Merge pull request #2735 from cbackas/master
Support EC2 instance metadata for S3 storage provider
This commit is contained in:
Slavi Pantaleev
GitHub
@@ -30,13 +30,23 @@ After [creating the S3 bucket and configuring it](configuring-playbook-s3.md#buc
|
||||
|
||||
```yaml
|
||||
matrix_synapse_ext_synapse_s3_storage_provider_enabled: true
|
||||
|
||||
matrix_synapse_ext_synapse_s3_storage_provider_config_bucket: your-bucket-name
|
||||
matrix_synapse_ext_synapse_s3_storage_provider_config_region_name: some-region-name # e.g. eu-central-1
|
||||
matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url: https://s3.REGION_NAME.amazonaws.com # adjust this
|
||||
matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id: access-key-goes-here
|
||||
matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key: secret-key-goes-here
|
||||
matrix_synapse_ext_synapse_s3_storage_provider_config_storage_class: STANDARD # or STANDARD_IA, etc.
|
||||
|
||||
# Authentication Method 1 - (access key id + secret)
|
||||
# This works on all providers (AWS and other compatible systems).
|
||||
# Uncomment the variables below to use it.
|
||||
# matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id: access-key-goes-here
|
||||
# matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key: secret-key-goes-here
|
||||
|
||||
# Authentication Method 2 - EC2 instance profile which grants permission to access S3
|
||||
# This only works on AWS when your server is hosted on an EC2 instance with the correct instance profile set.
|
||||
# Uncomment the variable below to use it.
|
||||
# matrix_synapse_ext_synapse_s3_storage_provider_config_ec2_instance_profile: true
|
||||
|
||||
# For additional advanced settings, take a look at `roles/custom/matrix-synapse/defaults/main.yml`
|
||||
```
|
||||
|
||||
|
||||
@@ -885,6 +885,9 @@ matrix_synapse_ext_synapse_s3_storage_provider_config_region_name: ''
|
||||
matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url: ''
|
||||
matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id: ''
|
||||
matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key: ''
|
||||
# Enable this to use EC2 instance profile metadata to grab IAM credentials instead of passing credentials directly
|
||||
# via matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id and matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key
|
||||
matrix_synapse_ext_synapse_s3_storage_provider_config_ec2_instance_profile: false
|
||||
matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_enabled: false
|
||||
matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_key: ''
|
||||
matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_algo: 'AES256'
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
---
|
||||
|
||||
- name: Fail if required s3-storage-provider settings not defined
|
||||
ansible.builtin.fail:
|
||||
msg: >-
|
||||
@@ -8,9 +7,16 @@
|
||||
with_items:
|
||||
- "matrix_synapse_ext_synapse_s3_storage_provider_config_bucket"
|
||||
- "matrix_synapse_ext_synapse_s3_storage_provider_config_region_name"
|
||||
- "matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url"
|
||||
|
||||
- name: Fail if required s3-storage-provider auth settings not defined when not using an EC2 profile
|
||||
ansible.builtin.fail:
|
||||
msg: >-
|
||||
You need to define a required configuration setting (`{{ item }}`) for using s3-storage-provider.
|
||||
when: "not matrix_synapse_ext_synapse_s3_storage_provider_config_ec2_instance_profile | bool and vars[item] == ''"
|
||||
with_items:
|
||||
- "matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id"
|
||||
- "matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key"
|
||||
- "matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url"
|
||||
|
||||
- name: Fail if required matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url looks invalid
|
||||
ansible.builtin.fail:
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
{% if not matrix_synapse_ext_synapse_s3_storage_provider_config_ec2_instance_profile | bool %}
|
||||
AWS_ACCESS_KEY_ID={{ matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id }}
|
||||
AWS_SECRET_ACCESS_KEY={{ matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key }}
|
||||
{% endif %}
|
||||
AWS_DEFAULT_REGION={{ matrix_synapse_ext_synapse_s3_storage_provider_config_region_name }}
|
||||
|
||||
ENDPOINT={{ matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url }}
|
||||
|
||||
@@ -6,8 +6,10 @@ config:
|
||||
bucket: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_bucket | to_json }}
|
||||
region_name: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_region_name | to_json }}
|
||||
endpoint_url: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url | to_json }}
|
||||
{% if not matrix_synapse_ext_synapse_s3_storage_provider_config_ec2_instance_profile | bool %}
|
||||
access_key_id: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id | to_json }}
|
||||
secret_access_key: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key | to_json }}
|
||||
{% endif %}
|
||||
|
||||
{% if matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_enabled %}
|
||||
sse_customer_key: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_key | to_json }}
|
||||
|
||||
Reference in New Issue
Block a user