diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 468cafb3..9cf3f1ff 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -186,6 +186,9 @@ variables:
description: "A new deployment sometimes needs a few minutes to sort itself. If tested too early tests may fail.
GRACE_PERIOD is the period in seconds that should be waited before running the tests."
value: "0"
+ TESTS_NUMBER_OF_THREADS:
+ description: "How many threads are used for executing the tests in parallel?"
+ value: "8"
# Declare .environments which is in `opendesk-env` repository. In case it is not available
# 'cache' is used because job as a dummy key, as the job is not allowed to be empty.
@@ -560,7 +563,8 @@ run-tests:
\"screenshot_redirect_step\": \"yes\", \
\"testset\": \"${TESTS_TESTSET}\", \
\"testprofile\": \"Namespace\", \
- \"GRACE_PERIOD\": \"${TESTS_GRACE_PERIOD}\" \
+ \"GRACE_PERIOD\": \"${TESTS_GRACE_PERIOD}\", \
+ \"NUMBER_OF_THREADS\": \"${TESTS_NUMBER_OF_THREADS}\" \
} \
}" \
"https://${TESTS_PROJECT_URL}/trigger/pipeline"
diff --git a/docs/enhanced-configuration/idp-federation.md b/docs/enhanced-configuration/idp-federation.md
index a3e5cdae..3878dffc 100644
--- a/docs/enhanced-configuration/idp-federation.md
+++ b/docs/enhanced-configuration/idp-federation.md
@@ -6,7 +6,6 @@ SPDX-License-Identifier: Apache-2.0
Federation with external identity provider (IdP)
-* [Context](#context)
* [References](#references)
* [Prerequisites](#prerequisites)
* [User accounts](#user-accounts)
@@ -153,10 +152,9 @@ The following configuration is taking place in the Keycloak realm `opendesk`.
- *Client authentication*: `Client secret sent as post` (default)
- *Client ID*: Use the client ID you took from your organization's IdP config (`opendesk-federation-client` in this example)
- *Client Secret*: Use the secret you took from your organization's IdP config
- - When completed with *Add*, you get to the detailed IdP configured that also needs some updates (you may need to open the *Advanced* section to access some settings)
- - *Back-channel logout*: `On`
- - *Disable user info*: `On`
+ - When completed with *Add*, you get to the detailed IdP configuration that at least needs some the following update:
- *First login flow override*: `auto-federate-flow`
+ - Depending on your organizations IdP and process preferences additional setting may be required
- In case you want to forcefully redirect all users to your organization's IdP (disabling login with local openDesk accounts):
- *Authentication* > `2fa-browser`
diff --git a/docs/external-services.md b/docs/external-services.md
index 12a3b376..7bb596c6 100644
--- a/docs/external-services.md
+++ b/docs/external-services.md
@@ -11,6 +11,7 @@ This document will cover the additional configuration for external services like
* [Database](#database)
* [Object storage](#object-storage)
* [Cache](#cache)
+* [Footnotes](#footnotes)
# Database
@@ -18,93 +19,134 @@ This document will cover the additional configuration for external services like
When deploying this suite to production, you need to configure the applications to use your production-grade database
service.
-| Component | Name | Type | Parameter | Key | Default |
-| ------------ | ------------------ | ---------- | --------- | ---------------------------------------- | -------------------------- |
-| Element | Synapse | PostgreSQL | | | |
-| | | | Name | `databases.synapse.name` | `matrix` |
-| | | | Host | `databases.synapse.host` | `postgresql` |
-| | | | Port | `databases.synapse.port` | `5432` |
-| | | | Username | `databases.synapse.username` | `matrix_user` |
-| | | | Password | `databases.synapse.password` | |
-| Keycloak | Keycloak | PostgreSQL | | | |
-| | | | Name | `databases.keycloak.name` | `keycloak` |
-| | | | Host | `databases.keycloak.host` | `postgresql` |
-| | | | Port | `databases.keycloak.port` | `5432` |
-| | | | Username | `databases.keycloak.username` | `keycloak_user` |
-| | | | Password | `databases.keycloak.password` | |
-| | Keycloak Extension | PostgreSQL | | | |
-| | | | Name | `databases.keycloakExtension.name` | `keycloak_extensions` |
-| | | | Host | `databases.keycloakExtension.host` | `postgresql` |
-| | | | Port | `databases.keycloakExtension.port` | `5432` |
-| | | | Username | `databases.keycloakExtension.username` | `keycloak_extensions_user` |
-| | | | Password | `databases.keycloakExtension.password` | |
-| UMS | Notifications API | PostgreSQL | | | |
-| | | | Name | `databases.umsNotificationsApi.name` | `notificationsapi` |
-| | | | Host | `databases.umsNotificationsApi.host` | `postgresql` |
-| | | | Port | `databases.umsNotificationsApi.port` | `5432` |
-| | | | Username | `databases.umsNotificationsApi.username` | `notificationsapi_user` |
-| | | | Password | `databases.umsNotificationsApi.password` | |
-| | Self Service | PostgreSQL | | | |
-| | | | Name | `databases.umsSelfservice.name` | `selfservice` |
-| | | | Host | `databases.umsSelfservice.host` | `postgresql` |
-| | | | Port | `databases.umsSelfservice.port` | `5432` |
-| | | | Username | `databases.umsSelfservice.username` | `selfservice_user` |
-| | | | Password | `databases.umsSelfservice.password` | |
-| Nextcloud | Nextcloud | MariaDB | | | |
-| | | | Name | `databases.nextcloud.name` | `nextcloud` |
-| | | | Host | `databases.nextcloud.host` | `mariadb` |
-| | | | Username | `databases.nextcloud.username` | `nextcloud_user` |
-| | | | Password | `databases.nextcloud.password` | |
-| OpenProject | OpenProject | PostgreSQL | | | |
-| | | | Name | `databases.openproject.name` | `openproject` |
-| | | | Host | `databases.openproject.host` | `postgresql` |
-| | | | Port | `databases.openproject.port` | `5432` |
-| | | | Username | `databases.openproject.username` | `openproject_user` |
-| | | | Password | `databases.openproject.password` | |
-| OX App Suite | OX App Suite | MariaDB | | | |
-| | | | Name | `databases.oxAppSuite.name` | `CONFIGDB` |
-| | | | Host | `databases.oxAppSuite.host` | `mariadb` |
-| | | | Username | `databases.oxAppSuite.username` | `root` |
-| | | | Password | `databases.oxAppSuite.password` | |
-| XWiki | XWiki | MariaDB | | | |
-| | | | Name | `databases.xwiki.name` | `xwiki` |
-| | | | Host | `databases.xwiki.host` | `mariadb` |
-| | | | Username | `databases.xwiki.username` | `xwiki_user` |
-| | | | Password | `databases.xwiki.password` | |
+> **Note**
+> openDesk supports PostgreSQL as alternative database backend for Nextcloud and XWiki. PostgreSQL is likely become the preferred option/default in the future and MariaDB might be deprecated at a later point requiring migrations[^1] if you do not select PostgreSQL for new installations.
+
+| Component | Name | Parameter | Key | Default |
+| ---------------- | ------------------ | --------- | --------------------------------------------- | ---------------------------- |
+| Element | Synapse | | | |
+| | | Type | `databases.synapse.type` | `postgresql` |
+| | | Name | `databases.synapse.name` | `matrix` |
+| | | Host | `databases.synapse.host` | `postgresql` |
+| | | Port | `databases.synapse.port` | `5432` |
+| | | Username | `databases.synapse.username` | `matrix_user` |
+| | | Password | `databases.synapse.password` | |
+| Nubus | Guardian Mgmt API | | | |
+| | | Type | `databases.umsGuardianManagementApi.type` | `postgresql` |
+| | | Name | `databases.umsGuardianManagementApi.name` | `guardianmanagementapi` |
+| | | Host | `databases.umsGuardianManagementApi.host` | `postgresql` |
+| | | Port | `databases.umsGuardianManagementApi.port` | `5432` |
+| | | Username | `databases.umsGuardianManagementApi.username` | `guardianmanagementapi_user` |
+| | | Password | `databases.umsGuardianManagementApi.password` | |
+| | Keycloak | | | |
+| | | Type | `databases.keycloak.type` | `postgresql` |
+| | | Name | `databases.keycloak.name` | `keycloak` |
+| | | Host | `databases.keycloak.host` | `postgresql` |
+| | | Port | `databases.keycloak.port` | `5432` |
+| | | Username | `databases.keycloak.username` | `keycloak_user` |
+| | | Password | `databases.keycloak.password` | |
+| | Keycloak Extension | | | |
+| | | Type | `databases.keycloakExtension.type` | `postgresql` |
+| | | Name | `databases.keycloakExtension.name` | `keycloak_extensions` |
+| | | Host | `databases.keycloakExtension.host` | `postgresql` |
+| | | Port | `databases.keycloakExtension.port` | `5432` |
+| | | Username | `databases.keycloakExtension.username` | `keycloak_extensions_user` |
+| | | Password | `databases.keycloakExtension.password` | |
+| | Notifications API | | | |
+| | | Type | `databases.umsNotificationsApi.type` | `postgresql` |
+| | | Name | `databases.umsNotificationsApi.name` | `notificationsapi` |
+| | | Host | `databases.umsNotificationsApi.host` | `postgresql` |
+| | | Port | `databases.umsNotificationsApi.port` | `5432` |
+| | | Username | `databases.umsNotificationsApi.username` | `notificationsapi_user` |
+| | | Password | `databases.umsNotificationsApi.password` | |
+| | Self Service | | | |
+| | | Type | `databases.umsSelfservice.type` | `postgresql` |
+| | | Name | `databases.umsSelfservice.name` | `selfservice` |
+| | | Host | `databases.umsSelfservice.host` | `postgresql` |
+| | | Port | `databases.umsSelfservice.port` | `5432` |
+| | | Username | `databases.umsSelfservice.username` | `selfservice_user` |
+| | | Password | `databases.umsSelfservice.password` | |
+| Nextcloud | Nextcloud | | | |
+| | | Type | `databases.nextcloud.type` | `mariadb` |
+| | | Name | `databases.nextcloud.name` | `nextcloud` |
+| | | Host | `databases.nextcloud.host` | `mariadb` |
+| | | Port | `databases.nextcloud.port` | `3306` |
+| | | Username | `databases.nextcloud.username` | `nextcloud_user` |
+| | | Password | `databases.nextcloud.password` | |
+| Notes | Notes | | | |
+| | | Type | `databases.notes.type` | `postgresql` |
+| | | Name | `databases.notes.name` | `notes` |
+| | | Host | `databases.notes.host` | `postgresql` |
+| | | Port | `databases.notes.port` | `5432` |
+| | | Username | `databases.notes.username` | `notes_user` |
+| | | Password | `databases.notes.password` | |
+| OpenProject | OpenProject | | | |
+| | | Type | `databases.openproject.type` | `postgresql` |
+| | | Name | `databases.openproject.name` | `openproject` |
+| | | Host | `databases.openproject.host` | `postgresql` |
+| | | Port | `databases.openproject.port` | `5432` |
+| | | Username | `databases.openproject.username` | `openproject_user` |
+| | | Password | `databases.openproject.password` | |
+| OX App Suite[^2] | OX App Suite | | | |
+| | | Type | `databases.oxAppSuite.type` | `mariadb` |
+| | | Name | `databases.oxAppSuite.name` | `openxchange` |
+| | | Host | `databases.oxAppSuite.host` | `mariadb` |
+| | | Port | `databases.oxAppSuite.port` | `3306` |
+| | | Username | `databases.oxAppSuite.username` | `root` |
+| | | Password | `databases.oxAppSuite.password` | |
+| XWiki[^3] | XWiki | | | |
+| | | Type | `databases.xwiki.type` | `mariadb` |
+| | | Name | `databases.xwiki.name` | `xwiki` |
+| | | Host | `databases.xwiki.host` | `mariadb` |
+| | | Port | `databases.xwiki.port` | `3306` |
+| | | Username | `databases.xwiki.username` | `root` |
+| | | Password | `databases.xwiki.password` | |
# Object storage
When deploying this suite to production, you need to configure the applications to use your production-grade object
storage service.
