From e3d7e01583e7d550b83c819fb14ba287baaa483f Mon Sep 17 00:00:00 2001 From: Felix Bartels Date: Tue, 19 Feb 2019 12:57:57 +0100 Subject: [PATCH] Add Kopano Meet and depending instrastructure to meet Makefile adjustments reorder Makefile adds image for kwmserver adds image for meet add Meet to compose clean up proxy configuration move kcconf.py into the base image --- Makefile | 104 +++++++++++------- base/Dockerfile | 1 + {core => base}/kcconf.py | 0 core/Dockerfile | 2 +- docker-compose.yml-example | 28 ++++- konnect/Dockerfile | 4 +- ... => konnectd-identifier-registration.yaml} | 0 konnect/konnectd-identifier-scopes.yaml | 14 +++ konnect/wrapper.sh | 7 +- kwmserver/Dockerfile | 6 + kwmserver/wrapper.sh | 14 +++ meet/Dockerfile | 43 ++++++++ meet/defaultconfigs/meet.py | 14 +++ meet/start-service.sh | 26 +++++ setup.sh | 11 ++ web/Dockerfile | 2 +- web/kweb.cfg | 36 +++++- 17 files changed, 260 insertions(+), 52 deletions(-) rename {core => base}/kcconf.py (100%) rename konnect/{identifier-registration.yaml => konnectd-identifier-registration.yaml} (100%) mode change 100755 => 100644 create mode 100644 konnect/konnectd-identifier-scopes.yaml create mode 100644 kwmserver/Dockerfile create mode 100755 kwmserver/wrapper.sh create mode 100644 meet/Dockerfile create mode 100644 meet/defaultconfigs/meet.py create mode 100755 meet/start-service.sh diff --git a/Makefile b/Makefile index 53ddc87..d1a3d74 100644 --- a/Makefile +++ b/Makefile @@ -7,10 +7,12 @@ endif base_download_version := $(shell ./version.sh core) core_download_version := $(shell ./version.sh core) +meet_download_version := $(shell ./version.sh meet) webapp_download_version := $(shell ./version.sh webapp) zpush_download_version := $(shell ./version.sh zpush) KOPANO_CORE_REPOSITORY_URL := file:/kopano/repo/core +KOPANO_MEET_REPOSITORY_URL := file:/kopano/repo/meet KOPANO_WEBAPP_REPOSITORY_URL := file:/kopano/repo/webapp KOPANO_WEBAPP_FILES_REPOSITORY_URL := file:/kopano/repo/files KOPANO_WEBAPP_MDM_REPOSITORY_URL := file:/kopano/repo/mdm @@ -26,7 +28,7 @@ export # convert lowercase componentname to uppercase COMPONENT = $(shell echo $(component) | tr a-z A-Z) -build-all: build-ssl build-base build-core build-utils build-webapp build-zpush build-web build-konnect build-playground build-ldap-demo +build-all: build-base build-core build-konnect build-kwmserver build-ldap-demo build-meet build-playground build-ssl build-utils build-web build-webapp build-zpush .PHONY: build build: component ?= base @@ -36,6 +38,7 @@ build: --build-arg KOPANO_CORE_VERSION=${core_download_version} \ --build-arg KOPANO_$(COMPONENT)_VERSION=${$(component)_download_version} \ --build-arg KOPANO_CORE_REPOSITORY_URL=$(KOPANO_CORE_REPOSITORY_URL) \ + --build-arg KOPANO_MEET_REPOSITORY_URL=$(KOPANO_MEET_REPOSITORY_URL) \ --build-arg KOPANO_WEBAPP_REPOSITORY_URL=$(KOPANO_WEBAPP_REPOSITORY_URL) \ --build-arg KOPANO_WEBAPP_FILES_REPOSITORY_URL=$(KOPANO_WEBAPP_FILES_REPOSITORY_URL) \ --build-arg KOPANO_WEBAPP_MDM_REPOSITORY_URL=$(KOPANO_WEBAPP_MDM_REPOSITORY_URL) \ @@ -58,30 +61,36 @@ build-base: build-core: component=core make build +build-konnect: + component=konnect make build-simple + +build-kwmserver: + component=kwmserver make build-simple + +build-ldap-demo: + component=ldap_demo make build-simple + +build-meet: + component=meet make build + +build-playground: + component=playground make build-simple + +build-ssl: + component=ssl make build-simple + build-utils: build-core component=utils make build +build-web: + component=web make build-simple + build-webapp: component=webapp make build build-zpush: component=zpush make build -build-ssl: - component=ssl make build-simple - -build-web: - component=web make build-simple - -build-konnect: - component=konnect make build-simple - -build-playground: - component=playground make build-simple - -build-ldap-demo: - component=ldap_demo make build-simple - tag-container: component ?