Page Menu
Home
Phorge
Search
Configure Global Search
Log In
Files
F2571875
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Flag For Later
Award Token
Size
18 KB
Referenced Files
None
Subscribers
None
View Options
diff --git a/ansible/setup.yml b/ansible/setup.yml
index ff24770a..cb7f4057 100755
--- a/ansible/setup.yml
+++ b/ansible/setup.yml
@@ -1,131 +1,132 @@
#!/usr/bin/ansible-playbook
- name: Setup kolab deployment on fedora server
hosts: "{{ hostname }}"
remote_user: root
tasks:
- import_tasks: grub.yml
- name: Set hostname
ansible.builtin.hostname:
name: "{{ hostname }}"
- import_tasks: packages.yml
- name: Put SELinux in permissive mode for docker
selinux:
policy: targeted
state: permissive
- name: Setup user kolab
ansible.builtin.user:
name: kolab
shell: /bin/bash
groups: wheel, audio, docker
append: yes
- name: sudo without password
ansible.builtin.lineinfile:
path: /etc/sudoers
state: present
regexp: '^%wheel\s'
line: '%wheel ALL=(ALL) NOPASSWD: ALL'
- name: Start service docker, if not started
ansible.builtin.service:
name: docker
state: started
- import_tasks: certbot.yml
- name: get kolab git repo
become: true
become_user: kolab
git:
repo: https://git.kolab.org/source/kolab.git
dest: /home/kolab/kolab
version: "{{ git_branch }}"
force: yes
- name: Run bin/configure
become: true
become_user: kolab
ansible.builtin.command: bin/configure.sh {{ config }}
args:
chdir: /home/kolab/kolab
environment:
HOST: "{{ hostname }}"
OPENEXCHANGERATES_API_KEY: "{{ openexchangerates_api_key }}"
FIREBASE_API_KEY: "{{ firebase_api_key }}"
PUBLIC_IP: "{{ public_ip }}"
ADMIN_PASSWORD: "{{ admin_password }}"
+ KOLAB_GIT_REF: "{{ git_branch }}"
- name: Permit receiving mail
firewalld:
port: 25/tcp
permanent: yes
state: enabled
zone: FedoraServer
- name: Permit http traffic
firewalld:
port: 80/tcp
permanent: yes
state: enabled
zone: FedoraServer
- name: Permit https traffic
firewalld:
port: 443/tcp
permanent: yes
state: enabled
zone: FedoraServer
- name: Permit TCP trafic for coturn
firewalld:
port: 3478/tcp
permanent: yes
state: enabled
zone: FedoraServer
- name: Permit TCP trafic for coturn
firewalld:
port: 5349/tcp
permanent: yes
state: enabled
zone: FedoraServer
- name: Permit UDP trafic for coturn
firewalld:
port: 3478/udp
permanent: yes
state: enabled
zone: FedoraServer
- name: Permit UDP trafic for coturn
firewalld:
port: 5349/udp
permanent: yes
state: enabled
zone: FedoraServer
- name: Always restart docker before deploy (because of potential network issues otherwise)
ansible.builtin.service:
name: docker
state: restarted
- name: Deploy
block:
- name: Run bin/deploy
become: true
become_user: kolab
ansible.builtin.command: bin/deploy.sh
args:
chdir: /home/kolab/kolab
environment:
ADMIN_PASSWORD: "{{ admin_password }}"
register: result
always:
- name: Print output from previous task with newlines
ansible.builtin.debug:
msg="{{result.stdout_lines}}"
diff --git a/bin/configure.sh b/bin/configure.sh
index 1d2357bf..be5958d9 100755
--- a/bin/configure.sh
+++ b/bin/configure.sh
@@ -1,99 +1,103 @@
#!/bin/bash
# Uninstall the old config
if [ -d config ]; then
echo "Uninstalling the old config."
find -L config/ -type f | while read file; do
file=$(echo $file | sed -e 's|^config||g')
file="./$file"
rm -v $file
done
fi
if [ "$1" == "" ]; then
echo "Failed to find the configuration folder, please pass one as argument (e.g. config.demo)."
exit 1
fi
if [ ! -d $1 ]; then
echo "Failed to find the configuration folder, please pass one as argument (e.g. config.demo)."
exit 1
fi
echo "Installing $1."
