From 14c094ece10d3ac1e7afb3501a4b3b830287fc3a Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Thu, 7 Apr 2022 10:13:16 +0200 Subject: [PATCH] improve systemd docs and simplify config file arithmetics --- .make/release.mk | 1 + docs/ocis/config.md | 11 ++++---- docs/ocis/deployment/systemd.md | 20 ++++++++++----- ocis-pkg/config/defaults/paths.go | 41 +++++++++++++++++++++++++++--- ocis-pkg/config/helpers.go | 34 ++++++++++--------------- ocis/docker/Dockerfile.linux.amd64 | 7 +++-- ocis/docker/Dockerfile.linux.arm | 7 +++-- ocis/docker/Dockerfile.linux.arm64 | 7 +++-- 8 files changed, 87 insertions(+), 41 deletions(-) diff --git a/.make/release.mk b/.make/release.mk index 30c3ac08fda..d4dd4286d0d 100644 --- a/.make/release.mk +++ b/.make/release.mk @@ -11,6 +11,7 @@ release-dirs: # docker specific packaging flags DOCKER_LDFLAGS += -X "$(OCIS_REPO)/ocis-pkg/config/defaults.BaseDataPathType=path" -X "$(OCIS_REPO)/ocis-pkg/config/defaults.BaseDataPathValue=/var/lib/ocis" +DOCKER_LDFLAGS += -X "$(OCIS_REPO)/ocis-pkg/config/defaults.BaseConfigPathType=path" -X "$(OCIS_REPO)/ocis-pkg/config/defaults.BaseConfigPathValue=/etc/ocis" release-linux-docker-amd64: release-dirs GOOS=linux \ diff --git a/docs/ocis/config.md b/docs/ocis/config.md index a07e1272578..e03d217ef5f 100644 --- a/docs/ocis/config.md +++ b/docs/ocis/config.md @@ -39,15 +39,16 @@ Let's explore the various flows with examples and workflows. Let's explore with examples this approach. -#### Expected loading locations: +#### Expected loading locations -- `$HOME/.ocis/config/` -- `/etc/ocis/` -- `.config/` +- docker images: `/etc/ocis` +- binary releases: `$HOME/.ocis/config/` followed by the extension name. When configuring the proxy, a valid full path that will get loaded is `$HOME/.ocis/config/proxy.yaml`. -#### Only config files +You can always set another directory as config path in the environment variable `OCIS_CONFIG_DIR`. + +#### Only config files The following config files are present in the default loading locations: diff --git a/docs/ocis/deployment/systemd.md b/docs/ocis/deployment/systemd.md index 8ac0a1d8f27..0eac23aa652 100644 --- a/docs/ocis/deployment/systemd.md +++ b/docs/ocis/deployment/systemd.md @@ -10,17 +10,18 @@ geekdocFilePath: systemd.md {{< toc >}} ## Install the oCIS binary + Download the oCIS binary of your preferred version and for your CPU architecture and operating system from [download.owncloud.com](https://download.owncloud.com/ocis/ocis). Rename the downloaded binary to `ocis` and move it to `/usr/bin/`. As a next step, you need to mark it as executable with `chmod +x /usr/bin/ocis`. When you now run `ocis help` on your command line, you should see the available options for the oCIS command. - ## Systemd service definition Create the Systemd service definition for oCIS in the file `/etc/systemd/system/ocis.service` with following content: -``` + +```systemd [Unit] Description=OCIS server @@ -36,19 +37,23 @@ Restart=always WantedBy=multi-user.target ``` -For reasons of simplicity we are using the root user and group to run oCIS which is not recommended. Please use a non-root user in production environments and modify the oCIS service definition accordingly. - +{{< hint danger >}} +For reasons of simplicity we are using the root user and group to run oCIS, which is not recommended. Please use only privileged users in production environments and modify the oCIS service definition accordingly. +{{< /hint >}} In the service definition we referenced `/etc/ocis/ocis.env` as our file containing environment variables for the oCIS process. In order to create the file we need first to create the folder `/etc/ocis/` and than we can add the actual `/etc/ocis/ocis.env` with following