Kwmbridge (#405)

* add kwmbridge
* add new config options for kwmserver and kwmbridge

Makefile

@@ -139,6 +139,9 @@ build-kapps:
 build-konnect:
 	component=konnect make build-simple
 
+build-kwmbridge:
+	component=kwmbridge make build-simple
+
 build-kwmserver:
 	component=kwmserver make build-simple
 

docker-compose.kwmbridge.yml

@@ -0,0 +1,26 @@
+version: "3.5"
+
+services:
+  kopano_kwmserver:
+    environment:
+      - enable_mcu_api=yes
+
+  kopano_kwmbridge:
+    image: ${docker_repo:-zokradonh}/kopano_kwmbridge:${KWMBRIDGE_VERSION:-latest}
+    read_only: true
+    restart: unless-stopped
+    depends_on:
+      - kopano_kwmserver
+    environment:
+      - INSECURE=${INSECURE}
+      - oidc_issuer_identifier=https://${FQDN}
+      - kwm_server_urls=https://${FQDN}
+    env_file:
+      - kopano_kwmbridge.env
+    volumes:
+      - /etc/machine-id:/etc/machine-id
+      - /etc/machine-id:/var/lib/dbus/machine-id
+      - kopanossl/:/kopano/ssl
+    network_mode: "host"
+    tmpfs:
+      - /tmp

kwmbridge/Dockerfile

@@ -0,0 +1,27 @@
+ARG CODE_VERSION=0.1.0
+FROM kopano/kwmbridged:${CODE_VERSION}
+
+ARG CODE_VERSION
+ENV CODE_VERSION="${CODE_VERSION}"
+
+LABEL maintainer=az@zok.xyz \
+    org.label-schema.name="Kopano Kwmbridge container" \
+    org.label-schema.description="Container for running Kopano Kwmbridge (SFU)" \
+    org.label-schema.url="https://kopano.io" \
+    org.label-schema.vcs-url="https://github.com/zokradonh/kopano-docker" \
+    org.label-schema.version=$CODE_VERSION \
+    org.label-schema.schema-version="1.0"
+
+SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
+
+USER root
+ENV DOCKERIZE_VERSION v0.11.6
+RUN wget -O - https://github.com/powerman/dockerize/releases/download/"$DOCKERIZE_VERSION"/dockerize-"$(uname -s)"-"$(uname -m)" | install /dev/stdin /bin/dockerize
+USER nobody
+
+COPY wrapper.sh /usr/local/bin
+
+ENTRYPOINT ["wrapper.sh"]
+
+ARG VCS_REF
+LABEL org.label-schema.vcs-ref=$VCS_REF

kwmbridge/README.md

@@ -0,0 +1,7 @@
+# Kopano Kwmbridge image (SFU for Kopano Meet)
+
+[![](https://images.microbadger.com/badges/image/zokradonh/kopano_kwmbridge.svg)](https://microbadger.com/images/zokradonh/kopano_kwmbridge "Microbadger size/labels") [![](https://images.microbadger.com/badges/version/zokradonh/kopano_kwmbridge.svg)](https://microbadger.com/images/zokradonh/kopano_kwmbridge "Microbadger version")
+
+Image to run [Kopano Kwmbridge](https://github.com/kopano-dev/kwmbridge). Takes the [official image](https://cloud.docker.com/u/kopano/repository/docker/kopano/kwmserverd) and extends it for automatic configuration. Optional component of Kopano Meet/Kwmserver.
+
+To work Kwmbridge needs a large range of forwarded ports and therefore running the container in host mode is probably the most useful approach. In case Meet is running behind NAT it could additionally be helpful to run Kwmbridge on a dedicated system, which would be directly reachable.