# Link new config
rm config
ln -s $1 config
# Install new config
find -L config/ -type f | while read file; do
dir=$(dirname $file | sed -e 's|^config||g')
dir="./$dir"
if [ ! -d $dir ]; then
mkdir -p $dir
fi
cp -v $file $dir/
done
# Generate random secrets
if ! grep -q "COTURN_STATIC_SECRET" .env; then
COTURN_STATIC_SECRET=$(openssl rand -hex 32);
echo "COTURN_STATIC_SECRET=${COTURN_STATIC_SECRET}" >> src/.env
fi
if ! grep -q "MEET_WEBHOOK_TOKEN" .env; then
MEET_WEBHOOK_TOKEN=$(openssl rand -hex 32);
echo "MEET_WEBHOOK_TOKEN=${MEET_WEBHOOK_TOKEN}" >> src/.env
fi
if ! grep -q "MEET_SERVER_TOKEN" .env; then
MEET_SERVER_TOKEN=$(openssl rand -hex 32);
echo "MEET_SERVER_TOKEN=${MEET_SERVER_TOKEN}" >> src/.env
fi
if ! grep -q "APP_KEY=base64:" .env; then
APP_KEY=$(openssl rand -base64 32);
echo "APP_KEY=base64:${APP_KEY}" >> src/.env
fi
if ! grep -q "PASSPORT_PROXY_OAUTH_CLIENT_ID=" .env; then
PASSPORT_PROXY_OAUTH_CLIENT_ID=$(uuidgen);
echo "PASSPORT_PROXY_OAUTH_CLIENT_ID=${PASSPORT_PROXY_OAUTH_CLIENT_ID}" >> src/.env
fi
if ! grep -q "PASSPORT_PROXY_OAUTH_CLIENT_SECRET=" .env; then
PASSPORT_PROXY_OAUTH_CLIENT_SECRET=$(openssl rand -base64 32);
echo "PASSPORT_PROXY_OAUTH_CLIENT_SECRET=${PASSPORT_PROXY_OAUTH_CLIENT_SECRET}" >> src/.env
fi
if ! grep -q "PASSPORT_PUBLIC_KEY=|PASSPORT_PRIVATE_KEY=" .env; then
PASSPORT_PRIVATE_KEY=$(openssl genrsa 4096);
echo "PASSPORT_PRIVATE_KEY=\"${PASSPORT_PRIVATE_KEY}\"" >> src/.env
PASSPORT_PUBLIC_KEY=$(echo "$PASSPORT_PRIVATE_KEY" | openssl rsa -pubout 2>/dev/null)
echo "PASSPORT_PUBLIC_KEY=\"${PASSPORT_PUBLIC_KEY}\"" >> src/.env
fi
+if ! grep -q "KOLAB_GIT_REF=" .env; then
+ echo "KOLAB_GIT_REF=${KOLAB_GIT_REF:-master}" >> src/.env
+fi
+
# Customize configuration
sed -i \
-e "s/{{ host }}/${HOST:-kolab.local}/g" \
-e "s/{{ openexchangerates_api_key }}/${OPENEXCHANGERATES_API_KEY}/g" \
-e "s/{{ firebase_api_key }}/${FIREBASE_API_KEY}/g" \
-e "s/{{ public_ip }}/${PUBLIC_IP:-172.18.0.1}/g" \
-e "s/{{ admin_password }}/${ADMIN_PASSWORD}/g" \
src/.env
if [ -f /etc/letsencrypt/live/${HOST}/cert.pem ]; then
echo "Using the available letsencrypt certificate for ${HOST}"
cat >> .env << EOF
KOLAB_SSL_CERTIFICATE=/etc/letsencrypt/live/${HOST}/cert.pem
KOLAB_SSL_CERTIFICATE_FULLCHAIN=/etc/letsencrypt/live/${HOST}/fullchain.pem
KOLAB_SSL_CERTIFICATE_KEY=/etc/letsencrypt/live/${HOST}/privkey.pem
PROXY_SSL_CERTIFICATE=/etc/letsencrypt/live/${HOST}/fullchain.pem
PROXY_SSL_CERTIFICATE_KEY=/etc/letsencrypt/live/${HOST}/privkey.pem
EOF
fi
diff --git a/docker-compose.yml b/docker-compose.yml
index 40edc052..6d0c3782 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,304 +1,308 @@
version: '3'
services:
coturn:
build:
context: ./docker/coturn/
container_name: kolab-coturn
healthcheck:
interval: 10s
test: "kill -0 $$(cat /tmp/turnserver.pid)"
timeout: 5s
retries: 30
environment:
- TURN_PUBLIC_IP=${COTURN_PUBLIC_IP}
- TURN_LISTEN_PORT=3478
- TURN_STATIC_SECRET=${COTURN_STATIC_SECRET}
hostname: sturn.mgmt.com
image: kolab-coturn
network_mode: host
restart: on-failure
kolab:
build:
context: ./docker/kolab/
args:
DB_KOLAB_DATABASE: kolab
DB_KOLAB_USERNAME: kolab
DB_KOLAB_PASSWORD: ${DB_PASSWORD:?"DB_PASSWORD is missing"}
container_name: kolab
privileged: true
restart: on-failure
tty: true
depends_on:
mariadb:
condition: service_healthy
pdns:
condition: service_healthy
extra_hosts:
- "kolab.mgmt.com:127.0.0.1"
- "services.${APP_DOMAIN}:172.18.0.4"
environment:
- APP_DOMAIN=${APP_DOMAIN}
- LDAP_HOST=127.0.0.1
- LDAP_ADMIN_BIND_DN=${LDAP_ADMIN_BIND_DN}
- LDAP_ADMIN_BIND_PW=${LDAP_ADMIN_BIND_PW}
- LDAP_SERVICE_BIND_PW=${LDAP_SERVICE_BIND_PW}
- LDAP_HOSTED_BIND_PW=${LDAP_HOSTED_BIND_PW}
- DB_HOST=mariadb
- DB_ROOT_PASSWORD=${DB_ROOT_PASSWORD}
- DB_HKCCP_DATABASE=${DB_DATABASE}
- DB_HKCCP_USERNAME=${DB_USERNAME}
- DB_HKCCP_PASSWORD=${DB_PASSWORD:?"DB_PASSWORD is missing"}
- DB_KOLAB_DATABASE=kolab
- DB_KOLAB_USERNAME=kolab
- DB_KOLAB_PASSWORD=${DB_PASSWORD:?"DB_PASSWORD is missing"}
- SSL_CERTIFICATE=${KOLAB_SSL_CERTIFICATE:?"KOLAB_SSL_CERTIFICATE is missing"}
- SSL_CERTIFICATE_FULLCHAIN=${KOLAB_SSL_CERTIFICATE_FULLCHAIN:?"KOLAB_SSL_CERTIFICATE_FULLCHAIN is missing"}
- SSL_CERTIFICATE_KEY=${KOLAB_SSL_CERTIFICATE_KEY:?"KOLAB_SSL_CERTIFICATE_KEY is missing"}
- IMAP_HOST=127.0.0.1
- IMAP_PORT=11993
- IMAP_ADMIN_LOGIN=${IMAP_ADMIN_LOGIN}
- IMAP_ADMIN_PASSWORD=${IMAP_ADMIN_PASSWORD}
- MAIL_HOST=127.0.0.1
- MAIL_PORT=10587
healthcheck:
interval: 10s
test: "systemctl is-active kolab-init || exit 1"
