owncloud / docs-ocis Goto Github PK
View Code? Open in Web Editor NEWownCloud oCis Admin Documentation
Home Page: https://doc.owncloud.com
ownCloud oCis Admin Documentation
Home Page: https://doc.owncloud.com
References:
owncloud/ocis#4799 (refactor templating, add subject templating)
owncloud/ocis#6038 (Make Emails translatable via transifex)
owncloud/ocis#6098 ([docs-only] Note that we only support language but not language_territory (web frontend))
References: owncloud/ocis#5652
To be added at: https://doc.owncloud.com/ocis/next/maintenance/commands/commands.html
References: owncloud/ocis#5858 (Add command for inspecting and manipulating node metadata)
Needs to be added here: maintenance/commands
References: owncloud/ocis#5700 (Invitations service)
Hey!
I am currently trying to install ocis via helm but I can't find the generic-config.yaml
. The file is mentioned here:
https://doc.owncloud.com/ocis/next/deployment/container/orchestration/orchestration.html#define-generic-configs
Is the link broken?
@butonic fyi
References:
To be added (at least): https://doc.owncloud.com/ocis/next/prerequisites/prerequisites.html
we should add to the docs that:
needed after owncloud/ocis-charts#92 is merged
Basic idea / framework
Admin doc
References: owncloud/ocis#4256 (Add a cli for listing and cleaning up expired uploads)
@aduffeck can you pls add some comments regarding
A fail2ban setup was discussed on central.o.o: https://central.owncloud.org/t/brute-force-protection-for-user-logins/41568
It would be nice to have that mentioned as extra hardening for example as addition to the "Small-Scale Deployment with systemd".
As suggested and discussed with @butonic, we are going to use the C4Model to describe the architecture of oCIS in the documentation. The image currently used does not meet the requirements. The C4Model is based on a description file that can be downloaded from the documentation which we will use to generate the necessary svg images. A process is briefly described as comment on top of the file. Because we cant do the work defining the content of that file to describe the architecure, we provided a raw starting point and a first image rendered from that one so you can see where we are. Here is the link to the documentation on staging: https://doc.staging.owncloud.com/ocis/next/architecture/
Our request is, that the oCIS development team refines this file with the details necessary, create a PR in this repo with the update and we will do the imaging on the changes made. Note that you can do this in iterations, but we need to have that ready in only view weeks - means no time to waste...
Info: A C4Model has usually various layers starting from a birds eye view and zooming in. You can use the same file to describe these layers. When you use the linked free website Structurizr DSL to render the file, you can select which layer you want to display and you can see instantly the result from the changes made. Feel free to add additional source files if needed.
You can find the link to the model file we use at:
https://github.com/owncloud/docs-ocis/blob/master/modules/ROOT/attachments/architecture/ocis-c4-model.dsl
@EParzefall fyi
The documentation points to frontend-config-example.yaml
which would be interpreted as frontend-config.yaml
, but it actually has to be frontend.yaml
. Not sure where this is generated, otherwise i would have made a pullrequest.
podman volume create ocis-config
podman volume create ocis-data
podman volume create wopi-recovery
podman network create ocis_net
podman network create cloudflare_net
app_registry:
mimetypes:
- mime_type: application/pdf
extension: pdf
name: PDF
description: PDF document
icon: ''
default_app: ''
allow_creation: false
- mime_type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
extension: docx
name: Microsoft Word
description: Microsoft Word document
icon: ''
default_app: OnlyOffice
allow_creation: true
- mime_type: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
extension: xlsx
name: Microsoft Excel
description: Microsoft Excel document
icon: ''
default_app: OnlyOffice
allow_creation: true
- mime_type: application/vnd.openxmlformats-officedocument.presentationml.presentation
extension: pptx
name: Microsoft PowerPoint
description: Microsoft PowerPoint document
icon: ''
default_app: OnlyOffice
allow_creation: true
- mime_type: application/vnd.jupyter
extension: ipynb
name: Jupyter Notebook
description: Jupyter Notebook
icon: ''
default_app: ''
allow_creation: true
#!/bin/sh
set -e
apk add curl
#TODO: app driver itself should try again until OnlyOffice is up...
retries=10
while [[ $retries -gt 0 ]]; do
if curl --silent --show-error --fail http://onlyoffice/hosting/discovery > /dev/null; then
ocis app-provider server
else
echo "OnlyOffice is not yet available, trying again in 10 seconds"
sleep 10
retries=$((retries - 1))
fi
done
echo 'OnlyOffice was not available after 100 seconds'
exit 1
#!/bin/sh
set -e
echo "${WOPISECRET}" > /etc/wopi/wopisecret
cp /etc/wopi/wopiserver.conf.dist /etc/wopi/wopiserver.conf
sed -i 's/wopi.domain.com/'${WOPISERVER_DOMAIN}'/g' /etc/wopi/wopiserver.conf
if [ "$WOPISERVER_INSECURE" == "true" ]; then
sed -i 's/sslverify\s=\sTrue/sslverify = False/g' /etc/wopi/wopiserver.conf
fi
/app/wopiserver.py
#!/bin/sh
set -e
echo "${WOPISECRET}" > /etc/wopi/wopisecret
cp /etc/wopi/wopiserver.conf.dist /etc/wopi/wopiserver.conf
sed -i 's/wopi.domain.com/'${WOPISERVER_DOMAIN}'/g' /etc/wopi/wopiserver.conf
if [ "$WOPISERVER_INSECURE" == "true" ]; then
sed -i 's/sslverify\s=\sTrue/sslverify = False/g' /etc/wopi/wopiserver.conf
fi
/app/wopiserver.py
[user@SRV01 ~]$ cat /home/user/ocis/wopi/wopiserver.conf.dist
#
# This config is based on https://github.com/cs3org/wopiserver/blob/master/wopiserver.conf
#
# wopiserver.conf
#
# Default configuration file for the WOPI server for oCIS
#
##############################################################
[general]
# Storage access layer to be loaded in order to operate this WOPI server
# only "cs3" is supported with oCIS
storagetype = cs3
# Port where to listen for WOPI requests
port = 8880
# Logging level. Debug enables the Flask debug mode as well.
# Valid values are: Debug, Info, Warning, Error.
loglevel = Error
loghandler = stream
logdest = stdout
# URL of your WOPI server or your HA proxy in front of it
wopiurl = https://wopi.domain.com
# URL for direct download of files. The complete URL that is sent
# to clients will include the access_token argument
downloadurl = https://wopi.domain.com/wopi/cbox/download
# The internal server engine to use (defaults to flask).
# Set to waitress for production installations.
internalserver = waitress
# List of file extensions deemed incompatible with LibreOffice:
# interoperable locking will be disabled for such files
nonofficetypes = .md .zmd .txt .epd
# List of file extensions to be supported by Collabora (deprecated)
codeofficetypes = .odt .ott .ods .ots .odp .otp .odg .otg .doc .dot .xls .xlt .xlm .ppt .pot .pps .vsd .dxf .wmf .cdr .pages .number .key
# WOPI access token expiration time [seconds]
tokenvalidity = 86400
# WOPI lock expiration time [seconds]
wopilockexpiration = 3600
# WOPI lock strict check: if True, WOPI locks will be compared according to specs,
# that is their representation must match. False (default) allows for a more relaxed
# comparison, which compensates incorrect lock requests from Microsoft Office Online
# on-premise setups.
wopilockstrictcheck = False
# Enable support of rename operations from WOPI apps. This is currently
# disabled by default as it has been observed that both MS Office and Collabora
# Online do not play well with this feature.
# Not supported with oCIS, must always be set to "False"
enablerename = False
# Detection of external Microsoft Office or LibreOffice locks. By default, lock files
# compatible with Office for Desktop applications are detected, assuming that the
# underlying storage can be mounted as a remote filesystem: in this case, WOPI GetLock
# and SetLock operations return such locks and prevent online apps from entering edit mode.
# This feature can be disabled in order to operate a pure WOPI server for online apps.
# Not supported with oCIS, must always be set to "False"
detectexternallocks = False
# Location of the webconflict files. By default, such files are stored in the same path
# as the original file. If that fails (e.g. because of missing permissions),
# an attempt is made to store such files in this path if specified, otherwise
# the system falls back to the recovery space (cf. io|recoverypath).
# The keywords <user_initial> and <username> are replaced with the actual username's
# initial letter and the actual username, respectively, so you can use e.g.
# /your_storage/home/user_initial/username
#conflictpath = /
# ownCloud's WOPI proxy configuration. Disabled by default.
#wopiproxy = https://external-wopi-proxy.com
#wopiproxysecretfile = /path/to/your/shared-key-file
#proxiedappname = Name of your proxied app
[security]
# Location of the secret files. Requires a restart of the
# WOPI server when either the files or their content change.
wopisecretfile = /etc/wopi/wopisecret
# iop secret is not used for cs3 storage type
#iopsecretfile = /etc/wopi/iopsecret
# Use https as opposed to http (requires certificate)
usehttps = no
# Certificate and key for https. Requires a restart
# to apply a change.
wopicert = /etc/grid-security/host.crt
wopikey = /etc/grid-security/host.key
[bridge]
# SSL certificate check for the connected apps
sslverify = True
# Minimal time interval between two consecutive save operations [seconds]
#saveinterval = 200
# Minimal time interval before a closed file is WOPI-unlocked [seconds]
#unlockinterval = 90
# CodiMD: disable creating zipped bundles when files contain pictures
#disablezip = False
[io]
# Size used for buffered reads [bytes]
chunksize = 4194304
# Path to a recovery space in case of I/O errors when reaching to the remote storage.
# This is expected to be a local path, and it is provided in order to ease user support.
# Defaults to the indicated spool folder.
recoverypath = /var/spool/wopirecovery
[cs3]
# Host and port of the Reva(-like) CS3-compliant GRPC gateway endpoint
revagateway = ocis:9142
# Reva/gRPC authentication token expiration time [seconds]
# The default value matches Reva's default
authtokenvalidity = 3600
# SSL certificate check for Reva
sslverify = True
Note: don't forget to make the "entrypoint-override.sh" files executable with chmod +x entrypoint-override.sh
.
podman run -d \
--name cloudflare \
--label "io.containers.autoupdate=image" \
-e PUID=1000 \
-e PGID=1000 \
-e TZ=Europe/Rome \
--restart unless-stopped \
--network cloudflare_net \
docker.io/cloudflare/cloudflared:latest \
tunnel --no-autoupdate run \
--token $your_secret_token
Infinite Scale needs a first time initialization to set up the environment.
podman run --rm -it \
--name ocis \
-e PUID=1000 \
-e PGID=1000 \
-e TZ=Europe/Rome \
-v ocis-config:/etc/ocis \
-v ocis-data:/var/lib/ocis \
-e IDM_ADMIN_PASSWORD="$yourSecretAdminPasswort" \
--network cloudflare_net \
--network ocis_net \
docker.io/owncloud/ocis init
podman run -d \
--name ocis \
--restart unless-stopped \
--label "io.containers.autoupdate=image" \
-e PUID=1000 \
-e PGID=1000 \
-e TZ=Europe/Rome \
-e OCIS_URL=https://ocis.domain.com \
-e OCIS_LOG_LEVEL=info \
-e OCIS_LOG_COLOR=false \
-e PROXY_TLS=false \
-e GATEWAY_GRPC_ADDR=0.0.0.0:9142 \
-e OCIS_INSECURE=false \
-e PROXY_ENABLE_BASIC_AUTH=false \
-e IDM_ADMIN_PASSWORD="$yourSecretAdminPasswort" \
-e IDM_CREATE_DEMO_USERS=false \
-v /lokal/path/to/app-registry.yaml:/etc/ocis/app-registry.yaml:Z \
-v ocis-config:/etc/ocis \
-v ocis-data:/var/lib/ocis \
--network ocis_net \
--network cloudflare_net \
docker.io/owncloud/ocis
podman run -d \
--name wopi \
--restart unless-stopped \
--label "io.containers.autoupdate=image" \
--entrypoint /entrypoint-override.sh \
-e PUID=1000 \
-e PGID=1000 \
-e TZ=Europe/Rome \
-e WOPISERVER_INSECURE=false \
-e WOPISECRET=KorenIpsum494 \
-e WOPISERVER_DOMAIN=wopi.domain.com \
-v /lokal/path/to/wopi/entrypoint-override.sh:/entrypoint-override.sh:Z \
-v /lokal/path/to/wopiserver.conf.dist:/etc/wopi/wopiserver.conf.dist:Z \
-v wopi-recovery:/var/spool/wopirecovery \
--network ocis_net \
--network cloudflare_net \
docker.io/cs3org/wopiserver:latest
podman run -d \
--name OnlyOffice \
--restart unless-stopped \
--label "io.containers.autoupdate=image" \
-e PUID=1000 \
-e PGID=1000 \
-e TZ=Europe/Rome \
-e WOPI_ENABLED=true \
-e USE_UNAUTHORIZED_STORAGE=false \
--network ocis_net \
--network cloudflare_net \
docker.io/onlyoffice/documentserver:latest
podman run -d \
--name ocis-app-office \
--restart unless-stopped \
--label "io.containers.autoupdate=image" \
--user "0" \
--entrypoint /entrypoint-override.sh \
-e PUID=1000 \
-e PGID=1000 \
-e TZ=Europe/Rome \
-e REVA_GATEWAY=ocis:9142 \
-e APP_PROVIDER_GRPC_ADDR=0.0.0.0:9164 \
-e APP_PROVIDER_EXTERNAL_ADDR=ocis-app-office:9164 \
-e APP_PROVIDER_DRIVER=wopi \
-e APP_PROVIDER_WOPI_APP_NAME=OnlyOffice \
-e APP_PROVIDER_WOPI_APP_ICON_URI=https://onlyoffice.domain.com/web-apps/apps/documenteditor/main/resources/img/favicon.ico \
-e APP_PROVIDER_WOPI_APP_URL=https://onlyoffice.domain.com \
-e APP_PROVIDER_WOPI_INSECURE=false \
-e APP_PROVIDER_WOPI_WOPI_SERVER_EXTERNAL_URL=https://wopi.domain.com \
-e APP_PROVIDER_WOPI_FOLDER_URL_BASE_URL=https://ocis.domain.com \
-v /lokal/path/to/ocis/entrypoint-override.sh:/entrypoint-override.sh:Z \
-v ocis-config:/etc/ocis \
--network ocis_net \
--network cloudflare_net \
docker.io/owncloud/ocis
Now you should be able to access your ocis.domain.com!
Document in the "Configuration" section how to connect Infinite Scale to Collabora Online, ONLYOFFICE, MS Office Online via the wopiserver
.
We introduced educational related envvars like:
LDAP_SCHOOL_SCHEMA_SCHOOL_NAME
; GRAPH_LDAP_SCHOOL_NAME_ATTRIBUTE
--> LDAP Attribute to use for the name of a school.
We should start documenting the purpose and how it differs from non educational scenarious.
search can not be started multiple times (and there is no plugin replacement), so use in HA / scaled installations is limited.
idm cannot be started multiple times. Should not be used in HA / scaled installations, but instead replaced by an LDAP server that supports HA / scaling. Even if no HA / scaling is needed, the IDM is only supported up to ~200 (??) users.
idp cannot be started multiple times. Should not be used in HA / scaled installations, but instead replaced by an OIDC provider server that supports HA / scaling. It has a bare minimum feature set (eg. you cannot easily revoke single sessions)
store cannot be started multiple times. We are still looking into removing or making the store scale, see owncloud/ocis#3913
nats cannot be started multiple times. Should not be used in HA / scaled installations, but instead replaced by an NATS installation that is HA / scaled.
see also owncloud/ocis-charts#77 (comment)
Hello 👋 ,
After landing on https://github.com/owncloud/ocis, I followed the link to https://doc.owncloud.com/ocis/next, and checked the quick start guide: https://doc.owncloud.com/ocis/next/quickguide/quickguide.html
Some admin credentials are printed, but I saw there were other demo users ("Einstein" etc), which I wanted to try, but I didn't find info about their credentials.
Searching for info about the demo users, I found that the bad discoverability has been filed as issue in the past: owncloud/ocis#1782
But its fix only adds documentation about demo users on https://owncloud.dev/ocis/getting-started/demo-users/, which is not linked or otherwise available on https://doc.owncloud.com/ocis/next not easily to find.
I would propose to add a link to the demo user doc page at the bottom of the quickguide page.
Hello 👋 ,
In the Spaces section of the architecture docs page: https://doc.owncloud.com/ocis/next/architecture/architecture.html#spaces
There's a link to https://owncloud.dev/extensions/storage/spaces/.
That page leads to a 404 Not Found error though.
I assume this one is the correct one? https://owncloud.dev/ocis/storage/spaces/
https://doc.owncloud.com/ocis/next/deployment/general/general-info.html#initialize-infinite-scale says:
The command line option --force-overwrite is only intended for developer usage. If you set this option, your config will be overwritten, your data, if any is present, will persist, but it will not be accessible anymore. This is, among other things, because the issuer (short iss part of openID Connect) will be overwritten.
A few comments on this:
ocis init
does not include any issuer information. Changing the IDP URL (external or internal one) yields the effect you describe, but not when running ocis init
.As a conclusion:
ocis init --force-overwrite
should not cause any loss of access on dataocis init
shouldn't be a regular thing for production instancesReferences: owncloud/ocis#5846
We should implement a Knowledge Base
/ FAQ
/ Q&A
The name to be decided (my favourite is knowledge base as it is open)
This document should only contain a:
Only the knowledge base document is referenced in the navigation.
The sub pages not, they are only accessible via the knowledge base (or the link if known). This keeps the main navigation compact.
Benefits:
Example image: (based on a short hack but gives an impressen on how it can look like)
Note that I have intentionally added a new top/sub section so we can add more sub sections on demand.
References: #421
@dragotin fyi
There are basic but working Kubernetes Helm Charts available.
The old page is completely outdated.
We need to implement the new HC and add the note that this is a TECH PREVIEW only.
https://github.com/owncloud/ocis-charts
https://github.com/owncloud/ocis-charts/tree/master/charts/ocis (readme)
In the helm chart we document the S3 bucket policy needed for the S3ng storage driver. We could explain a little bit more how this is done (but not dive too deep into a certain S3 implementation).
This documentation / policy is also relevant when not using Kubernetes, therefore a more general topic.
Came up in owncloud/ocis-charts#98
The web service env's have configurations for owncloud web.
owncloud web uses environment variables from the web service and/or config.json and themes.json where the envs overwrite any *.json value set if applicable. This needs documentation in the web service documentation
Referencing:
owncloud/docs-webui#48 (Make "Configuring ownCloud Web" a partial)
owncloud/docs-webui#49 (Document theming for ownCloud Web)
(more to come)
@kulmann fyi
References: owncloud/ocis#5500 (Space Trash-bin expiration cli)
The changelog contains a good description that can be reused.
