Add Kopano Meet and depending instrastructure to meet

Makefile adjustments
reorder Makefile
adds image for kwmserver
adds image for meet
add Meet to compose
clean up proxy configuration
move kcconf.py into the base image

Makefile

@@ -7,10 +7,12 @@ endif
 
 base_download_version := $(shell ./version.sh core)
 core_download_version := $(shell ./version.sh core)
+meet_download_version := $(shell ./version.sh meet)
 webapp_download_version := $(shell ./version.sh webapp)
 zpush_download_version := $(shell ./version.sh zpush)
 
 KOPANO_CORE_REPOSITORY_URL := file:/kopano/repo/core
+KOPANO_MEET_REPOSITORY_URL := file:/kopano/repo/meet
 KOPANO_WEBAPP_REPOSITORY_URL := file:/kopano/repo/webapp
 KOPANO_WEBAPP_FILES_REPOSITORY_URL := file:/kopano/repo/files
 KOPANO_WEBAPP_MDM_REPOSITORY_URL := file:/kopano/repo/mdm
@@ -26,7 +28,7 @@ export
 # convert lowercase componentname to uppercase
 COMPONENT = $(shell echo $(component) | tr a-z A-Z)
 
-build-all: build-ssl build-base build-core build-utils build-webapp build-zpush build-web build-konnect build-playground build-ldap-demo
+build-all: build-base build-core build-konnect build-kwmserver build-ldap-demo build-meet build-playground build-ssl build-utils build-web build-webapp build-zpush
 
 .PHONY: build
 build: component ?= base
@@ -36,6 +38,7 @@ build:
 		--build-arg KOPANO_CORE_VERSION=${core_download_version} \
 		--build-arg KOPANO_$(COMPONENT)_VERSION=${$(component)_download_version} \
 		--build-arg KOPANO_CORE_REPOSITORY_URL=$(KOPANO_CORE_REPOSITORY_URL) \
+		--build-arg KOPANO_MEET_REPOSITORY_URL=$(KOPANO_MEET_REPOSITORY_URL) \
 		--build-arg KOPANO_WEBAPP_REPOSITORY_URL=$(KOPANO_WEBAPP_REPOSITORY_URL) \
 		--build-arg KOPANO_WEBAPP_FILES_REPOSITORY_URL=$(KOPANO_WEBAPP_FILES_REPOSITORY_URL) \
 		--build-arg KOPANO_WEBAPP_MDM_REPOSITORY_URL=$(KOPANO_WEBAPP_MDM_REPOSITORY_URL) \
@@ -58,30 +61,36 @@ build-base:
 build-core:
 	component=core make build
 
+build-konnect:
+	component=konnect make build-simple
+
+build-kwmserver:
+	component=kwmserver make build-simple
+
+build-ldap-demo:
+	component=ldap_demo make build-simple
+
+build-meet:
+	component=meet make build
+
+build-playground:
+	component=playground make build-simple
+
+build-ssl:
+	component=ssl make build-simple
+
 build-utils: build-core
 	component=utils make build
 
+build-web:
+	component=web make build-simple
+
 build-webapp:
 	component=webapp make build
 
 build-zpush:
 	component=zpush make build
 
-build-ssl:
-	component=ssl make build-simple
-
-build-web:
-	component=web make build-simple
-
-build-konnect:
-	component=konnect make build-simple
-
-build-playground:
-	component=playground make build-simple
-
-build-ldap-demo:
-	component=ldap_demo make build-simple
-
 tag-container: component ?= base
 tag-container:
 	@echo 'create tag $($(component)_version)'
@@ -101,11 +110,31 @@ tag-core:
 	$(shell docker run --rm $(docker_repo)/kopano_core cat /kopano/buildversion | cut -d- -f2))
 	component=core make tag-container
 
