|
||||||
|
or in `~/.local/bin`).
|
||||||
|
|
||||||
|
If a binary of the last version is not available for your architecture,
|
||||||
|
or if you want a build customized for your system,
|
||||||
|
you can [build Garage from source](@/documentation/cookbook/from-source.md).
|
||||||
|
|
||||||
|
|
||||||
|
## Configuring and starting Garage
|
||||||
|
|
||||||
|
### Writing a first configuration file
|
||||||
|
|
||||||
|
This first configuration file should allow you to get started easily with the simplest
|
||||||
|
possible Garage deployment.
|
||||||
|
**Save it as `/etc/garage.toml`.**
|
||||||
|
You can also store it somewhere else, but you will have to specify `-c path/to/garage.toml`
|
||||||
|
at each invocation of the `garage` binary (for example: `garage -c ./garage.toml server`, `garage -c ./garage.toml status`).
|
||||||
|
|
||||||
|
```toml
|
||||||
|
metadata_dir = "/tmp/meta"
|
||||||
|
data_dir = "/tmp/data"
|
||||||
|
|
||||||
|
replication_mode = "none"
|
||||||
|
|
||||||
|
rpc_bind_addr = "[::]:3901"
|
||||||
|
rpc_public_addr = "127.0.0.1:3901"
|
||||||
|
rpc_secret = "1799bccfd7411eddcf9ebd316bc1f5287ad12a68094e1c6ac6abde7e6feae1ec"
|
||||||
|
|
||||||
|
bootstrap_peers = []
|
||||||
|
|
||||||
|
[s3_api]
|
||||||
|
s3_region = "garage"
|
||||||
|
api_bind_addr = "[::]:3900"
|
||||||
|
root_domain = ".s3.garage.localhost"
|
||||||
|
|
||||||
|
[s3_web]
|
||||||
|
bind_addr = "[::]:3902"
|
||||||
|
root_domain = ".web.garage.localhost"
|
||||||
|
index = "index.html"
|
||||||
|
```
|
||||||
|
|
||||||
|
The `rpc_secret` value provided above is just an example. It will work, but in
|
||||||
|
order to secure your cluster you will need to use another one. You can generate
|
||||||
|
such a value with `openssl rand -hex 32`.
|
||||||
|
|
||||||
|
|
||||||
|
As you can see in the `metadata_dir` and `data_dir` parameters, we are saving Garage's data
|
||||||
|
in `/tmp` which gets erased when your system reboots. This means that data stored on this
|
||||||
|
Garage server will not be persistent. Change these to locations on your local disk if you want
|
||||||
|
your data to be persisted properly.
|
||||||
|
|
||||||
|
|
||||||
|
### Launching the Garage server
|
||||||
|
|
||||||
|
Use the following command to launch the Garage server with our configuration file:
|
||||||
|
|
||||||
|
```
|
||||||
|
garage server
|
||||||
|
```
|
||||||
|
|
||||||
|
You can tune Garage's verbosity as follows (from less verbose to more verbose):
|
||||||
|
|
||||||
|
```
|
||||||
|
RUST_LOG=garage=info garage server
|
||||||
|
RUST_LOG=garage=debug garage server
|
||||||
|
RUST_LOG=garage=trace garage server
|
||||||
|
```
|
||||||
|
|
||||||
|
Log level `info` is the default value and is recommended for most use cases.
|
||||||
|
Log level `debug` can help you check why your S3 API calls are not working.
|
||||||
|
|
||||||
|
|
||||||
|
### Checking that Garage runs correctly
|
||||||
|
|
||||||
|
The `garage` utility is also used as a CLI tool to configure your Garage deployment.
|
||||||
|
It uses values from the TOML configuration file to find the Garage daemon running on the
|
||||||
|
local node, therefore if your configuration file is not at `/etc/garage.toml` you will
|
||||||
|
again have to specify `-c path/to/garage.toml`.
|
||||||
|
|
||||||
|
If the `garage` CLI is able to correctly detect the parameters of your local Garage node,
|
||||||
|
the following command should be enough to show the status of your cluster:
|
||||||
|
|
||||||
|
```
|
||||||
|
garage status
|
||||||
|
```
|
||||||
|
|
||||||
|
This should show something like this:
|
||||||
|
|
||||||
|
```
|
||||||
|
==== HEALTHY NODES ====
|
||||||
|
ID Hostname Address Tag Zone Capacity
|
||||||
|
563e1ac825ee3323… linuxbox 127.0.0.1:3901 NO ROLE ASSIGNED
|
||||||
|
```
|
||||||
|
|
||||||
|
## Creating a cluster layout
|
||||||
|
|
||||||
|
Creating a cluster layout for a Garage deployment means informing Garage
|
||||||
|
of the disk space available on each node of the cluster
|
||||||
|
as well as the zone (e.g. datacenter) each machine is located in.
|
||||||
|
|
||||||
|
For our test deployment, we are using only one node. The way in which we configure
|
||||||
|
it does not matter, you can simply write:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
garage layout assign -z dc1 -c 1 <node_id>
|
||||||
|
```
|
||||||
|
|
||||||
|
where `<node_id>` corresponds to the identifier of the node shown by `garage status` (first column).
|
||||||
|
You can enter simply a prefix of that identifier.
|
||||||
|
For instance here you could write just `garage layout assign -z dc1 -c 1 563e`.
|
||||||
|
|
||||||
|
The layout then has to be applied to the cluster, using:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
garage layout apply
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
## Creating buckets and keys
|
||||||
|
|
||||||
|
In this section, we will suppose that we want to create a bucket named `nextcloud-bucket`
|
||||||
|
that will be accessed through a key named `nextcloud-app-key`.
|
||||||
|
|
||||||
|
Don't forget that `help` command and `--help` subcommands can help you anywhere,
|
||||||
|
the CLI tool is self-documented! Two examples:
|
||||||
|
|
||||||
|
```
|
||||||
|
garage help
|
||||||
|
garage bucket allow --help
|
||||||
|
```
|
||||||
|
|
||||||
|
### Create a bucket
|
||||||
|
|
||||||
|
Let's take an example where we want to deploy NextCloud using Garage as the
|
||||||
|
main data storage.
|
||||||
|
|
||||||
|
First, create a bucket with the following command:
|
||||||
|
|
||||||
|
```
|
||||||
|
garage bucket create nextcloud-bucket
|
||||||
|
```
|
||||||
|
|
||||||
|
Check that everything went well:
|
||||||
|
|
||||||
|
```
|
||||||
|
garage bucket list
|
||||||
|
garage bucket info nextcloud-bucket
|
||||||
|
```
|
||||||
|
|
||||||
|
### Create an API key
|
||||||
|
|
||||||
|
The `nextcloud-bucket` bucket now exists on the Garage server,
|
||||||
|
however it cannot be accessed until we add an API key with the proper access rights.
|
||||||
|
|
||||||
|
Note that API keys are independent of buckets:
|
||||||
|
one key can access multiple buckets, multiple keys can access one bucket.
|
||||||
|
|
||||||
|
Create an API key using the following command:
|
||||||
|
|
||||||
|
```
|
||||||
|
garage key new --name nextcloud-app-key
|
||||||
|
```
|
||||||
|
|
||||||
|
The output should look as follows:
|
||||||
|
|
||||||
|
```
|
||||||
|
Key name: nextcloud-app-key
|
||||||
|
Key ID: GK3515373e4c851ebaad366558
|
||||||
|
Secret key: 7d37d093435a41f2aab8f13c19ba067d9776c90215f56614adad6ece597dbb34
|
||||||
|
Authorized buckets:
|
||||||
|
```
|
||||||
|
|
||||||
|
Check that everything works as intended:
|
||||||
|
|
||||||
|
```
|
||||||
|
garage key list
|
||||||
|
garage key info nextcloud-app-key
|
||||||
|
```
|
||||||
|
|
||||||
|
### Allow a key to access a bucket
|
||||||
|
|
||||||
|
Now that we have a bucket and a key, we need to give permissions to the key on the bucket:
|
||||||
|
|
||||||
|
```
|
||||||
|
garage bucket allow \
|
||||||
|
--read \
|
||||||
|
--write \
|
||||||
|
nextcloud-bucket \
|
||||||
|
--key nextcloud-app-key
|
||||||
|
```
|
||||||
|
|
||||||
|
You can check at any time the allowed keys on your bucket with:
|
||||||
|
|
||||||
|
```
|
||||||
|
garage bucket info nextcloud-bucket
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
## Uploading and downlading from Garage
|
||||||
|
|
||||||
|
We recommend the use of MinIO Client to interact with Garage files (`mc`).
|
||||||
|
Instructions to install it and use it are provided on the
|
||||||
|
[MinIO website](https://docs.min.io/docs/minio-client-quickstart-guide.html).
|
||||||
|
Before reading the following, you need a working `mc` command on your path.
|
||||||
|
|
||||||
|
Note that on certain Linux distributions such as Arch Linux, the Minio client binary
|
||||||
|
is called `mcli` instead of `mc` (to avoid name clashes with the Midnight Commander).
|
||||||
|
|
||||||
|
### Configure `mc`
|
||||||
|
|
||||||
|
You need your access key and secret key created above.
|
||||||
|
We will assume you are invoking `mc` on the same machine as the Garage server,
|
||||||
|
your S3 API endpoint is therefore `http://127.0.0.1:3900`.
|
||||||
|
For this whole configuration, you must set an alias name: we chose `my-garage`, that you will used for all commands.
|
||||||
|
|
||||||
|
Adapt the following command accordingly and run it:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
mc alias set \
|
||||||
|
my-garage \
|
||||||
|
http://127.0.0.1:3900 \
|
||||||
|
<access key> \
|
||||||
|
<secret key> \
|
||||||
|
--api S3v4
|
||||||
|
```
|
||||||
|
|
||||||
|
You must also add an environment variable to your configuration to
|
||||||
|
inform MinIO of our region (`garage` by default, corresponding to the `s3_region` parameter
|
||||||
|
in the configuration file).
|
||||||
|
The best way is to add the following snippet to your `$HOME/.bash_profile`
|
||||||
|
or `$HOME/.bashrc` file:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
export MC_REGION=garage
|
||||||
|
```
|
||||||
|
|
||||||
|
### Use `mc`
|
||||||
|
|
||||||
|
You can not list buckets from `mc` currently.
|
||||||
|
|
||||||
|
But the following commands and many more should work:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
mc cp image.png my-garage/nextcloud-bucket
|
||||||
|
mc cp my-garage/nextcloud-bucket/image.png .
|
||||||
|
mc ls my-garage/nextcloud-bucket
|
||||||
|
mc mirror localdir/ my-garage/another-bucket
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
### Other tools for interacting with Garage
|
||||||
|
|
||||||
|
The following tools can also be used to send and recieve files from/to Garage:
|
||||||
|
|
||||||
|
- the [AWS CLI](https://aws.amazon.com/cli/)
|
||||||
|
- [`rclone`](https://rclone.org/)
|
||||||
|
- [Cyberduck](https://cyberduck.io/)
|
||||||
|
- [`s3cmd`](https://s3tools.org/s3cmd)
|
||||||
|
|
||||||
|
Refer to the ["Integrations" section](@/documentation/connect/_index.md) to learn how to
|
||||||
|
configure application and command line utilities to integrate with Garage.
|
10
doc/book/reference-manual/_index.md
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
+++
|
||||||
|
title = "Reference Manual"
|
||||||
|
weight = 4
|
||||||
|
sort_by = "weight"
|
||||||
|
template = "documentation.html"
|
||||||
|
+++
|
||||||
|
|
||||||
|
A reference manual contains some extensive descriptions about the features and the behaviour of the software.
|
||||||
|
Reading of this chapter is recommended once you have a good knowledge/understanding of Garage.
|
||||||
|
It will be useful if you want to tune it or to use it in some exotic conditions.
|
7
doc/book/reference-manual/cli.md
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
+++
|
||||||
|
title = "Garage CLI"
|
||||||
|
weight = 15
|
||||||
|
+++
|
||||||
|
|
||||||
|
The Garage CLI is mostly self-documented. Make use of the `help` subcommand
|
||||||
|
and the `--help` flag to discover all available options.
|
338
doc/book/reference-manual/configuration.md
Normal file
|
@ -0,0 +1,338 @@
|
||||||
|
+++
|
||||||
|
title = "Configuration file format"
|
||||||
|
weight = 5
|
||||||
|
+++
|
||||||
|
|
||||||
|
Here is an example `garage.toml` configuration file that illustrates all of the possible options:
|
||||||
|
|
||||||
|
```toml
|
||||||
|
metadata_dir = "/var/lib/garage/meta"
|
||||||
|
data_dir = "/var/lib/garage/data"
|
||||||
|
|
||||||
|
block_size = 1048576
|
||||||
|
|
||||||
|
replication_mode = "3"
|
||||||
|
|
||||||
|
compression_level = 1
|
||||||
|
|
||||||
|
rpc_secret = "4425f5c26c5e11581d3223904324dcb5b5d5dfb14e5e7f35e38c595424f5f1e6"
|
||||||
|
rpc_bind_addr = "[::]:3901"
|
||||||
|
rpc_public_addr = "[fc00:1::1]:3901"
|
||||||
|
|
||||||
|
bootstrap_peers = [
|
||||||
|
"563e1ac825ee3323aa441e72c26d1030d6d4414aeb3dd25287c531e7fc2bc95d@[fc00:1::1]:3901",
|
||||||
|
"86f0f26ae4afbd59aaf9cfb059eefac844951efd5b8caeec0d53f4ed6c85f332[fc00:1::2]:3901",
|
||||||
|
"681456ab91350f92242e80a531a3ec9392cb7c974f72640112f90a600d7921a4@[fc00:B::1]:3901",
|
||||||
|
"212fd62eeaca72c122b45a7f4fa0f55e012aa5e24ac384a72a3016413fa724ff@[fc00:F::1]:3901",
|
||||||
|
]
|
||||||
|
|
||||||
|
consul_host = "consul.service"
|
||||||
|
consul_service_name = "garage-daemon"
|
||||||
|
|
||||||
|
kubernetes_namespace = "garage"
|
||||||
|
kubernetes_service_name = "garage-daemon"
|
||||||
|
kubernetes_skip_crd = false
|
||||||
|
|
||||||
|
sled_cache_capacity = 134217728
|
||||||
|
sled_flush_every_ms = 2000
|
||||||
|
|
||||||
|
[s3_api]
|
||||||
|
api_bind_addr = "[::]:3900"
|
||||||
|
s3_region = "garage"
|
||||||
|
root_domain = ".s3.garage"
|
||||||
|
|
||||||
|
[s3_web]
|
||||||
|
bind_addr = "[::]:3902"
|
||||||
|
root_domain = ".web.garage"
|
||||||
|
|
||||||
|
[admin]
|
||||||
|
api_bind_addr = "0.0.0.0:3903"
|
||||||
|
trace_sink = "http://localhost:4317"
|
||||||
|
```
|
||||||
|
|
||||||
|
The following gives details about each available configuration option.
|
||||||
|
|
||||||
|
## Available configuration options
|
||||||
|
|
||||||
|
### `metadata_dir`
|
||||||
|
|
||||||
|
The directory in which Garage will store its metadata. This contains the node identifier,
|
||||||
|
the network configuration and the peer list, the list of buckets and keys as well
|
||||||
|
as the index of all objects, object version and object blocks.
|
||||||
|
|
||||||
|
Store this folder on a fast SSD drive if possible to maximize Garage's performance.
|
||||||
|
|
||||||
|
### `data_dir`
|
||||||
|
|
||||||
|
The directory in which Garage will store the data blocks of objects.
|
||||||
|
This folder can be placed on an HDD. The space available for `data_dir`
|
||||||
|
should be counted to determine a node's capacity
|
||||||
|
when [adding it to the cluster layout](@/documentation/cookbook/real-world.md).
|
||||||
|
|
||||||
|
### `block_size`
|
||||||
|
|
||||||
|
Garage splits stored objects in consecutive chunks of size `block_size`
|
||||||
|
(except the last one which might be smaller). The default size is 1MB and
|
||||||
|
should work in most cases. We recommend increasing it to e.g. 10MB if
|
||||||
|
you are using Garage to store large files and have fast network connections
|
||||||
|
between all nodes (e.g. 1gbps).
|
||||||
|
|
||||||
|
If you are interested in tuning this, feel free to do so (and remember to
|
||||||
|
report your findings to us!). When this value is changed for a running Garage
|
||||||
|
installation, only files newly uploaded will be affected. Previously uploaded
|
||||||
|
files will remain available. This however means that chunks from existing files
|
||||||
|
will not be deduplicated with chunks from newly uploaded files, meaning you
|
||||||
|
might use more storage space that is optimally possible.
|
||||||
|
|
||||||
|
### `replication_mode`
|
||||||
|
|
||||||
|
Garage supports the following replication modes:
|
||||||
|
|
||||||
|
- `none` or `1`: data stored on Garage is stored on a single node. There is no
|
||||||
|
redundancy, and data will be unavailable as soon as one node fails or its
|
||||||
|
network is disconnected. Do not use this for anything else than test
|
||||||
|
deployments.
|
||||||
|
|
||||||
|
- `2`: data stored on Garage will be stored on two different nodes, if possible
|
||||||
|
in different zones. Garage tolerates one node failure, or several nodes
|
||||||
|
failing but all in a single zone (in a deployment with at least two zones),
|
||||||
|
before losing data. Data remains available in read-only mode when one node is
|
||||||
|
down, but write operations will fail.
|
||||||
|
|
||||||
|
- `2-dangerous`: a variant of mode `2`, where written objects are written to
|
||||||
|
the second replica asynchronously. This means that Garage will return `200
|
||||||
|
OK` to a PutObject request before the second copy is fully written (or even
|
||||||
|
before it even starts being written). This means that data can more easily
|
||||||
|
be lost if the node crashes before a second copy can be completed. This
|
||||||
|
also means that written objects might not be visible immediately in read
|
||||||
|
operations. In other words, this mode severely breaks the consistency and
|
||||||
|
durability guarantees of standard Garage cluster operation. Benefits of
|
||||||
|
this mode: you can still write to your cluster when one node is
|
||||||
|
unavailable.
|
||||||
|
|
||||||
|
- `3`: data stored on Garage will be stored on three different nodes, if
|
||||||
|
possible each in a different zones. Garage tolerates two node failure, or
|
||||||
|
several node failures but in no more than two zones (in a deployment with at
|
||||||
|
least three zones), before losing data. As long as only a single node fails,
|
||||||
|
or node failures are only in a single zone, reading and writing data to
|
||||||
|
Garage can continue normally.
|
||||||
|
|
||||||
|
- `3-degraded`: a variant of replication mode `3`, that lowers the read
|
||||||
|
quorum to `1`, to allow you to read data from your cluster when several
|
||||||
|
nodes (or nodes in several zones) are unavailable. In this mode, Garage
|
||||||
|
does not provide read-after-write consistency anymore. The write quorum is
|
||||||
|
still 2, ensuring that data successfully written to Garage is stored on at
|
||||||
|
least two nodes.
|
||||||
|
|
||||||
|
- `3-dangerous`: a variant of replication mode `3` that lowers both the read
|
||||||
|
and write quorums to `1`, to allow you to both read and write to your
|
||||||
|
cluster when several nodes (or nodes in several zones) are unavailable. It
|
||||||
|
is the least consistent mode of operation proposed by Garage, and also one
|
||||||
|
that should probably never be used.
|
||||||
|
|
||||||
|
Note that in modes `2` and `3`,
|
||||||
|
if at least the same number of zones are available, an arbitrary number of failures in
|
||||||
|
any given zone is tolerated as copies of data will be spread over several zones.
|
||||||
|
|
||||||
|
**Make sure `replication_mode` is the same in the configuration files of all nodes.
|
||||||
|
Never run a Garage cluster where that is not the case.**
|
||||||
|
|
||||||
|
The quorums associated with each replication mode are described below:
|
||||||
|
|
||||||
|
| `replication_mode` | Number of replicas | Write quorum | Read quorum | Read-after-write consistency? |
|
||||||
|
| ------------------ | ------------------ | ------------ | ----------- | ----------------------------- |
|
||||||
|
| `none` or `1` | 1 | 1 | 1 | yes |
|
||||||
|
| `2` | 2 | 2 | 1 | yes |
|
||||||
|
| `2-dangerous` | 2 | 1 | 1 | NO |
|
||||||
|
| `3` | 3 | 2 | 2 | yes |
|
||||||
|
| `3-degraded` | 3 | 2 | 1 | NO |
|
||||||
|
| `3-dangerous` | 3 | 1 | 1 | NO |
|
||||||
|
|
||||||
|
Changing the `replication_mode` between modes with the same number of replicas
|
||||||
|
(e.g. from `3` to `3-degraded`, or from `2-dangerous` to `2`), can be done easily by
|
||||||
|
just changing the `replication_mode` parameter in your config files and restarting all your
|
||||||
|
Garage nodes.
|
||||||
|
|
||||||
|
It is also technically possible to change the replication mode to a mode with a
|
||||||
|
different numbers of replicas, although it's a dangerous operation that is not
|
||||||
|
officially supported. This requires you to delete the existing cluster layout
|
||||||
|
and create a new layout from scratch, meaning that a full rebalancing of your
|
||||||
|
cluster's data will be needed. To do it, shut down your cluster entirely,
|
||||||
|
delete the `custer_layout` files in the meta directories of all your nodes,
|
||||||
|
update all your configuration files with the new `replication_mode` parameter,
|
||||||
|
restart your cluster, and then create a new layout with all the nodes you want
|
||||||
|
to keep. Rebalancing data will take some time, and data might temporarily
|
||||||
|
appear unavailable to your users. It is recommended to shut down public access
|
||||||
|
to the cluster while rebalancing is in progress. In theory, no data should be
|
||||||
|
lost as rebalancing is a routine operation for Garage, although we cannot
|
||||||
|
guarantee you that everything will go right in such an extreme scenario.
|
||||||
|
|
||||||
|
### `compression_level`
|
||||||
|
|
||||||
|
Zstd compression level to use for storing blocks.
|
||||||
|
|
||||||
|
Values between `1` (faster compression) and `19` (smaller file) are standard compression
|
||||||
|
levels for zstd. From `20` to `22`, compression levels are referred as "ultra" and must be
|
||||||
|
used with extra care as it will use lot of memory. A value of `0` will let zstd choose a
|
||||||
|
default value (currently `3`). Finally, zstd has also compression designed to be faster
|
||||||
|
than default compression levels, they range from `-1` (smaller file) to `-99` (faster
|
||||||
|
compression).
|
||||||
|
|
||||||
|
If you do not specify a `compression_level` entry, Garage will set it to `1` for you. With
|
||||||
|
this parameters, zstd consumes low amount of cpu and should work faster than line speed in
|
||||||
|
most situations, while saving some space and intra-cluster
|
||||||
|
bandwidth.
|
||||||
|
|
||||||
|
If you want to totally deactivate zstd in Garage, you can pass the special value `'none'`. No
|
||||||
|
zstd related code will be called, your chunks will be stored on disk without any processing.
|
||||||
|
|
||||||
|
Compression is done synchronously, setting a value too high will add latency to write queries.
|
||||||
|
|
||||||
|
This value can be different between nodes, compression is done by the node which receive the
|
||||||
|
API call.
|
||||||
|
|
||||||
|
### `rpc_secret`
|
||||||
|
|
||||||
|
Garage uses a secret key that is shared between all nodes of the cluster
|
||||||
|
in order to identify these nodes and allow them to communicate together.
|
||||||
|
This key should be specified here in the form of a 32-byte hex-encoded
|
||||||
|
random string. Such a string can be generated with a command
|
||||||
|
such as `openssl rand -hex 32`.
|
||||||
|
|
||||||
|
### `rpc_bind_addr`
|
||||||
|
|
||||||
|
The address and port on which to bind for inter-cluster communcations
|
||||||
|
(reffered to as RPC for remote procedure calls).
|
||||||
|
The port specified here should be the same one that other nodes will used to contact
|
||||||
|
the node, even in the case of a NAT: the NAT should be configured to forward the external
|
||||||
|
port number to the same internal port nubmer. This means that if you have several nodes running
|
||||||
|
behind a NAT, they should each use a different RPC port number.
|
||||||
|
|
||||||
|
### `rpc_public_addr`
|
||||||
|
|
||||||
|
The address and port that other nodes need to use to contact this node for
|
||||||
|
RPC calls. **This parameter is optional but recommended.** In case you have
|
||||||
|
a NAT that binds the RPC port to a port that is different on your public IP,
|
||||||
|
this field might help making it work.
|
||||||
|
|
||||||
|
### `bootstrap_peers`
|
||||||
|
|
||||||
|
A list of peer identifiers on which to contact other Garage peers of this cluster.
|
||||||
|
These peer identifiers have the following syntax:
|
||||||
|
|
||||||
|
```
|
||||||
|
<node public key>@<node public IP or hostname>:<port>
|
||||||
|
```
|
||||||
|
|
||||||
|
In the case where `rpc_public_addr` is correctly specified in the
|
||||||
|
configuration file, the full identifier of a node including IP and port can
|
||||||
|
be obtained by running `garage node id` and then included directly in the
|
||||||
|
`bootstrap_peers` list of other nodes. Otherwise, only the node's public
|
||||||
|
key will be returned by `garage node id` and you will have to add the IP
|
||||||
|
yourself.
|
||||||
|
|
||||||
|
### `consul_host` and `consul_service_name`
|
||||||
|
|
||||||
|
Garage supports discovering other nodes of the cluster using Consul. For this
|
||||||
|
to work correctly, nodes need to know their IP address by which they can be
|
||||||
|
reached by other nodes of the cluster, which should be set in `rpc_public_addr`.
|
||||||
|
|
||||||
|
The `consul_host` parameter should be set to the hostname of the Consul server,
|
||||||
|
and `consul_service_name` should be set to the service name under which Garage's
|
||||||
|
RPC ports are announced.
|
||||||
|
|
||||||
|
Garage does not yet support talking to Consul over TLS.
|
||||||
|
|
||||||
|
### `kubernetes_namespace`, `kubernetes_service_name` and `kubernetes_skip_crd`
|
||||||
|
|
||||||
|
Garage supports discovering other nodes of the cluster using kubernetes custom
|
||||||
|
resources. For this to work `kubernetes_namespace` and `kubernetes_service_name`
|
||||||
|
need to be configured.
|
||||||
|
|
||||||
|
`kubernetes_namespace` sets the namespace in which the custom resources are
|
||||||
|
configured. `kubernetes_service_name` is added as a label to these resources to
|
||||||
|
filter them, to allow for multiple deployments in a single namespace.
|
||||||
|
|
||||||
|
`kubernetes_skip_crd` can be set to true to disable the automatic creation and
|
||||||
|
patching of the `garagenodes.deuxfleurs.fr` CRD. You will need to create the CRD
|
||||||
|
manually.
|
||||||
|
|
||||||
|
### `sled_cache_capacity`
|
||||||
|
|
||||||
|
This parameter can be used to tune the capacity of the cache used by
|
||||||
|
[sled](https://sled.rs), the database Garage uses internally to store metadata.
|
||||||
|
Tune this to fit the RAM you wish to make available to your Garage instance.
|
||||||
|
This value has a conservative default (128MB) so that Garage doesn't use too much
|
||||||
|
RAM by default, but feel free to increase this for higher performance.
|
||||||
|
|
||||||
|
### `sled_flush_every_ms`
|
||||||
|
|
||||||
|
This parameters can be used to tune the flushing interval of sled.
|
||||||
|
Increase this if sled is thrashing your SSD, at the risk of losing more data in case
|
||||||
|
of a power outage (though this should not matter much as data is replicated on other
|
||||||
|
nodes). The default value, 2000ms, should be appropriate for most use cases.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## The `[s3_api]` section
|
||||||
|
|
||||||
|
### `api_bind_addr`
|
||||||
|
|
||||||
|
The IP and port on which to bind for accepting S3 API calls.
|
||||||
|
This endpoint does not suport TLS: a reverse proxy should be used to provide it.
|
||||||
|
|
||||||
|
### `s3_region`
|
||||||
|
|
||||||
|
Garage will accept S3 API calls that are targetted to the S3 region defined here.
|
||||||
|
API calls targetted to other regions will fail with a AuthorizationHeaderMalformed error
|
||||||
|
message that redirects the client to the correct region.
|
||||||
|
|
||||||
|
### `root_domain` {#root_domain}
|
||||||
|
|
||||||
|
The optionnal suffix to access bucket using vhost-style in addition to path-style request.
|
||||||
|
Note path-style requests are always enabled, whether or not vhost-style is configured.
|
||||||
|
Configuring vhost-style S3 required a wildcard DNS entry, and possibly a wildcard TLS certificate,
|
||||||
|
but might be required by softwares not supporting path-style requests.
|
||||||
|
|
||||||
|
If `root_domain` is `s3.garage.eu`, a bucket called `my-bucket` can be interacted with
|
||||||
|
using the hostname `my-bucket.s3.garage.eu`.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## The `[s3_web]` section
|
||||||
|
|
||||||
|
Garage allows to publish content of buckets as websites. This section configures the
|
||||||
|
behaviour of this module.
|
||||||
|
|
||||||
|
### `bind_addr`
|
||||||
|
|
||||||
|
The IP and port on which to bind for accepting HTTP requests to buckets configured
|
||||||
|
for website access.
|
||||||
|
This endpoint does not suport TLS: a reverse proxy should be used to provide it.
|
||||||
|
|
||||||
|
### `root_domain`
|
||||||
|
|
||||||
|
The optionnal suffix appended to bucket names for the corresponding HTTP Host.
|
||||||
|
|
||||||
|
For instance, if `root_domain` is `web.garage.eu`, a bucket called `deuxfleurs.fr`
|
||||||
|
will be accessible either with hostname `deuxfleurs.fr.web.garage.eu`
|
||||||
|
or with hostname `deuxfleurs.fr`.
|
||||||
|
|
||||||
|
|
||||||
|
## The `[admin]` section
|
||||||
|
|
||||||
|
Garage has a few administration capabilities, in particular to allow remote monitoring. These features are detailed below.
|
||||||
|
|
||||||
|
### `api_bind_addr`
|
||||||
|
|
||||||
|
If specified, Garage will bind an HTTP server to this port and address, on
|
||||||
|
which it will listen to requests for administration features. Currently,
|
||||||
|
this endpoint only exposes Garage metrics in the Prometheus format at
|
||||||
|
`/metrics`. This endpoint is not authenticated. In the future, bucket and
|
||||||
|
access key management might be possible by REST calls to this endpoint.
|
||||||
|
|
||||||
|
### `trace_sink`
|
||||||
|
|
||||||
|
Optionnally, the address of an Opentelemetry collector. If specified,
|
||||||
|
Garage will send traces in the Opentelemetry format to this endpoint. These
|
||||||
|
trace allow to inspect Garage's operation when it handles S3 API requests.
|
77
doc/book/reference-manual/layout.md
Normal file
|
@ -0,0 +1,77 @@
|
||||||
|
+++
|
||||||
|
title = "Cluster layout management"
|
||||||
|
weight = 10
|
||||||
|
+++
|
||||||
|
|
||||||
|
The cluster layout in Garage is a table that assigns to each node a role in
|
||||||
|
the cluster. The role of a node in Garage can either be a storage node with
|
||||||
|
a certain capacity, or a gateway node that does not store data and is only
|
||||||
|
used as an API entry point for faster cluster access.
|
||||||
|
An introduction to building cluster layouts can be found in the [production deployment](@/documentation/cookbook/real-world.md) page.
|
||||||
|
|
||||||
|
## How cluster layouts work in Garage
|
||||||
|
|
||||||
|
In Garage, a cluster layout is composed of the following components:
|
||||||
|
|
||||||
|
- a table of roles assigned to nodes
|
||||||
|
- a version number
|
||||||
|
|
||||||
|
Garage nodes will always use the cluster layout with the highest version number.
|
||||||
|
|
||||||
|
Garage nodes also maintain and synchronize between them a set of proposed role
|
||||||
|
changes that haven't yet been applied. These changes will be applied (or
|
||||||
|
canceled) in the next version of the layout
|
||||||
|
|
||||||
|
The following commands insert modifications to the set of proposed role changes
|
||||||
|
for the next layout version (but they do not create the new layout immediately):
|
||||||
|
|
||||||
|
```bash
|
||||||
|
garage layout assign [...]
|
||||||
|
garage layout remove [...]
|
||||||
|
```
|
||||||
|
|
||||||
|
The following command can be used to inspect the layout that is currently set in the cluster
|
||||||
|
and the changes proposed for the next layout version, if any:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
garage layout show
|
||||||
|
```
|
||||||
|
|
||||||
|
The following commands create a new layout with the specified version number,
|
||||||
|
that either takes into account the proposed changes or cancels them:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
garage layout apply --version <new_version_number>
|
||||||
|
garage layout revert --version <new_version_number>
|
||||||
|
```
|
||||||
|
|
||||||
|
The version number of the new layout to create must be 1 + the version number
|
||||||
|
of the previous layout that existed in the cluster. The `apply` and `revert`
|
||||||
|
commands will fail otherwise.
|
||||||
|
|
||||||
|
## Warnings about Garage cluster layout management
|
||||||
|
|
||||||
|
**Warning: never make several calls to `garage layout apply` or `garage layout
|
||||||
|
revert` with the same value of the `--version` flag. Doing so can lead to the
|
||||||
|
creation of several different layouts with the same version number, in which
|
||||||
|
case your Garage cluster will become inconsistent until fixed.** If a call to
|
||||||
|
`garage layout apply` or `garage layout revert` has failed and `garage layout
|
||||||
|
show` indicates that a new layout with the given version number has not been
|
||||||
|
set in the cluster, then it is fine to call the command again with the same
|
||||||
|
version number.
|
||||||
|
|
||||||
|
If you are using the `garage` CLI by typing individual commands in your
|
||||||
|
shell, you shouldn't have much issues as long as you run commands one after
|
||||||
|
the other and take care of checking the output of `garage layout show`
|
||||||
|
before applying any changes.
|
||||||
|
|
||||||
|
If you are using the `garage` CLI to script layout changes, follow the following recommendations:
|
||||||
|
|
||||||
|
- Make all of your `garage` CLI calls to the same RPC host. Do not use the
|
||||||
|
`garage` CLI to connect to individual nodes to send them each a piece of the
|
||||||
|
layout changes you are making, as the changes propagate asynchronously
|
||||||
|
between nodes and might not all be taken into account at the time when the
|
||||||
|
new layout is applied.
|
||||||
|
|
||||||
|
- **Only call `garage layout apply` once**, and call it **strictly after** all
|
||||||
|
of the `layout assign` and `layout remove` commands have returned.
|
45
doc/book/reference-manual/routing.md
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
+++
|
||||||
|
title = "Request routing logic"
|
||||||
|
weight = 10
|
||||||
|
+++
|
||||||
|
|
||||||
|
Data retrieval requests to Garage endpoints (S3 API and websites) are resolved
|
||||||
|
to an individual object in a bucket. Since objects are replicated to multiple nodes
|
||||||
|
Garage must ensure consistency before answering the request.
|
||||||
|
|
||||||
|
## Using quorum to ensure consistency
|
||||||
|
|
||||||
|
Garage ensures consistency by attempting to establish a quorum with the
|
||||||
|
data nodes responsible for the object. When a majority of the data nodes
|
||||||
|
have provided metadata on a object Garage can then answer the request.
|
||||||
|
|
||||||
|
When a request arrives Garage will, assuming the recommended 3 replicas, perform the following actions:
|
||||||
|
|
||||||
|
- Make a request to the two preferred nodes for object metadata
|
||||||
|
- Try the third node if one of the two initial requests fail
|
||||||
|
- Check that the metadata from at least 2 nodes match
|
||||||
|
- Check that the object hasn't been marked deleted
|
||||||
|
- Answer the request with inline data from metadata if object is small enough
|
||||||
|
- Or get data blocks from the preferred nodes and answer using the assembled object
|
||||||
|
|
||||||
|
Garage dynamically determines which nodes to query based on health, preference, and
|
||||||
|
which nodes actually host a given data. Garage has no concept of "primary" so any
|
||||||
|
healthy node with the data can be used as long as a quorum is reached for the metadata.
|
||||||
|
|
||||||
|
## Node health
|
||||||
|
|
||||||
|
Garage keeps a TCP session open to each node in the cluster and periodically pings them. If a connection
|
||||||
|
cannot be established, or a node fails to answer a number of pings, the target node is marked as failed.
|
||||||
|
Failed nodes are not used for quorum or other internal requests.
|
||||||
|
|
||||||
|
## Node preference
|
||||||
|
|
||||||
|
Garage prioritizes which nodes to query according to a few criteria:
|
||||||
|
|
||||||
|
- A node always prefers itself if it can answer the request
|
||||||
|
- Then the node prioritizes nodes in the same zone
|
||||||
|
- Finally the nodes with the lowest latency are prioritized
|
||||||
|
|
||||||
|
|
||||||
|
For further reading on the cluster structure look at the [gateway](@/documentation/cookbook/gateways.md)
|
||||||
|
and [cluster layout management](@/documentation/reference-manual/layout.md) pages.
|
205
doc/book/reference-manual/s3-compatibility.md
Normal file
|
@ -0,0 +1,205 @@
|
||||||
|
+++
|
||||||
|
title = "S3 Compatibility status"
|
||||||
|
weight = 20
|
||||||
|
+++
|
||||||
|
|
||||||
|
## Endpoint implementation
|
||||||
|
|
||||||
|
All APIs that are missing on Garage will return a 501 Not Implemented.
|
||||||
|
Some `x-amz-` headers are not implemented.
|
||||||
|
|
||||||
|
*The compatibility list for other platforms is given only for information purposes and based on available documentation. Some entries might be inexact. Feel free to open a PR to fix this table. Minio is missing because they do not provide a public S3 compatibility list.*
|
||||||
|
|
||||||
|
### Features
|
||||||
|
|
||||||
|
| Feature | Garage | [Openstack Swift](https://docs.openstack.org/swift/latest/s3_compat.html) | [Ceph Object Gateway](https://docs.ceph.com/en/latest/radosgw/s3/) | [Riak CS](https://docs.riak.com/riak/cs/2.1.1/references/apis/storage/s3/index.html) | [OpenIO](https://docs.openio.io/latest/source/arch-design/s3_compliancy.html) |
|
||||||
|
|------------------------------|----------------------------------|-----------------|---------------|---------|-----|
|
||||||
|
| [signature v2](https://docs.aws.amazon.com/general/latest/gr/signature-version-2.html) (deprecated) | ❌ Missing | ✅ | ❌ | ✅ | ✅ |
|
||||||
|
| [signature v4](https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html) | ✅ Implemented | ✅ | ✅ | ❌ | ✅ |
|
||||||
|
| [URL path-style](https://docs.aws.amazon.com/AmazonS3/latest/userguide/VirtualHosting.html#path-style-access) (eg. `host.tld/bucket/key`) | ✅ Implemented | ✅ | ✅ | ❓| ✅ |
|
||||||
|
| [URL vhost-style](https://docs.aws.amazon.com/AmazonS3/latest/userguide/VirtualHosting.html#virtual-hosted-style-access) URL (eg. `bucket.host.tld/key`) | ✅ Implemented | ❌| ✅| ✅ | ✅ |
|
||||||
|
| [Presigned URLs](https://docs.aws.amazon.com/AmazonS3/latest/userguide/ShareObjectPreSignedURL.html) | ✅ Implemented | ❌| ✅ | ✅ | ✅(❓) |
|
||||||
|
|
||||||
|
*Note:* OpenIO does not says if it supports presigned URLs. Because it is part of signature v4 and they claim they support it without additional precisions, we suppose that OpenIO supports presigned URLs.
|
||||||
|
|
||||||
|
### Core endoints
|
||||||
|
|
||||||
|
| Endpoint | Garage | [Openstack Swift](https://docs.openstack.org/swift/latest/s3_compat.html) | [Ceph Object Gateway](https://docs.ceph.com/en/latest/radosgw/s3/) | [Riak CS](https://docs.riak.com/riak/cs/2.1.1/references/apis/storage/s3/index.html) | [OpenIO](https://docs.openio.io/latest/source/arch-design/s3_compliancy.html) |
|
||||||
|
|------------------------------|----------------------------------|-----------------|---------------|---------|-----|
|
||||||
|
| [CreateBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) | ✅ Implemented | ✅ | ✅ | ✅ | ✅ |
|
||||||
|
| [DeleteBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html) | ✅ Implemented | ✅ | ✅ | ✅ | ✅ |
|
||||||
|
| [GetBucketLocation](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLocation.html) | ✅ Implemented | ✅ | ✅ | ❌ | ✅ |
|
||||||
|
| [HeadBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html) | ✅ Implemented | ✅ | ✅ | ✅ | ✅ |
|
||||||
|
| [ListBuckets](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html) | ✅ Implemented | ❌| ✅ | ✅ | ✅ |
|
||||||
|
| [HeadObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadObject.html) | ✅ Implemented | ✅ | ✅ | ✅ | ✅ |
|
||||||
|
| [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) | ✅ Implemented | ✅ | ✅ | ✅ | ✅ |
|
||||||
|
| [DeleteObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html) | ✅ Implemented | ✅ | ✅ | ✅ | ✅ |
|
||||||
|
| [DeleteObjects](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObjects.html) | ✅ Implemented | ✅ | ✅ | ✅ | ✅ |
|
||||||
|
| [GetObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) | ✅ Implemented | ✅ | ✅ | ✅ | ✅ |
|
||||||
|
| [ListObjects](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html) | ✅ Implemented (see details below) | ✅ | ✅ | ✅ | ❌|
|
||||||
|
| [ListObjectsV2](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html) | ✅ Implemented | ❌| ❌| ❌| ✅ |
|
||||||
|
| [PostObject](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectPOST.html) (compatibility API) | ❌ Missing | ❌| ✅ | ❌| ❌|
|
||||||
|
| [PutObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) | ✅ Implemented | ✅ | ✅ | ✅ | ✅ |
|
||||||
|
|
||||||
|
**ListObjects:** Implemented, but there isn't a very good specification of what `encoding-type=url` covers so there might be some encoding bugs. In our implementation the url-encoded fields are in the same in ListObjects as they are in ListObjectsV2.
|
||||||
|
|
||||||
|
*Note: Ceph API documentation is incomplete and miss at least HeadBucket and UploadPartCopy, but these endpoints are documented in [Red Hat Ceph Storage - Chapter 2. Ceph Object Gateway and the S3 API](https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/4/html/developer_guide/ceph-object-gateway-and-the-s3-api)*
|
||||||
|
|
||||||
|
### Multipart Upload endpoints
|
||||||
|
|
||||||
|
| Endpoint | Garage | [Openstack Swift](https://docs.openstack.org/swift/latest/s3_compat.html) | [Ceph Object Gateway](https://docs.ceph.com/en/latest/radosgw/s3/) | [Riak CS](https://docs.riak.com/riak/cs/2.1.1/references/apis/storage/s3/index.html) | [OpenIO](https://docs.openio.io/latest/source/arch-design/s3_compliancy.html) |
|
||||||
|
|------------------------------|----------------------------------|-----------------|---------------|---------|-----|
|
||||||
|
| [AbortMultipartUpload](https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html) | ✅ Implemented | ✅ | ✅ | ✅ | ✅ |
|
||||||
|
| [CompleteMultipartUpload](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html) | ✅ Implemented (see details below) | ✅ | ✅ | ✅ | ✅ |
|
||||||
|
| [CreateMultipartUpload](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) | ✅ Implemented | ✅| ✅ | ✅ | ✅ |
|
||||||
|
| [ListMultipartUpload](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUpload.html) | ✅ Implemented | ✅ | ✅ | ✅ | ✅ |
|
||||||
|
| [ListParts](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html) | ✅ Implemented | ✅ | ✅ | ✅ | ✅ |
|
||||||
|
| [UploadPart](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) | ✅ Implemented (see details below) | ✅ | ✅| ✅ | ✅ |
|
||||||
|
| [UploadPartCopy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html) | ✅ Implemented | ✅ | ✅ | ✅ | ✅ |
|
||||||
|
|
||||||
|
Our implementation of Multipart Upload is currently a bit more restrictive than Amazon's one in some edge cases.
|
||||||
|
For more information, please refer to our [issue tracker](https://git.deuxfleurs.fr/Deuxfleurs/garage/issues/204).
|
||||||
|
|
||||||
|
### Website endpoints
|
||||||
|
|
||||||
|
| Endpoint | Garage | [Openstack Swift](https://docs.openstack.org/swift/latest/s3_compat.html) | [Ceph Object Gateway](https://docs.ceph.com/en/latest/radosgw/s3/) | [Riak CS](https://docs.riak.com/riak/cs/2.1.1/references/apis/storage/s3/index.html) | [OpenIO](https://docs.openio.io/latest/source/arch-design/s3_compliancy.html) |
|
||||||
|
|------------------------------|----------------------------------|-----------------|---------------|---------|-----|
|
||||||
|
| [DeleteBucketWebsite](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketWebsite.html) | ✅ Implemented | ❌| ❌| ❌| ❌|
|
||||||
|
| [GetBucketWebsite](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketWebsite.html) | ✅ Implemented | ❌ | ❌| ❌| ❌|
|
||||||
|
| [PutBucketWebsite](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketWebsite.html) | ⚠ Partially implemented (see below)| ❌| ❌| ❌| ❌|
|
||||||
|
| [DeleteBucketCors](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketCors.html) | ✅ Implemented | ❌| ❌| ❌| ✅ |
|
||||||
|
| [GetBucketCors](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketCors.html) | ✅ Implemented | ❌ | ❌| ❌| ✅ |
|
||||||
|
| [PutBucketCors](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketCors.html) | ✅ Implemented | ❌| ❌| ❌| ✅ |
|
||||||
|
|
||||||
|
**PutBucketWebsite:** Implemented, but only stores the index document suffix and the error document path. Redirects are not supported.
|
||||||
|
|
||||||
|
*Note: Ceph radosgw has some support for static websites but it is different from Amazon one plus it does not implement its configuration endpoints.*
|
||||||
|
|
||||||
|
### ACL, Policies endpoints
|
||||||
|
|
||||||
|
Amazon has 2 access control mechanisms in S3: ACL (legacy) and policies (new one).
|
||||||
|
Garage implements none of them, and has its own system instead, built around a per-access-key-per-bucket logic.
|
||||||
|
See Garage CLI reference manual to learn how to use Garage's permission system.
|
||||||
|
|
||||||
|
| Endpoint | Garage | [Openstack Swift](https://docs.openstack.org/swift/latest/s3_compat.html) | [Ceph Object Gateway](https://docs.ceph.com/en/latest/radosgw/s3/) | [Riak CS](https://docs.riak.com/riak/cs/2.1.1/references/apis/storage/s3/index.html) | [OpenIO](https://docs.openio.io/latest/source/arch-design/s3_compliancy.html) |
|
||||||
|
|------------------------------|----------------------------------|-----------------|---------------|---------|-----|
|
||||||
|
| [DeleteBucketPolicy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketPolicy.html) | ❌ Missing | ❌| ❌| ✅ | ❌|
|
||||||
|
| [GetBucketPolicy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketPolicy.html) | ❌ Missing | ❌| ❌| ⚠ | ❌|
|
||||||
|
| [GetBucketPolicyStatus](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketPolicyStatus.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
||||||
|
| [PutBucketPolicy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketPolicy.html) | ❌ Missing | ❌| ❌| ⚠ | ❌|
|
||||||
|
| [GetBucketAcl](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAcl.html) | ❌ Missing | ✅ | ✅ | ✅ | ✅ |
|
||||||
|
| [PutBucketAcl](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAcl.html) | ❌ Missing | ✅ | ✅ | ✅ | ✅ |
|
||||||
|
| [GetObjectAcl](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html) | ❌ Missing | ✅ | ✅ | ✅ | ✅ |
|
||||||
|
| [PutObjectAcl](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectAcl.html) | ❌ Missing | ✅ | ✅ | ✅ | ✅ |
|
||||||
|
|
||||||
|
*Notes:* Ceph claims that it supports bucket policies but does not implement any Policy endpoints. They probably refer to their own permission system. Riak CS only supports a subset of the policy configuration.
|
||||||
|
|
||||||
|
### Versioning, Lifecycle endpoints
|
||||||
|
|
||||||
|
Garage does not support (yet) object versioning.
|
||||||
|
If you need this feature, please [share your use case in our dedicated issue](https://git.deuxfleurs.fr/Deuxfleurs/garage/issues/166).
|
||||||
|
|
||||||
|
| Endpoint | Garage | [Openstack Swift](https://docs.openstack.org/swift/latest/s3_compat.html) | [Ceph Object Gateway](https://docs.ceph.com/en/latest/radosgw/s3/) | [Riak CS](https://docs.riak.com/riak/cs/2.1.1/references/apis/storage/s3/index.html) | [OpenIO](https://docs.openio.io/latest/source/arch-design/s3_compliancy.html) |
|
||||||
|
|------------------------------|----------------------------------|-----------------|---------------|---------|-----|
|
||||||
|
| [DeleteBucketLifecycle](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketLifecycle.html) | ❌ Missing | ❌| ✅| ❌| ✅|
|
||||||
|
| [GetBucketLifecycleConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html) | ❌ Missing | ❌| ⚠ | ❌| ✅|
|
||||||
|
| [PutBucketLifecycleConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html) | ❌ Missing | ❌| ⚠ | ❌| ✅|
|
||||||
|
| [GetBucketVersioning](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html) | ❌ Stub (see below) | ✅| ✅ | ❌| ✅|
|
||||||
|
| [ListObjectVersions](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectVersions.html) | ❌ Missing | ❌| ✅ | ❌| ✅|
|
||||||
|
| [PutBucketVersioning](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketVersioning.html) | ❌ Missing | ❌| ✅| ❌| ✅|
|
||||||
|
|
||||||
|
|
||||||
|
**GetBucketVersioning:** Stub implementation (Garage does not yet support versionning so this always returns "versionning not enabled").
|
||||||
|
|
||||||
|
*Note: Ceph only supports `Expiration`, `NoncurrentVersionExpiration` and `AbortIncompleteMultipartUpload` on its Lifecycle endpoints.*
|
||||||
|
|
||||||
|
### Replication endpoints
|
||||||
|
|
||||||
|
Please open an issue if you have a use case for replication.
|
||||||
|
|
||||||
|
| Endpoint | Garage | [Openstack Swift](https://docs.openstack.org/swift/latest/s3_compat.html) | [Ceph Object Gateway](https://docs.ceph.com/en/latest/radosgw/s3/) | [Riak CS](https://docs.riak.com/riak/cs/2.1.1/references/apis/storage/s3/index.html) | [OpenIO](https://docs.openio.io/latest/source/arch-design/s3_compliancy.html) |
|
||||||
|
|------------------------------|----------------------------------|-----------------|---------------|---------|-----|
|
||||||
|
| [DeleteBucketReplication](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketReplication.html) | ❌ Missing | ❌| ✅ | ❌| ❌|
|
||||||
|
| [GetBucketReplication](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketReplication.html) | ❌ Missing | ❌| ✅ | ❌| ❌|
|
||||||
|
| [PutBucketReplication](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketReplication.html) | ❌ Missing | ❌| ⚠ | ❌| ❌|
|
||||||
|
|
||||||
|
*Note: Ceph documentation briefly says that Ceph supports [replication though the S3 API](https://docs.ceph.com/en/latest/radosgw/multisite-sync-policy/#s3-replication-api) but with some limitations. Additionaly, replication endpoints are not documented in the S3 compatibility page so I don't know what kind of support we can expect.*
|
||||||
|
|
||||||
|
### Locking objects
|
||||||
|
|
||||||
|
Amazon defines a concept of [object locking](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html) that can be achieved either through a Retention period or a Legal hold.
|
||||||
|
|
||||||
|
| Endpoint | Garage | [Openstack Swift](https://docs.openstack.org/swift/latest/s3_compat.html) | [Ceph Object Gateway](https://docs.ceph.com/en/latest/radosgw/s3/) | [Riak CS](https://docs.riak.com/riak/cs/2.1.1/references/apis/storage/s3/index.html) | [OpenIO](https://docs.openio.io/latest/source/arch-design/s3_compliancy.html) |
|
||||||
|
|------------------------------|----------------------------------|-----------------|---------------|---------|-----|
|
||||||
|
| [GetObjectLegalHold](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectLegalHold.html) | ❌ Missing | ❌| ✅ | ❌| ❌|
|
||||||
|
| [PutObjectLegalHold](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectLegalHold.html) | ❌ Missing | ❌| ✅ | ❌| ❌|
|
||||||
|
| [GetObjectRetention](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectRetention.html) | ❌ Missing | ❌| ✅ | ❌| ❌|
|
||||||
|
| [PutObjectRetention](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectRetention.html) | ❌ Missing | ❌| ✅ | ❌| ❌|
|
||||||
|
| [GetObjectLockConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectLockConfiguration.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
||||||
|
| [PutObjectLockConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectLockConfiguration.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
||||||
|
|
||||||
|
### (Server-side) encryption
|
||||||
|
|
||||||
|
We think that you can either encrypt your server partition or do client-side encryption, so we did not implement server-side encryption for Garage.
|
||||||
|
Please open an issue if you have a use case.
|
||||||
|
|
||||||
|
| Endpoint | Garage | [Openstack Swift](https://docs.openstack.org/swift/latest/s3_compat.html) | [Ceph Object Gateway](https://docs.ceph.com/en/latest/radosgw/s3/) | [Riak CS](https://docs.riak.com/riak/cs/2.1.1/references/apis/storage/s3/index.html) | [OpenIO](https://docs.openio.io/latest/source/arch-design/s3_compliancy.html) |
|
||||||
|
|------------------------------|----------------------------------|-----------------|---------------|---------|-----|
|
||||||
|
| [DeleteBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketEncryption.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
||||||
|
| [GetBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
||||||
|
| [PutBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
||||||
|
|
||||||
|
### Misc endpoints
|
||||||
|
|
||||||
|
| Endpoint | Garage | [Openstack Swift](https://docs.openstack.org/swift/latest/s3_compat.html) | [Ceph Object Gateway](https://docs.ceph.com/en/latest/radosgw/s3/) | [Riak CS](https://docs.riak.com/riak/cs/2.1.1/references/apis/storage/s3/index.html) | [OpenIO](https://docs.openio.io/latest/source/arch-design/s3_compliancy.html) |
|
||||||
|
|------------------------------|----------------------------------|-----------------|---------------|---------|-----|
|
||||||
|
| [GetBucketNotificationConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketNotificationConfiguration.html) | ❌ Missing | ❌| ✅ | ❌| ❌|
|
||||||
|
| [PutBucketNotificationConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketNotificationConfiguration.html) | ❌ Missing | ❌| ✅ | ❌| ❌|
|
||||||
|
| [DeleteBucketTagging](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketTagging.html) | ❌ Missing | ❌| ❌| ❌| ✅ |
|
||||||
|
| [GetBucketTagging](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketTagging.html) | ❌ Missing | ❌| ❌| ❌| ✅ |
|
||||||
|
| [PutBucketTagging](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketTagging.html) | ❌ Missing | ❌| ❌| ❌| ✅ |
|
||||||
|
| [DeleteObjectTagging](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObjectTagging.html) | ❌ Missing | ❌| ❌| ❌| ✅ |
|
||||||
|
| [GetObjectTagging](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html) | ❌ Missing | ❌| ❌| ❌| ✅ |
|
||||||
|
| [PutObjectTagging](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectTagging.html) | ❌ Missing | ❌| ❌| ❌| ✅ |
|
||||||
|
| [GetObjectTorrent](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTorrent.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
||||||
|
|
||||||
|
### Vendor specific endpoints
|
||||||
|
|
||||||
|
<details><summary>Display Amazon specifc endpoints</summary>
|
||||||
|
|
||||||
|
|
||||||
|
| Endpoint | Garage | [Openstack Swift](https://docs.openstack.org/swift/latest/s3_compat.html) | [Ceph Object Gateway](https://docs.ceph.com/en/latest/radosgw/s3/) | [Riak CS](https://docs.riak.com/riak/cs/2.1.1/references/apis/storage/s3/index.html) | [OpenIO](https://docs.openio.io/latest/source/arch-design/s3_compliancy.html) |
|
||||||
|
|------------------------------|----------------------------------|-----------------|---------------|---------|-----|
|
||||||
|
| [DeleteBucketAnalyticsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketAnalyticsConfiguration.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
||||||
|
| [DeleteBucketIntelligentTieringConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketIntelligentTieringConfiguration.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
||||||
|
| [DeleteBucketInventoryConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketInventoryConfiguration.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
||||||
|
| [DeleteBucketMetricsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetricsConfiguration.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
||||||
|
| [DeleteBucketOwnershipControls](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketOwnershipControls.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
||||||
|
| [DeletePublicAccessBlock](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
||||||
|
| [GetBucketAccelerateConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAccelerateConfiguration.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
||||||
|
| [GetBucketAnalyticsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAnalyticsConfiguration.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
||||||
|
| [GetBucketIntelligentTieringConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketIntelligentTieringConfiguration.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
||||||
|
| [GetBucketInventoryConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketInventoryConfiguration.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
||||||
|
| [GetBucketLogging](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLogging.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
||||||
|
| [GetBucketMetricsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetricsConfiguration.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
||||||
|
| [GetBucketOwnershipControls](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketOwnershipControls.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
||||||
|
| [GetBucketRequestPayment](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketRequestPayment.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
||||||
|
| [GetPublicAccessBlock](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
||||||
|
| [ListBucketAnalyticsConfigurations](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketAnalyticsConfigurations.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
||||||
|
| [ListBucketIntelligentTieringConfigurations](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketIntelligentTieringConfigurations.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
||||||
|
| [ListBucketInventoryConfigurations](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketInventoryConfigurations.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
||||||
|
| [ListBucketMetricsConfigurations](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketMetricsConfigurations.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
||||||
|
| [PutBucketAccelerateConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAccelerateConfiguration.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
||||||
|
| [PutBucketAnalyticsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAnalyticsConfiguration.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
||||||
|
| [PutBucketIntelligentTieringConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketIntelligentTieringConfiguration.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
||||||
|
| [PutBucketInventoryConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketInventoryConfiguration.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
||||||
|
| [PutBucketLogging](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLogging.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
||||||
|
| [PutBucketMetricsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
||||||
|
| [PutBucketOwnershipControls](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketOwnershipControls.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
||||||
|
| [PutBucketRequestPayment](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketRequestPayment.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
||||||
|
| [PutPublicAccessBlock](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutPublicAccessBlock.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
||||||
|
| [RestoreObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
||||||
|
| [SelectObjectContent](https://docs.aws.amazon.com/AmazonS3/latest/API/API_SelectObjectContent.html) | ❌ Missing | ❌| ❌| ❌| ❌|
|
||||||
|
|
||||||
|
</details>
|
||||||
|
|
13
doc/book/working-documents/_index.md
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
+++
|
||||||
|
title = "Working Documents"
|
||||||
|
weight = 7
|
||||||
|
sort_by = "weight"
|
||||||
|
template = "documentation.html"
|
||||||
|
+++
|
||||||
|
|
||||||
|
Working documents are documents that reflect the fact that Garage is a software that evolves quickly.
|
||||||
|
They are a way to communicate our ideas, our changes, and so on before or while we are implementing them in Garage.
|
||||||
|
If you like to live on the edge, it could also serve as a documentation of our next features to be released.
|
||||||
|
|
||||||
|
Ideally, once the feature/patch has been merged, the working document should serve as a source to
|
||||||
|
update the rest of the documentation and then be removed.
|
109
doc/book/working-documents/compatibility-target.md
Normal file
|
@ -0,0 +1,109 @@
|
||||||
|
+++
|
||||||
|
title = "S3 compatibility target"
|
||||||
|
weight = 5
|
||||||
|
+++
|
||||||
|
|
||||||
|
If there is a specific S3 functionnality you have a need for, feel free to open
|
||||||
|
a PR to put the corresponding endpoints higher in the list. Please explain
|
||||||
|
your motivations for doing so in the PR message.
|
||||||
|
|
||||||
|
| Priority | Endpoints |
|
||||||
|
| -------------------------- | --------- |
|
||||||
|
| **S-tier** (high priority) | |
|
||||||
|
| | HeadBucket |
|
||||||
|
| | GetBucketLocation |
|
||||||
|
| | CreateBucket |
|
||||||
|
| | DeleteBucket |
|
||||||
|
| | ListBuckets |
|
||||||
|
| | ListObjects |
|
||||||
|
| | ListObjectsV2 |
|
||||||
|
| | HeadObject |
|
||||||
|
| | GetObject |
|
||||||
|
| | PutObject |
|
||||||
|
| | CopyObject |
|
||||||
|
| | DeleteObject |
|
||||||
|
| | DeleteObjects |
|
||||||
|
| | CreateMultipartUpload |
|
||||||
|
| | CompleteMultipartUpload |
|
||||||
|
| | AbortMultipartUpload |
|
||||||
|
| | UploadPart |
|
||||||
|
| | ListMultipartUploads |
|
||||||
|
| | ListParts |
|
||||||
|
| **A-tier** | |
|
||||||
|
| | GetBucketCors |
|
||||||
|
| | PutBucketCors |
|
||||||
|
| | DeleteBucketCors |
|
||||||
|
| | UploadPartCopy |
|
||||||
|
| | GetBucketWebsite |
|
||||||
|
| | PutBucketWebsite |
|
||||||
|
| | DeleteBucketWebsite |
|
||||||
|
| | [PostObject](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectPOST.html) |
|
||||||
|
| ~~~~~~~~~~~~~~~~~~~~~~~~~~ | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
||||||
|
| **B-tier** | |
|
||||||
|
| | GetBucketAcl |
|
||||||
|
| | PutBucketAcl |
|
||||||
|
| | GetObjectLockConfiguration |
|
||||||
|
| | PutObjectLockConfiguration |
|
||||||
|
| | GetObjectRetention |
|
||||||
|
| | PutObjectRetention |
|
||||||
|
| | GetObjectLegalHold |
|
||||||
|
| | PutObjectLegalHold |
|
||||||
|
| **C-tier** | |
|
||||||
|
| | GetBucketVersioning |
|
||||||
|
| | PutBucketVersioning |
|
||||||
|
| | ListObjectVersions |
|
||||||
|
| | GetObjectAcl |
|
||||||
|
| | PutObjectAcl |
|
||||||
|
| | GetBucketLifecycleConfiguration |
|
||||||
|
| | PutBucketLifecycleConfiguration |
|
||||||
|
| | DeleteBucketLifecycle |
|
||||||
|
| **garbage-tier** | |
|
||||||
|
| | DeleteBucketEncryption |
|
||||||
|
| | DeleteBucketAnalyticsConfiguration |
|
||||||
|
| | DeleteBucketIntelligentTieringConfiguration |
|
||||||
|
| | DeleteBucketInventoryConfiguration |
|
||||||
|
| | DeleteBucketMetricsConfiguration |
|
||||||
|
| | DeleteBucketOwnershipControls |
|
||||||
|
| | DeleteBucketPolicy |
|
||||||
|
| | DeleteBucketReplication |
|
||||||
|
| | DeleteBucketTagging |
|
||||||
|
| | DeleteObjectTagging |
|
||||||
|
| | DeletePublicAccessBlock |
|
||||||
|
| | GetBucketAccelerateConfiguration |
|
||||||
|
| | GetBucketAnalyticsConfiguration |
|
||||||
|
| | GetBucketEncryption |
|
||||||
|
| | GetBucketIntelligentTieringConfiguration |
|
||||||
|
| | GetBucketInventoryConfiguration |
|
||||||
|
| | GetBucketLogging |
|
||||||
|
| | GetBucketMetricsConfiguration |
|
||||||
|
| | GetBucketNotificationConfiguration |
|
||||||
|
| | GetBucketOwnershipControls |
|
||||||
|
| | GetBucketPolicy |
|
||||||
|
| | GetBucketPolicyStatus |
|
||||||
|
| | GetBucketReplication |
|
||||||
|
| | GetBucketRequestPayment |
|
||||||
|
| | GetBucketTagging |
|
||||||
|
| | GetObjectTagging |
|
||||||
|
| | GetObjectTorrent |
|
||||||
|
| | GetPublicAccessBlock |
|
||||||
|
| | ListBucketAnalyticsConfigurations |
|
||||||
|
| | ListBucketIntelligentTieringConfigurations |
|
||||||
|
| | ListBucketInventoryConfigurations |
|
||||||
|
| | ListBucketMetricsConfigurations |
|
||||||
|
| | PutBucketAccelerateConfiguration |
|
||||||
|
| | PutBucketAnalyticsConfiguration |
|
||||||
|
| | PutBucketEncryption |
|
||||||
|
| | PutBucketIntelligentTieringConfiguration |
|
||||||
|
| | PutBucketInventoryConfiguration |
|
||||||
|
| | PutBucketLogging |
|
||||||
|
| | PutBucketMetricsConfiguration |
|
||||||
|
| | PutBucketNotificationConfiguration |
|
||||||
|
| | PutBucketOwnershipControls |
|
||||||
|
| | PutBucketPolicy |
|
||||||
|
| | PutBucketReplication |
|
||||||
|
| | PutBucketRequestPayment |
|
||||||
|
| | PutBucketTagging |
|
||||||
|
| | PutObjectTagging |
|
||||||
|
| | PutPublicAccessBlock |
|
||||||
|
| | RestoreObject |
|
||||||
|
| | SelectObjectContent |
|
|
@ -1,4 +1,11 @@
|
||||||
**WARNING: this documentation is more a "design draft", which was written before Garage's actual implementation. The general principle is similar but details have not yet been updated.**
|
+++
|
||||||
|
title = "Design draft"
|
||||||
|
weight = 25
|
||||||
|
+++
|
||||||
|
|
||||||
|
**WARNING: this documentation is a design draft which was written before Garage's actual implementation.
|
||||||
|
The general principle are similar, but details have not been updated.**
|
||||||
|
|
||||||
|
|
||||||
#### Modules
|
#### Modules
|
||||||
|
|
||||||
|
@ -155,4 +162,4 @@ Number K of tokens per node: decided by the operator & stored in the operator's
|
||||||
- CDC: <https://www.usenix.org/system/files/conference/atc16/atc16-paper-xia.pdf>
|
- CDC: <https://www.usenix.org/system/files/conference/atc16/atc16-paper-xia.pdf>
|
||||||
- Erasure coding: <http://web.eecs.utk.edu/~jplank/plank/papers/CS-08-627.html>
|
- Erasure coding: <http://web.eecs.utk.edu/~jplank/plank/papers/CS-08-627.html>
|
||||||
- [Openstack Storage Concepts](https://docs.openstack.org/arch-design/design-storage/design-storage-concepts.html)
|
- [Openstack Storage Concepts](https://docs.openstack.org/arch-design/design-storage/design-storage-concepts.html)
|
||||||
- [RADOS](https://ceph.com/wp-content/uploads/2016/08/weil-rados-pdsw07.pdf)
|
- [RADOS](https://doi.org/10.1145/1374596.1374606) [[pdf](https://ceph.com/assets/pdfs/weil-rados-pdsw07.pdf)]
|
|
@ -1,6 +1,13 @@
|
||||||
|
+++
|
||||||
|
title = "Load balancing data"
|
||||||
|
weight = 10
|
||||||
|
+++
|
||||||
|
|
||||||
|
**This is being yet improved in release 0.5. The working document has not been updated yet, it still only applies to Garage 0.2 through 0.4.**
|
||||||
|
|
||||||
I have conducted a quick study of different methods to load-balance data over different Garage nodes using consistent hashing.
|
I have conducted a quick study of different methods to load-balance data over different Garage nodes using consistent hashing.
|
||||||
|
|
||||||
### Requirements
|
## Requirements
|
||||||
|
|
||||||
- *good balancing*: two nodes that have the same announced capacity should receive close to the same number of items
|
- *good balancing*: two nodes that have the same announced capacity should receive close to the same number of items
|
||||||
|
|
||||||
|
@ -13,9 +20,9 @@ I have conducted a quick study of different methods to load-balance data over di
|
||||||
replicas, independently of the order in which nodes were added/removed (this
|
replicas, independently of the order in which nodes were added/removed (this
|
||||||
is to keep the implementation simple)
|
is to keep the implementation simple)
|
||||||
|
|
||||||
### Methods
|
## Methods
|
||||||
|
|
||||||
#### Naive multi-DC ring walking strategy
|
### Naive multi-DC ring walking strategy
|
||||||
|
|
||||||
This strategy can be used with any ring-like algorithm to make it aware of the *multi-datacenter* requirement:
|
This strategy can be used with any ring-like algorithm to make it aware of the *multi-datacenter* requirement:
|
||||||
|
|
||||||
|
@ -36,7 +43,7 @@ This method was implemented in the first version of Garage, with the basic
|
||||||
ring construction from Dynamo DB that consists in associating `n_token` random positions to
|
ring construction from Dynamo DB that consists in associating `n_token` random positions to
|
||||||
each node (I know it's not optimal, the Dynamo paper already studies this).
|
each node (I know it's not optimal, the Dynamo paper already studies this).
|
||||||
|
|
||||||
#### Better rings
|
### Better rings
|
||||||
|
|
||||||
The ring construction that selects `n_token` random positions for each nodes gives a ring of positions that
|
The ring construction that selects `n_token` random positions for each nodes gives a ring of positions that
|
||||||
is not well-balanced: the space between the tokens varies a lot, and some partitions are thus bigger than others.
|
is not well-balanced: the space between the tokens varies a lot, and some partitions are thus bigger than others.
|
||||||
|
@ -148,7 +155,7 @@ removing grisou gipsie : 49.22% 36.52% 12.79% 1.46%
|
||||||
on average: 62.94% 27.89% 8.61% 0.57% <-- WORSE THAN PREVIOUSLY
|
on average: 62.94% 27.89% 8.61% 0.57% <-- WORSE THAN PREVIOUSLY
|
||||||
```
|
```
|
||||||
|
|
||||||
#### The magical solution: multi-DC aware MagLev
|
### The magical solution: multi-DC aware MagLev
|
||||||
|
|
||||||
Suppose we want to select three replicas for each partition (this is what we do in our simulation and in most Garage deployments).
|
Suppose we want to select three replicas for each partition (this is what we do in our simulation and in most Garage deployments).
|
||||||
We apply MagLev three times consecutively, one for each replica selection.
|
We apply MagLev three times consecutively, one for each replica selection.
|
108
doc/book/working-documents/migration-04.md
Normal file
|
@ -0,0 +1,108 @@
|
||||||
|
+++
|
||||||
|
title = "Migrating from 0.3 to 0.4"
|
||||||
|
weight = 20
|
||||||
|
+++
|
||||||
|
|
||||||
|
**Migrating from 0.3 to 0.4 is unsupported. This document is only intended to
|
||||||
|
document the process internally for the Deuxfleurs cluster where we have to do
|
||||||
|
it. Do not try it yourself, you will lose your data and we will not help you.**
|
||||||
|
|
||||||
|
**Migrating from 0.2 to 0.4 will break everything for sure. Never try it.**
|
||||||
|
|
||||||
|
The internal data format of Garage hasn't changed much between 0.3 and 0.4.
|
||||||
|
The Sled database is still the same, and the data directory as well.
|
||||||
|
|
||||||
|
The following has changed, all in the meta directory:
|
||||||
|
|
||||||
|
- `node_id` in 0.3 contains the identifier of the current node. In 0.4, this
|
||||||
|
file does nothing and should be deleted. It is replaced by `node_key` (the
|
||||||
|
secret key) and `node_key.pub` (the associated public key). A node's
|
||||||
|
identifier on the ring is its public key.
|
||||||
|
|
||||||
|
- `peer_info` in 0.3 contains the list of peers saved automatically by Garage.
|
||||||
|
The format has changed and it is now stored in `peer_list` (`peer_info`
|
||||||
|
should be deleted).
|
||||||
|
|
||||||
|
When migrating, all node identifiers will change. This also means that the
|
||||||
|
affectation of data partitions on the ring will change, and lots of data will
|
||||||
|
have to be rebalanced.
|
||||||
|
|
||||||
|
- If your cluster has only 3 nodes, all nodes store everything, therefore nothing has to be rebalanced.
|
||||||
|
|
||||||
|
- If your cluster has only 4 nodes, for any partition there will always be at
|
||||||
|
least 2 nodes that stored data before that still store it after. Therefore
|
||||||
|
the migration should in theory be transparent and Garage should continue to
|
||||||
|
work during the rebalance.
|
||||||
|
|
||||||
|
- If your cluster has 5 or more nodes, data will disappear during the
|
||||||
|
migration. Do not migrate (fortunately we don't have this scenario at
|
||||||
|
Deuxfleurs), or if you do, make Garage unavailable until things stabilize
|
||||||
|
(disable web and api access).
|
||||||
|
|
||||||
|
|
||||||
|
The migration steps are as follows:
|
||||||
|
|
||||||
|
1. Prepare a new configuration file for 0.4. For each node, point to the same
|
||||||
|
meta and data directories as Garage 0.3. Basically, the things that change
|
||||||
|
are the following:
|
||||||
|
|
||||||
|
- No more `rpc_tls` section
|
||||||
|
- You have to generate a shared `rpc_secret` and put it in all config files
|
||||||
|
- `bootstrap_peers` has a different syntax as it has to contain node keys.
|
||||||
|
Leave it empty and use `garage node-id` and `garage node connect` instead (new features of 0.4)
|
||||||
|
- put the publicly accessible RPC address of your node in `rpc_public_addr` if possible (its optional but recommended)
|
||||||
|
- If you are using Consul, change the `consul_service_name` to NOT be the name advertised by Nomad.
|
||||||
|
Now Garage is responsible for advertising its own service itself.
|
||||||
|
|
||||||
|
2. Disable api and web access for some time (Garage does not support disabling
|
||||||
|
these endpoints but you can change the port number or stop your reverse
|
||||||
|
proxy for instance).
|
||||||
|
|
||||||
|
3. Do `garage repair -a --yes tables` and `garage repair -a --yes blocks`,
|
||||||
|
check the logs and check that all data seems to be synced correctly between
|
||||||
|
nodes.
|
||||||
|
|
||||||
|
4. Save somewhere the output of `garage status`. We will need this to remember
|
||||||
|
how to reconfigure nodes in 0.4.
|
||||||
|
|
||||||
|
5. Turn off Garage 0.3
|
||||||
|
|
||||||
|
6. Backup metadata folders if you can (i.e. if you have space to do it
|
||||||
|
somewhere). Backuping data folders could also be usefull but that's much
|
||||||
|
harder to do. If your filesystem supports snapshots, this could be a good
|
||||||
|
time to use them.
|
||||||
|
|
||||||
|
7. Turn on Garage 0.4
|
||||||
|
|
||||||
|
8. At this point, running `garage status` should indicate that all nodes of the
|
||||||
|
previous cluster are "unavailable". The nodes have new identifiers that
|
||||||
|
should appear in healthy nodes once they can talk to one another (use
|
||||||
|
`garage node connect` if necessary`). They should have NO ROLE ASSIGNED at
|
||||||
|
the moment.
|
||||||
|
|
||||||
|
9. Prepare a script with several `garage node configure` commands that replace
|
||||||
|
each of the v0.3 node ID with the corresponding v0.4 node ID, with the same
|
||||||
|
zone/tag/capacity. For example if your node `drosera` had identifier `c24e`
|
||||||
|
before and now has identifier `789a`, and it was configured with capacity
|
||||||
|
`2` in zone `dc1`, put the following command in your script:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
garage node configure 789a -z dc1 -c 2 -t drosera --replace c24e
|
||||||
|
```
|
||||||
|
|
||||||
|
10. Run your reconfiguration script. Check that the new output of `garage
|
||||||
|
status` contains the correct node IDs with the correct values for capacity
|
||||||
|
and zone. Old nodes should no longer be mentioned.
|
||||||
|
|
||||||
|
11. If your cluster has 4 nodes or less, and you are feeling adventurous, you
|
||||||
|
can reenable Web and API access now. Things will probably work.
|
||||||
|
|
||||||
|
12. Garage might already be resyncing stuff. Issue a `garage repair -a --yes
|
||||||
|
tables` and `garage repair -a --yes blocks` to force it to do so.
|
||||||
|
|
||||||
|
13. Wait for resyncing activity to stop in the logs. Do steps 12 and 13 two or
|
||||||
|
three times, until you see that when you issue the repair commands, nothing
|
||||||
|
gets resynced any longer.
|
||||||
|
|
||||||
|
14. Your upgraded cluster should be in a working state. Re-enable API and Web
|
||||||
|
access and check that everything went well.
|
53
doc/book/working-documents/migration-06.md
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
+++
|
||||||
|
title = "Migrating from 0.5 to 0.6"
|
||||||
|
weight = 15
|
||||||
|
+++
|
||||||
|
|
||||||
|
**This guide explains how to migrate to 0.6 if you have an existing 0.5 cluster.
|
||||||
|
We don't recommend trying to migrate to 0.6 directly from 0.4 or older.**
|
||||||
|
|
||||||
|
**We make no guarantee that this migration will work perfectly:
|
||||||
|
back up all your data before attempting it!**
|
||||||
|
|
||||||
|
Garage v0.6 introduces a new data model for buckets,
|
||||||
|
that allows buckets to have many names (aliases).
|
||||||
|
Buckets can also have "private" aliases (called local aliases),
|
||||||
|
which are only visible when using a certain access key.
|
||||||
|
|
||||||
|
This new data model means that the metadata tables have changed quite a bit in structure,
|
||||||
|
and a manual migration step is required.
|
||||||
|
|
||||||
|
The migration steps are as follows:
|
||||||
|
|
||||||
|
1. Disable api and web access for some time (Garage does not support disabling
|
||||||
|
these endpoints but you can change the port number or stop your reverse
|
||||||
|
proxy for instance).
|
||||||
|
|
||||||
|
2. Do `garage repair -a --yes tables` and `garage repair -a --yes blocks`,
|
||||||
|
check the logs and check that all data seems to be synced correctly between
|
||||||
|
nodes.
|
||||||
|
|
||||||
|
4. Turn off Garage 0.5
|
||||||
|
|
||||||
|
5. **Backup your metadata folders!!**
|
||||||
|
|
||||||
|
6. Turn on Garage 0.6
|
||||||
|
|
||||||
|
7. At this point, `garage bucket list` should indicate that no buckets are present
|
||||||
|
in the cluster. `garage key list` should show all of the previously existing
|
||||||
|
access key, however these keys should not have any permissions to access buckets.
|
||||||
|
|
||||||
|
8. Run `garage migrate buckets050`: this will populate the new bucket table with
|
||||||
|
the buckets that existed previously. This will also give access to API keys
|
||||||
|
as it was before.
|
||||||
|
|
||||||
|
9. Do `garage repair -a --yes tables` and `garage repair -a --yes blocks`,
|
||||||
|
check the logs and check that all data seems to be synced correctly between
|
||||||
|
nodes.
|
||||||
|
|
||||||
|
10. Check that all your buckets indeed appear in `garage bucket list`, and that
|
||||||
|
keys have the proper access flags set. If that is not the case, revert
|
||||||
|
everything and file a bug!
|
||||||
|
|
||||||
|
11. Your upgraded cluster should be in a working state. Re-enable API and Web
|
||||||
|
access and check that everything went well.
|
31
doc/book/working-documents/migration-07.md
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
+++
|
||||||
|
title = "Migrating from 0.6 to 0.7"
|
||||||
|
weight = 14
|
||||||
|
+++
|
||||||
|
**This guide explains how to migrate to 0.7 if you have an existing 0.6 cluster.
|
||||||
|
We don't recommend trying to migrate to 0.7 directly from 0.5 or older.**
|
||||||
|
|
||||||
|
**We make no guarantee that this migration will work perfectly:
|
||||||
|
back up all your data before attempting it!**
|
||||||
|
|
||||||
|
Garage v0.7 introduces a cluster protocol change to support request tracing through OpenTelemetry.
|
||||||
|
No data structure is changed, so no data migration is required.
|
||||||
|
|
||||||
|
The migration steps are as follows:
|
||||||
|
|
||||||
|
1. Do `garage repair --all-nodes --yes tables` and `garage repair --all-nodes --yes blocks`,
|
||||||
|
check the logs and check that all data seems to be synced correctly between
|
||||||
|
nodes. If you have time, do additional checks (`scrub`, `block_refs`, etc.)
|
||||||
|
2. Disable api and web access. Garage does not support disabling
|
||||||
|
these endpoints but you can change the port number or stop your reverse
|
||||||
|
proxy for instance.
|
||||||
|
3. Check once again that your cluster is healty. Run again `garage repair --all-nodes --yes tables` which is quick.
|
||||||
|
Also check your queues are empty, run `garage stats` to query them.
|
||||||
|
4. Turn off Garage v0.6
|
||||||
|
5. Backup the metadata folder of all your nodes: `cd /var/lib/garage ; tar -acf meta-v0.6.tar.zst meta/`
|
||||||
|
6. Install Garage v0.7, edit the configuration if you plan to use OpenTelemetry or the Kubernetes integration
|
||||||
|
7. Turn on Garage v0.7
|
||||||
|
8. Do `garage repair --all-nodes --yes tables` and `garage repair --all-nodes --yes blocks`
|
||||||
|
9. Your upgraded cluster should be in a working state. Re-enable API and Web
|
||||||
|
access and check that everything went well.
|
||||||
|
10. Monitor your cluster in the next hours to see if it works well under your production load, report any issue.
|
680
doc/drafts/k2v-spec.md
Normal file
|
@ -0,0 +1,680 @@
|
||||||
|
# Specification of the Garage K2V API (K2V = Key/Key/Value)
|
||||||
|
|
||||||
|
- We are storing triplets of the form `(partition key, sort key, value)` -> no
|
||||||
|
user-defined fields, the client is responsible of writing whatever he wants
|
||||||
|
in the value (typically an encrypted blob). Values are binary blobs, which
|
||||||
|
are always represented as their base64 encoding in the JSON API. Partition
|
||||||
|
keys and sort keys are utf8 strings.
|
||||||
|
|
||||||
|
- Triplets are stored in buckets; each bucket stores a separate set of triplets
|
||||||
|
|
||||||
|
- Bucket names and access keys are the same as for accessing the S3 API
|
||||||
|
|
||||||
|
- K2V triplets exist separately from S3 objects. K2V triplets don't exist for
|
||||||
|
the S3 API, and S3 objects don't exist for the K2V API.
|
||||||
|
|
||||||
|
- Values stored for triplets have associated causality information, that enables
|
||||||
|
Garage to detect concurrent writes. In case of concurrent writes, Garage
|
||||||
|
keeps the concurrent values until a further write supersedes the concurrent
|
||||||
|
values. This is the same method as Riak KV implements. The method used is
|
||||||
|
based on DVVS (dotted version vector sets), described in the paper "Scalable
|
||||||
|
and Accurate Causality Tracking for Eventually Consistent Data Stores", as
|
||||||
|
well as [here](https://github.com/ricardobcl/Dotted-Version-Vectors)
|
||||||
|
|
||||||
|
|
||||||
|
## Data format
|
||||||
|
|
||||||
|
### Triple format
|
||||||
|
|
||||||
|
Triples in K2V are constituted of three fields:
|
||||||
|
|
||||||
|
- a partition key (`pk`), an utf8 string that defines in what partition the
|
||||||
|
triplet is stored; triplets in different partitions cannot be listed together
|
||||||
|
in a ReadBatch command, or deleted together in a DeleteBatch command: a
|
||||||
|
separate command must be included in the ReadBatch/DeleteBatch call for each
|
||||||
|
partition key in which the client wants to read/delete lists of items
|
||||||
|
|
||||||
|
- a sort key (`sk`), an utf8 string that defines the index of the triplet inside its
|
||||||
|
partition; triplets are uniquely idendified by their partition key + sort key
|
||||||
|
|
||||||
|
- a value (`v`), an opaque binary blob associated to the partition key + sort key;
|
||||||
|
they are transmitted as binary when possible but in most case in the JSON API
|
||||||
|
they will be represented as strings using base64 encoding; a value can also
|
||||||
|
be `null` to indicate a deleted triplet (a `null` value is called a tombstone)
|
||||||
|
|
||||||
|
### Causality information
|
||||||
|
|
||||||
|
K2V supports storing several concurrent values associated to a pk+sk, in the
|
||||||
|
case where insertion or deletion operations are detected to be concurrent (i.e.
|
||||||
|
there is not one that was aware of the other, they are not causally dependant
|
||||||
|
one on the other). In practice, it even looks more like the opposite: to
|
||||||
|
overwrite a previously existing value, the client must give a "causality token"
|
||||||
|
that "proves" (not in a cryptographic sense) that it had seen a previous value.
|
||||||
|
Otherwise, the value written will not overwrite an existing value, it will just
|
||||||
|
create a new concurrent value.
|
||||||
|
|
||||||
|
The causality token is a binary/b64-encoded representation of a context,
|
||||||
|
specified below.
|
||||||
|
|
||||||
|
A set of concurrent values looks like this:
|
||||||
|
|
||||||
|
```
|
||||||
|
(node1, tdiscard1, (v1, t1), (v2, t2)) ; tdiscard1 < t1 < t2
|
||||||
|
(node2, tdiscard2, (v3, t3) ; tdiscard2 < t3
|
||||||
|
```
|
||||||
|
|
||||||
|
`tdiscard` for a node `i` means that all values inserted by node `i` with times
|
||||||
|
`<= tdiscard` are obsoleted, i.e. have been read by a client that overwrote it
|
||||||
|
afterwards.
|
||||||
|
|
||||||
|
The associated context would be the following: `[(node1, t2), (node2, t3)]`,
|
||||||
|
i.e. if a node reads this set of values and inserts a new values, we will now
|
||||||
|
have `tdiscard1 = t2` and `tdiscard2 = t3`, to indicate that values v1, v2 and v3
|
||||||
|
are obsoleted by the new write.
|
||||||
|
|
||||||
|
**Basic insertion.** To insert a new value `v4` with context `[(node1, t2), (node2, t3)]`, in a
|
||||||
|
simple case where there was no insertion in-between reading the value
|
||||||
|
mentionned above and writing `v4`, and supposing that node2 receives the
|
||||||
|
InsertItem query:
|
||||||
|
|
||||||
|
- `node2` generates a timestamp `t4` such that `t4 > t3`.
|
||||||
|
- the new state is as follows:
|
||||||
|
|
||||||
|
```
|
||||||
|
(node1, tdiscard1', ()) ; tdiscard1' = t2
|
||||||
|
(node2, tdiscard2', (v4, t4)) ; tdiscard2' = t3
|
||||||
|
```
|
||||||
|
|
||||||
|
**A more complex insertion example.** In the general case, other intermediate values could have
|
||||||
|
been written before `v4` with context `[(node1, t2), (node2, t3)]` is sent to the system.
|
||||||
|
For instance, here is a possible sequence of events:
|
||||||
|
|
||||||
|
1. First we have the set of values v1, v2 and v3 described above.
|
||||||
|
A node reads it, it obtains values v1, v2 and v3 with context `[(node1, t2), (node2, t3)]`.
|
||||||
|
|
||||||
|
2. A node writes a value `v5` with context `[(node1, t1)]`, i.e. `v5` is only a
|
||||||
|
successor of v1 but not of v2 or v3. Suppose node1 receives the write, it
|
||||||
|
will generate a new timestamp `t5` larger than all of the timestamps it
|
||||||
|
knows of, i.e. `t5 > t2`. We will now have:
|
||||||
|
|
||||||
|
```
|
||||||
|
(node1, tdiscard1'', (v2, t2), (v5, t5)) ; tdiscard1'' = t1 < t2 < t5
|
||||||
|
(node2, tdiscard2, (v3, t3) ; tdiscard2 < t3
|
||||||
|
```
|
||||||
|
|
||||||
|
3. Now `v4` is written with context `[(node1, t2), (node2, t3)]`, and node2
|
||||||
|
processes the query. It will generate `t4 > t3` and the state will become:
|
||||||
|
|
||||||
|
```
|
||||||
|
(node1, tdiscard1', (v5, t5)) ; tdiscard1' = t2 < t5
|
||||||
|
(node2, tdiscard2', (v4, t4)) ; tdiscard2' = t3
|
||||||
|
```
|
||||||
|
|
||||||
|
**Generic algorithm for handling insertions:** A certain node n handles the
|
||||||
|
InsertItem and is responsible for the correctness of this procedure.
|
||||||
|
|
||||||
|
1. Lock the key (or the whole table?) at this node to prevent concurrent updates of the value that would mess things up
|
||||||
|
2. Read current set of values
|
||||||
|
3. Generate a new timestamp that is larger than the largest timestamp for node n
|
||||||
|
4. Add the inserted value in the list of values of node n
|
||||||
|
5. Update the discard times to be the times set in the context, and accordingly discard overwritten values
|
||||||
|
6. Release lock
|
||||||
|
7. Propagate updated value to other nodes
|
||||||
|
8. Return to user when propagation achieved the write quorum (propagation to other nodes continues asynchronously)
|
||||||
|
|
||||||
|
**Encoding of contexts:**
|
||||||
|
|
||||||
|
Contexts consist in a list of (node id, timestamp) pairs.
|
||||||
|
They are encoded in binary as follows:
|
||||||
|
|
||||||
|
```
|
||||||
|
checksum: u64, [ node: u64, timestamp: u64 ]*
|
||||||
|
```
|
||||||
|
|
||||||
|
The checksum is just the XOR of all of the node IDs and timestamps.
|
||||||
|
|
||||||
|
Once encoded in binary, contexts are written and transmitted in base64.
|
||||||
|
|
||||||
|
|
||||||
|
### Indexing
|
||||||
|
|
||||||
|
K2V keeps an index, a secondary data structure that is updated asynchronously,
|
||||||
|
that keeps tracks of the number of triplets stored for each partition key.
|
||||||
|
This allows easy listing of all of the partition keys for which triplets exist
|
||||||
|
in a bucket, as the partition key becomes the sort key in the index.
|
||||||
|
|
||||||
|
How indexing works:
|
||||||
|
|
||||||
|
- Each node keeps a local count of how many items it stores for each partition,
|
||||||
|
in a local Sled tree that is updated atomically when an item is modified.
|
||||||
|
- These local counters are asynchronously stored in the index table which is
|
||||||
|
a regular Garage table spread in the network. Counters are stored as LWW values,
|
||||||
|
so basically the final table will have the following structure:
|
||||||
|
|
||||||
|
```
|
||||||
|
- pk: bucket
|
||||||
|
- sk: partition key for which we are counting
|
||||||
|
- v: lwwmap (node id -> number of items)
|
||||||
|
```
|
||||||
|
|
||||||
|
The final number of items present in the partition can be estimated by taking
|
||||||
|
the maximum of the values (i.e. the value for the node that announces having
|
||||||
|
the most items for that partition). In most cases the values for different node
|
||||||
|
IDs should all be the same; more precisely, three node IDs should map to the
|
||||||
|
same non-zero value, and all other node IDs that are present are tombstones
|
||||||
|
that map to zeroes. Note that we need to filter out values from nodes that are
|
||||||
|
no longer part of the cluster layout, as when nodes are removed they won't
|
||||||
|
necessarily have had the time to set their counters to zero.
|
||||||
|
|
||||||
|
## Important details
|
||||||
|
|
||||||
|
**THIS SECTION CONTAINS A FEW WARNINGS ON THE K2V API WHICH ARE IMPORTANT
|
||||||
|
TO UNDERSTAND IN ORDER TO USE IT CORRECTLY.**
|
||||||
|
|
||||||
|
- **Internal server errors on updates do not mean that the update isn't stored.**
|
||||||
|
K2V will return an internal server error when it cannot reach a quorum of nodes on
|
||||||
|
which to save an updated value. However the value may still be stored on just one
|
||||||
|
node, which will then propagate it to other nodes asynchronously via anti-entropy.
|
||||||
|
|
||||||
|
- **Batch operations are not transactions.** When calling InsertBatch or DeleteBatch,
|
||||||
|
items may appear partially inserted/deleted while the operation is being processed.
|
||||||
|
More importantly, if InsertBatch or DeleteBatch returns an internal server error,
|
||||||
|
some of the items to be inserted/deleted might end up inserted/deleted on the server,
|
||||||
|
while others may still have their old value.
|
||||||
|
|
||||||
|
- **Concurrent values are deduplicated.** When inserting a value for a key,
|
||||||
|
Garage might internally end up
|
||||||
|
storing the value several times if there are network errors. These values will end up as
|
||||||
|
concurrent values for a key, with the same byte string (or `null` for a deletion).
|
||||||
|
Garage fixes this by deduplicating concurrent values when they are returned to the
|
||||||
|
user on read operations. Importantly, *Garage does not differentiate between duplicate
|
||||||
|
concurrent values due to the user making the same call twice, or Garage having to
|
||||||
|
do an internal retry*. This means that all duplicate concurrent values are deduplicated
|
||||||
|
when an item is read: if the user inserts twice concurrently the same value, they will
|
||||||
|
only read it once.
|
||||||
|
|
||||||
|
## API Endpoints
|
||||||
|
|
||||||
|
### Operations on single items
|
||||||
|
|
||||||
|
**ReadItem: `GET /<bucket>/<partition key>?sort_key=<sort key>`**
|
||||||
|
|
||||||
|
|
||||||
|
Query parameters:
|
||||||
|
|
||||||
|
| name | default value | meaning |
|
||||||
|
| - | - | - |
|
||||||
|
| `sort_key` | **mandatory** | The sort key of the item to read |
|
||||||
|
|
||||||
|
Returns the item with specified partition key and sort key. Values can be
|
||||||
|
returned in either of two ways:
|
||||||
|
|
||||||
|
1. a JSON array of base64-encoded values, or `null`'s for tombstones, with
|
||||||
|
header `Content-Type: application/json`
|
||||||
|
|
||||||
|
2. in the case where there are no concurrent values, the single present value
|
||||||
|
can be returned directly as the response body (or an HTTP 204 NO CONTENT for
|
||||||
|
a tombstone), with header `Content-Type: application/octet-stream`
|
||||||
|
|
||||||
|
The choice between return formats 1 and 2 is directed by the `Accept` HTTP header:
|
||||||
|
|
||||||
|
- if the `Accept` header is not present, format 1 is always used
|
||||||
|
|
||||||
|
- if `Accept` contains `application/json` but not `application/octet-stream`,
|
||||||
|
format 1 is always used
|
||||||
|
|
||||||
|
- if `Accept` contains `application/octet-stream` but not `application/json`,
|
||||||
|
format 2 is used when there is a single value, and an HTTP error 409 (HTTP
|
||||||
|
409 CONFLICT) is returned in the case of multiple concurrent values
|
||||||
|
(including concurrent tombstones)
|
||||||
|
|
||||||
|
- if `Accept` contains both, format 2 is used when there is a single value, and
|
||||||
|
format 1 is used as a fallback in case of concurrent values
|
||||||
|
|
||||||
|
- if `Accept` contains none, HTTP 406 NOT ACCEPTABLE is raised
|
||||||
|
|
||||||
|
Example query:
|
||||||
|
|
||||||
|
```
|
||||||
|
GET /my_bucket/mailboxes?sort_key=INBOX HTTP/1.1
|
||||||
|
```
|
||||||
|
|
||||||
|
Example response:
|
||||||
|
|
||||||
|
```json
|
||||||
|
HTTP/1.1 200 OK
|
||||||
|
X-Garage-Causality-Token: opaquetoken123
|
||||||
|
Content-Type: application/json
|
||||||
|
|
||||||
|
[
|
||||||
|
"b64cryptoblob123",
|
||||||
|
"b64cryptoblob'123"
|
||||||
|
]
|
||||||
|
```
|
||||||
|
|
||||||
|
Example response in case the item is a tombstone:
|
||||||
|
|
||||||
|
```
|
||||||
|
HTTP/1.1 200 OK
|
||||||
|
X-Garage-Causality-Token: opaquetoken999
|
||||||
|
Content-Type: application/json
|
||||||
|
|
||||||
|
[
|
||||||
|
null
|
||||||
|
]
|
||||||
|
```
|
||||||
|
|
||||||
|
Example query 2:
|
||||||
|
|
||||||
|
```
|
||||||
|
GET /my_bucket/mailboxes?sort_key=INBOX HTTP/1.1
|
||||||
|
Accept: application/octet-stream
|
||||||
|
```
|
||||||
|
|
||||||
|
Example response if multiple concurrent versions exist:
|
||||||
|
|
||||||
|
```
|
||||||
|
HTTP/1.1 409 CONFLICT
|
||||||
|
X-Garage-Causality-Token: opaquetoken123
|
||||||
|
Content-Type: application/octet-stream
|
||||||
|
```
|
||||||
|
|
||||||
|
Example response in case of single value:
|
||||||
|
|
||||||
|
```
|
||||||
|
HTTP/1.1 200 OK
|
||||||
|
X-Garage-Causality-Token: opaquetoken123
|
||||||
|
Content-Type: application/octet-stream
|
||||||
|
|
||||||
|
cryptoblob123
|
||||||
|
```
|
||||||
|
|
||||||
|
Example response in case of a single value that is a tombstone:
|
||||||
|
|
||||||
|
```
|
||||||
|
HTTP/1.1 204 NO CONTENT
|
||||||
|
X-Garage-Causality-Token: opaquetoken123
|
||||||
|
Content-Type: application/octet-stream
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
**PollItem: `GET /<bucket>/<partition key>?sort_key=<sort key>&causality_token=<causality token>`**
|
||||||
|
|
||||||
|
This endpoint will block until a new value is written to a key.
|
||||||
|
|
||||||
|
The GET parameter `causality_token` should be set to the causality
|
||||||
|
token returned with the last read of the key, so that K2V knows
|
||||||
|
what values are concurrent or newer than the ones that the
|
||||||
|
client previously knew.
|
||||||
|
|
||||||
|
This endpoint returns the new value in the same format as ReadItem.
|
||||||
|
If no new value is written and the timeout elapses,
|
||||||
|
an HTTP 304 NOT MODIFIED is returned.
|
||||||
|
|
||||||
|
Query parameters:
|
||||||
|
|
||||||
|
| name | default value | meaning |
|
||||||
|
| - | - | - |
|
||||||
|
| `sort_key` | **mandatory** | The sort key of the item to read |
|
||||||
|
| `causality_token` | **mandatory** | The causality token of the last known value or set of values |
|
||||||
|
| `timeout` | 300 | The timeout before 304 NOT MODIFIED is returned if the value isn't updated |
|
||||||
|
|
||||||
|
The timeout can be set to any number of seconds, with a maximum of 600 seconds (10 minutes).
|
||||||
|
|
||||||
|
|
||||||
|
**InsertItem: `PUT /<bucket>/<partition key>?sort_key=<sort_key>`**
|
||||||
|
|
||||||
|
Inserts a single item. This request does not use JSON, the body is sent directly as a binary blob.
|
||||||
|
|
||||||
|
To supersede previous values, the HTTP header `X-Garage-Causality-Token` should
|
||||||
|
be set to the causality token returned by a previous read on this key. This
|
||||||
|
header can be ommitted for the first writes to the key.
|
||||||
|
|
||||||
|
Example query:
|
||||||
|
|
||||||
|
```
|
||||||
|
PUT /my_bucket/mailboxes?sort_key=INBOX HTTP/1.1
|
||||||
|
X-Garage-Causality-Token: opaquetoken123
|
||||||
|
|
||||||
|
myblobblahblahblah
|
||||||
|
```
|
||||||
|
|
||||||
|
Example response:
|
||||||
|
|
||||||
|
```
|
||||||
|
HTTP/1.1 200 OK
|
||||||
|
```
|
||||||
|
|
||||||
|
**DeleteItem: `DELETE /<bucket>/<partition key>?sort_key=<sort_key>`**
|
||||||
|
|
||||||
|
Deletes a single item. The HTTP header `X-Garage-Causality-Token` must be set
|
||||||
|
to the causality token returned by a previous read on this key, to indicate
|
||||||
|
which versions of the value should be deleted. The request will not process if
|
||||||
|
`X-Garage-Causality-Token` is not set.
|
||||||
|
|
||||||
|
Example query:
|
||||||
|
|
||||||
|
```
|
||||||
|
DELETE /my_bucket/mailboxes?sort_key=INBOX HTTP/1.1
|
||||||
|
X-Garage-Causality-Token: opaquetoken123
|
||||||
|
```
|
||||||
|
|
||||||
|
Example response:
|
||||||
|
|
||||||
|
```
|
||||||
|
HTTP/1.1 204 NO CONTENT
|
||||||
|
```
|
||||||
|
|
||||||
|
### Operations on index
|
||||||
|
|
||||||
|
**ReadIndex: `GET /<bucket>?start=<start>&end=<end>&limit=<limit>`**
|
||||||
|
|
||||||
|
Lists all partition keys in the bucket for which some triplets exist, and gives
|
||||||
|
for each the number of triplets (or an approximation thereof, this value is
|
||||||
|
asynchronously updated, and thus eventually consistent).
|
||||||
|
|
||||||
|
Query parameters:
|
||||||
|
|
||||||
|
| name | default value | meaning |
|
||||||
|
| - | - | - |
|
||||||
|
| `prefix` | `null` | Restrict listing to partition keys that start with this prefix |
|
||||||
|
| `start` | `null` | First partition key to list, in lexicographical order |
|
||||||
|
| `end` | `null` | Last partition key to list (excluded) |
|
||||||
|
| `limit` | `null` | Maximum number of partition keys to list |
|
||||||
|
| `reverse` | `false` | Iterate in reverse lexicographical order |
|
||||||
|
|
||||||
|
The response consists in a JSON object that repeats the parameters of the query and gives the result (see below).
|
||||||
|
|
||||||
|
The listing starts at partition key `start`, or if not specified at the
|
||||||
|
smallest partition key that exists. It returns partition keys in increasing
|
||||||
|
order, or decreasing order if `reverse` is set to `true`,
|
||||||
|
and stops when either of the following conditions is met:
|
||||||
|
|
||||||
|
1. if `end` is specfied, the partition key `end` is reached or surpassed (if it
|
||||||
|
is reached exactly, it is not included in the result)
|
||||||
|
|
||||||
|
2. if `limit` is specified, `limit` partition keys have been listed
|
||||||
|
|
||||||
|
3. no more partition keys are available to list
|
||||||
|
|
||||||
|
In case 2, and if there are more partition keys to list before condition 1
|
||||||
|
triggers, then in the result `more` is set to `true` and `nextStart` is set to
|
||||||
|
the first partition key that couldn't be listed due to the limit. In the first
|
||||||
|
case (if the listing stopped because of the `end` parameter), `more` is not set
|
||||||
|
and the `nextStart` key is not specified.
|
||||||
|
|
||||||
|
Note that if `reverse` is set to `true`, `start` is the highest key
|
||||||
|
(in lexicographical order) for which values are returned.
|
||||||
|
This means that if an `end` is specified, it must be smaller than `start`,
|
||||||
|
otherwise no values will be returned.
|
||||||
|
|
||||||
|
Example query:
|
||||||
|
|
||||||
|
```
|
||||||
|
GET /my_bucket HTTP/1.1
|
||||||
|
```
|
||||||
|
|
||||||
|
Example response:
|
||||||
|
|
||||||
|
```json
|
||||||
|
HTTP/1.1 200 OK
|
||||||
|
|
||||||
|
{
|
||||||
|
prefix: null,
|
||||||
|
start: null,
|
||||||
|
end: null,
|
||||||
|
limit: null,
|
||||||
|
reverse: false,
|
||||||
|
partitionKeys: [
|
||||||
|
{ pk: "keys", n: 3043 },
|
||||||
|
{ pk: "mailbox:INBOX", n: 42 },
|
||||||
|
{ pk: "mailbox:Junk", n: 2991 },
|
||||||
|
{ pk: "mailbox:Trash", n: 10 },
|
||||||
|
{ pk: "mailboxes", n: 3 },
|
||||||
|
],
|
||||||
|
more: false,
|
||||||
|
nextStart: null,
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
### Operations on batches of items
|
||||||
|
|
||||||
|
**InsertBatch: `POST /<bucket>`**
|
||||||
|
|
||||||
|
Simple insertion and deletion of triplets. The body is just a list of items to
|
||||||
|
insert in the following format:
|
||||||
|
`{ pk: "<partition key>", sk: "<sort key>", ct: "<causality token>"|null, v: "<value>"|null }`.
|
||||||
|
|
||||||
|
The causality token should be the one returned in a previous read request (e.g.
|
||||||
|
by ReadItem or ReadBatch), to indicate that this write takes into account the
|
||||||
|
values that were returned from these reads, and supersedes them causally. If
|
||||||
|
the triplet is inserted for the first time, the causality token should be set to
|
||||||
|
`null`.
|
||||||
|
|
||||||
|
The value is expected to be a base64-encoded binary blob. The value `null` can
|
||||||
|
also be used to delete the triplet while preserving causality information: this
|
||||||
|
allows to know if a delete has happenned concurrently with an insert, in which
|
||||||
|
case both are preserved and returned on reads (see below).
|
||||||
|
|
||||||
|
Partition keys and sort keys are utf8 strings which are stored sorted by
|
||||||
|
lexicographical ordering of their binary representation.
|
||||||
|
|
||||||
|
Example query:
|
||||||
|
|
||||||
|
```json
|
||||||
|
POST /my_bucket HTTP/1.1
|
||||||
|
|
||||||
|
[
|
||||||
|
{ pk: "mailbox:INBOX", sk: "001892831", ct: "opaquetoken321", v: "b64cryptoblob321updated" },
|
||||||
|
{ pk: "mailbox:INBOX", sk: "001892912", ct: null, v: "b64cryptoblob444" },
|
||||||
|
{ pk: "mailbox:INBOX", sk: "001892932", ct: "opaquetoken654", v: null },
|
||||||
|
]
|
||||||
|
```
|
||||||
|
|
||||||
|
Example response:
|
||||||
|
|
||||||
|
```
|
||||||
|
HTTP/1.1 200 OK
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
**ReadBatch: `POST /<bucket>?search`**, or alternatively<br/>
|
||||||
|
**ReadBatch: `SEARCH /<bucket>`**
|
||||||
|
|
||||||
|
Batch read of triplets in a bucket.
|
||||||
|
|
||||||
|
The request body is a JSON list of searches, that each specify a range of
|
||||||
|
items to get (to get single items, set `singleItem` to `true`). A search is a
|
||||||
|
JSON struct with the following fields:
|
||||||
|
|
||||||
|
| name | default value | meaning |
|
||||||
|
| - | - | - |
|
||||||
|
| `partitionKey` | **mandatory** | The partition key in which to search |
|
||||||
|
| `prefix` | `null` | Restrict items to list to those whose sort keys start with this prefix |
|
||||||
|
| `start` | `null` | The sort key of the first item to read |
|
||||||
|
| `end` | `null` | The sort key of the last item to read (excluded) |
|
||||||
|
| `limit` | `null` | The maximum number of items to return |
|
||||||
|
| `reverse` | `false` | Iterate in reverse lexicographical order on sort keys |
|
||||||
|
| `singleItem` | `false` | Whether to return only the item with sort key `start` |
|
||||||
|
| `conflictsOnly` | `false` | Whether to return only items that have several concurrent values |
|
||||||
|
| `tombstones` | `false` | Whether or not to return tombstone lines to indicate the presence of old deleted items |
|
||||||
|
|
||||||
|
|
||||||
|
For each of the searches, triplets are listed and returned separately. The
|
||||||
|
semantics of `prefix`, `start`, `end`, `limit` and `reverse` are the same as for ReadIndex. The
|
||||||
|
additionnal parameter `singleItem` allows to get a single item, whose sort key
|
||||||
|
is the one given in `start`. Parameters `conflictsOnly` and `tombstones`
|
||||||
|
control additional filters on the items that are returned.
|
||||||
|
|
||||||
|
The result is a list of length the number of searches, that consists in for
|
||||||
|
each search a JSON object specified similarly to the result of ReadIndex, but
|
||||||
|
that lists triplets within a partition key.
|
||||||
|
|
||||||
|
The format of returned tuples is as follows: `{ sk: "<sort key>", ct: "<causality
|
||||||
|
token>", v: ["<value1>", ...] }`, with the following fields:
|
||||||
|
|
||||||
|
- `sk` (sort key): any unicode string used as a sort key
|
||||||
|
|
||||||
|
- `ct` (causality token): an opaque token served by the server (generally
|
||||||
|
base64-encoded) to be used in subsequent writes to this key
|
||||||
|
|
||||||
|
- `v` (list of values): each value is a binary blob, always base64-encoded;
|
||||||
|
contains multiple items when concurrent values exists
|
||||||
|
|
||||||
|
- in case of concurrent update and deletion, a `null` is added to the list of concurrent values
|
||||||
|
|
||||||
|
- if the `tombstones` query parameter is set to `true`, tombstones are returned
|
||||||
|
for items that have been deleted (this can be usefull for inserting after an
|
||||||
|
item that has been deleted, so that the insert is not considered
|
||||||
|
concurrent with the delete). Tombstones are returned as tuples in the
|
||||||
|
same format with only `null` values
|
||||||
|
|
||||||
|
Example query:
|
||||||
|
|
||||||
|
```json
|
||||||
|
POST /my_bucket?search HTTP/1.1
|
||||||
|
|
||||||
|
[
|
||||||
|
{
|
||||||
|
partitionKey: "mailboxes",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
partitionKey: "mailbox:INBOX",
|
||||||
|
start: "001892831",
|
||||||
|
limit: 3,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
partitionKey: "keys",
|
||||||
|
start: "0",
|
||||||
|
singleItem: true,
|
||||||
|
},
|
||||||
|
]
|
||||||
|
```
|
||||||
|
|
||||||
|
Example associated response body:
|
||||||
|
|
||||||
|
```json
|
||||||
|
HTTP/1.1 200 OK
|
||||||
|
|
||||||
|
[
|
||||||
|
{
|
||||||
|
partitionKey: "mailboxes",
|
||||||
|
prefix: null,
|
||||||
|
start: null,
|
||||||
|
end: null,
|
||||||
|
limit: null,
|
||||||
|
reverse: false,
|
||||||
|
conflictsOnly: false,
|
||||||
|
tombstones: false,
|
||||||
|
singleItem: false,
|
||||||
|
items: [
|
||||||
|
{ sk: "INBOX", ct: "opaquetoken123", v: ["b64cryptoblob123", "b64cryptoblob'123"] },
|
||||||
|
{ sk: "Trash", ct: "opaquetoken456", v: ["b64cryptoblob456"] },
|
||||||
|
{ sk: "Junk", ct: "opaquetoken789", v: ["b64cryptoblob789"] },
|
||||||
|
],
|
||||||
|
more: false,
|
||||||
|
nextStart: null,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
partitionKey: "mailbox::INBOX",
|
||||||
|
prefix: null,
|
||||||
|
start: "001892831",
|
||||||
|
end: null,
|
||||||
|
limit: 3,
|
||||||
|
reverse: false,
|
||||||
|
conflictsOnly: false,
|
||||||
|
tombstones: false,
|
||||||
|
singleItem: false,
|
||||||
|
items: [
|
||||||
|
{ sk: "001892831", ct: "opaquetoken321", v: ["b64cryptoblob321"] },
|
||||||
|
{ sk: "001892832", ct: "opaquetoken654", v: ["b64cryptoblob654"] },
|
||||||
|
{ sk: "001892874", ct: "opaquetoken987", v: ["b64cryptoblob987"] },
|
||||||
|
],
|
||||||
|
more: true,
|
||||||
|
nextStart: "001892898",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
partitionKey: "keys",
|
||||||
|
prefix: null,
|
||||||
|
start: "0",
|
||||||
|
end: null,
|
||||||
|
conflictsOnly: false,
|
||||||
|
tombstones: false,
|
||||||
|
limit: null,
|
||||||
|
reverse: false,
|
||||||
|
singleItem: true,
|
||||||
|
items: [
|
||||||
|
{ sk: "0", ct: "opaquetoken999", v: ["b64binarystuff999"] },
|
||||||
|
],
|
||||||
|
more: false,
|
||||||
|
nextStart: null,
|
||||||
|
},
|
||||||
|
]
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
**DeleteBatch: `POST /<bucket>?delete`**
|
||||||
|
|
||||||
|
Batch deletion of triplets. The request format is the same for `POST
|
||||||
|
/<bucket>?search` to indicate items or range of items, except that here they
|
||||||
|
are deleted instead of returned, but only the fields `partitionKey`, `prefix`, `start`,
|
||||||
|
`end`, and `singleItem` are supported. Causality information is not given by
|
||||||
|
the user: this request will internally list all triplets and write deletion
|
||||||
|
markers that supersede all of the versions that have been read.
|
||||||
|
|
||||||
|
This request returns for each series of items to be deleted, the number of
|
||||||
|
matching items that have been found and deleted.
|
||||||
|
|
||||||
|
Example query:
|
||||||
|
|
||||||
|
```json
|
||||||
|
POST /my_bucket?delete HTTP/1.1
|
||||||
|
|
||||||
|
[
|
||||||
|
{
|
||||||
|
partitionKey: "mailbox:OldMailbox",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
partitionKey: "mailbox:INBOX",
|
||||||
|
start: "0018928321",
|
||||||
|
singleItem: true,
|
||||||
|
},
|
||||||
|
]
|
||||||
|
```
|
||||||
|
|
||||||
|
Example response:
|
||||||
|
|
||||||
|
```
|
||||||
|
HTTP/1.1 200 OK
|
||||||
|
|
||||||
|
[
|
||||||
|
{
|
||||||
|
partitionKey: "mailbox:OldMailbox",
|
||||||
|
prefix: null,
|
||||||
|
start: null,
|
||||||
|
end: null,
|
||||||
|
singleItem: false,
|
||||||
|
deletedItems: 35,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
partitionKey: "mailbox:INBOX",
|
||||||
|
prefix: null,
|
||||||
|
start: "0018928321",
|
||||||
|
end: null,
|
||||||
|
singleItem: true,
|
||||||
|
deletedItems: 1,
|
||||||
|
},
|
||||||
|
]
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
## Internals: causality tokens
|
||||||
|
|
||||||
|
The method used is based on DVVS (dotted version vector sets). See:
|
||||||
|
|
||||||
|
- the paper "Scalable and Accurate Causality Tracking for Eventually Consistent Data Stores"
|
||||||
|
- <https://github.com/ricardobcl/Dotted-Version-Vectors>
|
||||||
|
|
||||||
|
For DVVS to work, write operations (at each node) must take a lock on the data table.
|
BIN
doc/logo/garage-dark-notext.png
Normal file
After Width: | Height: | Size: 8.1 KiB |
113
doc/logo/garage-dark-notext.svg
Normal file
|
@ -0,0 +1,113 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||||
|
<svg
|
||||||
|
xmlns:dc="http://purl.org/dc/elements/1.1/"
|
||||||
|
xmlns:cc="http://creativecommons.org/ns#"
|
||||||
|
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
|
||||||
|
xmlns:svg="http://www.w3.org/2000/svg"
|
||||||
|
xmlns="http://www.w3.org/2000/svg"
|
||||||
|
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
|
||||||
|
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
|
||||||
|
width="250"
|
||||||
|
height="250"
|
||||||
|
viewBox="0 0 66.145832 66.145831"
|
||||||
|
version="1.1"
|
||||||
|
id="svg916"
|
||||||
|
inkscape:version="1.0.2 (e86c870879, 2021-01-15)"
|
||||||
|
sodipodi:docname="garage-dark-notext.svg"
|
||||||
|
inkscape:export-filename="/home/lx/Deuxfleurs/garage/garage-dark-notext.png"
|
||||||
|
inkscape:export-xdpi="96"
|
||||||
|
inkscape:export-ydpi="96">
|
||||||
|
<defs
|
||||||
|
id="defs910" />
|
||||||
|
<sodipodi:namedview
|
||||||
|
id="base"
|
||||||
|
pagecolor="#ffffff"
|
||||||
|
bordercolor="#666666"
|
||||||
|
borderopacity="1.0"
|
||||||
|
inkscape:pageopacity="0.0"
|
||||||
|
inkscape:pageshadow="2"
|
||||||
|
inkscape:zoom="2.3640695"
|
||||||
|
inkscape:cx="127.28732"
|
||||||
|
inkscape:cy="150.37984"
|
||||||
|
inkscape:document-units="mm"
|
||||||
|
inkscape:current-layer="layer1"
|
||||||
|
inkscape:document-rotation="0"
|
||||||
|
showgrid="false"
|
||||||
|
fit-margin-top="0"
|
||||||
|
fit-margin-left="0"
|
||||||
|
fit-margin-right="0"
|
||||||
|
fit-margin-bottom="0"
|
||||||
|
units="px"
|
||||||
|
inkscape:window-width="1920"
|
||||||
|
inkscape:window-height="1039"
|
||||||
|
inkscape:window-x="0"
|
||||||
|
inkscape:window-y="20"
|
||||||
|
inkscape:window-maximized="0" />
|
||||||
|
<metadata
|
||||||
|
id="metadata913">
|
||||||
|
<rdf:RDF>
|
||||||
|
<cc:Work
|
||||||
|
rdf:about="">
|
||||||
|
<dc:format>image/svg+xml</dc:format>
|
||||||
|
<dc:type
|
||||||
|
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
|
||||||
|
<dc:title></dc:title>
|
||||||
|
</cc:Work>
|
||||||
|
</rdf:RDF>
|
||||||
|
</metadata>
|
||||||
|
<g
|
||||||
|
inkscape:label="Layer 1"
|
||||||
|
inkscape:groupmode="layer"
|
||||||
|
id="layer1"
|
||||||
|
transform="translate(-141.5009,-98.254059)">
|
||||||
|
<rect
|
||||||
|
style="fill:#4e4e4e;fill-opacity:1;stroke-width:1.01574"
|
||||||
|
id="rect858"
|
||||||
|
width="66.592186"
|
||||||
|
height="66.832306"
|
||||||
|
x="141.5009"
|
||||||
|
y="98.056282" />
|
||||||
|
<g
|
||||||
|
id="g1775"
|
||||||
|
transform="matrix(1.9019239,0,0,1.9019239,-157.45231,-108.13709)">
|
||||||
|
<path
|
||||||
|
class="cls-2"
|
||||||
|
d="m 187.70646,127.72029 a 0.39366647,0.39366647 0 0 1 -0.0176,0.1366 0.02790919,0.02790919 0 0 1 0,0.0117 l -0.0176,0.0455 v 0 l -0.0176,0.0338 -2.83058,5.59653 c -0.39367,0.77705 -1.11784,0.75355 -0.99592,-0.0323 l 0.56994,-3.18164 c 0.0191,-0.1043 0.18655,-0.83875 0.34666,-1.37049 l -5.46286,1.7054 c -0.85784,5.57155 -8.18914,5.66409 -9.38483,0 l -5.47461,-1.70981 c 0.16011,0.53174 0.32904,1.2706 0.34813,1.3749 l 0.56994,3.18164 c 0.12192,0.78587 -0.60225,0.80937 -0.99592,0.0323 l -2.84822,-5.63031 a 0.20417776,0.20417776 0 0 1 -0.0176,-0.047 0.42304456,0.42304456 0 0 1 0.22181,-0.56552 l 11.69689,-5.17495 a 2.9113691,2.9113691 0 0 1 2.35024,0 l 11.69689,5.17495 a 0.41863785,0.41863785 0 0 1 0.26293,0.41864 z"
|
||||||
|
id="path24-31"
|
||||||
|
style="stroke-width:0.146891" />
|
||||||
|
<path
|
||||||
|
class="cls-3"
|
||||||
|
d="m 178.30988,128.69564 5.05744,-2.03591 a 0.21446009,0.21446009 0 0 0 0,-0.39807 c -0.58756,-0.2453 -1.3132,-0.52733 -2.02415,-0.82259 -0.13073,-0.0543 -1.36902,0.83434 -1.48213,0.92542 l -2.17985,1.74212 c -0.52734,0.44214 -0.0705,0.86959 0.62869,0.58903 z"
|
||||||
|
id="path26-9"
|
||||||
|
style="stroke-width:0.146891" />
|
||||||
|
<circle
|
||||||
|
class="cls-3"
|
||||||
|
cx="174.64349"
|
||||||
|
cy="130.68452"
|
||||||
|
r="2.6366842"
|
||||||
|
id="circle28-4"
|
||||||
|
style="stroke-width:0.146891" />
|
||||||
|
<path
|
||||||
|
id="path24-3-6-9-0"
|
||||||
|
style="fill:#ff9329;fill-opacity:1;stroke-width:0.146891"
|
||||||
|
d="m 174.54269,116.93385 a 2.9113691,2.9113691 0 0 0 -1.14618,0.24753 l -11.69696,5.17488 a 0.42304456,0.42304456 0 0 0 -0.22169,0.56586 0.20417776,0.20417776 0 0 0 0.0176,0.047 l 0.79634,1.57355 11.10475,-4.91288 a 2.9113691,2.9113691 0 0 1 1.14618,-0.24753 2.9113691,2.9113691 0 0 1 1.20406,0.24753 l 11.12387,4.92115 0.7829,-1.54823 0.0176,-0.0336 0.0181,-0.0455 a 0.02790919,0.02790919 0 0 0 0,-0.0119 0.39366647,0.39366647 0 0 0 0.0176,-0.13642 0.41863785,0.41863785 0 0 0 -0.26303,-0.4191 l -11.69697,-5.17488 a 2.9113691,2.9113691 0 0 0 -1.20406,-0.24753 z m -10.12134,9.52449 c 0.0218,0.0723 0.0408,0.14674 0.0615,0.22066 h 0.51831 l -0.008,-0.0419 z m 20.32227,0.005 -0.57103,0.17828 -0.007,0.0377 h 0.5178 c 0.0202,-0.0723 0.0386,-0.14514 0.0599,-0.216 z" />
|
||||||
|
<path
|
||||||
|
class="cls-2"
|
||||||
|
d="m 187.70647,127.72029 a 0.39366647,0.39366647 0 0 1 -0.0176,0.13661 0.02790919,0.02790919 0 0 1 0,0.0117 l -0.0176,0.0455 v 0 l -0.0176,0.0338 -2.83058,5.59652 c -0.39366,0.77705 -1.11783,0.75355 -0.99591,-0.0323 l 0.56993,-3.18165 c 0.0191,-0.10429 0.18655,-0.83874 0.34666,-1.37049 l -5.46285,1.7054 c -0.85784,5.57156 -8.18915,5.6641 -9.38484,0 l -5.4746,-1.70981 c 0.16011,0.53175 0.32903,1.27061 0.34813,1.3749 l 0.56993,3.18165 c 0.12192,0.78586 -0.60225,0.80936 -0.99592,0.0323 l -2.84822,-5.63031 a 0.20417776,0.20417776 0 0 1 -0.0176,-0.047 0.42304456,0.42304456 0 0 1 0.22181,-0.56553 l 11.69688,-5.17495 a 2.9113691,2.9113691 0 0 1 2.35025,0 l 11.69689,5.17495 a 0.41863785,0.41863785 0 0 1 0.26293,0.41864 z"
|
||||||
|
id="path24-0-3"
|
||||||
|
style="fill:#ff9329;fill-opacity:1;stroke-width:0.146891" />
|
||||||
|
<path
|
||||||
|
class="cls-3"
|
||||||
|
d="m 178.30988,128.69564 5.05744,-2.0359 a 0.21446009,0.21446009 0 0 0 0,-0.39807 c -0.58756,-0.24531 -1.3132,-0.52734 -2.02415,-0.82259 -0.13073,-0.0543 -1.36902,0.83434 -1.48212,0.92541 l -2.17986,1.74212 c -0.52734,0.44214 -0.0705,0.86959 0.62869,0.58903 z"
|
||||||
|
id="path26-2-2"
|
||||||
|
style="fill:#4e4e4e;fill-opacity:1;stroke-width:0.146891" />
|
||||||
|
<circle
|
||||||
|
class="cls-3"
|
||||||
|
cx="174.64349"
|
||||||
|
cy="130.68452"
|
||||||
|
r="2.6366842"
|
||||||
|
id="circle28-3-0"
|
||||||
|
style="fill:#4e4e4e;fill-opacity:1;stroke-width:0.146891" />
|
||||||
|
</g>
|
||||||
|
</g>
|
||||||
|
</svg>
|
After Width: | Height: | Size: 5.8 KiB |
174
doc/logo/garage-dark.svg
Normal file
|
@ -0,0 +1,174 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||||
|
<svg
|
||||||
|
xmlns:dc="http://purl.org/dc/elements/1.1/"
|
||||||
|
xmlns:cc="http://creativecommons.org/ns#"
|
||||||
|
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
|
||||||
|
xmlns:svg="http://www.w3.org/2000/svg"
|
||||||
|
xmlns="http://www.w3.org/2000/svg"
|
||||||
|
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
|
||||||
|
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
|
||||||
|
width="250"
|
||||||
|
height="250"
|
||||||
|
viewBox="0 0 66.145832 66.145831"
|
||||||
|
version="1.1"
|
||||||
|
id="svg916"
|
||||||
|
inkscape:version="1.0.2 (e86c870879, 2021-01-15)"
|
||||||
|
sodipodi:docname="garage-dark.svg">
|
||||||
|
<defs
|
||||||
|
id="defs910" />
|
||||||
|
<sodipodi:namedview
|
||||||
|
id="base"
|
||||||
|
pagecolor="#ffffff"
|
||||||
|
bordercolor="#666666"
|
||||||
|
borderopacity="1.0"
|
||||||
|
inkscape:pageopacity="0.0"
|
||||||
|
inkscape:pageshadow="2"
|
||||||
|
inkscape:zoom="2.3640695"
|
||||||
|
inkscape:cx="132.7426"
|
||||||
|
inkscape:cy="151.74366"
|
||||||
|
inkscape:document-units="mm"
|
||||||
|
inkscape:current-layer="layer1"
|
||||||
|
inkscape:document-rotation="0"
|
||||||
|
showgrid="false"
|
||||||
|
fit-margin-top="0"
|
||||||
|
fit-margin-left="0"
|
||||||
|
fit-margin-right="0"
|
||||||
|
fit-margin-bottom="0"
|
||||||
|
units="px"
|
||||||
|
inkscape:window-width="1920"
|
||||||
|
inkscape:window-height="1039"
|
||||||
|
inkscape:window-x="0"
|
||||||
|
inkscape:window-y="20"
|
||||||
|
inkscape:window-maximized="0" />
|
||||||
|
<metadata
|
||||||
|
id="metadata913">
|
||||||
|
<rdf:RDF>
|
||||||
|
<cc:Work
|
||||||
|
rdf:about="">
|
||||||
|
<dc:format>image/svg+xml</dc:format>
|
||||||
|
<dc:type
|
||||||
|
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
|
||||||
|
<dc:title></dc:title>
|
||||||
|
</cc:Work>
|
||||||
|
</rdf:RDF>
|
||||||
|
</metadata>
|
||||||
|
<g
|
||||||
|
inkscape:label="Layer 1"
|
||||||
|
inkscape:groupmode="layer"
|
||||||
|
id="layer1"
|
||||||
|
transform="translate(-141.5009,-98.254059)">
|
||||||
|
<rect
|
||||||
|
style="fill:#4e4e4e;fill-opacity:1;stroke-width:1.01574"
|
||||||
|
id="rect858"
|
||||||
|
width="66.592186"
|
||||||
|
height="66.832306"
|
||||||
|
x="141.5009"
|
||||||
|
y="98.056282" />
|
||||||
|
<g
|
||||||
|
id="g1637"
|
||||||
|
transform="translate(1.5164686,-0.22143797)">
|
||||||
|
<g
|
||||||
|
id="g1034-5"
|
||||||
|
transform="matrix(0.26458333,0,0,0.26458333,140.0054,98.562655)">
|
||||||
|
<path
|
||||||
|
class="cls-1"
|
||||||
|
d="m 85.377935,159.38378 5.163143,-0.0333 h 0.06662 q 2.864711,0 2.864711,2.69816 v 8.69407 a 24.849705,24.849705 0 0 1 -8.649651,1.43235 q -4.730105,0 -7.128468,-3.21447 -2.398363,-3.21447 -2.398363,-8.76068 0,-5.55177 2.981299,-8.62745 a 9.7600046,9.7600046 0 0 1 7.29502,-3.08123 13.368653,13.368653 0 0 1 7.811335,2.43167 3.9250986,3.9250986 0 0 1 -0.682867,1.76547 4.7634152,4.7634152 0 0 1 -1.282458,1.33242 9.798867,9.798867 0 0 0 -5.679457,-1.96533 5.3574542,5.3574542 0 0 0 -4.480275,2.04861 q -1.598909,2.03749 -1.598909,6.41229 0,8.22771 6.062529,8.22771 a 16.910679,16.910679 0 0 0 3.697476,-0.43303 v -3.16451 q 0,-1.49898 0.06662,-2.22071 h -2.442777 a 2.2873276,2.2873276 0 0 1 -1.515632,-0.41638 1.6655298,1.6655298 0 0 1 -0.483004,-1.33242 5.7072154,5.7072154 0 0 1 0.333106,-1.79322 z"
|
||||||
|
id="path8-2"
|
||||||
|
style="stroke-width:0.555177" />
|
||||||
|