JWT (Java Web Tokens) need more descriptions when it comes to OIDC. This is because managing the optional KID header can return an error like failed to verify access token: the JWT has an invalid kid: could not find kid in JWT header
. In such a case you need to set PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD=none
.
See the original issue where this came up:
ownCloud: Enable OpenID Connect Authentication and
What's the meaning of the "kid" claim in a JWT token
There are for sure more JWT examples or things that need documentation to guide customers into the right direction when setting up ocis.
owncloud/ocis#4823 (Further distinguish single host deployments from docker compose deployments)
To keep track on code changes that have doc impact
In this section of the documentation, it appears that the docker compose plugin and docker-compose executable are being convoluted. Running 'which docker-compose' would provide no output and 'sudo apt-cache policy docker-compose' would indicate it is not installed even when the docker compose plugin is installed on systems such as Debian Bullseye. Further down, it is indicated that the new 2.X (go-based) (which is the docker compose plugin versus the standalone executable) is preferred.
docker-compose:
docker compose:
Please update the documentation to differentiate between the docker-compose standalone executable and the docker compose plugin. Please update test to use the docker compose plugin syntax if that is the preferred application.
Reference:
https://docs.docker.com/compose/compose-v2/#differences-between-compose-v1-and-compose-v2
Referencing: owncloud/ocis#5730 ([tests-only] remove arm from docker releases)
Removing docker arm (32 bit)
In ocis, we have the following log levels
FATAL means that the application is about to stop a serious problem or corruption from happening. This level of logging shows that the application’s situation is catastrophic, such that an important function is not working. For example the application is unable to connect to the data store due to config errors or not able to parse the config
This is the default log level, all errors on this level are important for admins because they need to fix them. This log level is used when a severe issue is stopping functions within the application from operating correctly. Ocis logs all kind of inter service communication errors on this level because these needs to be addressed.
The WARN log level is used when ocis detects an unexpected failure during an operation. It is also used if some operations might be incomplete. It does not mean that the application has been harmed, the code should continue to work as usual. Admins should eventually check these warnings just in case the problem reoccurs.
Messages on this level are documenting the normal behavior of applications. They state what happened. These entries are purely informative to confirm that the application is working as desired. The info log level also enables the ocis Proxy to write a full access log.
This log level provides diagnostic information in a detailed manner. It is verbose and has more information than you would need when using the application. This log level is used to understand problems in the application and during reproduction of problems. This log level could put a very high load on the output device and is not recommended in production environments. You should consider enabling this level only on a single service or very few services to pinpoint issues or bugs.
It is a best practise for clients to send an X-Request-ID
header with every request. This id should be used when possible in the backend and should be added to the logging metadata.
Hey!
Thanks for fixing the documentation for the config map example but it is incorrect:
---
apiVersion: v1
kind: ConfigMap
metadata:
name: storage-users
type: Opaque
data:
# how to generate: create a UUIDv4
# example generation command: `cat /proc/sys/kernel/random/uuid`
# Only set to "1284d238-aa92-42ce-bdc4-0b0000009157" if you
# migrate an existing oCIS installation from 2.0.0-rc.1 and earlier.
storage-uuid: XXXXXXXXXXXXX
There"s no type
for ConfigMaps, Secrets have types. It must be:
---
apiVersion: v1
kind: ConfigMap
metadata:
name: storage-users
data:
# how to generate: create a UUIDv4
# example generation command: `cat /proc/sys/kernel/random/uuid`
# Only set to "1284d238-aa92-42ce-bdc4-0b0000009157" if you
# migrate an existing oCIS installation from 2.0.0-rc.1 and earlier.
storage-uuid: XXXXXXXXXXXXX
BR
panda
https://doc.owncloud.com/ocis/next/architecture/architecture.html#spaces
Quota,
Workflow,
Policies,
Ownership - dsgvo --> audit
Images and descriptions,
...
