Compare commits
17 Commits
0.13.2+v6.
...
main
Author | SHA1 | Date |
---|---|---|
Moritz | 078fb53d4e | |
Moritz | 1d9317c231 | |
Moritz | 94cc1db80c | |
Moritz | 17b1b99c9f | |
Moritz | b167073868 | |
Moritz | 523aefdb4a | |
Moritz | 4b71066eda | |
Moritz | f8d76d082b | |
Moritz | 41de881966 | |
Moritz | 51b24791a4 | |
iexos | aa06f74560 | |
moritz | b1609c5ef4 | |
Simon | 98d595d287 | |
Moritz | 85c09e0fab | |
3wc | 53a08095f2 | |
Philipp Rothmann | a9181c180e | |
Moritz | bc3b7a4dba |
|
@ -9,8 +9,8 @@ COMPOSE_FILE="compose.yml"
|
|||
# Set this to run mongodb in replicaset mode (needs initialisation!)
|
||||
# COMPOSE_FILE="${COMPOSE_FILE}:compose.rs.yml"
|
||||
|
||||
DOMAIN=board.${DOMAIN}
|
||||
ROOT_URL=https://board.${DOMAIN}
|
||||
DOMAIN=wekan.example.com
|
||||
ROOT_URL=https://wekan.example.com
|
||||
|
||||
DEBUG=false
|
||||
|
||||
|
@ -26,12 +26,15 @@ RICHER_CARD_COMMENT_EDITOR=false
|
|||
|
||||
# PASSWORD_LOGIN_ENABLED=false
|
||||
|
||||
# LOGO_IMG_URL=https://authentik.example.com/static/dist/assets/icons/icon_left_brand.svg
|
||||
# LOGO_LINK_URL=https://authentik.example.com
|
||||
|
||||
### OAUTH2 ###
|
||||
|
||||
OAUTH2_ENABLED=false
|
||||
# OAUTH2_LOGIN_STYLE=redirect
|
||||
# OAUTH2_CLIENT_ID=wekan
|
||||
# OAUTH2_SERVER_URL=https://sso.${DOMAIN}
|
||||
# OAUTH2_SERVER_URL=https://authentik.example.com
|
||||
# OAUTH2_AUTH_ENDPOINT=/application/o/authorize/
|
||||
# OAUTH2_USERINFO_ENDPOINT=/application/o/userinfo/
|
||||
# OAUTH2_TOKEN_ENDPOINT=/application/o/token/
|
||||
|
|
14
README.md
14
README.md
|
@ -38,4 +38,16 @@ after mongo conaintainer came up the first time run:
|
|||
```
|
||||
abra app run wekan.example.org db mongo
|
||||
> rs.initiate()
|
||||
```
|
||||
```
|
||||
|
||||
## Promote user to admin
|
||||
|
||||
If using SSO, it might happen that there is no admin user. If so, you can fix it manually in the database:
|
||||
|
||||
```
|
||||
$ abra app run <app-name> db bash
|
||||
# mongo
|
||||
> use wekan
|
||||
> db.users.find({'username': '<your username>'})
|
||||
> db.users.updateOne({'_id': '<_id from result above>'}, {$set: {'isAdmin': true}})
|
||||
```
|
||||
|
|
24
abra.sh
24
abra.sh
|
@ -1 +1,25 @@
|
|||
export ENTRYPOINT_VERSION=v2
|
||||
|
||||
set_settings(){
|
||||
mongosh wekan --eval '
|
||||
db.settings.updateOne(
|
||||
{},
|
||||
{
|
||||
$set: {
|
||||
"disableForgotPassword": true,
|
||||
"displayAuthenticationMethod" : false,
|
||||
"disableRegistration" : true,
|
||||
"customTopLeftCornerLogoImageUrl": "'$LOGO_IMG_URL'",
|
||||
"customTopLeftCornerLogoLinkUrl": "'$LOGO_LINK_URL'",
|
||||
}
|
||||
}
|
||||
)'
|
||||
}
|
||||
|
||||
show_mongo_version (){
|
||||
mongosh --eval 'db.adminCommand( { getParameter: 1, featureCompatibilityVersion: 1 } )'
|
||||
}
|
||||
|
||||
update_mongo_version (){
|
||||
mongosh --eval 'db.adminCommand( { setFeatureCompatibilityVersion: "5.0" } )'
|
||||
}
|
||||
|
|
|
@ -0,0 +1,20 @@
|
|||
authentik:
|
||||
env:
|
||||
OAUTH2_ENABLED: "true"
|
||||
OAUTH2_SERVER_URL: https://authentik.example.com
|
||||
# TODO: set CLIENT_ID as secret
|
||||
OAUTH2_CLIENT_ID: wekan
|
||||
uncomment:
|
||||
- OAUTH2_LOGIN_STYLE
|
||||
- OAUTH2_AUTH_ENDPOINT
|
||||
- OAUTH2_USERINFO_ENDPOINT
|
||||
- OAUTH2_TOKEN_ENDPOINT
|
||||
- OAUTH2_REQUEST_PERMISSIONS
|
||||
- OAUTH2_ID_MAP
|
||||
- OAUTH2_USERNAME_MAP
|
||||
- OAUTH2_FULLNAME_MAP
|
||||
- OAUTH2_EMAIL_MAP
|
||||
- PROPAGATE_OIDC_DATA
|
||||
- OIDC_REDIRECTION_ENABLED
|
||||
shared_secrets:
|
||||
wekan_secret: oauth2_secret
|
32
compose.yml
