Compare commits
21 Commits
rpc_secret
...
export-met
| Author | SHA1 | Date | |
|---|---|---|---|
7cd5a6f5dc
|
|||
|
c3334ab580
|
|||
| 796ee6c2d4 | |||
| b484236fea | |||
| 680e3850c5 | |||
| dfb679b1c0 | |||
| 6e94e67109 | |||
| 2717590054 | |||
| d7637a6e6e | |||
| 37dbb6caa8 | |||
| 04463dffe8 | |||
| 97e96ed1d3 | |||
| 88d46b767e | |||
| baa4167a89 | |||
| 3741560b13 | |||
| 46ba380e45 | |||
| ff778eab62 | |||
| aeb6675be4 | |||
| 7d1b4ddc77 | |||
| 7e8571306a | |||
| 16633d97e1 |
52
.drone.yml
52
.drone.yml
@ -2,37 +2,39 @@
|
||||
kind: pipeline
|
||||
name: deploy to swarm-test.autonomic.zone
|
||||
steps:
|
||||
- name: deployment
|
||||
image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
|
||||
settings:
|
||||
host: swarm-test.autonomic.zone
|
||||
stack: example_com # UPDATE ME
|
||||
generate_secrets: true
|
||||
purge: true
|
||||
deploy_key:
|
||||
from_secret: drone_ssh_swarm_test
|
||||
networks:
|
||||
- proxy
|
||||
environment:
|
||||
DOMAIN: example.swarm-test.autonomic.zone # UPDATE ME
|
||||
STACK_NAME: example_com # UPDATE ME
|
||||
LETS_ENCRYPT_ENV: production
|
||||
- name: deployment
|
||||
image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
|
||||
settings:
|
||||
host: swarm-test.autonomic.zone
|
||||
stack: garage
|
||||
generate_secrets: true
|
||||
purge: true
|
||||
deploy_key:
|
||||
from_secret: drone_ssh_swarm_test
|
||||
networks:
|
||||
- proxy
|
||||
compose: "compose.yml"
|
||||
environment:
|
||||
DOMAIN: garage.swarm-test.autonomic.zone
|
||||
STACK_NAME: garage
|
||||
LETS_ENCRYPT_ENV: production
|
||||
SECRET_RPC_SECRET_VERSION: v1
|
||||
trigger:
|
||||
branch:
|
||||
- main
|
||||
- main
|
||||
---
|
||||
kind: pipeline
|
||||
name: generate recipe catalogue
|
||||
steps:
|
||||
- name: release a new version
|
||||
image: plugins/downstream
|
||||
settings:
|
||||
server: https://build.coopcloud.tech
|
||||
token:
|
||||
from_secret: drone_abra-bot_token
|
||||
fork: true
|
||||
repositories:
|
||||
- coop-cloud/auto-recipes-catalogue-json
|
||||
- name: release a new version
|
||||
image: plugins/downstream
|
||||
settings:
|
||||
server: https://build.coopcloud.tech
|
||||
token:
|
||||
from_secret: drone_abra-bot_token
|
||||
fork: true
|
||||
repositories:
|
||||
- toolshed/auto-recipes-catalogue-json
|
||||
|
||||
trigger:
|
||||
event: tag
|
||||
|
||||
@ -6,6 +6,11 @@ LETS_ENCRYPT_ENV=production
|
||||
COMPOSE_FILE="compose.yml"
|
||||
|
||||
SECRET_RPC_SECRET_VERSION=v1 # length=64 charset=hex
|
||||
SECRET_ADMIN_TOKEN_SECRET_VERSION=v1 # length=64 charset=hex
|
||||
SECRET_METRICS_TOKEN_SECRET_VERSION=v1 # length=64 charset=hex
|
||||
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.monitoring.yml"
|
||||
#MONITORING_ENABLED=true
|
||||
|
||||
# Changing the replication factor after initial deployment is not
|
||||
# supported and requires deleting the existing cluster layout metadata.
|
||||
|
||||
40
README.md
40
README.md
@ -1,4 +1,4 @@
|
||||
# garage
|
||||
# Garage
|
||||
|
||||
> An open-source distributed object storage service tailored for selfhosting at a small-to-medium scale.
|
||||
|
||||
@ -10,7 +10,7 @@
|
||||
* **Healthcheck**: No
|
||||
* **Backups**: No
|
||||
* **Email**: N/A
|
||||
* **Tests**: No
|
||||
* **Tests**: Yes
|
||||
* **SSO**: N/A
|
||||
|
||||
<!-- endmetadata -->
|
||||
@ -52,7 +52,43 @@ You can optionally add this alias to your `.bashrc` (or similar) file to avoid h
|
||||
### Garage Quick Start Guide
|
||||
Once `garage status` works, you can follow the guide here: https://garagehq.deuxfleurs.fr/documentation/quick-start/#checking-that-garage-runs-correctly
|
||||
|
||||
## Monitoring
|
||||
|
||||
### Enabling
|
||||
|
||||
By default monitoring is disabled and must be enabled in your config.
