Write some README
This commit is contained in:
parent
fa13cf6996
commit
c56de7fdd1
88
README.md
88
README.md
@ -1,16 +1,94 @@
|
|||||||
# Garage
|
# Garage
|
||||||
|
|
||||||
THIS IS ALL WORK IN PROGRESS. NOTHING TO SEE YET BUT THANKS FOR YOUR INTEREST.
|
Garage is a lightweight S3-compatible distributed object store, with the following goals:
|
||||||
|
|
||||||
Garage implements an S3-compatible object store with high resiliency to network failures, machine failure, and sysadmin failure.
|
- As self-contained as possible
|
||||||
|
- Easy to set up
|
||||||
|
- Highly resilient to network failures, network latency, disk failures, sysadmin failures
|
||||||
|
- Relatively simple
|
||||||
|
- Made for multi-datacenter deployments
|
||||||
|
|
||||||
## To log:
|
Non-goals include:
|
||||||
|
|
||||||
|
- Extremely high performance
|
||||||
|
- Complete implementation of the S3 API
|
||||||
|
- Erasure coding (our replication model is simply to copy the data as is on several nodes)
|
||||||
|
|
||||||
|
Our main use case is to provide a distributed storage layer for small-scale self hosted services such as [Deuxfleurs](https://deuxfleurs.fr).
|
||||||
|
|
||||||
|
## Setting up Garage
|
||||||
|
|
||||||
|
Use the `genkeys.sh` script to generate TLS keys for encrypting communications between Garage nodes.
|
||||||
|
The script takes no arguments and will generate keys in `pki/`.
|
||||||
|
This script creates a certificate authority `garage-ca` which signs certificates for individual Garage nodes.
|
||||||
|
Garage nodes from a same cluster authenticate themselves by verifying that they have certificates signed by the same certificate authority.
|
||||||
|
|
||||||
|
Garage requires two locations to store its data: a metadata directory, and a data directory.
|
||||||
|
The metadata directory is used to store metadata such as object lists, and should ideally be located on an SSD drive.
|
||||||
|
The data directory is used to store the chunks of data of the objects stored in Garage.
|
||||||
|
In a typical deployment the data directory is stored on a standard HDD.
|
||||||
|
|
||||||
|
Garage does not handle TLS for its S3 API endpoint. This should be handled by adding a reverse proxy.
|
||||||
|
|
||||||
|
Create a configuration file with the following structure:
|
||||||
|
|
||||||
```
|
```
|
||||||
RUST_LOG=garage=debug cargo run --release -- server -c config_file.toml
|
block_size = 1048576 # objects are split in blocks of maximum this number of bytes
|
||||||
|
|
||||||
|
metadata_dir = "/path/to/ssd/metadata/directory"
|
||||||
|
data_dir = "/path/to/hdd/data/directory"
|
||||||
|
|
||||||
|
rpc_bind_addr = "[::]:3901" # the port other Garage nodes will use to talk to this node
|
||||||
|
|
||||||
|
bootstrap_peers = [
|
||||||
|
# Ideally this list should contain the IP addresses of all other Garage nodes of the cluster.
|
||||||
|
# Use Ansible or any kind of configuration templating to generate this automatically.
|
||||||
|
"10.0.0.1:3901",
|
||||||
|
"10.0.0.2:3901",
|
||||||
|
"10.0.0.3:3901",
|
||||||
|
]
|
||||||
|
|
||||||
|
[rpc_tls]
|
||||||
|
# NOT RECOMMENDED: you can skip this section if you don't want to encrypt intra-cluster traffic
|
||||||
|
# Thanks to genkeys.sh, generating the keys and certificates is easy, so there is NO REASON NOT TO DO IT.
|
||||||
|
ca_cert = "/path/to/garage/pki/garage-ca.crt"
|
||||||
|
node_cert = "/path/to/garage/pki/garage.crt"
|
||||||
|
node_key = "/path/to/garage/pki/garage.key"
|
||||||
|
|
||||||
|
[s3_api]
|
||||||
|
api_bind_addr = "[::1]:3900" # the S3 API port, HTTP without TLS. Add a reverse proxy for the TLS part.
|
||||||
|
region = "garage" # set this to anything. S3 API calls will fail if they are not made against the region set here.
|
||||||
```
|
```
|
||||||
|
|
||||||
## What to repair
|
Build Garage using `cargo build --release`.
|
||||||
|
Then, run it using either `./target/release/garage server -c path/to/config_file.toml` or `cargo run --release -- server -c path/to/config_file.toml`.
|
||||||
|
|
||||||
|
Set the `RUST_LOG` environment to `garage=debug` to dump some debug information.
|
||||||
|
Set it to `garage=trace` to dump even more debug information.
|
||||||
|
Set it to `garage=warn` to show nothing except warnings and errors.
|
||||||
|
|
||||||
|
## Setting up cluster nodes
|
||||||
|
|
||||||
|
Once all your `garage` nodes are running, you will need to:
|
||||||
|
|
||||||
|
1. check that they are correctly talking to one another;
|
||||||
|
2. configure them with their physical location (in the case of a multi-dc deployment) and a number of "ring tokens" proportionnal to the storage space available on each node;
|
||||||
|
3. create some S3 API keys and buckets;
|
||||||
|
4. ???;
|
||||||
|
5. profit!
|
||||||
|
|
||||||
|
To run these administrative tasks, you will need to use the `garage` command line tool and it to connect to any of the cluster's nodes on the RPC port.
|
||||||
|
The `garage` CLI also needs TLS keys and certificates of its own to authenticate and be authenticated in the cluster.
|
||||||
|
A typicall invocation will be as follows:
|
||||||
|
|
||||||
|
```
|
||||||
|
./target/release/garage --ca-cert=pki/garage-ca.crt --client-cert=pki/garage-client.crt --client-key=pki/garage-client.key <...>
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
## Notes to self
|
||||||
|
|
||||||
|
### What to repair
|
||||||
|
|
||||||
- `tables`: to do a full sync of metadata, should not be necessary because it is done every hour by the system
|
- `tables`: to do a full sync of metadata, should not be necessary because it is done every hour by the system
|
||||||
- `versions` and `block_refs`: very time consuming, usefull if deletions have not been propagated, improves garbage collection
|
- `versions` and `block_refs`: very time consuming, usefull if deletions have not been propagated, improves garbage collection
|
||||||
|
Loading…
Reference in New Issue
Block a user