job "garage" { datacenters = ["zuma-house", "gribse-house", "mayel-house"] type = "system" priority = 80 group "garage" { network { port "s3" { static = 3900 } port "rpc" { static = 3901 } port "web" { static = 3902 } port "admin" { static = 3903 } port "k2v" { static = 3904 } } task "server" { # V---- useful to operate a maintenance on one garage node # do not forget to check that garage is fully healthy before # constraint { # attribute = "${attr.unique.hostname}" # operator = "!=" # value = "pamplemousse" # } driver = "docker" config { image = "dxflrs/garage:v2.1.0" command = "/garage" args = [ "server" ] network_mode = "host" volumes = [ "/data/garage/data:/data", "/data/garage/meta:/meta", "secrets/garage.toml:/etc/garage.toml", ] logging { type = "journald" } } template { data = file("./garage.toml") destination = "secrets/garage.toml" change_mode = "noop" } resources { memory = 1000 memory_max = 3000 cpu = 1000 } kill_timeout = "20s" restart { interval = "30m" attempts = 10 delay = "15s" mode = "delay" } #### Configuration for service ports: admin port (internal use only) service { name = "garage-admin" port = "admin" address_mode = "host" # Check that Garage is alive and answering TCP connections check { type = "tcp" interval = "60s" timeout = "5s" check_restart { limit = 3 grace = "90s" ignore_warnings = false } } } #### Configuration for service ports: externally available ports (S3 API, K2V, web) service { name = "garage-api" tags = [ "garage_api", "tricot garage.chokbar.bzh", "tricot *.garage.chokbar.bzh", "tricot-on-demand-tls-ask http://garage-admin.service.filouterie.consul:3903/check", ] port = "s3" address_mode = "host" # Check 1: Garage is alive and answering TCP connections check { name = "garage-api-live" type = "tcp" interval = "60s" timeout = "5s" check_restart { limit = 3 grace = "90s" ignore_warnings = false } } # Check 2: Garage is in a healthy state and requests should be routed here check { name = "garage-api-healthy" port = "admin" type = "http" path = "/health" interval = "60s" timeout = "5s" } } service { name = "garage-k2v" tags = [ "garage_k2v", "tricot k2v.chokbar.bzh", ] port = "k2v" address_mode = "host" # Check 1: Garage is alive and answering TCP connections check { name = "garage-k2v-live" type = "tcp" interval = "60s" timeout = "5s" check_restart { limit = 3 grace = "90s" ignore_warnings = false } } # Check 2: Garage is in a healthy state and requests should be routed here check { name = "garage-k2v-healthy" port = "admin" type = "http" path = "/health" interval = "60s" timeout = "5s" } } service { name = "garage-web" tags = [ "garage-web", "tricot * 1", "tricot-add-header Strict-Transport-Security max-age=63072000; includeSubDomains; preload", "tricot-add-header X-XSS-Protection 1; mode=block", "tricot-add-header X-Content-Type-Options nosniff", "tricot-on-demand-tls-ask http://garage-admin.service.filouterie.consul:3903/check", ] port = "web" address_mode = "host" # Check 1: Garage is alive and answering TCP connections check { name = "garage-web-live" type = "tcp" interval = "60s" timeout = "5s" check_restart { limit = 3 grace = "90s" ignore_warnings = false } } # Check 2: Garage is in a healthy state and requests should be routed here check { name = "garage-web-healthy" port = "admin" type = "http" path = "/health" interval = "60s" timeout = "5s" } } } } }