kwmbridge/wrapper.sh

@@ -0,0 +1,65 @@
+#!/bin/sh
+
+set -e
+[ "$DEBUG" ] && set -x
+
+if [ -n "${log_level:-}" ]; then
+	set -- "$@" --log-level="$log_level"
+fi
+
+if [ -n "${oidc_issuer_identifier:-}" ]; then
+	set -- "$@" --iss="$oidc_issuer_identifier"
+fi
+
+if [ -n "${kwm_server_urls:-}" ]; then
+	for url in $kwm_server_urls; do
+		set -- "$@" --kwmserver-url="$url"
+	done
+fi
+
+if [ -n "${ice_interfaces:-}" ]; then
+	for ice_if in $ice_interfaces; do
+		set -- "$@" --use-ice-if="$ice_if"
+	done
+fi
+
+if [ -n "${ice_network_types:-}" ]; then
+	for ice_network_type in $ice_network_types; do
+		set -- "$@" --use-ice-network-type="$ice_network_type"
+	done
+fi
+
+if [ -n "${ice_udp_port_range:-}" ]; then
+	set -- "$@" --use-ice-udp-port-range="$ice_udp_port_range"
+fi
+
+if [ "${with_metrics:-}" = "yes" ]; then
+	set -- "$@" --with-metrics
+fi
+
+if [ "${metrics_listen:-}" ]; then
+	set -- "$@" --metrics-listen="$metrics_listen"
+fi
+
+if [ "$INSECURE" = "yes" ]; then
+	set -- "$@" --insecure
+fi
+
+if [ "$INSECURE" = "yes" ]; then
+	dockerize \
+	-skip-tls-verify \
+	-wait "$oidc_issuer_identifier"/.well-known/openid-configuration \
+	-timeout 360s
+else
+	dockerize \
+	-wait "$oidc_issuer_identifier"/.well-known/openid-configuration \
+	-timeout 360s
+fi
+
+# services need to be aware of the machine-id
+dockerize \
+	-wait file:///etc/machine-id \
+	-wait file:///var/lib/dbus/machine-id
+
+exec kwmbridged serve \
+	"$@"

kwmserver/Dockerfile

@@ -1,4 +1,4 @@
-ARG CODE_VERSION=1.1.1
+ARG CODE_VERSION=1.2.0
 FROM kopano/kwmserverd:${CODE_VERSION}
 
 ARG CODE_VERSION
@@ -22,4 +22,4 @@ USER nobody
 COPY wrapper.sh /usr/local/bin
 
 ARG VCS_REF
-LABEL org.label-schema.vcs-ref=$VCS_REF
+LABEL org.label-schema.vcs-ref=$VCS_REF

kwmserver/wrapper.sh

@@ -7,7 +7,6 @@ if [ -n "${log_level:-}" ]; then
 	set -- "$@" --log-level="$log_level"
 fi
 
-# shellcheck disable=SC2154
 if [ -n "${oidc_issuer_identifier:-}" ]; then
 	set -- "$@" --iss="$oidc_issuer_identifier"
 fi
@@ -16,6 +15,14 @@ if [ "${enable_guest_api:-}" = "yes" ]; then
 	set -- "$@" --enable-guest-api
 fi
 
+if [ "${enable_rtm_api:-}" = "yes" ]; then
+	set -- "$@" --enable-rtm-api
+fi
+
+if [ "${enable_mcu_api:-}" = "yes" ]; then
+	set -- "$@" --enable-mcu-api
+fi
+
 if [ "$INSECURE" = "yes" ]; then
 	set -- "$@" --insecure
 fi

setup.sh

@@ -41,7 +41,7 @@ if [ ! -e /etc/machine-id ]; then
 fi
 
 echo "Creating individual env files for containers (if they do not exist already)"
-for dockerenv in ldap password-self-service mail db kopano_ssl kopano_server kopano_webapp kopano_zpush kopano_grapi kopano_kapi kopano_dagent kopano_spooler kopano_gateway kopano_ical kopano_monitor kopano_scheduler kopano_search kopano_konnect kopano_kwmserver kopano_meet kopano_kapps; do
+for dockerenv in ldap password-self-service mail db kopano_ssl kopano_server kopano_webapp kopano_zpush kopano_grapi kopano_kapi kopano_dagent kopano_spooler kopano_gateway kopano_ical kopano_monitor kopano_scheduler kopano_search kopano_konnect kopano_kwmbridge kopano_kwmserver kopano_meet kopano_kapps; do
 	touch ./"$dockerenv".env
 done