Fix lakefs and s3 problem

2026-03-11 17:34:08 -05:00 · 2025-10-18 22:14:24 +08:00
parent 6c30eec423
commit b5b5c56711
6 changed files with 115 additions and 43 deletions
--- a/scripts/generate_docker_compose.py
+++ b/scripts/generate_docker_compose.py
@@ -272,7 +272,8 @@ def generate_hub_api_service(config: dict) -> str:
      - KOHAKU_HUB_S3_ACCESS_KEY={config['s3_access_key']}
      - KOHAKU_HUB_S3_SECRET_KEY={config['s3_secret_key']}
      - KOHAKU_HUB_S3_BUCKET=hub-storage
-
+      - KOHAKU_HUB_S3_SIGNATURE_VERSION={config.get('s3_signature_version', 's3v2')}  # s3v2 for MinIO, s3v4 for R2/AWS S3
+{s3_region_env}
      ## ===== LakeFS Configuration =====
      - KOHAKU_HUB_LAKEFS_ENDPOINT=http://lakefs:28000
      - KOHAKU_HUB_LAKEFS_REPO_NAMESPACE=hf
@@ -416,11 +417,15 @@ def load_config_file(config_path: Path) -> dict:
            "secret_key", fallback=generate_secret(48)
        )  # 64 chars
        config["s3_region"] = s3.get("region", fallback="")
+        config["s3_signature_version"] = s3.get(
+            "signature_version", fallback="s3v2" if config["s3_builtin"] else "s3v4"
+        )  # s3v2 for MinIO, s3v4 for R2/AWS S3
    else:
        config["s3_builtin"] = True
        config["s3_endpoint"] = "http://minio:9000"
        config["s3_access_key"] = generate_secret(24)  # 32 chars
        config["s3_secret_key"] = generate_secret(48)  # 64 chars
+        config["s3_signature_version"] = "s3v2"  # Default for MinIO

    # Security section
    if parser.has_section("security"):
@@ -483,11 +488,13 @@ builtin = true
 # access_key = your-access-key
 # secret_key = your-secret-key
 # region = us-east-1
+# signature_version = s3v4  # s3v2 for MinIO, s3v4 for R2/AWS S3

 # If builtin = true, MinIO credentials are auto-generated (recommended)
 # You can override by uncommenting and setting custom values:
 # access_key = your-custom-access-key
 # secret_key = your-custom-secret-key
+# signature_version = s3v2

 [security]
 # Session and admin secrets (auto-generated if not specified)
@@ -634,12 +641,22 @@ def interactive_config() -> dict:
            config["s3_secret_key"] = ask_string("MinIO secret key")

        config["s3_endpoint"] = "http://minio:9000"
+        config["s3_signature_version"] = "s3v2"  # MinIO uses s3v2
    else:
        config["s3_endpoint"] = ask_string("S3 endpoint URL")
        config["s3_access_key"] = ask_string("S3 access key")
        config["s3_secret_key"] = ask_string("S3 secret key")
        config["s3_region"] = ask_string("S3 region", default="us-east-1")

+        # Ask about signature version for external S3
+        print()
+        print("Signature version:")
+        print("  - s3v2: MinIO (legacy)")
+        print("  - s3v4: Cloudflare R2, AWS S3 (recommended)")
+        config["s3_signature_version"] = ask_string(
+            "S3 signature version (s3v2 or s3v4)", default="s3v4"
+        )
+
    print()

    # Security Configuration