<path
|
||||||
|
class="cls-1"
|
||||||
|
d="m 111.07151,169.8433 a 4.3137222,4.3137222 0 0 1 -0.55518,1.18253 4.0305821,4.0305821 0 0 1 -0.84942,0.94935 3.7640973,3.7640973 0 0 1 -3.05902,-1.95422 6.7453957,6.7453957 0 0 1 -4.76342,2.13188 q -2.564913,0 -3.886233,-1.49898 a 5.1298318,5.1298318 0 0 1 -1.299113,-3.4643 q 0,-2.77588 1.815427,-4.21379 a 7.3338829,7.3338829 0 0 1 4.669039,-1.3935 q 1.53228,0 2.89802,0.13325 v -0.99932 q 0,-2.63154 -2.53161,-2.63154 -1.79877,0 -5.096518,1.19918 a 4.674587,4.674587 0 0 1 -1.110353,-2.96464 18.581761,18.581761 0 0 1 7.217291,-1.49898 5.8682167,5.8682167 0 0 1 4.0639,1.39905 q 1.56559,1.39904 1.56559,4.23044 v 6.79537 q -0.0111,1.83208 0.9216,2.59822 z m -8.36096,-0.83276 a 4.7134493,4.7134493 0 0 0 3.33106,-1.59891 v -2.94244 a 22.368065,22.368065 0 0 0 -2.53161,-0.13324 2.775883,2.775883 0 0 0 -2.06525,0.68842 2.3928111,2.3928111 0 0 0 -0.69953,1.76546 2.3539488,2.3539488 0 0 0 0.55518,1.66553 1.8431863,1.8431863 0 0 0 1.41015,0.55518 z"
|
||||||
|
id="path10-28"
|
||||||
|
style="stroke-width:0.555177" />
|
||||||
|
<path
|
||||||
|
class="cls-1"
|
||||||
|
d="m 113.76966,157.11865 a 3.986168,3.986168 0 0 1 0.55518,-1.21583 3.3310596,3.3310596 0 0 1 0.84942,-0.94935 4.1638245,4.1638245 0 0 1 3.51427,2.96464 q 1.33242,-2.96464 4.29707,-2.96464 a 10.215249,10.215249 0 0 1 1.93201,0.23317 7.4782288,7.4782288 0 0 1 -0.99932,3.88624 8.4497879,8.4497879 0 0 0 -1.49897,-0.19987 q -2.03195,0 -3.26444,2.16519 v 10.64829 a 11.575432,11.575432 0 0 1 -2.03195,0.16655 12.769062,12.769062 0 0 1 -2.09857,-0.16655 v -11.15905 q -0.0222,-2.40947 -1.2547,-3.40879 z"
|
||||||
|
id="path12-9"
|
||||||
|
style="stroke-width:0.555177" />
|
||||||
|
<path
|
||||||
|
class="cls-1"
|
||||||
|
d="m 140.38483,169.8433 a 4.3137222,4.3137222 0 0 1 -0.58293,1.18253 4.0305821,4.0305821 0 0 1 -0.84942,0.94935 3.7640973,3.7640973 0 0 1 -3.05348,-1.95422 6.7453957,6.7453957 0 0 1 -4.76341,2.13188 q -2.56492,0 -3.88624,-1.49898 a 5.1298318,5.1298318 0 0 1 -1.29911,-3.4643 q 0,-2.77588 1.81543,-4.21379 a 7.3338829,7.3338829 0 0 1 4.64682,-1.4157 q 1.53229,0 2.89803,0.13324 v -0.99932 q 0,-2.63153 -2.53161,-2.63153 -1.79877,0 -5.09652,1.19918 a 4.674587,4.674587 0 0 1 -1.11035,-2.96465 18.581761,18.581761 0 0 1 7.21729,-1.49897 5.8682167,5.8682167 0 0 1 4.0639,1.39904 q 1.56559,1.39905 1.56559,4.23045 v 6.81757 q 0.0333,1.83208 0.96601,2.59822 z m -8.37206,-0.83276 a 4.7134493,4.7134493 0 0 0 3.33106,-1.59891 v -2.94244 a 22.368065,22.368065 0 0 0 -2.53161,-0.13324 2.775883,2.775883 0 0 0 -2.06526,0.69952 2.3928111,2.3928111 0 0 0 -0.69952,1.76546 2.3539488,2.3539488 0 0 0 0.55518,1.66553 1.8431863,1.8431863 0 0 0 1.41015,0.54408 z"
|
||||||
|
id="path14-7"
|
||||||
|
style="stroke-width:0.555177" />
|
||||||
|
<path
|
||||||
|
class="cls-1"
|
||||||
|
d="m 144.48203,169.71006 q -1.49897,-2.29843 -1.49897,-6.34567 0,-4.04724 1.8987,-6.34567 a 5.740526,5.740526 0 0 1 4.56355,-2.29843 6.4400486,6.4400486 0 0 1 4.49693,1.66553 3.7696491,3.7696491 0 0 1 2.63154,-1.43235 3.1200925,3.1200925 0 0 1 0.88273,0.93269 3.8862362,3.8862362 0 0 1 0.55518,1.16587 q -0.9327,0.79946 -0.9327,2.86472 v 9.438 q 0,5.29638 -1.73215,7.49488 -1.73215,2.1985 -5.69611,2.22071 a 16.100121,16.100121 0 0 1 -5.9626,-1.11036 4.4802752,4.4802752 0 0 1 1.03263,-3.03126 10.892565,10.892565 0 0 0 4.48028,1.03263 q 2.18184,0 3.0146,-1.11035 a 4.9965894,4.9965894 0 0 0 0.83277,-3.06458 V 170.454 a 6.4011862,6.4011862 0 0 1 -4.16383,1.56559 4.9188647,4.9188647 0 0 1 -4.40255,-2.30953 z m 8.56083,-2.69816 v -7.72806 a 4.2915151,4.2915151 0 0 0 -2.86471,-1.36573 2.4039147,2.4039147 0 0 0 -2.18185,1.43235 8.6885138,8.6885138 0 0 0 -0.7828,4.09721 q 0,2.66485 0.71618,3.93065 a 2.1318781,2.1318781 0 0 0 1.88205,1.2658 4.2304457,4.2304457 0 0 0 3.23113,-1.63222 z"
|
||||||
|
id="path16-3"
|
||||||
|
style="stroke-width:0.555177" />
|
||||||
|
<path
|
||||||
|
class="cls-1"
|
||||||
|
d="m 174.20619,164.78009 h -9.32697 a 5.6405943,5.6405943 0 0 0 0.88273,3.04792 q 0.7828,1.0826 2.74813,1.0826 a 10.120869,10.120869 0 0 0 4.36369,-1.16587 4.3803434,4.3803434 0 0 1 1.19918,2.5316 10.759323,10.759323 0 0 1 -6.41229,1.8987 q -3.74744,0 -5.37966,-2.43167 -1.63222,-2.43167 -1.63222,-6.2957 0,-3.88624 1.79877,-6.2957 a 6.0181143,6.0181143 0 0 1 5.14649,-2.43168 q 3.33106,0 5.14648,2.01529 a 7.3449864,7.3449864 0 0 1 1.79878,5.07987 13.04665,13.04665 0 0 1 -0.33311,2.96464 z m -6.42895,-7.06184 q -2.73146,0 -2.93133,4.13051 h 5.79605 v -0.39973 a 4.7245529,4.7245529 0 0 0 -0.69953,-2.69816 2.4316735,2.4316735 0 0 0 -2.14298,-1.03262 z"
|
||||||
|
id="path18-6"
|
||||||
|
style="stroke-width:0.555177" />
|
||||||
|
<path
|
||||||
|
class="cls-2"
|
||||||
|
d="m 174.55595,111.039 a 1.4878733,1.4878733 0 0 1 -0.0666,0.51631 0.10548355,0.10548355 0 0 1 0,0.0444 l -0.0666,0.17211 v 0 l -0.0666,0.12769 -10.69826,21.15223 c -1.48787,2.93688 -4.22489,2.84806 -3.76409,-0.12214 l 2.15408,-12.02512 c 0.0722,-0.39418 0.70508,-3.17006 1.31022,-5.1798 l -20.64702,6.4456 c -3.24223,21.05785 -30.95109,21.40761 -35.47023,0 l -20.691432,-6.46226 c 0.605143,2.00974 1.243596,4.80228 1.315769,5.19646 l 2.154085,12.02512 c 0.460796,2.9702 -2.276224,3.05902 -3.764098,0.12214 L 75.49024,111.77183 a 0.77169547,0.77169547 0 0 1 -0.06662,-0.17766 1.5989086,1.5989086 0 0 1 0.838317,-2.13743 L 120.47065,89.897871 a 11.0036,11.0036 0 0 1 8.88282,0 l 44.20871,19.558869 a 1.5822533,1.5822533 0 0 1 0.99377,1.58226 z"
|
||||||
|
id="path24-31"
|
||||||
|
style="stroke-width:0.555177" />
|
||||||
|
<path
|
||||||
|
class="cls-3"
|
||||||
|
d="m 139.0413,114.72537 19.11473,-7.69475 a 0.81055784,0.81055784 0 0 0 0,-1.50453 c -2.2207,-0.92714 -4.96328,-1.99308 -7.65033,-3.10899 -0.49411,-0.20541 -5.17425,3.15341 -5.60173,3.49762 l -8.23882,6.58439 c -1.99309,1.67108 -0.26649,3.28665 2.37615,2.22626 z"
|
||||||
|
id="path26-9"
|
||||||
|
style="stroke-width:0.555177" />
|
||||||
|
<circle
|
||||||
|
class="cls-3"
|
||||||
|
cx="125.18409"
|
||||||
|
cy="122.24245"
|
||||||
|
r="9.9654207"
|
||||||
|
id="circle28-4"
|
||||||
|
style="stroke-width:0.555177" />
|
||||||
|
</g>
|
||||||
|
<path
|
||||||
|
class="cls-1"
|
||||||
|
d="m 162.59498,140.73295 1.36608,-0.009 h 0.0176 q 0.75796,0 0.75796,0.71389 v 2.30031 a 6.5748177,6.5748177 0 0 1 -2.28855,0.37897 q -1.25151,0 -1.88608,-0.85049 -0.63456,-0.8505 -0.63456,-2.31793 0,-1.46891 0.7888,-2.28268 a 2.5823345,2.5823345 0 0 1 1.93014,-0.81524 3.5371227,3.5371227 0 0 1 2.06675,0.64338 1.0385157,1.0385157 0 0 1 -0.18068,0.46711 1.2603203,1.2603203 0 0 1 -0.33931,0.35254 2.5926169,2.5926169 0 0 0 -1.5027,-0.52 1.4174931,1.4174931 0 0 0 -1.1854,0.54203 q -0.42305,0.53909 -0.42305,1.69658 0,2.17692 1.60405,2.17692 a 4.4742838,4.4742838 0 0 0 0.97829,-0.11457 v -0.83728 q 0,-0.3966 0.0176,-0.58756 h -0.64632 a 0.60518875,0.60518875 0 0 1 -0.40101,-0.11017 0.44067142,0.44067142 0 0 1 -0.12779,-0.35254 1.5100341,1.5100341 0 0 1 0.0881,-0.47445 z"
|
||||||
|
id="path8-6-4"
|
||||||
|
style="fill:#c3c3c3;fill-opacity:1;stroke-width:0.146891" />
|
||||||
|
<path
|
||||||
|
class="cls-1"
|
||||||
|
d="m 169.39307,143.50037 a 1.141339,1.141339 0 0 1 -0.14689,0.31288 1.0664248,1.0664248 0 0 1 -0.22474,0.25118 0.9959174,0.9959174 0 0 1 -0.80937,-0.51706 1.7847193,1.7847193 0 0 1 -1.26032,0.56406 q -0.67863,0 -1.02823,-0.3966 a 1.357268,1.357268 0 0 1 -0.34373,-0.9166 q 0,-0.73445 0.48034,-1.1149 a 1.9404232,1.9404232 0 0 1 1.23535,-0.36869 q 0.40541,0 0.76676,0.0352 v -0.2644 q 0,-0.69626 -0.66982,-0.69626 -0.47592,0 -1.34845,0.31728 a 1.2368178,1.2368178 0 0 1 -0.29378,-0.78439 4.9164242,4.9164242 0 0 1 1.90957,-0.39661 1.5526323,1.5526323 0 0 1 1.07524,0.37017 q 0.41423,0.37016 0.41423,1.1193 v 1.79794 q -0.003,0.48474 0.24384,0.68745 z m -2.21217,-0.22034 a 1.2471001,1.2471001 0 0 0 0.88134,-0.42304 v -0.77852 a 5.9182171,5.9182171 0 0 0 -0.66982,-0.0353 0.73445237,0.73445237 0 0 0 -0.54643,0.18215 0.63309793,0.63309793 0 0 0 -0.18508,0.46711 0.62281561,0.62281561 0 0 0 0.14689,0.44067 0.48767637,0.48767637 0 0 0 0.3731,0.14689 z"
|
||||||
|
id="path10-2-5"
|
||||||
|
style="fill:#c3c3c3;fill-opacity:1;stroke-width:0.146891" />
|
||||||
|
<path
|
||||||
|
class="cls-1"
|
||||||
|
d="m 170.10696,140.13364 a 1.0546736,1.0546736 0 0 1 0.14689,-0.32169 0.88134284,0.88134284 0 0 1 0.22474,-0.25118 1.1016786,1.1016786 0 0 1 0.92982,0.78439 q 0.35254,-0.78439 1.13693,-0.78439 a 2.7027846,2.7027846 0 0 1 0.51118,0.0617 1.9786147,1.9786147 0 0 1 -0.2644,1.02823 2.235673,2.235673 0 0 0 -0.39661,-0.0529 q -0.53762,0 -0.86371,0.57287 v 2.81736 a 3.0626663,3.0626663 0 0 1 -0.53762,0.0441 3.3784809,3.3784809 0 0 1 -0.55525,-0.0441 v -2.95249 q -0.006,-0.63751 -0.33197,-0.90191 z"
|
||||||
|
id="path12-6-0"
|
||||||
|
style="fill:#c3c3c3;fill-opacity:1;stroke-width:0.146891" />
|
||||||
|
<path
|
||||||
|
class="cls-1"
|
||||||
|
d="m 177.14889,143.50037 a 1.141339,1.141339 0 0 1 -0.15424,0.31288 1.0664248,1.0664248 0 0 1 -0.22474,0.25118 0.9959174,0.9959174 0 0 1 -0.8079,-0.51706 1.7847193,1.7847193 0 0 1 -1.26032,0.56406 q -0.67863,0 -1.02823,-0.3966 a 1.357268,1.357268 0 0 1 -0.34372,-0.9166 q 0,-0.73445 0.48033,-1.1149 a 1.9404232,1.9404232 0 0 1 1.22947,-0.37457 q 0.40542,0 0.76677,0.0353 v -0.26441 q 0,-0.69626 -0.66982,-0.69626 -0.47593,0 -1.34846,0.31729 a 1.2368178,1.2368178 0 0 1 -0.29378,-0.7844 4.9164242,4.9164242 0 0 1 1.90958,-0.3966 1.5526323,1.5526323 0 0 1 1.07524,0.37016 q 0.41423,0.37017 0.41423,1.11931 v 1.80381 q 0.009,0.48474 0.25559,0.68745 z m -2.21511,-0.22034 a 1.2471001,1.2471001 0 0 0 0.88134,-0.42304 v -0.77852 a 5.9182171,5.9182171 0 0 0 -0.66982,-0.0353 0.73445237,0.73445237 0 0 0 -0.54643,0.18509 0.63309793,0.63309793 0 0 0 -0.18508,0.46711 0.62281561,0.62281561 0 0 0 0.14689,0.44067 0.48767637,0.48767637 0 0 0 0.3731,0.14395 z"
|
||||||
|
id="path14-1-3"
|
||||||
|
style="fill:#c3c3c3;fill-opacity:1;stroke-width:0.146891" />
|
||||||
|
<path
|
||||||
|
class="cls-1"
|
||||||
|
d="m 178.23294,143.46511 q -0.3966,-0.60812 -0.3966,-1.67895 0,-1.07084 0.50236,-1.67896 a 1.5188475,1.5188475 0 0 1 1.20744,-0.60813 1.7039295,1.7039295 0 0 1 1.18981,0.44067 0.99738631,0.99738631 0 0 1 0.69626,-0.37897 0.82552446,0.82552446 0 0 1 0.23356,0.24677 1.0282333,1.0282333 0 0 1 0.14689,0.30847 q -0.24678,0.21152 -0.24678,0.75796 v 2.49714 q 0,1.40133 -0.45829,1.98302 -0.4583,0.58168 -1.5071,0.58756 a 4.2598236,4.2598236 0 0 1 -1.5776,-0.29378 1.1854061,1.1854061 0 0 1 0.27321,-0.80203 2.8819911,2.8819911 0 0 0 1.18541,0.27322 q 0.57728,0 0.79761,-0.29378 a 1.3220143,1.3220143 0 0 0 0.22034,-0.81084 v -0.35253 a 1.6936472,1.6936472 0 0 1 -1.10168,0.41423 1.3014496,1.3014496 0 0 1 -1.16484,-0.61107 z m 2.26505,-0.71388 v -2.04472 a 1.1354634,1.1354634 0 0 0 -0.75795,-0.36135 0.63603576,0.63603576 0 0 0 -0.57728,0.37898 2.2988359,2.2988359 0 0 0 -0.20712,1.08405 q 0,0.70508 0.18949,1.03998 a 0.56405941,0.56405941 0 0 0 0.49796,0.33491 1.1193054,1.1193054 0 0 0 0.8549,-0.43185 z"
|
||||||
|
id="path16-8-6"
|
||||||
|
style="fill:#c3c3c3;fill-opacity:1;stroke-width:0.146891" />
|
||||||
|
<path
|
||||||
|
class="cls-1"
|
||||||
|
d="m 186.09746,142.16073 h -2.46776 a 1.4924072,1.4924072 0 0 0 0.23355,0.80643 q 0.20712,0.28643 0.72711,0.28643 a 2.6778132,2.6778132 0 0 0 1.15456,-0.30847 1.1589658,1.1589658 0 0 1 0.31728,0.66982 2.8467375,2.8467375 0 0 1 -1.69658,0.50237 q -0.99151,0 -1.42337,-0.64338 -0.43186,-0.64338 -0.43186,-1.66574 0,-1.02823 0.47593,-1.66574 a 1.5922927,1.5922927 0 0 1 1.36167,-0.64338 q 0.88134,0 1.36167,0.53321 a 1.943361,1.943361 0 0 1 0.47593,1.34405 3.4519261,3.4519261 0 0 1 -0.0881,0.7844 z m -1.701,-1.86845 q -0.7227,0 -0.77558,1.09287 h 1.53354 v -0.10577 a 1.2500379,1.2500379 0 0 0 -0.18508,-0.71388 0.64338027,0.64338027 0 0 0 -0.567,-0.27322 z"
|
||||||
|
id="path18-7-1"
|
||||||
|
style="fill:#c3c3c3;fill-opacity:1;stroke-width:0.146891" />
|
||||||
|
<path
|
||||||
|
id="path24-3-6-9-0"
|
||||||
|
style="fill:#ff9329;fill-opacity:1;stroke-width:0.146891"
|
||||||
|
d="m 173.02622,117.15529 a 2.9113691,2.9113691 0 0 0 -1.14618,0.24753 l -11.69696,5.17488 a 0.42304456,0.42304456 0 0 0 -0.22169,0.56586 0.20417776,0.20417776 0 0 0 0.0176,0.047 l 0.79634,1.57355 11.10475,-4.91288 a 2.9113691,2.9113691 0 0 1 1.14618,-0.24753 2.9113691,2.9113691 0 0 1 1.20406,0.24753 l 11.12387,4.92115 0.7829,-1.54823 0.0176,-0.0336 0.0181,-0.0455 a 0.02790919,0.02790919 0 0 0 0,-0.0119 0.39366647,0.39366647 0 0 0 0.0176,-0.13642 0.41863785,0.41863785 0 0 0 -0.26303,-0.4191 l -11.69697,-5.17488 a 2.9113691,2.9113691 0 0 0 -1.20406,-0.24753 z m -10.12134,9.52449 c 0.0218,0.0723 0.0408,0.14674 0.0615,0.22066 h 0.51831 l -0.008,-0.0419 z m 20.32227,0.005 -0.57103,0.17828 -0.007,0.0377 h 0.5178 c 0.0202,-0.0723 0.0386,-0.14514 0.0599,-0.216 z" />
|
||||||
|
<path
|
||||||
|
class="cls-2"
|
||||||
|
d="m 186.19,127.94173 a 0.39366647,0.39366647 0 0 1 -0.0176,0.13661 0.02790919,0.02790919 0 0 1 0,0.0117 l -0.0176,0.0455 v 0 l -0.0176,0.0338 -2.83058,5.59652 c -0.39366,0.77705 -1.11783,0.75355 -0.99591,-0.0323 l 0.56993,-3.18165 c 0.0191,-0.10429 0.18655,-0.83874 0.34666,-1.37049 l -5.46285,1.7054 c -0.85784,5.57156 -8.18915,5.6641 -9.38484,0 l -5.4746,-1.70981 c 0.16011,0.53175 0.32903,1.27061 0.34813,1.3749 l 0.56993,3.18165 c 0.12192,0.78586 -0.60225,0.80936 -0.99592,0.0323 l -2.84822,-5.63031 a 0.20417776,0.20417776 0 0 1 -0.0176,-0.047 0.42304456,0.42304456 0 0 1 0.22181,-0.56553 l 11.69688,-5.17495 a 2.9113691,2.9113691 0 0 1 2.35025,0 l 11.69689,5.17495 a 0.41863785,0.41863785 0 0 1 0.26293,0.41864 z"
|
||||||
|
id="path24-0-3"
|
||||||
|
style="fill:#ff9329;fill-opacity:1;stroke-width:0.146891" />
|
||||||
|
<path
|
||||||
|
class="cls-3"
|
||||||
|
d="m 176.79341,128.91708 5.05744,-2.0359 a 0.21446009,0.21446009 0 0 0 0,-0.39807 c -0.58756,-0.24531 -1.3132,-0.52734 -2.02415,-0.82259 -0.13073,-0.0543 -1.36902,0.83434 -1.48212,0.92541 l -2.17986,1.74212 c -0.52734,0.44214 -0.0705,0.86959 0.62869,0.58903 z"
|
||||||
|
id="path26-2-2"
|
||||||
|
style="fill:#4e4e4e;fill-opacity:1;stroke-width:0.146891" />
|
||||||
|
<circle
|
||||||
|
class="cls-3"
|
||||||
|
cx="173.12703"
|
||||||
|
cy="130.90596"
|
||||||
|
r="2.6366842"
|
||||||
|
id="circle28-3-0"
|
||||||
|
style="fill:#4e4e4e;fill-opacity:1;stroke-width:0.146891" />
|
||||||
|
</g>
|
||||||
|
</g>
|
||||||
|
</svg>
|
After Width: | Height: | Size: 17 KiB |
BIN
doc/logo/garage-notext.png
Normal file
After Width: | Height: | Size: 7.8 KiB |
146
doc/logo/garage-notext.svg
Normal file
|
@ -0,0 +1,146 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||||
|
<svg
|
||||||
|
xmlns:dc="http://purl.org/dc/elements/1.1/"
|
||||||
|
xmlns:cc="http://creativecommons.org/ns#"
|
||||||
|
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
|
||||||
|
xmlns:svg="http://www.w3.org/2000/svg"
|
||||||
|
xmlns="http://www.w3.org/2000/svg"
|
||||||
|
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
|
||||||
|
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
|
||||||
|
id="Calque_1"
|
||||||
|
data-name="Calque 1"
|
||||||
|
width="250"
|
||||||
|
height="250"
|
||||||
|
viewBox="0 0 249.99999 250"
|
||||||
|
version="1.1"
|
||||||
|
sodipodi:docname="garage-notext.svg"
|
||||||
|
inkscape:version="1.0.2 (e86c870879, 2021-01-15)"
|
||||||
|
inkscape:export-filename="/home/lx/Deuxfleurs/garage/garage-notext.png"
|
||||||
|
inkscape:export-xdpi="96"
|
||||||
|
inkscape:export-ydpi="96">
|
||||||
|
<metadata
|
||||||
|
id="metadata33">
|
||||||
|
<rdf:RDF>
|
||||||
|
<cc:Work
|
||||||
|
rdf:about="">
|
||||||
|
<dc:format>image/svg+xml</dc:format>
|
||||||
|
<dc:type
|
||||||
|
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
|
||||||
|
<dc:title></dc:title>
|
||||||
|
</cc:Work>
|
||||||
|
</rdf:RDF>
|
||||||
|
</metadata>
|
||||||
|
<sodipodi:namedview
|
||||||
|
pagecolor="#ffffff"
|
||||||
|
bordercolor="#666666"
|
||||||
|
borderopacity="1"
|
||||||
|
objecttolerance="10"
|
||||||
|
gridtolerance="10"
|
||||||
|
guidetolerance="10"
|
||||||
|
inkscape:pageopacity="1"
|
||||||
|
inkscape:pageshadow="2"
|
||||||
|
inkscape:window-width="1920"
|
||||||
|
inkscape:window-height="1039"
|
||||||
|
id="namedview31"
|
||||||
|
showgrid="false"
|
||||||
|
inkscape:zoom="2.1842656"
|
||||||
|
inkscape:cx="143.86571"
|
||||||
|
inkscape:cy="118.5836"
|
||||||
|
inkscape:window-x="0"
|
||||||
|
inkscape:window-y="20"
|
||||||
|
inkscape:window-maximized="0"
|
||||||
|
inkscape:current-layer="Calque_1"
|
||||||
|
inkscape:document-rotation="0"
|
||||||
|
units="px"
|
||||||
|
showguides="false"
|
||||||
|
inkscape:guide-bbox="true"
|
||||||
|
inkscape:snap-global="false"
|
||||||
|
width="250mm">
|
||||||
|
<sodipodi:guide
|
||||||
|
position="102.90662,161.07694"
|
||||||
|
orientation="0,-1"
|
||||||
|
id="guide1016" />
|
||||||
|
<sodipodi:guide
|
||||||
|
position="122.45269,170.65683"
|
||||||
|
orientation="0,-1"
|
||||||
|
id="guide1018" />
|
||||||
|
<sodipodi:guide
|
||||||
|
position="128.86504,180.08221"
|
||||||
|
orientation="0,-1"
|
||||||
|
id="guide1020" />
|
||||||
|
</sodipodi:namedview>
|
||||||
|
<defs
|
||||||
|
id="defs4">
|
||||||
|
<style
|
||||||
|
id="style2">.cls-1{fill:#3b2100;}.cls-2{fill:#ffd952;}.cls-3{fill:#45c8ff;}</style>
|
||||||
|
</defs>
|
||||||
|
<rect
|
||||||
|
style="fill:#ffffff;stroke-width:3.60793"
|
||||||
|
id="rect3824"
|
||||||
|
width="251.68179"
|
||||||
|
height="250.98253"
|
||||||
|
x="-0.59092933"
|
||||||
|
y="-0.31321606" />
|
||||||
|
<g
|
||||||
|
id="g1719"
|
||||||
|
transform="matrix(1.9099251,0,0,1.9099251,-113.74064,-74.610597)">
|
||||||
|
<path
|
||||||
|
d="m 138.41049,100.63656 a 8.327649,8.327649 0 0 1 -2.77589,-0.28869 l -34.78736,-9.388039 a 8.4442361,8.4442361 0 0 1 -2.620438,-1.238044 z"
|
||||||
|
id="path6"
|
||||||
|
style="stroke-width:0.555177" />
|
||||||
|
<path
|
||||||
|
id="path24-3-6"
|
||||||
|
style="fill:#ffd952;fill-opacity:1;stroke-width:0.555177"
|
||||||
|
d="m 124.88254,70.600847 a 11.0036,11.0036 0 0 0 -4.33203,0.935547 L 76.341524,91.094987 a 1.5989086,1.5989086 0 0 0 -0.837891,2.138672 0.77169547,0.77169547 0 0 0 0.06641,0.177735 l 7.09375,14.021486 h 6.15625 l -0.875,-4.88867 c -0.07217,-0.39418 -0.711263,-3.187537 -1.316406,-5.197269 l 20.691403,6.462899 c 0.27198,1.28839 0.63292,2.49204 1.0625,3.62304 h 33.54883 c 0.36964,-1.13128 0.66138,-2.33705 0.85938,-3.62304 l 20.64648,-6.445321 c -0.60514,2.009734 -1.23639,4.785511 -1.30859,5.179691 l -0.875,4.88867 h 6.15429 l 7.02735,-13.894533 0.0664,-0.126953 0.0684,-0.171875 a 0.10548355,0.10548355 0 0 0 0,-0.04492 1.4878733,1.4878733 0 0 0 0.0664,-0.515625 1.5822533,1.5822533 0 0 0 -0.99414,-1.583985 L 129.43333,71.536394 a 11.0036,11.0036 0 0 0 -4.55079,-0.935547 z" />
|
||||||
|
<path
|
||||||
|
id="path24-3"
|
||||||
|
style="fill:#49c8fa;fill-opacity:1;stroke-width:0.555177"
|
||||||
|
d="m 124.88254,79.854518 a 11.0036,11.0036 0 0 0 -4.33203,0.935547 L 76.341524,100.34866 a 1.5989086,1.5989086 0 0 0 -0.837891,2.13672 0.77169547,0.77169547 0 0 0 0.06641,0.17773 l 3.847657,7.60352 h 8.175781 c -0.257897,-1.08856 -0.591943,-2.42953 -0.964844,-3.66797 l 11.744141,3.66797 h 53.371092 l 11.69336,-3.65039 c -0.37193,1.23522 -0.70076,2.56719 -0.95703,3.65039 h 8.17383 l 3.78125,-7.47656 0.0664,-0.12696 0.0684,-0.17187 a 0.10548355,0.10548355 0 0 0 0,-0.0449 1.4878733,1.4878733 0 0 0 0.0664,-0.51563 1.5822533,1.5822533 0 0 0 -0.99414,-1.58203 L 129.43333,80.790065 a 11.0036,11.0036 0 0 0 -4.55079,-0.935547 z" />
|
||||||
|
<path
|
||||||
|
class="cls-2"
|
||||||
|
d="m 174.63576,111.36813 a 1.4878733,1.4878733 0 0 1 -0.0666,0.51631 0.10548355,0.10548355 0 0 1 0,0.0444 l -0.0666,0.17211 v 0 l -0.0666,0.12769 -10.69826,21.15223 c -1.48787,2.93688 -4.22489,2.84806 -3.76409,-0.12214 l 2.15408,-12.02512 c 0.0722,-0.39418 0.70508,-3.17006 1.31022,-5.1798 l -20.64702,6.4456 c -3.24223,21.05785 -30.95109,21.40761 -35.47023,0 l -20.691437,-6.46226 c 0.605143,2.00974 1.243596,4.80228 1.315769,5.19646 l 2.154085,12.02512 c 0.460796,2.9702 -2.276224,3.05902 -3.764098,0.12214 L 75.570045,112.10096 a 0.77169547,0.77169547 0 0 1 -0.06662,-0.17766 1.5989086,1.5989086 0 0 1 0.838317,-2.13743 L 120.55046,90.226998 a 11.0036,11.0036 0 0 1 8.88282,0 l 44.20871,19.558872 a 1.5822533,1.5822533 0 0 1 0.99377,1.58226 z"
|
||||||
|
id="path24"
|
||||||
|
style="stroke-width:0.555177" />
|
||||||
|
<path
|
||||||
|
class="cls-3"
|
||||||
|
d="m 139.12111,115.0545 19.11473,-7.69475 a 0.81055784,0.81055784 0 0 0 0,-1.50453 c -2.2207,-0.92714 -4.96328,-1.99308 -7.65033,-3.10899 -0.49411,-0.20541 -5.17425,3.15341 -5.60173,3.49762 l -8.23882,6.58439 c -1.99309,1.67108 -0.26649,3.28665 2.37615,2.22626 z"
|
||||||
|
id="path26"
|
||||||
|
style="stroke-width:0.555177" />
|
||||||
|
<circle
|
||||||
|
class="cls-3"
|
||||||
|
cx="125.26389"
|
||||||
|
cy="122.57157"
|
||||||
|
r="9.9654207"
|
||||||
|
id="circle28"
|
||||||
|
style="stroke-width:0.555177" />
|
||||||
|
<path
|
||||||
|
d="m 138.41049,100.63656 a 8.327649,8.327649 0 0 1 -2.77589,-0.28869 l -34.78736,-9.388039 a 8.4442361,8.4442361 0 0 1 -2.620438,-1.238044 z"
|
||||||
|
id="path6-0"
|
||||||
|
style="stroke-width:0.555177" />
|
||||||
|
<path
|
||||||
|
id="path24-3-6-9"
|
||||||
|
style="fill:#ff9329;fill-opacity:1;stroke-width:0.555177"
|
||||||
|
d="m 124.88254,70.600847 a 11.0036,11.0036 0 0 0 -4.33203,0.935547 L 76.341524,91.094987 a 1.5989086,1.5989086 0 0 0 -0.837891,2.138672 0.77169547,0.77169547 0 0 0 0.06641,0.177735 l 7.09375,14.021486 h 6.15625 l -0.875,-4.88867 c -0.07217,-0.39418 -0.711263,-3.187537 -1.316406,-5.197269 l 20.691403,6.462899 c 0.27198,1.28839 0.63292,2.49204 1.0625,3.62304 h 33.54883 c 0.36964,-1.13128 0.66138,-2.33705 0.85938,-3.62304 l 20.64648,-6.445321 c -0.60514,2.009734 -1.23639,4.785511 -1.30859,5.179691 l -0.875,4.88867 h 6.15429 l 7.02735,-13.894533 0.0664,-0.126953 0.0684,-0.171875 a 0.10548355,0.10548355 0 0 0 0,-0.04492 1.4878733,1.4878733 0 0 0 0.0664,-0.515625 1.5822533,1.5822533 0 0 0 -0.99414,-1.583985 L 129.43333,71.536394 a 11.0036,11.0036 0 0 0 -4.55079,-0.935547 z" />
|
||||||
|
<path
|
||||||
|
id="path24-3-2"
|
||||||
|
style="fill:#4e4e4e;fill-opacity:1;stroke-width:0.555177"
|
||||||
|
d="m 124.88254,79.854518 a 11.0036,11.0036 0 0 0 -4.33203,0.935547 L 76.341524,100.34866 a 1.5989086,1.5989086 0 0 0 -0.837891,2.13672 0.77169547,0.77169547 0 0 0 0.06641,0.17773 l 3.847657,7.60352 h 8.175781 c -0.257897,-1.08856 -0.591943,-2.42953 -0.964844,-3.66797 l 11.744141,3.66797 h 53.371092 l 11.69336,-3.65039 c -0.37193,1.23522 -0.70076,2.56719 -0.95703,3.65039 h 8.17383 l 3.78125,-7.47656 0.0664,-0.12696 0.0684,-0.17187 a 0.10548355,0.10548355 0 0 0 0,-0.0449 1.4878733,1.4878733 0 0 0 0.0664,-0.51563 1.5822533,1.5822533 0 0 0 -0.99414,-1.58203 L 129.43333,80.790065 a 11.0036,11.0036 0 0 0 -4.55079,-0.935547 z" />
|
||||||
|
<path
|
||||||
|
class="cls-2"
|
||||||
|
d="m 174.63576,111.36813 a 1.4878733,1.4878733 0 0 1 -0.0666,0.51631 0.10548355,0.10548355 0 0 1 0,0.0444 l -0.0666,0.17211 v 0 l -0.0666,0.12769 -10.69826,21.15223 c -1.48787,2.93688 -4.22489,2.84806 -3.76409,-0.12214 l 2.15408,-12.02512 c 0.0722,-0.39418 0.70508,-3.17006 1.31022,-5.1798 l -20.64702,6.4456 c -3.24223,21.05785 -30.95109,21.40761 -35.47023,0 l -20.691437,-6.46226 c 0.605143,2.00974 1.243596,4.80228 1.315769,5.19646 l 2.154085,12.02512 c 0.460796,2.9702 -2.276224,3.05902 -3.764098,0.12214 L 75.570045,112.10096 a 0.77169547,0.77169547 0 0 1 -0.06662,-0.17766 1.5989086,1.5989086 0 0 1 0.838317,-2.13743 L 120.55046,90.226998 a 11.0036,11.0036 0 0 1 8.88282,0 l 44.20871,19.558872 a 1.5822533,1.5822533 0 0 1 0.99377,1.58226 z"
|
||||||
|
id="path24-0"
|
||||||
|
style="fill:#ff9329;fill-opacity:1;stroke-width:0.555177" />
|
||||||
|
<path
|
||||||
|
class="cls-3"
|
||||||
|
d="m 139.12111,115.0545 19.11473,-7.69475 a 0.81055784,0.81055784 0 0 0 0,-1.50453 c -2.2207,-0.92714 -4.96328,-1.99308 -7.65033,-3.10899 -0.49411,-0.20541 -5.17425,3.15341 -5.60173,3.49762 l -8.23882,6.58439 c -1.99309,1.67108 -0.26649,3.28665 2.37615,2.22626 z"
|
||||||
|
id="path26-2"
|
||||||
|
style="fill:#4e4e4e;fill-opacity:1;stroke-width:0.555177" />
|
||||||
|
<circle
|
||||||
|
class="cls-3"
|
||||||
|
cx="125.26389"
|
||||||
|
cy="122.57157"
|
||||||
|
r="9.9654207"
|
||||||
|
id="circle28-3"
|
||||||
|
style="fill:#4e4e4e;fill-opacity:1;stroke-width:0.555177" />
|
||||||
|
</g>
|
||||||
|
</svg>
|
After Width: | Height: | Size: 8.8 KiB |
BIN
doc/logo/garage.png
Normal file
After Width: | Height: | Size: 12 KiB |
206
doc/logo/garage.svg
Normal file
|
@ -0,0 +1,206 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||||
|
<svg
|
||||||
|
xmlns:dc="http://purl.org/dc/elements/1.1/"
|
||||||
|
xmlns:cc="http://creativecommons.org/ns#"
|
||||||
|
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
|
||||||
|
xmlns:svg="http://www.w3.org/2000/svg"
|
||||||
|
xmlns="http://www.w3.org/2000/svg"
|
||||||
|
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
|
||||||
|
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
|
||||||
|
id="Calque_1"
|
||||||
|
data-name="Calque 1"
|
||||||
|
width="250"
|
||||||
|
height="250"
|
||||||
|
viewBox="0 0 249.99999 250"
|
||||||
|
version="1.1"
|
||||||
|
sodipodi:docname="garage.svg"
|
||||||
|
inkscape:version="1.0.2 (e86c870879, 2021-01-15)"
|
||||||
|
inkscape:export-filename="/home/lx/Deuxfleurs/garage/doc/logo/garage.png"
|
||||||
|
inkscape:export-xdpi="96"
|
||||||
|
inkscape:export-ydpi="96">
|
||||||
|
<metadata
|
||||||
|
id="metadata33">
|
||||||
|
<rdf:RDF>
|
||||||
|
<cc:Work
|
||||||
|
rdf:about="">
|
||||||
|
<dc:format>image/svg+xml</dc:format>
|
||||||
|
<dc:type
|
||||||
|
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
|
||||||
|
<dc:title />
|
||||||
|
</cc:Work>
|
||||||
|
</rdf:RDF>
|
||||||
|
</metadata>
|
||||||
|
<sodipodi:namedview
|
||||||
|
pagecolor="#ffffff"
|
||||||
|
bordercolor="#666666"
|
||||||
|
borderopacity="1"
|
||||||
|
objecttolerance="10"
|
||||||
|
gridtolerance="10"
|
||||||
|
guidetolerance="10"
|
||||||
|
inkscape:pageopacity="1"
|
||||||
|
inkscape:pageshadow="2"
|
||||||
|
inkscape:window-width="1920"
|
||||||
|
inkscape:window-height="1080"
|
||||||
|
id="namedview31"
|
||||||
|
showgrid="false"
|
||||||
|
inkscape:zoom="2.1842656"
|
||||||
|
inkscape:cx="90.853672"
|
||||||
|
inkscape:cy="123.63257"
|
||||||
|
inkscape:window-x="0"
|
||||||
|
inkscape:window-y="0"
|
||||||
|
inkscape:window-maximized="0"
|
||||||
|
inkscape:current-layer="Calque_1"
|
||||||
|
inkscape:document-rotation="0"
|
||||||
|
units="px"
|
||||||
|
showguides="false"
|
||||||
|
inkscape:guide-bbox="true"
|
||||||
|
inkscape:snap-global="false"
|
||||||
|
width="250mm">
|
||||||
|
<sodipodi:guide
|
||||||
|
position="102.90662,161.07694"
|
||||||
|
orientation="0,-1"
|
||||||
|
id="guide1016" />
|
||||||
|
<sodipodi:guide
|
||||||
|
position="122.45269,170.65683"
|
||||||
|
orientation="0,-1"
|
||||||
|
id="guide1018" />
|
||||||
|
<sodipodi:guide
|
||||||
|
position="128.86504,180.08221"
|
||||||
|
orientation="0,-1"
|
||||||
|
id="guide1020" />
|
||||||
|
</sodipodi:namedview>
|
||||||
|
<defs
|
||||||
|
id="defs4">
|
||||||
|
<style
|
||||||
|
id="style2">.cls-1{fill:#3b2100;}.cls-2{fill:#ffd952;}.cls-3{fill:#45c8ff;}</style>
|
||||||
|
</defs>
|
||||||
|
<rect
|
||||||
|
style="fill:#ffffff;stroke-width:3.60793"
|
||||||
|
id="rect3824"
|
||||||
|
width="251.68179"
|
||||||
|
height="250.98253"
|
||||||
|
x="-0.59092933"
|
||||||
|
y="-0.31321606" />
|
||||||
|
<g
|
||||||
|
id="g1663"
|
||||||
|
transform="matrix(1.7099534,0,0,1.7099534,-88.607712,-87.994557)">
|
||||||
|
<path
|
||||||
|
d="m 138.33068,100.19817 a 8.327649,8.327649 0 0 1 -2.77589,-0.288688 l -34.78736,-9.388036 a 8.4442361,8.4442361 0 0 1 -2.620433,-1.238044 z"
|
||||||
|
id="path6"
|
||||||
|
style="stroke-width:0.555177" />
|
||||||
|
<path
|
||||||
|
class="cls-1"
|
||||||
|
d="m 85.377935,159.27452 5.163143,-0.0333 h 0.06662 q 2.864711,0 2.864711,2.69816 v 8.69407 a 24.849705,24.849705 0 0 1 -8.649651,1.43235 q -4.730105,0 -7.128468,-3.21447 -2.398363,-3.21447 -2.398363,-8.76068 0,-5.55177 2.981299,-8.62745 a 9.7600046,9.7600046 0 0 1 7.29502,-3.08123 13.368653,13.368653 0 0 1 7.811335,2.43167 3.9250986,3.9250986 0 0 1 -0.682867,1.76547 4.7634152,4.7634152 0 0 1 -1.282458,1.33242 9.798867,9.798867 0 0 0 -5.679457,-1.96533 5.3574542,5.3574542 0 0 0 -4.480275,2.04861 q -1.598909,2.03749 -1.598909,6.41229 0,8.22771 6.062529,8.22771 a 16.910679,16.910679 0 0 0 3.697476,-0.43303 v -3.16451 q 0,-1.49898 0.06662,-2.22071 h -2.442777 a 2.2873276,2.2873276 0 0 1 -1.515632,-0.41638 1.6655298,1.6655298 0 0 1 -0.483004,-1.33242 5.7072154,5.7072154 0 0 1 0.333106,-1.79322 z"
|
||||||
|
id="path8"
|
||||||
|
style="fill:#4e4e4e;fill-opacity:1;stroke-width:0.555177" />
|
||||||
|
<path
|
||||||
|
class="cls-1"
|
||||||
|
d="m 111.07151,169.73404 a 4.3137222,4.3137222 0 0 1 -0.55518,1.18253 4.0305821,4.0305821 0 0 1 -0.84942,0.94935 3.7640973,3.7640973 0 0 1 -3.05902,-1.95422 6.7453957,6.7453957 0 0 1 -4.76342,2.13188 q -2.564913,0 -3.886233,-1.49898 a 5.1298318,5.1298318 0 0 1 -1.299113,-3.4643 q 0,-2.77588 1.815427,-4.21379 a 7.3338829,7.3338829 0 0 1 4.669039,-1.3935 q 1.53228,0 2.89802,0.13325 v -0.99932 q 0,-2.63154 -2.53161,-2.63154 -1.79877,0 -5.096518,1.19918 a 4.674587,4.674587 0 0 1 -1.110353,-2.96464 18.581761,18.581761 0 0 1 7.217291,-1.49898 5.8682167,5.8682167 0 0 1 4.0639,1.39905 q 1.56559,1.39904 1.56559,4.23044 v 6.79537 q -0.0111,1.83208 0.9216,2.59822 z m -8.36096,-0.83276 a 4.7134493,4.7134493 0 0 0 3.33106,-1.59891 v -2.94244 a 22.368065,22.368065 0 0 0 -2.53161,-0.13324 2.775883,2.775883 0 0 0 -2.06525,0.68842 2.3928111,2.3928111 0 0 0 -0.69953,1.76546 2.3539488,2.3539488 0 0 0 0.55518,1.66553 1.8431863,1.8431863 0 0 0 1.41015,0.55518 z"
|
||||||
|
id="path10"
|
||||||
|
style="fill:#4e4e4e;fill-opacity:1;stroke-width:0.555177" />
|
||||||
|
<path
|
||||||
|
class="cls-1"
|
||||||
|
d="m 113.76966,157.00939 a 3.986168,3.986168 0 0 1 0.55518,-1.21583 3.3310596,3.3310596 0 0 1 0.84942,-0.94935 4.1638245,4.1638245 0 0 1 3.51427,2.96464 q 1.33242,-2.96464 4.29707,-2.96464 a 10.215249,10.215249 0 0 1 1.93201,0.23317 7.4782288,7.4782288 0 0 1 -0.99932,3.88624 8.4497879,8.4497879 0 0 0 -1.49897,-0.19987 q -2.03195,0 -3.26444,2.16519 v 10.64829 a 11.575432,11.575432 0 0 1 -2.03195,0.16655 12.769062,12.769062 0 0 1 -2.09857,-0.16655 v -11.15905 q -0.0222,-2.40947 -1.2547,-3.40879 z"
|
||||||
|
id="path12"
|
||||||
|
style="fill:#4e4e4e;fill-opacity:1;stroke-width:0.555177" />
|
||||||
|
<path
|
||||||
|
class="cls-1"
|
||||||
|
d="m 140.38483,169.73404 a 4.3137222,4.3137222 0 0 1 -0.58293,1.18253 4.0305821,4.0305821 0 0 1 -0.84942,0.94935 3.7640973,3.7640973 0 0 1 -3.05348,-1.95422 6.7453957,6.7453957 0 0 1 -4.76341,2.13188 q -2.56492,0 -3.88624,-1.49898 a 5.1298318,5.1298318 0 0 1 -1.29911,-3.4643 q 0,-2.77588 1.81543,-4.21379 a 7.3338829,7.3338829 0 0 1 4.64682,-1.4157 q 1.53229,0 2.89803,0.13324 v -0.99932 q 0,-2.63153 -2.53161,-2.63153 -1.79877,0 -5.09652,1.19918 a 4.674587,4.674587 0 0 1 -1.11035,-2.96465 18.581761,18.581761 0 0 1 7.21729,-1.49897 5.8682167,5.8682167 0 0 1 4.0639,1.39904 q 1.56559,1.39905 1.56559,4.23045 v 6.81757 q 0.0333,1.83208 0.96601,2.59822 z m -8.37206,-0.83276 a 4.7134493,4.7134493 0 0 0 3.33106,-1.59891 v -2.94244 a 22.368065,22.368065 0 0 0 -2.53161,-0.13324 2.775883,2.775883 0 0 0 -2.06526,0.69952 2.3928111,2.3928111 0 0 0 -0.69952,1.76546 2.3539488,2.3539488 0 0 0 0.55518,1.66553 1.8431863,1.8431863 0 0 0 1.41015,0.54408 z"
|
||||||
|
id="path14"
|
||||||
|
style="fill:#4e4e4e;fill-opacity:1;stroke-width:0.555177" />
|
||||||
|
<path
|
||||||
|
class="cls-1"
|
||||||
|
d="m 144.48203,169.6008 q -1.49897,-2.29843 -1.49897,-6.34567 0,-4.04724 1.8987,-6.34567 a 5.740526,5.740526 0 0 1 4.56355,-2.29843 6.4400486,6.4400486 0 0 1 4.49693,1.66553 3.7696491,3.7696491 0 0 1 2.63154,-1.43235 3.1200925,3.1200925 0 0 1 0.88273,0.93269 3.8862362,3.8862362 0 0 1 0.55518,1.16587 q -0.9327,0.79946 -0.9327,2.86472 v 9.438 q 0,5.29638 -1.73215,7.49488 -1.73215,2.1985 -5.69611,2.22071 a 16.100121,16.100121 0 0 1 -5.9626,-1.11036 4.4802752,4.4802752 0 0 1 1.03263,-3.03126 10.892565,10.892565 0 0 0 4.48028,1.03263 q 2.18184,0 3.0146,-1.11035 a 4.9965894,4.9965894 0 0 0 0.83277,-3.06458 v -1.33242 a 6.4011862,6.4011862 0 0 1 -4.16383,1.56559 4.9188647,4.9188647 0 0 1 -4.40255,-2.30953 z m 8.56083,-2.69816 v -7.72806 a 4.2915151,4.2915151 0 0 0 -2.86471,-1.36573 2.4039147,2.4039147 0 0 0 -2.18185,1.43235 8.6885138,8.6885138 0 0 0 -0.7828,4.09721 q 0,2.66485 0.71618,3.93065 a 2.1318781,2.1318781 0 0 0 1.88205,1.2658 4.2304457,4.2304457 0 0 0 3.23113,-1.63222 z"
|
||||||
|
id="path16"
|
||||||
|
style="fill:#4e4e4e;fill-opacity:1;stroke-width:0.555177" />
|
||||||
|
<path
|
||||||
|
class="cls-1"
|
||||||
|
d="m 174.20619,164.67083 h -9.32697 a 5.6405943,5.6405943 0 0 0 0.88273,3.04792 q 0.7828,1.0826 2.74813,1.0826 a 10.120869,10.120869 0 0 0 4.36369,-1.16587 4.3803434,4.3803434 0 0 1 1.19918,2.5316 10.759323,10.759323 0 0 1 -6.41229,1.8987 q -3.74744,0 -5.37966,-2.43167 -1.63222,-2.43167 -1.63222,-6.2957 0,-3.88624 1.79877,-6.2957 a 6.0181143,6.0181143 0 0 1 5.14649,-2.43168 q 3.33106,0 5.14648,2.01529 a 7.3449864,7.3449864 0 0 1 1.79878,5.07987 13.04665,13.04665 0 0 1 -0.33311,2.96464 z m -6.42895,-7.06184 q -2.73146,0 -2.93133,4.13051 h 5.79605 v -0.39973 a 4.7245529,4.7245529 0 0 0 -0.69953,-2.69816 2.4316735,2.4316735 0 0 0 -2.14298,-1.03262 z"
|
||||||
|
id="path18"
|
||||||
|
style="fill:#4e4e4e;fill-opacity:1;stroke-width:0.555177" />
|
||||||
|
<path
|
||||||
|
id="path24-3-6"
|
||||||
|
style="fill:#ffd952;fill-opacity:1;stroke-width:0.555177"
|
||||||
|
d="m 124.80273,70.162462 a 11.0036,11.0036 0 0 0 -4.33203,0.935547 L 76.261719,90.656602 a 1.5989086,1.5989086 0 0 0 -0.837891,2.138672 0.77169547,0.77169547 0 0 0 0.06641,0.177735 l 7.09375,14.021481 h 6.15625 l -0.875,-4.88867 c -0.07217,-0.39418 -0.711263,-3.187532 -1.316406,-5.197264 l 20.691398,6.462894 c 0.27198,1.28839 0.63292,2.49204 1.0625,3.62304 h 33.54883 c 0.36964,-1.13128 0.66138,-2.33705 0.85938,-3.62304 l 20.64648,-6.445316 c -0.60514,2.009734 -1.23639,4.785506 -1.30859,5.179686 l -0.875,4.88867 h 6.15429 l 7.02735,-13.894528 0.0664,-0.126953 0.0684,-0.171875 a 0.10548355,0.10548355 0 0 0 0,-0.04492 1.4878733,1.4878733 0 0 0 0.0664,-0.515625 1.5822533,1.5822533 0 0 0 -0.99414,-1.583985 L 129.35352,71.098009 a 11.0036,11.0036 0 0 0 -4.55079,-0.935547 z" />
|
||||||
|
<path
|
||||||
|
id="path24-3"
|
||||||
|
style="fill:#49c8fa;fill-opacity:1;stroke-width:0.555177"
|
||||||
|
d="M 124.80273,79.416133 A 11.0036,11.0036 0 0 0 120.4707,80.35168 L 76.261719,99.910272 a 1.5989086,1.5989086 0 0 0 -0.837891,2.136718 0.77169547,0.77169547 0 0 0 0.06641,0.17773 l 3.847657,7.60352 h 8.175781 c -0.257897,-1.08856 -0.591943,-2.42953 -0.964844,-3.66797 l 11.744141,3.66797 h 53.371087 l 11.69336,-3.65039 c -0.37193,1.23522 -0.70076,2.56719 -0.95703,3.65039 h 8.17383 l 3.78125,-7.47656 0.0664,-0.12696 0.0684,-0.17187 a 0.10548355,0.10548355 0 0 0 0,-0.0449 1.4878733,1.4878733 0 0 0 0.0664,-0.51563 1.5822533,1.5822533 0 0 0 -0.99414,-1.582028 L 129.35352,80.35168 a 11.0036,11.0036 0 0 0 -4.55079,-0.935547 z" />
|
||||||
|
<path
|
||||||
|
class="cls-2"
|
||||||
|
d="m 174.55595,110.92974 a 1.4878733,1.4878733 0 0 1 -0.0666,0.51631 0.10548355,0.10548355 0 0 1 0,0.0444 l -0.0666,0.17211 v 0 l -0.0666,0.12769 -10.69826,21.15223 c -1.48787,2.93688 -4.22489,2.84806 -3.76409,-0.12214 l 2.15408,-12.02512 c 0.0722,-0.39418 0.70508,-3.17006 1.31022,-5.1798 l -20.64702,6.4456 c -3.24223,21.05785 -30.95109,21.40761 -35.47023,0 l -20.691432,-6.46226 c 0.605143,2.00974 1.243596,4.80228 1.315769,5.19646 l 2.154085,12.02512 c 0.460796,2.9702 -2.276224,3.05902 -3.764098,0.12214 L 75.49024,111.66257 a 0.77169547,0.77169547 0 0 1 -0.06662,-0.17766 1.5989086,1.5989086 0 0 1 0.838317,-2.13743 L 120.47065,89.788613 a 11.0036,11.0036 0 0 1 8.88282,0 l 44.20871,19.558867 a 1.5822533,1.5822533 0 0 1 0.99377,1.58226 z"
|
||||||
|
id="path24"
|
||||||
|
style="stroke-width:0.555177" />
|
||||||
|
<path
|
||||||
|
class="cls-3"
|
||||||
|
d="m 139.0413,114.61611 19.11473,-7.69475 a 0.81055784,0.81055784 0 0 0 0,-1.50453 c -2.2207,-0.92714 -4.96328,-1.99308 -7.65033,-3.10899 -0.49411,-0.20541 -5.17425,3.15341 -5.60173,3.49762 l -8.23882,6.58439 c -1.99309,1.67108 -0.26649,3.28665 2.37615,2.22626 z"
|
||||||
|
id="path26"
|
||||||
|
style="stroke-width:0.555177" />
|
||||||
|
<circle
|
||||||
|
class="cls-3"
|
||||||
|
cx="125.18409"
|
||||||
|
cy="122.13319"
|
||||||
|
r="9.9654207"
|
||||||
|
id="circle28"
|
||||||
|
style="stroke-width:0.555177" />
|
||||||
|
<path
|
||||||
|
d="m 138.33068,100.19817 a 8.327649,8.327649 0 0 1 -2.77589,-0.288688 l -34.78736,-9.388036 a 8.4442361,8.4442361 0 0 1 -2.620433,-1.238044 z"