+tag-konnect:
+	$(eval konnect_version := \
+	$(shell docker run --rm $(docker_repo)/kopano_konnect env | grep CODE_VERSION | cut -d'=' -f2))
+	component=konnect make tag-container
+
+tag-kwmserver:
+	$(eval kwmserver_version := \
+	$(shell docker run --rm $(docker_repo)/kopano_kwmserver env | grep CODE_VERSION | cut -d'=' -f2))
+	component=kwmserver make tag-container
+
+tag-meet:
+	$(eval meet_version := \
+	$(shell docker run --rm $(docker_repo)/kopano_meet cat /kopano/buildversion | grep meet | cut -d- -f2 | cut -d+ -f1))
+	component=meet make tag-container
+
 tag-utils:
 	$(eval utils_version := \
 	$(shell docker run --rm $(docker_repo)/kopano_utils cat /kopano/buildversion | cut -d- -f2))
 	component=utils make tag-container
 
+tag-web:
+	$(eval web_version := \
+	$(shell docker run --rm $(docker_repo)/kopano_web env | grep CODE_VERSION | cut -d'=' -f2))
+	component=web make tag-container
+
 tag-webapp:
 	$(eval webapp_version := \
 	$(shell docker run --rm $(docker_repo)/kopano_webapp cat /kopano/buildversion | grep webapp | cut -d- -f2 | cut -d+ -f1))
@@ -116,22 +145,11 @@ tag-zpush:
 	$(shell docker run --rm $(docker_repo)/kopano_zpush cat /kopano/buildversion | tail -n 1 | grep -o -P '(?<=-).*(?=\+)'))
 	component=zpush make tag-container
 
-tag-web:
-	$(eval web_version := \
-	$(shell docker run --rm $(docker_repo)/kopano_web env | grep CODE_VERSION | cut -d'=' -f2))
-	component=web make tag-container
-
-tag-konnect:
-	$(eval konnect_version := \
-	$(shell docker run --rm $(docker_repo)/kopano_konnect env | grep CODE_VERSION | cut -d'=' -f2))
-	component=konnect make tag-container
-
-
 # Docker publish
 repo-login:
 	@docker login -u $(docker_login) -p $(docker_pwd)
 
-publish: repo-login publish-ssl publish-base publish-core publish-utils publish-webapp publish-zpush publish-ssl publish-web publish-konnect publish-playground
+publish: repo-login publish-base publish-core publish-konnect publish-kwmserver publish-meet publish-playground publish-ssl publish-utils publish-web publish-webapp publish-zpush
 
 publish-container: component ?= base
 publish-container:
@@ -145,27 +163,33 @@ publish-base: build-base tag-base
 publish-core: build-core tag-core
 	component=core make publish-container
 
+publish-konnect: build-konnect tag-konnect
+	component=konnect make publish-container
+
+publish-kwmserver: build-kwmserver tag-kwmserver
+	component=kwmserver make publish-container
+
+publish-meet: build-meet tag-meet
+	component=meet make publish-container
+
+publish-playground: build-playground
+	docker push $(docker_repo)/kopano_playground:latest
+
+publish-ssl: build-ssl
+	docker push $(docker_repo)/kopano_ssl:latest
+
 publish-utils: build-core build-utils tag-utils
 	component=utils make publish-container
 
+publish-web: build-web tag-web
+	component=web make publish-container
+
 publish-webapp: build-webapp tag-webapp
 	component=webapp make publish-container
 
 publish-zpush: build-zpush tag-zpush
 	component=zpush make publish-container
 
-publish-ssl: build-ssl
-	docker push $(docker_repo)/kopano_ssl:latest
-
-publish-web: build-web tag-web
-	docker push $(docker_repo)/kopano_web:latest
-
-publish-konnect: build-konnect tag-konnect
-	component=konnect make publish-container
-
-publish-playground: build-playground
-	docker push $(docker_repo)/kopano_playground:latest
-
 test:
 	docker-compose -f $(COMPOSE_FILE) down -v || true
 	make build-all

base/Dockerfile

@@ -51,6 +51,7 @@ ARG RELEASE_KEY_DOWNLOAD=0
 
 # get common utilities
 COPY create-kopano-repo.sh /kopano/helper/
+COPY kcconf.py /kopano/
 RUN date +%s > /kopano/buildversion
 
 SHELL [ "/bin/bash", "-c"]

core/Dockerfile

@@ -50,7 +50,7 @@ ENV LANG=en_US.UTF-8
 
 ENV SERVICE_TO_START=server
 
-COPY kcconf.py defaultconfigs/ start-service.sh /kopano/
+COPY defaultconfigs/ start-service.sh /kopano/
 COPY services /kopano/services
 