= base tag-container: @echo 'create tag $($(component)_version)' @@ -101,11 +110,31 @@ tag-core: $(shell docker run --rm $(docker_repo)/kopano_core cat /kopano/buildversion | cut -d- -f2)) component=core make tag-container +tag-konnect: + $(eval konnect_version := \ + $(shell docker run --rm $(docker_repo)/kopano_konnect env | grep CODE_VERSION | cut -d'=' -f2)) + component=konnect make tag-container + +tag-kwmserver: + $(eval kwmserver_version := \ + $(shell docker run --rm $(docker_repo)/kopano_kwmserver env | grep CODE_VERSION | cut -d'=' -f2)) + component=kwmserver make tag-container + +tag-meet: + $(eval meet_version := \ + $(shell docker run --rm $(docker_repo)/kopano_meet cat /kopano/buildversion | grep meet | cut -d- -f2 | cut -d+ -f1)) + component=meet make tag-container + tag-utils: $(eval utils_version := \ $(shell docker run --rm $(docker_repo)/kopano_utils cat /kopano/buildversion | cut -d- -f2)) component=utils make tag-container +tag-web: + $(eval web_version := \ + $(shell docker run --rm $(docker_repo)/kopano_web env | grep CODE_VERSION | cut -d'=' -f2)) + component=web make tag-container + tag-webapp: $(eval webapp_version := \ $(shell docker run --rm $(docker_repo)/kopano_webapp cat /kopano/buildversion | grep webapp | cut -d- -f2 | cut -d+ -f1)) @@ -116,22 +145,11 @@ tag-zpush: $(shell docker run --rm $(docker_repo)/kopano_zpush cat /kopano/buildversion | tail -n 1 | grep -o -P '(?<=-).*(?=\+)')) component=zpush make tag-container -tag-web: - $(eval web_version := \ - $(shell docker run --rm $(docker_repo)/kopano_web env | grep CODE_VERSION | cut -d'=' -f2)) - component=web make tag-container - -tag-konnect: - $(eval konnect_version := \ - $(shell docker run --rm $(docker_repo)/kopano_konnect env | grep CODE_VERSION | cut -d'=' -f2)) - component=konnect make tag-container - - # Docker publish repo-login: @docker login -u $(docker_login) -p $(docker_pwd) -publish: repo-login publish-ssl publish-base publish-core publish-utils publish-webapp publish-zpush publish-ssl publish-web publish-konnect publish-playground +publish: repo-login publish-base publish-core publish-konnect publish-kwmserver publish-meet publish-playground publish-ssl publish-utils publish-web publish-webapp publish-zpush publish-container: component ?= base publish-container: @@ -145,27 +163,33 @@ publish-base: build-base tag-base publish-core: build-core tag-core component=core make publish-container +publish-konnect: build-konnect tag-konnect + component=konnect make publish-container + +publish-kwmserver: build-kwmserver tag-kwmserver + component=kwmserver make publish-container + +publish-meet: build-meet tag-meet + component=meet make publish-container + +publish-playground: build-playground + docker push $(docker_repo)/kopano_playground:latest + +publish-ssl: build-ssl + docker push $(docker_repo)/kopano_ssl:latest + publish-utils: build-core build-utils tag-utils component=utils make publish-container +publish-web: build-web tag-web + component=web make publish-container + publish-webapp: build-webapp tag-webapp component=webapp make publish-container publish-zpush: build-zpush tag-zpush component=zpush make publish-container -publish-ssl: build-ssl - docker push $(docker_repo)/kopano_ssl:latest - -publish-web: build-web tag-web - docker push $(docker_repo)/kopano_web:latest - -publish-konnect: build-konnect tag-konnect - component=konnect make publish-container - -publish-playground: build-playground - docker push $(docker_repo)/kopano_playground:latest - test: docker-compose -f $(COMPOSE_FILE) down -v || true make build-all diff --git a/base/Dockerfile b/base/Dockerfile index 1c5ceb8..1add679 100644 --- a/base/Dockerfile +++ b/base/Dockerfile @@ -51,6 +51,7 @@ ARG RELEASE_KEY_DOWNLOAD=0 # get common utilities COPY create-kopano-repo.sh /kopano/helper/ +COPY kcconf.py /kopano/ RUN date +%s > /kopano/buildversion SHELL [ "/bin/bash", "-c"] diff --git a/core/kcconf.py b/base/kcconf.py similarity index 100% rename from core/kcconf.py rename to base/kcconf.py diff --git a/core/Dockerfile b/core/Dockerfile index ba2457d..fb6bffd 100644 --- a/core/Dockerfile +++ b/core/Dockerfile @@ -50,7 +50,7 @@ ENV LANG=en_US.UTF-8 ENV SERVICE_TO_START=server -COPY kcconf.py defaultconfigs/ start-service.sh /kopano/ +COPY defaultconfigs/ start-service.sh /kopano/ COPY services /kopano/services WORKDIR /kopano/path diff --git a/docker-compose.yml-example b/docker-compose.yml-example index d20ad4e..4c085a7 100644 --- a/docker-compose.yml-example +++ b/docker-compose.yml-example @@ -258,6 +258,8 @@ services: kopano_kapi: image: ${docker_repo:?err}/kopano_core:${CORE_VERSION} container_name: kopano_kapi + depends_on: + - kopano_grapi volumes: - kopanodata/:/kopano/data - kopanossl/:/kopano/ssl @@ -358,7 +360,7 @@ services: - kopano-net kopano_konnect: - image: ${docker_repo:?err}/kopano_konnect + image: ${docker_repo:?err}/kopano_konnect:${KONNECT_VERSION} container_name: kopano_konnect command: wrapper.sh volumes: @@ -378,14 +380,32 @@ services: - web-net kopano_kwmserver: - image: kopano/kwmserverd:0.13.1 + image: ${docker_repo:?err}/kopano_kwmserver:${KWM_VERSION} container_name: kopano_kwmserver + command: wrapper.sh environment: - - KWMSERVERD_ADMIN_TOKENS_KEY_FILE=/kopano/ssl/kwm-admin-tokens.key + - INSECURE=${INSECURE} + - oidc_issuer_identifier=https://${FQDN} volumes: - kopanossl/:/kopano/ssl + extra_hosts: + - ${EXTRAHOSTS} networks: - - web-net + - web-net + + kopano_meet: + image: ${docker_repo:?err}/kopano_meet:${MEET_VERSION} + container_name: kopano_meet + environment: + - SERVICE_TO_START=meet + - KCCONF_KWEBD_TLS=no + depends_on: + - kopano_kapi + - kopano_konnect + - kopano_kwmserver + - web + networks: + - web-net volumes: web: diff --git a/konnect/Dockerfile b/konnect/Dockerfile index 4f4572b..5277f72 100644 --- a/konnect/Dockerfile +++ b/konnect/Dockerfile @@ -1,4 +1,4 @@ -ARG CODE_VERSION=0.16.1 +ARG CODE_VERSION=0.19.1 FROM kopano/konnectd:${CODE_VERSION} ARG CODE_VERSION ENV CODE_VERSION="${CODE_VERSION}" @@ -13,5 +13,5 @@ RUN wget https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSI && rm dockerize-alpine-linux-amd64-$DOCKERIZE_VERSION.tar.gz RUN mkdir -p /etc/kopano/ -COPY identifier-registration.yaml /etc/kopano +COPY konnectd-identifier-registration.yaml konnectd-identifier-scopes.yaml /etc/kopano/ COPY wrapper.sh /usr/local/bin diff --git a/konnect/identifier-registration.yaml b/konnect/konnectd-identifier-registration.yaml old mode 100755 new mode 100644 similarity index 100% rename from konnect/identifier-registration.yaml rename to konnect/konnectd-identifier-registration.yaml diff --git a/konnect/konnectd-identifier-scopes.yaml b/konnect/konnectd-identifier-scopes.yaml new file mode 100644 index 0000000..f9b4b6e --- /dev/null +++ b/konnect/konnectd-identifier-scopes.yaml @@ -0,0 +1,14 @@ +# This file contains additional scopes for Konnect. All of the scopes listed +# here are made available to clients upon request if not limited by other means. + +--- +scopes: + kopano/kwm: + description: "Access Kopano Meet" + + kopano/kvs: + description: "Access Kopano Key Value Store" + + kopano/pubs: + description: "Access Kopano Pub/Sub" + diff --git a/konnect/wrapper.sh b/konnect/wrapper.sh index a735770..4a96e7b 100755 --- a/konnect/wrapper.sh +++ b/konnect/wrapper.sh @@ -5,10 +5,11 @@ set -e dockerize \ -wait file:///kopano/ssl/konnectd-tokens-signing-key.pem \ -wait file:///kopano/ssl/konnectd-encryption.key \ - -timeout 360s -exec konnectd serve \ + -timeout 360s \ + konnectd serve \ --signing-private-key=/kopano/ssl/konnectd-tokens-signing-key.pem \ --encryption-secret=/kopano/ssl/konnectd-encryption.key \ --iss=https://$FQDN \ - --identifier-registration-conf /etc/kopano/identifier-registration.yaml \ + --identifier-registration-conf /etc/kopano/konnectd-identifier-registration.yaml \ + --identifier-scopes-conf /etc/kopano/konnectd-identifier-scopes.yaml \ kc diff --git a/kwmserver/Dockerfile b/kwmserver/Dockerfile new file mode 100644 index 0000000..549a8e7 --- /dev/null +++ b/kwmserver/Dockerfile @@ -0,0 +1,6 @@ +ARG CODE_VERSION=0.15.1 +FROM kopano/kwmserverd:${CODE_VERSION} +ARG CODE_VERSION +ENV CODE_VERSION="${CODE_VERSION}" + +COPY wrapper.sh /usr/local/bin diff --git a/kwmserver/wrapper.sh b/kwmserver/wrapper.sh new file mode 100755 index 0000000..d09f585 --- /dev/null +++ b/kwmserver/wrapper.sh @@ -0,0 +1,14 @@ +#!/bin/sh + +set -e + +if [ -n "$oidc_issuer_identifier" ]; then + set -- "$@" --iss="$oidc_issuer_identifier" +fi + +if [ "$INSECURE" = "yes" ]; then + set -- "$@" --insecure +fi + +exec /usr/local/bin/docker-entrypoint.sh serve "$@" + diff --git a/meet/Dockerfile b/meet/Dockerfile new file mode 100644 index 0000000..11cf47c --- /dev/null +++ b/meet/Dockerfile @@ -0,0 +1,43 @@ +ARG docker_repo=zokradonh +FROM ${docker_repo}/kopano_base + +ARG DEBIAN_FRONTEND=noninteractive + +ARG ADDITIONAL_KOPANO_PACKAGES="" +ARG DOWNLOAD_COMMUNITY_PACKAGES=1 +ARG KOPANO_MEET_REPOSITORY_URL="file:/kopano/repo/meet" +ARG KOPANO_MEET_VERSION=newest +ARG KOPANO_REPOSITORY_FLAGS="trusted=yes" +ARG RELEASE_KEY_DOWNLOAD=0 + +# install Kopano Core and refresh ca-certificates +RUN \ + # community download and package as apt source repository + . /kopano/helper/create-kopano-repo.sh && \ + if [ ${DOWNLOAD_COMMUNITY_PACKAGES} -eq 1 ]; then \ + dl_and_package_community "meet"; \ + fi; \ + echo "deb [${KOPANO_REPOSITORY_FLAGS}] ${KOPANO_MEET_REPOSITORY_URL} ./" > /etc/apt/sources.list.d/kopano.list; \ + # save kopano version + echo "meet-${KOPANO_MEET_VERSION}" > /kopano/buildversion; \ + # install apt key if supported kopano + if [ ${RELEASE_KEY_DOWNLOAD} -eq 1 ]; then \ + curl -s -S -o - "${KOPANO_MEET_REPOSITORY_URL}/Release.key" | apt-key add -; \ + fi; \ + # install + apt-get update && \ + set -x && \ + apt-get install --no-install-recommends -y \ + kopano-kwebd \ + kopano-meet kopano-meet-webapp \ + ${ADDITIONAL_KOPANO_PACKAGES} \ + && \ + set +x && \ + rm -rf /var/cache/apt /var/lib/apt/lists + +ENV KOPANO_LOCALE="de_DE.UTF-8" +ENV KOPANO_USERSCRIPT_LOCALE="de_DE.UTF-8" +ENV LANG=en_US.UTF-8 + +COPY defaultconfigs/ start-service.sh /kopano/ +CMD [ "/kopano/start-service.sh" ] diff --git a/meet/defaultconfigs/meet.py b/meet/defaultconfigs/meet.py new file mode 100644 index 0000000..13a5a54 --- /dev/null +++ b/meet/defaultconfigs/meet.py @@ -0,0 +1,14 @@ +import os +import kcconf + +# Component specific configurations +kcconf.configkopano({ + r"/etc/kopano/kweb.cfg": + { + 'tls': "no" + + } +}) + +# Override configs from environment variables +kcconf.configkopano(kcconf.parseenvironmentvariables(r"/etc/kopano/")) diff --git a/meet/start-service.sh b/meet/start-service.sh new file mode 100755 index 0000000..370b328 --- /dev/null +++ b/meet/start-service.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES:-""} + +set -eu # unset variables are errors & non-zero return values exit the whole script + +if [ ! -e /kopano/$SERVICE_TO_START.py ]; then + echo "Invalid service specified: $SERVICE_TO_START" | ts + exit 1 +fi + +echo "Configure service '$SERVICE_TO_START'" | ts +/usr/bin/python3 /kopano/$SERVICE_TO_START.py + +# allow helper commands given by "docker-compose run" +if [ $# -gt 0 ]; then + exec "$@" + exit +fi + +sed -i s/\ *=\ */=/g /etc/kopano/kwebd.cfg +export $(grep -v '^#' /etc/kopano/kwebd.cfg | xargs -d '\n') +# cleaning up env variables +unset "${!KCCONF_@}" +exec kopano-kwebd serve + diff --git a/setup.sh b/setup.sh index 77cbf2d..c03cdb3 100755 --- a/setup.sh +++ b/setup.sh @@ -101,6 +101,14 @@ if [ ! -e ./.env ]; then read -p "Which tag do you want to use for Kopano Konnect? [$value_default]: " new_value KONNECT_VERSION=${new_value:-$value_default} + value_default=latest + read -p "Which tag do you want to use for Kopano Kwmserver? [$value_default]: " new_value + KWM_VERSION=${new_value:-$value_default} + + value_default=latest + read -p "Which tag do you want to use for Kopano Meet? [$value_default]: " new_value + MEET_VERSION=${new_value:-$value_default} + value_default="Kopano Demo" read -p "Name of the Organisation for LDAP [$value_default]: " new_value LDAP_ORGANISATION=${new_value:-$value_default} @@ -258,6 +266,8 @@ CORE_VERSION=$CORE_VERSION WEBAPP_VERSION=$WEBAPP_VERSION ZPUSH_VERSION=$ZPUSH_VERSION KONNECT_VERSION=$KONNECT_VERSION +KWM_VERSION=$KWM_VERSION +MEET_VERSION=$MEET_VERSION LDAP_ORGANISATION="$LDAP_ORGANISATION" LDAP_DOMAIN=$FQDN @@ -317,6 +327,7 @@ COMPOSE_PROJECT_NAME=kopano # Modify below to build a different version, than the kopano nightly release #KOPANO_CORE_REPOSITORY_URL=https://serial:REPLACE-ME@download.kopano.io/supported/core:/final/Debian_9.0/ +#KOPANO_MEET_REPOSITORY_URL=https://serial:REPLACE-ME@download.kopano.io/supported/meet:/final/Debian_9.0/ #KOPANO_WEBAPP_REPOSITORY_URL=https://serial:REPLACE-ME@download.kopano.io/supported/webapp:/final/Debian_9.0/ #KOPANO_WEBAPP_FILES_REPOSITORY_URL=https://serial:REPLACE-ME@download.kopano.io/supported/files:/final/Debian_9.0/ #KOPANO_WEBAPP_MDM_REPOSITORY_URL=https://serial:REPLACE-ME@download.kopano.io/supported/mdm:/final/Debian_9.0/ diff --git a/web/Dockerfile b/web/Dockerfile index e05ca59..53381c9 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -1,4 +1,4 @@ -ARG CODE_VERSION=0.4.2 +ARG CODE_VERSION=0.5.0 FROM kopano/kwebd:${CODE_VERSION} ARG CODE_VERSION ENV CODE_VERSION="${CODE_VERSION}" diff --git a/web/kweb.cfg b/web/kweb.cfg index 65016c8..c18baff 100644 --- a/web/kweb.cfg +++ b/web/kweb.cfg @@ -22,7 +22,12 @@ } # Config - configjson /api/config/v1/kopano/ config/kopano + proxy /api/config/v1/kopano/ http://kopano_meet:9080/ { + fail_timeout 10s + try_duration 30s + transparent + keepalive 100 + } # Konnect proxy /upstreams/konnect/ { @@ -97,6 +102,35 @@ } folderish /kapi-playground + + # Kwmserver + proxy /upstreams/kwmserver/ { + without /upstreams/kwmserver/ + upstream kopano_kwmserver:8778 + policy least_conn + health_check /health-check + fail_timeout 10s + try_duration 30s + keepalive 100 + transparent + websocket + } + ratelimit * 100 200 minute { + /upstreams/kwmserver/ + whitelist 127.0.0.1/8 + } + rewrite /api/kwm/v2/ { + to /upstreams/kwmserver/{path} + } + + proxy /meet/ kopano_meet:9080 { + fail_timeout 10s + try_duration 30s + transparent + keepalive 100 + } + folderish /meet + proxy /webapp/ kopano_webapp:80 { fail_timeout 10s try_duration 30s