-| Component | Name | Parameter | Key | Default |
+| Component | Name | Parameter | Key | Default |
|-------------|-------------|-----------------|------------------------------------------|--------------------|
-| OpenProject | OpenProject | | | |
-| | | Backend | `objectstores.openproject.backend` | `minio` |
-| | | Bucket | `objectstores.openproject.bucket` | `openproject` |
-| | | Endpoint | `objectstores.openproject.endpoint` | |
-| | | Provider | `objectstores.openproject.provider` | `AWS` |
-| | | Region | `objectstores.openproject.region` | |
-| | | Secret | `objectstores.openproject.secret` | |
-| | | Username | `objectstores.openproject.username` | `openproject_user` |
-| | | Use IAM profile | `objectstores.openproject.useIAMProfile` | |
+| OpenProject | OpenProject | | | |
+| | | Backend | `objectstores.openproject.backend` | `minio` |
+| | | Bucket | `objectstores.openproject.bucket` | `openproject` |
+| | | Endpoint | `objectstores.openproject.endpoint` | |
+| | | Provider | `objectstores.openproject.provider` | `AWS` |
+| | | Region | `objectstores.openproject.region` | |
+| | | Secret | `objectstores.openproject.secret` | |
+| | | Username | `objectstores.openproject.username` | `openproject_user` |
+| | | Use IAM profile | `objectstores.openproject.useIAMProfile` | |
# Cache
When deploying this suite to production, you need to configure the applications to use your production-grade cache
service.
-| Component | Name | Type | Parameter | Key | Default |
+| Component | Name | Type | Parameter | Key | Default |
|------------------|------------------|-----------|-----------|------------------------------|------------------|
-| Intercom Service | Intercom Service | Redis | | | |
-| | | | Host | `cache.intercomService.host` | `redis-headless` |
-| | | | Port | `cache.intercomService.port` | `6379` |
-| Nextcloud | Nextcloud | Redis | | | |
-| | | | Host | `cache.nextcloud.host` | `redis-headless` |
-| | | | Port | `cache.nextcloud.port` | `6379` |
-| OpenProject | OpenProject | Memcached | | | |
-| | | | Host | `cache.openproject.host` | `memcached` |
-| | | | Port | `cache.openproject.port` | `11211` |
-| UMS | Self Service | Memcached | | | |
-| | | | Host | `cache.umsSelfservice.host` | `memcached` |
-| | | | Port | `cache.umsSelfservice.port` | `11211` |
+| Intercom Service | Intercom Service | Redis | | | |
+| | | | Host | `cache.intercomService.host` | `redis-headless` |
+| | | | Port | `cache.intercomService.port` | `6379` |
+| Nextcloud | Nextcloud | Redis | | | |
+| | | | Host | `cache.nextcloud.host` | `redis-headless` |
+| | | | Port | `cache.nextcloud.port` | `6379` |
+| OpenProject | OpenProject | Memcached | | | |
+| | | | Host | `cache.openproject.host` | `memcached` |
+| | | | Port | `cache.openproject.port` | `11211` |
+| UMS | Self Service | Memcached | | | |
+| | | | Host | `cache.umsSelfservice.host` | `memcached` |
+| | | | Port | `cache.umsSelfservice.port` | `11211` |
+
+# Footnotes
+
+[^1] The upstream product provide some valuable information regarding database migrations:
+- Nextcloud: https://docs.nextcloud.com/server/latest/admin_manual/configuration_database/db_conversion.html
+- XWiki:
+ - https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Backup#HUsingtheXWikiExportfeature
+ - https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/ImportExport
+
+[^2] OX App Suite only supports MariaDB and requires root access, as it manages its databases itself.
+
+[^3] XWiki requires root access when using MariaDB as sub-wikis are using separate databases that are managed by XWiki. When using PostgreSQL with XWiki no root user is required as the sub-wikis are managed within multiple schemes within a single database.
diff --git a/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl b/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl
index b56d7114..671d2a78 100644
--- a/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl
+++ b/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl
@@ -51,6 +51,13 @@ configuration:
# internalWopiUrl: ""
wopiAllowlist: {{ join ", " ( concat .Values.cluster.networking.cidr .Values.cluster.networking.incomingCIDR ) | quote }}
database:
+ {{ if eq .Values.databases.nextcloud.type "mariadb" }}
+ type: "mysql"
+ {{ else if eq .Values.databases.nextcloud.type "postgresql" }}
+ type: "pgsql"
+ {{ else }}
+ {{ .Values.databases.nextcloud.type | quote }}
+ {{ end }}
host: {{ .Values.databases.nextcloud.host | quote }}
port: {{ .Values.databases.nextcloud.port | quote }}
name: {{ .Values.databases.nextcloud.name | quote }}
@@ -58,7 +65,13 @@ configuration:
username:
value: {{ .Values.databases.nextcloud.username | quote }}
password:
+ {{- if or (eq .Values.databases.nextcloud.type "mariadb") (eq .Values.databases.nextcloud.type "mysql") }}
value: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }}
+ {{- else if or (eq .Values.databases.nextcloud.type "postgresql") (eq .Values.databases.nextcloud.type "psql") }}
+ value: {{ .Values.databases.nextcloud.password | default .Values.secrets.postgresql.nextcloudUser | quote }}
+ {{- else }}
+ value: {{ .Values.databases.nextcloud.password | quote }}
+ {{- end }}
ldap:
host: {{ .Values.ldap.host | quote }}
password:
diff --git a/helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl b/helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl
index 48b9d97d..5bc7bcda 100644
--- a/helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl
+++ b/helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl
@@ -63,6 +63,13 @@ aio:
port: {{ .Values.cache.nextcloud.port | quote }}
tls: {{ .Values.cache.nextcloud.tls }}
database:
+ {{ if eq .Values.databases.nextcloud.type "mariadb" }}
+ type: "mysql"
+ {{ else if eq .Values.databases.nextcloud.type "postgresql" }}
+ type: "pgsql"
+ {{ else }}
+ {{ .Values.databases.nextcloud.type | quote }}
+ {{ end }}
host: {{ .Values.databases.nextcloud.host | quote }}
port: {{ .Values.databases.nextcloud.port | quote }}
name: {{ .Values.databases.nextcloud.name | quote }}
@@ -70,7 +77,13 @@ aio:
username:
value: {{ .Values.databases.nextcloud.username | quote }}
password:
+ {{- if or (eq .Values.databases.nextcloud.type "mariadb") (eq .Values.databases.nextcloud.type "mysql") }}
value: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }}
+ {{- else if or (eq .Values.databases.nextcloud.type "postgresql") (eq .Values.databases.nextcloud.type "psql") }}
+ value: {{ .Values.databases.nextcloud.password | default .Values.secrets.postgresql.nextcloudUser | quote }}
+ {{- else }}
+ value: {{ .Values.databases.nextcloud.password | quote }}
+ {{- end }}
trustedProxy: {{ join " " .Values.cluster.networking.cidr | quote }}
containerSecurityContext:
allowPrivilegeEscalation: false
diff --git a/helmfile/apps/services-external/values-mariadb.yaml.gotmpl b/helmfile/apps/services-external/values-mariadb.yaml.gotmpl
index 58e41949..bed3c92c 100644
--- a/helmfile/apps/services-external/values-mariadb.yaml.gotmpl
+++ b/helmfile/apps/services-external/values-mariadb.yaml.gotmpl
@@ -39,32 +39,32 @@ job:
retries: 10
wait: 30
users:
+ - username: "openxchange_user"
+ password: {{ .Values.secrets.mariadb.openxchangeUser | quote }}
+ connectionLimit: {{ .Values.databases.oxAppSuite.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
+{{ if or (eq .Values.databases.nextcloud.type "mariadb") (eq .Values.databases.nextcloud.type "mysql") }}
- username: {{ .Values.databases.nextcloud.username | quote }}
password: {{ .Values.secrets.mariadb.nextcloudUser | quote}}
connectionLimit: {{ .Values.databases.nextcloud.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
- # OX and XWiki are using the db's `root` users (see `database.yaml.gotmpl`). So we are statically referencing their dedicated
- # users for the moment.
- - username: "openxchange_user"
- # - username: {{ .Values.databases.xwiki.username | quote }}
- password: {{ .Values.secrets.mariadb.openxchangeUser | quote }}
- connectionLimit: {{ .Values.databases.oxAppSuite.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
+{{ end }}
+{{ if eq .Values.databases.xwiki.type "mariadb" }}
- username: "xwiki_user"
- # - username: {{ .Values.databases.oxAppSuite.username | quote }}
password: {{ .Values.secrets.mariadb.xwikiUser | quote }}
connectionLimit: {{ .Values.databases.xwiki.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
+{{ end }}
databases:
+ # OX uses root user and auto automanages the database, we add a dummy user and create a dummy/empty database.
+ - name: "openxchange_dummy"
+ user: "openxchange_user"
+{{ if or (eq .Values.databases.nextcloud.type "mariadb") (eq .Values.databases.nextcloud.type "mysql") }}
- name: {{ .Values.databases.nextcloud.name | quote }}
user: {{ .Values.databases.nextcloud.username | quote }}
- # OX and XWiki are using the db's `root` users (see `database.yaml.gotmpl`). So we are statically referencing their dedicated
- # users for the moment.
- - name: "openxchange"
- user: "openxchange_user"
- # - name: {{ .Values.databases.oxAppSuite.name | quote }}
- # user: {{ .Values.databases.oxAppSuite.username | quote }}
- - name: "xwiki"
+{{ end }}
+{{ if eq .Values.databases.xwiki.type "mariadb" }}
+ # XWiki uses root user to create new subwiki databases, we add a dummy user.
+ - name: {{ .Values.databases.xwiki.name | quote }}
user: "xwiki_user"
- # - name: {{ .Values.databases.xwiki.name | quote }}
- # user: {{ .Values.databases.xwiki.username | quote }}
+{{ end }}
mariadb:
rootPassword:
diff --git a/helmfile/apps/services-external/values-postgresql.yaml.gotmpl b/helmfile/apps/services-external/values-postgresql.yaml.gotmpl
index 68da62fe..34938986 100644
--- a/helmfile/apps/services-external/values-postgresql.yaml.gotmpl
+++ b/helmfile/apps/services-external/values-postgresql.yaml.gotmpl
@@ -69,6 +69,16 @@ job:
- username: {{ .Values.databases.umsSelfservice.username | quote }}
password: {{ .Values.secrets.postgresql.umsSelfserviceUser | quote }}
connectionLimit: {{ .Values.databases.umsSelfservice.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
+{{ if or (eq .Values.databases.nextcloud.type "postgresql") (eq .Values.databases.nextcloud.type "psql") }}
+ - username: {{ .Values.databases.nextcloud.username | quote }}
+ password: {{ .Values.secrets.postgresql.nextcloudUser | quote }}
+ connectionLimit: {{ .Values.databases.nextcloud.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
+{{ end }}
+{{ if eq .Values.databases.xwiki.type "postgresql" }}
+ - username: {{ .Values.databases.xwiki.username | quote }}
+ password: {{ .Values.secrets.postgresql.xwikiUser | quote }}
+ connectionLimit: {{ .Values.databases.xwiki.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
+{{ end }}
databases:
- name: {{ .Values.databases.keycloak.name | quote }}
user: {{ .Values.databases.keycloak.username | quote }}
@@ -87,6 +97,15 @@ job:
user: {{ .Values.databases.umsNotificationsApi.username | quote }}
- name: {{ .Values.databases.umsSelfservice.name | quote }}
user: {{ .Values.databases.umsSelfservice.username | quote }}
+{{ if or (eq .Values.databases.nextcloud.type "postgresql") (eq .Values.databases.nextcloud.type "psql") }}
+ - name: {{ .Values.databases.nextcloud.name | quote }}
+ user: {{ .Values.databases.nextcloud.username | quote }}
+{{ end }}
+{{ if eq .Values.databases.xwiki.type "postgresql" }}
+ - name: {{ .Values.databases.xwiki.name | quote }}
+ user: {{ .Values.databases.xwiki.username | quote }}
+ additionalParams: "ENCODING 'UNICODE' template=template0"
