Install/configure Garage

Add a garage cookbook that installs the garage binary distribution and creates the necessary configuration and system service. Also deploy two new VMs to act as storage nodes. refs #428
2022-11-22 21:23:56 +01:00
parent 9dc2b387d1
commit 7f5bb7efd5
25 changed files with 644 additions and 0 deletions
--- a/site-cookbooks/kosmos_garage/recipes/default.rb
+++ b/site-cookbooks/kosmos_garage/recipes/default.rb
@@ -0,0 +1,64 @@
+#
+# Cookbook:: kosmos_garage
+# Recipe:: default
+#
+
+remote_file 'garage' do
+  source "https://garagehq.deuxfleurs.fr/_releases/v#{node['garage']['version']}/x86_64-unknown-linux-musl/garage"
+  checksum node['garage']['checksum']['amd64']
+  path '/usr/local/bin/garage'
+  mode '0755'
+  ssl_verify_mode :verify_none if node.chef_environment == 'testing'
+  notifies :restart, 'service[garage]', :delayed
+end
+
+credentials = Chef::EncryptedDataBagItem.load('credentials', 'garage')
+
+template '/etc/garage.toml' do
+  source 'garage.toml.erb'
+  mode '0744'
+  variables metadata_dir: node['garage']['metadata_dir'] || '/var/lib/garage/meta',
+            data_dir: node['garage']['data_dir'] || '/var/lib/garage/data',
+            db_engine: node['garage']['db_engine'] || 'lmdb',
+            rpc_port: node['garage']['rpc_port'],
+            rpc_public_addr: "#{node.dig('knife_zero', 'host') || '127.0.0.1'}:#{node['garage']['rpc_port']}",
+            rpc_secret: credentials['rpc_secret'],
+            s3_region: node['garage']['s3_region'] || 'garage',
+            s3_api_port: node['garage']['s3_api_port'],
+            s3_api_root_domain: node['garage']['s3_api_root_domain'] || '.s3.garage.localhost',
+            s3_web_port: node['garage']['s3_web_port'],
+            s3_web_root_domain: node['garage']['s3_web_root_domain'] || '.web.garage.localhost',
+            k2v_api_port: node['garage']['k2v_api_port'],
+            admin_port: node['garage']['admin_port'],
+            admin_token: credentials['admin_token']
+  notifies :restart, 'service[garage]', :delayed
+end
+
+systemd_unit 'garage.service' do
+  content({
+    Unit: {
+      Description: 'Garage Data Store',
+      Documentation: ['https://garagehq.deuxfleurs.fr/documentation/quick-start/'],
+      After: 'network-online.target',
+      Wants: 'network-online.target'
+    },
+    Service: {
+      Environment: 'RUST_LOG=garage=info RUST_BACKTRACE=1',
+      ExecStart: '/usr/local/bin/garage server',
+      StateDirectory: 'garage',
+      DynamicUser: true,
+      ProtectHome: true,
+      NoNewPrivileges: true
+    },
+    Install: {
+      WantedBy: 'multi-user.target'
+    }
+  })
+  verify false
+  triggers_reload true
+  action [:create]
+end
+
+service 'garage' do
+  action [:enable, :start]
+end
--- a/site-cookbooks/kosmos_garage/recipes/firewall.rb
+++ b/site-cookbooks/kosmos_garage/recipes/firewall.rb
@@ -0,0 +1,36 @@
+include_recipe 'firewall'
+
+firewall_rule 'garage_s3_api' do
+  command  :allow
+  protocol :tcp
+  source   "10.1.1.0/24"
+  port     node['garage']['s3_api_port']
+end
+
+firewall_rule 'garage_rpc' do
+  command  :allow
+  protocol :tcp
+  source   "10.1.1.0/24"
+  port     node['garage']['rpc_port']
+end
+
+firewall_rule 'garage_s3_web' do
+  command  :allow
+  protocol :tcp
+  source   "10.1.1.0/24"
+  port     node['garage']['s3_web_port']
+end
+
+firewall_rule 'garage_admin' do
+  command  :allow
+  protocol :tcp
+  source   "10.1.1.0/24"
+  port     node['garage']['admin_port']
+end
+
+firewall_rule 'garage_k2v_api' do
+  command  :allow
+  protocol :tcp
+  source   "10.1.1.0/24"
+  port     node['garage']['k2v_api_port']
+end