32
compose.yml
|
@ -1,14 +1,18 @@
|
|||
version: '3.8'
|
||||
services:
|
||||
db:
|
||||
image: mongo:5.0
|
||||
image: mongo:6.0
|
||||
environment:
|
||||
- LOGO_IMG_URL
|
||||
- LOGO_LINK_URL
|
||||
command: mongod --oplogSize 128 --quiet
|
||||
volumes:
|
||||
- wekan-db:/data/db
|
||||
- wekan-db-dump:/dump
|
||||
networks:
|
||||
- internal
|
||||
healthcheck:
|
||||
test: echo 'db.runCommand("ping").ok' | mongo localhost:27017/test --quiet
|
||||
test: echo 'db.runCommand("ping").ok' | mongosh localhost:27017/test --quiet
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 10
|
||||
|
@ -21,9 +25,10 @@ services:
|
|||
backupbot.backup.path: "/data/db/wekan.db"
|
||||
|
||||
app:
|
||||
image: quay.io/wekan/wekan:v6.81
|
||||
image: quay.io/wekan/wekan:v7.50
|
||||
environment:
|
||||
- MONGO_URL=mongodb://db:27017/wekan
|
||||
- NODE_OPTIONS="--max_old_space_size=4096"
|
||||
- DOMAIN
|
||||
- ROOT_URL
|
||||
- DEBUG
|
||||
|
@ -51,22 +56,25 @@ services:
|
|||
- DEFAULT_AUTHENTICATION_METHOD
|
||||
- PROPAGATE_OIDC_DATA
|
||||
- OIDC_REDIRECTION_ENABLED
|
||||
- WRITABLE_PATH=/data
|
||||
volumes:
|
||||
- wekan-files:/data:rw
|
||||
networks:
|
||||
- internal
|
||||
- proxy
|
||||
depends_on:
|
||||
- db
|
||||
healthcheck:
|
||||
test: node /build/healthcheck.js # no curl for healthcheck in wekan container
|
||||
test: bash /build/healthcheck.sh
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 10
|
||||
start_period: 1m
|
||||
start_period: 3m
|
||||
secrets:
|
||||
- oauth2_secret
|
||||
configs:
|
||||
- source: healthcheck_js
|
||||
target: /build/healthcheck.js
|
||||
- source: healthcheck_sh
|
||||
target: /build/healthcheck.sh
|
||||
mode: 0555
|
||||
- source: entrypoint
|
||||
target: /home/wekan/app/docker-entrypoint.sh
|
||||
|
@ -83,11 +91,13 @@ services:
|
|||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
|
||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
- "coop-cloud.${STACK_NAME}.version=0.13.2+v6.81"
|
||||
- "coop-cloud.${STACK_NAME}.version=3.0.0+v7.50"
|
||||
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
||||
|
||||
volumes:
|
||||
wekan-db:
|
||||
wekan-db-dump:
|
||||
wekan-files:
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
|
@ -95,9 +105,9 @@ networks:
|
|||
internal:
|
||||
|
||||
configs:
|
||||
healthcheck_js:
|
||||
name: ${STACK_NAME}_healthcheck_js
|
||||
file: healthcheck.js
|
||||
healthcheck_sh:
|
||||
name: ${STACK_NAME}_healthcheck_sh
|
||||
file: healthcheck.sh
|
||||
entrypoint:
|
||||
name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
|
||||
file: entrypoint.sh.tmpl
|
||||
|
|
|
@ -1,23 +0,0 @@
|
|||
const http = require('http');
|
||||
const options = {
|
||||
host: '0.0.0.0',
|
||||
port: 8080,
|
||||
timeout: 2000
|
||||
};
|
||||
|
||||
const healthCheck = http.request(options, (res) => {
|
||||
console.log(`HEALTHCHECK STATUS: ${res.statusCode}`);
|
||||
if (res.statusCode == 200) {
|
||||
process.exit(0);
|
||||
}
|
||||
else {
|
||||
process.exit(1);
|
||||
}
|
||||
});
|
||||
|
||||
healthCheck.on('error', function (err) {
|
||||
console.error('ERROR');
|
||||
process.exit(1);
|
||||
});
|
||||
|
||||
healthCheck.end();
|
|
@ -0,0 +1,87 @@
|
|||
#!/bin/sh
|
||||
|
||||
printf "GET / HTTP/1.1\n\n" > /dev/tcp/127.0.0.1/8080
|
||||
if [ $? != 0 ]; then
|
||||
echo "Webservice not accessible"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
CPU_USAGE_THRESHOLD=100.0
|
||||
|
||||
PID=$(pidof node)
|
||||
if [ -z "$PID" ]; then
|
||||
echo "Node.js process not running."
