Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[docs-only] Fixes in the reference configuration for ScienceMesh #4186

Merged
merged 1 commit into from
Sep 14, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions changelog/unreleased/sm-config-docs.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
Enhancement: Fixes in the reference configuration for ScienceMesh

Following the successful onboarding of CESNET, this PR brings some
improvements and fixes to the reference configuration, as well as
some adaptation to the itegration tests.

https://github.com/cs3org/reva/pull/4186
https://github.com/cs3org/reva/pull/4184
https://github.com/cs3org/reva/pull/4183
51 changes: 33 additions & 18 deletions examples/sciencemesh/sciencemesh.toml
Original file line number Diff line number Diff line change
Expand Up @@ -2,25 +2,30 @@
#
## To contextualize this configuration for your deployment, please follow these steps:
#
# 1. In the [vars] section below and everywhere you find it, replace `your.revad.org` with your actual domain
# 2. Replace `your.efss.org` with the actual endpoint of your EFSS system
# 3. Define appropriate secrets in the [vars] section, and match with the EFSS ScienceMesh app configuration
# 4. Provide appropriate SSL certificate and key files in the [http] section
# 1. In the [vars] section below, replace `your.revad.org` with your actual domain
# 2. If you have a Kubernetes deployment with an ingress and a route:
# 2.1. Set the `external_reva_endpoint` var to your actual externally-visible route to reva
# 2.2. In the [http.services.ocmprovider] section, set a `webdav_root` to include your route, e.g. `/iop/remote.php/dav/ocm/`
# 3. Replace `your.efss.org` with the actual endpoint of your EFSS system
# 4. Define appropriate secrets in the [vars] section: the `efss_shared_secret` must match the `oc_appconfig.configvalue` in your EFSS DB for `oc_appconfig.app_id` = `sciencemesh`
# 5. Provide appropriate SSL full chain certificate and key files in the [http] section
#
# If you want to terminate the SSL connection to reva at your reverse proxy system
# (e.g. at your Kubernetes ingress), then you can configure reva to use http instead.
# For that, you need to follow these steps:
#
# 1. Remove the `certfile` and `keyfile` entries from the [http] section
# 2. Replace `:443` with `:80` (or any other suitable value) everywhere you find it
# 3. replace `https` with `http` in the `datagateway` and `data_server_url` entries
# 2. Replace the https port `443` with a port number of your choice everywhere you find it
# 3. Make sure all `https`-served endpoints (including `datagateway`) are adapted accordingly


[vars]
internal_gateway = "your.revad.org"
provider_domain = "your.revad.org"
external_reva_endpoint = "https://your.revad.org" # append here any route if applicable
efss_sciencemesh_endpoint = "https://your.efss.org/index.php/apps/sciencemesh/"
machine_api_key = "machine-api-key"
efss_shared_secret = "shared-secret"
efss_shared_secret = "shared-secret-1"

[http]
certfile = "/etc/revad/tls/your.revad.ssl.crt"
Expand All @@ -30,7 +35,7 @@ keyfile = "/etc/revad/tls/your.revad.ssl.key"
level = "debug"

[shared]
gatewaysvc = "{{ vars.provider_domain }}:19000"
gatewaysvc = "{{ vars.internal_gateway }}:19000"

[grpc.services.gateway]
address = ":19000"
Expand Down Expand Up @@ -88,7 +93,7 @@ auth_manager = "machine"

[grpc.services.authprovider.auth_managers.machine]
api_key = "{{ vars.machine_api_key }}"
gateway_addr = "{{ vars.provider_domain }}:19000"
gateway_addr = "{{ vars.internal_gateway }}:19000"

[[grpc.services.authprovider]]
auth_manager = "ocmshares"
Expand All @@ -113,6 +118,7 @@ driver = "nextcloud"
mount_id = "nextcloud"
expose_data_server = true
enable_home_creation = false
# TODO the following should be "https://{{ vars.internal_gateway}}:{{ http.services.dataprovider[0].address.port }}/data"
data_server_url = "https://your.revad.org:{{ http.services.dataprovider[0].address.port }}/data"

[grpc.services.storageprovider.drivers.nextcloud]
Expand All @@ -126,7 +132,7 @@ mount_id = "ocm"
mount_path = "/ocm"
expose_data_server = true
enable_home_creation = false
data_server_url = "https://your.revad.org:{{ http.services.dataprovider[1].address.port }}/data"
data_server_url = "{{ vars.external_reva_endpoint }}/data"

[grpc.services.storageprovider.drivers.ocmoutcoming]
machine_secret = "{{ vars.machine_api_key }}"
Expand All @@ -141,35 +147,43 @@ driver = "memory"
driver = "nextcloud"

[grpc.services.ocmcore.drivers.nextcloud]
host = "https://{{ vars.provider_domain }}/"
host = "{{ vars.external_reva_endpoint }}"
endpoint = "{{ vars.efss_sciencemesh_endpoint }}"
shared_secret = "{{ vars.efss_shared_secret }}"
mock_http = false

[grpc.services.ocminvitemanager]
# TODO the driver should become "nextcloud"
# TODO the driver should be "nextcloud" once it is implemented
driver = "json"
provider_domain = "{{ vars.provider_domain }}"

[grpc.services.ocmshareprovider]
driver = "nextcloud"
provider_domain = "{{ vars.provider_domain }}"
endpoint = "https://{{ vars.provider_domain }}/"
webdav_endpoint = "https://{{ vars.provider_domain }}/"
webdav_prefix = "https://{{ vars.provider_domain }}/remote.php/dav/files"
webdav_endpoint = "{{ vars.external_reva_endpoint }}"
webdav_prefix = "{{ vars.external_reva_endpoint }}/remote.php/dav/files"
# TODO the following should become {{ vars.external_reva_endpoint }}/external/{{.Token}}/...
webapp_template = "https://your.revad.org/external/sciencemesh/{{.Token}}/{relative-path-to-shared-resource}"

[grpc.services.ocmshareprovider.drivers.nextcloud]
webdav_host = "https://{{ vars.provider_domain }}/"
webdav_host = "{{ vars.external_reva_endpoint }}"
endpoint = "{{ vars.efss_sciencemesh_endpoint }}"
shared_secret = "{{ vars.efss_shared_secret }}"
mock_http = false
mount_id = "nextcloud"

[grpc.services.ocmproviderauthorizer]
driver = "json"
driver = "mentix"

[grpc.services.ocmproviderauthorizer.drivers.mentix]
url = "https://iop.sciencemesh.uni-muenster.de/iop/mentix/cs3"
verify_request_hostname = true
insecure = false
timeout = 10
refresh = 900

[grpc.services.ocmproviderauthorizer.drivers.json]
# this is used by the docker-based test deployment, not in production
providers = "providers.testnet.json"
verify_request_hostname = true

Expand Down Expand Up @@ -223,6 +237,7 @@ shared_secret = "{{ vars.efss_shared_secret }}"
mock_http = false

[[http.services.dataprovider]]
address = ":443"
driver = "ocmoutcoming"

[http.services.dataprovider.drivers.ocmoutcoming]
Expand All @@ -244,7 +259,7 @@ smtp_port = 25
address = ":443"
ocm_prefix = "ocm"
provider = "Reva for ownCloud/Nextcloud"
endpoint = "https://{{ vars.provider_domain }}"
endpoint = "{{ vars.external_reva_endpoint }}"
enable_webapp = true
enable_datatx = true

Expand Down
3 changes: 2 additions & 1 deletion tests/sciencemesh/scripts/reva-run.sh
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,12 @@ mkdir -p /revad/configs
cp /etc/revad/sciencemesh*.toml /revad/configs/
cp /etc/revad/providers.testnet.json /revad/configs/providers.testnet.json

# substitute placeholders with correct values.
# substitute placeholders and "external" values with valid ones for the testnet.
sed -i "s/your.revad.ssl/${HOST}/g" /revad/configs/sciencemesh*.toml
sed -i "s/your.revad.org/${HOST}.docker/g" /revad/configs/sciencemesh*.toml
sed -i "s/your.efss.org/${HOST//reva/}.docker/g" /revad/configs/sciencemesh.toml
sed -i "/^mesh_directory_url /s/=.*$/= 'https:\/\/meshdir\.docker\/meshdir'/" /revad/configs/sciencemesh.toml
sed -i "/ocmproviderauthorizer\]/{n;s/.*/driver = \"json\"/;}" /revad/configs/sciencemesh.toml

cp /etc/revad/tls/*.crt /usr/local/share/ca-certificates/
update-ca-certificates
Expand Down