|
||||
|
||||
To enable, set `MONITORING` to `true` and uncomment the line `#COMPOSE_FILE="$COMPOSE_FILE:compose.monitoring.yml"`.
|
||||
|
||||
> If you've deployed garage before ver `0.0.2+v2.3.0` then you will need to add the following lines to your config:
|
||||
> ```
|
||||
> MONITORING_DOMAIN=monitoring.garage.example.com
|
||||
> SECRET_ADMIN_TOKEN_SECRET_VERSION=v1 # length=64 charset=hex
|
||||
> SECRET_METRICS_TOKEN_SECRET_VERSION=v1 # length=64 charset=hex
|
||||
>
|
||||
> #COMPOSE_FILE="$COMPOSE_FILE:compose.monitoring.yml"
|
||||
> MONITORING="true"
|
||||
> ```
|
||||
|
||||
If you're using the
|
||||
[monitoring-ng](https://recipes.coopcloud.tech/monitoring-ng) recipe,
|
||||
insert the `metrics_token` with the value of `basic_auth`:
|
||||
|
||||
```sh
|
||||
abra app secret insert garage.example.coop v1 metrics_token BASIC_AUTH
|
||||
```
|
||||
|
||||
### Deploying
|
||||
|
||||
Now, undeploy the service, generate the new secrets, and finally re-deploy:
|
||||
```
|
||||
abra app undeploy <app-domain>
|
||||
abra app secret generate --all <app-domain>
|
||||
abra app deploy <app-domain>
|
||||
```
|
||||
### Utilizing metrics
|
||||
|
||||
Within your chosen monitoring software (ie. Telegraf, Prometheus, etc.), you'll need to make sure it interprets the correct scheme (https), and point it at <app-domain>/metrics as the monitoring endpoint. The secret you copied earlier called metrics_token will be used to authenticate the request.
|
||||
|
||||
## Backups
|
||||
|
||||
|
||||
29
compose.monitoring.yml
Normal file
29
compose.monitoring.yml
Normal file
@ -0,0 +1,29 @@
|
||||
---
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
secrets:
|
||||
- source: metrics_token
|
||||
mode: 0600
|
||||
- source: admin_token
|
||||
mode: 0600
|
||||
deploy:
|
||||
labels:
|
||||
- "traefik.http.routers.${STACK_NAME}-metrics.rule=Host(`${DOMAIN}`) && Path(`/metrics`)"
|
||||
- "traefik.http.routers.${STACK_NAME}-metrics.entrypoints=web-secure"
|
||||
- "traefik.http.routers.${STACK_NAME}-metrics.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
- "traefik.http.routers.${STACK_NAME}-metrics.service=${STACK_NAME}-metrics"
|
||||
- "traefik.http.services.${STACK_NAME}-metrics.loadbalancer.server.port=3903"
|
||||
- "prometheus.io/scrape=true"
|
||||
- "prometheus.io/port=3903"
|
||||
- "prometheus.io/path=/metrics"
|
||||
- "prometheus.io/auth=bearer"
|
||||
|
||||
secrets:
|
||||
admin_token:
|
||||
name: ${STACK_NAME}_admin_token_${SECRET_ADMIN_TOKEN_SECRET_VERSION}
|
||||
external: true
|
||||
metrics_token:
|
||||
name: ${STACK_NAME}_metrics_token_${SECRET_METRICS_TOKEN_SECRET_VERSION}
|
||||
external: true
|
||||
@ -23,6 +23,7 @@ services:
|
||||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
|
||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
- "traefik.http.routers.${STACK_NAME}.service=${STACK_NAME}"
|
||||
- "traefik.tcp.routers.${STACK_NAME}-rpc.rule=HostSNI(`*`)"
|
||||
- "traefik.tcp.routers.${STACK_NAME}-rpc.entrypoints=garage-rpc"
|
||||
- "traefik.tcp.services.${STACK_NAME}-rpc.loadbalancer.server.port=3901"
|
||||
@ -33,6 +34,12 @@ services:
|
||||
volumes:
|
||||
- "${LOCAL_FOLDER_META:-meta}:/var/lib/garage/meta"
|
||||
- "${LOCAL_FOLDER_DATA:-data}:/var/lib/garage/data"
|
||||
healthcheck:
|
||||
test: ["CMD", "/garage", "status"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 10
|
||||
start_period: 10s
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
|
||||
@ -27,3 +27,11 @@ bootstrap_peers = [
|
||||
s3_region = "garage"
|
||||
api_bind_addr = "[::]:3900"
|
||||
root_domain = ".s3.garage"
|
||||
|
||||
{{ if eq (env "MONITORING_ENABLED") "true" }}
|
||||
[admin]
|
||||
api_bind_addr = "[::]:3903"
|
||||
admin_token_file = "/run/secrets/admin_token"
|
||||
metrics_require_token = true
|
||||
metrics_token_file = "/run/secrets/metrics_token"
|
||||
{{ end }}
|
||||
Reference in New Issue
Block a user