ambiser
/
openvidu
mirror of https://github.com/OpenVidu/openvidu.git
8
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

deployment-openvidu-pro: S3 support

pull/550/head
cruizba 2020-10-06 21:13:18 +02:00
parent 087a2a0d06
commit ffd1f7f5b7
2 changed files with 123 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
openvidu-server/deployments/pro/aws/cfn-openvidu-server-pro-no-market.yaml.template
View File

@ -42,6 +42,18 @@ Parameters:
Description: "If certificate type is 'letsencrypt', this email will be used for Let's Encrypt notifications" Description: "If certificate type is 'letsencrypt', this email will be used for Let's Encrypt notifications"
Type: String Type: String
RecordingStorage:
Description: "If 's3', recordings will be stored in a S3 bucket"
Type: String
AllowedValues:
- local
- s3
Default: local
S3RecordingsBucketName:
Description: "If RecordingStorage is 's3', this will be the name of s3 bucket to store recordings"
Type: String
# OpenVidu Configuration # OpenVidu Configuration
OpenViduLicense: OpenViduLicense:
@ -212,6 +224,8 @@ Metadata:
- OpenViduLicense - OpenViduLicense
- OpenViduSecret - OpenViduSecret
- MediaNodesStartNumber - MediaNodesStartNumber
- RecordingStorage
- S3RecordingsBucketName
- Label: - Label:
default: Elasticsearch and Kibana configuration default: Elasticsearch and Kibana configuration
Parameters: Parameters:
@ -247,6 +261,10 @@ Metadata:
default: "URL to the key file (owncert)" default: "URL to the key file (owncert)"
LetsEncryptEmail: LetsEncryptEmail:
default: "Email for Let's Encrypt (letsencrypt)" default: "Email for Let's Encrypt (letsencrypt)"
RecordingStorage:
default: "Recording storage"
S3RecordingsBucketName:
default: "S3 Bucket where recordings will be stored"
# OpenVidu configuration # OpenVidu configuration
OpenViduLicense: OpenViduLicense:
default: "OpenVidu Pro License key" default: "OpenVidu Pro License key"
@ -276,8 +294,20 @@ Metadata:
default: "Deploy OpenVidu Call application" default: "Deploy OpenVidu Call application"
Conditions: Conditions:
WhichCertPresent: !Not [ !Equals [!Ref WhichCert, ""] ] WhichCertPresent: !Not [ !Equals [!Ref WhichCert, ""] ]
PublicElasticIPPresent: !Not [ !Equals [!Ref PublicElasticIP, ""] ] PublicElasticIPPresent: !Not [ !Equals [!Ref PublicElasticIP, ""] ]
RecordingStorageIsS3: !Equals [!Ref RecordingStorage, "s3" ]
S3RecordingsBucketNamePresent: !Not [ !Equals [!Ref S3RecordingsBucketName, ""] ]
CreateS3Bucket: !And [ !Equals [!Ref RecordingStorage, "s3" ], !Equals [!Ref S3RecordingsBucketName, ""] ]
Rules:
ValidateParametersS3Local:
RuleCondition:
Fn::Equals: [!Ref RecordingStorage, "local" ]
Assertions:
- AssertDescription: If Recording Storage is 'local', you don't need to define an S3 bucket
Assert:
Fn::Equals: [!Ref S3RecordingsBucketName, ""]
Resources: Resources:
@ -312,6 +342,42 @@ Resources:
- 'route53:ChangeResourceRecordSets' - 'route53:ChangeResourceRecordSets'
- 'route53:ListHostedZones' - 'route53:ListHostedZones'
Resource: '*' Resource: '*'
- Fn::If:
# Only apply this policies if S3 is configured
- RecordingStorageIsS3
- Effect: Allow
Action:
- 's3:DeleteObject'
- 's3:GetObject'
- 's3:PutObject'
Resource:
- Fn::If:
# Get bucket name depending if the user defines a bucket name or not
- S3RecordingsBucketNamePresent
- !Join [ "", [ 'arn:aws:s3:::', !Ref S3RecordingsBucketName, '/*'] ]
- !Join [ "", [ 'arn:aws:s3:::', !Ref AWS::StackName, '-recordings', '/*'] ]
- Ref: AWS::NoValue
- Fn::If:
# Only apply this policies if S3 is configured
- RecordingStorageIsS3
- Effect: Allow
Action:
- 's3:ListBucket'
Resource:
- Fn::If:
# Get bucket name depending if the user defines a bucket name or not
- S3RecordingsBucketNamePresent
- !Join [ "", [ 'arn:aws:s3:::', !Ref S3RecordingsBucketName ] ]
- !Join [ "", [ 'arn:aws:s3:::', !Ref AWS::StackName, '-recordings' ] ]
- Ref: AWS::NoValue
- Fn::If:
# Only apply this policies if S3 is configured
- RecordingStorageIsS3
- Effect: Allow
Action:
- s3:ListAllMyBuckets
Resource: 'arn:aws:s3:::'
- Ref: AWS::NoValue
RoleName: !Join [ "-", [ OpenViduManageEC2Role, !Ref 'AWS::StackName', !Ref 'AWS::Region'] ] RoleName: !Join [ "-", [ OpenViduManageEC2Role, !Ref 'AWS::StackName', !Ref 'AWS::Region'] ]
OpenviduInstancesProfile: OpenviduInstancesProfile:
@ -324,6 +390,20 @@ Resources:
DependsOn: DependsOn:
- OpenViduManageEC2Role - OpenViduManageEC2Role
S3bucket:
Type: 'AWS::S3::Bucket'
Properties:
BucketName: !Join [ "", [ !Ref 'AWS::StackName', '-recordings' ] ]
AccessControl: Private
PublicAccessBlockConfiguration:
BlockPublicAcls: true
BlockPublicPolicy: true
IgnorePublicAcls : true
RestrictPublicBuckets: true
DeletionPolicy: Retain
UpdateReplacePolicy: Retain
Condition: CreateS3Bucket
OpenViduServer: OpenViduServer:
Type: AWS::EC2::Instance Type: AWS::EC2::Instance
Metadata: Metadata:
@ -404,7 +484,18 @@ Resources:
sed -i "s/WITH_APP=true/WITH_APP=false/" $WORKINGDIR/docker-compose.yml sed -i "s/WITH_APP=true/WITH_APP=false/" $WORKINGDIR/docker-compose.yml
rm $WORKINGDIR/docker-compose.override.yml rm $WORKINGDIR/docker-compose.override.yml
fi fi
# S3 Configuration
if [ "${RecordingStorage}" == "s3" ]; then
sed -i "s/#OPENVIDU_PRO_RECORDING_STORAGE=/OPENVIDU_PRO_RECORDING_STORAGE=s3" $WORKINGDIR/.env
if [ ! -z "${S3RecordingsBucketName}" ]; then
sed -i "s/#OPENVIDU_PRO_AWS_S3_BUCKET=/OPENVIDU_PRO_AWS_S3_BUCKET=${S3RecordingsBucketName}" $WORKINGDIR/.env
else
sed -i "s/#OPENVIDU_PRO_AWS_S3_BUCKET=/OPENVIDU_PRO_AWS_S3_BUCKET=${s3BucketName}" $WORKINGDIR/.env
fi
fi
- kmsAmi: !FindInMap [KMSAMIMAP, !Ref 'AWS::Region', AMI] - kmsAmi: !FindInMap [KMSAMIMAP, !Ref 'AWS::Region', AMI]
s3BucketName: !Join [ "", [ !Ref 'AWS::StackName', '-recordings' ] ]
mode: "000755" mode: "000755"
owner: "root" owner: "root"
group: "root" group: "root"
@ -453,7 +544,7 @@ Resources:
owner: "root" owner: "root"
group: "root" group: "root"
'/usr/local/bin/create_security_group_rules.sh': '/usr/local/bin/create_security_group_rules.sh':
content: !Sub | content: |
#!/bin/bash -x #!/bin/bash -x
SECGRPIDKMS=$(/usr/local/bin/getSecurityGroupKms.sh) SECGRPIDKMS=$(/usr/local/bin/getSecurityGroupKms.sh)
SECGRPIDOV=$(/usr/local/bin/getSecurityGroupOpenVidu.sh) SECGRPIDOV=$(/usr/local/bin/getSecurityGroupOpenVidu.sh)
@ -471,7 +562,7 @@ Resources:
owner: "root" owner: "root"
group: "root" group: "root"
'/usr/local/bin/restartPRO.sh': '/usr/local/bin/restartPRO.sh':
content: !Sub | content: |
#!/bin/bash -x #!/bin/bash -x
WORKINGDIR=/opt/openvidu WORKINGDIR=/opt/openvidu

