Commit Graph

75 Commits (fdc3d74958fb55b28d6671b1292d64d8d03926c5)

Author SHA1 Message Date
Evilham fdc3d74958
[saml] Rework SAML handling
This separates stages more efficiently, and we are e.g. able to
support newer versions of Nextcloud's SAML plugin.
2022-09-23 19:14:02 +02:00
Evilham ede83e1514
[moodle] Reduce unnecessary diff against upstream 2022-09-23 06:52:33 +02:00
Evilham 3ae974432a
[registry] Add dd-sso-admin as an image
This would be the first image that is already distributed directly
from the registry to improve setup and maintenance.
2022-09-22 12:48:13 +02:00
Evilham 3c53a5aead
[wp] Fix multisite installation
While there we also simplify DD by removing an the unnecessary wp-cli
container.
2022-09-22 12:40:31 +02:00
Evilham 7d7c2ddfcf
[containers] Add healthcheck for SSO redirections
This will help us catch issues in e.g. moodle, nextcloud and wp.
2022-09-22 11:52:15 +02:00
Evilham 397655232f
[dd-ctl] Moodle plugins install: reduce verbosity
This was polluting the logs making debugging difficult.
2022-09-06 19:37:29 +02:00
Evilham 66e009abff
[dd-ctl] Fix installation
By toying with the new CI we discover that:
Commit 075529f472 gets into an endless
loop:
    WARNING:root:Could not get moodle SAML2 crt certificate. Retrying...
See: https://ci.dd-work.space/#/builders/4/builds/62/steps/8/logs/stdio

But by reverting 52f99c38bb it works as
expected.
See: https://ci.dd-work.space/#/builders/4/builds/67/steps/8/logs/stdio

Upon investigation, we were not waiting for moodle to be fully up
because 'healthy' is a substring of 'unhealthy' and grep wasn't taking
that into account.
2022-09-06 19:35:23 +02:00
Evilham 08a36cce9f
[dd-ctl] Bundle up some docker commands
This ought to be faster and is easier to read.
2022-09-06 19:30:12 +02:00
Evilham 34761e028b
[sso-admin] Improve postup's idempotency
The class was only checking whether or not a specific token exists in
moodle, and it should ensure that it has access to the right permissions

Reported by:	@elena61
2022-09-06 19:29:37 +02:00
Evilham 075529f472
[haproxy] Remove leftovers, fix config selection
dd-apps/docker/haproxy seems to be a leftover and is not being used
anywhere.

Also fix the config selection for HAProxy.
2022-08-30 22:17:57 +02:00
Evilham 72f9d927e1
[haproxy] Support other HAProxy configurations
This can be used by setting up HAPROXY_CONF in dd.conf, which will
determine which config file will be used.

We also add haproxy.proxy-protocol.conf which is cleaner than
haproxy.conf and allows the PROXY protocol on certain ports.
With this setup it is possible to e.g. run DD without a public IPv4
address by proxying it from an edge server.
2022-08-30 20:47:42 +02:00
elena 993b5f0e24 fixed mysql-connector-python version. fixed mariadb conection user and pwd 2022-08-30 16:58:30 +02:00
Evilham 52f99c38bb
[shellcheck] Fix ShellCheck issues
Detected on the CI we are testing.
2022-08-30 14:41:19 +02:00
Evilham 5bb3afe2aa
[dd-ctl] Fix installations without docker
When we improved the update process, we introduced a deadlock when not
having docker.

By separating update from repo-update we can differentiate those cases:
- update: full update of an existing installation
- repo-update: bring repository to latest stand
2022-08-30 12:42:08 +02:00
Evilham 2d057ec6bc
[sso-admin] Fix regression on new installations
When introducing typing, we erroneously started passing an empty parent
Id instead of None, and the underlying Keycloak library failed to create
the groups.

Closes #15
2022-08-29 12:22:58 +02:00
Evilham 3f08973d7c
[wordpress] Reduce diff / upstream contribution
Now that https://github.com/keycloak/keycloak/pull/12966 has landed on
keycloak we can use that commit as a base for our file, therefore
reducing the resulting diff.
2022-08-29 12:08:42 +02:00
Jose Antonio Exposito Garcia b58e43f5d4 install package in worpdress docker for plugin gsite 2022-08-26 12:55:06 +00:00
Evilham 701be40cf5
[sso-admin] load svg from DOMAIN
This was previously using digitaldemocratic.net
2022-08-08 13:10:47 +02:00
Evilham c39f780cce
[dd.conf.sample] Document how MANAGED_EMAIL_DOMAIN 2022-08-08 12:19:26 +02:00
Evilham 519146a58f
[sso-admin] Fix bug in user_parser 2022-08-08 12:05:42 +02:00
Evilham 3fa0d48858
[dd-ctl] Adapt update subcommand with all actions
This way existing installations can just run ./dd-ctl update and have a
working environment with the latest version.
2022-08-08 11:58:04 +02:00
Evilham e3b1513725
[dd-ctl] [moodle] Do not use plugin dd.conf vars
This was a bad design choice since it doesn't allow us to easily manage
the intended plugin version and therefore keep them up to date.

As a short-term mechanism, we change the used variables to have the
_OVERRIDE suffix and default in dd-ctl to the actual URLs, while also
removing them from dd.conf.sample.

This solves the issue in both current and future installations; in a
near future we want to have these dependencies in a .tsv file where they
can easily be managed.
2022-08-08 11:42:28 +02:00
Evilham 80ff9cce22
[dd-ctl] [nc] forms plugin branch + occ upgrade
When installing / upgrading plugins it is often the case that occ
upgrade needs to run.
2022-08-08 11:40:57 +02:00
elena 151ddd5515 moodle plugins BBB and JITSI last version 2022-08-08 10:11:20 +02:00
Evilham f46162269e
[custom.sample] Apply x-net pink to sample files 2022-08-08 09:52:44 +02:00
Evilham 8309771a1c
[sso-avatars] Also use env var for minio container
From minio's documentation:
- MINIO_ACCESS_KEY and MINIO_SECRET_KEY are deprecated in lieu of
  MINIO_ROOT_USER and MINIO_ROOT_PASSWORD respectively
- In order to rotate secrets we only need to change
  MINIO_ROOT_{USER,PASSWORD}

Using this commit and the previous one affecting keycloak we can use
per-instance keys as opposed to the current state.
In order to achieve this, AVATARS_ACCESS_KEY and AVATARS_SECRET_KEY must
be set to the desired values.

The only guidelines as to how to generate ACCESS_KEY and SECRET_KEY are:

> Specify a unique, random, and long string for both the ACCESSKEY and
> SECRETKEY. Your organization may have specific internal or regulatory
> requirements around generating values for use with access or secret keys.

See:
- https://docs.min.io/minio/baremetal/reference/minio-server/minio-server.html#envvar.MINIO_ACCESS_KEY
- https://docs.min.io/minio/baremetal/security/minio-identity-management/user-management.html
2022-08-08 09:40:51 +02:00
Evilham 1ba5e51c41
bugfix in user_parser 2022-08-06 21:47:57 +02:00
Evilham 38d4e517b3
[sso-avatars] Actually use environment variables
This was needed because previously the DEFAULT_SERVER_URL was hardcoded
in the compiled keycloak module and that URL has changed.

For consistency sso-admin uses the same environment variables (except it
needs AVATARS_SERVER_HOST instead of AVATARS_SERVER_URL).
2022-08-06 21:47:35 +02:00
elena beb0350e9a Merge branch 'main' into develop 2022-08-05 15:42:57 +02:00
elena 6ad8df956e Merge branch 'develop' of https://gitlab.com/DD-workspace/DD into develop 2022-08-05 15:42:52 +02:00
elena bf0aeaf991 ADMIN: fix moodle db name 2022-08-05 15:42:27 +02:00
Evilham 7bcb222d18
[nc] user_saml: update to 5.0.2
We checked this works fine in multiple environments.

Reviewed with:	@elena61
2022-08-05 11:58:00 +02:00
elena 5c3967cbe6
variable format changed 2022-08-05 10:55:13 +02:00
elena 77342f6e8a
FIX: role changed on admin and on moodle 2022-08-05 10:55:11 +02:00
elena d9d9fc8ef0 variable format changed 2022-08-05 09:43:58 +02:00
Evilham 86baf7bd69
[sso-admin] Add compatibility keys in outgoing API 2022-08-04 14:42:17 +02:00
Evilham 822ed98ab4
[dd-sso-admin] bugfix and add tracing for 3p cbs 2022-08-04 14:05:02 +02:00
elena 8152d24b29 Merge branch 'main' into develop 2022-08-04 09:48:39 +02:00
Evilham 0eb8f5f549
[sso-admin] Fix issue when editing users
Co-written with:	@elena61
2022-08-04 09:24:37 +02:00
Xnet Xnet cb219ac87f Update README.md 2022-08-03 11:46:10 +00:00
elena 2830f8da46 Nextcloud - fix js line comments 2022-08-03 11:25:40 +02:00
elena 7392aeb0f2 Nextcloud fix theme name 2022-08-03 11:09:52 +02:00
Evilham 71237cabb6
[dd-ctl] Remove some docker calls 2022-08-03 10:29:25 +02:00
Evilham e07249a1cb
[dd-sso] Fix leftover old container names 2022-08-03 09:30:15 +02:00
Evilham cf05b9675c
[dd-sso] Fix minio issue and MailViews API
Email service sends a JSON with: {"config": {...}, "users": [...]}
2022-08-03 08:16:19 +02:00
Evilham d26df2779e
[nc] Add temporary queue processing from admin
This should run scripts every minute and delete them on correct execution.
2022-08-03 08:15:14 +02:00
Evilham ac66814947
[sso-admin] Fix permsissions for node_modules, ncq
node_modules needs proper permissions on image build and the Nextcloud
queue on run-time.

We also realised the user must be www-data for compatibility with the NC
image.
2022-08-01 23:04:39 +02:00
Evilham df29999e62
[sso-admin] Generate script for NC mail accounts
This must be executed from cron on dd-apps-nextcloud-app.
2022-08-01 14:32:51 +02:00
Evilham da52d322af
[sso-admin] Add cache decorator for python 3.7 2022-08-01 12:59:10 +02:00
Evilham 7bf216ef69
[sso-admin] Change container not to run as root 2022-08-01 12:47:30 +02:00