add experimental(?) architecture support for arm32 and arm64

the changes are necessary because certbot images are tagged, so docker does not recognize the necessary architecture
This commit is contained in:
Horvath Gergely 2020-04-18 22:55:19 +02:00
parent 203a319881
commit bd61598faf
3 changed files with 42 additions and 8 deletions

View File

@ -0,0 +1,16 @@
# Alternative architectures
As stated in the [Prerequisites](prerequisites.md), currently only x86_64 is supported. However, it is possible to set the target architecture, and some tools can be built on the host or other measures can be used.
To that end add the following variable to your `vars.yaml` file:
```
matrix_architecture = <your-matrix-server-architecture>
```
Currently supported architectures are the following:
- `amd64` (the default)
- `arm64`
- `arm32`
On most roles self-building is used if the architecture is not `amd64`. Special cases:
- matrix-bridge-mautrix-facebook: there is built docker image for arm64 as well,
- matrix-bridge-mautrix-hangouts: there is built docker image for arm64 as well,
- matrix-nginx-proxy: Certbot has docker image for both arm32 and arm64, however tagging is used, which requires special handling.

View File

@ -26,6 +26,20 @@ matrix_riot_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matrix_jitsi_e
# #
###################################################################### ######################################################################
######################################################################
#
# matrix-architecture
#
######################################################################
matrix_architecture: "amd64"
######################################################################
#
# /matrix-architecture
#
######################################################################
###################################################################### ######################################################################
# #
@ -174,7 +188,7 @@ matrix_appservice_irc_homeserver_token: "{{ matrix_synapse_macaroon_secret_key |
# We don't enable bridges by default. # We don't enable bridges by default.
matrix_mautrix_facebook_enabled: false matrix_mautrix_facebook_enabled: false
matrix_mautrix_facebook_container_image_self_build: "{{ matrix_container_images_self_build }}" matrix_mautrix_facebook_container_image_self_build: "{{ (matrix_architecture != 'amd64') and (matrix_architecture != 'arm64') }}"
matrix_mautrix_facebook_systemd_required_services_list: | matrix_mautrix_facebook_systemd_required_services_list: |
{{ {{
@ -205,7 +219,7 @@ matrix_mautrix_facebook_login_shared_secret: "{{ matrix_synapse_ext_password_pro
# We don't enable bridges by default. # We don't enable bridges by default.
matrix_mautrix_hangouts_enabled: false matrix_mautrix_hangouts_enabled: false
matrix_mautrix_hangouts_container_image_self_build: "{{ matrix_container_images_self_build }}" matrix_mautrix_hangouts_container_image_self_build: "{{ (matrix_architecture != 'amd64') and (matrix_architecture != 'arm64') }}"
matrix_mautrix_hangouts_systemd_required_services_list: | matrix_mautrix_hangouts_systemd_required_services_list: |
{{ {{
@ -301,7 +315,7 @@ matrix_mautrix_whatsapp_login_shared_secret: "{{ matrix_synapse_ext_password_pro
# We don't enable bridges by default. # We don't enable bridges by default.
matrix_mx_puppet_skype_enabled: false matrix_mx_puppet_skype_enabled: false
matrix_mx_puppet_skype_container_image_self_build: "{{ matrix_container_images_self_build }}" matrix_mx_puppet_skype_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
matrix_mx_puppet_skype_systemd_required_services_list: | matrix_mx_puppet_skype_systemd_required_services_list: |
{{ {{
@ -366,7 +380,7 @@ matrix_corporal_matrix_registration_shared_secret: "{{ matrix_synapse_registrati
matrix_coturn_enabled: true matrix_coturn_enabled: true
matrix_coturn_container_image_self_build: "{{ matrix_container_images_self_build }}" matrix_coturn_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
matrix_coturn_turn_external_ip_address: "{{ ansible_host }}" matrix_coturn_turn_external_ip_address: "{{ ansible_host }}"
@ -489,7 +503,7 @@ matrix_mailer_enabled: true
# If you wish to use the public identity servers (matrix.org, vector.im) instead of your own you may wish to disable this. # If you wish to use the public identity servers (matrix.org, vector.im) instead of your own you may wish to disable this.
matrix_ma1sd_enabled: true matrix_ma1sd_enabled: true
matrix_ma1sd_container_image_self_build: "{{ matrix_container_images_self_build }}" matrix_ma1sd_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
# Normally, matrix-nginx-proxy is enabled and nginx can reach ma1sd over the container network. # Normally, matrix-nginx-proxy is enabled and nginx can reach ma1sd over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
@ -599,6 +613,8 @@ matrix_ssl_domains_to_obtain_certificates_for: |
([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else []) ([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else [])
}} }}
matrix_ssl_architecture: "{{ matrix_architecture }}"
###################################################################### ######################################################################
# #
# /matrix-nginx-proxy # /matrix-nginx-proxy
@ -638,7 +654,7 @@ matrix_postgres_db_name: "homeserver"
# If you wish to connect to your Matrix server by other means, you may wish to disable this. # If you wish to connect to your Matrix server by other means, you may wish to disable this.
matrix_riot_web_enabled: true matrix_riot_web_enabled: true
matrix_riot_web_container_image_self_build: "{{ matrix_container_images_self_build }}" matrix_riot_web_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
# Normally, matrix-nginx-proxy is enabled and nginx can reach riot-web over the container network. # Normally, matrix-nginx-proxy is enabled and nginx can reach riot-web over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
@ -683,7 +699,7 @@ matrix_riot_web_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matrix_jit
# #
###################################################################### ######################################################################
matrix_synapse_container_image_self_build: "{{ matrix_container_images_self_build }}" matrix_synapse_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
# When ma1sd is enabled, we can use it instead of the default public Identity servers. # When ma1sd is enabled, we can use it instead of the default public Identity servers.
matrix_synapse_trusted_third_party_id_servers: "{{ [matrix_server_fqn_matrix] if matrix_ma1sd_enabled else matrix_synapse_id_servers_public }}" matrix_synapse_trusted_third_party_id_servers: "{{ [matrix_server_fqn_matrix] if matrix_ma1sd_enabled else matrix_synapse_id_servers_public }}"

View File

@ -213,12 +213,14 @@ matrix_nginx_proxy_self_check_well_known_matrix_client_follow_redirects: none
# plain HTTP traffic only (usually, on the loopback interface only) and you'd be terminating SSL using another reverse-proxy. # plain HTTP traffic only (usually, on the loopback interface only) and you'd be terminating SSL using another reverse-proxy.
matrix_ssl_retrieval_method: "lets-encrypt" matrix_ssl_retrieval_method: "lets-encrypt"
matrix_ssl_architecture: "amd64"
# The list of domains that this role will obtain certificates for. # The list of domains that this role will obtain certificates for.
matrix_ssl_domains_to_obtain_certificates_for: [] matrix_ssl_domains_to_obtain_certificates_for: []
# Controls whether to obtain production or staging certificates from Let's Encrypt. # Controls whether to obtain production or staging certificates from Let's Encrypt.
matrix_ssl_lets_encrypt_staging: false matrix_ssl_lets_encrypt_staging: false
matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:v1.3.0" matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:{{ matrix_ssl_architecture }}-v1.3.0"
matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}" matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}"
matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402 matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
matrix_ssl_lets_encrypt_support_email: ~ matrix_ssl_lets_encrypt_support_email: ~