 WORKDIR /kopano/path

docker-compose.yml-example

@@ -258,6 +258,8 @@ services:
   kopano_kapi:
     image: ${docker_repo:?err}/kopano_core:${CORE_VERSION}
     container_name: kopano_kapi
+    depends_on:
+      - kopano_grapi
     volumes:
       - kopanodata/:/kopano/data
       - kopanossl/:/kopano/ssl
@@ -358,7 +360,7 @@ services:
       - kopano-net
 
   kopano_konnect:
-    image: ${docker_repo:?err}/kopano_konnect
+    image: ${docker_repo:?err}/kopano_konnect:${KONNECT_VERSION}
     container_name: kopano_konnect
     command: wrapper.sh
     volumes:
@@ -378,14 +380,32 @@ services:
      - web-net
 
   kopano_kwmserver:
-    image: kopano/kwmserverd:0.13.1
+    image: ${docker_repo:?err}/kopano_kwmserver:${KWM_VERSION}
     container_name: kopano_kwmserver
+    command: wrapper.sh
     environment:
-     - KWMSERVERD_ADMIN_TOKENS_KEY_FILE=/kopano/ssl/kwm-admin-tokens.key
+     - INSECURE=${INSECURE}
+     - oidc_issuer_identifier=https://${FQDN}
     volumes:
      - kopanossl/:/kopano/ssl
+    extra_hosts:
+     - ${EXTRAHOSTS}
     networks:
-      - web-net
+     - web-net
+
+  kopano_meet:
+    image: ${docker_repo:?err}/kopano_meet:${MEET_VERSION}
+    container_name: kopano_meet
+    environment:
+     - SERVICE_TO_START=meet
+     - KCCONF_KWEBD_TLS=no
+    depends_on:
+     - kopano_kapi
+     - kopano_konnect
+     - kopano_kwmserver
+     - web
+    networks:
+     - web-net
 
 volumes:
   web:

konnect/Dockerfile

@@ -1,4 +1,4 @@
-ARG CODE_VERSION=0.16.1
+ARG CODE_VERSION=0.19.1
 FROM kopano/konnectd:${CODE_VERSION}
 ARG CODE_VERSION
 ENV CODE_VERSION="${CODE_VERSION}"
@@ -13,5 +13,5 @@ RUN wget https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSI
     && rm dockerize-alpine-linux-amd64-$DOCKERIZE_VERSION.tar.gz
 
 RUN mkdir -p /etc/kopano/
-COPY identifier-registration.yaml /etc/kopano
+COPY konnectd-identifier-registration.yaml konnectd-identifier-scopes.yaml /etc/kopano/
 COPY wrapper.sh /usr/local/bin

konnect/konnectd-identifier-scopes.yaml

@@ -0,0 +1,14 @@
+# This file contains additional scopes for Konnect. All of the scopes listed
+# here are made available to clients upon request if not limited by other means.
+
+---
+scopes:
+  kopano/kwm:
+    description: "Access Kopano Meet"
+
+  kopano/kvs:
+    description: "Access Kopano Key Value Store"
+
+  kopano/pubs:
+    description: "Access Kopano Pub/Sub"
+

konnect/wrapper.sh

@@ -5,10 +5,11 @@ set -e
 dockerize \
 	-wait file:///kopano/ssl/konnectd-tokens-signing-key.pem \
 	-wait file:///kopano/ssl/konnectd-encryption.key \
-	-timeout 360s
-exec konnectd serve \
+	-timeout 360s \
+	konnectd serve \
 	--signing-private-key=/kopano/ssl/konnectd-tokens-signing-key.pem \
 	--encryption-secret=/kopano/ssl/konnectd-encryption.key \
 	--iss=https://$FQDN \
-	--identifier-registration-conf /etc/kopano/identifier-registration.yaml \
+	--identifier-registration-conf /etc/kopano/konnectd-identifier-registration.yaml \
+	--identifier-scopes-conf /etc/kopano/konnectd-identifier-scopes.yaml \
 	kc

