diff --git a/.woodpecker/debug.yaml b/.woodpecker/debug.yaml
index 4dc7d3c9..6cfbab7a 100644
--- a/.woodpecker/debug.yaml
+++ b/.woodpecker/debug.yaml
@@ -16,6 +16,16 @@ steps:
commands:
- nix-build -j4 --attr flakePackages.fmt
+ - name: check typos
+ image: nixpkgs/nix:nixos-24.05
+ commands:
+ - nix-shell --attr ci --run typos
+
+ - name: check lints with clippy
+ image: nixpkgs/nix:nixos-24.05
+ commands:
+ - nix-build -j4 --attr flakePackages.clippy
+
- name: build
image: nixpkgs/nix:nixos-24.05
commands:
diff --git a/.woodpecker/release.yaml b/.woodpecker/release.yaml
index a94a9ccf..4133b92d 100644
--- a/.woodpecker/release.yaml
+++ b/.woodpecker/release.yaml
@@ -38,7 +38,15 @@ steps:
- matrix:
ARCH: i386
- - name: upgrade tests
+ - name: upgrade tests from v1.0.0
+ image: nixpkgs/nix:nixos-24.05
+ commands:
+ - nix-shell --attr ci --run "./script/test-upgrade.sh v1.0.0 x86_64-unknown-linux-musl" || (cat /tmp/garage.log; false)
+ when:
+ - matrix:
+ ARCH: amd64
+
+ - name: upgrade tests from v0.8.4
image: nixpkgs/nix:nixos-24.05
commands:
- nix-shell --attr ci --run "./script/test-upgrade.sh v0.8.4 x86_64-unknown-linux-musl" || (cat /tmp/garage.log; false)
diff --git a/Cargo.lock b/Cargo.lock
index 7473d9af..968126e0 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -301,9 +301,9 @@ dependencies = [
[[package]]
name = "aws-sdk-s3"
-version = "1.120.0"
+version = "1.102.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "06673901e961f20fa8d7da907da48f7ad6c1b383e3726c22bd418900f015abe1"
+checksum = "75ddb925e840f49446aa6338b67abdbec04b4ebf923b7da038ec4c35afb916cd"
dependencies = [
"aws-credential-types",
"aws-runtime",
@@ -313,7 +313,6 @@ dependencies = [
"aws-smithy-eventstream",
"aws-smithy-http",
"aws-smithy-json",
- "aws-smithy-observability",
"aws-smithy-runtime",
"aws-smithy-runtime-api",
"aws-smithy-types",
@@ -370,9 +369,9 @@ dependencies = [
[[package]]
name = "aws-smithy-checksums"
-version = "0.63.13"
+version = "0.63.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "23374b9170cbbcc6f5df8dc5ebb9b6c5c28a3c8f599f0e8b8b10eb6f4a5c6e74"
+checksum = "9054b4cc5eda331cde3096b1576dec45365c5cbbca61d1fffa5f236e251dfce7"
dependencies = [
"aws-smithy-http",
"aws-smithy-types",
@@ -865,42 +864,16 @@ dependencies = [
"libc",
]
-[[package]]
-name = "crc"
-version = "3.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9710d3b3739c2e349eb44fe848ad0b7c8cb1e42bd87ee49371df2f7acaf3e675"
-dependencies = [
- "crc-catalog",
-]
-
-[[package]]
-name = "crc-catalog"
-version = "2.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "19d374276b40fb8bbdee95aef7c7fa6b5316ec764510eb64b8dd0e2ed0d7e7f5"
-
[[package]]
name = "crc-fast"
-version = "1.9.0"
+version = "1.10.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2fd92aca2c6001b1bf5ba0ff84ee74ec8501b52bbef0cac80bf25a6c1d87a83d"
+checksum = "e75b2483e97a5a7da73ac68a05b629f9c53cff58d8ed1c77866079e18b00dba5"
dependencies = [
- "crc",
"digest",
- "rustversion",
"spin 0.10.0",
]
-[[package]]
-name = "crc32c"
-version = "0.6.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3a47af21622d091a8f0fb295b88bc886ac74efcc613efc19f5d0b21de5c89e47"
-dependencies = [
- "rustc_version",
-]
-
[[package]]
name = "crc32fast"
version = "1.5.0"
@@ -1201,12 +1174,6 @@ version = "0.1.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d9c4f5dac5e15c24eb999c26181a6ca40b39fe946cbe4c263c7209467bc83af2"
-[[package]]
-name = "foldhash"
-version = "0.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "77ce24cb58228fbb8aa041425bb1050850ac19177686ea6e0f41a70416f56fdb"
-
[[package]]
name = "form_urlencoded"
version = "1.2.2"
@@ -1311,7 +1278,7 @@ dependencies = [
[[package]]
name = "garage"
-version = "1.3.1"
+version = "2.2.0"
dependencies = [
"assert-json-diff",
"async-trait",
@@ -1322,7 +1289,7 @@ dependencies = [
"bytes",
"bytesize",
"chrono",
- "crc32fast",
+ "crc-fast",
"format_table",
"futures",
"garage_api_admin",
@@ -1351,7 +1318,6 @@ dependencies = [
"opentelemetry-otlp",
"opentelemetry-prometheus",
"parse_duration",
- "serde",
"serde_json",
"sha1",
"sha2",
@@ -1363,16 +1329,21 @@ dependencies = [
"tracing",
"tracing-journald",
"tracing-subscriber",
+ "utoipa",
]
[[package]]
name = "garage_api_admin"
-version = "1.3.1"
+version = "2.2.0"
dependencies = [
"argon2",
"async-trait",
+ "bytesize",
+ "chrono",
+ "format_table",
"futures",
"garage_api_common",
+ "garage_block",
"garage_model",
"garage_rpc",
"garage_table",
@@ -1382,6 +1353,7 @@ dependencies = [
"hyper 1.8.1",
"opentelemetry",
"opentelemetry-prometheus",
+ "paste",
"prometheus",
"serde",
"serde_json",
@@ -1389,17 +1361,17 @@ dependencies = [
"tokio",
"tracing",
"url",
+ "utoipa",
]
[[package]]
name = "garage_api_common"
-version = "1.3.1"
+version = "2.2.0"
dependencies = [
"base64 0.21.7",
"bytes",
"chrono",
- "crc32c",
- "crc32fast",
+ "crc-fast",
"crypto-common",
"futures",
"garage_model",
@@ -1427,7 +1399,7 @@ dependencies = [
[[package]]
name = "garage_api_k2v"
-version = "1.3.1"
+version = "2.2.0"
dependencies = [
"base64 0.21.7",
"futures",
@@ -1450,15 +1422,14 @@ dependencies = [
[[package]]
name = "garage_api_s3"
-version = "1.3.1"
+version = "2.2.0"
dependencies = [
"aes-gcm",
"async-compression",
"base64 0.21.7",
"bytes",
"chrono",
- "crc32c",
- "crc32fast",
+ "crc-fast",
"form_urlencoded",
"futures",
"garage_api_common",
@@ -1469,6 +1440,7 @@ dependencies = [
"garage_table",
"garage_util",
"hex",
+ "hmac",
"http 1.4.0",
"http-body-util",
"http-range",
@@ -1495,7 +1467,7 @@ dependencies = [
[[package]]
name = "garage_block"
-version = "1.3.1"
+version = "2.2.0"
dependencies = [
"arc-swap",
"async-compression",
@@ -1506,7 +1478,6 @@ dependencies = [
"garage_db",
"garage_net",
"garage_rpc",
- "garage_table",
"garage_util",
"hex",
"opentelemetry",
@@ -1520,7 +1491,7 @@ dependencies = [
[[package]]
name = "garage_db"
-version = "1.3.1"
+version = "2.2.0"
dependencies = [
"fjall",
"heed",
@@ -1535,8 +1506,9 @@ dependencies = [
[[package]]
name = "garage_model"
-version = "1.3.1"
+version = "2.2.0"
dependencies = [
+ "argon2",
"async-trait",
"base64 0.21.7",
"blake2",
@@ -1562,7 +1534,7 @@ dependencies = [
[[package]]
name = "garage_net"
-version = "1.3.1"
+version = "2.2.0"
dependencies = [
"arc-swap",
"bytes",
@@ -1587,7 +1559,7 @@ dependencies = [
[[package]]
name = "garage_rpc"
-version = "1.3.1"
+version = "2.2.0"
dependencies = [
"arc-swap",
"async-trait",
@@ -1619,7 +1591,7 @@ dependencies = [
[[package]]
name = "garage_table"
-version = "1.3.1"
+version = "2.2.0"
dependencies = [
"arc-swap",
"async-trait",
@@ -1640,7 +1612,7 @@ dependencies = [
[[package]]
name = "garage_util"
-version = "1.3.1"
+version = "2.2.0"
dependencies = [
"arc-swap",
"async-trait",
@@ -1672,7 +1644,7 @@ dependencies = [
[[package]]
name = "garage_web"
-version = "1.3.1"
+version = "2.2.0"
dependencies = [
"garage_api_common",
"garage_api_s3",
@@ -1834,7 +1806,9 @@ version = "0.15.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9229cfe53dfd69f0609a49f65461bd93001ea1ef889cd5529dd176593f5338a1"
dependencies = [
- "foldhash 0.1.5",
+ "allocator-api2",
+ "equivalent",
+ "foldhash",
]
[[package]]
@@ -1842,11 +1816,6 @@ name = "hashbrown"
version = "0.16.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "841d1cc9bed7f9236f321df977030373f4a4163ae1a7dbfe1a51a2c1a51d9100"
-dependencies = [
- "allocator-api2",
- "equivalent",
- "foldhash 0.2.0",
-]
[[package]]
name = "hashlink"
@@ -2304,6 +2273,8 @@ checksum = "7714e70437a7dc3ac8eb7e6f8df75fd8eb422675fc7678aff7364301092b1017"
dependencies = [
"equivalent",
"hashbrown 0.16.1",
+ "serde",
+ "serde_core",
]
[[package]]
@@ -2682,11 +2653,11 @@ checksum = "5e5032e24019045c762d3c0f28f5b6b8bbf38563a65908389bf7978758920897"
[[package]]
name = "lru"
-version = "0.16.3"
+version = "0.12.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a1dc47f592c06f33f8e3aea9591776ec7c9f9e4124778ff8a3c3b87159f7e593"
+checksum = "234cf4f4a04dc1f57e24b96cc0cd600cf2af460d4161ac5ecdd0af8e1f3b2a38"
dependencies = [
- "hashbrown 0.16.1",
+ "hashbrown 0.15.5",
]
[[package]]
@@ -3108,6 +3079,12 @@ dependencies = [
"subtle",
]
+[[package]]
+name = "paste"
+version = "1.0.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a"
+
[[package]]
name = "path-absolutize"
version = "3.1.1"
@@ -4832,6 +4809,29 @@ version = "0.2.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821"
+[[package]]
+name = "utoipa"
+version = "5.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2fcc29c80c21c31608227e0912b2d7fddba57ad76b606890627ba8ee7964e993"
+dependencies = [
+ "indexmap 2.13.0",
+ "serde",
+ "serde_json",
+ "utoipa-gen",
+]
+
+[[package]]
+name = "utoipa-gen"
+version = "5.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6d79d08d92ab8af4c5e8a6da20c47ae3f61a0f1dabc1997cdf2d082b757ca08b"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.114",
+]
+
[[package]]
name = "uuid"
version = "1.4.1"
diff --git a/Cargo.toml b/Cargo.toml
index df4005a3..7e4a3f64 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -24,22 +24,22 @@ default-members = ["src/garage"]
# Internal Garage crates
format_table = { version = "0.1.1", path = "src/format-table" }
-garage_api_common = { version = "1.3.1", path = "src/api/common" }
-garage_api_admin = { version = "1.3.1", path = "src/api/admin" }
-garage_api_s3 = { version = "1.3.1", path = "src/api/s3" }
-garage_api_k2v = { version = "1.3.1", path = "src/api/k2v" }
-garage_block = { version = "1.3.1", path = "src/block" }
-garage_db = { version = "1.3.1", path = "src/db", default-features = false }
-garage_model = { version = "1.3.1", path = "src/model", default-features = false }
-garage_net = { version = "1.3.1", path = "src/net" }
-garage_rpc = { version = "1.3.1", path = "src/rpc" }
-garage_table = { version = "1.3.1", path = "src/table" }
-garage_util = { version = "1.3.1", path = "src/util" }
-garage_web = { version = "1.3.1", path = "src/web" }
+garage_api_common = { version = "2.2.0", path = "src/api/common" }
+garage_api_admin = { version = "2.2.0", path = "src/api/admin" }
+garage_api_s3 = { version = "2.2.0", path = "src/api/s3" }
+garage_api_k2v = { version = "2.2.0", path = "src/api/k2v" }
+garage_block = { version = "2.2.0", path = "src/block" }
+garage_db = { version = "2.2.0", path = "src/db", default-features = false }
+garage_model = { version = "2.2.0", path = "src/model", default-features = false }
+garage_net = { version = "2.2.0", path = "src/net" }
+garage_rpc = { version = "2.2.0", path = "src/rpc" }
+garage_table = { version = "2.2.0", path = "src/table" }
+garage_util = { version = "2.2.0", path = "src/util" }
+garage_web = { version = "2.2.0", path = "src/web" }
k2v-client = { version = "0.0.4", path = "src/k2v-client" }
# External crates from crates.io
-arc-swap = "1.0"
+arc-swap = "1.1"
argon2 = "0.5"
async-trait = "0.1.7"
backtrace = "0.3"
@@ -48,9 +48,8 @@ blake2 = "0.10"
bytes = "1.0"
bytesize = "1.1"
cfg-if = "1.0"
-chrono = "0.4"
-crc32fast = "1.4"
-crc32c = "0.6"
+chrono = { version = "0.4", features = ["serde"] }
+crc-fast = "1.6"
crypto-common = "0.1"
gethostname = "0.4"
git-version = "0.3.4"
@@ -66,6 +65,7 @@ nix = { version = "0.29", default-features = false, features = ["fs"] }
nom = "7.1"
parking_lot = "0.12"
parse_duration = "2.1"
+paste = "1.0"
pin-project = "1.0.12"
pnet_datalink = "0.34"
rand = "0.8"
@@ -95,12 +95,13 @@ fjall = "2.4"
async-compression = { version = "0.4", features = ["tokio", "zstd"] }
zstd = { version = "0.13", default-features = false }
-quick-xml = { version = "0.26", features = [ "serialize" ] }
+quick-xml = { version = "0.26", features = ["serialize"] }
rmp-serde = "1.1.2"
serde = { version = "1.0", default-features = false, features = ["derive", "rc"] }
serde_bytes = "0.11"
serde_json = "1.0"
toml = { version = "0.8", default-features = false, features = ["parse"] }
+utoipa = { version = "5.3.1", features = ["chrono"] }
# newer version requires rust edition 2021
k8s-openapi = { version = "0.21", features = ["v1_24"] }
@@ -114,7 +115,7 @@ httpdate = "1.0"
http-range = "0.1"
http-body-util = "0.1"
hyper = { version = "1.0", default-features = false }
-hyper-util = { version = "0.1", features = [ "full" ] }
+hyper-util = { version = "0.1", features = ["full"] }
multer = "3.0"
percent-encoding = "2.2"
roxmltree = "0.19"
@@ -122,11 +123,11 @@ url = "2.3"
futures = "0.3"
futures-util = "0.3"
-tokio = { version = "1.0", default-features = false, features = ["net", "rt", "rt-multi-thread", "io-util", "net", "time", "macros", "sync", "signal", "fs"] }
+tokio = { version = "1.0", default-features = false, features = ["rt", "rt-multi-thread", "io-util", "net", "time", "macros", "sync", "signal", "fs"] }
tokio-util = { version = "0.7", features = ["compat", "io"] }
tokio-stream = { version = "0.1", features = ["net"] }
-opentelemetry = { version = "0.17", features = [ "rt-tokio", "metrics", "trace" ] }
+opentelemetry = { version = "0.17", features = ["rt-tokio", "metrics", "trace"] }
opentelemetry-prometheus = "0.10"
opentelemetry-otlp = "0.10"
opentelemetry-contrib = "0.9"
@@ -146,8 +147,12 @@ aws-smithy-runtime = { version = "1.8", default-features = false, features = ["t
aws-sdk-config = { version = "1.62", default-features = false }
aws-sdk-s3 = { version = "1.79", default-features = false, features = ["rt-tokio"] }
+[profile.dev]
+#lto = "thin" # disabled for now, adds 2-4 min to each CI build
+lto = "off"
+
[profile.release]
-lto = "thin"
-codegen-units = 16
+lto = true
+codegen-units = 1
opt-level = 3
-strip = "debuginfo"
+strip = true
diff --git a/doc/api/garage-admin-v0.html b/doc/api/garage-admin-v0.html
index dbdd9e1c..7eb11f25 100644
--- a/doc/api/garage-admin-v0.html
+++ b/doc/api/garage-admin-v0.html
@@ -1,7 +1,7 @@
- Garage Adminstration API v0
+ Garage administration API v0
diff --git a/doc/api/garage-admin-v0.yml b/doc/api/garage-admin-v0.yml
index 83316d93..d2e05a42 100644
--- a/doc/api/garage-admin-v0.yml
+++ b/doc/api/garage-admin-v0.yml
@@ -3,10 +3,10 @@ info:
version: v0.8.0
title: Garage Administration API v0+garage-v0.8.0
description: |
- Administrate your Garage cluster programatically, including status, layout, keys, buckets, and maintainance tasks.
-
- *Disclaimer: The API is not stable yet, hence its v0 tag. The API can change at any time, and changes can include breaking backward compatibility. Read the changelog and upgrade your scripts before upgrading. Additionnaly, this specification is very early stage and can contain bugs, especially on error return codes/types that are not tested yet. Do not expect a well finished and polished product!*
-paths:
+ Administrate your Garage cluster programmatically, including status, layout, keys, buckets, and maintenance tasks.
+
+ *Disclaimer: The API is not stable yet, hence its v0 tag. The API can change at any time, and changes can include breaking backward compatibility. Read the changelog and upgrade your scripts before upgrading. Additionally, this specification is very early stage and can contain bugs, especially on error return codes/types that are not tested yet. Do not expect a well finished and polished product!*
+paths:
/status:
get:
tags:
diff --git a/doc/api/garage-admin-v1.html b/doc/api/garage-admin-v1.html
index 783d459e..e98306b8 100644
--- a/doc/api/garage-admin-v1.html
+++ b/doc/api/garage-admin-v1.html
@@ -1,7 +1,7 @@
- Garage Adminstration API v0
+ Garage administration API v1
diff --git a/doc/api/garage-admin-v1.yml b/doc/api/garage-admin-v1.yml
index a70dc97b..90465890 100644
--- a/doc/api/garage-admin-v1.yml
+++ b/doc/api/garage-admin-v1.yml
@@ -3,10 +3,10 @@ info:
version: v0.9.0
title: Garage Administration API v0+garage-v0.9.0
description: |
- Administrate your Garage cluster programatically, including status, layout, keys, buckets, and maintainance tasks.
-
- *Disclaimer: The API is not stable yet, hence its v0 tag. The API can change at any time, and changes can include breaking backward compatibility. Read the changelog and upgrade your scripts before upgrading. Additionnaly, this specification is very early stage and can contain bugs, especially on error return codes/types that are not tested yet. Do not expect a well finished and polished product!*
-paths:
+ Administrate your Garage cluster programmatically, including status, layout, keys, buckets, and maintenance tasks.
+
+ *Disclaimer: The API is not stable yet, hence its v0 tag. The API can change at any time, and changes can include breaking backward compatibility. Read the changelog and upgrade your scripts before upgrading. Additionally, this specification is very early stage and can contain bugs, especially on error return codes/types that are not tested yet. Do not expect a well finished and polished product!*
+paths:
/health:
get:
tags:
@@ -440,7 +440,7 @@ paths:
- "false"
example: "true"
required: false
- description: "Wether or not the secret key should be returned in the response"
+ description: "Whether or not the secret key should be returned in the response"
responses:
'500':
description: "The server can not handle your request. Check your connectivity with the rest of the cluster."
diff --git a/doc/api/garage-admin-v2.html b/doc/api/garage-admin-v2.html
new file mode 100644
index 00000000..b079e760
--- /dev/null
+++ b/doc/api/garage-admin-v2.html
@@ -0,0 +1,24 @@
+
+
+
+ Garage administration API v2
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc/api/garage-admin-v2.json b/doc/api/garage-admin-v2.json
new file mode 100644
index 00000000..15059ce4
--- /dev/null
+++ b/doc/api/garage-admin-v2.json
@@ -0,0 +1,4430 @@
+{
+ "openapi": "3.1.0",
+ "info": {
+ "title": "Garage administration API",
+ "description": "Administrate your Garage cluster programmatically, including status, layout, keys, buckets, and maintenance tasks.\n\n*Disclaimer: This API may change in future Garage versions. Read the changelog and upgrade your scripts before upgrading. Additionally, this specification is early stage and can contain bugs, so be careful and please report any issues on our issue tracker.*",
+ "contact": {
+ "name": "The Garage team",
+ "url": "https://garagehq.deuxfleurs.fr/",
+ "email": "garagehq@deuxfleurs.fr"
+ },
+ "license": {
+ "name": "AGPL-3.0",
+ "identifier": "AGPL-3.0"
+ },
+ "version": "v2.2.0"
+ },
+ "servers": [
+ {
+ "url": "http://localhost:3903/",
+ "description": "A local server"
+ }
+ ],
+ "paths": {
+ "/check": {
+ "get": {
+ "tags": [
+ "Special endpoints"
+ ],
+ "description": "\nStatic website domain name check. Checks whether a bucket is configured to serve\na static website for the requested domain. This is used by reverse proxies such\nas Caddy or Tricot, to avoid requesting TLS certificates for domain names that\ndo not correspond to an actual website.\n ",
+ "operationId": "CheckDomain",
+ "parameters": [
+ {
+ "name": "domain",
+ "in": "query",
+ "description": "The domain name to check for",
+ "required": true,
+ "schema": {
+ "type": "string"
+ }
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "The domain name redirects to a static website bucket"
+ },
+ "400": {
+ "description": "No static website bucket exists for this domain"
+ }
+ },
+ "security": [
+ {}
+ ]
+ }
+ },
+ "/health": {
+ "get": {
+ "tags": [
+ "Special endpoints"
+ ],
+ "description": "\nCheck cluster health. The status code returned by this function indicates\nwhether this Garage daemon can answer API requests.\nGarage will return `200 OK` even if some storage nodes are disconnected,\nas long as it is able to have a quorum of nodes for read and write operations.\n ",
+ "operationId": "Health",
+ "responses": {
+ "200": {
+ "description": "Garage is able to answer requests"
+ },
+ "503": {
+ "description": "This Garage daemon is not able to handle requests"
+ }
+ },
+ "security": [
+ {}
+ ]
+ }
+ },
+ "/metrics": {
+ "get": {
+ "tags": [
+ "Special endpoints"
+ ],
+ "description": "Prometheus metrics endpoint",
+ "operationId": "Metrics",
+ "responses": {
+ "200": {
+ "description": "Garage daemon metrics exported in Prometheus format"
+ }
+ },
+ "security": [
+ {},
+ {
+ "bearerAuth": []
+ }
+ ]
+ }
+ },
+ "/v2/AddBucketAlias": {
+ "post": {
+ "tags": [
+ "Bucket alias"
+ ],
+ "description": "Add an alias for the target bucket. This can be either a global or a local alias, depending on which fields are specified.",
+ "operationId": "AddBucketAlias",
+ "requestBody": {
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/BucketAliasEnum"
+ }
+ }
+ },
+ "required": true
+ },
+ "responses": {
+ "200": {
+ "description": "Returns exhaustive information about the bucket",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/AddBucketAliasResponse"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/AllowBucketKey": {
+ "post": {
+ "tags": [
+ "Permission"
+ ],
+ "description": "\n⚠️ **DISCLAIMER**: Garage's developers are aware that this endpoint has an unconventional semantic. Be extra careful when implementing it, its behavior is not obvious.\n\nAllows a key to do read/write/owner operations on a bucket.\n\nFlags in permissions which have the value true will be activated. Other flags will remain unchanged (ie. they will keep their internal value).\n\nFor example, if you set read to true, the key will be allowed to read the bucket.\nIf you set it to false, the key will keeps its previous read permission.\nIf you want to disallow read for the key, check the DenyBucketKey operation.\n ",
+ "operationId": "AllowBucketKey",
+ "requestBody": {
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/AllowBucketKeyRequest"
+ }
+ }
+ },
+ "required": true
+ },
+ "responses": {
+ "200": {
+ "description": "Returns exhaustive information about the bucket",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/AllowBucketKeyResponse"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/ApplyClusterLayout": {
+ "post": {
+ "tags": [
+ "Cluster layout"
+ ],
+ "description": "\nApplies to the cluster the layout changes currently registered as staged layout changes.\n\n*Note: do not try to parse the `message` field of the response, it is given as an array of string specifically because its format is not stable.*\n ",
+ "operationId": "ApplyClusterLayout",
+ "requestBody": {
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/ApplyClusterLayoutRequest"
+ }
+ }
+ },
+ "required": true
+ },
+ "responses": {
+ "200": {
+ "description": "The updated cluster layout has been applied in the cluster",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/ApplyClusterLayoutResponse"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/CleanupIncompleteUploads": {
+ "post": {
+ "tags": [
+ "Bucket"
+ ],
+ "description": "Removes all incomplete multipart uploads that are older than the specified number of seconds.",
+ "operationId": "CleanupIncompleteUploads",
+ "requestBody": {
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/CleanupIncompleteUploadsRequest"
+ }
+ }
+ },
+ "required": true
+ },
+ "responses": {
+ "200": {
+ "description": "The bucket was cleaned up successfully",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/CleanupIncompleteUploadsResponse"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/ClusterLayoutSkipDeadNodes": {
+ "post": {
+ "tags": [
+ "Cluster layout"
+ ],
+ "description": "Force progress in layout update trackers",
+ "operationId": "ClusterLayoutSkipDeadNodes",
+ "requestBody": {
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/ClusterLayoutSkipDeadNodesRequest"
+ }
+ }
+ },
+ "required": true
+ },
+ "responses": {
+ "200": {
+ "description": "Request has been taken into account",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/ClusterLayoutSkipDeadNodesResponse"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/ConnectClusterNodes": {
+ "post": {
+ "tags": [
+ "Cluster"
+ ],
+ "description": "Instructs this Garage node to connect to other Garage nodes at specified `@`. `node_id` is generated automatically on node start.",
+ "operationId": "ConnectClusterNodes",
+ "requestBody": {
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/ConnectClusterNodesRequest"
+ }
+ }
+ },
+ "required": true
+ },
+ "responses": {
+ "200": {
+ "description": "The request has been handled correctly but it does not mean that all connection requests succeeded; some might have fail, you need to check the body!",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/ConnectClusterNodesResponse"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/CreateAdminToken": {
+ "post": {
+ "tags": [
+ "Admin API token"
+ ],
+ "description": "Creates a new admin API token",
+ "operationId": "CreateAdminToken",
+ "requestBody": {
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/UpdateAdminTokenRequestBody"
+ }
+ }
+ },
+ "required": true
+ },
+ "responses": {
+ "200": {
+ "description": "Admin token has been created",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/CreateAdminTokenResponse"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/CreateBucket": {
+ "post": {
+ "tags": [
+ "Bucket"
+ ],
+ "description": "\nCreates a new bucket, either with a global alias, a local one, or no alias at all.\nTechnically, you can also specify both `globalAlias` and `localAlias` and that would create two aliases.\n ",
+ "operationId": "CreateBucket",
+ "requestBody": {
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/CreateBucketRequest"
+ }
+ }
+ },
+ "required": true
+ },
+ "responses": {
+ "200": {
+ "description": "Returns exhaustive information about the bucket",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/CreateBucketResponse"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/CreateKey": {
+ "post": {
+ "tags": [
+ "Access key"
+ ],
+ "description": "Creates a new API access key.",
+ "operationId": "CreateKey",
+ "requestBody": {
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/CreateKeyRequest"
+ }
+ }
+ },
+ "required": true
+ },
+ "responses": {
+ "200": {
+ "description": "Access key has been created",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/CreateKeyResponse"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/CreateMetadataSnapshot": {
+ "post": {
+ "tags": [
+ "Node"
+ ],
+ "description": "\nInstruct one or several nodes to take a snapshot of their metadata databases.\n ",
+ "operationId": "CreateMetadataSnapshot",
+ "parameters": [
+ {
+ "name": "node",
+ "in": "query",
+ "description": "Node ID to query, or `*` for all nodes, or `self` for the node responding to the request",
+ "required": true,
+ "schema": {
+ "type": "string"
+ }
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "Responses from individual cluster nodes",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/MultiResponse_LocalCreateMetadataSnapshotResponse"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/DeleteAdminToken": {
+ "post": {
+ "tags": [
+ "Admin API token"
+ ],
+ "description": "Delete an admin API token from the cluster, revoking all its permissions.",
+ "operationId": "DeleteAdminToken",
+ "parameters": [
+ {
+ "name": "id",
+ "in": "query",
+ "description": "Admin API token ID",
+ "required": true,
+ "schema": {
+ "type": "string"
+ }
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "Admin token has been deleted"
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/DeleteBucket": {
+ "post": {
+ "tags": [
+ "Bucket"
+ ],
+ "description": "\nDeletes a storage bucket. A bucket cannot be deleted if it is not empty.\n\n**Warning:** this will delete all aliases associated with the bucket!\n ",
+ "operationId": "DeleteBucket",
+ "parameters": [
+ {
+ "name": "id",
+ "in": "query",
+ "description": "ID of the bucket to delete",
+ "required": true,
+ "schema": {
+ "type": "string"
+ }
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "Bucket has been deleted"
+ },
+ "400": {
+ "description": "Bucket is not empty"
+ },
+ "404": {
+ "description": "Bucket not found"
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/DeleteKey": {
+ "post": {
+ "tags": [
+ "Access key"
+ ],
+ "description": "Delete a key from the cluster. Its access will be removed from all the buckets. Buckets are not automatically deleted and can be dangling. You should manually delete them before. ",
+ "operationId": "DeleteKey",
+ "parameters": [
+ {
+ "name": "id",
+ "in": "query",
+ "description": "Access key ID",
+ "required": true,
+ "schema": {
+ "type": "string"
+ }
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "Access key has been deleted"
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/DenyBucketKey": {
+ "post": {
+ "tags": [
+ "Permission"
+ ],
+ "description": "\n⚠️ **DISCLAIMER**: Garage's developers are aware that this endpoint has an unconventional semantic. Be extra careful when implementing it, its behavior is not obvious.\n\nDenies a key from doing read/write/owner operations on a bucket.\n\nFlags in permissions which have the value true will be deactivated. Other flags will remain unchanged.\n\nFor example, if you set read to true, the key will be denied from reading.\nIf you set read to false, the key will keep its previous permissions.\nIf you want the key to have the reading permission, check the AllowBucketKey operation.\n ",
+ "operationId": "DenyBucketKey",
+ "requestBody": {
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/DenyBucketKeyRequest"
+ }
+ }
+ },
+ "required": true
+ },
+ "responses": {
+ "200": {
+ "description": "Returns exhaustive information about the bucket",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/DenyBucketKeyResponse"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/GetAdminTokenInfo": {
+ "get": {
+ "tags": [
+ "Admin API token"
+ ],
+ "description": "\nReturn information about a specific admin API token.\nYou can search by specifying the exact token identifier (`id`) or by specifying a pattern (`search`).\n ",
+ "operationId": "GetAdminTokenInfo",
+ "parameters": [
+ {
+ "name": "id",
+ "in": "query",
+ "description": "Admin API token ID",
+ "required": false,
+ "schema": {
+ "type": "string"
+ }
+ },
+ {
+ "name": "search",
+ "in": "query",
+ "description": "Partial token ID or name to search for",
+ "required": false,
+ "schema": {
+ "type": "string"
+ }
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "Information about the admin token",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/GetAdminTokenInfoResponse"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/GetBlockInfo": {
+ "post": {
+ "tags": [
+ "Block"
+ ],
+ "description": "\nGet detailed information about a data block stored on a Garage node, including all object versions and in-progress multipart uploads that contain a reference to this block.\n ",
+ "operationId": "GetBlockInfo",
+ "parameters": [
+ {
+ "name": "node",
