diff --git a/Makefile b/Makefile index 53ddc87..d1a3d74 100644 --- a/Makefile +++ b/Makefile @@ -7,10 +7,12 @@ endif base_download_version := $(shell ./version.sh core) core_download_version := $(shell ./version.sh core) +meet_download_version := $(shell ./version.sh meet) webapp_download_version := $(shell ./version.sh webapp) zpush_download_version := $(shell ./version.sh zpush) KOPANO_CORE_REPOSITORY_URL := file:/kopano/repo/core +KOPANO_MEET_REPOSITORY_URL := file:/kopano/repo/meet KOPANO_WEBAPP_REPOSITORY_URL := file:/kopano/repo/webapp KOPANO_WEBAPP_FILES_REPOSITORY_URL := file:/kopano/repo/files KOPANO_WEBAPP_MDM_REPOSITORY_URL := file:/kopano/repo/mdm @@ -26,7 +28,7 @@ export # convert lowercase componentname to uppercase COMPONENT = $(shell echo $(component) | tr a-z A-Z) -build-all: build-ssl build-base build-core build-utils build-webapp build-zpush build-web build-konnect build-playground build-ldap-demo +build-all: build-base build-core build-konnect build-kwmserver build-ldap-demo build-meet build-playground build-ssl build-utils build-web build-webapp build-zpush .PHONY: build build: component ?= base @@ -36,6 +38,7 @@ build: --build-arg KOPANO_CORE_VERSION=${core_download_version} \ --build-arg KOPANO_$(COMPONENT)_VERSION=${$(component)_download_version} \ --build-arg KOPANO_CORE_REPOSITORY_URL=$(KOPANO_CORE_REPOSITORY_URL) \ + --build-arg KOPANO_MEET_REPOSITORY_URL=$(KOPANO_MEET_REPOSITORY_URL) \ --build-arg KOPANO_WEBAPP_REPOSITORY_URL=$(KOPANO_WEBAPP_REPOSITORY_URL) \ --build-arg KOPANO_WEBAPP_FILES_REPOSITORY_URL=$(KOPANO_WEBAPP_FILES_REPOSITORY_URL) \ --build-arg KOPANO_WEBAPP_MDM_REPOSITORY_URL=$(KOPANO_WEBAPP_MDM_REPOSITORY_URL) \ @@ -58,30 +61,36 @@ build-base: build-core: component=core make build +build-konnect: + component=konnect make build-simple + +build-kwmserver: + component=kwmserver make build-simple + +build-ldap-demo: + component=ldap_demo make build-simple + +build-meet: + component=meet make build + +build-playground: + component=playground make build-simple + +build-ssl: + component=ssl make build-simple + build-utils: build-core component=utils make build +build-web: + component=web make build-simple + build-webapp: component=webapp make build build-zpush: component=zpush make build -build-ssl: - component=ssl make build-simple - -build-web: - component=web make build-simple - -build-konnect: - component=konnect make build-simple - -build-playground: - component=playground make build-simple - -build-ldap-demo: - component=ldap_demo make build-simple - tag-container: component ?= base tag-container: @echo 'create tag $($(component)_version)' @@ -101,11 +110,31 @@ tag-core: $(shell docker run --rm $(docker_repo)/kopano_core cat /kopano/buildversion | cut -d- -f2)) component=core make tag-container +tag-konnect: + $(eval konnect_version := \ + $(shell docker run --rm $(docker_repo)/kopano_konnect env | grep CODE_VERSION | cut -d'=' -f2)) + component=konnect make tag-container + +tag-kwmserver: + $(eval kwmserver_version := \ + $(shell docker run --rm $(docker_repo)/kopano_kwmserver env | grep CODE_VERSION | cut -d'=' -f2)) + component=kwmserver make tag-container + +tag-meet: + $(eval meet_version := \ + $(shell docker run --rm $(docker_repo)/kopano_meet cat /kopano/buildversion | grep meet | cut -d- -f2 | cut -d+ -f1)) + component=meet make tag-container + tag-utils: $(eval utils_version := \ $(shell docker run --rm $(docker_repo)/kopano_utils cat /kopano/buildversion | cut -d- -f2)) component=utils make tag-container +tag-web: + $(eval web_version := \ + $(shell docker run --rm $(docker_repo)/kopano_web env | grep CODE_VERSION | cut -d'=' -f2)) + component=web make tag-container + tag-webapp: $(eval webapp_version := \ $(shell docker run --rm $(docker_repo)/kopano_webapp cat /kopano/buildversion | grep webapp | cut -d- -f2 | cut -d+ -f1)) @@ -116,22 +145,11 @@ tag-zpush: $(shell docker run --rm $(docker_repo)/kopano_zpush cat /kopano/buildversion | tail -n 1 | grep -o -P '(?<=-).*(?=\+)')) component=zpush make tag-container -tag-web: - $(eval web_version := \ - $(shell docker run --rm $(docker_repo)/kopano_web env | grep CODE_VERSION | cut -d'=' -f2)) - component=web make tag-container - -tag-konnect: - $(eval konnect_version := \ - $(shell docker run --rm $(docker_repo)/kopano_konnect env | grep CODE_VERSION | cut -d'=' -f2)) - component=konnect make tag-container - - # Docker publish repo-login: @docker login -u $(docker_login) -p $(docker_pwd) -publish: repo-login publish-ssl publish-base publish-core publish-utils publish-webapp publish-zpush publish-ssl publish-web publish-konnect publish-playground +publish: repo-login publish-base publish-core publish-konnect publish-kwmserver publish-meet publish-playground publish-ssl publish-utils publish-web publish-webapp publish-zpush publish-container: component ?= base publish-container: @@ -145,27 +163,33 @@ publish-base: build-base tag-base publish-core: build-core tag-core component=core make publish-container +publish-konnect: build-konnect tag-konnect + component=konnect make publish-container + +publish-kwmserver: build-kwmserver tag-kwmserver + component=kwmserver make publish-container + +publish-meet: build-meet tag-meet + component=meet make publish-container + +publish-playground: build-playground + docker push $(docker_repo)/kopano_playground:latest + +publish-ssl: build-ssl + docker push $(docker_repo)/kopano_ssl:latest + publish-utils: build-core build-utils tag-utils component=utils make publish-container +publish-web: build-web tag-web + component=web make publish-container + publish-webapp: build-webapp tag-webapp component=webapp make publish-container publish-zpush: build-zpush tag-zpush component=zpush make publish-container -publish-ssl: build-ssl - docker push $(docker_repo)/kopano_ssl:latest - -publish-web: build-web tag-web - docker push $(docker_repo)/kopano_web:latest - -publish-konnect: build-konnect tag-konnect - component=konnect make publish-container - -publish-playground: build-playground - docker push $(docker_repo)/kopano_playground:latest - test: docker-compose -f $(COMPOSE_FILE) down -v || true make build-all diff --git a/base/Dockerfile b/base/Dockerfile index 1c5ceb8..1add679 100644 --- a/base/Dockerfile +++ b/base/Dockerfile @@ -51,6 +51,7 @@ ARG RELEASE_KEY_DOWNLOAD=0 # get common utilities COPY create-kopano-repo.sh /kopano/helper/ +COPY kcconf.py /kopano/ RUN date +%s > /kopano/buildversion SHELL [ "/bin/bash", "-c"] diff --git a/core/kcconf.py b/base/kcconf.py similarity index 100% rename from core/kcconf.py rename to base/kcconf.py diff --git a/core/Dockerfile b/core/Dockerfile index ba2457d..fb6bffd 100644 --- a/core/Dockerfile +++ b/core/Dockerfile @@ -50,7 +50,7 @@ ENV LANG=en_US.UTF-8 ENV SERVICE_TO_START=server -COPY kcconf.py defaultconfigs/ start-service.sh /kopano/ +COPY defaultconfigs/ start-service.sh /kopano/ COPY services /kopano/services WORKDIR /kopano/path diff --git a/docker-compose.yml-example b/docker-compose.yml-example index d20ad4e..4c085a7 100644 --- a/docker-compose.yml-example +++ b/docker-compose.yml-example @@ -258,6 +258,8 @@ services: kopano_kapi: image: ${docker_repo:?err}/kopano_core:${CORE_VERSION} container_name: kopano_kapi + depends_on: + - kopano_grapi volumes: - kopanodata/:/kopano/data - kopanossl/:/kopano/ssl @@ -358,7 +360,7 @@ services: - kopano-net kopano_konnect: - image: ${docker_repo:?err}/kopano_konnect + image: ${docker_repo:?err}/kopano_konnect:${KONNECT_VERSION} container_name: kopano_konnect command: wrapper.sh volumes: @@ -378,14 +380,32 @@ services: - web-net kopano_kwmserver: - image: kopano/kwmserverd:0.13.1 + image: ${docker_repo:?err}/kopano_kwmserver:${KWM_VERSION} container_name: kopano_kwmserver + command: wrapper.sh environment: - - KWMSERVERD_ADMIN_TOKENS_KEY_FILE=/kopano/ssl/kwm-admin-tokens.key + - INSECURE=${INSECURE} + - oidc_issuer_identifier=https://${FQDN} volumes: - kopanossl/:/kopano/ssl + extra_hosts: + - ${EXTRAHOSTS} networks: - - web-net + - web-net + + kopano_meet: + image: ${docker_repo:?err}/kopano_meet:${MEET_VERSION} + container_name: kopano_meet + environment: + - SERVICE_TO_START=meet + - KCCONF_KWEBD_TLS=no + depends_on: + - kopano_kapi + - kopano_konnect + - kopano_kwmserver + - web + networks: + - web-net volumes: web: diff --git a/konnect/Dockerfile b/konnect/Dockerfile index 4f4572b..5277f72 100644 --- a/konnect/Dockerfile +++ b/konnect/Dockerfile @@ -1,4 +1,4 @@ -ARG CODE_VERSION=0.16.1 +ARG CODE_VERSION=0.19.1 FROM kopano/konnectd:${CODE_VERSION} ARG CODE_VERSION ENV CODE_VERSION="${CODE_VERSION}" @@ -13,5 +13,5 @@ RUN wget https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSI && rm dockerize-alpine-linux-amd64-$DOCKERIZE_VERSION.tar.gz RUN mkdir -p /etc/kopano/ -COPY identifier-registration.yaml /etc/kopano +COPY konnectd-identifier-registration.yaml konnectd-identifier-scopes.yaml /etc/kopano/ COPY wrapper.sh /usr/local/bin diff --git a/konnect/identifier-registration.yaml b/konnect/konnectd-identifier-registration.yaml old mode 100755 new mode 100644 similarity index 100% rename from konnect/identifier-registration.yaml rename to konnect/konnectd-identifier-registration.yaml diff --git a/konnect/konnectd-identifier-scopes.yaml b/konnect/konnectd-identifier-scopes.yaml new file mode 100644 index 0000000..f9b4b6e --- /dev/null +++ b/konnect/konnectd-identifier-scopes.yaml @@ -0,0 +1,14 @@ +# This file contains additional scopes for Konnect. All of the scopes listed +# here are made available to clients upon request if not limited by other means. + +--- +scopes: + kopano/kwm: + description: "Access Kopano Meet" + + kopano/kvs: + description: "Access Kopano Key Value Store" + + kopano/pubs: + description: "Access Kopano Pub/Sub" + diff --git a/konnect/wrapper.sh b/konnect/wrapper.sh index a735770..4a96e7b 100755 --- a/konnect/wrapper.sh +++ b/konnect/wrapper.sh @@ -5,10 +5,11 @@ set -e dockerize \ -wait file:///kopano/ssl/konnectd-tokens-signing-key.pem \ -wait file:///kopano/ssl/konnectd-encryption.key \ - -timeout 360s -exec konnectd serve \ + -timeout 360s \ + konnectd serve \ --signing-private-key=/kopano/ssl/konnectd-tokens-signing-key.pem \ --encryption-secret=/kopano/ssl/konnectd-encryption.key \ --iss=https://$FQDN \ - --identifier-registration-conf /etc/kopano/identifier-registration.yaml \ + --identifier-registration-conf /etc/kopano/konnectd-identifier-registration.yaml \ + --identifier-scopes-conf /etc/kopano/konnectd-identifier-scopes.yaml \ kc diff --git a/kwmserver/Dockerfile b/kwmserver/Dockerfile new file mode 100644 index 0000000..549a8e7 --- /dev/null +++ b/kwmserver/Dockerfile @@ -0,0 +1,6 @@ +ARG CODE_VERSION=0.15.1 +FROM kopano/kwmserverd:${CODE_VERSION} +ARG CODE_VERSION +ENV CODE_VERSION="${CODE_VERSION}" + +COPY wrapper.sh /usr/local/bin diff --git a/kwmserver/wrapper.sh b/kwmserver/wrapper.sh new file mode 100755 index 0000000..d09f585 --- /dev/null +++ b/kwmserver/wrapper.sh @@ -0,0 +1,14 @@ +#!/bin/sh + +set -e + +if [ -n "$oidc_issuer_identifier" ]; then + set -- "$@" --iss="$oidc_issuer_identifier" +fi + +if [ "$INSECURE" = "yes" ]; then + set -- "$@" --insecure +fi + +exec /usr/local/bin/docker-entrypoint.sh serve "$@" + diff --git a/meet/Dockerfile b/meet/Dockerfile new file mode 100644 index 0000000..11cf47c --- /dev/null +++ b/meet/Dockerfile @@ -0,0 +1,43 @@ +ARG docker_repo=zokradonh +FROM ${docker_repo}/kopano_base + +ARG DEBIAN_FRONTEND=noninteractive + +ARG ADDITIONAL_KOPANO_PACKAGES="" +ARG DOWNLOAD_COMMUNITY_PACKAGES=1 +ARG KOPANO_MEET_REPOSITORY_URL="file:/kopano/repo/meet" +ARG KOPANO_MEET_VERSION=newest +ARG KOPANO_REPOSITORY_FLAGS="trusted=yes" +ARG RELEASE_KEY_DOWNLOAD=0 + +# install Kopano Core and refresh ca-certificates +RUN \ + # community download and package as apt source repository + . /kopano/helper/create-kopano-repo.sh && \ + if [ ${DOWNLOAD_COMMUNITY_PACKAGES} -eq 1 ]; then \ + dl_and_package_community "meet"; \ + fi; \ + echo "deb [${KOPANO_REPOSITORY_FLAGS}] ${KOPANO_MEET_REPOSITORY_URL} ./" > /etc/apt/sources.list.d/kopano.list; \ + # save kopano version + echo "meet-${KOPANO_MEET_VERSION}" > /kopano/buildversion; \ + # install apt key if supported kopano + if [ ${RELEASE_KEY_DOWNLOAD} -eq 1 ]; then \ + curl -s -S -o - "${KOPANO_MEET_REPOSITORY_URL}/Release.key" | apt-key add -; \ + fi; \ + # install + apt-get update && \ + set -x && \ + apt-get install --no-install-recommends -y \ + kopano-kwebd \ + kopano-meet kopano-meet-webapp \ + ${ADDITIONAL_KOPANO_PACKAGES} \ + && \ + set +x && \ + rm -rf /var/cache/apt /var/lib/apt/lists + +ENV KOPANO_LOCALE="de_DE.UTF-8" +ENV KOPANO_USERSCRIPT_LOCALE="de_DE.UTF-8" +ENV LANG=en_US.UTF-8 + +COPY defaultconfigs/ start-service.sh /kopano/ +CMD [ "/kopano/start-service.sh" ] diff --git a/meet/defaultconfigs/meet.py b/meet/defaultconfigs/meet.py new file mode 100644 index 0000000..13a5a54 --- /dev/null +++ b/meet/defaultconfigs/meet.py @@ -0,0 +1,14 @@ +import os +import kcconf + +# Component specific configurations +kcconf.configkopano({ + r"/etc/kopano/kweb.cfg": + { + 'tls': "no" + + } +}) + +# Override configs from environment variables +kcconf.configkopano(kcconf.parseenvironmentvariables(r"/etc/kopano/")) diff --git a/meet/start-service.sh b/meet/start-service.sh new file mode 100755 index 0000000..370b328 --- /dev/null +++ b/meet/start-service.