From 977e92795f4578685d135623794dc6bcf92fa6b9 Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Wed, 1 Dec 2021 08:50:27 +0100 Subject: [PATCH 01/17] invidivual services deployment example --- .../examples/ocis_individual_services/.env | 44 ++++ .../ocis_individual_services/README.md | 6 + .../docker-compose.yml | 215 ++++++++++++++++++ .../docker-compose-additions.yml | 38 ++++ 4 files changed, 303 insertions(+) create mode 100644 deployments/examples/ocis_individual_services/.env create mode 100644 deployments/examples/ocis_individual_services/README.md create mode 100644 deployments/examples/ocis_individual_services/docker-compose.yml create mode 100644 deployments/examples/ocis_individual_services/monitoring_tracing/docker-compose-additions.yml diff --git a/deployments/examples/ocis_individual_services/.env b/deployments/examples/ocis_individual_services/.env new file mode 100644 index 00000000000..b05103cfc22 --- /dev/null +++ b/deployments/examples/ocis_individual_services/.env @@ -0,0 +1,44 @@ +# If you're on a internet facing server please comment out following line. +# It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates. +INSECURE=true + +### Traefik settings ### +# Serve Treafik dashboard. Defaults to "false". +TRAEFIK_DASHBOARD= +# Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test" +TRAEFIK_DOMAIN= +# Basic authentication for the dashboard. Defaults to user "admin" and password "admin" +TRAEFIK_BASIC_AUTH_USERS= +# Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server +TRAEFIK_ACME_MAIL= + +### oCIS settings ### +# oCIS version. Defaults to "latest" +OCIS_DOCKER_TAG= +# Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test" +OCIS_DOMAIN= +# IDP LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "idp". +IDP_LDAP_BIND_PASSWORD= +# Storage LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "reva". +STORAGE_LDAP_BIND_PASSWORD= +# JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4" +OCIS_JWT_SECRET= +# JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret" +STORAGE_TRANSFER_SECRET= +# Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please" +OCIS_MACHINE_AUTH_API_KEY= + +### MINIO / S3 settings ### +# Domain of MinIO where the Web UI is accessible. Defaults to "minio.owncloud.test". +MINIO_DOMAIN= +# S3 bucket name, where oCIS stores its data in. Defaults to "ocis-bucket". +MINIO_BUCKET= +# S3 bucket access key, which oCIS uses to authenticate. Defaults to "ocis". +MINIO_ACCESS_KEY= +# S3 bucket access key secret, which oCIS uses to authenticate. Defaults to "ocis-secret-key". +MINIO_SECRET_KEY= + +# If you want to use debugging and tracing with this stack, +# you need uncomment following line. Please see documentation at +# https://owncloud.dev/ocis/deployment/monitoring-tracing/ +#COMPOSE_FILE=docker-compose.yml:monitoring_tracing/docker-compose-additions.yml diff --git a/deployments/examples/ocis_individual_services/README.md b/deployments/examples/ocis_individual_services/README.md new file mode 100644 index 00000000000..41bdcd8f1b9 --- /dev/null +++ b/deployments/examples/ocis_individual_services/README.md @@ -0,0 +1,6 @@ +--- +document this deployment example in: docs/ocis/deployment/ocis_s3.md +--- + +Please refer to [our documentation](https://owncloud.dev/ocis/deployment/ocis_s3/) +for instructions on how to deploy this scenario. diff --git a/deployments/examples/ocis_individual_services/docker-compose.yml b/deployments/examples/ocis_individual_services/docker-compose.yml new file mode 100644 index 00000000000..0c30ede3830 --- /dev/null +++ b/deployments/examples/ocis_individual_services/docker-compose.yml @@ -0,0 +1,215 @@ +--- +version: "3.7" + +services: + traefik: + image: traefik:v2.5 + networks: + ocis-net: + aliases: + - ${OCIS_DOMAIN:-ocis.owncloud.test} + command: + - "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}" + # letsencrypt configuration + - "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-example@example.org}" + - "--certificatesResolvers.http.acme.storage=/certs/acme.json" + - "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http" + # enable dashboard + - "--api.dashboard=true" + # define entrypoints + - "--entryPoints.http.address=:80" + - "--entryPoints.http.http.redirections.entryPoint.to=https" + - "--entryPoints.http.http.redirections.entryPoint.scheme=https" + - "--entryPoints.https.address=:443" + # docker provider (get configuration from container labels) + - "--providers.docker.endpoint=unix:///var/run/docker.sock" + - "--providers.docker.exposedByDefault=false" + ports: + - "80:80" + - "443:443" + volumes: + - "/var/run/docker.sock:/var/run/docker.sock:ro" + - "certs:/certs" + labels: + - "traefik.enable=${TRAEFIK_DASHBOARD:-false}" + - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$apr1$4vqie50r$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin + - "traefik.http.routers.traefik.entrypoints=https" + - "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)" + - "traefik.http.routers.traefik.middlewares=traefik-auth" + - "traefik.http.routers.traefik.tls.certresolver=http" + - "traefik.http.routers.traefik.service=api@internal" + logging: + driver: "local" + restart: always + + ocis-proxy: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: 1 + networks: + ocis-net: + entrypoint: + - ocis + - proxy + - server + environment: + ### individual ### + PROXY_TLS: "false" # do not use SSL between Traefik and oCIS + ### common ### + OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} + OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose + # change default secrets + IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp} + STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva} + OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} + OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} + # INSECURE: needed if oCIS / Traefik is using self generated certificates + OCIS_INSECURE: "${INSECURE:-false}" + volumes: + - ocis-data:/var/lib/ocis + labels: + - "traefik.enable=true" + - "traefik.http.routers.ocis.entrypoints=https" + - "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)" + - "traefik.http.routers.ocis.tls.certresolver=http" + - "traefik.http.routers.ocis.service=ocis" + - "traefik.http.services.ocis.loadbalancer.server.port=9200" + logging: + driver: "local" + restart: always + + + ocis-gateway: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: 1 + networks: + ocis-net: + entrypoint: + - ocis + - storage-gateway + - server + environment: + ### individual ### + STORAGE_GATEWAY_GRPC_ADDR: 0.0.0.0:9142 + ### common ### + OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} + OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose + # change default secrets + IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp} + STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva} + OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} + OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} + # INSECURE: needed if oCIS / Traefik is using self generated certificates + OCIS_INSECURE: "${INSECURE:-false}" + volumes: + - ocis-data:/var/lib/ocis + logging: + driver: "local" + restart: always + + ocis-accounts: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: 1 + networks: + ocis-net: + entrypoint: + - ocis + - accounts + - server + environment: + ### individual ### + ACCOUNTS_GRPC_ADDR: 0.0.0.0:9180 + ACCOUNTS_HTTP_ADDR: 0.0.0.0:9181 + ACCOUNTS_STORAGE_CS3_PROVIDER_ADDR: ocis-metadata-storage:9215 + ### common ### + OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} + OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose + # change default secrets + IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp} + STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva} + OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} + OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} + # INSECURE: needed if oCIS / Traefik is using self generated certificates + OCIS_INSECURE: "${INSECURE:-false}" + volumes: + - ocis-data:/var/lib/ocis + logging: + driver: "local" + restart: always + + + ocis-metadata-storage: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: 1 + networks: + ocis-net: + entrypoint: + - ocis + - storage-metadata + - server + environment: + ### individual ### + STORAGE_METADATA_GRPC_PROVIDER_ADDR: 0.0.0.0:9215 + ### common ### + OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} + OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose + # change default secrets + IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp} + STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva} + OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} + OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} + # INSECURE: needed if oCIS / Traefik is using self generated certificates + OCIS_INSECURE: "${INSECURE:-false}" + volumes: + - ocis-data:/var/lib/ocis + logging: + driver: "local" + restart: always + + + ocis-idp: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: 1 + networks: + ocis-net: + entrypoint: + - ocis + - storage-metadata + - idp + environment: + ### individual ### + IDP_HTTP_ADDR: 0.0.0.0:9130 + ### common ### + OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} + OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose + # change default secrets + IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp} + STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva} + OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} + OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} + # INSECURE: needed if oCIS / Traefik is using self generated certificates + OCIS_INSECURE: "${INSECURE:-false}" + + volumes: + - ocis-data:/var/lib/ocis + logging: + driver: "local" + restart: always + + +volumes: + certs: + ocis-data: + minio-data: + +networks: + ocis-net: diff --git a/deployments/examples/ocis_individual_services/monitoring_tracing/docker-compose-additions.yml b/deployments/examples/ocis_individual_services/monitoring_tracing/docker-compose-additions.yml new file mode 100644 index 00000000000..a077eda65d3 --- /dev/null +++ b/deployments/examples/ocis_individual_services/monitoring_tracing/docker-compose-additions.yml @@ -0,0 +1,38 @@ +--- +version: "3.7" + +services: + ocis: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + APP_PROVIDER_DEBUG_ADDR: 0.0.0.0:9165 + GLAUTH_DEBUG_ADDR: 0.0.0.0:9129 + GRAPH_DEBUG_ADDR: 0.0.0.0:9124 + GRAPH_EXPLORER_DEBUG_ADDR: 0.0.0.0:9136 + IDP_DEBUG_ADDR: 0.0.0.0:9134 + OCS_DEBUG_ADDR: 0.0.0.0:9114 + PROXY_DEBUG_ADDR: 0.0.0.0:9205 + SETTINGS_DEBUG_ADDR: 0.0.0.0:9194 + STORAGE_AUTH_BASIC_DEBUG_ADDR: 0.0.0.0:9147 + STORAGE_AUTH_BEARER_DEBUG_ADDR: 0.0.0.0:9149 + STORAGE_AUTH_MACHINE_DEBUG_ADDR: 0.0.0.0:9167 + STORAGE_FRONTEND_DEBUG_ADDR: 0.0.0.0:9141 + STORAGE_GATEWAY_DEBUG_ADDR: 0.0.0.0:9143 + STORAGE_GROUPPROVIDER_DEBUG_ADDR: 0.0.0.0:9161 + STORAGE_HOME_DEBUG_ADDR: 0.0.0.0:9156 + STORAGE_METADATA_DEBUG_ADDR: 0.0.0.0:9217 + STORAGE_PUBLIC_LINK_DEBUG_ADDR: 0.0.0.0:9179 + STORAGE_USERPROVIDER_DEBUG_ADDR: 0.0.0.0:9145 + STORAGE_USERS_DEBUG_ADDR: 0.0.0.0:9159 + STORAGE_SHARING_DEBUG_ADDR: 0.0.0.0:9151 + STORE_DEBUG_ADDR: 0.0.0.0:9464 + THUMBNAILS_DEBUG_ADDR: 0.0.0.0:9189 + WEB_DEBUG_ADDR: 0.0.0.0:9104 + WEBDAV_DEBUG_ADDR: 0.0.0.0:9119 + +networks: + ocis-net: + external: true From a02a314ead31c507069c86b99086678197c68275 Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Thu, 16 Dec 2021 10:57:07 +0100 Subject: [PATCH 02/17] work on --- .../examples/ocis_individual_services/.env | 30 +- .../config/proxy.json | 103 +++ .../docker-compose.yml | 696 +++++++++++++++--- 3 files changed, 720 insertions(+), 109 deletions(-) create mode 100644 deployments/examples/ocis_individual_services/config/proxy.json diff --git a/deployments/examples/ocis_individual_services/.env b/deployments/examples/ocis_individual_services/.env index b05103cfc22..e80d98594ae 100644 --- a/deployments/examples/ocis_individual_services/.env +++ b/deployments/examples/ocis_individual_services/.env @@ -14,29 +14,19 @@ TRAEFIK_ACME_MAIL= ### oCIS settings ### # oCIS version. Defaults to "latest" -OCIS_DOCKER_TAG= +OCIS_DOCKER_TAG=dev # Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test" OCIS_DOMAIN= -# IDP LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "idp". -IDP_LDAP_BIND_PASSWORD= -# Storage LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "reva". -STORAGE_LDAP_BIND_PASSWORD= -# JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4" -OCIS_JWT_SECRET= -# JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret" -STORAGE_TRANSFER_SECRET= -# Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please" -OCIS_MACHINE_AUTH_API_KEY= -### MINIO / S3 settings ### -# Domain of MinIO where the Web UI is accessible. Defaults to "minio.owncloud.test". -MINIO_DOMAIN= -# S3 bucket name, where oCIS stores its data in. Defaults to "ocis-bucket". -MINIO_BUCKET= -# S3 bucket access key, which oCIS uses to authenticate. Defaults to "ocis". -MINIO_ACCESS_KEY= -# S3 bucket access key secret, which oCIS uses to authenticate. Defaults to "ocis-secret-key". -MINIO_SECRET_KEY= +OCIS_LOG_PRETTY= +OCIS_LOG_COLOR= +OCIS_LOG_LEVEL= + +OCIS_SCALE=1 + +OCIS_JWT_SECRET=foobaz + +OCIS_MACHINE_AUTH_API_KEY=lorem123 # If you want to use debugging and tracing with this stack, # you need uncomment following line. Please see documentation at diff --git a/deployments/examples/ocis_individual_services/config/proxy.json b/deployments/examples/ocis_individual_services/config/proxy.json new file mode 100644 index 00000000000..5775c4dcacc --- /dev/null +++ b/deployments/examples/ocis_individual_services/config/proxy.json @@ -0,0 +1,103 @@ +{ + "HTTP": { + "Namespace": "com.owncloud" + }, + "policy_selector": { + "static": { + "policy": "ocis" + } + }, + "policies": [ + { + "name": "ocis", + "routes": [ + { + "endpoint": "/", + "backend": "http://web:9100" + }, + { + "endpoint": "/.well-known/", + "backend": "http://idp:9130" + }, + { + "endpoint": "/konnect/", + "backend": "http://idp:9130" + }, + { + "endpoint": "/signin/", + "backend": "http://idp:9130" + }, + { + "type": "regex", + "endpoint": "/ocs/v[12].php/cloud/(users?