content: -``` -OCIS_URL=https://some-hostname-or-ip:9200 +```bash +OCIS_URL=https://some-host-or-ip:9200 PROXY_HTTP_ADDR=0.0.0.0:9200 OCIS_INSECURE=false OCIS_LOG_LEVEL=error +OCIS_BASE_DATA_PATH=/var/lib/ocis +OCIS_CONFIG_DIR=/etc/ocis + GLAUTH_LDAPS_CERT=/etc/ocis/ldap/ldaps.crt GLAUTH_LDAPS_KEY=/etc/ocis/ldap/ldaps.key IDP_TRANSPORT_TLS_CERT=/etc/ocis/idp/server.crt @@ -59,6 +64,9 @@ PROXY_TRANSPORT_TLS_KEY=/etc/ocis/proxy/server.key Please change your `OCIS_URL` in order to reflect your actual deployment. If you are using self signed certificates you need to set `OCIS_INSECURE=true` in `/etc/ocis/ocis.env`. +In the `ocis.env` file we configured oCIS to store all data in `/var/lib/ocis`, so you need to create that folder and make it writeable for the ocis user (see user / group in the systemd file). + +If you add oCIS config files in `/etc/ocis`, you need to ensure that the directory and config file is readable by the oCIS process's user / group. ## Starting the oCIS service diff --git a/ocis-pkg/config/defaults/paths.go b/ocis-pkg/config/defaults/paths.go index 9980daedaa6..ce833fdef75 100644 --- a/ocis-pkg/config/defaults/paths.go +++ b/ocis-pkg/config/defaults/paths.go @@ -10,16 +10,16 @@ const () var ( // switch between modes - BaseDataPathType = "homedir" - // don't read from this, only write + BaseDataPathType = "homedir" // or "path" + // default data path BaseDataPathValue = "/var/lib/ocis" ) func BaseDataPath() string { // It is not nice to have hidden / secrete configuration options - // But how can we update the base path for every occurence with a flageset option? - // This is currenlty not possible and needs a new configuration concept + // But how can we update the base path for every occurrence with a flagset option? + // This is currently not possible and needs a new configuration concept p := os.Getenv("OCIS_BASE_DATA_PATH") if p != "" { return p @@ -40,3 +40,36 @@ func BaseDataPath() string { return "" } } + +var ( + // switch between modes + BaseConfigPathType = "homedir" // or "path" + // default config path + BaseConfigPathValue = "/etc/ocis" +) + +func BaseConfigPath() string { + + // It is not nice to have hidden / secrete configuration options + // But how can we update the base path for every occurrence with a flagset option? + // This is currently not possible and needs a new configuration concept + p := os.Getenv("OCIS_CONFIG_DIR") + if p != "" { + return p + } + + switch BaseConfigPathType { + case "homedir": + dir, err := os.UserHomeDir() + if err != nil { + // fallback to BaseConfigPathValue for users without home + return BaseConfigPathValue + } + return path.Join(dir, ".ocis") + case "path": + return BaseConfigPathValue + default: + log.Fatalf("BaseConfigPathType %s not found", BaseConfigPathType) + return "" + } +} diff --git a/ocis-pkg/config/helpers.go b/ocis-pkg/config/helpers.go index 6eac8984757..ee005500fb2 100644 --- a/ocis-pkg/config/helpers.go +++ b/ocis-pkg/config/helpers.go @@ -8,37 +8,31 @@ import ( gofig "github.com/gookit/config/v2" gooyaml "github.com/gookit/config/v2/yaml" + "github.com/owncloud/ocis/ocis-pkg/config/defaults" ) var ( - defaultLocations = []string{ - filepath.Join(os.Getenv("HOME"), "/.ocis/config/"), - "/etc/ocis/", - ".config/", - } - // supportedExtensions is determined by gookit/config. + // we only support the official yaml file ending (http://yaml.org/faq.html) to + // mitigate the loading order problem. + // It would raise this question: does yaml win over yml or vice versa!? supportedExtensions = []string{ "yaml", - "yml", } + // decoderConfigTagname sets the tag name to be used from the config structs + // currently we only support "yaml" because we only support config loading + // from