Migrate ejabberd uploads to mod_s3_upload and Garage

In addition to installing and configuring the new module, this also enables public access to the S3 API via `bucket-name.s3.kosmos.org` as well as Web access on `bucket-name.web.s3.kosmos.org` (when enabled). Also includes some drive-by improvements to Chef attribute naming and usage. Co-authored-by: Greg Karékinian <greg@karekinian.com>
2023-10-10 17:55:55 +02:00
parent 832075dfb2
commit 65d71d6a73
25 changed files with 322 additions and 132 deletions
--- a/site-cookbooks/kosmos-ejabberd/recipes/default.rb
+++ b/site-cookbooks/kosmos-ejabberd/recipes/default.rb
@@ -5,12 +5,12 @@

 ejabberd_credentials = data_bag_item("credentials", "ejabberd")

-ejabberd_version = node["kosmos-ejabberd"]["version"]
-package_checksum = node["kosmos-ejabberd"]["checksum"]
+ejabberd_version = node["ejabberd"]["version"]
+package_checksum = node["ejabberd"]["checksum"]
 package_path = "#{Chef::Config['file_cache_path']}/ejabberd_#{ejabberd_version}_amd64.deb"

 remote_file package_path do
-  source "https://github.com/processone/ejabberd/releases/download/#{ejabberd_version}/ejabberd_#{ejabberd_version}-#{node["kosmos-ejabberd"]["package_version"]}_amd64.deb"
+  source "https://github.com/processone/ejabberd/releases/download/#{ejabberd_version}/ejabberd_#{ejabberd_version}-#{node["ejabberd"]["package_version"]}_amd64.deb"
  checksum package_checksum
  notifies :install, "dpkg_package[ejabberd]", :immediately
 end
@@ -22,6 +22,21 @@ dpkg_package "ejabberd" do
  action :nothing
 end

+execute "update contrib modules" do
+  command "ejabberdctl modules_update_specs"
+end
+
+%w[mod_s3_upload].each do |emod|
+  execute "install #{emod}" do
+    command "ejabberdctl module_install #{emod}"
+    not_if { ::File.exist?("/opt/ejabberd/.ejabberd-modules/#{emod}/ebin") }
+  end
+
+  file "/opt/ejabberd/.ejabberd-modules/#{emod}/conf/#{emod}.yml" do
+    action :delete
+  end
+end
+
 file "/opt/ejabberd/.erlang.cookie" do
  mode "0400"
  owner "ejabberd"
@@ -70,7 +85,7 @@ hosts = [
    ldap_enabled: true,
    ldap_password: ejabberd_credentials['kosmos_ldap_password'],
    append_host_config: <<-EOF
-modules:
+    modules:
      mod_disco:
        extra_domains:
          - kosmos.chat
@@ -92,12 +107,6 @@ modules:
        default_room_options:
          mam: true
        preload_rooms: true
-      mod_muc_rtbl: {}
-      mod_http_upload:
-        put_url: "https://uploads.kosmos.chat/8af2c77"
-        external_secret: "#{ejabberd_credentials["uploads_secret"]}"
-        max_size: 104857600
-        thumbnail: false # otherwise needs the identify command from ImageMagick installed
                EOF
  },
  {
@@ -106,7 +115,7 @@ modules:
    ldap_enabled: true,
    ldap_password: ejabberd_credentials['5apps_ldap_password'],
    append_host_config: <<-EOF
-modules:
+    modules:
      mod_disco:
        extra_domains:
          - muc.5apps.com
@@ -133,12 +142,6 @@ modules:
          persistent: true
          mam: true
        preload_rooms: true
-      mod_muc_rtbl: {}
-      mod_http_upload:
-        put_url: "https://uploads.kosmos.chat/2802cfe"
-        external_secret: "#{ejabberd_credentials["uploads_secret"]}"
-        max_size: 104857600
-        thumbnail: false # otherwise needs the identify command from ImageMagick installed
                EOF
  }
 ]
@@ -182,12 +185,19 @@ template "/opt/ejabberd/conf/ejabberd.yml" do
            admin_users: admin_users,
            stun_auth_realm: "kosmos.org",
            stun_secret: ejabberd_credentials['stun_secret'],
-            turn_ip_address: node["kosmos-ejabberd"]["turn_ip_address"],
-            stun_turn_port: node["kosmos-ejabberd"]["stun_turn_port"],
-            turn_min_port: node["kosmos-ejabberd"]["turn_min_port"],
-            turn_max_port: node["kosmos-ejabberd"]["turn_max_port"],
+            turn_ip_address: node["ejabberd"]["turn_ip_address"],
+            stun_turn_port: node["ejabberd"]["stun_turn_port"],
+            turn_min_port: node["ejabberd"]["turn_min_port"],
+            turn_max_port: node["ejabberd"]["turn_max_port"],
            private_ip_address: node["knife_zero"]["host"],
-            akkounts_ip_addresses: akkounts_ip_addresses
+            akkounts_ip_addresses: akkounts_ip_addresses,
+            mod_s3_upload: {
+              region: "garage",
+              bucket_url: "https://#{node["garage"]["xmpp_upload_bucket"]}.#{node["garage"]["s3_api_root_domain"]}",
+              download_url: "https://media.kosmos.chat",
+              key_id: ejabberd_credentials['s3_key_id'],
+              secret_key: ejabberd_credentials['s3_secret_key']
+            }
  notifies :reload, "service[ejabberd]", :delayed
 end