diff --git a/static/env-vars/activitylog.yaml b/static/env-vars/activitylog.yaml index 7241a2df..b2bdf545 100644 --- a/static/env-vars/activitylog.yaml +++ b/static/env-vars/activitylog.yaml @@ -1,11 +1,6 @@ # Autogenerated # Filename: activitylog.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" log: level: "" pretty: false diff --git a/static/env-vars/activitylog_configvars.md b/static/env-vars/activitylog_configvars.md index aad2f438..d3e04384 100644 --- a/static/env-vars/activitylog_configvars.md +++ b/static/env-vars/activitylog_configvars.md @@ -2,10 +2,6 @@ Environment variables for the **activitylog** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|:---| -|`OC_TRACING_ENABLED`
`ACTIVITYLOG_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`ACTIVITYLOG_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`ACTIVITYLOG_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`ACTIVITYLOG_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| |`OC_LOG_LEVEL`
`ACTIVITYLOG_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| |`OC_LOG_PRETTY`
`ACTIVITYLOG_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| |`OC_LOG_COLOR`
`ACTIVITYLOG_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| @@ -43,5 +39,5 @@ Environment variables for the **activitylog** service |`OC_DEFAULT_LANGUAGE`| 1.0.0 |string|`The default language used by services and the WebUI. If not defined, English will be used as default. See the documentation for more details.`|`en`| |`OC_SERVICE_ACCOUNT_ID`
`ACTIVITYLOG_SERVICE_ACCOUNT_ID`| 1.0.0 |string|`The ID of the service account the service should use. See the 'auth-service' service description for more details.`|``| |`OC_SERVICE_ACCOUNT_SECRET`
`ACTIVITYLOG_SERVICE_ACCOUNT_SECRET`| 1.0.0 |string|`The service account secret.`|``| -|`ACTIVITYLOG_WRITE_BUFFER_DURATION`| next |Duration|`The duration to wait before flushing the write buffer. This is used to reduce the number of writes to the store.`|`10s`| -|`ACTIVITYLOG_MAX_ACTIVITIES`| next |int|`The maximum number of activities to keep in the store per resource. If the number of activities exceeds this value, the oldest activities will be removed.`|`6000`| +|`ACTIVITYLOG_WRITE_BUFFER_DURATION`| 4.0.0 |Duration|`The duration to wait before flushing the write buffer. This is used to reduce the number of writes to the store.`|`10s`| +|`ACTIVITYLOG_MAX_ACTIVITIES`| 4.0.0 |int|`The maximum number of activities to keep in the store per resource. If the number of activities exceeds this value, the oldest activities will be removed.`|`6000`| diff --git a/static/env-vars/activitylog_readme.md b/static/env-vars/activitylog_readme.md index 108eed5d..f80fc09e 100644 --- a/static/env-vars/activitylog_readme.md +++ b/static/env-vars/activitylog_readme.md @@ -1,6 +1,6 @@ --- title: Activitylog -date: 2025-11-13T17:22:55.092232+01:00 +date: 2025-11-27T22:56:02.331192+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/activitylog diff --git a/static/env-vars/antivirus.yaml b/static/env-vars/antivirus.yaml index 9f0249b3..43a9d201 100644 --- a/static/env-vars/antivirus.yaml +++ b/static/env-vars/antivirus.yaml @@ -12,11 +12,6 @@ debug: token: "" pprof: false zpages: false -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" infected-file-handling: delete events: endpoint: 127.0.0.1:9233 diff --git a/static/env-vars/antivirus_configvars.md b/static/env-vars/antivirus_configvars.md index d0f6703e..092c14d0 100644 --- a/static/env-vars/antivirus_configvars.md +++ b/static/env-vars/antivirus_configvars.md @@ -10,10 +10,6 @@ Environment variables for the **antivirus** service |`ANTIVIRUS_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| |`ANTIVIRUS_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| |`ANTIVIRUS_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`OC_TRACING_ENABLED`
`ANTIVIRUS_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`ANTIVIRUS_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`ANTIVIRUS_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`ANTIVIRUS_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| |`ANTIVIRUS_INFECTED_FILE_HANDLING`| 1.0.0 |string|`Defines the behaviour when a virus has been found. Supported options are: 'delete', 'continue' and 'abort '. Delete will delete the file. Continue will mark the file as infected but continues further processing. Abort will keep the file in the uploads folder for further admin inspection and will not move it to its final destination.`|`delete`| |`OC_EVENTS_ENDPOINT`
`ANTIVIRUS_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|`127.0.0.1:9233`| |`OC_EVENTS_CLUSTER`
`ANTIVIRUS_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|`opencloud-cluster`| diff --git a/static/env-vars/antivirus_readme.md b/static/env-vars/antivirus_readme.md index 6fd10596..8ca479e5 100644 --- a/static/env-vars/antivirus_readme.md +++ b/static/env-vars/antivirus_readme.md @@ -1,6 +1,6 @@ --- title: Antivirus -date: 2025-11-13T17:22:55.092547+01:00 +date: 2025-11-27T22:56:02.331592+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/antivirus diff --git a/static/env-vars/app-provider.yaml b/static/env-vars/app-provider.yaml index eb29648d..8e19ea51 100644 --- a/static/env-vars/app-provider.yaml +++ b/static/env-vars/app-provider.yaml @@ -1,11 +1,6 @@ # Autogenerated # Filename: app-provider.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" log: level: "" pretty: false diff --git a/static/env-vars/app-provider_configvars.md b/static/env-vars/app-provider_configvars.md index 3d975d82..ae45b515 100644 --- a/static/env-vars/app-provider_configvars.md +++ b/static/env-vars/app-provider_configvars.md @@ -3,10 +3,6 @@ Environment variables for the **app-provider** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|:---| |`APP_PROVIDER_SERVICE_NAME`| 1.0.0 |string|`The name of the service. This needs to be changed when using more than one app provider. Each app provider configured needs to be identified by a unique service name. Possible examples are: 'app-provider-collabora', 'app-provider-onlyoffice', 'app-provider-office365'.`|`app-provider`| -|`OC_TRACING_ENABLED`
`APP_PROVIDER_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`APP_PROVIDER_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`APP_PROVIDER_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`APP_PROVIDER_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| |`OC_LOG_LEVEL`
`APP_PROVIDER_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| |`OC_LOG_PRETTY`
`APP_PROVIDER_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| |`OC_LOG_COLOR`
`APP_PROVIDER_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| diff --git a/static/env-vars/app-provider_readme.md b/static/env-vars/app-provider_readme.md index e7d88d64..c3424bc2 100644 --- a/static/env-vars/app-provider_readme.md +++ b/static/env-vars/app-provider_readme.md @@ -1,6 +1,6 @@ --- -title: Antivirus -date: 2025-11-12T11:19:19.198072+01:00 +title: App Provider +date: 2025-11-27T22:56:02.331696+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/app-provider @@ -13,97 +13,29 @@ geekdocCollapseSection: true ## Abstract -The `antivirus` service is responsible for scanning files for viruses. +The `app-provider` service provides the CS3 App Provider API for OpenCloud. It is responsible for managing and serving applications that can open files based on their MIME types. + +The service works in conjunction with the `app-registry` service, which maintains the registry of available applications and their supported MIME types. When a client requests to open a file with a specific application, the `app-provider` service handles the request and coordinates with the application to provide the appropriate interface. ## Table of Contents -* [Memory Considerations](#memory-considerations) +* [Integration](#integration) * [Configuration](#configuration) - * [Antivirus Scanner Type](#antivirus-scanner-type) - * [Maximum Scan Size](#maximum-scan-size) - * [Antivirus Workers](#antivirus-workers) - * [Infected File Handling](#infected-file-handling) - * [Scanner Inaccessibility](#scanner-inaccessibility) -* [Operation Modes](#operation-modes) - * [Postprocessing](#postprocessing) - * [Scaling in Kubernetes](#scaling-in-kubernetes) - -## Memory Considerations - -The antivirus service can consume considerable amounts of memory. -This is relevant to provide or define sufficient memory for the deployment selected. -To avoid out of memory (OOM) situations, the following equation gives a rough overview based on experiences made. -The memory calculation comes without any guarantee, is intended as overview only and subject of change. +* [Scalability](#scalability) -`memory limit` = `max file size` x `workers` x `factor 8 - 14` +## Integration -With: -`ANTIVIRUS_WORKERS` == 1 -```plaintext - 50MB file --> factor 14 --> 700MB memory -844MB file --> factor 8,3 --> 7GB memory -``` +The `app-provider` service integrates with: +- `app-registry` - For discovering which applications are available for specific MIME types +- `frontend` - The frontend service forwards app provider requests (default endpoint `/app`) to this service ## Configuration -### Antivirus Scanner Type - -The antivirus service currently supports [ICAP](https://tools.ietf.org/html/rfc3507) and [ClamAV](http://www.clamav.net/index.html) as antivirus scanners. -The `ANTIVIRUS_SCANNER_TYPE` environment variable is used to select the scanner. -The detailed configuration for each scanner heavily depends on the scanner type selected. -See the environment variables for more details. - - - For `icap`, only scanners using the `X-Infection-Found` header are currently supported. - - For `clamav` only local sockets can currently be configured. - -### Maximum Scan Size - -Several factors can make it necessary to limit the maximum filesize the antivirus service uses for scanning. -Use the `ANTIVIRUS_MAX_SCAN_SIZE` environment variable to scan only a given number of bytes, -or to skip the whole resource. - -Even if it's recommended to scan the whole file, several factors like scanner type and version, -bandwidth, performance issues, etc. might make a limit necessary. - -In such cases, the antivirus the max scan size mode can be handy, the following modes are available: - - - `partial`: The file is scanned up to the given size. The rest of the file is not scanned. This is the default mode `ANTIVIRUS_MAX_SCAN_SIZE=partial` - - `skip`: The file is skipped and not scanned. `ANTIVIRUS_MAX_SCAN_SIZE=skip` - -**IMPORTANT** -> Streaming of files to the virus scan service still [needs to be implemented](https://github.com/owncloud/ocis/issues/6803). -> To prevent OOM errors `ANTIVIRUS_MAX_SCAN_SIZE` needs to be set lower than available ram and or the maximum file size that can be scanned by the virus scanner. - -### Antivirus Workers - -The number of concurrent scans can be increased by setting `ANTIVIRUS_WORKERS`. Be aware that this will also increase memory usage. - -### Infected File Handling - -The antivirus service allows three different ways of handling infected files. Those can be set via the `ANTIVIRUS_INFECTED_FILE_HANDLING` environment variable: - - - `delete`: (default): Infected files will be deleted immediately, further postprocessing is cancelled. - - `abort`: (advanced option): Infected files will be kept, further postprocessing is cancelled. Files can be manually retrieved and inspected by an admin. To identify the file for further investigation, the antivirus service logs the abort/infected state including the file ID. The file is located in the `storage/users/uploads` folder of the OpenCloud data directory and persists until it is manually deleted by the admin via the [Manage Unfinished Uploads](https://github.com/opencloud-eu/opencloud/tree/main/services/storage-users#manage-unfinished-uploads) command. - - `continue`: (not recommended): Infected files will be marked via metadata as infected, but postprocessing continues normally. Note: Infected Files are moved to their final destination and therefore not prevented from download, which includes the risk of spreading viruses. - -In all cases, a log entry is added declaring the infection and handling method and a notification via the `userlog` service sent. - -### Scanner Inaccessibility - -In case a scanner is not accessible by the antivirus service like a network outage, service outage or hardware outage, the antivirus service uses the `abort` case for further processing, independent of the actual setting made. In any case, an error is logged noting the inaccessibility of the scanner used. - -## Operation Modes - -The antivirus service can scan files during `postprocessing`. `on demand` scanning is currently not available and might be added in a future release. - -### Postprocessing - -The antivirus service will scan files during postprocessing. It listens for a postprocessing step called `virusscan`. This step can be added in the environment variable `POSTPROCESSING_STEPS`. Read the documentation of the [postprocessing service](https://github.com/opencloud-eu/opencloud/tree/main/services/postprocessing) for more details. - -The number of concurrent scans can be increased by setting `ANTIVIRUS_WORKERS`, but be aware that this will also increase the memory usage. +The service can be configured via environment variables. Key configuration options include: +- `APP_PROVIDER_EXTERNAL_ADDR` - External address where the gateway service can reach the app provider -### Scaling in Kubernetes +## Scalability -In kubernetes, `ANTIVIRUS_WORKERS` and `ANTIVIRUS_MAX_SCAN_SIZE` can be used to trigger the horizontal pod autoscaler by requesting a memory size that is below `ANTIVIRUS_MAX_SCAN_SIZE`. Keep in mind that `ANTIVIRUS_MAX_SCAN_SIZE` amount of memory might be held by `ANTIVIRUS_WORKERS` number of go routines. +The app-provider service can be scaled horizontally as it primarily acts as a coordinator between applications and the OpenCloud backend services. diff --git a/static/env-vars/app-registry.yaml b/static/env-vars/app-registry.yaml index ec5985db..cd6c50c9 100644 --- a/static/env-vars/app-registry.yaml +++ b/static/env-vars/app-registry.yaml @@ -1,11 +1,6 @@ # Autogenerated # Filename: app-registry.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" log: level: "" pretty: false diff --git a/static/env-vars/app-registry_configvars.md b/static/env-vars/app-registry_configvars.md index ea182854..1546f281 100644 --- a/static/env-vars/app-registry_configvars.md +++ b/static/env-vars/app-registry_configvars.md @@ -2,10 +2,6 @@ Environment variables for the **app-registry** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|:---| -|`OC_TRACING_ENABLED`
`APP_REGISTRY_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`APP_REGISTRY_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`APP_REGISTRY_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`APP_REGISTRY_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| |`OC_LOG_LEVEL`
`APP_REGISTRY_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| |`OC_LOG_PRETTY`
`APP_REGISTRY_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| |`OC_LOG_COLOR`
`APP_REGISTRY_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| diff --git a/static/env-vars/app-registry_readme.md b/static/env-vars/app-registry_readme.md index 859ea723..5f7d4ff0 100644 --- a/static/env-vars/app-registry_readme.md +++ b/static/env-vars/app-registry_readme.md @@ -1,6 +1,6 @@ --- title: App Registry -date: 2025-11-13T17:22:55.092655+01:00 +date: 2025-11-27T22:56:02.33178+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/app-registry @@ -20,7 +20,7 @@ Administrators can set default applications on a per MIME type basis and also al ## Table of Contents -* [MIME Type Configuration / Creation Allow List](#mime-type-configuration--creation-allow-list) +* [MIME Type Configuration / Creation Allow List](#mime-type-configuration-/-creation-allow-list) * [MIME Type Configuration](#mime-type-configuration) * [Endpoint Access](#endpoint-access) * [Listing available apps and mime types](#listing-available-apps-and-mime-types) diff --git a/static/env-vars/audit.yaml b/static/env-vars/audit.yaml index 6d9864ce..5a0cf91f 100644 --- a/static/env-vars/audit.yaml +++ b/static/env-vars/audit.yaml @@ -1,11 +1,6 @@ # Autogenerated # Filename: audit.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" log: level: "" pretty: false diff --git a/static/env-vars/audit_configvars.md b/static/env-vars/audit_configvars.md index 31c9fa66..103db962 100644 --- a/static/env-vars/audit_configvars.md +++ b/static/env-vars/audit_configvars.md @@ -2,10 +2,6 @@ Environment variables for the **audit** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|:---| -|`OC_TRACING_ENABLED`
`AUDIT_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`AUDIT_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`AUDIT_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`AUDIT_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| |`OC_LOG_LEVEL`
`AUDIT_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| |`OC_LOG_PRETTY`
`AUDIT_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| |`OC_LOG_COLOR`
`AUDIT_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| diff --git a/static/env-vars/audit_readme.md b/static/env-vars/audit_readme.md index f187fd9f..375fcc57 100644 --- a/static/env-vars/audit_readme.md +++ b/static/env-vars/audit_readme.md @@ -1,6 +1,6 @@ --- title: Audit -date: 2025-11-13T17:22:55.092897+01:00 +date: 2025-11-27T22:56:02.331876+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/audit diff --git a/static/env-vars/auth-app.yaml b/static/env-vars/auth-app.yaml index b5e41b01..c180ec4e 100644 --- a/static/env-vars/auth-app.yaml +++ b/static/env-vars/auth-app.yaml @@ -1,11 +1,6 @@ # Autogenerated # Filename: auth-app.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" log: level: "" pretty: false diff --git a/static/env-vars/auth-app_configvars.md b/static/env-vars/auth-app_configvars.md index 723c8a87..07f8cda4 100644 --- a/static/env-vars/auth-app_configvars.md +++ b/static/env-vars/auth-app_configvars.md @@ -2,10 +2,6 @@ Environment variables for the **auth-app** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|:---| -|`OC_TRACING_ENABLED`
`AUTH_APP_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`AUTH_APP_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`AUTH_APP_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`AUTH_APP_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| |`OC_LOG_LEVEL`
`AUTH_APP_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| |`OC_LOG_PRETTY`
`AUTH_APP_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| |`OC_LOG_COLOR`
`AUTH_APP_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| @@ -32,11 +28,11 @@ Environment variables for the **auth-app** service |`AUTH_APP_SKIP_USER_GROUPS_IN_TOKEN`| 1.0.0 |bool|`Disables the encoding of the user's group memberships in the access token. This reduces the token size, especially when users are members of a large number of groups.`|`false`| |`OC_MACHINE_AUTH_API_KEY`
`AUTH_APP_MACHINE_AUTH_API_KEY`| 1.0.0 |string|`The machine auth API key used to validate internal requests necessary to access resources from other services.`|``| |`AUTH_APP_ENABLE_IMPERSONATION`| 1.0.0 |bool|`Allows admins to create app tokens for other users. Used for migration. Do NOT use in productive deployments.`|`false`| -|`AUTH_APP_STORAGE_DRIVER`| next |string|`Driver to be used to persist the app tokes . Supported values are 'jsoncs3', 'json'.`|`jsoncs3`| -|`AUTH_APP_JSONCS3_PROVIDER_ADDR`| next |string|`GRPC address of the STORAGE-SYSTEM service.`|`eu.opencloud.api.storage-system`| -|`OC_SYSTEM_USER_ID`
`AUTH_APP_JSONCS3_SYSTEM_USER_ID`| next |string|`ID of the OpenCloud STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.`|``| -|`OC_SYSTEM_USER_IDP`
`AUTH_APP_JSONCS3_SYSTEM_USER_IDP`| next |string|`IDP of the OpenCloud STORAGE-SYSTEM system user.`|`internal`| -|`OC_SYSTEM_USER_API_KEY`
`AUTH_APP_JSONCS3_SYSTEM_USER_API_KEY`| next |string|`API key for the STORAGE-SYSTEM system user.`|``| -|`AUTH_APP_JSONCS3_PASSWORD_GENERATOR`| next |string|`The password generator that should be used for generating app tokens. Supported values are: 'diceware' and 'random'.`|`diceware`| -|`AUTH_APP_JSONCS3_DICEWARE_NUMBER_OF_WORDS`| next |int|`The number of words the generated passphrase will have.`|`6`| -|`AUTH_APP_JSONCS3_RANDOM_PASSWORD_LENGTH`| next |int|`The number of charactors the generated passwords will have.`|`0`| +|`AUTH_APP_STORAGE_DRIVER`| 4.0.0 |string|`Driver to be used to persist the app tokes . Supported values are 'jsoncs3', 'json'.`|`jsoncs3`| +|`AUTH_APP_JSONCS3_PROVIDER_ADDR`| 4.0.0 |string|`GRPC address of the STORAGE-SYSTEM service.`|`eu.opencloud.api.storage-system`| +|`OC_SYSTEM_USER_ID`
`AUTH_APP_JSONCS3_SYSTEM_USER_ID`| 4.0.0 |string|`ID of the OpenCloud STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.`|``| +|`OC_SYSTEM_USER_IDP`
`AUTH_APP_JSONCS3_SYSTEM_USER_IDP`| 4.0.0 |string|`IDP of the OpenCloud STORAGE-SYSTEM system user.`|`internal`| +|`OC_SYSTEM_USER_API_KEY`
`AUTH_APP_JSONCS3_SYSTEM_USER_API_KEY`| 4.0.0 |string|`API key for the STORAGE-SYSTEM system user.`|``| +|`AUTH_APP_JSONCS3_PASSWORD_GENERATOR`| 4.0.0 |string|`The password generator that should be used for generating app tokens. Supported values are: 'diceware' and 'random'.`|`diceware`| +|`AUTH_APP_JSONCS3_DICEWARE_NUMBER_OF_WORDS`| 4.0.0 |int|`The number of words the generated passphrase will have.`|`6`| +|`AUTH_APP_JSONCS3_RANDOM_PASSWORD_LENGTH`| 4.0.0 |int|`The number of charactors the generated passwords will have.`|`0`| diff --git a/static/env-vars/auth-app_readme.md b/static/env-vars/auth-app_readme.md index f6a1679f..1e09e336 100644 --- a/static/env-vars/auth-app_readme.md +++ b/static/env-vars/auth-app_readme.md @@ -1,6 +1,6 @@ --- title: Auth-App -date: 2025-11-13T17:22:55.093061+01:00 +date: 2025-11-27T22:56:02.331944+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/auth-app @@ -30,7 +30,7 @@ PROXY_ENABLE_APP_AUTH=false # mandatory, disables app authentication. In ca * [Managing App Tokens](#managing-app-tokens) * [Via API](#via-api) * [Via Impersonation API](#via-impersonation-api) - * [Via CLI (developer only)](#via-cli-developer-only)) + * [Via CLI (developer only)](#via-cli-(developer-only)) * [Authenticating using App Tokens](#authenticating-using-app-tokens) ## App Tokens diff --git a/static/env-vars/auth-basic.yaml b/static/env-vars/auth-basic.yaml index d3f951d5..3a44e5c4 100644 --- a/static/env-vars/auth-basic.yaml +++ b/static/env-vars/auth-basic.yaml @@ -1,11 +1,6 @@ # Autogenerated # Filename: auth-basic.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" log: level: "" pretty: false @@ -32,7 +27,7 @@ auth_provider: ldap auth_providers: ldap: uri: ldaps://localhost:9235 - ca_cert: /Users/t.schweiger/.opencloud/idm/ldap.crt + ca_cert: /var/lib/opencloud/idm/ldap.crt insecure: false bind_dn: uid=reva,ou=sysusers,o=libregraph-idm bind_password: "" diff --git a/static/env-vars/auth-basic_configvars.md b/static/env-vars/auth-basic_configvars.md index 62e2b5d1..5e86abc5 100644 --- a/static/env-vars/auth-basic_configvars.md +++ b/static/env-vars/auth-basic_configvars.md @@ -2,10 +2,6 @@ Environment variables for the **auth-basic** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|:---| -|`OC_TRACING_ENABLED`
`AUTH_BASIC_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`AUTH_BASIC_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`AUTH_BASIC_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`AUTH_BASIC_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| |`OC_LOG_LEVEL`
`AUTH_BASIC_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| |`OC_LOG_PRETTY`