kwmserver/Dockerfile

@@ -0,0 +1,6 @@
+ARG CODE_VERSION=0.15.1
+FROM kopano/kwmserverd:${CODE_VERSION}
+ARG CODE_VERSION
+ENV CODE_VERSION="${CODE_VERSION}"
+
+COPY wrapper.sh /usr/local/bin

kwmserver/wrapper.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+set -e
+
+if [ -n "$oidc_issuer_identifier" ]; then
+	set -- "$@" --iss="$oidc_issuer_identifier"
+fi
+
+if [ "$INSECURE" = "yes" ]; then
+	set -- "$@" --insecure
+fi
+
+exec /usr/local/bin/docker-entrypoint.sh serve "$@"
+

meet/Dockerfile

@@ -0,0 +1,43 @@
+ARG docker_repo=zokradonh
+FROM ${docker_repo}/kopano_base
+
+ARG DEBIAN_FRONTEND=noninteractive
+
+ARG ADDITIONAL_KOPANO_PACKAGES=""
+ARG DOWNLOAD_COMMUNITY_PACKAGES=1
+ARG KOPANO_MEET_REPOSITORY_URL="file:/kopano/repo/meet"
+ARG KOPANO_MEET_VERSION=newest
+ARG KOPANO_REPOSITORY_FLAGS="trusted=yes"
+ARG RELEASE_KEY_DOWNLOAD=0
+
+# install Kopano Core and refresh ca-certificates
+RUN \
+    # community download and package as apt source repository
+    . /kopano/helper/create-kopano-repo.sh && \
+    if [ ${DOWNLOAD_COMMUNITY_PACKAGES} -eq 1 ]; then \
+        dl_and_package_community "meet"; \
+    fi; \
+    echo "deb [${KOPANO_REPOSITORY_FLAGS}] ${KOPANO_MEET_REPOSITORY_URL} ./" > /etc/apt/sources.list.d/kopano.list; \
+    # save kopano version
+    echo "meet-${KOPANO_MEET_VERSION}" > /kopano/buildversion; \
+    # install apt key if supported kopano
+    if [ ${RELEASE_KEY_DOWNLOAD} -eq 1 ]; then \
+        curl -s -S -o - "${KOPANO_MEET_REPOSITORY_URL}/Release.key" | apt-key add -; \
+    fi; \
+    # install
+    apt-get update && \
+    set -x && \
+    apt-get install --no-install-recommends -y \
+        kopano-kwebd \
+	kopano-meet kopano-meet-webapp \
+        ${ADDITIONAL_KOPANO_PACKAGES} \
+        && \
+    set +x && \
+    rm -rf /var/cache/apt /var/lib/apt/lists
+
+ENV KOPANO_LOCALE="de_DE.UTF-8"
+ENV KOPANO_USERSCRIPT_LOCALE="de_DE.UTF-8"
+ENV LANG=en_US.UTF-8
+
+COPY defaultconfigs/ start-service.sh /kopano/
+CMD [ "/kopano/start-service.sh" ]

meet/defaultconfigs/meet.py

@@ -0,0 +1,14 @@
+import os
+import kcconf
+
+# Component specific configurations
+kcconf.configkopano({
+    r"/etc/kopano/kweb.cfg":
+    {
+        'tls': "no"
+
+    }
+})
+
+# Override configs from environment variables
+kcconf.configkopano(kcconf.parseenvironmentvariables(r"/etc/kopano/"))

meet/start-service.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+
+ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES:-""}
+
+set -eu # unset variables are errors & non-zero return values exit the whole script
+
+if [ ! -e /kopano/$SERVICE_TO_START.py ]; then
+	echo "Invalid service specified: $SERVICE_TO_START" | ts
+	exit 1
+fi
+
+echo "Configure service '$SERVICE_TO_START'" | ts
+/usr/bin/python3 /kopano/$SERVICE_TO_START.py
+
+# allow helper commands given by "docker-compose run"
+if [ $# -gt 0 ]; then
+	exec "$@"
+	exit
+fi
+
+sed -i s/\ *=\ */=/g /etc/kopano/kwebd.cfg
+export $(grep -v '^#' /etc/kopano/kwebd.cfg | xargs -d '\n')
+# cleaning up env variables
+unset "${!KCCONF_@}"
+exec kopano-kwebd serve
+

setup.sh

@@ -101,6 +101,14 @@ if [ ! -e ./.env ]; then
 	read -p "Which tag do you want to use for Kopano Konnect? [$value_default]: " new_value
 	KONNECT_VERSION=${new_value:-$value_default}
 