+ "in": "query",
+ "description": "Node ID to query, or `*` for all nodes, or `self` for the node responding to the request",
+ "required": true,
+ "schema": {
+ "type": "string"
+ }
+ }
+ ],
+ "requestBody": {
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/LocalGetBlockInfoRequest"
+ }
+ }
+ },
+ "required": true
+ },
+ "responses": {
+ "200": {
+ "description": "Detailed block information",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/MultiResponse_LocalGetBlockInfoResponse"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/GetBucketInfo": {
+ "get": {
+ "tags": [
+ "Bucket"
+ ],
+ "description": "\nGiven a bucket identifier (`id`) or a global alias (`alias`), get its information.\nIt includes its aliases, its web configuration, keys that have some permissions\non it, some statistics (number of objects, size), number of dangling multipart uploads,\nand its quotas (if any).\n ",
+ "operationId": "GetBucketInfo",
+ "parameters": [
+ {
+ "name": "id",
+ "in": "query",
+ "description": "Exact bucket ID to look up",
+ "required": false,
+ "schema": {
+ "type": "string"
+ }
+ },
+ {
+ "name": "globalAlias",
+ "in": "query",
+ "description": "Global alias of bucket to look up",
+ "required": false,
+ "schema": {
+ "type": "string"
+ }
+ },
+ {
+ "name": "search",
+ "in": "query",
+ "description": "Partial ID or alias to search for",
+ "required": false,
+ "schema": {
+ "type": "string"
+ }
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "Returns exhaustive information about the bucket",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/GetBucketInfoResponse"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/GetClusterHealth": {
+ "get": {
+ "tags": [
+ "Cluster"
+ ],
+ "description": "Returns the global status of the cluster, the number of connected nodes (over the number of known ones), the number of healthy storage nodes (over the declared ones), and the number of healthy partitions (over the total).",
+ "operationId": "GetClusterHealth",
+ "responses": {
+ "200": {
+ "description": "Cluster health report",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/GetClusterHealthResponse"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "/v2/GetClusterLayout": {
+ "get": {
+ "tags": [
+ "Cluster layout"
+ ],
+ "description": "\nReturns the cluster's current layout, including:\n\n- Currently configured cluster layout\n- Staged changes to the cluster layout\n\n*Capacity is given in bytes*\n ",
+ "operationId": "GetClusterLayout",
+ "responses": {
+ "200": {
+ "description": "Current cluster layout",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/GetClusterLayoutResponse"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/GetClusterLayoutHistory": {
+ "get": {
+ "tags": [
+ "Cluster layout"
+ ],
+ "description": "\nReturns the history of layouts in the cluster\n ",
+ "operationId": "GetClusterLayoutHistory",
+ "responses": {
+ "200": {
+ "description": "Cluster layout history",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/GetClusterLayoutHistoryResponse"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/GetClusterStatistics": {
+ "get": {
+ "tags": [
+ "Cluster"
+ ],
+ "description": "\nFetch global cluster statistics.\n\n*Note: do not try to parse the `freeform` field of the response, it is given as a string specifically because its format is not stable.*\n ",
+ "operationId": "GetClusterStatistics",
+ "responses": {
+ "200": {
+ "description": "Global cluster statistics",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/GetClusterStatisticsResponse"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/GetClusterStatus": {
+ "get": {
+ "tags": [
+ "Cluster"
+ ],
+ "description": "\nReturns the cluster's current status, including:\n\n- ID of the node being queried and its version of the Garage daemon\n- Live nodes\n- Currently configured cluster layout\n- Staged changes to the cluster layout\n\n*Capacity is given in bytes*\n ",
+ "operationId": "GetClusterStatus",
+ "responses": {
+ "200": {
+ "description": "Cluster status report",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/GetClusterStatusResponse"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/GetCurrentAdminTokenInfo": {
+ "get": {
+ "tags": [
+ "Admin API token"
+ ],
+ "description": "\nReturn information about the calling admin API token.\n ",
+ "operationId": "GetCurrentAdminTokenInfo",
+ "responses": {
+ "200": {
+ "description": "Information about the admin token",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/GetCurrentAdminTokenInfoResponse"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/GetKeyInfo": {
+ "get": {
+ "tags": [
+ "Access key"
+ ],
+ "description": "\nReturn information about a specific key like its identifiers, its permissions and buckets on which it has permissions.\nYou can search by specifying the exact key identifier (`id`) or by specifying a pattern (`search`).\n\nFor confidentiality reasons, the secret key is not returned by default: you must pass the `showSecretKey` query parameter to get it.\n ",
+ "operationId": "GetKeyInfo",
+ "parameters": [
+ {
+ "name": "id",
+ "in": "query",
+ "description": "Access key ID",
+ "required": false,
+ "schema": {
+ "type": "string"
+ }
+ },
+ {
+ "name": "search",
+ "in": "query",
+ "description": "Partial key ID or name to search for",
+ "required": false,
+ "schema": {
+ "type": "string"
+ }
+ },
+ {
+ "name": "showSecretKey",
+ "in": "query",
+ "description": "Whether to return the secret access key",
+ "required": false,
+ "schema": {
+ "type": "boolean"
+ }
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "Information about the access key",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/GetKeyInfoResponse"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/GetNodeInfo": {
+ "get": {
+ "tags": [
+ "Node"
+ ],
+ "description": "\nReturn information about the Garage daemon running on one or several nodes.\n ",
+ "operationId": "GetNodeInfo",
+ "parameters": [
+ {
+ "name": "node",
+ "in": "query",
+ "description": "Node ID to query, or `*` for all nodes, or `self` for the node responding to the request",
+ "required": true,
+ "schema": {
+ "type": "string"
+ }
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "Responses from individual cluster nodes",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/MultiResponse_LocalGetNodeInfoResponse"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/GetNodeStatistics": {
+ "get": {
+ "tags": [
+ "Node"
+ ],
+ "description": "\nFetch statistics for one or several Garage nodes.\n\n*Note: do not try to parse the `freeform` field of the response, it is given as a string specifically because its format is not stable.*\n ",
+ "operationId": "GetNodeStatistics",
+ "parameters": [
+ {
+ "name": "node",
+ "in": "query",
+ "description": "Node ID to query, or `*` for all nodes, or `self` for the node responding to the request",
+ "required": true,
+ "schema": {
+ "type": "string"
+ }
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "Responses from individual cluster nodes",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/MultiResponse_LocalGetNodeStatisticsResponse"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/GetWorkerInfo": {
+ "post": {
+ "tags": [
+ "Worker"
+ ],
+ "description": "\nGet information about the specified background worker on one or several cluster nodes.\n ",
+ "operationId": "GetWorkerInfo",
+ "parameters": [
+ {
+ "name": "node",
+ "in": "query",
+ "description": "Node ID to query, or `*` for all nodes, or `self` for the node responding to the request",
+ "required": true,
+ "schema": {
+ "type": "string"
+ }
+ }
+ ],
+ "requestBody": {
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/LocalGetWorkerInfoRequest"
+ }
+ }
+ },
+ "required": true
+ },
+ "responses": {
+ "200": {
+ "description": "Responses from individual cluster nodes",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/MultiResponse_LocalGetWorkerInfoResponse"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/GetWorkerVariable": {
+ "post": {
+ "tags": [
+ "Worker"
+ ],
+ "description": "\nFetch values of one or several worker variables, from one or several cluster nodes.\n ",
+ "operationId": "GetWorkerVariable",
+ "parameters": [
+ {
+ "name": "node",
+ "in": "query",
+ "description": "Node ID to query, or `*` for all nodes, or `self` for the node responding to the request",
+ "required": true,
+ "schema": {
+ "type": "string"
+ }
+ }
+ ],
+ "requestBody": {
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/LocalGetWorkerVariableRequest"
+ }
+ }
+ },
+ "required": true
+ },
+ "responses": {
+ "200": {
+ "description": "Responses from individual cluster nodes",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/MultiResponse_LocalGetWorkerVariableResponse"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/ImportKey": {
+ "post": {
+ "tags": [
+ "Access key"
+ ],
+ "description": "\nImports an existing API key. This feature must only be used for migrations and backup restore.\n\n**Do not use it to generate custom key identifiers or you will break your Garage cluster.**\n ",
+ "operationId": "ImportKey",
+ "requestBody": {
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/ImportKeyRequest"
+ }
+ }
+ },
+ "required": true
+ },
+ "responses": {
+ "200": {
+ "description": "Access key has been imported",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/ImportKeyResponse"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/InspectObject": {
+ "get": {
+ "tags": [
+ "Bucket"
+ ],
+ "description": "\nReturns detailed information about an object in a bucket, including its internal state in Garage.\n\nThis API call can be used to list the data blocks referenced by an object,\nas well as to view metadata associated to the object.\n\nThis call may return a list of more than one version for the object, for instance in the\ncase where there is a currently stored version of the object, and a newer version whose\nupload is in progress and not yet finished.\n ",
+ "operationId": "InspectObject",
+ "parameters": [
+ {
+ "name": "bucketId",
+ "in": "query",
+ "required": true,
+ "schema": {
+ "type": "string"
+ }
+ },
+ {
+ "name": "key",
+ "in": "query",
+ "required": true,
+ "schema": {
+ "type": "string"
+ }
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "Returns exhaustive information about the object",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/InspectObjectResponse"
+ }
+ }
+ }
+ },
+ "404": {
+ "description": "Object not found"
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/LaunchRepairOperation": {
+ "post": {
+ "tags": [
+ "Node"
+ ],
+ "description": "\nLaunch a repair operation on one or several cluster nodes.\n ",
+ "operationId": "LaunchRepairOperation",
+ "parameters": [
+ {
+ "name": "node",
+ "in": "query",
+ "description": "Node ID to query, or `*` for all nodes, or `self` for the node responding to the request",
+ "required": true,
+ "schema": {
+ "type": "string"
+ }
+ }
+ ],
+ "requestBody": {
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/LocalLaunchRepairOperationRequest"
+ }
+ }
+ },
+ "required": true
+ },
+ "responses": {
+ "200": {
+ "description": "Responses from individual cluster nodes",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/MultiResponse_LocalLaunchRepairOperationResponse"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/ListAdminTokens": {
+ "get": {
+ "tags": [
+ "Admin API token"
+ ],
+ "description": "Returns all admin API tokens in the cluster.",
+ "operationId": "ListAdminTokens",
+ "responses": {
+ "200": {
+ "description": "Returns info about all admin API tokens",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/ListAdminTokensResponse"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/ListBlockErrors": {
+ "get": {
+ "tags": [
+ "Block"
+ ],
+ "description": "\nList data blocks that are currently in an errored state on one or several Garage nodes.\n ",
+ "operationId": "ListBlockErrors",
+ "parameters": [
+ {
+ "name": "node",
+ "in": "query",
+ "description": "Node ID to query, or `*` for all nodes, or `self` for the node responding to the request",
+ "required": true,
+ "schema": {
+ "type": "string"
+ }
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "Responses from individual cluster nodes",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/MultiResponse_LocalListBlockErrorsResponse"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/ListBuckets": {
+ "get": {
+ "tags": [
+ "Bucket"
+ ],
+ "description": "List all the buckets on the cluster with their UUID and their global and local aliases.",
+ "operationId": "ListBuckets",
+ "responses": {
+ "200": {
+ "description": "Returns the UUID of all the buckets and all their aliases",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/ListBucketsResponse"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/ListKeys": {
+ "get": {
+ "tags": [
+ "Access key"
+ ],
+ "description": "Returns all API access keys in the cluster.",
+ "operationId": "ListKeys",
+ "responses": {
+ "200": {
+ "description": "Returns the key identifier (aka `AWS_ACCESS_KEY_ID`) and its associated, human friendly, name if any (otherwise return an empty string)",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/ListKeysResponse"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/ListWorkers": {
+ "post": {
+ "tags": [
+ "Worker"
+ ],
+ "description": "\nList background workers currently running on one or several cluster nodes.\n ",
+ "operationId": "ListWorkers",
+ "parameters": [
+ {
+ "name": "node",
+ "in": "query",
+ "description": "Node ID to query, or `*` for all nodes, or `self` for the node responding to the request",
+ "required": true,
+ "schema": {
+ "type": "string"
+ }
+ }
+ ],
+ "requestBody": {
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/LocalListWorkersRequest"
+ }
+ }
+ },
+ "required": true
+ },
+ "responses": {
+ "200": {
+ "description": "Responses from individual cluster nodes",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/MultiResponse_LocalListWorkersResponse"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/PreviewClusterLayoutChanges": {
+ "post": {
+ "tags": [
+ "Cluster layout"
+ ],
+ "description": "\nComputes a new layout taking into account the staged parameters, and returns it with detailed statistics. The new layout is not applied in the cluster.\n\n*Note: do not try to parse the `message` field of the response, it is given as an array of string specifically because its format is not stable.*\n ",
+ "operationId": "PreviewClusterLayoutChanges",
+ "responses": {
+ "200": {
+ "description": "Information about the new layout",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/PreviewClusterLayoutChangesResponse"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/PurgeBlocks": {
+ "post": {
+ "tags": [
+ "Block"
+ ],
+ "description": "\nPurge references to one or several missing data blocks.\n\nThis will remove all objects and in-progress multipart uploads that contain the specified data block(s). The objects will be permanently deleted from the buckets in which they appear. Use with caution.\n ",
+ "operationId": "PurgeBlocks",
+ "parameters": [
+ {
+ "name": "node",
+ "in": "query",
+ "description": "Node ID to query, or `*` for all nodes, or `self` for the node responding to the request",
+ "required": true,
+ "schema": {
+ "type": "string"
+ }
+ }
+ ],
+ "requestBody": {
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/LocalPurgeBlocksRequest"
+ }
+ }
+ },
+ "required": true
+ },
+ "responses": {
+ "200": {
+ "description": "Responses from individual cluster nodes",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/MultiResponse_LocalPurgeBlocksResponse"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/RemoveBucketAlias": {
+ "post": {
+ "tags": [
+ "Bucket alias"
+ ],
+ "description": "Remove an alias for the target bucket. This can be either a global or a local alias, depending on which fields are specified.",
+ "operationId": "RemoveBucketAlias",
+ "requestBody": {
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/BucketAliasEnum"
+ }
+ }
+ },
+ "required": true
+ },
+ "responses": {
+ "200": {
+ "description": "Returns exhaustive information about the bucket",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/RemoveBucketAliasResponse"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/RetryBlockResync": {
+ "post": {
+ "tags": [
+ "Block"
+ ],
+ "description": "\nInstruct Garage node(s) to retry the resynchronization of one or several missing data block(s).\n ",
+ "operationId": "RetryBlockResync",
+ "parameters": [
+ {
+ "name": "node",
+ "in": "query",
+ "description": "Node ID to query, or `*` for all nodes, or `self` for the node responding to the request",
+ "required": true,
+ "schema": {
+ "type": "string"
+ }
+ }
+ ],
+ "requestBody": {
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/LocalRetryBlockResyncRequest"
+ }
+ }
+ },
+ "required": true
+ },
+ "responses": {
+ "200": {
+ "description": "Responses from individual cluster nodes",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/MultiResponse_LocalRetryBlockResyncResponse"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/RevertClusterLayout": {
+ "post": {
+ "tags": [
+ "Cluster layout"
+ ],
+ "description": "Clear staged layout changes",
+ "operationId": "RevertClusterLayout",
+ "responses": {
+ "200": {
+ "description": "All pending changes to the cluster layout have been erased",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/RevertClusterLayoutResponse"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/SetWorkerVariable": {
+ "post": {
+ "tags": [
+ "Worker"
+ ],
+ "description": "\nSet the value for a worker variable, on one or several cluster nodes.\n ",
+ "operationId": "SetWorkerVariable",
+ "parameters": [
+ {
+ "name": "node",
+ "in": "query",
+ "description": "Node ID to query, or `*` for all nodes, or `self` for the node responding to the request",
+ "required": true,
+ "schema": {
+ "type": "string"
+ }
+ }
+ ],
+ "requestBody": {
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/LocalSetWorkerVariableRequest"
+ }
+ }
+ },
+ "required": true
+ },
+ "responses": {
+ "200": {
+ "description": "Responses from individual cluster nodes",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/MultiResponse_LocalSetWorkerVariableResponse"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/UpdateAdminToken": {
+ "post": {
+ "tags": [
+ "Admin API token"
+ ],
+ "description": "\nUpdates information about the specified admin API token.\n ",
+ "operationId": "UpdateAdminToken",
+ "parameters": [
+ {
+ "name": "id",
+ "in": "query",
+ "description": "Admin API token ID",
+ "required": true,
+ "schema": {
+ "type": "string"
+ }
+ }
+ ],
+ "requestBody": {
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/UpdateAdminTokenRequestBody"
+ }
+ }
+ },
+ "required": true
+ },
+ "responses": {
+ "200": {
+ "description": "Admin token has been updated",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/UpdateAdminTokenResponse"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/UpdateBucket": {
+ "post": {
+ "tags": [
+ "Bucket"
+ ],
+ "description": "\nAll fields (`websiteAccess` and `quotas`) are optional.\nIf they are present, the corresponding modifications are applied to the bucket, otherwise nothing is changed.\n\nIn `websiteAccess`: if `enabled` is `true`, `indexDocument` must be specified.\nThe field `errorDocument` is optional, if no error document is set a generic\nerror message is displayed when errors happen. Conversely, if `enabled` is\n`false`, neither `indexDocument` nor `errorDocument` must be specified.\n\nIn `quotas`: new values of `maxSize` and `maxObjects` must both be specified, or set to `null`\nto remove the quotas. An absent value will be considered the same as a `null`. It is not possible\nto change only one of the two quotas.\n ",
+ "operationId": "UpdateBucket",
+ "parameters": [
+ {
+ "name": "id",
+ "in": "query",
+ "description": "ID of the bucket to update",
+ "required": true,
+ "schema": {
+ "type": "string"
+ }
+ }
+ ],
+ "requestBody": {
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/UpdateBucketRequestBody"
+ }
+ }
+ },
+ "required": true
+ },
+ "responses": {
+ "200": {
+ "description": "Bucket has been updated",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/UpdateBucketResponse"
+ }
+ }
+ }
+ },
+ "404": {
+ "description": "Bucket not found"
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/UpdateClusterLayout": {
+ "post": {
+ "tags": [
+ "Cluster layout"
+ ],
+ "description": "\nSend modifications to the cluster layout. These modifications will be included in the staged role changes, visible in subsequent calls of `GET /GetClusterHealth`. Once the set of staged changes is satisfactory, the user may call `POST /ApplyClusterLayout` to apply the changed changes, or `POST /RevertClusterLayout` to clear all of the staged changes in the layout.\n\nSetting the capacity to `null` will configure the node as a gateway.\nOtherwise, capacity must be now set in bytes (before Garage 0.9 it was arbitrary weights).\nFor example to declare 100GB, you must set `capacity: 100000000000`.\n\nGarage uses internally the International System of Units (SI), it assumes that 1kB = 1000 bytes, and displays storage as kB, MB, GB (and not KiB, MiB, GiB that assume 1KiB = 1024 bytes).\n ",
+ "operationId": "UpdateClusterLayout",
+ "requestBody": {
+ "description": "\nTo add a new node to the layout or to change the configuration of an existing node, simply set the values you want (`zone`, `capacity`, and `tags`).\nTo remove a node, simply pass the `remove: true` field.\nThis logic is represented in OpenAPI with a 'One Of' object.\n\nContrary to the CLI that may update only a subset of the fields capacity, zone and tags, when calling this API all of these values must be specified.\n ",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/UpdateClusterLayoutRequest"
+ }
+ }
+ },
+ "required": true
+ },
+ "responses": {
+ "200": {
+ "description": "Proposed changes have been added to the list of pending changes",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/UpdateClusterLayoutResponse"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ },
+ "/v2/UpdateKey": {
+ "post": {
+ "tags": [
+ "Access key"
+ ],
+ "description": "\nUpdates information about the specified API access key.\n\n*Note: the secret key is not returned in the response, `null` is sent instead.*\n ",
+ "operationId": "UpdateKey",
+ "parameters": [
+ {
+ "name": "id",
+ "in": "query",
+ "description": "Access key ID",
+ "required": true,
+ "schema": {
+ "type": "string"
+ }
+ }
+ ],
+ "requestBody": {
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/UpdateKeyRequestBody"
+ }
+ }
+ },
+ "required": true
+ },
+ "responses": {
+ "200": {
+ "description": "Access key has been updated",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/UpdateKeyResponse"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error"
+ }
+ }
+ }
+ }
+ },
+ "components": {
+ "schemas": {
+ "AddBucketAliasResponse": {
+ "$ref": "#/components/schemas/GetBucketInfoResponse"
+ },
+ "AllowBucketKeyRequest": {
+ "$ref": "#/components/schemas/BucketKeyPermChangeRequest"
+ },
+ "AllowBucketKeyResponse": {
+ "$ref": "#/components/schemas/GetBucketInfoResponse"
+ },
+ "ApiBucketKeyPerm": {
+ "type": "object",
+ "properties": {
+ "owner": {
+ "type": "boolean"
+ },
+ "read": {
+ "type": "boolean"
+ },
+ "write": {
+ "type": "boolean"
+ }
+ }
+ },
+ "ApiBucketQuotas": {
+ "type": "object",
+ "properties": {
+ "maxObjects": {
+ "type": [
+ "integer",
+ "null"
+ ],
+ "format": "int64",
+ "minimum": 0
+ },
+ "maxSize": {
+ "type": [
+ "integer",
+ "null"
+ ],
+ "format": "int64",
+ "minimum": 0
+ }
+ }
+ },
+ "ApplyClusterLayoutRequest": {
+ "type": "object",
+ "required": [
+ "version"
+ ],
+ "properties": {
+ "version": {
+ "type": "integer",
+ "format": "int64",
+ "description": "As a safety measure, the new version number of the layout must\nbe specified here",
+ "minimum": 0
+ }
+ }
+ },
+ "ApplyClusterLayoutResponse": {
+ "type": "object",
+ "required": [
+ "message",
+ "layout"
+ ],
+ "properties": {
+ "layout": {
+ "$ref": "#/components/schemas/GetClusterLayoutResponse",
+ "description": "Details about the new cluster layout"
+ },
+ "message": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ },
+ "description": "Plain-text information about the layout computation\n(do not try to parse this)"
+ }
+ }
+ },
+ "BlockError": {
+ "type": "object",
+ "required": [
+ "blockHash",
+ "refcount",
+ "errorCount",
+ "lastTrySecsAgo",
+ "nextTryInSecs"
+ ],
+ "properties": {
+ "blockHash": {
+ "type": "string"
+ },
+ "errorCount": {
+ "type": "integer",
+ "format": "int64",
+ "minimum": 0
+ },
+ "lastTrySecsAgo": {
+ "type": "integer",
+ "format": "int64",
+ "minimum": 0
+ },
+ "nextTryInSecs": {
+ "type": "integer",
+ "format": "int64",
+ "minimum": 0
+ },
+ "refcount": {
+ "type": "integer",
+ "format": "int64",
+ "minimum": 0
+ }
+ }
+ },
+ "BlockVersion": {
+ "type": "object",
+ "required": [
+ "versionId",
+ "refDeleted",
+ "versionDeleted",
+ "garbageCollected"
+ ],
+ "properties": {
+ "backlink": {
+ "oneOf": [
+ {
+ "type": "null"
+ },
+ {
+ "$ref": "#/components/schemas/BlockVersionBacklink"
+ }
+ ]
+ },
+ "garbageCollected": {
+ "type": "boolean"
+ },
+ "refDeleted": {
+ "type": "boolean"
+ },
+ "versionDeleted": {
+ "type": "boolean"
+ },
+ "versionId": {
+ "type": "string"
+ }
+ }
+ },
+ "BlockVersionBacklink": {
+ "oneOf": [
+ {
+ "type": "object",
+ "required": [
+ "object"
+ ],
+ "properties": {
+ "object": {
+ "type": "object",
+ "required": [
+ "bucketId",
+ "key"
+ ],
+ "properties": {
+ "bucketId": {
+ "type": "string"
+ },
+ "key": {
+ "type": "string"
+ }
+ }
+ }
+ }
+ },
+ {
+ "type": "object",
+ "required": [
+ "upload"
+ ],
+ "properties": {
+ "upload": {
+ "type": "object",
+ "required": [
+ "uploadId",
+ "uploadDeleted",
+ "uploadGarbageCollected"
+ ],
+ "properties": {
+ "bucketId": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "key": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "uploadDeleted": {
+ "type": "boolean"
+ },
+ "uploadGarbageCollected": {
+ "type": "boolean"
+ },
+ "uploadId": {
+ "type": "string"
+ }
+ }
+ }
+ }
+ }
+ ]
+ },
+ "BucketAliasEnum": {
+ "oneOf": [
+ {
+ "type": "object",
+ "required": [
+ "bucketId",
+ "globalAlias"
+ ],
+ "properties": {
+ "bucketId": {
+ "type": "string"
+ },
+ "globalAlias": {
+ "type": "string"
+ }
+ }
+ },
+ {
+ "type": "object",
+ "required": [
+ "bucketId",
+ "localAlias",
+ "accessKeyId"
+ ],
+ "properties": {
+ "accessKeyId": {
+ "type": "string"
+ },
+ "bucketId": {
+ "type": "string"
+ },
+ "localAlias": {
+ "type": "string"
+ }
+ }
+ }
+ ]
+ },
+ "BucketKeyPermChangeRequest": {
+ "type": "object",
+ "required": [
+ "bucketId",
+ "accessKeyId",
+ "permissions"
+ ],
+ "properties": {
+ "accessKeyId": {
+ "type": "string"
+ },
+ "bucketId": {
+ "type": "string"
+ },
+ "permissions": {
+ "$ref": "#/components/schemas/ApiBucketKeyPerm"
+ }
+ }
+ },
+ "BucketLocalAlias": {
+ "type": "object",
+ "required": [
+ "accessKeyId",
+ "alias"
+ ],
+ "properties": {
+ "accessKeyId": {
+ "type": "string"
+ },
+ "alias": {
+ "type": "string"
+ }
+ }
+ },
+ "CleanupIncompleteUploadsRequest": {
+ "type": "object",
+ "required": [
+ "bucketId",
+ "olderThanSecs"
+ ],
+ "properties": {
+ "bucketId": {
+ "type": "string"
+ },
+ "olderThanSecs": {
+ "type": "integer",
+ "format": "int64",
+ "minimum": 0
+ }
+ }
+ },
+ "CleanupIncompleteUploadsResponse": {
+ "type": "object",
+ "required": [
+ "uploadsDeleted"
+ ],
+ "properties": {
+ "uploadsDeleted": {
+ "type": "integer",
+ "format": "int64",
+ "minimum": 0
+ }
+ }
+ },
+ "ClusterLayoutSkipDeadNodesRequest": {
+ "type": "object",
+ "required": [
+ "version",
+ "allowMissingData"
+ ],
+ "properties": {
+ "allowMissingData": {
+ "type": "boolean",
+ "description": "Allow the skip even if a quorum of nodes could not be found for\nthe data among the remaining nodes"
+ },
+ "version": {
+ "type": "integer",
+ "format": "int64",
+ "description": "Version number of the layout to assume is currently up-to-date.\nThis will generally be the current layout version.",
+ "minimum": 0
+ }
+ }
+ },
+ "ClusterLayoutSkipDeadNodesResponse": {
+ "type": "object",
+ "required": [
+ "ackUpdated",
+ "syncUpdated"
+ ],
+ "properties": {
+ "ackUpdated": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ },
+ "description": "Nodes for which the ACK update tracker has been updated to `version`"
+ },
+ "syncUpdated": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ },
+ "description": "If `allow_missing_data` is set,\nnodes for which the SYNC update tracker has been updated to `version`"
+ }
+ }
+ },
+ "ClusterLayoutVersion": {
+ "type": "object",
+ "required": [
+ "version",
+ "status",
+ "storageNodes",
+ "gatewayNodes"
+ ],
+ "properties": {
+ "gatewayNodes": {
+ "type": "integer",
+ "format": "int64",
+ "description": "Number of nodes with a gateway role in this layout version",
+ "minimum": 0
+ },
+ "status": {
+ "$ref": "#/components/schemas/ClusterLayoutVersionStatus",
+ "description": "Status of this layout version"
+ },
+ "storageNodes": {
+ "type": "integer",
+ "format": "int64",
+ "description": "Number of nodes with an assigned storage capacity in this layout version",
+ "minimum": 0
+ },
+ "version": {
+ "type": "integer",
+ "format": "int64",
+ "description": "Version number of this layout version",
+ "minimum": 0
+ }
+ }
+ },
+ "ClusterLayoutVersionStatus": {
+ "type": "string",
+ "enum": [
+ "Current",
+ "Draining",
+ "Historical"
+ ]
+ },
+ "ConnectClusterNodesRequest": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ },
+ "ConnectClusterNodesResponse": {
+ "type": "array",
+ "items": {
+ "$ref": "#/components/schemas/ConnectNodeResponse"
+ }
+ },
+ "ConnectNodeResponse": {
+ "type": "object",
+ "required": [
+ "success"
+ ],
+ "properties": {
+ "error": {
+ "type": [
+ "string",
+ "null"
+ ],
+ "description": "An error message if Garage did not manage to connect to this node"
+ },
+ "success": {
+ "type": "boolean",
+ "description": "`true` if Garage managed to connect to this node"
+ }
+ }
+ },
+ "CreateAdminTokenResponse": {
+ "allOf": [
+ {
+ "$ref": "#/components/schemas/GetAdminTokenInfoResponse"
+ },
+ {
+ "type": "object",
+ "required": [
+ "secretToken"
+ ],
+ "properties": {
+ "secretToken": {
+ "type": "string",
+ "description": "The secret bearer token. **CAUTION:** This token will be shown only\nONCE, so this value MUST be remembered somewhere, or the token\nwill be unusable."