+{{ end }}
persistence:
size: {{ .Values.persistence.storages.postgresql.size | quote }}
diff --git a/helmfile/apps/xwiki/values.yaml.gotmpl b/helmfile/apps/xwiki/values.yaml.gotmpl
index 50fd5a34..af4f0bc0 100644
--- a/helmfile/apps/xwiki/values.yaml.gotmpl
+++ b/helmfile/apps/xwiki/values.yaml.gotmpl
@@ -5,10 +5,16 @@ SPDX-License-Identifier: Apache-2.0
*/}}
---
image:
- name: "{{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.xwiki.registry }}/{{ .Values.images.xwiki.repository }}"
- tag: {{ .Values.images.xwiki.tag | quote }}
+ {{- if eq .Values.databases.xwiki.type "mariadb" }}
+ name: "{{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.xwikiMariadb.registry }}/{{ .Values.images.xwikiMariadb.repository }}"
+ tag: {{ .Values.images.xwikiMariadb.tag | quote }}
+ {{- else if eq .Values.databases.xwiki.type "postgresql" }}
+ name: "{{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.xwikiPostgres.registry }}/{{ .Values.images.xwikiPostgres.repository }}"
+ tag: {{ .Values.images.xwikiPostgres.tag | quote }}
+ {{- else }}
+ {{- fail "Unsupported value for .Values.databases.xwiki.type, supported values are 'mariadb' or 'postgresql'" }}
+ {{- end }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
-
imagePullSecrets: {{ .Values.global.imagePullSecrets }}
{{- if .Values.certificate.selfSigned }}
@@ -19,7 +25,11 @@ javaOpts:
{{- end }}
externalDB:
+ {{- if eq .Values.databases.xwiki.type "mariadb" }}
password: {{ .Values.databases.xwiki.password | default .Values.secrets.mariadb.rootPassword | quote }}
+ {{- else }}
+ password: {{ .Values.databases.xwiki.password | default .Values.secrets.postgresql.xwikiUser | quote }}
+ {{- end }}
database: {{ .Values.databases.xwiki.name | quote }}
user: {{ .Values.databases.xwiki.username | quote }}
host: {{ printf "%s:%d" .Values.databases.xwiki.host .Values.databases.xwiki.port | quote }}
diff --git a/helmfile/environments/default/charts.yaml.gotmpl b/helmfile/environments/default/charts.yaml.gotmpl
index bd0f98fb..cfb82f69 100644
--- a/helmfile/environments/default/charts.yaml.gotmpl
+++ b/helmfile/environments/default/charts.yaml.gotmpl
@@ -434,7 +434,7 @@ charts:
registry: "registry.opencode.de"
repository: "bmi/opendesk/components/platform-development/charts/opendesk-postgresql"
name: "postgresql"
- version: "2.1.1"
+ version: "2.1.2"
verify: true
redis:
# providerCategory: "Community"
diff --git a/helmfile/environments/default/database.yaml.gotmpl b/helmfile/environments/default/database.yaml.gotmpl
index 8550b538..f3f25365 100644
--- a/helmfile/environments/default/database.yaml.gotmpl
+++ b/helmfile/environments/default/database.yaml.gotmpl
@@ -1,10 +1,13 @@
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0
+#
+# See `external-services.md` for more details on the database configuration
---
databases:
defaults:
userConnectionLimit: 100
keycloak:
+ type: "postgresql"
name: "keycloak"
host: "postgresql"
port: 5432
@@ -12,6 +15,7 @@ databases:
password: ""
connectionLimit: ~
keycloakExtension:
+ type: "postgresql"
name: "keycloak_extensions"
host: "postgresql"
port: 5432
@@ -19,6 +23,8 @@ databases:
password: ""
connectionLimit: ~
nextcloud:
+ # Nextcloud itself also supports `postgresql` or `oci`
+ type: "mariadb"
name: "nextcloud"
host: "mariadb"
port: 3306
@@ -26,6 +32,7 @@ databases:
password: ""
connectionLimit: ~
notes:
+ type: "postgresql"
name: "notes"
host: "postgresql"
port: 5432
@@ -33,6 +40,7 @@ databases:
password: ""
connectionLimit: ~
openproject:
+ type: "postgresql"
name: "openproject"
host: "postgresql"
port: 5432
@@ -40,6 +48,7 @@ databases:
password: ""
connectionLimit: ~
oxAppSuite:
+ type: "mariadb"
name: "configdb"
host: "mariadb"