`AUTH_BASIC_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| |`OC_LOG_COLOR`
`AUTH_BASIC_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| @@ -23,7 +19,7 @@ Environment variables for the **auth-basic** service |`AUTH_BASIC_SKIP_USER_GROUPS_IN_TOKEN`| 1.0.0 |bool|`Disables the encoding of the user's group memberships in the reva access token. This reduces the token size, especially when users are members of a large number of groups.`|`false`| |`AUTH_BASIC_AUTH_MANAGER`| 1.0.0 |string|`The authentication manager to check if credentials are valid. Supported value is 'ldap'.`|`ldap`| |`OC_LDAP_URI`
`AUTH_BASIC_LDAP_URI`| 1.0.0 |string|`URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' and 'ldap://'`|`ldaps://localhost:9235`| -|`OC_LDAP_CACERT`
`AUTH_BASIC_LDAP_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idm.`|`/Users/t.schweiger/.opencloud/idm/ldap.crt`| +|`OC_LDAP_CACERT`
`AUTH_BASIC_LDAP_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idm.`|`/var/lib/opencloud/idm/ldap.crt`| |`OC_LDAP_INSECURE`
`AUTH_BASIC_LDAP_INSECURE`| 1.0.0 |bool|`Disable TLS certificate validation for the LDAP connections. Do not set this in production environments.`|`false`| |`OC_LDAP_BIND_DN`
`AUTH_BASIC_LDAP_BIND_DN`| 1.0.0 |string|`LDAP DN to use for simple bind authentication with the target LDAP server.`|`uid=reva,ou=sysusers,o=libregraph-idm`| |`OC_LDAP_BIND_PASSWORD`
`AUTH_BASIC_LDAP_BIND_PASSWORD`| 1.0.0 |string|`Password to use for authenticating the 'bind_dn'.`|``| @@ -40,7 +36,7 @@ Environment variables for the **auth-basic** service |`OC_LDAP_DISABLE_USER_MECHANISM`
`AUTH_BASIC_DISABLE_USER_MECHANISM`| 1.0.0 |string|`An option to control the behavior for disabling users. Valid options are 'none', 'attribute' and 'group'. If set to 'group', disabling a user via API will add the user to the configured group for disabled users, if set to 'attribute' this will be done in the ldap user entry, if set to 'none' the disable request is not processed.`|`attribute`| |`OC_LDAP_DISABLED_USERS_GROUP_DN`
`AUTH_BASIC_DISABLED_USERS_GROUP_DN`| 1.0.0 |string|`The distinguished name of the group to which added users will be classified as disabled when 'disable_user_mechanism' is set to 'group'.`|`cn=DisabledUsersGroup,ou=groups,o=libregraph-idm`| |`OC_LDAP_USER_SCHEMA_ID`
`AUTH_BASIC_LDAP_USER_SCHEMA_ID`| 1.0.0 |string|`LDAP Attribute to use as the unique ID for users. This should be a stable globally unique ID like a UUID.`|`openCloudUUID`| -|`OC_LDAP_USER_SCHEMA_TENANT_ID`
`AUTH_BASIC_LDAP_USER_SCHEMA_TENANT_ID`| next |string|`LDAP Attribute to use for the tenant ID of users. This is used to identify the tenant of a user in a multi-tenant environment.`|``| +|`OC_LDAP_USER_SCHEMA_TENANT_ID`
`AUTH_BASIC_LDAP_USER_SCHEMA_TENANT_ID`| 4.0.0 |string|`LDAP Attribute to use for the tenant ID of users. This is used to identify the tenant of a user in a multi-tenant environment.`|``| |`OC_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING`
`AUTH_BASIC_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING`| 1.0.0 |bool|`Set this to true if the defined 'ID' attribute for users is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the user IDs.`|`false`| |`OC_LDAP_USER_SCHEMA_MAIL`
`AUTH_BASIC_LDAP_USER_SCHEMA_MAIL`| 1.0.0 |string|`LDAP Attribute to use for the email address of users.`|`mail`| |`OC_LDAP_USER_SCHEMA_DISPLAYNAME`
`AUTH_BASIC_LDAP_USER_SCHEMA_DISPLAYNAME`| 1.0.0 |string|`LDAP Attribute to use for the displayname of users.`|`displayname`| diff --git a/static/env-vars/auth-basic_readme.md b/static/env-vars/auth-basic_readme.md index df4846c1..29adb32f 100644 --- a/static/env-vars/auth-basic_readme.md +++ b/static/env-vars/auth-basic_readme.md @@ -1,6 +1,6 @@ --- title: Auth-Basic -date: 2025-11-13T17:22:55.093151+01:00 +date: 2025-11-27T22:56:02.332069+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/auth-basic @@ -22,7 +22,7 @@ To enable `auth-basic`, you first must set `PROXY_ENABLE_BASIC_AUTH` to `true`. ## Table of Contents -* [The `auth` Service Family](#the-auth-service-family) +* [The `auth` Service Family](#the-`auth`-service-family) * [Auth Managers](#auth-managers) * [LDAP Auth Manager](#ldap-auth-manager) * [Other Auth Managers](#other-auth-managers) diff --git a/static/env-vars/auth-bearer.yaml b/static/env-vars/auth-bearer.yaml index f4ef9027..3d6569a2 100644 --- a/static/env-vars/auth-bearer.yaml +++ b/static/env-vars/auth-bearer.yaml @@ -1,11 +1,6 @@ # Autogenerated # Filename: auth-bearer.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" log: level: "" pretty: false diff --git a/static/env-vars/auth-bearer_configvars.md b/static/env-vars/auth-bearer_configvars.md index 90a263d2..ce85b095 100644 --- a/static/env-vars/auth-bearer_configvars.md +++ b/static/env-vars/auth-bearer_configvars.md @@ -2,10 +2,6 @@ Environment variables for the **auth-bearer** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|:---| -|`OC_TRACING_ENABLED`
`AUTH_BEARER_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`AUTH_BEARER_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`AUTH_BEARER_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`AUTH_BEARER_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| |`OC_LOG_LEVEL`
`AUTH_BEARER_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| |`OC_LOG_PRETTY`
`AUTH_BEARER_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| |`OC_LOG_COLOR`
`AUTH_BEARER_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| diff --git a/static/env-vars/auth-bearer_readme.md b/static/env-vars/auth-bearer_readme.md index c33a37cf..fa141399 100644 --- a/static/env-vars/auth-bearer_readme.md +++ b/static/env-vars/auth-bearer_readme.md @@ -1,6 +1,6 @@ --- title: Auth-Bearer -date: 2025-11-13T17:22:55.093335+01:00 +date: 2025-11-27T22:56:02.332138+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/auth-bearer @@ -18,7 +18,7 @@ The OpenCloud Auth Bearer service communicates with the configured OpenID Connec ## Table of Contents -* [The `auth` Service Family](#the-auth-service-family) +* [The `auth` Service Family](#the-`auth`-service-family) * [Built in OpenID Connect Identity Provider](#built-in-openid-connect-identity-provider) * [Scalability](#scalability) diff --git a/static/env-vars/auth-machine.yaml b/static/env-vars/auth-machine.yaml index 070c15d6..b916927d 100644 --- a/static/env-vars/auth-machine.yaml +++ b/static/env-vars/auth-machine.yaml @@ -1,11 +1,6 @@ # Autogenerated # Filename: auth-machine.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" log: level: "" pretty: false diff --git a/static/env-vars/auth-machine_configvars.md b/static/env-vars/auth-machine_configvars.md index 797d7b58..11f65a55 100644 --- a/static/env-vars/auth-machine_configvars.md +++ b/static/env-vars/auth-machine_configvars.md @@ -2,10 +2,6 @@ Environment variables for the **auth-machine** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|:---| -|`OC_TRACING_ENABLED`
`AUTH_MACHINE_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`AUTH_MACHINE_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`AUTH_MACHINE_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`AUTH_MACHINE_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| |`OC_LOG_LEVEL`
`AUTH_MACHINE_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| |`OC_LOG_PRETTY`
`AUTH_MACHINE_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| |`OC_LOG_COLOR`
`AUTH_MACHINE_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| diff --git a/static/env-vars/auth-machine_readme.md b/static/env-vars/auth-machine_readme.md index 58c0edf1..ec99dc8c 100644 --- a/static/env-vars/auth-machine_readme.md +++ b/static/env-vars/auth-machine_readme.md @@ -1,6 +1,6 @@ --- title: Auth-Machine -date: 2025-11-13T17:22:55.093564+01:00 +date: 2025-11-27T22:56:02.332206+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/auth-machine diff --git a/static/env-vars/auth-service.yaml b/static/env-vars/auth-service.yaml index 8a2230df..d310451f 100644 --- a/static/env-vars/auth-service.yaml +++ b/static/env-vars/auth-service.yaml @@ -1,11 +1,6 @@ # Autogenerated # Filename: auth-service.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" log: level: "" pretty: false diff --git a/static/env-vars/auth-service_configvars.md b/static/env-vars/auth-service_configvars.md index cfad01cb..7b90239d 100644 --- a/static/env-vars/auth-service_configvars.md +++ b/static/env-vars/auth-service_configvars.md @@ -2,10 +2,6 @@ Environment variables for the **auth-service** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|:---| -|`OC_TRACING_ENABLED`
`AUTH_SERVICE_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`AUTH_SERVICE_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`AUTH_SERVICE_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`AUTH_SERVICE_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| |`OC_LOG_LEVEL`
`AUTH_SERVICE_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| |`OC_LOG_PRETTY`
`AUTH_SERVICE_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| |`OC_LOG_COLOR`
`AUTH_SERVICE_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| diff --git a/static/env-vars/auth-service_readme.md b/static/env-vars/auth-service_readme.md index 985994d9..3452959c 100644 --- a/static/env-vars/auth-service_readme.md +++ b/static/env-vars/auth-service_readme.md @@ -1,6 +1,6 @@ --- title: Auth-Service -date: 2025-11-13T17:22:55.093816+01:00 +date: 2025-11-27T22:56:02.332268+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/auth-service @@ -18,7 +18,7 @@ The OpenCloud Auth Service is used to authenticate service accounts. Compared to ## Table of Contents -* [The `auth` Service Family](#the-auth-service-family) +* [The `auth` Service Family](#the-`auth`-service-family) * [Service Accounts](#service-accounts) * [Configuring Service Accounts](#configuring-service-accounts) diff --git a/static/env-vars/clientlog.yaml b/static/env-vars/clientlog.yaml index a3af04f3..10419623 100644 --- a/static/env-vars/clientlog.yaml +++ b/static/env-vars/clientlog.yaml @@ -1,11 +1,6 @@ # Autogenerated # Filename: clientlog.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" log: level: "" pretty: false diff --git a/static/env-vars/clientlog_configvars.md b/static/env-vars/clientlog_configvars.md index e876b156..0ba67365 100644 --- a/static/env-vars/clientlog_configvars.md +++ b/static/env-vars/clientlog_configvars.md @@ -2,10 +2,6 @@ Environment variables for the **clientlog** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|:---| -|`OC_TRACING_ENABLED`
`CLIENTLOG_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`CLIENTLOG_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`CLIENTLOG_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`CLIENTLOG_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| |`OC_LOG_LEVEL`
`CLIENTLOG_USERLOG_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| |`OC_LOG_PRETTY`
`CLIENTLOG_USERLOG_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| |`OC_LOG_COLOR`
`CLIENTLOG_USERLOG_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| diff --git a/static/env-vars/clientlog_readme.md b/static/env-vars/clientlog_readme.md index 02c6600d..ae27070c 100644 --- a/static/env-vars/clientlog_readme.md +++ b/static/env-vars/clientlog_readme.md @@ -1,6 +1,6 @@ --- title: Clientlog Service -date: 2025-11-13T17:22:55.094245+01:00 +date: 2025-11-27T22:56:02.332344+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/clientlog diff --git a/static/env-vars/collaboration.yaml b/static/env-vars/collaboration.yaml index 1076bcf5..ef04082d 100644 --- a/static/env-vars/collaboration.yaml +++ b/static/env-vars/collaboration.yaml @@ -46,11 +46,6 @@ cs3api: insecure: false grpc_client_tls: null app_registration_interval: 30s -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" log: level: "" pretty: false diff --git a/static/env-vars/collaboration_configvars.md b/static/env-vars/collaboration_configvars.md index b46f67b3..69eaa680 100644 --- a/static/env-vars/collaboration_configvars.md +++ b/static/env-vars/collaboration_configvars.md @@ -34,11 +34,7 @@ Environment variables for the **collaboration** service |`COLLABORATION_WOPI_SHORTTOKENS`| 1.0.0 |bool|`Use short access tokens for WOPI access. This is useful for office packages, like Microsoft Office Online, which have URL length restrictions. If enabled, a persistent store must be configured.`|`false`| |`OC_REVA_GATEWAY`| 1.0.0 |string|`CS3 gateway used to look up user metadata.`|`eu.opencloud.api.gateway`| |`COLLABORATION_CS3API_DATAGATEWAY_INSECURE`| 1.0.0 |bool|`Connect to the CS3API data gateway insecurely.`|`false`| -|`COLLABORATION_CS3API_APP_REGISTRATION_INTERVAL`| next |Duration|`The interval at which the app provider registers itself.`|`30s`| -|`OC_TRACING_ENABLED`
`COLLABORATION_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`COLLABORATION_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`COLLABORATION_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`COLLABORATION_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| +|`COLLABORATION_CS3API_APP_REGISTRATION_INTERVAL`| 4.0.0 |Duration|`The interval at which the app provider registers itself.`|`30s`| |`OC_LOG_LEVEL`
`COLLABORATION_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| |`OC_LOG_PRETTY`
`COLLABORATION_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| |`OC_LOG_COLOR`
`COLLABORATION_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| diff --git a/static/env-vars/collaboration_readme.md b/static/env-vars/collaboration_readme.md index b9dd5669..8a1d29fe 100644 --- a/static/env-vars/collaboration_readme.md +++ b/static/env-vars/collaboration_readme.md @@ -1,6 +1,6 @@ --- title: Collaboration -date: 2025-11-13T17:22:55.094416+01:00 +date: 2025-11-27T22:56:02.332416+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/collaboration diff --git a/static/env-vars/eventhistory.yaml b/static/env-vars/eventhistory.yaml index a8d559d1..4a0bdc7d 100644 --- a/static/env-vars/eventhistory.yaml +++ b/static/env-vars/eventhistory.yaml @@ -1,11 +1,6 @@ # Autogenerated # Filename: eventhistory.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" log: level: "" pretty: false diff --git a/static/env-vars/eventhistory_configvars.md b/static/env-vars/eventhistory_configvars.md index e41a1d95..00df06cd 100644 --- a/static/env-vars/eventhistory_configvars.md +++ b/static/env-vars/eventhistory_configvars.md @@ -2,10 +2,6 @@ Environment variables for the **eventhistory** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|:---| -|`OC_TRACING_ENABLED`
`EVENTHISTORY_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`EVENTHISTORY_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`EVENTHISTORY_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`EVENTHISTORY_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| |`OC_LOG_LEVEL`
`EVENTHISTORY_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| |`OC_LOG_PRETTY`
`EVENTHISTORY_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| |`OC_LOG_COLOR`
`EVENTHISTORY_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| diff --git a/static/env-vars/eventhistory_readme.md b/static/env-vars/eventhistory_readme.md index 47dd76b4..6d31ac18 100644 --- a/static/env-vars/eventhistory_readme.md +++ b/static/env-vars/eventhistory_readme.md @@ -1,6 +1,6 @@ --- title: Eventhistory -date: 2025-11-13T17:22:55.094497+01:00 +date: 2025-11-27T22:56:02.332506+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/eventhistory diff --git a/static/env-vars/extended_configvars.md b/static/env-vars/extended_configvars.md index 01e7e344..9e1abaec 100644 --- a/static/env-vars/extended_configvars.md +++ b/static/env-vars/extended_configvars.md @@ -1,159 +1,13 @@ # Environment variables with extended scope not included in a service -| Name | Type | Description | Default Value | +| Name | Type | Default Value | Description | |---|---|---|---| -`CI` | | | | -`CI` | | | | -`CI` | | | | -`CI_SYSTEM_NAME` | | | | -`CI_SYSTEM_NAME` | | | | -`CI_SYSTEM_NAME` | | | | -`CS3_GATEWAY` | | | | -`CS3_GATEWAY` | | | | -`CS3_GATEWAY` | | | | -`CS3_GATEWAY` | | | | -`CS3_GATEWAY` | | | | -`CS3_MACHINE_AUTH_API_KEY` | | | | -`CS3_MACHINE_AUTH_API_KEY` | | | | -`CS3_MACHINE_AUTH_API_KEY` | | | | -`CS3_MACHINE_AUTH_API_KEY` | | | | -`CS3_MACHINE_AUTH_API_KEY` | | | | -`DAYS` | | | | -`DAYS` | | | | -`DAYS` | | | | -`DAYS` | | | | -`DAYS` | | | | -`GITHUB_API_TOKEN` | | | | -`GRACEFUL` | | | | -`HOSTNAME` | | | | -`HOSTNAME` | | | | -`HOSTNAME` | | | | -`HOSTNAME` | | | | -`HOSTNAME` | | | | -`HOSTNAME` | | | | -`HOSTNAME` | | | | -`KOPANO_DEBUG_SERVER_REQUEST_LOG` | | | | -`LDAP_BASEDN` | | | | -`LDAP_BINDDN` | | | | -`LDAP_BINDPW` | | | | -`LDAP_EMAIL_ATTRIBUTE` | | | | -`LDAP_FAMILY_NAME_ATTRIBUTE` | | | | -`LDAP_FILTER` | | | | -`LDAP_GIVEN_NAME_ATTRIBUTE` | | | | -`LDAP_LOGIN_ATTRIBUTE` | | | | -`LDAP_NAME_ATTRIBUTE` | | | | -`LDAP_SCOPE` | | | | -`LDAP_SUB_ATTRIBUTES` | | | | -`LDAP_TLS_CACERT` | | | | -`LDAP_UIDNUMBER_ATTRIBUTE` | | | | -`LDAP_URI` | | | | -`LDAP_UUID_ATTRIBUTE` | | | | -`LDAP_UUID_ATTRIBUTE_TYPE` | | | | -`LIBREGRAPH_SCOPED_URIS` | | | | -`LIBREGRAPH_URI` | | | | -`LICOD_ENCRYPTION_SECRET` | | | | -`LICOD_SIGNING_KID` | | | | -`LICOD_VALIDATION_KEYS_PATH` | | | | -`MICRO_LOG_LEVEL` | | | | -`MICRO_LOG_LEVEL` | | | | -`MICRO_LOG_LEVEL` | | | | -`MICRO_LOG_LEVEL` | | | | -`MICRO_LOG_LEVEL` | | | | -`MICRO_LOG_LEVEL` | | | | -`MICRO_LOG_LEVEL` | | | | -`MICRO_LOG_LEVEL` | | | | -`MICRO_LOG_LEVEL` | | | | -`MICRO_LOG_LEVEL` | | | | -`MIDDLEWARE_PROJECT_DIR` | | | | -`MONTH` | | | | -`MONTH` | | | | -`MONTH` | | | | -`MONTH` | | | | -`MONTH` | | | | -`NEXTCLOUD` | | | | -`NEXTCLOUD` | | | | -`NEXTCLOUD` | | | | -`NEXTCLOUD` | | | | -`OC_BASE_DATA_PATH` | | | | -`OC_BASE_DATA_PATH` | | | | -`OC_BASE_DATA_PATH` | | | | -`OC_BASE_DATA_PATH` | | | | -`OC_BASE_DATA_PATH` | | | | -`OC_CONFIG_DIR` | | | | -`OC_CONFIG_DIR` | | | | -`OC_CONFIG_DIR` | | | | -`OC_CONFIG_DIR` | | | | -`OC_CONFIG_DIR` | | | | -`OC_GRPC_MAX_RECEIVED_MESSAGE_SIZE` | | | | -`OX_BLACKLISTED_PACKAGES` | | | | -`OX_WHITELISTED_PACKAGES` | | | | -`REDIS_ADDRESS` | | | | -`REVA_APPPROVIDER_IOPSECRET` | | | | -`REVA_SMTP_SENDER_PASSWORD` | | | | -`RUN_CMD_TEST` | | | | -`RUN_CMD_TEST` | | | | -`RUN_CMD_TEST` | | | | -`RUN_CMD_TEST` | | | | -`RUN_CMD_TEST` | | | | -`RUN_LDAP_TESTS` | | | | -`RUN_LDAP_TESTS` | | | | -`SQL_ADDRESS` | | | | -`SQL_DBNAME` | | | | -`SQL_PASSWORD` | | | | -`SQL_USERNAME` | | | | -`USE_TESTCONTAINERS` | | | | -`USE_TESTCONTAINERS` | | | | -`USE_TESTCONTAINERS` | | | | -`YEAR` | | | | -`YEAR` | | | | -`YEAR` | | | | -`YEAR` | | | | -`YEAR` | | | | -`_registryAddressEnv` | | | | -`_registryAddressEnv` | | | | -`_registryAddressEnv` | | | | -`_registryAddressEnv` | | | | -`_registryAddressEnv` | | | | -`_registryAddressEnv` | | | | -`_registryAddressEnv` | | | | -`_registryAddressEnv` | | | | -`_registryAddressEnv` | | | | -`_registryAddressEnv` | | | | -`_registryEnv` | | | | -`_registryEnv` | | | | -`_registryEnv` | | | | -`_registryEnv` | | | | -`_registryEnv` | | | | -`_registryPasswordEnv` | | | | -`_registryPasswordEnv` | | | | -`_registryPasswordEnv` | | | | -`_registryPasswordEnv` | | | | -`_registryPasswordEnv` | | | | -`_registryRegisterIntervalEnv` | | | | -`_registryRegisterIntervalEnv` | | | | -`_registryRegisterIntervalEnv` | | | | -`_registryRegisterIntervalEnv` | | | | -`_registryRegisterIntervalEnv` | | | | -`_registryRegisterTTLEnv` | | | | -`_registryRegisterTTLEnv` | | | | -`_registryRegisterTTLEnv` | | | | -`_registryRegisterTTLEnv` | | | | -`_registryRegisterTTLEnv` | | | | -`_registryUsernameEnv` | | | | -`_registryUsernameEnv` | | | | -`_registryUsernameEnv` | | | | -`_registryUsernameEnv` | | | | -`_registryUsernameEnv` | | | | -`_serverMaxConnectionAgeEnv` | | | | -`_serverMaxConnectionAgeEnv` | | | | -`_serverMaxConnectionAgeEnv` | | | | -`_serverMaxConnectionAgeEnv` | | | | -`_serverMaxConnectionAgeEnv` | | | | -`_serverMaxConnectionAgeEnv` | | | | - - -`parts[0]` | | | | -`parts[0]` | | | | - -`parts[0]` | | | | - \ No newline at end of file +`EXPERIMENTAL_REGISTER_INTERVAL` | duration | 25s | The interval at which services will re-register themselves with the registry to prevent expiry. Only change on supervision of openCloud Support. | +`EXPERIMENTAL_REGISTER_TTL` | duration | 30s | The time-to-live for a service registration in the registry. Services must re-register before this time to prevent expiry. Only change on supervision of openCloud Support. | +`MICRO_LOG_LEVEL` | string | Error | Set the log level for the internal go micro framework. Only change on supervision of openCloud Support. | +`MICRO_REGISTRY` | string | nats-js-kv | The type of registry to use. Only change on supervision of openCloud Support. | +`MICRO_REGISTRY_ADDRESS` | string | 127.0.0.1:9233 | The bind address of the internal natsjs registry. Only change on supervision of openCloud Support. | +`MICRO_REGISTRY_AUTH_PASSWORD` | string | | Optional when using nats to authenticate with the nats cluster. | +`OC_BASE_DATA_PATH` | string | | The base directory location used by several services and for user data. See the General Info section in the documentation for more details on defaults. Services can have, if available, an individual setting with an own environment variable. | +`OC_CONFIG_DIR` | string | | The default directory location for config files. See the General Info section in the documentation for more details on defaults. | +`OC_GRPC_MAX_RECEIVED_MESSAGE_SIZE` | integer | 10240000 | Sets the maximum message size in bytes the GRPC client can receive. | \ No newline at end of file diff --git a/static/env-vars/frontend.yaml b/static/env-vars/frontend.yaml index 092bfef4..b9bcafae 100644 --- a/static/env-vars/frontend.yaml +++ b/static/env-vars/frontend.yaml @@ -1,11 +1,6 @@ # Autogenerated # Filename: frontend.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" log: level: "" pretty: false @@ -83,6 +78,7 @@ enable_federated_sharing_outgoing: false search_min_length: 3 edition: "" disable_sse: false +disable_radicale: false default_link_permissions: 1 public_url: https://localhost:9200 max_concurrency: 1 diff --git a/static/env-vars/frontend_configvars.md b/static/env-vars/frontend_configvars.md index 14a6fb74..415a7032 100644 --- a/static/env-vars/frontend_configvars.md +++ b/static/env-vars/frontend_configvars.md @@ -1,5 +1,5 @@ -2025-11-13-17-19-28 +2025-11-27-22-55-58 # Deprecation Notice @@ -25,10 +25,6 @@ Environment variables for the **frontend** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|:---| -|`OC_TRACING_ENABLED`
`FRONTEND_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`FRONTEND_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`FRONTEND_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`FRONTEND_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| |`OC_LOG_LEVEL`
`FRONTEND_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| |`OC_LOG_PRETTY`
`FRONTEND_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| |`OC_LOG_COLOR`
`FRONTEND_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| @@ -61,6 +57,7 @@ Environment variables for the **frontend** service |`FRONTEND_SEARCH_MIN_LENGTH`| 1.0.0 |int|`Minimum number of characters to enter before a client should start a search for Share receivers. This setting can be used to customize the user experience if e.g too many results are displayed.`|`3`| |`OC_EDITION`
`FRONTEND_EDITION`| 1.0.0 |string|`Edition of OpenCloud. Used for branding purposes.`|``| |`OC_DISABLE_SSE`
