sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-06 15:31:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(helmfile): Support PostgreSQL as alternative database backend for Nextcloud and XWiki. **Note:** PostgreSQL is likely to become the preferred option/default in the future and MariaDB might be deprecated at a later point.

Browse Source
This commit is contained in:
Thorsten Roßner
2025-01-07 14:58:19 +01:00
parent 335806a53e
commit a0f52ee7d4
12 changed files with 228 additions and 102 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
.gitlab-ci.yml
View File

@@ -186,6 +186,9 @@ variables:
description: "A new deployment sometimes needs a few minutes to sort itself. If tested too early tests may fail. description: "A new deployment sometimes needs a few minutes to sort itself. If tested too early tests may fail.
GRACE_PERIOD is the period in seconds that should be waited before running the tests." GRACE_PERIOD is the period in seconds that should be waited before running the tests."
value: "0" value: "0"
TESTS_NUMBER_OF_THREADS:
description: "How many threads are used for executing the tests in parallel?"
value: "8"
# Declare .environments which is in `opendesk-env` repository. In case it is not available # Declare .environments which is in `opendesk-env` repository. In case it is not available
# 'cache' is used because job as a dummy key, as the job is not allowed to be empty. # 'cache' is used because job as a dummy key, as the job is not allowed to be empty.
@@ -560,7 +563,8 @@ run-tests:
\"screenshot_redirect_step\": \"yes\", \ \"screenshot_redirect_step\": \"yes\", \
\"testset\": \"${TESTS_TESTSET}\", \ \"testset\": \"${TESTS_TESTSET}\", \
\"testprofile\": \"Namespace\", \ \"testprofile\": \"Namespace\", \
\"GRACE_PERIOD\": \"${TESTS_GRACE_PERIOD}\" \ \"GRACE_PERIOD\": \"${TESTS_GRACE_PERIOD}\", \
\"NUMBER_OF_THREADS\": \"${TESTS_NUMBER_OF_THREADS}\" \
} \ } \
}" \ }" \
"https://${TESTS_PROJECT_URL}/trigger/pipeline" "https://${TESTS_PROJECT_URL}/trigger/pipeline"

6
docs/enhanced-configuration/idp-federation.md
View File

@@ -6,7 +6,6 @@ SPDX-License-Identifier: Apache-2.0
<h1>Federation with external identity provider (IdP)</h1> <h1>Federation with external identity provider (IdP)</h1>
<!-- TOC --> <!-- TOC -->
* [Context](#context)
* [References](#references) * [References](#references)
* [Prerequisites](#prerequisites) * [Prerequisites](#prerequisites)
* [User accounts](#user-accounts) * [User accounts](#user-accounts)
@@ -153,10 +152,9 @@ The following configuration is taking place in the Keycloak realm `opendesk`.
- *Client authentication*: `Client secret sent as post` (default) - *Client authentication*: `Client secret sent as post` (default)
- *Client ID*: Use the client ID you took from your organization's IdP config (`opendesk-federation-client` in this example) - *Client ID*: Use the client ID you took from your organization's IdP config (`opendesk-federation-client` in this example)
- *Client Secret*: Use the secret you took from your organization's IdP config - *Client Secret*: Use the secret you took from your organization's IdP config
- When completed with *Add*, you get to the detailed IdP configured that also needs some updates (you may need to open the *Advanced* section to access some settings) - When completed with *Add*, you get to the detailed IdP configuration that at least needs some the following update:
- *Back-channel logout*: `On`
- *Disable user info*: `On`
- *First login flow override*: `auto-federate-flow` - *First login flow override*: `auto-federate-flow`
- Depending on your organizations IdP and process preferences additional setting may be required
- In case you want to forcefully redirect all users to your organization's IdP (disabling login with local openDesk accounts): - In case you want to forcefully redirect all users to your organization's IdP (disabling login with local openDesk accounts):
- *Authentication* > `2fa-browser` - *Authentication* > `2fa-browser`

194
docs/external-services.md
View File

@@ -11,6 +11,7 @@ This document will cover the additional configuration for external services like
* [Database](#database) * [Database](#database)
* [Object storage](#object-storage) * [Object storage](#object-storage)
* [Cache](#cache) * [Cache](#cache)
* [Footnotes](#footnotes)
<!-- TOC --> <!-- TOC -->
# Database # Database
@@ -18,93 +19,134 @@ This document will cover the additional configuration for external services like
When deploying this suite to production, you need to configure the applications to use your production-grade database When deploying this suite to production, you need to configure the applications to use your production-grade database
service. service.
| Component | Name | Type | Parameter | Key | Default | > **Note**<br>
| ------------ | ------------------ | ---------- | --------- | ---------------------------------------- | -------------------------- | > openDesk supports PostgreSQL as alternative database backend for Nextcloud and XWiki. PostgreSQL is likely become the preferred option/default in the future and MariaDB might be deprecated at a later point requiring migrations[^1] if you do not select PostgreSQL for new installations.
| Element | Synapse | PostgreSQL | | | |
| | | | Name | `databases.synapse.name` | `matrix` | | Component | Name | Parameter | Key | Default |
| | | | Host | `databases.synapse.host` | `postgresql` | | ---------------- | ------------------ | --------- | --------------------------------------------- | ---------------------------- |
| | | | Port | `databases.synapse.port` | `5432` | | Element | Synapse | | | |
| | | | Username | `databases.synapse.username` | `matrix_user` | | | | Type | `databases.synapse.type` | `postgresql` |
| | | | Password | `databases.synapse.password` | | | | | Name | `databases.synapse.name` | `matrix` |
| Keycloak | Keycloak | PostgreSQL | | | | | | | Host | `databases.synapse.host` | `postgresql` |
| | | | Name | `databases.keycloak.name` | `keycloak` | | | | Port | `databases.synapse.port` | `5432` |
| | | | Host | `databases.keycloak.host` | `postgresql` | | | | Username | `databases.synapse.username` | `matrix_user` |
| | | | Port | `databases.keycloak.port` | `5432` | | | | Password | `databases.synapse.password` | |
| | | | Username | `databases.keycloak.username` | `keycloak_user` | | Nubus | Guardian Mgmt API | | | |
| | | | Password | `databases.keycloak.password` | | | | | Type | `databases.umsGuardianManagementApi.type` | `postgresql` |
| | Keycloak Extension | PostgreSQL | | | | | | | Name | `databases.umsGuardianManagementApi.name` | `guardianmanagementapi` |
| | | | Name | `databases.keycloakExtension.name` | `keycloak_extensions` | | | | Host | `databases.umsGuardianManagementApi.host` | `postgresql` |
| | | | Host | `databases.keycloakExtension.host` | `postgresql` | | | | Port | `databases.umsGuardianManagementApi.port` | `5432` |
| | | | Port | `databases.keycloakExtension.port` | `5432` | | | | Username | `databases.umsGuardianManagementApi.username` | `guardianmanagementapi_user` |
| | | | Username | `databases.keycloakExtension.username` | `keycloak_extensions_user` | | | | Password | `databases.umsGuardianManagementApi.password` | |
| | | | Password | `databases.keycloakExtension.password` | | | | Keycloak | | | |
| UMS | Notifications API | PostgreSQL | | | | | | | Type | `databases.keycloak.type` | `postgresql` |
| | | | Name | `databases.umsNotificationsApi.name` | `notificationsapi` | | | | Name | `databases.keycloak.name` | `keycloak` |
| | | | Host | `databases.umsNotificationsApi.host` | `postgresql` | | | | Host | `databases.keycloak.host` | `postgresql` |
| | | | Port | `databases.umsNotificationsApi.port` | `5432` | | | | Port | `databases.keycloak.port` | `5432` |
| | | | Username | `databases.umsNotificationsApi.username` | `notificationsapi_user` | | | | Username | `databases.keycloak.username` | `keycloak_user` |
| | | | Password | `databases.umsNotificationsApi.password` | | | | | Password | `databases.keycloak.password` | |
| | Self Service | PostgreSQL | | | | | | Keycloak Extension | | | |
| | | | Name | `databases.umsSelfservice.name` | `selfservice` | | | | Type | `databases.keycloakExtension.type` | `postgresql` |
| | | | Host | `databases.umsSelfservice.host` | `postgresql` | | | | Name | `databases.keycloakExtension.name` | `keycloak_extensions` |
| | | | Port | `databases.umsSelfservice.port` | `5432` | | | | Host | `databases.keycloakExtension.host` | `postgresql` |
| | | | Username | `databases.umsSelfservice.username` | `selfservice_user` | | | | Port | `databases.keycloakExtension.port` | `5432` |
| | | | Password | `databases.umsSelfservice.password` | | | | | Username | `databases.keycloakExtension.username` | `keycloak_extensions_user` |
| Nextcloud | Nextcloud | MariaDB | | | | | | | Password | `databases.keycloakExtension.password` | |
| | | | Name | `databases.nextcloud.name` | `nextcloud` | | | Notifications API | | | |
| | | | Host | `databases.nextcloud.host` | `mariadb` | | | | Type | `databases.umsNotificationsApi.type` | `postgresql` |
| | | | Username | `databases.nextcloud.username` | `nextcloud_user` | | | | Name | `databases.umsNotificationsApi.name` | `notificationsapi` |
| | | | Password | `databases.nextcloud.password` | | | | | Host | `databases.umsNotificationsApi.host` | `postgresql` |
| OpenProject | OpenProject | PostgreSQL | | | | | | | Port | `databases.umsNotificationsApi.port` | `5432` |
| | | | Name | `databases.openproject.name` | `openproject` | | | | Username | `databases.umsNotificationsApi.username` | `notificationsapi_user` |
| | | | Host | `databases.openproject.host` | `postgresql` | | | | Password | `databases.umsNotificationsApi.password` | |
| | | | Port | `databases.openproject.port` | `5432` | | | Self Service | | | |
| | | | Username | `databases.openproject.username` | `openproject_user` | | | | Type | `databases.umsSelfservice.type` | `postgresql` |
| | | | Password | `databases.openproject.password` | | | | | Name | `databases.umsSelfservice.name` | `selfservice` |
| OX App Suite | OX App Suite | MariaDB | | | | | | | Host | `databases.umsSelfservice.host` | `postgresql` |
| | | | Name | `databases.oxAppSuite.name` | `CONFIGDB` | | | | Port | `databases.umsSelfservice.port` | `5432` |
| | | | Host | `databases.oxAppSuite.host` | `mariadb` | | | | Username | `databases.umsSelfservice.username` | `selfservice_user` |
| | | | Username | `databases.oxAppSuite.username` | `root` | | | | Password | `databases.umsSelfservice.password` | |
| | | | Password | `databases.oxAppSuite.password` | | | Nextcloud | Nextcloud | | | |
| XWiki | XWiki | MariaDB | | | | | | | Type | `databases.nextcloud.type` | `mariadb` |
| | | | Name | `databases.xwiki.name` | `xwiki` | | | | Name | `databases.nextcloud.name` | `nextcloud` |
| | | | Host | `databases.xwiki.host` | `mariadb` | | | | Host | `databases.nextcloud.host` | `mariadb` |
| | | | Username | `databases.xwiki.username` | `xwiki_user` | | | | Port | `databases.nextcloud.port` | `3306` |
