add fix_permission function

.drone.yml

@@ -32,7 +32,7 @@ steps:
         from_secret: drone_abra-bot_token
       fork: true
       repositories:
-        - coop-cloud/auto-recipes-catalogue-json
+        - toolshed/auto-recipes-catalogue-json
 
 trigger:
   event: tag

.env.sample

@@ -2,6 +2,7 @@ TYPE=zammad
 
 DOMAIN=zammad.example.com
 TIMEOUT=600
+ENABLE_BACKUPS=true
 
 ## Domain aliases
 #EXTRA_DOMAINS=', `www.zammad.example.com`'
@@ -28,7 +29,7 @@ SMTP_PORT=465
 ## SAML SSO ##
 #SSO_PROVIDER_DOMAIN=authentik.example.com
 #IDP_SSO_TARGET_URL=https://authentik.example.com/application/saml/zammad/sso/binding/init/
-#IDP_SLO_SERVICE_URL=https://authentik.example.com/application/saml/zammad/slo/binding/redirect/
+#IDP_SLO_SERVICE_URL=https://zammad.example.com/auth/saml/slo
 
 
 ## Zammad internal backups

abra.sh

@@ -1,30 +1,29 @@
 export ENTRYPOINT_VERSION=v2
 export AUTO_WIZARD_VERSION=v2
-export PG_BACKUP_VERSION=v1
+export PG_BACKUP_VERSION=v2
 
 get_setting_changes() {
-    /custom-entrypoint.sh "rails r 'puts JSON.pretty_generate(JSON.parse(Setting.all.select{ |setting| setting.state_current != setting.state_initial }.map { |setting| {name: setting.name, value: setting.state_current[\""value\""]} } .to_json))'"
+  /custom-entrypoint.sh "rails r 'puts JSON.pretty_generate(JSON.parse(Setting.all.select{ |setting| setting.state_current != setting.state_initial }.map { |setting| {name: setting.name, value: setting.state_current[\""value\""]} } .to_json))'"
 }
 
 console() {
-    /custom-entrypoint.sh "rails c"
+  /custom-entrypoint.sh "rails c"
 }
 
-
 rails_run() {
-    COMMAND="rails r \"$@\""
-    /custom-entrypoint.sh "$COMMAND"
+  COMMAND="rails r \"$@\""
+  /custom-entrypoint.sh "$COMMAND"
 }
 
 init() {
-    cp -f /opt/zammad/contrib/auto_wizard.json /tmp/auto_wizard.json
-    /custom-entrypoint.sh "rails zammad:setup:auto_wizard[/tmp/auto_wizard.json]"
+  cp -f /opt/zammad/contrib/auto_wizard.json /tmp/auto_wizard.json
+  /custom-entrypoint.sh "rails zammad:setup:auto_wizard[/tmp/auto_wizard.json]"
 }
 
 enable_authentik_sso() {
-    ADMIN_UID=$(abra app cmd -T $SSO_PROVIDER_DOMAIN worker get_user_uid akadmin)
-    CERT=$(abra app cmd -T $SSO_PROVIDER_DOMAIN worker get_certificate zammad)
-    COMMAND="
+  ADMIN_UID=$(abra app cmd -T $SSO_PROVIDER_DOMAIN worker get_user_uid akadmin)
+  CERT=$(abra app cmd -T $SSO_PROVIDER_DOMAIN worker get_certificate zammad)
+  COMMAND="
     (u = User.find_by(login: 'admin')) && (u.login='$ADMIN_UID') && u.save!;
     Setting.set('auth_saml', true);
     Setting.set('auth_third_party_auto_link_at_inital_login', true);
@@ -36,18 +35,26 @@ enable_authentik_sso() {
         'idp_cert_fingerprint'=>'',
         'name_identifier_format'=>'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'})
     "
-    abra app cmd -T $DOMAIN zammad-railsserver rails_run "$(printf "%q " $COMMAND )"
+  abra app cmd -T $DOMAIN zammad-railsserver rails_run "$(printf "%q " $COMMAND)"
 }
 
 set_logo() {
-    LOGO_PATH="$1"
-    abra app cp "$APP_NAME" "$LOGO_PATH" zammad-railsserver:/tmp/
-    filename="$(basename "$LOGO_PATH")"
-    COMMAND="
+  LOGO_PATH="$1"
+  abra app cp "$APP_NAME" "$LOGO_PATH" zammad-railsserver:/tmp/
+  filename="$(basename "$LOGO_PATH")"
+  COMMAND="
     logo_path = '/tmp/$filename';
     logo_content = File.open(logo_path, 'rb') { |file| file.read };
     logo_timestamp = Service::SystemAssets::ProductLogo.store(logo_content);
     Setting.set('product_logo', logo_timestamp);
     "
-    abra app cmd -T $DOMAIN zammad-railsserver rails_run "$(printf "%q " $COMMAND )"
+  abra app cmd -T $DOMAIN zammad-railsserver rails_run "$(printf "%q " $COMMAND)"
+}
+
+fix_permissions() {
+  i=0
+  while ! abra app run -t -u 0 $DOMAIN zammad-elasticsearch -- chown elasticsearch -Rv /usr/share/elasticsearch/data && [[ $i -lt 30 ]]; do
+    ((i++))
+    sleep 1
+  done
 }

compose.backup.yml

@@ -1,7 +1,7 @@
 version: "3.8"
 services:
   zammad-backup:
-    image: ghcr.io/zammad/zammad:6.3.1-95
+    image: ghcr.io/zammad/zammad:6.5.0-34
     command: ["zammad-backup"]
     volumes:
       - zammad-backup:/var/tmp/zammad