`FRONTEND_DISABLE_SSE`| 1.0.0 |bool|`When set to true, clients are informed that the Server-Sent Events endpoint is not accessible.`|`false`| +|`FRONTEND_DISABLE_RADICALE`| 4.0.0 |bool|`When set to true, clients are informed that the Radicale (CalDAV/CardDAV) is not accessible.`|`false`| |`FRONTEND_DEFAULT_LINK_PERMISSIONS`| 1.0.0 |int|`Defines the default permissions a link is being created with. Possible values are 0 (= internal link, for instance members only) and 1 (= public link with viewer permissions). Defaults to 1.`|`1`| |`OC_URL`
`FRONTEND_PUBLIC_URL`| 1.0.0 |string|`The public facing URL of the OpenCloud frontend.`|`https://localhost:9200`| |`OC_MAX_CONCURRENCY`
`FRONTEND_MAX_CONCURRENCY`| 1.0.0 |int|`Maximum number of concurrent go-routines. Higher values can potentially get work done faster but will also cause more load on the system. Values of 0 or below will be ignored and the default value will be used.`|`1`| diff --git a/static/env-vars/frontend_readme.md b/static/env-vars/frontend_readme.md index e92f3983..578de0bc 100644 --- a/static/env-vars/frontend_readme.md +++ b/static/env-vars/frontend_readme.md @@ -1,6 +1,6 @@ --- title: Frontend -date: 2025-11-13T17:22:55.094687+01:00 +date: 2025-11-27T22:56:02.332575+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/frontend diff --git a/static/env-vars/gateway.yaml b/static/env-vars/gateway.yaml index cca54e1e..6831c5c6 100644 --- a/static/env-vars/gateway.yaml +++ b/static/env-vars/gateway.yaml @@ -1,11 +1,6 @@ # Autogenerated # Filename: gateway.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" log: level: "" pretty: false diff --git a/static/env-vars/gateway_configvars.md b/static/env-vars/gateway_configvars.md index 568a1816..c17ecb8a 100644 --- a/static/env-vars/gateway_configvars.md +++ b/static/env-vars/gateway_configvars.md @@ -2,10 +2,6 @@ Environment variables for the **gateway** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|:---| -|`OC_TRACING_ENABLED`
`GATEWAY_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`GATEWAY_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`GATEWAY_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`GATEWAY_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| |`OC_LOG_LEVEL`
`GATEWAY_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| |`OC_LOG_PRETTY`
`GATEWAY_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| |`OC_LOG_COLOR`
`GATEWAY_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| diff --git a/static/env-vars/gateway_readme.md b/static/env-vars/gateway_readme.md index f54beee8..31af233e 100644 --- a/static/env-vars/gateway_readme.md +++ b/static/env-vars/gateway_readme.md @@ -1,6 +1,6 @@ --- title: Gateway -date: 2025-11-13T17:22:55.094903+01:00 +date: 2025-11-27T22:56:02.332732+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/gateway diff --git a/static/env-vars/global_configvars.md b/static/env-vars/global_configvars.md index c2e00332..b2d2d2ea 100644 --- a/static/env-vars/global_configvars.md +++ b/static/env-vars/global_configvars.md @@ -3,19 +3,19 @@ | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| `IDM_CREATE_DEMO_USERS` | 1.0.0 | bool | The default role assignments the demo users should be setup. | false | -`OC_ADMIN_USER_ID` | 1.0.0 | string | ID of the user that should receive admin privileges. Consider that the UUID can be encoded in some LDAP deployment configurations like in .ldif files. These need to be decoded beforehand. | | +`OC_ADMIN_USER_ID` | 1.0.0 | string | ID of the user who collects all necessary information for deletion. Consider that the UUID can be encoded in some LDAP deployment configurations like in .ldif files. These need to be decoded beforehand. | | `OC_ASYNC_UPLOADS` | 1.0.0 | bool | Enable asynchronous file uploads. | true | -`OC_CACHE_AUTH_PASSWORD` | 1.0.0 | string | The password to authenticate with the cache. Only applies when store type 'nats-js-kv' is configured. | | -`OC_CACHE_AUTH_USERNAME` | 1.0.0 | string | The username to authenticate with the cache. Only applies when store type 'nats-js-kv' is configured. | | -`OC_CACHE_DATABASE` | 1.0.0 | string | The database name the configured store should use. | cache-userinfo | -`OC_CACHE_DISABLE_PERSISTENCE` | 1.0.0 | bool | Disables persistence of the cache. Only applies when store type 'nats-js-kv' is configured. Defaults to false. | false | -`OC_CACHE_STORE` | 1.0.0 | string | The type of the cache store. Supported values are: 'memory', 'redis-sentinel', 'nats-js-kv', 'noop'. See the text description for details. | memory | +`OC_CACHE_AUTH_PASSWORD` | 1.0.0 | string | The password to use for authentication. Only applies when store type 'nats-js-kv' is configured. | | +`OC_CACHE_AUTH_USERNAME` | 1.0.0 | string | The username to use for authentication. Only applies when store type 'nats-js-kv' is configured. | | +`OC_CACHE_DATABASE` | 1.0.0 | string | The database name the configured store should use. | cache-providers | +`OC_CACHE_DISABLE_PERSISTENCE` | 1.0.0 | bool | Disables persistence of the provider cache. Only applies when store type 'nats-js-kv' is configured. Defaults to false. | false | +`OC_CACHE_STORE` | 1.0.0 | string | The type of the cache store. Supported values are: 'memory', 'redis-sentinel', 'nats-js-kv', 'noop'. See the text description for details. | noop | `OC_CACHE_STORE_NODES` | 1.0.0 | []string | A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details. | [127.0.0.1:9233] | -`OC_CACHE_TTL` | 1.0.0 | Duration | Default time to live for user info in the user info cache. Only applied when access tokens has no expiration. See the Environment Variable Types description for more details. | 10s | -`OC_CORS_ALLOW_CREDENTIALS` | 1.0.0 | bool | Allow credentials for CORS. See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials. | false | -`OC_CORS_ALLOW_HEADERS` | 1.0.0 | []string | A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details. | [Origin Accept Content-Type Depth Authorization Ocs-Apirequest If-None-Match If-Match Destination Overwrite X-Request-Id X-Requested-With Tus-Resumable Tus-Checksum-Algorithm Upload-Concat Upload-Length Upload-Metadata Upload-Defer-Length Upload-Expires Upload-Checksum Upload-Offset X-HTTP-Method-Override] | -`OC_CORS_ALLOW_METHODS` | 1.0.0 | []string | A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details. | [OPTIONS HEAD GET PUT PATCH POST DELETE MKCOL PROPFIND PROPPATCH MOVE COPY REPORT SEARCH] | -`OC_CORS_ALLOW_ORIGINS` | 1.0.0 | []string | A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details. | [https://localhost:9200] | +`OC_CACHE_TTL` | 1.0.0 | Duration | Default time to live for user info in the cache. Only applied when access tokens has no expiration. See the Environment Variable Types description for more details. | 5m0s | +`OC_CORS_ALLOW_CREDENTIALS` | 1.0.0 | bool | Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials. | true | +`OC_CORS_ALLOW_HEADERS` | 1.0.0 | []string | A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details. | [Authorization Origin Content-Type Accept X-Requested-With X-Request-Id Cache-Control] | +`OC_CORS_ALLOW_METHODS` | 1.0.0 | []string | A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details. | [GET POST PUT PATCH DELETE OPTIONS] | +`OC_CORS_ALLOW_ORIGINS` | 1.0.0 | []string | A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details. | [*] | `OC_DECOMPOSEDFS_PROPAGATOR` | 1.0.0 | string | The propagator used for decomposedfs. At the moment, only 'sync' is fully supported, 'async' is available as an experimental option. | sync | `OC_DEFAULT_LANGUAGE` | 1.0.0 | string | The default language used by services and the WebUI. If not defined, English will be used as default. See the documentation for more details. | | `OC_DISABLE_VERSIONING` | 1.0.0 | bool | Disables versioning of files. When set to true, new uploads with the same filename will overwrite existing files instead of creating a new version. | false | @@ -23,10 +23,10 @@ `OC_ENABLE_OCM` | 1.0.0 | bool | Changing this value is NOT supported. Enables support for incoming federated sharing for clients. The backend behaviour is not changed. | false | `OC_EVENTS_AUTH_PASSWORD` | 1.0.0 | string | The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services. | | `OC_EVENTS_AUTH_USERNAME` | 1.0.0 | string | The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services. | | -`OC_EVENTS_CLUSTER` | 1.0.0 | string | The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. | opencloud-cluster | +`OC_EVENTS_CLUSTER` | 1.0.0 | string | The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system. | opencloud-cluster | `OC_EVENTS_ENABLE_TLS` | 1.0.0 | bool | Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services. | false | -`OC_EVENTS_ENDPOINT` | 1.0.0 | string | The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Set to a empty string to disable emitting events. | 127.0.0.1:9233 | -`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE` | 1.0.0 | string | The root CA certificate used to validate the server's TLS certificate. If provided PROXY_EVENTS_TLS_INSECURE will be seen as false. | | +`OC_EVENTS_ENDPOINT` | 1.0.0 | string | The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. | 127.0.0.1:9233 | +`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE` | 1.0.0 | string | The root CA certificate used to validate the server's TLS certificate. If provided POLICIES_EVENTS_TLS_INSECURE will be seen as false. | | `OC_GATEWAY_GRPC_ADDR` | 1.0.0 | string | The bind address of the GRPC service. | 127.0.0.1:9142 | `OC_GRPC_CLIENT_TLS_CACERT` | 1.0.0 | string | Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services. | | `OC_GRPC_CLIENT_TLS_MODE` | 1.0.0 | string | TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification. | | @@ -34,7 +34,7 @@ `OC_HTTP_TLS_CERTIFICATE` | 1.0.0 | string | Path/File name of the TLS server certificate (in PEM format) for the http services. | | `OC_HTTP_TLS_ENABLED` | 1.0.0 | bool | Activates TLS for the http based services using the server certifcate and key configured via OC_HTTP_TLS_CERTIFICATE and OC_HTTP_TLS_KEY. If OC_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true. | false | `OC_HTTP_TLS_KEY` | 1.0.0 | string | Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services. | | -`OC_INSECURE` | 1.0.0 | bool | Disable TLS certificate validation for connections to the IDP. Note that this is not recommended for production environments. | false | +`OC_INSECURE` | 1.0.0 | bool | Whether the server should skip the client certificate verification during the TLS handshake. | false | `OC_JWT_SECRET` | 1.0.0 | string | The secret to mint and validate jwt tokens. | | `OC_KEYCLOAK_BASE_PATH` | 1.0.0 | string | The URL to access keycloak. | | `OC_KEYCLOAK_CLIENT_ID` | 1.0.0 | string | The client ID to authenticate with keycloak. | | @@ -42,9 +42,9 @@ `OC_KEYCLOAK_CLIENT_SECRET` | 1.0.0 | string | The client secret to use in authentication. | | `OC_KEYCLOAK_INSECURE_SKIP_VERIFY` | 1.0.0 | bool | Disable TLS certificate validation for Keycloak connections. Do not set this in production environments. | false | `OC_KEYCLOAK_USER_REALM` | 1.0.0 | string | The realm users are defined. | | -`OC_LDAP_BIND_DN` | 1.0.0 | string | LDAP DN to use for simple bind authentication with the target LDAP server. | uid=idp,ou=sysusers,o=libregraph-idm | +`OC_LDAP_BIND_DN` | 1.0.0 | string | LDAP DN to use for simple bind authentication with the target LDAP server. | uid=reva,ou=sysusers,o=libregraph-idm | `OC_LDAP_BIND_PASSWORD` | 1.0.0 | string | Password to use for authenticating the 'bind_dn'. | | -`OC_LDAP_CACERT` | 1.0.0 | string | Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idp. | /Users/t.schweiger/.opencloud/idm/ldap.crt | +`OC_LDAP_CACERT` | 1.0.0 | string | Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idm. | /var/lib/opencloud/idm/ldap.crt | `OC_LDAP_DISABLED_USERS_GROUP_DN` | 1.0.0 | string | The distinguished name of the group to which added users will be classified as disabled when 'disable_user_mechanism' is set to 'group'. | cn=DisabledUsersGroup,ou=groups,o=libregraph-idm | `OC_LDAP_DISABLE_USER_MECHANISM` | 1.0.0 | string | An option to control the behavior for disabling users. Valid options are 'none', 'attribute' and 'group'. If set to 'group', disabling a user via API will add the user to the configured group for disabled users, if set to 'attribute' this will be done in the ldap user entry, if set to 'none' the disable request is not processed. | attribute | `OC_LDAP_GROUP_BASE_DN` | 1.0.0 | string | Search base DN for looking up LDAP groups. | ou=groups,o=libregraph-idm | @@ -52,33 +52,33 @@ `OC_LDAP_GROUP_OBJECTCLASS` | 1.0.0 | string | The object class to use for groups in the default group search filter ('groupOfNames'). | groupOfNames | `OC_LDAP_GROUP_SCHEMA_DISPLAYNAME` | 1.0.0 | string | LDAP Attribute to use for the displayname of groups (often the same as groupname attribute). | cn | `OC_LDAP_GROUP_SCHEMA_GROUPNAME` | 1.0.0 | string | LDAP Attribute to use for the name of groups. | cn | -`OC_LDAP_GROUP_SCHEMA_ID` | 1.0.0 | string | LDAP Attribute to use as the unique id for groups. This should be a stable globally unique ID like a UUID. | openCloudUUID | -`OC_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING` | 1.0.0 | bool | Set this to true if the defined 'id' attribute for groups is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the group ID's. | false | +`OC_LDAP_GROUP_SCHEMA_ID` | 1.0.0 | string | LDAP Attribute to use as the unique id for groups. This should be a stable globally unique id (e.g. a UUID). | openCloudUUID | +`OC_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING` | 1.0.0 | bool | Set this to true if the defined 'id' attribute for groups is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the group IDs. | false | `OC_LDAP_GROUP_SCHEMA_MAIL` | 1.0.0 | string | LDAP Attribute to use for the email address of groups (can be empty). | mail | `OC_LDAP_GROUP_SCHEMA_MEMBER` | 1.0.0 | string | LDAP Attribute that is used for group members. | member | -`OC_LDAP_GROUP_SCOPE` | 1.0.0 | string | LDAP search scope to use when looking up groups. Supported scopes are 'base', 'one' and 'sub'. | sub | +`OC_LDAP_GROUP_SCOPE` | 1.0.0 | string | LDAP search scope to use when looking up groups. Supported values are 'base', 'one' and 'sub'. | sub | `OC_LDAP_INSECURE` | 1.0.0 | bool | Disable TLS certificate validation for the LDAP connections. Do not set this in production environments. | false | `OC_LDAP_SERVER_WRITE_ENABLED` | 1.0.0 | bool | Allow creating, modifying and deleting LDAP users via the GRAPH API. This can only be set to 'true' when keeping default settings for the LDAP user and group attribute types (the 'OC_LDAP_USER_SCHEMA_* and 'OC_LDAP_GROUP_SCHEMA_* variables). | true | -`OC_LDAP_URI` | 1.0.0 | string | Url of the LDAP service to use as IDP. | ldaps://localhost:9235 | +`OC_LDAP_URI` | 1.0.0 | string | URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' and 'ldap://' | ldaps://localhost:9235 | `OC_LDAP_USER_BASE_DN` | 1.0.0 | string | Search base DN for looking up LDAP users. | ou=users,o=libregraph-idm | -`OC_LDAP_USER_ENABLED_ATTRIBUTE` | 1.0.0 | string | LDAP Attribute to use as a flag telling if the user is enabled or disabled. | openCloudUserEnabled | +`OC_LDAP_USER_ENABLED_ATTRIBUTE` | 1.0.0 | string | LDAP attribute to use as a flag telling if the user is enabled or disabled. | openCloudUserEnabled | `OC_LDAP_USER_FILTER` | 1.0.0 | string | LDAP filter to add to the default filters for user search like '(objectclass=openCloudUser)'. | | -`OC_LDAP_USER_OBJECTCLASS` | 1.0.0 | string | LDAP User ObjectClass like 'inetOrgPerson'. | inetOrgPerson | +`OC_LDAP_USER_OBJECTCLASS` | 1.0.0 | string | The object class to use for users in the default user search filter ('inetOrgPerson'). | inetOrgPerson | `OC_LDAP_USER_SCHEMA_DISPLAYNAME` | 1.0.0 | string | LDAP Attribute to use for the displayname of users. | displayname | -`OC_LDAP_USER_SCHEMA_ID` | 1.0.0 | string | LDAP User UUID attribute like 'uid'. | openCloudUUID | -`OC_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING` | 1.0.0 | bool | Set this to true if the defined 'ID' attribute for users is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the user ID's. | false | -`OC_LDAP_USER_SCHEMA_MAIL` | 1.0.0 | string | LDAP User email attribute like 'mail'. | mail | -`OC_LDAP_USER_SCHEMA_TENANT_ID` | next | string | LDAP Attribute to use for the tenant ID of users. This is used to identify the tenant of a user in a multi-tenant environment. | | -`OC_LDAP_USER_SCHEMA_USERNAME` | 1.0.0 | string | LDAP User name attribute like 'displayName'. | displayName | +`OC_LDAP_USER_SCHEMA_ID` | 1.0.0 | string | LDAP Attribute to use as the unique ID for users. This should be a stable globally unique ID like a UUID. | openCloudUUID | +`OC_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING` | 1.0.0 | bool | Set this to true if the defined 'ID' attribute for users is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the user IDs. | false | +`OC_LDAP_USER_SCHEMA_MAIL` | 1.0.0 | string | LDAP Attribute to use for the email address of users. | mail | +`OC_LDAP_USER_SCHEMA_TENANT_ID` | 4.0.0 | string | LDAP Attribute to use for the tenant ID of users. This is used to identify the tenant of a user in a multi-tenant environment. | | +`OC_LDAP_USER_SCHEMA_USERNAME` | 1.0.0 | string | LDAP Attribute to use for username of users. | uid | `OC_LDAP_USER_SCHEMA_USER_TYPE` | 1.0.0 | string | LDAP Attribute to distinguish between 'Member' and 'Guest' users. Default is 'openCloudUserType'. | openCloudUserType | -`OC_LDAP_USER_SCOPE` | 1.0.0 | string | LDAP search scope to use when looking up users. Supported scopes are 'base', 'one' and 'sub'. | sub | +`OC_LDAP_USER_SCOPE` | 1.0.0 | string | LDAP search scope to use when looking up users. Supported values are 'base', 'one' and 'sub'. | sub | `OC_LOG_COLOR` | 1.0.0 | bool | Activates colorized log output. | false | `OC_LOG_FILE` | 1.0.0 | string | The path to the log file. Activates logging to this file if set. | | `OC_LOG_LEVEL` | 1.0.0 | string | The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'. | | `OC_LOG_PRETTY` | 1.0.0 | bool | Activates pretty log output. | false | `OC_MACHINE_AUTH_API_KEY` | 1.0.0 | string | Machine auth API key used to validate internal requests necessary to access resources from other services. | | `OC_MAX_CONCURRENCY` | 1.0.0 | int | Maximum number of concurrent go-routines. Higher values can potentially get work done faster but will also cause more load on the system. Values of 0 or below will be ignored and the default value will be used. | 1 | -`OC_OIDC_ISSUER` | 1.0.0 | string | URL of the OIDC issuer. It defaults to URL of the builtin IDP. | https://localhost:9200 | +`OC_OIDC_ISSUER` | 1.0.0 | string | The identity provider value to set in the userids of the CS3 user objects for users returned by this user provider. | https://localhost:9200 | `OC_PASSWORD_POLICY_BANNED_PASSWORDS_LIST` | 1.0.0 | string | Path to the 'banned passwords list' file. This only impacts public link password validation. See the documentation for more details. | | `OC_PASSWORD_POLICY_DISABLED` | 1.0.0 | bool | Disable the password policy. Defaults to false if not set. | false | `OC_PASSWORD_POLICY_MIN_CHARACTERS` | 1.0.0 | int | Define the minimum password length. Defaults to 8 if not set. | 8 | @@ -86,31 +86,27 @@ `OC_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS` | 1.0.0 | int | Define the minimum number of uppercase letters. Defaults to 1 if not set. | 1 | `OC_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS` | 1.0.0 | int | Define the minimum number of characters from the special characters list to be present. Defaults to 1 if not set. | 1 | `OC_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS` | 1.0.0 | int | Define the minimum number of lowercase letters. Defaults to 1 if not set. | 1 | -`OC_PERSISTENT_STORE` | 1.0.0 | string | The type of the store. Supported values are: 'memory', 'nats-js-kv', 'redis-sentinel', 'noop'. See the text description for details. | nats-js-kv | +`OC_PERSISTENT_STORE` | 1.0.0 | string | The type of the store. Supported values are: 'memory', 'redis-sentinel', 'nats-js-kv', 'noop'. See the text description for details. | nats-js-kv | `OC_PERSISTENT_STORE_AUTH_PASSWORD` | 1.0.0 | string | The password to authenticate with the store. Only applies when store type 'nats-js-kv' is configured. | | `OC_PERSISTENT_STORE_AUTH_USERNAME` | 1.0.0 | string | The username to authenticate with the store. Only applies when store type 'nats-js-kv' is configured. | | `OC_PERSISTENT_STORE_NODES` | 1.0.0 | []string | A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details. | [127.0.0.1:9233] | -`OC_PERSISTENT_STORE_TTL` | 1.0.0 | Duration | Time to live for events in the store. Defaults to '30m' (30 minutes). See the Environment Variable Types description for more details. | 30m0s | -`OC_REVA_GATEWAY` | 1.0.0 | string | The CS3 gateway endpoint. | eu.opencloud.api.gateway | +`OC_PERSISTENT_STORE_TTL` | 1.0.0 | Duration | Time to live for events in the store. See the Environment Variable Types description for more details. | 0s | +`OC_REVA_GATEWAY` | 1.0.0 | string | CS3 gateway used to look up user metadata | eu.opencloud.api.gateway | `OC_SERVICE_ACCOUNT_ID` | 1.0.0 | string | The ID of the service account the service should use. See the 'auth-service' service description for more details. | | `OC_SERVICE_ACCOUNT_SECRET` | 1.0.0 | string | The service account secret. | | `OC_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD` | 1.0.0 | bool | Set this to true if you want to enforce passwords on all public shares. | true | `OC_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD` | 1.0.0 | bool | Set this to true if you want to enforce passwords on Uploader, Editor or Contributor shares. If not using the global OC_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD, you must define the FRONTEND_OCS_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD (deprecated) in the frontend service. | false | `OC_SHOW_USER_EMAIL_IN_RESULTS` | 1.0.0 | bool | Include user email addresses in responses. If absent or set to false emails will be omitted from results. Please note that admin users can always see all email addresses. | false | -`OC_SPACES_MAX_QUOTA` | 1.0.0 | uint64 | Set the global max quota value in bytes. A value of 0 equals unlimited. The value is provided via capabilities. | 0 | +`OC_SPACES_MAX_QUOTA` | 1.0.0 | uint64 | Set a global max quota for spaces in bytes. A value of 0 equals unlimited. If not using the global OC_SPACES_MAX_QUOTA, you must define the FRONTEND_MAX_QUOTA in the frontend service. | 0 | `OC_SYSTEM_USER_API_KEY` | 1.0.0 | string | API key for the STORAGE-SYSTEM system user. | | `OC_SYSTEM_USER_ID` | 1.0.0 | string | ID of the OpenCloud STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format. | | `OC_SYSTEM_USER_IDP` | 1.0.0 | string | IDP of the OpenCloud STORAGE-SYSTEM system user. | internal | -`OC_TRACING_COLLECTOR` | 1.0.0 | string | The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset. | | -`OC_TRACING_ENABLED` | 1.0.0 | bool | Activates tracing. | false | -`OC_TRACING_ENDPOINT` | 1.0.0 | string | The endpoint of the tracing agent. | | -`OC_TRACING_TYPE` | 1.0.0 | string | The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now. | | -`OC_TRANSFER_SECRET` | 1.0.0 | string | Transfer secret for signing file up- and download requests. | | +`OC_TRANSFER_SECRET` | 1.0.0 | string | The storage transfer secret. | | `OC_TRANSLATION_PATH` | 1.0.0 | string | (optional) Set this to a path with custom translations to overwrite the builtin translations. Note that file and folder naming rules apply, see the documentation for more details. | | -`OC_URL` | 1.0.0 | string | Base URL to load themes from. Will be prepended to the theme path. | https://localhost:9200 | +`OC_URL` | 1.0.0 | string | The identity provider value to set in the userids of the CS3 user objects for users returned by this user provider. | https://localhost:9200 | `OC_WOPI_DISABLE_CHAT` | 1.0.0 | bool | Disable chat in the office web frontend. This feature applies to OnlyOffice and Microsoft. | false | -`SEARCH_EVENTS_ACK_WAIT` | next | Duration | The time to wait for an ack before the message is redelivered. This is used to ensure that messages are not lost if the consumer crashes. | 1m0s | -`SEARCH_EVENTS_MAX_ACK_PENDING` | next | int | The maximum number of unacknowledged messages. This is used to limit the number of messages that can be in flight at the same time. | 1000 | +`SEARCH_EVENTS_ACK_WAIT` | 4.0.0 | Duration | The time to wait for an ack before the message is redelivered. This is used to ensure that messages are not lost if the consumer crashes. | 1m0s | +`SEARCH_EVENTS_MAX_ACK_PENDING` | 4.0.0 | int | The maximum number of unacknowledged messages. This is used to limit the number of messages that can be in flight at the same time. | 10000 | `STORAGE_GATEWAY_GRPC_ADDR` | 1.0.0 | string | GRPC address of the STORAGE-SYSTEM service. | eu.opencloud.api.storage-system | `STORAGE_GRPC_ADDR` | 1.0.0 | string | GRPC address of the STORAGE-SYSTEM service. | eu.opencloud.api.storage-system | `STORAGE_USERS_ASYNC_PROPAGATOR_PROPAGATION_DELAY` | 1.0.0 | Duration | The delay between a change made to a tree and the propagation start on treesize and treetime. Multiple propagations are computed to a single one. See the Environment Variable Types description for more details. | 0s | diff --git a/static/env-vars/graph.yaml b/static/env-vars/graph.yaml index 4c571479..47c43f10 100644 --- a/static/env-vars/graph.yaml +++ b/static/env-vars/graph.yaml @@ -1,11 +1,6 @@ # Autogenerated # Filename: graph.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" log: level: "" pretty: false @@ -85,7 +80,7 @@ identity: backend: ldap ldap: uri: ldaps://localhost:9235 - cacert: /Users/t.schweiger/.opencloud/idm/ldap.crt + cacert: /var/lib/opencloud/idm/ldap.crt insecure: false bind_dn: uid=libregraph,ou=sysusers,o=libregraph-idm bind_password: "" diff --git a/static/env-vars/graph_configvars.md b/static/env-vars/graph_configvars.md index 797ff621..6d208dd8 100644 --- a/static/env-vars/graph_configvars.md +++ b/static/env-vars/graph_configvars.md @@ -2,10 +2,6 @@ Environment variables for the **graph** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|:---| -|`OC_TRACING_ENABLED`
