forked from pub-solar/infra
docs: more garage CLI usage, avoid leaking secret
This commit is contained in:
parent
0ae6bc637b
commit
08f5c5ce67
|
@ -4,29 +4,64 @@
|
||||||
|
|
||||||
Requirements:
|
Requirements:
|
||||||
|
|
||||||
|
- `garage` RPC credentials, in the shared keepass, search for 'garage rpc secret'.
|
||||||
- [Setup WireGuard](./administrative-access.md#ssh-access) for hosts: `trinkgenossin`, optionally: `delite`, `blue-shell`
|
- [Setup WireGuard](./administrative-access.md#ssh-access) for hosts: `trinkgenossin`, optionally: `delite`, `blue-shell`
|
||||||
|
|
||||||
```
|
```
|
||||||
ssh barkeeper@trinkgenossin.wg.pub.solar
|
ssh barkeeper@trinkgenossin.wg.pub.solar
|
||||||
|
```
|
||||||
|
|
||||||
export GARAGE_RPC_SECRET=<secret-in-keepass>
|
```
|
||||||
|
# Add a few spaces to avoid leaking the secret to the shell history
|
||||||
|
export GARAGE_RPC_SECRET=<secret-in-keepass>
|
||||||
|
```
|
||||||
|
|
||||||
|
Now, you can run the following command to check the cluster status:
|
||||||
|
|
||||||
|
```
|
||||||
|
garage status
|
||||||
|
```
|
||||||
|
|
||||||
|
Command to list all existing buckets:
|
||||||
|
|
||||||
|
```
|
||||||
|
garage bucket list
|
||||||
|
```
|
||||||
|
|
||||||
|
Creating a new bucket and access keys:
|
||||||
|
|
||||||
|
```
|
||||||
garage bucket create <bucket-name>
|
garage bucket create <bucket-name>
|
||||||
garage key create <bucket-name>-key
|
garage key create <bucket-name>-key
|
||||||
garage bucket allow <bucket-name> --read --write --key <bucket-name>-key
|
garage bucket allow <bucket-name> --read --write --key <bucket-name>-key
|
||||||
```
|
```
|
||||||
|
|
||||||
Docs: https://garagehq.deuxfleurs.fr/documentation/quick-start/#creating-buckets-and-keys
|
Full example for `mastodon` bucket:
|
||||||
|
|
||||||
|
```
|
||||||
|
garage bucket create mastodon
|
||||||
|
|
||||||
|
garage key create mastodon-key
|
||||||
|
|
||||||
|
garage bucket allow mastodon --read --write --key mastodon-key
|
||||||
|
```
|
||||||
|
|
||||||
Then [setup your favourite S3 client](https://garagehq.deuxfleurs.fr/documentation/connect/cli/)
|
Then [setup your favourite S3 client](https://garagehq.deuxfleurs.fr/documentation/connect/cli/)
|
||||||
or use the bucket with any [S3 compatible software](https://garagehq.deuxfleurs.fr/documentation/connect/).
|
or use the bucket with any [S3 compatible software](https://garagehq.deuxfleurs.fr/documentation/connect/).
|
||||||
|
|
||||||
|
Further reading:
|
||||||
|
|
||||||
|
- https://garagehq.deuxfleurs.fr/documentation/quick-start/
|
||||||
|
- https://garagehq.deuxfleurs.fr/documentation/connect/
|
||||||
|
- https://garagehq.deuxfleurs.fr/documentation/connect/apps/#mastodon
|
||||||
|
|
||||||
### Notes on manual setup steps
|
### Notes on manual setup steps
|
||||||
|
|
||||||
```
|
```
|
||||||
ssh barkeeper@trinkgenossin.wg.pub.solar
|
ssh barkeeper@trinkgenossin.wg.pub.solar
|
||||||
|
|
||||||
export GARAGE_RPC_SECRET=<secret-in-keepass>
|
# Add a few spaces to avoid leaking the secret to the shell history
|
||||||
|
export GARAGE_RPC_SECRET=<secret-in-keepass>
|
||||||
|
|
||||||
# Uses the default config /etc/garage.toml
|
# Uses the default config /etc/garage.toml
|
||||||
garage node id
|
garage node id
|
||||||
|
|
Loading…
Reference in a new issue