CTL_OVER_HTTP and containers frictionless #4340
Open
+917
−317
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
badlop
force-pushed
the
containers-frictionless
branch
from
ddb09e6 to
d1bede6
Compare
If the 'port' option is set to "unix:some-filename" without absolute path, then the file is created in the mnesia spool directory
This uses an HTTP connection to execute the command, which is way faster than starting an erlang node
This is useful for CTL_OVER_HTTP
Copy captcha scripts to stable path for referencing in compose files: /usr/local/bin/ which is included in $PATH For backwards compatibility with ecs, link: /opt/ -> /home/ /usr/local/bin/ -> /opt/ejabberd/bin/ Copy sql files to stable path for referencing: /opt/ejabberd/sql/ For backwards compatibility with ecs, copy also to /opt/ejabberd/database/ ecs image implemented this in ejabberdctl since 2019: edb0373fd0ae0b24807a41ba2c3bf04b5b514844 Keep SQL init scripts in container (#42)
In the docker-desktop and podman-desktop, when user clicks their "Open Browser" buttons, those apps open a browser with / URL and the lowest exposed port number.
Code written originally by sando38 for ecs's Dockerfile.
If password variable is set, register that account.
Example kubernetes yaml file in podman:
env:
- name: EJABBERD_MACRO_ADMIN
value: [email protected]
- name: REGISTER_ADMIN_PASSWORD
value: somePass0rd
If admin and password are not set,
grant admin rights only to a random account name.
Notice that admin rights are granted to that variable in the default
ejabberd.yml, so if the account is not created, somebody else could do.
The ejabberdctl script in ecs image sets mnesia spool dir as:
: "${SPOOL_DIR:="$HOME_DIR/database/$ERLANG_NODE"}"
Partially revert d15cf99: Container: Add METHOD to build container using packages (3983)
Without this, compiling Elixir on arm64 using QEMU fails with: <<"could not call Module.put_attribute/3 because the module ExUnit.DocTest is already compiled">> Solution found in: https://elixirforum.com/t/elixir-docker-image-wont-build-for-linux-arm64-v8-using-github-actions/56383/13
The expected placement of --auth is not arbitrary, it should be provided immediately before the command+args
The socket file is useless outside the container, and also database/ may get mounted as volume, and can't handle socket file
badlop
force-pushed
the
containers-frictionless
branch
from
d1bede6 to
28d0842
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR includes many commits related to two main features: CTL_OVER_HTTP and container images frictionless. Below is a description of all the relevant changes, suitable for the release notes.
This PR will soon be accompanied by the corresponding PR in docker-ejabberd, and the resulting changes in docs.git
ejabberd_listener: Add support for socket relative path
If the
portoption is set to"unix:directory/filename"without absolute path, then the directory and file are created in the mnesia spool directory.ejabberdctl: New option
CTL_OVER_HTTPThe
ejabberdctlscript is useful not only to start and stop ejabberd, it can also execute all the 180+ ejabberd API commands inside the running ejabberd node. For this, the script starts another erlang virtual machine and connects it to the already existing one that is running ejabberd.This connection method is acceptable for performing a few administrative tasks (reload configuration, register an account, etc). However, ejabberdctl is noticeably slow for performing multiple calls, for example to register 1000 accounts. In that case, it is preferable to send ReST queries over HTTP to mod_http_api.
And now ejabberdctl can do exactly this! ejabberdctl can be configured to use an HTTP connection to execute the command, which is way faster than starting an erlang node, around 20 times faster.
To enable this feature, first configure in
ejabberd.yml:Then enable CTL_OVER_HTTP in
ejabberdctl.cfg:Let's register 100 accounts using the standard method and CTL_OVER_HTTP:
This feature is enabled by default in the
ejabberdandecscontainer images.Container images: Reduce friction when moving from
ecstoejabberdSeveral improvements are added in the
ejabberdandecscontainer images to allow easier migration from one to the other.This also allows to use the same documentation file for both container images, as now there are very few usability differences between both images. Also, a new comparison table in that documentation describes all the differences between both images.
The improvements are:
ecsintoejabberdcontainer image, and viceversaejabberdcontainer image, as doesecs/usr/local/bin/for easy calling/opt/ejabberd/database/sql//opt/ejabberd/database/for backwards compatibility with ecsCONTAINER.mdnow documents both images, as there are few differences. Also includes a comparison tableContainer images: Use macros in default configuration
The default
ejabberd.ymlconfiguration file included in theejabberdandecscontainer images now uses macros for defining host, admin account and port numbers.This way you can overwrite any of them at starttime using environment variables:
Container images: Listen for WebAdmin in a port number lower than any other
The docker-desktop and podman-desktop applications show a button named "Open Browser". When the user clicks that button, it opens a web browser with / URL and the lowest exposed port number.
The default
ejabberd.ymlconfiguration file included in theejabberdandecscontainer images now listens in port number 1880, the lowest of all, so the "Open Browser" button will open directly the ejabberd WebAdmin site.ejabberdimage: Use again direct method to build imageDue to a bug in QEMU, in order to build the
ejabberdcontainer image for the arm64 architecture, we have been using a workaround that involves generating binary installers, this is explained in 3983.Fortunately, now that QEMU is fixed, the
ejabberdcontainer image for arm64 can be generated using QEMU again, so the workaround has been removed, this is explained in 4280.ejabberdimage:EJABBERD_MACRO_ADMINandREGISTER_ADMIN_PASSWORDIn
ejabberdcontainer image it is now possible to register an account, and grant it admin rights. If password variable is set, register that account.Example kubernetes yaml file in podman:
If the admin and password variables are not set, it grants admin rights only to a random account name. Notice that admin rights are granted to that variable in the default
ejabberd.yml, so if the account was not registered, somebody else could do it.Alternatively, this can be done with the existing CTL_ON_CREATE variable, and then you would need to modify
ejabberd.ymlaccordingly: