mirror of
https://git.deuxfleurs.fr/Deuxfleurs/garage.git
synced 2024-12-25 08:30:40 +00:00
make most changes suggested during install-party
This commit is contained in:
parent
ebd21b325e
commit
289521886b
6 changed files with 17 additions and 13 deletions
|
@ -92,7 +92,7 @@ Then, replace the broken node by the new one, using:
|
|||
|
||||
```
|
||||
garage node configure --replace <old_node_id> \
|
||||
-c <capacity> -d <datacenter> -t <node_tag> <new_node_id>
|
||||
-c <capacity> -z <zone> -t <node_tag> <new_node_id>
|
||||
```
|
||||
|
||||
Garage will then start synchronizing all required data on the new node.
|
||||
|
|
|
@ -72,7 +72,7 @@ Use the following command to start Garage in a docker container:
|
|||
```
|
||||
docker run -d \
|
||||
-p 3901:3901 -p 3902:3902 -p 3900:3900 \
|
||||
-v ./config.toml:/garage/config.toml \
|
||||
-v $PWD/garage.toml:/garage/garage.toml \
|
||||
lxpz/garage_amd64:v0.3.0
|
||||
```
|
||||
|
||||
|
@ -82,7 +82,7 @@ at launch time. For instance:
|
|||
```
|
||||
docker run -d \
|
||||
-p 3901:3901 -p 3902:3902 -p 3900:3900 \
|
||||
-v ./config.toml:/garage/config.toml \
|
||||
-v $PWD/garage.toml:/garage/garage.toml \
|
||||
-e RUST_LOG=garage=info \
|
||||
lxpz/garage_amd64:v0.3.0
|
||||
```
|
||||
|
|
|
@ -12,7 +12,7 @@ You first need to generate TLS certificates to encrypt traffic between Garage no
|
|||
To generate your TLS certificates, run on your machine:
|
||||
|
||||
```
|
||||
wget https://git.deuxfleurs.fr/Deuxfleurs/garage/raw/branch/master/genkeys.sh
|
||||
wget https://git.deuxfleurs.fr/Deuxfleurs/garage/raw/branch/main/genkeys.sh
|
||||
chmod +x genkeys.sh
|
||||
./genkeys.sh
|
||||
```
|
||||
|
@ -49,13 +49,13 @@ For our example, we will suppose the following infrastructure with IPv6 connecti
|
|||
On each machine, we will have a similar setup,
|
||||
especially you must consider the following folders/files:
|
||||
|
||||
- `/etc/garage/config.toml`: Garage daemon's configuration (see below)
|
||||
- `/etc/garage/garage.toml`: Garage daemon's configuration (see below)
|
||||
- `/etc/garage/pki/`: Folder containing Garage certificates, must be generated on your computer and copied on the servers
|
||||
- `/var/lib/garage/meta/`: Folder containing Garage's metadata, put this folder on a SSD if possible
|
||||
- `/var/lib/garage/data/`: Folder containing Garage's data, this folder will grows and must be on a large storage, possibly big HDDs.
|
||||
- `/etc/systemd/system/garage.service`: Service file to start garage at boot automatically (defined below, not required if you use docker)
|
||||
|
||||
A valid `/etc/garage/config.toml` for our cluster would be:
|
||||
A valid `/etc/garage/garage.toml` for our cluster would be:
|
||||
|
||||
```toml
|
||||
metadata_dir = "/var/lib/garage/meta"
|
||||
|
@ -103,7 +103,7 @@ docker run \
|
|||
--restart always \
|
||||
--network host \
|
||||
-v /etc/garage/pki:/etc/garage/pki \
|
||||
-v /etc/garage/config.toml:/garage/config.toml \
|
||||
-v /etc/garage/garage.toml:/garage/garage.toml \
|
||||
-v /var/lib/garage/meta:/var/lib/garage/meta \
|
||||
-v /var/lib/garage/data:/var/lib/garage/data \
|
||||
lxpz/garage_amd64:v0.3.0
|
||||
|
@ -130,7 +130,7 @@ Wants=network-online.target
|
|||
|
||||
[Service]
|
||||
Environment='RUST_LOG=garage=info' 'RUST_BACKTRACE=1'
|
||||
ExecStart=/usr/local/bin/garage server -c /etc/garage/config.toml
|
||||
ExecStart=/usr/local/bin/garage server -c /etc/garage/garage.toml
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
|
@ -11,7 +11,7 @@ As this part is not relevant for a test cluster, you can use this three-liner to
|
|||
|
||||
```bash
|
||||
garagectl status | grep UNCONFIGURED | grep -Po '^[0-9a-f]+' | while read id; do
|
||||
garagectl node configure -d dc1 -c 1 $id
|
||||
garagectl node configure -z dc1 -c 1 $id
|
||||
done
|
||||
```
|
||||
|
||||
|
|
|
@ -125,7 +125,7 @@ pub enum BucketOperation {
|
|||
#[structopt(name = "allow")]
|
||||
Allow(PermBucketOpt),
|
||||
|
||||
/// Allow key to read or write to bucket
|
||||
/// Deny key from reading or writing to bucket
|
||||
#[structopt(name = "deny")]
|
||||
Deny(PermBucketOpt),
|
||||
|
||||
|
|
|
@ -279,9 +279,13 @@ impl RpcHttpClient {
|
|||
tls_config: &Option<TlsConfig>,
|
||||
) -> Result<Self, Error> {
|
||||
let method = if let Some(cf) = tls_config {
|
||||
let ca_certs = tls_util::load_certs(&cf.ca_cert)?;
|
||||
let node_certs = tls_util::load_certs(&cf.node_cert)?;
|
||||
let node_key = tls_util::load_private_key(&cf.node_key)?;
|
||||
let ca_certs = tls_util::load_certs(&cf.ca_cert).map_err(|e| {
|
||||
Error::Message(format!("Failed to open CA certificate file: {:?}", e))
|
||||
})?;
|
||||
let node_certs = tls_util::load_certs(&cf.node_cert)
|
||||
.map_err(|e| Error::Message(format!("Failed to open certificate file: {:?}", e)))?;
|
||||
let node_key = tls_util::load_private_key(&cf.node_key)
|
||||
.map_err(|e| Error::Message(format!("Failed to open private key file: {:?}", e)))?;
|
||||
|
||||
let mut config = rustls::ClientConfig::new();
|
||||
|
||||
|
|
Loading…
Reference in a new issue