robin/haze
1
0
Fork 0
mirror of https://codeberg.org/icewind/haze.git synced 2026-06-03 09:04:12 +02:00
Code Issues Projects Releases Wiki Activity

add s3 TLS option

Browse source
This commit is contained in:
Robin Appelman 2026-03-09 20:10:23 +01:00
commit 7e54fbd89f
8 changed files with 203 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

16
src/cloud.rs
View file

@ -498,6 +498,22 @@ impl Cloud {
}
};
for pre_setup in options
.services
.iter()
.flat_map(|service| service.pre_setup(docker, &id, config).into_iter().flatten())
{
exec(
docker,
&container,
&uid.to_string(),
pre_setup,
vec!["NC_IS_CONFIG_READ_ONLY=1"],
Some(stdout()),
)
.await?;
}
containers.push(container);
let options_clone = options.clone();

12
src/service.rs
View file

@ -100,6 +100,15 @@ pub trait ServiceTrait {
Ok(HashMap::default())
}
fn pre_setup(
&self,
_docker: &Docker,
_cloud_id: &str,
_config: &HazeConfig,
) -> Result<Vec<Vec<String>>> {
Ok(Vec::new())
}
async fn post_setup(
&self,
_docker: &Docker,
@ -205,6 +214,8 @@ impl ServiceTrait for RedisTls {
pub enum ServiceType {
/// S3 Primary storage and external storage
S3,
/// S3 Primary storage with TLS
S3s,
/// S3 multi-object store Primary storage and external storage
S3m,
/// S3 multi-bucket Primary storage and external storage
@ -307,6 +318,7 @@ impl Service {
if let Ok(ty) = ServiceType::from_str(ty) {
match ty {
ServiceType::S3 => Some(vec![Service::ObjectStore(ObjectStore::S3)]),
ServiceType::S3s => Some(vec![Service::ObjectStore(ObjectStore::S3s)]),
ServiceType::S3m => Some(vec![Service::ObjectStore(ObjectStore::S3m)]),
ServiceType::S3mb => Some(vec![Service::ObjectStore(ObjectStore::S3mb)]),
ServiceType::Azure => Some(vec![Service::ObjectStore(ObjectStore::Azure)]),