`GRAPH_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`GRAPH_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`GRAPH_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`GRAPH_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| |`OC_LOG_LEVEL`
`GRAPH_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| |`OC_LOG_PRETTY`
`GRAPH_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| |`OC_LOG_COLOR`
`GRAPH_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| @@ -54,7 +50,7 @@ Environment variables for the **graph** service |`OC_TRANSLATION_PATH`
`GRAPH_TRANSLATION_PATH`| 1.0.0 |string|`(optional) Set this to a path with custom translations to overwrite the builtin translations. Note that file and folder naming rules apply, see the documentation for more details.`|``| |`GRAPH_IDENTITY_BACKEND`| 1.0.0 |string|`The user identity backend to use. Supported backend types are 'ldap' and 'cs3'.`|`ldap`| |`OC_LDAP_URI`
`GRAPH_LDAP_URI`| 1.0.0 |string|`URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' and 'ldap://'`|`ldaps://localhost:9235`| -|`OC_LDAP_CACERT`
`GRAPH_LDAP_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idm.`|`/Users/t.schweiger/.opencloud/idm/ldap.crt`| +|`OC_LDAP_CACERT`
`GRAPH_LDAP_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idm.`|`/var/lib/opencloud/idm/ldap.crt`| |`OC_LDAP_INSECURE`
`GRAPH_LDAP_INSECURE`| 1.0.0 |bool|`Disable TLS certificate validation for the LDAP connections. Do not set this in production environments.`|`false`| |`OC_LDAP_BIND_DN`
`GRAPH_LDAP_BIND_DN`| 1.0.0 |string|`LDAP DN to use for simple bind authentication with the target LDAP server.`|`uid=libregraph,ou=sysusers,o=libregraph-idm`| |`OC_LDAP_BIND_PASSWORD`
`GRAPH_LDAP_BIND_PASSWORD`| 1.0.0 |string|`Password to use for authenticating the 'bind_dn'.`|``| @@ -111,12 +107,12 @@ Environment variables for the **graph** service |`OC_KEYCLOAK_INSECURE_SKIP_VERIFY`
`GRAPH_KEYCLOAK_INSECURE_SKIP_VERIFY`| 1.0.0 |bool|`Disable TLS certificate validation for Keycloak connections. Do not set this in production environments.`|`false`| |`OC_SERVICE_ACCOUNT_ID`
`GRAPH_SERVICE_ACCOUNT_ID`| 1.0.0 |string|`The ID of the service account the service should use. See the 'auth-service' service description for more details.`|``| |`OC_SERVICE_ACCOUNT_SECRET`
`GRAPH_SERVICE_ACCOUNT_SECRET`| 1.0.0 |string|`The service account secret.`|``| -|`GRAPH_STORAGE_GATEWAY_GRPC_ADDR`
`STORAGE_GATEWAY_GRPC_ADDR`| next |string|`GRPC address of the STORAGE-SYSTEM service.`|`eu.opencloud.api.storage-system`| -|`GRAPH_STORAGE_GRPC_ADDR`
`STORAGE_GRPC_ADDR`| next |string|`GRPC address of the STORAGE-SYSTEM service.`|`eu.opencloud.api.storage-system`| -|`OC_SYSTEM_USER_ID`
`GRAPH_SYSTEM_USER_ID`| next |string|`ID of the OpenCloud STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.`|``| -|`OC_SYSTEM_USER_IDP`
`GRAPH_SYSTEM_USER_IDP`| next |string|`IDP of the OpenCloud STORAGE-SYSTEM system user.`|`internal`| -|`OC_SYSTEM_USER_API_KEY`| next |string|`API key for the STORAGE-SYSTEM system user.`|``| -|`GRAPH_USER_SOFT_DELETE_RETENTION_TIME`| next |Duration|`The time after which a soft-deleted user is permanently deleted. If set to 0 (default), there is no soft delete retention time and users are deleted immediately after being soft-deleted. If set to a positive value, the user will be kept in the system for that duration before being permanently deleted.`|`0s`| +|`GRAPH_STORAGE_GATEWAY_GRPC_ADDR`
`STORAGE_GATEWAY_GRPC_ADDR`| 4.0.0 |string|`GRPC address of the STORAGE-SYSTEM service.`|`eu.opencloud.api.storage-system`| +|`GRAPH_STORAGE_GRPC_ADDR`
`STORAGE_GRPC_ADDR`| 4.0.0 |string|`GRPC address of the STORAGE-SYSTEM service.`|`eu.opencloud.api.storage-system`| +|`OC_SYSTEM_USER_ID`
`GRAPH_SYSTEM_USER_ID`| 4.0.0 |string|`ID of the OpenCloud STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.`|``| +|`OC_SYSTEM_USER_IDP`
`GRAPH_SYSTEM_USER_IDP`| 4.0.0 |string|`IDP of the OpenCloud STORAGE-SYSTEM system user.`|`internal`| +|`OC_SYSTEM_USER_API_KEY`| 4.0.0 |string|`API key for the STORAGE-SYSTEM system user.`|``| +|`GRAPH_USER_SOFT_DELETE_RETENTION_TIME`| 4.0.0 |Duration|`The time after which a soft-deleted user is permanently deleted. If set to 0 (default), there is no soft delete retention time and users are deleted immediately after being soft-deleted. If set to a positive value, the user will be kept in the system for that duration before being permanently deleted.`|`0s`| |`OC_PERSISTENT_STORE_NODES`
`GRAPH_STORE_NODES`| 1.0.0 |[]string|`A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.`|`[127.0.0.1:9233]`| |`GRAPH_STORE_DATABASE`| 1.0.0 |string|`The database name the configured store should use.`|`graph`| |`OC_PERSISTENT_STORE_AUTH_USERNAME`
`GRAPH_STORE_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.`|``| diff --git a/static/env-vars/graph_readme.md b/static/env-vars/graph_readme.md index e9e4e276..e0ce237e 100644 --- a/static/env-vars/graph_readme.md +++ b/static/env-vars/graph_readme.md @@ -1,6 +1,6 @@ --- title: Graph -date: 2025-11-13T17:22:55.095124+01:00 +date: 2025-11-27T22:56:02.332815+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/graph @@ -95,14 +95,6 @@ The `graph` service can use a configured store via `GRAPH_CACHE_STORE`. Possible Other store types may work but are not supported currently. -:::note -The service can only be scaled if not using `memory` store and the stores are configured identically over all instances! -::: - -:::note -If you have used one of the deprecated stores, you should reconfigure to one of the supported ones as the deprecated stores will be removed in a later version. -::: - Store specific notes: - When using `redis-sentinel`, the Redis master to use is configured via e.g. `OC_CACHE_STORE_NODES` in the form of `:/` like `10.10.0.200:26379/mymaster`. - When using `nats-js-kv` it is recommended to set `OC_CACHE_STORE_NODES` to the same value as `OC_EVENTS_ENDPOINT`. That way the cache uses the same nats instance as the event bus. @@ -221,3 +213,5 @@ The output of this command includes the following information for each role: | | | | | libre.graph/driveItem/basic/read | +--------------------------------------+----------+--------------------------------+--------------------------------+------------------------------------------+ ``` + + diff --git a/static/env-vars/groups.yaml b/static/env-vars/groups.yaml index 76024bb9..52b3a494 100644 --- a/static/env-vars/groups.yaml +++ b/static/env-vars/groups.yaml @@ -1,11 +1,6 @@ # Autogenerated # Filename: groups.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" log: level: "" pretty: false @@ -32,7 +27,7 @@ driver: ldap drivers: ldap: uri: ldaps://localhost:9235 - ca_cert: /Users/t.schweiger/.opencloud/idm/ldap.crt + ca_cert: /var/lib/opencloud/idm/ldap.crt insecure: false bind_dn: uid=reva,ou=sysusers,o=libregraph-idm bind_password: "" diff --git a/static/env-vars/groups_configvars.md b/static/env-vars/groups_configvars.md index b39ce647..5b889d21 100644 --- a/static/env-vars/groups_configvars.md +++ b/static/env-vars/groups_configvars.md @@ -2,10 +2,6 @@ Environment variables for the **groups** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|:---| -|`OC_TRACING_ENABLED`
`GROUPS_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`GROUPS_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`GROUPS_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`GROUPS_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| |`OC_LOG_LEVEL`
`GROUPS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| |`OC_LOG_PRETTY`
`GROUPS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| |`OC_LOG_COLOR`
`GROUPS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| @@ -23,7 +19,7 @@ Environment variables for the **groups** service |`GROUPS_SKIP_USER_GROUPS_IN_TOKEN`| 1.0.0 |bool|`Disables the loading of user's group memberships from the reva access token.`|`false`| |`GROUPS_DRIVER`| 1.0.0 |string|`The driver which should be used by the groups service. Supported values are 'ldap' and 'owncloudsql'.`|`ldap`| |`OC_LDAP_URI`
`GROUPS_LDAP_URI`| 1.0.0 |string|`URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' and 'ldap://'`|`ldaps://localhost:9235`| -|`OC_LDAP_CACERT`
`GROUPS_LDAP_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idm.`|`/Users/t.schweiger/.opencloud/idm/ldap.crt`| +|`OC_LDAP_CACERT`
`GROUPS_LDAP_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idm.`|`/var/lib/opencloud/idm/ldap.crt`| |`OC_LDAP_INSECURE`
`GROUPS_LDAP_INSECURE`| 1.0.0 |bool|`Disable TLS certificate validation for the LDAP connections. Do not set this in production environments.`|`false`| |`OC_LDAP_BIND_DN`
`GROUPS_LDAP_BIND_DN`| 1.0.0 |string|`LDAP DN to use for simple bind authentication with the target LDAP server.`|`uid=reva,ou=sysusers,o=libregraph-idm`| |`OC_LDAP_BIND_PASSWORD`
`GROUPS_LDAP_BIND_PASSWORD`| 1.0.0 |string|`Password to use for authenticating the 'bind_dn'.`|``| diff --git a/static/env-vars/groups_readme.md b/static/env-vars/groups_readme.md index 50dd82e8..4c092d6b 100644 --- a/static/env-vars/groups_readme.md +++ b/static/env-vars/groups_readme.md @@ -1,6 +1,6 @@ --- title: Groups -date: 2025-11-12T16:20:03.607824+01:00 +date: 2025-11-27T22:56:02.332899+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/groups @@ -13,9 +13,39 @@ geekdocCollapseSection: true ## Abstract -The `groups` service provides group management functionality within OpenCloud. +The `groups` service provides the CS3 Groups API for OpenCloud. It is responsible for managing group information and memberships within the OpenCloud instance. + +This service implements the CS3 identity group provider interface, allowing other services to query and manage groups. It works as a backend provider for the `graph` service when using the CS3 backend mode. + ## Table of Contents +* [Backend Integration](#backend-integration) +* [API](#api) +* [Usage](#usage) +* [Scalability](#scalability) + +## Backend Integration + +The groups service can work with different storage backends: +- LDAP integration through the graph service +- Direct CS3 API implementation + +When using the `graph` service with the CS3 backend (`GRAPH_IDENTITY_BACKEND=cs3`), the graph service queries group information through this service. + +## API + +The service provides CS3 gRPC APIs for: +- Listing groups +- Getting group information +- Finding groups by name or ID +- Managing group memberships + +## Usage + +The groups service is only used internally by other OpenCloud services and not being accessed directly by clients. The `frontend` and `ocs` services translate HTTP API requests into CS3 API calls to this service. + +## Scalability +Since the groups service queries backend systems (like LDAP through the configured identity backend), it can be scaled horizontally without additional configuration when using stateless backends. diff --git a/static/env-vars/idm.yaml b/static/env-vars/idm.yaml index f3587e26..bc5d5a70 100644 --- a/static/env-vars/idm.yaml +++ b/static/env-vars/idm.yaml @@ -1,11 +1,6 @@ # Autogenerated # Filename: idm.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" log: level: "" pretty: false @@ -18,9 +13,9 @@ debug: zpages: false idm: ldaps_addr: 127.0.0.1:9235 - cert: /Users/t.schweiger/.opencloud/idm/ldap.crt - key: /Users/t.schweiger/.opencloud/idm/ldap.key - database: /Users/t.schweiger/.opencloud/idm/idm.boltdb + cert: /var/lib/opencloud/idm/ldap.crt + key: /var/lib/opencloud/idm/ldap.key + database: /var/lib/opencloud/idm/idm.boltdb create_demo_users: false demo_users_issuer_url: https://localhost:9200 service_user_passwords: diff --git a/static/env-vars/idm_configvars.md b/static/env-vars/idm_configvars.md index 84fc5cb0..af0e5596 100644 --- a/static/env-vars/idm_configvars.md +++ b/static/env-vars/idm_configvars.md @@ -2,10 +2,6 @@ Environment variables for the **idm** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|:---| -|`OC_TRACING_ENABLED`
`IDM_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`IDM_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`IDM_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`IDM_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| |`OC_LOG_LEVEL`
`IDM_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| |`OC_LOG_PRETTY`
`IDM_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| |`OC_LOG_COLOR`
`IDM_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| @@ -15,9 +11,9 @@ Environment variables for the **idm** service |`IDM_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| |`IDM_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| |`IDM_LDAPS_ADDR`| 1.0.0 |string|`Listen address for the LDAPS listener (ip-addr:port).`|`127.0.0.1:9235`| -|`IDM_LDAPS_CERT`| 1.0.0 |string|`File name of the TLS server certificate for the LDAPS listener. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idm.`|`/Users/t.schweiger/.opencloud/idm/ldap.crt`| -|`IDM_LDAPS_KEY`| 1.0.0 |string|`File name for the TLS certificate key for the server certificate. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idm.`|`/Users/t.schweiger/.opencloud/idm/ldap.key`| -|`IDM_DATABASE_PATH`| 1.0.0 |string|`Full path to the IDM backend database. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idm.`|`/Users/t.schweiger/.opencloud/idm/idm.boltdb`| +|`IDM_LDAPS_CERT`| 1.0.0 |string|`File name of the TLS server certificate for the LDAPS listener. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idm.`|`/var/lib/opencloud/idm/ldap.crt`| +|`IDM_LDAPS_KEY`| 1.0.0 |string|`File name for the TLS certificate key for the server certificate. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idm.`|`/var/lib/opencloud/idm/ldap.key`| +|`IDM_DATABASE_PATH`| 1.0.0 |string|`Full path to the IDM backend database. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idm.`|`/var/lib/opencloud/idm/idm.boltdb`| |`IDM_CREATE_DEMO_USERS`| 1.0.0 |bool|`Flag to enable or disable the creation of the demo users.`|`false`| |`OC_URL`
`OC_OIDC_ISSUER`| 1.0.0 |string|`The OIDC issuer URL to assign to the demo users.`|`https://localhost:9200`| |`IDM_ADMIN_PASSWORD`| 1.0.0 |string|`Password to set for the OpenCloud 'admin' user. Either cleartext or an argon2id hash.`|``| diff --git a/static/env-vars/idm_readme.md b/static/env-vars/idm_readme.md index fd3a561d..684e0f20 100644 --- a/static/env-vars/idm_readme.md +++ b/static/env-vars/idm_readme.md @@ -1,6 +1,6 @@ --- title: IDM -date: 2025-11-13T17:22:55.095332+01:00 +date: 2025-11-27T22:56:02.333155+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/idm diff --git a/static/env-vars/idp.yaml b/static/env-vars/idp.yaml index 7cfce2d7..41e2beca 100644 --- a/static/env-vars/idp.yaml +++ b/static/env-vars/idp.yaml @@ -1,11 +1,6 @@ # Autogenerated # Filename: idp.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" log: level: "" pretty: false @@ -19,8 +14,8 @@ debug: http: addr: 127.0.0.1:9130 root: / - tls_cert: /Users/t.schweiger/.opencloud/idp/server.crt - tls_key: /Users/t.schweiger/.opencloud/idp/server.key + tls_cert: /var/lib/opencloud/idp/server.crt + tls_key: /var/lib/opencloud/idp/server.key tls: false reva: address: eu.opencloud.api.gateway @@ -43,7 +38,7 @@ idp: allow_scope: [] allow_client_guests: false allow_dynamic_client_registration: false - encrypt_secret_file: /Users/t.schweiger/.opencloud/idp/encryption.key + encrypt_secret_file: /var/lib/opencloud/idp/encryption.key listen: "" identifierdefaultbannerlogo: "" default_sign_in_page_text: "" @@ -53,7 +48,7 @@ idp: signing_kid: private-key signing_method: PS256 signing_private_key_files: - - /Users/t.schweiger/.opencloud/idp/private-key.pem + - /var/lib/opencloud/idp/private-key.pem validation_keys_path: "" cookiebackenduri: "" cookienames: [] @@ -107,7 +102,7 @@ clients: application_type: native ldap: uri: ldaps://localhost:9235 - cacert: /Users/t.schweiger/.opencloud/idm/ldap.crt + cacert: /var/lib/opencloud/idm/ldap.crt bind_dn: uid=idp,ou=sysusers,o=libregraph-idm bind_password: "" base_dn: ou=users,o=libregraph-idm diff --git a/static/env-vars/idp_configvars.md b/static/env-vars/idp_configvars.md index e3d2d36b..053268ad 100644 --- a/static/env-vars/idp_configvars.md +++ b/static/env-vars/idp_configvars.md @@ -3,10 +3,6 @@ Environment variables for the **idp** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|:---| |`IDP_PASSWORD_RESET_URI`| 1.0.0 |string|`The URI where a user can reset their password.`|``| -|`OC_TRACING_ENABLED`
`IDP_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`IDP_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`IDP_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`IDP_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| |`OC_LOG_LEVEL`
`IDP_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| |`OC_LOG_PRETTY`
`IDP_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| |`OC_LOG_COLOR`
`IDP_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| @@ -17,8 +13,8 @@ Environment variables for the **idp** service |`IDP_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| |`IDP_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|`127.0.0.1:9130`| |`IDP_HTTP_ROOT`| 1.0.0 |string|`Subdirectory that serves as the root for this HTTP service.`|`/`| -|`IDP_TRANSPORT_TLS_CERT`| 1.0.0 |string|`Path/File name of the TLS server certificate (in PEM format) for the IDP service. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idp.`|`/Users/t.schweiger/.opencloud/idp/server.crt`| -|`IDP_TRANSPORT_TLS_KEY`| 1.0.0 |string|`Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the IDP service. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idp.`|`/Users/t.schweiger/.opencloud/idp/server.key`| +|`IDP_TRANSPORT_TLS_CERT`| 1.0.0 |string|`Path/File name of the TLS server certificate (in PEM format) for the IDP service. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idp.`|`/var/lib/opencloud/idp/server.crt`| +|`IDP_TRANSPORT_TLS_KEY`| 1.0.0 |string|`Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the IDP service. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idp.`|`/var/lib/opencloud/idp/server.key`| |`IDP_TLS`| 1.0.0 |bool|`Disable or Enable HTTPS for the communication between the Proxy service and the IDP service. If set to 'true', the key and cert files need to be configured and present.`|`false`| |`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|`eu.opencloud.api.gateway`| |`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|``| @@ -35,19 +31,19 @@ Environment variables for the **idp** service |`OC_LDAP_INSECURE`
`IDP_INSECURE`| 1.0.0 |bool|`Disable TLS certificate validation for the LDAP connections. Do not set this in production environments.`|`false`| |`IDP_ALLOW_CLIENT_GUESTS`| 1.0.0 |bool|`Allow guest clients to access OpenCloud.`|`false`| |`IDP_ALLOW_DYNAMIC_CLIENT_REGISTRATION`| 1.0.0 |bool|`Allow dynamic client registration.`|`false`| -|`IDP_ENCRYPTION_SECRET_FILE`| 1.0.0 |string|`Path to the encryption secret file, if unset, a new certificate will be autogenerated upon each restart, thus invalidating all existing sessions. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idp.`|`/Users/t.schweiger/.opencloud/idp/encryption.key`| +|`IDP_ENCRYPTION_SECRET_FILE`| 1.0.0 |string|`Path to the encryption secret file, if unset, a new certificate will be autogenerated upon each restart, thus invalidating all existing sessions. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idp.`|`/var/lib/opencloud/idp/encryption.key`| |`IDP_DEFAULT_SIGNIN_PAGE_TEXT`| 2.0.0 |string|``|``| -|`IDP_DEFAULT_LOGO_TARGET_URI`| next |string|`Default logo target URI.`|`https://opencloud.eu`| +|`IDP_DEFAULT_LOGO_TARGET_URI`| 4.0.0 |string|`Default logo target URI.`|`https://opencloud.eu`| |`IDP_SIGNING_KID`| 1.0.0 |string|`Value of the KID (Key ID) field which is used in created tokens to uniquely identify the signing-private-key.`|`private-key`| |`IDP_SIGNING_METHOD`| 1.0.0 |string|`Signing method of IDP requests like 'PS256'`|`PS256`| -|`IDP_SIGNING_PRIVATE_KEY_FILES`| 1.0.0 |[]string|`A list of private key files for signing IDP requests. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idp. See the Environment Variable Types description for more details.`|`[/Users/t.schweiger/.opencloud/idp/private-key.pem]`| +|`IDP_SIGNING_PRIVATE_KEY_FILES`| 1.0.0 |[]string|`A list of private key files for signing IDP requests. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idp. See the Environment Variable Types description for more details.`|`[/var/lib/opencloud/idp/private-key.pem]`| |`IDP_VALIDATION_KEYS_PATH`| 1.0.0 |string|`Path to validation keys for IDP requests.`|``| |`IDP_ACCESS_TOKEN_EXPIRATION`| 1.0.0 |uint64|`'Access token lifespan in seconds (time before an access token is expired).'`|`300`| |`IDP_ID_TOKEN_EXPIRATION`| 1.0.0 |uint64|`ID token lifespan in seconds (time before an ID token is expired).`|`300`| |`IDP_REFRESH_TOKEN_EXPIRATION`| 1.0.0 |uint64|`Refresh token lifespan in seconds (time before an refresh token is expired). This also limits the duration of an idle offline session.`|`2592000`| |`IDP_DYNAMIC_CLIENT_SECRET_DURATION`| 1.0.0 |uint64|`Lifespan in seconds of a dynamically registered OIDC client.`|`0`| |`OC_LDAP_URI`
`IDP_LDAP_URI`| 1.0.0 |string|`Url of the LDAP service to use as IDP.`|`ldaps://localhost:9235`| -|`OC_LDAP_CACERT`
`IDP_LDAP_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idp.`|`/Users/t.schweiger/.opencloud/idm/ldap.crt`| +|`OC_LDAP_CACERT`
`IDP_LDAP_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idp.`|`/var/lib/opencloud/idm/ldap.crt`| |`OC_LDAP_BIND_DN`
`IDP_LDAP_BIND_DN`| 1.0.0 |string|`LDAP DN to use for simple bind authentication with the target LDAP server.`|`uid=idp,ou=sysusers,o=libregraph-idm`| |`OC_LDAP_BIND_PASSWORD`
`IDP_LDAP_BIND_PASSWORD`| 1.0.0 |string|`Password to use for authenticating the 'bind_dn'.`|``| |`OC_LDAP_USER_BASE_DN`
`IDP_LDAP_BASE_DN`| 1.0.0 |string|`Search base DN for looking up LDAP users.`|`ou=users,o=libregraph-idm`| diff --git a/static/env-vars/idp_readme.md b/static/env-vars/idp_readme.md index 8383fc82..d174da2c 100644 --- a/static/env-vars/idp_readme.md +++ b/static/env-vars/idp_readme.md @@ -1,6 +1,6 @@ --- title: IDP -date: 2025-11-13T17:22:55.095406+01:00 +date: 2025-11-27T22:56:02.333271+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/idp diff --git a/static/env-vars/invitations.yaml b/static/env-vars/invitations.yaml index a62e602e..a16f88c8 100644 --- a/static/env-vars/invitations.yaml +++ b/static/env-vars/invitations.yaml @@ -1,11 +1,6 @@ # Autogenerated # Filename: invitations.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" log: level: "" pretty: false diff --git a/static/env-vars/invitations_configvars.md b/static/env-vars/invitations_configvars.md index f6232ec7..6933fe38 100644 --- a/static/env-vars/invitations_configvars.md +++ b/static/env-vars/invitations_configvars.md @@ -2,10 +2,6 @@ Environment variables for the **invitations** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|:---| -|`OC_TRACING_ENABLED`
`INVITATIONS_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`INVITATIONS_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`INVITATIONS_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`INVITATIONS_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| |`OC_LOG_LEVEL`
`INVITATIONS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| |`OC_LOG_PRETTY`
`INVITATIONS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| |`OC_LOG_COLOR`
`INVITATIONS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| diff --git a/static/env-vars/invitations_readme.md b/static/env-vars/invitations_readme.md index 692f6ba2..cd90e794 100644 --- a/static/env-vars/invitations_readme.md +++ b/static/env-vars/invitations_readme.md @@ -1,6 +1,6 @@ --- title: Invitations -date: 2025-11-13T17:22:55.095488+01:00 +date: 2025-11-27T22:56:02.333362+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/invitations diff --git a/static/env-vars/nats.yaml b/static/env-vars/nats.yaml index e3d9cad4..17985208 100644 --- a/static/env-vars/nats.yaml +++ b/static/env-vars/nats.yaml @@ -1,11 +1,6 @@ # Autogenerated # Filename: nats.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" log: level: "" pretty: false @@ -20,8 +15,8 @@ nats: host: 127.0.0.1 port: 9233 clusterid: opencloud-cluster - store_dir: /Users/t.schweiger/.opencloud/nats - tls_cert: /Users/t.schweiger/.opencloud/nats/tls.crt - tls_key: /Users/t.schweiger/.opencloud/nats/tls.key + store_dir: /var/lib/opencloud/nats + tls_cert: /var/lib/opencloud/nats/tls.crt + tls_key: /var/lib/opencloud/nats/tls.key tls_skip_verify_client_cert: false enable_tls: false diff --git a/static/env-vars/nats_configvars.md b/static/env-vars/nats_configvars.md index b242f576..c792bf41 100644 --- a/static/env-vars/nats_configvars.md +++ b/static/env-vars/nats_configvars.md @@ -2,10 +2,6 @@ Environment variables for the **nats** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|:---| -|`OC_TRACING_ENABLED`
`NATS_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`NATS_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`NATS_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`NATS_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| |`OC_LOG_LEVEL`
`NATS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| |`OC_LOG_PRETTY`
`NATS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| |`OC_LOG_COLOR`
`NATS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| @@ -17,8 +13,8 @@ Environment variables for the **nats** service |`NATS_NATS_HOST`| 1.0.0 |string|`Bind address.`|`127.0.0.1`| |`NATS_NATS_PORT`| 1.0.0 |int|`Bind port.`|`9233`| |`NATS_NATS_CLUSTER_ID`| 1.0.0 |string|`ID of the NATS cluster.`|`opencloud-cluster`| -|`NATS_NATS_STORE_DIR`| 1.0.0 |string|`The directory where the filesystem storage will store NATS JetStream data. If not defined, the root directory derives from $OC_BASE_DATA_PATH/nats.`|`/Users/t.schweiger/.opencloud/nats`| -|`NATS_TLS_CERT`| 1.0.0 |string|`Path/File name of the TLS server certificate (in PEM format) for the NATS listener. If not defined, the root directory derives from $OC_BASE_DATA_PATH/nats.`|`/Users/t.schweiger/.opencloud/nats/tls.crt`| -|`NATS_TLS_KEY`| 1.0.0 |string|`Path/File name for the TLS certificate key (in PEM format) for the NATS listener. If not defined, the root directory derives from $OC_BASE_DATA_PATH/nats.`|`/Users/t.schweiger/.opencloud/nats/tls.key`| +|`NATS_NATS_STORE_DIR`| 1.0.0 |string|`The directory where the filesystem storage will store NATS JetStream data. If not defined, the root directory derives from $OC_BASE_DATA_PATH/nats.`|`/var/lib/opencloud/nats`| +|`NATS_TLS_CERT`| 1.0.0 |string|`Path/File name of the TLS server certificate (in PEM format) for the NATS listener. If not defined, the root directory derives from $OC_BASE_DATA_PATH/nats.`|`/var/lib/opencloud/nats/tls.crt`| +|`NATS_TLS_KEY`| 1.0.0 |string|`Path/File name for the TLS certificate key (in PEM format) for the NATS listener. If not defined, the root directory derives from $OC_BASE_DATA_PATH/nats.`|`/var/lib/opencloud/nats/tls.key`| |`OC_INSECURE`
`NATS_TLS_SKIP_VERIFY_CLIENT_CERT`| 1.0.0 |bool|`Whether the NATS server should skip the client certificate verification during the TLS handshake.`|`false`| |`OC_EVENTS_ENABLE_TLS`
`NATS_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|`false`| diff --git a/static/env-vars/nats_readme.md b/static/env-vars/nats_readme.md index ae9d050b..045b5608 100644 --- a/static/env-vars/nats_readme.md +++ b/static/env-vars/nats_readme.md @@ -1,6 +1,6 @@ --- title: Nats -date: 2025-11-13T17:22:55.095558+01:00 +date: 2025-11-27T22:56:02.333443+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/nats diff --git a/static/env-vars/notifications.yaml b/static/env-vars/notifications.yaml index e1e98487..061d5eaa 100644 --- a/static/env-vars/notifications.yaml +++ b/static/env-vars/notifications.yaml @@ -1,11 +1,6 @@ # Autogenerated # Filename: notifications.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" log: level: "" pretty: false diff --git a/static/env-vars/notifications_configvars.md b/static/env-vars/notifications_configvars.md index 63ec4501..bf8ab298 100644 --- a/static/env-vars/notifications_configvars.md +++ b/static/env-vars/notifications_configvars.md @@ -2,10 +2,6 @@ Environment variables for the **notifications** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|:---| -|`OC_TRACING_ENABLED`
`NOTIFICATIONS_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`NOTIFICATIONS_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`NOTIFICATIONS_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`NOTIFICATIONS_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| |`OC_LOG_LEVEL`
`NOTIFICATIONS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| |`OC_LOG_PRETTY`
`NOTIFICATIONS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| |`OC_LOG_COLOR`
`NOTIFICATIONS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| diff --git a/static/env-vars/notifications_readme.md b/static/env-vars/notifications_readme.md index c0eb0743..80953feb 100644 --- a/static/env-vars/notifications_readme.md +++ b/static/env-vars/notifications_readme.md @@ -1,6 +1,6 @@ --- title: Notification -date: 2025-11-13T17:22:55.095635+01:00 +date: 2025-11-27T22:56:02.33353+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/notifications diff --git a/static/env-vars/ocdav.yaml b/static/env-vars/ocdav.yaml index 0e57a2a2..f68ae32a 100644 --- a/static/env-vars/ocdav.yaml +++ b/static/env-vars/ocdav.yaml @@ -1,11 +1,6 @@ # Autogenerated # Filename: ocdav.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" log: level: "" pretty: false diff --git a/static/env-vars/ocdav_configvars.md b/static/env-vars/ocdav_configvars.md index b63591e4..3a94a26f 100644 --- a/static/env-vars/ocdav_configvars.md +++ b/static/env-vars/ocdav_configvars.md @@ -2,10 +2,6 @@ Environment variables for the **ocdav** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|:---| -|`OC_TRACING_ENABLED`
`OCDAV_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`OCDAV_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`OCDAV_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`OCDAV_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| |`OC_LOG_LEVEL`
`OCDAV_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| |`OC_LOG_PRETTY`
`OCDAV_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| |`OC_LOG_COLOR`
`OCDAV_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| diff --git a/static/env-vars/ocdav_readme.md b/static/env-vars/ocdav_readme.md index 37f85d0d..5b67c5f5 100644 --- a/static/env-vars/ocdav_readme.md +++ b/static/env-vars/ocdav_readme.md @@ -1,6 +1,6 @@ --- title: ocDAV -date: 2025-11-13T17:22:55.09574+01:00 +date: 2025-11-27T22:56:02.333616+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/ocdav diff --git a/static/env-vars/ocm.yaml b/static/env-vars/ocm.yaml index 72e2bd20..a30a8968 100644 --- a/static/env-vars/ocm.yaml +++ b/static/env-vars/ocm.yaml @@ -1,11 +1,6 @@ # Autogenerated # Filename: ocm.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" log: level: "" pretty: false @@ -86,31 +81,33 @@ ocmd: sciencemesh: prefix: sciencemesh science_mesh_directory_url: "" + directory_service_urls: "" + invite_accept_dialog: /open-cloud-mesh/accept-invite ocm_invite_manager: driver: json drivers: json: - file: /Users/t.schweiger/.opencloud/storage/ocm/ocminvites.json + file: /var/lib/opencloud/storage/ocm/ocminvites.json token_expiration: 24h0m0s timeout: 30s insecure: false ocm_provider_authorizer_driver: json ocm_provider_authorizer_drivers: json: - providers: /Users/t.schweiger/.opencloud/config/ocmproviders.json + providers: /etc/opencloud/ocmproviders.json ocm_share_provider: driver: json drivers: json: - file: /Users/t.schweiger/.opencloud/storage/ocm/ocmshares.json + file: /var/lib/opencloud/storage/ocm/ocmshares.json insecure: false webapp_template: "" ocm_core: driver: json drivers: json: - file: /Users/t.schweiger/.opencloud/storage/ocm/ocmshares.json + file: /var/lib/opencloud/storage/ocm/ocmshares.json ocm_storage_provider: insecure: false - storage_root: /Users/t.schweiger/.opencloud/storage/ocm + storage_root: /var/lib/opencloud/storage/ocm data_server_url: http://localhost:9280/data diff --git a/static/env-vars/ocm_configvars.md b/static/env-vars/ocm_configvars.md index 4393392f..1d65d444 100644 --- a/static/env-vars/ocm_configvars.md +++ b/static/env-vars/ocm_configvars.md @@ -2,10 +2,6 @@ Environment variables for the **ocm** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|:---| -|`OC_TRACING_ENABLED`
`OCM_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`OCM_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`OCM_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`OCM_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| |`OC_LOG_LEVEL`
`OCM_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| |`OC_LOG_PRETTY`
`OCM_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| |`OC_LOG_COLOR`
`OCM_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| @@ -40,19 +36,21 @@ Environment variables for the **ocm** service |`OCM_OCMD_EXPOSE_RECIPIENT_DISPLAY_NAME`| 1.0.0 |bool|`Expose the display name of OCM share recipients.`|`false`| |`OCM_SCIENCEMESH_PREFIX`| 1.0.0 |string|`URL path prefix for the ScienceMesh service. Note that the string must not start with '/'.`|`sciencemesh`| |`OCM_MESH_DIRECTORY_URL`| 1.0.0 |string|`URL of the mesh directory service.`|``| +|`OCM_DIRECTORY_SERVICE_URLS`| 3.5.0 |string|`Space delimited URLs of the directory services.`|``| +|`OCM_INVITE_ACCEPT_DIALOG`| 3.5.0 |string|`/open-cloud-mesh/accept-invite;The frontend URL where to land when receiving an invitation`|`/open-cloud-mesh/accept-invite`| |`OCM_OCM_INVITE_MANAGER_DRIVER`| 1.0.0 |string|`Driver to be used to persist OCM invites. Supported value is only 'json'.`|`json`| -|`OCM_OCM_INVITE_MANAGER_JSON_FILE`| 1.0.0 |string|`Path to the JSON file where OCM invite data will be stored. This file is maintained by the instance and must not be changed manually. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage/ocm.`|`/Users/t.schweiger/.opencloud/storage/ocm/ocminvites.json`| +|`OCM_OCM_INVITE_MANAGER_JSON_FILE`| 1.0.0 |string|`Path to the JSON file where OCM invite data will be stored. This file is maintained by the instance and must not be changed manually. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage/ocm.`|`/var/lib/opencloud/storage/ocm/ocminvites.json`| |`OCM_OCM_INVITE_MANAGER_TOKEN_EXPIRATION`| 1.0.0 |Duration|`Expiry duration for invite tokens.`|`24h0m0s`| |`OCM_OCM_INVITE_MANAGER_TIMEOUT`| 1.0.0 |Duration|`Timeout specifies a time limit for requests made to OCM endpoints.`|`30s`| |`OCM_OCM_INVITE_MANAGER_INSECURE`| 1.0.0 |bool|`Disable TLS certificate validation for the OCM connections. Do not set this in production environments.`|`false`| |`SHARING_OCM_PROVIDER_AUTHORIZER_DRIVER`| 1.0.0 |string|`Driver to be used to persist ocm invites. Supported value is only 'json'.`|`json`| -|`OCM_OCM_PROVIDER_AUTHORIZER_PROVIDERS_FILE`| 1.0.0 |string|`Path to the JSON file where ocm invite data will be stored. Defaults to $OC_CONFIG_DIR/ocmproviders.json.`|`/Users/t.schweiger/.opencloud/config/ocmproviders.json`| +|`OCM_OCM_PROVIDER_AUTHORIZER_PROVIDERS_FILE`| 1.0.0 |string|`Path to the JSON file where ocm invite data will be stored. Defaults to $OC_CONFIG_DIR/ocmproviders.json.`|`/etc/opencloud/ocmproviders.json`| |`OCM_OCM_SHARE_PROVIDER_DRIVER`| 1.0.0 |string|`Driver to be used for the OCM share provider. Supported value is only 'json'.`|`json`| -|`OCM_OCM_SHAREPROVIDER_JSON_FILE`| 1.0.0 |string|`Path to the JSON file where OCM share data will be stored. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage.`|`/Users/t.schweiger/.opencloud/storage/ocm/ocmshares.json`| +|`OCM_OCM_SHAREPROVIDER_JSON_FILE`| 1.0.0 |string|`Path to the JSON file where OCM share data will be stored. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage.`|`/var/lib/opencloud/storage/ocm/ocmshares.json`| |`OCM_OCM_SHARE_PROVIDER_INSECURE`| 1.0.0 |bool|`Disable TLS certificate validation for the OCM connections. Do not set this in production environments.`|`false`| |`OCM_WEBAPP_TEMPLATE`| 1.0.0 |string|`Template for the webapp url.`|``| |`OCM_OCM_CORE_DRIVER`| 1.0.0 |string|`Driver to be used for the OCM core. Supported value is only 'json'.`|`json`| -|`OCM_OCM_CORE_JSON_FILE`| 1.0.0 |string|`Path to the JSON file where OCM share data will be stored. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage.`|`/Users/t.schweiger/.opencloud/storage/ocm/ocmshares.json`| +|`OCM_OCM_CORE_JSON_FILE`| 1.0.0 |string|`Path to the JSON file where OCM share data will be stored. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage.`|`/var/lib/opencloud/storage/ocm/ocmshares.json`| |`OCM_OCM_STORAGE_PROVIDER_INSECURE`| 1.0.0 |bool|`Disable TLS certificate validation for the OCM connections. Do not set this in production environments.`|`false`| -|`OCM_OCM_STORAGE_PROVIDER_STORAGE_ROOT`| 1.0.0 |string|`Directory where the ocm storage provider persists its data like tus upload info files.`|`/Users/t.schweiger/.opencloud/storage/ocm`| +|`OCM_OCM_STORAGE_PROVIDER_STORAGE_ROOT`| 1.0.0 |string|`Directory where the ocm storage provider persists its data like tus upload info files.`|`/var/lib/opencloud/storage/ocm`| |`OCM_OCM_STORAGE_DATA_SERVER_URL`| 1.0.0 |string|`URL of the data server, needs to be reachable by the data gateway provided by the frontend service or the user if directly exposed.`|`http://localhost:9280/data`| diff --git a/static/env-vars/ocm_readme.md b/static/env-vars/ocm_readme.md index f65f59fb..4910053b 100644 --- a/static/env-vars/ocm_readme.md +++ b/static/env-vars/ocm_readme.md @@ -1,6 +1,6 @@ --- title: OCM -date: 2025-11-13T17:22:55.095814+01:00 +date: 2025-11-27T22:56:02.333689+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/ocm diff --git a/static/env-vars/ocs.yaml b/static/env-vars/ocs.yaml index 93a9e6fd..9bfbe275 100644 --- a/static/env-vars/ocs.yaml +++ b/static/env-vars/ocs.yaml @@ -1,11 +1,6 @@ # Autogenerated # Filename: ocs.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" log: level: "" pretty: false diff --git a/static/env-vars/ocs_configvars.md b/static/env-vars/ocs_configvars.md index fef90b8e..acd077d8 100644 --- a/static/env-vars/ocs_configvars.md +++ b/static/env-vars/ocs_configvars.md @@ -2,10 +2,6 @@ Environment variables for the **ocs** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|:---| -|`OC_TRACING_ENABLED`
`OCS_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`OCS_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`OCS_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`OCS_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| |`OC_LOG_LEVEL`
`OCS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| |`OC_LOG_PRETTY`
`OCS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| |`OC_LOG_COLOR`
`OCS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| diff --git a/static/env-vars/ocs_readme.md b/static/env-vars/ocs_readme.md index ba807715..fdb66cea 100644 --- a/static/env-vars/ocs_readme.md +++ b/static/env-vars/ocs_readme.md @@ -1,6 +1,6 @@ --- title: OCS Service -date: 2025-11-13T17:22:55.095897+01:00 +date: 2025-11-27T22:56:02.333791+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/ocs diff --git a/static/env-vars/policies.yaml b/static/env-vars/policies.yaml index 2da88c7c..9e7866a9 100644 --- a/static/env-vars/policies.yaml +++ b/static/env-vars/policies.yaml @@ -29,8 +29,3 @@ engine: mimes: "" postprocessing: query: "" -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" diff --git a/static/env-vars/policies_configvars.md b/static/env-vars/policies_configvars.md index 3255645b..f0cdb8a3 100644 --- a/static/env-vars/policies_configvars.md +++ b/static/env-vars/policies_configvars.md @@ -21,7 +21,3 @@ Environment variables for the **policies** service |`POLICIES_ENGINE_TIMEOUT`| 1.0.0 |Duration|`Sets the timeout the rego expression evaluation can take. Rules default to deny if the timeout was reached. See the Environment Variable Types description for more details.`|`10s`| |`POLICIES_ENGINE_MIMES`| 1.0.0 |string|`Sets the mimes file path which maps mimetypes to associated file extensions. See the text description for details.`|``| |`POLICIES_POSTPROCESSING_QUERY`| 1.0.0 |string|`Defines the 'Complete Rules' variable defined in the rego rule set this step uses for its evaluation. Defaults to deny if the variable was not found.`|``| -|`OC_TRACING_ENABLED`
`POLICIES_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`POLICIES_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`POLICIES_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`POLICIES_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| diff --git a/static/env-vars/policies_readme.md b/static/env-vars/policies_readme.md index 079ab550..6b35fd49 100644 --- a/static/env-vars/policies_readme.md +++ b/static/env-vars/policies_readme.md @@ -1,6 +1,6 @@ --- title: Policies -date: 2025-11-13T17:22:55.095985+01:00 +date: 2025-11-27T22:56:02.33387+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/policies @@ -24,7 +24,7 @@ Policies are written in the [rego query language](https://www.openpolicyagent.or * [Modules](#modules) * [gRPC API](#grpc-api) * [Proxy Middleware](#proxy-middleware) - * [Event Service (Postprocessing)](#event-service-postprocessing) + * [Event Service (Postprocessing)](#event-service-(postprocessing)) * [Defining Policies to Evaluate](#defining-policies-to-evaluate) * [Setting the Query Configuration](#setting-the-query-configuration) * [Proxy](#proxy) diff --git a/static/env-vars/postprocessing.yaml b/static/env-vars/postprocessing.yaml index d065c261..93e70c12 100644 --- a/static/env-vars/postprocessing.yaml +++ b/static/env-vars/postprocessing.yaml @@ -1,11 +1,6 @@ # Autogenerated # Filename: postprocessing.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" log: level: "" pretty: false diff --git a/static/env-vars/postprocessing_configvars.md b/static/env-vars/postprocessing_configvars.md index 617fb8a1..aa6a1077 100644 --- a/static/env-vars/postprocessing_configvars.md +++ b/static/env-vars/postprocessing_configvars.md @@ -2,10 +2,6 @@ Environment variables for the **postprocessing** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|:---| -|`OC_TRACING_ENABLED`
`POSTPROCESSING_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`POSTPROCESSING_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`POSTPROCESSING_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`POSTPROCESSING_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| |`OC_LOG_LEVEL`
`POSTPROCESSING_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| |`OC_LOG_PRETTY`
`POSTPROCESSING_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| |`OC_LOG_COLOR`
`POSTPROCESSING_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| @@ -28,8 +24,8 @@ Environment variables for the **postprocessing** service |`OC_EVENTS_ENABLE_TLS`
`POSTPROCESSING_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|`false`| |`OC_EVENTS_AUTH_USERNAME`
`POSTPROCESSING_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|``| |`OC_EVENTS_AUTH_PASSWORD`