|groups)", + "backend": "http://ocs:9110" + }, + { + "endpoint": "/ocs/", + "backend": "http://storage-frontend:9140" + }, + { + "type": "query", + "endpoint": "/remote.php/?preview=1", + "backend": "http://webdav:9115" + }, + { + "endpoint": "/remote.php/", + "backend": "http://storage-frontend:9140" + }, + { + "endpoint": "/dav/", + "backend": "http://storage-frontend:9140" + }, + { + "endpoint": "/webdav/", + "backend": "http://storage-frontend:9140" + }, + { + "endpoint": "/status.php", + "backend": "http://storage-frontend:9140" + }, + { + "endpoint": "/index.php/", + "backend": "http://storage-frontend:9140" + }, + { + "endpoint": "/data", + "backend": "http://storage-frontend:9140" + }, + { + "endpoint": "/app/", + "backend": "http://storage-frontend:9140" + }, + { + "endpoint": "/archiver", + "backend": "http://storage-frontend:9140" + }, + { + "endpoint": "/graph/", + "backend": "http://graph:9120" + }, + { + "endpoint": "/graph-explorer/", + "backend": "http://graph-explorer:9135" + }, + { + "endpoint": "/api/v0/accounts", + "backend": "http://accounts:9181" + }, + { + "endpoint": "/accounts.js", + "backend": "http://accounts:9181" + }, + { + "endpoint": "/api/v0/settings", + "backend": "http://settings:9190" + }, + { + "endpoint": "/settings.js", + "backend": "http://settings:9190" + } + ] + } + ] + } \ No newline at end of file diff --git a/deployments/examples/ocis_individual_services/docker-compose.yml b/deployments/examples/ocis_individual_services/docker-compose.yml index 0c30ede3830..37cacf1291d 100644 --- a/deployments/examples/ocis_individual_services/docker-compose.yml +++ b/deployments/examples/ocis_individual_services/docker-compose.yml @@ -29,10 +29,10 @@ services: - "443:443" volumes: - "/var/run/docker.sock:/var/run/docker.sock:ro" - - "certs:/certs" + - "traefik-certs:/certs" labels: - "traefik.enable=${TRAEFIK_DASHBOARD:-false}" - - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$apr1$4vqie50r$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin + - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$$apr1$$4vqie50r$$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin - "traefik.http.routers.traefik.entrypoints=https" - "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)" - "traefik.http.routers.traefik.middlewares=traefik-auth" @@ -42,32 +42,39 @@ services: driver: "local" restart: always - ocis-proxy: + proxy: image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} deploy: - replicas: 1 + replicas: ${OCIS_SCALE:-1} networks: - ocis-net: + ocis-net: null entrypoint: - ocis - proxy - server environment: - ### individual ### + PROXY_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + PROXY_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + PROXY_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + PROXY_TLS: "false" # do not use SSL between Traefik and oCIS - ### common ### - OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} - OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose - # change default secrets - IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp} - STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva} - OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} - STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} - OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} - # INSECURE: needed if oCIS / Traefik is using self generated certificates - OCIS_INSECURE: "${INSECURE:-false}" + + PROXY_ENABLE_BASIC_AUTH: "true" #TODO: only for testing purposes + + REVA_GATEWAY: storage-gateway:9142 + + PROXY_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + PROXY_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} + PROXY_INSECURE_BACKENDS: false + + PROXY_OIDC_INSECURE: "true" #TODO: insecure + PROXY_OIDC_ISSUER: https://${OCIS_DOMAIN:-ocis.owncloud.test} + + PROXY_AUTOPROVISION_ACCOUNTS: "true" + + PROXY_HTTP_ADDR: 0.0.0.0:9200 volumes: - - ocis-data:/var/lib/ocis + - "./config/proxy.json:/etc/ocis/proxy.json" #TODO: add config labels: - "traefik.enable=true" - "traefik.http.routers.ocis.entrypoints=https" @@ -79,137 +86,648 @@ services: driver: "local" restart: always + accounts: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: 1 + networks: + ocis-net: null + entrypoint: + - ocis + - accounts + - server #TODO: change bind users' passwords + environment: + ACCOUNTS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + ACCOUNTS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + ACCOUNTS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + ACCOUNTS_HTTP_ADDR: 0.0.0.0:9181 + ACCOUNTS_GRPC_ADDR: 0.0.0.0:9180 + + ACCOUNTS_STORAGE_BACKEND: cs3 + ACCOUNTS_STORAGE_CS3_PROVIDER_ADDR: storage-metadata:9215 + # TODO: remove one of those two jwt secrets + ACCOUNTS_JWT_SECRET: ${OCIS_METADATA_JWT_SECRET:-Pive-Fumkiu4} + ACCOUNTS_STORAGE_CS3_JWT_SECRET: ${OCIS_METADATA_JWT_SECRET:-Pive-Fumkiu4} + logging: + driver: "local" + restart: always + + glauth: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: ${OCIS_SCALE:-1} + networks: + ocis-net: null + entrypoint: + - ocis + - glauth + - server + environment: + GLAUTH_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + GLAUTH_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + GLAUTH_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + GLAUTH_LDAP_ADDR: 0.0.0.0:9125 + GLAUTH_LDAPS_ADDR: 0.0.0.0:9126 + + GLAUTH_BACKEND_INSECURE: "true" #TODO: insecure + logging: + driver: "local" + restart: always + + idp: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: 1 + networks: + ocis-net: null + entrypoint: + - ocis + - idp + - server + environment: + IDP_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + IDP_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + IDP_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + IDP_HTTP_ADDR: 0.0.0.0:9130 + + IDP_LDAP_URI: ldap://glauth:9125 + #IDP_LDAP_BIND_DN: #TODO: change + #IDP_LDAP_BIND_PASSWORD: + + IDP_ISS: https://${OCIS_DOMAIN:-ocis.owncloud.test} + IDP_INSECURE: true #TODO: insecure + logging: + driver: "local" + restart: always + + ocs: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: ${OCIS_SCALE:-1} + networks: + ocis-net: null + entrypoint: + - ocis + - ocs + - server + environment: + OCIS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + OCS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + OCS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + OCS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + OCS_HTTP_ADDR: 0.0.0.0:9110 + + OCS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + OCS_ACCOUNT_BACKEND_TYPE: accounts - ocis-gateway: + REVA_GATEWAY: storage-gateway:9142 + OCS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} + + OCS_IDM_ADDRESS: https://${OCIS_DOMAIN:-ocis.owncloud.test} + logging: + driver: "local" + restart: always + + settings: image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} deploy: replicas: 1 networks: - ocis-net: + ocis-net: null entrypoint: - ocis - - storage-gateway + - settings - server environment: - ### individual ### - STORAGE_GATEWAY_GRPC_ADDR: 0.0.0.0:9142 - ### common ### - OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} - OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose - # change default secrets - IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp} - STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva} - OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} - STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} - OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} - # INSECURE: needed if oCIS / Traefik is using self generated certificates - OCIS_INSECURE: "${INSECURE:-false}" + SETTINGS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + SETTINGS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + SETTINGS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + SETTINGS_HTTP_ADDR: 0.0.0.0:9190 + SETTINGS_GRPC_ADDR: 0.0.0.0:9191 + + SETTINGS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} volumes: - - ocis-data:/var/lib/ocis + - "ocis-settings:/var/lib/ocis" #TODO: /settings" logging: driver: "local" restart: always - ocis-accounts: + store: image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} deploy: replicas: 1 networks: - ocis-net: + ocis-net: null entrypoint: - ocis - - accounts + - store - server environment: - ### individual ### - ACCOUNTS_GRPC_ADDR: 0.0.0.0:9180 - ACCOUNTS_HTTP_ADDR: 0.0.0.0:9181 - ACCOUNTS_STORAGE_CS3_PROVIDER_ADDR: ocis-metadata-storage:9215 - ### common ### - OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} - OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose - # change default secrets - IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp} - STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva} - OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} - STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} - OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} - # INSECURE: needed if oCIS / Traefik is using self generated certificates - OCIS_INSECURE: "${INSECURE:-false}" + STORE_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + STORE_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + STORE_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + STORE_GRPC_ADDR: 0.0.0.0:9460 + volumes: + - "ocis-settings:/var/lib/ocis" #TODO: /store" + logging: + driver: "local" + restart: always + + thumbnails: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: ${OCIS_SCALE:-1} + networks: + ocis-net: null + entrypoint: + - ocis + - thumbnails + - server + environment: + THUMBNAILS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + THUMBNAILS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + THUMBNAILS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + THUMBNAILS_GRPC_ADDR: 0.0.0.0:9185 + + THUMBNAILS_CS3SOURCE_INSECURE: "true" #TODO: insecure + REVA_GATEWAY: storage-gateway:9142 + + # optional shared thumbnail cache between services volumes: - - ocis-data:/var/lib/ocis + - "ocis-settings:/var/lib/ocis" #TODO /thumbnails" + logging: + driver: "local" + restart: always + + web: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: ${OCIS_SCALE:-1} + networks: + ocis-net: null + entrypoint: + - ocis + - web + - server + environment: + WEB_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + WEB_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + WEB_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + WEB_HTTP_ADDR: 0.0.0.0:9100 + + WEB_OIDC_AUTHORITY: https://${OCIS_DOMAIN:-ocis.owncloud.test} + WEB_UI_THEME_SERVER: https://${OCIS_DOMAIN:-ocis.owncloud.test} + WEB_UI_CONFIG_SERVER: https://${OCIS_DOMAIN:-ocis.owncloud.test} logging: driver: "local" restart: always - ocis-metadata-storage: + # TODO: this webdav service handles only thumbnails + webdav: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: ${OCIS_SCALE:-1} + networks: + ocis-net: null + entrypoint: + - ocis + - webdav + - server + environment: + WEBDAV_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + WEBDAV_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + WEBDAV_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + WEBDAV_HTTP_ADDR: 0.0.0.0:9115 + + OCIS_PUBLIC_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} + logging: + driver: "local" + restart: always + + graph: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: ${OCIS_SCALE:-1} + networks: + ocis-net: null + entrypoint: + - ocis + - graph + - server + environment: + GRAPH_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + GRAPH_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + GRAPH_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + GRAPH_HTTP_ADDR: 0.0.0.0:9120 + GRAPH_SPACES_WEBDAV_BASE: https://${OCIS_DOMAIN:-ocis.owncloud.test} + + REVA_GATEWAY: storage-gateway:9142 + GRAPH_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + + GRAPH_LDAP_URI: ldap://glauth:9125 + logging: + driver: "local" + restart: always + + # TODO: add graph-explorer + + storage-metadata: image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} deploy: replicas: 1 networks: - ocis-net: + ocis-net: null entrypoint: - ocis - storage-metadata - server environment: - ### individual ### + OCIS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" #TODO: storage services don't have a dedicated log setting + OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + STORAGE_HOME_DATAPROVIDER_INSECURE: "true" #TODO: insecure + STORAGE_METADATA_GRPC_PROVIDER_ADDR: 0.0.0.0:9215 - ### common ### - OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} - OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose - # change default secrets - IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp} - STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva} - OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + STORAGE_METADATA_HTTP_ADDR: 0.0.0.0:9216 + STORAGE_METADATA_DATA_SERVER_URL: http://storage-metadata:9216/data + + #TODO: for metadata this is a totally different JWT secret + OCIS_JWT_SECRET: ${OCIS_METADATA_JWT_SECRET:-Pive-Fumkiu4} + STORAGE_JWT_SECRET: ${OCIS_METADATA_JWT_SECRET:-Pive-Fumkiu4} + + #TODO: is this even needed for metadata STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} - OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} - # INSECURE: needed if oCIS / Traefik is using self generated certificates - OCIS_INSECURE: "${INSECURE:-false}" + + STORAGE_METADATA_DRIVER: ocis #TODO: switch to S3 ? + + REVA_GATEWAY: storage-gateway:9142 volumes: - - ocis-data:/var/lib/ocis + - "ocis-storage-metadata:/var/lib/ocis" #TODO: /storage/metadata" logging: driver: "local" restart: always + storage-authbasic: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: ${OCIS_SCALE:-1} + networks: + ocis-net: null + entrypoint: + - ocis + - storage-auth-basic + - server + environment: + OCIS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + STORAGE_AUTH_BASIC_GRPC_ADDR: 0.0.0.0:9146 + STORAGE_AUTH_BASIC_ENDPOINT: storage-authbasic:9146 + + STORAGE_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + REVA_GATEWAY: storage-gateway:9142 + logging: + driver: "local" + restart: always + + storage-authmachine: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: ${OCIS_SCALE:-1} + networks: + ocis-net: null + entrypoint: + - ocis + - storage-auth-machine + - server + environment: + OCIS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + STORAGE_AUTH_MACHINE_GRPC_ADDR: 0.0.0.0:9148 + STORAGE_AUTH_MACHINE_ENDPOINT: storage-authmachine:9148 + + STORAGE_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + REVA_GATEWAY: storage-gateway:9142 + logging: + driver: "local" + restart: always + + storage-authbearer: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: ${OCIS_SCALE:-1} + networks: + ocis-net: null + entrypoint: + - ocis + - storage-auth-bearer + - server + environment: + OCIS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + STORAGE_AUTH_BEARER_GRPC_ADDR: 0.0.0.0:9166 + STORAGE_AUTH_BEARER_ENDPOINT: storage-authbearer:9166 - ocis-idp: + STORAGE_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + REVA_GATEWAY: storage-gateway:9142 + logging: + driver: "local" + restart: always + + storage-home: image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} deploy: replicas: 1 networks: - ocis-net: + ocis-net: null entrypoint: - ocis - - storage-metadata - - idp + - storage-home + - server environment: - ### individual ### - IDP_HTTP_ADDR: 0.0.0.0:9130 - ### common ### - OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} - OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose - # change default secrets - IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp} - STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva} - OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + OCIS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + STORAGE_HOME_DATAPROVIDER_INSECURE: "true" #TODO: insecure + + STORAGE_HOME_DRIVER: ocis #TODO use s3? + + STORAGE_HOME_ENDPOINT: storage-home:9154 + STORAGE_HOME_GRPC_ADDR: 0.0.0.0:9154 + + STORAGE_HOME_HTTP_ADDR: 0.0.0.0:9155 + STORAGE_HOME_DATA_SERVER_URL: http://storage-home:9155/data + STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} - OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} - # INSECURE: needed if oCIS / Traefik is using self generated certificates - OCIS_INSECURE: "${INSECURE:-false}" + STORAGE_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + REVA_GATEWAY: storage-gateway:9142 + volumes: + # TODO: this is a shared volume with storage-users + - "ocis-storage-users:/var/lib/ocis" #TODO /storage/users" + logging: + driver: "local" + restart: always + + storage-users: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: 1 + networks: + ocis-net: null + entrypoint: + - ocis + - storage-users + - server + environment: + OCIS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + STORAGE_USERS_DATAPROVIDER_INSECURE: "true" #TODO: insecure + + STORAGE_USERS_DRIVER: ocis #TODO use s3? + + STORAGE_USERS_ENDPOINT: storage-users:9157 + STORAGE_USERS_GRPC_ADDR: 0.0.0.0:9157 + STORAGE_USERS_HTTP_ADDR: 0.0.0.0:9158 + STORAGE_USERS_DATA_SERVER_URL: http://storage-users:9158/data + + STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} + STORAGE_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + REVA_GATEWAY: storage-gateway:9142 volumes: - - ocis-data:/var/lib/ocis + - "ocis-storage-users:/var/lib/ocis" #TODO /storage/users" + logging: + driver: "local" + restart: always + + storage-publiclink: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: ${OCIS_SCALE:-1} + networks: + ocis-net: null + entrypoint: + - ocis + - storage-public-link + - server + environment: + OCIS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + STORAGE_PUBLIC_LINK_ENDPOINT: storage-publiclink:9178 + STORAGE_PUBLIC_GRPC_ADDR: 0.0.0.0:9178 + + STORAGE_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + REVA_GATEWAY: storage-gateway:9142 + logging: + driver: "local" + restart: always + + storage-sharing: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: 1 + networks: + ocis-net: null + entrypoint: + - ocis + - storage-sharing + - server + environment: + OCIS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + STORAGE_SHARING_ENDPOINT: storage-sharing:9150 + STORAGE_SHARING_GRPC_ADDR: 0.0.0.0:9150 + + # TODO: does this scale? + STORAGE_SHARING_USER_DRIVER: json + STORAGE_SHARING_USER_JSON_FILE: /var/lib/ocis/storage/sharing/shares.json + STORAGE_SHARING_PUBLIC_DRIVER: json + STORAGE_SHARING_PUBLIC_JSON_FILE: /var/lib/ocis/storage/sharing/publicshares.json + + STORAGE_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + REVA_GATEWAY: storage-gateway:9142 + volumes: + - "ocis-storage-sharing:/var/lib/ocis" #TODO: /storage/sharing/" + logging: + driver: "local" + restart: always + + storage-userprovider: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: ${OCIS_SCALE:-1} + networks: + ocis-net: null + entrypoint: + - ocis + - storage-userprovider + - server + environment: + OCIS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + STORAGE_USERPROVIDER_ENDPOINT: storage-userprovider:9144 + STORAGE_USERPROVIDER_ADDR: 0.0.0.0:9144 # TODO: should reflect this is GRPC + + STORAGE_USERPROVIDER_DRIVER: ldap + STORAGE_LDAP_HOSTNAME: glauth + STORAGE_LDAP_PORT: 9126 + STORAGE_LDAP_INSECURE: "true" #TODO: insecure + #STORAGE_LDAP_BIND_DN: + #STORAGE_LDAP_BIND_PASSWORD: + STORAGE_LDAP_IDP: https://${OCIS_DOMAIN:-ocis.owncloud.test} + + STORAGE_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + REVA_GATEWAY: storage-gateway:9142 logging: driver: "local" restart: always + + storage-groupprovider: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: ${OCIS_SCALE:-1} + networks: + ocis-net: null + entrypoint: + - ocis + - storage-groupprovider + - server + environment: + OCIS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + STORAGE_GROUPPROVIDER_ENDPOINT: storage-groupprovider:9160 + STORAGE_GROUPPROVIDER_ADDR: 0.0.0.0:9160 #TODO: name should reflect this is GRPC + STORAGE_GROUPPROVIDER_DRIVER: ldap + STORAGE_LDAP_HOSTNAME: glauth + STORAGE_LDAP_PORT: 9126 + STORAGE_LDAP_INSECURE: "true" #TODO: insecure + #STORAGE_LDAP_BIND_DN: + #STORAGE_LDAP_BIND_PASSWORD: + STORAGE_LDAP_IDP: https://${OCIS_DOMAIN:-ocis.owncloud.test} + + STORAGE_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + REVA_GATEWAY: storage-gateway:9142 + logging: + driver: "local" + restart: always + + storage-frontend: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: ${OCIS_SCALE:-1} + networks: + ocis-net: null + entrypoint: + - ocis + - storage-frontend + - server + environment: + STORAGE_FRONTEND_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + STORAGE_FRONTEND_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + STORAGE_FRONTEND_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + # todo: split this up in multiple services: + # - appprovider + # - archiver + # - datagateway + # - ocdav + # - ocs + + STORAGE_FRONTEND_APPPROVIDER_INSECURE: "true" + STORAGE_FRONTEND_ARCHIVER_INSECURE: "true" + STORAGE_FRONTEND_OCDAV_INSECURE: "true" + + STORAGE_FRONTEND_PUBLIC_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} + STORAGE_FRONTEND_HTTP_ADDR: 0.0.0.0:9140 + + STORAGE_SHARING_ENDPOINT: storage-sharing:9150 + + STORAGE_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + REVA_GATEWAY: storage-gateway:9142 + logging: + driver: "local" + restart: always + + storage-gateway: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: ${OCIS_SCALE:-1} + networks: + ocis-net: null + entrypoint: + - ocis + - storage-gateway + - server + environment: + OCIS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + STORAGE_GATEWAY_GRPC_ADDR: 0.0.0.0:9142 + + REVA_GATEWAY: storage-gateway:9142 + + # TODO: check naming of config options + + # TODO: check connection pool in REVA + + STORAGE_HOME_ENDPOINT: storage-home:9154 + STORAGE_USERS_ENDPOINT: storage-users:9157 + STORAGE_PUBLIC_LINK_ENDPOINT: storage-publiclink:9178 + + STORAGE_AUTH_BASIC_ENDPOINT: storage-authbasic:9146 + STORAGE_AUTH_BEARER_ENDPOINT: storage-authbearer:9166 + STORAGE_AUTH_MACHINE_ENDPOINT: storage-authmachine:9148 + + STORAGE_SHARING_ENDPOINT: storage-sharing:9150 + + STORAGE_GROUPPROVIDER_ENDPOINT: storage-groupprovider:9160 + STORAGE_USERPROVIDER_ENDPOINT: storage-userprovider:9144 + + STORAGE_FRONTEND_PUBLIC_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} + + STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} + STORAGE_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + logging: + driver: "local" + restart: always volumes: - certs: - ocis-data: - minio-data: + traefik-certs: null + ocis-settings: null + ocis-store: null + ocis-storage-metadata: null + ocis-storage-users: null + ocis-storage-sharing: null networks: - ocis-net: + ocis-net: null From c11d4bf2e877deaae7ea54f830db240f70a01afe Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Thu, 16 Dec 2021 10:57:26 +0100 Subject: [PATCH 03/17] trim trailing whitespaces --- .../docker-compose.yml | 44 +++++++++---------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/deployments/examples/ocis_individual_services/docker-compose.yml b/deployments/examples/ocis_individual_services/docker-compose.yml index 37cacf1291d..768ee77a8f5 100644 --- a/deployments/examples/ocis_individual_services/docker-compose.yml +++ b/deployments/examples/ocis_individual_services/docker-compose.yml @@ -103,7 +103,7 @@ services: ACCOUNTS_HTTP_ADDR: 0.0.0.0:9181 ACCOUNTS_GRPC_ADDR: 0.0.0.0:9180 - + ACCOUNTS_STORAGE_BACKEND: cs3 ACCOUNTS_STORAGE_CS3_PROVIDER_ADDR: storage-metadata:9215 # TODO: remove one of those two jwt secrets @@ -130,7 +130,7 @@ services: GLAUTH_LDAP_ADDR: 0.0.0.0:9125 GLAUTH_LDAPS_ADDR: 0.0.0.0:9126 - + GLAUTH_BACKEND_INSECURE: "true" #TODO: insecure logging: driver: "local" @@ -366,7 +366,7 @@ services: #TODO: for metadata this is a totally different JWT secret OCIS_JWT_SECRET: ${OCIS_METADATA_JWT_SECRET:-Pive-Fumkiu4} STORAGE_JWT_SECRET: ${OCIS_METADATA_JWT_SECRET:-Pive-Fumkiu4} - + #TODO: is this even needed for metadata STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} @@ -393,7 +393,7 @@ services: OCIS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" - + STORAGE_AUTH_BASIC_GRPC_ADDR: 0.0.0.0:9146 STORAGE_AUTH_BASIC_ENDPOINT: storage-authbasic:9146 @@ -417,7 +417,7 @@ services: OCIS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" - + STORAGE_AUTH_MACHINE_GRPC_ADDR: 0.0.0.0:9148 STORAGE_AUTH_MACHINE_ENDPOINT: storage-authmachine:9148 @@ -441,7 +441,7 @@ services: OCIS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" - + STORAGE_AUTH_BEARER_GRPC_ADDR: 0.0.0.0:9166 STORAGE_AUTH_BEARER_ENDPOINT: storage-authbearer:9166 @@ -465,7 +465,7 @@ services: OCIS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" - + STORAGE_HOME_DATAPROVIDER_INSECURE: "true" #TODO: insecure STORAGE_HOME_DRIVER: ocis #TODO use s3? @@ -474,7 +474,7 @@ services: STORAGE_HOME_GRPC_ADDR: 0.0.0.0:9154 STORAGE_HOME_HTTP_ADDR: 0.0.0.0:9155 - STORAGE_HOME_DATA_SERVER_URL: http://storage-home:9155/data + STORAGE_HOME_DATA_SERVER_URL: http://storage-home:9155/data STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} STORAGE_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} @@ -500,7 +500,7 @@ services: OCIS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" - + STORAGE_USERS_DATAPROVIDER_INSECURE: "true" #TODO: insecure STORAGE_USERS_DRIVER: ocis #TODO use s3? @@ -509,7 +509,7 @@ services: STORAGE_USERS_GRPC_ADDR: 0.0.0.0:9157 STORAGE_USERS_HTTP_ADDR: 0.0.0.0:9158 - STORAGE_USERS_DATA_SERVER_URL: http://storage-users:9158/data + STORAGE_USERS_DATA_SERVER_URL: http://storage-users:9158/data STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} STORAGE_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} @@ -518,7 +518,7 @@ services: - "ocis-storage-users:/var/lib/ocis" #TODO /storage/users" logging: driver: "local" - restart: always + restart: always storage-publiclink: image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} @@ -534,7 +534,7 @@ services: OCIS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" - + STORAGE_PUBLIC_LINK_ENDPOINT: storage-publiclink:9178 STORAGE_PUBLIC_GRPC_ADDR: 0.0.0.0:9178 @@ -542,7 +542,7 @@ services: REVA_GATEWAY: storage-gateway:9142 logging: driver: "local" - restart: always + restart: always storage-sharing: image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} @@ -558,7 +558,7 @@ services: OCIS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" - + STORAGE_SHARING_ENDPOINT: storage-sharing:9150 STORAGE_SHARING_GRPC_ADDR: 0.0.0.0:9150 @@ -574,8 +574,8 @@ services: - "ocis-storage-sharing:/var/lib/ocis" #TODO: /storage/sharing/" logging: driver: "local" - restart: always - + restart: always + storage-userprovider: image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} deploy: @@ -590,7 +590,7 @@ services: OCIS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" - + STORAGE_USERPROVIDER_ENDPOINT: storage-userprovider:9144 STORAGE_USERPROVIDER_ADDR: 0.0.0.0:9144 # TODO: should reflect this is GRPC @@ -607,7 +607,7 @@ services: logging: driver: "local" restart: always - + storage-groupprovider: image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} deploy: @@ -622,7 +622,7 @@ services: OCIS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" - + STORAGE_GROUPPROVIDER_ENDPOINT: storage-groupprovider:9160 STORAGE_GROUPPROVIDER_ADDR: 0.0.0.0:9160 #TODO: name should reflect this is GRPC @@ -639,7 +639,7 @@ services: logging: driver: "local" restart: always - + storage-frontend: image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} deploy: @@ -691,7 +691,7 @@ services: OCIS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" - + STORAGE_GATEWAY_GRPC_ADDR: 0.0.0.0:9142 REVA_GATEWAY: storage-gateway:9142 @@ -709,7 +709,7 @@ services: STORAGE_AUTH_MACHINE_ENDPOINT: storage-authmachine:9148 STORAGE_SHARING_ENDPOINT: storage-sharing:9150 - + STORAGE_GROUPPROVIDER_ENDPOINT: storage-groupprovider:9160 STORAGE_USERPROVIDER_ENDPOINT: storage-userprovider:9144 From b4c7aa45c633411d060f82f0aa070926b2ea1790 Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Thu, 16 Dec 2021 10:58:07 +0100 Subject: [PATCH 04/17] format docker-compose --- .../ocis_individual_services/docker-compose.yml | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/deployments/examples/ocis_individual_services/docker-compose.yml b/deployments/examples/ocis_individual_services/docker-compose.yml index 768ee77a8f5..d197350c9fe 100644 --- a/deployments/examples/ocis_individual_services/docker-compose.yml +++ b/deployments/examples/ocis_individual_services/docker-compose.yml @@ -11,7 +11,8 @@ services: command: - "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}" # letsencrypt configuration - - "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-example@example.org}" + - "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-example@e\ + xample.org}" - "--certificatesResolvers.http.acme.storage=/certs/acme.json" - "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http" # enable dashboard @@ -32,9 +33,11 @@ services: - "traefik-certs:/certs" labels: - "traefik.enable=${TRAEFIK_DASHBOARD:-false}" - - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$$apr1$$4vqie50r$$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin + - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_\ + AUTH_USERS:-admin:$$apr1$$4vqie50r$$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin - "traefik.http.routers.traefik.entrypoints=https" - - "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)" + - "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.ownc\ + loud.test}`)" - "traefik.http.routers.traefik.middlewares=traefik-auth" - "traefik.http.routers.traefik.tls.certresolver=http" - "traefik.http.routers.traefik.service=api@internal" @@ -78,7 +81,8 @@ services: labels: - "traefik.enable=true" - "traefik.http.routers.ocis.entrypoints=https" - - "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)" + - "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test\ + }`)" - "traefik.http.routers.ocis.tls.certresolver=http" - "traefik.http.routers.ocis.service=ocis" - "traefik.http.services.ocis.loadbalancer.server.port=9200" @@ -261,7 +265,7 @@ services: # optional shared thumbnail cache between services volumes: - - "ocis-settings:/var/lib/ocis" #TODO /thumbnails" + - "ocis-settings:/var/lib/ocis" #TODO /thumbnails" logging: driver: "local" restart: always @@ -290,7 +294,6 @@ services: driver: "local" restart: always - # TODO: this webdav service handles only thumbnails webdav: image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} From 32c8d9e0a28cb858dd11b3d3b3eef4d674643e0a Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Thu, 16 Dec 2021 13:31:44 +0100 Subject: [PATCH 05/17] fix public links and change insecure options --- .../examples/ocis_individual_services/.env | 2 ++ .../docker-compose.yml | 28 ++++++++++--------- 2 files changed, 17 insertions(+), 13 deletions(-) diff --git a/deployments/examples/ocis_individual_services/.env b/deployments/examples/ocis_individual_services/.env index e80d98594ae..459ab19a6ec 100644 --- a/deployments/examples/ocis_individual_services/.env +++ b/deployments/examples/ocis_individual_services/.env @@ -22,6 +22,8 @@ OCIS_LOG_PRETTY= OCIS_LOG_COLOR= OCIS_LOG_LEVEL= +OCIS_BASIC_AUTH=true + OCIS_SCALE=1 OCIS_JWT_SECRET=foobaz diff --git a/deployments/examples/ocis_individual_services/docker-compose.yml b/deployments/examples/ocis_individual_services/docker-compose.yml index d197350c9fe..07ab07edc65 100644 --- a/deployments/examples/ocis_individual_services/docker-compose.yml +++ b/deployments/examples/ocis_individual_services/docker-compose.yml @@ -62,7 +62,7 @@ services: PROXY_TLS: "false" # do not use SSL between Traefik and oCIS - PROXY_ENABLE_BASIC_AUTH: "true" #TODO: only for testing purposes + PROXY_ENABLE_BASIC_AUTH: "${OCIS_BASIC_AUTH:-false}" REVA_GATEWAY: storage-gateway:9142 @@ -70,7 +70,7 @@ services: PROXY_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} PROXY_INSECURE_BACKENDS: false - PROXY_OIDC_INSECURE: "true" #TODO: insecure + PROXY_OIDC_INSECURE: "${INSECURE:-false}" PROXY_OIDC_ISSUER: https://${OCIS_DOMAIN:-ocis.owncloud.test} PROXY_AUTOPROVISION_ACCOUNTS: "true" @@ -135,7 +135,7 @@ services: GLAUTH_LDAP_ADDR: 0.0.0.0:9125 GLAUTH_LDAPS_ADDR: 0.0.0.0:9126 - GLAUTH_BACKEND_INSECURE: "true" #TODO: insecure + GLAUTH_BACKEND_INSECURE: "true" # TODO: is there a way around it? logging: driver: "local" restart: always @@ -162,7 +162,7 @@ services: #IDP_LDAP_BIND_PASSWORD: IDP_ISS: https://${OCIS_DOMAIN:-ocis.owncloud.test} - IDP_INSECURE: true #TODO: insecure + IDP_INSECURE: "${INSECURE:-false}" logging: driver: "local" restart: always @@ -260,7 +260,7 @@ services: THUMBNAILS_GRPC_ADDR: 0.0.0.0:9185 - THUMBNAILS_CS3SOURCE_INSECURE: "true" #TODO: insecure + THUMBNAILS_CS3SOURCE_INSECURE: "true" #TODO: is there a way around it? REVA_GATEWAY: storage-gateway:9142 # optional shared thumbnail cache between services @@ -360,7 +360,7 @@ services: OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" - STORAGE_HOME_DATAPROVIDER_INSECURE: "true" #TODO: insecure + STORAGE_HOME_DATAPROVIDER_INSECURE: "${INSECURE:-false}" STORAGE_METADATA_GRPC_PROVIDER_ADDR: 0.0.0.0:9215 STORAGE_METADATA_HTTP_ADDR: 0.0.0.0:9216 @@ -469,7 +469,7 @@ services: OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" - STORAGE_HOME_DATAPROVIDER_INSECURE: "true" #TODO: insecure + STORAGE_HOME_DATAPROVIDER_INSECURE: "${INSECURE:-false}" STORAGE_HOME_DRIVER: ocis #TODO use s3? @@ -504,7 +504,7 @@ services: OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" - STORAGE_USERS_DATAPROVIDER_INSECURE: "true" #TODO: insecure + STORAGE_USERS_DATAPROVIDER_INSECURE: "${INSECURE:-false}" STORAGE_USERS_DRIVER: ocis #TODO use s3? @@ -539,7 +539,7 @@ services: OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" STORAGE_PUBLIC_LINK_ENDPOINT: storage-publiclink:9178 - STORAGE_PUBLIC_GRPC_ADDR: 0.0.0.0:9178 + STORAGE_PUBLIC_LINK_GRPC_ADDR: 0.0.0.0:9178 STORAGE_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} REVA_GATEWAY: storage-gateway:9142 @@ -600,7 +600,7 @@ services: STORAGE_USERPROVIDER_DRIVER: ldap STORAGE_LDAP_HOSTNAME: glauth STORAGE_LDAP_PORT: 9126 - STORAGE_LDAP_INSECURE: "true" #TODO: insecure + STORAGE_LDAP_INSECURE: "true" #TODO trust the certificate of the ldap server #STORAGE_LDAP_BIND_DN: #STORAGE_LDAP_BIND_PASSWORD: STORAGE_LDAP_IDP: https://${OCIS_DOMAIN:-ocis.owncloud.test} @@ -632,7 +632,7 @@ services: STORAGE_GROUPPROVIDER_DRIVER: ldap STORAGE_LDAP_HOSTNAME: glauth STORAGE_LDAP_PORT: 9126 - STORAGE_LDAP_INSECURE: "true" #TODO: insecure + STORAGE_LDAP_INSECURE: "true" #TODO trust the certificate of the ldap server #STORAGE_LDAP_BIND_DN: #STORAGE_LDAP_BIND_PASSWORD: STORAGE_LDAP_IDP: https://${OCIS_DOMAIN:-ocis.owncloud.test} @@ -705,7 +705,8 @@ services: STORAGE_HOME_ENDPOINT: storage-home:9154 STORAGE_USERS_ENDPOINT: storage-users:9157 - STORAGE_PUBLIC_LINK_ENDPOINT: storage-publiclink:9178 + + STORAGE_PUBLIC_LINK_ENDPOINT: storage-publiclink:9178 #TODO: this serves a auth and storage provider!? STORAGE_AUTH_BASIC_ENDPOINT: storage-authbasic:9146 STORAGE_AUTH_BEARER_ENDPOINT: storage-authbearer:9166 @@ -733,4 +734,5 @@ volumes: ocis-storage-sharing: null networks: - ocis-net: null + ocis-net: + external: true From 10ce2154993b0df8686d47502572bba407f06468 Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Fri, 17 Dec 2021 17:58:17 +0100 Subject: [PATCH 06/17] update comments --- .../ocis_individual_services/docker-compose.yml | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/deployments/examples/ocis_individual_services/docker-compose.yml b/deployments/examples/ocis_individual_services/docker-compose.yml index 07ab07edc65..85b1ea16431 100644 --- a/deployments/examples/ocis_individual_services/docker-compose.yml +++ b/deployments/examples/ocis_individual_services/docker-compose.yml @@ -99,7 +99,7 @@ services: entrypoint: - ocis - accounts - - server #TODO: change bind users' passwords + - servqer #TODO: change bind users' passwords environment: ACCOUNTS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" ACCOUNTS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" @@ -108,10 +108,14 @@ services: ACCOUNTS_HTTP_ADDR: 0.0.0.0:9181 ACCOUNTS_GRPC_ADDR: 0.0.0.0:9180 + #TODO: make resolving of settings service use DNS instead of mDNS + # com.owncloud.api.settings + # https://github.com/asim/go-micro/tree/master/plugins/selector/static + + ACCOUNTS_JWT_SECRET: ${OCIS_METADATA_JWT_SECRET:-Pive-Fumkiu4} + ACCOUNTS_STORAGE_BACKEND: cs3 ACCOUNTS_STORAGE_CS3_PROVIDER_ADDR: storage-metadata:9215 - # TODO: remove one of those two jwt secrets - ACCOUNTS_JWT_SECRET: ${OCIS_METADATA_JWT_SECRET:-Pive-Fumkiu4} ACCOUNTS_STORAGE_CS3_JWT_SECRET: ${OCIS_METADATA_JWT_SECRET:-Pive-Fumkiu4} logging: driver: "local" @@ -215,6 +219,7 @@ services: SETTINGS_GRPC_ADDR: 0.0.0.0:9191 SETTINGS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + #TODO: settings should use the store!? volumes: - "ocis-settings:/var/lib/ocis" #TODO: /settings" logging: @@ -237,6 +242,7 @@ services: STORE_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" STORE_GRPC_ADDR: 0.0.0.0:9460 + # TODO: what is the store used for? volumes: - "ocis-settings:/var/lib/ocis" #TODO: /store" logging: From 246d0d29b81337805781bace1eb611ec8759ba4c Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Thu, 13 Jan 2022 10:35:36 +0100 Subject: [PATCH 07/17] use latest ocis --- deployments/examples/ocis_individual_services/.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployments/examples/ocis_individual_services/.env b/deployments/examples/ocis_individual_services/.env index 459ab19a6ec..10028a9c7c9 100644 --- a/deployments/examples/ocis_individual_services/.env +++ b/deployments/examples/ocis_individual_services/.env @@ -14,7 +14,7 @@ TRAEFIK_ACME_MAIL= ### oCIS settings ### # oCIS version. Defaults to "latest" -OCIS_DOCKER_TAG=dev +OCIS_DOCKER_TAG= # Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test" OCIS_DOMAIN= From d21c6d364f11ee7e9a146492671752e767993207 Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Mon, 24 Jan 2022 12:19:13 +0100 Subject: [PATCH 08/17] adapt to edge --- .../examples/ocis_individual_services/.env | 8 +++--- .../docker-compose.yml | 26 ++++++++----------- .../docker-compose-additions.yml | 6 +++-- 3 files changed, 19 insertions(+), 21 deletions(-) diff --git a/deployments/examples/ocis_individual_services/.env b/deployments/examples/ocis_individual_services/.env index 10028a9c7c9..71ce54e142e 100644 --- a/deployments/examples/ocis_individual_services/.env +++ b/deployments/examples/ocis_individual_services/.env @@ -18,13 +18,13 @@ OCIS_DOCKER_TAG= # Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test" OCIS_DOMAIN= -OCIS_LOG_PRETTY= -OCIS_LOG_COLOR= -OCIS_LOG_LEVEL= +OCIS_LOG_PRETTY=true +OCIS_LOG_COLOR=true +OCIS_LOG_LEVEL=debug OCIS_BASIC_AUTH=true -OCIS_SCALE=1 +OCIS_SCALE=3 OCIS_JWT_SECRET=foobaz diff --git a/deployments/examples/ocis_individual_services/docker-compose.yml b/deployments/examples/ocis_individual_services/docker-compose.yml index 85b1ea16431..cff42794310 100644 --- a/deployments/examples/ocis_individual_services/docker-compose.yml +++ b/deployments/examples/ocis_individual_services/docker-compose.yml @@ -99,7 +99,7 @@ services: entrypoint: - ocis - accounts - - servqer #TODO: change bind users' passwords + - server #TODO: change bind users' passwords environment: ACCOUNTS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" ACCOUNTS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" @@ -366,6 +366,7 @@ services: OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + #TODO: what's that? STORAGE_HOME_DATAPROVIDER_INSECURE: "${INSECURE:-false}" STORAGE_METADATA_GRPC_PROVIDER_ADDR: 0.0.0.0:9215 @@ -460,7 +461,7 @@ services: driver: "local" restart: always - storage-home: + storage-shares: image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} deploy: replicas: 1 @@ -468,29 +469,24 @@ services: ocis-net: null entrypoint: - ocis - - storage-home + - storage-shares - server environment: OCIS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" - STORAGE_HOME_DATAPROVIDER_INSECURE: "${INSECURE:-false}" - - STORAGE_HOME_DRIVER: ocis #TODO use s3? - - STORAGE_HOME_ENDPOINT: storage-home:9154 - STORAGE_HOME_GRPC_ADDR: 0.0.0.0:9154 + STORAGE_SHARES_ENDPOINT: storage-shares:9154 + STORAGE_SHARES_GRPC_ADDR: 0.0.0.0:9154 - STORAGE_HOME_HTTP_ADDR: 0.0.0.0:9155 - STORAGE_HOME_DATA_SERVER_URL: http://storage-home:9155/data + # TODO: is this even needed? + #STORAGE_SHARES_HTTP_ADDR: 0.0.0.0:9155 STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} STORAGE_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} REVA_GATEWAY: storage-gateway:9142 - volumes: - # TODO: this is a shared volume with storage-users - - "ocis-storage-users:/var/lib/ocis" #TODO /storage/users" + #volumes: + # TODO: volume needed? logging: driver: "local" restart: always @@ -709,7 +705,6 @@ services: # TODO: check connection pool in REVA - STORAGE_HOME_ENDPOINT: storage-home:9154 STORAGE_USERS_ENDPOINT: storage-users:9157 STORAGE_PUBLIC_LINK_ENDPOINT: storage-publiclink:9178 #TODO: this serves a auth and storage provider!? @@ -718,6 +713,7 @@ services: STORAGE_AUTH_BEARER_ENDPOINT: storage-authbearer:9166 STORAGE_AUTH_MACHINE_ENDPOINT: storage-authmachine:9148 + STORAGE_SHARES_ENDPOINT: storage-shares:9154 STORAGE_SHARING_ENDPOINT: storage-sharing:9150 STORAGE_GROUPPROVIDER_ENDPOINT: storage-groupprovider:9160 diff --git a/deployments/examples/ocis_individual_services/monitoring_tracing/docker-compose-additions.yml b/deployments/examples/ocis_individual_services/monitoring_tracing/docker-compose-additions.yml index a077eda65d3..0df6395103e 100644 --- a/deployments/examples/ocis_individual_services/monitoring_tracing/docker-compose-additions.yml +++ b/deployments/examples/ocis_individual_services/monitoring_tracing/docker-compose-additions.yml @@ -2,10 +2,12 @@ version: "3.7" services: + # TODO: split this into the respective services ocis: environment: # tracing OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger OCIS_TRACING_ENDPOINT: jaeger-agent:6831 # metrics APP_PROVIDER_DEBUG_ADDR: 0.0.0.0:9165 @@ -22,12 +24,12 @@ services: STORAGE_FRONTEND_DEBUG_ADDR: 0.0.0.0:9141 STORAGE_GATEWAY_DEBUG_ADDR: 0.0.0.0:9143 STORAGE_GROUPPROVIDER_DEBUG_ADDR: 0.0.0.0:9161 - STORAGE_HOME_DEBUG_ADDR: 0.0.0.0:9156 STORAGE_METADATA_DEBUG_ADDR: 0.0.0.0:9217 STORAGE_PUBLIC_LINK_DEBUG_ADDR: 0.0.0.0:9179 + STORAGE_SHARES_DEBUG_ADDR: 0.0.0.0:9156 + STORAGE_SHARING_DEBUG_ADDR: 0.0.0.0:9151 STORAGE_USERPROVIDER_DEBUG_ADDR: 