113
src/service/objectstore.rs
View file

@ -10,11 +10,15 @@ use bollard::models::{
use bollard::query_parameters::CreateContainerOptions;
use bollard::Docker;
use maplit::hashmap;
use miette::IntoDiagnostic;
use miette::{IntoDiagnostic, WrapErr};
use serde_json::Value;
use std::collections::HashMap;
use std::fs::{create_dir_all, write};
#[derive(Debug, Clone, Eq, PartialEq)]
pub enum ObjectStore {
S3,
S3s,
S3m,
S3mb,
Azure,
@ -23,7 +27,7 @@ pub enum ObjectStore {
impl ObjectStore {
fn image(&self) -> &str {
match self {
ObjectStore::S3 | ObjectStore::S3m | ObjectStore::S3mb => {
ObjectStore::S3 | ObjectStore::S3m | ObjectStore::S3mb | ObjectStore::S3s => {
"minio/minio:RELEASE.2024-07-16T23-46-41Z"
}
ObjectStore::Azure => "arafato/azurite:2.6.5",
@ -32,7 +36,7 @@ impl ObjectStore {
fn self_env(&self) -> Vec<&str> {
match self {
ObjectStore::S3 | ObjectStore::S3m | ObjectStore::S3mb => {
ObjectStore::S3 | ObjectStore::S3m | ObjectStore::S3mb | ObjectStore::S3s => {
vec!["MINIO_ACCESS_KEY=minio", "MINIO_SECRET_KEY=minio123"]
}
ObjectStore::Azure => vec![],
@ -41,17 +45,54 @@ impl ObjectStore {
fn host_name(&self) -> &str {
match self {
ObjectStore::S3 | ObjectStore::S3m | ObjectStore::S3mb => "s3",
ObjectStore::S3 | ObjectStore::S3m | ObjectStore::S3mb | ObjectStore::S3s => "s3",
ObjectStore::Azure => "azure",
}
}
fn args(&self) -> &[&str] {
match self {
ObjectStore::S3 | ObjectStore::S3m | ObjectStore::S3mb => &["server", "/data"],
ObjectStore::S3 | ObjectStore::S3m | ObjectStore::S3mb | ObjectStore::S3s => {
&["server", "/data"]
}
_ => &[],
}
}
fn volumes(&self, config: &HazeConfig) -> Option<Vec<String>> {
match self {
ObjectStore::S3s => {
let cert_dir = config.work_dir.join("certificates/s3");
create_dir_all(&cert_dir)
.into_diagnostic()
.wrap_err("Failed to create redis certificate directory")
.unwrap();
let s3_cert_path = config.work_dir.join("certificates/s3/public.crt");
let s3_key_path = config.work_dir.join("certificates/s3/private.key");
if !s3_cert_path.exists() {
write(
&s3_cert_path,
include_bytes!("../../certificates/s3/public.crt"),
)
.into_diagnostic()
.wrap_err("Failed to write s3 certificate")
.unwrap();
}
if !s3_key_path.exists() {
write(
&s3_key_path,
include_bytes!("../../certificates/s3/private.key"),
)
.into_diagnostic()
.wrap_err("Failed to write s3 key")
.unwrap();
}
Some(vec![format!("{cert_dir}:/root/.minio/certs:ro")])
}
_ => None,
}
}
}
#[async_trait::async_trait]
@ -59,6 +100,7 @@ impl ServiceTrait for ObjectStore {
fn name(&self) -> &str {
match self {
ObjectStore::S3 => "s3",
ObjectStore::S3s => "s3s",
ObjectStore::S3m => "s3m",
ObjectStore::S3mb => "s3mb",
ObjectStore::Azure => "azure",
@ -68,8 +110,9 @@ impl ServiceTrait for ObjectStore {
fn env(&self) -> &[&str] {
match self {
ObjectStore::S3 => &["S3=1"],
ObjectStore::S3s => &["S3S=1"],
ObjectStore::S3m => &["S3M=1"],
ObjectStore::S3mb => &["S3MB=1"],
ObjectStore::S3mb => &["S3MB =1"],
ObjectStore::Azure => &["AZURE=1"],
}
}
@ -79,7 +122,7 @@ impl ServiceTrait for ObjectStore {
docker: &Docker,
cloud_id: &str,
network: &str,
_config: &HazeConfig,
config: &HazeConfig,
_options: &CloudOptions,
) -> Result<Vec<String>> {
pull_image(docker, self.image()).await?;
@ -92,6 +135,7 @@ impl ServiceTrait for ObjectStore {
env: Some(self.self_env().into_iter().map(String::from).collect()),
host_config: Some(HostConfig {
network_mode: Some(network.to_string()),
binds: self.volumes(config),
..Default::default()
}),
labels: Some(hashmap! {
@ -165,14 +209,47 @@ impl ServiceTrait for ObjectStore {
&["files_external"]
}
fn config(
&self,
_docker: &Docker,
_cloud_id: &str,
_config: &HazeConfig,
) -> Result<HashMap<String, Value>> {
match self {
ObjectStore::S3s => Ok(hashmap![
"default_certificates_bundle_path".into() => Value::String("/var/www/html/data/ca-bundle.crt".into()),
]),
_ => Ok(HashMap::default()),
}
}
fn pre_setup(
&self,
_docker: &Docker,
_cloud_id: &str,
_config: &HazeConfig,
) -> Result<Vec<Vec<String>>> {
match self {
ObjectStore::S3s => Ok(vec![
vec!["mkdir".into(), "-p".into(), "/var/www/html/data".into()],
vec![
"sh".into(),
"-c".into(),
"cat /var/www/html/resources/config/ca-bundle.crt /certificates/s3/public.crt > /var/www/html/data/ca-bundle.crt".into(),
],
]),
_ => Ok(Vec::new()),
}
}
async fn post_setup(
&self,
_docker: &Docker,
_cloud_id: &str,
_config: &HazeConfig,
) -> Result<Vec<String>> {
if *self == ObjectStore::S3 {
Ok(vec![
match self {
ObjectStore::S3 => Ok(vec![
"occ files_external:create s3 amazons3 amazons3::accesskey".into(),
"occ files_external:config 1 bucket ext".into(),
"occ files_external:config 1 hostname s3".into(),
@ -182,15 +259,25 @@ impl ServiceTrait for ObjectStore {
"occ files_external:config 1 key minio".into(),
"occ files_external:config 1 secret minio123".into(),
"mc alias set s3 http://s3:9000 minio minio123".into(),
])
} else {
Ok(Vec::new())
]),
// ObjectStore::S3s => Ok(vec![
// "occ files_external:create s3 amazons3 amazons3::accesskey".into(),
// "occ files_external:config 1 bucket ext".into(),
// "occ files_external:config 1 hostname s3".into(),
// "occ files_external:config 1 port 9000".into(),
// "occ files_external:config 1 use_ssl true".into(),
// "occ files_external:config 1 use_path_style true".into(),
// "occ files_external:config 1 key minio".into(),
// "occ files_external:config 1 secret minio123".into(),
// "mc alias set s3 https://s3:9000 minio minio123".into(),
// ]),
_ => Ok(Vec::new()),
}
}
fn proxy_port(&self) -> u16 {
match self {
ObjectStore::S3 | ObjectStore::S3m | ObjectStore::S3mb => 9000,
ObjectStore::S3 | ObjectStore::S3m | ObjectStore::S3mb | ObjectStore::S3s => 9000,
ObjectStore::Azure => 10000,
}
}