timeout: 5s
retries: 30
start_period: 5m
# This makes docker's dns, resolve via pdns for this container.
# Please note it does not affect /etc/resolv.conf
dns: 172.18.0.11
hostname: kolab.mgmt.com
image: kolab
networks:
kolab:
ipv4_address: 172.18.0.5
ports:
- "12143:12143"
tmpfs:
- /run
- /tmp
- /var/run
- /var/tmp
volumes:
- ./ext/:/src/:ro
- /etc/letsencrypt/:/etc/letsencrypt/:ro
- ./docker/certs/ca.cert:/etc/pki/tls/certs/ca.cert:ro
- ./docker/certs/ca.cert:/etc/pki/ca-trust/source/anchors/ca.cert:ro
- ./docker/certs/kolab.hosted.com.cert:${KOLAB_SSL_CERTIFICATE:?err}
- ./docker/certs/kolab.hosted.com.chain.pem:${KOLAB_SSL_CERTIFICATE_FULLCHAIN:?err}
- ./docker/certs/kolab.hosted.com.key:${KOLAB_SSL_CERTIFICATE_KEY:?err}
- ./docker/kolab/utils:/root/utils:ro
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- imap:/imapdata
- ldap:/ldapdata
roundcube:
build:
context: ./docker/roundcube/
container_name: kolab-roundcube
hostname: roundcube.hosted.com
restart: on-failure
depends_on:
mariadb:
condition: service_healthy
pdns:
condition: service_healthy
kolab:
condition: service_healthy
environment:
- APP_DOMAIN=${APP_DOMAIN}
- LDAP_HOST=kolab
- LDAP_ADMIN_BIND_DN=${LDAP_ADMIN_BIND_DN}
- LDAP_ADMIN_BIND_PW=${LDAP_ADMIN_BIND_PW}
- LDAP_SERVICE_BIND_PW=${LDAP_SERVICE_BIND_PW}
- LDAP_HOSTED_BIND_PW=${LDAP_HOSTED_BIND_PW}
- DB_HOST=mariadb
- DB_ROOT_PASSWORD=${DB_ROOT_PASSWORD}
- DB_RC_DATABASE=roundcube
- DB_RC_USERNAME=roundcube
- DB_RC_PASSWORD=${DB_PASSWORD:?"DB_PASSWORD is missing"}
- IMAP_HOST=tls://haproxy
- IMAP_PORT=145
- IMAP_ADMIN_LOGIN=${IMAP_ADMIN_LOGIN}
- IMAP_ADMIN_PASSWORD=${IMAP_ADMIN_PASSWORD}
- MAIL_HOST=tls://kolab
- MAIL_PORT=10587
healthcheck:
interval: 10s
test: "kill -0 $$(cat /run/httpd/httpd.pid)"
