Compare commits
22 Commits
0.13.1+v6.
...
main
Author | SHA1 | Date |
---|---|---|
Moritz | 078fb53d4e | |
Moritz | 1d9317c231 | |
Moritz | 94cc1db80c | |
Moritz | 17b1b99c9f | |
Moritz | b167073868 | |
Moritz | 523aefdb4a | |
Moritz | 4b71066eda | |
Moritz | f8d76d082b | |
Moritz | 41de881966 | |
Moritz | 51b24791a4 | |
iexos | aa06f74560 | |
moritz | b1609c5ef4 | |
Simon | 98d595d287 | |
Moritz | 85c09e0fab | |
3wc | 53a08095f2 | |
Philipp Rothmann | a9181c180e | |
Moritz | bc3b7a4dba | |
Philipp Rothmann | d7a3f874c9 | |
Philipp Rothmann | 9b84875ea0 | |
Philipp Rothmann | 16753c808a | |
Philipp Rothmann | 16b48136e7 | |
Philipp Rothmann | 083310a964 |
|
@ -9,8 +9,8 @@ COMPOSE_FILE="compose.yml"
|
||||||
# Set this to run mongodb in replicaset mode (needs initialisation!)
|
# Set this to run mongodb in replicaset mode (needs initialisation!)
|
||||||
# COMPOSE_FILE="${COMPOSE_FILE}:compose.rs.yml"
|
# COMPOSE_FILE="${COMPOSE_FILE}:compose.rs.yml"
|
||||||
|
|
||||||
DOMAIN=board.${DOMAIN}
|
DOMAIN=wekan.example.com
|
||||||
ROOT_URL=https://board.${DOMAIN}
|
ROOT_URL=https://wekan.example.com
|
||||||
|
|
||||||
DEBUG=false
|
DEBUG=false
|
||||||
|
|
||||||
|
@ -26,12 +26,15 @@ RICHER_CARD_COMMENT_EDITOR=false
|
||||||
|
|
||||||
# PASSWORD_LOGIN_ENABLED=false
|
# PASSWORD_LOGIN_ENABLED=false
|
||||||
|
|
||||||
|
# LOGO_IMG_URL=https://authentik.example.com/static/dist/assets/icons/icon_left_brand.svg
|
||||||
|
# LOGO_LINK_URL=https://authentik.example.com
|
||||||
|
|
||||||
### OAUTH2 ###
|
### OAUTH2 ###
|
||||||
|
|
||||||
OAUTH2_ENABLED=false
|
OAUTH2_ENABLED=false
|
||||||
# OAUTH2_LOGIN_STYLE=redirect
|
# OAUTH2_LOGIN_STYLE=redirect
|
||||||
# OAUTH2_CLIENT_ID=wekan
|
# OAUTH2_CLIENT_ID=wekan
|
||||||
# OAUTH2_SERVER_URL=https://sso.${DOMAIN}
|
# OAUTH2_SERVER_URL=https://authentik.example.com
|
||||||
# OAUTH2_AUTH_ENDPOINT=/application/o/authorize/
|
# OAUTH2_AUTH_ENDPOINT=/application/o/authorize/
|
||||||
# OAUTH2_USERINFO_ENDPOINT=/application/o/userinfo/
|
# OAUTH2_USERINFO_ENDPOINT=/application/o/userinfo/
|
||||||
# OAUTH2_TOKEN_ENDPOINT=/application/o/token/
|
# OAUTH2_TOKEN_ENDPOINT=/application/o/token/
|
||||||
|
|
12
README.md
12
README.md
|
@ -39,3 +39,15 @@ after mongo conaintainer came up the first time run:
|
||||||
abra app run wekan.example.org db mongo
|
abra app run wekan.example.org db mongo
|
||||||
> rs.initiate()
|
> rs.initiate()
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Promote user to admin
|
||||||
|
|
||||||
|
If using SSO, it might happen that there is no admin user. If so, you can fix it manually in the database:
|
||||||
|
|
||||||
|
```
|
||||||
|
$ abra app run <app-name> db bash
|
||||||
|
# mongo
|
||||||
|
> use wekan
|
||||||
|
> db.users.find({'username': '<your username>'})
|
||||||
|
> db.users.updateOne({'_id': '<_id from result above>'}, {$set: {'isAdmin': true}})
|
||||||
|
```
|
||||||
|
|
25
abra.sh
25
abra.sh
|
@ -1,2 +1,25 @@
|
||||||
export SECRET_OAUTH2_SECRET_VERSION=v1
|
|
||||||
export ENTRYPOINT_VERSION=v2
|
export ENTRYPOINT_VERSION=v2
|
||||||
|
|
||||||
|
set_settings(){
|
||||||
|
mongosh wekan --eval '
|
||||||
|
db.settings.updateOne(
|
||||||
|
{},
|
||||||
|
{
|
||||||
|
$set: {
|
