From 67a4a1abfb74caffb191be7bafb4e4b5cff8b717 Mon Sep 17 00:00:00 2001 From: Patrick Maier Date: Thu, 17 Dec 2020 11:45:44 +0100 Subject: [PATCH 01/11] Add oCIS 1.0 Release Notes --- docs/ocis/release_notes.md | 249 +++++++++++++++++++++++++++++++++++++ 1 file changed, 249 insertions(+) create mode 100644 docs/ocis/release_notes.md diff --git a/docs/ocis/release_notes.md b/docs/ocis/release_notes.md new file mode 100644 index 000000000..cb85703c5 --- /dev/null +++ b/docs/ocis/release_notes.md @@ -0,0 +1,249 @@ +--- +title: "Release Notes" +date: 2020-12-16T20:35:00+01:00 +weight: 0 +geekdocRepo: https://github.com/owncloud/ocis +geekdocEditPath: edit/master/docs/ocis +geekdocFilePath: release_notes.md +--- + +{{< toc >}} + + +# ownCloud Infinite Scale 1.0.0 Technology Preview - Initial Release Notes + +We are pleased to annouce the availability of ownCloud Infinite Scale 1.0.0 Technology Preview which is released as the first public version of the new Infinite Scale platform. + +## Microservice architecture + +ownCloud Infinite Scale is following the microservices architectual pattern. It is implemented as a set of microservices which are independent of each other. They are coupled with very well-defined APIs and communicate via HTTP. This architecture fosters a lot of benefits that we were going for with the new design for oCIS: + +- Independent services: Every service is independant, comparably small and brings it's own webserver, backend/APIs and frontend components. +- Each service runs as a separate service on the system, increasing security and stability +- Scalability: High performance demands can be fulfilled by scaling the amount of services +- Testability: Each service can be tested on its own due to well-defined APIs and functionality +- Protocol-driven development +- High-performance communication between services through technologies like GRPC +- Multi-platform support through utilizing Golang - only minimal dependency on platform packages. +- Cloud-native deployment and update strategies + +## More key figures + +- The all-new ownCloud Web frontend ships with the platform +- OpenID Connect is the technology choice for authentication +- An Identity Provider is bundled to ease deployment and operations. It can be replaced with other applications if desired. +- Up-to-date, cloud-native deployment options are available +- Flexible configuration through environment variables, yaml files or command-line switches +- Database-less architecture - metadata and data are kept together in the storage as a single source of truth +- Native storage capabilities are used +- Public ownCloud APIs like WebDAV and OCS have been kept compatible to ownCloud 10 +- A secure and flexible framework to create extensions for ownCloud. It allows to integrate with ownCloud data in a very easy yet powerful way. + +### Supported platforms +- Linux-amd64 +- Darwin-amd64 +- Experimental: Windows, ARM (e.g., Raspberry Pi) + +### Client support +All official ownCloud Clients support the Infinite Scale server with the following versions: +- Desktop >= 2.7.0 +- Android >= 2.15 +- iOS >= 1.2 + +## Architecture + +ownCloud Infinite Scale is built as a modular framework in which components can be scaled individually. It consists of + +- a user management service +- a storage backend service +- Built-in IdP +- Frontend +- Application gateway/proxy + +These components can be deployed in a multi-tier deployment architecture. See the [documentation]https://owncloud.github.io/ocis/ for an overview of the services. + +## Various Operation modes +### Standalone Full Stack Server mode (with oCIS storage driver) + +### Standalone Single service mode for scaleouts + +### Bridge mode with ownCloud 10 backend +For the product transition phase, ownCloud Infinite Scale comes with an operation mode ("bridge mode") that allows to create a hybrid deployment between both server generations to operate the new web frontend with ownCloud 10 and Infinite Scale in parallel. This setup allows to operate the ownCloud Web frontend with both server generations and provides the foundation to migrate users gradually to the new backend. + +**Requirements for the bridge mode** +- ownCloud Server >= 10.6 +- https://marketplace.owncloud.com/apps/openidconnect[Open ID Connect] is used for user authentication +- The https://marketplace.owncloud.com/apps/graphapi[Graph API] app is installed on ownCloud Server +- The latest client versions are rolled-out to users (required for OpenID Connect support). See the https://doc.owncloud.com/server/admin_manual/configuration/user/oidc/#owncloud-desktop-and-mobile-clients[ownCloud Documentation] for more information. + +TIP: **ownCloud Infinite Scale is currently in Technology Preview. The bridge mode should only be used in non-productive environments.** + +https://owncloud.github.io/ocis/deployment/owncloud10_with_oc_web/ + +[To illustrate, a little graphic that describes the various operation modes would be cool + +# What to expect? + +This is the first promoted public release of oCIS, released as "technical preview". oCIS is not yet ready for production installations. Technical audience will get a good impression of the potential of ownClouds new platform. + +oCIS 1.0.0 comes with the base functionality for sync and share on a much higher performance-, stability- and security-level compared to all available platforms. Based on ten years of experience in enterprise sync and share and a long standing collaboration with the biggest global science organizations this new platform will exceed what enterprise sync and share / Content Collaboration (?) is today. + +TODO: Mention the base modules of oCIS + +# How to get started? + +One of the most important objectives for oCIS was to ease the setup of a working instance dramatically. Since oCIS is built on Google's powerful GO language it supports the single-file-deployment: Installing oCIS 1.0.0 is as easy as downloading a single file, applying execution permission to it and get started. No more fiddling around with complicated LAMP stacks. + +## Deployment Options + +Given the GOlang based architecture of oCIS, there are various deployment options based on the users requirements. With our experience with the for many users difficult setup of the LAMP stack before a big emphasis was put on easy yet functional deployment strategies. + +### Delivery as single binary + +The single binary is the best option to test the new ownCloud Infinite Scale 1.0.0 Technical Preview release on a local machine. Follow these instructions to get the platform running in the most simple way: + +1. Download the binary +**Linux** +`curl https://download.owncloud.com/ocis/ocis/testing/ocis-testing-linux-amd64 --output ocis` +**MacOS** +`curl https://download.owncloud.com/ocis/ocis/testing/ocis-testing-darwin-amd64 --output ocis` + +2. Make it executable +`chmod +x ocis` + +3. Run it +`./ocis server` + +4. Navigate to http://localhost:9200 and log in to ownCloud Web (admin/admin) + +oCIS environments to last should use more sophisticated setup, see https://owncloud.github.io/ocis/deployment/ for more information. + +### Containerized Setup + +For more sophisticated and production setups we recommend to use one of our proposed docker setups, see [Link] + +- Traefik reverse proxy +- Letsencrypt certificate provisioning +- + +https://owncloud.github.io/ocis/deployment/ocis_traefik/ + +# ownCloud Web Features + +- Available extensions? + +## Framework +- User avatars (compatible with oC 10 API) +- Alerts for information/errors +- Notifications (bell icon, compatible with oC 10 API) +- Extension points + +## Files +- Listing and browsing the hierarchy +- Sorting by columns (name/size/updated) +- Breadcrumb +- Thumbnail previews for images (compatible with oC 10 API and Thumbnails service API) +- Upload (file/folder), using the TUS protocol for reliable uploads +- Download (file) +- Rename +- Copy +- Move +- Delete +- Indicators for resources shared with people (including subfiles and subfolders) +- Indicators for resources shared by link (including subfiles and subfolders) +- Quick actions (extension point) + - Add people + - Create public link on-the-fly and copy it to the clipboard +- Favorites (view + add/remove) +- Shared with me (view) +- Shared with others (view) +- Deleted files +- Versions (list/restore/download/delete) +- File/folder search + +## Sharing with People (user/group shares) +- Adding people to a resource + - Adding multiple people at once (users and groups) + - Autocomplete search to find users + - Roles: Viewer / Editor (folder) / Advanced permissions (granular permissions) + - Expiration date +- Listing people who have access to a resource + - People can be listed when a resource is directly shared and when it's indirectly shared via a parent folder. + - When listing people of an indirectly shared resource, there is a "via" indicator that guides to the directly shared parent. + - Every person can recognize the owner of a resource. + - Every person can recognize their role. + - The owner of a resource can recognize persons that added other people (reshare indicator). + - Editing persons + - Removing persons + +## Sharing with Links +- Private links (copy) +- Public links + - Adding public links on single files and folders + - Roles: Viewer / Editor (folder) / Contributor (folder) / Uploader (folder) + - Password-protection + - Expiration date + - Listing public links + - Public links can be listed when a resource is directly shared and when it's indirectly shared via a parent folder. + - When listing public links of an indirectly shared resource, there is a "via" indicator that guides to the directly shared parent. + - Copying existing public links + - Editing existing public links + - Removing existing public links + - Viewing public links + +## User Profile +- Display basic profile information (user name, display name, e-mail, group memberships) +- "Edit" button guides to ownCloud 10 user settings (when used with oC 10) + +## Basic user settings +- Language of the web interface + +# oCIS Backend Features + +## Storage + +## User and group management +- Functionality available via API and frontend ("Accounts" extension) +- User listing (API/FE) +- User creation (API/FE) +- User deletion (API/FE) +- User activation/blocking (API/FE) +- Role assignment for users (API/FE) +- User editing (API) +- Multi-select in the frontend (delete & block/activate) +- Group creation (API) +- Add/remove users to/from groups (API) +- Group deletion (API) +- Create/read/update users and groups (CLI) + +## Settings +### Settings bundles framework +- What is a settings bundle? +- What can you do with it? +- Extensions? + +### Roles & permissions system +- How is the framework designed? (permissions for actions are available in the system => can be bundled to roles) +- Currently available permissions: Manage accounts (gives access to the user management) +- Current roles are default roles defined in config files (??) + - "Admin": Has the permission to "manage accounts" + - "User": Does not have any dedicated permission + - "Guest": Does not have any dedicated permission +- Currently a user can have only one role +- Users with the role "Admin" can assign/unassign roles to/from other users (as part of the permission to "manage accounts") + +## APIs +- WebDAV +- OCS + +# Known issues for OCIS standalone +- There are feature differences depending on the operation mode, e.g., no user management with ownCloud Web and oC 10 backend +- Public links do not yet respect the given role (a recipient has full permissions no matter which role has been set) +- Resharing works but does not have necessary restrictions in place + - Share recipients can add more people or create public links with higher permissions than they originally had + - Every person in a share can see all other people in the people list +- Sharing indicators in the file list will only be shown after opening the right sidebar for a resource +- The location for incoming shares is currently hardcoded to "/Shared" +- Users can't change their password yet +- No size tree accounting with OCIS storage yet +- Cleanups are not available => e.g., shares of a deleted user will not be removed From c7f8f2060cb774f97e477e39d33737c3d19dd69d Mon Sep 17 00:00:00 2001 From: Patrick Maier Date: Thu, 17 Dec 2020 12:07:24 +0100 Subject: [PATCH 02/11] corrections --- docs/ocis/release_notes.md | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/docs/ocis/release_notes.md b/docs/ocis/release_notes.md index cb85703c5..c095d1b04 100644 --- a/docs/ocis/release_notes.md +++ b/docs/ocis/release_notes.md @@ -60,7 +60,7 @@ ownCloud Infinite Scale is built as a modular framework in which components can - Frontend - Application gateway/proxy -These components can be deployed in a multi-tier deployment architecture. See the [documentation]https://owncloud.github.io/ocis/ for an overview of the services. +These components can be deployed in a multi-tier deployment architecture. See the [documentation](https://owncloud.github.io/ocis/) for an overview of the services. ## Various Operation modes ### Standalone Full Stack Server mode (with oCIS storage driver) @@ -72,9 +72,9 @@ For the product transition phase, ownCloud Infinite Scale comes with an operatio **Requirements for the bridge mode** - ownCloud Server >= 10.6 -- https://marketplace.owncloud.com/apps/openidconnect[Open ID Connect] is used for user authentication -- The https://marketplace.owncloud.com/apps/graphapi[Graph API] app is installed on ownCloud Server -- The latest client versions are rolled-out to users (required for OpenID Connect support). See the https://doc.owncloud.com/server/admin_manual/configuration/user/oidc/#owncloud-desktop-and-mobile-clients[ownCloud Documentation] for more information. +- [Open ID Connect](https://marketplace.owncloud.com/apps/openidconnect) is used for user authentication +- The [Graph API](https://marketplace.owncloud.com/apps/graphapi) app is installed on ownCloud Server +- The latest client versions are rolled-out to users (required for OpenID Connect support). See the [ownCloud Documentation](https://doc.owncloud.com/server/admin_manual/configuration/user/oidc/#owncloud-desktop-and-mobile-clients) for more information. TIP: **ownCloud Infinite Scale is currently in Technology Preview. The bridge mode should only be used in non-productive environments.** @@ -84,9 +84,9 @@ https://owncloud.github.io/ocis/deployment/owncloud10_with_oc_web/ # What to expect? -This is the first promoted public release of oCIS, released as "technical preview". oCIS is not yet ready for production installations. Technical audience will get a good impression of the potential of ownClouds new platform. +This is the first promoted public release of ownCloud Infinite Scale, released as "Technical Preview". Infinite Scale is not yet ready for production installations. Technical audience will get a good impression of the potential of ownClouds new platform. -oCIS 1.0.0 comes with the base functionality for sync and share on a much higher performance-, stability- and security-level compared to all available platforms. Based on ten years of experience in enterprise sync and share and a long standing collaboration with the biggest global science organizations this new platform will exceed what enterprise sync and share / Content Collaboration (?) is today. +Version 1.0.0 comes with the base functionality for sync and share on a much higher performance-, stability- and security-level compared to all available platforms. Based on ten years of experience in enterprise sync and share and a long standing collaboration with the biggest global science organizations this new platform will exceed what content collaboration is today. TODO: Mention the base modules of oCIS @@ -103,9 +103,13 @@ Given the GOlang based architecture of oCIS, there are various deployment option The single binary is the best option to test the new ownCloud Infinite Scale 1.0.0 Technical Preview release on a local machine. Follow these instructions to get the platform running in the most simple way: 1. Download the binary + **Linux** + `curl https://download.owncloud.com/ocis/ocis/testing/ocis-testing-linux-amd64 --output ocis` + **MacOS** + `curl https://download.owncloud.com/ocis/ocis/testing/ocis-testing-darwin-amd64 --output ocis` 2. Make it executable @@ -243,7 +247,6 @@ https://owncloud.github.io/ocis/deployment/ocis_traefik/ - Share recipients can add more people or create public links with higher permissions than they originally had - Every person in a share can see all other people in the people list - Sharing indicators in the file list will only be shown after opening the right sidebar for a resource -- The location for incoming shares is currently hardcoded to "/Shared" - Users can't change their password yet -- No size tree accounting with OCIS storage yet -- Cleanups are not available => e.g., shares of a deleted user will not be removed +- Folder sizes will not be calculated +- Cleanups are not yet available (e.g., shares of a deleted user will not be removed) From d50571ecc49ee782530a2d88903c1bf7c4fd6e36 Mon Sep 17 00:00:00 2001 From: Patrick Maier Date: Thu, 17 Dec 2020 12:42:58 +0100 Subject: [PATCH 03/11] Update release_notes.md --- docs/ocis/release_notes.md | 87 ++++++++++++++++++-------------------- 1 file changed, 41 insertions(+), 46 deletions(-) diff --git a/docs/ocis/release_notes.md b/docs/ocis/release_notes.md index c095d1b04..6f3d2ae22 100644 --- a/docs/ocis/release_notes.md +++ b/docs/ocis/release_notes.md @@ -6,15 +6,13 @@ geekdocRepo: https://github.com/owncloud/ocis geekdocEditPath: edit/master/docs/ocis geekdocFilePath: release_notes.md --- +# Release Notes -{{< toc >}} - - -# ownCloud Infinite Scale 1.0.0 Technology Preview - Initial Release Notes +## ownCloud Infinite Scale 1.0.0 Technology Preview - Initial Release Notes We are pleased to annouce the availability of ownCloud Infinite Scale 1.0.0 Technology Preview which is released as the first public version of the new Infinite Scale platform. -## Microservice architecture +### Microservice architecture ownCloud Infinite Scale is following the microservices architectual pattern. It is implemented as a set of microservices which are independent of each other. They are coupled with very well-defined APIs and communicate via HTTP. This architecture fosters a lot of benefits that we were going for with the new design for oCIS: @@ -27,7 +25,7 @@ ownCloud Infinite Scale is following the microservices architectual pattern. It - Multi-platform support through utilizing Golang - only minimal dependency on platform packages. - Cloud-native deployment and update strategies -## More key figures +### Key figures - The all-new ownCloud Web frontend ships with the platform - OpenID Connect is the technology choice for authentication @@ -39,18 +37,18 @@ ownCloud Infinite Scale is following the microservices architectual pattern. It - Public ownCloud APIs like WebDAV and OCS have been kept compatible to ownCloud 10 - A secure and flexible framework to create extensions for ownCloud. It allows to integrate with ownCloud data in a very easy yet powerful way. -### Supported platforms +#### Supported platforms - Linux-amd64 - Darwin-amd64 - Experimental: Windows, ARM (e.g., Raspberry Pi) -### Client support +#### Client support All official ownCloud Clients support the Infinite Scale server with the following versions: - Desktop >= 2.7.0 - Android >= 2.15 - iOS >= 1.2 -## Architecture +### Architecture ownCloud Infinite Scale is built as a modular framework in which components can be scaled individually. It consists of @@ -62,12 +60,13 @@ ownCloud Infinite Scale is built as a modular framework in which components can These components can be deployed in a multi-tier deployment architecture. See the [documentation](https://owncloud.github.io/ocis/) for an overview of the services. -## Various Operation modes -### Standalone Full Stack Server mode (with oCIS storage driver) +### Operation modes +#### Standalone Full Stack Server mode (with oCIS storage driver) -### Standalone Single service mode for scaleouts +#### Standalone Single service mode for scaleouts + +#### Bridge mode with ownCloud 10 backend -### Bridge mode with ownCloud 10 backend For the product transition phase, ownCloud Infinite Scale comes with an operation mode ("bridge mode") that allows to create a hybrid deployment between both server generations to operate the new web frontend with ownCloud 10 and Infinite Scale in parallel. This setup allows to operate the ownCloud Web frontend with both server generations and provides the foundation to migrate users gradually to the new backend. **Requirements for the bridge mode** @@ -76,13 +75,15 @@ For the product transition phase, ownCloud Infinite Scale comes with an operatio - The [Graph API](https://marketplace.owncloud.com/apps/graphapi) app is installed on ownCloud Server - The latest client versions are rolled-out to users (required for OpenID Connect support). See the [ownCloud Documentation](https://doc.owncloud.com/server/admin_manual/configuration/user/oidc/#owncloud-desktop-and-mobile-clients) for more information. -TIP: **ownCloud Infinite Scale is currently in Technology Preview. The bridge mode should only be used in non-productive environments.** +{{< hint [warning] >}} +**ownCloud Infinite Scale is currently in Technology Preview. The bridge mode should only be used in non-productive environments.** +{{< /hint >}} https://owncloud.github.io/ocis/deployment/owncloud10_with_oc_web/ [To illustrate, a little graphic that describes the various operation modes would be cool -# What to expect? +### What to expect? This is the first promoted public release of ownCloud Infinite Scale, released as "Technical Preview". Infinite Scale is not yet ready for production installations. Technical audience will get a good impression of the potential of ownClouds new platform. @@ -90,15 +91,15 @@ Version 1.0.0 comes with the base functionality for sync and share on a much hig TODO: Mention the base modules of oCIS -# How to get started? +### How to get started? One of the most important objectives for oCIS was to ease the setup of a working instance dramatically. Since oCIS is built on Google's powerful GO language it supports the single-file-deployment: Installing oCIS 1.0.0 is as easy as downloading a single file, applying execution permission to it and get started. No more fiddling around with complicated LAMP stacks. -## Deployment Options +#### Deployment Options -Given the GOlang based architecture of oCIS, there are various deployment options based on the users requirements. With our experience with the for many users difficult setup of the LAMP stack before a big emphasis was put on easy yet functional deployment strategies. +Given the Golang-based architecture of oCIS, there are various deployment options based on the users requirements. With our experience with the for many users difficult setup of the LAMP stack before a big emphasis was put on easy yet functional deployment strategies. -### Delivery as single binary +##### Delivery as single binary The single binary is the best option to test the new ownCloud Infinite Scale 1.0.0 Technical Preview release on a local machine. Follow these instructions to get the platform running in the most simple way: @@ -120,29 +121,23 @@ The single binary is the best option to test the new ownCloud Infinite Scale 1.0 4. Navigate to http://localhost:9200 and log in to ownCloud Web (admin/admin) -oCIS environments to last should use more sophisticated setup, see https://owncloud.github.io/ocis/deployment/ for more information. +Infinite Scale environments on remote machines should use a more sophisticated setup. See the [documentation](https://owncloud.github.io/ocis/deployment/) for more information. -### Containerized Setup +##### Containerized Setup -For more sophisticated and production setups we recommend to use one of our proposed docker setups, see [Link] +For more sophisticated and production setups we recommend to use one of our proposed docker setups. See the [documentation](https://owncloud.github.io/ocis/deployment/ocis_traefik/) for a setup with Traefik as a reverse proxy which also includes automated SSL certificate provisioning using Letsencrypt tools. -- Traefik reverse proxy -- Letsencrypt certificate provisioning -- - -https://owncloud.github.io/ocis/deployment/ocis_traefik/ - -# ownCloud Web Features - -- Available extensions? - -## Framework +### ownCloud Web Features +#### Framework - User avatars (compatible with oC 10 API) - Alerts for information/errors - Notifications (bell icon, compatible with oC 10 API) - Extension points +- Available extensions + - Media Viewer (images and videos) + - Draw.io -## Files +#### Files - Listing and browsing the hierarchy - Sorting by columns (name/size/updated) - Breadcrumb @@ -165,7 +160,7 @@ https://owncloud.github.io/ocis/deployment/ocis_traefik/ - Versions (list/restore/download/delete) - File/folder search -## Sharing with People (user/group shares) +#### Sharing with People (user/group shares) - Adding people to a resource - Adding multiple people at once (users and groups) - Autocomplete search to find users @@ -180,7 +175,7 @@ https://owncloud.github.io/ocis/deployment/ocis_traefik/ - Editing persons - Removing persons -## Sharing with Links +#### Sharing with Links - Private links (copy) - Public links - Adding public links on single files and folders @@ -195,18 +190,18 @@ https://owncloud.github.io/ocis/deployment/ocis_traefik/ - Removing existing public links - Viewing public links -## User Profile +#### User Profile - Display basic profile information (user name, display name, e-mail, group memberships) - "Edit" button guides to ownCloud 10 user settings (when used with oC 10) -## Basic user settings +#### Basic user settings - Language of the web interface -# oCIS Backend Features +### oCIS Backend Features -## Storage +#### Storage -## User and group management +#### User and group management - Functionality available via API and frontend ("Accounts" extension) - User listing (API/FE) - User creation (API/FE) @@ -220,13 +215,13 @@ https://owncloud.github.io/ocis/deployment/ocis_traefik/ - Group deletion (API) - Create/read/update users and groups (CLI) -## Settings -### Settings bundles framework +#### Settings +##### Settings bundles framework - What is a settings bundle? - What can you do with it? - Extensions? -### Roles & permissions system +##### Roles & permissions system - How is the framework designed? (permissions for actions are available in the system => can be bundled to roles) - Currently available permissions: Manage accounts (gives access to the user management) - Current roles are default roles defined in config files (??) @@ -236,11 +231,11 @@ https://owncloud.github.io/ocis/deployment/ocis_traefik/ - Currently a user can have only one role - Users with the role "Admin" can assign/unassign roles to/from other users (as part of the permission to "manage accounts") -## APIs +#### APIs - WebDAV - OCS -# Known issues for OCIS standalone +### Known issues for OCIS standalone - There are feature differences depending on the operation mode, e.g., no user management with ownCloud Web and oC 10 backend - Public links do not yet respect the given role (a recipient has full permissions no matter which role has been set) - Resharing works but does not have necessary restrictions in place From 6dd68e0df8b4d9214bfb931a2796134c75b67b4d Mon Sep 17 00:00:00 2001 From: Patrick Maier Date: Thu, 17 Dec 2020 12:54:30 +0100 Subject: [PATCH 04/11] Update release_notes.md --- docs/ocis/release_notes.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/docs/ocis/release_notes.md b/docs/ocis/release_notes.md index 6f3d2ae22..cbcb54391 100644 --- a/docs/ocis/release_notes.md +++ b/docs/ocis/release_notes.md @@ -221,14 +221,15 @@ For more sophisticated and production setups we recommend to use one of our prop - What can you do with it? - Extensions? -##### Roles & permissions system -- How is the framework designed? (permissions for actions are available in the system => can be bundled to roles) -- Currently available permissions: Manage accounts (gives access to the user management) -- Current roles are default roles defined in config files (??) +##### Roles & Permissions System +Infinite Scale follows a role-based access control model. Based on permissions for actions which are provided by the system and by extensions, roles can be composed. Ultimately, these roles can be assigned to users to define what users are permitted to do. This model allows to realize a segregation of duties for administration and allows to control granularly how different types of users (e.g., Guests) can use the platform. + +- Currently available permissions: Manage accounts (gives access to the internal user management) +- The current roles are exemplary default roles which defined in config files - "Admin": Has the permission to "manage accounts" - "User": Does not have any dedicated permission - "Guest": Does not have any dedicated permission -- Currently a user can have only one role +- Currently a user can only have one role - Users with the role "Admin" can assign/unassign roles to/from other users (as part of the permission to "manage accounts") #### APIs From 87a2149139a6247d64ef1413b6aeba00a2b46004 Mon Sep 17 00:00:00 2001 From: Michael Barz Date: Thu, 17 Dec 2020 12:58:08 +0100 Subject: [PATCH 05/11] tabbed content --- docs/ocis/release_notes.md | 65 +++++++++++++++++++++++++++----------- 1 file changed, 47 insertions(+), 18 deletions(-) diff --git a/docs/ocis/release_notes.md b/docs/ocis/release_notes.md index cbcb54391..7995fbe77 100644 --- a/docs/ocis/release_notes.md +++ b/docs/ocis/release_notes.md @@ -61,6 +61,7 @@ ownCloud Infinite Scale is built as a modular framework in which components can These components can be deployed in a multi-tier deployment architecture. See the [documentation](https://owncloud.github.io/ocis/) for an overview of the services. ### Operation modes + #### Standalone Full Stack Server mode (with oCIS storage driver) #### Standalone Single service mode for scaleouts @@ -81,16 +82,12 @@ For the product transition phase, ownCloud Infinite Scale comes with an operatio https://owncloud.github.io/ocis/deployment/owncloud10_with_oc_web/ -[To illustrate, a little graphic that describes the various operation modes would be cool - ### What to expect? This is the first promoted public release of ownCloud Infinite Scale, released as "Technical Preview". Infinite Scale is not yet ready for production installations. Technical audience will get a good impression of the potential of ownClouds new platform. Version 1.0.0 comes with the base functionality for sync and share on a much higher performance-, stability- and security-level compared to all available platforms. Based on ten years of experience in enterprise sync and share and a long standing collaboration with the biggest global science organizations this new platform will exceed what content collaboration is today. -TODO: Mention the base modules of oCIS - ### How to get started? One of the most important objectives for oCIS was to ease the setup of a working instance dramatically. Since oCIS is built on Google's powerful GO language it supports the single-file-deployment: Installing oCIS 1.0.0 is as easy as downloading a single file, applying execution permission to it and get started. No more fiddling around with complicated LAMP stacks. @@ -99,35 +96,43 @@ One of the most important objectives for oCIS was to ease the setup of a working Given the Golang-based architecture of oCIS, there are various deployment options based on the users requirements. With our experience with the for many users difficult setup of the LAMP stack before a big emphasis was put on easy yet functional deployment strategies. -##### Delivery as single binary +{{< tabs "deployments" >}} +{{< tab "Single binary" >}} +#### Delivery as single binary The single binary is the best option to test the new ownCloud Infinite Scale 1.0.0 Technical Preview release on a local machine. Follow these instructions to get the platform running in the most simple way: 1. Download the binary - -**Linux** - -`curl https://download.owncloud.com/ocis/ocis/testing/ocis-testing-linux-amd64 --output ocis` - -**MacOS** - -`curl https://download.owncloud.com/ocis/ocis/testing/ocis-testing-darwin-amd64 --output ocis` + **Linux** + `curl https://download.owncloud.com/ocis/ocis/testing/ocis-testing-linux-amd64 --output ocis` + **MacOS** + `curl https://download.owncloud.com/ocis/ocis/testing/ocis-testing-darwin-amd64 --output ocis` 2. Make it executable -`chmod +x ocis` + `chmod +x ocis` 3. Run it -`./ocis server` + `./ocis server` 4. Navigate to http://localhost:9200 and log in to ownCloud Web (admin/admin) -Infinite Scale environments on remote machines should use a more sophisticated setup. See the [documentation](https://owncloud.github.io/ocis/deployment/) for more information. +oCIS environments to last should use more sophisticated setup, see for more information. +{{< /tab >}} +{{< tab "Docker" >}} +#### Containerized Setup -##### Containerized Setup +For more sophisticated and production setups we recommend to use one of our proposed docker setups, see [Link] -For more sophisticated and production setups we recommend to use one of our proposed docker setups. See the [documentation](https://owncloud.github.io/ocis/deployment/ocis_traefik/) for a setup with Traefik as a reverse proxy which also includes automated SSL certificate provisioning using Letsencrypt tools. +- Traefik reverse proxy +- Letsencrypt certificate provisioning + +https://owncloud.github.io/ocis/deployment/ocis_traefik/ +{{< /tab >}} +{{< /tabs >}} ### ownCloud Web Features +{{< tabs "web-features" >}} +{{< tab "Framework" >}} #### Framework - User avatars (compatible with oC 10 API) - Alerts for information/errors @@ -137,6 +142,8 @@ For more sophisticated and production setups we recommend to use one of our prop - Media Viewer (images and videos) - Draw.io +{{< /tab >}} +{{< tab "Files" >}} #### Files - Listing and browsing the hierarchy - Sorting by columns (name/size/updated) @@ -160,6 +167,8 @@ For more sophisticated and production setups we recommend to use one of our prop - Versions (list/restore/download/delete) - File/folder search +{{< /tab >}} +{{< tab "Sharing" >}} #### Sharing with People (user/group shares) - Adding people to a resource - Adding multiple people at once (users and groups) @@ -175,6 +184,8 @@ For more sophisticated and production setups we recommend to use one of our prop - Editing persons - Removing persons +{{< /tab >}} +{{< tab "Links" >}} #### Sharing with Links - Private links (copy) - Public links @@ -190,17 +201,28 @@ For more sophisticated and production setups we recommend to use one of our prop - Removing existing public links - Viewing public links +{{< /tab >}} +{{< tab "User Profile" >}} #### User Profile - Display basic profile information (user name, display name, e-mail, group memberships) - "Edit" button guides to ownCloud 10 user settings (when used with oC 10) +{{< /tab >}} +{{< tab "User Settings" >}} #### Basic user settings - Language of the web interface +{{< /tab >}} +{{< /tabs >}} + ### oCIS Backend Features +{{< tabs "backend-features" >}} +{{< tab "Storage" >}} #### Storage +{{< /tab >}} +{{< tab "IDM" >}} #### User and group management - Functionality available via API and frontend ("Accounts" extension) - User listing (API/FE) @@ -215,6 +237,8 @@ For more sophisticated and production setups we recommend to use one of our prop - Group deletion (API) - Create/read/update users and groups (CLI) +{{< /tab >}} +{{< tab "Settings" >}} #### Settings ##### Settings bundles framework - What is a settings bundle? @@ -232,10 +256,15 @@ Infinite Scale follows a role-based access control model. Based on permissions f - Currently a user can only have one role - Users with the role "Admin" can assign/unassign roles to/from other users (as part of the permission to "manage accounts") +{{< /tab >}} +{{< tab "APIs" >}} #### APIs - WebDAV - OCS +{{< /tab >}} +{{< /tabs >}} + ### Known issues for OCIS standalone - There are feature differences depending on the operation mode, e.g., no user management with ownCloud Web and oC 10 backend - Public links do not yet respect the given role (a recipient has full permissions no matter which role has been set) From 444bfae32e5d4607d4b6338e3bd0da2740ba85f3 Mon Sep 17 00:00:00 2001 From: Michael Barz Date: Thu, 17 Dec 2020 13:18:47 +0100 Subject: [PATCH 06/11] urls and todos --- docs/ocis/release_notes.md | 43 +++++++++++++++++++++----------------- 1 file changed, 24 insertions(+), 19 deletions(-) diff --git a/docs/ocis/release_notes.md b/docs/ocis/release_notes.md index 7995fbe77..64864f5f8 100644 --- a/docs/ocis/release_notes.md +++ b/docs/ocis/release_notes.md @@ -6,7 +6,6 @@ geekdocRepo: https://github.com/owncloud/ocis geekdocEditPath: edit/master/docs/ocis geekdocFilePath: release_notes.md --- -# Release Notes ## ownCloud Infinite Scale 1.0.0 Technology Preview - Initial Release Notes @@ -33,26 +32,29 @@ ownCloud Infinite Scale is following the microservices architectual pattern. It - Up-to-date, cloud-native deployment options are available - Flexible configuration through environment variables, yaml files or command-line switches - Database-less architecture - metadata and data are kept together in the storage as a single source of truth -- Native storage capabilities are used +- Native storage capabilities are used where possible - Public ownCloud APIs like WebDAV and OCS have been kept compatible to ownCloud 10 - A secure and flexible framework to create extensions for ownCloud. It allows to integrate with ownCloud data in a very easy yet powerful way. #### Supported platforms + - Linux-amd64 - Darwin-amd64 - Experimental: Windows, ARM (e.g., Raspberry Pi) #### Client support + All official ownCloud Clients support the Infinite Scale server with the following versions: - Desktop >= 2.7.0 - Android >= 2.15 - iOS >= 1.2 -### Architecture +### Architecture components ownCloud Infinite Scale is built as a modular framework in which components can be scaled individually. It consists of - a user management service +- a settings service - a storage backend service - Built-in IdP - Frontend @@ -62,9 +64,11 @@ These components can be deployed in a multi-tier deployment architecture. See th ### Operation modes -#### Standalone Full Stack Server mode (with oCIS storage driver) +#### Full Stack Server mode (with oCIS storage driver) +@TODO -#### Standalone Single service mode for scaleouts +#### Single services scaleouts +@TODO #### Bridge mode with ownCloud 10 backend @@ -76,11 +80,13 @@ For the product transition phase, ownCloud Infinite Scale comes with an operatio - The [Graph API](https://marketplace.owncloud.com/apps/graphapi) app is installed on ownCloud Server - The latest client versions are rolled-out to users (required for OpenID Connect support). See the [ownCloud Documentation](https://doc.owncloud.com/server/admin_manual/configuration/user/oidc/#owncloud-desktop-and-mobile-clients) for more information. -{{< hint [warning] >}} -**ownCloud Infinite Scale is currently in Technology Preview. The bridge mode should only be used in non-productive environments.** -{{< /hint >}} +See the [Documentation]() on how to deploy Infinite Scale in bridge mode. -https://owncloud.github.io/ocis/deployment/owncloud10_with_oc_web/ +{{< hint "warning" >}} +**Technology Preview** + +ownCloud Infinite Scale is currently in Technology Preview. The bridge mode should only be used in non-productive environments. +{{< /hint >}} ### What to expect? @@ -103,10 +109,12 @@ Given the Golang-based architecture of oCIS, there are various deployment option The single binary is the best option to test the new ownCloud Infinite Scale 1.0.0 Technical Preview release on a local machine. Follow these instructions to get the platform running in the most simple way: 1. Download the binary - **Linux** - `curl https://download.owncloud.com/ocis/ocis/testing/ocis-testing-linux-amd64 --output ocis` - **MacOS** - `curl https://download.owncloud.com/ocis/ocis/testing/ocis-testing-darwin-amd64 --output ocis` + + **Linux** + `curl https://download.owncloud.com/ocis/ocis/testing/ocis-testing-linux-amd64 --output ocis` + + **MacOS** + `curl https://download.owncloud.com/ocis/ocis/testing/ocis-testing-darwin-amd64 --output ocis` 2. Make it executable `chmod +x ocis` @@ -114,19 +122,15 @@ The single binary is the best option to test the new ownCloud Infinite Scale 1.0 3. Run it `./ocis server` -4. Navigate to http://localhost:9200 and log in to ownCloud Web (admin/admin) +4. Navigate to and log in to ownCloud Web (admin:admin) oCIS environments to last should use more sophisticated setup, see for more information. {{< /tab >}} {{< tab "Docker" >}} #### Containerized Setup -For more sophisticated and production setups we recommend to use one of our proposed docker setups, see [Link] +For more sophisticated and production setups we recommend to use one of our proposed docker setups. See the [documentation](https://owncloud.github.io/ocis/deployment/ocis_traefik/) for a setup with Traefik as a reverse proxy which also includes automated SSL certificate provisioning using Letsencrypt tools. -- Traefik reverse proxy -- Letsencrypt certificate provisioning - -https://owncloud.github.io/ocis/deployment/ocis_traefik/ {{< /tab >}} {{< /tabs >}} @@ -220,6 +224,7 @@ https://owncloud.github.io/ocis/deployment/ocis_traefik/ {{< tabs "backend-features" >}} {{< tab "Storage" >}} #### Storage +@TODO {{< /tab >}} {{< tab "IDM" >}} From 74499bb61184040cdc8eaa43d78f2769592fb1fd Mon Sep 17 00:00:00 2001 From: Patrick Maier Date: Thu, 17 Dec 2020 14:20:06 +0100 Subject: [PATCH 07/11] Apply suggestions from code review Co-authored-by: Phil Davis --- docs/ocis/release_notes.md | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/docs/ocis/release_notes.md b/docs/ocis/release_notes.md index 64864f5f8..815975de6 100644 --- a/docs/ocis/release_notes.md +++ b/docs/ocis/release_notes.md @@ -13,11 +13,11 @@ We are pleased to annouce the availability of ownCloud Infinite Scale 1.0.0 Tech ### Microservice architecture -ownCloud Infinite Scale is following the microservices architectual pattern. It is implemented as a set of microservices which are independent of each other. They are coupled with very well-defined APIs and communicate via HTTP. This architecture fosters a lot of benefits that we were going for with the new design for oCIS: +ownCloud Infinite Scale is following the microservices architectural pattern. It is implemented as a set of microservices which are independent of each other. They are coupled with very well-defined APIs and communicate via HTTP. This architecture fosters a lot of benefits that we were going for with the new design for oCIS: -- Independent services: Every service is independant, comparably small and brings it's own webserver, backend/APIs and frontend components. +- Independent services: Every service is independent, comparably small and brings it's own webserver, backend/APIs and frontend components. - Each service runs as a separate service on the system, increasing security and stability -- Scalability: High performance demands can be fulfilled by scaling the amount of services +- Scalability: High performance demands can be fulfilled by scaling the distribution of services - Testability: Each service can be tested on its own due to well-defined APIs and functionality - Protocol-driven development - High-performance communication between services through technologies like GRPC @@ -34,7 +34,7 @@ ownCloud Infinite Scale is following the microservices architectual pattern. It - Database-less architecture - metadata and data are kept together in the storage as a single source of truth - Native storage capabilities are used where possible - Public ownCloud APIs like WebDAV and OCS have been kept compatible to ownCloud 10 -- A secure and flexible framework to create extensions for ownCloud. It allows to integrate with ownCloud data in a very easy yet powerful way. +- A secure and flexible framework to create extensions for ownCloud. It allows integration with ownCloud data in a very easy yet powerful way. #### Supported platforms @@ -45,7 +45,7 @@ ownCloud Infinite Scale is following the microservices architectual pattern. It #### Client support All official ownCloud Clients support the Infinite Scale server with the following versions: -- Desktop >= 2.7.0 +- Desktop >= 2.7 - Android >= 2.15 - iOS >= 1.2 @@ -72,7 +72,7 @@ These components can be deployed in a multi-tier deployment architecture. See th #### Bridge mode with ownCloud 10 backend -For the product transition phase, ownCloud Infinite Scale comes with an operation mode ("bridge mode") that allows to create a hybrid deployment between both server generations to operate the new web frontend with ownCloud 10 and Infinite Scale in parallel. This setup allows to operate the ownCloud Web frontend with both server generations and provides the foundation to migrate users gradually to the new backend. +For the product transition phase, ownCloud Infinite Scale comes with an operation mode ("bridge mode") that allows a hybrid deployment to be created between both server generations to operate the new web frontend with ownCloud 10 and Infinite Scale in parallel. This setup allows the ownCloud Web frontend to operate with both server generations and provides the foundation to migrate users gradually to the new backend. **Requirements for the bridge mode** - ownCloud Server >= 10.6 @@ -85,14 +85,14 @@ See the [Documentation](}} **Technology Preview** -ownCloud Infinite Scale is currently in Technology Preview. The bridge mode should only be used in non-productive environments. +ownCloud Infinite Scale is currently in Technology Preview. The bridge mode should only be used in non-production environments. {{< /hint >}} ### What to expect? -This is the first promoted public release of ownCloud Infinite Scale, released as "Technical Preview". Infinite Scale is not yet ready for production installations. Technical audience will get a good impression of the potential of ownClouds new platform. +This is the first promoted public release of ownCloud Infinite Scale, released as "Technical Preview". Infinite Scale is not yet ready for production installations. Technical audiences will be able to get a good understanding of the potential of ownCloud's new platform. -Version 1.0.0 comes with the base functionality for sync and share on a much higher performance-, stability- and security-level compared to all available platforms. Based on ten years of experience in enterprise sync and share and a long standing collaboration with the biggest global science organizations this new platform will exceed what content collaboration is today. +Version 1.0.0 comes with the base functionality for sync and share with a much higher performance-, stability- and security-level compared to all available platforms. Based on ten years of experience in enterprise sync and share and a long standing collaboration with the biggest global science organizations this new platform will exceed what content collaboration is today. ### How to get started? @@ -124,12 +124,12 @@ The single binary is the best option to test the new ownCloud Infinite Scale 1.0 4. Navigate to and log in to ownCloud Web (admin:admin) -oCIS environments to last should use more sophisticated setup, see for more information. +oCIS environments to last should use a more sophisticated setup, see for more information. {{< /tab >}} {{< tab "Docker" >}} #### Containerized Setup -For more sophisticated and production setups we recommend to use one of our proposed docker setups. See the [documentation](https://owncloud.github.io/ocis/deployment/ocis_traefik/) for a setup with Traefik as a reverse proxy which also includes automated SSL certificate provisioning using Letsencrypt tools. +For more sophisticated and production setups we recommend using one of our proposed docker setups. See the [documentation](https://owncloud.github.io/ocis/deployment/ocis_traefik/) for a setup with Traefik as a reverse proxy which also includes automated SSL certificate provisioning using Letsencrypt tools. {{< /tab >}} {{< /tabs >}} @@ -251,10 +251,10 @@ For more sophisticated and production setups we recommend to use one of our prop - Extensions? ##### Roles & Permissions System -Infinite Scale follows a role-based access control model. Based on permissions for actions which are provided by the system and by extensions, roles can be composed. Ultimately, these roles can be assigned to users to define what users are permitted to do. This model allows to realize a segregation of duties for administration and allows to control granularly how different types of users (e.g., Guests) can use the platform. +Infinite Scale follows a role-based access control model. Based on permissions for actions which are provided by the system and by extensions, roles can be composed. Ultimately, these roles can be assigned to users to define what users are permitted to do. This model allows a segregation of duties for administration and allows granular control of how different types of users (e.g., Guests) can use the platform. - Currently available permissions: Manage accounts (gives access to the internal user management) -- The current roles are exemplary default roles which defined in config files +- The current roles are exemplary default roles which are defined in config files - "Admin": Has the permission to "manage accounts" - "User": Does not have any dedicated permission - "Guest": Does not have any dedicated permission @@ -271,7 +271,7 @@ Infinite Scale follows a role-based access control model. Based on permissions f {{< /tabs >}} ### Known issues for OCIS standalone -- There are feature differences depending on the operation mode, e.g., no user management with ownCloud Web and oC 10 backend +- There are feature differences depending on the operation mode, e.g., no user management with ownCloud Web and oC 10 backend - Public links do not yet respect the given role (a recipient has full permissions no matter which role has been set) - Resharing works but does not have necessary restrictions in place - Share recipients can add more people or create public links with higher permissions than they originally had From 30abd4a7fefddc7ad3e2c03682ece407c52ce585 Mon Sep 17 00:00:00 2001 From: Patrick Maier Date: Thu, 17 Dec 2020 15:05:19 +0100 Subject: [PATCH 08/11] Apply suggestions from code review Co-authored-by: Benedikt Kulmann --- docs/ocis/release_notes.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/ocis/release_notes.md b/docs/ocis/release_notes.md index 815975de6..3f4674fab 100644 --- a/docs/ocis/release_notes.md +++ b/docs/ocis/release_notes.md @@ -9,7 +9,7 @@ geekdocFilePath: release_notes.md ## ownCloud Infinite Scale 1.0.0 Technology Preview - Initial Release Notes -We are pleased to annouce the availability of ownCloud Infinite Scale 1.0.0 Technology Preview which is released as the first public version of the new Infinite Scale platform. +We are pleased to announce the availability of ownCloud Infinite Scale 1.0.0 Technology Preview which is released as the first public version of the new Infinite Scale platform. ### Microservice architecture @@ -20,8 +20,8 @@ ownCloud Infinite Scale is following the microservices architectural pattern. It - Scalability: High performance demands can be fulfilled by scaling the distribution of services - Testability: Each service can be tested on its own due to well-defined APIs and functionality - Protocol-driven development -- High-performance communication between services through technologies like GRPC -- Multi-platform support through utilizing Golang - only minimal dependency on platform packages. +- High-performance communication between services through technologies like gRPC +- Multi-platform support through utilizing Golang - only minimal dependency on platform packages - Cloud-native deployment and update strategies ### Key figures @@ -96,7 +96,7 @@ Version 1.0.0 comes with the base functionality for sync and share with a much h ### How to get started? -One of the most important objectives for oCIS was to ease the setup of a working instance dramatically. Since oCIS is built on Google's powerful GO language it supports the single-file-deployment: Installing oCIS 1.0.0 is as easy as downloading a single file, applying execution permission to it and get started. No more fiddling around with complicated LAMP stacks. +One of the most important objectives for oCIS was to ease the setup of a working instance dramatically. Since oCIS is built on Google's powerful Go language it supports the single-file-deployment: Installing oCIS 1.0.0 is as easy as downloading a single file, applying execution permission to it and get started. No more fiddling around with complicated LAMP stacks. #### Deployment Options From 6d88bb9d9a677b3bf2f6f68ebf8c1f21e090f675 Mon Sep 17 00:00:00 2001 From: Patrick Maier Date: Thu, 17 Dec 2020 16:29:56 +0100 Subject: [PATCH 09/11] Update release_notes.md --- docs/ocis/release_notes.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/docs/ocis/release_notes.md b/docs/ocis/release_notes.md index 3f4674fab..97fbb6bbc 100644 --- a/docs/ocis/release_notes.md +++ b/docs/ocis/release_notes.md @@ -223,8 +223,10 @@ For more sophisticated and production setups we recommend using one of our propo {{< tabs "backend-features" >}} {{< tab "Storage" >}} + #### Storage -@TODO + +The default OCIS storage driver deconstructs a filesystem to be able to efficiently look up files by fileid as well as path. It stores all folders and files by a uuid and persists share and other metadata using extended attributes. This allows using the linux VFS cache using stat syscalls instead of a database or key/value store. The driver implements trash, versions and sharing. It not only serves as the current default storage driver, but also as a blueprint for future storage driver implementations. {{< /tab >}} {{< tab "IDM" >}} @@ -280,3 +282,8 @@ Infinite Scale follows a role-based access control model. Based on permissions f - Users can't change their password yet - Folder sizes will not be calculated - Cleanups are not yet available (e.g., shares of a deleted user will not be removed) +- Sharing from the desktop client does not work yet +- There are no notifications yet +- There can be issues with tokens not being refreshed correctly, leading to interruptings, e.g., during uploads +- Deleting non-empty folders from the trash bin does not work +- Emptying the whole trash bin does not work From a1df2c29445d56677f0d043947bbe47158c94a3c Mon Sep 17 00:00:00 2001 From: Michael Barz Date: Thu, 17 Dec 2020 17:08:11 +0100 Subject: [PATCH 10/11] release note improvements --- docs/ocis/release_notes.md | 48 ++++++++++++++++++++++---------------- 1 file changed, 28 insertions(+), 20 deletions(-) diff --git a/docs/ocis/release_notes.md b/docs/ocis/release_notes.md index 97fbb6bbc..706a10c7c 100644 --- a/docs/ocis/release_notes.md +++ b/docs/ocis/release_notes.md @@ -13,34 +13,34 @@ We are pleased to announce the availability of ownCloud Infinite Scale 1.0.0 Tec ### Microservice architecture -ownCloud Infinite Scale is following the microservices architectural pattern. It is implemented as a set of microservices which are independent of each other. They are coupled with very well-defined APIs and communicate via HTTP. This architecture fosters a lot of benefits that we were going for with the new design for oCIS: +ownCloud Infinite Scale is following the microservices architectural pattern. It is implemented as a set of microservices which are independent of each other. They are coupled with well-defined APIs. This architecture fosters a lot of benefits that we were aiming for with the new design for oCIS: -- Independent services: Every service is independent, comparably small and brings it's own webserver, backend/APIs and frontend components. +- Every service is independent, comparably small and brings it's own webserver, backend/APIs and frontend components - Each service runs as a separate service on the system, increasing security and stability -- Scalability: High performance demands can be fulfilled by scaling the distribution of services +- Scalability: High performance demands can be fulfilled by scaling and distributing of services - Testability: Each service can be tested on its own due to well-defined APIs and functionality -- Protocol-driven development -- High-performance communication between services through technologies like gRPC -- Multi-platform support through utilizing Golang - only minimal dependency on platform packages -- Cloud-native deployment and update strategies +- Protocol-driven development using protobuf +- High-performance communication between services through gRPC +- Multi-platform support powered by Golang - only minimal dependency on platform packages +- Cloud-native deployment, update, monitoring, logging, tracing and orchestration strategies ### Key figures -- The all-new ownCloud Web frontend ships with the platform -- OpenID Connect is the technology choice for authentication -- An Identity Provider is bundled to ease deployment and operations. It can be replaced with other applications if desired. -- Up-to-date, cloud-native deployment options are available -- Flexible configuration through environment variables, yaml files or command-line switches +- The all-new ownCloud Web frontend is shipped as part of the platform +- OpenID Connect is the future-proof technology choice for authentication +- An Identity Provider is bundled to ease deployment and operations. It can be replaced with an external OpenID IdP if desired +- Automatically built and fully maintained Docker containers are available +- Flexible configuration through environment variables, config files or command-line flags - Database-less architecture - metadata and data are kept together in the storage as a single source of truth -- Native storage capabilities are used where possible -- Public ownCloud APIs like WebDAV and OCS have been kept compatible to ownCloud 10 -- A secure and flexible framework to create extensions for ownCloud. It allows integration with ownCloud data in a very easy yet powerful way. +- Native storage capabilities are used where like native versioning and trashbin +- Public APIs like WebDAV and OCS have been kept compatible with ownCloud 10 +- A secure and flexible framework to create extensions #### Supported platforms - Linux-amd64 - Darwin-amd64 -- Experimental: Windows, ARM (e.g., Raspberry Pi) +- Experimental: Windows, ARM (e.g., Raspberry Pi, Termux on Android) #### Client support @@ -64,11 +64,13 @@ These components can be deployed in a multi-tier deployment architecture. See th ### Operation modes -#### Full Stack Server mode (with oCIS storage driver) -@TODO +#### Standalone mode (with oCIS storage driver) + +In standalone mode oCIS uses its built-in orchestrator to start all necessary services. This allows you to run oCIS on a single node without any outside dependencies like docker-compose, kubernetes or even a webserver. It will start an OpenID IdP and create a self-signed certificate. You can start right away by navigating to . #### Single services scaleouts -@TODO + +oCIS allows you to scale individual services using well-known orchestration frameworks like docker-compose, dockerSwarm and kubernetes. #### Bridge mode with ownCloud 10 backend @@ -213,7 +215,12 @@ For more sophisticated and production setups we recommend using one of our propo {{< /tab >}} {{< tab "User Settings" >}} -#### Basic user settings + +#### Settings + +The settings service provides APIs for other services for registering a set of settings as `Bundle`. It also provides a pluggable extension for ownCloud Web which provides dynamically built web forms, so that users can customize their own settings. Some well known settings are directly used by ownCloud Web for adapted user experience, e.g. the UI language. Services can query the users' chosen settings for customized backend and frontend operations as needed. + +##### Basic user settings - Language of the web interface {{< /tab >}} @@ -279,6 +286,7 @@ Infinite Scale follows a role-based access control model. Based on permissions f - Share recipients can add more people or create public links with higher permissions than they originally had - Every person in a share can see all other people in the people list - Sharing indicators in the file list will only be shown after opening the right sidebar for a resource +- Displayed Quota does not reflect the actual free disk space - Users can't change their password yet - Folder sizes will not be calculated - Cleanups are not yet available (e.g., shares of a deleted user will not be removed) From 43ad6b274e5ee78556b38e2c6b8828b46b730e7a Mon Sep 17 00:00:00 2001 From: Michael Barz Date: Thu, 17 Dec 2020 18:05:54 +0100 Subject: [PATCH 11/11] results from collective review --- docs/ocis/release_notes.md | 54 ++++++++++++++++++-------------------- 1 file changed, 25 insertions(+), 29 deletions(-) diff --git a/docs/ocis/release_notes.md b/docs/ocis/release_notes.md index 706a10c7c..9a46fdbba 100644 --- a/docs/ocis/release_notes.md +++ b/docs/ocis/release_notes.md @@ -68,13 +68,13 @@ These components can be deployed in a multi-tier deployment architecture. See th In standalone mode oCIS uses its built-in orchestrator to start all necessary services. This allows you to run oCIS on a single node without any outside dependencies like docker-compose, kubernetes or even a webserver. It will start an OpenID IdP and create a self-signed certificate. You can start right away by navigating to . -#### Single services scaleouts +#### Single services scaleout oCIS allows you to scale individual services using well-known orchestration frameworks like docker-compose, dockerSwarm and kubernetes. #### Bridge mode with ownCloud 10 backend -For the product transition phase, ownCloud Infinite Scale comes with an operation mode ("bridge mode") that allows a hybrid deployment to be created between both server generations to operate the new web frontend with ownCloud 10 and Infinite Scale in parallel. This setup allows the ownCloud Web frontend to operate with both server generations and provides the foundation to migrate users gradually to the new backend. +For the product transition phase, ownCloud Infinite Scale comes with an operation mode ("bridge mode") that allows a hybrid deployment, between both server generations to operate the new web frontend with ownCloud 10 and Infinite Scale in parallel. This setup allows the ownCloud Web frontend to operate with both server generations and provides the foundation to migrate users gradually to the new backend. **Requirements for the bridge mode** - ownCloud Server >= 10.6 @@ -98,11 +98,11 @@ Version 1.0.0 comes with the base functionality for sync and share with a much h ### How to get started? -One of the most important objectives for oCIS was to ease the setup of a working instance dramatically. Since oCIS is built on Google's powerful Go language it supports the single-file-deployment: Installing oCIS 1.0.0 is as easy as downloading a single file, applying execution permission to it and get started. No more fiddling around with complicated LAMP stacks. +One of the most important objectives for oCIS was to ease the setup of a working instance dramatically. Since oCIS is built with Google's powerful Go language it supports the single-file-deployment: Installing oCIS 1.0.0 is as easy as downloading a single file, applying execution permission to it and get started. No more fiddling around with complicated LAMP stacks. #### Deployment Options -Given the Golang-based architecture of oCIS, there are various deployment options based on the users requirements. With our experience with the for many users difficult setup of the LAMP stack before a big emphasis was put on easy yet functional deployment strategies. +Given the architecture of oCIS, there are various deployment options based on the users requirements. In our experience setting up the LAMP stack for ownCloud 10 was difficult for many users. Therefore a big emphasis was put on easy yet functional deployment strategies. {{< tabs "deployments" >}} {{< tab "Single binary" >}} @@ -113,10 +113,10 @@ The single binary is the best option to test the new ownCloud Infinite Scale 1.0 1. Download the binary **Linux** - `curl https://download.owncloud.com/ocis/ocis/testing/ocis-testing-linux-amd64 --output ocis` + `curl https://download.owncloud.com/ocis/ocis/1.0.0/ocis-1.0.0-linux-amd64 -o ocis` **MacOS** - `curl https://download.owncloud.com/ocis/ocis/testing/ocis-testing-darwin-amd64 --output ocis` + `curl https://download.owncloud.com/ocis/ocis/1.0.0/ocis-1.0.0-darwin-amd64 -o ocis` 2. Make it executable `chmod +x ocis` @@ -126,12 +126,13 @@ The single binary is the best option to test the new ownCloud Infinite Scale 1.0 4. Navigate to and log in to ownCloud Web (admin:admin) -oCIS environments to last should use a more sophisticated setup, see for more information. +Production environments will need a more sophisticated setup, see for more information. + {{< /tab >}} {{< tab "Docker" >}} #### Containerized Setup -For more sophisticated and production setups we recommend using one of our proposed docker setups. See the [documentation](https://owncloud.github.io/ocis/deployment/ocis_traefik/) for a setup with Traefik as a reverse proxy which also includes automated SSL certificate provisioning using Letsencrypt tools. +For more sophisticated setups we recommend using one of our docker setup examples. See the [documentation](https://owncloud.github.io/ocis/deployment/ocis_traefik/) for a setup with [Traefik](https://traefik.io/traefik/) as a reverse proxy which also includes automated SSL certificate provisioning using Letsencrypt tools. {{< /tab >}} {{< /tabs >}} @@ -163,7 +164,7 @@ For more sophisticated and production setups we recommend using one of our propo - Delete - Indicators for resources shared with people (including subfiles and subfolders) - Indicators for resources shared by link (including subfiles and subfolders) -- Quick actions (extension point) +- Quick actions - Add people - Create public link on-the-fly and copy it to the clipboard - Favorites (view + add/remove) @@ -182,11 +183,11 @@ For more sophisticated and production setups we recommend using one of our propo - Roles: Viewer / Editor (folder) / Advanced permissions (granular permissions) - Expiration date - Listing people who have access to a resource - - People can be listed when a resource is directly shared and when it's indirectly shared via a parent folder. - - When listing people of an indirectly shared resource, there is a "via" indicator that guides to the directly shared parent. - - Every person can recognize the owner of a resource. - - Every person can recognize their role. - - The owner of a resource can recognize persons that added other people (reshare indicator). + - People can be listed when a resource is directly shared and when it's indirectly shared via a parent folder + - When listing people of an indirectly shared resource, there is a "via" indicator that guides to the directly shared parent + - Every person can recognize the owner of a resource + - Every person can recognize their role + - The owner of a resource can recognize persons that added other people (reshare indicator) - Editing persons - Removing persons @@ -200,8 +201,8 @@ For more sophisticated and production setups we recommend using one of our propo - Password-protection - Expiration date - Listing public links - - Public links can be listed when a resource is directly shared and when it's indirectly shared via a parent folder. - - When listing public links of an indirectly shared resource, there is a "via" indicator that guides to the directly shared parent. + - Public links can be listed when a resource is directly shared and when it's indirectly shared via a parent folder + - When listing public links of an indirectly shared resource, there is a "via" indicator that guides to the directly shared parent - Copying existing public links - Editing existing public links - Removing existing public links @@ -216,10 +217,6 @@ For more sophisticated and production setups we recommend using one of our propo {{< /tab >}} {{< tab "User Settings" >}} -#### Settings - -The settings service provides APIs for other services for registering a set of settings as `Bundle`. It also provides a pluggable extension for ownCloud Web which provides dynamically built web forms, so that users can customize their own settings. Some well known settings are directly used by ownCloud Web for adapted user experience, e.g. the UI language. Services can query the users' chosen settings for customized backend and frontend operations as needed. - ##### Basic user settings - Language of the web interface @@ -249,26 +246,26 @@ The default OCIS storage driver deconstructs a filesystem to be able to efficien - Group creation (API) - Add/remove users to/from groups (API) - Group deletion (API) -- Create/read/update users and groups (CLI) +- Create/read/update/delete users and groups (CLI) {{< /tab >}} {{< tab "Settings" >}} -#### Settings -##### Settings bundles framework -- What is a settings bundle? -- What can you do with it? -- Extensions? + +##### Settings + +The settings service provides APIs for other services for registering a set of settings as `Bundle`. It also provides a pluggable extension for ownCloud Web which provides dynamically built web forms, so that users can customize their own settings. Some well known settings are directly used by ownCloud Web for adapted user experience, e.g. the UI language. Services can query the users' chosen settings for customized backend and frontend operations as needed. ##### Roles & Permissions System + Infinite Scale follows a role-based access control model. Based on permissions for actions which are provided by the system and by extensions, roles can be composed. Ultimately, these roles can be assigned to users to define what users are permitted to do. This model allows a segregation of duties for administration and allows granular control of how different types of users (e.g., Guests) can use the platform. - Currently available permissions: Manage accounts (gives access to the internal user management) -- The current roles are exemplary default roles which are defined in config files +- The current roles are exemplary default roles which are used for demonstration purposes - "Admin": Has the permission to "manage accounts" - "User": Does not have any dedicated permission - "Guest": Does not have any dedicated permission - Currently a user can only have one role -- Users with the role "Admin" can assign/unassign roles to/from other users (as part of the permission to "manage accounts") +- Users with the role "Admin" can assign/unassign roles to/from other users (as part of the permission to "manage roles") {{< /tab >}} {{< tab "APIs" >}} @@ -286,7 +283,6 @@ Infinite Scale follows a role-based access control model. Based on permissions f - Share recipients can add more people or create public links with higher permissions than they originally had - Every person in a share can see all other people in the people list - Sharing indicators in the file list will only be shown after opening the right sidebar for a resource -- Displayed Quota does not reflect the actual free disk space - Users can't change their password yet - Folder sizes will not be calculated - Cleanups are not yet available (e.g., shares of a deleted user will not be removed)