0.0.0.0:9145 STORAGE_USERS_DEBUG_ADDR: 0.0.0.0:9159 - STORAGE_SHARING_DEBUG_ADDR: 0.0.0.0:9151 STORE_DEBUG_ADDR: 0.0.0.0:9464 THUMBNAILS_DEBUG_ADDR: 0.0.0.0:9189 WEB_DEBUG_ADDR: 0.0.0.0:9104 From 0d7fee8ed52969021544f0a3e5f46c53e459af0b Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Mon, 24 Jan 2022 13:19:39 +0100 Subject: [PATCH 09/17] fix sharing --- deployments/examples/ocis_individual_services/.env | 4 ++-- .../ocis_individual_services/docker-compose.yml | 10 ++++------ 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/deployments/examples/ocis_individual_services/.env b/deployments/examples/ocis_individual_services/.env index 71ce54e142e..01ebb3fb205 100644 --- a/deployments/examples/ocis_individual_services/.env +++ b/deployments/examples/ocis_individual_services/.env @@ -20,11 +20,11 @@ OCIS_DOMAIN= OCIS_LOG_PRETTY=true OCIS_LOG_COLOR=true -OCIS_LOG_LEVEL=debug +OCIS_LOG_LEVEL=warn OCIS_BASIC_AUTH=true -OCIS_SCALE=3 +OCIS_SCALE=1 OCIS_JWT_SECRET=foobaz diff --git a/deployments/examples/ocis_individual_services/docker-compose.yml b/deployments/examples/ocis_individual_services/docker-compose.yml index cff42794310..a2192916947 100644 --- a/deployments/examples/ocis_individual_services/docker-compose.yml +++ b/deployments/examples/ocis_individual_services/docker-compose.yml @@ -68,7 +68,7 @@ services: PROXY_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} PROXY_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} - PROXY_INSECURE_BACKENDS: false + PROXY_INSECURE_BACKENDS: "false" PROXY_OIDC_INSECURE: "${INSECURE:-false}" PROXY_OIDC_ISSUER: https://${OCIS_DOMAIN:-ocis.owncloud.test} @@ -319,6 +319,7 @@ services: WEBDAV_HTTP_ADDR: 0.0.0.0:9115 OCIS_PUBLIC_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} + REVA_GATEWAY: storage-gateway:9142 logging: driver: "local" restart: always @@ -464,7 +465,7 @@ services: storage-shares: image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} deploy: - replicas: 1 + replicas: ${OCIS_SCALE:-1} networks: ocis-net: null entrypoint: @@ -479,14 +480,11 @@ services: STORAGE_SHARES_ENDPOINT: storage-shares:9154 STORAGE_SHARES_GRPC_ADDR: 0.0.0.0:9154 - # TODO: is this even needed? - #STORAGE_SHARES_HTTP_ADDR: 0.0.0.0:9155 + STORAGE_SHARING_ENDPOINT: storage-sharing:9150 STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} STORAGE_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} REVA_GATEWAY: storage-gateway:9142 - #volumes: - # TODO: volume needed? logging: driver: "local" restart: always From d2467c03b493a99820a1790958913761ef8e3a5e Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Mon, 24 Jan 2022 14:03:48 +0100 Subject: [PATCH 10/17] format proxy config --- .../config/proxy.json | 204 +++++++++--------- 1 file changed, 102 insertions(+), 102 deletions(-) diff --git a/deployments/examples/ocis_individual_services/config/proxy.json b/deployments/examples/ocis_individual_services/config/proxy.json index 5775c4dcacc..3874ceff194 100644 --- a/deployments/examples/ocis_individual_services/config/proxy.json +++ b/deployments/examples/ocis_individual_services/config/proxy.json @@ -1,103 +1,103 @@ { - "HTTP": { - "Namespace": "com.owncloud" - }, - "policy_selector": { - "static": { - "policy": "ocis" - } - }, - "policies": [ - { - "name": "ocis", - "routes": [ - { - "endpoint": "/", - "backend": "http://web:9100" - }, - { - "endpoint": "/.well-known/", - "backend": "http://idp:9130" - }, - { - "endpoint": "/konnect/", - "backend": "http://idp:9130" - }, - { - "endpoint": "/signin/", - "backend": "http://idp:9130" - }, - { - "type": "regex", - "endpoint": "/ocs/v[12].php/cloud/(users?|groups)", - "backend": "http://ocs:9110" - }, - { - "endpoint": "/ocs/", - "backend": "http://storage-frontend:9140" - }, - { - "type": "query", - "endpoint": "/remote.php/?preview=1", - "backend": "http://webdav:9115" - }, - { - "endpoint": "/remote.php/", - "backend": "http://storage-frontend:9140" - }, - { - "endpoint": "/dav/", - "backend": "http://storage-frontend:9140" - }, - { - "endpoint": "/webdav/", - "backend": "http://storage-frontend:9140" - }, - { - "endpoint": "/status.php", - "backend": "http://storage-frontend:9140" - }, - { - "endpoint": "/index.php/", - "backend": "http://storage-frontend:9140" - }, - { - "endpoint": "/data", - "backend": "http://storage-frontend:9140" - }, - { - "endpoint": "/app/", - "backend": "http://storage-frontend:9140" - }, - { - "endpoint": "/archiver", - "backend": "http://storage-frontend:9140" - }, - { - "endpoint": "/graph/", - "backend": "http://graph:9120" - }, - { - "endpoint": "/graph-explorer/", - "backend": "http://graph-explorer:9135" - }, - { - "endpoint": "/api/v0/accounts", - "backend": "http://accounts:9181" - }, - { - "endpoint": "/accounts.js", - "backend": "http://accounts:9181" - }, - { - "endpoint": "/api/v0/settings", - "backend": "http://settings:9190" - }, - { - "endpoint": "/settings.js", - "backend": "http://settings:9190" - } - ] - } - ] - } \ No newline at end of file + "HTTP": { + "Namespace": "com.owncloud" + }, + "policy_selector": { + "static": { + "policy": "ocis" + } + }, + "policies": [ + { + "name": "ocis", + "routes": [ + { + "endpoint": "/", + "backend": "http://web:9100" + }, + { + "endpoint": "/.well-known/", + "backend": "http://idp:9130" + }, + { + "endpoint": "/konnect/", + "backend": "http://idp:9130" + }, + { + "endpoint": "/signin/", + "backend": "http://idp:9130" + }, + { + "type": "regex", + "endpoint": "/ocs/v[12].php/cloud/(users?|groups)", + "backend": "http://ocs:9110" + }, + { + "endpoint": "/ocs/", + "backend": "http://storage-frontend:9140" + }, + { + "type": "query", + "endpoint": "/remote.php/?preview=1", + "backend": "http://webdav:9115" + }, + { + "endpoint": "/remote.php/", + "backend": "http://storage-frontend:9140" + }, + { + "endpoint": "/dav/", + "backend": "http://storage-frontend:9140" + }, + { + "endpoint": "/webdav/", + "backend": "http://storage-frontend:9140" + }, + { + "endpoint": "/status.php", + "backend": "http://storage-frontend:9140" + }, + { + "endpoint": "/index.php/", + "backend": "http://storage-frontend:9140" + }, + { + "endpoint": "/data", + "backend": "http://storage-frontend:9140" + }, + { + "endpoint": "/app/", + "backend": "http://storage-frontend:9140" + }, + { + "endpoint": "/archiver", + "backend": "http://storage-frontend:9140" + }, + { + "endpoint": "/graph/", + "backend": "http://graph:9120" + }, + { + "endpoint": "/graph-explorer/", + "backend": "http://graph-explorer:9135" + }, + { + "endpoint": "/api/v0/accounts", + "backend": "http://accounts:9181" + }, + { + "endpoint": "/accounts.js", + "backend": "http://accounts:9181" + }, + { + "endpoint": "/api/v0/settings", + "backend": "http://settings:9190" + }, + { + "endpoint": "/settings.js", + "backend": "http://settings:9190" + } + ] + } + ] +} \ No newline at end of file From 07da125bddfb85dec9b1d81a4530967f4bbe6fd8 Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Wed, 26 Jan 2022 09:14:56 +0100 Subject: [PATCH 11/17] reorder stuff --- .../docker-compose.yml | 22 ++++++++----------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/deployments/examples/ocis_individual_services/docker-compose.yml b/deployments/examples/ocis_individual_services/docker-compose.yml index a2192916947..1cb00194a0a 100644 --- a/deployments/examples/ocis_individual_services/docker-compose.yml +++ b/deployments/examples/ocis_individual_services/docker-compose.yml @@ -11,8 +11,7 @@ services: command: - "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}" # letsencrypt configuration - - "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-example@e\ - xample.org}" + - "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-example@example.org}" - "--certificatesResolvers.http.acme.storage=/certs/acme.json" - "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http" # enable dashboard @@ -33,11 +32,9 @@ services: - "traefik-certs:/certs" labels: - "traefik.enable=${TRAEFIK_DASHBOARD:-false}" - - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_\ - AUTH_USERS:-admin:$$apr1$$4vqie50r$$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin + - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$$apr1$$4vqie50r$$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin - "traefik.http.routers.traefik.entrypoints=https" - - "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.ownc\ - loud.test}`)" + - "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)" - "traefik.http.routers.traefik.middlewares=traefik-auth" - "traefik.http.routers.traefik.tls.certresolver=http" - "traefik.http.routers.traefik.service=api@internal" @@ -182,20 +179,19 @@ services: - ocs - server environment: - OCIS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" OCS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" OCS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" OCS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" OCS_HTTP_ADDR: 0.0.0.0:9110 - OCS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} OCS_ACCOUNT_BACKEND_TYPE: accounts + OCS_IDM_ADDRESS: https://${OCIS_DOMAIN:-ocis.owncloud.test} - REVA_GATEWAY: storage-gateway:9142 + OCS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} OCS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} - OCS_IDM_ADDRESS: https://${OCIS_DOMAIN:-ocis.owncloud.test} + REVA_GATEWAY: storage-gateway:9142 logging: driver: "local" restart: always @@ -477,8 +473,8 @@ services: OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" - STORAGE_SHARES_ENDPOINT: storage-shares:9154 STORAGE_SHARES_GRPC_ADDR: 0.0.0.0:9154 + STORAGE_SHARES_ENDPOINT: storage-shares:9154 STORAGE_SHARING_ENDPOINT: storage-sharing:9150 @@ -508,8 +504,8 @@ services: STORAGE_USERS_DRIVER: ocis #TODO use s3? - STORAGE_USERS_ENDPOINT: storage-users:9157 STORAGE_USERS_GRPC_ADDR: 0.0.0.0:9157 + STORAGE_USERS_ENDPOINT: storage-users:9157 STORAGE_USERS_HTTP_ADDR: 0.0.0.0:9158 STORAGE_USERS_DATA_SERVER_URL: http://storage-users:9158/data @@ -567,7 +563,7 @@ services: # TODO: does this scale? STORAGE_SHARING_USER_DRIVER: json - STORAGE_SHARING_USER_JSON_FILE: /var/lib/ocis/storage/sharing/shares.json + STORAGE_SHARING_USER_JSON_FILE: /var/lib/ocis/storage/sharing/shares.json #TODO: enable subfolder to make volumes easier? STORAGE_SHARING_PUBLIC_DRIVER: json STORAGE_SHARING_PUBLIC_JSON_FILE: /var/lib/ocis/storage/sharing/publicshares.json From ec90e5b4e27e89e628b4a5071cb7236ed0e84eca Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Thu, 3 Feb 2022 16:57:18 +0100 Subject: [PATCH 12/17] remove todos and enable monitoring --- .../examples/ocis_individual_services/.env | 24 +-- .../config/accounts/entrypoint-override.sh | 24 +++ .../config/{ => proxy}/proxy.json | 0 .../docker-compose.yml | 95 ++++----- .../docker-compose-additions.yml | 196 ++++++++++++++++-- 5 files changed, 251 insertions(+), 88 deletions(-) create mode 100755 deployments/examples/ocis_individual_services/config/accounts/entrypoint-override.sh rename deployments/examples/ocis_individual_services/config/{ => proxy}/proxy.json (100%) diff --git a/deployments/examples/ocis_individual_services/.env b/deployments/examples/ocis_individual_services/.env index 01ebb3fb205..df4a4d90a45 100644 --- a/deployments/examples/ocis_individual_services/.env +++ b/deployments/examples/ocis_individual_services/.env @@ -17,18 +17,18 @@ TRAEFIK_ACME_MAIL= OCIS_DOCKER_TAG= # Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test" OCIS_DOMAIN= - -OCIS_LOG_PRETTY=true -OCIS_LOG_COLOR=true -OCIS_LOG_LEVEL=warn - -OCIS_BASIC_AUTH=true - -OCIS_SCALE=1 - -OCIS_JWT_SECRET=foobaz - -OCIS_MACHINE_AUTH_API_KEY=lorem123 +# IDP LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "idp". +IDP_LDAP_BIND_PASSWORD= +# Storage LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "reva". +STORAGE_LDAP_BIND_PASSWORD= +# JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4" +OCIS_JWT_SECRET= +# JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret" +STORAGE_TRANSFER_SECRET= +# Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please" +OCIS_MACHINE_AUTH_API_KEY= +# Number of services to run for extensions, that currently can be easily scaled. Defaults to 1. +OCIS_SCALE= # If you want to use debugging and tracing with this stack, # you need uncomment following line. Please see documentation at diff --git a/deployments/examples/ocis_individual_services/config/accounts/entrypoint-override.sh b/deployments/examples/ocis_individual_services/config/accounts/entrypoint-override.sh new file mode 100755 index 00000000000..4b890128c06 --- /dev/null +++ b/deployments/examples/ocis_individual_services/config/accounts/entrypoint-override.sh @@ -0,0 +1,24 @@ +#!