||||||
|
"disableForgotPassword": true,
|
||||||
|
"displayAuthenticationMethod" : false,
|
||||||
|
"disableRegistration" : true,
|
||||||
|
"customTopLeftCornerLogoImageUrl": "'$LOGO_IMG_URL'",
|
||||||
|
"customTopLeftCornerLogoLinkUrl": "'$LOGO_LINK_URL'",
|
||||||
|
}
|
||||||
|
}
|
||||||
|
)'
|
||||||
|
}
|
||||||
|
|
||||||
|
show_mongo_version (){
|
||||||
|
mongosh --eval 'db.adminCommand( { getParameter: 1, featureCompatibilityVersion: 1 } )'
|
||||||
|
}
|
||||||
|
|
||||||
|
update_mongo_version (){
|
||||||
|
mongosh --eval 'db.adminCommand( { setFeatureCompatibilityVersion: "5.0" } )'
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,20 @@
|
||||||
|
authentik:
|
||||||
|
env:
|
||||||
|
OAUTH2_ENABLED: "true"
|
||||||
|
OAUTH2_SERVER_URL: https://authentik.example.com
|
||||||
|
# TODO: set CLIENT_ID as secret
|
||||||
|
OAUTH2_CLIENT_ID: wekan
|
||||||
|
uncomment:
|
||||||
|
- OAUTH2_LOGIN_STYLE
|
||||||
|
- OAUTH2_AUTH_ENDPOINT
|
||||||
|
- OAUTH2_USERINFO_ENDPOINT
|
||||||
|
- OAUTH2_TOKEN_ENDPOINT
|
||||||
|
- OAUTH2_REQUEST_PERMISSIONS
|
||||||
|
- OAUTH2_ID_MAP
|
||||||
|
- OAUTH2_USERNAME_MAP
|
||||||
|
- OAUTH2_FULLNAME_MAP
|
||||||
|
- OAUTH2_EMAIL_MAP
|
||||||
|
- PROPAGATE_OIDC_DATA
|
||||||
|
- OIDC_REDIRECTION_ENABLED
|
||||||
|
shared_secrets:
|
||||||
|
wekan_secret: oauth2_secret
|
40
compose.yml
40
compose.yml
|
@ -1,14 +1,18 @@
|
||||||
version: '3.8'
|
version: '3.8'
|
||||||
services:
|
services:
|
||||||
db:
|
db:
|
||||||
image: mongo:5.0
|
image: mongo:6.0
|
||||||
command: mongod --logpath /dev/null --oplogSize 128 --quiet
|
environment:
|
||||||
|
- LOGO_IMG_URL
|
||||||
|
- LOGO_LINK_URL
|
||||||
|
command: mongod --oplogSize 128 --quiet
|
||||||
volumes:
|
volumes:
|
||||||
- wekan-db:/data/db
|
- wekan-db:/data/db
|
||||||
|
- wekan-db-dump:/dump
|
||||||
networks:
|
networks:
|
||||||
- internal
|
- internal
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: echo 'db.runCommand("ping").ok' | mongo localhost:27017/test --quiet
|
test: echo 'db.runCommand("ping").ok' | mongosh localhost:27017/test --quiet
|
||||||
interval: 30s
|
interval: 30s
|
||||||
timeout: 10s
|
timeout: 10s
|
||||||
retries: 10
|
retries: 10
|
||||||
|
@ -16,14 +20,15 @@ services:
|
||||||
deploy:
|
deploy:
|
||||||
labels:
|
labels:
|
||||||
backupbot.backup: "true"
|
backupbot.backup: "true"
|
||||||
backupbot.backup.pre-hook: "mkdir /tmp/backup/ && mongodump --archive=/tmp/backup/wekan.db"
|
backupbot.backup.pre-hook: "mongodump --archive=/data/db/wekan.db"
|
||||||
backupbot.backup.post-hook: "rm -rf /tmp/backup"
|
backupbot.backup.post-hook: "rm -rf /data/db/wekan.db"
|
||||||
backupbot.backup.path: "/tmp/backup/"
|
backupbot.backup.path: "/data/db/wekan.db"
|
||||||
|
|
||||||
app:
|
app:
|
||||||
image: quay.io/wekan/wekan:v6.81
|
image: quay.io/wekan/wekan:v7.50
|
||||||
environment:
|
environment:
|
||||||
- MONGO_URL=mongodb://db:27017/wekan
|
- MONGO_URL=mongodb://db:27017/wekan
|
||||||
|
- NODE_OPTIONS="--max_old_space_size=4096"
|
||||||
- DOMAIN
|
- DOMAIN
|
||||||
- ROOT_URL
|
- ROOT_URL
|
||||||
- DEBUG
|
- DEBUG
|
||||||
|
@ -51,22 +56,25 @@ services:
|
||||||
- DEFAULT_AUTHENTICATION_METHOD
|
- DEFAULT_AUTHENTICATION_METHOD
