Merge pull request #2892 from owncloud/invidivial-services-deployment…

…-example individual services deployment example
owncloud · Feb 23, 2022 · d92dc89 · d92dc89
2 parents 9702292 + 60acd22
commit d92dc89
Show file tree

Hide file tree

Showing 27 changed files with 1,283 additions and 29 deletions.
diff --git a/.drone.star b/.drone.star
@@ -1674,6 +1674,7 @@ def example_deploys(ctx):
         "ocis_hello/latest.yml",
         "ocis_s3/latest.yml",
         "oc10_ocis_parallel/latest.yml",
+        "ocis_individual_services/latest.yml",
     ]
     released_configs = [
         "ocis_ldap/released.yml",

diff --git a/deployments/continuous-deployment-config/oc10_ocis_parallel/latest.yml b/deployments/continuous-deployment-config/oc10_ocis_parallel/latest.yml
@@ -25,8 +25,6 @@
       - https://github.com/kulmann.keys
       - https://github.com/micbar.keys
       - https://github.com/pascalwengerter.keys
-      - https://github.com/paulcod3.keys
-      - https://github.com/refs.keys
       - https://github.com/wkloucek.keys
     docker_compose_projects:
       - name: ocis

diff --git a/deployments/continuous-deployment-config/ocis_hello/latest.yml b/deployments/continuous-deployment-config/ocis_hello/latest.yml
@@ -24,8 +24,6 @@
       - https://github.com/kulmann.keys
       - https://github.com/micbar.keys
       - https://github.com/pascalwengerter.keys
-      - https://github.com/paulcod3.keys
-      - https://github.com/refs.keys
       - https://github.com/wkloucek.keys
     docker_compose_projects:
       - name: ocis

diff --git a/deployments/continuous-deployment-config/ocis_individual_services/latest.yml b/deployments/continuous-deployment-config/ocis_individual_services/latest.yml
@@ -0,0 +1,49 @@
+---
+- name: continuous-deployment-ocis-individual-services-latest
+  server:
+    server_type: cx31
+    image: ubuntu-20.04
+    location: nbg1
+    initial_ssh_key_names:
+      - owncloud-ocis@drone.owncloud.com
+    labels:
+      owner: wkloucek
+      for: oCIS-continuous-deployment-examples
+    rebuild: $REBUILD
+    rebuild_carry_paths:
+      - /var/lib/docker/volumes/ocis_certs
+
+  domains:
+    - "*.ocis-individual-services.latest.owncloud.works"
+
+  vars:
+    ssh_authorized_keys:
+      - https://github.com/butonic.keys
+      - https://github.com/C0rby.keys
+      - https://github.com/fschade.keys
+      - https://github.com/kulmann.keys
+      - https://github.com/micbar.keys
+      - https://github.com/pascalwengerter.keys
+      - https://github.com/wkloucek.keys
+    docker_compose_projects:
+      - name: ocis
+        git_url: https://github.com/owncloud/ocis.git
+        ref: master
+        docker_compose_path: deployments/examples/ocis_individual_services
+        env:
+          INSECURE: "false"
+          TRAEFIK_ACME_MAIL: wkloucek@owncloud.com
+          OCIS_DOCKER_TAG: latest
+          OCIS_SCALE: 6
+          OCIS_DOMAIN: ocis.ocis-individual-services.latest.owncloud.works
+          COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml
+      - name: monitoring
+        git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git
+        ref: master
+        env:
+          NETWORK_NAME: ocis-net
+          TELEMETRY_SERVE_DOMAIN: telemetry.ocis-individual-services.latest.owncloud.works
+          JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443
+          TELEGRAF_SPECIFIC_CONFIG: ocis_individual_services
+          OCIS_URL: ocis.ocis-individual-services.latest.owncloud.works
+          OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-individual-services-latest
diff --git a/deployments/continuous-deployment-config/ocis_keycloak/latest.yml b/deployments/continuous-deployment-config/ocis_keycloak/latest.yml
@@ -24,8 +24,6 @@
       - https://github.com/kulmann.keys
       - https://github.com/micbar.keys
       - https://github.com/pascalwengerter.keys
-      - https://github.com/paulcod3.keys
-      - https://github.com/refs.keys
       - https://github.com/wkloucek.keys
     docker_compose_projects:
       - name: ocis

diff --git a/deployments/continuous-deployment-config/ocis_keycloak/released.yml b/deployments/continuous-deployment-config/ocis_keycloak/released.yml
@@ -24,8 +24,6 @@
       - https://github.com/kulmann.keys
       - https://github.com/micbar.keys
       - https://github.com/pascalwengerter.keys
-      - https://github.com/paulcod3.keys
-      - https://github.com/refs.keys
       - https://github.com/wkloucek.keys
     docker_compose_projects:
       - name: ocis

diff --git a/deployments/continuous-deployment-config/ocis_ldap/latest.yml b/deployments/continuous-deployment-config/ocis_ldap/latest.yml
@@ -24,8 +24,6 @@
       - https://github.com/kulmann.keys
       - https://github.com/micbar.keys
       - https://github.com/pascalwengerter.keys
-      - https://github.com/paulcod3.keys
-      - https://github.com/refs.keys
       - https://github.com/wkloucek.keys
     docker_compose_projects:
       - name: ocis

diff --git a/deployments/continuous-deployment-config/ocis_ldap/released.yml b/deployments/continuous-deployment-config/ocis_ldap/released.yml
@@ -24,8 +24,6 @@
       - https://github.com/kulmann.keys
       - https://github.com/micbar.keys
       - https://github.com/pascalwengerter.keys
-      - https://github.com/paulcod3.keys
-      - https://github.com/refs.keys
       - https://github.com/wkloucek.keys
     docker_compose_projects:
       - name: ocis

diff --git a/deployments/continuous-deployment-config/ocis_s3/latest.yml b/deployments/continuous-deployment-config/ocis_s3/latest.yml
@@ -24,8 +24,6 @@
       - https://github.com/kulmann.keys
       - https://github.com/micbar.keys
       - https://github.com/pascalwengerter.keys
-      - https://github.com/paulcod3.keys
-      - https://github.com/refs.keys
       - https://github.com/wkloucek.keys
     docker_compose_projects:
       - name: ocis

diff --git a/deployments/continuous-deployment-config/ocis_traefik/latest.yml b/deployments/continuous-deployment-config/ocis_traefik/latest.yml
@@ -24,8 +24,6 @@
       - https://github.com/kulmann.keys
       - https://github.com/micbar.keys
       - https://github.com/pascalwengerter.keys
-      - https://github.com/paulcod3.keys
-      - https://github.com/refs.keys
       - https://github.com/wkloucek.keys
     docker_compose_projects:
       - name: ocis

diff --git a/deployments/continuous-deployment-config/ocis_traefik/released.yml b/deployments/continuous-deployment-config/ocis_traefik/released.yml
@@ -24,8 +24,6 @@
       - https://github.com/kulmann.keys
       - https://github.com/micbar.keys
       - https://github.com/pascalwengerter.keys
-      - https://github.com/paulcod3.keys
-      - https://github.com/refs.keys
       - https://github.com/wkloucek.keys
     docker_compose_projects:
       - name: ocis

diff --git a/deployments/continuous-deployment-config/ocis_wopi/latest.yml b/deployments/continuous-deployment-config/ocis_wopi/latest.yml
@@ -24,8 +24,6 @@
       - https://github.com/kulmann.keys
       - https://github.com/micbar.keys
       - https://github.com/pascalwengerter.keys
-      - https://github.com/paulcod3.keys
-      - https://github.com/refs.keys
       - https://github.com/wkloucek.keys
     docker_compose_projects:
       - name: ocis

diff --git a/deployments/continuous-deployment-config/ocis_wopi/released.yml b/deployments/continuous-deployment-config/ocis_wopi/released.yml
@@ -24,8 +24,6 @@
       - https://github.com/kulmann.keys
       - https://github.com/micbar.keys
       - https://github.com/pascalwengerter.keys
-      - https://github.com/paulcod3.keys
-      - https://github.com/refs.keys
       - https://github.com/wkloucek.keys
     docker_compose_projects:
       - name: ocis

diff --git a/deployments/examples/ocis_individual_services/.env b/deployments/examples/ocis_individual_services/.env
@@ -0,0 +1,36 @@
+# If you're on a internet facing server please comment out following line.
+# It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates.
+INSECURE=true
+
+### Traefik settings ###
+# Serve Treafik dashboard. Defaults to "false".
+TRAEFIK_DASHBOARD=
+# Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test"
+TRAEFIK_DOMAIN=
+# Basic authentication for the dashboard. Defaults to user "admin" and password "admin"
+TRAEFIK_BASIC_AUTH_USERS=
+# Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server
+TRAEFIK_ACME_MAIL=
+
+### oCIS settings ###
+# oCIS version. Defaults to "latest"
+OCIS_DOCKER_TAG=
+# Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test"
+OCIS_DOMAIN=
+# IDP LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "idp".
+IDP_LDAP_BIND_PASSWORD=
+# Storage LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "reva".
+STORAGE_LDAP_BIND_PASSWORD=
+# JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4"
+OCIS_JWT_SECRET=
+# JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret"
+STORAGE_TRANSFER_SECRET=
+# Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please"
+OCIS_MACHINE_AUTH_API_KEY=
+# Number of services to run for extensions, that currently can be easily scaled. Defaults to 1.
+OCIS_SCALE=
+
+# If you want to use debugging and tracing with this stack,
+# you need uncomment following line. Please see documentation at
+# https://owncloud.dev/ocis/deployment/monitoring-tracing/
+#COMPOSE_FILE=docker-compose.yml:monitoring_tracing/docker-compose-additions.yml
diff --git a/deployments/examples/ocis_individual_services/README.md b/deployments/examples/ocis_individual_services/README.md
@@ -0,0 +1,6 @@
+---
+document this deployment example in: docs/ocis/deployment/ocis_individual_services.md
+---
+
+Please refer to [our documentation](https://owncloud.dev/ocis/deployment/ocis_individual_services/)
+for instructions on how to deploy this scenario.
diff --git a/deployments/examples/ocis_individual_services/config/accounts/entrypoint-override.sh b/deployments/examples/ocis_individual_services/config/accounts/entrypoint-override.sh
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+set -e
+
+ocis accounts server&
+sleep 10
+
+echo "##################################################"
+echo "change default secrets:"
+
+# IDP
+IDP_USER_UUID=$(ocis accounts list | grep "| Kopano IDP " | egrep '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}' -o)
+echo "  IDP user UUID: $IDP_USER_UUID"
+ocis accounts update --password $IDP_LDAP_BIND_PASSWORD $IDP_USER_UUID
+
+# REVA
+REVA_USER_UUID=$(ocis accounts list | grep " | Reva Inter " | egrep '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}' -o)
+echo "  Reva user UUID: $REVA_USER_UUID"
+ocis accounts update --password $STORAGE_LDAP_BIND_PASSWORD $REVA_USER_UUID
+
+echo "default secrets changed"
+echo "##################################################"
+
+wait # wait for accounts service to exit
diff --git a/deployments/examples/ocis_individual_services/config/proxy/proxy.json b/deployments/examples/ocis_individual_services/config/proxy/proxy.json
@@ -0,0 +1,103 @@
+{
+  "HTTP": {
+    "Namespace": "com.owncloud"
+  },
+  "policy_selector": {
+    "static": {
+      "policy": "ocis"
+    }
+  },
+  "policies": [
+    {
+      "name": "ocis",
+      "routes": [
+        {
+          "endpoint": "/",
+          "backend": "http://web:9100"
+        },
+        {
+          "endpoint": "/.well-known/",
+          "backend": "http://idp:9130"
+        },
+        {
+          "endpoint": "/konnect/",
+          "backend": "http://idp:9130"
+        },
+        {
+          "endpoint": "/signin/",
+          "backend": "http://idp:9130"
+        },
+        {
+          "type": "regex",
+          "endpoint": "/ocs/v[12].php/cloud/(users?|groups)",
+          "backend": "http://ocs:9110"
+        },
+        {
+          "endpoint": "/ocs/",
+          "backend": "http://storage-frontend:9140"
+        },
+        {
+          "type": "query",
+          "endpoint": "/remote.php/?preview=1",
+          "backend": "http://webdav:9115"
+        },
+        {
+          "endpoint": "/remote.php/",
+          "backend": "http://storage-frontend:9140"
+        },
+        {
+          "endpoint": "/dav/",
+          "backend": "http://storage-frontend:9140"
+        },
+        {
+          "endpoint": "/webdav/",
+          "backend": "http://storage-frontend:9140"
+        },
+        {
+          "endpoint": "/status.php",
+          "backend": "http://storage-frontend:9140"
+        },
+        {
+          "endpoint": "/index.php/",
+          "backend": "http://storage-frontend:9140"
+        },
+        {
+          "endpoint": "/data",
+          "backend": "http://storage-frontend:9140"
+        },
+        {
+          "endpoint": "/app/",
+          "backend": "http://storage-frontend:9140"
+        },
+        {
+          "endpoint": "/archiver",
+          "backend": "http://storage-frontend:9140"
+        },
+        {
+          "endpoint": "/graph/",
+          "backend": "http://graph:9120"
+        },
+        {
+          "endpoint": "/graph-explorer/",
+          "backend": "http://graph-explorer:9135"
+        },
+        {
+          "endpoint": "/api/v0/accounts",
+          "backend": "http://accounts:9181"
+        },
+        {
+          "endpoint": "/accounts.js",
+          "backend": "http://accounts:9181"
+        },
+        {
+          "endpoint": "/api/v0/settings",
+          "backend": "http://settings:9190"
+        },
+        {
+          "endpoint": "/settings.js",
+          "backend": "http://settings:9190"
+        }
+      ]
+    }
+  ]
+}