28
openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/.env
View File

@ -138,6 +138,34 @@ OPENVIDU_RECORDING=false
# Use recording module with debug mode. # Use recording module with debug mode.
OPENVIDU_RECORDING_DEBUG=false OPENVIDU_RECORDING_DEBUG=false
# Where to store recording files. Can be “local” (local storage) or “s3” (AWS bucket).
# You will need to define a OPENVIDU_PRO_AWS_S3_BUCKET if you use it.
#OPENVIDU_PRO_RECORDING_STORAGE=
# S3 Bucket where to store recording files. May include paths to allow navigating
# folder structures inside the bucket. This property is only taken into account
# if OPENVIDU_PRO_RECORDING_STORAGE=s3
#OPENVIDU_PRO_AWS_S3_BUCKET=
# AWS credentials access key. Must have read and write permissions over the bucket.
# If not provided, then the internal S3 client will try to use the default AWS credentials
# of the machine (if available). This property is only taken into account if
# OPENVIDU_PRO_RECORDING_STORAGE=s3
# If you're instance has a role which has access to read
# and write into the s3 bucket, you don't need this parameter
# OPENVIDU_PRO_AWS_ACCESS_KEY=
# AWS credentials secret key from OPENVIDU_PRO_AWS_ACCESS_KEY. This property is only
# taken into account if OPENVIDU_PRO_RECORDING_STORAGE=s3
# If you're instance has a role which has access to read
# and write into the s3 bucket, you don't need this parameter
# OPENVIDU_PRO_AWS_SECRET_KEY=
# AWS region in which the S3 bucket is located (e.g. eu-west-1). If not provided,
# the region will try to be discovered automatically, although this is not always possible.
# This property is only taken into account if OPENVIDU_PRO_RECORDING_STORAGE=s3
# OPENVIDU_PRO_AWS_REGION=
# Openvidu Folder Record used for save the openvidu recording videos. Change it # Openvidu Folder Record used for save the openvidu recording videos. Change it
# with the folder you want to use from your host. # with the folder you want to use from your host.
OPENVIDU_RECORDING_PATH=/opt/openvidu/recordings OPENVIDU_RECORDING_PATH=/opt/openvidu/recordings