The YAML configuration files include comments outlining how to override
the server image's default command. They are supposed to help with, for
example, replacing gunicorn with daphne.
These comments have diverged from the actual command used in current
images. Furthermore, at least to my knowledge, the setup has not been
used or tested with daphne in a long time. For these reasons, this
patch removes the comments without a replacement.
If there still is, in fact, a use case for the instructions, they would
need to be updated and their location should be reconsidered.
- removed big mode artifacts
- removed django_session_redis
- Enforce newly created settings.py when invalid options are set:
* OPENSLIDES_USER_DATA_DIR
* SESSION_ENGINE
- Overwrites the secret key during development to "development"
HAProxy was replaced by Caddy, so obviously variables should not longer
carry HAPROXY in their names to avoid confusion.
To hopefully make future changes less likely to break configurations,
we'll keep variable and image names generic (proxy instead of caddy).
For now, keep using HAProxy's name in most places, e.g.,
DOCKER_OPENSLIDES_HAPROXY_NAME. To avoid confusion, the specific
mentions of HAProxy should be made more generic, e.g.,
DOCKER_OPENSLIDES_PROXY_NAME.
- Cleans up log messages in the client
- Refactored the autoupdate bundle code into an own file
- Added bulk creates for History in Postgresql. This is the only database system
that supports returning all ids whan multiple elements are inserted. We can
make usage out of it.
- Added a `disable_history`, that is request-wide
- Disabled history on poll vote requests
- Removed unnecessary user ordering
- Reduced the queries for creating motion vote objects by one
- removed final_data: This was not prefetched. Using the normal data collection
the data is prefetched
- removed unnecessary user query if vore delegation is not used
- Removing channels. Going back to a wsgi deployment
- Removed server projector code
- Autoupdate throttling is now in the client
- New communication stack in the client
- Adopted all deployment methods: Docker stack and docker compose (prod and dev)
- Added autoupdate service as submodule
To configure SAML, ENABLE_SAML must be set to True in .env.
Additionally, the following files must be provided in ./secrets/saml/:
- sp.crt
- sp.key
- saml_settings.json
The files will be added as Docker secrets.
Even though saml_settings.json does not contain secret information
per se it is nonetheless added as a secret for simplicity. Technically,
the file is equally suited to be configured as a "Docker config".
Please note:
- This patch has not been tested yet.
- python3-saml's version should probably be pinned.
This setup chooses to avoid the env_file option available for Docker
Compose files. Docker has a peculiar way of parsing variables which
makes it, for example, include quotes verbatim.
This is both confusing and incompatible with shells parsing the same
file which is a requirement. For this reason, the configuration does
not import the complete environment using env_file but assigns variables
explicitly on a need-to-know basis in the YAML file, much like Docker
secrets.
Since the configuration is generated automatically, the burden on users
is the same as with env_file: they only need to edit .env for
customizations.
Since build.sh now builds more than just two images, individual queries
whether to push each image to a registry may become tedious. This patch
replaces the queries with a single checklist menu. After making
a selection, the images get pushed all at once.
In the menu, all images are unchecked by default in order to prevent
accidental uploads. This, too, may become tedious. In that case, the
default could be flipped or a new option could be introduced.
build.sh replaces docker-compose as an image build tool. Instead, all
OpenSlides services can be built using this script which offers various
important options such as tagging and configurable defaults.
The now-redundant build instructions have been removed from the YAML
templates.
The almost identical server and client build scripts have been made
fully identical.
We have decided against including an insecure default key with a mere
warning. Therefore, unlike the admin and user secrets, the availability
of this secret is a hard requirement. The instance will not be able to
start before a secret has been generated manually or by a management
tool.
- moved all server related things into the folder `server`, so this
configuration is parallel to the client.
- All main "services" are now folders in the root directory
- Added Dockerfiles to each service (currently server and client)
- Added a docker compose configuration to start everything together.
Currently there are heavy dependencies into https://github.com/OpenSlides/openslides-docker-compose
- Resturctured the .gitignore. If someone needs something excluded,
please add it to the right section.
- Added initial build setup with Docker and docker-compose.
- removed setup.py. We won't deliver OpenSlides via pip anymore.