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES:-""} + +set -eu # unset variables are errors & non-zero return values exit the whole script + +if [ ! -e /kopano/$SERVICE_TO_START.py ]; then + echo "Invalid service specified: $SERVICE_TO_START" | ts + exit 1 +fi + +echo "Configure service '$SERVICE_TO_START'" | ts +/usr/bin/python3 /kopano/$SERVICE_TO_START.py + +# allow helper commands given by "docker-compose run" +if [ $# -gt 0 ]; then + exec "$@" + exit +fi + +sed -i s/\ *=\ */=/g /etc/kopano/kwebd.cfg +export $(grep -v '^#' /etc/kopano/kwebd.cfg | xargs -d '\n') +# cleaning up env variables +unset "${!KCCONF_@}" +exec kopano-kwebd serve + diff --git a/setup.sh b/setup.sh index 77cbf2d..c03cdb3 100755 --- a/setup.sh +++ b/setup.sh @@ -101,6 +101,14 @@ if [ ! -e ./.env ]; then read -p "Which tag do you want to use for Kopano Konnect? [$value_default]: " new_value KONNECT_VERSION=${new_value:-$value_default} + value_default=latest + read -p "Which tag do you want to use for Kopano Kwmserver? [$value_default]: " new_value + KWM_VERSION=${new_value:-$value_default} + + value_default=latest + read -p "Which tag do you want to use for Kopano Meet? [$value_default]: " new_value + MEET_VERSION=${new_value:-$value_default} + value_default="Kopano Demo" read -p "Name of the Organisation for LDAP [$value_default]: " new_value LDAP_ORGANISATION=${new_value:-$value_default} @@ -258,6 +266,8 @@ CORE_VERSION=$CORE_VERSION WEBAPP_VERSION=$WEBAPP_VERSION ZPUSH_VERSION=$ZPUSH_VERSION KONNECT_VERSION=$KONNECT_VERSION +KWM_VERSION=$KWM_VERSION +MEET_VERSION=$MEET_VERSION LDAP_ORGANISATION="$LDAP_ORGANISATION" LDAP_DOMAIN=$FQDN @@ -317,6 +327,7 @@ COMPOSE_PROJECT_NAME=kopano # Modify below to build a different version, than the kopano nightly release #KOPANO_CORE_REPOSITORY_URL=https://serial:REPLACE-ME@download.kopano.io/supported/core:/final/Debian_9.0/ +#KOPANO_MEET_REPOSITORY_URL=https://serial:REPLACE-ME@download.kopano.io/supported/meet:/final/Debian_9.0/ #KOPANO_WEBAPP_REPOSITORY_URL=https://serial:REPLACE-ME@download.kopano.io/supported/webapp:/final/Debian_9.0/ #KOPANO_WEBAPP_FILES_REPOSITORY_URL=https://serial:REPLACE-ME@download.kopano.io/supported/files:/final/Debian_9.0/ #KOPANO_WEBAPP_MDM_REPOSITORY_URL=https://serial:REPLACE-ME@download.kopano.io/supported/mdm:/final/Debian_9.0/ diff --git a/web/Dockerfile b/web/Dockerfile index e05ca59..53381c9 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -1,4 +1,4 @@ -ARG CODE_VERSION=0.4.2 +ARG CODE_VERSION=0.5.0 FROM kopano/kwebd:${CODE_VERSION} ARG CODE_VERSION ENV CODE_VERSION="${CODE_VERSION}" diff --git a/web/kweb.cfg b/web/kweb.cfg index 65016c8..c18baff 100644 --- a/web/kweb.cfg +++ b/web/kweb.cfg @@ -22,7 +22,12 @@ } # Config - configjson /api/config/v1/kopano/ config/kopano + proxy /api/config/v1/kopano/ http://kopano_meet:9080/ { + fail_timeout 10s + try_duration 30s + transparent + keepalive 100 + } # Konnect proxy /upstreams/konnect/ { @@ -97,6 +102,35 @@ } folderish /kapi-playground + + # Kwmserver + proxy /upstreams/kwmserver/ { + without /upstreams/kwmserver/ + upstream kopano_kwmserver:8778 + policy least_conn + health_check /health-check + fail_timeout 10s + try_duration 30s + keepalive 100 + transparent + websocket + } + ratelimit * 100 200 minute { + /upstreams/kwmserver/ + whitelist 127.0.0.1/8 + } + rewrite /api/kwm/v2/ { + to /upstreams/kwmserver/{path} + } + + proxy /meet/ kopano_meet:9080 { + fail_timeout 10s + try_duration 30s + transparent + keepalive 100 + } + folderish /meet + proxy /webapp/ kopano_webapp:80 { fail_timeout 10s try_duration 30s