diff --git a/.docker/observability/docker-compose.yml b/.docker/observability/docker-compose.yml index 618f543c..84f5b933 100644 --- a/.docker/observability/docker-compose.yml +++ b/.docker/observability/docker-compose.yml @@ -14,7 +14,7 @@ services: otel-collector: - image: ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-contrib:0.127.0 + image: otel/opentelemetry-collector-contrib:0.129.1 environment: - TZ=Asia/Shanghai volumes: @@ -30,7 +30,7 @@ services: networks: - otel-network jaeger: - image: jaegertracing/jaeger:2.7.0 + image: jaegertracing/jaeger:2.8.0 environment: - TZ=Asia/Shanghai ports: @@ -40,7 +40,7 @@ services: networks: - otel-network prometheus: - image: prom/prometheus:v3.4.1 + image: prom/prometheus:v3.4.2 environment: - TZ=Asia/Shanghai volumes: diff --git a/.docker/observability/otel-collector-config.yaml b/.docker/observability/otel-collector-config.yaml index 3d5942d4..fb813fe3 100644 --- a/.docker/observability/otel-collector-config.yaml +++ b/.docker/observability/otel-collector-config.yaml @@ -66,6 +66,12 @@ service: logs: level: "info" # Collector 日志级别 metrics: - address: "0.0.0.0:8888" # Collector 自身指标暴露 + level: "detailed" # 可以是 basic, normal, detailed + readers: + - periodic: + exporter: + otlp: + protocol: http/protobuf + endpoint: http://otel-collector:4318 diff --git a/Dockerfile.multi-stage b/Dockerfile.multi-stage index 24b1f616..08d6d3d1 100644 --- a/Dockerfile.multi-stage +++ b/Dockerfile.multi-stage @@ -111,7 +111,7 @@ RUN chmod +x /app/rustfs && chown rustfs:rustfs /app/rustfs USER rustfs # Expose ports -EXPOSE 9000 9001 +EXPOSE 9000 # Health check HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \ diff --git a/crates/protos/src/generated/mod.rs b/crates/protos/src/generated/mod.rs index c32d004a..9866676a 100644 --- a/crates/protos/src/generated/mod.rs +++ b/crates/protos/src/generated/mod.rs @@ -1,4 +1,3 @@ -#![allow(unused_imports)] // Copyright 2024 RustFS Team // // Licensed under the Apache License, Version 2.0 (the "License"); @@ -12,6 +11,8 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. + +#![allow(unused_imports)] #![allow(clippy::all)] pub mod proto_gen; diff --git a/deploy/README.md b/deploy/README.md index bf1a2bce..79e7dd8a 100644 --- a/deploy/README.md +++ b/deploy/README.md @@ -25,17 +25,16 @@ managing and monitoring the system. |--certs | ├── rustfs_cert.pem // Default|fallback certificate | ├── rustfs_key.pem // Default|fallback private key -| ├── example.com/ // certificate directory of specific domain names +| ├── rustfs.com/ // certificate directory of specific domain names | │ ├── rustfs_cert.pem | │ └── rustfs_key.pem -| ├── api.example.com/ +| ├── api.rustfs.com/ | │ ├── rustfs_cert.pem | │ └── rustfs_key.pem -| └── cdn.example.com/ +| └── cdn.rustfs.com/ | ├── rustfs_cert.pem | └── rustfs_key.pem |--config | |--rustfs.env // env config | |--rustfs-zh.env // env config in Chinese -| |--event.example.toml // event config ``` \ No newline at end of file diff --git a/deploy/build/rustfs-zh.service b/deploy/build/rustfs-zh.service index e6166a19..b6add428 100644 --- a/deploy/build/rustfs-zh.service +++ b/deploy/build/rustfs-zh.service @@ -36,15 +36,11 @@ Environment=RUSTFS_SECRET_KEY=rustfsadmin ExecStart=/usr/local/bin/rustfs \ --address 0.0.0.0:9000 \ --volumes /data/rustfs/vol1,/data/rustfs/vol2 \ - --obs-config /etc/rustfs/obs.yaml \ - --console-enable \ - --console-address 0.0.0.0:9001 + --console-enable # 定义启动命令,运行 /usr/local/bin/rustfs,带参数: # --address 0.0.0.0:9000:服务监听所有接口的 9000 端口。 # --volumes:指定存储卷路径为 /data/rustfs/vol1 和 /data/rustfs/vol2。 -# --obs-config:指定配置文件路径为 /etc/rustfs/obs.yaml。 # --console-enable:启用控制台功能。 -# --console-address 0.0.0.0:9001:控制台监听所有接口的 9001 端口。 # 定义环境变量配置,用于传递给服务程序,推荐使用且简洁 # rustfs 示例文件 详见: `../config/rustfs-zh.env` diff --git a/deploy/build/rustfs.run-zh.md b/deploy/build/rustfs.run-zh.md index 879b5b06..9d70eaf8 100644 --- a/deploy/build/rustfs.run-zh.md +++ b/deploy/build/rustfs.run-zh.md @@ -83,7 +83,6 @@ sudo journalctl -u rustfs --since today ```bash # 检查服务端口 ss -tunlp | grep 9000 -ss -tunlp | grep 9001 # 测试服务可用性 curl -I http://localhost:9000 diff --git a/deploy/build/rustfs.run.md b/deploy/build/rustfs.run.md index 1324a02c..fa1fc36b 100644 --- a/deploy/build/rustfs.run.md +++ b/deploy/build/rustfs.run.md @@ -83,7 +83,6 @@ sudo journalctl -u rustfs --since today ```bash # Check service ports ss -tunlp | grep 9000 -ss -tunlp | grep 9001 # Test service availability curl -I http://localhost:9000 diff --git a/deploy/build/rustfs.service b/deploy/build/rustfs.service index 41871ead..ed8cfe60 100644 --- a/deploy/build/rustfs.service +++ b/deploy/build/rustfs.service @@ -22,9 +22,7 @@ Environment=RUSTFS_SECRET_KEY=rustfsadmin ExecStart=/usr/local/bin/rustfs \ --address 0.0.0.0:9000 \ --volumes /data/rustfs/vol1,/data/rustfs/vol2 \ - --obs-config /etc/rustfs/obs.yaml \ - --console-enable \ - --console-address 0.0.0.0:9001 + --console-enable # environment variable configuration (Option 2: Use environment variables) # rustfs example file see: `../config/rustfs.env` diff --git a/deploy/certs/README.md b/deploy/certs/README.md index e36d188b..6ca7f020 100644 --- a/deploy/certs/README.md +++ b/deploy/certs/README.md @@ -36,13 +36,13 @@ cd deploy/certs/ ls -la ├── rustfs_cert.pem // Default|fallback certificate ├── rustfs_key.pem // Default|fallback private key - ├── example.com/ // certificate directory of specific domain names + ├── rustfs.com/ // certificate directory of specific domain names │ ├── rustfs_cert.pem │ └── rustfs_key.pem - ├── api.example.com/ + ├── api.rustfs.com/ │ ├── rustfs_cert.pem │ └── rustfs_key.pem - └── cdn.example.com/ + └── cdn.rustfs.com/ ├── rustfs_cert.pem └── rustfs_key.pem ``` \ No newline at end of file diff --git a/deploy/config/rustfs-zh.env b/deploy/config/rustfs-zh.env index 6be1c043..65923b07 100644 --- a/deploy/config/rustfs-zh.env +++ b/deploy/config/rustfs-zh.env @@ -7,22 +7,16 @@ RUSTFS_ROOT_PASSWORD=rustfsadmin # RustFS 数据卷存储路径,支持多卷配置,vol1 到 vol4 RUSTFS_VOLUMES="./deploy/deploy/vol{1...4}" # RustFS 服务启动参数,指定监听地址和端口 -RUSTFS_OPTS="--address 0.0.0.0:9000" +RUSTFS_OPTS="--address :9000" # RustFS 服务监听地址和端口 -RUSTFS_ADDRESS="0.0.0.0:9000" +RUSTFS_ADDRESS=":9000" # 是否启用 RustFS 控制台功能 RUSTFS_CONSOLE_ENABLE=true -# RustFS 控制台监听地址和端口 -RUSTFS_CONSOLE_ADDRESS="0.0.0.0:9001" -# RustFS 服务端点地址,用于客户端访问 -RUSTFS_SERVER_ENDPOINT="http://127.0.0.1:9000" # RustFS 服务域名配置 -RUSTFS_SERVER_DOMAINS=127.0.0.1:9001 +RUSTFS_SERVER_DOMAINS=127.0.0.1:9000 # RustFS 许可证内容 RUSTFS_LICENSE="license content" # 可观测性配置Endpoint:http://localhost:4317 RUSTFS_OBS_ENDPOINT=http://localhost:4317 # TLS 证书目录路径:deploy/certs -RUSTFS_TLS_PATH=/etc/default/tls -# 事件通知配置文件路径:deploy/config/event.example.toml -RUSTFS_EVENT_CONFIG=/etc/default/event.toml \ No newline at end of file +RUSTFS_TLS_PATH=/etc/default/tls \ No newline at end of file diff --git a/deploy/config/rustfs.env b/deploy/config/rustfs.env index c3961f9a..3fe0a2cd 100644 --- a/deploy/config/rustfs.env +++ b/deploy/config/rustfs.env @@ -7,22 +7,16 @@ RUSTFS_ROOT_PASSWORD=rustfsadmin # RustFS data volume storage paths, supports multiple volumes from vol1 to vol4 RUSTFS_VOLUMES="./deploy/deploy/vol{1...4}" # RustFS service startup parameters, specifying listen address and port -RUSTFS_OPTS="--address 0.0.0.0:9000" +RUSTFS_OPTS="--address :9000" # RustFS service listen address and port -RUSTFS_ADDRESS="0.0.0.0:9000" +RUSTFS_ADDRESS=":9000" # Enable RustFS console functionality RUSTFS_CONSOLE_ENABLE=true -# RustFS console listen address and port -RUSTFS_CONSOLE_ADDRESS="0.0.0.0:9001" -# RustFS service endpoint for client access -RUSTFS_SERVER_ENDPOINT="http://127.0.0.1:9000" # RustFS service domain configuration -RUSTFS_SERVER_DOMAINS=127.0.0.1:9001 +RUSTFS_SERVER_DOMAINS=127.0.0.1:9000 # RustFS license content RUSTFS_LICENSE="license content" # Observability configuration endpoint: RUSTFS_OBS_ENDPOINT RUSTFS_OBS_ENDPOINT=http://localhost:4317 # TLS certificates directory path: deploy/certs -RUSTFS_TLS_PATH=/etc/default/tls -# event notification configuration file path: deploy/config/event.example.toml -RUSTFS_EVENT_CONFIG=/etc/default/event.toml \ No newline at end of file +RUSTFS_TLS_PATH=/etc/default/tls \ No newline at end of file diff --git a/docker-compose-obs.yaml b/docker-compose-obs.yaml index e546a004..e6c4ac21 100644 --- a/docker-compose-obs.yaml +++ b/docker-compose-obs.yaml @@ -14,7 +14,7 @@ services: otel-collector: - image: ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-contrib:0.127.0 + image: otel/opentelemetry-collector-contrib:0.129.1 environment: - TZ=Asia/Shanghai volumes: @@ -30,7 +30,7 @@ services: networks: - rustfs-network jaeger: - image: jaegertracing/jaeger:2.6.0 + image: jaegertracing/jaeger:2.8.0 environment: - TZ=Asia/Shanghai ports: @@ -40,7 +40,7 @@ services: networks: - rustfs-network prometheus: - image: prom/prometheus:v3.4.1 + image: prom/prometheus:v3.4.2 environment: - TZ=Asia/Shanghai volumes: @@ -61,7 +61,7 @@ services: networks: - rustfs-network grafana: - image: grafana/grafana:12.0.1 + image: grafana/grafana:12.0.2 ports: - "3000:3000" # Web UI environment: @@ -79,13 +79,11 @@ services: - RUSTFS_VOLUMES=http://node{1...4}:9000/root/data/target/volume/test{1...4} - RUSTFS_ADDRESS=:9000 - RUSTFS_CONSOLE_ENABLE=true - - RUSTFS_OBS_CONFIG=/etc/observability/config/obs-multi.toml + - RUSTFS_OBS_ENDPOINT=http://otel-collector:4317 + - RUSTFS_OBS_LOGGER_LEVEL=debug platform: linux/amd64 ports: - "9001:9000" # Map port 9001 of the host to port 9000 of the container - volumes: - # - ./data:/root/data # Mount the current path to /root/data in the container - - ./.docker/observability/config:/etc/observability/config networks: - rustfs-network @@ -98,13 +96,11 @@ services: - RUSTFS_VOLUMES=http://node{1...4}:9000/root/data/target/volume/test{1...4} - RUSTFS_ADDRESS=:9000 - RUSTFS_CONSOLE_ENABLE=true - - RUSTFS_OBS_CONFIG=/etc/observability/config/obs-multi.toml + - RUSTFS_OBS_ENDPOINT=http://otel-collector:4317 + - RUSTFS_OBS_LOGGER_LEVEL=debug platform: linux/amd64 ports: - "9002:9000" # Map port 9002 of the host to port 9000 of the container - volumes: - # - ./data:/root/data - - ./.docker/observability/config:/etc/observability/config networks: - rustfs-network @@ -117,13 +113,11 @@ services: - RUSTFS_VOLUMES=http://node{1...4}:9000/root/data/target/volume/test{1...4} - RUSTFS_ADDRESS=:9000 - RUSTFS_CONSOLE_ENABLE=true - - RUSTFS_OBS_CONFIG=/etc/observability/config/obs-multi.toml + - RUSTFS_OBS_ENDPOINT=http://otel-collector:4317 + - RUSTFS_OBS_LOGGER_LEVEL=debug platform: linux/amd64 ports: - "9003:9000" # Map port 9003 of the host to port 9000 of the container - volumes: - # - ./data:/root/data - - ./.docker/observability/config:/etc/observability/config networks: - rustfs-network @@ -136,13 +130,11 @@ services: - RUSTFS_VOLUMES=http://node{1...4}:9000/root/data/target/volume/test{1...4} - RUSTFS_ADDRESS=:9000 - RUSTFS_CONSOLE_ENABLE=true - - RUSTFS_OBS_CONFIG=/etc/observability/config/obs-multi.toml + - RUSTFS_OBS_ENDPOINT=http://otel-collector:4317 + - RUSTFS_OBS_LOGGER_LEVEL=debug platform: linux/amd64 ports: - "9004:9000" # Map port 9004 of the host to port 9000 of the container - volumes: - # - ./data:/root/data - - ./.docker/observability/config:/etc/observability/config networks: - rustfs-network diff --git a/docs/docker-build.md b/docs/docker-build.md deleted file mode 100644 index ce016ff9..00000000 --- a/docs/docker-build.md +++ /dev/null @@ -1,530 +0,0 @@ -# RustFS Docker Build and Deployment Guide - -This document describes how to build and deploy RustFS using Docker, including the automated GitHub Actions workflow for building and pushing images to Docker Hub and GitHub Container Registry. - -## 🚀 Quick Start - -### Using Pre-built Images - -```bash -# Pull and run the latest RustFS image -docker run -d \ - --name rustfs \ - -p 9000:9000 \ - -p 9001:9001 \ - -v rustfs_data:/data \ - -e RUSTFS_VOLUMES=/data/rustfs0,/data/rustfs1,/data/rustfs2,/data/rustfs3 \ - -e RUSTFS_ACCESS_KEY=rustfsadmin \ - -e RUSTFS_SECRET_KEY=rustfsadmin \ - -e RUSTFS_CONSOLE_ENABLE=true \ - rustfs/rustfs:latest -``` - -### Using Docker Compose - -```bash -# Basic deployment -docker-compose up -d - -# Development environment -docker-compose --profile dev up -d - -# With observability stack -docker-compose --profile observability up -d - -# Full stack with all services -docker-compose --profile dev --profile observability --profile testing up -d -``` - -## 📦 Available Images - -Our GitHub Actions workflow builds multiple image variants: - -### Image Registries - -- **Docker Hub**: `rustfs/rustfs` -- **GitHub Container Registry**: `ghcr.io/rustfs/s3-rustfs` - -### Image Variants - -| Variant | Tag Suffix | Description | Use Case | -|---------|------------|-------------|----------| -| Production | *(none)* | Minimal Ubuntu-based runtime | Production deployment | -| Ubuntu | `-ubuntu22.04` | Ubuntu 22.04 based build environment | Development/Testing | -| Rocky Linux | `-rockylinux9.3` | Rocky Linux 9.3 based build environment | Enterprise environments | -| Development | `-devenv` | Full development environment | Development/Debugging | - -### Supported Architectures - -All images support multi-architecture: -- `linux/amd64` (x86_64-unknown-linux-musl) -- `linux/arm64` (aarch64-unknown-linux-gnu) - -### Tag Examples - -```bash -# Latest production image -rustfs/rustfs:latest -rustfs/rustfs:main - -# Specific version -rustfs/rustfs:v1.0.0 -rustfs/rustfs:v1.0.0-ubuntu22.04 - -# Development environment -rustfs/rustfs:latest-devenv -rustfs/rustfs:main-devenv -``` - -## 🔧 GitHub Actions Workflow - -The Docker build workflow (`.github/workflows/docker.yml`) automatically: - -1. **Builds cross-platform binaries** for `amd64` and `arm64` -2. **Creates Docker images** for all variants -3. **Pushes to registries** (Docker Hub and GitHub Container Registry) -4. **Creates multi-arch manifests** for seamless platform selection -5. **Performs security scanning** using Trivy - -### Cross-Compilation Strategy - -To handle complex native dependencies, we use different compilation strategies: - -- **x86_64**: Native compilation with `x86_64-unknown-linux-musl` for static linking -- **aarch64**: Cross-compilation with `aarch64-unknown-linux-gnu` using the `cross` tool - -This approach ensures compatibility with various C libraries while maintaining performance. - -### Workflow Triggers - -- **Push to main branch**: Builds and pushes `main` and `latest` tags -- **Tag push** (`v*`): Builds and pushes version tags -- **Pull requests**: Builds images without pushing -- **Manual trigger**: Workflow dispatch with options - -### Required Secrets - -Configure these secrets in your GitHub repository: - -```bash -# Docker Hub credentials -DOCKERHUB_USERNAME=your-dockerhub-username -DOCKERHUB_TOKEN=your-dockerhub-access-token - -# GitHub token is automatically available -GITHUB_TOKEN=automatically-provided -``` - -## 🏗️ Building Locally - -### Prerequisites - -- Docker with BuildKit enabled -- Rust toolchain (1.85+) -- Protocol Buffers compiler (protoc 31.1+) -- FlatBuffers compiler (flatc 25.2.10+) -- `cross` tool for ARM64 compilation - -### Installation Commands - -```bash -# Install Rust targets -rustup target add x86_64-unknown-linux-musl -rustup target add aarch64-unknown-linux-gnu - -# Install cross for ARM64 compilation -cargo install cross --git https://github.com/cross-rs/cross - -# Install protoc (macOS) -brew install protobuf - -# Install protoc (Ubuntu) -sudo apt-get install protobuf-compiler - -# Install flatc -# Download from: https://github.com/google/flatbuffers/releases -``` - -### Build Commands - -```bash -# Test cross-compilation setup -./scripts/test-cross-build.sh - -# Build production image for local platform -docker build -t rustfs:local . - -# Build multi-stage production image -docker build -f Dockerfile.multi-stage -t rustfs:multi-stage . - -# Build specific variant -docker build -f .docker/Dockerfile.ubuntu22.04 -t rustfs:ubuntu . - -# Build for specific platform -docker build --platform linux/amd64 -t rustfs:amd64 . -docker build --platform linux/arm64 -t rustfs:arm64 . - -# Build multi-platform image -docker buildx build --platform linux/amd64,linux/arm64 -t rustfs:multi . -``` - -### Cross-Compilation - -```bash -# Generate protobuf code first -cargo run --bin gproto - -# Native x86_64 build -cargo build --release --target x86_64-unknown-linux-musl --bin rustfs - -# Cross-compile for ARM64 -cross build --release --target aarch64-unknown-linux-gnu --bin rustfs -``` - -### Build with Docker Compose - -```bash -# Build all services -docker-compose build - -# Build specific service -docker-compose build rustfs - -# Build development environment -docker-compose build rustfs-dev -``` - -## 🚀 Deployment Options - -### 1. Single Container - -```bash -docker run -d \ - --name rustfs \ - --restart unless-stopped \ - -p 9000:9000 \ - -p 9001:9001 \ - -v /data/rustfs:/data \ - -e RUSTFS_VOLUMES=/data/rustfs0,/data/rustfs1,/data/rustfs2,/data/rustfs3 \ - -e RUSTFS_ADDRESS=0.0.0.0:9000 \ - -e RUSTFS_CONSOLE_ENABLE=true \ - -e RUSTFS_CONSOLE_ADDRESS=0.0.0.0:9001 \ - -e RUSTFS_ACCESS_KEY=rustfsadmin \ - -e RUSTFS_SECRET_KEY=rustfsadmin \ - rustfs/rustfs:latest -``` - -### 2. Docker Compose Profiles - -```bash -# Production deployment -docker-compose up -d - -# Development with debugging -docker-compose --profile dev up -d - -# With monitoring stack -docker-compose --profile observability up -d - -# Complete testing environment -docker-compose --profile dev --profile observability --profile testing up -d -``` - -### 3. Kubernetes Deployment - -```yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: rustfs -spec: - replicas: 3 - selector: - matchLabels: - app: rustfs - template: - metadata: - labels: - app: rustfs - spec: - containers: - - name: rustfs - image: rustfs/rustfs:latest - ports: - - containerPort: 9000 - - containerPort: 9001 - env: - - name: RUSTFS_VOLUMES - value: "/data/rustfs0,/data/rustfs1,/data/rustfs2,/data/rustfs3" - - name: RUSTFS_ADDRESS - value: "0.0.0.0:9000" - - name: RUSTFS_CONSOLE_ENABLE - value: "true" - - name: RUSTFS_CONSOLE_ADDRESS - value: "0.0.0.0:9001" - volumeMounts: - - name: data - mountPath: /data - volumes: - - name: data - persistentVolumeClaim: - claimName: rustfs-data -``` - -## ⚙️ Configuration - -### Environment Variables - -| Variable | Description | Default | -|----------|-------------|---------| -| `RUSTFS_VOLUMES` | Comma-separated list of data volumes | Required | -| `RUSTFS_ADDRESS` | Server bind address | `0.0.0.0:9000` | -| `RUSTFS_CONSOLE_ENABLE` | Enable web console | `false` | -| `RUSTFS_CONSOLE_ADDRESS` | Console bind address | `0.0.0.0:9001` | -| `RUSTFS_ACCESS_KEY` | S3 access key | `rustfsadmin` | -| `RUSTFS_SECRET_KEY` | S3 secret key | `rustfsadmin` | -| `RUSTFS_LOG_LEVEL` | Log level | `info` | -| `RUSTFS_OBS_ENDPOINT` | Observability endpoint | `""` | -| `RUSTFS_TLS_PATH` | TLS certificates path | `""` | - -### Volume Mounts - -- **Data volumes**: `/data/rustfs{0,1,2,3}` - RustFS data storage -- **Logs**: `/app/logs` - Application logs -- **Config**: `/etc/rustfs/` - Configuration files -- **TLS**: `/etc/ssl/rustfs/` - TLS certificates - -### Ports - -- **9000**: S3 API endpoint -- **9001**: Web console (if enabled) -- **9002**: Admin API (if enabled) -- **50051**: gRPC API (if enabled) - -## 🔍 Monitoring and Observability - -### Health Checks - -The Docker images include built-in health checks: - -```bash -# Check container health -docker ps --filter "name=rustfs" --format "table {{.Names}}\t{{.Status}}" - -# View health check logs -docker inspect rustfs --format='{{json .State.Health}}' -``` - -### Metrics and Tracing - -When using the observability profile: - -- **Prometheus**: http://localhost:9090 -- **Grafana**: http://localhost:3000 (admin/admin) -- **Jaeger**: http://localhost:16686 -- **OpenTelemetry Collector**: http://localhost:8888/metrics - -### Log Collection - -```bash -# View container logs -docker logs rustfs -f - -# Export logs -docker logs rustfs > rustfs.log 2>&1 -``` - -## 🛠️ Development - -### Development Environment - -```bash -# Start development container -docker-compose --profile dev up -d rustfs-dev - -# Access development container -docker exec -it rustfs-dev bash - -# Mount source code for live development -docker run -it --rm \ - -v $(pwd):/root/s3-rustfs \ - -p 9000:9000 \ - rustfs/rustfs:devenv \ - bash -``` - -### Building from Source in Container - -```bash -# Use development image for building -docker run --rm \ - -v $(pwd):/root/s3-rustfs \ - -w /root/s3-rustfs \ - rustfs/rustfs:ubuntu22.04 \ - cargo build --release --bin rustfs -``` - -### Testing Cross-Compilation - -```bash -# Run the test script to verify cross-compilation setup -./scripts/test-cross-build.sh - -# This will test: -# - x86_64-unknown-linux-musl compilation -# - aarch64-unknown-linux-gnu cross-compilation -# - Docker builds for both architectures -``` - -## 🔐 Security - -### Security Scanning - -The workflow includes Trivy security scanning: - -```bash -# Run security scan locally -docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \ - -v $HOME/Library/Caches:/root/.cache/ \ - aquasec/trivy:latest image rustfs/rustfs:latest -``` - -### Security Best Practices - -1. **Use non-root user**: Images run as `rustfs` user (UID 1000) -2. **Minimal base images**: Ubuntu minimal for production -3. **Security updates**: Regular base image updates -4. **Secret management**: Use Docker secrets or environment files -5. **Network security**: Use Docker networks and proper firewall rules - -## 📝 Troubleshooting - -### Common Issues - -#### 1. Cross-Compilation Failures - -**Problem**: ARM64 build fails with linking errors -```bash -error: linking with `aarch64-linux-gnu-gcc` failed -``` - -**Solution**: Use the `cross` tool instead of native cross-compilation: -```bash -# Install cross tool -cargo install cross --git https://github.com/cross-rs/cross - -# Use cross for ARM64 builds -cross build --release --target aarch64-unknown-linux-gnu --bin rustfs -``` - -#### 2. Protobuf Generation Issues - -**Problem**: Missing protobuf definitions -```bash -error: failed to run custom build command for `protos` -``` - -**Solution**: Generate protobuf code first: -```bash -cargo run --bin gproto -``` - -#### 3. Docker Build Failures - -**Problem**: Binary not found in Docker build -```bash -COPY failed: file not found in build context -``` - -**Solution**: Ensure binaries are built before Docker build: -```bash -# Build binaries first -cargo build --release --target x86_64-unknown-linux-musl --bin rustfs -cross build --release --target aarch64-unknown-linux-gnu --bin rustfs - -# Then build Docker image -docker build . -``` - -### Debug Commands - -```bash -# Check container status -docker ps -a - -# View container logs -docker logs rustfs --tail 100 - -# Access container shell -docker exec -it rustfs bash - -# Check resource usage -docker stats rustfs - -# Inspect container configuration -docker inspect rustfs - -# Test cross-compilation setup -./scripts/test-cross-build.sh -``` - -## 🔄 CI/CD Integration - -### GitHub Actions - -The provided workflow can be customized: - -```yaml -# Override image names -env: - REGISTRY_IMAGE_DOCKERHUB: myorg/rustfs - REGISTRY_IMAGE_GHCR: ghcr.io/myorg/rustfs -``` - -### GitLab CI - -```yaml -build: - stage: build - image: docker:latest - services: - - docker:dind - script: - - docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA . - - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA -``` - -### Jenkins Pipeline - -```groovy -pipeline { - agent any - stages { - stage('Build') { - steps { - script { - docker.build("rustfs:${env.BUILD_ID}") - } - } - } - stage('Push') { - steps { - script { - docker.withRegistry('https://registry.hub.docker.com', 'dockerhub-credentials') { - docker.image("rustfs:${env.BUILD_ID}").push() - } - } - } - } - } -} -``` - -## 📚 Additional Resources - -- [Docker Official Documentation](https://docs.docker.com/) -- [Docker Compose Reference](https://docs.docker.com/compose/) -- [GitHub Actions Documentation](https://docs.github.com/en/actions) -- [Cross-compilation with Rust](https://rust-lang.github.io/rustup/cross-compilation.html) -- [Cross tool documentation](https://github.com/cross-rs/cross) -- [RustFS Configuration Guide](../README.md)