`POSTPROCESSING_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|``| -|`SEARCH_EVENTS_MAX_ACK_PENDING`| next |int|`The maximum number of unacknowledged messages. This is used to limit the number of messages that can be in flight at the same time.`|`10000`| -|`SEARCH_EVENTS_ACK_WAIT`| next |Duration|`The time to wait for an ack before the message is redelivered. This is used to ensure that messages are not lost if the consumer crashes.`|`1m0s`| +|`SEARCH_EVENTS_MAX_ACK_PENDING`| 4.0.0 |int|`The maximum number of unacknowledged messages. This is used to limit the number of messages that can be in flight at the same time.`|`10000`| +|`SEARCH_EVENTS_ACK_WAIT`| 4.0.0 |Duration|`The time to wait for an ack before the message is redelivered. This is used to ensure that messages are not lost if the consumer crashes.`|`1m0s`| |`POSTPROCESSING_WORKERS`| 1.0.0 |int|`The number of concurrent go routines that fetch events from the event queue.`|`3`| |`POSTPROCESSING_STEPS`| 1.0.0 |[]string|`A list of postprocessing steps processed in order of their appearance. Currently supported values by the system are: 'virusscan', 'policies' and 'delay'. Custom steps are allowed. See the documentation for instructions. See the Environment Variable Types description for more details.`|`[]`| |`POSTPROCESSING_DELAY`| 1.0.0 |Duration|`After uploading a file but before making it available for download, a delay step can be added. Intended for developing purposes only. If a duration is set but the keyword 'delay' is not explicitely added to 'POSTPROCESSING_STEPS', the delay step will be processed as last step. In such a case, a log entry will be written on service startup to remind the admin about that situation. See the Environment Variable Types description for more details.`|`0s`| diff --git a/static/env-vars/postprocessing_readme.md b/static/env-vars/postprocessing_readme.md index 91fca265..79e58d02 100644 --- a/static/env-vars/postprocessing_readme.md +++ b/static/env-vars/postprocessing_readme.md @@ -1,6 +1,6 @@ --- title: Postprocessing -date: 2025-11-13T17:22:55.096102+01:00 +date: 2025-11-27T22:56:02.333978+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/postprocessing diff --git a/static/env-vars/proxy.yaml b/static/env-vars/proxy.yaml index 674af780..d4763bfe 100644 --- a/static/env-vars/proxy.yaml +++ b/static/env-vars/proxy.yaml @@ -1,11 +1,6 @@ # Autogenerated # Filename: proxy.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" log: level: "" pretty: false @@ -19,8 +14,8 @@ debug: http: addr: 0.0.0.0:9200 root: / - tls_cert: /Users/t.schweiger/.opencloud/proxy/server.crt - tls_key: /Users/t.schweiger/.opencloud/proxy/server.key + tls_cert: /var/lib/opencloud/proxy/server.crt + tls_key: /var/lib/opencloud/proxy/server.key tls: true reva: address: eu.opencloud.api.gateway @@ -77,6 +72,14 @@ policies: service: eu.opencloud.web.frontend unprotected: true skip_x_access_token: false + - endpoint: /sciencemesh/federations + service: eu.opencloud.web.ocm + unprotected: true + skip_x_access_token: false + - endpoint: /sciencemesh/discover + service: eu.opencloud.web.ocm + unprotected: true + skip_x_access_token: false - endpoint: /sciencemesh/ service: eu.opencloud.web.ocm skip_x_access_token: false @@ -230,6 +233,7 @@ auth_middleware: policies_middleware: query: "" csp_config_file_location: "" +csp_config_file_override_location: "" events: endpoint: 127.0.0.1:9233 cluster: opencloud-cluster diff --git a/static/env-vars/proxy_configvars.md b/static/env-vars/proxy_configvars.md index a9618c4a..f55923ef 100644 --- a/static/env-vars/proxy_configvars.md +++ b/static/env-vars/proxy_configvars.md @@ -2,10 +2,6 @@ Environment variables for the **proxy** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|:---| -|`OC_TRACING_ENABLED`
`PROXY_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`PROXY_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`PROXY_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`PROXY_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| |`OC_LOG_LEVEL`
`PROXY_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| |`OC_LOG_PRETTY`
`PROXY_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| |`OC_LOG_COLOR`
`PROXY_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| @@ -16,8 +12,8 @@ Environment variables for the **proxy** service |`PROXY_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| |`PROXY_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|`0.0.0.0:9200`| |`PROXY_HTTP_ROOT`| 1.0.0 |string|`Subdirectory that serves as the root for this HTTP service.`|`/`| -|`PROXY_TRANSPORT_TLS_CERT`| 1.0.0 |string|`Path/File name of the TLS server certificate (in PEM format) for the external http services. If not defined, the root directory derives from $OC_BASE_DATA_PATH/proxy.`|`/Users/t.schweiger/.opencloud/proxy/server.crt`| -|`PROXY_TRANSPORT_TLS_KEY`| 1.0.0 |string|`Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the external http services. If not defined, the root directory derives from $OC_BASE_DATA_PATH/proxy.`|`/Users/t.schweiger/.opencloud/proxy/server.key`| +|`PROXY_TRANSPORT_TLS_CERT`| 1.0.0 |string|`Path/File name of the TLS server certificate (in PEM format) for the external http services. If not defined, the root directory derives from $OC_BASE_DATA_PATH/proxy.`|`/var/lib/opencloud/proxy/server.crt`| +|`PROXY_TRANSPORT_TLS_KEY`| 1.0.0 |string|`Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the external http services. If not defined, the root directory derives from $OC_BASE_DATA_PATH/proxy.`|`/var/lib/opencloud/proxy/server.key`| |`PROXY_TLS`| 1.0.0 |bool|`Enable/Disable HTTPS for external HTTP services. Must be set to 'true' if the built-in IDP service an no reverse proxy is used. See the text description for details.`|`true`| |`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|`eu.opencloud.api.gateway`| |`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|``| @@ -65,6 +61,7 @@ Environment variables for the **proxy** service |`PROXY_ENABLE_APP_AUTH`| 1.0.0 |bool|`Allow app authentication. This can be used to authenticate 3rd party applications. Note that auth-app service must be running for this feature to work.`|`true`| |`PROXY_POLICIES_QUERY`| 1.0.0 |string|`Defines the 'Complete Rules' variable defined in the rego rule set this step uses for its evaluation. Rules default to deny if the variable was not found.`|``| |`PROXY_CSP_CONFIG_FILE_LOCATION`| 1.0.0 |string|`The location of the CSP configuration file.`|``| +|`PROXY_CSP_CONFIG_FILE_OVERRIDE_LOCATION`| 4.0.0 |string|`The location of the CSP configuration file override.`|``| |`OC_EVENTS_ENDPOINT`
`PROXY_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Set to a empty string to disable emitting events.`|`127.0.0.1:9233`| |`OC_EVENTS_CLUSTER`
`PROXY_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|`opencloud-cluster`| |`OC_INSECURE`
`PROXY_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|`false`| diff --git a/static/env-vars/proxy_readme.md b/static/env-vars/proxy_readme.md index eef71416..0c1101b0 100644 --- a/static/env-vars/proxy_readme.md +++ b/static/env-vars/proxy_readme.md @@ -1,6 +1,6 @@ --- title: Proxy -date: 2025-11-13T17:22:55.096208+01:00 +date: 2025-11-27T22:56:02.334185+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/proxy @@ -36,8 +36,8 @@ The proxy service is the only service communicating to the outside and needs the * [Presigned Urls](#presigned-urls) * [Special Settings](#special-settings) * [Metrics](#metrics) - * [1) Single Process Mode](#1-single-process-mode) - * [2) Standalone Mode](#2-standalone-mode) + * [1) Single Process Mode](#1)-single-process-mode) + * [2) Standalone Mode](#2)-standalone-mode) * [Available Metrics](#available-metrics) * [Prometheus Configuration](#prometheus-configuration) diff --git a/static/env-vars/search.yaml b/static/env-vars/search.yaml index abdea4bf..3a778873 100644 --- a/static/env-vars/search.yaml +++ b/static/env-vars/search.yaml @@ -1,11 +1,6 @@ # Autogenerated # Filename: search.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" log: level: "" pretty: false @@ -45,14 +40,14 @@ events: engine: type: bleve bleve: - data_path: /Users/t.schweiger/.opencloud/search + data_path: /var/lib/opencloud/search open_search: client: addresses: [] username: "" password: "" header: {} - ca_cert: [] + ca_cert: "" retry_on_status: [] disable_retry: false enable_retry_on_timeout: false diff --git a/static/env-vars/search_configvars.md b/static/env-vars/search_configvars.md index dcbe3b21..82af749f 100644 --- a/static/env-vars/search_configvars.md +++ b/static/env-vars/search_configvars.md @@ -2,10 +2,6 @@ Environment variables for the **search** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|:---| -|`OC_TRACING_ENABLED`
`SEARCH_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`SEARCH_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`SEARCH_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`SEARCH_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| |`OC_LOG_LEVEL`
`SEARCH_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| |`OC_LOG_PRETTY`
`SEARCH_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| |`OC_LOG_COLOR`
`SEARCH_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| @@ -14,13 +10,13 @@ Environment variables for the **search** service |`SEARCH_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| |`SEARCH_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| |`SEARCH_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`SEARCH_GRPC_DISABLED`| next |bool|`Disables the GRPC service. Set this to true if the service should only handle events.`|`false`| +|`SEARCH_GRPC_DISABLED`| 4.0.0 |bool|`Disables the GRPC service. Set this to true if the service should only handle events.`|`false`| |`SEARCH_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|`127.0.0.1:9220`| |`OC_JWT_SECRET`
`SEARCH_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|``| |`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|`eu.opencloud.api.gateway`| |`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|``| |`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|``| -|`SEARCH_EVENTS_DISABLED`| next |bool|`Disables listening for events. Set this to true if the service should only handle GRPC requests.`|`false`| +|`SEARCH_EVENTS_DISABLED`| 4.0.0 |bool|`Disables listening for events. Set this to true if the service should only handle GRPC requests.`|`false`| |`OC_EVENTS_ENDPOINT`
`SEARCH_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|`127.0.0.1:9233`| |`OC_EVENTS_CLUSTER`
`SEARCH_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|`opencloud-cluster`| |`OC_ASYNC_UPLOADS`
`SEARCH_EVENTS_ASYNC_UPLOADS`| 1.0.0 |bool|`Enable asynchronous file uploads.`|`true`| @@ -31,26 +27,26 @@ Environment variables for the **search** service |`OC_EVENTS_ENABLE_TLS`
`SEARCH_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|`false`| |`OC_EVENTS_AUTH_USERNAME`
`SEARCH_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|``| |`OC_EVENTS_AUTH_PASSWORD`
`SEARCH_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|``| -|`SEARCH_EVENTS_MAX_ACK_PENDING`| next |int|`The maximum number of unacknowledged messages. This is used to limit the number of messages that can be in flight at the same time.`|`1000`| -|`SEARCH_EVENTS_ACK_WAIT`| next |Duration|`The time to wait for an ack before the message is redelivered. This is used to ensure that messages are not lost if the consumer crashes.`|`1m0s`| +|`SEARCH_EVENTS_MAX_ACK_PENDING`| 4.0.0 |int|`The maximum number of unacknowledged messages. This is used to limit the number of messages that can be in flight at the same time.`|`1000`| +|`SEARCH_EVENTS_ACK_WAIT`| 4.0.0 |Duration|`The time to wait for an ack before the message is redelivered. This is used to ensure that messages are not lost if the consumer crashes.`|`1m0s`| |`SEARCH_ENGINE_TYPE`| 1.0.0 |string|`Defines which search engine to use. Defaults to 'bleve'. Supported values are: 'bleve'.`|`bleve`| -|`SEARCH_ENGINE_BLEVE_DATA_PATH`| 1.0.0 |string|`The directory where the filesystem will store search data. If not defined, the root directory derives from $OC_BASE_DATA_PATH/search.`|`/Users/t.schweiger/.opencloud/search`| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_ADDRESSES`| next |[]string|`The addresses of the OpenSearch nodes..`|`[]`| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_USERNAME`| next |string|`Username for HTTP Basic Authentication.`|``| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_PASSWORD`| next |string|`Password for HTTP Basic Authentication.`|``| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_HEADER`| next |Header|`HTTP headers to include in requests.`|`map[]`| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_CA_CERT`| next |[]uint8|`CA certificate for TLS connections.`|`[]`| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_RETRY_ON_STATUS`| next |[]int|`HTTP status codes that trigger a retry.`|`[]`| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_DISABLE_RETRY`| next |bool|`Disable retries on errors.`|`false`| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_ENABLE_RETRY_ON_TIMEOUT`| next |bool|`Enable retries on timeout.`|`false`| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_MAX_RETRIES`| next |int|`Maximum number of retries for requests.`|`0`| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_COMPRESS_REQUEST_BODY`| next |bool|`Compress request bodies.`|`false`| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_DISCOVER_NODES_ON_START`| next |bool|`Discover nodes on service start.`|`false`| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_DISCOVER_NODES_INTERVAL`| next |Duration|`Interval for discovering nodes.`|`0s`| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_ENABLE_METRICS`| next |bool|`Enable metrics collection.`|`false`| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_ENABLE_DEBUG_LOGGER`| next |bool|`Enable debug logging.`|`false`| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_INSECURE`| next |bool|`Skip TLS certificate verification.`|`false`| -|`SEARCH_ENGINE_OPEN_SEARCH_RESOURCE_INDEX_NAME`| next |string|`The name of the OpenSearch index for resources.`|`opencloud-resource`| +|`SEARCH_ENGINE_BLEVE_DATA_PATH`| 1.0.0 |string|`The directory where the filesystem will store search data. If not defined, the root directory derives from $OC_BASE_DATA_PATH/search.`|`/var/lib/opencloud/search`| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_ADDRESSES`| 4.0.0 |[]string|`The addresses of the OpenSearch nodes..`|`[]`| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_USERNAME`| 4.0.0 |string|`Username for HTTP Basic Authentication.`|``| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_PASSWORD`| 4.0.0 |string|`Password for HTTP Basic Authentication.`|``| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_HEADER`| 4.0.0 |Header|`HTTP headers to include in requests.`|`map[]`| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_CA_CERT`| 4.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the opensearch server.`|``| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_RETRY_ON_STATUS`| 4.0.0 |[]int|`HTTP status codes that trigger a retry.`|`[]`| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_DISABLE_RETRY`| 4.0.0 |bool|`Disable retries on errors.`|`false`| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_ENABLE_RETRY_ON_TIMEOUT`| 4.0.0 |bool|`Enable retries on timeout.`|`false`| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_MAX_RETRIES`| 4.0.0 |int|`Maximum number of retries for requests.`|`0`| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_COMPRESS_REQUEST_BODY`| 4.0.0 |bool|`Compress request bodies.`|`false`| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_DISCOVER_NODES_ON_START`| 4.0.0 |bool|`Discover nodes on service start.`|`false`| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_DISCOVER_NODES_INTERVAL`| 4.0.0 |Duration|`Interval for discovering nodes.`|`0s`| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_ENABLE_METRICS`| 4.0.0 |bool|`Enable metrics collection.`|`false`| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_ENABLE_DEBUG_LOGGER`| 4.0.0 |bool|`Enable debug logging.`|`false`| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_INSECURE`| 4.0.0 |bool|`Skip TLS certificate verification.`|`false`| +|`SEARCH_ENGINE_OPEN_SEARCH_RESOURCE_INDEX_NAME`| 4.0.0 |string|`The name of the OpenSearch index for resources.`|`opencloud-resource`| |`SEARCH_EXTRACTOR_TYPE`| 1.0.0 |string|`Defines the content extraction engine. Defaults to 'basic'. Supported values are: 'basic' and 'tika'.`|`basic`| |`OC_INSECURE`
`SEARCH_EXTRACTOR_CS3SOURCE_INSECURE`| 1.0.0 |bool|`Ignore untrusted SSL certificates when connecting to the CS3 source.`|`false`| |`SEARCH_EXTRACTOR_TIKA_TIKA_URL`| 1.0.0 |string|`URL of the tika server.`|`http://127.0.0.1:9998`| diff --git a/static/env-vars/search_readme.md b/static/env-vars/search_readme.md index 65e8d1be..c5eb90f8 100644 --- a/static/env-vars/search_readme.md +++ b/static/env-vars/search_readme.md @@ -1,6 +1,6 @@ --- title: Search -date: 2025-11-13T17:22:55.096414+01:00 +date: 2025-11-27T22:56:02.334322+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/search @@ -29,7 +29,7 @@ Consider using dedicated hardware for this service in case more resources are ne * [Bleve](#bleve) * [OpenSearch](#opensearch) * [Query language](#query-language) -* [Content analysis / Extraction](#content-analysis--extraction) +* [Content analysis / Extraction](#content-analysis-/-extraction) * [Basic](#basic) * [Tika](#tika) * [Manually Trigger Re-Indexing a Space](#manually-trigger-re-indexing-a-space) diff --git a/static/env-vars/settings.yaml b/static/env-vars/settings.yaml index 93d18d73..41ab10a6 100644 --- a/static/env-vars/settings.yaml +++ b/static/env-vars/settings.yaml @@ -1,11 +1,6 @@ # Autogenerated # Filename: settings.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" log: level: "" pretty: false diff --git a/static/env-vars/settings_configvars.md b/static/env-vars/settings_configvars.md index 304d4537..11531d2c 100644 --- a/static/env-vars/settings_configvars.md +++ b/static/env-vars/settings_configvars.md @@ -2,10 +2,6 @@ Environment variables for the **settings** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|:---| -|`OC_TRACING_ENABLED`
`SETTINGS_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`SETTINGS_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`SETTINGS_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`SETTINGS_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| |`OC_LOG_LEVEL`
`SETTINGS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| |`OC_LOG_PRETTY`
`SETTINGS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| |`OC_LOG_COLOR`
`SETTINGS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| diff --git a/static/env-vars/settings_readme.md b/static/env-vars/settings_readme.md index 637abe07..fca4650e 100644 --- a/static/env-vars/settings_readme.md +++ b/static/env-vars/settings_readme.md @@ -1,6 +1,6 @@ --- title: Settings -date: 2025-11-13T17:22:55.096511+01:00 +date: 2025-11-27T22:56:02.334436+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/settings diff --git a/static/env-vars/sharing.yaml b/static/env-vars/sharing.yaml index 9d87e5a7..f0fcbc02 100644 --- a/static/env-vars/sharing.yaml +++ b/static/env-vars/sharing.yaml @@ -1,11 +1,6 @@ # Autogenerated # Filename: sharing.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" log: level: "" pretty: false @@ -46,7 +41,7 @@ user_sharing_drivers: cache_ttl: 0 max_concurrency: 1 json: - file: /Users/t.schweiger/.opencloud/storage/shares.json + file: /var/lib/opencloud/storage/shares.json cs3: provider_addr: eu.opencloud.api.storage-system system_user_id: "" @@ -62,7 +57,7 @@ user_sharing_drivers: public_sharing_driver: jsoncs3 public_sharing_drivers: json: - file: /Users/t.schweiger/.opencloud/storage/publicshares.json + file: /var/lib/opencloud/storage/publicshares.json jsoncs3: provider_addr: eu.opencloud.api.storage-system system_user_id: "" diff --git a/static/env-vars/sharing_configvars.md b/static/env-vars/sharing_configvars.md index 37f99146..c08c3da4 100644 --- a/static/env-vars/sharing_configvars.md +++ b/static/env-vars/sharing_configvars.md @@ -2,10 +2,6 @@ Environment variables for the **sharing** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|:---| -|`OC_TRACING_ENABLED`
`SHARING_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`SHARING_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`SHARING_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`SHARING_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| |`OC_LOG_LEVEL`
`SHARING_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| |`OC_LOG_PRETTY`
`SHARING_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| |`OC_LOG_COLOR`
`SHARING_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| @@ -35,7 +31,7 @@ Environment variables for the **sharing** service |`OC_SYSTEM_USER_API_KEY`
`SHARING_USER_JSONCS3_SYSTEM_USER_API_KEY`| 1.0.0 |string|`API key for the STORAGE-SYSTEM system user.`|``| |`SHARING_USER_JSONCS3_CACHE_TTL`| 1.0.0 |int|`TTL for the internal caches in seconds.`|`0`| |`OC_MAX_CONCURRENCY`
`SHARING_USER_JSONCS3_MAX_CONCURRENCY`| 1.0.0 |int|`Maximum number of concurrent go-routines. Higher values can potentially get work done faster but will also cause more load on the system. Values of 0 or below will be ignored and the default value will be used.`|`1`| -|`SHARING_USER_JSON_FILE`| 1.0.0 |string|`Path to the JSON file where shares will be persisted. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage.`|`/Users/t.schweiger/.opencloud/storage/shares.json`| +|`SHARING_USER_JSON_FILE`| 1.0.0 |string|`Path to the JSON file where shares will be persisted. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage.`|`/var/lib/opencloud/storage/shares.json`| |`SHARING_USER_CS3_PROVIDER_ADDR`| 1.0.0 |string|`GRPC address of the STORAGE-SYSTEM service.`|`eu.opencloud.api.storage-system`| |`OC_SYSTEM_USER_ID`
`SHARING_USER_CS3_SYSTEM_USER_ID`| 1.0.0 |string|`ID of the OpenCloud STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.`|``| |`OC_SYSTEM_USER_IDP`
`SHARING_USER_CS3_SYSTEM_USER_IDP`| 1.0.0 |string|`IDP of the OpenCloud STORAGE-SYSTEM system user.`|`internal`| @@ -47,7 +43,7 @@ Environment variables for the **sharing** service |`SHARING_USER_OWNCLOUDSQL_DB_NAME`| 1.0.0 |string|`Name of the database to be used.`|`owncloud`| |`SHARING_USER_OWNCLOUDSQL_USER_STORAGE_MOUNT_ID`| 1.0.0 |string|`Mount ID of the ownCloudSQL users storage for mapping ownCloud 10 shares.`|``| |`SHARING_PUBLIC_DRIVER`| 1.0.0 |string|`Driver to be used to persist public shares. Supported values are 'jsoncs3', 'json' and 'cs3' (deprecated).`|`jsoncs3`| -|`SHARING_PUBLIC_JSON_FILE`| 1.0.0 |string|`Path to the JSON file where public share meta-data will be stored. This JSON file contains the information about public shares that have been created. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage.`|`/Users/t.schweiger/.opencloud/storage/publicshares.json`| +|`SHARING_PUBLIC_JSON_FILE`| 1.0.0 |string|`Path to the JSON file where public share meta-data will be stored. This JSON file contains the information about public shares that have been created. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage.`|`/var/lib/opencloud/storage/publicshares.json`| |`SHARING_PUBLIC_JSONCS3_PROVIDER_ADDR`| 1.0.0 |string|`GRPC address of the STORAGE-SYSTEM service.`|`eu.opencloud.api.storage-system`| |`OC_SYSTEM_USER_ID`
`SHARING_PUBLIC_JSONCS3_SYSTEM_USER_ID`| 1.0.0 |string|`ID of the OpenCloud STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.`|``| |`OC_SYSTEM_USER_IDP`
`SHARING_PUBLIC_JSONCS3_SYSTEM_USER_IDP`| 1.0.0 |string|`IDP of the OpenCloud STORAGE-SYSTEM system user.`|`internal`| diff --git a/static/env-vars/sharing_readme.md b/static/env-vars/sharing_readme.md new file mode 100755 index 00000000..c24134b7 --- /dev/null +++ b/static/env-vars/sharing_readme.md @@ -0,0 +1,65 @@ +--- +title: Sharing +date: 2025-11-27T22:56:02.334524+01:00 +weight: 20 +geekdocRepo: https://github.com/opencloud-eu/opencloud +geekdocEditPath: edit/master/services/sharing +geekdocFilePath: README.md +geekdocCollapseSection: true +--- + + + +## Abstract + + +The `sharing` service provides the CS3 Sharing API for OpenCloud. It manages user shares and public link shares, implementing the core sharing functionality. + + +## Table of Contents + +* [Overview](#overview) +* [Integration](#integration) +* [Share Types](#share-types) +* [Configuration](#configuration) +* [Scalability](#scalability) + +## Overview + +The sharing service handles: +- User-to-user shares (share a file or folder with another user) +- Public link shares (share via a public URL) +- Share permissions and roles +- Share lifecycle management (create, update, delete) + +This service works in conjunction with the storage providers (`storage-shares` and `storage-publiclink`) to persist and manage share information. + +## Integration + +The sharing service integrates with: +- `frontend` and `ocs` - Provide HTTP APIs that translate to CS3 sharing calls +- `storage-shares` - Stores and manages received shares +- `storage-publiclink` - Manages public link shares +- `graph` - Provides LibreGraph API for sharing with roles + +## Share Types + +The service supports different types of shares: +- **User shares** - Share resources with specific users +- **Group shares** - Share resources with groups +- **Public link shares** - Create public URLs for sharing +- **Federated shares** - Share with users on other OpenCloud instances (via `ocm` service) + +## Configuration + +Share behavior can be configured via environment variables: +- Password enforcement for public shares +- Auto-acceptance of shares +- Share permissions and restrictions + +See the `frontend` service README for more details on share-related configuration options. + +## Scalability + +The sharing service depends on the configured storage backends for share metadata. Scalability characteristics depend on the chosen storage backend configuration. + diff --git a/static/env-vars/sse.yaml b/static/env-vars/sse.yaml index 03db45dd..8600af9e 100644 --- a/static/env-vars/sse.yaml +++ b/static/env-vars/sse.yaml @@ -11,11 +11,6 @@ debug: token: "" pprof: false zpages: false -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" keepalive_interval: 0s events: endpoint: 127.0.0.1:9233 diff --git a/static/env-vars/sse_configvars.md b/static/env-vars/sse_configvars.md index ca25dd83..4214aad8 100644 --- a/static/env-vars/sse_configvars.md +++ b/static/env-vars/sse_configvars.md @@ -10,10 +10,6 @@ Environment variables for the **sse** service |`SSE_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| |`SSE_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| |`SSE_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`OC_TRACING_ENABLED`
`SSE_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`SSE_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`SSE_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`SSE_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| |`SSE_KEEPALIVE_INTERVAL`| 1.0.0 |Duration|`To prevent intermediate proxies from closing the SSE connection, send periodic SSE comments to keep it open.`|`0s`| |`OC_EVENTS_ENDPOINT`
`SSE_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|`127.0.0.1:9233`| |`OC_EVENTS_CLUSTER`
`SSE_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|`opencloud-cluster`| diff --git a/static/env-vars/sse_readme.md b/static/env-vars/sse_readme.md index 474dbecc..49aea22f 100644 --- a/static/env-vars/sse_readme.md +++ b/static/env-vars/sse_readme.md @@ -1,6 +1,6 @@ --- title: SSE -date: 2025-11-13T17:22:55.096997+01:00 +date: 2025-11-27T22:56:02.334591+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/sse diff --git a/static/env-vars/storage-publiclink.yaml b/static/env-vars/storage-publiclink.yaml index 2b590625..127d622d 100644 --- a/static/env-vars/storage-publiclink.yaml +++ b/static/env-vars/storage-publiclink.yaml @@ -1,11 +1,6 @@ # Autogenerated # Filename: storage-publiclink.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" log: level: "" pretty: false diff --git a/static/env-vars/storage-publiclink_configvars.md b/static/env-vars/storage-publiclink_configvars.md index f36a7537..e2ba94f3 100644 --- a/static/env-vars/storage-publiclink_configvars.md +++ b/static/env-vars/storage-publiclink_configvars.md @@ -2,10 +2,6 @@ Environment variables for the **storage-publiclink** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|:---| -|`OC_TRACING_ENABLED`
`STORAGE_PUBLICLINK_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`STORAGE_PUBLICLINK_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`STORAGE_PUBLICLINK_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`STORAGE_PUBLICLINK_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| |`OC_LOG_LEVEL`
`STORAGE_PUBLICLINK_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| |`OC_LOG_PRETTY`
`STORAGE_PUBLICLINK_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| |`OC_LOG_COLOR`
`STORAGE_PUBLICLINK_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| diff --git a/static/env-vars/storage-publiclink_readme.md b/static/env-vars/storage-publiclink_readme.md index c93f426b..e5a03492 100644 --- a/static/env-vars/storage-publiclink_readme.md +++ b/static/env-vars/storage-publiclink_readme.md @@ -1,6 +1,6 @@ --- -title: Storage Public Link -date: 2025-11-12T16:20:03.610455+01:00 +title: Storage PublicLink +date: 2025-11-27T22:56:02.334658+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/storage-publiclink @@ -13,9 +13,48 @@ geekdocCollapseSection: true ## Abstract -The `storage-publiclink` service handles public link functionality for shared resources within OpenCloud. +The `storage-publiclink` service provides storage backend functionality for public link shares in OpenCloud. It implements the CS3 storage provider interface specifically for working with public link shared resources. + ## Table of Contents +* [Overview](#overview) +* [Integration](#integration) +* [Storage Registry](#storage-registry) +* [Access Control](#access-control) +* [Scalability](#scalability) + +## Overview + +This service is part of the storage services family and is responsible for: +- Providing access to publicly shared resources +- Handling anonymous access to shared content + +## Integration + +The storage-publiclink service integrates with: +- `sharing` service - Manages and persists public link shares +- `frontend` and `ocdav` - Provide HTTP/WebDAV access to public links +- Storage drivers - Accesses the actual file content + +## Storage Registry + +The service is registered in the gateway's storage registry with: +- Provider ID: `7993447f-687f-490d-875c-ac95e89a62a4` +- Mount point: `/public` +- Space types: `grant` and `mountpoint` + +See the `gateway` README for more details on storage registry configuration. + +## Access Control + +Public link shares can be configured with: +- Password protection +- Expiration dates +- Read-only or read-write permissions +- Download limits + +## Scalability +The storage-publiclink service can be scaled horizontally. diff --git a/static/env-vars/storage-shares.yaml b/static/env-vars/storage-shares.yaml index 364221eb..0c637011 100644 --- a/static/env-vars/storage-shares.yaml +++ b/static/env-vars/storage-shares.yaml @@ -1,11 +1,6 @@ # Autogenerated # Filename: storage-shares.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" log: level: "" pretty: false diff --git a/static/env-vars/storage-shares_configvars.md b/static/env-vars/storage-shares_configvars.md index f9509d24..ce9b2bf6 100644 --- a/static/env-vars/storage-shares_configvars.md +++ b/static/env-vars/storage-shares_configvars.md @@ -2,10 +2,6 @@ Environment variables for the **storage-shares** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|:---| -|`OC_TRACING_ENABLED`
`STORAGE_SHARES_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`STORAGE_SHARES_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`STORAGE_SHARES_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`STORAGE_SHARES_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| |`OC_LOG_LEVEL`
`STORAGE_SHARES_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| |`OC_LOG_PRETTY`
`STORAGE_SHARES_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| |`OC_LOG_COLOR`
`STORAGE_SHARES_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| diff --git a/static/env-vars/storage-shares_readme.md b/static/env-vars/storage-shares_readme.md index 0aa97098..37dfc066 100644 --- a/static/env-vars/storage-shares_readme.md +++ b/static/env-vars/storage-shares_readme.md @@ -1,6 +1,6 @@ --- title: Storage Shares -date: 2025-11-12T16:20:03.610542+01:00 +date: 2025-11-27T22:56:02.334725+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/storage-shares @@ -13,9 +13,44 @@ geekdocCollapseSection: true ## Abstract -The `storage-shares` service manages shared storage resources within OpenCloud. +The `storage-shares` service provides storage backend functionality for user and group shares in OpenCloud. It implements the CS3 storage provider interface specifically for working with shared resources. + ## Table of Contents +* [Overview](#overview) +* [Integration](#integration) +* [Virtual Shares Folder](#virtual-shares-folder) +* [Storage Registry](#storage-registry) +* [Scalability](#scalability) + +## Overview + +This service is part of the storage services family and is responsible for: +- Providing a virtual view of received shares +- Handling access to resources shared by other users + +## Integration + +The storage-shares service integrates with: +- `sharing` service - Manages and persists shares +- `storage-users` service - Accesses the underlying file content +- `frontend` and `ocdav` - Provide HTTP/WebDAV access to shares + +## Virtual Shares Folder + +The service provides a virtual "Shares" folder for each user where all received shares are mounted. This allows users to access all files and folders that have been shared with them in a centralized location. + +## Storage Registry + +The service is registered in the gateway's storage registry with: +- Provider ID: `a0ca6a90-a365-4782-871e-d44447bbc668` +- Mount point: `/users/{{.CurrentUser.Id.OpaqueId}}/Shares` +- Space types: `virtual`, `grant`, and `mountpoint` + +See the `gateway` README for more details on storage registry configuration. + +## Scalability +The storage-shares service can be scaled horizontally. diff --git a/static/env-vars/storage-system.yaml b/static/env-vars/storage-system.yaml index 33caa0f6..5d4a9f11 100644 --- a/static/env-vars/storage-system.yaml +++ b/static/env-vars/storage-system.yaml @@ -1,11 +1,6 @@ # Autogenerated # Filename: storage-system.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" log: level: "" pretty: false @@ -45,7 +40,7 @@ cache: driver: decomposed drivers: decomposed: - root: /Users/t.schweiger/.opencloud/storage/metadata + root: /var/lib/opencloud/storage/metadata max_acquire_lock_cycles: 20 lock_cycle_duration_factor: 30 data_server_url: http://localhost:9216/data diff --git a/static/env-vars/storage-system_configvars.md b/static/env-vars/storage-system_configvars.md index 920c5a9b..2b7ef3ae 100644 --- a/static/env-vars/storage-system_configvars.md +++ b/static/env-vars/storage-system_configvars.md @@ -2,10 +2,6 @@ Environment variables for the **storage-system** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|:---| -|`OC_TRACING_ENABLED`
`STORAGE_SYSTEM_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`STORAGE_SYSTEM_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`STORAGE_SYSTEM_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`STORAGE_SYSTEM_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| |`OC_LOG_LEVEL`
`STORAGE_SYSTEM_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| |`OC_LOG_PRETTY`
`STORAGE_SYSTEM_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| |`OC_LOG_COLOR`
`STORAGE_SYSTEM_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| @@ -33,7 +29,7 @@ Environment variables for the **storage-system** service |`OC_CACHE_AUTH_USERNAME`
`STORAGE_SYSTEM_CACHE_AUTH_USERNAME`| 1.0.0 |string|`Username for the configured store. Only applies when store type 'nats-js-kv' is configured.`|``| |`OC_CACHE_AUTH_PASSWORD`
`STORAGE_SYSTEM_CACHE_AUTH_PASSWORD`| 1.0.0 |string|`Password for the configured store. Only applies when store type 'nats-js-kv' is configured.`|``| |`STORAGE_SYSTEM_DRIVER`| 1.0.0 |string|`The driver which should be used by the service. The only supported driver is 'decomposed'. For backwards compatibility reasons it's also possible to use the 'ocis' driver and configure it using the 'decomposed' options. `|`decomposed`| -|`STORAGE_SYSTEM_OC_ROOT`| 1.0.0 |string|`Path for the directory where the STORAGE-SYSTEM service stores it's persistent data. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage.`|`/Users/t.schweiger/.opencloud/storage/metadata`| +|`STORAGE_SYSTEM_OC_ROOT`| 1.0.0 |string|`Path for the directory where the STORAGE-SYSTEM service stores it's persistent data. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage.`|`/var/lib/opencloud/storage/metadata`| |`STORAGE_SYSTEM_OC_MAX_ACQUIRE_LOCK_CYCLES`| 1.0.0 |int|`When trying to lock files, OpenCloud will try this amount of times to acquire the lock before failing. After each try it will wait for an increasing amount of time. Values of 0 or below will be ignored and the default value of 20 will be used.`|`20`| |`STORAGE_SYSTEM_OC_LOCK_CYCLE_DURATION_FACTOR`| 1.0.0 |int|`When trying to lock files, OpenCloud will multiply the cycle with this factor and use it as a millisecond timeout. Values of 0 or below will be ignored and the default value of 30 will be used.`|`30`| |`STORAGE_SYSTEM_DATA_SERVER_URL`| 1.0.0 |string|`URL of the data server, needs to be reachable by other services using this service.`|`http://localhost:9216/data`| diff --git a/static/env-vars/storage-system_readme.md b/static/env-vars/storage-system_readme.md index 6414c30c..4137d732 100644 --- a/static/env-vars/storage-system_readme.md +++ b/static/env-vars/storage-system_readme.md @@ -1,6 +1,6 @@ --- title: Storage-System -date: 2025-11-13T17:22:55.097089+01:00 +date: 2025-11-27T22:56:02.33479+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/storage-system diff --git a/static/env-vars/storage-users.yaml b/static/env-vars/storage-users.yaml index f64aed8e..cc60efb9 100644 --- a/static/env-vars/storage-users.yaml +++ b/static/env-vars/storage-users.yaml @@ -1,11 +1,6 @@ # Autogenerated # Filename: storage-users.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" log: level: "" pretty: false @@ -79,7 +74,7 @@ drivers: propagator: sync async_propagator_options: propagation_delay: 0s - root: /Users/t.schweiger/.opencloud/storage/users + root: /var/lib/opencloud/storage/users user_layout: '{{.Id.OpaqueId}}' permissions_endpoint: eu.opencloud.api.settings personalspacealias_template: '{{.SpaceType}}/{{.User.Username | lower}}' @@ -97,7 +92,7 @@ drivers: propagator: sync async_propagator_options: propagation_delay: 0s - root: /Users/t.schweiger/.opencloud/storage/users + root: /var/lib/opencloud/storage/users user_layout: '{{.Id.OpaqueId}}' permissions_endpoint: eu.opencloud.api.settings region: default @@ -122,10 +117,10 @@ drivers: async_uploads: true disable_versioning: false owncloudsql: - root: /Users/t.schweiger/.opencloud/storage/owncloud + root: /var/lib/opencloud/storage/owncloud share_folder: /Shares user_layout: '{{.Username}}' - upload_info_dir: /Users/t.schweiger/.opencloud/storage/uploadinfo + upload_info_dir: /var/lib/opencloud/storage/uploadinfo db_username: owncloud db_password: owncloud db_host: "" @@ -133,7 +128,7 @@ drivers: db_name: owncloud users_provider_endpoint: eu.opencloud.api.users posix: - root: /Users/t.schweiger/.opencloud/storage/users + root: /var/lib/opencloud/storage/users propagator: "" async_propagator_options: propagation_delay: 0s diff --git a/static/env-vars/storage-users_configvars.md b/static/env-vars/storage-users_configvars.md index b448696f..185cd3b9 100644 --- a/static/env-vars/storage-users_configvars.md +++ b/static/env-vars/storage-users_configvars.md @@ -1,20 +1,16 @@ -2025-11-13-17-19-28 +2025-11-27-22-55-58 # Deprecation Notice | Deprecation Info | Deprecation Version | Removal Version | Deprecation Replacement | |---|---|---|:---| -| | next | | | +| | 4.0.0 | | | Environment variables for the **storage-users** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|:---| |`STORAGE_USERS_SERVICE_NAME`| 1.0.0 |string|`Service name to use. Change this when starting an additional storage provider with a custom configuration to prevent it from colliding with the default 'storage-users' service.`|`storage-users`| -|`OC_TRACING_ENABLED`
`STORAGE_USERS_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`STORAGE_USERS_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`STORAGE_USERS_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`STORAGE_USERS_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| |`OC_LOG_LEVEL`
`STORAGE_USERS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| |`OC_LOG_PRETTY`
`STORAGE_USERS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| |`OC_LOG_COLOR`
`STORAGE_USERS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| @@ -42,7 +38,7 @@ Environment variables for the **storage-users** service |`STORAGE_USERS_DRIVER`| 1.0.0 |string|`The storage driver which should be used by the service. Defaults to 'posix'. Supported values are: 'posix', 'decomposed', 'decomposeds3' and 'owncloudsql'. For backwards compatibility reasons it's also possible to use the 'ocis' and 's3ng' driver and configure them using the 'decomposed'/'decomposeds3' options. The 'posix' driver stores data directly on a POSIX-compliant filesystem. The 'decomposed' driver stores all data (blob and meta data) in a POSIX compliant volume. The 'decomposeds3' driver stores metadata in a POSIX compliant volume and uploads blobs to the s3 bucket.`|`posix`| |`OC_DECOMPOSEDFS_PROPAGATOR`
`STORAGE_USERS_DECOMPOSED_PROPAGATOR`| 1.0.0 |string|`The propagator used for decomposedfs. At the moment, only 'sync' is fully supported, 'async' is available as an experimental option.`|`sync`| |`STORAGE_USERS_ASYNC_PROPAGATOR_PROPAGATION_DELAY`| 1.0.0 |Duration|`The delay between a change made to a tree and the propagation start on treesize and treetime. Multiple propagations are computed to a single one. See the Environment Variable Types description for more details.`|`0s`| -|`STORAGE_USERS_DECOMPOSED_ROOT`| 1.0.0 |string|`The directory where the filesystem storage will store blobs and metadata. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage/users.`|`/Users/t.schweiger/.opencloud/storage/users`| +|`STORAGE_USERS_DECOMPOSED_ROOT`| 1.0.0 |string|`The directory where the filesystem storage will store blobs and metadata. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage/users.`|`/var/lib/opencloud/storage/users`| |`STORAGE_USERS_DECOMPOSED_USER_LAYOUT`| 1.0.0 |string|`Template string for the user storage layout in the user directory.`|`{{.Id.OpaqueId}}`| |`STORAGE_USERS_PERMISSION_ENDPOINT`
`STORAGE_USERS_DECOMPOSED_PERMISSIONS_ENDPOINT`| 1.0.0 |string|`Endpoint of the permissions service. The endpoints can differ for 'decomposed' and 'decomposeds3'.`|`eu.opencloud.api.settings`| |`STORAGE_USERS_DECOMPOSED_PERSONAL_SPACE_ALIAS_TEMPLATE`| 1.0.0 |string|`Template string to construct personal space aliases.`|`{{.SpaceType}}/{{.User.Username \| lower}}`| @@ -58,7 +54,7 @@ Environment variables for the **storage-users** service |`OC_DISABLE_VERSIONING`| 1.0.0 |bool|`Disables versioning of files. When set to true, new uploads with the same filename will overwrite existing files instead of creating a new version.`|`false`| |`OC_DECOMPOSEDFS_PROPAGATOR`
`STORAGE_USERS_DECOMPOSEDS3_PROPAGATOR`| 1.0.0 |string|`The propagator used for decomposedfs. At the moment, only 'sync' is fully supported, 'async' is available as an experimental option.`|`sync`| |`STORAGE_USERS_ASYNC_PROPAGATOR_PROPAGATION_DELAY`| 1.0.0 |Duration|`The delay between a change made to a tree and the propagation start on treesize and treetime. Multiple propagations are computed to a single one. See the Environment Variable Types description for more details.`|`0s`| -|`STORAGE_USERS_DECOMPOSEDS3_ROOT`| 1.0.0 |string|`The directory where the filesystem storage will store metadata for blobs. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage/users.`|`/Users/t.schweiger/.opencloud/storage/users`| +|`STORAGE_USERS_DECOMPOSEDS3_ROOT`| 1.0.0 |string|`The directory where the filesystem storage will store metadata for blobs. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage/users.`|`/var/lib/opencloud/storage/users`| |`STORAGE_USERS_DECOMPOSEDS3_USER_LAYOUT`| 1.0.0 |string|`Template string for the user storage layout in the user directory.`|`{{.Id.OpaqueId}}`| |`STORAGE_USERS_PERMISSION_ENDPOINT`
`STORAGE_USERS_DECOMPOSEDS3_PERMISSIONS_ENDPOINT`| 1.0.0 |string|`Endpoint of the permissions service. The endpoints can differ for 'decomposed' and 'decomposeds3'.`|`eu.opencloud.api.settings`| |`STORAGE_USERS_DECOMPOSEDS3_REGION`| 1.0.0 |string|`Region of the S3 bucket.`|`default`| @@ -82,17 +78,17 @@ Environment variables for the **storage-users** service |`OC_MAX_CONCURRENCY`
`STORAGE_USERS_DECOMPOSEDS3_MAX_CONCURRENCY`| 1.0.0 |int|`Maximum number of concurrent go-routines. Higher values can potentially get work done faster but will also cause more load on the system. Values of 0 or below will be ignored and the default value of 100 will be used.`|`5`| |`OC_ASYNC_UPLOADS`| 1.0.0 |bool|`Enable asynchronous file uploads.`|`true`| |`OC_DISABLE_VERSIONING`| 1.0.0 |bool|`Disables versioning of files. When set to true, new uploads with the same filename will overwrite existing files instead of creating a new version.`|`false`| -|`STORAGE_USERS_OWNCLOUDSQL_DATADIR`| 1.0.0 |string|`The directory where the filesystem storage will store SQL migration data. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage/owncloud.`|`/Users/t.schweiger/.opencloud/storage/owncloud`| +|`STORAGE_USERS_OWNCLOUDSQL_DATADIR`| 1.0.0 |string|`The directory where the filesystem storage will store SQL migration data. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage/owncloud.`|`/var/lib/opencloud/storage/owncloud`| |`STORAGE_USERS_OWNCLOUDSQL_SHARE_FOLDER`| 1.0.0 |string|`Name of the folder jailing all shares.`|`/Shares`| |`STORAGE_USERS_OWNCLOUDSQL_LAYOUT`| 1.0.0 |string|`Path layout to use to navigate into a users folder in an owncloud data directory`|`{{.Username}}`| -|`STORAGE_USERS_OWNCLOUDSQL_UPLOADINFO_DIR`| 1.0.0 |string|`The directory where the filesystem will store uploads temporarily. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage/uploadinfo.`|`/Users/t.schweiger/.opencloud/storage/uploadinfo`| +|`STORAGE_USERS_OWNCLOUDSQL_UPLOADINFO_DIR`| 1.0.0 |string|`The directory where the filesystem will store uploads temporarily. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage/uploadinfo.`|`/var/lib/opencloud/storage/uploadinfo`| |`STORAGE_USERS_OWNCLOUDSQL_DB_USERNAME`| 1.0.0 |string|`Username for the database.`|`owncloud`| |`STORAGE_USERS_OWNCLOUDSQL_DB_PASSWORD`| 1.0.0 |string|`Password for the database.`|`owncloud`| |`STORAGE_USERS_OWNCLOUDSQL_DB_HOST`| 1.0.0 |string|`Hostname or IP of the database server.`|``| |`STORAGE_USERS_OWNCLOUDSQL_DB_PORT`| 1.0.0 |int|`Port that the database server is listening on.`|`3306`| |`STORAGE_USERS_OWNCLOUDSQL_DB_NAME`| 1.0.0 |string|`Name of the database to be used.`|`owncloud`| |`STORAGE_USERS_OWNCLOUDSQL_USERS_PROVIDER_ENDPOINT`| 1.0.0 |string|`Endpoint of the users provider.`|`eu.opencloud.api.users`| -|`STORAGE_USERS_POSIX_ROOT`| 1.0.0 |string|`The directory where the filesystem storage will store its data. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage/users.`|`/Users/t.schweiger/.opencloud/storage/users`| +|`STORAGE_USERS_POSIX_ROOT`| 1.0.0 |string|`The directory where the filesystem storage will store its data. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage/users.`|`/var/lib/opencloud/storage/users`| |`OC_DECOMPOSEDFS_PROPAGATOR`
