Add support for storing Matrix Synapse's media_store to Amazon S3

2017-09-07 18:26:41 +03:00
parent 9b97ab6a90
commit 9c68b057b0
10 changed files with 192 additions and 7 deletions
--- a/roles/matrix-server/tasks/import_media_store.yml
+++ b/roles/matrix-server/tasks/import_media_store.yml
@ -42,13 +42,37 @@
    # It's wasteful to preserve owner/group now. We chown below anyway.
    owner: no
    group: no
+    # The default of times=yes does not work when s3fs is used.
+    times: "{{ False if matrix_s3_media_store_enabled else True }}"
+    perms: "{{ False if matrix_s3_media_store_enabled else True }}"

- name: Ensure media store permissions are correct
+# This is for the generic case and fails for remote file systems,
+# because the base path (matrix_synapse_media_store_path) is a mount point.
+- name: Ensure media store permissions are correct (generic case)
  file:
    path: "{{ matrix_synapse_media_store_path }}"
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_username }}"
    recurse: yes
+  when: "not matrix_s3_media_store_enabled"
+
+- name: Determine media store subdirectories
+  find: paths="{{ local_path_media_store }}" file_type=directory
+  delegate_to: 127.0.0.1
+  become: false
+  register: media_store_directories_result
+  when: "matrix_s3_media_store_enabled"
+
+# This is the s3fs special case. We chown the subdirectories one by one,
+# without touching the base directory.
+- name: Ensure media store permissions are correct (s3fs)
+  file:
+    path: "{{ matrix_synapse_media_store_path }}/{{ item.path|basename }}"
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_username }}"
+    recurse: yes
+  with_items: "{{ media_store_directories_result.files }}"
+  when: "matrix_s3_media_store_enabled"

 - name: Ensure Matrix Synapse is started (if it previously was)
  service: name="{{ item }}" state=started daemon_reload=yes
--- a/roles/matrix-server/tasks/main.yml
+++ b/roles/matrix-server/tasks/main.yml
@ -1,5 +1,10 @@
 ---

+- include: tasks/setup_s3fs.yml
+  tags:
+    - setup-main
+    - setup-s3fs
+
 - include: tasks/setup_base.yml
  tags:
    - setup-main
--- a/roles/matrix-server/tasks/setup_s3fs.yml
+++ b/roles/matrix-server/tasks/setup_s3fs.yml
@ -0,0 +1,49 @@
+#
+# Tasks related to setting up s3fs
+#
+
+- name: Ensure S3fs Docker image is pulled
+  docker_image:
+    name: "{{ docker_s3fs_image }}"
+  when: matrix_s3_media_store_enabled
+
+- name: Ensure s3fs-credentials file created
+  template:
+    src: "{{ role_path }}/templates/s3fs-credentials.j2"
+    dest: "{{ matrix_base_data_path }}/s3fs-credentials"
+    owner: root
+    mode: 0600
+  when: matrix_s3_media_store_enabled
+
+- name: Ensure matrix-s3fs.service installed
+  template:
+    src: "{{ role_path }}/templates/systemd/matrix-s3fs.service.j2"
+    dest: "/etc/systemd/system/matrix-s3fs.service"
+    mode: 0644
+  when: matrix_s3_media_store_enabled
+
+#
+# Tasks related to getting rid of s3fs (if it was previously enabled)
+#
+- name: Ensure matrix-s3fs is stopped
+  service: name=matrix-s3fs state=stopped daemon_reload=yes
+  register: stopping_result
+  when: "not matrix_s3_media_store_enabled"
+
+- name: Ensure matrix-s3fs.service doesn't exist
+  file:
+    path: "{{ matrix_base_data_path }}/s3fs-credentials"
+    state: absent
+  when: "not matrix_s3_media_store_enabled"
+
+- name: Ensure s3fs-credentials doesn't exist
+  file:
+    path: "{{ matrix_base_data_path }}/s3fs-credentials"
+    state: absent
+  when: "not matrix_s3_media_store_enabled"
+
+- name: Ensure S3fs Docker image doesn't exist
+  docker_image:
+    name: "{{ docker_s3fs_image }}"
+    state: absent
+  when: "not matrix_s3_media_store_enabled"
--- a/roles/matrix-server/tasks/setup_synapse.yml
+++ b/roles/matrix-server/tasks/setup_synapse.yml
@ -11,7 +11,24 @@
    - "{{ matrix_synapse_base_path }}"
    - "{{ matrix_synapse_config_dir_path }}"
    - "{{ matrix_synapse_run_path }}"
-    - "{{ matrix_synapse_media_store_path }}"
+    # We handle matrix_synapse_media_store_path below, not here,
+    # because if it's using S3fs and it's already mounted (from before),
+    # trying to chown/chmod it here will cause trouble.
+
+- name: Check Matrix Synapse media store path
+  stat: path="{{ matrix_synapse_media_store_path }}"
+  register: local_path_media_store_stat
+
+# This is separate and conditional, to ensure we don't execute it
+# if the path already exists (and is likely used by an s3fs mount).
+- name: Ensure Matrix media store path exists
+  file:
+    path: "{{ matrix_synapse_media_store_path }}"
+    state: directory
+    mode: 0750
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_username }}"
+  when: "not local_path_media_store_stat.stat.exists"

 - name: Ensure Matrix Docker image is pulled
  docker_image:
--- a/roles/matrix-server/tasks/start.yml
+++ b/roles/matrix-server/tasks/start.yml
@ -3,6 +3,10 @@
 - name: Ensure matrix-postgres autoruns and is restarted
  service: name=matrix-postgres enabled=yes state=restarted daemon_reload=yes

+- name: Ensure matrix-s3fs autoruns and is restarted
+  service: name=matrix-s3fs enabled=yes state=restarted daemon_reload=yes
+  when: matrix_s3_media_store_enabled
+
 - name: Ensure matrix-synapse autoruns and is restarted
  service: name=matrix-synapse enabled=yes state=restarted daemon_reload=yes