+	value_default=latest
+	read -p "Which tag do you want to use for Kopano Kwmserver? [$value_default]: " new_value
+	KWM_VERSION=${new_value:-$value_default}
+
+	value_default=latest
+	read -p "Which tag do you want to use for Kopano Meet? [$value_default]: " new_value
+	MEET_VERSION=${new_value:-$value_default}
+
 	value_default="Kopano Demo"
 	read -p "Name of the Organisation for LDAP [$value_default]: " new_value
 	LDAP_ORGANISATION=${new_value:-$value_default}
@@ -258,6 +266,8 @@ CORE_VERSION=$CORE_VERSION
 WEBAPP_VERSION=$WEBAPP_VERSION
 ZPUSH_VERSION=$ZPUSH_VERSION
 KONNECT_VERSION=$KONNECT_VERSION
+KWM_VERSION=$KWM_VERSION
+MEET_VERSION=$MEET_VERSION
 
 LDAP_ORGANISATION="$LDAP_ORGANISATION"
 LDAP_DOMAIN=$FQDN
@@ -317,6 +327,7 @@ COMPOSE_PROJECT_NAME=kopano
 
 # Modify below to build a different version, than the kopano nightly release
 #KOPANO_CORE_REPOSITORY_URL=https://serial:REPLACE-ME@download.kopano.io/supported/core:/final/Debian_9.0/
+#KOPANO_MEET_REPOSITORY_URL=https://serial:REPLACE-ME@download.kopano.io/supported/meet:/final/Debian_9.0/
 #KOPANO_WEBAPP_REPOSITORY_URL=https://serial:REPLACE-ME@download.kopano.io/supported/webapp:/final/Debian_9.0/
 #KOPANO_WEBAPP_FILES_REPOSITORY_URL=https://serial:REPLACE-ME@download.kopano.io/supported/files:/final/Debian_9.0/
 #KOPANO_WEBAPP_MDM_REPOSITORY_URL=https://serial:REPLACE-ME@download.kopano.io/supported/mdm:/final/Debian_9.0/

web/Dockerfile

@@ -1,4 +1,4 @@
-ARG CODE_VERSION=0.4.2
+ARG CODE_VERSION=0.5.0
 FROM kopano/kwebd:${CODE_VERSION}
 ARG CODE_VERSION
 ENV CODE_VERSION="${CODE_VERSION}"

web/kweb.cfg

@@ -22,7 +22,12 @@
     }
 
     # Config
-    configjson /api/config/v1/kopano/ config/kopano
+    proxy /api/config/v1/kopano/ http://kopano_meet:9080/ {
+        fail_timeout 10s
+        try_duration 30s
+        transparent
+        keepalive 100
+    }
 
     # Konnect
     proxy /upstreams/konnect/ {
@@ -97,6 +102,35 @@
     }
     folderish /kapi-playground
 
+
+    # Kwmserver
+    proxy /upstreams/kwmserver/ {
+        without /upstreams/kwmserver/
+        upstream kopano_kwmserver:8778
+        policy least_conn
+        health_check /health-check
+        fail_timeout 10s
+        try_duration 30s
+        keepalive 100
+        transparent
+        websocket
+    }
+    ratelimit * 100 200 minute {
+        /upstreams/kwmserver/
+        whitelist 127.0.0.1/8
+    }
+    rewrite /api/kwm/v2/ {
+        to /upstreams/kwmserver/{path}
+    }
+
+    proxy /meet/ kopano_meet:9080 {
+        fail_timeout 10s
+        try_duration 30s
+        transparent
+        keepalive 100
+    }
+    folderish /meet
+
     proxy /webapp/ kopano_webapp:80 {
         fail_timeout 10s
         try_duration 30s