diff --git a/Makefile b/Makefile index 4368e42..869acba 100644 --- a/Makefile +++ b/Makefile @@ -139,6 +139,9 @@ build-kapps: build-konnect: component=konnect make build-simple +build-kwmbridge: + component=kwmbridge make build-simple + build-kwmserver: component=kwmserver make build-simple diff --git a/docker-compose.kwmbridge.yml b/docker-compose.kwmbridge.yml new file mode 100644 index 0000000..0c12bed --- /dev/null +++ b/docker-compose.kwmbridge.yml @@ -0,0 +1,26 @@ +version: "3.5" + +services: + kopano_kwmserver: + environment: + - enable_mcu_api=yes + + kopano_kwmbridge: + image: ${docker_repo:-zokradonh}/kopano_kwmbridge:${KWMBRIDGE_VERSION:-latest} + read_only: true + restart: unless-stopped + depends_on: + - kopano_kwmserver + environment: + - INSECURE=${INSECURE} + - oidc_issuer_identifier=https://${FQDN} + - kwm_server_urls=https://${FQDN} + env_file: + - kopano_kwmbridge.env + volumes: + - /etc/machine-id:/etc/machine-id + - /etc/machine-id:/var/lib/dbus/machine-id + - kopanossl/:/kopano/ssl + network_mode: "host" + tmpfs: + - /tmp diff --git a/kwmbridge/Dockerfile b/kwmbridge/Dockerfile new file mode 100644 index 0000000..f1e4211 --- /dev/null +++ b/kwmbridge/Dockerfile @@ -0,0 +1,27 @@ +ARG CODE_VERSION=0.1.0 +FROM kopano/kwmbridged:${CODE_VERSION} + +ARG CODE_VERSION +ENV CODE_VERSION="${CODE_VERSION}" + +LABEL maintainer=az@zok.xyz \ + org.label-schema.name="Kopano Kwmbridge container" \ + org.label-schema.description="Container for running Kopano Kwmbridge (SFU)" \ + org.label-schema.url="https://kopano.io" \ + org.label-schema.vcs-url="https://github.com/zokradonh/kopano-docker" \ + org.label-schema.version=$CODE_VERSION \ + org.label-schema.schema-version="1.0" + +SHELL ["/bin/ash", "-eo", "pipefail", "-c"] + +USER root +ENV DOCKERIZE_VERSION v0.11.6 +RUN wget -O - https://github.com/powerman/dockerize/releases/download/"$DOCKERIZE_VERSION"/dockerize-"$(uname -s)"-"$(uname -m)" | install /dev/stdin /bin/dockerize +USER nobody + +COPY wrapper.sh /usr/local/bin + +ENTRYPOINT ["wrapper.sh"] + +ARG VCS_REF +LABEL org.label-schema.vcs-ref=$VCS_REF diff --git a/kwmbridge/README.md b/kwmbridge/README.md new file mode 100644 index 0000000..b14c89b --- /dev/null +++ b/kwmbridge/README.md @@ -0,0 +1,7 @@ +# Kopano Kwmbridge image (SFU for Kopano Meet) + +[![](https://images.microbadger.com/badges/image/zokradonh/kopano_kwmbridge.svg)](https://microbadger.com/images/zokradonh/kopano_kwmbridge "Microbadger size/labels") [![](https://images.microbadger.com/badges/version/zokradonh/kopano_kwmbridge.svg)](https://microbadger.com/images/zokradonh/kopano_kwmbridge "Microbadger version") + +Image to run [Kopano Kwmbridge](https://github.com/kopano-dev/kwmbridge). Takes the [official image](https://cloud.docker.com/u/kopano/repository/docker/kopano/kwmserverd) and extends it for automatic configuration. Optional component of Kopano Meet/Kwmserver. + +To work Kwmbridge needs a large range of forwarded ports and therefore running the container in host mode is probably the most useful approach. In case Meet is running behind NAT it could additionally be helpful to run Kwmbridge on a dedicated system, which would be directly reachable. diff --git a/kwmbridge/wrapper.sh b/kwmbridge/wrapper.sh new file mode 100755 index 0000000..3d10661 --- /dev/null +++ b/kwmbridge/wrapper.sh @@ -0,0 +1,65 @@ +#!/bin/sh + +set -e +[ "$DEBUG" ] && set -x + +if [ -n "${log_level:-}" ]; then + set -- "$@" --log-level="$log_level" +fi + +if [ -n "${oidc_issuer_identifier:-}" ]; then + set -- "$@" --iss="$oidc_issuer_identifier" +fi + +if [ -n "${kwm_server_urls:-}" ]; then + for url in $kwm_server_urls; do + set -- "$@" --kwmserver-url="$url" + done +fi + +if [ -n "${ice_interfaces:-}" ]; then + for ice_if in $ice_interfaces; do + set -- "$@" --use-ice-if="$ice_if" + done +fi + +if [ -n "${ice_network_types:-}" ]; then + for ice_network_type in $ice_network_types; do + set -- "$@" --use-ice-network-type="$ice_network_type" + done +fi + +if [ -n "${ice_udp_port_range:-}" ]; then + set -- "$@" --use-ice-udp-port-range="$ice_udp_port_range" +fi + +if [ "${with_metrics:-}" = "yes" ]; then + set -- "$@" --with-metrics +fi + +if [ "${metrics_listen:-}" ]; then + set -- "$@" --metrics-listen="$metrics_listen" +fi + +if [ "$INSECURE" = "yes" ]; then + set -- "$@" --insecure +fi + +if [ "$INSECURE" = "yes" ]; then + dockerize \ + -skip-tls-verify \ + -wait "$oidc_issuer_identifier"/.well-known/openid-configuration \ + -timeout 360s +else + dockerize \ + -wait "$oidc_issuer_identifier"/.well-known/openid-configuration \ + -timeout 360s +fi + +# services need to be aware of the machine-id +dockerize \ + -wait file:///etc/machine-id \ + -wait file:///var/lib/dbus/machine-id + +exec kwmbridged serve \ + "$@" diff --git a/kwmserver/Dockerfile b/kwmserver/Dockerfile index 203a141..4e319a6 100644 --- a/kwmserver/Dockerfile +++ b/kwmserver/Dockerfile @@ -1,4 +1,4 @@ -ARG CODE_VERSION=1.1.1 +ARG CODE_VERSION=1.2.0 FROM kopano/kwmserverd:${CODE_VERSION} ARG CODE_VERSION @@ -22,4 +22,4 @@ USER nobody COPY wrapper.sh /usr/local/bin ARG VCS_REF -LABEL org.label-schema.vcs-ref=$VCS_REF \ No newline at end of file +LABEL org.label-schema.vcs-ref=$VCS_REF diff --git a/kwmserver/wrapper.sh b/kwmserver/wrapper.sh index f9a709e..f0a29e4 100755 --- a/kwmserver/wrapper.sh +++ b/kwmserver/wrapper.sh @@ -7,7 +7,6 @@ if [ -n "${log_level:-}" ]; then set -- "$@" --log-level="$log_level" fi -# shellcheck disable=SC2154 if [ -n "${oidc_issuer_identifier:-}" ]; then set -- "$@" --iss="$oidc_issuer_identifier" fi @@ -16,6 +15,14 @@ if [ "${enable_guest_api:-}" = "yes" ]; then set -- "$@" --enable-guest-api fi +if [ "${enable_rtm_api:-}" = "yes" ]; then + set -- "$@" --enable-rtm-api +fi + +if [ "${enable_mcu_api:-}" = "yes" ]; then + set -- "$@" --enable-mcu-api +fi + if [ "$INSECURE" = "yes" ]; then set -- "$@" --insecure fi diff --git a/setup.sh b/setup.sh index 1076592..6c9e232 100755 --- a/setup.sh +++ b/setup.sh @@ -41,7 +41,7 @@ if [ ! -e /etc/machine-id ]; then fi echo "Creating individual env files for containers (if they do not exist already)" -for dockerenv in ldap password-self-service mail db kopano_ssl kopano_server kopano_webapp kopano_zpush kopano_grapi kopano_kapi kopano_dagent kopano_spooler kopano_gateway kopano_ical kopano_monitor kopano_scheduler kopano_search kopano_konnect kopano_kwmserver kopano_meet kopano_kapps; do +for dockerenv in ldap password-self-service mail db kopano_ssl kopano_server kopano_webapp kopano_zpush kopano_grapi kopano_kapi kopano_dagent kopano_spooler kopano_gateway kopano_ical kopano_monitor kopano_scheduler kopano_search kopano_konnect kopano_kwmbridge kopano_kwmserver kopano_meet kopano_kapps; do touch ./"$dockerenv".env done