|
||||
exit 1
|
||||
fi
|
||||
STATE_FILE="/tmp/cpu_usage_state_$PID"
|
||||
|
||||
# Function to get total CPU time
|
||||
get_total_cpu_time() {
|
||||
cat /proc/stat | grep '^cpu ' | awk '{sum=0; for(i=2;i<=NF;i++) sum += $i; print sum;}'
|
||||
}
|
||||
|
||||
# Function to get process CPU time
|
||||
get_process_cpu_time() {
|
||||
cat /proc/$PID/stat | awk '{print $14+$15}' # Only user and system time
|
||||
}
|
||||
|
||||
# Function to get the number of CPUs
|
||||
get_cpu_count() {
|
||||
grep -c '^processor' /proc/cpuinfo
|
||||
}
|
||||
|
||||
# Main script
|
||||
if [ -z "$PID" ]; then
|
||||
echo "Usage: $0 <pid>"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Check if the process directory exists
|
||||
if [ ! -d "/proc/$PID" ]; then
|
||||
echo "Process with PID $PID does not exist."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Get current CPU times
|
||||
current_total=$(get_total_cpu_time)
|
||||
current_process=$(get_process_cpu_time $PID)
|
||||
|
||||
# Check for previous state
|
||||
if [ -f "$STATE_FILE" ]; then
|
||||
# Read previous state
|
||||
read prev_total prev_process < "$STATE_FILE"
|
||||
|
||||
# Calculate the CPU usage
|
||||
delta_total=$((current_total - prev_total))
|
||||
delta_process=$((current_process - prev_process))
|
||||
CPU_COUNT=$(get_cpu_count)
|
||||
|
||||
# Normalize CPU usage across all CPUs and calculate percentage
|
||||
if [ $delta_total -gt 0 ]; then # To avoid division by zero
|
||||
CPU_USAGE=$(awk -v delta_process="$delta_process" -v delta_total="$delta_total" -v cpu_count="$CPU_COUNT" \
|
||||
'BEGIN {printf "%.2f", (delta_process / delta_total) * 100 * cpu_count}')
|
||||
awk -v usage="$CPU_USAGE" -v threshold="$CPU_USAGE_THRESHOLD" '
|
||||
BEGIN {
|
||||
if (usage > threshold) {
|
||||
print "High CPU usage: " usage "% (Threshold: " threshold "%)";
|
||||
exit 1; # Exit with status 1 for high usage
|
||||
} else {
|
||||
print "CPU usage within limits: " usage "%";
|
||||
exit 0; # Normal exit status
|
||||
}
|
||||
}'
|
||||
EXIT_STATUS=$?
|
||||
else
|
||||
echo "No enough data to calculate CPU usage. Please try again."
|
||||
fi
|
||||
else
|
||||
echo "No previous data found. Run the script later to get CPU usage."
|
||||
fi
|
||||
|
||||
# Save current state
|
||||
echo "$current_total $current_process" > "$STATE_FILE"
|
||||
|
||||
if [ $EXIT_STATUS -ne 0 ]; then
|
||||
echo "Exiting due to high CPU usage."
|
||||
exit $EXIT_STATUS
|
||||
fi
|
|
@ -0,0 +1,7 @@
|
|||
Breaking Change: Update MongoDB from version 5.0 to 6.0.
|
||||
========================================================
|
||||
|
||||
Before updating:
|
||||
|
||||
Run `abra app cmd <app_domaon> db show_mongo_version` to check if the featureCompatibilityVersion is above 5.0 !
|
||||
Run `abra app cmd <app_domaon> db update_mongo_version` to set featureCompatibilityVersion to version 5.0
|
Loading…
Reference in New Issue