| | | | Password | `databases.xwiki.password` | | | | | Username | `databases.nextcloud.username` | `nextcloud_user` |
| | | Password | `databases.nextcloud.password` | |
| Notes | Notes | | | |
| | | Type | `databases.notes.type` | `postgresql` |
| | | Name | `databases.notes.name` | `notes` |
| | | Host | `databases.notes.host` | `postgresql` |
| | | Port | `databases.notes.port` | `5432` |
| | | Username | `databases.notes.username` | `notes_user` |
| | | Password | `databases.notes.password` | |
| OpenProject | OpenProject | | | |
| | | Type | `databases.openproject.type` | `postgresql` |
| | | Name | `databases.openproject.name` | `openproject` |
| | | Host | `databases.openproject.host` | `postgresql` |
| | | Port | `databases.openproject.port` | `5432` |
| | | Username | `databases.openproject.username` | `openproject_user` |
| | | Password | `databases.openproject.password` | |
| OX App Suite[^2] | OX App Suite | | | |
| | | Type | `databases.oxAppSuite.type` | `mariadb` |
| | | Name | `databases.oxAppSuite.name` | `openxchange` |
| | | Host | `databases.oxAppSuite.host` | `mariadb` |
| | | Port | `databases.oxAppSuite.port` | `3306` |
| | | Username | `databases.oxAppSuite.username` | `root` |
| | | Password | `databases.oxAppSuite.password` | |
| XWiki[^3] | XWiki | | | |
| | | Type | `databases.xwiki.type` | `mariadb` |
| | | Name | `databases.xwiki.name` | `xwiki` |
| | | Host | `databases.xwiki.host` | `mariadb` |
| | | Port | `databases.xwiki.port` | `3306` |
| | | Username | `databases.xwiki.username` | `root` |
| | | Password | `databases.xwiki.password` | |
# Object storage # Object storage
When deploying this suite to production, you need to configure the applications to use your production-grade object When deploying this suite to production, you need to configure the applications to use your production-grade object
storage service. storage service.
| Component   | Name        | Parameter       | Key                                      | Default            | | Component | Name | Parameter | Key | Default |
|-------------|-------------|-----------------|------------------------------------------|--------------------| |-------------|-------------|-----------------|------------------------------------------|--------------------|
| OpenProject | OpenProject |                 |                                          |                    | | OpenProject | OpenProject | | | |
|             |             | Backend         | `objectstores.openproject.backend` | `minio` | | | | Backend | `objectstores.openproject.backend` | `minio` |
|             |             | Bucket          | `objectstores.openproject.bucket` | `openproject` | | | | Bucket | `objectstores.openproject.bucket` | `openproject` |
|             |             | Endpoint        | `objectstores.openproject.endpoint` |                    | | | | Endpoint | `objectstores.openproject.endpoint` | |
|             |             | Provider        | `objectstores.openproject.provider` | `AWS` | | | | Provider | `objectstores.openproject.provider` | `AWS` |
|             |             | Region          | `objectstores.openproject.region` |                    | | | | Region | `objectstores.openproject.region` | |
|             |             | Secret          | `objectstores.openproject.secret` |                    | | | | Secret | `objectstores.openproject.secret` | |
|             |             | Username        | `objectstores.openproject.username` | `openproject_user` | | | | Username | `objectstores.openproject.username` | `openproject_user` |
|             |             | Use IAM profile | `objectstores.openproject.useIAMProfile` |                    | | | | Use IAM profile | `objectstores.openproject.useIAMProfile` | |
# Cache # Cache
When deploying this suite to production, you need to configure the applications to use your production-grade cache When deploying this suite to production, you need to configure the applications to use your production-grade cache
service. service.
| Component        | Name             | Type      | Parameter | Key                          | Default          | | Component | Name | Type | Parameter | Key | Default |
|------------------|------------------|-----------|-----------|------------------------------|------------------| |------------------|------------------|-----------|-----------|------------------------------|------------------|
| Intercom Service | Intercom Service | Redis     |           |                              |                  | | Intercom Service | Intercom Service | Redis | | | |
|                  |                  |           | Host      | `cache.intercomService.host` | `redis-headless` | | | | | Host | `cache.intercomService.host` | `redis-headless` |
|                  |                  |           | Port      | `cache.intercomService.port` | `6379` | | | | | Port | `cache.intercomService.port` | `6379` |
| Nextcloud        | Nextcloud        | Redis     |           |                              |                  | | Nextcloud | Nextcloud | Redis | | | |
|                  |                  |           | Host      | `cache.nextcloud.host` | `redis-headless` | | | | | Host | `cache.nextcloud.host` | `redis-headless` |
|                  |                  |           | Port      | `cache.nextcloud.port` | `6379` | | | | | Port | `cache.nextcloud.port` | `6379` |
| OpenProject      | OpenProject      | Memcached |           |                              |                  | | OpenProject | OpenProject | Memcached | | | |
|                  |                  |           | Host      | `cache.openproject.host` | `memcached` | | | | | Host | `cache.openproject.host` | `memcached` |
|                  |                  |           | Port      | `cache.openproject.port` | `11211` | | | | | Port | `cache.openproject.port` | `11211` |
| UMS              | Self Service     | Memcached |           |                              |                  | | UMS | Self Service | Memcached | | | |
|                  |                  |           | Host      | `cache.umsSelfservice.host` | `memcached` | | | | | Host | `cache.umsSelfservice.host` | `memcached` |
|                  |                  |           | Port      | `cache.umsSelfservice.port` | `11211` | | | | | Port | `cache.umsSelfservice.port` | `11211` |
# Footnotes
[^1] The upstream product provide some valuable information regarding database migrations:
- Nextcloud: https://docs.nextcloud.com/server/latest/admin_manual/configuration_database/db_conversion.html
- XWiki:
- https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Backup#HUsingtheXWikiExportfeature
- https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/ImportExport
[^2] OX App Suite only supports MariaDB and requires root access, as it manages its databases itself.
[^3] XWiki requires root access when using MariaDB as sub-wikis are using separate databases that are managed by XWiki. When using PostgreSQL with XWiki no root user is required as the sub-wikis are managed within multiple schemes within a single database.

13
helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl
View File

@@ -51,6 +51,13 @@ configuration:
# internalWopiUrl: "" # internalWopiUrl: ""
wopiAllowlist: {{ join ", " ( concat .Values.cluster.networking.cidr .Values.cluster.networking.incomingCIDR ) | quote }} wopiAllowlist: {{ join ", " ( concat .Values.cluster.networking.cidr .Values.cluster.networking.incomingCIDR ) | quote }}
database: database:
{{ if eq .Values.databases.nextcloud.type "mariadb" }}
type: "mysql"
{{ else if eq .Values.databases.nextcloud.type "postgresql" }}
type: "pgsql"
{{ else }}
{{ .Values.databases.nextcloud.type | quote }}
{{ end }}
host: {{ .Values.databases.nextcloud.host | quote }} host: {{ .Values.databases.nextcloud.host | quote }}
port: {{ .Values.databases.nextcloud.port | quote }} port: {{ .Values.databases.nextcloud.port | quote }}
name: {{ .Values.databases.nextcloud.name | quote }} name: {{ .Values.databases.nextcloud.name | quote }}
@@ -58,7 +65,13 @@ configuration:
username: username:
value: {{ .Values.databases.nextcloud.username | quote }} value: {{ .Values.databases.nextcloud.username | quote }}
password: password:
{{- if or (eq .Values.databases.nextcloud.type "mariadb") (eq .Values.databases.nextcloud.type "mysql") }}
value: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }} value: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }}
{{- else if or (eq .Values.databases.nextcloud.type "postgresql") (eq .Values.databases.nextcloud.type "psql") }}
value: {{ .Values.databases.nextcloud.password | default .Values.secrets.postgresql.nextcloudUser | quote }}
{{- else }}
value: {{ .Values.databases.nextcloud.password | quote }}
{{- end }}
ldap: ldap:
host: {{ .Values.ldap.host | quote }} host: {{ .Values.ldap.host | quote }}
password: password:

13
helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl
View File

@@ -63,6 +63,13 @@ aio:
port: {{ .Values.cache.nextcloud.port | quote }} port: {{ .Values.cache.nextcloud.port | quote }}
tls: {{ .Values.cache.nextcloud.tls }} tls: {{ .Values.cache.nextcloud.tls }}
database: database:
{{ if eq .Values.databases.nextcloud.type "mariadb" }}
type: "mysql"
{{ else if eq .Values.databases.nextcloud.type "postgresql" }}
type: "pgsql"
{{ else }}
{{ .Values.databases.nextcloud.type | quote }}
{{ end }}
host: {{ .Values.databases.nextcloud.host | quote }} host: {{ .Values.databases.nextcloud.host | quote }}
port: {{ .Values.databases.nextcloud.port | quote }} port: {{ .Values.databases.nextcloud.port | quote }}
name: {{ .Values.databases.nextcloud.name | quote }} name: {{ .Values.databases.nextcloud.name | quote }}
@@ -70,7 +77,13 @@ aio:
username: username:
value: {{ .Values.databases.nextcloud.username | quote }} value: {{ .Values.databases.nextcloud.username | quote }}
password: password:
{{- if or (eq .Values.databases.nextcloud.type "mariadb") (eq .Values.databases.nextcloud.type "mysql") }}
value: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }} value: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }}
{{- else if or (eq .Values.databases.nextcloud.type "postgresql") (eq .Values.databases.nextcloud.type "psql") }}
value: {{ .Values.databases.nextcloud.password | default .Values.secrets.postgresql.nextcloudUser | quote }}
{{- else }}
value: {{ .Values.databases.nextcloud.password | quote }}
{{- end }}
trustedProxy: {{ join " " .Values.cluster.networking.cidr | quote }} trustedProxy: {{ join " " .Values.cluster.networking.cidr | quote }}
containerSecurityContext: containerSecurityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false

32
helmfile/apps/services-external/values-mariadb.yaml.gotmpl
View File

@@ -39,32 +39,32 @@ job:
retries: 10 retries: 10
wait: 30 wait: 30
users: users:
- username: "openxchange_user"
password: {{ .Values.secrets.mariadb.openxchangeUser | quote }}
connectionLimit: {{ .Values.databases.oxAppSuite.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
{{ if or (eq .Values.databases.nextcloud.type "mariadb") (eq .Values.databases.nextcloud.type "mysql") }}
- username: {{ .Values.databases.nextcloud.username | quote }} - username: {{ .Values.databases.nextcloud.username | quote }}
password: {{ .Values.secrets.mariadb.nextcloudUser | quote}} password: {{ .Values.secrets.mariadb.nextcloudUser | quote}}
connectionLimit: {{ .Values.databases.nextcloud.connectionLimit | default .Values.databases.defaults.userConnectionLimit }} connectionLimit: {{ .Values.databases.nextcloud.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
# OX and XWiki are using the db's `root` users (see `database.yaml.gotmpl`). So we are statically referencing their dedicated {{ end }}
# users for the moment. {{ if eq .Values.databases.xwiki.type "mariadb" }}
- username: "openxchange_user"
# - username: {{ .Values.databases.xwiki.username | quote }}
password: {{ .Values.secrets.mariadb.openxchangeUser | quote }}
connectionLimit: {{ .Values.databases.oxAppSuite.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
- username: "xwiki_user" - username: "xwiki_user"
# - username: {{ .Values.databases.oxAppSuite.username | quote }}
password: {{ .Values.secrets.mariadb.xwikiUser | quote }} password: {{ .Values.secrets.mariadb.xwikiUser | quote }}
connectionLimit: {{ .Values.databases.xwiki.connectionLimit | default .Values.databases.defaults.userConnectionLimit }} connectionLimit: {{ .Values.databases.xwiki.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
{{ end }}
databases: databases:
# OX uses root user and auto automanages the database, we add a dummy user and create a dummy/empty database.
- name: "openxchange_dummy"
user: "openxchange_user"
{{ if or (eq .Values.databases.nextcloud.type "mariadb") (eq .Values.databases.nextcloud.type "mysql") }}
- name: {{ .Values.databases.nextcloud.name | quote }} - name: {{ .Values.databases.nextcloud.name | quote }}
user: {{ .Values.databases.nextcloud.username | quote }} user: {{ .Values.databases.nextcloud.username | quote }}
# OX and XWiki are using the db's `root` users (see `database.yaml.gotmpl`). So we are statically referencing their dedicated {{ end }}
# users for the moment. {{ if eq .Values.databases.xwiki.type "mariadb" }}
- name: "openxchange" # XWiki uses root user to create new subwiki databases, we add a dummy user.
user: "openxchange_user" - name: {{ .Values.databases.xwiki.name | quote }}
# - name: {{ .Values.databases.oxAppSuite.name | quote }}
# user: {{ .Values.databases.oxAppSuite.username | quote }}
- name: "xwiki"
user: "xwiki_user" user: "xwiki_user"
# - name: {{ .Values.databases.xwiki.name | quote }} {{ end }}
# user: {{ .Values.databases.xwiki.username | quote }}
mariadb: mariadb:
rootPassword: rootPassword:

19
helmfile/apps/services-external/values-postgresql.yaml.gotmpl
View File

@@ -69,6 +69,16 @@ job:
- username: {{ .Values.databases.umsSelfservice.username | quote }} - username: {{ .Values.databases.umsSelfservice.username | quote }}
password: {{ .Values.secrets.postgresql.umsSelfserviceUser | quote }} password: {{ .Values.secrets.postgresql.umsSelfserviceUser | quote }}
connectionLimit: {{ .Values.databases.umsSelfservice.connectionLimit | default .Values.databases.defaults.userConnectionLimit }} connectionLimit: {{ .Values.databases.umsSelfservice.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
{{ if or (eq .Values.databases.nextcloud.type "postgresql") (eq .Values.databases.nextcloud.type "psql") }}
- username: {{ .Values.databases.nextcloud.username | quote }}
password: {{ .Values.secrets.postgresql.nextcloudUser | quote }}
connectionLimit: {{ .Values.databases.nextcloud.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
{{ end }}
{{ if eq .Values.databases.xwiki.type "postgresql" }}
- username: {{ .Values.databases.xwiki.username | quote }}
password: {{ .Values.secrets.postgresql.xwikiUser | quote }}
connectionLimit: {{ .Values.databases.xwiki.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
{{ end }}
databases: databases:
- name: {{ .Values.databases.keycloak.name | quote }} - name: {{ .Values.databases.keycloak.name | quote }}
user: {{ .Values.databases.keycloak.username | quote }} user: {{ .Values.databases.keycloak.username | quote }}
@@ -87,6 +97,15 @@ job:
user: {{ .Values.databases.umsNotificationsApi.username | quote }} user: {{ .Values.databases.umsNotificationsApi.username | quote }}
- name: {{ .Values.databases.umsSelfservice.name | quote }} - name: {{ .Values.databases.umsSelfservice.name | quote }}
user: {{ .Values.databases.umsSelfservice.username | quote }} user: {{ .Values.databases.umsSelfservice.username | quote }}
{{ if or (eq .Values.databases.nextcloud.type "postgresql") (eq .Values.databases.nextcloud.type "psql") }}
- name: {{ .Values.databases.nextcloud.name | quote }}
user: {{ .Values.databases.nextcloud.username | quote }}
{{ end }}
{{ if eq .Values.databases.xwiki.type "postgresql" }}
- name: {{ .Values.databases.xwiki.name | quote }}
user: {{ .Values.databases.xwiki.username | quote }}
additionalParams: "ENCODING 'UNICODE' template=template0"
{{ end }}
persistence: persistence:
size: {{ .Values.persistence.storages.postgresql.size | quote }} size: {{ .Values.persistence.storages.postgresql.size | quote }}

16
helmfile/apps/xwiki/values.yaml.gotmpl
View File

@@ -5,10 +5,16 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
image: image:
name: "{{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.xwiki.registry }}/{{ .Values.images.xwiki.repository }}" {{- if eq .Values.databases.xwiki.type "mariadb" }}
tag: {{ .Values.images.xwiki.tag | quote }} name: "{{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.xwikiMariadb.registry }}/{{ .Values.images.xwikiMariadb.repository }}"
tag: {{ .Values.images.xwikiMariadb.tag | quote }}
{{- else if eq .Values.databases.xwiki.type "postgresql" }}
name: "{{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.xwikiPostgres.registry }}/{{ .Values.images.xwikiPostgres.repository }}"
tag: {{ .Values.images.xwikiPostgres.tag | quote }}
{{- else }}
{{- fail "Unsupported value for .Values.databases.xwiki.type, supported values are 'mariadb' or 'postgresql'" }}
{{- end }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }} pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
imagePullSecrets: {{ .Values.global.imagePullSecrets }} imagePullSecrets: {{ .Values.global.imagePullSecrets }}
{{- if .Values.certificate.selfSigned }} {{- if .Values.certificate.selfSigned }}
@@ -19,7 +25,11 @@ javaOpts:
{{- end }} {{- end }}
externalDB: externalDB:
{{- if eq .Values.databases.xwiki.type "mariadb" }}
password: {{ .Values.databases.xwiki.password | default .Values.secrets.mariadb.rootPassword | quote }} password: {{ .Values.databases.xwiki.password | default .Values.secrets.mariadb.rootPassword | quote }}
{{- else }}
password: {{ .Values.databases.xwiki.password | default .Values.secrets.postgresql.xwikiUser | quote }}
{{- end }}
database: {{ .Values.databases.xwiki.name | quote }} database: {{ .Values.databases.xwiki.name | quote }}
user: {{ .Values.databases.xwiki.username | quote }} user: {{ .Values.databases.xwiki.username | quote }}
host: {{ printf "%s:%d" .Values.databases.xwiki.host .Values.databases.xwiki.port | quote }} host: {{ printf "%s:%d" .Values.databases.xwiki.host .Values.databases.xwiki.port | quote }}

2
helmfile/environments/default/charts.yaml.gotmpl
View File

@@ -434,7 +434,7 @@ charts:
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/platform-development/charts/opendesk-postgresql" repository: "bmi/opendesk/components/platform-development/charts/opendesk-postgresql"
name: "postgresql" name: "postgresql"
version: "2.1.1" version: "2.1.2"
verify: true verify: true
redis: redis:
# providerCategory: "Community" # providerCategory: "Community"

15
helmfile/environments/default/database.yaml.gotmpl
View File

@@ -1,10 +1,13 @@
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
#
# See `external-services.md` for more details on the database configuration
--- ---
databases: databases:
defaults: defaults:
userConnectionLimit: 100 userConnectionLimit: 100
keycloak: keycloak:
type: "postgresql"
name: "keycloak" name: "keycloak"
host: "postgresql" host: "postgresql"
port: 5432 port: 5432
@@ -12,6 +15,7 @@ databases:
password: "" password: ""
connectionLimit: ~ connectionLimit: ~
keycloakExtension: keycloakExtension:
type: "postgresql"
name: "keycloak_extensions" name: "keycloak_extensions"
host: "postgresql" host: "postgresql"
port: 5432 port: 5432
@@ -19,6 +23,8 @@ databases:
password: "" password: ""
connectionLimit: ~ connectionLimit: ~
nextcloud: nextcloud:
# Nextcloud itself also supports `postgresql` or `oci`
type: "mariadb"
name: "nextcloud" name: "nextcloud"
host: "mariadb" host: "mariadb"
port: 3306 port: 3306
@@ -26,6 +32,7 @@ databases:
password: "" password: ""
connectionLimit: ~ connectionLimit: ~
notes: notes:
type: "postgresql"
name: "notes" name: "notes"
host: "postgresql" host: "postgresql"
port: 5432 port: 5432
@@ -33,6 +40,7 @@ databases:
password: "" password: ""
connectionLimit: ~ connectionLimit: ~
openproject: openproject:
type: "postgresql"
name: "openproject" name: "openproject"
host: "postgresql" host: "postgresql"
port: 5432 port: 5432
@@ -40,6 +48,7 @@ databases:
password: "" password: ""
connectionLimit: ~ connectionLimit: ~
oxAppSuite: oxAppSuite:
type: "mariadb"
name: "configdb" name: "configdb"
host: "mariadb" host: "mariadb"
port: 3306 port: 3306
@@ -47,6 +56,7 @@ databases:
password: "" password: ""
connectionLimit: ~ connectionLimit: ~
synapse: synapse:
type: "postgresql"
name: "matrix" name: "matrix"
host: "postgresql" host: "postgresql"
port: 5432 port: 5432
@@ -69,6 +79,7 @@ databases:
connectionPoolMax: "5" connectionPoolMax: "5"
connectionLimit: ~ connectionLimit: ~
umsGuardianManagementApi: umsGuardianManagementApi:
type: "postgresql"
name: "guardianmanagementapi" name: "guardianmanagementapi"
host: "postgresql" host: "postgresql"
port: 5432 port: 5432
@@ -76,6 +87,7 @@ databases:
password: "" password: ""
connectionLimit: ~ connectionLimit: ~
umsNotificationsApi: umsNotificationsApi:
type: "postgresql"
name: "notificationsapi" name: "notificationsapi"
host: "postgresql" host: "postgresql"
port: 5432 port: 5432
@@ -83,6 +95,7 @@ databases:
password: "" password: ""
connectionLimit: ~ connectionLimit: ~
umsSelfservice: umsSelfservice:
type: "postgresql"
name: "selfservice" name: "selfservice"
host: "postgresql" host: "postgresql"
port: 5432 port: 5432
@@ -90,6 +103,8 @@ databases:
password: "" password: ""
connectionLimit: 10 connectionLimit: 10
xwiki: xwiki:
# XWiki itself also supports `postgresql`
type: "mariadb"
name: "xwiki" name: "xwiki"
host: "mariadb" host: "mariadb"
port: 3306 port: 3306