When the data folder is on he same partition than the OS/ocis, it could happen that when a ocis users filles up the space on teh filesystem, the complete system becomes unresponsible as no free space for the OS and its aplications is available.
In a similar way this is true for logs too, but needs checking.
Therefore we need to highlight and advise the admin to consider the impact of the data folder location.
@micbar fyi
Technically a personal space is a space as others are but it does not have the ability for multiple managers. Only the logged in user can be manager of the space with restrictions like not being able to set quotas.
Need to take a look if this belongs to docs-ocis
or docs-webui
or both.
Please note somewhere, that ocis does not support ARM 32 bit platforms.
Implications / example: If someone uses a raspberry pi, she / he must install Raspberry OS 64bit in order to run ocis. Raspberry Pi OS 32 Bit won't work with ocis.
this is also the reason, why we dont provide arm32 binaries for download at https://download.owncloud.com/ocis/ocis/daily/
source: owncloud/ocis#4604 (comment)
cc @dragotin
https://localhost:9200
References: owncloud/ocis#4254 (Allow providing list of services not to start)
Until now if one wanted to use a custom version of a service, one needed to provide OCIS_RUN_SERVICES
which is a list of all services to start.
Now one can provide OCIS_EXCLUDE_RUN_SERVICES
which is a list of only services not to start
Expects a comma separated list of service names.
Will start all services except of the ones listed. Has no effect when OCIS_RUN_SERVICES is set.
@kobergj fyi
https://doc.owncloud.com/ocis/next/deployment/binary/binary-setup.html#stopping-infinite-scale references ocis kill
, which was removed before 2.0.0-beta1
The OCIS docs mention that I can use an external OpenID Connect provider like Keycloak, and some of the settings for that are in the Helm section, in the example values.yml
.
One question the docs don't answer, however, is where do I put my OIDC client credentials? There's no reference to any Kubernetes secret to contain the client ID/secret, nor any environment variables to set or config files to populate. Without those credentials, requests from OCIS will be rejected by my IdP.
root@owncloud:~# OCIS_INSECURE=true IDM_CREATE_DEMO_USERS=true PROXY_HTTP_ADDR=0.0.0.0:9200 OCIS_URL=https://localhost:9200 ocis server
{"level":"error","service":"graph","error":"LDAP Result Code 200 "Network Error": dial tcp [::1]:9235: connect: connection refused","time":"2022-06-16T08:27:39Z","message":"could not get ldap Connection"}
{"level":"error","service":"graph","error":"LDAP Result Code 200 "Network Error": dial tcp [::1]:9235: connect: connection refused","time":"2022-06-16T08:27:39Z","message":"autoconnect could not get ldap Connection"}
in section https://doc.owncloud.com/ocis/next/deployment/container/orchestration/orchestration.html#docker-compose we have nonexistent link ocis individual services
cc @mmattel
https://doc.owncloud.com/ocis/next/prerequisites/prerequisites.html
TBD
As an admin I want to have a documentation and well understood and safe mechanism to backup and restore supported storage
How can I backup the storage (eg. rsync, rclone, snapshots)
Do I need to verify something (eg. extended attributes are not lost)
What order and which steps need to be performed (eg. take oCIS offline, snapshot disk, snapshot S3 bucket, take oCIS online)
No backup is no option.
Highly dependent on storage backend
As discussed with @butonic, we need to document capabilities to process/deal with metrics
See: owncloud/ocis#4571 ([owncloud/ocis] enable request tracking prometheus middleware in reva)
@wkloucek fyi
@C0rby as you have written a security doc paper, I will take that as template and add it as a own page here is the docs.
The infinite Scale single binary includes a "ready-to-use" search service. This indexes the all files metadata in ocis (file names. folder names, tags)
The search service can also index file content when admins add a third party dependency for the content parsig.
Deployment example: ocis wopi
Relevant Lines
Document what the default features of the search service are (metadata indexing)
Document what needs to be done do add content indexing
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.