|
||||||
|
id="path6-0"
|
||||||
|
style="stroke-width:0.555177" />
|
||||||
|
<path
|
||||||
|
class="cls-1"
|
||||||
|
d="m 85.377935,159.27452 5.163143,-0.0333 h 0.06662 q 2.864711,0 2.864711,2.69816 v 8.69407 a 24.849705,24.849705 0 0 1 -8.649651,1.43235 q -4.730105,0 -7.128468,-3.21447 -2.398363,-3.21447 -2.398363,-8.76068 0,-5.55177 2.981299,-8.62745 a 9.7600046,9.7600046 0 0 1 7.29502,-3.08123 13.368653,13.368653 0 0 1 7.811335,2.43167 3.9250986,3.9250986 0 0 1 -0.682867,1.76547 4.7634152,4.7634152 0 0 1 -1.282458,1.33242 9.798867,9.798867 0 0 0 -5.679457,-1.96533 5.3574542,5.3574542 0 0 0 -4.480275,2.04861 q -1.598909,2.03749 -1.598909,6.41229 0,8.22771 6.062529,8.22771 a 16.910679,16.910679 0 0 0 3.697476,-0.43303 v -3.16451 q 0,-1.49898 0.06662,-2.22071 h -2.442777 a 2.2873276,2.2873276 0 0 1 -1.515632,-0.41638 1.6655298,1.6655298 0 0 1 -0.483004,-1.33242 5.7072154,5.7072154 0 0 1 0.333106,-1.79322 z"
|
||||||
|
id="path8-6"
|
||||||
|
style="fill:#4e4e4e;fill-opacity:1;stroke-width:0.555177" />
|
||||||
|
<path
|
||||||
|
class="cls-1"
|
||||||
|
d="m 111.07151,169.73404 a 4.3137222,4.3137222 0 0 1 -0.55518,1.18253 4.0305821,4.0305821 0 0 1 -0.84942,0.94935 3.7640973,3.7640973 0 0 1 -3.05902,-1.95422 6.7453957,6.7453957 0 0 1 -4.76342,2.13188 q -2.564913,0 -3.886233,-1.49898 a 5.1298318,5.1298318 0 0 1 -1.299113,-3.4643 q 0,-2.77588 1.815427,-4.21379 a 7.3338829,7.3338829 0 0 1 4.669039,-1.3935 q 1.53228,0 2.89802,0.13325 v -0.99932 q 0,-2.63154 -2.53161,-2.63154 -1.79877,0 -5.096518,1.19918 a 4.674587,4.674587 0 0 1 -1.110353,-2.96464 18.581761,18.581761 0 0 1 7.217291,-1.49898 5.8682167,5.8682167 0 0 1 4.0639,1.39905 q 1.56559,1.39904 1.56559,4.23044 v 6.79537 q -0.0111,1.83208 0.9216,2.59822 z m -8.36096,-0.83276 a 4.7134493,4.7134493 0 0 0 3.33106,-1.59891 v -2.94244 a 22.368065,22.368065 0 0 0 -2.53161,-0.13324 2.775883,2.775883 0 0 0 -2.06525,0.68842 2.3928111,2.3928111 0 0 0 -0.69953,1.76546 2.3539488,2.3539488 0 0 0 0.55518,1.66553 1.8431863,1.8431863 0 0 0 1.41015,0.55518 z"
|
||||||
|
id="path10-2"
|
||||||
|
style="fill:#4e4e4e;fill-opacity:1;stroke-width:0.555177" />
|
||||||
|
<path
|
||||||
|
class="cls-1"
|
||||||
|
d="m 113.76966,157.00939 a 3.986168,3.986168 0 0 1 0.55518,-1.21583 3.3310596,3.3310596 0 0 1 0.84942,-0.94935 4.1638245,4.1638245 0 0 1 3.51427,2.96464 q 1.33242,-2.96464 4.29707,-2.96464 a 10.215249,10.215249 0 0 1 1.93201,0.23317 7.4782288,7.4782288 0 0 1 -0.99932,3.88624 8.4497879,8.4497879 0 0 0 -1.49897,-0.19987 q -2.03195,0 -3.26444,2.16519 v 10.64829 a 11.575432,11.575432 0 0 1 -2.03195,0.16655 12.769062,12.769062 0 0 1 -2.09857,-0.16655 v -11.15905 q -0.0222,-2.40947 -1.2547,-3.40879 z"
|
||||||
|
id="path12-6"
|
||||||
|
style="fill:#4e4e4e;fill-opacity:1;stroke-width:0.555177" />
|
||||||
|
<path
|
||||||
|
class="cls-1"
|
||||||
|
d="m 140.38483,169.73404 a 4.3137222,4.3137222 0 0 1 -0.58293,1.18253 4.0305821,4.0305821 0 0 1 -0.84942,0.94935 3.7640973,3.7640973 0 0 1 -3.05348,-1.95422 6.7453957,6.7453957 0 0 1 -4.76341,2.13188 q -2.56492,0 -3.88624,-1.49898 a 5.1298318,5.1298318 0 0 1 -1.29911,-3.4643 q 0,-2.77588 1.81543,-4.21379 a 7.3338829,7.3338829 0 0 1 4.64682,-1.4157 q 1.53229,0 2.89803,0.13324 v -0.99932 q 0,-2.63153 -2.53161,-2.63153 -1.79877,0 -5.09652,1.19918 a 4.674587,4.674587 0 0 1 -1.11035,-2.96465 18.581761,18.581761 0 0 1 7.21729,-1.49897 5.8682167,5.8682167 0 0 1 4.0639,1.39904 q 1.56559,1.39905 1.56559,4.23045 v 6.81757 q 0.0333,1.83208 0.96601,2.59822 z m -8.37206,-0.83276 a 4.7134493,4.7134493 0 0 0 3.33106,-1.59891 v -2.94244 a 22.368065,22.368065 0 0 0 -2.53161,-0.13324 2.775883,2.775883 0 0 0 -2.06526,0.69952 2.3928111,2.3928111 0 0 0 -0.69952,1.76546 2.3539488,2.3539488 0 0 0 0.55518,1.66553 1.8431863,1.8431863 0 0 0 1.41015,0.54408 z"
|
||||||
|
id="path14-1"
|
||||||
|
style="fill:#4e4e4e;fill-opacity:1;stroke-width:0.555177" />
|
||||||
|
<path
|
||||||
|
class="cls-1"
|
||||||
|
d="m 144.48203,169.6008 q -1.49897,-2.29843 -1.49897,-6.34567 0,-4.04724 1.8987,-6.34567 a 5.740526,5.740526 0 0 1 4.56355,-2.29843 6.4400486,6.4400486 0 0 1 4.49693,1.66553 3.7696491,3.7696491 0 0 1 2.63154,-1.43235 3.1200925,3.1200925 0 0 1 0.88273,0.93269 3.8862362,3.8862362 0 0 1 0.55518,1.16587 q -0.9327,0.79946 -0.9327,2.86472 v 9.438 q 0,5.29638 -1.73215,7.49488 -1.73215,2.1985 -5.69611,2.22071 a 16.100121,16.100121 0 0 1 -5.9626,-1.11036 4.4802752,4.4802752 0 0 1 1.03263,-3.03126 10.892565,10.892565 0 0 0 4.48028,1.03263 q 2.18184,0 3.0146,-1.11035 a 4.9965894,4.9965894 0 0 0 0.83277,-3.06458 v -1.33242 a 6.4011862,6.4011862 0 0 1 -4.16383,1.56559 4.9188647,4.9188647 0 0 1 -4.40255,-2.30953 z m 8.56083,-2.69816 v -7.72806 a 4.2915151,4.2915151 0 0 0 -2.86471,-1.36573 2.4039147,2.4039147 0 0 0 -2.18185,1.43235 8.6885138,8.6885138 0 0 0 -0.7828,4.09721 q 0,2.66485 0.71618,3.93065 a 2.1318781,2.1318781 0 0 0 1.88205,1.2658 4.2304457,4.2304457 0 0 0 3.23113,-1.63222 z"
|
||||||
|
id="path16-8"
|
||||||
|
style="fill:#4e4e4e;fill-opacity:1;stroke-width:0.555177" />
|
||||||
|
<path
|
||||||
|
class="cls-1"
|
||||||
|
d="m 174.20619,164.67083 h -9.32697 a 5.6405943,5.6405943 0 0 0 0.88273,3.04792 q 0.7828,1.0826 2.74813,1.0826 a 10.120869,10.120869 0 0 0 4.36369,-1.16587 4.3803434,4.3803434 0 0 1 1.19918,2.5316 10.759323,10.759323 0 0 1 -6.41229,1.8987 q -3.74744,0 -5.37966,-2.43167 -1.63222,-2.43167 -1.63222,-6.2957 0,-3.88624 1.79877,-6.2957 a 6.0181143,6.0181143 0 0 1 5.14649,-2.43168 q 3.33106,0 5.14648,2.01529 a 7.3449864,7.3449864 0 0 1 1.79878,5.07987 13.04665,13.04665 0 0 1 -0.33311,2.96464 z m -6.42895,-7.06184 q -2.73146,0 -2.93133,4.13051 h 5.79605 v -0.39973 a 4.7245529,4.7245529 0 0 0 -0.69953,-2.69816 2.4316735,2.4316735 0 0 0 -2.14298,-1.03262 z"
|
||||||
|
id="path18-7"
|
||||||
|
style="fill:#4e4e4e;fill-opacity:1;stroke-width:0.555177" />
|
||||||
|
<path
|
||||||
|
id="path24-3-6-9"
|
||||||
|
style="fill:#ff9329;fill-opacity:1;stroke-width:0.555177"
|
||||||
|
d="m 124.80273,70.162462 a 11.0036,11.0036 0 0 0 -4.33203,0.935547 L 76.261719,90.656602 a 1.5989086,1.5989086 0 0 0 -0.837891,2.138672 0.77169547,0.77169547 0 0 0 0.06641,0.177735 l 7.09375,14.021481 h 6.15625 l -0.875,-4.88867 c -0.07217,-0.39418 -0.711263,-3.187532 -1.316406,-5.197264 l 20.691398,6.462894 c 0.27198,1.28839 0.63292,2.49204 1.0625,3.62304 h 33.54883 c 0.36964,-1.13128 0.66138,-2.33705 0.85938,-3.62304 l 20.64648,-6.445316 c -0.60514,2.009734 -1.23639,4.785506 -1.30859,5.179686 l -0.875,4.88867 h 6.15429 l 7.02735,-13.894528 0.0664,-0.126953 0.0684,-0.171875 a 0.10548355,0.10548355 0 0 0 0,-0.04492 1.4878733,1.4878733 0 0 0 0.0664,-0.515625 1.5822533,1.5822533 0 0 0 -0.99414,-1.583985 L 129.35352,71.098009 a 11.0036,11.0036 0 0 0 -4.55079,-0.935547 z" />
|
||||||
|
<path
|
||||||
|
id="path24-3-2"
|
||||||
|
style="fill:#4e4e4e;fill-opacity:1;stroke-width:0.555177"
|
||||||
|
d="M 124.80273,79.416133 A 11.0036,11.0036 0 0 0 120.4707,80.35168 L 76.261719,99.910272 a 1.5989086,1.5989086 0 0 0 -0.837891,2.136718 0.77169547,0.77169547 0 0 0 0.06641,0.17773 l 3.847657,7.60352 h 8.175781 c -0.257897,-1.08856 -0.591943,-2.42953 -0.964844,-3.66797 l 11.744141,3.66797 h 53.371087 l 11.69336,-3.65039 c -0.37193,1.23522 -0.70076,2.56719 -0.95703,3.65039 h 8.17383 l 3.78125,-7.47656 0.0664,-0.12696 0.0684,-0.17187 a 0.10548355,0.10548355 0 0 0 0,-0.0449 1.4878733,1.4878733 0 0 0 0.0664,-0.51563 1.5822533,1.5822533 0 0 0 -0.99414,-1.582028 L 129.35352,80.35168 a 11.0036,11.0036 0 0 0 -4.55079,-0.935547 z" />
|
||||||
|
<path
|
||||||
|
class="cls-2"
|
||||||
|
d="m 174.55595,110.92974 a 1.4878733,1.4878733 0 0 1 -0.0666,0.51631 0.10548355,0.10548355 0 0 1 0,0.0444 l -0.0666,0.17211 v 0 l -0.0666,0.12769 -10.69826,21.15223 c -1.48787,2.93688 -4.22489,2.84806 -3.76409,-0.12214 l 2.15408,-12.02512 c 0.0722,-0.39418 0.70508,-3.17006 1.31022,-5.1798 l -20.64702,6.4456 c -3.24223,21.05785 -30.95109,21.40761 -35.47023,0 l -20.691432,-6.46226 c 0.605143,2.00974 1.243596,4.80228 1.315769,5.19646 l 2.154085,12.02512 c 0.460796,2.9702 -2.276224,3.05902 -3.764098,0.12214 L 75.49024,111.66257 a 0.77169547,0.77169547 0 0 1 -0.06662,-0.17766 1.5989086,1.5989086 0 0 1 0.838317,-2.13743 L 120.47065,89.788613 a 11.0036,11.0036 0 0 1 8.88282,0 l 44.20871,19.558867 a 1.5822533,1.5822533 0 0 1 0.99377,1.58226 z"
|
||||||
|
id="path24-0"
|
||||||
|
style="fill:#ff9329;fill-opacity:1;stroke-width:0.555177" />
|
||||||
|
<path
|
||||||
|
class="cls-3"
|
||||||
|
d="m 139.0413,114.61611 19.11473,-7.69475 a 0.81055784,0.81055784 0 0 0 0,-1.50453 c -2.2207,-0.92714 -4.96328,-1.99308 -7.65033,-3.10899 -0.49411,-0.20541 -5.17425,3.15341 -5.60173,3.49762 l -8.23882,6.58439 c -1.99309,1.67108 -0.26649,3.28665 2.37615,2.22626 z"
|
||||||
|
id="path26-2"
|
||||||
|
style="fill:#4e4e4e;fill-opacity:1;stroke-width:0.555177" />
|
||||||
|
<circle
|
||||||
|
class="cls-3"
|
||||||
|
cx="125.18409"
|
||||||
|
cy="122.13319"
|
||||||
|
r="9.9654207"
|
||||||
|
id="circle28-3"
|
||||||
|
style="fill:#4e4e4e;fill-opacity:1;stroke-width:0.555177" />
|
||||||
|
</g>
|
||||||
|
</svg>
|
After Width: | Height: | Size: 20 KiB |
BIN
doc/logo/garage_hires.png
Normal file
After Width: | Height: | Size: 30 KiB |
BIN
doc/sticker/Garage.pdf
(Stored with Git LFS)
Normal file
BIN
doc/sticker/Garage.png
Normal file
After Width: | Height: | Size: 16 KiB |
1
doc/sticker/Garage.svg
Normal file
After Width: | Height: | Size: 74 KiB |
Before Width: | Height: | Size: 44 KiB After Width: | Height: | Size: 44 KiB |
Before Width: | Height: | Size: 19 KiB After Width: | Height: | Size: 19 KiB |
Before Width: | Height: | Size: 53 KiB After Width: | Height: | Size: 53 KiB |
Before Width: | Height: | Size: 54 KiB After Width: | Height: | Size: 54 KiB |
Before Width: | Height: | Size: 56 KiB After Width: | Height: | Size: 56 KiB |
Before Width: | Height: | Size: 57 KiB After Width: | Height: | Size: 57 KiB |
Before Width: | Height: | Size: 360 KiB After Width: | Height: | Size: 360 KiB |
Before Width: | Height: | Size: 39 KiB After Width: | Height: | Size: 39 KiB |
Before Width: | Height: | Size: 19 KiB After Width: | Height: | Size: 19 KiB |
Before Width: | Height: | Size: 27 KiB After Width: | Height: | Size: 27 KiB |
Before Width: | Height: | Size: 32 KiB After Width: | Height: | Size: 32 KiB |
Before Width: | Height: | Size: 86 KiB After Width: | Height: | Size: 86 KiB |
Before Width: | Height: | Size: 6.1 KiB After Width: | Height: | Size: 6.1 KiB |
BIN
doc/talks/2020-12-02_wide-team/talk.pdf
(Stored with Git LFS)
Normal file
10
doc/talks/2021-04-28_spirals-team/.gitignore
vendored
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
*.bbl
|
||||||
|
*.aux
|
||||||
|
*.bcf
|
||||||
|
*.blg
|
||||||
|
*.log
|
||||||
|
*.run.xml
|
||||||
|
*.synctex.gz
|
||||||
|
build/
|
||||||
|
main.pdf
|
||||||
|
figures/crdt.pdf
|
33
doc/talks/2021-04-28_spirals-team/Makefile
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
.PHONY: all viewpdf pdf clean
|
||||||
|
|
||||||
|
TARGET = main
|
||||||
|
SOURCE_FILES = $(shell find . -type f -name "*.tex" -print)
|
||||||
|
CLASS_FILES = $(shell find . -type f -name "*.cls" -print)
|
||||||
|
BIB_FILES = $(shell find . -type f -name "*.bib" -print)
|
||||||
|
FIGURES = $(shell find . -path "./figures/*" -type f -print)
|
||||||
|
BUILD_PATH = build
|
||||||
|
BUILD_FILES = $(shell find $(BUILD_PATH) -type f -print)
|
||||||
|
|
||||||
|
BIB_PROCESSOR := biber
|
||||||
|
|
||||||
|
.PHONY: all pdf clean figures
|
||||||
|
|
||||||
|
all: pdf
|
||||||
|
|
||||||
|
pdf: $(TARGET).pdf
|
||||||
|
|
||||||
|
clean:
|
||||||
|
@rm $(TARGET).pdf $(BUILD_FILES) > /dev/null 2>&1 || exit 0
|
||||||
|
|
||||||
|
figures: figures/crdt.pdf
|
||||||
|
|
||||||
|
$(TARGET).pdf: figures $(FIGURES) $(SOURCE_FILES) $(BIB_FILES) $(CLASS_FILES)
|
||||||
|
@mkdir -p $(BUILD_PATH) > /dev/null 2>&1 || exit 0
|
||||||
|
@pdflatex -interaction=nonstopmode -jobname=$(TARGET) -output-directory $(BUILD_PATH) $(TARGET).tex
|
||||||
|
@$(BIB_PROCESSOR) --output-directory $(BUILD_PATH) $(TARGET)
|
||||||
|
@pdflatex -interaction=nonstopmode -jobname=$(TARGET) -output-directory $(BUILD_PATH) $(TARGET).tex # For biber
|
||||||
|
@pdflatex -interaction=nonstopmode -jobname=$(TARGET) -output-directory $(BUILD_PATH) $(TARGET).tex # For biber
|
||||||
|
@ln -fs $(BUILD_PATH)/$(TARGET).pdf $(TARGET).pdf
|
||||||
|
|
||||||
|
figures/crdt.pdf: figures/svg/crdt.svg
|
||||||
|
@inkscape -C --file=$< --export-pdf=$@
|
1
doc/talks/2021-04-28_spirals-team/README.md
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Presentation of Garage by Adrien on April, 28th 2021, for his research team [Spirals](https://team.inria.fr/spirals/).
|
27
doc/talks/2021-04-28_spirals-team/bibliography.bib
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
|
||||||
|
@inproceedings{brewer_towards_2000,
|
||||||
|
title = {Towards {{Robust Distributed Systems}}},
|
||||||
|
booktitle = {{{ACM PODC}}},
|
||||||
|
author = {Brewer, Eric},
|
||||||
|
year = {2000}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@incollection{defago_conflict-free_2011,
|
||||||
|
title = {Conflict-{{Free Replicated Data Types}}},
|
||||||
|
booktitle = {Stabilization, {{Safety}}, and {{Security}} of {{Distributed Systems}}},
|
||||||
|
author = {Shapiro, Marc and Pregui{\c c}a, Nuno and Baquero, Carlos and Zawirski, Marek},
|
||||||
|
year = {2011},
|
||||||
|
address = {{Berlin, Heidelberg}},
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@inproceedings{decandia_dynamo:_2007,
|
||||||
|
title = {Dynamo: {{Amazon}}'s {{Highly Available Key}}-Value {{Store}}},
|
||||||
|
booktitle = {{ACM SOSP}},
|
||||||
|
author = {DeCandia, Giuseppe and Hastorun, Deniz and Jampani, Madan and Kakulapati, Gunavardhan and Lakshman, Avinash and Pilchin, Alex and Sivasubramanian, Swaminathan and Vosshall, Peter and Vogels, Werner},
|
||||||
|
year = {2007},
|
||||||
|
address = {{New York, USA}},
|
||||||
|
}
|
||||||
|
|
7
doc/talks/2021-04-28_spirals-team/conclusion.tex
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
\section{Conclusion}
|
||||||
|
|
||||||
|
\begin{frame}{The future is cooler when we bend it our way}
|
||||||
|
|
||||||
|
Contributions welcome! :D
|
||||||
|
|
||||||
|
\end{frame}
|
124
doc/talks/2021-04-28_spirals-team/escaping_the_cloud.tex
Normal file
|
@ -0,0 +1,124 @@
|
||||||
|
\section{Escaping the cloud}
|
||||||
|
|
||||||
|
% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||||
|
% \begin{frame}{Down to Earth with home-hosting}
|
||||||
|
|
||||||
|
|
||||||
|
% \todo{Stanley Parabole reference?}
|
||||||
|
|
||||||
|
% \end{frame}
|
||||||
|
|
||||||
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||||
|
\begin{frame}{Why?}
|
||||||
|
|
||||||
|
\begin{itemize}
|
||||||
|
\item \textbf{Privacy}: no prying eyes besides your ISP
|
||||||
|
\item \textbf{Control} of your infrastructure
|
||||||
|
\item \textbf{Ecology}: reuse old hardware
|
||||||
|
\end{itemize}
|
||||||
|
|
||||||
|
\vfill
|
||||||
|
\begin{block}{\emph{Tim Berners-Lee} (1994)}
|
||||||
|
``Now, if someone tries to monopolize the Web, for example pushes proprietary variations on network protocols, then that would make me unhappy.''
|
||||||
|
\end{block}
|
||||||
|
|
||||||
|
\begin{itemize}
|
||||||
|
\item Make Tim Berners-Lee happy
|
||||||
|
\end{itemize}
|
||||||
|
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
|
||||||
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||||
|
\begin{frame}{What?}
|
||||||
|
|
||||||
|
\centering\Large
|
||||||
|
A data store for commodity hardware on heterogenous household connections.
|
||||||
|
|
||||||
|
|
||||||
|
\vfill\raggedright\normalsize
|
||||||
|
|
||||||
|
|
||||||
|
\begin{block}{Targetting user-facing services}
|
||||||
|
\begin{itemize}
|
||||||
|
\item Static sites
|
||||||
|
\item E-mails
|
||||||
|
\item Instant communication
|
||||||
|
%\item Video streaming % No need for a data store
|
||||||
|
\item Collaboration
|
||||||
|
\end{itemize}
|
||||||
|
\end{block}
|
||||||
|
\vfill
|
||||||
|
|
||||||
|
Nothing fancy like sensors data streams, AI or IoT.
|
||||||
|
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
|
||||||
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||||
|
\begin{frame}{What?}
|
||||||
|
|
||||||
|
|
||||||
|
\begin{block}{Requirements}
|
||||||
|
\begin{itemize}
|
||||||
|
\item \textbf{No single point of failure} / flat hierarchy:
|
||||||
|
|
||||||
|
Any node can die for extended periods of time.
|
||||||
|
\item \textbf{Multi-site}: cluster spans regions/countries.
|
||||||
|
\item \textbf{Acceptable performance}.
|
||||||
|
\item \textbf{Lightweight}: targets legacy hardware.
|
||||||
|
\item \textbf{Conceptually simple}: built for low-tech organisations.
|
||||||
|
|
||||||
|
Adding/maintaining cluster nodes should be easy.
|
||||||
|
\end{itemize}
|
||||||
|
\end{block}
|
||||||
|
\vfill
|
||||||
|
|
||||||
|
\begin{block}{Non-goals}
|
||||||
|
\begin{itemize}
|
||||||
|
\item \textbf{Super badass performance}.
|
||||||
|
\item \textbf{NAT traversal} etc.: we require full-mesh connectivity.
|
||||||
|
\end{itemize}
|
||||||
|
\end{block}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
|
||||||
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||||
|
\begin{frame}{How?}
|
||||||
|
|
||||||
|
\begin{itemize}
|
||||||
|
\item Theoretically possible with object storage \& CRDTs.
|
||||||
|
\vfill
|
||||||
|
\item Household uplinks are getting decent (optical fibers).
|
||||||
|
\end{itemize}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||||
|
\begin{frame}{Research Questions}
|
||||||
|
|
||||||
|
\begin{itemize}
|
||||||
|
\item Decent performance despite bad inter-node connectivity.
|
||||||
|
\vfill
|
||||||
|
|
||||||
|
\item Tailoring workloads as a function of nodes' capabilities:
|
||||||
|
|
||||||
|
\begin{itemize}
|
||||||
|
\item Make use of low-end nodes (e.g. Raspberry Pis),
|
||||||
|
\item Avoid impeding global performance because of low-end nodes.
|
||||||
|
\end{itemize}
|
||||||
|
\vfill
|
||||||
|
|
||||||
|
\item Building CRDTs for target use-cases:
|
||||||
|
|
||||||
|
\begin{itemize}
|
||||||
|
\item Software engineering: DSL or native code?
|
||||||
|
\item Provide APIs to data store users? Risky?
|
||||||
|
\end{itemize}
|
||||||
|
\vfill
|
||||||
|
|
||||||
|
\item Cluster management: effortless UX, low perf. overhead.
|
||||||
|
\end{itemize}
|
||||||
|
\end{frame}
|