12
helmfile/environments/default/images.yaml.gotmpl
View File

@@ -868,7 +868,7 @@ images:
registry: "registry-1.docker.io" registry: "registry-1.docker.io"
repository: "library/nginx" repository: "library/nginx"
tag: "1.27.3-alpine3.20@sha256:41523187cf7d7a2f2677a80609d9caa14388bf5c1fbca9c410ba3de602aaaab4" tag: "1.27.3-alpine3.20@sha256:41523187cf7d7a2f2677a80609d9caa14388bf5c1fbca9c410ba3de602aaaab4"
xwiki: xwikiMariadb:
# providerCategory: "Supplier" # providerCategory: "Supplier"
# providerResponsible: "XWiki" # providerResponsible: "XWiki"
# upstreamRegistry: "https://git.xwikisas.com:5050" # upstreamRegistry: "https://git.xwikisas.com:5050"
@@ -878,4 +878,14 @@ images:
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/xwiki/images-mirror/xwiki" repository: "bmi/opendesk/components/supplier/xwiki/images-mirror/xwiki"
tag: "0.23-mariadb-jetty-alpine@sha256:d358212cc5c3addc4be02cfd0f2b08aa8b88399ac5848e152111f231356558da" tag: "0.23-mariadb-jetty-alpine@sha256:d358212cc5c3addc4be02cfd0f2b08aa8b88399ac5848e152111f231356558da"
xwikiPostgres:
# providerCategory: "Supplier"
# providerResponsible: "XWiki"
# upstreamRegistry: "https://git.xwikisas.com:5050"
# upstreamRepository: "xwikisas/swp/xwiki"
# upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)-postgres.+$'
# upstreamMirrorStartFrom: ["0", "23"]
registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/xwiki/images-mirror/xwiki"
tag: "0.23-postgres-jetty-alpine@sha256:01f7d6fd8397a7903c23452cded4866220d733554066b6f5746eecde183fe15a"
... ...

2
helmfile/environments/default/secrets.yaml.gotmpl
View File

@@ -57,11 +57,13 @@ secrets:
keycloakUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "keycloak_user" | sha1sum | quote }} keycloakUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "keycloak_user" | sha1sum | quote }}
keycloakExtensionUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "keycloak_extensions_user" | sha1sum | quote }} keycloakExtensionUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "keycloak_extensions_user" | sha1sum | quote }}
matrixUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "matrix_user" | sha1sum | quote }} matrixUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "matrix_user" | sha1sum | quote }}
nextcloudUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "nextcloud_user" | sha1sum | quote }}
notesUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "notes_user" | sha1sum | quote }} notesUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "notes_user" | sha1sum | quote }}
openprojectUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "openproject_user" | sha1sum | quote }} openprojectUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "openproject_user" | sha1sum | quote }}
umsNotificationsApiUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "notificationsapi_user" | sha1sum | quote }} umsNotificationsApiUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "notificationsapi_user" | sha1sum | quote }}
umsGuardianManagementApiUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "guardianmanagementapi_user" | sha1sum | quote }} umsGuardianManagementApiUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "guardianmanagementapi_user" | sha1sum | quote }}
umsSelfserviceUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "selfservice_user" | sha1sum | quote }} umsSelfserviceUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "selfservice_user" | sha1sum | quote }}
xwikiUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "xwiki_user" | sha1sum | quote }}
mariadb: mariadb:
rootPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "mariadb" "root_password" | sha1sum | quote }} rootPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "mariadb" "root_password" | sha1sum | quote }}
xwikiUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "mariadb" "xwiki_user" | sha1sum | quote }} xwikiUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "mariadb" "xwiki_user" | sha1sum | quote }}