/bin/sh + +set -e + +ocis accounts server& +sleep 10 + +echo "##################################################" +echo "change default secrets:" + +# IDP +IDP_USER_UUID=$(ocis accounts list | grep "| Kopano IDP " | egrep '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}' -o) +echo " IDP user UUID: $IDP_USER_UUID" +ocis accounts update --password $IDP_LDAP_BIND_PASSWORD $IDP_USER_UUID + +# REVA +REVA_USER_UUID=$(ocis accounts list | grep " | Reva Inter " | egrep '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}' -o) +echo " Reva user UUID: $REVA_USER_UUID" +ocis accounts update --password $STORAGE_LDAP_BIND_PASSWORD $REVA_USER_UUID + +echo "default secrets changed" +echo "##################################################" + +wait # wait for accounts service to exit diff --git a/deployments/examples/ocis_individual_services/config/proxy.json b/deployments/examples/ocis_individual_services/config/proxy/proxy.json similarity index 100% rename from deployments/examples/ocis_individual_services/config/proxy.json rename to deployments/examples/ocis_individual_services/config/proxy/proxy.json diff --git a/deployments/examples/ocis_individual_services/docker-compose.yml b/deployments/examples/ocis_individual_services/docker-compose.yml index 1cb00194a0a..e2cdea8ced5 100644 --- a/deployments/examples/ocis_individual_services/docker-compose.yml +++ b/deployments/examples/ocis_individual_services/docker-compose.yml @@ -59,8 +59,6 @@ services: PROXY_TLS: "false" # do not use SSL between Traefik and oCIS - PROXY_ENABLE_BASIC_AUTH: "${OCIS_BASIC_AUTH:-false}" - REVA_GATEWAY: storage-gateway:9142 PROXY_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} @@ -74,7 +72,7 @@ services: PROXY_HTTP_ADDR: 0.0.0.0:9200 volumes: - - "./config/proxy.json:/etc/ocis/proxy.json" #TODO: add config + - "./config/proxy/proxy.json:/etc/ocis/proxy.json" labels: - "traefik.enable=true" - "traefik.http.routers.ocis.entrypoints=https" @@ -94,9 +92,12 @@ services: networks: ocis-net: null entrypoint: - - ocis - - accounts - - server #TODO: change bind users' passwords + - /bin/sh + - /entrypoint-override.sh + #entrypoint: + # - ocis + # - accounts + # - server environment: ACCOUNTS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" ACCOUNTS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" @@ -105,15 +106,15 @@ services: ACCOUNTS_HTTP_ADDR: 0.0.0.0:9181 ACCOUNTS_GRPC_ADDR: 0.0.0.0:9180 - #TODO: make resolving of settings service use DNS instead of mDNS - # com.owncloud.api.settings - # https://github.com/asim/go-micro/tree/master/plugins/selector/static - - ACCOUNTS_JWT_SECRET: ${OCIS_METADATA_JWT_SECRET:-Pive-Fumkiu4} - ACCOUNTS_STORAGE_BACKEND: cs3 ACCOUNTS_STORAGE_CS3_PROVIDER_ADDR: storage-metadata:9215 - ACCOUNTS_STORAGE_CS3_JWT_SECRET: ${OCIS_METADATA_JWT_SECRET:-Pive-Fumkiu4} + + IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp} + STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva} + + ACCOUNTS_JWT_SECRET: ${OCIS_METADATA_JWT_SECRET:-Pive-Fumkiu4} + volumes: + - ./config/accounts/entrypoint-override.sh:/entrypoint-override.sh logging: driver: "local" restart: always @@ -136,7 +137,7 @@ services: GLAUTH_LDAP_ADDR: 0.0.0.0:9125 GLAUTH_LDAPS_ADDR: 0.0.0.0:9126 - GLAUTH_BACKEND_INSECURE: "true" # TODO: is there a way around it? + GLAUTH_BACKEND_INSECURE: "true" logging: driver: "local" restart: always @@ -159,8 +160,7 @@ services: IDP_HTTP_ADDR: 0.0.0.0:9130 IDP_LDAP_URI: ldap://glauth:9125 - #IDP_LDAP_BIND_DN: #TODO: change - #IDP_LDAP_BIND_PASSWORD: + IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp} IDP_ISS: https://${OCIS_DOMAIN:-ocis.owncloud.test} IDP_INSECURE: "${INSECURE:-false}" @@ -215,9 +215,8 @@ services: SETTINGS_GRPC_ADDR: 0.0.0.0:9191 SETTINGS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} - #TODO: settings should use the store!? volumes: - - "ocis-settings:/var/lib/ocis" #TODO: /settings" + - "ocis-settings:/var/lib/ocis" logging: driver: "local" restart: always @@ -238,9 +237,8 @@ services: STORE_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" STORE_GRPC_ADDR: 0.0.0.0:9460 - # TODO: what is the store used for? volumes: - - "ocis-settings:/var/lib/ocis" #TODO: /store" + - "ocis-settings:/var/lib/ocis" logging: driver: "local" restart: always @@ -262,12 +260,12 @@ services: THUMBNAILS_GRPC_ADDR: 0.0.0.0:9185 - THUMBNAILS_CS3SOURCE_INSECURE: "true" #TODO: is there a way around it? + THUMBNAILS_CS3SOURCE_INSECURE: "true" REVA_GATEWAY: storage-gateway:9142 - # optional shared thumbnail cache between services volumes: - - "ocis-settings:/var/lib/ocis" #TODO /thumbnails" + # optional shared thumbnail cache between services + - "ocis-settings:/var/lib/ocis" logging: driver: "local" restart: always @@ -296,7 +294,6 @@ services: driver: "local" restart: always - # TODO: this webdav service handles only thumbnails webdav: image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} deploy: @@ -346,8 +343,6 @@ services: driver: "local" restart: always - # TODO: add graph-explorer - storage-metadata: image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} deploy: @@ -359,29 +354,24 @@ services: - storage-metadata - server environment: - OCIS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" #TODO: storage services don't have a dedicated log setting + OCIS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" - #TODO: what's that? STORAGE_HOME_DATAPROVIDER_INSECURE: "${INSECURE:-false}" STORAGE_METADATA_GRPC_PROVIDER_ADDR: 0.0.0.0:9215 STORAGE_METADATA_HTTP_ADDR: 0.0.0.0:9216 STORAGE_METADATA_DATA_SERVER_URL: http://storage-metadata:9216/data - #TODO: for metadata this is a totally different JWT secret - OCIS_JWT_SECRET: ${OCIS_METADATA_JWT_SECRET:-Pive-Fumkiu4} STORAGE_JWT_SECRET: ${OCIS_METADATA_JWT_SECRET:-Pive-Fumkiu4} - - #TODO: is this even needed for metadata STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} - STORAGE_METADATA_DRIVER: ocis #TODO: switch to S3 ? + STORAGE_METADATA_DRIVER: ocis REVA_GATEWAY: storage-gateway:9142 volumes: - - "ocis-storage-metadata:/var/lib/ocis" #TODO: /storage/metadata" + - "ocis-storage-metadata:/var/lib/ocis" logging: driver: "local" restart: always @@ -502,7 +492,7 @@ services: STORAGE_USERS_DATAPROVIDER_INSECURE: "${INSECURE:-false}" - STORAGE_USERS_DRIVER: ocis #TODO use s3? + STORAGE_USERS_DRIVER: ocis STORAGE_USERS_GRPC_ADDR: 0.0.0.0:9157 STORAGE_USERS_ENDPOINT: storage-users:9157 @@ -514,7 +504,7 @@ services: STORAGE_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} REVA_GATEWAY: storage-gateway:9142 volumes: - - "ocis-storage-users:/var/lib/ocis" #TODO /storage/users" + - "ocis-storage-users:/var/lib/ocis" logging: driver: "local" restart: always @@ -561,16 +551,15 @@ services: STORAGE_SHARING_ENDPOINT: storage-sharing:9150 STORAGE_SHARING_GRPC_ADDR: 0.0.0.0:9150 - # TODO: does this scale? STORAGE_SHARING_USER_DRIVER: json - STORAGE_SHARING_USER_JSON_FILE: /var/lib/ocis/storage/sharing/shares.json #TODO: enable subfolder to make volumes easier? + STORAGE_SHARING_USER_JSON_FILE: /var/lib/ocis/storage/sharing/shares.json STORAGE_SHARING_PUBLIC_DRIVER: json STORAGE_SHARING_PUBLIC_JSON_FILE: /var/lib/ocis/storage/sharing/publicshares.json STORAGE_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} REVA_GATEWAY: storage-gateway:9142 volumes: - - "ocis-storage-sharing:/var/lib/ocis" #TODO: /storage/sharing/" + - "ocis-storage-sharing:/var/lib/ocis" logging: driver: "local" restart: always @@ -591,14 +580,13 @@ services: OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" STORAGE_USERPROVIDER_ENDPOINT: storage-userprovider:9144 - STORAGE_USERPROVIDER_ADDR: 0.0.0.0:9144 # TODO: should reflect this is GRPC + STORAGE_USERPROVIDER_ADDR: 0.0.0.0:9144 STORAGE_USERPROVIDER_DRIVER: ldap STORAGE_LDAP_HOSTNAME: glauth STORAGE_LDAP_PORT: 9126 - STORAGE_LDAP_INSECURE: "true" #TODO trust the certificate of the ldap server - #STORAGE_LDAP_BIND_DN: - #STORAGE_LDAP_BIND_PASSWORD: + STORAGE_LDAP_INSECURE: "true" + STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva} STORAGE_LDAP_IDP: https://${OCIS_DOMAIN:-ocis.owncloud.test} STORAGE_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} @@ -623,14 +611,13 @@ services: OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" STORAGE_GROUPPROVIDER_ENDPOINT: storage-groupprovider:9160 - STORAGE_GROUPPROVIDER_ADDR: 0.0.0.0:9160 #TODO: name should reflect this is GRPC + STORAGE_GROUPPROVIDER_ADDR: 0.0.0.0:9160 STORAGE_GROUPPROVIDER_DRIVER: ldap STORAGE_LDAP_HOSTNAME: glauth STORAGE_LDAP_PORT: 9126 - STORAGE_LDAP_INSECURE: "true" #TODO trust the certificate of the ldap server - #STORAGE_LDAP_BIND_DN: - #STORAGE_LDAP_BIND_PASSWORD: + STORAGE_LDAP_INSECURE: "true" + STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva} STORAGE_LDAP_IDP: https://${OCIS_DOMAIN:-ocis.owncloud.test} STORAGE_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} @@ -654,13 +641,6 @@ services: STORAGE_FRONTEND_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" STORAGE_FRONTEND_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" - # todo: split this up in multiple services: - # - appprovider - # - archiver - # - datagateway - # - ocdav - # - ocs - STORAGE_FRONTEND_APPPROVIDER_INSECURE: "true" STORAGE_FRONTEND_ARCHIVER_INSECURE: "true" STORAGE_FRONTEND_OCDAV_INSECURE: "true" @@ -695,13 +675,9 @@ services: REVA_GATEWAY: storage-gateway:9142 - # TODO: check naming of config options - - # TODO: check connection pool in REVA - STORAGE_USERS_ENDPOINT: storage-users:9157 - STORAGE_PUBLIC_LINK_ENDPOINT: storage-publiclink:9178 #TODO: this serves a auth and storage provider!? + STORAGE_PUBLIC_LINK_ENDPOINT: storage-publiclink:9178 STORAGE_AUTH_BASIC_ENDPOINT: storage-authbasic:9146 STORAGE_AUTH_BEARER_ENDPOINT: storage-authbearer:9166 @@ -712,6 +688,7 @@ services: STORAGE_GROUPPROVIDER_ENDPOINT: storage-groupprovider:9160 STORAGE_USERPROVIDER_ENDPOINT: storage-userprovider:9144 + STORAGE_PERMISSIONS_ENDPOINT: settings:9191 STORAGE_FRONTEND_PUBLIC_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} diff --git a/deployments/examples/ocis_individual_services/monitoring_tracing/docker-compose-additions.yml b/deployments/examples/ocis_individual_services/monitoring_tracing/docker-compose-additions.yml index 0df6395103e..21e2e23296a 100644 --- a/deployments/examples/ocis_individual_services/monitoring_tracing/docker-compose-additions.yml +++ b/deployments/examples/ocis_individual_services/monitoring_tracing/docker-compose-additions.yml @@ -2,38 +2,200 @@ version: "3.7" services: - # TODO: split this into the respective services - ocis: + proxy: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + PROXY_DEBUG_ADDR: 0.0.0.0:9205 + + accounts: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + + glauth: environment: # tracing OCIS_TRACING_ENABLED: "true" OCIS_TRACING_TYPE: jaeger OCIS_TRACING_ENDPOINT: jaeger-agent:6831 # metrics - APP_PROVIDER_DEBUG_ADDR: 0.0.0.0:9165 GLAUTH_DEBUG_ADDR: 0.0.0.0:9129 - GRAPH_DEBUG_ADDR: 0.0.0.0:9124 - GRAPH_EXPLORER_DEBUG_ADDR: 0.0.0.0:9136 + idp: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics IDP_DEBUG_ADDR: 0.0.0.0:9134 + ocs: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics OCS_DEBUG_ADDR: 0.0.0.0:9114 - PROXY_DEBUG_ADDR: 0.0.0.0:9205 + settings: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics SETTINGS_DEBUG_ADDR: 0.0.0.0:9194 + store: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + STORE_DEBUG_ADDR: 0.0.0.0:9464 + thumbnails: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + THUMBNAILS_DEBUG_ADDR: 0.0.0.0:9189 + web: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + WEB_DEBUG_ADDR: 0.0.0.0:9104 + webdav: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + WEBDAV_DEBUG_ADDR: 0.0.0.0:9119 + graph: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + GRAPH_DEBUG_ADDR: 0.0.0.0:9124 + #graph-explorer: + # environment: + # # tracing + # OCIS_TRACING_ENABLED: "true" + # OCIS_TRACING_TYPE: jaeger + # OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # # metrics + # GRAPH_EXPLORER_DEBUG_ADDR: 0.0.0.0:9136 + storage-metadata: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + STORAGE_METADATA_DEBUG_ADDR: 0.0.0.0:9217 + storage-authbasic: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics STORAGE_AUTH_BASIC_DEBUG_ADDR: 0.0.0.0:9147 - STORAGE_AUTH_BEARER_DEBUG_ADDR: 0.0.0.0:9149 + storage-authmachine: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics STORAGE_AUTH_MACHINE_DEBUG_ADDR: 0.0.0.0:9167 - STORAGE_FRONTEND_DEBUG_ADDR: 0.0.0.0:9141 - STORAGE_GATEWAY_DEBUG_ADDR: 0.0.0.0:9143 - STORAGE_GROUPPROVIDER_DEBUG_ADDR: 0.0.0.0:9161 - STORAGE_METADATA_DEBUG_ADDR: 0.0.0.0:9217 - STORAGE_PUBLIC_LINK_DEBUG_ADDR: 0.0.0.0:9179 + storage-authbearer: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + STORAGE_AUTH_BEARER_DEBUG_ADDR: 0.0.0.0:9149 + storage-shares: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics STORAGE_SHARES_DEBUG_ADDR: 0.0.0.0:9156 + storage-users: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + STORAGE_USERS_DEBUG_ADDR: 0.0.0.0:9159 + storage-publiclink: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + STORAGE_PUBLIC_LINK_DEBUG_ADDR: 0.0.0.0:9179 + storage-sharing: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics STORAGE_SHARING_DEBUG_ADDR: 0.0.0.0:9151 + storage-userprovider: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics STORAGE_USERPROVIDER_DEBUG_ADDR: 0.0.0.0:9145 - STORAGE_USERS_DEBUG_ADDR: 0.0.0.0:9159 - STORE_DEBUG_ADDR: 0.0.0.0:9464 - THUMBNAILS_DEBUG_ADDR: 0.0.0.0:9189 - WEB_DEBUG_ADDR: 0.0.0.0:9104 - WEBDAV_DEBUG_ADDR: 0.0.0.0:9119 + storage-groupprovider: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + STORAGE_GROUPPROVIDER_DEBUG_ADDR: 0.0.0.0:9161 + storage-frontend: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + STORAGE_FRONTEND_DEBUG_ADDR: 0.0.0.0:9141 + storage-gateway: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + STORAGE_GATEWAY_DEBUG_ADDR: 0.0.0.0:9143 + APP_PROVIDER_DEBUG_ADDR: 0.0.0.0:9165 networks: ocis-net: From b0d3d3beca65c0a9ea2e39758636199b270368e0 Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Thu, 3 Feb 2022 17:07:09 +0100 Subject: [PATCH 13/17] add deployment config --- .drone.star | 17 ++++--- .../oc10_ocis_parallel/latest.yml | 2 - .../ocis_hello/latest.yml | 2 - .../ocis_individual_services/latest.yml | 49 +++++++++++++++++++ .../ocis_keycloak/latest.yml | 2 - .../ocis_keycloak/released.yml | 2 - .../ocis_ldap/latest.yml | 2 - .../ocis_ldap/released.yml | 2 - .../ocis_s3/latest.yml | 2 - .../ocis_traefik/latest.yml | 2 - .../ocis_traefik/released.yml | 2 - .../ocis_wopi/latest.yml | 2 - .../ocis_wopi/released.yml | 2 - 13 files changed, 59 insertions(+), 29 deletions(-) create mode 100644 deployments/continuous-deployment-config/ocis_individual_services/latest.yml diff --git a/.drone.star b/.drone.star index f0f0991d8ef..21d91c1516d 100644 --- a/.drone.star +++ b/.drone.star @@ -1667,13 +1667,15 @@ def skipIfUnchanged(ctx, type): def example_deploys(ctx): latest_configs = [ - "ocis_ldap/latest.yml", - "ocis_keycloak/latest.yml", - "ocis_traefik/latest.yml", - "ocis_wopi/latest.yml", - "ocis_hello/latest.yml", - "ocis_s3/latest.yml", - "oc10_ocis_parallel/latest.yml", + # TODO: reenable + #"ocis_ldap/latest.yml", + #"ocis_keycloak/latest.yml", + #"ocis_traefik/latest.yml", + #"ocis_wopi/latest.yml", + #"ocis_hello/latest.yml", + #"ocis_s3/latest.yml", + #"oc10_ocis_parallel/latest.yml", + "ocis_individual_services/latest.yml", ] released_configs = [ "ocis_ldap/released.yml", @@ -1746,6 +1748,7 @@ def deploy(ctx, config, rebuild): "trigger": { "ref": [ "refs/heads/master", + "refs/heads/invidivial-services-deployment-example", #TODO: remove "refs/tags/v*", ], }, diff --git a/deployments/continuous-deployment-config/oc10_ocis_parallel/latest.yml