From bd61598faf37246022d073fdb91f3f546f48f3b9 Mon Sep 17 00:00:00 2001 From: Horvath Gergely Date: Sat, 18 Apr 2020 22:55:19 +0200 Subject: [PATCH 1/5] add experimental(?) architecture support for arm32 and arm64 the changes are necessary because certbot images are tagged, so docker does not recognize the necessary architecture --- docs/alternative-architectures.md | 16 ++++++++++++ group_vars/matrix_servers | 30 +++++++++++++++++----- roles/matrix-nginx-proxy/defaults/main.yml | 4 ++- 3 files changed, 42 insertions(+), 8 deletions(-) create mode 100644 docs/alternative-architectures.md diff --git a/docs/alternative-architectures.md b/docs/alternative-architectures.md new file mode 100644 index 000000000..a469e4220 --- /dev/null +++ b/docs/alternative-architectures.md @@ -0,0 +1,16 @@ +# Alternative architectures +As stated in the [Prerequisites](prerequisites.md), currently only x86_64 is supported. However, it is possible to set the target architecture, and some tools can be built on the host or other measures can be used. + +To that end add the following variable to your `vars.yaml` file: +``` +matrix_architecture = +``` +Currently supported architectures are the following: +- `amd64` (the default) +- `arm64` +- `arm32` + +On most roles self-building is used if the architecture is not `amd64`. Special cases: +- matrix-bridge-mautrix-facebook: there is built docker image for arm64 as well, +- matrix-bridge-mautrix-hangouts: there is built docker image for arm64 as well, +- matrix-nginx-proxy: Certbot has docker image for both arm32 and arm64, however tagging is used, which requires special handling. diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index e80d55c35..524c11cd0 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -26,6 +26,20 @@ matrix_riot_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matrix_jitsi_e # ###################################################################### +###################################################################### +# +# matrix-architecture +# +###################################################################### + +matrix_architecture: "amd64" + +###################################################################### +# +# /matrix-architecture +# +###################################################################### + ###################################################################### # @@ -174,7 +188,7 @@ matrix_appservice_irc_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | # We don't enable bridges by default. matrix_mautrix_facebook_enabled: false -matrix_mautrix_facebook_container_image_self_build: "{{ matrix_container_images_self_build }}" +matrix_mautrix_facebook_container_image_self_build: "{{ (matrix_architecture != 'amd64') and (matrix_architecture != 'arm64') }}" matrix_mautrix_facebook_systemd_required_services_list: | {{ @@ -205,7 +219,7 @@ matrix_mautrix_facebook_login_shared_secret: "{{ matrix_synapse_ext_password_pro # We don't enable bridges by default. matrix_mautrix_hangouts_enabled: false -matrix_mautrix_hangouts_container_image_self_build: "{{ matrix_container_images_self_build }}" +matrix_mautrix_hangouts_container_image_self_build: "{{ (matrix_architecture != 'amd64') and (matrix_architecture != 'arm64') }}" matrix_mautrix_hangouts_systemd_required_services_list: | {{ @@ -301,7 +315,7 @@ matrix_mautrix_whatsapp_login_shared_secret: "{{ matrix_synapse_ext_password_pro # We don't enable bridges by default. matrix_mx_puppet_skype_enabled: false -matrix_mx_puppet_skype_container_image_self_build: "{{ matrix_container_images_self_build }}" +matrix_mx_puppet_skype_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" matrix_mx_puppet_skype_systemd_required_services_list: | {{ @@ -366,7 +380,7 @@ matrix_corporal_matrix_registration_shared_secret: "{{ matrix_synapse_registrati matrix_coturn_enabled: true -matrix_coturn_container_image_self_build: "{{ matrix_container_images_self_build }}" +matrix_coturn_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" matrix_coturn_turn_external_ip_address: "{{ ansible_host }}" @@ -489,7 +503,7 @@ matrix_mailer_enabled: true # If you wish to use the public identity servers (matrix.org, vector.im) instead of your own you may wish to disable this. matrix_ma1sd_enabled: true -matrix_ma1sd_container_image_self_build: "{{ matrix_container_images_self_build }}" +matrix_ma1sd_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" # Normally, matrix-nginx-proxy is enabled and nginx can reach ma1sd over the container network. # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose @@ -599,6 +613,8 @@ matrix_ssl_domains_to_obtain_certificates_for: | ([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else []) }} +matrix_ssl_architecture: "{{ matrix_architecture }}" + ###################################################################### # # /matrix-nginx-proxy @@ -638,7 +654,7 @@ matrix_postgres_db_name: "homeserver" # If you wish to connect to your Matrix server by other means, you may wish to disable this. matrix_riot_web_enabled: true -matrix_riot_web_container_image_self_build: "{{ matrix_container_images_self_build }}" +matrix_riot_web_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" # Normally, matrix-nginx-proxy is enabled and nginx can reach riot-web over the container network. # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose @@ -683,7 +699,7 @@ matrix_riot_web_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matrix_jit # ###################################################################### -matrix_synapse_container_image_self_build: "{{ matrix_container_images_self_build }}" +matrix_synapse_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" # When ma1sd is enabled, we can use it instead of the default public Identity servers. matrix_synapse_trusted_third_party_id_servers: "{{ [matrix_server_fqn_matrix] if matrix_ma1sd_enabled else matrix_synapse_id_servers_public }}" diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 12d314f5b..35c6adfcd 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -213,12 +213,14 @@ matrix_nginx_proxy_self_check_well_known_matrix_client_follow_redirects: none # plain HTTP traffic only (usually, on the loopback interface only) and you'd be terminating SSL using another reverse-proxy. matrix_ssl_retrieval_method: "lets-encrypt" +matrix_ssl_architecture: "amd64" + # The list of domains that this role will obtain certificates for. matrix_ssl_domains_to_obtain_certificates_for: [] # Controls whether to obtain production or staging certificates from Let's Encrypt. matrix_ssl_lets_encrypt_staging: false -matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:v1.3.0" +matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:{{ matrix_ssl_architecture }}-v1.3.0" matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}" matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402 matrix_ssl_lets_encrypt_support_email: ~ From b5844d2395f9d55afe83bd963f768055f06dbd96 Mon Sep 17 00:00:00 2001 From: Horvath Gergely Date: Sun, 19 Apr 2020 13:31:36 +0200 Subject: [PATCH 2/5] shortening line based on @spantaleev 's comment --- group_vars/matrix_servers | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 524c11cd0..517c299f3 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -188,7 +188,7 @@ matrix_appservice_irc_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | # We don't enable bridges by default. matrix_mautrix_facebook_enabled: false -matrix_mautrix_facebook_container_image_self_build: "{{ (matrix_architecture != 'amd64') and (matrix_architecture != 'arm64') }}" +matrix_mautrix_facebook_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" matrix_mautrix_facebook_systemd_required_services_list: | {{ @@ -219,7 +219,7 @@ matrix_mautrix_facebook_login_shared_secret: "{{ matrix_synapse_ext_password_pro # We don't enable bridges by default. matrix_mautrix_hangouts_enabled: false -matrix_mautrix_hangouts_container_image_self_build: "{{ (matrix_architecture != 'amd64') and (matrix_architecture != 'arm64') }}" +matrix_mautrix_hangouts_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" matrix_mautrix_hangouts_systemd_required_services_list: | {{ From 7dba695713fd1855d0b3d13a7f905259996398eb Mon Sep 17 00:00:00 2001 From: Horvath Gergely Date: Sun, 19 Apr 2020 13:32:27 +0200 Subject: [PATCH 3/5] clarification for the list of implementation details --- docs/alternative-architectures.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/alternative-architectures.md b/docs/alternative-architectures.md index a469e4220..5fb0c8ead 100644 --- a/docs/alternative-architectures.md +++ b/docs/alternative-architectures.md @@ -10,7 +10,10 @@ Currently supported architectures are the following: - `arm64` - `arm32` -On most roles self-building is used if the architecture is not `amd64`. Special cases: +## Implementation details +This subsection is used for a reminder, how the different roles implement architecture differenes. This is **not** aimed at the users, so one does not have to do anything based on this subsection. + +On most roles self-building is used if the architecture is not `amd64`, however there are some special cases: - matrix-bridge-mautrix-facebook: there is built docker image for arm64 as well, - matrix-bridge-mautrix-hangouts: there is built docker image for arm64 as well, - matrix-nginx-proxy: Certbot has docker image for both arm32 and arm64, however tagging is used, which requires special handling. From 441278412b4839a70f500a053c0137bc0de08c8e Mon Sep 17 00:00:00 2001 From: Horvath Gergely Date: Sun, 19 Apr 2020 13:51:26 +0200 Subject: [PATCH 4/5] add explicit information for the Rapsberry pi --- docs/alternative-architectures.md | 5 +++++ docs/prerequisites.md | 2 +- docs/self-building.md | 2 ++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/docs/alternative-architectures.md b/docs/alternative-architectures.md index 5fb0c8ead..b38f1cdc5 100644 --- a/docs/alternative-architectures.md +++ b/docs/alternative-architectures.md @@ -10,6 +10,11 @@ Currently supported architectures are the following: - `arm64` - `arm32` +so for the Raspberry Pi the following should be in your `vars.yaml` file: +``` +matrix_architecture = "arm32" +``` + ## Implementation details This subsection is used for a reminder, how the different roles implement architecture differenes. This is **not** aimed at the users, so one does not have to do anything based on this subsection. diff --git a/docs/prerequisites.md b/docs/prerequisites.md index 6b66c3d33..9a26d7698 100644 --- a/docs/prerequisites.md +++ b/docs/prerequisites.md @@ -1,6 +1,6 @@ # Prerequisites -- An x86 server running **CentOS** (7 only for now; [8 is not yet supported](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/300)), **Debian** (9/Stretch+), **Ubuntu** (16.04+), or **Archlinux**. This playbook doesn't support running on ARM ([see](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/299)), however a minimal subset of the tools can be built on the host, which may result in a working configuration, even on a Raspberry pi (see [Self-Building](self-building.md)). We only strive to support released stable versions of distributions, not betas or pre-releases. This playbook can take over your whole server or co-exist with other services that you have there. +- An x86 server running **CentOS** (7 only for now; [8 is not yet supported](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/300)), **Debian** (9/Stretch+), **Ubuntu** (16.04+), or **Archlinux**. This playbook doesn't support running on ARM ([see](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/299)), however a minimal subset of the tools can be built on the host, which may result in a working configuration, even on a Raspberry pi (see [Alternative Architectures](alternative-architectures.md)). We only strive to support released stable versions of distributions, not betas or pre-releases. This playbook can take over your whole server or co-exist with other services that you have there. - `root` access to your server (or a user capable of elevating to `root` via `sudo`). diff --git a/docs/self-building.md b/docs/self-building.md index aae31c7b9..85d098120 100644 --- a/docs/self-building.md +++ b/docs/self-building.md @@ -1,5 +1,7 @@ # Self-building +**Caution: self-building does not have to be used on its own. See the [Alternative Architectures](alternative-architectures.md) page.** + The playbook supports the self-building of some of its components. This may be useful for architectures besides x86_64, which have no Docker images right now (e g. the armv7 for the Raspberry Pi). Some playbook roles have been updated, so they build the necessary image on the host. It needs more space, as some build tools need to be present (like Java, for ma1sd). To use these modification there is a variable that needs to be switched to enable this functionality. Add this to your `vars.yaml` file: From 588e97a97c30bb26e9761ca81e5dae640ea56dae Mon Sep 17 00:00:00 2001 From: Horvath Gergely Date: Sun, 19 Apr 2020 14:02:32 +0200 Subject: [PATCH 5/5] link to self-building from implementation subsection --- docs/alternative-architectures.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/alternative-architectures.md b/docs/alternative-architectures.md index b38f1cdc5..01f6946f5 100644 --- a/docs/alternative-architectures.md +++ b/docs/alternative-architectures.md @@ -18,7 +18,7 @@ matrix_architecture = "arm32" ## Implementation details This subsection is used for a reminder, how the different roles implement architecture differenes. This is **not** aimed at the users, so one does not have to do anything based on this subsection. -On most roles self-building is used if the architecture is not `amd64`, however there are some special cases: +On most roles [self-building](self-building.md) is used if the architecture is not `amd64`, however there are some special cases: - matrix-bridge-mautrix-facebook: there is built docker image for arm64 as well, - matrix-bridge-mautrix-hangouts: there is built docker image for arm64 as well, - matrix-nginx-proxy: Certbot has docker image for both arm32 and arm64, however tagging is used, which requires special handling.