`STORAGE_USERS_POSIX_PROPAGATOR`| 2.0.0 |string|`The propagator used for the posix driver. At the moment, only 'sync' is fully supported, 'async' is available as an experimental option.`|``| |`STORAGE_USERS_ASYNC_PROPAGATOR_PROPAGATION_DELAY`| 1.0.0 |Duration|`The delay between a change made to a tree and the propagation start on treesize and treetime. Multiple propagations are computed to a single one. See the Environment Variable Types description for more details.`|`0s`| |`STORAGE_USERS_POSIX_PERSONAL_SPACE_ALIAS_TEMPLATE`| 1.0.0 |string|`Template string to construct personal space aliases.`|`{{.SpaceType}}/{{.User.Username \| lower}}`| @@ -113,8 +109,8 @@ Environment variables for the **storage-users** service |`STORAGE_USERS_POSIX_WATCH_TYPE`| 1.0.0 |string|`Type of the watcher to use for getting notified about changes to the filesystem. Currently available options are 'inotifywait' (default), 'cephfs', 'gpfswatchfolder' and 'gpfsfileauditlogging'.`|``| |`STORAGE_USERS_POSIX_WATCH_PATH`| 1.0.0 |string|`Path to the watch directory/file. Only applies to the 'gpfsfileauditlogging' and 'inotifywait' watcher, in which case it is the path of the file audit log file/base directory to watch.`|``| |`STORAGE_USERS_POSIX_WATCH_NOTIFICATION_BROKERS,STORAGE_USERS_POSIX_WATCH_FOLDER_KAFKA_BROKERS`| 1.0.0 |string|`Comma-separated list of kafka brokers to read the watchfolder events from.`|``| -|`STORAGE_USERS_POSIX_WATCH_ROOT`| next |string|`Path to the watch root directory. Event paths will be considered relative to this path. Only applies to the 'gpswatchfolder' and 'cephfs' watchers.`|``| -|`STORAGE_USERS_POSIX_INOTIFY_STATS_FREQUENCY`| next |Duration|`Frequency to log inotify stats.`|`5m0s`| +|`STORAGE_USERS_POSIX_WATCH_ROOT`| 4.0.0 |string|`Path to the watch root directory. Event paths will be considered relative to this path. Only applies to the 'gpswatchfolder' and 'cephfs' watchers.`|``| +|`STORAGE_USERS_POSIX_INOTIFY_STATS_FREQUENCY`| 4.0.0 |Duration|`Frequency to log inotify stats.`|`5m0s`| |`STORAGE_USERS_DATA_SERVER_URL`| 1.0.0 |string|`URL of the data server, needs to be reachable by the data gateway provided by the frontend service or the user if directly exposed.`|`http://localhost:9158/data`| |`STORAGE_USERS_DATA_GATEWAY_URL`| 1.0.0 |string|`URL of the data gateway server`|`http://localhost:9140/data`| |`STORAGE_USERS_TRANSFER_EXPIRES`| 1.0.0 |int64|`The time after which the token for upload postprocessing expires`|`86400`| diff --git a/static/env-vars/storage-users_readme.md b/static/env-vars/storage-users_readme.md index a6352270..51c7064e 100644 --- a/static/env-vars/storage-users_readme.md +++ b/static/env-vars/storage-users_readme.md @@ -1,6 +1,6 @@ --- title: Storage-Users -date: 2025-11-13T17:22:55.097175+01:00 +date: 2025-11-27T22:56:02.334862+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/storage-users diff --git a/static/env-vars/thumbnails.yaml b/static/env-vars/thumbnails.yaml index 468168c4..fa39a91d 100644 --- a/static/env-vars/thumbnails.yaml +++ b/static/env-vars/thumbnails.yaml @@ -1,11 +1,6 @@ # Autogenerated # Filename: thumbnails.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" log: level: "" pretty: false @@ -60,7 +55,7 @@ thumbnail: - 4320x7680 - 7680x4320 filesystem_storage: - root_directory: /Users/t.schweiger/.opencloud/thumbnails + root_directory: /var/lib/opencloud/thumbnails webdav_allow_insecure: false cs3_allow_insecure: false reva_gateway: eu.opencloud.api.gateway diff --git a/static/env-vars/thumbnails_configvars.md b/static/env-vars/thumbnails_configvars.md index b42e6157..b61c1386 100644 --- a/static/env-vars/thumbnails_configvars.md +++ b/static/env-vars/thumbnails_configvars.md @@ -2,10 +2,6 @@ Environment variables for the **thumbnails** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|:---| -|`OC_TRACING_ENABLED`
`THUMBNAILS_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`THUMBNAILS_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`THUMBNAILS_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`THUMBNAILS_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| |`OC_LOG_LEVEL`
`THUMBNAILS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| |`OC_LOG_PRETTY`
`THUMBNAILS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| |`OC_LOG_COLOR`
`THUMBNAILS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| @@ -26,7 +22,7 @@ Environment variables for the **thumbnails** service |`OC_CORS_ALLOW_HEADERS`
`THUMBNAILS_CORS_ALLOW_HEADERS`| 1.0.0 |[]string|`A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.`|`[Authorization Origin Content-Type Accept X-Requested-With X-Request-Id Cache-Control]`| |`OC_CORS_ALLOW_CREDENTIALS`
`THUMBNAILS_CORS_ALLOW_CREDENTIALS`| 1.0.0 |bool|`Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.`|`true`| |`THUMBNAILS_RESOLUTIONS`| 1.0.0 |[]string|`The supported list of target resolutions in the format WidthxHeight like 32x32. You can define any resolution as required. See the Environment Variable Types description for more details.`|`[16x16 32x32 64x64 128x128 1080x1920 1920x1080 2160x3840 3840x2160 4320x7680 7680x4320]`| -|`THUMBNAILS_FILESYSTEMSTORAGE_ROOT`| 1.0.0 |string|`The directory where the filesystem storage will store the thumbnails. If not defined, the root directory derives from $OC_BASE_DATA_PATH/thumbnails.`|`/Users/t.schweiger/.opencloud/thumbnails`| +|`THUMBNAILS_FILESYSTEMSTORAGE_ROOT`| 1.0.0 |string|`The directory where the filesystem storage will store the thumbnails. If not defined, the root directory derives from $OC_BASE_DATA_PATH/thumbnails.`|`/var/lib/opencloud/thumbnails`| |`OC_INSECURE`
`THUMBNAILS_WEBDAVSOURCE_INSECURE`| 1.0.0 |bool|`Ignore untrusted SSL certificates when connecting to the webdav source.`|`false`| |`OC_INSECURE`
`THUMBNAILS_CS3SOURCE_INSECURE`| 1.0.0 |bool|`Ignore untrusted SSL certificates when connecting to the CS3 source.`|`false`| |`OC_REVA_GATEWAY`| 1.0.0 |string|`CS3 gateway used to look up user metadata`|`eu.opencloud.api.gateway`| diff --git a/static/env-vars/thumbnails_readme.md b/static/env-vars/thumbnails_readme.md index 20d07927..ad62b83f 100644 --- a/static/env-vars/thumbnails_readme.md +++ b/static/env-vars/thumbnails_readme.md @@ -1,6 +1,6 @@ --- title: Thumbnails -date: 2025-11-13T17:22:55.0974+01:00 +date: 2025-11-27T22:56:02.334947+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/thumbnails diff --git a/static/env-vars/userlog.yaml b/static/env-vars/userlog.yaml index 263d9bd3..50f9f235 100644 --- a/static/env-vars/userlog.yaml +++ b/static/env-vars/userlog.yaml @@ -1,11 +1,6 @@ # Autogenerated # Filename: userlog.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" log: level: "" pretty: false diff --git a/static/env-vars/userlog_configvars.md b/static/env-vars/userlog_configvars.md index 1b65ce94..40753381 100644 --- a/static/env-vars/userlog_configvars.md +++ b/static/env-vars/userlog_configvars.md @@ -2,10 +2,6 @@ Environment variables for the **userlog** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|:---| -|`OC_TRACING_ENABLED`
`USERLOG_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`USERLOG_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`USERLOG_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`USERLOG_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| |`OC_LOG_LEVEL`
`USERLOG_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| |`OC_LOG_PRETTY`
`USERLOG_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| |`OC_LOG_COLOR`
`USERLOG_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| diff --git a/static/env-vars/userlog_readme.md b/static/env-vars/userlog_readme.md index 899f1b21..e55816e7 100644 --- a/static/env-vars/userlog_readme.md +++ b/static/env-vars/userlog_readme.md @@ -1,6 +1,6 @@ --- title: Userlog -date: 2025-11-13T17:22:55.097508+01:00 +date: 2025-11-27T22:56:02.335031+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/userlog diff --git a/static/env-vars/users.yaml b/static/env-vars/users.yaml index d5627c01..bf2a685c 100644 --- a/static/env-vars/users.yaml +++ b/static/env-vars/users.yaml @@ -1,11 +1,6 @@ # Autogenerated # Filename: users.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" log: level: "" pretty: false @@ -32,7 +27,7 @@ driver: ldap drivers: ldap: uri: ldaps://localhost:9235 - ca_cert: /Users/t.schweiger/.opencloud/idm/ldap.crt + ca_cert: /var/lib/opencloud/idm/ldap.crt insecure: false bind_dn: uid=reva,ou=sysusers,o=libregraph-idm bind_password: "" diff --git a/static/env-vars/users_configvars.md b/static/env-vars/users_configvars.md index 149b063e..96e4a7f8 100644 --- a/static/env-vars/users_configvars.md +++ b/static/env-vars/users_configvars.md @@ -2,10 +2,6 @@ Environment variables for the **users** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|:---| -|`OC_TRACING_ENABLED`
`USERS_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`USERS_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`USERS_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`USERS_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| |`OC_LOG_LEVEL`
`USERS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| |`OC_LOG_PRETTY`
`USERS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| |`OC_LOG_COLOR`
`USERS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| @@ -23,7 +19,7 @@ Environment variables for the **users** service |`USERS_SKIP_USER_GROUPS_IN_TOKEN`| 1.0.0 |bool|`Disables the loading of user's group memberships from the reva access token.`|`false`| |`USERS_DRIVER`| 1.0.0 |string|`The driver which should be used by the users service. Supported values are 'ldap' and 'owncloudsql'.`|`ldap`| |`OC_LDAP_URI`
`USERS_LDAP_URI`| 1.0.0 |string|`URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' and 'ldap://'`|`ldaps://localhost:9235`| -|`OC_LDAP_CACERT`
`USERS_LDAP_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idm.`|`/Users/t.schweiger/.opencloud/idm/ldap.crt`| +|`OC_LDAP_CACERT`
`USERS_LDAP_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idm.`|`/var/lib/opencloud/idm/ldap.crt`| |`OC_LDAP_INSECURE`
`USERS_LDAP_INSECURE`| 1.0.0 |bool|`Disable TLS certificate validation for the LDAP connections. Do not set this in production environments.`|`false`| |`OC_LDAP_BIND_DN`
`USERS_LDAP_BIND_DN`| 1.0.0 |string|`LDAP DN to use for simple bind authentication with the target LDAP server.`|`uid=reva,ou=sysusers,o=libregraph-idm`| |`OC_LDAP_BIND_PASSWORD`
`USERS_LDAP_BIND_PASSWORD`| 1.0.0 |string|`Password to use for authenticating the 'bind_dn'.`|``| @@ -41,7 +37,7 @@ Environment variables for the **users** service |`OC_LDAP_USER_SCHEMA_USER_TYPE`
`USERS_LDAP_USER_TYPE_ATTRIBUTE`| 1.0.0 |string|`LDAP Attribute to distinguish between 'Member' and 'Guest' users. Default is 'openCloudUserType'.`|`openCloudUserType`| |`OC_LDAP_DISABLED_USERS_GROUP_DN`
`USERS_LDAP_DISABLED_USERS_GROUP_DN`| 1.0.0 |string|`The distinguished name of the group to which added users will be classified as disabled when 'disable_user_mechanism' is set to 'group'.`|`cn=DisabledUsersGroup,ou=groups,o=libregraph-idm`| |`OC_LDAP_USER_SCHEMA_ID`
`USERS_LDAP_USER_SCHEMA_ID`| 1.0.0 |string|`LDAP Attribute to use as the unique ID for users. This should be a stable globally unique ID like a UUID.`|`openclouduuid`| -|`OC_LDAP_USER_SCHEMA_TENANT_ID`
`USERS_LDAP_USER_SCHEMA_TENANT_ID`| next |string|`LDAP Attribute to use for the tenant ID of users. This is used to identify the tenant of a user in a multi-tenant environment.`|``| +|`OC_LDAP_USER_SCHEMA_TENANT_ID`
`USERS_LDAP_USER_SCHEMA_TENANT_ID`| 4.0.0 |string|`LDAP Attribute to use for the tenant ID of users. This is used to identify the tenant of a user in a multi-tenant environment.`|``| |`OC_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING`
`USERS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING`| 1.0.0 |bool|`Set this to true if the defined 'ID' attribute for users is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the user ID's.`|`false`| |`OC_LDAP_USER_SCHEMA_MAIL`
`USERS_LDAP_USER_SCHEMA_MAIL`| 1.0.0 |string|`LDAP Attribute to use for the email address of users.`|`mail`| |`OC_LDAP_USER_SCHEMA_DISPLAYNAME`
`USERS_LDAP_USER_SCHEMA_DISPLAYNAME`| 1.0.0 |string|`LDAP Attribute to use for the displayname of users.`|`displayname`| diff --git a/static/env-vars/users_readme.md b/static/env-vars/users_readme.md index 2b8717f4..6d2eb34f 100644 --- a/static/env-vars/users_readme.md +++ b/static/env-vars/users_readme.md @@ -1,6 +1,6 @@ --- title: Users -date: 2025-11-12T16:20:03.611091+01:00 +date: 2025-11-27T22:56:02.335114+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/users @@ -13,9 +13,38 @@ geekdocCollapseSection: true ## Abstract -The `users` service provides user management functionality within OpenCloud. +The `users` service provides the CS3 Users API for OpenCloud. It is responsible for managing user information and authentication within the OpenCloud instance. + +This service implements the CS3 identity user provider interface, allowing other services to query and manage user accounts. It works as a backend provider for the `graph` service when using the CS3 backend mode. + ## Table of Contents +* [Backend Integration](#backend-integration) +* [API](#api) +* [Usage](#usage) +* [Scalability](#scalability) + +## Backend Integration + +The users service can work with different storage backends: +- LDAP integration through the graph service +- Direct CS3 API implementation + +When using the `graph` service with the CS3 backend (`GRAPH_IDENTITY_BACKEND=cs3`), the graph service queries user information through this service. + +## API + +The service provides CS3 gRPC APIs for: +- Listing users +- Getting user information +- Finding users by username, email, or ID + +## Usage + +The users service is only used internally by other OpenCloud services and not being accessed directly by clients. The `frontend`, `ocs`, and `graph` services translate HTTP API requests into CS3 API calls to this service. + +## Scalability +Since the users service queries backend systems (like LDAP through the configured identity backend), it can be scaled horizontally without additional configuration when using stateless backends. diff --git a/static/env-vars/web.yaml b/static/env-vars/web.yaml index 99e2d2a8..a2075298 100644 --- a/static/env-vars/web.yaml +++ b/static/env-vars/web.yaml @@ -1,11 +1,6 @@ # Autogenerated # Filename: web.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" log: level: "" pretty: false @@ -67,9 +62,9 @@ http: - X-HTTP-Method-Override allow_credentials: false asset: - core_path: /Users/t.schweiger/.opencloud/web/assets/core - themes_path: /Users/t.schweiger/.opencloud/web/assets/themes - apps_path: /Users/t.schweiger/.opencloud/web/assets/apps + core_path: /var/lib/opencloud/web/assets/core + themes_path: /var/lib/opencloud/web/assets/themes + apps_path: /var/lib/opencloud/web/assets/apps file: "" web: theme_server: https://localhost:9200 diff --git a/static/env-vars/web_configvars.md b/static/env-vars/web_configvars.md index 355665ec..6d4b4ed9 100644 --- a/static/env-vars/web_configvars.md +++ b/static/env-vars/web_configvars.md @@ -2,10 +2,6 @@ Environment variables for the **web** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|:---| -|`OC_TRACING_ENABLED`
`WEB_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`WEB_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`WEB_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`WEB_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| |`OC_LOG_LEVEL`
`WEB_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| |`OC_LOG_PRETTY`
`WEB_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| |`OC_LOG_COLOR`
`WEB_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| @@ -24,9 +20,9 @@ Environment variables for the **web** service |`OC_CORS_ALLOW_METHODS`
`WEB_CORS_ALLOW_METHODS`| 1.0.0 |[]string|`A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.`|`[OPTIONS HEAD GET PUT PATCH POST DELETE MKCOL PROPFIND PROPPATCH MOVE COPY REPORT SEARCH]`| |`OC_CORS_ALLOW_HEADERS`
`WEB_CORS_ALLOW_HEADERS`| 1.0.0 |[]string|`A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.`|`[Origin Accept Content-Type Depth Authorization Ocs-Apirequest If-None-Match If-Match Destination Overwrite X-Request-Id X-Requested-With Tus-Resumable Tus-Checksum-Algorithm Upload-Concat Upload-Length Upload-Metadata Upload-Defer-Length Upload-Expires Upload-Checksum Upload-Offset X-HTTP-Method-Override]`| |`OC_CORS_ALLOW_CREDENTIALS`
`WEB_CORS_ALLOW_CREDENTIALS`| 1.0.0 |bool|`Allow credentials for CORS. See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.`|`false`| -|`WEB_ASSET_CORE_PATH`| 1.0.0 |string|`Serve OpenCloud Web assets from a path on the filesystem instead of the builtin assets. If not defined, the root directory derives from $OC_BASE_DATA_PATH/web/assets/core`|`/Users/t.schweiger/.opencloud/web/assets/core`| -|`OC_ASSET_THEMES_PATH`
`WEB_ASSET_THEMES_PATH`| 1.0.0 |string|`Serve OpenCloud themes from a path on the filesystem instead of the builtin assets. If not defined, the root directory derives from $OC_BASE_DATA_PATH/web/assets/themes`|`/Users/t.schweiger/.opencloud/web/assets/themes`| -|`WEB_ASSET_APPS_PATH`| 1.0.0 |string|`Serve OpenCloud Web apps assets from a path on the filesystem instead of the builtin assets. If not defined, the root directory derives from $OC_BASE_DATA_PATH/web/assets/apps`|`/Users/t.schweiger/.opencloud/web/assets/apps`| +|`WEB_ASSET_CORE_PATH`| 1.0.0 |string|`Serve OpenCloud Web assets from a path on the filesystem instead of the builtin assets. If not defined, the root directory derives from $OC_BASE_DATA_PATH/web/assets/core`|`/var/lib/opencloud/web/assets/core`| +|`OC_ASSET_THEMES_PATH`
`WEB_ASSET_THEMES_PATH`| 1.0.0 |string|`Serve OpenCloud themes from a path on the filesystem instead of the builtin assets. If not defined, the root directory derives from $OC_BASE_DATA_PATH/web/assets/themes`|`/var/lib/opencloud/web/assets/themes`| +|`WEB_ASSET_APPS_PATH`| 1.0.0 |string|`Serve OpenCloud Web apps assets from a path on the filesystem instead of the builtin assets. If not defined, the root directory derives from $OC_BASE_DATA_PATH/web/assets/apps`|`/var/lib/opencloud/web/assets/apps`| |`WEB_UI_CONFIG_FILE`| 1.0.0 |string|`Read the OpenCloud Web json based configuration from this path/file. The config file takes precedence over WEB_OPTION_xxx environment variables. See the text description for more details.`|``| |`OC_URL`
`WEB_UI_THEME_SERVER`| 1.0.0 |string|`Base URL to load themes from. Will be prepended to the theme path.`|`https://localhost:9200`| |`WEB_UI_THEME_PATH`| 1.0.0 |string|`Path to the theme json file. Will be appended to the URL of the theme server.`|`/themes/opencloud/theme.json`| @@ -54,6 +50,6 @@ Environment variables for the **web** service |`WEB_OPTION_CONCURRENT_REQUESTS_SSE`| 1.0.0 |int|`Defines the maximum number of concurrent requests in SSE event handlers. Defaults to 4.`|`0`| |`WEB_OPTION_CONCURRENT_REQUESTS_SHARES_CREATE`| 1.0.0 |int|`Defines the maximum number of concurrent requests per sharing invite batch. Defaults to 4.`|`0`| |`WEB_OPTION_CONCURRENT_REQUESTS_SHARES_LIST`| 1.0.0 |int|`Defines the maximum number of concurrent requests when loading individual share information inside listings. Defaults to 2.`|`0`| -|`WEB_OPTION_DEFAULT_APP_ID`| next |string|`Defines the entrypoint for the web ui.`|``| +|`WEB_OPTION_DEFAULT_APP_ID`| 4.0.0 |string|`Defines the entrypoint for the web ui.`|``| |`OC_JWT_SECRET`
`WEB_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|``| |`WEB_GATEWAY_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|`eu.opencloud.api.gateway`| diff --git a/static/env-vars/web_readme.md b/static/env-vars/web_readme.md index 2fc32a96..4dbda35d 100644 --- a/static/env-vars/web_readme.md +++ b/static/env-vars/web_readme.md @@ -1,6 +1,6 @@ --- title: Web -date: 2025-11-13T17:22:55.097596+01:00 +date: 2025-11-27T22:56:02.335267+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/web @@ -38,7 +38,7 @@ The web service also provides a minimal API for branding functionality like chan If you want to use your custom compiled web client assets instead of the embedded ones, then you can do that by setting the `WEB_ASSET_CORE_PATH` variable to point to your compiled files. -See [OpenCloud Web / Getting Started](https://docs.opencloud.eu/docs/dev/web/getting-started) for more details. +See [OpenCloud Web / Getting Started](https://docs.opencloud.eu/clients/web/getting-started/) for more details. ## Web UI Configuration diff --git a/static/env-vars/webdav.yaml b/static/env-vars/webdav.yaml index a644ed8a..39a7ce3c 100644 --- a/static/env-vars/webdav.yaml +++ b/static/env-vars/webdav.yaml @@ -1,11 +1,6 @@ # Autogenerated # Filename: webdav.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" log: level: "" pretty: false @@ -47,5 +42,3 @@ disablePreviews: false opencloud_public_url: https://localhost:9200 webdav_namespace: /users/{{.Id.OpaqueId}} reva_gateway: eu.opencloud.api.gateway -reva_gateway_tls_mode: "" -reva_gateway_tls_cacert: "" diff --git a/static/env-vars/webdav_configvars.md b/static/env-vars/webdav_configvars.md index 3d88f259..eaa32876 100644 --- a/static/env-vars/webdav_configvars.md +++ b/static/env-vars/webdav_configvars.md @@ -2,10 +2,6 @@ Environment variables for the **webdav** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|:---| -|`OC_TRACING_ENABLED`
`WEBDAV_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`WEBDAV_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`WEBDAV_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`WEBDAV_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| |`OC_LOG_LEVEL`
`WEBDAV_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| |`OC_LOG_PRETTY`
`WEBDAV_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| |`OC_LOG_COLOR`
`WEBDAV_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| @@ -27,5 +23,3 @@ Environment variables for the **webdav** service |`OC_URL`
`OC_PUBLIC_URL`| 1.0.0 |string|`URL, where OpenCloud is reachable for users.`|`https://localhost:9200`| |`WEBDAV_WEBDAV_NAMESPACE`| 1.0.0 |string|`CS3 path layout to use when forwarding /webdav requests`|`/users/{{.Id.OpaqueId}}`| |`OC_REVA_GATEWAY`| 1.0.0 |string|`CS3 gateway used to look up user metadata`|`eu.opencloud.api.gateway`| -|`OC_REVA_GATEWAY_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the CS3 gateway endpoint. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|``| -|`OC_REVA_GATEWAY_TLS_CACERT`| 1.0.0 |string|`The root CA certificate used to validate the gateway's TLS certificate.`|``| diff --git a/static/env-vars/webdav_readme.md b/static/env-vars/webdav_readme.md index ae99a3e1..01c2e503 100644 --- a/static/env-vars/webdav_readme.md +++ b/static/env-vars/webdav_readme.md @@ -1,6 +1,6 @@ --- title: Webdav -date: 2025-11-13T17:22:55.097697+01:00 +date: 2025-11-27T22:56:02.335343+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/webdav diff --git a/static/env-vars/webfinger.yaml b/static/env-vars/webfinger.yaml index a3166530..fd77ff1b 100644 --- a/static/env-vars/webfinger.yaml +++ b/static/env-vars/webfinger.yaml @@ -1,11 +1,6 @@ # Autogenerated # Filename: webfinger.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" log: level: "" pretty: false diff --git a/static/env-vars/webfinger_configvars.md b/static/env-vars/webfinger_configvars.md index 81d0b840..08733164 100644 --- a/static/env-vars/webfinger_configvars.md +++ b/static/env-vars/webfinger_configvars.md @@ -2,10 +2,6 @@ Environment variables for the **webfinger** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|:---| -|`OC_TRACING_ENABLED`
`WEBFINGER_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`| -|`OC_TRACING_TYPE`
`WEBFINGER_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``| -|`OC_TRACING_ENDPOINT`
`WEBFINGER_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``| -|`OC_TRACING_COLLECTOR`
`WEBFINGER_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``| |`OC_LOG_LEVEL`
`WEBFINGER_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| |`OC_LOG_PRETTY`
`WEBFINGER_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| |`OC_LOG_COLOR`
`WEBFINGER_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| diff --git a/static/env-vars/webfinger_readme.md b/static/env-vars/webfinger_readme.md index 453ca630..39185961 100644 --- a/static/env-vars/webfinger_readme.md +++ b/static/env-vars/webfinger_readme.md @@ -1,6 +1,6 @@ --- title: Webfinger -date: 2025-11-13T17:22:55.097774+01:00 +date: 2025-11-27T22:56:02.335416+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/webfinger