yaml files and the yaml parser has no simple way to set a custom tag name to use + decoderConfigTagName = "yaml" ) -// DefaultConfigSources returns a slice with matched expected config files. It sugars coat several aspects of config file -// management by assuming there are 3 default locations a config file could be. +// configSources returns a slice with matched expected config files. // It uses globbing to match a config file by name, and retrieve any supported extension supported by our drivers. // It sanitizes the output depending on the list of drivers provided. -func DefaultConfigSources(filename string, drivers []string) []string { +func configSources(filename string, drivers []string) []string { var sources []string - locations := []string{} - if v := os.Getenv("OCIS_CONFIG_DIR"); v != "" { - locations = append(locations, v) - // only use the configured config dir - locations = append(locations, os.Getenv("OCIS_CONFIG_DIR")) - } else { - // merge config from all default locations - locations = append(locations, defaultLocations...) + locations := []string{ + defaults.BaseConfigPath(), } for i := range locations { @@ -75,10 +69,10 @@ func sanitizeExtensions(set []string, ext []string, f func(a, b string) bool) [] // BindSourcesToStructs assigns any config value from a config file / env variable to struct `dst`. Its only purpose // is to solely modify `dst`, not dealing with the config structs; and do so in a thread safe manner. func BindSourcesToStructs(extension string, dst interface{}) (*gofig.Config, error) { - sources := DefaultConfigSources(extension, supportedExtensions) + sources := configSources(extension, supportedExtensions) cnf := gofig.NewWithOptions(extension) cnf.WithOptions(func(options *gofig.Options) { - options.DecoderConfig.TagName = "yaml" + options.DecoderConfig.TagName = decoderConfigTagName }) cnf.AddDriver(gooyaml.Driver) _ = cnf.LoadFiles(sources...) diff --git a/ocis/docker/Dockerfile.linux.amd64 b/ocis/docker/Dockerfile.linux.amd64 index 6729daf58b6..8d339141362 100644 --- a/ocis/docker/Dockerfile.linux.amd64 +++ b/ocis/docker/Dockerfile.linux.amd64 @@ -26,9 +26,12 @@ RUN addgroup -g 1000 -S ocis-group && \ RUN mkdir -p /var/lib/ocis && \ chown -R ocis-user:ocis-group /var/lib/ocis && \ - chmod -R 777 /var/lib/ocis + chmod -R 777 /var/lib/ocis && \ + mkdir -p /etc/ocis && \ + chown -R ocis-user:ocis-group /etc/ocis && \ + chmod -R 777 /etc/ocis -VOLUME [ "/var/lib/ocis" ] +VOLUME [ "/var/lib/ocis", "/etc/ocis" ] WORKDIR /var/lib/ocis USER 1000 diff --git a/ocis/docker/Dockerfile.linux.arm b/ocis/docker/Dockerfile.linux.arm index 922246bb051..cb6f757b85f 100644 --- a/ocis/docker/Dockerfile.linux.arm +++ b/ocis/docker/Dockerfile.linux.arm @@ -26,9 +26,12 @@ RUN addgroup -g 1000 -S ocis-group && \ RUN mkdir -p /var/lib/ocis && \ chown -R ocis-user:ocis-group /var/lib/ocis && \ - chmod -R 777 /var/lib/ocis + chmod -R 777 /var/lib/ocis && \ + mkdir -p /etc/ocis && \ + chown -R ocis-user:ocis-group /etc/ocis && \ + chmod -R 777 /etc/ocis -VOLUME [ "/var/lib/ocis" ] +VOLUME [ "/var/lib/ocis", "/etc/ocis" ] WORKDIR /var/lib/ocis USER 1000 diff --git a/ocis/docker/Dockerfile.linux.arm64 b/ocis/docker/Dockerfile.linux.arm64 index 47ccad92636..7601ed39e74 100644 --- a/ocis/docker/Dockerfile.linux.arm64 +++ b/ocis/docker/Dockerfile.linux.arm64 @@ -26,9 +26,12 @@ RUN addgroup -g 1000 -S ocis-group && \ RUN mkdir -p /var/lib/ocis && \ chown -R ocis-user:ocis-group /var/lib/ocis && \ - chmod -R 777 /var/lib/ocis + chmod -R 777 /var/lib/ocis && \ + mkdir -p /etc/ocis && \ + chown -R ocis-user:ocis-group /etc/ocis && \ + chmod -R 777 /etc/ocis -VOLUME [ "/var/lib/ocis" ] +VOLUME [ "/var/lib/ocis", "/etc/ocis" ] WORKDIR /var/lib/ocis USER 1000