timeout: 5s
retries: 30
# This makes docker's dns, resolve via pdns for this container.
# Please note it does not affect /etc/resolv.conf
dns: 172.18.0.11
image: roundcube
networks:
kolab:
ipv4_address: 172.18.0.9
ports:
- "8001:80"
tmpfs:
- /run
- /tmp
- /var/run
- /var/tmp
volumes:
- ./ext/:/src.orig/:ro
mariadb:
container_name: kolab-mariadb
restart: on-failure
environment:
- MARIADB_ROOT_PASSWORD=${DB_ROOT_PASSWORD}
- TZ="+02:00"
- DB_HKCCP_DATABASE=${DB_DATABASE}
- DB_HKCCP_USERNAME=${DB_USERNAME}
- DB_HKCCP_PASSWORD=${DB_PASSWORD}
healthcheck:
interval: 10s
test: test -e /var/run/mysqld/mysqld.sock
timeout: 5s
retries: 30
image: mariadb:latest
networks:
kolab:
ipv4_address: 172.18.0.3
volumes:
- ./docker/mariadb/mysql-init/:/docker-entrypoint-initdb.d/
- mariadb:/var/lib/mysql
haproxy:
build:
context: ./docker/haproxy/
healthcheck:
interval: 10s
test: "kill -0 $$(cat /var/run/haproxy.pid)"
timeout: 5s
retries: 30
container_name: kolab-haproxy
restart: on-failure
hostname: haproxy.hosted.com
image: kolab-haproxy
networks:
kolab:
ipv4_address: 172.18.0.6
tmpfs:
- /run
- /tmp
- /var/run
- /var/tmp
volumes:
- ./docker/certs/:/etc/certs/:ro
- /etc/letsencrypt/:/etc/letsencrypt/:ro
pdns:
build:
context: ./docker/pdns/
args:
DB_HOST: mariadb
DB_DATABASE: ${DB_DATABASE:?DB_DATABASE}
DB_USERNAME: ${DB_USERNAME:?DB_USERNAME}
DB_PASSWORD: ${DB_PASSWORD:?DB_PASSWORD}
container_name: kolab-pdns
restart: on-failure
tty: true
hostname: pdns
depends_on:
mariadb:
condition: service_healthy
healthcheck:
interval: 10s
test: "systemctl status pdns || exit 1"
timeout: 5s
retries: 30
image: kolab-pdns
networks:
kolab:
ipv4_address: 172.18.0.11
tmpfs:
- /run
- /tmp
- /var/run
- /var/tmp
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
redis:
build:
context: ./docker/redis/
healthcheck:
interval: 10s
test: "redis-cli ping || exit 1"
timeout: 5s
retries: 30
container_name: kolab-redis
restart: on-failure
hostname: redis
image: redis
networks:
- kolab
volumes:
- ./docker/redis/redis.conf:/usr/local/etc/redis/redis.conf:ro
webapp:
build:
context: ./docker/webapp/
+ args:
+ GIT_REF: ${KOLAB_GIT_REF:-master}
container_name: kolab-webapp
restart: on-failure
image: kolab-webapp
healthcheck:
interval: 10s
test: "/src/kolabsrc/artisan octane:status || exit 1"
timeout: 5s
retries: 30
start_period: 5m
depends_on:
kolab:
condition: service_healthy
redis:
condition: service_healthy
roundcube:
condition: service_healthy
networks:
kolab:
ipv4_address: 172.18.0.4
volumes:
- ./src:/src/kolabsrc.orig:ro
ports:
- "8000:8000"
meet:
build:
context: ./docker/meet/
+ args:
+ GIT_REF: ${KOLAB_GIT_REF:-master}
container_name: kolab-meet
restart: on-failure
healthcheck:
interval: 10s
test: "curl --insecure -H 'X-AUTH-TOKEN: ${MEET_SERVER_TOKEN}' --fail https://${MEET_LISTENING_HOST}:12443/meetmedia/api/health || exit 1"
timeout: 5s
retries: 30
start_period: 5m
environment:
- WEBRTC_LISTEN_IP=${MEET_WEBRTC_LISTEN_IP:?err}
- PUBLIC_DOMAIN=${MEET_PUBLIC_DOMAIN:?err}
- LISTENING_HOST=${MEET_LISTENING_HOST:?err}
- LISTENING_PORT=12443
- TURN_SERVER=${MEET_TURN_SERVER}
- TURN_STATIC_SECRET=${COTURN_STATIC_SECRET}