b/deployments/continuous-deployment-config/oc10_ocis_parallel/latest.yml index 8f78eb26476..6d2cbb8a423 100644 --- a/deployments/continuous-deployment-config/oc10_ocis_parallel/latest.yml +++ b/deployments/continuous-deployment-config/oc10_ocis_parallel/latest.yml @@ -25,8 +25,6 @@ - https://github.com/kulmann.keys - https://github.com/micbar.keys - https://github.com/pascalwengerter.keys - - https://github.com/paulcod3.keys - - https://github.com/refs.keys - https://github.com/wkloucek.keys docker_compose_projects: - name: ocis diff --git a/deployments/continuous-deployment-config/ocis_hello/latest.yml b/deployments/continuous-deployment-config/ocis_hello/latest.yml index 04e58aa1407..d4b38625fb6 100644 --- a/deployments/continuous-deployment-config/ocis_hello/latest.yml +++ b/deployments/continuous-deployment-config/ocis_hello/latest.yml @@ -24,8 +24,6 @@ - https://github.com/kulmann.keys - https://github.com/micbar.keys - https://github.com/pascalwengerter.keys - - https://github.com/paulcod3.keys - - https://github.com/refs.keys - https://github.com/wkloucek.keys docker_compose_projects: - name: ocis diff --git a/deployments/continuous-deployment-config/ocis_individual_services/latest.yml b/deployments/continuous-deployment-config/ocis_individual_services/latest.yml new file mode 100644 index 00000000000..67ebfb680c5 --- /dev/null +++ b/deployments/continuous-deployment-config/ocis_individual_services/latest.yml @@ -0,0 +1,49 @@ +--- +- name: continuous-deployment-ocis-individual-services-latest + server: + server_type: cx31 + image: ubuntu-20.04 + location: nbg1 + initial_ssh_key_names: + - owncloud-ocis@drone.owncloud.com + labels: + owner: wkloucek + for: oCIS-continuous-deployment-examples + rebuild: $REBUILD + rebuild_carry_paths: + - /var/lib/docker/volumes/ocis_certs + + domains: + - "*.ocis-individual-services.latest.owncloud.works" + + vars: + ssh_authorized_keys: + - https://github.com/butonic.keys + - https://github.com/C0rby.keys + - https://github.com/fschade.keys + - https://github.com/kulmann.keys + - https://github.com/micbar.keys + - https://github.com/pascalwengerter.keys + - https://github.com/wkloucek.keys + docker_compose_projects: + - name: ocis + git_url: https://github.com/owncloud/ocis.git + ref: invidivial-services-deployment-example + docker_compose_path: deployments/examples/ocis_individual_services + env: + INSECURE: "false" + TRAEFIK_ACME_MAIL: wkloucek@owncloud.com + OCIS_DOCKER_TAG: latest + OCIS_SCALE: 6 + OCIS_DOMAIN: ocis.ocis-individual-services.latest.owncloud.works + COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml + - name: monitoring + git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git + ref: support-scaleout-deployment # TODO: master + env: + NETWORK_NAME: ocis-net + TELEMETRY_SERVE_DOMAIN: telemetry.ocis-individual-services.latest.owncloud.works + JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443 + TELEGRAF_SPECIFIC_CONFIG: ocis_individual_services + OCIS_URL: ocis.ocis-individual-services.latest.owncloud.works + OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-individual-services-latest diff --git a/deployments/continuous-deployment-config/ocis_keycloak/latest.yml b/deployments/continuous-deployment-config/ocis_keycloak/latest.yml index afa3503a197..e923589d873 100644 --- a/deployments/continuous-deployment-config/ocis_keycloak/latest.yml +++ b/deployments/continuous-deployment-config/ocis_keycloak/latest.yml @@ -24,8 +24,6 @@ - https://github.com/kulmann.keys - https://github.com/micbar.keys - https://github.com/pascalwengerter.keys - - https://github.com/paulcod3.keys - - https://github.com/refs.keys - https://github.com/wkloucek.keys docker_compose_projects: - name: ocis diff --git a/deployments/continuous-deployment-config/ocis_keycloak/released.yml b/deployments/continuous-deployment-config/ocis_keycloak/released.yml index 173063e60a3..5c5f38e7997 100644 --- a/deployments/continuous-deployment-config/ocis_keycloak/released.yml +++ b/deployments/continuous-deployment-config/ocis_keycloak/released.yml @@ -24,8 +24,6 @@ - https://github.com/kulmann.keys - https://github.com/micbar.keys - https://github.com/pascalwengerter.keys - - https://github.com/paulcod3.keys - - https://github.com/refs.keys - https://github.com/wkloucek.keys docker_compose_projects: - name: ocis diff --git a/deployments/continuous-deployment-config/ocis_ldap/latest.yml b/deployments/continuous-deployment-config/ocis_ldap/latest.yml index 26348b942af..ecd85c75d78 100644 --- a/deployments/continuous-deployment-config/ocis_ldap/latest.yml +++ b/deployments/continuous-deployment-config/ocis_ldap/latest.yml @@ -24,8 +24,6 @@ - https://github.com/kulmann.keys - https://github.com/micbar.keys - https://github.com/pascalwengerter.keys - - https://github.com/paulcod3.keys - - https://github.com/refs.keys - https://github.com/wkloucek.keys docker_compose_projects: - name: ocis diff --git a/deployments/continuous-deployment-config/ocis_ldap/released.yml b/deployments/continuous-deployment-config/ocis_ldap/released.yml index c59d000a942..06a6125ecc3 100644 --- a/deployments/continuous-deployment-config/ocis_ldap/released.yml +++ b/deployments/continuous-deployment-config/ocis_ldap/released.yml @@ -24,8 +24,6 @@ - https://github.com/kulmann.keys - https://github.com/micbar.keys - https://github.com/pascalwengerter.keys - - https://github.com/paulcod3.keys - - https://github.com/refs.keys - https://github.com/wkloucek.keys docker_compose_projects: - name: ocis diff --git a/deployments/continuous-deployment-config/ocis_s3/latest.yml b/deployments/continuous-deployment-config/ocis_s3/latest.yml index f49ad1a48c6..76d8fcb7e67 100644 --- a/deployments/continuous-deployment-config/ocis_s3/latest.yml +++ b/deployments/continuous-deployment-config/ocis_s3/latest.yml @@ -24,8 +24,6 @@ - https://github.com/kulmann.keys - https://github.com/micbar.keys - https://github.com/pascalwengerter.keys - - https://github.com/paulcod3.keys - - https://github.com/refs.keys - https://github.com/wkloucek.keys docker_compose_projects: - name: ocis diff --git a/deployments/continuous-deployment-config/ocis_traefik/latest.yml b/deployments/continuous-deployment-config/ocis_traefik/latest.yml index fe5b7293859..0f5e22d5179 100644 --- a/deployments/continuous-deployment-config/ocis_traefik/latest.yml +++ b/deployments/continuous-deployment-config/ocis_traefik/latest.yml @@ -24,8 +24,6 @@ - https://github.com/kulmann.keys - https://github.com/micbar.keys - https://github.com/pascalwengerter.keys - - https://github.com/paulcod3.keys - - https://github.com/refs.keys - https://github.com/wkloucek.keys docker_compose_projects: - name: ocis diff --git a/deployments/continuous-deployment-config/ocis_traefik/released.yml b/deployments/continuous-deployment-config/ocis_traefik/released.yml index 99998642445..93053a7c5b1 100644 --- a/deployments/continuous-deployment-config/ocis_traefik/released.yml +++ b/deployments/continuous-deployment-config/ocis_traefik/released.yml @@ -24,8 +24,6 @@ - https://github.com/kulmann.keys - https://github.com/micbar.keys - https://github.com/pascalwengerter.keys - - https://github.com/paulcod3.keys - - https://github.com/refs.keys - https://github.com/wkloucek.keys docker_compose_projects: - name: ocis diff --git a/deployments/continuous-deployment-config/ocis_wopi/latest.yml b/deployments/continuous-deployment-config/ocis_wopi/latest.yml index 006c1160a4b..f44c59e7070 100644 --- a/deployments/continuous-deployment-config/ocis_wopi/latest.yml +++ b/deployments/continuous-deployment-config/ocis_wopi/latest.yml @@ -24,8 +24,6 @@ - https://github.com/kulmann.keys - https://github.com/micbar.keys - https://github.com/pascalwengerter.keys - - https://github.com/paulcod3.keys - - https://github.com/refs.keys - https://github.com/wkloucek.keys docker_compose_projects: - name: ocis diff --git a/deployments/continuous-deployment-config/ocis_wopi/released.yml b/deployments/continuous-deployment-config/ocis_wopi/released.yml index 6dd9a23e509..701583d592f 100644 --- a/deployments/continuous-deployment-config/ocis_wopi/released.yml +++ b/deployments/continuous-deployment-config/ocis_wopi/released.yml @@ -24,8 +24,6 @@ - https://github.com/kulmann.keys - https://github.com/micbar.keys - https://github.com/pascalwengerter.keys - - https://github.com/paulcod3.keys - - https://github.com/refs.keys - https://github.com/wkloucek.keys docker_compose_projects: - name: ocis From 7ae7d56e436e924546a2de5dbcf59075afa05505 Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Thu, 10 Feb 2022 08:41:19 +0100 Subject: [PATCH 14/17] documentation --- docs/ocis/deployment/oc10_ocis_parallel.md | 2 +- docs/ocis/deployment/ocis_hello.md | 2 +- .../deployment/ocis_individual_services.md | 121 ++++++++++++++++++ docs/ocis/deployment/ocis_keycloak.md | 2 +- docs/ocis/deployment/ocis_ldap.md | 2 +- docs/ocis/deployment/ocis_s3.md | 2 +- docs/ocis/deployment/ocis_traefik.md | 2 +- docs/ocis/deployment/ocis_wopi.md | 2 +- 8 files changed, 128 insertions(+), 7 deletions(-) create mode 100644 docs/ocis/deployment/ocis_individual_services.md diff --git a/docs/ocis/deployment/oc10_ocis_parallel.md b/docs/ocis/deployment/oc10_ocis_parallel.md index f0d210d8981..cceb3047149 100644 --- a/docs/ocis/deployment/oc10_ocis_parallel.md +++ b/docs/ocis/deployment/oc10_ocis_parallel.md @@ -122,7 +122,7 @@ See also [example server setup]({{< ref "preparing_server" >}}) Set your domain for the oC10 and oCIS frontend in `CLOUD_DOMAIN=`, eg. `CLOUD_DOMAIN=cloud.owncloud.test`. - You also must override the default secrets in `STORAGE_TRANSFER_SECRET` and `OCIS_JWT_SECRET` in order to secure your oCIS instance. Choose some random strings eg. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}). + You also must override the default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD`, `OCIS_JWT_SECRET`, `STORAGE_TRANSFER_SECRET` and `OCIS_MACHINE_AUTH_API_KEY` in order to secure your oCIS instance. Choose some random strings eg. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}). By default ownCloud 10 will be started in the `latest` version. If you want to start a specific version of oCIS set the version to `OC10_DOCKER_TAG=`. Available versions can be found on [Docker Hub](https://hub.docker.com/r/owncloud/ocis/tags?page=1&ordering=last_updated). diff --git a/docs/ocis/deployment/ocis_hello.md b/docs/ocis/deployment/ocis_hello.md index 6449ce47a78..2afd77a633d 100644 --- a/docs/ocis/deployment/ocis_hello.md +++ b/docs/ocis/deployment/ocis_hello.md @@ -95,7 +95,7 @@ See also [example server setup]({{< ref "preparing_server" >}}) Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, eg. `OCIS_DOMAIN=ocis.owncloud.test`. - You also must override three default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD` and `OCIS_JWT_SECRET` in order to secure your oCIS instance. Choose some random strings eg. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}). + You also must override the default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD`, `OCIS_JWT_SECRET`, `STORAGE_TRANSFER_SECRET` and `OCIS_MACHINE_AUTH_API_KEY` in order to secure your oCIS instance. Choose some random strings eg. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}). By default the oCIS Hello extension will be started in the `latest` version. If you want to start a specific version of oCIS Hello set the version to `OCIS_HELLO_DOCKER_TAG=`. Available versions can be found on [Docker Hub](https://hub.docker.com/r/owncloud/ocis-hello/tags?page=1&ordering=last_updated). diff --git a/docs/ocis/deployment/ocis_individual_services.md b/docs/ocis/deployment/ocis_individual_services.md new file mode 100644 index 00000000000..bb8de24f289 --- /dev/null +++ b/docs/ocis/deployment/ocis_individual_services.md @@ -0,0 +1,121 @@ +--- +title: "oCIS as individual services" +date: 2020-10-12T14:04:00+01:00 +weight: 24 +geekdocRepo: https://github.com/owncloud/ocis +geekdocEditPath: edit/master/docs/ocis/deployment +geekdocFilePath: ocis_individual_services.md +--- + +{{< toc >}} + +## Overview + +* oCIS running behind Traefik as reverse proxy +* Traefik generating self signed certificates for local setup or obtaining valid SSL certificates for a server setup +* oCIS running as individual services (each extension in it's own containers) + +[Find this example on GitHub](https://github.com/owncloud/ocis/tree/master/deployments/examples/ocis_individual_services) + +The docker stack consists of at least 24 containers. One of them is Traefik, a proxy which is terminating ssl and forwards the requests to oCIS in the internal docker network. + +The other containers are oCIS extensions, running each one in a separate container. In this example oCIS uses its internal IDP [LibreGraph Connect]({{< ref "../../extensions/idp" >}}) and the [oCIS storage driver]({{< ref "../../extensions/storage/storagedrivers" >}}). You also can start more than one container of each service by setting `OCIS_SCALE` to a number greater than 1. Currently this won't scale all services, but we are working on making all service easily scalable. + +## Server Deployment + +### Requirements + +* Linux server with docker and docker-compose installed +* Two domains set up and pointing to your server + - ocis.* for serving oCIS + - traefik.