+ }
+ }
+ }
+ ]
+ },
+ "CreateBucketLocalAlias": {
+ "type": "object",
+ "required": [
+ "accessKeyId",
+ "alias"
+ ],
+ "properties": {
+ "accessKeyId": {
+ "type": "string"
+ },
+ "alias": {
+ "type": "string"
+ },
+ "allow": {
+ "$ref": "#/components/schemas/ApiBucketKeyPerm"
+ }
+ }
+ },
+ "CreateBucketRequest": {
+ "type": "object",
+ "properties": {
+ "globalAlias": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "localAlias": {
+ "oneOf": [
+ {
+ "type": "null"
+ },
+ {
+ "$ref": "#/components/schemas/CreateBucketLocalAlias"
+ }
+ ]
+ }
+ }
+ },
+ "CreateBucketResponse": {
+ "$ref": "#/components/schemas/GetBucketInfoResponse"
+ },
+ "CreateKeyRequest": {
+ "$ref": "#/components/schemas/UpdateKeyRequestBody"
+ },
+ "CreateKeyResponse": {
+ "$ref": "#/components/schemas/GetKeyInfoResponse"
+ },
+ "DenyBucketKeyRequest": {
+ "$ref": "#/components/schemas/BucketKeyPermChangeRequest"
+ },
+ "DenyBucketKeyResponse": {
+ "$ref": "#/components/schemas/GetBucketInfoResponse"
+ },
+ "FreeSpaceResp": {
+ "type": "object",
+ "required": [
+ "available",
+ "total"
+ ],
+ "properties": {
+ "available": {
+ "type": "integer",
+ "format": "int64",
+ "description": "Number of bytes available",
+ "minimum": 0
+ },
+ "total": {
+ "type": "integer",
+ "format": "int64",
+ "description": "Total number of bytes",
+ "minimum": 0
+ }
+ }
+ },
+ "GetAdminTokenInfoResponse": {
+ "type": "object",
+ "required": [
+ "name",
+ "expired",
+ "scope"
+ ],
+ "properties": {
+ "created": {
+ "type": [
+ "string",
+ "null"
+ ],
+ "format": "date-time",
+ "description": "Creation date"
+ },
+ "expiration": {
+ "type": [
+ "string",
+ "null"
+ ],
+ "format": "date-time",
+ "description": "Expiration time and date, formatted according to RFC 3339"
+ },
+ "expired": {
+ "type": "boolean",
+ "description": "Whether this admin token is expired already"
+ },
+ "id": {
+ "type": [
+ "string",
+ "null"
+ ],
+ "description": "Identifier of the admin token (which is also a prefix of the full bearer token)"
+ },
+ "name": {
+ "type": "string",
+ "description": "Name of the admin API token"
+ },
+ "scope": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ },
+ "description": "Scope of the admin API token, a list of admin endpoint names (such as\n`GetClusterStatus`, etc), or the special value `*` to allow all\nadmin endpoints"
+ }
+ }
+ },
+ "GetBucketInfoKey": {
+ "type": "object",
+ "required": [
+ "accessKeyId",
+ "name",
+ "permissions",
+ "bucketLocalAliases"
+ ],
+ "properties": {
+ "accessKeyId": {
+ "type": "string"
+ },
+ "bucketLocalAliases": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ },
+ "name": {
+ "type": "string"
+ },
+ "permissions": {
+ "$ref": "#/components/schemas/ApiBucketKeyPerm"
+ }
+ }
+ },
+ "GetBucketInfoResponse": {
+ "type": "object",
+ "required": [
+ "id",
+ "created",
+ "globalAliases",
+ "websiteAccess",
+ "keys",
+ "objects",
+ "bytes",
+ "unfinishedUploads",
+ "unfinishedMultipartUploads",
+ "unfinishedMultipartUploadParts",
+ "unfinishedMultipartUploadBytes",
+ "quotas"
+ ],
+ "properties": {
+ "bytes": {
+ "type": "integer",
+ "format": "int64",
+ "description": "Total number of bytes used by objects in this bucket"
+ },
+ "created": {
+ "type": "string",
+ "format": "date-time",
+ "description": "Bucket creation date"
+ },
+ "globalAliases": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ },
+ "description": "List of global aliases for this bucket"
+ },
+ "id": {
+ "type": "string",
+ "description": "Identifier of the bucket"
+ },
+ "keys": {
+ "type": "array",
+ "items": {
+ "$ref": "#/components/schemas/GetBucketInfoKey"
+ },
+ "description": "List of access keys that have permissions granted on this bucket"
+ },
+ "objects": {
+ "type": "integer",
+ "format": "int64",
+ "description": "Number of objects in this bucket"
+ },
+ "quotas": {
+ "$ref": "#/components/schemas/ApiBucketQuotas",
+ "description": "Quotas that apply to this bucket"
+ },
+ "unfinishedMultipartUploadBytes": {
+ "type": "integer",
+ "format": "int64",
+ "description": "Total number of bytes used by unfinished multipart uploads in this bucket"
+ },
+ "unfinishedMultipartUploadParts": {
+ "type": "integer",
+ "format": "int64",
+ "description": "Number of parts in unfinished multipart uploads in this bucket"
+ },
+ "unfinishedMultipartUploads": {
+ "type": "integer",
+ "format": "int64",
+ "description": "Number of unfinished multipart uploads in this bucket"
+ },
+ "unfinishedUploads": {
+ "type": "integer",
+ "format": "int64",
+ "description": "Number of unfinished uploads in this bucket"
+ },
+ "websiteAccess": {
+ "type": "boolean",
+ "description": "Whether website access is enabled for this bucket"
+ },
+ "websiteConfig": {
+ "oneOf": [
+ {
+ "type": "null"
+ },
+ {
+ "$ref": "#/components/schemas/GetBucketInfoWebsiteResponse",
+ "description": "Website configuration for this bucket"
+ }
+ ]
+ }
+ }
+ },
+ "GetBucketInfoWebsiteResponse": {
+ "type": "object",
+ "required": [
+ "indexDocument"
+ ],
+ "properties": {
+ "errorDocument": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "indexDocument": {
+ "type": "string"
+ }
+ }
+ },
+ "GetClusterHealthResponse": {
+ "type": "object",
+ "required": [
+ "status",
+ "knownNodes",
+ "connectedNodes",
+ "storageNodes",
+ "storageNodesUp",
+ "partitions",
+ "partitionsQuorum",
+ "partitionsAllOk"
+ ],
+ "properties": {
+ "connectedNodes": {
+ "type": "integer",
+ "description": "the number of nodes this Garage node currently has an open connection to",
+ "minimum": 0
+ },
+ "knownNodes": {
+ "type": "integer",
+ "description": "the number of nodes this Garage node has had a TCP connection to since the daemon started",
+ "minimum": 0
+ },
+ "partitions": {
+ "type": "integer",
+ "description": "the total number of partitions of the data (currently always 256)",
+ "minimum": 0
+ },
+ "partitionsAllOk": {
+ "type": "integer",
+ "description": "the number of partitions for which we are connected to all storage nodes responsible of storing it",
+ "minimum": 0
+ },
+ "partitionsQuorum": {
+ "type": "integer",
+ "description": "the number of partitions for which a quorum of write nodes is available",
+ "minimum": 0
+ },
+ "status": {
+ "type": "string",
+ "description": "One of `healthy`, `degraded` or `unavailable`:\n- `healthy`: Garage node is connected to all storage nodes\n- `degraded`: Garage node is not connected to all storage nodes, but a quorum of write nodes is available for all partitions\n- `unavailable`: a quorum of write nodes is not available for some partitions"
+ },
+ "storageNodes": {
+ "type": "integer",
+ "description": "the number of storage nodes currently registered in the cluster layout",
+ "minimum": 0
+ },
+ "storageNodesUp": {
+ "type": "integer",
+ "description": "the number of storage nodes to which a connection is currently open",
+ "minimum": 0
+ }
+ }
+ },
+ "GetClusterLayoutHistoryResponse": {
+ "type": "object",
+ "required": [
+ "currentVersion",
+ "minAck",
+ "versions"
+ ],
+ "properties": {
+ "currentVersion": {
+ "type": "integer",
+ "format": "int64",
+ "description": "The current version number of the cluster layout",
+ "minimum": 0
+ },
+ "minAck": {
+ "type": "integer",
+ "format": "int64",
+ "description": "All nodes in the cluster are aware of layout versions up to\nthis version number (at least)",
+ "minimum": 0
+ },
+ "updateTrackers": {
+ "type": [
+ "object",
+ "null"
+ ],
+ "description": "Detailed update trackers for nodes (see\n`https://garagehq.deuxfleurs.fr/blog/2023-12-preserving-read-after-write-consistency/`)",
+ "additionalProperties": {
+ "$ref": "#/components/schemas/NodeUpdateTrackers"
+ },
+ "propertyNames": {
+ "type": "string"
+ }
+ },
+ "versions": {
+ "type": "array",
+ "items": {
+ "$ref": "#/components/schemas/ClusterLayoutVersion"
+ },
+ "description": "Layout version history"
+ }
+ }
+ },
+ "GetClusterLayoutResponse": {
+ "type": "object",
+ "required": [
+ "version",
+ "roles",
+ "parameters",
+ "partitionSize",
+ "stagedRoleChanges"
+ ],
+ "properties": {
+ "parameters": {
+ "$ref": "#/components/schemas/LayoutParameters",
+ "description": "Layout parameters used when the current layout was computed"
+ },
+ "partitionSize": {
+ "type": "integer",
+ "format": "int64",
+ "description": "The size, in bytes, of one Garage partition (= a shard)",
+ "minimum": 0
+ },
+ "roles": {
+ "type": "array",
+ "items": {
+ "$ref": "#/components/schemas/LayoutNodeRole"
+ },
+ "description": "List of nodes that currently have a role in the cluster layout"
+ },
+ "stagedParameters": {
+ "oneOf": [
+ {
+ "type": "null"
+ },
+ {
+ "$ref": "#/components/schemas/LayoutParameters",
+ "description": "Layout parameters to use when computing the next version of\nthe cluster layout"
+ }
+ ]
+ },
+ "stagedRoleChanges": {
+ "type": "array",
+ "items": {
+ "$ref": "#/components/schemas/NodeRoleChange"
+ },
+ "description": "List of nodes that will have a new role or whose role will be\nremoved in the next version of the cluster layout"
+ },
+ "version": {
+ "type": "integer",
+ "format": "int64",
+ "description": "The current version number of the cluster layout",
+ "minimum": 0
+ }
+ }
+ },
+ "GetClusterStatisticsResponse": {
+ "type": "object",
+ "required": [
+ "freeform"
+ ],
+ "properties": {
+ "freeform": {
+ "type": "string"
+ }
+ }
+ },
+ "GetClusterStatusResponse": {
+ "type": "object",
+ "required": [
+ "layoutVersion",
+ "nodes"
+ ],
+ "properties": {
+ "layoutVersion": {
+ "type": "integer",
+ "format": "int64",
+ "description": "Current version number of the cluster layout",
+ "minimum": 0
+ },
+ "nodes": {
+ "type": "array",
+ "items": {
+ "$ref": "#/components/schemas/NodeResp"
+ },
+ "description": "List of nodes that are either currently connected, part of the\ncurrent cluster layout, or part of an older cluster layout that\nis still active in the cluster (being drained)."
+ }
+ }
+ },
+ "GetCurrentAdminTokenInfoResponse": {
+ "$ref": "#/components/schemas/GetAdminTokenInfoResponse"
+ },
+ "GetKeyInfoResponse": {
+ "type": "object",
+ "required": [
+ "accessKeyId",
+ "name",
+ "expired",
+ "permissions",
+ "buckets"
+ ],
+ "properties": {
+ "accessKeyId": {
+ "type": "string"
+ },
+ "buckets": {
+ "type": "array",
+ "items": {
+ "$ref": "#/components/schemas/KeyInfoBucketResponse"
+ }
+ },
+ "created": {
+ "type": [
+ "string",
+ "null"
+ ],
+ "format": "date-time"
+ },
+ "expiration": {
+ "type": [
+ "string",
+ "null"
+ ],
+ "format": "date-time"
+ },
+ "expired": {
+ "type": "boolean"
+ },
+ "name": {
+ "type": "string"
+ },
+ "permissions": {
+ "$ref": "#/components/schemas/KeyPerm"
+ },
+ "secretAccessKey": {
+ "type": [
+ "string",
+ "null"
+ ]
+ }
+ }
+ },
+ "ImportKeyRequest": {
+ "type": "object",
+ "required": [
+ "accessKeyId",
+ "secretAccessKey"
+ ],
+ "properties": {
+ "accessKeyId": {
+ "type": "string"
+ },
+ "name": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "secretAccessKey": {
+ "type": "string"
+ }
+ }
+ },
+ "ImportKeyResponse": {
+ "$ref": "#/components/schemas/GetKeyInfoResponse"
+ },
+ "InspectObjectBlock": {
+ "type": "object",
+ "required": [
+ "partNumber",
+ "offset",
+ "hash",
+ "size"
+ ],
+ "properties": {
+ "hash": {
+ "type": "string",
+ "description": "Hash (blake2 sum) of the block's data"
+ },
+ "offset": {
+ "type": "integer",
+ "format": "int64",
+ "description": "Offset of this block within the part",
+ "minimum": 0
+ },
+ "partNumber": {
+ "type": "integer",
+ "format": "int64",
+ "description": "Part number of the part containing this block, for multipart uploads",
+ "minimum": 0
+ },
+ "size": {
+ "type": "integer",
+ "format": "int64",
+ "description": "Length of the blocks's data",
+ "minimum": 0
+ }
+ }
+ },
+ "InspectObjectResponse": {
+ "type": "object",
+ "required": [
+ "bucketId",
+ "key",
+ "versions"
+ ],
+ "properties": {
+ "bucketId": {
+ "type": "string",
+ "description": "ID of the bucket containing the inspected object"
+ },
+ "key": {
+ "type": "string",
+ "description": "Key of the inspected object"
+ },
+ "versions": {
+ "type": "array",
+ "items": {
+ "$ref": "#/components/schemas/InspectObjectVersion"
+ },
+ "description": "List of versions currently stored for this object"
+ }
+ }
+ },
+ "InspectObjectVersion": {
+ "type": "object",
+ "required": [
+ "uuid",
+ "timestamp",
+ "encrypted",
+ "uploading",
+ "aborted",
+ "deleteMarker",
+ "inline"
+ ],
+ "properties": {
+ "aborted": {
+ "type": "boolean",
+ "description": "Whether this is an aborted upload"
+ },
+ "blocks": {
+ "type": "array",
+ "items": {
+ "$ref": "#/components/schemas/InspectObjectBlock"
+ },
+ "description": "List of data blocks for this object version"
+ },
+ "deleteMarker": {
+ "type": "boolean",
+ "description": "Whether this version is a delete marker (a tombstone indicating that a previous version of\nthe object has been deleted)"
+ },
+ "encrypted": {
+ "type": "boolean",
+ "description": "Whether this object version was created with SSE-C encryption"
+ },
+ "etag": {
+ "type": [
+ "string",
+ "null"
+ ],
+ "description": "Etag of this object version"
+ },
+ "headers": {
+ "type": "array",
+ "items": {
+ "type": "array",
+ "items": false,
+ "prefixItems": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ]
+ },
+ "description": "Metadata (HTTP headers) associated with this object version"
+ },
+ "inline": {
+ "type": "boolean",
+ "description": "Whether the object's data is stored inline (for small objects)"
+ },
+ "size": {
+ "type": [
+ "integer",
+ "null"
+ ],
+ "format": "int64",
+ "description": "Size of the object, in bytes",
+ "minimum": 0
+ },
+ "timestamp": {
+ "type": "string",
+ "format": "date-time",
+ "description": "Creation timestamp of this object version"
+ },
+ "uploading": {
+ "type": "boolean",
+ "description": "Whether this object version is still uploading"
+ },
+ "uuid": {
+ "type": "string",
+ "description": "Version ID"
+ }
+ }
+ },
+ "KeyInfoBucketResponse": {
+ "type": "object",
+ "required": [
+ "id",
+ "globalAliases",
+ "localAliases",
+ "permissions"
+ ],
+ "properties": {
+ "globalAliases": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ },
+ "id": {
+ "type": "string"
+ },
+ "localAliases": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ },
+ "permissions": {
+ "$ref": "#/components/schemas/ApiBucketKeyPerm"
+ }
+ }
+ },
+ "KeyPerm": {
+ "type": "object",
+ "properties": {
+ "createBucket": {
+ "type": "boolean"
+ }
+ }
+ },
+ "LayoutNodeRole": {
+ "type": "object",
+ "required": [
+ "id",
+ "zone",
+ "tags"
+ ],
+ "properties": {
+ "capacity": {
+ "type": [
+ "integer",
+ "null"
+ ],
+ "format": "int64",
+ "description": "Capacity (in bytes) assigned by the cluster administrator,\nabsent for gateway nodes",
+ "minimum": 0
+ },
+ "id": {
+ "type": "string",
+ "description": "Identifier of the node"
+ },
+ "storedPartitions": {
+ "type": [
+ "integer",
+ "null"
+ ],
+ "format": "int64",
+ "description": "Number of partitions stored on this node\n(a result of the layout computation)",
+ "minimum": 0
+ },
+ "tags": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ },
+ "description": "List of tags assigned by the cluster administrator"
+ },
+ "usableCapacity": {
+ "type": [
+ "integer",
+ "null"
+ ],
+ "format": "int64",
+ "description": "Capacity (in bytes) that is actually usable on this node in the current\nlayout, which is equal to `stored_partitions` × `partition_size`",
+ "minimum": 0
+ },
+ "zone": {
+ "type": "string",
+ "description": "Zone name assigned by the cluster administrator"
+ }
+ }
+ },
+ "LayoutParameters": {
+ "type": "object",
+ "required": [
+ "zoneRedundancy"
+ ],
+ "properties": {
+ "zoneRedundancy": {
+ "$ref": "#/components/schemas/ZoneRedundancy",
+ "description": "Minimum number of zones in which a data partition must be replicated"
+ }
+ }
+ },
+ "ListAdminTokensResponse": {
+ "type": "array",
+ "items": {
+ "$ref": "#/components/schemas/GetAdminTokenInfoResponse"
+ }
+ },
+ "ListBucketsResponse": {
+ "type": "array",
+ "items": {
+ "$ref": "#/components/schemas/ListBucketsResponseItem"
+ }
+ },
+ "ListBucketsResponseItem": {
+ "type": "object",
+ "required": [
+ "id",
+ "created",
+ "globalAliases",
+ "localAliases"
+ ],
+ "properties": {
+ "created": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "globalAliases": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ },
+ "id": {
+ "type": "string"
+ },
+ "localAliases": {
+ "type": "array",
+ "items": {
+ "$ref": "#/components/schemas/BucketLocalAlias"
+ }
+ }
+ }
+ },
+ "ListKeysResponse": {
+ "type": "array",
+ "items": {
+ "$ref": "#/components/schemas/ListKeysResponseItem"
+ }
+ },
+ "ListKeysResponseItem": {
+ "type": "object",
+ "required": [
+ "id",
+ "name",
+ "expired"
+ ],
+ "properties": {
+ "created": {
+ "type": [
+ "string",
+ "null"
+ ],
+ "format": "date-time"
+ },
+ "expiration": {
+ "type": [
+ "string",
+ "null"
+ ],
+ "format": "date-time"
+ },
+ "expired": {
+ "type": "boolean"
+ },
+ "id": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ }
+ }
+ },
+ "LocalCreateMetadataSnapshotResponse": {
+ "default": null
+ },
+ "LocalGetBlockInfoRequest": {
+ "type": "object",
+ "required": [
+ "blockHash"
+ ],
+ "properties": {
+ "blockHash": {
+ "type": "string"
+ }
+ }
+ },
+ "LocalGetBlockInfoResponse": {
+ "type": "object",
+ "required": [
+ "blockHash",
+ "refcount",
+ "versions"
+ ],
+ "properties": {
+ "blockHash": {
+ "type": "string"
+ },
+ "refcount": {
+ "type": "integer",
+ "format": "int64",
+ "minimum": 0
+ },
+ "versions": {
+ "type": "array",
+ "items": {
+ "$ref": "#/components/schemas/BlockVersion"
+ }
+ }
+ }
+ },
+ "LocalGetNodeInfoResponse": {
+ "type": "object",
+ "required": [
+ "nodeId",
+ "garageVersion",
+ "rustVersion",
+ "dbEngine"
+ ],
+ "properties": {
+ "dbEngine": {
+ "type": "string"
+ },
+ "garageFeatures": {
+ "type": [
+ "array",
+ "null"
+ ],
+ "items": {
+ "type": "string"
+ }
+ },
+ "garageVersion": {
+ "type": "string"
+ },
+ "nodeId": {
+ "type": "string"
+ },
+ "rustVersion": {
+ "type": "string"
+ }
+ }
+ },
+ "LocalGetNodeStatisticsResponse": {
+ "type": "object",
+ "required": [
+ "freeform"
+ ],
+ "properties": {
+ "freeform": {
+ "type": "string"
+ }
+ }
+ },
+ "LocalGetWorkerInfoRequest": {
+ "type": "object",
+ "required": [
+ "id"
+ ],
+ "properties": {
+ "id": {
+ "type": "integer",
+ "format": "int64",
+ "minimum": 0
+ }
+ }
+ },
+ "LocalGetWorkerInfoResponse": {
+ "$ref": "#/components/schemas/WorkerInfoResp"
+ },
+ "LocalGetWorkerVariableRequest": {
+ "type": "object",
+ "properties": {
+ "variable": {
+ "type": [
+ "string",
+ "null"
+ ]
+ }
+ }
+ },
+ "LocalGetWorkerVariableResponse": {
+ "type": "object",
+ "additionalProperties": {
+ "type": "string"
+ },
+ "propertyNames": {
+ "type": "string"
+ }
+ },
+ "LocalLaunchRepairOperationRequest": {
+ "type": "object",
+ "required": [
+ "repairType"
+ ],
+ "properties": {
+ "repairType": {
+ "$ref": "#/components/schemas/RepairType"
+ }
+ }
+ },
+ "LocalLaunchRepairOperationResponse": {
+ "default": null
+ },
+ "LocalListBlockErrorsResponse": {
+ "type": "array",
+ "items": {
+ "$ref": "#/components/schemas/BlockError"
+ }
+ },
+ "LocalListWorkersRequest": {
+ "type": "object",
+ "properties": {
+ "busyOnly": {
+ "type": "boolean"
+ },
+ "errorOnly": {
+ "type": "boolean"
+ }
+ }
+ },
+ "LocalListWorkersResponse": {
+ "type": "array",
+ "items": {
+ "$ref": "#/components/schemas/WorkerInfoResp"
+ }
+ },
+ "LocalPurgeBlocksRequest": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ },
+ "LocalPurgeBlocksResponse": {
+ "type": "object",
+ "required": [
+ "blocksPurged",
+ "objectsDeleted",
+ "uploadsDeleted",
+ "versionsDeleted",
+ "blockRefsPurged"
+ ],
+ "properties": {
+ "blockRefsPurged": {
+ "type": "integer",
+ "format": "int64",
+ "minimum": 0
+ },
+ "blocksPurged": {
+ "type": "integer",
+ "format": "int64",
+ "minimum": 0
+ },
+ "objectsDeleted": {
+ "type": "integer",
+ "format": "int64",
+ "minimum": 0
+ },
+ "uploadsDeleted": {
+ "type": "integer",
+ "format": "int64",
+ "minimum": 0
+ },
+ "versionsDeleted": {
+ "type": "integer",
+ "format": "int64",
+ "minimum": 0
+ }
+ }
+ },
+ "LocalRetryBlockResyncRequest": {
+ "oneOf": [
+ {
+ "type": "object",
+ "required": [
+ "all"
+ ],
+ "properties": {
+ "all": {
+ "type": "boolean"
+ }
+ }
+ },
+ {
+ "type": "object",
+ "required": [
+ "blockHashes"
+ ],
+ "properties": {
+ "blockHashes": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ }
+ }
+ }
+ ]
+ },
+ "LocalRetryBlockResyncResponse": {
+ "type": "object",
+ "required": [
+ "count"
+ ],
+ "properties": {
+ "count": {
+ "type": "integer",
+ "format": "int64",
+ "minimum": 0
+ }
+ }
+ },
+ "LocalSetWorkerVariableRequest": {
+ "type": "object",
+ "required": [
+ "variable",
+ "value"
+ ],
+ "properties": {
+ "value": {
+ "type": "string"
+ },
+ "variable": {
+ "type": "string"
+ }
+ }
+ },
+ "LocalSetWorkerVariableResponse": {
+ "type": "object",
+ "required": [
+ "variable",
+ "value"
+ ],
+ "properties": {
+ "value": {
+ "type": "string"
+ },
+ "variable": {
+ "type": "string"
+ }
+ }
+ },
+ "MultiResponse_LocalCreateMetadataSnapshotResponse": {
+ "type": "object",
+ "required": [
+ "success",
+ "error"
+ ],
+ "properties": {
+ "error": {
+ "type": "object",
+ "description": "Map of node id to error message, for nodes that were unable to complete the API\ncall",
+ "additionalProperties": {
+ "type": "string"
+ },
+ "propertyNames": {
+ "type": "string"
+ }
+ },
+ "success": {
+ "type": "object",
+ "description": "Map of node id to response returned by this node, for nodes that were able to\nsuccessfully complete the API call",
+ "additionalProperties": {
+ "default": null
+ },
+ "propertyNames": {
+ "type": "string"
+ }
+ }
+ }
+ },
+ "MultiResponse_LocalGetBlockInfoResponse": {
+ "type": "object",
+ "required": [
+ "success",
+ "error"
+ ],
+ "properties": {
+ "error": {
+ "type": "object",
+ "description": "Map of node id to error message, for nodes that were unable to complete the API\ncall",
+ "additionalProperties": {
+ "type": "string"
+ },
+ "propertyNames": {
+ "type": "string"
+ }
+ },
+ "success": {
+ "type": "object",
+ "description": "Map of node id to response returned by this node, for nodes that were able to\nsuccessfully complete the API call",
+ "additionalProperties": {
+ "type": "object",
+ "required": [
+ "blockHash",
+ "refcount",
+ "versions"
+ ],
+ "properties": {
+ "blockHash": {
+ "type": "string"
+ },
+ "refcount": {
+ "type": "integer",
+ "format": "int64",
+ "minimum": 0
+ },
+ "versions": {
+ "type": "array",
+ "items": {
+ "$ref": "#/components/schemas/BlockVersion"
+ }
+ }
+ }
+ },
+ "propertyNames": {
+ "type": "string"
+ }
+ }
+ }
+ },
+ "MultiResponse_LocalGetNodeInfoResponse": {
+ "type": "object",
+ "required": [
+ "success",
+ "error"
+ ],
+ "properties": {
+ "error": {
+ "type": "object",
+ "description": "Map of node id to error message, for nodes that were unable to complete the API\ncall",
+ "additionalProperties": {
+ "type": "string"
+ },
+ "propertyNames": {
+ "type": "string"
+ }
+ },
+ "success": {
+ "type": "object",
+ "description": "Map of node id to response returned by this node, for nodes that were able to\nsuccessfully complete the API call",
+ "additionalProperties": {
+ "type": "object",
+ "required": [
+ "nodeId",
+ "garageVersion",
+ "rustVersion",
+ "dbEngine"
+ ],
+ "properties": {
+ "dbEngine": {
+ "type": "string"
+ },
+ "garageFeatures": {
+ "type": [
+ "array",
+ "null"
+ ],
+ "items": {
+ "type": "string"
+ }
+ },
+ "garageVersion": {
+ "type": "string"
+ },
+ "nodeId": {
+ "type": "string"
+ },
+ "rustVersion": {
+ "type": "string"
+ }
+ }
+ },
+ "propertyNames": {
+ "type": "string"
+ }
+ }
+ }
+ },
+ "MultiResponse_LocalGetNodeStatisticsResponse": {
+ "type": "object",
+ "required": [
+ "success",
+ "error"
+ ],
+ "properties": {
+ "error": {
+ "type": "object",
+ "description": "Map of node id to error message, for nodes that were unable to complete the API\ncall",
+ "additionalProperties": {
+ "type": "string"
+ },
+ "propertyNames": {
+ "type": "string"
+ }
+ },
+ "success": {
+ "type": "object",
+ "description": "Map of node id to response returned by this node, for nodes that were able to\nsuccessfully complete the API call",
+ "additionalProperties": {
+ "type": "object",
+ "required": [
+ "freeform"
+ ],
+ "properties": {
+ "freeform": {
+ "type": "string"
+ }
+ }
+ },
+ "propertyNames": {
+ "type": "string"
+ }
+ }
+ }
+ },
+ "MultiResponse_LocalGetWorkerInfoResponse": {
+ "type": "object",
+ "required": [
+ "success",
+ "error"
+ ],
+ "properties": {
+ "error": {
+ "type": "object",
+ "description": "Map of node id to error message, for nodes that were unable to complete the API\ncall",
+ "additionalProperties": {
+ "type": "string"
+ },
+ "propertyNames": {
+ "type": "string"
+ }
+ },
+ "success": {
+ "type": "object",
+ "description": "Map of node id to response returned by this node, for nodes that were able to\nsuccessfully complete the API call",
+ "additionalProperties": {
+ "$ref": "#/components/schemas/WorkerInfoResp"
+ },
+ "propertyNames": {
+ "type": "string"
+ }
+ }
+ }
+ },
+ "MultiResponse_LocalGetWorkerVariableResponse": {
+ "type": "object",
+ "required": [
+ "success",
+ "error"
+ ],
+ "properties": {
+ "error": {
+ "type": "object",
+ "description": "Map of node id to error message, for nodes that were unable to complete the API\ncall",
+ "additionalProperties": {
+ "type": "string"
+ },
+ "propertyNames": {
+ "type": "string"
+ }
+ },
+ "success": {
+ "type": "object",
+ "description": "Map of node id to response returned by this node, for nodes that were able to\nsuccessfully complete the API call",
+ "additionalProperties": {
+ "type": "object",
+ "additionalProperties": {
+ "type": "string"
+ },
+ "propertyNames": {
+ "type": "string"
+ }
+ },
+ "propertyNames": {
+ "type": "string"
+ }
+ }
+ }
+ },
+ "MultiResponse_LocalLaunchRepairOperationResponse": {
+ "type": "object",
+ "required": [
+ "success",
+ "error"
+ ],
+ "properties": {
+ "error": {
+ "type": "object",
+ "description": "Map of node id to error message, for nodes that were unable to complete the API\ncall",
+ "additionalProperties": {
+ "type": "string"
+ },
+ "propertyNames": {
+ "type": "string"
+ }
+ },
+ "success": {
+ "type": "object",
+ "description": "Map of node id to response returned by this node, for nodes that were able to\nsuccessfully complete the API call",
+ "additionalProperties": {
+ "default": null
+ },
+ "propertyNames": {
+ "type": "string"
+ }
+ }
+ }
+ },
+ "MultiResponse_LocalListBlockErrorsResponse": {
+ "type": "object",
+ "required": [
+ "success",
+ "error"
+ ],
+ "properties": {
+ "error": {
+ "type": "object",
+ "description": "Map of node id to error message, for nodes that were unable to complete the API\ncall",
+ "additionalProperties": {
+ "type": "string"
+ },
+ "propertyNames": {
+ "type": "string"
+ }
+ },
+ "success": {
+ "type": "object",
+ "description": "Map of node id to response returned by this node, for nodes that were able to\nsuccessfully complete the API call",
+ "additionalProperties": {
+ "type": "array",
+ "items": {
+ "$ref": "#/components/schemas/BlockError"
+ }
+ },
+ "propertyNames": {
+ "type": "string"
+ }
+ }
+ }
+ },
+ "MultiResponse_LocalListWorkersResponse": {
+ "type": "object",
+ "required": [
+ "success",
+ "error"
+ ],
+ "properties": {
+ "error": {
+ "type": "object",
+ "description": "Map of node id to error message, for nodes that were unable to complete the API\ncall",
+ "additionalProperties": {
+ "type": "string"
+ },
+ "propertyNames": {
+ "type": "string"
+ }
+ },
+ "success": {
+ "type": "object",
+ "description": "Map of node id to response returned by this node, for nodes that were able to\nsuccessfully complete the API call",
+ "additionalProperties": {
+ "type": "array",
+ "items": {
+ "$ref": "#/components/schemas/WorkerInfoResp"
+ }
+ },
+ "propertyNames": {
+ "type": "string"
+ }
+ }
+ }
+ },
+ "MultiResponse_LocalPurgeBlocksResponse": {
+ "type": "object",
+ "required": [
+ "success",
+ "error"
+ ],
+ "properties": {
+ "error": {
+ "type": "object",
+ "description": "Map of node id to error message, for nodes that were unable to complete the API\ncall",
+ "additionalProperties": {
+ "type": "string"
+ },
+ "propertyNames": {
+ "type": "string"
+ }
+ },
+ "success": {
+ "type": "object",
+ "description": "Map of node id to response returned by this node, for nodes that were able to\nsuccessfully complete the API call",
+ "additionalProperties": {
+ "type": "object",
+ "required": [
+ "blocksPurged",
+ "objectsDeleted",
+ "uploadsDeleted",
+ "versionsDeleted",
+ "blockRefsPurged"
+ ],
+ "properties": {
+ "blockRefsPurged": {
+ "type": "integer",
+ "format": "int64",
+ "minimum": 0
+ },
+ "blocksPurged": {
+ "type": "integer",
+ "format": "int64",
+ "minimum": 0
+ },
+ "objectsDeleted": {
+ "type": "integer",
+ "format": "int64",
+ "minimum": 0
+ },
+ "uploadsDeleted": {
+ "type": "integer",
+ "format": "int64",
+ "minimum": 0
+ },
+ "versionsDeleted": {
+ "type": "integer",
+ "format": "int64",
+ "minimum": 0
+ }
+ }
+ },
+ "propertyNames": {
+ "type": "string"
+ }
+ }
+ }
+ },
+ "MultiResponse_LocalRetryBlockResyncResponse": {
+ "type": "object",
+ "required": [
+ "success",
+ "error"
+ ],
+ "properties": {
+ "error": {
+ "type": "object",
+ "description": "Map of node id to error message, for nodes that were unable to complete the API\ncall",
+ "additionalProperties": {
+ "type": "string"
+ },
+ "propertyNames": {
+ "type": "string"
+ }
+ },
+ "success": {
+ "type": "object",
+ "description": "Map of node id to response returned by this node, for nodes that were able to\nsuccessfully complete the API call",
+ "additionalProperties": {
+ "type": "object",
+ "required": [
+ "count"
+ ],
+ "properties": {
+ "count": {
+ "type": "integer",
+ "format": "int64",
+ "minimum": 0
+ }
+ }
+ },
+ "propertyNames": {
+ "type": "string"
+ }
+ }
+ }
+ },
+ "MultiResponse_LocalSetWorkerVariableResponse": {
+ "type": "object",
+ "required": [
+ "success",
+ "error"
+ ],
+ "properties": {
+ "error": {
+ "type": "object",
+ "description": "Map of node id to error message, for nodes that were unable to complete the API\ncall",
+ "additionalProperties": {
+ "type": "string"
+ },
+ "propertyNames": {
+ "type": "string"
+ }
+ },
+ "success": {
+ "type": "object",
+ "description": "Map of node id to response returned by this node, for nodes that were able to\nsuccessfully complete the API call",
+ "additionalProperties": {
+ "type": "object",
+ "required": [
+ "variable",
+ "value"
+ ],
+ "properties": {
+ "value": {
+ "type": "string"
+ },
+ "variable": {
+ "type": "string"
+ }
+ }
+ },
+ "propertyNames": {
+ "type": "string"
+ }
+ }
+ }
+ },
+ "NodeAssignedRole": {
+ "type": "object",
+ "required": [
+ "zone",
+ "tags"
+ ],
+ "properties": {
+ "capacity": {
+ "type": [
+ "integer",
+ "null"
+ ],
+ "format": "int64",
+ "description": "Capacity (in bytes) assigned by the cluster administrator,\nabsent for gateway nodes",
+ "minimum": 0
+ },
+ "tags": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ },
+ "description": "List of tags assigned by the cluster administrator"
+ },
+ "zone": {
+ "type": "string",
+ "description": "Zone name assigned by the cluster administrator"
+ }
+ }
+ },
+ "NodeResp": {
+ "type": "object",
+ "required": [
+ "id",
+ "isUp",
+ "draining"
+ ],
+ "properties": {
+ "addr": {
+ "type": [
+ "string",
+ "null"
+ ],
+ "description": "Socket address used by other nodes to connect to this node for RPC"
+ },
+ "dataPartition": {
+ "oneOf": [
+ {
+ "type": "null"
+ },
+ {
+ "$ref": "#/components/schemas/FreeSpaceResp",
+ "description": "Total and available space on the disk partition(s) containing the data\ndirectory(ies)"
+ }
+ ]
+ },
+ "draining": {
+ "type": "boolean",
+ "description": "Whether this node is part of an older layout version and is draining data."
+ },
+ "garageVersion": {
+ "type": [
+ "string",
+ "null"
+ ],
+ "description": "Garage version"
+ },
+ "hostname": {
+ "type": [
+ "string",
+ "null"
+ ],
+ "description": "Hostname of the node"
+ },
+ "id": {
+ "type": "string",
+ "description": "Full-length node identifier"
+ },
+ "isUp": {
+ "type": "boolean",
+ "description": "Whether this node is connected in the cluster"
+ },
+ "lastSeenSecsAgo": {
+ "type": [
+ "integer",
+ "null"
+ ],
+ "format": "int64",
+ "description": "For disconnected nodes, the number of seconds since last contact,\nor `null` if no contact was established since Garage restarted.",
+ "minimum": 0
+ },
+ "metadataPartition": {
+ "oneOf": [
+ {
+ "type": "null"
+ },
+ {
+ "$ref": "#/components/schemas/FreeSpaceResp",
+ "description": "Total and available space on the disk partition containing the\nmetadata directory"
+ }
+ ]
+ },
+ "role": {
+ "oneOf": [
+ {
+ "type": "null"
+ },
+ {
+ "$ref": "#/components/schemas/NodeAssignedRole",
+ "description": "Role assigned to this node in the current cluster layout"
+ }
+ ]
+ }
+ }
+ },
+ "NodeRoleChange": {
+ "allOf": [
+ {
+ "$ref": "#/components/schemas/NodeRoleChangeEnum"
+ },
+ {
+ "type": "object",
+ "required": [
+ "id"
+ ],
+ "properties": {
+ "id": {
+ "type": "string",
+ "description": "ID of the node for which this change applies"
+ }
+ }
+ }
+ ]
+ },
+ "NodeRoleChangeEnum": {
+ "oneOf": [
+ {
+ "type": "object",
+ "required": [
+ "remove"
+ ],
+ "properties": {
+ "remove": {
+ "type": "boolean",
+ "description": "Set `remove` to `true` to remove the node from the layout"
+ }
+ }
+ },
+ {
+ "$ref": "#/components/schemas/NodeAssignedRole"
+ }
+ ]
+ },
+ "NodeRoleChangeRequest": {
+ "oneOf": [
+ {
+ "type": "object",
+ "required": [
+ "id",
+ "remove"
+ ],
+ "properties": {
+ "id": {
+ "type": "string",
+ "description": "ID of the node for which this change applies"
+ },
+ "remove": {
+ "type": "boolean",
+ "description": "Set `remove` to `true` to remove the node from the layout"
+ }
+ }
+ },
+ {
+ "allOf": [
+ {
+ "$ref": "#/components/schemas/NodeAssignedRole"
+ },
+ {
+ "type": "object",
+ "required": [
+ "id"
+ ],
+ "properties": {
+ "id": {
+ "type": "string",
+ "description": "ID of the node for which this change applies"
+ }
+ }
+ }
+ ]
+ }
+ ]
+ },
+ "NodeUpdateTrackers": {
+ "type": "object",
+ "required": [
+ "ack",
+ "sync",
+ "syncAck"
+ ],
+ "properties": {
+ "ack": {
+ "type": "integer",
+ "format": "int64",
+ "minimum": 0
+ },
+ "sync": {
+ "type": "integer",
+ "format": "int64",
+ "minimum": 0
+ },
+ "syncAck": {
+ "type": "integer",
+ "format": "int64",
+ "minimum": 0
+ }
+ }
+ },
+ "PreviewClusterLayoutChangesResponse": {
+ "oneOf": [
+ {
+ "type": "object",
+ "required": [
+ "error"
+ ],
+ "properties": {
+ "error": {
+ "type": "string",
+ "description": "Error message indicating that the layout could not be computed\nwith the provided configuration"
+ }
+ }
+ },
+ {
+ "type": "object",
+ "required": [
+ "message",
+ "newLayout"
+ ],
+ "properties": {
+ "message": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ },
+ "description": "Plain-text information about the layout computation\n(do not try to parse this)"
+ },
+ "newLayout": {
+ "$ref": "#/components/schemas/GetClusterLayoutResponse",
+ "description": "Details about the new cluster layout"
+ }
+ }
+ }
+ ]
+ },
+ "RemoveBucketAliasResponse": {
+ "$ref": "#/components/schemas/GetBucketInfoResponse"
+ },
+ "RepairType": {
+ "oneOf": [
+ {
+ "type": "string",
+ "enum": [
+ "tables"
+ ]
+ },
+ {
+ "type": "string",
+ "enum": [
+ "blocks"
+ ]
+ },
+ {
+ "type": "string",
+ "enum": [
+ "versions"
+ ]
+ },
+ {
+ "type": "string",
+ "enum": [
+ "multipartUploads"
+ ]
+ },
+ {
+ "type": "string",
+ "enum": [
+ "blockRefs"
+ ]
+ },
+ {
+ "type": "string",
+ "enum": [
+ "blockRc"
+ ]
+ },
+ {
+ "type": "string",
+ "enum": [
+ "rebalance"
+ ]
+ },
+ {
+ "type": "object",
+ "required": [
+ "scrub"
+ ],
+ "properties": {
+ "scrub": {
+ "$ref": "#/components/schemas/ScrubCommand"
+ }
+ }
+ },
+ {
+ "type": "string",
+ "enum": [
+ "aliases"
+ ]
+ },
+ {
+ "type": "string",
+ "enum": [
+ "clearResyncQueue"
+ ]
+ }
+ ]
+ },
+ "RevertClusterLayoutResponse": {
+ "$ref": "#/components/schemas/GetClusterLayoutResponse"
+ },
+ "ScrubCommand": {
+ "type": "string",
+ "enum": [
+ "start",
+ "pause",
+ "resume",
+ "cancel"
+ ]
+ },
+ "UpdateAdminTokenRequestBody": {
+ "type": "object",
+ "properties": {
+ "expiration": {
+ "type": [
+ "string",
+ "null"
+ ],
+ "format": "date-time",
+ "description": "Expiration time and date, formatted according to RFC 3339"
+ },
+ "name": {
+ "type": [
+ "string",
+ "null"
+ ],
+ "description": "Name of the admin API token"
+ },
+ "neverExpires": {
+ "type": "boolean",
+ "description": "Set the admin token to never expire"
+ },
+ "scope": {
+ "type": [
+ "array",
+ "null"
+ ],
+ "items": {
+ "type": "string"
+ },
+ "description": "Scope of the admin API token, a list of admin endpoint names (such as\n`GetClusterStatus`, etc), or the special value `*` to allow all\nadmin endpoints. **WARNING:** Granting a scope of `CreateAdminToken` or\n`UpdateAdminToken` trivially allows for privilege escalation, and is thus\nfunctionnally equivalent to granting a scope of `*`."
+ }
+ }
+ },
+ "UpdateAdminTokenResponse": {
+ "$ref": "#/components/schemas/GetAdminTokenInfoResponse"
+ },
+ "UpdateBucketRequestBody": {
+ "type": "object",
+ "properties": {
+ "quotas": {
+ "oneOf": [
+ {
+ "type": "null"
+ },
+ {
+ "$ref": "#/components/schemas/ApiBucketQuotas"
+ }
+ ]
+ },
+ "websiteAccess": {
+ "oneOf": [
+ {
+ "type": "null"
+ },
+ {
+ "$ref": "#/components/schemas/UpdateBucketWebsiteAccess"
+ }
+ ]
+ }
+ }
+ },
+ "UpdateBucketResponse": {
+ "$ref": "#/components/schemas/GetBucketInfoResponse"
+ },
+ "UpdateBucketWebsiteAccess": {
+ "type": "object",
+ "required": [
+ "enabled"
+ ],
+ "properties": {
+ "enabled": {
+ "type": "boolean"
+ },
+ "errorDocument": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "indexDocument": {
+ "type": [
+ "string",
+ "null"
+ ]
+ }
+ }
+ },
+ "UpdateClusterLayoutRequest": {
+ "type": "object",
+ "properties": {
+ "parameters": {
+ "oneOf": [
+ {
+ "type": "null"
+ },
+ {
+ "$ref": "#/components/schemas/LayoutParameters",
+ "description": "New layout computation parameters to use"
+ }
+ ]
+ },
+ "roles": {
+ "type": "array",
+ "items": {
+ "$ref": "#/components/schemas/NodeRoleChangeRequest"
+ },
+ "description": "New node roles to assign or remove in the cluster layout"
+ }
+ }
+ },
+ "UpdateClusterLayoutResponse": {
+ "$ref": "#/components/schemas/GetClusterLayoutResponse"
+ },
+ "UpdateKeyRequestBody": {
+ "type": "object",
+ "properties": {
+ "allow": {
+ "oneOf": [
+ {
+ "type": "null"
+ },
+ {
+ "$ref": "#/components/schemas/KeyPerm",
+ "description": "Permissions to allow for the key"
+ }
+ ]
+ },
+ "deny": {
+ "oneOf": [
+ {
+ "type": "null"
+ },
+ {
+ "$ref": "#/components/schemas/KeyPerm",
+ "description": "Permissions to deny for the key"
+ }
+ ]
+ },
+ "expiration": {
+ "type": [
+ "string",
+ "null"
+ ],
+ "format": "date-time",
+ "description": "Expiration time and date, formatted according to RFC 3339"
+ },
+ "name": {
+ "type": [
+ "string",
+ "null"
+ ],
+ "description": "Name of the API key"
+ },
+ "neverExpires": {
+ "type": "boolean",
+ "description": "Set the access key to never expire"
+ }
+ }
+ },
+ "UpdateKeyResponse": {
+ "$ref": "#/components/schemas/GetKeyInfoResponse"
+ },
+ "WorkerInfoResp": {
+ "type": "object",
+ "required": [
+ "id",
+ "name",
+ "state",
+ "errors",
+ "consecutiveErrors",
+ "freeform"
+ ],
+ "properties": {
+ "consecutiveErrors": {
+ "type": "integer",
+ "format": "int64",
+ "minimum": 0
+ },
+ "errors": {
+ "type": "integer",
+ "format": "int64",
+ "minimum": 0
+ },
+ "freeform": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ },
+ "id": {
+ "type": "integer",
+ "format": "int64",
+ "minimum": 0
+ },
+ "lastError": {
+ "oneOf": [
+ {
+ "type": "null"
+ },
+ {
+ "$ref": "#/components/schemas/WorkerLastError"
+ }
+ ]
+ },
+ "name": {
+ "type": "string"
+ },
+ "persistentErrors": {
+ "type": [
+ "integer",
+ "null"
+ ],
+ "format": "int64",
+ "minimum": 0
+ },
+ "progress": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "queueLength": {
+ "type": [
+ "integer",
+ "null"
+ ],
+ "format": "int64",
+ "minimum": 0
+ },
+ "state": {
+ "$ref": "#/components/schemas/WorkerStateResp"
+ },
+ "tranquility": {
+ "type": [
+ "integer",
+ "null"
+ ],
+ "format": "int32",
+ "minimum": 0
+ }
+ }
+ },
+ "WorkerLastError": {
+ "type": "object",
+ "required": [
+ "message",
+ "secsAgo"
+ ],
+ "properties": {
+ "message": {
+ "type": "string"
+ },
+ "secsAgo": {
+ "type": "integer",
+ "format": "int64",
+ "minimum": 0
+ }
+ }
+ },
+ "WorkerStateResp": {
+ "oneOf": [
+ {
+ "type": "string",
+ "enum": [
+ "busy"
+ ]
+ },
+ {
+ "type": "object",
+ "required": [
+ "throttled"
+ ],
+ "properties": {
+ "throttled": {
+ "type": "object",
+ "required": [
+ "durationSecs"
+ ],
+ "properties": {
+ "durationSecs": {
+ "type": "number",
+ "format": "float"
+ }
+ }
+ }
+ }
+ },
+ {
+ "type": "string",
+ "enum": [
+ "idle"
+ ]
+ },
+ {
+ "type": "string",
+ "enum": [
+ "done"
+ ]
+ }
+ ]
+ },
+ "ZoneRedundancy": {
+ "oneOf": [
+ {
+ "type": "object",
+ "description": "Partitions must be replicated in at least this number of\ndistinct zones.",
+ "required": [
+ "atLeast"
+ ],
+ "properties": {
+ "atLeast": {
+ "type": "integer",
+ "description": "Partitions must be replicated in at least this number of\ndistinct zones.",
+ "minimum": 0
+ }
+ }
+ },
+ {
+ "type": "string",
+ "description": "Partitions must be replicated in as many zones as possible:\nas many zones as there are replicas, if there are enough distinct\nzones, or at least one in each zone otherwise.",
+ "enum": [
+ "maximum"
+ ]
+ }
+ ]
+ }
+ },
+ "securitySchemes": {
+ "bearerAuth": {
+ "type": "http",
+ "scheme": "bearer"
+ }
+ }
+ },
+ "security": [
+ {
+ "bearerAuth": []
+ }
+ ]
+}
diff --git a/doc/book/build/_index.md b/doc/book/build/_index.md
index 021045aa..6a01ef57 100644
--- a/doc/book/build/_index.md
+++ b/doc/book/build/_index.md
@@ -51,4 +51,4 @@ We are currently building this SDK for [Python](@/documentation/build/python.md#
More information:
- [In the reference manual](@/documentation/reference-manual/admin-api.md)
- - [Full specifiction](https://garagehq.deuxfleurs.fr/api/garage-admin-v0.html)
+ - [Full specification](https://garagehq.deuxfleurs.fr/api/garage-admin-v0.html)
diff --git a/doc/book/build/others.md b/doc/book/build/others.md
index 341e82d5..df055e79 100644
--- a/doc/book/build/others.md
+++ b/doc/book/build/others.md
@@ -5,13 +5,13 @@ weight = 99
## S3
-If you are developping a new application, you may want to use Garage to store your user's media.
+If you are developing a new application, you may want to use Garage to store your user's media.
The S3 API that Garage uses is a standard REST API, so as long as you can make HTTP requests,
you can query it. You can check the [S3 REST API Reference](https://docs.aws.amazon.com/AmazonS3/latest/API/API_Operations_Amazon_Simple_Storage_Service.html) from Amazon to learn more.
-Developping your own wrapper around the REST API is time consuming and complicated.
-Instead, there are some libraries already avalaible.
+Developing your own wrapper around the REST API is time consuming and complicated.
+Instead, there are some libraries already available.
Some of them are maintained by Amazon, some by Minio, others by the community.
diff --git a/doc/book/connect/_index.md b/doc/book/connect/_index.md
index 7d8e686c..497f97a9 100644
--- a/doc/book/connect/_index.md
+++ b/doc/book/connect/_index.md
@@ -23,7 +23,7 @@ To configure S3-compatible software to interact with Garage,
you will need the following parameters:
- An **API endpoint**: this corresponds to the HTTP or HTTPS address
- used to contact the Garage server. When runing Garage locally this will usually
+ used to contact the Garage server. When running Garage locally this will usually
be `http://127.0.0.1:3900`. In a real-world setting, you would usually have a reverse-proxy
that adds TLS support and makes your Garage server available under a public hostname
such as `https://garage.example.com`.
diff --git a/doc/book/connect/apps/index.md b/doc/book/connect/apps/index.md
index f52d434b..627f1842 100644
--- a/doc/book/connect/apps/index.md
+++ b/doc/book/connect/apps/index.md
@@ -12,8 +12,9 @@ In this section, we cover the following web applications:
| [Mastodon](#mastodon) | ✅ | Natively supported |
| [Matrix](#matrix) | ✅ | Tested with `synapse-s3-storage-provider` |
| [ejabberd](#ejabberd) | ✅ | `mod_s3_upload` |
-| [Pixelfed](#pixelfed) | ✅ | Natively supported |
-| [Pleroma](#pleroma) | ❓ | Not yet tested |
+| [Ente](#ente) | ✅ | Natively supported |
+| [Pixelfed](#pixelfed) | ❓ | Natively supported |
+| [Pleroma](#pleroma) | ✅ | Natively supported |
| [Lemmy](#lemmy) | ✅ | Supported with pict-rs |
| [Funkwhale](#funkwhale) | ❓ | Not yet tested |
| [Misskey](#misskey) | ❓ | Not yet tested |
@@ -53,7 +54,7 @@ garage bucket allow nextcloud --read --write --key nextcloud-key
Now edit your Nextcloud configuration file to enable object storage.
On my installation, the config. file is located at the following path: `/var/www/nextcloud/config/config.php`.
-We will add a new root key to the `$CONFIG` dictionnary named `objectstore`:
+We will add a new root key to the `$CONFIG` dictionary named `objectstore`:
```php
+ user:
+ password:
+
+s3:
+ # Override the primary and secondary hot storage. The commented out values
+ # are the defaults.
+ #
+ hot_storage:
+ primary: b2-eu-cen
+ # secondary: wasabi-eu-central-2-v3
+
+ # If true, enable some workarounds to allow us to use a local minio instance
+ # for object storage.
+ #
+ # 1. Disable SSL.
+ # 2. Use "path" style S3 URLs (see `use_path_style_urls` below).
+ # 3. Directly download the file during replication instead of going via the
+ # Cloudflare worker.
+ # 4. Do not specify storage classes when uploading objects (since minio does
+ # not support them, specifically it doesn't support GLACIER).
+ are_local_buckets: true
+
+ # To use "path" style S3 URLs instead of DNS-based bucket access
+ # default to true if you set "are_local_buckets: true"
+ # use_path_style_urls: true
+
+ b2-eu-cen: # Don't change this key, it is hardcoded
+ key:
+ secret:
+ endpoint: garage:3900 # publicly accessible endpoint of your garage instance
+ region: garage
+ bucket:
+ use_path_style: true
+ # you can specify secondary locations, names are hardcoded as well
+ # wasabi-eu-central-2-v3:
+ # scw-eu-fr-v3:
+
+ # and you can also specify a bucket to be used for embeddings, preview etc..
+ # default to the first bucket
+ # derived-storage: wasabi-eu-central-2-derived
+```
+
+Finally you can run it with Docker :
+
+```bash
+docker run -d --name ente-server --restart unless-stopped -v /path/to/museum.yaml:/museum.yaml -v /path/to/credentials.yaml:/credentials.yaml -p 8080:8080 ghcr.io/ente-io/ente-server
+```
+
+For more information on deployment you can check the [ente documentation](https://help.ente.io/self-hosting/)
+
## Pixelfed
[Pixelfed Technical Documentation > Configuration](https://docs.pixelfed.org/technical-documentation/env.html#filesystem)
## Pleroma
-[Pleroma Documentation > Pleroma.Uploaders.S3](https://docs-develop.pleroma.social/backend/configuration/cheatsheet/#pleromauploaderss3)
+### Creating your bucket
+
+This is the usual Garage setup:
+
+```bash
+garage key new --name pleroma-key
+garage bucket create pleroma
+garage bucket allow pleroma --read --write --owner --key pleroma-key
+```
+
+We also need to expose these buckets publicly to serve their content to users:
+
+```bash
+garage bucket website --allow pleroma
+```
+
+Note the Key ID and Secret Key.
+
+### Configure Pleroma
+
+Update your Pleroma configuration like that in `/etc/pleroma/config.exs`.
+
+```
+config :pleroma, Pleroma.Upload,
+ uploader: Pleroma.Uploaders.S3,
+ base_url: "https://pleroma.garage.example.tld"
+
+config :ex_aws, :s3,
+ access_key_id: "GW...",
+ secret_access_key: "XXX",
+ region: "garage",
+ host: "api.garage.example.tld"
+```
+
+And restart Pleroma.
+
+You can found more information in [Pleroma Documentation > Pleroma.Uploaders.S3](https://docs-develop.pleroma.social/backend/configuration/cheatsheet/#pleromauploaderss3)
+
+### Migrating your data
+
+Pleroma have an internal migration tool that can encounter some fatal error
+
+```
+** (EXIT from #PID<0.98.0>) an exception was raised:
+ ** (File.Error) could not stream "/var/lib/pleroma/uploads/09/f8": illegal operation on a directory
+ (elixir 1.17.3) lib/file/stream.ex:100: anonymous fn/3 in Enumerable.File.Stream.reduce/3
+ (elixir 1.17.3) lib/stream.ex:1675: anonymous fn/5 in Stream.resource/3
+ (elixir 1.17.3) lib/stream.ex:1891: Enumerable.Stream.do_each/4
+ (elixir 1.17.3) lib/task/supervised.ex:370: Task.Supervised.stream_reduce/7
+ (elixir 1.17.3) lib/enum.ex:4423: Enum.map/2
+ (ex_aws_s3 2.5.8) lib/ex_aws/s3/upload.ex:141: ExAws.Operation.ExAws.S3.Upload.perform/2
+ (pleroma 2.10.0) lib/pleroma/uploaders/s3.ex:60: Pleroma.Uploaders.S3.put_file/1
+ (pleroma 2.10.0) lib/pleroma/uploaders/uploader.ex:49: Pleroma.Uploaders.Uploader.put_file/2
+```
+
+So, use [your best tool](https://garagehq.deuxfleurs.fr/documentation/connect/cli/) to sync `/var/lib/pleroma/uploads/` in your S3.
+
+Then, to avoid some non existent problem (just in case of), run this command
+
+```bash
+while true
+do
+ rm -vr $(./bin/pleroma_ctl uploads migrate_local S3 2>&1 | grep "could not stream" | awk -F '"' '{print $2}')
+ sleep 5
+done
+```
+
+If you have many files, stop this command sometime and the command bellow (interactive) to delete local
+file after upload. Then restart the loop.
+
+```bash
+./bin/pleroma_ctl uploads migrate_local S3 --delete
+```
+
+And *voilà*
## Lemmy
diff --git a/doc/book/connect/backup.md b/doc/book/connect/backup.md
index 7e97d777..dba6900d 100644
--- a/doc/book/connect/backup.md
+++ b/doc/book/connect/backup.md
@@ -207,3 +207,13 @@ $ plakar at @garageS3 ls
```
More information in Plakar documentation: https://www.plakar.io/docs/main/quickstart/
+
+## Synology HyperBackup
+
+HyperBackup can be configured to upload backups to garage using a custom S3 destination. However, the HyperBackup client hardcodes the `us-east-1` region that is a critical input to the v4 signature process. If garage is not set to `us-east-1`, HyperBackup will recognize available buckets, but fail during the final setup stage.
+
+In garage.toml:
+```toml
+[s3_api]
+s3_region = "us-east-1"
+```
diff --git a/doc/book/connect/cli.md b/doc/book/connect/cli.md
index 6529e4b2..f52cc205 100644
--- a/doc/book/connect/cli.md
+++ b/doc/book/connect/cli.md
@@ -41,7 +41,7 @@ Some commands:
# list buckets
mc ls garage/
-# list objets in a bucket
+# list objects in a bucket
mc ls garage/my_files
# copy from your filesystem to garage
@@ -149,6 +149,15 @@ rclone help
This will tremendously accelerate operations such as `rclone sync` or `rclone ncdu` by reducing the number
of ListObjects calls that are made.
+**Garage behind Cloudflare proxy:** when running Garage behind Cloudflare proxy, you might see `Response: error 403 Forbidden, Forbidden: Invalid signature` error in your garage logs or `AccessDenied: Forbidden: Invalid signature` error in rclone logs. Try adding `--s3-sign-accept-encoding=false` flag to your rclone command and see if the issue is resolved.
+
+```bash
+# this throws an error
+rclone lsd garage:
+
+# this should work
+rclone lsd --s3-sign-accept-encoding=false garage:
+```
## `s3cmd`
@@ -209,7 +218,7 @@ Within Cyberduck, a
available within the `Preferences -> Profiles` section. This can enabled and
then connections to Garage may be configured.
-### Instuctions for the CLI
+### Instructions for the CLI
To configure duck (Cyberduck's CLI tool), start by creating its folder hierarchy:
@@ -314,4 +323,3 @@ ls
```
And through the web interface at http://[::1]:8080/web/client
-
diff --git a/doc/book/connect/repositories.md b/doc/book/connect/repositories.md
index 537b02e7..0ae79b1e 100644
--- a/doc/book/connect/repositories.md
+++ b/doc/book/connect/repositories.md
@@ -201,11 +201,9 @@ on the binary cache, the client will download the result from the cache instead
### Channels
-Channels additionnaly serve Nix definitions, ie. a `.nix` file referencing
+Channels additionally serve Nix definitions, ie. a `.nix` file referencing
all the derivations you want to serve.
## Gitlab
*External link:* [Gitlab Documentation > Object storage](https://docs.gitlab.com/ee/administration/object_storage.html)
-
-
diff --git a/doc/book/cookbook/ansible.md b/doc/book/cookbook/ansible.md
index 8b0d2969..8d86a7d1 100644
--- a/doc/book/cookbook/ansible.md
+++ b/doc/book/cookbook/ansible.md
@@ -8,12 +8,12 @@ have published Ansible roles. We list them and compare them below.
## Comparison of Ansible roles
-| Feature | [ansible-role-garage](#zorun-ansible-role-garage) | [garage-docker-ansible-deploy](#moan0s-garage-docker-ansible-deploy) | [eddster ansible-role-garage](#eddster-ansible-role-garage) |
+| Feature | [ansible-role-garage](#zorun-ansible-role-garage) | [garage-docker-ansible-deploy](#moan0s-garage-docker-ansible-deploy) | [eddster2309 ansible-role-garage](#eddster2309-ansible-role-garage) |
|------------------------------------|---------------------------------------------|---------------------------------------------------------------|---------------------------------|
| **Runtime** | Systemd | Docker | Systemd |
| **Target OS** | Any Linux | Any Linux | Any Linux |
| **Architecture** | amd64, arm64, i686 | amd64, arm64 | arm64, arm, 386, amd64 |
-| **Additional software** | None | Traefik | Ngnix and Keepalived (optional) |
+| **Additional software** | None | Traefik | Nginx and Keepalived (optional) |
| **Automatic node connection** | ❌ | ✅ | ✅ |
| **Layout management** | ❌ | ✅ | ✅ |
| **Manage buckets & keys** | ❌ | ✅ (basic) | ✅ |
diff --git a/doc/book/cookbook/binary-packages.md b/doc/book/cookbook/binary-packages.md
index ce6beb7b..1e399764 100644
--- a/doc/book/cookbook/binary-packages.md
+++ b/doc/book/cookbook/binary-packages.md
@@ -29,6 +29,10 @@ it's stable).
Garage is available in the official repositories under [extra](https://archlinux.org/packages/extra/x86_64/garage).
+```bash
+pacman -S garage
+```
+
## FreeBSD
```bash
@@ -40,3 +44,9 @@ pkg install garage
```bash
nix-shell -p garage
```
+
+## conda-forge
+
+```bash
+pixi global install garage
+```
diff --git a/doc/book/cookbook/encryption.md b/doc/book/cookbook/encryption.md
index bfbea0ec..13da4bd7 100644
--- a/doc/book/cookbook/encryption.md
+++ b/doc/book/cookbook/encryption.md
@@ -33,7 +33,7 @@ by adding encryption at different levels.
We would be very curious to know your needs and thougs about ideas such as
encryption practices and things like key management, as we want Garage to be a
-serious base platform for the developpment of secure, encrypted applications.
+serious base platform for the development of secure, encrypted applications.
Do not hesitate to come talk to us if you have any thoughts or questions on the
subject.
@@ -59,7 +59,7 @@ For standard S3 API requests, Garage does not encrypt data at rest by itself.
For the most generic at rest encryption of data, we recommend setting up your
storage partitions on encrypted LUKS devices.
-If you are developping your own client software that makes use of S3 storage,
+If you are developing your own client software that makes use of S3 storage,
we recommend implementing data encryption directly on the client side and never
transmitting plaintext data to Garage. This makes it easy to use an external
untrusted storage provider if necessary.
@@ -108,14 +108,14 @@ Protects against the following threats:
- Stolen HDD
-Crucially, does not protect againt malicious sysadmins or remote attackers that
+Crucially, does not protect against malicious sysadmins or remote attackers that
might gain access to your servers.
Methods include full-disk encryption with tools such as LUKS.
## Encrypting data on the client side
-Protects againt the following threats:
+Protects against the following threats:
- A honest-but-curious administrator
- A malicious administrator that tries to corrupt your data
diff --git a/doc/book/cookbook/exposing-websites.md b/doc/book/cookbook/exposing-websites.md
index 9382a541..74a5613d 100644
--- a/doc/book/cookbook/exposing-websites.md
+++ b/doc/book/cookbook/exposing-websites.md
@@ -9,7 +9,7 @@ There are three methods to expose buckets as website:
1. using the PutBucketWebsite S3 API call, which is allowed for access keys that have the owner permission bit set
-2. from the Garage CLI, by an adminstrator of the cluster
+2. from the Garage CLI, by an administrator of the cluster
3. using the Garage administration API
diff --git a/doc/book/cookbook/from-source.md b/doc/book/cookbook/from-source.md
index 7105c999..04b84aef 100644
--- a/doc/book/cookbook/from-source.md
+++ b/doc/book/cookbook/from-source.md
@@ -20,12 +20,12 @@ sudo apt-get update
sudo apt-get install build-essential
```
-## Building from source from the Gitea repository
+## Building from source from the Forgejo repository
The primary location for Garage's source code is the
-[Gitea repository](https://git.deuxfleurs.fr/Deuxfleurs/garage),
+[Forgejo repository](https://git.deuxfleurs.fr/Deuxfleurs/garage),
which contains all of the released versions as well as the code
-for the developpement of the next version.
+for the development of the next version.
Clone the repository and enter it as follows:
@@ -41,7 +41,7 @@ git tag # List available tags
git checkout v0.8.0 # Change v0.8.0 with the version you wish to build
```
-Otherwise you will be building a developpement build from the `main` branch
+Otherwise you will be building a development build from the `main` branch
that includes all of the changes to be released in the next version.
Be careful that such a build might be unstable or contain bugs,
and could be incompatible with nodes that run stable versions of Garage.
@@ -85,11 +85,14 @@ The following feature flags are available in v0.8.0:
| Feature flag | Enabled | Description |
| ------------ | ------- | ----------- |
| `bundled-libs` | *by default* | Use bundled version of sqlite3, zstd, lmdb and libsodium |
-| `system-libs` | optional | Use system version of sqlite3, zstd, lmdb and libsodium if available (exclusive with `bundled-libs`, build using `cargo build --no-default-features --features system-libs`) |
+| `consul-discovery` | optional | Enable automatic registration and discovery of cluster nodes through the Consul API |
+| `fjall` | experimental | Enable using Fjall to store Garage's metadata |
+| `journald` | optional | Enable logging to systemd-journald with `GARAGE_LOG_TO_JOURNALD=true` environment variable set |
| `k2v` | optional | Enable the experimental K2V API (if used, all nodes on your Garage cluster must have it enabled as well) |
| `kubernetes-discovery` | optional | Enable automatic registration and discovery of cluster nodes through the Kubernetes API |
-| `metrics` | *by default* | Enable collection of metrics in Prometheus format on the admin API |
-| `telemetry-otlp` | optional | Enable collection of execution traces using OpenTelemetry |
-| `syslog` | optional | Enable logging to Syslog |
| `lmdb` | *by default* | Enable using LMDB to store Garage's metadata |
+| `metrics` | *by default* | Enable collection of metrics in Prometheus format on the admin API |
| `sqlite` | *by default* | Enable using Sqlite3 to store Garage's metadata |
+| `syslog` | optional | Enable logging to Syslog with `GARAGE_LOG_TO_SYSLOG=true` environment variable set |
+| `system-libs` | optional | Use system version of sqlite3, zstd, lmdb and libsodium if available (exclusive with `bundled-libs`, build using `cargo build --no-default-features --features system-libs`) |
+| `telemetry-otlp` | optional | Enable collection of execution traces using OpenTelemetry |
diff --git a/doc/book/cookbook/kubernetes.md b/doc/book/cookbook/kubernetes.md
index f5bceec8..c1db742f 100644
--- a/doc/book/cookbook/kubernetes.md
+++ b/doc/book/cookbook/kubernetes.md
@@ -26,7 +26,7 @@ Or deploy with custom values:
helm install --create-namespace --namespace garage garage ./garage -f values.override.yaml
```
-If you want to manage the CustomRessourceDefinition used by garage for its `kubernetes_discovery` outside of the helm chart, add `garage.kubernetesSkipCrd: true` to your custom values and use the kustomization before deploying the helm chart:
+If you want to manage the CustomResourceDefinition used by garage for its `kubernetes_discovery` outside of the helm chart, add `garage.kubernetesSkipCrd: true` to your custom values and use the kustomization before deploying the helm chart:
```bash
kubectl apply -k ../k8s/crd
@@ -47,12 +47,12 @@ All possible configuration values can be found with:
helm show values ./garage
```
-This is an example `values.overrride.yaml` for deploying in a microk8s cluster with a https s3 api ingress route:
+This is an example `values.override.yaml` for deploying in a microk8s cluster with a https s3 api ingress route:
```yaml
garage:
# Use only 2 replicas per object
- replicationMode: "2"
+ replicationFactor: 2
# Start 4 instances (StatefulSets) of garage
deployment:
diff --git a/doc/book/cookbook/real-world.md b/doc/book/cookbook/real-world.md
index b9927c06..681346cb 100644
--- a/doc/book/cookbook/real-world.md
+++ b/doc/book/cookbook/real-world.md
@@ -96,14 +96,14 @@ to store 2 TB of data in total.
## Get a Docker image
Our docker image is currently named `dxflrs/garage` and is stored on the [Docker Hub](https://hub.docker.com/r/dxflrs/garage/tags?page=1&ordering=last_updated).
-We encourage you to use a fixed tag (eg. `v1.3.0`) and not the `latest` tag.
-For this example, we will use the latest published version at the time of the writing which is `v1.3.0` but it's up to you
+We encourage you to use a fixed tag (eg. `v2.2.0`) and not the `latest` tag.
+For this example, we will use the latest published version at the time of the writing which is `v2.2.0` but it's up to you
to check [the most recent versions on the Docker Hub](https://hub.docker.com/r/dxflrs/garage/tags?page=1&ordering=last_updated).
For example:
```
-sudo docker pull dxflrs/garage:v1.3.0
+sudo docker pull dxflrs/garage:v2.2.0
```
## Deploying and configuring Garage
@@ -171,7 +171,7 @@ docker run \
-v /etc/garage.toml:/etc/garage.toml \
-v /var/lib/garage/meta:/var/lib/garage/meta \
-v /var/lib/garage/data:/var/lib/garage/data \
- dxflrs/garage:v1.3.0
+ dxflrs/garage:v2.2.0
```
With this command line, Garage should be started automatically at each boot.
@@ -185,7 +185,7 @@ If you want to use `docker-compose`, you may use the following `docker-compose.y
version: "3"
services:
garage:
- image: dxflrs/garage:v1.3.0
+ image: dxflrs/garage:v2.2.0
network_mode: "host"
restart: unless-stopped
volumes:
diff --git a/doc/book/cookbook/reverse-proxy.md b/doc/book/cookbook/reverse-proxy.md
index bdc1c549..ffa8252c 100644
--- a/doc/book/cookbook/reverse-proxy.md
+++ b/doc/book/cookbook/reverse-proxy.md
@@ -7,7 +7,7 @@ The main reason to add a reverse proxy in front of Garage is to provide TLS to y
In production you will likely need your certificates signed by a certificate authority.
The most automated way is to use a provider supporting the [ACME protocol](https://datatracker.ietf.org/doc/html/rfc8555)
-such as [Let's Encrypt](https://letsencrypt.org/), [ZeroSSL](https://zerossl.com/) or [Buypass Go SSL](https://www.buypass.com/ssl/products/acme).
+such as [Let's Encrypt](https://letsencrypt.org/) or [ZeroSSL](https://zerossl.com/).
If you are only testing Garage, you can generate a self-signed certificate to follow the documentation:
@@ -97,7 +97,7 @@ server {
location / {
proxy_pass http://s3_backend;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header Host $host;
+ proxy_set_header Host $http_host;
# Disable buffering to a temporary file.
proxy_max_temp_file_size 0;
}
@@ -272,7 +272,7 @@ Add the following configuration section [to compress response](https://doc.traef
### Add caching response
-Traefik's caching middleware is only available on [entreprise version](https://doc.traefik.io/traefik-enterprise/middlewares/http-cache/), however the freely-available [Souin plugin](https://github.com/darkweak/souin#tr%C3%A6fik-container) can also do the job. (section to be completed)
+Traefik's caching middleware is only available on [enterprise version](https://doc.traefik.io/traefik-enterprise/middlewares/http-cache/), however the freely-available [Souin plugin](https://github.com/darkweak/souin#tr%C3%A6fik-container) can also do the job. (section to be completed)
### Complete example
diff --git a/doc/book/cookbook/systemd.md b/doc/book/cookbook/systemd.md
index ebff8c15..820a47bf 100644
--- a/doc/book/cookbook/systemd.md
+++ b/doc/book/cookbook/systemd.md
@@ -38,7 +38,7 @@ WantedBy=multi-user.target
id is dynamically allocated by systemd (set with `DynamicUser=true`). It cannot
access (read or write) home folders (`/home`, `/root` and `/run/user`), the
rest of the filesystem can only be read but not written, only the path seen as
-`/var/lib/garage` is writable as seen by the service. Additionnaly, the process
+`/var/lib/garage` is writable as seen by the service. Additionally, the process
can not gain new privileges over time.
For this to work correctly, your `garage.toml` must be set with
diff --git a/doc/book/design/_index.md b/doc/book/design/_index.md
index 5881ab8f..e7098dc8 100644
--- a/doc/book/design/_index.md
+++ b/doc/book/design/_index.md
@@ -10,7 +10,7 @@ perspective. It will allow you to understand if Garage is a good fit for
you, how to better use it, how to contribute to it, what can Garage could
and could not do, etc.
-- **[Goals and use cases](@/documentation/design/goals.md):** This page explains why Garage was concieved and what practical use cases it targets.
+- **[Goals and use cases](@/documentation/design/goals.md):** This page explains why Garage was conceived and what practical use cases it targets.
- **[Related work](@/documentation/design/related-work.md):** This pages presents the theoretical background on which Garage is built, and describes other software storage solutions and why they didn't work for us.
@@ -31,5 +31,3 @@ We love to talk and hear about Garage, that's why we keep a log here:
- [(en, 2021-04-28) Distributed object storage is centralised](https://git.deuxfleurs.fr/Deuxfleurs/garage/src/commit/b1f60579a13d3c5eba7f74b1775c84639ea9b51a/doc/talks/2021-04-28_spirals-team/talk.pdf)
- [(fr, 2020-12-02) Garage : jouer dans la cour des grands quand on est un hébergeur associatif](https://git.deuxfleurs.fr/Deuxfleurs/garage/src/commit/b1f60579a13d3c5eba7f74b1775c84639ea9b51a/doc/talks/2020-12-02_wide-team/talk.pdf)
-
-
diff --git a/doc/book/design/benchmarks/index.md b/doc/book/design/benchmarks/index.md
index 79cc5d62..2df916e0 100644
--- a/doc/book/design/benchmarks/index.md
+++ b/doc/book/design/benchmarks/index.md
@@ -15,14 +15,14 @@ The more a user request will require intra-cluster requests to complete, the mor
This is especially true for sequential requests: requests that must wait the result of another request to be sent.
We designed Garage without consensus algorithms (eg. Paxos or Raft) to minimize the number of sequential and parallel requests.
-This serie of benchmarks quantifies the impact of this design choice.
+This series of benchmarks quantifies the impact of this design choice.
### On a simple simulated network
We start with a controlled environment, all the instances are running on the same (powerful enough) machine.
-To control the network latency, we simulate the network with [mknet](https://git.deuxfleurs.fr/trinity-1686a/mknet) (a tool we developped, based on `tc` and the linux network stack).
-To mesure S3 endpoints latency, we use our own tool [s3lat](https://git.deuxfleurs.fr/quentin/s3lat/) to observe only the intra-cluster latency and not some contention on the nodes (CPU, RAM, disk I/O, network bandwidth, etc.).
+To control the network latency, we simulate the network with [mknet](https://git.deuxfleurs.fr/trinity-1686a/mknet) (a tool we developed, based on `tc` and the linux network stack).
+To measure S3 endpoints latency, we use our own tool [s3lat](https://git.deuxfleurs.fr/quentin/s3lat/) to observe only the intra-cluster latency and not some contention on the nodes (CPU, RAM, disk I/O, network bandwidth, etc.).
Compared to other benchmark tools, S3Lat sends only one (small) request at the same time and measures its latency.
We selected 5 standard endpoints that are often in the critical path: ListBuckets, ListObjects, GetObject, PutObject and RemoveObject.
@@ -32,7 +32,7 @@ In this first benchmark, we consider 5 instances that are located in a different
Compared to garage, minio latency drastically increases on 3 endpoints: GetObject, PutObject, RemoveObject.
-We suppose that these requests on minio make transactions over Raft, involving 4 sequential requests: 1) sending the message to the leader, 2) having the leader dispatch it to the other nodes, 3) waiting for the confirmation of followers and finally 4) commiting it. With our current configuration, one Raft transaction will take around 400 ms. GetObject seems to correlate to 1 transaction while PutObject and RemoveObject seems to correlate to 2 or 3. Reviewing minio code would be required to confirm this hypothesis.
+We suppose that these requests on minio make transactions over Raft, involving 4 sequential requests: 1) sending the message to the leader, 2) having the leader dispatch it to the other nodes, 3) waiting for the confirmation of followers and finally 4) committing it. With our current configuration, one Raft transaction will take around 400 ms. GetObject seems to correlate to 1 transaction while PutObject and RemoveObject seems to correlate to 2 or 3. Reviewing minio code would be required to confirm this hypothesis.
Conversely, garage uses an architecture similar to DynamoDB and never require global cluster coordination to answer a request.
Instead, garage can always contact the right node in charge of the requested data, and can answer in as low as one request in the case of GetObject and PutObject. We also observed that Garage latency, while often lower to minio, is more dispersed: garage is still in beta and has not received any performance optimization yet.
@@ -50,7 +50,7 @@ We plot a similar graph as before:
This new graph is very similar to the one before, neither minio or garage seems to benefit from this new topology, but they also do not suffer from it.
-Considering garage, this is expected: nodes in the same DC are put in the same zone, and then data are spread on different zones for data resiliency and availaibility.
+Considering garage, this is expected: nodes in the same DC are put in the same zone, and then data are spread on different zones for data resiliency and availability.
Then, in the default mode, requesting data requires to query at least 2 zones to be sure that we have the most up to date information.
These requests will involve at least one inter-DC communication.
In other words, we prioritize data availability and synchronization over raw performances.
diff --git a/doc/book/design/goals.md b/doc/book/design/goals.md
index efa3cd33..3fe80e8f 100644
--- a/doc/book/design/goals.md
+++ b/doc/book/design/goals.md
@@ -59,11 +59,13 @@ Garage themselves for the following tasks:
- Hosting of their homepage, [privacyguides.org](https://www.privacyguides.org/), and various other static sites
-- As a Mastodon object storage backend for [mstdn.party](https://mstdn.party/) and [mstdn.plus](https://mstdn.plus/)
+- As a PowerDNS authoritative zone backend through [Lightning Stream](https://doc.powerdns.com/lightningstream/latest/index.html) and [LMDB](https://doc.powerdns.com/authoritative/backends/lmdb.html)
+
+- As a Mastodon media storage backend for [mstdn.party](https://mstdn.party/) and [mstdn.plus](https://mstdn.plus/)
- As a PeerTube storage backend for [neat.tube](https://neat.tube/)
- As a [Matrix media backend](https://github.com/matrix-org/synapse-s3-storage-provider)
Triplebit's Garage cluster is a multi-site cluster currently composed of
-10 nodes in 3 physical locations.
+15 storage nodes in 3 physical locations.
diff --git a/doc/book/design/internals.md b/doc/book/design/internals.md
index 8e3c214e..81a11854 100644
--- a/doc/book/design/internals.md
+++ b/doc/book/design/internals.md
@@ -94,7 +94,7 @@ delete a tombstone, the following condition has to be met:
- All nodes responsible for storing this entry are aware of the existence of
the tombstone, i.e. they cannot hold another version of the entry that is
- superseeded by the tombstone. This ensures that deleting the tombstone is
+ superseded by the tombstone. This ensures that deleting the tombstone is
safe and that no deleted value will come back in the system.
Garage uses atomic database operations (such as compare-and-swap and
@@ -141,4 +141,3 @@ rebalance of data, this would have led to the disk utilization to explode
during the rebalancing, only to shrink again after 24 hours. The 10-minute
delay is a compromise that gives good security while not having this problem of
disk space explosion on rebalance.
-
diff --git a/doc/book/design/related-work.md b/doc/book/design/related-work.md
index 84e66c4e..a8461803 100644
--- a/doc/book/design/related-work.md
+++ b/doc/book/design/related-work.md
@@ -37,7 +37,7 @@ However, Amazon S3 source code is not open but alternatives were proposed.
We identified Minio, Pithos, Swift and Ceph.
Minio/Ceph enforces a total order, so properties similar to a (relaxed) filesystem.
Swift and Pithos are probably the most similar to AWS S3 with their consistent hashing ring.
-However Pithos is not maintained anymore. More precisely the company that published Pithos version 1 has developped a second version 2 but has not open sourced it.
+However Pithos is not maintained anymore. More precisely the company that published Pithos version 1 has developed a second version 2 but has not open sourced it.
Some tests conducted by the [ACIDES project](https://acides.org/) have shown that Openstack Swift consumes way more resources (CPU+RAM) that we can afford. Furthermore, people developing Swift have not designed their software for geo-distribution.
There were many attempts in research too. I am only thinking to [LBFS](https://pdos.csail.mit.edu/papers/lbfs:sosp01/lbfs.pdf) that was used as a basis for Seafile. But none of them have been effectively implemented yet.
@@ -63,7 +63,7 @@ Due to its industry oriented design, Ceph is also far from being *Simple* to ope
In a certain way, Ceph and MinIO are closer together than they are from Garage or OpenStack Swift.
**[Pithos](https://github.com/exoscale/pithos):**
-Pithos has been abandonned and should probably not used yet, in the following we explain why we did not pick their design.
+Pithos has been abandoned and should probably not used yet, in the following we explain why we did not pick their design.
Pithos was relying as a S3 proxy in front of Cassandra (and was working with Scylla DB too).
From its designers' mouth, storing data in Cassandra has shown its limitations justifying the project abandonment.
They built a closed-source version 2 that does not store blobs in the database (only metadata) but did not communicate further on it.
diff --git a/doc/book/development/release-process.md b/doc/book/development/release-process.md
index 0c6701c0..476404f3 100644
--- a/doc/book/development/release-process.md
+++ b/doc/book/development/release-process.md
@@ -23,7 +23,7 @@ This logic is defined in `nix/build_index.nix`.
For each commit, we first pass the code to a formatter (rustfmt) and a linter (clippy).
Then we try to build it in debug mode and run both unit tests and our integration tests.
-Additionnaly, when releasing, our integration tests are run on the release build for amd64 and i686.
+Additionally, when releasing, our integration tests are run on the release build for amd64 and i686.
## Generated Artifacts
@@ -32,7 +32,7 @@ We generate the following binary artifacts for now:
- **os**: linux
- **format**: static binary, docker container
-Additionnaly we also build two web pages and one JSON document:
+Additionally we also build two web pages and one JSON document:
- the documentation (this website)
- [the release page](https://garagehq.deuxfleurs.fr/_releases.html)
- [the release list in JSON format](https://garagehq.deuxfleurs.fr/_releases.json)
@@ -67,7 +67,7 @@ nix copy --to 's3://nix?endpoint=garage.deuxfleurs.fr®ion=garage&secret-key=/
The previous command will only send the built package and not its dependencies.
In the case of our CI pipeline, we want to cache all intermediate build steps
as well. This can be done using this quite involved command (here as an example
-for the `pkgs.amd64.relase` package):
+for the `pkgs.amd64.release` package):
```bash
nix copy -j8 \
@@ -174,5 +174,3 @@ drone sign --save Deuxfleurs/garage
```
Looking at the file, you will see that most of the commands are `nix-shell` and `nix-build` commands with various parameters.
-
-
diff --git a/doc/book/operations/durability-repairs.md b/doc/book/operations/durability-repairs.md
index fdf163e2..8a307c84 100644
--- a/doc/book/operations/durability-repairs.md
+++ b/doc/book/operations/durability-repairs.md
@@ -42,7 +42,7 @@ You may pause an ongoing scrub using `garage repair scrub pause`, but note that
the scrub will resume automatically 24 hours later as Garage will not let your
cluster run without a regular scrub. If the scrub procedure is too intensive
for your servers and is slowing down your workload, the recommended solution
-is to increase the "scrub tranquility" using `garage repair scrub set-tranquility`.
+is to increase the "scrub tranquility" using `garage worker set scrub-tranquility`.
A higher tranquility value will make Garage take longer pauses between two block
verifications. Of course, scrubbing the entire data store will also take longer.
diff --git a/doc/book/operations/layout.md b/doc/book/operations/layout.md
index 667e89d2..a0b2f31d 100644
--- a/doc/book/operations/layout.md
+++ b/doc/book/operations/layout.md
@@ -242,7 +242,7 @@ dc3 Tags Partitions Capacity Usable capacity
TOTAL 256 (256 unique) 2.0 GB 1000.0 MB (50.0%)
```
-As we can see, the node that was moved to `dc3` (node4) is only used at 25% (approximatively),
+As we can see, the node that was moved to `dc3` (node4) is only used at 25% (approximately),
whereas the node that was already in `dc3` (node3) is used at 75%.
This can be explained by the following:
@@ -260,7 +260,7 @@ This can be explained by the following:
data can be removed to be moved to node1.
- Garage will move data in equal proportions from all possible sources, in this
- case it means that it will tranfer 25% of the entire data set from node3 to
+ case it means that it will transfer 25% of the entire data set from node3 to
node1 and another 25% from node4 to node1.
This explains why node3 ends with 75% utilization (100% from before minus 25%
diff --git a/doc/book/operations/multi-hdd.md b/doc/book/operations/multi-hdd.md
index 1cbcd805..c21b73d7 100644
--- a/doc/book/operations/multi-hdd.md
+++ b/doc/book/operations/multi-hdd.md
@@ -40,7 +40,7 @@ First of all, Garage divides the set of all possible block hashes
in a fixed number of slices (currently 1024), and assigns
to each slice a primary storage location among the specified data directories.
The number of slices having their primary location in each data directory
-is proportionnal to the capacity specified in the config file.
+is proportional to the capacity specified in the config file.
When Garage receives a block to write, it will always write it in the primary
directory of the slice that contains its hash.
diff --git a/doc/book/operations/recovering.md b/doc/book/operations/recovering.md
index 05322b67..fb20656d 100644
--- a/doc/book/operations/recovering.md
+++ b/doc/book/operations/recovering.md
@@ -161,4 +161,7 @@ your recovery options are as follows:
- **Option 3: restoring a filesystem-level snapshot.** If you are using ZFS or
BTRFS to snapshot your metadata partition, refer to their specific
- documentation on rolling back or copying files from an old snapshot.
+ documentation on rolling back or copying files from an old snapshot.
+ Note that, depending on the properties of the filesystem and of the DB engine,
+ if these snapshots were taken during a write operation to the database, they may
+ also be corrupted and thus unfit for recovery.
diff --git a/doc/book/operations/upgrading.md b/doc/book/operations/upgrading.md
index a3d2bcf5..26007dbe 100644
--- a/doc/book/operations/upgrading.md
+++ b/doc/book/operations/upgrading.md
@@ -56,7 +56,7 @@ From a high level perspective, a major upgrade looks like this:
10. Enable API access (reverse step 1)
11. Monitor your cluster while load comes back, check that all your applications are happy with this new version
-### Major upgarades with minimal downtime
+### Major upgrades with minimal downtime
There is only one operation that has to be coordinated cluster-wide: the switch of one version of the internal RPC protocol to the next.
This means that an upgrade with very limited downtime can simply be performed from one major version to the next by restarting all nodes
diff --git a/doc/book/quick-start/_index.md b/doc/book/quick-start/_index.md
index 633b785a..d0ebf778 100644
--- a/doc/book/quick-start/_index.md
+++ b/doc/book/quick-start/_index.md
@@ -132,7 +132,7 @@ docker run \
-v /path/to/garage.toml:/etc/garage.toml \
-v /path/to/garage/meta:/var/lib/garage/meta \
-v /path/to/garage/data:/var/lib/garage/data \
- dxflrs/garage:v1.3.0
+ dxflrs/garage:v2.2.0
```
Under Linux, you can substitute `--network host` for `-p 3900:3900 -p 3901:3901 -p 3902:3902 -p 3903:3903`
diff --git a/doc/book/reference-manual/admin-api.md b/doc/book/reference-manual/admin-api.md
index fcf49e8c..e96fcaff 100644
--- a/doc/book/reference-manual/admin-api.md
+++ b/doc/book/reference-manual/admin-api.md
@@ -6,41 +6,167 @@ weight = 40
The Garage administration API is accessible through a dedicated server whose
listen address is specified in the `[admin]` section of the configuration
file (see [configuration file
-reference](@/documentation/reference-manual/configuration.md))
+reference](@/documentation/reference-manual/configuration.md)).
-**WARNING.** At this point, there is no commitment to the stability of the APIs described in this document.
-We will bump the version numbers prefixed to each API endpoint each time the syntax
-or semantics change, meaning that code that relies on these endpoint will break
-when changes are introduced.
-
-Versions:
- - Before Garage 0.7.2 - no admin API
- - Garage 0.7.2 - admin APIv0
- - Garage 0.9.0 - admin APIv1, deprecate admin APIv0
+The current version of the admin API is v2. No breaking changes to the Garage
+administration API will be published outside of a major release.
+History of previous versions:
+ - Before Garage v0.7.2 - no admin API
+ - Garage v0.7.2 - admin API v0
+ - Garage v0.9.0 - admin API v1, deprecate admin API v0
+ - Garage v2.0.0 - admin API v2, deprecate admin API v1
## Access control
-The admin API uses two different tokens for access control, that are specified in the config file's `[admin]` section:
+### Using an API token
-- `metrics_token`: the token for accessing the Metrics endpoint (if this token
- is not set in the config file, the Metrics endpoint can be accessed without
- access control);
-
-- `admin_token`: the token for accessing all of the other administration
- endpoints (if this token is not set in the config file, access to these
- endpoints is disabled entirely).
-
-These tokens are used as simple HTTP bearer tokens. In other words, to
-authenticate access to an admin API endpoint, add the following HTTP header
-to your request:
+Administration API tokens tokens are used as simple HTTP bearer tokens. In
+other words, to authenticate access to an admin API endpoint, add the following
+HTTP header to your request:
```
Authorization: Bearer
```
-## Administration API endpoints
+### User-defined API tokens
+
+Cluster administrators may dynamically define administration tokens using the CLI commands under `garage admin-token`.
+Such tokens may be limited in scope, meaning that they may enable access to only a subset of API calls.
+They may also have an expiration date to limit their use in time.
+
+Here is an example to create an administration token that is valid for 30 days
+and gives access to only a subset of API calls, allowing it to create buckets
+and access keys and give keys permissions on buckets:
+
+```bash
+$ garage admin-token create --expires-in 30d \
+ --scope ListBuckets,GetBucketInfo,ListKeys,GetKeyInfo,CreateBucket,CreateKey,AllowBucketKey,DenyBucketKey \
+ my-token
+This is your secret bearer token, it will not be shown again by Garage:
+
+ 8ed1830b10a276ff57061950.kOSIpxWK9zSGbTO9Xadpv3YndSFWma0_snXcYHaORXk
+
+==== ADMINISTRATION TOKEN INFORMATION ====
+Token ID: 8ed1830b10a276ff57061950
+Token name: my-token
+Created: 2025-06-15 15:12:44.160 +02:00
+Validity: valid
+Expiration: 2025-07-15 15:12:44.117 +02:00
+
+Scope: ListBuckets
+ GetBucketInfo
+ ListKeys
+ GetKeyInfo
+ CreateBucket
+ CreateKey
+ AllowBucketKey
+ DenyBucketKey
+```
+
+When running this command, your token will be shown only once and **will never
+be shown again by Garage**, so make sure to save it directly. The token is
+hashed internally, and is identified by its prefix (32 hex digits followed by a
+dot) which is saved in clear.
+
+When running `garage admin-token list`, you might see something like this:
+
+```
+ID Created Name Expiration Scope
+- - metrics_token (from daemon configuration) never Metrics
+8ed1830b10a276ff57061950 2025-06-15 my-token 2025-07-15 15:12:44.117 +02:00 ListBuckets, ... (8)
+```
+
+### Master API tokens
+
+The admin API can also use two different master tokens for access control,
+specified in the config file's `[admin]` section:
+
+- `metrics_token`: the token for accessing the Metrics endpoint. If this token
+ is not set in the config file, the Metrics endpoint can be accessed without
+ access control.
+
+- `admin_token`: the token for accessing all of the other administration
+ endpoints. If this token is not set in the config file, access to these
+ endpoints is only possible with a user-defined admin token.
+
+With the introduction of multiple user-defined admin tokens, the use of master
+API tokens is now discouraged.
+
+
+## Using the admin API
+
+All of the admin API endpoints are described in the OpenAPI specification:
+
+ - APIv2 - [HTML spec](https://garagehq.deuxfleurs.fr/api/garage-admin-v2.html) - [OpenAPI JSON](https://garagehq.deuxfleurs.fr/api/garage-admin-v2.json)
+ - APIv1 (deprecated) - [HTML spec](https://garagehq.deuxfleurs.fr/api/garage-admin-v1.html) - [OpenAPI YAML](https://garagehq.deuxfleurs.fr/api/garage-admin-v1.yml)
+ - APIv0 (deprecated) - [HTML spec](https://garagehq.deuxfleurs.fr/api/garage-admin-v0.html) - [OpenAPI YAML](https://garagehq.deuxfleurs.fr/api/garage-admin-v0.yml)
+
+Making a request to the API from the command line can be as simple as running:
+
+```bash
+curl -H 'Authorization: Bearer s3cr3t' http://localhost:3903/v2/GetClusterStatus | jq
+```
+
+For more advanced use cases, we recommend using an SDK.
+[Go to the "Build your own app" section to know how to use our SDKs](@/documentation/build/_index.md)
+
+### Making API calls from the `garage` CLI
+
+Since v2.0.0, the `garage` binary provides a subcommand `garage json-api` that
+allows you to invoke the API without making an HTTP request. This can be
+useful for scripting Garage deployments.
+
+`garage json-api` proxies API calls through Garage's internal RPC protocol,
+therefore it does not require any form of authentication: RPC connection
+parameters are discovered automatically to contact the locally-running Garage
+instance (as when running any other `garage` CLI command).
+
+For simple calls that take no parameters, usage is as follows:
+
+```
+$ garage json-api GetClusterHealth
+{
+ "connectedNodes": 3,
+ "knownNodes": 3,
+ "partitions": 256,
+ "partitionsAllOk": 256,
+ "partitionsQuorum": 256,
+ "status": "healthy",
+ "storageNodes": 3,
+ "storageNodesOk": 3
+}
+```
+
+If you need to specify a JSON body for your call, you can add it directly after
+the name of the function you are calling:
+
+```
+$ garage json-api CreateAdminToken '{"name": "test"}'
+```
+
+Or you can feed it through stdin by adding a `-` as the last command parameter:
+
+```
+$ garage json-api CreateAdminToken -
+{"name": "test"}
+
+```
+
+For admin API calls that would have taken query parameters in their HTTP version, these parameters can be passed in the JSON body object:
+
+```
+$ garage json-api GetAdminTokenInfo '{"id":"b0e6e0ace2c0b2aca4cdb2de"}'
+```
+
+For admin API calls that take both query parameters and a JSON body, combine them in the following fashion:
+
+```
+$ garage json-api UpdateAdminToken '{"id":"b0e6e0ace2c0b2aca4cdb2de", "body":{"name":"not a test"}}'
+```
+
+## Special administration API endpoints
### Metrics `GET /metrics`
@@ -83,7 +209,7 @@ content-length: 102
date: Tue, 08 Aug 2023 07:22:38 GMT
Garage is fully operational
-Consult the full health check API endpoint at /v0/health for more details
+Consult the full health check API endpoint at /v2/GetClusterHealth for more details
```
### On-demand TLS `GET /check`
@@ -126,23 +252,7 @@ $ curl -so /dev/null -w "%{http_code}" http://localhost:3903/check?domain=exampl
200
```
-
**References:**
- [Using On-Demand TLS](https://caddyserver.com/docs/automatic-https#using-on-demand-tls)
- [Add option for a backend check to approve use of on-demand TLS](https://github.com/caddyserver/caddy/pull/1939)
- [Serving tens of thousands of domains over HTTPS with Caddy](https://caddy.community/t/serving-tens-of-thousands-of-domains-over-https-with-caddy/11179)
-
-### Cluster operations
-
-These endpoints have a dedicated OpenAPI spec.
- - APIv1 - [HTML spec](https://garagehq.deuxfleurs.fr/api/garage-admin-v1.html) - [OpenAPI YAML](https://garagehq.deuxfleurs.fr/api/garage-admin-v1.yml)
- - APIv0 (deprecated) - [HTML spec](https://garagehq.deuxfleurs.fr/api/garage-admin-v0.html) - [OpenAPI YAML](https://garagehq.deuxfleurs.fr/api/garage-admin-v0.yml)
-
-Requesting the API from the command line can be as simple as running:
-
-```bash
-curl -H 'Authorization: Bearer s3cr3t' http://localhost:3903/v0/status | jq
-```
-
-For more advanced use cases, we recommend using a SDK.
-[Go to the "Build your own app" section to know how to use our SDKs](@/documentation/build/_index.md)
diff --git a/doc/book/reference-manual/configuration.md b/doc/book/reference-manual/configuration.md
index 1f583fe6..adc3286b 100644
--- a/doc/book/reference-manual/configuration.md
+++ b/doc/book/reference-manual/configuration.md
@@ -51,17 +51,20 @@ allow_punycode = false
[consul_discovery]
api = "catalog"
-consul_http_addr = "http://127.0.0.1:8500"
+consul_http_addr = "https://127.0.0.1:8500"
+tls_skip_verify = false
service_name = "garage-daemon"
+
ca_cert = "/etc/consul/consul-ca.crt"
client_cert = "/etc/consul/consul-client.crt"
client_key = "/etc/consul/consul-key.crt"
+
# for `agent` API mode, unset client_cert and client_key, and optionally enable `token`
# token = "abcdef-01234-56789"
-tls_skip_verify = false
+
tags = [ "dns-enabled" ]
meta = { dns-acl = "allow trusted" }
-
+datacenters = ["dc1", "dc2", "dc3"]
[kubernetes_discovery]
namespace = "garage"
@@ -82,6 +85,7 @@ add_host_to_metrics = true
[admin]
api_bind_addr = "0.0.0.0:3903"
metrics_token = "BCAdFjoa9G0KJR0WXnHHm7fs1ZAbfpI8iIZ+Z/a2NgI="
+metrics_require_token = true
admin_token = "UkLeGWEvHnXBqnueR3ISEMWpOnm40jH2tM2HnnL/0F4="
trace_sink = "http://localhost:4317"
```
@@ -97,9 +101,9 @@ The following gives details about each available configuration option.
Top-level configuration options, in alphabetical order:
[`allow_punycode`](#allow_punycode),
[`allow_world_readable_secrets`](#allow_world_readable_secrets),
-[`block_max_concurrent_reads`](`block_max_concurrent_reads),
-[`block_ram_buffer_max`](#block_ram_buffer_max),
+[`block_max_concurrent_reads`](#block_max_concurrent_reads),
[`block_max_concurrent_writes_per_request`](#block_max_concurrent_writes_per_request),
+[`block_ram_buffer_max`](#block_ram_buffer_max),
[`block_size`](#block_size),
[`bootstrap_peers`](#bootstrap_peers),
[`compression_level`](#compression_level),
@@ -127,12 +131,14 @@ The `[consul_discovery]` section:
[`client_cert`](#consul_client_cert_and_key),
[`client_key`](#consul_client_cert_and_key),
[`consul_http_addr`](#consul_http_addr),
+[`datacenters`](#consul_datacenters)
[`meta`](#consul_tags_and_meta),
[`service_name`](#consul_service_name),
[`tags`](#consul_tags_and_meta),
[`tls_skip_verify`](#consul_tls_skip_verify),
[`token`](#consul_token).
+
The `[kubernetes_discovery]` section:
[`namespace`](#kube_namespace),
[`service_name`](#kube_service_name),
@@ -150,6 +156,7 @@ The `[s3_web]` section:
The `[admin]` section:
[`api_bind_addr`](#admin_api_bind_addr),
+[`metrics_require_token`](#admin_metrics_require_token),
[`metrics_token`/`metrics_token_file`](#admin_metrics_token),
[`admin_token`/`admin_token_file`](#admin_token),
[`trace_sink`](#admin_trace_sink),
@@ -336,7 +343,7 @@ Since `v0.8.0`, Garage can use alternative storage backends as follows:
| --------- | ----------------- | ------------- |
| [LMDB](https://www.symas.com/lmdb) (since `v0.8.0`, default since `v0.9.0`) | `"lmdb"` | `/db.lmdb/` |
| [Sqlite](https://sqlite.org) (since `v0.8.0`) | `"sqlite"` | `/db.sqlite` |
-| [Fjall](https://github.com/fjall-rs/fjall) (**experimental support** since `v1.3.0`) | `"fjall"` | `/db.fjall/` |
+| [Fjall](https://github.com/fjall-rs/fjall) (**experimental support** since `v1.3.0`/`v2.1.0`) | `"fjall"` | `/db.fjall/` |
| [Sled](https://sled.rs) (old default, removed since `v1.0`) | `"sled"` | `/db/` |
Sled was supported until Garage v0.9.x, and was removed in Garage v1.0.
@@ -345,8 +352,16 @@ old Sled metadata databases to another engine.
Performance characteristics of the different DB engines are as follows:
-- LMDB: the recommended database engine for high-performance distributed clusters.
-LMDB works very well, but is known to have the following limitations:
+- **LMDB:** the recommended database engine for high-performance distributed clusters
+ with `replication_factor` ≥ 2.
+ LMDB works well, but is known to have the following limitations:
+
+ - LMDB is prone to database corruption after an unclean shutdown (e.g. a process kill
+ or a power outage). It is recommended to configure
+ [`metadata_auto_snapshot_interval`](#metadata_auto_snapshot_interval) to be
+ able to easily recover from this situation. With `replication_factor` ≥ 2,
+ metadata can also be reconstructed from remote nodes upon corruption
+ (see [Recovering from failures](@/documentation/operations/recovering.md#corrupted_meta)).
- The data format of LMDB is not portable between architectures, so for
instance the Garage database of an x86-64 node cannot be moved to an ARM64
@@ -356,30 +371,21 @@ LMDB works very well, but is known to have the following limitations:
node to very small database sizes due to how LMDB works; it is therefore
not recommended.
- - Several users have reported corrupted LMDB database files after an unclean
- shutdown (e.g. a power outage). This situation can generally be recovered
- from if your cluster is geo-replicated (by rebuilding your metadata db from
- other nodes), or if you have saved regular snapshots at the filesystem
- level.
-
- Keys in LMDB are limited to 511 bytes. This limit translates to limits on
- object keys in S3 and sort keys in K2V that are limted to 479 bytes.
+ object keys in S3 and sort keys in K2V that are limited to 479 bytes.
-- Sqlite: Garage supports Sqlite as an alternative storage backend for
- metadata, which does not have the issues listed above for LMDB.
- On versions 0.8.x and earlier, Sqlite should be avoided due to abysmal
- performance, which was fixed with the addition of `metadata_fsync`.
- Sqlite is still probably slower than LMDB due to the way we use it,
- so it is not the best choice for high-performance storage clusters,
- but it should work fine in many cases.
+- **Sqlite:** Garage supports Sqlite as an alternative storage backend for
+ metadata, which does not have the issues listed above for LMDB. Sqlite is
+ slower than LMDB, so it is not the best choice for high-performance storage
+ clusters.
-- Fjall: a storage engine based on LSM trees, which theoretically allow for
+- **Fjall:** a storage engine based on LSM trees, which theoretically allow for
higher write throughput than other storage engines that are based on B-trees.
Using Fjall could potentially improve Garage's performance significantly in
write-heavy workloads. **Support for Fjall is experimental at this point**,
- we have added it to Garage for evaluation purposes only. **Do not use it for
- production-critical workloads.**
-
+ we have added it to Garage for evaluation purposes only. **Use it only with
+ test data, and report any issues to our bug tracker. Do not use it for
+ production workloads.**
It is possible to convert Garage's metadata directory from one format to another
using the `garage convert-db` command, which should be used as follows:
@@ -390,7 +396,7 @@ garage convert-db -a -i \
```
Make sure to specify the full database path as presented in the table above
-(third colummn), and not just the path to the metadata directory.
+(third column), and not just the path to the metadata directory.
#### `metadata_fsync` {#metadata_fsync}
@@ -432,13 +438,14 @@ This might reduce the risk that a data block is lost in rare
situations such as simultaneous node losing power,
at the cost of a moderate drop in write performance.
-Similarly to `metatada_fsync`, this is likely not necessary
+Similarly to `metadata_fsync`, this is likely not necessary
if geographical replication is used.
#### `metadata_auto_snapshot_interval` (since `v0.9.4`) {#metadata_auto_snapshot_interval}
If this value is set, Garage will automatically take a snapshot of the metadata
-DB file at a regular interval and save it in the metadata directory.
+DB file at a regular interval and save it in the metadata directory,
+or in [`metadata_snapshots_dir`](#metadata_snapshots_dir) if it is set.
This parameter can take any duration string that can be parsed by
the [`parse_duration`](https://docs.rs/parse_duration/latest/parse_duration/#syntax) crate.
@@ -447,14 +454,19 @@ corrupted, for instance after an unclean shutdown. See [this
page](@/documentation/operations/recovering.md#corrupted_meta) for details.
Garage keeps only the two most recent snapshots of the metadata DB and deletes
older ones automatically.
+You can also create metadata snapshots manually at any point using the
+`garage meta snapshot` command.
+
+Using snapshots created by Garage is the best option to make snapshots of your
+node's metadata for potential recovery, as they are guaranteed to be clean and
+consistent, contrarily to filesystem-level snapshots that may be taken while
+some writes are in-flight and thus might be corrupted.
Note that taking a metadata snapshot is a relatively intensive operation as the
entire data file is copied. A snapshot being taken might have performance
impacts on the Garage node while it is running. If the cluster is under heavy
write load when a snapshot operation is running, this might also cause the
database file to grow in size significantly as pages cannot be recycled easily.
-For this reason, it might be better to use filesystem-level snapshots instead
-if possible.
#### `disable_scrub` {#disable_scrub}
@@ -542,19 +554,19 @@ awaits for one of the `block_max_concurrent_reads` slots to be available
slot, it reads the entire block file to RAM and frees the slot as soon as the
block file is finished reading. Only after the slot is released will the
block's data start being transferred over the network. If the request fails to
-acquire a reading slot wihtin 15 seconds, it fails with a timeout error.
+acquire a reading slot within 15 seconds, it fails with a timeout error.
Timeout events can be monitored through the `block_read_semaphore_timeouts`
metric in Prometheus: a non-zero number of such events indicates an I/O
bottleneck on HDD read speed.
-#### `block_max_concurrent_writes_per_request` (since `v2.1.0`) {#block_max_concurrent_writes_per_request}
+#### `block_max_concurrent_writes_per_request` (since `v1.3.1` / `v2.2.0`) {#block_max_concurrent_writes_per_request}
This parameter is designed to adapt to the concurrent write performance of
-different storage media.Maximum number of parallel block writes per put request
-Higher values improve throughput but increase memory usage.
+different storage media. Maximum number of parallel block writes per put request.
+Higher values may improve throughput but increase memory usage.
-Default: 3, Recommended: 10-30 for NVMe, 3-10 for HDD
+Default value: 3. Recommended values: 10-30 for NVMe, 3-10 for spinning HDD.
#### `lmdb_map_size` {#lmdb_map_size}
@@ -605,11 +617,11 @@ storing the secret as the `GARAGE_RPC_SECRET_FILE` environment variable.
#### `rpc_bind_addr` {#rpc_bind_addr}
-The address and port on which to bind for inter-cluster communcations
-(reffered to as RPC for remote procedure calls).
+The address and port on which to bind for inter-cluster communications
+(referred to as RPC for remote procedure calls).
The port specified here should be the same one that other nodes will used to contact
the node, even in the case of a NAT: the NAT should be configured to forward the external
-port number to the same internal port nubmer. This means that if you have several nodes running
+port number to the same internal port number. This means that if you have several nodes running
behind a NAT, they should each use a different RPC port number.
#### `rpc_bind_outgoing` (since `v0.9.2`) {#rpc_bind_outgoing}
@@ -728,6 +740,18 @@ node_prefix "" {
}
```
+
+#### `datacenters` {#consul_datacenters}
+
+Optional list of datacenters that allow garage to do service discovery when Consul is configured in WAN federation.
+
+Example: `datacenters = ["dc1", "dc2", "dc3"]`
+
+In a WAN configuration, by default the Consul services API only responds with
+local LAN services. When a list of datacenters is specified using this option,
+Garage will query the consul server API by datacenter directly, allowing for
+Garage to discover nodes across the Consul WAN.
+
#### `tags` and `meta` {#consul_tags_and_meta}
Additional list of tags and map of service meta to add during service registration.
@@ -760,14 +784,14 @@ manually.
#### `api_bind_addr` {#s3_api_bind_addr}
The IP and port on which to bind for accepting S3 API calls.
-This endpoint does not suport TLS: a reverse proxy should be used to provide it.
+This endpoint does not support TLS: a reverse proxy should be used to provide it.
Alternatively, since `v0.8.5`, a path can be used to create a unix socket with 0222 mode.
#### `s3_region` {#s3_region}
-Garage will accept S3 API calls that are targetted to the S3 region defined here.
-API calls targetted to other regions will fail with a AuthorizationHeaderMalformed error
+Garage will accept S3 API calls that are targeted to the S3 region defined here.
+API calls targeted to other regions will fail with a AuthorizationHeaderMalformed error
message that redirects the client to the correct region.
#### `root_domain` {#s3_root_domain}
@@ -775,7 +799,7 @@ message that redirects the client to the correct region.
The optional suffix to access bucket using vhost-style in addition to path-style request.
Note path-style requests are always enabled, whether or not vhost-style is configured.
Configuring vhost-style S3 required a wildcard DNS entry, and possibly a wildcard TLS certificate,
-but might be required by softwares not supporting path-style requests.
+but might be required by software not supporting path-style requests.
If `root_domain` is `s3.garage.eu`, a bucket called `my-bucket` can be interacted with
using the hostname `my-bucket.s3.garage.eu`.
@@ -791,7 +815,7 @@ behaviour of this module.
The IP and port on which to bind for accepting HTTP requests to buckets configured
for website access.
-This endpoint does not suport TLS: a reverse proxy should be used to provide it.
+This endpoint does not support TLS: a reverse proxy should be used to provide it.
Alternatively, since `v0.8.5`, a path can be used to create a unix socket with 0222 mode.
@@ -824,10 +848,34 @@ See [administration API reference](@/documentation/reference-manual/admin-api.md
Alternatively, since `v0.8.5`, a path can be used to create a unix socket. Note that for security reasons,
the socket will have 0220 mode. Make sure to set user and group permissions accordingly.
+#### `admin_token`, `admin_token_file` or `GARAGE_ADMIN_TOKEN`, `GARAGE_ADMIN_TOKEN_FILE` (env) {#admin_token}
+
+The token for accessing all administration functions on the admin endpoint,
+with the exception of the metrics endpoint (see `metrics_token`).
+
+You can use any random string for this value. We recommend generating a random
+token with `openssl rand -base64 32`.
+
+For Garage version earlier than `v2.0`, if this token is not set,
+access to these endpoints is disabled entirely.
+
+Since Garage `v2.0`, additional admin API tokens can be defined dynamically
+in your Garage cluster using administration commands. This new admin token system
+is more flexible since it allows admin tokens to have an expiration date,
+and to have a scope restricted to certain admin API functions. If `admin_token`
+is set, it behaves as an admin token without expiration and with full scope.
+Otherwise, only admin API tokens defined dynamically can be used.
+
+`admin_token` was introduced in Garage `v0.7.2`.
+`admin_token_file` and the `GARAGE_ADMIN_TOKEN` environment variable are supported since Garage `v0.8.2`.
+
+`GARAGE_ADMIN_TOKEN_FILE` is supported since `v0.8.5` / `v0.9.1`.
+
#### `metrics_token`, `metrics_token_file` or `GARAGE_METRICS_TOKEN`, `GARAGE_METRICS_TOKEN_FILE` (env) {#admin_metrics_token}
-The token for accessing the Metrics endpoint. If this token is not set, the
-Metrics endpoint can be accessed without access control.
+The token for accessing the Prometheus metrics endpoint (`/metrics`).
+If this token is not set, and unless `metrics_require_token` is set to `true`,
+the metrics endpoint can be accessed without access control.
You can use any random string for this value. We recommend generating a random token with `openssl rand -base64 32`.
@@ -836,17 +884,12 @@ You can use any random string for this value. We recommend generating a random t
`GARAGE_METRICS_TOKEN_FILE` is supported since `v0.8.5` / `v0.9.1`.
-#### `admin_token`, `admin_token_file` or `GARAGE_ADMIN_TOKEN`, `GARAGE_ADMIN_TOKEN_FILE` (env) {#admin_token}
+#### `metrics_require_token` (since `v2.0.0`) {#admin_metrics_require_token}
-The token for accessing all of the other administration endpoints. If this
-token is not set, access to these endpoints is disabled entirely.
-
-You can use any random string for this value. We recommend generating a random token with `openssl rand -base64 32`.
-
-`admin_token` was introduced in Garage `v0.7.2`.
-`admin_token_file` and the `GARAGE_ADMIN_TOKEN` environment variable are supported since Garage `v0.8.2`.
-
-`GARAGE_ADMIN_TOKEN_FILE` is supported since `v0.8.5` / `v0.9.1`.
+If this is set to `true`, accessing the metrics endpoint will always require
+an access token. Valid tokens include the `metrics_token` if it is set,
+and admin API token defined dynamically in Garage which have
+the `Metrics` endpoint in their scope.
#### `trace_sink` {#admin_trace_sink}
diff --git a/doc/book/reference-manual/features.md b/doc/book/reference-manual/features.md
index 481aef01..aa801704 100644
--- a/doc/book/reference-manual/features.md
+++ b/doc/book/reference-manual/features.md
@@ -46,7 +46,7 @@ to select the replication mode best suited to your use case (hint: in most cases
### Compression and deduplication
-All data stored in Garage is deduplicated, and optionnally compressed using
+All data stored in Garage is deduplicated, and optionally compressed using
Zstd. Objects uploaded to Garage are chunked in blocks of constant sizes (see
[`block_size`](@/documentation/reference-manual/configuration.md#block_size)),
and the hashes of individual blocks are used to dispatch them to storage nodes
@@ -84,13 +84,13 @@ exposing the same content under different domain names.
Garage also supports bucket aliases which are local to a single user:
this allows different users to have different buckets with the same name, thus avoiding naming collisions.
-This can be helpfull for instance if you want to write an application that creates per-user buckets with always the same name.
+This can be helpful for instance if you want to write an application that creates per-user buckets with always the same name.
This feature is totally invisible to S3 clients and does not break compatibility with AWS.
### Cluster administration API
-Garage provides a fully-fledged REST API to administer your cluster programatically.
+Garage provides a fully-fledged REST API to administer your cluster programmatically.
Functionality included in the admin API include: setting up and monitoring
cluster nodes, managing access credentials, and managing storage buckets and bucket aliases.
A full reference of the administration API is available [here](@/documentation/reference-manual/admin-api.md).
@@ -100,7 +100,7 @@ A full reference of the administration API is available [here](@/documentation/r
Garage makes some internal metrics available in the Prometheus data format,
which allows you to build interactive dashboards to visualize the load and internal state of your storage cluster.
-For developpers and performance-savvy administrators,
+For developers and performance-savvy administrators,
Garage also supports exporting traces of what it does internally in OpenTelemetry format.
This allows to monitor the time spent at various steps of the processing of requests,
in order to detect potential performance bottlenecks.
@@ -129,5 +129,5 @@ related to objects stored in an S3 bucket.
In the context of our research project, [Aérogramme](https://aerogramme.deuxfleurs.fr),
K2V is used to provide metadata and log storage for operations on encrypted e-mail storage.
-Learn more on the specification of K2V [here](https://git.deuxfleurs.fr/Deuxfleurs/garage/src/branch/k2v/doc/drafts/k2v-spec.md)
+Learn more on the specification of K2V [here](https://git.deuxfleurs.fr/Deuxfleurs/garage/src/commit/f8be15c37db857e177d543de7be863692628d567/doc/drafts/k2v-spec.md)
and on how to enable it in Garage [here](@/documentation/reference-manual/k2v.md).
diff --git a/doc/book/reference-manual/k2v.md b/doc/book/reference-manual/k2v.md
index c01f641e..a0eaf064 100644
--- a/doc/book/reference-manual/k2v.md
+++ b/doc/book/reference-manual/k2v.md
@@ -16,10 +16,10 @@ the `k2v` feature flag enabled can be obtained from our download page under
with `-k2v` (example: `v0.7.2-k2v`).
The specification of the K2V API can be found
-[here](https://git.deuxfleurs.fr/Deuxfleurs/garage/src/branch/main/doc/drafts/k2v-spec.md).
+[here](https://git.deuxfleurs.fr/Deuxfleurs/garage/src/commit/f8be15c37db857e177d543de7be863692628d567/doc/drafts/k2v-spec.md).
This document also includes a high-level overview of K2V's design.
-The K2V API uses AWSv4 signatures for authentification, same as the S3 API.
+The K2V API uses AWSv4 signatures for authentication, same as the S3 API.
The AWS region used for signature calculation is always the same as the one
defined for the S3 API in the config file.
@@ -55,4 +55,3 @@ cargo build --features cli --bin k2v-cli
The CLI utility is self-documented, run `k2v-cli --help` to learn how to use
it. There is also a short README.md in the `src/k2v-client` folder with some
instructions.
-
diff --git a/doc/book/reference-manual/s3-compatibility.md b/doc/book/reference-manual/s3-compatibility.md
index b869b6f4..c44a7b1a 100644
--- a/doc/book/reference-manual/s3-compatibility.md
+++ b/doc/book/reference-manual/s3-compatibility.md
@@ -45,7 +45,7 @@ we suppose that OpenIO supports presigned URLs.
All endpoints that are missing on Garage will return a 501 Not Implemented.
Some `x-amz-` headers are not implemented.
-### Core endoints
+### Core endpoints
| Endpoint | Garage | [Openstack Swift](https://docs.openstack.org/swift/latest/s3_compat.html) | [Ceph Object Gateway](https://docs.ceph.com/en/latest/radosgw/s3/) | [Riak CS](https://docs.riak.com/riak/cs/2.1.1/references/apis/storage/s3/index.html) | [OpenIO](https://docs.openio.io/latest/source/arch-design/s3_compliancy.html) |
|------------------------------|----------------------------------|-----------------|---------------|---------|-----|
@@ -135,12 +135,12 @@ If you need this feature, please [share your use case in our dedicated issue](ht
**PutBucketLifecycleConfiguration:** The only actions supported are
`AbortIncompleteMultipartUpload` and `Expiration` (without the
`ExpiredObjectDeleteMarker` field). All other operations are dependent on
-either bucket versionning or storage classes which Garage currently does not
+either bucket versioning or storage classes which Garage currently does not
implement. The deprecated `Prefix` member directly in the the `Rule`
structure/XML tag is not supported, specified prefixes must be inside the
`Filter` structure/XML tag.
-**GetBucketVersioning:** Stub implementation which always returns "versionning not enabled", since Garage does not yet support bucket versionning.
+**GetBucketVersioning:** Stub implementation which always returns "versioning not enabled", since Garage does not yet support bucket versioning.
### Replication endpoints
@@ -155,7 +155,7 @@ Please open an issue if you have a use case for replication.
*Note: Ceph documentation briefly says that Ceph supports
[replication through the S3 API](https://docs.ceph.com/en/latest/radosgw/multisite-sync-policy/#s3-replication-api)
but with some limitations.
-Additionaly, replication endpoints are not documented in the S3 compatibility page so I don't know what kind of support we can expect.*
+Additionally, replication endpoints are not documented in the S3 compatibility page so I don't know what kind of support we can expect.*
### Locking objects
@@ -197,7 +197,7 @@ Please open an issue if you have a use case.
### Vendor specific endpoints
-Display Amazon specifc endpoints
+Display Amazon specific endpoints
| Endpoint | Garage | [Openstack Swift](https://docs.openstack.org/swift/latest/s3_compat.html) | [Ceph Object Gateway](https://docs.ceph.com/en/latest/radosgw/s3/) | [Riak CS](https://docs.riak.com/riak/cs/2.1.1/references/apis/storage/s3/index.html) | [OpenIO](https://docs.openio.io/latest/source/arch-design/s3_compliancy.html) |
@@ -234,4 +234,3 @@ Please open an issue if you have a use case.
| [SelectObjectContent](https://docs.aws.amazon.com/AmazonS3/latest/API/API_SelectObjectContent.html) | ❌ Missing | ❌| ❌| ❌| ❌|
-
diff --git a/doc/book/working-documents/compatibility-target.md b/doc/book/working-documents/compatibility-target.md
index 630d15a5..2ed9dad4 100644
--- a/doc/book/working-documents/compatibility-target.md
+++ b/doc/book/working-documents/compatibility-target.md
@@ -3,7 +3,7 @@ title = "S3 compatibility target"
weight = 5
+++
-If there is a specific S3 functionnality you have a need for, feel free to open
+If there is a specific S3 functionality you have a need for, feel free to open
a PR to put the corresponding endpoints higher in the list. Please explain
your motivations for doing so in the PR message.
diff --git a/doc/book/working-documents/design-draft.md b/doc/book/working-documents/design-draft.md
index 8d3a31f0..de31ba0f 100644
--- a/doc/book/working-documents/design-draft.md
+++ b/doc/book/working-documents/design-draft.md
@@ -68,7 +68,7 @@ Workflow for DELETE:
1. Check write permission (LDAP)
2. Get current version (or versions) in object table
3. Do the deletion of those versions NOT IN A BACKGROUND JOB THIS TIME
-4. Return succes to the user if we were able to delete blocks from the blocks table and entries from the object table
+4. Return success to the user if we were able to delete blocks from the blocks table and entries from the object table
To delete a version:
@@ -92,7 +92,7 @@ Known issue: if someone is reading from a version that we want to delete and the
- file path = /meta/(first 3 hex digits of hash)/(rest of hash)
- map block hash -> set of version UUIDs where it is referenced
-Usefull metadata:
+Useful metadata:
- list of versions that reference this block in the Casandra table, so that we can do GC by checking in Cassandra that the lines still exist
- list of other nodes that we know have acknowledged a write of this block, useful in the rebalancing algorithm
diff --git a/doc/book/working-documents/load-balancing.md b/doc/book/working-documents/load-balancing.md
index 1a65fdd2..d6cbf4cc 100644
--- a/doc/book/working-documents/load-balancing.md
+++ b/doc/book/working-documents/load-balancing.md
@@ -49,12 +49,12 @@ The ring construction that selects `n_token` random positions for each nodes giv
is not well-balanced: the space between the tokens varies a lot, and some partitions are thus bigger than others.
This problem was demonstrated in the original Dynamo DB paper.
-To solve this, we want to apply a better second method for partitionning our dataset:
+To solve this, we want to apply a better second method for partitioning our dataset:
1. fix an initially large number of partitions (say 1024) with evenly-spaced delimiters,
2. attribute each partition randomly to a node, with a probability
- proportionnal to its capacity (which `n_tokens` represented in the first
+ proportional to its capacity (which `n_tokens` represented in the first
method)
For now we continue using the multi-DC ring walking described above.
@@ -66,7 +66,7 @@ I have studied two ways to do the attribution of partitions to nodes, in a way t
MagLev provided significantly better balancing, as it guarantees that the exact
same number of partitions is attributed to all nodes that have the same
-capacity (and that this number is proportionnal to the node's capacity, except
+capacity (and that this number is proportional to the node's capacity, except
for large values), however in both cases:
- the distribution is still bad, because we use the naive multi-DC ring walking
diff --git a/doc/book/working-documents/migration-04.md b/doc/book/working-documents/migration-04.md
index 52c56737..5aae2a42 100644
--- a/doc/book/working-documents/migration-04.md
+++ b/doc/book/working-documents/migration-04.md
@@ -1,6 +1,6 @@
+++
title = "Migrating from 0.3 to 0.4"
-weight = 20
+weight = 80
+++
**Migrating from 0.3 to 0.4 is unsupported. This document is only intended to
diff --git a/doc/book/working-documents/migration-06.md b/doc/book/working-documents/migration-06.md
index 006b036b..5fa29120 100644
--- a/doc/book/working-documents/migration-06.md
+++ b/doc/book/working-documents/migration-06.md
@@ -1,6 +1,6 @@
+++
title = "Migrating from 0.5 to 0.6"
-weight = 15
+weight = 75
+++
**This guide explains how to migrate to 0.6 if you have an existing 0.5 cluster.
diff --git a/doc/book/working-documents/migration-07.md b/doc/book/working-documents/migration-07.md
index 03cdfedc..8631fa99 100644
--- a/doc/book/working-documents/migration-07.md
+++ b/doc/book/working-documents/migration-07.md
@@ -1,6 +1,6 @@
+++
title = "Migrating from 0.6 to 0.7"
-weight = 14
+weight = 74
+++
**This guide explains how to migrate to 0.7 if you have an existing 0.6 cluster.
We don't recommend trying to migrate to 0.7 directly from 0.5 or older.**
@@ -19,7 +19,7 @@ The migration steps are as follows:
2. Disable API and web access. Garage does not support disabling
these endpoints but you can change the port number or stop your reverse
proxy for instance.
-3. Check once again that your cluster is healty. Run again `garage repair --all-nodes --yes tables` which is quick.
+3. Check once again that your cluster is healthy. Run again `garage repair --all-nodes --yes tables` which is quick.
Also check your queues are empty, run `garage stats` to query them.
4. Turn off Garage v0.6
5. Backup the metadata folder of all your nodes: `cd /var/lib/garage ; tar -acf meta-v0.6.tar.zst meta/`
diff --git a/doc/book/working-documents/migration-08.md b/doc/book/working-documents/migration-08.md
index b7c4c783..17fe078b 100644
--- a/doc/book/working-documents/migration-08.md
+++ b/doc/book/working-documents/migration-08.md
@@ -1,6 +1,6 @@
+++
title = "Migrating from 0.7 to 0.8"
-weight = 13
+weight = 73
+++
**This guide explains how to migrate to 0.8 if you have an existing 0.7 cluster.
diff --git a/doc/book/working-documents/migration-09.md b/doc/book/working-documents/migration-09.md
index ba758093..cf5f309c 100644
--- a/doc/book/working-documents/migration-09.md
+++ b/doc/book/working-documents/migration-09.md
@@ -1,6 +1,6 @@
+++
title = "Migrating from 0.8 to 0.9"
-weight = 12
+weight = 72
+++
**This guide explains how to migrate to 0.9 if you have an existing 0.8 cluster.
diff --git a/doc/book/working-documents/migration-1.md b/doc/book/working-documents/migration-1.md
index b6c0bb85..9a04d101 100644
--- a/doc/book/working-documents/migration-1.md
+++ b/doc/book/working-documents/migration-1.md
@@ -1,6 +1,6 @@
+++
title = "Migrating from 0.9 to 1.0"
-weight = 11
+weight = 71
+++
**This guide explains how to migrate to 1.0 if you have an existing 0.9 cluster.
diff --git a/doc/book/working-documents/migration-2.md b/doc/book/working-documents/migration-2.md
new file mode 100644
index 00000000..01d984b3
--- /dev/null
+++ b/doc/book/working-documents/migration-2.md
@@ -0,0 +1,70 @@
++++
+title = "Migrating from 1.0 to 2.0"
+weight = 70
++++
+
+**This guide explains how to migrate to v2.x if you have an existing v1.x.x cluster.
+We don't recommend trying to migrate to v2.x directly from v0.9.x or older.**
+
+This migration procedure has been tested on several clusters without issues.
+However, it is still a *critical procedure* that might cause issues.
+**Make sure to back up all your data before attempting it!**
+
+You might also want to read our [general documentation on upgrading Garage](@/documentation/operations/upgrading.md).
+
+## Changes introduced in v2.0
+
+The following are **breaking changes** in Garage v2.0 that require your attention when migrating:
+
+- The administration API has been completely reworked.
+ Some calls to the `/v1/` endpoints will still work but most will not.
+ New endpoints are prefixed by `/v2/`. **You will need to update all your code that makes use of the admin API.**
+
+- `replication_mode` is no longer a supported configuration parameter,
+ please use `replication_factor` and `consistency_mode` instead.
+
+## Migration procedure
+
+The migration to Garage v2.0 can be done with almost no downtime,
+by restarting all nodes at once in the new version.
+
+The migration steps are as follows:
+
+1. Do a `garage repair --all-nodes --yes tables`, check the logs and check that
+ all data seems to be synced correctly between nodes. If you have time, do
+ additional `garage repair` procedures (`blocks`, `versions`, `block_refs`,
+ etc.)
+
+2. Ensure you have a snapshot of your Garage installation that you can restore
+ to in case the upgrade goes wrong, with one of the following options:
+
+ - You may use the `garage meta snapshot --all` command
+ to make a backup snapshot of the metadata directories of your nodes
+ for backup purposes. Once this command has completed, copy the following
+ files and directories from the `metadata_dir` of all your nodes
+ to somewhere safe: `snapshots`, `cluster_layout`, `data_layout`,
+ `node_key`, `node_key.pub`. (If you have set the `metadata_snapshots_dir`
+ to a different value in your config file, back up that directory instead.)
+
+ - If you are running a filesystem such as ZFS or BTRFS that support
+ snapshotting, you can create a filesystem-level snapshot of the `metadata_dir`
+ of all your nodes to be used as a restoration point if needed.
+
+ - You may also make a back-up manually: turn off each node
+ individually; back up its metadata folder (for instance, use the following
+ command if your metadata directory is `/var/lib/garage/meta`: `cd
+ /var/lib/garage ; tar -acf meta-v1.0.tar.zst meta/`); turn it back on
+ again. This will allow you to take a backup of all nodes without
+ impacting global cluster availability. You can do all nodes of a single
+ zone at once as this does not impact the availability of Garage.
+
+3. Prepare your updated binaries and configuration files for Garage v2.0.
+ **Remember to update your configuration file to remove `replication_mode` and replace it by `replication_factor`.**
+
+4. Shut down all v1.0 nodes simultaneously, and restart them all simultaneously
+ in v2.0. Use your favorite deployment tool (Ansible, Kubernetes, Nomad) to
+ achieve this as fast as possible. Garage v2.0 should be in a working state
+ as soon as enough nodes have started.
+
+5. Monitor your cluster in the following hours to see if it works well under
+ your production load.
diff --git a/doc/book/working-documents/testing-strategy.md b/doc/book/working-documents/testing-strategy.md
index fff706d7..46550b81 100644
--- a/doc/book/working-documents/testing-strategy.md
+++ b/doc/book/working-documents/testing-strategy.md
@@ -1,6 +1,6 @@
+++
title = "Testing strategy"
-weight = 30
+weight = 100
+++
@@ -28,11 +28,11 @@ We should try to test in least invasive ways, i.e. minimize the impact of the te
- Not making `garage` a shared library (launch using `execve`, it's perfectly fine)
Instead, we should focus on building a clean outer interface for the `garage` binary,
-for example loading configuration using environnement variables instead of the configuration file if that's helpfull for writing the tests.
+for example loading configuration using environment variables instead of the configuration file if that's helpful for writing the tests.
There are two reasons for this:
-- Keep the soure code clean and focused
+- Keep the source code clean and focused
- Test something that is as close as possible as the true garage that will actually be running
Reminder: rules of simplicity, concerning changes to Garage's source code.
@@ -71,5 +71,3 @@ Interesting blog posts on the blog of the Sled database:
Misc:
- [mutagen](https://github.com/llogiq/mutagen) - mutation testing is a way to assert our test quality by mutating the code and see if the mutation makes the tests fail
- [fuzzing](https://rust-fuzz.github.io/book/) - cargo supports fuzzing, it could be a way to test our software reliability in presence of garbage data.
-
-
diff --git a/doc/drafts/admin-api.md b/doc/drafts/admin-api.md
index 3ee948cb..778b4fa8 100644
--- a/doc/drafts/admin-api.md
+++ b/doc/drafts/admin-api.md
@@ -13,8 +13,12 @@ We will bump the version numbers prefixed to each API endpoint each time the syn
or semantics change, meaning that code that relies on these endpoints will break
when changes are introduced.
-The Garage administration API was introduced in version 0.7.2, this document
-does not apply to older versions of Garage.
+The Garage administration API was introduced in version 0.7.2, and was
+changed several times.
+
+**THIS DOCUMENT IS DEPRECATED.** We now have an OpenAPI spec which is automatically generated
+from Garage's source code and is always up-to-date. See `doc/api/garage-admin-v2.html`.
+Text in this document is no longer kept in sync with the admin API's actual behavior.
## Access control
@@ -52,34 +56,28 @@ Returns an HTTP status 200 if the node is ready to answer user's requests,
and an HTTP status 503 (Service Unavailable) if there are some partitions
for which a quorum of nodes is not available.
A simple textual message is also returned in a body with content-type `text/plain`.
-See `/v1/health` for an API that also returns JSON output.
+See `/v2/GetClusterHealth` for an API that also returns JSON output.
+
+### Other special endpoints
+
+#### CheckDomain `GET /check?domain=`
+
+Checks whether this Garage cluster serves a website for domain ``.
+Returns HTTP 200 Ok if yes, or HTTP 4xx if no website is available for this domain.
### Cluster operations
-#### GetClusterStatus `GET /v1/status`
+#### GetClusterStatus `GET /v2/GetClusterStatus`
Returns the cluster's current status in JSON, including:
-- ID of the node being queried and its version of the Garage daemon
- Live nodes
- Currently configured cluster layout
-- Staged changes to the cluster layout
Example response body:
```json
{
- "node": "b10c110e4e854e5aa3f4637681befac755154b20059ec163254ddbfae86b09df",
- "garageVersion": "v1.3.0",
- "garageFeatures": [
- "k2v",
- "lmdb",
- "sqlite",
- "metrics",
- "bundled-libs"
- ],
- "rustVersion": "1.68.0",
- "dbEngine": "LMDB (using Heed crate)",
"layoutVersion": 5,
"nodes": [
{
@@ -169,7 +167,7 @@ Example response body:
}
```
-#### GetClusterHealth `GET /v1/health`
+#### GetClusterHealth `GET /v2/GetClusterHealth`
Returns the cluster's current health in JSON format, with the following variables:
@@ -178,7 +176,7 @@ Returns the cluster's current health in JSON format, with the following variable
- degraded: Garage node is not connected to all storage nodes, but a quorum of write nodes is available for all partitions
- unavailable: a quorum of write nodes is not available for some partitions
- `knownNodes`: the number of nodes this Garage node has had a TCP connection to since the daemon started
-- `connectedNodes`: the nubmer of nodes this Garage node currently has an open connection to
+- `connectedNodes`: the number of nodes this Garage node currently has an open connection to
- `storageNodes`: the number of storage nodes currently registered in the cluster layout
- `storageNodesOk`: the number of storage nodes to which a connection is currently open
- `partitions`: the total number of partitions of the data (currently always 256)
@@ -202,7 +200,7 @@ Example response body:
}
```
-#### ConnectClusterNodes `POST /v1/connect`
+#### ConnectClusterNodes `POST /v2/ConnectClusterNodes`
Instructs this Garage node to connect to other Garage nodes at specified addresses.
@@ -232,7 +230,7 @@ Example response:
]
```
-#### GetClusterLayout `GET /v1/layout`
+#### GetClusterLayout `GET /v2/GetClusterLayout`
Returns the cluster's current layout in JSON, including:
@@ -293,7 +291,7 @@ Example response body:
}
```
-#### UpdateClusterLayout `POST /v1/layout`
+#### UpdateClusterLayout `POST /v2/UpdateClusterLayout`
Send modifications to the cluster layout. These modifications will
be included in the staged role changes, visible in subsequent calls
@@ -330,7 +328,7 @@ This returns the new cluster layout with the proposed staged changes,
as returned by GetClusterLayout.
-#### ApplyClusterLayout `POST /v1/layout/apply`
+#### ApplyClusterLayout `POST /v2/ApplyClusterLayout`
Applies to the cluster the layout changes currently registered as
staged layout changes.
@@ -350,23 +348,11 @@ existing layout in the cluster.
This returns the message describing all the calculations done to compute the new
layout, as well as the description of the layout as returned by GetClusterLayout.
-#### RevertClusterLayout `POST /v1/layout/revert`
+#### RevertClusterLayout `POST /v2/RevertClusterLayout`
Clears all of the staged layout changes.
-Request body format:
-
-```json
-{
- "version": 13
-}
-```
-
-Reverting the staged changes is done by incrementing the version number
-and clearing the contents of the staged change list.
-Similarly to the CLI, the body must include the incremented
-version number, which MUST be 1 + the value of the currently
-existing layout in the cluster.
+This requests contains an empty body.
This returns the new cluster layout with all changes reverted,
as returned by GetClusterLayout.
@@ -374,7 +360,7 @@ as returned by GetClusterLayout.
### Access key operations
-#### ListKeys `GET /v1/key`
+#### ListKeys `GET /v2/ListKeys`
Returns all API access keys in the cluster.
@@ -393,8 +379,8 @@ Example response:
]
```
-#### GetKeyInfo `GET /v1/key?id=`
-#### GetKeyInfo `GET /v1/key?search=`
+#### GetKeyInfo `GET /v2/GetKeyInfo?id=`
+#### GetKeyInfo `GET /v2/GetKeyInfo?search=`
Returns information about the requested API access key.
@@ -402,7 +388,7 @@ If `id` is set, the key is looked up using its exact identifier (faster).
If `search` is set, the key is looked up using its name or prefix
of identifier (slower, all keys are enumerated to do this).
-Optionnally, the query parameter `showSecretKey=true` can be set to reveal the
+Optionally, the query parameter `showSecretKey=true` can be set to reveal the
associated secret access key.
Example response:
@@ -468,7 +454,7 @@ Example response:
}
```
-#### CreateKey `POST /v1/key`
+#### CreateKey `POST /v2/CreateKey`
Creates a new API access key.
@@ -483,7 +469,7 @@ Request body format:
This returns the key info, including the created secret key,
in the same format as the result of GetKeyInfo.
-#### ImportKey `POST /v1/key/import`
+#### ImportKey `POST /v2/ImportKey`
Imports an existing API key.
This will check that the imported key is in the valid format, i.e.
@@ -501,7 +487,7 @@ Request body format:
This returns the key info in the same format as the result of GetKeyInfo.
-#### UpdateKey `POST /v1/key?id=`
+#### UpdateKey `POST /v2/UpdateKey?id=`
Updates information about the specified API access key.
@@ -523,14 +509,14 @@ The possible flags in `allow` and `deny` are: `createBucket`.
This returns the key info in the same format as the result of GetKeyInfo.
-#### DeleteKey `DELETE /v1/key?id=`
+#### DeleteKey `POST /v2/DeleteKey?id=`
Deletes an API access key.
### Bucket operations
-#### ListBuckets `GET /v1/bucket`
+#### ListBuckets `GET /v2/ListBuckets`
Returns all storage buckets in the cluster.
@@ -572,8 +558,8 @@ Example response:
]
```
-#### GetBucketInfo `GET /v1/bucket?id=`
-#### GetBucketInfo `GET /v1/bucket?globalAlias=`
+#### GetBucketInfo `GET /v2/GetBucketInfo?id=`
+#### GetBucketInfo `GET /v2/GetBucketInfo?globalAlias=`
Returns information about the requested storage bucket.
@@ -616,7 +602,7 @@ Example response:
}
```
-#### CreateBucket `POST /v1/bucket`
+#### CreateBucket `POST /v2/CreateBucket`
Creates a new storage bucket.
@@ -656,7 +642,7 @@ or no alias at all.
Technically, you can also specify both `globalAlias` and `localAlias` and that would create
two aliases, but I don't see why you would want to do that.
-#### UpdateBucket `PUT /v1/bucket?id=`
+#### UpdateBucket `POST /v2/UpdateBucket?id=`
Updates configuration of the given bucket.
@@ -688,16 +674,38 @@ In `quotas`: new values of `maxSize` and `maxObjects` must both be specified, or
to remove the quotas. An absent value will be considered the same as a `null`. It is not possible
to change only one of the two quotas.
-#### DeleteBucket `DELETE /v1/bucket?id=`
+#### DeleteBucket `POST /v2/DeleteBucket?id=`
Deletes a storage bucket. A bucket cannot be deleted if it is not empty.
Warning: this will delete all aliases associated with the bucket!
+#### CleanupIncompleteUploads `POST /v2/CleanupIncompleteUploads`
+
+Cleanup all incomplete uploads in a bucket that are older than a specified number
+of seconds.
+
+Request body format:
+
+```json
+{
+ "bucketId": "e6a14cd6a27f48684579ec6b381c078ab11697e6bc8513b72b2f5307e25fff9b",
+ "olderThanSecs": 3600
+}
+```
+
+Response format
+
+```json
+{
+ "uploadsDeleted": 12
+}
+```
+
### Operations on permissions for keys on buckets
-#### BucketAllowKey `POST /v1/bucket/allow`
+#### AllowBucketKey `POST /v2/AllowBucketKey`
Allows a key to do read/write/owner operations on a bucket.
@@ -718,7 +726,7 @@ Request body format:
Flags in `permissions` which have the value `true` will be activated.
Other flags will remain unchanged.
-#### BucketDenyKey `POST /v1/bucket/deny`
+#### DenyBucketKey `POST /v2/DenyBucketKey`
Denies a key from doing read/write/owner operations on a bucket.
@@ -742,19 +750,35 @@ Other flags will remain unchanged.
### Operations on bucket aliases
-#### GlobalAliasBucket `PUT /v1/bucket/alias/global?id=&alias=`
+#### AddBucketAlias `POST /v2/AddBucketAlias`
-Empty body. Creates a global alias for a bucket.
+Creates an alias for a bucket in the namespace of a specific access key.
+To create a global alias, specify the `globalAlias` field.
+To create a local alias, specify the `localAlias` and `accessKeyId` fields.
-#### GlobalUnaliasBucket `DELETE /v1/bucket/alias/global?id=&alias=`
+Request body format:
-Removes a global alias for a bucket.
+```json
+{
+ "bucketId": "e6a14cd6a27f48684579ec6b381c078ab11697e6bc8513b72b2f5307e25fff9b",
+ "globalAlias": "my-bucket"
+}
+```
-#### LocalAliasBucket `PUT /v1/bucket/alias/local?id=&accessKeyId=&alias=`
+or:
-Empty body. Creates a local alias for a bucket in the namespace of a specific access key.
+```json
+{
+ "bucketId": "e6a14cd6a27f48684579ec6b381c078ab11697e6bc8513b72b2f5307e25fff9b",
+ "accessKeyId": "GK31c2f218a2e44f485b94239e",
+ "localAlias": "my-bucket"
+}
+```
-#### LocalUnaliasBucket `DELETE /v1/bucket/alias/local?id=&accessKeyId&alias=`
+#### RemoveBucketAlias `POST /v2/RemoveBucketAlias`
-Removes a local alias for a bucket in the namespace of a specific access key.
+Removes an alias for a bucket in the namespace of a specific access key.
+To remove a global alias, specify the `globalAlias` field.
+To remove a local alias, specify the `localAlias` and `accessKeyId` fields.
+Request body format: same as AddBucketAlias.
diff --git a/doc/drafts/k2v-spec.md b/doc/drafts/k2v-spec.md
index f9696717..b16628e2 100644
--- a/doc/drafts/k2v-spec.md
+++ b/doc/drafts/k2v-spec.md
@@ -35,7 +35,7 @@ Triples in K2V are constituted of three fields:
partition key in which the client wants to read/delete lists of items
- a sort key (`sk`), an utf8 string that defines the index of the triplet inside its
- partition; triplets are uniquely idendified by their partition key + sort key
+ partition; triplets are uniquely identified by their partition key + sort key
- a value (`v`), an opaque binary blob associated to the partition key + sort key;
they are transmitted as binary when possible but in most case in the JSON API
@@ -74,7 +74,7 @@ are obsoleted by the new write.
**Basic insertion.** To insert a new value `v4` with context `[(node1, t2), (node2, t3)]`, in a
simple case where there was no insertion in-between reading the value
-mentionned above and writing `v4`, and supposing that node2 receives the
+mentioned above and writing `v4`, and supposing that node2 receives the
InsertItem query:
- `node2` generates a timestamp `t4` such that `t4 > t3`.
@@ -332,7 +332,7 @@ Inserts a single item. This request does not use JSON, the body is sent directly
To supersede previous values, the HTTP header `X-Garage-Causality-Token` should
be set to the causality token returned by a previous read on this key. This
-header can be ommitted for the first writes to the key.
+header can be omitted for the first writes to the key.
Example query:
@@ -397,7 +397,7 @@ smallest partition key that exists. It returns partition keys in increasing
order, or decreasing order if `reverse` is set to `true`,
and stops when either of the following conditions is met:
-1. if `end` is specfied, the partition key `end` is reached or surpassed (if it
+1. if `end` is specified, the partition key `end` is reached or surpassed (if it
is reached exactly, it is not included in the result)
2. if `limit` is specified, `limit` partition keys have been listed
@@ -491,7 +491,7 @@ the triplet is inserted for the first time, the causality token should be set to
The value is expected to be a base64-encoded binary blob. The value `null` can
also be used to delete the triplet while preserving causality information: this
-allows to know if a delete has happenned concurrently with an insert, in which
+allows to know if a delete has happened concurrently with an insert, in which
case both are preserved and returned on reads (see below).
Partition keys and sort keys are utf8 strings which are stored sorted by
@@ -540,7 +540,7 @@ JSON struct with the following fields:
For each of the searches, triplets are listed and returned separately. The
semantics of `prefix`, `start`, `end`, `limit` and `reverse` are the same as for ReadIndex. The
-additionnal parameter `singleItem` allows to get a single item, whose sort key
+additional parameter `singleItem` allows to get a single item, whose sort key
is the one given in `start`. Parameters `conflictsOnly` and `tombstones`
control additional filters on the items that are returned.
diff --git a/doc/optimal_layout_report/geodistrib.tex b/doc/optimal_layout_report/geodistrib.tex
index bb6f0391..56d4c925 100644
--- a/doc/optimal_layout_report/geodistrib.tex
+++ b/doc/optimal_layout_report/geodistrib.tex
@@ -59,7 +59,7 @@ To link the effective storage capacity of the cluster to partition assignment, w
\end{equation}
This assumption is justified by the dispersion of the hashing function, when the number of partitions is small relative to the number of stored blocks.
-Every node $n$ wille store some number $p_n$ of partitions (it is the number of partitions $p$ such that $n$ appears in the $\alpha_p$). Hence the partitions stored by $n$ (and hence all partitions by our assumption) have there size bounded by $c_n/p_n$. This remark leads us to define the optimal size that we will want to maximize:
+Every node $n$ will store some number $p_n$ of partitions (it is the number of partitions $p$ such that $n$ appears in the $\alpha_p$). Hence the partitions stored by $n$ (and hence all partitions by our assumption) have there size bounded by $c_n/p_n$. This remark leads us to define the optimal size that we will want to maximize:
\begin{equation}
\label{eq:optimal}
diff --git a/doc/optimal_layout_report/optimal_layout.tex b/doc/optimal_layout_report/optimal_layout.tex
index 005e7b50..42c9d3fd 100644
--- a/doc/optimal_layout_report/optimal_layout.tex
+++ b/doc/optimal_layout_report/optimal_layout.tex
@@ -38,7 +38,7 @@ We would like to compute an assignment of nodes to partitions. We will impose so
\end{equation}
This assumption is justified by the dispersion of the hashing function, when the number of partitions is small relative to the number of stored large objects.
-Every node $n$ wille store some number $k_n$ of partitions. Hence the partitions stored by $n$ (and hence all partitions by our assumption) have there size bounded by $c_n/k_n$. This remark leads us to define the optimal size that we will want to maximize:
+Every node $n$ will store some number $k_n$ of partitions. Hence the partitions stored by $n$ (and hence all partitions by our assumption) have there size bounded by $c_n/k_n$. This remark leads us to define the optimal size that we will want to maximize:
\begin{equation}
\label{eq:optimal}
@@ -62,7 +62,7 @@ For now, in the following, we ask the following redundancy constraint:
\textbf{Mode 3:} every partition needs to be assignated to three nodes. We try to spread the three nodes over different zones as much as possible.
-\textbf{Warning:} This is a working document written incrementaly. The last version of the algorithm is the \textbf{parametric assignment} described in the next section.
+\textbf{Warning:} This is a working document written incrementally. The last version of the algorithm is the \textbf{parametric assignment} described in the next section.
\section{Computation of a parametric assignment}
@@ -318,7 +318,7 @@ $$
$$
which is the universal upper bound on $s^*$. Hence any optimal utilization $(n_v)$ can be modified to another optimal utilization such that $n_v\ge \hat{n}_v$
-Because $z_0$ cannot store more than $N$ partition occurences, in any assignment, at least $2N$ partitions must be assignated to the zones $Z\setminus\{z_0\}$. Let $C_0 = C-c_{z_0}$. Suppose that there exists a zone $z_1\neq z_0$ such that $c_{z_1}/C_0 \ge 1/2$. Then, with the same argument as for $z_0$, we can define
+Because $z_0$ cannot store more than $N$ partition occurrences, in any assignment, at least $2N$ partitions must be assignated to the zones $Z\setminus\{z_0\}$. Let $C_0 = C-c_{z_0}$. Suppose that there exists a zone $z_1\neq z_0$ such that $c_{z_1}/C_0 \ge 1/2$. Then, with the same argument as for $z_0$, we can define
$$\hat{n}_v = \left\lfloor\frac{c_v}{c_{z_1}}N\right\rfloor$$
for every $v\in z_1$.
@@ -351,7 +351,7 @@ Define $3N$ tokens $t_1,\ldots, t_{3N}\in V$ as follows:
Then for $1\le i \le N$, define the triplet $T_i$ to be
$(t_i, t_{i+N}, t_{i+2N})$. Since the same nodes of a zone appear contiguously, the three nodes of a triplet must belong to three distinct zones.
-However simple, this solution to go from an utilization to an assignment has the drawback of not spreading the triplets: a node will tend to be associated to the same two other nodes for many partitions. Hence, during data transfer, it will tend to use only two link, instead of spreading the bandwith use over many other links to other nodes. To achieve this goal, we will reframe the search of an assignment as a flow problem. and in the flow algorithm, we will introduce randomness in the order of exploration. This will be sufficient to obtain a good dispersion of the triplets.
+However simple, this solution to go from an utilization to an assignment has the drawback of not spreading the triplets: a node will tend to be associated to the same two other nodes for many partitions. Hence, during data transfer, it will tend to use only two link, instead of spreading the bandwidth use over many other links to other nodes. To achieve this goal, we will reframe the search of an assignment as a flow problem. and in the flow algorithm, we will introduce randomness in the order of exploration. This will be sufficient to obtain a good dispersion of the triplets.
\begin{figure}
\centering
@@ -436,7 +436,7 @@ T_3=(b,c,d').
$$
One can check that in this case, it is impossible to minimize both the number of zone and node changes.
-Because of the redundancy constraint, we cannot use a greedy algorithm to just replace nodes in the triplets to try to get the new utilization rate: this could lead to blocking situation where there is still a hole to fill in a triplet but no available node satisfies the zone separation constraint. To circumvent this issue, we propose an algorithm based on finding cycles in a graph encoding of the assignment. As in section \ref{sec:opt_assign}, we can explore the neigbours in a random order in the graph algorithms, to spread the triplets distribution.
+Because of the redundancy constraint, we cannot use a greedy algorithm to just replace nodes in the triplets to try to get the new utilization rate: this could lead to blocking situation where there is still a hole to fill in a triplet but no available node satisfies the zone separation constraint. To circumvent this issue, we propose an algorithm based on finding cycles in a graph encoding of the assignment. As in section \ref{sec:opt_assign}, we can explore the neighbours in a random order in the graph algorithms, to spread the triplets distribution.
\subsubsection{Minimizing the zone discrepancy}
@@ -550,8 +550,8 @@ We give some considerations of worst case complexity for these algorithms. In th
Algorithm \ref{alg:util} can be implemented with complexity $O(\#V^2)$. The complexity of the function call at line \ref{lin:subutil} is $O(\#V)$. The difference between the sum of the subutilizations and $3N$ is at most the sum of the rounding errors when computing the $\hat{n}_v$. Hence it is bounded by $\#V$ and the loop at line \ref{lin:loopsub} is iterated at most $\#V$ times. Finding the minimizing $v$ at line \ref{lin:findmin} takes $O(\#V)$ operations (naively, we could also use a heap).
Algorithm \ref{alg:opt} can be implemented with complexity $O(N^3\times \#Z)$. The flow graph has $O(N+\#Z)$ vertices and $O(N\times \#Z)$ edges. Dinic's algorithm has complexity $O(\#\mathrm{Vertices}^2\#\mathrm{Edges})$ hence in our case it is $O(N^3\times \#Z)$.
-
-Algorithm \ref{alg:mini} can be implented with complexity $O(N^3\# Z)$ under \eqref{hyp:A} and $O(N^3 \#Z \#V)$ under \eqref{hyp:B}.
+
+Algorithm \ref{alg:mini} can be implemented with complexity $O(N^3\# Z)$ under \eqref{hyp:A} and $O(N^3 \#Z \#V)$ under \eqref{hyp:B}.
The graph $G_T$ has $O(N)$ vertices and $O(N\times \#Z)$ edges under assumption \eqref{hyp:A} and respectively $O(N\times \#Z)$ vertices and $O(N\times \#V)$ edges under assumption \eqref{hyp:B}. The loop at line \ref{lin:repeat} is iterated at most $N$ times since the distance between $T$ and $T'$ decreases at every iteration. Bellman-Ford algorithm has complexity $O(\#\mathrm{Vertices}\#\mathrm{Edges})$, which in our case amounts to $O(N^2\# Z)$ under \eqref{hyp:A} and $O(N^2 \#Z \#V)$ under \eqref{hyp:B}.
\begin{algorithm}
@@ -637,7 +637,7 @@ We try to maximize $s^*$ defined in \eqref{eq:optimal}. So we can compute the op
\subsection{Computation of a candidate assignment}
-To compute a candidate assignment (that does not optimize zone spreading nor distance to a previous assignment yet), we can use the folowing flow problem.
+To compute a candidate assignment (that does not optimize zone spreading nor distance to a previous assignment yet), we can use the following flow problem.
Define the oriented weighted graph $(X,E)$. The set of vertices $X$ contains the source $\mathbf{s}$, the sink $\mathbf{t}$, vertices
$\mathbf{x}_p, \mathbf{u}^+_p, \mathbf{u}^-_p$ for every partition $p$, vertices $\mathbf{y}_{p,z}$ for every partition $p$ and zone $z$, and vertices $\mathbf{z}_v$ for every node $v$.
@@ -680,14 +680,14 @@ Given the flow $f$, let $G_f=(X',E_f)$ be the multi-graph where $X' = X\setminus
\end{itemize}
To summarize, arcs are oriented left to right if they correspond to a presence of flow in $f$, and right to left if they correspond to an absence of flow. They are positively weighted if we want them to stay at their current state, and negatively if we want them to switch. Let us compute the weight of such graph.
-\begin{multline*}
+\begin{multiline*}
w(G_f) = \sum_{e\in E_f} w(e_f) \\
=
(\alpha - \beta -\gamma) N_1 + (\alpha +\beta - \gamma) N_2 + (\alpha+\beta+\gamma) N_3
\\ +
\#V\times N - 4 \sum_p 3-\#(T_p\cap T'_p) \\
=(\#V-12+\alpha-\beta-\gamma)\times N + 4Q_V + 2\beta N_2 + 2(\beta+\gamma) N_3 \\
-\end{multline*}
+\end{multiline*}
As for the mode 3-strict, one can check that the difference of two such graphs corresponding to the same $(n_v)$ is always eulerian. Hence we can navigate in this class with the same greedy algorithm that discovers positive cycles and flips them.
diff --git a/doc/talks/2025-10-06-josy/.gitignore b/doc/talks/2025-10-06-josy/.gitignore
new file mode 100644
index 00000000..9f1f00e6
--- /dev/null
+++ b/doc/talks/2025-10-06-josy/.gitignore
@@ -0,0 +1,17 @@
+*
+
+!*.txt
+!*.md
+
+!assets
+
+!.gitignore
+!*.svg
+!*.png
+!*.jpg
+!*.tex
+!Makefile
+!.gitignore
+!assets/*.drawio.pdf
+
+!talk.pdf
diff --git a/doc/talks/2025-10-06-josy/Makefile b/doc/talks/2025-10-06-josy/Makefile
new file mode 100644
index 00000000..f0aae6a8
--- /dev/null
+++ b/doc/talks/2025-10-06-josy/Makefile
@@ -0,0 +1,19 @@
+ASSETS=../assets/lattice/lattice1.pdf_tex \
+ ../assets/lattice/lattice2.pdf_tex \
+ ../assets/lattice/lattice3.pdf_tex \
+ ../assets/lattice/lattice4.pdf_tex \
+ ../assets/lattice/lattice5.pdf_tex \
+ ../assets/lattice/lattice6.pdf_tex \
+ ../assets/lattice/lattice7.pdf_tex \
+ ../assets/lattice/lattice8.pdf_tex \
+ ../assets/logos/deuxfleurs.pdf \
+ ../assets/timeline-22-24.pdf
+
+talk.pdf: talk.tex $(ASSETS)
+ pdflatex talk.tex
+
+%.pdf: %.svg
+ inkscape -D -z --file=$^ --export-pdf=$@
+
+%.pdf_tex: %.svg
+ inkscape -D -z --file=$^ --export-pdf=$@ --export-latex
diff --git a/doc/talks/2025-10-06-josy/talk.pdf b/doc/talks/2025-10-06-josy/talk.pdf
new file mode 100644
index 00000000..2194908a
Binary files /dev/null and b/doc/talks/2025-10-06-josy/talk.pdf differ
diff --git a/doc/talks/2025-10-06-josy/talk.tex b/doc/talks/2025-10-06-josy/talk.tex
new file mode 100644
index 00000000..aa483766
--- /dev/null
+++ b/doc/talks/2025-10-06-josy/talk.tex
@@ -0,0 +1,702 @@
+\nonstopmode
+\documentclass[aspectratio=169,xcolor={svgnames}]{beamer}
+\usepackage[utf8]{inputenc}
+% \usepackage[frenchb]{babel}
+\usepackage{amsmath}
+\usepackage{mathtools}
+\usepackage{breqn}
+\usepackage{multirow}
+\usetheme{boxes}
+\usepackage{graphicx}
+\usepackage{import}
+\usepackage{adjustbox}
+\usepackage[absolute,overlay]{textpos}
+%\useoutertheme[footline=authortitle,subsection=false]{miniframes}
+%\useoutertheme[footline=authorinstitute,subsection=false]{miniframes}
+\useoutertheme{infolines}
+\setbeamertemplate{headline}{}
+
+\beamertemplatenavigationsymbolsempty
+
+\definecolor{TitleOrange}{RGB}{255,137,0}
+\setbeamercolor{title}{fg=TitleOrange}
+\setbeamercolor{frametitle}{fg=TitleOrange}
+
+\definecolor{ListOrange}{RGB}{255,145,5}
+\setbeamertemplate{itemize item}{\color{ListOrange}$\blacktriangleright$}
+
+\definecolor{verygrey}{RGB}{70,70,70}
+\setbeamercolor{normal text}{fg=verygrey}
+
+
+\usepackage{tabu}
+\usepackage{multicol}
+\usepackage{vwcol}
+\usepackage{stmaryrd}
+\usepackage{graphicx}
+
+\usepackage[normalem]{ulem}
+
+\AtBeginSection[]{
+ \begin{frame}
+ \vfill
+ \centering
+ \begin{beamercolorbox}[sep=8pt,center,shadow=true,rounded=true]{title}
+ \usebeamerfont{title}\insertsectionhead\par%
+ \end{beamercolorbox}
+ \vfill
+ \end{frame}
+}
+
+\title{Garage, an S3 backend as reliable as possible}
+\author{Garage Authors}
+\date{JoSy S3, 2025-10-08}
+
+\begin{document}
+
+\begin{frame}
+ \centering
+ \includegraphics[width=.3\linewidth]{../../sticker/Garage.png}
+ \vspace{1em}
+
+ {\large\bf Garage, an S3 backend as reliable as possible}
+ \vspace{1em}
+
+ \url{https://garagehq.deuxfleurs.fr/}\\
+ \url{mailto:garagehq@deuxfleurs.fr}\\
+ \texttt{\#garage:deuxfleurs.fr} on Matrix
+\end{frame}
+
+
+\section{Meet Garage}
+
+\begin{frame}
+ \frametitle{A non-profit initiative}
+
+
+ \begin{columns}[t]
+ \begin{column}{.2\textwidth}
+ \centering
+ \adjincludegraphics[width=.5\linewidth, valign=t]{../assets/logos/deuxfleurs.pdf}
+ \end{column}
+ \begin{column}{.8\textwidth}
+ \textbf{Part of a degrowth initiative}\\
+ Garage has been created at Deuxfleurs where we experiment running Internet services without datacenter on commodity and refurbished hardware.
+ \end{column}
+
+ \end{columns}
+ \vspace{2em}
+ \begin{columns}[t]
+ \begin{column}{.2\textwidth}
+ \centering
+ \adjincludegraphics[width=.5\linewidth, valign=t]{../assets/community.png}
+ \end{column}
+ \begin{column}{.8\textwidth}
+ \textbf{Developed by a community}\\
+ {\small Some recent contributors: Arthur C, Charles H, dongdigua, Etienne L, Jonah A, Julien K, Lapineige, MagicRR, Milas B, Niklas M, RockWolf, Schwitzd, trinity-1686a, Xavier S, babykart, Baptiste J, eddster2309, James O'C, Joker9944, Maximilien R, Renjaya RZ, Yureka...}
+ \end{column}
+
+ \end{columns}
+ \vspace{2em}
+ \begin{columns}[t]
+ \begin{column}{.2\textwidth}
+ \centering
+ \adjincludegraphics[width=.5\linewidth, valign=t]{../assets/logos/AGPLv3_Logo.png}
+ \end{column}
+ \begin{column}{.8\textwidth}
+ \textbf{Owned by nobody, open-core is impossible, zero VC money}\\
+ AGPL + no Contributor License Agreement = Garage ownership spreads among hundredth of contributors.
+ \end{column}
+
+ \end{columns}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Getting support for Garage}
+ \begin{columns}[t]
+ \begin{column}{.2\textwidth}
+ \centering
+ \adjincludegraphics[width=.4\linewidth, valign=t]{../assets/alex.jpg}
+ \end{column}
+ \begin{column}{.4\textwidth}
+ \textbf{Alex Auvolat}\\
+ PhD; co-founder of Deuxfleurs\\
+ Garage maintainer, Freelance
+ \end{column}
+ \begin{column}{.3\textwidth}
+ \centering
+ \adjincludegraphics[width=.4\linewidth, valign=t]{../assets/support.png}
+ \end{column}
+ \begin{column}{.1\textwidth}
+ ~
+ \end{column}
+ \end{columns}
+ \vspace{2em}
+ \begin{columns}[t]
+ \begin{column}{.2\textwidth}
+ \centering
+ \adjincludegraphics[width=.4\linewidth, valign=t]{../assets/quentin.jpg}
+ \end{column}
+ \begin{column}{.4\textwidth}
+ \textbf{Quentin Dufour}\\
+ PhD; co-founder of Deuxfleurs\\
+ Garage contributor, Freelance
+ \end{column}
+ \begin{column}{.4\textwidth}
+ For support requests, write at: \\
+ \url{garagehq@deuxfleurs.fr}
+ \end{column}
+ \end{columns}
+ \vspace{2em}
+ \begin{columns}[t]
+ \begin{column}{.2\textwidth}
+ \centering
+ \adjincludegraphics[width=.4\linewidth, valign=t]{../assets/armael.jpg}
+ \end{column}
+ \begin{column}{.4\textwidth}
+ \textbf{Armaël Guéneau}\\
+ PhD; member of Deuxfleurs\\
+ Garage contributor, Freelance
+ \end{column}
+ \begin{column}{.4\textwidth}
+ Eligible: email support, architecture design, specific feature development, etc.
+ \end{column}
+ \end{columns}
+
+
+\end{frame}
+
+\begin{frame}
+ \frametitle{Our initial goal}
+
+ \centering
+ \Large
+
+ Being a self-sovereign community to be free of our degrowth choice
+
+ $\big\downarrow$
+
+ As web citizens, datacenters are big black boxes. \\
+ We want to leave them to autonoumously manage our servers.
+
+ $\big\downarrow$
+
+ We want reliable services without relying on dedicated hardware or places.
+
+\end{frame}
+
+\begin{frame}
+ \frametitle{Building a resilient system with cheap stuff}
+
+ \only<1,4-7>{
+ \begin{itemize}
+ \item \textcolor<5->{gray}{Commodity hardware (e.g. old desktop PCs)\\
+ \vspace{.5em}
+ \visible<4->{{\footnotesize (can die at any time)}}}
+ \vspace{1.5em}
+ \item<5-> \textcolor<7->{gray}{Regular Internet (e.g. FTTB, FTTH) and power grid connections\\
+ \vspace{.5em}
+ \visible<6->{{\footnotesize (can be unavailable randomly)}}}
+ \vspace{1.5em}
+ \item<7-> \textbf{Geographical redundancy} (multi-site replication)
+ \end{itemize}
+ }
+ \only<2>{
+ \begin{center}
+ \includegraphics[width=.8\linewidth]{../assets/neptune.jpg}
+ \end{center}
+ }
+ \only<3>{
+ \begin{center}
+ \includegraphics[width=.8\linewidth]{../assets/atuin.jpg}
+ \end{center}
+ }
+ \only<8>{
+ \begin{center}
+ \includegraphics[width=.8\linewidth]{../assets/inframap_jdll2023.pdf}
+ \end{center}
+ }
+\end{frame}
+
+\begin{frame}
+ \frametitle{Object storage: a crucial component}
+ \begin{center}
+ \includegraphics[height=6em]{../assets/logos/Amazon-S3.jpg}
+ \hspace{3em}
+ \visible<2->{\includegraphics[height=5em]{../assets/logos/minio.png}}
+ \hspace{3em}
+ \visible<3>{\includegraphics[height=6em]{../../logo/garage_hires_crop.png}}
+ \end{center}
+ \vspace{1em}
+ S3: a de-facto standard, many compatible applications
+
+ \vspace{1em}
+ \visible<2->{MinIO is self-hostable but not suited for geo-distributed deployments}
+
+ \vspace{1em}
+ \visible<3->{\textbf{Garage is a self-hosted drop-in replacement for the Amazon S3 object store}}
+\end{frame}
+
+\begin{frame}
+ \frametitle{CRDTs / weak consistency instead of consensus}
+
+ \underline{Internally, Garage uses only CRDTs} (conflict-free replicated data types)
+
+ \vspace{2em}
+ Why not Raft, Paxos, ...? Issues of consensus algorithms:
+
+ \vspace{1em}
+ \begin{itemize}
+ \item<2-> \textbf{Software complexity}
+ \vspace{1em}
+ \item<3-> \textbf{Performance issues:}
+ \vspace{.5em}
+ \begin{itemize}
+ \item<4-> The leader is a \textbf{bottleneck} for all requests\\
+ \vspace{.5em}
+ \item<5-> \textbf{Sensitive to higher latency} between nodes
+ \vspace{.5em}
+ \item<6-> \textbf{Takes time to reconverge} when disrupted (e.g. node going down)
+ \end{itemize}
+ \end{itemize}
+\end{frame}
+
+\begin{frame}
+ \frametitle{The data model of object storage}
+ Object storage is basically a \textbf{key-value store}:
+ \vspace{.5em}
+
+ {\scriptsize
+ \begin{center}
+ \begin{tabular}{|l|p{7cm}|}
+ \hline
+ \textbf{Key: file path + name} & \textbf{Value: file data + metadata} \\
+ \hline
+ \hline
+ \texttt{index.html} &
+ \texttt{Content-Type: text/html; charset=utf-8} \newline
+ \texttt{Content-Length: 24929} \newline
+ \texttt{} \\
+ \hline
+ \texttt{img/logo.svg} &
+ \texttt{Content-Type: text/svg+xml} \newline
+ \texttt{Content-Length: 13429} \newline
+ \texttt{} \\
+ \hline
+ \texttt{download/index.html} &
+ \texttt{Content-Type: text/html; charset=utf-8} \newline
+ \texttt{Content-Length: 26563} \newline
+ \texttt{} \\
+ \hline
+ \end{tabular}
+ \end{center}
+ }
+
+ \vspace{1em}
+ \begin{itemize}
+ \item<2> Maps well to CRDT data types
+ \end{itemize}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Performance gains in practice}
+ \begin{center}
+ \includegraphics[width=.8\linewidth]{../assets/perf/endpoint_latency_0.7_0.8_minio.png}
+ \end{center}
+\end{frame}
+
+% ======================================== OPERATING
+% ======================================== OPERATING
+% ======================================== OPERATING
+
+
+\section{Production clusters}
+
+\begin{frame}
+ \frametitle{Deployment kinds}
+
+ \includegraphics[width=.9\linewidth]{../assets/cluster_kind.png}
+ \vspace{1em}
+
+\end{frame}
+
+\begin{frame}
+ \frametitle{How big they are?}
+
+ \includegraphics[width=.9\linewidth]{../assets/cluster_size.png}
+ \vspace{1em}
+
+ \textit{"Petabyte storage setup for a video site. Nginx as CDN in-front using garage-s3-website feature. Each storage node has ~64TB storage with raid10, no replication within garage. 25gbit nic. haproxy to loadbalance across 5 nodes. mostly reads with very few writes."}
+
+ \vspace{1em}
+ \textit{"We currently manage 7 Garage nodes, 28TB total storage, 6M blocks for 3M objects and 4TB of object data. We have been running Garage in production for 2.5 years."}
+
+\end{frame}
+
+\begin{frame}
+ \frametitle{Operating Garage}
+ \begin{center}
+ \only<1-2>{
+ \includegraphics[width=.9\linewidth]{../assets/screenshots/garage_status_0.10.png}
+ \\\vspace{1em}
+ \visible<2>{\includegraphics[width=.9\linewidth]{../assets/screenshots/garage_status_unhealthy_0.10.png}}
+ }
+ \end{center}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Garage's architecture}
+ \begin{center}
+ \only<1>{\includegraphics[width=.45\linewidth]{../assets/garage.drawio.pdf}}%
+ \only<2>{\includegraphics[width=.6\linewidth]{../assets/garage_sync.drawio.pdf}}%
+ \end{center}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Digging deeper}
+ \begin{center}
+ \only<1>{\includegraphics[width=.9\linewidth]{../assets/screenshots/garage_stats_0.10.png}}
+ \only<2>{\includegraphics[width=.5\linewidth]{../assets/screenshots/garage_worker_list_0.10.png}}
+ \only<3>{\includegraphics[width=.6\linewidth]{../assets/screenshots/garage_worker_param_0.10.png}}
+ \end{center}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Potential limitations and bottlenecks}
+ \begin{itemize}
+ \item Global:
+ \begin{itemize}
+ \item Max. $\sim$100 nodes per cluster (excluding gateways)
+ \end{itemize}
+ \vspace{1em}
+ \item Metadata:
+ \begin{itemize}
+ \item One big bucket = bottleneck, object list on 3 nodes only
+ \end{itemize}
+ \vspace{1em}
+ \item Block manager:
+ \begin{itemize}
+ \item Lots of small files on disk
+ \item Processing the resync queue can be slow
+ \end{itemize}
+ \end{itemize}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Deployment advice for very large clusters}
+ \begin{itemize}
+ \item Metadata storage:
+ \begin{itemize}
+ \item ZFS mirror (x2) on fast NVMe
+ \item Use LMDB storage engine
+ \end{itemize}
+ \vspace{.5em}
+ \item Data block storage:
+ \begin{itemize}
+ \item Use Garage's native multi-HDD support
+ \item XFS on individual drives
+ \item Increase block size (1MB $\to$ 10MB, requires more RAM and good networking)
+ \item Tune \texttt{resync-tranquility} and \texttt{resync-worker-count} dynamically
+ \end{itemize}
+ \vspace{.5em}
+ \item Other :
+ \begin{itemize}
+ \item Split data over several buckets
+ \item Use less than 100 storage nodes
+ \item Use gateway nodes
+ \end{itemize}
+ \vspace{.5em}
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}
+ \frametitle{Focus on Deuxfleurs}
+
+ Host institutional websites, partnership with a web agency.
+ Matrix media backend.
+
+ Plan to use it as an email backend for an internally developed email server.
+
+\end{frame}
+
+
+% ======================================== TIMELINE
+% ======================================== TIMELINE
+% ======================================== TIMELINE
+
+\section{Recent developments}
+
+% ====================== v0.7.0 ===============================
+
+\begin{frame}
+ \begin{center}
+ \includegraphics[width=.8\linewidth]{../assets/tl.drawio.png}
+ \end{center}
+\end{frame}
+
+\begin{frame}
+ \frametitle{April 2022 - Garage v0.7.0}
+ Focus on \underline{observability and ecosystem integration}
+ \vspace{2em}
+ \begin{itemize}
+ \item \textbf{Monitoring:} metrics and traces, using OpenTelemetry
+ \vspace{1em}
+ \item Replication modes with 1 or 2 copies / weaker consistency
+ \vspace{1em}
+ \item Kubernetes integration for node discovery
+ \vspace{1em}
+ \item Admin API (v0.7.2)
+ \end{itemize}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Metrics (Prometheus + Grafana)}
+ \begin{center}
+ \includegraphics[width=.9\linewidth]{../assets/screenshots/grafana_dashboard.png}
+ \end{center}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Traces (Jaeger)}
+ \begin{center}
+ \includegraphics[width=.8\linewidth]{../assets/screenshots/jaeger_listobjects.png}
+ \end{center}
+\end{frame}
+
+% ====================== v0.8.0 ===============================
+
+\begin{frame}
+ \begin{center}
+ \includegraphics[width=.8\linewidth]{../assets/tl.drawio.png}
+ \end{center}
+\end{frame}
+
+\begin{frame}
+ \frametitle{November 2022 - Garage v0.8.0}
+ Focus on \underline{performance}
+ \vspace{2em}
+ \begin{itemize}
+ \item \textbf{Alternative metadata DB engines} (LMDB, Sqlite)
+ \vspace{1em}
+ \item \textbf{Performance improvements:} block streaming, various optimizations...
+ \vspace{1em}
+ \item Bucket quotas (max size, max \#objects)
+ \vspace{1em}
+ \item Quality of life improvements, observability, etc.
+ \end{itemize}
+\end{frame}
+
+\begin{frame}
+ \frametitle{About metadata DB engines}
+ \textbf{Issues with Sled:}
+ \vspace{1em}
+ \begin{itemize}
+ \item Huge files on disk
+ \vspace{.5em}
+ \item Unpredictable performance, especially on HDD
+ \vspace{.5em}
+ \item API limitations
+ \vspace{.5em}
+ \item Not actively maintained
+ \end{itemize}
+
+ \vspace{2em}
+ \textbf{LMDB:} very stable, good performance, file size is reasonable\\
+ \textbf{Sqlite} also available as a second choice
+
+ \vspace{1em}
+ Sled will be removed in Garage v1.0
+\end{frame}
+
+\begin{frame}
+ \frametitle{DB engine performance comparison}
+ \begin{center}
+ \includegraphics[width=.6\linewidth]{../assets/perf/db_engine.png}
+ \end{center}
+ NB: Sqlite was slow due to synchronous mode, now configurable
+\end{frame}
+
+\begin{frame}
+ \frametitle{Block streaming}
+ \begin{center}
+ \only<1>{\includegraphics[width=.8\linewidth]{../assets/schema-streaming-1.png}}
+ \only<2>{\includegraphics[width=.8\linewidth]{../assets/schema-streaming-2.png}}
+ \end{center}
+\end{frame}
+
+\begin{frame}
+ \frametitle{TTFB benchmark}
+ \begin{center}
+ \includegraphics[width=.8\linewidth]{../assets/perf/ttfb.png}
+ \end{center}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Throughput benchmark}
+ \begin{center}
+ \includegraphics[width=.7\linewidth]{../assets/perf/io-0.7-0.8-minio.png}
+ \end{center}
+\end{frame}
+
+% ====================== v0.9.0 ===============================
+
+\begin{frame}
+ \begin{center}
+ \includegraphics[width=.8\linewidth]{../assets/tl.drawio.png}
+ \end{center}
+\end{frame}
+
+\begin{frame}
+ \frametitle{October 2023 - Garage v0.9.0}
+ Focus on \underline{streamlining \& usability}
+ \vspace{2em}
+ \begin{itemize}
+ \item Support multiple HDDs per node
+ \vspace{1em}
+ \item S3 compatibility:
+ \vspace{1em}
+ \begin{itemize}
+ \item support basic lifecycle configurations
+ \vspace{.5em}
+ \item allow for multipart upload part retries
+ \end{itemize}
+ \vspace{1em}
+ \item LMDB by default, deprecation of Sled
+ \vspace{1em}
+ \item New layout computation algorithm
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}
+ \frametitle{Layout computation}
+ \begin{overprint}
+ \onslide<1>
+ \begin{center}
+ \includegraphics[width=\linewidth, trim=0 0 0 -4cm]{../assets/screenshots/garage_status_0.9_prod_zonehl.png}
+ \end{center}
+ \onslide<2>
+ \begin{center}
+ \includegraphics[width=.7\linewidth]{../assets/map.png}
+ \end{center}
+ \end{overprint}
+ \vspace{1em}
+ Garage stores replicas on different zones when possible
+\end{frame}
+
+\begin{frame}
+ \frametitle{What a "layout" is}
+ \textbf{A layout is a precomputed index table:}
+ \vspace{1em}
+
+ {\footnotesize
+ \begin{center}
+ \begin{tabular}{|l|l|l|l|}
+ \hline
+ \textbf{Partition} & \textbf{Node 1} & \textbf{Node 2} & \textbf{Node 3} \\
+ \hline
+ \hline
+ Partition 0 & df-ymk (bespin) & Abricot (scorpio) & Courgette (neptune) \\
+ \hline
+ Partition 1 & Ananas (scorpio) & Courgette (neptune) & df-ykl (bespin) \\
+ \hline
+ Partition 2 & df-ymf (bespin) & Celeri (neptune) & Abricot (scorpio) \\
+ \hline
+ \hspace{1em}$\vdots$ & \hspace{1em}$\vdots$ & \hspace{1em}$\vdots$ & \hspace{1em}$\vdots$ \\
+ \hline
+ Partition 255 & Concombre (neptune) & df-ykl (bespin) & Abricot (scorpio) \\
+ \hline
+ \end{tabular}
+ \end{center}
+ }
+
+ \vspace{2em}
+ \visible<2->{
+ The index table is built centrally using an optimal algorithm,\\
+ then propagated to all nodes
+ }
+
+ \vspace{1em}
+ \visible<3->{
+ \footnotesize
+ Oulamara, M., \& Auvolat, A. (2023). \emph{An algorithm for geo-distributed and redundant storage in Garage}.\\ arXiv preprint arXiv:2302.13798.
+ }
+\end{frame}
+
+
+
+% ====================== v1.0.0 ===============================
+
+\begin{frame}
+ \begin{center}
+ \includegraphics[width=.8\linewidth]{../assets/tl.drawio.png}
+ \end{center}
+\end{frame}
+
+\begin{frame}
+ \frametitle{April 2024 - Garage v1.0.0}
+ Focus on \underline{consistency, security \& stability}
+ \vspace{2em}
+ \begin{itemize}
+ \item Fix consistency issues when reshuffling data (Jepsen testing)
+ \vspace{1em}
+ \item \textbf{Security audit} by Radically Open Security
+ \vspace{1em}
+ \item Misc. S3 features (SSE-C, checksums, ...) and compatibility fixes
+ \end{itemize}
+\end{frame}
+
+% ====================== v2.0.0 ===============================
+
+\begin{frame}
+ \begin{center}
+ \includegraphics[width=.8\linewidth]{../assets/tl.drawio.png}
+ \end{center}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Garage v2.0.0}
+ Focus on \underline{}
+ \vspace{2em}
+ \begin{itemize}
+ \item TODO
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}
+ \frametitle{Currently funding...}
+
+ \textit{...}
+\end{frame}
+
+\begin{frame}
+ \frametitle{We run community surveys}
+ \begin{center}
+ \includegraphics[width=.6\linewidth]{../assets/survey_requested_features.png}
+ \end{center}
+\end{frame}
+
+% ======================================== END
+% ======================================== END
+% ======================================== END
+
+\begin{frame}
+ \frametitle{Where to find us}
+ \begin{center}
+ \includegraphics[width=.25\linewidth]{../../logo/garage_hires.png}\\
+ \vspace{-1em}
+ \url{https://garagehq.deuxfleurs.fr/}\\
+ \url{mailto:garagehq@deuxfleurs.fr}\\
+ \texttt{\#garage:deuxfleurs.fr} on Matrix
+
+ \vspace{1.5em}
+ \includegraphics[width=.06\linewidth]{../assets/logos/rust_logo.png}
+ \includegraphics[width=.13\linewidth]{../assets/logos/AGPLv3_Logo.png}
+ \end{center}
+\end{frame}
+
+\end{document}
+
+%% vim: set ts=4 sw=4 tw=0 noet spelllang=en :
diff --git a/doc/talks/assets/armael.jpg b/doc/talks/assets/armael.jpg
new file mode 100644
index 00000000..54b97662
Binary files /dev/null and b/doc/talks/assets/armael.jpg differ
diff --git a/doc/talks/assets/cluster_kind.png b/doc/talks/assets/cluster_kind.png
new file mode 100644
index 00000000..80f8f4b5
Binary files /dev/null and b/doc/talks/assets/cluster_kind.png differ
diff --git a/doc/talks/assets/cluster_size.png b/doc/talks/assets/cluster_size.png
new file mode 100644
index 00000000..b4b0f5ce
Binary files /dev/null and b/doc/talks/assets/cluster_size.png differ
diff --git a/doc/talks/assets/community.png b/doc/talks/assets/community.png
new file mode 100644
index 00000000..06c7a1af
Binary files /dev/null and b/doc/talks/assets/community.png differ
diff --git a/doc/talks/assets/quentin.jpg b/doc/talks/assets/quentin.jpg
new file mode 100644
index 00000000..a68d9d7b
Binary files /dev/null and b/doc/talks/assets/quentin.jpg differ
diff --git a/doc/talks/assets/support.png b/doc/talks/assets/support.png
new file mode 100644
index 00000000..c20d179b
Binary files /dev/null and b/doc/talks/assets/support.png differ
diff --git a/doc/talks/assets/tl.drawio.png b/doc/talks/assets/tl.drawio.png
new file mode 100644
index 00000000..c60c310a
Binary files /dev/null and b/doc/talks/assets/tl.drawio.png differ
diff --git a/flake.lock b/flake.lock
index 211b70e0..e265d0c3 100644
--- a/flake.lock
+++ b/flake.lock
@@ -12,16 +12,17 @@
"original": {
"owner": "ipetkov",
"repo": "crane",
+ "rev": "6fe74265bbb6d016d663b1091f015e2976c4a527",
"type": "github"
}
},
"flake-compat": {
"locked": {
- "lastModified": 1717312683,
- "narHash": "sha256-FrlieJH50AuvagamEvWMIE6D2OAnERuDboFDYAED/dE=",
+ "lastModified": 1761640442,
+ "narHash": "sha256-AtrEP6Jmdvrqiv4x2xa5mrtaIp3OEe8uBYCDZDS+hu8=",
"owner": "nix-community",
"repo": "flake-compat",
- "rev": "38fd3954cf65ce6faf3d0d45cd26059e059f07ea",
+ "rev": "4a56054d8ffc173222d09dad23adf4ba946c8884",
"type": "github"
},
"original": {
diff --git a/flake.nix b/flake.nix
index 01a077c4..81d94215 100644
--- a/flake.nix
+++ b/flake.nix
@@ -11,7 +11,8 @@
"github:oxalica/rust-overlay/ab726555a9a72e6dc80649809147823a813fa95b";
inputs.rust-overlay.inputs.nixpkgs.follows = "nixpkgs";
- inputs.crane.url = "github:ipetkov/crane";
+ # Crane as of 2025-01-24
+ inputs.crane.url = "github:ipetkov/crane/6fe74265bbb6d016d663b1091f015e2976c4a527";
inputs.flake-compat.url = "github:nix-community/flake-compat";
inputs.flake-utils.url = "github:numtide/flake-utils";
@@ -66,7 +67,7 @@
clippy = lints.garage-cargo-clippy;
};
- # ---- developpment shell, for making native builds only ----
+ # ---- development shell, for making native builds only ----
devShells =
let
targets = compile {
@@ -89,6 +90,9 @@
cargo-outdated
cargo-machete
nixpkgs-fmt
+ openssl
+ socat
+ killall
];
};
};
diff --git a/nix/build_index.nix b/nix/build_index.nix
index 7869566f..92931eea 100644
--- a/nix/build_index.nix
+++ b/nix/build_index.nix
@@ -167,7 +167,7 @@ let