move implicit defaults to docker-compose (#353)

Reson: some non-default configuration options are backed into the startup scripts. This can be unexpected when mounting files e.g. in a Kubernetes setup.

https://github.com/zokradonh/kopano-docker/issues/294

* core configuration
* fix compose for meet
* remove interpreter from start script
* use default oidc timeout

.pylintrc

@@ -0,0 +1,3 @@
+[MASTER]
+init-hook='import sys; sys.path.append("base")'
+disable=C0114, # missing-module-docstring

core/Dockerfile

@@ -28,7 +28,7 @@ ENV \
     RELEASE_KEY_DOWNLOAD=$RELEASE_KEY_DOWNLOAD
 
 LABEL maintainer=az@zok.xyz \
-    org.label-schema.name="Kopano core container" \
+    org.label-schema.name="Kopano Groupware Core container" \
     org.label-schema.description="Container for running applications out of Kopano Groupware Core" \
     org.label-schema.url="https://kopano.io" \
     org.label-schema.vcs-ref=$VCS_REF \

core/defaultconfigs/dagent.py

@@ -1,14 +1,12 @@
-import os
+#!/usr/bin/env python3
 import kcconf
 
 # Component specific configurations
 kcconf.configkopano({
     r"/tmp/kopano/dagent.cfg":
     {
-        'lmtp_listen': "0.0.0.0:2003",
+        # Certain configuration can be pre-defined at startup:
-        'log_file': "-",
+        #'lmtp_listen': "0.0.0.0:2003",
-        'log_level': "4",
-        'tmp_path': "/tmp/dagent/"
     }
 })
 

core/defaultconfigs/gateway.py

@@ -1,14 +1,12 @@
-import os
+#!/usr/bin/env python3
 import kcconf
 
 # Component specific configurations
 kcconf.configkopano({
     r"/tmp/kopano/gateway.cfg":
     {
-        'imap_listen': "0.0.0.0:143",
+        # Certain configuration can be pre-defined at startup:
-        'log_file': "-",
+        #'imap_listen': "0.0.0.0:143",
-        'log_level': "3",
-        'tmp_path': "/tmp/gateway/"
     }
 })
 

core/defaultconfigs/grapi.py

@@ -1,4 +1,4 @@
-import os
+#!/usr/bin/env python3
 import kcconf
 
 # Override configs from environment variables

core/defaultconfigs/ical.py

@@ -1,13 +1,12 @@
-import os
+#!/usr/bin/env python3
 import kcconf
 
 # Component specific configurations
 kcconf.configkopano({
     r"/tmp/kopano/ical.cfg":
     {
-        'ical_listen': "0.0.0.0:8080",
+        # Certain configuration can be pre-defined at startup:
-        'log_file': "-",
+        #'ical_listen': "0.0.0.0:8080",
-        'log_level': "3"
     }
 })
 

core/defaultconfigs/kapi.py

@@ -1,16 +1,12 @@
-import os
+#!/usr/bin/env python3
 import kcconf
 
 # Component specific configurations
 kcconf.configkopano({
     r"/tmp/kopano/kapid.cfg":
     {
-        'log_level': "info",
+        # Certain configuration can be pre-defined at startup:
-        'listen': "0.0.0.0:8039",
+        #'listen': "0.0.0.0:8039",
-        'DEFAULT_PLUGIN_PUBS_SECRET_KEY_FILE': "/kopano/ssl/kapid-pubs-secret.key",
-        'plugin_kvs_db_datasource': "/kopano/data/kapi-kvs/kvs.db",
-        'plugin_grapi_socket_path': "/var/run/kopano/grapi"
-
     }
 })
 

core/defaultconfigs/monitor.py

@@ -1,12 +1,12 @@
-import os
+#!/usr/bin/env python3
 import kcconf
 
 # Component specific configurations
 kcconf.configkopano({
     r"/tmp/kopano/monitor.cfg":
     {
-        'log_file': "-",
+        # Certain configuration can be pre-defined at startup:
-        'log_level': "4"
+        #'log_level': "4"
     }
 })
 

core/defaultconfigs/search.py

@@ -1,13 +1,12 @@
-import os
+#!/usr/bin/env python3
 import kcconf
 
 # Component specific configurations
 kcconf.configkopano({
     r"/tmp/kopano/search.cfg":
     {
-        'log_file': "-",
+        # Certain configuration can be pre-defined at startup:
-        'log_level': "4",
+        #'index_path': "/kopano/data/search/"
-        'index_path': "/kopano/data/search/"
     }
 })
 

core/defaultconfigs/server.py

@@ -1,20 +1,12 @@
-import os
+#!/usr/bin/env python3
 import kcconf
 
 # Component specific configurations
 kcconf.configkopano({
     r"/tmp/kopano/server.cfg":
     {
-        'attachment_path': "/kopano/data/attachments/",
+        # Certain configuration can be pre-defined at startup:
-        'kcoidc_initialize_timeout': "360",
+        #'server_listen': "0.0.0.0:236",
-        'log_file': "-",
-        'log_level': "3",
-        'server_listen_tls': "0.0.0.0:237",
-        'server_listen': "0.0.0.0:236",
-        'softdelete_lifetime': "0",
-        'sync_gab_realtime': "no",
-        'user_plugin_config': "/tmp/kopano/ldap.cfg",
-        'user_plugin': "ldap"
     }
 })
 

core/defaultconfigs/spooler.py

@@ -1,13 +1,12 @@
-import os
+#!/usr/bin/env python3
 import kcconf
 
 # Component specific configurations
 kcconf.configkopano({
     r"/tmp/kopano/spooler.cfg":
     {
-        'log_file': "-",
+        # Certain configuration can be pre-defined at startup:
-        'log_level': "4",
+        #'log_level': "4",
-        'tmp_path': "/tmp/spooler/"
     }
 })
 

core/start-service.sh

@@ -49,7 +49,7 @@ mkdir -p /tmp/"$SERVICE_TO_START" /var/run/kopano
 # TODO is this still required now that we won't modify configuration mounted to /etc/kopano?
 if [ "${DISABLE_CONFIG_CHANGES}" == false ]; then
 	echo "Configure core service '$SERVICE_TO_START'" | ts
-	/usr/bin/python3 /kopano/"$SERVICE_TO_START".py
+	/kopano/"$SERVICE_TO_START".py
 fi
 
 # ensure removed pid-file on unclean shutdowns and mounted volumes

docker-compose.yml

@@ -60,21 +60,29 @@ services:
       - KCCONF_LDAP_LDAP_BIND_USER=${LDAP_BIND_DN}
       - KCCONF_LDAP_LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE}
       - KCCONF_LDAP_LDAP_URI=${LDAP_SERVER}
+      - KCCONF_SERVER_ATTACHMENT_PATH=/kopano/data/attachments
       - KCCONF_SERVER_COREDUMP_ENABLED=no
       - KCCONF_SERVER_ENABLE_SSO=yes
       - KCCONF_SERVER_KCOIDC_INSECURE_SKIP_VERIFY=${INSECURE}
       - KCCONF_SERVER_KCOIDC_ISSUER_IDENTIFIER=https://${FQDN}
+      - KCCONF_SERVER_LOG_LEVEL=3
       - KCCONF_SERVER_MYSQL_DATABASE=${MYSQL_DATABASE}
       - KCCONF_SERVER_MYSQL_HOST=${MYSQL_HOST}
       - KCCONF_SERVER_MYSQL_PASSWORD=${MYSQL_PASSWORD}
       - KCCONF_SERVER_MYSQL_PORT=3306
       - KCCONF_SERVER_MYSQL_USER=${MYSQL_USER}
       - KCCONF_SERVER_PROXY_HEADER=*  # delete line if webapp is not behind reverse proxy
+      - KCCONF_SERVER_SERVER_LISTEN_TLS=0.0.0.0:237
+      - KCCONF_SERVER_SERVER_LISTEN=0.0.0.0:236
       - KCCONF_SERVER_SERVER_NAME=Kopano
       - KCCONF_SERVER_SERVER_SSL_CA_FILE=/kopano/ssl/ca.pem
       - KCCONF_SERVER_SERVER_SSL_KEY_FILE=/kopano/ssl/kopano_server.pem
+      - KCCONF_SERVER_SOFTDELETE_LIFETIME=0
       - KCCONF_SERVER_SSLKEYS_PATH=/kopano/ssl/clients
+      - KCCONF_SERVER_SYNC_GAB_REALTIME=no
       - KCCONF_SERVER_SYSTEM_EMAIL_ADDRESS=${POSTMASTER_ADDRESS}
+      - KCCONF_SERVER_USER_PLUGIN_CONFIG=/tmp/kopano/ldap.cfg
+      - KCCONF_SERVER_USER_PLUGIN=ldap
       - KCUNCOMMENT_LDAP_1=${KCUNCOMMENT_LDAP_1}
       - SERVICE_TO_START=server
       - TZ=${TZ}
@@ -192,9 +200,14 @@ services:
       - kopanosocket/:/run/kopano
       - kopanossl/:/kopano/ssl
     environment:
+      - DEFAULT_PLUGIN_PUBS_SECRET_KEY_FILE=/kopano/ssl/kapid-pubs-secret.key
       - KCCONF_KAPID_INSECURE=${INSECURE}
+      - KCCONF_KAPID_LISTEN=0.0.0.0:8039
       - KCCONF_KAPID_LOG_LEVEL=DEBUG
+      - KCCONF_KAPID_LOG_LEVEL=info
       - KCCONF_KAPID_OIDC_ISSUER_IDENTIFIER=https://${FQDN}
+      - KCCONF_KAPID_PLUGIN_GRAPI_SOCKET_PATH=/var/run/kopano/grapi
+      - KCCONF_KAPID_PLUGIN_KVS_DB_DATASOURCE=/kopano/data/kapi-kvs/kvs.db
       - SERVICE_TO_START=kapi
       - TZ=${TZ}
     env_file:
@@ -242,8 +255,10 @@ services:
       - kopanosocket/:/run/kopano
       - kopanossl/:/kopano/ssl
     environment:
+      - KCCONF_DAGENT_LMTP_LISTEN=0.0.0.0:2003
       - KCCONF_DAGENT_LOG_LEVEL=3
       - KCCONF_DAGENT_SSLKEY_FILE=/kopano/ssl/kopano_dagent.pem
+      - KCCONF_DAGENT_TMP_PATH=/tmp/dagent/
       - SERVICE_TO_START=dagent
       - TZ=${TZ}
     env_file:
@@ -270,6 +285,7 @@ services:
       - KCCONF_SPOOLER_LOG_LEVEL=3
       - KCCONF_SPOOLER_SMTP_SERVER=mail
       - KCCONF_SPOOLER_SSLKEY_FILE=/kopano/ssl/kopano_spooler.pem
+      - KCCONF_SPOOLER_TMP_PATH=/tmp/spooler/
       - SERVICE_TO_START=spooler
       - TZ=${TZ}
     env_file:
@@ -291,8 +307,10 @@ services:
       - kopanosocket/:/run/kopano
       - kopanossl/:/kopano/ssl
     environment:
+      - KCCONF_GATEWAY_IMAP_LISTEN=0.0.0.0:143
       - KCCONF_GATEWAY_LOG_LEVEL=3
       - KCCONF_GATEWAY_SERVER_SOCKET=http://kopano_server:236/
+      - KCCONF_GATEWAY_TMP_PATH=/tmp/gateway/
       - SERVICE_TO_START=gateway
       - TZ=${TZ}
     env_file:
@@ -314,6 +332,8 @@ services:
       - kopanosocket/:/run/kopano
       - kopanossl/:/kopano/ssl
     environment:
+      - KCCONF_ICAL_ICAL_LISTEN=0.0.0.0:8080
+      - KCCONF_ICAL_LOG_LEVEL=3
       - KCCONF_ICAL_SERVER_SOCKET=http://kopano_server:236/
       - SERVICE_TO_START=ical
       - TZ=${TZ}
@@ -338,6 +358,7 @@ services:
       - kopanossl/:/kopano/ssl
     environment:
       - SERVICE_TO_START=monitor
+      - KCCONF_MONITOR_LOG_LEVEL=3
       - TZ=${TZ}
     env_file:
       - kopano_monitor.env
@@ -361,6 +382,8 @@ services:
       - kopanossl/:/kopano/ssl
     environment:
       - SERVICE_TO_START=search
+      - KCCONF_SEARCH_LOG_LEVEL=3
+      - KCCONF_SEARCH_INDEX_PATH=/kopano/data/search/
       - TZ=${TZ}
     env_file:
       - kopano_search.env

examples/meet/docker-compose.yml

@@ -91,9 +91,14 @@ services:
       - kopanosocket/:/run/kopano
       - kopanossl/:/kopano/ssl
     environment:
+      - DEFAULT_PLUGIN_PUBS_SECRET_KEY_FILE=/kopano/ssl/kapid-pubs-secret.key
       - KCCONF_KAPID_INSECURE=${INSECURE}
+      - KCCONF_KAPID_LISTEN=0.0.0.0:8039
       - KCCONF_KAPID_LOG_LEVEL=DEBUG
+      - KCCONF_KAPID_LOG_LEVEL=info
       - KCCONF_KAPID_OIDC_ISSUER_IDENTIFIER=https://${FQDN}
+      - KCCONF_KAPID_PLUGIN_GRAPI_SOCKET_PATH=/var/run/kopano/grapi
+      - KCCONF_KAPID_PLUGIN_KVS_DB_DATASOURCE=/kopano/data/kapi-kvs/kvs.db
       - SERVICE_TO_START=kapi
       - TZ=${TZ}
     networks: