Skip to content

Commit

Permalink
commit f9e1b7b
Browse files Browse the repository at this point in the history 
Merge: 4b9215b 3086102
Author: Michael Barz <mbarz@owncloud.com>
Date:   Thu Oct 8 13:16:22 2020 +0200

    Merge pull request #649 from butonic/glauth-fallback-backend

    add glauth fallback backend
  • Loading branch information
@micbar
micbar committed Oct 8, 2020
1 parent f585fed commit fc0f163
Show file tree
Hide file tree
Showing 6 changed files with 389 additions and 649 deletions.
6 changes: 2 additions & 4 deletions extensions/glauth/_index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,6 @@ geekdocEditPath: edit/master/docs/extensions/glauth
geekdocFilePath: _index.md
---

This service provides a simple glauth world API which can be used by clients or other extensions.
This service provides a [glauth](https://github.com/glauth/glauth) based LDAP proxy for ocis which can be used by clients or other extensions. It allows applications relying on LDAP to access the accounts stored in the ocis accounts service. It can be used to make firewalls or identity providers aware of all users, including guest accounts.

- reiner proxy
ldap für eos und firewall
- backend ist der accounts service
We are using it to make eos aware of all accounts so the native ACLs can be used to persist share information in the storage.
262 changes: 2 additions & 260 deletions extensions/glauth/getting-started.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,264 +9,6 @@ geekdocFilePath: getting-started.md

{{< toc >}}

## Installation
## Configuration Tips

So far we are offering two different variants for the installation. You can choose between [Docker](https://www.docker.com/) or pre-built binaries which are stored on our download mirrors and GitHub releases. Maybe we will also provide system packages for the major distributions later if we see the need for it.

### Docker

TBD

### Binaries

TBD

## Configuration

We provide overall three different variants of configuration. The variant based on environment variables and commandline flags are split up into global values and command-specific values.

### Envrionment variables

If you prefer to configure the service with environment variables you can see the available variables below.

#### Global

GLAUTH_CONFIG_FILE
: Path to config file, empty default value

GLAUTH_LOG_LEVEL
: Set logging level, defaults to `info`

GLAUTH_LOG_COLOR
: Enable colored logging, defaults to `true`

GLAUTH_LOG_PRETTY
: Enable pretty logging, defaults to `true`

#### Server

GLAUTH_TRACING_ENABLED
: Enable sending traces, defaults to `false`

GLAUTH_TRACING_TYPE
: Tracing backend type, defaults to `jaeger`

GLAUTH_TRACING_ENDPOINT
: Endpoint for the agent, empty default value

GLAUTH_TRACING_COLLECTOR
: Endpoint for the collector, empty default value

GLAUTH_TRACING_SERVICE
: Service name for tracing, defaults to `glauth`

GLAUTH_DEBUG_ADDR
: Address to bind debug server, defaults to `0.0.0.0:9124`

GLAUTH_DEBUG_TOKEN
: Token to grant metrics access, empty default value

GLAUTH_DEBUG_PPROF
: Enable pprof debugging, defaults to `false`

GLAUTH_DEBUG_ZPAGES
: Enable zpages debugging, defaults to `false`

GLAUTH_HTTP_ADDR
: Address to bind http server, defaults to `0.0.0.0:9120`

GLAUTH_HTTP_NAMESPACE
: The http namespace

GLAUTH_HTTP_ROOT
: Root path of http server, defaults to `/`

#### Health

GLAUTH_DEBUG_ADDR
: Address to debug endpoint, defaults to `0.0.0.0:9124`

### Commandline flags

If you prefer to configure the service with commandline flags you can see the available variables below.

#### Global

--config-file
: Path to config file, empty default value

--log-level
: Set logging level, defaults to `info`

--log-color
: Enable colored logging, defaults to `true`

--log-pretty
: Enable pretty logging, defaults to `true`

#### Server

--tracing-enabled
: Enable sending traces, defaults to `false`

--tracing-type
: Tracing backend type, defaults to `jaeger`

--tracing-endpoint
: Endpoint for the agent, empty default value

--tracing-collector
: Endpoint for the collector, empty default value

--tracing-service
: Service name for tracing, defaults to `glauth`

--debug-addr
: Address to bind debug server, defaults to `0.0.0.0:9124`

--debug-token
: Token to grant metrics access, empty default value

--debug-pprof
: Enable pprof debugging, defaults to `false`

--debug-zpages
: Enable zpages debugging, defaults to `false`

--http-addr
: Address to bind http server, defaults to `0.0.0.0:9120`

--http-namespace
: Namespace for internal services communication, defaults to `com.owncloud.web`

--http-root
: Root path of http server, defaults to `/`

#### Health

--debug-addr
: Address to debug endpoint, defaults to `0.0.0.0:9124`

### Configuration file

So far we support the file formats `JSON` and `YAML`, if you want to get a full example configuration just take a look at [our repository](https://github.com/owncloud/ocis/glauth/tree/master/config), there you can always see the latest configuration format. These example configurations include all available options and the default values. The configuration file will be automatically loaded if it's placed at `/etc/ocis/glauth.yml`, `${HOME}/.ocis/glauth.yml` or `$(pwd)/config/glauth.yml`.

## Usage

The program provides a few sub-commands on execution. The available configuration methods have already been mentioned above. Generally you can always see a formated help output if you execute the binary via `ocis-glauth --help`.

### Server

The server command is used to start the http and debug server on two addresses within a single process. The http server is serving the general webservice while the debug server is used for health check, readiness check and to server the metrics mentioned below. For further help please execute:

{{< highlight txt >}}
ocis-glauth server --help
{{< / highlight >}}

### Health

The health command is used to execute a health check, if the exit code equals zero the service should be up and running, if the exist code is greater than zero the service is not in a healthy state. Generally this command is used within our Docker containers, it could also be used within Kubernetes.

{{< highlight txt >}}
ocis-glauth health --help
{{< / highlight >}}

## Metrics

This service provides some [Prometheus](https://prometheus.io/) metrics through the debug endpoint, you can optionally secure the metrics endpoint by some random token, which got to be configured through one of the flag `--debug-token` or the environment variable `GLAUTH_DEBUG_TOKEN` mentioned above. By default the metrics endpoint is bound to `http://0.0.0.0:9124/metrics`.

go_gc_duration_seconds
: A summary of the GC invocation durations

go_gc_duration_seconds_sum
: A summary of the GC invocation durations

go_gc_duration_seconds_count
: A summary of the GC invocation durations

go_goroutines
: Number of goroutines that currently exist

go_info
: Information about the Go environment

go_memstats_alloc_bytes
: Number of bytes allocated and still in use

go_memstats_alloc_bytes_total
: Total number of bytes allocated, even if freed

go_memstats_buck_hash_sys_bytes
: Number of bytes used by the profiling bucket hash table

go_memstats_frees_total
: Total number of frees

go_memstats_gc_cpu_fraction
: The fraction of this program's available CPU time used by the GC since the program started

go_memstats_gc_sys_bytes
: Number of bytes used for garbage collection system metadata

go_memstats_heap_alloc_bytes
: Number of heap bytes allocated and still in use

go_memstats_heap_idle_bytes
: Number of heap bytes waiting to be used

go_memstats_heap_inuse_bytes
: Number of heap bytes that are in use

go_memstats_heap_objects
: Number of allocated objects

go_memstats_heap_released_bytes
: Number of heap bytes released to OS

go_memstats_heap_sys_bytes
: Number of heap bytes obtained from system

go_memstats_last_gc_time_seconds
: Number of seconds since 1970 of last garbage collection

go_memstats_lookups_total
: Total number of pointer lookups

go_memstats_mallocs_total
: Total number of mallocs

go_memstats_mcache_inuse_bytes
: Number of bytes in use by mcache structures

go_memstats_mcache_sys_bytes
: Number of bytes used for mcache structures obtained from system

go_memstats_mspan_inuse_bytes
: Number of bytes in use by mspan structures

go_memstats_mspan_sys_bytes
: Number of bytes used for mspan structures obtained from system

go_memstats_next_gc_bytes
: Number of heap bytes when next garbage collection will take place

go_memstats_other_sys_bytes
: Number of bytes used for other system allocations

go_memstats_stack_inuse_bytes
: Number of bytes in use by the stack allocator

go_memstats_stack_sys_bytes
: Number of bytes obtained from system for stack allocator

go_memstats_sys_bytes
: Number of bytes obtained from system

go_threads
: Number of OS threads created

promhttp_metric_handler_requests_in_flight
: Current number of scrapes being served

promhttp_metric_handler_requests_total
: Total number of scrapes by HTTP status code
The default setup does not use a fallback backend. It can be enabled by setting the `GLAUTH_FALLBACK_DATASTORE` environment variable. When using `owncloud` make sure to use the full URL to the [ownCloud 10 graph api app](https://github.com/owncloud/graphapi) endpoint, eg.: `GLAUTH_FALLBACK_SERVERS="https://demo.owncloud.com/apps/graphapi/v1.0"`
2 changes: 1 addition & 1 deletion extensions/konnectd/configuration.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
---
title: "Configuration"
date: "2020-10-08T10:22:36+0000"
date: "2020-10-08T11:30:01+0000"
weight: 20
geekdocRepo: https://github.com/owncloud/ocis-konnectd
geekdocEditPath: edit/master/docs
Expand Down
44 changes: 22 additions & 22 deletions extensions/proxy/configuration.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
---
title: "Configuration"
date: "2020-10-08T10:22:39+0000"
date: "2020-10-08T11:30:04+0000"
weight: 20
geekdocRepo: https://github.com/owncloud/ocis-proxy
geekdocEditPath: edit/master/docs
Expand Down Expand Up @@ -57,6 +57,27 @@ Usage: `ocis-proxy [global options] command [command options] [arguments...]`

## Sub Commands

### ocis-proxy health

Check health status

Usage: `ocis-proxy health [command options] [arguments...]`

--debug-addr | $PROXY_DEBUG_ADDR
: Address to debug endpoint. Default: `0.0.0.0:9109`.

### ocis-proxy version

Print the versions of the running instances

Usage: `ocis-proxy version [command options] [arguments...]`

--service-namespace | $PROXY_SERVICE_NAMESPACE
: Set the base namespace for the service namespace. Default: `com.owncloud.web`.

--service-name | $PROXY_SERVICE_NAME
: Service name. Default: `proxy`.

### ocis-proxy server

Start integrated server
Expand Down Expand Up @@ -129,24 +150,3 @@ Usage: `ocis-proxy server [command options] [arguments...]`
--autoprovision-accounts | $PROXY_AUTOPROVISION_ACCOUNTS
: create accounts from OIDC access tokens to learn new users. Default: `false`.

### ocis-proxy health

Check health status

Usage: `ocis-proxy health [command options] [arguments...]`

--debug-addr | $PROXY_DEBUG_ADDR
: Address to debug endpoint. Default: `0.0.0.0:9109`.

### ocis-proxy version

Print the versions of the running instances

Usage: `ocis-proxy version [command options] [arguments...]`

--service-namespace | $PROXY_SERVICE_NAMESPACE
: Set the base namespace for the service namespace. Default: `com.owncloud.web`.

--service-name | $PROXY_SERVICE_NAME
: Service name. Default: `proxy`.

Loading

0 comments on commit fc0f163

Please sign in to comment.