From 2dbd6f3a35609e561b5aba309de89f1a461ffe1e Mon Sep 17 00:00:00 2001 From: Oleksander Piskun Date: Fri, 3 Jan 2025 14:52:08 +0200 Subject: [PATCH] (feat): Allow any docker network for HTTPS(remote) install type Signed-off-by: Oleksander Piskun --- .github/workflows/tests-deploy.yml | 119 +++++++++++++++++++++++++++- lib/DeployActions/DockerActions.php | 21 ++++- 2 files changed, 135 insertions(+), 5 deletions(-) diff --git a/.github/workflows/tests-deploy.yml b/.github/workflows/tests-deploy.yml index 50baf9d3..089e42eb 100644 --- a/.github/workflows/tests-deploy.yml +++ b/.github/workflows/tests-deploy.yml @@ -159,7 +159,7 @@ jobs: - name: Install AppAPI run: | - docker exec -w /var/www/html/apps nextcloud git clone https://github.com/cloud-py-api/${{ env.APP_NAME }}.git + docker exec -w /var/www/html/apps nextcloud git clone https://github.com/nextcloud${{ env.APP_NAME }}.git docker exec -w /var/www/html/apps/${{ env.APP_NAME }} nextcloud git fetch origin $GITHUB_REF docker exec -w /var/www/html/apps/${{ env.APP_NAME }} nextcloud git checkout FETCH_HEAD docker exec nextcloud sudo -u www-data php occ app:enable app_api @@ -238,7 +238,7 @@ jobs: - name: Install AppAPI run: | - docker exec -w /var/www/html/apps nextcloud git clone https://github.com/cloud-py-api/${{ env.APP_NAME }}.git + docker exec -w /var/www/html/apps nextcloud git clone https://github.com/nextcloud/${{ env.APP_NAME }}.git docker exec -w /var/www/html/apps/${{ env.APP_NAME }} nextcloud git fetch origin $GITHUB_REF docker exec -w /var/www/html/apps/${{ env.APP_NAME }} nextcloud git checkout FETCH_HEAD docker exec nextcloud sudo -u www-data php occ app:enable app_api @@ -295,6 +295,119 @@ jobs: path: nextcloud.log if-no-files-found: warn + nc-docker-dsp-https-bridge: + runs-on: ubuntu-22.04 + name: NC In Julius Docker(DSP-HTTPS-BRIDGE) • 🐘8.3 + env: + docker-image: ghcr.io/juliusknorr/nextcloud-dev-php83:master + + steps: + - name: Set app env + run: echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV + + - name: Create certificates + run: | + mkdir certs + openssl req -nodes -new -x509 -subj '/CN=host.docker.internal' -sha256 -keyout certs/privkey.pem -out certs/fullchain.pem -days 365000 > /dev/null 2>&1 + cat certs/fullchain.pem certs/privkey.pem | tee certs/cert.pem > /dev/null 2>&1 + + - name: Create containers + run: | + docker network create master_bridge + docker run -v /var/run/docker.sock:/var/run/docker.sock \ + -v `pwd`/certs/cert.pem:/certs/cert.pem \ + -e NC_HAPROXY_PASSWORD="some_secure_password" \ + -e EX_APPS_NET="ipv4@localhost" \ + --net host --name nextcloud-appapi-dsp -h nextcloud-appapi-dsp \ + --privileged -d ghcr.io/nextcloud/nextcloud-appapi-dsp:latest + docker run --net master_bridge --name nextcloud --rm -d ${{ env.docker-image }} + sleep 60s + hostname -I + docker exec nextcloud-appapi-dsp ip addr show | grep inet | awk '{print $2}' | cut -d/ -f1 + netstat -lntu + + - name: Install AppAPI + run: | + docker exec -w /var/www/html/apps nextcloud git clone https://github.com/nextcloud/${{ env.APP_NAME }}.git + docker exec -w /var/www/html/apps/${{ env.APP_NAME }} nextcloud git fetch origin $GITHUB_REF + docker exec -w /var/www/html/apps/${{ env.APP_NAME }} nextcloud git checkout FETCH_HEAD + docker exec nextcloud sudo -u www-data php occ app:enable app_api + docker cp ./certs/cert.pem nextcloud:/ + docker exec nextcloud sudo -u www-data php occ security:certificates:import /cert.pem + docker exec nextcloud sudo -u www-data php occ app_api:daemon:register \ + docker_by_port Docker docker-install https host.docker.internal:2375 http://nextcloud/index.php \ + --net=master_bridge --haproxy_password=some_secure_password + docker exec nextcloud sudo -u www-data php occ app_api:daemon:list + docker exec nextcloud sudo -u www-data php occ app_api:app:register app-skeleton-python docker_by_port \ + --info-xml https://raw.githubusercontent.com/nextcloud/app-skeleton-python/main/appinfo/info.xml + docker exec nextcloud sudo -u www-data php occ app_api:app:enable app-skeleton-python + + - name: Checking if ExApp container can access HTTPS DSP + run: | + docker exec nc_app_app-skeleton-python apt update + docker exec nc_app_app-skeleton-python apt install curl -y + docker exec nc_app_app-skeleton-python curl https://host.docker.internal:2375 + + - name: Disable ExApp + run: | + docker exec nextcloud sudo -u www-data php occ app_api:app:disable app-skeleton-python + + - name: Copy NC log to host + if: always() + run: docker cp nextcloud:/var/www/html/data/nextcloud.log nextcloud.log + + - name: Check logs + run: | + grep -q 'Hello from app-skeleton-python :)' nextcloud.log || error + grep -q 'Bye bye from app-skeleton-python :(' nextcloud.log || error + + - name: Save HaProxy logs + if: always() + run: docker logs nextcloud-appapi-dsp > haproxy.log 2>&1 + + - name: Save container info & logs + if: always() + run: | + docker inspect nc_app_app-skeleton-python | json_pp > container.json + docker logs nc_app_app-skeleton-python > container.log 2>&1 + + - name: Unregister Skeleton & Daemon + run: | + docker exec nextcloud sudo -u www-data php occ app_api:app:unregister app-skeleton-python + docker exec nextcloud sudo -u www-data php occ app_api:daemon:unregister docker_by_port + + - name: Upload HaProxy logs + if: always() + uses: actions/upload-artifact@v4 + with: + name: dsp_https_bridge_haproxy.log + path: haproxy.log + if-no-files-found: warn + + - name: Upload Container info + if: always() + uses: actions/upload-artifact@v4 + with: + name: dsp_https_bridge_container.json + path: container.json + if-no-files-found: warn + + - name: Upload Container logs + if: always() + uses: actions/upload-artifact@v4 + with: + name: dsp_https_bridge_container.log + path: container.log + if-no-files-found: warn + + - name: Upload NC logs + if: always() + uses: actions/upload-artifact@v4 + with: + name: dsp_https_bridge_nextcloud.log + path: nextcloud.log + if-no-files-found: warn + nc-docker-dsp-https: runs-on: ubuntu-22.04 name: NC In Julius Docker(DSP-HTTPS) • 🐘8.3 @@ -327,7 +440,7 @@ jobs: - name: Install AppAPI run: | - docker exec -w /var/www/html/apps nextcloud git clone https://github.com/cloud-py-api/${{ env.APP_NAME }}.git + docker exec -w /var/www/html/apps nextcloud git clone https://github.com/nextcloud/${{ env.APP_NAME }}.git docker exec -w /var/www/html/apps/${{ env.APP_NAME }} nextcloud git fetch origin $GITHUB_REF docker exec -w /var/www/html/apps/${{ env.APP_NAME }} nextcloud git checkout FETCH_HEAD docker exec nextcloud sudo -u www-data php occ app:enable app_api diff --git a/lib/DeployActions/DockerActions.php b/lib/DeployActions/DockerActions.php index 680abbf7..9b5dabac 100644 --- a/lib/DeployActions/DockerActions.php +++ b/lib/DeployActions/DockerActions.php @@ -82,7 +82,7 @@ public function deployExApp(ExApp $exApp, DaemonConfig $daemonConfig, array $par } } $this->exAppService->setAppDeployProgress($exApp, 96); - $result = $this->createContainer($dockerUrl, $imageId, $params['container_params']); + $result = $this->createContainer($dockerUrl, $imageId, $daemonConfig, $params['container_params']); if (isset($result['error'])) { return $result['error']; } @@ -282,7 +282,7 @@ private function buildExtendedImageName2(array $imageParams, DaemonConfig $daemo $imageParams['image_name'] . ':' . $imageParams['image_tag'] . '-' . $daemonConfig->getDeployConfig()['computeDevice']['id']; } - public function createContainer(string $dockerUrl, string $imageId, array $params = []): array { + public function createContainer(string $dockerUrl, string $imageId, DaemonConfig $daemonConfig, array $params = []): array { $createVolumeResult = $this->createVolume($dockerUrl, $this->buildExAppVolumeName($params['name'])); if (isset($createVolumeResult['error'])) { return $createVolumeResult; @@ -301,6 +301,23 @@ public function createContainer(string $dockerUrl, string $imageId, array $param 'Env' => $params['env'], ]; + // Exposing the ExApp's primary port when the installation type is remote and the network is not a "host" + if (($params['net'] !== 'host') && ($daemonConfig->getProtocol() === 'https')) { + $exAppMainPort = $params['port']; + $containerParams['ExposedPorts'] = [ + sprintf('%d/tcp', $exAppMainPort) => (object) [], + sprintf('%d/udp', $exAppMainPort) => (object) [], + ]; + $containerParams['HostConfig']['PortBindings'] = [ + sprintf('%d/tcp', $exAppMainPort) => [ + ['HostPort' => (string)$exAppMainPort, 'HostIp' => '127.0.0.1'] + ], + sprintf('%d/udp', $exAppMainPort) => [ + ['HostPort' => (string)$exAppMainPort, 'HostIp' => '127.0.0.1'] + ], + ]; + } + if (!in_array($params['net'], ['host', 'bridge'])) { $networkingConfig = [ 'EndpointsConfig' => [