port: 3306
@@ -47,6 +56,7 @@ databases:
password: ""
connectionLimit: ~
synapse:
+ type: "postgresql"
name: "matrix"
host: "postgresql"
port: 5432
@@ -69,6 +79,7 @@ databases:
connectionPoolMax: "5"
connectionLimit: ~
umsGuardianManagementApi:
+ type: "postgresql"
name: "guardianmanagementapi"
host: "postgresql"
port: 5432
@@ -76,6 +87,7 @@ databases:
password: ""
connectionLimit: ~
umsNotificationsApi:
+ type: "postgresql"
name: "notificationsapi"
host: "postgresql"
port: 5432
@@ -83,6 +95,7 @@ databases:
password: ""
connectionLimit: ~
umsSelfservice:
+ type: "postgresql"
name: "selfservice"
host: "postgresql"
port: 5432
@@ -90,6 +103,8 @@ databases:
password: ""
connectionLimit: 10
xwiki:
+ # XWiki itself also supports `postgresql`
+ type: "mariadb"
name: "xwiki"
host: "mariadb"
port: 3306
diff --git a/helmfile/environments/default/images.yaml.gotmpl b/helmfile/environments/default/images.yaml.gotmpl
index ef747bef..f85de643 100644
--- a/helmfile/environments/default/images.yaml.gotmpl
+++ b/helmfile/environments/default/images.yaml.gotmpl
@@ -868,7 +868,7 @@ images:
registry: "registry-1.docker.io"
repository: "library/nginx"
tag: "1.27.3-alpine3.20@sha256:41523187cf7d7a2f2677a80609d9caa14388bf5c1fbca9c410ba3de602aaaab4"
- xwiki:
+ xwikiMariadb:
# providerCategory: "Supplier"
# providerResponsible: "XWiki"
# upstreamRegistry: "https://git.xwikisas.com:5050"
@@ -878,4 +878,14 @@ images:
registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/xwiki/images-mirror/xwiki"
tag: "0.23-mariadb-jetty-alpine@sha256:d358212cc5c3addc4be02cfd0f2b08aa8b88399ac5848e152111f231356558da"
+ xwikiPostgres:
+ # providerCategory: "Supplier"
+ # providerResponsible: "XWiki"
+ # upstreamRegistry: "https://git.xwikisas.com:5050"
+ # upstreamRepository: "xwikisas/swp/xwiki"
+ # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)-postgres.+$'
+ # upstreamMirrorStartFrom: ["0", "23"]
+ registry: "registry.opencode.de"
+ repository: "bmi/opendesk/components/supplier/xwiki/images-mirror/xwiki"
+ tag: "0.23-postgres-jetty-alpine@sha256:01f7d6fd8397a7903c23452cded4866220d733554066b6f5746eecde183fe15a"
...
diff --git a/helmfile/environments/default/secrets.yaml.gotmpl b/helmfile/environments/default/secrets.yaml.gotmpl
index 5838615f..dcf49293 100644
--- a/helmfile/environments/default/secrets.yaml.gotmpl
+++ b/helmfile/environments/default/secrets.yaml.gotmpl
@@ -57,11 +57,13 @@ secrets:
keycloakUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "keycloak_user" | sha1sum | quote }}
keycloakExtensionUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "keycloak_extensions_user" | sha1sum | quote }}
matrixUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "matrix_user" | sha1sum | quote }}
+ nextcloudUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "nextcloud_user" | sha1sum | quote }}
notesUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "notes_user" | sha1sum | quote }}
openprojectUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "openproject_user" | sha1sum | quote }}
umsNotificationsApiUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "notificationsapi_user" | sha1sum | quote }}
umsGuardianManagementApiUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "guardianmanagementapi_user" | sha1sum | quote }}
umsSelfserviceUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "selfservice_user" | sha1sum | quote }}
+ xwikiUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "xwiki_user" | sha1sum | quote }}
mariadb:
rootPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "mariadb" "root_password" | sha1sum | quote }}
xwikiUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "mariadb" "xwiki_user" | sha1sum | quote }}