diff --git a/cspell.json b/cspell.json index 2191382e..db765453 100644 --- a/cspell.json +++ b/cspell.json @@ -73,7 +73,8 @@ "Addressbooks", "filestore", "trashbin", - "bootstrap" + "bootstrap", + "configurability" ], "ignoreWords": [], "import": [] diff --git a/docs/migrations.md b/docs/migrations.md index 5952ec9c..d979373e 100644 --- a/docs/migrations.md +++ b/docs/migrations.md @@ -8,7 +8,10 @@ SPDX-License-Identifier: Apache-2.0 * [Disclaimer](#disclaimer) * [Releases upgrades](#releases-upgrades) * [From v0.9.0](#from-v090) + * [Manual interaction](#manual-interaction) + * [Fileshare configurability](#fileshare-configurability) * [Automated migrations](#automated-migrations) + * [Local Postfix as Relay](#local-postfix-as-relay) * [Updated IAM component Nubus](#updated-iam-component-nubus) * [Manual cleanup](#manual-cleanup) * [From v0.8.1](#from-v081) @@ -31,18 +34,47 @@ Limitations: ## From v0.9.0 +### Manual interaction + +#### Fileshare configurability + +We provide now some configurability regarding the sharing capabilities of the Nextcloud component. + +The new default is different from the standard until now. To keep the current state after the upgrade from 0.9.0 you have to provide the following settings: + +``` +functional: + filestore: + sharing: + # Enables sharing of files with external participants (create external links, send links by mail and allow external upload in shared folders). + enableExternalSharing: true + # Enforces passwords to be used on external shares. + enforceSharingPasswords: false +``` + ### Automated migrations +#### Local Postfix as Relay + +All components relay outgoing mails to the local Postfix. In order for the configuration to be picked up by all components the following restarts are triggered in the migrations `POST` stage: + +- Deployments: + - `opendesk-nextcloud-php` + - `ums-umc-server` +- Stateful Sets: + - `ums-selfservice-listener` + - `opendesk-synapse` + #### Updated IAM component Nubus openDesk is integrating the latest [Nubus](https://www.univention.de/produkte/nubus/) development from Univention. The now redundant and scalable LDAP requires migration activities. These have been automated to avoid manual interaction. The `run_2` of the openDesk upgrade migrations executes the following steps: -- Stage PRE: +- Stage `PRE`: - Delete service `ums-keycloak`, as it will be recreated headless. - Scale down `statefulset/ums-ldap-server` and `statefulset/ums-ldap-notifier` in preparation or the next step: - Create two new PVCs `shared-data-ums-ldap-server-primary-0` and `shared-data-ums-ldap-server-primary-1` for the new LDAP primary pods as copy from the existing `shared-data-ums-ldap-server-0`. The LDAP secondaries will sync from the primary nodes. -- Stage POST: +- Stage `POST`: - Restart Keycloak. ##### Manual cleanup diff --git a/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl b/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl index 0e7b4bd2..c5730008 100644 --- a/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl +++ b/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl @@ -73,6 +73,12 @@ configuration: value: "opendesk_username" password: value: {{ .Values.secrets.centralnavigation.apiKey | quote }} + sharing: + allowLinks: {{ .Values.functional.filestore.sharing.enableExternalSharing }} + allowMailNotification: {{ .Values.functional.filestore.sharing.enableExternalSharing }} + allowPublicUpload: {{ .Values.functional.filestore.sharing.enableExternalSharing }} + enforceLinksPassword: {{ .Values.functional.filestore.sharing.enforceSharingPasswords }} + enforcePasswordProtection: {{ .Values.functional.filestore.sharing.enforceSharingPasswords }} smtp: auth: enabled: false diff --git a/helmfile/environments/default/charts.yaml b/helmfile/environments/default/charts.yaml index 74b3ec3f..464b7ed1 100644 --- a/helmfile/environments/default/charts.yaml +++ b/helmfile/environments/default/charts.yaml @@ -232,7 +232,7 @@ charts: registry: "registry.opencode.de" repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud" name: "opendesk-nextcloud" - version: "3.0.0" + version: "3.1.0" verify: true nextcloudManagement: # providerCategory: "Platform" @@ -242,7 +242,7 @@ charts: registry: "registry.opencode.de" repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud" name: "opendesk-nextcloud-management" - version: "3.0.0" + version: "3.1.0" verify: true nginx: # providerCategory: "Community" diff --git a/helmfile/environments/default/functional.yaml b/helmfile/environments/default/functional.yaml index 3eb28132..149fde15 100644 --- a/helmfile/environments/default/functional.yaml +++ b/helmfile/environments/default/functional.yaml @@ -34,6 +34,13 @@ functional: quota: # Set the default quota for all users in GB default: 1 + # Options related to file sharing, changing these options might require a restart of the `opendesk-nextcloud-php` Pod(s). + sharing: + # Enables sharing of files with external participants (create external links, send links by mail and allow external upload in shared folders). + # If you disable this option existing external shares stop working, when re-enabling it the old shares are available again. + enableExternalSharing: false + # Enforces passwords to be used on external shares. + enforceSharingPasswords: true # Nextcloud specific configuration nextcloud: retentionObligation: diff --git a/helmfile/environments/default/images.yaml b/helmfile/environments/default/images.yaml index b7d5612b..f56435ae 100644 --- a/helmfile/environments/default/images.yaml +++ b/helmfile/environments/default/images.yaml @@ -237,7 +237,7 @@ images: # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-apache2" registry: "registry.opencode.de" repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-apache2" - tag: "1.1.24@sha256:c9222da8be7af12c9076b41d1a14e019725afc075e1aaa2b727be21c1bf45f10" + tag: "1.2.0@sha256:f1c64bc7b9d1993a7c79ca73c1594fdea49ef4adf4ebe4286e01ccc1ad9290c7" nextcloudExporter: # providerCategory: "Platform" # providerResponsible: "openDesk" @@ -253,7 +253,7 @@ images: # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-management" registry: "registry.opencode.de" repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-management" - tag: "1.4.4@sha256:b70c159d6a1827748ca1f8fe0b9fd5b011eaed8719172105e1e9c8b8d776cf97" + tag: "1.5.1@sha256:c9bb139b4553d015247ffaa6448e5c2c7d48d124da5dbdea42a6ff068a46e48a" nextcloudPHP: # providerCategory: "Platform" # providerResponsible: "openDesk" @@ -261,7 +261,7 @@ images: # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-php" registry: "registry.opencode.de" repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-php" - tag: "1.10.3@sha256:e659ab95d0d3a33d4937354449c12fa46fe2669a866bbf432a9d729bed6d54f7" + tag: "1.11.1@sha256:f4ed857d6e746f5cbefbc8895b3083554f3018091c3e7df355bf0189522de06c" nubusDataLoader: # providerCategory: "Supplier" # providerResponsible: "Univention" diff --git a/helmfile/environments/default/replicas.yaml b/helmfile/environments/default/replicas.yaml index c3c05b4c..d1251185 100644 --- a/helmfile/environments/default/replicas.yaml +++ b/helmfile/environments/default/replicas.yaml @@ -130,8 +130,8 @@ replicas: # -- component: Project management (OpenProject) # -- scalable: true openprojectWeb: 1 - # -- scalable: tdb - # -- comment: Async process that usually has no need for scaling + # -- scalable: true + # -- comment: Async service working on processing queue content. Can work on queues in parallel (when needed). See [upstream Helm chart documentation](https://www.openproject.org/docs/installation-and-operations/installation/helm-chart/) for details, as e.g. dedicated workers to specific queues are in general possible with OpenProject as well.Share openprojectWorker: 1 # -- component: Knowledge management (XWiki)