pre-installation-configuration.rst

Pre-Installation Configuration

File storage

Warning

You should not change the type of storage post-installation. Your files will not be moved to the new storage automatically. You'd need to copy them over manually.

Note

For the purposes of this documentation, private content refers to project files, packages, etc. while public content refers to the style and logic files (CSS, JS, etc.) required for Kaplan Cloud to function in users' web browsers.

Local

Local file storage does not require additional configuration. Static files, which are needed for the app to function are stored at $PROJECT_DIR/staticfiles. Project files, packages and others are stored at $PROJECT_DIR/kaplancloudapp/projects.

Google Cloud Storage

Note

Kaplan Cloud depends on django-storages to offer Google Cloud Storage support.

1. Create a bucket (Create a new bucket) and make sure to set control to Fine-grained (Choose between uniform and fine-grained access). You will set the environment variables GS_PUBLIC_BUCKET_NAME and GS_PRIVATE_BUCKET_NAME to the name of this bucket.

   Note

   For your public content to be actually public, you'll need to set the environment variable GS_DEFAULT_ACL to public-read. This will not affect your private content.

2. Create a service account and make sure it has read and write access to your bucket (Creating a Service Account).
3. Create and download an access key for your service account. You will set the environment variable GOOGLE_APPLICATION_CREDENTIALS to the path to this key file.

Note

By default, public content will be saved under the /static directory, while private content will be saved under the /kaplancloudapp/projects directory. You can change these directories by setting the environment variables GS_PUBLIC_BUCKET_LOCATION and GS_PRIVATE_BUCKET_LOCATION

S3

Note

Kaplan Cloud depends on django-storages to offer S3 support.

Separate buckets for private and public content (recommended)

1. Create the public bucket (Creating a bucket). Make sure to uncheck Block all public access. You will set the environment variable S3_PUBLIC_BUCKET to the name of the bucket, and S3_REGION_NAME to the bucket's region.

2. Edit the bucket's policy to allow anonymous read access (Using bucket policies). Below is a policy example, change mypublicbucket to the name of your bucket:

   {
     "Version": "2012-10-17",
     "Statement": [
         {
             "Sid": "PublicRead",
             "Effect": "Allow",
             "Principal": "*",
             "Action": [
                 "s3:GetObject",
                 "s3:GetObjectVersion"
             ],
             "Resource": [
                 "arn:aws:s3:::mypublicbucket/*"
             ]
         }
     ]
   }

3. Create the private bucket (Creating a bucket). You will set the environment variable S3_PRIVATE_BUCKET to the name of this bucket.

4. Head over to IAM and create a policy with full access to these buckets. Change arn:aws:s3:::myprivatebucket and arn:aws:s3:::mypublicbucket to the names of your buckets (AWS IAM Docs).

   {
     "Version": "2012-10-17",
     "Statement": [
         {
             "Sid": "KaplanCloudBuckets",
             "Effect": "Allow",
             "Action": [
                 "s3:PutObject",
                 "s3:GetObjectAcl",
                 "s3:GetObject",
                 "s3:ListBucket",
                 "s3:DeleteObject",
                 "s3:PutObjectAcl"
             ],
             "Resource": [
                 "arn:aws:s3:::myprivatebucket/*",
                 "arn:aws:s3:::myprivatebucket",
                 "arn:aws:s3:::mypublicbucket/*",
                 "arn:aws:s3:::mypublicbucket"
             ]
           }
       ]
   }

5. Under Users, create a user for Access key - Programmatic access and attach the policy we created at the previous step (Creating IAM users).
6. At the final step, you will be presented with your credentials. You'll set the environment variable S3_ACCESS_KEY_ID to Access key ID, and S3_SECRET_ACCESS_KEY to Secret access key.

Note

By default, static files will be saved under /static in the public bucket, and project files will be saved under the root directory of the private bucket. You can change these directories by setting the environment variables S3_PUBLIC_BUCKET_LOCATION and S3_PRIVATE_BUCKET_LOCATION

Single bucket

1. Create a new bucket with ACL enabled and Block all public access unticked (Creating a bucket). You will set the environment variables S3_PRIVATE_BUCKET and S3_PUBLIC_BUCKET to the name of this bucket.

   Note

   For your public content to be actually public, you'll need to set the environment variable S3_DEFAULT_ACL to public-read. This will not affect your private content.

2. Head over to IAM and create a policy with full access to this bucket. Change arn:aws:s3:::mybucket to the name of your bucket (AWS IAM Docs).

   {
     "Version": "2012-10-17",
     "Statement": [
         {
             "Sid": "KaplanCloudBucket",
             "Effect": "Allow",
             "Action": [
                 "s3:PutObject",
                 "s3:GetObjectAcl",
                 "s3:GetObject",
                 "s3:ListBucket",
                 "s3:DeleteObject",
                 "s3:PutObjectAcl"
             ],
             "Resource": [
                 "arn:aws:s3:::mybucket/*",
                 "arn:aws:s3:::mybucket"
             ]
           }
       ]
   }

3. Under Users, create a user for Access key - Programmatic access and attach the policy we created at the previous step (Creating IAM users).
4. At the final step, you will be presented with your credentials. You'll set the environment variable S3_ACCESS_KEY_ID to Access key ID, and S3_SECRET_ACCESS_KEY to Secret access key.

Note

By default, public content will be saved under the /static directory, while private content will be saved under the /kaplancloudapp/projects directory. You can change these directories by setting the environment variables S3_PUBLIC_BUCKET_LOCATION and S3_PRIVATE_BUCKET_LOCATION