compose.yml

@@ -24,6 +24,8 @@ x-shared:
       ELASTICSEARCH_NAMESPACE:
       ELASTICSEARCH_REINDEX:
       ELASTICSEARCH_SSL_VERIFY:
+      ELASTICSEARCH_USER:
+      ELASTICSEARCH_PASS:
       NGINX_PORT:
       NGINX_SERVER_NAME:
       NGINX_SERVER_SCHEME: https
@@ -43,7 +45,7 @@ x-shared:
       SSO_PROVIDER_DOMAIN:
       IDP_SSO_TARGET_URL:
       IDP_SLO_SERVICE_URL:
-    image: ghcr.io/zammad/zammad:6.3.1-95
+    image: ghcr.io/zammad/zammad:6.5.0-34
     deploy:
       restart_policy:
         condition: on-failure
@@ -55,11 +57,11 @@ x-shared:
       - zammad-redis
     entrypoint: /custom-entrypoint.sh
     configs:
-        - source: entrypoint
-          target: /custom-entrypoint.sh
-          mode: 0555
-        - source: auto_wizard
-          target: /opt/zammad/contrib/auto_wizard.json
+      - source: entrypoint
+        target: /custom-entrypoint.sh
+        mode: 0555
+      - source: auto_wizard
+        target: /opt/zammad/contrib/auto_wizard.json
     secrets:
       - db_password
       - smtp_password
@@ -67,7 +69,7 @@ x-shared:
 
 services:
   zammad-elasticsearch:
-    image: bitnami/elasticsearch:8.14.3
+    image: elasticsearch:8.18.0
     deploy:
       restart_policy:
         condition: on-failure
@@ -77,16 +79,18 @@ services:
         reservations:
           memory: 2G
     volumes:
-      - elasticsearch-data:/bitnami/elasticsearch/data
+      - elasticsearch-data:/usr/share/elasticsearch/data
     environment:
-      - discovery.type=single-node
+      discovery.type: single-node
+      xpack.security.enabled: 'false'
+      ES_JAVA_OPTS: -Xms1g -Xmx1g
     healthcheck:
-      test: "/opt/bitnami/scripts/elasticsearch/healthcheck.sh"
+      #test: TODO
       interval: 30s
       timeout: 10s
       retries: 10
       start_period: 5m
-  
+
   zammad-init:
     <<: *zammad-service
     command: ["zammad-init"]
@@ -96,7 +100,7 @@ services:
 
   zammad-memcached:
     command: memcached -m 256M
-    image: memcached:1.6.29-alpine
+    image: memcached:1.6.38-alpine
     healthcheck:
       test: 'echo "version" | nc -vn -w 1 127.0.0.1 11211'
       interval: 30s
@@ -130,7 +134,7 @@ services:
         - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
         - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
         - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
-        - "coop-cloud.${STACK_NAME}.version=1.0.5+6.3.1-95"
+        - "coop-cloud.${STACK_NAME}.version=3.0.0+6.5.0-34"
         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost:8080"]
@@ -149,18 +153,18 @@ services:
       restart_policy:
         condition: on-failure
       labels:
-        backupbot.backup: "true"
+        backupbot.backup: "${ENABLE_BACKUPS:-true}"
         backupbot.backup.pre-hook: "/pg_backup.sh backup"
         backupbot.backup.volumes.postgresql-data.path: "backup.sql"
-        backupbot.restore.post-hook: '/pg_backup.sh restore'
+        backupbot.restore.post-hook: "/pg_backup.sh restore"
         backupbot.backup.volumes.elasticsearch-data: "false"
         backupbot.backup.volumes.redis-data: "false"
     volumes:
       - postgresql-data:/var/lib/postgresql/data
     configs:
-        - source: pg_backup
-          target: /pg_backup.sh
-          mode: 0555
+      - source: pg_backup
+        target: /pg_backup.sh
+        mode: 0555
     secrets:
       - db_password
     healthcheck:
@@ -180,9 +184,8 @@ services:
       retries: 10
       start_period: 5m
 
-
   zammad-redis:
-    image: redis:7.2.5-alpine
+    image: redis:7.4.3-alpine
     deploy:
       restart_policy:
         condition: on-failure
@@ -199,7 +202,7 @@ services:
     <<: *zammad-service
     command: ["zammad-scheduler"]
     healthcheck:
-      test: 'ps x | grep "[b]ackground-worker.rb"'
+      test: 'grep -a "background-worker.rb" -r /proc/[0-9]*/cmdline'
       interval: 30s
       timeout: 10s
       retries: 10

pg_backup.sh

@@ -11,17 +11,24 @@ function backup {
 
 function restore {
     cd /var/lib/postgresql/data/
+    restore_config(){
+        # Restore allowed connections
+        cat pg_hba.conf.bak > pg_hba.conf
+        su postgres -c 'pg_ctl reload'
+    }
     # Don't allow any other connections than local
     cp pg_hba.conf pg_hba.conf.bak
     echo "local all all trust" > pg_hba.conf
     su postgres -c 'pg_ctl reload'
+    trap restore_config EXIT INT TERM
+
     # Recreate Database
     psql -U ${POSTGRES_USER} -d postgres -c "DROP DATABASE ${POSTGRES_DB} WITH (FORCE);" 
     createdb -U ${POSTGRES_USER} ${POSTGRES_DB}
     psql -U ${POSTGRES_USER} -d ${POSTGRES_DB} -1 -f $BACKUP_FILE
-    # Restore allowed connections
-    cat pg_hba.conf.bak > pg_hba.conf
-    su postgres -c 'pg_ctl reload'
+
+    trap - EXIT INT TERM
+    restore_config
 }
 
 $@

release/3.0.0+6.5.0-34

@@ -0,0 +1,2 @@
+Breaking Change. You need to run the following command to change the elasticsearch volume permissions: 
+abra app cmd --local <APPDOMAIN> fix_permission