update reva and refactor config #657
Conversation
|
Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes. |
|
Interesting, the tests fail because of permissions errors: |
|
|
|
|
The problem is that the ocis driver checks the permissions. While the user is provided by the accounts service the |
|
Cool, it does: ocis/accounts/pkg/storage/cs3.go Line 226 in f10950d |
|
We could add a config option for the owner. I would prefer that over having a storage that can be added by anyone. But having a single user ID as the owner limits access to a single user... Which means we would have to share the credentials of that user with all services that want to use the metadata storage. We could use a map with It could be used to set the owner if a node has no owner set. Which still does not work for root. The storage could precreate these paths when it is initialized and set the owner. The map would be similar to the storage registry rules... |
|
hm, the account service is also trying to create accounts. but it fails: |
| @@ -206,12 +206,11 @@ func (r CS3Repo) DeleteGroup(ctx context.Context, id string) (err error) { | |||
|
|
|||
| func (r CS3Repo) authenticate(ctx context.Context) (token string, err error) { | |||
| u := &user.User{ | |||
| Id: &user.UserId{}, | |||
| Id: &user.UserId{ | |||
| OpaqueId: r.cfg.ServiceUser.UUID, | |||
There was a problem hiding this comment.
@kulmann we can always set the uuid ... if it is "" that is the same as this if magic ;-)
There was a problem hiding this comment.
It is not empty by default. It has a default UUID value in the flatset, so that it just works as soon as the username is provided. You're right, but it needs more change than this. ;-) Clear the default value for the UUID in the flagset and replace the checks on the username flag with checks on the uuid flag.
There was a problem hiding this comment.
yes it has a uuid, but before this change it would only set it if the username was also set ... but it is empty by default: https://github.com/owncloud/ocis/pull/657/files#diff-69d2327c70e84f0e2b037204de3ef8e3L212-L214
| // Protocol can be grpc or http | ||
| Protocol string | ||
| // URL is used by the gateway and registries (eg http://localhost:9100 or https://cloud.example.com) | ||
| URL string | ||
| // Endpoint is used by the gateway and registries (eg localhost:9100 or cloud.example.com) |
There was a problem hiding this comment.
this is the best I could come up with to distinguish addr, host, port and url ... an endpoint is a combination of a tcp host and a port ... try googling for it. the only two URLs are the public facing endpoints, which is why the are now called PublicURL
| @@ -42,7 +42,7 @@ func FrontendWithConfig(cfg *config.Config) []cli.Flag { | |||
| // this can eg. be set to /eos/users | |||
| &cli.StringFlag{ | |||
| Name: "dav-files-namespace", | |||
| Value: "/oc/", | |||
| Value: "/users/", | |||
There was a problem hiding this comment.
we no longer need to change this from /oc to eos because we onlyd change the driver of the users storage provider mounted at /users
| @@ -73,7 +88,15 @@ func StorageMetadata(cfg *config.Config) []cli.Flag { | |||
| flags = append(flags, DriverLocalWithConfig(cfg)...) | |||
| flags = append(flags, DriverOwnCloudWithConfig(cfg)...) | |||
| flags = append(flags, DriverOCISWithConfig(cfg)...) | |||
|
|
|||
| flags = append(flags, | |||
There was a problem hiding this comment.
@IljaN we need to append the storage-root to the end, otherwise the evaluation of the config flags for the drivers will overwrite the default that was written into &cfg.Reva.Storages.Common.Root.
| }, | ||
|
|
||
| &cli.StringFlag{ | ||
| Name: "mount-path", | ||
| Value: "/public/", | ||
| Value: "/public", |
There was a problem hiding this comment.
@refs double check if public links work. I also updated the registry to use a path without slash, like the other mountpoints: https://github.com/owncloud/ocis/pull/657/files?file-filters%5B%5D=.go#diff-76cf344e66e9654cf08805e489b5d6c2R230
| @@ -20,55 +20,48 @@ func UsersWithConfig(cfg *config.Config) []cli.Flag { | |||
|
|
|||
| // Services | |||
|
|
|||
| // Users | |||
| // Userprovider | |||
There was a problem hiding this comment.
I renamed the STORAGE_USERS prefix for the userprovider service to STORAGE_USERPROVIDER, this way I could use STORAGE_USERS for the storage provider mounted at /users
butonic
force-pushed
the
rename-storages
branch
from
43668da
to
505f737
Compare
|
Oh I can push changes to |
|
After renaming the environment variables the eos setup worked. |
C0rby
force-pushed
the
rename-storages
branch
from
14e8c76
to
72b86f0
Compare
| Name: "data-server-url", | ||
| Value: "http://localhost:9164/data", | ||
| Usage: "data server url", | ||
| EnvVars: []string{"STORAGE_STORAGE_OC_DATA_SERVER_URL"}, |
There was a problem hiding this comment.
There was a problem hiding this comment.
Yes, the storages got streamlined so there is no OC storage anymore.
| Name: "temp-folder", | ||
| Value: "/var/tmp/", | ||
| Usage: "temp folder", | ||
| EnvVars: []string{"STORAGE_STORAGE_OC_DATA_TEMP_FOLDER"}, |
There was a problem hiding this comment.
There was a problem hiding this comment.
Yes, the storages got streamlined so there is no OC storage anymore.
| Name: "temp-folder", | ||
| Value: "/var/tmp/", | ||
| Usage: "temp folder", | ||
| EnvVars: []string{"STORAGE_STORAGE_HOME_DATA_TEMP_FOLDER"}, |
There was a problem hiding this comment.
There was a problem hiding this comment.
Yes, this configuration option does not exist anymore.
| Name: "driver", | ||
| Value: "owncloud", | ||
| Usage: "storage driver for oc mount: eg. local, eos, owncloud, ocis or s3", | ||
| EnvVars: []string{"STORAGE_STORAGE_OC_DRIVER"}, |
There was a problem hiding this comment.
There was a problem hiding this comment.
Yes, the storages got streamlined so there is no OC storage anymore.
| Name: "driver", | ||
| Value: "owncloud", | ||
| Usage: "storage driver for oc data mount: eg. local, eos, owncloud, ocis or s3", | ||
| EnvVars: []string{"STORAGE_STORAGE_OC_DATA_DRIVER"}, |
There was a problem hiding this comment.
There was a problem hiding this comment.
Yes, the storages got streamlined so there is no OC storage anymore.
| Name: "driver", | ||
| Value: "owncloud", | ||
| Usage: "storage driver for home data mount: eg. local, eos, owncloud, ocis or s3", | ||
| EnvVars: []string{"STORAGE_STORAGE_HOME_DATA_DRIVER"}, |
There was a problem hiding this comment.
There was a problem hiding this comment.
This option does not exist anymore.
I currently don't know why but locally before renaming the service would always shutdown prematurely Signed-off-by: David Christofas <[email protected]>
Signed-off-by: David Christofas <[email protected]>
Signed-off-by: David Christofas <[email protected]>
…id mapping Signed-off-by: David Christofas <[email protected]>
Signed-off-by: David Christofas <[email protected]>
Signed-off-by: David Christofas <[email protected]>
Signed-off-by: David Christofas <[email protected]>
Signed-off-by: David Christofas <[email protected]>
Signed-off-by: David Christofas <[email protected]>
Signed-off-by: David Christofas <[email protected]>
Signed-off-by: David Christofas <[email protected]>
Signed-off-by: David Christofas <[email protected]>
Signed-off-by: David Christofas <[email protected]>
C0rby
force-pushed
the
rename-storages
branch
2 times, most recently
from
5fe9109
to
3c28fda
Compare
|
Oh ffs... now |
Signed-off-by: David Christofas <[email protected]>
C0rby
force-pushed
the
rename-storages
branch
from
3c28fda
to
63eede3
Compare
|
Oh I hope it'll work. |
accessible through the reva data gateway
|
Kudos, SonarCloud Quality Gate passed!
|
butonic
changed the title
|
🥳 |
this pr tries to clarify the storage provider setup and configuration for the ocis storage extension
update to latest reva
reduce driver specific config to /home, /user, /public storages and the metadata storage which is not accessible using the gateway
use ocis driver
requires ocis: allow setting owner of root cs3org/reva#1225, especially cs3org/reva@b93bc82 which fixes bugs that allow the accounts service to provision accounts when using the ocis driver
with ocis: allow setting owner of root cs3org/reva#1225 the accounts service can create /meta/accounts ...
however the default users don't seem to be created in there, which causes subsequent logins to fail because the system users for konnectd and reva don't exist ... noone can login. AFAICT the accounts service needs to create the default accounts.fixed with cs3org/reva@b93bc82for eos - and this is untested - the only thing that should be necessary is setting
STORAGE_HOME_DRIVER=eoshomeandSTORAGE_USERS_DRIVER=eos. But since the docker compose starts all services at once we need to useocisto stop and start the home and user storages:The storages now start a dataprovider with the same driver, so an additional config for them is no longer necessary. Unfortunately, testing this is currently not possible because the reva user used by eos to access ldap ... does not exist when the new account service backend has not created the users ... this might also be related to ldap support not working.
🤔
I think there is a problem with the ldap setup step. https://github.com/owncloud-docker/eos-stack/blob/de26692b6d6544620b948fa8212a4fa57455ae1d/eos-ocis-dev/start-ldap#L10-L11 requires an LDAP_BINDDN ... which to be honest I have no clue how it is set because in all the owncloud orga we are not setting it for eos. even in owncloud-docker where https://github.com/owncloud-docker/compose-playground/blob/c563391876ed63b52ab2960df025947d4788a7fe/examples/eos-compose-acceptance-tests/docker-compose.yml#L91 looks most promising I assume it was intended for konnectd ...
but how did resolving users in the docker container with
id einsteinever work ... 🤔 ... because we were not checking the credentials in glauth ... or accounts?? ... 🤪IN any case I think we need to tell eos to use the LDAP_BINDDN and LDAP_BINDBW that match the accounts service user ...
95cb8724-03b2-11eb-a0a6-c33ef8ef53adand we should probably configure it by default ... currently it is empty...AFAICT this is good on its own but other wheels need fixing ...