add eos to makefile

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
owncloud · Mar 30, 2020 · 0a126cd · 0a126cd
1 parent 404fd1e
commit 0a126cd
Show file tree

Hide file tree

Showing 3 changed files with 195 additions and 1 deletion.
diff --git a/.gitignore b/.gitignore
@@ -5,3 +5,5 @@ coverage.out
 /hugo
 *.key
 *crt
+
+/eos-docker
diff --git a/Makefile b/Makefile
@@ -45,7 +45,7 @@ ifndef DATE
 	DATE := $(shell date -u '+%Y%m%d')
 endif
 
-LDFLAGS += -s -w -X "$(IMPORT)/pkg/version.String=$(VERSION)" -X "$(IMPORT)/pkg/version.Date=$(DATE)"
+LDFLAGS += -X "$(IMPORT)/pkg/version.String=$(VERSION)" -X "$(IMPORT)/pkg/version.Date=$(DATE)"
 GCFLAGS += all=-N -l
 
 .PHONY: all
@@ -153,3 +153,122 @@ docs: docs-copy docs-build
 .PHONY: watch
 watch:
 	go run github.com/cespare/reflex -c reflex.conf
+
+# -------------------------------------------------------------------------------
+# EOS related destinations
+# -------------------------------------------------------------------------------
+
+eos-docker:
+	git clone https://gitlab.cern.ch/eos/eos-docker.git
+
+eos-docker/scripts/start_services_ocis.sh: eos-docker
+	# TODO find a way to properly inject the following env vars into the container:
+	# EOS_UTF8=1 enables utf8 filenames
+	# EOS_NS_ACCOUNTING=1 enables dir size propagation
+	# EOS_SYNCTIME_ACCOUNTING=1 enables mtime propagation
+	#  - needs the sys.mtime.propagation=1 on a home dir, handled by the reva eos storage driver
+	#  - sys.allow.oc.sync=1 is not needed, it is an option for the eos built in webdav endpoint
+	# 1. -e: for now, we patch the start_services.sh and use that
+	# 2. -e: we need to expose the storageprovider ports whan running the docker containen
+	# TODO use port from address to open different ports, this currently only works for one client container
+	sed -e "s/--name eos-mgm1 --net/--name eos-mgm1 --env EOS_UTF8=1 --env EOS_NS_ACCOUNTING=1 --env EOS_SYNCTIME_ACCOUNTING=1 --net/" -e 's/--name $${CLIENTHOSTNAME} --net=eoscluster.cern.ch/--name $${CLIENTHOSTNAME} -p 9154:9154 -p 9155:9155 --net=eoscluster.cern.ch/' ./eos-docker/scripts/start_services.sh > ./eos-docker/scripts/start_services_ocis.sh
+	chmod +x ./eos-docker/scripts/start_services_ocis.sh
+
+.PHONY: eos-deploy
+eos-deploy: eos-docker/scripts/start_services_ocis.sh
+	# TODO keep eos up to date: see https://gitlab.cern.ch/dss/eos/tags
+	./eos-docker/scripts/start_services_ocis.sh -i gitlab-registry.cern.ch/dss/eos:4.7.5 -n 1 -q
+	# Install ldap packages
+	docker exec -i eos-mgm1 yum install -y nss-pam-ldapd nscd authconfig
+	docker exec -i eos-cli1 yum install -y nss-pam-ldapd nscd authconfig
+
+.PHONY: eos-setup
+eos-setup: eos-docker/scripts/start_services_ocis.sh
+	#Allow resolving uids against ldap
+	# 9125 is the ldap port, 9126 would be tls ... but self signed cert
+	# TODO check out the error message (ignoring for now ... still works): read LDAP host from env var, if not set fall back to docker host, in docker compose should be the ocis-glauth container because it contains guest accounts a well
+	export LDAP_HOST=`docker exec -it eos-mgm1 /sbin/ip route|awk '/default/ { print $$3 }'`; \
+	docker exec -i eos-mgm1 authconfig --enableldap --enableldapauth --ldapserver="`echo -n $$LDAP_HOST`:9125" --ldapbasedn="dc=example,dc=org" --update; \
+	docker exec -i eos-cli1 authconfig --enableldap --enableldapauth --ldapserver="`echo -n $$LDAP_HOST`:9125" --ldapbasedn="dc=example,dc=org" --update;
+
+	# setup users on mgm
+	#TODO Failed to get D-Bus connection: Operation not permitted\ngetsebool:  SELinux is disabled
+	docker exec -i eos-mgm1 sed -i "s/#binddn cn=.*/binddn cn=reva,ou=sysusers,dc=example,dc=org/" /etc/nslcd.conf
+	docker exec -i eos-mgm1 sed -i "s/#bindpw .*/bindpw reva/" /etc/nslcd.conf
+	# print the actual authconfig
+	docker exec -i eos-mgm1 authconfig --test
+	# start nslcd. you need to restart it if you change the ldap config
+	docker exec -i eos-mgm1 nslcd
+	# use unix accounts
+	docker exec -i eos-mgm1 eos vid set map -unix "<pwd>" vuid:0 vgid:0
+	# allow cli to create homes
+	docker exec -i eos-mgm1 eos vid add gateway eos-cli1
+	# krb not needed
+	docker exec -i eos-mgm1 eos vid disable krb5
+
+	# setup users on cli, same as for mgm
+	docker exec -i eos-cli1 sed -i "s/#binddn cn=.*/binddn cn=reva,ou=sysusers,dc=example,dc=org/" /etc/nslcd.conf
+	docker exec -i eos-cli1 sed -i "s/#bindpw .*/bindpw reva/" /etc/nslcd.conf
+	docker exec -i eos-cli1 nslcd
+
+	# create necessary lib link for ocis
+	docker exec -i eos-cli1 ln -s /lib64/ld-linux-x86-64.so.2 /lib
+
+.PHONY: eos-test
+eos-test:
+	# check we know the demo users
+	docker exec -i eos-mgm1 id einstein
+	docker exec -i eos-mgm1 id marie
+	docker exec -i eos-mgm1 id feynman
+
+.PHONY: eos-copy-ocis
+eos-copy-ocis: build
+	# copy the binary to the eos-cli1 container
+	docker cp ./bin/ocis eos-cli1:/usr/local/bin/ocis
+	docker cp ./bin/ocis-debug eos-cli1:/usr/local/bin/ocis-debug
+
+.PHONY: eos-ocis-storage-home
+eos-ocis-storage-home:
+	docker exec -i \
+	--env OCIS_LOG_LEVEL=debug \
+	--env REVA_STORAGE_HOME_DRIVER=eos \
+	--env REVA_STORAGE_EOS_NAMESPACE=/eos \
+	--env REVA_STORAGE_EOS_MASTER_URL="root://eos-mgm1.eoscluster.cern.ch:1094" \
+	--env REVA_STORAGE_EOS_ENABLE_HOME=true \
+	--env REVA_STORAGE_EOS_LAYOUT="dockertest/{{.Username}}" \
+	eos-cli1 ocis reva-storage-home &
+
+.PHONY: eos-ocis
+eos-ocis:
+	export OCIS_LOG_LEVEL=debug; \
+	bin/ocis micro & \
+	bin/ocis glauth & \
+	bin/ocis graph-explorer & \
+	bin/ocis graph & \
+	bin/ocis konnectd & \
+	bin/ocis phoenix & \
+	bin/ocis reva-auth-basic & \
+	bin/ocis reva-auth-bearer & \
+	bin/ocis reva-frontend & \
+	bin/ocis reva-gateway & \
+	bin/ocis reva-sharing & \
+	bin/ocis reva-storage-home-data & \
+	bin/ocis reva-storage-oc & \
+	bin/ocis reva-storage-oc-data & \
+	bin/ocis reva-storage-root & \
+	bin/ocis reva-users & \
+	bin/ocis proxy &
+	#bin/ocis reva-storage-home & # this is done by eos-ocis-storage-home
+
+
+.PHONY: eos-start
+eos-start: eos-deploy eos-setup eos-copy-ocis eos-ocis-storage-home eos-ocis
+
+.PHONY: eos-clean
+eos-clean:
+	rm eos-docker/scripts/start_services_ocis.sh
+
+.PHONY: eos-stop
+eos-stop: eos-docker
+	./eos-docker/scripts/shutdown_services.sh
+
diff --git a/docs/eos.md b/docs/eos.md
@@ -0,0 +1,73 @@
+---
+title: "EOS"
+date: 2020-02-27T20:35:00+01:00
+weight: 30
+geekdocRepo: https://github.com/owncloud/ocis
+geekdocEditPath: edit/master/docs
+geekdocFilePath: eos.md
+---
+
+{{< toc >}}
+
+OCIS can be configured to run on top of [eos](https://eos.web.cern.ch/). While the [eos documentation](http://eos-docs.web.cern.ch/) does cover a lot of topics it leaves out some details that you may have to either pull from various [docker containers](https://gitlab.cern.ch/eos/eos-docker), the [forums](https://eos-community.web.cern.ch/) or even the [source](https://github.com/cern-eos/eos) itself.
+
+This document is a work in progress of the current setup.
+
+## Current status
+
+Using ocis and eos it is possible today to manage folders. Sharing is [heavily](https://github.com/cs3org/reva/pull/523) [under](https://github.com/cs3org/reva/pull/585) [development](https://github.com/cs3org/reva/pull/482). FIle up and download needs proper configuration of the dataprovider to also use eos.
+
+## How to do it
+
+### Grab it!
+
+```
+$ git clone git@github.com:owncloud/ocis.git
+$ cd ocis
+```
+
+
+### Run it!
+
+We poured the nitty gritty details of setting up ocis into Makefile destinations. After running
+
+```
+$ make eos-start
+```
+
+the eos related docker containers will be created, started and setup to authenticate a gainst the ocis-glauth service.
+
+It will also copy the ocis binary tho the `eos-cli1` container and start `ocis reva-storage-home` with the necessary environment variables to use the eos storage driver.
+
+For details have a look at the `Makefile`.
+
+
+### Test it!
+
+You should now be able to point your browser to https://localhost:9200 and login using the demo user credentials, eg `einstein:relativity`.
+
+{{< hint info >}}
+If you encounter an error when the IdP redirects you back to phoenix, just reload the page and it should be gone ... or debug it. PR welcome!
+{{< /hint >}}
+
+Create a folder in the ui. Then check it was created in eos:
+
+```
+$ docker exec -it eos-mgm1 eos ls /eos/dockertest/einstein
+```
+
+Now create a new folder in eos (using eos-mgm1 you will be logged in as admin, see the `whoami`, which is why we `chown` the folder to the uid and gid of einstein afterwards):
+
+```
+$ docker exec -it eos-mgm1 eos whoami
+$ docker exec -it eos-mgm1 eos mkdir /eos/dockertest/einstein/rocks
+$ docker exec -it eos-mgm1 eos chown 20000:30000 /eos/dockertest/einstein/rocks
+```
+
+Check that the folder exists in the web ui.
+
+## Next steps
+
+- configure storage-home-data to enable file upload, PRs against `ocis-reva` welcome
+- get sharing implemented, PRs against `reva` welcome
+- simplify home logic, see https://github.com/cs3org/reva/issues/601 and https://github.com/cs3org/reva/issues/578