fix(nextcloud): Update to 29.0.5 and support for new functional settings regarding sharing of files. See the options related to functional.filestore.sharing in functional.yaml and also migrations.md regarding their defaults that differ from the previous standard behaviour of openDesk.

2025-12-06 07:21:36 +01:00 · 2024-08-21 17:28:11 +02:00
parent 3d441933ca
commit ac148d0c28
7 changed files with 56 additions and 10 deletions
--- a/cspell.json
+++ b/cspell.json
@@ -73,7 +73,8 @@
        "Addressbooks",
        "filestore",
        "trashbin",
-        "bootstrap"
+        "bootstrap",
+        "configurability"
    ],
    "ignoreWords": [],
    "import": []
--- a/docs/migrations.md
+++ b/docs/migrations.md
@@ -8,7 +8,10 @@ SPDX-License-Identifier: Apache-2.0
 * [Disclaimer](#disclaimer)
 * [Releases upgrades](#releases-upgrades)
  * [From v0.9.0](#from-v090)
+    * [Manual interaction](#manual-interaction)
+      * [Fileshare configurability](#fileshare-configurability)
    * [Automated migrations](#automated-migrations)
+      * [Local Postfix as Relay](#local-postfix-as-relay)
      * [Updated IAM component Nubus](#updated-iam-component-nubus)
        * [Manual cleanup](#manual-cleanup)
  * [From v0.8.1](#from-v081)
@@ -31,18 +34,47 @@ Limitations:

 ## From v0.9.0

+### Manual interaction
+
+#### Fileshare configurability
+
+We provide now some configurability regarding the sharing capabilities of the Nextcloud component.
+
+The new default is different from the standard until now. To keep the current state after the upgrade from 0.9.0 you have to provide the following settings:
+
+```
+functional:
+  filestore:
+    sharing:
+      # Enables sharing of files with external participants (create external links, send links by mail and allow external upload in shared folders).
+      enableExternalSharing: true
+      # Enforces passwords to be used on external shares.
+      enforceSharingPasswords: false
+```
+
 ### Automated migrations

+#### Local Postfix as Relay
+
+All components relay outgoing mails to the local Postfix. In order for the configuration to be picked up by all components the following restarts are triggered in the migrations `POST` stage:
+
+- Deployments:
+  - `opendesk-nextcloud-php`
+  - `ums-umc-server`
+- Stateful Sets:
+  - `ums-selfservice-listener`
+  - `opendesk-synapse`
+
 #### Updated IAM component Nubus

 openDesk is integrating the latest [Nubus](https://www.univention.de/produkte/nubus/) development from Univention. The now redundant and scalable LDAP requires migration activities. These have been automated to avoid manual interaction. The `run_2` of the openDesk
 upgrade migrations executes the following steps:

- Stage PRE:
+- Stage `PRE`:
  - Delete service `ums-keycloak`, as it will be recreated headless.
  - Scale down `statefulset/ums-ldap-server` and `statefulset/ums-ldap-notifier` in preparation or the next step:
  - Create two new PVCs `shared-data-ums-ldap-server-primary-0` and `shared-data-ums-ldap-server-primary-1` for the new LDAP primary pods as copy from the existing `shared-data-ums-ldap-server-0`. The LDAP secondaries will sync from the primary nodes.
- Stage POST:
+- Stage `POST`:
  - Restart Keycloak.

 ##### Manual cleanup
--- a/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl
+++ b/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl
@@ -73,6 +73,12 @@ configuration:
      value: "opendesk_username"
    password:
      value: {{ .Values.secrets.centralnavigation.apiKey | quote }}
+  sharing:
+    allowLinks: {{ .Values.functional.filestore.sharing.enableExternalSharing }}
+    allowMailNotification: {{ .Values.functional.filestore.sharing.enableExternalSharing }}
+    allowPublicUpload: {{ .Values.functional.filestore.sharing.enableExternalSharing }}
+    enforceLinksPassword: {{ .Values.functional.filestore.sharing.enforceSharingPasswords }}
+    enforcePasswordProtection: {{ .Values.functional.filestore.sharing.enforceSharingPasswords }}
  smtp:
    auth:
      enabled: false
--- a/helmfile/environments/default/charts.yaml
+++ b/helmfile/environments/default/charts.yaml
@@ -232,7 +232,7 @@ charts:
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
    name: "opendesk-nextcloud"
-    version: "3.0.0"
+    version: "3.1.0"
    verify: true
  nextcloudManagement:
    # providerCategory: "Platform"
@@ -242,7 +242,7 @@ charts:
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
    name: "opendesk-nextcloud-management"
-    version: "3.0.0"
+    version: "3.1.0"
    verify: true
  nginx:
    # providerCategory: "Community"
--- a/helmfile/environments/default/functional.yaml
+++ b/helmfile/environments/default/functional.yaml
@@ -34,6 +34,13 @@ functional:
    quota:
      # Set the default quota for all users in GB
      default: 1
+    # Options related to file sharing, changing these options might require a restart of the `opendesk-nextcloud-php` Pod(s).
+    sharing:
+      # Enables sharing of files with external participants (create external links, send links by mail and allow external upload in shared folders).
+      # If you disable this option existing external shares stop working, when re-enabling it the old shares are available again.
+      enableExternalSharing: false
+      # Enforces passwords to be used on external shares.
+      enforceSharingPasswords: true
    # Nextcloud specific configuration
    nextcloud:
      retentionObligation:
--- a/helmfile/environments/default/images.yaml
+++ b/helmfile/environments/default/images.yaml
@@ -237,7 +237,7 @@ images:
    # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-apache2"
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-apache2"
-    tag: "1.1.24@sha256:c9222da8be7af12c9076b41d1a14e019725afc075e1aaa2b727be21c1bf45f10"
+    tag: "1.2.0@sha256:f1c64bc7b9d1993a7c79ca73c1594fdea49ef4adf4ebe4286e01ccc1ad9290c7"
  nextcloudExporter:
    # providerCategory: "Platform"
    # providerResponsible: "openDesk"
@@ -253,7 +253,7 @@ images:
    # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-management"
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-management"
-    tag: "1.4.4@sha256:b70c159d6a1827748ca1f8fe0b9fd5b011eaed8719172105e1e9c8b8d776cf97"
+    tag: "1.5.1@sha256:c9bb139b4553d015247ffaa6448e5c2c7d48d124da5dbdea42a6ff068a46e48a"
  nextcloudPHP:
    # providerCategory: "Platform"
    # providerResponsible: "openDesk"
@@ -261,7 +261,7 @@ images:
    # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-php"
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-php"
-    tag: "1.10.3@sha256:e659ab95d0d3a33d4937354449c12fa46fe2669a866bbf432a9d729bed6d54f7"
+    tag: "1.11.1@sha256:f4ed857d6e746f5cbefbc8895b3083554f3018091c3e7df355bf0189522de06c"
  nubusDataLoader:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
--- a/helmfile/environments/default/replicas.yaml
+++ b/helmfile/environments/default/replicas.yaml
@@ -130,8 +130,8 @@ replicas:
  # -- component: Project management (OpenProject)
  # -- scalable: true
  openprojectWeb: 1
-  # -- scalable: tdb
-  # -- comment: Async process that usually has no need for scaling
+  # -- scalable: true
+  # -- comment: Async service working on processing queue content. Can work on queues in parallel (when needed). See [upstream Helm chart documentation](https://www.openproject.org/docs/installation-and-operations/installation/helm-chart/) for details, as e.g. dedicated workers to specific queues are in general possible with OpenProject as well.Share 
  openprojectWorker: 1

  # -- component: Knowledge management (XWiki)