* for serving the Traefik dashboard + +See also [example server setup]({{< ref "preparing_server" >}}) + + +### Install oCIS and Traefik + +* Clone oCIS repository + + `git clone https://github.com/owncloud/ocis.git` + +* Go to the deployment example + + `cd ocis/deployment/examples/ocis_traefik` + +* Open the `.env` file in a text editor + The file by default looks like this: + ```bash + # If you're on a internet facing server please comment out following line. + # It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates. + INSECURE=true + + ### Traefik settings ### + # Serve Treafik dashboard. Defaults to "false". + TRAEFIK_DASHBOARD= + # Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test" + TRAEFIK_DOMAIN= + # Basic authentication for the dashboard. Defaults to user "admin" and password "admin" + TRAEFIK_BASIC_AUTH_USERS= + # Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server + TRAEFIK_ACME_MAIL= + + ### oCIS settings ### + # oCIS version. Defaults to "latest" + OCIS_DOCKER_TAG= + # Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test" + OCIS_DOMAIN= + # IDP LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "idp". + IDP_LDAP_BIND_PASSWORD= + # Storage LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "reva". + STORAGE_LDAP_BIND_PASSWORD= + # JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4" + OCIS_JWT_SECRET= + # JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret" + STORAGE_TRANSFER_SECRET= + # Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please" + OCIS_MACHINE_AUTH_API_KEY= + # Number of services to run for extensions, that currently can be easily scaled. Defaults to 1. + OCIS_SCALE= + ``` + + You are installing oCIS on a server and Traefik will obtain valid certificates for you so please remove `INSECURE=true` or set it to `false`. + + If you want to use the Traefik dashboard, set TRAEFIK_DASHBOARD to `true` (default is `false` and therefore not active). If you activate it, you must set a domain for the Traefik dashboard in `TRAEFIK_DOMAIN=` eg. `TRAEFIK_DOMAIN=traefik.owncloud.test`. + + The Traefik dashboard is secured by basic auth. Default credentials are the user `admin` with the password `admin`. To set your own credentials, generate a htpasswd (eg. by using [an online tool](https://htpasswdgenerator.de/) or a cli tool). + + Traefik will issue certificates with LetsEncrypt and therefore you must set an email address in `TRAEFIK_ACME_MAIL=`. + + By default ocis will be started in the `latest` version. If you want to start a specific version of oCIS set the version to `OCIS_DOCKER_TAG=`. Available versions can be found on [Docker Hub](https://hub.docker.com/r/owncloud/ocis/tags?page=1&ordering=last_updated). + + Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, eg. `OCIS_DOMAIN=ocis.owncloud.test`. + + You also must override the default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD`, `OCIS_JWT_SECRET`, `STORAGE_TRANSFER_SECRET` and `OCIS_MACHINE_AUTH_API_KEY` in order to secure your oCIS instance. Choose some random strings eg. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}). + + You also can run more than one instance of the service by setting `OCIS_SCALE` to number greater than one. + + Now you have configured everything and can save the file. + +* Start the docker stack + + `docker-compose up -d` + +* You now can visit oCIS and Traefik dashboard on your configured domains. You may need to wait some minutes until all services are fully ready, so make sure that you try to reload the pages from time to time. + +## Local setup +For a more simple local ocis setup see [Getting started]({{< ref "../getting-started" >}}) + +This docker stack can also be run locally. One downside is that Traefik can not obtain valid SSL certificates and therefore will create self signed ones. This means that your browser will show scary warnings. Another downside is that you can not point DNS entries to your localhost. So you have to add static host entries to your computer. + +On Linux and macOS you can add them to your `/etc/hosts` files like this: +``` +127.0.0.1 ocis.owncloud.test +127.0.0.1 traefik.owncloud.test +``` + +After that you're ready to start the application stack: + +`docker-compose up -d` + +Open https://ocis.owncloud.test in your browser and accept the invalid certificate warning. You now can login to oCIS with the default users, which also can be found here: [Getting started]({{< ref "../getting-started#login-to-ocis-web" >}}). You may need to wait some minutes until all services are fully ready, so make sure that you try to reload the pages from time to time. diff --git a/docs/ocis/deployment/ocis_keycloak.md b/docs/ocis/deployment/ocis_keycloak.md index 73b8e3c5343..7d8c189ca89 100644 --- a/docs/ocis/deployment/ocis_keycloak.md +++ b/docs/ocis/deployment/ocis_keycloak.md @@ -108,7 +108,7 @@ See also [example server setup]({{< ref "preparing_server" >}}) If you want to change the OIDC client id of th ownCloud Web frontend, you can do this by setting the name to `OCIS_OIDC_CLIENT_ID=`. - You also must override three default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD` and `OCIS_JWT_SECRET` in order to secure your oCIS instance. Choose some random strings eg. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}). + You also must override the default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD`, `OCIS_JWT_SECRET`, `STORAGE_TRANSFER_SECRET` and `OCIS_MACHINE_AUTH_API_KEY` in order to secure your oCIS instance. Choose some random strings eg. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}). Set your domain for the Keycloak administration panel and authentication endpoints to `KEYCLOAK_DOMAIN=` eg. `KEYCLOAK_DOMAIN=keycloak.owncloud.test`. diff --git a/docs/ocis/deployment/ocis_ldap.md b/docs/ocis/deployment/ocis_ldap.md index 05f035e979b..655dae94cc3 100644 --- a/docs/ocis/deployment/ocis_ldap.md +++ b/docs/ocis/deployment/ocis_ldap.md @@ -93,7 +93,7 @@ See also [example server setup]({{< ref "preparing_server" >}}) Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, eg. `OCIS_DOMAIN=cloud.owncloud.test`. - You also must override the default secrets in `STORAGE_TRANSFER_SECRET` and `OCIS_JWT_SECRET` in order to secure your oCIS instance. Choose some random strings eg. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}). + You also must override the default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD`, `OCIS_JWT_SECRET`, `STORAGE_TRANSFER_SECRET` and `OCIS_MACHINE_AUTH_API_KEY` in order to secure your oCIS instance. Choose some random strings eg. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}). The OpenLDAP server in this example deployment has an admin users, which is also used as bind user in order to keep theses examples simple. You can change the default password "admin" to a different one by setting it to `LDAP_ADMIN_PASSWORD=...`. diff --git a/docs/ocis/deployment/ocis_s3.md b/docs/ocis/deployment/ocis_s3.md index e353a7617d5..b129ac66316 100644 --- a/docs/ocis/deployment/ocis_s3.md +++ b/docs/ocis/deployment/ocis_s3.md @@ -104,7 +104,7 @@ See also [example server setup]({{< ref "preparing_server" >}}) Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, eg. `OCIS_DOMAIN=ocis.owncloud.test`. - You also must override three default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD` and `OCIS_JWT_SECRET` in order to secure your oCIS instance. Choose some random strings eg. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}). + You also must override the default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD`, `OCIS_JWT_SECRET`, `STORAGE_TRANSFER_SECRET` and `OCIS_MACHINE_AUTH_API_KEY` in order to secure your oCIS instance. Choose some random strings eg. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}). Set your domain for the MinIO frontend in `MINIO_DOMAIN=`, eg. `MINIO_DOMAIN=minio.owncloud.test`. If you are using other S3-compatible providers you need to configure the respective endpoint here. diff --git a/docs/ocis/deployment/ocis_traefik.md b/docs/ocis/deployment/ocis_traefik.md index 2aaf2aedd12..9adaebbbf5b 100644 --- a/docs/ocis/deployment/ocis_traefik.md +++ b/docs/ocis/deployment/ocis_traefik.md @@ -88,7 +88,7 @@ See also [example server setup]({{< ref "preparing_server" >}}) Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, eg. `OCIS_DOMAIN=ocis.owncloud.test`. - You also must override three default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD` and `OCIS_JWT_SECRET` in order to secure your oCIS instance. Choose some random strings eg. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}). + You also must override the default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD`, `OCIS_JWT_SECRET`, `STORAGE_TRANSFER_SECRET` and `OCIS_MACHINE_AUTH_API_KEY` in order to secure your oCIS instance. Choose some random strings eg. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}). Now you have configured everything and can save the file. diff --git a/docs/ocis/deployment/ocis_wopi.md b/docs/ocis/deployment/ocis_wopi.md index 16f75a88884..5b8e7f22279 100644 --- a/docs/ocis/deployment/ocis_wopi.md +++ b/docs/ocis/deployment/ocis_wopi.md @@ -130,7 +130,7 @@ See also [example server setup]({{< ref "preparing_server" >}}) Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, eg. `OCIS_DOMAIN=ocis.owncloud.test`. - You also must override three default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD` and `OCIS_JWT_SECRET` in order to secure your oCIS instance. Choose some random strings eg. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}). + You also must override the default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD`, `OCIS_JWT_SECRET`, `STORAGE_TRANSFER_SECRET` and `OCIS_MACHINE_AUTH_API_KEY` in order to secure your oCIS instance. Choose some random strings eg. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}). By default the CS3Org WOPI server will also be started in the `latest` version. If you want to start a specific version of it, you can set the version to `WOPISERVER_DOCKER_TAG=`. Available versions can be found on [Docker Hub](https://hub.docker.com/r/cs3org/wopiserver/tags?page=1&ordering=last_updated). From 2e114c8efbbc1a679aa3d56d01e6876f091c2231 Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Thu, 10 Feb 2022 08:51:38 +0100 Subject: [PATCH 15/17] revert temporary changes --- .drone.star | 16 +++++++--------- .../ocis_individual_services/latest.yml | 4 ++-- 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/.drone.star b/.drone.star index 21d91c1516d..ee45183affc 100644 --- a/.drone.star +++ b/.drone.star @@ -1667,14 +1667,13 @@ def skipIfUnchanged(ctx, type): def example_deploys(ctx): latest_configs = [ - # TODO: reenable - #"ocis_ldap/latest.yml", - #"ocis_keycloak/latest.yml", - #"ocis_traefik/latest.yml", - #"ocis_wopi/latest.yml", - #"ocis_hello/latest.yml", - #"ocis_s3/latest.yml", - #"oc10_ocis_parallel/latest.yml", + "ocis_ldap/latest.yml", + "ocis_keycloak/latest.yml", + "ocis_traefik/latest.yml", + "ocis_wopi/latest.yml", + "ocis_hello/latest.yml", + "ocis_s3/latest.yml", + "oc10_ocis_parallel/latest.yml", "ocis_individual_services/latest.yml", ] released_configs = [ @@ -1748,7 +1747,6 @@ def deploy(ctx, config, rebuild): "trigger": { "ref": [ "refs/heads/master", - "refs/heads/invidivial-services-deployment-example", #TODO: remove "refs/tags/v*", ], }, diff --git a/deployments/continuous-deployment-config/ocis_individual_services/latest.yml b/deployments/continuous-deployment-config/ocis_individual_services/latest.yml index 67ebfb680c5..b4c7273c8ca 100644 --- a/deployments/continuous-deployment-config/ocis_individual_services/latest.yml +++ b/deployments/continuous-deployment-config/ocis_individual_services/latest.yml @@ -28,7 +28,7 @@ docker_compose_projects: - name: ocis git_url: https://github.com/owncloud/ocis.git - ref: invidivial-services-deployment-example + ref: master docker_compose_path: deployments/examples/ocis_individual_services env: INSECURE: "false" @@ -39,7 +39,7 @@ COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml - name: monitoring git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git - ref: support-scaleout-deployment # TODO: master + ref: master env: NETWORK_NAME: ocis-net TELEMETRY_SERVE_DOMAIN: telemetry.ocis-individual-services.latest.owncloud.works From d3df629b6fa388ae0fa22e67a96f599d6a23061f Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Thu, 10 Feb 2022 08:55:13 +0100 Subject: [PATCH 16/17] fix readme --- deployments/examples/ocis_individual_services/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deployments/examples/ocis_individual_services/README.md b/deployments/examples/ocis_individual_services/README.md index 41bdcd8f1b9..3f5f4047807 100644 --- a/deployments/examples/ocis_individual_services/README.md +++ b/deployments/examples/ocis_individual_services/README.md @@ -1,6 +1,6 @@ --- -document this deployment example in: docs/ocis/deployment/ocis_s3.md +document this deployment example in: docs/ocis/deployment/ocis_individual_services.md --- -Please refer to [our documentation](https://owncloud.dev/ocis/deployment/ocis_s3/) +Please refer to [our documentation](https://owncloud.dev/ocis/deployment/ocis_individual_services/) for instructions on how to deploy this scenario. From 60acd2229866c9a20a3d879ebaf3406f502c74f1 Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Wed, 23 Feb 2022 11:03:30 +0100 Subject: [PATCH 17/17] add nats --- .../docker-compose.yml | 25 ++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/deployments/examples/ocis_individual_services/docker-compose.yml b/deployments/examples/ocis_individual_services/docker-compose.yml index e2cdea8ced5..27ec4754325 100644 --- a/deployments/examples/ocis_individual_services/docker-compose.yml +++ b/deployments/examples/ocis_individual_services/docker-compose.yml @@ -85,6 +85,27 @@ services: driver: "local" restart: always + nats: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: 1 + networks: + ocis-net: null + entrypoint: + - ocis + - nats-server + - server + environment: + NATS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + NATS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + NATS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + NATS_NATS_HOST: 0.0.0.0 + NATS_NATS_PORT: 9233 + logging: + driver: "local" + restart: always + accounts: image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} deploy: @@ -360,7 +381,7 @@ services: STORAGE_HOME_DATAPROVIDER_INSECURE: "${INSECURE:-false}" - STORAGE_METADATA_GRPC_PROVIDER_ADDR: 0.0.0.0:9215 + STORAGE_METADATA_GRPC_ADDR: 0.0.0.0:9215 STORAGE_METADATA_HTTP_ADDR: 0.0.0.0:9216 STORAGE_METADATA_DATA_SERVER_URL: http://storage-metadata:9216/data @@ -556,6 +577,8 @@ services: STORAGE_SHARING_PUBLIC_DRIVER: json STORAGE_SHARING_PUBLIC_JSON_FILE: /var/lib/ocis/storage/sharing/publicshares.json + STORAGE_SHARING_EVENTS_ADDRESS: nats:9233 + STORAGE_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} REVA_GATEWAY: storage-gateway:9142 volumes: