mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2025-12-30 17:00:57 -06:00
Code Issues Packages Projects Releases Wiki Activity

fix s3 deployment example

Browse Source
This commit is contained in:
Willy Kloucek
2022-05-05 12:53:56 +02:00
parent bba70c5ba5
commit 6e3752bb47
5 changed files with 31 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
deployments/examples/ocis_s3/.env
View File

@@ -2,10 +2,6 @@
# It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates.
INSECURE=true
# The demo users should not be created on a production instance
# because their passwords are public
DEMO_USERS=true
### Traefik settings ###
# Serve Traefik dashboard. Defaults to "false".
TRAEFIK_DASHBOARD=
@@ -21,16 +17,11 @@ TRAEFIK_ACME_MAIL=
OCIS_DOCKER_TAG=
# Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test"
OCIS_DOMAIN=
# IDP LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "idp".
IDP_LDAP_BIND_PASSWORD=
# Storage LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "reva".
STORAGE_LDAP_BIND_PASSWORD=
# JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4"
OCIS_JWT_SECRET=
# JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret"
STORAGE_TRANSFER_SECRET=
# Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please"
OCIS_MACHINE_AUTH_API_KEY=
# oCIS admin user password. Defaults to "admin".
ADMIN_PASSWORD=
# The demo users should not be created on a production instance
# because their passwords are public. Defaults to "false".
DEMO_USERS=
### MINIO / S3 settings ###
# Domain of MinIO where the Web UI is accessible. Defaults to "minio.owncloud.test".

24
deployments/examples/ocis_s3/config/ocis/entrypoint-override.sh
View File

@@ -1,24 +0,0 @@
#!/bin/sh
set -e
ocis server&
sleep 10
echo "##################################################"
echo "change default secrets:"
# IDP
IDP_USER_UUID=$(ocis accounts list | grep "| Kopano IDP " | egrep '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}' -o)
echo " IDP user UUID: $IDP_USER_UUID"
ocis accounts update --password $IDP_LDAP_BIND_PASSWORD $IDP_USER_UUID
# REVA
REVA_USER_UUID=$(ocis accounts list | grep " | Reva Inter " | egrep '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}' -o)
echo " Reva user UUID: $REVA_USER_UUID"
ocis accounts update --password $STORAGE_LDAP_BIND_PASSWORD $REVA_USER_UUID
echo "default secrets changed"
echo "##################################################"
wait # wait for oCIS to exit

30
deployments/examples/ocis_s3/docker-compose.yml
View File

@@ -48,35 +48,33 @@ services:
ocis-net:
entrypoint:
- /bin/sh
- /entrypoint-override.sh
# run ocis init to initialize a configuration file with random secrets
# it will fail on subsequent runs, because the config file already exists
# therefore we ignore the error and then start the ocis server
command: ["-c", "ocis init || true; ocis server"]
environment:
OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose
PROXY_TLS: "false" # do not use SSL between Traefik and oCIS
# change default secrets
IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp}
STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva}
OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4}
STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret}
OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please}
# activate s3ng storage driver
STORAGE_USERS_DRIVER: s3ng
STORAGE_SYSTEM_DRIVER: ocis # keep system data on ocis storage since this are only small files atm
# s3ng specific settings
STORAGE_USERS_DRIVER_S3NG_ENDPOINT: http://minio:9000
STORAGE_USERS_DRIVER_S3NG_REGION: default
STORAGE_USERS_DRIVER_S3NG_ACCESS_KEY: ${MINIO_ACCESS_KEY:-ocis}
STORAGE_USERS_DRIVER_S3NG_SECRET_KEY: ${MINIO_SECRET_KEY:-ocis-secret-key}
STORAGE_USERS_DRIVER_S3NG_BUCKET: ${MINIO_BUCKET:-ocis-bucket}
STORAGE_USERS_S3NG_ENDPOINT: http://minio:9000
STORAGE_USERS_S3NG_REGION: default
STORAGE_USERS_S3NG_ACCESS_KEY: ${MINIO_ACCESS_KEY:-ocis}
STORAGE_USERS_S3NG_SECRET_KEY: ${MINIO_SECRET_KEY:-ocis-secret-key}
STORAGE_USERS_S3NG_BUCKET: ${MINIO_BUCKET:-ocis-bucket}
# INSECURE: needed if oCIS / Traefik is using self generated certificates
OCIS_INSECURE: "${INSECURE:-false}"
# basic auth (not recommended, but needed for eg. WebDav clients that do not support OpenID Connect)
PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}"
# admin user password
IDM_ADMIN_PASSWORD: "${ADMIN_PASSWORD:-admin}" # this overrides the admin password from the configuration file
# demo users
ACCOUNTS_DEMO_USERS_AND_GROUPS: "${DEMO_USERS:-false}" # deprecated, remove after switching to LibreIDM
IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}"
volumes:
- ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh
- ocis-config:/etc/ocis
- ocis-data:/var/lib/ocis
labels:
- "traefik.enable=true"
@@ -95,8 +93,7 @@ services:
ocis-net:
entrypoint:
- /bin/sh
- -c
- "mkdir -p /data/${MINIO_BUCKET:-ocis-bucket} && minio server --console-address ':9001' /data"
command: ["-c", "mkdir -p /data/${MINIO_BUCKET:-ocis-bucket} && minio server --console-address ':9001' /data"]
volumes:
- minio-data:/data
environment:
@@ -115,6 +112,7 @@ services:
volumes:
certs:
ocis-config:
ocis-data:
minio-data:

17
docs/ocis/deployment/ocis_s3.md
View File

@@ -70,16 +70,11 @@ See also [example server setup]({{< ref "preparing_server" >}})
OCIS_DOCKER_TAG=
# Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test"
OCIS_DOMAIN=
# IDP LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "idp".
IDP_LDAP_BIND_PASSWORD=
# Storage LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "reva".
STORAGE_LDAP_BIND_PASSWORD=
# JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4"
OCIS_JWT_SECRET=
# JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret"
STORAGE_TRANSFER_SECRET=
# Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please"
OCIS_MACHINE_AUTH_API_KEY=
# oCIS admin user password. Defaults to "admin".
ADMIN_PASSWORD=
# The demo users should not be created on a production instance
# because their passwords are public. Defaults to "false".
DEMO_USERS=
### MINIO / S3 settings ###
# Domain of MinIO where the Web UI is accessible. Defaults to "minio.owncloud.test".
@@ -104,6 +99,8 @@ See also [example server setup]({{< ref "preparing_server" >}})
Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, e.g. `OCIS_DOMAIN=ocis.owncloud.test`.
Set the initial admin user password in `ADMIN_PASSWORD=`, it defaults to `admin`.
Set your domain for the MinIO frontend in `MINIO_DOMAIN=`, e.g. `MINIO_DOMAIN=minio.owncloud.test`. If you are using other S3-compatible providers you need to configure the respective endpoint here.
If you like you can change the default name of the S3 bucket by setting `MINIO_BUCKET=` to a different value.

10
tests/acceptance/docker/src/ocis-base.yml
View File

@@ -16,11 +16,11 @@ services:
ACCOUNTS_HASH_DIFFICULTY: 4
OCIS_INSECURE: "true"
# s3ng specific settings
STORAGE_USERS_DRIVER_S3NG_ENDPOINT: http://ceph:8080
STORAGE_USERS_DRIVER_S3NG_REGION: default
STORAGE_USERS_DRIVER_S3NG_ACCESS_KEY: test
STORAGE_USERS_DRIVER_S3NG_SECRET_KEY: test
STORAGE_USERS_DRIVER_S3NG_BUCKET: test
STORAGE_USERS_S3NG_ENDPOINT: http://ceph:8080
STORAGE_USERS_S3NG_REGION: default
STORAGE_USERS_S3NG_ACCESS_KEY: test
STORAGE_USERS_S3NG_SECRET_KEY: test
STORAGE_USERS_S3NG_BUCKET: test
volumes:
- ../../../config:/drone/src/tests/config
- oCISownCloud10testsuite:/srv