- AUTH_TOKEN=${MEET_SERVER_TOKEN:?err}
- WEBHOOK_TOKEN=${MEET_WEBHOOK_TOKEN:?err}
- WEBHOOK_URL=${APP_PUBLIC_URL:?err}/api/webhooks/meet
- SSL_CERT=/etc/pki/tls/certs/meet.${APP_WEBSITE_DOMAIN:?err}.cert
- SSL_KEY=/etc/pki/tls/private/meet.${APP_WEBSITE_DOMAIN:?err}.key
network_mode: host
container_name: kolab-meet
image: kolab-meet
volumes:
- ./meet/server:/src/meet/:ro
- ./docker/certs/meet.${APP_WEBSITE_DOMAIN}.cert:/etc/pki/tls/certs/meet.${APP_WEBSITE_DOMAIN}.cert
- ./docker/certs/meet.${APP_WEBSITE_DOMAIN}.key:/etc/pki/tls/private/meet.${APP_WEBSITE_DOMAIN}.key
networks:
kolab:
driver: bridge
ipam:
config:
- subnet: "172.18.0.0/24"
volumes:
mariadb:
imap:
ldap:
diff --git a/docker/meet/Dockerfile b/docker/meet/Dockerfile
index d1c210a0..8745b717 100644
--- a/docker/meet/Dockerfile
+++ b/docker/meet/Dockerfile
@@ -1,13 +1,14 @@
FROM fedora:37
MAINTAINER Jeroen van Meeuwen <vanmeeuwen@kolabsys.com>
RUN dnf -y install \
--setopt 'tsflags=nodocs' \
npm nodejs python3 python3-pip meson ninja-build make gcc g++ git && \
dnf clean all
+ARG GIT_REF=master
COPY build.sh /build.sh
RUN /build.sh
COPY init.sh /init.sh
CMD [ "/init.sh" ]
diff --git a/docker/meet/build.sh b/docker/meet/build.sh
index e0cf0348..a42aa6d0 100755
--- a/docker/meet/build.sh
+++ b/docker/meet/build.sh
@@ -1,10 +1,13 @@
#!/bin/bash
set -e
mkdir /src/
cd /src/
-git clone https://git.kolab.org/source/kolab.git kolab
+git clone --branch $GIT_REF https://git.kolab.org/source/kolab.git kolab
+pushd kolab
+git reset --hard $GIT_REF
+popd
cp -R kolab/meet/server /src/meetsrc
rm -Rf /src/meetsrc/node_modules
cd /src/meetsrc
npm install
npm install -g nodemon
diff --git a/docker/webapp/Dockerfile b/docker/webapp/Dockerfile
index 9dcb2392..b0defc21 100755
--- a/docker/webapp/Dockerfile
+++ b/docker/webapp/Dockerfile
@@ -1,16 +1,17 @@
FROM apheleia/swoole:4.8.x
MAINTAINER Jeroen van Meeuwen <vanmeeuwen@apheleia-it.ch>
USER root
RUN dnf -y install findutils gnupg2 git rsync procps-ng
EXPOSE 8000
+ARG GIT_REF=master
COPY build.sh /build.sh
RUN /build.sh
COPY init.sh /init.sh
COPY update.sh /update.sh
CMD [ "/init.sh" ]
diff --git a/docker/webapp/build.sh b/docker/webapp/build.sh
index 6ae4bc8f..8c9fb150 100755
--- a/docker/webapp/build.sh
+++ b/docker/webapp/build.sh
@@ -1,24 +1,28 @@
#!/bin/bash
set -e
set -x
mkdir /src
cd /src
-git clone https://git.kolab.org/source/kolab.git kolab
+git clone --branch $GIT_REF https://git.kolab.org/source/kolab.git kolab
+pushd kolab
+git reset --hard $GIT_REF
+popd
+
cp -a kolab/src /src/kolabsrc
cd /src/kolabsrc
mkdir -p storage/framework/{sessions,views,cache}
mkdir -p database/seeds
php -dmemory_limit=-1 $(command -v composer) install
npm -g install npm
/usr/local/bin/npm install
./artisan storage:link
./artisan clear-compiled
if [ ! -f 'resources/countries.php' ]; then
./artisan data:countries
fi
/usr/local/bin/npm run dev
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Thu, Mar 19, 9:07 AM (22 h, 15 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
457708
Default Alt Text
(18 KB)
Attached To
Mode
R2 kolab
Attached
Detach File
Event Timeline
Log In to Comment