From 9efed4fe80bcabb8c37aabf5f8a2e405c9ef28eb Mon Sep 17 00:00:00 2001 From: Felix Bartels <1257835+fbartels@users.noreply.github.com> Date: Thu, 9 Apr 2020 09:39:30 +0200 Subject: [PATCH] move implicit defaults to docker-compose (#353) Reson: some non-default configuration options are backed into the startup scripts. This can be unexpected when mounting files e.g. in a Kubernetes setup. https://github.com/zokradonh/kopano-docker/issues/294 * core configuration * fix compose for meet * remove interpreter from start script * use default oidc timeout --- .pylintrc | 3 +++ core/Dockerfile | 2 +- core/defaultconfigs/dagent.py | 8 +++----- core/defaultconfigs/gateway.py | 8 +++----- core/defaultconfigs/grapi.py | 2 +- core/defaultconfigs/ical.py | 7 +++---- core/defaultconfigs/kapi.py | 10 +++------- core/defaultconfigs/monitor.py | 6 +++--- core/defaultconfigs/search.py | 7 +++---- core/defaultconfigs/server.py | 14 +++----------- core/defaultconfigs/spooler.py | 7 +++---- core/start-service.sh | 2 +- docker-compose.yml | 23 +++++++++++++++++++++++ examples/meet/docker-compose.yml | 5 +++++ 14 files changed, 58 insertions(+), 46 deletions(-) create mode 100644 .pylintrc mode change 100644 => 100755 core/defaultconfigs/dagent.py mode change 100644 => 100755 core/defaultconfigs/gateway.py mode change 100644 => 100755 core/defaultconfigs/grapi.py mode change 100644 => 100755 core/defaultconfigs/ical.py mode change 100644 => 100755 core/defaultconfigs/kapi.py mode change 100644 => 100755 core/defaultconfigs/monitor.py mode change 100644 => 100755 core/defaultconfigs/search.py mode change 100644 => 100755 core/defaultconfigs/server.py mode change 100644 => 100755 core/defaultconfigs/spooler.py diff --git a/.pylintrc b/.pylintrc new file mode 100644 index 0000000..32e0287 --- /dev/null +++ b/.pylintrc @@ -0,0 +1,3 @@ +[MASTER] +init-hook='import sys; sys.path.append("base")' +disable=C0114, # missing-module-docstring diff --git a/core/Dockerfile b/core/Dockerfile index 4663809..3659dce 100644 --- a/core/Dockerfile +++ b/core/Dockerfile @@ -28,7 +28,7 @@ ENV \ RELEASE_KEY_DOWNLOAD=$RELEASE_KEY_DOWNLOAD LABEL maintainer=az@zok.xyz \ - org.label-schema.name="Kopano core container" \ + org.label-schema.name="Kopano Groupware Core container" \ org.label-schema.description="Container for running applications out of Kopano Groupware Core" \ org.label-schema.url="https://kopano.io" \ org.label-schema.vcs-ref=$VCS_REF \ diff --git a/core/defaultconfigs/dagent.py b/core/defaultconfigs/dagent.py old mode 100644 new mode 100755 index d81c90c..2785083 --- a/core/defaultconfigs/dagent.py +++ b/core/defaultconfigs/dagent.py @@ -1,14 +1,12 @@ -import os +#!/usr/bin/env python3 import kcconf # Component specific configurations kcconf.configkopano({ r"/tmp/kopano/dagent.cfg": { - 'lmtp_listen': "0.0.0.0:2003", - 'log_file': "-", - 'log_level': "4", - 'tmp_path': "/tmp/dagent/" + # Certain configuration can be pre-defined at startup: + #'lmtp_listen': "0.0.0.0:2003", } }) diff --git a/core/defaultconfigs/gateway.py b/core/defaultconfigs/gateway.py old mode 100644 new mode 100755 index 2bbbb62..816e1d1 --- a/core/defaultconfigs/gateway.py +++ b/core/defaultconfigs/gateway.py @@ -1,14 +1,12 @@ -import os +#!/usr/bin/env python3 import kcconf # Component specific configurations kcconf.configkopano({ r"/tmp/kopano/gateway.cfg": { - 'imap_listen': "0.0.0.0:143", - 'log_file': "-", - 'log_level': "3", - 'tmp_path': "/tmp/gateway/" + # Certain configuration can be pre-defined at startup: + #'imap_listen': "0.0.0.0:143", } }) diff --git a/core/defaultconfigs/grapi.py b/core/defaultconfigs/grapi.py old mode 100644 new mode 100755 index 756042a..0cc1806 --- a/core/defaultconfigs/grapi.py +++ b/core/defaultconfigs/grapi.py @@ -1,4 +1,4 @@ -import os +#!/usr/bin/env python3 import kcconf # Override configs from environment variables diff --git a/core/defaultconfigs/ical.py b/core/defaultconfigs/ical.py old mode 100644 new mode 100755 index 1885c6d..d83fe65 --- a/core/defaultconfigs/ical.py +++ b/core/defaultconfigs/ical.py @@ -1,13 +1,12 @@ -import os +#!/usr/bin/env python3 import kcconf # Component specific configurations kcconf.configkopano({ r"/tmp/kopano/ical.cfg": { - 'ical_listen': "0.0.0.0:8080", - 'log_file': "-", - 'log_level': "3" + # Certain configuration can be pre-defined at startup: + #'ical_listen': "0.0.0.0:8080", } }) diff --git a/core/defaultconfigs/kapi.py b/core/defaultconfigs/kapi.py old mode 100644 new mode 100755 index dd757d7..19526e8 --- a/core/defaultconfigs/kapi.py +++ b/core/defaultconfigs/kapi.py @@ -1,16 +1,12 @@ -import os +#!/usr/bin/env python3 import kcconf # Component specific configurations kcconf.configkopano({ r"/tmp/kopano/kapid.cfg": { - 'log_level': "info", - 'listen': "0.0.0.0:8039", - 'DEFAULT_PLUGIN_PUBS_SECRET_KEY_FILE': "/kopano/ssl/kapid-pubs-secret.key", - 'plugin_kvs_db_datasource': "/kopano/data/kapi-kvs/kvs.db", - 'plugin_grapi_socket_path': "/var/run/kopano/grapi" - + # Certain configuration can be pre-defined at startup: + #'listen': "0.0.0.0:8039", } }) diff --git a/core/defaultconfigs/monitor.py b/core/defaultconfigs/monitor.py old mode 100644 new mode 100755 index a5b5421..2e3e37a --- a/core/defaultconfigs/monitor.py +++ b/core/defaultconfigs/monitor.py @@ -1,12 +1,12 @@ -import os +#!/usr/bin/env python3 import kcconf # Component specific configurations kcconf.configkopano({ r"/tmp/kopano/monitor.cfg": { - 'log_file': "-", - 'log_level': "4" + # Certain configuration can be pre-defined at startup: + #'log_level': "4" } }) diff --git a/core/defaultconfigs/search.py b/core/defaultconfigs/search.py old mode 100644 new mode 100755 index cd90b1b..677b734 --- a/core/defaultconfigs/search.py +++ b/core/defaultconfigs/search.py @@ -1,13 +1,12 @@ -import os +#!/usr/bin/env python3 import kcconf # Component specific configurations kcconf.configkopano({ r"/tmp/kopano/search.cfg": { - 'log_file': "-", - 'log_level': "4", - 'index_path': "/kopano/data/search/" + # Certain configuration can be pre-defined at startup: + #'index_path': "/kopano/data/search/" } }) diff --git a/core/defaultconfigs/server.py b/core/defaultconfigs/server.py old mode 100644 new mode 100755 index e0ae3eb..b840708 --- a/core/defaultconfigs/server.py +++ b/core/defaultconfigs/server.py @@ -1,20 +1,12 @@ -import os +#!/usr/bin/env python3 import kcconf # Component specific configurations kcconf.configkopano({ r"/tmp/kopano/server.cfg": { - 'attachment_path': "/kopano/data/attachments/", - 'kcoidc_initialize_timeout': "360", - 'log_file': "-", - 'log_level': "3", - 'server_listen_tls': "0.0.0.0:237", - 'server_listen': "0.0.0.0:236", - 'softdelete_lifetime': "0", - 'sync_gab_realtime': "no", - 'user_plugin_config': "/tmp/kopano/ldap.cfg", - 'user_plugin': "ldap" + # Certain configuration can be pre-defined at startup: + #'server_listen': "0.0.0.0:236", } }) diff --git a/core/defaultconfigs/spooler.py b/core/defaultconfigs/spooler.py old mode 100644 new mode 100755 index 219eb44..0de555f --- a/core/defaultconfigs/spooler.py +++ b/core/defaultconfigs/spooler.py @@ -1,13 +1,12 @@ -import os +#!/usr/bin/env python3 import kcconf # Component specific configurations kcconf.configkopano({ r"/tmp/kopano/spooler.cfg": { - 'log_file': "-", - 'log_level': "4", - 'tmp_path': "/tmp/spooler/" + # Certain configuration can be pre-defined at startup: + #'log_level': "4", } }) diff --git a/core/start-service.sh b/core/start-service.sh index 5414767..93d9249 100755 --- a/core/start-service.sh +++ b/core/start-service.sh @@ -49,7 +49,7 @@ mkdir -p /tmp/"$SERVICE_TO_START" /var/run/kopano # TODO is this still required now that we won't modify configuration mounted to /etc/kopano? if [ "${DISABLE_CONFIG_CHANGES}" == false ]; then echo "Configure core service '$SERVICE_TO_START'" | ts - /usr/bin/python3 /kopano/"$SERVICE_TO_START".py + /kopano/"$SERVICE_TO_START".py fi # ensure removed pid-file on unclean shutdowns and mounted volumes diff --git a/docker-compose.yml b/docker-compose.yml index 0af57bd..89b5e88 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -60,21 +60,29 @@ services: - KCCONF_LDAP_LDAP_BIND_USER=${LDAP_BIND_DN} - KCCONF_LDAP_LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE} - KCCONF_LDAP_LDAP_URI=${LDAP_SERVER} + - KCCONF_SERVER_ATTACHMENT_PATH=/kopano/data/attachments - KCCONF_SERVER_COREDUMP_ENABLED=no - KCCONF_SERVER_ENABLE_SSO=yes - KCCONF_SERVER_KCOIDC_INSECURE_SKIP_VERIFY=${INSECURE} - KCCONF_SERVER_KCOIDC_ISSUER_IDENTIFIER=https://${FQDN} + - KCCONF_SERVER_LOG_LEVEL=3 - KCCONF_SERVER_MYSQL_DATABASE=${MYSQL_DATABASE} - KCCONF_SERVER_MYSQL_HOST=${MYSQL_HOST} - KCCONF_SERVER_MYSQL_PASSWORD=${MYSQL_PASSWORD} - KCCONF_SERVER_MYSQL_PORT=3306 - KCCONF_SERVER_MYSQL_USER=${MYSQL_USER} - KCCONF_SERVER_PROXY_HEADER=* # delete line if webapp is not behind reverse proxy + - KCCONF_SERVER_SERVER_LISTEN_TLS=0.0.0.0:237 + - KCCONF_SERVER_SERVER_LISTEN=0.0.0.0:236 - KCCONF_SERVER_SERVER_NAME=Kopano - KCCONF_SERVER_SERVER_SSL_CA_FILE=/kopano/ssl/ca.pem - KCCONF_SERVER_SERVER_SSL_KEY_FILE=/kopano/ssl/kopano_server.pem + - KCCONF_SERVER_SOFTDELETE_LIFETIME=0 - KCCONF_SERVER_SSLKEYS_PATH=/kopano/ssl/clients + - KCCONF_SERVER_SYNC_GAB_REALTIME=no - KCCONF_SERVER_SYSTEM_EMAIL_ADDRESS=${POSTMASTER_ADDRESS} + - KCCONF_SERVER_USER_PLUGIN_CONFIG=/tmp/kopano/ldap.cfg + - KCCONF_SERVER_USER_PLUGIN=ldap - KCUNCOMMENT_LDAP_1=${KCUNCOMMENT_LDAP_1} - SERVICE_TO_START=server - TZ=${TZ} @@ -192,9 +200,14 @@ services: - kopanosocket/:/run/kopano - kopanossl/:/kopano/ssl environment: + - DEFAULT_PLUGIN_PUBS_SECRET_KEY_FILE=/kopano/ssl/kapid-pubs-secret.key - KCCONF_KAPID_INSECURE=${INSECURE} + - KCCONF_KAPID_LISTEN=0.0.0.0:8039 - KCCONF_KAPID_LOG_LEVEL=DEBUG + - KCCONF_KAPID_LOG_LEVEL=info - KCCONF_KAPID_OIDC_ISSUER_IDENTIFIER=https://${FQDN} + - KCCONF_KAPID_PLUGIN_GRAPI_SOCKET_PATH=/var/run/kopano/grapi + - KCCONF_KAPID_PLUGIN_KVS_DB_DATASOURCE=/kopano/data/kapi-kvs/kvs.db - SERVICE_TO_START=kapi - TZ=${TZ} env_file: @@ -242,8 +255,10 @@ services: - kopanosocket/:/run/kopano - kopanossl/:/kopano/ssl environment: + - KCCONF_DAGENT_LMTP_LISTEN=0.0.0.0:2003 - KCCONF_DAGENT_LOG_LEVEL=3 - KCCONF_DAGENT_SSLKEY_FILE=/kopano/ssl/kopano_dagent.pem + - KCCONF_DAGENT_TMP_PATH=/tmp/dagent/ - SERVICE_TO_START=dagent - TZ=${TZ} env_file: @@ -270,6 +285,7 @@ services: - KCCONF_SPOOLER_LOG_LEVEL=3 - KCCONF_SPOOLER_SMTP_SERVER=mail - KCCONF_SPOOLER_SSLKEY_FILE=/kopano/ssl/kopano_spooler.pem + - KCCONF_SPOOLER_TMP_PATH=/tmp/spooler/ - SERVICE_TO_START=spooler - TZ=${TZ} env_file: @@ -291,8 +307,10 @@ services: - kopanosocket/:/run/kopano - kopanossl/:/kopano/ssl environment: + - KCCONF_GATEWAY_IMAP_LISTEN=0.0.0.0:143 - KCCONF_GATEWAY_LOG_LEVEL=3 - KCCONF_GATEWAY_SERVER_SOCKET=http://kopano_server:236/ + - KCCONF_GATEWAY_TMP_PATH=/tmp/gateway/ - SERVICE_TO_START=gateway - TZ=${TZ} env_file: @@ -314,6 +332,8 @@ services: - kopanosocket/:/run/kopano - kopanossl/:/kopano/ssl environment: + - KCCONF_ICAL_ICAL_LISTEN=0.0.0.0:8080 + - KCCONF_ICAL_LOG_LEVEL=3 - KCCONF_ICAL_SERVER_SOCKET=http://kopano_server:236/ - SERVICE_TO_START=ical - TZ=${TZ} @@ -338,6 +358,7 @@ services: - kopanossl/:/kopano/ssl environment: - SERVICE_TO_START=monitor + - KCCONF_MONITOR_LOG_LEVEL=3 - TZ=${TZ} env_file: - kopano_monitor.env @@ -361,6 +382,8 @@ services: - kopanossl/:/kopano/ssl environment: - SERVICE_TO_START=search + - KCCONF_SEARCH_LOG_LEVEL=3 + - KCCONF_SEARCH_INDEX_PATH=/kopano/data/search/ - TZ=${TZ} env_file: - kopano_search.env diff --git a/examples/meet/docker-compose.yml b/examples/meet/docker-compose.yml index 2113e00..eea2065 100644 --- a/examples/meet/docker-compose.yml +++ b/examples/meet/docker-compose.yml @@ -91,9 +91,14 @@ services: - kopanosocket/:/run/kopano - kopanossl/:/kopano/ssl environment: + - DEFAULT_PLUGIN_PUBS_SECRET_KEY_FILE=/kopano/ssl/kapid-pubs-secret.key - KCCONF_KAPID_INSECURE=${INSECURE} + - KCCONF_KAPID_LISTEN=0.0.0.0:8039 - KCCONF_KAPID_LOG_LEVEL=DEBUG + - KCCONF_KAPID_LOG_LEVEL=info - KCCONF_KAPID_OIDC_ISSUER_IDENTIFIER=https://${FQDN} + - KCCONF_KAPID_PLUGIN_GRAPI_SOCKET_PATH=/var/run/kopano/grapi + - KCCONF_KAPID_PLUGIN_KVS_DB_DATASOURCE=/kopano/data/kapi-kvs/kvs.db - SERVICE_TO_START=kapi - TZ=${TZ} networks: