Let's start your Garage journey! In this chapter, we explain how to deploy Garage as a single-node server and how to interact with it.
What is Garage?
Before jumping in, you might be interested in reading the following pages:
Scope of this tutorial
Our goal is to introduce you to Garage's workflows. Following this guide is recommended before moving on to configuring a multi-node cluster.
Note that this kind of deployment should not be used in production, as it provides no redundancy for your data!
Get a binary
Download the latest Garage binary from the release pages on our repository:
https://garagehq.deuxfleurs.fr/download/
Place this binary somewhere in your $PATH so that you can invoke the garage
command directly (for instance you can copy the binary in /usr/local/bin
or in ~/.local/bin).
You may also check whether your distribution already includes a binary package for Garage.
If a binary of the last version is not available for your architecture, or if you want a build customized for your system, you can build Garage from source.
Configuring and starting Garage
Generating a first configuration file
This first configuration file should allow you to get started easily with the simplest possible Garage deployment.
We will create it with the following command line to generate unique and private secrets for security reasons:
cat > garage.toml <<EOF
metadata_dir = "/tmp/meta"
data_dir = "/tmp/data"
db_engine = "sqlite"
replication_factor = 1
rpc_bind_addr = "[::]:3901"
rpc_public_addr = "127.0.0.1:3901"
rpc_secret = "$(openssl rand -hex 32)"
[s3_api]
s3_region = "garage"
api_bind_addr = "[::]:3900"
root_domain = ".s3.garage.localhost"
[s3_web]
bind_addr = "[::]:3902"
root_domain = ".web.garage.localhost"
index = "index.html"
[k2v_api]
api_bind_addr = "[::]:3904"
[admin]
api_bind_addr = "[::]:3903"
admin_token = "$(openssl rand -base64 32)"
metrics_token = "$(openssl rand -base64 32)"
EOF
Now that your configuration file has been created, you may save it to the directory of your choice.
By default, Garage looks for /etc/garage.toml.
You can also store it somewhere else, but you will have to specify -c path/to/garage.toml
at each invocation of the garage binary (for example: garage -c ./garage.toml server, garage -c ./garage.toml status).
As you can see, the rpc_secret is a 32 bytes hexadecimal string.
You can regenerate it with openssl rand -hex 32.
If you target a cluster deployment with multiple nodes, make sure that
you use the same value for all nodes.
As you can see in the metadata_dir and data_dir parameters, we are saving Garage's data
in /tmp which gets erased when your system reboots. This means that data stored on this
Garage server will not be persistent. Change these to locations on your local disk if you want
your data to be persisted properly.
Launching the Garage server
Use the following command to launch the Garage server:
garage -c path/to/garage.toml server
If you have placed the garage.toml file in /etc (its default location), you can simply run garage server.
You can tune Garage's verbosity by setting the RUST_LOG= environment variable.
Available log levels are (from less verbose to more verbose): error, warn, info (default), debug and trace.
RUST_LOG=garage=info garage server # default
RUST_LOG=garage=debug garage server
RUST_LOG=garage=trace garage server
Log level info is the default value and is recommended for most use cases.
Log level debug can help you check why your S3 API calls are not working.
Checking that Garage runs correctly
The garage utility is also used as a CLI tool to configure your Garage deployment.
It uses values from the TOML configuration file to find the Garage daemon running on the
local node, therefore if your configuration file is not at /etc/garage.toml you will
again have to specify -c path/to/garage.toml at each invocation.
If the garage CLI is able to correctly detect the parameters of your local Garage node,
the following command should be enough to show the status of your cluster:
garage status
This should show something like this:
==== HEALTHY NODES ====
ID Hostname Address Tag Zone Capacity
563e1ac825ee3323 linuxbox 127.0.0.1:3901 NO ROLE ASSIGNED
Creating a cluster layout
Creating a cluster layout for a Garage deployment means informing Garage of the disk space available on each node of the cluster as well as the zone (e.g. datacenter) each machine is located in.
For our test deployment, we are using only one node. The way in which we configure it does not matter, you can simply write:
garage layout assign -z dc1 -c 1G <node_id>
where <node_id> corresponds to the identifier of the node shown by garage status (first column).
You can enter simply a prefix of that identifier.
For instance here you could write just garage layout assign -z dc1 -c 1G 563e.
The layout then has to be applied to the cluster, using:
garage layout apply
Creating buckets and keys
In this section, we will suppose that we want to create a bucket named nextcloud-bucket
that will be accessed through a key named nextcloud-app-key.
Don't forget that help command and --help subcommands can help you anywhere,
the CLI tool is self-documented! Two examples:
garage help
garage bucket allow --help
Create a bucket
Let's take an example where we want to deploy NextCloud using Garage as the main data storage.
First, create a bucket with the following command:
garage bucket create nextcloud-bucket
Check that everything went well:
garage bucket list
garage bucket info nextcloud-bucket
Create an API key
The nextcloud-bucket bucket now exists on the Garage server,
however it cannot be accessed until we add an API key with the proper access rights.
Note that API keys are independent of buckets: one key can access multiple buckets, multiple keys can access one bucket.
Create an API key using the following command:
garage key create nextcloud-app-key
The output should look as follows:
Key name: nextcloud-app-key
Key ID: GK3515373e4c851ebaad366558
Secret key: 7d37d093435a41f2aab8f13c19ba067d9776c90215f56614adad6ece597dbb34
Authorized buckets:
Check that everything works as intended:
garage key list
garage key info nextcloud-app-key
Allow a key to access a bucket
Now that we have a bucket and a key, we need to give permissions to the key on the bucket:
garage bucket allow \
--read \
--write \
--owner \
nextcloud-bucket \
--key nextcloud-app-key
You can check at any time the allowed keys on your bucket with:
garage bucket info nextcloud-bucket
Uploading and downloading from Garage
To download and upload files on garage, we can use a third-party tool named awscli.
Install and configure awscli
If you have python on your system, you can install it with:
python -m pip install --user awscli
Now that awscli is installed, you must configure it to talk to your Garage instance,
with your key. There are multiple ways to do that, the simplest one is to create a file
named ~/.awsrc with this content:
export AWS_ACCESS_KEY_ID=xxxx # put your Key ID here
export AWS_SECRET_ACCESS_KEY=xxxx # put your Secret key here
export AWS_DEFAULT_REGION='garage'
export AWS_ENDPOINT_URL='http://localhost:3900'
aws --version
Note you need to have at least awscli >=1.29.0 or >=2.13.0, otherwise you
need to specify --endpoint-url explicitly on each awscli invocation.
Now, each time you want to use awscli on this target, run:
source ~/.awsrc
You can create multiple files with different names if you have multiple Garage clusters or different keys. Switching from one cluster to another is as simple as sourcing the right file.
Example usage of awscli
# list buckets
aws s3 ls
# list objects of a bucket
aws s3 ls s3://nextcloud-bucket
# copy from your filesystem to garage
aws s3 cp /proc/cpuinfo s3://nextcloud-bucket/cpuinfo.txt
# copy from garage to your filesystem
aws s3 cp s3://nextcloud-bucket/cpuinfo.txt /tmp/cpuinfo.txt
Note that you can use awscli for more advanced operations like
creating a bucket, pre-signing a request or managing your website.
Read the full documentation to know more.
Some features are however not implemented like ACL or policy. Check our s3 compatibility list.
Other tools for interacting with Garage
The following tools can also be used to send and recieve files from/to Garage:
An exhaustive list is maintained in the "Integrations" > "Browsing tools" section.