|
||||||
- PROPAGATE_OIDC_DATA
|
- PROPAGATE_OIDC_DATA
|
||||||
- OIDC_REDIRECTION_ENABLED
|
- OIDC_REDIRECTION_ENABLED
|
||||||
|
- WRITABLE_PATH=/data
|
||||||
|
volumes:
|
||||||
|
- wekan-files:/data:rw
|
||||||
networks:
|
networks:
|
||||||
- internal
|
- internal
|
||||||
- proxy
|
- proxy
|
||||||
depends_on:
|
depends_on:
|
||||||
- db
|
- db
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: node /build/healthcheck.js # no curl for healthcheck in wekan container
|
test: bash /build/healthcheck.sh
|
||||||
interval: 30s
|
interval: 30s
|
||||||
timeout: 10s
|
timeout: 10s
|
||||||
retries: 10
|
retries: 10
|
||||||
start_period: 1m
|
start_period: 3m
|
||||||
secrets:
|
secrets:
|
||||||
- oauth2_secret
|
- oauth2_secret
|
||||||
configs:
|
configs:
|
||||||
- source: healthcheck_js
|
- source: healthcheck_sh
|
||||||
target: /build/healthcheck.js
|
target: /build/healthcheck.sh
|
||||||
mode: 0555
|
mode: 0555
|
||||||
- source: entrypoint
|
- source: entrypoint
|
||||||
target: /home/wekan/app/docker-entrypoint.sh
|
target: /home/wekan/app/docker-entrypoint.sh
|
||||||
|
@ -83,11 +91,13 @@ services:
|
||||||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
|
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
|
||||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||||
- "coop-cloud.${STACK_NAME}.version=0.13.1+v6.81"
|
- "coop-cloud.${STACK_NAME}.version=3.0.0+v7.50"
|
||||||
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
wekan-db:
|
wekan-db:
|
||||||
|
wekan-db-dump:
|
||||||
|
wekan-files:
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
proxy:
|
proxy:
|
||||||
|
@ -95,9 +105,9 @@ networks:
|
||||||
internal:
|
internal:
|
||||||
|
|
||||||
configs:
|
configs:
|
||||||
healthcheck_js:
|
healthcheck_sh:
|
||||||
name: ${STACK_NAME}_healthcheck_js
|
name: ${STACK_NAME}_healthcheck_sh
|
||||||
file: healthcheck.js
|
file: healthcheck.sh
|
||||||
entrypoint:
|
entrypoint:
|
||||||
name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
|
name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
|
||||||
file: entrypoint.sh.tmpl
|
file: entrypoint.sh.tmpl
|
||||||
|
|
|
@ -1,23 +0,0 @@
|
||||||
const http = require('http');
|
|
||||||
const options = {
|
|
||||||
host: '0.0.0.0',
|
|
||||||
port: 8080,
|
|
||||||
timeout: 2000
|
|
||||||
};
|
|
||||||
|
|
||||||
const healthCheck = http.request(options, (res) => {
|
|
||||||
console.log(`HEALTHCHECK STATUS: ${res.statusCode}`);
|
|
||||||
if (res.statusCode == 200) {
|
|
||||||
process.exit(0);
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
process.exit(1);
|
|
||||||
}
|
|
||||||
});
|
|
||||||
|
|
||||||
healthCheck.on('error', function (err) {
|
|
||||||
console.error('ERROR');
|
|
||||||
process.exit(1);
|
|
||||||
});
|
|
||||||
|
|
||||||
healthCheck.end();
|
|
|
@ -0,0 +1,87 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
printf "GET / HTTP/1.1\n\n" > /dev/tcp/127.0.0.1/8080
|
||||||
|
if [ $? != 0 ]; then
|
||||||
|
echo "Webservice not accessible"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
CPU_USAGE_THRESHOLD=100.0
|
||||||
|
|
||||||
|
PID=$(pidof node)
|
||||||
|
if [ -z "$PID" ]; then
|
||||||
|
echo "Node.js process not running."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
STATE_FILE="/tmp/cpu_usage_state_$PID"
|
||||||
|
|
||||||
|
# Function to get total CPU time
|
||||||
|
get_total_cpu_time() {
|
||||||
|
cat /proc/stat | grep '^cpu ' | awk '{sum=0; for(i=2;i<=NF;i++) sum += $i; print sum;}'
|
||||||
|
}
|
||||||
|
|
||||||
|
# Function to get process CPU time
|
||||||
|
get_process_cpu_time() {
|
||||||
|
cat /proc/$PID/stat | awk '{print $14+$15}' # Only user and system time
|
||||||
|
}
|
||||||
|
|
||||||
|
# Function to get the number of CPUs
|
||||||
|
get_cpu_count() {
|
||||||
|
grep -c '^processor' /proc/cpuinfo
|
||||||
|
}
|
||||||
|
|
||||||
|
# Main script
|
||||||
|
if [ -z "$PID" ]; then
|
||||||
|
echo "Usage: $0 <pid>"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check if the process directory exists
|
||||||
|
if [ ! -d "/proc/$PID" ]; then
|
||||||
|
echo "Process with PID $PID does not exist."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Get current CPU times
|
||||||
|
current_total=$(get_total_cpu_time)
|
||||||
|
current_process=$(get_process_cpu_time $PID)
|
||||||
|
|
||||||
|
# Check for previous state
|
||||||
|
if [ -f "$STATE_FILE" ]; then
|
||||||
|
# Read previous state
|
||||||
|
read prev_total prev_process < "$STATE_FILE"
|
||||||
|
|
||||||
|
# Calculate the CPU usage
|
||||||
|
delta_total=$((current_total - prev_total))
|
||||||
|
delta_process=$((current_process - prev_process))
|
||||||
|
CPU_COUNT=$(get_cpu_count)
|
||||||
|
|
||||||
|
# Normalize CPU usage across all CPUs and calculate percentage
|
||||||
|
if [ $delta_total -gt 0 ]; then # To avoid division by zero
|
||||||
|
CPU_USAGE=$(awk -v delta_process="$delta_process" -v delta_total="$delta_total" -v cpu_count="$CPU_COUNT" \
|
||||||
|
'BEGIN {printf "%.2f", (delta_process / delta_total) * 100 * cpu_count}')
|
||||||
|
awk -v usage="$CPU_USAGE" -v threshold="$CPU_USAGE_THRESHOLD" '
|
||||||
|
BEGIN {
|
||||||
|
if (usage > threshold) {
|
||||||
|
print "High CPU usage: " usage "% (Threshold: " threshold "%)";
|
||||||
|
exit 1; # Exit with status 1 for high usage
|
||||||
|
} else {
|
||||||
|
print "CPU usage within limits: " usage "%";
|
||||||
|
exit 0; # Normal exit status
|
||||||
|
}
|
||||||
|
}'
|
||||||
|
EXIT_STATUS=$?
|
||||||
|
else
|
||||||
|
echo "No enough data to calculate CPU usage. Please try again."
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "No previous data found. Run the script later to get CPU usage."
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Save current state
|
||||||
|
echo "$current_total $current_process" > "$STATE_FILE"
|
||||||
|
|
||||||
|
if [ $EXIT_STATUS -ne 0 ]; then
|
||||||
|
echo "Exiting due to high CPU usage."
|
||||||
|
exit $EXIT_STATUS
|
||||||
|
fi
|
|
@ -0,0 +1,7 @@
|
||||||
|
Breaking Change: Update MongoDB from version 5.0 to 6.0.
|
||||||
|
========================================================
|
||||||
|
|
||||||
|
Before updating:
|
||||||
|
|
||||||
|
Run `abra app cmd <app_domaon> db show_mongo_version` to check if the featureCompatibilityVersion is above 5.0 !
|
||||||
|
Run `abra app cmd <app_domaon> db update_mongo_version` to set featureCompatibilityVersion to version 5.0
|
Loading…
Reference in New Issue