Merge pull request #463 from hooger/architecture

Architecture
This commit is contained in:
Slavi Pantaleev 2020-04-20 16:45:59 +03:00 committed by GitHub
commit 554da8338a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 53 additions and 9 deletions

View File

@ -0,0 +1,24 @@
# Alternative architectures
As stated in the [Prerequisites](prerequisites.md), currently only x86_64 is supported. However, it is possible to set the target architecture, and some tools can be built on the host or other measures can be used.
To that end add the following variable to your `vars.yaml` file:
```
matrix_architecture = <your-matrix-server-architecture>
```
Currently supported architectures are the following:
- `amd64` (the default)
- `arm64`
- `arm32`
so for the Raspberry Pi the following should be in your `vars.yaml` file:
```
matrix_architecture = "arm32"
```
## Implementation details
This subsection is used for a reminder, how the different roles implement architecture differenes. This is **not** aimed at the users, so one does not have to do anything based on this subsection.
On most roles [self-building](self-building.md) is used if the architecture is not `amd64`, however there are some special cases:
- matrix-bridge-mautrix-facebook: there is built docker image for arm64 as well,
- matrix-bridge-mautrix-hangouts: there is built docker image for arm64 as well,
- matrix-nginx-proxy: Certbot has docker image for both arm32 and arm64, however tagging is used, which requires special handling.

View File

@ -1,6 +1,6 @@
# Prerequisites # Prerequisites
- An x86 server running **CentOS** (7 only for now; [8 is not yet supported](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/300)), **Debian** (9/Stretch+), **Ubuntu** (16.04+), or **Archlinux**. This playbook doesn't support running on ARM ([see](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/299)), however a minimal subset of the tools can be built on the host, which may result in a working configuration, even on a Raspberry pi (see [Self-Building](self-building.md)). We only strive to support released stable versions of distributions, not betas or pre-releases. This playbook can take over your whole server or co-exist with other services that you have there. - An x86 server running **CentOS** (7 only for now; [8 is not yet supported](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/300)), **Debian** (9/Stretch+), **Ubuntu** (16.04+), or **Archlinux**. This playbook doesn't support running on ARM ([see](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/299)), however a minimal subset of the tools can be built on the host, which may result in a working configuration, even on a Raspberry pi (see [Alternative Architectures](alternative-architectures.md)). We only strive to support released stable versions of distributions, not betas or pre-releases. This playbook can take over your whole server or co-exist with other services that you have there.
- `root` access to your server (or a user capable of elevating to `root` via `sudo`). - `root` access to your server (or a user capable of elevating to `root` via `sudo`).

View File

@ -1,5 +1,7 @@
# Self-building # Self-building
**Caution: self-building does not have to be used on its own. See the [Alternative Architectures](alternative-architectures.md) page.**
The playbook supports the self-building of some of its components. This may be useful for architectures besides x86_64, which have no Docker images right now (e g. the armv7 for the Raspberry Pi). Some playbook roles have been updated, so they build the necessary image on the host. It needs more space, as some build tools need to be present (like Java, for ma1sd). The playbook supports the self-building of some of its components. This may be useful for architectures besides x86_64, which have no Docker images right now (e g. the armv7 for the Raspberry Pi). Some playbook roles have been updated, so they build the necessary image on the host. It needs more space, as some build tools need to be present (like Java, for ma1sd).
To use these modification there is a variable that needs to be switched to enable this functionality. Add this to your `vars.yaml` file: To use these modification there is a variable that needs to be switched to enable this functionality. Add this to your `vars.yaml` file:

View File

@ -26,6 +26,20 @@ matrix_riot_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matrix_jitsi_e
# #
###################################################################### ######################################################################
######################################################################
#
# matrix-architecture
#
######################################################################
matrix_architecture: "amd64"
######################################################################
#
# /matrix-architecture
#
######################################################################
###################################################################### ######################################################################
# #
@ -174,7 +188,7 @@ matrix_appservice_irc_homeserver_token: "{{ matrix_synapse_macaroon_secret_key |
# We don't enable bridges by default. # We don't enable bridges by default.
matrix_mautrix_facebook_enabled: false matrix_mautrix_facebook_enabled: false
matrix_mautrix_facebook_container_image_self_build: "{{ matrix_container_images_self_build }}" matrix_mautrix_facebook_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
matrix_mautrix_facebook_systemd_required_services_list: | matrix_mautrix_facebook_systemd_required_services_list: |
{{ {{
@ -205,7 +219,7 @@ matrix_mautrix_facebook_login_shared_secret: "{{ matrix_synapse_ext_password_pro
# We don't enable bridges by default. # We don't enable bridges by default.
matrix_mautrix_hangouts_enabled: false matrix_mautrix_hangouts_enabled: false
matrix_mautrix_hangouts_container_image_self_build: "{{ matrix_container_images_self_build }}" matrix_mautrix_hangouts_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
matrix_mautrix_hangouts_systemd_required_services_list: | matrix_mautrix_hangouts_systemd_required_services_list: |
{{ {{
@ -301,7 +315,7 @@ matrix_mautrix_whatsapp_login_shared_secret: "{{ matrix_synapse_ext_password_pro
# We don't enable bridges by default. # We don't enable bridges by default.
matrix_mx_puppet_skype_enabled: false matrix_mx_puppet_skype_enabled: false
matrix_mx_puppet_skype_container_image_self_build: "{{ matrix_container_images_self_build }}" matrix_mx_puppet_skype_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
matrix_mx_puppet_skype_systemd_required_services_list: | matrix_mx_puppet_skype_systemd_required_services_list: |
{{ {{
@ -366,7 +380,7 @@ matrix_corporal_matrix_registration_shared_secret: "{{ matrix_synapse_registrati
matrix_coturn_enabled: true matrix_coturn_enabled: true
matrix_coturn_container_image_self_build: "{{ matrix_container_images_self_build }}" matrix_coturn_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
matrix_coturn_turn_external_ip_address: "{{ ansible_host }}" matrix_coturn_turn_external_ip_address: "{{ ansible_host }}"
@ -489,7 +503,7 @@ matrix_mailer_enabled: true
# If you wish to use the public identity servers (matrix.org, vector.im) instead of your own you may wish to disable this. # If you wish to use the public identity servers (matrix.org, vector.im) instead of your own you may wish to disable this.
matrix_ma1sd_enabled: true matrix_ma1sd_enabled: true
matrix_ma1sd_container_image_self_build: "{{ matrix_container_images_self_build }}" matrix_ma1sd_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
# Normally, matrix-nginx-proxy is enabled and nginx can reach ma1sd over the container network. # Normally, matrix-nginx-proxy is enabled and nginx can reach ma1sd over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
@ -599,6 +613,8 @@ matrix_ssl_domains_to_obtain_certificates_for: |
([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else []) ([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else [])
}} }}
matrix_ssl_architecture: "{{ matrix_architecture }}"
###################################################################### ######################################################################
# #
# /matrix-nginx-proxy # /matrix-nginx-proxy
@ -638,7 +654,7 @@ matrix_postgres_db_name: "homeserver"
# If you wish to connect to your Matrix server by other means, you may wish to disable this. # If you wish to connect to your Matrix server by other means, you may wish to disable this.
matrix_riot_web_enabled: true matrix_riot_web_enabled: true
matrix_riot_web_container_image_self_build: "{{ matrix_container_images_self_build }}" matrix_riot_web_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
# Normally, matrix-nginx-proxy is enabled and nginx can reach riot-web over the container network. # Normally, matrix-nginx-proxy is enabled and nginx can reach riot-web over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
@ -683,7 +699,7 @@ matrix_riot_web_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matrix_jit
# #
###################################################################### ######################################################################
matrix_synapse_container_image_self_build: "{{ matrix_container_images_self_build }}" matrix_synapse_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
# When ma1sd is enabled, we can use it instead of the default public Identity servers. # When ma1sd is enabled, we can use it instead of the default public Identity servers.
matrix_synapse_trusted_third_party_id_servers: "{{ [matrix_server_fqn_matrix] if matrix_ma1sd_enabled else matrix_synapse_id_servers_public }}" matrix_synapse_trusted_third_party_id_servers: "{{ [matrix_server_fqn_matrix] if matrix_ma1sd_enabled else matrix_synapse_id_servers_public }}"

View File

@ -213,12 +213,14 @@ matrix_nginx_proxy_self_check_well_known_matrix_client_follow_redirects: none
# plain HTTP traffic only (usually, on the loopback interface only) and you'd be terminating SSL using another reverse-proxy. # plain HTTP traffic only (usually, on the loopback interface only) and you'd be terminating SSL using another reverse-proxy.
matrix_ssl_retrieval_method: "lets-encrypt" matrix_ssl_retrieval_method: "lets-encrypt"
matrix_ssl_architecture: "amd64"
# The list of domains that this role will obtain certificates for. # The list of domains that this role will obtain certificates for.
matrix_ssl_domains_to_obtain_certificates_for: [] matrix_ssl_domains_to_obtain_certificates_for: []
# Controls whether to obtain production or staging certificates from Let's Encrypt. # Controls whether to obtain production or staging certificates from Let's Encrypt.
matrix_ssl_lets_encrypt_staging: false matrix_ssl_lets_encrypt_staging: false
matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:v1.3.0" matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:{{ matrix_ssl_architecture }}-v1.3.0"
matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}" matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}"
matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402 matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
matrix_ssl_lets_encrypt_support_email: ~ matrix_ssl_lets_encrypt_support_email: ~