mirror of https://github.com/OpenVidu/openvidu.git
deployment-openvidu-pro: S3 support
cruizba
parent
087a2a0d06
commit
ffd1f7f5b7
|
|
@ -42,6 +42,18 @@ Parameters:
|
|||
Description: "If certificate type is 'letsencrypt', this email will be used for Let's Encrypt notifications"
|
||||
Type: String
|
||||
|
||||
RecordingStorage:
|
||||
Description: "If 's3', recordings will be stored in a S3 bucket"
|
||||
Type: String
|
||||
AllowedValues:
|
||||
- local
|
||||
- s3
|
||||
Default: local
|
||||
|
||||
S3RecordingsBucketName:
|
||||
Description: "If RecordingStorage is 's3', this will be the name of s3 bucket to store recordings"
|
||||
Type: String
|
||||
|
||||
# OpenVidu Configuration
|
||||
|
||||
OpenViduLicense:
|
||||
|
|
@ -212,6 +224,8 @@ Metadata:
|
|||
- OpenViduLicense
|
||||
- OpenViduSecret
|
||||
- MediaNodesStartNumber
|
||||
- RecordingStorage
|
||||
- S3RecordingsBucketName
|
||||
- Label:
|
||||
default: Elasticsearch and Kibana configuration
|
||||
Parameters:
|
||||
|
|
@ -247,6 +261,10 @@ Metadata:
|
|||
default: "URL to the key file (owncert)"
|
||||
LetsEncryptEmail:
|
||||
default: "Email for Let's Encrypt (letsencrypt)"
|
||||
RecordingStorage:
|
||||
default: "Recording storage"
|
||||
S3RecordingsBucketName:
|
||||
default: "S3 Bucket where recordings will be stored"
|
||||
# OpenVidu configuration
|
||||
OpenViduLicense:
|
||||
default: "OpenVidu Pro License key"
|
||||
|
|
@ -278,6 +296,18 @@ Metadata:
|
|||
Conditions:
|
||||
WhichCertPresent: !Not [ !Equals [!Ref WhichCert, ""] ]
|
||||
PublicElasticIPPresent: !Not [ !Equals [!Ref PublicElasticIP, ""] ]
|
||||
RecordingStorageIsS3: !Equals [!Ref RecordingStorage, "s3" ]
|
||||
S3RecordingsBucketNamePresent: !Not [ !Equals [!Ref S3RecordingsBucketName, ""] ]
|
||||
CreateS3Bucket: !And [ !Equals [!Ref RecordingStorage, "s3" ], !Equals [!Ref S3RecordingsBucketName, ""] ]
|
||||
|
||||
Rules:
|
||||
ValidateParametersS3Local:
|
||||
RuleCondition:
|
||||
Fn::Equals: [!Ref RecordingStorage, "local" ]
|
||||
Assertions:
|
||||
- AssertDescription: If Recording Storage is 'local', you don't need to define an S3 bucket
|
||||
Assert:
|
||||
Fn::Equals: [!Ref S3RecordingsBucketName, ""]
|
||||
|
||||
Resources:
|
||||
|
||||
|
|
@ -312,6 +342,42 @@ Resources:
|
|||
- 'route53:ChangeResourceRecordSets'
|
||||
- 'route53:ListHostedZones'
|
||||
Resource: '*'
|
||||
- Fn::If:
|
||||
# Only apply this policies if S3 is configured
|
||||
- RecordingStorageIsS3
|
||||
- Effect: Allow
|
||||
Action:
|
||||
- 's3:DeleteObject'
|
||||
- 's3:GetObject'
|
||||
- 's3:PutObject'
|
||||
Resource:
|
||||
- Fn::If:
|
||||
# Get bucket name depending if the user defines a bucket name or not
|
||||
- S3RecordingsBucketNamePresent
|
||||
- !Join [ "", [ 'arn:aws:s3:::', !Ref S3RecordingsBucketName, '/*'] ]
|
||||
- !Join [ "", [ 'arn:aws:s3:::', !Ref AWS::StackName, '-recordings', '/*'] ]
|
||||
- Ref: AWS::NoValue
|
||||
- Fn::If:
|
||||
# Only apply this policies if S3 is configured
|
||||
- RecordingStorageIsS3
|
||||
- Effect: Allow
|
||||
Action:
|
||||
- 's3:ListBucket'
|
||||
Resource:
|
||||
- Fn::If:
|
||||
# Get bucket name depending if the user defines a bucket name or not
|
||||
- S3RecordingsBucketNamePresent
|
||||
- !Join [ "", [ 'arn:aws:s3:::', !Ref S3RecordingsBucketName ] ]
|
||||
- !Join [ "", [ 'arn:aws:s3:::', !Ref AWS::StackName, '-recordings' ] ]
|
||||
- Ref: AWS::NoValue
|
||||
- Fn::If:
|
||||
# Only apply this policies if S3 is configured
|
||||
- RecordingStorageIsS3
|
||||
- Effect: Allow
|
||||
Action:
|
||||
- s3:ListAllMyBuckets
|
||||
Resource: 'arn:aws:s3:::'
|
||||
- Ref: AWS::NoValue
|
||||
RoleName: !Join [ "-", [ OpenViduManageEC2Role, !Ref 'AWS::StackName', !Ref 'AWS::Region'] ]
|
||||
|
||||
OpenviduInstancesProfile:
|
||||
|
|
@ -324,6 +390,20 @@ Resources:
|
|||
DependsOn:
|
||||
- OpenViduManageEC2Role
|
||||
|
||||
S3bucket:
|
||||
Type: 'AWS::S3::Bucket'
|
||||
Properties:
|
||||
BucketName: !Join [ "", [ !Ref 'AWS::StackName', '-recordings' ] ]
|
||||
AccessControl: Private
|
||||
PublicAccessBlockConfiguration:
|
||||
BlockPublicAcls: true
|
||||
BlockPublicPolicy: true
|
||||
IgnorePublicAcls : true
|
||||
RestrictPublicBuckets: true
|
||||
DeletionPolicy: Retain
|
||||
UpdateReplacePolicy: Retain
|
||||
Condition: CreateS3Bucket
|
||||
|
||||
OpenViduServer:
|
||||
Type: AWS::EC2::Instance
|
||||
Metadata:
|
||||
|
|
@ -404,7 +484,18 @@ Resources:
|
|||
sed -i "s/WITH_APP=true/WITH_APP=false/" $WORKINGDIR/docker-compose.yml
|
||||
rm $WORKINGDIR/docker-compose.override.yml
|
||||
fi
|
||||
|
||||
# S3 Configuration
|
||||
if [ "${RecordingStorage}" == "s3" ]; then
|
||||
sed -i "s/#OPENVIDU_PRO_RECORDING_STORAGE=/OPENVIDU_PRO_RECORDING_STORAGE=s3" $WORKINGDIR/.env
|
||||
if [ ! -z "${S3RecordingsBucketName}" ]; then
|
||||
sed -i "s/#OPENVIDU_PRO_AWS_S3_BUCKET=/OPENVIDU_PRO_AWS_S3_BUCKET=${S3RecordingsBucketName}" $WORKINGDIR/.env
|
||||
else
|
||||
sed -i "s/#OPENVIDU_PRO_AWS_S3_BUCKET=/OPENVIDU_PRO_AWS_S3_BUCKET=${s3BucketName}" $WORKINGDIR/.env
|
||||
fi
|
||||
fi
|
||||
- kmsAmi: !FindInMap [KMSAMIMAP, !Ref 'AWS::Region', AMI]
|
||||
s3BucketName: !Join [ "", [ !Ref 'AWS::StackName', '-recordings' ] ]
|
||||
mode: "000755"
|
||||
owner: "root"
|
||||
group: "root"
|
||||
|
|
@ -453,7 +544,7 @@ Resources:
|
|||
owner: "root"
|
||||
group: "root"
|
||||
'/usr/local/bin/create_security_group_rules.sh':
|
||||
content: !Sub |
|
||||
content: |
|
||||
#!/bin/bash -x
|
||||
SECGRPIDKMS=$(/usr/local/bin/getSecurityGroupKms.sh)
|
||||
SECGRPIDOV=$(/usr/local/bin/getSecurityGroupOpenVidu.sh)
|
||||
|
|
@ -471,7 +562,7 @@ Resources:
|
|||
owner: "root"
|
||||
group: "root"
|
||||
'/usr/local/bin/restartPRO.sh':
|
||||
content: !Sub |
|
||||
content: |
|
||||
#!/bin/bash -x
|
||||
WORKINGDIR=/opt/openvidu
|
||||
|
||||
|
|
|
|||
|
|
@ -138,6 +138,34 @@ OPENVIDU_RECORDING=false
|
|||
# Use recording module with debug mode.
|
||||
OPENVIDU_RECORDING_DEBUG=false
|
||||
|
||||
# Where to store recording files. Can be “local” (local storage) or “s3” (AWS bucket).
|
||||
# You will need to define a OPENVIDU_PRO_AWS_S3_BUCKET if you use it.
|
||||
#OPENVIDU_PRO_RECORDING_STORAGE=
|
||||
|
||||
# S3 Bucket where to store recording files. May include paths to allow navigating
|
||||
# folder structures inside the bucket. This property is only taken into account
|
||||
# if OPENVIDU_PRO_RECORDING_STORAGE=s3
|
||||
#OPENVIDU_PRO_AWS_S3_BUCKET=
|
||||
|
||||
# AWS credentials access key. Must have read and write permissions over the bucket.
|
||||
# If not provided, then the internal S3 client will try to use the default AWS credentials
|
||||
# of the machine (if available). This property is only taken into account if
|
||||
# OPENVIDU_PRO_RECORDING_STORAGE=s3
|
||||
# If you're instance has a role which has access to read
|
||||
# and write into the s3 bucket, you don't need this parameter
|
||||
# OPENVIDU_PRO_AWS_ACCESS_KEY=
|
||||
|
||||
# AWS credentials secret key from OPENVIDU_PRO_AWS_ACCESS_KEY. This property is only
|
||||
# taken into account if OPENVIDU_PRO_RECORDING_STORAGE=s3
|
||||
# If you're instance has a role which has access to read
|
||||
# and write into the s3 bucket, you don't need this parameter
|
||||
# OPENVIDU_PRO_AWS_SECRET_KEY=
|
||||
|
||||
# AWS region in which the S3 bucket is located (e.g. eu-west-1). If not provided,
|
||||
# the region will try to be discovered automatically, although this is not always possible.
|
||||
# This property is only taken into account if OPENVIDU_PRO_RECORDING_STORAGE=s3
|
||||
# OPENVIDU_PRO_AWS_REGION=
|
||||
|
||||
# Openvidu Folder Record used for save the openvidu recording videos. Change it
|
||||
# with the folder you want to use from your host.
|
||||
OPENVIDU_RECORDING_PATH=/opt/openvidu/recordings
|
||||
|
|
|
|||
Loading…
Reference in New Issue