ImgUploader: add support for non-amazon S3

[emmericp]

Make hostname for S3 upload configurable to support non-Amazon S3 backends. Also add an option to use path style access as some poorly configured S3 backends sometimes don't support the default subdomain mode.

Fixes #8157

Question: how is the S3 backend usually tested? I found an integration test but no information on how it is usually run?

[marefr]

@emmericp Thanks. The issue you're referring to is closed. However, there's another one #8157. Please update PR description if you think your PR solves this feature request taking this #8157 (comment) into account.

[emmericp]

Oh, I didn't see that one. Yeah, it should work with virtually anything that implements the bare minimum of S3 because it doesn't use any advanced feature at all. I've only tested it against Ceph/radosgw which implements most S3 and most S3-compatible services you find on the Internet run it.

Updated

[stale]

This pull request has been automatically marked as stale because it has not had activity in the last 2 weeks. It will be closed in 30 days if no further activity occurs. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions!

[emmericp]

ping

[stale]

This pull request has been automatically marked as stale because it has not had activity in the last 2 weeks. It will be closed in 30 days if no further activity occurs. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions!

[emmericp]

ping. happy to provide test access to a public S3 bucket

[marefr]

We're planning to review this soon. Please have patient. Thanks

[stale]

This pull request has been automatically marked as stale because it has not had activity in the last 2 weeks. It will be closed in 30 days if no further activity occurs. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions!

[aknuds1]

LGTM!

Please note though that I renamed the 'host' setting to 'endpoint', in order to be consistent with S3 nomenclature.

[aknuds1]

Merged - thanks for contributing to Grafana!

[IamAliBaba]

Hello,
We are testing Ceph S3 capability with Grafana seems not working or no clean documentation.

"Failed to render and upload alert panel image." logger=alerting.notifier ruleId=7 error="Could not find bucket setting for image.uploader.s3"

Here is my config.

[external_image_storage.s3]
endpoint = s3.xxx.com
;path_style_access = https://s3.xxxx.com/BUCKET/
;bucket = xx-grafana-bucket
;region = us-east-1
;path =
bucket_url = https://s3.xxxx.com/xx-grafana-bucket
access_key = xxx
secret_key = xxx

Can you please give a more config info.

Thanks.

[IamAliBaba]

bellow info show that S3 works from that server .

root@dash:~# s3cmd --configure

Enter new values or accept defaults in brackets with Enter.
Refer to user manual for detailed description of all options.

Access key and Secret key are your identifiers for Amazon S3. Leave them empty for using the env variables.
Access Key [xxxxxx]:
Secret Key [xxxxx]:
Default Region [us]: us

Use "s3.amazonaws.com" for S3 Endpoint and not modify it to the target Amazon S3.
S3 Endpoint [s3.xxxxx.com]:

Use "%(bucket)s.s3.amazonaws.com" to the target Amazon S3. "%(bucket)s" and "%(location)s" vars can be used
if the target S3 system supports dns based buckets.
DNS-style bucket+hostname:port template for accessing a bucket [s3.xxxxx.com/(bucket)s]:

Encryption password is used to protect your files from reading
by unauthorized persons while in transfer to S3
Encryption password:
Path to GPG program [/usr/bin/gpg]:

When using secure HTTPS protocol all communication with Amazon S3
servers is protected from 3rd party eavesdropping. This method is
slower than plain HTTP, and can only be proxied with Python 2.7 or newer
Use HTTPS protocol [Yes]:

On some networks all internet access must go through a HTTP proxy.
Try setting it here if you can't connect to S3 directly
HTTP Proxy server name:

New settings:
Access Key: xxxxx
Secret Key: xxxxx
Default Region: us
S3 Endpoint: s3.xxxxx.com
DNS-style bucket+hostname:port template for accessing a bucket: s3.xxxx.com/(bucket)s
Encryption password:
Path to GPG program: /usr/bin/gpg
Use HTTPS protocol: True
HTTP Proxy server name:
HTTP Proxy server port: 0

Test access with supplied credentials? [Y/n] y
Please wait, attempting to list all buckets...
Success. Your access key and secret key worked fine :-)

Now verifying that encryption works...
Not configured. Never mind.

[IamAliBaba]

this is not working line.

[IamAliBaba]

Hi ,
We have non-AWS S3 and having issue with ImageUploader .

our S3 path_style_access is https://s3.xxxxxxx.com/bucket/key not https://bucket.s3.xxxxxxx.com/key .

I have this configuration on grafana.ini

[external_image_storage.s3]
endpoint = https://s3.XXXXXX.com
path_style_access = https://s3.XXXXX.com/BUCKET/KEY
bucket = XX-grafana-bucket
region = us
;path =
access_key = XXXXX
secret_key = XXXXX

i changed path_style_access to our custom but it still trying to connect to this one ` https://bucket.s3.xxxxxxx.com/key

LOG:

t=2020-12-09T07:16:37-0500 lvl=eror msg="Failed to render and upload alert panel image." logger=alerting.notifier ruleId=7 error="RequestError: send request failed\ncaused by: Put "**https://xxx-grafana-bucket.s3.xxxxxx.com/gSvYnzqm8MDUnpMyIk7X.png**\": x509: certificate is valid for *.xxxxxxxx.com, xxxxxxxx.com, not xx-grafana-bucket.s3.xxxxxxx.com"

Seems BUG.

[oddlittlebird]

Hi @IamAliBaba! I'm sorry you are having trouble with this. Please file a bug report.