To configure SAML, ENABLE_SAML must be set to True in .env.
Additionally, the following files must be provided in ./secrets/saml/:
- sp.crt
- sp.key
- saml_settings.json
The files will be added as Docker secrets.
Even though saml_settings.json does not contain secret information
per se it is nonetheless added as a secret for simplicity. Technically,
the file is equally suited to be configured as a "Docker config".
Please note:
- This patch has not been tested yet.
- python3-saml's version should probably be pinned.
Now that this repository has become the entry point through which
OpenSlides instances are configured, this patch transfers some relevant
information formerly included in
https://github.com/OpenSlides/openslides-docker-compose/ to this
repository's README file.
This setup chooses to avoid the env_file option available for Docker
Compose files. Docker has a peculiar way of parsing variables which
makes it, for example, include quotes verbatim.
This is both confusing and incompatible with shells parsing the same
file which is a requirement. For this reason, the configuration does
not import the complete environment using env_file but assigns variables
explicitly on a need-to-know basis in the YAML file, much like Docker
secrets.
Since the configuration is generated automatically, the burden on users
is the same as with env_file: they only need to edit .env for
customizations.
Since build.sh now builds more than just two images, individual queries
whether to push each image to a registry may become tedious. This patch
replaces the queries with a single checklist menu. After making
a selection, the images get pushed all at once.
In the menu, all images are unchecked by default in order to prevent
accidental uploads. This, too, may become tedious. In that case, the
default could be flipped or a new option could be introduced.
build.sh replaces docker-compose as an image build tool. Instead, all
OpenSlides services can be built using this script which offers various
important options such as tagging and configurable defaults.
The now-redundant build instructions have been removed from the YAML
templates.
The almost identical server and client build scripts have been made
fully identical.
We have decided against including an insecure default key with a mere
warning. Therefore, unlike the admin and user secrets, the availability
of this secret is a hard requirement. The instance will not be able to
start before a secret has been generated manually or by a management
tool.
- moved all server related things into the folder `server`, so this
configuration is parallel to the client.
- All main "services" are now folders in the root directory
- Added Dockerfiles to each service (currently server and client)
- Added a docker compose configuration to start everything together.
Currently there are heavy dependencies into https://github.com/OpenSlides/openslides-docker-compose
- Resturctured the .gitignore. If someone needs something excluded,
please add it to the right section.
- Added initial build setup with Docker and docker-compose.
- removed setup.py. We won't deliver OpenSlides via pip anymore.