Enable the garage admin interface

It's not clear how we would be using it at this point, and garage 0.8.0
allows us to leave it off, so might as well do so.

AppDir/etc/daemon.yml

@@ -64,7 +64,7 @@ storage:
   # Capacity declares how many gigabytes can be stored in each allocation, and
   # is required. It must be a multiple of 100.
   #
-  # The various ports are all required and must all be unique within and across
+  # The ports are all required and must all be unique within and across
   # allocations.
   allocations:
 
@@ -73,4 +73,4 @@ storage:
     #  capacity: 1200
     #  api_port: 3900
     #  rpc_port: 3901
-    #  web_port: 3902
+    #  admin_port: 3902

docs/operator/contributing-storage.md

@@ -36,7 +36,6 @@ storage:
       capacity: 1200
       api_port: 3900
       rpc_port: 3901
-      web_port: 3902
 
     # 100 GB (the minimum) are being shared from drive2
     - data_path: /mnt/drive2/cryptic-net/data
@@ -44,7 +43,6 @@ storage:
       capacity: 100
       api_port: 3910
       rpc_port: 3911
-      web_port: 3912
 ```
 
 ## Setup Firewall

go-workspace/src/bootstrap/bootstrap.go

@@ -32,6 +32,7 @@ type Bootstrap struct {
 	NebulaHostCert nebula.HostCert
 
 	GarageRPCSecret                    string
+	GarageAdminToken                   string
 	GarageGlobalBucketS3APICredentials garage.S3APICredentials
 }
 
@@ -65,6 +66,7 @@ func FromFS(bootstrapFS fs.FS) (Bootstrap, error) {
 		{&b.NebulaHostCert.HostCert, nebulaCertsHostCertPath},
 		{&b.NebulaHostCert.HostKey, nebulaCertsHostKeyPath},
 		{&b.GarageRPCSecret, garageRPCSecretPath},
+		{&b.GarageAdminToken, garageAdminTokenPath},
 	}
 
 	for _, f := range filesToLoadAsString {
@@ -115,6 +117,7 @@ func (b Bootstrap) WriteTo(into io.Writer) error {
 		{b.NebulaHostCert.HostCert, nebulaCertsHostCertPath},
 		{b.NebulaHostCert.HostKey, nebulaCertsHostKeyPath},
 		{b.GarageRPCSecret, garageRPCSecretPath},
+		{b.GarageAdminToken, garageAdminTokenPath},
 	}
 
 	for _, f := range filesToWriteAsString {

go-workspace/src/bootstrap/garage.go

@@ -7,8 +7,9 @@ import (
 
 // Paths within the bootstrap FS related to garage.
 const (
-	garageGlobalBucketKeyYmlPath = "garage/cryptic-net-global-bucket-key.yml"
 	garageRPCSecretPath          = "garage/rpc-secret.txt"
+	garageAdminTokenPath         = "garage/admin-token.txt"
+	garageGlobalBucketKeyYmlPath = "garage/cryptic-net-global-bucket-key.yml"
 )
 
 // GaragePeers returns a Peer for each known garage instance in the network.

go-workspace/src/bootstrap/hosts.go

@@ -24,7 +24,6 @@ type NebulaHost struct {
 type GarageHostInstance struct {
 	RPCPort   int `yaml:"rpc_port"`
 	S3APIPort int `yaml:"s3_api_port"`
-	WebPort   int `yaml:"web_port"`
 }
 
 // GarageHost describes the garage configuration of a Host which is relevant for

go-workspace/src/cmd/entrypoint/admin.go

@@ -4,11 +4,21 @@ import (
 	"cryptic-net/admin"
 	"cryptic-net/bootstrap"
 	"cryptic-net/nebula"
+	"crypto/rand"
+	"encoding/hex"
 	"errors"
 	"fmt"
 	"os"
 )
 
+func randStr(l int) string {
+	b := make([]byte, l)
+	if _, err := rand.Read(b); err != nil {
+		panic(err)
+	}
+	return hex.EncodeToString(b)
+}
+
 func readAdmin(path string) (admin.Admin, error) {
 
 	if path == "-" {
@@ -94,6 +104,7 @@ var subCmdAdminMakeBootstrap = subCmd{
 			NebulaHostCert: nebulaHostCert,
 
 			GarageRPCSecret:                    adm.GarageRPCSecret,
+			GarageAdminToken:                   randStr(32),
 			GarageGlobalBucketS3APICredentials: adm.GarageGlobalBucketS3APICredentials,
 		}
 

go-workspace/src/cmd/entrypoint/daemon_util.go

@@ -60,7 +60,6 @@ func mergeDaemonIntoBootstrap(env *crypticnet.Env) error {
 			host.Garage.Instances = append(host.Garage.Instances, bootstrap.GarageHostInstance{
 				RPCPort:   alloc.RPCPort,
 				S3APIPort: alloc.S3APIPort,
-				WebPort:   alloc.WebPort,
 			})
 		}
 	}
@@ -156,11 +155,12 @@ func garageWriteChildConf(
 		MetaPath: alloc.MetaPath,
 		DataPath: alloc.DataPath,
 
-		RPCSecret: env.Bootstrap.GarageRPCSecret,
+		RPCSecret:  env.Bootstrap.GarageRPCSecret,
+		AdminToken: env.Bootstrap.GarageAdminToken,
 
-		RPCAddr: net.JoinHostPort(thisHost.Nebula.IP, strconv.Itoa(alloc.RPCPort)),
+		RPCAddr:   net.JoinHostPort(thisHost.Nebula.IP, strconv.Itoa(alloc.RPCPort)),
-		APIAddr: net.JoinHostPort(thisHost.Nebula.IP, strconv.Itoa(alloc.S3APIPort)),
+		APIAddr:   net.JoinHostPort(thisHost.Nebula.IP, strconv.Itoa(alloc.S3APIPort)),
-		WebAddr: net.JoinHostPort(thisHost.Nebula.IP, strconv.Itoa(alloc.WebPort)),
+		AdminAddr: net.JoinHostPort(thisHost.Nebula.IP, strconv.Itoa(alloc.AdminPort)),
 
 		BootstrapPeers: env.Bootstrap.GarageRPCPeerAddrs(),
 	})

go-workspace/src/cmd/nebula-entrypoint/main.go

@@ -102,11 +102,6 @@ func Main() {
 				Proto: "tcp",
 				Host:  "any",
 			},
-			crypticnet.ConfigFirewallRule{
-				Port:  strconv.Itoa(alloc.WebPort),
-				Proto: "tcp",
-				Host:  "any",
-			},
 		)
 	}
 

go-workspace/src/daemon_yml.go

@@ -31,9 +31,9 @@ type DaemonYmlStorageAllocation struct {
 	DataPath  string `yaml:"data_path"`
 	MetaPath  string `yaml:"meta_path"`
 	Capacity  int    `yaml:"capacity"`
-	S3APIPort int    `yaml:"api_port"` // TODO fix field name here
+	S3APIPort int    `yaml:"s3_api_port"`
 	RPCPort   int    `yaml:"rpc_port"`
-	WebPort   int    `yaml:"web_port"`
+	AdminPort int    `yaml:"admin_port"`
 }
 
 // DaemonYml describes the structure of the daemon.yml file.

go-workspace/src/garage/tpl.go

@@ -13,11 +13,12 @@ type GarageTomlData struct {
 	MetaPath string
 	DataPath string
 
-	RPCSecret string
+	RPCSecret  string
+	AdminToken string
 
-	RPCAddr string
+	RPCAddr   string
-	APIAddr string
+	APIAddr   string
-	WebAddr string
+	AdminAddr string
 
 	BootstrapPeers []string
 }
@@ -41,9 +42,9 @@ bootstrap_peers = [{{- range .BootstrapPeers }}
 api_bind_addr = "{{ .APIAddr }}"
 s3_region = "garage"
 
-[s3_web]
+[admin]
-bind_addr = "{{ .WebAddr }}"
+api_bind_addr = "{{ .AdminAddr }}"
-root_domain = ".example.com"
+admin_token = "{{ .AdminToken }}"
 
 `))